2
0

rsa.h 50 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989910010110210310410510610710810911011111211311411511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614714814915015115215315415515615715815916016116216316416516616716816917017117217317417517617717817918018118218318418518618718818919019119219319419519619719819920020120220320420520620720820921021121221321421521621721821922022122222322422522622722822923023123223323423523623723823924024124224324424524624724824925025125225325425525625725825926026126226326426526626726826927027127227327427527627727827928028128228328428528628728828929029129229329429529629729829930030130230330430530630730830931031131231331431531631731831932032132232332432532632732832933033133233333433533633733833934034134234334434534634734834935035135235335435535635735835936036136236336436536636736836937037137237337437537637737837938038138238338438538638738838939039139239339439539639739839940040140240340440540640740840941041141241341441541641741841942042142242342442542642742842943043143243343443543643743843944044144244344444544644744844945045145245345445545645745845946046146246346446546646746846947047147247347447547647747847948048148248348448548648748848949049149249349449549649749849950050150250350450550650750850951051151251351451551651751851952052152252352452552652752852953053153253353453553653753853954054154254354454554654754854955055155255355455555655755855956056156256356456556656756856957057157257357457557657757857958058158258358458558658758858959059159259359459559659759859960060160260360460560660760860961061161261361461561661761861962062162262362462562662762862963063163263363463563663763863964064164264364464564664764864965065165265365465565665765865966066166266366466566666766866967067167267367467567667767867968068168268368468568668768868969069169269369469569669769869970070170270370470570670770870971071171271371471571671771871972072172272372472572672772872973073173273373473573673773873974074174274374474574674774874975075175275375475575675775875976076176276376476576676776876977077177277377477577677777877978078178278378478578678778878979079179279379479579679779879980080180280380480580680780880981081181281381481581681781881982082182282382482582682782882983083183283383483583683783883984084184284384484584684784884985085185285385485585685785885986086186286386486586686786886987087187287387487587687787887988088188288388488588688788888989089189289389489589689789889990090190290390490590690790890991091191291391491591691791891992092192292392492592692792892993093193293393493593693793893994094194294394494594694794894995095195295395495595695795895996096196296396496596696796896997097197297397497597697797897998098198298398498598698798898999099199299399499599699799899910001001100210031004100510061007100810091010101110121013101410151016101710181019102010211022102310241025102610271028102910301031103210331034103510361037103810391040104110421043104410451046104710481049105010511052105310541055105610571058105910601061106210631064106510661067106810691070107110721073107410751076107710781079108010811082108310841085108610871088108910901091109210931094109510961097109810991100110111021103110411051106110711081109111011111112111311141115111611171118111911201121112211231124112511261127112811291130113111321133113411351136113711381139114011411142114311441145114611471148114911501151115211531154115511561157115811591160116111621163116411651166116711681169117011711172117311741175117611771178117911801181118211831184118511861187118811891190119111921193119411951196119711981199120012011202120312041205120612071208120912101211121212131214121512161217121812191220122112221223122412251226122712281229123012311232123312341235123612371238123912401241124212431244124512461247124812491250125112521253125412551256125712581259126012611262126312641265126612671268126912701271127212731274127512761277127812791280128112821283128412851286128712881289129012911292129312941295129612971298129913001301130213031304130513061307130813091310131113121313131413151316131713181319132013211322132313241325132613271328132913301331133213331334133513361337133813391340134113421343134413451346134713481349135013511352135313541355135613571358135913601361136213631364136513661367136813691370137113721373137413751376137713781379138013811382138313841385138613871388138913901391139213931394139513961397139813991400140114021403140414051406140714081409141014111412141314141415141614171418141914201421142214231424142514261427142814291430143114321433143414351436143714381439144014411442144314441445144614471448144914501451145214531454145514561457145814591460146114621463146414651466146714681469147014711472147314741475147614771478147914801481148214831484148514861487148814891490149114921493149414951496149714981499150015011502150315041505150615071508150915101511151215131514151515161517151815191520152115221523152415251526152715281529153015311532153315341535153615371538153915401541154215431544154515461547154815491550155115521553155415551556155715581559
  1. /*!
  2. \ingroup RSA
  3. \brief This function initializes a provided RsaKey struct. It also takes
  4. in a heap identifier, for use with user defined memory overrides
  5. (see XMALLOC, XFREE, XREALLOC).
  6. The key has to be associated with RNG by wc_RsaSetRNG when WC_RSA_BLINDING
  7. is enabled.
  8. \return 0 Returned upon successfully initializing the RSA structure for
  9. use with encryption and decryption
  10. \return BAD_FUNC_ARGS Returned if the RSA key pointer evaluates to NULL
  11. \param key pointer to the RsaKey structure to initialize
  12. \param heap pointer to a heap identifier, for use with memory overrides,
  13. allowing custom handling of memory allocation. This heap will be the
  14. default used when allocating memory for use with this RSA object
  15. _Example_
  16. \code
  17. RsaKey enc;
  18. int ret;
  19. ret = wc_InitRsaKey(&enc, NULL); // not using heap hint. No custom memory
  20. if ( ret != 0 ) {
  21. // error initializing RSA key
  22. }
  23. \endcode
  24. \sa wc_RsaInitCavium
  25. \sa wc_FreeRsaKey
  26. \sa wc_RsaSetRNG
  27. */
  28. int wc_InitRsaKey(RsaKey* key, void* heap);
  29. /*!
  30. \ingroup RSA
  31. \brief This function initializes a provided RsaKey struct. The id and
  32. len are used to identify the key on the device while the devId identifies
  33. the device. It also takes in a heap identifier, for use with user defined
  34. memory overrides (see XMALLOC, XFREE, XREALLOC).
  35. The key has to be associated with RNG by wc_RsaSetRNG when WC_RSA_BLINDING
  36. is enabled.
  37. \return 0 Returned upon successfully initializing the RSA structure for
  38. use with encryption and decryption
  39. \return BAD_FUNC_ARGS Returned if the RSA key pointer evaluates to NULL
  40. \return BUFFER_E Returned if len is less than 0 or greater than
  41. RSA_MAX_ID_LEN.
  42. \param key pointer to the RsaKey structure to initialize
  43. \param id identifier of key on device
  44. \param len length of identifier in bytes
  45. \param heap pointer to a heap identifier, for use with memory overrides,
  46. allowing custom handling of memory allocation. This heap will be the
  47. default used when allocating memory for use with this RSA object
  48. \param devId ID to use with hardware device
  49. _Example_
  50. \code
  51. RsaKey enc;
  52. unsigned char* id = (unsigned char*)"RSA2048";
  53. int len = 6;
  54. int devId = 1;
  55. int ret;
  56. ret = wc_CryptoDev_RegisterDevice(devId, wc_Pkcs11_CryptoDevCb,
  57. &token);
  58. if ( ret != 0) {
  59. // error associating callback and token with device id
  60. }
  61. ret = wc_InitRsaKey_Id(&enc, id, len, NULL, devId); // not using heap hint
  62. if ( ret != 0 ) {
  63. // error initializing RSA key
  64. }
  65. \endcode
  66. \sa wc_InitRsaKey
  67. \sa wc_RsaInitCavium
  68. \sa wc_FreeRsaKey
  69. \sa wc_RsaSetRNG
  70. */
  71. int wc_InitRsaKey_Id(RsaKey* key, unsigned char* id, int len,
  72. void* heap, int devId);
  73. /*!
  74. \ingroup RSA
  75. \brief This function associates RNG with Key. It is needed when WC_RSA_BLINDING
  76. is enabled.
  77. \return 0 Returned upon success
  78. \return BAD_FUNC_ARGS Returned if the RSA key, rng pointer evaluates to NULL
  79. \param key pointer to the RsaKey structure to be associated
  80. \param rng pointer to the WC_RNG structure to associate with
  81. _Example_
  82. \code
  83. ret = wc_InitRsaKey(&key, NULL);
  84. if (ret == 0) {
  85. ret = wc_InitRng(&rng);
  86. } else return -1;
  87. if (ret == 0) {
  88. ret = wc_RsaSetRNG(&key, &rng);
  89. \endcode
  90. \sa wc_InitRsaKey
  91. \sa wc_RsaSetRNG
  92. */
  93. int wc_RsaSetRNG(RsaKey* key, WC_RNG* rng);
  94. /*!
