1656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project/* crypto/dsa/dsa_gen.c */ 2656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 3656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * All rights reserved. 4656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 5656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * This package is an SSL implementation written 6656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * by Eric Young (eay@cryptsoft.com). 7656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * The implementation was written so as to conform with Netscapes SSL. 8656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 9656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * This library is free for commercial and non-commercial use as long as 10656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * the following conditions are aheared to. The following conditions 11656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * apply to all code found in this distribution, be it the RC4, RSA, 12656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * lhash, DES, etc., code; not just the SSL code. The SSL documentation 13656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * included with this distribution is covered by the same copyright terms 14656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * except that the holder is Tim Hudson (tjh@cryptsoft.com). 15656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 16656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * Copyright remains Eric Young's, and as such any Copyright notices in 17656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * the code are not to be removed. 18656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * If this package is used in a product, Eric Young should be given attribution 19656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * as the author of the parts of the library used. 20656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * This can be in the form of a textual message at program startup or 21656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * in documentation (online or textual) provided with the package. 22656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 23656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * Redistribution and use in source and binary forms, with or without 24656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * modification, are permitted provided that the following conditions 25656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * are met: 26656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 1. Redistributions of source code must retain the copyright 27656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * notice, this list of conditions and the following disclaimer. 28656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 2. Redistributions in binary form must reproduce the above copyright 29656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * notice, this list of conditions and the following disclaimer in the 30656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * documentation and/or other materials provided with the distribution. 31656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 3. All advertising materials mentioning features or use of this software 32656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * must display the following acknowledgement: 33656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * "This product includes cryptographic software written by 34656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * Eric Young (eay@cryptsoft.com)" 35656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * The word 'cryptographic' can be left out if the rouines from the library 36656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * being used are not cryptographic related :-). 37656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 4. If you include any Windows specific code (or a derivative thereof) from 38656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * the apps directory (application code) you must include an acknowledgement: 39656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 40656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 41656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 42656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 43656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 44656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 45656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 46656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 47656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 48656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 49656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 50656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 51656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * SUCH DAMAGE. 52656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 53656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * The licence and distribution terms for any publically available version or 54656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * derivative of this code cannot be changed. i.e. this code cannot simply be 55656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * copied and put under another distribution licence 56656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * [including the GNU Public Licence.] 57656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project */ 58656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 59656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#undef GENUINE_DSA 60656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 61656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifdef GENUINE_DSA 62656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project/* Parameter generation follows the original release of FIPS PUB 186, 63656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * Appendix 2.2 (i.e. use SHA as defined in FIPS PUB 180) */ 64656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#define HASH EVP_sha() 65656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#else 66656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project/* Parameter generation follows the updated Appendix 2.2 for FIPS PUB 186, 67656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * also Appendix 2.2 of FIPS PUB 186-1 (i.e. use SHA as defined in 68656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * FIPS PUB 180-1) */ 69656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#define HASH EVP_sha1() 70656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 71656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 72656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#include <openssl/opensslconf.h> /* To see if OPENSSL_NO_SHA is defined */ 73656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 74656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifndef OPENSSL_NO_SHA 75656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 76656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#include <stdio.h> 77656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#include "cryptlib.h" 78656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#include <openssl/evp.h> 79656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#include <openssl/bn.h> 80656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#include <openssl/rand.h> 81656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#include <openssl/sha.h> 82221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#include "dsa_locl.h" 83656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 84656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectint DSA_generate_parameters_ex(DSA *ret, int bits, 85221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom const unsigned char *seed_in, int seed_len, 86656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int *counter_ret, unsigned long *h_ret, BN_GENCB *cb) 87656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 88656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if(ret->meth->dsa_paramgen) 89656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return ret->meth->dsa_paramgen(ret, bits, seed_in, seed_len, 90656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project counter_ret, h_ret, cb); 91221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom else 92221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 93221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom const EVP_MD *evpmd; 94221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom size_t qbits = bits >= 2048 ? 