/* modulus_size in bits */
int wc_MakeDsaParameters(WC_RNG *rng, int modulus_size, DsaKey *dsa)
{
mp_int tmp, tmp2;
int err, msize, qsize,
loop_check_prime = 0,
check_prime = MP_NO;
unsigned char *buf;
if (rng == NULL || dsa == NULL)
return BAD_FUNC_ARG;
/* set group size in bytes from modulus size
* FIPS 186-4 defines valid values (1024, 160) (2048, 256) (3072, 256)
*/
switch (modulus_size) {
case 1024:
qsize = 20;
break;
case 2048:
case 3072:
qsize = 32;
break;
default:
return BAD_FUNC_ARG;
break;
}
/* modulus size in bytes */
msize = modulus_size / 8;
/* allocate ram */
buf = (unsigned char *)XMALLOC(msize - qsize,
NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (buf == NULL) {
return MEMORY_E;
}
/* make a random string that will be multplied against q */
err = wc_RNG_GenerateBlock(rng, buf, msize - qsize);
if (err != MP_OKAY) {
XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
return err;
}
/* force magnitude */
buf[0] |= 0xC0;
/* force even */
buf[msize - qsize - 1] &= ~1;
if (mp_init_multi(&tmp2, &dsa->p, &dsa->q, 0, 0, 0) != MP_OKAY) {
mp_clear(&dsa->q);
XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
return MP_INIT_E;
}
err = mp_read_unsigned_bin(&tmp2, buf, msize - qsize);
if (err != MP_OKAY) {
mp_clear(&dsa->q);
mp_clear(&dsa->p);
mp_clear(&tmp2);
XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
return err;
}
XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
/* make our prime q */
err = mp_rand_prime(&dsa->q, qsize, rng, NULL);
if (err != MP_OKAY) {
mp_clear(&dsa->q);
mp_clear(&dsa->p);
mp_clear(&tmp2);
return err;
}
/* p = random * q */
err = mp_mul(&dsa->q, &tmp2, &dsa->p);
if (err != MP_OKAY) {
mp_clear(&dsa->q);
mp_clear(&dsa->p);
mp_clear(&tmp2);
return err;
}
/* p = random * q + 1, so q is a prime divisor of p-1 */
err = mp_add_d(&dsa->p, 1, &dsa->p);
if (err != MP_OKAY) {
mp_clear(&dsa->q);
mp_clear(&dsa->p);
mp_clear(&tmp2);
return err;
}
if (mp_init(&tmp) != MP_OKAY) {
mp_clear(&dsa->q);
mp_clear(&dsa->p);
mp_clear(&tmp2);
return MP_INIT_E;
}
/* tmp = 2q */
err = mp_add(&dsa->q, &dsa->q, &tmp);
if (err != MP_OKAY) {
mp_clear(&dsa->q);
mp_clear(&dsa->p);
mp_clear(&tmp);
mp_clear(&tmp2);
return err;
}
/* loop until p is prime */
while (check_prime == MP_NO) {
err = mp_prime_is_prime(&dsa->p, 8, &check_prime);
if (err != MP_OKAY) {
mp_clear(&dsa->q);
mp_clear(&dsa->p);
mp_clear(&tmp);
mp_clear(&tmp2);
return err;
}
if (check_prime != MP_YES) {
/* p += 2q */
err = mp_add(&tmp, &dsa->p, &dsa->p);
if (err != MP_OKAY) {
mp_clear(&dsa->q);
mp_clear(&dsa->p);
mp_clear(&tmp);
mp_clear(&tmp2);
return err;
}
loop_check_prime++;
}
}
/* tmp2 += (2*loop_check_prime)
* to have p = (q * tmp2) + 1 prime
*/
if (loop_check_prime) {
err = mp_add_d(&tmp2, 2*loop_check_prime, &tmp2);
if (err != MP_OKAY) {
mp_clear(&dsa->q);
mp_clear(&dsa->p);
mp_clear(&tmp);
mp_clear(&tmp2);
return err;
}
}
if (mp_init(&dsa->g) != MP_OKAY) {
mp_clear(&dsa->q);
