34 #if defined(POLARSSL_RSA_C)
39 #if defined(POLARSSL_PKCS1_V21)
58 #if defined(POLARSSL_THREADING_C)
63 #if defined(POLARSSL_GENPRIME)
69 int (*f_rng)(
void *,
unsigned char *,
size_t),
71 unsigned int nbits,
int exponent )
76 if( f_rng == NULL || nbits < 128 || exponent < 3 )
145 if( !ctx->
N.
p || !ctx->
E.
p )
148 if( ( ctx->
N.
p[0] & 1 ) == 0 ||
149 ( ctx->
E.
p[0] & 1 ) == 0 )
169 mpi PQ, DE, P1, Q1, H, I, G, G2, L1, L2, DP, DQ, QP;
174 if( !ctx->
P.
p || !ctx->
Q.
p || !ctx->
D.
p )
229 const unsigned char *input,
230 unsigned char *output )
260 #if !defined(POLARSSL_RSA_NO_CRT)
268 int (*f_rng)(
void *,
unsigned char *,
size_t),
void *p_rng )
272 #if defined(POLARSSL_THREADING_C)
276 if( ctx->
Vf.
p != NULL )
308 #if defined(POLARSSL_THREADING_C)
320 int (*f_rng)(
void *,
unsigned char *,
size_t),
322 const unsigned char *input,
323 unsigned char *output )
328 #if !defined(POLARSSL_RSA_NO_CRT)
336 #if defined(POLARSSL_THREADING_C)
337 mpi Vi_copy, Vf_copy;
357 #if defined(POLARSSL_RSA_NO_CRT)
368 MPI_CHK( rsa_prepare_blinding( ctx, Vi, Vf, f_rng, p_rng ) );
411 #if !defined(POLARSSL_RSA_NO_CRT) && defined(POLARSSL_THREADING_C)
421 #if defined(POLARSSL_PKCS1_V21)
431 static void mgf_mask(
unsigned char *dst,
size_t dlen,
unsigned char *src,
435 unsigned char counter[4];
441 memset( counter, 0, 4 );
460 for( i = 0; i < use_len; ++i )
470 #if defined(POLARSSL_PKCS1_V21)
475 int (*f_rng)(
void *,
unsigned char *,
size_t),
478 const unsigned char *label,
size_t label_len,
480 const unsigned char *input,
481 unsigned char *output )
485 unsigned char *p = output;
494 if( md_info == NULL )
500 if( olen < ilen + 2 * hlen + 2 || f_rng == NULL )
503 memset( output, 0, olen );
509 if( ( ret = f_rng( p_rng, p, hlen ) ) != 0 )
516 md( md_info, label, label_len, p );
518 p += olen - 2 * hlen - 2 - ilen;
520 memcpy( p, input, ilen );
526 mgf_mask( output + hlen + 1, olen - hlen - 1, output + 1, hlen,
531 mgf_mask( output + 1, hlen, output + hlen + 1, olen - hlen - 1,
538 :
rsa_private( ctx, f_rng, p_rng, output, output ) );
542 #if defined(POLARSSL_PKCS1_V15)
547 int (*f_rng)(
void *,
unsigned char *,
size_t),
549 int mode,
size_t ilen,
550 const unsigned char *input,
551 unsigned char *output )
555 unsigned char *p = output;
562 if( olen < ilen + 11 )
565 nb_pad = olen - 3 - ilen;
572 while( nb_pad-- > 0 )
577 ret = f_rng( p_rng, p, 1 );
578 }
while( *p == 0 && --rng_dl && ret == 0 );
582 if( rng_dl == 0 || ret != 0)
592 while( nb_pad-- > 0 )
597 memcpy( p, input, ilen );
601 :
rsa_private( ctx, f_rng, p_rng, output, output ) );
609 int (*f_rng)(
void *,
unsigned char *,
size_t),
611 int mode,
size_t ilen,
612 const unsigned char *input,
613 unsigned char *output )