  95. \ingroup RSA
  96. \brief This function frees a provided RsaKey struct using mp_clear.
  97. \return 0 Returned upon successfully freeing the key
  98. \param key pointer to the RsaKey structure to free
  99. _Example_
  100. \code
  101. RsaKey enc;
  102. wc_InitRsaKey(&enc, NULL); // not using heap hint. No custom memory
  103. ... set key, do encryption
  104. wc_FreeRsaKey(&enc);
  105. \endcode
  106. \sa wc_InitRsaKey
  107. */
  108. int wc_FreeRsaKey(RsaKey* key);
  109. /*!
  110. \ingroup RSA
  111. \brief This function encrypts a message from in and stores the result
  112. in out. It requires an initialized public key and a random number
  113. generator. As a side effect, this function will return the bytes written
  114. to out in outLen.
  115. \return Success Upon successfully encrypting the input message, returns
  116. 0 for success and less than zero for failure. Also returns the number
  117. bytes written to out by storing the value in outLen
  118. \return BAD_FUNC_ARG Returned if any of the input parameters are invalid
  119. \return RSA_BUFFER_E Returned if the output buffer is too small to store
  120. the ciphertext
  121. \return RNG_FAILURE_E Returned if there is an error generating a random
  122. block using the provided RNG structure
  123. \return MP_INIT_E May be returned if there is an error in the math
  124. library used while encrypting the message
  125. \return MP_READ_E May be returned if there is an error in the math
  126. library used while encrypting the message
  127. \return MP_CMP_E May be returned if there is an error in the math
  128. library used while encrypting the message
  129. \return MP_INVMOD_E May be returned if there is an error in the math
  130. library used while encrypting the message
  131. \return MP_EXPTMOD_E May be returned if there is an error in the math
  132. library used while encrypting the message
  133. \return MP_MOD_E May be returned if there is an error in the math
  134. library used while encrypting the message
  135. \return MP_MUL_E May be returned if there is an error in the math
  136. library used while encrypting the message
  137. \return MP_ADD_E May be returned if there is an error in the math
  138. library used while encrypting the message
  139. \return MP_MULMOD_E May be returned if there is an error in the math
  140. library used while encrypting the message
  141. \return MP_TO_E May be returned if there is an error in the math
  142. library used while encrypting the message
  143. \return MP_MEM May be returned if there is an error in the math
  144. library used while encrypting the message
  145. \return MP_ZERO_E May be returned if there is an error in the math
  146. library used while encrypting the message
  147. \param in pointer to a buffer containing the input message to encrypt
  148. \param inLen the length of the message to encrypt
  149. \param out pointer to the buffer in which to store the output ciphertext
  150. \param outLen the length of the output buffer
  151. \param key pointer to the RsaKey structure containing the public
  152. key to use for encryption
  153. \param rng The RNG structure with which to generate random block padding
  154. _Example_
  155. \code
  156. RsaKey pub;
  157. int ret = 0;
  158. byte n[] = { // initialize with received n component of public key };
  159. byte e[] = { // initialize with received e component of public key };
  160. byte msg[] = { // initialize with plaintext of message to encrypt };
  161. byte cipher[256]; // 256 bytes is large enough to store 2048 bit RSA
  162. ciphertext
  163. wc_InitRsaKey(&pub, NULL); // not using heap hint. No custom memory
  164. wc_RsaPublicKeyDecodeRaw(n, sizeof(n), e, sizeof(e), &pub);
  165. // initialize with received public key parameters
  166. ret = wc_RsaPublicEncrypt(msg, sizeof(msg), out, sizeof(out), &pub, &rng);
  167. if ( ret != 0 ) {
  168. // error encrypting message
  169. }
  170. \endcode
  171. \sa wc_RsaPrivateDecrypt
  172. */
  173. int wc_RsaPublicEncrypt(const byte* in, word32 inLen, byte* out,
  174. word32 outLen, RsaKey* key, WC_RNG* rng);
  175. /*!
  176. \ingroup RSA
  177. \brief This functions is utilized by the wc_RsaPrivateDecrypt function
  178. for decrypting.
  179. \return Success Length of decrypted data.
  180. \return RSA_PAD_E RsaUnPad error, bad formatting
  181. \param in The byte array to be decrypted.
  182. \param inLen The length of in.
  183. \param out The byte array for the decrypted data to be stored.
  184. \param key The key to use for decryption.
  185. _Example_
  186. \code
  187. none
  188. \endcode
  189. \sa wc_RsaPrivateDecrypt
  190. */
  191. int wc_RsaPrivateDecryptInline(byte* in, word32 inLen, byte** out,
  192. RsaKey* key);
  193. /*!
  194. \ingroup RSA
  195. \brief This functions provides private RSA decryption.
  196. \return Success length of decrypted data.
  197. \return MEMORY_E -125, out of memory error
  198. \return BAD_FUNC_ARG -173, Bad function argument provided
  199. \param in The byte array to be decrypted.
  200. \param inLen The length of in.
  201. \param out The byte array for the decrypted data to be stored.
  202. \param outLen The length of out.
  203. \param key The key to use for decryption.
  204. _Example_
  205. \code
  206. ret = wc_RsaPublicEncrypt(in, inLen, out, sizeof(out), &key, &rng);
  207. if (ret < 0) {
  208. return -1;
  209. }
  210. ret = wc_RsaPrivateDecrypt(out, ret, plain, sizeof(plain), &key);
  211. if (ret < 0) {
  212. return -1;
  213. }
  214. \endcode
  215. \sa RsaUnPad
  216. \sa wc_RsaFunction
  217. \sa wc_RsaPrivateDecryptInline
  218. */
  219. int wc_RsaPrivateDecrypt(const byte* in, word32 inLen, byte* out,
  220. word32 outLen, RsaKey* key);
  221. /*!
  222. \ingroup RSA
  223. \brief Signs the provided array with the private key.
  224. \return RSA_BUFFER_E: -131, RSA buffer error, output too small or
  225. input too large
  226. \param in The byte array to be encrypted.
  227. \param inLen The length of in.
  228. \param out The byte array for the encrypted data to be stored.
  229. \param outLen The length of out.
  230. \param key The key to use for encryption.
  231. \param RNG The RNG struct to use for random number purposes.
  232. _Example_
  233. \code
  234. ret = wc_RsaSSL_Sign(in, inLen, out, sizeof(out), &key, &rng);
  235. if (ret < 0) {
  236. return -1;
  237. }
  238. memset(plain, 0, sizeof(plain));
  239. ret = wc_RsaSSL_Verify(out, ret, plain, sizeof(plain), &key);
  240. if (ret < 0) {
  241. return -1;
  242. }
  243. \endcode
  244. \sa wc_RsaPad
  245. */
  246. int wc_RsaSSL_Sign(const byte* in, word32 inLen, byte* out,
  247. word32 outLen, RsaKey* key, WC_RNG* rng);
  248. /*!
  249. \ingroup RSA
  250. \brief Used to verify that the message was signed by RSA key. The output
  251. uses the same byte array as the input.
  252. \return >0 Length of text.
  253. \return <0 An error occurred.
  254. \param in Byte array to be decrypted.
  255. \param inLen Length of the buffer input.
  256. \param out Pointer to a pointer for decrypted information.
  257. \param key RsaKey to use.
  258. _Example_
  259. \code
  260. RsaKey key;
  261. WC_WC_RNG rng;
  262. int ret = 0;
  263. long e = 65537; // standard value to use for exponent
  264. wc_InitRsaKey(&key, NULL); // not using heap hint. No custom memory
  265. wc_InitRng(&rng);
  266. wc_MakeRsaKey(&key, 2048, e, &rng);
  267. byte in[] = { // Initialize with some RSA encrypted information }
  268. byte* out;
  269. if(wc_RsaSSL_VerifyInline(in, sizeof(in), &out, &key) < 0)
  270. {
  271. // handle error
  272. }
  273. \endcode
  274. \sa wc_RsaSSL_Verify
  275. \sa wc_RsaSSL_Sign
  276. */
  277. int wc_RsaSSL_VerifyInline(byte* in, word32 inLen, byte** out,
  278. RsaKey* key);
  279. /*!
