Francois Berder
fork of cyassl-lib
Dependents: TLS_cyassl TLS_cyassl
ctaocrypt/src/rsa.c@4:f377303c41be, 2013-09-16 (annotated)
- Committer:
- feb11
- Date:
- Mon Sep 16 09:53:35 2013 +0000
- Revision:
- 4:f377303c41be
- Parent:
- 0:714293de3836
changed settings
Who changed what in which revision?
| User | Revision | Line number | New contents of line |
|---|---|---|---|
| ashleymills | 0:714293de3836 | 1 | /* rsa.c |
| ashleymills | 0:714293de3836 | 2 | * |
| ashleymills | 0:714293de3836 | 3 | * Copyright (C) 2006-2013 wolfSSL Inc. |
| ashleymills | 0:714293de3836 | 4 | * |
| ashleymills | 0:714293de3836 | 5 | * This file is part of CyaSSL. |
| ashleymills | 0:714293de3836 | 6 | * |
| ashleymills | 0:714293de3836 | 7 | * CyaSSL is free software; you can redistribute it and/or modify |
| ashleymills | 0:714293de3836 | 8 | * it under the terms of the GNU General Public License as published by |
| ashleymills | 0:714293de3836 | 9 | * the Free Software Foundation; either version 2 of the License, or |
| ashleymills | 0:714293de3836 | 10 | * (at your option) any later version. |
| ashleymills | 0:714293de3836 | 11 | * |
| ashleymills | 0:714293de3836 | 12 | * CyaSSL is distributed in the hope that it will be useful, |
| ashleymills | 0:714293de3836 | 13 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
| ashleymills | 0:714293de3836 | 14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
| ashleymills | 0:714293de3836 | 15 | * GNU General Public License for more details. |
| ashleymills | 0:714293de3836 | 16 | * |
| ashleymills | 0:714293de3836 | 17 | * You should have received a copy of the GNU General Public License |
| ashleymills | 0:714293de3836 | 18 | * along with this program; if not, write to the Free Software |
| ashleymills | 0:714293de3836 | 19 | * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA |
| ashleymills | 0:714293de3836 | 20 | */ |
| ashleymills | 0:714293de3836 | 21 | |
| ashleymills | 0:714293de3836 | 22 | |
| ashleymills | 0:714293de3836 | 23 | #ifdef HAVE_CONFIG_H |
| ashleymills | 0:714293de3836 | 24 | #include <config.h> |
| ashleymills | 0:714293de3836 | 25 | #endif |
| ashleymills | 0:714293de3836 | 26 | |
| ashleymills | 0:714293de3836 | 27 | #include <cyassl/ctaocrypt/settings.h> |
| ashleymills | 0:714293de3836 | 28 | |
| ashleymills | 0:714293de3836 | 29 | #ifndef NO_RSA |
| ashleymills | 0:714293de3836 | 30 | |
| ashleymills | 0:714293de3836 | 31 | #include <cyassl/ctaocrypt/rsa.h> |
| ashleymills | 0:714293de3836 | 32 | #include <cyassl/ctaocrypt/random.h> |
| ashleymills | 0:714293de3836 | 33 | #include <cyassl/ctaocrypt/ctaoerror2.h> |
| ashleymills | 0:714293de3836 | 34 | #include <cyassl/ctaocrypt/logging.h> |
| ashleymills | 0:714293de3836 | 35 | |
| ashleymills | 0:714293de3836 | 36 | #ifdef SHOW_GEN |
| ashleymills | 0:714293de3836 | 37 | #ifdef FREESCALE_MQX |
| ashleymills | 0:714293de3836 | 38 | #include <fio.h> |
| ashleymills | 0:714293de3836 | 39 | #else |
| ashleymills | 0:714293de3836 | 40 | #include <stdio.h> |
| ashleymills | 0:714293de3836 | 41 | #endif |
| ashleymills | 0:714293de3836 | 42 | #endif |
| ashleymills | 0:714293de3836 | 43 | |
| ashleymills | 0:714293de3836 | 44 | #ifdef HAVE_CAVIUM |
| ashleymills | 0:714293de3836 | 45 | static void InitCaviumRsaKey(RsaKey* key, void* heap); |
| ashleymills | 0:714293de3836 | 46 | static void FreeCaviumRsaKey(RsaKey* key); |
| ashleymills | 0:714293de3836 | 47 | static int CaviumRsaPublicEncrypt(const byte* in, word32 inLen, byte* out, |
| ashleymills | 0:714293de3836 | 48 | word32 outLen, RsaKey* key); |
| ashleymills | 0:714293de3836 | 49 | static int CaviumRsaPrivateDecrypt(const byte* in, word32 inLen, byte* out, |
| ashleymills | 0:714293de3836 | 50 | word32 outLen, RsaKey* key); |
| ashleymills | 0:714293de3836 | 51 | static int CaviumRsaSSL_Sign(const byte* in, word32 inLen, byte* out, |
| ashleymills | 0:714293de3836 | 52 | word32 outLen, RsaKey* key); |
| ashleymills | 0:714293de3836 | 53 | static int CaviumRsaSSL_Verify(const byte* in, word32 inLen, byte* out, |
| ashleymills | 0:714293de3836 | 54 | word32 outLen, RsaKey* key); |
| ashleymills | 0:714293de3836 | 55 | #endif |
| ashleymills | 0:714293de3836 | 56 | |
| ashleymills | 0:714293de3836 | 57 | enum { |
| ashleymills | 0:714293de3836 | 58 | RSA_PUBLIC_ENCRYPT = 0, |
| ashleymills | 0:714293de3836 | 59 | RSA_PUBLIC_DECRYPT = 1, |
| ashleymills | 0:714293de3836 | 60 | RSA_PRIVATE_ENCRYPT = 2, |
| ashleymills | 0:714293de3836 | 61 | RSA_PRIVATE_DECRYPT = 3, |
| ashleymills | 0:714293de3836 | 62 | |
| ashleymills | 0:714293de3836 | 63 | RSA_BLOCK_TYPE_1 = 1, |
| ashleymills | 0:714293de3836 | 64 | RSA_BLOCK_TYPE_2 = 2, |
| ashleymills | 0:714293de3836 | 65 | |
| ashleymills | 0:714293de3836 | 66 | RSA_MIN_SIZE = 512, |
| ashleymills | 0:714293de3836 | 67 | RSA_MAX_SIZE = 4096, |
| ashleymills | 0:714293de3836 | 68 | |
| ashleymills | 0:714293de3836 | 69 | RSA_MIN_PAD_SZ = 11 /* seperator + 0 + pad value + 8 pads */ |
| ashleymills | 0:714293de3836 | 70 | }; |
| ashleymills | 0:714293de3836 | 71 | |
| ashleymills | 0:714293de3836 | 72 | |
| ashleymills | 0:714293de3836 | 73 | void InitRsaKey(RsaKey* key, void* heap) |
| ashleymills | 0:714293de3836 | 74 | { |
| ashleymills | 0:714293de3836 | 75 | #ifdef HAVE_CAVIUM |
| ashleymills | 0:714293de3836 | 76 | if (key->magic == CYASSL_RSA_CAVIUM_MAGIC) |
| ashleymills | 0:714293de3836 | 77 | return InitCaviumRsaKey(key, heap); |
| ashleymills | 0:714293de3836 | 78 | #endif |
| ashleymills | 0:714293de3836 | 79 | |
| ashleymills | 0:714293de3836 | 80 | key->type = -1; /* haven't decided yet */ |
| ashleymills | 0:714293de3836 | 81 | key->heap = heap; |
| ashleymills | 0:714293de3836 | 82 | |
| ashleymills | 0:714293de3836 | 83 | /* TomsFastMath doesn't use memory allocation */ |
| ashleymills | 0:714293de3836 | 84 | #ifndef USE_FAST_MATH |
| ashleymills | 0:714293de3836 | 85 | key->n.dp = key->e.dp = 0; /* public alloc parts */ |
| ashleymills | 0:714293de3836 | 86 | |
| ashleymills | 0:714293de3836 | 87 | key->d.dp = key->p.dp = 0; /* private alloc parts */ |
| ashleymills | 0:714293de3836 | 88 | key->q.dp = key->dP.dp = 0; |
| ashleymills | 0:714293de3836 | 89 | key->u.dp = key->dQ.dp = 0; |
| ashleymills | 0:714293de3836 | 90 | #endif |
