Move RSA blinding API from rsa_crpt.c to rsa_blinding.c

author: tb <> 2023-08-09 09:26:43 +0000
committer: tb <> 2023-08-09 09:26:43 +0000
commit: c7d7d3762cea9b7435220c2724efbd13b197f084 (patch)
tree: c83f12254ba95625343fa944e5fa999a85229a0a /src/lib/libcrypto/rsa/rsa_blinding.c
parent: 740758f21136fde8a6854e0cf1924236fcabd70b (diff)
download: openbsd-c7d7d3762cea9b7435220c2724efbd13b197f084.tar.gz
openbsd-c7d7d3762cea9b7435220c2724efbd13b197f084.tar.bz2
openbsd-c7d7d3762cea9b7435220c2724efbd13b197f084.zip
1 files changed, 101 insertions, 1 deletions
diff --git a/src/lib/libcrypto/rsa/rsa_blinding.c b/src/lib/libcrypto/rsa/rsa_blinding.c
index bc267b1c51..e6fd67242d 100644
--- a/src/lib/libcrypto/rsa/rsa_blinding.c
+++ b/src/lib/libcrypto/rsa/rsa_blinding.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: rsa_blinding.c,v 1.1 2023/08/09 09:23:03 tb Exp $ */
+/* $OpenBSD: rsa_blinding.c,v 1.2 2023/08/09 09:26:43 tb Exp $ */
 /* ====================================================================
 * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.
 *
@@ -259,3 +259,103 @@ BN_BLINDING_thread_id(BN_BLINDING *b)
 {
        return &b->tid;
 }
+static BIGNUM *
+rsa_get_public_exp(const BIGNUM *d, const BIGNUM *p, const BIGNUM *q,
+    BN_CTX *ctx)
+{
+        BIGNUM *ret = NULL, *r0, *r1, *r2;
+        if (d == NULL || p == NULL || q == NULL)
+                return NULL;
+        BN_CTX_start(ctx);
+        if ((r0 = BN_CTX_get(ctx)) == NULL)
+                goto err;
+        if ((r1 = BN_CTX_get(ctx)) == NULL)
+                goto err;
+        if ((r2 = BN_CTX_get(ctx)) == NULL)
+                goto err;
+        if (!BN_sub(r1, p, BN_value_one()))
+                goto err;
+        if (!BN_sub(r2, q, BN_value_one()))
+                goto err;
+        if (!BN_mul(r0, r1, r2, ctx))
+                goto err;
+        ret = BN_mod_inverse_ct(NULL, d, r0, ctx);
+err:
+        BN_CTX_end(ctx);
+        return ret;
+}
+BN_BLINDING *
+RSA_setup_blinding(RSA *rsa, BN_CTX *in_ctx)
+{
+        BIGNUM *e = NULL;
+        BIGNUM n;
+        BN_CTX *ctx = NULL;
+        BN_BLINDING *ret = NULL;
+        if ((ctx = in_ctx) == NULL)
+                ctx = BN_CTX_new();
+        if (ctx == NULL)
+                goto err;
+        BN_CTX_start(ctx);
+        if ((e = rsa->e) == NULL)
+                e = rsa_get_public_exp(rsa->d, rsa->p, rsa->q, ctx);
+        if (e == NULL) {
+                RSAerror(RSA_R_NO_PUBLIC_EXPONENT);
+                goto err;
+        }
+        BN_init(&n);
+        BN_with_flags(&n, rsa->n, BN_FLG_CONSTTIME);
+        if ((ret = BN_BLINDING_new(e, &n, ctx, rsa->meth->bn_mod_exp,
+            rsa->_method_mod_n)) == NULL) {
+                RSAerror(ERR_R_BN_LIB);
+                goto err;
+        }
+        CRYPTO_THREADID_current(BN_BLINDING_thread_id(ret));
+ err:
+        BN_CTX_end(ctx);
+        if (ctx != in_ctx)
+                BN_CTX_free(ctx);
+        if (e != rsa->e)
+                BN_free(e);
+        return ret;
+}
+void
+RSA_blinding_off(RSA *rsa)
+{
+        BN_BLINDING_free(rsa->blinding);
+        rsa->blinding = NULL;
+        rsa->flags |= RSA_FLAG_NO_BLINDING;
+}
+LCRYPTO_ALIAS(RSA_blinding_off);
+int
+RSA_blinding_on(RSA *rsa, BN_CTX *ctx)
+{
+        int ret = 0;
+        if (rsa->blinding != NULL)
+                RSA_blinding_off(rsa);
+        rsa->blinding = RSA_setup_blinding(rsa, ctx);
+        if (rsa->blinding == NULL)
+                goto err;
+        rsa->flags &= ~RSA_FLAG_NO_BLINDING;
+        ret = 1;
+err:
+        return (ret);
+}
