Lines Matching refs:ctx
572 int mbedtls_rsa_import(mbedtls_rsa_context *ctx, in mbedtls_rsa_import() argument
579 if ((N != NULL && (ret = mbedtls_mpi_copy(&ctx->N, N)) != 0) || in mbedtls_rsa_import()
580 (P != NULL && (ret = mbedtls_mpi_copy(&ctx->P, P)) != 0) || in mbedtls_rsa_import()
581 (Q != NULL && (ret = mbedtls_mpi_copy(&ctx->Q, Q)) != 0) || in mbedtls_rsa_import()
582 (D != NULL && (ret = mbedtls_mpi_copy(&ctx->D, D)) != 0) || in mbedtls_rsa_import()
583 (E != NULL && (ret = mbedtls_mpi_copy(&ctx->E, E)) != 0)) { in mbedtls_rsa_import()
588 ctx->len = mbedtls_mpi_size(&ctx->N); in mbedtls_rsa_import()
594 int mbedtls_rsa_import_raw(mbedtls_rsa_context *ctx, in mbedtls_rsa_import_raw() argument
604 MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&ctx->N, N, N_len)); in mbedtls_rsa_import_raw()
605 ctx->len = mbedtls_mpi_size(&ctx->N); in mbedtls_rsa_import_raw()
609 MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&ctx->P, P, P_len)); in mbedtls_rsa_import_raw()
613 MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&ctx->Q, Q, Q_len)); in mbedtls_rsa_import_raw()
617 MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&ctx->D, D, D_len)); in mbedtls_rsa_import_raw()
621 MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&ctx->E, E, E_len)); in mbedtls_rsa_import_raw()
638 static int rsa_check_context(mbedtls_rsa_context const *ctx, int is_priv, in rsa_check_context() argument
647 if (ctx->len != mbedtls_mpi_size(&ctx->N) || in rsa_check_context()
648 ctx->len > MBEDTLS_MPI_MAX_SIZE) { in rsa_check_context()
658 if (mbedtls_mpi_cmp_int(&ctx->N, 0) <= 0 || in rsa_check_context()
659 mbedtls_mpi_get_bit(&ctx->N, 0) == 0) { in rsa_check_context()
668 (mbedtls_mpi_cmp_int(&ctx->P, 0) <= 0 || in rsa_check_context()
669 mbedtls_mpi_get_bit(&ctx->P, 0) == 0 || in rsa_check_context()
670 mbedtls_mpi_cmp_int(&ctx->Q, 0) <= 0 || in rsa_check_context()
671 mbedtls_mpi_get_bit(&ctx->Q, 0) == 0)) { in rsa_check_context()
681 if (mbedtls_mpi_cmp_int(&ctx->E, 0) <= 0) { in rsa_check_context()
688 if (is_priv && mbedtls_mpi_cmp_int(&ctx->D, 0) <= 0) { in rsa_check_context()
693 (mbedtls_mpi_cmp_int(&ctx->DP, 0) <= 0 || in rsa_check_context()
694 mbedtls_mpi_cmp_int(&ctx->DQ, 0) <= 0)) { in rsa_check_context()
704 (mbedtls_mpi_cmp_int(&ctx->P, 0) <= 0 || in rsa_check_context()
705 mbedtls_mpi_cmp_int(&ctx->Q, 0) <= 0)) { in rsa_check_context()
714 mbedtls_mpi_cmp_int(&ctx->QP, 0) <= 0) { in rsa_check_context()
722 int mbedtls_rsa_complete(mbedtls_rsa_context *ctx) in mbedtls_rsa_complete() argument
731 have_N = (mbedtls_mpi_cmp_int(&ctx->N, 0) != 0); in mbedtls_rsa_complete()
732 have_P = (mbedtls_mpi_cmp_int(&ctx->P, 0) != 0); in mbedtls_rsa_complete()
733 have_Q = (mbedtls_mpi_cmp_int(&ctx->Q, 0) != 0); in mbedtls_rsa_complete()
734 have_D = (mbedtls_mpi_cmp_int(&ctx->D, 0) != 0); in mbedtls_rsa_complete()
735 have_E = (mbedtls_mpi_cmp_int(&ctx->E, 0) != 0); in mbedtls_rsa_complete()
