Mercurial > dropbear
comparison genrsa.c @ 910:89555751c489 asm
merge up to 2013.63, improve ASM makefile rules a bit
| author | Matt Johnston <matt@ucc.asn.au> |
|---|---|
| date | Thu, 27 Feb 2014 21:35:58 +0800 |
| parents | ae766a2c8fa7 |
| children | 750ec4ec4cbe |
comparison
equal
deleted
inserted
replaced
| 909:e4b75744acab | 910:89555751c489 |
|---|---|
| 23 * SOFTWARE. */ | 23 * SOFTWARE. */ |
| 24 | 24 |
| 25 #include "includes.h" | 25 #include "includes.h" |
| 26 #include "dbutil.h" | 26 #include "dbutil.h" |
| 27 #include "bignum.h" | 27 #include "bignum.h" |
| 28 #include "random.h" | 28 #include "dbrandom.h" |
| 29 #include "rsa.h" | 29 #include "rsa.h" |
| 30 #include "genrsa.h" | 30 #include "genrsa.h" |
| 31 | 31 |
| 32 #define RSA_E 65537 | 32 #define RSA_E 65537 |
| 33 | 33 |
| 34 #ifdef DROPBEAR_RSA | 34 #ifdef DROPBEAR_RSA |
| 35 | 35 |
| 36 static void getrsaprime(mp_int* prime, mp_int *primeminus, | 36 static void getrsaprime(mp_int* prime, mp_int *primeminus, |
| 37 mp_int* rsa_e, unsigned int size); | 37 mp_int* rsa_e, unsigned int size_bytes); |
| 38 | 38 |
| 39 /* mostly taken from libtomcrypt's rsa key generation routine */ | 39 /* mostly taken from libtomcrypt's rsa key generation routine */ |
| 40 dropbear_rsa_key * gen_rsa_priv_key(unsigned int size) { | 40 dropbear_rsa_key * gen_rsa_priv_key(unsigned int size) { |
| 41 | 41 |
| 42 dropbear_rsa_key * key; | 42 dropbear_rsa_key * key; |
| 43 DEF_MP_INT(pminus); | 43 DEF_MP_INT(pminus); |
| 44 DEF_MP_INT(qminus); | 44 DEF_MP_INT(qminus); |
| 45 DEF_MP_INT(lcm); | 45 DEF_MP_INT(lcm); |
| 46 | 46 |
| 47 if (size < 512 || size > 4096 || (size % 8 != 0)) { | |
| 48 dropbear_exit("Bits must satisfy 512 <= bits <= 4096, and be a" | |
| 49 " multiple of 8"); | |
| 50 } | |
| 51 | |
| 47 key = m_malloc(sizeof(*key)); | 52 key = m_malloc(sizeof(*key)); |
| 48 | 53 m_mp_alloc_init_multi(&key->e, &key->n, &key->d, &key->p, &key->q, NULL); |
| 49 key->e = (mp_int*)m_malloc(sizeof(mp_int)); | 54 m_mp_init_multi(&pminus, &lcm, &qminus, NULL); |
| 50 key->n = (mp_int*)m_malloc(sizeof(mp_int)); | |
| 51 key->d = (mp_int*)m_malloc(sizeof(mp_int)); | |
| 52 key->p = (mp_int*)m_malloc(sizeof(mp_int)); | |
| 53 key->q = (mp_int*)m_malloc(sizeof(mp_int)); | |
| 54 | |
| 55 m_mp_init_multi(key->e, key->n, key->d, key->p, key->q, | |
| 56 &pminus, &lcm, &qminus, NULL); | |
| 57 | |
| 58 seedrandom(); | |
| 59 | 55 |
| 60 if (mp_set_int(key->e, RSA_E) != MP_OKAY) { | 56 if (mp_set_int(key->e, RSA_E) != MP_OKAY) { |
| 61 fprintf(stderr, "RSA generation failed\n"); | 57 fprintf(stderr, "RSA generation failed\n"); |
| 62 exit(1); | 58 exit(1); |
| 63 } | 59 } |
| 64 | 60 |
| 65 getrsaprime(key->p, &pminus, key->e, size/2); | 61 while (1) { |
| 66 getrsaprime(key->q, &qminus, key->e, size/2); | 62 getrsaprime(key->p, &pminus, key->e, size/16); |
