1 /* 2 * Copyright (C) 2021 - This file is part of libecc project 3 * 4 * Authors: 5 * Ryad BENADJILA <ryadbenadjila@gmail.com> 6 * Arnaud EBALARD <arnaud.ebalard@ssi.gouv.fr> 7 * 8 * This software is licensed under a dual BSD and GPL v2 license. 9 * See LICENSE file at the root folder of the project. 10 */ 11 #ifndef __RSA_H__ 12 #define __RSA_H__ 13 14 /* 15 * NOTE: although we only need libarith for RSA as we 16 * manipulate a ring of integers, we include libsig for 17 * the hash algorithms. 18 */ 19 #include <libecc/lib_ecc_config.h> 20 21 /* The hash algorithms wrapper */ 22 #include "../../hash/hash.h" 23 24 /* We define hereafter the types and functions for RSA. 25 * The notations are taken from RFC 8017 and should be compliant 26 * with it. 27 */ 28 29 /* RSA public key, composed of: 30 * n the RSA modulus, a positive integer 31 * e the RSA public exponent, a positive integer 32 */ 33 typedef struct { 34 nn n; 35 nn e; 36 } rsa_pub_key; 37 38 /* RSA private key, composed of: 39 * n the RSA modulus, a positive integer 40 * d the RSA private exponent, a positive integer 41 * p (OPTIONAL) the first factor, a positive integer 42 * q (OPTIONAL) the secod factor, a positive integer 43 * 44 * OR when using CRT: 45 * p the first factor, a positive integer 46 * q the second factor, a positive integer 47 * dP the first factor's CRT exponent, a positive integer 48 * dQ the second factor's CRT exponent, a positive integer 49 * qInv the (first) CRT coefficient, a positive integer 50 * r_i the i-th factor, a positive integer 51 * d_i the i-th factor's CRT exponent, a positive integer 52 * t_i the i-th factor's CRT coefficient, a positive integer 53 * u is the number of (r_i, d_i, t_i) triplets. 54 */ 55 typedef enum { 56 RSA_SIMPLE = 0, 57 RSA_SIMPLE_PQ = 1, 58 RSA_CRT = 2, 59 } rsa_priv_key_type; 60 61 /*** RSA "simple" private key ***/ 62 typedef struct { 63 nn n; 64 nn d; 65 } rsa_priv_key_simple; 66 67 /*** RSA "simple" private key with optional p and q ***/ 68 typedef struct { 69 nn n; 70 nn d; 71 nn p; 72 nn q; 73 } rsa_priv_key_simple_pq; 74 75 /*** RSA CRT private key *******/ 76 typedef struct { 77 nn r; 78 nn d; 79 nn t; 80 } rsa_priv_key_crt_coeffs; 81 82 /* A maximum of 5 triplets are allowed in our implementation */ 83 #define MAX_CRT_COEFFS 5 84 typedef struct { 85 nn p; 86 nn q; 87 nn dP; 88 nn dQ; 89 nn qInv; 90 /* u is the number of additional CRT (r, d, t) triplets */ 91 u8 u; 92 rsa_priv_key_crt_coeffs coeffs[MAX_CRT_COEFFS]; 93 } rsa_priv_key_crt; 94 95 typedef struct { 96 rsa_priv_key_type type; 97 union { 98 rsa_priv_key_simple s; 99 rsa_priv_key_simple_pq s_pq; 100 