2
0

rsa.h 52 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798991001011021031041051061071081091101111121131141151161171181191201211221231241251261271281291301311321331341351361371381391401411421431441451461471481491501511521531541551561571581591601611621631641651661671681691701711721731741751761771781791801811821831841851861871881891901911921931941951961971981992002012022032042052062072082092102112122132142152162172182192202212222232242252262272282292302312322332342352362372382392402412422432442452462472482492502512522532542552562572582592602612622632642652662672682692702712722732742752762772782792802812822832842852862872882892902912922932942952962972982993003013023033043053063073083093103113123133143153163173183193203213223233243253263273283293303313323333343353363373383393403413423433443453463473483493503513523533543553563573583593603613623633643653663673683693703713723733743753763773783793803813823833843853863873883893903913923933943953963973983994004014024034044054064074084094104114124134144154164174184194204214224234244254264274284294304314324334344354364374384394404414424434444454464474484494504514524534544554564574584594604614624634644654664674684694704714724734744754764774784794804814824834844854864874884894904914924934944954964974984995005015025035045055065075085095105115125135145155165175185195205215225235245255265275285295305315325335345355365375385395405415425435445455465475485495505515525535545555565575585595605615625635645655665675685695705715725735745755765775785795805815825835845855865875885895905915925935945955965975985996006016026036046056066076086096106116126136146156166176186196206216226236246256266276286296306316326336346356366376386396406416426436446456466476486496506516526536546556566576586596606616626636646656666676686696706716726736746756766776786796806816826836846856866876886896906916926936946956966976986997007017027037047057067077087097107117127137147157167177187197207217227237247257267277287297307317327337347357367377387397407417427437447457467477487497507517527537547557567577587597607617627637647657667677687697707717727737747757767777787797807817827837847857867877887897907917927937947957967977987998008018028038048058068078088098108118128138148158168178188198208218228238248258268278288298308318328338348358368378388398408418428438448458468478488498508518528538548558568578588598608618628638648658668678688698708718728738748758768778788798808818828838848858868878888898908918928938948958968978988999009019029039049059069079089099109119129139149159169179189199209219229239249259269279289299309319329339349359369379389399409419429439449459469479489499509519529539549559569579589599609619629639649659669679689699709719729739749759769779789799809819829839849859869879889899909919929939949959969979989991000100110021003100410051006100710081009101010111012101310141015101610171018101910201021102210231024102510261027102810291030103110321033103410351036103710381039104010411042104310441045104610471048104910501051105210531054105510561057105810591060106110621063106410651066106710681069107010711072107310741075107610771078107910801081108210831084108510861087108810891090109110921093109410951096109710981099110011011102110311041105110611071108110911101111111211131114111511161117111811191120112111221123112411251126112711281129113011311132113311341135113611371138113911401141114211431144114511461147114811491150115111521153115411551156115711581159116011611162116311641165116611671168116911701171117211731174117511761177117811791180118111821183118411851186118711881189119011911192119311941195119611971198119912001201120212031204120512061207120812091210121112121213121412151216121712181219122012211222122312241225122612271228122912301231123212331234123512361237123812391240124112421243124412451246124712481249125012511252125312541255125612571258125912601261126212631264126512661267126812691270127112721273127412751276127712781279128012811282128312841285128612871288128912901291129212931294129512961297129812991300130113021303130413051306130713081309131013111312131313141315131613171318131913201321132213231324132513261327132813291330133113321333133413351336133713381339134013411342134313441345134613471348134913501351135213531354135513561357135813591360136113621363136413651366136713681369137013711372137313741375137613771378137913801381138213831384138513861387138813891390139113921393139413951396139713981399140014011402140314041405140614071408140914101411141214131414141514161417141814191420142114221423142414251426142714281429143014311432143314341435143614371438143914401441144214431444144514461447144814491450145114521453145414551456145714581459146014611462146314641465146614671468146914701471147214731474147514761477147814791480148114821483148414851486148714881489149014911492149314941495149614971498149915001501150215031504150515061507150815091510151115121513151415151516151715181519152015211522152315241525152615271528152915301531153215331534153515361537153815391540154115421543154415451546154715481549155015511552155315541555155615571558155915601561156215631564156515661567156815691570157115721573157415751576157715781579158015811582158315841585158615871588158915901591159215931594159515961597159815991600160116021603160416051606160716081609161016111612161316141615
  1. /*!
  2. \ingroup RSA
  3. \brief This function initializes a provided RsaKey struct. It also takes
  4. in a heap identifier, for use with user defined memory overrides
  5. (see XMALLOC, XFREE, XREALLOC).
  6. The key has to be associated with RNG by wc_RsaSetRNG when WC_RSA_BLINDING
  7. is enabled.
  8. \return 0 Returned upon successfully initializing the RSA structure for
  9. use with encryption and decryption
  10. \return BAD_FUNC_ARGS Returned if the RSA key pointer evaluates to NULL
  11. \param key pointer to the RsaKey structure to initialize
  12. \param heap pointer to a heap identifier, for use with memory overrides,
  13. allowing custom handling of memory allocation. This heap will be the
  14. default used when allocating memory for use with this RSA object
  15. _Example_
  16. \code
  17. RsaKey enc;
  18. int ret;
  19. ret = wc_InitRsaKey(&enc, NULL); // not using heap hint. No custom memory
  20. if ( ret != 0 ) {
  21. // error initializing RSA key
  22. }
  23. \endcode
  24. \sa wc_FreeRsaKey
  25. \sa wc_RsaSetRNG
  26. */
  27. int wc_InitRsaKey(RsaKey* key, void* heap);
  28. /*!
  29. \ingroup RSA
  30. \brief This function initializes a provided RsaKey struct. The id and
  31. len are used to identify the key on the device while the devId identifies
  32. the device. It also takes in a heap identifier, for use with user defined
  33. memory overrides (see XMALLOC, XFREE, XREALLOC).
  34. The key has to be associated with RNG by wc_RsaSetRNG when WC_RSA_BLINDING
  35. is enabled.
  36. \return 0 Returned upon successfully initializing the RSA structure for
  37. use with encryption and decryption
  38. \return BAD_FUNC_ARGS Returned if the RSA key pointer evaluates to NULL
  39. \return BUFFER_E Returned if len is less than 0 or greater than
  40. RSA_MAX_ID_LEN.
  41. \param key pointer to the RsaKey structure to initialize
  42. \param id identifier of key on device
  43. \param len length of identifier in bytes
  44. \param heap pointer to a heap identifier, for use with memory overrides,
  45. allowing custom handling of memory allocation. This heap will be the
  46. default used when allocating memory for use with this RSA object
  47. \param devId ID to use with crypto callbacks or async hardware. Set to INVALID_DEVID (-2) if not used
  48. _Example_
  49. \code
  50. RsaKey enc;
  51. unsigned char* id = (unsigned char*)"RSA2048";
  52. int len = 6;
  53. int devId = 1;
  54. int ret;
  55. ret = wc_CryptoDev_RegisterDevice(devId, wc_Pkcs11_CryptoDevCb,
  56. &token);
  57. if ( ret != 0) {
  58. // error associating callback and token with device id
  59. }
  60. ret = wc_InitRsaKey_Id(&enc, id, len, NULL, devId); // not using heap hint
  61. if ( ret != 0 ) {
  62. // error initializing RSA key
  63. }
  64. \endcode
  65. \sa wc_InitRsaKey
  66. \sa wc_FreeRsaKey
  67. \sa wc_RsaSetRNG
  68. */
  69. int wc_InitRsaKey_Id(RsaKey* key, unsigned char* id, int len,
  70. void* heap, int devId);
  71. /*!
  72. \ingroup RSA
  73. \brief This function associates RNG with Key. It is needed when WC_RSA_BLINDING
  74. is enabled.
  75. \return 0 Returned upon success
  76. \return BAD_FUNC_ARGS Returned if the RSA key, rng pointer evaluates to NULL
  77. \param key pointer to the RsaKey structure to be associated
  78. \param rng pointer to the WC_RNG structure to associate with
  79. _Example_
  80. \code
  81. ret = wc_InitRsaKey(&key, NULL);
  82. if (ret == 0) {
  83. ret = wc_InitRng(&rng);
  84. } else return -1;
  85. if (ret == 0) {
  86. ret = wc_RsaSetRNG(&key, &rng);
  87. \endcode
  88. \sa wc_InitRsaKey
  89. \sa wc_RsaSetRNG
  90. */
  91. int wc_RsaSetRNG(RsaKey* key, WC_RNG* rng);
  92. /*!
