Lines Matching refs:RSA
10 * apply to all code found in this distribution, be it the RC4, RSA,
57 #include <openssl/rsa.h>
76 size_t rsa_default_size(const RSA *rsa) {
77 return BN_num_bytes(rsa->n);
80 int rsa_default_encrypt(RSA *rsa, size_t *out_len, uint8_t *out, size_t max_out,
82 const unsigned rsa_size = RSA_size(rsa);
89 OPENSSL_PUT_ERROR(RSA, RSA_R_MODULUS_TOO_LARGE);
94 OPENSSL_PUT_ERROR(RSA, RSA_R_OUTPUT_BUFFER_TOO_SMALL);
98 if (BN_ucmp(rsa->n, rsa->e) <= 0) {
99 OPENSSL_PUT_ERROR(RSA, RSA_R_BAD_E_VALUE);
104 if (BN_num_bits(rsa->n) > OPENSSL_RSA_SMALL_MODULUS_BITS &&
105 BN_num_bits(rsa->e) > OPENSSL_RSA_MAX_PUBEXP_BITS) {
106 OPENSSL_PUT_ERROR(RSA, RSA_R_BAD_E_VALUE);
120 OPENSSL_PUT_ERROR(RSA, ERR_R_MALLOC_FAILURE);
137 OPENSSL_PUT_ERROR(RSA, RSA_R_UNKNOWN_PADDING_TYPE);
149 if (BN_ucmp(f, rsa->n) >= 0) {
151 OPENSSL_PUT_ERROR(RSA, RSA_R_DATA_TOO_LARGE_FOR_MODULUS);
155 if (rsa->flags & RSA_FLAG_CACHE_PUBLIC) {
156 if (BN_MONT_CTX_set_locked(&rsa->mont_n, &rsa->lock, rsa->n, ctx) == NULL) {
161 if (!rsa->meth->bn_mod_exp(result, f, rsa->e, rsa->n, ctx, rsa->mont_n)) {
168 OPENSSL_PUT_ERROR(RSA, ERR_R_INTERNAL_ERROR);
189 * RSA*. Then this limit is exceeded, BN_BLINDING objects will be created and
193 /* rsa_blinding_get returns a BN_BLINDING to use with |rsa|. It does this by
194 * allocating one of the cached BN_BLINDING objects in |rsa->blindings|. If
200 static BN_BLINDING *rsa_blinding_get(RSA *rsa, unsigned *index_used,
207 CRYPTO_MUTEX_lock_write(&rsa->lock);
210 for (i = 0; i < rsa->num_blindings; i++) {
211 if (rsa->blindings_inuse[i] == 0) {
212 rsa->blindings_inuse[i] = 1;
213 ret = rsa->blindings[i];
220 CRYPTO_MUTEX_unlock(&rsa->lock);
224 overflow = rsa->num_blindings >= MAX_BLINDINGS_PER_RSA;
229 CRYPTO_MUTEX_unlock(&rsa->lock);
230 ret = rsa_setup_blinding(rsa, ctx);
242 CRYPTO_MUTEX_lock_write(&rsa->lock);
245 OPENSSL_malloc(sizeof(BN_BLINDING *) * (rsa->num_blindings + 1));
249 memcpy(new_blindings, rsa->blindings,
250 sizeof(BN_BLINDING *) * rsa->num_blindings);
251 new_blindings[rsa->num_blindings] = ret;
253 new_blindings_inuse = OPENSSL_malloc(rsa->num_blindings + 1);
257 memcpy(new_blindings_inuse, rsa->blindings_inuse, rsa->num_blindings);
258 new_blindings_inuse[rsa->num_blindings] = 1;
259 *index_used = rsa->num_blindings;
261 OPENSSL_free(rsa->blindings);
262 rsa->blindings = new_blindings;
263 OPENSSL_free(rsa->blindings_inuse);
264 rsa->blindings_inuse = new_blindings_inuse;
