32 #if !defined(POLARSSL_CONFIG_FILE)
35 #include POLARSSL_CONFIG_FILE
38 #if defined(POLARSSL_RSA_C)
43 #if defined(POLARSSL_PKCS1_V21)
50 #if defined(POLARSSL_PLATFORM_C)
53 #define polarssl_printf printf
67 #if defined(POLARSSL_THREADING_C)
81 #if defined(POLARSSL_GENPRIME)
87 int (*f_rng)(
void *,
unsigned char *,
size_t),
89 unsigned int nbits,
int exponent )
94 if( f_rng == NULL || nbits < 128 || exponent < 3 )
163 if( !ctx->
N.
p || !ctx->
E.
p )
166 if( ( ctx->
N.
p[0] & 1 ) == 0 ||
167 ( ctx->
E.
p[0] & 1 ) == 0 )
187 mpi PQ, DE, P1, Q1, H, I, G, G2, L1, L2, DP, DQ, QP;
192 if( !ctx->
P.
p || !ctx->
Q.
p || !ctx->
D.
p )
247 const unsigned char *input,
248 unsigned char *output )
278 #if !defined(POLARSSL_RSA_NO_CRT)
286 int (*f_rng)(
void *,
unsigned char *,
size_t),
void *p_rng )
290 #if defined(POLARSSL_THREADING_C)
294 if( ctx->
Vf.
p != NULL )
326 #if defined(POLARSSL_THREADING_C)
338 int (*f_rng)(
void *,
unsigned char *,
size_t),
340 const unsigned char *input,
341 unsigned char *output )
346 #if !defined(POLARSSL_RSA_NO_CRT)
354 #if defined(POLARSSL_THREADING_C)
355 mpi Vi_copy, Vf_copy;
375 #if defined(POLARSSL_RSA_NO_CRT)
386 MPI_CHK( rsa_prepare_blinding( ctx, Vi, Vf, f_rng, p_rng ) );
429 #if !defined(POLARSSL_RSA_NO_CRT) && defined(POLARSSL_THREADING_C)
439 #if defined(POLARSSL_PKCS1_V21)
449 static void mgf_mask(
unsigned char *dst,
size_t dlen,
unsigned char *src,
453 unsigned char counter[4];
459 memset( counter, 0, 4 );
478 for( i = 0; i < use_len; ++i )
488 #if defined(POLARSSL_PKCS1_V21)
493 int (*f_rng)(
void *,
unsigned char *,
size_t),
496 const unsigned char *label,
size_t label_len,
498 const unsigned char *input,
499 unsigned char *output )
503 unsigned char *p = output;
515 if( md_info == NULL )
521 if( olen < ilen + 2 * hlen + 2 )
524 memset( output, 0, olen );
530 if( ( ret = f_rng( p_rng, p, hlen ) ) != 0 )
537 md( md_info, label, label_len, p );
539 p += olen - 2 * hlen - 2 - ilen;
541 memcpy( p, input, ilen );
548 mgf_mask( output + hlen + 1, olen - hlen - 1, output + 1, hlen,
553 mgf_mask( output + 1, hlen, output + hlen + 1, olen - hlen - 1,
560 :
rsa_private( ctx, f_rng, p_rng, output, output ) );
564 #if defined(POLARSSL_PKCS1_V15)
569 int (*f_rng)(
void *,
unsigned char *,
size_t),
571 int mode,
size_t ilen,
572 const unsigned char *input,
573 unsigned char *output )
577 unsigned char *p = output;
587 if( olen < ilen + 11 )
590 nb_pad = olen - 3 - ilen;
597 while( nb_pad-- > 0 )
602 ret = f_rng( p_rng, p, 1 );
603 }
while( *p == 0 && --rng_dl && ret == 0 );
607 if( rng_dl == 0 || ret != 0 )
617 while( nb_pad-- > 0 )
622 memcpy( p, input, ilen );
626 :
rsa_private( ctx, f_rng, p_rng, output, output ) );
