wolfssl-doc/html/wolfssl_2wolfcrypt_2rsa_8h_source.html

/* rsa.h

 *

 * Copyright (C) 2006-2020 wolfSSL Inc.

 *

 * This file is part of wolfSSL.

 *

 * wolfSSL is free software; you can redistribute it and/or modify

 * it under the terms of the GNU General Public License as published by

 * the Free Software Foundation; either version 2 of the License, or

 * (at your option) any later version.

 *

 * wolfSSL is distributed in the hope that it will be useful,

 * but WITHOUT ANY WARRANTY; without even the implied warranty of

 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

 * GNU General Public License for more details.

 *

 * You should have received a copy of the GNU General Public License

 * along with this program; if not, write to the Free Software

 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA

 */


#ifndef WOLF_CRYPT_RSA_H

#define WOLF_CRYPT_RSA_H


#include <wolfssl/wolfcrypt/types.h>


#ifndef NO_RSA


/* RSA default exponent */

#ifndef WC_RSA_EXPONENT

    #define WC_RSA_EXPONENT 65537L

#endif


#if defined(WC_RSA_NONBLOCK)

    /* enable support for fast math based non-blocking exptmod */

    /* this splits the RSA function into many smaller operations */

    #ifndef USE_FAST_MATH

        #error RSA non-blocking mode only supported using fast math

    #endif

    #ifndef TFM_TIMING_RESISTANT

      #error RSA non-blocking mode only supported with timing resistance enabled

    #endif


    /* RSA bounds check is not supported with RSA non-blocking mode */

    #undef  NO_RSA_BOUNDS_CHECK

    #define NO_RSA_BOUNDS_CHECK

#endif


/* allow for user to plug in own crypto */

#if !defined(HAVE_FIPS) && (defined(HAVE_USER_RSA) || defined(HAVE_FAST_RSA))

    #include "user_rsa.h"

#else


#if defined(HAVE_FIPS) && \

    (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2))

/* for fips @wc_fips */

#include <cyassl/ctaocrypt/rsa.h>

#if defined(CYASSL_KEY_GEN) && !defined(WOLFSSL_KEY_GEN)

    #define WOLFSSL_KEY_GEN

#endif

#else

    #include <wolfssl/wolfcrypt/integer.h>

    #include <wolfssl/wolfcrypt/random.h>

#endif /* HAVE_FIPS && HAVE_FIPS_VERION 1 */

#if defined(HAVE_FIPS) && \

    defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)

#include <wolfssl/wolfcrypt/fips.h>

#endif


/* header file needed for OAEP padding */

#include <wolfssl/wolfcrypt/hash.h>


#ifdef WOLFSSL_XILINX_CRYPT

#include "xsecure_rsa.h"

#endif


#if defined(WOLFSSL_CRYPTOCELL)

    #include <wolfssl/wolfcrypt/port/arm/cryptoCell.h>

#endif


#ifdef __cplusplus

    extern "C" {

#endif


enum {

    RSA_MIN_SIZE = 512,

    RSA_MAX_SIZE = 4096,

};


/* avoid redefinition of structs */

#if !defined(HAVE_FIPS) || \

    (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2))


#ifdef WOLFSSL_ASYNC_CRYPT

    #include <wolfssl/wolfcrypt/async.h>

    #ifdef WOLFSSL_CERT_GEN

        #include <wolfssl/wolfcrypt/asn.h>

    #endif

#endif


enum {

    RSA_PUBLIC   = 0,

    RSA_PRIVATE  = 1,


    RSA_TYPE_UNKNOWN    = -1,

    RSA_PUBLIC_ENCRYPT  = 0,

    RSA_PUBLIC_DECRYPT  = 1,

    RSA_PRIVATE_ENCRYPT = 2,

    RSA_PRIVATE_DECRYPT = 3,


    RSA_BLOCK_TYPE_1 = 1,

    RSA_BLOCK_TYPE_2 = 2,


    RSA_MIN_PAD_SZ   = 11,     /* separator + 0 + pad value + 8 pads */


    RSA_PSS_PAD_SZ = 8,

    RSA_PSS_SALT_MAX_SZ = 62,


#ifdef OPENSSL_EXTRA

    RSA_PKCS1_PADDING_SIZE = 11,

    RSA_PKCS1_OAEP_PADDING_SIZE = 42, /* (2 * hashlen(SHA-1)) + 2 */

#endif

#ifdef WC_RSA_PSS

    RSA_PSS_PAD_TERM = 0xBC,

#endif


    RSA_PSS_SALT_LEN_DEFAULT  = -1,

#ifdef WOLFSSL_PSS_SALT_LEN_DISCOVER

    RSA_PSS_SALT_LEN_DISCOVER = -2,

#endif


#ifdef HAVE_PKCS11

    RSA_MAX_ID_LEN      = 32,

#endif

};


