wolfSSL SSL/TLS library, support up to TLS1.3
Dependents: CyaSSL-Twitter-OAuth4Tw Example-client-tls-cert TwitterReader TweetTest ... more
wolfcrypt/src/rsa.c@11:cee25a834751, 2017-05-30 (annotated)
- Committer:
- wolfSSL
- Date:
- Tue May 30 01:44:10 2017 +0000
- Revision:
- 11:cee25a834751
wolfSSL 3.11.0
Who changed what in which revision?
User | Revision | Line number | New contents of line |
---|---|---|---|
wolfSSL | 11:cee25a834751 | 1 | /* rsa.c |
wolfSSL | 11:cee25a834751 | 2 | * |
wolfSSL | 11:cee25a834751 | 3 | * Copyright (C) 2006-2016 wolfSSL Inc. |
wolfSSL | 11:cee25a834751 | 4 | * |
wolfSSL | 11:cee25a834751 | 5 | * This file is part of wolfSSL. |
wolfSSL | 11:cee25a834751 | 6 | * |
wolfSSL | 11:cee25a834751 | 7 | * wolfSSL is free software; you can redistribute it and/or modify |
wolfSSL | 11:cee25a834751 | 8 | * it under the terms of the GNU General Public License as published by |
wolfSSL | 11:cee25a834751 | 9 | * the Free Software Foundation; either version 2 of the License, or |
wolfSSL | 11:cee25a834751 | 10 | * (at your option) any later version. |
wolfSSL | 11:cee25a834751 | 11 | * |
wolfSSL | 11:cee25a834751 | 12 | * wolfSSL is distributed in the hope that it will be useful, |
wolfSSL | 11:cee25a834751 | 13 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
wolfSSL | 11:cee25a834751 | 14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
wolfSSL | 11:cee25a834751 | 15 | * GNU General Public License for more details. |
wolfSSL | 11:cee25a834751 | 16 | * |
wolfSSL | 11:cee25a834751 | 17 | * You should have received a copy of the GNU General Public License |
wolfSSL | 11:cee25a834751 | 18 | * along with this program; if not, write to the Free Software |
wolfSSL | 11:cee25a834751 | 19 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA |
wolfSSL | 11:cee25a834751 | 20 | */ |
wolfSSL | 11:cee25a834751 | 21 | |
wolfSSL | 11:cee25a834751 | 22 | |
wolfSSL | 11:cee25a834751 | 23 | #ifdef HAVE_CONFIG_H |
wolfSSL | 11:cee25a834751 | 24 | #include <config.h> |
wolfSSL | 11:cee25a834751 | 25 | #endif |
wolfSSL | 11:cee25a834751 | 26 | |
wolfSSL | 11:cee25a834751 | 27 | #include <wolfssl/wolfcrypt/settings.h> |
wolfSSL | 11:cee25a834751 | 28 | |
wolfSSL | 11:cee25a834751 | 29 | #ifndef NO_RSA |
wolfSSL | 11:cee25a834751 | 30 | |
wolfSSL | 11:cee25a834751 | 31 | #include <wolfssl/wolfcrypt/rsa.h> |
wolfSSL | 11:cee25a834751 | 32 | |
wolfSSL | 11:cee25a834751 | 33 | /* |
wolfSSL | 11:cee25a834751 | 34 | Possible RSA enable options: |
wolfSSL | 11:cee25a834751 | 35 | * NO_RSA: Overall control of RSA default: on (not defined) |
wolfSSL | 11:cee25a834751 | 36 | * WC_RSA_BLINDING: Uses Blinding w/ Private Ops default: off |
wolfSSL | 11:cee25a834751 | 37 | Note: slower by ~20% |
wolfSSL | 11:cee25a834751 | 38 | * WOLFSSL_KEY_GEN: Allows Private Key Generation default: off |
wolfSSL | 11:cee25a834751 | 39 | * RSA_LOW_MEM: NON CRT Private Operations, less memory default: off |
wolfSSL | 11:cee25a834751 | 40 | * WC_NO_RSA_OAEP: Disables RSA OAEP padding default: on (not defined) |
wolfSSL | 11:cee25a834751 | 41 | |
wolfSSL | 11:cee25a834751 | 42 | */ |
wolfSSL | 11:cee25a834751 | 43 | |
wolfSSL | 11:cee25a834751 | 44 | /* |
wolfSSL | 11:cee25a834751 | 45 | RSA Key Size Configuration: |
wolfSSL | 11:cee25a834751 | 46 | * FP_MAX_BITS: With USE_FAST_MATH only default: 4096 |
wolfSSL | 11:cee25a834751 | 47 | If USE_FAST_MATH then use this to override default. |
wolfSSL | 11:cee25a834751 | 48 | Value is key size * 2. Example: RSA 3072 = 6144 |
wolfSSL | 11:cee25a834751 | 49 | */ |
wolfSSL | 11:cee25a834751 | 50 | |
wolfSSL | 11:cee25a834751 | 51 | |
wolfSSL | 11:cee25a834751 | 52 | #ifdef HAVE_FIPS |
wolfSSL | 11:cee25a834751 | 53 | int wc_InitRsaKey(RsaKey* key, void* ptr) |
wolfSSL | 11:cee25a834751 | 54 | { |
wolfSSL | 11:cee25a834751 | 55 | return InitRsaKey_fips(key, ptr); |
wolfSSL | 11:cee25a834751 | 56 | } |
wolfSSL | 11:cee25a834751 | 57 | |
wolfSSL | 11:cee25a834751 | 58 | int wc_InitRsaKey_ex(RsaKey* key, void* ptr, int devId) |
wolfSSL | 11:cee25a834751 | 59 | { |
wolfSSL | 11:cee25a834751 | 60 | (void)devId; |
wolfSSL | 11:cee25a834751 | 61 | return InitRsaKey_fips(key, ptr); |
wolfSSL | 11:cee25a834751 | 62 | } |
wolfSSL | 11:cee25a834751 | 63 | |
wolfSSL | 11:cee25a834751 | 64 | int wc_FreeRsaKey(RsaKey* key) |
wolfSSL | 11:cee25a834751 | 65 | { |
wolfSSL | 11:cee25a834751 | 66 | return FreeRsaKey_fips(key); |
wolfSSL | 11:cee25a834751 | 67 | } |
wolfSSL | 11:cee25a834751 | 68 | |
wolfSSL | 11:cee25a834751 | 69 | |
wolfSSL | 11:cee25a834751 | 70 | int wc_RsaPublicEncrypt(const byte* in, word32 inLen, byte* out, |
wolfSSL | 11:cee25a834751 | 71 | word32 outLen, RsaKey* key, WC_RNG* rng) |
wolfSSL | 11:cee25a834751 | 72 | { |
wolfSSL | 11:cee25a834751 | 73 | return RsaPublicEncrypt_fips(in, inLen, out, outLen, key, rng); |
wolfSSL | 11:cee25a834751 | 74 | } |
wolfSSL | 11:cee25a834751 | 75 | |
wolfSSL | 11:cee25a834751 | 76 | |
wolfSSL | 11:cee25a834751 | 77 | int wc_RsaPrivateDecryptInline(byte* in, word32 inLen, byte** out, |
wolfSSL | 11:cee25a834751 | 78 | RsaKey* key) |
wolfSSL | 11:cee25a834751 | 79 | { |
wolfSSL | 11:cee25a834751 | 80 | return RsaPrivateDecryptInline_fips(in, inLen, out, key); |
wolfSSL | 11:cee25a834751 | 81 | } |
wolfSSL | 11:cee25a834751 | 82 | |
wolfSSL | 11:cee25a834751 | 83 | |
wolfSSL | 11:cee25a834751 | 84 | int wc_RsaPrivateDecrypt(const byte* in, word32 inLen, byte* out, |
wolfSSL | 11:cee25a834751 | 85 | word32 outLen, RsaKey* key) |
wolfSSL | 11:cee25a834751 | 86 | { |
wolfSSL | 11:cee25a834751 | 87 | return RsaPrivateDecrypt_fips(in, inLen, out, outLen, key); |
wolfSSL | 11:cee25a834751 | 88 | } |
wolfSSL | 11:cee25a834751 | 89 | |
wolfSSL | 11:cee25a834751 | 90 | |
wolfSSL | 11:cee25a834751 | 91 | int wc_RsaSSL_Sign(const byte* in, word32 inLen, byte* out, |
wolfSSL | 11:cee25a834751 | 92 | word32 outLen, RsaKey* key, WC_RNG* rng) |
wolfSSL | 11:cee25a834751 | 93 | { |
wolfSSL | 11:cee25a834751 | 94 | return RsaSSL_Sign_fips(in, inLen, out, outLen, key, rng); |
wolfSSL | 11:cee25a834751 | 95 | } |
wolfSSL | 11:cee25a834751 | 96 | |
wolfSSL | 11:cee25a834751 | 97 | |
wolfSSL | 11:cee25a834751 | 98 | int wc_RsaSSL_VerifyInline(byte* in, word32 inLen, byte** out, RsaKey* key) |
wolfSSL | 11:cee25a834751 | 99 | { |
wolfSSL | 11:cee25a834751 | 100 | return RsaSSL_VerifyInline_fips(in, inLen, out, key); |
wolfSSL | 11:cee25a834751 | 101 | } |
wolfSSL | 11:cee25a834751 | 102 | |
wolfSSL | 11:cee25a834751 | 103 | |
wolfSSL | 11:cee25a834751 | 104 | int wc_RsaSSL_Verify(const byte* in, word32 inLen, byte* out, |
wolfSSL | 11:cee25a834751 | 105 | word32 outLen, RsaKey* key) |
wolfSSL | 11:cee25a834751 | 106 | { |
wolfSSL | 11:cee25a834751 | 107 | return RsaSSL_Verify_fips(in, inLen, out, outLen, key); |
wolfSSL | 11:cee25a834751 | 108 | } |
wolfSSL | 11:cee25a834751 | 109 | |
wolfSSL | 11:cee25a834751 | 110 | |
wolfSSL | 11:cee25a834751 | 111 | int wc_RsaEncryptSize(RsaKey* key) |
wolfSSL | 11:cee25a834751 | 112 | { |
wolfSSL | 11:cee25a834751 | 113 | return RsaEncryptSize_fips(key); |
wolfSSL | 11:cee25a834751 | 114 | } |
wolfSSL | 11:cee25a834751 | 115 | |
wolfSSL | 11:cee25a834751 | 116 | |
wolfSSL | 11:cee25a834751 | 117 | int wc_RsaFlattenPublicKey(RsaKey* key, byte* a, word32* aSz, byte* b, |
wolfSSL | 11:cee25a834751 | 118 | word32* bSz) |
wolfSSL | 11:cee25a834751 | 119 | { |
wolfSSL | 11:cee25a834751 | 120 | /* not specified as fips so not needing _fips */ |
wolfSSL | 11:cee25a834751 | 121 | return RsaFlattenPublicKey(key, a, aSz, b, bSz); |
wolfSSL | 11:cee25a834751 | 122 | } |
wolfSSL | 11:cee25a834751 | 123 | #ifdef WOLFSSL_KEY_GEN |
wolfSSL | 11:cee25a834751 | 124 | int wc_MakeRsaKey(RsaKey* key, int size, long e, WC_RNG* rng) |
wolfSSL | 11:cee25a834751 | 125 | { |
wolfSSL | 11:cee25a834751 | 126 | return MakeRsaKey(key, size, e, rng); |
wolfSSL | 11:cee25a834751 | 127 | } |
wolfSSL | 11:cee25a834751 | 128 | #endif |
wolfSSL | 11:cee25a834751 | 129 | |
wolfSSL | 11:cee25a834751 | 130 | |
wolfSSL | 11:cee25a834751 | 131 | /* these are functions in asn and are routed to wolfssl/wolfcrypt/asn.c |
wolfSSL | 11:cee25a834751 | 132 | * wc_RsaPrivateKeyDecode |
wolfSSL | 11:cee25a834751 | 133 | * wc_RsaPublicKeyDecode |
wolfSSL | 11:cee25a834751 | 134 | */ |
wolfSSL | 11:cee25a834751 | 135 | |
wolfSSL | 11:cee25a834751 | 136 | #else /* else build without fips */ |
wolfSSL | 11:cee25a834751 | 137 | |
wolfSSL | 11:cee25a834751 | 138 | #include <wolfssl/wolfcrypt/random.h> |
wolfSSL | 11:cee25a834751 | 139 | #include <wolfssl/wolfcrypt/error-crypt.h> |
wolfSSL | 11:cee25a834751 | 140 | #include <wolfssl/wolfcrypt/logging.h> |
wolfSSL | 11:cee25a834751 | 141 | #ifdef NO_INLINE |
wolfSSL | 11:cee25a834751 | 142 | #include <wolfssl/wolfcrypt/misc.h> |
wolfSSL | 11:cee25a834751 | 143 | #else |
wolfSSL | 11:cee25a834751 | 144 | #define WOLFSSL_MISC_INCLUDED |
wolfSSL | 11:cee25a834751 | 145 | #include <wolfcrypt/src/misc.c> |
wolfSSL | 11:cee25a834751 | 146 | #endif |
wolfSSL | 11:cee25a834751 | 147 | |
wolfSSL | 11:cee25a834751 | 148 | #define ERROR_OUT(x) { ret = (x); goto done;} |
wolfSSL | 11:cee25a834751 | 149 | |
wolfSSL | 11:cee25a834751 | 150 | |
wolfSSL | 11:cee25a834751 | 151 | enum { |
wolfSSL | 11:cee25a834751 | 152 | RSA_STATE_NONE = 0, |
wolfSSL | 11:cee25a834751 | 153 | |
wolfSSL | 11:cee25a834751 | 154 | RSA_STATE_ENCRYPT_PAD, |
wolfSSL | 11:cee25a834751 | 155 | RSA_STATE_ENCRYPT_EXPTMOD, |
wolfSSL | 11:cee25a834751 | 156 | RSA_STATE_ENCRYPT_RES, |
wolfSSL | 11:cee25a834751 | 157 | |
wolfSSL | 11:cee25a834751 | 158 | RSA_STATE_DECRYPT_EXPTMOD, |
wolfSSL | 11:cee25a834751 | 159 | RSA_STATE_DECRYPT_UNPAD, |
wolfSSL | 11:cee25a834751 | 160 | RSA_STATE_DECRYPT_RES, |
wolfSSL | 11:cee25a834751 | 161 | }; |
wolfSSL | 11:cee25a834751 | 162 | |
wolfSSL | 11:cee25a834751 | 163 | static void wc_RsaCleanup(RsaKey* key) |
wolfSSL | 11:cee25a834751 | 164 | { |
wolfSSL | 11:cee25a834751 | 165 | if (key && key->data) { |
wolfSSL | 11:cee25a834751 | 166 | /* make sure any allocated memory is free'd */ |
wolfSSL | 11:cee25a834751 | 167 | if (key->dataIsAlloc) { |
wolfSSL | 11:cee25a834751 | 168 | if (key->type == RSA_PRIVATE_DECRYPT || |
wolfSSL | 11:cee25a834751 | 169 | key->type == RSA_PRIVATE_ENCRYPT) { |
wolfSSL | 11:cee25a834751 | 170 | ForceZero(key->data, key->dataLen); |
wolfSSL | 11:cee25a834751 | 171 | } |
wolfSSL | 11:cee25a834751 | 172 | XFREE(key->data, key->heap, DYNAMIC_TYPE_WOLF_BIGINT); |
wolfSSL | 11:cee25a834751 | 173 | key->dataIsAlloc = 0; |
wolfSSL | 11:cee25a834751 | 174 | } |
wolfSSL | 11:cee25a834751 | 175 | key->data = NULL; |
wolfSSL | 11:cee25a834751 | 176 | key->dataLen = 0; |
wolfSSL | 11:cee25a834751 | 177 | } |
wolfSSL | 11:cee25a834751 | 178 | } |
wolfSSL | 11:cee25a834751 | 179 | |
wolfSSL | 11:cee25a834751 | 180 | int wc_InitRsaKey_ex(RsaKey* key, void* heap, int devId) |
wolfSSL | 11:cee25a834751 | 181 | { |
wolfSSL | 11:cee25a834751 | 182 | int ret = 0; |
wolfSSL | 11:cee25a834751 | 183 | |
wolfSSL | 11:cee25a834751 | 184 | if (key == NULL) { |
wolfSSL | 11:cee25a834751 | 185 | return BAD_FUNC_ARG; |
wolfSSL | 11:cee25a834751 | 186 | } |
wolfSSL | 11:cee25a834751 | 187 | |
wolfSSL | 11:cee25a834751 | 188 | key->type = RSA_TYPE_UNKNOWN; |
wolfSSL | 11:cee25a834751 | 189 | key->state = RSA_STATE_NONE; |
wolfSSL | 11:cee25a834751 | 190 | key->heap = heap; |
wolfSSL | 11:cee25a834751 | 191 | key->data = NULL; |
wolfSSL | 11:cee25a834751 | 192 | key->dataLen = 0; |
wolfSSL | 11:cee25a834751 | 193 | key->dataIsAlloc = 0; |
wolfSSL | 11:cee25a834751 | 194 | #ifdef WC_RSA_BLINDING |
wolfSSL | 11:cee25a834751 | 195 | key->rng = NULL; |
wolfSSL | 11:cee25a834751 | 196 | #endif |
wolfSSL | 11:cee25a834751 | 197 | |
wolfSSL | 11:cee25a834751 | 198 | #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_RSA) |
wolfSSL | 11:cee25a834751 | 199 | /* handle as async */ |
wolfSSL | 11:cee25a834751 | 200 | ret = wolfAsync_DevCtxInit(&key->asyncDev, WOLFSSL_ASYNC_MARKER_RSA, |
wolfSSL | 11:cee25a834751 | 201 | key->heap, devId); |
wolfSSL | 11:cee25a834751 | 202 | #ifdef WOLFSSL_CERT_GEN |
wolfSSL | 11:cee25a834751 | 203 | XMEMSET(&key->certSignCtx, 0, sizeof(CertSignCtx)); |
wolfSSL | 11:cee25a834751 | 204 | #endif |
wolfSSL | 11:cee25a834751 | 205 | #else |
wolfSSL | 11:cee25a834751 | 206 | (void)devId; |
wolfSSL | 11:cee25a834751 | 207 | #endif |
