MultiTech
/
CyaSSL
Important changes to repositories hosted on mbed.com
Mbed hosted mercurial repositories are deprecated and are due to be permanently deleted in July 2026.
To keep a copy of this software download the repository Zip archive or clone locally using Mercurial.
It is also possible to export all your personal repositories from the account settings page.
Dependents: HTTPClient-SSL HTTPClient-SSL HTTPClient-SSL HTTPClient-SSL
Embed:
(wiki syntax)
Show/hide line numbers
rsa.c
00001 /* rsa.c 00002 * 00003 * Copyright (C) 2006-2014 wolfSSL Inc. 00004 * 00005 * This file is part of CyaSSL. 00006 * 00007 * CyaSSL is free software; you can redistribute it and/or modify 00008 * it under the terms of the GNU General Public License as published by 00009 * the Free Software Foundation; either version 2 of the License, or 00010 * (at your option) any later version. 00011 * 00012 * CyaSSL is distributed in the hope that it will be useful, 00013 * but WITHOUT ANY WARRANTY; without even the implied warranty of 00014 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 00015 * GNU General Public License for more details. 00016 * 00017 * You should have received a copy of the GNU General Public License 00018 * along with this program; if not, write to the Free Software 00019 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA 00020 */ 00021 00022 00023 #ifdef HAVE_CONFIG_H 00024 #include <config.h> 00025 #endif 00026 00027 #include <cyassl/ctaocrypt/settings.h> 00028 00029 #ifndef NO_RSA 00030 00031 #ifdef HAVE_FIPS 00032 /* set NO_WRAPPERS before headers, use direct internal f()s not wrappers */ 00033 #define FIPS_NO_WRAPPERS 00034 #endif 00035 00036 #include <cyassl/ctaocrypt/rsa.h> 00037 #include <cyassl/ctaocrypt/random.h> 00038 #include <cyassl/ctaocrypt/error-crypt.h> 00039 #include <cyassl/ctaocrypt/logging.h> 00040 00041 #ifdef SHOW_GEN 00042 #ifdef FREESCALE_MQX 00043 #include <fio.h> 00044 #else 00045 #include <stdio.h> 00046 #endif 00047 #endif 00048 00049 #ifdef HAVE_CAVIUM 00050 static int InitCaviumRsaKey(RsaKey* key, void* heap); 00051 static int FreeCaviumRsaKey(RsaKey* key); 00052 static int CaviumRsaPublicEncrypt(const byte* in, word32 inLen, byte* out, 00053 word32 outLen, RsaKey* key); 00054 static int CaviumRsaPrivateDecrypt(const byte* in, word32 inLen, byte* out, 00055 word32 outLen, RsaKey* key); 00056 static int CaviumRsaSSL_Sign(const byte* in, word32 inLen, byte* out, 00057 word32 outLen, RsaKey* key); 00058 static int CaviumRsaSSL_Verify(const byte* in, word32 inLen, byte* out, 00059 word32 outLen, RsaKey* key); 00060 #endif 00061 00062 enum { 00063 RSA_PUBLIC_ENCRYPT = 0, 00064 RSA_PUBLIC_DECRYPT = 1, 00065 RSA_PRIVATE_ENCRYPT = 2, 00066 RSA_PRIVATE_DECRYPT = 3, 00067 00068 RSA_BLOCK_TYPE_1 = 1, 00069 RSA_BLOCK_TYPE_2 = 2, 00070 00071 RSA_MIN_SIZE = 512, 00072 RSA_MAX_SIZE = 4096, 00073 00074 RSA_MIN_PAD_SZ = 11 /* seperator + 0 + pad value + 8 pads */ 00075 }; 00076 