|
1 /* crypto/rsa/rsa_chk.c -*- Mode: C; c-file-style: "eay" -*- */ |
|
2 /* ==================================================================== |
|
3 * Copyright (c) 1999 The OpenSSL Project. All rights reserved. |
|
4 * |
|
5 * Redistribution and use in source and binary forms, with or without |
|
6 * modification, are permitted provided that the following conditions |
|
7 * are met: |
|
8 * |
|
9 * 1. Redistributions of source code must retain the above copyright |
|
10 * notice, this list of conditions and the following disclaimer. |
|
11 * |
|
12 * 2. Redistributions in binary form must reproduce the above copyright |
|
13 * notice, this list of conditions and the following disclaimer in |
|
14 * the documentation and/or other materials provided with the |
|
15 * distribution. |
|
16 * |
|
17 * 3. All advertising materials mentioning features or use of this |
|
18 * software must display the following acknowledgment: |
|
19 * "This product includes software developed by the OpenSSL Project |
|
20 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" |
|
21 * |
|
22 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to |
|
23 * endorse or promote products derived from this software without |
|
24 * prior written permission. For written permission, please contact |
|
25 * openssl-core@OpenSSL.org. |
|
26 * |
|
27 * 5. Products derived from this software may not be called "OpenSSL" |
|
28 * nor may "OpenSSL" appear in their names without prior written |
|
29 * permission of the OpenSSL Project. |
|
30 * |
|
31 * 6. Redistributions of any form whatsoever must retain the following |
|
32 * acknowledgment: |
|
33 * "This product includes software developed by the OpenSSL Project |
|
34 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" |
|
35 * |
|
36 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY |
|
37 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
|
38 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR |
|
39 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR |
|
40 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, |
|
41 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT |
|
42 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; |
|
43 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
|
44 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, |
|
45 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) |
|
46 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED |
|
47 * OF THE POSSIBILITY OF SUCH DAMAGE. |
|
48 * ==================================================================== |
|
49 */ |
|
50 |
|
51 #include <openssl/bn.h> |
|
52 #include <openssl/err.h> |
|
53 #include <openssl/rsa.h> |
|
54 |
|
55 |
|
56 EXPORT_C int RSA_check_key(const RSA *key) |
|
57 { |
|
58 BIGNUM *i, *j, *k, *l, *m; |
|
59 BN_CTX *ctx; |
|
60 int r; |
|
61 int ret=1; |
|
62 |
|
63 i = BN_new(); |
|
64 j = BN_new(); |
|
65 k = BN_new(); |
|
66 l = BN_new(); |
|
67 m = BN_new(); |
|
68 ctx = BN_CTX_new(); |
|
69 if (i == NULL || j == NULL || k == NULL || l == NULL || |
|
70 m == NULL || ctx == NULL) |
|
71 { |
|
