GitHub/openssl
1
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2026-05-07 20:12:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

RSA: Update RSA keygen.

Browse Source 
The documentation now reference(s) FIPS 186-5 instead of FIPS 186-4,
and clarifies the keygen method used.

This PR also adds the new FIPS 186-5 2 optional parameters that allow
the generated probable primes to be congruent to a value mod 8.

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28349)
This commit is contained in:
slontis
2025-08-27 14:24:59 +10:00
committed by Tomas Mraz
parent cd79a23174
commit f1d03c1ace
13 changed files with 488 additions and 67 deletions
Download Patch File Download Diff File Expand all files Collapse all files
crypto/bn/bn_rsa_fips186_4.c → crypto/bn/bn_rsa_fips186_5.c
+69 -22
View File
@@ -102,24 +102,29 @@ static int bn_rsa_fips186_5_aux_prime_min_size(int nbits)
* (FIPS 186-5 has an entry for >= 4096 bits).
* Params:
* nbits The key size in bits.
* c If this is non zero then the probable prime is congruent to c mod 8
* and is 3 bits smaller
* Returns:
* The maximum length or 0 if nbits is invalid.
*/
static int bn_rsa_fips186_5_aux_prime_max_sum_size_for_prob_primes(int nbits)
static int bn_rsa_fips186_5_aux_prime_max_sum_size_for_prob_primes(int nbits,
uint32_t c)
{
int reduce_bits = (c == 0) ? 0 : 3;
if (nbits >= 4096)
return 2030;
return 2030 - reduce_bits;
if (nbits >= 3072)
return 1518;
return 1518 - reduce_bits;
if (nbits >= 2048)
return 1007;
return 1007 - reduce_bits;
return 0;
}
/*
* Find the first odd integer that is a probable prime.
*
* See section FIPS 186-4 B.3.6 (Steps 4.2/5.2).
* See section FIPS 186-5 A.1.6 (Steps 4.2/5.2).
*
* Params:
* Xp1 The passed in starting point to find a probably prime.
@@ -129,7 +134,7 @@ static int bn_rsa_fips186_5_aux_prime_max_sum_size_for_prob_primes(int nbits)
* cb An optional BIGNUM callback.
* Returns: 1 on success otherwise it returns 0.
*/
static int bn_rsa_fips186_4_find_aux_prob_prime(const BIGNUM *Xp1,
static int bn_rsa_fips186_5_find_aux_prob_prime(const BIGNUM *Xp1,
BIGNUM *p1, BN_CTX *ctx,
int rounds,
BN_GENCB *cb)
@@ -165,7 +170,7 @@ err:
/*
* Generate a probable prime (p or q).
*
* See FIPS 186-4 B.3.6 (Steps 4 & 5)
* See FIPS 186-5 A.1.6 (Steps 4 & 5)
*
* Params:
* p The returned probable prime.
@@ -179,14 +184,17 @@ err:
* e The public exponent.
* ctx A BN_CTX object.
* cb An optional BIGNUM callback.
* c An optional number with a value of 0, 1, 3, 5 or 7 that may be used
* to add the requirement p is congruent to c mod 8. The value is ignored
* if it is zero.
* Returns: 1 on success otherwise it returns 0.
*/
int ossl_bn_rsa_fips186_4_gen_prob_primes(BIGNUM *p, BIGNUM *Xpout,
int ossl_bn_rsa_fips186_5_gen_prob_primes(BIGNUM *p, BIGNUM *Xpout,
BIGNUM *p1, BIGNUM *p2,
const BIGNUM *Xp, const BIGNUM *Xp1,
const BIGNUM *Xp2, int nlen,
const BIGNUM *e, BN_CTX *ctx,
BN_GENCB *cb)
BN_GENCB *cb, uint32_t c)
{
int ret = 0;
BIGNUM *p1i = NULL, *p2i = NULL, *Xp1i = NULL, *Xp2i = NULL;
@@ -225,16 +233,16 @@ int ossl_bn_rsa_fips186_4_gen_prob_primes(BIGNUM *p, BIGNUM *Xpout,
}
/* (Steps 4.2/5.2) - find first auxiliary probable primes */
if (!bn_rsa_fips186_4_find_aux_prob_prime(Xp1i, p1i, ctx, rounds, cb)
|| !bn_rsa_fips186_4_find_aux_prob_prime(Xp2i, p2i, ctx, rounds, cb))
if (!bn_rsa_fips186_5_find_aux_prob_prime(Xp1i, p1i, ctx, rounds, cb)
|| !bn_rsa_fips186_5_find_aux_prob_prime(Xp2i, p2i, ctx, rounds, cb))
goto err;
/* (FIPS 186-5 Table A.1) auxiliary prime Max length check */
if ((BN_num_bits(p1i) + BN_num_bits(p2i)) >
bn_rsa_fips186_5_aux_prime_max_sum_size_for_prob_primes(nlen))
if ((BN_num_bits(p1i) + BN_num_bits(p2i)) >=
bn_rsa_fips186_5_aux_prime_max_sum_size_for_prob_primes(nlen, c))
goto err;
/* (Steps 4.3/5.3) - generate prime */
if (!ossl_bn_rsa_fips186_4_derive_prime(p, Xpout, Xp, p1i, p2i, nlen, e,
ctx, cb))
if (!ossl_bn_rsa_fips186_5_derive_prime(p, Xpout, Xp, p1i, p2i, nlen, e,
ctx, cb, c))
goto err;
ret = 1;
err:
@@ -251,12 +259,29 @@ err:
return ret;
}
static ossl_inline
int get_multiple_of_y_congruent_to_cmod8(BIGNUM *y, const BIGNUM *r1r2x2, int c)
{
int i = 0;
for (i = 0; i < 3; ++i) {
/* Check for Y = c mod 8 */
if ((int)(*bn_get_words(y) & 7) == c)
return 1;
/* Y = Y + 2r1r2 */
if (!BN_add(y, y, r1r2x2))
return 0;
}
/* Fall through for y = y + 6 * r1r2 */
return 1;
}
/*
* Constructs a probable prime (a candidate for p or q) using 2 auxiliary
* prime numbers and the Chinese Remainder Theorem.
*
* See FIPS 186-4 C.9 "Compute a Probable Prime Factor Based on Auxiliary
* Primes". Used by FIPS 186-4 B.3.6 Section (4.3) for p and Section (5.3) for q.
* See FIPS 186-5 B.9 "Compute a Probable Prime Factor Based on Auxiliary
* Primes". Used by FIPS 186-5 A.1.6 Section (4.3) for p and Section (5.3) for q.
*
* Params:
* Y The returned prime factor (private_prime_factor) of the modulus n.
@@ -268,20 +293,24 @@ err:
* e The public exponent.
* ctx A BN_CTX object.
* cb An optional BIGNUM callback object.
* c An optional parameter from the set {0, 1, 3, 5, 7} that
* may be used to add the further requirement that the computed
* prime is congruent to c mod 8. A value of 0 indicates that the option
* is ignored.
* Returns: 1 on success otherwise it returns 0.
* Assumptions:
* Y, X, r1, r2, e are not NULL.
