1 /*
2 * The RSA public-key cryptosystem
3 *
4 * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
5 * SPDX-License-Identifier: Apache-2.0
6 *
7 * Licensed under the Apache License, Version 2.0 (the "License"); you may
8 * not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
10 *
11 * http://www.apache.org/licenses/LICENSE-2.0
12 *
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
15 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 *
19 * This file is part of mbed TLS (https://tls.mbed.org)
20 */
21 /*
22 * The following sources were referenced in the design of this implementation
23 * of the RSA algorithm:
24 *
25 * [1] A method for obtaining digital signatures and public-key cryptosystems
26 * R Rivest, A Shamir, and L Adleman
27 * http://people.csail.mit.edu/rivest/pubs.html#RSA78
28 *
29 * [2] Handbook of Applied Cryptography - 1997, Chapter 8
30 * Menezes, van Oorschot and Vanstone
31 *
32 */
33
34
35 //#include "oid.h"
36
37 #include <string.h>
38 #include "rsa.h"
39 #include "config.h"
40 #include "mbed_rsa_key.h"
41 #if defined(MBEDTLS_GENPRIME)
42
43 /*
44 * Generate an RSA keypair
45 */
mbedtls_rsa_gen_key(mbedtls_rsa_context * ctx,int (* f_rng)(void *,unsigned char *,size_t),void * p_rng,unsigned int nbits,int exponent)46 int mbedtls_rsa_gen_key( mbedtls_rsa_context *ctx,
47 int (*f_rng)(void *, unsigned char *, size_t),
48 void *p_rng,
49 unsigned int nbits, int exponent )
50 {
51 int ret;
52 mbedtls_mpi P1, Q1, H, G;
53
54 if( f_rng == NULL || nbits < 128 || exponent < 3 )
55 return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
56
57 if( nbits % 2 )
58 return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
59
60 mbedtls_mpi_init( &P1 ); mbedtls_mpi_init( &Q1 );
61 mbedtls_mpi_init( &H ); mbedtls_mpi_init( &G );
62
63 /*
64 * find primes P and Q with Q < P so that:
65 * GCD( E, (P-1)*(Q-1) ) == 1
66 */
67 MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &ctx->E, exponent ) );
68
69 do
70 {
71 MBEDTLS_MPI_CHK( mbedtls_mpi_gen_prime( &ctx->P, nbits >> 1, 0,
72 f_rng, p_rng ) );
73
74 MBEDTLS_MPI_CHK( mbedtls_mpi_gen_prime( &ctx->Q, nbits >> 1, 0,
75 f_rng, p_rng ) );
76
77 if( mbedtls_mpi_cmp_mpi( &ctx->P, &ctx->Q ) == 0 )
78 continue;
79
80 MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &ctx->N, &ctx->P, &ctx->Q ) );
81 if( mbedtls_mpi_bitlen( &ctx->N ) != nbits )
82 continue;
83
84 if( mbedtls_mpi_cmp_mpi( &ctx->P, &ctx->Q ) < 0 )
85 mbedtls_mpi_swap( &ctx->P, &ctx->Q );
86
87 MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &P1, &ctx->P, 1 ) );
88 MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &Q1, &ctx->Q, 1 ) );
89 MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &H, &P1, &Q1 ) );
90 MBEDTLS_MPI_CHK( mbedtls_mpi_gcd( &G, &ctx->E, &H ) );
91 }
92 while( mbedtls_mpi_cmp_int( &G, 1 ) != 0 );
93
94 /*
95 * D = E^-1 mod ((P-1)*(Q-1))
96 * DP = D mod (P - 1)
97 * DQ = D mod (Q - 1)
98 * QP = Q^-1 mod P
99 */
100 MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( &ctx->D , &ctx->E, &H ) );
101 MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &ctx->DP, &ctx->D, &P1 ) );
102 MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &ctx->DQ, &ctx->D, &Q1 ) );
