rsa des3 random : update
This commit is contained in:
parent
e6cebf1246
commit
e3c82842a5
@ -26,6 +26,11 @@
|
||||
#ifndef CTAO_CRYPT_SETTINGS_H
|
||||
#define CTAO_CRYPT_SETTINGS_H
|
||||
|
||||
#define CYASSL_SHA512
|
||||
//WOLFSSL_SHA512
|
||||
#define CYASSL_SHA384
|
||||
//WOLFSSL_SHA384
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
@ -23,11 +23,6 @@
|
||||
#include <config.h>
|
||||
#endif
|
||||
|
||||
|
||||
/* compatability layer temporary */
|
||||
#include <cyassl/ssl.h>
|
||||
|
||||
|
||||
#include <wolfssl/wolfcrypt/settings.h>
|
||||
|
||||
#ifndef NO_ASN
|
||||
@ -2996,7 +2991,7 @@ static int ConfirmSignature(const byte* buf, word32 bufSz,
|
||||
#ifdef WOLFSSL_SHA512
|
||||
case CTC_SHA512wRSA:
|
||||
case CTC_SHA512wECDSA:
|
||||
if (wc_Sha512Hash(buf, bufSz, digest) == 0) {
|
||||
if (Sha512Hash(buf, bufSz, digest) == 0) {
|
||||
typeH = SHA512h;
|
||||
digestSz = SHA512_DIGEST_SIZE;
|
||||
}
|
||||
@ -3005,7 +3000,7 @@ static int ConfirmSignature(const byte* buf, word32 bufSz,
|
||||
#ifdef WOLFSSL_SHA384
|
||||
case CTC_SHA384wRSA:
|
||||
case CTC_SHA384wECDSA:
|
||||
if (wc_Sha384Hash(buf, bufSz, digest) == 0) {
|
||||
if (Sha384Hash(buf, bufSz, digest) == 0) {
|
||||
typeH = SHA384h;
|
||||
digestSz = SHA384_DIGEST_SIZE;
|
||||
}
|
||||
|
1559
wolfcrypt/src/des3.c
1559
wolfcrypt/src/des3.c
File diff suppressed because it is too large
Load Diff
@ -23,27 +23,16 @@
|
||||
#include <config.h>
|
||||
#endif
|
||||
|
||||
#include <cyassl/ctaocrypt/settings.h>
|
||||
#include <wolfssl/wolfcrypt/settings.h>
|
||||
|
||||
/* on HPUX 11 you may need to install /dev/random see
|
||||
http://h20293.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=KRNG11I
|
||||
|
||||
*/
|
||||
|
||||
#ifdef HAVE_FIPS
|
||||
/* set NO_WRAPPERS before headers, use direct internal f()s not wrappers */
|
||||
#define FIPS_NO_WRAPPERS
|
||||
#endif
|
||||
|
||||
#include <wolfssl/wolfcrypt/random.h>
|
||||
#include <cyassl/ctaocrypt/error-crypt.h>
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
|
||||
|
||||
#ifdef HAVE_FIPS
|
||||
int wc_GenerateSeed(OS_Seed* os, byte* seed, word32 sz)
|
||||
{
|
||||
return GenerateSeed(os, seed, sz);
|
||||
@ -127,9 +116,963 @@ int wc_RNG_GenerateByte(RNG* rng, byte* b)
|
||||
#define RNG_HealthTest RNG_HealthTest_fips
|
||||
#endif /* FIPS_NO_WRAPPERS */
|
||||
#endif /* HAVE_FIPS */
|
||||
#else
|
||||
#include <wolfssl/wolfcrypt/error-crypt.h>
|
||||
|
||||
#if defined(HAVE_HASHDRBG) || defined(NO_RC4)
|
||||
|
||||
#include <wolfssl/wolfcrypt/sha256.h>
|
||||
|
||||
#ifdef NO_INLINE
|
||||
#include <wolfssl/wolfcrypt/misc.h>
|
||||
#else
|
||||
#include <wolfcrypt/src/misc.c>
|
||||
#endif
|
||||
#endif /* HAVE_HASHDRBG || NO_RC4 */
|
||||
|
||||
#if defined(USE_WINDOWS_API)
|
||||
#ifndef _WIN32_WINNT
|
||||
#define _WIN32_WINNT 0x0400
|
||||
#endif
|
||||
#include <windows.h>
|
||||
#include <wincrypt.h>
|
||||
#else
|
||||
#if !defined(NO_DEV_RANDOM) && !defined(WOLFSSL_MDK_ARM) \
|
||||
&& !defined(WOLFSSL_IAR_ARM)
|
||||
#include <fcntl.h>
|
||||
#ifndef EBSNET
|
||||
#include <unistd.h>
|
||||
#endif
|
||||
#else
|
||||
/* include headers that may be needed to get good seed */
|
||||
#endif
|
||||
#endif /* USE_WINDOWS_API */
|
||||
|
||||
|
||||
#ifdef __cplusplus
|
||||
} /* extern "C" */
|
||||
#if defined(HAVE_HASHDRBG) || defined(NO_RC4)
|
||||
|
||||
/* Start NIST DRBG code */
|
||||
|
||||
#define OUTPUT_BLOCK_LEN (SHA256_DIGEST_SIZE)
|
||||
#define MAX_REQUEST_LEN (0x10000)
|
||||
#define RESEED_INTERVAL (1000000)
|
||||
#define SECURITY_STRENGTH (256)
|
||||
#define ENTROPY_SZ (SECURITY_STRENGTH/8)
|
||||
#define NONCE_SZ (ENTROPY_SZ/2)
|
||||
#define ENTROPY_NONCE_SZ (ENTROPY_SZ+NONCE_SZ)
|
||||
|
||||
/* Internal return codes */
|
||||
#define DRBG_SUCCESS 0
|
||||
#define DRBG_ERROR 1
|
||||
#define DRBG_FAILURE 2
|
||||
#define DRBG_NEED_RESEED 3
|
||||
#define DRBG_CONT_FAILURE 4
|
||||
|
||||
/* RNG health states */
|
||||
#define DRBG_NOT_INIT 0
|
||||
#define DRBG_OK 1
|
||||
#define DRBG_FAILED 2
|
||||
#define DRBG_CONT_FAILED 3
|
||||
|
||||
|
||||
enum {
|
||||
drbgInitC = 0,
|
||||
drbgReseed = 1,
|
||||
drbgGenerateW = 2,
|
||||
drbgGenerateH = 3,
|
||||
drbgInitV
|
||||
};
|
||||
|
||||
|
||||
typedef struct DRBG {
|
||||
Sha256 sha;
|
||||
byte digest[SHA256_DIGEST_SIZE];
|
||||
byte V[DRBG_SEED_LEN];
|
||||
byte C[DRBG_SEED_LEN];
|
||||
word32 reseedCtr;
|
||||
word32 lastBlock;
|
||||
byte matchCount;
|
||||
} DRBG;
|
||||
|
||||
|
||||
/* Hash Derivation Function */
|
||||
/* Returns: DRBG_SUCCESS or DRBG_FAILURE */
|
||||
static int Hash_df(DRBG* drbg, byte* out, word32 outSz, byte type,
|
||||
const byte* inA, word32 inASz,
|
||||
const byte* inB, word32 inBSz)
|
||||
{
|
||||
byte ctr;
|
||||
int i;
|
||||
int len;
|
||||
word32 bits = (outSz * 8); /* reverse byte order */
|
||||
|
||||
#ifdef LITTLE_ENDIAN_ORDER
|
||||
bits = ByteReverseWord32(bits);
|
||||
#endif
|
||||
len = (outSz / OUTPUT_BLOCK_LEN)
|
||||
+ ((outSz % OUTPUT_BLOCK_LEN) ? 1 : 0);
|
||||
|
||||
for (i = 0, ctr = 1; i < len; i++, ctr++)
|
||||
{
|
||||
if (InitSha256(&drbg->sha) != 0)
|
||||
return DRBG_FAILURE;
|
||||
|
||||
if (Sha256Update(&drbg->sha, &ctr, sizeof(ctr)) != 0)
|
||||
return DRBG_FAILURE;
|
||||
|
||||
if (Sha256Update(&drbg->sha, (byte*)&bits, sizeof(bits)) != 0)
|
||||
return DRBG_FAILURE;
|
||||
|
||||
/* churning V is the only string that doesn't have
|
||||
* the type added */
|
||||
if (type != drbgInitV)
|
||||
if (Sha256Update(&drbg->sha, &type, sizeof(type)) != 0)
|
||||
return DRBG_FAILURE;
|
||||
|
||||
if (Sha256Update(&drbg->sha, inA, inASz) != 0)
|
||||
return DRBG_FAILURE;
|
||||
|
||||
if (inB != NULL && inBSz > 0)
|
||||
if (Sha256Update(&drbg->sha, inB, inBSz) != 0)
|
||||
return DRBG_FAILURE;
|
||||
|
||||
if (Sha256Final(&drbg->sha, drbg->digest) != 0)
|
||||
return DRBG_FAILURE;
|
||||
|
||||
if (outSz > OUTPUT_BLOCK_LEN) {
|
||||
XMEMCPY(out, drbg->digest, OUTPUT_BLOCK_LEN);
|
||||
outSz -= OUTPUT_BLOCK_LEN;
|
||||
out += OUTPUT_BLOCK_LEN;
|
||||
}
|
||||
else {
|
||||
XMEMCPY(out, drbg->digest, outSz);
|
||||
}
|
||||
}
|
||||
|
||||
return DRBG_SUCCESS;
|
||||
}
|
||||
|
||||
|
||||
/* Returns: DRBG_SUCCESS or DRBG_FAILURE */
|
||||
