19 #if defined( USE_DH ) || defined( USE_DSA ) || defined( USE_ELGAMAL )
30 static
int enableSidechannelProtection(
INOUT PKC_INFO *pkcInfo,
33 assert(
isWritePtr( pkcInfo,
sizeof( PKC_INFO ) ) );
44 ( void ) calculateBignumChecksum( pkcInfo, cryptAlgo );
129 const int primeBits )
138 value = M * primeBits / 256 - M * TX / 256 + TY;
142 value = TY - ( ( M * AD + AN * TX / 256 ) * TX - \
143 ( ( 256 * M * AD + AN * 2 * TX - AN * primeBits ) / 256 ) * \
144 primeBits ) / ( AD * 256 );
146 ENSURES( value >= 160 && value < 1000 );
158 if( primeBits <= 1028 )
161 return( (
int ) value );
194 #define MAX_NO_FACTORS ( ( bytesToBits( CRYPT_MAX_PKCSIZE ) / 160 ) + 1 )
207 #define MAX_NO_PRIMES 128
217 static
int findGeneratorForPQ(
INOUT PKC_INFO *pkcInfo )
219 BIGNUM *
p = &pkcInfo->dlpParam_p, *q = &pkcInfo->dlpParam_q;
220 BIGNUM *g = &pkcInfo->dlpParam_g;
221 BIGNUM *j = &pkcInfo->tmp1, *gCounter = &pkcInfo->tmp2;
222 int bnStatus =
BN_STATUS, iterationCount;
224 assert(
isWritePtr( pkcInfo,
sizeof( PKC_INFO ) ) );
228 CK(
BN_div( j, NULL, p, q, pkcInfo->bnCTX ) );
251 ENSURES( iterationCount < FAILSAFE_ITERATIONS_MED );
261 static
int generateDLPPublicValues(
INOUT PKC_INFO *pkcInfo,
265 const int safeExpSizeBits = getDLPexpSize( pBits );
267 const int qBits = safeExpSizeBits;
268 BIGNUM llPrimes[ MAX_NO_PRIMES + 8 ], llProducts[ MAX_NO_FACTORS + 8 ];
269 BIGNUM *p = &pkcInfo->dlpParam_p, *q = &pkcInfo->dlpParam_q;
271 int indices[ MAX_NO_FACTORS + 8 ];
272 int nPrimes, nFactors, factorBits, i, iterationCount;
275 assert(
isWritePtr( pkcInfo,
sizeof( PKC_INFO ) ) );
277 getDLPexpSize( 512 ) == 160 );
279 getDLPexpSize( 1024 ) == 160 );
283 getDLPexpSize( 1030 ) == 168 );
285 getDLPexpSize( 1536 ) == 198 );
286 assert( getDLPexpSize( 2048 ) == 225 );
287 assert( getDLPexpSize( 3072 ) == 270 );
288 assert( getDLPexpSize( 4096 ) == 305 );
292 REQUIRES( qBits >= 160 && qBits <= pBits && \
294 REQUIRES( safeExpSizeBits >= 160 && safeExpSizeBits < 512 );
298 factorBits = ( pBits - qBits ) - 1;
299 nFactors = nPrimes = ( factorBits / safeExpSizeBits ) + 1;
300 factorBits /= nFactors;
303 nFactors > 0 && nFactors <= MAX_NO_FACTORS && \
304 nPrimes > 0 && nPrimes <= MAX_NO_PRIMES );
308 status = generatePrime( pkcInfo, q, qBits,
CRYPT_UNUSED );
317 memset( llProducts, 0, MAX_NO_FACTORS *
sizeof(
BIGNUM ) );
318 for( i = 0; i < MAX_NO_FACTORS; i++ )
320 memset( llPrimes, 0, MAX_NO_PRIMES *
sizeof(
BIGNUM ) );
321 for( i = 0; i < MAX_NO_PRIMES; i++ )
323 for( i = 0; i < nFactors; i++ )
325 status = generatePrime( pkcInfo, &llPrimes[ i ], factorBits,
331 for( primeFound =
FALSE, iterationCount = 0;
335 int indexMoved, innerIterationCount;
340 indices[ nFactors - 1 ] = nPrimes - 1;
341 for( i = nFactors - 2; i >= 0; i-- )
342 indices[ i ] = indices[ i + 1 ] - 1;
343 CK(
BN_mul( &llProducts[ nFactors - 1 ], q, &llPrimes[ nPrimes - 1 ],
350 indexMoved = nFactors - 2;
354 for( innerIterationCount = 0;
355 indices[ nFactors - 1 ] > 0 && \
356 innerIterationCount < ( FAILSAFE_ITERATIONS_LARGE * 10 );
357 innerIterationCount++ )
361 for( i = indexMoved;
bnStatusOK( bnStatus ) && i >= 0; i-- )
363 CK(
BN_mul( &llProducts[ i ], &llProducts[ i + 1 ],
364 &llPrimes[ indices[ i ] ], pkcInfo->bnCTX ) );
376 if( primeSieve( p ) )
378 status = primeProbable( pkcInfo, p, noChecks );
390 for( i = 0; i < nFactors; i++ )
392 if( indices[ i ] > i )
402 if( ( indexMoved >= nFactors - 1 ) || ( i >= nFactors ) )
408 for( i = indexMoved - 1; i >= 0; i-- )