103 MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( &ctx->QP, &ctx->Q, &ctx->P ) );
104
105 ctx->len = ( mbedtls_mpi_bitlen( &ctx->N ) + 7 ) >> 3;
106
107 cleanup:
108
109 mbedtls_mpi_free( &P1 ); mbedtls_mpi_free( &Q1 ); mbedtls_mpi_free( &H ); mbedtls_mpi_free( &G );
110
111 if( ret != 0 )
112 {
113 mbedtls_rsa_free( ctx );
114 return( MBEDTLS_ERR_RSA_KEY_GEN_FAILED + ret );
115 }
116
117 return( 0 );
118 }
119
120 #endif /* MBEDTLS_GENPRIME */
121
122 /*
123 * Initialize an RSA context
124 */
mbedtls_rsa_init(mbedtls_rsa_context * ctx)125 void mbedtls_rsa_init( mbedtls_rsa_context *ctx)
126 {
127 memset( ctx, 0, sizeof( mbedtls_rsa_context ) );
128 }
129
130
131 /*
132 * Check a public RSA key
133 */
mbedtls_rsa_check_pubkey(const mbedtls_rsa_context * ctx)134 int mbedtls_rsa_check_pubkey( const mbedtls_rsa_context *ctx )
135 {
136 if( !ctx->N.p || !ctx->E.p )
137 return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED );
138
139 if( ( ctx->N.p[0] & 1 ) == 0 ||
140 ( ctx->E.p[0] & 1 ) == 0 )
141 return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED );
142 if( mbedtls_mpi_bitlen( &ctx->N ) < 128 ||
143 mbedtls_mpi_bitlen( &ctx->N ) > MBEDTLS_MPI_MAX_BITS )
144 return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED );
145
146 if( mbedtls_mpi_bitlen( &ctx->E ) < 2 ||
147 mbedtls_mpi_cmp_mpi( &ctx->E, &ctx->N ) >= 0 )
148 return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED );
149
150 return( 0 );
151 }
152
153 /*
154 * Check a private RSA key
155 */
mbedtls_rsa_check_privkey(const mbedtls_rsa_context * ctx)156 int mbedtls_rsa_check_privkey( const mbedtls_rsa_context *ctx )
157 {
158 int ret;
159 mbedtls_mpi PQ, DE, P1, Q1, H, I, G, G2, L1, L2, DP, DQ, QP;
160
161 if( ( ret = mbedtls_rsa_check_pubkey( ctx ) ) != 0 )
162 return( ret );
163
164 if( !ctx->P.p || !ctx->Q.p || !ctx->D.p )
165 return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED );
166
167 mbedtls_mpi_init( &PQ ); mbedtls_mpi_init( &DE ); mbedtls_mpi_init( &P1 ); mbedtls_mpi_init( &Q1 );
168 mbedtls_mpi_init( &H ); mbedtls_mpi_init( &I ); mbedtls_mpi_init( &G ); mbedtls_mpi_init( &G2 );
169 mbedtls_mpi_init( &L1 ); mbedtls_mpi_init( &L2 ); mbedtls_mpi_init( &DP ); mbedtls_mpi_init( &DQ );
170 mbedtls_mpi_init( &QP );
171
172 MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &PQ, &ctx->P, &ctx->Q ) );
173 MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &DE, &ctx->D, &ctx->E ) );
174 MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &P1, &ctx->P, 1 ) );
175 MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &Q1, &ctx->Q, 1 ) );
176 MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &H, &P1, &Q1 ) );
177 MBEDTLS_MPI_CHK( mbedtls_mpi_gcd( &G, &ctx->E, &H ) );
178
179 MBEDTLS_MPI_CHK( mbedtls_mpi_gcd( &G2, &P1, &Q1 ) );
180 MBEDTLS_MPI_CHK( mbedtls_mpi_div_mpi( &L1, &L2, &H, &G2 ) );
181 MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &I, &DE, &L1 ) );
182
183 MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &DP, &ctx->D, &P1 ) );
184 MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &DQ, &ctx->D, &Q1 ) );
185 MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( &QP, &ctx->Q, &ctx->P ) );
