rsa_alt_helpers.h (8305B)
1 /** 2 * \file rsa_alt_helpers.h 3 * 4 * \brief Context-independent RSA helper functions 5 * 6 * This module declares some RSA-related helper functions useful when 7 * implementing the RSA interface. These functions are provided in a separate 8 * compilation unit in order to make it easy for designers of alternative RSA 9 * implementations to use them in their own code, as it is conceived that the 10 * functionality they provide will be necessary for most complete 11 * implementations. 12 * 13 * End-users of Mbed TLS who are not providing their own alternative RSA 14 * implementations should not use these functions directly, and should instead 15 * use only the functions declared in rsa.h. 16 * 17 * The interface provided by this module will be maintained through LTS (Long 18 * Term Support) branches of Mbed TLS, but may otherwise be subject to change, 19 * and must be considered an internal interface of the library. 20 * 21 * There are two classes of helper functions: 22 * 23 * (1) Parameter-generating helpers. These are: 24 * - mbedtls_rsa_deduce_primes 25 * - mbedtls_rsa_deduce_private_exponent 26 * - mbedtls_rsa_deduce_crt 27 * Each of these functions takes a set of core RSA parameters and 28 * generates some other, or CRT related parameters. 29 * 30 * (2) Parameter-checking helpers. These are: 31 * - mbedtls_rsa_validate_params 32 * - mbedtls_rsa_validate_crt 33 * They take a set of core or CRT related RSA parameters and check their 34 * validity. 35 * 36 */ 37 /* 38 * Copyright The Mbed TLS Contributors 39 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later 40 */ 41 #ifndef MBEDTLS_RSA_ALT_HELPERS_H 42 #define MBEDTLS_RSA_ALT_HELPERS_H 43 44 #include "mbedtls/build_info.h" 45 46 #include "mbedtls/bignum.h" 47 48 #ifdef __cplusplus 49 extern "C" { 50 #endif 51 52 53 /** 54 * \brief Compute RSA prime moduli P, Q from public modulus N=PQ 55 * and a pair of private and public key. 56 * 57 * \note This is a 'static' helper function not operating on 58 * an RSA context. Alternative implementations need not 59 * overwrite it. 60 * 61 * \param N RSA modulus N = PQ, with P, Q to be found 62 * \param E RSA public exponent 63 * \param D RSA private exponent 64 * \param P Pointer to MPI holding first prime factor of N on success 65 * \param Q Pointer to MPI holding second prime factor of N on success 66 * 67 * \return 68 * - 0 if successful. In this case, P and Q constitute a 69 * factorization of N. 70 * - A non-zero error code otherwise. 71 * 72 * \note It is neither checked that P, Q are prime nor that 73 * D, E are modular inverses wrt. P-1 and Q-1. For that, 74 * use the helper function \c mbedtls_rsa_validate_params. 75 * 76 */ 77 int mbedtls_rsa_deduce_primes(mbedtls_mpi const *N, mbedtls_mpi const *E, 78 mbedtls_mpi const *D, 79 mbedtls_mpi *P, mbedtls_mpi *Q); 80 81 /** 82 * \brief Compute RSA private exponent from 83 * prime moduli and public key. 84 * 85 * \note This is a 'static' helper function not operating on 86 * an RSA context. Alternative implementations need not 87 * overwrite it. 88 * 89 * \param P First prime factor of RSA modulus 90 * \param Q Second prime factor of RSA modulus 91 * \param E RSA public exponent 92 * \param D Pointer to MPI holding the private exponent on success. 93 * 94 * \return 95 * - 0 if successful. In this case, D is set to a simultaneous 96 * modular inverse of E modulo both P-1 and Q-1. 97 * - A non-zero error code otherwise. 98 * 99 * \note This function does not check whether P and Q are primes. 