265 rsa->num_blindings++;
267 CRYPTO_MUTEX_unlock(&rsa->lock);
274 CRYPTO_MUTEX_unlock(&rsa->lock);
281 static void rsa_blinding_release(RSA *rsa, BN_BLINDING *blinding,
289 CRYPTO_MUTEX_lock_write(&rsa->lock);
290 rsa->blindings_inuse[blinding_index] = 0;
291 CRYPTO_MUTEX_unlock(&rsa->lock);
295 int rsa_default_sign_raw(RSA *rsa, size_t *out_len, uint8_t *out,
298 const unsigned rsa_size = RSA_size(rsa);
303 OPENSSL_PUT_ERROR(RSA, RSA_R_OUTPUT_BUFFER_TOO_SMALL);
309 OPENSSL_PUT_ERROR(RSA, ERR_R_MALLOC_FAILURE);
321 OPENSSL_PUT_ERROR(RSA, RSA_R_UNKNOWN_PADDING_TYPE);
329 if (!RSA_private_transform(rsa, out, buf, rsa_size)) {
345 int rsa_default_decrypt(RSA *rsa, size_t *out_len, uint8_t *out, size_t max_out,
347 const unsigned rsa_size = RSA_size(rsa);
353 OPENSSL_PUT_ERROR(RSA, RSA_R_OUTPUT_BUFFER_TOO_SMALL);
363 OPENSSL_PUT_ERROR(RSA, ERR_R_MALLOC_FAILURE);
369 OPENSSL_PUT_ERROR(RSA, RSA_R_DATA_LEN_NOT_EQUAL_TO_MOD_LEN);
373 if (!RSA_private_transform(rsa, buf, in, rsa_size)) {
390 OPENSSL_PUT_ERROR(RSA, RSA_R_UNKNOWN_PADDING_TYPE);
395 OPENSSL_PUT_ERROR(RSA, RSA_R_PADDING_CHECK_FAILED);
410 int rsa_default_verify_raw(RSA *rsa, size_t *out_len, uint8_t *out,
413 const unsigned rsa_size = RSA_size(rsa);
420 if (BN_num_bits(rsa->n) > OPENSSL_RSA_MAX_MODULUS_BITS) {
421 OPENSSL_PUT_ERROR(RSA, RSA_R_MODULUS_TOO_LARGE);
425 if (BN_ucmp(rsa->n, rsa->e) <= 0) {
426 OPENSSL_PUT_ERROR(RSA, RSA_R_BAD_E_VALUE);
431 OPENSSL_PUT_ERROR(RSA, RSA_R_OUTPUT_BUFFER_TOO_SMALL);
436 if (BN_num_bits(rsa->n) > OPENSSL_RSA_SMALL_MODULUS_BITS &&
437 BN_num_bits(rsa->e) > OPENSSL_RSA_MAX_PUBEXP_BITS) {
438 OPENSSL_PUT_ERROR(RSA, RSA_R_BAD_E_VALUE);
456 OPENSSL_PUT_ERROR(RSA, ERR_R_MALLOC_FAILURE);
461 OPENSSL_PUT_ERROR(RSA, ERR_R_MALLOC_FAILURE);
466 OPENSSL_PUT_ERROR(RSA, RSA_R_DATA_LEN_NOT_EQUAL_TO_MOD_LEN);
474 if (BN_ucmp(f, rsa->n) >= 0) {
475 OPENSSL_PUT_ERROR(RSA, RSA_R_DATA_TOO_LARGE_FOR_MODULUS);
479 if (rsa->flags & RSA_FLAG_CACHE_PUBLIC) {
480 if (BN_MONT_CTX_set_locked(&rsa->mont_n, &rsa->lock, rsa->n, ctx) == NULL) {
485 if (!rsa->meth->bn_mod_exp(result, f, rsa->e, rsa->n, ctx, rsa->mont_n)) {
490 OPENSSL_PUT_ERROR(RSA, ERR_R_INTERNAL_ERROR);
502 OPENSSL_PUT_ERROR(RSA, RSA_R_UNKNOWN_PADDING_TYPE);
507 OPENSSL_PUT_ERROR(RSA, RSA_R_PADDING_CHECK_FAILED);
525 int rsa_default_private_transform(RSA *rsa, uint8_t *out, const uint8_t *in,
542 OPENSSL_PUT_ERROR(RSA, ERR_R_MALLOC_FAILURE);
550 if (BN_ucmp(f, rsa->n) >= 0) {
