OpenSSL
1.0.1c
Main Page
Classes
Files
File List
File Members
All
Classes
Files
Functions
Variables
Typedefs
Enumerations
Enumerator
Macros
crypto
rsa
rsa_chk.c
Go to the documentation of this file.
1
/* crypto/rsa/rsa_chk.c -*- Mode: C; c-file-style: "eay" -*- */
2
/* ====================================================================
3
* Copyright (c) 1999 The OpenSSL Project. All rights reserved.
4
*
5
* Redistribution and use in source and binary forms, with or without
6
* modification, are permitted provided that the following conditions
7
* are met:
8
*
9
* 1. Redistributions of source code must retain the above copyright
10
* notice, this list of conditions and the following disclaimer.
11
*
12
* 2. Redistributions in binary form must reproduce the above copyright
13
* notice, this list of conditions and the following disclaimer in
14
* the documentation and/or other materials provided with the
15
* distribution.
16
*
17
* 3. All advertising materials mentioning features or use of this
18
* software must display the following acknowledgment:
19
* "This product includes software developed by the OpenSSL Project
20
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
21
*
22
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23
* endorse or promote products derived from this software without
24
* prior written permission. For written permission, please contact
25
*
[email protected]
.
26
*
27
* 5. Products derived from this software may not be called "OpenSSL"
28
* nor may "OpenSSL" appear in their names without prior written
29
* permission of the OpenSSL Project.
30
*
31
* 6. Redistributions of any form whatsoever must retain the following
32
* acknowledgment:
33
* "This product includes software developed by the OpenSSL Project
34
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
35
*
36
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
40
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47
* OF THE POSSIBILITY OF SUCH DAMAGE.
48
* ====================================================================
49
*/
50
51
#include <
openssl/bn.h
>
52
#include <
openssl/err.h
>
53
#include <
openssl/rsa.h
>
54
55
56
int
RSA_check_key
(
const
RSA
*
key
)
57
{
58
BIGNUM
*i, *j, *
k
, *l, *m;
59
BN_CTX
*ctx;
60
int
r;
61
int
ret=1;
62
63
i =
BN_new
();
64
j =
BN_new
();
65
k =
BN_new
();
66
l =
BN_new
();
67
m =
BN_new
();
68
ctx =
BN_CTX_new
();
69
if
(i == NULL || j == NULL || k == NULL || l == NULL ||
70
m == NULL || ctx == NULL)
71
{
72
ret = -1;
73
RSAerr
(
RSA_F_RSA_CHECK_KEY
,
ERR_R_MALLOC_FAILURE
);
74
goto
err;
75
}
76
77
/* p prime? */
78
r =
BN_is_prime_ex
(key->
p
,
BN_prime_checks
, NULL, NULL);
79
if
(r != 1)
80
{
81
ret = r;
82
if
(r != 0)
83
goto
err;
84
RSAerr
(
RSA_F_RSA_CHECK_KEY
,
RSA_R_P_NOT_PRIME
);
85
}
86
87
/* q prime? */
88
r =
BN_is_prime_ex
(key->
q
,
BN_prime_checks
, NULL, NULL);
89
if
(r != 1)
90
{
91
ret = r;
92
if
(r != 0)
93
goto
err;
94
RSAerr
(
RSA_F_RSA_CHECK_KEY
,
RSA_R_Q_NOT_PRIME
);
95
}
96
97
/* n = p*q? */
98
r =
BN_mul
(i, key->
p
, key->
q
, ctx);
99
if
(!r) { ret = -1;
goto
err; }
100
101
if
(
BN_cmp
(i, key->
n
) != 0)
102
{
103
ret = 0;
104
RSAerr
(
RSA_F_RSA_CHECK_KEY
,
RSA_R_N_DOES_NOT_EQUAL_P_Q
);
105
}
106
107
/* d*e = 1 mod lcm(p-1,q-1)? */
108
109
r =
BN_sub
(i, key->
p
,
BN_value_one
());
110
if
(!r) { ret = -1;
goto
err; }
111
r =
BN_sub
(j, key->
q
,
BN_value_one
());
112
if
(!r) { ret = -1;
goto
err; }
113
114
/* now compute k = lcm(i,j) */
115
r =
BN_mul
(l, i, j, ctx);
116
if
(!r) { ret = -1;
goto
err; }
117
r =
BN_gcd
(m, i, j, ctx);
118
if
(!r) { ret = -1;
goto
err; }
119
r =
BN_div
(k, NULL, l, m, ctx);
/* remainder is 0 */
120
if
(!r) { ret = -1;
goto
err; }
121
122
r =
BN_mod_mul
(i, key->
d
, key->
e
, k, ctx);
123
if
(!r) { ret = -1;
goto
err; }
124
125
if
(!
BN_is_one
(i))
126
{
127
ret = 0;
128
RSAerr
(
RSA_F_RSA_CHECK_KEY
,
RSA_R_D_E_NOT_CONGRUENT_TO_1
);
129
}
130
131
if
(key->
dmp1
!= NULL && key->
dmq1
!= NULL && key->
iqmp
!= NULL)
132
{
133
/* dmp1 = d mod (p-1)? */
134
r =
BN_sub
(i, key->
p
,
BN_value_one
());
135
if
(!r) { ret = -1;
goto
err; }
136
137
r =
BN_mod
(j, key->
d
, i, ctx);
138
if
(!r) { ret = -1;
goto
err; }
139
140
if
(
BN_cmp
(j, key->
dmp1
) != 0)
141
{
142
ret = 0;
143
RSAerr
(
RSA_F_RSA_CHECK_KEY
,
144
RSA_R_DMP1_NOT_CONGRUENT_TO_D
);
145
}
146
147
/* dmq1 = d mod (q-1)? */
148
r =
BN_sub
(i, key->
q
,
BN_value_one
());
149
if
(!r) { ret = -1;
goto
err; }
150
151
r =
BN_mod
(j, key->
d
, i, ctx);
152
if
(!r) { ret = -1;
goto
err; }
153
154
if
(
BN_cmp
(j, key->
dmq1
) != 0)
155
{
156
ret = 0;
157
RSAerr
(
RSA_F_RSA_CHECK_KEY
,
158
RSA_R_DMQ1_NOT_CONGRUENT_TO_D
);
159
}
160
161
/* iqmp = q^-1 mod p? */
162
if
(!
BN_mod_inverse
(i, key->
q
, key->
p
, ctx))
163
{
164
ret = -1;
165
goto
err;
166
}
167
168
if
(
BN_cmp
(i, key->
iqmp
) != 0)
169
{
170
ret = 0;
171
RSAerr
(
RSA_F_RSA_CHECK_KEY
,
172
RSA_R_IQMP_NOT_INVERSE_OF_Q
);
173
}
174
}
175
176
err:
177
if
(i != NULL)
BN_free
(i);
178
if
(j != NULL)
BN_free
(j);
179
if
(k != NULL)
BN_free
(k);
180
if
(l != NULL)
BN_free
(l);
181
if
(m != NULL)
BN_free
(m);
182
if
(ctx != NULL)
BN_CTX_free
(ctx);
183
return
(ret);
184
}
Generated on Thu Jan 10 2013 09:53:38 for OpenSSL by
1.8.2
1.8.2
