wolfSSL-TLS13-Beta - wolfSSL 3.11.1 for TLS1.3 beta

Users » wolfSSL » Code » wolfSSL-TLS13-Beta

wolfSSL 3.11.1 for TLS1.3 beta

wolfcrypt/src/rsa.c@7:481bce714567, 2017-05-02 (annotated)

Committer:: wolfSSL
Date:: Tue May 02 08:44:47 2017 +0000
Revision:: 7:481bce714567

wolfSSL3.10.2

Who changed what in which revision?

User	Revision	Line number	New contents of line
wolfSSL	7:481bce714567	1	/* rsa.c
wolfSSL	7:481bce714567	2	*
wolfSSL	7:481bce714567	3	* Copyright (C) 2006-2016 wolfSSL Inc.
wolfSSL	7:481bce714567	4	*
wolfSSL	7:481bce714567	5	* This file is part of wolfSSL.
wolfSSL	7:481bce714567	6	*
wolfSSL	7:481bce714567	7	* wolfSSL is free software; you can redistribute it and/or modify
wolfSSL	7:481bce714567	8	* it under the terms of the GNU General Public License as published by
wolfSSL	7:481bce714567	9	* the Free Software Foundation; either version 2 of the License, or
wolfSSL	7:481bce714567	10	* (at your option) any later version.
wolfSSL	7:481bce714567	11	*
wolfSSL	7:481bce714567	12	* wolfSSL is distributed in the hope that it will be useful,
wolfSSL	7:481bce714567	13	* but WITHOUT ANY WARRANTY; without even the implied warranty of
wolfSSL	7:481bce714567	14	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
wolfSSL	7:481bce714567	15	* GNU General Public License for more details.
wolfSSL	7:481bce714567	16	*
wolfSSL	7:481bce714567	17	* You should have received a copy of the GNU General Public License
wolfSSL	7:481bce714567	18	* along with this program; if not, write to the Free Software
wolfSSL	7:481bce714567	19	* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
wolfSSL	7:481bce714567	20	*/
wolfSSL	7:481bce714567	21
wolfSSL	7:481bce714567	22
wolfSSL	7:481bce714567	23	#ifdef HAVE_CONFIG_H
wolfSSL	7:481bce714567	24	#include <config.h>
wolfSSL	7:481bce714567	25	#endif
wolfSSL	7:481bce714567	26
wolfSSL	7:481bce714567	27	#include <wolfssl/wolfcrypt/settings.h>
wolfSSL	7:481bce714567	28
wolfSSL	7:481bce714567	29	#ifndef NO_RSA
wolfSSL	7:481bce714567	30
wolfSSL	7:481bce714567	31	#include <wolfssl/wolfcrypt/rsa.h>
wolfSSL	7:481bce714567	32
wolfSSL	7:481bce714567	33	/*
wolfSSL	7:481bce714567	34	Possible RSA enable options:
wolfSSL	7:481bce714567	35	* NO_RSA: Overall control of RSA default: on (not defined)
wolfSSL	7:481bce714567	36	* WC_RSA_BLINDING: Uses Blinding w/ Private Ops default: off
wolfSSL	7:481bce714567	37	Note: slower by ~20%
wolfSSL	7:481bce714567	38	* WOLFSSL_KEY_GEN: Allows Private Key Generation default: off
wolfSSL	7:481bce714567	39	* RSA_LOW_MEM: NON CRT Private Operations, less memory default: off
wolfSSL	7:481bce714567	40	* WC_NO_RSA_OAEP: Disables RSA OAEP padding default: on (not defined)
wolfSSL	7:481bce714567	41
wolfSSL	7:481bce714567	42	*/
wolfSSL	7:481bce714567	43
wolfSSL	7:481bce714567	44	/*
wolfSSL	7:481bce714567	45	RSA Key Size Configuration:
wolfSSL	7:481bce714567	46	* FP_MAX_BITS: With USE_FAST_MATH only default: 4096
wolfSSL	7:481bce714567	47	If USE_FAST_MATH then use this to override default.
wolfSSL	7:481bce714567	48	Value is key size * 2. Example: RSA 3072 = 6144
wolfSSL	7:481bce714567	49	*/
wolfSSL	7:481bce714567	50
wolfSSL	7:481bce714567	51
wolfSSL	7:481bce714567	52	#ifdef HAVE_FIPS
wolfSSL	7:481bce714567	53	int wc_InitRsaKey(RsaKey* key, void* ptr)
wolfSSL	7:481bce714567	54	{
wolfSSL	7:481bce714567	55	return InitRsaKey_fips(key, ptr);
wolfSSL	7:481bce714567	56	}
wolfSSL	7:481bce714567	57
wolfSSL	7:481bce714567	58	int wc_InitRsaKey_ex(RsaKey* key, void* ptr, int devId)
wolfSSL	7:481bce714567	59	{
wolfSSL	7:481bce714567	60	(void)devId;
wolfSSL	7:481bce714567	61	return InitRsaKey_fips(key, ptr);
wolfSSL	7:481bce714567	62	}
wolfSSL	7:481bce714567	63
wolfSSL	7:481bce714567	64	int wc_FreeRsaKey(RsaKey* key)
wolfSSL	7:481bce714567	65	{
wolfSSL	7:481bce714567	66	return FreeRsaKey_fips(key);
wolfSSL	7:481bce714567	67	}
wolfSSL	7:481bce714567	68
wolfSSL	7:481bce714567	69
wolfSSL	7:481bce714567	70	int wc_RsaPublicEncrypt(const byte* in, word32 inLen, byte* out,
wolfSSL	7:481bce714567	71	word32 outLen, RsaKey* key, WC_RNG* rng)
wolfSSL	7:481bce714567	72	{
wolfSSL	7:481bce714567	73	return RsaPublicEncrypt_fips(in, inLen, out, outLen, key, rng);
wolfSSL	7:481bce714567	74	}
wolfSSL	7:481bce714567	75
wolfSSL	7:481bce714567	76
wolfSSL	7:481bce714567	77	int wc_RsaPrivateDecryptInline(byte* in, word32 inLen, byte** out,
wolfSSL	7:481bce714567	78	RsaKey* key)
wolfSSL	7:481bce714567	79	{
wolfSSL	7:481bce714567	80	return RsaPrivateDecryptInline_fips(in, inLen, out, key);
wolfSSL	7:481bce714567	81	}
wolfSSL	7:481bce714567	82
wolfSSL	7:481bce714567	83
wolfSSL	7:481bce714567	84	int wc_RsaPrivateDecrypt(const byte* in, word32 inLen, byte* out,
wolfSSL	7:481bce714567	85	word32 outLen, RsaKey* key)
wolfSSL	7:481bce714567	86	{
wolfSSL	7:481bce714567	87	return RsaPrivateDecrypt_fips(in, inLen, out, outLen, key);
wolfSSL	7:481bce714567	88	}
wolfSSL	7:481bce714567	89
wolfSSL	7:481bce714567	90
wolfSSL	7:481bce714567	91	int wc_RsaSSL_Sign(const byte* in, word32 inLen, byte* out,
wolfSSL	7:481bce714567	92	word32 outLen, RsaKey* key, WC_RNG* rng)
wolfSSL	7:481bce714567	93	{
wolfSSL	7:481bce714567	94	return RsaSSL_Sign_fips(in, inLen, out, outLen, key, rng);
wolfSSL	7:481bce714567	95	}
wolfSSL	7:481bce714567	96
wolfSSL	7:481bce714567	97
wolfSSL	7:481bce714567	98	int wc_RsaSSL_VerifyInline(byte* in, word32 inLen, byte** out, RsaKey* key)
wolfSSL	7:481bce714567	99	{
wolfSSL	7:481bce714567	100	return RsaSSL_VerifyInline_fips(in, inLen, out, key);
wolfSSL	7:481bce714567	101	}
wolfSSL	7:481bce714567	102
wolfSSL	7:481bce714567	103
wolfSSL	7:481bce714567	104	int wc_RsaSSL_Verify(const byte* in, word32 inLen, byte* out,
wolfSSL	7:481bce714567	105	word32 outLen, RsaKey* key)
wolfSSL	7:481bce714567	106	{
wolfSSL	7:481bce714567	107	return RsaSSL_Verify_fips(in, inLen, out, outLen, key);
wolfSSL	7:481bce714567	108	}
wolfSSL	7:481bce714567	109
wolfSSL	7:481bce714567	110
wolfSSL	7:481bce714567	111	int wc_RsaEncryptSize(RsaKey* key)
wolfSSL	7:481bce714567	112	{
wolfSSL	7:481bce714567	113	return RsaEncryptSize_fips(key);
wolfSSL	7:481bce714567	114	}
wolfSSL	7:481bce714567	115
wolfSSL	7:481bce714567	116
wolfSSL	7:481bce714567	117	int wc_RsaFlattenPublicKey(RsaKey* key, byte* a, word32* aSz, byte* b,
wolfSSL	7:481bce714567	118	word32* bSz)
wolfSSL	7:481bce714567	119	{
wolfSSL	7:481bce714567	120	/* not specified as fips so not needing _fips */
wolfSSL	7:481bce714567	121	return RsaFlattenPublicKey(key, a, aSz, b, bSz);
wolfSSL	7:481bce714567	122	}
wolfSSL	7:481bce714567	123	#ifdef WOLFSSL_KEY_GEN
wolfSSL	7:481bce714567	124	int wc_MakeRsaKey(RsaKey* key, int size, long e, WC_RNG* rng)
wolfSSL	7:481bce714567	125	{
wolfSSL	7:481bce714567	126	return MakeRsaKey(key, size, e, rng);
wolfSSL	7:481bce714567	127	}
wolfSSL	7:481bce714567	128	#endif
wolfSSL	7:481bce714567	129
wolfSSL	7:481bce714567	130
wolfSSL	7:481bce714567	131	/* these are functions in asn and are routed to wolfssl/wolfcrypt/asn.c
wolfSSL	7:481bce714567	132	* wc_RsaPrivateKeyDecode
wolfSSL	7:481bce714567	133	* wc_RsaPublicKeyDecode
wolfSSL	7:481bce714567	134	*/
wolfSSL	7:481bce714567	135
wolfSSL	7:481bce714567	136	#else /* else build without fips */
wolfSSL	7:481bce714567	137
wolfSSL	7:481bce714567	138	#include <wolfssl/wolfcrypt/random.h>
wolfSSL	7:481bce714567	139	#include <wolfssl/wolfcrypt/error-crypt.h>
wolfSSL	7:481bce714567	140	#include <wolfssl/wolfcrypt/logging.h>
wolfSSL	7:481bce714567	141	#ifdef NO_INLINE
wolfSSL	7:481bce714567	142	#include <wolfssl/wolfcrypt/misc.h>
wolfSSL	7:481bce714567	143	#else
wolfSSL	7:481bce714567	144	#define WOLFSSL_MISC_INCLUDED
wolfSSL	7:481bce714567	145	#include <wolfcrypt/src/misc.c>
wolfSSL	7:481bce714567	146	#endif
wolfSSL	7:481bce714567	147
wolfSSL	7:481bce714567	148	#define ERROR_OUT(x) { ret = (x); goto done;}
wolfSSL	7:481bce714567	149
wolfSSL	7:481bce714567	150
wolfSSL	7:481bce714567	151	#ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL	7:481bce714567	152	static int InitAsyncRsaKey(RsaKey* key);
wolfSSL	7:481bce714567	153	static int FreeAsyncRsaKey(RsaKey* key);
wolfSSL	7:481bce714567	154	#endif /* WOLFSSL_ASYNC_CRYPT */
wolfSSL	7:481bce714567	155
wolfSSL	7:481bce714567	156	enum {
wolfSSL	7:481bce714567	157	RSA_STATE_NONE = 0,
wolfSSL	7:481bce714567	158
wolfSSL	7:481bce714567	159	RSA_STATE_ENCRYPT_PAD,
wolfSSL	7:481bce714567	160	RSA_STATE_ENCRYPT_EXPTMOD,
wolfSSL	7:481bce714567	161	RSA_STATE_ENCRYPT_RES,
wolfSSL	7:481bce714567	162
wolfSSL	7:481bce714567	163	RSA_STATE_DECRYPT_EXPTMOD,
wolfSSL	7:481bce714567	164	RSA_STATE_DECRYPT_UNPAD,
wolfSSL	7:481bce714567	165	RSA_STATE_DECRYPT_RES,
wolfSSL	7:481bce714567	166	};
wolfSSL	7:481bce714567	167
wolfSSL	7:481bce714567	168	static void wc_RsaCleanup(RsaKey* key)
wolfSSL	7:481bce714567	169	{
wolfSSL	7:481bce714567	170	if (key && key->tmp) {
wolfSSL	7:481bce714567	171	/* make sure any allocated memory is free'd */
wolfSSL	7:481bce714567	172	if (key->tmpIsAlloc) {
wolfSSL	7:481bce714567	173	if (key->type == RSA_PRIVATE_DECRYPT \|\|
wolfSSL	7:481bce714567	174	key->type == RSA_PRIVATE_ENCRYPT) {
wolfSSL	7:481bce714567	175	ForceZero(key->tmp, key->tmpLen);
wolfSSL	7:481bce714567	176	}
wolfSSL	7:481bce714567	177	XFREE(key->tmp, key->heap, DYNAMIC_TYPE_RSA);
wolfSSL	7:481bce714567	178	key->tmpIsAlloc = 0;
wolfSSL	7:481bce714567	179	}
wolfSSL	7:481bce714567	180	key->tmp = NULL;
wolfSSL	7:481bce714567	181	key->tmpLen = 0;
wolfSSL	7:481bce714567	182	}
wolfSSL	7:481bce714567	183	}
wolfSSL	7:481bce714567	184
wolfSSL	7:481bce714567	185	int wc_InitRsaKey_ex(RsaKey* key, void* heap, int devId)
wolfSSL	7:481bce714567	186	{
wolfSSL	7:481bce714567	187	int ret = 0;
wolfSSL	7:481bce714567	188
wolfSSL	7:481bce714567	189	if (key == NULL) {
wolfSSL	7:481bce714567	190	return BAD_FUNC_ARG;
wolfSSL	7:481bce714567	191	}
wolfSSL	7:481bce714567	192
wolfSSL	7:481bce714567	193	(void)devId;
wolfSSL	7:481bce714567	194
wolfSSL	7:481bce714567	195	key->type = RSA_TYPE_UNKNOWN;
wolfSSL	7:481bce714567	196	key->state = RSA_STATE_NONE;
wolfSSL	7:481bce714567	197	key->heap = heap;
wolfSSL	7:481bce714567	198	key->tmp = NULL;
wolfSSL	7:481bce714567	199	key->tmpLen = 0;
wolfSSL	7:481bce714567	200	key->tmpIsAlloc = 0;
wolfSSL	7:481bce714567	201	#ifdef WC_RSA_BLINDING
wolfSSL	7:481bce714567	202	key->rng = NULL;
wolfSSL	7:481bce714567	203	#endif
wolfSSL	7:481bce714567	204
wolfSSL	7:481bce714567	205	#ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL	7:481bce714567	206	if (devId != INVALID_DEVID) {
wolfSSL	7:481bce714567	207	/* handle as async */
wolfSSL	7:481bce714567	208	ret = wolfAsync_DevCtxInit(&key->asyncDev, WOLFSSL_ASYNC_MARKER_RSA,
wolfSSL	7:481bce714567	209	devId);
wolfSSL	7:481bce714567	210	if (ret == 0) {
wolfSSL	7:481bce714567	211	ret = InitAsyncRsaKey(key);
wolfSSL	7:481bce714567	212	}
wolfSSL	7:481bce714567	213	}
wolfSSL	7:481bce714567	214	else
wolfSSL	7:481bce714567	215	#endif
wolfSSL	7:481bce714567	216	{
wolfSSL	7:481bce714567	217	mp_init(&key->n);
wolfSSL	7:481bce714567	218	mp_init(&key->e);
wolfSSL	7:481bce714567	219	mp_init(&key->d);
wolfSSL	7:481bce714567	220	mp_init(&key->p);
