34 #if defined(POLARSSL_RSA_C)
38 #if defined(POLARSSL_PKCS1_V21)
58 #if defined(POLARSSL_GENPRIME)
64 int (*f_rng)(
void *,
unsigned char *,
size_t),
66 unsigned int nbits,
int exponent )
71 if( f_rng == NULL || nbits < 128 || exponent < 3 )
140 if( !ctx->
N.
p || !ctx->
E.
p )
143 if( ( ctx->
N.
p[0] & 1 ) == 0 ||
144 ( ctx->
E.
p[0] & 1 ) == 0 )
164 mpi PQ, DE, P1, Q1, H, I, G, G2, L1, L2, DP, DQ, QP;
169 if( !ctx->
P.
p || !ctx->
Q.
p || !ctx->
D.
p )
224 const unsigned char *input,
225 unsigned char *output )
259 const unsigned char *input,
260 unsigned char *output )
276 #if defined(POLARSSL_RSA_NO_CRT)
315 #if defined(POLARSSL_PKCS1_V21)
325 static void mgf_mask(
unsigned char *dst,
size_t dlen,
unsigned char *src,
size_t slen,
329 unsigned char counter[4];
335 memset( counter, 0, 4 );
354 for( i = 0; i < use_len; ++i )
368 int (*f_rng)(
void *,
unsigned char *,
size_t),
370 int mode,
size_t ilen,
371 const unsigned char *input,
372 unsigned char *output )
376 unsigned char *p = output;
377 #if defined(POLARSSL_PKCS1_V21)
392 if( olen < ilen + 11 )
395 nb_pad = olen - 3 - ilen;
402 while( nb_pad-- > 0 )
407 ret = f_rng( p_rng, p, 1 );
408 }
while( *p == 0 && --rng_dl && ret == 0 );
412 if( rng_dl == 0 || ret != 0)
422 while( nb_pad-- > 0 )
427 memcpy( p, input, ilen );
430 #if defined(POLARSSL_PKCS1_V21)
434 if( md_info == NULL )
439 if( olen < ilen + 2 * hlen + 2 || f_rng == NULL )
442 memset( output, 0, olen );
448 if( ( ret = f_rng( p_rng, p, hlen ) ) != 0 )
455 md( md_info, p, 0, p );
457 p += olen - 2 * hlen - 2 - ilen;
459 memcpy( p, input, ilen );
465 mgf_mask( output + hlen + 1, olen - hlen - 1, output + 1, hlen,
470 mgf_mask( output + 1, hlen, output + hlen + 1, olen - hlen - 1,
491 int mode,
size_t *olen,
492 const unsigned char *input,
493 unsigned char *output,
494 size_t output_max_len)
501 #if defined(POLARSSL_PKCS1_V21)
510 if( ilen < 16 || ilen >
sizeof( buf ) )
538 while( *p != 0 && p < buf + ilen - 1 )
541 if( *p != 0 || p >= buf + ilen - 1 )
548 while( *p == 0xFF && p < buf + ilen - 1 )
551 if( *p != 0 || p >= buf + ilen - 1 )
559 #if defined(POLARSSL_PKCS1_V21)
566 if( md_info == NULL )
575 md( md_info, lhash, 0, lhash );
579 mgf_mask( buf + 1, hlen, buf + hlen + 1, ilen - hlen - 1,
584 mgf_mask( buf + hlen + 1, ilen - hlen - 1, buf + 1, hlen,
592 if( memcmp( lhash, p, hlen ) != 0 )
597 while( *p == 0 && p < buf + ilen )
600 if( p == buf + ilen )
614 if (ilen - (p - buf) > output_max_len)
617 *olen = ilen - (p - buf);
618 memcpy( output, p, *olen );
627 int (*f_rng)(
void *,
unsigned char *,
size_t),
