[openssl-users] Chinese remainder algorithm

Jan Bilek ian.bilek at gmail.com
Tue Aug 21 04:51:51 UTC 2018 

Hi Thulasi,

Thank you for your email, it was an inspiration for our team to follow up.

Final solution then looks like this:

bool InitKey(RSA_ptr& pkey) {
  //Recalculate Modulus from provided components

  BnCtx ctx;
  {
    const BIGNUM* p;
    const BIGNUM* q;
    RSA_get0_factors(pkey.get(), &p, &q);
    auto n = BN_new();
    BN_mul(n, p, q, ctx.get());

    //Assign default exponent
    //Default Public exponent 65537
    const unsigned char defaultPublicExponent[] = {0x01, 0x00, 0x01};
    auto e = BN_bin2bn(defaultPublicExponent,
sizeof(defaultPublicExponent), nullptr);
    RSA_set0_key(pkey.get(), n, e, nullptr);
  }

#ifdef DEBUG
  size_t modulusLength = RSA_size(pkey.get());
  std::cout << "modulusLength (n):      " << modulusLength << std::endl;
  std::cout << "modulusLength * 8 (n bits):      " << modulusLength * 8 <<
std::endl;
#endif

  //Recalculate private key
  auto r0 = BN_CTX_get(ctx.get());
  auto r1 = BN_CTX_get(ctx.get());
  auto r2 = BN_CTX_get(ctx.get());
  auto r3 = BN_CTX_get(ctx.get());

  {
    const BIGNUM* p;
    const BIGNUM* q;
    RSA_get0_factors(pkey.get(), &p, &q);

    //Calculate d
    //p-1
    if (!BN_sub(r1, p, BN_value_one()))
      return false;
    //q-1
    if (!BN_sub(r2, q, BN_value_one()))
      return false;
  }
  //(p-1)(q-1)
  if (!BN_mul(r0, r1, r2, ctx.get()))
    return false;

  if (!BN_gcd(r3, r1, r2, ctx.get()))
    return false;

  //LCM((p-1)(q-1))
  if (!BN_div(r0, nullptr, r0, r3, ctx.get()))
    return false;

  BnCtx ctx2;
  if (!ctx2.get()) {
    return false;
  }

  //d
  {
    const BIGNUM* e;
    RSA_get0_key(pkey.get(), nullptr, &e, nullptr);
    auto d = BN_mod_inverse(nullptr, e, r0, ctx2.get());
    if (!d)
      return false;
    RSA_set0_key(pkey.get(), nullptr, nullptr, d);
  }

  return true;
}

void RecalculateRsaKeyFromItsFactorsAndParams () {
  ....
  RSA_ptr pkey(RSA_new(), ::RSA_free);
  RSA_set0_key(pkey.get(), BN_new(), BN_new(), BN_new());
  RSA_set0_factors(pkey.get(),
      BN_bin2bn(secureP.data(), secureP.size(), nullptr),
      BN_bin2bn(secureQ.data(), secureQ.size(), nullptr));
  RSA_set0_crt_params(pkey.get(),
      BN_bin2bn(secureDmp1.data(), secureDmp1.size(), nullptr),
      BN_bin2bn(secureDmq1.data(), secureDmq1.size(), nullptr),
      BN_bin2bn(secureIqmp.data(), secureIqmp.size(), nullptr));

  if (!InitKey(pkey))
}

Hope this is going to help someone one day :)

Kind Regards,
Jan

On Wed, Aug 1, 2018 at 7:33 PM Thulasi Goriparthi <
thulasi.goriparthi at gmail.com> wrote:

> Hello Jan,
>
> Decide on what your public exponent(e) should be, and either use
> RSA_X931_derive_ex() if you are using an older openssl which supports
> this function or follow rsa_builtin_keygen() from crypto/rsa/rsa_gen.c
> on how to derive private exponent(d) and modulus(n).
>
> By the way, technically, you do not need private exponent(d) for
> signing, as you already have CRT components.
>
> What is the function that complained about missing d?
>
> Thanks,
> Thulasi.
>
> On 31 July 2018 at 16:19, Jan Bilek <ian.bilek at gmail.com> wrote:
> > Hi all,
> >
> > I need to reconstruct public and private keys for data signing operation
> > from p, q, dmp1, dmq1 and iqmp. When I fill values in as per below then
> > OpenSSL complains about missing d.
> >
> >     RSA* pkey = RSA_new();
> >     pkey->n = NULL;
> >     pkey->e = NULL;
> >     pkey->d = NULL;
> >
> >     pkey->p    = BN_bin2bn(secureP.data(), secureP.size(), NULL);
> >     pkey->q    = BN_bin2bn(secureQ.data(), secureQ.size(), NULL);
> >     pkey->dmp1 = BN_bin2bn(secureDmp1.data(), secureDmp1.size(), NULL);
> >     pkey->dmq1 = BN_bin2bn(secureDmq1.data(), secureDmq1.size(), NULL);
> >     pkey->iqmp = BN_bin2bn(secureIqmp.data(), secureIqmp.size(), NULL);
> >
> > I did my homework on Google/Stackoverflow/OpenSSL docu, but I haven't
> been
> > able to find out any good way to do this, while it is obvious that
> openssl
> > needs to know this by deafult for its internals.
> > Would you have any hint on where next with this?
> >
> > Thank you,
> > Jan
> >
> > --
> > openssl-users mailing list
> > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
> >
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20180821/bdc0c65c/attachment.html>

More information about the openssl-users mailing list