Mistake on this page?
Report an issue in GitHub or email us
crys_rsa_schemes.h
Go to the documentation of this file.
1 /**************************************************************************************
2 * Copyright (c) 2016-2017, ARM Limited or its affiliates. All rights reserved *
3 * *
4 * This file and the related binary are licensed under the following license: *
5 * *
6 * ARM Object Code and Header Files License, v1.0 Redistribution. *
7 * *
8 * Redistribution and use of object code, header files, and documentation, without *
9 * modification, are permitted provided that the following conditions are met: *
10 * *
11 * 1) Redistributions must reproduce the above copyright notice and the *
12 * following disclaimer in the documentation and/or other materials *
13 * provided with the distribution. *
14 * *
15 * 2) Unless to the extent explicitly permitted by law, no reverse *
16 * engineering, decompilation, or disassembly of is permitted. *
17 * *
18 * 3) Redistribution and use is permitted solely for the purpose of *
19 * developing or executing applications that are targeted for use *
20 * on an ARM-based product. *
21 * *
22 * DISCLAIMER. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND *
23 * CONTRIBUTORS "AS IS." ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT *
24 * NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT, *
25 * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE *
26 * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, *
27 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED *
28 * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR *
29 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF *
30 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING *
31 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS *
32 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. *
33 **************************************************************************************/
34 
35 
36 
37 #ifndef CRYS_RSA_SCHEMES_H
38 #define CRYS_RSA_SCHEMES_H
39 
40 
41 #include "crys_error.h"
42 #include "crys_rsa_types.h"
43 #include "crys_rnd.h"
44 
45 #ifdef __cplusplus
46 extern "C"
47 {
48 #endif
49 
50 /*!
51 @file
52 @brief This module defines APIs that support [PKCS1_1.5] and [PKCS1_2.1] encryption and signature schemes.
53 @defgroup crys_rsa_schemes CryptoCell RSA encryption and signature schemes
54 @{
55 @ingroup crys_rsa
56 */
57 
58 /**********************************************************************************************************/
59 /*!
60 @brief This function implements the Encrypt algorithm, as defined in [PKCS1_2.1] and [PKCS1_1.5].
61 
62 It should not be called directly. Instead, use macros ::CRYS_RSA_OAEP_Encrypt or ::CRYS_RSA_PKCS1v15_Encrypt.
63 
64 @return CRYS_OK on success.
65 @return A non-zero value from crys_rsa_error.h, crys_rnd_error.h or crys_hash_error.h on failure.
66 */
68  void *rndState_ptr, /*!< [in/out] Pointer to the RND state structure. */
69  SaSiRndGenerateVectWorkFunc_t rndGenerateVectFunc, /*!< [in] Pointer to the random vector generation function. */
70  CRYS_RSAUserPubKey_t *UserPubKey_ptr, /*!< [in] Pointer to the public key data structure. */
71  CRYS_RSAPrimeData_t *PrimeData_ptr, /*!< [in] Pointer to a temporary structure that is internally used as workspace for the
72  Encryption operation. */
73  CRYS_RSA_HASH_OpMode_t hashFunc, /*!< [in] The HASH function to be used. One of the supported SHA-x HASH modes, as defined
74  in ::CRYS_RSA_HASH_OpMode_t (MD5 is not supported).*/
75  uint8_t *L, /*!< [in] The label input pointer. Relevant for [PKCS1_2.1] only. NULL by default.
76  NULL for [PKCS1_1.5]. */
77  uint16_t Llen, /*!< [in] The label length. Relevant for [PKCS1_2.1] only. Zero by default.
78  Must be <=2048. Zero for [PKCS1_1.5]. */
79  CRYS_PKCS1_MGF_t MGF, /*!< [in] The mask generation function. [PKCS1_2.1] defines MGF1, so the only value
80  allowed here is CRYS_PKCS1_MGF1. */
81  uint8_t *DataIn_ptr, /*!< [in] Pointer to the data to encrypt. */
82  uint16_t DataInSize, /*!< [in] The size (in bytes) of the data to encrypt. The data size must be:
83  - For [PKCS1_2.1], DataSize <= modulus size - 2*HashLen - 2.
84  - For [PKCS1_1.5], DataSize <= modulus size - 11. */
85  uint8_t *Output_ptr, /*!< [out] Pointer to the encrypted data. The buffer must be at least modulus size bytes long. */
86  CRYS_PKCS1_version PKCS1_ver /*!< [in] [PKCS1_1.5] or [PKCS1_2.1], according to the functionality required. */
87 );
88 
89 /*!
90  @brief
91  CRYS_RSA_OAEP_PSS21_Encrypt implements the RSAES-OAEP algorithm
92  as defined in PKCS#1 v2.1 8.1.
93 
94  \note It is not recommended to use hash MD5 in OAEP PKCS1 ver 2.1, therefore
95  it is not supported.
96 
97  This function combines the RSA encryption primitive and the
98  EME-OAEP encoding method, to provide an RSA-based encryption
99  method that is semantically secure against adaptive
100  chosen-ciphertext attacks. For additional details, please refer to
101  the PKCS#1 standard.
102 */
103 #define CRYS_RSA_OAEP_Encrypt(rndState_ptr, rndGenerateVectFunc, UserPubKey_ptr,PrimeData_ptr,HashMode,L,Llen,MGF,Data_ptr,DataSize,Output_ptr)\
104  SaSi_RsaSchemesEncrypt(rndState_ptr, rndGenerateVectFunc, UserPubKey_ptr,PrimeData_ptr,HashMode,L,Llen,MGF,Data_ptr,DataSize,Output_ptr,CRYS_PKCS1_VER21)
105 
106 /*!