static int Hash_DRBG_Reseed(DRBG* drbg, const byte* entropy, word32 entropySz)
|
||||
{
|
||||
byte seed[DRBG_SEED_LEN];
|
||||
|
||||
if (Hash_df(drbg, seed, sizeof(seed), drbgReseed, drbg->V, sizeof(drbg->V),
|
||||
entropy, entropySz) != DRBG_SUCCESS) {
|
||||
return DRBG_FAILURE;
|
||||
}
|
||||
|
||||
XMEMCPY(drbg->V, seed, sizeof(drbg->V));
|
||||
XMEMSET(seed, 0, sizeof(seed));
|
||||
|
||||
if (Hash_df(drbg, drbg->C, sizeof(drbg->C), drbgInitC, drbg->V,
|
||||
sizeof(drbg->V), NULL, 0) != DRBG_SUCCESS) {
|
||||
return DRBG_FAILURE;
|
||||
}
|
||||
|
||||
drbg->reseedCtr = 1;
|
||||
drbg->lastBlock = 0;
|
||||
drbg->matchCount = 0;
|
||||
return DRBG_SUCCESS;
|
||||
}
|
||||
|
||||
static INLINE void array_add_one(byte* data, word32 dataSz)
|
||||
{
|
||||
int i;
|
||||
|
||||
for (i = dataSz - 1; i >= 0; i--)
|
||||
{
|
||||
data[i]++;
|
||||
if (data[i] != 0) break;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
/* Returns: DRBG_SUCCESS or DRBG_FAILURE */
|
||||
static int Hash_gen(DRBG* drbg, byte* out, word32 outSz, const byte* V)
|
||||
{
|
||||
byte data[DRBG_SEED_LEN];
|
||||
int i;
|
||||
int len;
|
||||
word32 checkBlock;
|
||||
|
||||
/* Special case: outSz is 0 and out is NULL. wc_Generate a block to save for
|
||||
* the continuous test. */
|
||||
|
||||
if (outSz == 0) outSz = 1;
|
||||
|
||||
len = (outSz / OUTPUT_BLOCK_LEN) + ((outSz % OUTPUT_BLOCK_LEN) ? 1 : 0);
|
||||
|
||||
XMEMCPY(data, V, sizeof(data));
|
||||
for (i = 0; i < len; i++) {
|
||||
if (InitSha256(&drbg->sha) != 0 ||
|
||||
Sha256Update(&drbg->sha, data, sizeof(data)) != 0 ||
|
||||
Sha256Final(&drbg->sha, drbg->digest) != 0) {
|
||||
|
||||
return DRBG_FAILURE;
|
||||
}
|
||||
|
||||
checkBlock = *(word32*)drbg->digest;
|
||||
if (drbg->reseedCtr > 1 && checkBlock == drbg->lastBlock) {
|
||||
if (drbg->matchCount == 1) {
|
||||
return DRBG_CONT_FAILURE;
|
||||
}
|
||||
else {
|
||||
if (i == len) {
|
||||
len++;
|
||||
}
|
||||
drbg->matchCount = 1;
|
||||
}
|
||||
}
|
||||
else {
|
||||
drbg->matchCount = 0;
|
||||
drbg->lastBlock = checkBlock;
|
||||
}
|
||||
|
||||
if (outSz >= OUTPUT_BLOCK_LEN) {
|
||||
XMEMCPY(out, drbg->digest, OUTPUT_BLOCK_LEN);
|
||||
outSz -= OUTPUT_BLOCK_LEN;
|
||||
out += OUTPUT_BLOCK_LEN;
|
||||
array_add_one(data, DRBG_SEED_LEN);
|
||||
}
|
||||
else if (out != NULL && outSz != 0) {
|
||||
XMEMCPY(out, drbg->digest, outSz);
|
||||
outSz = 0;
|
||||
}
|
||||
}
|
||||
XMEMSET(data, 0, sizeof(data));
|
||||
|
||||
return DRBG_SUCCESS;
|
||||
}
|
||||
|
||||
|
||||
static INLINE void array_add(byte* d, word32 dLen, const byte* s, word32 sLen)
|
||||
{
|
||||
word16 carry = 0;
|
||||
|
||||
if (dLen > 0 && sLen > 0 && dLen >= sLen) {
|
||||
int sIdx, dIdx;
|
||||
|
||||
for (sIdx = sLen - 1, dIdx = dLen - 1; sIdx >= 0; dIdx--, sIdx--)
|
||||
{
|
||||
carry += d[dIdx] + s[sIdx];
|
||||
d[dIdx] = carry;
|
||||
carry >>= 8;
|
||||
}
|
||||
|
||||
for (; carry != 0 && dIdx >= 0; dIdx--) {
|
||||
carry += d[dIdx];
|
||||
d[dIdx] = carry;
|
||||
carry >>= 8;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
/* Returns: DRBG_SUCCESS, DRBG_NEED_RESEED, or DRBG_FAILURE */
|
||||
static int Hash_DRBG_Generate(DRBG* drbg, byte* out, word32 outSz)
|
||||
{
|
||||
int ret = DRBG_NEED_RESEED;
|
||||
|
||||
if (drbg->reseedCtr != RESEED_INTERVAL) {
|
||||
byte type = drbgGenerateH;
|
||||
word32 reseedCtr = drbg->reseedCtr;
|
||||
|
||||
ret = Hash_gen(drbg, out, outSz, drbg->V);
|
||||
if (ret == DRBG_SUCCESS) {
|
||||
if (InitSha256(&drbg->sha) != 0 ||
|
||||
Sha256Update(&drbg->sha, &type, sizeof(type)) != 0 ||
|
||||
Sha256Update(&drbg->sha, drbg->V, sizeof(drbg->V)) != 0 ||
|
||||
Sha256Final(&drbg->sha, drbg->digest) != 0) {
|
||||
|
||||
ret = DRBG_FAILURE;
|
||||
}
|
||||
else {
|
||||
array_add(drbg->V, sizeof(drbg->V),
|
||||
drbg->digest, sizeof(drbg->digest));
|
||||
array_add(drbg->V, sizeof(drbg->V), drbg->C, sizeof(drbg->C));
|
||||
#ifdef LITTLE_ENDIAN_ORDER
|
||||
reseedCtr = ByteReverseWord32(reseedCtr);
|
||||
#endif
|
||||
array_add(drbg->V, sizeof(drbg->V),
|
||||
(byte*)&reseedCtr, sizeof(reseedCtr));
|
||||
ret = DRBG_SUCCESS;
|
||||
}
|
||||
drbg->reseedCtr++;
|
||||
}
|
||||
}
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
|
||||
/* Returns: DRBG_SUCCESS or DRBG_FAILURE */
|
||||
static int Hash_DRBG_Instantiate(DRBG* drbg, const byte* seed, word32 seedSz,
|
||||
const byte* nonce, word32 nonceSz)
|
||||
{
|
||||
int ret = DRBG_FAILURE;
|
||||
|
||||
XMEMSET(drbg, 0, sizeof(DRBG));
|
||||
|
||||
if (Hash_df(drbg, drbg->V, sizeof(drbg->V), drbgInitV, seed, seedSz,
|
||||
nonce, nonceSz) == DRBG_SUCCESS &&
|
||||
Hash_df(drbg, drbg->C, sizeof(drbg->C), drbgInitC, drbg->V,
|
||||
sizeof(drbg->V), NULL, 0) == DRBG_SUCCESS) {
|
||||
|
||||
drbg->reseedCtr = 1;
|
||||
drbg->lastBlock = 0;
|
||||
drbg->matchCount = 0;
|
||||
ret = DRBG_SUCCESS;
|
||||
}
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
|
||||
/* Returns: DRBG_SUCCESS */
|
||||
static int Hash_DRBG_Uninstantiate(DRBG* drbg)
|
||||
{
|
||||
XMEMSET(drbg, 0, sizeof(DRBG));
|
||||
|
||||
return DRBG_SUCCESS;
|
||||
}
|
||||
|
||||
/* End NIST DRBG Code */
|
||||
|
||||
|
||||
/* Get seed and key cipher */
|
||||
int wc_InitRng(RNG* rng)
|
||||
{
|
||||
int ret = BAD_FUNC_ARG;
|
||||
|
||||
if (rng != NULL) {
|
||||
byte entropy[ENTROPY_NONCE_SZ];
|
||||
|
||||
rng->drbg = (struct DRBG*)XMALLOC(sizeof(DRBG), NULL, DYNAMIC_TYPE_RNG);
|
||||
if (rng->drbg == NULL) {
|
||||
ret = MEMORY_E;
|
||||
}
|
||||
/* This doesn't use a separate nonce. The entropy input will be
|
||||
* the default size plus the size of the nonce making the seed
|
||||
* size. */
|
||||
else if (wc_GenerateSeed(&rng->seed, entropy, ENTROPY_NONCE_SZ) == 0 &&
|
||||
Hash_DRBG_Instantiate(rng->drbg, entropy, ENTROPY_NONCE_SZ,
|
||||
NULL, 0) == DRBG_SUCCESS) {
|
||||
|
||||
ret = Hash_DRBG_Generate(rng->drbg, NULL, 0);
|
||||
}
|
||||
else
|
||||
ret = DRBG_FAILURE;
|
||||
|
||||
XMEMSET(entropy, 0, ENTROPY_NONCE_SZ);
|
||||
|
||||
if (ret == DRBG_SUCCESS) {
|
||||
rng->status = DRBG_OK;
|
||||
ret = 0;
|
||||
}
|
||||
else if (ret == DRBG_CONT_FAILURE) {
|
||||
rng->status = DRBG_CONT_FAILED;
|
||||
ret = DRBG_CONT_FIPS_E;
|
||||
}
|
||||
else if (ret == DRBG_FAILURE) {
|
||||
rng->status = DRBG_FAILED;
