1/* 2 * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. 3 * 4 * Licensed under the Apache License 2.0 (the "License"). You may not use 5 * this file except in compliance with the License. You can obtain a copy 6 * in the file LICENSE in the source distribution or at 7 * https://www.openssl.org/source/license.html 8 */ 9 10/* 11 * RSA low level APIs are deprecated for public use, but still ok for 12 * internal use. 13 */ 14#include "internal/deprecated.h" 15 16#include <stdio.h> 17#include <openssl/crypto.h> 18#include "internal/cryptlib.h" 19#include "crypto/bn.h" 20#include <openssl/rand.h> 21#include "rsa_local.h" 22 23int RSA_bits(const RSA *r) 24{ 25 return BN_num_bits(r->n); 26} 27 28int RSA_size(const RSA *r) 29{ 30 return BN_num_bytes(r->n); 31} 32 33int RSA_public_encrypt(int flen, const unsigned char *from, unsigned char *to, 34 RSA *rsa, int padding) 35{ 36 return rsa->meth->rsa_pub_enc(flen, from, to, rsa, padding); 37} 38 39int RSA_private_encrypt(int flen, const unsigned char *from, 40 unsigned char *to, RSA *rsa, int padding) 41{ 42 return rsa->meth->rsa_priv_enc(flen, from, to, rsa, padding); 43} 44 45int RSA_private_decrypt(int flen, const unsigned char *from, 46 unsigned char *to, RSA *rsa, int padding) 47{ 48 return rsa->meth->rsa_priv_dec(flen, from, to, rsa, padding); 49} 50 51int RSA_public_decrypt(int flen, const unsigned char *from, unsigned char *to, 52 RSA *rsa, int padding) 53{ 54 return rsa->meth->rsa_pub_dec(flen, from, to, rsa, padding); 55} 56 57int RSA_flags(const RSA *r) 58{ 59 return r == NULL ? 0 : r->meth->flags; 60} 61 62void RSA_blinding_off(RSA *rsa) 63{ 64 BN_BLINDING_free(rsa->blinding); 65 rsa->blinding = NULL; 66 rsa->flags &= ~RSA_FLAG_BLINDING; 67 rsa->flags |= RSA_FLAG_NO_BLINDING; 68} 69 70int RSA_blinding_on(RSA *rsa, BN_CTX *ctx) 71{ 72 int ret = 0; 73 74 if (rsa->blinding != NULL) 75 RSA_blinding_off(rsa); 76 77 rsa->blinding = RSA_setup_blinding(rsa, ctx); 78 if (rsa->blinding == NULL) 79 goto err; 80 81 rsa->flags |= RSA_FLAG_BLINDING; 82 rsa->flags &= ~RSA_FLAG_NO_BLINDING; 83 ret = 1; 84 err: 85 return ret; 86} 87 88static BIGNUM *rsa_get_public_exp(const BIGNUM *d, const BIGNUM *p, 89 const BIGNUM *q, BN_CTX *ctx) 90{ 91 BIGNUM *ret = NULL, *r0, *r1, *r2; 92 93 if (d == NULL || p == NULL || q == NULL) 94 return NULL; 95 96 BN_CTX_start(ctx); 97 r0 = BN_CTX_get(ctx); 98 r1 = BN_CTX_get(ctx); 99 r2 = BN_CTX_get(ctx); 100 if (r2 == NULL) 101 goto err; 102 103 if (!BN_sub(r1, p, BN_value_one())) 104 goto err; 105 if (!BN_sub(r2, q, BN_value_one())) 106 goto err; 107 if (!BN_mul(r0, r1, r2, ctx)) 108 goto err; 109 110 ret = BN_mod_inverse(NULL, d, r0, ctx); 111 err: 112 BN_CTX_end(ctx); 113 return ret; 114} 115 116BN_BLINDING *RSA_setup_blinding(RSA *rsa, BN_CTX *in_ctx) 117{ 118 BIGNUM *e; 119 BN_CTX *ctx; 120 BN_BLINDING *ret = NULL; 121 122 if (in_ctx == NULL) { 123 if ((ctx = BN_CTX_new_ex(rsa->libctx)) == NULL) 124 return 0; 125 } else { 126 ctx = in_ctx; 127 } 128 129 BN_CTX_start(ctx); 130 e = BN_CTX_get(ctx); 131 if (e == NULL) { 132 ERR_raise(ERR_LIB_RSA, ERR_R_MALLOC_FAILURE); 133 goto err; 134 } 135 136 if (rsa->e == NULL) { 137 e = rsa_get_public_exp(rsa->d, rsa->p, rsa->q, ctx); 138 if (e == NULL) { 139 ERR_raise(ERR_LIB_RSA, RSA_R_NO_PUBLIC_EXPONENT); 140 goto err; 141 } 142 } else { 143 e = rsa->e; 144 } 145 146 { 147 BIGNUM *n = BN_new(); 148 149 if (n == NULL) { 150 ERR_raise(ERR_LIB_RSA, ERR_R_MALLOC_FAILURE); 151 goto err; 152 } 153 BN_with_flags(n, rsa->n, BN_FLG_CONSTTIME); 154 155 ret = BN_BLINDING_create_param(NULL, e, n, ctx, rsa->meth->bn_mod_exp, 156 rsa->_method_mod_n); 157 /* We MUST free n before any further use of rsa->n */ 158 BN_free(n); 159 } 160 if (ret == NULL) { 161 ERR_raise(ERR_LIB_RSA, ERR_R_BN_LIB); 162 goto err; 163 } 164 165 BN_BLINDING_set_current_thread(ret); 166 167 err: 168 BN_CTX_end(ctx); 169 if (ctx != in_ctx) 170 BN_CTX_free(ctx); 171 if (e != rsa->e) 172 BN_free(e); 173 174 return ret; 175} 176