wolf SSL
wolfSSL SSL/TLS library, support up to TLS1.3
Dependents: CyaSSL-Twitter-OAuth4Tw Example-client-tls-cert TwitterReader TweetTest ... more
wolfcrypt/src/rsa.c@0:d92f9d21154c, 2015-06-26 (annotated)
- Committer:
- wolfSSL
- Date:
- Fri Jun 26 00:39:20 2015 +0000
- Revision:
- 0:d92f9d21154c
wolfSSL 3.6.0
Who changed what in which revision?
| User | Revision | Line number | New contents of line |
|---|---|---|---|
| wolfSSL | 0:d92f9d21154c | 1 | /* rsa.c |
| wolfSSL | 0:d92f9d21154c | 2 | * |
| wolfSSL | 0:d92f9d21154c | 3 | * Copyright (C) 2006-2015 wolfSSL Inc. |
| wolfSSL | 0:d92f9d21154c | 4 | * |
| wolfSSL | 0:d92f9d21154c | 5 | * This file is part of wolfSSL. (formerly known as CyaSSL) |
| wolfSSL | 0:d92f9d21154c | 6 | * |
| wolfSSL | 0:d92f9d21154c | 7 | * wolfSSL is free software; you can redistribute it and/or modify |
| wolfSSL | 0:d92f9d21154c | 8 | * it under the terms of the GNU General Public License as published by |
| wolfSSL | 0:d92f9d21154c | 9 | * the Free Software Foundation; either version 2 of the License, or |
| wolfSSL | 0:d92f9d21154c | 10 | * (at your option) any later version. |
| wolfSSL | 0:d92f9d21154c | 11 | * |
| wolfSSL | 0:d92f9d21154c | 12 | * wolfSSL is distributed in the hope that it will be useful, |
| wolfSSL | 0:d92f9d21154c | 13 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
| wolfSSL | 0:d92f9d21154c | 14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
| wolfSSL | 0:d92f9d21154c | 15 | * GNU General Public License for more details. |
| wolfSSL | 0:d92f9d21154c | 16 | * |
| wolfSSL | 0:d92f9d21154c | 17 | * You should have received a copy of the GNU General Public License |
| wolfSSL | 0:d92f9d21154c | 18 | * along with this program; if not, write to the Free Software |
| wolfSSL | 0:d92f9d21154c | 19 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA |
| wolfSSL | 0:d92f9d21154c | 20 | */ |
| wolfSSL | 0:d92f9d21154c | 21 | |
| wolfSSL | 0:d92f9d21154c | 22 | #ifdef HAVE_CONFIG_H |
| wolfSSL | 0:d92f9d21154c | 23 | #include <config.h> |
| wolfSSL | 0:d92f9d21154c | 24 | #endif |
| wolfSSL | 0:d92f9d21154c | 25 | |
| wolfSSL | 0:d92f9d21154c | 26 | #include <wolfssl/wolfcrypt/settings.h> |
| wolfSSL | 0:d92f9d21154c | 27 | |
| wolfSSL | 0:d92f9d21154c | 28 | #ifndef NO_RSA |
| wolfSSL | 0:d92f9d21154c | 29 | |
| wolfSSL | 0:d92f9d21154c | 30 | #include <wolfssl/wolfcrypt/rsa.h> |
| wolfSSL | 0:d92f9d21154c | 31 | |
| wolfSSL | 0:d92f9d21154c | 32 | #ifdef HAVE_FIPS |
| wolfSSL | 0:d92f9d21154c | 33 | int wc_InitRsaKey(RsaKey* key, void* ptr) |
| wolfSSL | 0:d92f9d21154c | 34 | { |
| wolfSSL | 0:d92f9d21154c | 35 | return InitRsaKey_fips(key, ptr); |
| wolfSSL | 0:d92f9d21154c | 36 | } |
| wolfSSL | 0:d92f9d21154c | 37 | |
| wolfSSL | 0:d92f9d21154c | 38 | |
| wolfSSL | 0:d92f9d21154c | 39 | int wc_FreeRsaKey(RsaKey* key) |
| wolfSSL | 0:d92f9d21154c | 40 | { |
| wolfSSL | 0:d92f9d21154c | 41 | return FreeRsaKey_fips(key); |
| wolfSSL | 0:d92f9d21154c | 42 | } |
| wolfSSL | 0:d92f9d21154c | 43 | |
| wolfSSL | 0:d92f9d21154c | 44 | |
| wolfSSL | 0:d92f9d21154c | 45 | int wc_RsaPublicEncrypt(const byte* in, word32 inLen, byte* out, |
| wolfSSL | 0:d92f9d21154c | 46 | word32 outLen, RsaKey* key, RNG* rng) |
| wolfSSL | 0:d92f9d21154c | 47 | { |
| wolfSSL | 0:d92f9d21154c | 48 | return RsaPublicEncrypt_fips(in, inLen, out, outLen, key, rng); |
| wolfSSL | 0:d92f9d21154c | 49 | } |
| wolfSSL | 0:d92f9d21154c | 50 | |
| wolfSSL | 0:d92f9d21154c | 51 | |
| wolfSSL | 0:d92f9d21154c | 52 | int wc_RsaPrivateDecryptInline(byte* in, word32 inLen, byte** out, |
| wolfSSL | 0:d92f9d21154c | 53 | RsaKey* key) |
| wolfSSL | 0:d92f9d21154c | 54 | { |
| wolfSSL | 0:d92f9d21154c | 55 | return RsaPrivateDecryptInline_fips(in, inLen, out, key); |
| wolfSSL | 0:d92f9d21154c | 56 | } |
| wolfSSL | 0:d92f9d21154c | 57 | |
| wolfSSL | 0:d92f9d21154c | 58 | |
| wolfSSL | 0:d92f9d21154c | 59 | int wc_RsaPrivateDecrypt(const byte* in, word32 inLen, byte* out, |
| wolfSSL | 0:d92f9d21154c | 60 | word32 outLen, RsaKey* key) |
| wolfSSL | 0:d92f9d21154c | 61 | { |
| wolfSSL | 0:d92f9d21154c | 62 | return RsaPrivateDecrypt_fips(in, inLen, out, outLen, key); |
| wolfSSL | 0:d92f9d21154c | 63 | } |
| wolfSSL | 0:d92f9d21154c | 64 | |
| wolfSSL | 0:d92f9d21154c | 65 | |
| wolfSSL | 0:d92f9d21154c | 66 | int wc_RsaSSL_Sign(const byte* in, word32 inLen, byte* out, |
| wolfSSL | 0:d92f9d21154c | 67 | word32 outLen, RsaKey* key, RNG* rng) |
| wolfSSL | 0:d92f9d21154c | 68 | { |
| wolfSSL | 0:d92f9d21154c | 69 | return RsaSSL_Sign_fips(in, inLen, out, outLen, key, rng); |
| wolfSSL | 0:d92f9d21154c | 70 | } |
| wolfSSL | 0:d92f9d21154c | 71 | |
| wolfSSL | 0:d92f9d21154c | 72 | |
| wolfSSL | 0:d92f9d21154c | 73 | int wc_RsaSSL_VerifyInline(byte* in, word32 inLen, byte** out, RsaKey* key) |
| wolfSSL | 0:d92f9d21154c | 74 | { |
| wolfSSL | 0:d92f9d21154c | 75 | return RsaSSL_VerifyInline_fips(in, inLen, out, key); |
| wolfSSL | 0:d92f9d21154c | 76 | } |
| wolfSSL | 0:d92f9d21154c | 77 | |
| wolfSSL | 0:d92f9d21154c | 78 | |
| wolfSSL | 0:d92f9d21154c | 79 | int wc_RsaSSL_Verify(const byte* in, word32 inLen, byte* out, |
| wolfSSL | 0:d92f9d21154c | 80 | word32 outLen, RsaKey* key) |
| wolfSSL | 0:d92f9d21154c | 81 | { |
| wolfSSL | 0:d92f9d21154c | 82 | return RsaSSL_Verify_fips(in, inLen, out, outLen, key); |
| wolfSSL | 0:d92f9d21154c | 83 | } |
| wolfSSL | 0:d92f9d21154c | 84 | |
| wolfSSL | 0:d92f9d21154c | 85 | |
| wolfSSL | 0:d92f9d21154c | 86 | int wc_RsaEncryptSize(RsaKey* key) |
| wolfSSL | 0:d92f9d21154c | 87 | { |
| wolfSSL | 0:d92f9d21154c | 88 | return RsaEncryptSize_fips(key); |
| wolfSSL | 0:d92f9d21154c | 89 | } |
| wolfSSL | 0:d92f9d21154c | 90 | |
| wolfSSL | 0:d92f9d21154c | 91 | |
| wolfSSL | 0:d92f9d21154c | 92 | int wc_RsaFlattenPublicKey(RsaKey* key, byte* a, word32* aSz, byte* b, |
| wolfSSL | 0:d92f9d21154c | 93 | word32* bSz) |
| wolfSSL | 0:d92f9d21154c | 94 | { |
| wolfSSL | 0:d92f9d21154c | 95 | /* not specified as fips so not needing _fips */ |
| wolfSSL | 0:d92f9d21154c | 96 | return RsaFlattenPublicKey(key, a, aSz, b, bSz); |
| wolfSSL | 0:d92f9d21154c | 97 | } |
| wolfSSL | 0:d92f9d21154c | 98 | #ifdef WOLFSSL_KEY_GEN |
| wolfSSL | 0:d92f9d21154c | 99 | int wc_MakeRsaKey(RsaKey* key, int size, long e, RNG* rng) |
| wolfSSL | 0:d92f9d21154c | 100 | { |
| wolfSSL | 0:d92f9d21154c | 101 | return MakeRsaKey(key, size, e, rng); |
| wolfSSL | 0:d92f9d21154c | 102 | } |
| wolfSSL | 0:d92f9d21154c | 103 | #endif |
| wolfSSL | 0:d92f9d21154c | 104 | |
| wolfSSL | 0:d92f9d21154c | 105 | |
| wolfSSL | 0:d92f9d21154c | 106 | #ifdef HAVE_CAVIUM |
| wolfSSL | 0:d92f9d21154c | 107 | int wc_RsaInitCavium(RsaKey* key, int i) |
| wolfSSL | 0:d92f9d21154c | 108 | { |
| wolfSSL | 0:d92f9d21154c | 109 | return RsaInitCavium(key, i); |
| wolfSSL | 0:d92f9d21154c | 110 | } |
| wolfSSL | 0:d92f9d21154c | 111 | |
| wolfSSL | 0:d92f9d21154c | 112 | |
| wolfSSL | 0:d92f9d21154c | 113 | void wc_RsaFreeCavium(RsaKey* key) |
| wolfSSL | 0:d92f9d21154c | 114 | { |