wolfSSL | 11:cee25a834751 | 208 | |
wolfSSL | 11:cee25a834751 | 209 | mp_init(&key->n); |
wolfSSL | 11:cee25a834751 | 210 | mp_init(&key->e); |
wolfSSL | 11:cee25a834751 | 211 | mp_init(&key->d); |
wolfSSL | 11:cee25a834751 | 212 | mp_init(&key->p); |
wolfSSL | 11:cee25a834751 | 213 | mp_init(&key->q); |
wolfSSL | 11:cee25a834751 | 214 | mp_init(&key->dP); |
wolfSSL | 11:cee25a834751 | 215 | mp_init(&key->dQ); |
wolfSSL | 11:cee25a834751 | 216 | mp_init(&key->u); |
wolfSSL | 11:cee25a834751 | 217 | |
wolfSSL | 11:cee25a834751 | 218 | return ret; |
wolfSSL | 11:cee25a834751 | 219 | } |
wolfSSL | 11:cee25a834751 | 220 | |
wolfSSL | 11:cee25a834751 | 221 | int wc_InitRsaKey(RsaKey* key, void* heap) |
wolfSSL | 11:cee25a834751 | 222 | { |
wolfSSL | 11:cee25a834751 | 223 | return wc_InitRsaKey_ex(key, heap, INVALID_DEVID); |
wolfSSL | 11:cee25a834751 | 224 | } |
wolfSSL | 11:cee25a834751 | 225 | |
wolfSSL | 11:cee25a834751 | 226 | int wc_FreeRsaKey(RsaKey* key) |
wolfSSL | 11:cee25a834751 | 227 | { |
wolfSSL | 11:cee25a834751 | 228 | int ret = 0; |
wolfSSL | 11:cee25a834751 | 229 | |
wolfSSL | 11:cee25a834751 | 230 | if (key == NULL) { |
wolfSSL | 11:cee25a834751 | 231 | return BAD_FUNC_ARG; |
wolfSSL | 11:cee25a834751 | 232 | } |
wolfSSL | 11:cee25a834751 | 233 | |
wolfSSL | 11:cee25a834751 | 234 | wc_RsaCleanup(key); |
wolfSSL | 11:cee25a834751 | 235 | |
wolfSSL | 11:cee25a834751 | 236 | #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_RSA) |
wolfSSL | 11:cee25a834751 | 237 | wolfAsync_DevCtxFree(&key->asyncDev, WOLFSSL_ASYNC_MARKER_RSA); |
wolfSSL | 11:cee25a834751 | 238 | #endif |
wolfSSL | 11:cee25a834751 | 239 | |
wolfSSL | 11:cee25a834751 | 240 | if (key->type == RSA_PRIVATE) { |
wolfSSL | 11:cee25a834751 | 241 | mp_forcezero(&key->u); |
wolfSSL | 11:cee25a834751 | 242 | mp_forcezero(&key->dQ); |
wolfSSL | 11:cee25a834751 | 243 | mp_forcezero(&key->dP); |
wolfSSL | 11:cee25a834751 | 244 | mp_forcezero(&key->q); |
wolfSSL | 11:cee25a834751 | 245 | mp_forcezero(&key->p); |
wolfSSL | 11:cee25a834751 | 246 | mp_forcezero(&key->d); |
wolfSSL | 11:cee25a834751 | 247 | } |
wolfSSL | 11:cee25a834751 | 248 | /* private part */ |
wolfSSL | 11:cee25a834751 | 249 | mp_clear(&key->u); |
wolfSSL | 11:cee25a834751 | 250 | mp_clear(&key->dQ); |
wolfSSL | 11:cee25a834751 | 251 | mp_clear(&key->dP); |
wolfSSL | 11:cee25a834751 | 252 | mp_clear(&key->q); |
wolfSSL | 11:cee25a834751 | 253 | mp_clear(&key->p); |
wolfSSL | 11:cee25a834751 | 254 | mp_clear(&key->d); |
wolfSSL | 11:cee25a834751 | 255 | |
wolfSSL | 11:cee25a834751 | 256 | /* public part */ |
wolfSSL | 11:cee25a834751 | 257 | mp_clear(&key->e); |
wolfSSL | 11:cee25a834751 | 258 | mp_clear(&key->n); |
wolfSSL | 11:cee25a834751 | 259 | |
wolfSSL | 11:cee25a834751 | 260 | return ret; |
wolfSSL | 11:cee25a834751 | 261 | } |
wolfSSL | 11:cee25a834751 | 262 | |
wolfSSL | 11:cee25a834751 | 263 | |
wolfSSL | 11:cee25a834751 | 264 | #ifndef WC_NO_RSA_OAEP |
wolfSSL | 11:cee25a834751 | 265 | /* Uses MGF1 standard as a mask generation function |
wolfSSL | 11:cee25a834751 | 266 | hType: hash type used |
wolfSSL | 11:cee25a834751 | 267 | seed: seed to use for generating mask |
wolfSSL | 11:cee25a834751 | 268 | seedSz: size of seed buffer |
wolfSSL | 11:cee25a834751 | 269 | out: mask output after generation |
wolfSSL | 11:cee25a834751 | 270 | outSz: size of output buffer |
wolfSSL | 11:cee25a834751 | 271 | */ |
wolfSSL | 11:cee25a834751 | 272 | static int RsaMGF1(enum wc_HashType hType, byte* seed, word32 seedSz, |
wolfSSL | 11:cee25a834751 | 273 | byte* out, word32 outSz, void* heap) |
wolfSSL | 11:cee25a834751 | 274 | { |
wolfSSL | 11:cee25a834751 | 275 | byte* tmp; |
wolfSSL | 11:cee25a834751 | 276 | /* needs to be large enough for seed size plus counter(4) */ |
wolfSSL | 11:cee25a834751 | 277 | byte tmpA[WC_MAX_DIGEST_SIZE + 4]; |
wolfSSL | 11:cee25a834751 | 278 | byte tmpF; /* 1 if dynamic memory needs freed */ |
wolfSSL | 11:cee25a834751 | 279 | word32 tmpSz; |
wolfSSL | 11:cee25a834751 | 280 | int hLen; |
wolfSSL | 11:cee25a834751 | 281 | int ret; |
wolfSSL | 11:cee25a834751 | 282 | word32 counter; |
wolfSSL | 11:cee25a834751 | 283 | word32 idx; |
wolfSSL | 11:cee25a834751 | 284 | hLen = wc_HashGetDigestSize(hType); |
wolfSSL | 11:cee25a834751 | 285 | counter = 0; |
wolfSSL | 11:cee25a834751 | 286 | idx = 0; |
wolfSSL | 11:cee25a834751 | 287 | |
wolfSSL | 11:cee25a834751 | 288 | (void)heap; |
wolfSSL | 11:cee25a834751 | 289 | |
wolfSSL | 11:cee25a834751 | 290 | /* check error return of wc_HashGetDigestSize */ |
wolfSSL | 11:cee25a834751 | 291 | if (hLen < 0) { |
wolfSSL | 11:cee25a834751 | 292 | return hLen; |
wolfSSL | 11:cee25a834751 | 293 | } |
wolfSSL | 11:cee25a834751 | 294 | |
wolfSSL | 11:cee25a834751 | 295 | /* if tmp is not large enough than use some dynamic memory */ |
wolfSSL | 11:cee25a834751 | 296 | if ((seedSz + 4) > sizeof(tmpA) || (word32)hLen > sizeof(tmpA)) { |
wolfSSL | 11:cee25a834751 | 297 | /* find largest amount of memory needed which will be the max of |
wolfSSL | 11:cee25a834751 | 298 | * hLen and (seedSz + 4) since tmp is used to store the hash digest */ |
wolfSSL | 11:cee25a834751 | 299 | tmpSz = ((seedSz + 4) > (word32)hLen)? seedSz + 4: (word32)hLen; |
wolfSSL | 11:cee25a834751 | 300 | tmp = (byte*)XMALLOC(tmpSz, heap, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 11:cee25a834751 | 301 | if (tmp == NULL) { |
wolfSSL | 11:cee25a834751 | 302 | return MEMORY_E; |
wolfSSL | 11:cee25a834751 | 303 | } |
wolfSSL | 11:cee25a834751 | 304 | tmpF = 1; /* make sure to free memory when done */ |
wolfSSL | 11:cee25a834751 | 305 | } |
wolfSSL | 11:cee25a834751 | 306 | else { |
wolfSSL | 11:cee25a834751 | 307 | /* use array on the stack */ |
wolfSSL | 11:cee25a834751 | 308 | tmpSz = sizeof(tmpA); |
wolfSSL | 11:cee25a834751 | 309 | tmp = tmpA; |
wolfSSL | 11:cee25a834751 | 310 | tmpF = 0; /* no need to free memory at end */ |
wolfSSL | 11:cee25a834751 | 311 | } |
wolfSSL | 11:cee25a834751 | 312 | |
wolfSSL | 11:cee25a834751 | 313 | do { |
wolfSSL | 11:cee25a834751 | 314 | int i = 0; |
wolfSSL | 11:cee25a834751 | 315 | XMEMCPY(tmp, seed, seedSz); |
wolfSSL | 11:cee25a834751 | 316 | |
wolfSSL | 11:cee25a834751 | 317 | /* counter to byte array appended to tmp */ |
wolfSSL | 11:cee25a834751 | 318 | tmp[seedSz] = (counter >> 24) & 0xFF; |
wolfSSL | 11:cee25a834751 | 319 | tmp[seedSz + 1] = (counter >> 16) & 0xFF; |
wolfSSL | 11:cee25a834751 | 320 | tmp[seedSz + 2] = (counter >> 8) & 0xFF; |
wolfSSL | 11:cee25a834751 | 321 | tmp[seedSz + 3] = (counter) & 0xFF; |
wolfSSL | 11:cee25a834751 | 322 | |
wolfSSL | 11:cee25a834751 | 323 | /* hash and append to existing output */ |
wolfSSL | 11:cee25a834751 | 324 | if ((ret = wc_Hash(hType, tmp, (seedSz + 4), tmp, tmpSz)) != 0) { |
wolfSSL | 11:cee25a834751 | 325 | /* check for if dynamic memory was needed, then free */ |
wolfSSL | 11:cee25a834751 | 326 | if (tmpF) { |
wolfSSL | 11:cee25a834751 | 327 | XFREE(tmp, heap, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 11:cee25a834751 | 328 | } |
wolfSSL | 11:cee25a834751 | 329 | return ret; |
wolfSSL | 11:cee25a834751 | 330 | } |
wolfSSL | 11:cee25a834751 | 331 | |
wolfSSL | 11:cee25a834751 | 332 | for (i = 0; i < hLen && idx < outSz; i++) { |
wolfSSL | 11:cee25a834751 | 333 | out[idx++] = tmp[i]; |
wolfSSL | 11:cee25a834751 | 334 | } |
wolfSSL | 11:cee25a834751 | 335 | counter++; |
wolfSSL | 11:cee25a834751 | 336 | } while (idx < outSz); |
wolfSSL | 11:cee25a834751 | 337 | |
wolfSSL | 11:cee25a834751 | 338 | /* check for if dynamic memory was needed, then free */ |
wolfSSL | 11:cee25a834751 | 339 | if (tmpF) { |
wolfSSL | 11:cee25a834751 | 340 | XFREE(tmp, heap, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 11:cee25a834751 | 341 | } |
wolfSSL | 11:cee25a834751 | 342 | |
wolfSSL | 11:cee25a834751 | 343 | return 0; |
wolfSSL | 11:cee25a834751 | 344 | } |
wolfSSL | 11:cee25a834751 | 345 | |
wolfSSL | 11:cee25a834751 | 346 | /* helper function to direct which mask generation function is used |
wolfSSL | 11:cee25a834751 | 347 | switeched on type input |
wolfSSL | 11:cee25a834751 | 348 | */ |
wolfSSL | 11:cee25a834751 | 349 | static int RsaMGF(int type, byte* seed, word32 seedSz, byte* out, |
wolfSSL | 11:cee25a834751 | 350 | word32 outSz, void* heap) |
wolfSSL | 11:cee25a834751 | 351 | { |
wolfSSL | 11:cee25a834751 | 352 | int ret; |
wolfSSL | 11:cee25a834751 | 353 | |
wolfSSL | 11:cee25a834751 | 354 | switch(type) { |
wolfSSL | 11:cee25a834751 | 355 | #ifndef NO_SHA |
wolfSSL | 11:cee25a834751 | 356 | case WC_MGF1SHA1: |
wolfSSL | 11:cee25a834751 | 357 | ret = RsaMGF1(WC_HASH_TYPE_SHA, seed, seedSz, out, outSz, heap); |
wolfSSL | 11:cee25a834751 | 358 | break; |
wolfSSL | 11:cee25a834751 | 359 | #endif |
wolfSSL | 11:cee25a834751 | 360 | #ifndef NO_SHA256 |
wolfSSL | 11:cee25a834751 | 361 | #ifdef WOLFSSL_SHA224 |
wolfSSL | 11:cee25a834751 | 362 | case WC_MGF1SHA224: |
wolfSSL | 11:cee25a834751 | 363 | ret = RsaMGF1(WC_HASH_TYPE_SHA224, seed, seedSz, out, outSz, heap); |
wolfSSL | 11:cee25a834751 | 364 | break; |
wolfSSL | 11:cee25a834751 | 365 | #endif |
wolfSSL | 11:cee25a834751 | 366 | case WC_MGF1SHA256: |
wolfSSL | 11:cee25a834751 | 367 | ret = RsaMGF1(WC_HASH_TYPE_SHA256, seed, seedSz, out, outSz, heap); |
wolfSSL | 11:cee25a834751 | 368 | break; |
wolfSSL | 11:cee25a834751 | 369 | #endif |
wolfSSL | 11:cee25a834751 | 370 | #ifdef WOLFSSL_SHA512 |
wolfSSL | 11:cee25a834751 | 371 | #ifdef WOLFSSL_SHA384 |
wolfSSL | 11:cee25a834751 | 372 | case WC_MGF1SHA384: |
wolfSSL | 11:cee25a834751 | 373 | ret = RsaMGF1(WC_HASH_TYPE_SHA384, seed, seedSz, out, outSz, heap); |
wolfSSL | 11:cee25a834751 | 374 | break; |
wolfSSL | 11:cee25a834751 | 375 | #endif |
wolfSSL | 11:cee25a834751 | 376 | case WC_MGF1SHA512: |
wolfSSL | 11:cee25a834751 | 377 | ret = RsaMGF1(WC_HASH_TYPE_SHA512, seed, seedSz, out, outSz, heap); |
wolfSSL | 11:cee25a834751 | 378 | break; |
wolfSSL | 11:cee25a834751 | 379 | #endif |
wolfSSL | 11:cee25a834751 | 380 | default: |
wolfSSL | 11:cee25a834751 | 381 | WOLFSSL_MSG("Unknown MGF type: check build options"); |
wolfSSL | 11:cee25a834751 | 382 | ret = BAD_FUNC_ARG; |
wolfSSL | 11:cee25a834751 | 383 | } |
wolfSSL | 11:cee25a834751 | 384 | |
wolfSSL | 11:cee25a834751 | 385 | /* in case of default avoid unused warning */ |
wolfSSL | 11:cee25a834751 | 386 | (void)seed; |
wolfSSL | 11:cee25a834751 | 387 | (void)seedSz; |
wolfSSL | 11:cee25a834751 | 388 | (void)out; |
wolfSSL | 11:cee25a834751 | 389 | (void)outSz; |
wolfSSL | 11:cee25a834751 | 390 | (void)heap; |
wolfSSL | 11:cee25a834751 | 391 | |
wolfSSL | 11:cee25a834751 | 392 | return ret; |
wolfSSL | 11:cee25a834751 | 393 | } |
wolfSSL | 11:cee25a834751 | 394 | #endif /* !WC_NO_RSA_OAEP */ |
wolfSSL | 11:cee25a834751 | 395 | |
wolfSSL | 11:cee25a834751 | 396 | |
wolfSSL | 11:cee25a834751 | 397 | /* Padding */ |
wolfSSL | 11:cee25a834751 | 398 | #ifndef WC_NO_RSA_OAEP |
wolfSSL | 11:cee25a834751 | 399 | static int RsaPad_OAEP(const byte* input, word32 inputLen, byte* pkcsBlock, |
wolfSSL | 11:cee25a834751 | 400 | word32 pkcsBlockLen, byte padValue, WC_RNG* rng, |
wolfSSL | 11:cee25a834751 | 401 | enum wc_HashType hType, int mgf, byte* optLabel, word32 labelLen, |
wolfSSL | 11:cee25a834751 | 402 | void* heap) |
wolfSSL | 11:cee25a834751 | 403 | { |
wolfSSL | 11:cee25a834751 | 404 | int ret; |
wolfSSL | 11:cee25a834751 | 405 | int hLen; |
wolfSSL | 11:cee25a834751 | 406 | int psLen; |
wolfSSL | 11:cee25a834751 | 407 | int i; |
wolfSSL | 11:cee25a834751 | 408 | word32 idx; |
wolfSSL | 11:cee25a834751 | 409 | |
wolfSSL | 11:cee25a834751 | 410 | byte* dbMask; |
wolfSSL | 11:cee25a834751 | 411 | |
wolfSSL | 11:cee25a834751 | 412 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 11:cee25a834751 | 413 | byte* lHash = NULL; |
wolfSSL | 11:cee25a834751 | 414 | byte* seed = NULL; |
wolfSSL | 11:cee25a834751 | 415 | #else |
wolfSSL | 11:cee25a834751 | 416 | /* must be large enough to contain largest hash */ |
wolfSSL | 11:cee25a834751 | 417 | byte lHash[WC_MAX_DIGEST_SIZE]; |
wolfSSL | 11:cee25a834751 | 418 | byte seed[ WC_MAX_DIGEST_SIZE]; |
wolfSSL | 11:cee25a834751 | 419 | #endif |
wolfSSL | 11:cee25a834751 | 420 | |
wolfSSL | 11:cee25a834751 | 421 | /* no label is allowed, but catch if no label provided and length > 0 */ |
wolfSSL | 11:cee25a834751 | 422 | if (optLabel == NULL && labelLen > 0) { |