  93. \ingroup RSA
  94. \brief This function frees a provided RsaKey struct using mp_clear.
  95. \return 0 Returned upon successfully freeing the key
  96. \param key pointer to the RsaKey structure to free
  97. _Example_
  98. \code
  99. RsaKey enc;
  100. wc_InitRsaKey(&enc, NULL); // not using heap hint. No custom memory
  101. ... set key, do encryption
  102. wc_FreeRsaKey(&enc);
  103. \endcode
  104. \sa wc_InitRsaKey
  105. */
  106. int wc_FreeRsaKey(RsaKey* key);
  107. /*!
  108. \ingroup RSA
  109. \brief Function that does the RSA operation directly with no padding. The input
  110. size must match key size. Typically this is
  111. used when padding is already done on the RSA input.
  112. \return size On successfully encryption the size of the encrypted buffer
  113. is returned
  114. \return RSA_BUFFER_E RSA buffer error, output too small or input too large
  115. \param in buffer to do operation on
  116. \param inLen length of input buffer
  117. \param out buffer to hold results
  118. \param outSz gets set to size of result buffer. Should be passed in as length
  119. of out buffer. If the pointer "out" is null then outSz gets set to the
  120. expected buffer size needed and LENGTH_ONLY_E gets returned.
  121. \param key initialized RSA key to use for encrypt/decrypt
  122. \param type if using private or public key (RSA_PUBLIC_ENCRYPT,
  123. RSA_PUBLIC_DECRYPT, RSA_PRIVATE_ENCRYPT, RSA_PRIVATE_DECRYPT)
  124. \param rng initialized WC_RNG struct
  125. _Example_
  126. \code
  127. int ret;
  128. WC_RNG rng;
  129. RsaKey key;
  130. byte in[256];
  131. byte out[256];
  132. word32 outSz = (word32)sizeof(out);
  133. ret = wc_RsaDirect(in, (word32)sizeof(in), out, &outSz, &key,
  134. RSA_PRIVATE_ENCRYPT, &rng);
  135. if (ret < 0) {
  136. //handle error
  137. }
  138. \endcode
  139. \sa wc_RsaPublicEncrypt
  140. \sa wc_RsaPrivateDecrypt
  141. */
  142. int wc_RsaDirect(byte* in, word32 inLen, byte* out, word32* outSz,
  143. RsaKey* key, int type, WC_RNG* rng);
  144. /*!
  145. \ingroup RSA
  146. \brief This function encrypts a message from in and stores the result
  147. in out. It requires an initialized public key and a random number
  148. generator. As a side effect, this function will return the bytes written
  149. to out in outLen.
  150. \return Success Upon successfully encrypting the input message, returns
  151. 0 for success and less than zero for failure. Also returns the number
  152. bytes written to out by storing the value in outLen
  153. \return BAD_FUNC_ARG Returned if any of the input parameters are invalid
  154. \return RSA_BUFFER_E Returned if the output buffer is too small to store
  155. the ciphertext
  156. \return RNG_FAILURE_E Returned if there is an error generating a random
  157. block using the provided RNG structure
  158. \return MP_INIT_E May be returned if there is an error in the math
  159. library used while encrypting the message
  160. \return MP_READ_E May be returned if there is an error in the math
  161. library used while encrypting the message
  162. \return MP_CMP_E May be returned if there is an error in the math
  163. library used while encrypting the message
  164. \return MP_INVMOD_E May be returned if there is an error in the math
  165. library used while encrypting the message
  166. \return MP_EXPTMOD_E May be returned if there is an error in the math
  167. library used while encrypting the message
  168. \return MP_MOD_E May be returned if there is an error in the math
  169. library used while encrypting the message
  170. \return MP_MUL_E May be returned if there is an error in the math
  171. library used while encrypting the message
  172. \return MP_ADD_E May be returned if there is an error in the math
  173. library used while encrypting the message
  174. \return MP_MULMOD_E May be returned if there is an error in the math
  175. library used while encrypting the message
  176. \return MP_TO_E May be returned if there is an error in the math
  177. library used while encrypting the message
  178. \return MP_MEM May be returned if there is an error in the math
  179. library used while encrypting the message
  180. \return MP_ZERO_E May be returned if there is an error in the math
  181. library used while encrypting the message
  182. \param in pointer to a buffer containing the input message to encrypt
  183. \param inLen the length of the message to encrypt
  184. \param out pointer to the buffer in which to store the output ciphertext
  185. \param outLen the length of the output buffer
  186. \param key pointer to the RsaKey structure containing the public
  187. key to use for encryption
  188. \param rng The RNG structure with which to generate random block padding
  189. _Example_
  190. \code
  191. RsaKey pub;
  192. int ret = 0;
  193. byte n[] = { // initialize with received n component of public key };
  194. byte e[] = { // initialize with received e component of public key };
  195. byte msg[] = { // initialize with plaintext of message to encrypt };
  196. byte cipher[256]; // 256 bytes is large enough to store 2048 bit RSA
  197. ciphertext
  198. wc_InitRsaKey(&pub, NULL); // not using heap hint. No custom memory
  199. wc_RsaPublicKeyDecodeRaw(n, sizeof(n), e, sizeof(e), &pub);
  200. // initialize with received public key parameters
  201. ret = wc_RsaPublicEncrypt(msg, sizeof(msg), out, sizeof(out), &pub, &rng);
  202. if ( ret != 0 ) {
  203. // error encrypting message
  204. }
  205. \endcode
  206. \sa wc_RsaPrivateDecrypt
  207. */
  208. int wc_RsaPublicEncrypt(const byte* in, word32 inLen, byte* out,
  209. word32 outLen, RsaKey* key, WC_RNG* rng);
  210. /*!
  211. \ingroup RSA
  212. \brief This functions is utilized by the wc_RsaPrivateDecrypt function
  213. for decrypting.
  214. \return Success Length of decrypted data.
  215. \return RSA_PAD_E RsaUnPad error, bad formatting
  216. \param in The byte array to be decrypted.
  217. \param inLen The length of in.
  218. \param out The byte array for the decrypted data to be stored.
  219. \param key The key to use for decryption.
  220. _Example_
  221. \code
  222. none
  223. \endcode
  224. \sa wc_RsaPrivateDecrypt
  225. */
  226. int wc_RsaPrivateDecryptInline(byte* in, word32 inLen, byte** out,
  227. RsaKey* key);
  228. /*!
  229. \ingroup RSA
  230. \brief This functions provides private RSA decryption.
  231. \return Success length of decrypted data.
  232. \return MEMORY_E -125, out of memory error
  233. \return BAD_FUNC_ARG -173, Bad function argument provided
  234. \param in The byte array to be decrypted.
  235. \param inLen The length of in.
  236. \param out The byte array for the decrypted data to be stored.
  237. \param outLen The length of out.
  238. \param key The key to use for decryption.
  239. _Example_
  240. \code
  241. ret = wc_RsaPublicEncrypt(in, inLen, out, sizeof(out), &key, &rng);
  242. if (ret < 0) {
  243. return -1;
  244. }
  245. ret = wc_RsaPrivateDecrypt(out, ret, plain, sizeof(plain), &key);
  246. if (ret < 0) {
  247. return -1;
  248. }
  249. \endcode
  250. \sa RsaUnPad
  251. \sa wc_RsaFunction
  252. \sa wc_RsaPrivateDecryptInline
  253. */
  254. int wc_RsaPrivateDecrypt(const byte* in, word32 inLen, byte* out,
  255. word32 outLen, RsaKey* key);
  256. /*!
  257. \ingroup RSA
  258. \brief Signs the provided array with the private key.
  259. \return RSA_BUFFER_E: -131, RSA buffer error, output too small or
  260. input too large
  261. \param in The byte array to be encrypted.
  262. \param inLen The length of in.
  263. \param out The byte array for the encrypted data to be stored.
  264. \param outLen The length of out.
  265. \param key The key to use for encryption.
  266. \param RNG The RNG struct to use for random number purposes.
  267. _Example_
  268. \code
  269. ret = wc_RsaSSL_Sign(in, inLen, out, sizeof(out), &key, &rng);
  270. if (ret < 0) {
  271. return -1;
  272. }
  273. memset(plain, 0, sizeof(plain));
  274. ret = wc_RsaSSL_Verify(out, ret, plain, sizeof(plain), &key);
  275. if (ret < 0) {
  276. return -1;
  277. }
  278. if (ret != inLen) {
  279. return -1;
  280. }
  281. if (XMEMCMP(in, plain, ret) != 0) {
  282. return -1;
  283. }
  284. \endcode
  285. \sa wc_RsaPad
  286. */
  287. int wc_RsaSSL_Sign(const byte* in, word32 inLen, byte* out,
  288. word32 outLen, RsaKey* key, WC_RNG* rng);
  289. /*!