552 OPENSSL_PUT_ERROR(RSA, RSA_R_DATA_TOO_LARGE_FOR_MODULUS);
556 if (!(rsa->flags & RSA_FLAG_NO_BLINDING)) {
557 blinding = rsa_blinding_get(rsa, &blinding_index, ctx);
559 OPENSSL_PUT_ERROR(RSA, ERR_R_INTERNAL_ERROR);
567 if ((rsa->flags & RSA_FLAG_EXT_PKEY) ||
568 ((rsa->p != NULL) && (rsa->q != NULL) && (rsa->dmp1 != NULL) &&
569 (rsa->dmq1 != NULL) && (rsa->iqmp != NULL))) {
570 if (!rsa->meth->mod_exp(result, f, rsa, ctx)) {
579 BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME);
581 if (rsa->flags & RSA_FLAG_CACHE_PUBLIC) {
582 if (BN_MONT_CTX_set_locked(&rsa->mont_n, &rsa->lock, rsa->n, ctx) ==
588 if (!rsa->meth->bn_mod_exp(result, f, d, rsa->n, ctx, rsa
600 OPENSSL_PUT_ERROR(RSA, ERR_R_INTERNAL_ERROR);
612 rsa_blinding_release(rsa, blinding, blinding_index);
618 static int mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) {
625 if (rsa->additional_primes != NULL) {
626 num_additional_primes = sk_RSA_additional_prime_num(rsa->additional_primes);
642 BN_with_flags(p, rsa->p, BN_FLG_CONSTTIME);
646 BN_with_flags(q, rsa->q, BN_FLG_CONSTTIME);
648 if (rsa->flags & RSA_FLAG_CACHE_PRIVATE) {
649 if (BN_MONT_CTX_set_locked(&rsa->mont_p, &rsa->lock, p, ctx) == NULL) {
652 if (BN_MONT_CTX_set_locked(&rsa->mont_q, &rsa->lock, q, ctx) == NULL) {
658 if (rsa->flags & RSA_FLAG_CACHE_PUBLIC) {
659 if (BN_MONT_CTX_set_locked(&rsa->mont_n, &rsa->lock, rsa->n, ctx) == NULL) {
667 if (!BN_mod(r1, c, rsa->q, ctx)) {
673 BN_with_flags(dmq1, rsa->dmq1, BN_FLG_CONSTTIME);
674 if (!rsa->meth->bn_mod_exp(m1, r1, dmq1, rsa->q, ctx, rsa->mont_q)) {
681 if (!BN_mod(r1, c, rsa->p, ctx)) {
687 BN_with_flags(dmp1, rsa->dmp1, BN_FLG_CONSTTIME);
688 if (!rsa->meth->bn_mod_exp(r0, r1, dmp1, rsa->p, ctx, rsa->mont_p)) {
698 if (!BN_add(r0, r0, rsa->p)) {
703 if (!BN_mul(r1, r0, rsa->iqmp, ctx)) {
711 if (!BN_mod(r0, pr1, rsa->p, ctx)) {
722 if (!BN_add(r0, r0, rsa->p)) {
726 if (!BN_mul(r1, r0, rsa->q, ctx)) {
734 /* multi-prime RSA. */
738 sk_RSA_additional_prime_value(rsa->additional_primes, i);
748 if ((rsa->flags & RSA_FLAG_CACHE_PRIVATE) &&
749 !BN_MONT_CTX_set_locked(&ap->mont, &rsa->lock, prime, ctx)) {
753 if (!rsa->meth->bn_mod_exp(m1, r1, exp, prime, ctx, ap->mont)) {
769 if (rsa->e && rsa->n) {
770 if (!rsa->meth->bn_mod_exp(vrfy, r0, rsa->e, rsa->n, ctx, rsa->mont_n)) {
773 /* If 'I' was greater than (or equal to) rsa->n, the operation
780 if (!BN_mod(vrfy, vrfy, rsa->n, ctx)) {