  280. \ingroup RSA
  281. \brief Used to verify that the message was signed by key.
  282. \return Success Length of text on no error.
  283. \return MEMORY_E memory exception.
  284. \param in The byte array to be decrypted.
  285. \param inLen The length of in.
  286. \param out The byte array for the decrypted data to be stored.
  287. \param outLen The length of out.
  288. \param key The key to use for verification.
  289. _Example_
  290. \code
  291. ret = wc_RsaSSL_Sign(in, inLen, out, sizeof(out), &key, &rng);
  292. if (ret < 0) {
  293. return -1;
  294. }
  295. memset(plain, 0, sizeof(plain));
  296. ret = wc_RsaSSL_Verify(out, ret, plain, sizeof(plain), &key);
  297. if (ret < 0) {
  298. return -1;
  299. }
  300. \endcode
  301. \sa wc_RsaSSL_Sign
  302. */
  303. int wc_RsaSSL_Verify(const byte* in, word32 inLen, byte* out,
  304. word32 outLen, RsaKey* key);
  305. /*!
  306. \ingroup RSA
  307. \brief Signs the provided array with the private key.
  308. \return RSA_BUFFER_E: -131, RSA buffer error, output too small or
  309. input too large
  310. \param in The byte array to be encrypted.
  311. \param inLen The length of in.
  312. \param out The byte array for the encrypted data to be stored.
  313. \param outLen The length of out.
  314. \param hash The hash type to be in message
  315. \param mgf Mask Generation Function Identifiers
  316. \param key The key to use for verification.
  317. _Example_
  318. \code
  319. ret = wc_InitRsaKey(&key, NULL);
  320. if (ret == 0) {
  321. ret = wc_InitRng(&rng);
  322. } else return -1;
  323. if (ret == 0) {
  324. ret = wc_RsaSetRNG(&key, &rng);
  325. } else return -1;
  326. if (ret == 0) {
  327. ret = wc_MakeRsaKey(&key, 2048, WC_RSA_EXPONENT, &rng);
  328. } else return -1;
  329. ret = wc_RsaPSS_Sign((byte*)szMessage, (word32)XSTRLEN(szMessage)+1,
  330. pSignature, sizeof(pSignature),
  331. WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key, &rng);
  332. if (ret > 0 ){
  333. sz = ret;
  334. } else return -1;
  335. ret = wc_RsaPSS_Verify(pSignature, sz, pt, outLen,
  336. WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key);
  337. if (ret <= 0)return -1;
  338. wc_FreeRsaKey(&key);
  339. wc_FreeRng(&rng);
  340. \endcode
  341. \sa wc_RsaPSS_Verify
  342. \sa wc_RsaSetRNG
  343. */
  344. int wc_RsaPSS_Sign(const byte* in, word32 inLen, byte* out,
  345. word32 outLen, enum wc_HashType hash, int mgf,
  346. RsaKey* key, WC_RNG* rng);
  347. /*!
  348. \ingroup RSA
  349. \brief Decrypt input signature to verify that the message was signed by key.
  350. The key has to be associated with RNG by wc_RsaSetRNG when WC_RSA_BLINDING is enabled.
  351. \return Success Length of text on no error.
  352. \return MEMORY_E memory exception.
  353. \param in The byte array to be decrypted.
  354. \param inLen The length of in.
  355. \param out The byte array for the decrypted data to be stored.
  356. \param outLen The length of out.
  357. \param hash The hash type to be in message
  358. \param mgf Mask Generation Function Identifiers
  359. \param key The key to use for verification.
  360. _Example_
  361. \code
  362. ret = wc_InitRsaKey(&key, NULL);
  363. if (ret == 0) {
  364. ret = wc_InitRng(&rng);
  365. } else return -1;
  366. if (ret == 0) {
  367. ret = wc_RsaSetRNG(&key, &rng);
  368. } else return -1;
  369. if (ret == 0) {
  370. ret = wc_MakeRsaKey(&key, 2048, WC_RSA_EXPONENT, &rng);
  371. } else return -1;
  372. ret = wc_RsaPSS_Sign((byte*)szMessage, (word32)XSTRLEN(szMessage)+1,
  373. pSignature, sizeof(pSignature),
  374. WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key, &rng);
  375. if (ret > 0 ){
  376. sz = ret;
  377. } else return -1;
  378. ret = wc_RsaPSS_Verify(pSignature, sz, pt, outLen,
  379. WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key);
  380. if (ret <= 0)return -1;
  381. wc_FreeRsaKey(&key);
  382. wc_FreeRng(&rng);
  383. \endcode
  384. \sa wc_RsaPSS_Sign
  385. \sa wc_RsaPSS_VerifyInline
  386. \sa wc_RsaPSS_CheckPadding
  387. \sa wc_RsaSetRNG
  388. */
  389. int wc_RsaPSS_Verify(byte* in, word32 inLen, byte* out,
  390. word32 outLen, enum wc_HashType hash, int mgf,
  391. RsaKey* key);
  392. /*!
  393. \ingroup RSA
  394. \brief Decrypt input signature to verify that the message was signed by RSA
  395. key.
  396. The output uses the same byte array as the input.
  397. The key has to be associated with RNG by wc_RsaSetRNG when WC_RSA_BLINDING
  398. is enabled.
  399. \return >0 Length of text.
  400. \return <0 An error occurred.
  401. \param in Byte array to be decrypted.
  402. \param inLen Length of the buffer input.
  403. \param out Pointer to address containing the PSS data.
  404. \param hash The hash type to be in message
  405. \param mgf Mask Generation Function Identifiers
  406. \param key RsaKey to use.
  407. _Example_
  408. \code
  409. ret = wc_InitRsaKey(&key, NULL);
  410. if (ret == 0) {
  411. ret = wc_InitRng(&rng);
  412. } else return -1;
  413. if (ret == 0) {
  414. ret = wc_RsaSetRNG(&key, &rng);
  415. } else return -1;
  416. if (ret == 0) {
  417. ret = wc_MakeRsaKey(&key, 2048, WC_RSA_EXPONENT, &rng);
  418. } else return -1;
  419. ret = wc_RsaPSS_Sign(digest, digestSz, pSignature, pSignatureSz,
  420. WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key, &rng);
  421. if (ret > 0 ){
  422. sz = ret;
  423. } else return -1;
  424. ret = wc_RsaPSS_VerifyInline(pSignature, sz, pt,
  425. WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key);
  426. if (ret <= 0)return -1;
  427. wc_FreeRsaKey(&key);
  428. wc_FreeRng(&rng);
  429. \endcode
  430. \sa wc_RsaPSS_Verify
  431. \sa wc_RsaPSS_Sign
  432. \sa wc_RsaPSS_VerifyCheck
  433. \sa wc_RsaPSS_VerifyCheck_ex
  434. \sa wc_RsaPSS_VerifyCheckInline
  435. \sa wc_RsaPSS_VerifyCheckInline_ex
  436. \sa wc_RsaPSS_CheckPadding
  437. \sa wc_RsaPSS_CheckPadding_ex
  438. \sa wc_RsaSetRNG
  439. */
  440. int wc_RsaPSS_VerifyInline(byte* in, word32 inLen, byte** out,
  441. enum wc_HashType hash, int mgf,
  442. RsaKey* key);
  443. /*!
  444. \ingroup RSA
  445. \brief Verify the message signed with RSA-PSS.
  446. Salt length is equal to hash length.
  447. The key has to be associated with RNG by wc_RsaSetRNG when WC_RSA_BLINDING is enabled.
  448. \return the length of the PSS data on success and negative indicates failure.
  449. \return MEMORY_E memory exception.
  450. \param in The byte array to be decrypted.
  451. \param inLen The length of in.
  452. \param out Pointer to address containing the PSS data.
  453. \param outLen The length of out.
  454. \param digest Hash of the data that is being verified.
  455. \param digestLen Length of hash.
  456. \param hash Hash algorithm.
  457. \param mgf Mask generation function.
  458. \param key Public RSA key.
