rsa.h 52 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798991001011021031041051061071081091101111121131141151161171181191201211221231241251261271281291301311321331341351361371381391401411421431441451461471481491501511521531541551561571581591601611621631641651661671681691701711721731741751761771781791801811821831841851861871881891901911921931941951961971981992002012022032042052062072082092102112122132142152162172182192202212222232242252262272282292302312322332342352362372382392402412422432442452462472482492502512522532542552562572582592602612622632642652662672682692702712722732742752762772782792802812822832842852862872882892902912922932942952962972982993003013023033043053063073083093103113123133143153163173183193203213223233243253263273283293303313323333343353363373383393403413423433443453463473483493503513523533543553563573583593603613623633643653663673683693703713723733743753763773783793803813823833843853863873883893903913923933943953963973983994004014024034044054064074084094104114124134144154164174184194204214224234244254264274284294304314324334344354364374384394404414424434444454464474484494504514524534544554564574584594604614624634644654664674684694704714724734744754764774784794804814824834844854864874884894904914924934944954964974984995005015025035045055065075085095105115125135145155165175185195205215225235245255265275285295305315325335345355365375385395405415425435445455465475485495505515525535545555565575585595605615625635645655665675685695705715725735745755765775785795805815825835845855865875885895905915925935945955965975985996006016026036046056066076086096106116126136146156166176186196206216226236246256266276286296306316326336346356366376386396406416426436446456466476486496506516526536546556566576586596606616626636646656666676686696706716726736746756766776786796806816826836846856866876886896906916926936946956966976986997007017027037047057067077087097107117127137147157167177187197207217227237247257267277287297307317327337347357367377387397407417427437447457467477487497507517527537547557567577587597607617627637647657667677687697707717727737747757767777787797807817827837847857867877887897907917927937947957967977987998008018028038048058068078088098108118128138148158168178188198208218228238248258268278288298308318328338348358368378388398408418428438448458468478488498508518528538548558568578588598608618628638648658668678688698708718728738748758768778788798808818828838848858868878888898908918928938948958968978988999009019029039049059069079089099109119129139149159169179189199209219229239249259269279289299309319329339349359369379389399409419429439449459469479489499509519529539549559569579589599609619629639649659669679689699709719729739749759769779789799809819829839849859869879889899909919929939949959969979989991000100110021003100410051006100710081009101010111012101310141015101610171018101910201021102210231024102510261027102810291030103110321033103410351036103710381039104010411042104310441045104610471048104910501051105210531054105510561057105810591060106110621063106410651066106710681069107010711072107310741075107610771078107910801081108210831084108510861087108810891090109110921093109410951096109710981099110011011102110311041105110611071108110911101111111211131114111511161117111811191120112111221123112411251126112711281129113011311132113311341135113611371138113911401141114211431144114511461147114811491150115111521153115411551156115711581159116011611162116311641165116611671168116911701171117211731174117511761177117811791180118111821183118411851186118711881189119011911192119311941195119611971198119912001201120212031204120512061207120812091210121112121213121412151216121712181219122012211222122312241225122612271228122912301231123212331234123512361237123812391240124112421243124412451246124712481249125012511252125312541255125612571258125912601261126212631264126512661267126812691270127112721273127412751276127712781279128012811282128312841285128612871288128912901291129212931294129512961297129812991300130113021303130413051306130713081309131013111312131313141315131613171318131913201321132213231324132513261327132813291330133113321333133413351336133713381339134013411342134313441345134613471348134913501351135213531354135513561357135813591360136113621363136413651366136713681369137013711372137313741375137613771378137913801381138213831384138513861387138813891390139113921393139413951396139713981399140014011402140314041405140614071408140914101411141214131414141514161417141814191420142114221423142414251426142714281429143014311432143314341435143614371438143914401441144214431444144514461447144814491450145114521453145414551456145714581459146014611462146314641465146614671468146914701471147214731474147514761477147814791480148114821483148414851486148714881489149014911492149314941495149614971498149915001501150215031504150515061507150815091510151115121513151415151516151715181519152015211522152315241525152615271528152915301531153215331534153515361537153815391540154115421543154415451546154715481549155015511552155315541555155615571558155915601561156215631564156515661567156815691570157115721573157415751576157715781579158015811582158315841585158615871588158915901591159215931594159515961597159815991600160116021603
  1. /*!
  2. \ingroup RSA
  3. \brief This function initializes a provided RsaKey struct. It also takes
  4. in a heap identifier, for use with user defined memory overrides
  5. (see XMALLOC, XFREE, XREALLOC).
  6. The key has to be associated with RNG by wc_RsaSetRNG when WC_RSA_BLINDING
  7. is enabled.
  8. \return 0 Returned upon successfully initializing the RSA structure for
  9. use with encryption and decryption
  10. \return BAD_FUNC_ARGS Returned if the RSA key pointer evaluates to NULL
  11. \param key pointer to the RsaKey structure to initialize
  12. \param heap pointer to a heap identifier, for use with memory overrides,
  13. allowing custom handling of memory allocation. This heap will be the
  14. default used when allocating memory for use with this RSA object
  15. _Example_
  16. \code
  17. RsaKey enc;
  18. int ret;
  19. ret = wc_InitRsaKey(&enc, NULL); // not using heap hint. No custom memory
  20. if ( ret != 0 ) {
  21. // error initializing RSA key
  22. }
  23. \endcode
  24. \sa wc_FreeRsaKey
  25. \sa wc_RsaSetRNG
  26. */
  27. int wc_InitRsaKey(RsaKey* key, void* heap);
  28. /*!
  29. \ingroup RSA
  30. \brief This function initializes a provided RsaKey struct. The id and
  31. len are used to identify the key on the device while the devId identifies
  32. the device. It also takes in a heap identifier, for use with user defined
  33. memory overrides (see XMALLOC, XFREE, XREALLOC).
  34. The key has to be associated with RNG by wc_RsaSetRNG when WC_RSA_BLINDING
  35. is enabled.
  36. \return 0 Returned upon successfully initializing the RSA structure for
  37. use with encryption and decryption
  38. \return BAD_FUNC_ARGS Returned if the RSA key pointer evaluates to NULL
  39. \return BUFFER_E Returned if len is less than 0 or greater than
  40. RSA_MAX_ID_LEN.
  41. \param key pointer to the RsaKey structure to initialize
  42. \param id identifier of key on device
  43. \param len length of identifier in bytes
  44. \param heap pointer to a heap identifier, for use with memory overrides,
  45. allowing custom handling of memory allocation. This heap will be the
  46. default used when allocating memory for use with this RSA object
  47. \param devId ID to use with crypto callbacks or async hardware. Set to INVALID_DEVID (-2) if not used
  48. _Example_
  49. \code
  50. RsaKey enc;
  51. unsigned char* id = (unsigned char*)"RSA2048";
  52. int len = 6;
  53. int devId = 1;
  54. int ret;
  55. ret = wc_CryptoDev_RegisterDevice(devId, wc_Pkcs11_CryptoDevCb,
  56. &token);
  57. if ( ret != 0) {
  58. // error associating callback and token with device id
  59. }
  60. ret = wc_InitRsaKey_Id(&enc, id, len, NULL, devId); // not using heap hint
  61. if ( ret != 0 ) {
  62. // error initializing RSA key
  63. }
  64. \endcode
  65. \sa wc_InitRsaKey
  66. \sa wc_FreeRsaKey
  67. \sa wc_RsaSetRNG
  68. */
  69. int wc_InitRsaKey_Id(RsaKey* key, unsigned char* id, int len,
  70. void* heap, int devId);
  71. /*!
  72. \ingroup RSA
  73. \brief This function associates RNG with Key. It is needed when WC_RSA_BLINDING
  74. is enabled.
  75. \return 0 Returned upon success
  76. \return BAD_FUNC_ARGS Returned if the RSA key, rng pointer evaluates to NULL
  77. \param key pointer to the RsaKey structure to be associated
  78. \param rng pointer to the WC_RNG structure to associate with
  79. _Example_
  80. \code
  81. ret = wc_InitRsaKey(&key, NULL);
  82. if (ret == 0) {
  83. ret = wc_InitRng(&rng);
  84. } else return -1;
  85. if (ret == 0) {
  86. ret = wc_RsaSetRNG(&key, &rng);
  87. \endcode
  88. \sa wc_InitRsaKey
  89. \sa wc_RsaSetRNG
  90. */
  91. int wc_RsaSetRNG(RsaKey* key, WC_RNG* rng);
  92. /*!
