[thirdparty/openssl.git] / crypto / rsa / rsa_crpt.c

/*
 * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the OpenSSL license (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

#include <stdio.h>
#include <openssl/crypto.h>
#include "internal/cryptlib.h"
#include "internal/bn_int.h"
#include <openssl/rand.h>
#include "rsa_locl.h"

int RSA_bits(const RSA *r)
{
    return BN_num_bits(r->n);
}

int RSA_size(const RSA *r)
{
    return BN_num_bytes(r->n);
}

int RSA_public_encrypt(int flen, const unsigned char *from, unsigned char *to,
                       RSA *rsa, int padding)
{
    return rsa->meth->rsa_pub_enc(flen, from, to, rsa, padding);
}

int RSA_private_encrypt(int flen, const unsigned char *from,
                        unsigned char *to, RSA *rsa, int padding)
{
    return rsa->meth->rsa_priv_enc(flen, from, to, rsa, padding);
}

int RSA_private_decrypt(int flen, const unsigned char *from,
                        unsigned char *to, RSA *rsa, int padding)
{
    return rsa->meth->rsa_priv_dec(flen, from, to, rsa, padding);
}

int RSA_public_decrypt(int flen, const unsigned char *from, unsigned char *to,
                       RSA *rsa, int padding)
{
    return rsa->meth->rsa_pub_dec(flen, from, to, rsa, padding);
}

int RSA_flags(const RSA *r)
{
    return r == NULL ? 0 : r->meth->flags;
}

void RSA_blinding_off(RSA *rsa)
{
    BN_BLINDING_free(rsa->blinding);
    rsa->blinding = NULL;
    rsa->flags &= ~RSA_FLAG_BLINDING;
    rsa->flags |= RSA_FLAG_NO_BLINDING;
}

int RSA_blinding_on(RSA *rsa, BN_CTX *ctx)
{
    int ret = 0;

    if (rsa->blinding != NULL)
        RSA_blinding_off(rsa);

    rsa->blinding = RSA_setup_blinding(rsa, ctx);
    if (rsa->blinding == NULL)
        goto err;

    rsa->flags |= RSA_FLAG_BLINDING;
    rsa->flags &= ~RSA_FLAG_NO_BLINDING;
    ret = 1;
 err:
    return ret;
}

static BIGNUM *rsa_get_public_exp(const BIGNUM *d, const BIGNUM *p,
                                  const BIGNUM *q, BN_CTX *ctx)
{
    BIGNUM *ret = NULL, *r0, *r1, *r2;

    if (d == NULL || p == NULL || q == NULL)
        return NULL;

    BN_CTX_start(ctx);
    r0 = BN_CTX_get(ctx);
    r1 = BN_CTX_get(ctx);
    r2 = BN_CTX_get(ctx);
    if (r2 == NULL)
        goto err;

    if (!BN_sub(r1, p, BN_value_one()))
        goto err;
    if (!BN_sub(r2, q, BN_value_one()))
        goto err;
    if (!BN_mul(r0, r1, r2, ctx))
        goto err;

    ret = BN_mod_inverse(NULL, d, r0, ctx);
 err:
    BN_CTX_end(ctx);
    return ret;
}

BN_BLINDING *RSA_setup_blinding(RSA *rsa, BN_CTX *in_ctx)
{
    BIGNUM *e;
    BN_CTX *ctx;
    BN_BLINDING *ret = NULL;

    if (in_ctx == NULL) {
        if ((ctx = BN_CTX_new()) == NULL)
            return 0;
    } else {
        ctx = in_ctx;
    }

    BN_CTX_start(ctx);
    e = BN_CTX_get(ctx);
    if (e == NULL) {
        RSAerr(RSA_F_RSA_SETUP_BLINDING, ERR_R_MALLOC_FAILURE);
        goto err;
    }

    if (rsa->e == NULL) {
        e = rsa_get_public_exp(rsa->d, rsa->p, rsa->q, ctx);
        if (e == NULL) {
            RSAerr(RSA_F_RSA_SETUP_BLINDING, RSA_R_NO_PUBLIC_EXPONENT);
            goto err;
        }
    } else {
        e = rsa->e;
    }