  459. _Example_
  460. \code
  461. ret = wc_InitRsaKey(&key, NULL);
  462. if (ret == 0) {
  463. ret = wc_InitRng(&rng);
  464. } else return -1;
  465. if (ret == 0) {
  466. ret = wc_RsaSetRNG(&key, &rng);
  467. } else return -1;
  468. if (ret == 0) {
  469. ret = wc_MakeRsaKey(&key, 2048, WC_RSA_EXPONENT, &rng);
  470. } else return -1;
  471. if (ret == 0) {
  472. digestSz = wc_HashGetDigestSize(WC_HASH_TYPE_SHA256);
  473. ret = wc_Hash(WC_HASH_TYPE_SHA256, message, sz, digest, digestSz);
  474. } else return -1;
  475. if (ret == 0) {
  476. ret = wc_RsaPSS_Sign(digest, digestSz, pSignature, pSignatureSz,
  477. WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key, &rng);
  478. if (ret > 0 ){
  479. sz = ret;
  480. } else return -1;
  481. } else return -1;
  482. if (ret == 0) {
  483. ret = wc_RsaPSS_VerifyCheck(pSignature, sz, pt, outLen,
  484. digest, digestSz, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key);
  485. if (ret <= 0) return -1;
  486. } else return -1;
  487. wc_FreeRsaKey(&key);
  488. wc_FreeRng(&rng);
  489. \endcode
  490. \sa wc_RsaPSS_Sign
  491. \sa wc_RsaPSS_Verify
  492. \sa wc_RsaPSS_VerifyCheck_ex
  493. \sa wc_RsaPSS_VerifyCheckInline
  494. \sa wc_RsaPSS_VerifyCheckInline_ex
  495. \sa wc_RsaPSS_CheckPadding
  496. \sa wc_RsaPSS_CheckPadding_ex
  497. \sa wc_RsaSetRNG
  498. */
  499. int wc_RsaPSS_VerifyCheck(byte* in, word32 inLen,
  500. byte* out, word32 outLen,
  501. const byte* digest, word32 digestLen,
  502. enum wc_HashType hash, int mgf,
  503. RsaKey* key);
  504. /*!
  505. \ingroup RSA
  506. \brief Verify the message signed with RSA-PSS.
  507. The key has to be associated with RNG by wc_RsaSetRNG when WC_RSA_BLINDING is enabled.
  508. \return the length of the PSS data on success and negative indicates failure.
  509. \return MEMORY_E memory exception.
  510. \param in The byte array to be decrypted.
  511. \param inLen The length of in.
  512. \param out Pointer to address containing the PSS data.
  513. \param outLen The length of out.
  514. \param digest Hash of the data that is being verified.
  515. \param digestLen Length of hash.
  516. \param hash Hash algorithm.
  517. \param mgf Mask generation function.
  518. \param saltLen Length of salt used. RSA_PSS_SALT_LEN_DEFAULT (-1) indicates salt
  519. length is the same as the hash length. RSA_PSS_SALT_LEN_DISCOVER
  520. indicates salt length is determined from the data.
  521. \param key Public RSA key.
  522. _Example_
  523. \code
  524. ret = wc_InitRsaKey(&key, NULL);
  525. if (ret == 0) {
  526. ret = wc_InitRng(&rng);
  527. } else return -1;
  528. if (ret == 0) {
  529. ret = wc_RsaSetRNG(&key, &rng);
  530. } else return -1;
  531. if (ret == 0) {
  532. ret = wc_MakeRsaKey(&key, 2048, WC_RSA_EXPONENT, &rng);
  533. } else return -1;
  534. if (ret == 0) {
  535. digestSz = wc_HashGetDigestSize(WC_HASH_TYPE_SHA256);
  536. ret = wc_Hash(WC_HASH_TYPE_SHA256, message, sz, digest, digestSz);
  537. } else return -1;
  538. if (ret == 0) {
  539. ret = wc_RsaPSS_Sign(digest, digestSz, pSignature, pSignatureSz,
  540. WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key, &rng);
  541. if (ret > 0 ){
  542. sz = ret;
  543. } else return -1;
  544. } else return -1;
  545. if (ret == 0) {
  546. ret = wc_RsaPSS_VerifyCheck_ex(pSignature, sz, pt, outLen,
  547. digest, digestSz, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, saltLen, &key);
  548. if (ret <= 0) return -1;
  549. } else return -1;
  550. wc_FreeRsaKey(&key);
  551. wc_FreeRng(&rng);
  552. \endcode
  553. \sa wc_RsaPSS_Sign
  554. \sa wc_RsaPSS_Verify
  555. \sa wc_RsaPSS_VerifyCheck
  556. \sa wc_RsaPSS_VerifyCheckInline
  557. \sa wc_RsaPSS_VerifyCheckInline_ex
  558. \sa wc_RsaPSS_CheckPadding
  559. \sa wc_RsaPSS_CheckPadding_ex
  560. \sa wc_RsaSetRNG
  561. */
  562. int wc_RsaPSS_VerifyCheck_ex(byte* in, word32 inLen,
  563. byte* out, word32 outLen,
  564. const byte* digest, word32 digestLen,
  565. enum wc_HashType hash, int mgf, int saltLen,
  566. RsaKey* key);
  567. /*!
  568. \ingroup RSA
  569. \brief Verify the message signed with RSA-PSS.
  570. The input buffer is reused for the output buffer.
  571. Salt length is equal to hash length.
  572. The key has to be associated with RNG by wc_RsaSetRNG when WC_RSA_BLINDING is enabled.
  573. \return the length of the PSS data on success and negative indicates failure.
  574. \param in The byte array to be decrypted.
  575. \param inLen The length of in.
  576. \param out The byte array for the decrypted data to be stored.
  577. \param digest Hash of the data that is being verified.
  578. \param digestLen Length of hash.
  579. \param hash The hash type to be in message
  580. \param mgf Mask Generation Function Identifiers
  581. \param key The key to use for verification.
  582. _Example_
  583. \code
  584. ret = wc_InitRsaKey(&key, NULL);
  585. if (ret == 0) {
  586. ret = wc_InitRng(&rng);
  587. } else return -1;
  588. if (ret == 0) {
  589. ret = wc_RsaSetRNG(&key, &rng);
  590. } else return -1;
  591. if (ret == 0) {
  592. ret = wc_MakeRsaKey(&key, 2048, WC_RSA_EXPONENT, &rng);
  593. } else return -1;
  594. if (ret == 0) {
  595. digestSz = wc_HashGetDigestSize(WC_HASH_TYPE_SHA256);
  596. ret = wc_Hash(WC_HASH_TYPE_SHA256, message, sz, digest, digestSz);
  597. } else return -1;
  598. if (ret == 0) {
  599. ret = wc_RsaPSS_Sign(digest, digestSz, pSignature, pSignatureSz,
  600. WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key, &rng);
  601. if (ret > 0 ){
  602. sz = ret;
  603. } else return -1;
  604. } else return -1;
  605. if (ret == 0) {
  606. ret = wc_RsaPSS_VerifyCheckInline(pSignature, sz, pt,
  607. digest, digestSz, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key);
  608. if (ret <= 0) return -1;
  609. } else return -1;
  610. wc_FreeRsaKey(&key);
  611. wc_FreeRng(&rng);
  612. \endcode
  613. \sa wc_RsaPSS_Sign
  614. \sa wc_RsaPSS_Verify
  615. \sa wc_RsaPSS_VerifyCheck
  616. \sa wc_RsaPSS_VerifyCheck_ex
  617. \sa wc_RsaPSS_VerifyCheckInline_ex
  618. \sa wc_RsaPSS_CheckPadding
  619. \sa wc_RsaPSS_CheckPadding_ex
  620. \sa wc_RsaSetRNG
  621. */
  622. int wc_RsaPSS_VerifyCheckInline(byte* in, word32 inLen, byte** out,
  623. const byte* digest, word32 digentLen,
  624. enum wc_HashType hash, int mgf,
  625. RsaKey* key);
  626. /*!
  627. \ingroup RSA
  628. \brief Verify the message signed with RSA-PSS.
  629. The input buffer is reused for the output buffer.
  630. The key has to be associated with RNG by wc_RsaSetRNG when WC_RSA_BLINDING is enabled.
  631. \return the length of the PSS data on success and negative indicates failure.
  632. \param in The byte array to be decrypted.