| ashleymills | 0:714293de3836 | 91 | } |
| ashleymills | 0:714293de3836 | 92 | |
| ashleymills | 0:714293de3836 | 93 | |
| ashleymills | 0:714293de3836 | 94 | void FreeRsaKey(RsaKey* key) |
| ashleymills | 0:714293de3836 | 95 | { |
| ashleymills | 0:714293de3836 | 96 | (void)key; |
| ashleymills | 0:714293de3836 | 97 | |
| ashleymills | 0:714293de3836 | 98 | #ifdef HAVE_CAVIUM |
| ashleymills | 0:714293de3836 | 99 | if (key->magic == CYASSL_RSA_CAVIUM_MAGIC) |
| ashleymills | 0:714293de3836 | 100 | return FreeCaviumRsaKey(key); |
| ashleymills | 0:714293de3836 | 101 | #endif |
| ashleymills | 0:714293de3836 | 102 | |
| ashleymills | 0:714293de3836 | 103 | /* TomsFastMath doesn't use memory allocation */ |
| ashleymills | 0:714293de3836 | 104 | #ifndef USE_FAST_MATH |
| ashleymills | 0:714293de3836 | 105 | if (key->type == RSA_PRIVATE) { |
| ashleymills | 0:714293de3836 | 106 | mp_clear(&key->u); |
| ashleymills | 0:714293de3836 | 107 | mp_clear(&key->dQ); |
| ashleymills | 0:714293de3836 | 108 | mp_clear(&key->dP); |
| ashleymills | 0:714293de3836 | 109 | mp_clear(&key->q); |
| ashleymills | 0:714293de3836 | 110 | mp_clear(&key->p); |
| ashleymills | 0:714293de3836 | 111 | mp_clear(&key->d); |
| ashleymills | 0:714293de3836 | 112 | } |
| ashleymills | 0:714293de3836 | 113 | mp_clear(&key->e); |
| ashleymills | 0:714293de3836 | 114 | mp_clear(&key->n); |
| ashleymills | 0:714293de3836 | 115 | #endif |
| ashleymills | 0:714293de3836 | 116 | } |
| ashleymills | 0:714293de3836 | 117 | |
| ashleymills | 0:714293de3836 | 118 | static void RsaPad(const byte* input, word32 inputLen, byte* pkcsBlock, |
| ashleymills | 0:714293de3836 | 119 | word32 pkcsBlockLen, byte padValue, RNG* rng) |
| ashleymills | 0:714293de3836 | 120 | { |
| ashleymills | 0:714293de3836 | 121 | if (inputLen == 0) return; |
| ashleymills | 0:714293de3836 | 122 | |
| ashleymills | 0:714293de3836 | 123 | pkcsBlock[0] = 0x0; /* set first byte to zero and advance */ |
| ashleymills | 0:714293de3836 | 124 | pkcsBlock++; pkcsBlockLen--; |
| ashleymills | 0:714293de3836 | 125 | pkcsBlock[0] = padValue; /* insert padValue */ |
| ashleymills | 0:714293de3836 | 126 | |
| ashleymills | 0:714293de3836 | 127 | if (padValue == RSA_BLOCK_TYPE_1) |
| ashleymills | 0:714293de3836 | 128 | /* pad with 0xff bytes */ |
| ashleymills | 0:714293de3836 | 129 | XMEMSET(&pkcsBlock[1], 0xFF, pkcsBlockLen - inputLen - 2); |
| ashleymills | 0:714293de3836 | 130 | else { |
| ashleymills | 0:714293de3836 | 131 | /* pad with non-zero random bytes */ |
| ashleymills | 0:714293de3836 | 132 | word32 padLen = pkcsBlockLen - inputLen - 1, i; |
| ashleymills | 0:714293de3836 | 133 | RNG_GenerateBlock(rng, &pkcsBlock[1], padLen); |
| ashleymills | 0:714293de3836 | 134 | |
| ashleymills | 0:714293de3836 | 135 | /* remove zeros */ |
| ashleymills | 0:714293de3836 | 136 | for (i = 1; i < padLen; i++) |
| ashleymills | 0:714293de3836 | 137 | if (pkcsBlock[i] == 0) pkcsBlock[i] = 0x01; |
| ashleymills | 0:714293de3836 | 138 | } |
| ashleymills | 0:714293de3836 | 139 | |
| ashleymills | 0:714293de3836 | 140 | pkcsBlock[pkcsBlockLen-inputLen-1] = 0; /* separator */ |
| ashleymills | 0:714293de3836 | 141 | XMEMCPY(pkcsBlock+pkcsBlockLen-inputLen, input, inputLen); |
| ashleymills | 0:714293de3836 | 142 | } |
| ashleymills | 0:714293de3836 | 143 | |
| ashleymills | 0:714293de3836 | 144 | |
| ashleymills | 0:714293de3836 | 145 | static word32 RsaUnPad(const byte *pkcsBlock, unsigned int pkcsBlockLen, |
| ashleymills | 0:714293de3836 | 146 | byte **output, byte padValue) |
| ashleymills | 0:714293de3836 | 147 | { |
| ashleymills | 0:714293de3836 | 148 | word32 maxOutputLen = (pkcsBlockLen > 10) ? (pkcsBlockLen - 10) : 0, |
| ashleymills | 0:714293de3836 | 149 | invalid = 0, |
| ashleymills | 0:714293de3836 | 150 | i = 1, |
| ashleymills | 0:714293de3836 | 151 | outputLen; |
| ashleymills | 0:714293de3836 | 152 | |
| ashleymills | 0:714293de3836 | 153 | if (pkcsBlock[0] != 0x0) /* skip past zero */ |
| ashleymills | 0:714293de3836 | 154 | invalid = 1; |
| ashleymills | 0:714293de3836 | 155 | pkcsBlock++; pkcsBlockLen--; |
| ashleymills | 0:714293de3836 | 156 | |
| ashleymills | 0:714293de3836 | 157 | /* Require block type padValue */ |
| ashleymills | 0:714293de3836 | 158 | invalid = (pkcsBlock[0] != padValue) || invalid; |
| ashleymills | 0:714293de3836 | 159 | |
| ashleymills | 0:714293de3836 | 160 | /* skip past the padding until we find the separator */ |
| ashleymills | 0:714293de3836 | 161 | while (i<pkcsBlockLen && pkcsBlock[i++]) { /* null body */ |
| ashleymills | 0:714293de3836 | 162 | } |
| ashleymills | 0:714293de3836 | 163 | if(!(i==pkcsBlockLen || pkcsBlock[i-1]==0)) { |
| ashleymills | 0:714293de3836 | 164 | CYASSL_MSG("RsaUnPad error, bad formatting"); |
| ashleymills | 0:714293de3836 | 165 | return 0; |
| ashleymills | 0:714293de3836 | 166 | } |
| ashleymills | 0:714293de3836 | 167 | |
| ashleymills | 0:714293de3836 | 168 | outputLen = pkcsBlockLen - i; |
| ashleymills | 0:714293de3836 | 169 | invalid = (outputLen > maxOutputLen) || invalid; |
| ashleymills | 0:714293de3836 | 170 | |
| ashleymills | 0:714293de3836 | 171 | if (invalid) { |
| ashleymills | 0:714293de3836 | 172 | CYASSL_MSG("RsaUnPad error, bad formatting"); |
| ashleymills | 0:714293de3836 | 173 | return 0; |
| ashleymills | 0:714293de3836 | 174 | } |
| ashleymills | 0:714293de3836 | 175 | |
| ashleymills | 0:714293de3836 | 176 | *output = (byte *)(pkcsBlock + i); |
| ashleymills | 0:714293de3836 | 177 | return outputLen; |
| ashleymills | 0:714293de3836 | 178 | } |
| ashleymills | 0:714293de3836 | 179 | |
| ashleymills | 0:714293de3836 | 180 | |
| ashleymills | 0:714293de3836 | 181 | static int RsaFunction(const byte* in, word32 inLen, byte* out, word32* outLen, |
| ashleymills | 0:714293de3836 | 182 | int type, RsaKey* key) |
| ashleymills | 0:714293de3836 | 183 | { |
| ashleymills | 0:714293de3836 | 184 | #define ERROR_OUT(x) { ret = x; goto done;} |
| ashleymills | 0:714293de3836 | 185 | |
| ashleymills | 0:714293de3836 | 186 | mp_int tmp; |
| ashleymills | 0:714293de3836 | 187 | int ret = 0; |
| ashleymills | 0:714293de3836 | 188 | word32 keyLen, len; |
| ashleymills | 0:714293de3836 | 189 | |
| ashleymills | 0:714293de3836 | 190 | if (mp_init(&tmp) != MP_OKAY) |
