summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authornagendra modadugu <ngm@google.com>2016-07-14 15:50:42 -0700
committerchrome-bot <chrome-bot@chromium.org>2016-07-21 17:32:17 -0700
commitb6a48a58958f67e479af3805c4a2bfadb1cc8bd3 (patch)
tree1f9238e14911e34055b67f954f3a1aac776b40c6
parent76ab8e6f448a3fa3f216b1c54e8a0ca4ff282a08 (diff)
downloadchrome-ec-b6a48a58958f67e479af3805c4a2bfadb1cc8bd3.tar.gz
CR50: when generating primes, check compatibility with exp
Primes generated for RSA keys need to hold the following property (public_exponent mod p) > 1 in order for the private exponent to exist. This change adds this check for the public exponent RSA_F4 (65537). BRANCH=none BUG=chrome-os-partner:43025,chrome-os-partner:47524 BUG=chrome-os-partner:50115,chrome-os-partner:55260 TEST=test full personalize + cros_ack verify cert flow Signed-off-by: nagendra modadugu <ngm@google.com> Reviewed-on: https://chromium-review.googlesource.com/360662 Reviewed-by: Marius Schilder <mschilder@chromium.org> Reviewed-by: Bill Richardson <wfrichar@google.com> (cherry picked from commit 1c37f84ae7fae9f5841421447c7f235790ab6a93) (cherry picked from commit b2c1678b27c79a2c93f5519e00161243fa0a5d88) Change-Id: I87bd898cc3750bf1e492bc263edb6eac1edf2a17 Reviewed-on: https://chromium-review.googlesource.com/362115 Commit-Ready: Vadim Bendebury <vbendeb@chromium.org> Tested-by: Vadim Bendebury <vbendeb@chromium.org> Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Diffstat
-rw-r--r--chip/g/dcrypto/bn.c29
1 files changed, 27 insertions, 2 deletions
diff --git a/chip/g/dcrypto/bn.c b/chip/g/dcrypto/bn.c
index 7d108a0d44..240694ba36 100644
--- a/chip/g/dcrypto/bn.c
+++ b/chip/g/dcrypto/bn.c
@@ -822,6 +822,28 @@ static uint32_t bn_mod_word16(const struct LITE_BIGNUM *p, uint16_t word)
return rem;
}
+static uint32_t bn_mod_f4(const struct LITE_BIGNUM *d)
+{
+ int i = bn_size(d) - 1;
+ const uint8_t *p = (const uint8_t *) (d->d);
+ uint32_t rem = 0;
+
+ for (; i >= 0; --i) {
+ uint32_t q = RSA_F4 * (rem >> 8);
+
+ if (rem < q)
+ q -= RSA_F4;
+ rem <<= 8;
+ rem |= p[i];
+ rem -= q;
+ }
+
+ if (rem >= RSA_F4)
+ rem -= RSA_F4;
+
+ return rem;
+}
+
#define bn_is_even(b) !bn_is_bit_set((b), 0)
/* From HAC Fact 4.48 (ii), the following number of
* rounds suffice for ~2^145 confidence. Each additional
@@ -963,8 +985,11 @@ int DCRYPTO_bn_generate_prime(struct LITE_BIGNUM *p)
j = (i << 1);
DCRYPTO_bn_wrap(&diff, &diff_buf, sizeof(diff_buf));
bn_add(p, &diff);
- if (bn_probable_prime(p))
- return 1;
+ /* Make sure prime will work with F4 public exponent. */
+ if (bn_mod_f4(p) >= 2) {
+ if (bn_probable_prime(p))
+ return 1;
+ }
}
memset(composites_buf, 0, sizeof(composites_buf));
View Lorry Controller Status