| wolfSSL | 0:d92f9d21154c | 115 | RsaFreeCavium(key); |
| wolfSSL | 0:d92f9d21154c | 116 | } |
| wolfSSL | 0:d92f9d21154c | 117 | #endif |
| wolfSSL | 0:d92f9d21154c | 118 | |
| wolfSSL | 0:d92f9d21154c | 119 | /* these are functions in asn and are routed to wolfssl/wolfcrypt/asn.c |
| wolfSSL | 0:d92f9d21154c | 120 | * wc_RsaPrivateKeyDecode |
| wolfSSL | 0:d92f9d21154c | 121 | * wc_RsaPublicKeyDecode |
| wolfSSL | 0:d92f9d21154c | 122 | */ |
| wolfSSL | 0:d92f9d21154c | 123 | |
| wolfSSL | 0:d92f9d21154c | 124 | #else /* else build without fips */ |
| wolfSSL | 0:d92f9d21154c | 125 | #include <wolfssl/wolfcrypt/random.h> |
| wolfSSL | 0:d92f9d21154c | 126 | #include <wolfssl/wolfcrypt/error-crypt.h> |
| wolfSSL | 0:d92f9d21154c | 127 | #include <wolfssl/wolfcrypt/logging.h> |
| wolfSSL | 0:d92f9d21154c | 128 | #ifdef NO_INLINE |
| wolfSSL | 0:d92f9d21154c | 129 | #include <wolfssl/wolfcrypt/misc.h> |
| wolfSSL | 0:d92f9d21154c | 130 | #else |
| wolfSSL | 0:d92f9d21154c | 131 | #include <wolfcrypt/src/misc.c> |
| wolfSSL | 0:d92f9d21154c | 132 | #endif |
| wolfSSL | 0:d92f9d21154c | 133 | |
| wolfSSL | 0:d92f9d21154c | 134 | #ifdef SHOW_GEN |
| wolfSSL | 0:d92f9d21154c | 135 | #ifdef FREESCALE_MQX |
| wolfSSL | 0:d92f9d21154c | 136 | #include <fio.h> |
| wolfSSL | 0:d92f9d21154c | 137 | #else |
| wolfSSL | 0:d92f9d21154c | 138 | #include <stdio.h> |
| wolfSSL | 0:d92f9d21154c | 139 | #endif |
| wolfSSL | 0:d92f9d21154c | 140 | #endif |
| wolfSSL | 0:d92f9d21154c | 141 | |
| wolfSSL | 0:d92f9d21154c | 142 | #ifdef HAVE_CAVIUM |
| wolfSSL | 0:d92f9d21154c | 143 | static int InitCaviumRsaKey(RsaKey* key, void* heap); |
| wolfSSL | 0:d92f9d21154c | 144 | static int FreeCaviumRsaKey(RsaKey* key); |
| wolfSSL | 0:d92f9d21154c | 145 | static int CaviumRsaPublicEncrypt(const byte* in, word32 inLen, byte* out, |
| wolfSSL | 0:d92f9d21154c | 146 | word32 outLen, RsaKey* key); |
| wolfSSL | 0:d92f9d21154c | 147 | static int CaviumRsaPrivateDecrypt(const byte* in, word32 inLen, byte* out, |
| wolfSSL | 0:d92f9d21154c | 148 | word32 outLen, RsaKey* key); |
| wolfSSL | 0:d92f9d21154c | 149 | static int CaviumRsaSSL_Sign(const byte* in, word32 inLen, byte* out, |
| wolfSSL | 0:d92f9d21154c | 150 | word32 outLen, RsaKey* key); |
| wolfSSL | 0:d92f9d21154c | 151 | static int CaviumRsaSSL_Verify(const byte* in, word32 inLen, byte* out, |
| wolfSSL | 0:d92f9d21154c | 152 | word32 outLen, RsaKey* key); |
| wolfSSL | 0:d92f9d21154c | 153 | #endif |
| wolfSSL | 0:d92f9d21154c | 154 | |
| wolfSSL | 0:d92f9d21154c | 155 | enum { |
| wolfSSL | 0:d92f9d21154c | 156 | RSA_PUBLIC_ENCRYPT = 0, |
| wolfSSL | 0:d92f9d21154c | 157 | RSA_PUBLIC_DECRYPT = 1, |
| wolfSSL | 0:d92f9d21154c | 158 | RSA_PRIVATE_ENCRYPT = 2, |
| wolfSSL | 0:d92f9d21154c | 159 | RSA_PRIVATE_DECRYPT = 3, |
| wolfSSL | 0:d92f9d21154c | 160 | |
| wolfSSL | 0:d92f9d21154c | 161 | RSA_BLOCK_TYPE_1 = 1, |
| wolfSSL | 0:d92f9d21154c | 162 | RSA_BLOCK_TYPE_2 = 2, |
| wolfSSL | 0:d92f9d21154c | 163 | |
| wolfSSL | 0:d92f9d21154c | 164 | RSA_MIN_SIZE = 512, |
| wolfSSL | 0:d92f9d21154c | 165 | RSA_MAX_SIZE = 4096, |
| wolfSSL | 0:d92f9d21154c | 166 | |
| wolfSSL | 0:d92f9d21154c | 167 | RSA_MIN_PAD_SZ = 11 /* seperator + 0 + pad value + 8 pads */ |
| wolfSSL | 0:d92f9d21154c | 168 | }; |
| wolfSSL | 0:d92f9d21154c | 169 | |
| wolfSSL | 0:d92f9d21154c | 170 | |
| wolfSSL | 0:d92f9d21154c | 171 | int wc_InitRsaKey(RsaKey* key, void* heap) |
| wolfSSL | 0:d92f9d21154c | 172 | { |
| wolfSSL | 0:d92f9d21154c | 173 | #ifdef HAVE_CAVIUM |
| wolfSSL | 0:d92f9d21154c | 174 | if (key->magic == WOLFSSL_RSA_CAVIUM_MAGIC) |
| wolfSSL | 0:d92f9d21154c | 175 | return InitCaviumRsaKey(key, heap); |
| wolfSSL | 0:d92f9d21154c | 176 | #endif |
| wolfSSL | 0:d92f9d21154c | 177 | |
| wolfSSL | 0:d92f9d21154c | 178 | key->type = -1; /* haven't decided yet */ |
| wolfSSL | 0:d92f9d21154c | 179 | key->heap = heap; |
| wolfSSL | 0:d92f9d21154c | 180 | |
| wolfSSL | 0:d92f9d21154c | 181 | /* TomsFastMath doesn't use memory allocation */ |
| wolfSSL | 0:d92f9d21154c | 182 | #ifndef USE_FAST_MATH |
| wolfSSL | 0:d92f9d21154c | 183 | key->n.dp = key->e.dp = 0; /* public alloc parts */ |
| wolfSSL | 0:d92f9d21154c | 184 | |
| wolfSSL | 0:d92f9d21154c | 185 | key->d.dp = key->p.dp = 0; /* private alloc parts */ |
| wolfSSL | 0:d92f9d21154c | 186 | key->q.dp = key->dP.dp = 0; |
| wolfSSL | 0:d92f9d21154c | 187 | key->u.dp = key->dQ.dp = 0; |
| wolfSSL | 0:d92f9d21154c | 188 | #else |
| wolfSSL | 0:d92f9d21154c | 189 | mp_init(&key->n); |
| wolfSSL | 0:d92f9d21154c | 190 | mp_init(&key->e); |
| wolfSSL | 0:d92f9d21154c | 191 | mp_init(&key->d); |
| wolfSSL | 0:d92f9d21154c | 192 | mp_init(&key->p); |
| wolfSSL | 0:d92f9d21154c | 193 | mp_init(&key->q); |
| wolfSSL | 0:d92f9d21154c | 194 | mp_init(&key->dP); |
| wolfSSL | 0:d92f9d21154c | 195 | mp_init(&key->dQ); |
| wolfSSL | 0:d92f9d21154c | 196 | mp_init(&key->u); |
| wolfSSL | 0:d92f9d21154c | 197 | #endif |
| wolfSSL | 0:d92f9d21154c | 198 | |
| wolfSSL | 0:d92f9d21154c | 199 | return 0; |
| wolfSSL | 0:d92f9d21154c | 200 | } |
| wolfSSL | 0:d92f9d21154c | 201 | |
| wolfSSL | 0:d92f9d21154c | 202 | |
| wolfSSL | 0:d92f9d21154c | 203 | int wc_FreeRsaKey(RsaKey* key) |
| wolfSSL | 0:d92f9d21154c | 204 | { |
| wolfSSL | 0:d92f9d21154c | 205 | (void)key; |
| wolfSSL | 0:d92f9d21154c | 206 | |
| wolfSSL | 0:d92f9d21154c | 207 | #ifdef HAVE_CAVIUM |
| wolfSSL | 0:d92f9d21154c | 208 | if (key->magic == WOLFSSL_RSA_CAVIUM_MAGIC) |
| wolfSSL | 0:d92f9d21154c | 209 | return FreeCaviumRsaKey(key); |
| wolfSSL | 0:d92f9d21154c | 210 | #endif |
| wolfSSL | 0:d92f9d21154c | 211 | |
| wolfSSL | 0:d92f9d21154c | 212 | /* TomsFastMath doesn't use memory allocation */ |
| wolfSSL | 0:d92f9d21154c | 213 | #ifndef USE_FAST_MATH |
| wolfSSL | 0:d92f9d21154c | 214 | if (key->type == RSA_PRIVATE) { |
| wolfSSL | 0:d92f9d21154c | 215 | mp_clear(&key->u); |
| wolfSSL | 0:d92f9d21154c | 216 | mp_clear(&key->dQ); |
| wolfSSL | 0:d92f9d21154c | 217 | mp_clear(&key->dP); |
| wolfSSL | 0:d92f9d21154c | 218 | mp_clear(&key->q); |
| wolfSSL | 0:d92f9d21154c | 219 | mp_clear(&key->p); |
| wolfSSL | 0:d92f9d21154c | 220 | mp_clear(&key->d); |
| wolfSSL | 0:d92f9d21154c | 221 | } |
| wolfSSL | 0:d92f9d21154c | 222 | mp_clear(&key->e); |
| wolfSSL | 0:d92f9d21154c | 223 | mp_clear(&key->n); |
| wolfSSL | 0:d92f9d21154c | 224 | #endif |
| wolfSSL | 0:d92f9d21154c | 225 | |
| wolfSSL | 0:d92f9d21154c | 226 | return 0; |
| wolfSSL | 0:d92f9d21154c | 227 | } |
| wolfSSL | 0:d92f9d21154c | 228 | |
| wolfSSL | 0:d92f9d21154c | 229 | static int wc_RsaPad(const byte* input, word32 inputLen, byte* pkcsBlock, |
| wolfSSL | 0:d92f9d21154c | 230 | word32 pkcsBlockLen, byte padValue, RNG* rng) |
| wolfSSL | 0:d92f9d21154c | 231 | { |
| wolfSSL | 0:d92f9d21154c | 232 | if (inputLen == 0) |
| wolfSSL | 0:d92f9d21154c | 233 | return 0; |
| wolfSSL | 0:d92f9d21154c | 234 | |
| wolfSSL | 0:d92f9d21154c | 235 | pkcsBlock[0] = 0x0; /* set first byte to zero and advance */ |
| wolfSSL | 0:d92f9d21154c | 236 | pkcsBlock++; pkcsBlockLen--; |
