xref: /freebsd/contrib/bearssl/src/rsa/rsa_i31_modulus.c (revision 99282790b7d01ec3c4072621d46a0d7302517ad4)
1 /*
2  * Copyright (c) 2018 Thomas Pornin <pornin@bolet.org>
3  *
4  * Permission is hereby granted, free of charge, to any person obtaining
5  * a copy of this software and associated documentation files (the
6  * "Software"), to deal in the Software without restriction, including
7  * without limitation the rights to use, copy, modify, merge, publish,
8  * distribute, sublicense, and/or sell copies of the Software, and to
9  * permit persons to whom the Software is furnished to do so, subject to
10  * the following conditions:
11  *
12  * The above copyright notice and this permission notice shall be
13  * included in all copies or substantial portions of the Software.
14  *
15  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
16  * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
17  * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
18  * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
19  * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
20  * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
21  * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
22  * SOFTWARE.
23  */
24 
25 #include "inner.h"
26 
27 /* see bearssl_rsa.h */
28 size_t
29 br_rsa_i31_compute_modulus(void *n, const br_rsa_private_key *sk)
30 {
31 	uint32_t tmp[2 * ((BR_MAX_RSA_SIZE + 30) / 31) + 5];
32 	uint32_t *t, *p, *q;
33 	const unsigned char *pbuf, *qbuf;
34 	size_t nlen, plen, qlen, tlen;
35 
36 	/*
37 	 * Compute actual byte and lengths for p and q.
38 	 */
39 	pbuf = sk->p;
40 	plen = sk->plen;
41 	while (plen > 0 && *pbuf == 0) {
42 		pbuf ++;
43 		plen --;
44 	}
45 	qbuf = sk->q;
46 	qlen = sk->qlen;
47 	while (qlen > 0 && *qbuf == 0) {
48 		qbuf ++;
49 		qlen --;
50 	}
51 
52 	t = tmp;
53 	tlen = (sizeof tmp) / (sizeof tmp[0]);
54 
55 	/*
56 	 * Decode p.
57 	 */
58 	if ((31 * tlen) < (plen << 3) + 31) {
59 		return 0;
60 	}
61 	br_i31_decode(t, pbuf, plen);
62 	p = t;
63 	plen = (p[0] + 63) >> 5;
64 	t += plen;
65 	tlen -= plen;
66 
67 	/*
68 	 * Decode q.
69 	 */
70 	if ((31 * tlen) < (qlen << 3) + 31) {
71 		return 0;
72 	}
73 	br_i31_decode(t, qbuf, qlen);
74 	q = t;
75 	qlen = (q[0] + 63) >> 5;
76 	t += qlen;
77 	tlen -= qlen;
78 
79 	/*
80 	 * Computation can proceed only if we have enough room for the
81 	 * modulus.
82 	 */
83 	if (tlen < (plen + qlen + 1)) {
84 		return 0;
85 	}
86 
87 	/*
88 	 * Private key already contains the modulus bit length, from which
89 	 * we can infer the output length. Even if n is NULL, we still had
90 	 * to decode p and q to make sure that the product can be computed.
91 	 */
92 	nlen = (sk->n_bitlen + 7) >> 3;
93 	if (n != NULL) {
94 		br_i31_zero(t, p[0]);
95 		br_i31_mulacc(t, p, q);
96 		br_i31_encode(n, nlen, t);
97 	}
98 	return nlen;
99 }
100