00077 00078 int InitRsaKey(RsaKey* key, void* heap) 00079 { 00080 #ifdef HAVE_CAVIUM 00081 if (key->magic == CYASSL_RSA_CAVIUM_MAGIC) 00082 return InitCaviumRsaKey(key, heap); 00083 #endif 00084 00085 key->type = -1; /* haven't decided yet */ 00086 key->heap = heap; 00087 00088 /* TomsFastMath doesn't use memory allocation */ 00089 #ifndef USE_FAST_MATH 00090 key->n.dp = key->e.dp = 0; /* public alloc parts */ 00091 00092 key->d.dp = key->p.dp = 0; /* private alloc parts */ 00093 key->q.dp = key->dP.dp = 0; 00094 key->u.dp = key->dQ.dp = 0; 00095 #endif 00096 00097 return 0; 00098 } 00099 00100 00101 int FreeRsaKey(RsaKey* key) 00102 { 00103 (void)key; 00104 00105 #ifdef HAVE_CAVIUM 00106 if (key->magic == CYASSL_RSA_CAVIUM_MAGIC) 00107 return FreeCaviumRsaKey(key); 00108 #endif 00109 00110 /* TomsFastMath doesn't use memory allocation */ 00111 #ifndef USE_FAST_MATH 00112 if (key->type == RSA_PRIVATE) { 00113 mp_clear(&key->u); 00114 mp_clear(&key->dQ); 00115 mp_clear(&key->dP); 00116 mp_clear(&key->q); 00117 mp_clear(&key->p); 00118 mp_clear(&key->d); 00119 } 00120 mp_clear(&key->e); 00121 mp_clear(&key->n); 00122 #endif 00123 00124 return 0; 00125 } 00126 00127 static int RsaPad(const byte* input, word32 inputLen, byte* pkcsBlock, 00128 word32 pkcsBlockLen, byte padValue, RNG* rng) 00129 { 00130 if (inputLen == 0) 00131 return 0; 00132 00133 pkcsBlock[0] = 0x0; /* set first byte to zero and advance */ 00134 pkcsBlock++; pkcsBlockLen--; 00135 pkcsBlock[0] = padValue; /* insert padValue */ 00136 00137 if (padValue == RSA_BLOCK_TYPE_1) 00138 /* pad with 0xff bytes */ 00139 XMEMSET(&pkcsBlock[1], 0xFF, pkcsBlockLen - inputLen - 2); 00140 else { 00141 /* pad with non-zero random bytes */ 00142 word32 padLen = pkcsBlockLen - inputLen - 1, i; 00143 int ret = RNG_GenerateBlock(rng, &pkcsBlock[1], padLen); 00144 00145 if (ret != 0) 00146 return ret; 00147 00148 /* remove zeros */ 00149 for (i = 1; i < padLen; i++) 00150 if (pkcsBlock[i] == 0) pkcsBlock[i] = 0x01; 00151 } 00152 00153 pkcsBlock[pkcsBlockLen-inputLen-1] = 0; /* separator */ 00154 XMEMCPY(pkcsBlock+pkcsBlockLen-inputLen, input, inputLen); 00155 00156 return 0; 00157 } 00158 00159 00160 /* UnPad plaintext, set start to *output, return length of plaintext, 00161 * < 0 on error */ 00162 static int RsaUnPad(const byte *pkcsBlock, unsigned int pkcsBlockLen, 00163 byte **output, byte padValue) 00164 { 00165 word32 maxOutputLen = (pkcsBlockLen > 10) ? (pkcsBlockLen - 10) : 0, 00166 invalid = 0, 00167 i = 1, 00168 outputLen; 00169 00170 if (pkcsBlock[0] != 0x0) /* skip past zero */ 00171 invalid = 1; 00172 pkcsBlock++; pkcsBlockLen--; 00173 00174 /* Require block type padValue */ 00175 invalid = (pkcsBlock[0] != padValue) || invalid; 00176 00177 /* verify the padding until we find the separator */ 00178 if (padValue == RSA_BLOCK_TYPE_1) { 00179 while (i<pkcsBlockLen && pkcsBlock[i++] == 0xFF) {/* Null body */} 00180 } 00181 else { 00182 while (i<pkcsBlockLen && pkcsBlock[i++]) {/* Null body */} 00183 } 00184 00185 if(!