| wolfSSL | 0:d92f9d21154c | 237 | pkcsBlock[0] = padValue; /* insert padValue */ |
| wolfSSL | 0:d92f9d21154c | 238 | |
| wolfSSL | 0:d92f9d21154c | 239 | if (padValue == RSA_BLOCK_TYPE_1) |
| wolfSSL | 0:d92f9d21154c | 240 | /* pad with 0xff bytes */ |
| wolfSSL | 0:d92f9d21154c | 241 | XMEMSET(&pkcsBlock[1], 0xFF, pkcsBlockLen - inputLen - 2); |
| wolfSSL | 0:d92f9d21154c | 242 | else { |
| wolfSSL | 0:d92f9d21154c | 243 | /* pad with non-zero random bytes */ |
| wolfSSL | 0:d92f9d21154c | 244 | word32 padLen = pkcsBlockLen - inputLen - 1, i; |
| wolfSSL | 0:d92f9d21154c | 245 | int ret = wc_RNG_GenerateBlock(rng, &pkcsBlock[1], padLen); |
| wolfSSL | 0:d92f9d21154c | 246 | |
| wolfSSL | 0:d92f9d21154c | 247 | if (ret != 0) |
| wolfSSL | 0:d92f9d21154c | 248 | return ret; |
| wolfSSL | 0:d92f9d21154c | 249 | |
| wolfSSL | 0:d92f9d21154c | 250 | /* remove zeros */ |
| wolfSSL | 0:d92f9d21154c | 251 | for (i = 1; i < padLen; i++) |
| wolfSSL | 0:d92f9d21154c | 252 | if (pkcsBlock[i] == 0) pkcsBlock[i] = 0x01; |
| wolfSSL | 0:d92f9d21154c | 253 | } |
| wolfSSL | 0:d92f9d21154c | 254 | |
| wolfSSL | 0:d92f9d21154c | 255 | pkcsBlock[pkcsBlockLen-inputLen-1] = 0; /* separator */ |
| wolfSSL | 0:d92f9d21154c | 256 | XMEMCPY(pkcsBlock+pkcsBlockLen-inputLen, input, inputLen); |
| wolfSSL | 0:d92f9d21154c | 257 | |
| wolfSSL | 0:d92f9d21154c | 258 | return 0; |
| wolfSSL | 0:d92f9d21154c | 259 | } |
| wolfSSL | 0:d92f9d21154c | 260 | |
| wolfSSL | 0:d92f9d21154c | 261 | |
| wolfSSL | 0:d92f9d21154c | 262 | /* UnPad plaintext, set start to *output, return length of plaintext, |
| wolfSSL | 0:d92f9d21154c | 263 | * < 0 on error */ |
| wolfSSL | 0:d92f9d21154c | 264 | static int RsaUnPad(const byte *pkcsBlock, unsigned int pkcsBlockLen, |
| wolfSSL | 0:d92f9d21154c | 265 | byte **output, byte padValue) |
| wolfSSL | 0:d92f9d21154c | 266 | { |
| wolfSSL | 0:d92f9d21154c | 267 | word32 maxOutputLen = (pkcsBlockLen > 10) ? (pkcsBlockLen - 10) : 0, |
| wolfSSL | 0:d92f9d21154c | 268 | invalid = 0, |
| wolfSSL | 0:d92f9d21154c | 269 | i = 1, |
| wolfSSL | 0:d92f9d21154c | 270 | outputLen; |
| wolfSSL | 0:d92f9d21154c | 271 | |
| wolfSSL | 0:d92f9d21154c | 272 | if (pkcsBlock[0] != 0x0) /* skip past zero */ |
| wolfSSL | 0:d92f9d21154c | 273 | invalid = 1; |
| wolfSSL | 0:d92f9d21154c | 274 | pkcsBlock++; pkcsBlockLen--; |
| wolfSSL | 0:d92f9d21154c | 275 | |
| wolfSSL | 0:d92f9d21154c | 276 | /* Require block type padValue */ |
| wolfSSL | 0:d92f9d21154c | 277 | invalid = (pkcsBlock[0] != padValue) || invalid; |
| wolfSSL | 0:d92f9d21154c | 278 | |
| wolfSSL | 0:d92f9d21154c | 279 | /* verify the padding until we find the separator */ |
| wolfSSL | 0:d92f9d21154c | 280 | if (padValue == RSA_BLOCK_TYPE_1) { |
| wolfSSL | 0:d92f9d21154c | 281 | while (i<pkcsBlockLen && pkcsBlock[i++] == 0xFF) {/* Null body */} |
| wolfSSL | 0:d92f9d21154c | 282 | } |
| wolfSSL | 0:d92f9d21154c | 283 | else { |
| wolfSSL | 0:d92f9d21154c | 284 | while (i<pkcsBlockLen && pkcsBlock[i++]) {/* Null body */} |
| wolfSSL | 0:d92f9d21154c | 285 | } |
| wolfSSL | 0:d92f9d21154c | 286 | |
| wolfSSL | 0:d92f9d21154c | 287 | if(!(i==pkcsBlockLen || pkcsBlock[i-1]==0)) { |
| wolfSSL | 0:d92f9d21154c | 288 | WOLFSSL_MSG("RsaUnPad error, bad formatting"); |
| wolfSSL | 0:d92f9d21154c | 289 | return RSA_PAD_E; |
| wolfSSL | 0:d92f9d21154c | 290 | } |
| wolfSSL | 0:d92f9d21154c | 291 | |
| wolfSSL | 0:d92f9d21154c | 292 | outputLen = pkcsBlockLen - i; |
| wolfSSL | 0:d92f9d21154c | 293 | invalid = (outputLen > maxOutputLen) || invalid; |
| wolfSSL | 0:d92f9d21154c | 294 | |
| wolfSSL | 0:d92f9d21154c | 295 | if (invalid) { |
| wolfSSL | 0:d92f9d21154c | 296 | WOLFSSL_MSG("RsaUnPad error, bad formatting"); |
| wolfSSL | 0:d92f9d21154c | 297 | return RSA_PAD_E; |
| wolfSSL | 0:d92f9d21154c | 298 | } |
| wolfSSL | 0:d92f9d21154c | 299 | |
| wolfSSL | 0:d92f9d21154c | 300 | *output = (byte *)(pkcsBlock + i); |
| wolfSSL | 0:d92f9d21154c | 301 | return outputLen; |
| wolfSSL | 0:d92f9d21154c | 302 | } |
| wolfSSL | 0:d92f9d21154c | 303 | |
| wolfSSL | 0:d92f9d21154c | 304 | |
| wolfSSL | 0:d92f9d21154c | 305 | static int wc_RsaFunction(const byte* in, word32 inLen, byte* out, |
| wolfSSL | 0:d92f9d21154c | 306 | word32* outLen, int type, RsaKey* key) |
| wolfSSL | 0:d92f9d21154c | 307 | { |
| wolfSSL | 0:d92f9d21154c | 308 | #define ERROR_OUT(x) { ret = (x); goto done;} |
| wolfSSL | 0:d92f9d21154c | 309 | |
| wolfSSL | 0:d92f9d21154c | 310 | mp_int tmp; |
| wolfSSL | 0:d92f9d21154c | 311 | int ret = 0; |
| wolfSSL | 0:d92f9d21154c | 312 | word32 keyLen, len; |
| wolfSSL | 0:d92f9d21154c | 313 | |
| wolfSSL | 0:d92f9d21154c | 314 | if (mp_init(&tmp) != MP_OKAY) |
| wolfSSL | 0:d92f9d21154c | 315 | return MP_INIT_E; |
| wolfSSL | 0:d92f9d21154c | 316 | |
| wolfSSL | 0:d92f9d21154c | 317 | if (mp_read_unsigned_bin(&tmp, (byte*)in, inLen) != MP_OKAY) |
| wolfSSL | 0:d92f9d21154c | 318 | ERROR_OUT(MP_READ_E); |
| wolfSSL | 0:d92f9d21154c | 319 | |
| wolfSSL | 0:d92f9d21154c | 320 | if (type == RSA_PRIVATE_DECRYPT || type == RSA_PRIVATE_ENCRYPT) { |
| wolfSSL | 0:d92f9d21154c | 321 | #ifdef RSA_LOW_MEM /* half as much memory but twice as slow */ |
| wolfSSL | 0:d92f9d21154c | 322 | if (mp_exptmod(&tmp, &key->d, &key->n, &tmp) != MP_OKAY) |
| wolfSSL | 0:d92f9d21154c | 323 | ERROR_OUT(MP_EXPTMOD_E); |
| wolfSSL | 0:d92f9d21154c | 324 | #else |
| wolfSSL | 0:d92f9d21154c | 325 | #define INNER_ERROR_OUT(x) { ret = (x); goto inner_done; } |
| wolfSSL | 0:d92f9d21154c | 326 | |
| wolfSSL | 0:d92f9d21154c | 327 | mp_int tmpa, tmpb; |
| wolfSSL | 0:d92f9d21154c | 328 | |
| wolfSSL | 0:d92f9d21154c | 329 | if (mp_init(&tmpa) != MP_OKAY) |
| wolfSSL | 0:d92f9d21154c | 330 | ERROR_OUT(MP_INIT_E); |
| wolfSSL | 0:d92f9d21154c | 331 | |
| wolfSSL | 0:d92f9d21154c | 332 | if (mp_init(&tmpb) != MP_OKAY) { |
| wolfSSL | 0:d92f9d21154c | 333 | mp_clear(&tmpa); |
| wolfSSL | 0:d92f9d21154c | 334 | ERROR_OUT(MP_INIT_E); |
| wolfSSL | 0:d92f9d21154c | 335 | } |
| wolfSSL | 0:d92f9d21154c | 336 | |
| wolfSSL | 0:d92f9d21154c | 337 | /* tmpa = tmp^dP mod p */ |
| wolfSSL | 0:d92f9d21154c | 338 | if (mp_exptmod(&tmp, &key->dP, &key->p, &tmpa) != MP_OKAY) |
| wolfSSL | 0:d92f9d21154c | 339 | INNER_ERROR_OUT(MP_EXPTMOD_E); |
| wolfSSL | 0:d92f9d21154c | 340 | |
| wolfSSL | 0:d92f9d21154c | 341 | /* tmpb = tmp^dQ mod q */ |
| wolfSSL | 0:d92f9d21154c | 342 | if (mp_exptmod(&tmp, &key->dQ, &key->q, &tmpb) != MP_OKAY) |
| wolfSSL | 0:d92f9d21154c | 343 | INNER_ERROR_OUT(MP_EXPTMOD_E); |
| wolfSSL | 0:d92f9d21154c | 344 | |
| wolfSSL | 0:d92f9d21154c | 345 | /* tmp = (tmpa - tmpb) * qInv (mod p) */ |
| wolfSSL | 0:d92f9d21154c | 346 | if (mp_sub(&tmpa, &tmpb, &tmp) != MP_OKAY) |
| wolfSSL | 0:d92f9d21154c | 347 | INNER_ERROR_OUT(MP_SUB_E); |
| wolfSSL | 0:d92f9d21154c | 348 | |
| wolfSSL | 0:d92f9d21154c | 349 | if (mp_mulmod(&tmp, &key->u, &key->p, &tmp) != MP_OKAY) |
| wolfSSL | 0:d92f9d21154c | 350 | INNER_ERROR_OUT(MP_MULMOD_E); |
| wolfSSL | 0:d92f9d21154c | 351 | |
