rsa_lib.c revision 56083
156083Skris/* crypto/rsa/rsa_lib.c */ 256083Skris/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 356083Skris * All rights reserved. 456083Skris * 556083Skris * This package is an SSL implementation written 656083Skris * by Eric Young (eay@cryptsoft.com). 756083Skris * The implementation was written so as to conform with Netscapes SSL. 856083Skris * 956083Skris * This library is free for commercial and non-commercial use as long as 1056083Skris * the following conditions are aheared to. The following conditions 1156083Skris * apply to all code found in this distribution, be it the RC4, RSA, 1256083Skris * lhash, DES, etc., code; not just the SSL code. The SSL documentation 1356083Skris * included with this distribution is covered by the same copyright terms 1456083Skris * except that the holder is Tim Hudson (tjh@cryptsoft.com). 1556083Skris * 1656083Skris * Copyright remains Eric Young's, and as such any Copyright notices in 1756083Skris * the code are not to be removed. 1856083Skris * If this package is used in a product, Eric Young should be given attribution 1956083Skris * as the author of the parts of the library used. 2056083Skris * This can be in the form of a textual message at program startup or 2156083Skris * in documentation (online or textual) provided with the package. 2256083Skris * 2356083Skris * Redistribution and use in source and binary forms, with or without 2456083Skris * modification, are permitted provided that the following conditions 2556083Skris * are met: 2656083Skris * 1. Redistributions of source code must retain the copyright 2756083Skris * notice, this list of conditions and the following disclaimer. 2856083Skris * 2. Redistributions in binary form must reproduce the above copyright 2956083Skris * notice, this list of conditions and the following disclaimer in the 3056083Skris * documentation and/or other materials provided with the distribution. 3156083Skris * 3. All advertising materials mentioning features or use of this software 3256083Skris * must display the following acknowledgement: 3356083Skris * "This product includes cryptographic software written by 3456083Skris * Eric Young (eay@cryptsoft.com)" 3556083Skris * The word 'cryptographic' can be left out if the rouines from the library 3656083Skris * being used are not cryptographic related :-). 3756083Skris * 4. If you include any Windows specific code (or a derivative thereof) from 3856083Skris * the apps directory (application code) you must include an acknowledgement: 3956083Skris * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 4056083Skris * 4156083Skris * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 4256083Skris * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 4356083Skris * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 4456083Skris * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 4556083Skris * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 4656083Skris * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 4756083Skris * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 4856083Skris * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 4956083Skris * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 5056083Skris * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 5156083Skris * SUCH DAMAGE. 