    {
        BIGNUM *n = BN_new();

        if (n == NULL) {
            RSAerr(RSA_F_RSA_SETUP_BLINDING, ERR_R_MALLOC_FAILURE);
            goto err;
        }
        BN_with_flags(n, rsa->n, BN_FLG_CONSTTIME);

        ret = BN_BLINDING_create_param(NULL, e, n, ctx, rsa->meth->bn_mod_exp,
                                       rsa->_method_mod_n);
        /* We MUST free n before any further use of rsa->n */
        BN_free(n);
    }
    if (ret == NULL) {
        RSAerr(RSA_F_RSA_SETUP_BLINDING, ERR_R_BN_LIB);
        goto err;
    }

    BN_BLINDING_set_current_thread(ret);

 err:
    BN_CTX_end(ctx);
    if (ctx != in_ctx)
        BN_CTX_free(ctx);
    if (e != rsa->e)
        BN_free(e);

    return ret;
}
Commit	Line	Data
2039c421	1	/*
8686c474	2	* Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
72a26733	3	*
2039c421 RS	4	* Licensed under the OpenSSL license (the "License"). You may not use
	5	* this file except in compliance with the License. You can obtain a copy
	6	* in the file LICENSE in the source distribution or at
	7	* https://www.openssl.org/source/license.html
72a26733 DSH	8	*/
	9
	10	#include <stdio.h>
	11	#include <openssl/crypto.h>
b39fc560	12	#include "internal/cryptlib.h"
18125f7f	13	#include "internal/bn_int.h"
72a26733	14	#include <openssl/rand.h>
9862e9aa	15	#include "rsa_locl.h"
72a26733	16
26c79d56 KR	17	int RSA_bits(const RSA *r)
26c79d56 KR	18	{
8686c474	19	return BN_num_bits(r->n);
26c79d56 KR	20	}
26c79d56 KR	21
72a26733	22	int RSA_size(const RSA *r)
0f113f3e	23	{
8686c474	24	return BN_num_bytes(r->n);
0f113f3e	25	}
72a26733 DSH	26
72a26733 DSH	27	int RSA_public_encrypt(int flen, const unsigned char from, unsigned char to,
0f113f3e MC	28	RSA *rsa, int padding)
0f113f3e MC	29	{
8686c474	30	return rsa->meth->rsa_pub_enc(flen, from, to, rsa, padding);
0f113f3e MC	31	}
	32
	33	int RSA_private_encrypt(int flen, const unsigned char *from,
	34	unsigned char to, RSA rsa, int padding)
	35	{
8686c474	36	return rsa->meth->rsa_priv_enc(flen, from, to, rsa, padding);
0f113f3e MC	37	}
	38
	39	int RSA_private_decrypt(int flen, const unsigned char *from,
	40	unsigned char to, RSA rsa, int padding)
	41	{
8686c474	42	return rsa->meth->rsa_priv_dec(flen, from, to, rsa, padding);
0f113f3e	43	}
72a26733 DSH	44
72a26733 DSH	45	int RSA_public_decrypt(int flen, const unsigned char from, unsigned char to,
0f113f3e MC	46	RSA *rsa, int padding)
0f113f3e MC	47	{
8686c474	48	return rsa->meth->rsa_pub_dec(flen, from, to, rsa, padding);
0f113f3e	49	}
72a26733 DSH	50
72a26733 DSH	51	int RSA_flags(const RSA *r)
0f113f3e	52	{
8686c474	53	return r == NULL ? 0 : r->meth->flags;
0f113f3e	54	}
72a26733 DSH	55
72a26733 DSH	56	void RSA_blinding_off(RSA *rsa)
0f113f3e	57	{
23a1d5e9 RS	58	BN_BLINDING_free(rsa->blinding);
23a1d5e9 RS	59	rsa->blinding = NULL;
0f113f3e MC	60	rsa->flags &= ~RSA_FLAG_BLINDING;