(i==pkcsBlockLen || pkcsBlock[i-1]==0)) { 00186 CYASSL_MSG("RsaUnPad error, bad formatting"); 00187 return RSA_PAD_E; 00188 } 00189 00190 outputLen = pkcsBlockLen - i; 00191 invalid = (outputLen > maxOutputLen) || invalid; 00192 00193 if (invalid) { 00194 CYASSL_MSG("RsaUnPad error, bad formatting"); 00195 return RSA_PAD_E; 00196 } 00197 00198 *output = (byte *)(pkcsBlock + i); 00199 return outputLen; 00200 } 00201 00202 00203 static int RsaFunction(const byte* in, word32 inLen, byte* out, word32* outLen, 00204 int type, RsaKey* key) 00205 { 00206 #define ERROR_OUT(x) { ret = x; goto done;} 00207 00208 mp_int tmp; 00209 int ret = 0; 00210 word32 keyLen, len; 00211 00212 if (mp_init(&tmp) != MP_OKAY) 00213 return MP_INIT_E; 00214 00215 if (mp_read_unsigned_bin(&tmp, (byte*)in, inLen) != MP_OKAY) 00216 ERROR_OUT(MP_READ_E); 00217 00218 if (type == RSA_PRIVATE_DECRYPT || type == RSA_PRIVATE_ENCRYPT) { 00219 #ifdef RSA_LOW_MEM /* half as much memory but twice as slow */ 00220 if (mp_exptmod(&tmp, &key->d, &key->n, &tmp) != MP_OKAY) 00221 ERROR_OUT(MP_EXPTMOD_E); 00222 #else 00223 #define INNER_ERROR_OUT(x) { ret = x; goto inner_done; } 00224 00225 mp_int tmpa, tmpb; 00226 00227 if (mp_init(&tmpa) != MP_OKAY) 00228 ERROR_OUT(MP_INIT_E); 00229 00230 if (mp_init(&tmpb) != MP_OKAY) { 00231 mp_clear(&tmpa); 00232 ERROR_OUT(MP_INIT_E); 00233 } 00234 00235 /* tmpa = tmp^dP mod p */ 00236 if (mp_exptmod(&tmp, &key->dP, &key->p, &tmpa) != MP_OKAY) 00237 INNER_ERROR_OUT(MP_EXPTMOD_E); 00238 00239 /* tmpb = tmp^dQ mod q */ 00240 if (mp_exptmod(&tmp, &key->dQ, &key->q, &tmpb) != MP_OKAY) 00241 INNER_ERROR_OUT(MP_EXPTMOD_E); 00242 00243 /* tmp = (tmpa - tmpb) * qInv (mod p) */ 00244 if (mp_sub(&tmpa, &tmpb, &tmp) != MP_OKAY) 00245 INNER_ERROR_OUT(MP_SUB_E); 00246 00247 if (mp_mulmod(&tmp, &key->u, &key->p, &tmp) != MP_OKAY) 00248 INNER_ERROR_OUT(MP_MULMOD_E); 00249 00250 /* tmp = tmpb + q * tmp */ 00251 if (mp_mul(&tmp, &key->q, &tmp) != MP_OKAY) 00252 INNER_ERROR_OUT(MP_MUL_E); 00253 00254 if (mp_add(&tmp, &tmpb, &tmp) != MP_OKAY) 00255 INNER_ERROR_OUT(MP_ADD_E); 00256 00257 inner_done: 00258 mp_clear(&tmpa); 00259 mp_clear(&tmpb); 00260 00261 if (ret != 0) return ret; 00262 00263 #endif /* RSA_LOW_MEM */ 00264 } 00265 else if (type == RSA_PUBLIC_ENCRYPT || type == RSA_PUBLIC_DECRYPT) { 00266 if (mp_exptmod(&tmp, &key->e, &key->n, &tmp) != MP_OKAY) 00267 ERROR_OUT(MP_EXPTMOD_E); 00268 } 00269 else 00270 ERROR_OUT(RSA_WRONG_TYPE_E); 00271 00272 keyLen = mp_unsigned_bin_size(&key->n); 00273 if (keyLen > *outLen) 00274 ERROR_OUT(RSA_BUFFER_E); 00275 00276 len = mp_unsigned_bin_size(&tmp); 00277 00278 /* pad front w/ zeros to match key length */ 00279 while (len < keyLen) { 00280 *out++ = 0x00; 00281 len++; 00282 } 00283 00284 *outLen = keyLen; 00285 00286 /* convert */ 00287 if (mp_to_unsigned_bin(&tmp, out) != MP_OKAY) 00288 ERROR_OUT(MP_TO_E); 