*/
int ossl_bn_rsa_fips186_4_derive_prime(BIGNUM *Y, BIGNUM *X, const BIGNUM *Xin,
int ossl_bn_rsa_fips186_5_derive_prime(BIGNUM *Y, BIGNUM *X, const BIGNUM *Xin,
const BIGNUM *r1, const BIGNUM *r2,
int nlen, const BIGNUM *e,
BN_CTX *ctx, BN_GENCB *cb)
BN_CTX *ctx, BN_GENCB *cb, uint32_t c)
{
int ret = 0;
int i, imax, rounds;
int bits = nlen >> 1;
BIGNUM *tmp, *R, *r1r2x2, *y1, *r1x2;
BIGNUM *base, *range;
BIGNUM *tmp, *R, *r1r2x2, *r1r2x8, *y1, *r1x2;
BIGNUM *base, *range, *r1r2x2_step;
BN_CTX_start(ctx);
@@ -290,6 +319,7 @@ int ossl_bn_rsa_fips186_4_derive_prime(BIGNUM *Y, BIGNUM *X, const BIGNUM *Xin,
R = BN_CTX_get(ctx);
tmp = BN_CTX_get(ctx);
r1r2x2 = BN_CTX_get(ctx);
r1r2x8 = BN_CTX_get(ctx);
y1 = BN_CTX_get(ctx);
r1x2 = BN_CTX_get(ctx);
if (r1x2 == NULL)
@@ -340,6 +370,14 @@ int ossl_bn_rsa_fips186_4_derive_prime(BIGNUM *Y, BIGNUM *X, const BIGNUM *Xin,
if (BN_is_negative(R) && !BN_add(R, R, r1r2x2))
goto err;
if (c == 0) {
r1r2x2_step = r1r2x2;
} else {
if (!BN_lshift(r1r2x8, r1r2x2, 2))
goto err;
r1r2x2_step = r1r2x8;
}
/*
* In FIPS 186-4 imax was set to 5 * nlen/2.
* Analysis by Allen Roginsky
@@ -362,6 +400,15 @@ int ossl_bn_rsa_fips186_4_derive_prime(BIGNUM *Y, BIGNUM *X, const BIGNUM *Xin,
/* (Step 4) Y = X + ((R - X) mod 2r1r2) */
if (!BN_mod_sub(Y, R, X, r1r2x2, ctx) || !BN_add(Y, Y, X))
goto err;
/*
* (Step 4.1) If there is an optional requirement that the
* computed prime is equal to c mod 8, then chose the value
* Y, Y + 2r1r2, Y + 4r1r2 OR Y + 6r1r2 that satisfies the requirement.
*/
if (c != 0) {
if (!get_multiple_of_y_congruent_to_cmod8(Y, r1r2x2, c))
goto err;
}
/* (Step 5) */
i = 0;
for (;;) {
@@ -392,7 +439,7 @@ int ossl_bn_rsa_fips186_4_derive_prime(BIGNUM *Y, BIGNUM *X, const BIGNUM *Xin,
ERR_raise(ERR_LIB_BN, BN_R_NO_PRIME_CANDIDATE);
goto err;
}
if (!BN_add(Y, Y, r1r2x2))
if (!BN_add(Y, Y, r1r2x2_step))
goto err;
}
}
crypto/bn/build.info
+1 -1
View File
@@ -109,7 +109,7 @@ $COMMON=bn_add.c bn_div.c bn_exp.c bn_lib.c bn_ctx.c bn_mul.c \
bn_mod.c bn_conv.c bn_rand.c bn_shift.c bn_word.c bn_blind.c \
bn_kron.c bn_sqrt.c bn_gcd.c bn_prime.c bn_sqr.c \
bn_recp.c bn_mont.c bn_mpi.c bn_exp2.c bn_gf2m.c bn_nist.c \
bn_intern.c bn_dh.c bn_rsa_fips186_4.c bn_const.c
bn_intern.c bn_dh.c bn_rsa_fips186_5.c bn_const.c
SOURCE[../../libcrypto]=$COMMON $BNASM bn_print.c bn_err.c bn_srp.c
DEFINE[../../libcrypto]=$BNDEF
IF[{- !$disabled{'deprecated-0.9.8'} -}]
crypto/rsa/rsa_gen.c
+16 -7
View File
@@ -29,7 +29,8 @@
static int rsa_keygen_pairwise_test(RSA *rsa, OSSL_CALLBACK *cb, void *cbarg);
static int rsa_keygen(OSSL_LIB_CTX *libctx, RSA *rsa, int bits, int primes,
BIGNUM *e_value, BN_GENCB *cb, int pairwise_test);
BIGNUM *e_value, BN_GENCB *cb, int pairwise_test,
uint32_t a, uint32_t b);
/*
* NB: this wrapper would normally be placed in rsa_lib.c and the static
@@ -47,8 +48,9 @@ int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb)
e_value, cb);
}
int RSA_generate_multi_prime_key(RSA *rsa, int bits, int primes,
BIGNUM *e_value, BN_GENCB *cb)
int ossl_rsa_generate_multi_prime_key(RSA *rsa, int bits, int primes,
BIGNUM *e_value, BN_GENCB *cb,
uint32_t a, uint32_t b)
{
#ifndef FIPS_MODULE
/* multi-prime is only supported with the builtin key generation */
@@ -68,7 +70,13 @@ int RSA_generate_multi_prime_key(RSA *rsa, int bits, int primes,
return 0;
}
#endif /* FIPS_MODULE */
return rsa_keygen(rsa->libctx, rsa, bits, primes, e_value, cb, 0);
return rsa_keygen(rsa->libctx, rsa, bits, primes, e_value, cb, 0, a, b);
}
int RSA_generate_multi_prime_key(RSA *rsa, int bits, int primes,
BIGNUM *e, BN_GENCB *cb)
{
return ossl_rsa_generate_multi_prime_key(rsa, bits, primes, e, cb, 0, 0);
}
DEFINE_STACK_OF(BIGNUM)
@@ -607,12 +615,13 @@ static int rsa_multiprime_keygen(RSA *rsa, int bits, int primes,
#endif /* FIPS_MODULE */
static int rsa_keygen(OSSL_LIB_CTX *libctx, RSA *rsa, int bits, int primes,
BIGNUM *e_value, BN_GENCB *cb, int pairwise_test)
BIGNUM *e_value, BN_GENCB *cb, int pairwise_test,
uint32_t a, uint32_t b)
{
int ok = 0;
#ifdef FIPS_MODULE
ok = ossl_rsa_sp800_56b_generate_key(rsa, bits, e_value, cb);
ok = ossl_rsa_sp800_56b_generate_key(rsa, bits, e_value, cb, a, b);
pairwise_test = 1; /* FIPS MODE needs to always run the pairwise test */
#else
/*
@@ -622,7 +631,7 @@ static int rsa_keygen(OSSL_LIB_CTX *libctx, RSA *rsa, int bits, int primes,
if (primes == 2
&& bits >= 2048
&& (e_value == NULL || BN_num_bits(e_value) > 16))
ok = ossl_rsa_sp800_56b_generate_key(rsa, bits, e_value, cb);
ok = ossl_rsa_sp800_56b_generate_key(rsa, bits, e_value, cb, a, b);
else
ok = rsa_multiprime_keygen(rsa, bits, primes, e_value, cb);
#endif /* FIPS_MODULE */
crypto/rsa/rsa_local.h
+3 -3
View File
@@ -184,13 +184,13 @@ int ossl_rsa_sp800_56b_check_private(const RSA *rsa);
int ossl_rsa_sp800_56b_check_keypair(const RSA *rsa, const BIGNUM *efixed,
int strength, int nbits);
int ossl_rsa_sp800_56b_generate_key(RSA *rsa, int nbits, const BIGNUM *efixed,
BN_GENCB *cb);
BN_GENCB *cb, uint32_t a, uint32_t b);
int ossl_rsa_sp800_56b_derive_params_from_pq(RSA *rsa, int nbits,
const BIGNUM *e, BN_CTX *ctx);
int ossl_rsa_fips186_4_gen_prob_primes(RSA *rsa, RSA_ACVP_TEST *test,
int ossl_rsa_fips186_5_gen_prob_primes(RSA *rsa, RSA_ACVP_TEST *test,
int nbits, const BIGNUM *e, BN_CTX *ctx,
BN_GENCB *cb);
BN_GENCB *cb, uint32_t a, uint32_t b);
int ossl_rsa_padding_add_PKCS1_type_2_ex(OSSL_LIB_CTX *libctx, unsigned char *to,
int tlen, const unsigned char *from,
crypto/rsa/rsa_sp800_56b_gen.c
+33 -17
View File
@@ -17,11 +17,11 @@
#include "crypto/security_bits.h"
#include "rsa_local.h"
#define RSA_FIPS1864_MIN_KEYGEN_KEYSIZE 2048
#define RSA_FIPS1864_MIN_KEYGEN_STRENGTH 112
#define RSA_FIPS186_5_MIN_KEYGEN_KEYSIZE 2048
#define RSA_FIPS186_5_MIN_KEYGEN_STRENGTH 112
/*
* Generate probable primes 'p' & 'q'. See FIPS 186-4 Section B.3.6
* Generate probable primes 'p' & 'q'. See FIPS 186-5 Section A.1.6
* "Generation of Probable Primes with Conditions Based on Auxiliary Probable
* Primes".