| ashleymills | 0:714293de3836 | 191 | return MP_INIT_E; |
| ashleymills | 0:714293de3836 | 192 | |
| ashleymills | 0:714293de3836 | 193 | if (mp_read_unsigned_bin(&tmp, (byte*)in, inLen) != MP_OKAY) |
| ashleymills | 0:714293de3836 | 194 | ERROR_OUT(MP_READ_E); |
| ashleymills | 0:714293de3836 | 195 | |
| ashleymills | 0:714293de3836 | 196 | if (type == RSA_PRIVATE_DECRYPT || type == RSA_PRIVATE_ENCRYPT) { |
| ashleymills | 0:714293de3836 | 197 | #ifdef RSA_LOW_MEM /* half as much memory but twice as slow */ |
| ashleymills | 0:714293de3836 | 198 | if (mp_exptmod(&tmp, &key->d, &key->n, &tmp) != MP_OKAY) |
| ashleymills | 0:714293de3836 | 199 | ERROR_OUT(MP_EXPTMOD_E); |
| ashleymills | 0:714293de3836 | 200 | #else |
| ashleymills | 0:714293de3836 | 201 | #define INNER_ERROR_OUT(x) { ret = x; goto inner_done; } |
| ashleymills | 0:714293de3836 | 202 | |
| ashleymills | 0:714293de3836 | 203 | mp_int tmpa, tmpb; |
| ashleymills | 0:714293de3836 | 204 | |
| ashleymills | 0:714293de3836 | 205 | if (mp_init(&tmpa) != MP_OKAY) |
| ashleymills | 0:714293de3836 | 206 | ERROR_OUT(MP_INIT_E); |
| ashleymills | 0:714293de3836 | 207 | |
| ashleymills | 0:714293de3836 | 208 | if (mp_init(&tmpb) != MP_OKAY) { |
| ashleymills | 0:714293de3836 | 209 | mp_clear(&tmpa); |
| ashleymills | 0:714293de3836 | 210 | ERROR_OUT(MP_INIT_E); |
| ashleymills | 0:714293de3836 | 211 | } |
| ashleymills | 0:714293de3836 | 212 | |
| ashleymills | 0:714293de3836 | 213 | /* tmpa = tmp^dP mod p */ |
| ashleymills | 0:714293de3836 | 214 | if (mp_exptmod(&tmp, &key->dP, &key->p, &tmpa) != MP_OKAY) |
| ashleymills | 0:714293de3836 | 215 | INNER_ERROR_OUT(MP_EXPTMOD_E); |
| ashleymills | 0:714293de3836 | 216 | |
| ashleymills | 0:714293de3836 | 217 | /* tmpb = tmp^dQ mod q */ |
| ashleymills | 0:714293de3836 | 218 | if (mp_exptmod(&tmp, &key->dQ, &key->q, &tmpb) != MP_OKAY) |
| ashleymills | 0:714293de3836 | 219 | INNER_ERROR_OUT(MP_EXPTMOD_E); |
| ashleymills | 0:714293de3836 | 220 | |
| ashleymills | 0:714293de3836 | 221 | /* tmp = (tmpa - tmpb) * qInv (mod p) */ |
| ashleymills | 0:714293de3836 | 222 | if (mp_sub(&tmpa, &tmpb, &tmp) != MP_OKAY) |
| ashleymills | 0:714293de3836 | 223 | INNER_ERROR_OUT(MP_SUB_E); |
| ashleymills | 0:714293de3836 | 224 | |
| ashleymills | 0:714293de3836 | 225 | if (mp_mulmod(&tmp, &key->u, &key->p, &tmp) != MP_OKAY) |
| ashleymills | 0:714293de3836 | 226 | INNER_ERROR_OUT(MP_MULMOD_E); |
| ashleymills | 0:714293de3836 | 227 | |
| ashleymills | 0:714293de3836 | 228 | /* tmp = tmpb + q * tmp */ |
| ashleymills | 0:714293de3836 | 229 | if (mp_mul(&tmp, &key->q, &tmp) != MP_OKAY) |
| ashleymills | 0:714293de3836 | 230 | INNER_ERROR_OUT(MP_MUL_E); |
| ashleymills | 0:714293de3836 | 231 | |
| ashleymills | 0:714293de3836 | 232 | if (mp_add(&tmp, &tmpb, &tmp) != MP_OKAY) |
| ashleymills | 0:714293de3836 | 233 | INNER_ERROR_OUT(MP_ADD_E); |
| ashleymills | 0:714293de3836 | 234 | |
| ashleymills | 0:714293de3836 | 235 | inner_done: |
| ashleymills | 0:714293de3836 | 236 | mp_clear(&tmpa); |
| ashleymills | 0:714293de3836 | 237 | mp_clear(&tmpb); |
| ashleymills | 0:714293de3836 | 238 | |
| ashleymills | 0:714293de3836 | 239 | if (ret != 0) return ret; |
| ashleymills | 0:714293de3836 | 240 | |
| ashleymills | 0:714293de3836 | 241 | #endif /* RSA_LOW_MEM */ |
| ashleymills | 0:714293de3836 | 242 | } |
| ashleymills | 0:714293de3836 | 243 | else if (type == RSA_PUBLIC_ENCRYPT || type == RSA_PUBLIC_DECRYPT) { |
| ashleymills | 0:714293de3836 | 244 | if (mp_exptmod(&tmp, &key->e, &key->n, &tmp) != MP_OKAY) |
| ashleymills | 0:714293de3836 | 245 | ERROR_OUT(MP_EXPTMOD_E); |
| ashleymills | 0:714293de3836 | 246 | } |
| ashleymills | 0:714293de3836 | 247 | else |
| ashleymills | 0:714293de3836 | 248 | ERROR_OUT(RSA_WRONG_TYPE_E); |
| ashleymills | 0:714293de3836 | 249 | |
| ashleymills | 0:714293de3836 | 250 | keyLen = mp_unsigned_bin_size(&key->n); |
| ashleymills | 0:714293de3836 | 251 | if (keyLen > *outLen) |
| ashleymills | 0:714293de3836 | 252 | ERROR_OUT(RSA_BUFFER_E); |
| ashleymills | 0:714293de3836 | 253 | |
| ashleymills | 0:714293de3836 | 254 | len = mp_unsigned_bin_size(&tmp); |
| ashleymills | 0:714293de3836 | 255 | |
| ashleymills | 0:714293de3836 | 256 | /* pad front w/ zeros to match key length */ |
| ashleymills | 0:714293de3836 | 257 | while (len < keyLen) { |
| ashleymills | 0:714293de3836 | 258 | *out++ = 0x00; |
| ashleymills | 0:714293de3836 | 259 | len++; |
| ashleymills | 0:714293de3836 | 260 | } |
| ashleymills | 0:714293de3836 | 261 | |
| ashleymills | 0:714293de3836 | 262 | *outLen = keyLen; |
| ashleymills | 0:714293de3836 | 263 | |
| ashleymills | 0:714293de3836 | 264 | /* convert */ |
| ashleymills | 0:714293de3836 | 265 | if (mp_to_unsigned_bin(&tmp, out) != MP_OKAY) |
| ashleymills | 0:714293de3836 | 266 | ERROR_OUT(MP_TO_E); |
| ashleymills | 0:714293de3836 | 267 | |
| ashleymills | 0:714293de3836 | 268 | done: |
| ashleymills | 0:714293de3836 | 269 | mp_clear(&tmp); |
| ashleymills | 0:714293de3836 | 270 | return ret; |
| ashleymills | 0:714293de3836 | 271 | } |
| ashleymills | 0:714293de3836 | 272 | |
| ashleymills | 0:714293de3836 | 273 | |
| ashleymills | 0:714293de3836 | 274 | int RsaPublicEncrypt(const byte* in, word32 inLen, byte* out, word32 outLen, |
| ashleymills | 0:714293de3836 | 275 | RsaKey* key, RNG* rng) |
| ashleymills | 0:714293de3836 | 276 | { |
| ashleymills | 0:714293de3836 | 277 | int sz, ret; |
| ashleymills | 0:714293de3836 | 278 | |
| ashleymills | 0:714293de3836 | 279 | #ifdef HAVE_CAVIUM |
| ashleymills | 0:714293de3836 | 280 | if (key->magic == CYASSL_RSA_CAVIUM_MAGIC) |
| ashleymills | 0:714293de3836 | 281 | return CaviumRsaPublicEncrypt(in, inLen, out, outLen, key); |
| ashleymills | 0:714293de3836 | 282 | #endif |
| ashleymills | 0:714293de3836 | 283 | |
| ashleymills | 0:714293de3836 | 284 | sz = mp_unsigned_bin_size(&key->n); |
| ashleymills | 0:714293de3836 | 285 | if (sz > (int)outLen) |
| ashleymills | 0:714293de3836 | 286 | return RSA_BUFFER_E; |
| ashleymills | 0:714293de3836 | 287 | |
| ashleymills | 0:714293de3836 | 288 | if (inLen > (word32)(sz - RSA_MIN_PAD_SZ)) |
| ashleymills | 0:714293de3836 | 289 | return RSA_BUFFER_E; |
| ashleymills | 0:714293de3836 | 290 | |
| ashleymills | 0:714293de3836 | 291 | RsaPad(in, inLen, out, sz, RSA_BLOCK_TYPE_2, rng); |