738 have_DP = (mbedtls_mpi_cmp_int(&ctx->DP, 0) != 0); in mbedtls_rsa_complete()
739 have_DQ = (mbedtls_mpi_cmp_int(&ctx->DQ, 0) != 0); in mbedtls_rsa_complete()
740 have_QP = (mbedtls_mpi_cmp_int(&ctx->QP, 0) != 0); in mbedtls_rsa_complete()
770 if ((ret = mbedtls_mpi_mul_mpi(&ctx->N, &ctx->P, in mbedtls_rsa_complete()
771 &ctx->Q)) != 0) { in mbedtls_rsa_complete()
775 ctx->len = mbedtls_mpi_size(&ctx->N); in mbedtls_rsa_complete()
783 ret = mbedtls_rsa_deduce_primes(&ctx->N, &ctx->E, &ctx->D, in mbedtls_rsa_complete()
784 &ctx->P, &ctx->Q); in mbedtls_rsa_complete()
790 if ((ret = mbedtls_rsa_deduce_private_exponent(&ctx->P, in mbedtls_rsa_complete()
791 &ctx->Q, in mbedtls_rsa_complete()
792 &ctx->E, in mbedtls_rsa_complete()
793 &ctx->D)) != 0) { in mbedtls_rsa_complete()
805 ret = mbedtls_rsa_deduce_crt(&ctx->P, &ctx->Q, &ctx->D, in mbedtls_rsa_complete()
806 &ctx->DP, &ctx->DQ, &ctx->QP); in mbedtls_rsa_complete()
817 return rsa_check_context(ctx, is_priv, 1); in mbedtls_rsa_complete()
820 int mbedtls_rsa_export_raw(const mbedtls_rsa_context *ctx, in mbedtls_rsa_export_raw() argument
832 mbedtls_mpi_cmp_int(&ctx->N, 0) != 0 && in mbedtls_rsa_export_raw()
833 mbedtls_mpi_cmp_int(&ctx->P, 0) != 0 && in mbedtls_rsa_export_raw()
834 mbedtls_mpi_cmp_int(&ctx->Q, 0) != 0 && in mbedtls_rsa_export_raw()
835 mbedtls_mpi_cmp_int(&ctx->D, 0) != 0 && in mbedtls_rsa_export_raw()
836 mbedtls_mpi_cmp_int(&ctx->E, 0) != 0; in mbedtls_rsa_export_raw()
848 MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary(&ctx->N, N, N_len)); in mbedtls_rsa_export_raw()
852 MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary(&ctx->P, P, P_len)); in mbedtls_rsa_export_raw()
856 MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary(&ctx->Q, Q, Q_len)); in mbedtls_rsa_export_raw()
860 MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary(&ctx->D, D, D_len)); in mbedtls_rsa_export_raw()
864 MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary(&ctx->E, E, E_len)); in mbedtls_rsa_export_raw()
872 int mbedtls_rsa_export(const mbedtls_rsa_context *ctx, in mbedtls_rsa_export() argument
881 mbedtls_mpi_cmp_int(&ctx->N, 0) != 0 && in mbedtls_rsa_export()
882 mbedtls_mpi_cmp_int(&ctx->P, 0) != 0 && in mbedtls_rsa_export()
883 mbedtls_mpi_cmp_int(&ctx->Q, 0) != 0 && in mbedtls_rsa_export()
884 mbedtls_mpi_cmp_int(&ctx->D, 0) != 0 && in mbedtls_rsa_export()
885 mbedtls_mpi_cmp_int(&ctx->E, 0) != 0; in mbedtls_rsa_export()
898 if ((N != NULL && (ret = mbedtls_mpi_copy(N, &ctx->N)) != 0) || in mbedtls_rsa_export()
899 (P != NULL && (ret = mbedtls_mpi_copy(P, &ctx->P)) != 0) || in mbedtls_rsa_export()
900 (Q != NULL && (ret = mbedtls_mpi_copy(Q, &ctx->Q)) != 0) || in mbedtls_rsa_export()
901 (D != NULL && (ret = mbedtls_mpi_copy(D, &ctx->D)) != 0) || in mbedtls_rsa_export()
902 (E != NULL && (ret = mbedtls_mpi_copy(E, &ctx->E)) != 0)) { in mbedtls_rsa_export()