  93. \ingroup RSA
  94. \brief This function frees a provided RsaKey struct using mp_clear.
  95. \return 0 Returned upon successfully freeing the key
  96. \param key pointer to the RsaKey structure to free
  97. _Example_
  98. \code
  99. RsaKey enc;
  100. wc_InitRsaKey(&enc, NULL); // not using heap hint. No custom memory
  101. ... set key, do encryption
  102. wc_FreeRsaKey(&enc);
  103. \endcode
  104. \sa wc_InitRsaKey
  105. */
  106. int wc_FreeRsaKey(RsaKey* key);
  107. /*!
  108. \ingroup RSA
  109. \brief Function that does the RSA operation directly with no padding. The input
  110. size must match key size. Typically this is
  111. used when padding is already done on the RSA input.
  112. \return size On successfully encryption the size of the encrypted buffer
  113. is returned
  114. \return RSA_BUFFER_E RSA buffer error, output too small or input too large
  115. \param in buffer to do operation on
  116. \param inLen length of input buffer
  117. \param out buffer to hold results
  118. \param outSz gets set to size of result buffer. Should be passed in as length
  119. of out buffer. If the pointer "out" is null then outSz gets set to the
  120. expected buffer size needed and LENGTH_ONLY_E gets returned.
  121. \param key initialized RSA key to use for encrypt/decrypt
  122. \param type if using private or public key (RSA_PUBLIC_ENCRYPT,
  123. RSA_PUBLIC_DECRYPT, RSA_PRIVATE_ENCRYPT, RSA_PRIVATE_DECRYPT)
  124. \param rng initialized WC_RNG struct
  125. _Example_
  126. \code
  127. int ret;
  128. WC_RNG rng;
  129. RsaKey key;
  130. byte in[256];
  131. byte out[256];
  132. word32 outSz = (word32)sizeof(out);
  133. ret = wc_RsaDirect(in, (word32)sizeof(in), out, &outSz, &key,
  134. RSA_PRIVATE_ENCRYPT, &rng);
  135. if (ret < 0) {
  136. //handle error
  137. }
  138. \endcode
  139. \sa wc_RsaPublicEncrypt
  140. \sa wc_RsaPrivateDecrypt
  141. */
  142. int wc_RsaDirect(byte* in, word32 inLen, byte* out, word32* outSz,
  143. RsaKey* key, int type, WC_RNG* rng);
  144. /*!
  145. \ingroup RSA
  146. \brief This function encrypts a message from in and stores the result
  147. in out. It requires an initialized public key and a random number
  148. generator. As a side effect, this function will return the bytes written
  149. to out in outLen.
  150. \return Success Upon successfully encrypting the input message, returns
  151. 0 for success and less than zero for failure. Also returns the number
  152. bytes written to out by storing the value in outLen
  153. \return BAD_FUNC_ARG Returned if any of the input parameters are invalid
  154. \return RSA_BUFFER_E Returned if the output buffer is too small to store
  155. the ciphertext
  156. \return RNG_FAILURE_E Returned if there is an error generating a random
  157. block using the provided RNG structure
  158. \return MP_INIT_E May be returned if there is an error in the math
  159. library used while encrypting the message
  160. \return MP_READ_E May be returned if there is an error in the math
  161. library used while encrypting the message
  162. \return MP_CMP_E May be returned if there is an error in the math
  163. library used while encrypting the message
  164. \return MP_INVMOD_E May be returned if there is an error in the math
  165. library used while encrypting the message
  166. \return MP_EXPTMOD_E May be returned if there is an error in the math
  167. library used while encrypting the message
  168. \return MP_MOD_E May be returned if there is an error in the math
  169. library used while encrypting the message
  170. \return MP_MUL_E May be returned if there is an error in the math
  171. library used while encrypting the message
  172. \return MP_ADD_E May be returned if there is an error in the math
  173. library used while encrypting the message
  174. \return MP_MULMOD_E May be returned if there is an error in the math
  175. library used while encrypting the message
  176. \return MP_TO_E May be returned if there is an error in the math
  177. library used while encrypting the message
  178. \return MP_MEM May be returned if there is an error in the math
  179. library used while encrypting the message
  180. \return MP_ZERO_E May be returned if there is an error in the math
  181. library used while encrypting the message
  182. \param in pointer to a buffer containing the input message to encrypt
  183. \param inLen the length of the message to encrypt
  184. \param out pointer to the buffer in which to store the output ciphertext
  185. \param outLen the length of the output buffer
  186. \param key pointer to the RsaKey structure containing the public
  187. key to use for encryption
  188. \param rng The RNG structure with which to generate random block padding
  189. _Example_
  190. \code
  191. RsaKey pub;
  192. int ret = 0;
  193. byte n[] = { // initialize with received n component of public key };
  194. byte e[] = { // initialize with received e component of public key };
  195. byte msg[] = { // initialize with plaintext of message to encrypt };
  196. byte cipher[256]; // 256 bytes is large enough to store 2048 bit RSA
  197. ciphertext
  198. wc_InitRsaKey(&pub, NULL); // not using heap hint. No custom memory
  199. wc_RsaPublicKeyDecodeRaw(n, sizeof(n), e, sizeof(e), &pub);
  200. // initialize with received public key parameters
  201. ret = wc_RsaPublicEncrypt(msg, sizeof(msg), out, sizeof(out), &pub, &rng);
  202. if ( ret != 0 ) {
  203. // error encrypting message
  204. }
  205. \endcode
  206. \sa wc_RsaPrivateDecrypt
  207. */
  208. int wc_RsaPublicEncrypt(const byte* in, word32 inLen, byte* out,
  209. word32 outLen, RsaKey* key, WC_RNG* rng);
  210. /*!
  211. \ingroup RSA
  212. \brief This functions is utilized by the wc_RsaPrivateDecrypt function
  213. for decrypting.
  214. \return Success Length of decrypted data.
  215. \return RSA_PAD_E RsaUnPad error, bad formatting
  216. \param in The byte array to be decrypted.
  217. \param inLen The length of in.
  218. \param out The byte array for the decrypted data to be stored.
  219. \param key The key to use for decryption.
  220. _Example_
  221. \code
  222. none
  223. \endcode
  224. \sa wc_RsaPrivateDecrypt
  225. */
  226. int wc_RsaPrivateDecryptInline(byte* in, word32 inLen, byte** out,
  227. RsaKey* key);
  228. /*!
  229. \ingroup RSA
  230. \brief This functions provides private RSA decryption.
  231. \return Success length of decrypted data.
  232. \return MEMORY_E -125, out of memory error
  233. \return BAD_FUNC_ARG -173, Bad function argument provided
  234. \param in The byte array to be decrypted.
  235. \param inLen The length of in.
  236. \param out The byte array for the decrypted data to be stored.
  237. \param outLen The length of out.
  238. \param key The key to use for decryption.
  239. _Example_
  240. \code
  241. ret = wc_RsaPublicEncrypt(in, inLen, out, sizeof(out), &key, &rng);
  242. if (ret < 0) {
  243. return -1;
  244. }
  245. ret = wc_RsaPrivateDecrypt(out, ret, plain, sizeof(plain), &key);
  246. if (ret < 0) {
  247. return -1;
  248. }
  249. \endcode
  250. \sa RsaUnPad
  251. \sa wc_RsaFunction
  252. \sa wc_RsaPrivateDecryptInline
  253. */
  254. int wc_RsaPrivateDecrypt(const byte* in, word32 inLen, byte* out,
  255. word32 outLen, RsaKey* key);
  256. /*!
  257. \ingroup RSA
  258. \brief Signs the provided array with the private key.
  259. \return RSA_BUFFER_E: -131, RSA buffer error, output too small or
  260. input too large
  261. \param in The byte array to be encrypted.
  262. \param inLen The length of in.
  263. \param out The byte array for the encrypted data to be stored.
  264. \param outLen The length of out.
  265. \param key The key to use for encryption.
  266. \param RNG The RNG struct to use for random number purposes.
  267. _Example_
  268. \code
  269. ret = wc_RsaSSL_Sign(in, inLen, out, sizeof(out), &key, &rng);
  270. if (ret < 0) {
  271. return -1;
  272. }
  273. memset(plain, 0, sizeof(plain));
  274. ret = wc_RsaSSL_Verify(out, ret, plain, sizeof(plain), &key);
  275. if (ret < 0) {
  276. return -1;
  277. }
  278. \endcode
  279. \sa wc_RsaPad
  280. */
  281. int wc_RsaSSL_Sign(const byte* in, word32 inLen, byte* out,
  282. word32 outLen, RsaKey* key, WC_RNG* rng);
  283. /*!