634 int (*f_rng)(
void *,
unsigned char *,
size_t),
636 int mode,
size_t ilen,
637 const unsigned char *input,
638 unsigned char *output )
642 #if defined(POLARSSL_PKCS1_V15)
648 #if defined(POLARSSL_PKCS1_V21)
651 ilen, input, output );
659 #if defined(POLARSSL_PKCS1_V21)
664 int (*f_rng)(
void *,
unsigned char *,
size_t),
667 const unsigned char *label,
size_t label_len,
669 const unsigned char *input,
670 unsigned char *output,
671 size_t output_max_len )
674 size_t ilen, i, pad_len;
675 unsigned char *p, bad, pad_done;
690 if( ilen < 16 || ilen >
sizeof( buf ) )
694 if( md_info == NULL )
716 md( md_info, label, label_len, lhash );
719 mgf_mask( buf + 1, hlen, buf + hlen + 1, ilen - hlen - 1,
723 mgf_mask( buf + hlen + 1, ilen - hlen - 1, buf + 1, hlen,
739 for( i = 0; i < hlen; i++ )
740 bad |= lhash[i] ^ *p++;
746 for( i = 0; i < ilen - 2 * hlen - 2; i++ )
749 pad_len += ( pad_done == 0 );
764 if( ilen - ( p - buf ) > output_max_len )
767 *olen = ilen - (p - buf);
768 memcpy( output, p, *olen );
774 #if defined(POLARSSL_PKCS1_V15)
779 int (*f_rng)(
void *,
unsigned char *,
size_t),
781 int mode,
size_t *olen,
782 const unsigned char *input,
783 unsigned char *output,
784 size_t output_max_len)
787 size_t ilen, pad_count = 0, i;
788 unsigned char *p, bad, pad_done = 0;
796 if( ilen < 16 || ilen >
sizeof( buf ) )
821 for( i = 0; i < ilen - 3; i++ )
823 pad_done |= ( p[i] == 0 );
824 pad_count += ( pad_done == 0 );
836 for( i = 0; i < ilen - 3; i++ )
838 pad_done |= ( p[i] != 0xFF );
839 pad_count += ( pad_done == 0 );
849 if( ilen - ( p - buf ) > output_max_len )
852 *olen = ilen - (p - buf);
853 memcpy( output, p, *olen );
863 int (*f_rng)(
void *,
unsigned char *,
size_t),
865 int mode,
size_t *olen,
866 const unsigned char *input,
867 unsigned char *output,
868 size_t output_max_len)
872 #if defined(POLARSSL_PKCS1_V15)
875 input, output, output_max_len );
878 #if defined(POLARSSL_PKCS1_V21)
890 #if defined(POLARSSL_PKCS1_V21)
895 int (*f_rng)(
void *,
unsigned char *,
size_t),
899 unsigned int hashlen,
900 const unsigned char *hash,
904 unsigned char *p = sig;
906 unsigned int slen, hlen, offset = 0;
925 if( md_info == NULL )
932 if( md_info == NULL )
938 if( olen < hlen + slen + 2 )
941 memset( sig, 0, olen );
945 if( ( ret = f_rng( p_rng, salt, slen ) ) != 0 )
951 p += olen - hlen * 2 - 2;
953 memcpy( p, salt, slen );
974 mgf_mask( sig + offset, olen - hlen - 1 - offset, p, hlen, &md_ctx );
979 sig[0] &= 0xFF >> ( olen * 8 - msb );
990 #if defined(POLARSSL_PKCS1_V15)
998 int (*f_rng)(
void *,
unsigned char *,
size_t),
1002 unsigned int hashlen,
1003 const unsigned char *hash,
1004 unsigned char *sig )
