diff options
Diffstat (limited to 'lib/nettle/pk.c')
-rw-r--r-- | lib/nettle/pk.c | 66 |
1 files changed, 52 insertions, 14 deletions
diff --git a/lib/nettle/pk.c b/lib/nettle/pk.c index e9a380857c..0c91aac493 100644 --- a/lib/nettle/pk.c +++ b/lib/nettle/pk.c @@ -146,12 +146,12 @@ static void _rsa_params_to_privkey(const gnutls_pk_params_st * pk_params, struct rsa_private_key *priv) { - memcpy(priv->d, pk_params->params[2], SIZEOF_MPZT); - memcpy(priv->p, pk_params->params[3], SIZEOF_MPZT); - memcpy(priv->q, pk_params->params[4], SIZEOF_MPZT); - memcpy(priv->c, pk_params->params[5], SIZEOF_MPZT); - memcpy(priv->a, pk_params->params[6], SIZEOF_MPZT); - memcpy(priv->b, pk_params->params[7], SIZEOF_MPZT); + memcpy(priv->d, pk_params->params[RSA_PRIV], SIZEOF_MPZT); + memcpy(priv->p, pk_params->params[RSA_PRIME1], SIZEOF_MPZT); + memcpy(priv->q, pk_params->params[RSA_PRIME2], SIZEOF_MPZT); + memcpy(priv->c, pk_params->params[RSA_COEF], SIZEOF_MPZT); + memcpy(priv->a, pk_params->params[RSA_E1], SIZEOF_MPZT); + memcpy(priv->b, pk_params->params[RSA_E2], SIZEOF_MPZT); /* we do not rsa_private_key_prepare() because it involves a multiplication. * we call it once when we import the parameters */ priv->size = @@ -2511,14 +2511,14 @@ wrap_nettle_pk_generate_keys(gnutls_pk_algorithm_t algo, params->params_nr++; } - mpz_set(TOMPZ(params->params[0]), pub.n); - mpz_set(TOMPZ(params->params[1]), pub.e); - mpz_set(TOMPZ(params->params[2]), priv.d); - mpz_set(TOMPZ(params->params[3]), priv.p); - mpz_set(TOMPZ(params->params[4]), priv.q); - mpz_set(TOMPZ(params->params[5]), priv.c); - mpz_set(TOMPZ(params->params[6]), priv.a); - mpz_set(TOMPZ(params->params[7]), priv.b); + mpz_set(TOMPZ(params->params[RSA_MODULUS]), pub.n); + mpz_set(TOMPZ(params->params[RSA_PUB]), pub.e); + mpz_set(TOMPZ(params->params[RSA_PRIV]), priv.d); + mpz_set(TOMPZ(params->params[RSA_PRIME1]), priv.p); + mpz_set(TOMPZ(params->params[RSA_PRIME2]), priv.q); + mpz_set(TOMPZ(params->params[RSA_COEF]), priv.c); + mpz_set(TOMPZ(params->params[RSA_E1]), priv.a); + mpz_set(TOMPZ(params->params[RSA_E2]), priv.b); ret = 0; @@ -3306,6 +3306,37 @@ fail: return ret; } +static int calc_rsa_priv(gnutls_pk_params_st * params) +{ + bigint_t lcm, p1, q1; + int ret; + + params->params[RSA_PRIV] = NULL; + + ret = _gnutls_mpi_init_multi(¶ms->params[RSA_PRIV], &lcm, &p1, &q1, NULL); + if (ret < 0) + return gnutls_assert_val(ret); + + /* lcm(p - 1, q - 1) */ + mpz_sub_ui(p1, params->params[RSA_PRIME1], 1); + mpz_sub_ui(q1, params->params[RSA_PRIME2], 1); + mpz_lcm(lcm, p1, q1); + + zrelease_mpi_key(&p1); + zrelease_mpi_key(&q1); + + /* d = e^{-1} (mod lcm) */ + ret = mpz_invert(params->params[RSA_PRIV], params->params[RSA_PUB], lcm); + + zrelease_mpi_key(&lcm); + + if (ret == 0) { + zrelease_mpi_key(¶ms->params[RSA_PRIV]); + return GNUTLS_E_INVALID_REQUEST; + } + + return 0; +} static int wrap_nettle_pk_fixup(gnutls_pk_algorithm_t algo, @@ -3320,6 +3351,13 @@ wrap_nettle_pk_fixup(gnutls_pk_algorithm_t algo, if (algo == GNUTLS_PK_RSA) { struct rsa_private_key priv; + if (params->params[RSA_PRIV] == NULL) { + ret = calc_rsa_priv(params); + if (ret < 0) + return gnutls_assert_val(ret); + params->params_nr++; + } + /* do not trust the generated values. Some old private keys * generated by us have mess on the values. Those were very * old but it seemed some of the shipped example private |