wolf SSL
wolfSSL SSL/TLS library, support up to TLS1.3
Dependents: CyaSSL-Twitter-OAuth4Tw Example-client-tls-cert TwitterReader TweetTest ... more
wolfcrypt/src/rsa.c
- Committer:
- wolfSSL
- Date:
- 2015-06-26
- Revision:
- 0:d92f9d21154c
File content as of revision 0:d92f9d21154c:
/* rsa.c
*
* Copyright (C) 2006-2015 wolfSSL Inc.
*
* This file is part of wolfSSL. (formerly known as CyaSSL)
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
*/
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
#include <wolfssl/wolfcrypt/settings.h>
#ifndef NO_RSA
#include <wolfssl/wolfcrypt/rsa.h>
#ifdef HAVE_FIPS
int wc_InitRsaKey(RsaKey* key, void* ptr)
{
return InitRsaKey_fips(key, ptr);
}
int wc_FreeRsaKey(RsaKey* key)
{
return FreeRsaKey_fips(key);
}
int wc_RsaPublicEncrypt(const byte* in, word32 inLen, byte* out,
word32 outLen, RsaKey* key, RNG* rng)
{
return RsaPublicEncrypt_fips(in, inLen, out, outLen, key, rng);
}
int wc_RsaPrivateDecryptInline(byte* in, word32 inLen, byte** out,
RsaKey* key)
{
return RsaPrivateDecryptInline_fips(in, inLen, out, key);
}
int wc_RsaPrivateDecrypt(const byte* in, word32 inLen, byte* out,
word32 outLen, RsaKey* key)
{
return RsaPrivateDecrypt_fips(in, inLen, out, outLen, key);
}
int wc_RsaSSL_Sign(const byte* in, word32 inLen, byte* out,
word32 outLen, RsaKey* key, RNG* rng)
{
return RsaSSL_Sign_fips(in, inLen, out, outLen, key, rng);
}
int wc_RsaSSL_VerifyInline(byte* in, word32 inLen, byte** out, RsaKey* key)
{
return RsaSSL_VerifyInline_fips(in, inLen, out, key);
}
int wc_RsaSSL_Verify(const byte* in, word32 inLen, byte* out,
word32 outLen, RsaKey* key)
{
return RsaSSL_Verify_fips(in, inLen, out, outLen, key);
}
int wc_RsaEncryptSize(RsaKey* key)
{
return RsaEncryptSize_fips(key);
}
int wc_RsaFlattenPublicKey(RsaKey* key, byte* a, word32* aSz, byte* b,
word32* bSz)
{
/* not specified as fips so not needing _fips */
return RsaFlattenPublicKey(key, a, aSz, b, bSz);
}
#ifdef WOLFSSL_KEY_GEN
int wc_MakeRsaKey(RsaKey* key, int size, long e, RNG* rng)
{
return MakeRsaKey(key, size, e, rng);
}
#endif
#ifdef HAVE_CAVIUM
int wc_RsaInitCavium(RsaKey* key, int i)
{
return RsaInitCavium(key, i);
}
void wc_RsaFreeCavium(RsaKey* key)
{
RsaFreeCavium(key);
}
#endif
/* these are functions in asn and are routed to wolfssl/wolfcrypt/asn.c
* wc_RsaPrivateKeyDecode
* wc_RsaPublicKeyDecode
*/
#else /* else build without fips */
#include <wolfssl/wolfcrypt/random.h>
#include <wolfssl/wolfcrypt/error-crypt.h>
#include <wolfssl/wolfcrypt/logging.h>
#ifdef NO_INLINE
#include <wolfssl/wolfcrypt/misc.h>
#else
#include <wolfcrypt/src/misc.c>
#endif
#ifdef SHOW_GEN
#ifdef FREESCALE_MQX
#include <fio.h>
#else
#include <stdio.h>
#endif
#endif
#ifdef HAVE_CAVIUM
static int InitCaviumRsaKey(RsaKey* key, void* heap);
static int FreeCaviumRsaKey(RsaKey* key);