915 int mbedtls_rsa_export_crt(const mbedtls_rsa_context *ctx, in mbedtls_rsa_export_crt() argument
923 mbedtls_mpi_cmp_int(&ctx->N, 0) != 0 && in mbedtls_rsa_export_crt()
924 mbedtls_mpi_cmp_int(&ctx->P, 0) != 0 && in mbedtls_rsa_export_crt()
925 mbedtls_mpi_cmp_int(&ctx->Q, 0) != 0 && in mbedtls_rsa_export_crt()
926 mbedtls_mpi_cmp_int(&ctx->D, 0) != 0 && in mbedtls_rsa_export_crt()
927 mbedtls_mpi_cmp_int(&ctx->E, 0) != 0; in mbedtls_rsa_export_crt()
935 if ((DP != NULL && (ret = mbedtls_mpi_copy(DP, &ctx->DP)) != 0) || in mbedtls_rsa_export_crt()
936 (DQ != NULL && (ret = mbedtls_mpi_copy(DQ, &ctx->DQ)) != 0) || in mbedtls_rsa_export_crt()
937 (QP != NULL && (ret = mbedtls_mpi_copy(QP, &ctx->QP)) != 0)) { in mbedtls_rsa_export_crt()
941 if ((ret = mbedtls_rsa_deduce_crt(&ctx->P, &ctx->Q, &ctx->D, in mbedtls_rsa_export_crt()
953 void mbedtls_rsa_init(mbedtls_rsa_context *ctx) in mbedtls_rsa_init() argument
955 memset(ctx, 0, sizeof(mbedtls_rsa_context)); in mbedtls_rsa_init()
957 ctx->padding = MBEDTLS_RSA_PKCS_V15; in mbedtls_rsa_init()
958 ctx->hash_id = MBEDTLS_MD_NONE; in mbedtls_rsa_init()
963 ctx->ver = 1; in mbedtls_rsa_init()
964 mbedtls_mutex_init(&ctx->mutex); in mbedtls_rsa_init()
971 int mbedtls_rsa_set_padding(mbedtls_rsa_context *ctx, int padding, in mbedtls_rsa_set_padding() argument
998 ctx->padding = padding; in mbedtls_rsa_set_padding()
999 ctx->hash_id = hash_id; in mbedtls_rsa_set_padding()
1007 int mbedtls_rsa_get_padding_mode(const mbedtls_rsa_context *ctx) in mbedtls_rsa_get_padding_mode() argument
1009 return ctx->padding; in mbedtls_rsa_get_padding_mode()
1015 int mbedtls_rsa_get_md_alg(const mbedtls_rsa_context *ctx) in mbedtls_rsa_get_md_alg() argument
1017 return ctx->hash_id; in mbedtls_rsa_get_md_alg()
1023 size_t mbedtls_rsa_get_bitlen(const mbedtls_rsa_context *ctx) in mbedtls_rsa_get_bitlen() argument
1025 return mbedtls_mpi_bitlen(&ctx->N); in mbedtls_rsa_get_bitlen()
1031 size_t mbedtls_rsa_get_len(const mbedtls_rsa_context *ctx) in mbedtls_rsa_get_len() argument
1033 return ctx->len; in mbedtls_rsa_get_len()
1044 int mbedtls_rsa_gen_key(mbedtls_rsa_context *ctx, in mbedtls_rsa_gen_key() argument
1082 MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&ctx->E, exponent)); in mbedtls_rsa_gen_key()
1085 MBEDTLS_MPI_CHK(mbedtls_mpi_gen_prime(&ctx->P, nbits >> 1, in mbedtls_rsa_gen_key()
1088 MBEDTLS_MPI_CHK(mbedtls_mpi_gen_prime(&ctx->Q, nbits >> 1, in mbedtls_rsa_gen_key()
1092 MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi(&H, &ctx->P, &ctx->Q)); in mbedtls_rsa_gen_key()
1099 mbedtls_mpi_swap(&ctx->P, &ctx->Q); in mbedtls_rsa_gen_key()
1103 MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int(&ctx->P, &ctx->P, 1)); in mbedtls_rsa_gen_key()
1104 MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int(&ctx->Q, &ctx->Q, 1)); in mbedtls_rsa_gen_key()
1105 MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&H, &ctx->P, &ctx->Q)); in mbedtls_rsa_gen_key()