wolfSSL | 11:cee25a834751 | 423 | return BUFFER_E; |
wolfSSL | 11:cee25a834751 | 424 | } |
wolfSSL | 11:cee25a834751 | 425 | |
wolfSSL | 11:cee25a834751 | 426 | /* limit of label is the same as limit of hash function which is massive */ |
wolfSSL | 11:cee25a834751 | 427 | hLen = wc_HashGetDigestSize(hType); |
wolfSSL | 11:cee25a834751 | 428 | if (hLen < 0) { |
wolfSSL | 11:cee25a834751 | 429 | return hLen; |
wolfSSL | 11:cee25a834751 | 430 | } |
wolfSSL | 11:cee25a834751 | 431 | |
wolfSSL | 11:cee25a834751 | 432 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 11:cee25a834751 | 433 | lHash = (byte*)XMALLOC(hLen, heap, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 11:cee25a834751 | 434 | if (lHash == NULL) { |
wolfSSL | 11:cee25a834751 | 435 | return MEMORY_E; |
wolfSSL | 11:cee25a834751 | 436 | } |
wolfSSL | 11:cee25a834751 | 437 | seed = (byte*)XMALLOC(hLen, heap, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 11:cee25a834751 | 438 | if (seed == NULL) { |
wolfSSL | 11:cee25a834751 | 439 | XFREE(lHash, heap, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 11:cee25a834751 | 440 | return MEMORY_E; |
wolfSSL | 11:cee25a834751 | 441 | } |
wolfSSL | 11:cee25a834751 | 442 | #else |
wolfSSL | 11:cee25a834751 | 443 | /* hLen should never be larger than lHash since size is max digest size, |
wolfSSL | 11:cee25a834751 | 444 | but check before blindly calling wc_Hash */ |
wolfSSL | 11:cee25a834751 | 445 | if ((word32)hLen > sizeof(lHash)) { |
wolfSSL | 11:cee25a834751 | 446 | WOLFSSL_MSG("OAEP lHash to small for digest!!"); |
wolfSSL | 11:cee25a834751 | 447 | return MEMORY_E; |
wolfSSL | 11:cee25a834751 | 448 | } |
wolfSSL | 11:cee25a834751 | 449 | #endif |
wolfSSL | 11:cee25a834751 | 450 | |
wolfSSL | 11:cee25a834751 | 451 | if ((ret = wc_Hash(hType, optLabel, labelLen, lHash, hLen)) != 0) { |
wolfSSL | 11:cee25a834751 | 452 | WOLFSSL_MSG("OAEP hash type possibly not supported or lHash to small"); |
wolfSSL | 11:cee25a834751 | 453 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 11:cee25a834751 | 454 | XFREE(lHash, heap, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 11:cee25a834751 | 455 | XFREE(seed, heap, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 11:cee25a834751 | 456 | #endif |
wolfSSL | 11:cee25a834751 | 457 | return ret; |
wolfSSL | 11:cee25a834751 | 458 | } |
wolfSSL | 11:cee25a834751 | 459 | |
wolfSSL | 11:cee25a834751 | 460 | /* handles check of location for idx as well as psLen, cast to int to check |
wolfSSL | 11:cee25a834751 | 461 | for pkcsBlockLen(k) - 2 * hLen - 2 being negative |
wolfSSL | 11:cee25a834751 | 462 | This check is similar to decryption where k > 2 * hLen + 2 as msg |
wolfSSL | 11:cee25a834751 | 463 | size aproaches 0. In decryption if k is less than or equal -- then there |
wolfSSL | 11:cee25a834751 | 464 | is no possible room for msg. |
wolfSSL | 11:cee25a834751 | 465 | k = RSA key size |
wolfSSL | 11:cee25a834751 | 466 | hLen = hash digest size -- will always be >= 0 at this point |
wolfSSL | 11:cee25a834751 | 467 | */ |
wolfSSL | 11:cee25a834751 | 468 | if ((word32)(2 * hLen + 2) > pkcsBlockLen) { |
wolfSSL | 11:cee25a834751 | 469 | WOLFSSL_MSG("OAEP pad error hash to big for RSA key size"); |
wolfSSL | 11:cee25a834751 | 470 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 11:cee25a834751 | 471 | XFREE(lHash, heap, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 11:cee25a834751 | 472 | XFREE(seed, heap, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 11:cee25a834751 | 473 | #endif |
wolfSSL | 11:cee25a834751 | 474 | return BAD_FUNC_ARG; |
wolfSSL | 11:cee25a834751 | 475 | } |
wolfSSL | 11:cee25a834751 | 476 | |
wolfSSL | 11:cee25a834751 | 477 | if (inputLen > (pkcsBlockLen - 2 * hLen - 2)) { |
wolfSSL | 11:cee25a834751 | 478 | WOLFSSL_MSG("OAEP pad error message too long"); |
wolfSSL | 11:cee25a834751 | 479 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 11:cee25a834751 | 480 | XFREE(lHash, heap, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 11:cee25a834751 | 481 | XFREE(seed, heap, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 11:cee25a834751 | 482 | #endif |
wolfSSL | 11:cee25a834751 | 483 | return BAD_FUNC_ARG; |
wolfSSL | 11:cee25a834751 | 484 | } |
wolfSSL | 11:cee25a834751 | 485 | |
wolfSSL | 11:cee25a834751 | 486 | /* concatenate lHash || PS || 0x01 || msg */ |
wolfSSL | 11:cee25a834751 | 487 | idx = pkcsBlockLen - 1 - inputLen; |
wolfSSL | 11:cee25a834751 | 488 | psLen = pkcsBlockLen - inputLen - 2 * hLen - 2; |
wolfSSL | 11:cee25a834751 | 489 | if (pkcsBlockLen < inputLen) { /*make sure not writing over end of buffer */ |
wolfSSL | 11:cee25a834751 | 490 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 11:cee25a834751 | 491 | XFREE(lHash, heap, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 11:cee25a834751 | 492 | XFREE(seed, heap, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 11:cee25a834751 | 493 | #endif |
wolfSSL | 11:cee25a834751 | 494 | return BUFFER_E; |
wolfSSL | 11:cee25a834751 | 495 | } |
wolfSSL | 11:cee25a834751 | 496 | XMEMCPY(pkcsBlock + (pkcsBlockLen - inputLen), input, inputLen); |
wolfSSL | 11:cee25a834751 | 497 | pkcsBlock[idx--] = 0x01; /* PS and M separator */ |
wolfSSL | 11:cee25a834751 | 498 | while (psLen > 0 && idx > 0) { |
wolfSSL | 11:cee25a834751 | 499 | pkcsBlock[idx--] = 0x00; |
wolfSSL | 11:cee25a834751 | 500 | psLen--; |
wolfSSL | 11:cee25a834751 | 501 | } |
wolfSSL | 11:cee25a834751 | 502 | |
wolfSSL | 11:cee25a834751 | 503 | idx = idx - hLen + 1; |
wolfSSL | 11:cee25a834751 | 504 | XMEMCPY(pkcsBlock + idx, lHash, hLen); |
wolfSSL | 11:cee25a834751 | 505 | |
wolfSSL | 11:cee25a834751 | 506 | /* generate random seed */ |
wolfSSL | 11:cee25a834751 | 507 | if ((ret = wc_RNG_GenerateBlock(rng, seed, hLen)) != 0) { |
wolfSSL | 11:cee25a834751 | 508 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 11:cee25a834751 | 509 | XFREE(lHash, heap, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 11:cee25a834751 | 510 | XFREE(seed, heap, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 11:cee25a834751 | 511 | #endif |
wolfSSL | 11:cee25a834751 | 512 | return ret; |
wolfSSL | 11:cee25a834751 | 513 | } |
wolfSSL | 11:cee25a834751 | 514 | |
wolfSSL | 11:cee25a834751 | 515 | /* create maskedDB from dbMask */ |
wolfSSL | 11:cee25a834751 | 516 | dbMask = (byte*)XMALLOC(pkcsBlockLen - hLen - 1, heap, DYNAMIC_TYPE_RSA); |
wolfSSL | 11:cee25a834751 | 517 | if (dbMask == NULL) { |
wolfSSL | 11:cee25a834751 | 518 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 11:cee25a834751 | 519 | XFREE(lHash, heap, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 11:cee25a834751 | 520 | XFREE(seed, heap, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 11:cee25a834751 | 521 | #endif |
wolfSSL | 11:cee25a834751 | 522 | return MEMORY_E; |
wolfSSL | 11:cee25a834751 | 523 | } |
wolfSSL | 11:cee25a834751 | 524 | XMEMSET(dbMask, 0, pkcsBlockLen - hLen - 1); /* help static analyzer */ |
wolfSSL | 11:cee25a834751 | 525 | |
wolfSSL | 11:cee25a834751 | 526 | ret = RsaMGF(mgf, seed, hLen, dbMask, pkcsBlockLen - hLen - 1, heap); |
wolfSSL | 11:cee25a834751 | 527 | if (ret != 0) { |
wolfSSL | 11:cee25a834751 | 528 | XFREE(dbMask, heap, DYNAMIC_TYPE_RSA); |
wolfSSL | 11:cee25a834751 | 529 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 11:cee25a834751 | 530 | XFREE(lHash, heap, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 11:cee25a834751 | 531 | XFREE(seed, heap, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 11:cee25a834751 | 532 | #endif |
wolfSSL | 11:cee25a834751 | 533 | return ret; |
wolfSSL | 11:cee25a834751 | 534 | } |
wolfSSL | 11:cee25a834751 | 535 | |
wolfSSL | 11:cee25a834751 | 536 | i = 0; |
wolfSSL | 11:cee25a834751 | 537 | idx = hLen + 1; |
wolfSSL | 11:cee25a834751 | 538 | while (idx < pkcsBlockLen && (word32)i < (pkcsBlockLen - hLen -1)) { |
wolfSSL | 11:cee25a834751 | 539 | pkcsBlock[idx] = dbMask[i++] ^ pkcsBlock[idx]; |
wolfSSL | 11:cee25a834751 | 540 | idx++; |
wolfSSL | 11:cee25a834751 | 541 | } |
wolfSSL | 11:cee25a834751 | 542 | XFREE(dbMask, heap, DYNAMIC_TYPE_RSA); |
wolfSSL | 11:cee25a834751 | 543 | |
wolfSSL | 11:cee25a834751 | 544 | |
wolfSSL | 11:cee25a834751 | 545 | /* create maskedSeed from seedMask */ |
wolfSSL | 11:cee25a834751 | 546 | idx = 0; |
wolfSSL | 11:cee25a834751 | 547 | pkcsBlock[idx++] = 0x00; |
wolfSSL | 11:cee25a834751 | 548 | /* create seedMask inline */ |
wolfSSL | 11:cee25a834751 | 549 | if ((ret = RsaMGF(mgf, pkcsBlock + hLen + 1, pkcsBlockLen - hLen - 1, |
wolfSSL | 11:cee25a834751 | 550 | pkcsBlock + 1, hLen, heap)) != 0) { |
wolfSSL | 11:cee25a834751 | 551 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 11:cee25a834751 | 552 | XFREE(lHash, heap, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 11:cee25a834751 | 553 | XFREE(seed, heap, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 11:cee25a834751 | 554 | #endif |
wolfSSL | 11:cee25a834751 | 555 | return ret; |
wolfSSL | 11:cee25a834751 | 556 | } |
wolfSSL | 11:cee25a834751 | 557 | |
wolfSSL | 11:cee25a834751 | 558 | /* xor created seedMask with seed to make maskedSeed */ |
wolfSSL | 11:cee25a834751 | 559 | i = 0; |
wolfSSL | 11:cee25a834751 | 560 | while (idx < (word32)(hLen + 1) && i < hLen) { |
wolfSSL | 11:cee25a834751 | 561 | pkcsBlock[idx] = pkcsBlock[idx] ^ seed[i++]; |
wolfSSL | 11:cee25a834751 | 562 | idx++; |
wolfSSL | 11:cee25a834751 | 563 | } |
wolfSSL | 11:cee25a834751 | 564 | |
wolfSSL | 11:cee25a834751 | 565 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 11:cee25a834751 | 566 | XFREE(lHash, heap, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 11:cee25a834751 | 567 | XFREE(seed, heap, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 11:cee25a834751 | 568 | #endif |
wolfSSL | 11:cee25a834751 | 569 | (void)padValue; |
wolfSSL | 11:cee25a834751 | 570 | |
wolfSSL | 11:cee25a834751 | 571 | return 0; |
wolfSSL | 11:cee25a834751 | 572 | } |
wolfSSL | 11:cee25a834751 | 573 | #endif /* !WC_NO_RSA_OAEP */ |
wolfSSL | 11:cee25a834751 | 574 | |
wolfSSL | 11:cee25a834751 | 575 | |
wolfSSL | 11:cee25a834751 | 576 | static int RsaPad(const byte* input, word32 inputLen, byte* pkcsBlock, |
wolfSSL | 11:cee25a834751 | 577 | word32 pkcsBlockLen, byte padValue, WC_RNG* rng) |
wolfSSL | 11:cee25a834751 | 578 | { |
wolfSSL | 11:cee25a834751 | 579 | if (input == NULL || inputLen == 0 || pkcsBlock == NULL || |
wolfSSL | 11:cee25a834751 | 580 | pkcsBlockLen == 0) { |
wolfSSL | 11:cee25a834751 | 581 | return BAD_FUNC_ARG; |
wolfSSL | 11:cee25a834751 | 582 | } |
wolfSSL | 11:cee25a834751 | 583 | |
wolfSSL | 11:cee25a834751 | 584 | pkcsBlock[0] = 0x0; /* set first byte to zero and advance */ |
wolfSSL | 11:cee25a834751 | 585 | pkcsBlock++; pkcsBlockLen--; |
wolfSSL | 11:cee25a834751 | 586 | pkcsBlock[0] = padValue; /* insert padValue */ |
wolfSSL | 11:cee25a834751 | 587 | |
wolfSSL | 11:cee25a834751 | 588 | if (padValue == RSA_BLOCK_TYPE_1) { |
wolfSSL | 11:cee25a834751 | 589 | if (pkcsBlockLen < inputLen + 2) { |
wolfSSL | 11:cee25a834751 | 590 | WOLFSSL_MSG("RsaPad error, invalid length"); |
wolfSSL | 11:cee25a834751 | 591 | return RSA_PAD_E; |
wolfSSL | 11:cee25a834751 | 592 | } |
wolfSSL | 11:cee25a834751 | 593 | |
wolfSSL | 11:cee25a834751 | 594 | /* pad with 0xff bytes */ |
wolfSSL | 11:cee25a834751 | 595 | XMEMSET(&pkcsBlock[1], 0xFF, pkcsBlockLen - inputLen - 2); |
wolfSSL | 11:cee25a834751 | 596 | } |
wolfSSL | 11:cee25a834751 | 597 | else { |
wolfSSL | 11:cee25a834751 | 598 | /* pad with non-zero random bytes */ |
wolfSSL | 11:cee25a834751 | 599 | word32 padLen, i; |
wolfSSL | 11:cee25a834751 | 600 | int ret; |
wolfSSL | 11:cee25a834751 | 601 | |
wolfSSL | 11:cee25a834751 | 602 | if (pkcsBlockLen < inputLen + 1) { |
wolfSSL | 11:cee25a834751 | 603 | WOLFSSL_MSG("RsaPad error, invalid length"); |
wolfSSL | 11:cee25a834751 | 604 | return RSA_PAD_E; |
wolfSSL | 11:cee25a834751 | 605 | } |
wolfSSL | 11:cee25a834751 | 606 | |
wolfSSL | 11:cee25a834751 | 607 | padLen = pkcsBlockLen - inputLen - 1; |
wolfSSL | 11:cee25a834751 | 608 | ret = wc_RNG_GenerateBlock(rng, &pkcsBlock[1], padLen); |
wolfSSL | 11:cee25a834751 | 609 | if (ret != 0) { |
wolfSSL | 11:cee25a834751 | 610 | return ret; |
wolfSSL | 11:cee25a834751 | 611 | } |
wolfSSL | 11:cee25a834751 | 612 | |
wolfSSL | 11:cee25a834751 | 613 | /* remove zeros */ |
wolfSSL | 11:cee25a834751 | 614 | for (i = 1; i < padLen; i++) { |