|
||||
ret = RNG_FAILURE_E;
|
||||
}
|
||||
else {
|
||||
rng->status = DRBG_FAILED;
|
||||
}
|
||||
}
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
|
||||
/* place a generated block in output */
|
||||
int wc_RNG_GenerateBlock(RNG* rng, byte* output, word32 sz)
|
||||
{
|
||||
int ret;
|
||||
|
||||
if (rng == NULL || output == NULL || sz > MAX_REQUEST_LEN)
|
||||
return BAD_FUNC_ARG;
|
||||
|
||||
if (rng->status != DRBG_OK)
|
||||
return RNG_FAILURE_E;
|
||||
|
||||
ret = Hash_DRBG_Generate(rng->drbg, output, sz);
|
||||
|
||||
if (ret == DRBG_NEED_RESEED) {
|
||||
byte entropy[ENTROPY_SZ];
|
||||
|
||||
if (wc_GenerateSeed(&rng->seed, entropy, ENTROPY_SZ) == 0 &&
|
||||
Hash_DRBG_Reseed(rng->drbg, entropy, ENTROPY_SZ) == DRBG_SUCCESS) {
|
||||
|
||||
ret = Hash_DRBG_Generate(rng->drbg, NULL, 0);
|
||||
if (ret == DRBG_SUCCESS)
|
||||
ret = Hash_DRBG_Generate(rng->drbg, output, sz);
|
||||
}
|
||||
else
|
||||
ret = DRBG_FAILURE;
|
||||
|
||||
XMEMSET(entropy, 0, ENTROPY_SZ);
|
||||
}
|
||||
|
||||
if (ret == DRBG_SUCCESS) {
|
||||
ret = 0;
|
||||
}
|
||||
else if (ret == DRBG_CONT_FAILURE) {
|
||||
ret = DRBG_CONT_FIPS_E;
|
||||
rng->status = DRBG_CONT_FAILED;
|
||||
}
|
||||
else {
|
||||
ret = RNG_FAILURE_E;
|
||||
rng->status = DRBG_FAILED;
|
||||
}
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
|
||||
int wc_RNG_GenerateByte(RNG* rng, byte* b)
|
||||
{
|
||||
return wc_RNG_GenerateBlock(rng, b, 1);
|
||||
}
|
||||
|
||||
|
||||
int wc_FreeRng(RNG* rng)
|
||||
{
|
||||
int ret = BAD_FUNC_ARG;
|
||||
|
||||
if (rng != NULL) {
|
||||
if (Hash_DRBG_Uninstantiate(rng->drbg) == DRBG_SUCCESS)
|
||||
ret = 0;
|
||||
else
|
||||
ret = RNG_FAILURE_E;
|
||||
|
||||
XFREE(rng->drbg, NULL, DYNAMIC_TYPE_RNG);
|
||||
rng->drbg = NULL;
|
||||
rng->status = DRBG_NOT_INIT;
|
||||
}
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
|
||||
int wc_RNG_HealthTest(int reseed, const byte* entropyA, word32 entropyASz,
|
||||
const byte* entropyB, word32 entropyBSz,
|
||||
byte* output, word32 outputSz)
|
||||
{
|
||||
DRBG drbg;
|
||||
|
||||
if (entropyA == NULL || output == NULL)
|
||||
return BAD_FUNC_ARG;
|
||||
|
||||
if (reseed != 0 && entropyB == NULL)
|
||||
return BAD_FUNC_ARG;
|
||||
|
||||
if (outputSz != (SHA256_DIGEST_SIZE * 4))
|
||||
return -1;
|
||||
|
||||
if (Hash_DRBG_Instantiate(&drbg, entropyA, entropyASz, NULL, 0) != 0)
|
||||
return -1;
|
||||
|
||||
if (reseed) {
|
||||
if (Hash_DRBG_Reseed(&drbg, entropyB, entropyBSz) != 0) {
|
||||
Hash_DRBG_Uninstantiate(&drbg);
|
||||
return -1;
|
||||
}
|
||||
}
|
||||
|
||||
if (Hash_DRBG_Generate(&drbg, output, outputSz) != 0) {
|
||||
Hash_DRBG_Uninstantiate(&drbg);
|
||||
return -1;
|
||||
}
|
||||
|
||||
if (Hash_DRBG_Generate(&drbg, output, outputSz) != 0) {
|
||||
Hash_DRBG_Uninstantiate(&drbg);
|
||||
return -1;
|
||||
}
|
||||
|
||||
Hash_DRBG_Uninstantiate(&drbg);
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
#else /* HAVE_HASHDRBG || NO_RC4 */
|
||||
|
||||
/* Get seed and key cipher */
|
||||
int wc_InitRng(RNG* rng)
|
||||
{
|
||||
int ret;
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
byte* key;
|
||||
byte* junk;
|
||||
#else
|
||||
byte key[32];
|
||||
byte junk[256];
|
||||
#endif
|
||||
|
||||
#ifdef HAVE_CAVIUM
|
||||
if (rng->magic == WOLFSSL_RNG_CAVIUM_MAGIC)
|
||||
return 0;
|
||||
#endif
|
||||
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
key = (byte*)XMALLOC(32, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
if (key == NULL)
|
||||
return MEMORY_E;
|
||||
|
||||
junk = (byte*)XMALLOC(256, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
if (junk == NULL) {
|
||||
XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
return MEMORY_E;
|
||||
}
|
||||
#endif
|
||||
|
||||
ret = wc_GenerateSeed(&rng->seed, key, 32);
|
||||
|
||||
if (ret == 0) {
|
||||
Arc4SetKey(&rng->cipher, key, sizeof(key));
|
||||
|
||||
ret = wc_RNG_GenerateBlock(rng, junk, 256); /*rid initial state*/
|
||||
}
|
||||
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(junk, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
#endif
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
#ifdef HAVE_CAVIUM
|
||||
static void CaviumRNG_GenerateBlock(RNG* rng, byte* output, word32 sz);
|
||||
#endif
|
||||
|
||||
/* place a generated block in output */
|
||||
int wc_RNG_GenerateBlock(RNG* rng, byte* output, word32 sz)
|
||||
{
|
||||
#ifdef HAVE_CAVIUM
|
||||
if (rng->magic == WOLFSSL_RNG_CAVIUM_MAGIC)
|
||||
return CaviumRNG_GenerateBlock(rng, output, sz);
|
||||
#endif
|
||||
XMEMSET(output, 0, sz);
|
||||
Arc4Process(&rng->cipher, output, output, sz);
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
int wc_RNG_GenerateByte(RNG* rng, byte* b)
|
||||
{
|
||||
return wc_RNG_GenerateBlock(rng, b, 1);
|
||||
}
|
||||
|
||||
|
||||
#ifdef HAVE_CAVIUM
|
||||
|
||||
#include <cyassl/ctaocrypt/logging.h>
|
||||
#include "cavium_common.h"
|
||||
|
||||
/* Initiliaze RNG for use with Nitrox device */
|
||||
int wc_InitRngCavium(RNG* rng, int devId)
|
||||
{
|
||||
if (rng == NULL)
|
||||
return -1;
|
||||
|
||||
rng->devId = devId;
|
||||
rng->magic = WOLFSSL_RNG_CAVIUM_MAGIC;
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
static void CaviumRNG_GenerateBlock(RNG* rng, byte* output, word32 sz)
|
||||
{
|
||||
cyassl_word offset = 0;
|
||||
word32 requestId;
|
||||
|
||||
while (sz > WOLFSSL_MAX_16BIT) {
|
||||
word16 slen = (word16)WOLFSSL_MAX_16BIT;
|
||||
if (CspRandom(CAVIUM_BLOCKING, slen, output + offset, &requestId,
|
||||
rng->devId) != 0) {
|
||||
WOLFSSL_MSG("Cavium RNG failed");
|
||||
}
|
||||
sz -= WOLFSSL_MAX_16BIT;
|
||||
offset += WOLFSSL_MAX_16BIT;
|
||||
}
|
||||
if (sz) {
|
||||
word16 slen = (word16)sz;
|
||||
if (CspRandom(CAVIUM_BLOCKING, slen, output + offset, &requestId,
|
||||
rng->devId) != 0) {
|
||||
WOLFSSL_MSG("Cavium RNG failed");
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
#endif /* HAVE_CAVIUM */
|
||||
|
||||
#endif /* HAVE_HASHDRBG || NO_RC4 */
|
||||
|
||||
|
||||
#if defined(USE_WINDOWS_API)
|
||||
|
||||
|
||||
int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
|
||||
{
|
||||
if(!CryptAcquireContext(&os->handle, 0, 0, PROV_RSA_FULL,
|
||||
CRYPT_VERIFYCONTEXT))
|
||||
return WINCRYPT_E;
|
||||
|
||||
