Refactored RSA to have random generator in every RSA operation

Primarily so that rsa_private() receives an RNG for blinding purposes.
2025-07-28 00:21:48 +03:00 · 2013-08-30 10:30:02 +02:00
parent ca174fef80
commit 548957dd49
11 changed files with 132 additions and 49 deletions
--- a/include/polarssl/rsa.h
+++ b/include/polarssl/rsa.h
@ -176,6 +176,8 @@ int rsa_public( rsa_context *ctx,
 * \brief          Do an RSA private key operation
 *
 * \param ctx      RSA context
+ * \param f_rng    RNG function (Needed for blinding)
+ * \param p_rng    RNG parameter
 * \param input    input buffer
 * \param output   output buffer
 *
@ -185,6 +187,8 @@ int rsa_public( rsa_context *ctx,
 *                 enough (eg. 128 bytes if RSA-1024 is used).
 */
 int rsa_private( rsa_context *ctx,
+                 int (*f_rng)(void *, unsigned char *, size_t),
+                 void *p_rng,
                 const unsigned char *input,
                 unsigned char *output );

@ -194,7 +198,8 @@ int rsa_private( rsa_context *ctx,
 *                 RSA operation.
 *
 * \param ctx      RSA context
- * \param f_rng    RNG function (Needed for padding and PKCS#1 v2.1 encoding)
+ * \param f_rng    RNG function (Needed for padding and PKCS#1 v2.1 encoding
+ *                               and RSA_PRIVATE)
 * \param p_rng    RNG parameter
 * \param mode     RSA_PUBLIC or RSA_PRIVATE
 * \param ilen     contains the plaintext length
@ -217,7 +222,7 @@ int rsa_pkcs1_encrypt( rsa_context *ctx,
 * \brief          Perform a PKCS#1 v1.5 encryption (RSAES-PKCS1-v1_5-ENCRYPT)
 *
 * \param ctx      RSA context
- * \param f_rng    RNG function (Needed for padding)
+ * \param f_rng    RNG function (Needed for padding and RSA_PRIVATE)
 * \param p_rng    RNG parameter
 * \param mode     RSA_PUBLIC or RSA_PRIVATE
 * \param ilen     contains the plaintext length
@ -240,7 +245,8 @@ int rsa_rsaes_pkcs1_v15_encrypt( rsa_context *ctx,
 * \brief          Perform a PKCS#1 v2.1 OAEP encryption (RSAES-OAEP-ENCRYPT)
 *
 * \param ctx      RSA context
- * \param f_rng    RNG function (Needed for padding and PKCS#1 v2.1 encoding)
+ * \param f_rng    RNG function (Needed for padding and PKCS#1 v2.1 encoding
+ *                               and RSA_PRIVATE)
 * \param p_rng    RNG parameter
 * \param mode     RSA_PUBLIC or RSA_PRIVATE
 * \param label    buffer holding the custom label to use
@ -269,6 +275,8 @@ int rsa_rsaes_oaep_encrypt( rsa_context *ctx,
 *                 the message padding
 *
 * \param ctx      RSA context
+ * \param f_rng    RNG function (Only required for RSA_PRIVATE)
+ * \param p_rng    RNG parameter
 * \param mode     RSA_PUBLIC or RSA_PRIVATE
 * \param olen     will contain the plaintext length
 * \param input    buffer holding the encrypted data
@ -282,6 +290,8 @@ int rsa_rsaes_oaep_encrypt( rsa_context *ctx,
 *                 an error is thrown.
 */
 int rsa_pkcs1_decrypt( rsa_context *ctx,
+                       int (*f_rng)(void *, unsigned char *, size_t),
+                       void *p_rng,
                       int mode, size_t *olen,
                       const unsigned char *input,
                       unsigned char *output,
@ -291,6 +301,8 @@ int rsa_pkcs1_decrypt( rsa_context *ctx,
 * \brief          Perform a PKCS#1 v1.5 decryption (RSAES-PKCS1-v1_5-DECRYPT)
 *
 * \param ctx      RSA context
+ * \param f_rng    RNG function (Only required for RSA_PRIVATE)
+ * \param p_rng    RNG parameter
 * \param mode     RSA_PUBLIC or RSA_PRIVATE
 * \param olen     will contain the plaintext length
 * \param input    buffer holding the encrypted data
@ -304,6 +316,8 @@ int rsa_pkcs1_decrypt( rsa_context *ctx,
 *                 an error is thrown.
 */
 int rsa_rsaes_pkcs1_v15_decrypt( rsa_context *ctx,
+                                 int (*f_rng)(void *, unsigned char *, size_t),
+                                 void *p_rng,
                                 int mode, size_t *olen,
                                 const unsigned char *input,
                                 unsigned char *output,
@ -313,6 +327,8 @@ int rsa_rsaes_pkcs1_v15_decrypt( rsa_context *ctx,
 * \brief          Perform a PKCS#1 v2.1 OAEP decryption (RSAES-OAEP-DECRYPT)
 *
 * \param ctx      RSA context
+ * \param f_rng    RNG function (Only required for RSA_PRIVATE)
+ * \param p_rng    RNG parameter
 * \param mode     RSA_PUBLIC or RSA_PRIVATE
 * \param label    buffer holding the custom label to use
 * \param label_len contains the label length
@ -328,6 +344,8 @@ int rsa_rsaes_pkcs1_v15_decrypt( rsa_context *ctx,
 *                 an error is thrown.