00289 00290 done: 00291 mp_clear(&tmp); 00292 return ret; 00293 } 00294 00295 00296 int RsaPublicEncrypt(const byte* in, word32 inLen, byte* out, word32 outLen, 00297 RsaKey* key, RNG* rng) 00298 { 00299 int sz, ret; 00300 00301 #ifdef HAVE_CAVIUM 00302 if (key->magic == CYASSL_RSA_CAVIUM_MAGIC) 00303 return CaviumRsaPublicEncrypt(in, inLen, out, outLen, key); 00304 #endif 00305 00306 sz = mp_unsigned_bin_size(&key->n); 00307 if (sz > (int)outLen) 00308 return RSA_BUFFER_E; 00309 00310 if (inLen > (word32)(sz - RSA_MIN_PAD_SZ)) 00311 return RSA_BUFFER_E; 00312 00313 ret = RsaPad(in, inLen, out, sz, RSA_BLOCK_TYPE_2, rng); 00314 if (ret != 0) 00315 return ret; 00316 00317 if ((ret = RsaFunction(out, sz, out, &outLen, RSA_PUBLIC_ENCRYPT, key)) < 0) 00318 sz = ret; 00319 00320 return sz; 00321 } 00322 00323 00324 int RsaPrivateDecryptInline(byte* in, word32 inLen, byte** out, RsaKey* key) 00325 { 00326 int ret; 00327 00328 #ifdef HAVE_CAVIUM 00329 if (key->magic == CYASSL_RSA_CAVIUM_MAGIC) { 00330 ret = CaviumRsaPrivateDecrypt(in, inLen, in, inLen, key); 00331 if (ret > 0) 00332 *out = in; 00333 return ret; 00334 } 00335 #endif 00336 00337 if ((ret = RsaFunction(in, inLen, in, &inLen, RSA_PRIVATE_DECRYPT, key)) 00338 < 0) { 00339 return ret; 00340 } 00341 00342 return RsaUnPad(in, inLen, out, RSA_BLOCK_TYPE_2); 00343 } 00344 00345 00346 int RsaPrivateDecrypt(const byte* in, word32 inLen, byte* out, word32 outLen, 00347 RsaKey* key) 00348 { 00349 int plainLen; 00350 byte* tmp; 00351 byte* pad = 0; 00352 00353 #ifdef HAVE_CAVIUM 00354 if (key->magic == CYASSL_RSA_CAVIUM_MAGIC) 00355 return CaviumRsaPrivateDecrypt(in, inLen, out, outLen, key); 00356 #endif 00357 00358 tmp = (byte*)XMALLOC(inLen, key->heap, DYNAMIC_TYPE_RSA); 00359 if (tmp == NULL) { 00360 return MEMORY_E; 00361 } 00362 00363 XMEMCPY(tmp, in, inLen); 00364 00365 if ( (plainLen = RsaPrivateDecryptInline(tmp, inLen, &pad, key) ) < 0) { 00366 XFREE(tmp, key->heap, DYNAMIC_TYPE_RSA); 00367 return plainLen; 00368 } 00369 if (plainLen > (int)outLen) 00370 plainLen = BAD_FUNC_ARG; 00371 else 00372 XMEMCPY(out, pad, plainLen); 00373 XMEMSET(tmp, 0x00, inLen); 00374 00375 XFREE(tmp, key->heap, DYNAMIC_TYPE_RSA); 00376 return plainLen; 00377 } 00378 00379 00380 /* for Rsa Verify */ 00381 int RsaSSL_VerifyInline(byte* in, word32 inLen, byte** out, RsaKey* key) 00382 { 00383 int ret; 00384 00385 #ifdef HAVE_CAVIUM 00386 if (key->magic == CYASSL_RSA_CAVIUM_MAGIC) { 00387 ret = CaviumRsaSSL_Verify(in, inLen, in, inLen, key); 00388 if (ret > 0) 00389 *out = in; 00390 return ret; 00391 } 00392 #endif 00393 00394 if ((ret = RsaFunction(in, inLen, in, &inLen, RSA_PUBLIC_DECRYPT, key)) 00395 < 0) { 00396 return ret; 00397 } 00398 00399 return RsaUnPad(in, inLen, out, RSA_BLOCK_TYPE_1); 00400 } 00401 00402 00403 int RsaSSL_Verify(const byte* in, word32 inLen, byte* out, word32 outLen, 00404 RsaKey* key) 00405 { 00406 int plainLen; 00407 byte* tmp; 00408 