static int CaviumRsaPublicEncrypt(const byte* in, word32 inLen, byte* out,
word32 outLen, RsaKey* key);
static int CaviumRsaPrivateDecrypt(const byte* in, word32 inLen, byte* out,
word32 outLen, RsaKey* key);
static int CaviumRsaSSL_Sign(const byte* in, word32 inLen, byte* out,
word32 outLen, RsaKey* key);
static int CaviumRsaSSL_Verify(const byte* in, word32 inLen, byte* out,
word32 outLen, RsaKey* key);
#endif
enum {
RSA_PUBLIC_ENCRYPT = 0,
RSA_PUBLIC_DECRYPT = 1,
RSA_PRIVATE_ENCRYPT = 2,
RSA_PRIVATE_DECRYPT = 3,
RSA_BLOCK_TYPE_1 = 1,
RSA_BLOCK_TYPE_2 = 2,
RSA_MIN_SIZE = 512,
RSA_MAX_SIZE = 4096,
RSA_MIN_PAD_SZ = 11 /* seperator + 0 + pad value + 8 pads */
};
int wc_InitRsaKey(RsaKey* key, void* heap)
{
#ifdef HAVE_CAVIUM
if (key->magic == WOLFSSL_RSA_CAVIUM_MAGIC)
return InitCaviumRsaKey(key, heap);
#endif
key->type = -1; /* haven't decided yet */
key->heap = heap;
/* TomsFastMath doesn't use memory allocation */
#ifndef USE_FAST_MATH
key->n.dp = key->e.dp = 0; /* public alloc parts */
key->d.dp = key->p.dp = 0; /* private alloc parts */
key->q.dp = key->dP.dp = 0;
key->u.dp = key->dQ.dp = 0;
#else
mp_init(&key->n);
mp_init(&key->e);
mp_init(&key->d);
mp_init(&key->p);
mp_init(&key->q);
mp_init(&key->dP);
mp_init(&key->dQ);
mp_init(&key->u);
#endif
return 0;
}
int wc_FreeRsaKey(RsaKey* key)
{
(void)key;
#ifdef HAVE_CAVIUM
if (key->magic == WOLFSSL_RSA_CAVIUM_MAGIC)
return FreeCaviumRsaKey(key);
#endif
/* TomsFastMath doesn't use memory allocation */
#ifndef USE_FAST_MATH
if (key->type == RSA_PRIVATE) {
mp_clear(&key->u);
mp_clear(&key->dQ);
mp_clear(&key->dP);
mp_clear(&key->q);
mp_clear(&key->p);
mp_clear(&key->d);
}
mp_clear(&key->e);
mp_clear(&key->n);
#endif
return 0;
}
static int wc_RsaPad(const byte* input, word32 inputLen, byte* pkcsBlock,
word32 pkcsBlockLen, byte padValue, RNG* rng)
{
if (inputLen == 0)
return 0;
pkcsBlock[0] = 0x0; /* set first byte to zero and advance */
pkcsBlock++; pkcsBlockLen--;
pkcsBlock[0] = padValue; /* insert padValue */
if (padValue == RSA_BLOCK_TYPE_1)
/* pad with 0xff bytes */
XMEMSET(&pkcsBlock[1], 0xFF, pkcsBlockLen - inputLen - 2);
else {
/* pad with non-zero random bytes */
word32 padLen = pkcsBlockLen - inputLen - 1, i;
int ret = wc_RNG_GenerateBlock(rng, &pkcsBlock[1], padLen);
if (ret != 0)
return ret;
/* remove zeros */
for (i = 1; i < padLen; i++)
if (pkcsBlock[i] == 0) pkcsBlock[i] = 0x01;
}
pkcsBlock[pkcsBlockLen-inputLen-1] = 0; /* separator */
XMEMCPY(pkcsBlock+pkcsBlockLen-inputLen, input, inputLen);
return 0;
}
/* UnPad plaintext, set start to *output, return length of plaintext,
* < 0 on error */
static int RsaUnPad(const byte *pkcsBlock, unsigned int pkcsBlockLen,
byte **output, byte padValue)
{
word32 maxOutputLen = (pkcsBlockLen > 10) ? (pkcsBlockLen - 10) : 0,
invalid = 0,
i = 1,
outputLen;
if (pkcsBlock[0] != 0x0) /* skip past zero */
