- Timestamp:
- Feb 7, 2019, 8:36:33 AM (5 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
asp3_tinet_ecnl_rx/trunk/wolfssl-3.12.2/wolfssl/wolfcrypt/rsa.h
r337 r372 20 20 */ 21 21 22 /*! 23 \file wolfssl/wolfcrypt/rsa.h 24 */ 25 22 26 23 27 #ifndef WOLF_CRYPT_RSA_H … … 27 31 28 32 #ifndef NO_RSA 33 34 35 /* RSA default exponent */ 36 #ifndef WC_RSA_EXPONENT 37 #define WC_RSA_EXPONENT 65537L 38 #endif 39 40 #if defined(WC_RSA_NONBLOCK) 41 /* enable support for fast math based non-blocking exptmod */ 42 /* this splits the RSA function into many smaller operations */ 43 #ifndef USE_FAST_MATH 44 #error RSA non-blocking mode only supported using fast math 45 #endif 46 #ifndef TFM_TIMING_RESISTANT 47 #error RSA non-blocking mode only supported with timing resistance enabled 48 #endif 49 50 /* RSA bounds check is not supported with RSA non-blocking mode */ 51 #undef NO_RSA_BOUNDS_CHECK 52 #define NO_RSA_BOUNDS_CHECK 53 #endif 29 54 30 55 /* allow for user to plug in own crypto */ … … 33 58 #else 34 59 35 #ifdef HAVE_FIPS 60 #if defined(HAVE_FIPS) && \ 61 (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2)) 36 62 /* for fips @wc_fips */ 37 63 #include <cyassl/ctaocrypt/rsa.h> … … 42 68 #include <wolfssl/wolfcrypt/integer.h> 43 69 #include <wolfssl/wolfcrypt/random.h> 44 #endif /* HAVE_FIPS */ 70 #endif /* HAVE_FIPS && HAVE_FIPS_VERION 1 */ 71 #if defined(HAVE_FIPS) && \ 72 defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2) 73 #include <wolfssl/wolfcrypt/fips.h> 74 #endif 45 75 46 76 /* header file needed for OAEP padding */ … … 55 85 #endif 56 86 87 enum { 88 RSA_MIN_SIZE = 512, 89 RSA_MAX_SIZE = 4096, 90 }; 91 57 92 /* avoid redefinition of structs */ 58 #if !defined(HAVE_FIPS) 93 #if !defined(HAVE_FIPS) || \ 94 (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)) 59 95 60 96 #ifdef WOLFSSL_ASYNC_CRYPT … … 78 114 RSA_BLOCK_TYPE_2 = 2, 79 115 80 RSA_MIN_SIZE = 512,81 RSA_MAX_SIZE = 4096,82 83 116 RSA_MIN_PAD_SZ = 11, /* separator + 0 + pad value + 8 pads */ 84 117 85 118 RSA_PSS_PAD_SZ = 8, 119 RSA_PSS_SALT_MAX_SZ = 62, 86 120 87 121 #ifdef OPENSSL_EXTRA 88 122 RSA_PKCS1_PADDING_SIZE = 11, 89 RSA_PKCS1_OAEP_PADDING_SIZE = 42 /* (2 * hashlen(SHA-1)) + 2 */ 123 RSA_PKCS1_OAEP_PADDING_SIZE = 42, /* (2 * hashlen(SHA-1)) + 2 */ 124 #endif 125 #ifdef WC_RSA_PSS 126 RSA_PSS_PAD_TERM = 0xBC, 127 #endif 128 129 #ifdef HAVE_PKCS11 130 RSA_MAX_ID_LEN = 32, 90 131 #endif 91 132 }; 92 133 134 #ifdef WC_RSA_NONBLOCK 135 typedef struct RsaNb { 136 exptModNb_t exptmod; /* non-block expt_mod */ 137 mp_int tmp; 138 } RsaNb; 139 #endif 93 140 94 141 /* RSA */ 95 142 struct RsaKey { 96 mp_int n, e, d, p, q, dP, dQ, u; 143 mp_int n, e; 