diff options
Diffstat (limited to 'src/lib/libssl/src/fips/rsa/fips_rsa_x931g.c')
-rw-r--r-- | src/lib/libssl/src/fips/rsa/fips_rsa_x931g.c | 280 |
1 files changed, 0 insertions, 280 deletions
diff --git a/src/lib/libssl/src/fips/rsa/fips_rsa_x931g.c b/src/lib/libssl/src/fips/rsa/fips_rsa_x931g.c deleted file mode 100644 index d9f9a81235..0000000000 --- a/src/lib/libssl/src/fips/rsa/fips_rsa_x931g.c +++ /dev/null | |||
@@ -1,280 +0,0 @@ | |||
1 | /* crypto/rsa/rsa_gen.c */ | ||
2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | ||
3 | * All rights reserved. | ||
4 | * | ||
5 | * This package is an SSL implementation written | ||
6 | * by Eric Young (eay@cryptsoft.com). | ||
7 | * The implementation was written so as to conform with Netscapes SSL. | ||
8 | * | ||
9 | * This library is free for commercial and non-commercial use as long as | ||
10 | * the following conditions are aheared to. The following conditions | ||
11 | * apply to all code found in this distribution, be it the RC4, RSA, | ||
12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | ||
13 | * included with this distribution is covered by the same copyright terms | ||
14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). | ||
15 | * | ||
16 | * Copyright remains Eric Young's, and as such any Copyright notices in | ||
17 | * the code are not to be removed. | ||
18 | * If this package is used in a product, Eric Young should be given attribution | ||
19 | * as the author of the parts of the library used. | ||
20 | * This can be in the form of a textual message at program startup or | ||
21 | * in documentation (online or textual) provided with the package. | ||
22 | * | ||
23 | * Redistribution and use in source and binary forms, with or without | ||
24 | * modification, are permitted provided that the following conditions | ||
25 | * are met: | ||
26 | * 1. Redistributions of source code must retain the copyright | ||
27 | * notice, this list of conditions and the following disclaimer. | ||
28 | * 2. Redistributions in binary form must reproduce the above copyright | ||
29 | * notice, this list of conditions and the following disclaimer in the | ||
30 | * documentation and/or other materials provided with the distribution. | ||
31 | * 3. All advertising materials mentioning features or use of this software | ||
32 | * must display the following acknowledgement: | ||
33 | * "This product includes cryptographic software written by | ||
34 | * Eric Young (eay@cryptsoft.com)" | ||
35 | * The word 'cryptographic' can be left out if the rouines from the library | ||
36 | * being used are not cryptographic related :-). | ||
37 | * 4. If you include any Windows specific code (or a derivative thereof) from | ||
38 | * the apps directory (application code) you must include an acknowledgement: | ||
39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | ||
40 | * | ||
41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | ||
42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | ||
44 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | ||
45 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | ||
46 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | ||
47 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | ||