1006 size_t nb_pad, olen, oid_size = 0;
1007 unsigned char *p = sig;
1019 if( md_info == NULL )
1025 nb_pad -= 10 + oid_size;
1032 if( ( nb_pad < 8 ) || ( nb_pad > olen ) )
1037 memset( p, 0xFF, nb_pad );
1043 memcpy( p, hash, hashlen );
1057 *p++ = (
unsigned char) ( 0x08 + oid_size + hashlen );
1059 *p++ = (
unsigned char) ( 0x04 + oid_size );
1061 *p++ = oid_size & 0xFF;
1062 memcpy( p, oid, oid_size );
1068 memcpy( p, hash, hashlen );
1081 int (*f_rng)(
void *,
unsigned char *,
size_t),
1085 unsigned int hashlen,
1086 const unsigned char *hash,
1087 unsigned char *sig )
1091 #if defined(POLARSSL_PKCS1_V15)
1094 hashlen, hash, sig );
1097 #if defined(POLARSSL_PKCS1_V21)
1100 hashlen, hash, sig );
1108 #if defined(POLARSSL_PKCS1_V21)
1113 int (*f_rng)(
void *,
unsigned char *,
size_t),
1117 unsigned int hashlen,
1118 const unsigned char *hash,
1120 int expected_salt_len,
1121 const unsigned char *sig )
1128 unsigned char zeros[8];
1139 if( siglen < 16 || siglen >
sizeof( buf ) )
1151 if( buf[siglen - 1] != 0xBC )
1159 if( md_info == NULL )
1166 if( md_info == NULL )
1170 slen = siglen - hlen - 1;
1172 memset( zeros, 0, 8 );
1185 if( buf[0] >> ( 8 - siglen * 8 + msb ) )
1191 mgf_mask( p, siglen - hlen - 1, p + siglen - hlen - 1, hlen, &md_ctx );
1193 buf[0] &= 0xFF >> ( siglen * 8 - msb );
1195 while( p < buf + siglen && *p == 0 )
1198 if( p == buf + siglen ||
1209 slen != (
size_t) expected_salt_len )
1225 if( memcmp( p + slen, result, hlen ) == 0 )
1235 int (*f_rng)(
void *,
unsigned char *,
size_t),
1239 unsigned int hashlen,
1240 const unsigned char *hash,
1241 const unsigned char *sig )
1248 md_alg, hashlen, hash,
1255 #if defined(POLARSSL_PKCS1_V15)
1260 int (*f_rng)(
void *,
unsigned char *,
size_t),
1264 unsigned int hashlen,
1265 const unsigned char *hash,
1266 const unsigned char *sig )
1269 size_t len, siglen, asn1_len;
1270 unsigned char *p, *end;
1281 if( siglen < 16 || siglen >
sizeof( buf ) )
1293 if( *p++ != 0 || *p++ != RSA_SIGN )
1298 if( p >= buf + siglen - 1 || *p != 0xFF )
1304 len = siglen - ( p - buf );
1308 if( memcmp( p, hash, hashlen ) == 0 )
1315 if( md_info == NULL )
1327 if( asn1_len + 2 != len )
1334 if( asn1_len + 6 + hashlen != len )
1346 if( md_alg != msg_md_alg )
1358 if( asn1_len != hashlen )
1361 if( memcmp( p, hash, hashlen ) != 0 )
1377 int (*f_rng)(
void *,
unsigned char *,
size_t),
1381 unsigned int hashlen,
1382 const unsigned char *hash,
1383 const unsigned char *sig )
1387 #if defined(POLARSSL_PKCS1_V15)
1390 hashlen, hash, sig );
1393 #if defined(POLARSSL_PKCS1_V21)
1396 hashlen, hash, sig );
1428 #if !defined(POLARSSL_RSA_NO_CRT)
1448 #if !defined(POLARSSL_RSA_NO_CRT)
1456 #if defined(POLARSSL_THREADING_C)