| ashleymills | 0:714293de3836 | 292 | |
| ashleymills | 0:714293de3836 | 293 | if ((ret = RsaFunction(out, sz, out, &outLen, RSA_PUBLIC_ENCRYPT, key)) < 0) |
| ashleymills | 0:714293de3836 | 294 | sz = ret; |
| ashleymills | 0:714293de3836 | 295 | |
| ashleymills | 0:714293de3836 | 296 | return sz; |
| ashleymills | 0:714293de3836 | 297 | } |
| ashleymills | 0:714293de3836 | 298 | |
| ashleymills | 0:714293de3836 | 299 | |
| ashleymills | 0:714293de3836 | 300 | int RsaPrivateDecryptInline(byte* in, word32 inLen, byte** out, RsaKey* key) |
| ashleymills | 0:714293de3836 | 301 | { |
| ashleymills | 0:714293de3836 | 302 | int plainLen, ret; |
| ashleymills | 0:714293de3836 | 303 | |
| ashleymills | 0:714293de3836 | 304 | #ifdef HAVE_CAVIUM |
| ashleymills | 0:714293de3836 | 305 | if (key->magic == CYASSL_RSA_CAVIUM_MAGIC) { |
| ashleymills | 0:714293de3836 | 306 | ret = CaviumRsaPrivateDecrypt(in, inLen, in, inLen, key); |
| ashleymills | 0:714293de3836 | 307 | if (ret > 0) |
| ashleymills | 0:714293de3836 | 308 | *out = in; |
| ashleymills | 0:714293de3836 | 309 | return ret; |
| ashleymills | 0:714293de3836 | 310 | } |
| ashleymills | 0:714293de3836 | 311 | #endif |
| ashleymills | 0:714293de3836 | 312 | |
| ashleymills | 0:714293de3836 | 313 | if ((ret = RsaFunction(in, inLen, in, &inLen, RSA_PRIVATE_DECRYPT, key)) |
| ashleymills | 0:714293de3836 | 314 | < 0) { |
| ashleymills | 0:714293de3836 | 315 | return ret; |
| ashleymills | 0:714293de3836 | 316 | } |
| ashleymills | 0:714293de3836 | 317 | |
| ashleymills | 0:714293de3836 | 318 | plainLen = RsaUnPad(in, inLen, out, RSA_BLOCK_TYPE_2); |
| ashleymills | 0:714293de3836 | 319 | |
| ashleymills | 0:714293de3836 | 320 | return plainLen; |
| ashleymills | 0:714293de3836 | 321 | } |
| ashleymills | 0:714293de3836 | 322 | |
| ashleymills | 0:714293de3836 | 323 | |
| ashleymills | 0:714293de3836 | 324 | int RsaPrivateDecrypt(const byte* in, word32 inLen, byte* out, word32 outLen, |
| ashleymills | 0:714293de3836 | 325 | RsaKey* key) |
| ashleymills | 0:714293de3836 | 326 | { |
| ashleymills | 0:714293de3836 | 327 | int plainLen, ret; |
| ashleymills | 0:714293de3836 | 328 | byte* tmp; |
| ashleymills | 0:714293de3836 | 329 | byte* pad = 0; |
| ashleymills | 0:714293de3836 | 330 | |
| ashleymills | 0:714293de3836 | 331 | #ifdef HAVE_CAVIUM |
| ashleymills | 0:714293de3836 | 332 | if (key->magic == CYASSL_RSA_CAVIUM_MAGIC) |
| ashleymills | 0:714293de3836 | 333 | return CaviumRsaPrivateDecrypt(in, inLen, out, outLen, key); |
| ashleymills | 0:714293de3836 | 334 | #endif |
| ashleymills | 0:714293de3836 | 335 | |
| ashleymills | 0:714293de3836 | 336 | tmp = (byte*)XMALLOC(inLen, key->heap, DYNAMIC_TYPE_RSA); |
| ashleymills | 0:714293de3836 | 337 | if (tmp == NULL) { |
| ashleymills | 0:714293de3836 | 338 | return MEMORY_E; |
| ashleymills | 0:714293de3836 | 339 | } |
| ashleymills | 0:714293de3836 | 340 | |
| ashleymills | 0:714293de3836 | 341 | XMEMCPY(tmp, in, inLen); |
| ashleymills | 0:714293de3836 | 342 | |
| ashleymills | 0:714293de3836 | 343 | if ((ret = plainLen = RsaPrivateDecryptInline(tmp, inLen, &pad, key)) |
| ashleymills | 0:714293de3836 | 344 | < 0) { |
| ashleymills | 0:714293de3836 | 345 | XFREE(tmp, key->heap, DYNAMIC_TYPE_RSA); |
| ashleymills | 0:714293de3836 | 346 | return ret; |
| ashleymills | 0:714293de3836 | 347 | } |
| ashleymills | 0:714293de3836 | 348 | if (plainLen > (int)outLen) |
| ashleymills | 0:714293de3836 | 349 | plainLen = BAD_FUNC_ARG; |
| ashleymills | 0:714293de3836 | 350 | else |
| ashleymills | 0:714293de3836 | 351 | XMEMCPY(out, pad, plainLen); |
| ashleymills | 0:714293de3836 | 352 | XMEMSET(tmp, 0x00, inLen); |
| ashleymills | 0:714293de3836 | 353 | |
| ashleymills | 0:714293de3836 | 354 | XFREE(tmp, key->heap, DYNAMIC_TYPE_RSA); |
| ashleymills | 0:714293de3836 | 355 | return plainLen; |
| ashleymills | 0:714293de3836 | 356 | } |
| ashleymills | 0:714293de3836 | 357 | |
| ashleymills | 0:714293de3836 | 358 | |
| ashleymills | 0:714293de3836 | 359 | /* for Rsa Verify */ |
| ashleymills | 0:714293de3836 | 360 | int RsaSSL_VerifyInline(byte* in, word32 inLen, byte** out, RsaKey* key) |
| ashleymills | 0:714293de3836 | 361 | { |
| ashleymills | 0:714293de3836 | 362 | int plainLen, ret; |
| ashleymills | 0:714293de3836 | 363 | |
| ashleymills | 0:714293de3836 | 364 | #ifdef HAVE_CAVIUM |
| ashleymills | 0:714293de3836 | 365 | if (key->magic == CYASSL_RSA_CAVIUM_MAGIC) { |
| ashleymills | 0:714293de3836 | 366 | ret = CaviumRsaSSL_Verify(in, inLen, in, inLen, key); |
| ashleymills | 0:714293de3836 | 367 | if (ret > 0) |
| ashleymills | 0:714293de3836 | 368 | *out = in; |
| ashleymills | 0:714293de3836 | 369 | return ret; |
| ashleymills | 0:714293de3836 | 370 | } |
| ashleymills | 0:714293de3836 | 371 | #endif |
| ashleymills | 0:714293de3836 | 372 | |
| ashleymills | 0:714293de3836 | 373 | if ((ret = RsaFunction(in, inLen, in, &inLen, RSA_PUBLIC_DECRYPT, key)) |
| ashleymills | 0:714293de3836 | 374 | < 0) { |
| ashleymills | 0:714293de3836 | 375 | return ret; |
| ashleymills | 0:714293de3836 | 376 | } |
| ashleymills | 0:714293de3836 | 377 | |
| ashleymills | 0:714293de3836 | 378 | plainLen = RsaUnPad(in, inLen, out, RSA_BLOCK_TYPE_1); |
| ashleymills | 0:714293de3836 | 379 | |
| ashleymills | 0:714293de3836 | 380 | return plainLen; |
| ashleymills | 0:714293de3836 | 381 | } |
| ashleymills | 0:714293de3836 | 382 | |
| ashleymills | 0:714293de3836 | 383 | |
| ashleymills | 0:714293de3836 | 384 | int RsaSSL_Verify(const byte* in, word32 inLen, byte* out, word32 outLen, |
| ashleymills | 0:714293de3836 | 385 | RsaKey* key) |
| ashleymills | 0:714293de3836 | 386 | { |
| ashleymills | 0:714293de3836 | 387 | int plainLen, ret; |
| ashleymills | 0:714293de3836 | 388 | byte* tmp; |
| ashleymills | 0:714293de3836 | 389 | byte* pad = 0; |
| ashleymills | 0:714293de3836 | 390 | |
| ashleymills | 0:714293de3836 | 391 | #ifdef HAVE_CAVIUM |
| ashleymills | 0:714293de3836 | 392 | if (key->magic == CYASSL_RSA_CAVIUM_MAGIC) |
| ashleymills | 0:714293de3836 | 393 | return CaviumRsaSSL_Verify(in, inLen, out, outLen, key); |
| ashleymills | 0:714293de3836 | 394 | #endif |
| ashleymills | 0:714293de3836 | 395 | |