631 unsigned int hashlen,
632 const unsigned char *hash,
636 unsigned char *p = sig;
637 #if defined(POLARSSL_PKCS1_V21)
639 unsigned int slen, hlen, offset = 0;
658 nb_pad = olen - 3 - hashlen;
664 nb_pad = olen - 3 - 34;
668 nb_pad = olen - 3 - 35;
672 nb_pad = olen - 3 - 47;
676 nb_pad = olen - 3 - 51;
680 nb_pad = olen - 3 - 67;
684 nb_pad = olen - 3 - 83;
692 if( ( nb_pad < 8 ) || ( nb_pad > olen ) )
697 memset( p, 0xFF, nb_pad );
704 memcpy( p, hash, hashlen );
709 memcpy( p + 18, hash, 16 );
714 memcpy( p + 18, hash, 16 );
719 memcpy( p + 18, hash, 16 );
724 memcpy( p + 15, hash, 20 );
729 memcpy( p + 19, hash, 28 );
730 p[1] += 28; p[14] = 4; p[18] += 28;
break;
734 memcpy( p + 19, hash, 32 );
735 p[1] += 32; p[14] = 1; p[18] += 32;
break;
739 memcpy( p + 19, hash, 48 );
740 p[1] += 48; p[14] = 2; p[18] += 48;
break;
744 memcpy( p + 19, hash, 64 );
745 p[1] += 64; p[14] = 3; p[18] += 64;
break;
753 #if defined(POLARSSL_PKCS1_V21)
792 if( md_info == NULL )
798 if( olen < hlen + slen + 2 )
801 memset( sig, 0, olen );
807 if( ( ret = f_rng( p_rng, salt, slen ) ) != 0 )
813 p += olen - hlen * 2 - 2;
815 memcpy( p, salt, slen );
835 mgf_mask( sig + offset, olen - hlen - 1 - offset, p, hlen, &md_ctx );
840 sig[0] &= 0xFF >> ( olen * 8 - msb );
863 unsigned int hashlen,
864 const unsigned char *hash,
871 #if defined(POLARSSL_PKCS1_V21)
873 unsigned char zeros[8];
881 if( siglen < 16 || siglen >
sizeof( buf ) )
902 if( p >= buf + siglen - 1 || *p != 0xFF )
908 len = siglen - ( p - buf );
913 memcmp( p + 13, hash, 20 ) == 0 )
930 if( memcmp( p + 18, hash, 16 ) == 0 )
940 memcmp( p + 15, hash, 20 ) == 0 )
945 if( ( len == 19 + 28 && p[14] == 4 && hash_id ==
SIG_RSA_SHA224 ) ||
956 memcmp( p + 19, hash, c ) == 0 )
964 if( memcmp( p, hash, hashlen ) == 0 )
972 #if defined(POLARSSL_PKCS1_V21)
975 if( buf[siglen - 1] != 0xBC )
1011 if( md_info == NULL )
1015 slen = siglen - hlen - 1;
1017 memset( zeros, 0, 8 );
1030 if( buf[0] >> ( 8 - siglen * 8 + msb ) )
1035 mgf_mask( p, siglen - hlen - 1, p + siglen - hlen - 1, hlen, &md_ctx );
1037 buf[0] &= 0xFF >> ( siglen * 8 - msb );
1039 while( *p == 0 && p < buf + siglen )
1042 if( p == buf + siglen ||
1061 if( memcmp( p + slen, result, hlen ) == 0 )
1086 #if defined(POLARSSL_SELF_TEST)
1095 #define RSA_N "9292758453063D803DD603D5E777D788" \
1096 "8ED1D5BF35786190FA2F23EBC0848AEA" \
1097 "DDA92CA6C3D80B32C4D109BE0F36D6AE" \
1098 "7130B9CED7ACDF54CFC7555AC14EEBAB" \
1099 "93A89813FBF3C4F8066D2D800F7C38A8" \
1100 "1AE31942917403FF4946B0A83D3D3E05" \
1101 "EE57C6F5F5606FB5D4BC6CD34EE0801A" \
