1 /*
2 * The RSA public-key cryptosystem
3 *
4 * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
5 * SPDX-License-Identifier: Apache-2.0
6 *
7 * Licensed under the Apache License, Version 2.0 (the "License"); you may
8 * not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
10 *
11 * http://www.apache.org/licenses/LICENSE-2.0
12 *
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
15 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 *
19 * This file is part of mbed TLS (https://tls.mbed.org)
20 */
21 /*
22 * The following sources were referenced in the design of this implementation
23 * of the RSA algorithm:
24 *
25 * [1] A method for obtaining digital signatures and public-key cryptosystems
26 * R Rivest, A Shamir, and L Adleman
27 * http://people.csail.mit.edu/rivest/pubs.html#RSA78
28 *
29 * [2] Handbook of Applied Cryptography - 1997, Chapter 8
30 * Menezes, van Oorschot and Vanstone
31 *
32 * [3] Malware Guard Extension: Using SGX to Conceal Cache Attacks
33 * Michael Schwarz, Samuel Weiser, Daniel Gruss, Clémentine Maurice and
34 * Stefan Mangard
35 * https://arxiv.org/abs/1702.08719v2
36 *
37 */
38
39 #include "mbedtls/rsa.h"
40
41 #include <string.h>
42 #include "mbedtls/platform_util.h"
43 #include "mbedtls/rsa_internal.h"
44
45 #if defined(MBEDTLS_PKCS1_V21)
46 #include "mbedtls/md.h"
47 #endif
48
49 #if defined(MBEDTLS_PKCS1_V15) && !defined(__OpenBSD__)
50 #include <stdlib.h>
51 #endif
52
53 #ifdef MBEDTLS_RSA_ALT
54
55 #if defined(MBEDTLS_PLATFORM_C)
56 #include "mbedtls/platform.h"
57 #else
58 #include <stdio.h>
59 #define mbedtls_printf printf
60 #define mbedtls_calloc calloc
61 #define mbedtls_free free
62 #endif
63
64 #if defined(CONFIG_TEE_RSA)
65 #include "drv/tee.h"
66 #endif
67
68 #define RSA_VALIDATE_RET( cond ) \
69 MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_RSA_BAD_INPUT_DATA )
70
71 /*
72 * Initialize an RSA context
73 */
mbedtls_rsa_init(mbedtls_rsa_context * ctx,int padding,int hash_id)74 void mbedtls_rsa_init(mbedtls_rsa_context *ctx, int padding, int hash_id)
75 {
76 memset(ctx, 0, sizeof(mbedtls_rsa_context));
77
78 ctx->padding = padding;
79 ctx->hash_id = hash_id;
80 /* NOTE: set invalid bitwidth to 0 */
81 sc_rsa_init(&ctx->sc_rsa, 0, 0);
82 memset(&ctx->sc_ctx, 0, sizeof(sc_rsa_context_t));
83 }
84
85 /*
86 * Checks whether the context fields are set in such a way
87 * that the RSA primitives will be able to execute without error.
88 * It does *not* make guarantees for consistency of the parameters.
89 */
rsa_check_context(mbedtls_rsa_context const * ctx,int is_priv,int blinding_needed)90 static int rsa_check_context( mbedtls_rsa_context const *ctx, int is_priv,
91 int blinding_needed )
92 {
93 #if !defined(MBEDTLS_RSA_NO_CRT)
94 /* blinding_needed is only used for NO_CRT to decide whether
95 * P,Q need to be present or not. */
96 ((void) blinding_needed);
97 #endif
98
99 if( ctx->len != mbedtls_mpi_size( &ctx->N ) ||
100 ctx->len > MBEDTLS_MPI_MAX_SIZE )
101 {
102 return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
103 }
104
105 /*
106 * 1. Modular exponentiation needs positive, odd moduli.
