]>
Commit | Line | Data |
---|---|---|
2039c421 | 1 | /* |
8686c474 | 2 | * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. |
72a26733 | 3 | * |
2a7b6f39 | 4 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
2039c421 RS |
5 | * this file except in compliance with the License. You can obtain a copy |
6 | * in the file LICENSE in the source distribution or at | |
7 | * https://www.openssl.org/source/license.html | |
72a26733 DSH |
8 | */ |
9 | ||
c5f87134 P |
10 | /* |
11 | * RSA low level APIs are deprecated for public use, but still ok for | |
12 | * internal use. | |
13 | */ | |
14 | #include "internal/deprecated.h" | |
15 | ||
72a26733 DSH |
16 | #include <stdio.h> |
17 | #include <openssl/crypto.h> | |
b39fc560 | 18 | #include "internal/cryptlib.h" |
25f2138b | 19 | #include "crypto/bn.h" |
72a26733 | 20 | #include <openssl/rand.h> |
706457b7 | 21 | #include "rsa_local.h" |
72a26733 | 22 | |
26c79d56 KR |
23 | int RSA_bits(const RSA *r) |
24 | { | |
8686c474 | 25 | return BN_num_bits(r->n); |
26c79d56 KR |
26 | } |
27 | ||
72a26733 | 28 | int RSA_size(const RSA *r) |
0f113f3e | 29 | { |
8686c474 | 30 | return BN_num_bytes(r->n); |
0f113f3e | 31 | } |
72a26733 DSH |
32 | |
33 | int RSA_public_encrypt(int flen, const unsigned char *from, unsigned char *to, | |
0f113f3e MC |
34 | RSA *rsa, int padding) |
35 | { | |
8686c474 | 36 | return rsa->meth->rsa_pub_enc(flen, from, to, rsa, padding); |
0f113f3e MC |
37 | } |
38 | ||
39 | int RSA_private_encrypt(int flen, const unsigned char *from, | |
40 | unsigned char *to, RSA *rsa, int padding) | |
41 | { | |
8686c474 | 42 | return rsa->meth->rsa_priv_enc(flen, from, to, rsa, padding); |
0f113f3e MC |
43 | } |
44 | ||
45 | int RSA_private_decrypt(int flen, const unsigned char *from, | |
46 | unsigned char *to, RSA *rsa, int padding) | |
47 | { | |
8686c474 | 48 | return rsa->meth->rsa_priv_dec(flen, from, to, rsa, padding); |
0f113f3e | 49 | } |
72a26733 DSH |
50 | |
51 | int RSA_public_decrypt(int flen, const unsigned char *from, unsigned char *to, | |
0f113f3e MC |
52 | RSA *rsa, int padding) |
53 | { | |
8686c474 | 54 | return rsa->meth->rsa_pub_dec(flen, from, to, rsa, padding); |
0f113f3e | 55 | } |
72a26733 DSH |
56 | |
57 | int RSA_flags(const RSA *r) | |
0f113f3e | 58 | { |
8686c474 | 59 | return r == NULL ? 0 : r->meth->flags; |
0f113f3e | 60 | } |
72a26733 DSH |
61 | |
62 | void RSA_blinding_off(RSA *rsa) | |
0f113f3e | 63 | { |
23a1d5e9 RS |
64 | BN_BLINDING_free(rsa->blinding); |
65 | rsa->blinding = NULL; | |
0f113f3e MC |
66 | rsa->flags &= ~RSA_FLAG_BLINDING; |
67 | rsa->flags |= RSA_FLAG_NO_BLINDING; | |
68 | } | |
72a26733 DSH |
69 | |
70 | int RSA_blinding_on(RSA *rsa, BN_CTX *ctx) | |
0f113f3e MC |
71 | { |
72 | int ret = 0; | |
72a26733 | 73 | |
0f113f3e MC |
74 | if (rsa->blinding != NULL) |
75 | RSA_blinding_off(rsa); | |
72a26733 | 76 | |
0f113f3e MC |
77 | rsa->blinding = RSA_setup_blinding(rsa, ctx); |
78 | if (rsa->blinding == NULL) | |
79 | goto err; | |