  633. \param inLen The length of in.
  634. \param out The byte array for the decrypted data to be stored.
  635. \param digest Hash of the data that is being verified.
  636. \param digestLen Length of hash.
  637. \param hash The hash type to be in message
  638. \param mgf Mask Generation Function Identifiers
  639. \param saltLen Length of salt used. RSA_PSS_SALT_LEN_DEFAULT (-1) indicates salt
  640. length is the same as the hash length. RSA_PSS_SALT_LEN_DISCOVER
  641. indicates salt length is determined from the data.
  642. \param key The key to use for verification.
  643. _Example_
  644. \code
  645. ret = wc_InitRsaKey(&key, NULL);
  646. if (ret == 0) {
  647. ret = wc_InitRng(&rng);
  648. } else return -1;
  649. if (ret == 0) {
  650. ret = wc_RsaSetRNG(&key, &rng);
  651. } else return -1;
  652. if (ret == 0) {
  653. ret = wc_MakeRsaKey(&key, 2048, WC_RSA_EXPONENT, &rng);
  654. } else return -1;
  655. if (ret == 0) {
  656. digestSz = wc_HashGetDigestSize(WC_HASH_TYPE_SHA256);
  657. ret = wc_Hash(WC_HASH_TYPE_SHA256, message, sz, digest, digestSz);
  658. } else return -1;
  659. if (ret == 0) {
  660. ret = wc_RsaPSS_Sign(digest, digestSz, pSignature, pSignatureSz,
  661. WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key, &rng);
  662. if (ret > 0 ){
  663. sz = ret;
  664. } else return -1;
  665. } else return -1;
  666. if (ret == 0) {
  667. ret = wc_RsaPSS_VerifyCheckInline_ex(pSignature, sz, pt,
  668. digest, digestSz, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, saltLen, &key);
  669. if (ret <= 0) return -1;
  670. } else return -1;
  671. wc_FreeRsaKey(&key);
  672. wc_FreeRng(&rng);
  673. \endcode
  674. \sa wc_RsaPSS_Sign
  675. \sa wc_RsaPSS_Verify
  676. \sa wc_RsaPSS_VerifyCheck
  677. \sa wc_RsaPSS_VerifyCheck_ex
  678. \sa wc_RsaPSS_VerifyCheckInline
  679. \sa wc_RsaPSS_CheckPadding
  680. \sa wc_RsaPSS_CheckPadding_ex
  681. \sa wc_RsaSetRNG
  682. */
  683. int wc_RsaPSS_VerifyCheckInline_ex(byte* in, word32 inLen, byte** out,
  684. const byte* digest, word32 digentLen,
  685. enum wc_HashType hash, int mgf, int saltLen,
  686. RsaKey* key);
  687. /*!
  688. \ingroup RSA
  689. \brief Checks the PSS data to ensure that the signature matches.
  690. Salt length is equal to hash length.
  691. The key has to be associated with RNG by wc_RsaSetRNG when WC_RSA_BLINDING is enabled.
  692. \return BAD_PADDING_E when the PSS data is invalid, BAD_FUNC_ARG when
  693. NULL is passed in to in or sig or inSz is not the same as the hash
  694. algorithm length and 0 on success.
  695. \return MEMORY_E memory exception.
  696. \param in Hash of the data that is being verified.
  697. \param inSz Length of hash.
  698. \param sig Buffer holding PSS data.
  699. \param sigSz Size of PSS data.
  700. \param hashType Hash algorithm.
  701. _Example_
  702. \code
  703. ret = wc_InitRsaKey(&key, NULL);
  704. if (ret == 0) {
  705. ret = wc_InitRng(&rng);
  706. } else return -1;
  707. if (ret == 0) {
  708. ret = wc_RsaSetRNG(&key, &rng);
  709. } else return -1;
  710. if (ret == 0) {
  711. ret = wc_MakeRsaKey(&key, 2048, WC_RSA_EXPONENT, &rng);
  712. } else return -1;
  713. if (ret == 0) {
  714. digestSz = wc_HashGetDigestSize(WC_HASH_TYPE_SHA256);
  715. ret = wc_Hash(WC_HASH_TYPE_SHA256, message, sz, digest, digestSz);
  716. } else return -1;
  717. ret = wc_RsaPSS_Sign(digest, digestSz, pSignature, sizeof(pSignature),
  718. WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key, &rng);
  719. if (ret > 0 ){
  720. sz = ret;
  721. } else return -1;
  722. verify = wc_RsaPSS_Verify(pSignature, sz, out, outLen,
  723. WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key);
  724. if (verify <= 0)return -1;
  725. ret = wc_RsaPSS_CheckPadding(digest, digestSz, out, verify, hash);
  726. wc_FreeRsaKey(&key);
  727. wc_FreeRng(&rng);
  728. \endcode
  729. \sa wc_RsaPSS_Sign
  730. \sa wc_RsaPSS_Verify
  731. \sa wc_RsaPSS_VerifyInline
  732. \sa wc_RsaPSS_VerifyCheck
  733. \sa wc_RsaPSS_VerifyCheck_ex
  734. \sa wc_RsaPSS_VerifyCheckInline
  735. \sa wc_RsaPSS_VerifyCheckInline_ex
  736. \sa wc_RsaPSS_CheckPadding_ex
  737. \sa wc_RsaSetRNG
  738. */
  739. int wc_RsaPSS_CheckPadding(const byte* in, word32 inLen, byte* sig,
  740. word32 sigSz,
  741. enum wc_HashType hashType);
  742. /*!
  743. \ingroup RSA
  744. \brief Checks the PSS data to ensure that the signature matches.
  745. Salt length is equal to hash length.
  746. \return BAD_PADDING_E when the PSS data is invalid, BAD_FUNC_ARG when
  747. NULL is passed in to in or sig or inSz is not the same as the hash
  748. algorithm length and 0 on success.
  749. \return MEMORY_E memory exception.
  750. \param in Hash of the data that is being verified.
  751. \param inSz Length of hash.
  752. \param sig Buffer holding PSS data.
  753. \param sigSz Size of PSS data.
  754. \param hashType Hash algorithm.
  755. \param saltLen Length of salt used. RSA_PSS_SALT_LEN_DEFAULT (-1) indicates salt
  756. length is the same as the hash length. RSA_PSS_SALT_LEN_DISCOVER
  757. indicates salt length is determined from the data.
  758. \param bits Can be used to calculate salt size in FIPS case
  759. _Example_
  760. \code
  761. ret = wc_InitRsaKey(&key, NULL);
  762. if (ret == 0) {
  763. ret = wc_InitRng(&rng);
  764. } else return -1;
  765. if (ret == 0) {
  766. ret = wc_RsaSetRNG(&key, &rng);
  767. } else return -1;
  768. if (ret == 0) {
  769. ret = wc_MakeRsaKey(&key, 2048, WC_RSA_EXPONENT, &rng);
  770. } else return -1;
  771. if (ret == 0) {
  772. digestSz = wc_HashGetDigestSize(WC_HASH_TYPE_SHA256);
  773. ret = wc_Hash(WC_HASH_TYPE_SHA256, message, sz, digest, digestSz);
  774. } else return -1;
  775. ret = wc_RsaPSS_Sign(digest, digestSz, pSignature, sizeof(pSignature),
  776. WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key, &rng);
  777. if (ret > 0 ){
  778. sz = ret;
  779. } else return -1;
  780. verify = wc_RsaPSS_Verify(pSignature, sz, out, outLen,
  781. WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key);
  782. if (verify <= 0)return -1;
  783. ret = wc_RsaPSS_CheckPadding_ex(digest, digestSz, out, verify, hash, saltLen, 0);
  784. wc_FreeRsaKey(&key);
  785. wc_FreeRng(&rng);
  786. \endcode
  787. \sa wc_RsaPSS_Sign
  788. \sa wc_RsaPSS_Verify
  789. \sa wc_RsaPSS_VerifyInline
  790. \sa wc_RsaPSS_VerifyCheck
  791. \sa wc_RsaPSS_VerifyCheck_ex
  792. \sa wc_RsaPSS_VerifyCheckInline
  793. \sa wc_RsaPSS_VerifyCheckInline_ex
  794. \sa wc_RsaPSS_CheckPadding
  795. */
  796. int wc_RsaPSS_CheckPadding_ex(const byte* in, word32 inLen, byte* sig,
  797. word32 sigSz, enum wc_HashType hashType, int saltLen, int bits);
  798. /*!