if (!CryptGenRandom(os->handle, sz, output))
|
||||
return CRYPTGEN_E;
|
||||
|
||||
CryptReleaseContext(os->handle, 0);
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
#elif defined(HAVE_RTP_SYS) || defined(EBSNET)
|
||||
|
||||
#include "rtprand.h" /* rtp_rand () */
|
||||
#include "rtptime.h" /* rtp_get_system_msec() */
|
||||
|
||||
|
||||
int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
|
||||
{
|
||||
int i;
|
||||
rtp_srand(rtp_get_system_msec());
|
||||
|
||||
for (i = 0; i < sz; i++ ) {
|
||||
output[i] = rtp_rand() % 256;
|
||||
if ( (i % 8) == 7)
|
||||
rtp_srand(rtp_get_system_msec());
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
#elif defined(MICRIUM)
|
||||
|
||||
int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
|
||||
{
|
||||
#if (NET_SECURE_MGR_CFG_EN == DEF_ENABLED)
|
||||
NetSecure_InitSeed(output, sz);
|
||||
#endif
|
||||
return 0;
|
||||
}
|
||||
|
||||
#elif defined(MBED)
|
||||
|
||||
/* write a real one !!!, just for testing board */
|
||||
int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
|
||||
{
|
||||
int i;
|
||||
for (i = 0; i < sz; i++ )
|
||||
output[i] = i;
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
#elif defined(MICROCHIP_PIC32)
|
||||
|
||||
#ifdef MICROCHIP_MPLAB_HARMONY
|
||||
#define PIC32_SEED_COUNT _CP0_GET_COUNT
|
||||
#else
|
||||
#if !defined(WOLFSSL_MICROCHIP_PIC32MZ)
|
||||
#include <peripheral/timer.h>
|
||||
#endif
|
||||
#define PIC32_SEED_COUNT ReadCoreTimer
|
||||
#endif
|
||||
#ifdef WOLFSSL_MIC32MZ_RNG
|
||||
#include "xc.h"
|
||||
int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
|
||||
{
|
||||
int i ;
|
||||
byte rnd[8] ;
|
||||
word32 *rnd32 = (word32 *)rnd ;
|
||||
word32 size = sz ;
|
||||
byte* op = output ;
|
||||
|
||||
/* This part has to be replaced with better random seed */
|
||||
RNGNUMGEN1 = ReadCoreTimer();
|
||||
RNGPOLY1 = ReadCoreTimer();
|
||||
RNGPOLY2 = ReadCoreTimer();
|
||||
RNGNUMGEN2 = ReadCoreTimer();
|
||||
#ifdef DEBUG_WOLFSSL
|
||||
printf("GenerateSeed::Seed=%08x, %08x\n", RNGNUMGEN1, RNGNUMGEN2) ;
|
||||
#endif
|
||||
RNGCONbits.PLEN = 0x40;
|
||||
RNGCONbits.PRNGEN = 1;
|
||||
for(i=0; i<5; i++) { /* wait for RNGNUMGEN ready */
|
||||
volatile int x ;
|
||||
x = RNGNUMGEN1 ;
|
||||
x = RNGNUMGEN2 ;
|
||||
}
|
||||
do {
|
||||
rnd32[0] = RNGNUMGEN1;
|
||||
rnd32[1] = RNGNUMGEN2;
|
||||
|
||||
for(i=0; i<8; i++, op++) {
|
||||
*op = rnd[i] ;
|
||||
size -- ;
|
||||
if(size==0)break ;
|
||||
}
|
||||
} while(size) ;
|
||||
return 0;
|
||||
}
|
||||
#else /* WOLFSSL_MIC32MZ_RNG */
|
||||
/* uses the core timer, in nanoseconds to seed srand */
|
||||
int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
|
||||
{
|
||||
int i;
|
||||
srand(PIC32_SEED_COUNT() * 25);
|
||||
|
||||
for (i = 0; i < sz; i++ ) {
|
||||
output[i] = rand() % 256;
|
||||
if ( (i % 8) == 7)
|
||||
srand(PIC32_SEED_COUNT() * 25);
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
#endif /* WOLFSSL_MIC32MZ_RNG */
|
||||
|
||||
#elif defined(FREESCALE_MQX)
|
||||
|
||||
#ifdef FREESCALE_K70_RNGA
|
||||
/*
|
||||
* wc_Generates a RNG seed using the Random Number Generator Accelerator
|
||||
* on the Kinetis K70. Documentation located in Chapter 37 of
|
||||
* K70 Sub-Family Reference Manual (see Note 3 in the README for link).
|
||||
*/
|
||||
int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
|
||||
{
|
||||
int i;
|
||||
|
||||
/* turn on RNGA module */
|
||||
SIM_SCGC3 |= SIM_SCGC3_RNGA_MASK;
|
||||
|
||||
/* set SLP bit to 0 - "RNGA is not in sleep mode" */
|
||||
RNG_CR &= ~RNG_CR_SLP_MASK;
|
||||
|
||||
/* set HA bit to 1 - "security violations masked" */
|
||||
RNG_CR |= RNG_CR_HA_MASK;
|
||||
|
||||
/* set GO bit to 1 - "output register loaded with data" */
|
||||
RNG_CR |= RNG_CR_GO_MASK;
|
||||
|
||||
for (i = 0; i < sz; i++) {
|
||||
|
||||
/* wait for RNG FIFO to be full */
|
||||
while((RNG_SR & RNG_SR_OREG_LVL(0xF)) == 0) {}
|
||||
|
||||
/* get value */
|
||||
output[i] = RNG_OR;
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
#elif defined(FREESCALE_K53_RNGB)
|
||||
/*
|
||||
* wc_Generates a RNG seed using the Random Number Generator (RNGB)
|
||||
* on the Kinetis K53. Documentation located in Chapter 33 of
|
||||
* K53 Sub-Family Reference Manual (see note in the README for link).
|
||||
*/
|
||||
int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
|
||||
{
|
||||
int i;
|
||||
|
||||
/* turn on RNGB module */
|
||||
SIM_SCGC3 |= SIM_SCGC3_RNGB_MASK;
|
||||
|
||||
/* reset RNGB */
|
||||
RNG_CMD |= RNG_CMD_SR_MASK;
|
||||
|
||||
/* FIFO generate interrupt, return all zeros on underflow,
|
||||
* set auto reseed */
|
||||
RNG_CR |= (RNG_CR_FUFMOD_MASK | RNG_CR_AR_MASK);
|
||||
|
||||
/* gen seed, clear interrupts, clear errors */
|
||||
RNG_CMD |= (RNG_CMD_GS_MASK | RNG_CMD_CI_MASK | RNG_CMD_CE_MASK);
|
||||
|
||||
/* wait for seeding to complete */
|
||||
while ((RNG_SR & RNG_SR_SDN_MASK) == 0) {}
|
||||
|
||||
for (i = 0; i < sz; i++) {
|
||||
|
||||
/* wait for a word to be available from FIFO */
|
||||
while((RNG_SR & RNG_SR_FIFO_LVL_MASK) == 0) {}
|
||||
|
||||
/* get value */
|
||||
output[i] = RNG_OUT;
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
#else
|
||||
#warning "write a real random seed!!!!, just for testing now"
|
||||
|
||||
int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
|
||||
{
|
||||
int i;
|
||||
for (i = 0; i < sz; i++ )
|
||||
output[i] = i;
|
||||
|
||||
return 0;
|
||||
}
|
||||
#endif /* FREESCALE_K70_RNGA */
|
||||
|
||||
#elif defined(WOLFSSL_SAFERTOS) || defined(CYASSL_LEANPSK) \
|
||||
|| defined(WOLFSSL_IAR_ARM) || defined(CYASSL_MDK_ARM)
|
||||
|
||||
#warning "write a real random seed!!!!, just for testing now"
|
||||
|
||||
int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
|
||||
{
|
||||
word32 i;
|
||||
for (i = 0; i < sz; i++ )
|
||||
output[i] = i;
|
||||
|
||||
(void)os;
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
#elif defined(STM32F2_RNG)
|
||||
#undef RNG
|
||||
#include "stm32f2xx_rng.h"
|
||||
#include "stm32f2xx_rcc.h"
|
||||
/*
|
||||
* wc_Generate a RNG seed using the hardware random number generator
|
||||
* on the STM32F2. Documentation located in STM32F2xx Standard Peripheral
|
||||
* Library document (See note in README).