5256083Skris * 5356083Skris * The licence and distribution terms for any publically available version or 5456083Skris * derivative of this code cannot be changed. i.e. this code cannot simply be 5556083Skris * copied and put under another distribution licence 5656083Skris * [including the GNU Public Licence.] 5756083Skris */ 5856083Skris 5956083Skris#include <stdio.h> 6056083Skris#include <openssl/crypto.h> 6156083Skris#include "cryptlib.h" 6256083Skris#include <openssl/lhash.h> 6356083Skris#include <openssl/bn.h> 6456083Skris#include <openssl/rsa.h> 6556083Skris 6656083Skrisconst char *RSA_version="RSA" OPENSSL_VERSION_PTEXT; 6756083Skris 6856083Skrisstatic RSA_METHOD *default_RSA_meth=NULL; 6956083Skrisstatic int rsa_meth_num=0; 7056083Skrisstatic STACK *rsa_meth=NULL; 7156083Skris 7256083SkrisRSA *RSA_new(void) 7356083Skris { 7456083Skris return(RSA_new_method(NULL)); 7556083Skris } 7656083Skris 7756083Skrisvoid RSA_set_default_method(RSA_METHOD *meth) 7856083Skris { 7956083Skris default_RSA_meth=meth; 8056083Skris } 8156083Skris 8256083SkrisRSA_METHOD *RSA_get_default_method(void) 8356083Skris{ 8456083Skris return default_RSA_meth; 8556083Skris} 8656083Skris 8756083SkrisRSA_METHOD *RSA_get_method(RSA *rsa) 8856083Skris{ 8956083Skris return rsa->meth; 9056083Skris} 9156083Skris 9256083SkrisRSA_METHOD *RSA_set_method(RSA *rsa, RSA_METHOD *meth) 9356083Skris{ 9456083Skris RSA_METHOD *mtmp; 9556083Skris mtmp = rsa->meth; 9656083Skris if (mtmp->finish) mtmp->finish(rsa); 9756083Skris rsa->meth = meth; 9856083Skris if (meth->init) meth->init(rsa); 9956083Skris return mtmp; 10056083Skris} 10156083Skris 10256083SkrisRSA *RSA_new_method(RSA_METHOD *meth) 10356083Skris { 10456083Skris RSA *ret; 10556083Skris 10656083Skris if (default_RSA_meth == NULL) 10756083Skris { 10856083Skris#ifdef RSAref 10956083Skris default_RSA_meth=RSA_PKCS1_RSAref(); 11056083Skris#else 11156083Skris default_RSA_meth=RSA_PKCS1_SSLeay(); 11256083Skris#endif 11356083Skris } 11456083Skris ret=(RSA *)Malloc(sizeof(RSA)); 11556083Skris if (ret == NULL) 11656083Skris { 11756083Skris RSAerr(RSA_F_RSA_NEW_METHOD,ERR_R_MALLOC_FAILURE); 11856083Skris return(NULL); 11956083Skris } 12056083Skris 12156083Skris if (meth == NULL) 12256083Skris ret->meth=default_RSA_meth; 12356083Skris else 12456083Skris ret->meth=meth; 12556083Skris 12656083Skris ret->pad=0; 12756083Skris ret->version=0; 12856083Skris ret->n=NULL; 12956083Skris ret->e=NULL; 13056083Skris ret->d=NULL; 13156083Skris ret->p=NULL; 13256083Skris ret->q=NULL; 13356083Skris ret->dmp1=NULL; 13456083Skris ret->dmq1=NULL; 13556083Skris ret->iqmp=NULL; 13656083Skris ret->references=1; 13756083Skris ret->_method_mod_n=NULL; 13856083Skris ret->_method_mod_p=NULL; 13956083Skris ret->_method_mod_q=NULL; 14056083Skris ret->blinding=NULL; 14156083Skris ret->bignum_data=NULL; 14256083Skris ret->flags=ret->meth->flags; 14356083Skris if ((ret->meth->init != NULL) && !ret->meth->init(ret)) 14456083Skris { 14556083Skris Free(ret); 14656083Skris ret=NULL; 14756083Skris } 14856083Skris else 14956083Skris CRYPTO_new_ex_data(rsa_meth,(char *)ret,&ret->ex_data); 15056083Skris return(ret); 15156083Skris } 15256083Skris 15356083Skrisvoid RSA_free(RSA *r) 15456083Skris { 15556083Skris int i; 15656083Skris 15756083Skris if (r == NULL) return; 15856083Skris 15956083Skris i=CRYPTO_add(&r->references,-1,CRYPTO_LOCK_RSA); 16056083Skris#ifdef REF_PRINT 16156083Skris REF_PRINT("RSA",r); 16256083Skris#endif 16356083Skris if (i > 0) return; 16456083Skris#ifdef REF_CHECK 16556083Skris if (i < 0) 16656083Skris { 16756083Skris fprintf(stderr,"RSA_free, bad reference count\n"); 16856083Skris abort(); 16956083Skris } 17056083Skris#endif 17156083Skris 17256083Skris CRYPTO_free_ex_data(rsa_meth,(char *)r,&r->ex_data); 17356083Skris 17456083Skris if (r->meth->finish != NULL) 17556083Skris r->meth->finish(r); 17656083Skris 17756083Skris if (r->n != NULL) BN_clear_free(r->n); 17856083Skris if (r->e != NULL) BN_clear_free(r->e); 17956083Skris if (r->d != NULL) BN_clear_free(r->d); 18056083Skris if (r->p != NULL) BN_clear_free(r->p); 18156083Skris if (r->q != NULL) BN_clear_free(r->q); 18256083Skris if (r->dmp1 != NULL) BN_clear_free(r->dmp1); 18356083Skris if (r->dmq1 != NULL) BN_clear_free(r->dmq1); 18456083Skris if (r->iqmp != NULL) BN_clear_free(r->iqmp); 18556083Skris if (r->blinding != NULL) BN_BLINDING_free(r->blinding); 18656083Skris if (r->bignum_data != NULL) Free_locked(r->bignum_data); 18756083Skris Free(r); 18856083Skris } 18956083Skris 19056083Skrisint RSA_get_ex_new_index(long argl, char *argp, int (*new_func)(), 19156083Skris int (*dup_func)(), void (*free_func)()) 19256083Skris { 19356083Skris rsa_meth_num++; 19456083Skris return(CRYPTO_get_ex_new_index(rsa_meth_num-1, 19556083Skris &rsa_meth,argl,argp,new_func,dup_func,free_func)); 19656083Skris } 19756083Skris 19856083Skrisint RSA_set_ex_data(RSA *r, int idx, char *arg) 19956083Skris { 20056083Skris return(CRYPTO_set_ex_data(&r->ex_data,idx,arg)); 20156083Skris } 20256083Skris 20356083Skrischar *RSA_get_ex_data(RSA *r, int idx) 20456083Skris { 20556083Skris return(CRYPTO_get_ex_data(&r->ex_data,idx)); 20656083Skris } 20756083Skris 20856083Skrisint RSA_size(RSA *r) 20956083Skris { 21056083Skris return(BN_num_bytes(r->n)); 21156083Skris } 21256083Skris 21356083Skrisint RSA_public_encrypt(int flen, unsigned char *from, unsigned char *to, 21456083Skris RSA *rsa, int padding) 21556083Skris { 21656083Skris return(rsa->meth->rsa_pub_enc(flen, from, to, rsa, padding)); 21756083Skris } 21856083Skris 21956083Skrisint RSA_private_encrypt(int flen, unsigned char *from, unsigned char *to, 22056083Skris RSA *rsa, int padding) 22156083Skris { 22256083Skris return(rsa->meth->rsa_priv_enc(flen, from, to, rsa, padding)); 22356083Skris } 22456083Skris 22556083Skrisint RSA_private_decrypt(int flen, unsigned char *from, unsigned char *to, 22656083Skris RSA *rsa, int padding) 22756083Skris { 22856083Skris return(rsa->meth->rsa_priv_dec(flen, from, to, rsa, padding)); 22956083Skris } 23056083Skris 23156083Skrisint RSA_public_decrypt(int flen, unsigned char *from, unsigned char *to, 23256083Skris RSA *rsa, int padding) 23356083Skris { 23456083Skris return(rsa->meth->rsa_pub_dec(flen, from, to, rsa, padding)); 23556083Skris } 23656083Skris 23756083Skrisint RSA_flags(RSA *r) 23856083Skris { 23956083Skris return((r == NULL)?0:r->meth->flags); 24056083Skris } 24156083Skris 24256083Skrisvoid RSA_blinding_off(RSA *rsa) 24356083Skris { 24456083Skris if (rsa->blinding != NULL) 24556083Skris { 24656083Skris BN_BLINDING_free(rsa->blinding); 24756083Skris rsa->blinding=NULL; 24856083Skris } 24956083Skris rsa->flags&= ~RSA_FLAG_BLINDING; 25056083Skris } 25156083Skris 25256083Skrisint RSA_blinding_on(RSA *rsa, BN_CTX *p_ctx) 25356083Skris { 25456083Skris BIGNUM *A,*Ai; 25556083Skris BN_CTX *ctx; 25656083Skris int ret=0; 25756083Skris 25856083Skris if (p_ctx == NULL) 25956083Skris { 26056083Skris if ((ctx=BN_CTX_new()) == NULL) goto err; 26156083Skris } 26256083Skris else 26356083Skris ctx=p_ctx; 26456083Skris 26556083Skris if (rsa->blinding != NULL) 26656083Skris BN_BLINDING_free(rsa->blinding); 26756083Skris 26856083Skris A= &(ctx->bn[0]); 26956083Skris ctx->tos++; 27056083Skris if (!BN_rand(A,BN_num_bits(rsa->n)-1,1,0)) goto err; 27156083Skris if ((Ai=BN_mod_inverse(NULL,A,rsa->n,ctx)) == NULL) goto err; 27256083Skris 27356083Skris if (!rsa->meth->bn_mod_exp(A,A,rsa->e,rsa->n,ctx,rsa->_method_mod_n)) 27456083Skris goto err; 27556083Skris rsa->blinding=BN_BLINDING_new(A,Ai,rsa->n); 27656083Skris ctx->tos--; 27756083Skris rsa->flags|=RSA_FLAG_BLINDING; 27856083Skris BN_free(Ai); 27956083Skris ret=1; 28056083Skriserr: 28156083Skris if (ctx != p_ctx) BN_CTX_free(ctx); 28256083Skris return(ret); 28356083Skris } 28456083Skris 28556083Skrisint RSA_memory_lock(RSA *r) 28656083Skris { 28756083Skris int i,j,k,off; 28856083Skris char *p; 28956083Skris BIGNUM *bn,**t[6],*b; 29056083Skris BN_ULONG *ul; 29156083Skris 29256083Skris if (r->d == NULL) return(1); 29356083Skris t[0]= &r->d; 29456083Skris t[1]= &r->p; 29556083Skris t[2]= &r->q; 29656083Skris t[3]= &r->dmp1; 29756083Skris t[4]= &r->dmq1; 29856083Skris t[5]= &r->iqmp; 29956083Skris k=sizeof(BIGNUM)*6; 30056083Skris off=k/sizeof(BN_ULONG)+1; 30156083Skris j=1; 30256083Skris for (i=0; i<6; i++) 30356083Skris j+= (*t[i])->top; 30456083Skris if ((p=Malloc_locked((off+j)*sizeof(BN_ULONG))) == NULL) 30556083Skris { 30656083Skris RSAerr(RSA_F_MEMORY_LOCK,ERR_R_MALLOC_FAILURE); 30756083Skris return(0); 30856083Skris } 30956083Skris bn=(BIGNUM *)p; 31056083Skris ul=(BN_ULONG *)&(p[off]); 31156083Skris for (i=0; i<6; i++) 31256083Skris { 31356083Skris b= *(t[i]); 31456083Skris *(t[i])= &(bn[i]); 31556083Skris memcpy((char *)&(bn[i]),(char *)b,sizeof(BIGNUM)); 31656083Skris bn[i].flags=BN_FLG_STATIC_DATA; 31756083Skris bn[i].d=ul; 31856083Skris memcpy((char *)ul,b->d,sizeof(BN_ULONG)*b->top); 31956083Skris ul+=b->top; 32056083Skris BN_clear_free(b); 32156083Skris } 32256083Skris 32356083Skris /* I should fix this so it can still be done */ 32456083Skris r->flags&= ~(RSA_FLAG_CACHE_PRIVATE|RSA_FLAG_CACHE_PUBLIC); 32556083Skris 32656083Skris r->bignum_data=p; 32756083Skris return(1); 32856083Skris } 32956083Skris 330