782 lines
17 KiB
C
782 lines
17 KiB
C
/*
|
|
* Copyright (C) 2019 Sean Parkinson, wolfSSL Inc.
|
|
*
|
|
* Permission is hereby granted, free of charge, to any person obtaining a copy
|
|
* of this software and associated documentation files (the "Software"), to deal
|
|
* in the Software without restriction, including without limitation the rights
|
|
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
|
* copies of the Software, and to permit persons to whom the Software is
|
|
* furnished to do so, subject to the following conditions:
|
|
*
|
|
* The above copyright notice and this permission notice shall be included in
|
|
* all copies or substantial portions of the Software.
|
|
*
|
|
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
|
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
|
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
|
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
|
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
|
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
|
|
* THE SOFTWARE.
|
|
*/
|
|
|
|
#include "wolfssl_common.h"
|
|
|
|
#ifndef NO_RSA
|
|
|
|
#include "wolfssl_rsa_private_key.h"
|
|
#include "wolfssl_rsa_public_key.h"
|
|
#include "wolfssl_util.h"
|
|
|
|
#include <utils/debug.h>
|
|
#include <crypto/hashers/hasher.h>
|
|
#include <credentials/keys/signature_params.h>
|
|
|
|
#include <wolfssl/wolfcrypt/rsa.h>
|
|
#include <wolfssl/wolfcrypt/asn.h>
|
|
|
|
typedef struct private_wolfssl_rsa_private_key_t private_wolfssl_rsa_private_key_t;
|
|
|
|
/**
|
|
* Private data of a wolfssl_rsa_private_key_t object
|
|
*/
|
|
struct private_wolfssl_rsa_private_key_t {
|
|
|
|
/**
|
|
* Public interface
|
|
*/
|
|
wolfssl_rsa_private_key_t public;
|
|
|
|
/**
|
|
* RSA key object from wolfSSL
|
|
*/
|
|
RsaKey rsa;
|
|
|
|
/**
|
|
* Random number generator to use with RSA operations.
|
|
*/
|
|
WC_RNG rng;
|
|
|
|
/**
|
|
* Reference count
|
|
*/
|
|
refcount_t ref;
|
|
};
|
|
|
|
/* implemented in rsa public key */
|
|
bool wolfssl_rsa_encode_public(RsaKey *rsa, chunk_t *encoding);
|
|
bool wolfssl_rsa_fingerprint(RsaKey *rsa, cred_encoding_type_t type, chunk_t *fp);
|
|
|
|
/**
|
|
* Build RSA signature
|
|
*/
|
|
static bool build_signature(private_wolfssl_rsa_private_key_t *this,
|
|
enum wc_HashType hash, chunk_t data, chunk_t *sig)
|
|
{
|
|
int ret = wc_RsaSSL_Sign(data.ptr, data.len, sig->ptr, sig->len, &this->rsa,
|
|
&this->rng);
|
|
if (ret > 0)
|
|
{
|
|
sig->len = ret;
|
|
}
|
|
return ret > 0;
|
|
}
|
|
|
|
/**
|
|
* Build an EMSA PKCS1 signature described in PKCS#1
|
|
*/
|
|
static bool build_emsa_pkcs1_signature(private_wolfssl_rsa_private_key_t *this,