107  @brief
108  CRYS_RSA_PKCS1v15_Encrypt implements the RSAES-PKCS1v15 algorithm
109  as defined in PKCS#1 v2.1 8.2.
110 */
111 #define CRYS_RSA_PKCS1v15_Encrypt(rndState_ptr, rndGenerateVectFunc, UserPubKey_ptr,PrimeData_ptr,DataIn_ptr,DataInSize,Output_ptr)\
112  SaSi_RsaSchemesEncrypt(rndState_ptr, rndGenerateVectFunc, UserPubKey_ptr,PrimeData_ptr,CRYS_RSA_HASH_NO_HASH_mode,NULL,0,CRYS_PKCS1_NO_MGF,DataIn_ptr, \
113  DataInSize, Output_ptr,CRYS_PKCS1_VER15)
114 
115 
116 /**********************************************************************************************************/
117 /*!
118 @brief This function implements the Decrypt algorithm, as defined in [PKCS1_2.1] and [PKCS1_1.5].
119 
120 It should not be called directly. Instead, use macros ::CRYS_RSA_OAEP_Decrypt or ::CRYS_RSA_PKCS1v15_Decrypt.
121 
122 @return CRYS_OK on success.
123 @return A non-zero value from crys_rsa_error.h or crys_hash_error.h on failure.
124 */
126  CRYS_RSAUserPrivKey_t *UserPrivKey_ptr, /*!< [in] Pointer to the private key data structure of the user. */
127  CRYS_RSAPrimeData_t *PrimeData_ptr, /*!< [in] Pointer to a temporary structure that is internally used as workspace
128  for the decryption operation. */
129  CRYS_RSA_HASH_OpMode_t hashFunc, /*!< [in] The HASH function to be used. One of the supported SHA-x HASH modes,
130  as defined in ::CRYS_RSA_HASH_OpMode_t (MD5 is not supported). */
131  uint8_t *L, /*!< [in] The label input pointer. Relevant for [PKCS1_2.1] only. NULL by default.
132  NULL for [PKCS1_1.5]. */
133  uint16_t Llen, /*!< [in] The label length. Relevant for [PKCS1_2.1] only. Zero by default.
134  Zero for [PKCS1_1.5]. */
135  CRYS_PKCS1_MGF_t MGF, /*!< [in] The mask generation function. [PKCS1_2.1] defines MGF1, so the only
136  value allowed here is CRYS_PKCS1_MGF1. */
137  uint8_t *DataIn_ptr, /*!< [in] Pointer to the data to decrypt. */
138  uint16_t DataInSize, /*!< [in] The size (in bytes) of the data to decrypt. DataSize must be &le;
139  the modulus size. */
140  uint8_t *Output_ptr, /*!< [in] Pointer to the decrypted data. The buffer must be at least
141  PrivKey_ptr->N.len bytes long (i.e. the modulus size in bytes). */
142  uint16_t *OutputSize_ptr, /*!< [in] Pointer to the byte size of the buffer pointed to by Output_buffer.
143  The size must be:
144  <ul><li> For PKCS #1 v2.1: Modulus size > OutputSize >=
145  (modulus size - 2*HashLen - 2).</li>
146  <li> For PKCS #1 v1.5: Modulus size > OutputSize >= (modulus size - 11).
147  The value pointed by OutputSize_ptr is updated after decryption with
148  the actual number of bytes that are loaded to Output_ptr.</li></ul> */
149  CRYS_PKCS1_version PKCS1_ver /*!< [in] [PKCS1_1.5] or [PKCS1_2.1], according to the functionality required. */
150 );
151 
152 /**********************************************************************************************************/
153 /**
154  @brief
155  CRYS_RSA_OAEP_Decrypt implements the RSAES-OAEP algorithm
156  as defined in PKCS#1 v2.1 8.1.
157 
158  \note It is not recommended to use hash MD5 in OAEP PKCS1 ver 2.1, therefore
159  it is not supported.
160 
161  This function combines the RSA decryption primitive and the
162  EME-OAEP encoding method, to provide an RSA-based decryption
163  method that is semantically secure against adaptive
164  chosen-ciphertext attacks. For more details, please refer to
165  the PKCS#1 standard.
166 
167 */
168 #define CRYS_RSA_OAEP_Decrypt(UserPrivKey_ptr,PrimeData_ptr,HashMode,L,Llen,MGF,Data_ptr,DataSize,Output_ptr,OutputSize_ptr)\
169  SaSi_RsaSchemesDecrypt(UserPrivKey_ptr,PrimeData_ptr,HashMode,L,Llen,MGF,Data_ptr,DataSize,Output_ptr,OutputSize_ptr,CRYS_PKCS1_VER21)
170 
171 
172 /**
173  @brief
174  CRYS_RSA_PKCS1v15_Decrypt implements the RSAES-PKCS1v15 algorithm as defined
175  in PKCS#1 v2.1 8.2.
176 */
177 #define CRYS_RSA_PKCS1v15_Decrypt(UserPrivKey_ptr,PrimeData_ptr,DataIn_ptr,DataInSize,Output_ptr,OutputSize_ptr)\
178  SaSi_RsaSchemesDecrypt(UserPrivKey_ptr,PrimeData_ptr,CRYS_RSA_HASH_NO_HASH_mode,NULL,0,CRYS_PKCS1_NO_MGF,DataIn_ptr,DataInSize,Output_ptr,OutputSize_ptr,CRYS_PKCS1_VER15)
179 
180 
181 /**********************************************************************************************************/
182 /*!