  284. \ingroup RSA
  285. \brief Used to verify that the message was signed by RSA key. The output
  286. uses the same byte array as the input.
  287. \return >0 Length of text.
  288. \return <0 An error occurred.
  289. \param in Byte array to be decrypted.
  290. \param inLen Length of the buffer input.
  291. \param out Pointer to a pointer for decrypted information.
  292. \param key RsaKey to use.
  293. _Example_
  294. \code
  295. RsaKey key;
  296. WC_RNG rng;
  297. int ret = 0;
  298. long e = 65537; // standard value to use for exponent
  299. wc_InitRsaKey(&key, NULL); // not using heap hint. No custom memory
  300. wc_InitRng(&rng);
  301. wc_MakeRsaKey(&key, 2048, e, &rng);
  302. byte in[] = { // Initialize with some RSA encrypted information }
  303. byte* out;
  304. if(wc_RsaSSL_VerifyInline(in, sizeof(in), &out, &key) < 0)
  305. {
  306. // handle error
  307. }
  308. \endcode
  309. \sa wc_RsaSSL_Verify
  310. \sa wc_RsaSSL_Sign
  311. */
  312. int wc_RsaSSL_VerifyInline(byte* in, word32 inLen, byte** out,
  313. RsaKey* key);
  314. /*!
  315. \ingroup RSA
  316. \brief Used to verify that the message was signed by key.
  317. \return Success Length of text on no error.
  318. \return MEMORY_E memory exception.
  319. \param in The byte array to be decrypted.
  320. \param inLen The length of in.
  321. \param out The byte array for the decrypted data to be stored.
  322. \param outLen The length of out.
  323. \param key The key to use for verification.
  324. _Example_
  325. \code
  326. ret = wc_RsaSSL_Sign(in, inLen, out, sizeof(out), &key, &rng);
  327. if (ret < 0) {
  328. return -1;
  329. }
  330. memset(plain, 0, sizeof(plain));
  331. ret = wc_RsaSSL_Verify(out, ret, plain, sizeof(plain), &key);
  332. if (ret < 0) {
  333. return -1;
  334. }
  335. \endcode
  336. \sa wc_RsaSSL_Sign
  337. */
  338. int wc_RsaSSL_Verify(const byte* in, word32 inLen, byte* out,
  339. word32 outLen, RsaKey* key);
  340. /*!
  341. \ingroup RSA
  342. \brief Signs the provided array with the private key.
  343. \return RSA_BUFFER_E: -131, RSA buffer error, output too small or
  344. input too large
  345. \param in The byte array to be encrypted.
  346. \param inLen The length of in.
  347. \param out The byte array for the encrypted data to be stored.
  348. \param outLen The length of out.
  349. \param hash The hash type to be in message
  350. \param mgf Mask Generation Function Identifiers
  351. \param key The key to use for verification.
  352. _Example_
  353. \code
  354. ret = wc_InitRsaKey(&key, NULL);
  355. if (ret == 0) {
  356. ret = wc_InitRng(&rng);
  357. } else return -1;
  358. if (ret == 0) {
  359. ret = wc_RsaSetRNG(&key, &rng);
  360. } else return -1;
  361. if (ret == 0) {
  362. ret = wc_MakeRsaKey(&key, 2048, WC_RSA_EXPONENT, &rng);
  363. } else return -1;
  364. ret = wc_RsaPSS_Sign((byte*)szMessage, (word32)XSTRLEN(szMessage)+1,
  365. pSignature, sizeof(pSignature),
  366. WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key, &rng);
  367. if (ret > 0 ){
  368. sz = ret;
  369. } else return -1;
  370. ret = wc_RsaPSS_Verify(pSignature, sz, pt, outLen,
  371. WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key);
  372. if (ret <= 0)return -1;
  373. wc_FreeRsaKey(&key);
  374. wc_FreeRng(&rng);
  375. \endcode
  376. \sa wc_RsaPSS_Verify
  377. \sa wc_RsaSetRNG
  378. */
  379. int wc_RsaPSS_Sign(const byte* in, word32 inLen, byte* out,
  380. word32 outLen, enum wc_HashType hash, int mgf,
  381. RsaKey* key, WC_RNG* rng);
  382. /*!
  383. \ingroup RSA
  384. \brief Decrypt input signature to verify that the message was signed by key.
  385. The key has to be associated with RNG by wc_RsaSetRNG when WC_RSA_BLINDING is enabled.
  386. \return Success Length of text on no error.
  387. \return MEMORY_E memory exception.
  388. \return MP_EXPTMOD_E - When using fastmath and FP_MAX_BITS not set to at least 2 times the keySize (Example when using 4096-bit key set FP_MAX_BITS to 8192 or greater value)
  389. \param in The byte array to be decrypted.
  390. \param inLen The length of in.
  391. \param out The byte array for the decrypted data to be stored.
  392. \param outLen The length of out.
  393. \param hash The hash type to be in message
  394. \param mgf Mask Generation Function Identifiers
  395. \param key The key to use for verification.
  396. _Example_
  397. \code
  398. ret = wc_InitRsaKey(&key, NULL);
  399. if (ret == 0) {
  400. ret = wc_InitRng(&rng);
  401. } else return -1;
  402. if (ret == 0) {
  403. ret = wc_RsaSetRNG(&key, &rng);
  404. } else return -1;
  405. if (ret == 0) {
  406. ret = wc_MakeRsaKey(&key, 2048, WC_RSA_EXPONENT, &rng);
  407. } else return -1;
  408. ret = wc_RsaPSS_Sign((byte*)szMessage, (word32)XSTRLEN(szMessage)+1,
  409. pSignature, sizeof(pSignature),
  410. WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key, &rng);
  411. if (ret > 0 ){
  412. sz = ret;
  413. } else return -1;
  414. ret = wc_RsaPSS_Verify(pSignature, sz, pt, outLen,
  415. WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key);
  416. if (ret <= 0)return -1;
  417. wc_FreeRsaKey(&key);
  418. wc_FreeRng(&rng);
  419. \endcode
  420. \sa wc_RsaPSS_Sign
  421. \sa wc_RsaPSS_VerifyInline
  422. \sa wc_RsaPSS_CheckPadding
  423. \sa wc_RsaSetRNG
  424. */
  425. int wc_RsaPSS_Verify(byte* in, word32 inLen, byte* out,
  426. word32 outLen, enum wc_HashType hash, int mgf,
  427. RsaKey* key);
  428. /*!
  429. \ingroup RSA
  430. \brief Decrypt input signature to verify that the message was signed by RSA
  431. key.
  432. The output uses the same byte array as the input.
  433. The key has to be associated with RNG by wc_RsaSetRNG when WC_RSA_BLINDING
  434. is enabled.
  435. \return >0 Length of text.
  436. \return <0 An error occurred.
  437. \param in Byte array to be decrypted.
  438. \param inLen Length of the buffer input.
  439. \param out Pointer to address containing the PSS data.
  440. \param hash The hash type to be in message
  441. \param mgf Mask Generation Function Identifiers
  442. \param key RsaKey to use.
  443. _Example_
  444. \code
  445. ret = wc_InitRsaKey(&key, NULL);
  446. if (ret == 0) {
  447. ret = wc_InitRng(&rng);
  448. } else return -1;
  449. if (ret == 0) {
  450. ret = wc_RsaSetRNG(&key, &rng);
  451. } else return -1;
  452. if (ret == 0) {
  453. ret = wc_MakeRsaKey(&key, 2048, WC_RSA_EXPONENT, &rng);
  454. } else return -1;
  455. ret = wc_RsaPSS_Sign(digest, digestSz, pSignature, pSignatureSz,
  456. WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key, &rng);
  457. if (ret > 0 ){
  458. sz = ret;
  459. } else return -1;
  460. ret = wc_RsaPSS_VerifyInline(pSignature, sz, pt,
  461. WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key);
  462. if (ret <= 0)return -1;
  463. wc_FreeRsaKey(&key);
  464. wc_FreeRng(&rng);
  465. \endcode
  466. \sa wc_RsaPSS_Verify
  467. \sa wc_RsaPSS_Sign
  468. \sa wc_RsaPSS_VerifyCheck
  469. \sa wc_RsaPSS_VerifyCheck_ex
  470. \sa wc_RsaPSS_VerifyCheckInline
  471. \sa wc_RsaPSS_VerifyCheckInline_ex
  472. \sa wc_RsaPSS_CheckPadding
  473. \sa wc_RsaPSS_CheckPadding_ex
  474. \sa wc_RsaSetRNG
  475. */
  476. int wc_RsaPSS_VerifyInline(byte* in, word32 inLen, byte** out,
  477. enum wc_HashType hash, int mgf,
  478. RsaKey* key);
  479. /*!
