rsa_local.h

/*
 * This file is part of the openHiTLS project.
 *
 * openHiTLS is licensed under the Mulan PSL v2.
 * You can use this software according to the terms and conditions of the Mulan PSL v2.
 * You may obtain a copy of Mulan PSL v2 at:
 *
 *     http://license.coscl.org.cn/MulanPSL2
 *
 * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND,
 * EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT,
 * MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
 * See the Mulan PSL v2 for more details.
 */
 
#ifndef RSA_LOCAL_H
#define RSA_LOCAL_H
 
#include "hitls_build.h"
#ifdef HITLS_CRYPTO_RSA
 
#include "crypt_rsa.h"
#include "crypt_bn.h"
#include "crypt_local_types.h"
#include "crypt_types.h"
#include "sal_atomic.h"
 
#ifdef __cplusplus
extern "C" {
#endif /* __cpluscplus */
 
#define HASH_MAX_MDSIZE  (64)
 
#define PARAMISNULL(a) ((a) == NULL || (a)->value == NULL)
 
typedef struct RSA_BlindSt {
    BN_BigNum *r;
    BN_BigNum *rInv;
} RSA_Blind;
 
typedef struct {
    BN_BigNum *n;     // pub key n needed for no padding
    BN_BigNum *d;     // private key d needed for asn encoding
    BN_BigNum *p;     // prime factor p
    BN_BigNum *q;     // prime factor q
    BN_BigNum *dP;    // exponent dP for CRT
    BN_BigNum *dQ;    // exponent dQ for CRT
    BN_BigNum *qInv;  // CRT coefficient qInv
    BN_BigNum *e;     // public key e
} CRYPT_RSA_PrvKey;
 
typedef struct {
    BN_BigNum *n;  // modulo Value - converted.Not in char
    BN_BigNum *e;  // Exponent Value -converted.Not in char
 
    // Montgomery pre-calculation cache
    BN_Mont *mont;
} CRYPT_RSA_PubKey;
 
#ifdef HITLS_CRYPTO_ACVP_TESTS
typedef struct {
    BN_BigNum *xp;  // main seed for prime p
    BN_BigNum *xp1; // auxiliary seed1 for prime p
    BN_BigNum *xp2; // auxiliary seed2 for prime p
    BN_BigNum *xq;  // main seed for prime q
    BN_BigNum *xq1; // auxiliary seed1 for prime q
    BN_BigNum *xq2; // auxiliary seed2 for prime q
} RSA_FIPS_AUX_PRIME_SEEDS;
 
typedef struct {
    union {
        RSA_FIPS_AUX_PRIME_SEEDS fipsPrimeSeeds;
    } primeSeed;
} RSA_ACVP_TESTS;
#endif
 
struct RSA_Para {
    BN_BigNum *e;  // Exponent Value -converted.Not in char
    uint32_t bits;   // length in bits of modulus
    BN_BigNum *p;     // prime factor p
    BN_BigNum *q;     // prime factor q
#ifdef HITLS_CRYPTO_ACVP_TESTS
    RSA_ACVP_TESTS acvpTests;
#endif
};
 
#ifdef HITLS_CRYPTO_RSA_BSSA
typedef enum {
    RSABSSA = 1, 
} RSA_BlindType;
 
typedef struct {
    RSA_BlindType type; 
    union {
        RSA_Blind *bssa;
    } para;
} RSA_BlindParam;
#endif

typedef enum {
    EMSA_PKCSV15 = 1, 
    EMSA_PSS,          
    RSAES_OAEP,          
    RSAES_PKCSV15,       
    RSA_NO_PAD,
    RSAES_PKCSV15_TLS, /* Specific RSA pkcs1.5 padding verification process
                          to prevent possible Bleichenbacher attacks */
    EMSA_ISO9796_2,    
} RSA_PadType;

typedef struct {
    CRYPT_MD_AlgId mdId; 
} RSA_PkcsV15Para;
 
typedef struct {
    RSA_PadType type; 
    union {
        RSA_PkcsV15Para pkcsv15; 
        RSA_PadingPara pss;         
        RSA_PadingPara iso9796_2; 
        RSA_PadingPara oaep; 
    } para;                            
    CRYPT_Data salt; // Used for the KAT test.
} RSAPad;
 