409 indices[ i ] = indices[ i + 1 ] - 1;
411 ENSURES( innerIterationCount < ( FAILSAFE_ITERATIONS_LARGE * 10 ) );
417 if( nPrimes >= MAX_NO_PRIMES )
421 DEBUG_DIAG((
"Iterated through %d primes trying to "
422 "generate DLP key", MAX_NO_PRIMES ));
427 status = generatePrime( pkcInfo, &llPrimes[ nPrimes++ ], factorBits,
433 ENSURES( iterationCount < FAILSAFE_ITERATIONS_LARGE );
443 status = findGeneratorForPQ( pkcInfo );
448 for( i = 0; i < nPrimes; i++ )
450 for( i = 0; i < nFactors; i++ )
461 static
int generateDLPPrivateValue(
INOUT PKC_INFO *pkcInfo )
463 BIGNUM *x = &pkcInfo->dlpParam_x, *q = &pkcInfo->dlpParam_q;
467 assert(
isWritePtr( pkcInfo,
sizeof( PKC_INFO ) ) );
474 return( generateBignum( x,
475 getDLPexpSize(
BN_num_bits( &pkcInfo->dlpParam_p ) ),
483 status = generateBignum( x, qBits, 0xC0, 0 );
491 CK(
BN_mod( x, x, q, pkcInfo->bnCTX ) );
498 status = generateBignum( x, qBits - 1, 0xC0, 0 );
506 static
int generateDLPPublicValue(
INOUT PKC_INFO *pkcInfo )
508 BIGNUM *p = &pkcInfo->dlpParam_p, *g = &pkcInfo->dlpParam_g;
509 BIGNUM *x = &pkcInfo->dlpParam_x, *y = &pkcInfo->dlpParam_y;
512 assert(
isWritePtr( pkcInfo,
sizeof( PKC_INFO ) ) );
515 &pkcInfo->dlpParam_mont_p ) );
533 static
int checkDLPDomainParameters(
INOUT PKC_INFO *pkcInfo,
535 const BOOLEAN isFullyInitialised )
537 BIGNUM *p = &pkcInfo->dlpParam_p, *g = &pkcInfo->dlpParam_g;
538 BIGNUM *tmp = &pkcInfo->tmp1;
541 assert(
isWritePtr( pkcInfo,
sizeof( PKC_INFO ) ) );
554 if( !primeSieve( p ) )
590 if( !primeSieve( &pkcInfo->dlpParam_q ) )
597 if( !isFullyInitialised )
600 &pkcInfo->dlpParam_mont_p ) );
608 static
int checkDLPPublicKey(
INOUT PKC_INFO *pkcInfo,
611 BIGNUM *p = &pkcInfo->dlpParam_p, *y = &pkcInfo->dlpParam_y;
612 BIGNUM *tmp = &pkcInfo->tmp1;
615 assert(
isWritePtr( pkcInfo,
sizeof( PKC_INFO ) ) );
630 pkcInfo->bnCTX, &pkcInfo->dlpParam_mont_p ) );
641 static
int checkDLPPrivateKey(
INOUT PKC_INFO *pkcInfo )
643 BIGNUM *p = &pkcInfo->dlpParam_p, *g = &pkcInfo->dlpParam_g;
644 BIGNUM *x = &pkcInfo->dlpParam_x, *y = &pkcInfo->dlpParam_y;
645 BIGNUM *tmp = &pkcInfo->tmp1;
648 assert(
isWritePtr( pkcInfo,
sizeof( PKC_INFO ) ) );
657 &pkcInfo->dlpParam_mont_p ) );
676 PKC_INFO *pkcInfo = contextInfoPtr->ctxPKC;
677 BIGNUM *p = &pkcInfo->dlpParam_p;
686 pkcInfo->keySizeBits = keyBits;
687 status = generateDLPPublicValues( pkcInfo, keyBits );
692 status = generateDLPPrivateValue( pkcInfo );
707 status = generateDLPPublicValue( pkcInfo );
712 status = checkDLPDomainParameters( pkcInfo,
FALSE,
TRUE );
714 status = checkDLPPublicKey( pkcInfo,
FALSE );
716 status = checkDLPPrivateKey( pkcInfo );
723 return( enableSidechannelProtection( pkcInfo,
724 contextInfoPtr->capabilityInfo->cryptAlgo ) );
736 PKC_INFO *pkcInfo = contextInfoPtr->ctxPKC;
737 BIGNUM *p = &pkcInfo->dlpParam_p, *g = &pkcInfo->dlpParam_g;
738 BIGNUM *x = &pkcInfo->dlpParam_x, *y = &pkcInfo->dlpParam_y;
739 BIGNUM *tmp = &pkcInfo->tmp1;
754 if( !isPKCS3 &&
BN_is_zero( &pkcInfo->dlpParam_q ) )
756 if( isPrivateKey && !isDH &&
BN_is_zero( x ) )
760 status = checkDLPDomainParameters( pkcInfo, isPKCS3,
FALSE );
779 &pkcInfo->dlpParam_mont_p ) );
789 status = generateDLPPrivateValue( pkcInfo );
840 status = generateDLPPublicValue( pkcInfo );
846 status = checkDLPPublicKey( pkcInfo, isPKCS3 );
851 if( isPrivateKey || generatedX )
853 status = checkDLPPrivateKey( pkcInfo );
861 return( enableSidechannelProtection( pkcInfo,
862 contextInfoPtr->capabilityInfo->cryptAlgo ) );