  480. \ingroup RSA
  481. \brief Verify the message signed with RSA-PSS.
  482. Salt length is equal to hash length.
  483. The key has to be associated with RNG by wc_RsaSetRNG when WC_RSA_BLINDING is enabled.
  484. \return the length of the PSS data on success and negative indicates failure.
  485. \return MEMORY_E memory exception.
  486. \param in The byte array to be decrypted.
  487. \param inLen The length of in.
  488. \param out Pointer to address containing the PSS data.
  489. \param outLen The length of out.
  490. \param digest Hash of the data that is being verified.
  491. \param digestLen Length of hash.
  492. \param hash Hash algorithm.
  493. \param mgf Mask generation function.
  494. \param key Public RSA key.
  495. _Example_
  496. \code
  497. ret = wc_InitRsaKey(&key, NULL);
  498. if (ret == 0) {
  499. ret = wc_InitRng(&rng);
  500. } else return -1;
  501. if (ret == 0) {
  502. ret = wc_RsaSetRNG(&key, &rng);
  503. } else return -1;
  504. if (ret == 0) {
  505. ret = wc_MakeRsaKey(&key, 2048, WC_RSA_EXPONENT, &rng);
  506. } else return -1;
  507. if (ret == 0) {
  508. digestSz = wc_HashGetDigestSize(WC_HASH_TYPE_SHA256);
  509. ret = wc_Hash(WC_HASH_TYPE_SHA256, message, sz, digest, digestSz);
  510. } else return -1;
  511. if (ret == 0) {
  512. ret = wc_RsaPSS_Sign(digest, digestSz, pSignature, pSignatureSz,
  513. WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key, &rng);
  514. if (ret > 0 ){
  515. sz = ret;
  516. } else return -1;
  517. } else return -1;
  518. if (ret == 0) {
  519. ret = wc_RsaPSS_VerifyCheck(pSignature, sz, pt, outLen,
  520. digest, digestSz, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key);
  521. if (ret <= 0) return -1;
  522. } else return -1;
  523. wc_FreeRsaKey(&key);
  524. wc_FreeRng(&rng);
  525. \endcode
  526. \sa wc_RsaPSS_Sign
  527. \sa wc_RsaPSS_Verify
  528. \sa wc_RsaPSS_VerifyCheck_ex
  529. \sa wc_RsaPSS_VerifyCheckInline
  530. \sa wc_RsaPSS_VerifyCheckInline_ex
  531. \sa wc_RsaPSS_CheckPadding
  532. \sa wc_RsaPSS_CheckPadding_ex
  533. \sa wc_RsaSetRNG
  534. */
  535. int wc_RsaPSS_VerifyCheck(byte* in, word32 inLen,
  536. byte* out, word32 outLen,
  537. const byte* digest, word32 digestLen,
  538. enum wc_HashType hash, int mgf,
  539. RsaKey* key);
  540. /*!
  541. \ingroup RSA
  542. \brief Verify the message signed with RSA-PSS.
  543. The key has to be associated with RNG by wc_RsaSetRNG when WC_RSA_BLINDING is enabled.
  544. \return the length of the PSS data on success and negative indicates failure.
  545. \return MEMORY_E memory exception.
  546. \param in The byte array to be decrypted.
  547. \param inLen The length of in.
  548. \param out Pointer to address containing the PSS data.
  549. \param outLen The length of out.
  550. \param digest Hash of the data that is being verified.
  551. \param digestLen Length of hash.
  552. \param hash Hash algorithm.
  553. \param mgf Mask generation function.
  554. \param saltLen Length of salt used. RSA_PSS_SALT_LEN_DEFAULT (-1) indicates salt
  555. length is the same as the hash length. RSA_PSS_SALT_LEN_DISCOVER
  556. indicates salt length is determined from the data.
  557. \param key Public RSA key.
  558. _Example_
  559. \code
  560. ret = wc_InitRsaKey(&key, NULL);
  561. if (ret == 0) {
  562. ret = wc_InitRng(&rng);
  563. } else return -1;
  564. if (ret == 0) {
  565. ret = wc_RsaSetRNG(&key, &rng);
  566. } else return -1;
  567. if (ret == 0) {
  568. ret = wc_MakeRsaKey(&key, 2048, WC_RSA_EXPONENT, &rng);
  569. } else return -1;
  570. if (ret == 0) {
  571. digestSz = wc_HashGetDigestSize(WC_HASH_TYPE_SHA256);
  572. ret = wc_Hash(WC_HASH_TYPE_SHA256, message, sz, digest, digestSz);
  573. } else return -1;
  574. if (ret == 0) {
  575. ret = wc_RsaPSS_Sign(digest, digestSz, pSignature, pSignatureSz,
  576. WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key, &rng);
  577. if (ret > 0 ){
  578. sz = ret;
  579. } else return -1;
  580. } else return -1;
  581. if (ret == 0) {
  582. ret = wc_RsaPSS_VerifyCheck_ex(pSignature, sz, pt, outLen,
  583. digest, digestSz, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, saltLen, &key);
  584. if (ret <= 0) return -1;
  585. } else return -1;
  586. wc_FreeRsaKey(&key);
  587. wc_FreeRng(&rng);
  588. \endcode
  589. \sa wc_RsaPSS_Sign
  590. \sa wc_RsaPSS_Verify
  591. \sa wc_RsaPSS_VerifyCheck
  592. \sa wc_RsaPSS_VerifyCheckInline
  593. \sa wc_RsaPSS_VerifyCheckInline_ex
  594. \sa wc_RsaPSS_CheckPadding
  595. \sa wc_RsaPSS_CheckPadding_ex
  596. \sa wc_RsaSetRNG
  597. */
  598. int wc_RsaPSS_VerifyCheck_ex(byte* in, word32 inLen,
  599. byte* out, word32 outLen,
  600. const byte* digest, word32 digestLen,
  601. enum wc_HashType hash, int mgf, int saltLen,
  602. RsaKey* key);
  603. /*!
  604. \ingroup RSA
  605. \brief Verify the message signed with RSA-PSS.
  606. The input buffer is reused for the output buffer.
  607. Salt length is equal to hash length.
  608. The key has to be associated with RNG by wc_RsaSetRNG when WC_RSA_BLINDING is enabled.
  609. \return the length of the PSS data on success and negative indicates failure.
  610. \param in The byte array to be decrypted.
  611. \param inLen The length of in.
  612. \param out The byte array for the decrypted data to be stored.
  613. \param digest Hash of the data that is being verified.
  614. \param digestLen Length of hash.
  615. \param hash The hash type to be in message
  616. \param mgf Mask Generation Function Identifiers
  617. \param key The key to use for verification.
  618. _Example_
  619. \code
  620. ret = wc_InitRsaKey(&key, NULL);
  621. if (ret == 0) {
  622. ret = wc_InitRng(&rng);
  623. } else return -1;
  624. if (ret == 0) {
  625. ret = wc_RsaSetRNG(&key, &rng);
  626. } else return -1;
  627. if (ret == 0) {
  628. ret = wc_MakeRsaKey(&key, 2048, WC_RSA_EXPONENT, &rng);
  629. } else return -1;
  630. if (ret == 0) {
  631. digestSz = wc_HashGetDigestSize(WC_HASH_TYPE_SHA256);
  632. ret = wc_Hash(WC_HASH_TYPE_SHA256, message, sz, digest, digestSz);
  633. } else return -1;
  634. if (ret == 0) {
  635. ret = wc_RsaPSS_Sign(digest, digestSz, pSignature, pSignatureSz,
  636. WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key, &rng);
  637. if (ret > 0 ){
  638. sz = ret;
  639. } else return -1;
  640. } else return -1;
  641. if (ret == 0) {
  642. ret = wc_RsaPSS_VerifyCheckInline(pSignature, sz, pt,
  643. digest, digestSz, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key);
  644. if (ret <= 0) return -1;
  645. } else return -1;
  646. wc_FreeRsaKey(&key);
  647. wc_FreeRng(&rng);
  648. \endcode
  649. \sa wc_RsaPSS_Sign
  650. \sa wc_RsaPSS_Verify
  651. \sa wc_RsaPSS_VerifyCheck
  652. \sa wc_RsaPSS_VerifyCheck_ex
  653. \sa wc_RsaPSS_VerifyCheckInline_ex
  654. \sa wc_RsaPSS_CheckPadding
  655. \sa wc_RsaPSS_CheckPadding_ex
  656. \sa wc_RsaSetRNG
  657. */
  658. int wc_RsaPSS_VerifyCheckInline(byte* in, word32 inLen, byte** out,
  659. const byte* digest, word32 digentLen,
  660. enum wc_HashType hash, int mgf,
  661. RsaKey* key);
  662. /*!
