From: Bodo Möller Date: Sun, 11 Jul 1999 22:01:41 +0000 (+0000) Subject: New function RSA_check_key. X-Git-Tag: OpenSSL_0_9_4~111 X-Git-Url: https://git.openssl.org/gitweb/?a=commitdiff_plain;ds=sidebyside;h=6519b2cb922cd7f5405112fba87f17f39adc82ee;p=openssl.git New function RSA_check_key. --- diff --git a/crypto/rsa/rsa_chk.c b/crypto/rsa/rsa_chk.c new file mode 100644 index 0000000000..2462c5e793 --- /dev/null +++ b/crypto/rsa/rsa_chk.c @@ -0,0 +1,159 @@ +/* crypto/rsa/rsa_chck.c -*- Mode: C; c-file-style: "eay" -*- */ +/* ==================================================================== + * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + */ + +#include +#include +#include + + +int RSA_check_key(RSA *key) + { + BIGNUM *i, *j, *k, *l, *m; + BN_CTX *ctx; + int ret=1; + + i = BN_new(); + j = BN_new(); + k = BN_new(); + l = BN_new(); + m = BN_new(); + ctx = BN_CTX_new(); + if (i == NULL || j == NULL || k == NULL || l == NULL || + m == NULL || ctx == NULL) + { + RSAerr(RSA_F_RSA_CHECK_KEY, ERR_R_MALLOC_FAILURE); + goto err; + } + + /* p prime? */ + if (BN_is_prime(key->p, BN_prime_checks, NULL, NULL, NULL) != 1) + { + ret = 0; + if (ERR_GET_REASON(ERR_peek_error()) == ERR_R_MALLOC_FAILURE) + goto err; + RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_P_NOT_PRIME); + } + + /* q prime? */ + if (BN_is_prime(key->q, BN_prime_checks, NULL, NULL, NULL) != 1) + { + ret = 0; + if (ERR_GET_REASON(ERR_peek_error()) == ERR_R_MALLOC_FAILURE) + goto err; + RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_Q_NOT_PRIME); + } + + /* n = p*q? */ + BN_mul(i, key->p, key->q, ctx); + if (BN_cmp(i, key->n) != 0) + { + ret = 0; + if (ERR_GET_REASON(ERR_peek_error()) == ERR_R_MALLOC_FAILURE) + goto err; + RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_N_DOES_NOT_EQUAL_PQ); + } + + /* dmp1 = d mod (p-1)? */ + BN_sub(i, key->p, BN_value_one()); + BN_mod(j, key->d, i, ctx); + if (BN_cmp(j, key->dmp1) != 0) + { + ret = 0; + if (ERR_GET_REASON(ERR_peek_error()) == ERR_R_MALLOC_FAILURE) + goto err; + RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_DMP1_NOT_CONGRUENT_TO_D); + } + + /* dmq1 = d mod (q-1)? */ + BN_sub(i, key->q, BN_value_one()); + BN_mod(j, key->d, i, ctx); + if (BN_cmp(j, key->dmq1) != 0) + { + ret = 0; + if (ERR_GET_REASON(ERR_peek_error()) == ERR_R_MALLOC_FAILURE) + goto err; + RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_DMQ1_NOT_CONGRUENT_TO_D); + } + + /* iqmp = q^-1 mod p? */ + BN_mod_inverse(i, key->q, key->p, ctx); + if (BN_cmp(i, key->iqmp) != 0) + { + ret = 0; + if (ERR_GET_REASON(ERR_peek_error()) == ERR_R_MALLOC_FAILURE) + goto err; + RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_IQMP_NOT_INVERSE_OF_Q); + } + + /* d*e = 1 mod lcm(p-1,q-1)? */ + BN_sub(i, key->p, BN_value_one()); + BN_sub(j, key->q, BN_value_one()); + /* now compute k = lcm(i,j) */ + BN_mul(l, i, j, ctx); + BN_gcd(m, i, j, ctx); + BN_div(k, NULL, l, m, ctx); /* remainder is 0 */ + BN_mod_mul(i, key->d, key->e, k, ctx); + if (!BN_is_one(i)) + { + ret = 0; + if (ERR_GET_REASON(ERR_peek_error()) == ERR_R_MALLOC_FAILURE) + goto err; + RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_DE_NOT_CONGRUENT_TO_1); + } + + err: + if (i != NULL) BN_free(i); + if (j != NULL) BN_free(j); + if (k != NULL) BN_free(k); + if (l != NULL) BN_free(l); + if (m != NULL) BN_free(m); + if (ctx != NULL) BN_CTX_free(ctx); + return (ret); + }