1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/os/ossrv/ssl/libcrypto/src/crypto/rsa/rsa_chk.c Fri Jun 15 03:10:57 2012 +0200
1.3 @@ -0,0 +1,184 @@
1.4 +/* crypto/rsa/rsa_chk.c -*- Mode: C; c-file-style: "eay" -*- */
1.5 +/* ====================================================================
1.6 + * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
1.7 + *
1.8 + * Redistribution and use in source and binary forms, with or without
1.9 + * modification, are permitted provided that the following conditions
1.10 + * are met:
1.11 + *
1.12 + * 1. Redistributions of source code must retain the above copyright
1.13 + * notice, this list of conditions and the following disclaimer.
1.14 + *
1.15 + * 2. Redistributions in binary form must reproduce the above copyright
1.16 + * notice, this list of conditions and the following disclaimer in
1.17 + * the documentation and/or other materials provided with the
1.18 + * distribution.
1.19 + *
1.20 + * 3. All advertising materials mentioning features or use of this
1.21 + * software must display the following acknowledgment:
1.22 + * "This product includes software developed by the OpenSSL Project
1.23 + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
1.24 + *
1.25 + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
1.26 + * endorse or promote products derived from this software without
1.27 + * prior written permission. For written permission, please contact
1.28 + * openssl-core@OpenSSL.org.
1.29 + *
1.30 + * 5. Products derived from this software may not be called "OpenSSL"
1.31 + * nor may "OpenSSL" appear in their names without prior written
1.32 + * permission of the OpenSSL Project.
1.33 + *
1.34 + * 6. Redistributions of any form whatsoever must retain the following
1.35 + * acknowledgment:
1.36 + * "This product includes software developed by the OpenSSL Project
1.37 + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
1.38 + *
1.39 + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
1.40 + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
1.41 + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
1.42 + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
1.43 + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
1.44 + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
1.45 + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
1.46 + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
1.47 + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
1.48 + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
1.49 + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
1.50 + * OF THE POSSIBILITY OF SUCH DAMAGE.
1.51 + * ====================================================================
1.52 + */
1.53 +
1.54 +#include <openssl/bn.h>
1.55 +#include <openssl/err.h>
1.56 +#include <openssl/rsa.h>
1.57 +
1.58 +
1.59 +EXPORT_C int RSA_check_key(const RSA *key)
1.60 + {
1.61 + BIGNUM *i, *j, *k, *l, *m;
1.62 + BN_CTX *ctx;
1.63 + int r;
1.64 + int ret=1;
1.65 +
1.66 + i = BN_new();
1.67 + j = BN_new();
1.68 + k = BN_new();
1.69 + l = BN_new();
1.70 + m = BN_new();
1.71 + ctx = BN_CTX_new();
1.72 + if (i == NULL || j == NULL || k == NULL || l == NULL ||