wolfSSL | 11:cee25a834751 | 615 | if (pkcsBlock[i] == 0) pkcsBlock[i] = 0x01; |
wolfSSL | 11:cee25a834751 | 616 | } |
wolfSSL | 11:cee25a834751 | 617 | } |
wolfSSL | 11:cee25a834751 | 618 | |
wolfSSL | 11:cee25a834751 | 619 | pkcsBlock[pkcsBlockLen-inputLen-1] = 0; /* separator */ |
wolfSSL | 11:cee25a834751 | 620 | XMEMCPY(pkcsBlock+pkcsBlockLen-inputLen, input, inputLen); |
wolfSSL | 11:cee25a834751 | 621 | |
wolfSSL | 11:cee25a834751 | 622 | return 0; |
wolfSSL | 11:cee25a834751 | 623 | } |
wolfSSL | 11:cee25a834751 | 624 | |
wolfSSL | 11:cee25a834751 | 625 | /* helper function to direct which padding is used */ |
wolfSSL | 11:cee25a834751 | 626 | static int wc_RsaPad_ex(const byte* input, word32 inputLen, byte* pkcsBlock, |
wolfSSL | 11:cee25a834751 | 627 | word32 pkcsBlockLen, byte padValue, WC_RNG* rng, int padType, |
wolfSSL | 11:cee25a834751 | 628 | enum wc_HashType hType, int mgf, byte* optLabel, word32 labelLen, |
wolfSSL | 11:cee25a834751 | 629 | void* heap) |
wolfSSL | 11:cee25a834751 | 630 | { |
wolfSSL | 11:cee25a834751 | 631 | int ret; |
wolfSSL | 11:cee25a834751 | 632 | |
wolfSSL | 11:cee25a834751 | 633 | switch (padType) |
wolfSSL | 11:cee25a834751 | 634 | { |
wolfSSL | 11:cee25a834751 | 635 | case WC_RSA_PKCSV15_PAD: |
wolfSSL | 11:cee25a834751 | 636 | /*WOLFSSL_MSG("wolfSSL Using RSA PKCSV15 padding");*/ |
wolfSSL | 11:cee25a834751 | 637 | ret = RsaPad(input, inputLen, pkcsBlock, pkcsBlockLen, |
wolfSSL | 11:cee25a834751 | 638 | padValue, rng); |
wolfSSL | 11:cee25a834751 | 639 | break; |
wolfSSL | 11:cee25a834751 | 640 | |
wolfSSL | 11:cee25a834751 | 641 | #ifndef WC_NO_RSA_OAEP |
wolfSSL | 11:cee25a834751 | 642 | case WC_RSA_OAEP_PAD: |
wolfSSL | 11:cee25a834751 | 643 | WOLFSSL_MSG("wolfSSL Using RSA OAEP padding"); |
wolfSSL | 11:cee25a834751 | 644 | ret = RsaPad_OAEP(input, inputLen, pkcsBlock, pkcsBlockLen, |
wolfSSL | 11:cee25a834751 | 645 | padValue, rng, hType, mgf, optLabel, labelLen, heap); |
wolfSSL | 11:cee25a834751 | 646 | break; |
wolfSSL | 11:cee25a834751 | 647 | #endif |
wolfSSL | 11:cee25a834751 | 648 | default: |
wolfSSL | 11:cee25a834751 | 649 | WOLFSSL_MSG("Unknown RSA Pad Type"); |
wolfSSL | 11:cee25a834751 | 650 | ret = RSA_PAD_E; |
wolfSSL | 11:cee25a834751 | 651 | } |
wolfSSL | 11:cee25a834751 | 652 | |
wolfSSL | 11:cee25a834751 | 653 | /* silence warning if not used with padding scheme */ |
wolfSSL | 11:cee25a834751 | 654 | (void)hType; |
wolfSSL | 11:cee25a834751 | 655 | (void)mgf; |
wolfSSL | 11:cee25a834751 | 656 | (void)optLabel; |
wolfSSL | 11:cee25a834751 | 657 | (void)labelLen; |
wolfSSL | 11:cee25a834751 | 658 | (void)heap; |
wolfSSL | 11:cee25a834751 | 659 | |
wolfSSL | 11:cee25a834751 | 660 | return ret; |
wolfSSL | 11:cee25a834751 | 661 | } |
wolfSSL | 11:cee25a834751 | 662 | |
wolfSSL | 11:cee25a834751 | 663 | |
wolfSSL | 11:cee25a834751 | 664 | /* UnPadding */ |
wolfSSL | 11:cee25a834751 | 665 | #ifndef WC_NO_RSA_OAEP |
wolfSSL | 11:cee25a834751 | 666 | /* UnPad plaintext, set start to *output, return length of plaintext, |
wolfSSL | 11:cee25a834751 | 667 | * < 0 on error */ |
wolfSSL | 11:cee25a834751 | 668 | static int RsaUnPad_OAEP(byte *pkcsBlock, unsigned int pkcsBlockLen, |
wolfSSL | 11:cee25a834751 | 669 | byte **output, enum wc_HashType hType, int mgf, |
wolfSSL | 11:cee25a834751 | 670 | byte* optLabel, word32 labelLen, void* heap) |
wolfSSL | 11:cee25a834751 | 671 | { |
wolfSSL | 11:cee25a834751 | 672 | int hLen; |
wolfSSL | 11:cee25a834751 | 673 | int ret; |
wolfSSL | 11:cee25a834751 | 674 | byte h[WC_MAX_DIGEST_SIZE]; /* max digest size */ |
wolfSSL | 11:cee25a834751 | 675 | byte* tmp; |
wolfSSL | 11:cee25a834751 | 676 | word32 idx; |
wolfSSL | 11:cee25a834751 | 677 | |
wolfSSL | 11:cee25a834751 | 678 | /* no label is allowed, but catch if no label provided and length > 0 */ |
wolfSSL | 11:cee25a834751 | 679 | if (optLabel == NULL && labelLen > 0) { |
wolfSSL | 11:cee25a834751 | 680 | return BUFFER_E; |
wolfSSL | 11:cee25a834751 | 681 | } |
wolfSSL | 11:cee25a834751 | 682 | |
wolfSSL | 11:cee25a834751 | 683 | hLen = wc_HashGetDigestSize(hType); |
wolfSSL | 11:cee25a834751 | 684 | if ((hLen < 0) || (pkcsBlockLen < (2 * (word32)hLen + 2))) { |
wolfSSL | 11:cee25a834751 | 685 | return BAD_FUNC_ARG; |
wolfSSL | 11:cee25a834751 | 686 | } |
wolfSSL | 11:cee25a834751 | 687 | |
wolfSSL | 11:cee25a834751 | 688 | tmp = (byte*)XMALLOC(pkcsBlockLen, heap, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 11:cee25a834751 | 689 | if (tmp == NULL) { |
wolfSSL | 11:cee25a834751 | 690 | return MEMORY_E; |
wolfSSL | 11:cee25a834751 | 691 | } |
wolfSSL | 11:cee25a834751 | 692 | XMEMSET(tmp, 0, pkcsBlockLen); |
wolfSSL | 11:cee25a834751 | 693 | |
wolfSSL | 11:cee25a834751 | 694 | /* find seedMask value */ |
wolfSSL | 11:cee25a834751 | 695 | if ((ret = RsaMGF(mgf, (byte*)(pkcsBlock + (hLen + 1)), |
wolfSSL | 11:cee25a834751 | 696 | pkcsBlockLen - hLen - 1, tmp, hLen, heap)) != 0) { |
wolfSSL | 11:cee25a834751 | 697 | XFREE(tmp, heap, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 11:cee25a834751 | 698 | return ret; |
wolfSSL | 11:cee25a834751 | 699 | } |
wolfSSL | 11:cee25a834751 | 700 | |
wolfSSL | 11:cee25a834751 | 701 | /* xor seedMask value with maskedSeed to get seed value */ |
wolfSSL | 11:cee25a834751 | 702 | for (idx = 0; idx < (word32)hLen; idx++) { |
wolfSSL | 11:cee25a834751 | 703 | tmp[idx] = tmp[idx] ^ pkcsBlock[1 + idx]; |
wolfSSL | 11:cee25a834751 | 704 | } |
wolfSSL | 11:cee25a834751 | 705 | |
wolfSSL | 11:cee25a834751 | 706 | /* get dbMask value */ |
wolfSSL | 11:cee25a834751 | 707 | if ((ret = RsaMGF(mgf, tmp, hLen, tmp + hLen, |
wolfSSL | 11:cee25a834751 | 708 | pkcsBlockLen - hLen - 1, heap)) != 0) { |
wolfSSL | 11:cee25a834751 | 709 | XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 11:cee25a834751 | 710 | return ret; |
wolfSSL | 11:cee25a834751 | 711 | } |
wolfSSL | 11:cee25a834751 | 712 | |
wolfSSL | 11:cee25a834751 | 713 | /* get DB value by doing maskedDB xor dbMask */ |
wolfSSL | 11:cee25a834751 | 714 | for (idx = 0; idx < (pkcsBlockLen - hLen - 1); idx++) { |
wolfSSL | 11:cee25a834751 | 715 | pkcsBlock[hLen + 1 + idx] = pkcsBlock[hLen + 1 + idx] ^ tmp[idx + hLen]; |
wolfSSL | 11:cee25a834751 | 716 | } |
wolfSSL | 11:cee25a834751 | 717 | |
wolfSSL | 11:cee25a834751 | 718 | /* done with use of tmp buffer */ |
wolfSSL | 11:cee25a834751 | 719 | XFREE(tmp, heap, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 11:cee25a834751 | 720 | |
wolfSSL | 11:cee25a834751 | 721 | /* advance idx to index of PS and msg separator, account for PS size of 0*/ |
wolfSSL | 11:cee25a834751 | 722 | idx = hLen + 1 + hLen; |
wolfSSL | 11:cee25a834751 | 723 | while (idx < pkcsBlockLen && pkcsBlock[idx] == 0) {idx++;} |
wolfSSL | 11:cee25a834751 | 724 | |
wolfSSL | 11:cee25a834751 | 725 | /* create hash of label for comparision with hash sent */ |
wolfSSL | 11:cee25a834751 | 726 | if ((ret = wc_Hash(hType, optLabel, labelLen, h, hLen)) != 0) { |
wolfSSL | 11:cee25a834751 | 727 | return ret; |
wolfSSL | 11:cee25a834751 | 728 | } |
wolfSSL | 11:cee25a834751 | 729 | |
wolfSSL | 11:cee25a834751 | 730 | /* say no to chosen ciphertext attack. |
wolfSSL | 11:cee25a834751 | 731 | Comparison of lHash, Y, and separator value needs to all happen in |
wolfSSL | 11:cee25a834751 | 732 | constant time. |
wolfSSL | 11:cee25a834751 | 733 | Attackers should not be able to get error condition from the timing of |
wolfSSL | 11:cee25a834751 | 734 | these checks. |
wolfSSL | 11:cee25a834751 | 735 | */ |
wolfSSL | 11:cee25a834751 | 736 | ret = 0; |
wolfSSL | 11:cee25a834751 | 737 | ret |= ConstantCompare(pkcsBlock + hLen + 1, h, hLen); |
wolfSSL | 11:cee25a834751 | 738 | ret += pkcsBlock[idx++] ^ 0x01; /* separator value is 0x01 */ |
wolfSSL | 11:cee25a834751 | 739 | ret += pkcsBlock[0] ^ 0x00; /* Y, the first value, should be 0 */ |
wolfSSL | 11:cee25a834751 | 740 | |
wolfSSL | 11:cee25a834751 | 741 | if (ret != 0) { |
wolfSSL | 11:cee25a834751 | 742 | return BAD_PADDING_E; |
wolfSSL | 11:cee25a834751 | 743 | } |
wolfSSL | 11:cee25a834751 | 744 | |
wolfSSL | 11:cee25a834751 | 745 | /* adjust pointer to correct location in array and return size of M */ |
wolfSSL | 11:cee25a834751 | 746 | *output = (byte*)(pkcsBlock + idx); |
wolfSSL | 11:cee25a834751 | 747 | return pkcsBlockLen - idx; |
wolfSSL | 11:cee25a834751 | 748 | } |
wolfSSL | 11:cee25a834751 | 749 | #endif /* WC_NO_RSA_OAEP */ |
wolfSSL | 11:cee25a834751 | 750 | |
wolfSSL | 11:cee25a834751 | 751 | |
wolfSSL | 11:cee25a834751 | 752 | /* UnPad plaintext, set start to *output, return length of plaintext, |
wolfSSL | 11:cee25a834751 | 753 | * < 0 on error */ |
wolfSSL | 11:cee25a834751 | 754 | static int RsaUnPad(const byte *pkcsBlock, unsigned int pkcsBlockLen, |
wolfSSL | 11:cee25a834751 | 755 | byte **output, byte padValue) |
wolfSSL | 11:cee25a834751 | 756 | { |
wolfSSL | 11:cee25a834751 | 757 | word32 maxOutputLen = (pkcsBlockLen > 10) ? (pkcsBlockLen - 10) : 0; |
wolfSSL | 11:cee25a834751 | 758 | word32 invalid = 0; |
wolfSSL | 11:cee25a834751 | 759 | word32 i = 1; |
wolfSSL | 11:cee25a834751 | 760 | word32 outputLen; |
wolfSSL | 11:cee25a834751 | 761 | |
wolfSSL | 11:cee25a834751 | 762 | if (output == NULL || pkcsBlockLen == 0) { |
wolfSSL | 11:cee25a834751 | 763 | return BAD_FUNC_ARG; |
wolfSSL | 11:cee25a834751 | 764 | } |
wolfSSL | 11:cee25a834751 | 765 | |
wolfSSL | 11:cee25a834751 | 766 | if (pkcsBlock[0] != 0x0) { /* skip past zero */ |
wolfSSL | 11:cee25a834751 | 767 | invalid = 1; |
wolfSSL | 11:cee25a834751 | 768 | } |
wolfSSL | 11:cee25a834751 | 769 | pkcsBlock++; pkcsBlockLen--; |
wolfSSL | 11:cee25a834751 | 770 | |
wolfSSL | 11:cee25a834751 | 771 | /* Require block type padValue */ |
wolfSSL | 11:cee25a834751 | 772 | invalid = (pkcsBlock[0] != padValue) || invalid; |
wolfSSL | 11:cee25a834751 | 773 | |
wolfSSL | 11:cee25a834751 | 774 | /* verify the padding until we find the separator */ |
wolfSSL | 11:cee25a834751 | 775 | if (padValue == RSA_BLOCK_TYPE_1) { |
wolfSSL | 11:cee25a834751 | 776 | while (i<pkcsBlockLen && pkcsBlock[i++] == 0xFF) {/* Null body */} |
wolfSSL | 11:cee25a834751 | 777 | } |
wolfSSL | 11:cee25a834751 | 778 | else { |
wolfSSL | 11:cee25a834751 | 779 | while (i<pkcsBlockLen && pkcsBlock[i++]) {/* Null body */} |
wolfSSL | 11:cee25a834751 | 780 | } |
wolfSSL | 11:cee25a834751 | 781 | |
wolfSSL | 11:cee25a834751 | 782 | if (!(i==pkcsBlockLen || pkcsBlock[i-1]==0)) { |
wolfSSL | 11:cee25a834751 | 783 | WOLFSSL_MSG("RsaUnPad error, bad formatting"); |
wolfSSL | 11:cee25a834751 | 784 | return RSA_PAD_E; |
wolfSSL | 11:cee25a834751 | 785 | } |
wolfSSL | 11:cee25a834751 | 786 | |
wolfSSL | 11:cee25a834751 | 787 | outputLen = pkcsBlockLen - i; |
wolfSSL | 11:cee25a834751 | 788 | invalid = (outputLen > maxOutputLen) || invalid; |
wolfSSL | 11:cee25a834751 | 789 | |
wolfSSL | 11:cee25a834751 | 790 | if (invalid) { |
wolfSSL | 11:cee25a834751 | 791 | WOLFSSL_MSG("RsaUnPad error, invalid formatting"); |
wolfSSL | 11:cee25a834751 | 792 | return RSA_PAD_E; |
wolfSSL | 11:cee25a834751 | 793 | } |
wolfSSL | 11:cee25a834751 | 794 | |
wolfSSL | 11:cee25a834751 | 795 | *output = (byte *)(pkcsBlock + i); |
wolfSSL | 11:cee25a834751 | 796 | return outputLen; |
wolfSSL | 11:cee25a834751 | 797 | } |
wolfSSL | 11:cee25a834751 | 798 | |
wolfSSL | 11:cee25a834751 | 799 | /* helper function to direct unpadding */ |
wolfSSL | 11:cee25a834751 | 800 | static int wc_RsaUnPad_ex(byte* pkcsBlock, word32 pkcsBlockLen, byte** out, |
wolfSSL | 11:cee25a834751 | 801 | byte padValue, int padType, enum wc_HashType hType, |
wolfSSL | 11:cee25a834751 | 802 | int mgf, byte* optLabel, word32 labelLen, void* heap) |
wolfSSL | 11:cee25a834751 | 803 | { |
wolfSSL | 11:cee25a834751 | 804 | int ret; |
wolfSSL | 11:cee25a834751 | 805 | |
wolfSSL | 11:cee25a834751 | 806 | switch (padType) { |
wolfSSL | 11:cee25a834751 | 807 | case WC_RSA_PKCSV15_PAD: |
wolfSSL | 11:cee25a834751 | 808 | /*WOLFSSL_MSG("wolfSSL Using RSA PKCSV15 un-padding");*/ |
wolfSSL | 11:cee25a834751 | 809 | ret = RsaUnPad(pkcsBlock, pkcsBlockLen, out, padValue); |
wolfSSL | 11:cee25a834751 | 810 | break; |
wolfSSL | 11:cee25a834751 | 811 | |
wolfSSL | 11:cee25a834751 | 812 | #ifndef WC_NO_RSA_OAEP |
wolfSSL | 11:cee25a834751 | 813 | case WC_RSA_OAEP_PAD: |
wolfSSL | 11:cee25a834751 | 814 | WOLFSSL_MSG("wolfSSL Using RSA OAEP un-padding"); |
