_ Git - BearSSL/blob - src/rsa/rsa_i31_modulus.c

   1 /*
   2  * Copyright (c) 2018 Thomas Pornin <pornin@bolet.org>
   3  *
   4  * Permission is hereby granted, free of charge, to any person obtaining
   5  * a copy of this software and associated documentation files (the
   6  * "Software"), to deal in the Software without restriction, including
   7  * without limitation the rights to use, copy, modify, merge, publish,
   8  * distribute, sublicense, and/or sell copies of the Software, and to
   9  * permit persons to whom the Software is furnished to do so, subject to
  10  * the following conditions:
  11  *
  12  * The above copyright notice and this permission notice shall be
  13  * included in all copies or substantial portions of the Software.
  14  *
  15  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
  16  * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
  17  * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
  18  * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
  19  * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
  20  * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
  21  * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
  22  * SOFTWARE.
  23  */
  24
  25 #include "inner.h"
  26
  27 /* see bearssl_rsa.h */
  28 size_t
  29 br_rsa_i31_compute_modulus(void *n, const br_rsa_private_key *sk)
  30 {
  31         uint32_t tmp[4 * (((BR_MAX_RSA_SIZE / 2) + 30) / 31) + 5];
  32         uint32_t *t, *p, *q;
  33         const unsigned char *pbuf, *qbuf;
  34         size_t nlen, plen, qlen, tlen;
  35
  36         /*
  37          * Compute actual byte and lengths for p and q.
  38          */
  39         pbuf = sk->p;
  40         plen = sk->plen;
  41         while (plen > 0 && *pbuf == 0) {
  42                 pbuf ++;
  43                 plen --;
  44         }
  45         qbuf = sk->q;
  46         qlen = sk->qlen;
  47         while (qlen > 0 && *qbuf == 0) {
  48                 qbuf ++;
  49                 qlen --;
  50         }
  51
  52         t = tmp;
  53         tlen = (sizeof tmp) / (sizeof tmp[0]);
  54
  55         /*
  56          * Decode p.
  57          */
  58         if ((31 * tlen) < (plen << 3) + 31) {
  59                 return 0;
  60         }
  61         br_i31_decode(t, pbuf, plen);
  62         p = t;
  63         plen = (p[0] + 63) >> 5;
  64         t += plen;
  65         tlen -= plen;
  66
  67         /*
  68          * Decode q.
  69          */
  70         if ((31 * tlen) < (qlen << 3) + 31) {
  71                 return 0;
  72         }
  73         br_i31_decode(t, qbuf, qlen);
  74         q = t;
  75         qlen = (q[0] + 63) >> 5;
  76         t += qlen;
  77         tlen -= qlen;
  78
  79         /*
  80          * Computation can proceed only if we have enough room for the
  81          * modulus.
  82          */
  83         if (tlen < (plen + qlen + 1)) {
  84                 return 0;
  85         }
  86
  87         /*
  88          * Private key already contains the modulus bit length, from which
  89          * we can infer the output length. Even if n is NULL, we still had
  90          * to decode p and q to make sure that the product can be computed.
  91          */
  92         nlen = (sk->n_bitlen + 7) >> 3;
  93         if (n != NULL) {
  94                 br_i31_zero(t, p[0]);
  95                 br_i31_mulacc(t, p, q);
  96                 br_i31_encode(n, nlen, t);
  97         }
  98         return nlen;
  99 }