rsa.h
Go to the documentation of this file.
1 /* rsa.h
2  *
3  * Copyright (C) 2006-2020 wolfSSL Inc.
4  *
5  * This file is part of wolfSSL.
6  *
7  * wolfSSL is free software; you can redistribute it and/or modify
8  * it under the terms of the GNU General Public License as published by
9  * the Free Software Foundation; either version 2 of the License, or
10  * (at your option) any later version.
11  *
12  * wolfSSL is distributed in the hope that it will be useful,
13  * but WITHOUT ANY WARRANTY; without even the implied warranty of
14  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15  * GNU General Public License for more details.
16  *
17  * You should have received a copy of the GNU General Public License
18  * along with this program; if not, write to the Free Software
19  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
20  */
21 
27 #ifndef WOLF_CRYPT_RSA_H
28 #define WOLF_CRYPT_RSA_H
29 
30 #include <wolfssl/wolfcrypt/types.h>
31 
32 #ifndef NO_RSA
33 
34 
35 /* RSA default exponent */
36 #ifndef WC_RSA_EXPONENT
37  #define WC_RSA_EXPONENT 65537L
38 #endif
39 
40 #if defined(WC_RSA_NONBLOCK)
41  /* enable support for fast math based non-blocking exptmod */
42  /* this splits the RSA function into many smaller operations */
43  #ifndef USE_FAST_MATH
44  #error RSA non-blocking mode only supported using fast math
45  #endif
46  #ifndef TFM_TIMING_RESISTANT
47  #error RSA non-blocking mode only supported with timing resistance enabled
48  #endif
49 
50  /* RSA bounds check is not supported with RSA non-blocking mode */
51  #undef NO_RSA_BOUNDS_CHECK
52  #define NO_RSA_BOUNDS_CHECK
53 #endif
54 
55 /* allow for user to plug in own crypto */
56 #if !defined(HAVE_FIPS) && (defined(HAVE_USER_RSA) || defined(HAVE_FAST_RSA))
57  #include "user_rsa.h"
58 #else
59 
60 #if defined(HAVE_FIPS) && \
61  (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2))
62 /* for fips @wc_fips */
63 #include <cyassl/ctaocrypt/rsa.h>
64 #if defined(CYASSL_KEY_GEN) && !defined(WOLFSSL_KEY_GEN)
65  #define WOLFSSL_KEY_GEN
66 #endif
67 #else
68  #include <wolfssl/wolfcrypt/integer.h>
69  #include <wolfssl/wolfcrypt/random.h>
70 #endif /* HAVE_FIPS && HAVE_FIPS_VERION 1 */
71 #if defined(HAVE_FIPS) && \
72  defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)
73 #include <wolfssl/wolfcrypt/fips.h>
74 #endif
75 
76 /* header file needed for OAEP padding */
77 #include <wolfssl/wolfcrypt/hash.h>
78 
79 #ifdef WOLFSSL_XILINX_CRYPT
80 #include "xsecure_rsa.h"
81 #endif
82 
83 #if defined(WOLFSSL_CRYPTOCELL)
84  #include <wolfssl/wolfcrypt/port/arm/cryptoCell.h>
85 #endif
86 
87 #ifdef __cplusplus
88  extern "C" {
89 #endif
90 
91 enum {
92  RSA_MIN_SIZE = 512,
93  RSA_MAX_SIZE = 4096,
94 };
95 
96 /* avoid redefinition of structs */
97 #if !defined(HAVE_FIPS) || \