|
|
enum wc_HashType hash, chunk_t data,
|
|
chunk_t *sig)
|
|
{
|
|
bool success = FALSE;
|
|
chunk_t dgst, digestInfo;
|
|
int len;
|
|
|
|
*sig = chunk_alloc(wc_RsaEncryptSize(&this->rsa));
|
|
|
|
if (hash == WC_HASH_TYPE_NONE)
|
|
{
|
|
success = build_signature(this, hash, data, sig);
|
|
}
|
|
else if (wolfssl_hash_chunk(hash, data, &dgst))
|
|
{
|
|
digestInfo = chunk_alloc(MAX_DER_DIGEST_SZ);
|
|
len = wc_EncodeSignature(digestInfo.ptr, dgst.ptr, dgst.len,
|
|
wc_HashGetOID(hash));
|
|
if (len > 0)
|
|
{
|
|
digestInfo.len = len;
|
|
success = build_signature(this, hash, digestInfo, sig);
|
|
}
|
|
chunk_free(&digestInfo);
|
|
chunk_free(&dgst);
|
|
}
|
|
|
|
if (!success)
|
|
{
|
|
chunk_free(sig);
|
|
}
|
|
return success;
|
|
}
|
|
|
|
#ifdef WC_RSA_PSS
|
|
/**
|
|
* Build an EMSA PSS signature described in PKCS#1
|
|
*/
|
|
static bool build_emsa_pss_signature(private_wolfssl_rsa_private_key_t *this,
|
|
rsa_pss_params_t *params, chunk_t data,
|
|
chunk_t *sig)
|
|
{
|
|
bool success = FALSE;
|
|
chunk_t dgst = chunk_empty;
|
|
enum wc_HashType hash;
|
|
int mgf, ret;
|
|
|
|
if (!wolfssl_hash2type(params->hash, &hash))
|
|
{
|
|
return FALSE;
|
|
}
|
|
if (!wolfssl_hash2mgf1(params->mgf1_hash, &mgf))
|
|
{
|
|
return FALSE;
|
|
}
|
|
|
|
*sig = chunk_alloc(wc_RsaEncryptSize(&this->rsa));
|
|
|
|
if (wolfssl_hash_chunk(hash, data, &dgst))
|
|
{
|
|
ret = wc_RsaPSS_Sign_ex(dgst.ptr, dgst.len, sig->ptr, sig->len, hash,
|
|
mgf, params->salt_len, &this->rsa, &this->rng);
|
|
if (ret > 0)
|
|
{
|
|
sig->len = ret;
|
|
success = TRUE;
|
|
}
|
|
}
|
|
|
|
chunk_free(&dgst);
|
|
if (!success)
|
|
{
|
|
chunk_free(sig);
|
|
}
|
|
return success;
|
|
}
|
|
#endif
|
|
|
|
|
|
METHOD(private_key_t, get_type, key_type_t,
|
|
private_wolfssl_rsa_private_key_t *this)
|
|
{
|
|
return KEY_RSA;
|
|
}
|
|
|
|
METHOD(private_key_t, sign, bool,
|
|
private_wolfssl_rsa_private_key_t *this, signature_scheme_t scheme,
|
|
void *params, chunk_t data, chunk_t *signature)
|
|
{
|
|
switch (scheme)
|
|
{
|
|
case SIGN_RSA_EMSA_PKCS1_NULL:
|
|
return build_emsa_pkcs1_signature(this, WC_HASH_TYPE_NONE, data,
|
|
signature);
|
|
#ifdef WOLFSSL_SHA224
|
|
case SIGN_RSA_EMSA_PKCS1_SHA2_224:
|
|
return build_emsa_pkcs1_signature(this, WC_HASH_TYPE_SHA224, data,
|
|
signature);
|
|
#endif
|
|
#ifndef NO_SHA256
|
|
case SIGN_RSA_EMSA_PKCS1_SHA2_256:
|
|
return build_emsa_pkcs1_signature(this, WC_HASH_TYPE_SHA256, data,
|
|
signature);
|
|
#endif
|
|
#ifdef WOLFSSL_SHA384
|
|
case SIGN_RSA_EMSA_PKCS1_SHA2_384:
|
|
return build_emsa_pkcs1_signature(this, WC_HASH_TYPE_SHA384, data,
|
|
signature);