+LCRYPTO_ALIAS(RSA_blinding_on);
author	tb <>	2023-08-09 09:26:43 +0000
committer	tb <>	2023-08-09 09:26:43 +0000
commit	c7d7d3762cea9b7435220c2724efbd13b197f084 (patch)
tree	c83f12254ba95625343fa944e5fa999a85229a0a /src/lib/libcrypto/rsa/rsa_blinding.c
parent	740758f21136fde8a6854e0cf1924236fcabd70b (diff)
download	openbsd-c7d7d3762cea9b7435220c2724efbd13b197f084.tar.gz openbsd-c7d7d3762cea9b7435220c2724efbd13b197f084.tar.bz2 openbsd-c7d7d3762cea9b7435220c2724efbd13b197f084.zip

diff --git a/src/lib/libcrypto/rsa/rsa_blinding.c b/src/lib/libcrypto/rsa/rsa_blinding.c index bc267b1c51..e6fd67242d 100644 --- a/src/lib/libcrypto/rsa/rsa_blinding.c +++ b/src/lib/libcrypto/rsa/rsa_blinding.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: rsa_blinding.c,v 1.1 2023/08/09 09:23:03 tb Exp $ */	1	/* $OpenBSD: rsa_blinding.c,v 1.2 2023/08/09 09:26:43 tb Exp $ */
2	/* ====================================================================	2	/* ====================================================================
3	* Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.	3	* Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
4	*	4	*
@@ -259,3 +259,103 @@ BN_BLINDING_thread_id(BN_BLINDING *b)
259	{	259	{
260	return &b->tid;	260	return &b->tid;
261	}	261	}
		262
		263	static BIGNUM *
		264	rsa_get_public_exp(const BIGNUM d, const BIGNUM p, const BIGNUM *q,
		265	BN_CTX *ctx)
		266	{
		267	BIGNUM ret = NULL, r0, r1, r2;
		268
		269	if (d == NULL \|\| p == NULL \|\| q == NULL)
		270	return NULL;
		271
		272	BN_CTX_start(ctx);
		273	if ((r0 = BN_CTX_get(ctx)) == NULL)
		274	goto err;
		275	if ((r1 = BN_CTX_get(ctx)) == NULL)
		276	goto err;
		277	if ((r2 = BN_CTX_get(ctx)) == NULL)
		278	goto err;
		279
		280	if (!BN_sub(r1, p, BN_value_one()))
		281	goto err;
		282	if (!BN_sub(r2, q, BN_value_one()))
		283	goto err;
		284	if (!BN_mul(r0, r1, r2, ctx))
		285	goto err;
		286
		287	ret = BN_mod_inverse_ct(NULL, d, r0, ctx);
		288	err:
		289	BN_CTX_end(ctx);
		290	return ret;
		291	}
		292
		293	BN_BLINDING *
		294	RSA_setup_blinding(RSA rsa, BN_CTX in_ctx)
		295	{
		296	BIGNUM *e = NULL;
		297	BIGNUM n;
		298	BN_CTX *ctx = NULL;
		299	BN_BLINDING *ret = NULL;
		300
		301	if ((ctx = in_ctx) == NULL)
		302	ctx = BN_CTX_new();
		303	if (ctx == NULL)
		304	goto err;
		305
		306	BN_CTX_start(ctx);
		307
		308	if ((e = rsa->e) == NULL)
		309	e = rsa_get_public_exp(rsa->d, rsa->p, rsa->q, ctx);
		310	if (e == NULL) {
		311	RSAerror(RSA_R_NO_PUBLIC_EXPONENT);
		312	goto err;
		313	}
		314
		315	BN_init(&n);
		316	BN_with_flags(&n, rsa->n, BN_FLG_CONSTTIME);
		317
		318	if ((ret = BN_BLINDING_new(e, &n, ctx, rsa->meth->bn_mod_exp,
		319	rsa->_method_mod_n)) == NULL) {
		320	RSAerror(ERR_R_BN_LIB);
		321	goto err;
		322	}
		323	CRYPTO_THREADID_current(BN_BLINDING_thread_id(ret));
		324
		325	err:
		326	BN_CTX_end(ctx);
		327	if (ctx != in_ctx)
		328	BN_CTX_free(ctx);
		329	if (e != rsa->e)
		330	BN_free(e);
		331
		332	return ret;
		333	}
		334
		335	void
		336	RSA_blinding_off(RSA *rsa)
		337	{
		338	BN_BLINDING_free(rsa->blinding);
		339	rsa->blinding = NULL;
		340	rsa->flags \|= RSA_FLAG_NO_BLINDING;
		341	}
		342	LCRYPTO_ALIAS(RSA_blinding_off);
		343
		344	int
		345	RSA_blinding_on(RSA rsa, BN_CTX ctx)
		346	{
		347	int ret = 0;
		348
		349	if (rsa->blinding != NULL)
		350	RSA_blinding_off(rsa);
		351
		352	rsa->blinding = RSA_setup_blinding(rsa, ctx);
		353	if (rsa->blinding == NULL)
		354	goto err;
		355
		356	rsa->flags &= ~RSA_FLAG_NO_BLINDING;
		357	ret = 1;
		358	err:
		359	return (ret);
		360	}
		361	LCRYPTO_ALIAS(RSA_blinding_on);