*
@@ -46,15 +46,22 @@
* e The public exponent.
* ctx A BN_CTX object.
* cb An optional BIGNUM callback.
* a An optional number with a value of 0, 1, 3, 5 or 7 that may be used
* to add the requirement p is congruent to a mod 8. The value is ignored
* if it is zero.
* b An optional number with a value of 0, 1, 3, 5 or 7 that may be used
* to add the requirement q is congruent to b mod 8. The value is ignored
* if it is zero.
*
* Returns: 1 if successful, or 0 otherwise.
* Notes:
* p1, p2, q1, q2 are returned if they are not NULL.
* Xp, Xp1, Xp2, Xq, Xq1, Xq2 are optionally passed in.
* (Required for CAVS testing).
*/
int ossl_rsa_fips186_4_gen_prob_primes(RSA *rsa, RSA_ACVP_TEST *test,
int ossl_rsa_fips186_5_gen_prob_primes(RSA *rsa, RSA_ACVP_TEST *test,
int nbits, const BIGNUM *e, BN_CTX *ctx,
BN_GENCB *cb)
BN_GENCB *cb, uint32_t a, uint32_t b)
{
int ret = 0, ok;
/* Temp allocated BIGNUMS */
@@ -81,21 +88,24 @@ int ossl_rsa_fips186_4_gen_prob_primes(RSA *rsa, RSA_ACVP_TEST *test,
}
#endif
/* (Step 1) Check key length
/*
* (Step 1) Check key length
* NOTE: SP800-131A Rev1 Disallows key lengths of < 2048 bits for RSA
* Signature Generation and Key Agree/Transport.
*/
if (nbits < RSA_FIPS1864_MIN_KEYGEN_KEYSIZE) {
if (nbits < RSA_FIPS186_5_MIN_KEYGEN_KEYSIZE) {
ERR_raise(ERR_LIB_RSA, RSA_R_KEY_SIZE_TOO_SMALL);
return 0;
}
/* (Step 2) Check exponent */
if (!ossl_rsa_check_public_exponent(e)) {
ERR_raise(ERR_LIB_RSA, RSA_R_PUB_EXPONENT_OUT_OF_RANGE);
return 0;
}
/* (Step 3) Determine strength and check rand generator strength is ok -
/*
* (Step 3) Determine strength and check rand generator strength is ok -
* this step is redundant because the generator always returns a higher
* strength than is required.
*/
@@ -119,13 +129,13 @@ int ossl_rsa_fips186_4_gen_prob_primes(RSA *rsa, RSA_ACVP_TEST *test,
BN_set_flags(rsa->q, BN_FLG_CONSTTIME);
/* (Step 4) Generate p, Xp */
if (!ossl_bn_rsa_fips186_4_gen_prob_primes(rsa->p, Xpo, p1, p2, Xp, Xp1, Xp2,
nbits, e, ctx, cb))
if (!ossl_bn_rsa_fips186_5_gen_prob_primes(rsa->p, Xpo, p1, p2, Xp, Xp1, Xp2,
nbits, e, ctx, cb, a))
goto err;
for (;;) {
/* (Step 5) Generate q, Xq*/
if (!ossl_bn_rsa_fips186_4_gen_prob_primes(rsa->q, Xqo, q1, q2, Xq, Xq1,
Xq2, nbits, e, ctx, cb))
if (!ossl_bn_rsa_fips186_5_gen_prob_primes(rsa->q, Xqo, q1, q2, Xq, Xq1,
Xq2, nbits, e, ctx, cb, b))
goto err;
/* (Step 6) |Xp - Xq| > 2^(nbitlen/2 - 100) */
@@ -146,7 +156,7 @@ int ossl_rsa_fips186_4_gen_prob_primes(RSA *rsa, RSA_ACVP_TEST *test,
rsa->dirty_cnt++;
ret = 1;
err:
/* Zeroize any internally generated values that are not returned */
/* (Step 7) Zeroize any internally generated values that are not returned */
BN_clear(Xpo);
BN_clear(Xqo);
BN_clear(tmp);
@@ -176,7 +186,7 @@ int ossl_rsa_sp800_56b_validate_strength(int nbits, int strength)
int s = (int)ossl_ifc_ffc_compute_security_bits(nbits);
#ifdef FIPS_MODULE
if (s < RSA_FIPS1864_MIN_KEYGEN_STRENGTH) {
if (s < RSA_FIPS186_5_MIN_KEYGEN_STRENGTH) {
ERR_raise(ERR_LIB_RSA, RSA_R_INVALID_MODULUS);
return 0;
}
@@ -351,7 +361,7 @@ err:
* 6.3.1.1 rsakpg1 - basic
* 6.3.1.3 rsakpg1 - crt
*
* See also FIPS 186-4 Section B.3.6
* See also FIPS 186-5 Section A.1.6
* "Generation of Probable Primes with Conditions Based on Auxiliary
* Probable Primes."
*
@@ -360,10 +370,16 @@ err:
* nbits The intended key size in bits.
* efixed The public exponent. If NULL a default of 65537 is used.
* cb An optional BIGNUM callback.
* a An optional number with a value of 0, 1, 3, 5 or 7 that may be used
* to add the requirement p is congruent to a mod 8. The value is ignored
* if it is zero.
* b An optional number with a value of 0, 1, 3, 5 or 7 that may be used
* to add the requirement q is congruent to b mod 8. The value is ignored
* if it is zero.