144 #ifndef WOLFSSL_RSA_PUBLIC_ONLY 145 mp_int d, p, q; 146 #if defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA) || !defined(RSA_LOW_MEM) 147 mp_int dP, dQ, u; 148 #endif 149 #endif 97 150 void* heap; /* for user memory overrides */ 98 151 byte* data; /* temp buffer for async RSA */ … … 103 156 WC_RNG* rng; /* for PrivateDecrypt blinding */ 104 157 #endif 158 #ifdef WOLF_CRYPTO_DEV 159 int devId; 160 #endif 105 161 #ifdef WOLFSSL_ASYNC_CRYPT 106 162 WC_ASYNC_DEV asyncDev; … … 114 170 XSecure_Rsa xRsa; 115 171 #endif 172 #ifdef HAVE_PKCS11 173 byte id[RSA_MAX_ID_LEN]; 174 int idLen; 175 #endif 176 #if defined(WOLFSSL_ASYNC_CRYPT) || !defined(WOLFSSL_RSA_VERIFY_INLINE) 116 177 byte dataIsAlloc; 178 #endif 179 #ifdef WC_RSA_NONBLOCK 180 RsaNb* nb; 181 #endif 117 182 }; 118 183 … … 127 192 WOLFSSL_API int wc_InitRsaKey_ex(RsaKey* key, void* heap, int devId); 128 193 WOLFSSL_API int wc_FreeRsaKey(RsaKey* key); 194 #ifdef HAVE_PKCS11 195 WOLFSSL_API int wc_InitRsaKey_Id(RsaKey* key, unsigned char* id, int len, 196 void* heap, int devId); 197 #endif 198 WOLFSSL_API int wc_CheckRsaKey(RsaKey* key); 129 199 #ifdef WOLFSSL_XILINX_CRYPT 130 200 WOLFSSL_LOCAL int wc_InitRsaHw(RsaKey* key); 131 201 #endif /* WOLFSSL_XILINX_CRYPT */ 132 202 133 WOLFSSL_ LOCAL intwc_RsaFunction(const byte* in, word32 inLen, byte* out,203 WOLFSSL_API int wc_RsaFunction(const byte* in, word32 inLen, byte* out, 134 204 word32* outLen, int type, RsaKey* key, WC_RNG* rng); 135 205 … … 145 215 word32 outLen, enum wc_HashType hash, int mgf, 146 216 RsaKey* key, WC_RNG* rng); 217 WOLFSSL_API int wc_RsaPSS_Sign_ex(const byte* in, word32 inLen, byte* out, 218 word32 outLen, enum wc_HashType hash, 219 int mgf, int saltLen, RsaKey* key, 220 WC_RNG* rng); 147 221 WOLFSSL_API int wc_RsaSSL_VerifyInline(byte* in, word32 inLen, byte** out, 148 222 RsaKey* key); … … 152 226 enum wc_HashType hash, int mgf, 153 227 RsaKey* key); 228 WOLFSSL_API int wc_RsaPSS_VerifyInline_ex(byte* in, word32 inLen, byte** out, 229 enum wc_HashType hash, int mgf, 230 int saltLen, RsaKey* key); 231 WOLFSSL_API int wc_RsaPSS_Verify(byte* in, word32 inLen, byte* out, 232 word32 outLen, enum wc_HashType hash, int mgf, 233 RsaKey* key); 234 WOLFSSL_API int wc_RsaPSS_Verify_ex(byte* in, word32 inLen, byte* out, 235 word32 outLen, enum wc_HashType hash, 236 int mgf, int saltLen, RsaKey* key); 154 237 WOLFSSL_API int wc_RsaPSS_CheckPadding(const byte* in, word32 inLen, byte* sig, 155 238 word32 sigSz, 156 239 enum wc_HashType hashType); 240 WOLFSSL_API int wc_RsaPSS_CheckPadding_ex(const byte* in, word32 inLen, 241 byte* sig, word32 sigSz, 242 enum wc_HashType hashType, 243 int saltLen, int bits); 