  799. \ingroup RSA
  800. \brief Returns the encryption size for the provided key structure.
  801. \return Success Encryption size for the provided key structure.
  802. \param key The key to use for verification.
  803. _Example_
  804. \code
  805. int sz = wc_RsaEncryptSize(&key);
  806. \endcode
  807. \sa wc_InitRsaKey
  808. \sa wc_InitRsaKey_ex
  809. \sa wc_MakeRsaKey
  810. */
  811. int wc_RsaEncryptSize(RsaKey* key);
  812. /*!
  813. \ingroup RSA
  814. \brief This function parses a DER-formatted RSA private key, extracts the
  815. private key and stores it in the given RsaKey structure. It also sets the
  816. distance parsed in idx.
  817. \return 0 Returned upon successfully parsing the private key from the DER
  818. encoded input
  819. \return ASN_PARSE_E Returned if there is an error parsing the private key
  820. from the input buffer. This may happen if the input private key is not
  821. properly formatted according to ASN.1 standards
  822. \return ASN_RSA_KEY_E Returned if there is an error reading the private
  823. key elements of the RSA key input
  824. \param input pointer to the buffer containing the DER formatted private
  825. key to decode
  826. \param inOutIdx pointer to the index in the buffer at which the key begins
  827. (usually 0). As a side effect of this function, inOutIdx will store the
  828. distance parsed through the input buffer
  829. \param key pointer to the RsaKey structure in which to store the decoded
  830. private key
  831. \param inSz size of the input buffer
  832. _Example_
  833. \code
  834. RsaKey enc;
  835. word32 idx = 0;
  836. int ret = 0;
  837. byte der[] = { // initialize with DER-encoded RSA private key };
  838. wc_InitRsaKey(&enc, NULL); // not using heap hint. No custom memory
  839. ret = wc_RsaPrivateKeyDecode(der, &idx, &enc, sizeof(der));
  840. if( ret != 0 ) {
  841. // error parsing private key
  842. }
  843. \endcode
  844. \sa wc_RsaPublicKeyDecode
  845. \sa wc_MakeRsaKey
  846. */
  847. int wc_RsaPrivateKeyDecode(const byte* input, word32* inOutIdx,
  848. RsaKey* key, word32 inSz);
  849. /*!
  850. \ingroup RSA
  851. \brief This function parses a DER-formatted RSA public key, extracts the
  852. public key and stores it in the given RsaKey structure. It also sets the
  853. distance parsed in idx.
  854. \return 0 Returned upon successfully parsing the public key from the DER
  855. encoded input
  856. \return ASN_PARSE_E Returned if there is an error parsing the public key
  857. from the input buffer. This may happen if the input public key is not
  858. properly formatted according to ASN.1 standards
  859. \return ASN_OBJECT_ID_E Returned if the ASN.1 Object ID does not match
  860. that of a RSA public key
  861. \return ASN_EXPECT_0_E Returned if the input key is not correctly
  862. formatted according to ASN.1 standards
  863. \return ASN_BITSTR_E Returned if the input key is not correctly formatted
  864. according to ASN.1 standards
  865. \return ASN_RSA_KEY_E Returned if there is an error reading the public key
  866. elements of the RSA key input
  867. \param input pointer to the buffer containing the input DER-encoded RSA
  868. public key to decode
  869. \param inOutIdx pointer to the index in the buffer at which the key
  870. begins (usually 0). As a side effect of this function, inOutIdx will
  871. store the distance parsed through the input buffer
  872. \param key pointer to the RsaKey structure in which to store the decoded
  873. public key
  874. \param inSz size of the input buffer
  875. _Example_
  876. \code
  877. RsaKey pub;
  878. word32 idx = 0;
  879. int ret = 0;
  880. byte der[] = { // initialize with DER-encoded RSA public key };
  881. wc_InitRsaKey(&pub, NULL); // not using heap hint. No custom memory
  882. ret = wc_RsaPublicKeyDecode(der, &idx, &pub, sizeof(der));
  883. if( ret != 0 ) {
  884. // error parsing public key
  885. }
  886. \endcode
  887. \sa wc_RsaPublicKeyDecodeRaw
  888. */
  889. int wc_RsaPublicKeyDecode(const byte* input, word32* inOutIdx,
  890. RsaKey* key, word32 inSz);
  891. /*!
  892. \ingroup RSA
  893. \brief This function decodes the raw elements of an RSA public key, taking
  894. in the public modulus (n) and exponent (e). It stores these raw elements
  895. in the provided RsaKey structure, allowing one to use them in the
  896. encryption/decryption process.
  897. \return 0 Returned upon successfully decoding the raw elements of the
  898. public key into the RsaKey structure
  899. \return BAD_FUNC_ARG Returned if any of the input arguments evaluates to
  900. NULL
  901. \return MP_INIT_E Returned if there is an error initializing an integer
  902. for use with the multiple precision integer (mp_int) library
  903. \return ASN_GETINT_E Returned if there is an error reading one of the
  904. provided RSA key elements, n or e
  905. \param n pointer to a buffer containing the raw modulus parameter of the
  906. public RSA key
  907. \param nSz size of the buffer containing n
  908. \param e pointer to a buffer containing the raw exponent parameter of
  909. the public RSA key
  910. \param eSz size of the buffer containing e
  911. \param key pointer to the RsaKey struct to initialize with the provided
  912. public key elements
  913. _Example_
  914. \code
  915. RsaKey pub;
  916. int ret = 0;
  917. byte n[] = { // initialize with received n component of public key };
  918. byte e[] = { // initialize with received e component of public key };
  919. wc_InitRsaKey(&pub, NULL); // not using heap hint. No custom memory
  920. ret = wc_RsaPublicKeyDecodeRaw(n, sizeof(n), e, sizeof(e), &pub);
  921. if( ret != 0 ) {
  922. // error parsing public key elements
  923. }
  924. \endcode
  925. \sa wc_RsaPublicKeyDecode
  926. */
  927. int wc_RsaPublicKeyDecodeRaw(const byte* n, word32 nSz,
  928. const byte* e, word32 eSz, RsaKey* key);
  929. /*!
  930. \ingroup RSA
  931. \brief This function converts an RsaKey key to DER format. The result is
  932. written to output and it returns the number of bytes written.
  933. \return 0 Success
  934. \return BAD_FUNC_ARG Returned if key or output is null, or if key->type
  935. is not RSA_PRIVATE, or if inLen isn't large enough for output buffer.
  936. \return MEMORY_E Returned if there is an error allocating memory.
  937. \param key Initialized RsaKey structure.
  938. \param output Pointer to output buffer.
  939. \param inLen Size of output buffer.
  940. _Example_
  941. \code
  942. byte* der;
  943. // Allocate memory for der
  944. int derSz = // Amount of memory allocated for der;
  945. RsaKey key;
  946. WC_WC_RNG rng;
  947. long e = 65537; // standard value to use for exponent
  948. ret = wc_MakeRsaKey(&key, 2048, e, &rng); // generate 2048 bit long
  949. private key
  950. wc_InitRsaKey(&key, NULL);
  951. wc_InitRng(&rng);
  952. if(wc_RsaKeyToDer(&key, der, derSz) != 0)
  953. {
  954. // Handle the error thrown
  955. }
  956. \endcode
  957. \sa wc_RsaKeyToPublicDer
  958. \sa wc_InitRsaKey
  959. \sa wc_MakeRsaKey
  960. \sa wc_InitRng
  961. */
  962. int wc_RsaKeyToDer(RsaKey* key, byte* output, word32 inLen);
  963. /*!
  964. \ingroup RSA
  965. \brief This function performs RSA encrypt while allowing the choice of
  966. which padding to use.
