commit 548957dd493876ea0f4eed19c0f2e731d42ad7e7
author Paul Bakker <p.j.bakker@polarssl.org> Fri Aug 30 10:30:02 2013 +0200
committer Paul Bakker <p.j.bakker@polarssl.org> Fri Aug 30 10:30:02 2013 +0200
tree 1f38da3efe3f2a4f0e75dec988ec67cdbabe90b4
parent ca174fef80427e0a8d23daa1feedd9b5fa2d6a5c

Refactored RSA to have random generator in every RSA operation

Primarily so that rsa_private() receives an RNG for blinding purposes.

programs/pkey/dh_client.c

diff --git a/programs/pkey/dh_client.c b/programs/pkey/dh_client.c
index 34956b8..f06b906 100644
--- a/programs/pkey/dh_client.c
+++ b/programs/pkey/dh_client.c
@@ -205,8 +205,8 @@
 
     sha1( buf, (int)( p - 2 - buf ), hash );
 
-    if( ( ret = rsa_pkcs1_verify( &rsa, RSA_PUBLIC, POLARSSL_MD_SHA1,
-                                  0, hash, p ) ) != 0 )
+    if( ( ret = rsa_pkcs1_verify( &rsa, NULL, NULL, RSA_PUBLIC,
+                                  POLARSSL_MD_SHA1, 0, hash, p ) ) != 0 )
     {
         printf( " failed\n  ! rsa_pkcs1_verify returned %d\n\n", ret );
         goto exit;

programs/pkey/rsa_decrypt.c

diff --git a/programs/pkey/rsa_decrypt.c b/programs/pkey/rsa_decrypt.c
index 0b168f4..4ecb613 100644
--- a/programs/pkey/rsa_decrypt.c
+++ b/programs/pkey/rsa_decrypt.c
@@ -33,16 +33,20 @@
 #include "polarssl/config.h"
 
 #include "polarssl/rsa.h"
+#include "polarssl/entropy.h"
+#include "polarssl/ctr_drbg.h"
 
 #if !defined(POLARSSL_BIGNUM_C) || !defined(POLARSSL_RSA_C) ||  \
-    !defined(POLARSSL_FS_IO)
+    !defined(POLARSSL_FS_IO) || !defined(POLARSSL_ENTROPY_C) || \
+    !defined(POLARSSL_CTR_DRBG_C)
 int main( int argc, char *argv[] )
 {
     ((void) argc);
     ((void) argv);
 
     printf("POLARSSL_BIGNUM_C and/or POLARSSL_RSA_C and/or "
-           "POLARSSL_FS_IO not defined.\n");
+           "POLARSSL_FS_IO and/or POLARSSL_ENTROPY_C and/or "
+           "POLARSSL_CTR_DRBG_C not defined.\n");
     return( 0 );
 }
 #else
@@ -52,8 +56,11 @@
     int ret, c;
     size_t i;
     rsa_context rsa;
+    entropy_context entropy;
+    ctr_drbg_context ctr_drbg;
     unsigned char result[1024];
     unsigned char buf[512];
+    const char *pers = "rsa_decrypt";
     ((void) argv);
 
     memset(result, 0, sizeof( result ) );
@@ -70,6 +77,18 @@
         goto exit;
     }
 
+    printf( "\n  . Seeding the random number generator..." );
+    fflush( stdout );
+
+    entropy_init( &entropy );
+    if( ( ret = ctr_drbg_init( &ctr_drbg, entropy_func, &entropy,
+                               (const unsigned char *) pers,
+                               strlen( pers ) ) ) != 0 )
+    {
+        printf( " failed\n  ! ctr_drbg_init returned %d\n", ret );
+        goto exit;
+    }
+
     printf( "\n  . Reading private key from rsa_priv.txt" );
     fflush( stdout );
 
@@ -130,7 +149,8 @@
     printf( "\n  . Decrypting the encrypted data" );
     fflush( stdout );
 