 */
 int rsa_rsaes_oaep_decrypt( rsa_context *ctx,
+                            int (*f_rng)(void *, unsigned char *, size_t),
+                            void *p_rng,
                            int mode,
                            const unsigned char *label, size_t label_len,
                            size_t *olen,
@ -341,7 +359,8 @@ int rsa_rsaes_oaep_decrypt( rsa_context *ctx,
 *                 a message digest
 *
 * \param ctx      RSA context
- * \param f_rng    RNG function (Needed for PKCS#1 v2.1 encoding)
+ * \param f_rng    RNG function (Needed for PKCS#1 v2.1 encoding and for
+ *                               RSA_PRIVATE)
 * \param p_rng    RNG parameter
 * \param mode     RSA_PUBLIC or RSA_PRIVATE
 * \param md_alg   a POLARSSL_MD_* (use POLARSSL_MD_NONE for signing raw data)
@ -374,6 +393,8 @@ int rsa_pkcs1_sign( rsa_context *ctx,
 * \brief          Perform a PKCS#1 v1.5 signature (RSASSA-PKCS1-v1_5-SIGN)
 *
 * \param ctx      RSA context
+ * \param f_rng    RNG function (Only required for RSA_PRIVATE)
+ * \param p_rng    RNG parameter
 * \param mode     RSA_PUBLIC or RSA_PRIVATE
 * \param md_alg   a POLARSSL_MD_* (use POLARSSL_MD_NONE for signing raw data)
 * \param hashlen  message digest length (for POLARSSL_MD_NONE only)
@ -387,6 +408,8 @@ int rsa_pkcs1_sign( rsa_context *ctx,
 *                 of ctx->N (eg. 128 bytes if RSA-1024 is used).
 */
 int rsa_rsassa_pkcs1_v15_sign( rsa_context *ctx,
+                               int (*f_rng)(void *, unsigned char *, size_t),
+                               void *p_rng,
                               int mode,
                               md_type_t md_alg,
                               unsigned int hashlen,
@ -397,7 +420,8 @@ int rsa_rsassa_pkcs1_v15_sign( rsa_context *ctx,
 * \brief          Perform a PKCS#1 v2.1 PSS signature (RSASSA-PSS-SIGN)
 *
 * \param ctx      RSA context
- * \param f_rng    RNG function (Needed for PKCS#1 v2.1 encoding)
+ * \param f_rng    RNG function (Needed for PKCS#1 v2.1 encoding and for
+ *                               RSA_PRIVATE)
 * \param p_rng    RNG parameter
 * \param mode     RSA_PUBLIC or RSA_PRIVATE
 * \param md_alg   a POLARSSL_MD_* (use POLARSSL_MD_NONE for signing raw data)
@ -432,6 +456,8 @@ int rsa_rsassa_pss_sign( rsa_context *ctx,
 *                 the message digest
 *
 * \param ctx      points to an RSA public key
+ * \param f_rng    RNG function (Only required for RSA_PRIVATE)
+ * \param p_rng    RNG parameter
 * \param mode     RSA_PUBLIC or RSA_PRIVATE
 * \param md_alg   a POLARSSL_MD_* (use POLARSSL_MD_NONE for signing raw data)
 * \param hashlen  message digest length (for POLARSSL_MD_NONE only)
@ -451,6 +477,8 @@ int rsa_rsassa_pss_sign( rsa_context *ctx,
 *                 keep both hashes the same.
 */
 int rsa_pkcs1_verify( rsa_context *ctx,
+                      int (*f_rng)(void *, unsigned char *, size_t),
+                      void *p_rng,
                      int mode,
                      md_type_t md_alg,
                      unsigned int hashlen,
@ -461,6 +489,8 @@ int rsa_pkcs1_verify( rsa_context *ctx,
 * \brief          Perform a PKCS#1 v1.5 verification (RSASSA-PKCS1-v1_5-VERIFY)
 *
 * \param ctx      points to an RSA public key
+ * \param f_rng    RNG function (Only required for RSA_PRIVATE)
+ * \param p_rng    RNG parameter
 * \param mode     RSA_PUBLIC or RSA_PRIVATE
 * \param md_alg   a POLARSSL_MD_* (use POLARSSL_MD_NONE for signing raw data)
 * \param hashlen  message digest length (for POLARSSL_MD_NONE only)
@ -474,6 +504,8 @@ int rsa_pkcs1_verify( rsa_context *ctx,
 *                 of ctx->N (eg. 128 bytes if RSA-1024 is used).
 */
 int rsa_rsassa_pkcs1_v15_verify( rsa_context *ctx,
+                                 int (*f_rng)(void *, unsigned char *, size_t),
+                                 void *p_rng,
                                 int mode,
                                 md_type_t md_alg,
                                 unsigned int hashlen,
@ -485,6 +517,8 @@ int rsa_rsassa_pkcs1_v15_verify( rsa_context *ctx,
 * \brief          Do a public RSA and check the message digest
 *
 * \param ctx      points to an RSA public key
+ * \param f_rng    RNG function (Only required for RSA_PRIVATE)
+ * \param p_rng    RNG parameter
 * \param mode     RSA_PUBLIC or RSA_PRIVATE
 * \param md_alg   a POLARSSL_MD_* (use POLARSSL_MD_NONE for signing raw data)
 * \param hashlen  message digest length (for POLARSSL_MD_NONE only)
@ -504,6 +538,8 @@ int rsa_rsassa_pkcs1_v15_verify( rsa_context *ctx,
 *                 keep both hashes the same.
 */
 int rsa_rsassa_pss_verify( rsa_context *ctx,
+                           int (*f_rng)(void *, unsigned char *, size_t),
+                           void *p_rng,
                           int mode,
                           md_type_t md_alg,
                           unsigned int hashlen,