1108 MBEDTLS_MPI_CHK(mbedtls_mpi_gcd(&G, &ctx->E, &H)); in mbedtls_rsa_gen_key()
1114 MBEDTLS_MPI_CHK(mbedtls_mpi_gcd(&G, &ctx->P, &ctx->Q)); in mbedtls_rsa_gen_key()
1116 MBEDTLS_MPI_CHK(mbedtls_mpi_inv_mod(&ctx->D, &ctx->E, &L)); in mbedtls_rsa_gen_key()
1118 … if (mbedtls_mpi_bitlen(&ctx->D) <= ((nbits + 1) / 2)) { // (FIPS 186-4 §B.3.1 criterion 3(a)) in mbedtls_rsa_gen_key()
1126 MBEDTLS_MPI_CHK(mbedtls_mpi_add_int(&ctx->P, &ctx->P, 1)); in mbedtls_rsa_gen_key()
1127 MBEDTLS_MPI_CHK(mbedtls_mpi_add_int(&ctx->Q, &ctx->Q, 1)); in mbedtls_rsa_gen_key()
1129 MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&ctx->N, &ctx->P, &ctx->Q)); in mbedtls_rsa_gen_key()
1131 ctx->len = mbedtls_mpi_size(&ctx->N); in mbedtls_rsa_gen_key()
1139 MBEDTLS_MPI_CHK(mbedtls_rsa_deduce_crt(&ctx->P, &ctx->Q, &ctx->D, in mbedtls_rsa_gen_key()
1140 &ctx->DP, &ctx->DQ, &ctx->QP)); in mbedtls_rsa_gen_key()
1144 MBEDTLS_MPI_CHK(mbedtls_rsa_check_privkey(ctx)); in mbedtls_rsa_gen_key()
1153 mbedtls_rsa_free(ctx); in mbedtls_rsa_gen_key()
1169 int mbedtls_rsa_check_pubkey(const mbedtls_rsa_context *ctx) in mbedtls_rsa_check_pubkey() argument
1171 if (rsa_check_context(ctx, 0 /* public */, 0 /* no blinding */) != 0) { in mbedtls_rsa_check_pubkey()
1175 if (mbedtls_mpi_bitlen(&ctx->N) < 128) { in mbedtls_rsa_check_pubkey()
1179 if (mbedtls_mpi_get_bit(&ctx->E, 0) == 0 || in mbedtls_rsa_check_pubkey()
1180 mbedtls_mpi_bitlen(&ctx->E) < 2 || in mbedtls_rsa_check_pubkey()
1181 mbedtls_mpi_cmp_mpi(&ctx->E, &ctx->N) >= 0) { in mbedtls_rsa_check_pubkey()
1191 int mbedtls_rsa_check_privkey(const mbedtls_rsa_context *ctx) in mbedtls_rsa_check_privkey() argument
1193 if (mbedtls_rsa_check_pubkey(ctx) != 0 || in mbedtls_rsa_check_privkey()
1194 rsa_check_context(ctx, 1 /* private */, 1 /* blinding */) != 0) { in mbedtls_rsa_check_privkey()
1198 if (mbedtls_rsa_validate_params(&ctx->N, &ctx->P, &ctx->Q, in mbedtls_rsa_check_privkey()
1199 &ctx->D, &ctx->E, NULL, NULL) != 0) { in mbedtls_rsa_check_privkey()
1204 else if (mbedtls_rsa_validate_crt(&ctx->P, &ctx->Q, &ctx->D, in mbedtls_rsa_check_privkey()
1205 &ctx->DP, &ctx->DQ, &ctx->QP) != 0) { in mbedtls_rsa_check_privkey()
1235 int mbedtls_rsa_public(mbedtls_rsa_context *ctx, in mbedtls_rsa_public() argument
1243 if (rsa_check_context(ctx, 0 /* public */, 0 /* no blinding */)) { in mbedtls_rsa_public()
1250 if ((ret = mbedtls_mutex_lock(&ctx->mutex)) != 0) { in mbedtls_rsa_public()
1255 MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&T, input, ctx->len)); in mbedtls_rsa_public()
1257 if (mbedtls_mpi_cmp_mpi(&T, &ctx->N) >= 0) { in mbedtls_rsa_public()
1262 olen = ctx->len; in mbedtls_rsa_public()
1263 MBEDTLS_MPI_CHK(mbedtls_mpi_exp_mod_unsafe(&T, &T, &ctx->E, &ctx->N, &ctx->RN)); in mbedtls_rsa_public()
1268 if (mbedtls_mutex_unlock(&ctx->mutex) != 0) { in mbedtls_rsa_public()