1.73 + m == NULL || ctx == NULL)
1.74 + {
1.75 + ret = -1;
1.76 + RSAerr(RSA_F_RSA_CHECK_KEY, ERR_R_MALLOC_FAILURE);
1.77 + goto err;
1.78 + }
1.79 +
1.80 + /* p prime? */
1.81 + r = BN_is_prime_ex(key->p, BN_prime_checks, NULL, NULL);
1.82 + if (r != 1)
1.83 + {
1.84 + ret = r;
1.85 + if (r != 0)
1.86 + goto err;
1.87 + RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_P_NOT_PRIME);
1.88 + }
1.89 +
1.90 + /* q prime? */
1.91 + r = BN_is_prime_ex(key->q, BN_prime_checks, NULL, NULL);
1.92 + if (r != 1)
1.93 + {
1.94 + ret = r;
1.95 + if (r != 0)
1.96 + goto err;
1.97 + RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_Q_NOT_PRIME);
1.98 + }
1.99 +
1.100 + /* n = p*q? */
1.101 + r = BN_mul(i, key->p, key->q, ctx);
1.102 + if (!r) { ret = -1; goto err; }
1.103 +
1.104 + if (BN_cmp(i, key->n) != 0)
1.105 + {
1.106 + ret = 0;
1.107 + RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_N_DOES_NOT_EQUAL_P_Q);
1.108 + }
1.109 +
1.110 + /* d*e = 1 mod lcm(p-1,q-1)? */
1.111 +
1.112 + r = BN_sub(i, key->p, BN_value_one());
1.113 + if (!r) { ret = -1; goto err; }
1.114 + r = BN_sub(j, key->q, BN_value_one());
1.115 + if (!r) { ret = -1; goto err; }
1.116 +
1.117 + /* now compute k = lcm(i,j) */
1.118 + r = BN_mul(l, i, j, ctx);
1.119 + if (!r) { ret = -1; goto err; }
1.120 + r = BN_gcd(m, i, j, ctx);
1.121 + if (!r) { ret = -1; goto err; }
1.122 + r = BN_div(k, NULL, l, m, ctx); /* remainder is 0 */
1.123 + if (!r) { ret = -1; goto err; }
1.124 +
1.125 + r = BN_mod_mul(i, key->d, key->e, k, ctx);
1.126 + if (!r) { ret = -1; goto err; }
1.127 +
1.128 + if (!BN_is_one(i))
1.129 + {
1.130 + ret = 0;
1.131 + RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_D_E_NOT_CONGRUENT_TO_1);
1.132 + }
1.133 +
1.134 + if (key->dmp1 != NULL && key->dmq1 != NULL && key->iqmp != NULL)
1.135 + {
1.136 + /* dmp1 = d mod (p-1)? */
1.137 + r = BN_sub(i, key->p, BN_value_one());
1.138 + if (!r) { ret = -1; goto err; }
1.139 +
1.140 + r = BN_mod(j, key->d, i, ctx);
1.141 + if (!r) { ret = -1; goto err; }
1.142 +
1.143 + if (BN_cmp(j, key->dmp1) != 0)
1.144 + {
1.145 + ret = 0;
1.146 + RSAerr(RSA_F_RSA_CHECK_KEY,
1.147 + RSA_R_DMP1_NOT_CONGRUENT_TO_D);
1.148 + }
1.149 +
1.150 + /* dmq1 = d mod (q-1)? */
1.151 + r = BN_sub(i, key->q, BN_value_one());
1.152 + if (!r) { ret = -1; goto err; }
1.153 +
1.154 + r = BN_mod(j, key->d, i, ctx);
1.155 + if (!r) { ret = -1; goto err; }
1.156 +
1.157 + if (BN_cmp(j, key->dmq1) != 0)
1.158 + {
1.159 + ret = 0;
1.160 + RSAerr(RSA_F_RSA_CHECK_KEY,
1.161 + RSA_R_DMQ1_NOT_CONGRUENT_TO_D);
1.162 + }
1.163 +
1.164 + /* iqmp = q^-1 mod p? */
1.165 + if(!BN_mod_inverse(i, key->q, key->p, ctx))
1.166 + {
1.167 + ret = -1;
1.168 + goto err;
1.169 + }
1.170 +
1.171 + if (BN_cmp(i, key->iqmp) != 0)
1.172 + {
1.173 + ret = 0;
1.174 + RSAerr(RSA_F_RSA_CHECK_KEY,
1.175 + RSA_R_IQMP_NOT_INVERSE_OF_Q);
1.176 + }
1.177 + }
1.178 +
1.179 + err:
1.180 + if (i != NULL) BN_free(i);
1.181 + if (j != NULL) BN_free(j);
1.182 + if (k != NULL) BN_free(k);
1.183 + if (l != NULL) BN_free(l);
1.184 + if (m != NULL) BN_free(m);
1.185 + if (ctx != NULL) BN_CTX_free(ctx);
1.186 + return (ret);
1.187 + }