  663. \ingroup RSA
  664. \brief Verify the message signed with RSA-PSS.
  665. The input buffer is reused for the output buffer.
  666. The key has to be associated with RNG by wc_RsaSetRNG when WC_RSA_BLINDING is enabled.
  667. \return the length of the PSS data on success and negative indicates failure.
  668. \param in The byte array to be decrypted.
  669. \param inLen The length of in.
  670. \param out The byte array for the decrypted data to be stored.
  671. \param digest Hash of the data that is being verified.
  672. \param digestLen Length of hash.
  673. \param hash The hash type to be in message
  674. \param mgf Mask Generation Function Identifiers
  675. \param saltLen Length of salt used. RSA_PSS_SALT_LEN_DEFAULT (-1) indicates salt
  676. length is the same as the hash length. RSA_PSS_SALT_LEN_DISCOVER
  677. indicates salt length is determined from the data.
  678. \param key The key to use for verification.
  679. _Example_
  680. \code
  681. ret = wc_InitRsaKey(&key, NULL);
  682. if (ret == 0) {
  683. ret = wc_InitRng(&rng);
  684. } else return -1;
  685. if (ret == 0) {
  686. ret = wc_RsaSetRNG(&key, &rng);
  687. } else return -1;
  688. if (ret == 0) {
  689. ret = wc_MakeRsaKey(&key, 2048, WC_RSA_EXPONENT, &rng);
  690. } else return -1;
  691. if (ret == 0) {
  692. digestSz = wc_HashGetDigestSize(WC_HASH_TYPE_SHA256);
  693. ret = wc_Hash(WC_HASH_TYPE_SHA256, message, sz, digest, digestSz);
  694. } else return -1;
  695. if (ret == 0) {
  696. ret = wc_RsaPSS_Sign(digest, digestSz, pSignature, pSignatureSz,
  697. WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key, &rng);
  698. if (ret > 0 ){
  699. sz = ret;
  700. } else return -1;
  701. } else return -1;
  702. if (ret == 0) {
  703. ret = wc_RsaPSS_VerifyCheckInline_ex(pSignature, sz, pt,
  704. digest, digestSz, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, saltLen, &key);
  705. if (ret <= 0) return -1;
  706. } else return -1;
  707. wc_FreeRsaKey(&key);
  708. wc_FreeRng(&rng);
  709. \endcode
  710. \sa wc_RsaPSS_Sign
  711. \sa wc_RsaPSS_Verify
  712. \sa wc_RsaPSS_VerifyCheck
  713. \sa wc_RsaPSS_VerifyCheck_ex
  714. \sa wc_RsaPSS_VerifyCheckInline
  715. \sa wc_RsaPSS_CheckPadding
  716. \sa wc_RsaPSS_CheckPadding_ex
  717. \sa wc_RsaSetRNG
  718. */
  719. int wc_RsaPSS_VerifyCheckInline_ex(byte* in, word32 inLen, byte** out,
  720. const byte* digest, word32 digentLen,
  721. enum wc_HashType hash, int mgf, int saltLen,
  722. RsaKey* key);
  723. /*!
  724. \ingroup RSA
  725. \brief Checks the PSS data to ensure that the signature matches.
  726. Salt length is equal to hash length.
  727. The key has to be associated with RNG by wc_RsaSetRNG when WC_RSA_BLINDING is enabled.
  728. \return BAD_PADDING_E when the PSS data is invalid, BAD_FUNC_ARG when
  729. NULL is passed in to in or sig or inSz is not the same as the hash
  730. algorithm length and 0 on success.
  731. \return MEMORY_E memory exception.
  732. \param in Hash of the data that is being verified.
  733. \param inSz Length of hash.
  734. \param sig Buffer holding PSS data.
  735. \param sigSz Size of PSS data.
  736. \param hashType Hash algorithm.
  737. _Example_
  738. \code
  739. ret = wc_InitRsaKey(&key, NULL);
  740. if (ret == 0) {
  741. ret = wc_InitRng(&rng);
  742. } else return -1;
  743. if (ret == 0) {
  744. ret = wc_RsaSetRNG(&key, &rng);
  745. } else return -1;
  746. if (ret == 0) {
  747. ret = wc_MakeRsaKey(&key, 2048, WC_RSA_EXPONENT, &rng);
  748. } else return -1;
  749. if (ret == 0) {
  750. digestSz = wc_HashGetDigestSize(WC_HASH_TYPE_SHA256);
  751. ret = wc_Hash(WC_HASH_TYPE_SHA256, message, sz, digest, digestSz);
  752. } else return -1;
  753. ret = wc_RsaPSS_Sign(digest, digestSz, pSignature, sizeof(pSignature),
  754. WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key, &rng);
  755. if (ret > 0 ){
  756. sz = ret;
  757. } else return -1;
  758. verify = wc_RsaPSS_Verify(pSignature, sz, out, outLen,
  759. WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key);
  760. if (verify <= 0)return -1;
  761. ret = wc_RsaPSS_CheckPadding(digest, digestSz, out, verify, hash);
  762. wc_FreeRsaKey(&key);
  763. wc_FreeRng(&rng);
  764. \endcode
  765. \sa wc_RsaPSS_Sign
  766. \sa wc_RsaPSS_Verify
  767. \sa wc_RsaPSS_VerifyInline
  768. \sa wc_RsaPSS_VerifyCheck
  769. \sa wc_RsaPSS_VerifyCheck_ex
  770. \sa wc_RsaPSS_VerifyCheckInline
  771. \sa wc_RsaPSS_VerifyCheckInline_ex
  772. \sa wc_RsaPSS_CheckPadding_ex
  773. \sa wc_RsaSetRNG
  774. */
  775. int wc_RsaPSS_CheckPadding(const byte* in, word32 inLen, byte* sig,
  776. word32 sigSz,
  777. enum wc_HashType hashType);
  778. /*!
  779. \ingroup RSA
  780. \brief Checks the PSS data to ensure that the signature matches.
  781. Salt length is equal to hash length.
  782. \return BAD_PADDING_E when the PSS data is invalid, BAD_FUNC_ARG when
  783. NULL is passed in to in or sig or inSz is not the same as the hash
  784. algorithm length and 0 on success.
  785. \return MEMORY_E memory exception.
  786. \param in Hash of the data that is being verified.
  787. \param inSz Length of hash.
  788. \param sig Buffer holding PSS data.
  789. \param sigSz Size of PSS data.
  790. \param hashType Hash algorithm.
  791. \param saltLen Length of salt used. RSA_PSS_SALT_LEN_DEFAULT (-1) indicates salt
  792. length is the same as the hash length. RSA_PSS_SALT_LEN_DISCOVER
  793. indicates salt length is determined from the data.
  794. \param bits Can be used to calculate salt size in FIPS case
  795. _Example_
  796. \code
  797. ret = wc_InitRsaKey(&key, NULL);
  798. if (ret == 0) {
  799. ret = wc_InitRng(&rng);
  800. } else return -1;
  801. if (ret == 0) {
  802. ret = wc_RsaSetRNG(&key, &rng);
  803. } else return -1;
  804. if (ret == 0) {
  805. ret = wc_MakeRsaKey(&key, 2048, WC_RSA_EXPONENT, &rng);
  806. } else return -1;
  807. if (ret == 0) {
  808. digestSz = wc_HashGetDigestSize(WC_HASH_TYPE_SHA256);
  809. ret = wc_Hash(WC_HASH_TYPE_SHA256, message, sz, digest, digestSz);
  810. } else return -1;
  811. ret = wc_RsaPSS_Sign(digest, digestSz, pSignature, sizeof(pSignature),
  812. WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key, &rng);
  813. if (ret > 0 ){
  814. sz = ret;
  815. } else return -1;
  816. verify = wc_RsaPSS_Verify(pSignature, sz, out, outLen,
  817. WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key);
  818. if (verify <= 0)return -1;
  819. ret = wc_RsaPSS_CheckPadding_ex(digest, digestSz, out, verify, hash, saltLen, 0);
  820. wc_FreeRsaKey(&key);
  821. wc_FreeRng(&rng);
  822. \endcode
  823. \sa wc_RsaPSS_Sign
  824. \sa wc_RsaPSS_Verify
  825. \sa wc_RsaPSS_VerifyInline
  826. \sa wc_RsaPSS_VerifyCheck
  827. \sa wc_RsaPSS_VerifyCheck_ex
  828. \sa wc_RsaPSS_VerifyCheckInline
  829. \sa wc_RsaPSS_VerifyCheckInline_ex
  830. \sa wc_RsaPSS_CheckPadding
  831. */
  832. int wc_RsaPSS_CheckPadding_ex(const byte* in, word32 inLen, byte* sig,
  833. word32 sigSz, enum wc_HashType hashType, int saltLen, int bits);
  834. /*!