617 #if defined(POLARSSL_PKCS1_V15)
623 #if defined(POLARSSL_PKCS1_V21)
626 ilen, input, output );
634 #if defined(POLARSSL_PKCS1_V21)
639 int (*f_rng)(
void *,
unsigned char *,
size_t),
642 const unsigned char *label,
size_t label_len,
644 const unsigned char *input,
645 unsigned char *output,
646 size_t output_max_len )
662 if( ilen < 16 || ilen >
sizeof( buf ) )
678 if( md_info == NULL )
687 md( md_info, label, label_len, lhash );
691 mgf_mask( buf + 1, hlen, buf + hlen + 1, ilen - hlen - 1,
696 mgf_mask( buf + hlen + 1, ilen - hlen - 1, buf + 1, hlen,
704 if( memcmp( lhash, p, hlen ) != 0 )
709 while( *p == 0 && p < buf + ilen )
712 if( p == buf + ilen )
718 if (ilen - (p - buf) > output_max_len)
721 *olen = ilen - (p - buf);
722 memcpy( output, p, *olen );
728 #if defined(POLARSSL_PKCS1_V15)
733 int (*f_rng)(
void *,
unsigned char *,
size_t),
735 int mode,
size_t *olen,
736 const unsigned char *input,
737 unsigned char *output,
738 size_t output_max_len)
740 int ret, correct = 1;
741 size_t ilen, pad_count = 0;
742 unsigned char *p, *q;
751 if( ilen < 16 || ilen >
sizeof( buf ) )
775 while( *p != 0 && p < buf + ilen - 1 )
776 pad_count += ( *p++ != 0 );
778 correct &= ( *p == 0 && p < buf + ilen - 1 );
784 while ( q < buf + ilen - 1 )
785 pad_count += ( *q++ != 0 );
789 correct |= pad_count & 0x100000;
794 while( *p == 0xFF && p < buf + ilen - 1 )
795 pad_count += ( *p++ == 0xFF );
797 correct &= ( *p == 0 && p < buf + ilen - 1 );
803 while ( q < buf + ilen - 1 )
804 pad_count += ( *q++ != 0 );
808 correct |= pad_count & 0x100000;
815 if (ilen - (p - buf) > output_max_len)
818 *olen = ilen - (p - buf);
819 memcpy( output, p, *olen );
829 int (*f_rng)(
void *,
unsigned char *,
size_t),
831 int mode,
size_t *olen,
832 const unsigned char *input,
833 unsigned char *output,
834 size_t output_max_len)
838 #if defined(POLARSSL_PKCS1_V15)
841 input, output, output_max_len );
844 #if defined(POLARSSL_PKCS1_V21)
856 #if defined(POLARSSL_PKCS1_V21)
861 int (*f_rng)(
void *,
unsigned char *,
size_t),
865 unsigned int hashlen,
866 const unsigned char *hash,
870 unsigned char *p = sig;
872 unsigned int slen, hlen, offset = 0;
888 if( md_info == NULL )
895 if( md_info == NULL )
901 if( olen < hlen + slen + 2 )
904 memset( sig, 0, olen );
910 if( ( ret = f_rng( p_rng, salt, slen ) ) != 0 )
916 p += olen - hlen * 2 - 2;
918 memcpy( p, salt, slen );
938 mgf_mask( sig + offset, olen - hlen - 1 - offset, p, hlen, &md_ctx );
943 sig[0] &= 0xFF >> ( olen * 8 - msb );
954 #if defined(POLARSSL_PKCS1_V15)
962 int (*f_rng)(
void *,
unsigned char *,
size_t),
966 unsigned int hashlen,
967 const unsigned char *hash,
970 size_t nb_pad, olen, oid_size = 0;
