Line data Source code
1 : /* crypto/rsa/rsa_lib.c */
2 : /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 : * All rights reserved.
4 : *
5 : * This package is an SSL implementation written
6 : * by Eric Young (eay@cryptsoft.com).
7 : * The implementation was written so as to conform with Netscapes SSL.
8 : *
9 : * This library is free for commercial and non-commercial use as long as
10 : * the following conditions are aheared to. The following conditions
11 : * apply to all code found in this distribution, be it the RC4, RSA,
12 : * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 : * included with this distribution is covered by the same copyright terms
14 : * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 : *
16 : * Copyright remains Eric Young's, and as such any Copyright notices in
17 : * the code are not to be removed.
18 : * If this package is used in a product, Eric Young should be given attribution
19 : * as the author of the parts of the library used.
20 : * This can be in the form of a textual message at program startup or
21 : * in documentation (online or textual) provided with the package.
22 : *
23 : * Redistribution and use in source and binary forms, with or without
24 : * modification, are permitted provided that the following conditions
25 : * are met:
26 : * 1. Redistributions of source code must retain the copyright
27 : * notice, this list of conditions and the following disclaimer.
28 : * 2. Redistributions in binary form must reproduce the above copyright
29 : * notice, this list of conditions and the following disclaimer in the
30 : * documentation and/or other materials provided with the distribution.
31 : * 3. All advertising materials mentioning features or use of this software
32 : * must display the following acknowledgement:
33 : * "This product includes cryptographic software written by
34 : * Eric Young (eay@cryptsoft.com)"
35 : * The word 'cryptographic' can be left out if the rouines from the library
36 : * being used are not cryptographic related :-).
37 : * 4. If you include any Windows specific code (or a derivative thereof) from
38 : * the apps directory (application code) you must include an acknowledgement:
39 : * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 : *
41 : * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 : * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 : * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 : * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 : * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 : * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 : * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 : * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 : * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 : * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 : * SUCH DAMAGE.
52 : *
53 : * The licence and distribution terms for any publically available version or
54 : * derivative of this code cannot be changed. i.e. this code cannot simply be
55 : * copied and put under another distribution licence
56 : * [including the GNU Public Licence.]
57 : */
58 :
59 : #include <stdio.h>
60 : #include <openssl/crypto.h>
61 : #include "cryptlib.h"
62 : #include <openssl/lhash.h>
63 : #include <openssl/bn.h>
64 : #include <openssl/rsa.h>
65 : #include <openssl/rand.h>
66 : #ifndef OPENSSL_NO_ENGINE
67 : # include <openssl/engine.h>
68 : #endif
69 :
70 3378 : int RSA_size(const RSA *r)
71 : {
72 3378 : return (BN_num_bytes(r->n));
73 : }
74 :
75 0 : int RSA_public_encrypt(int flen, const unsigned char *from, unsigned char *to,
76 : RSA *rsa, int padding)
77 : {
78 : #ifdef OPENSSL_FIPS
79 : if (FIPS_mode() && !(rsa->meth->flags & RSA_FLAG_FIPS_METHOD)
80 : && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)) {
81 : RSAerr(RSA_F_RSA_PUBLIC_ENCRYPT, RSA_R_NON_FIPS_RSA_METHOD);
82 : return -1;
83 : }
84 : #endif
85 0 : return (rsa->meth->rsa_pub_enc(flen, from, to, rsa, padding));
86 : }
87 :
88 381 : int RSA_private_encrypt(int flen, const unsigned char *from,
89 : unsigned char *to, RSA *rsa, int padding)
90 : {
91 : #ifdef OPENSSL_FIPS
92 : if (FIPS_mode() && !(rsa->meth->flags & RSA_FLAG_FIPS_METHOD)
93 : && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)) {
94 : RSAerr(RSA_F_RSA_PRIVATE_ENCRYPT, RSA_R_NON_FIPS_RSA_METHOD);