| ashleymills | 0:714293de3836 | 396 | tmp = (byte*)XMALLOC(inLen, key->heap, DYNAMIC_TYPE_RSA); |
| ashleymills | 0:714293de3836 | 397 | if (tmp == NULL) { |
| ashleymills | 0:714293de3836 | 398 | return MEMORY_E; |
| ashleymills | 0:714293de3836 | 399 | } |
| ashleymills | 0:714293de3836 | 400 | |
| ashleymills | 0:714293de3836 | 401 | XMEMCPY(tmp, in, inLen); |
| ashleymills | 0:714293de3836 | 402 | |
| ashleymills | 0:714293de3836 | 403 | if ((ret = plainLen = RsaSSL_VerifyInline(tmp, inLen, &pad, key)) |
| ashleymills | 0:714293de3836 | 404 | < 0) { |
| ashleymills | 0:714293de3836 | 405 | XFREE(tmp, key->heap, DYNAMIC_TYPE_RSA); |
| ashleymills | 0:714293de3836 | 406 | return ret; |
| ashleymills | 0:714293de3836 | 407 | } |
| ashleymills | 0:714293de3836 | 408 | |
| ashleymills | 0:714293de3836 | 409 | if (plainLen > (int)outLen) |
| ashleymills | 0:714293de3836 | 410 | plainLen = BAD_FUNC_ARG; |
| ashleymills | 0:714293de3836 | 411 | else |
| ashleymills | 0:714293de3836 | 412 | XMEMCPY(out, pad, plainLen); |
| ashleymills | 0:714293de3836 | 413 | XMEMSET(tmp, 0x00, inLen); |
| ashleymills | 0:714293de3836 | 414 | |
| ashleymills | 0:714293de3836 | 415 | XFREE(tmp, key->heap, DYNAMIC_TYPE_RSA); |
| ashleymills | 0:714293de3836 | 416 | return plainLen; |
| ashleymills | 0:714293de3836 | 417 | } |
| ashleymills | 0:714293de3836 | 418 | |
| ashleymills | 0:714293de3836 | 419 | |
| ashleymills | 0:714293de3836 | 420 | /* for Rsa Sign */ |
| ashleymills | 0:714293de3836 | 421 | int RsaSSL_Sign(const byte* in, word32 inLen, byte* out, word32 outLen, |
| ashleymills | 0:714293de3836 | 422 | RsaKey* key, RNG* rng) |
| ashleymills | 0:714293de3836 | 423 | { |
| ashleymills | 0:714293de3836 | 424 | int sz, ret; |
| ashleymills | 0:714293de3836 | 425 | |
| ashleymills | 0:714293de3836 | 426 | #ifdef HAVE_CAVIUM |
| ashleymills | 0:714293de3836 | 427 | if (key->magic == CYASSL_RSA_CAVIUM_MAGIC) |
| ashleymills | 0:714293de3836 | 428 | return CaviumRsaSSL_Sign(in, inLen, out, outLen, key); |
| ashleymills | 0:714293de3836 | 429 | #endif |
| ashleymills | 0:714293de3836 | 430 | |
| ashleymills | 0:714293de3836 | 431 | sz = mp_unsigned_bin_size(&key->n); |
| ashleymills | 0:714293de3836 | 432 | if (sz > (int)outLen) |
| ashleymills | 0:714293de3836 | 433 | return RSA_BUFFER_E; |
| ashleymills | 0:714293de3836 | 434 | |
| ashleymills | 0:714293de3836 | 435 | if (inLen > (word32)(sz - RSA_MIN_PAD_SZ)) |
| ashleymills | 0:714293de3836 | 436 | return RSA_BUFFER_E; |
| ashleymills | 0:714293de3836 | 437 | |
| ashleymills | 0:714293de3836 | 438 | RsaPad(in, inLen, out, sz, RSA_BLOCK_TYPE_1, rng); |
| ashleymills | 0:714293de3836 | 439 | |
| ashleymills | 0:714293de3836 | 440 | if ((ret = RsaFunction(out, sz, out, &outLen, RSA_PRIVATE_ENCRYPT,key)) < 0) |
| ashleymills | 0:714293de3836 | 441 | sz = ret; |
| ashleymills | 0:714293de3836 | 442 | |
| ashleymills | 0:714293de3836 | 443 | return sz; |
| ashleymills | 0:714293de3836 | 444 | } |
| ashleymills | 0:714293de3836 | 445 | |
| ashleymills | 0:714293de3836 | 446 | |
| ashleymills | 0:714293de3836 | 447 | int RsaEncryptSize(RsaKey* key) |
| ashleymills | 0:714293de3836 | 448 | { |
| ashleymills | 0:714293de3836 | 449 | #ifdef HAVE_CAVIUM |
| ashleymills | 0:714293de3836 | 450 | if (key->magic == CYASSL_RSA_CAVIUM_MAGIC) |
| ashleymills | 0:714293de3836 | 451 | return key->c_nSz; |
| ashleymills | 0:714293de3836 | 452 | #endif |
| ashleymills | 0:714293de3836 | 453 | return mp_unsigned_bin_size(&key->n); |
| ashleymills | 0:714293de3836 | 454 | } |
| ashleymills | 0:714293de3836 | 455 | |
| ashleymills | 0:714293de3836 | 456 | |
| ashleymills | 0:714293de3836 | 457 | #ifdef CYASSL_KEY_GEN |
| ashleymills | 0:714293de3836 | 458 | |
| ashleymills | 0:714293de3836 | 459 | static const int USE_BBS = 1; |
| ashleymills | 0:714293de3836 | 460 | |
| ashleymills | 0:714293de3836 | 461 | static int rand_prime(mp_int* N, int len, RNG* rng, void* heap) |
| ashleymills | 0:714293de3836 | 462 | { |
| ashleymills | 0:714293de3836 | 463 | int err, res, type; |
| ashleymills | 0:714293de3836 | 464 | byte* buf; |
| ashleymills | 0:714293de3836 | 465 | |
| ashleymills | 0:714293de3836 | 466 | (void)heap; |
| ashleymills | 0:714293de3836 | 467 | if (N == NULL || rng == NULL) |
| ashleymills | 0:714293de3836 | 468 | return BAD_FUNC_ARG; |
| ashleymills | 0:714293de3836 | 469 | |
| ashleymills | 0:714293de3836 | 470 | /* get type */ |
| ashleymills | 0:714293de3836 | 471 | if (len < 0) { |
| ashleymills | 0:714293de3836 | 472 | type = USE_BBS; |
| ashleymills | 0:714293de3836 | 473 | len = -len; |
| ashleymills | 0:714293de3836 | 474 | } else { |
| ashleymills | 0:714293de3836 | 475 | type = 0; |
| ashleymills | 0:714293de3836 | 476 | } |
| ashleymills | 0:714293de3836 | 477 | |
| ashleymills | 0:714293de3836 | 478 | /* allow sizes between 2 and 512 bytes for a prime size */ |
| ashleymills | 0:714293de3836 | 479 | if (len < 2 || len > 512) { |
| ashleymills | 0:714293de3836 | 480 | return BAD_FUNC_ARG; |
| ashleymills | 0:714293de3836 | 481 | } |
| ashleymills | 0:714293de3836 | 482 | |
| ashleymills | 0:714293de3836 | 483 | /* allocate buffer to work with */ |
| ashleymills | 0:714293de3836 | 484 | buf = (byte*)XMALLOC(len, heap, DYNAMIC_TYPE_RSA); |
| ashleymills | 0:714293de3836 | 485 | if (buf == NULL) { |
| ashleymills | 0:714293de3836 | 486 | return MEMORY_E; |
| ashleymills | 0:714293de3836 | 487 | } |
| ashleymills | 0:714293de3836 | 488 | XMEMSET(buf, 0, len); |
| ashleymills | 0:714293de3836 | 489 | |
| ashleymills | 0:714293de3836 | 490 | do { |
| ashleymills | 0:714293de3836 | 491 | #ifdef SHOW_GEN |
| ashleymills | 0:714293de3836 | 492 | printf("."); |
| ashleymills | 0:714293de3836 | 493 | fflush(stdout); |
| ashleymills | 0:714293de3836 | 494 | #endif |
| ashleymills | 0:714293de3836 | 495 | /* generate value */ |
| ashleymills | 0:714293de3836 | 496 | RNG_GenerateBlock(rng, buf, len); |
| ashleymills | 0:714293de3836 | 497 | |
| ashleymills | 0:714293de3836 | 498 | /* munge bits */ |
| ashleymills | 0:714293de3836 | 499 | buf[0] |= 0x80 | 0x40; |
| ashleymills | 0:714293de3836 | 500 | buf[len-1] |= 0x01 | ((type & USE_BBS) ? 0x02 : 0x00); |
| ashleymills | 0:714293de3836 | 501 | |
| ashleymills | 0:714293de3836 | 502 | /* load value */ |
