/*
* Do an RSA private key operation
*/
int rsa_private( rsa_context *ctx,
unsigned char *input,
unsigned char *output )
{
int ret, olen;
mpi T, T1, T2;
//printf("RSA private key operation start\n");
mpi_init( &T, &T1, &T2, NULL );
MPI_CHK( mpi_read_binary( &T, input, ctx->len ) );
if( mpi_cmp_mpi( &T, &ctx->N ) >= 0 )
{
mpi_free( &T, NULL );
return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
}
#if 0
MPI_CHK( mpi_exp_mod( &T, &T, &ctx->D, &ctx->N, &ctx->RN ) );
#else
/*
* faster decryption using the CRT
*
* T1 = input ^ dP mod P
* T2 = input ^ dQ mod Q
*/
MPI_CHK( mpi_exp_mod( &T1, &T, &ctx->DP, &ctx->P, &ctx->RP ) );
MPI_CHK( mpi_exp_mod( &T2, &T, &ctx->DQ, &ctx->Q, &ctx->RQ ) );
/*
* T = (T1 - T2) * (Q^-1 mod P) mod P
*/
MPI_CHK( mpi_sub_mpi( &T, &T1, &T2 ) );
MPI_CHK( mpi_mul_mpi( &T1, &T, &ctx->QP ) );
MPI_CHK( mpi_mod_mpi( &T, &T1, &ctx->P ) );
/*
* output = T2 + T * Q
*/
MPI_CHK( mpi_mul_mpi( &T1, &T, &ctx->Q ) );
MPI_CHK( mpi_add_mpi( &T, &T2, &T1 ) );
#endif
olen = ctx->len;
MPI_CHK( mpi_write_binary( &T, output, olen ) );
cleanup:
mpi_free( &T, &T1, &T2, NULL );
//printf("RSA private key operation end\n");
if( ret != 0 )
return( POLARSSL_ERR_RSA_PRIVATE_FAILED | ret );
return( 0 );
}
static int Badd(lua_State *L)
{
mpi *a=Bget(L,1);
mpi *b=Bget(L,2);
mpi *c=Bnew(L);
mpi_add_mpi(c,a,b);
return 1;
}
/*
* Perform an RSA private key operation
*/
int rsa_private( rsa_context *ctx,
unsigned char *input, int ilen,
unsigned char *output, int *olen )
{
int ret;
mpi T, T1, T2;
//if( ilen != ctx->len || olen != ctx->len )
// return( ERR_RSA_BAD_INPUT_DATA );
mpi_init( &T, &T1, &T2, NULL );
CHK( mpi_import( &T, input, ilen ) );
if( mpi_cmp_mpi( &T, &ctx->N ) >= 0 )
{
mpi_free( &T, NULL );
return( ERR_RSA_BAD_INPUT_DATA );
}
#if 0
CHK( mpi_exp_mod( &T, &T, &ctx->D, &ctx->N, &ctx->RN ) );
#else
/*
* faster decryption using the CRT
*
* T1 = input ^ dP mod P
* T2 = input ^ dQ mod Q
*/
CHK( mpi_exp_mod( &T1, &T, &ctx->DP, &ctx->P, &ctx->RP ) );
CHK( mpi_exp_mod( &T2, &T, &ctx->DQ, &ctx->Q, &ctx->RQ ) );
/*
* T = (T1 - T2) * (Q^-1 mod P) mod P
*/
CHK( mpi_sub_mpi( &T, &T1, &T2 ) );
CHK( mpi_mul_mpi( &T1, &T, &ctx->QP ) );
CHK( mpi_mod_mpi( &T, &T1, &ctx->P ) );
/*
* output = T2 + T * Q
*/
CHK( mpi_mul_mpi( &T1, &T, &ctx->Q ) );
CHK( mpi_add_mpi( &T, &T2, &T1 ) );
#endif
CHK( mpi_export( &T, output, olen ) );
cleanup:
mpi_free( &T, &T1, &T2, NULL );
if( ret != 0 )
return( ERR_RSA_PRIVATE_FAILED | ret );
return( 0 );
}
/*
Do an RSA private key operation
*/
int rsa_private(rsa_context *ctx, uchar *input, uchar *output)
{
int ret, olen;
mpi T, T1, T2;
mpi_init(&T, &T1, &T2, NULL);
MPI_CHK(mpi_read_binary(&T, input, ctx->len));
if (mpi_cmp_mpi(&T, &ctx->N) >= 0) {
mpi_free(&T, NULL);
return EST_ERR_RSA_BAD_INPUT_DATA;
}
// MOB - why ?