|
|
#endif
|
|
#ifdef WOLFSSL_SHA512
|
|
case SIGN_RSA_EMSA_PKCS1_SHA2_512:
|
|
return build_emsa_pkcs1_signature(this, WC_HASH_TYPE_SHA512, data,
|
|
signature);
|
|
#endif
|
|
#if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_224)
|
|
case SIGN_RSA_EMSA_PKCS1_SHA3_224:
|
|
return build_emsa_pkcs1_signature(this, WC_HASH_TYPE_SHA3_224,
|
|
data, signature);
|
|
#endif
|
|
#if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_256)
|
|
case SIGN_RSA_EMSA_PKCS1_SHA3_256:
|
|
return build_emsa_pkcs1_signature(this, WC_HASH_TYPE_SHA3_256,
|
|
data, signature);
|
|
#endif
|
|
#if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_384)
|
|
case SIGN_RSA_EMSA_PKCS1_SHA3_384:
|
|
return build_emsa_pkcs1_signature(this, WC_HASH_TYPE_SHA3_384,
|
|
data, signature);
|
|
#endif
|
|
#if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_512)
|
|
case SIGN_RSA_EMSA_PKCS1_SHA3_512:
|
|
return build_emsa_pkcs1_signature(this, WC_HASH_TYPE_SHA3_512,
|
|
data, signature);
|
|
#endif
|
|
#ifndef NO_SHA
|
|
case SIGN_RSA_EMSA_PKCS1_SHA1:
|
|
return build_emsa_pkcs1_signature(this, WC_HASH_TYPE_SHA, data,
|
|
signature);
|
|
#endif
|
|
#ifndef NO_MD5
|
|
case SIGN_RSA_EMSA_PKCS1_MD5:
|
|
return build_emsa_pkcs1_signature(this, WC_HASH_TYPE_MD5, data,
|
|
signature);
|
|
#endif
|
|
#ifdef WC_RSA_PSS
|
|
case SIGN_RSA_EMSA_PSS:
|
|
return build_emsa_pss_signature(this, params, data, signature);
|
|
#endif
|
|
default:
|
|
DBG1(DBG_LIB, "signature scheme %N not supported via wolfssl",
|
|
signature_scheme_names, scheme);
|
|
return FALSE;
|
|
}
|
|
}
|
|
|
|
METHOD(private_key_t, decrypt, bool,
|
|
private_wolfssl_rsa_private_key_t *this, encryption_scheme_t scheme,
|
|
chunk_t crypto, chunk_t *plain)
|
|
{
|
|
int padding, mgf, len;
|
|
enum wc_HashType hash;
|
|
|
|
switch (scheme)
|
|
{
|
|
case ENCRYPT_RSA_PKCS1:
|
|
hash = WC_HASH_TYPE_NONE;
|
|
padding = WC_RSA_PKCSV15_PAD;
|
|
mgf = WC_MGF1NONE;
|
|
break;
|
|
#ifndef WC_NO_RSA_OAEP
|
|
#ifndef NO_SHA
|
|
case ENCRYPT_RSA_OAEP_SHA1:
|
|
hash = WC_HASH_TYPE_SHA;
|
|
padding = WC_RSA_OAEP_PAD;
|
|
mgf = WC_MGF1SHA1;
|
|
break;
|
|
#endif
|
|
#ifdef WOLFSSL_SHA224
|
|
case ENCRYPT_RSA_OAEP_SHA224:
|
|
hash = WC_HASH_TYPE_SHA224;
|
|
padding = WC_RSA_OAEP_PAD;
|
|
mgf = WC_MGF1SHA224;
|
|
break;
|
|
#endif
|
|
#ifndef NO_SHA256
|
|
case ENCRYPT_RSA_OAEP_SHA256:
|
|
hash = WC_HASH_TYPE_SHA256;
|
|
padding = WC_RSA_OAEP_PAD;
|
|
mgf = WC_MGF1SHA256;
|
|
break;
|
|
#endif
|
|
#ifdef WOLFSSL_SHA384
|
|
case ENCRYPT_RSA_OAEP_SHA384:
|
|
hash = WC_HASH_TYPE_SHA384;
|
|
padding = WC_RSA_OAEP_PAD;
|
|
mgf = WC_MGF1SHA384;
|
|
break;
|
|
#endif
|
|
#ifdef WOLFSSL_SHA512