| ashleymills | 0:714293de3836 | 503 | if ((err = mp_read_unsigned_bin(N, buf, len)) != MP_OKAY) { |
| ashleymills | 0:714293de3836 | 504 | XFREE(buf, heap, DYNAMIC_TYPE_RSA); |
| ashleymills | 0:714293de3836 | 505 | return err; |
| ashleymills | 0:714293de3836 | 506 | } |
| ashleymills | 0:714293de3836 | 507 | |
| ashleymills | 0:714293de3836 | 508 | /* test */ |
| ashleymills | 0:714293de3836 | 509 | if ((err = mp_prime_is_prime(N, 8, &res)) != MP_OKAY) { |
| ashleymills | 0:714293de3836 | 510 | XFREE(buf, heap, DYNAMIC_TYPE_RSA); |
| ashleymills | 0:714293de3836 | 511 | return err; |
| ashleymills | 0:714293de3836 | 512 | } |
| ashleymills | 0:714293de3836 | 513 | } while (res == MP_NO); |
| ashleymills | 0:714293de3836 | 514 | |
| ashleymills | 0:714293de3836 | 515 | #ifdef LTC_CLEAN_STACK |
| ashleymills | 0:714293de3836 | 516 | XMEMSET(buf, 0, len); |
| ashleymills | 0:714293de3836 | 517 | #endif |
| ashleymills | 0:714293de3836 | 518 | |
| ashleymills | 0:714293de3836 | 519 | XFREE(buf, heap, DYNAMIC_TYPE_RSA); |
| ashleymills | 0:714293de3836 | 520 | return 0; |
| ashleymills | 0:714293de3836 | 521 | } |
| ashleymills | 0:714293de3836 | 522 | |
| ashleymills | 0:714293de3836 | 523 | |
| ashleymills | 0:714293de3836 | 524 | /* Make an RSA key for size bits, with e specified, 65537 is a good e */ |
| ashleymills | 0:714293de3836 | 525 | int MakeRsaKey(RsaKey* key, int size, long e, RNG* rng) |
| ashleymills | 0:714293de3836 | 526 | { |
| ashleymills | 0:714293de3836 | 527 | mp_int p, q, tmp1, tmp2, tmp3; |
| ashleymills | 0:714293de3836 | 528 | int err; |
| ashleymills | 0:714293de3836 | 529 | |
| ashleymills | 0:714293de3836 | 530 | if (key == NULL || rng == NULL) |
| ashleymills | 0:714293de3836 | 531 | return BAD_FUNC_ARG; |
| ashleymills | 0:714293de3836 | 532 | |
| ashleymills | 0:714293de3836 | 533 | if (size < RSA_MIN_SIZE || size > RSA_MAX_SIZE) |
| ashleymills | 0:714293de3836 | 534 | return BAD_FUNC_ARG; |
| ashleymills | 0:714293de3836 | 535 | |
| ashleymills | 0:714293de3836 | 536 | if (e < 3 || (e & 1) == 0) |
| ashleymills | 0:714293de3836 | 537 | return BAD_FUNC_ARG; |
| ashleymills | 0:714293de3836 | 538 | |
| ashleymills | 0:714293de3836 | 539 | if ((err = mp_init_multi(&p, &q, &tmp1, &tmp2, &tmp3, NULL)) != MP_OKAY) |
| ashleymills | 0:714293de3836 | 540 | return err; |
| ashleymills | 0:714293de3836 | 541 | |
| ashleymills | 0:714293de3836 | 542 | err = mp_set_int(&tmp3, e); |
| ashleymills | 0:714293de3836 | 543 | |
| ashleymills | 0:714293de3836 | 544 | /* make p */ |
| ashleymills | 0:714293de3836 | 545 | if (err == MP_OKAY) { |
| ashleymills | 0:714293de3836 | 546 | do { |
| ashleymills | 0:714293de3836 | 547 | err = rand_prime(&p, size/16, rng, key->heap); /* size in bytes/2 */ |
| ashleymills | 0:714293de3836 | 548 | |
| ashleymills | 0:714293de3836 | 549 | if (err == MP_OKAY) |
| ashleymills | 0:714293de3836 | 550 | err = mp_sub_d(&p, 1, &tmp1); /* tmp1 = p-1 */ |
| ashleymills | 0:714293de3836 | 551 | |
| ashleymills | 0:714293de3836 | 552 | if (err == MP_OKAY) |
| ashleymills | 0:714293de3836 | 553 | err = mp_gcd(&tmp1, &tmp3, &tmp2); /* tmp2 = gcd(p-1, e) */ |
| ashleymills | 0:714293de3836 | 554 | } while (err == MP_OKAY && mp_cmp_d(&tmp2, 1) != 0); /* e divdes p-1 */ |
| ashleymills | 0:714293de3836 | 555 | } |
| ashleymills | 0:714293de3836 | 556 | |
| ashleymills | 0:714293de3836 | 557 | /* make q */ |
| ashleymills | 0:714293de3836 | 558 | if (err == MP_OKAY) { |
| ashleymills | 0:714293de3836 | 559 | do { |
| ashleymills | 0:714293de3836 | 560 | err = rand_prime(&q, size/16, rng, key->heap); /* size in bytes/2 */ |
| ashleymills | 0:714293de3836 | 561 | |
| ashleymills | 0:714293de3836 | 562 | if (err == MP_OKAY) |
| ashleymills | 0:714293de3836 | 563 | err = mp_sub_d(&q, 1, &tmp1); /* tmp1 = q-1 */ |
| ashleymills | 0:714293de3836 | 564 | |
| ashleymills | 0:714293de3836 | 565 | if (err == MP_OKAY) |
| ashleymills | 0:714293de3836 | 566 | err = mp_gcd(&tmp1, &tmp3, &tmp2); /* tmp2 = gcd(q-1, e) */ |
| ashleymills | 0:714293de3836 | 567 | } while (err == MP_OKAY && mp_cmp_d(&tmp2, 1) != 0); /* e divdes q-1 */ |
| ashleymills | 0:714293de3836 | 568 | } |
| ashleymills | 0:714293de3836 | 569 | |
| ashleymills | 0:714293de3836 | 570 | if (err == MP_OKAY) |
| ashleymills | 0:714293de3836 | 571 | err = mp_init_multi(&key->n, &key->e, &key->d, &key->p, &key->q, NULL); |
| ashleymills | 0:714293de3836 | 572 | |
| ashleymills | 0:714293de3836 | 573 | if (err == MP_OKAY) |
| ashleymills | 0:714293de3836 | 574 | err = mp_init_multi(&key->dP, &key->dQ, &key->u, NULL, NULL, NULL); |
| ashleymills | 0:714293de3836 | 575 | |
| ashleymills | 0:714293de3836 | 576 | if (err == MP_OKAY) |
| ashleymills | 0:714293de3836 | 577 | err = mp_sub_d(&p, 1, &tmp2); /* tmp2 = p-1 */ |
| ashleymills | 0:714293de3836 | 578 | |
| ashleymills | 0:714293de3836 | 579 | if (err == MP_OKAY) |
| ashleymills | 0:714293de3836 | 580 | err = mp_lcm(&tmp1, &tmp2, &tmp1); /* tmp1 = lcm(p-1, q-1),last loop */ |
| ashleymills | 0:714293de3836 | 581 | |
| ashleymills | 0:714293de3836 | 582 | /* make key */ |
| ashleymills | 0:714293de3836 | 583 | if (err == MP_OKAY) |
| ashleymills | 0:714293de3836 | 584 | err = mp_set_int(&key->e, e); /* key->e = e */ |
| ashleymills | 0:714293de3836 | 585 | |
| ashleymills | 0:714293de3836 | 586 | if (err == MP_OKAY) /* key->d = 1/e mod lcm(p-1, q-1) */ |
| ashleymills | 0:714293de3836 | 587 | err = mp_invmod(&key->e, &tmp1, &key->d); |
| ashleymills | 0:714293de3836 | 588 | |
| ashleymills | 0:714293de3836 | 589 | if (err == MP_OKAY) |
| ashleymills | 0:714293de3836 | 590 | err = mp_mul(&p, &q, &key->n); /* key->n = pq */ |
| ashleymills | 0:714293de3836 | 591 | |
| ashleymills | 0:714293de3836 | 592 | if (err == MP_OKAY) |
| ashleymills | 0:714293de3836 | 593 | err = mp_sub_d(&p, 1, &tmp1); |
| ashleymills | 0:714293de3836 | 594 | |
| ashleymills | 0:714293de3836 | 595 | if (err == MP_OKAY) |
| ashleymills | 0:714293de3836 | 596 | err = mp_sub_d(&q, 1, &tmp2); |
| ashleymills | 0:714293de3836 | 597 | |
| ashleymills | 0:714293de3836 | 598 | if (err == MP_OKAY) |
| ashleymills | 0:714293de3836 | 599 | err = mp_mod(&key->d, &tmp1, &key->dP); |
| ashleymills | 0:714293de3836 | 600 | |
| ashleymills | 0:714293de3836 | 601 | if (err == MP_OKAY) |