wolfSSL	7:481bce714567	221	mp_init(&key->q);
wolfSSL	7:481bce714567	222	mp_init(&key->dP);
wolfSSL	7:481bce714567	223	mp_init(&key->dQ);
wolfSSL	7:481bce714567	224	mp_init(&key->u);
wolfSSL	7:481bce714567	225	}
wolfSSL	7:481bce714567	226
wolfSSL	7:481bce714567	227	return ret;
wolfSSL	7:481bce714567	228	}
wolfSSL	7:481bce714567	229
wolfSSL	7:481bce714567	230	int wc_InitRsaKey(RsaKey* key, void* heap)
wolfSSL	7:481bce714567	231	{
wolfSSL	7:481bce714567	232	return wc_InitRsaKey_ex(key, heap, INVALID_DEVID);
wolfSSL	7:481bce714567	233	}
wolfSSL	7:481bce714567	234
wolfSSL	7:481bce714567	235	int wc_FreeRsaKey(RsaKey* key)
wolfSSL	7:481bce714567	236	{
wolfSSL	7:481bce714567	237	int ret = 0;
wolfSSL	7:481bce714567	238
wolfSSL	7:481bce714567	239	if (key == NULL) {
wolfSSL	7:481bce714567	240	return BAD_FUNC_ARG;
wolfSSL	7:481bce714567	241	}
wolfSSL	7:481bce714567	242
wolfSSL	7:481bce714567	243	wc_RsaCleanup(key);
wolfSSL	7:481bce714567	244
wolfSSL	7:481bce714567	245	#ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL	7:481bce714567	246	if (key->asyncDev.marker == WOLFSSL_ASYNC_MARKER_RSA) {
wolfSSL	7:481bce714567	247	ret = FreeAsyncRsaKey(key);
wolfSSL	7:481bce714567	248	wolfAsync_DevCtxFree(&key->asyncDev);
wolfSSL	7:481bce714567	249	}
wolfSSL	7:481bce714567	250	else
wolfSSL	7:481bce714567	251	#endif
wolfSSL	7:481bce714567	252	{
wolfSSL	7:481bce714567	253	if (key->type == RSA_PRIVATE) {
wolfSSL	7:481bce714567	254	mp_forcezero(&key->u);
wolfSSL	7:481bce714567	255	mp_forcezero(&key->dQ);
wolfSSL	7:481bce714567	256	mp_forcezero(&key->dP);
wolfSSL	7:481bce714567	257	mp_forcezero(&key->q);
wolfSSL	7:481bce714567	258	mp_forcezero(&key->p);
wolfSSL	7:481bce714567	259	mp_forcezero(&key->d);
wolfSSL	7:481bce714567	260	}
wolfSSL	7:481bce714567	261	#ifndef USE_FAST_MATH
wolfSSL	7:481bce714567	262	/* private part */
wolfSSL	7:481bce714567	263	mp_clear(&key->u);
wolfSSL	7:481bce714567	264	mp_clear(&key->dQ);
wolfSSL	7:481bce714567	265	mp_clear(&key->dP);
wolfSSL	7:481bce714567	266	mp_clear(&key->q);
wolfSSL	7:481bce714567	267	mp_clear(&key->p);
wolfSSL	7:481bce714567	268	mp_clear(&key->d);
wolfSSL	7:481bce714567	269
wolfSSL	7:481bce714567	270	/* public part */
wolfSSL	7:481bce714567	271	mp_clear(&key->e);
wolfSSL	7:481bce714567	272	mp_clear(&key->n);
wolfSSL	7:481bce714567	273	#endif
wolfSSL	7:481bce714567	274	}
wolfSSL	7:481bce714567	275
wolfSSL	7:481bce714567	276	return ret;
wolfSSL	7:481bce714567	277	}
wolfSSL	7:481bce714567	278
wolfSSL	7:481bce714567	279
wolfSSL	7:481bce714567	280	#ifndef WC_NO_RSA_OAEP
wolfSSL	7:481bce714567	281	/* Uses MGF1 standard as a mask generation function
wolfSSL	7:481bce714567	282	hType: hash type used
wolfSSL	7:481bce714567	283	seed: seed to use for generating mask
wolfSSL	7:481bce714567	284	seedSz: size of seed buffer
wolfSSL	7:481bce714567	285	out: mask output after generation
wolfSSL	7:481bce714567	286	outSz: size of output buffer
wolfSSL	7:481bce714567	287	*/
wolfSSL	7:481bce714567	288	static int RsaMGF1(enum wc_HashType hType, byte* seed, word32 seedSz,
wolfSSL	7:481bce714567	289	byte* out, word32 outSz, void* heap)
wolfSSL	7:481bce714567	290	{
wolfSSL	7:481bce714567	291	byte* tmp;
wolfSSL	7:481bce714567	292	/* needs to be large enough for seed size plus counter(4) */
wolfSSL	7:481bce714567	293	byte tmpA[WC_MAX_DIGEST_SIZE + 4];
wolfSSL	7:481bce714567	294	byte tmpF; /* 1 if dynamic memory needs freed */
wolfSSL	7:481bce714567	295	word32 tmpSz;
wolfSSL	7:481bce714567	296	int hLen;
wolfSSL	7:481bce714567	297	int ret;
wolfSSL	7:481bce714567	298	word32 counter;
wolfSSL	7:481bce714567	299	word32 idx;
wolfSSL	7:481bce714567	300	hLen = wc_HashGetDigestSize(hType);
wolfSSL	7:481bce714567	301	counter = 0;
wolfSSL	7:481bce714567	302	idx = 0;
wolfSSL	7:481bce714567	303
wolfSSL	7:481bce714567	304	(void)heap;
wolfSSL	7:481bce714567	305
wolfSSL	7:481bce714567	306	/* check error return of wc_HashGetDigestSize */
wolfSSL	7:481bce714567	307	if (hLen < 0) {
wolfSSL	7:481bce714567	308	return hLen;
wolfSSL	7:481bce714567	309	}
wolfSSL	7:481bce714567	310
wolfSSL	7:481bce714567	311	/* if tmp is not large enough than use some dynamic memory */
wolfSSL	7:481bce714567	312	if ((seedSz + 4) > sizeof(tmpA) \|\| (word32)hLen > sizeof(tmpA)) {
wolfSSL	7:481bce714567	313	/* find largest amount of memory needed which will be the max of
wolfSSL	7:481bce714567	314	* hLen and (seedSz + 4) since tmp is used to store the hash digest */
wolfSSL	7:481bce714567	315	tmpSz = ((seedSz + 4) > (word32)hLen)? seedSz + 4: (word32)hLen;
wolfSSL	7:481bce714567	316	tmp = (byte*)XMALLOC(tmpSz, heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	7:481bce714567	317	if (tmp == NULL) {
wolfSSL	7:481bce714567	318	return MEMORY_E;
wolfSSL	7:481bce714567	319	}
wolfSSL	7:481bce714567	320	tmpF = 1; /* make sure to free memory when done */
wolfSSL	7:481bce714567	321	}
wolfSSL	7:481bce714567	322	else {
wolfSSL	7:481bce714567	323	/* use array on the stack */
wolfSSL	7:481bce714567	324	tmpSz = sizeof(tmpA);
wolfSSL	7:481bce714567	325	tmp = tmpA;
wolfSSL	7:481bce714567	326	tmpF = 0; /* no need to free memory at end */
wolfSSL	7:481bce714567	327	}
wolfSSL	7:481bce714567	328
wolfSSL	7:481bce714567	329	do {
wolfSSL	7:481bce714567	330	int i = 0;
wolfSSL	7:481bce714567	331	XMEMCPY(tmp, seed, seedSz);
wolfSSL	7:481bce714567	332
wolfSSL	7:481bce714567	333	/* counter to byte array appended to tmp */
wolfSSL	7:481bce714567	334	tmp[seedSz] = (counter >> 24) & 0xFF;
wolfSSL	7:481bce714567	335	tmp[seedSz + 1] = (counter >> 16) & 0xFF;
wolfSSL	7:481bce714567	336	tmp[seedSz + 2] = (counter >> 8) & 0xFF;
wolfSSL	7:481bce714567	337	tmp[seedSz + 3] = (counter) & 0xFF;
wolfSSL	7:481bce714567	338
wolfSSL	7:481bce714567	339	/* hash and append to existing output */
wolfSSL	7:481bce714567	340	if ((ret = wc_Hash(hType, tmp, (seedSz + 4), tmp, tmpSz)) != 0) {
wolfSSL	7:481bce714567	341	/* check for if dynamic memory was needed, then free */
wolfSSL	7:481bce714567	342	if (tmpF) {
wolfSSL	7:481bce714567	343	XFREE(tmp, heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	7:481bce714567	344	}
wolfSSL	7:481bce714567	345	return ret;
wolfSSL	7:481bce714567	346	}
wolfSSL	7:481bce714567	347
wolfSSL	7:481bce714567	348	for (i = 0; i < hLen && idx < outSz; i++) {
wolfSSL	7:481bce714567	349	out[idx++] = tmp[i];
wolfSSL	7:481bce714567	350	}
wolfSSL	7:481bce714567	351	counter++;
wolfSSL	7:481bce714567	352	} while (idx < outSz);
wolfSSL	7:481bce714567	353
wolfSSL	7:481bce714567	354	/* check for if dynamic memory was needed, then free */
wolfSSL	7:481bce714567	355	if (tmpF) {
wolfSSL	7:481bce714567	356	XFREE(tmp, heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	7:481bce714567	357	}
wolfSSL	7:481bce714567	358
wolfSSL	7:481bce714567	359	return 0;
wolfSSL	7:481bce714567	360	}
wolfSSL	7:481bce714567	361
wolfSSL	7:481bce714567	362	/* helper function to direct which mask generation function is used
wolfSSL	7:481bce714567	363	switeched on type input
wolfSSL	7:481bce714567	364	*/
wolfSSL	7:481bce714567	365	static int RsaMGF(int type, byte* seed, word32 seedSz, byte* out,
wolfSSL	7:481bce714567	366	word32 outSz, void* heap)
wolfSSL	7:481bce714567	367	{
wolfSSL	7:481bce714567	368	int ret;
wolfSSL	7:481bce714567	369
wolfSSL	7:481bce714567	370	switch(type) {
wolfSSL	7:481bce714567	371	#ifndef NO_SHA
wolfSSL	7:481bce714567	372	case WC_MGF1SHA1:
wolfSSL	7:481bce714567	373	ret = RsaMGF1(WC_HASH_TYPE_SHA, seed, seedSz, out, outSz, heap);
wolfSSL	7:481bce714567	374	break;
wolfSSL	7:481bce714567	375	#endif
wolfSSL	7:481bce714567	376	#ifndef NO_SHA256
wolfSSL	7:481bce714567	377	#ifdef WOLFSSL_SHA224
wolfSSL	7:481bce714567	378	case WC_MGF1SHA224:
wolfSSL	7:481bce714567	379	ret = RsaMGF1(WC_HASH_TYPE_SHA224, seed, seedSz, out, outSz, heap);
wolfSSL	7:481bce714567	380	break;
wolfSSL	7:481bce714567	381	#endif
wolfSSL	7:481bce714567	382	case WC_MGF1SHA256:
wolfSSL	7:481bce714567	383	ret = RsaMGF1(WC_HASH_TYPE_SHA256, seed, seedSz, out, outSz, heap);
wolfSSL	7:481bce714567	384	break;
wolfSSL	7:481bce714567	385	#endif
wolfSSL	7:481bce714567	386	#ifdef WOLFSSL_SHA512
wolfSSL	7:481bce714567	387	#ifdef WOLFSSL_SHA384
wolfSSL	7:481bce714567	388	case WC_MGF1SHA384:
wolfSSL	7:481bce714567	389	ret = RsaMGF1(WC_HASH_TYPE_SHA384, seed, seedSz, out, outSz, heap);
wolfSSL	7:481bce714567	390	break;
wolfSSL	7:481bce714567	391	#endif
wolfSSL	7:481bce714567	392	case WC_MGF1SHA512:
wolfSSL	7:481bce714567	393	ret = RsaMGF1(WC_HASH_TYPE_SHA512, seed, seedSz, out, outSz, heap);
wolfSSL	7:481bce714567	394	break;
wolfSSL	7:481bce714567	395	#endif
wolfSSL	7:481bce714567	396	default:
wolfSSL	7:481bce714567	397	WOLFSSL_MSG("Unknown MGF type: check build options");
wolfSSL	7:481bce714567	398	ret = BAD_FUNC_ARG;
wolfSSL	7:481bce714567	399	}
wolfSSL	7:481bce714567	400
wolfSSL	7:481bce714567	401	/* in case of default avoid unused warning */
wolfSSL	7:481bce714567	402	(void)seed;
wolfSSL	7:481bce714567	403	(void)seedSz;
wolfSSL	7:481bce714567	404	(void)out;
wolfSSL	7:481bce714567	405	(void)outSz;
wolfSSL	7:481bce714567	406	(void)heap;
wolfSSL	7:481bce714567	407
wolfSSL	7:481bce714567	408	return ret;
wolfSSL	7:481bce714567	409	}
wolfSSL	7:481bce714567	410	#endif /* !WC_NO_RSA_OAEP */
wolfSSL	7:481bce714567	411
wolfSSL	7:481bce714567	412
wolfSSL	7:481bce714567	413	/* Padding */
wolfSSL	7:481bce714567	414	#ifndef WC_NO_RSA_OAEP
wolfSSL	7:481bce714567	415	static int RsaPad_OAEP(const byte* input, word32 inputLen, byte* pkcsBlock,
wolfSSL	7:481bce714567	416	word32 pkcsBlockLen, byte padValue, WC_RNG* rng,
wolfSSL	7:481bce714567	417	enum wc_HashType hType, int mgf, byte* optLabel, word32 labelLen,
wolfSSL	7:481bce714567	418	void* heap)
wolfSSL	7:481bce714567	419	{
wolfSSL	7:481bce714567	420	int ret;
wolfSSL	7:481bce714567	421	int hLen;
wolfSSL	7:481bce714567	422	int psLen;
wolfSSL	7:481bce714567	423	int i;
wolfSSL	7:481bce714567	424	word32 idx;
wolfSSL	7:481bce714567	425
wolfSSL	7:481bce714567	426	byte* dbMask;
wolfSSL	7:481bce714567	427
wolfSSL	7:481bce714567	428	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	7:481bce714567	429	byte* lHash = NULL;
wolfSSL	7:481bce714567	430	byte* seed = NULL;
wolfSSL	7:481bce714567	431	#else
wolfSSL	7:481bce714567	432	/* must be large enough to contain largest hash */
wolfSSL	7:481bce714567	433	byte lHash[WC_MAX_DIGEST_SIZE];
wolfSSL	7:481bce714567	434	byte seed[ WC_MAX_DIGEST_SIZE];
wolfSSL	7:481bce714567	435	#endif
wolfSSL	7:481bce714567	436
wolfSSL	7:481bce714567	437	/* no label is allowed, but catch if no label provided and length > 0 */
wolfSSL	7:481bce714567	438	if (optLabel == NULL && labelLen > 0) {
wolfSSL	7:481bce714567	439	return BUFFER_E;
wolfSSL	7:481bce714567	440	}
wolfSSL	7:481bce714567	441
wolfSSL	7:481bce714567	442	/* limit of label is the same as limit of hash function which is massive */
wolfSSL	7:481bce714567	443	hLen = wc_HashGetDigestSize(hType);
wolfSSL	7:481bce714567	444	if (hLen < 0) {
wolfSSL	7:481bce714567	445	return hLen;
wolfSSL	7:481bce714567	446	}
wolfSSL	7:481bce714567	447