107 */
108
109 /* Modular exponentiation wrt. N is always used for
110 * RSA public key operations. */
111 if( mbedtls_mpi_cmp_int( &ctx->N, 0 ) <= 0 ||
112 mbedtls_mpi_get_bit( &ctx->N, 0 ) == 0 )
113 {
114 return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
115 }
116
117 #if !defined(MBEDTLS_RSA_NO_CRT)
118 /* Modular exponentiation for P and Q is only
119 * used for private key operations and if CRT
120 * is used. */
121 if( is_priv &&
122 ( mbedtls_mpi_cmp_int( &ctx->P, 0 ) <= 0 ||
123 mbedtls_mpi_get_bit( &ctx->P, 0 ) == 0 ||
124 mbedtls_mpi_cmp_int( &ctx->Q, 0 ) <= 0 ||
125 mbedtls_mpi_get_bit( &ctx->Q, 0 ) == 0 ) )
126 {
127 return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
128 }
129 #endif /* !MBEDTLS_RSA_NO_CRT */
130
131 /*
132 * 2. Exponents must be positive
133 */
134
135 /* Always need E for public key operations */
136 if( mbedtls_mpi_cmp_int( &ctx->E, 0 ) <= 0 )
137 return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
138
139 #if defined(MBEDTLS_RSA_NO_CRT)
140 /* For private key operations, use D or DP & DQ
141 * as (unblinded) exponents. */
142 if( is_priv && mbedtls_mpi_cmp_int( &ctx->D, 0 ) <= 0 )
143 return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
144 #else
145 if( is_priv &&
146 ( mbedtls_mpi_cmp_int( &ctx->DP, 0 ) <= 0 ||
147 mbedtls_mpi_cmp_int( &ctx->DQ, 0 ) <= 0 ) )
148 {
149 return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
150 }
151 #endif /* MBEDTLS_RSA_NO_CRT */
152
153 /* Blinding shouldn't make exponents negative either,
154 * so check that P, Q >= 1 if that hasn't yet been
155 * done as part of 1. */
156 #if defined(MBEDTLS_RSA_NO_CRT)
157 if( is_priv && blinding_needed &&
158 ( mbedtls_mpi_cmp_int( &ctx->P, 0 ) <= 0 ||
159 mbedtls_mpi_cmp_int( &ctx->Q, 0 ) <= 0 ) )
160 {
161 return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
162 }
163 #endif
164
165 /* It wouldn't lead to an error if it wasn't satisfied,
166 * but check for QP >= 1 nonetheless. */
167 #if !defined(MBEDTLS_RSA_NO_CRT)
168 if( is_priv &&
169 mbedtls_mpi_cmp_int( &ctx->QP, 0 ) <= 0 )
170 {
171 return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
172 }
173 #endif
174
175 return( 0 );
176 }
177
178 /*
179 * Check a public RSA key
180 */
mbedtls_rsa_check_pubkey(const mbedtls_rsa_context * ctx)181 int mbedtls_rsa_check_pubkey(const mbedtls_rsa_context *ctx)
182 {
183 RSA_VALIDATE_RET( ctx != NULL );
184
185 if( rsa_check_context( ctx, 0 /* public */, 0 /* no blinding */ ) != 0 ) {
186 return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED );
187 }
188
189 if( mbedtls_mpi_bitlen( &ctx->N ) < 128 )
190 {
191 return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED );
192 }
193
194 if( mbedtls_mpi_get_bit( &ctx->E, 0 ) == 0 ||
195 mbedtls_mpi_bitlen( &ctx->E ) < 2 ||
196 mbedtls_mpi_cmp_mpi( &ctx->E, &ctx->N ) >= 0 )
197 {
198 return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED );
199 }
200
201 return( 0 );
202 }
203
204
205 /*
206 * Check a private RSA key
207 */
mbedtls_rsa_check_privkey(const mbedtls_rsa_context * ctx)208 int mbedtls_rsa_check_privkey(const mbedtls_rsa_context *ctx)
209 {
210 RSA_VALIDATE_RET( ctx != NULL );
211
212 if( mbedtls_rsa_check_pubkey( ctx ) != 0 ||
213 rsa_check_context( ctx, 1 /* private */, 1 /* blinding */ ) != 0 )
214 {
215 return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED );
216 }
217