|
||||
*/
|
||||
int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
|
||||
{
|
||||
int i;
|
||||
|
||||
/* enable RNG clock source */
|
||||
RCC_AHB2PeriphClockCmd(RCC_AHB2Periph_RNG, ENABLE);
|
||||
|
||||
/* enable RNG peripheral */
|
||||
RNG_Cmd(ENABLE);
|
||||
|
||||
for (i = 0; i < sz; i++) {
|
||||
/* wait until RNG number is ready */
|
||||
while(RNG_GetFlagStatus(RNG_FLAG_DRDY)== RESET) { }
|
||||
|
||||
/* get value */
|
||||
output[i] = RNG_GetRandomNumber();
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
#elif defined(WOLFSSL_LPC43xx) || defined(CYASSL_STM32F2xx)
|
||||
|
||||
#warning "write a real random seed!!!!, just for testing now"
|
||||
|
||||
int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
|
||||
{
|
||||
int i;
|
||||
|
||||
for (i = 0; i < sz; i++ )
|
||||
output[i] = i;
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
#elif defined(WOLFSSL_TIRTOS)
|
||||
|
||||
#include <xdc/runtime/Timestamp.h>
|
||||
#include <stdlib.h>
|
||||
int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
|
||||
{
|
||||
int i;
|
||||
srand(xdc_runtime_Timestamp_get32());
|
||||
|
||||
for (i = 0; i < sz; i++ ) {
|
||||
output[i] = rand() % 256;
|
||||
if ((i % 8) == 7) {
|
||||
srand(xdc_runtime_Timestamp_get32());
|
||||
}
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
#elif defined(CUSTOM_RAND_GENERATE)
|
||||
|
||||
/* Implement your own random generation function
|
||||
* word32 rand_gen(void);
|
||||
* #define CUSTOM_RAND_GENERATE rand_gen */
|
||||
|
||||
int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
|
||||
{
|
||||
int i;
|
||||
|
||||
for (i = 0; i < sz; i++ )
|
||||
output[i] = CUSTOM_RAND_GENERATE();
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
#elif defined(NO_DEV_RANDOM)
|
||||
|
||||
#error "you need to write an os specific wc_GenerateSeed() here"
|
||||
|
||||
/*
|
||||
int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
|
||||
{
|
||||
return 0;
|
||||
}
|
||||
*/
|
||||
|
||||
|
||||
#else /* !USE_WINDOWS_API && !HAVE_RPT_SYS && !MICRIUM && !NO_DEV_RANDOM */
|
||||
|
||||
|
||||
/* may block */
|
||||
int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz)
|
||||
{
|
||||
int ret = 0;
|
||||
|
||||
os->fd = open("/dev/urandom",O_RDONLY);
|
||||
if (os->fd == -1) {
|
||||
/* may still have /dev/random */
|
||||
os->fd = open("/dev/random",O_RDONLY);
|
||||
if (os->fd == -1)
|
||||
return OPEN_RAN_E;
|
||||
}
|
||||
|
||||
while (sz) {
|
||||
int len = (int)read(os->fd, output, sz);
|
||||
if (len == -1) {
|
||||
ret = READ_RAN_E;
|
||||
break;
|
||||
}
|
||||
|
||||
sz -= len;
|
||||
output += len;
|
||||
|
||||
if (sz) {
|
||||
#ifdef BLOCKING
|
||||
sleep(0); /* context switch */
|
||||
#else
|
||||
ret = RAN_BLOCK_E;
|
||||
break;
|
||||
#endif
|
||||
}
|
||||
}
|
||||
close(os->fd);
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
#endif /* USE_WINDOWS_API */
|
||||
#endif /* HAVE_FIPS */
|
||||
|
||||
|
@ -29,11 +29,7 @@
|
||||
|
||||
#include <wolfssl/wolfcrypt/rsa.h>
|
||||
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
#ifdef HAVE_FIPS
|
||||
int wc_InitRsaKey(RsaKey* key, void* ptr)
|
||||
{
|
||||
return InitRsaKey(key, ptr);
|
||||
@ -127,7 +123,7 @@ int wc_RsaFlattenPublicKey(RsaKey* key, byte* a, word32* aSz, byte* b,
|
||||
}
|
||||
|
||||
|
||||
int wc_RsaKeyToDer(RsaKey* key, byte* output, word32 inLen)
|
||||
int RsaKey*ToDer(RsaKey* key, byte* output, word32 inLen)
|
||||
{
|
||||
return RsaKeyToDer(key, output, inLen);
|
||||
}
|
||||
@ -237,12 +233,833 @@ int wc_RsaFlattenPublicKey(RsaKey* key, byte* a, word32* aSz, byte* b,
|
||||
#endif /* FIPS_NO_WRAPPERS */
|
||||
|
||||
#endif /* HAVE_FIPS */
|
||||
#else
|
||||
#include <wolfssl/wolfcrypt/settings.h>
|
||||
#include <wolfssl/wolfcrypt/random.h>
|
||||
#include <wolfssl/wolfcrypt/error-crypt.h>
|
||||
#include <wolfssl/wolfcrypt/logging.h>
|
||||
|
||||
|
||||
#ifdef __cplusplus
|
||||
} /* extern "C" */
|
||||
#ifdef SHOW_GEN
|
||||
#ifdef FREESCALE_MQX
|
||||
#include <fio.h>
|
||||
#else
|
||||
#include <stdio.h>
|
||||
#endif
|
||||
#endif
|
||||
|
||||
#ifdef HAVE_CAVIUM
|
||||
static int InitCaviumRsaKey(RsaKey* key, void* heap);
|
||||
static int FreeCaviumRsaKey(RsaKey* key);
|
||||
static int CaviumRsaPublicEncrypt(const byte* in, word32 inLen, byte* out,
|
||||
word32 outLen, RsaKey* key);
|
||||
static int CaviumRsaPrivateDecrypt(const byte* in, word32 inLen, byte* out,
|
||||
word32 outLen, RsaKey* key);
|
||||
static int CaviumRsaSSL_Sign(const byte* in, word32 inLen, byte* out,
|
||||
word32 outLen, RsaKey* key);
|
||||
static int CaviumRsaSSL_Verify(const byte* in, word32 inLen, byte* out,
|
||||
word32 outLen, RsaKey* key);
|
||||
#endif
|
||||
|
||||
enum {
|
||||
RSA_PUBLIC_ENCRYPT = 0,
|
||||
RSA_PUBLIC_DECRYPT = 1,
|
||||
RSA_PRIVATE_ENCRYPT = 2,
|
||||
RSA_PRIVATE_DECRYPT = 3,
|
||||
|
||||
RSA_BLOCK_TYPE_1 = 1,
|
||||
RSA_BLOCK_TYPE_2 = 2,
|
||||
|
||||
RSA_MIN_SIZE = 512,
|
||||
RSA_MAX_SIZE = 4096,
|
||||
|
||||
RSA_MIN_PAD_SZ = 11 /* seperator + 0 + pad value + 8 pads */
|
||||
};
|
||||
|
||||
|
||||
int wc_InitRsaKey(RsaKey* key, void* heap)
|
||||
{
|
||||
#ifdef HAVE_CAVIUM
|
||||
if (key->magic == WOLFSSL_RSA_CAVIUM_MAGIC)
|
||||
return InitCaviumRsaKey(key, heap);
|
||||
#endif
|
||||
|
||||
key->type = -1; /* haven't decided yet */
|
||||
key->heap = heap;
|
||||
|
||||
/* TomsFastMath doesn't use memory allocation */
|
||||
#ifndef USE_FAST_MATH
|
||||
key->n.dp = key->e.dp = 0; /* public alloc parts */
|
||||
|
||||
key->d.dp = key->p.dp = 0; /* private alloc parts */
|
||||
key->q.dp = key->dP.dp = 0;
|
||||
key->u.dp = key->dQ.dp = 0;
|
||||
#endif
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
int wc_FreeRsaKey(RsaKey* key)
|
||||
{
|
||||
(void)key;
|
||||
|
||||
#ifdef HAVE_CAVIUM
|
||||
if (key->magic == WOLFSSL_RSA_CAVIUM_MAGIC)
|
||||
return FreeCaviumRsaKey(key);
|
||||
#endif
|
||||
|
||||
/* TomsFastMath doesn't use memory allocation */
|
||||
#ifndef USE_FAST_MATH
|
||||
if (key->type == RSA_PRIVATE) {
|
||||
mp_clear(&key->u);
|
||||
mp_clear(&key->dQ);
|
||||
mp_clear(&key->dP);
|
||||
mp_clear(&key->q);
|
||||
mp_clear(&key->p);
|
||||
mp_clear(&key->d);
|
||||
}
|
||||
mp_clear(&key->e);
|
||||
mp_clear(&key->n);
|
||||
#endif
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
static int wc_RsaPad(const byte* input, word32 inputLen, byte* pkcsBlock,
|
||||
word32 pkcsBlockLen, byte padValue, RNG* rng)
|
||||
{
|
||||
if (inputLen == 0)
|
||||
return 0;
|
||||
|
||||
pkcsBlock[0] = 0x0; /* set first byte to zero and advance */
|
||||
pkcsBlock++; pkcsBlockLen--;
|
||||
pkcsBlock[0] = padValue; /* insert padValue */
|
||||
|
||||
if (padValue == RSA_BLOCK_TYPE_1)
|
||||
/* pad with 0xff bytes */
|
||||
XMEMSET(&pkcsBlock[1], 0xFF, pkcsBlockLen - inputLen - 2);
|
||||
else {
|
||||
/* pad with non-zero random bytes */
|
||||