183 @brief Implements the Signing algorithm, as defined in [PKCS1_1.5] or [PKCS1_2.1], using a single function.
184 
185 The input data may be either a non-hashed data or a digest of a hash function.
186 For a non-hashed data, the input data will be hashed using the hash function indicated by ::CRYS_RSA_HASH_OpMode_t.
187 For a digest, ::CRYS_RSA_HASH_OpMode_t should indicate the hash function that the input data was created by, and it will not be hashed.
188 
189 @return CRYS_OK on success.
190 @return A non-zero value from crys_rsa_error.h, crys_rnd_error.h or crys_hash_error.h on failure.
191 */
192 CIMPORT_C CRYSError_t SaSi_RsaSign(
193  void *rndState_ptr, /*!< [in/out] Pointer to the RND state. */
194  SaSiRndGenerateVectWorkFunc_t rndGenerateVectFunc, /*!< [in/out] Pointer to the RND Generate vector function pointer. */
195  CRYS_RSAPrivUserContext_t *UserContext_ptr, /*!< [in] Pointer to a temporary context for internal use. */
196  CRYS_RSAUserPrivKey_t *UserPrivKey_ptr, /*!< [in] Pointer to the private key data structure of the user.
197  The representation (pair or quintuple) and hence the algorithm (CRT or not CRT)
198  is determined by the Private Key build function -
199  ::CRYS_RSA_Build_PrivKey or ::CRYS_RSA_Build_PrivKeyCRT. */
200  CRYS_RSA_HASH_OpMode_t rsaHashMode, /*!< [in] One of the supported SHA-x HASH modes, as defined in ::CRYS_RSA_HASH_OpMode_t.
201  (MD5 is not supported). */
202  CRYS_PKCS1_MGF_t MGF, /*!< [in] The mask generation function. [PKCS1_2.1] defines only MGF1, so the only value
203  allowed for [PKCS1_2.1] is CRYS_PKCS1_MGF1. */
204  uint16_t SaltLen, /*!< [in] The Length of the Salt buffer (relevant for PKCS#1 Ver 2.1 only, typically lengths is 0 or hash Len).
205  FIPS 186-4 requires, that SaltLen <= hash len. If SaltLen > KeySize - hash Len - 2, the function
206  returns an error. */
207  uint8_t *DataIn_ptr, /*!< [in] Pointer to the input data to be signed.
208  The size of the scatter/gather list representing the data buffer is limited to 128
209  entries, and the size of each entry is limited to 64KB (fragments larger than
210  64KB are broken into fragments <= 64KB). */
211  uint32_t DataInSize, /*!< [in] The size (in bytes) of the data to sign. */
212  uint8_t *Output_ptr, /*!< [out] Pointer to the signature. The buffer must be at least PrivKey_ptr->N.len bytes
213  long (i.e. the modulus size in bytes). */
214  uint16_t *OutputSize_ptr, /*!< [in/out] Pointer to the signature size value - the input value is the signature
215  buffer size allocated, the output value is the signature size used.
216  he buffer must be equal to PrivKey_ptr->N.len bytes long
217  (i.e. the modulus size in bytes). */
218  CRYS_PKCS1_version PKCS1_ver /*!< [in] [PKCS1_1.5] or [PKCS1_2.1], according to the functionality required. */
219 );
220 
221 
222 /*!
223 @brief CRYS_RSA_PKCS1v15_Sign implements the RSASSA-PKCS1v15 algorithm as defined in PKCS#1 v1.5.
224 
225 This function combines the RSASP1 signature primitive and the EMSA-PKCS1v15 encoding method, to provide an RSA-based signature scheme.
226 For more details, please refer to the PKCS#1 standard.
227  */
228 
229 #define CRYS_RSA_PKCS1v15_Sign(rndState_ptr, rndGenerateVectFunc, UserContext_ptr,UserPrivKey_ptr,hashFunc,DataIn_ptr,DataInSize,Output_ptr,OutputSize_ptr)\
230  SaSi_RsaSign(rndState_ptr, rndGenerateVectFunc, (UserContext_ptr),(UserPrivKey_ptr),(hashFunc),(CRYS_PKCS1_NO_MGF),0,(DataIn_ptr),(DataInSize),(Output_ptr),(OutputSize_ptr),CRYS_PKCS1_VER15)
231 
232 
233 /*!
234 @brief CRYS_RSA_PKCS1v15_SHA1_Sign implements the RSASSA-PKCS1v15 algorithm as defined in PKCS#1 v1.5, but without performing a HASH function -
235 it assumes that the data in has already been hashed using SHA-1.
236 
237 \note The data_in size is already known after the Hash.
238 */
239 #define CRYS_RSA_PKCS1v15_SHA1_Sign(rndState_ptr, rndGenerateVectFunc, UserContext_ptr,UserPrivKey_ptr,DataIn_ptr,Output_ptr,OutputSize_ptr)\
240  SaSi_RsaSign(rndState_ptr, rndGenerateVectFunc, (UserContext_ptr),(UserPrivKey_ptr),(CRYS_RSA_After_SHA1_mode),(CRYS_PKCS1_NO_MGF),0,(DataIn_ptr),CRYS_HASH_SHA1_DIGEST_SIZE_IN_BYTES,(Output_ptr),(OutputSize_ptr),CRYS_PKCS1_VER15)
241 
242 /*!
243 @brief CRYS_RSA_PKCS1v15_MD5_Sign implements the RSASSA-PKCS1v15 algorithm as defined in PKCS#1 v1.5, but without performing a HASH function -
244 it assumes that the data in has already been hashed using MD5.
245 
246 \note The data_in size is already known after the Hash.