95 : return -1;
96 : }
97 : #endif
98 381 : return (rsa->meth->rsa_priv_enc(flen, from, to, rsa, padding));
99 : }
100 :
101 0 : int RSA_private_decrypt(int flen, const unsigned char *from,
102 : unsigned char *to, RSA *rsa, int padding)
103 : {
104 : #ifdef OPENSSL_FIPS
105 : if (FIPS_mode() && !(rsa->meth->flags & RSA_FLAG_FIPS_METHOD)
106 : && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)) {
107 : RSAerr(RSA_F_RSA_PRIVATE_DECRYPT, RSA_R_NON_FIPS_RSA_METHOD);
108 : return -1;
109 : }
110 : #endif
111 0 : return (rsa->meth->rsa_priv_dec(flen, from, to, rsa, padding));
112 : }
113 :
114 746 : int RSA_public_decrypt(int flen, const unsigned char *from, unsigned char *to,
115 : RSA *rsa, int padding)
116 : {
117 : #ifdef OPENSSL_FIPS
118 : if (FIPS_mode() && !(rsa->meth->flags & RSA_FLAG_FIPS_METHOD)
119 : && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)) {
120 : RSAerr(RSA_F_RSA_PUBLIC_DECRYPT, RSA_R_NON_FIPS_RSA_METHOD);
121 : return -1;
122 : }
123 : #endif
124 746 : return (rsa->meth->rsa_pub_dec(flen, from, to, rsa, padding));
125 : }
126 :
127 438 : int RSA_flags(const RSA *r)
128 : {
129 438 : return ((r == NULL) ? 0 : r->meth->flags);
130 : }
131 :
132 0 : void RSA_blinding_off(RSA *rsa)
133 : {
134 0 : if (rsa->blinding != NULL) {
135 0 : BN_BLINDING_free(rsa->blinding);
136 0 : rsa->blinding = NULL;
137 : }
138 0 : rsa->flags &= ~RSA_FLAG_BLINDING;
139 0 : rsa->flags |= RSA_FLAG_NO_BLINDING;
140 0 : }
141 :
142 0 : int RSA_blinding_on(RSA *rsa, BN_CTX *ctx)
143 : {
144 : int ret = 0;
145 :
146 0 : if (rsa->blinding != NULL)
147 0 : RSA_blinding_off(rsa);
148 :
149 0 : rsa->blinding = RSA_setup_blinding(rsa, ctx);
150 0 : if (rsa->blinding == NULL)
151 : goto err;
152 :
153 0 : rsa->flags |= RSA_FLAG_BLINDING;
154 0 : rsa->flags &= ~RSA_FLAG_NO_BLINDING;
155 : ret = 1;
156 : err:
157 0 : return (ret);
158 : }
159 :
160 0 : static BIGNUM *rsa_get_public_exp(const BIGNUM *d, const BIGNUM *p,
161 : const BIGNUM *q, BN_CTX *ctx)
162 : {
163 : BIGNUM *ret = NULL, *r0, *r1, *r2;
164 :
165 0 : if (d == NULL || p == NULL || q == NULL)
166 : return NULL;
167 :
168 0 : BN_CTX_start(ctx);
169 0 : r0 = BN_CTX_get(ctx);
170 0 : r1 = BN_CTX_get(ctx);
171 0 : r2 = BN_CTX_get(ctx);
172 0 : if (r2 == NULL)
173 : goto err;
174 :
175 0 : if (!BN_sub(r1, p, BN_value_one()))
176 : goto err;
177 0 : if (!BN_sub(r2, q, BN_value_one()))
178 : goto err;
179 0 : if (!BN_mul(r0, r1, r2, ctx))
180 : goto err;
181 :
182 0 : ret = BN_mod_inverse(NULL, d, r0, ctx);
183 : err:
184 0 : BN_CTX_end(ctx);
185 0 : return ret;
186 : }
187 :
188 345 : BN_BLINDING *RSA_setup_blinding(RSA *rsa, BN_CTX *in_ctx)
189 : {
190 : BIGNUM local_n;
191 : BIGNUM *e, *n;
192 : BN_CTX *ctx;
193 : BN_BLINDING *ret = NULL;
194 :
195 345 : if (in_ctx == NULL) {
196 0 : if ((ctx = BN_CTX_new()) == NULL)
197 : return 0;
198 : } else
199 : ctx = in_ctx;
200 :
201 345 : BN_CTX_start(ctx);
202 345 : e = BN_CTX_get(ctx);
203 345 : if (e == NULL) {
204 0 : RSAerr(RSA_F_RSA_SETUP_BLINDING, ERR_R_MALLOC_FAILURE);
205 0 : goto err;
206 : }
207 :
208 345 : if (rsa->e == NULL) {
209 0 : e = rsa_get_public_exp(rsa->d, rsa->p, rsa->q, ctx);
210 0 : if (e == NULL) {
211 0 : RSAerr(RSA_F_RSA_SETUP_BLINDING, RSA_R_NO_PUBLIC_EXPONENT);
212 0 : goto err;
213 : }
214 : } else
215 : e = rsa->e;
216 :
217 345 : if ((RAND_status() == 0) && rsa->d != NULL && rsa->d->d != NULL) {
218 : /*
219 : * if PRNG is not properly seeded, resort to secret exponent as
220 : * unpredictable seed
221 : */
222 0 : RAND_add(rsa->d->d, rsa->d->dmax * sizeof rsa->d->d[0], 0.0);
223 : }
224 :
225 345 : if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) {
226 : /* Set BN_FLG_CONSTTIME flag */
227 : n = &local_n;
228 345 : BN_with_flags(n, rsa->n, BN_FLG_CONSTTIME);
229 : } else
230 0 : n = rsa->n;
231 :
232 690 : ret = BN_BLINDING_create_param(NULL, e, n, ctx,
233 345 : rsa->meth->bn_mod_exp, rsa->_method_mod_n);
234 345 : if (ret == NULL) {
235 0 : RSAerr(RSA_F_RSA_SETUP_BLINDING, ERR_R_BN_LIB);
236 0 : goto err;
237 : }
238 345 : CRYPTO_THREADID_current(BN_BLINDING_thread_id(ret));
239 : err:
240 345 : BN_CTX_end(ctx);
241 345 : if (in_ctx == NULL)
242 0 : BN_CTX_free(ctx);
243 345 : if (rsa->e == NULL)
244 0 : BN_free(e);
245 :
246 345 : return ret;
247 : }
|