| wolfSSL | 0:d92f9d21154c | 352 | /* tmp = tmpb + q * tmp */ |
| wolfSSL | 0:d92f9d21154c | 353 | if (mp_mul(&tmp, &key->q, &tmp) != MP_OKAY) |
| wolfSSL | 0:d92f9d21154c | 354 | INNER_ERROR_OUT(MP_MUL_E); |
| wolfSSL | 0:d92f9d21154c | 355 | |
| wolfSSL | 0:d92f9d21154c | 356 | if (mp_add(&tmp, &tmpb, &tmp) != MP_OKAY) |
| wolfSSL | 0:d92f9d21154c | 357 | INNER_ERROR_OUT(MP_ADD_E); |
| wolfSSL | 0:d92f9d21154c | 358 | |
| wolfSSL | 0:d92f9d21154c | 359 | inner_done: |
| wolfSSL | 0:d92f9d21154c | 360 | mp_clear(&tmpa); |
| wolfSSL | 0:d92f9d21154c | 361 | mp_clear(&tmpb); |
| wolfSSL | 0:d92f9d21154c | 362 | |
| wolfSSL | 0:d92f9d21154c | 363 | if (ret != 0) return ret; |
| wolfSSL | 0:d92f9d21154c | 364 | |
| wolfSSL | 0:d92f9d21154c | 365 | #endif /* RSA_LOW_MEM */ |
| wolfSSL | 0:d92f9d21154c | 366 | } |
| wolfSSL | 0:d92f9d21154c | 367 | else if (type == RSA_PUBLIC_ENCRYPT || type == RSA_PUBLIC_DECRYPT) { |
| wolfSSL | 0:d92f9d21154c | 368 | if (mp_exptmod(&tmp, &key->e, &key->n, &tmp) != MP_OKAY) |
| wolfSSL | 0:d92f9d21154c | 369 | ERROR_OUT(MP_EXPTMOD_E); |
| wolfSSL | 0:d92f9d21154c | 370 | } |
| wolfSSL | 0:d92f9d21154c | 371 | else |
| wolfSSL | 0:d92f9d21154c | 372 | ERROR_OUT(RSA_WRONG_TYPE_E); |
| wolfSSL | 0:d92f9d21154c | 373 | |
| wolfSSL | 0:d92f9d21154c | 374 | keyLen = mp_unsigned_bin_size(&key->n); |
| wolfSSL | 0:d92f9d21154c | 375 | if (keyLen > *outLen) |
| wolfSSL | 0:d92f9d21154c | 376 | ERROR_OUT(RSA_BUFFER_E); |
| wolfSSL | 0:d92f9d21154c | 377 | |
| wolfSSL | 0:d92f9d21154c | 378 | len = mp_unsigned_bin_size(&tmp); |
| wolfSSL | 0:d92f9d21154c | 379 | |
| wolfSSL | 0:d92f9d21154c | 380 | /* pad front w/ zeros to match key length */ |
| wolfSSL | 0:d92f9d21154c | 381 | while (len < keyLen) { |
| wolfSSL | 0:d92f9d21154c | 382 | *out++ = 0x00; |
| wolfSSL | 0:d92f9d21154c | 383 | len++; |
| wolfSSL | 0:d92f9d21154c | 384 | } |
| wolfSSL | 0:d92f9d21154c | 385 | |
| wolfSSL | 0:d92f9d21154c | 386 | *outLen = keyLen; |
| wolfSSL | 0:d92f9d21154c | 387 | |
| wolfSSL | 0:d92f9d21154c | 388 | /* convert */ |
| wolfSSL | 0:d92f9d21154c | 389 | if (mp_to_unsigned_bin(&tmp, out) != MP_OKAY) |
| wolfSSL | 0:d92f9d21154c | 390 | ERROR_OUT(MP_TO_E); |
| wolfSSL | 0:d92f9d21154c | 391 | |
| wolfSSL | 0:d92f9d21154c | 392 | done: |
| wolfSSL | 0:d92f9d21154c | 393 | mp_clear(&tmp); |
| wolfSSL | 0:d92f9d21154c | 394 | if (ret == MP_EXPTMOD_E) { |
| wolfSSL | 0:d92f9d21154c | 395 | WOLFSSL_MSG("RSA_FUNCTION MP_EXPTMOD_E: memory/config problem"); |
| wolfSSL | 0:d92f9d21154c | 396 | } |
| wolfSSL | 0:d92f9d21154c | 397 | return ret; |
| wolfSSL | 0:d92f9d21154c | 398 | } |
| wolfSSL | 0:d92f9d21154c | 399 | |
| wolfSSL | 0:d92f9d21154c | 400 | |
| wolfSSL | 0:d92f9d21154c | 401 | int wc_RsaPublicEncrypt(const byte* in, word32 inLen, byte* out, word32 outLen, |
| wolfSSL | 0:d92f9d21154c | 402 | RsaKey* key, RNG* rng) |
| wolfSSL | 0:d92f9d21154c | 403 | { |
| wolfSSL | 0:d92f9d21154c | 404 | int sz, ret; |
| wolfSSL | 0:d92f9d21154c | 405 | |
| wolfSSL | 0:d92f9d21154c | 406 | #ifdef HAVE_CAVIUM |
| wolfSSL | 0:d92f9d21154c | 407 | if (key->magic == WOLFSSL_RSA_CAVIUM_MAGIC) |
| wolfSSL | 0:d92f9d21154c | 408 | return CaviumRsaPublicEncrypt(in, inLen, out, outLen, key); |
| wolfSSL | 0:d92f9d21154c | 409 | #endif |
| wolfSSL | 0:d92f9d21154c | 410 | |
| wolfSSL | 0:d92f9d21154c | 411 | sz = mp_unsigned_bin_size(&key->n); |
| wolfSSL | 0:d92f9d21154c | 412 | if (sz > (int)outLen) |
| wolfSSL | 0:d92f9d21154c | 413 | return RSA_BUFFER_E; |
| wolfSSL | 0:d92f9d21154c | 414 | |
| wolfSSL | 0:d92f9d21154c | 415 | if (inLen > (word32)(sz - RSA_MIN_PAD_SZ)) |
| wolfSSL | 0:d92f9d21154c | 416 | return RSA_BUFFER_E; |
| wolfSSL | 0:d92f9d21154c | 417 | |
| wolfSSL | 0:d92f9d21154c | 418 | ret = wc_RsaPad(in, inLen, out, sz, RSA_BLOCK_TYPE_2, rng); |
| wolfSSL | 0:d92f9d21154c | 419 | if (ret != 0) |
| wolfSSL | 0:d92f9d21154c | 420 | return ret; |
| wolfSSL | 0:d92f9d21154c | 421 | |
| wolfSSL | 0:d92f9d21154c | 422 | if ((ret = wc_RsaFunction(out, sz, out, &outLen, |
| wolfSSL | 0:d92f9d21154c | 423 | RSA_PUBLIC_ENCRYPT, key)) < 0) |
| wolfSSL | 0:d92f9d21154c | 424 | sz = ret; |
| wolfSSL | 0:d92f9d21154c | 425 | |
| wolfSSL | 0:d92f9d21154c | 426 | return sz; |
| wolfSSL | 0:d92f9d21154c | 427 | } |
| wolfSSL | 0:d92f9d21154c | 428 | |
| wolfSSL | 0:d92f9d21154c | 429 | |
| wolfSSL | 0:d92f9d21154c | 430 | int wc_RsaPrivateDecryptInline(byte* in, word32 inLen, byte** out, RsaKey* key) |
| wolfSSL | 0:d92f9d21154c | 431 | { |
| wolfSSL | 0:d92f9d21154c | 432 | int ret; |
| wolfSSL | 0:d92f9d21154c | 433 | |
| wolfSSL | 0:d92f9d21154c | 434 | #ifdef HAVE_CAVIUM |
| wolfSSL | 0:d92f9d21154c | 435 | if (key->magic == WOLFSSL_RSA_CAVIUM_MAGIC) { |
| wolfSSL | 0:d92f9d21154c | 436 | ret = CaviumRsaPrivateDecrypt(in, inLen, in, inLen, key); |
| wolfSSL | 0:d92f9d21154c | 437 | if (ret > 0) |
| wolfSSL | 0:d92f9d21154c | 438 | *out = in; |
| wolfSSL | 0:d92f9d21154c | 439 | return ret; |
| wolfSSL | 0:d92f9d21154c | 440 | } |
| wolfSSL | 0:d92f9d21154c | 441 | #endif |
| wolfSSL | 0:d92f9d21154c | 442 | |
| wolfSSL | 0:d92f9d21154c | 443 | if ((ret = wc_RsaFunction(in, inLen, in, &inLen, RSA_PRIVATE_DECRYPT, key)) |
| wolfSSL | 0:d92f9d21154c | 444 | < 0) { |
| wolfSSL | 0:d92f9d21154c | 445 | return ret; |
| wolfSSL | 0:d92f9d21154c | 446 | } |
| wolfSSL | 0:d92f9d21154c | 447 | |
| wolfSSL | 0:d92f9d21154c | 448 | return RsaUnPad(in, inLen, out, RSA_BLOCK_TYPE_2); |
| wolfSSL | 0:d92f9d21154c | 449 | } |
| wolfSSL | 0:d92f9d21154c | 450 | |
| wolfSSL | 0:d92f9d21154c | 451 | |
| wolfSSL | 0:d92f9d21154c | 452 | int wc_RsaPrivateDecrypt(const byte* in, word32 inLen, byte* out, word32 outLen, |
| wolfSSL | 0:d92f9d21154c | 453 | RsaKey* key) |
| wolfSSL | 0:d92f9d21154c | 454 | { |
| wolfSSL | 0:d92f9d21154c | 455 | int plainLen; |
| wolfSSL | 0:d92f9d21154c | 456 | byte* tmp; |
| wolfSSL | 0:d92f9d21154c | 457 | byte* pad = 0; |
| wolfSSL | 0:d92f9d21154c | 458 | |
| wolfSSL | 0:d92f9d21154c | 459 | #ifdef HAVE_CAVIUM |
| wolfSSL | 0:d92f9d21154c | 460 | if (key->magic == WOLFSSL_RSA_CAVIUM_MAGIC) |
| wolfSSL | 0:d92f9d21154c | 461 | return CaviumRsaPrivateDecrypt(in, inLen, out, outLen, key); |
| wolfSSL | 0:d92f9d21154c | 462 | #endif |
| wolfSSL | 0:d92f9d21154c | 463 | |
| wolfSSL | 0:d92f9d21154c | 464 | tmp = (byte*)XMALLOC(inLen, key->heap, DYNAMIC_TYPE_RSA); |
| wolfSSL | 0:d92f9d21154c | 465 | if (tmp == NULL) { |
| wolfSSL | 0:d92f9d21154c | 466 | return MEMORY_E; |
| wolfSSL | 0:d92f9d21154c | 467 | } |
| wolfSSL | 0:d92f9d21154c | 468 | |
| wolfSSL | 0:d92f9d21154c | 469 | XMEMCPY(tmp, in, inLen); |
| wolfSSL | 0:d92f9d21154c | 470 | |
| wolfSSL | 0:d92f9d21154c | 471 | if ( (plainLen = wc_RsaPrivateDecryptInline(tmp, inLen, &pad, key) ) < 0) { |
| wolfSSL | 0:d92f9d21154c | 472 | XFREE(tmp, key->heap, DYNAMIC_TYPE_RSA); |
| wolfSSL | 0:d92f9d21154c | 473 | return plainLen; |
| wolfSSL | 0:d92f9d21154c | 474 | } |
| wolfSSL | 0:d92f9d21154c | 475 | if (plainLen > (int)outLen) |
| wolfSSL | 0:d92f9d21154c | 476 | plainLen = BAD_FUNC_ARG; |