  967. \return size On successfully encryption the size of the encrypted buffer
  968. is returned
  969. \return RSA_BUFFER_E RSA buffer error, output too small or input too large
  970. \param in pointer to the buffer for encryption
  971. \param inLen length of the buffer to encrypt
  972. \param out encrypted msg created
  973. \param outLen length of buffer available to hold encrypted msg
  974. \param key initialized RSA key struct
  975. \param rng initialized WC_RNG struct
  976. \param type type of padding to use (WC_RSA_OAEP_PAD or WC_RSA_PKCSV15_PAD)
  977. \param hash type of hash to use (choices can be found in hash.h)
  978. \param mgf type of mask generation function to use
  979. \param label an optional label to associate with encrypted message
  980. \param labelSz size of the optional label used
  981. _Example_
  982. \code
  983. WC_WC_WC_RNG rng;
  984. RsaKey key;
  985. byte in[] = “I use Turing Machines to ask questions”
  986. byte out[256];
  987. int ret;
  988. ret = wc_RsaPublicEncrypt_ex(in, sizeof(in), out, sizeof(out), &key, &rng,
  989. WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA, WC_MGF1SHA1, NULL, 0);
  990. if (ret < 0) {
  991. //handle error
  992. }
  993. \endcode
  994. \sa wc_RsaPublicEncrypt
  995. \sa wc_RsaPrivateDecrypt_ex
  996. */
  997. int wc_RsaPublicEncrypt_ex(const byte* in, word32 inLen, byte* out,
  998. word32 outLen, RsaKey* key, WC_RNG* rng, int type,
  999. enum wc_HashType hash, int mgf, byte* label, word32 labelSz);
  1000. /*!
  1001. \ingroup RSA
  1002. \brief This function uses RSA to decrypt a message and gives the
  1003. option of what padding type.
  1004. \return size On successful decryption, the size of the decrypted message
  1005. is returned.
  1006. \return MEMORY_E Returned if not enough memory on system to malloc a
  1007. needed array.
  1008. \return BAD_FUNC_ARG Returned if a bad argument was passed into the
  1009. function.
  1010. \param in pointer to the buffer for decryption
  1011. \param inLen length of the buffer to decrypt
  1012. \param out decrypted msg created
  1013. \param outLen length of buffer available to hold decrypted msg
  1014. \param key initialized RSA key struct
  1015. \param type type of padding to use (WC_RSA_OAEP_PAD or WC_RSA_PKCSV15_PAD)
  1016. \param hash type of hash to use (choices can be found in hash.h)
  1017. \param mgf type of mask generation function to use
  1018. \param label an optional label to associate with encrypted message
  1019. \param labelSz size of the optional label used
  1020. _Example_
  1021. \code
  1022. WC_WC_WC_RNG rng;
  1023. RsaKey key;
  1024. byte in[] = “I use Turing Machines to ask questions”
  1025. byte out[256];
  1026. byte plain[256];
  1027. int ret;
  1028. ret = wc_RsaPublicEncrypt_ex(in, sizeof(in), out, sizeof(out), &key,
  1029. &rng, WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA, WC_MGF1SHA1, NULL, 0);
  1030. if (ret < 0) {
  1031. //handle error
  1032. }
  1033. ret = wc_RsaPrivateDecrypt_ex(out, ret, plain, sizeof(plain), &key,
  1034. WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA, WC_MGF1SHA1, NULL, 0);
  1035. if (ret < 0) {
  1036. //handle error
  1037. }
  1038. \endcode
  1039. \sa none
  1040. */
  1041. int wc_RsaPrivateDecrypt_ex(const byte* in, word32 inLen,
  1042. byte* out, word32 outLen, RsaKey* key, int type,
  1043. enum wc_HashType hash, int mgf, byte* label, word32 labelSz);
  1044. /*!
  1045. \ingroup RSA
  1046. \brief This function uses RSA to decrypt a message inline and gives the
  1047. option of what padding type. The in buffer will contain the decrypted
  1048. message after being called and the out byte pointer will point to the
  1049. location in the “in” buffer where the plain text is.
  1050. \return size On successful decryption, the size of the decrypted message
  1051. is returned.
  1052. \return MEMORY_E: Returned if not enough memory on system to malloc a
  1053. needed array.
  1054. \return RSA_PAD_E: Returned if an error in the padding was encountered.
  1055. \return BAD_PADDING_E: Returned if an error happened during parsing past
  1056. padding.
  1057. \return BAD_FUNC_ARG: Returned if a bad argument was passed into the
  1058. function.
  1059. \param in pointer to the buffer for decryption
  1060. \param inLen length of the buffer to decrypt
  1061. \param out pointer to location of decrypted message in “in” buffer
  1062. \param key initialized RSA key struct
  1063. \param type type of padding to use (WC_RSA_OAEP_PAD or WC_RSA_PKCSV15_PAD)
  1064. \param hash type of hash to use (choices can be found in hash.h)
  1065. \param mgf type of mask generation function to use
  1066. \param label an optional label to associate with encrypted message
  1067. \param labelSz size of the optional label used
  1068. _Example_
  1069. \code
  1070. WC_WC_WC_RNG rng;
  1071. RsaKey key;
  1072. byte in[] = “I use Turing Machines to ask questions”
  1073. byte out[256];
  1074. byte* plain;
  1075. int ret;
  1076. ret = wc_RsaPublicEncrypt_ex(in, sizeof(in), out, sizeof(out), &key,
  1077. &rng, WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA, WC_MGF1SHA1, NULL, 0);
  1078. if (ret < 0) {
  1079. //handle error
  1080. }
  1081. ret = wc_RsaPrivateDecryptInline_ex(out, ret, &plain, &key,
  1082. WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA, WC_MGF1SHA1, NULL, 0);
  1083. if (ret < 0) {
  1084. //handle error
  1085. }
  1086. \endcode
  1087. \sa none
  1088. */
  1089. int wc_RsaPrivateDecryptInline_ex(byte* in, word32 inLen,
  1090. byte** out, RsaKey* key, int type, enum wc_HashType hash,
  1091. int mgf, byte* label, word32 labelSz);
  1092. /*!
  1093. \ingroup RSA
  1094. \brief Flattens the RsaKey structure into individual elements (e, n)
  1095. used for the RSA algorithm.
  1096. \return 0 Returned if the function executed normally, without error.
  1097. \return BAD_FUNC_ARG: Returned if any of the parameters are passed in
  1098. with a null value.
  1099. \return RSA_BUFFER_E: Returned if the e or n buffers passed in are not
  1100. the correct size.
  1101. \return MP_MEM: Returned if an internal function has memory errors.
  1102. \return MP_VAL: Returned if an internal function argument is not valid.
  1103. \param key The key to use for verification.
  1104. \param e a buffer for the value of e. e is a large positive integer in
  1105. the RSA modular arithmetic operation.
  1106. \param eSz the size of the e buffer.
  1107. \param n a buffer for the value of n. n is a large positive integer in
  1108. the RSA modular arithmetic operation.
  1109. \param nSz the size of the n buffer.
  1110. _Example_
  1111. \code
  1112. Rsa key; // A valid RSA key.
  1113. byte e[ buffer sz E.g. 256 ];
  1114. byte n[256];
  1115. int ret;
  1116. word32 eSz = sizeof(e);
  1117. word32 nSz = sizeof(n);
  1118. ...
  1119. ret = wc_RsaFlattenPublicKey(&key, e, &eSz, n, &nSz);
  1120. if (ret != 0) {
  1121. // Failure case.
  1122. }
  1123. \endcode
  1124. \sa wc_InitRsaKey
  1125. \sa wc_InitRsaKey_ex
  1126. \sa wc_MakeRsaKey
  1127. */
  1128. int wc_RsaFlattenPublicKey(RsaKey* key, byte* e, word32* eSz, byte* n,
  1129. word32* nSz);
  1130. /*!
  1131. \ingroup RSA
  1132. \brief Convert Rsa Public key to DER format. Writes to output, and
  1133. returns count of bytes written.
  1134. \return >0 Success, number of bytes written.
  1135. \return BAD_FUNC_ARG Returned if key or output is null.
  1136. \return MEMORY_E Returned when an error allocating memory occurs.
  1137. \return <0 Error
  1138. \param key The RSA key structure to convert.
  1139. \param output Output buffer to hold DER. (if NULL will return length only)
  1140. \param inLen Length of buffer.