98  (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2))
99 
100 #ifdef WOLFSSL_ASYNC_CRYPT
101  #include <wolfssl/wolfcrypt/async.h>
102  #ifdef WOLFSSL_CERT_GEN
103  #include <wolfssl/wolfcrypt/asn.h>
104  #endif
105 #endif
106 
107 enum {
108  RSA_PUBLIC = 0,
109  RSA_PRIVATE = 1,
110 
111  RSA_TYPE_UNKNOWN = -1,
112  RSA_PUBLIC_ENCRYPT = 0,
113  RSA_PUBLIC_DECRYPT = 1,
114  RSA_PRIVATE_ENCRYPT = 2,
115  RSA_PRIVATE_DECRYPT = 3,
116 
117  RSA_BLOCK_TYPE_1 = 1,
118  RSA_BLOCK_TYPE_2 = 2,
119 
120  RSA_MIN_PAD_SZ = 11, /* separator + 0 + pad value + 8 pads */
121 
122  RSA_PSS_PAD_SZ = 8,
123  RSA_PSS_SALT_MAX_SZ = 62,
124 
125 #ifdef OPENSSL_EXTRA
126  RSA_PKCS1_PADDING_SIZE = 11,
127  RSA_PKCS1_OAEP_PADDING_SIZE = 42, /* (2 * hashlen(SHA-1)) + 2 */
128 #endif
129 #ifdef WC_RSA_PSS
130  RSA_PSS_PAD_TERM = 0xBC,
131 #endif
132 
133  RSA_PSS_SALT_LEN_DEFAULT = -1,
134 #ifdef WOLFSSL_PSS_SALT_LEN_DISCOVER
135  RSA_PSS_SALT_LEN_DISCOVER = -2,
136 #endif
137 
138 #ifdef HAVE_PKCS11
139  RSA_MAX_ID_LEN = 32,
140 #endif
141 };
142 
143 #ifdef WC_RSA_NONBLOCK
144 typedef struct RsaNb {
145  exptModNb_t exptmod; /* non-block expt_mod */
146  mp_int tmp;
147 } RsaNb;
148 #endif
149 
150 /* RSA */
151 struct RsaKey {
152  mp_int n, e;
153 #ifndef WOLFSSL_RSA_PUBLIC_ONLY
154  mp_int d, p, q;
155 #if defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA) || !defined(RSA_LOW_MEM)
156  mp_int dP, dQ, u;
157 #endif
158 #endif
159  void* heap; /* for user memory overrides */
160  byte* data; /* temp buffer for async RSA */
161  int type; /* public or private */
162  int state;
163  word32 dataLen;
164 #ifdef WC_RSA_BLINDING
165  WC_RNG* rng; /* for PrivateDecrypt blinding */
166 #endif
167 #ifdef WOLF_CRYPTO_CB
168  int devId;
169 #endif
170 #ifdef WOLFSSL_ASYNC_CRYPT
171  WC_ASYNC_DEV asyncDev;
172  #ifdef WOLFSSL_CERT_GEN
173  CertSignCtx certSignCtx; /* context info for cert sign (MakeSignature) */
174  #endif
175 #endif /* WOLFSSL_ASYNC_CRYPT */
176 #ifdef WOLFSSL_XILINX_CRYPT
177  word32 pubExp; /* to keep values in scope they are here in struct */
178  byte* mod;
179  XSecure_Rsa xRsa;
180 #endif
181 #ifdef HAVE_PKCS11
182  byte id[RSA_MAX_ID_LEN];
183  int idLen;
184 #endif
185 #if defined(WOLFSSL_ASYNC_CRYPT) || !defined(WOLFSSL_RSA_VERIFY_INLINE)
186  byte dataIsAlloc;
187 #endif
188 #ifdef WC_RSA_NONBLOCK
189  RsaNb* nb;
190 #endif
191 #ifdef WOLFSSL_AFALG_XILINX_RSA
192  int alFd;
193  int rdFd;
194 #endif
195 #if defined(WOLFSSL_CRYPTOCELL)
196  rsa_context_t ctx;
197 #endif
198 };
199 
200 #ifndef WC_RSAKEY_TYPE_DEFINED
201  typedef struct RsaKey RsaKey;
202  #define WC_RSAKEY_TYPE_DEFINED
203 #endif
204 
205 #endif /*HAVE_FIPS */
206 
207 WOLFSSL_API int wc_InitRsaKey(RsaKey* key, void* heap);
208 WOLFSSL_API int wc_InitRsaKey_ex(RsaKey* key, void* heap, int devId);
209 WOLFSSL_API int wc_FreeRsaKey(RsaKey* key);