#ifdef WC_RSA_NONBLOCK


typedef struct RsaNb {

    exptModNb_t exptmod; /* non-block expt_mod */

    mp_int tmp;

} RsaNb;


#endif


/* RSA */

struct RsaKey {

    mp_int n, e;

#ifndef WOLFSSL_RSA_PUBLIC_ONLY

    mp_int d, p, q;

#if defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA) || !defined(RSA_LOW_MEM)

    mp_int dP, dQ, u;

#endif

#endif

    void* heap;                               /* for user memory overrides */

    byte* data;                               /* temp buffer for async RSA */

    int   type;                               /* public or private */

    int   state;

    word32 dataLen;

#ifdef WC_RSA_BLINDING

    WC_RNG* rng;                              /* for PrivateDecrypt blinding */

#endif

#ifdef WOLF_CRYPTO_CB

    int   devId;

#endif

#ifdef WOLFSSL_ASYNC_CRYPT

    WC_ASYNC_DEV asyncDev;

    #ifdef WOLFSSL_CERT_GEN

        CertSignCtx certSignCtx; /* context info for cert sign (MakeSignature) */

    #endif

#endif /* WOLFSSL_ASYNC_CRYPT */

#ifdef WOLFSSL_XILINX_CRYPT

    word32 pubExp; /* to keep values in scope they are here in struct */

    byte*  mod;

    XSecure_Rsa xRsa;

#endif

#ifdef HAVE_PKCS11

    byte id[RSA_MAX_ID_LEN];

    int  idLen;

#endif

#if defined(WOLFSSL_ASYNC_CRYPT) || !defined(WOLFSSL_RSA_VERIFY_INLINE)

    byte   dataIsAlloc;

#endif

#ifdef WC_RSA_NONBLOCK

    RsaNb* nb;

#endif

#ifdef WOLFSSL_AFALG_XILINX_RSA

    int alFd;

    int rdFd;

#endif

#if defined(WOLFSSL_CRYPTOCELL)

    rsa_context_t ctx;

#endif

};


#ifndef WC_RSAKEY_TYPE_DEFINED

    typedef struct RsaKey RsaKey;

    #define WC_RSAKEY_TYPE_DEFINED

#endif


#endif /*HAVE_FIPS */


WOLFSSL_API int  wc_InitRsaKey(RsaKey* key, void* heap);

WOLFSSL_API int  wc_InitRsaKey_ex(RsaKey* key, void* heap, int devId);

WOLFSSL_API int  wc_FreeRsaKey(RsaKey* key);

#ifdef HAVE_PKCS11

WOLFSSL_API int wc_InitRsaKey_Id(RsaKey* key, unsigned char* id, int len,

                                 void* heap, int devId);

#endif

WOLFSSL_API int  wc_CheckRsaKey(RsaKey* key);

#ifdef WOLFSSL_XILINX_CRYPT

WOLFSSL_LOCAL int wc_InitRsaHw(RsaKey* key);

#endif /* WOLFSSL_XILINX_CRYPT */


WOLFSSL_API int  wc_RsaFunction(const byte* in, word32 inLen, byte* out,

                           word32* outLen, int type, RsaKey* key, WC_RNG* rng);


WOLFSSL_API int  wc_RsaPublicEncrypt(const byte* in, word32 inLen, byte* out,

                                 word32 outLen, RsaKey* key, WC_RNG* rng);

WOLFSSL_API int  wc_RsaPrivateDecryptInline(byte* in, word32 inLen, byte** out,

                                        RsaKey* key);

WOLFSSL_API int  wc_RsaPrivateDecrypt(const byte* in, word32 inLen, byte* out,

                                  word32 outLen, RsaKey* key);

WOLFSSL_API int  wc_RsaSSL_Sign(const byte* in, word32 inLen, byte* out,

                            word32 outLen, RsaKey* key, WC_RNG* rng);

WOLFSSL_API int  wc_RsaPSS_Sign(const byte* in, word32 inLen, byte* out,

                                word32 outLen, enum wc_HashType hash, int mgf,

                                RsaKey* key, WC_RNG* rng);

WOLFSSL_API int  wc_RsaPSS_Sign_ex(const byte* in, word32 inLen, byte* out,

                                   word32 outLen, enum wc_HashType hash,

                                   int mgf, int saltLen, RsaKey* key,

                                   WC_RNG* rng);

