Refactored RSA to have random generator in every RSA operation
Primarily so that rsa_private() receives an RNG for blinding purposes.
diff --git a/include/polarssl/rsa.h b/include/polarssl/rsa.h
index 90cfd55..5bc6881 100644
--- a/include/polarssl/rsa.h
+++ b/include/polarssl/rsa.h
@@ -176,6 +176,8 @@
* \brief Do an RSA private key operation
*
* \param ctx RSA context
+ * \param f_rng RNG function (Needed for blinding)
+ * \param p_rng RNG parameter
* \param input input buffer
* \param output output buffer
*
@@ -185,6 +187,8 @@
* enough (eg. 128 bytes if RSA-1024 is used).
*/
int rsa_private( rsa_context *ctx,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng,
const unsigned char *input,
unsigned char *output );
@@ -194,7 +198,8 @@
* RSA operation.
*
* \param ctx RSA context
- * \param f_rng RNG function (Needed for padding and PKCS#1 v2.1 encoding)
+ * \param f_rng RNG function (Needed for padding and PKCS#1 v2.1 encoding
+ * and RSA_PRIVATE)
* \param p_rng RNG parameter
* \param mode RSA_PUBLIC or RSA_PRIVATE
* \param ilen contains the plaintext length
@@ -217,7 +222,7 @@
* \brief Perform a PKCS#1 v1.5 encryption (RSAES-PKCS1-v1_5-ENCRYPT)
*
* \param ctx RSA context
- * \param f_rng RNG function (Needed for padding)
+ * \param f_rng RNG function (Needed for padding and RSA_PRIVATE)
* \param p_rng RNG parameter
* \param mode RSA_PUBLIC or RSA_PRIVATE
* \param ilen contains the plaintext length
@@ -240,7 +245,8 @@
* \brief Perform a PKCS#1 v2.1 OAEP encryption (RSAES-OAEP-ENCRYPT)
*
* \param ctx RSA context
- * \param f_rng RNG function (Needed for padding and PKCS#1 v2.1 encoding)
+ * \param f_rng RNG function (Needed for padding and PKCS#1 v2.1 encoding
+ * and RSA_PRIVATE)
* \param p_rng RNG parameter
* \param mode RSA_PUBLIC or RSA_PRIVATE
* \param label buffer holding the custom label to use
@@ -269,6 +275,8 @@
* the message padding
*
* \param ctx RSA context
+ * \param f_rng RNG function (Only required for RSA_PRIVATE)
+ * \param p_rng RNG parameter
* \param mode RSA_PUBLIC or RSA_PRIVATE
* \param olen will contain the plaintext length
* \param input buffer holding the encrypted data
@@ -282,6 +290,8 @@
* an error is thrown.
*/
int rsa_pkcs1_decrypt( rsa_context *ctx,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng,
int mode, size_t *olen,
const unsigned char *input,
unsigned char *output,
@@ -291,6 +301,8 @@
* \brief Perform a PKCS#1 v1.5 decryption (RSAES-PKCS1-v1_5-DECRYPT)
*
* \param ctx RSA context
+ * \param f_rng RNG function (Only required for RSA_PRIVATE)
+ * \param p_rng RNG parameter
* \param mode RSA_PUBLIC or RSA_PRIVATE
* \param olen will contain the plaintext length
* \param input buffer holding the encrypted data
@@ -304,6 +316,8 @@
* an error is thrown.
*/
int rsa_rsaes_pkcs1_v15_decrypt( rsa_context *ctx,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng,
int mode, size_t *olen,
const unsigned char *input,
unsigned char *output,
@@ -313,6 +327,8 @@
* \brief Perform a PKCS#1 v2.1 OAEP decryption (RSAES-OAEP-DECRYPT)
*
* \param ctx RSA context
+ * \param f_rng RNG function (Only required for RSA_PRIVATE)
+ * \param p_rng RNG parameter
* \param mode RSA_PUBLIC or RSA_PRIVATE
* \param label buffer holding the custom label to use
* \param label_len contains the label length
@@ -328,6 +344,8 @@
* an error is thrown.