  835. \ingroup RSA
  836. \brief Returns the encryption size for the provided key structure.
  837. \return Success Encryption size for the provided key structure.
  838. \param key The key to use for verification.
  839. _Example_
  840. \code
  841. int sz = wc_RsaEncryptSize(&key);
  842. \endcode
  843. \sa wc_InitRsaKey
  844. \sa wc_InitRsaKey_ex
  845. \sa wc_MakeRsaKey
  846. */
  847. int wc_RsaEncryptSize(RsaKey* key);
  848. /*!
  849. \ingroup RSA
  850. \brief This function parses a DER-formatted RSA private key, extracts the
  851. private key and stores it in the given RsaKey structure. It also sets the
  852. distance parsed in idx.
  853. \return 0 Returned upon successfully parsing the private key from the DER
  854. encoded input
  855. \return ASN_PARSE_E Returned if there is an error parsing the private key
  856. from the input buffer. This may happen if the input private key is not
  857. properly formatted according to ASN.1 standards
  858. \return ASN_RSA_KEY_E Returned if there is an error reading the private
  859. key elements of the RSA key input
  860. \param input pointer to the buffer containing the DER formatted private
  861. key to decode
  862. \param inOutIdx pointer to the index in the buffer at which the key begins
  863. (usually 0). As a side effect of this function, inOutIdx will store the
  864. distance parsed through the input buffer
  865. \param key pointer to the RsaKey structure in which to store the decoded
  866. private key
  867. \param inSz size of the input buffer
  868. _Example_
  869. \code
  870. RsaKey enc;
  871. word32 idx = 0;
  872. int ret = 0;
  873. byte der[] = { // initialize with DER-encoded RSA private key };
  874. wc_InitRsaKey(&enc, NULL); // not using heap hint. No custom memory
  875. ret = wc_RsaPrivateKeyDecode(der, &idx, &enc, sizeof(der));
  876. if( ret != 0 ) {
  877. // error parsing private key
  878. }
  879. \endcode
  880. \sa wc_RsaPublicKeyDecode
  881. \sa wc_MakeRsaKey
  882. */
  883. int wc_RsaPrivateKeyDecode(const byte* input, word32* inOutIdx,
  884. RsaKey* key, word32 inSz);
  885. /*!
  886. \ingroup RSA
  887. \brief This function parses a DER-formatted RSA public key, extracts the
  888. public key and stores it in the given RsaKey structure. It also sets the
  889. distance parsed in idx.
  890. \return 0 Returned upon successfully parsing the public key from the DER
  891. encoded input
  892. \return ASN_PARSE_E Returned if there is an error parsing the public key
  893. from the input buffer. This may happen if the input public key is not
  894. properly formatted according to ASN.1 standards
  895. \return ASN_OBJECT_ID_E Returned if the ASN.1 Object ID does not match
  896. that of a RSA public key
  897. \return ASN_EXPECT_0_E Returned if the input key is not correctly
  898. formatted according to ASN.1 standards
  899. \return ASN_BITSTR_E Returned if the input key is not correctly formatted
  900. according to ASN.1 standards
  901. \return ASN_RSA_KEY_E Returned if there is an error reading the public key
  902. elements of the RSA key input
  903. \param input pointer to the buffer containing the input DER-encoded RSA
  904. public key to decode
  905. \param inOutIdx pointer to the index in the buffer at which the key
  906. begins (usually 0). As a side effect of this function, inOutIdx will
  907. store the distance parsed through the input buffer
  908. \param key pointer to the RsaKey structure in which to store the decoded
  909. public key
  910. \param inSz size of the input buffer
  911. _Example_
  912. \code
  913. RsaKey pub;
  914. word32 idx = 0;
  915. int ret = 0;
  916. byte der[] = { // initialize with DER-encoded RSA public key };
  917. wc_InitRsaKey(&pub, NULL); // not using heap hint. No custom memory
  918. ret = wc_RsaPublicKeyDecode(der, &idx, &pub, sizeof(der));
  919. if( ret != 0 ) {
  920. // error parsing public key
  921. }
  922. \endcode
  923. \sa wc_RsaPublicKeyDecodeRaw
  924. */
  925. int wc_RsaPublicKeyDecode(const byte* input, word32* inOutIdx,
  926. RsaKey* key, word32 inSz);
  927. /*!
  928. \ingroup RSA
  929. \brief This function decodes the raw elements of an RSA public key, taking
  930. in the public modulus (n) and exponent (e). It stores these raw elements
  931. in the provided RsaKey structure, allowing one to use them in the
  932. encryption/decryption process.
  933. \return 0 Returned upon successfully decoding the raw elements of the
  934. public key into the RsaKey structure
  935. \return BAD_FUNC_ARG Returned if any of the input arguments evaluates to
  936. NULL
  937. \return MP_INIT_E Returned if there is an error initializing an integer
  938. for use with the multiple precision integer (mp_int) library
  939. \return ASN_GETINT_E Returned if there is an error reading one of the
  940. provided RSA key elements, n or e
  941. \param n pointer to a buffer containing the raw modulus parameter of the
  942. public RSA key
  943. \param nSz size of the buffer containing n
  944. \param e pointer to a buffer containing the raw exponent parameter of
  945. the public RSA key
  946. \param eSz size of the buffer containing e
  947. \param key pointer to the RsaKey struct to initialize with the provided
  948. public key elements
  949. _Example_
  950. \code
  951. RsaKey pub;
  952. int ret = 0;
  953. byte n[] = { // initialize with received n component of public key };
  954. byte e[] = { // initialize with received e component of public key };
  955. wc_InitRsaKey(&pub, NULL); // not using heap hint. No custom memory
  956. ret = wc_RsaPublicKeyDecodeRaw(n, sizeof(n), e, sizeof(e), &pub);
  957. if( ret != 0 ) {
  958. // error parsing public key elements
  959. }
  960. \endcode
  961. \sa wc_RsaPublicKeyDecode
  962. */
  963. int wc_RsaPublicKeyDecodeRaw(const byte* n, word32 nSz,
  964. const byte* e, word32 eSz, RsaKey* key);
  965. /*!
  966. \ingroup RSA
  967. \brief This function converts an RsaKey key to DER format. The result is
  968. written to output and it returns the number of bytes written.
  969. \return >0 Success, number of bytes written.
  970. \return BAD_FUNC_ARG Returned if key or output is null, or if key->type
  971. is not RSA_PRIVATE, or if inLen isn't large enough for output buffer.
  972. \return MEMORY_E Returned if there is an error allocating memory.
  973. \param key Initialized RsaKey structure.
  974. \param output Pointer to output buffer.
  975. \param inLen Size of output buffer.
  976. _Example_
  977. \code
  978. byte* der;
  979. // Allocate memory for der
  980. int derSz = // Amount of memory allocated for der;
  981. RsaKey key;
  982. WC_RNG rng;
  983. long e = 65537; // standard value to use for exponent
  984. ret = wc_MakeRsaKey(&key, 2048, e, &rng); // generate 2048 bit long
  985. private key
  986. wc_InitRsaKey(&key, NULL);
  987. wc_InitRng(&rng);
  988. if(wc_RsaKeyToDer(&key, der, derSz) != 0)
  989. {
  990. // Handle the error thrown
  991. }
  992. \endcode
  993. \sa wc_RsaKeyToPublicDer
  994. \sa wc_InitRsaKey
  995. \sa wc_MakeRsaKey
  996. \sa wc_InitRng
  997. */
  998. int wc_RsaKeyToDer(RsaKey* key, byte* output, word32 inLen);
  999. /*!