100 * 101 */ 102 int mbedtls_rsa_deduce_private_exponent(mbedtls_mpi const *P, 103 mbedtls_mpi const *Q, 104 mbedtls_mpi const *E, 105 mbedtls_mpi *D); 106 107 108 /** 109 * \brief Generate RSA-CRT parameters 110 * 111 * \note This is a 'static' helper function not operating on 112 * an RSA context. Alternative implementations need not 113 * overwrite it. 114 * 115 * \param P First prime factor of N 116 * \param Q Second prime factor of N 117 * \param D RSA private exponent 118 * \param DP Output variable for D modulo P-1 119 * \param DQ Output variable for D modulo Q-1 120 * \param QP Output variable for the modular inverse of Q modulo P. 121 * 122 * \return 0 on success, non-zero error code otherwise. 123 * 124 * \note This function does not check whether P, Q are 125 * prime and whether D is a valid private exponent. 126 * 127 */ 128 int mbedtls_rsa_deduce_crt(const mbedtls_mpi *P, const mbedtls_mpi *Q, 129 const mbedtls_mpi *D, mbedtls_mpi *DP, 130 mbedtls_mpi *DQ, mbedtls_mpi *QP); 131 132 133 /** 134 * \brief Check validity of core RSA parameters 135 * 136 * \note This is a 'static' helper function not operating on 137 * an RSA context. Alternative implementations need not 138 * overwrite it. 139 * 140 * \param N RSA modulus N = PQ 141 * \param P First prime factor of N 142 * \param Q Second prime factor of N 143 * \param D RSA private exponent 144 * \param E RSA public exponent 145 * \param f_rng PRNG to be used for primality check, or NULL 146 * \param p_rng PRNG context for f_rng, or NULL 147 * 148 * \return 149 * - 0 if the following conditions are satisfied 150 * if all relevant parameters are provided: 151 * - P prime if f_rng != NULL (%) 152 * - Q prime if f_rng != NULL (%) 153 * - 1 < N = P * Q 154 * - 1 < D, E < N 155 * - D and E are modular inverses modulo P-1 and Q-1 156 * (%) This is only done if MBEDTLS_GENPRIME is defined. 157 * - A non-zero error code otherwise. 158 * 159 * \note The function can be used with a restricted set of arguments 160 * to perform specific checks only. E.g., calling it with 161 * (-,P,-,-,-) and a PRNG amounts to a primality check for P. 162 */ 163 int mbedtls_rsa_validate_params(const mbedtls_mpi *N, const mbedtls_mpi *P, 164 const mbedtls_mpi *Q, const mbedtls_mpi *D, 165 const mbedtls_mpi *E, 166 int (*f_rng)(void *, unsigned char *, size_t), 167 void *p_rng); 168 169 /** 170 * \brief Check validity of RSA CRT parameters 171 * 172 * \note This is a 'static' helper function not operating on 173 * an RSA context. Alternative implementations need not 174 * overwrite it. 175 * 176 * \param P First prime factor of RSA modulus 177 * \param Q Second prime factor of RSA modulus 178 * \param D RSA private exponent 179 * \param DP MPI to check for D modulo P-1 180 * \param DQ MPI to check for D modulo P-1 181 * \param QP MPI to check for the modular inverse of Q modulo P. 182 * 183 * \return 184 * - 0 if the following conditions are satisfied: 185 * - D = DP mod P-1 if P, D, DP != NULL 186 * - Q = DQ mod P-1 if P, D, DQ != NULL 187 * - QP = Q^-1 mod P if P, Q, QP != NULL 188 * - \c MBEDTLS_ERR_RSA_KEY_CHECK_FAILED if check failed, 189 * potentially including \c MBEDTLS_ERR_MPI_XXX if some 190 * MPI calculations failed. 191 * - \c MBEDTLS_ERR_RSA_BAD_INPUT_DATA if insufficient 192 * data was provided to check DP, DQ or QP. 193 * 194 * \note The function can be used with a restricted set of arguments 195 * to perform specific checks only. E.g., calling it with the 196 * parameters (P, -, D, DP, -, -) will check DP = D mod P-1. 197 */ 198 int mbedtls_rsa_validate_crt(const mbedtls_mpi *P, const mbedtls_mpi *Q, 199 const mbedtls_mpi *D, const mbedtls_mpi *DP, 200 const mbedtls_mpi *DQ, const mbedtls_mpi *QP); 201 202 #ifdef __cplusplus 203 } 204 #endif 205 206 #endif /* rsa_alt_helpers.h */