rsa_priv_key_crt crt; 101 } key; 102 } rsa_priv_key; 103 104 ATTRIBUTE_WARN_UNUSED_RET int rsa_i2osp(nn_src_t x, u8 *buf, u32 buflen); 105 ATTRIBUTE_WARN_UNUSED_RET int rsa_os2ip(nn_t x, const u8 *buf, u32 buflen); 106 107 ATTRIBUTE_WARN_UNUSED_RET int rsa_import_pub_key(rsa_pub_key *pub, const u8 *n, 108 u16 nlen, const u8 *e, u16 elen); 109 ATTRIBUTE_WARN_UNUSED_RET int rsa_import_simple_priv_key(rsa_priv_key *priv, 110 const u8 *n, u16 nlen, const u8 *d, 111 u16 dlen, const u8 *p, u16 plen, const u8 *q, u16 qlen); 112 ATTRIBUTE_WARN_UNUSED_RET int rsa_import_crt_priv_key(rsa_priv_key *priv, 113 const u8 *p, u16 plen, 114 const u8 *q, u16 qlen, 115 const u8 *dP, u16 dPlen, 116 const u8 *dQ, u16 dQlen, 117 const u8 *qInv, u16 qInvlen, 118 const u8 **coeffs, u16 *coeffslens, u8 u); 119 120 ATTRIBUTE_WARN_UNUSED_RET int rsaep(const rsa_pub_key *pub, nn_src_t m, nn_t c); 121 ATTRIBUTE_WARN_UNUSED_RET int rsadp(const rsa_priv_key *priv, nn_src_t c, nn_t m); 122 ATTRIBUTE_WARN_UNUSED_RET int rsadp_hardened(const rsa_priv_key *priv, const rsa_pub_key *pub, nn_src_t c, nn_t m); 123 124 ATTRIBUTE_WARN_UNUSED_RET int rsasp1(const rsa_priv_key *priv, nn_src_t m, nn_t s); 125 ATTRIBUTE_WARN_UNUSED_RET int rsasp1_hardened(const rsa_priv_key *priv, const rsa_pub_key *pub, nn_src_t m, nn_t s); 126 ATTRIBUTE_WARN_UNUSED_RET int rsavp1(const rsa_pub_key *pub, nn_src_t s, nn_t m); 127 128 ATTRIBUTE_WARN_UNUSED_RET int emsa_pkcs1_v1_5_encode(const u8 *m, u32 mlen, u8 *em, u16 emlen, 129 gen_hash_alg_type rsa_hash_type); 130 ATTRIBUTE_WARN_UNUSED_RET int emsa_pss_encode(const u8 *m, u32 mlen, u8 *em, u32 embits, 131 u16 *eminlen, 132 gen_hash_alg_type rsa_hash_type, gen_hash_alg_type mgf_hash_type, 133 u32 saltlen, const u8 *forced_salt); 134 ATTRIBUTE_WARN_UNUSED_RET int emsa_pss_verify(const u8 *m, u32 mlen, const u8 *em, 135 u32 embits, u16 emlen, 136 gen_hash_alg_type rsa_hash_type, gen_hash_alg_type mgf_hash_type, 137 u32 slen); 138 139 ATTRIBUTE_WARN_UNUSED_RET int rsaes_pkcs1_v1_5_encrypt(const rsa_pub_key *pub, const u8 *m, u32 mlen, 140 u8 *c, u32 *clen, u32 modbits, 141 const u8 *forced_seed, u32 seedlen); 142 ATTRIBUTE_WARN_UNUSED_RET int rsaes_pkcs1_v1_5_decrypt(const rsa_priv_key *priv, const u8 *c, u32 clen, 143 u8 *m, u32 *mlen, u32 modbits); 144 ATTRIBUTE_WARN_UNUSED_RET int rsaes_pkcs1_v1_5_decrypt_hardened(const rsa_priv_key *priv, const rsa_pub_key *pub, const u8 *c, u32 clen, 145 u8 *m, u32 *mlen, u32 modbits); 146 147 ATTRIBUTE_WARN_UNUSED_RET int rsaes_oaep_encrypt(const rsa_pub_key *pub, const u8 *m, u32 mlen, 148 u8 *c, u32 *clen, u32 modbits, const u8 *label, u32 label_len, 149 