247 */
248 
249 #define CRYS_RSA_PKCS1v15_MD5_Sign(rndState_ptr, rndGenerateVectFunc, UserContext_ptr,UserPrivKey_ptr,DataIn_ptr,Output_ptr,OutputSize_ptr)\
250  SaSi_RsaSign(rndState_ptr, rndGenerateVectFunc, (UserContext_ptr),(UserPrivKey_ptr),CRYS_RSA_After_MD5_mode,CRYS_PKCS1_NO_MGF,0,(DataIn_ptr),CRYS_HASH_MD5_DIGEST_SIZE_IN_BYTES,(Output_ptr),(OutputSize_ptr),CRYS_PKCS1_VER15)
251 
252 
253 /*!
254 @brief CRYS_RSA_PKCS1v15_SHA224_Sign implements the RSASSA-PKCS1v15 algorithm as defined in PKCS#1 v1.5, but without performing a HASH function -
255 it assumes that the data in has already been hashed using SHA-224.
256 
257 \note The data_in size is already known after the Hash.
258 */
259 #define CRYS_RSA_PKCS1v15_SHA224_Sign(rndState_ptr, rndGenerateVectFunc, UserContext_ptr,UserPrivKey_ptr,DataIn_ptr,Output_ptr,OutputSize_ptr)\
260  SaSi_RsaSign(rndState_ptr, rndGenerateVectFunc, (UserContext_ptr),(UserPrivKey_ptr),(CRYS_RSA_After_SHA224_mode),(CRYS_PKCS1_NO_MGF),0,(DataIn_ptr),CRYS_HASH_SHA224_DIGEST_SIZE_IN_BYTES,(Output_ptr),(OutputSize_ptr),CRYS_PKCS1_VER15)
261 
262 
263 /*!
264 @brief CRYS_RSA_PKCS1v15_SHA256_Sign implements the RSASSA-PKCS1v15 algorithm as defined in PKCS#1 v1.5, but without performing a HASH function -
265 it assumes that the data in has already been hashed using SHA-256.
266 
267 \note The data_in size is already known after the Hash.
268 */
269 #define CRYS_RSA_PKCS1v15_SHA256_Sign(rndState_ptr, rndGenerateVectFunc, UserContext_ptr,UserPrivKey_ptr,DataIn_ptr,Output_ptr,OutputSize_ptr)\
270  SaSi_RsaSign(rndState_ptr, rndGenerateVectFunc, (UserContext_ptr),(UserPrivKey_ptr),(CRYS_RSA_After_SHA256_mode),(CRYS_PKCS1_NO_MGF),0,(DataIn_ptr),CRYS_HASH_SHA256_DIGEST_SIZE_IN_BYTES,(Output_ptr),(OutputSize_ptr),CRYS_PKCS1_VER15)
271 
272 /*!
273 @brief CRYS_RSA_PKCS1v15_SHA1_Sign implements the RSASSA-PKCS1v15 algorithm as defined in PKCS#1 v1.5, but without performing a HASH function -
274 it assumes that the data in has already been hashed using SHA-384.
275 
276 \note The data_in size is already known after the Hash.
277 */
278 #define CRYS_RSA_PKCS1v15_SHA384_Sign(rndState_ptr, rndGenerateVectFunc, UserContext_ptr,UserPrivKey_ptr,DataIn_ptr,Output_ptr,OutputSize_ptr)\
279  SaSi_RsaSign(rndState_ptr, rndGenerateVectFunc, (UserContext_ptr),(UserPrivKey_ptr),(CRYS_RSA_After_SHA384_mode),(CRYS_PKCS1_NO_MGF),0,(DataIn_ptr),CRYS_HASH_SHA384_DIGEST_SIZE_IN_BYTES,(Output_ptr),(OutputSize_ptr),CRYS_PKCS1_VER15)
280 
281 
282 /*!
283 @brief CRYS_RSA_PKCS1v15_SHA512_Sign implements the RSASSA-PKCS1v15 algorithm as defined in PKCS#1 v1.5, but without performing a HASH function -
284 it assumes that the data in has already been hashed using SHA-512.
285 
286 \note The data_in size is already known after the Hash.
287 */
288 #define CRYS_RSA_PKCS1v15_SHA512_Sign(rndState_ptr, rndGenerateVectFunc, UserContext_ptr,UserPrivKey_ptr,DataIn_ptr,Output_ptr,OutputSize_ptr)\
289  SaSi_RsaSign(rndState_ptr, rndGenerateVectFunc, (UserContext_ptr),(UserPrivKey_ptr),(CRYS_RSA_After_SHA512_mode),(CRYS_PKCS1_NO_MGF),0,(DataIn_ptr),CRYS_HASH_SHA512_DIGEST_SIZE_IN_BYTES,(Output_ptr),(OutputSize_ptr),CRYS_PKCS1_VER15)
290 
291 
292 
293 /*!
294 @brief CRYS_RSA_PSS_Sign implements the RSASSA-PSS algorithm as defined in PKCS#1 v2.1 9.1, in a single function call.
295 
296 \note According to the PKCS#1 ver2.1 it is not recommended to use MD5 Hash, therefore it is not supported.
297 
298 The actual macro that is used by the user is ::CRYS_RSA_PSS_Sign.
299 */
300 
301 #define CRYS_RSA_PSS_Sign(rndState_ptr, rndGenerateVectFunc, UserContext_ptr,UserPrivKey_ptr,hashFunc,MGF,SaltLen,DataIn_ptr,DataInSize,Output_ptr,OutputSize_ptr)\
302  SaSi_RsaSign(rndState_ptr, rndGenerateVectFunc, UserContext_ptr,UserPrivKey_ptr,hashFunc,MGF,SaltLen,DataIn_ptr,DataInSize,Output_ptr,OutputSize_ptr,CRYS_PKCS1_VER21)
303 
304 
305 /*!
