1656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project/* crypto/bn/bn_blind.c */ 2656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project/* ==================================================================== 3221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. 4656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 5656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * Redistribution and use in source and binary forms, with or without 6656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * modification, are permitted provided that the following conditions 7656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * are met: 8656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 9656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 1. Redistributions of source code must retain the above copyright 10656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * notice, this list of conditions and the following disclaimer. 11656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 12656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 2. Redistributions in binary form must reproduce the above copyright 13656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * notice, this list of conditions and the following disclaimer in 14656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * the documentation and/or other materials provided with the 15656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * distribution. 16656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 17656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 3. All advertising materials mentioning features or use of this 18656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * software must display the following acknowledgment: 19656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * "This product includes software developed by the OpenSSL Project 20656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" 21656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 22656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 23656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * endorse or promote products derived from this software without 24656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * prior written permission. For written permission, please contact 25656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * openssl-core@openssl.org. 26656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 27656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 5. Products derived from this software may not be called "OpenSSL" 28656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * nor may "OpenSSL" appear in their names without prior written 29656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * permission of the OpenSSL Project. 30656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 31656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 6. Redistributions of any form whatsoever must retain the following 32656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * acknowledgment: 33656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * "This product includes software developed by the OpenSSL Project 34656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * for use in the OpenSSL Toolkit (http://www.openssl.org/)" 35656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 36656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 37656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 38656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 39656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 40656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 41656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 42656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 43656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 44656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 45656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 46656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 47656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * OF THE POSSIBILITY OF SUCH DAMAGE. 48656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * ==================================================================== 49656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 50656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * This product includes cryptographic software written by Eric Young 51656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * (eay@cryptsoft.com). This product includes software written by Tim 52656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * Hudson (tjh@cryptsoft.com). 53656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 54656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project */ 55656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 56656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * All rights reserved. 57656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 58656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * This package is an SSL implementation written 59656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * by Eric Young (eay@cryptsoft.com). 60656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * The implementation was written so as to conform with Netscapes SSL. 61656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 62656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * This library is free for commercial and non-commercial use as long as 63656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * the following conditions are aheared to. The following conditions 64656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * apply to all code found in this distribution, be it the RC4, RSA, 65656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * lhash, DES, etc., code; not just the SSL code. The SSL documentation 66656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * included with this distribution is covered by the same copyright terms 67656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * except that the holder is Tim Hudson (tjh@cryptsoft.com). 68656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 69656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * Copyright remains Eric Young's, and as such any Copyright notices in 70656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * the code are not to be removed. 71656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * If this package is used in a product, Eric Young should be given attribution 72656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * as the author of the parts of the library used. 73656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * This can be in the form of a textual message at program startup or 74656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * in documentation (online or textual) provided with the package. 75656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 76656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * Redistribution and use in source and binary forms, with or without 77656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * modification, are permitted provided that the following conditions 78656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * are met: 79656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 1. Redistributions of source code must retain the copyright 80656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * notice, this list of conditions and the following disclaimer. 81656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 2. Redistributions in binary form must reproduce the above copyright 82656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * notice, this list of conditions and the following disclaimer in the 83656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * documentation and/or other materials provided with the distribution. 