| wolfSSL | 0:d92f9d21154c | 477 | else |
| wolfSSL | 0:d92f9d21154c | 478 | XMEMCPY(out, pad, plainLen); |
| wolfSSL | 0:d92f9d21154c | 479 | |
| wolfSSL | 0:d92f9d21154c | 480 | ForceZero(tmp, inLen); |
| wolfSSL | 0:d92f9d21154c | 481 | XFREE(tmp, key->heap, DYNAMIC_TYPE_RSA); |
| wolfSSL | 0:d92f9d21154c | 482 | |
| wolfSSL | 0:d92f9d21154c | 483 | return plainLen; |
| wolfSSL | 0:d92f9d21154c | 484 | } |
| wolfSSL | 0:d92f9d21154c | 485 | |
| wolfSSL | 0:d92f9d21154c | 486 | |
| wolfSSL | 0:d92f9d21154c | 487 | /* for Rsa Verify */ |
| wolfSSL | 0:d92f9d21154c | 488 | int wc_RsaSSL_VerifyInline(byte* in, word32 inLen, byte** out, RsaKey* key) |
| wolfSSL | 0:d92f9d21154c | 489 | { |
| wolfSSL | 0:d92f9d21154c | 490 | int ret; |
| wolfSSL | 0:d92f9d21154c | 491 | |
| wolfSSL | 0:d92f9d21154c | 492 | #ifdef HAVE_CAVIUM |
| wolfSSL | 0:d92f9d21154c | 493 | if (key->magic == WOLFSSL_RSA_CAVIUM_MAGIC) { |
| wolfSSL | 0:d92f9d21154c | 494 | ret = CaviumRsaSSL_Verify(in, inLen, in, inLen, key); |
| wolfSSL | 0:d92f9d21154c | 495 | if (ret > 0) |
| wolfSSL | 0:d92f9d21154c | 496 | *out = in; |
| wolfSSL | 0:d92f9d21154c | 497 | return ret; |
| wolfSSL | 0:d92f9d21154c | 498 | } |
| wolfSSL | 0:d92f9d21154c | 499 | #endif |
| wolfSSL | 0:d92f9d21154c | 500 | |
| wolfSSL | 0:d92f9d21154c | 501 | if ((ret = wc_RsaFunction(in, inLen, in, &inLen, RSA_PUBLIC_DECRYPT, key)) |
| wolfSSL | 0:d92f9d21154c | 502 | < 0) { |
| wolfSSL | 0:d92f9d21154c | 503 | return ret; |
| wolfSSL | 0:d92f9d21154c | 504 | } |
| wolfSSL | 0:d92f9d21154c | 505 | |
| wolfSSL | 0:d92f9d21154c | 506 | return RsaUnPad(in, inLen, out, RSA_BLOCK_TYPE_1); |
| wolfSSL | 0:d92f9d21154c | 507 | } |
| wolfSSL | 0:d92f9d21154c | 508 | |
| wolfSSL | 0:d92f9d21154c | 509 | |
| wolfSSL | 0:d92f9d21154c | 510 | int wc_RsaSSL_Verify(const byte* in, word32 inLen, byte* out, word32 outLen, |
| wolfSSL | 0:d92f9d21154c | 511 | RsaKey* key) |
| wolfSSL | 0:d92f9d21154c | 512 | { |
| wolfSSL | 0:d92f9d21154c | 513 | int plainLen; |
| wolfSSL | 0:d92f9d21154c | 514 | byte* tmp; |
| wolfSSL | 0:d92f9d21154c | 515 | byte* pad = 0; |
| wolfSSL | 0:d92f9d21154c | 516 | |
| wolfSSL | 0:d92f9d21154c | 517 | #ifdef HAVE_CAVIUM |
| wolfSSL | 0:d92f9d21154c | 518 | if (key->magic == WOLFSSL_RSA_CAVIUM_MAGIC) |
| wolfSSL | 0:d92f9d21154c | 519 | return CaviumRsaSSL_Verify(in, inLen, out, outLen, key); |
| wolfSSL | 0:d92f9d21154c | 520 | #endif |
| wolfSSL | 0:d92f9d21154c | 521 | |
| wolfSSL | 0:d92f9d21154c | 522 | tmp = (byte*)XMALLOC(inLen, key->heap, DYNAMIC_TYPE_RSA); |
| wolfSSL | 0:d92f9d21154c | 523 | if (tmp == NULL) { |
| wolfSSL | 0:d92f9d21154c | 524 | return MEMORY_E; |
| wolfSSL | 0:d92f9d21154c | 525 | } |
| wolfSSL | 0:d92f9d21154c | 526 | |
| wolfSSL | 0:d92f9d21154c | 527 | XMEMCPY(tmp, in, inLen); |
| wolfSSL | 0:d92f9d21154c | 528 | |
| wolfSSL | 0:d92f9d21154c | 529 | if ( (plainLen = wc_RsaSSL_VerifyInline(tmp, inLen, &pad, key) ) < 0) { |
| wolfSSL | 0:d92f9d21154c | 530 | XFREE(tmp, key->heap, DYNAMIC_TYPE_RSA); |
| wolfSSL | 0:d92f9d21154c | 531 | return plainLen; |
| wolfSSL | 0:d92f9d21154c | 532 | } |
| wolfSSL | 0:d92f9d21154c | 533 | |
| wolfSSL | 0:d92f9d21154c | 534 | if (plainLen > (int)outLen) |
| wolfSSL | 0:d92f9d21154c | 535 | plainLen = BAD_FUNC_ARG; |
| wolfSSL | 0:d92f9d21154c | 536 | else |
| wolfSSL | 0:d92f9d21154c | 537 | XMEMCPY(out, pad, plainLen); |
| wolfSSL | 0:d92f9d21154c | 538 | |
| wolfSSL | 0:d92f9d21154c | 539 | ForceZero(tmp, inLen); |
| wolfSSL | 0:d92f9d21154c | 540 | XFREE(tmp, key->heap, DYNAMIC_TYPE_RSA); |
| wolfSSL | 0:d92f9d21154c | 541 | |
| wolfSSL | 0:d92f9d21154c | 542 | return plainLen; |
| wolfSSL | 0:d92f9d21154c | 543 | } |
| wolfSSL | 0:d92f9d21154c | 544 | |
| wolfSSL | 0:d92f9d21154c | 545 | |
| wolfSSL | 0:d92f9d21154c | 546 | /* for Rsa Sign */ |
| wolfSSL | 0:d92f9d21154c | 547 | int wc_RsaSSL_Sign(const byte* in, word32 inLen, byte* out, word32 outLen, |
| wolfSSL | 0:d92f9d21154c | 548 | RsaKey* key, RNG* rng) |
| wolfSSL | 0:d92f9d21154c | 549 | { |
| wolfSSL | 0:d92f9d21154c | 550 | int sz, ret; |
| wolfSSL | 0:d92f9d21154c | 551 | |
| wolfSSL | 0:d92f9d21154c | 552 | #ifdef HAVE_CAVIUM |
| wolfSSL | 0:d92f9d21154c | 553 | if (key->magic == WOLFSSL_RSA_CAVIUM_MAGIC) |
| wolfSSL | 0:d92f9d21154c | 554 | return CaviumRsaSSL_Sign(in, inLen, out, outLen, key); |
| wolfSSL | 0:d92f9d21154c | 555 | #endif |
| wolfSSL | 0:d92f9d21154c | 556 | |
| wolfSSL | 0:d92f9d21154c | 557 | sz = mp_unsigned_bin_size(&key->n); |
| wolfSSL | 0:d92f9d21154c | 558 | if (sz > (int)outLen) |
| wolfSSL | 0:d92f9d21154c | 559 | return RSA_BUFFER_E; |
| wolfSSL | 0:d92f9d21154c | 560 | |
| wolfSSL | 0:d92f9d21154c | 561 | if (inLen > (word32)(sz - RSA_MIN_PAD_SZ)) |
| wolfSSL | 0:d92f9d21154c | 562 | return RSA_BUFFER_E; |
| wolfSSL | 0:d92f9d21154c | 563 | |
| wolfSSL | 0:d92f9d21154c | 564 | ret = wc_RsaPad(in, inLen, out, sz, RSA_BLOCK_TYPE_1, rng); |
| wolfSSL | 0:d92f9d21154c | 565 | if (ret != 0) |
| wolfSSL | 0:d92f9d21154c | 566 | return ret; |
| wolfSSL | 0:d92f9d21154c | 567 | |
| wolfSSL | 0:d92f9d21154c | 568 | if ((ret = wc_RsaFunction(out, sz, out, &outLen, |
| wolfSSL | 0:d92f9d21154c | 569 | RSA_PRIVATE_ENCRYPT,key)) < 0) |
| wolfSSL | 0:d92f9d21154c | 570 | sz = ret; |
| wolfSSL | 0:d92f9d21154c | 571 | |
| wolfSSL | 0:d92f9d21154c | 572 | return sz; |
| wolfSSL | 0:d92f9d21154c | 573 | } |
| wolfSSL | 0:d92f9d21154c | 574 | |
| wolfSSL | 0:d92f9d21154c | 575 | |
| wolfSSL | 0:d92f9d21154c | 576 | int wc_RsaEncryptSize(RsaKey* key) |
| wolfSSL | 0:d92f9d21154c | 577 | { |
| wolfSSL | 0:d92f9d21154c | 578 | #ifdef HAVE_CAVIUM |
| wolfSSL | 0:d92f9d21154c | 579 | if (key->magic == WOLFSSL_RSA_CAVIUM_MAGIC) |
| wolfSSL | 0:d92f9d21154c | 580 | return key->c_nSz; |
| wolfSSL | 0:d92f9d21154c | 581 | #endif |
| wolfSSL | 0:d92f9d21154c | 582 | return mp_unsigned_bin_size(&key->n); |
| wolfSSL | 0:d92f9d21154c | 583 | } |
| wolfSSL | 0:d92f9d21154c | 584 | |
| wolfSSL | 0:d92f9d21154c | 585 | /* flatten RsaKey structure into individual elements (e, n) */ |
| wolfSSL | 0:d92f9d21154c | 586 | int wc_RsaFlattenPublicKey(RsaKey* key, byte* e, word32* eSz, byte* n, |
| wolfSSL | 0:d92f9d21154c | 587 | word32* nSz) |
| wolfSSL | 0:d92f9d21154c | 588 | { |
| wolfSSL | 0:d92f9d21154c | 589 | int sz, ret; |
| wolfSSL | 0:d92f9d21154c | 590 | |
| wolfSSL | 0:d92f9d21154c | 591 | if (key == NULL || e == NULL || eSz == NULL || n == NULL || nSz == NULL) |
| wolfSSL | 0:d92f9d21154c | 592 | return BAD_FUNC_ARG; |
| wolfSSL | 0:d92f9d21154c | 593 | |
| wolfSSL | 0:d92f9d21154c | 594 | sz = mp_unsigned_bin_size(&key->e); |
| wolfSSL | 0:d92f9d21154c | 595 | if ((word32)sz > *nSz) |
| wolfSSL | 0:d92f9d21154c | 596 | return RSA_BUFFER_E; |
| wolfSSL | 0:d92f9d21154c | 597 | ret = mp_to_unsigned_bin(&key->e, e); |
| wolfSSL | 0:d92f9d21154c | 598 | if (ret != MP_OKAY) |
| wolfSSL | 0:d92f9d21154c | 599 | return ret; |
| wolfSSL | 0:d92f9d21154c | 600 | *eSz = (word32)sz; |
| wolfSSL | 0:d92f9d21154c | 601 | |