210 #ifdef HAVE_PKCS11
211 WOLFSSL_API int wc_InitRsaKey_Id(RsaKey* key, unsigned char* id, int len,
212  void* heap, int devId);
213 #endif
214 WOLFSSL_API int wc_CheckRsaKey(RsaKey* key);
215 #ifdef WOLFSSL_XILINX_CRYPT
216 WOLFSSL_LOCAL int wc_InitRsaHw(RsaKey* key);
217 #endif /* WOLFSSL_XILINX_CRYPT */
218 
219 WOLFSSL_API int wc_RsaFunction(const byte* in, word32 inLen, byte* out,
220  word32* outLen, int type, RsaKey* key, WC_RNG* rng);
221 
222 WOLFSSL_API int wc_RsaPublicEncrypt(const byte* in, word32 inLen, byte* out,
223  word32 outLen, RsaKey* key, WC_RNG* rng);
224 WOLFSSL_API int wc_RsaPrivateDecryptInline(byte* in, word32 inLen, byte** out,
225  RsaKey* key);
226 WOLFSSL_API int wc_RsaPrivateDecrypt(const byte* in, word32 inLen, byte* out,
227  word32 outLen, RsaKey* key);
228 WOLFSSL_API int wc_RsaSSL_Sign(const byte* in, word32 inLen, byte* out,
229  word32 outLen, RsaKey* key, WC_RNG* rng);
230 WOLFSSL_API int wc_RsaPSS_Sign(const byte* in, word32 inLen, byte* out,
231  word32 outLen, enum wc_HashType hash, int mgf,
232  RsaKey* key, WC_RNG* rng);
233 WOLFSSL_API int wc_RsaPSS_Sign_ex(const byte* in, word32 inLen, byte* out,
234  word32 outLen, enum wc_HashType hash,
235  int mgf, int saltLen, RsaKey* key,
236  WC_RNG* rng);
237 WOLFSSL_API int wc_RsaSSL_VerifyInline(byte* in, word32 inLen, byte** out,
238  RsaKey* key);
239 WOLFSSL_API int wc_RsaSSL_Verify(const byte* in, word32 inLen, byte* out,
240  word32 outLen, RsaKey* key);
241 WOLFSSL_API int wc_RsaSSL_Verify_ex(const byte* in, word32 inLen, byte* out,
242  word32 outLen, RsaKey* key, int pad_type);
243 WOLFSSL_API int wc_RsaPSS_VerifyInline(byte* in, word32 inLen, byte** out,
244  enum wc_HashType hash, int mgf,
245  RsaKey* key);
246 WOLFSSL_API int wc_RsaPSS_VerifyInline_ex(byte* in, word32 inLen, byte** out,
247  enum wc_HashType hash, int mgf,
248  int saltLen, RsaKey* key);
249 WOLFSSL_API int wc_RsaPSS_Verify(byte* in, word32 inLen, byte* out,
250  word32 outLen, enum wc_HashType hash, int mgf,
251  RsaKey* key);
252 WOLFSSL_API int wc_RsaPSS_Verify_ex(byte* in, word32 inLen, byte* out,
253  word32 outLen, enum wc_HashType hash,
254  int mgf, int saltLen, RsaKey* key);
255 WOLFSSL_API int wc_RsaPSS_CheckPadding(const byte* in, word32 inLen, byte* sig,
256  word32 sigSz,
257  enum wc_HashType hashType);
258 WOLFSSL_API int wc_RsaPSS_CheckPadding_ex(const byte* in, word32 inLen,
259  byte* sig, word32 sigSz,
260  enum wc_HashType hashType,
261  int saltLen, int bits);
262 WOLFSSL_API int wc_RsaPSS_VerifyCheckInline(byte* in, word32 inLen, byte** out,
263  const byte* digest, word32 digentLen,
264  enum wc_HashType hash, int mgf,
265  RsaKey* key);
266 WOLFSSL_API int wc_RsaPSS_VerifyCheck(byte* in, word32 inLen,
267  byte* out, word32 outLen,
268  const byte* digest, word32 digestLen,