84656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 3. All advertising materials mentioning features or use of this software 85656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * must display the following acknowledgement: 86656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * "This product includes cryptographic software written by 87656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * Eric Young (eay@cryptsoft.com)" 88656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * The word 'cryptographic' can be left out if the rouines from the library 89656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * being used are not cryptographic related :-). 90656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 4. If you include any Windows specific code (or a derivative thereof) from 91656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * the apps directory (application code) you must include an acknowledgement: 92656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 93656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 94656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 95656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 96656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 97656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 98656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 99656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 100656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 101656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 102656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 103656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 104656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * SUCH DAMAGE. 105656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 106656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * The licence and distribution terms for any publically available version or 107656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * derivative of this code cannot be changed. i.e. this code cannot simply be 108656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * copied and put under another distribution licence 109656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * [including the GNU Public Licence.] 110656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project */ 111656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 112656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#include <stdio.h> 113656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#include "cryptlib.h" 114656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#include "bn_lcl.h" 115656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 116656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#define BN_BLINDING_COUNTER 32 117656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 118656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectstruct bn_blinding_st 119656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 120656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIGNUM *A; 121656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIGNUM *Ai; 122656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIGNUM *e; 123656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIGNUM *mod; /* just a reference */ 124221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#ifndef OPENSSL_NO_DEPRECATED 125656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project unsigned long thread_id; /* added in OpenSSL 0.9.6j and 0.9.7b; 126656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * used only by crypto/rsa/rsa_eay.c, rsa_lib.c */ 127221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#endif 128221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom CRYPTO_THREADID tid; 1297b476c43f6a45574eb34697244b592e7b09f05a3Brian Carlstrom int counter; 130656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project unsigned long flags; 131656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BN_MONT_CTX *m_ctx; 132656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, 133656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project const BIGNUM *m, BN_CTX *ctx, 134656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BN_MONT_CTX *m_ctx); 135656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project }; 136656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 137221304ee937bc0910948a8be1320cb8cc4eb6d36Brian CarlstromBN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, BIGNUM *mod) 138656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 139656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BN_BLINDING *ret=NULL; 140656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 141656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project bn_check_top(mod); 142656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 143656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((ret=(BN_BLINDING *)OPENSSL_malloc(sizeof(BN_BLINDING))) == NULL) 144656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 145656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BNerr(BN_F_BN_BLINDING_NEW,ERR_R_MALLOC_FAILURE); 146656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(NULL); 147656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 148656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project memset(ret,0,sizeof(BN_BLINDING)); 149656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (A != NULL) 150656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 151656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((ret->A = BN_dup(A)) == NULL) goto err; 152656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 153656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (Ai != NULL) 154656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 155656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((ret->Ai = BN_dup(Ai)) == NULL) goto err; 156656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 157656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 158656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* save a copy of mod in the BN_BLINDING structure */ 159656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((ret->mod = BN_dup(mod)) == NULL) goto err; 160656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (BN_get_flags(mod, BN_FLG_CONSTTIME) != 0) 161656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BN_set_flags(ret->mod, BN_FLG_CONSTTIME); 162656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1637b476c43f6a45574eb34697244b592e7b09f05a3Brian Carlstrom /* Set the counter to the special value -1 1647b476c43f6a45574eb34697244b592e7b09f05a3Brian Carlstrom * to indicate that this is never-used fresh blinding 1657b476c43f6a45574eb34697244b592e7b09f05a3Brian Carlstrom * that does not need updating before first use. */ 1667b476c43f6a45574eb34697244b592e7b09f05a3Brian Carlstrom ret->counter = -1; 167221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom CRYPTO_THREADID_current(&ret->tid); 168656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(ret); 169656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projecterr: 170656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (ret != NULL) BN_BLINDING_free(ret); 171656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(NULL); 172656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 173656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 174656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectvoid BN_BLINDING_free(BN_BLINDING *r) 175656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 176656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if(r == NULL) 177656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return; 178656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 179656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (r->A != NULL) BN_free(r->A ); 180656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (r->Ai != NULL) BN_free(r->Ai); 181656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (r->e != NULL) BN_free(r->e ); 182656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (r->mod != NULL) BN_free(r->mod); 183656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project OPENSSL_free(r); 184656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 185656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 186656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectint BN_BLINDING_update(BN_BLINDING *b, BN_CTX *ctx) 187656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 188656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int ret=0; 189656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 190656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((b->A == NULL) || (b->Ai == NULL)) 191656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 192656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BNerr(BN_F_BN_BLINDING_UPDATE,BN_R_NOT_INITIALIZED); 193656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 194656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 195656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 1967b476c43f6a45574eb34697244b592e7b09f05a3Brian Carlstrom if (b->counter == -1) 1977b476c43f6a45574eb34697244b592e7b09f05a3Brian Carlstrom b->counter = 0; 1987b476c43f6a45574eb34697244b592e7b09f05a3Brian Carlstrom 1997b476c43f6a45574eb34697244b592e7b09f05a3Brian Carlstrom if (++b->counter == BN_BLINDING_COUNTER && b->e != NULL && 200656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project !(b->flags & BN_BLINDING_NO_RECREATE)) 201656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 202656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* re-create blinding parameters */ 203656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!BN_BLINDING_create_param(b, NULL, NULL, ctx, NULL, NULL)) 204656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 205656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 206656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (!(b->flags & BN_BLINDING_NO_UPDATE)) 207656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 208656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!BN_mod_mul(b->A,b->A,b->A,b->mod,ctx)) goto err; 209656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!BN_mod_mul(b->Ai,b->Ai,b->Ai,b->mod,ctx)) goto err; 210656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 211656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 212656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret=1; 213656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projecterr: 2147b476c43f6a45574eb34697244b592e7b09f05a3Brian Carlstrom if (b->counter == BN_BLINDING_COUNTER) 2157b476c43f6a45574eb34697244b592e7b09f05a3Brian Carlstrom b->counter = 0; 216656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(ret); 217656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 218656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 219656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectint BN_BLINDING_convert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx) 220656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 221656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return BN_BLINDING_convert_ex(n, NULL, b, ctx); 222656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 223656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 224656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectint BN_BLINDING_convert_ex(BIGNUM *n, BIGNUM *r, BN_BLINDING *b, BN_CTX *ctx) 225656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 226656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int ret = 1; 227656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 228656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project bn_check_top(n); 229656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 230656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((b->A == NULL) || (b->Ai == NULL)) 231656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 232656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BNerr(BN_F_BN_BLINDING_CONVERT_EX,BN_R_NOT_INITIALIZED); 233656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(0); 234656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 235656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 2367b476c43f6a45574eb34697244b592e7b09f05a3Brian Carlstrom if (b->counter == -1) 2377b476c43f6a45574eb34697244b592e7b09f05a3Brian Carlstrom /* Fresh blinding, doesn't need updating. */ 2387b476c43f6a45574eb34697244b592e7b09f05a3Brian Carlstrom b->counter = 0; 2397b476c43f6a45574eb34697244b592e7b09f05a3Brian Carlstrom else if (!BN_BLINDING_update(b,ctx)) 2407b476c43f6a45574eb34697244b592e7b09f05a3Brian Carlstrom return(0); 2417b476c43f6a45574eb34697244b592e7b09f05a3Brian Carlstrom 242656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (r != NULL) 243656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 244656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!BN_copy(r, b->Ai)) ret=0; 245656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 246656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 247656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!BN_mod_mul(n,n,b->A,b->mod,ctx)) ret=0; 248656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 249656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return ret; 250656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 251656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 252656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectint BN_BLINDING_invert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx) 253656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 254656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return BN_BLINDING_invert_ex(n, NULL, b, ctx); 255656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 256656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 257656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectint BN_BLINDING_invert_ex(BIGNUM *n, const BIGNUM *r, BN_BLINDING *b, BN_CTX *ctx) 258656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 259656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int ret; 260656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 261656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project bn_check_top(n); 262656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 263656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (r != NULL) 264656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret = BN_mod_mul(n, n, r, b->mod, ctx); 265656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 266656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 2677b476c43f6a45574eb34697244b592e7b09f05a3Brian Carlstrom if (b->Ai == NULL) 2687b476c43f6a45574eb34697244b592e7b09f05a3Brian Carlstrom { 2697b476c43f6a45574eb34697244b592e7b09f05a3Brian Carlstrom BNerr(BN_F_BN_BLINDING_INVERT_EX,BN_R_NOT_INITIALIZED); 270656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(0); 2717b476c43f6a45574eb34697244b592e7b09f05a3Brian Carlstrom } 2727b476c43f6a45574eb34697244b592e7b09f05a3Brian Carlstrom ret = BN_mod_mul(n, n, b->Ai, b->mod, ctx); 273656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 2747b476c43f6a45574eb34697244b592e7b09f05a3Brian Carlstrom 275656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project bn_check_top(n); 276656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(ret); 277656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 278656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 279221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#ifndef OPENSSL_NO_DEPRECATED 280656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectunsigned long BN_BLINDING_get_thread_id(const BN_BLINDING *b) 281656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 282656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return b->thread_id; 283656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 284656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 285656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectvoid BN_BLINDING_set_thread_id(BN_BLINDING *b, unsigned long n) 286656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 287656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project b->thread_id = n; 288656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 289221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#endif 290221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom 291221304ee937bc0910948a8be1320cb8cc4eb6d36Brian CarlstromCRYPTO_THREADID *BN_BLINDING_thread_id(BN_BLINDING *b) 292221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom { 293221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return &b->tid; 294221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom } 295656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 296656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectunsigned long BN_BLINDING_get_flags(const BN_BLINDING *b) 297656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 298656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return b->flags; 299656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 300656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 301656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectvoid BN_BLINDING_set_flags(BN_BLINDING *b, unsigned long flags) 302656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 303656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project b->flags = flags; 304656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 305656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 306656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source ProjectBN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b, 307221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom const BIGNUM *e, BIGNUM *m, BN_CTX *ctx, 308656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, 309656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx), 310656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BN_MONT_CTX *m_ctx) 311656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project{ 312656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int retry_counter = 32; 313656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BN_BLINDING *ret = NULL; 314656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 315656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (b == NULL) 316656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret = BN_BLINDING_new(NULL, NULL, m); 317656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 318656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret = b; 319656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 320656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (ret == NULL) 321656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 322656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 323656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (ret->A == NULL && (ret->A = BN_new()) == NULL) 324656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 325656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (ret->Ai == NULL && (ret->Ai = BN_new()) == NULL) 326656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 327656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 328656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (e != NULL) 329656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 330656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (ret->e != NULL) 331656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BN_free(ret->e); 332656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret->e = BN_dup(e); 333656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 334656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (ret->e == NULL) 335656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 336656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 337656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (bn_mod_exp != NULL) 338656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret->bn_mod_exp = bn_mod_exp; 339656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (m_ctx != NULL) 340656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret->m_ctx = m_ctx; 341656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 342656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project do { 343656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!BN_rand_range(ret->A, ret->mod)) goto err; 344656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (BN_mod_inverse(ret->Ai, ret->A, ret->mod, ctx) == NULL) 345656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 346656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* this should almost never happen for good RSA keys */ 347656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project unsigned long error = ERR_peek_last_error(); 348656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (ERR_GET_REASON(error) == BN_R_NO_INVERSE) 349656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 350656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (retry_counter-- == 0) 351656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 352656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BNerr(BN_F_BN_BLINDING_CREATE_PARAM, 353656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BN_R_TOO_MANY_ITERATIONS); 354656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 355656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 356656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ERR_clear_error(); 357656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 358656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 359656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 360656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 361656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 362656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project break; 363656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } while (1); 364656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 365656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (ret->bn_mod_exp != NULL && ret->m_ctx != NULL) 366656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 367656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!ret->bn_mod_exp(ret->A, ret->A, ret->e, ret->mod, ctx, ret->m_ctx)) 368656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 369656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 370656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 371656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 372656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!BN_mod_exp(ret->A, ret->A, ret->e, ret->mod, ctx)) 373656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 374656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 375656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 376656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return ret; 377656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projecterr: 378656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (b == NULL && ret != NULL) 379656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 380656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BN_BLINDING_free(ret); 381656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret = NULL; 382656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 383656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 384656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return ret; 385656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project} 386