  290. \ingroup RSA
  291. \brief Used to verify that the message was signed by RSA key. The output
  292. uses the same byte array as the input.
  293. \return >0 Length of text.
  294. \return <0 An error occurred.
  295. \param in Byte array to be decrypted.
  296. \param inLen Length of the buffer input.
  297. \param out Pointer to a pointer for decrypted information.
  298. \param key RsaKey to use.
  299. _Example_
  300. \code
  301. RsaKey key;
  302. WC_RNG rng;
  303. int ret = 0;
  304. long e = 65537; // standard value to use for exponent
  305. wc_InitRsaKey(&key, NULL); // not using heap hint. No custom memory
  306. wc_InitRng(&rng);
  307. wc_MakeRsaKey(&key, 2048, e, &rng);
  308. byte in[] = { // Initialize with some RSA encrypted information }
  309. byte* out;
  310. if(wc_RsaSSL_VerifyInline(in, sizeof(in), &out, &key) < 0)
  311. {
  312. // handle error
  313. }
  314. \endcode
  315. \sa wc_RsaSSL_Verify
  316. \sa wc_RsaSSL_Sign
  317. */
  318. int wc_RsaSSL_VerifyInline(byte* in, word32 inLen, byte** out,
  319. RsaKey* key);
  320. /*!
  321. \ingroup RSA
  322. \brief Used to verify that the message was signed by key.
  323. \return Success Length of text on no error.
  324. \return MEMORY_E memory exception.
  325. \param in The byte array to be decrypted.
  326. \param inLen The length of in.
  327. \param out The byte array for the decrypted data to be stored.
  328. \param outLen The length of out.
  329. \param key The key to use for verification.
  330. _Example_
  331. \code
  332. ret = wc_RsaSSL_Sign(in, inLen, out, sizeof(out), &key, &rng);
  333. if (ret < 0) {
  334. return -1;
  335. }
  336. memset(plain, 0, sizeof(plain));
  337. ret = wc_RsaSSL_Verify(out, ret, plain, sizeof(plain), &key);
  338. if (ret < 0) {
  339. return -1;
  340. }
  341. if (ret != inLen) {
  342. return -1;
  343. }
  344. if (XMEMCMP(in, plain, ret) != 0) {
  345. return -1;
  346. }
  347. \endcode
  348. \sa wc_RsaSSL_Sign
  349. */
  350. int wc_RsaSSL_Verify(const byte* in, word32 inLen, byte* out,
  351. word32 outLen, RsaKey* key);
  352. /*!
  353. \ingroup RSA
  354. \brief Signs the provided array with the private key.
  355. \return RSA_BUFFER_E: -131, RSA buffer error, output too small or
  356. input too large
  357. \param in The byte array to be encrypted.
  358. \param inLen The length of in.
  359. \param out The byte array for the encrypted data to be stored.
  360. \param outLen The length of out.
  361. \param hash The hash type to be in message
  362. \param mgf Mask Generation Function Identifiers
  363. \param key The key to use for verification.
  364. _Example_
  365. \code
  366. ret = wc_InitRsaKey(&key, NULL);
  367. if (ret == 0) {
  368. ret = wc_InitRng(&rng);
  369. } else return -1;
  370. if (ret == 0) {
  371. ret = wc_RsaSetRNG(&key, &rng);
  372. } else return -1;
  373. if (ret == 0) {
  374. ret = wc_MakeRsaKey(&key, 2048, WC_RSA_EXPONENT, &rng);
  375. } else return -1;
  376. ret = wc_RsaPSS_Sign((byte*)szMessage, (word32)XSTRLEN(szMessage)+1,
  377. pSignature, sizeof(pSignature),
  378. WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key, &rng);
  379. if (ret > 0 ){
  380. sz = ret;
  381. } else return -1;
  382. ret = wc_RsaPSS_Verify(pSignature, sz, pt, outLen,
  383. WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key);
  384. if (ret <= 0)return -1;
  385. wc_FreeRsaKey(&key);
  386. wc_FreeRng(&rng);
  387. \endcode
  388. \sa wc_RsaPSS_Verify
  389. \sa wc_RsaSetRNG
  390. */
  391. int wc_RsaPSS_Sign(const byte* in, word32 inLen, byte* out,
  392. word32 outLen, enum wc_HashType hash, int mgf,
  393. RsaKey* key, WC_RNG* rng);
  394. /*!
  395. \ingroup RSA
  396. \brief Decrypt input signature to verify that the message was signed by key.
  397. The key has to be associated with RNG by wc_RsaSetRNG when WC_RSA_BLINDING is enabled.
  398. \return Success Length of text on no error.
  399. \return MEMORY_E memory exception.
  400. \return MP_EXPTMOD_E - When using fastmath and FP_MAX_BITS not set to at least 2 times the keySize (Example when using 4096-bit key set FP_MAX_BITS to 8192 or greater value)
  401. \param in The byte array to be decrypted.
  402. \param inLen The length of in.
  403. \param out The byte array for the decrypted data to be stored.
  404. \param outLen The length of out.
  405. \param hash The hash type to be in message
  406. \param mgf Mask Generation Function Identifiers
  407. \param key The key to use for verification.
  408. _Example_
  409. \code
  410. ret = wc_InitRsaKey(&key, NULL);
  411. if (ret == 0) {
  412. ret = wc_InitRng(&rng);
  413. } else return -1;
  414. if (ret == 0) {
  415. ret = wc_RsaSetRNG(&key, &rng);
  416. } else return -1;
  417. if (ret == 0) {
  418. ret = wc_MakeRsaKey(&key, 2048, WC_RSA_EXPONENT, &rng);
  419. } else return -1;
  420. ret = wc_RsaPSS_Sign((byte*)szMessage, (word32)XSTRLEN(szMessage)+1,
  421. pSignature, sizeof(pSignature),
  422. WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key, &rng);
  423. if (ret > 0 ){
  424. sz = ret;
  425. } else return -1;
  426. ret = wc_RsaPSS_Verify(pSignature, sz, pt, outLen,
  427. WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key);
  428. if (ret <= 0)return -1;
  429. wc_FreeRsaKey(&key);
  430. wc_FreeRng(&rng);
  431. \endcode
  432. \sa wc_RsaPSS_Sign
  433. \sa wc_RsaPSS_VerifyInline
  434. \sa wc_RsaPSS_CheckPadding
  435. \sa wc_RsaSetRNG
  436. */
  437. int wc_RsaPSS_Verify(byte* in, word32 inLen, byte* out,
  438. word32 outLen, enum wc_HashType hash, int mgf,
  439. RsaKey* key);
  440. /*!
  441. \ingroup RSA
  442. \brief Decrypt input signature to verify that the message was signed by RSA
  443. key.
  444. The output uses the same byte array as the input.
  445. The key has to be associated with RNG by wc_RsaSetRNG when WC_RSA_BLINDING
  446. is enabled.
  447. \return >0 Length of text.
  448. \return <0 An error occurred.
  449. \param in Byte array to be decrypted.
  450. \param inLen Length of the buffer input.
  451. \param out Pointer to address containing the PSS data.
  452. \param hash The hash type to be in message
  453. \param mgf Mask Generation Function Identifiers
  454. \param key RsaKey to use.
  455. _Example_
  456. \code
  457. ret = wc_InitRsaKey(&key, NULL);
  458. if (ret == 0) {
  459. ret = wc_InitRng(&rng);
  460. } else return -1;
  461. if (ret == 0) {
  462. ret = wc_RsaSetRNG(&key, &rng);
  463. } else return -1;
  464. if (ret == 0) {
  465. ret = wc_MakeRsaKey(&key, 2048, WC_RSA_EXPONENT, &rng);
  466. } else return -1;
  467. ret = wc_RsaPSS_Sign(digest, digestSz, pSignature, pSignatureSz,
  468. WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key, &rng);
  469. if (ret > 0 ){
  470. sz = ret;
  471. } else return -1;
  472. ret = wc_RsaPSS_VerifyInline(pSignature, sz, pt,
  473. WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key);
  474. if (ret <= 0)return -1;
  475. wc_FreeRsaKey(&key);
  476. wc_FreeRng(&rng);
  477. \endcode
  478. \sa wc_RsaPSS_Verify
  479. \sa wc_RsaPSS_Sign
  480. \sa wc_RsaPSS_VerifyCheck
  481. \sa wc_RsaPSS_VerifyCheck_ex
  482. \sa wc_RsaPSS_VerifyCheckInline
  483. \sa wc_RsaPSS_VerifyCheckInline_ex
  484. \sa wc_RsaPSS_CheckPadding
  485. \sa wc_RsaPSS_CheckPadding_ex
  486. \sa wc_RsaSetRNG
  487. */
  488. int wc_RsaPSS_VerifyInline(byte* in, word32 inLen, byte** out,
  489. enum wc_HashType hash, int mgf,
  490. RsaKey* key);
  491. /*!