269  enum wc_HashType hash, int mgf,
270  RsaKey* key);
271 
272 WOLFSSL_API int wc_RsaEncryptSize(RsaKey* key);
273 
274 #if !defined(HAVE_FIPS) || \
275  (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2))
276 /* to avoid asn duplicate symbols @wc_fips */
277 WOLFSSL_API int wc_RsaPrivateKeyDecode(const byte* input, word32* inOutIdx,
278  RsaKey*, word32);
279 WOLFSSL_API int wc_RsaPublicKeyDecode(const byte* input, word32* inOutIdx,
280  RsaKey*, word32);
281 WOLFSSL_API int wc_RsaPublicKeyDecodeRaw(const byte* n, word32 nSz,
282  const byte* e, word32 eSz, RsaKey* key);
283 WOLFSSL_API int wc_RsaKeyToDer(RsaKey*, byte* output, word32 inLen);
284 
285 
286 #ifdef WC_RSA_BLINDING
287  WOLFSSL_API int wc_RsaSetRNG(RsaKey* key, WC_RNG* rng);
288 #endif
289 #ifdef WC_RSA_NONBLOCK
290  WOLFSSL_API int wc_RsaSetNonBlock(RsaKey* key, RsaNb* nb);
291  #ifdef WC_RSA_NONBLOCK_TIME
292  WOLFSSL_API int wc_RsaSetNonBlockTime(RsaKey* key, word32 maxBlockUs,
293  word32 cpuMHz);
294  #endif
295 #endif
296 
297 /*
298  choice of padding added after fips, so not available when using fips RSA
299  */
300 
301 /* Mask Generation Function Identifiers */
302 #define WC_MGF1NONE 0
303 #define WC_MGF1SHA1 26
304 #define WC_MGF1SHA224 4
305 #define WC_MGF1SHA256 1
306 #define WC_MGF1SHA384 2
307 #define WC_MGF1SHA512 3
308 
309 /* Padding types */
310 #define WC_RSA_PKCSV15_PAD 0
311 #define WC_RSA_OAEP_PAD 1
312 #define WC_RSA_PSS_PAD 2
313 #define WC_RSA_NO_PAD 3
314 
315 WOLFSSL_API int wc_RsaPublicEncrypt_ex(const byte* in, word32 inLen, byte* out,
316  word32 outLen, RsaKey* key, WC_RNG* rng, int type,
317  enum wc_HashType hash, int mgf, byte* label, word32 lableSz);
318 WOLFSSL_API int wc_RsaPrivateDecrypt_ex(const byte* in, word32 inLen,
319  byte* out, word32 outLen, RsaKey* key, int type,
320  enum wc_HashType hash, int mgf, byte* label, word32 lableSz);
321 WOLFSSL_API int wc_RsaPrivateDecryptInline_ex(byte* in, word32 inLen,
322  byte** out, RsaKey* key, int type, enum wc_HashType hash,
323  int mgf, byte* label, word32 lableSz);
324 #if defined(WC_RSA_DIRECT) || defined(WC_RSA_NO_PADDING)
325 WOLFSSL_API int wc_RsaDirect(byte* in, word32 inLen, byte* out, word32* outSz,
326  RsaKey* key, int type, WC_RNG* rng);
327 #endif
328 
329 #endif /* HAVE_FIPS */
330 
331 WOLFSSL_API int wc_RsaFlattenPublicKey(RsaKey*, byte*, word32*, byte*,
332  word32*);
333 WOLFSSL_API int wc_RsaExportKey(RsaKey* key,
334  byte* e, word32* eSz,
335  byte* n, word32* nSz,
336  byte* d, word32* dSz,
337  byte* p, word32* pSz,
338  byte* q, word32* qSz);
339 
340 WOLFSSL_API int wc_RsaKeyToPublicDer(RsaKey*, byte* output, word32 inLen);
341 
342 #ifdef WOLFSSL_KEY_GEN
343  WOLFSSL_API int wc_MakeRsaKey(RsaKey* key, int size, long e, WC_RNG* rng);
344  WOLFSSL_API int wc_CheckProbablePrime_ex(const byte* p, word32 pSz,