#if 0
MPI_CHK(mpi_exp_mod(&T, &T, &ctx->D, &ctx->N, &ctx->RN));
#else
/*
faster decryption using the CRT
T1 = input ^ dP mod P
T2 = input ^ dQ mod Q
*/
MPI_CHK(mpi_exp_mod(&T1, &T, &ctx->DP, &ctx->P, &ctx->RP));
MPI_CHK(mpi_exp_mod(&T2, &T, &ctx->DQ, &ctx->Q, &ctx->RQ));
/*
T = (T1 - T2) * (Q^-1 mod P) mod P
*/
MPI_CHK(mpi_sub_mpi(&T, &T1, &T2));
MPI_CHK(mpi_mul_mpi(&T1, &T, &ctx->QP));
MPI_CHK(mpi_mod_mpi(&T, &T1, &ctx->P));
/*
output = T2 + T * Q
*/
MPI_CHK(mpi_mul_mpi(&T1, &T, &ctx->Q));
MPI_CHK(mpi_add_mpi(&T, &T2, &T1));
#endif
olen = ctx->len;
MPI_CHK(mpi_write_binary(&T, output, olen));
cleanup:
mpi_free(&T, &T1, &T2, NULL);
if (ret != 0)
return EST_ERR_RSA_PRIVATE_FAILED | ret;
return 0;
}
/*
* Do an RSA private key operation
*/
int rsa_private( rsa_context *ctx,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng,
const unsigned char *input,
unsigned char *output )
{
int ret;
size_t olen;
mpi T, T1, T2;
mpi_init( &T ); mpi_init( &T1 ); mpi_init( &T2 );
MPI_CHK( mpi_read_binary( &T, input, ctx->len ) );
if( mpi_cmp_mpi( &T, &ctx->N ) >= 0 )
{
mpi_free( &T );
return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
}
#if defined(POLARSSL_RSA_NO_CRT)
((void) f_rng);
((void) p_rng);
MPI_CHK( mpi_exp_mod( &T, &T, &ctx->D, &ctx->N, &ctx->RN ) );
#else
if( f_rng != NULL )
{
/*
* Blinding
* T = T * Vi mod N
*/
MPI_CHK( rsa_prepare_blinding( ctx, f_rng, p_rng ) );
MPI_CHK( mpi_mul_mpi( &T, &T, &ctx->Vi ) );
MPI_CHK( mpi_mod_mpi( &T, &T, &ctx->N ) );
}
/*
* faster decryption using the CRT
*
* T1 = input ^ dP mod P
* T2 = input ^ dQ mod Q
*/
MPI_CHK( mpi_exp_mod( &T1, &T, &ctx->DP, &ctx->P, &ctx->RP ) );
MPI_CHK( mpi_exp_mod( &T2, &T, &ctx->DQ, &ctx->Q, &ctx->RQ ) );
/*
* T = (T1 - T2) * (Q^-1 mod P) mod P
*/
MPI_CHK( mpi_sub_mpi( &T, &T1, &T2 ) );
MPI_CHK( mpi_mul_mpi( &T1, &T, &ctx->QP ) );
MPI_CHK( mpi_mod_mpi( &T, &T1, &ctx->P ) );
/*
* output = T2 + T * Q
*/
MPI_CHK( mpi_mul_mpi( &T1, &T, &ctx->Q ) );
MPI_CHK( mpi_add_mpi( &T, &T2, &T1 ) );
if( f_rng != NULL )
{
/*
* Unblind
* T = T * Vf mod N
*/
MPI_CHK( mpi_mul_mpi( &T, &T, &ctx->Vf ) );
MPI_CHK( mpi_mod_mpi( &T, &T, &ctx->N ) );
}
#endif
olen = ctx->len;
MPI_CHK( mpi_write_binary( &T, output, olen ) );
cleanup:
mpi_free( &T ); mpi_free( &T1 ); mpi_free( &T2 );
if( ret != 0 )
return( POLARSSL_ERR_RSA_PRIVATE_FAILED + ret );
return( 0 );
}
/*
* Do an RSA private key operation
*/
int rsa_private( rsa_context *ctx,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng,
const unsigned char *input,
unsigned char *output )
{
int ret;
size_t olen;
mpi T, T1, T2;
#if !defined(POLARSSL_RSA_NO_CRT)
mpi *Vi, *Vf;
/*
* When using the Chinese Remainder Theorem, we use blinding values.