218 if( mbedtls_rsa_validate_params( &ctx->N, &ctx->P, &ctx->Q,
219 &ctx->D, &ctx->E, NULL, NULL ) != 0 )
220 {
221 return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED );
222 }
223
224 #if !defined(MBEDTLS_RSA_NO_CRT)
225 else if( mbedtls_rsa_validate_crt( &ctx->P, &ctx->Q, &ctx->D,
226 &ctx->DP, &ctx->DQ, &ctx->QP ) != 0 )
227 {
228 return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED );
229 }
230 #endif
231
232 return( 0 );
233 }
234
235 /*
236 * Check if contexts holding a public and private key match
237 */
mbedtls_rsa_check_pub_priv(const mbedtls_rsa_context * pub,const mbedtls_rsa_context * prv)238 int mbedtls_rsa_check_pub_priv(const mbedtls_rsa_context *pub, const mbedtls_rsa_context *prv)
239 {
240 if (mbedtls_rsa_check_pubkey(pub) != 0 || mbedtls_rsa_check_privkey(prv) != 0) {
241 return (MBEDTLS_ERR_RSA_KEY_CHECK_FAILED);
242 }
243
244 if (mbedtls_mpi_cmp_mpi(&pub->N, &prv->N) != 0 || mbedtls_mpi_cmp_mpi(&pub->E, &prv->E) != 0) {
245 return (MBEDTLS_ERR_RSA_KEY_CHECK_FAILED);
246 }
247
248 return (0);
249 }
250
251 /*
252 * Add the message padding, then do an RSA operation
253 */
mbedtls_rsa_pkcs1_encrypt(mbedtls_rsa_context * ctx,int (* f_rng)(void *,unsigned char *,size_t),void * p_rng,int mode,size_t ilen,const unsigned char * input,unsigned char * output)254 int mbedtls_rsa_pkcs1_encrypt(mbedtls_rsa_context *ctx,
255 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, int mode,
256 size_t ilen, const unsigned char *input, unsigned char *output)
257 {
258 int ret = 0;
259 unsigned int output_len = 128;
260 unsigned char *key;
261 unsigned int key_size = 0;
262 (void)f_rng;
263 (void)p_rng;
264 (void)mode;
265 (void)output_len;
266
267 /*for now Only support RSA1024 and RSA2048*/
268 if (ctx->len != 128 && ctx->len != 256) {
269 return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
270 }
271
272 switch (ctx->padding) {
273 #if defined(MBEDTLS_PKCS1_V15)
274
275 case MBEDTLS_RSA_PKCS_V15:
276 key_size = mbedtls_mpi_size(&ctx->N);
277 key = (unsigned char *)mbedtls_calloc(1, key_size * 2);
278
279 if (!key) {
280 return MBEDTLS_ERR_RSA_PUBLIC_FAILED;
281 }
282
283 mbedtls_mpi_write_binary(&ctx->N, key, key_size);
284 mbedtls_mpi_write_binary(&ctx->E, key + key_size, key_size);
285
286 unsigned char *new_output = mbedtls_calloc(1, 256);
287 (void)ret;
288 #if defined(CONFIG_TEE_RSA)
289 ret = csi_tee_rsa_encrypt(input, ilen,
290 key, key_size * 2,
291 new_output, &output_len,
292 TEE_RSA_PKCS1_PADDING);
293 #endif
294 ctx->sc_ctx.key_bits = ctx->len * 8;
295 ctx->sc_ctx.padding_type = SC_RSA_PADDING_MODE_PKCS1;
296 ctx->sc_ctx.n = key;
297 ctx->sc_ctx.e = key + key_size;
298 ret = sc_rsa_encrypt(&ctx->sc_rsa, &ctx->sc_ctx, (void *)input, ilen, new_output);
299 memcpy(output, new_output, ctx->len);
300
301 mbedtls_free(key);
302 mbedtls_free(new_output);
303
304 if (ret) {
305 return MBEDTLS_ERR_RSA_PUBLIC_FAILED;
306 }
307 return 0;
308
309 default:
310 return (MBEDTLS_ERR_RSA_INVALID_PADDING);
311 }
312 #endif
313 }
314
315 /*
316 * Do an RSA operation, then remove the message padding
317 */
mbedtls_rsa_pkcs1_decrypt(mbedtls_rsa_context * ctx,int (* f_rng)(void *,unsigned char *,size_t),void * p_rng,int mode,size_t * olen,const unsigned char * input,unsigned char * output,size_t output_max_len)318 int mbedtls_rsa_pkcs1_decrypt(mbedtls_rsa_context *ctx,
319 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, int mode,