306 @brief CRYS_RSA_PSS_SHA1_Sign implements the RSASSA-PSS algorithm as defined in PKCS#1 v2.1 9.1 in a single function call, but without performing a HASH function -
307 it assumes that the data in has already been hashed using SHA-1.
308 
309 \note The data_in size is already known after the Hash.
310 
311 The actual macro that is used by the users is ::CRYS_RSA_PSS_SHA1_Sign.
312 */
313 
314 #define CRYS_RSA_PSS_SHA1_Sign(rndState_ptr, rndGenerateVectFunc, UserContext_ptr,UserPrivKey_ptr,MGF,SaltLen,DataIn_ptr,Output_ptr,OutputSize_ptr)\
315  SaSi_RsaSign(rndState_ptr, rndGenerateVectFunc, UserContext_ptr,UserPrivKey_ptr,CRYS_RSA_After_SHA1_mode,MGF,SaltLen,DataIn_ptr,CRYS_HASH_SHA1_DIGEST_SIZE_IN_BYTES,Output_ptr,OutputSize_ptr,CRYS_PKCS1_VER21)
316 
317 
318 /*!
319 @brief CRYS_RSA_PSS_SHA224_Sign implements the RSASSA-PSS algorithm as defined in PKCS#1 v2.1 9.1 in a single function call, but without performing a HASH function -
320 it assumes that the data in has already been hashed using SHA-224.
321 
322 \note The data_in size is already known after the Hash.
323 
324 The actual macro that is used by the users is ::CRYS_RSA_PSS_SHA224_Sign.
325 */
326 
327 #define CRYS_RSA_PSS_SHA224_Sign(rndState_ptr, rndGenerateVectFunc, UserContext_ptr,UserPrivKey_ptr,MGF,SaltLen,DataIn_ptr,Output_ptr,OutputSize_ptr)\
328  SaSi_RsaSign(rndState_ptr, rndGenerateVectFunc, UserContext_ptr,UserPrivKey_ptr,CRYS_RSA_After_SHA224_mode,MGF,SaltLen,DataIn_ptr,CRYS_HASH_SHA224_DIGEST_SIZE_IN_BYTES,Output_ptr,OutputSize_ptr,CRYS_PKCS1_VER21)
329 
330 
331 /*!
332 @brief CRYS_RSA_PSS_SHA256_Sign implements the RSASSA-PSS algorithm as defined in PKCS#1 v2.1 9.1 in a single function call, but without performing a HASH function -
333 it assumes that the data in has already been hashed using SHA-256.
334 
335 \note The data_in size is already known after the Hash.
336 
337 The actual macro that is used by the users is ::CRYS_RSA_PSS_SHA256_Sign.
338 */
339 
340 #define CRYS_RSA_PSS_SHA256_Sign(rndState_ptr, rndGenerateVectFunc, UserContext_ptr,UserPrivKey_ptr,MGF,SaltLen,DataIn_ptr,Output_ptr,OutputSize_ptr)\
341  SaSi_RsaSign(rndState_ptr, rndGenerateVectFunc, UserContext_ptr,UserPrivKey_ptr,CRYS_RSA_After_SHA256_mode,MGF,SaltLen,DataIn_ptr,CRYS_HASH_SHA256_DIGEST_SIZE_IN_BYTES,Output_ptr,OutputSize_ptr,CRYS_PKCS1_VER21)
342 
343 
344 /*!
345 @brief CRYS_RSA_PSS_SHA384_Sign implements the RSASSA-PSS algorithm as defined in PKCS#1 v2.1 9.1 in a single function call, but without performing a HASH function -
346 it assumes that the data in has already been hashed using SHA-384.
347 
348 \note The data_in size is already known after the Hash.
349 
350 The actual macro that is used by the users is ::CRYS_RSA_PSS_SHA384_Sign.
351 */
352 
353 #define CRYS_RSA_PSS_SHA384_Sign(rndState_ptr, rndGenerateVectFunc, UserContext_ptr,UserPrivKey_ptr,MGF,SaltLen,DataIn_ptr,Output_ptr,OutputSize_ptr)\
354  SaSi_RsaSign(rndState_ptr, rndGenerateVectFunc, UserContext_ptr,UserPrivKey_ptr,CRYS_RSA_After_SHA384_mode,MGF,SaltLen,DataIn_ptr,CRYS_HASH_SHA384_DIGEST_SIZE_IN_BYTES,Output_ptr,OutputSize_ptr,CRYS_PKCS1_VER21)
355 
356 
357 /*!
358 @brief CRYS_RSA_PSS_SHA512_Sign implements the RSASSA-PSS algorithm as defined in PKCS#1 v2.1 9.1 in a single function call, but without performing a HASH function -
359 it assumes that the data in has already been hashed using SHA-512.
360 
361 \note The data_in size is already known after the Hash.
362 
363 The actual macro that is used by the users is ::CRYS_RSA_PSS_SHA512_Sign.
364 */
365 
366 #define CRYS_RSA_PSS_SHA512_Sign(rndState_ptr, rndGenerateVectFunc, UserContext_ptr,UserPrivKey_ptr,MGF,SaltLen,DataIn_ptr,Output_ptr,OutputSize_ptr)\
367  SaSi_RsaSign(rndState_ptr, rndGenerateVectFunc, UserContext_ptr,UserPrivKey_ptr,CRYS_RSA_After_SHA512_mode,MGF,SaltLen,DataIn_ptr,CRYS_HASH_SHA512_DIGEST_SIZE_IN_BYTES,Output_ptr,OutputSize_ptr,CRYS_PKCS1_VER21)
368 
369 
370 /**********************************************************************************************************/
371 /*!