|
|
case ENCRYPT_RSA_OAEP_SHA512:
|
|
hash = WC_HASH_TYPE_SHA512;
|
|
padding = WC_RSA_OAEP_PAD;
|
|
mgf = WC_MGF1SHA512;
|
|
break;
|
|
#endif
|
|
#endif
|
|
default:
|
|
DBG1(DBG_LIB, "encryption scheme %N not supported via wolfssl",
|
|
encryption_scheme_names, scheme);
|
|
return FALSE;
|
|
}
|
|
len = wc_RsaEncryptSize(&this->rsa);
|
|
*plain = chunk_alloc(len);
|
|
len = wc_RsaPrivateDecrypt_ex(crypto.ptr, crypto.len, plain->ptr, len,
|
|
&this->rsa, padding, hash, mgf, NULL, 0);
|
|
if (len < 0)
|
|
{
|
|
DBG1(DBG_LIB, "RSA decryption failed");
|
|
chunk_free(plain);
|
|
return FALSE;
|
|
}
|
|
plain->len = len;
|
|
return TRUE;
|
|
}
|
|
|
|
METHOD(private_key_t, get_keysize, int,
|
|
private_wolfssl_rsa_private_key_t *this)
|
|
{
|
|
return wc_RsaEncryptSize(&this->rsa) * 8;
|
|
}
|
|
|
|
METHOD(private_key_t, get_public_key, public_key_t*,
|
|
private_wolfssl_rsa_private_key_t *this)
|
|
{
|
|
public_key_t *key;
|
|
chunk_t enc;
|
|
|
|
if (!wolfssl_rsa_encode_public(&this->rsa, &enc))
|
|
{
|
|
return NULL;
|
|
}
|
|
key = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_RSA,
|
|
BUILD_BLOB_ASN1_DER, enc, BUILD_END);
|
|
chunk_free(&enc);
|
|
return key;
|
|
}
|
|
|
|
METHOD(private_key_t, get_fingerprint, bool,
|
|
private_wolfssl_rsa_private_key_t *this, cred_encoding_type_t type,
|
|
chunk_t *fingerprint)
|
|
{
|
|
return wolfssl_rsa_fingerprint(&this->rsa, type, fingerprint);
|
|
}
|
|
|
|
METHOD(private_key_t, get_encoding, bool,
|
|
private_wolfssl_rsa_private_key_t *this, cred_encoding_type_t type,
|
|
chunk_t *encoding)
|
|
{
|
|
switch (type)
|
|
{
|
|
case PRIVKEY_ASN1_DER:
|
|
case PRIVKEY_PEM:
|
|
{
|
|
bool success = TRUE;
|
|
int len;
|
|
|
|
/* n and d are of keysize length, p and q plus the three CRT
|
|
* params roughly half that, the version and e are small */
|
|
len = wc_RsaEncryptSize(&this->rsa) * 5 + MAX_SEQ_SZ;
|
|
*encoding = chunk_alloc(len);
|
|
len = wc_RsaKeyToDer(&this->rsa, encoding->ptr, len);
|
|
if (len < 0)
|
|
{
|
|
chunk_free(encoding);
|
|
return FALSE;
|
|
}
|
|
encoding->len = len;
|
|
|
|
if (type == PRIVKEY_PEM)
|
|
{
|
|
chunk_t asn1_encoding = *encoding;
|
|
|
|
success = lib->encoding->encode(lib->encoding, PRIVKEY_PEM,
|
|
NULL, encoding, CRED_PART_RSA_PRIV_ASN1_DER,
|
|
asn1_encoding, CRED_PART_END);
|
|
chunk_clear(&asn1_encoding);
|
|
}
|
|
return success;
|
|
}
|
|
default:
|
|
return FALSE;
|
|
}
|
|
}
|
|
|
|
METHOD(private_key_t, get_ref, private_key_t*,
|
|
private_wolfssl_rsa_private_key_t *this)
|
|
{
|
|
ref_get(&this->ref);
|
|
return &this->public.key;
|
|
}
|
|
|
|
METHOD(private_key_t, destroy, void,
|
|