  1000. \ingroup RSA
  1001. \brief This function performs RSA encrypt while allowing the choice of
  1002. which padding to use.
  1003. \return size On successfully encryption the size of the encrypted buffer
  1004. is returned
  1005. \return RSA_BUFFER_E RSA buffer error, output too small or input too large
  1006. \param in pointer to the buffer for encryption
  1007. \param inLen length of the buffer to encrypt
  1008. \param out encrypted msg created
  1009. \param outLen length of buffer available to hold encrypted msg
  1010. \param key initialized RSA key struct
  1011. \param rng initialized WC_RNG struct
  1012. \param type type of padding to use (WC_RSA_OAEP_PAD or WC_RSA_PKCSV15_PAD)
  1013. \param hash type of hash to use (choices can be found in hash.h)
  1014. \param mgf type of mask generation function to use
  1015. \param label an optional label to associate with encrypted message
  1016. \param labelSz size of the optional label used
  1017. _Example_
  1018. \code
  1019. WC_RNG rng;
  1020. RsaKey key;
  1021. byte in[] = “I use Turing Machines to ask questions”
  1022. byte out[256];
  1023. int ret;
  1024. ret = wc_RsaPublicEncrypt_ex(in, sizeof(in), out, sizeof(out), &key, &rng,
  1025. WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA, WC_MGF1SHA1, NULL, 0);
  1026. if (ret < 0) {
  1027. //handle error
  1028. }
  1029. \endcode
  1030. \sa wc_RsaPublicEncrypt
  1031. \sa wc_RsaPrivateDecrypt_ex
  1032. */
  1033. int wc_RsaPublicEncrypt_ex(const byte* in, word32 inLen, byte* out,
  1034. word32 outLen, RsaKey* key, WC_RNG* rng, int type,
  1035. enum wc_HashType hash, int mgf, byte* label, word32 labelSz);
  1036. /*!
  1037. \ingroup RSA
  1038. \brief This function uses RSA to decrypt a message and gives the
  1039. option of what padding type.
  1040. \return size On successful decryption, the size of the decrypted message
  1041. is returned.
  1042. \return MEMORY_E Returned if not enough memory on system to malloc a
  1043. needed array.
  1044. \return BAD_FUNC_ARG Returned if a bad argument was passed into the
  1045. function.
  1046. \param in pointer to the buffer for decryption
  1047. \param inLen length of the buffer to decrypt
  1048. \param out decrypted msg created
  1049. \param outLen length of buffer available to hold decrypted msg
  1050. \param key initialized RSA key struct
  1051. \param type type of padding to use (WC_RSA_OAEP_PAD or WC_RSA_PKCSV15_PAD)
  1052. \param hash type of hash to use (choices can be found in hash.h)
  1053. \param mgf type of mask generation function to use
  1054. \param label an optional label to associate with encrypted message
  1055. \param labelSz size of the optional label used
  1056. _Example_
  1057. \code
  1058. WC_RNG rng;
  1059. RsaKey key;
  1060. byte in[] = “I use Turing Machines to ask questions”
  1061. byte out[256];
  1062. byte plain[256];
  1063. int ret;
  1064. ret = wc_RsaPublicEncrypt_ex(in, sizeof(in), out, sizeof(out), &key,
  1065. &rng, WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA, WC_MGF1SHA1, NULL, 0);
  1066. if (ret < 0) {
  1067. //handle error
  1068. }
  1069. ret = wc_RsaPrivateDecrypt_ex(out, ret, plain, sizeof(plain), &key,
  1070. WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA, WC_MGF1SHA1, NULL, 0);
  1071. if (ret < 0) {
  1072. //handle error
  1073. }
  1074. \endcode
  1075. \sa none
  1076. */
  1077. int wc_RsaPrivateDecrypt_ex(const byte* in, word32 inLen,
  1078. byte* out, word32 outLen, RsaKey* key, int type,
  1079. enum wc_HashType hash, int mgf, byte* label, word32 labelSz);
  1080. /*!
  1081. \ingroup RSA
  1082. \brief This function uses RSA to decrypt a message inline and gives the
  1083. option of what padding type. The in buffer will contain the decrypted
  1084. message after being called and the out byte pointer will point to the
  1085. location in the “in” buffer where the plain text is.
  1086. \return size On successful decryption, the size of the decrypted message
  1087. is returned.
  1088. \return MEMORY_E: Returned if not enough memory on system to malloc a
  1089. needed array.
  1090. \return RSA_PAD_E: Returned if an error in the padding was encountered.
  1091. \return BAD_PADDING_E: Returned if an error happened during parsing past
  1092. padding.
  1093. \return BAD_FUNC_ARG: Returned if a bad argument was passed into the
  1094. function.
  1095. \param in pointer to the buffer for decryption
  1096. \param inLen length of the buffer to decrypt
  1097. \param out pointer to location of decrypted message in “in” buffer
  1098. \param key initialized RSA key struct
  1099. \param type type of padding to use (WC_RSA_OAEP_PAD or WC_RSA_PKCSV15_PAD)
  1100. \param hash type of hash to use (choices can be found in hash.h)
  1101. \param mgf type of mask generation function to use
  1102. \param label an optional label to associate with encrypted message
  1103. \param labelSz size of the optional label used
  1104. _Example_
  1105. \code
  1106. WC_RNG rng;
  1107. RsaKey key;
  1108. byte in[] = “I use Turing Machines to ask questions”
  1109. byte out[256];
  1110. byte* plain;
  1111. int ret;
  1112. ret = wc_RsaPublicEncrypt_ex(in, sizeof(in), out, sizeof(out), &key,
  1113. &rng, WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA, WC_MGF1SHA1, NULL, 0);
  1114. if (ret < 0) {
  1115. //handle error
  1116. }
  1117. ret = wc_RsaPrivateDecryptInline_ex(out, ret, &plain, &key,
  1118. WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA, WC_MGF1SHA1, NULL, 0);
  1119. if (ret < 0) {
  1120. //handle error
  1121. }
  1122. \endcode
  1123. \sa none
  1124. */
  1125. int wc_RsaPrivateDecryptInline_ex(byte* in, word32 inLen,
  1126. byte** out, RsaKey* key, int type, enum wc_HashType hash,
  1127. int mgf, byte* label, word32 labelSz);
  1128. /*!
  1129. \ingroup RSA
  1130. \brief Flattens the RsaKey structure into individual elements (e, n)
  1131. used for the RSA algorithm.
  1132. \return 0 Returned if the function executed normally, without error.
  1133. \return BAD_FUNC_ARG: Returned if any of the parameters are passed in
  1134. with a null value.
  1135. \return RSA_BUFFER_E: Returned if the e or n buffers passed in are not
  1136. the correct size.
  1137. \return MP_MEM: Returned if an internal function has memory errors.
  1138. \return MP_VAL: Returned if an internal function argument is not valid.
  1139. \param key The key to use for verification.
  1140. \param e a buffer for the value of e. e is a large positive integer in
  1141. the RSA modular arithmetic operation.
  1142. \param eSz the size of the e buffer.
  1143. \param n a buffer for the value of n. n is a large positive integer in
  1144. the RSA modular arithmetic operation.
  1145. \param nSz the size of the n buffer.
  1146. _Example_
  1147. \code
  1148. Rsa key; // A valid RSA key.
  1149. byte e[ buffer sz E.g. 256 ];
  1150. byte n[256];
  1151. int ret;
  1152. word32 eSz = sizeof(e);
  1153. word32 nSz = sizeof(n);
  1154. ...
  1155. ret = wc_RsaFlattenPublicKey(&key, e, &eSz, n, &nSz);
  1156. if (ret != 0) {
  1157. // Failure case.
  1158. }
  1159. \endcode
  1160. \sa wc_InitRsaKey
  1161. \sa wc_InitRsaKey_ex
  1162. \sa wc_MakeRsaKey
  1163. */
  1164. int wc_RsaFlattenPublicKey(RsaKey* key, byte* e, word32* eSz, byte* n,
  1165. word32* nSz);
  1166. /*!
  1167. \ingroup RSA
  1168. \brief Convert Rsa Public key to DER format. Writes to output, and
  1169. returns count of bytes written.
  1170. \return >0 Success, number of bytes written.
  1171. \return BAD_FUNC_ARG Returned if key or output is null.
  1172. \return MEMORY_E Returned when an error allocating memory occurs.