372 @brief Implements the RSA signature verification algorithms, in a single function call, as defined in referenced standards [PKCS1_1.5]
373 and [PKCS1_2.1].
374 
375 The input data may be either a non-hashed data or a digest of a hash function.
376 For a non-hashed data, the input data will be hashed using the hash function indicated by ::CRYS_RSA_HASH_OpMode_t.
377 For a digest, ::CRYS_RSA_HASH_OpMode_t should indicate the hash function that the input data was created by, and it will not be hashed.
378 
379 @return CRYS_OK on success.
380 @return A non-zero value from crys_rsa_error.h or crys_hash_error.h on failure.
381 */
382 
383 CIMPORT_C CRYSError_t SaSi_RsaVerify(
384  CRYS_RSAPubUserContext_t *UserContext_ptr, /*!< [in] Pointer to a temporary context for internal use. */
385  CRYS_RSAUserPubKey_t *UserPubKey_ptr, /*!< [in] Pointer to the public key data structure of the user. */
386  CRYS_RSA_HASH_OpMode_t rsaHashMode, /*!< [in] One of the supported SHA-x HASH modes, as defined in ::CRYS_RSA_HASH_OpMode_t.
387  (MD5 is not supported). */
388  CRYS_PKCS1_MGF_t MGF, /*!< [in] The mask generation function. [PKCS1_2.1] defines only MGF1, so the only
389  value allowed for [PKCS_2.1] is CRYS_PKCS1_MGF1. */
390  uint16_t SaltLen, /*!< [in] The Length of the Salt buffer. Relevant only for [PKCS1_2.1].
391  Typical lengths are 0 or hash Len (20 for SHA-1).
392  The maximum length allowed is [modulus size - hash Len - 2]. */
393  uint8_t *DataIn_ptr, /*!< [in] Pointer to the input data to be verified.
394  The size of the scatter/gather list representing the data buffer is
395  limited to 128 entries, and the size of each entry is limited to 64KB
396  (fragments larger than 64KB are broken into fragments <= 64KB). */
397  uint32_t DataInSize, /*!< [in] The size (in bytes) of the data whose signature is to be verified. */
398  uint8_t *Sig_ptr, /*!< [in] Pointer to the signature to be verified.
399  The length of the signature is PubKey_ptr->N.len bytes
400  (i.e. the modulus size in bytes). */
401  CRYS_PKCS1_version PKCS1_ver /*!< [in] [PKCS1_1.5] or [PKCS1_2.1], according to the functionality required. */
402 );
403 
404 /*!
405 @brief CRYS_RSA_PKCS1v15_Verify implements the RSASSA-PKCS1v15 Verify algorithm as defined in PKCS#1 v1.5.
406 */
407 #define CRYS_RSA_PKCS1v15_Verify(UserContext_ptr,UserPubKey_ptr,hashFunc,DataIn_ptr,DataInSize,Sig_ptr)\
408  SaSi_RsaVerify(UserContext_ptr,UserPubKey_ptr,hashFunc,CRYS_PKCS1_NO_MGF,0,DataIn_ptr,DataInSize,Sig_ptr,CRYS_PKCS1_VER15)
409 
410 
411 /*!
412 @brief CRYS_RSA_PKCS1v15_MD5_Verify implements the RSASSA-PKCS1v15 Verify algorithm as defined in PKCS#1 v1.5, but without operating the HASH function -
413 it assumes the DataIn_ptr data has already been hashed using MD5.
414 */
415 #define CRYS_RSA_PKCS1v15_MD5_Verify(UserContext_ptr,UserPubKey_ptr,DataIn_ptr,Sig_ptr)\
416  SaSi_RsaVerify(UserContext_ptr,UserPubKey_ptr,CRYS_RSA_After_MD5_mode,CRYS_PKCS1_NO_MGF,0,DataIn_ptr,CRYS_HASH_MD5_DIGEST_SIZE_IN_BYTES,Sig_ptr,CRYS_PKCS1_VER15)
417 
418 
419 /*!
420 @brief CRYS_RSA_PKCS1v15_SHA1_Verify implements the RSASSA-PKCS1v15 Verify algorithm as defined in PKCS#1 v1.5, but without operating the HASH function -
421 it assumes that the DataIn_ptr data has already been hashed using SHA1.
422 
423 */
424 #define CRYS_RSA_PKCS1v15_SHA1_Verify(UserContext_ptr,UserPubKey_ptr,DataIn_ptr,Sig_ptr)\
425  SaSi_RsaVerify(UserContext_ptr,UserPubKey_ptr,CRYS_RSA_After_SHA1_mode,CRYS_PKCS1_NO_MGF,0,DataIn_ptr,CRYS_HASH_SHA1_DIGEST_SIZE_IN_BYTES,Sig_ptr,CRYS_PKCS1_VER15)
426 
427 /*!
428 @brief CRYS_RSA_PKCS1v15_SHA224_Verify implements the RSASSA-PKCS1v15 Verify algorithm as defined in PKCS#1 v1.5, but without operating the HASH function -
429 it assumes that the DataIn_ptr data has already been hashed using SHA224.