wolfSSL	7:481bce714567	448	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	7:481bce714567	449	lHash = (byte*)XMALLOC(hLen, heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	7:481bce714567	450	if (lHash == NULL) {
wolfSSL	7:481bce714567	451	return MEMORY_E;
wolfSSL	7:481bce714567	452	}
wolfSSL	7:481bce714567	453	seed = (byte*)XMALLOC(hLen, heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	7:481bce714567	454	if (seed == NULL) {
wolfSSL	7:481bce714567	455	XFREE(lHash, heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	7:481bce714567	456	return MEMORY_E;
wolfSSL	7:481bce714567	457	}
wolfSSL	7:481bce714567	458	#else
wolfSSL	7:481bce714567	459	/* hLen should never be larger than lHash since size is max digest size,
wolfSSL	7:481bce714567	460	but check before blindly calling wc_Hash */
wolfSSL	7:481bce714567	461	if ((word32)hLen > sizeof(lHash)) {
wolfSSL	7:481bce714567	462	WOLFSSL_MSG("OAEP lHash to small for digest!!");
wolfSSL	7:481bce714567	463	return MEMORY_E;
wolfSSL	7:481bce714567	464	}
wolfSSL	7:481bce714567	465	#endif
wolfSSL	7:481bce714567	466
wolfSSL	7:481bce714567	467	if ((ret = wc_Hash(hType, optLabel, labelLen, lHash, hLen)) != 0) {
wolfSSL	7:481bce714567	468	WOLFSSL_MSG("OAEP hash type possibly not supported or lHash to small");
wolfSSL	7:481bce714567	469	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	7:481bce714567	470	XFREE(lHash, heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	7:481bce714567	471	XFREE(seed, heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	7:481bce714567	472	#endif
wolfSSL	7:481bce714567	473	return ret;
wolfSSL	7:481bce714567	474	}
wolfSSL	7:481bce714567	475
wolfSSL	7:481bce714567	476	/* handles check of location for idx as well as psLen, cast to int to check
wolfSSL	7:481bce714567	477	for pkcsBlockLen(k) - 2 * hLen - 2 being negative
wolfSSL	7:481bce714567	478	This check is similar to decryption where k > 2 * hLen + 2 as msg
wolfSSL	7:481bce714567	479	size aproaches 0. In decryption if k is less than or equal -- then there
wolfSSL	7:481bce714567	480	is no possible room for msg.
wolfSSL	7:481bce714567	481	k = RSA key size
wolfSSL	7:481bce714567	482	hLen = hash digest size -- will always be >= 0 at this point
wolfSSL	7:481bce714567	483	*/
wolfSSL	7:481bce714567	484	if ((word32)(2 * hLen + 2) > pkcsBlockLen) {
wolfSSL	7:481bce714567	485	WOLFSSL_MSG("OAEP pad error hash to big for RSA key size");
wolfSSL	7:481bce714567	486	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	7:481bce714567	487	XFREE(lHash, heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	7:481bce714567	488	XFREE(seed, heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	7:481bce714567	489	#endif
wolfSSL	7:481bce714567	490	return BAD_FUNC_ARG;
wolfSSL	7:481bce714567	491	}
wolfSSL	7:481bce714567	492
wolfSSL	7:481bce714567	493	if (inputLen > (pkcsBlockLen - 2 * hLen - 2)) {
wolfSSL	7:481bce714567	494	WOLFSSL_MSG("OAEP pad error message too long");
wolfSSL	7:481bce714567	495	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	7:481bce714567	496	XFREE(lHash, heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	7:481bce714567	497	XFREE(seed, heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	7:481bce714567	498	#endif
wolfSSL	7:481bce714567	499	return BAD_FUNC_ARG;
wolfSSL	7:481bce714567	500	}
wolfSSL	7:481bce714567	501
wolfSSL	7:481bce714567	502	/* concatenate lHash \|\| PS \|\| 0x01 \|\| msg */
wolfSSL	7:481bce714567	503	idx = pkcsBlockLen - 1 - inputLen;
wolfSSL	7:481bce714567	504	psLen = pkcsBlockLen - inputLen - 2 * hLen - 2;
wolfSSL	7:481bce714567	505	if (pkcsBlockLen < inputLen) { /make sure not writing over end of buffer /
wolfSSL	7:481bce714567	506	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	7:481bce714567	507	XFREE(lHash, heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	7:481bce714567	508	XFREE(seed, heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	7:481bce714567	509	#endif
wolfSSL	7:481bce714567	510	return BUFFER_E;
wolfSSL	7:481bce714567	511	}
wolfSSL	7:481bce714567	512	XMEMCPY(pkcsBlock + (pkcsBlockLen - inputLen), input, inputLen);
wolfSSL	7:481bce714567	513	pkcsBlock[idx--] = 0x01; /* PS and M separator */
wolfSSL	7:481bce714567	514	while (psLen > 0 && idx > 0) {
wolfSSL	7:481bce714567	515	pkcsBlock[idx--] = 0x00;
wolfSSL	7:481bce714567	516	psLen--;
wolfSSL	7:481bce714567	517	}
wolfSSL	7:481bce714567	518
wolfSSL	7:481bce714567	519	idx = idx - hLen + 1;
wolfSSL	7:481bce714567	520	XMEMCPY(pkcsBlock + idx, lHash, hLen);
wolfSSL	7:481bce714567	521
wolfSSL	7:481bce714567	522	/* generate random seed */
wolfSSL	7:481bce714567	523	if ((ret = wc_RNG_GenerateBlock(rng, seed, hLen)) != 0) {
wolfSSL	7:481bce714567	524	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	7:481bce714567	525	XFREE(lHash, heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	7:481bce714567	526	XFREE(seed, heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	7:481bce714567	527	#endif
wolfSSL	7:481bce714567	528	return ret;
wolfSSL	7:481bce714567	529	}
wolfSSL	7:481bce714567	530
wolfSSL	7:481bce714567	531	/* create maskedDB from dbMask */
wolfSSL	7:481bce714567	532	dbMask = (byte*)XMALLOC(pkcsBlockLen - hLen - 1, heap, DYNAMIC_TYPE_RSA);
wolfSSL	7:481bce714567	533	if (dbMask == NULL) {
wolfSSL	7:481bce714567	534	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	7:481bce714567	535	XFREE(lHash, heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	7:481bce714567	536	XFREE(seed, heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	7:481bce714567	537	#endif
wolfSSL	7:481bce714567	538	return MEMORY_E;
wolfSSL	7:481bce714567	539	}
wolfSSL	7:481bce714567	540	XMEMSET(dbMask, 0, pkcsBlockLen - hLen - 1); /* help static analyzer */
wolfSSL	7:481bce714567	541
wolfSSL	7:481bce714567	542	ret = RsaMGF(mgf, seed, hLen, dbMask, pkcsBlockLen - hLen - 1, heap);
wolfSSL	7:481bce714567	543	if (ret != 0) {
wolfSSL	7:481bce714567	544	XFREE(dbMask, heap, DYNAMIC_TYPE_RSA);
wolfSSL	7:481bce714567	545	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	7:481bce714567	546	XFREE(lHash, heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	7:481bce714567	547	XFREE(seed, heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	7:481bce714567	548	#endif
wolfSSL	7:481bce714567	549	return ret;
wolfSSL	7:481bce714567	550	}
wolfSSL	7:481bce714567	551
wolfSSL	7:481bce714567	552	i = 0;
wolfSSL	7:481bce714567	553	idx = hLen + 1;
wolfSSL	7:481bce714567	554	while (idx < pkcsBlockLen && (word32)i < (pkcsBlockLen - hLen -1)) {
wolfSSL	7:481bce714567	555	pkcsBlock[idx] = dbMask[i++] ^ pkcsBlock[idx];
wolfSSL	7:481bce714567	556	idx++;
wolfSSL	7:481bce714567	557	}
wolfSSL	7:481bce714567	558	XFREE(dbMask, heap, DYNAMIC_TYPE_RSA);
wolfSSL	7:481bce714567	559
wolfSSL	7:481bce714567	560
wolfSSL	7:481bce714567	561	/* create maskedSeed from seedMask */
wolfSSL	7:481bce714567	562	idx = 0;
wolfSSL	7:481bce714567	563	pkcsBlock[idx++] = 0x00;
wolfSSL	7:481bce714567	564	/* create seedMask inline */
wolfSSL	7:481bce714567	565	if ((ret = RsaMGF(mgf, pkcsBlock + hLen + 1, pkcsBlockLen - hLen - 1,
wolfSSL	7:481bce714567	566	pkcsBlock + 1, hLen, heap)) != 0) {
wolfSSL	7:481bce714567	567	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	7:481bce714567	568	XFREE(lHash, heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	7:481bce714567	569	XFREE(seed, heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	7:481bce714567	570	#endif
wolfSSL	7:481bce714567	571	return ret;
wolfSSL	7:481bce714567	572	}
wolfSSL	7:481bce714567	573
wolfSSL	7:481bce714567	574	/* xor created seedMask with seed to make maskedSeed */
wolfSSL	7:481bce714567	575	i = 0;
wolfSSL	7:481bce714567	576	while (idx < (word32)(hLen + 1) && i < hLen) {
wolfSSL	7:481bce714567	577	pkcsBlock[idx] = pkcsBlock[idx] ^ seed[i++];
wolfSSL	7:481bce714567	578	idx++;
wolfSSL	7:481bce714567	579	}
wolfSSL	7:481bce714567	580
wolfSSL	7:481bce714567	581	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	7:481bce714567	582	XFREE(lHash, heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	7:481bce714567	583	XFREE(seed, heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	7:481bce714567	584	#endif
wolfSSL	7:481bce714567	585	(void)padValue;
wolfSSL	7:481bce714567	586
wolfSSL	7:481bce714567	587	return 0;
wolfSSL	7:481bce714567	588	}
wolfSSL	7:481bce714567	589	#endif /* !WC_NO_RSA_OAEP */
wolfSSL	7:481bce714567	590
wolfSSL	7:481bce714567	591
wolfSSL	7:481bce714567	592	static int RsaPad(const byte* input, word32 inputLen, byte* pkcsBlock,
wolfSSL	7:481bce714567	593	word32 pkcsBlockLen, byte padValue, WC_RNG* rng)
wolfSSL	7:481bce714567	594	{
wolfSSL	7:481bce714567	595	if (input == NULL \|\| inputLen == 0 \|\| pkcsBlock == NULL \|\|
wolfSSL	7:481bce714567	596	pkcsBlockLen == 0) {
wolfSSL	7:481bce714567	597	return BAD_FUNC_ARG;
wolfSSL	7:481bce714567	598	}
wolfSSL	7:481bce714567	599
wolfSSL	7:481bce714567	600	pkcsBlock[0] = 0x0; /* set first byte to zero and advance */
wolfSSL	7:481bce714567	601	pkcsBlock++; pkcsBlockLen--;
wolfSSL	7:481bce714567	602	pkcsBlock[0] = padValue; /* insert padValue */
wolfSSL	7:481bce714567	603
wolfSSL	7:481bce714567	604	if (padValue == RSA_BLOCK_TYPE_1) {
wolfSSL	7:481bce714567	605	if (pkcsBlockLen < inputLen + 2) {
wolfSSL	7:481bce714567	606	WOLFSSL_MSG("RsaPad error, invalid length");
wolfSSL	7:481bce714567	607	return RSA_PAD_E;
wolfSSL	7:481bce714567	608	}
wolfSSL	7:481bce714567	609
wolfSSL	7:481bce714567	610	/* pad with 0xff bytes */
wolfSSL	7:481bce714567	611	XMEMSET(&pkcsBlock[1], 0xFF, pkcsBlockLen - inputLen - 2);
wolfSSL	7:481bce714567	612	}
wolfSSL	7:481bce714567	613	else {
wolfSSL	7:481bce714567	614	/* pad with non-zero random bytes */
wolfSSL	7:481bce714567	615	word32 padLen, i;
wolfSSL	7:481bce714567	616	int ret;
wolfSSL	7:481bce714567	617
wolfSSL	7:481bce714567	618	if (pkcsBlockLen < inputLen + 1) {
wolfSSL	7:481bce714567	619	WOLFSSL_MSG("RsaPad error, invalid length");
wolfSSL	7:481bce714567	620	return RSA_PAD_E;
wolfSSL	7:481bce714567	621	}
wolfSSL	7:481bce714567	622
wolfSSL	7:481bce714567	623	padLen = pkcsBlockLen - inputLen - 1;
wolfSSL	7:481bce714567	624	ret = wc_RNG_GenerateBlock(rng, &pkcsBlock[1], padLen);
wolfSSL	7:481bce714567	625	if (ret != 0) {
wolfSSL	7:481bce714567	626	return ret;
wolfSSL	7:481bce714567	627	}
wolfSSL	7:481bce714567	628
wolfSSL	7:481bce714567	629	/* remove zeros */
wolfSSL	7:481bce714567	630	for (i = 1; i < padLen; i++) {
wolfSSL	7:481bce714567	631	if (pkcsBlock[i] == 0) pkcsBlock[i] = 0x01;
wolfSSL	7:481bce714567	632	}
wolfSSL	7:481bce714567	633	}
wolfSSL	7:481bce714567	634
wolfSSL	7:481bce714567	635	pkcsBlock[pkcsBlockLen-inputLen-1] = 0; /* separator */
wolfSSL	7:481bce714567	636	XMEMCPY(pkcsBlock+pkcsBlockLen-inputLen, input, inputLen);
wolfSSL	7:481bce714567	637
wolfSSL	7:481bce714567	638	return 0;
wolfSSL	7:481bce714567	639	}
wolfSSL	7:481bce714567	640
wolfSSL	7:481bce714567	641	/* helper function to direct which padding is used */
wolfSSL	7:481bce714567	642	static int wc_RsaPad_ex(const byte* input, word32 inputLen, byte* pkcsBlock,
wolfSSL	7:481bce714567	643	word32 pkcsBlockLen, byte padValue, WC_RNG* rng, int padType,