wolfSSL | 11:cee25a834751 | 815 | ret = RsaUnPad_OAEP((byte*)pkcsBlock, pkcsBlockLen, out, |
wolfSSL | 11:cee25a834751 | 816 | hType, mgf, optLabel, labelLen, heap); |
wolfSSL | 11:cee25a834751 | 817 | break; |
wolfSSL | 11:cee25a834751 | 818 | #endif |
wolfSSL | 11:cee25a834751 | 819 | |
wolfSSL | 11:cee25a834751 | 820 | default: |
wolfSSL | 11:cee25a834751 | 821 | WOLFSSL_MSG("Unknown RSA UnPad Type"); |
wolfSSL | 11:cee25a834751 | 822 | ret = RSA_PAD_E; |
wolfSSL | 11:cee25a834751 | 823 | } |
wolfSSL | 11:cee25a834751 | 824 | |
wolfSSL | 11:cee25a834751 | 825 | /* silence warning if not used with padding scheme */ |
wolfSSL | 11:cee25a834751 | 826 | (void)hType; |
wolfSSL | 11:cee25a834751 | 827 | (void)mgf; |
wolfSSL | 11:cee25a834751 | 828 | (void)optLabel; |
wolfSSL | 11:cee25a834751 | 829 | (void)labelLen; |
wolfSSL | 11:cee25a834751 | 830 | (void)heap; |
wolfSSL | 11:cee25a834751 | 831 | |
wolfSSL | 11:cee25a834751 | 832 | return ret; |
wolfSSL | 11:cee25a834751 | 833 | } |
wolfSSL | 11:cee25a834751 | 834 | |
wolfSSL | 11:cee25a834751 | 835 | static int wc_RsaFunctionSync(const byte* in, word32 inLen, byte* out, |
wolfSSL | 11:cee25a834751 | 836 | word32* outLen, int type, RsaKey* key, WC_RNG* rng) |
wolfSSL | 11:cee25a834751 | 837 | { |
wolfSSL | 11:cee25a834751 | 838 | mp_int tmp; |
wolfSSL | 11:cee25a834751 | 839 | #ifdef WC_RSA_BLINDING |
wolfSSL | 11:cee25a834751 | 840 | mp_int rnd, rndi; |
wolfSSL | 11:cee25a834751 | 841 | #endif |
wolfSSL | 11:cee25a834751 | 842 | int ret = 0; |
wolfSSL | 11:cee25a834751 | 843 | word32 keyLen, len; |
wolfSSL | 11:cee25a834751 | 844 | |
wolfSSL | 11:cee25a834751 | 845 | (void)rng; |
wolfSSL | 11:cee25a834751 | 846 | |
wolfSSL | 11:cee25a834751 | 847 | if (mp_init(&tmp) != MP_OKAY) |
wolfSSL | 11:cee25a834751 | 848 | return MP_INIT_E; |
wolfSSL | 11:cee25a834751 | 849 | |
wolfSSL | 11:cee25a834751 | 850 | #ifdef WC_RSA_BLINDING |
wolfSSL | 11:cee25a834751 | 851 | if (type == RSA_PRIVATE_DECRYPT || type == RSA_PRIVATE_ENCRYPT) { |
wolfSSL | 11:cee25a834751 | 852 | if (mp_init_multi(&rnd, &rndi, NULL, NULL, NULL, NULL) != MP_OKAY) { |
wolfSSL | 11:cee25a834751 | 853 | mp_clear(&tmp); |
wolfSSL | 11:cee25a834751 | 854 | return MP_INIT_E; |
wolfSSL | 11:cee25a834751 | 855 | } |
wolfSSL | 11:cee25a834751 | 856 | } |
wolfSSL | 11:cee25a834751 | 857 | #endif |
wolfSSL | 11:cee25a834751 | 858 | |
wolfSSL | 11:cee25a834751 | 859 | if (mp_read_unsigned_bin(&tmp, (byte*)in, inLen) != MP_OKAY) |
wolfSSL | 11:cee25a834751 | 860 | ERROR_OUT(MP_READ_E); |
wolfSSL | 11:cee25a834751 | 861 | |
wolfSSL | 11:cee25a834751 | 862 | switch(type) { |
wolfSSL | 11:cee25a834751 | 863 | case RSA_PRIVATE_DECRYPT: |
wolfSSL | 11:cee25a834751 | 864 | case RSA_PRIVATE_ENCRYPT: |
wolfSSL | 11:cee25a834751 | 865 | { |
wolfSSL | 11:cee25a834751 | 866 | #ifdef WC_RSA_BLINDING |
wolfSSL | 11:cee25a834751 | 867 | /* blind */ |
wolfSSL | 11:cee25a834751 | 868 | ret = mp_rand(&rnd, get_digit_count(&key->n), rng); |
wolfSSL | 11:cee25a834751 | 869 | if (ret != MP_OKAY) |
wolfSSL | 11:cee25a834751 | 870 | goto done; |
wolfSSL | 11:cee25a834751 | 871 | |
wolfSSL | 11:cee25a834751 | 872 | /* rndi = 1/rnd mod n */ |
wolfSSL | 11:cee25a834751 | 873 | if (mp_invmod(&rnd, &key->n, &rndi) != MP_OKAY) |
wolfSSL | 11:cee25a834751 | 874 | ERROR_OUT(MP_INVMOD_E); |
wolfSSL | 11:cee25a834751 | 875 | |
wolfSSL | 11:cee25a834751 | 876 | /* rnd = rnd^e */ |
wolfSSL | 11:cee25a834751 | 877 | if (mp_exptmod(&rnd, &key->e, &key->n, &rnd) != MP_OKAY) |
wolfSSL | 11:cee25a834751 | 878 | ERROR_OUT(MP_EXPTMOD_E); |
wolfSSL | 11:cee25a834751 | 879 | |
wolfSSL | 11:cee25a834751 | 880 | /* tmp = tmp*rnd mod n */ |
wolfSSL | 11:cee25a834751 | 881 | if (mp_mulmod(&tmp, &rnd, &key->n, &tmp) != MP_OKAY) |
wolfSSL | 11:cee25a834751 | 882 | ERROR_OUT(MP_MULMOD_E); |
wolfSSL | 11:cee25a834751 | 883 | #endif /* WC_RSA_BLINGING */ |
wolfSSL | 11:cee25a834751 | 884 | |
wolfSSL | 11:cee25a834751 | 885 | #ifdef RSA_LOW_MEM /* half as much memory but twice as slow */ |
wolfSSL | 11:cee25a834751 | 886 | if (mp_exptmod(&tmp, &key->d, &key->n, &tmp) != MP_OKAY) |
wolfSSL | 11:cee25a834751 | 887 | ERROR_OUT(MP_EXPTMOD_E); |
wolfSSL | 11:cee25a834751 | 888 | #else |
wolfSSL | 11:cee25a834751 | 889 | /* Return 0 when cond is false and n when cond is true. */ |
wolfSSL | 11:cee25a834751 | 890 | #define COND_N(cond, n) ((0 - (cond)) & (n)) |
wolfSSL | 11:cee25a834751 | 891 | /* If ret has an error value return it otherwise if r is OK then return |
wolfSSL | 11:cee25a834751 | 892 | * 0 otherwise return e. |
wolfSSL | 11:cee25a834751 | 893 | */ |
wolfSSL | 11:cee25a834751 | 894 | #define RET_ERR(ret, r, e) \ |
wolfSSL | 11:cee25a834751 | 895 | ((ret) | (COND_N((ret) == 0, COND_N((r) != MP_OKAY, (e))))) |
wolfSSL | 11:cee25a834751 | 896 | |
wolfSSL | 11:cee25a834751 | 897 | { /* tmpa/b scope */ |
wolfSSL | 11:cee25a834751 | 898 | mp_int tmpa, tmpb; |
wolfSSL | 11:cee25a834751 | 899 | int r; |
wolfSSL | 11:cee25a834751 | 900 | |
wolfSSL | 11:cee25a834751 | 901 | if (mp_init(&tmpa) != MP_OKAY) |
wolfSSL | 11:cee25a834751 | 902 | ERROR_OUT(MP_INIT_E); |
wolfSSL | 11:cee25a834751 | 903 | |
wolfSSL | 11:cee25a834751 | 904 | if (mp_init(&tmpb) != MP_OKAY) { |
wolfSSL | 11:cee25a834751 | 905 | mp_clear(&tmpa); |
wolfSSL | 11:cee25a834751 | 906 | ERROR_OUT(MP_INIT_E); |
wolfSSL | 11:cee25a834751 | 907 | } |
wolfSSL | 11:cee25a834751 | 908 | |
wolfSSL | 11:cee25a834751 | 909 | /* tmpa = tmp^dP mod p */ |
wolfSSL | 11:cee25a834751 | 910 | r = mp_exptmod(&tmp, &key->dP, &key->p, &tmpa); |
wolfSSL | 11:cee25a834751 | 911 | ret = RET_ERR(ret, r, MP_EXPTMOD_E); |
wolfSSL | 11:cee25a834751 | 912 | |
wolfSSL | 11:cee25a834751 | 913 | /* tmpb = tmp^dQ mod q */ |
wolfSSL | 11:cee25a834751 | 914 | r = mp_exptmod(&tmp, &key->dQ, &key->q, &tmpb); |
wolfSSL | 11:cee25a834751 | 915 | ret = RET_ERR(ret, r, MP_EXPTMOD_E); |
wolfSSL | 11:cee25a834751 | 916 | |
wolfSSL | 11:cee25a834751 | 917 | /* tmp = (tmpa - tmpb) * qInv (mod p) */ |
wolfSSL | 11:cee25a834751 | 918 | r = mp_sub(&tmpa, &tmpb, &tmp); |
wolfSSL | 11:cee25a834751 | 919 | ret = RET_ERR(ret, r, MP_SUB_E); |
wolfSSL | 11:cee25a834751 | 920 | |
wolfSSL | 11:cee25a834751 | 921 | r = mp_mulmod(&tmp, &key->u, &key->p, &tmp); |
wolfSSL | 11:cee25a834751 | 922 | ret = RET_ERR(ret, r, MP_MULMOD_E); |
wolfSSL | 11:cee25a834751 | 923 | |
wolfSSL | 11:cee25a834751 | 924 | /* tmp = tmpb + q * tmp */ |
wolfSSL | 11:cee25a834751 | 925 | r = mp_mul(&tmp, &key->q, &tmp); |
wolfSSL | 11:cee25a834751 | 926 | ret = RET_ERR(ret, r, MP_MUL_E); |
wolfSSL | 11:cee25a834751 | 927 | |
wolfSSL | 11:cee25a834751 | 928 | r = mp_add(&tmp, &tmpb, &tmp); |
wolfSSL | 11:cee25a834751 | 929 | ret = RET_ERR(ret, r, MP_ADD_E); |
wolfSSL | 11:cee25a834751 | 930 | |
wolfSSL | 11:cee25a834751 | 931 | mp_clear(&tmpa); |
wolfSSL | 11:cee25a834751 | 932 | mp_clear(&tmpb); |
wolfSSL | 11:cee25a834751 | 933 | |
wolfSSL | 11:cee25a834751 | 934 | if (ret != 0) { |
wolfSSL | 11:cee25a834751 | 935 | goto done; |
wolfSSL | 11:cee25a834751 | 936 | } |
wolfSSL | 11:cee25a834751 | 937 | #undef RET_ERR |
wolfSSL | 11:cee25a834751 | 938 | #undef COND_N |
wolfSSL | 11:cee25a834751 | 939 | } /* tmpa/b scope */ |
wolfSSL | 11:cee25a834751 | 940 | #endif /* RSA_LOW_MEM */ |
wolfSSL | 11:cee25a834751 | 941 | |
wolfSSL | 11:cee25a834751 | 942 | #ifdef WC_RSA_BLINDING |
wolfSSL | 11:cee25a834751 | 943 | /* unblind */ |
wolfSSL | 11:cee25a834751 | 944 | if (mp_mulmod(&tmp, &rndi, &key->n, &tmp) != MP_OKAY) |
wolfSSL | 11:cee25a834751 | 945 | ERROR_OUT(MP_MULMOD_E); |
wolfSSL | 11:cee25a834751 | 946 | #endif /* WC_RSA_BLINDING */ |
wolfSSL | 11:cee25a834751 | 947 | |
wolfSSL | 11:cee25a834751 | 948 | break; |
wolfSSL | 11:cee25a834751 | 949 | } |
wolfSSL | 11:cee25a834751 | 950 | case RSA_PUBLIC_ENCRYPT: |
wolfSSL | 11:cee25a834751 | 951 | case RSA_PUBLIC_DECRYPT: |
wolfSSL | 11:cee25a834751 | 952 | if (mp_exptmod(&tmp, &key->e, &key->n, &tmp) != MP_OKAY) |
wolfSSL | 11:cee25a834751 | 953 | ERROR_OUT(MP_EXPTMOD_E); |
wolfSSL | 11:cee25a834751 | 954 | break; |
wolfSSL | 11:cee25a834751 | 955 | default: |
wolfSSL | 11:cee25a834751 | 956 | ERROR_OUT(RSA_WRONG_TYPE_E); |
wolfSSL | 11:cee25a834751 | 957 | } |
wolfSSL | 11:cee25a834751 | 958 | |
wolfSSL | 11:cee25a834751 | 959 | keyLen = wc_RsaEncryptSize(key); |
wolfSSL | 11:cee25a834751 | 960 | if (keyLen > *outLen) { |
wolfSSL | 11:cee25a834751 | 961 | ERROR_OUT(RSA_BUFFER_E); |
wolfSSL | 11:cee25a834751 | 962 | } |
wolfSSL | 11:cee25a834751 | 963 | |
wolfSSL | 11:cee25a834751 | 964 | len = mp_unsigned_bin_size(&tmp); |
wolfSSL | 11:cee25a834751 | 965 | |
wolfSSL | 11:cee25a834751 | 966 | /* pad front w/ zeros to match key length */ |
wolfSSL | 11:cee25a834751 | 967 | while (len < keyLen) { |
wolfSSL | 11:cee25a834751 | 968 | *out++ = 0x00; |
wolfSSL | 11:cee25a834751 | 969 | len++; |
wolfSSL | 11:cee25a834751 | 970 | } |
wolfSSL | 11:cee25a834751 | 971 | |
wolfSSL | 11:cee25a834751 | 972 | *outLen = keyLen; |
wolfSSL | 11:cee25a834751 | 973 | |
wolfSSL | 11:cee25a834751 | 974 | /* convert */ |
wolfSSL | 11:cee25a834751 | 975 | if (mp_to_unsigned_bin(&tmp, out) != MP_OKAY) |
wolfSSL | 11:cee25a834751 | 976 | ERROR_OUT(MP_TO_E); |
wolfSSL | 11:cee25a834751 | 977 | |
wolfSSL | 11:cee25a834751 | 978 | done: |
wolfSSL | 11:cee25a834751 | 979 | mp_clear(&tmp); |
wolfSSL | 11:cee25a834751 | 980 | #ifdef WC_RSA_BLINDING |
wolfSSL | 11:cee25a834751 | 981 | if (type == RSA_PRIVATE_DECRYPT || type == RSA_PRIVATE_ENCRYPT) { |
wolfSSL | 11:cee25a834751 | 982 | mp_clear(&rndi); |
wolfSSL | 11:cee25a834751 | 983 | mp_clear(&rnd); |
wolfSSL | 11:cee25a834751 | 984 | } |
wolfSSL | 11:cee25a834751 | 985 | #endif |
wolfSSL | 11:cee25a834751 | 986 | return ret; |
wolfSSL | 11:cee25a834751 | 987 | } |
wolfSSL | 11:cee25a834751 | 988 | |
wolfSSL | 11:cee25a834751 | 989 | #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_RSA) |
wolfSSL | 11:cee25a834751 | 990 | static int wc_RsaFunctionAsync(const byte* in, word32 inLen, byte* out, |
wolfSSL | 11:cee25a834751 | 991 | word32* outLen, int type, RsaKey* key, WC_RNG* rng) |
wolfSSL | 11:cee25a834751 | 992 | { |
wolfSSL | 11:cee25a834751 | 993 | int ret = 0; |
wolfSSL | 11:cee25a834751 | 994 | |
wolfSSL | 11:cee25a834751 | 995 | (void)rng; |
wolfSSL | 11:cee25a834751 | 996 | |
wolfSSL | 11:cee25a834751 | 997 | #ifdef WOLFSSL_ASYNC_CRYPT_TEST |
wolfSSL | 11:cee25a834751 | 998 | WC_ASYNC_TEST* testDev = &key->asyncDev.test; |
wolfSSL | 11:cee25a834751 | 999 | if (testDev->type == ASYNC_TEST_NONE) { |
wolfSSL | 11:cee25a834751 | 1000 | testDev->type = ASYNC_TEST_RSA_FUNC; |
wolfSSL | 11:cee25a834751 | 1001 | testDev->rsaFunc.in = in; |
wolfSSL | 11:cee25a834751 | 1002 | testDev->rsaFunc.inSz = inLen; |
wolfSSL | 11:cee25a834751 | 1003 | testDev->rsaFunc.out = out; |
wolfSSL | 11:cee25a834751 | 1004 | testDev->rsaFunc.outSz = outLen; |
wolfSSL | 11:cee25a834751 | 1005 | testDev->rsaFunc.type = type; |
wolfSSL | 11:cee25a834751 | 1006 | testDev->rsaFunc.key = key; |
wolfSSL | 11:cee25a834751 | 1007 | testDev->rsaFunc.rng = rng; |
wolfSSL | 11:cee25a834751 | 1008 | return WC_PENDING_E; |
wolfSSL | 11:cee25a834751 | 1009 | } |
wolfSSL | 11:cee25a834751 | 1010 | #endif /* WOLFSSL_ASYNC_CRYPT_TEST */ |
wolfSSL | 11:cee25a834751 | 1011 | |
wolfSSL | 11:cee25a834751 | 1012 | switch(type) { |
wolfSSL | 11:cee25a834751 | 1013 | case RSA_PRIVATE_DECRYPT: |
wolfSSL | 11:cee25a834751 | 1014 | case RSA_PRIVATE_ENCRYPT: |
wolfSSL | 11:cee25a834751 | 1015 | #ifdef HAVE_CAVIUM |
wolfSSL | 11:cee25a834751 | 1016 | ret = NitroxRsaExptMod(in, inLen, |
wolfSSL | 11:cee25a834751 | 1017 | key->d.raw.buf, key->d.raw.len, |
wolfSSL | 11:cee25a834751 | 1018 | key->n.raw.buf, key->n.raw.len, |
wolfSSL | 11:cee25a834751 | 1019 | out, outLen, key); |
wolfSSL | 11:cee25a834751 | 1020 | #elif defined(HAVE_INTEL_QA) |
wolfSSL | 11:cee25a834751 | 1021 | #ifdef RSA_LOW_MEM |
wolfSSL | 11:cee25a834751 | 1022 | ret = IntelQaRsaPrivate(&key->asyncDev, in, inLen, |
wolfSSL | 11:cee25a834751 | 1023 | &key->d.raw, &key->n.raw, |
wolfSSL | 11:cee25a834751 | 1024 | out, outLen); |
wolfSSL | 11:cee25a834751 | 1025 | #else |
wolfSSL | 11:cee25a834751 | 1026 | ret = IntelQaRsaCrtPrivate(&key->asyncDev, in, inLen, |
wolfSSL | 11:cee25a834751 | 1027 | &key->p.raw, &key->q.raw, |
wolfSSL | 11:cee25a834751 | 1028 | &key->dP.raw, &key->dQ.raw, |