* Returns: 1 if successfully generated otherwise it returns 0.
*/
int ossl_rsa_sp800_56b_generate_key(RSA *rsa, int nbits, const BIGNUM *efixed,
BN_GENCB *cb)
BN_GENCB *cb, uint32_t a, uint32_t b)
{
int ret = 0;
int ok;
@@ -400,7 +416,7 @@ int ossl_rsa_sp800_56b_generate_key(RSA *rsa, int nbits, const BIGNUM *efixed,
for (;;) {
/* (Step 2) Generate prime factors */
if (!ossl_rsa_fips186_4_gen_prob_primes(rsa, info, nbits, e, ctx, cb))
if (!ossl_rsa_fips186_5_gen_prob_primes(rsa, info, nbits, e, ctx, cb, a, b))
goto err;
/* p>q check and skipping in case of acvp test */
doc/man7/EVP_PKEY-RSA.pod
+38 -2
View File
@@ -13,6 +13,24 @@ the public exponent I<e>, the private exponent I<d>, and a collection of prime
factors, exponents and coefficient for CRT calculations, of which the first
few are known as I<p> and I<q>, I<dP> and I<dQ>, and I<qInv>.
RSA key generation uses FIPS 186-5 Section A.1.6 "Generation of Probable
Primes with Conditions Based on Auxiliary Probable Primes" for the OpenSSL FIPS
provider. It is also used for the OpenSSL default provider when the generation
parameters satisfy the following conditions:
=over 4
=item There are 2 "primes" (p, q)
=item The exponent "e" >= 65537 and is odd
=item The cryptographic length "bits" >= 2048
=back
Otherwise the OpenSSL default provider uses an older general multi-prime key
generator.
=head2 Common RSA parameters
In addition to the common parameters that all keytypes should support (see
@@ -141,6 +159,20 @@ option requires at least OSSL_PARAM_RSA_FACTOR1, OSSL_PARAM_RSA_FACTOR2,
and OSSL_PARAM_RSA_N to be provided. This option is ignored if
OSSL_KEYMGMT_SELECT_PRIVATE_KEY is not set in the selection parameter.
=item "rsa-a" (B<OSSL_PKEY_PARAM_RSA_A>) <unsigned integer>
Setting this value to one of 1, 3, 5 or 7 applies an additional constraint
requiring that the computed prime p is congruent to this value mod 8.
If this value is zero then it is ignored. An error will occur if the value is not
set to one of the above values.
=item "rsa-b" (B<OSSL_PKEY_PARAM_RSA_B>) <unsigned integer>
Setting this value to one of 1, 3, 5 or 7 applies an additional constraint
requiring that the computed prime q is congruent to this value mod 8.
If this value is zero then it is ignored. An error will occur if the value is not
set to one of the above values.
=back
=head2 RSA key generation parameters for FIPS module testing
@@ -215,9 +247,9 @@ OpenSSL default provider allows testing of the validity of multi-primes.
=over 4
=item FIPS186-4
=item FIPS186-5
Section B.3.6 Generation of Probable Primes with Conditions Based on
Section A.1.6 Generation of Probable Primes with Conditions Based on
Auxiliary Probable Primes
=item RFC 8017, excluding RSA-PSS and RSA-OAEP
@@ -271,6 +303,10 @@ An B<RSA> key can be generated with key generation parameters:
L<EVP_RSA_gen(3)>, L<EVP_KEYMGMT(3)>, L<EVP_PKEY(3)>, L<provider-keymgmt(7)>
=head1 HISTORY
The RSA key generation parameters "a" and "b" were added in OpenSSL 4.0.
=head1 COPYRIGHT
Copyright 2020-2024 The OpenSSL Project Authors. All Rights Reserved.
include/crypto/bn.h
+4 -4
View File
@@ -111,17 +111,17 @@ int ossl_bn_check_generated_prime(const BIGNUM *w, int checks, BN_CTX *ctx,
const BIGNUM *ossl_bn_get0_small_factors(void);
int ossl_bn_rsa_fips186_4_gen_prob_primes(BIGNUM *p, BIGNUM *Xpout,
int ossl_bn_rsa_fips186_5_gen_prob_primes(BIGNUM *p, BIGNUM *Xpout,
BIGNUM *p1, BIGNUM *p2,
const BIGNUM *Xp, const BIGNUM *Xp1,
const BIGNUM *Xp2, int nlen,
const BIGNUM *e, BN_CTX *ctx,
BN_GENCB *cb);
BN_GENCB *cb, uint32_t c);
int ossl_bn_rsa_fips186_4_derive_prime(BIGNUM *Y, BIGNUM *X, const BIGNUM *Xin,
int ossl_bn_rsa_fips186_5_derive_prime(BIGNUM *Y, BIGNUM *X, const BIGNUM *Xin,
const BIGNUM *r1, const BIGNUM *r2,
int nlen, const BIGNUM *e, BN_CTX *ctx,
BN_GENCB *cb);
BN_GENCB *cb, uint32_t c);
OSSL_LIB_CTX *ossl_bn_get_libctx(BN_CTX *ctx);
include/crypto/rsa.h
+4
View File
@@ -124,6 +124,10 @@ ASN1_STRING *ossl_rsa_ctx_to_pss_string(EVP_PKEY_CTX *pkctx);
