/* rsa.h * * Copyright (C) 2006-2020 wolfSSL Inc. * * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ /*! \file wolfssl/wolfcrypt/rsa.h */ /* DESCRIPTION This library provides the interface to the RSA. RSA keys can be used to encrypt, decrypt, sign and verify data. */ #ifndef WOLF_CRYPT_RSA_H #define WOLF_CRYPT_RSA_H #include #ifndef NO_RSA /* RSA default exponent */ #ifndef WC_RSA_EXPONENT #define WC_RSA_EXPONENT 65537L #endif #if defined(WC_RSA_NONBLOCK) /* enable support for fast math based non-blocking exptmod */ /* this splits the RSA function into many smaller operations */ #ifndef USE_FAST_MATH #error RSA non-blocking mode only supported using fast math #endif #ifndef TFM_TIMING_RESISTANT #error RSA non-blocking mode only supported with timing resistance enabled #endif /* RSA bounds check is not supported with RSA non-blocking mode */ #undef NO_RSA_BOUNDS_CHECK #define NO_RSA_BOUNDS_CHECK #endif /* allow for user to plug in own crypto */ #if !defined(HAVE_FIPS) && (defined(HAVE_USER_RSA) || defined(HAVE_FAST_RSA)) #include "user_rsa.h" #else #if defined(HAVE_FIPS) && \ (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2)) /* for fips @wc_fips */ #include #if defined(CYASSL_KEY_GEN) && !defined(WOLFSSL_KEY_GEN) #define WOLFSSL_KEY_GEN #endif #else #include #include #endif /* HAVE_FIPS && HAVE_FIPS_VERION 1 */ #if defined(HAVE_FIPS) && \ defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2) #include #endif /* header file needed for OAEP padding */ #include #ifdef WOLFSSL_XILINX_CRYPT #include "xsecure_rsa.h" #endif #if defined(WOLFSSL_CRYPTOCELL) #include #endif #ifdef __cplusplus extern "C" { #endif enum { RSA_MIN_SIZE = 512, RSA_MAX_SIZE = 4096, }; /* avoid redefinition of structs */ #if !defined(HAVE_FIPS) || \ (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)) #ifdef WOLFSSL_ASYNC_CRYPT #include #ifdef WOLFSSL_CERT_GEN #include #endif #endif enum { RSA_PUBLIC = 0, RSA_PRIVATE = 1, RSA_TYPE_UNKNOWN = -1, RSA_PUBLIC_ENCRYPT = 0, RSA_PUBLIC_DECRYPT = 1, RSA_PRIVATE_ENCRYPT = 2, RSA_PRIVATE_DECRYPT = 3, RSA_BLOCK_TYPE_1 = 1, RSA_BLOCK_TYPE_2 = 2, RSA_MIN_PAD_SZ = 11, /* separator + 0 + pad value + 8 pads */ RSA_PSS_PAD_SZ = 8, RSA_PSS_SALT_MAX_SZ = 62, #ifdef OPENSSL_EXTRA RSA_PKCS1_PADDING_SIZE = 11, RSA_PKCS1_OAEP_PADDING_SIZE = 42, /* (2 * hashlen(SHA-1)) + 2 */ #endif #ifdef WC_RSA_PSS RSA_PSS_PAD_TERM = 0xBC, #endif RSA_PSS_SALT_LEN_DEFAULT = -1, #ifdef WOLFSSL_PSS_SALT_LEN_DISCOVER RSA_PSS_SALT_LEN_DISCOVER = -2, #endif #ifdef WOLF_CRYPTO_CB RSA_MAX_ID_LEN = 32, RSA_MAX_LABEL_LEN = 32, #endif }; #ifdef WC_RSA_NONBLOCK typedef struct RsaNb { exptModNb_t exptmod; /* non-block expt_mod */ mp_int tmp; } RsaNb; #endif /* RSA */ struct RsaKey { mp_int n, e; #ifndef WOLFSSL_RSA_PUBLIC_ONLY mp_int d, p, q; #if defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA) || !defined(RSA_LOW_MEM) mp_int dP, dQ, u; #endif #endif void* heap; /* for user memory overrides */ byte* data; /* temp buffer for async RSA */ int type; /* public or private */ int state; word32 dataLen; #ifdef WC_RSA_BLINDING WC_RNG* rng; /* for PrivateDecrypt blinding */ #endif #ifdef WOLF_CRYPTO_CB int devId; #endif #ifdef WOLFSSL_ASYNC_CRYPT WC_ASYNC_DEV asyncDev; #ifdef WOLFSSL_CERT_GEN CertSignCtx certSignCtx; /* context info for cert sign (MakeSignature) */ #endif #endif /* WOLFSSL_ASYNC_CRYPT */ #ifdef WOLFSSL_XILINX_CRYPT word32 pubExp; /* to keep values in scope they are here in struct */ byte* mod; XSecure_Rsa xRsa; #endif #ifdef WOLF_CRYPTO_CB byte id[RSA_MAX_ID_LEN]; int idLen; char label[RSA_MAX_LABEL_LEN]; int labelLen; #endif #if defined(WOLFSSL_ASYNC_CRYPT) || !defined(WOLFSSL_RSA_VERIFY_INLINE) byte dataIsAlloc; #endif #ifdef WC_RSA_NONBLOCK RsaNb* nb; #endif #ifdef WOLFSSL_AFALG_XILINX_RSA int alFd; int rdFd; #endif #if defined(WOLFSSL_CRYPTOCELL) rsa_context_t ctx; #endif }; #ifndef WC_RSAKEY_TYPE_DEFINED typedef struct RsaKey RsaKey; #define WC_RSAKEY_TYPE_DEFINED #endif #endif /*HAVE_FIPS */ WOLFSSL_API int wc_InitRsaKey(RsaKey* key, void* heap); WOLFSSL_API int wc_InitRsaKey_ex(RsaKey* key, void* heap, int devId); WOLFSSL_API int wc_FreeRsaKey(RsaKey* key); #ifdef WOLF_CRYPTO_CB WOLFSSL_API int wc_InitRsaKey_Id(RsaKey* key, unsigned char* id, int len, void* heap, int devId); WOLFSSL_API int wc_InitRsaKey_Label(RsaKey* key, const char* label, void* heap, int devId); #endif WOLFSSL_API int wc_CheckRsaKey(RsaKey* key); #ifdef WOLFSSL_XILINX_CRYPT WOLFSSL_LOCAL int wc_InitRsaHw(RsaKey* key); #endif /* WOLFSSL_XILINX_CRYPT */ WOLFSSL_API int wc_RsaFunction(const byte* in, word32 inLen, byte* out, word32* outLen, int type, RsaKey* key, WC_RNG* rng); WOLFSSL_API int wc_RsaPublicEncrypt(const byte* in, word32 inLen, byte* out, word32 outLen, RsaKey* key, WC_RNG* rng); WOLFSSL_API int wc_RsaPrivateDecryptInline(byte* in, word32 inLen, byte** out, RsaKey* key); WOLFSSL_API int wc_RsaPrivateDecrypt(const byte* in, word32 inLen, byte* out, word32 outLen, RsaKey* key); WOLFSSL_API int wc_RsaSSL_Sign(const byte* in, word32 inLen, byte* out, word32 outLen, RsaKey* key, WC_RNG* rng); WOLFSSL_API int wc_RsaPSS_Sign(const byte* in, word32 inLen, byte* out, word32 outLen, enum wc_HashType hash, int mgf, RsaKey* key, WC_RNG* rng); WOLFSSL_API int wc_RsaPSS_Sign_ex(const byte* in, word32 inLen, byte* out, word32 outLen, enum wc_HashType hash, int mgf, int saltLen, RsaKey* key, WC_RNG* rng); WOLFSSL_API int wc_RsaSSL_VerifyInline(byte* in, word32 inLen, byte** out, RsaKey* key); WOLFSSL_API int wc_RsaSSL_Verify(const byte* in, word32 inLen, byte* out, word32 outLen, RsaKey* key); WOLFSSL_API int wc_RsaSSL_Verify_ex(const byte* in, word32 inLen, byte* out, word32 outLen, RsaKey* key, int pad_type); WOLFSSL_API int wc_RsaSSL_Verify_ex2(const byte* in, word32 inLen, byte* out, word32 outLen, RsaKey* key, int pad_type, enum wc_HashType hash); WOLFSSL_API int wc_RsaPSS_VerifyInline(byte* in, word32 inLen, byte** out, enum wc_HashType hash, int mgf, RsaKey* key); WOLFSSL_API int wc_RsaPSS_VerifyInline_ex(byte* in, word32 inLen, byte** out, enum wc_HashType hash, int mgf, int saltLen, RsaKey* key); WOLFSSL_API int wc_RsaPSS_Verify(byte* in, word32 inLen, byte* out, word32 outLen, enum wc_HashType hash, int mgf, RsaKey* key); WOLFSSL_API int wc_RsaPSS_Verify_ex(byte* in, word32 inLen, byte* out, word32 outLen, enum wc_HashType hash, int mgf, int saltLen, RsaKey* key); WOLFSSL_API int wc_RsaPSS_CheckPadding(const byte* in, word32 inLen, byte* sig, word32 sigSz, enum wc_HashType hashType); WOLFSSL_API int wc_RsaPSS_CheckPadding_ex(const byte* in, word32 inLen, byte* sig, word32 sigSz, enum wc_HashType hashType, int saltLen, int bits); WOLFSSL_API int wc_RsaPSS_VerifyCheckInline(byte* in, word32 inLen, byte** out, const byte* digest, word32 digentLen, enum wc_HashType hash, int mgf, RsaKey* key); WOLFSSL_API int wc_RsaPSS_VerifyCheck(byte* in, word32 inLen, byte* out, word32 