Crypt-Bear
62 results

 view release on metacpan or  search on metacpan

src/rsa/rsa_i15_keygen.c  view on Meta::CPAN 

 */
static uint32_t
invert_pubexp(uint16_t *d, const uint16_t *m, uint32_t e, uint16_t *t)
{
	uint16_t *f;
	uint32_t r;

	f = t;
	t += 1 + ((m[0] + 15) >> 4);

	/*
	 * Compute d = 1/e mod m. Since p = 3 mod 4, m is odd.
	 */
	br_i15_zero(d, m[0]);
	d[1] = 1;
	br_i15_zero(f, m[0]);
	f[1] = e & 0x7FFF;
	f[2] = (e >> 15) & 0x7FFF;
	f[3] = e >> 30;
	r = br_i15_moddiv(d, f, m, br_i15_ninv15(m[1]), t);

	/*
	 * We really want d = 1/e mod p-1, with p = 2m. By the CRT,
	 * the result is either the d we got, or d + m.
	 *
	 * Let's write e*d = 1 + k*m, for some integer k. Integers e
	 * and m are odd. If d is odd, then e*d is odd, which implies
	 * that k must be even; in that case, e*d = 1 + (k/2)*2m, and
	 * thus d is already fine. Conversely, if d is even, then k
	 * is odd, and we must add m to d in order to get the correct
	 * result.
	 */
	br_i15_add(d, m, (uint32_t)(1 - (d[1] & 1)));

	return r;
}

/*
 * Swap two buffers in RAM. They must be disjoint.
 */
static void
bufswap(void *b1, void *b2, size_t len)
{
	size_t u;
	unsigned char *buf1, *buf2;

	buf1 = b1;
	buf2 = b2;
	for (u = 0; u < len; u ++) {
		unsigned w;

		w = buf1[u];
		buf1[u] = buf2[u];
		buf2[u] = w;
	}
}

/* see bearssl_rsa.h */
uint32_t
br_rsa_i15_keygen(const br_prng_class **rng,
	br_rsa_private_key *sk, void *kbuf_priv,
	br_rsa_public_key *pk, void *kbuf_pub,
	unsigned size, uint32_t pubexp)
{
	uint32_t esize_p, esize_q;
	size_t plen, qlen, tlen;
	uint16_t *p, *q, *t;
	uint16_t tmp[TEMPS];
	uint32_t r;

	if (size < BR_MIN_RSA_SIZE || size > BR_MAX_RSA_SIZE) {
		return 0;
	}
	if (pubexp == 0) {
		pubexp = 3;
	} else if (pubexp == 1 || (pubexp & 1) == 0) {
		return 0;
	}

	esize_p = (size + 1) >> 1;
	esize_q = size - esize_p;
	sk->n_bitlen = size;
	sk->p = kbuf_priv;
	sk->plen = (esize_p + 7) >> 3;
	sk->q = sk->p + sk->plen;
	sk->qlen = (esize_q + 7) >> 3;
	sk->dp = sk->q + sk->qlen;
	sk->dplen = sk->plen;
	sk->dq = sk->dp + sk->dplen;
	sk->dqlen = sk->qlen;
	sk->iq = sk->dq + sk->dqlen;
	sk->iqlen = sk->plen;

	if (pk != NULL) {
		pk->n = kbuf_pub;
		pk->nlen = (size + 7) >> 3;
		pk->e = pk->n + pk->nlen;
		pk->elen = 4;
		br_enc32be(pk->e, pubexp);
		while (*pk->e == 0) {
			pk->e ++;
			pk->elen --;
		}
	}

	/*
	 * We now switch to encoded sizes.
	 *
	 * floor((x * 17477) / (2^18)) is equal to floor(x/15) for all
	 * integers x from 0 to 23833.
	 */
	esize_p += MUL15(esize_p, 17477) >> 18;
	esize_q += MUL15(esize_q, 17477) >> 18;
	plen = (esize_p + 15) >> 4;
	qlen = (esize_q + 15) >> 4;
	p = tmp;
	q = p + 1 + plen;
	t = q + 1 + qlen;
	tlen = ((sizeof tmp) / sizeof(uint16_t)) - (2 + plen + qlen);

	/*



( run in 1.018 second using v1.01-cache-2.11-cpan-5a3173703d6 )