invalid = 1;
pkcsBlock++; pkcsBlockLen--;
/* Require block type padValue */
invalid = (pkcsBlock[0] != padValue) || invalid;
/* verify the padding until we find the separator */
if (padValue == RSA_BLOCK_TYPE_1) {
while (i<pkcsBlockLen && pkcsBlock[i++] == 0xFF) {/* Null body */}
}
else {
while (i<pkcsBlockLen && pkcsBlock[i++]) {/* Null body */}
}
if(!(i==pkcsBlockLen || pkcsBlock[i-1]==0)) {
WOLFSSL_MSG("RsaUnPad error, bad formatting");
return RSA_PAD_E;
}
outputLen = pkcsBlockLen - i;
invalid = (outputLen > maxOutputLen) || invalid;
if (invalid) {
WOLFSSL_MSG("RsaUnPad error, bad formatting");
return RSA_PAD_E;
}
*output = (byte *)(pkcsBlock + i);
return outputLen;
}
static int wc_RsaFunction(const byte* in, word32 inLen, byte* out,
word32* outLen, int type, RsaKey* key)
{
#define ERROR_OUT(x) { ret = (x); goto done;}
mp_int tmp;
int ret = 0;
word32 keyLen, len;
if (mp_init(&tmp) != MP_OKAY)
return MP_INIT_E;
if (mp_read_unsigned_bin(&tmp, (byte*)in, inLen) != MP_OKAY)
ERROR_OUT(MP_READ_E);
if (type == RSA_PRIVATE_DECRYPT || type == RSA_PRIVATE_ENCRYPT) {
#ifdef RSA_LOW_MEM /* half as much memory but twice as slow */
if (mp_exptmod(&tmp, &key->d, &key->n, &tmp) != MP_OKAY)
ERROR_OUT(MP_EXPTMOD_E);
#else
#define INNER_ERROR_OUT(x) { ret = (x); goto inner_done; }
mp_int tmpa, tmpb;
if (mp_init(&tmpa) != MP_OKAY)
ERROR_OUT(MP_INIT_E);
if (mp_init(&tmpb) != MP_OKAY) {
mp_clear(&tmpa);
ERROR_OUT(MP_INIT_E);
}
/* tmpa = tmp^dP mod p */
if (mp_exptmod(&tmp, &key->dP, &key->p, &tmpa) != MP_OKAY)
INNER_ERROR_OUT(MP_EXPTMOD_E);
/* tmpb = tmp^dQ mod q */
if (mp_exptmod(&tmp, &key->dQ, &key->q, &tmpb) != MP_OKAY)
INNER_ERROR_OUT(MP_EXPTMOD_E);
/* tmp = (tmpa - tmpb) * qInv (mod p) */
if (mp_sub(&tmpa, &tmpb, &tmp) != MP_OKAY)
INNER_ERROR_OUT(MP_SUB_E);
if (mp_mulmod(&tmp, &key->u, &key->p, &tmp) != MP_OKAY)
INNER_ERROR_OUT(MP_MULMOD_E);
/* tmp = tmpb + q * tmp */
if (mp_mul(&tmp, &key->q, &tmp) != MP_OKAY)
INNER_ERROR_OUT(MP_MUL_E);
if (mp_add(&tmp, &tmpb, &tmp) != MP_OKAY)
INNER_ERROR_OUT(MP_ADD_E);
inner_done:
mp_clear(&tmpa);
mp_clear(&tmpb);
if (ret != 0) return ret;
#endif /* RSA_LOW_MEM */
}
else if (type == RSA_PUBLIC_ENCRYPT || type == RSA_PUBLIC_DECRYPT) {
if (mp_exptmod(&tmp, &key->e, &key->n, &tmp) != MP_OKAY)
ERROR_OUT(MP_EXPTMOD_E);
}
else
ERROR_OUT(RSA_WRONG_TYPE_E);
keyLen = mp_unsigned_bin_size(&key->n);
if (keyLen > *outLen)
ERROR_OUT(RSA_BUFFER_E);
len = mp_unsigned_bin_size(&tmp);
/* pad front w/ zeros to match key length */
while (len < keyLen) {
*out++ = 0x00;
len++;
}
*outLen = keyLen;
/* convert */
if (mp_to_unsigned_bin(&tmp, out) != MP_OKAY)
ERROR_OUT(MP_TO_E);
done:
mp_clear(&tmp);
if (ret == MP_EXPTMOD_E) {
WOLFSSL_MSG("RSA_FUNCTION MP_EXPTMOD_E: memory/config problem");
}
return ret;
}
int wc_RsaPublicEncrypt(const byte* in, word32 inLen, byte* out, word32 outLen,