WOLFSSL_API int  wc_RsaSSL_VerifyInline(byte* in, word32 inLen, byte** out,

                                    RsaKey* key);

WOLFSSL_API int  wc_RsaSSL_Verify(const byte* in, word32 inLen, byte* out,

                              word32 outLen, RsaKey* key);

WOLFSSL_API int  wc_RsaSSL_Verify_ex(const byte* in, word32 inLen, byte* out,

                              word32 outLen, RsaKey* key, int pad_type);

WOLFSSL_API int  wc_RsaPSS_VerifyInline(byte* in, word32 inLen, byte** out,

                                        enum wc_HashType hash, int mgf,

                                        RsaKey* key);

WOLFSSL_API int  wc_RsaPSS_VerifyInline_ex(byte* in, word32 inLen, byte** out,

                                           enum wc_HashType hash, int mgf,

                                           int saltLen, RsaKey* key);

WOLFSSL_API int  wc_RsaPSS_Verify(byte* in, word32 inLen, byte* out,

                                  word32 outLen, enum wc_HashType hash, int mgf,

                                  RsaKey* key);

WOLFSSL_API int  wc_RsaPSS_Verify_ex(byte* in, word32 inLen, byte* out,

                                     word32 outLen, enum wc_HashType hash,

                                     int mgf, int saltLen, RsaKey* key);

WOLFSSL_API int  wc_RsaPSS_CheckPadding(const byte* in, word32 inLen, byte* sig,

                                        word32 sigSz,

                                        enum wc_HashType hashType);

WOLFSSL_API int  wc_RsaPSS_CheckPadding_ex(const byte* in, word32 inLen,

                                           byte* sig, word32 sigSz,

                                           enum wc_HashType hashType,

                                           int saltLen, int bits);

WOLFSSL_API int  wc_RsaPSS_VerifyCheckInline(byte* in, word32 inLen, byte** out,

                               const byte* digest, word32 digentLen,

                               enum wc_HashType hash, int mgf,

                               RsaKey* key);

WOLFSSL_API int  wc_RsaPSS_VerifyCheck(byte* in, word32 inLen,

                               byte* out, word32 outLen,

                               const byte* digest, word32 digestLen,

                               enum wc_HashType hash, int mgf,

                               RsaKey* key);


WOLFSSL_API int  wc_RsaEncryptSize(RsaKey* key);


#if !defined(HAVE_FIPS) || \

    (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2))

/* to avoid asn duplicate symbols @wc_fips */

WOLFSSL_API int  wc_RsaPrivateKeyDecode(const byte* input, word32* inOutIdx,

                                                               RsaKey*, word32);

WOLFSSL_API int  wc_RsaPublicKeyDecode(const byte* input, word32* inOutIdx,

                                                               RsaKey*, word32);

WOLFSSL_API int  wc_RsaPublicKeyDecodeRaw(const byte* n, word32 nSz,

                                        const byte* e, word32 eSz, RsaKey* key);

WOLFSSL_API int wc_RsaKeyToDer(RsaKey*, byte* output, word32 inLen);


#ifdef WC_RSA_BLINDING

    WOLFSSL_API int wc_RsaSetRNG(RsaKey* key, WC_RNG* rng);

#endif

#ifdef WC_RSA_NONBLOCK

    WOLFSSL_API int wc_RsaSetNonBlock(RsaKey* key, RsaNb* nb);

    #ifdef WC_RSA_NONBLOCK_TIME

    WOLFSSL_API int wc_RsaSetNonBlockTime(RsaKey* key, word32 maxBlockUs,

                                          word32 cpuMHz);

    #endif

#endif


/*

   choice of padding added after fips, so not available when using fips RSA

 */


/* Mask Generation Function Identifiers */

#define WC_MGF1NONE   0

#define WC_MGF1SHA1   26

#define WC_MGF1SHA224 4

#define WC_MGF1SHA256 1

#define WC_MGF1SHA384 2

#define WC_MGF1SHA512 3


/* Padding types */

#define WC_RSA_PKCSV15_PAD 0

#define WC_RSA_OAEP_PAD    1

#define WC_RSA_PSS_PAD     2

#define WC_RSA_NO_PAD      3


WOLFSSL_API int  wc_RsaPublicEncrypt_ex(const byte* in, word32 inLen, byte* out,

                   word32 outLen, RsaKey* key, WC_RNG* rng, int type,

                   enum wc_HashType hash, int mgf, byte* label, word32 lableSz);