1288 static int rsa_prepare_blinding(mbedtls_rsa_context *ctx, in rsa_prepare_blinding() argument
1296 if (ctx->Vf.p != NULL) { in rsa_prepare_blinding()
1298 MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&ctx->Vi, &ctx->Vi, &ctx->Vi)); in rsa_prepare_blinding()
1299 MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(&ctx->Vi, &ctx->Vi, &ctx->N)); in rsa_prepare_blinding()
1300 MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&ctx->Vf, &ctx->Vf, &ctx->Vf)); in rsa_prepare_blinding()
1301 MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(&ctx->Vf, &ctx->Vf, &ctx->N)); in rsa_prepare_blinding()
1313 MBEDTLS_MPI_CHK(mbedtls_mpi_fill_random(&ctx->Vf, ctx->len - 1, f_rng, p_rng)); in rsa_prepare_blinding()
1316 MBEDTLS_MPI_CHK(mbedtls_mpi_fill_random(&R, ctx->len - 1, f_rng, p_rng)); in rsa_prepare_blinding()
1317 MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&ctx->Vi, &ctx->Vf, &R)); in rsa_prepare_blinding()
1318 MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(&ctx->Vi, &ctx->Vi, &ctx->N)); in rsa_prepare_blinding()
1324 ret = mbedtls_mpi_inv_mod(&ctx->Vi, &ctx->Vi, &ctx->N); in rsa_prepare_blinding()
1332 MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&ctx->Vi, &ctx->Vi, &R)); in rsa_prepare_blinding()
1333 MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(&ctx->Vi, &ctx->Vi, &ctx->N)); in rsa_prepare_blinding()
1337 MBEDTLS_MPI_CHK(mbedtls_mpi_exp_mod(&ctx->Vi, &ctx->Vi, &ctx->E, &ctx->N, &ctx->RN)); in rsa_prepare_blinding()
1409 int mbedtls_rsa_private(mbedtls_rsa_context *ctx, in mbedtls_rsa_private() argument
1445 if (rsa_check_context(ctx, 1 /* private key checks */, in mbedtls_rsa_private()
1451 if ((ret = mbedtls_mutex_lock(&ctx->mutex)) != 0) { in mbedtls_rsa_private()
1479 MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&T, input, ctx->len)); in mbedtls_rsa_private()
1480 if (mbedtls_mpi_cmp_mpi(&T, &ctx->N) >= 0) { in mbedtls_rsa_private()
1489 MBEDTLS_MPI_CHK(rsa_prepare_blinding(ctx, f_rng, p_rng)); in mbedtls_rsa_private()
1490 MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&T, &T, &ctx->Vi)); in mbedtls_rsa_private()
1491 MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(&T, &T, &ctx->N)); in mbedtls_rsa_private()
1498 MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int(&P1, &ctx->P, 1)); in mbedtls_rsa_private()
1499 MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int(&Q1, &ctx->Q, 1)); in mbedtls_rsa_private()
1509 MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi(&D_blind, &D_blind, &ctx->D)); in mbedtls_rsa_private()
1518 &ctx->DP)); in mbedtls_rsa_private()
1527 &ctx->DQ)); in mbedtls_rsa_private()
1531 MBEDTLS_MPI_CHK(mbedtls_mpi_exp_mod(&T, &T, &D_blind, &ctx->N, &ctx->RN)); in mbedtls_rsa_private()
1540 MBEDTLS_MPI_CHK(mbedtls_mpi_exp_mod(&TP, &T, &DP_blind, &ctx->P, &ctx->RP)); in mbedtls_rsa_private()
1541 MBEDTLS_MPI_CHK(mbedtls_mpi_exp_mod(&TQ, &T, &DQ_blind, &ctx->Q, &ctx->RQ)); in mbedtls_rsa_private()
