1*8ccd4a63SDavid du Colombier #include "os.h"
2*8ccd4a63SDavid du Colombier #include <mp.h>
3*8ccd4a63SDavid du Colombier #include <libsec.h>
4*8ccd4a63SDavid du Colombier
5*8ccd4a63SDavid du Colombier RSApriv*
rsafill(mpint * n,mpint * e,mpint * d,mpint * p,mpint * q)6*8ccd4a63SDavid du Colombier rsafill(mpint *n, mpint *e, mpint *d, mpint *p, mpint *q)
7*8ccd4a63SDavid du Colombier {
8*8ccd4a63SDavid du Colombier mpint *c2, *kq, *kp, *x;
9*8ccd4a63SDavid du Colombier RSApriv *rsa;
10*8ccd4a63SDavid du Colombier
11*8ccd4a63SDavid du Colombier // make sure we're not being hoodwinked
12*8ccd4a63SDavid du Colombier if(!probably_prime(p, 10) || !probably_prime(q, 10)){
13*8ccd4a63SDavid du Colombier werrstr("rsafill: p or q not prime");
14*8ccd4a63SDavid du Colombier return nil;
15*8ccd4a63SDavid du Colombier }
16*8ccd4a63SDavid du Colombier x = mpnew(0);
17*8ccd4a63SDavid du Colombier mpmul(p, q, x);
18*8ccd4a63SDavid du Colombier if(mpcmp(n, x) != 0){
19*8ccd4a63SDavid du Colombier werrstr("rsafill: n != p*q");
20*8ccd4a63SDavid du Colombier mpfree(x);
21*8ccd4a63SDavid du Colombier return nil;
22*8ccd4a63SDavid du Colombier }
23*8ccd4a63SDavid du Colombier c2 = mpnew(0);
24*8ccd4a63SDavid du Colombier mpsub(p, mpone, c2);
25*8ccd4a63SDavid du Colombier mpsub(q, mpone, x);
26*8ccd4a63SDavid du Colombier mpmul(c2, x, x);
27*8ccd4a63SDavid du Colombier mpmul(e, d, c2);
28*8ccd4a63SDavid du Colombier mpmod(c2, x, x);
29*8ccd4a63SDavid du Colombier if(mpcmp(x, mpone) != 0){
30*8ccd4a63SDavid du Colombier werrstr("rsafill: e*d != 1 mod (p-1)*(q-1)");
31*8ccd4a63SDavid du Colombier mpfree(x);
32*8ccd4a63SDavid du Colombier mpfree(c2);
33*8ccd4a63SDavid du Colombier return nil;
34*8ccd4a63SDavid du Colombier }
35*8ccd4a63SDavid du Colombier
36*8ccd4a63SDavid du Colombier // compute chinese remainder coefficient
37*8ccd4a63SDavid du Colombier mpinvert(p, q, c2);
38*8ccd4a63SDavid du Colombier
39*8ccd4a63SDavid du Colombier // for crt a**k mod p == (a**(k mod p-1)) mod p
40*8ccd4a63SDavid du Colombier kq = mpnew(0);
41*8ccd4a63SDavid du Colombier kp = mpnew(0);
42*8ccd4a63SDavid du Colombier mpsub(p, mpone, x);
43*8ccd4a63SDavid du Colombier mpmod(d, x, kp);
44*8ccd4a63SDavid du Colombier mpsub(q, mpone, x);
45*8ccd4a63SDavid du Colombier mpmod(d, x, kq);
46*8ccd4a63SDavid du Colombier
47*8ccd4a63SDavid du Colombier rsa = rsaprivalloc();
48*8ccd4a63SDavid du Colombier rsa->pub.ek = mpcopy(e);
49*8ccd4a63SDavid du Colombier rsa->pub.n = mpcopy(n);
50*8ccd4a63SDavid du Colombier rsa->dk = mpcopy(d);
51*8ccd4a63SDavid du Colombier rsa->kp = kp;
52*8ccd4a63SDavid du Colombier rsa->kq = kq;
53*8ccd4a63SDavid du Colombier rsa->p = mpcopy(p);
54*8ccd4a63SDavid du Colombier rsa->q = mpcopy(q);
55*8ccd4a63SDavid du Colombier rsa->c2 = c2;
56*8ccd4a63SDavid du Colombier
57*8ccd4a63SDavid du Colombier mpfree(x);
58*8ccd4a63SDavid du Colombier
59*8ccd4a63SDavid du Colombier return rsa;
60*8ccd4a63SDavid du Colombier }
61*8ccd4a63SDavid du Colombier
62