  492. \ingroup RSA
  493. \brief Verify the message signed with RSA-PSS.
  494. Salt length is equal to hash length.
  495. The key has to be associated with RNG by wc_RsaSetRNG when WC_RSA_BLINDING is enabled.
  496. \return the length of the PSS data on success and negative indicates failure.
  497. \return MEMORY_E memory exception.
  498. \param in The byte array to be decrypted.
  499. \param inLen The length of in.
  500. \param out Pointer to address containing the PSS data.
  501. \param outLen The length of out.
  502. \param digest Hash of the data that is being verified.
  503. \param digestLen Length of hash.
  504. \param hash Hash algorithm.
  505. \param mgf Mask generation function.
  506. \param key Public RSA key.
  507. _Example_
  508. \code
  509. ret = wc_InitRsaKey(&key, NULL);
  510. if (ret == 0) {
  511. ret = wc_InitRng(&rng);
  512. } else return -1;
  513. if (ret == 0) {
  514. ret = wc_RsaSetRNG(&key, &rng);
  515. } else return -1;
  516. if (ret == 0) {
  517. ret = wc_MakeRsaKey(&key, 2048, WC_RSA_EXPONENT, &rng);
  518. } else return -1;
  519. if (ret == 0) {
  520. digestSz = wc_HashGetDigestSize(WC_HASH_TYPE_SHA256);
  521. ret = wc_Hash(WC_HASH_TYPE_SHA256, message, sz, digest, digestSz);
  522. } else return -1;
  523. if (ret == 0) {
  524. ret = wc_RsaPSS_Sign(digest, digestSz, pSignature, pSignatureSz,
  525. WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key, &rng);
  526. if (ret > 0 ){
  527. sz = ret;
  528. } else return -1;
  529. } else return -1;
  530. if (ret == 0) {
  531. ret = wc_RsaPSS_VerifyCheck(pSignature, sz, pt, outLen,
  532. digest, digestSz, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key);
  533. if (ret <= 0) return -1;
  534. } else return -1;
  535. wc_FreeRsaKey(&key);
  536. wc_FreeRng(&rng);
  537. \endcode
  538. \sa wc_RsaPSS_Sign
  539. \sa wc_RsaPSS_Verify
  540. \sa wc_RsaPSS_VerifyCheck_ex
  541. \sa wc_RsaPSS_VerifyCheckInline
  542. \sa wc_RsaPSS_VerifyCheckInline_ex
  543. \sa wc_RsaPSS_CheckPadding
  544. \sa wc_RsaPSS_CheckPadding_ex
  545. \sa wc_RsaSetRNG
  546. */
  547. int wc_RsaPSS_VerifyCheck(byte* in, word32 inLen,
  548. byte* out, word32 outLen,
  549. const byte* digest, word32 digestLen,
  550. enum wc_HashType hash, int mgf,
  551. RsaKey* key);
  552. /*!
  553. \ingroup RSA
  554. \brief Verify the message signed with RSA-PSS.
  555. The key has to be associated with RNG by wc_RsaSetRNG when WC_RSA_BLINDING is enabled.
  556. \return the length of the PSS data on success and negative indicates failure.
  557. \return MEMORY_E memory exception.
  558. \param in The byte array to be decrypted.
  559. \param inLen The length of in.
  560. \param out Pointer to address containing the PSS data.
  561. \param outLen The length of out.
  562. \param digest Hash of the data that is being verified.
  563. \param digestLen Length of hash.
  564. \param hash Hash algorithm.
  565. \param mgf Mask generation function.
  566. \param saltLen Length of salt used. RSA_PSS_SALT_LEN_DEFAULT (-1) indicates salt
  567. length is the same as the hash length. RSA_PSS_SALT_LEN_DISCOVER
  568. indicates salt length is determined from the data.
  569. \param key Public RSA key.
  570. _Example_
  571. \code
  572. ret = wc_InitRsaKey(&key, NULL);
  573. if (ret == 0) {
  574. ret = wc_InitRng(&rng);
  575. } else return -1;
  576. if (ret == 0) {
  577. ret = wc_RsaSetRNG(&key, &rng);
  578. } else return -1;
  579. if (ret == 0) {
  580. ret = wc_MakeRsaKey(&key, 2048, WC_RSA_EXPONENT, &rng);
  581. } else return -1;
  582. if (ret == 0) {
  583. digestSz = wc_HashGetDigestSize(WC_HASH_TYPE_SHA256);
  584. ret = wc_Hash(WC_HASH_TYPE_SHA256, message, sz, digest, digestSz);
  585. } else return -1;
  586. if (ret == 0) {
  587. ret = wc_RsaPSS_Sign(digest, digestSz, pSignature, pSignatureSz,
  588. WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key, &rng);
  589. if (ret > 0 ){
  590. sz = ret;
  591. } else return -1;
  592. } else return -1;
  593. if (ret == 0) {
  594. ret = wc_RsaPSS_VerifyCheck_ex(pSignature, sz, pt, outLen,
  595. digest, digestSz, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, saltLen, &key);
  596. if (ret <= 0) return -1;
  597. } else return -1;
  598. wc_FreeRsaKey(&key);
  599. wc_FreeRng(&rng);
  600. \endcode
  601. \sa wc_RsaPSS_Sign
  602. \sa wc_RsaPSS_Verify
  603. \sa wc_RsaPSS_VerifyCheck
  604. \sa wc_RsaPSS_VerifyCheckInline
  605. \sa wc_RsaPSS_VerifyCheckInline_ex
  606. \sa wc_RsaPSS_CheckPadding
  607. \sa wc_RsaPSS_CheckPadding_ex
  608. \sa wc_RsaSetRNG
  609. */
  610. int wc_RsaPSS_VerifyCheck_ex(byte* in, word32 inLen,
  611. byte* out, word32 outLen,
  612. const byte* digest, word32 digestLen,
  613. enum wc_HashType hash, int mgf, int saltLen,
  614. RsaKey* key);
  615. /*!
  616. \ingroup RSA
  617. \brief Verify the message signed with RSA-PSS.
  618. The input buffer is reused for the output buffer.
  619. Salt length is equal to hash length.
  620. The key has to be associated with RNG by wc_RsaSetRNG when WC_RSA_BLINDING is enabled.
  621. \return the length of the PSS data on success and negative indicates failure.
  622. \param in The byte array to be decrypted.
  623. \param inLen The length of in.
  624. \param out The byte array for the decrypted data to be stored.
  625. \param digest Hash of the data that is being verified.
  626. \param digestLen Length of hash.
  627. \param hash The hash type to be in message
  628. \param mgf Mask Generation Function Identifiers
  629. \param key The key to use for verification.
  630. _Example_
  631. \code
  632. ret = wc_InitRsaKey(&key, NULL);
  633. if (ret == 0) {
  634. ret = wc_InitRng(&rng);
  635. } else return -1;
  636. if (ret == 0) {
  637. ret = wc_RsaSetRNG(&key, &rng);
  638. } else return -1;
  639. if (ret == 0) {
  640. ret = wc_MakeRsaKey(&key, 2048, WC_RSA_EXPONENT, &rng);
  641. } else return -1;
  642. if (ret == 0) {
  643. digestSz = wc_HashGetDigestSize(WC_HASH_TYPE_SHA256);
  644. ret = wc_Hash(WC_HASH_TYPE_SHA256, message, sz, digest, digestSz);
  645. } else return -1;
  646. if (ret == 0) {
  647. ret = wc_RsaPSS_Sign(digest, digestSz, pSignature, pSignatureSz,
  648. WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key, &rng);
  649. if (ret > 0 ){
  650. sz = ret;
  651. } else return -1;
  652. } else return -1;
  653. if (ret == 0) {
  654. ret = wc_RsaPSS_VerifyCheckInline(pSignature, sz, pt,
  655. digest, digestSz, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key);
  656. if (ret <= 0) return -1;
  657. } else return -1;
  658. wc_FreeRsaKey(&key);
  659. wc_FreeRng(&rng);
  660. \endcode
  661. \sa wc_RsaPSS_Sign
  662. \sa wc_RsaPSS_Verify
  663. \sa wc_RsaPSS_VerifyCheck
  664. \sa wc_RsaPSS_VerifyCheck_ex
  665. \sa wc_RsaPSS_VerifyCheckInline_ex
  666. \sa wc_RsaPSS_CheckPadding
  667. \sa wc_RsaPSS_CheckPadding_ex
  668. \sa wc_RsaSetRNG
  669. */
  670. int wc_RsaPSS_VerifyCheckInline(byte* in, word32 inLen, byte** out,
  671. const byte* digest, word32 digentLen,
  672. enum wc_HashType hash, int mgf,
  673. RsaKey* key);
  674. /*!