971 unsigned char *p = sig;
983 if( md_info == NULL )
989 nb_pad -= 10 + oid_size;
996 if( ( nb_pad < 8 ) || ( nb_pad > olen ) )
1001 memset( p, 0xFF, nb_pad );
1007 memcpy( p, hash, hashlen );
1021 *p++ = (
unsigned char) ( 0x08 + oid_size + hashlen );
1023 *p++ = (
unsigned char) ( 0x04 + oid_size );
1025 *p++ = oid_size & 0xFF;
1026 memcpy( p, oid, oid_size );
1032 memcpy( p, hash, hashlen );
1045 int (*f_rng)(
void *,
unsigned char *,
size_t),
1049 unsigned int hashlen,
1050 const unsigned char *hash,
1051 unsigned char *sig )
1055 #if defined(POLARSSL_PKCS1_V15)
1058 hashlen, hash, sig );
1061 #if defined(POLARSSL_PKCS1_V21)
1064 hashlen, hash, sig );
1072 #if defined(POLARSSL_PKCS1_V21)
1077 int (*f_rng)(
void *,
unsigned char *,
size_t),
1081 unsigned int hashlen,
1082 const unsigned char *hash,
1083 const unsigned char *sig )
1090 unsigned char zeros[8];
1101 if( siglen < 16 || siglen >
sizeof( buf ) )
1113 if( buf[siglen - 1] != 0xBC )
1121 if( md_info == NULL )
1128 if( md_info == NULL )
1132 slen = siglen - hlen - 1;
1134 memset( zeros, 0, 8 );
1147 if( buf[0] >> ( 8 - siglen * 8 + msb ) )
1152 mgf_mask( p, siglen - hlen - 1, p + siglen - hlen - 1, hlen, &md_ctx );
1154 buf[0] &= 0xFF >> ( siglen * 8 - msb );
1156 while( *p == 0 && p < buf + siglen )
1159 if( p == buf + siglen ||
1178 if( memcmp( p + slen, result, hlen ) == 0 )
1185 #if defined(POLARSSL_PKCS1_V15)
1190 int (*f_rng)(
void *,
unsigned char *,
size_t),
1194 unsigned int hashlen,
1195 const unsigned char *hash,
1196 const unsigned char *sig )
1199 size_t len, siglen, asn1_len;
1200 unsigned char *p, *end;
1211 if( siglen < 16 || siglen >
sizeof( buf ) )
1223 if( *p++ != 0 || *p++ !=
RSA_SIGN )
1228 if( p >= buf + siglen - 1 || *p != 0xFF )
1234 len = siglen - ( p - buf );
1238 if( memcmp( p, hash, hashlen ) == 0 )
1245 if( md_info == NULL )
1257 if( asn1_len + 2 != len )
1264 if( asn1_len + 6 + hashlen != len )
1276 if( md_alg != msg_md_alg )
1288 if( asn1_len != hashlen )
1291 if( memcmp( p, hash, hashlen ) != 0 )
1307 int (*f_rng)(
void *,
unsigned char *,
size_t),
1311 unsigned int hashlen,
1312 const unsigned char *hash,
1313 const unsigned char *sig )
1317 #if defined(POLARSSL_PKCS1_V15)
1320 hashlen, hash, sig );
1323 #if defined(POLARSSL_PKCS1_V21)
1326 hashlen, hash, sig );
1358 #if !defined(POLARSSL_RSA_NO_CRT)
1378 #if !defined(POLARSSL_RSA_NO_CRT)
1386 #if defined(POLARSSL_THREADING_C)
1391 #if defined(POLARSSL_SELF_TEST)
1400 #define RSA_N "9292758453063D803DD603D5E777D788" \
1401 "8ED1D5BF35786190FA2F23EBC0848AEA" \
1402 "DDA92CA6C3D80B32C4D109BE0F36D6AE" \
1403 "7130B9CED7ACDF54CFC7555AC14EEBAB" \
1404 "93A89813FBF3C4F8066D2D800F7C38A8" \
1405 "1AE31942917403FF4946B0A83D3D3E05" \