49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | ||
50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | ||
51 | * SUCH DAMAGE. | ||
52 | * | ||
53 | * The licence and distribution terms for any publically available version or | ||
54 | * derivative of this code cannot be changed. i.e. this code cannot simply be | ||
55 | * copied and put under another distribution licence | ||
56 | * [including the GNU Public Licence.] | ||
57 | */ | ||
58 | |||
59 | #include <stdio.h> | ||
60 | #include <string.h> | ||
61 | #include <time.h> | ||
62 | #include <openssl/err.h> | ||
63 | #include <openssl/bn.h> | ||
64 | #include <openssl/rsa.h> | ||
65 | #include <openssl/fips.h> | ||
66 | |||
67 | #ifdef OPENSSL_FIPS | ||
68 | |||
69 | extern int fips_check_rsa(RSA *rsa); | ||
70 | |||
71 | |||
72 | /* X9.31 RSA key derivation and generation */ | ||
73 | |||
74 | int RSA_X931_derive_ex(RSA *rsa, BIGNUM *p1, BIGNUM *p2, BIGNUM *q1, BIGNUM *q2, | ||
75 | const BIGNUM *Xp1, const BIGNUM *Xp2, const BIGNUM *Xp, | ||
76 | const BIGNUM *Xq1, const BIGNUM *Xq2, const BIGNUM *Xq, | ||
77 | const BIGNUM *e, BN_GENCB *cb) | ||
78 | { | ||
79 | BIGNUM *r0=NULL,*r1=NULL,*r2=NULL,*r3=NULL; | ||
80 | BN_CTX *ctx=NULL,*ctx2=NULL; | ||
81 | |||
82 | if (!rsa) | ||
83 | goto err; | ||
84 | |||
85 | ctx = BN_CTX_new(); | ||
86 | BN_CTX_start(ctx); | ||
87 | if (!ctx) | ||
88 | goto err; | ||
89 | |||
90 | r0 = BN_CTX_get(ctx); | ||
91 | r1 = BN_CTX_get(ctx); | ||
92 | r2 = BN_CTX_get(ctx); | ||
93 | r3 = BN_CTX_get(ctx); | ||
94 | |||
95 | if (r3 == NULL) | ||
96 | goto err; | ||
97 | if (!rsa->e) | ||
98 | { | ||
99 | rsa->e = BN_dup(e); | ||
100 | if (!rsa->e) | ||
101 | goto err; | ||
102 | } | ||
103 | else | ||
104 | e = rsa->e; | ||
105 | |||
106 | /* If not all parameters present only calculate what we can. | ||
107 | * This allows test programs to output selective parameters. | ||
108 | */ | ||
109 | |||
110 | if (Xp && !rsa->p) | ||
111 | { | ||
112 | rsa->p = BN_new(); | ||
113 | if (!rsa->p) | ||
114 | goto err; | ||
115 | |||
116 | if (!BN_X931_derive_prime_ex(rsa->p, p1, p2, | ||
117 | Xp, Xp1, Xp2, e, ctx, cb)) | ||
118 | goto err; | ||
119 | } | ||
120 | |||
121 | if (Xq && !rsa->q) | ||
122 | { | ||
123 | rsa->q = BN_new(); | ||
124 | if (!rsa->q) | ||
125 | goto err; | ||
126 | if (!BN_X931_derive_prime_ex(rsa->q, q1, q2, | ||
127 | Xq, Xq1, Xq2, e, ctx, cb)) | ||
128 | goto err; | ||
129 | } | ||
130 | |||
131 | if (!rsa->p || !rsa->q) | ||
132 | { | ||
133 | BN_CTX_end(ctx); | ||
134 | BN_CTX_free(ctx); | ||
135 | return 2; | ||
136 | } | ||
137 | |||
138 | /* Since both primes are set we can now calculate all remaining | ||
139 | * components. | ||
140 | */ | ||
141 | |||
142 | /* calculate n */ | ||
143 | rsa->n=BN_new(); | ||
144 | if (rsa->n == NULL) | ||
145 | goto err; | ||
146 | if (!BN_mul(rsa->n,rsa->p,rsa->q,ctx)) | ||
147 | goto err; | ||
148 | |||
149 | /* calculate d */ | ||
150 | if (!BN_sub(r1,rsa->p,BN_value_one())) | ||
151 | goto err; /* p-1 */ | ||
152 | if (!BN_sub(r2,rsa->q,BN_value_one())) | ||
153 | goto err; /* q-1 */ | ||
154 | if (!BN_mul(r0,r1,r2,ctx)) | ||
155 | goto err; /* (p-1)(q-1) */ | ||
156 | |||
157 | if (!BN_gcd(r3, r1, r2, ctx)) | ||
158 | goto err; | ||
159 | |||
160 | if (!BN_div(r0, NULL, r0, r3, ctx)) | ||