gen_hash_alg_type rsa_hash_type, gen_hash_alg_type mgf_hash_type, 150 const u8 *forced_seed, u32 seedlen); 151 ATTRIBUTE_WARN_UNUSED_RET int rsaes_oaep_decrypt(const rsa_priv_key *priv, const u8 *c, u32 clen, 152 u8 *m, u32 *mlen, u32 modbits, const u8 *label, u32 label_len, 153 gen_hash_alg_type rsa_hash_type, gen_hash_alg_type mgf_hash_type); 154 ATTRIBUTE_WARN_UNUSED_RET int rsaes_oaep_decrypt_hardened(const rsa_priv_key *priv, const rsa_pub_key *pub, const u8 *c, u32 clen, 155 u8 *m, u32 *mlen, u32 modbits, const u8 *label, u32 label_len, 156 gen_hash_alg_type rsa_hash_type, gen_hash_alg_type mgf_hash_type); 157 158 ATTRIBUTE_WARN_UNUSED_RET int rsassa_pkcs1_v1_5_sign(const rsa_priv_key *priv, const u8 *m, u32 mlen, 159 u8 *s, u16 *slen, u32 modbits, gen_hash_alg_type rsa_hash_type); 160 ATTRIBUTE_WARN_UNUSED_RET int rsassa_pkcs1_v1_5_sign_hardened(const rsa_priv_key *priv, const rsa_pub_key *pub, const u8 *m, u32 mlen, 161 u8 *s, u16 *slen, u32 modbits, gen_hash_alg_type rsa_hash_type); 162 ATTRIBUTE_WARN_UNUSED_RET int rsassa_pkcs1_v1_5_verify(const rsa_pub_key *pub, const u8 *m, u32 mlen, 163 const u8 *s, u16 slen, u32 modbits, gen_hash_alg_type rsa_hash_type); 164 165 ATTRIBUTE_WARN_UNUSED_RET int rsassa_pss_sign(const rsa_priv_key *priv, const u8 *m, u32 mlen, 166 u8 *s, u16 *slen, u32 modbits, 167 gen_hash_alg_type rsa_hash_type, gen_hash_alg_type mgf_hash_type, 168 u32 saltlen, const u8 *forced_salt); 169 ATTRIBUTE_WARN_UNUSED_RET int rsassa_pss_sign_hardened(const rsa_priv_key *priv, const rsa_pub_key *pub, const u8 *m, u32 mlen, 170 u8 *s, u16 *slen, u32 modbits, 171 gen_hash_alg_type rsa_hash_type, gen_hash_alg_type mgf_hash_type, 172 u32 saltlen, const u8 *forced_salt); 173 ATTRIBUTE_WARN_UNUSED_RET int rsassa_pss_verify(const rsa_pub_key *pub, const u8 *m, u32 mlen, 174 const u8 *s, u16 slen, u32 modbits, 175 gen_hash_alg_type rsa_hash_type, gen_hash_alg_type mgf_hash_type, 176 u32 saltlen); 177 178 ATTRIBUTE_WARN_UNUSED_RET int rsa_iso9796_2_sign_recover(const rsa_priv_key *priv, const u8 *m, u32 mlen, u32 *m1len, 179 u32 *m2len, u8 *s, u16 *slen, 180 u32 modbits, gen_hash_alg_type gen_hash_type); 181 182 ATTRIBUTE_WARN_UNUSED_RET int rsa_iso9796_2_sign_recover_hardened(const rsa_priv_key *priv, const rsa_pub_key *pub, 183 const u8 *m, u32 mlen, u32 *m1len, u32 *m2len, u8 *s, u16 *slen, 184 u32 modbits, gen_hash_alg_type gen_hash_type); 185 ATTRIBUTE_WARN_UNUSED_RET int rsa_iso9796_2_verify_recover(const rsa_pub_key *pub, const u8 *m2, u32 m2len, u8 *m1, u32 *m1len, 186 const u8 *s, u16 slen, u32 modbits, gen_hash_alg_type gen_hash_type); 187 #endif /* __RSA_H__ */ 188