int ossl_rsa_pss_to_ctx(EVP_MD_CTX *ctx, EVP_PKEY_CTX *pkctx,
const X509_ALGOR *sigalg, EVP_PKEY *pkey);
int ossl_rsa_generate_multi_prime_key(RSA *rsa, int bits, int primes,
BIGNUM *e_value, BN_GENCB *cb,
uint32_t a, uint32_t b);
# if defined(FIPS_MODULE) && !defined(OPENSSL_NO_ACVP_TESTS)
int ossl_rsa_acvp_test_gen_params_new(OSSL_PARAM **dst, const OSSL_PARAM src[]);
void ossl_rsa_acvp_test_gen_params_free(OSSL_PARAM *dst);
providers/implementations/keymgmt/rsa_kmgmt.c
+27 -5
View File
@@ -439,6 +439,7 @@ struct rsa_gen_ctx {
/* ACVP test parameters */
OSSL_PARAM *acvp_test_params;
#endif
uint32_t a, b;
};
static int rsa_gencb(int p, int n, BN_GENCB *cb)
@@ -526,6 +527,25 @@ static int rsa_gen_set_params(void *genctx, const OSSL_PARAM params[])
if ((p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_E)) != NULL
&& !OSSL_PARAM_get_BN(p, &gctx->pub_exp))
return 0;
if ((p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_A)) != NULL) {
if (!OSSL_PARAM_get_uint32(p, &gctx->a))
return 0;
/* a is an optional value that should be one of (0, 1, 3, 5, 7) */
if (gctx->a != 0 && (gctx->a > 7 || (gctx->a & 1) == 0)) {
ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_DATA);
return 0;
}
}
if ((p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_B)) != NULL) {
if (!OSSL_PARAM_get_uint32(p, &gctx->b))
return 0;
/* b is an optional value that should be one of (0, 1, 3, 5, 7) */
if (gctx->b != 0 && (gctx->b > 7 || (gctx->b & 1) == 0)) {
ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_DATA);
return 0;
}
}
/* Only attempt to get PSS parameters when generating an RSA-PSS key */
if (gctx->rsa_type == RSA_FLAG_TYPE_RSASSAPSS
&& !pss_params_fromdata(&gctx->pss_params, &gctx->pss_defaults_set, params,
@@ -542,8 +562,9 @@ static int rsa_gen_set_params(void *genctx, const OSSL_PARAM params[])
#define rsa_gen_basic \
OSSL_PARAM_size_t(OSSL_PKEY_PARAM_RSA_BITS, NULL), \
OSSL_PARAM_size_t(OSSL_PKEY_PARAM_RSA_PRIMES, NULL), \
OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_E, NULL, 0)
OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_E, NULL, 0), \
OSSL_PARAM_uint32(OSSL_PKEY_PARAM_RSA_A, NULL), \
OSSL_PARAM_uint32(OSSL_PKEY_PARAM_RSA_B, NULL)
/*
* The following must be kept in sync with ossl_rsa_pss_params_30_fromdata()
* in crypto/rsa/rsa_backend.c
@@ -620,9 +641,10 @@ static void *rsa_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg)
}
#endif
if (!RSA_generate_multi_prime_key(rsa_tmp,
(int)gctx->nbits, (int)gctx->primes,
gctx->pub_exp, gencb))
if (!ossl_rsa_generate_multi_prime_key(rsa_tmp,
(int)gctx->nbits, (int)gctx->primes,
gctx->pub_exp, gencb,
gctx->a, gctx->b))
goto err;
if (!ossl_rsa_pss_params_30_copy(ossl_rsa_get0_pss_params_30(rsa_tmp),
test/acvp_test.c
+9 -5
View File
@@ -1329,6 +1329,10 @@ static int rsa_keygen_test(int id)
xq2_bn))
|| !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_TEST_XQ,
xq_bn))
|| !TEST_true(OSSL_PARAM_BLD_push_uint32(bld, OSSL_PKEY_PARAM_RSA_A,
tst->a))
|| !TEST_true(OSSL_PARAM_BLD_push_uint32(bld, OSSL_PKEY_PARAM_RSA_B,
tst->b))
|| !TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
goto err;
@@ -1357,14 +1361,14 @@ static int rsa_keygen_test(int id)
&d, &d_len)))
goto err;
if (!TEST_mem_eq(tst->p1, tst->p1_len, p1, p1_len)
|| !TEST_mem_eq(tst->p2, tst->p2_len, p2, p2_len)
if ((tst->p1 != NULL && !TEST_mem_eq(tst->p1, tst->p1_len, p1, p1_len))
|| (tst->p2 != NULL && !TEST_mem_eq(tst->p2, tst->p2_len, p2, p2_len))
|| (tst->q1 != NULL && !TEST_mem_eq(tst->q1, tst->q1_len, q1, q1_len))
|| (tst->q2 != NULL && !TEST_mem_eq(tst->q2, tst->q2_len, q2, q2_len))
|| !TEST_mem_eq(tst->p, tst->p_len, p, p_len)
|| !TEST_mem_eq(tst->q1, tst->q1_len, q1, q1_len)
|| !TEST_mem_eq(tst->q2, tst->q2_len, q2, q2_len)
|| !TEST_mem_eq(tst->q, tst->q_len, q, q_len)
|| !TEST_mem_eq(tst->n, tst->n_len, n, n_len)
|| !TEST_mem_eq(tst->d, tst->d_len, d, d_len))
|| (tst->d != NULL && !TEST_mem_eq(tst->d, tst->d_len, d, d_len)))
goto err;
test_output_memory("p1", p1, p1_len);
test/acvp_test.inc