  675. \ingroup RSA
  676. \brief Verify the message signed with RSA-PSS.
  677. The input buffer is reused for the output buffer.
  678. The key has to be associated with RNG by wc_RsaSetRNG when WC_RSA_BLINDING is enabled.
  679. \return the length of the PSS data on success and negative indicates failure.
  680. \param in The byte array to be decrypted.
  681. \param inLen The length of in.
  682. \param out The byte array for the decrypted data to be stored.
  683. \param digest Hash of the data that is being verified.
  684. \param digestLen Length of hash.
  685. \param hash The hash type to be in message
  686. \param mgf Mask Generation Function Identifiers
  687. \param saltLen Length of salt used. RSA_PSS_SALT_LEN_DEFAULT (-1) indicates salt
  688. length is the same as the hash length. RSA_PSS_SALT_LEN_DISCOVER
  689. indicates salt length is determined from the data.
  690. \param key The key to use for verification.
  691. _Example_
  692. \code
  693. ret = wc_InitRsaKey(&key, NULL);
  694. if (ret == 0) {
  695. ret = wc_InitRng(&rng);
  696. } else return -1;
  697. if (ret == 0) {
  698. ret = wc_RsaSetRNG(&key, &rng);
  699. } else return -1;
  700. if (ret == 0) {
  701. ret = wc_MakeRsaKey(&key, 2048, WC_RSA_EXPONENT, &rng);
  702. } else return -1;
  703. if (ret == 0) {
  704. digestSz = wc_HashGetDigestSize(WC_HASH_TYPE_SHA256);
  705. ret = wc_Hash(WC_HASH_TYPE_SHA256, message, sz, digest, digestSz);
  706. } else return -1;
  707. if (ret == 0) {
  708. ret = wc_RsaPSS_Sign(digest, digestSz, pSignature, pSignatureSz,
  709. WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key, &rng);
  710. if (ret > 0 ){
  711. sz = ret;
  712. } else return -1;
  713. } else return -1;
  714. if (ret == 0) {
  715. ret = wc_RsaPSS_VerifyCheckInline_ex(pSignature, sz, pt,
  716. digest, digestSz, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, saltLen, &key);
  717. if (ret <= 0) return -1;
  718. } else return -1;
  719. wc_FreeRsaKey(&key);
  720. wc_FreeRng(&rng);
  721. \endcode
  722. \sa wc_RsaPSS_Sign
  723. \sa wc_RsaPSS_Verify
  724. \sa wc_RsaPSS_VerifyCheck
  725. \sa wc_RsaPSS_VerifyCheck_ex
  726. \sa wc_RsaPSS_VerifyCheckInline
  727. \sa wc_RsaPSS_CheckPadding
  728. \sa wc_RsaPSS_CheckPadding_ex
  729. \sa wc_RsaSetRNG
  730. */
  731. int wc_RsaPSS_VerifyCheckInline_ex(byte* in, word32 inLen, byte** out,
  732. const byte* digest, word32 digentLen,
  733. enum wc_HashType hash, int mgf, int saltLen,
  734. RsaKey* key);
  735. /*!
  736. \ingroup RSA
  737. \brief Checks the PSS data to ensure that the signature matches.
  738. Salt length is equal to hash length.
  739. The key has to be associated with RNG by wc_RsaSetRNG when WC_RSA_BLINDING is enabled.
  740. \return BAD_PADDING_E when the PSS data is invalid, BAD_FUNC_ARG when
  741. NULL is passed in to in or sig or inSz is not the same as the hash
  742. algorithm length and 0 on success.
  743. \return MEMORY_E memory exception.
  744. \param in Hash of the data that is being verified.
  745. \param inSz Length of hash.
  746. \param sig Buffer holding PSS data.
  747. \param sigSz Size of PSS data.
  748. \param hashType Hash algorithm.
  749. _Example_
  750. \code
  751. ret = wc_InitRsaKey(&key, NULL);
  752. if (ret == 0) {
  753. ret = wc_InitRng(&rng);
  754. } else return -1;
  755. if (ret == 0) {
  756. ret = wc_RsaSetRNG(&key, &rng);
  757. } else return -1;
  758. if (ret == 0) {
  759. ret = wc_MakeRsaKey(&key, 2048, WC_RSA_EXPONENT, &rng);
  760. } else return -1;
  761. if (ret == 0) {
  762. digestSz = wc_HashGetDigestSize(WC_HASH_TYPE_SHA256);
  763. ret = wc_Hash(WC_HASH_TYPE_SHA256, message, sz, digest, digestSz);
  764. } else return -1;
  765. ret = wc_RsaPSS_Sign(digest, digestSz, pSignature, sizeof(pSignature),
  766. WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key, &rng);
  767. if (ret > 0 ){
  768. sz = ret;
  769. } else return -1;
  770. verify = wc_RsaPSS_Verify(pSignature, sz, out, outLen,
  771. WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key);
  772. if (verify <= 0)return -1;
  773. ret = wc_RsaPSS_CheckPadding(digest, digestSz, out, verify, hash);
  774. wc_FreeRsaKey(&key);
  775. wc_FreeRng(&rng);
  776. \endcode
  777. \sa wc_RsaPSS_Sign
  778. \sa wc_RsaPSS_Verify
  779. \sa wc_RsaPSS_VerifyInline
  780. \sa wc_RsaPSS_VerifyCheck
  781. \sa wc_RsaPSS_VerifyCheck_ex
  782. \sa wc_RsaPSS_VerifyCheckInline
  783. \sa wc_RsaPSS_VerifyCheckInline_ex
  784. \sa wc_RsaPSS_CheckPadding_ex
  785. \sa wc_RsaSetRNG
  786. */
  787. int wc_RsaPSS_CheckPadding(const byte* in, word32 inLen, byte* sig,
  788. word32 sigSz,
  789. enum wc_HashType hashType);
  790. /*!
  791. \ingroup RSA
  792. \brief Checks the PSS data to ensure that the signature matches.
  793. Salt length is equal to hash length.
  794. \return BAD_PADDING_E when the PSS data is invalid, BAD_FUNC_ARG when
  795. NULL is passed in to in or sig or inSz is not the same as the hash
  796. algorithm length and 0 on success.
  797. \return MEMORY_E memory exception.
  798. \param in Hash of the data that is being verified.
  799. \param inSz Length of hash.
  800. \param sig Buffer holding PSS data.
  801. \param sigSz Size of PSS data.
  802. \param hashType Hash algorithm.
  803. \param saltLen Length of salt used. RSA_PSS_SALT_LEN_DEFAULT (-1) indicates salt
  804. length is the same as the hash length. RSA_PSS_SALT_LEN_DISCOVER
  805. indicates salt length is determined from the data.