word32 padLen = pkcsBlockLen - inputLen - 1, i;
|
||||
int ret = RNG_GenerateBlock(rng, &pkcsBlock[1], padLen);
|
||||
|
||||
if (ret != 0)
|
||||
return ret;
|
||||
|
||||
/* remove zeros */
|
||||
for (i = 1; i < padLen; i++)
|
||||
if (pkcsBlock[i] == 0) pkcsBlock[i] = 0x01;
|
||||
}
|
||||
|
||||
pkcsBlock[pkcsBlockLen-inputLen-1] = 0; /* separator */
|
||||
XMEMCPY(pkcsBlock+pkcsBlockLen-inputLen, input, inputLen);
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
/* UnPad plaintext, set start to *output, return length of plaintext,
|
||||
* < 0 on error */
|
||||
static int RsaUnPad(const byte *pkcsBlock, unsigned int pkcsBlockLen,
|
||||
byte **output, byte padValue)
|
||||
{
|
||||
word32 maxOutputLen = (pkcsBlockLen > 10) ? (pkcsBlockLen - 10) : 0,
|
||||
invalid = 0,
|
||||
i = 1,
|
||||
outputLen;
|
||||
|
||||
if (pkcsBlock[0] != 0x0) /* skip past zero */
|
||||
invalid = 1;
|
||||
pkcsBlock++; pkcsBlockLen--;
|
||||
|
||||
/* Require block type padValue */
|
||||
invalid = (pkcsBlock[0] != padValue) || invalid;
|
||||
|
||||
/* verify the padding until we find the separator */
|
||||
if (padValue == RSA_BLOCK_TYPE_1) {
|
||||
while (i<pkcsBlockLen && pkcsBlock[i++] == 0xFF) {/* Null body */}
|
||||
}
|
||||
else {
|
||||
while (i<pkcsBlockLen && pkcsBlock[i++]) {/* Null body */}
|
||||
}
|
||||
|
||||
if(!(i==pkcsBlockLen || pkcsBlock[i-1]==0)) {
|
||||
WOLFSSL_MSG("RsaUnPad error, bad formatting");
|
||||
return RSA_PAD_E;
|
||||
}
|
||||
|
||||
outputLen = pkcsBlockLen - i;
|
||||
invalid = (outputLen > maxOutputLen) || invalid;
|
||||
|
||||
if (invalid) {
|
||||
WOLFSSL_MSG("RsaUnPad error, bad formatting");
|
||||
return RSA_PAD_E;
|
||||
}
|
||||
|
||||
*output = (byte *)(pkcsBlock + i);
|
||||
return outputLen;
|
||||
}
|
||||
|
||||
|
||||
static int wc_RsaFunction(const byte* in, word32 inLen, byte* out, word32* outLen,
|
||||
int type, RsaKey* key)
|
||||
{
|
||||
#define ERROR_OUT(x) { ret = (x); goto done;}
|
||||
|
||||
mp_int tmp;
|
||||
int ret = 0;
|
||||
word32 keyLen, len;
|
||||
|
||||
if (mp_init(&tmp) != MP_OKAY)
|
||||
return MP_INIT_E;
|
||||
|
||||
if (mp_read_unsigned_bin(&tmp, (byte*)in, inLen) != MP_OKAY)
|
||||
ERROR_OUT(MP_READ_E);
|
||||
|
||||
if (type == RSA_PRIVATE_DECRYPT || type == RSA_PRIVATE_ENCRYPT) {
|
||||
#ifdef RSA_LOW_MEM /* half as much memory but twice as slow */
|
||||
if (mp_exptmod(&tmp, &key->d, &key->n, &tmp) != MP_OKAY)
|
||||
ERROR_OUT(MP_EXPTMOD_E);
|
||||
#else
|
||||
#define INNER_ERROR_OUT(x) { ret = (x); goto inner_done; }
|
||||
|
||||
mp_int tmpa, tmpb;
|
||||
|
||||
if (mp_init(&tmpa) != MP_OKAY)
|
||||
ERROR_OUT(MP_INIT_E);
|
||||
|
||||
if (mp_init(&tmpb) != MP_OKAY) {
|
||||
mp_clear(&tmpa);
|
||||
ERROR_OUT(MP_INIT_E);
|
||||
}
|
||||
|
||||
/* tmpa = tmp^dP mod p */
|
||||
if (mp_exptmod(&tmp, &key->dP, &key->p, &tmpa) != MP_OKAY)
|
||||
INNER_ERROR_OUT(MP_EXPTMOD_E);
|
||||
|
||||
/* tmpb = tmp^dQ mod q */
|
||||
if (mp_exptmod(&tmp, &key->dQ, &key->q, &tmpb) != MP_OKAY)
|
||||
INNER_ERROR_OUT(MP_EXPTMOD_E);
|
||||
|
||||
/* tmp = (tmpa - tmpb) * qInv (mod p) */
|
||||
if (mp_sub(&tmpa, &tmpb, &tmp) != MP_OKAY)
|
||||
INNER_ERROR_OUT(MP_SUB_E);
|
||||
|
||||
if (mp_mulmod(&tmp, &key->u, &key->p, &tmp) != MP_OKAY)
|
||||
INNER_ERROR_OUT(MP_MULMOD_E);
|
||||
|
||||
/* tmp = tmpb + q * tmp */
|
||||
if (mp_mul(&tmp, &key->q, &tmp) != MP_OKAY)
|
||||
INNER_ERROR_OUT(MP_MUL_E);
|
||||
|
||||
if (mp_add(&tmp, &tmpb, &tmp) != MP_OKAY)
|
||||
INNER_ERROR_OUT(MP_ADD_E);
|
||||
|
||||
inner_done:
|
||||
mp_clear(&tmpa);
|
||||
mp_clear(&tmpb);
|
||||
|
||||
if (ret != 0) return ret;
|
||||
|
||||
#endif /* RSA_LOW_MEM */
|
||||
}
|
||||
else if (type == RSA_PUBLIC_ENCRYPT || type == RSA_PUBLIC_DECRYPT) {
|
||||
if (mp_exptmod(&tmp, &key->e, &key->n, &tmp) != MP_OKAY)
|
||||
ERROR_OUT(MP_EXPTMOD_E);
|
||||
}
|
||||
else
|
||||
ERROR_OUT(RSA_WRONG_TYPE_E);
|
||||
|
||||
keyLen = mp_unsigned_bin_size(&key->n);
|
||||
if (keyLen > *outLen)
|
||||
ERROR_OUT(RSA_BUFFER_E);
|
||||
|
||||
len = mp_unsigned_bin_size(&tmp);
|
||||
|
||||
/* pad front w/ zeros to match key length */
|
||||
while (len < keyLen) {
|
||||
*out++ = 0x00;
|
||||
len++;
|
||||
}
|
||||
|
||||
*outLen = keyLen;
|
||||
|
||||
/* convert */
|
||||
if (mp_to_unsigned_bin(&tmp, out) != MP_OKAY)
|
||||
ERROR_OUT(MP_TO_E);
|
||||
|
||||
done:
|
||||
mp_clear(&tmp);
|
||||
return ret;
|
||||
}
|
||||
|
||||
|
||||
int wc_RsaPublicEncrypt(const byte* in, word32 inLen, byte* out, word32 outLen,
|
||||
RsaKey* key, RNG* rng)
|
||||
{
|
||||
int sz, ret;
|
||||
|
||||
#ifdef HAVE_CAVIUM
|
||||
if (key->magic == WOLFSSL_RSA_CAVIUM_MAGIC)
|
||||
return CaviumRsaPublicEncrypt(in, inLen, out, outLen, key);
|
||||
#endif
|
||||
|
||||
sz = mp_unsigned_bin_size(&key->n);
|
||||
if (sz > (int)outLen)
|
||||
return RSA_BUFFER_E;
|
||||
|
||||
if (inLen > (word32)(sz - RSA_MIN_PAD_SZ))
|
||||
return RSA_BUFFER_E;
|
||||
|
||||
ret = wc_RsaPad(in, inLen, out, sz, RSA_BLOCK_TYPE_2, rng);
|
||||
if (ret != 0)
|
||||
return ret;
|
||||
|
||||
if ((ret = wc_RsaFunction(out, sz, out, &outLen, RSA_PUBLIC_ENCRYPT, key)) < 0)
|
||||
sz = ret;
|
||||
|
||||
return sz;
|
||||
}
|
||||
|
||||
|
||||
int wc_RsaPrivateDecryptInline(byte* in, word32 inLen, byte** out, RsaKey* key)
|
||||
{
|
||||
int ret;
|
||||
|
||||
#ifdef HAVE_CAVIUM
|
||||
if (key->magic == WOLFSSL_RSA_CAVIUM_MAGIC) {
|
||||
ret = CaviumRsaPrivateDecrypt(in, inLen, in, inLen, key);
|
||||
if (ret > 0)
|
||||
*out = in;
|
||||
return ret;
|
||||
}
|
||||
#endif
|
||||
|
||||
if ((ret = wc_RsaFunction(in, inLen, in, &inLen, RSA_PRIVATE_DECRYPT, key))
|
||||
< 0) {
|
||||
return ret;
|
||||
}
|
||||
|
||||
return RsaUnPad(in, inLen, out, RSA_BLOCK_TYPE_2);
|
||||
}
|
||||
|
||||
|
||||
int wc_RsaPrivateDecrypt(const byte* in, word32 inLen, byte* out, word32 outLen,
|
||||
RsaKey* key)
|
||||
{
|
||||
int plainLen;
|
||||
byte* tmp;
|
||||
byte* pad = 0;
|
||||
|
||||
#ifdef HAVE_CAVIUM
|
||||
if (key->magic == WOLFSSL_RSA_CAVIUM_MAGIC)
|
||||
return CaviumRsaPrivateDecrypt(in, inLen, out, outLen, key);
|
||||
#endif
|
||||
|
||||
tmp = (byte*)XMALLOC(inLen, key->heap, DYNAMIC_TYPE_RSA);
|
||||
if (tmp == NULL) {
|
||||
return MEMORY_E;
|
||||
}
|
||||
|
||||
XMEMCPY(tmp, in, inLen);
|
||||
|
||||
if ( (plainLen = wc_RsaPrivateDecryptInline(tmp, inLen, &pad, key) ) < 0) {
|
||||
XFREE(tmp, key->heap, DYNAMIC_TYPE_RSA);
|
||||
return plainLen;
|
||||
}
|
||||
if (plainLen > (int)outLen)
|
||||
plainLen = BAD_FUNC_ARG;
|
||||
else
|
||||
XMEMCPY(out, pad, plainLen);
|
||||
XMEMSET(tmp, 0x00, inLen);
|
||||
|
||||
XFREE(tmp, key->heap, DYNAMIC_TYPE_RSA);
|
||||
return plainLen;
|
||||
}
|
||||
|
||||
|
||||
/* for Rsa Verify */
|
||||
int wc_RsaSSL_VerifyInline(byte* in, word32 inLen, byte** out, RsaKey* key)
|
||||
{
|
||||
int ret;
|
||||
|
||||
#ifdef HAVE_CAVIUM
|
||||