+281
View File
@@ -10,6 +10,7 @@
#define PASS 1
#define FAIL 0
#define ITM(x) x, sizeof(x)
#define ITM_NULL NULL, 0
#ifndef OPENSSL_NO_EC
@@ -1193,6 +1194,8 @@ struct rsa_keygen_st {
size_t n_len;
const unsigned char *d;
size_t d_len;
uint32_t a;
uint32_t b;
};
static const unsigned char rsa_keygen0_e[] = {
@@ -1318,6 +1321,265 @@ static const unsigned char rsa_keygen0_d[] = {
0x61
};
static const unsigned char rsa_keygen1_e[] = {
0x6e,0x79,0x10,0x4e,0x3d,0xd3
};
static const unsigned char rsa_keygen1_xp1[] = {
0x02,0x10,0x31,0x3d,0xac,0x51,0x0e,0x45,
0x22,0x0c,0x35,0xa0,0xe4,0xd7,0xc7,0xf0,
0xba,0xe7,0xd1,0x17,0x0d,0x35,0xa3,0x84,
0x04,0xc2,0xf4,0xf6,0x21,0x34,0xe4,0x73,
0x8a,0xd9,0xec,0x50,0xe2,0x3c,0xee,0x60,
0x99,0x26,0x9a,0x9b,0x1d,0x68,0xaf,0xb3,
0x67,0xc9,0x41,0x46,0xdc,0x26,0xf2,0x6a,
0x60,0x14,0x79,0x9b,0xb2,0xa8,0x6c,0xbc,
0xa7,0x53,0x08,0x94,0x8a,0x2f,0xba,0xfb,
0x2d,0xad,0x3f,
};
static const unsigned char rsa_keygen1_xp2[] = {
0x48,0x3f,0xbb,0xa5,0xc1,0x8c,0x2c,0xbd,
0x15,0x9c,0x3b,0xf7,0x18,0x55,0x48,0xad,
0x85,0x68,0x7b,0xf4,0xb6,0x92,0x53,0xc7,
0x15,0xa3,0xe7,0xdb,0x12,0xd8,0x3d,0xea,
0xf4,0x15,0x88,0xf2,0x81,0x07,0x8f,0x82,
0x18,0x65,0xf7,0x98,0x64,0xec,0xbe,0x71,
0xa8,0x0c,0x61,0x69,0x9c,0x19,
};
static const unsigned char rsa_keygen1_xp[] = {
0xdf,0x44,0xca,0x63,0x57,0xd3,0xb5,0x67,
0x46,0xa5,0x52,0x99,0xfa,0xa7,0x9e,0x20,
0x1c,0x45,0xcc,0x38,0x61,0xb2,0xb4,0x92,
0xca,0xaa,0x6c,0x0e,0x4e,0x59,0x26,0x12,
0xfd,0x41,0x84,0xcb,0x81,0xfe,0xf8,0xf5,
0x0f,0xac,0x41,0xf4,0xca,0xbc,0xab,0x97,
0x86,0xd5,0x55,0x60,0xed,0x8e,0x1a,0x76,
0x7e,0x22,0xfd,0xea,0x64,0xb1,0x03,0x9a,
0x7e,0xd7,0x4c,0xdd,0xfe,0x06,0x00,0xfb,
0x2c,0x1a,0x0a,0xd7,0xb4,0xcf,0x97,0xd0,
0x11,0x96,0xfc,0x38,0x6d,0xc0,0xfa,0x5a,
0xe1,0xc7,0xda,0x9b,0x21,0xac,0x95,0x08,
0x38,0xbd,0x3f,0xf6,0x18,0xcf,0x2e,0x92,
0xd2,0x2e,0x9e,0xa1,0xf4,0x2e,0xb1,0x72,
0x3c,0x98,0xf6,0x7c,0x0e,0xbc,0x70,0x71,
0xf4,0x50,0x0d,0x89,0x9e,0x2a,0x7a,0x5f,
0xf4,0x6a,0xfd,0x44,0x11,0xa8,0xcc,0x29,
0x47,0x9e,0x95,0x9c,0x68,0x87,0xba,0x15,
0xff,0x8f,0xec,0x60,0x1a,0xe1,0xbb,0x75,
0x2d,0x9f,0x31,0x65,0xb3,0x18,0xb8,0xc4,
0x74,0xbc,0xf9,0x40,0x41,0xd8,0x85,0x88,
0x3f,0x54,0x84,0x30,0xee,0x66,0x31,0xc7,
0xed,0x52,0x55,0xcf,0xb1,0x46,0xe1,0x98,
0x4e,0x95,0x95,0xc9,0xfc,0x74,0xd8,0x3a,
0x1e,0x65,0xba,0x6f,0x69,0x6a,0x96,0x87,
0xd3,0x7d,0x51,0x42,0xf9,0x6b,0x0d,0x5a,
0x2a,0x51,0x60,0x0f,0x4e,0x8a,0x1e,0xf3,
0x47,0xe1,0xc9,0x0d,0xcd,0xbd,0x4a,0x55,
0x38,0x1b,0xd5,0xcd,0xad,0xeb,0x31,0x11,
0x0c,0xeb,0xe5,0xac,0x26,0xac,0xe3,0x45,
0x52,0xfe,0x23,0xd2,0x68,0xd3,0x89,0x9f,
0x41,0xae,0x5d,0x76,0x64,0x38,0xde,0x08,
};
static const unsigned char rsa_keygen1_xq1[] = {
0x00,0xc7,0xf2,0x3d,0xa5,0xa7,0x51,0xb0,
0xcc,0x3b,0x73,0xd1,0x9d,0x71,0x9d,0x4e,
0x43,0xad,0x77,0xf9,0xdc,0xcb,0x32,0x9f,
0x4b,0x8f,0xf5,0x36,0x99,0x54,0x09,0x1e,
0xe3,0xa0,0x29,0xc6,0x6d,0x55,0x21,0x9e,
0x96,0xec,0xdf,0xad,0x08,0x5d,0x7a,0xef,
0x03,0xe2,0x35,0x9f,0xd0,0x77,0xdd,0xaa,
0x8d,0x60,0x92,0xc7,0x46,0xe8,0x9d,0xab,
0xe9,0x7c,0x2f,0x18,0x60,0xa1,0x31,0x79,
0x4d,0x48,0x71,0xb9,0x76,0xbf,0xff,0xde,
0x56,0x3b,0x1f,0x36,0x00,0xf3,0x9b,0x12,
0xb8,0x8a,0x68,0x9f,0xce,0x6e,0xe7,0x08,
0xa5,0x55,0x6d,0x08,0x3b,0xd1,0x2b,0x23,
0x19,0x35,0x93,0x6c,0x89,0x95,0x35,0xf6,
0xff,0x60,0x36,0x2e,0xf0,0x42,0x01,0x57,
0x84,0x6a,0xe9,0x8c,0xc5,0x4a,0xae,0xe0,
0xb5,0xfa,0x4f,0xab,0xb5,0xff,0x3f,0x8d,
0x6a,0x10,0x79,0x01,0x4a,0x1f,0x7c,0xa2,
0x16,0x2d,0xea,0x7c,0x4f,0x9c,0x02,0xf5,
};
static const unsigned char rsa_keygen1_xq2[] = {
0x17,0x70,0xca,0x10,0xbc,0x02,0x01,0xac,
0xe7,0x60,0x58,0xc8,0x06,0x82,0x3a,0xc9,
0x9e,0xd2,0x2b,0x32,0x81,0xb4,0xa1,0xb7,
0xc0,0x0a,0xc0,0xb2,0x77,0xd1,0x05,0x62,
0x17,0xc5,0x65,0x9f,0x49,0x6a,0xac,0x0e,
0xe9,0x4d,0xe5,0xe8,0x88,0xcd,0xab,0x11,
0x02,0xb8,0x28,0x1f,0x11,0x73,0x26,0x9d,
0x0f,0x14,0x7b,0x69,0x11,0xeb,0xf9,0xcc,
0x49,0xe1,0x96,0xb1,0x94,0x3c,0x81,
};
static const unsigned char rsa_keygen1_xq[] = {
0xd7,0x4b,0x7b,0x53,0x8c,0x07,0x03,0x4a,
0x7c,0xa1,0x09,0x46,0xe4,0x15,0x3e,0x3a,
0x22,0x81,0x29,0xf8,0xea,0x35,0xd7,0xcb,