  806. \param bits Can be used to calculate salt size in FIPS case
  807. _Example_
  808. \code
  809. ret = wc_InitRsaKey(&key, NULL);
  810. if (ret == 0) {
  811. ret = wc_InitRng(&rng);
  812. } else return -1;
  813. if (ret == 0) {
  814. ret = wc_RsaSetRNG(&key, &rng);
  815. } else return -1;
  816. if (ret == 0) {
  817. ret = wc_MakeRsaKey(&key, 2048, WC_RSA_EXPONENT, &rng);
  818. } else return -1;
  819. if (ret == 0) {
  820. digestSz = wc_HashGetDigestSize(WC_HASH_TYPE_SHA256);
  821. ret = wc_Hash(WC_HASH_TYPE_SHA256, message, sz, digest, digestSz);
  822. } else return -1;
  823. ret = wc_RsaPSS_Sign(digest, digestSz, pSignature, sizeof(pSignature),
  824. WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key, &rng);
  825. if (ret > 0 ){
  826. sz = ret;
  827. } else return -1;
  828. verify = wc_RsaPSS_Verify(pSignature, sz, out, outLen,
  829. WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key);
  830. if (verify <= 0)return -1;
  831. ret = wc_RsaPSS_CheckPadding_ex(digest, digestSz, out, verify, hash, saltLen, 0);
  832. wc_FreeRsaKey(&key);
  833. wc_FreeRng(&rng);
  834. \endcode
  835. \sa wc_RsaPSS_Sign
  836. \sa wc_RsaPSS_Verify
  837. \sa wc_RsaPSS_VerifyInline
  838. \sa wc_RsaPSS_VerifyCheck
  839. \sa wc_RsaPSS_VerifyCheck_ex
  840. \sa wc_RsaPSS_VerifyCheckInline
  841. \sa wc_RsaPSS_VerifyCheckInline_ex
  842. \sa wc_RsaPSS_CheckPadding
  843. */
  844. int wc_RsaPSS_CheckPadding_ex(const byte* in, word32 inLen, byte* sig,
  845. word32 sigSz, enum wc_HashType hashType, int saltLen, int bits);
  846. /*!
  847. \ingroup RSA
  848. \brief Returns the encryption size for the provided key structure.
  849. \return Success Encryption size for the provided key structure.
  850. \param key The key to use for verification.
  851. _Example_
  852. \code
  853. int sz = wc_RsaEncryptSize(&key);
  854. \endcode
  855. \sa wc_InitRsaKey
  856. \sa wc_InitRsaKey_ex
  857. \sa wc_MakeRsaKey
  858. */
  859. int wc_RsaEncryptSize(RsaKey* key);
  860. /*!
  861. \ingroup RSA
  862. \brief This function parses a DER-formatted RSA private key, extracts the
  863. private key and stores it in the given RsaKey structure. It also sets the
  864. distance parsed in idx.
  865. \return 0 Returned upon successfully parsing the private key from the DER
  866. encoded input
  867. \return ASN_PARSE_E Returned if there is an error parsing the private key
  868. from the input buffer. This may happen if the input private key is not
  869. properly formatted according to ASN.1 standards
  870. \return ASN_RSA_KEY_E Returned if there is an error reading the private
  871. key elements of the RSA key input
  872. \param input pointer to the buffer containing the DER formatted private
  873. key to decode
  874. \param inOutIdx pointer to the index in the buffer at which the key begins
  875. (usually 0). As a side effect of this function, inOutIdx will store the
  876. distance parsed through the input buffer
  877. \param key pointer to the RsaKey structure in which to store the decoded
  878. private key
  879. \param inSz size of the input buffer
  880. _Example_
  881. \code
  882. RsaKey enc;
  883. word32 idx = 0;
  884. int ret = 0;
  885. byte der[] = { // initialize with DER-encoded RSA private key };
  886. wc_InitRsaKey(&enc, NULL); // not using heap hint. No custom memory
  887. ret = wc_RsaPrivateKeyDecode(der, &idx, &enc, sizeof(der));
  888. if( ret != 0 ) {
  889. // error parsing private key
  890. }
  891. \endcode
  892. \sa wc_RsaPublicKeyDecode
  893. \sa wc_MakeRsaKey
  894. */
  895. int wc_RsaPrivateKeyDecode(const byte* input, word32* inOutIdx,
  896. RsaKey* key, word32 inSz);
  897. /*!
  898. \ingroup RSA
  899. \brief This function parses a DER-formatted RSA public key, extracts the
  900. public key and stores it in the given RsaKey structure. It also sets the
  901. distance parsed in idx.
  902. \return 0 Returned upon successfully parsing the public key from the DER
  903. encoded input
  904. \return ASN_PARSE_E Returned if there is an error parsing the public key
  905. from the input buffer. This may happen if the input public key is not
  906. properly formatted according to ASN.1 standards
  907. \return ASN_OBJECT_ID_E Returned if the ASN.1 Object ID does not match
  908. that of a RSA public key
  909. \return ASN_EXPECT_0_E Returned if the input key is not correctly
  910. formatted according to ASN.1 standards
  911. \return ASN_BITSTR_E Returned if the input key is not correctly formatted
  912. according to ASN.1 standards
  913. \return ASN_RSA_KEY_E Returned if there is an error reading the public key
  914. elements of the RSA key input
  915. \param input pointer to the buffer containing the input DER-encoded RSA
  916. public key to decode
  917. \param inOutIdx pointer to the index in the buffer at which the key
  918. begins (usually 0). As a side effect of this function, inOutIdx will
  919. store the distance parsed through the input buffer
  920. \param key pointer to the RsaKey structure in which to store the decoded
  921. public key
  922. \param inSz size of the input buffer
  923. _Example_
  924. \code
  925. RsaKey pub;
  926. word32 idx = 0;
  927. int ret = 0;
  928. byte der[] = { // initialize with DER-encoded RSA public key };
  929. wc_InitRsaKey(&pub, NULL); // not using heap hint. No custom memory
  930. ret = wc_RsaPublicKeyDecode(der, &idx, &pub, sizeof(der));
  931. if( ret != 0 ) {
  932. // error parsing public key
  933. }
  934. \endcode
  935. \sa wc_RsaPublicKeyDecodeRaw
  936. */
  937. int wc_RsaPublicKeyDecode(const byte* input, word32* inOutIdx,
  938. RsaKey* key, word32 inSz);
  939. /*!
  940. \ingroup RSA
  941. \brief This function decodes the raw elements of an RSA public key, taking
  942. in the public modulus (n) and exponent (e). It stores these raw elements
  943. in the provided RsaKey structure, allowing one to use them in the
  944. encryption/decryption process.
  945. \return 0 Returned upon successfully decoding the raw elements of the
  946. public key into the RsaKey structure
  947. \return BAD_FUNC_ARG Returned if any of the input arguments evaluates to
  948. NULL
  949. \return MP_INIT_E Returned if there is an error initializing an integer
  950. for use with the multiple precision integer (mp_int) library
  951. \return ASN_GETINT_E Returned if there is an error reading one of the
  952. provided RSA key elements, n or e
  953. \param n pointer to a buffer containing the raw modulus parameter of the
  954. public RSA key
  955. \param nSz size of the buffer containing n
  956. \param e pointer to a buffer containing the raw exponent parameter of
  957. the public RSA key
  958. \param eSz size of the buffer containing e
  959. \param key pointer to the RsaKey struct to initialize with the provided
  960. public key elements
  961. _Example_
  962. \code
  963. RsaKey pub;
  964. int ret = 0;
  965. byte n[] = { // initialize with received n component of public key };
  966. byte e[] = { // initialize with received e component of public key };
  967. wc_InitRsaKey(&pub, NULL); // not using heap hint. No custom memory
  968. ret = wc_RsaPublicKeyDecodeRaw(n, sizeof(n), e, sizeof(e), &pub);
  969. if( ret != 0 ) {
  970. // error parsing public key elements
  971. }
  972. \endcode
  973. \sa wc_RsaPublicKeyDecode
  974. */
  975. int wc_RsaPublicKeyDecodeRaw(const byte* n, word32 nSz,
  976. const byte* e, word32 eSz, RsaKey* key);
  977. /*!
  978. \ingroup RSA
  979. \brief This function converts an RsaKey key to DER format. The result is
  980. written to output and it returns the number of bytes written.
  981. \return >0 Success, number of bytes written.
  982. \return BAD_FUNC_ARG Returned if key or output is null, or if key->type
  983. is not RSA_PRIVATE, or if inLen isn't large enough for output buffer.
  984. \return MEMORY_E Returned if there is an error allocating memory.
  985. \param key Initialized RsaKey structure.
  986. \param output Pointer to output buffer.
  987. \param inLen Size of output buffer.
  988. _Example_
  989. \code
  990. byte* der;
  991. // Allocate memory for der
  992. int derSz = // Amount of memory allocated for der;
  993. RsaKey key;
  994. WC_RNG rng;
  995. long e = 65537; // standard value to use for exponent
  996. ret = wc_MakeRsaKey(&key, 2048, e, &rng); // generate 2048 bit long
  997. private key
  998. wc_InitRsaKey(&key, NULL);
  999. wc_InitRng(&rng);
  1000. if(wc_RsaKeyToDer(&key, der, derSz) != 0)
  1001. {
  1002. // Handle the error thrown
  1003. }
  1004. \endcode
  1005. \sa wc_RsaKeyToPublicDer
  1006. \sa wc_InitRsaKey
  1007. \sa wc_MakeRsaKey
  1008. \sa wc_InitRng
  1009. */
  1010. int wc_RsaKeyToDer(RsaKey* key, byte* output, word32 inLen);
  1011. /*!