if (key->magic == WOLFSSL_RSA_CAVIUM_MAGIC) {
|
||||
ret = CaviumRsaSSL_Verify(in, inLen, in, inLen, key);
|
||||
if (ret > 0)
|
||||
*out = in;
|
||||
return ret;
|
||||
}
|
||||
#endif
|
||||
|
||||
if ((ret = wc_RsaFunction(in, inLen, in, &inLen, RSA_PUBLIC_DECRYPT, key))
|
||||
< 0) {
|
||||
return ret;
|
||||
}
|
||||
|
||||
return RsaUnPad(in, inLen, out, RSA_BLOCK_TYPE_1);
|
||||
}
|
||||
|
||||
|
||||
int wc_RsaSSL_Verify(const byte* in, word32 inLen, byte* out, word32 outLen,
|
||||
RsaKey* key)
|
||||
{
|
||||
int plainLen;
|
||||
byte* tmp;
|
||||
byte* pad = 0;
|
||||
|
||||
#ifdef HAVE_CAVIUM
|
||||
if (key->magic == WOLFSSL_RSA_CAVIUM_MAGIC)
|
||||
return CaviumRsaSSL_Verify(in, inLen, out, outLen, key);
|
||||
#endif
|
||||
|
||||
tmp = (byte*)XMALLOC(inLen, key->heap, DYNAMIC_TYPE_RSA);
|
||||
if (tmp == NULL) {
|
||||
return MEMORY_E;
|
||||
}
|
||||
|
||||
XMEMCPY(tmp, in, inLen);
|
||||
|
||||
if ( (plainLen = wc_RsaSSL_VerifyInline(tmp, inLen, &pad, key) ) < 0) {
|
||||
XFREE(tmp, key->heap, DYNAMIC_TYPE_RSA);
|
||||
return plainLen;
|
||||
}
|
||||
|
||||
if (plainLen > (int)outLen)
|
||||
plainLen = BAD_FUNC_ARG;
|
||||
else
|
||||
XMEMCPY(out, pad, plainLen);
|
||||
XMEMSET(tmp, 0x00, inLen);
|
||||
|
||||
XFREE(tmp, key->heap, DYNAMIC_TYPE_RSA);
|
||||
return plainLen;
|
||||
}
|
||||
|
||||
|
||||
/* for Rsa Sign */
|
||||
int wc_RsaSSL_Sign(const byte* in, word32 inLen, byte* out, word32 outLen,
|
||||
RsaKey* key, RNG* rng)
|
||||
{
|
||||
int sz, ret;
|
||||
|
||||
#ifdef HAVE_CAVIUM
|
||||
if (key->magic == WOLFSSL_RSA_CAVIUM_MAGIC)
|
||||
return CaviumRsaSSL_Sign(in, inLen, out, outLen, key);
|
||||
#endif
|
||||
|
||||
sz = mp_unsigned_bin_size(&key->n);
|
||||
if (sz > (int)outLen)
|
||||
return RSA_BUFFER_E;
|
||||
|
||||
if (inLen > (word32)(sz - RSA_MIN_PAD_SZ))
|
||||
return RSA_BUFFER_E;
|
||||
|
||||
ret = wc_RsaPad(in, inLen, out, sz, RSA_BLOCK_TYPE_1, rng);
|
||||
if (ret != 0)
|
||||
return ret;
|
||||
|
||||
if ((ret = wc_RsaFunction(out, sz, out, &outLen, RSA_PRIVATE_ENCRYPT,key)) < 0)
|
||||
sz = ret;
|
||||
|
||||
return sz;
|
||||
}
|
||||
|
||||
|
||||
int wc_RsaEncryptSize(RsaKey* key)
|
||||
{
|
||||
#ifdef HAVE_CAVIUM
|
||||
if (key->magic == WOLFSSL_RSA_CAVIUM_MAGIC)
|
||||
return key->c_nSz;
|
||||
#endif
|
||||
return mp_unsigned_bin_size(&key->n);
|
||||
}
|
||||
|
||||
|
||||
int wc_RsaFlattenPublicKey(RsaKey* key, byte* e, word32* eSz, byte* n, word32* nSz)
|
||||
{
|
||||
int sz, ret;
|
||||
|
||||
if (key == NULL || e == NULL || eSz == NULL || n == NULL || nSz == NULL)
|
||||
return BAD_FUNC_ARG;
|
||||
|
||||
sz = mp_unsigned_bin_size(&key->e);
|
||||
if ((word32)sz > *nSz)
|
||||
return RSA_BUFFER_E;
|
||||
ret = mp_to_unsigned_bin(&key->e, e);
|
||||
if (ret != MP_OKAY)
|
||||
return ret;
|
||||
*eSz = (word32)sz;
|
||||
|
||||
sz = mp_unsigned_bin_size(&key->n);
|
||||
if ((word32)sz > *nSz)
|
||||
return RSA_BUFFER_E;
|
||||
ret = mp_to_unsigned_bin(&key->n, n);
|
||||
if (ret != MP_OKAY)
|
||||
return ret;
|
||||
*nSz = (word32)sz;
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
#ifdef WOLFSSL_KEY_GEN
|
||||
|
||||
static const int USE_BBS = 1;
|
||||
|
||||
static int rand_prime(mp_int* N, int len, RNG* rng, void* heap)
|
||||
{
|
||||
int err, res, type;
|
||||
byte* buf;
|
||||
|
||||
(void)heap;
|
||||
if (N == NULL || rng == NULL)
|
||||
return BAD_FUNC_ARG;
|
||||
|
||||
/* get type */
|
||||
if (len < 0) {
|
||||
type = USE_BBS;
|
||||
len = -len;
|
||||
} else {
|
||||
type = 0;
|
||||
}
|
||||
|
||||
/* allow sizes between 2 and 512 bytes for a prime size */
|
||||
if (len < 2 || len > 512) {
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
/* allocate buffer to work with */
|
||||
buf = (byte*)XMALLOC(len, heap, DYNAMIC_TYPE_RSA);
|
||||
if (buf == NULL) {
|
||||
return MEMORY_E;
|
||||
}
|
||||
XMEMSET(buf, 0, len);
|
||||
|
||||
do {
|
||||
#ifdef SHOW_GEN
|
||||
printf(".");
|
||||
fflush(stdout);
|
||||
#endif
|
||||
/* generate value */
|
||||
err = RNG_GenerateBlock(rng, buf, len);
|
||||
if (err != 0) {
|
||||
XFREE(buf, heap, DYNAMIC_TYPE_RSA);
|
||||
return err;
|
||||
}
|
||||
|
||||
/* munge bits */
|
||||
buf[0] |= 0x80 | 0x40;
|
||||
buf[len-1] |= 0x01 | ((type & USE_BBS) ? 0x02 : 0x00);
|
||||
|
||||
/* load value */
|
||||
if ((err = mp_read_unsigned_bin(N, buf, len)) != MP_OKAY) {
|
||||
XFREE(buf, heap, DYNAMIC_TYPE_RSA);
|
||||
return err;
|
||||
}
|
||||
|
||||
/* test */
|
||||
if ((err = mp_prime_is_prime(N, 8, &res)) != MP_OKAY) {
|
||||
XFREE(buf, heap, DYNAMIC_TYPE_RSA);
|
||||
return err;
|
||||
}
|
||||
} while (res == MP_NO);
|
||||
|
||||
#ifdef LTC_CLEAN_STACK
|
||||
XMEMSET(buf, 0, len);
|
||||
#endif
|
||||
|
||||
XFREE(buf, heap, DYNAMIC_TYPE_RSA);
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
/* Make an RSA key for size bits, with e specified, 65537 is a good e */
|
||||
int wc_MakeRsaKey(RsaKey* key, int size, long e, RNG* rng)
|
||||
{
|
||||
mp_int p, q, tmp1, tmp2, tmp3;
|
||||
int err;
|
||||
|
||||
if (key == NULL || rng == NULL)
|
||||
return BAD_FUNC_ARG;
|
||||
|
||||
if (size < RSA_MIN_SIZE || size > RSA_MAX_SIZE)
|
||||
return BAD_FUNC_ARG;
|
||||
|
||||
if (e < 3 || (e & 1) == 0)
|
||||
return BAD_FUNC_ARG;
|
||||
|
||||
if ((err = mp_init_multi(&p, &q, &tmp1, &tmp2, &tmp3, NULL)) != MP_OKAY)
|
||||
return err;
|
||||
|
||||
err = mp_set_int(&tmp3, e);
|
||||
|
||||
/* make p */
|
||||
if (err == MP_OKAY) {
|
||||
do {
|
||||
err = rand_prime(&p, size/16, rng, key->heap); /* size in bytes/2 */
|
||||
|
||||
if (err == MP_OKAY)
|
||||
err = mp_sub_d(&p, 1, &tmp1); /* tmp1 = p-1 */
|
||||
|
||||
if (err == MP_OKAY)
|
||||
err = mp_gcd(&tmp1, &tmp3, &tmp2); /* tmp2 = gcd(p-1, e) */
|
||||
} while (err == MP_OKAY && mp_cmp_d(&tmp2, 1) != 0); /* e divdes p-1 */
|
||||
}
|
||||
|
||||
/* make q */
|
||||
if (err == MP_OKAY) {
|
||||
do {
|
||||
err = rand_prime(&q, size/16, rng, key->heap); /* size in bytes/2 */
|
||||
|
||||
if (err == MP_OKAY)
|
||||
err = mp_sub_d(&q, 1, &tmp1); /* tmp1 = q-1 */
|
||||
|
||||
if (err == MP_OKAY)
|
||||
err = mp_gcd(&tmp1, &tmp3, &tmp2); /* tmp2 = gcd(q-1, e) */
|
||||
} while (err == MP_OKAY && mp_cmp_d(&tmp2, 1) != 0); /* e divdes q-1 */
|
||||
}
|
||||
|
||||
if (err == MP_OKAY)
|
||||
err = mp_init_multi(&key->n, &key->e, &key->d, &key->p, &key->q, NULL);
|
||||
|
||||
if (err == MP_OKAY)
|
||||
err = mp_init_multi(&key->dP, &key->dQ, &key->u, NULL, NULL, NULL);
|
||||
|
||||
if (err == MP_OKAY)
|
||||
err = mp_sub_d(&p, 1, &tmp2); /* tmp2 = p-1 */
|
||||
|
||||
if (err == MP_OKAY)
|
||||
err = mp_lcm(&tmp1, &tmp2, &tmp1); /* tmp1 = lcm(p-1, q-1),last loop */
|
||||
|
||||
/* make key */
|
||||
if (err == MP_OKAY)
|
||||
err = mp_set_int(&key->e, e); /* key->e = e */
|
||||
|
||||
if (err == MP_OKAY) /* key->d = 1/e mod lcm(p-1, q-1) */
|
||||
err = mp_invmod(&key->e, &tmp1, &key->d);
|
||||
|
||||