0x9d,0x97,0x92,0xe4,0x7b,0x65,0x86,0xac,
0x5a,0xf1,0xb8,0x83,0xb0,0x3c,0xfc,0xa9,
0x69,0x9b,0x82,0x31,0xa9,0x21,0x09,0xe1,
0xfa,0xdd,0x43,0x63,0x4a,0x26,0xf4,0xa3,
0x3e,0x03,0x2c,0x21,0x4b,0x59,0xd8,0x0f,
0xb7,0x6b,0x60,0x23,0xb6,0x19,0x23,0xee,
0x6a,0xd6,0x65,0x39,0x64,0xb1,0xaf,0xd0,
0x36,0xa6,0x7b,0x39,0xef,0x5b,0x27,0xca,
0xd7,0xb3,0xa6,0xec,0x54,0xee,0x03,0xbd,
0x8a,0xab,0x5e,0xec,0x7e,0x51,0x86,0x85,
0xdb,0x9e,0x3c,0x2b,0xfc,0xfd,0xc8,0xfe,
0x6d,0xf8,0x6f,0xd3,0x6b,0xe1,0xd4,0xcb,
0x7d,0xc7,0xd6,0x98,0xa4,0x54,0xdf,0x3b,
0x39,0xcd,0x2f,0x0a,0x7e,0xf1,0x2c,0xc7,
0xac,0x79,0xbb,0x81,0x5a,0x3f,0xa2,0xd3,
0xfb,0x63,0x68,0xf6,0x37,0x96,0xd3,0xf8,
0xe1,0x2b,0x71,0x2b,0xd1,0xd6,0x86,0xf3,
0xc9,0x4c,0x3a,0x31,0xd0,0xea,0xe3,0x36,
0x35,0xea,0x8f,0xa4,0x97,0x80,0x17,0x90,
0x2a,0x3b,0x22,0xa4,0x0b,0xff,0x4b,0x1f,
0xa2,0x57,0x6e,0x96,0xf3,0xcb,0x0b,0xab,
0x6e,0x33,0xb8,0x45,0xea,0x90,0x3c,0x4f,
0x7b,0x53,0xa0,0xc9,0x36,0xd6,0x52,0xe8,
0x83,0x88,0x7b,0x62,0x7d,0xa9,0x1c,0x46,
0xac,0xa4,0xdf,0x43,0xa8,0xc3,0xce,0x9a,
0x55,0x64,0xb4,0xbc,0x54,0x28,0x32,0x6a,
0x47,0xe7,0xd9,0x03,0x33,0x7d,0x2d,0xb0,
0x4b,0xb0,0xf6,0x4f,0x04,0x23,0x43,0xce,
0xff,0x50,0x71,0xf7,0xe3,0x1a,0xa1,0xa4,
};
static const unsigned char rsa_keygen1_p[] = {
0xdf,0x44,0xca,0x63,0x57,0xd3,0xb5,0x67,
0x46,0xa5,0x52,0x99,0xfa,0xa7,0x9e,0x20,
0x1c,0x45,0xcc,0x38,0x61,0xb2,0xb4,0x92,
0xca,0xaa,0x6c,0x0e,0x4e,0x59,0x26,0x12,
0xfd,0x41,0x84,0xcb,0x81,0xfe,0xf8,0xf5,
0x0f,0xac,0x41,0xf4,0xca,0xbc,0xab,0x97,
0x86,0xd5,0x55,0x60,0xed,0x8e,0x1a,0x76,
0x7e,0x22,0xfd,0xea,0x64,0xb1,0x03,0x9a,
0x7e,0xd7,0x4c,0xdd,0xfe,0x06,0x00,0xfb,
0x2c,0x1a,0x0a,0xd7,0xb4,0xcf,0x97,0xd0,
0x11,0x96,0xfc,0x38,0x6d,0xc0,0xfa,0x5a,
0xe1,0xc7,0xda,0x9b,0x21,0xac,0x95,0x08,
0x38,0xbd,0x3f,0xf6,0x18,0xcf,0x2e,0x92,
0xd2,0x2e,0x9e,0xa1,0xf4,0x2e,0xb1,0x72,
0x3c,0x98,0xf6,0x7c,0x0e,0xbc,0x70,0x71,
0xf4,0x50,0x0d,0x89,0x9e,0x2a,0x7c,0x93,
0x72,0x90,0x53,0xe0,0x35,0xd6,0x0b,0x36,
0x9a,0xe2,0x3b,0x09,0xf7,0x06,0xb7,0x36,
0x1b,0x44,0x18,0x7c,0x6d,0xdb,0xda,0x76,
0xb1,0x05,0x69,0xc9,0x39,0xf6,0x69,0xc5,
0x28,0x22,0xbc,0x6e,0xef,0x4e,0x9c,0x6c,
0x78,0x28,0xe9,0xfa,0x9d,0xfb,0x91,0x56,
0x10,0x95,0x49,0xa3,0x07,0x1d,0xb9,0xff,
0xe9,0x7e,0x03,0x59,0x64,0x6d,0x39,0x0b,
0x3d,0xdb,0xef,0xd0,0xc2,0x62,0x84,0x82,
0xac,0xb8,0x98,0x2a,0xb5,0xe7,0x93,0x9c,
0x7e,0x90,0xfd,0xea,0x88,0x4e,0xab,0x1d,
0xf5,0x36,0x1d,0x23,0x40,0x89,0xa2,0x47,
0x28,0x50,0x94,0xf1,0xff,0xa1,0xce,0xcc,
0x0b,0xdb,0xfa,0x88,0x9d,0xdc,0x6a,0xcb,
0x1d,0x4d,0xd5,0x94,0x21,0x84,0x8c,0xb7,
0xac,0x82,0x56,0xa5,0xde,0x1d,0x85,0x6b,
};
static const unsigned char rsa_keygen1_q[] = {
0xd7,0x4b,0x7b,0x53,0x8c,0x07,0x03,0x4a,
0x7c,0xa1,0x09,0x46,0xe4,0x15,0x3e,0x3a,
0x22,0x81,0x29,0xf8,0xea,0x35,0xd7,0xcb,
0x9d,0x97,0x92,0xe4,0x7b,0x65,0x86,0xac,
0x5d,0x89,0x0d,0xf3,0x4d,0xcc,0x69,0x74,
0x96,0xb2,0x07,0x71,0x2e,0xb9,0xde,0x66,
0x15,0x21,0x01,0xcc,0xde,0x74,0xfb,0xe6,
0x3e,0xd2,0x29,0x0b,0xd1,0xba,0x59,0x7e,
0xb0,0xb0,0x09,0x67,0xe7,0xd9,0xfc,0x80,
0x19,0x76,0x21,0x3d,0xc4,0x14,0xe3,0xfc,
0xa4,0x44,0xf0,0x8c,0xbe,0x06,0x0c,0x75,
0x5e,0xd0,0x77,0x08,0x90,0x93,0x5d,0x5f,
0x47,0x99,0x4f,0x8f,0xf8,0xba,0x5d,0xde,
0x32,0x4f,0xa9,0x4c,0xf4,0x29,0x84,0x6d,
0xed,0x60,0xfe,0x74,0xf7,0xbb,0x04,0xfc,
0x1f,0xa8,0x86,0x5d,0x56,0x14,0x11,0xc3,
0xe2,0xef,0x3b,0x30,0x6b,0x81,0xe5,0x5f,
0xa1,0x6b,0xd2,0x55,0x03,0xce,0xa7,0xbc,
0x3a,0xaf,0xe6,0xa2,0xa0,0x94,0xb5,0x3d,
0xf5,0x1c,0x40,0xd5,0xd4,0x18,0x4b,0xfa,
0xc0,0xf4,0x2f,0x8b,0xa0,0x79,0x3a,0x91,
0x0a,0x32,0xd4,0xa4,0xf3,0x8d,0x13,0xa7,
0x20,0x8e,0x06,0x43,0xc3,0xaf,0xca,0xa8,
0xee,0xd2,0xc5,0x2a,0xef,0x69,0xc1,0xef,
0x95,0x16,0xb4,0x3b,0x18,0x8e,0x19,0xba,
0xf8,0xc1,0x6f,0x5c,0xa0,0xdb,0xdd,0x5a,
0xe9,0x97,0x3b,0xf4,0x84,0x27,0x51,0xa7,
0x56,0x44,0xe3,0x68,0x10,0xb2,0x88,0x0b,
0xff,0x03,0x4a,0x91,0x7f,0x52,0x18,0x65,
0x78,0x1a,0x2b,0x09,0xa5,0xba,0x3d,0x60,
0xf4,0x5b,0x99,0x7c,0xb8,0x7b,0xfc,0xf7,
0x18,0x2e,0x03,0x3d,0x2c,0x98,0xc4,0x8d,
};
static const unsigned char rsa_keygen1_n[] = {