186 /*
187 * Check for a valid PKCS1v2 private key
188 */
189 if( mbedtls_mpi_cmp_mpi( &PQ, &ctx->N ) != 0 ||
190 mbedtls_mpi_cmp_mpi( &DP, &ctx->DP ) != 0 ||
191 mbedtls_mpi_cmp_mpi( &DQ, &ctx->DQ ) != 0 ||
192 mbedtls_mpi_cmp_mpi( &QP, &ctx->QP ) != 0 ||
193 mbedtls_mpi_cmp_int( &L2, 0 ) != 0 ||
194 mbedtls_mpi_cmp_int( &I, 1 ) != 0 ||
195 mbedtls_mpi_cmp_int( &G, 1 ) != 0
196 )
197 {
198 ret = MBEDTLS_ERR_RSA_KEY_CHECK_FAILED;
199 }
200
201 cleanup:
202 mbedtls_mpi_free( &PQ ); mbedtls_mpi_free( &DE ); mbedtls_mpi_free( &P1 ); mbedtls_mpi_free( &Q1 );
203 mbedtls_mpi_free( &H ); mbedtls_mpi_free( &I ); mbedtls_mpi_free( &G ); mbedtls_mpi_free( &G2 );
204 mbedtls_mpi_free( &L1 ); mbedtls_mpi_free( &L2 ); mbedtls_mpi_free( &DP ); mbedtls_mpi_free( &DQ );
205 mbedtls_mpi_free( &QP );
206
207 if( ret == MBEDTLS_ERR_RSA_KEY_CHECK_FAILED )
208 return( ret );
209
210 if( ret != 0 )
211 return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED + ret );
212
213 return( 0 );
214 }
215
216 /*
217 * Check if contexts holding a public and private key match
218 */
mbedtls_rsa_check_pub_priv(const mbedtls_rsa_context * pub,const mbedtls_rsa_context * prv)219 int mbedtls_rsa_check_pub_priv( const mbedtls_rsa_context *pub, const mbedtls_rsa_context *prv )
220 {
221 if( mbedtls_rsa_check_pubkey( pub ) != 0 ||
222 mbedtls_rsa_check_privkey( prv ) != 0 )
223 {
224 return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED );
225 }
226
227 if( mbedtls_mpi_cmp_mpi( &pub->N, &prv->N ) != 0 ||
228 mbedtls_mpi_cmp_mpi( &pub->E, &prv->E ) != 0 )
229 {
230 return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED );
231 }
232
233 return( 0 );
234 }
235
236 /*
237 * Do an RSA public key operation
238 */
mbedtls_rsa_public(mbedtls_rsa_context * ctx,const unsigned char * input,unsigned char * output)239 int mbedtls_rsa_public( mbedtls_rsa_context *ctx,
240 const unsigned char *input,
241 unsigned char *output )
242 {
243 int ret;
244 size_t olen;
245 mbedtls_mpi T;
246
247 mbedtls_mpi_init( &T );
248
249 #if defined(MBEDTLS_THREADING_C)
250 if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 )
251 return( ret );
252 #endif
253
254 MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &T, input, ctx->len ) );
255
256 if( mbedtls_mpi_cmp_mpi( &T, &ctx->N ) >= 0 )
257 {
258 ret = MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
259 goto cleanup;
260 }
261
262 olen = ctx->len;
263 MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &T, &T, &ctx->E, &ctx->N, &ctx->RN ) );
264 MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &T, output, olen ) );
265
266 cleanup:
267 #if defined(MBEDTLS_THREADING_C)
268 if( mbedtls_mutex_unlock( &ctx->mutex ) != 0 )
269 return( MBEDTLS_ERR_THREADING_MUTEX_ERROR );
270 #endif
271
272 mbedtls_mpi_free( &T );
273
274 if( ret != 0 )
275 return( MBEDTLS_ERR_RSA_PUBLIC_FAILED + ret );
276
277 return( 0 );
278 }
279
280 /*
281 * Generate or update blinding values, see section 10 of:
282 * KOCHER, Paul C. Timing attacks on implementations of Diffie-Hellman, RSA,
283 * DSS, and other systems. In : Advances in Cryptology-CRYPTO'96. Springer
284 * Berlin Heidelberg, 1996. p. 104-113.