byte* pad = 0; 00409 00410 #ifdef HAVE_CAVIUM 00411 if (key->magic == CYASSL_RSA_CAVIUM_MAGIC) 00412 return CaviumRsaSSL_Verify(in, inLen, out, outLen, key); 00413 #endif 00414 00415 tmp = (byte*)XMALLOC(inLen, key->heap, DYNAMIC_TYPE_RSA); 00416 if (tmp == NULL) { 00417 return MEMORY_E; 00418 } 00419 00420 XMEMCPY(tmp, in, inLen); 00421 00422 if ( (plainLen = RsaSSL_VerifyInline(tmp, inLen, &pad, key) ) < 0) { 00423 XFREE(tmp, key->heap, DYNAMIC_TYPE_RSA); 00424 return plainLen; 00425 } 00426 00427 if (plainLen > (int)outLen) 00428 plainLen = BAD_FUNC_ARG; 00429 else 00430 XMEMCPY(out, pad, plainLen); 00431 XMEMSET(tmp, 0x00, inLen); 00432 00433 XFREE(tmp, key->heap, DYNAMIC_TYPE_RSA); 00434 return plainLen; 00435 } 00436 00437 00438 /* for Rsa Sign */ 00439 int RsaSSL_Sign(const byte* in, word32 inLen, byte* out, word32 outLen, 00440 RsaKey* key, RNG* rng) 00441 { 00442 int sz, ret; 00443 00444 #ifdef HAVE_CAVIUM 00445 if (key->magic == CYASSL_RSA_CAVIUM_MAGIC) 00446 return CaviumRsaSSL_Sign(in, inLen, out, outLen, key); 00447 #endif 00448 00449 sz = mp_unsigned_bin_size(&key->n); 00450 if (sz > (int)outLen) 00451 return RSA_BUFFER_E; 00452 00453 if (inLen > (word32)(sz - RSA_MIN_PAD_SZ)) 00454 return RSA_BUFFER_E; 00455 00456 ret = RsaPad(in, inLen, out, sz, RSA_BLOCK_TYPE_1, rng); 00457 if (ret != 0) 00458 return ret; 00459 00460 if ((ret = RsaFunction(out, sz, out, &outLen, RSA_PRIVATE_ENCRYPT,key)) < 0) 00461 sz = ret; 00462 00463 return sz; 00464 } 00465 00466 00467 int RsaEncryptSize(RsaKey* key) 00468 { 00469 #ifdef HAVE_CAVIUM 00470 if (key->magic == CYASSL_RSA_CAVIUM_MAGIC) 00471 return key->c_nSz; 00472 #endif 00473 return mp_unsigned_bin_size(&key->n); 00474 } 00475 00476 00477 int RsaFlattenPublicKey(RsaKey* key, byte* e, word32* eSz, byte* n, word32* nSz) 00478 { 00479 int sz, ret; 00480 00481 if (key == NULL || e == NULL || eSz == NULL || n == NULL || nSz == NULL) 00482 return BAD_FUNC_ARG; 00483 00484 sz = mp_unsigned_bin_size(&key->e); 00485 if ((word32)sz > *nSz) 00486 return RSA_BUFFER_E; 00487 ret = mp_to_unsigned_bin(&key->e, e); 00488 if (ret != MP_OKAY) 00489 return ret; 00490 *eSz = (word32)sz; 00491 00492 sz = mp_unsigned_bin_size(&key->n); 00493 if ((word32)sz > *nSz) 00494 return RSA_BUFFER_E; 00495 ret = mp_to_unsigned_bin(&key->n, n); 00496 if (ret != MP_OKAY) 00497 return ret; 00498 *nSz = (word32)sz; 00499 00500 return 0; 00501 } 00502 00503 00504 #ifdef CYASSL_KEY_GEN 00505 00506 static const int USE_BBS = 1; 00507 00508 static int rand_prime(mp_int* N, int len, RNG* rng, void* heap) 00509 { 00510 int err, res, type; 00511 byte* buf; 00512 00513 (void)heap; 00514 if (N == NULL || rng == NULL) 00515 return BAD_FUNC_ARG; 00516 00517 /* get type */ 00518 if (len < 0) { 00519 type = USE_BBS; 00520 len = -len; 00521 } else { 00522 type = 0; 00523 } 00524 00525 /* allow sizes between 2 and 512 bytes for a prime size */ 00526 if (len < 2 || len > 512) { 00527 return