wolfSSL	7:481bce714567	644	enum wc_HashType hType, int mgf, byte* optLabel, word32 labelLen,
wolfSSL	7:481bce714567	645	void* heap)
wolfSSL	7:481bce714567	646	{
wolfSSL	7:481bce714567	647	int ret;
wolfSSL	7:481bce714567	648
wolfSSL	7:481bce714567	649	switch (padType)
wolfSSL	7:481bce714567	650	{
wolfSSL	7:481bce714567	651	case WC_RSA_PKCSV15_PAD:
wolfSSL	7:481bce714567	652	//WOLFSSL_MSG("wolfSSL Using RSA PKCSV15 padding");
wolfSSL	7:481bce714567	653	ret = RsaPad(input, inputLen, pkcsBlock, pkcsBlockLen,
wolfSSL	7:481bce714567	654	padValue, rng);
wolfSSL	7:481bce714567	655	break;
wolfSSL	7:481bce714567	656
wolfSSL	7:481bce714567	657	#ifndef WC_NO_RSA_OAEP
wolfSSL	7:481bce714567	658	case WC_RSA_OAEP_PAD:
wolfSSL	7:481bce714567	659	//WOLFSSL_MSG("wolfSSL Using RSA OAEP padding");
wolfSSL	7:481bce714567	660	ret = RsaPad_OAEP(input, inputLen, pkcsBlock, pkcsBlockLen,
wolfSSL	7:481bce714567	661	padValue, rng, hType, mgf, optLabel, labelLen, heap);
wolfSSL	7:481bce714567	662	break;
wolfSSL	7:481bce714567	663	#endif
wolfSSL	7:481bce714567	664	default:
wolfSSL	7:481bce714567	665	WOLFSSL_MSG("Unknown RSA Pad Type");
wolfSSL	7:481bce714567	666	ret = RSA_PAD_E;
wolfSSL	7:481bce714567	667	}
wolfSSL	7:481bce714567	668
wolfSSL	7:481bce714567	669	/* silence warning if not used with padding scheme */
wolfSSL	7:481bce714567	670	(void)hType;
wolfSSL	7:481bce714567	671	(void)mgf;
wolfSSL	7:481bce714567	672	(void)optLabel;
wolfSSL	7:481bce714567	673	(void)labelLen;
wolfSSL	7:481bce714567	674	(void)heap;
wolfSSL	7:481bce714567	675
wolfSSL	7:481bce714567	676	return ret;
wolfSSL	7:481bce714567	677	}
wolfSSL	7:481bce714567	678
wolfSSL	7:481bce714567	679
wolfSSL	7:481bce714567	680	/* UnPadding */
wolfSSL	7:481bce714567	681	#ifndef WC_NO_RSA_OAEP
wolfSSL	7:481bce714567	682	/* UnPad plaintext, set start to *output, return length of plaintext,
wolfSSL	7:481bce714567	683	* < 0 on error */
wolfSSL	7:481bce714567	684	static int RsaUnPad_OAEP(byte *pkcsBlock, unsigned int pkcsBlockLen,
wolfSSL	7:481bce714567	685	byte **output, enum wc_HashType hType, int mgf,
wolfSSL	7:481bce714567	686	byte* optLabel, word32 labelLen, void* heap)
wolfSSL	7:481bce714567	687	{
wolfSSL	7:481bce714567	688	int hLen;
wolfSSL	7:481bce714567	689	int ret;
wolfSSL	7:481bce714567	690	byte h[WC_MAX_DIGEST_SIZE]; /* max digest size */
wolfSSL	7:481bce714567	691	byte* tmp;
wolfSSL	7:481bce714567	692	word32 idx;
wolfSSL	7:481bce714567	693
wolfSSL	7:481bce714567	694	/* no label is allowed, but catch if no label provided and length > 0 */
wolfSSL	7:481bce714567	695	if (optLabel == NULL && labelLen > 0) {
wolfSSL	7:481bce714567	696	return BUFFER_E;
wolfSSL	7:481bce714567	697	}
wolfSSL	7:481bce714567	698
wolfSSL	7:481bce714567	699	hLen = wc_HashGetDigestSize(hType);
wolfSSL	7:481bce714567	700	if ((hLen < 0) \|\| (pkcsBlockLen < (2 * (word32)hLen + 2))) {
wolfSSL	7:481bce714567	701	return BAD_FUNC_ARG;
wolfSSL	7:481bce714567	702	}
wolfSSL	7:481bce714567	703
wolfSSL	7:481bce714567	704	tmp = (byte*)XMALLOC(pkcsBlockLen, heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	7:481bce714567	705	if (tmp == NULL) {
wolfSSL	7:481bce714567	706	return MEMORY_E;
wolfSSL	7:481bce714567	707	}
wolfSSL	7:481bce714567	708	XMEMSET(tmp, 0, pkcsBlockLen);
wolfSSL	7:481bce714567	709
wolfSSL	7:481bce714567	710	/* find seedMask value */
wolfSSL	7:481bce714567	711	if ((ret = RsaMGF(mgf, (byte*)(pkcsBlock + (hLen + 1)),
wolfSSL	7:481bce714567	712	pkcsBlockLen - hLen - 1, tmp, hLen, heap)) != 0) {
wolfSSL	7:481bce714567	713	XFREE(tmp, heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	7:481bce714567	714	return ret;
wolfSSL	7:481bce714567	715	}
wolfSSL	7:481bce714567	716
wolfSSL	7:481bce714567	717	/* xor seedMask value with maskedSeed to get seed value */
wolfSSL	7:481bce714567	718	for (idx = 0; idx < (word32)hLen; idx++) {
wolfSSL	7:481bce714567	719	tmp[idx] = tmp[idx] ^ pkcsBlock[1 + idx];
wolfSSL	7:481bce714567	720	}
wolfSSL	7:481bce714567	721
wolfSSL	7:481bce714567	722	/* get dbMask value */
wolfSSL	7:481bce714567	723	if ((ret = RsaMGF(mgf, tmp, hLen, tmp + hLen,
wolfSSL	7:481bce714567	724	pkcsBlockLen - hLen - 1, heap)) != 0) {
wolfSSL	7:481bce714567	725	XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	7:481bce714567	726	return ret;
wolfSSL	7:481bce714567	727	}
wolfSSL	7:481bce714567	728
wolfSSL	7:481bce714567	729	/* get DB value by doing maskedDB xor dbMask */
wolfSSL	7:481bce714567	730	for (idx = 0; idx < (pkcsBlockLen - hLen - 1); idx++) {
wolfSSL	7:481bce714567	731	pkcsBlock[hLen + 1 + idx] = pkcsBlock[hLen + 1 + idx] ^ tmp[idx + hLen];
wolfSSL	7:481bce714567	732	}
wolfSSL	7:481bce714567	733
wolfSSL	7:481bce714567	734	/* done with use of tmp buffer */
wolfSSL	7:481bce714567	735	XFREE(tmp, heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	7:481bce714567	736
wolfSSL	7:481bce714567	737	/* advance idx to index of PS and msg separator, account for PS size of 0*/
wolfSSL	7:481bce714567	738	idx = hLen + 1 + hLen;
wolfSSL	7:481bce714567	739	while (idx < pkcsBlockLen && pkcsBlock[idx] == 0) {idx++;}
wolfSSL	7:481bce714567	740
wolfSSL	7:481bce714567	741	/* create hash of label for comparision with hash sent */
wolfSSL	7:481bce714567	742	if ((ret = wc_Hash(hType, optLabel, labelLen, h, hLen)) != 0) {
wolfSSL	7:481bce714567	743	return ret;
wolfSSL	7:481bce714567	744	}
wolfSSL	7:481bce714567	745
wolfSSL	7:481bce714567	746	/* say no to chosen ciphertext attack.
wolfSSL	7:481bce714567	747	Comparison of lHash, Y, and separator value needs to all happen in
wolfSSL	7:481bce714567	748	constant time.
wolfSSL	7:481bce714567	749	Attackers should not be able to get error condition from the timing of
wolfSSL	7:481bce714567	750	these checks.
wolfSSL	7:481bce714567	751	*/
wolfSSL	7:481bce714567	752	ret = 0;
wolfSSL	7:481bce714567	753	ret \|= ConstantCompare(pkcsBlock + hLen + 1, h, hLen);
wolfSSL	7:481bce714567	754	ret += pkcsBlock[idx++] ^ 0x01; /* separator value is 0x01 */
wolfSSL	7:481bce714567	755	ret += pkcsBlock[0] ^ 0x00; /* Y, the first value, should be 0 */
wolfSSL	7:481bce714567	756
wolfSSL	7:481bce714567	757	if (ret != 0) {
wolfSSL	7:481bce714567	758	return BAD_PADDING_E;
wolfSSL	7:481bce714567	759	}
wolfSSL	7:481bce714567	760
wolfSSL	7:481bce714567	761	/* adjust pointer to correct location in array and return size of M */
wolfSSL	7:481bce714567	762	output = (byte)(pkcsBlock + idx);
wolfSSL	7:481bce714567	763	return pkcsBlockLen - idx;
wolfSSL	7:481bce714567	764	}
wolfSSL	7:481bce714567	765	#endif /* WC_NO_RSA_OAEP */
wolfSSL	7:481bce714567	766
wolfSSL	7:481bce714567	767
wolfSSL	7:481bce714567	768	/* UnPad plaintext, set start to *output, return length of plaintext,
wolfSSL	7:481bce714567	769	* < 0 on error */
wolfSSL	7:481bce714567	770	static int RsaUnPad(const byte *pkcsBlock, unsigned int pkcsBlockLen,
wolfSSL	7:481bce714567	771	byte **output, byte padValue)
wolfSSL	7:481bce714567	772	{
wolfSSL	7:481bce714567	773	word32 maxOutputLen = (pkcsBlockLen > 10) ? (pkcsBlockLen - 10) : 0;
wolfSSL	7:481bce714567	774	word32 invalid = 0;
wolfSSL	7:481bce714567	775	word32 i = 1;
wolfSSL	7:481bce714567	776	word32 outputLen;
wolfSSL	7:481bce714567	777
wolfSSL	7:481bce714567	778	if (output == NULL \|\| pkcsBlockLen == 0) {
wolfSSL	7:481bce714567	779	return BAD_FUNC_ARG;
wolfSSL	7:481bce714567	780	}
wolfSSL	7:481bce714567	781
wolfSSL	7:481bce714567	782	if (pkcsBlock[0] != 0x0) { /* skip past zero */
wolfSSL	7:481bce714567	783	invalid = 1;
wolfSSL	7:481bce714567	784	}
wolfSSL	7:481bce714567	785	pkcsBlock++; pkcsBlockLen--;
wolfSSL	7:481bce714567	786
wolfSSL	7:481bce714567	787	/* Require block type padValue */
wolfSSL	7:481bce714567	788	invalid = (pkcsBlock[0] != padValue) \|\| invalid;
wolfSSL	7:481bce714567	789
wolfSSL	7:481bce714567	790	/* verify the padding until we find the separator */
wolfSSL	7:481bce714567	791	if (padValue == RSA_BLOCK_TYPE_1) {
wolfSSL	7:481bce714567	792	while (i<pkcsBlockLen && pkcsBlock[i++] == 0xFF) {/* Null body */}
wolfSSL	7:481bce714567	793	}
wolfSSL	7:481bce714567	794	else {
wolfSSL	7:481bce714567	795	while (i<pkcsBlockLen && pkcsBlock[i++]) {/* Null body */}
wolfSSL	7:481bce714567	796	}
wolfSSL	7:481bce714567	797
wolfSSL	7:481bce714567	798	if(!(i==pkcsBlockLen \|\| pkcsBlock[i-1]==0)) {
wolfSSL	7:481bce714567	799	WOLFSSL_MSG("RsaUnPad error, bad formatting");
wolfSSL	7:481bce714567	800	return RSA_PAD_E;
wolfSSL	7:481bce714567	801	}
wolfSSL	7:481bce714567	802
wolfSSL	7:481bce714567	803	outputLen = pkcsBlockLen - i;
wolfSSL	7:481bce714567	804	invalid = (outputLen > maxOutputLen) \|\| invalid;
wolfSSL	7:481bce714567	805
wolfSSL	7:481bce714567	806	if (invalid) {
wolfSSL	7:481bce714567	807	WOLFSSL_MSG("RsaUnPad error, bad formatting");
wolfSSL	7:481bce714567	808	return RSA_PAD_E;
wolfSSL	7:481bce714567	809	}
wolfSSL	7:481bce714567	810
wolfSSL	7:481bce714567	811	output = (byte )(pkcsBlock + i);
wolfSSL	7:481bce714567	812	return outputLen;
wolfSSL	7:481bce714567	813	}
wolfSSL	7:481bce714567	814
wolfSSL	7:481bce714567	815	/* helper function to direct unpadding */
wolfSSL	7:481bce714567	816	static int wc_RsaUnPad_ex(byte* pkcsBlock, word32 pkcsBlockLen, byte** out,
wolfSSL	7:481bce714567	817	byte padValue, int padType, enum wc_HashType hType,
wolfSSL	7:481bce714567	818	int mgf, byte* optLabel, word32 labelLen, void* heap)
wolfSSL	7:481bce714567	819	{
wolfSSL	7:481bce714567	820	int ret;
wolfSSL	7:481bce714567	821
wolfSSL	7:481bce714567	822	switch (padType)
wolfSSL	7:481bce714567	823	{
wolfSSL	7:481bce714567	824	case WC_RSA_PKCSV15_PAD:
wolfSSL	7:481bce714567	825	WOLFSSL_MSG("wolfSSL Using RSA PKCSV15 padding");
wolfSSL	7:481bce714567	826	ret = RsaUnPad(pkcsBlock, pkcsBlockLen, out, padValue);
wolfSSL	7:481bce714567	827	break;
wolfSSL	7:481bce714567	828
wolfSSL	7:481bce714567	829	#ifndef WC_NO_RSA_OAEP
wolfSSL	7:481bce714567	830	case WC_RSA_OAEP_PAD:
wolfSSL	7:481bce714567	831	WOLFSSL_MSG("wolfSSL Using RSA OAEP padding");
wolfSSL	7:481bce714567	832	ret = RsaUnPad_OAEP((byte*)pkcsBlock, pkcsBlockLen, out,
wolfSSL	7:481bce714567	833	hType, mgf, optLabel, labelLen, heap);
wolfSSL	7:481bce714567	834	break;
wolfSSL	7:481bce714567	835	#endif
wolfSSL	7:481bce714567	836
wolfSSL	7:481bce714567	837	default:
wolfSSL	7:481bce714567	838	WOLFSSL_MSG("Unknown RSA UnPad Type");
wolfSSL	7:481bce714567	839	ret = RSA_PAD_E;
wolfSSL	7:481bce714567	840	}
wolfSSL	7:481bce714567	841
wolfSSL	7:481bce714567	842	/* silence warning if not used with padding scheme */
wolfSSL	7:481bce714567	843	(void)hType;
wolfSSL	7:481bce714567	844	(void)mgf;
wolfSSL	7:481bce714567	845	(void)optLabel;
wolfSSL	7:481bce714567	846	(void)labelLen;
wolfSSL	7:481bce714567	847	(void)heap;
wolfSSL	7:481bce714567	848
wolfSSL	7:481bce714567	849	return ret;
wolfSSL	7:481bce714567	850	}
wolfSSL	7:481bce714567	851
wolfSSL	7:481bce714567	852	static int wc_RsaFunctionSync(const byte* in, word32 inLen, byte* out,
wolfSSL	7:481bce714567	853	word32* outLen, int type, RsaKey* key, WC_RNG* rng)
wolfSSL	7:481bce714567	854	{
wolfSSL	7:481bce714567	855	mp_int tmp;
wolfSSL	7:481bce714567	856	#ifdef WC_RSA_BLINDING
wolfSSL	7:481bce714567	857	mp_int rnd, rndi;