WOLFSSL_API int  wc_RsaPrivateDecrypt_ex(const byte* in, word32 inLen,

                   byte* out, word32 outLen, RsaKey* key, int type,

                   enum wc_HashType hash, int mgf, byte* label, word32 lableSz);

WOLFSSL_API int  wc_RsaPrivateDecryptInline_ex(byte* in, word32 inLen,

                      byte** out, RsaKey* key, int type, enum wc_HashType hash,

                      int mgf, byte* label, word32 lableSz);

#if defined(WC_RSA_DIRECT) || defined(WC_RSA_NO_PADDING)

WOLFSSL_API int wc_RsaDirect(byte* in, word32 inLen, byte* out, word32* outSz,

                   RsaKey* key, int type, WC_RNG* rng);

#endif


#endif /* HAVE_FIPS */


WOLFSSL_API int  wc_RsaFlattenPublicKey(RsaKey*, byte*, word32*, byte*,

                                                                       word32*);

WOLFSSL_API int wc_RsaExportKey(RsaKey* key,

                                byte* e, word32* eSz,

                                byte* n, word32* nSz,

                                byte* d, word32* dSz,

                                byte* p, word32* pSz,

                                byte* q, word32* qSz);


WOLFSSL_API int wc_RsaKeyToPublicDer(RsaKey*, byte* output, word32 inLen);


#ifdef WOLFSSL_KEY_GEN

    WOLFSSL_API int wc_MakeRsaKey(RsaKey* key, int size, long e, WC_RNG* rng);

    WOLFSSL_API int wc_CheckProbablePrime_ex(const byte* p, word32 pSz,

                                          const byte* q, word32 qSz,

                                          const byte* e, word32 eSz,

                                          int nlen, int* isPrime, WC_RNG* rng);

    WOLFSSL_API int wc_CheckProbablePrime(const byte* p, word32 pSz,

                                          const byte* q, word32 qSz,

                                          const byte* e, word32 eSz,

                                          int nlen, int* isPrime);

#endif


WOLFSSL_LOCAL int wc_RsaPad_ex(const byte* input, word32 inputLen, byte* pkcsBlock,

        word32 pkcsBlockLen, byte padValue, WC_RNG* rng, int padType,

        enum wc_HashType hType, int mgf, byte* optLabel, word32 labelLen,

        int saltLen, int bits, void* heap);

WOLFSSL_LOCAL int wc_RsaUnPad_ex(byte* pkcsBlock, word32 pkcsBlockLen, byte** out,

                                   byte padValue, int padType, enum wc_HashType hType,

                                   int mgf, byte* optLabel, word32 labelLen, int saltLen,

                                   int bits, void* heap);


#endif /* HAVE_USER_RSA */


#ifdef __cplusplus

    } /* extern "C" */

#endif


#endif /* NO_RSA */

#endif /* WOLF_CRYPT_RSA_H */


wc_InitRsaKey
WOLFSSL_API int wc_InitRsaKey(RsaKey *key, void *heap)
This function initializes a provided RsaKey struct. It also takes in a heap identifier,...
Definition rsa.c:333

wc_RsaPublicKeyDecode
WOLFSSL_API int wc_RsaPublicKeyDecode(const byte *input, word32 *inOutIdx, RsaKey *, word32)
This function parses a DER-formatted RSA public key, extracts the public key and stores it in the giv...
Definition asn.c:4321

wc_FreeRsaKey
WOLFSSL_API int wc_FreeRsaKey(RsaKey *key)
This function frees a provided RsaKey struct using mp_clear.
Definition rsa.c:512

wc_RsaSSL_VerifyInline
WOLFSSL_API int wc_RsaSSL_VerifyInline(byte *in, word32 inLen, byte **out, RsaKey *key)
Used to verify that the message was signed by RSA key. The output uses the same byte array as the inp...
Definition rsa.c:3116

wc_RsaSSL_Verify
WOLFSSL_API int wc_RsaSSL_Verify(const byte *in, word32 inLen, byte *out, word32 outLen, RsaKey *key)
Used to verify that the message was signed by key.
Definition rsa.c:3131

wc_RsaPrivateDecryptInline
WOLFSSL_API int wc_RsaPrivateDecryptInline(byte *in, word32 inLen, byte **out, RsaKey *key)
This functions is utilized by the wc_RsaPrivateDecrypt function for decrypting.
Definition rsa.c:3050

wc_RsaFlattenPublicKey
WOLFSSL_API int wc_RsaFlattenPublicKey(RsaKey *, byte *, word32 *, byte *, word32 *)
Flattens the RsaKey structure into individual elements (e, n) used for the RSA algorithm.
Definition rsa.c:3562