320 size_t *olen, const unsigned char *input, unsigned char *output,
321 size_t output_max_len)
322 {
323 unsigned char *key;
324 unsigned int key_size = 0;
325 int ret = 0;
326
327 (void)f_rng;
328 (void)p_rng;
329 (void)mode;
330 (void)output_max_len;
331 (void)ret;
332
333 /*for now Only support RSA1024 and RSA2048*/
334 if (ctx->len != 128 && ctx->len != 256) {
335 return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
336 }
337
338 switch (ctx->padding) {
339 #if defined(MBEDTLS_PKCS1_V15)
340
341 case MBEDTLS_RSA_PKCS_V15:
342 key_size = mbedtls_mpi_size(&ctx->N);
343 key = (unsigned char *)mbedtls_calloc(1, key_size * 3);
344
345 if (!key) {
346 return MBEDTLS_ERR_RSA_PUBLIC_FAILED;
347 }
348
349 mbedtls_mpi_write_binary(&ctx->N, key, key_size);
350 mbedtls_mpi_write_binary(&ctx->E, key + key_size, key_size);
351 mbedtls_mpi_write_binary(&ctx->D, key + key_size + key_size, key_size);
352
353 #if defined(CONFIG_TEE_RSA)
354 ret = csi_tee_rsa_decrypt(input, ctx->len,
355 key, key_size * 3,
356 output, olen,
357 TEE_RSA_PKCS1_PADDING);
358 #endif
359
360 ctx->sc_ctx.key_bits = ctx->len * 8;
361 ctx->sc_ctx.padding_type = SC_RSA_PADDING_MODE_PKCS1;
362 ctx->sc_ctx.n = key;
363 ctx->sc_ctx.e = key + key_size;
364 ctx->sc_ctx.d = key + key_size + key_size;
365 ret = sc_rsa_decrypt(&ctx->sc_rsa, &ctx->sc_ctx, (void *)input, ctx->len, output, olen);
366 mbedtls_free(key);
367 if (ret) {
368 return MBEDTLS_ERR_RSA_PRIVATE_FAILED;
369 }
370 break;
371 default:
372 return (MBEDTLS_ERR_RSA_INVALID_PADDING);
373 }
374
375 return 0;
376 }
377
378 /*
379 * Do an RSA operation to sign the message digest
380 */
mbedtls_rsa_pkcs1_sign(mbedtls_rsa_context * ctx,int (* f_rng)(void *,unsigned char *,size_t),void * p_rng,int mode,mbedtls_md_type_t md_alg,unsigned int hashlen,const unsigned char * hash,unsigned char * sig)381 int mbedtls_rsa_pkcs1_sign(mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t),
382 void *p_rng, int mode, mbedtls_md_type_t md_alg, unsigned int hashlen,
383 const unsigned char *hash, unsigned char *sig)
384 {
385 unsigned char type;
386 int ret = 0;
387 unsigned int sig_len = 0;
388 unsigned char *key;
389 unsigned int key_size = 0;
390
391 (void)f_rng;
392 (void)p_rng;
393 (void)mode;
394 (void)sig_len;
395
396 /*for now Only support RSA1024 and RSA2048*/
397 if (ctx->len != 128 && ctx->len != 256) {
398 return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
399 }
400
401 if (md_alg != MBEDTLS_MD_NONE) {
402 const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type(md_alg);
403 hashlen = mbedtls_md_get_size(md_info);
404 }
405
406 #if defined(CONFIG_TEE_RSA)
407 if (md_alg == MBEDTLS_MD_MD5) {
408 type = TEE_RSA_MD5;
409 } else if (md_alg == MBEDTLS_MD_SHA1) {
410 type = TEE_RSA_SHA1;
411 } else if (md_alg == MBEDTLS_MD_SHA256) {
412 type = TEE_RSA_SHA256;
413 } else {
414 return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
415 }
416 #endif
417
418 if (md_alg == MBEDTLS_MD_MD5) {
419 type = SC_RSA_HASH_TYPE_MD5;
420 } else if (md_alg == MBEDTLS_MD_SHA1) {
421 type = SC_RSA_HASH_TYPE_SHA1;
422 } else if (md_alg == MBEDTLS_MD_SHA256) {
423 type = SC_RSA_HASH_TYPE_SHA256;
424 } else {
425 return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
426 }
427 (void)type;
428
429 switch (ctx->padding) {
430 #if defined(MBEDTLS_PKCS1_V15)
431
432 case MBEDTLS_RSA_PKCS_V15:
433 key_size = mbedtls_mpi_size(&ctx->N);