1547 MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&TP, &T, &ctx->QP)); in mbedtls_rsa_private()
1548 MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(&T, &TP, &ctx->P)); in mbedtls_rsa_private()
1553 MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&TP, &T, &ctx->Q)); in mbedtls_rsa_private()
1558 MBEDTLS_MPI_CHK(mbedtls_mpi_exp_mod(&check_result_blinded, &T, &ctx->E, in mbedtls_rsa_private()
1559 &ctx->N, &ctx->RN)); in mbedtls_rsa_private()
1569 MBEDTLS_MPI_CHK(rsa_unblind(&T, &ctx->Vf, &ctx->N)); in mbedtls_rsa_private()
1571 olen = ctx->len; in mbedtls_rsa_private()
1576 if (mbedtls_mutex_unlock(&ctx->mutex) != 0) { in mbedtls_rsa_private()
1761 int mbedtls_rsa_rsaes_oaep_encrypt(mbedtls_rsa_context *ctx, in mbedtls_rsa_rsaes_oaep_encrypt() argument
1778 hlen = mbedtls_md_get_size_from_type((mbedtls_md_type_t) ctx->hash_id); in mbedtls_rsa_rsaes_oaep_encrypt()
1783 olen = ctx->len; in mbedtls_rsa_rsaes_oaep_encrypt()
1802 ret = compute_hash((mbedtls_md_type_t) ctx->hash_id, label, label_len, p); in mbedtls_rsa_rsaes_oaep_encrypt()
1815 (mbedtls_md_type_t) ctx->hash_id)) != 0) { in mbedtls_rsa_rsaes_oaep_encrypt()
1821 (mbedtls_md_type_t) ctx->hash_id)) != 0) { in mbedtls_rsa_rsaes_oaep_encrypt()
1825 return mbedtls_rsa_public(ctx, output, output); in mbedtls_rsa_rsaes_oaep_encrypt()
1833 int mbedtls_rsa_rsaes_pkcs1_v15_encrypt(mbedtls_rsa_context *ctx, in mbedtls_rsa_rsaes_pkcs1_v15_encrypt() argument
1843 olen = ctx->len; in mbedtls_rsa_rsaes_pkcs1_v15_encrypt()
1880 return mbedtls_rsa_public(ctx, output, output); in mbedtls_rsa_rsaes_pkcs1_v15_encrypt()
1887 int mbedtls_rsa_pkcs1_encrypt(mbedtls_rsa_context *ctx, in mbedtls_rsa_pkcs1_encrypt() argument
1894 switch (ctx->padding) { in mbedtls_rsa_pkcs1_encrypt()
1897 return mbedtls_rsa_rsaes_pkcs1_v15_encrypt(ctx, f_rng, p_rng, in mbedtls_rsa_pkcs1_encrypt()
1903 return mbedtls_rsa_rsaes_oaep_encrypt(ctx, f_rng, p_rng, NULL, 0, in mbedtls_rsa_pkcs1_encrypt()
1916 int mbedtls_rsa_rsaes_oaep_decrypt(mbedtls_rsa_context *ctx, in mbedtls_rsa_rsaes_oaep_decrypt() argument
1936 if (ctx->padding != MBEDTLS_RSA_PKCS_V21) { in mbedtls_rsa_rsaes_oaep_decrypt()
1940 ilen = ctx->len; in mbedtls_rsa_rsaes_oaep_decrypt()
1946 hlen = mbedtls_md_get_size_from_type((mbedtls_md_type_t) ctx->hash_id); in mbedtls_rsa_rsaes_oaep_decrypt()
1959 ret = mbedtls_rsa_private(ctx, f_rng, p_rng, input, buf); in mbedtls_rsa_rsaes_oaep_decrypt()
1970 (mbedtls_md_type_t) ctx->hash_id)) != 0 || in mbedtls_rsa_rsaes_oaep_decrypt()
1973 (mbedtls_md_type_t) ctx->hash_id)) != 0) { in mbedtls_rsa_rsaes_oaep_decrypt()
1978 ret = compute_hash((mbedtls_md_type_t) ctx->hash_id, in mbedtls_rsa_rsaes_oaep_decrypt()
2043 int mbedtls_rsa_rsaes_pkcs1_v15_decrypt(mbedtls_rsa_context *ctx, in mbedtls_rsa_rsaes_pkcs1_v15_decrypt() argument
2055 ilen = ctx->len; in mbedtls_rsa_rsaes_pkcs1_v15_decrypt()