private_wolfssl_rsa_private_key_t *this)
|
|
{
|
|
if (ref_put(&this->ref))
|
|
{
|
|
lib->encoding->clear_cache(lib->encoding, &this->rsa);
|
|
wc_FreeRsaKey(&this->rsa);
|
|
wc_FreeRng(&this->rng);
|
|
free(this);
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Internal generic constructor
|
|
*/
|
|
static private_wolfssl_rsa_private_key_t *create_empty()
|
|
{
|
|
private_wolfssl_rsa_private_key_t *this;
|
|
|
|
INIT(this,
|
|
.public = {
|
|
.key = {
|
|
.get_type = _get_type,
|
|
.sign = _sign,
|
|
.decrypt = _decrypt,
|
|
.get_keysize = _get_keysize,
|
|
.get_public_key = _get_public_key,
|
|
.equals = private_key_equals,
|
|
.belongs_to = private_key_belongs_to,
|
|
.get_fingerprint = _get_fingerprint,
|
|
.has_fingerprint = private_key_has_fingerprint,
|
|
.get_encoding = _get_encoding,
|
|
.get_ref = _get_ref,
|
|
.destroy = _destroy,
|
|
},
|
|
},
|
|
.ref = 1,
|
|
);
|
|
|
|
if (wc_InitRng(&this->rng) != 0)
|
|
{
|
|
DBG1(DBG_LIB, "init RNG failed, rsa private key create failed");
|
|
free(this);
|
|
return NULL;
|
|
}
|
|
if (wc_InitRsaKey(&this->rsa, NULL) != 0)
|
|
{
|
|
DBG1(DBG_LIB, "init RSA failed, rsa private key create failed");
|
|
wc_FreeRng(&this->rng);
|
|
free(this);
|
|
return NULL;
|
|
}
|
|
#ifdef WC_RSA_BLINDING
|
|
this->rsa.rng = &this->rng;
|
|
#endif
|
|
|
|
return this;
|
|
}
|
|
|
|
/*
|
|
* Described in header
|
|
*/
|
|
wolfssl_rsa_private_key_t *wolfssl_rsa_private_key_gen(key_type_t type,
|
|
va_list args)
|
|
{
|
|
private_wolfssl_rsa_private_key_t *this;
|
|
u_int key_size = 0;
|
|
|
|
while (TRUE)
|
|
{
|
|
switch (va_arg(args, builder_part_t))
|
|
{
|
|
case BUILD_KEY_SIZE:
|
|
key_size = va_arg(args, u_int);
|
|
continue;
|
|
case BUILD_END:
|
|
break;
|
|
default:
|
|
return NULL;
|
|
}
|
|
break;
|
|
}
|
|
if (!key_size)
|
|
{
|
|
return NULL;
|
|
}
|
|
|
|
this = create_empty();
|
|
if (!this)
|
|
{
|
|
return NULL;
|
|
}
|
|
|
|
if (wc_MakeRsaKey(&this->rsa, key_size, WC_RSA_EXPONENT, &this->rng) < 0)
|
|
{
|
|
destroy(this);
|
|
return NULL;
|
|
}
|
|
return &this->public;
|
|
}
|
|
|
|
/**
|
|
* Allocate a random number in the range [0, n-1]
|
|
*/
|
|
static bool wolfssl_mp_rand(mp_int *n, WC_RNG *rng, mp_int *r)
|
|
{
|
|
int len, ret;
|
|
|
|
/* ensure the number has enough memory. */
|
|
ret = mp_set_bit(r, mp_count_bits(n));
|
|
if (ret == 0)
|
|
{
|
|
len = sizeof(*r->dp) * n->used;
|
|
ret = wc_RNG_GenerateBlock(rng, (byte *)r->dp, len);
|
|
}
|
|
if (ret == 0)
|
|
{
|
|
ret = mp_mod(r, n, r);
|
|
}
|
|
return ret == 0;
|
|
}
|
|
|
|
/**
|
|
* Recover the primes from n, e and d using the algorithm described in
|
|
* Appendix C of NIST SP 800-56B.
