rsa_crpt.c 7.9 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248
  1. /* crypto/rsa/rsa_lib.c */
  2. /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  3. * All rights reserved.
  4. *
  5. * This package is an SSL implementation written
  6. * by Eric Young (eay@cryptsoft.com).
  7. * The implementation was written so as to conform with Netscapes SSL.
  8. *
  9. * This library is free for commercial and non-commercial use as long as
  10. * the following conditions are aheared to. The following conditions
  11. * apply to all code found in this distribution, be it the RC4, RSA,
  12. * lhash, DES, etc., code; not just the SSL code. The SSL documentation
  13. * included with this distribution is covered by the same copyright terms
  14. * except that the holder is Tim Hudson (tjh@cryptsoft.com).
  15. *
  16. * Copyright remains Eric Young's, and as such any Copyright notices in
  17. * the code are not to be removed.
  18. * If this package is used in a product, Eric Young should be given attribution
  19. * as the author of the parts of the library used.
  20. * This can be in the form of a textual message at program startup or
  21. * in documentation (online or textual) provided with the package.
  22. *
  23. * Redistribution and use in source and binary forms, with or without
  24. * modification, are permitted provided that the following conditions
  25. * are met:
  26. * 1. Redistributions of source code must retain the copyright
  27. * notice, this list of conditions and the following disclaimer.
  28. * 2. Redistributions in binary form must reproduce the above copyright
  29. * notice, this list of conditions and the following disclaimer in the
  30. * documentation and/or other materials provided with the distribution.
  31. * 3. All advertising materials mentioning features or use of this software
  32. * must display the following acknowledgement:
  33. * "This product includes cryptographic software written by
  34. * Eric Young (eay@cryptsoft.com)"
  35. * The word 'cryptographic' can be left out if the rouines from the library
  36. * being used are not cryptographic related :-).
  37. * 4. If you include any Windows specific code (or a derivative thereof) from
  38. * the apps directory (application code) you must include an acknowledgement:
  39. * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
  40. *
  41. * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  42. * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  43. * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  44. * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
  45. * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  46. * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  47. * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  48. * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  49. * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  50. * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  51. * SUCH DAMAGE.
  52. *
  53. * The licence and distribution terms for any publically available version or
  54. * derivative of this code cannot be changed. i.e. this code cannot simply be
  55. * copied and put under another distribution licence
  56. * [including the GNU Public Licence.]
  57. */
  58. #include <stdio.h>
  59. #include <openssl/crypto.h>
  60. #include "cryptlib.h"
  61. #include <openssl/lhash.h>
  62. #include <openssl/bn.h>
  63. #include <openssl/rsa.h>
  64. #include <openssl/rand.h>
  65. #ifndef OPENSSL_NO_ENGINE
  66. # include <openssl/engine.h>
  67. #endif
  68. int RSA_size(const RSA *r)
  69. {
  70. return (BN_num_bytes(r->n));
  71. }
  72. int RSA_public_encrypt(int flen, const unsigned char *from, unsigned char *to,
  73. RSA *rsa, int padding)
  74. {
  75. #ifdef OPENSSL_FIPS
  76. if (FIPS_mode() && !(rsa->meth->flags & RSA_FLAG_FIPS_METHOD)
  77. && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)) {
  78. RSAerr(RSA_F_RSA_PUBLIC_ENCRYPT, RSA_R_NON_FIPS_RSA_METHOD);
  79. return -1;
  80. }
  81. #endif
  82. return (rsa->meth->rsa_pub_enc(flen, from, to, rsa, padding));
  83. }
  84. int RSA_private_encrypt(int flen, const unsigned char *from,
  85. unsigned char *to, RSA *rsa, int padding)
  86. {
  87. #ifdef OPENSSL_FIPS