*/
int rsa_rsaes_oaep_decrypt( rsa_context *ctx,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng,
int mode,
const unsigned char *label, size_t label_len,
size_t *olen,
@@ -341,7 +359,8 @@
* a message digest
*
* \param ctx RSA context
- * \param f_rng RNG function (Needed for PKCS#1 v2.1 encoding)
+ * \param f_rng RNG function (Needed for PKCS#1 v2.1 encoding and for
+ * RSA_PRIVATE)
* \param p_rng RNG parameter
* \param mode RSA_PUBLIC or RSA_PRIVATE
* \param md_alg a POLARSSL_MD_* (use POLARSSL_MD_NONE for signing raw data)
@@ -374,6 +393,8 @@
* \brief Perform a PKCS#1 v1.5 signature (RSASSA-PKCS1-v1_5-SIGN)
*
* \param ctx RSA context
+ * \param f_rng RNG function (Only required for RSA_PRIVATE)
+ * \param p_rng RNG parameter
* \param mode RSA_PUBLIC or RSA_PRIVATE
* \param md_alg a POLARSSL_MD_* (use POLARSSL_MD_NONE for signing raw data)
* \param hashlen message digest length (for POLARSSL_MD_NONE only)
@@ -387,6 +408,8 @@
* of ctx->N (eg. 128 bytes if RSA-1024 is used).
*/
int rsa_rsassa_pkcs1_v15_sign( rsa_context *ctx,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng,
int mode,
md_type_t md_alg,
unsigned int hashlen,
@@ -397,7 +420,8 @@
* \brief Perform a PKCS#1 v2.1 PSS signature (RSASSA-PSS-SIGN)
*
* \param ctx RSA context
- * \param f_rng RNG function (Needed for PKCS#1 v2.1 encoding)
+ * \param f_rng RNG function (Needed for PKCS#1 v2.1 encoding and for
+ * RSA_PRIVATE)
* \param p_rng RNG parameter
* \param mode RSA_PUBLIC or RSA_PRIVATE
* \param md_alg a POLARSSL_MD_* (use POLARSSL_MD_NONE for signing raw data)
@@ -432,6 +456,8 @@
* the message digest
*
* \param ctx points to an RSA public key
+ * \param f_rng RNG function (Only required for RSA_PRIVATE)
+ * \param p_rng RNG parameter
* \param mode RSA_PUBLIC or RSA_PRIVATE
* \param md_alg a POLARSSL_MD_* (use POLARSSL_MD_NONE for signing raw data)
* \param hashlen message digest length (for POLARSSL_MD_NONE only)
@@ -451,6 +477,8 @@
* keep both hashes the same.
*/
int rsa_pkcs1_verify( rsa_context *ctx,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng,
int mode,
md_type_t md_alg,
unsigned int hashlen,
@@ -461,6 +489,8 @@
* \brief Perform a PKCS#1 v1.5 verification (RSASSA-PKCS1-v1_5-VERIFY)
*
* \param ctx points to an RSA public key
+ * \param f_rng RNG function (Only required for RSA_PRIVATE)
+ * \param p_rng RNG parameter
* \param mode RSA_PUBLIC or RSA_PRIVATE
* \param md_alg a POLARSSL_MD_* (use POLARSSL_MD_NONE for signing raw data)
* \param hashlen message digest length (for POLARSSL_MD_NONE only)
@@ -474,6 +504,8 @@
* of ctx->N (eg. 128 bytes if RSA-1024 is used).
*/
int rsa_rsassa_pkcs1_v15_verify( rsa_context *ctx,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng,
int mode,
md_type_t md_alg,
unsigned int hashlen,
@@ -485,6 +517,8 @@
* \brief Do a public RSA and check the message digest
*
* \param ctx points to an RSA public key
+ * \param f_rng RNG function (Only required for RSA_PRIVATE)
+ * \param p_rng RNG parameter
* \param mode RSA_PUBLIC or RSA_PRIVATE
* \param md_alg a POLARSSL_MD_* (use POLARSSL_MD_NONE for signing raw data)
* \param hashlen message digest length (for POLARSSL_MD_NONE only)
@@ -504,6 +538,8 @@
* keep both hashes the same.
*/
int rsa_rsassa_pss_verify( rsa_context *ctx,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng,
int mode,
md_type_t md_alg,
unsigned int hashlen,