wc_RsaKeyToPublicDer
WOLFSSL_API int wc_RsaKeyToPublicDer(RsaKey *, byte *output, word32 inLen)
Convert Rsa Public key to DER format. Writes to output, and returns count of bytes written.
Definition asn.c:11254

wc_MakeRsaKey
WOLFSSL_API int wc_MakeRsaKey(RsaKey *key, int size, long e, WC_RNG *rng)
This function generates a RSA private key of length size (in bits) and given exponent (e)....
Definition rsa.c:3886

wc_RsaPrivateKeyDecode
WOLFSSL_API int wc_RsaPrivateKeyDecode(const byte *input, word32 *inOutIdx, RsaKey *, word32)
This function parses a DER-formatted RSA private key, extracts the private key and stores it in the g...
Definition asn.c:2567

wc_RsaPrivateDecrypt
WOLFSSL_API int wc_RsaPrivateDecrypt(const byte *in, word32 inLen, byte *out, word32 outLen, RsaKey *key)
This functions provides private RSA decryption.
Definition rsa.c:3082

wc_RsaKeyToDer
WOLFSSL_API int wc_RsaKeyToDer(RsaKey *, byte *output, word32 inLen)
This function converts an RsaKey key to DER format. The result is written to output and it returns th...
Definition asn.c:11179

wc_RsaPublicEncrypt
WOLFSSL_API int wc_RsaPublicEncrypt(const byte *in, word32 inLen, byte *out, word32 outLen, RsaKey *key, WC_RNG *rng)
This function encrypts a message from in and stores the result in out. It requires an initialized pub...
Definition rsa.c:3027

wc_RsaSetNonBlock
WOLFSSL_API int wc_RsaSetNonBlock(RsaKey *key, RsaNb *nb)
This function sets the non-blocking RSA context. When a RsaNb context is set it enables fast math bas...
Definition rsa.c:4172

wc_RsaSSL_Sign
WOLFSSL_API int wc_RsaSSL_Sign(const byte *in, word32 inLen, byte *out, word32 outLen, RsaKey *key, WC_RNG *rng)
Signs the provided array with the private key.
Definition rsa.c:3481

wc_RsaPublicKeyDecodeRaw
WOLFSSL_API int wc_RsaPublicKeyDecodeRaw(const byte *n, word32 nSz, const byte *e, word32 eSz, RsaKey *key)
This function decodes the raw elements of an RSA public key, taking in the public modulus (n) and exp...
Definition asn.c:4340

wc_RsaEncryptSize
WOLFSSL_API int wc_RsaEncryptSize(RsaKey *key)
Returns the encryption size for the provided key structure.
Definition rsa.c:3540

wc_RsaPrivateDecrypt_ex
WOLFSSL_API int wc_RsaPrivateDecrypt_ex(const byte *in, word32 inLen, byte *out, word32 outLen, RsaKey *key, int type, enum wc_HashType hash, int mgf, byte *label, word32 lableSz)
This function uses RSA to decrypt a message and gives the option of what padding type.
Definition rsa.c:3097

wc_RsaPrivateDecryptInline_ex
WOLFSSL_API int wc_RsaPrivateDecryptInline_ex(byte *in, word32 inLen, byte **out, RsaKey *key, int type, enum wc_HashType hash, int mgf, byte *label, word32 lableSz)
This function uses RSA to decrypt a message inline and gives the option of what padding type....
Definition rsa.c:3065

wc_RsaPublicEncrypt_ex
WOLFSSL_API int wc_RsaPublicEncrypt_ex(const byte *in, word32 inLen, byte *out, word32 outLen, RsaKey *key, WC_RNG *rng, int type, enum wc_HashType hash, int mgf, byte *label, word32 lableSz)
This function performs RSA encrypt while allowing the choice of which padding to use.
Definition rsa.c:3037

wc_RsaSetNonBlockTime
WOLFSSL_API int wc_RsaSetNonBlockTime(RsaKey *key, word32 maxBlockUs, word32 cpuMHz)
This function configures the maximum amount of blocking time in microseconds. It uses a pre-computed ...
Definition rsa.c:4187

CertSignCtx
Definition asn.h:758

RsaKey
Definition user_rsa.h:60

RsaNb
Definition rsa.h:144

WC_RNG
Definition random.h:153

exptModNb_t
Definition tfm.h:580

mp_int
Definition integer.h:200

rsa_context_t
Definition cryptoCell.h:77

asn.h

hash.h

random.h

types.h