434 key = (unsigned char *)mbedtls_calloc(1, key_size * 3);
435
436 if (!key) {
437 return MBEDTLS_ERR_RSA_PUBLIC_FAILED;
438 }
439
440 mbedtls_mpi_write_binary(&ctx->N, key, key_size);
441 mbedtls_mpi_write_binary(&ctx->E, key + key_size, key_size);
442 mbedtls_mpi_write_binary(&ctx->D, key + key_size + key_size, key_size);
443 (void)ret;
444 #if defined(CONFIG_TEE_RSA)
445 ret = csi_tee_rsa_sign(hash, hashlen, key, key_size * 3, sig, &sig_len, type);
446 #endif
447
448 ctx->sc_ctx.key_bits = ctx->len * 8;
449 ctx->sc_ctx.padding_type = SC_RSA_PADDING_MODE_PKCS1;
450 ctx->sc_ctx.n = key;
451 ctx->sc_ctx.e = key + key_size;
452 ctx->sc_ctx.d = key + key_size + key_size;
453 ret = sc_rsa_sign(&ctx->sc_rsa, &ctx->sc_ctx, (void *)hash, hashlen, sig, type);
454 mbedtls_free(key);
455 if (ret) {
456 return MBEDTLS_ERR_RSA_PRIVATE_FAILED;
457 }
458
459 break;
460 #endif
461 default:
462 return (MBEDTLS_ERR_RSA_INVALID_PADDING);
463 }
464
465 return 0;
466 }
467
468 /*
469 * Do an RSA operation and check the message digest
470 */
mbedtls_rsa_pkcs1_verify(mbedtls_rsa_context * ctx,int (* f_rng)(void *,unsigned char *,size_t),void * p_rng,int mode,mbedtls_md_type_t md_alg,unsigned int hashlen,const unsigned char * hash,const unsigned char * sig)471 int mbedtls_rsa_pkcs1_verify(mbedtls_rsa_context *ctx,
472 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, int mode,
473 mbedtls_md_type_t md_alg, unsigned int hashlen,
474 const unsigned char *hash, const unsigned char *sig)
475 {
476 unsigned char type;
477 int ret = 0;
478 unsigned char *key;
479 unsigned int key_size = 0;
480
481 (void)f_rng;
482 (void)p_rng;
483 (void)mode;
484
485 /*for now Only support RSA1024 and RSA2048*/
486 if (ctx->len != 128 && ctx->len != 256) {
487 return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
488 }
489
490 if (md_alg != MBEDTLS_MD_NONE) {
491 const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type(md_alg);
492 hashlen = mbedtls_md_get_size(md_info);
493 }
494
495 #if defined(CONFIG_TEE_RSA)
496 if (md_alg == MBEDTLS_MD_MD5) {
497 type = TEE_RSA_MD5;
498 } else if (md_alg == MBEDTLS_MD_SHA1) {
499 type = TEE_RSA_SHA1;
500 } else if (md_alg == MBEDTLS_MD_SHA256) {
501 type = TEE_RSA_SHA256;
502 } else {
503 return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
504 }
505 #endif
506
507 if (md_alg == MBEDTLS_MD_MD5) {
508 type = SC_RSA_HASH_TYPE_MD5;
509 } else if (md_alg == MBEDTLS_MD_SHA1) {
510 type = SC_RSA_HASH_TYPE_SHA1;
511 } else if (md_alg == MBEDTLS_MD_SHA256) {
512 type = SC_RSA_HASH_TYPE_SHA256;
513 } else {
514 return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
515 }
516
517 switch (ctx->padding) {
518 #if defined(MBEDTLS_PKCS1_V15)
519
520 case MBEDTLS_RSA_PKCS_V15:
521 key_size = mbedtls_mpi_size(&ctx->N);
522 key = (unsigned char *)mbedtls_calloc(1, key_size * 2);
523
524 if (!key) {
525 return MBEDTLS_ERR_RSA_PUBLIC_FAILED;
526 }
527
528 mbedtls_mpi_write_binary(&ctx->N, key, key_size);
529 mbedtls_mpi_write_binary(&ctx->E, key + key_size, key_size);
530 unsigned char *new_sig = mbedtls_calloc(1, 256);
531 memcpy(new_sig, sig, 256);
532
533 (void)type;
534 #if defined(CONFIG_TEE_RSA)
535 ret = csi_tee_rsa_verify((uint8_t *)hash, hashlen, key, key_size * 2,
536 (uint8_t *)new_sig, ctx->len, type);
537 #endif
538 ctx->sc_ctx.key_bits = ctx->len * 8;
539 ctx->sc_ctx.padding_type = SC_RSA_PADDING_MODE_PKCS1;