BAD_FUNC_ARG; 00528 } 00529 00530 /* allocate buffer to work with */ 00531 buf = (byte*)XMALLOC(len, heap, DYNAMIC_TYPE_RSA); 00532 if (buf == NULL) { 00533 return MEMORY_E; 00534 } 00535 XMEMSET(buf, 0, len); 00536 00537 do { 00538 #ifdef SHOW_GEN 00539 printf("."); 00540 fflush(stdout); 00541 #endif 00542 /* generate value */ 00543 err = RNG_GenerateBlock(rng, buf, len); 00544 if (err != 0) { 00545 XFREE(buf, heap, DYNAMIC_TYPE_RSA); 00546 return err; 00547 } 00548 00549 /* munge bits */ 00550 buf[0] |= 0x80 | 0x40; 00551 buf[len-1] |= 0x01 | ((type & USE_BBS) ? 0x02 : 0x00); 00552 00553 /* load value */ 00554 if ((err = mp_read_unsigned_bin(N, buf, len)) != MP_OKAY) { 00555 XFREE(buf, heap, DYNAMIC_TYPE_RSA); 00556 return err; 00557 } 00558 00559 /* test */ 00560 if ((err = mp_prime_is_prime(N, 8, &res)) != MP_OKAY) { 00561 XFREE(buf, heap, DYNAMIC_TYPE_RSA); 00562 return err; 00563 } 00564 } while (res == MP_NO); 00565 00566 #ifdef LTC_CLEAN_STACK 00567 XMEMSET(buf, 0, len); 00568 #endif 00569 00570 XFREE(buf, heap, DYNAMIC_TYPE_RSA); 00571 return 0; 00572 } 00573 00574 00575 /* Make an RSA key for size bits, with e specified, 65537 is a good e */ 00576 int MakeRsaKey(RsaKey* key, int size, long e, RNG* rng) 00577 { 00578 mp_int p, q, tmp1, tmp2, tmp3; 00579 int err; 00580 00581 if (key == NULL || rng == NULL) 00582 return BAD_FUNC_ARG; 00583 00584 if (size < RSA_MIN_SIZE || size > RSA_MAX_SIZE) 00585 return BAD_FUNC_ARG; 00586 00587 if (e < 3 || (e & 1) == 0) 00588 return BAD_FUNC_ARG; 00589 00590 if ((err = mp_init_multi(&p, &q, &tmp1, &tmp2, &tmp3, NULL)) != MP_OKAY) 00591 return err; 00592 00593 err = mp_set_int(&tmp3, e); 00594 00595 /* make p */ 00596 if (err == MP_OKAY) { 00597 do { 00598 err = rand_prime(&p, size/16, rng, key->heap); /* size in bytes/2 */ 00599 00600 if (err == MP_OKAY) 00601 err = mp_sub_d(&p, 1, &tmp1); /* tmp1 = p-1 */ 00602 00603 if (err == MP_OKAY) 00604 err = mp_gcd(&tmp1, &tmp3, &tmp2); /* tmp2 = gcd(p-1, e) */ 00605 } while (err == MP_OKAY && mp_cmp_d(&tmp2, 1) != 0); /* e divdes p-1 */ 00606 } 00607 00608 /* make q */ 00609 if (err == MP_OKAY) { 00610 do { 00611 err = rand_prime(&q, size/16, rng, key->heap); /* size in bytes/2 */ 00612 00613 if (err == MP_OKAY) 00614 err = mp_sub_d(&q, 1, &tmp1); /* tmp1 = q-1 */ 00615 00616 if (err == MP_OKAY) 00617 err = mp_gcd(&tmp1, &tmp3, &tmp2); /* tmp2 = gcd(q-1, e) */ 00618 } while (err == MP_OKAY && mp_cmp_d(&tmp2, 1) != 0); /* e divdes q-1 */ 00619 } 00620 00621 if (err == MP_OKAY) 00622 err = mp_init_multi(&key->n, &key->e, &key->d, &key->p, &key->q, NULL); 00623 00624 if (err == MP_OKAY) 00625 err = mp_init_multi(&key->dP, &key->dQ, &key->u, NULL, NULL, NULL); 00626 00627 if (err == MP_OKAY) 00628 err = mp_sub_d(&p, 1, &tmp2); /* tmp2 = p-1 */ 00629 00630 if (err == MP_OKAY) 00631 err = mp_lcm(&tmp1, &tmp2, &tmp1); /* tmp1 = lcm(p-1, q-1),last loop */ 00632 00633 /* make key */ 00634 if (err == MP_OKAY) 00635 err = mp_set_int(&key->e, e); /* key->e = e */ 00636 00637 if (err == MP_OKAY) /* key->d = 1/e mod lcm(p-1, q-1) */ 00638 err = mp_invmod(&key->e, &tmp1, &key->d); 00639 00640 if (err == MP_OKAY) 00641 err = mp_mul(&p, &q, &key->n); /* key->n = pq */ 00642 00643 if (err == MP_OKAY) 00644 err = mp_sub_d(&p, 1, &tmp1); 00645 00646 if (err == MP_OKAY) 00647 err = mp_sub_d(&q, 1, &tmp2); 00648 00649 if (err == MP_OKAY) 00650 err = mp_mod(&key->d, &tmp1, &key->dP); 00651 00652 if (err == MP_OKAY) 00653 err = mp_mod(&key->d, &tmp2, &key->dQ); 00654 00655 if (err == MP_OKAY) 00656 err = mp_invmod(&q, &p, &key->u); 00657 00658 if (err == MP_OKAY) 00659 err = mp_copy(&p, &key->p); 00660 00661 if (err == MP_OKAY) 00662 err = mp_copy(&q, &key->q); 00663 00664 if (err == MP_OKAY) 00665 key->type = RSA_PRIVATE; 00666 00667 mp_clear(&tmp3); 00668 mp_clear(&tmp2); 00669 mp_clear(&tmp1); 00670 mp_clear(&q); 00671 mp_clear(&p); 00672 00673 if (err != MP_OKAY) { 00674 FreeRsaKey(key); 00675 return err; 00676 } 00677 00678 return 0; 00679 } 00680 00681 00682 #endif /* CYASSL_KEY_GEN */ 00683 00684 00685 #ifdef HAVE_CAVIUM 00686 00687 #include <cyassl/ctaocrypt/logging.h> 00688 #include "cavium_common.h" 00689 00690 /* Initiliaze RSA for use with Nitrox device */ 00691 int RsaInitCavium(RsaKey* rsa, int devId) 00692 { 00693 if (rsa == NULL) 00694 return -1; 00695 00696 if (CspAllocContext(CONTEXT_SSL, &rsa->contextHandle, devId) != 0) 00697 return -1; 00698 00699 rsa->devId = devId; 00700 rsa->magic = CYASSL_RSA_CAVIUM_MAGIC; 00701 00702 return 0; 00703 } 00704 00705 00706 /* Free RSA from use with Nitrox device */ 00707 void RsaFreeCavium(RsaKey* rsa) 00708 { 00709 if (rsa == NULL) 00710 return; 00711 00712 CspFreeContext(CONTEXT_SSL, rsa->contextHandle, rsa->devId); 00713 rsa->magic = 0; 00714 } 00715 00716 00717 /* Initialize cavium RSA key */ 00718 static int InitCaviumRsaKey(RsaKey* key, void* heap) 00719 { 00720 if (key == NULL) 00721 return BAD_FUNC_ARG; 00722 00723 key->heap = heap; 00724 key->type = -1; /* don't know yet */ 00725 00726 key->c_n = NULL; 00727 key->c_e = NULL; 00728 key->c_d = NULL; 00729 key->c_p = NULL; 00730 key->c_q = NULL; 00731 key->c_dP = NULL; 00732 key->c_dQ = NULL; 00733 key->c_u = NULL; 00734 00735 key->c_nSz = 0; 00736 key->c_eSz = 0; 00737 key->c_dSz = 0; 00738 key->c_pSz = 0; 00739 key->c_qSz = 0; 00740 key->c_dP_Sz = 0; 00741 key->c_dQ_Sz = 0; 00742 key->c_uSz = 0; 00743 00744 return 0; 00745 } 00746 00747 00748 /* Free cavium RSA key */ 00749 static int FreeCaviumRsaKey(RsaKey* key) 00750 { 00751 if (key == NULL) 00752 return BAD_FUNC_ARG; 00753 00754 XFREE(key->c_n, key->heap, DYNAMIC_TYPE_CAVIUM_TMP); 00755 XFREE(key->c_e, key->heap, DYNAMIC_TYPE_CAVIUM_TMP); 00756 XFREE(key->c_d, key->heap, DYNAMIC_TYPE_CAVIUM_TMP); 00757 XFREE(key->c_p, key->heap, DYNAMIC_TYPE_CAVIUM_TMP); 00758 XFREE(key->c_q, key->heap, DYNAMIC_TYPE_CAVIUM_TMP); 00759 XFREE(key->c_dP, key->heap, DYNAMIC_TYPE_CAVIUM_TMP); 