  1012. \ingroup RSA
  1013. \brief This function performs RSA encrypt while allowing the choice of
  1014. which padding to use.
  1015. \return size On successfully encryption the size of the encrypted buffer
  1016. is returned
  1017. \return RSA_BUFFER_E RSA buffer error, output too small or input too large
  1018. \param in pointer to the buffer for encryption
  1019. \param inLen length of the buffer to encrypt
  1020. \param out encrypted msg created
  1021. \param outLen length of buffer available to hold encrypted msg
  1022. \param key initialized RSA key struct
  1023. \param rng initialized WC_RNG struct
  1024. \param type type of padding to use (WC_RSA_OAEP_PAD or WC_RSA_PKCSV15_PAD)
  1025. \param hash type of hash to use (choices can be found in hash.h)
  1026. \param mgf type of mask generation function to use
  1027. \param label an optional label to associate with encrypted message
  1028. \param labelSz size of the optional label used
  1029. _Example_
  1030. \code
  1031. WC_RNG rng;
  1032. RsaKey key;
  1033. byte in[] = “I use Turing Machines to ask questions”
  1034. byte out[256];
  1035. int ret;
  1036. ret = wc_RsaPublicEncrypt_ex(in, sizeof(in), out, sizeof(out), &key, &rng,
  1037. WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA, WC_MGF1SHA1, NULL, 0);
  1038. if (ret < 0) {
  1039. //handle error
  1040. }
  1041. \endcode
  1042. \sa wc_RsaPublicEncrypt
  1043. \sa wc_RsaPrivateDecrypt_ex
  1044. */
  1045. int wc_RsaPublicEncrypt_ex(const byte* in, word32 inLen, byte* out,
  1046. word32 outLen, RsaKey* key, WC_RNG* rng, int type,
  1047. enum wc_HashType hash, int mgf, byte* label, word32 labelSz);
  1048. /*!
  1049. \ingroup RSA
  1050. \brief This function uses RSA to decrypt a message and gives the
  1051. option of what padding type.
  1052. \return size On successful decryption, the size of the decrypted message
  1053. is returned.
  1054. \return MEMORY_E Returned if not enough memory on system to malloc a
  1055. needed array.
  1056. \return BAD_FUNC_ARG Returned if a bad argument was passed into the
  1057. function.
  1058. \param in pointer to the buffer for decryption
  1059. \param inLen length of the buffer to decrypt
  1060. \param out decrypted msg created
  1061. \param outLen length of buffer available to hold decrypted msg
  1062. \param key initialized RSA key struct
  1063. \param type type of padding to use (WC_RSA_OAEP_PAD or WC_RSA_PKCSV15_PAD)
  1064. \param hash type of hash to use (choices can be found in hash.h)
  1065. \param mgf type of mask generation function to use
  1066. \param label an optional label to associate with encrypted message
  1067. \param labelSz size of the optional label used
  1068. _Example_
  1069. \code
  1070. WC_RNG rng;
  1071. RsaKey key;
  1072. byte in[] = “I use Turing Machines to ask questions”
  1073. byte out[256];
  1074. byte plain[256];
  1075. int ret;
  1076. ret = wc_RsaPublicEncrypt_ex(in, sizeof(in), out, sizeof(out), &key,
  1077. &rng, WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA, WC_MGF1SHA1, NULL, 0);
  1078. if (ret < 0) {
  1079. //handle error
  1080. }
  1081. ret = wc_RsaPrivateDecrypt_ex(out, ret, plain, sizeof(plain), &key,
  1082. WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA, WC_MGF1SHA1, NULL, 0);
  1083. if (ret < 0) {
  1084. //handle error
  1085. }
  1086. \endcode
  1087. \sa none
  1088. */
  1089. int wc_RsaPrivateDecrypt_ex(const byte* in, word32 inLen,
  1090. byte* out, word32 outLen, RsaKey* key, int type,
  1091. enum wc_HashType hash, int mgf, byte* label, word32 labelSz);
  1092. /*!
  1093. \ingroup RSA
  1094. \brief This function uses RSA to decrypt a message inline and gives the
  1095. option of what padding type. The in buffer will contain the decrypted
  1096. message after being called and the out byte pointer will point to the
  1097. location in the “in” buffer where the plain text is.
  1098. \return size On successful decryption, the size of the decrypted message
  1099. is returned.
  1100. \return MEMORY_E: Returned if not enough memory on system to malloc a
  1101. needed array.
  1102. \return RSA_PAD_E: Returned if an error in the padding was encountered.
  1103. \return BAD_PADDING_E: Returned if an error happened during parsing past
  1104. padding.
  1105. \return BAD_FUNC_ARG: Returned if a bad argument was passed into the
  1106. function.
  1107. \param in pointer to the buffer for decryption
  1108. \param inLen length of the buffer to decrypt
  1109. \param out pointer to location of decrypted message in “in” buffer
  1110. \param key initialized RSA key struct
  1111. \param type type of padding to use (WC_RSA_OAEP_PAD or WC_RSA_PKCSV15_PAD)
  1112. \param hash type of hash to use (choices can be found in hash.h)
  1113. \param mgf type of mask generation function to use
  1114. \param label an optional label to associate with encrypted message
  1115. \param labelSz size of the optional label used
  1116. _Example_
  1117. \code
  1118. WC_RNG rng;
  1119. RsaKey key;
  1120. byte in[] = “I use Turing Machines to ask questions”
  1121. byte out[256];
  1122. byte* plain;
  1123. int ret;
  1124. ret = wc_RsaPublicEncrypt_ex(in, sizeof(in), out, sizeof(out), &key,
  1125. &rng, WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA, WC_MGF1SHA1, NULL, 0);
  1126. if (ret < 0) {
  1127. //handle error
  1128. }
  1129. ret = wc_RsaPrivateDecryptInline_ex(out, ret, &plain, &key,
  1130. WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA, WC_MGF1SHA1, NULL, 0);
  1131. if (ret < 0) {
  1132. //handle error
  1133. }
  1134. \endcode
  1135. \sa none
  1136. */
  1137. int wc_RsaPrivateDecryptInline_ex(byte* in, word32 inLen,
  1138. byte** out, RsaKey* key, int type, enum wc_HashType hash,
  1139. int mgf, byte* label, word32 labelSz);
  1140. /*!
  1141. \ingroup RSA
  1142. \brief Flattens the RsaKey structure into individual elements (e, n)
  1143. used for the RSA algorithm.
  1144. \return 0 Returned if the function executed normally, without error.
  1145. \return BAD_FUNC_ARG: Returned if any of the parameters are passed in
  1146. with a null value.
  1147. \return RSA_BUFFER_E: Returned if the e or n buffers passed in are not
  1148. the correct size.
  1149. \return MP_MEM: Returned if an internal function has memory errors.
  1150. \return MP_VAL: Returned if an internal function argument is not valid.
  1151. \param key The key to use for verification.
  1152. \param e a buffer for the value of e. e is a large positive integer in
  1153. the RSA modular arithmetic operation.
  1154. \param eSz the size of the e buffer.
  1155. \param n a buffer for the value of n. n is a large positive integer in
  1156. the RSA modular arithmetic operation.
  1157. \param nSz the size of the n buffer.
  1158. _Example_
  1159. \code
  1160. Rsa key; // A valid RSA key.
  1161. byte e[ buffer sz E.g. 256 ];
  1162. byte n[256];
  1163. int ret;
  1164. word32 eSz = sizeof(e);
  1165. word32 nSz = sizeof(n);
  1166. ...
  1167. ret = wc_RsaFlattenPublicKey(&key, e, &eSz, n, &nSz);
  1168. if (ret != 0) {
  1169. // Failure case.
  1170. }
  1171. \endcode
  1172. \sa wc_InitRsaKey
  1173. \sa wc_InitRsaKey_ex
  1174. \sa wc_MakeRsaKey
  1175. */
  1176. int wc_RsaFlattenPublicKey(RsaKey* key, byte* e, word32* eSz, byte* n,
  1177. word32* nSz);
  1178. /*!
  1179. \ingroup RSA
  1180. \brief Convert Rsa Public key to DER format. Writes to output, and
  1181. returns count of bytes written.
  1182. \return >0 Success, number of bytes written.
  1183. \return BAD_FUNC_ARG Returned if key or output is null.
  1184. \return MEMORY_E Returned when an error allocating memory occurs.