|
|
*/
|
|
static bool calculate_pq(mp_int *n, mp_int *e, mp_int *d, mp_int *p, mp_int *q,
|
|
mp_int *t1, mp_int *t2, WC_RNG* rng)
|
|
{
|
|
int i, t, j;
|
|
bool success = FALSE;
|
|
mp_int *k = p;
|
|
mp_int *r = p;
|
|
mp_int *n1 = q;
|
|
mp_int *g = t2;
|
|
mp_int *y = t2;
|
|
mp_int *x = t1;
|
|
|
|
/* k = (d * e) - 1 */
|
|
if (mp_mul(d, e, k) != 0)
|
|
{
|
|
goto error;
|
|
}
|
|
if (mp_sub_d(k, 1, k) != 0)
|
|
{
|
|
goto error;
|
|
}
|
|
/* k must be even */
|
|
if (mp_isodd(k))
|
|
{
|
|
goto error;
|
|
}
|
|
/* k = 2^t * r, where r is the largest odd integer dividing k, and t >= 1 */
|
|
if (mp_copy(k, r) != 0)
|
|
{
|
|
goto error;
|
|
}
|
|
for (t = 0; !mp_isodd(r); t++)
|
|
{ /* r = r/2 */
|
|
if (mp_div_2(r, r) != 0)
|
|
goto error;
|
|
}
|
|
/* we need n-1 below */
|
|
if (mp_sub_d(n, 1, n1) != 0)
|
|
{
|
|
goto error;
|
|
}
|
|
for (i = 0; i < 100; i++)
|
|
{ /* generate random integer g in [0, n-1] */
|
|
if (!wolfssl_mp_rand(n, rng, g))
|
|
{
|
|
goto error;
|
|
}
|
|
/* y = g^r mod n */
|
|
if (mp_exptmod(g, r, n, y) != 0)
|
|
{
|
|
goto error;
|
|
}
|
|
/* try again if y == 1 or y == n-1 */
|
|
if (mp_isone(y) || mp_cmp(y, n1) == MP_EQ)
|
|
{
|
|
continue;
|
|
}
|
|
for (j = 0; j < t; j++)
|
|
{ /* x = y^2 mod n */
|
|
if (mp_sqrmod(y, n, x) != 0)
|
|
{
|
|
goto error;
|
|
}
|
|
/* stop if x == 1 */
|
|
if (mp_isone(x))
|
|
{
|
|
goto done;
|
|
}
|
|
/* retry with new g if x = n-1 */
|
|
if (mp_cmp(x, n1) == MP_EQ)
|
|
{
|
|
break;
|
|
}
|
|
/* y = x */
|
|
if (mp_copy(x, y) != 0)
|
|
{
|
|
goto error;
|
|
}
|
|
}
|
|
}
|
|
goto error;
|
|
|
|
done:
|
|
/* p = gcd(y-1, n) */
|
|
if (mp_sub_d(y, 1, y) != 0)
|
|
{
|
|
goto error;
|
|
}
|
|
if (mp_gcd(y, n, p) != 0)
|
|
{
|
|
goto error;
|
|
}
|
|
/* q = n/p */
|
|
if (mp_div(n, p, q, NULL) != 0)
|
|
{
|
|
goto error;
|
|
}
|
|
|
|
success = TRUE;
|
|
|
|
error:
|
|
return success;
|
|
}
|
|
|
|
/**
|
|
* Calculates dp = d (mod p-1) or dq = d (mod q-1) for the Chinese remainder
|
|
* algorithm.
|
|
*/
|
|
static bool dmodpq1(mp_int *d, mp_int *pq, mp_int *res)
|
|
{
|
|
/* p|q - 1
|
|
* d (mod p|q -1) */
|
|
return mp_sub_d(pq, 1, res) == 0 &&
|
|
mp_mod(d, res, res) == 0;
|
|
}
|
|
|
|
/**
|
|
* Calculates qinv = q^-1 (mod p) for the Chinese remainder algorithm.