244 WOLFSSL_API int wc_RsaPSS_VerifyCheckInline(byte* in, word32 inLen, byte** out, 245 const byte* digest, word32 digentLen, 246 enum wc_HashType hash, int mgf, 247 RsaKey* key); 248 WOLFSSL_API int wc_RsaPSS_VerifyCheck(byte* in, word32 inLen, 249 byte* out, word32 outLen, 250 const byte* digest, word32 digestLen, 251 enum wc_HashType hash, int mgf, 252 RsaKey* key); 157 253 158 254 WOLFSSL_API int wc_RsaEncryptSize(RsaKey* key); 159 255 160 #ifndef HAVE_FIPS /* to avoid asn duplicate symbols @wc_fips */ 256 #if !defined(HAVE_FIPS) || \ 257 (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)) 258 /* to avoid asn duplicate symbols @wc_fips */ 161 259 WOLFSSL_API int wc_RsaPrivateKeyDecode(const byte* input, word32* inOutIdx, 162 260 RsaKey*, word32); … … 169 267 #endif 170 268 269 #ifdef WC_RSA_BLINDING 171 270 WOLFSSL_API int wc_RsaSetRNG(RsaKey* key, WC_RNG* rng); 271 #endif 272 #ifdef WC_RSA_NONBLOCK 273 WOLFSSL_API int wc_RsaSetNonBlock(RsaKey* key, RsaNb* nb); 274 #ifdef WC_RSA_NONBLOCK_TIME 275 WOLFSSL_API int wc_RsaSetNonBlockTime(RsaKey* key, word32 maxBlockUs, 276 word32 cpuMHz); 277 #endif 278 #endif 172 279 173 280 /* … … 187 294 #define WC_RSA_OAEP_PAD 1 188 295 #define WC_RSA_PSS_PAD 2 296 #define WC_RSA_NO_PAD 3 189 297 190 298 WOLFSSL_API int wc_RsaPublicEncrypt_ex(const byte* in, word32 inLen, byte* out, … … 197 305 byte** out, RsaKey* key, int type, enum wc_HashType hash, 198 306 int mgf, byte* label, word32 lableSz); 307 #if defined(WC_RSA_DIRECT) || defined(WC_RSA_NO_PADDING) 308 WOLFSSL_API int wc_RsaDirect(byte* in, word32 inLen, byte* out, word32* outSz, 309 RsaKey* key, int type, WC_RNG* rng); 310 #endif 311 199 312 #endif /* HAVE_FIPS*/ 313 200 314 WOLFSSL_API int wc_RsaFlattenPublicKey(RsaKey*, byte*, word32*, byte*, 201 315 word32*); 316 WOLFSSL_API int wc_RsaExportKey(RsaKey* key, 317 byte* e, word32* eSz, 318 byte* n, word32* nSz, 319 byte* d, word32* dSz, 320 byte* p, word32* pSz, 321 byte* q, word32* qSz); 322 323 WOLFSSL_API int wc_RsaKeyToPublicDer(RsaKey*, byte* output, word32 inLen); 202 324 203 325 #ifdef WOLFSSL_KEY_GEN 204 WOLFSSL_API int wc_RsaKeyToPublicDer(RsaKey*, byte* output, word32 inLen);205 326 WOLFSSL_API int wc_MakeRsaKey(RsaKey* key, int size, long e, WC_RNG* rng); 327 WOLFSSL_API int wc_CheckProbablePrime_ex(const byte* p, word32 pSz, 328 const byte* q, word32 qSz, 329 const byte* e, word32 eSz, 330 int nlen, int* isPrime, WC_RNG* rng); 331 WOLFSSL_API int wc_CheckProbablePrime(const byte* p, word32 pSz, 332 const byte* q, word32 qSz, 333 const byte* e, word32 eSz, 334 int nlen, int* isPrime); 206 335 #endif 207 336
Note:
See TracChangeset
for help on using the changeset viewer.