  1141. _Example_
  1142. \code
  1143. RsaKey key;
  1144. wc_InitRsaKey(&key, NULL);
  1145. // Use key
  1146. const int BUFFER_SIZE = 1024; // Some adequate size for the buffer
  1147. byte output[BUFFER_SIZE];
  1148. if (wc_RsaKeyToPublicDer(&key, output, sizeof(output)) != 0) {
  1149. // Handle Error
  1150. }
  1151. \endcode
  1152. \sa wc_RsaPublicKeyDerSize
  1153. \sa wc_RsaKeyToPublicDer_ex
  1154. \sa wc_InitRsaKey
  1155. */
  1156. int wc_RsaKeyToPublicDer(RsaKey* key, byte* output, word32 inLen);
  1157. /*!
  1158. \ingroup RSA
  1159. \brief Convert RSA Public key to DER format. Writes to output, and
  1160. returns count of bytes written. If with_header is 0 then only the
  1161. ( seq + n + e) is returned in ASN.1 DER format and will exclude the header.
  1162. \return >0 Success, number of bytes written.
  1163. \return BAD_FUNC_ARG Returned if key or output is null.
  1164. \return MEMORY_E Returned when an error allocating memory occurs.
  1165. \return <0 Error
  1166. \param key The RSA key structure to convert.
  1167. \param output Output buffer to hold DER. (if NULL will return length only)
  1168. \param inLen Length of buffer.
  1169. _Example_
  1170. \code
  1171. RsaKey key;
  1172. wc_InitRsaKey(&key, NULL);
  1173. // Use key
  1174. const int BUFFER_SIZE = 1024; // Some adequate size for the buffer
  1175. byte output[BUFFER_SIZE];
  1176. if (wc_RsaKeyToPublicDer_ex(&key, output, sizeof(output), 0) != 0) {
  1177. // Handle Error
  1178. }
  1179. \endcode
  1180. \sa wc_RsaPublicKeyDerSize
  1181. \sa wc_RsaKeyToPublicDer
  1182. \sa wc_InitRsaKey
  1183. */
  1184. int wc_RsaKeyToPublicDer_ex(RsaKey* key, byte* output, word32 inLen,
  1185. int with_header);
  1186. /*!
  1187. \ingroup RSA
  1188. \brief This function generates a RSA private key of length size (in bits)
  1189. and given exponent (e). It then stores this key in the provided RsaKey
  1190. structure, so that it may be used for encryption/decryption. A secure
  1191. number to use for e is 65537. size is required to be greater than
  1192. RSA_MIN_SIZE and less than RSA_MAX_SIZE. For this function to be
  1193. available, the option WOLFSSL_KEY_GEN must be enabled at compile time.
  1194. This can be accomplished with --enable-keygen if using ./configure.
  1195. \return 0 Returned upon successfully generating a RSA private key
  1196. \return BAD_FUNC_ARG Returned if any of the input arguments are NULL,
  1197. the size parameter falls outside of the necessary bounds, or e is
  1198. incorrectly chosen
  1199. \return RNG_FAILURE_E Returned if there is an error generating a random
  1200. block using the provided RNG structure
  1201. \return MP_INIT_E
  1202. \return MP_READ_E May be May be returned if there is an error in the math
  1203. library used while generating the RSA key returned if there is an error
  1204. in the math library used while generating the RSA key
  1205. \return MP_CMP_E May be returned if there is an error in the math library
  1206. used while generating the RSA key
  1207. \return MP_INVMOD_E May be returned if there is an error in the math
  1208. library used while generating the RSA key
  1209. \return MP_EXPTMOD_E May be returned if there is an error in the math
  1210. library used while generating the RSA key
  1211. \return MP_MOD_E May be returned if there is an error in the math
  1212. library used while generating the RSA key
  1213. \return MP_MUL_E May be returned if there is an error in the math
  1214. library used while generating the RSA key
  1215. \return MP_ADD_E May be returned if there is an error in the math
  1216. library used while generating the RSA key
  1217. \return MP_MULMOD_E May be returned if there is an error in the math
  1218. library used while generating the RSA key
  1219. \return MP_TO_E May be returned if there is an error in the math
  1220. library used while generating the RSA key
  1221. \return MP_MEM May be returned if there is an error in the math
  1222. library used while generating the RSA key
  1223. \return MP_ZERO_E May be returned if there is an error in the math
  1224. library used while generating the RSA key
  1225. \param key pointer to the RsaKey structure in which to store the
  1226. generated private key
  1227. \param size desired key length, in bits. Required to be greater than
  1228. RSA_MIN_SIZE and less than RSA_MAX_SIZE
  1229. \param e exponent parameter to use for generating the key. A secure
  1230. choice is 65537
  1231. \param rng pointer to an RNG structure to use for random number generation
  1232. while making the ke
  1233. _Example_
  1234. \code
  1235. RsaKey priv;
  1236. WC_WC_RNG rng;
  1237. int ret = 0;
  1238. long e = 65537; // standard value to use for exponent
  1239. wc_InitRsaKey(&priv, NULL); // not using heap hint. No custom memory
  1240. wc_InitRng(&rng);
  1241. // generate 2048 bit long private key
  1242. ret = wc_MakeRsaKey(&priv, 2048, e, &rng);
  1243. if( ret != 0 ) {
  1244. // error generating private key
  1245. }
  1246. \endcode
  1247. \sa none
  1248. */
  1249. int wc_MakeRsaKey(RsaKey* key, int size, long e, WC_RNG* rng);
  1250. /*!
  1251. \ingroup RSA
  1252. \brief This function sets the non-blocking RSA context. When a RsaNb context
  1253. is set it enables fast math based non-blocking exptmod, which splits the RSA
  1254. function into many smaller operations.
  1255. Enabled when WC_RSA_NONBLOCK is defined.
  1256. \return 0 Success
  1257. \return BAD_FUNC_ARG Returned if key or nb is null.
  1258. \param key The RSA key structure
  1259. \param nb The RSA non-blocking structure for this RSA key to use.
  1260. _Example_
  1261. \code
  1262. int ret, count = 0;
  1263. RsaKey key;
  1264. RsaNb nb;
  1265. wc_InitRsaKey(&key, NULL);
  1266. // Enable non-blocking RSA mode - provide context
  1267. ret = wc_RsaSetNonBlock(key, &nb);
  1268. if (ret != 0)
  1269. return ret;
  1270. do {
  1271. ret = wc_RsaSSL_Sign(in, inLen, out, outSz, key, rng);
  1272. count++; // track number of would blocks
  1273. if (ret == FP_WOULDBLOCK) {
  1274. // do "other" work here
  1275. }
  1276. } while (ret == FP_WOULDBLOCK);
  1277. if (ret < 0) {
  1278. return ret;
  1279. }
  1280. printf("RSA non-block sign: size %d, %d times\n", ret, count);
  1281. \endcode
  1282. \sa wc_RsaSetNonBlockTime
  1283. */
  1284. int wc_RsaSetNonBlock(RsaKey* key, RsaNb* nb);
  1285. /*!
  1286. \ingroup RSA
  1287. \brief This function configures the maximum amount of blocking time in
  1288. microseconds. It uses a pre-computed table (see tfm.c exptModNbInst) along
  1289. with the CPU speed in megahertz to determine if the next operation can be
  1290. completed within the maximum blocking time provided.
  1291. Enabled when WC_RSA_NONBLOCK_TIME is defined.
  1292. \return 0 Success
  1293. \return BAD_FUNC_ARG Returned if key is null or wc_RsaSetNonBlock was not
  1294. previously called and key->nb is null.
  1295. \param key The RSA key structure.
  1296. \param maxBlockUs Maximum time to block microseconds.
  1297. \param cpuMHz CPU speed in megahertz.
  1298. _Example_
  1299. \code
  1300. RsaKey key;
  1301. RsaNb nb;
  1302. wc_InitRsaKey(&key, NULL);
  1303. wc_RsaSetNonBlock(key, &nb);
  1304. wc_RsaSetNonBlockTime(&key, 4000, 160); // Block Max = 4 ms, CPU = 160MHz
  1305. \endcode
  1306. \sa wc_RsaSetNonBlock
  1307. */
  1308. int wc_RsaSetNonBlockTime(RsaKey* key, word32 maxBlockUs,
  1309. word32 cpuMHz);