wolfSSL | 11:cee25a834751 | 1029 | &key->u.raw, |
wolfSSL | 11:cee25a834751 | 1030 | out, outLen); |
wolfSSL | 11:cee25a834751 | 1031 | #endif |
wolfSSL | 11:cee25a834751 | 1032 | #else /* WOLFSSL_ASYNC_CRYPT_TEST */ |
wolfSSL | 11:cee25a834751 | 1033 | ret = wc_RsaFunctionSync(in, inLen, out, outLen, type, key, rng); |
wolfSSL | 11:cee25a834751 | 1034 | #endif |
wolfSSL | 11:cee25a834751 | 1035 | break; |
wolfSSL | 11:cee25a834751 | 1036 | |
wolfSSL | 11:cee25a834751 | 1037 | case RSA_PUBLIC_ENCRYPT: |
wolfSSL | 11:cee25a834751 | 1038 | case RSA_PUBLIC_DECRYPT: |
wolfSSL | 11:cee25a834751 | 1039 | #ifdef HAVE_CAVIUM |
wolfSSL | 11:cee25a834751 | 1040 | ret = NitroxRsaExptMod(in, inLen, |
wolfSSL | 11:cee25a834751 | 1041 | key->e.raw.buf, key->e.raw.len, |
wolfSSL | 11:cee25a834751 | 1042 | key->n.raw.buf, key->n.raw.len, |
wolfSSL | 11:cee25a834751 | 1043 | out, outLen, key); |
wolfSSL | 11:cee25a834751 | 1044 | #elif defined(HAVE_INTEL_QA) |
wolfSSL | 11:cee25a834751 | 1045 | ret = IntelQaRsaPublic(&key->asyncDev, in, inLen, |
wolfSSL | 11:cee25a834751 | 1046 | &key->e.raw, &key->n.raw, |
wolfSSL | 11:cee25a834751 | 1047 | out, outLen); |
wolfSSL | 11:cee25a834751 | 1048 | #else /* WOLFSSL_ASYNC_CRYPT_TEST */ |
wolfSSL | 11:cee25a834751 | 1049 | ret = wc_RsaFunctionSync(in, inLen, out, outLen, type, key, rng); |
wolfSSL | 11:cee25a834751 | 1050 | #endif |
wolfSSL | 11:cee25a834751 | 1051 | break; |
wolfSSL | 11:cee25a834751 | 1052 | |
wolfSSL | 11:cee25a834751 | 1053 | default: |
wolfSSL | 11:cee25a834751 | 1054 | ret = RSA_WRONG_TYPE_E; |
wolfSSL | 11:cee25a834751 | 1055 | } |
wolfSSL | 11:cee25a834751 | 1056 | |
wolfSSL | 11:cee25a834751 | 1057 | return ret; |
wolfSSL | 11:cee25a834751 | 1058 | } |
wolfSSL | 11:cee25a834751 | 1059 | #endif /* WOLFSSL_ASYNC_CRYPT && WC_ASYNC_ENABLE_RSA */ |
wolfSSL | 11:cee25a834751 | 1060 | |
wolfSSL | 11:cee25a834751 | 1061 | int wc_RsaFunction(const byte* in, word32 inLen, byte* out, |
wolfSSL | 11:cee25a834751 | 1062 | word32* outLen, int type, RsaKey* key, WC_RNG* rng) |
wolfSSL | 11:cee25a834751 | 1063 | { |
wolfSSL | 11:cee25a834751 | 1064 | int ret; |
wolfSSL | 11:cee25a834751 | 1065 | |
wolfSSL | 11:cee25a834751 | 1066 | if (key == NULL || in == NULL || inLen == 0 || out == NULL || |
wolfSSL | 11:cee25a834751 | 1067 | outLen == NULL || *outLen == 0 || type == RSA_TYPE_UNKNOWN) { |
wolfSSL | 11:cee25a834751 | 1068 | return BAD_FUNC_ARG; |
wolfSSL | 11:cee25a834751 | 1069 | } |
wolfSSL | 11:cee25a834751 | 1070 | |
wolfSSL | 11:cee25a834751 | 1071 | #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_RSA) |
wolfSSL | 11:cee25a834751 | 1072 | if (key->asyncDev.marker == WOLFSSL_ASYNC_MARKER_RSA && |
wolfSSL | 11:cee25a834751 | 1073 | key->n.raw.len > 0) { |
wolfSSL | 11:cee25a834751 | 1074 | ret = wc_RsaFunctionAsync(in, inLen, out, outLen, type, key, rng); |
wolfSSL | 11:cee25a834751 | 1075 | } |
wolfSSL | 11:cee25a834751 | 1076 | else |
wolfSSL | 11:cee25a834751 | 1077 | #endif |
wolfSSL | 11:cee25a834751 | 1078 | { |
wolfSSL | 11:cee25a834751 | 1079 | ret = wc_RsaFunctionSync(in, inLen, out, outLen, type, key, rng); |
wolfSSL | 11:cee25a834751 | 1080 | } |
wolfSSL | 11:cee25a834751 | 1081 | |
wolfSSL | 11:cee25a834751 | 1082 | /* handle error */ |
wolfSSL | 11:cee25a834751 | 1083 | if (ret < 0 && ret != WC_PENDING_E) { |
wolfSSL | 11:cee25a834751 | 1084 | if (ret == MP_EXPTMOD_E) { |
wolfSSL | 11:cee25a834751 | 1085 | /* This can happen due to incorrectly set FP_MAX_BITS or missing XREALLOC */ |
wolfSSL | 11:cee25a834751 | 1086 | WOLFSSL_MSG("RSA_FUNCTION MP_EXPTMOD_E: memory/config problem"); |
wolfSSL | 11:cee25a834751 | 1087 | } |
wolfSSL | 11:cee25a834751 | 1088 | |
wolfSSL | 11:cee25a834751 | 1089 | key->state = RSA_STATE_NONE; |
wolfSSL | 11:cee25a834751 | 1090 | wc_RsaCleanup(key); |
wolfSSL | 11:cee25a834751 | 1091 | } |
wolfSSL | 11:cee25a834751 | 1092 | |
wolfSSL | 11:cee25a834751 | 1093 | return ret; |
wolfSSL | 11:cee25a834751 | 1094 | } |
wolfSSL | 11:cee25a834751 | 1095 | |
wolfSSL | 11:cee25a834751 | 1096 | |
wolfSSL | 11:cee25a834751 | 1097 | /* Internal Wrappers */ |
wolfSSL | 11:cee25a834751 | 1098 | /* Gives the option of choosing padding type |
wolfSSL | 11:cee25a834751 | 1099 | in : input to be encrypted |
wolfSSL | 11:cee25a834751 | 1100 | inLen: length of input buffer |
wolfSSL | 11:cee25a834751 | 1101 | out: encrypted output |
wolfSSL | 11:cee25a834751 | 1102 | outLen: length of encrypted output buffer |
wolfSSL | 11:cee25a834751 | 1103 | key : wolfSSL initialized RSA key struct |
wolfSSL | 11:cee25a834751 | 1104 | rng : wolfSSL initialized random number struct |
wolfSSL | 11:cee25a834751 | 1105 | rsa_type : type of RSA: RSA_PUBLIC_ENCRYPT, RSA_PUBLIC_DECRYPT, |
wolfSSL | 11:cee25a834751 | 1106 | RSA_PRIVATE_ENCRYPT or RSA_PRIVATE_DECRYPT |
wolfSSL | 11:cee25a834751 | 1107 | pad_value: RSA_BLOCK_TYPE_1 or RSA_BLOCK_TYPE_2 |
wolfSSL | 11:cee25a834751 | 1108 | pad_type : type of padding: WC_RSA_PKCSV15_PAD or WC_RSA_OAEP_PAD |
wolfSSL | 11:cee25a834751 | 1109 | hash : type of hash algorithm to use found in wolfssl/wolfcrypt/hash.h |
wolfSSL | 11:cee25a834751 | 1110 | mgf : type of mask generation function to use |
wolfSSL | 11:cee25a834751 | 1111 | label : optional label |
wolfSSL | 11:cee25a834751 | 1112 | labelSz : size of optional label buffer */ |
wolfSSL | 11:cee25a834751 | 1113 | static int RsaPublicEncryptEx(const byte* in, word32 inLen, byte* out, |
wolfSSL | 11:cee25a834751 | 1114 | word32 outLen, RsaKey* key, int rsa_type, |
wolfSSL | 11:cee25a834751 | 1115 | byte pad_value, int pad_type, |
wolfSSL | 11:cee25a834751 | 1116 | enum wc_HashType hash, int mgf, |
wolfSSL | 11:cee25a834751 | 1117 | byte* label, word32 labelSz, WC_RNG* rng) |
wolfSSL | 11:cee25a834751 | 1118 | { |
wolfSSL | 11:cee25a834751 | 1119 | int ret, sz; |
wolfSSL | 11:cee25a834751 | 1120 | |
wolfSSL | 11:cee25a834751 | 1121 | if (in == NULL || inLen == 0 || out == NULL || key == NULL) { |
wolfSSL | 11:cee25a834751 | 1122 | return BAD_FUNC_ARG; |
wolfSSL | 11:cee25a834751 | 1123 | } |
wolfSSL | 11:cee25a834751 | 1124 | |
wolfSSL | 11:cee25a834751 | 1125 | sz = wc_RsaEncryptSize(key); |
wolfSSL | 11:cee25a834751 | 1126 | if (sz > (int)outLen) { |
wolfSSL | 11:cee25a834751 | 1127 | return RSA_BUFFER_E; |
wolfSSL | 11:cee25a834751 | 1128 | } |
wolfSSL | 11:cee25a834751 | 1129 | |
wolfSSL | 11:cee25a834751 | 1130 | if (sz < RSA_MIN_PAD_SZ) { |
wolfSSL | 11:cee25a834751 | 1131 | return WC_KEY_SIZE_E; |
wolfSSL | 11:cee25a834751 | 1132 | } |
wolfSSL | 11:cee25a834751 | 1133 | |
wolfSSL | 11:cee25a834751 | 1134 | if (inLen > (word32)(sz - RSA_MIN_PAD_SZ)) { |
wolfSSL | 11:cee25a834751 | 1135 | return RSA_BUFFER_E; |
wolfSSL | 11:cee25a834751 | 1136 | } |
wolfSSL | 11:cee25a834751 | 1137 | |
wolfSSL | 11:cee25a834751 | 1138 | switch (key->state) { |
wolfSSL | 11:cee25a834751 | 1139 | case RSA_STATE_NONE: |
wolfSSL | 11:cee25a834751 | 1140 | case RSA_STATE_ENCRYPT_PAD: |
wolfSSL | 11:cee25a834751 | 1141 | key->state = RSA_STATE_ENCRYPT_PAD; |
wolfSSL | 11:cee25a834751 | 1142 | |
wolfSSL | 11:cee25a834751 | 1143 | #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_RSA) && \ |
wolfSSL | 11:cee25a834751 | 1144 | defined(HAVE_CAVIUM) |
wolfSSL | 11:cee25a834751 | 1145 | if (key->asyncDev.marker == WOLFSSL_ASYNC_MARKER_RSA && key->n.raw.buf) { |
wolfSSL | 11:cee25a834751 | 1146 | /* Async operations that include padding */ |
wolfSSL | 11:cee25a834751 | 1147 | if (rsa_type == RSA_PUBLIC_ENCRYPT && |
wolfSSL | 11:cee25a834751 | 1148 | pad_value == RSA_BLOCK_TYPE_2) { |
wolfSSL | 11:cee25a834751 | 1149 | key->state = RSA_STATE_ENCRYPT_RES; |
wolfSSL | 11:cee25a834751 | 1150 | key->dataLen = key->n.raw.len; |
wolfSSL | 11:cee25a834751 | 1151 | return NitroxRsaPublicEncrypt(in, inLen, out, outLen, key); |
wolfSSL | 11:cee25a834751 | 1152 | } |
wolfSSL | 11:cee25a834751 | 1153 | else if (rsa_type == RSA_PRIVATE_ENCRYPT && |
wolfSSL | 11:cee25a834751 | 1154 | pad_value == RSA_BLOCK_TYPE_1) { |
wolfSSL | 11:cee25a834751 | 1155 | key->state = RSA_STATE_ENCRYPT_RES; |
wolfSSL | 11:cee25a834751 | 1156 | key->dataLen = key->n.raw.len; |
wolfSSL | 11:cee25a834751 | 1157 | return NitroxRsaSSL_Sign(in, inLen, out, outLen, key); |
wolfSSL | 11:cee25a834751 | 1158 | } |
wolfSSL | 11:cee25a834751 | 1159 | } |
wolfSSL | 11:cee25a834751 | 1160 | #endif |
wolfSSL | 11:cee25a834751 | 1161 | |
wolfSSL | 11:cee25a834751 | 1162 | ret = wc_RsaPad_ex(in, inLen, out, sz, pad_value, rng, pad_type, hash, |
wolfSSL | 11:cee25a834751 | 1163 | mgf, label, labelSz, key->heap); |
wolfSSL | 11:cee25a834751 | 1164 | if (ret < 0) { |
wolfSSL | 11:cee25a834751 | 1165 | break; |
wolfSSL | 11:cee25a834751 | 1166 | } |
wolfSSL | 11:cee25a834751 | 1167 | |
wolfSSL | 11:cee25a834751 | 1168 | key->state = RSA_STATE_ENCRYPT_EXPTMOD; |
wolfSSL | 11:cee25a834751 | 1169 | /* fall through */ |
wolfSSL | 11:cee25a834751 | 1170 | |
wolfSSL | 11:cee25a834751 | 1171 | case RSA_STATE_ENCRYPT_EXPTMOD: |
wolfSSL | 11:cee25a834751 | 1172 | |
wolfSSL | 11:cee25a834751 | 1173 | key->dataLen = outLen; |
wolfSSL | 11:cee25a834751 | 1174 | ret = wc_RsaFunction(out, sz, out, &key->dataLen, rsa_type, key, rng); |
wolfSSL | 11:cee25a834751 | 1175 | |
wolfSSL | 11:cee25a834751 | 1176 | if (ret >= 0 || ret == WC_PENDING_E) { |
wolfSSL | 11:cee25a834751 | 1177 | key->state = RSA_STATE_ENCRYPT_RES; |
wolfSSL | 11:cee25a834751 | 1178 | } |
wolfSSL | 11:cee25a834751 | 1179 | if (ret < 0) { |
wolfSSL | 11:cee25a834751 | 1180 | break; |
wolfSSL | 11:cee25a834751 | 1181 | } |
wolfSSL | 11:cee25a834751 | 1182 | |
wolfSSL | 11:cee25a834751 | 1183 | /* fall through */ |
wolfSSL | 11:cee25a834751 | 1184 | |
wolfSSL | 11:cee25a834751 | 1185 | case RSA_STATE_ENCRYPT_RES: |
wolfSSL | 11:cee25a834751 | 1186 | ret = key->dataLen; |
wolfSSL | 11:cee25a834751 | 1187 | break; |
wolfSSL | 11:cee25a834751 | 1188 | |
wolfSSL | 11:cee25a834751 | 1189 | default: |
wolfSSL | 11:cee25a834751 | 1190 | ret = BAD_STATE_E; |
wolfSSL | 11:cee25a834751 | 1191 | break; |
wolfSSL | 11:cee25a834751 | 1192 | } |
wolfSSL | 11:cee25a834751 | 1193 | |
wolfSSL | 11:cee25a834751 | 1194 | /* if async pending then return and skip done cleanup below */ |
wolfSSL | 11:cee25a834751 | 1195 | if (ret == WC_PENDING_E) { |
wolfSSL | 11:cee25a834751 | 1196 | return ret; |
wolfSSL | 11:cee25a834751 | 1197 | } |
wolfSSL | 11:cee25a834751 | 1198 | |
wolfSSL | 11:cee25a834751 | 1199 | key->state = RSA_STATE_NONE; |
wolfSSL | 11:cee25a834751 | 1200 | wc_RsaCleanup(key); |
wolfSSL | 11:cee25a834751 | 1201 | |
wolfSSL | 11:cee25a834751 | 1202 | return ret; |
wolfSSL | 11:cee25a834751 | 1203 | } |
wolfSSL | 11:cee25a834751 | 1204 | |
wolfSSL | 11:cee25a834751 | 1205 | /* Gives the option of choosing padding type |
wolfSSL | 11:cee25a834751 | 1206 | in : input to be decrypted |
wolfSSL | 11:cee25a834751 | 1207 | inLen: length of input buffer |
wolfSSL | 11:cee25a834751 | 1208 | out: decrypted message |
wolfSSL | 11:cee25a834751 | 1209 | outLen: length of decrypted message in bytes |
wolfSSL | 11:cee25a834751 | 1210 | outPtr: optional inline output pointer (if provided doing inline) |
wolfSSL | 11:cee25a834751 | 1211 | key : wolfSSL initialized RSA key struct |
wolfSSL | 11:cee25a834751 | 1212 | rsa_type : type of RSA: RSA_PUBLIC_ENCRYPT, RSA_PUBLIC_DECRYPT, |
wolfSSL | 11:cee25a834751 | 1213 | RSA_PRIVATE_ENCRYPT or RSA_PRIVATE_DECRYPT |
wolfSSL | 11:cee25a834751 | 1214 | pad_value: RSA_BLOCK_TYPE_1 or RSA_BLOCK_TYPE_2 |
wolfSSL | 11:cee25a834751 | 1215 | pad_type : type of padding: WC_RSA_PKCSV15_PAD or WC_RSA_OAEP_PAD |
wolfSSL | 11:cee25a834751 | 1216 | hash : type of hash algorithm to use found in wolfssl/wolfcrypt/hash.h |
wolfSSL | 11:cee25a834751 | 1217 | mgf : type of mask generation function to use |
wolfSSL | 11:cee25a834751 | 1218 | label : optional label |
wolfSSL | 11:cee25a834751 | 1219 | labelSz : size of optional label buffer */ |
wolfSSL | 11:cee25a834751 | 1220 | static int RsaPrivateDecryptEx(byte* in, word32 inLen, byte* out, |
wolfSSL | 11:cee25a834751 | 1221 | word32 outLen, byte** outPtr, RsaKey* key, |
wolfSSL | 11:cee25a834751 | 1222 | int rsa_type, byte pad_value, int pad_type, |
wolfSSL | 11:cee25a834751 | 1223 | enum wc_HashType hash, int mgf, |
wolfSSL | 11:cee25a834751 | 1224 | byte* label, word32 labelSz, WC_RNG* rng) |
wolfSSL | 11:cee25a834751 | 1225 | { |