2057 if (ctx->padding != MBEDTLS_RSA_PKCS_V15) { in mbedtls_rsa_rsaes_pkcs1_v15_decrypt()
2065 ret = mbedtls_rsa_private(ctx, f_rng, p_rng, input, buf); in mbedtls_rsa_rsaes_pkcs1_v15_decrypt()
2084 int mbedtls_rsa_pkcs1_decrypt(mbedtls_rsa_context *ctx, in mbedtls_rsa_pkcs1_decrypt() argument
2092 switch (ctx->padding) { in mbedtls_rsa_pkcs1_decrypt()
2095 return mbedtls_rsa_rsaes_pkcs1_v15_decrypt(ctx, f_rng, p_rng, olen, in mbedtls_rsa_pkcs1_decrypt()
2101 return mbedtls_rsa_rsaes_oaep_decrypt(ctx, f_rng, p_rng, NULL, 0, in mbedtls_rsa_pkcs1_decrypt()
2112 static int rsa_rsassa_pss_sign_no_mode_check(mbedtls_rsa_context *ctx, in rsa_rsassa_pss_sign_no_mode_check() argument
2137 olen = ctx->len; in rsa_rsassa_pss_sign_no_mode_check()
2151 hash_id = (mbedtls_md_type_t) ctx->hash_id; in rsa_rsassa_pss_sign_no_mode_check()
2185 msb = mbedtls_mpi_bitlen(&ctx->N) - 1; in rsa_rsassa_pss_sign_no_mode_check()
2214 msb = mbedtls_mpi_bitlen(&ctx->N) - 1; in rsa_rsassa_pss_sign_no_mode_check()
2220 return mbedtls_rsa_private(ctx, f_rng, p_rng, sig, sig); in rsa_rsassa_pss_sign_no_mode_check()
2223 static int rsa_rsassa_pss_sign(mbedtls_rsa_context *ctx, in rsa_rsassa_pss_sign() argument
2232 if (ctx->padding != MBEDTLS_RSA_PKCS_V21) { in rsa_rsassa_pss_sign()
2235 if ((ctx->hash_id == MBEDTLS_MD_NONE) && (md_alg == MBEDTLS_MD_NONE)) { in rsa_rsassa_pss_sign()
2238 return rsa_rsassa_pss_sign_no_mode_check(ctx, f_rng, p_rng, md_alg, hashlen, hash, saltlen, in rsa_rsassa_pss_sign()
2242 int mbedtls_rsa_rsassa_pss_sign_no_mode_check(mbedtls_rsa_context *ctx, in mbedtls_rsa_rsassa_pss_sign_no_mode_check() argument
2250 return rsa_rsassa_pss_sign_no_mode_check(ctx, f_rng, p_rng, md_alg, in mbedtls_rsa_rsassa_pss_sign_no_mode_check()
2258 int mbedtls_rsa_rsassa_pss_sign_ext(mbedtls_rsa_context *ctx, in mbedtls_rsa_rsassa_pss_sign_ext() argument
2267 return rsa_rsassa_pss_sign(ctx, f_rng, p_rng, md_alg, in mbedtls_rsa_rsassa_pss_sign_ext()
2274 int mbedtls_rsa_rsassa_pss_sign(mbedtls_rsa_context *ctx, in mbedtls_rsa_rsassa_pss_sign() argument
2282 return rsa_rsassa_pss_sign(ctx, f_rng, p_rng, md_alg, in mbedtls_rsa_rsassa_pss_sign()
2427 int mbedtls_rsa_rsassa_pkcs1_v15_sign(mbedtls_rsa_context *ctx, in mbedtls_rsa_rsassa_pkcs1_v15_sign() argument
2442 if (ctx->padding != MBEDTLS_RSA_PKCS_V15) { in mbedtls_rsa_rsassa_pkcs1_v15_sign()
2451 ctx->len, sig)) != 0) { in mbedtls_rsa_rsassa_pkcs1_v15_sign()
2461 sig_try = mbedtls_calloc(1, ctx->len); in mbedtls_rsa_rsassa_pkcs1_v15_sign()
2466 verif = mbedtls_calloc(1, ctx->len); in mbedtls_rsa_rsassa_pkcs1_v15_sign()
2472 MBEDTLS_MPI_CHK(mbedtls_rsa_private(ctx, f_rng, p_rng, sig, sig_try)); in mbedtls_rsa_rsassa_pkcs1_v15_sign()
2473 MBEDTLS_MPI_CHK(mbedtls_rsa_public(ctx, sig_try, verif)); in mbedtls_rsa_rsassa_pkcs1_v15_sign()
2475 if (mbedtls_ct_memcmp(verif, sig, ctx->len) != 0) { in mbedtls_rsa_rsassa_pkcs1_v15_sign()
2480 memcpy(sig, sig_try, ctx->len); in mbedtls_rsa_rsassa_pkcs1_v15_sign()