wolfSSL	7:481bce714567	858	#endif
wolfSSL	7:481bce714567	859	int ret = 0;
wolfSSL	7:481bce714567	860	word32 keyLen, len;
wolfSSL	7:481bce714567	861
wolfSSL	7:481bce714567	862	(void)rng;
wolfSSL	7:481bce714567	863
wolfSSL	7:481bce714567	864	if (mp_init(&tmp) != MP_OKAY)
wolfSSL	7:481bce714567	865	return MP_INIT_E;
wolfSSL	7:481bce714567	866
wolfSSL	7:481bce714567	867	#ifdef WC_RSA_BLINDING
wolfSSL	7:481bce714567	868	if (type == RSA_PRIVATE_DECRYPT \|\| type == RSA_PRIVATE_ENCRYPT) {
wolfSSL	7:481bce714567	869	if (mp_init_multi(&rnd, &rndi, NULL, NULL, NULL, NULL) != MP_OKAY) {
wolfSSL	7:481bce714567	870	mp_clear(&tmp);
wolfSSL	7:481bce714567	871	return MP_INIT_E;
wolfSSL	7:481bce714567	872	}
wolfSSL	7:481bce714567	873	}
wolfSSL	7:481bce714567	874	#endif
wolfSSL	7:481bce714567	875
wolfSSL	7:481bce714567	876	if (mp_read_unsigned_bin(&tmp, (byte*)in, inLen) != MP_OKAY)
wolfSSL	7:481bce714567	877	ERROR_OUT(MP_READ_E);
wolfSSL	7:481bce714567	878
wolfSSL	7:481bce714567	879	switch(type) {
wolfSSL	7:481bce714567	880	case RSA_PRIVATE_DECRYPT:
wolfSSL	7:481bce714567	881	case RSA_PRIVATE_ENCRYPT:
wolfSSL	7:481bce714567	882	{
wolfSSL	7:481bce714567	883	#ifdef WC_RSA_BLINDING
wolfSSL	7:481bce714567	884	/* blind */
wolfSSL	7:481bce714567	885	ret = mp_rand(&rnd, get_digit_count(&key->n), rng);
wolfSSL	7:481bce714567	886	if (ret != MP_OKAY)
wolfSSL	7:481bce714567	887	ERROR_OUT(ret);
wolfSSL	7:481bce714567	888
wolfSSL	7:481bce714567	889	/* rndi = 1/rnd mod n */
wolfSSL	7:481bce714567	890	if (mp_invmod(&rnd, &key->n, &rndi) != MP_OKAY)
wolfSSL	7:481bce714567	891	ERROR_OUT(MP_INVMOD_E);
wolfSSL	7:481bce714567	892
wolfSSL	7:481bce714567	893	/* rnd = rnd^e */
wolfSSL	7:481bce714567	894	if (mp_exptmod(&rnd, &key->e, &key->n, &rnd) != MP_OKAY)
wolfSSL	7:481bce714567	895	ERROR_OUT(MP_EXPTMOD_E);
wolfSSL	7:481bce714567	896
wolfSSL	7:481bce714567	897	/* tmp = tmprnd mod n /
wolfSSL	7:481bce714567	898	if (mp_mulmod(&tmp, &rnd, &key->n, &tmp) != MP_OKAY)
wolfSSL	7:481bce714567	899	ERROR_OUT(MP_MULMOD_E);
wolfSSL	7:481bce714567	900	#endif /* WC_RSA_BLINGING */
wolfSSL	7:481bce714567	901
wolfSSL	7:481bce714567	902	#ifdef RSA_LOW_MEM /* half as much memory but twice as slow */
wolfSSL	7:481bce714567	903	if (mp_exptmod(&tmp, &key->d, &key->n, &tmp) != MP_OKAY)
wolfSSL	7:481bce714567	904	ERROR_OUT(MP_EXPTMOD_E);
wolfSSL	7:481bce714567	905	#else
wolfSSL	7:481bce714567	906	/* Return 0 when cond is false and n when cond is true. */
wolfSSL	7:481bce714567	907	#define COND_N(cond, n) ((0 - (cond)) & (n))
wolfSSL	7:481bce714567	908	/* If ret has an error value return it otherwise if r is OK then return
wolfSSL	7:481bce714567	909	* 0 otherwise return e.
wolfSSL	7:481bce714567	910	*/
wolfSSL	7:481bce714567	911	#define RET_ERR(ret, r, e) \
wolfSSL	7:481bce714567	912	((ret) \| (COND_N((ret) == 0, COND_N((r) != MP_OKAY, (e)))))
wolfSSL	7:481bce714567	913
wolfSSL	7:481bce714567	914	{ /* tmpa/b scope */
wolfSSL	7:481bce714567	915	mp_int tmpa, tmpb;
wolfSSL	7:481bce714567	916	int r;
wolfSSL	7:481bce714567	917
wolfSSL	7:481bce714567	918	if (mp_init(&tmpa) != MP_OKAY)
wolfSSL	7:481bce714567	919	ERROR_OUT(MP_INIT_E);
wolfSSL	7:481bce714567	920
wolfSSL	7:481bce714567	921	if (mp_init(&tmpb) != MP_OKAY) {
wolfSSL	7:481bce714567	922	mp_clear(&tmpa);
wolfSSL	7:481bce714567	923	ERROR_OUT(MP_INIT_E);
wolfSSL	7:481bce714567	924	}
wolfSSL	7:481bce714567	925
wolfSSL	7:481bce714567	926	/* tmpa = tmp^dP mod p */
wolfSSL	7:481bce714567	927	r = mp_exptmod(&tmp, &key->dP, &key->p, &tmpa);
wolfSSL	7:481bce714567	928	ret = RET_ERR(ret, r, MP_EXPTMOD_E);
wolfSSL	7:481bce714567	929
wolfSSL	7:481bce714567	930	/* tmpb = tmp^dQ mod q */
wolfSSL	7:481bce714567	931	r = mp_exptmod(&tmp, &key->dQ, &key->q, &tmpb);
wolfSSL	7:481bce714567	932	ret = RET_ERR(ret, r, MP_EXPTMOD_E);
wolfSSL	7:481bce714567	933
wolfSSL	7:481bce714567	934	/* tmp = (tmpa - tmpb) * qInv (mod p) */
wolfSSL	7:481bce714567	935	r = mp_sub(&tmpa, &tmpb, &tmp);
wolfSSL	7:481bce714567	936	ret = RET_ERR(ret, r, MP_SUB_E);
wolfSSL	7:481bce714567	937
wolfSSL	7:481bce714567	938	r = mp_mulmod(&tmp, &key->u, &key->p, &tmp);
wolfSSL	7:481bce714567	939	ret = RET_ERR(ret, r, MP_MULMOD_E);
wolfSSL	7:481bce714567	940
wolfSSL	7:481bce714567	941	/* tmp = tmpb + q * tmp */
wolfSSL	7:481bce714567	942	r = mp_mul(&tmp, &key->q, &tmp);
wolfSSL	7:481bce714567	943	ret = RET_ERR(ret, r, MP_MUL_E);
wolfSSL	7:481bce714567	944
wolfSSL	7:481bce714567	945	r = mp_add(&tmp, &tmpb, &tmp);
wolfSSL	7:481bce714567	946	ret = RET_ERR(ret, r, MP_ADD_E);
wolfSSL	7:481bce714567	947
wolfSSL	7:481bce714567	948	mp_clear(&tmpa);
wolfSSL	7:481bce714567	949	mp_clear(&tmpb);
wolfSSL	7:481bce714567	950
wolfSSL	7:481bce714567	951	if (ret != 0) {
wolfSSL	7:481bce714567	952	goto done;
wolfSSL	7:481bce714567	953	}
wolfSSL	7:481bce714567	954	#undef RET_ERR
wolfSSL	7:481bce714567	955	#undef COND_N
wolfSSL	7:481bce714567	956	} /* tmpa/b scope */
wolfSSL	7:481bce714567	957	#endif /* RSA_LOW_MEM */
wolfSSL	7:481bce714567	958
wolfSSL	7:481bce714567	959	#ifdef WC_RSA_BLINDING
wolfSSL	7:481bce714567	960	/* unblind */
wolfSSL	7:481bce714567	961	if (mp_mulmod(&tmp, &rndi, &key->n, &tmp) != MP_OKAY)
wolfSSL	7:481bce714567	962	ERROR_OUT(MP_MULMOD_E);
wolfSSL	7:481bce714567	963	#endif /* WC_RSA_BLINDING */
wolfSSL	7:481bce714567	964
wolfSSL	7:481bce714567	965	break;
wolfSSL	7:481bce714567	966	}
wolfSSL	7:481bce714567	967	case RSA_PUBLIC_ENCRYPT:
wolfSSL	7:481bce714567	968	case RSA_PUBLIC_DECRYPT:
wolfSSL	7:481bce714567	969	if (mp_exptmod(&tmp, &key->e, &key->n, &tmp) != MP_OKAY)
wolfSSL	7:481bce714567	970	ERROR_OUT(MP_EXPTMOD_E);
wolfSSL	7:481bce714567	971	break;
wolfSSL	7:481bce714567	972	default:
wolfSSL	7:481bce714567	973	ERROR_OUT(RSA_WRONG_TYPE_E);
wolfSSL	7:481bce714567	974	}
wolfSSL	7:481bce714567	975
wolfSSL	7:481bce714567	976	keyLen = wc_RsaEncryptSize(key);
wolfSSL	7:481bce714567	977	if (keyLen > *outLen) {
wolfSSL	7:481bce714567	978	ERROR_OUT(RSA_BUFFER_E);
wolfSSL	7:481bce714567	979	}
wolfSSL	7:481bce714567	980
wolfSSL	7:481bce714567	981	len = mp_unsigned_bin_size(&tmp);
wolfSSL	7:481bce714567	982
wolfSSL	7:481bce714567	983	/* pad front w/ zeros to match key length */
wolfSSL	7:481bce714567	984	while (len < keyLen) {
wolfSSL	7:481bce714567	985	*out++ = 0x00;
wolfSSL	7:481bce714567	986	len++;
wolfSSL	7:481bce714567	987	}
wolfSSL	7:481bce714567	988
wolfSSL	7:481bce714567	989	*outLen = keyLen;
wolfSSL	7:481bce714567	990
wolfSSL	7:481bce714567	991	/* convert */
wolfSSL	7:481bce714567	992	if (mp_to_unsigned_bin(&tmp, out) != MP_OKAY)
wolfSSL	7:481bce714567	993	ERROR_OUT(MP_TO_E);
wolfSSL	7:481bce714567	994
wolfSSL	7:481bce714567	995	done:
wolfSSL	7:481bce714567	996	mp_clear(&tmp);
wolfSSL	7:481bce714567	997	#ifdef WC_RSA_BLINDING
wolfSSL	7:481bce714567	998	if (type == RSA_PRIVATE_DECRYPT \|\| type == RSA_PRIVATE_ENCRYPT) {
wolfSSL	7:481bce714567	999	mp_clear(&rndi);
wolfSSL	7:481bce714567	1000	mp_clear(&rnd);
wolfSSL	7:481bce714567	1001	}
wolfSSL	7:481bce714567	1002	#endif
wolfSSL	7:481bce714567	1003	if (ret == MP_EXPTMOD_E) {
wolfSSL	7:481bce714567	1004	WOLFSSL_MSG("RSA_FUNCTION MP_EXPTMOD_E: memory/config problem");
wolfSSL	7:481bce714567	1005	}
wolfSSL	7:481bce714567	1006	return ret;
wolfSSL	7:481bce714567	1007	}
wolfSSL	7:481bce714567	1008
wolfSSL	7:481bce714567	1009	#ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL	7:481bce714567	1010	static int wc_RsaFunctionAsync(const byte* in, word32 inLen, byte* out,
wolfSSL	7:481bce714567	1011	word32* outLen, int type, RsaKey* key, WC_RNG* rng)
wolfSSL	7:481bce714567	1012	{
wolfSSL	7:481bce714567	1013	int ret = 0;
wolfSSL	7:481bce714567	1014
wolfSSL	7:481bce714567	1015	#ifdef WOLFSSL_ASYNC_CRYPT_TEST
wolfSSL	7:481bce714567	1016	AsyncCryptTestDev* testDev = &key->asyncDev.dev;
wolfSSL	7:481bce714567	1017	if (testDev->type == ASYNC_TEST_NONE) {
wolfSSL	7:481bce714567	1018	testDev->type = ASYNC_TEST_RSA_FUNC;
wolfSSL	7:481bce714567	1019	testDev->rsaFunc.in = in;
wolfSSL	7:481bce714567	1020	testDev->rsaFunc.inSz = inLen;
wolfSSL	7:481bce714567	1021	testDev->rsaFunc.out = out;
wolfSSL	7:481bce714567	1022	testDev->rsaFunc.outSz = outLen;
wolfSSL	7:481bce714567	1023	testDev->rsaFunc.type = type;
wolfSSL	7:481bce714567	1024	testDev->rsaFunc.key = key;
wolfSSL	7:481bce714567	1025	testDev->rsaFunc.rng = rng;
wolfSSL	7:481bce714567	1026	return WC_PENDING_E;
wolfSSL	7:481bce714567	1027	}
wolfSSL	7:481bce714567	1028	#endif /* WOLFSSL_ASYNC_CRYPT_TEST */
wolfSSL	7:481bce714567	1029
wolfSSL	7:481bce714567	1030	switch(type) {
wolfSSL	7:481bce714567	1031	case RSA_PRIVATE_DECRYPT:
wolfSSL	7:481bce714567	1032	case RSA_PRIVATE_ENCRYPT:
wolfSSL	7:481bce714567	1033	#ifdef HAVE_CAVIUM
wolfSSL	7:481bce714567	1034	ret = NitroxRsaExptMod(in, inLen, key->d.dpraw, key->d.used,
wolfSSL	7:481bce714567	1035	key->n.dpraw, key->n.used, out, outLen, key);
wolfSSL	7:481bce714567	1036	#elif defined(HAVE_INTEL_QA)
wolfSSL	7:481bce714567	1037	/* TODO: Add support for Intel Quick Assist */
wolfSSL	7:481bce714567	1038	ret = -1;
wolfSSL	7:481bce714567	1039	#else /* WOLFSSL_ASYNC_CRYPT_TEST */
wolfSSL	7:481bce714567	1040	ret = wc_RsaFunctionSync(in, inLen, out, outLen, type, key, rng);
wolfSSL	7:481bce714567	1041	#endif
wolfSSL	7:481bce714567	1042	break;
wolfSSL	7:481bce714567	1043
wolfSSL	7:481bce714567	1044	case RSA_PUBLIC_ENCRYPT:
wolfSSL	7:481bce714567	1045	case RSA_PUBLIC_DECRYPT:
wolfSSL	7:481bce714567	1046	#ifdef HAVE_CAVIUM
wolfSSL	7:481bce714567	1047	ret = NitroxRsaExptMod(in, inLen, key->e.dpraw, key->e.used,
wolfSSL	7:481bce714567	1048	key->n.dpraw, key->n.used, out, outLen, key);
wolfSSL	7:481bce714567	1049	#elif defined(HAVE_INTEL_QA)
wolfSSL	7:481bce714567	1050	/* TODO: Add support for Intel Quick Assist */
wolfSSL	7:481bce714567	1051	ret = -1;
wolfSSL	7:481bce714567	1052	#else /* WOLFSSL_ASYNC_CRYPT_TEST */
wolfSSL	7:481bce714567	1053	ret = wc_RsaFunctionSync(in, inLen, out, outLen, type, key, rng);
wolfSSL	7:481bce714567	1054	#endif
wolfSSL	7:481bce714567	1055	break;
wolfSSL	7:481bce714567	1056
wolfSSL	7:481bce714567	1057	default:
wolfSSL	7:481bce714567	1058	ret = RSA_WRONG_TYPE_E;
wolfSSL	7:481bce714567	1059	}
wolfSSL	7:481bce714567	1060
wolfSSL	7:481bce714567	1061	return ret;
wolfSSL	7:481bce714567	1062	}
wolfSSL	7:481bce714567	1063	#endif /* WOLFSSL_ASYNC_CRYPT */
wolfSSL	7:481bce714567	1064
wolfSSL	7:481bce714567	1065	int wc_RsaFunction(const byte* in, word32 inLen, byte* out,
wolfSSL	7:481bce714567	1066	word32* outLen, int type, RsaKey* key, WC_RNG* rng)
wolfSSL	7:481bce714567	1067	{
wolfSSL	7:481bce714567	1068	int ret;
wolfSSL	7:481bce714567	1069
wolfSSL	7:481bce714567	1070	if (key == NULL \|\| in == NULL \|\| inLen == 0 \|\| out == NULL \|\|
wolfSSL	7:481bce714567	1071	outLen == NULL \|\| *outLen == 0 \|\| type == RSA_TYPE_UNKNOWN) {
wolfSSL	7:481bce714567	1072	return BAD_FUNC_ARG;
wolfSSL	7:481bce714567	1073	}
wolfSSL	7:481bce714567	1074
wolfSSL	7:481bce714567	1075	#ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL	7:481bce714567	1076	if (key->asyncDev.marker == WOLFSSL_ASYNC_MARKER_RSA) {