wolfSSL | 11:cee25a834751 | 1226 | int ret = RSA_WRONG_TYPE_E; |
wolfSSL | 11:cee25a834751 | 1227 | |
wolfSSL | 11:cee25a834751 | 1228 | if (in == NULL || inLen == 0 || out == NULL || key == NULL) { |
wolfSSL | 11:cee25a834751 | 1229 | return BAD_FUNC_ARG; |
wolfSSL | 11:cee25a834751 | 1230 | } |
wolfSSL | 11:cee25a834751 | 1231 | |
wolfSSL | 11:cee25a834751 | 1232 | switch (key->state) { |
wolfSSL | 11:cee25a834751 | 1233 | case RSA_STATE_NONE: |
wolfSSL | 11:cee25a834751 | 1234 | case RSA_STATE_DECRYPT_EXPTMOD: |
wolfSSL | 11:cee25a834751 | 1235 | key->state = RSA_STATE_DECRYPT_EXPTMOD; |
wolfSSL | 11:cee25a834751 | 1236 | key->dataLen = inLen; |
wolfSSL | 11:cee25a834751 | 1237 | |
wolfSSL | 11:cee25a834751 | 1238 | #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_RSA) && \ |
wolfSSL | 11:cee25a834751 | 1239 | defined(HAVE_CAVIUM) |
wolfSSL | 11:cee25a834751 | 1240 | /* Async operations that include padding */ |
wolfSSL | 11:cee25a834751 | 1241 | if (key->asyncDev.marker == WOLFSSL_ASYNC_MARKER_RSA) { |
wolfSSL | 11:cee25a834751 | 1242 | if (rsa_type == RSA_PRIVATE_DECRYPT && |
wolfSSL | 11:cee25a834751 | 1243 | pad_value == RSA_BLOCK_TYPE_2) { |
wolfSSL | 11:cee25a834751 | 1244 | key->state = RSA_STATE_DECRYPT_RES; |
wolfSSL | 11:cee25a834751 | 1245 | key->data = NULL; |
wolfSSL | 11:cee25a834751 | 1246 | if (outPtr) |
wolfSSL | 11:cee25a834751 | 1247 | *outPtr = in; |
wolfSSL | 11:cee25a834751 | 1248 | return NitroxRsaPrivateDecrypt(in, inLen, out, &key->dataLen, key); |
wolfSSL | 11:cee25a834751 | 1249 | } |
wolfSSL | 11:cee25a834751 | 1250 | else if (rsa_type == RSA_PUBLIC_DECRYPT && |
wolfSSL | 11:cee25a834751 | 1251 | pad_value == RSA_BLOCK_TYPE_1) { |
wolfSSL | 11:cee25a834751 | 1252 | key->state = RSA_STATE_DECRYPT_RES; |
wolfSSL | 11:cee25a834751 | 1253 | key->data = NULL; |
wolfSSL | 11:cee25a834751 | 1254 | return NitroxRsaSSL_Verify(in, inLen, out, &key->dataLen, key); |
wolfSSL | 11:cee25a834751 | 1255 | } |
wolfSSL | 11:cee25a834751 | 1256 | } |
wolfSSL | 11:cee25a834751 | 1257 | #endif |
wolfSSL | 11:cee25a834751 | 1258 | |
wolfSSL | 11:cee25a834751 | 1259 | /* verify the tmp ptr is NULL, otherwise indicates bad state */ |
wolfSSL | 11:cee25a834751 | 1260 | if (key->data != NULL) { |
wolfSSL | 11:cee25a834751 | 1261 | ret = BAD_STATE_E; |
wolfSSL | 11:cee25a834751 | 1262 | break; |
wolfSSL | 11:cee25a834751 | 1263 | } |
wolfSSL | 11:cee25a834751 | 1264 | |
wolfSSL | 11:cee25a834751 | 1265 | /* if not doing this inline then allocate a buffer for it */ |
wolfSSL | 11:cee25a834751 | 1266 | if (outPtr == NULL) { |
wolfSSL | 11:cee25a834751 | 1267 | key->data = (byte*)XMALLOC(inLen, key->heap, DYNAMIC_TYPE_WOLF_BIGINT); |
wolfSSL | 11:cee25a834751 | 1268 | key->dataIsAlloc = 1; |
wolfSSL | 11:cee25a834751 | 1269 | if (key->data == NULL) { |
wolfSSL | 11:cee25a834751 | 1270 | ret = MEMORY_E; |
wolfSSL | 11:cee25a834751 | 1271 | break; |
wolfSSL | 11:cee25a834751 | 1272 | } |
wolfSSL | 11:cee25a834751 | 1273 | XMEMCPY(key->data, in, inLen); |
wolfSSL | 11:cee25a834751 | 1274 | } |
wolfSSL | 11:cee25a834751 | 1275 | else { |
wolfSSL | 11:cee25a834751 | 1276 | key->data = out; |
wolfSSL | 11:cee25a834751 | 1277 | } |
wolfSSL | 11:cee25a834751 | 1278 | ret = wc_RsaFunction(key->data, inLen, key->data, &key->dataLen, rsa_type, |
wolfSSL | 11:cee25a834751 | 1279 | key, rng); |
wolfSSL | 11:cee25a834751 | 1280 | |
wolfSSL | 11:cee25a834751 | 1281 | if (ret >= 0 || ret == WC_PENDING_E) { |
wolfSSL | 11:cee25a834751 | 1282 | key->state = RSA_STATE_DECRYPT_UNPAD; |
wolfSSL | 11:cee25a834751 | 1283 | } |
wolfSSL | 11:cee25a834751 | 1284 | if (ret < 0) { |
wolfSSL | 11:cee25a834751 | 1285 | break; |
wolfSSL | 11:cee25a834751 | 1286 | } |
wolfSSL | 11:cee25a834751 | 1287 | |
wolfSSL | 11:cee25a834751 | 1288 | /* fall through */ |
wolfSSL | 11:cee25a834751 | 1289 | |
wolfSSL | 11:cee25a834751 | 1290 | case RSA_STATE_DECRYPT_UNPAD: |
wolfSSL | 11:cee25a834751 | 1291 | { |
wolfSSL | 11:cee25a834751 | 1292 | byte* pad = NULL; |
wolfSSL | 11:cee25a834751 | 1293 | ret = wc_RsaUnPad_ex(key->data, key->dataLen, &pad, pad_value, pad_type, |
wolfSSL | 11:cee25a834751 | 1294 | hash, mgf, label, labelSz, key->heap); |
wolfSSL | 11:cee25a834751 | 1295 | if (ret > 0 && ret <= (int)outLen && pad != NULL) { |
wolfSSL | 11:cee25a834751 | 1296 | /* only copy output if not inline */ |
wolfSSL | 11:cee25a834751 | 1297 | if (outPtr == NULL) { |
wolfSSL | 11:cee25a834751 | 1298 | XMEMCPY(out, pad, ret); |
wolfSSL | 11:cee25a834751 | 1299 | } |
wolfSSL | 11:cee25a834751 | 1300 | else { |
wolfSSL | 11:cee25a834751 | 1301 | *outPtr = pad; |
wolfSSL | 11:cee25a834751 | 1302 | } |
wolfSSL | 11:cee25a834751 | 1303 | } |
wolfSSL | 11:cee25a834751 | 1304 | else if (ret >= 0) { |
wolfSSL | 11:cee25a834751 | 1305 | ret = RSA_BUFFER_E; |
wolfSSL | 11:cee25a834751 | 1306 | } |
wolfSSL | 11:cee25a834751 | 1307 | if (ret < 0) { |
wolfSSL | 11:cee25a834751 | 1308 | break; |
wolfSSL | 11:cee25a834751 | 1309 | } |
wolfSSL | 11:cee25a834751 | 1310 | |
wolfSSL | 11:cee25a834751 | 1311 | key->state = RSA_STATE_DECRYPT_RES; |
wolfSSL | 11:cee25a834751 | 1312 | /* fall through */ |
wolfSSL | 11:cee25a834751 | 1313 | } |
wolfSSL | 11:cee25a834751 | 1314 | case RSA_STATE_DECRYPT_RES: |
wolfSSL | 11:cee25a834751 | 1315 | #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_RSA) && \ |
wolfSSL | 11:cee25a834751 | 1316 | defined(HAVE_CAVIUM) |
wolfSSL | 11:cee25a834751 | 1317 | if (key->asyncDev.marker == WOLFSSL_ASYNC_MARKER_RSA) { |
wolfSSL | 11:cee25a834751 | 1318 | /* return event ret */ |
wolfSSL | 11:cee25a834751 | 1319 | ret = key->asyncDev.event.ret; |
wolfSSL | 11:cee25a834751 | 1320 | if (ret == 0) { |
wolfSSL | 11:cee25a834751 | 1321 | /* convert result */ |
wolfSSL | 11:cee25a834751 | 1322 | byte* dataLen = (byte*)&key->dataLen; |
wolfSSL | 11:cee25a834751 | 1323 | ret = (dataLen[0] << 8) | (dataLen[1]); |
wolfSSL | 11:cee25a834751 | 1324 | } |
wolfSSL | 11:cee25a834751 | 1325 | } |
wolfSSL | 11:cee25a834751 | 1326 | #endif |
wolfSSL | 11:cee25a834751 | 1327 | break; |
wolfSSL | 11:cee25a834751 | 1328 | |
wolfSSL | 11:cee25a834751 | 1329 | default: |
wolfSSL | 11:cee25a834751 | 1330 | ret = BAD_STATE_E; |
wolfSSL | 11:cee25a834751 | 1331 | break; |
wolfSSL | 11:cee25a834751 | 1332 | } |
wolfSSL | 11:cee25a834751 | 1333 | |
wolfSSL | 11:cee25a834751 | 1334 | /* if async pending then return and skip done cleanup below */ |
wolfSSL | 11:cee25a834751 | 1335 | if (ret == WC_PENDING_E) { |
wolfSSL | 11:cee25a834751 | 1336 | return ret; |
wolfSSL | 11:cee25a834751 | 1337 | } |
wolfSSL | 11:cee25a834751 | 1338 | |
wolfSSL | 11:cee25a834751 | 1339 | key->state = RSA_STATE_NONE; |
wolfSSL | 11:cee25a834751 | 1340 | wc_RsaCleanup(key); |
wolfSSL | 11:cee25a834751 | 1341 | |
wolfSSL | 11:cee25a834751 | 1342 | return ret; |
wolfSSL | 11:cee25a834751 | 1343 | } |
wolfSSL | 11:cee25a834751 | 1344 | |
wolfSSL | 11:cee25a834751 | 1345 | |
wolfSSL | 11:cee25a834751 | 1346 | /* Public RSA Functions */ |
wolfSSL | 11:cee25a834751 | 1347 | int wc_RsaPublicEncrypt(const byte* in, word32 inLen, byte* out, word32 outLen, |
wolfSSL | 11:cee25a834751 | 1348 | RsaKey* key, WC_RNG* rng) |
wolfSSL | 11:cee25a834751 | 1349 | { |
wolfSSL | 11:cee25a834751 | 1350 | return RsaPublicEncryptEx(in, inLen, out, outLen, key, |
wolfSSL | 11:cee25a834751 | 1351 | RSA_PUBLIC_ENCRYPT, RSA_BLOCK_TYPE_2, WC_RSA_PKCSV15_PAD, |
wolfSSL | 11:cee25a834751 | 1352 | WC_HASH_TYPE_NONE, WC_MGF1NONE, NULL, 0, rng); |
wolfSSL | 11:cee25a834751 | 1353 | } |
wolfSSL | 11:cee25a834751 | 1354 | |
wolfSSL | 11:cee25a834751 | 1355 | |
wolfSSL | 11:cee25a834751 | 1356 | #ifndef WC_NO_RSA_OAEP |
wolfSSL | 11:cee25a834751 | 1357 | int wc_RsaPublicEncrypt_ex(const byte* in, word32 inLen, byte* out, |
wolfSSL | 11:cee25a834751 | 1358 | word32 outLen, RsaKey* key, WC_RNG* rng, int type, |
wolfSSL | 11:cee25a834751 | 1359 | enum wc_HashType hash, int mgf, byte* label, |
wolfSSL | 11:cee25a834751 | 1360 | word32 labelSz) |
wolfSSL | 11:cee25a834751 | 1361 | { |
wolfSSL | 11:cee25a834751 | 1362 | return RsaPublicEncryptEx(in, inLen, out, outLen, key, RSA_PUBLIC_ENCRYPT, |
wolfSSL | 11:cee25a834751 | 1363 | RSA_BLOCK_TYPE_2, type, hash, mgf, label, labelSz, rng); |
wolfSSL | 11:cee25a834751 | 1364 | } |
wolfSSL | 11:cee25a834751 | 1365 | #endif /* WC_NO_RSA_OAEP */ |
wolfSSL | 11:cee25a834751 | 1366 | |
wolfSSL | 11:cee25a834751 | 1367 | |
wolfSSL | 11:cee25a834751 | 1368 | int wc_RsaPrivateDecryptInline(byte* in, word32 inLen, byte** out, RsaKey* key) |
wolfSSL | 11:cee25a834751 | 1369 | { |
wolfSSL | 11:cee25a834751 | 1370 | WC_RNG* rng = NULL; |
wolfSSL | 11:cee25a834751 | 1371 | #ifdef WC_RSA_BLINDING |
wolfSSL | 11:cee25a834751 | 1372 | rng = key->rng; |
wolfSSL | 11:cee25a834751 | 1373 | #endif |
wolfSSL | 11:cee25a834751 | 1374 | return RsaPrivateDecryptEx(in, inLen, in, inLen, out, key, |
wolfSSL | 11:cee25a834751 | 1375 | RSA_PRIVATE_DECRYPT, RSA_BLOCK_TYPE_2, WC_RSA_PKCSV15_PAD, |
wolfSSL | 11:cee25a834751 | 1376 | WC_HASH_TYPE_NONE, WC_MGF1NONE, NULL, 0, rng); |
wolfSSL | 11:cee25a834751 | 1377 | } |
wolfSSL | 11:cee25a834751 | 1378 | |
wolfSSL | 11:cee25a834751 | 1379 | |
wolfSSL | 11:cee25a834751 | 1380 | #ifndef WC_NO_RSA_OAEP |
wolfSSL | 11:cee25a834751 | 1381 | int wc_RsaPrivateDecryptInline_ex(byte* in, word32 inLen, byte** out, |
wolfSSL | 11:cee25a834751 | 1382 | RsaKey* key, int type, enum wc_HashType hash, |
wolfSSL | 11:cee25a834751 | 1383 | int mgf, byte* label, word32 labelSz) |
wolfSSL | 11:cee25a834751 | 1384 | { |
wolfSSL | 11:cee25a834751 | 1385 | WC_RNG* rng = NULL; |
wolfSSL | 11:cee25a834751 | 1386 | #ifdef WC_RSA_BLINDING |
wolfSSL | 11:cee25a834751 | 1387 | rng = key->rng; |
wolfSSL | 11:cee25a834751 | 1388 | #endif |
wolfSSL | 11:cee25a834751 | 1389 | return RsaPrivateDecryptEx(in, inLen, in, inLen, out, key, |
wolfSSL | 11:cee25a834751 | 1390 | RSA_PRIVATE_DECRYPT, RSA_BLOCK_TYPE_2, type, hash, |
wolfSSL | 11:cee25a834751 | 1391 | mgf, label, labelSz, rng); |
wolfSSL | 11:cee25a834751 | 1392 | } |
wolfSSL | 11:cee25a834751 | 1393 | #endif /* WC_NO_RSA_OAEP */ |
wolfSSL | 11:cee25a834751 | 1394 | |
wolfSSL | 11:cee25a834751 | 1395 | |
wolfSSL | 11:cee25a834751 | 1396 | int wc_RsaPrivateDecrypt(const byte* in, word32 inLen, byte* out, |
wolfSSL | 11:cee25a834751 | 1397 | word32 outLen, RsaKey* key) |
wolfSSL | 11:cee25a834751 | 1398 | { |
wolfSSL | 11:cee25a834751 | 1399 | WC_RNG* rng = NULL; |
wolfSSL | 11:cee25a834751 | 1400 | #ifdef WC_RSA_BLINDING |
wolfSSL | 11:cee25a834751 | 1401 | rng = key->rng; |
wolfSSL | 11:cee25a834751 | 1402 | #endif |
wolfSSL | 11:cee25a834751 | 1403 | return RsaPrivateDecryptEx((byte*)in, inLen, out, outLen, NULL, key, |
wolfSSL | 11:cee25a834751 | 1404 | RSA_PRIVATE_DECRYPT, RSA_BLOCK_TYPE_2, WC_RSA_PKCSV15_PAD, |
wolfSSL | 11:cee25a834751 | 1405 | WC_HASH_TYPE_NONE, WC_MGF1NONE, NULL, 0, rng); |
wolfSSL | 11:cee25a834751 | 1406 | } |
wolfSSL | 11:cee25a834751 | 1407 | |
wolfSSL | 11:cee25a834751 | 1408 | |
wolfSSL | 11:cee25a834751 | 1409 | #ifndef WC_NO_RSA_OAEP |
wolfSSL | 11:cee25a834751 | 1410 | int wc_RsaPrivateDecrypt_ex(const byte* in, word32 inLen, byte* out, |
wolfSSL | 11:cee25a834751 | 1411 | word32 outLen, RsaKey* key, int type, |
wolfSSL | 11:cee25a834751 | 1412 | enum wc_HashType hash, int mgf, byte* label, |
wolfSSL | 11:cee25a834751 | 1413 | word32 labelSz) |
wolfSSL | 11:cee25a834751 | 1414 | { |
wolfSSL | 11:cee25a834751 | 1415 | WC_RNG* rng = NULL; |
wolfSSL | 11:cee25a834751 | 1416 | #ifdef WC_RSA_BLINDING |
wolfSSL | 11:cee25a834751 | 1417 | rng = key->rng; |
wolfSSL | 11:cee25a834751 | 1418 | #endif |
wolfSSL | 11:cee25a834751 | 1419 | return RsaPrivateDecryptEx((byte*)in, inLen, out, outLen, NULL, key, |
wolfSSL | 11:cee25a834751 | 1420 | RSA_PRIVATE_DECRYPT, RSA_BLOCK_TYPE_2, type, hash, mgf, label, |
wolfSSL | 11:cee25a834751 | 1421 | labelSz, rng); |
wolfSSL | 11:cee25a834751 | 1422 | } |
wolfSSL | 11:cee25a834751 | 1423 | #endif /* WC_NO_RSA_OAEP */ |
wolfSSL | 11:cee25a834751 | 1424 | |
wolfSSL | 11:cee25a834751 | 1425 | |
wolfSSL | 11:cee25a834751 | 1426 | int wc_RsaSSL_VerifyInline(byte* in, word32 inLen, byte** out, RsaKey* key) |
wolfSSL | 11:cee25a834751 | 1427 | { |
wolfSSL | 11:cee25a834751 | 1428 | WC_RNG* rng = NULL; |
wolfSSL | 11:cee25a834751 | 1429 | #ifdef WC_RSA_BLINDING |
wolfSSL | 11:cee25a834751 | 1430 | rng = key->rng; |