| 63 getrsaprime(key->q, &qminus, key->e, size/16); | |
| 67 | 64 |
| 68 if (mp_mul(key->p, key->q, key->n) != MP_OKAY) { | 65 if (mp_mul(key->p, key->q, key->n) != MP_OKAY) { |
| 69 fprintf(stderr, "RSA generation failed\n"); | 66 fprintf(stderr, "RSA generation failed\n"); |
| 70 exit(1); | 67 exit(1); |
| 68 } | |
| 69 | |
| 70 if ((unsigned int)mp_count_bits(key->n) == size) { | |
| 71 break; | |
| 72 } | |
| 71 } | 73 } |
| 72 | 74 |
| 73 /* lcm(p-1, q-1) */ | 75 /* lcm(p-1, q-1) */ |
| 74 if (mp_lcm(&pminus, &qminus, &lcm) != MP_OKAY) { | 76 if (mp_lcm(&pminus, &qminus, &lcm) != MP_OKAY) { |
| 75 fprintf(stderr, "RSA generation failed\n"); | 77 fprintf(stderr, "RSA generation failed\n"); |
| 88 return key; | 90 return key; |
| 89 } | 91 } |
| 90 | 92 |
| 91 /* return a prime suitable for p or q */ | 93 /* return a prime suitable for p or q */ |
| 92 static void getrsaprime(mp_int* prime, mp_int *primeminus, | 94 static void getrsaprime(mp_int* prime, mp_int *primeminus, |
| 93 mp_int* rsa_e, unsigned int size) { | 95 mp_int* rsa_e, unsigned int size_bytes) { |
| 94 | 96 |
| 95 unsigned char *buf; | 97 unsigned char *buf; |
| 96 DEF_MP_INT(temp_gcd); | 98 DEF_MP_INT(temp_gcd); |
| 97 | 99 |
| 98 buf = (unsigned char*)m_malloc(size+1); | 100 buf = (unsigned char*)m_malloc(size_bytes); |
| 99 | 101 |
| 100 m_mp_init(&temp_gcd); | 102 m_mp_init(&temp_gcd); |
| 101 do { | 103 do { |
| 102 /* generate a random odd number with MSB set, then find the | 104 /* generate a random odd number with MSB set, then find the |
| 103 the next prime above it */ | 105 the next prime above it */ |
| 104 genrandom(buf, size+1); | 106 genrandom(buf, size_bytes); |
| 105 buf[0] |= 0x80; /* MSB set */ | 107 buf[0] |= 0x80; |
| 106 | 108 |
| 107 bytes_to_mp(prime, buf, size+1); | 109 bytes_to_mp(prime, buf, size_bytes); |
| 108 | 110 |
| 109 /* find the next integer which is prime, 8 round of miller-rabin */ | 111 /* find the next integer which is prime, 8 round of miller-rabin */ |
| 110 if (mp_prime_next_prime(prime, 8, 0) != MP_OKAY) { | 112 if (mp_prime_next_prime(prime, 8, 0) != MP_OKAY) { |
| 111 fprintf(stderr, "RSA generation failed\n"); | 113 fprintf(stderr, "RSA generation failed\n"); |
| 112 exit(1); | 114 exit(1); |
| 124 } | 126 } |
| 125 } while (mp_cmp_d(&temp_gcd, 1) != MP_EQ); /* while gcd(p-1, e) != 1 */ | 127 } while (mp_cmp_d(&temp_gcd, 1) != MP_EQ); /* while gcd(p-1, e) != 1 */ |
| 126 | 128 |
| 127 /* now we have a good value for result */ | 129 /* now we have a good value for result */ |
| 128 mp_clear(&temp_gcd); | 130 mp_clear(&temp_gcd); |
| 129 m_burn(buf, size+1); | 131 m_burn(buf, size_bytes); |
| 130 m_free(buf); | 132 m_free(buf); |
| 131 } | 133 } |
| 132 | 134 |
| 133 #endif /* DROPBEAR_RSA */ | 135 #endif /* DROPBEAR_RSA */ |