struct RSA_Ctx {
    CRYPT_RSA_PrvKey *prvKey;
    CRYPT_RSA_PubKey *pubKey;
    CRYPT_RSA_Para *para;
#ifdef HITLS_CRYPTO_RSA_BLINDING
    RSA_Blind *scBlind; // Preventing side channel attacks
#endif
    RSAPad pad;
    uint32_t flags;
    CRYPT_Data label; // Used for oaep padding
    BSL_SAL_RefCount references;
#ifdef HITLS_CRYPTO_RSA_BSSA
    RSA_BlindParam *blindParam;
#endif
    void *libCtx;
    char *mdAttr;
};
 
#define LIBCTX_FROM_RSA_CTX(ctx) ((ctx) == NULL ? NULL : (ctx)->libCtx)
#define MDATTR_FROM_RSA_CTX(ctx) ((ctx) == NULL ? NULL : (ctx)->mdAttr)
 
CRYPT_RSA_PrvKey *RSA_NewPrvKey(uint32_t bits);
CRYPT_RSA_PubKey *RSA_NewPubKey(uint32_t bits);
void RSA_FreePrvKey(CRYPT_RSA_PrvKey *prvKey);
void RSA_FreePubKey(CRYPT_RSA_PubKey *pubKey);
int32_t RSA_CalcPrvKey(const CRYPT_RSA_Para *para, CRYPT_RSA_Ctx *ctx, BN_Optimizer *optimizer);
void ShallowCopyCtx(CRYPT_RSA_Ctx *ctx, CRYPT_RSA_Ctx *newCtx);
CRYPT_RSA_Para *CRYPT_RSA_DupPara(const CRYPT_RSA_Para *para);
#if defined(HITLS_CRYPTO_RSA_EMSA_PKCSV15) || defined(HITLS_CRYPTO_RSA_RECOVER)
int32_t CRYPT_RSA_UnPackPkcsV15Type1(uint8_t *data, uint32_t dataLen, uint8_t *out, uint32_t *outLen);
#endif
 
#ifdef HITLS_CRYPTO_RSA_EMSA_ISO9796_2
int32_t CRYPT_RSA_SetIso9796_2(const uint8_t *mlHash, uint32_t mlHashLen,
    uint8_t *pad, uint32_t padLen);
int32_t CRYPT_RSA_VerifyIso9796_2(const uint8_t *mlHash, uint32_t mlHashLen,
    const uint8_t *pad, uint32_t padLen);
#endif
 
#if defined(HITLS_CRYPTO_RSA_BLINDING) || defined(HITLS_CRYPTO_RSA_BSSA)
RSA_Blind *RSA_BlindNewCtx(void);

void RSA_BlindFreeCtx(RSA_Blind *b);
int32_t RSA_BlindCovert(RSA_Blind *b, BN_BigNum *data, BN_BigNum *n, BN_Optimizer *opt);

int32_t RSA_BlindInvert(RSA_Blind *b, BN_BigNum *data, BN_BigNum *n, BN_Optimizer *opt);
int32_t RSA_BlindCreateParam(void *libCtx, RSA_Blind *b, BN_BigNum *e, BN_BigNum *n, uint32_t bits, BN_Optimizer *opt);
 
int32_t RSA_CreateBlind(RSA_Blind *b, uint32_t bits);
#endif
 
#define RSA_FREE_PRV_KEY(prvKey_)               \
do {                                            \
        RSA_FreePrvKey((prvKey_));              \
        (prvKey_) = NULL;                       \
    } while (0)
 
#define RSA_FREE_PUB_KEY(pubKey_)               \
    do {                                        \
        RSA_FreePubKey((pubKey_));              \
        (pubKey_) = NULL;                       \
    } while (0)
 
#define RSA_FREE_PARA(para_)                    \
    do {                                        \
        CRYPT_RSA_FreePara((para_));            \
        (para_) = NULL;                         \
    } while (0)
 
#ifdef __cplusplus
}
#endif
 
#endif // HITLS_CRYPTO_RSA
 
#endif