430 
431 */
432 #define CRYS_RSA_PKCS1v15_SHA224_Verify(UserContext_ptr,UserPubKey_ptr,DataIn_ptr,Sig_ptr)\
433  SaSi_RsaVerify(UserContext_ptr,UserPubKey_ptr,CRYS_RSA_After_SHA224_mode,CRYS_PKCS1_NO_MGF,0,DataIn_ptr,CRYS_HASH_SHA224_DIGEST_SIZE_IN_BYTES,Sig_ptr,CRYS_PKCS1_VER15)
434 
435 /*!
436 @brief CRYS_RSA_PKCS1v15_SHA256_Verify implements the RSASSA-PKCS1v15 Verify algorithm as defined in PKCS#1 v1.5, but without operating the HASH function -
437 it assumes that the DataIn_ptr data has already been hashed using SHA256.
438 
439 */
440 #define CRYS_RSA_PKCS1v15_SHA256_Verify(UserContext_ptr,UserPubKey_ptr,DataIn_ptr,Sig_ptr)\
441  SaSi_RsaVerify(UserContext_ptr,UserPubKey_ptr,CRYS_RSA_After_SHA256_mode,CRYS_PKCS1_NO_MGF,0,DataIn_ptr,CRYS_HASH_SHA256_DIGEST_SIZE_IN_BYTES,Sig_ptr,CRYS_PKCS1_VER15)
442 
443 /*!
444 @brief CRYS_RSA_PKCS1v15_SHA384_Verify implements the RSASSA-PKCS1v15 Verify algorithm as defined in PKCS#1 v1.5, but without operating the HASH function -
445 it assumes that the DataIn_ptr data has already been hashed using SHA384.
446 
447 */
448 #define CRYS_RSA_PKCS1v15_SHA384_Verify(UserContext_ptr,UserPubKey_ptr,DataIn_ptr,Sig_ptr)\
449  SaSi_RsaVerify(UserContext_ptr,UserPubKey_ptr,CRYS_RSA_After_SHA384_mode,CRYS_PKCS1_NO_MGF,0,DataIn_ptr,CRYS_HASH_SHA384_DIGEST_SIZE_IN_BYTES,Sig_ptr,CRYS_PKCS1_VER15)
450 
451 /*!
452 @brief CRYS_RSA_PKCS1v15_SHA512_Verify implements the RSASSA-PKCS1v15 Verify algorithm as defined in PKCS#1 v1.5, but without operating the HASH function -
453 it assumes that the DataIn_ptr data has already been hashed using SHA512.
454 
455 */
456 #define CRYS_RSA_PKCS1v15_SHA512_Verify(UserContext_ptr,UserPubKey_ptr,DataIn_ptr,Sig_ptr)\
457  SaSi_RsaVerify(UserContext_ptr,UserPubKey_ptr,CRYS_RSA_After_SHA512_mode,CRYS_PKCS1_NO_MGF,0,DataIn_ptr,CRYS_HASH_SHA512_DIGEST_SIZE_IN_BYTES,Sig_ptr,CRYS_PKCS1_VER15)
458 
459 /*!
460 @brief CRYS_RSA_PSS_Verify implements the RSASSA-PKCS1v21 Verify algorithm as defined in PKCS#1 v2.1.
461 */
462 
463 #define CRYS_RSA_PSS_Verify(UserContext_ptr,UserPubKey_ptr,hashFunc,MGF,SaltLen,DataIn_ptr,DataInSize,Sig_ptr)\
464  SaSi_RsaVerify(UserContext_ptr,UserPubKey_ptr,hashFunc,MGF,SaltLen,DataIn_ptr,DataInSize,Sig_ptr,CRYS_PKCS1_VER21)
465 
466  /*!
467 @brief CRYS_RSA_PSS_SHA1_Verify implements the PKCS1v21 Verify algorithm as defined in PKCS#1 v2.1, but without operating the HASH function -
468 it assumes the DataIn_ptr has already been hashed using SHA1.
469 
470 */
471 
472 #define CRYS_RSA_PSS_SHA1_Verify(UserContext_ptr,UserPubKey_ptr,MGF,SaltLen,DataIn_ptr,Sig_ptr)\
473  SaSi_RsaVerify(UserContext_ptr,UserPubKey_ptr,CRYS_RSA_After_SHA1_mode,MGF,SaltLen,DataIn_ptr,CRYS_HASH_SHA1_DIGEST_SIZE_IN_BYTES,Sig_ptr,CRYS_PKCS1_VER21)
474 
475 
476 /*!
477 @brief CRYS_RSA_PSS_SHA224_Verify implements the PKCS1v21 Verify algorithm as defined in PKCS#1 v2.1, but without operating the HASH function -
478 it assumes the DataIn_ptr has already been hashed using SHA224.
479 */
480 
481 #define CRYS_RSA_PSS_SHA224_Verify(UserContext_ptr,UserPubKey_ptr,MGF,SaltLen,DataIn_ptr,Sig_ptr)\
482  SaSi_RsaVerify(UserContext_ptr,UserPubKey_ptr,CRYS_RSA_After_SHA224_mode,MGF,SaltLen,DataIn_ptr,CRYS_HASH_SHA224_DIGEST_SIZE_IN_BYTES,Sig_ptr,CRYS_PKCS1_VER21)
483 
484 /*!
485 @brief CRYS_RSA_PSS_SHA256_Verify implements the PKCS1v21 Verify algorithm as defined in PKCS#1 v2.1, but without operating the HASH function -
486 it assumes the DataIn_ptr has already been hashed using SHA256.