256 : 160; 95221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 96221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (bits >= 2048) 97221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 98221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom qbits = 256; 99221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom evpmd = EVP_sha256(); 100221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 101221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom else 102221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 103221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom qbits = 160; 104221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom evpmd = EVP_sha1(); 105221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 106221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 107221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return dsa_builtin_paramgen(ret, bits, qbits, evpmd, 108221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom seed_in, seed_len, counter_ret, h_ret, cb); 109221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 110656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 111656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 112221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstromint dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits, 113221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom const EVP_MD *evpmd, const unsigned char *seed_in, size_t seed_len, 114221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom int *counter_ret, unsigned long *h_ret, BN_GENCB *cb) 115656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 116656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int ok=0; 117221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom unsigned char seed[SHA256_DIGEST_LENGTH]; 118221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom unsigned char md[SHA256_DIGEST_LENGTH]; 119221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom unsigned char buf[SHA256_DIGEST_LENGTH],buf2[SHA256_DIGEST_LENGTH]; 120656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIGNUM *r0,*W,*X,*c,*test; 121656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIGNUM *g=NULL,*q=NULL,*p=NULL; 122656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BN_MONT_CTX *mont=NULL; 123221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom int i, k,n=0,b,m=0, qsize = qbits >> 3; 124656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int counter=0; 125656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int r=0; 126656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BN_CTX *ctx=NULL; 127656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project unsigned int h=2; 128656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 129221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (qsize != SHA_DIGEST_LENGTH && qsize != SHA224_DIGEST_LENGTH && 130221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom qsize != SHA256_DIGEST_LENGTH) 131221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom /* invalid q size */ 132221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return 0; 133221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 134221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (evpmd == NULL) 135221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom /* use SHA1 as default */ 136221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom evpmd = EVP_sha1(); 137221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 138221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (bits < 512) 139221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom bits = 512; 140221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 141221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom bits = (bits+63)/64*64; 142656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 143656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* NB: seed_len == 0 is special case: copy generated seed to 144656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * seed_in if it is not NULL. 145656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project */ 146221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (seed_len && (seed_len < (size_t)qsize)) 147221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom seed_in = NULL; /* seed buffer too small -- ignore */ 148221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (seed_len > (size_t)qsize) 149221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom seed_len = qsize; /* App. 2.2 of FIPS PUB 186 allows larger SEED, 150221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * but our internal buffers are restricted to 160 bits*/ 151221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (seed_in != NULL) 152221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom memcpy(seed, seed_in, seed_len); 153221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 154221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if ((ctx=BN_CTX_new()) == NULL) 155221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom goto err; 156656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 157221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if ((mont=BN_MONT_CTX_new()) == NULL) 158221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom goto err; 159656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 160656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BN_CTX_start(ctx); 161656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project r0 = BN_CTX_get(ctx); 162656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project g = BN_CTX_get(ctx); 163656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project W = BN_CTX_get(ctx); 164656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project q = BN_CTX_get(ctx); 165656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project X = BN_CTX_get(ctx); 166656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project c = BN_CTX_get(ctx); 167656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project p = BN_CTX_get(ctx); 168656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project test = BN_CTX_get(ctx); 169656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 170656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!BN_lshift(test,BN_value_one(),bits-1)) 171656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 172656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 173656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project for (;;) 174656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 175656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project for (;;) /* find q */ 176656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 177656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int seed_is_random; 178656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 179656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* step 1 */ 180656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if(!BN_GENCB_call(cb, 0, m++)) 181656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 182656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 183656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!seed_len) 184656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 185221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom RAND_pseudo_bytes(seed, qsize); 186656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project seed_is_random = 1; 187656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 188656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 189656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 190656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project seed_is_random = 0; 191656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project seed_len=0; /* use random seed if 'seed_in' turns out to be bad*/ 192656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 193221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom memcpy(buf , seed, qsize); 194221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom memcpy(buf2, seed, qsize); 195656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* precompute "SEED + 1" for step 7: */ 196221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom for (i = qsize-1; i >= 0; i--) 197656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 198656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project buf[i]++; 199221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (buf[i] != 0) 200221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom break; 201656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 202656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 203656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* step 2 */ 204221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom EVP_Digest(seed, qsize, md, NULL, evpmd, NULL); 205221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom EVP_Digest(buf, qsize, buf2, NULL, evpmd, NULL); 206221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom for (i = 0; i < qsize; i++) 207656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project md[i]^=buf2[i]; 208656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 209656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* step 3 */ 210221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom md[0] |= 0x80; 211221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom md[qsize-1] |= 0x01; 212221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (!BN_bin2bn(md, qsize, q)) 213221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom goto err; 214656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 215656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* step 4 */ 216656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project r = BN_is_prime_fasttest_ex(q, DSS_prime_checks, ctx, 217656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project seed_is_random, cb); 218656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (r > 0) 219656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project break; 220656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (r != 0) 221656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 222656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 223656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* do a callback call */ 224656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* step 5 */ 225656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 226656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 227656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if(!BN_GENCB_call(cb, 2, 0)) goto err; 228656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if(!BN_GENCB_call(cb, 3, 0)) goto err; 229656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 230656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* step 6 */ 231656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project counter=0; 232656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* "offset = 2" */ 233656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 234656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project n=(bits-1)/160; 235656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project b=(bits-1)-n*160; 236656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 237656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project for (;;) 238656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 239656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((counter != 0) && !BN_GENCB_call(cb, 0, counter)) 240656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 241656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 242656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* step 7 */ 243656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BN_zero(W); 244656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* now 'buf' contains "SEED + offset - 1" */ 245656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project for (k=0; k<=n; k++) 246656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 247656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* obtain "SEED + offset + k" by incrementing: */ 248221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom for (i = qsize-1; i >= 0; i--) 249656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 250656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project buf[i]++; 251221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (buf[i] != 0) 252221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom break; 253656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 254656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 255221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom EVP_Digest(buf, qsize, md ,NULL, evpmd, NULL); 256656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 257656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* step 8 */ 258221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (!BN_bin2bn(md, qsize, r0)) 259656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 260221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (!BN_lshift(r0,r0,(qsize << 3)*k)) goto err; 261656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!BN_add(W,W,r0)) goto err; 262656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 263656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 264656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* more of step 8 */ 265656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!BN_mask_bits(W,bits-1)) goto err; 266656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!BN_copy(X,W)) goto err; 267656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!BN_add(X,X,test)) goto err; 268656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 269656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* step 9 */ 270656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!BN_lshift1(r0,q)) goto err; 271656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!BN_mod(c,X,r0,ctx)) goto err; 272656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!BN_sub(r0,c,BN_value_one())) goto err; 273656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!BN_sub(p,X,r0)) goto err; 274656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 275656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* step 10 */ 276656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (BN_cmp(p,test) >= 0) 277656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 278656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* step 11 */ 279656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project r = BN_is_prime_fasttest_ex(p, DSS_prime_checks, 280656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ctx, 1, cb); 281656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (r > 0) 282656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto end; /* found it */ 283656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (r != 0) 284656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 285656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 286656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 287656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* step 13 */ 288656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project counter++; 289656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* "offset = offset + n + 1" */ 290656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 291656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* step 14 */ 292656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (counter >= 4096) break; 293656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 294656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 295656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectend: 296656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if(!BN_GENCB_call(cb, 2, 1)) 297656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 298656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 299656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* We now need to generate g */ 300656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Set r0=(p-1)/q */ 301656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!BN_sub(test,p,BN_value_one())) goto err; 302656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!BN_div(r0,NULL,test,q,ctx)) goto err; 303656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 304656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!BN_set_word(test,h)) goto err; 305656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!BN_MONT_CTX_set(mont,p,ctx)) goto err; 306656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 307656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project for (;;) 308656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 309656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* g=test^r0%p */ 310656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!BN_mod_exp_mont(g,test,r0,p,ctx,mont)) goto err; 311656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!BN_is_one(g)) break; 312656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!BN_add(test,test,BN_value_one())) goto err; 313656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project h++; 314656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 315656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 316656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if(!BN_GENCB_call(cb, 3, 1)) 317656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 318656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 319656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ok=1; 320656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projecterr: 321656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (ok) 322656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 323656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if(ret->p) BN_free(ret->p); 324656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if(ret->q) BN_free(ret->q); 325656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if(ret->g) BN_free(ret->g); 326656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret->p=BN_dup(p); 327656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret->q=BN_dup(q); 328656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret->g=BN_dup(g); 329656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (ret->p == NULL || ret->q == NULL || ret->g == NULL) 330656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 331656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ok=0; 332656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 333656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 334656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (counter_ret != NULL) *counter_ret=counter; 335656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (h_ret != NULL) *h_ret=h; 336656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 337656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if(ctx) 338656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 339656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BN_CTX_end(ctx); 340656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BN_CTX_free(ctx); 341656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 342656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (mont != NULL) BN_MONT_CTX_free(mont); 343656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return ok; 344656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 345656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 346