345  const byte* q, word32 qSz,
346  const byte* e, word32 eSz,
347  int nlen, int* isPrime, WC_RNG* rng);
348  WOLFSSL_API int wc_CheckProbablePrime(const byte* p, word32 pSz,
349  const byte* q, word32 qSz,
350  const byte* e, word32 eSz,
351  int nlen, int* isPrime);
352 #endif
353 
354 WOLFSSL_LOCAL int wc_RsaPad_ex(const byte* input, word32 inputLen, byte* pkcsBlock,
355  word32 pkcsBlockLen, byte padValue, WC_RNG* rng, int padType,
356  enum wc_HashType hType, int mgf, byte* optLabel, word32 labelLen,
357  int saltLen, int bits, void* heap);
358 WOLFSSL_LOCAL int wc_RsaUnPad_ex(byte* pkcsBlock, word32 pkcsBlockLen, byte** out,
359  byte padValue, int padType, enum wc_HashType hType,
360  int mgf, byte* optLabel, word32 labelLen, int saltLen,
361  int bits, void* heap);
362 
363 #endif /* HAVE_USER_RSA */
364 
365 #ifdef __cplusplus
366  } /* extern "C" */
367 #endif
368 
369 #endif /* NO_RSA */
370 #endif /* WOLF_CRYPT_RSA_H */
371 
wc_RsaEncryptSize
WOLFSSL_API int wc_RsaEncryptSize(RsaKey *key)
Returns the encryption size for the provided key structure.
Definition: rsa.c:3540
wc_RsaPublicKeyDecodeRaw
WOLFSSL_API int wc_RsaPublicKeyDecodeRaw(const byte *n, word32 nSz, const byte *e, word32 eSz, RsaKey *key)
This function decodes the raw elements of an RSA public key, taking in the public modulus (n) and exp...
Definition: asn.c:4340
wc_FreeRsaKey
WOLFSSL_API int wc_FreeRsaKey(RsaKey *key)
This function frees a provided RsaKey struct using mp_clear.
Definition: rsa.c:512
wc_RsaSetNonBlock
WOLFSSL_API int wc_RsaSetNonBlock(RsaKey *key, RsaNb *nb)
This function sets the non-blocking RSA context. When a RsaNb context is set it enables fast math bas...
Definition: rsa.c:4172
wc_RsaPublicEncrypt
WOLFSSL_API int wc_RsaPublicEncrypt(const byte *in, word32 inLen, byte *out, word32 outLen, RsaKey *key, WC_RNG *rng)
This function encrypts a message from in and stores the result in out. It requires an initialized pub...
Definition: rsa.c:3027
rsa_context_t
Definition: cryptoCell.h:77
wc_RsaPrivateDecrypt_ex
WOLFSSL_API int wc_RsaPrivateDecrypt_ex(const byte *in, word32 inLen, byte *out, word32 outLen, RsaKey *key, int type, enum wc_HashType hash, int mgf, byte *label, word32 lableSz)
This function uses RSA to decrypt a message and gives the option of what padding type.
Definition: rsa.c:3097
mp_int
Definition: integer.h:200
wc_RsaSSL_VerifyInline
WOLFSSL_API int wc_RsaSSL_VerifyInline(byte *in, word32 inLen, byte **out, RsaKey *key)
Used to verify that the message was signed by RSA key. The output uses the same byte array as the inp...
Definition: rsa.c:3116
wc_RsaPrivateKeyDecode
WOLFSSL_API int wc_RsaPrivateKeyDecode(const byte *input, word32 *inOutIdx, RsaKey *, word32)
This function parses a DER-formatted RSA private key, extracts the private key and stores it in the g...