| wolfSSL | 0:d92f9d21154c | 602 | sz = mp_unsigned_bin_size(&key->n); |
| wolfSSL | 0:d92f9d21154c | 603 | if ((word32)sz > *nSz) |
| wolfSSL | 0:d92f9d21154c | 604 | return RSA_BUFFER_E; |
| wolfSSL | 0:d92f9d21154c | 605 | ret = mp_to_unsigned_bin(&key->n, n); |
| wolfSSL | 0:d92f9d21154c | 606 | if (ret != MP_OKAY) |
| wolfSSL | 0:d92f9d21154c | 607 | return ret; |
| wolfSSL | 0:d92f9d21154c | 608 | *nSz = (word32)sz; |
| wolfSSL | 0:d92f9d21154c | 609 | |
| wolfSSL | 0:d92f9d21154c | 610 | return 0; |
| wolfSSL | 0:d92f9d21154c | 611 | } |
| wolfSSL | 0:d92f9d21154c | 612 | |
| wolfSSL | 0:d92f9d21154c | 613 | |
| wolfSSL | 0:d92f9d21154c | 614 | #ifdef WOLFSSL_KEY_GEN |
| wolfSSL | 0:d92f9d21154c | 615 | |
| wolfSSL | 0:d92f9d21154c | 616 | static const int USE_BBS = 1; |
| wolfSSL | 0:d92f9d21154c | 617 | |
| wolfSSL | 0:d92f9d21154c | 618 | static int rand_prime(mp_int* N, int len, RNG* rng, void* heap) |
| wolfSSL | 0:d92f9d21154c | 619 | { |
| wolfSSL | 0:d92f9d21154c | 620 | int err, res, type; |
| wolfSSL | 0:d92f9d21154c | 621 | byte* buf; |
| wolfSSL | 0:d92f9d21154c | 622 | |
| wolfSSL | 0:d92f9d21154c | 623 | (void)heap; |
| wolfSSL | 0:d92f9d21154c | 624 | if (N == NULL || rng == NULL) |
| wolfSSL | 0:d92f9d21154c | 625 | return BAD_FUNC_ARG; |
| wolfSSL | 0:d92f9d21154c | 626 | |
| wolfSSL | 0:d92f9d21154c | 627 | /* get type */ |
| wolfSSL | 0:d92f9d21154c | 628 | if (len < 0) { |
| wolfSSL | 0:d92f9d21154c | 629 | type = USE_BBS; |
| wolfSSL | 0:d92f9d21154c | 630 | len = -len; |
| wolfSSL | 0:d92f9d21154c | 631 | } else { |
| wolfSSL | 0:d92f9d21154c | 632 | type = 0; |
| wolfSSL | 0:d92f9d21154c | 633 | } |
| wolfSSL | 0:d92f9d21154c | 634 | |
| wolfSSL | 0:d92f9d21154c | 635 | /* allow sizes between 2 and 512 bytes for a prime size */ |
| wolfSSL | 0:d92f9d21154c | 636 | if (len < 2 || len > 512) { |
| wolfSSL | 0:d92f9d21154c | 637 | return BAD_FUNC_ARG; |
| wolfSSL | 0:d92f9d21154c | 638 | } |
| wolfSSL | 0:d92f9d21154c | 639 | |
| wolfSSL | 0:d92f9d21154c | 640 | /* allocate buffer to work with */ |
| wolfSSL | 0:d92f9d21154c | 641 | buf = (byte*)XMALLOC(len, heap, DYNAMIC_TYPE_RSA); |
| wolfSSL | 0:d92f9d21154c | 642 | if (buf == NULL) { |
| wolfSSL | 0:d92f9d21154c | 643 | return MEMORY_E; |
| wolfSSL | 0:d92f9d21154c | 644 | } |
| wolfSSL | 0:d92f9d21154c | 645 | XMEMSET(buf, 0, len); |
| wolfSSL | 0:d92f9d21154c | 646 | |
| wolfSSL | 0:d92f9d21154c | 647 | do { |
| wolfSSL | 0:d92f9d21154c | 648 | #ifdef SHOW_GEN |
| wolfSSL | 0:d92f9d21154c | 649 | printf("."); |
| wolfSSL | 0:d92f9d21154c | 650 | fflush(stdout); |
| wolfSSL | 0:d92f9d21154c | 651 | #endif |
| wolfSSL | 0:d92f9d21154c | 652 | /* generate value */ |
| wolfSSL | 0:d92f9d21154c | 653 | err = wc_RNG_GenerateBlock(rng, buf, len); |
| wolfSSL | 0:d92f9d21154c | 654 | if (err != 0) { |
| wolfSSL | 0:d92f9d21154c | 655 | XFREE(buf, heap, DYNAMIC_TYPE_RSA); |
| wolfSSL | 0:d92f9d21154c | 656 | return err; |
| wolfSSL | 0:d92f9d21154c | 657 | } |
| wolfSSL | 0:d92f9d21154c | 658 | |
| wolfSSL | 0:d92f9d21154c | 659 | /* munge bits */ |
| wolfSSL | 0:d92f9d21154c | 660 | buf[0] |= 0x80 | 0x40; |
| wolfSSL | 0:d92f9d21154c | 661 | buf[len-1] |= 0x01 | ((type & USE_BBS) ? 0x02 : 0x00); |
| wolfSSL | 0:d92f9d21154c | 662 | |
| wolfSSL | 0:d92f9d21154c | 663 | /* load value */ |
| wolfSSL | 0:d92f9d21154c | 664 | if ((err = mp_read_unsigned_bin(N, buf, len)) != MP_OKAY) { |
| wolfSSL | 0:d92f9d21154c | 665 | XFREE(buf, heap, DYNAMIC_TYPE_RSA); |
| wolfSSL | 0:d92f9d21154c | 666 | return err; |
| wolfSSL | 0:d92f9d21154c | 667 | } |
| wolfSSL | 0:d92f9d21154c | 668 | |
| wolfSSL | 0:d92f9d21154c | 669 | /* test */ |
| wolfSSL | 0:d92f9d21154c | 670 | if ((err = mp_prime_is_prime(N, 8, &res)) != MP_OKAY) { |
| wolfSSL | 0:d92f9d21154c | 671 | XFREE(buf, heap, DYNAMIC_TYPE_RSA); |
| wolfSSL | 0:d92f9d21154c | 672 | return err; |
| wolfSSL | 0:d92f9d21154c | 673 | } |
| wolfSSL | 0:d92f9d21154c | 674 | } while (res == MP_NO); |
| wolfSSL | 0:d92f9d21154c | 675 | |
| wolfSSL | 0:d92f9d21154c | 676 | ForceZero(buf, len); |
| wolfSSL | 0:d92f9d21154c | 677 | XFREE(buf, heap, DYNAMIC_TYPE_RSA); |
| wolfSSL | 0:d92f9d21154c | 678 | |
| wolfSSL | 0:d92f9d21154c | 679 | return 0; |
| wolfSSL | 0:d92f9d21154c | 680 | } |
| wolfSSL | 0:d92f9d21154c | 681 | |
| wolfSSL | 0:d92f9d21154c | 682 | |
| wolfSSL | 0:d92f9d21154c | 683 | /* Make an RSA key for size bits, with e specified, 65537 is a good e */ |
| wolfSSL | 0:d92f9d21154c | 684 | int wc_MakeRsaKey(RsaKey* key, int size, long e, RNG* rng) |
| wolfSSL | 0:d92f9d21154c | 685 | { |
| wolfSSL | 0:d92f9d21154c | 686 | mp_int p, q, tmp1, tmp2, tmp3; |
| wolfSSL | 0:d92f9d21154c | 687 | int err; |
| wolfSSL | 0:d92f9d21154c | 688 | |
| wolfSSL | 0:d92f9d21154c | 689 | if (key == NULL || rng == NULL) |
| wolfSSL | 0:d92f9d21154c | 690 | return BAD_FUNC_ARG; |
| wolfSSL | 0:d92f9d21154c | 691 | |
| wolfSSL | 0:d92f9d21154c | 692 | if (size < RSA_MIN_SIZE || size > RSA_MAX_SIZE) |
| wolfSSL | 0:d92f9d21154c | 693 | return BAD_FUNC_ARG; |
| wolfSSL | 0:d92f9d21154c | 694 | |
| wolfSSL | 0:d92f9d21154c | 695 | if (e < 3 || (e & 1) == 0) |
| wolfSSL | 0:d92f9d21154c | 696 | return BAD_FUNC_ARG; |
| wolfSSL | 0:d92f9d21154c | 697 | |
| wolfSSL | 0:d92f9d21154c | 698 | if ((err = mp_init_multi(&p, &q, &tmp1, &tmp2, &tmp3, NULL)) != MP_OKAY) |
| wolfSSL | 0:d92f9d21154c | 699 | return err; |
| wolfSSL | 0:d92f9d21154c | 700 | |
| wolfSSL | 0:d92f9d21154c | 701 | err = mp_set_int(&tmp3, e); |
| wolfSSL | 0:d92f9d21154c | 702 | |
| wolfSSL | 0:d92f9d21154c | 703 | /* make p */ |
| wolfSSL | 0:d92f9d21154c | 704 | if (err == MP_OKAY) { |
| wolfSSL | 0:d92f9d21154c | 705 | do { |
| wolfSSL | 0:d92f9d21154c | 706 | err = rand_prime(&p, size/16, rng, key->heap); /* size in bytes/2 */ |
| wolfSSL | 0:d92f9d21154c | 707 | |
| wolfSSL | 0:d92f9d21154c | 708 | if (err == MP_OKAY) |
| wolfSSL | 0:d92f9d21154c | 709 | err = mp_sub_d(&p, 1, &tmp1); /* tmp1 = p-1 */ |
| wolfSSL | 0:d92f9d21154c | 710 | |
| wolfSSL | 0:d92f9d21154c | 711 | if (err == MP_OKAY) |
| wolfSSL | 0:d92f9d21154c | 712 | err = mp_gcd(&tmp1, &tmp3, &tmp2); /* tmp2 = gcd(p-1, e) */ |
| wolfSSL | 0:d92f9d21154c | 713 | } while (err == MP_OKAY && mp_cmp_d(&tmp2, 1) != 0); /* e divdes p-1 */ |
| wolfSSL | 0:d92f9d21154c | 714 | } |
| wolfSSL | 0:d92f9d21154c | 715 | |
| wolfSSL | 0:d92f9d21154c | 716 | /* make q */ |
| wolfSSL | 0:d92f9d21154c | 717 | if (err == MP_OKAY) { |
| wolfSSL | 0:d92f9d21154c | 718 | do { |
| wolfSSL | 0:d92f9d21154c | 719 | err = rand_prime(&q, size/16, rng, key->heap); /* size in bytes/2 */ |
| wolfSSL | 0:d92f9d21154c | 720 | |
| wolfSSL | 0:d92f9d21154c | 721 | if (err == MP_OKAY) |
| wolfSSL | 0:d92f9d21154c | 722 | err = mp_sub_d(&q, 1, &tmp1); /* tmp1 = q-1 */ |
| wolfSSL | 0:d92f9d21154c | 723 | |
| wolfSSL | 0:d92f9d21154c | 724 | if (err == MP_OKAY) |
| wolfSSL | 0:d92f9d21154c | 725 | err = mp_gcd(&tmp1, &tmp3, &tmp2); /* tmp2 = gcd(q-1, e) */ |
| wolfSSL | 0:d92f9d21154c | 726 | } while (err == MP_OKAY && mp_cmp_d(&tmp2, 1) != 0); /* e divdes q-1 */ |