  88. if (FIPS_mode() && !(rsa->meth->flags & RSA_FLAG_FIPS_METHOD)
  89. && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)) {
  90. RSAerr(RSA_F_RSA_PRIVATE_ENCRYPT, RSA_R_NON_FIPS_RSA_METHOD);
  91. return -1;
  92. }
  93. #endif
  94. return (rsa->meth->rsa_priv_enc(flen, from, to, rsa, padding));
  95. }
  96. int RSA_private_decrypt(int flen, const unsigned char *from,
  97. unsigned char *to, RSA *rsa, int padding)
  98. {
  99. #ifdef OPENSSL_FIPS
  100. if (FIPS_mode() && !(rsa->meth->flags & RSA_FLAG_FIPS_METHOD)
  101. && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)) {
  102. RSAerr(RSA_F_RSA_PRIVATE_DECRYPT, RSA_R_NON_FIPS_RSA_METHOD);
  103. return -1;
  104. }
  105. #endif
  106. return (rsa->meth->rsa_priv_dec(flen, from, to, rsa, padding));
  107. }
  108. int RSA_public_decrypt(int flen, const unsigned char *from, unsigned char *to,
  109. RSA *rsa, int padding)
  110. {
  111. #ifdef OPENSSL_FIPS
  112. if (FIPS_mode() && !(rsa->meth->flags & RSA_FLAG_FIPS_METHOD)
  113. && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)) {
  114. RSAerr(RSA_F_RSA_PUBLIC_DECRYPT, RSA_R_NON_FIPS_RSA_METHOD);
  115. return -1;
  116. }
  117. #endif
  118. return (rsa->meth->rsa_pub_dec(flen, from, to, rsa, padding));
  119. }
  120. int RSA_flags(const RSA *r)
  121. {
  122. return ((r == NULL) ? 0 : r->meth->flags);
  123. }
  124. void RSA_blinding_off(RSA *rsa)
  125. {
  126. if (rsa->blinding != NULL) {
  127. BN_BLINDING_free(rsa->blinding);
  128. rsa->blinding = NULL;
  129. }
  130. rsa->flags &= ~RSA_FLAG_BLINDING;
  131. rsa->flags |= RSA_FLAG_NO_BLINDING;
  132. }
  133. int RSA_blinding_on(RSA *rsa, BN_CTX *ctx)
  134. {
  135. int ret = 0;
  136. if (rsa->blinding != NULL)
  137. RSA_blinding_off(rsa);
  138. rsa->blinding = RSA_setup_blinding(rsa, ctx);
  139. if (rsa->blinding == NULL)
  140. goto err;
  141. rsa->flags |= RSA_FLAG_BLINDING;
  142. rsa->flags &= ~RSA_FLAG_NO_BLINDING;
  143. ret = 1;
  144. err:
  145. return (ret);
  146. }
  147. static BIGNUM *rsa_get_public_exp(const BIGNUM *d, const BIGNUM *p,
  148. const BIGNUM *q, BN_CTX *ctx)
  149. {
  150. BIGNUM *ret = NULL, *r0, *r1, *r2;
  151. if (d == NULL || p == NULL || q == NULL)
  152. return NULL;
  153. BN_CTX_start(ctx);
  154. r0 = BN_CTX_get(ctx);
  155. r1 = BN_CTX_get(ctx);
  156. r2 = BN_CTX_get(ctx);
  157. if (r2 == NULL)
  158. goto err;
  159. if (!BN_sub(r1, p, BN_value_one()))
  160. goto err;
  161. if (!BN_sub(r2, q, BN_value_one()))
  162. goto err;
  163. if (!BN_mul(r0, r1, r2, ctx))
  164. goto err;
  165. ret = BN_mod_inverse(NULL, d, r0, ctx);
  166. err:
  167. BN_CTX_end(ctx);
  168. return ret;
  169. }
  170. BN_BLINDING *RSA_setup_blinding(RSA *rsa, BN_CTX *in_ctx)
  171. {
  172. BIGNUM local_n;
  173. BIGNUM *e, *n;
  174. BN_CTX *ctx;
  175. BN_BLINDING *ret = NULL;
  176. if (in_ctx == NULL) {
  177. if ((ctx = BN_CTX_new()) == NULL)
  178. return 0;
  179. } else
  180. ctx = in_ctx;
  181. BN_CTX_start(ctx);
  182. e = BN_CTX_get(ctx);
  183. if (e == NULL) {
  184. RSAerr(RSA_F_RSA_SETUP_BLINDING, ERR_R_MALLOC_FAILURE);
  185. goto err;
  186. }
  187. if (rsa->e == NULL) {
  188. e = rsa_get_public_exp(rsa->d, rsa->p, rsa->q, ctx);
  189. if (e == NULL) {
  190. RSAerr(RSA_F_RSA_SETUP_BLINDING, RSA_R_NO_PUBLIC_EXPONENT);
  191. goto err;
  192. }
  193. } else
  194. e = rsa->e;
  195. if ((RAND_status() == 0) && rsa->d != NULL && rsa->d->d != NULL) {
  196. /*
  197. * if PRNG is not properly seeded, resort to secret exponent as
  198. * unpredictable seed
  199. */
  200. RAND_add(rsa->d->d, rsa->d->dmax * sizeof rsa->d->d[0], 0.0);
  201. }
  202. if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) {
  203. /* Set BN_FLG_CONSTTIME flag */
  204. n = &local_n;
  205. BN_with_flags(n, rsa->n, BN_FLG_CONSTTIME);
  206. } else
  207. n = rsa->n;
  208. ret = BN_BLINDING_create_param(NULL, e, n, ctx,
  209. rsa->meth->bn_mod_exp, rsa->_method_mod_n);
  210. if (ret == NULL) {
  211. RSAerr(RSA_F_RSA_SETUP_BLINDING, ERR_R_BN_LIB);
  212. goto err;
  213. }
  214. CRYPTO_THREADID_current(BN_BLINDING_thread_id(ret));
  215. err:
  216. BN_CTX_end(ctx);
  217. if (in_ctx == NULL)
  218. BN_CTX_free(ctx);
  219. if (rsa->e == NULL)
  220. BN_free(e);
  221. return ret;
  222. }