|
|
*/
|
|
static int qinv(mp_int *q, mp_int *p, mp_int *res)
|
|
{
|
|
/* q^-1 (mod p) */
|
|
return mp_invmod(q, p, res) == 0;
|
|
}
|
|
|
|
/*
|
|
* Described in header
|
|
*/
|
|
wolfssl_rsa_private_key_t *wolfssl_rsa_private_key_load(key_type_t type,
|
|
va_list args)
|
|
{
|
|
private_wolfssl_rsa_private_key_t *this;
|
|
chunk_t blob, n, e, d, p, q, exp1, exp2, coeff;
|
|
word32 idx;
|
|
int ret;
|
|
|
|
blob = n = e = d = p = q = exp1 = exp2 = coeff = chunk_empty;
|
|
while (TRUE)
|
|
{
|
|
switch (va_arg(args, builder_part_t))
|
|
{
|
|
case BUILD_BLOB_ASN1_DER:
|
|
blob = va_arg(args, chunk_t);
|
|
continue;
|
|
case BUILD_RSA_MODULUS:
|
|
n = va_arg(args, chunk_t);
|
|
continue;
|
|
case BUILD_RSA_PUB_EXP:
|
|
e = va_arg(args, chunk_t);
|
|
continue;
|
|
case BUILD_RSA_PRIV_EXP:
|
|
d = va_arg(args, chunk_t);
|
|
continue;
|
|
case BUILD_RSA_PRIME1:
|
|
p = va_arg(args, chunk_t);
|
|
continue;
|
|
case BUILD_RSA_PRIME2:
|
|
q = va_arg(args, chunk_t);
|
|
continue;
|
|
case BUILD_RSA_EXP1:
|
|
exp1 = va_arg(args, chunk_t);
|
|
continue;
|
|
case BUILD_RSA_EXP2:
|
|
exp2 = va_arg(args, chunk_t);
|
|
continue;
|
|
case BUILD_RSA_COEFF:
|
|
coeff = va_arg(args, chunk_t);
|
|
continue;
|
|
case BUILD_END:
|
|
break;
|
|
default:
|
|
return NULL;
|
|
}
|
|
break;
|
|
}
|
|
|
|
this = create_empty();
|
|
if (!this)
|
|
{
|
|
return NULL;
|
|
}
|
|
|
|
if (blob.ptr)
|
|
{
|
|
idx = 0;
|
|
ret = wc_RsaPrivateKeyDecode(blob.ptr, &idx, &this->rsa, blob.len);
|
|
if (ret == 0)
|
|
{
|
|
return &this->public;
|
|
}
|
|
}
|
|
else if (n.ptr && e.ptr && d.ptr)
|
|
{
|
|
this->rsa.type = RSA_PRIVATE;
|
|
|
|
if (mp_read_unsigned_bin(&this->rsa.n, n.ptr, n.len) != 0)
|
|
{
|
|
goto error;
|
|
}
|
|
if (mp_read_unsigned_bin(&this->rsa.e, e.ptr, e.len) != 0)
|
|
{
|
|
goto error;
|
|
}
|
|
if (mp_read_unsigned_bin(&this->rsa.d, d.ptr, d.len) != 0)
|
|
{
|
|
goto error;
|
|
}
|
|
if (p.ptr && q.ptr)
|
|
{
|
|
if (mp_read_unsigned_bin(&this->rsa.p, p.ptr, p.len) != 0)
|
|
{
|
|
goto error;
|
|
}
|
|
if (mp_read_unsigned_bin(&this->rsa.q, q.ptr, q.len) != 0)
|
|
{
|
|
goto error;
|
|
}
|
|
}
|
|
else if (!calculate_pq(&this->rsa.n, &this->rsa.e, &this->rsa.d,
|
|
&this->rsa.p, &this->rsa.q, &this->rsa.dP,
|
|
&this->rsa.dQ, &this->rng))
|
|
{
|
|
goto error;
|
|
}
|
|
if (exp1.ptr)
|
|
{
|
|
if (mp_read_unsigned_bin(&this->rsa.dP, exp1.ptr, exp1.len) != 0)
|
|
{
|
|
goto error;
|
|
}
|
|
}
|
|
else if (!dmodpq1(&this->rsa.d, &this->rsa.p, &this->rsa.dP))
|
|
{
|
|
goto error;
|
|
}
|
|
if (exp2.ptr)
|
|
{
|
|
if (mp_read_unsigned_bin(&this->rsa.dQ, exp2.ptr, exp2.len) != 0)
|
|
{
|
|
goto error;
|
|
}
|
|
}
|
|
else if (!dmodpq1(&this->rsa.d, &this->rsa.q, &this->rsa.dQ))
|
|
{
|
|
goto error;
|
|
}
|
|
if (coeff.ptr)
|
|
{
|
|
if (mp_read_unsigned_bin(&this->rsa.u, coeff.ptr, coeff.len) != 0)
|
|
{
|
|
goto error;
|
|
}
|
|
}
|
|
else if (!qinv(&this->rsa.q, &this->rsa.p, &this->rsa.u))
|
|
{
|
|
goto error;
|
|
}
|
|
|
|
return &this->public;
|
|
}
|
|
error:
|
|
destroy(this);
|
|
return NULL;
|
|
}
|
|
|
|
#endif /* NO_RSA */
|