if (err == MP_OKAY)
|
||||
err = mp_mul(&p, &q, &key->n); /* key->n = pq */
|
||||
|
||||
if (err == MP_OKAY)
|
||||
err = mp_sub_d(&p, 1, &tmp1);
|
||||
|
||||
if (err == MP_OKAY)
|
||||
err = mp_sub_d(&q, 1, &tmp2);
|
||||
|
||||
if (err == MP_OKAY)
|
||||
err = mp_mod(&key->d, &tmp1, &key->dP);
|
||||
|
||||
if (err == MP_OKAY)
|
||||
err = mp_mod(&key->d, &tmp2, &key->dQ);
|
||||
|
||||
if (err == MP_OKAY)
|
||||
err = mp_invmod(&q, &p, &key->u);
|
||||
|
||||
if (err == MP_OKAY)
|
||||
err = mp_copy(&p, &key->p);
|
||||
|
||||
if (err == MP_OKAY)
|
||||
err = mp_copy(&q, &key->q);
|
||||
|
||||
if (err == MP_OKAY)
|
||||
key->type = RSA_PRIVATE;
|
||||
|
||||
mp_clear(&tmp3);
|
||||
mp_clear(&tmp2);
|
||||
mp_clear(&tmp1);
|
||||
mp_clear(&q);
|
||||
mp_clear(&p);
|
||||
|
||||
if (err != MP_OKAY) {
|
||||
wc_FreeRsaKey(key);
|
||||
return err;
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
#endif /* WOLFSSL_KEY_GEN */
|
||||
|
||||
|
||||
#ifdef HAVE_CAVIUM
|
||||
|
||||
#include <cyassl/ctaocrypt/logging.h>
|
||||
#include "cavium_common.h"
|
||||
|
||||
/* Initiliaze RSA for use with Nitrox device */
|
||||
int RsaInitCavium(RsaKey* rsa, int devId)
|
||||
{
|
||||
if (rsa == NULL)
|
||||
return -1;
|
||||
|
||||
if (CspAllocContext(CONTEXT_SSL, &rsa->contextHandle, devId) != 0)
|
||||
return -1;
|
||||
|
||||
rsa->devId = devId;
|
||||
rsa->magic = WOLFSSL_RSA_CAVIUM_MAGIC;
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
/* Free RSA from use with Nitrox device */
|
||||
void wc_RsaFreeCavium(RsaKey* rsa)
|
||||
{
|
||||
if (rsa == NULL)
|
||||
return;
|
||||
|
||||
CspFreeContext(CONTEXT_SSL, rsa->contextHandle, rsa->devId);
|
||||
rsa->magic = 0;
|
||||
}
|
||||
|
||||
|
||||
/* Initialize cavium RSA key */
|
||||
static int InitCaviumRsaKey(RsaKey* key, void* heap)
|
||||
{
|
||||
if (key == NULL)
|
||||
return BAD_FUNC_ARG;
|
||||
|
||||
key->heap = heap;
|
||||
key->type = -1; /* don't know yet */
|
||||
|
||||
key->c_n = NULL;
|
||||
key->c_e = NULL;
|
||||
key->c_d = NULL;
|
||||
key->c_p = NULL;
|
||||
key->c_q = NULL;
|
||||
key->c_dP = NULL;
|
||||
key->c_dQ = NULL;
|
||||
key->c_u = NULL;
|
||||
|
||||
key->c_nSz = 0;
|
||||
key->c_eSz = 0;
|
||||
key->c_dSz = 0;
|
||||
key->c_pSz = 0;
|
||||
key->c_qSz = 0;
|
||||
key->c_dP_Sz = 0;
|
||||
key->c_dQ_Sz = 0;
|
||||
key->c_uSz = 0;
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
/* Free cavium RSA key */
|
||||
static int FreeCaviumRsaKey(RsaKey* key)
|
||||
{
|
||||
if (key == NULL)
|
||||
return BAD_FUNC_ARG;
|
||||
|
||||
XFREE(key->c_n, key->heap, DYNAMIC_TYPE_CAVIUM_TMP);
|
||||
XFREE(key->c_e, key->heap, DYNAMIC_TYPE_CAVIUM_TMP);
|
||||
XFREE(key->c_d, key->heap, DYNAMIC_TYPE_CAVIUM_TMP);
|
||||
XFREE(key->c_p, key->heap, DYNAMIC_TYPE_CAVIUM_TMP);
|
||||
XFREE(key->c_q, key->heap, DYNAMIC_TYPE_CAVIUM_TMP);
|
||||
XFREE(key->c_dP, key->heap, DYNAMIC_TYPE_CAVIUM_TMP);
|
||||
XFREE(key->c_dQ, key->heap, DYNAMIC_TYPE_CAVIUM_TMP);
|
||||
XFREE(key->c_u, key->heap, DYNAMIC_TYPE_CAVIUM_TMP);
|
||||
|
||||
return InitCaviumRsaKey(key, key->heap); /* reset pointers */
|
||||
}
|
||||
|
||||
|
||||
static int CaviumRsaPublicEncrypt(const byte* in, word32 inLen, byte* out,
|
||||
word32 outLen, RsaKey* key)
|
||||
{
|
||||
word32 requestId;
|
||||
word32 ret;
|
||||
|
||||
if (key == NULL || in == NULL || out == NULL || outLen < (word32)key->c_nSz)
|
||||
return -1;
|
||||
|
||||
ret = CspPkcs1v15Enc(CAVIUM_BLOCKING, BT2, key->c_nSz, key->c_eSz,
|
||||
(word16)inLen, key->c_n, key->c_e, (byte*)in, out,
|
||||
&requestId, key->devId);
|
||||
if (ret != 0) {
|
||||
WOLFSSL_MSG("Cavium Enc BT2 failed");
|
||||
return -1;
|
||||
}
|
||||
return key->c_nSz;
|
||||
}
|
||||
|
||||
|
||||
static INLINE void ato16(const byte* c, word16* u16)
|
||||
{
|
||||
*u16 = (c[0] << 8) | (c[1]);
|
||||
}
|
||||
|
||||
|
||||
static int CaviumRsaPrivateDecrypt(const byte* in, word32 inLen, byte* out,
|
||||
word32 outLen, RsaKey* key)
|
||||
{
|
||||
word32 requestId;
|
||||
word32 ret;
|
||||
word16 outSz = (word16)outLen;
|
||||
|
||||
if (key == NULL || in == NULL || out == NULL || inLen != (word32)key->c_nSz)
|
||||
return -1;
|
||||
|
||||
ret = CspPkcs1v15CrtDec(CAVIUM_BLOCKING, BT2, key->c_nSz, key->c_q,
|
||||
key->c_dQ, key->c_p, key->c_dP, key->c_u,
|
||||
(byte*)in, &outSz, out, &requestId, key->devId);
|
||||
if (ret != 0) {
|
||||
WOLFSSL_MSG("Cavium CRT Dec BT2 failed");
|
||||
return -1;
|
||||
}
|
||||
ato16((const byte*)&outSz, &outSz);
|
||||
|
||||
return outSz;
|
||||
}
|
||||
|
||||
|
||||
static int CaviumRsaSSL_Sign(const byte* in, word32 inLen, byte* out,
|
||||
word32 outLen, RsaKey* key)
|
||||
{
|
||||
word32 requestId;
|
||||
word32 ret;
|
||||
|
||||
if (key == NULL || in == NULL || out == NULL || inLen == 0 || outLen <
|
||||
(word32)key->c_nSz)
|
||||
return -1;
|
||||
|
||||
ret = CspPkcs1v15CrtEnc(CAVIUM_BLOCKING, BT1, key->c_nSz, (word16)inLen,
|
||||
key->c_q, key->c_dQ, key->c_p, key->c_dP, key->c_u,
|
||||
(byte*)in, out, &requestId, key->devId);
|
||||
if (ret != 0) {
|
||||
WOLFSSL_MSG("Cavium CRT Enc BT1 failed");
|
||||
return -1;
|
||||
}
|
||||
return key->c_nSz;
|
||||
}
|
||||
|
||||
|
||||
static int CaviumRsaSSL_Verify(const byte* in, word32 inLen, byte* out,
|
||||
word32 outLen, RsaKey* key)
|
||||
{
|
||||
word32 requestId;
|
||||
word32 ret;
|
||||
word16 outSz = (word16)outLen;
|
||||
|
||||
if (key == NULL || in == NULL || out == NULL || inLen != (word32)key->c_nSz)
|
||||
return -1;
|
||||
|
||||
ret = CspPkcs1v15Dec(CAVIUM_BLOCKING, BT1, key->c_nSz, key->c_eSz,
|
||||
key->c_n, key->c_e, (byte*)in, &outSz, out,
|
||||
&requestId, key->devId);
|
||||
if (ret != 0) {
|
||||
WOLFSSL_MSG("Cavium Dec BT1 failed");
|
||||
return -1;
|
||||
}
|
||||
outSz = ntohs(outSz);
|
||||
|
||||
return outSz;
|
||||
}
|
||||
|
||||
|
||||
#endif /* HAVE_CAVIUM */
|
||||
|
||||
#endif /* HAVE_FIPS */
|
||||
#endif /* NO_RSA */
|
||||
|
||||
|
@ -26,11 +26,7 @@
|
||||
#include <wolfssl/wolfcrypt/settings.h>
|
||||
#include <wolfssl/wolfcrypt/sha512.h>
|
||||
|
||||
#ifdef WOLFSSL_SHA512
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
#if defined(WOLFSSL_SHA512) || defined(CYASSL_SHA512)
|
||||
|
||||
int wc_InitSha512(Sha512* sha)
|
||||
{
|
||||
@ -55,7 +51,7 @@ int wc_Sha512Hash(const byte* data, word32 len, byte* out)
|
||||
return Sha512Hash(data, len, out);
|
||||
}
|
||||
|
||||
#if defined(WOLFSSL_SHA384) || defined(HAVE_AESGCM)
|
||||
#if defined(CYASSL_SHA384) || defined(WOLFSSL_SHA384) || defined(HAVE_AESGCM)
|
||||
|
||||
int wc_InitSha384(Sha384* sha)
|
||||
{
|
||||
@ -82,9 +78,5 @@ int wc_Sha384Hash(const byte* data, word32 len, byte* out)
|
||||
|
||||
#endif /* WOLFSSL_SHA384 */
|
||||
|
||||
#ifdef __cplusplus
|
||||
} /* extern "C" */
|
||||
#endif
|
||||
|
||||
#endif /* WOLFSSL_SHA512 */
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user