| wolfSSL | 0:d92f9d21154c | 727 | } |
| wolfSSL | 0:d92f9d21154c | 728 | |
| wolfSSL | 0:d92f9d21154c | 729 | if (err == MP_OKAY) |
| wolfSSL | 0:d92f9d21154c | 730 | err = mp_init_multi(&key->n, &key->e, &key->d, &key->p, &key->q, NULL); |
| wolfSSL | 0:d92f9d21154c | 731 | |
| wolfSSL | 0:d92f9d21154c | 732 | if (err == MP_OKAY) |
| wolfSSL | 0:d92f9d21154c | 733 | err = mp_init_multi(&key->dP, &key->dQ, &key->u, NULL, NULL, NULL); |
| wolfSSL | 0:d92f9d21154c | 734 | |
| wolfSSL | 0:d92f9d21154c | 735 | if (err == MP_OKAY) |
| wolfSSL | 0:d92f9d21154c | 736 | err = mp_sub_d(&p, 1, &tmp2); /* tmp2 = p-1 */ |
| wolfSSL | 0:d92f9d21154c | 737 | |
| wolfSSL | 0:d92f9d21154c | 738 | if (err == MP_OKAY) |
| wolfSSL | 0:d92f9d21154c | 739 | err = mp_lcm(&tmp1, &tmp2, &tmp1); /* tmp1 = lcm(p-1, q-1),last loop */ |
| wolfSSL | 0:d92f9d21154c | 740 | |
| wolfSSL | 0:d92f9d21154c | 741 | /* make key */ |
| wolfSSL | 0:d92f9d21154c | 742 | if (err == MP_OKAY) |
| wolfSSL | 0:d92f9d21154c | 743 | err = mp_set_int(&key->e, e); /* key->e = e */ |
| wolfSSL | 0:d92f9d21154c | 744 | |
| wolfSSL | 0:d92f9d21154c | 745 | if (err == MP_OKAY) /* key->d = 1/e mod lcm(p-1, q-1) */ |
| wolfSSL | 0:d92f9d21154c | 746 | err = mp_invmod(&key->e, &tmp1, &key->d); |
| wolfSSL | 0:d92f9d21154c | 747 | |
| wolfSSL | 0:d92f9d21154c | 748 | if (err == MP_OKAY) |
| wolfSSL | 0:d92f9d21154c | 749 | err = mp_mul(&p, &q, &key->n); /* key->n = pq */ |
| wolfSSL | 0:d92f9d21154c | 750 | |
| wolfSSL | 0:d92f9d21154c | 751 | if (err == MP_OKAY) |
| wolfSSL | 0:d92f9d21154c | 752 | err = mp_sub_d(&p, 1, &tmp1); |
| wolfSSL | 0:d92f9d21154c | 753 | |
| wolfSSL | 0:d92f9d21154c | 754 | if (err == MP_OKAY) |
| wolfSSL | 0:d92f9d21154c | 755 | err = mp_sub_d(&q, 1, &tmp2); |
| wolfSSL | 0:d92f9d21154c | 756 | |
| wolfSSL | 0:d92f9d21154c | 757 | if (err == MP_OKAY) |
| wolfSSL | 0:d92f9d21154c | 758 | err = mp_mod(&key->d, &tmp1, &key->dP); |
| wolfSSL | 0:d92f9d21154c | 759 | |
| wolfSSL | 0:d92f9d21154c | 760 | if (err == MP_OKAY) |
| wolfSSL | 0:d92f9d21154c | 761 | err = mp_mod(&key->d, &tmp2, &key->dQ); |
| wolfSSL | 0:d92f9d21154c | 762 | |
| wolfSSL | 0:d92f9d21154c | 763 | if (err == MP_OKAY) |
| wolfSSL | 0:d92f9d21154c | 764 | err = mp_invmod(&q, &p, &key->u); |
| wolfSSL | 0:d92f9d21154c | 765 | |
| wolfSSL | 0:d92f9d21154c | 766 | if (err == MP_OKAY) |
| wolfSSL | 0:d92f9d21154c | 767 | err = mp_copy(&p, &key->p); |
| wolfSSL | 0:d92f9d21154c | 768 | |
| wolfSSL | 0:d92f9d21154c | 769 | if (err == MP_OKAY) |
| wolfSSL | 0:d92f9d21154c | 770 | err = mp_copy(&q, &key->q); |
| wolfSSL | 0:d92f9d21154c | 771 | |
| wolfSSL | 0:d92f9d21154c | 772 | if (err == MP_OKAY) |
| wolfSSL | 0:d92f9d21154c | 773 | key->type = RSA_PRIVATE; |
| wolfSSL | 0:d92f9d21154c | 774 | |
| wolfSSL | 0:d92f9d21154c | 775 | mp_clear(&tmp3); |
| wolfSSL | 0:d92f9d21154c | 776 | mp_clear(&tmp2); |
| wolfSSL | 0:d92f9d21154c | 777 | mp_clear(&tmp1); |
| wolfSSL | 0:d92f9d21154c | 778 | mp_clear(&q); |
| wolfSSL | 0:d92f9d21154c | 779 | mp_clear(&p); |
| wolfSSL | 0:d92f9d21154c | 780 | |
| wolfSSL | 0:d92f9d21154c | 781 | if (err != MP_OKAY) { |
| wolfSSL | 0:d92f9d21154c | 782 | wc_FreeRsaKey(key); |
| wolfSSL | 0:d92f9d21154c | 783 | return err; |
| wolfSSL | 0:d92f9d21154c | 784 | } |
| wolfSSL | 0:d92f9d21154c | 785 | |
| wolfSSL | 0:d92f9d21154c | 786 | return 0; |
| wolfSSL | 0:d92f9d21154c | 787 | } |
| wolfSSL | 0:d92f9d21154c | 788 | |
| wolfSSL | 0:d92f9d21154c | 789 | |
| wolfSSL | 0:d92f9d21154c | 790 | #endif /* WOLFSSL_KEY_GEN */ |
| wolfSSL | 0:d92f9d21154c | 791 | |
| wolfSSL | 0:d92f9d21154c | 792 | |
| wolfSSL | 0:d92f9d21154c | 793 | #ifdef HAVE_CAVIUM |
| wolfSSL | 0:d92f9d21154c | 794 | |
| wolfSSL | 0:d92f9d21154c | 795 | #include <cyassl/ctaocrypt/logging.h> |
| wolfSSL | 0:d92f9d21154c | 796 | #include "cavium_common.h" |
| wolfSSL | 0:d92f9d21154c | 797 | |
| wolfSSL | 0:d92f9d21154c | 798 | /* Initiliaze RSA for use with Nitrox device */ |
| wolfSSL | 0:d92f9d21154c | 799 | int RsaInitCavium(RsaKey* rsa, int devId) |
| wolfSSL | 0:d92f9d21154c | 800 | { |
| wolfSSL | 0:d92f9d21154c | 801 | if (rsa == NULL) |
| wolfSSL | 0:d92f9d21154c | 802 | return -1; |
| wolfSSL | 0:d92f9d21154c | 803 | |
| wolfSSL | 0:d92f9d21154c | 804 | if (CspAllocContext(CONTEXT_SSL, &rsa->contextHandle, devId) != 0) |
| wolfSSL | 0:d92f9d21154c | 805 | return -1; |
| wolfSSL | 0:d92f9d21154c | 806 | |
| wolfSSL | 0:d92f9d21154c | 807 | rsa->devId = devId; |
| wolfSSL | 0:d92f9d21154c | 808 | rsa->magic = WOLFSSL_RSA_CAVIUM_MAGIC; |
| wolfSSL | 0:d92f9d21154c | 809 | |
| wolfSSL | 0:d92f9d21154c | 810 | return 0; |
| wolfSSL | 0:d92f9d21154c | 811 | } |
| wolfSSL | 0:d92f9d21154c | 812 | |
| wolfSSL | 0:d92f9d21154c | 813 | |
| wolfSSL | 0:d92f9d21154c | 814 | /* Free RSA from use with Nitrox device */ |
| wolfSSL | 0:d92f9d21154c | 815 | void wc_RsaFreeCavium(RsaKey* rsa) |
| wolfSSL | 0:d92f9d21154c | 816 | { |
| wolfSSL | 0:d92f9d21154c | 817 | if (rsa == NULL) |
| wolfSSL | 0:d92f9d21154c | 818 | return; |
| wolfSSL | 0:d92f9d21154c | 819 | |
| wolfSSL | 0:d92f9d21154c | 820 | CspFreeContext(CONTEXT_SSL, rsa->contextHandle, rsa->devId); |
| wolfSSL | 0:d92f9d21154c | 821 | rsa->magic = 0; |
| wolfSSL | 0:d92f9d21154c | 822 | } |
| wolfSSL | 0:d92f9d21154c | 823 | |
| wolfSSL | 0:d92f9d21154c | 824 | |
| wolfSSL | 0:d92f9d21154c | 825 | /* Initialize cavium RSA key */ |
| wolfSSL | 0:d92f9d21154c | 826 | static int InitCaviumRsaKey(RsaKey* key, void* heap) |
| wolfSSL | 0:d92f9d21154c | 827 | { |
| wolfSSL | 0:d92f9d21154c | 828 | if (key == NULL) |
| wolfSSL | 0:d92f9d21154c | 829 | return BAD_FUNC_ARG; |
| wolfSSL | 0:d92f9d21154c | 830 | |
| wolfSSL | 0:d92f9d21154c | 831 | key->heap = heap; |
| wolfSSL | 0:d92f9d21154c | 832 | key->type = -1; /* don't know yet */ |
| wolfSSL | 0:d92f9d21154c | 833 | |
| wolfSSL | 0:d92f9d21154c | 834 | key->c_n = NULL; |
| wolfSSL | 0:d92f9d21154c | 835 | key->c_e = NULL; |
| wolfSSL | 0:d92f9d21154c | 836 | key->c_d = NULL; |
| wolfSSL | 0:d92f9d21154c | 837 | key->c_p = NULL; |
| wolfSSL | 0:d92f9d21154c | 838 | key->c_q = NULL; |
| wolfSSL | 0:d92f9d21154c | 839 | key->c_dP = NULL; |
| wolfSSL | 0:d92f9d21154c | 840 | key->c_dQ = NULL; |
| wolfSSL | 0:d92f9d21154c | 841 | key->c_u = NULL; |
| wolfSSL | 0:d92f9d21154c | 842 | |
| wolfSSL | 0:d92f9d21154c | 843 | key->c_nSz = 0; |
| wolfSSL | 0:d92f9d21154c | 844 | key->c_eSz = 0; |
| wolfSSL | 0:d92f9d21154c | 845 | key->c_dSz = 0; |
| wolfSSL | 0:d92f9d21154c | 846 | key->c_pSz = 0; |
| wolfSSL | 0:d92f9d21154c | 847 | key->c_qSz = 0; |
| wolfSSL | 0:d92f9d21154c | 848 | key->c_dP_Sz = 0; |
| wolfSSL | 0:d92f9d21154c | 849 | key->c_dQ_Sz = 0; |
| wolfSSL | 0:d92f9d21154c | 850 | key->c_uSz = 0; |
| wolfSSL | 0:d92f9d21154c | 851 | |
| wolfSSL | 0:d92f9d21154c | 852 | return 0; |
| wolfSSL | 0:d92f9d21154c | 853 | } |
| wolfSSL | 0:d92f9d21154c | 854 | |
| wolfSSL | 0:d92f9d21154c | 855 | |
| wolfSSL | 0:d92f9d21154c | 856 | /* Free cavium RSA key */ |