487 
488 */
489 
490 #define CRYS_RSA_PSS_SHA256_Verify(UserContext_ptr,UserPubKey_ptr,MGF,SaltLen,DataIn_ptr,Sig_ptr)\
491  SaSi_RsaVerify(UserContext_ptr,UserPubKey_ptr,CRYS_RSA_After_SHA256_mode,MGF,SaltLen,DataIn_ptr,CRYS_HASH_SHA256_DIGEST_SIZE_IN_BYTES,Sig_ptr,CRYS_PKCS1_VER21)
492 
493 
494 /*!
495 @brief CRYS_RSA_PSS_SHA384_Verify implements the PKCS1v21 Verify algorithm as defined in PKCS#1 v2.1, but without operating the HASH function -
496 it assumes the DataIn_ptr has already been hashed using SHA384.
497 
498 */
499 
500 #define CRYS_RSA_PSS_SHA384_Verify(UserContext_ptr,UserPubKey_ptr,MGF,SaltLen,DataIn_ptr,Sig_ptr)\
501  SaSi_RsaVerify(UserContext_ptr,UserPubKey_ptr,CRYS_RSA_After_SHA384_mode,MGF,SaltLen,DataIn_ptr,CRYS_HASH_SHA384_DIGEST_SIZE_IN_BYTES,Sig_ptr,CRYS_PKCS1_VER21)
502 
503 
504 /*!
505 @brief CRYS_RSA_PSS_SHA512_Verify implements the PKCS1v21 Verify algorithm as defined in PKCS#1 v2.1, but without operating the HASH function -
506 it assumes the DataIn_ptr has already been hashed using SHA512.
507 */
508 
509 #define CRYS_RSA_PSS_SHA512_Verify(UserContext_ptr,UserPubKey_ptr,MGF,SaltLen,DataIn_ptr,Sig_ptr)\
510  SaSi_RsaVerify(UserContext_ptr,UserPubKey_ptr,CRYS_RSA_After_SHA512_mode,MGF,SaltLen,DataIn_ptr,CRYS_HASH_SHA512_DIGEST_SIZE_IN_BYTES,Sig_ptr,CRYS_PKCS1_VER21)
511 
512 /**********************************************************************************************************/
513 
514 
515 #ifdef __cplusplus
516 }
517 #endif
518 /**
519 @}
520  */
521 #endif
CRYSError_t SaSi_RsaSign(void *rndState_ptr, SaSiRndGenerateVectWorkFunc_t rndGenerateVectFunc, CRYS_RSAPrivUserContext_t *UserContext_ptr, CRYS_RSAUserPrivKey_t *UserPrivKey_ptr, CRYS_RSA_HASH_OpMode_t rsaHashMode, CRYS_PKCS1_MGF_t MGF, uint16_t SaltLen, uint8_t *DataIn_ptr, uint32_t DataInSize, uint8_t *Output_ptr, uint16_t *OutputSize_ptr, CRYS_PKCS1_version PKCS1_ver)
Implements the Signing algorithm, as defined in [PKCS1_1.5] or [PKCS1_2.1], using a single function...
CRYSError_t SaSi_RsaVerify(CRYS_RSAPubUserContext_t *UserContext_ptr, CRYS_RSAUserPubKey_t *UserPubKey_ptr, CRYS_RSA_HASH_OpMode_t rsaHashMode, CRYS_PKCS1_MGF_t MGF, uint16_t SaltLen, uint8_t *DataIn_ptr, uint32_t DataInSize, uint8_t *Sig_ptr, CRYS_PKCS1_version PKCS1_ver)
Implements the RSA signature verification algorithms, in a single function call, as defined in refere...
CRYS_PKCS1_version
CRYSError_t SaSi_RsaSchemesEncrypt(void *rndState_ptr, SaSiRndGenerateVectWorkFunc_t rndGenerateVectFunc, CRYS_RSAUserPubKey_t *UserPubKey_ptr, CRYS_RSAPrimeData_t *PrimeData_ptr, CRYS_RSA_HASH_OpMode_t hashFunc, uint8_t *L, uint16_t Llen, CRYS_PKCS1_MGF_t MGF, uint8_t *DataIn_ptr, uint16_t DataInSize, uint8_t *Output_ptr, CRYS_PKCS1_version PKCS1_ver)
This function implements the Encrypt algorithm, as defined in [PKCS1_2.1] and [PKCS1_1.5].
CRYSError_t SaSi_RsaSchemesDecrypt(CRYS_RSAUserPrivKey_t *UserPrivKey_ptr, CRYS_RSAPrimeData_t *PrimeData_ptr, CRYS_RSA_HASH_OpMode_t hashFunc, uint8_t *L, uint16_t Llen, CRYS_PKCS1_MGF_t MGF, uint8_t *DataIn_ptr, uint16_t DataInSize, uint8_t *Output_ptr, uint16_t *OutputSize_ptr, CRYS_PKCS1_version PKCS1_ver)
This function implements the Decrypt algorithm, as defined in [PKCS1_2.1] and [PKCS1_1.5].
This file contains the CRYS APIs used for random number generation. The random-number generation modu...
CRYS_PKCS1_MGF_t
uint32_t CRYSError_t
Definition: crys_error.h:253
This file contains all of the enums and definitions that are used for the CRYS RSA APIs...
uint32_t(* SaSiRndGenerateVectWorkFunc_t)(void *rndState_ptr, uint16_t outSizeBytes, uint8_t *out_ptr)
Definition: crys_rnd.h:206
CRYS_RSA_HASH_OpMode_t
This module defines the error return code types and the numbering spaces of the error codes for each ...
Important Information for this Arm website

This site uses cookies to store information on your computer. By continuing to use our site, you consent to our cookies. If you are not happy with the use of these cookies, please review our Cookie Policy to learn how they can be disabled. By disabling cookies, some features of the site will not work.