00760 XFREE(key->c_dQ, key->heap, DYNAMIC_TYPE_CAVIUM_TMP); 00761 XFREE(key->c_u, key->heap, DYNAMIC_TYPE_CAVIUM_TMP); 00762 00763 return InitCaviumRsaKey(key, key->heap); /* reset pointers */ 00764 } 00765 00766 00767 static int CaviumRsaPublicEncrypt(const byte* in, word32 inLen, byte* out, 00768 word32 outLen, RsaKey* key) 00769 { 00770 word32 requestId; 00771 word32 ret; 00772 00773 if (key == NULL || in == NULL || out == NULL || outLen < (word32)key->c_nSz) 00774 return -1; 00775 00776 ret = CspPkcs1v15Enc(CAVIUM_BLOCKING, BT2, key->c_nSz, key->c_eSz, 00777 (word16)inLen, key->c_n, key->c_e, (byte*)in, out, 00778 &requestId, key->devId); 00779 if (ret != 0) { 00780 CYASSL_MSG("Cavium Enc BT2 failed"); 00781 return -1; 00782 } 00783 return key->c_nSz; 00784 } 00785 00786 00787 static INLINE void ato16(const byte* c, word16* u16) 00788 { 00789 *u16 = (c[0] << 8) | (c[1]); 00790 } 00791 00792 00793 static int CaviumRsaPrivateDecrypt(const byte* in, word32 inLen, byte* out, 00794 word32 outLen, RsaKey* key) 00795 { 00796 word32 requestId; 00797 word32 ret; 00798 word16 outSz = (word16)outLen; 00799 00800 if (key == NULL || in == NULL || out == NULL || inLen != (word32)key->c_nSz) 00801 return -1; 00802 00803 ret = CspPkcs1v15CrtDec(CAVIUM_BLOCKING, BT2, key->c_nSz, key->c_q, 00804 key->c_dQ, key->c_p, key->c_dP, key->c_u, 00805 (byte*)in, &outSz, out, &requestId, key->devId); 00806 if (ret != 0) { 00807 CYASSL_MSG("Cavium CRT Dec BT2 failed"); 00808 return -1; 00809 } 00810 ato16((const byte*)&outSz, &outSz); 00811 00812 return outSz; 00813 } 00814 00815 00816 static int CaviumRsaSSL_Sign(const byte* in, word32 inLen, byte* out, 00817 word32 outLen, RsaKey* key) 00818 { 00819 word32 requestId; 00820 word32 ret; 00821 00822 if (key == NULL || in == NULL || out == NULL || inLen == 0 || outLen < 00823 (word32)key->c_nSz) 00824 return -1; 00825 00826 ret = CspPkcs1v15CrtEnc(CAVIUM_BLOCKING, BT1, key->c_nSz, (word16)inLen, 00827 key->c_q, key->c_dQ, key->c_p, key->c_dP, key->c_u, 00828 (byte*)in, out, &requestId, key->devId); 00829 if (ret != 0) { 00830 CYASSL_MSG("Cavium CRT Enc BT1 failed"); 00831 return -1; 00832 } 00833 return key->c_nSz; 00834 } 00835 00836 00837 static int CaviumRsaSSL_Verify(const byte* in, word32 inLen, byte* out, 00838 word32 outLen, RsaKey* key) 00839 { 00840 word32 requestId; 00841 word32 ret; 00842 word16 outSz = (word16)outLen; 00843 00844 if (key == NULL || in == NULL || out == NULL || inLen != (word32)key->c_nSz) 00845 return -1; 00846 00847 ret = CspPkcs1v15Dec(CAVIUM_BLOCKING, BT1, key->c_nSz, key->c_eSz, 00848 key->c_n, key->c_e, (byte*)in, &outSz, out, 00849 &requestId, key->devId); 00850 if (ret != 0) { 00851 CYASSL_MSG("Cavium Dec BT1 failed"); 00852 return -1; 00853 } 00854 outSz = ntohs(outSz); 00855 00856 return outSz; 00857 } 00858 00859 00860 #endif /* HAVE_CAVIUM */ 00861 00862 #endif /* NO_RSA */
Generated on Wed Jul 13 2022 02:33:57 by
1.7.2