72a26733 | 80 | |
0f113f3e MC |
81 | rsa->flags |= RSA_FLAG_BLINDING; |
82 | rsa->flags &= ~RSA_FLAG_NO_BLINDING; | |
83 | ret = 1; | |
84 | err: | |
8686c474 | 85 | return ret; |
0f113f3e | 86 | } |
72a26733 DSH |
87 | |
88 | static BIGNUM *rsa_get_public_exp(const BIGNUM *d, const BIGNUM *p, | |
0f113f3e | 89 | const BIGNUM *q, BN_CTX *ctx) |
72a26733 | 90 | { |
0f113f3e MC |
91 | BIGNUM *ret = NULL, *r0, *r1, *r2; |
92 | ||
93 | if (d == NULL || p == NULL || q == NULL) | |
94 | return NULL; | |
95 | ||
96 | BN_CTX_start(ctx); | |
97 | r0 = BN_CTX_get(ctx); | |
98 | r1 = BN_CTX_get(ctx); | |
99 | r2 = BN_CTX_get(ctx); | |
100 | if (r2 == NULL) | |
101 | goto err; | |
102 | ||
103 | if (!BN_sub(r1, p, BN_value_one())) | |
104 | goto err; | |
105 | if (!BN_sub(r2, q, BN_value_one())) | |
106 | goto err; | |
107 | if (!BN_mul(r0, r1, r2, ctx)) | |
108 | goto err; | |
109 | ||
110 | ret = BN_mod_inverse(NULL, d, r0, ctx); | |
111 | err: | |
112 | BN_CTX_end(ctx); | |
113 | return ret; | |
72a26733 DSH |
114 | } |
115 | ||
116 | BN_BLINDING *RSA_setup_blinding(RSA *rsa, BN_CTX *in_ctx) | |
117 | { | |
fd7d2520 | 118 | BIGNUM *e; |
0f113f3e MC |
119 | BN_CTX *ctx; |
120 | BN_BLINDING *ret = NULL; | |
121 | ||
122 | if (in_ctx == NULL) { | |
afb638f1 | 123 | if ((ctx = BN_CTX_new_ex(rsa->libctx)) == NULL) |
0f113f3e | 124 | return 0; |
90862ab4 | 125 | } else { |
0f113f3e | 126 | ctx = in_ctx; |
90862ab4 | 127 | } |
0f113f3e MC |
128 | |
129 | BN_CTX_start(ctx); | |
130 | e = BN_CTX_get(ctx); | |
131 | if (e == NULL) { | |
132 | RSAerr(RSA_F_RSA_SETUP_BLINDING, ERR_R_MALLOC_FAILURE); | |
133 | goto err; | |
134 | } | |
135 | ||
136 | if (rsa->e == NULL) { | |
137 | e = rsa_get_public_exp(rsa->d, rsa->p, rsa->q, ctx); | |
138 | if (e == NULL) { | |
139 | RSAerr(RSA_F_RSA_SETUP_BLINDING, RSA_R_NO_PUBLIC_EXPONENT); | |
140 | goto err; | |
141 | } | |
90862ab4 | 142 | } else { |
0f113f3e | 143 | e = rsa->e; |
90862ab4 | 144 | } |
0f113f3e | 145 | |
fd7d2520 | 146 | { |
5584f65a MC |
147 | BIGNUM *n = BN_new(); |
148 | ||
149 | if (n == NULL) { | |
150 | RSAerr(RSA_F_RSA_SETUP_BLINDING, ERR_R_MALLOC_FAILURE); | |
151 | goto err; | |
0f113f3e | 152 | } |
5584f65a | 153 | BN_with_flags(n, rsa->n, BN_FLG_CONSTTIME); |
0f113f3e | 154 | |
fd7d2520 MC |
155 | ret = BN_BLINDING_create_param(NULL, e, n, ctx, rsa->meth->bn_mod_exp, |
156 | rsa->_method_mod_n); | |
5584f65a MC |
157 | /* We MUST free n before any further use of rsa->n */ |
158 | BN_free(n); | |
fd7d2520 | 159 | } |
0f113f3e MC |
160 | if (ret == NULL) { |
161 | RSAerr(RSA_F_RSA_SETUP_BLINDING, ERR_R_BN_LIB); | |
162 | goto err; | |
163 | } | |
0b1a07c8 AG |
164 | |
165 | BN_BLINDING_set_current_thread(ret); | |
166 | ||
0f113f3e MC |
167 | err: |
168 | BN_CTX_end(ctx); | |
23a1d5e9 | 169 | if (ctx != in_ctx) |
0f113f3e | 170 | BN_CTX_free(ctx); |
23a1d5e9 | 171 | if (e != rsa->e) |
0f113f3e | 172 | BN_free(e); |
0f113f3e MC |
173 | |
174 | return ret; | |
72a26733 | 175 | } |