540 ctx->sc_ctx.n = key;
541 ctx->sc_ctx.e = key + key_size;
542 ret = sc_rsa_verify(&ctx->sc_rsa, &ctx->sc_ctx, (void *)hash, hashlen, new_sig,
543 ctx->len, type);
544 mbedtls_free(new_sig);
545
546 mbedtls_free(key);
547 if (ret) {
548 /* success */
549 return 0;
550 } else {
551 return MBEDTLS_ERR_RSA_PRIVATE_FAILED;
552 }
553 #endif
554
555 default:
556 ret = (MBEDTLS_ERR_RSA_INVALID_PADDING);
557 }
558 return ret;
559 }
560
mbedtls_rsa_get_len(const mbedtls_rsa_context * ctx)561 size_t mbedtls_rsa_get_len( const mbedtls_rsa_context *ctx )
562 {
563 return( ctx->len );
564 }
565
mbedtls_rsa_complete(mbedtls_rsa_context * ctx)566 int mbedtls_rsa_complete( mbedtls_rsa_context *ctx )
567 {
568 return 0;
569 }
570
571
mbedtls_rsa_import(mbedtls_rsa_context * ctx,const mbedtls_mpi * N,const mbedtls_mpi * P,const mbedtls_mpi * Q,const mbedtls_mpi * D,const mbedtls_mpi * E)572 int mbedtls_rsa_import( mbedtls_rsa_context *ctx,
573 const mbedtls_mpi *N,
574 const mbedtls_mpi *P, const mbedtls_mpi *Q,
575 const mbedtls_mpi *D, const mbedtls_mpi *E )
576 {
577 int ret;
578 RSA_VALIDATE_RET( ctx != NULL );
579
580 if( ( N != NULL && ( ret = mbedtls_mpi_copy( &ctx->N, N ) ) != 0 ) ||
581 ( P != NULL && ( ret = mbedtls_mpi_copy( &ctx->P, P ) ) != 0 ) ||
582 ( Q != NULL && ( ret = mbedtls_mpi_copy( &ctx->Q, Q ) ) != 0 ) ||
583 ( D != NULL && ( ret = mbedtls_mpi_copy( &ctx->D, D ) ) != 0 ) ||
584 ( E != NULL && ( ret = mbedtls_mpi_copy( &ctx->E, E ) ) != 0 ) )
585 {
586 return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA + ret );
587 }
588
589 if( N != NULL )
590 ctx->len = mbedtls_mpi_size( &ctx->N );
591
592 return( 0 );
593 }
594
mbedtls_rsa_import_raw(mbedtls_rsa_context * ctx,unsigned char const * N,size_t N_len,unsigned char const * P,size_t P_len,unsigned char const * Q,size_t Q_len,unsigned char const * D,size_t D_len,unsigned char const * E,size_t E_len)595 int mbedtls_rsa_import_raw( mbedtls_rsa_context *ctx,
596 unsigned char const *N, size_t N_len,
597 unsigned char const *P, size_t P_len,
598 unsigned char const *Q, size_t Q_len,
599 unsigned char const *D, size_t D_len,
600 unsigned char const *E, size_t E_len )
601 {
602 int ret = 0;
603
604 if( N != NULL )
605 {
606 MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &ctx->N, N, N_len ) );
607 ctx->len = mbedtls_mpi_size( &ctx->N );
608 }
609
610 if( P != NULL )
611 MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &ctx->P, P, P_len ) );
612
613 if( Q != NULL )
614 MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &ctx->Q, Q, Q_len ) );
615
616 if( D != NULL )
617 MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &ctx->D, D, D_len ) );
618
619 if( E != NULL )
620 MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &ctx->E, E, E_len ) );
621
622 cleanup:
623
624 if( ret != 0 )
625 return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA + ret );
626
627 return( 0 );
628 }
629
630 /*
631 * Free the components of an RSA key
632 */
mbedtls_rsa_free(mbedtls_rsa_context * ctx)633 void mbedtls_rsa_free(mbedtls_rsa_context *ctx)
634 {
635 mbedtls_mpi_free(&ctx->D);
636 mbedtls_mpi_free(&ctx->E);
637 mbedtls_mpi_free(&ctx->N);
638
639 #if defined(MBEDTLS_THREADING_C)
640 mbedtls_mutex_free(&ctx->mutex);
641 #endif
642 sc_rsa_uninit(&ctx->sc_rsa);
643 memset(&ctx->sc_ctx, 0, sizeof(sc_rsa_context_t));
644 }
645 #endif
646
647 #endif /* MBEDTLS_RSA_ALT */