784 if (!BN_add(vrfy, vrfy, rsa->n)) {
797 BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME);
798 if (!rsa->meth->bn_mod_exp(r0, I, d, rsa->n, ctx, rsa->mont_n)) {
810 int rsa_default_multi_prime_keygen(RSA *rsa, int bits, int num_primes,
821 OPENSSL_PUT_ERROR(RSA, RSA_R_MUST_HAVE_AT_LEAST_TWO_PRIMES);
865 /* We need the RSA components non-NULL */
866 if (!rsa->n && ((rsa->n = BN_new()) == NULL)) {
869 if (!rsa->d && ((rsa->d = BN_new()) == NULL)) {
872 if (!rsa->e && ((rsa->e = BN_new()) == NULL)) {
875 if (!rsa->p && ((rsa->p = BN_new()) == NULL)) {
878 if (!rsa->q && ((rsa->q = BN_new()) == NULL)) {
881 if (!rsa->dmp1 && ((rsa->dmp1 = BN_new()) == NULL)) {
884 if (!rsa->dmq1 && ((rsa->dmq1 = BN_new()) == NULL)) {
887 if (!rsa->iqmp && ((rsa->iqmp = BN_new()) == NULL)) {
891 if (!BN_copy(rsa->e, e_value)) {
898 if (!BN_generate_prime_ex(rsa->p, prime_bits, 0, NULL, NULL, cb) ||
899 !BN_sub(r2, rsa->p, BN_value_one()) ||
900 !BN_gcd(r1, r2, rsa->e, ctx)) {
920 if (!BN_generate_prime_ex(rsa->q, prime_bits, 0, NULL, NULL, cb)) {
923 } while ((BN_cmp(rsa->p, rsa->q) == 0) && (++degenerate < 3));
926 OPENSSL_PUT_ERROR(RSA, RSA_R_KEY_SIZE_TOO_SMALL);
929 if (!BN_sub(r2, rsa->q, BN_value_one()) ||
930 !BN_gcd(r1, r2, rsa->e, ctx)) {
942 !BN_mul(rsa->n, rsa->p, rsa->q, ctx)) {
949 prime_bits = ((bits - BN_num_bits(rsa->n)) + (num_primes - (i + 1))) /
956 if (BN_cmp(rsa->p, ap->prime) == 0 ||
957 BN_cmp(rsa->q, ap->prime) == 0) {
972 !BN_gcd(r1, r2, rsa->e, ctx)) {
987 if (!BN_mul(r1, rsa->n, ap->prime, ctx)) {
1001 if (!BN_copy(ap->r, rsa->n)) {
1007 if (!BN_copy(rsa->n, r1)) {
1010 } else if (!BN_mul(rsa->n, rsa->n, ap->prime, ctx)) {
1019 if (BN_cmp(rsa->p, rsa->q) < 0) {
1020 tmp = rsa->p;
1021 rsa->p = rsa->q;
1022 rsa->q = tmp;
1026 if (!BN_sub(r1, rsa->p, BN_value_one())) {
1029 if (!BN_sub(r2, rsa->q, BN_value_one())) {
1045 if (!BN_mod_inverse(rsa->d, rsa->e, pr0, ctx)) {
1051 BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME);
1054 if (!BN_mod(rsa->dmp1, d, r1, ctx)) {
1059 if (!BN_mod(rsa->dmq1, d, r2, ctx)) {
1065 BN_with_flags(p, rsa->p, BN_FLG_CONSTTIME);
1067 if (!BN_mod_inverse(rsa->iqmp, rsa->q, p, ctx)) {
1075 !BN_mod(ap->exp, rsa->d, ap->exp, ctx) ||
1082 rsa->additional_primes = additional_primes;
1087 OPENSSL_PUT_ERROR(RSA, ERR_LIB_BN);
1099 int rsa_default_keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb) {
1100 return rsa_default_multi_prime_keygen(rsa, bits, 2 /* num primes */, e_value,