| wolfSSL | 0:d92f9d21154c | 857 | static int FreeCaviumRsaKey(RsaKey* key) |
| wolfSSL | 0:d92f9d21154c | 858 | { |
| wolfSSL | 0:d92f9d21154c | 859 | if (key == NULL) |
| wolfSSL | 0:d92f9d21154c | 860 | return BAD_FUNC_ARG; |
| wolfSSL | 0:d92f9d21154c | 861 | |
| wolfSSL | 0:d92f9d21154c | 862 | XFREE(key->c_n, key->heap, DYNAMIC_TYPE_CAVIUM_TMP); |
| wolfSSL | 0:d92f9d21154c | 863 | XFREE(key->c_e, key->heap, DYNAMIC_TYPE_CAVIUM_TMP); |
| wolfSSL | 0:d92f9d21154c | 864 | XFREE(key->c_d, key->heap, DYNAMIC_TYPE_CAVIUM_TMP); |
| wolfSSL | 0:d92f9d21154c | 865 | XFREE(key->c_p, key->heap, DYNAMIC_TYPE_CAVIUM_TMP); |
| wolfSSL | 0:d92f9d21154c | 866 | XFREE(key->c_q, key->heap, DYNAMIC_TYPE_CAVIUM_TMP); |
| wolfSSL | 0:d92f9d21154c | 867 | XFREE(key->c_dP, key->heap, DYNAMIC_TYPE_CAVIUM_TMP); |
| wolfSSL | 0:d92f9d21154c | 868 | XFREE(key->c_dQ, key->heap, DYNAMIC_TYPE_CAVIUM_TMP); |
| wolfSSL | 0:d92f9d21154c | 869 | XFREE(key->c_u, key->heap, DYNAMIC_TYPE_CAVIUM_TMP); |
| wolfSSL | 0:d92f9d21154c | 870 | |
| wolfSSL | 0:d92f9d21154c | 871 | return InitCaviumRsaKey(key, key->heap); /* reset pointers */ |
| wolfSSL | 0:d92f9d21154c | 872 | } |
| wolfSSL | 0:d92f9d21154c | 873 | |
| wolfSSL | 0:d92f9d21154c | 874 | |
| wolfSSL | 0:d92f9d21154c | 875 | static int CaviumRsaPublicEncrypt(const byte* in, word32 inLen, byte* out, |
| wolfSSL | 0:d92f9d21154c | 876 | word32 outLen, RsaKey* key) |
| wolfSSL | 0:d92f9d21154c | 877 | { |
| wolfSSL | 0:d92f9d21154c | 878 | word32 requestId; |
| wolfSSL | 0:d92f9d21154c | 879 | word32 ret; |
| wolfSSL | 0:d92f9d21154c | 880 | |
| wolfSSL | 0:d92f9d21154c | 881 | if (key == NULL || in == NULL || out == NULL || outLen < (word32)key->c_nSz) |
| wolfSSL | 0:d92f9d21154c | 882 | return -1; |
| wolfSSL | 0:d92f9d21154c | 883 | |
| wolfSSL | 0:d92f9d21154c | 884 | ret = CspPkcs1v15Enc(CAVIUM_BLOCKING, BT2, key->c_nSz, key->c_eSz, |
| wolfSSL | 0:d92f9d21154c | 885 | (word16)inLen, key->c_n, key->c_e, (byte*)in, out, |
| wolfSSL | 0:d92f9d21154c | 886 | &requestId, key->devId); |
| wolfSSL | 0:d92f9d21154c | 887 | if (ret != 0) { |
| wolfSSL | 0:d92f9d21154c | 888 | WOLFSSL_MSG("Cavium Enc BT2 failed"); |
| wolfSSL | 0:d92f9d21154c | 889 | return -1; |
| wolfSSL | 0:d92f9d21154c | 890 | } |
| wolfSSL | 0:d92f9d21154c | 891 | return key->c_nSz; |
| wolfSSL | 0:d92f9d21154c | 892 | } |
| wolfSSL | 0:d92f9d21154c | 893 | |
| wolfSSL | 0:d92f9d21154c | 894 | |
| wolfSSL | 0:d92f9d21154c | 895 | static INLINE void ato16(const byte* c, word16* u16) |
| wolfSSL | 0:d92f9d21154c | 896 | { |
| wolfSSL | 0:d92f9d21154c | 897 | *u16 = (c[0] << 8) | (c[1]); |
| wolfSSL | 0:d92f9d21154c | 898 | } |
| wolfSSL | 0:d92f9d21154c | 899 | |
| wolfSSL | 0:d92f9d21154c | 900 | |
| wolfSSL | 0:d92f9d21154c | 901 | static int CaviumRsaPrivateDecrypt(const byte* in, word32 inLen, byte* out, |
| wolfSSL | 0:d92f9d21154c | 902 | word32 outLen, RsaKey* key) |
| wolfSSL | 0:d92f9d21154c | 903 | { |
| wolfSSL | 0:d92f9d21154c | 904 | word32 requestId; |
| wolfSSL | 0:d92f9d21154c | 905 | word32 ret; |
| wolfSSL | 0:d92f9d21154c | 906 | word16 outSz = (word16)outLen; |
| wolfSSL | 0:d92f9d21154c | 907 | |
| wolfSSL | 0:d92f9d21154c | 908 | if (key == NULL || in == NULL || out == NULL || inLen != (word32)key->c_nSz) |
| wolfSSL | 0:d92f9d21154c | 909 | return -1; |
| wolfSSL | 0:d92f9d21154c | 910 | |
| wolfSSL | 0:d92f9d21154c | 911 | ret = CspPkcs1v15CrtDec(CAVIUM_BLOCKING, BT2, key->c_nSz, key->c_q, |
| wolfSSL | 0:d92f9d21154c | 912 | key->c_dQ, key->c_p, key->c_dP, key->c_u, |
| wolfSSL | 0:d92f9d21154c | 913 | (byte*)in, &outSz, out, &requestId, key->devId); |
| wolfSSL | 0:d92f9d21154c | 914 | if (ret != 0) { |
| wolfSSL | 0:d92f9d21154c | 915 | WOLFSSL_MSG("Cavium CRT Dec BT2 failed"); |
| wolfSSL | 0:d92f9d21154c | 916 | return -1; |
| wolfSSL | 0:d92f9d21154c | 917 | } |
| wolfSSL | 0:d92f9d21154c | 918 | ato16((const byte*)&outSz, &outSz); |
| wolfSSL | 0:d92f9d21154c | 919 | |
| wolfSSL | 0:d92f9d21154c | 920 | return outSz; |
| wolfSSL | 0:d92f9d21154c | 921 | } |
| wolfSSL | 0:d92f9d21154c | 922 | |
| wolfSSL | 0:d92f9d21154c | 923 | |
| wolfSSL | 0:d92f9d21154c | 924 | static int CaviumRsaSSL_Sign(const byte* in, word32 inLen, byte* out, |
| wolfSSL | 0:d92f9d21154c | 925 | word32 outLen, RsaKey* key) |
| wolfSSL | 0:d92f9d21154c | 926 | { |
| wolfSSL | 0:d92f9d21154c | 927 | word32 requestId; |
| wolfSSL | 0:d92f9d21154c | 928 | word32 ret; |
| wolfSSL | 0:d92f9d21154c | 929 | |
| wolfSSL | 0:d92f9d21154c | 930 | if (key == NULL || in == NULL || out == NULL || inLen == 0 || outLen < |
| wolfSSL | 0:d92f9d21154c | 931 | (word32)key->c_nSz) |
| wolfSSL | 0:d92f9d21154c | 932 | return -1; |
| wolfSSL | 0:d92f9d21154c | 933 | |
| wolfSSL | 0:d92f9d21154c | 934 | ret = CspPkcs1v15CrtEnc(CAVIUM_BLOCKING, BT1, key->c_nSz, (word16)inLen, |
| wolfSSL | 0:d92f9d21154c | 935 | key->c_q, key->c_dQ, key->c_p, key->c_dP, key->c_u, |
| wolfSSL | 0:d92f9d21154c | 936 | (byte*)in, out, &requestId, key->devId); |
| wolfSSL | 0:d92f9d21154c | 937 | if (ret != 0) { |
| wolfSSL | 0:d92f9d21154c | 938 | WOLFSSL_MSG("Cavium CRT Enc BT1 failed"); |
| wolfSSL | 0:d92f9d21154c | 939 | return -1; |
| wolfSSL | 0:d92f9d21154c | 940 | } |
| wolfSSL | 0:d92f9d21154c | 941 | return key->c_nSz; |
| wolfSSL | 0:d92f9d21154c | 942 | } |
| wolfSSL | 0:d92f9d21154c | 943 | |
| wolfSSL | 0:d92f9d21154c | 944 | |
| wolfSSL | 0:d92f9d21154c | 945 | static int CaviumRsaSSL_Verify(const byte* in, word32 inLen, byte* out, |
| wolfSSL | 0:d92f9d21154c | 946 | word32 outLen, RsaKey* key) |
| wolfSSL | 0:d92f9d21154c | 947 | { |
| wolfSSL | 0:d92f9d21154c | 948 | word32 requestId; |
| wolfSSL | 0:d92f9d21154c | 949 | word32 ret; |
| wolfSSL | 0:d92f9d21154c | 950 | word16 outSz = (word16)outLen; |
| wolfSSL | 0:d92f9d21154c | 951 | |
| wolfSSL | 0:d92f9d21154c | 952 | if (key == NULL || in == NULL || out == NULL || inLen != (word32)key->c_nSz) |
| wolfSSL | 0:d92f9d21154c | 953 | return -1; |
| wolfSSL | 0:d92f9d21154c | 954 | |
| wolfSSL | 0:d92f9d21154c | 955 | ret = CspPkcs1v15Dec(CAVIUM_BLOCKING, BT1, key->c_nSz, key->c_eSz, |
| wolfSSL | 0:d92f9d21154c | 956 | key->c_n, key->c_e, (byte*)in, &outSz, out, |
| wolfSSL | 0:d92f9d21154c | 957 | &requestId, key->devId); |
| wolfSSL | 0:d92f9d21154c | 958 | if (ret != 0) { |
| wolfSSL | 0:d92f9d21154c | 959 | WOLFSSL_MSG("Cavium Dec BT1 failed"); |
| wolfSSL | 0:d92f9d21154c | 960 | return -1; |
| wolfSSL | 0:d92f9d21154c | 961 | } |
| wolfSSL | 0:d92f9d21154c | 962 | outSz = ntohs(outSz); |
| wolfSSL | 0:d92f9d21154c | 963 | |
| wolfSSL | 0:d92f9d21154c | 964 | return outSz; |
| wolfSSL | 0:d92f9d21154c | 965 | } |
| wolfSSL | 0:d92f9d21154c | 966 | |
| wolfSSL | 0:d92f9d21154c | 967 | |
| wolfSSL | 0:d92f9d21154c | 968 | #endif /* HAVE_CAVIUM */ |
| wolfSSL | 0:d92f9d21154c | 969 | |
| wolfSSL | 0:d92f9d21154c | 970 | #endif /* HAVE_FIPS */ |
| wolfSSL | 0:d92f9d21154c | 971 | #endif /* NO_RSA */ |
| wolfSSL | 0:d92f9d21154c | 972 | |
| wolfSSL | 0:d92f9d21154c | 973 |