* Without threading, we just read them directly from the context,
* otherwise we make a local copy in order to reduce locking contention.
*/
#if defined(POLARSSL_THREADING_C)
mpi Vi_copy, Vf_copy;
mpi_init( &Vi_copy ); mpi_init( &Vf_copy );
Vi = &Vi_copy;
Vf = &Vf_copy;
#else
Vi = &ctx->Vi;
Vf = &ctx->Vf;
#endif
#endif /* !POLARSSL_RSA_NO_CRT */
mpi_init( &T ); mpi_init( &T1 ); mpi_init( &T2 );
MPI_CHK( mpi_read_binary( &T, input, ctx->len ) );
if( mpi_cmp_mpi( &T, &ctx->N ) >= 0 )
{
mpi_free( &T );
return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
}
#if defined(POLARSSL_RSA_NO_CRT)
((void) f_rng);
((void) p_rng);
MPI_CHK( mpi_exp_mod( &T, &T, &ctx->D, &ctx->N, &ctx->RN ) );
#else
if( f_rng != NULL )
{
/*
* Blinding
* T = T * Vi mod N
*/
MPI_CHK( rsa_prepare_blinding( ctx, Vi, Vf, f_rng, p_rng ) );
MPI_CHK( mpi_mul_mpi( &T, &T, Vi ) );
MPI_CHK( mpi_mod_mpi( &T, &T, &ctx->N ) );
}
/*
* faster decryption using the CRT
*
* T1 = input ^ dP mod P
* T2 = input ^ dQ mod Q
*/
MPI_CHK( mpi_exp_mod( &T1, &T, &ctx->DP, &ctx->P, &ctx->RP ) );
MPI_CHK( mpi_exp_mod( &T2, &T, &ctx->DQ, &ctx->Q, &ctx->RQ ) );
/*
* T = (T1 - T2) * (Q^-1 mod P) mod P
*/
MPI_CHK( mpi_sub_mpi( &T, &T1, &T2 ) );
MPI_CHK( mpi_mul_mpi( &T1, &T, &ctx->QP ) );
MPI_CHK( mpi_mod_mpi( &T, &T1, &ctx->P ) );
/*
* T = T2 + T * Q
*/
MPI_CHK( mpi_mul_mpi( &T1, &T, &ctx->Q ) );
MPI_CHK( mpi_add_mpi( &T, &T2, &T1 ) );
if( f_rng != NULL )
{
/*
* Unblind
* T = T * Vf mod N
*/
MPI_CHK( mpi_mul_mpi( &T, &T, Vf ) );
MPI_CHK( mpi_mod_mpi( &T, &T, &ctx->N ) );
}
#endif /* POLARSSL_RSA_NO_CRT */
olen = ctx->len;
MPI_CHK( mpi_write_binary( &T, output, olen ) );
cleanup:
mpi_free( &T ); mpi_free( &T1 ); mpi_free( &T2 );
#if !defined(POLARSSL_RSA_NO_CRT) && defined(POLARSSL_THREADING_C)
mpi_free( &Vi_copy ); mpi_free( &Vf_copy );
#endif
if( ret != 0 )
return( POLARSSL_ERR_RSA_PRIVATE_FAILED + ret );
return( 0 );
}