| ashleymills | 0:714293de3836 | 602 | err = mp_mod(&key->d, &tmp2, &key->dQ); |
| ashleymills | 0:714293de3836 | 603 | |
| ashleymills | 0:714293de3836 | 604 | if (err == MP_OKAY) |
| ashleymills | 0:714293de3836 | 605 | err = mp_invmod(&q, &p, &key->u); |
| ashleymills | 0:714293de3836 | 606 | |
| ashleymills | 0:714293de3836 | 607 | if (err == MP_OKAY) |
| ashleymills | 0:714293de3836 | 608 | err = mp_copy(&p, &key->p); |
| ashleymills | 0:714293de3836 | 609 | |
| ashleymills | 0:714293de3836 | 610 | if (err == MP_OKAY) |
| ashleymills | 0:714293de3836 | 611 | err = mp_copy(&q, &key->q); |
| ashleymills | 0:714293de3836 | 612 | |
| ashleymills | 0:714293de3836 | 613 | if (err == MP_OKAY) |
| ashleymills | 0:714293de3836 | 614 | key->type = RSA_PRIVATE; |
| ashleymills | 0:714293de3836 | 615 | |
| ashleymills | 0:714293de3836 | 616 | mp_clear(&tmp3); |
| ashleymills | 0:714293de3836 | 617 | mp_clear(&tmp2); |
| ashleymills | 0:714293de3836 | 618 | mp_clear(&tmp1); |
| ashleymills | 0:714293de3836 | 619 | mp_clear(&q); |
| ashleymills | 0:714293de3836 | 620 | mp_clear(&p); |
| ashleymills | 0:714293de3836 | 621 | |
| ashleymills | 0:714293de3836 | 622 | if (err != MP_OKAY) { |
| ashleymills | 0:714293de3836 | 623 | FreeRsaKey(key); |
| ashleymills | 0:714293de3836 | 624 | return err; |
| ashleymills | 0:714293de3836 | 625 | } |
| ashleymills | 0:714293de3836 | 626 | |
| ashleymills | 0:714293de3836 | 627 | return 0; |
| ashleymills | 0:714293de3836 | 628 | } |
| ashleymills | 0:714293de3836 | 629 | |
| ashleymills | 0:714293de3836 | 630 | |
| ashleymills | 0:714293de3836 | 631 | #endif /* CYASSL_KEY_GEN */ |
| ashleymills | 0:714293de3836 | 632 | |
| ashleymills | 0:714293de3836 | 633 | |
| ashleymills | 0:714293de3836 | 634 | #ifdef HAVE_CAVIUM |
| ashleymills | 0:714293de3836 | 635 | |
| ashleymills | 0:714293de3836 | 636 | #include <cyassl/ctaocrypt/logging.h> |
| ashleymills | 0:714293de3836 | 637 | #include "cavium_common.h" |
| ashleymills | 0:714293de3836 | 638 | |
| ashleymills | 0:714293de3836 | 639 | /* Initiliaze RSA for use with Nitrox device */ |
| ashleymills | 0:714293de3836 | 640 | int RsaInitCavium(RsaKey* rsa, int devId) |
| ashleymills | 0:714293de3836 | 641 | { |
| ashleymills | 0:714293de3836 | 642 | if (rsa == NULL) |
| ashleymills | 0:714293de3836 | 643 | return -1; |
| ashleymills | 0:714293de3836 | 644 | |
| ashleymills | 0:714293de3836 | 645 | if (CspAllocContext(CONTEXT_SSL, &rsa->contextHandle, devId) != 0) |
| ashleymills | 0:714293de3836 | 646 | return -1; |
| ashleymills | 0:714293de3836 | 647 | |
| ashleymills | 0:714293de3836 | 648 | rsa->devId = devId; |
| ashleymills | 0:714293de3836 | 649 | rsa->magic = CYASSL_RSA_CAVIUM_MAGIC; |
| ashleymills | 0:714293de3836 | 650 | |
| ashleymills | 0:714293de3836 | 651 | return 0; |
| ashleymills | 0:714293de3836 | 652 | } |
| ashleymills | 0:714293de3836 | 653 | |
| ashleymills | 0:714293de3836 | 654 | |
| ashleymills | 0:714293de3836 | 655 | /* Free RSA from use with Nitrox device */ |
| ashleymills | 0:714293de3836 | 656 | void RsaFreeCavium(RsaKey* rsa) |
| ashleymills | 0:714293de3836 | 657 | { |
| ashleymills | 0:714293de3836 | 658 | if (rsa == NULL) |
| ashleymills | 0:714293de3836 | 659 | return; |
| ashleymills | 0:714293de3836 | 660 | |
| ashleymills | 0:714293de3836 | 661 | CspFreeContext(CONTEXT_SSL, rsa->contextHandle, rsa->devId); |
| ashleymills | 0:714293de3836 | 662 | rsa->magic = 0; |
| ashleymills | 0:714293de3836 | 663 | } |
| ashleymills | 0:714293de3836 | 664 | |
| ashleymills | 0:714293de3836 | 665 | |
| ashleymills | 0:714293de3836 | 666 | /* Initialize cavium RSA key */ |
| ashleymills | 0:714293de3836 | 667 | static void InitCaviumRsaKey(RsaKey* key, void* heap) |
| ashleymills | 0:714293de3836 | 668 | { |
| ashleymills | 0:714293de3836 | 669 | if (key == NULL) |
| ashleymills | 0:714293de3836 | 670 | return; |
| ashleymills | 0:714293de3836 | 671 | |
| ashleymills | 0:714293de3836 | 672 | key->heap = heap; |
| ashleymills | 0:714293de3836 | 673 | key->type = -1; /* don't know yet */ |
| ashleymills | 0:714293de3836 | 674 | |
| ashleymills | 0:714293de3836 | 675 | key->c_n = NULL; |
| ashleymills | 0:714293de3836 | 676 | key->c_e = NULL; |
| ashleymills | 0:714293de3836 | 677 | key->c_d = NULL; |
| ashleymills | 0:714293de3836 | 678 | key->c_p = NULL; |
| ashleymills | 0:714293de3836 | 679 | key->c_q = NULL; |
| ashleymills | 0:714293de3836 | 680 | key->c_dP = NULL; |
| ashleymills | 0:714293de3836 | 681 | key->c_dQ = NULL; |
| ashleymills | 0:714293de3836 | 682 | key->c_u = NULL; |
| ashleymills | 0:714293de3836 | 683 | |
| ashleymills | 0:714293de3836 | 684 | key->c_nSz = 0; |
| ashleymills | 0:714293de3836 | 685 | key->c_eSz = 0; |
| ashleymills | 0:714293de3836 | 686 | key->c_dSz = 0; |
| ashleymills | 0:714293de3836 | 687 | key->c_pSz = 0; |
| ashleymills | 0:714293de3836 | 688 | key->c_qSz = 0; |
| ashleymills | 0:714293de3836 | 689 | key->c_dP_Sz = 0; |
| ashleymills | 0:714293de3836 | 690 | key->c_dQ_Sz = 0; |
| ashleymills | 0:714293de3836 | 691 | key->c_uSz = 0; |
| ashleymills | 0:714293de3836 | 692 | } |
| ashleymills | 0:714293de3836 | 693 | |
| ashleymills | 0:714293de3836 | 694 | |
| ashleymills | 0:714293de3836 | 695 | /* Free cavium RSA key */ |
| ashleymills | 0:714293de3836 | 696 | static void FreeCaviumRsaKey(RsaKey* key) |
| ashleymills | 0:714293de3836 | 697 | { |
| ashleymills | 0:714293de3836 | 698 | if (key == NULL) |
| ashleymills | 0:714293de3836 | 699 | return; |
| ashleymills | 0:714293de3836 | 700 | |
| ashleymills | 0:714293de3836 | 701 | XFREE(key->c_n, key->heap, DYNAMIC_TYPE_CAVIUM_TMP); |
| ashleymills | 0:714293de3836 | 702 | XFREE(key->c_e, key->heap, DYNAMIC_TYPE_CAVIUM_TMP); |
| ashleymills | 0:714293de3836 | 703 | XFREE(key->c_d, key->heap, DYNAMIC_TYPE_CAVIUM_TMP); |
| ashleymills | 0:714293de3836 | 704 | XFREE(key->c_p, key->heap, DYNAMIC_TYPE_CAVIUM_TMP); |
| ashleymills | 0:714293de3836 | 705 | XFREE(key->c_q, key->heap, DYNAMIC_TYPE_CAVIUM_TMP); |
| ashleymills | 0:714293de3836 | 706 | XFREE(key->c_dP, key->heap, DYNAMIC_TYPE_CAVIUM_TMP); |
| ashleymills | 0:714293de3836 | 707 | XFREE(key->c_dQ, key->heap, DYNAMIC_TYPE_CAVIUM_TMP); |
| ashleymills | 0:714293de3836 | 708 | XFREE(key->c_u, key->heap, DYNAMIC_TYPE_CAVIUM_TMP); |