RsaKey* key, RNG* rng)
{
int sz, ret;
#ifdef HAVE_CAVIUM
if (key->magic == WOLFSSL_RSA_CAVIUM_MAGIC)
return CaviumRsaPublicEncrypt(in, inLen, out, outLen, key);
#endif
sz = mp_unsigned_bin_size(&key->n);
if (sz > (int)outLen)
return RSA_BUFFER_E;
if (inLen > (word32)(sz - RSA_MIN_PAD_SZ))
return RSA_BUFFER_E;
ret = wc_RsaPad(in, inLen, out, sz, RSA_BLOCK_TYPE_2, rng);
if (ret != 0)
return ret;
if ((ret = wc_RsaFunction(out, sz, out, &outLen,
RSA_PUBLIC_ENCRYPT, key)) < 0)
sz = ret;
return sz;
}
int wc_RsaPrivateDecryptInline(byte* in, word32 inLen, byte** out, RsaKey* key)
{
int ret;
#ifdef HAVE_CAVIUM
if (key->magic == WOLFSSL_RSA_CAVIUM_MAGIC) {
ret = CaviumRsaPrivateDecrypt(in, inLen, in, inLen, key);
if (ret > 0)
*out = in;
return ret;
}
#endif
if ((ret = wc_RsaFunction(in, inLen, in, &inLen, RSA_PRIVATE_DECRYPT, key))
< 0) {
return ret;
}
return RsaUnPad(in, inLen, out, RSA_BLOCK_TYPE_2);
}
int wc_RsaPrivateDecrypt(const byte* in, word32 inLen, byte* out, word32 outLen,
RsaKey* key)
{
int plainLen;
byte* tmp;
byte* pad = 0;
#ifdef HAVE_CAVIUM
if (key->magic == WOLFSSL_RSA_CAVIUM_MAGIC)
return CaviumRsaPrivateDecrypt(in, inLen, out, outLen, key);
#endif
tmp = (byte*)XMALLOC(inLen, key->heap, DYNAMIC_TYPE_RSA);
if (tmp == NULL) {
return MEMORY_E;
}
XMEMCPY(tmp, in, inLen);
if ( (plainLen = wc_RsaPrivateDecryptInline(tmp, inLen, &pad, key) ) < 0) {
XFREE(tmp, key->heap, DYNAMIC_TYPE_RSA);
return plainLen;
}
if (plainLen > (int)outLen)
plainLen = BAD_FUNC_ARG;
else
XMEMCPY(out, pad, plainLen);
ForceZero(tmp, inLen);
XFREE(tmp, key->heap, DYNAMIC_TYPE_RSA);
return plainLen;
}
/* for Rsa Verify */
int wc_RsaSSL_VerifyInline(byte* in, word32 inLen, byte** out, RsaKey* key)
{
int ret;
#ifdef HAVE_CAVIUM
if (key->magic == WOLFSSL_RSA_CAVIUM_MAGIC) {
ret = CaviumRsaSSL_Verify(in, inLen, in, inLen, key);
if (ret > 0)
*out = in;
return ret;
}
#endif
if ((ret = wc_RsaFunction(in, inLen, in, &inLen, RSA_PUBLIC_DECRYPT, key))
< 0) {
return ret;
}
return RsaUnPad(in, inLen, out, RSA_BLOCK_TYPE_1);
}
int wc_RsaSSL_Verify(const byte* in, word32 inLen, byte* out, word32 outLen,
RsaKey* key)
{
int plainLen;
byte* tmp;
byte* pad = 0;
#ifdef HAVE_CAVIUM
if (key->magic == WOLFSSL_RSA_CAVIUM_MAGIC)
return CaviumRsaSSL_Verify(in, inLen, out, outLen, key);
#endif
tmp = (byte*)XMALLOC(inLen, key->heap, DYNAMIC_TYPE_RSA);
if (tmp == NULL) {
return MEMORY_E;
}
XMEMCPY(tmp, in, inLen);
if ( (plainLen = wc_RsaSSL_VerifyInline(tmp, inLen, &pad, key) ) < 0) {
XFREE(tmp, key->heap, DYNAMIC_TYPE_RSA);
return plainLen;
}
if (plainLen > (int)outLen)
plainLen = BAD_FUNC_ARG;
else
XMEMCPY(out, pad, plainLen);
ForceZero(tmp, inLen);
XFREE(tmp, key->heap, DYNAMIC_TYPE_RSA);
return plainLen;
}
/* for Rsa Sign */
int wc_RsaSSL_Sign(const byte* in, word32 inLen, byte* out, word32 outLen,