161 | goto err; /* LCM((p-1)(q-1)) */ | ||
162 | |||
163 | ctx2 = BN_CTX_new(); | ||
164 | if (!ctx2) | ||
165 | goto err; | ||
166 | |||
167 | rsa->d=BN_mod_inverse(NULL,rsa->e,r0,ctx2); /* d */ | ||
168 | if (rsa->d == NULL) | ||
169 | goto err; | ||
170 | |||
171 | /* calculate d mod (p-1) */ | ||
172 | rsa->dmp1=BN_new(); | ||
173 | if (rsa->dmp1 == NULL) | ||
174 | goto err; | ||
175 | if (!BN_mod(rsa->dmp1,rsa->d,r1,ctx)) | ||
176 | goto err; | ||
177 | |||
178 | /* calculate d mod (q-1) */ | ||
179 | rsa->dmq1=BN_new(); | ||
180 | if (rsa->dmq1 == NULL) | ||
181 | goto err; | ||
182 | if (!BN_mod(rsa->dmq1,rsa->d,r2,ctx)) | ||
183 | goto err; | ||
184 | |||
185 | /* calculate inverse of q mod p */ | ||
186 | rsa->iqmp=BN_mod_inverse(NULL,rsa->q,rsa->p,ctx2); | ||
187 | |||
188 | err: | ||
189 | if (ctx) | ||
190 | { | ||
191 | BN_CTX_end(ctx); | ||
192 | BN_CTX_free(ctx); | ||
193 | } | ||
194 | if (ctx2) | ||
195 | BN_CTX_free(ctx2); | ||
196 | /* If this is set all calls successful */ | ||
197 | if (rsa->iqmp != NULL) | ||
198 | return 1; | ||
199 | |||
200 | return 0; | ||
201 | |||
202 | } | ||
203 | |||
204 | int RSA_X931_generate_key_ex(RSA *rsa, int bits, const BIGNUM *e, BN_GENCB *cb) | ||
205 | { | ||
206 | int ok = 0; | ||
207 | BIGNUM *Xp = NULL, *Xq = NULL; | ||
208 | BN_CTX *ctx = NULL; | ||
209 | |||
210 | if (bits < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS) | ||
211 | { | ||
212 | FIPSerr(FIPS_F_RSA_X931_GENERATE_KEY_EX,FIPS_R_KEY_TOO_SHORT); | ||
213 | return 0; | ||
214 | } | ||
215 | |||
216 | if (bits & 0xff) | ||
217 | { | ||
218 | FIPSerr(FIPS_F_RSA_X931_GENERATE_KEY_EX,FIPS_R_INVALID_KEY_LENGTH); | ||
219 | return 0; | ||
220 | } | ||
221 | |||
222 | if(FIPS_selftest_failed()) | ||
223 | { | ||
224 | FIPSerr(FIPS_F_RSA_X931_GENERATE_KEY_EX,FIPS_R_FIPS_SELFTEST_FAILED); | ||
225 | return 0; | ||
226 | } | ||
227 | |||
228 | ctx = BN_CTX_new(); | ||
229 | if (!ctx) | ||
230 | goto error; | ||
231 | |||
232 | BN_CTX_start(ctx); | ||
233 | Xp = BN_CTX_get(ctx); | ||
234 | Xq = BN_CTX_get(ctx); | ||
235 | if (!BN_X931_generate_Xpq(Xp, Xq, bits, ctx)) | ||
236 | goto error; | ||
237 | |||
238 | rsa->p = BN_new(); | ||
239 | rsa->q = BN_new(); | ||
240 | if (!rsa->p || !rsa->q) | ||
241 | goto error; | ||
242 | |||
243 | /* Generate two primes from Xp, Xq */ | ||
244 | |||
245 | if (!BN_X931_generate_prime_ex(rsa->p, NULL, NULL, NULL, NULL, Xp, | ||
246 | e, ctx, cb)) | ||
247 | goto error; | ||
248 | |||
249 | if (!BN_X931_generate_prime_ex(rsa->q, NULL, NULL, NULL, NULL, Xq, | ||
250 | e, ctx, cb)) | ||
251 | goto error; | ||
252 | |||
253 | /* Since rsa->p and rsa->q are valid this call will just derive | ||
254 | * remaining RSA components. | ||
255 | */ | ||
256 | |||
257 | if (!RSA_X931_derive_ex(rsa, NULL, NULL, NULL, NULL, | ||
258 | NULL, NULL, NULL, NULL, NULL, NULL, e, cb)) | ||
259 | goto error; | ||
260 | |||
261 | if(!fips_check_rsa(rsa)) | ||
262 | goto error; | ||
263 | |||
264 | ok = 1; | ||
265 | |||
266 | error: | ||
267 | if (ctx) | ||
268 | { | ||
269 | BN_CTX_end(ctx); | ||
270 | BN_CTX_free(ctx); | ||
271 | } | ||
272 | |||
273 | if (ok) | ||
274 | return 1; | ||
275 | |||
276 | return 0; | ||
277 | |||
278 | } | ||
279 | |||
280 | #endif | ||