wolfSSL	7:481bce714567	1077	ret = wc_RsaFunctionAsync(in, inLen, out, outLen, type, key, rng);
wolfSSL	7:481bce714567	1078	}
wolfSSL	7:481bce714567	1079	else
wolfSSL	7:481bce714567	1080	#endif
wolfSSL	7:481bce714567	1081	{
wolfSSL	7:481bce714567	1082	ret = wc_RsaFunctionSync(in, inLen, out, outLen, type, key, rng);
wolfSSL	7:481bce714567	1083	}
wolfSSL	7:481bce714567	1084
wolfSSL	7:481bce714567	1085	if (ret == MP_EXPTMOD_E) {
wolfSSL	7:481bce714567	1086	/* This can happen due to incorrectly set FP_MAX_BITS or missing XREALLOC */
wolfSSL	7:481bce714567	1087	WOLFSSL_MSG("RSA_FUNCTION MP_EXPTMOD_E: memory/config problem");
wolfSSL	7:481bce714567	1088	}
wolfSSL	7:481bce714567	1089	return ret;
wolfSSL	7:481bce714567	1090	}
wolfSSL	7:481bce714567	1091
wolfSSL	7:481bce714567	1092
wolfSSL	7:481bce714567	1093	/* Internal Wrappers */
wolfSSL	7:481bce714567	1094	/* Gives the option of choosing padding type
wolfSSL	7:481bce714567	1095	in : input to be encrypted
wolfSSL	7:481bce714567	1096	inLen: length of input buffer
wolfSSL	7:481bce714567	1097	out: encrypted output
wolfSSL	7:481bce714567	1098	outLen: length of encrypted output buffer
wolfSSL	7:481bce714567	1099	key : wolfSSL initialized RSA key struct
wolfSSL	7:481bce714567	1100	rng : wolfSSL initialized random number struct
wolfSSL	7:481bce714567	1101	rsa_type : type of RSA: RSA_PUBLIC_ENCRYPT, RSA_PUBLIC_DECRYPT,
wolfSSL	7:481bce714567	1102	RSA_PRIVATE_ENCRYPT or RSA_PRIVATE_DECRYPT
wolfSSL	7:481bce714567	1103	pad_value: RSA_BLOCK_TYPE_1 or RSA_BLOCK_TYPE_2
wolfSSL	7:481bce714567	1104	pad_type : type of padding: WC_RSA_PKCSV15_PAD or WC_RSA_OAEP_PAD
wolfSSL	7:481bce714567	1105	hash : type of hash algorithm to use found in wolfssl/wolfcrypt/hash.h
wolfSSL	7:481bce714567	1106	mgf : type of mask generation function to use
wolfSSL	7:481bce714567	1107	label : optional label
wolfSSL	7:481bce714567	1108	labelSz : size of optional label buffer */
wolfSSL	7:481bce714567	1109	static int RsaPublicEncryptEx(const byte* in, word32 inLen, byte* out,
wolfSSL	7:481bce714567	1110	word32 outLen, RsaKey* key, int rsa_type,
wolfSSL	7:481bce714567	1111	byte pad_value, int pad_type,
wolfSSL	7:481bce714567	1112	enum wc_HashType hash, int mgf,
wolfSSL	7:481bce714567	1113	byte* label, word32 labelSz, WC_RNG* rng)
wolfSSL	7:481bce714567	1114	{
wolfSSL	7:481bce714567	1115	int ret = BAD_FUNC_ARG, sz;
wolfSSL	7:481bce714567	1116
wolfSSL	7:481bce714567	1117	if (in == NULL \|\| inLen == 0 \|\| out == NULL \|\| key == NULL) {
wolfSSL	7:481bce714567	1118	return ret;
wolfSSL	7:481bce714567	1119	}
wolfSSL	7:481bce714567	1120
wolfSSL	7:481bce714567	1121	sz = wc_RsaEncryptSize(key);
wolfSSL	7:481bce714567	1122	if (sz > (int)outLen) {
wolfSSL	7:481bce714567	1123	return RSA_BUFFER_E;
wolfSSL	7:481bce714567	1124	}
wolfSSL	7:481bce714567	1125
wolfSSL	7:481bce714567	1126	if (sz < RSA_MIN_PAD_SZ) {
wolfSSL	7:481bce714567	1127	return WC_KEY_SIZE_E;
wolfSSL	7:481bce714567	1128	}
wolfSSL	7:481bce714567	1129
wolfSSL	7:481bce714567	1130	if (inLen > (word32)(sz - RSA_MIN_PAD_SZ)) {
wolfSSL	7:481bce714567	1131	return RSA_BUFFER_E;
wolfSSL	7:481bce714567	1132	}
wolfSSL	7:481bce714567	1133
wolfSSL	7:481bce714567	1134	switch (key->state) {
wolfSSL	7:481bce714567	1135	case RSA_STATE_NONE:
wolfSSL	7:481bce714567	1136	case RSA_STATE_ENCRYPT_PAD:
wolfSSL	7:481bce714567	1137
wolfSSL	7:481bce714567	1138	#if defined(WOLFSSL_ASYNC_CRYPT) && defined(HAVE_CAVIUM)
wolfSSL	7:481bce714567	1139	if (key->asyncDev.marker == WOLFSSL_ASYNC_MARKER_RSA) {
wolfSSL	7:481bce714567	1140	if (rsa_type == RSA_PUBLIC_ENCRYPT && pad_value == RSA_BLOCK_TYPE_2) {
wolfSSL	7:481bce714567	1141	key->state = RSA_STATE_ENCRYPT_RES;
wolfSSL	7:481bce714567	1142	key->tmpLen = key->n.used;
wolfSSL	7:481bce714567	1143	return NitroxRsaPublicEncrypt(in, inLen, out, outLen, key);
wolfSSL	7:481bce714567	1144	}
wolfSSL	7:481bce714567	1145	else if (rsa_type == RSA_PRIVATE_ENCRYPT && pad_value == RSA_BLOCK_TYPE_1) {
wolfSSL	7:481bce714567	1146	key->state = RSA_STATE_ENCRYPT_RES;
wolfSSL	7:481bce714567	1147	key->tmpLen = key->n.used;
wolfSSL	7:481bce714567	1148	return NitroxRsaSSL_Sign(in, inLen, out, outLen, key);
wolfSSL	7:481bce714567	1149	}
wolfSSL	7:481bce714567	1150	}
wolfSSL	7:481bce714567	1151	#endif
wolfSSL	7:481bce714567	1152
wolfSSL	7:481bce714567	1153	key->state = RSA_STATE_ENCRYPT_EXPTMOD;
wolfSSL	7:481bce714567	1154
wolfSSL	7:481bce714567	1155	ret = wc_RsaPad_ex(in, inLen, out, sz, pad_value, rng,
wolfSSL	7:481bce714567	1156	pad_type, hash, mgf, label, labelSz, key->heap);
wolfSSL	7:481bce714567	1157	if (ret < 0) {
wolfSSL	7:481bce714567	1158	break;
wolfSSL	7:481bce714567	1159	}
wolfSSL	7:481bce714567	1160	/* fall through */
wolfSSL	7:481bce714567	1161	case RSA_STATE_ENCRYPT_EXPTMOD:
wolfSSL	7:481bce714567	1162	key->state = RSA_STATE_ENCRYPT_RES;
wolfSSL	7:481bce714567	1163
wolfSSL	7:481bce714567	1164	key->tmpLen = outLen;
wolfSSL	7:481bce714567	1165	ret = wc_RsaFunction(out, sz, out, &key->tmpLen, rsa_type, key, rng);
wolfSSL	7:481bce714567	1166	if (ret < 0) {
wolfSSL	7:481bce714567	1167	break;
wolfSSL	7:481bce714567	1168	}
wolfSSL	7:481bce714567	1169	/* fall through */
wolfSSL	7:481bce714567	1170	case RSA_STATE_ENCRYPT_RES:
wolfSSL	7:481bce714567	1171	key->state = RSA_STATE_NONE;
wolfSSL	7:481bce714567	1172	ret = key->tmpLen;
wolfSSL	7:481bce714567	1173	break;
wolfSSL	7:481bce714567	1174
wolfSSL	7:481bce714567	1175	default:
wolfSSL	7:481bce714567	1176	ret = BAD_STATE_E;
wolfSSL	7:481bce714567	1177	}
wolfSSL	7:481bce714567	1178
wolfSSL	7:481bce714567	1179	/* if async pending then return and skip done cleanup below */
wolfSSL	7:481bce714567	1180	if (ret == WC_PENDING_E) {
wolfSSL	7:481bce714567	1181	return ret;
wolfSSL	7:481bce714567	1182	}
wolfSSL	7:481bce714567	1183
wolfSSL	7:481bce714567	1184	key->state = RSA_STATE_NONE;
wolfSSL	7:481bce714567	1185
wolfSSL	7:481bce714567	1186	return ret;
wolfSSL	7:481bce714567	1187	}
wolfSSL	7:481bce714567	1188
wolfSSL	7:481bce714567	1189	/* Gives the option of choosing padding type
wolfSSL	7:481bce714567	1190	in : input to be decrypted
wolfSSL	7:481bce714567	1191	inLen: length of input buffer
wolfSSL	7:481bce714567	1192	out: decrypted message
wolfSSL	7:481bce714567	1193	outLen: length of decrypted message in bytes
wolfSSL	7:481bce714567	1194	outPtr: optional inline output pointer (if provided doing inline)
wolfSSL	7:481bce714567	1195	key : wolfSSL initialized RSA key struct
wolfSSL	7:481bce714567	1196	rsa_type : type of RSA: RSA_PUBLIC_ENCRYPT, RSA_PUBLIC_DECRYPT,
wolfSSL	7:481bce714567	1197	RSA_PRIVATE_ENCRYPT or RSA_PRIVATE_DECRYPT
wolfSSL	7:481bce714567	1198	pad_value: RSA_BLOCK_TYPE_1 or RSA_BLOCK_TYPE_2
wolfSSL	7:481bce714567	1199	pad_type : type of padding: WC_RSA_PKCSV15_PAD or WC_RSA_OAEP_PAD
wolfSSL	7:481bce714567	1200	hash : type of hash algorithm to use found in wolfssl/wolfcrypt/hash.h
wolfSSL	7:481bce714567	1201	mgf : type of mask generation function to use
wolfSSL	7:481bce714567	1202	label : optional label
wolfSSL	7:481bce714567	1203	labelSz : size of optional label buffer */
wolfSSL	7:481bce714567	1204	static int RsaPrivateDecryptEx(byte* in, word32 inLen, byte* out,
wolfSSL	7:481bce714567	1205	word32 outLen, byte** outPtr, RsaKey* key,
wolfSSL	7:481bce714567	1206	int rsa_type, byte pad_value, int pad_type,
wolfSSL	7:481bce714567	1207	enum wc_HashType hash, int mgf,
wolfSSL	7:481bce714567	1208	byte* label, word32 labelSz, WC_RNG* rng)
wolfSSL	7:481bce714567	1209	{
wolfSSL	7:481bce714567	1210	int ret = BAD_FUNC_ARG;
wolfSSL	7:481bce714567	1211
wolfSSL	7:481bce714567	1212	if (in == NULL \|\| inLen == 0 \|\| out == NULL \|\| key == NULL) {
wolfSSL	7:481bce714567	1213	return ret;
wolfSSL	7:481bce714567	1214	}
wolfSSL	7:481bce714567	1215
wolfSSL	7:481bce714567	1216	switch (key->state) {
wolfSSL	7:481bce714567	1217	case RSA_STATE_NONE:
wolfSSL	7:481bce714567	1218	case RSA_STATE_DECRYPT_EXPTMOD:
wolfSSL	7:481bce714567	1219	#if defined(WOLFSSL_ASYNC_CRYPT) && defined(HAVE_CAVIUM)
wolfSSL	7:481bce714567	1220	if (key->asyncDev.marker == WOLFSSL_ASYNC_MARKER_RSA) {
wolfSSL	7:481bce714567	1221	key->tmpLen = 0;
wolfSSL	7:481bce714567	1222	if (rsa_type == RSA_PRIVATE_DECRYPT && pad_value == RSA_BLOCK_TYPE_2) {
wolfSSL	7:481bce714567	1223	key->state = RSA_STATE_DECRYPT_RES;
wolfSSL	7:481bce714567	1224	key->tmp = NULL;
wolfSSL	7:481bce714567	1225	ret = NitroxRsaPrivateDecrypt(in, inLen, out, outLen, key);
wolfSSL	7:481bce714567	1226	if (ret > 0) {
wolfSSL	7:481bce714567	1227	if (outPtr)
wolfSSL	7:481bce714567	1228	*outPtr = in;
wolfSSL	7:481bce714567	1229	}
wolfSSL	7:481bce714567	1230	return ret;
wolfSSL	7:481bce714567	1231	}
wolfSSL	7:481bce714567	1232	else if (rsa_type == RSA_PUBLIC_DECRYPT && pad_value == RSA_BLOCK_TYPE_1) {
wolfSSL	7:481bce714567	1233	key->state = RSA_STATE_DECRYPT_RES;
wolfSSL	7:481bce714567	1234	key->tmp = NULL;
wolfSSL	7:481bce714567	1235	return NitroxRsaSSL_Verify(in, inLen, out, outLen, key);
wolfSSL	7:481bce714567	1236	}
wolfSSL	7:481bce714567	1237	}
wolfSSL	7:481bce714567	1238	#endif
wolfSSL	7:481bce714567	1239
wolfSSL	7:481bce714567	1240	key->state = RSA_STATE_DECRYPT_UNPAD;
wolfSSL	7:481bce714567	1241
wolfSSL	7:481bce714567	1242	/* verify the tmp ptr is NULL, otherwise indicates bad state */
wolfSSL	7:481bce714567	1243	if (key->tmp != NULL) {
wolfSSL	7:481bce714567	1244	ERROR_OUT(BAD_STATE_E);
wolfSSL	7:481bce714567	1245	}
wolfSSL	7:481bce714567	1246
wolfSSL	7:481bce714567	1247	/* if not doing this inline then allocate a buffer for it */
wolfSSL	7:481bce714567	1248	key->tmpLen = inLen;
wolfSSL	7:481bce714567	1249	if (outPtr == NULL) {
wolfSSL	7:481bce714567	1250	key->tmp = (byte*)XMALLOC(inLen, key->heap, DYNAMIC_TYPE_RSA);
wolfSSL	7:481bce714567	1251	key->tmpIsAlloc = 1;
wolfSSL	7:481bce714567	1252	if (key->tmp == NULL) {
wolfSSL	7:481bce714567	1253	ERROR_OUT(MEMORY_E);
wolfSSL	7:481bce714567	1254	}
wolfSSL	7:481bce714567	1255	XMEMCPY(key->tmp, in, inLen);
wolfSSL	7:481bce714567	1256	}
wolfSSL	7:481bce714567	1257	else {
wolfSSL	7:481bce714567	1258	key->tmp = out;
wolfSSL	7:481bce714567	1259	}
wolfSSL	7:481bce714567	1260	ret = wc_RsaFunction(key->tmp, inLen, key->tmp, &key->tmpLen,
wolfSSL	7:481bce714567	1261	rsa_type, key, rng);
wolfSSL	7:481bce714567	1262	if (ret < 0) {
wolfSSL	7:481bce714567	1263	break;
wolfSSL	7:481bce714567	1264	}
wolfSSL	7:481bce714567	1265	/* fall through */
wolfSSL	7:481bce714567	1266	case RSA_STATE_DECRYPT_UNPAD:
wolfSSL	7:481bce714567	1267	{
wolfSSL	7:481bce714567	1268	byte* pad = NULL;
wolfSSL	7:481bce714567	1269	key->state = RSA_STATE_DECRYPT_RES;
wolfSSL	7:481bce714567	1270	ret = wc_RsaUnPad_ex(key->tmp, key->tmpLen, &pad, pad_value, pad_type,
wolfSSL	7:481bce714567	1271	hash, mgf, label, labelSz, key->heap);
wolfSSL	7:481bce714567	1272	if (ret > 0 && ret <= (int)outLen && pad != NULL) {
wolfSSL	7:481bce714567	1273	/* only copy output if not inline */
wolfSSL	7:481bce714567	1274	if (outPtr == NULL) {
wolfSSL	7:481bce714567	1275	XMEMCPY(out, pad, ret);
wolfSSL	7:481bce714567	1276	}
wolfSSL	7:481bce714567	1277	else {
wolfSSL	7:481bce714567	1278	*outPtr = pad;