outLen, const byte* digest, word32 digestLen, enum wc_HashType hash, int mgf, RsaKey* key); WOLFSSL_API int wc_RsaEncryptSize(RsaKey* key); #if !defined(HAVE_FIPS) || \ (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)) /* to avoid asn duplicate symbols @wc_fips */ WOLFSSL_API int wc_RsaPrivateKeyDecode(const byte* input, word32* inOutIdx, RsaKey*, word32); WOLFSSL_API int wc_RsaPublicKeyDecode(const byte* input, word32* inOutIdx, RsaKey*, word32); WOLFSSL_API int wc_RsaPublicKeyDecodeRaw(const byte* n, word32 nSz, const byte* e, word32 eSz, RsaKey* key); #ifdef WOLFSSL_KEY_GEN WOLFSSL_API int wc_RsaKeyToDer(RsaKey*, byte* output, word32 inLen); #endif #ifdef WC_RSA_BLINDING WOLFSSL_API int wc_RsaSetRNG(RsaKey* key, WC_RNG* rng); #endif #ifdef WC_RSA_NONBLOCK WOLFSSL_API int wc_RsaSetNonBlock(RsaKey* key, RsaNb* nb); #ifdef WC_RSA_NONBLOCK_TIME WOLFSSL_API int wc_RsaSetNonBlockTime(RsaKey* key, word32 maxBlockUs, word32 cpuMHz); #endif #endif /* choice of padding added after fips, so not available when using fips RSA */ /* Mask Generation Function Identifiers */ #define WC_MGF1NONE 0 #define WC_MGF1SHA1 26 #define WC_MGF1SHA224 4 #define WC_MGF1SHA256 1 #define WC_MGF1SHA384 2 #define WC_MGF1SHA512 3 /* Padding types */ #define WC_RSA_PKCSV15_PAD 0 #define WC_RSA_OAEP_PAD 1 #define WC_RSA_PSS_PAD 2 #define WC_RSA_NO_PAD 3 WOLFSSL_API int wc_RsaPublicEncrypt_ex(const byte* in, word32 inLen, byte* out, word32 outLen, RsaKey* key, WC_RNG* rng, int type, enum wc_HashType hash, int mgf, byte* label, word32 lableSz); WOLFSSL_API int wc_RsaPrivateDecrypt_ex(const byte* in, word32 inLen, byte* out, word32 outLen, RsaKey* key, int type, enum wc_HashType hash, int mgf, byte* label, word32 lableSz); WOLFSSL_API int wc_RsaPrivateDecryptInline_ex(byte* in, word32 inLen, byte** out, RsaKey* key, int type, enum wc_HashType hash, int mgf, byte* label, word32 lableSz); #if defined(WC_RSA_DIRECT) || defined(WC_RSA_NO_PADDING) WOLFSSL_API int wc_RsaDirect(byte* in, word32 inLen, byte* out, word32* outSz, RsaKey* key, int type, WC_RNG* rng); #endif #endif /* HAVE_FIPS */ WOLFSSL_API int wc_RsaFlattenPublicKey(RsaKey*, byte*, word32*, byte*, word32*); WOLFSSL_API int wc_RsaExportKey(RsaKey* key, byte* e, word32* eSz, byte* n, word32* nSz, byte* d, word32* dSz, byte* p, word32* pSz, byte* q, word32* qSz); WOLFSSL_API int wc_RsaKeyToPublicDer(RsaKey*, byte* output, word32 inLen); #ifdef WOLFSSL_KEY_GEN WOLFSSL_API int wc_MakeRsaKey(RsaKey* key, int size, long e, WC_RNG* rng); WOLFSSL_API int wc_CheckProbablePrime_ex(const byte* p, word32 pSz, const byte* q, word32 qSz, const byte* e, word32 eSz, int nlen, int* isPrime, WC_RNG* rng); WOLFSSL_API int wc_CheckProbablePrime(const byte* p, word32 pSz, const byte* q, word32 qSz, const byte* e, word32 eSz, int nlen, int* isPrime); #endif WOLFSSL_LOCAL int wc_RsaPad_ex(const byte* input, word32 inputLen, byte* pkcsBlock, word32 pkcsBlockLen, byte padValue, WC_RNG* rng, int padType, enum wc_HashType hType, int mgf, byte* optLabel, word32 labelLen, int saltLen, int bits, void* heap); WOLFSSL_LOCAL int wc_RsaUnPad_ex(byte* pkcsBlock, word32 pkcsBlockLen, byte** out, byte padValue, int padType, enum wc_HashType hType, int mgf, byte* optLabel, word32 labelLen, int saltLen, int bits, void* heap); WOLFSSL_LOCAL int wc_hash2mgf(enum wc_HashType hType); #endif /* HAVE_USER_RSA */ #ifdef __cplusplus } /* extern "C" */ #endif #endif /* NO_RSA */ #endif /* WOLF_CRYPT_RSA_H */