mp_clear(&dsa->p);
mp_clear(&tmp);
mp_clear(&tmp2);
return MP_INIT_E;
}
/* find a value g for which g^tmp2 != 1 */
mp_set(&dsa->g, 1);
do {
err = mp_add_d(&dsa->g, 1, &dsa->g);
if (err != MP_OKAY) {
mp_clear(&dsa->q);
mp_clear(&dsa->p);
mp_clear(&dsa->g);
mp_clear(&tmp);
mp_clear(&tmp2);
return err;
}
err = mp_exptmod(&dsa->g, &tmp2, &dsa->p, &tmp);
if (err != MP_OKAY) {
mp_clear(&dsa->q);
mp_clear(&dsa->p);
mp_clear(&dsa->g);
mp_clear(&tmp);
mp_clear(&tmp2);
return err;
}
} while (mp_cmp_d(&tmp, 1) == MP_EQ);
/* at this point tmp generates a group of order q mod p */
mp_exch(&tmp, &dsa->g);
mp_clear(&tmp);
mp_clear(&tmp2);
return MP_OKAY;
}
/* Make an RSA key for size bits, with e specified, 65537 is a good e */
int wc_MakeRsaKey(RsaKey* key, int size, long e, WC_RNG* rng)
{
mp_int p, q, tmp1, tmp2, tmp3;
int err;
if (key == NULL || rng == NULL)
return BAD_FUNC_ARG;
if (size < RSA_MIN_SIZE || size > RSA_MAX_SIZE)
return BAD_FUNC_ARG;
if (e < 3 || (e & 1) == 0)
return BAD_FUNC_ARG;
if ((err = mp_init_multi(&p, &q, &tmp1, &tmp2, &tmp3, NULL)) != MP_OKAY)
return err;
err = mp_set_int(&tmp3, e);
/* make p */
if (err == MP_OKAY) {
do {
err = mp_rand_prime(&p, size/16, rng, key->heap); /* size in bytes/2 */
if (err == MP_OKAY)
err = mp_sub_d(&p, 1, &tmp1); /* tmp1 = p-1 */
if (err == MP_OKAY)
err = mp_gcd(&tmp1, &tmp3, &tmp2); /* tmp2 = gcd(p-1, e) */
} while (err == MP_OKAY && mp_cmp_d(&tmp2, 1) != 0); /* e divdes p-1 */
}
/* make q */
if (err == MP_OKAY) {
do {
err = mp_rand_prime(&q, size/16, rng, key->heap); /* size in bytes/2 */
if (err == MP_OKAY)
err = mp_sub_d(&q, 1, &tmp1); /* tmp1 = q-1 */
if (err == MP_OKAY)
err = mp_gcd(&tmp1, &tmp3, &tmp2); /* tmp2 = gcd(q-1, e) */
} while (err == MP_OKAY && mp_cmp_d(&tmp2, 1) != 0); /* e divdes q-1 */
}
if (err == MP_OKAY)
err = mp_init_multi(&key->n, &key->e, &key->d, &key->p, &key->q, NULL);
if (err == MP_OKAY)
err = mp_init_multi(&key->dP, &key->dQ, &key->u, NULL, NULL, NULL);
if (err == MP_OKAY)
err = mp_sub_d(&p, 1, &tmp2); /* tmp2 = p-1 */
if (err == MP_OKAY)
err = mp_lcm(&tmp1, &tmp2, &tmp1); /* tmp1 = lcm(p-1, q-1),last loop */
/* make key */
if (err == MP_OKAY)
err = mp_set_int(&key->e, e); /* key->e = e */
if (err == MP_OKAY) /* key->d = 1/e mod lcm(p-1, q-1) */
err = mp_invmod(&key->e, &tmp1, &key->d);
if (err == MP_OKAY)
err = mp_mul(&p, &q, &key->n); /* key->n = pq */
if (err == MP_OKAY)
err = mp_sub_d(&p, 1, &tmp1);
if (err == MP_OKAY)
err = mp_sub_d(&q, 1, &tmp2);
if (err == MP_OKAY)
err = mp_mod(&key->d, &tmp1, &key->dP);
if (err == MP_OKAY)
err = mp_mod(&key->d, &tmp2, &key->dQ);
if (err == MP_OKAY)
err = mp_invmod(&q, &p, &key->u);
if (err == MP_OKAY)
err = mp_copy(&p, &key->p);
if (err == MP_OKAY)
err = mp_copy(&q, &key->q);
if (err == MP_OKAY)
key->type = RSA_PRIVATE;
mp_clear(&tmp3);
mp_clear(&tmp2);
mp_clear(&tmp1);
mp_clear(&q);
mp_clear(&p);
if (err != MP_OKAY) {
wc_FreeRsaKey(key);
return err;
}
return 0;
}