1406 "EE57C6F5F5606FB5D4BC6CD34EE0801A" \
1407 "5E94BB77B07507233A0BC7BAC8F90F79"
1409 #define RSA_E "10001"
1411 #define RSA_D "24BF6185468786FDD303083D25E64EFC" \
1412 "66CA472BC44D253102F8B4A9D3BFA750" \
1413 "91386C0077937FE33FA3252D28855837" \
1414 "AE1B484A8A9A45F7EE8C0C634F99E8CD" \
1415 "DF79C5CE07EE72C7F123142198164234" \
1416 "CABB724CF78B8173B9F880FC86322407" \
1417 "AF1FEDFDDE2BEB674CA15F3E81A1521E" \
1418 "071513A1E85B5DFA031F21ECAE91A34D"
1420 #define RSA_P "C36D0EB7FCD285223CFB5AABA5BDA3D8" \
1421 "2C01CAD19EA484A87EA4377637E75500" \
1422 "FCB2005C5C7DD6EC4AC023CDA285D796" \
1423 "C3D9E75E1EFC42488BB4F1D13AC30A57"
1425 #define RSA_Q "C000DF51A7C77AE8D7C7370C1FF55B69" \
1426 "E211C2B9E5DB1ED0BF61D0D9899620F4" \
1427 "910E4168387E3C30AA1E00C339A79508" \
1428 "8452DD96A9A5EA5D9DCA68DA636032AF"
1430 #define RSA_DP "C1ACF567564274FB07A0BBAD5D26E298" \
1431 "3C94D22288ACD763FD8E5600ED4A702D" \
1432 "F84198A5F06C2E72236AE490C93F07F8" \
1433 "3CC559CD27BC2D1CA488811730BB5725"
1435 #define RSA_DQ "4959CBF6F8FEF750AEE6977C155579C7" \
1436 "D8AAEA56749EA28623272E4F7D0592AF" \
1437 "7C1F1313CAC9471B5C523BFE592F517B" \
1438 "407A1BD76C164B93DA2D32A383E58357"
1440 #define RSA_QP "9AE7FBC99546432DF71896FC239EADAE" \
1441 "F38D18D2B2F0E2DD275AA977E2BF4411" \
1442 "F5A3B2A5D33605AEBBCCBA7FEB9F2D2F" \
1443 "A74206CEC169D74BF5A8C50D6F48EA08"
1446 #define RSA_PT "\xAA\xBB\xCC\x03\x02\x01\x00\xFF\xFF\xFF\xFF\xFF" \
1447 "\x11\x22\x33\x0A\x0B\x0C\xCC\xDD\xDD\xDD\xDD\xDD"
1449 #if defined(POLARSSL_PCKS1_V15)
1450 static int myrand(
void *rng_state,
unsigned char *output,
size_t len )
1454 if( rng_state != NULL )
1457 for( i = 0; i < len; ++i )
1469 #if defined(POLARSSL_PCKS1_V15)
1472 unsigned char rsa_plaintext[PT_LEN];
1473 unsigned char rsa_decrypted[PT_LEN];
1474 unsigned char rsa_ciphertext[KEY_LEN];
1475 #if defined(POLARSSL_SHA1_C)
1476 unsigned char sha1sum[20];
1492 printf(
" RSA key validation: " );
1498 printf(
"failed\n" );
1504 printf(
"passed\n PKCS#1 encryption : " );
1506 memcpy( rsa_plaintext, RSA_PT, PT_LEN );
1509 rsa_plaintext, rsa_ciphertext ) != 0 )
1512 printf(
"failed\n" );
1518 printf(
"passed\n PKCS#1 decryption : " );
1521 rsa_ciphertext, rsa_decrypted,
1522 sizeof(rsa_decrypted) ) != 0 )
1525 printf(
"failed\n" );
1530 if( memcmp( rsa_decrypted, rsa_plaintext, len ) != 0 )
1533 printf(
"failed\n" );
1538 #if defined(POLARSSL_SHA1_C)
1540 printf(
"passed\n PKCS#1 data sign : " );
1542 sha1( rsa_plaintext, PT_LEN, sha1sum );
1545 sha1sum, rsa_ciphertext ) != 0 )
1548 printf(
"failed\n" );
1554 printf(
"passed\n PKCS#1 sig. verify: " );
1557 sha1sum, rsa_ciphertext ) != 0 )
1560 printf(
"failed\n" );
1566 printf(
"passed\n\n" );