wolfSSL	7:481bce714567	1279	}
wolfSSL	7:481bce714567	1280	}
wolfSSL	7:481bce714567	1281	else if (ret >= 0) {
wolfSSL	7:481bce714567	1282	ret = RSA_BUFFER_E;
wolfSSL	7:481bce714567	1283	}
wolfSSL	7:481bce714567	1284	if (ret < 0) {
wolfSSL	7:481bce714567	1285	break;
wolfSSL	7:481bce714567	1286	}
wolfSSL	7:481bce714567	1287	/* fall through */
wolfSSL	7:481bce714567	1288	}
wolfSSL	7:481bce714567	1289	case RSA_STATE_DECRYPT_RES:
wolfSSL	7:481bce714567	1290	key->state = RSA_STATE_NONE;
wolfSSL	7:481bce714567	1291	#if defined(WOLFSSL_ASYNC_CRYPT) && defined(HAVE_CAVIUM)
wolfSSL	7:481bce714567	1292	if (key->asyncDev.marker == WOLFSSL_ASYNC_MARKER_RSA) {
wolfSSL	7:481bce714567	1293	ret = key->tmpLen;
wolfSSL	7:481bce714567	1294	}
wolfSSL	7:481bce714567	1295	#endif
wolfSSL	7:481bce714567	1296	break;
wolfSSL	7:481bce714567	1297	default:
wolfSSL	7:481bce714567	1298	ret = BAD_STATE_E;
wolfSSL	7:481bce714567	1299	}
wolfSSL	7:481bce714567	1300
wolfSSL	7:481bce714567	1301	/* if async pending then return and skip done cleanup below */
wolfSSL	7:481bce714567	1302	if (ret == WC_PENDING_E) {
wolfSSL	7:481bce714567	1303	return ret;
wolfSSL	7:481bce714567	1304	}
wolfSSL	7:481bce714567	1305
wolfSSL	7:481bce714567	1306	done:
wolfSSL	7:481bce714567	1307
wolfSSL	7:481bce714567	1308	key->state = RSA_STATE_NONE;
wolfSSL	7:481bce714567	1309	wc_RsaCleanup(key);
wolfSSL	7:481bce714567	1310
wolfSSL	7:481bce714567	1311	return ret;
wolfSSL	7:481bce714567	1312	}
wolfSSL	7:481bce714567	1313
wolfSSL	7:481bce714567	1314
wolfSSL	7:481bce714567	1315	/* Public RSA Functions */
wolfSSL	7:481bce714567	1316	int wc_RsaPublicEncrypt(const byte* in, word32 inLen, byte* out, word32 outLen,
wolfSSL	7:481bce714567	1317	RsaKey* key, WC_RNG* rng)
wolfSSL	7:481bce714567	1318	{
wolfSSL	7:481bce714567	1319	return RsaPublicEncryptEx(in, inLen, out, outLen, key,
wolfSSL	7:481bce714567	1320	RSA_PUBLIC_ENCRYPT, RSA_BLOCK_TYPE_2, WC_RSA_PKCSV15_PAD,
wolfSSL	7:481bce714567	1321	WC_HASH_TYPE_NONE, WC_MGF1NONE, NULL, 0, rng);
wolfSSL	7:481bce714567	1322	}
wolfSSL	7:481bce714567	1323
wolfSSL	7:481bce714567	1324
wolfSSL	7:481bce714567	1325	#ifndef WC_NO_RSA_OAEP
wolfSSL	7:481bce714567	1326	int wc_RsaPublicEncrypt_ex(const byte* in, word32 inLen, byte* out,
wolfSSL	7:481bce714567	1327	word32 outLen, RsaKey* key, WC_RNG* rng, int type,
wolfSSL	7:481bce714567	1328	enum wc_HashType hash, int mgf, byte* label,
wolfSSL	7:481bce714567	1329	word32 labelSz)
wolfSSL	7:481bce714567	1330	{
wolfSSL	7:481bce714567	1331	return RsaPublicEncryptEx(in, inLen, out, outLen, key, RSA_PUBLIC_ENCRYPT,
wolfSSL	7:481bce714567	1332	RSA_BLOCK_TYPE_2, type, hash, mgf, label, labelSz, rng);
wolfSSL	7:481bce714567	1333	}
wolfSSL	7:481bce714567	1334	#endif /* WC_NO_RSA_OAEP */
wolfSSL	7:481bce714567	1335
wolfSSL	7:481bce714567	1336
wolfSSL	7:481bce714567	1337	int wc_RsaPrivateDecryptInline(byte* in, word32 inLen, byte** out, RsaKey* key)
wolfSSL	7:481bce714567	1338	{
wolfSSL	7:481bce714567	1339	WC_RNG* rng = NULL;
wolfSSL	7:481bce714567	1340	#ifdef WC_RSA_BLINDING
wolfSSL	7:481bce714567	1341	rng = key->rng;
wolfSSL	7:481bce714567	1342	#endif
wolfSSL	7:481bce714567	1343	return RsaPrivateDecryptEx(in, inLen, in, inLen, out, key,
wolfSSL	7:481bce714567	1344	RSA_PRIVATE_DECRYPT, RSA_BLOCK_TYPE_2, WC_RSA_PKCSV15_PAD,
wolfSSL	7:481bce714567	1345	WC_HASH_TYPE_NONE, WC_MGF1NONE, NULL, 0, rng);
wolfSSL	7:481bce714567	1346	}
wolfSSL	7:481bce714567	1347
wolfSSL	7:481bce714567	1348
wolfSSL	7:481bce714567	1349	#ifndef WC_NO_RSA_OAEP
wolfSSL	7:481bce714567	1350	int wc_RsaPrivateDecryptInline_ex(byte* in, word32 inLen, byte** out,
wolfSSL	7:481bce714567	1351	RsaKey* key, int type, enum wc_HashType hash,
wolfSSL	7:481bce714567	1352	int mgf, byte* label, word32 labelSz)
wolfSSL	7:481bce714567	1353	{
wolfSSL	7:481bce714567	1354	WC_RNG* rng = NULL;
wolfSSL	7:481bce714567	1355	#ifdef WC_RSA_BLINDING
wolfSSL	7:481bce714567	1356	rng = key->rng;
wolfSSL	7:481bce714567	1357	#endif
wolfSSL	7:481bce714567	1358	return RsaPrivateDecryptEx(in, inLen, in, inLen, out, key,
wolfSSL	7:481bce714567	1359	RSA_PRIVATE_DECRYPT, RSA_BLOCK_TYPE_2, type, hash,
wolfSSL	7:481bce714567	1360	mgf, label, labelSz, rng);
wolfSSL	7:481bce714567	1361	}
wolfSSL	7:481bce714567	1362	#endif /* WC_NO_RSA_OAEP */
wolfSSL	7:481bce714567	1363
wolfSSL	7:481bce714567	1364
wolfSSL	7:481bce714567	1365	int wc_RsaPrivateDecrypt(const byte* in, word32 inLen, byte* out,
wolfSSL	7:481bce714567	1366	word32 outLen, RsaKey* key)
wolfSSL	7:481bce714567	1367	{
wolfSSL	7:481bce714567	1368	WC_RNG* rng = NULL;
wolfSSL	7:481bce714567	1369	#ifdef WC_RSA_BLINDING
wolfSSL	7:481bce714567	1370	rng = key->rng;
wolfSSL	7:481bce714567	1371	#endif
wolfSSL	7:481bce714567	1372	return RsaPrivateDecryptEx((byte*)in, inLen, out, outLen, NULL, key,
wolfSSL	7:481bce714567	1373	RSA_PRIVATE_DECRYPT, RSA_BLOCK_TYPE_2, WC_RSA_PKCSV15_PAD,
wolfSSL	7:481bce714567	1374	WC_HASH_TYPE_NONE, WC_MGF1NONE, NULL, 0, rng);
wolfSSL	7:481bce714567	1375	}
wolfSSL	7:481bce714567	1376
wolfSSL	7:481bce714567	1377
wolfSSL	7:481bce714567	1378	#ifndef WC_NO_RSA_OAEP
wolfSSL	7:481bce714567	1379	int wc_RsaPrivateDecrypt_ex(const byte* in, word32 inLen, byte* out,
wolfSSL	7:481bce714567	1380	word32 outLen, RsaKey* key, int type,
wolfSSL	7:481bce714567	1381	enum wc_HashType hash, int mgf, byte* label,
wolfSSL	7:481bce714567	1382	word32 labelSz)
wolfSSL	7:481bce714567	1383	{
wolfSSL	7:481bce714567	1384	WC_RNG* rng = NULL;
wolfSSL	7:481bce714567	1385	#ifdef WC_RSA_BLINDING
wolfSSL	7:481bce714567	1386	rng = key->rng;
wolfSSL	7:481bce714567	1387	#endif
wolfSSL	7:481bce714567	1388	return RsaPrivateDecryptEx((byte*)in, inLen, out, outLen, NULL, key,
wolfSSL	7:481bce714567	1389	RSA_PRIVATE_DECRYPT, RSA_BLOCK_TYPE_2, type, hash, mgf, label,
wolfSSL	7:481bce714567	1390	labelSz, rng);
wolfSSL	7:481bce714567	1391	}
wolfSSL	7:481bce714567	1392	#endif /* WC_NO_RSA_OAEP */
wolfSSL	7:481bce714567	1393
wolfSSL	7:481bce714567	1394
wolfSSL	7:481bce714567	1395	int wc_RsaSSL_VerifyInline(byte* in, word32 inLen, byte** out, RsaKey* key)
wolfSSL	7:481bce714567	1396	{
wolfSSL	7:481bce714567	1397	WC_RNG* rng = NULL;
wolfSSL	7:481bce714567	1398	#ifdef WC_RSA_BLINDING
wolfSSL	7:481bce714567	1399	rng = key->rng;
wolfSSL	7:481bce714567	1400	#endif
wolfSSL	7:481bce714567	1401	return RsaPrivateDecryptEx(in, inLen, in, inLen, out, key,
wolfSSL	7:481bce714567	1402	RSA_PUBLIC_DECRYPT, RSA_BLOCK_TYPE_1, WC_RSA_PKCSV15_PAD,
wolfSSL	7:481bce714567	1403	WC_HASH_TYPE_NONE, WC_MGF1NONE, NULL, 0, rng);
wolfSSL	7:481bce714567	1404	}
wolfSSL	7:481bce714567	1405
wolfSSL	7:481bce714567	1406	int wc_RsaSSL_Verify(const byte* in, word32 inLen, byte* out, word32 outLen,
wolfSSL	7:481bce714567	1407	RsaKey* key)
wolfSSL	7:481bce714567	1408	{
wolfSSL	7:481bce714567	1409	WC_RNG* rng = NULL;
wolfSSL	7:481bce714567	1410	#ifdef WC_RSA_BLINDING
wolfSSL	7:481bce714567	1411	rng = key->rng;
wolfSSL	7:481bce714567	1412	#endif
wolfSSL	7:481bce714567	1413	return RsaPrivateDecryptEx((byte*)in, inLen, out, outLen, NULL, key,
wolfSSL	7:481bce714567	1414	RSA_PUBLIC_DECRYPT, RSA_BLOCK_TYPE_1, WC_RSA_PKCSV15_PAD,
wolfSSL	7:481bce714567	1415	WC_HASH_TYPE_NONE, WC_MGF1NONE, NULL, 0, rng);
wolfSSL	7:481bce714567	1416	}
wolfSSL	7:481bce714567	1417
wolfSSL	7:481bce714567	1418
wolfSSL	7:481bce714567	1419	int wc_RsaSSL_Sign(const byte* in, word32 inLen, byte* out, word32 outLen,
wolfSSL	7:481bce714567	1420	RsaKey* key, WC_RNG* rng)
wolfSSL	7:481bce714567	1421	{
wolfSSL	7:481bce714567	1422	return RsaPublicEncryptEx(in, inLen, out, outLen, key,
wolfSSL	7:481bce714567	1423	RSA_PRIVATE_ENCRYPT, RSA_BLOCK_TYPE_1, WC_RSA_PKCSV15_PAD,
wolfSSL	7:481bce714567	1424	WC_HASH_TYPE_NONE, WC_MGF1NONE, NULL, 0, rng);
wolfSSL	7:481bce714567	1425	}
wolfSSL	7:481bce714567	1426
wolfSSL	7:481bce714567	1427
wolfSSL	7:481bce714567	1428	int wc_RsaEncryptSize(RsaKey* key)
wolfSSL	7:481bce714567	1429	{
wolfSSL	7:481bce714567	1430	#if defined(WOLFSSL_ASYNC_CRYPT) && defined(HAVE_CAVIUM)
wolfSSL	7:481bce714567	1431	if (key->asyncDev.marker == WOLFSSL_ASYNC_MARKER_RSA) {
wolfSSL	7:481bce714567	1432	return key->n.used;
wolfSSL	7:481bce714567	1433	}
wolfSSL	7:481bce714567	1434	#endif
wolfSSL	7:481bce714567	1435	return mp_unsigned_bin_size(&key->n);
wolfSSL	7:481bce714567	1436	}
wolfSSL	7:481bce714567	1437
wolfSSL	7:481bce714567	1438
wolfSSL	7:481bce714567	1439	/* flatten RsaKey structure into individual elements (e, n) */
wolfSSL	7:481bce714567	1440	int wc_RsaFlattenPublicKey(RsaKey* key, byte* e, word32* eSz, byte* n,
wolfSSL	7:481bce714567	1441	word32* nSz)
wolfSSL	7:481bce714567	1442	{
wolfSSL	7:481bce714567	1443	int sz, ret;
wolfSSL	7:481bce714567	1444
wolfSSL	7:481bce714567	1445	if (key == NULL \|\| e == NULL \|\| eSz == NULL \|\| n == NULL \|\| nSz == NULL) {
wolfSSL	7:481bce714567	1446	return BAD_FUNC_ARG;
wolfSSL	7:481bce714567	1447	}
wolfSSL	7:481bce714567	1448
wolfSSL	7:481bce714567	1449	sz = mp_unsigned_bin_size(&key->e);
wolfSSL	7:481bce714567	1450	if ((word32)sz > *eSz)
wolfSSL	7:481bce714567	1451	return RSA_BUFFER_E;
wolfSSL	7:481bce714567	1452	ret = mp_to_unsigned_bin(&key->e, e);
wolfSSL	7:481bce714567	1453	if (ret != MP_OKAY)
wolfSSL	7:481bce714567	1454	return ret;
wolfSSL	7:481bce714567	1455	*eSz = (word32)sz;
wolfSSL	7:481bce714567	1456
wolfSSL	7:481bce714567	1457	sz = wc_RsaEncryptSize(key);
wolfSSL	7:481bce714567	1458	if ((word32)sz > *nSz)
wolfSSL	7:481bce714567	1459	return RSA_BUFFER_E;
wolfSSL	7:481bce714567	1460	ret = mp_to_unsigned_bin(&key->n, n);
wolfSSL	7:481bce714567	1461	if (ret != MP_OKAY)
wolfSSL	7:481bce714567	1462	return ret;
wolfSSL	7:481bce714567	1463	*nSz = (word32)sz;
wolfSSL	7:481bce714567	1464
wolfSSL	7:481bce714567	1465	return 0;
wolfSSL	7:481bce714567	1466	}
wolfSSL	7:481bce714567	1467
wolfSSL	7:481bce714567	1468	#ifdef WOLFSSL_KEY_GEN
wolfSSL	7:481bce714567	1469	/* Make an RSA key for size bits, with e specified, 65537 is a good e */
wolfSSL	7:481bce714567	1470	int wc_MakeRsaKey(RsaKey* key, int size, long e, WC_RNG* rng)
wolfSSL	7:481bce714567	1471	{
wolfSSL	7:481bce714567	1472	mp_int p, q, tmp1, tmp2, tmp3;
wolfSSL	7:481bce714567	1473	int err;
wolfSSL	7:481bce714567	1474
wolfSSL	7:481bce714567	1475	if (key == NULL \|\| rng == NULL)
wolfSSL	7:481bce714567	1476	return BAD_FUNC_ARG;
wolfSSL	7:481bce714567	1477
wolfSSL	7:481bce714567	1478	if (size < RSA_MIN_SIZE \|\| size > RSA_MAX_SIZE)
wolfSSL	7:481bce714567	1479	return BAD_FUNC_ARG;
wolfSSL	7:481bce714567	1480
wolfSSL	7:481bce714567	1481	if (e < 3 \|\| (e & 1) == 0)
wolfSSL	7:481bce714567	1482	return BAD_FUNC_ARG;
wolfSSL	7:481bce714567	1483
wolfSSL	7:481bce714567	1484	if ((err = mp_init_multi(&p, &q, &tmp1, &tmp2, &tmp3, NULL)) != MP_OKAY)
wolfSSL	7:481bce714567	1485	return err;
wolfSSL	7:481bce714567	1486
wolfSSL	7:481bce714567	1487	err = mp_set_int(&tmp3, (mp_digit)e);
wolfSSL	7:481bce714567	1488
wolfSSL	7:481bce714567	1489	/* make p */
wolfSSL	7:481bce714567	1490	if (err == MP_OKAY) {
wolfSSL	7:481bce714567	1491	do {
wolfSSL	7:481bce714567	1492	err = mp_rand_prime(&p, size/16, rng, key->heap); /* size in bytes/2 */