-    if( ( ret = rsa_pkcs1_decrypt( &rsa, RSA_PRIVATE, &i, buf, result,
+    if( ( ret = rsa_pkcs1_decrypt( &rsa, ctr_drbg_random, &ctr_drbg,
+                                   RSA_PRIVATE, &i, buf, result,
                                    1024 ) ) != 0 )
     {
         printf( " failed\n  ! rsa_pkcs1_decrypt returned %d\n\n", ret );

programs/pkey/rsa_verify.c

diff --git a/programs/pkey/rsa_verify.c b/programs/pkey/rsa_verify.c
index 126ea4d..4a54f64 100644
--- a/programs/pkey/rsa_verify.c
+++ b/programs/pkey/rsa_verify.c
@@ -131,8 +131,8 @@
         goto exit;
     }
 
-    if( ( ret = rsa_pkcs1_verify( &rsa, RSA_PUBLIC, POLARSSL_MD_SHA1,
-                                  20, hash, buf ) ) != 0 )
+    if( ( ret = rsa_pkcs1_verify( &rsa, NULL, NULL, RSA_PUBLIC,
+                                  POLARSSL_MD_SHA1, 20, hash, buf ) ) != 0 )
     {
         printf( " failed\n  ! rsa_pkcs1_verify returned -0x%0x\n\n", -ret );
         goto exit;

programs/pkey/rsa_verify_pss.c

diff --git a/programs/pkey/rsa_verify_pss.c b/programs/pkey/rsa_verify_pss.c
index 00d7378..b243772 100644
--- a/programs/pkey/rsa_verify_pss.c
+++ b/programs/pkey/rsa_verify_pss.c
@@ -124,8 +124,8 @@
         goto exit;
     }
 
-    if( ( ret = rsa_pkcs1_verify( &rsa, RSA_PUBLIC, POLARSSL_MD_SHA1,
-                                  20, hash, buf ) ) != 0 )
+    if( ( ret = rsa_pkcs1_verify( &rsa, NULL, NULL, RSA_PUBLIC,
+                                  POLARSSL_MD_SHA1, 20, hash, buf ) ) != 0 )
     {
         printf( " failed\n  ! rsa_pkcs1_verify returned %d\n\n", ret );
         goto exit;

programs/test/o_p_test.c

diff --git a/programs/test/o_p_test.c b/programs/test/o_p_test.c
index 84dd38b..8944940 100644
--- a/programs/test/o_p_test.c
+++ b/programs/test/o_p_test.c
@@ -197,7 +197,7 @@
     printf( "  . Generating the RSA decrypted value for OpenSSL (PUBLIC) with PolarSSL (PRIVATE) ..." );
     fflush( stdout );
 
-    if( ( ret = rsa_pkcs1_decrypt( &p_rsa, RSA_PRIVATE, &olen, o_pub_encrypted, p_pub_decrypted, 1024 ) ) != 0 )
+    if( ( ret = rsa_pkcs1_decrypt( &p_rsa, ctr_drbg_random, &ctr_drbg, RSA_PRIVATE, &olen, o_pub_encrypted, p_pub_decrypted, 1024 ) ) != 0 )
     {
         printf( " failed\n  ! rsa_pkcs1_decrypt returned %d\n\n", ret );
     }
@@ -221,7 +221,7 @@
     printf( "  . Generating the RSA decrypted value for OpenSSL (PRIVATE) with PolarSSL (PUBLIC) ..." );
     fflush( stdout );
 
-    if( ( ret = rsa_pkcs1_decrypt( &p_rsa, RSA_PUBLIC, &olen, o_priv_encrypted, p_priv_decrypted, 1024 ) ) != 0 )
+    if( ( ret = rsa_pkcs1_decrypt( &p_rsa, NULL, NULL, RSA_PUBLIC, &olen, o_priv_encrypted, p_priv_decrypted, 1024 ) ) != 0 )
     {
         printf( " failed\n  ! rsa_pkcs1_decrypt returned %d\n\n", ret );
     }