72 ret = -1; |
|
73 RSAerr(RSA_F_RSA_CHECK_KEY, ERR_R_MALLOC_FAILURE); |
|
74 goto err; |
|
75 } |
|
76 |
|
77 /* p prime? */ |
|
78 r = BN_is_prime_ex(key->p, BN_prime_checks, NULL, NULL); |
|
79 if (r != 1) |
|
80 { |
|
81 ret = r; |
|
82 if (r != 0) |
|
83 goto err; |
|
84 RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_P_NOT_PRIME); |
|
85 } |
|
86 |
|
87 /* q prime? */ |
|
88 r = BN_is_prime_ex(key->q, BN_prime_checks, NULL, NULL); |
|
89 if (r != 1) |
|
90 { |
|
91 ret = r; |
|
92 if (r != 0) |
|
93 goto err; |
|
94 RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_Q_NOT_PRIME); |
|
95 } |
|
96 |
|
97 /* n = p*q? */ |
|
98 r = BN_mul(i, key->p, key->q, ctx); |
|
99 if (!r) { ret = -1; goto err; } |
|
100 |
|
101 if (BN_cmp(i, key->n) != 0) |
|
102 { |
|
103 ret = 0; |
|
104 RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_N_DOES_NOT_EQUAL_P_Q); |
|
105 } |
|
106 |
|
107 /* d*e = 1 mod lcm(p-1,q-1)? */ |
|
108 |
|
109 r = BN_sub(i, key->p, BN_value_one()); |
|
110 if (!r) { ret = -1; goto err; } |
|
111 r = BN_sub(j, key->q, BN_value_one()); |
|
112 if (!r) { ret = -1; goto err; } |
|
113 |
|
114 /* now compute k = lcm(i,j) */ |
|
115 r = BN_mul(l, i, j, ctx); |
|
116 if (!r) { ret = -1; goto err; } |
|
117 r = BN_gcd(m, i, j, ctx); |
|
118 if (!r) { ret = -1; goto err; } |
|
119 r = BN_div(k, NULL, l, m, ctx); /* remainder is 0 */ |
|
120 if (!r) { ret = -1; goto err; } |
|
121 |
|
122 r = BN_mod_mul(i, key->d, key->e, k, ctx); |
|
123 if (!r) { ret = -1; goto err; } |
|
124 |
|
125 if (!BN_is_one(i)) |
|
126 { |
|
127 ret = 0; |
|
128 RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_D_E_NOT_CONGRUENT_TO_1); |
|
129 } |
|
130 |
|
131 if (key->dmp1 != NULL && key->dmq1 != NULL && key->iqmp != NULL) |
|
132 { |
|
133 /* dmp1 = d mod (p-1)? */ |
|
134 r = BN_sub(i, key->p, BN_value_one()); |
|
135 if (!r) { ret = -1; goto err; } |
|
136 |
|
137 r = BN_mod(j, key->d, i, ctx); |
|
138 if (!r) { ret = -1; goto err; } |
|
139 |
|
140 if (BN_cmp(j, key->dmp1) != 0) |
|
141 { |
|
142 ret = 0; |
|
143 RSAerr(RSA_F_RSA_CHECK_KEY, |
|
144 RSA_R_DMP1_NOT_CONGRUENT_TO_D); |
|
145 } |
|
146 |
|
147 /* dmq1 = d mod (q-1)? */ |
|
148 r = BN_sub(i, key->q, BN_value_one()); |
|
149 if (!r) { ret = -1; goto err; } |
|
150 |
|
151 r = BN_mod(j, key->d, i, ctx); |
|
152 if (!r) { ret = -1; goto err; } |
|
153 |
|
154 if (BN_cmp(j, key->dmq1) != 0) |
|
155 { |
|
156 ret = 0; |
|
157 RSAerr(RSA_F_RSA_CHECK_KEY, |
|
158 RSA_R_DMQ1_NOT_CONGRUENT_TO_D); |
|
159 } |
|
160 |
|
161 /* iqmp = q^-1 mod p? */ |
|
162 if(!BN_mod_inverse(i, key->q, key->p, ctx)) |
|
163 { |
|
164 ret = -1; |
|
165 goto err; |
|
166 } |
|
167 |
|
168 if (BN_cmp(i, key->iqmp) != 0) |
|
169 { |
|
170 ret = 0; |
|
171 RSAerr(RSA_F_RSA_CHECK_KEY, |
|
172 RSA_R_IQMP_NOT_INVERSE_OF_Q); |
|
173 } |
|
174 } |
|
175 |
|
176 err: |
|
177 if (i != NULL) BN_free(i); |
|
178 if (j != NULL) BN_free(j); |
|
179 if (k != NULL) BN_free(k); |
|
180 if (l != NULL) BN_free(l); |
|
181 if (m != NULL) BN_free(m); |
|
182 if (ctx != NULL) BN_CTX_free(ctx); |
|
183 return (ret); |
|
184 } |