285 */
rsa_prepare_blinding(mbedtls_rsa_context * ctx,int (* f_rng)(void *,unsigned char *,size_t),void * p_rng)286 static int rsa_prepare_blinding( mbedtls_rsa_context *ctx,
287 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
288 {
289 int ret, count = 0;
290
291 if( ctx->Vf.p != NULL )
292 {
293 /* We already have blinding values, just update them by squaring */
294 MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &ctx->Vi, &ctx->Vi, &ctx->Vi ) );
295 MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &ctx->Vi, &ctx->Vi, &ctx->N ) );
296 MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &ctx->Vf, &ctx->Vf, &ctx->Vf ) );
297 MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &ctx->Vf, &ctx->Vf, &ctx->N ) );
298
299 goto cleanup;
300 }
301
302 /* Unblinding value: Vf = random number, invertible mod N */
303 do {
304 if( count++ > 10 )
305 return( MBEDTLS_ERR_RSA_RNG_FAILED );
306
307 MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &ctx->Vf, ctx->len - 1, f_rng, p_rng ) );
308 MBEDTLS_MPI_CHK( mbedtls_mpi_gcd( &ctx->Vi, &ctx->Vf, &ctx->N ) );
309 } while( mbedtls_mpi_cmp_int( &ctx->Vi, 1 ) != 0 );
310
311 /* Blinding value: Vi = Vf^(-e) mod N */
312 MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( &ctx->Vi, &ctx->Vf, &ctx->N ) );
313 MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &ctx->Vi, &ctx->Vi, &ctx->E, &ctx->N, &ctx->RN ) );
314
315
316 cleanup:
317 return( ret );
318 }
319
320 /*
321 * Do an RSA private key operation
322 */
mbedtls_rsa_private(mbedtls_rsa_context * ctx,int (* f_rng)(void *,unsigned char *,size_t),void * p_rng,const unsigned char * input,unsigned char * output)323 int mbedtls_rsa_private( mbedtls_rsa_context *ctx,
324 int (*f_rng)(void *, unsigned char *, size_t),
325 void *p_rng,
326 const unsigned char *input,
327 unsigned char *output )
328 {
329 int ret;
330 size_t olen;
331 mbedtls_mpi T, T1, T2;
332
333 /* Make sure we have private key info, prevent possible misuse */
334 if( ctx->P.p == NULL || ctx->Q.p == NULL || ctx->D.p == NULL )
335 return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
336
337 mbedtls_mpi_init( &T ); mbedtls_mpi_init( &T1 ); mbedtls_mpi_init( &T2 );
338
339 #if defined(MBEDTLS_THREADING_C)
340 if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 )
341 return( ret );
342 #endif
343
344 MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &T, input, ctx->len ) );
345 if( mbedtls_mpi_cmp_mpi( &T, &ctx->N ) >= 0 )
346 {
347 ret = MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
348 goto cleanup;
349 }
350
351 if( f_rng != NULL )
352 {
353 /*
354 * Blinding
355 * T = T * Vi mod N
356 */
357 MBEDTLS_MPI_CHK( rsa_prepare_blinding( ctx, f_rng, p_rng ) );
358 MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &T, &T, &ctx->Vi ) );
359 MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &T, &T, &ctx->N ) );
360 }
361
362 #if defined(MBEDTLS_RSA_NO_CRT)
363 MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &T, &T, &ctx->D, &ctx->N, &ctx->RN ) );
364 #else
365 /*
366 * faster decryption using the CRT
367 *
368 * T1 = input ^ dP mod P
369 * T2 = input ^ dQ mod Q
370 */
371 MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &T1, &T, &ctx->DP, &ctx->P, &ctx->RP ) );
372 MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &T2, &T, &ctx->DQ, &ctx->Q, &ctx->RQ ) );
373
374 /*
375 * T = (T1 - T2) * (Q^-1 mod P) mod P
376 */
377 MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &T, &T1, &T2 ) );
378 MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &T1, &T, &ctx->QP ) );
379 MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &T, &T1, &ctx->P ) );
380
381 /*
382 * T = T2 + T * Q
383 */
384 MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &T1, &T, &ctx->Q ) );
385 MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &T, &T2, &T1 ) );
386 #endif /* MBEDTLS_RSA_NO_CRT */
387
388 if( f_rng != NULL )
389 {
390 /*
391 * Unblind
392 * T = T * Vf mod N
393 */