  1173. \return <0 Error
  1174. \param key The RSA key structure to convert.
  1175. \param output Output buffer to hold DER. (if NULL will return length only)
  1176. \param inLen Length of buffer.
  1177. _Example_
  1178. \code
  1179. RsaKey key;
  1180. wc_InitRsaKey(&key, NULL);
  1181. // Use key
  1182. const int BUFFER_SIZE = 1024; // Some adequate size for the buffer
  1183. byte output[BUFFER_SIZE];
  1184. if (wc_RsaKeyToPublicDer(&key, output, sizeof(output)) != 0) {
  1185. // Handle Error
  1186. }
  1187. \endcode
  1188. \sa wc_RsaPublicKeyDerSize
  1189. \sa wc_RsaKeyToPublicDer_ex
  1190. \sa wc_InitRsaKey
  1191. */
  1192. int wc_RsaKeyToPublicDer(RsaKey* key, byte* output, word32 inLen);
  1193. /*!
  1194. \ingroup RSA
  1195. \brief Convert RSA Public key to DER format. Writes to output, and
  1196. returns count of bytes written. If with_header is 0 then only the
  1197. ( seq + n + e) is returned in ASN.1 DER format and will exclude the header.
  1198. \return >0 Success, number of bytes written.
  1199. \return BAD_FUNC_ARG Returned if key or output is null.
  1200. \return MEMORY_E Returned when an error allocating memory occurs.
  1201. \return <0 Error
  1202. \param key The RSA key structure to convert.
  1203. \param output Output buffer to hold DER. (if NULL will return length only)
  1204. \param inLen Length of buffer.
  1205. _Example_
  1206. \code
  1207. RsaKey key;
  1208. wc_InitRsaKey(&key, NULL);
  1209. // Use key
  1210. const int BUFFER_SIZE = 1024; // Some adequate size for the buffer
  1211. byte output[BUFFER_SIZE];
  1212. if (wc_RsaKeyToPublicDer_ex(&key, output, sizeof(output), 0) != 0) {
  1213. // Handle Error
  1214. }
  1215. \endcode
  1216. \sa wc_RsaPublicKeyDerSize
  1217. \sa wc_RsaKeyToPublicDer
  1218. \sa wc_InitRsaKey
  1219. */
  1220. int wc_RsaKeyToPublicDer_ex(RsaKey* key, byte* output, word32 inLen,
  1221. int with_header);
  1222. /*!
  1223. \ingroup RSA
  1224. \brief This function generates a RSA private key of length size (in bits)
  1225. and given exponent (e). It then stores this key in the provided RsaKey
  1226. structure, so that it may be used for encryption/decryption. A secure
  1227. number to use for e is 65537. size is required to be greater than
  1228. RSA_MIN_SIZE and less than RSA_MAX_SIZE. For this function to be
  1229. available, the option WOLFSSL_KEY_GEN must be enabled at compile time.
  1230. This can be accomplished with --enable-keygen if using ./configure.
  1231. \return 0 Returned upon successfully generating a RSA private key
  1232. \return BAD_FUNC_ARG Returned if any of the input arguments are NULL,
  1233. the size parameter falls outside of the necessary bounds, or e is
  1234. incorrectly chosen
  1235. \return RNG_FAILURE_E Returned if there is an error generating a random
  1236. block using the provided RNG structure
  1237. \return MP_INIT_E
  1238. \return MP_READ_E May be May be returned if there is an error in the math
  1239. library used while generating the RSA key returned if there is an error
  1240. in the math library used while generating the RSA key
  1241. \return MP_CMP_E May be returned if there is an error in the math library
  1242. used while generating the RSA key
  1243. \return MP_INVMOD_E May be returned if there is an error in the math
  1244. library used while generating the RSA key
  1245. \return MP_EXPTMOD_E May be returned if there is an error in the math
  1246. library used while generating the RSA key
  1247. \return MP_MOD_E May be returned if there is an error in the math
  1248. library used while generating the RSA key
  1249. \return MP_MUL_E May be returned if there is an error in the math
  1250. library used while generating the RSA key
  1251. \return MP_ADD_E May be returned if there is an error in the math
  1252. library used while generating the RSA key
  1253. \return MP_MULMOD_E May be returned if there is an error in the math
  1254. library used while generating the RSA key
  1255. \return MP_TO_E May be returned if there is an error in the math
  1256. library used while generating the RSA key
  1257. \return MP_MEM May be returned if there is an error in the math
  1258. library used while generating the RSA key
  1259. \return MP_ZERO_E May be returned if there is an error in the math
  1260. library used while generating the RSA key
  1261. \param key pointer to the RsaKey structure in which to store the
  1262. generated private key
  1263. \param size desired key length, in bits. Required to be greater than
  1264. RSA_MIN_SIZE and less than RSA_MAX_SIZE
  1265. \param e exponent parameter to use for generating the key. A secure
  1266. choice is 65537
  1267. \param rng pointer to an RNG structure to use for random number generation
  1268. while making the ke
  1269. _Example_
  1270. \code
  1271. RsaKey priv;
  1272. WC_RNG rng;
  1273. int ret = 0;
  1274. long e = 65537; // standard value to use for exponent
  1275. wc_InitRsaKey(&priv, NULL); // not using heap hint. No custom memory
  1276. wc_InitRng(&rng);
  1277. // generate 2048 bit long private key
  1278. ret = wc_MakeRsaKey(&priv, 2048, e, &rng);
  1279. if( ret != 0 ) {
  1280. // error generating private key
  1281. }
  1282. \endcode
  1283. \sa none
  1284. */
  1285. int wc_MakeRsaKey(RsaKey* key, int size, long e, WC_RNG* rng);
  1286. /*!
  1287. \ingroup RSA
  1288. \brief This function sets the non-blocking RSA context. When a RsaNb context
  1289. is set it enables fast math based non-blocking exptmod, which splits the RSA
  1290. function into many smaller operations.
  1291. Enabled when WC_RSA_NONBLOCK is defined.
  1292. \return 0 Success
  1293. \return BAD_FUNC_ARG Returned if key or nb is null.
  1294. \param key The RSA key structure
  1295. \param nb The RSA non-blocking structure for this RSA key to use.
  1296. _Example_
  1297. \code
  1298. int ret, count = 0;
  1299. RsaKey key;
  1300. RsaNb nb;
  1301. wc_InitRsaKey(&key, NULL);
  1302. // Enable non-blocking RSA mode - provide context
  1303. ret = wc_RsaSetNonBlock(key, &nb);
  1304. if (ret != 0)
  1305. return ret;
  1306. do {
  1307. ret = wc_RsaSSL_Sign(in, inLen, out, outSz, key, rng);
  1308. count++; // track number of would blocks
  1309. if (ret == FP_WOULDBLOCK) {
  1310. // do "other" work here
  1311. }
  1312. } while (ret == FP_WOULDBLOCK);
  1313. if (ret < 0) {
  1314. return ret;
  1315. }
  1316. printf("RSA non-block sign: size %d, %d times\n", ret, count);
  1317. \endcode
  1318. \sa wc_RsaSetNonBlockTime
  1319. */
  1320. int wc_RsaSetNonBlock(RsaKey* key, RsaNb* nb);
  1321. /*!
  1322. \ingroup RSA
  1323. \brief This function configures the maximum amount of blocking time in
  1324. microseconds. It uses a pre-computed table (see tfm.c exptModNbInst) along
  1325. with the CPU speed in megahertz to determine if the next operation can be
  1326. completed within the maximum blocking time provided.
  1327. Enabled when WC_RSA_NONBLOCK_TIME is defined.
  1328. \return 0 Success
  1329. \return BAD_FUNC_ARG Returned if key is null or wc_RsaSetNonBlock was not
  1330. previously called and key->nb is null.
  1331. \param key The RSA key structure.
  1332. \param maxBlockUs Maximum time to block microseconds.
  1333. \param cpuMHz CPU speed in megahertz.
  1334. _Example_
  1335. \code
  1336. RsaKey key;
  1337. RsaNb nb;
  1338. wc_InitRsaKey(&key, NULL);
  1339. wc_RsaSetNonBlock(key, &nb);
  1340. wc_RsaSetNonBlockTime(&key, 4000, 160); // Block Max = 4 ms, CPU = 160MHz
  1341. \endcode
  1342. \sa wc_RsaSetNonBlock
  1343. */
  1344. int wc_RsaSetNonBlockTime(RsaKey* key, word32 maxBlockUs,
  1345. word32 cpuMHz);