1461 #if defined(POLARSSL_SELF_TEST)
1470 #define RSA_N "9292758453063D803DD603D5E777D788" \
1471 "8ED1D5BF35786190FA2F23EBC0848AEA" \
1472 "DDA92CA6C3D80B32C4D109BE0F36D6AE" \
1473 "7130B9CED7ACDF54CFC7555AC14EEBAB" \
1474 "93A89813FBF3C4F8066D2D800F7C38A8" \
1475 "1AE31942917403FF4946B0A83D3D3E05" \
1476 "EE57C6F5F5606FB5D4BC6CD34EE0801A" \
1477 "5E94BB77B07507233A0BC7BAC8F90F79"
1479 #define RSA_E "10001"
1481 #define RSA_D "24BF6185468786FDD303083D25E64EFC" \
1482 "66CA472BC44D253102F8B4A9D3BFA750" \
1483 "91386C0077937FE33FA3252D28855837" \
1484 "AE1B484A8A9A45F7EE8C0C634F99E8CD" \
1485 "DF79C5CE07EE72C7F123142198164234" \
1486 "CABB724CF78B8173B9F880FC86322407" \
1487 "AF1FEDFDDE2BEB674CA15F3E81A1521E" \
1488 "071513A1E85B5DFA031F21ECAE91A34D"
1490 #define RSA_P "C36D0EB7FCD285223CFB5AABA5BDA3D8" \
1491 "2C01CAD19EA484A87EA4377637E75500" \
1492 "FCB2005C5C7DD6EC4AC023CDA285D796" \
1493 "C3D9E75E1EFC42488BB4F1D13AC30A57"
1495 #define RSA_Q "C000DF51A7C77AE8D7C7370C1FF55B69" \
1496 "E211C2B9E5DB1ED0BF61D0D9899620F4" \
1497 "910E4168387E3C30AA1E00C339A79508" \
1498 "8452DD96A9A5EA5D9DCA68DA636032AF"
1500 #define RSA_DP "C1ACF567564274FB07A0BBAD5D26E298" \
1501 "3C94D22288ACD763FD8E5600ED4A702D" \
1502 "F84198A5F06C2E72236AE490C93F07F8" \
1503 "3CC559CD27BC2D1CA488811730BB5725"
1505 #define RSA_DQ "4959CBF6F8FEF750AEE6977C155579C7" \
1506 "D8AAEA56749EA28623272E4F7D0592AF" \
1507 "7C1F1313CAC9471B5C523BFE592F517B" \
1508 "407A1BD76C164B93DA2D32A383E58357"
1510 #define RSA_QP "9AE7FBC99546432DF71896FC239EADAE" \
1511 "F38D18D2B2F0E2DD275AA977E2BF4411" \
1512 "F5A3B2A5D33605AEBBCCBA7FEB9F2D2F" \
1513 "A74206CEC169D74BF5A8C50D6F48EA08"
1516 #define RSA_PT "\xAA\xBB\xCC\x03\x02\x01\x00\xFF\xFF\xFF\xFF\xFF" \
1517 "\x11\x22\x33\x0A\x0B\x0C\xCC\xDD\xDD\xDD\xDD\xDD"
1519 #if defined(POLARSSL_PKCS1_V15)
1520 static int myrand(
void *rng_state,
unsigned char *output,
size_t len )
1522 #if !defined(__OpenBSD__)
1525 if( rng_state != NULL )
1528 for( i = 0; i < len; ++i )
1531 if( rng_state != NULL )
1534 arc4random_buf( output, len );
1547 #if defined(POLARSSL_PKCS1_V15)
1550 unsigned char rsa_plaintext[PT_LEN];
1551 unsigned char rsa_decrypted[PT_LEN];
1552 unsigned char rsa_ciphertext[KEY_LEN];
1553 #if defined(POLARSSL_SHA1_C)
1554 unsigned char sha1sum[20];
1584 memcpy( rsa_plaintext, RSA_PT, PT_LEN );
1587 rsa_plaintext, rsa_ciphertext ) != 0 )
1599 rsa_ciphertext, rsa_decrypted,
1600 sizeof(rsa_decrypted) ) != 0 )
1608 if( memcmp( rsa_decrypted, rsa_plaintext, len ) != 0 )
1616 #if defined(POLARSSL_SHA1_C)
1620 sha1( rsa_plaintext, PT_LEN, sha1sum );
1623 sha1sum, rsa_ciphertext ) != 0 )
1635 sha1sum, rsa_ciphertext ) != 0 )