1102 "5E94BB77B07507233A0BC7BAC8F90F79"
1104 #define RSA_E "10001"
1106 #define RSA_D "24BF6185468786FDD303083D25E64EFC" \
1107 "66CA472BC44D253102F8B4A9D3BFA750" \
1108 "91386C0077937FE33FA3252D28855837" \
1109 "AE1B484A8A9A45F7EE8C0C634F99E8CD" \
1110 "DF79C5CE07EE72C7F123142198164234" \
1111 "CABB724CF78B8173B9F880FC86322407" \
1112 "AF1FEDFDDE2BEB674CA15F3E81A1521E" \
1113 "071513A1E85B5DFA031F21ECAE91A34D"
1115 #define RSA_P "C36D0EB7FCD285223CFB5AABA5BDA3D8" \
1116 "2C01CAD19EA484A87EA4377637E75500" \
1117 "FCB2005C5C7DD6EC4AC023CDA285D796" \
1118 "C3D9E75E1EFC42488BB4F1D13AC30A57"
1120 #define RSA_Q "C000DF51A7C77AE8D7C7370C1FF55B69" \
1121 "E211C2B9E5DB1ED0BF61D0D9899620F4" \
1122 "910E4168387E3C30AA1E00C339A79508" \
1123 "8452DD96A9A5EA5D9DCA68DA636032AF"
1125 #define RSA_DP "C1ACF567564274FB07A0BBAD5D26E298" \
1126 "3C94D22288ACD763FD8E5600ED4A702D" \
1127 "F84198A5F06C2E72236AE490C93F07F8" \
1128 "3CC559CD27BC2D1CA488811730BB5725"
1130 #define RSA_DQ "4959CBF6F8FEF750AEE6977C155579C7" \
1131 "D8AAEA56749EA28623272E4F7D0592AF" \
1132 "7C1F1313CAC9471B5C523BFE592F517B" \
1133 "407A1BD76C164B93DA2D32A383E58357"
1135 #define RSA_QP "9AE7FBC99546432DF71896FC239EADAE" \
1136 "F38D18D2B2F0E2DD275AA977E2BF4411" \
1137 "F5A3B2A5D33605AEBBCCBA7FEB9F2D2F" \
1138 "A74206CEC169D74BF5A8C50D6F48EA08"
1141 #define RSA_PT "\xAA\xBB\xCC\x03\x02\x01\x00\xFF\xFF\xFF\xFF\xFF" \
1142 "\x11\x22\x33\x0A\x0B\x0C\xCC\xDD\xDD\xDD\xDD\xDD"
1144 static int myrand(
void *rng_state,
unsigned char *output,
size_t len )
1148 if( rng_state != NULL )
1151 for( i = 0; i < len; ++i )
1164 unsigned char rsa_plaintext[PT_LEN];
1165 unsigned char rsa_decrypted[PT_LEN];
1166 unsigned char rsa_ciphertext[KEY_LEN];
1167 #if defined(POLARSSL_SHA1_C)
1168 unsigned char sha1sum[20];
1184 printf(
" RSA key validation: " );
1190 printf(
"failed\n" );
1196 printf(
"passed\n PKCS#1 encryption : " );
1198 memcpy( rsa_plaintext, RSA_PT, PT_LEN );
1201 rsa_plaintext, rsa_ciphertext ) != 0 )
1204 printf(
"failed\n" );
1210 printf(
"passed\n PKCS#1 decryption : " );
1213 rsa_ciphertext, rsa_decrypted,
1214 sizeof(rsa_decrypted) ) != 0 )
1217 printf(
"failed\n" );
1222 if( memcmp( rsa_decrypted, rsa_plaintext, len ) != 0 )
1225 printf(
"failed\n" );
1230 #if defined(POLARSSL_SHA1_C)
1232 printf(
"passed\n PKCS#1 data sign : " );
1234 sha1( rsa_plaintext, PT_LEN, sha1sum );
1237 sha1sum, rsa_ciphertext ) != 0 )
1240 printf(
"failed\n" );
1246 printf(
"passed\n PKCS#1 sig. verify: " );
1249 sha1sum, rsa_ciphertext ) != 0 )
1252 printf(
"failed\n" );
1258 printf(
"passed\n\n" );