RsaKey* key, RNG* rng)
{
int sz, ret;
#ifdef HAVE_CAVIUM
if (key->magic == WOLFSSL_RSA_CAVIUM_MAGIC)
return CaviumRsaSSL_Sign(in, inLen, out, outLen, key);
#endif
sz = mp_unsigned_bin_size(&key->n);
if (sz > (int)outLen)
return RSA_BUFFER_E;
if (inLen > (word32)(sz - RSA_MIN_PAD_SZ))
return RSA_BUFFER_E;
ret = wc_RsaPad(in, inLen, out, sz, RSA_BLOCK_TYPE_1, rng);
if (ret != 0)
return ret;
if ((ret = wc_RsaFunction(out, sz, out, &outLen,
RSA_PRIVATE_ENCRYPT,key)) < 0)
sz = ret;
return sz;
}
int wc_RsaEncryptSize(RsaKey* key)
{
#ifdef HAVE_CAVIUM
if (key->magic == WOLFSSL_RSA_CAVIUM_MAGIC)
return key->c_nSz;
#endif
return mp_unsigned_bin_size(&key->n);
}
/* flatten RsaKey structure into individual elements (e, n) */
int wc_RsaFlattenPublicKey(RsaKey* key, byte* e, word32* eSz, byte* n,
word32* nSz)
{
int sz, ret;
if (key == NULL || e == NULL || eSz == NULL || n == NULL || nSz == NULL)
return BAD_FUNC_ARG;
sz = mp_unsigned_bin_size(&key->e);
if ((word32)sz > *nSz)
return RSA_BUFFER_E;
ret = mp_to_unsigned_bin(&key->e, e);
if (ret != MP_OKAY)
return ret;
*eSz = (word32)sz;
sz = mp_unsigned_bin_size(&key->n);
if ((word32)sz > *nSz)
return RSA_BUFFER_E;
ret = mp_to_unsigned_bin(&key->n, n);
if (ret != MP_OKAY)
return ret;
*nSz = (word32)sz;
return 0;
}
#ifdef WOLFSSL_KEY_GEN
static const int USE_BBS = 1;
static int rand_prime(mp_int* N, int len, RNG* rng, void* heap)
{
int err, res, type;
byte* buf;
(void)heap;
if (N == NULL || rng == NULL)
return BAD_FUNC_ARG;
/* get type */
if (len < 0) {
type = USE_BBS;
len = -len;
} else {
type = 0;
}
/* allow sizes between 2 and 512 bytes for a prime size */
if (len < 2 || len > 512) {
return BAD_FUNC_ARG;
}
/* allocate buffer to work with */
buf = (byte*)XMALLOC(len, heap, DYNAMIC_TYPE_RSA);
if (buf == NULL) {
return MEMORY_E;
}
XMEMSET(buf, 0, len);
do {
#ifdef SHOW_GEN
printf(".");
fflush(stdout);
#endif
/* generate value */
err = wc_RNG_GenerateBlock(rng, buf, len);
if (err != 0) {
XFREE(buf, heap, DYNAMIC_TYPE_RSA);
return err;
}
/* munge bits */
buf[0] |= 0x80 | 0x40;
buf[len-1] |= 0x01 | ((type & USE_BBS) ? 0x02 : 0x00);
/* load value */
if ((err = mp_read_unsigned_bin(N, buf, len)) != MP_OKAY) {
XFREE(buf, heap, DYNAMIC_TYPE_RSA);
return err;
}
/* test */
if ((err = mp_prime_is_prime(N, 8, &res)) != MP_OKAY) {
XFREE(buf, heap, DYNAMIC_TYPE_RSA);
return err;
}
} while (res == MP_NO);
ForceZero(buf, len);
XFREE(buf, heap, DYNAMIC_TYPE_RSA);
return 0;
}
/* Make an RSA key for size bits, with e specified, 65537 is a good e */
int wc_MakeRsaKey(RsaKey* key, int size, long e, RNG* rng)
{
mp_int p, q, tmp1, tmp2, tmp3;
int err;
if (key == NULL || rng == NULL)
return BAD_FUNC_ARG;
if (size < RSA_MIN_SIZE || size > RSA_MAX_SIZE)
return BAD_FUNC_ARG;
if (e < 3 || (e & 1) == 0)
return BAD_FUNC_ARG;