2483 mbedtls_zeroize_and_free(sig_try, ctx->len); in mbedtls_rsa_rsassa_pkcs1_v15_sign()
2484 mbedtls_zeroize_and_free(verif, ctx->len); in mbedtls_rsa_rsassa_pkcs1_v15_sign()
2487 memset(sig, '!', ctx->len); in mbedtls_rsa_rsassa_pkcs1_v15_sign()
2496 int mbedtls_rsa_pkcs1_sign(mbedtls_rsa_context *ctx, in mbedtls_rsa_pkcs1_sign() argument
2508 switch (ctx->padding) { in mbedtls_rsa_pkcs1_sign()
2511 return mbedtls_rsa_rsassa_pkcs1_v15_sign(ctx, f_rng, p_rng, in mbedtls_rsa_pkcs1_sign()
2517 return mbedtls_rsa_rsassa_pss_sign(ctx, f_rng, p_rng, md_alg, in mbedtls_rsa_pkcs1_sign()
2530 int mbedtls_rsa_rsassa_pss_verify_ext(mbedtls_rsa_context *ctx, in mbedtls_rsa_rsassa_pss_verify_ext() argument
2551 siglen = ctx->len; in mbedtls_rsa_rsassa_pss_verify_ext()
2557 ret = mbedtls_rsa_public(ctx, sig, buf); in mbedtls_rsa_rsassa_pss_verify_ext()
2589 msb = mbedtls_mpi_bitlen(&ctx->N) - 1; in mbedtls_rsa_rsassa_pss_verify_ext()
2647 int mbedtls_rsa_rsassa_pss_verify(mbedtls_rsa_context *ctx, in mbedtls_rsa_rsassa_pss_verify() argument
2658 mgf1_hash_id = (ctx->hash_id != MBEDTLS_MD_NONE) in mbedtls_rsa_rsassa_pss_verify()
2659 ? (mbedtls_md_type_t) ctx->hash_id in mbedtls_rsa_rsassa_pss_verify()
2662 return mbedtls_rsa_rsassa_pss_verify_ext(ctx, in mbedtls_rsa_rsassa_pss_verify()
2675 int mbedtls_rsa_rsassa_pkcs1_v15_verify(mbedtls_rsa_context *ctx, in mbedtls_rsa_rsassa_pkcs1_v15_verify() argument
2689 sig_len = ctx->len; in mbedtls_rsa_rsassa_pkcs1_v15_verify()
2710 ret = mbedtls_rsa_public(ctx, sig, encoded); in mbedtls_rsa_rsassa_pkcs1_v15_verify()
2742 int mbedtls_rsa_pkcs1_verify(mbedtls_rsa_context *ctx, in mbedtls_rsa_pkcs1_verify() argument
2752 switch (ctx->padding) { in mbedtls_rsa_pkcs1_verify()
2755 return mbedtls_rsa_rsassa_pkcs1_v15_verify(ctx, md_alg, in mbedtls_rsa_pkcs1_verify()
2761 return mbedtls_rsa_rsassa_pss_verify(ctx, md_alg, in mbedtls_rsa_pkcs1_verify()
2813 void mbedtls_rsa_free(mbedtls_rsa_context *ctx) in mbedtls_rsa_free() argument
2815 if (ctx == NULL) { in mbedtls_rsa_free()
2819 mbedtls_mpi_free(&ctx->Vi); in mbedtls_rsa_free()
2820 mbedtls_mpi_free(&ctx->Vf); in mbedtls_rsa_free()
2821 mbedtls_mpi_free(&ctx->RN); in mbedtls_rsa_free()
2822 mbedtls_mpi_free(&ctx->D); in mbedtls_rsa_free()
2823 mbedtls_mpi_free(&ctx->Q); in mbedtls_rsa_free()
2824 mbedtls_mpi_free(&ctx->P); in mbedtls_rsa_free()
2825 mbedtls_mpi_free(&ctx->E); in mbedtls_rsa_free()
2826 mbedtls_mpi_free(&ctx->N); in mbedtls_rsa_free()
2829 mbedtls_mpi_free(&ctx->RQ); in mbedtls_rsa_free()
2830 mbedtls_mpi_free(&ctx->RP); in mbedtls_rsa_free()
2831 mbedtls_mpi_free(&ctx->QP); in mbedtls_rsa_free()
2832 mbedtls_mpi_free(&ctx->DQ); in mbedtls_rsa_free()
2833 mbedtls_mpi_free(&ctx->DP); in mbedtls_rsa_free()
2838 if (ctx->ver != 0) { in mbedtls_rsa_free()
2839 mbedtls_mutex_free(&ctx->mutex); in mbedtls_rsa_free()
2840 ctx->ver = 0; in mbedtls_rsa_free()