	61	rsa->flags \|= RSA_FLAG_NO_BLINDING;
	62	}
72a26733 DSH	63
72a26733 DSH	64	int RSA_blinding_on(RSA rsa, BN_CTX ctx)
0f113f3e MC	65	{
0f113f3e MC	66	int ret = 0;
72a26733	67
0f113f3e MC	68	if (rsa->blinding != NULL)
0f113f3e MC	69	RSA_blinding_off(rsa);
72a26733	70
0f113f3e MC	71	rsa->blinding = RSA_setup_blinding(rsa, ctx);
	72	if (rsa->blinding == NULL)
	73	goto err;
72a26733	74
0f113f3e MC	75	rsa->flags \|= RSA_FLAG_BLINDING;
	76	rsa->flags &= ~RSA_FLAG_NO_BLINDING;
	77	ret = 1;
	78	err:
8686c474	79	return ret;
0f113f3e	80	}
72a26733 DSH	81
72a26733 DSH	82	static BIGNUM rsa_get_public_exp(const BIGNUM d, const BIGNUM *p,
0f113f3e	83	const BIGNUM q, BN_CTX ctx)
72a26733	84	{
0f113f3e MC	85	BIGNUM ret = NULL, r0, r1, r2;
	86
	87	if (d == NULL \|\| p == NULL \|\| q == NULL)
	88	return NULL;
	89
	90	BN_CTX_start(ctx);
	91	r0 = BN_CTX_get(ctx);
	92	r1 = BN_CTX_get(ctx);
	93	r2 = BN_CTX_get(ctx);
	94	if (r2 == NULL)
	95	goto err;
	96
	97	if (!BN_sub(r1, p, BN_value_one()))
	98	goto err;
	99	if (!BN_sub(r2, q, BN_value_one()))
	100	goto err;
	101	if (!BN_mul(r0, r1, r2, ctx))
	102	goto err;
	103
	104	ret = BN_mod_inverse(NULL, d, r0, ctx);
	105	err:
	106	BN_CTX_end(ctx);
	107	return ret;
72a26733 DSH	108	}
	109
	110	BN_BLINDING RSA_setup_blinding(RSA rsa, BN_CTX *in_ctx)
	111	{
fd7d2520	112	BIGNUM *e;
0f113f3e MC	113	BN_CTX *ctx;
	114	BN_BLINDING *ret = NULL;
	115
	116	if (in_ctx == NULL) {
	117	if ((ctx = BN_CTX_new()) == NULL)
	118	return 0;
90862ab4	119	} else {
0f113f3e	120	ctx = in_ctx;
90862ab4	121	}
0f113f3e MC	122
	123	BN_CTX_start(ctx);
	124	e = BN_CTX_get(ctx);
	125	if (e == NULL) {
	126	RSAerr(RSA_F_RSA_SETUP_BLINDING, ERR_R_MALLOC_FAILURE);
	127	goto err;
	128	}
	129
	130	if (rsa->e == NULL) {
	131	e = rsa_get_public_exp(rsa->d, rsa->p, rsa->q, ctx);
	132	if (e == NULL) {
	133	RSAerr(RSA_F_RSA_SETUP_BLINDING, RSA_R_NO_PUBLIC_EXPONENT);
	134	goto err;
	135	}
90862ab4	136	} else {
0f113f3e	137	e = rsa->e;
90862ab4	138	}
0f113f3e	139
fd7d2520	140	{
5584f65a MC	141	BIGNUM *n = BN_new();
	142
	143	if (n == NULL) {
	144	RSAerr(RSA_F_RSA_SETUP_BLINDING, ERR_R_MALLOC_FAILURE);
	145	goto err;
0f113f3e	146	}
5584f65a	147	BN_with_flags(n, rsa->n, BN_FLG_CONSTTIME);
0f113f3e	148
fd7d2520 MC	149	ret = BN_BLINDING_create_param(NULL, e, n, ctx, rsa->meth->bn_mod_exp,
fd7d2520 MC	150	rsa->_method_mod_n);
5584f65a MC	151	/* We MUST free n before any further use of rsa->n */
5584f65a MC	152	BN_free(n);
fd7d2520	153	}
0f113f3e MC	154	if (ret == NULL) {
	155	RSAerr(RSA_F_RSA_SETUP_BLINDING, ERR_R_BN_LIB);
	156	goto err;
	157	}
0b1a07c8 AG	158
	159	BN_BLINDING_set_current_thread(ret);
	160
0f113f3e MC	161	err:
0f113f3e MC	162	BN_CTX_end(ctx);
23a1d5e9	163	if (ctx != in_ctx)
0f113f3e	164	BN_CTX_free(ctx);
23a1d5e9	165	if (e != rsa->e)
0f113f3e	166	BN_free(e);
0f113f3e MC	167
0f113f3e MC	168	return ret;
72a26733	169	}