Definition: asn.c:2567
RsaNb
Definition: rsa.h:144
wc_RsaPublicKeyDecode
WOLFSSL_API int wc_RsaPublicKeyDecode(const byte *input, word32 *inOutIdx, RsaKey *, word32)
This function parses a DER-formatted RSA public key, extracts the public key and stores it in the giv...
Definition: asn.c:4321
wc_RsaPublicEncrypt_ex
WOLFSSL_API int wc_RsaPublicEncrypt_ex(const byte *in, word32 inLen, byte *out, word32 outLen, RsaKey *key, WC_RNG *rng, int type, enum wc_HashType hash, int mgf, byte *label, word32 lableSz)
This function performs RSA encrypt while allowing the choice of which padding to use.
Definition: rsa.c:3037
wc_RsaKeyToDer
WOLFSSL_API int wc_RsaKeyToDer(RsaKey *, byte *output, word32 inLen)
This function converts an RsaKey key to DER format. The result is written to output and it returns th...
Definition: asn.c:11179
wc_RsaFlattenPublicKey
WOLFSSL_API int wc_RsaFlattenPublicKey(RsaKey *, byte *, word32 *, byte *, word32 *)
Flattens the RsaKey structure into individual elements (e, n) used for the RSA algorithm.
Definition: rsa.c:3562
wc_RsaPrivateDecrypt
WOLFSSL_API int wc_RsaPrivateDecrypt(const byte *in, word32 inLen, byte *out, word32 outLen, RsaKey *key)
This functions provides private RSA decryption.
Definition: rsa.c:3082
wc_RsaSSL_Sign
WOLFSSL_API int wc_RsaSSL_Sign(const byte *in, word32 inLen, byte *out, word32 outLen, RsaKey *key, WC_RNG *rng)
Signs the provided array with the private key.
Definition: rsa.c:3481
wc_RsaPrivateDecryptInline_ex
WOLFSSL_API int wc_RsaPrivateDecryptInline_ex(byte *in, word32 inLen, byte **out, RsaKey *key, int type, enum wc_HashType hash, int mgf, byte *label, word32 lableSz)
This function uses RSA to decrypt a message inline and gives the option of what padding type...
Definition: rsa.c:3065
wc_RsaKeyToPublicDer
WOLFSSL_API int wc_RsaKeyToPublicDer(RsaKey *, byte *output, word32 inLen)
Convert Rsa Public key to DER format. Writes to output, and returns count of bytes written...
Definition: asn.c:11254
wc_RsaSSL_Verify
WOLFSSL_API int wc_RsaSSL_Verify(const byte *in, word32 inLen, byte *out, word32 outLen, RsaKey *key)
Used to verify that the message was signed by key.
Definition: rsa.c:3131
wc_InitRsaKey
WOLFSSL_API int wc_InitRsaKey(RsaKey *key, void *heap)
This function initializes a provided RsaKey struct. It also takes in a heap identifier, for use with user defined memory overrides (see XMALLOC, XFREE, XREALLOC).
Definition: rsa.c:333
WC_RNG
Definition: random.h:153
wc_MakeRsaKey
WOLFSSL_API int wc_MakeRsaKey(RsaKey *key, int size, long e, WC_RNG *rng)
This function generates a RSA private key of length size (in bits) and given exponent (e)...
Definition: rsa.c:3886
exptModNb_t
Definition: tfm.h:580
CertSignCtx
Definition: asn.h:758
wc_RsaSetNonBlockTime
WOLFSSL_API int wc_RsaSetNonBlockTime(RsaKey *key, word32 maxBlockUs, word32 cpuMHz)
This function configures the maximum amount of blocking time in microseconds. It uses a pre-computed ...
Definition: rsa.c:4187
RsaKey
Definition: user_rsa.h:60
wc_RsaPrivateDecryptInline
WOLFSSL_API int wc_RsaPrivateDecryptInline(byte *in, word32 inLen, byte **out, RsaKey *key)
This functions is utilized by the wc_RsaPrivateDecrypt function for decrypting.
Definition: rsa.c:3050