if ((err = mp_init_multi(&p, &q, &tmp1, &tmp2, &tmp3, NULL)) != MP_OKAY)
return err;
err = mp_set_int(&tmp3, e);
/* make p */
if (err == MP_OKAY) {
do {
err = rand_prime(&p, size/16, rng, key->heap); /* size in bytes/2 */
if (err == MP_OKAY)
err = mp_sub_d(&p, 1, &tmp1); /* tmp1 = p-1 */
if (err == MP_OKAY)
err = mp_gcd(&tmp1, &tmp3, &tmp2); /* tmp2 = gcd(p-1, e) */
} while (err == MP_OKAY && mp_cmp_d(&tmp2, 1) != 0); /* e divdes p-1 */
}
/* make q */
if (err == MP_OKAY) {
do {
err = rand_prime(&q, size/16, rng, key->heap); /* size in bytes/2 */
if (err == MP_OKAY)
err = mp_sub_d(&q, 1, &tmp1); /* tmp1 = q-1 */
if (err == MP_OKAY)
err = mp_gcd(&tmp1, &tmp3, &tmp2); /* tmp2 = gcd(q-1, e) */
} while (err == MP_OKAY && mp_cmp_d(&tmp2, 1) != 0); /* e divdes q-1 */
}
if (err == MP_OKAY)
err = mp_init_multi(&key->n, &key->e, &key->d, &key->p, &key->q, NULL);
if (err == MP_OKAY)
err = mp_init_multi(&key->dP, &key->dQ, &key->u, NULL, NULL, NULL);
if (err == MP_OKAY)
err = mp_sub_d(&p, 1, &tmp2); /* tmp2 = p-1 */
if (err == MP_OKAY)
err = mp_lcm(&tmp1, &tmp2, &tmp1); /* tmp1 = lcm(p-1, q-1),last loop */
/* make key */
if (err == MP_OKAY)
err = mp_set_int(&key->e, e); /* key->e = e */
if (err == MP_OKAY) /* key->d = 1/e mod lcm(p-1, q-1) */
err = mp_invmod(&key->e, &tmp1, &key->d);
if (err == MP_OKAY)
err = mp_mul(&p, &q, &key->n); /* key->n = pq */
if (err == MP_OKAY)
err = mp_sub_d(&p, 1, &tmp1);
if (err == MP_OKAY)
err = mp_sub_d(&q, 1, &tmp2);
if (err == MP_OKAY)
err = mp_mod(&key->d, &tmp1, &key->dP);
if (err == MP_OKAY)
err = mp_mod(&key->d, &tmp2, &key->dQ);
if (err == MP_OKAY)
err = mp_invmod(&q, &p, &key->u);
if (err == MP_OKAY)
err = mp_copy(&p, &key->p);
if (err == MP_OKAY)
err = mp_copy(&q, &key->q);
if (err == MP_OKAY)
key->type = RSA_PRIVATE;
mp_clear(&tmp3);
mp_clear(&tmp2);
mp_clear(&tmp1);
mp_clear(&q);
mp_clear(&p);
if (err != MP_OKAY) {
wc_FreeRsaKey(key);
return err;
}
return 0;
}
#endif /* WOLFSSL_KEY_GEN */
#ifdef HAVE_CAVIUM
#include <cyassl/ctaocrypt/logging.h>
#include "cavium_common.h"
/* Initiliaze RSA for use with Nitrox device */
int RsaInitCavium(RsaKey* rsa, int devId)
{
if (rsa == NULL)
return -1;
if (CspAllocContext(CONTEXT_SSL, &rsa->contextHandle, devId) != 0)
return -1;
rsa->devId = devId;
rsa->magic = WOLFSSL_RSA_CAVIUM_MAGIC;
return 0;
}
/* Free RSA from use with Nitrox device */
void wc_RsaFreeCavium(RsaKey* rsa)
{
if (rsa == NULL)
return;
CspFreeContext(CONTEXT_SSL, rsa->contextHandle, rsa->devId);
rsa->magic = 0;
}
/* Initialize cavium RSA key */
static int InitCaviumRsaKey(RsaKey* key, void* heap)
{
if (key == NULL)
return BAD_FUNC_ARG;
key->heap = heap;
key->type = -1; /* don't know yet */
key->c_n = NULL;
key->c_e = NULL;
key->c_d = NULL;
key->c_p = NULL;
key->c_q = NULL;
key->c_dP = NULL;
key->c_dQ = NULL;
key->c_u = NULL;
key->c_nSz = 0;
key->c_eSz = 0;
key->c_dSz = 0;