  1185. \return <0 Error
  1186. \param key The RSA key structure to convert.
  1187. \param output Output buffer to hold DER. (if NULL will return length only)
  1188. \param inLen Length of buffer.
  1189. _Example_
  1190. \code
  1191. RsaKey key;
  1192. wc_InitRsaKey(&key, NULL);
  1193. // Use key
  1194. const int BUFFER_SIZE = 1024; // Some adequate size for the buffer
  1195. byte output[BUFFER_SIZE];
  1196. if (wc_RsaKeyToPublicDer(&key, output, sizeof(output)) != 0) {
  1197. // Handle Error
  1198. }
  1199. \endcode
  1200. \sa wc_RsaPublicKeyDerSize
  1201. \sa wc_RsaKeyToPublicDer_ex
  1202. \sa wc_InitRsaKey
  1203. */
  1204. int wc_RsaKeyToPublicDer(RsaKey* key, byte* output, word32 inLen);
  1205. /*!
  1206. \ingroup RSA
  1207. \brief Convert RSA Public key to DER format. Writes to output, and
  1208. returns count of bytes written. If with_header is 0 then only the
  1209. ( seq + n + e) is returned in ASN.1 DER format and will exclude the header.
  1210. \return >0 Success, number of bytes written.
  1211. \return BAD_FUNC_ARG Returned if key or output is null.
  1212. \return MEMORY_E Returned when an error allocating memory occurs.
  1213. \return <0 Error
  1214. \param key The RSA key structure to convert.
  1215. \param output Output buffer to hold DER. (if NULL will return length only)
  1216. \param inLen Length of buffer.
  1217. _Example_
  1218. \code
  1219. RsaKey key;
  1220. wc_InitRsaKey(&key, NULL);
  1221. // Use key
  1222. const int BUFFER_SIZE = 1024; // Some adequate size for the buffer
  1223. byte output[BUFFER_SIZE];
  1224. if (wc_RsaKeyToPublicDer_ex(&key, output, sizeof(output), 0) != 0) {
  1225. // Handle Error
  1226. }
  1227. \endcode
  1228. \sa wc_RsaPublicKeyDerSize
  1229. \sa wc_RsaKeyToPublicDer
  1230. \sa wc_InitRsaKey
  1231. */
  1232. int wc_RsaKeyToPublicDer_ex(RsaKey* key, byte* output, word32 inLen,
  1233. int with_header);
  1234. /*!
  1235. \ingroup RSA
  1236. \brief This function generates a RSA private key of length size (in bits)
  1237. and given exponent (e). It then stores this key in the provided RsaKey
  1238. structure, so that it may be used for encryption/decryption. A secure
  1239. number to use for e is 65537. size is required to be greater than
  1240. RSA_MIN_SIZE and less than RSA_MAX_SIZE. For this function to be
  1241. available, the option WOLFSSL_KEY_GEN must be enabled at compile time.
  1242. This can be accomplished with --enable-keygen if using ./configure.
  1243. \return 0 Returned upon successfully generating a RSA private key
  1244. \return BAD_FUNC_ARG Returned if any of the input arguments are NULL,
  1245. the size parameter falls outside of the necessary bounds, or e is
  1246. incorrectly chosen
  1247. \return RNG_FAILURE_E Returned if there is an error generating a random
  1248. block using the provided RNG structure
  1249. \return MP_INIT_E
  1250. \return MP_READ_E May be May be returned if there is an error in the math
  1251. library used while generating the RSA key returned if there is an error
  1252. in the math library used while generating the RSA key
  1253. \return MP_CMP_E May be returned if there is an error in the math library
  1254. used while generating the RSA key
  1255. \return MP_INVMOD_E May be returned if there is an error in the math
  1256. library used while generating the RSA key
  1257. \return MP_EXPTMOD_E May be returned if there is an error in the math
  1258. library used while generating the RSA key
  1259. \return MP_MOD_E May be returned if there is an error in the math
  1260. library used while generating the RSA key
  1261. \return MP_MUL_E May be returned if there is an error in the math
  1262. library used while generating the RSA key
  1263. \return MP_ADD_E May be returned if there is an error in the math
  1264. library used while generating the RSA key
  1265. \return MP_MULMOD_E May be returned if there is an error in the math
  1266. library used while generating the RSA key
  1267. \return MP_TO_E May be returned if there is an error in the math
  1268. library used while generating the RSA key
  1269. \return MP_MEM May be returned if there is an error in the math
  1270. library used while generating the RSA key
  1271. \return MP_ZERO_E May be returned if there is an error in the math
  1272. library used while generating the RSA key
  1273. \param key pointer to the RsaKey structure in which to store the
  1274. generated private key
  1275. \param size desired key length, in bits. Required to be greater than
  1276. RSA_MIN_SIZE and less than RSA_MAX_SIZE
  1277. \param e exponent parameter to use for generating the key. A secure
  1278. choice is 65537
  1279. \param rng pointer to an RNG structure to use for random number generation
  1280. while making the ke
  1281. _Example_
  1282. \code
  1283. RsaKey priv;
  1284. WC_RNG rng;
  1285. int ret = 0;
  1286. long e = 65537; // standard value to use for exponent
  1287. wc_InitRsaKey(&priv, NULL); // not using heap hint. No custom memory
  1288. wc_InitRng(&rng);
  1289. // generate 2048 bit long private key
  1290. ret = wc_MakeRsaKey(&priv, 2048, e, &rng);
  1291. if( ret != 0 ) {
  1292. // error generating private key
  1293. }
  1294. \endcode
  1295. \sa none
  1296. */
  1297. int wc_MakeRsaKey(RsaKey* key, int size, long e, WC_RNG* rng);
  1298. /*!
  1299. \ingroup RSA
  1300. \brief This function sets the non-blocking RSA context. When a RsaNb context
  1301. is set it enables fast math based non-blocking exptmod, which splits the RSA
  1302. function into many smaller operations.
  1303. Enabled when WC_RSA_NONBLOCK is defined.
  1304. \return 0 Success
  1305. \return BAD_FUNC_ARG Returned if key or nb is null.
  1306. \param key The RSA key structure
  1307. \param nb The RSA non-blocking structure for this RSA key to use.
  1308. _Example_
  1309. \code
  1310. int ret, count = 0;
  1311. RsaKey key;
  1312. RsaNb nb;
  1313. wc_InitRsaKey(&key, NULL);
  1314. // Enable non-blocking RSA mode - provide context
  1315. ret = wc_RsaSetNonBlock(key, &nb);
  1316. if (ret != 0)
  1317. return ret;
  1318. do {
  1319. ret = wc_RsaSSL_Sign(in, inLen, out, outSz, key, rng);
  1320. count++; // track number of would blocks
  1321. if (ret == FP_WOULDBLOCK) {
  1322. // do "other" work here
  1323. }
  1324. } while (ret == FP_WOULDBLOCK);
  1325. if (ret < 0) {
  1326. return ret;
  1327. }
  1328. printf("RSA non-block sign: size %d, %d times\n", ret, count);
  1329. \endcode
  1330. \sa wc_RsaSetNonBlockTime
  1331. */
  1332. int wc_RsaSetNonBlock(RsaKey* key, RsaNb* nb);
  1333. /*!
  1334. \ingroup RSA
  1335. \brief This function configures the maximum amount of blocking time in
  1336. microseconds. It uses a pre-computed table (see tfm.c exptModNbInst) along
  1337. with the CPU speed in megahertz to determine if the next operation can be
  1338. completed within the maximum blocking time provided.
  1339. Enabled when WC_RSA_NONBLOCK_TIME is defined.
  1340. \return 0 Success
  1341. \return BAD_FUNC_ARG Returned if key is null or wc_RsaSetNonBlock was not
  1342. previously called and key->nb is null.
  1343. \param key The RSA key structure.
  1344. \param maxBlockUs Maximum time to block microseconds.
  1345. \param cpuMHz CPU speed in megahertz.
  1346. _Example_
  1347. \code
  1348. RsaKey key;
  1349. RsaNb nb;
  1350. wc_InitRsaKey(&key, NULL);
  1351. wc_RsaSetNonBlock(key, &nb);
  1352. wc_RsaSetNonBlockTime(&key, 4000, 160); // Block Max = 4 ms, CPU = 160MHz
  1353. \endcode
  1354. \sa wc_RsaSetNonBlock
  1355. */
  1356. int wc_RsaSetNonBlockTime(RsaKey* key, word32 maxBlockUs,
  1357. word32 cpuMHz);