394 MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &T, &T, &ctx->Vf ) );
395 MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &T, &T, &ctx->N ) );
396 }
397
398 olen = ctx->len;
399 MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &T, output, olen ) );
400
401 cleanup:
402 #if defined(MBEDTLS_THREADING_C)
403 if( mbedtls_mutex_unlock( &ctx->mutex ) != 0 )
404 return( MBEDTLS_ERR_THREADING_MUTEX_ERROR );
405 #endif
406
407 mbedtls_mpi_free( &T ); mbedtls_mpi_free( &T1 ); mbedtls_mpi_free( &T2 );
408
409 if( ret != 0 )
410 return( MBEDTLS_ERR_RSA_PRIVATE_FAILED + ret );
411
412 return( 0 );
413 }
414
415 /*
416 * Free the components of an RSA key
417 */
mbedtls_rsa_free(mbedtls_rsa_context * ctx)418 void mbedtls_rsa_free( mbedtls_rsa_context *ctx )
419 {
420 mbedtls_mpi_free( &ctx->Vi ); mbedtls_mpi_free( &ctx->Vf );
421 mbedtls_mpi_free( &ctx->RQ ); mbedtls_mpi_free( &ctx->RP ); mbedtls_mpi_free( &ctx->RN );
422 mbedtls_mpi_free( &ctx->QP ); mbedtls_mpi_free( &ctx->DQ ); mbedtls_mpi_free( &ctx->DP );
423 mbedtls_mpi_free( &ctx->Q ); mbedtls_mpi_free( &ctx->P ); mbedtls_mpi_free( &ctx->D );
424 mbedtls_mpi_free( &ctx->E ); mbedtls_mpi_free( &ctx->N );
425
426 #if defined(MBEDTLS_THREADING_C)
427 mbedtls_mutex_free( &ctx->mutex );
428 #endif
429 }
430
rk_rsa_private(rsa_key_t * key,const unsigned char * input,unsigned char * output)431 int rk_rsa_private(rsa_key_t *key, const unsigned char *input, unsigned char *output)
432 {
433 int ret = -1;
434 mbedtls_rsa_context rsa;
435
436 mbedtls_rsa_init( &rsa);
437
438 rsa.len = key->key_len;
439 MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &rsa.N , key->n, key->key_len) );
440 MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &rsa.E , key->e, key->e_len) );
441 MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &rsa.D , key->d, key->d_len) );
442 MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &rsa.P , key->p, key->p_len ) );
443 MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &rsa.Q , key->q, key->q_len ) );
444 MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &rsa.DP, key->dp, key->dp_len ));
445 MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &rsa.DQ, key->dq, key->dq_len ) );
446 MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &rsa.QP, key->iq, key->iq_len) );
447
448 if(mbedtls_rsa_check_privkey( &rsa ) != 0)
449 {
450 return -1;
451 }
452
453 ret = mbedtls_rsa_private(&rsa, NULL, NULL, input, output);
454
455 ret = (ret==0)?0:-1;
456 cleanup:
457 mbedtls_rsa_free( &rsa );
458 return ret;
459 }
460
rk_rsa_public(rsa_key_t * key,const unsigned char * input,unsigned char * output)461 int rk_rsa_public(rsa_key_t *key, const unsigned char *input, unsigned char *output)
462 {
463 int ret = -1;
464 mbedtls_rsa_context rsa;
465
466 mbedtls_rsa_init( &rsa);
467
468 rsa.len = key->key_len;
469 MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &rsa.N , key->n, key->key_len) );
470 MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &rsa.E , key->e, key->e_len) );
471
472 if(mbedtls_rsa_check_pubkey( &rsa ) != 0)
473 {
474 goto cleanup;
475 }
476
477 ret = mbedtls_rsa_public(&rsa, input, output);
478 ret = (ret==0)?0:-1;
479 cleanup:
480 mbedtls_rsa_free( &rsa );
481 return ret;
482 }
483
rk_rsa_public2(const mbed_rsa_key_t * key,const unsigned char * input,unsigned char * output)484 int rk_rsa_public2(const mbed_rsa_key_t *key, const unsigned char *input, unsigned char *output)
485 {
486 int ret = -1;
487 mbedtls_rsa_context rsa;
488
489 mbedtls_rsa_init( &rsa);
490
491 rsa.len = key->n_len;
492 MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &rsa.N , key->n, key->n_len) );
493 MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &rsa.E , key->e, key->e_len) );
494
495 if(mbedtls_rsa_check_pubkey( &rsa ) != 0)
496 {
497 goto cleanup;
498 }
499
500 ret = mbedtls_rsa_public(&rsa, input, output);
501 ret = (ret==0)?0:-1;
502 cleanup:
503 mbedtls_rsa_free( &rsa );
504 return ret;
505 }
506
507
508