wolfSSL	7:481bce714567	1493
wolfSSL	7:481bce714567	1494	if (err == MP_OKAY)
wolfSSL	7:481bce714567	1495	err = mp_sub_d(&p, 1, &tmp1); /* tmp1 = p-1 */
wolfSSL	7:481bce714567	1496
wolfSSL	7:481bce714567	1497	if (err == MP_OKAY)
wolfSSL	7:481bce714567	1498	err = mp_gcd(&tmp1, &tmp3, &tmp2); /* tmp2 = gcd(p-1, e) */
wolfSSL	7:481bce714567	1499	} while (err == MP_OKAY && mp_cmp_d(&tmp2, 1) != 0); /* e divides p-1 */
wolfSSL	7:481bce714567	1500	}
wolfSSL	7:481bce714567	1501
wolfSSL	7:481bce714567	1502	/* make q */
wolfSSL	7:481bce714567	1503	if (err == MP_OKAY) {
wolfSSL	7:481bce714567	1504	do {
wolfSSL	7:481bce714567	1505	err = mp_rand_prime(&q, size/16, rng, key->heap); /* size in bytes/2 */
wolfSSL	7:481bce714567	1506
wolfSSL	7:481bce714567	1507	if (err == MP_OKAY)
wolfSSL	7:481bce714567	1508	err = mp_sub_d(&q, 1, &tmp1); /* tmp1 = q-1 */
wolfSSL	7:481bce714567	1509
wolfSSL	7:481bce714567	1510	if (err == MP_OKAY)
wolfSSL	7:481bce714567	1511	err = mp_gcd(&tmp1, &tmp3, &tmp2); /* tmp2 = gcd(q-1, e) */
wolfSSL	7:481bce714567	1512	} while (err == MP_OKAY && mp_cmp_d(&tmp2, 1) != 0); /* e divides q-1 */
wolfSSL	7:481bce714567	1513	}
wolfSSL	7:481bce714567	1514
wolfSSL	7:481bce714567	1515	if (err == MP_OKAY)
wolfSSL	7:481bce714567	1516	err = mp_init_multi(&key->n, &key->e, &key->d, &key->p, &key->q, NULL);
wolfSSL	7:481bce714567	1517
wolfSSL	7:481bce714567	1518	if (err == MP_OKAY)
wolfSSL	7:481bce714567	1519	err = mp_init_multi(&key->dP, &key->dQ, &key->u, NULL, NULL, NULL);
wolfSSL	7:481bce714567	1520
wolfSSL	7:481bce714567	1521	if (err == MP_OKAY)
wolfSSL	7:481bce714567	1522	err = mp_sub_d(&p, 1, &tmp2); /* tmp2 = p-1 */
wolfSSL	7:481bce714567	1523
wolfSSL	7:481bce714567	1524	if (err == MP_OKAY)
wolfSSL	7:481bce714567	1525	err = mp_lcm(&tmp1, &tmp2, &tmp1); /* tmp1 = lcm(p-1, q-1),last loop */
wolfSSL	7:481bce714567	1526
wolfSSL	7:481bce714567	1527	/* make key */
wolfSSL	7:481bce714567	1528	if (err == MP_OKAY)
wolfSSL	7:481bce714567	1529	err = mp_set_int(&key->e, (mp_digit)e); /* key->e = e */
wolfSSL	7:481bce714567	1530
wolfSSL	7:481bce714567	1531	if (err == MP_OKAY) /* key->d = 1/e mod lcm(p-1, q-1) */
wolfSSL	7:481bce714567	1532	err = mp_invmod(&key->e, &tmp1, &key->d);
wolfSSL	7:481bce714567	1533
wolfSSL	7:481bce714567	1534	if (err == MP_OKAY)
wolfSSL	7:481bce714567	1535	err = mp_mul(&p, &q, &key->n); /* key->n = pq */
wolfSSL	7:481bce714567	1536
wolfSSL	7:481bce714567	1537	if (err == MP_OKAY)
wolfSSL	7:481bce714567	1538	err = mp_sub_d(&p, 1, &tmp1);
wolfSSL	7:481bce714567	1539
wolfSSL	7:481bce714567	1540	if (err == MP_OKAY)
wolfSSL	7:481bce714567	1541	err = mp_sub_d(&q, 1, &tmp2);
wolfSSL	7:481bce714567	1542
wolfSSL	7:481bce714567	1543	if (err == MP_OKAY)
wolfSSL	7:481bce714567	1544	err = mp_mod(&key->d, &tmp1, &key->dP);
wolfSSL	7:481bce714567	1545
wolfSSL	7:481bce714567	1546	if (err == MP_OKAY)
wolfSSL	7:481bce714567	1547	err = mp_mod(&key->d, &tmp2, &key->dQ);
wolfSSL	7:481bce714567	1548
wolfSSL	7:481bce714567	1549	if (err == MP_OKAY)
wolfSSL	7:481bce714567	1550	err = mp_invmod(&q, &p, &key->u);
wolfSSL	7:481bce714567	1551
wolfSSL	7:481bce714567	1552	if (err == MP_OKAY)
wolfSSL	7:481bce714567	1553	err = mp_copy(&p, &key->p);
wolfSSL	7:481bce714567	1554
wolfSSL	7:481bce714567	1555	if (err == MP_OKAY)
wolfSSL	7:481bce714567	1556	err = mp_copy(&q, &key->q);
wolfSSL	7:481bce714567	1557
wolfSSL	7:481bce714567	1558	if (err == MP_OKAY)
wolfSSL	7:481bce714567	1559	key->type = RSA_PRIVATE;
wolfSSL	7:481bce714567	1560
wolfSSL	7:481bce714567	1561	mp_clear(&tmp3);
wolfSSL	7:481bce714567	1562	mp_clear(&tmp2);
wolfSSL	7:481bce714567	1563	mp_clear(&tmp1);
wolfSSL	7:481bce714567	1564	mp_clear(&q);
wolfSSL	7:481bce714567	1565	mp_clear(&p);
wolfSSL	7:481bce714567	1566
wolfSSL	7:481bce714567	1567	if (err != MP_OKAY) {
wolfSSL	7:481bce714567	1568	wc_FreeRsaKey(key);
wolfSSL	7:481bce714567	1569	return err;
wolfSSL	7:481bce714567	1570	}
wolfSSL	7:481bce714567	1571
wolfSSL	7:481bce714567	1572	return 0;
wolfSSL	7:481bce714567	1573	}
wolfSSL	7:481bce714567	1574	#endif /* WOLFSSL_KEY_GEN */
wolfSSL	7:481bce714567	1575
wolfSSL	7:481bce714567	1576
wolfSSL	7:481bce714567	1577	#ifdef WC_RSA_BLINDING
wolfSSL	7:481bce714567	1578
wolfSSL	7:481bce714567	1579	int wc_RsaSetRNG(RsaKey* key, WC_RNG* rng)
wolfSSL	7:481bce714567	1580	{
wolfSSL	7:481bce714567	1581	if (key == NULL)
wolfSSL	7:481bce714567	1582	return BAD_FUNC_ARG;
wolfSSL	7:481bce714567	1583
wolfSSL	7:481bce714567	1584	key->rng = rng;
wolfSSL	7:481bce714567	1585
wolfSSL	7:481bce714567	1586	return 0;
wolfSSL	7:481bce714567	1587	}
wolfSSL	7:481bce714567	1588
wolfSSL	7:481bce714567	1589	#endif /* WC_RSA_BLINDING */
wolfSSL	7:481bce714567	1590
wolfSSL	7:481bce714567	1591
wolfSSL	7:481bce714567	1592	#ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL	7:481bce714567	1593	int wc_RsaAsyncHandle(RsaKey* key, WOLF_EVENT_QUEUE* queue, WOLF_EVENT* event)
wolfSSL	7:481bce714567	1594	{
wolfSSL	7:481bce714567	1595	int ret;
wolfSSL	7:481bce714567	1596
wolfSSL	7:481bce714567	1597	if (key == NULL \|\| queue == NULL \|\| event == NULL) {
wolfSSL	7:481bce714567	1598	return BAD_FUNC_ARG;
wolfSSL	7:481bce714567	1599	}
wolfSSL	7:481bce714567	1600
wolfSSL	7:481bce714567	1601	/* make sure this rsa context had "wc_RsaAsyncInit" called on it */
wolfSSL	7:481bce714567	1602	if (key->asyncDev.marker != WOLFSSL_ASYNC_MARKER_RSA) {
wolfSSL	7:481bce714567	1603	return ASYNC_INIT_E;
wolfSSL	7:481bce714567	1604	}
wolfSSL	7:481bce714567	1605
wolfSSL	7:481bce714567	1606	/* setup the event and push to queue */
wolfSSL	7:481bce714567	1607	ret = wolfAsync_EventInit(event, WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT, &key->asyncDev);
wolfSSL	7:481bce714567	1608	if (ret == 0) {
wolfSSL	7:481bce714567	1609	ret = wolfEventQueue_Push(queue, event);
wolfSSL	7:481bce714567	1610	}
wolfSSL	7:481bce714567	1611
wolfSSL	7:481bce714567	1612	/* check for error (helps with debugging) */
wolfSSL	7:481bce714567	1613	if (ret != 0) {
wolfSSL	7:481bce714567	1614	WOLFSSL_MSG("wc_RsaAsyncHandle failed");
wolfSSL	7:481bce714567	1615	}
wolfSSL	7:481bce714567	1616	return ret;
wolfSSL	7:481bce714567	1617	}
wolfSSL	7:481bce714567	1618
wolfSSL	7:481bce714567	1619	int wc_RsaAsyncWait(int ret, RsaKey* key)
wolfSSL	7:481bce714567	1620	{
wolfSSL	7:481bce714567	1621	if (ret == WC_PENDING_E) {
wolfSSL	7:481bce714567	1622	WOLF_EVENT event;
wolfSSL	7:481bce714567	1623	XMEMSET(&event, 0, sizeof(event));
wolfSSL	7:481bce714567	1624	ret = wolfAsync_EventInit(&event, WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT, &key->asyncDev);
wolfSSL	7:481bce714567	1625	if (ret == 0) {
wolfSSL	7:481bce714567	1626	ret = wolfAsync_EventWait(&event);
wolfSSL	7:481bce714567	1627	if (ret == 0 && event.ret >= 0) {
wolfSSL	7:481bce714567	1628	ret = event.ret;
wolfSSL	7:481bce714567	1629	}
wolfSSL	7:481bce714567	1630	}
wolfSSL	7:481bce714567	1631	}
wolfSSL	7:481bce714567	1632	return ret;
wolfSSL	7:481bce714567	1633	}
wolfSSL	7:481bce714567	1634
wolfSSL	7:481bce714567	1635	/* Initialize async RSA key */
wolfSSL	7:481bce714567	1636	static int InitAsyncRsaKey(RsaKey* key)
wolfSSL	7:481bce714567	1637	{
wolfSSL	7:481bce714567	1638	XMEMSET(&key->n, 0, sizeof(key->n));
wolfSSL	7:481bce714567	1639	XMEMSET(&key->e, 0, sizeof(key->e));
wolfSSL	7:481bce714567	1640	XMEMSET(&key->d, 0, sizeof(key->d));
wolfSSL	7:481bce714567	1641	XMEMSET(&key->p, 0, sizeof(key->p));
wolfSSL	7:481bce714567	1642	XMEMSET(&key->q, 0, sizeof(key->q));
wolfSSL	7:481bce714567	1643	XMEMSET(&key->dP, 0, sizeof(key->dP));
wolfSSL	7:481bce714567	1644	XMEMSET(&key->dQ, 0, sizeof(key->dQ));
wolfSSL	7:481bce714567	1645	XMEMSET(&key->u, 0, sizeof(key->u));
wolfSSL	7:481bce714567	1646
wolfSSL	7:481bce714567	1647	return 0;
wolfSSL	7:481bce714567	1648	}
wolfSSL	7:481bce714567	1649
wolfSSL	7:481bce714567	1650	/* Free async RSA key */
wolfSSL	7:481bce714567	1651	static int FreeAsyncRsaKey(RsaKey* key)
wolfSSL	7:481bce714567	1652	{
wolfSSL	7:481bce714567	1653	if (key->type == RSA_PRIVATE) {
wolfSSL	7:481bce714567	1654	if (key->d.dpraw) {
wolfSSL	7:481bce714567	1655	ForceZero(key->d.dpraw, key->d.used);
wolfSSL	7:481bce714567	1656	#ifndef USE_FAST_MATH
wolfSSL	7:481bce714567	1657	XFREE(key->d.dpraw, key->heap, DYNAMIC_TYPE_ASYNC_RSA);
wolfSSL	7:481bce714567	1658	#endif
wolfSSL	7:481bce714567	1659	}
wolfSSL	7:481bce714567	1660	if (key->p.dpraw) {
wolfSSL	7:481bce714567	1661	ForceZero(key->p.dpraw, key->p.used);
wolfSSL	7:481bce714567	1662	#ifndef USE_FAST_MATH
wolfSSL	7:481bce714567	1663	XFREE(key->p.dpraw, key->heap, DYNAMIC_TYPE_ASYNC_RSA);
wolfSSL	7:481bce714567	1664	#endif
wolfSSL	7:481bce714567	1665	}
wolfSSL	7:481bce714567	1666	if (key->q.dpraw) {
wolfSSL	7:481bce714567	1667	ForceZero(key->q.dpraw, key->q.used);
wolfSSL	7:481bce714567	1668	#ifndef USE_FAST_MATH
wolfSSL	7:481bce714567	1669	XFREE(key->q.dpraw, key->heap, DYNAMIC_TYPE_ASYNC_RSA);
wolfSSL	7:481bce714567	1670	#endif
wolfSSL	7:481bce714567	1671	}
wolfSSL	7:481bce714567	1672	if (key->dP.dpraw) {
wolfSSL	7:481bce714567	1673	ForceZero(key->dP.dpraw, key->dP.used);
wolfSSL	7:481bce714567	1674	#ifndef USE_FAST_MATH
wolfSSL	7:481bce714567	1675	XFREE(key->dP.dpraw, key->heap, DYNAMIC_TYPE_ASYNC_RSA);
wolfSSL	7:481bce714567	1676	#endif
wolfSSL	7:481bce714567	1677	}
wolfSSL	7:481bce714567	1678	if (key->dQ.dpraw) {
wolfSSL	7:481bce714567	1679	ForceZero(key->dQ.dpraw, key->dQ.used);
wolfSSL	7:481bce714567	1680	#ifndef USE_FAST_MATH
wolfSSL	7:481bce714567	1681	XFREE(key->dQ.dpraw, key->heap, DYNAMIC_TYPE_ASYNC_RSA);
wolfSSL	7:481bce714567	1682	#endif
wolfSSL	7:481bce714567	1683	}
wolfSSL	7:481bce714567	1684	if (key->u.dpraw) {
wolfSSL	7:481bce714567	1685	ForceZero(key->u.dpraw, key->u.used);
wolfSSL	7:481bce714567	1686	#ifndef USE_FAST_MATH
wolfSSL	7:481bce714567	1687	XFREE(key->u.dpraw, key->heap, DYNAMIC_TYPE_ASYNC_RSA);
wolfSSL	7:481bce714567	1688	#endif
wolfSSL	7:481bce714567	1689	}
wolfSSL	7:481bce714567	1690	}
wolfSSL	7:481bce714567	1691
wolfSSL	7:481bce714567	1692	#ifndef USE_FAST_MATH
wolfSSL	7:481bce714567	1693	XFREE(key->n.dpraw, key->heap, DYNAMIC_TYPE_ASYNC_RSA);
wolfSSL	7:481bce714567	1694	XFREE(key->e.dpraw, key->heap, DYNAMIC_TYPE_ASYNC_RSA);
wolfSSL	7:481bce714567	1695	#endif
wolfSSL	7:481bce714567	1696
wolfSSL	7:481bce714567	1697	return InitAsyncRsaKey(key); /* reset pointers */
wolfSSL	7:481bce714567	1698	}
wolfSSL	7:481bce714567	1699
wolfSSL	7:481bce714567	1700	#endif /* WOLFSSL_ASYNC_CRYPT */
wolfSSL	7:481bce714567	1701
wolfSSL	7:481bce714567	1702	#undef ERROR_OUT
wolfSSL	7:481bce714567	1703
wolfSSL	7:481bce714567	1704	#endif /* HAVE_FIPS */
wolfSSL	7:481bce714567	1705	#endif /* NO_RSA */
wolfSSL	7:481bce714567	1706

Repository toolbox

Export to desktop IDE

Repository details

Type:	Library
Created:	30 May 2017
Imports:	0
Forks:	0
Commits:	14
Dependents:	0
Dependencies:	0
Followers:	1

This repository is Public (Unlisted).

wolfcrypt/src/rsa.c@7:481bce714567, 2017-05-02 (annotated)

Who changed what in which revision?

Repository toolbox

Repository details

Important Information for this Arm website

Access Warning