0xbb,0xc4,0x9a,0xaf,0xa4,0x88,0x9e,0x36,
0xb5,0x15,0x97,0x5b,0xcf,0x8e,0x5e,0x10,
0xee,0x03,0xff,0x06,0x2a,0xa8,0x32,0x83,
0xb2,0x72,0x4f,0x1d,0xe4,0x23,0x05,0xa2,
0x2c,0x4e,0xc9,0xb3,0xd5,0x60,0x8f,0x49,
0x8b,0xbf,0x8d,0x4a,0x9c,0x99,0x5b,0xbf,
0xce,0x2b,0xd1,0x24,0x60,0x9c,0x52,0x7c,
0xbc,0xd6,0x4c,0x78,0x7c,0x4a,0x26,0xe4,
0x17,0xf9,0x2f,0xeb,0x20,0x0a,0x8c,0x69,
0x0a,0xd1,0x93,0x9a,0xc3,0xf5,0x2e,0xf5,
0x50,0x90,0xcc,0xe4,0xec,0x87,0xb1,0x2f,
0x34,0x9a,0x6d,0x2b,0x4b,0x73,0x41,0x12,
0xe6,0x1d,0x26,0x80,0xf9,0x5e,0x71,0x70,
0xaa,0xa1,0x25,0x6c,0x61,0xcd,0x91,0xb2,
0x47,0x66,0x79,0x1f,0x90,0x4c,0x2e,0x56,
0x2c,0x5f,0xe0,0x50,0xe5,0x89,0x52,0xe9,
0xe6,0x17,0xfa,0xab,0x7e,0x67,0xa1,0x67,
0x16,0x1b,0xee,0x18,0xd6,0xd0,0x0a,0xec,
0xf6,0x9b,0x5d,0x6f,0xe1,0x2e,0xad,0x1a,
0x09,0x14,0xab,0xd5,0x78,0x52,0x00,0x74,
0xec,0x66,0xbb,0x49,0xad,0xcb,0xd0,0x77,
0xe2,0x3e,0x45,0x4f,0x89,0xf4,0x04,0x47,
0x5b,0xe2,0xc5,0xd2,0x3e,0xaf,0x65,0x8e,
0x0c,0xfc,0x80,0x6d,0x71,0xab,0x3d,0x81,
0x6f,0xfe,0xce,0x9d,0xa3,0x40,0x24,0x18,
0x15,0x2b,0x7f,0xd5,0xfe,0xe0,0x09,0xe3,
0xbb,0xb8,0xf4,0x5b,0x8a,0x5f,0x37,0xeb,
0x33,0xff,0x07,0x4b,0x4b,0x0d,0xcf,0x6d,
0x2b,0x56,0xf1,0xa3,0x25,0xd7,0x4c,0xfa,
0x64,0x77,0x2c,0x54,0x76,0xa2,0xdc,0x56,
0x81,0x0a,0xc1,0x0f,0xc7,0x6f,0xf6,0xe4,
0xe7,0x12,0xb0,0x24,0x33,0x77,0x26,0x6c,
0x84,0x2a,0xe4,0x4e,0x73,0x8b,0xe6,0xaf,
0x6e,0x39,0x6f,0x6e,0x4c,0xb1,0x24,0x6d,
0x4c,0x55,0x67,0xaf,0x37,0xf8,0x65,0x0a,
0x68,0x27,0x01,0xb0,0x59,0x8d,0xc9,0x30,
0x21,0x3b,0x5d,0x03,0x4e,0xbe,0x1d,0xae,
0xa5,0xd1,0x07,0x61,0xa9,0x3c,0xe9,0x79,
0x34,0xb1,0x6c,0x3a,0x95,0xd6,0x64,0xa0,
0xc7,0x58,0xe6,0x3c,0x19,0x67,0x12,0x63,
0x63,0x9e,0xe8,0x1d,0x80,0xba,0xc6,0x57,
0x4c,0x90,0x06,0xb3,0xe5,0x4f,0xfe,0xf6,
0x7c,0x68,0x4e,0x3e,0xd8,0x4c,0x8c,0x19,
0xab,0x36,0x50,0x07,0x40,0xff,0x78,0x90,
0x33,0xd8,0x1c,0xe4,0x29,0xcb,0x50,0x79,
0xa6,0xa2,0x62,0xaa,0x4b,0x7c,0x7e,0x8a,
0x6c,0xe3,0x9b,0xf3,0x0a,0x85,0xb7,0xe7,
0x5d,0xef,0x0f,0x26,0x6c,0x6e,0xb8,0xb2,
0xd6,0xc8,0xf0,0x78,0x55,0x15,0xf5,0xc6,
0x50,0x4d,0xef,0x75,0x3c,0xe8,0xb2,0x17,
0x08,0x70,0x6b,0xc5,0x05,0x14,0xa6,0x00,
0x83,0x95,0x03,0x6c,0xe2,0x49,0xfd,0x51,
0x6c,0xc4,0xea,0xc4,0xce,0x4e,0x33,0xbf,
0x37,0x3d,0xe8,0x8d,0x0c,0x3c,0x49,0xf7,
0x06,0xca,0x77,0x09,0x12,0x4f,0x5e,0xdb,
0xd0,0xad,0x40,0xf0,0x36,0x54,0xc3,0x5b,
0x39,0x37,0xca,0x80,0x96,0x86,0x62,0xb8,
0x1a,0x8b,0xc1,0x60,0xaf,0xf8,0xbe,0xc5,
0x04,0xcd,0x2d,0xb6,0x38,0x8c,0x95,0x15,
0x35,0xf0,0x74,0xae,0x89,0x9f,0x90,0x95,
0x28,0x04,0x25,0xbc,0xac,0x23,0x64,0x54,
0x38,0x5f,0x6c,0x25,0x34,0x72,0x0b,0xbc,
0x48,0xfa,0x05,0x0e,0x31,0x60,0x48,0xb3,
0x09,0x9c,0xb7,0x5e,0x8b,0xf0,0x67,0xef,
};
static const struct rsa_keygen_st rsa_keygen_data[] = {
{
2048,
@@ -1339,6 +1601,25 @@ static const struct rsa_keygen_st rsa_keygen_data[] = {
ITM(rsa_keygen0_n),
ITM(rsa_keygen0_d),
},
{
4096,
ITM(rsa_keygen1_e),
ITM(rsa_keygen1_xp1),
ITM(rsa_keygen1_xp2),
ITM(rsa_keygen1_xp),
ITM(rsa_keygen1_xq1),
ITM(rsa_keygen1_xq2),
ITM(rsa_keygen1_xq),
ITM_NULL,
ITM_NULL,
ITM_NULL,
ITM_NULL,
ITM(rsa_keygen1_p),
ITM(rsa_keygen1_q),
ITM(rsa_keygen1_n),
ITM_NULL,
3, 5
}
};
#define NO_PSS_SALT_LEN -1
test/rsa_sp800_56b_test.c
+1 -1
View File
@@ -491,7 +491,7 @@ static int test_sp80056b_keygen(int id)
int sz = keygen_size[id];
ret = TEST_ptr(key = RSA_new())
&& TEST_true(ossl_rsa_sp800_56b_generate_key(key, sz, NULL, NULL))
&& TEST_true(ossl_rsa_sp800_56b_generate_key(key, sz, NULL, NULL, 0, 0))
&& TEST_true(ossl_rsa_sp800_56b_check_public(key))
&& TEST_true(ossl_rsa_sp800_56b_check_private(key))
&& TEST_true(ossl_rsa_sp800_56b_check_keypair(key, NULL, -1, sz));
util/perl/OpenSSL/paramnames.pm
+2
View File
@@ -421,6 +421,8 @@ my %params = (
'OSSL_PKEY_PARAM_RSA_MGF1_DIGEST' => '*OSSL_PKEY_PARAM_MGF1_DIGEST',
'OSSL_PKEY_PARAM_RSA_PSS_SALTLEN' => "saltlen",
'OSSL_PKEY_PARAM_RSA_DERIVE_FROM_PQ' => "rsa-derive-from-pq",
'OSSL_PKEY_PARAM_RSA_A' => "rsa-a",
'OSSL_PKEY_PARAM_RSA_B' => "rsa-b",
# EC, X25519 and X448 Key generation parameters
'OSSL_PKEY_PARAM_DHKEM_IKM' => "dhkem-ikm",