| ashleymills | 0:714293de3836 | 709 | |
| ashleymills | 0:714293de3836 | 710 | InitCaviumRsaKey(key, key->heap); /* reset pointers */ |
| ashleymills | 0:714293de3836 | 711 | } |
| ashleymills | 0:714293de3836 | 712 | |
| ashleymills | 0:714293de3836 | 713 | |
| ashleymills | 0:714293de3836 | 714 | static int CaviumRsaPublicEncrypt(const byte* in, word32 inLen, byte* out, |
| ashleymills | 0:714293de3836 | 715 | word32 outLen, RsaKey* key) |
| ashleymills | 0:714293de3836 | 716 | { |
| ashleymills | 0:714293de3836 | 717 | word32 requestId; |
| ashleymills | 0:714293de3836 | 718 | word32 ret; |
| ashleymills | 0:714293de3836 | 719 | |
| ashleymills | 0:714293de3836 | 720 | if (key == NULL || in == NULL || out == NULL || outLen < (word32)key->c_nSz) |
| ashleymills | 0:714293de3836 | 721 | return -1; |
| ashleymills | 0:714293de3836 | 722 | |
| ashleymills | 0:714293de3836 | 723 | ret = CspPkcs1v15Enc(CAVIUM_BLOCKING, BT2, key->c_nSz, key->c_eSz, |
| ashleymills | 0:714293de3836 | 724 | (word16)inLen, key->c_n, key->c_e, (byte*)in, out, |
| ashleymills | 0:714293de3836 | 725 | &requestId, key->devId); |
| ashleymills | 0:714293de3836 | 726 | if (ret != 0) { |
| ashleymills | 0:714293de3836 | 727 | CYASSL_MSG("Cavium Enc BT2 failed"); |
| ashleymills | 0:714293de3836 | 728 | return -1; |
| ashleymills | 0:714293de3836 | 729 | } |
| ashleymills | 0:714293de3836 | 730 | return key->c_nSz; |
| ashleymills | 0:714293de3836 | 731 | } |
| ashleymills | 0:714293de3836 | 732 | |
| ashleymills | 0:714293de3836 | 733 | |
| ashleymills | 0:714293de3836 | 734 | static INLINE void ato16(const byte* c, word16* u16) |
| ashleymills | 0:714293de3836 | 735 | { |
| ashleymills | 0:714293de3836 | 736 | *u16 = (c[0] << 8) | (c[1]); |
| ashleymills | 0:714293de3836 | 737 | } |
| ashleymills | 0:714293de3836 | 738 | |
| ashleymills | 0:714293de3836 | 739 | |
| ashleymills | 0:714293de3836 | 740 | static int CaviumRsaPrivateDecrypt(const byte* in, word32 inLen, byte* out, |
| ashleymills | 0:714293de3836 | 741 | word32 outLen, RsaKey* key) |
| ashleymills | 0:714293de3836 | 742 | { |
| ashleymills | 0:714293de3836 | 743 | word32 requestId; |
| ashleymills | 0:714293de3836 | 744 | word32 ret; |
| ashleymills | 0:714293de3836 | 745 | word16 outSz = (word16)outLen; |
| ashleymills | 0:714293de3836 | 746 | |
| ashleymills | 0:714293de3836 | 747 | if (key == NULL || in == NULL || out == NULL || inLen != (word32)key->c_nSz) |
| ashleymills | 0:714293de3836 | 748 | return -1; |
| ashleymills | 0:714293de3836 | 749 | |
| ashleymills | 0:714293de3836 | 750 | ret = CspPkcs1v15CrtDec(CAVIUM_BLOCKING, BT2, key->c_nSz, key->c_q, |
| ashleymills | 0:714293de3836 | 751 | key->c_dQ, key->c_p, key->c_dP, key->c_u, |
| ashleymills | 0:714293de3836 | 752 | (byte*)in, &outSz, out, &requestId, key->devId); |
| ashleymills | 0:714293de3836 | 753 | if (ret != 0) { |
| ashleymills | 0:714293de3836 | 754 | CYASSL_MSG("Cavium CRT Dec BT2 failed"); |
| ashleymills | 0:714293de3836 | 755 | return -1; |
| ashleymills | 0:714293de3836 | 756 | } |
| ashleymills | 0:714293de3836 | 757 | ato16((const byte*)&outSz, &outSz); |
| ashleymills | 0:714293de3836 | 758 | |
| ashleymills | 0:714293de3836 | 759 | return outSz; |
| ashleymills | 0:714293de3836 | 760 | } |
| ashleymills | 0:714293de3836 | 761 | |
| ashleymills | 0:714293de3836 | 762 | |
| ashleymills | 0:714293de3836 | 763 | static int CaviumRsaSSL_Sign(const byte* in, word32 inLen, byte* out, |
| ashleymills | 0:714293de3836 | 764 | word32 outLen, RsaKey* key) |
| ashleymills | 0:714293de3836 | 765 | { |
| ashleymills | 0:714293de3836 | 766 | word32 requestId; |
| ashleymills | 0:714293de3836 | 767 | word32 ret; |
| ashleymills | 0:714293de3836 | 768 | |
| ashleymills | 0:714293de3836 | 769 | if (key == NULL || in == NULL || out == NULL || inLen == 0 || outLen < |
| ashleymills | 0:714293de3836 | 770 | (word32)key->c_nSz) |
| ashleymills | 0:714293de3836 | 771 | return -1; |
| ashleymills | 0:714293de3836 | 772 | |
| ashleymills | 0:714293de3836 | 773 | ret = CspPkcs1v15CrtEnc(CAVIUM_BLOCKING, BT1, key->c_nSz, (word16)inLen, |
| ashleymills | 0:714293de3836 | 774 | key->c_q, key->c_dQ, key->c_p, key->c_dP, key->c_u, |
| ashleymills | 0:714293de3836 | 775 | (byte*)in, out, &requestId, key->devId); |
| ashleymills | 0:714293de3836 | 776 | if (ret != 0) { |
| ashleymills | 0:714293de3836 | 777 | CYASSL_MSG("Cavium CRT Enc BT1 failed"); |
| ashleymills | 0:714293de3836 | 778 | return -1; |
| ashleymills | 0:714293de3836 | 779 | } |
| ashleymills | 0:714293de3836 | 780 | return key->c_nSz; |
| ashleymills | 0:714293de3836 | 781 | } |
| ashleymills | 0:714293de3836 | 782 | |
| ashleymills | 0:714293de3836 | 783 | |
| ashleymills | 0:714293de3836 | 784 | static int CaviumRsaSSL_Verify(const byte* in, word32 inLen, byte* out, |
| ashleymills | 0:714293de3836 | 785 | word32 outLen, RsaKey* key) |
| ashleymills | 0:714293de3836 | 786 | { |
| ashleymills | 0:714293de3836 | 787 | word32 requestId; |
| ashleymills | 0:714293de3836 | 788 | word32 ret; |
| ashleymills | 0:714293de3836 | 789 | word16 outSz = (word16)outLen; |
| ashleymills | 0:714293de3836 | 790 | |
| ashleymills | 0:714293de3836 | 791 | if (key == NULL || in == NULL || out == NULL || inLen != (word32)key->c_nSz) |
| ashleymills | 0:714293de3836 | 792 | return -1; |
| ashleymills | 0:714293de3836 | 793 | |
| ashleymills | 0:714293de3836 | 794 | ret = CspPkcs1v15Dec(CAVIUM_BLOCKING, BT1, key->c_nSz, key->c_eSz, |
| ashleymills | 0:714293de3836 | 795 | key->c_n, key->c_e, (byte*)in, &outSz, out, |
| ashleymills | 0:714293de3836 | 796 | &requestId, key->devId); |
| ashleymills | 0:714293de3836 | 797 | if (ret != 0) { |
| ashleymills | 0:714293de3836 | 798 | CYASSL_MSG("Cavium Dec BT1 failed"); |
| ashleymills | 0:714293de3836 | 799 | return -1; |
| ashleymills | 0:714293de3836 | 800 | } |
| ashleymills | 0:714293de3836 | 801 | outSz = ntohs(outSz); |
| ashleymills | 0:714293de3836 | 802 | |
| ashleymills | 0:714293de3836 | 803 | return outSz; |
| ashleymills | 0:714293de3836 | 804 | } |
| ashleymills | 0:714293de3836 | 805 | |
| ashleymills | 0:714293de3836 | 806 | |
| ashleymills | 0:714293de3836 | 807 | #endif /* HAVE_CAVIUM */ |
| ashleymills | 0:714293de3836 | 808 | |
| ashleymills | 0:714293de3836 | 809 | #endif /* NO_RSA */ |