key->c_pSz = 0;
key->c_qSz = 0;
key->c_dP_Sz = 0;
key->c_dQ_Sz = 0;
key->c_uSz = 0;
return 0;
}
/* Free cavium RSA key */
static int FreeCaviumRsaKey(RsaKey* key)
{
if (key == NULL)
return BAD_FUNC_ARG;
XFREE(key->c_n, key->heap, DYNAMIC_TYPE_CAVIUM_TMP);
XFREE(key->c_e, key->heap, DYNAMIC_TYPE_CAVIUM_TMP);
XFREE(key->c_d, key->heap, DYNAMIC_TYPE_CAVIUM_TMP);
XFREE(key->c_p, key->heap, DYNAMIC_TYPE_CAVIUM_TMP);
XFREE(key->c_q, key->heap, DYNAMIC_TYPE_CAVIUM_TMP);
XFREE(key->c_dP, key->heap, DYNAMIC_TYPE_CAVIUM_TMP);
XFREE(key->c_dQ, key->heap, DYNAMIC_TYPE_CAVIUM_TMP);
XFREE(key->c_u, key->heap, DYNAMIC_TYPE_CAVIUM_TMP);
return InitCaviumRsaKey(key, key->heap); /* reset pointers */
}
static int CaviumRsaPublicEncrypt(const byte* in, word32 inLen, byte* out,
word32 outLen, RsaKey* key)
{
word32 requestId;
word32 ret;
if (key == NULL || in == NULL || out == NULL || outLen < (word32)key->c_nSz)
return -1;
ret = CspPkcs1v15Enc(CAVIUM_BLOCKING, BT2, key->c_nSz, key->c_eSz,
(word16)inLen, key->c_n, key->c_e, (byte*)in, out,
&requestId, key->devId);
if (ret != 0) {
WOLFSSL_MSG("Cavium Enc BT2 failed");
return -1;
}
return key->c_nSz;
}
static INLINE void ato16(const byte* c, word16* u16)
{
*u16 = (c[0] << 8) | (c[1]);
}
static int CaviumRsaPrivateDecrypt(const byte* in, word32 inLen, byte* out,
word32 outLen, RsaKey* key)
{
word32 requestId;
word32 ret;
word16 outSz = (word16)outLen;
if (key == NULL || in == NULL || out == NULL || inLen != (word32)key->c_nSz)
return -1;
ret = CspPkcs1v15CrtDec(CAVIUM_BLOCKING, BT2, key->c_nSz, key->c_q,
key->c_dQ, key->c_p, key->c_dP, key->c_u,
(byte*)in, &outSz, out, &requestId, key->devId);
if (ret != 0) {
WOLFSSL_MSG("Cavium CRT Dec BT2 failed");
return -1;
}
ato16((const byte*)&outSz, &outSz);
return outSz;
}
static int CaviumRsaSSL_Sign(const byte* in, word32 inLen, byte* out,
word32 outLen, RsaKey* key)
{
word32 requestId;
word32 ret;
if (key == NULL || in == NULL || out == NULL || inLen == 0 || outLen <
(word32)key->c_nSz)
return -1;
ret = CspPkcs1v15CrtEnc(CAVIUM_BLOCKING, BT1, key->c_nSz, (word16)inLen,
key->c_q, key->c_dQ, key->c_p, key->c_dP, key->c_u,
(byte*)in, out, &requestId, key->devId);
if (ret != 0) {
WOLFSSL_MSG("Cavium CRT Enc BT1 failed");
return -1;
}
return key->c_nSz;
}
static int CaviumRsaSSL_Verify(const byte* in, word32 inLen, byte* out,
word32 outLen, RsaKey* key)
{
word32 requestId;
word32 ret;
word16 outSz = (word16)outLen;
if (key == NULL || in == NULL || out == NULL || inLen != (word32)key->c_nSz)
return -1;
ret = CspPkcs1v15Dec(CAVIUM_BLOCKING, BT1, key->c_nSz, key->c_eSz,
key->c_n, key->c_e, (byte*)in, &outSz, out,
&requestId, key->devId);
if (ret != 0) {
WOLFSSL_MSG("Cavium Dec BT1 failed");
return -1;
}
outSz = ntohs(outSz);
return outSz;
}
#endif /* HAVE_CAVIUM */
#endif /* HAVE_FIPS */
#endif /* NO_RSA */