wolfSSL | 11:cee25a834751 | 1431 | #endif |
wolfSSL | 11:cee25a834751 | 1432 | return RsaPrivateDecryptEx(in, inLen, in, inLen, out, key, |
wolfSSL | 11:cee25a834751 | 1433 | RSA_PUBLIC_DECRYPT, RSA_BLOCK_TYPE_1, WC_RSA_PKCSV15_PAD, |
wolfSSL | 11:cee25a834751 | 1434 | WC_HASH_TYPE_NONE, WC_MGF1NONE, NULL, 0, rng); |
wolfSSL | 11:cee25a834751 | 1435 | } |
wolfSSL | 11:cee25a834751 | 1436 | |
wolfSSL | 11:cee25a834751 | 1437 | int wc_RsaSSL_Verify(const byte* in, word32 inLen, byte* out, word32 outLen, |
wolfSSL | 11:cee25a834751 | 1438 | RsaKey* key) |
wolfSSL | 11:cee25a834751 | 1439 | { |
wolfSSL | 11:cee25a834751 | 1440 | WC_RNG* rng = NULL; |
wolfSSL | 11:cee25a834751 | 1441 | #ifdef WC_RSA_BLINDING |
wolfSSL | 11:cee25a834751 | 1442 | rng = key->rng; |
wolfSSL | 11:cee25a834751 | 1443 | #endif |
wolfSSL | 11:cee25a834751 | 1444 | return RsaPrivateDecryptEx((byte*)in, inLen, out, outLen, NULL, key, |
wolfSSL | 11:cee25a834751 | 1445 | RSA_PUBLIC_DECRYPT, RSA_BLOCK_TYPE_1, WC_RSA_PKCSV15_PAD, |
wolfSSL | 11:cee25a834751 | 1446 | WC_HASH_TYPE_NONE, WC_MGF1NONE, NULL, 0, rng); |
wolfSSL | 11:cee25a834751 | 1447 | } |
wolfSSL | 11:cee25a834751 | 1448 | |
wolfSSL | 11:cee25a834751 | 1449 | |
wolfSSL | 11:cee25a834751 | 1450 | int wc_RsaSSL_Sign(const byte* in, word32 inLen, byte* out, word32 outLen, |
wolfSSL | 11:cee25a834751 | 1451 | RsaKey* key, WC_RNG* rng) |
wolfSSL | 11:cee25a834751 | 1452 | { |
wolfSSL | 11:cee25a834751 | 1453 | return RsaPublicEncryptEx(in, inLen, out, outLen, key, |
wolfSSL | 11:cee25a834751 | 1454 | RSA_PRIVATE_ENCRYPT, RSA_BLOCK_TYPE_1, WC_RSA_PKCSV15_PAD, |
wolfSSL | 11:cee25a834751 | 1455 | WC_HASH_TYPE_NONE, WC_MGF1NONE, NULL, 0, rng); |
wolfSSL | 11:cee25a834751 | 1456 | } |
wolfSSL | 11:cee25a834751 | 1457 | |
wolfSSL | 11:cee25a834751 | 1458 | |
wolfSSL | 11:cee25a834751 | 1459 | int wc_RsaEncryptSize(RsaKey* key) |
wolfSSL | 11:cee25a834751 | 1460 | { |
wolfSSL | 11:cee25a834751 | 1461 | return mp_unsigned_bin_size(&key->n); |
wolfSSL | 11:cee25a834751 | 1462 | } |
wolfSSL | 11:cee25a834751 | 1463 | |
wolfSSL | 11:cee25a834751 | 1464 | |
wolfSSL | 11:cee25a834751 | 1465 | /* flatten RsaKey structure into individual elements (e, n) */ |
wolfSSL | 11:cee25a834751 | 1466 | int wc_RsaFlattenPublicKey(RsaKey* key, byte* e, word32* eSz, byte* n, |
wolfSSL | 11:cee25a834751 | 1467 | word32* nSz) |
wolfSSL | 11:cee25a834751 | 1468 | { |
wolfSSL | 11:cee25a834751 | 1469 | int sz, ret; |
wolfSSL | 11:cee25a834751 | 1470 | |
wolfSSL | 11:cee25a834751 | 1471 | if (key == NULL || e == NULL || eSz == NULL || n == NULL || nSz == NULL) { |
wolfSSL | 11:cee25a834751 | 1472 | return BAD_FUNC_ARG; |
wolfSSL | 11:cee25a834751 | 1473 | } |
wolfSSL | 11:cee25a834751 | 1474 | |
wolfSSL | 11:cee25a834751 | 1475 | sz = mp_unsigned_bin_size(&key->e); |
wolfSSL | 11:cee25a834751 | 1476 | if ((word32)sz > *eSz) |
wolfSSL | 11:cee25a834751 | 1477 | return RSA_BUFFER_E; |
wolfSSL | 11:cee25a834751 | 1478 | ret = mp_to_unsigned_bin(&key->e, e); |
wolfSSL | 11:cee25a834751 | 1479 | if (ret != MP_OKAY) |
wolfSSL | 11:cee25a834751 | 1480 | return ret; |
wolfSSL | 11:cee25a834751 | 1481 | *eSz = (word32)sz; |
wolfSSL | 11:cee25a834751 | 1482 | |
wolfSSL | 11:cee25a834751 | 1483 | sz = wc_RsaEncryptSize(key); |
wolfSSL | 11:cee25a834751 | 1484 | if ((word32)sz > *nSz) |
wolfSSL | 11:cee25a834751 | 1485 | return RSA_BUFFER_E; |
wolfSSL | 11:cee25a834751 | 1486 | ret = mp_to_unsigned_bin(&key->n, n); |
wolfSSL | 11:cee25a834751 | 1487 | if (ret != MP_OKAY) |
wolfSSL | 11:cee25a834751 | 1488 | return ret; |
wolfSSL | 11:cee25a834751 | 1489 | *nSz = (word32)sz; |
wolfSSL | 11:cee25a834751 | 1490 | |
wolfSSL | 11:cee25a834751 | 1491 | return 0; |
wolfSSL | 11:cee25a834751 | 1492 | } |
wolfSSL | 11:cee25a834751 | 1493 | |
wolfSSL | 11:cee25a834751 | 1494 | #ifdef WOLFSSL_KEY_GEN |
wolfSSL | 11:cee25a834751 | 1495 | /* Make an RSA key for size bits, with e specified, 65537 is a good e */ |
wolfSSL | 11:cee25a834751 | 1496 | int wc_MakeRsaKey(RsaKey* key, int size, long e, WC_RNG* rng) |
wolfSSL | 11:cee25a834751 | 1497 | { |
wolfSSL | 11:cee25a834751 | 1498 | mp_int p, q, tmp1, tmp2, tmp3; |
wolfSSL | 11:cee25a834751 | 1499 | int err; |
wolfSSL | 11:cee25a834751 | 1500 | |
wolfSSL | 11:cee25a834751 | 1501 | if (key == NULL || rng == NULL) |
wolfSSL | 11:cee25a834751 | 1502 | return BAD_FUNC_ARG; |
wolfSSL | 11:cee25a834751 | 1503 | |
wolfSSL | 11:cee25a834751 | 1504 | if (size < RSA_MIN_SIZE || size > RSA_MAX_SIZE) |
wolfSSL | 11:cee25a834751 | 1505 | return BAD_FUNC_ARG; |
wolfSSL | 11:cee25a834751 | 1506 | |
wolfSSL | 11:cee25a834751 | 1507 | if (e < 3 || (e & 1) == 0) |
wolfSSL | 11:cee25a834751 | 1508 | return BAD_FUNC_ARG; |
wolfSSL | 11:cee25a834751 | 1509 | |
wolfSSL | 11:cee25a834751 | 1510 | #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_RSA) |
wolfSSL | 11:cee25a834751 | 1511 | if (key->asyncDev.marker == WOLFSSL_ASYNC_MARKER_RSA) { |
wolfSSL | 11:cee25a834751 | 1512 | #ifdef HAVE_CAVIUM |
wolfSSL | 11:cee25a834751 | 1513 | /* TODO: Not implemented */ |
wolfSSL | 11:cee25a834751 | 1514 | #elif defined(HAVE_INTEL_QA) |
wolfSSL | 11:cee25a834751 | 1515 | /* TODO: Not implemented */ |
wolfSSL | 11:cee25a834751 | 1516 | #else |
wolfSSL | 11:cee25a834751 | 1517 | WC_ASYNC_TEST* testDev = &key->asyncDev.test; |
wolfSSL | 11:cee25a834751 | 1518 | if (testDev->type == ASYNC_TEST_NONE) { |
wolfSSL | 11:cee25a834751 | 1519 | testDev->type = ASYNC_TEST_RSA_MAKE; |
wolfSSL | 11:cee25a834751 | 1520 | testDev->rsaMake.rng = rng; |
wolfSSL | 11:cee25a834751 | 1521 | testDev->rsaMake.key = key; |
wolfSSL | 11:cee25a834751 | 1522 | testDev->rsaMake.size = size; |
wolfSSL | 11:cee25a834751 | 1523 | testDev->rsaMake.e = e; |
wolfSSL | 11:cee25a834751 | 1524 | return WC_PENDING_E; |
wolfSSL | 11:cee25a834751 | 1525 | } |
wolfSSL | 11:cee25a834751 | 1526 | #endif |
wolfSSL | 11:cee25a834751 | 1527 | } |
wolfSSL | 11:cee25a834751 | 1528 | #endif |
wolfSSL | 11:cee25a834751 | 1529 | |
wolfSSL | 11:cee25a834751 | 1530 | if ((err = mp_init_multi(&p, &q, &tmp1, &tmp2, &tmp3, NULL)) != MP_OKAY) |
wolfSSL | 11:cee25a834751 | 1531 | return err; |
wolfSSL | 11:cee25a834751 | 1532 | |
wolfSSL | 11:cee25a834751 | 1533 | err = mp_set_int(&tmp3, e); |
wolfSSL | 11:cee25a834751 | 1534 | |
wolfSSL | 11:cee25a834751 | 1535 | /* make p */ |
wolfSSL | 11:cee25a834751 | 1536 | if (err == MP_OKAY) { |
wolfSSL | 11:cee25a834751 | 1537 | do { |
wolfSSL | 11:cee25a834751 | 1538 | err = mp_rand_prime(&p, size/16, rng, key->heap); /* size in bytes/2 */ |
wolfSSL | 11:cee25a834751 | 1539 | |
wolfSSL | 11:cee25a834751 | 1540 | if (err == MP_OKAY) |
wolfSSL | 11:cee25a834751 | 1541 | err = mp_sub_d(&p, 1, &tmp1); /* tmp1 = p-1 */ |
wolfSSL | 11:cee25a834751 | 1542 | |
wolfSSL | 11:cee25a834751 | 1543 | if (err == MP_OKAY) |
wolfSSL | 11:cee25a834751 | 1544 | err = mp_gcd(&tmp1, &tmp3, &tmp2); /* tmp2 = gcd(p-1, e) */ |
wolfSSL | 11:cee25a834751 | 1545 | } while (err == MP_OKAY && mp_cmp_d(&tmp2, 1) != 0); /* e divides p-1 */ |
wolfSSL | 11:cee25a834751 | 1546 | } |
wolfSSL | 11:cee25a834751 | 1547 | |
wolfSSL | 11:cee25a834751 | 1548 | /* make q */ |
wolfSSL | 11:cee25a834751 | 1549 | if (err == MP_OKAY) { |
wolfSSL | 11:cee25a834751 | 1550 | do { |
wolfSSL | 11:cee25a834751 | 1551 | err = mp_rand_prime(&q, size/16, rng, key->heap); /* size in bytes/2 */ |
wolfSSL | 11:cee25a834751 | 1552 | |
wolfSSL | 11:cee25a834751 | 1553 | if (err == MP_OKAY) |
wolfSSL | 11:cee25a834751 | 1554 | err = mp_sub_d(&q, 1, &tmp1); /* tmp1 = q-1 */ |
wolfSSL | 11:cee25a834751 | 1555 | |
wolfSSL | 11:cee25a834751 | 1556 | if (err == MP_OKAY) |
wolfSSL | 11:cee25a834751 | 1557 | err = mp_gcd(&tmp1, &tmp3, &tmp2); /* tmp2 = gcd(q-1, e) */ |
wolfSSL | 11:cee25a834751 | 1558 | } while (err == MP_OKAY && mp_cmp_d(&tmp2, 1) != 0); /* e divides q-1 */ |
wolfSSL | 11:cee25a834751 | 1559 | } |
wolfSSL | 11:cee25a834751 | 1560 | |
wolfSSL | 11:cee25a834751 | 1561 | if (err == MP_OKAY) |
wolfSSL | 11:cee25a834751 | 1562 | err = mp_init_multi(&key->n, &key->e, &key->d, &key->p, &key->q, NULL); |
wolfSSL | 11:cee25a834751 | 1563 | |
wolfSSL | 11:cee25a834751 | 1564 | if (err == MP_OKAY) |
wolfSSL | 11:cee25a834751 | 1565 | err = mp_init_multi(&key->dP, &key->dQ, &key->u, NULL, NULL, NULL); |
wolfSSL | 11:cee25a834751 | 1566 | |
wolfSSL | 11:cee25a834751 | 1567 | if (err == MP_OKAY) |
wolfSSL | 11:cee25a834751 | 1568 | err = mp_sub_d(&p, 1, &tmp2); /* tmp2 = p-1 */ |
wolfSSL | 11:cee25a834751 | 1569 | |
wolfSSL | 11:cee25a834751 | 1570 | if (err == MP_OKAY) |
wolfSSL | 11:cee25a834751 | 1571 | err = mp_lcm(&tmp1, &tmp2, &tmp1); /* tmp1 = lcm(p-1, q-1),last loop */ |
wolfSSL | 11:cee25a834751 | 1572 | |
wolfSSL | 11:cee25a834751 | 1573 | /* make key */ |
wolfSSL | 11:cee25a834751 | 1574 | if (err == MP_OKAY) |
wolfSSL | 11:cee25a834751 | 1575 | err = mp_set_int(&key->e, (mp_digit)e); /* key->e = e */ |
wolfSSL | 11:cee25a834751 | 1576 | |
wolfSSL | 11:cee25a834751 | 1577 | if (err == MP_OKAY) /* key->d = 1/e mod lcm(p-1, q-1) */ |
wolfSSL | 11:cee25a834751 | 1578 | err = mp_invmod(&key->e, &tmp1, &key->d); |
wolfSSL | 11:cee25a834751 | 1579 | |
wolfSSL | 11:cee25a834751 | 1580 | if (err == MP_OKAY) |
wolfSSL | 11:cee25a834751 | 1581 | err = mp_mul(&p, &q, &key->n); /* key->n = pq */ |
wolfSSL | 11:cee25a834751 | 1582 | |
wolfSSL | 11:cee25a834751 | 1583 | if (err == MP_OKAY) |
wolfSSL | 11:cee25a834751 | 1584 | err = mp_sub_d(&p, 1, &tmp1); |
wolfSSL | 11:cee25a834751 | 1585 | |
wolfSSL | 11:cee25a834751 | 1586 | if (err == MP_OKAY) |
wolfSSL | 11:cee25a834751 | 1587 | err = mp_sub_d(&q, 1, &tmp2); |
wolfSSL | 11:cee25a834751 | 1588 | |
wolfSSL | 11:cee25a834751 | 1589 | if (err == MP_OKAY) |
wolfSSL | 11:cee25a834751 | 1590 | err = mp_mod(&key->d, &tmp1, &key->dP); |
wolfSSL | 11:cee25a834751 | 1591 | |
wolfSSL | 11:cee25a834751 | 1592 | if (err == MP_OKAY) |
wolfSSL | 11:cee25a834751 | 1593 | err = mp_mod(&key->d, &tmp2, &key->dQ); |
wolfSSL | 11:cee25a834751 | 1594 | |
wolfSSL | 11:cee25a834751 | 1595 | if (err == MP_OKAY) |
wolfSSL | 11:cee25a834751 | 1596 | err = mp_invmod(&q, &p, &key->u); |
wolfSSL | 11:cee25a834751 | 1597 | |
wolfSSL | 11:cee25a834751 | 1598 | if (err == MP_OKAY) |
wolfSSL | 11:cee25a834751 | 1599 | err = mp_copy(&p, &key->p); |
wolfSSL | 11:cee25a834751 | 1600 | |
wolfSSL | 11:cee25a834751 | 1601 | if (err == MP_OKAY) |
wolfSSL | 11:cee25a834751 | 1602 | err = mp_copy(&q, &key->q); |
wolfSSL | 11:cee25a834751 | 1603 | |
wolfSSL | 11:cee25a834751 | 1604 | if (err == MP_OKAY) |
wolfSSL | 11:cee25a834751 | 1605 | key->type = RSA_PRIVATE; |
wolfSSL | 11:cee25a834751 | 1606 | |
wolfSSL | 11:cee25a834751 | 1607 | mp_clear(&tmp3); |
wolfSSL | 11:cee25a834751 | 1608 | mp_clear(&tmp2); |
wolfSSL | 11:cee25a834751 | 1609 | mp_clear(&tmp1); |
wolfSSL | 11:cee25a834751 | 1610 | mp_clear(&q); |
wolfSSL | 11:cee25a834751 | 1611 | mp_clear(&p); |
wolfSSL | 11:cee25a834751 | 1612 | |
wolfSSL | 11:cee25a834751 | 1613 | if (err != MP_OKAY) { |
wolfSSL | 11:cee25a834751 | 1614 | wc_FreeRsaKey(key); |
wolfSSL | 11:cee25a834751 | 1615 | return err; |
wolfSSL | 11:cee25a834751 | 1616 | } |
wolfSSL | 11:cee25a834751 | 1617 | |
wolfSSL | 11:cee25a834751 | 1618 | return 0; |
wolfSSL | 11:cee25a834751 | 1619 | } |
wolfSSL | 11:cee25a834751 | 1620 | #endif /* WOLFSSL_KEY_GEN */ |
wolfSSL | 11:cee25a834751 | 1621 | |
wolfSSL | 11:cee25a834751 | 1622 | |
wolfSSL | 11:cee25a834751 | 1623 | #ifdef WC_RSA_BLINDING |
wolfSSL | 11:cee25a834751 | 1624 | |
wolfSSL | 11:cee25a834751 | 1625 | int wc_RsaSetRNG(RsaKey* key, WC_RNG* rng) |
wolfSSL | 11:cee25a834751 | 1626 | { |
wolfSSL | 11:cee25a834751 | 1627 | if (key == NULL) |
wolfSSL | 11:cee25a834751 | 1628 | return BAD_FUNC_ARG; |
wolfSSL | 11:cee25a834751 | 1629 | |
wolfSSL | 11:cee25a834751 | 1630 | key->rng = rng; |
wolfSSL | 11:cee25a834751 | 1631 | |
wolfSSL | 11:cee25a834751 | 1632 | return 0; |
wolfSSL | 11:cee25a834751 | 1633 | } |
wolfSSL | 11:cee25a834751 | 1634 | |
wolfSSL | 11:cee25a834751 | 1635 | #endif /* WC_RSA_BLINDING */ |
wolfSSL | 11:cee25a834751 | 1636 | |
wolfSSL | 11:cee25a834751 | 1637 | |
wolfSSL | 11:cee25a834751 | 1638 | #undef ERROR_OUT |
wolfSSL | 11:cee25a834751 | 1639 | |
wolfSSL | 11:cee25a834751 | 1640 | #endif /* HAVE_FIPS */ |
wolfSSL | 11:cee25a834751 | 1641 | #endif /* NO_RSA */ |
wolfSSL | 11:cee25a834751 | 1642 |