• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * This file is part of the openHiTLS project.
3  *
4  * openHiTLS is licensed under the Mulan PSL v2.
5  * You can use this software according to the terms and conditions of the Mulan PSL v2.
6  * You may obtain a copy of Mulan PSL v2 at:
7  *
8  *     http://license.coscl.org.cn/MulanPSL2
9  *
10  * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND,
11  * EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT,
12  * MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
13  * See the Mulan PSL v2 for more details.
14  */
15 
16 #ifndef RSA_LOCAL_H
17 #define RSA_LOCAL_H
18 
19 #include "hitls_build.h"
20 #ifdef HITLS_CRYPTO_RSA
21 
22 #include "crypt_rsa.h"
23 #include "crypt_bn.h"
24 #include "crypt_local_types.h"
25 #include "crypt_types.h"
26 #include "sal_atomic.h"
27 
28 #ifdef __cplusplus
29 extern "C" {
30 #endif /* __cpluscplus */
31 
32 #define HASH_MAX_MDSIZE  (64)
33 
34 #define PARAMISNULL(a) ((a) == NULL || (a)->value == NULL)
35 
36 typedef struct RSA_BlindSt {
37     BN_BigNum *r;
38     BN_BigNum *rInv;
39 } RSA_Blind;
40 
41 typedef struct {
42     BN_BigNum *n;     // pub key n needed for no padding
43     BN_BigNum *d;     // private key d needed for asn encoding
44     BN_BigNum *p;     // prime factor p
45     BN_BigNum *q;     // prime factor q
46     BN_BigNum *dP;    // exponent dP for CRT
47     BN_BigNum *dQ;    // exponent dQ for CRT
48     BN_BigNum *qInv;  // CRT coefficient qInv
49     BN_BigNum *e;     // public key e
50 } CRYPT_RSA_PrvKey;
51 
52 typedef struct {
53     BN_BigNum *n;  // modulo Value - converted.Not in char
54     BN_BigNum *e;  // Exponent Value -converted.Not in char
55 
56     // Montgomery pre-calculation cache
57     BN_Mont *mont;
58 } CRYPT_RSA_PubKey;
59 
60 struct RSA_Para {
61     BN_BigNum *e;  // Exponent Value -converted.Not in char
62     uint32_t bits;   // length in bits of modulus
63     BN_BigNum *p;     // prime factor p
64     BN_BigNum *q;     // prime factor q
65 };
66 
67 #ifdef HITLS_CRYPTO_RSA_BSSA
68 typedef enum {
69     RSABSSA = 1, /**< RSA Blind Signature with Appendix, ref RFC9474 */
70 } RSA_BlindType;
71 
72 typedef struct {
73     RSA_BlindType type; /**< padding id */
74     union {
75         RSA_Blind *bssa;
76     } para;
77 } RSA_BlindParam;
78 #endif
79 
80 /**
81  * @ingroup crypt_eal_pkey
82  *
83  * (For internal use)Set the padding mode of the RSA. The value 0 indicates that the padding mode is not set.
84  */
85 typedef enum {
86     EMSA_PKCSV15 = 1, /**< PKCS1-v1_5 complies with RFC8017 */
87     EMSA_PSS,          /**< PSS complies with RFC8017 */
88     RSAES_OAEP,          /**< OAEP complies with RFC8017 */
89     RSAES_PKCSV15,       /**< RSAES_PKCSV15 complies with RFC8017 */
90     RSA_NO_PAD,
91     RSAES_PKCSV15_TLS, /* Specific RSA pkcs1.5 padding verification process
92                           to prevent possible Bleichenbacher attacks */
93 } RSA_PadType;
94 
95 /**
96  * @ingroup crypt_types
97  *
98  * Pkcsv15 padding mode, when RSA is used for signature.
99  */
100 typedef struct {
101     CRYPT_MD_AlgId mdId; /**< ID of the hash algorithm during pkcsv15 padding */
102 } RSA_PkcsV15Para;
103 
104 typedef struct {
105     RSA_PadType type; /**< padding id */
106     union {
107         RSA_PkcsV15Para pkcsv15; /**< pkcsv15 padding mode */
108         RSA_PadingPara pss;         /**< pss padding mode */
109         RSA_PadingPara oaep; /**< oaep padding mode */
110     } para;                            /**< padding mode combination, including pss and pkcsv15 */
111     CRYPT_Data salt; // Used for the KAT test.
112 } RSAPad;
113 
114 struct RSA_Ctx {
115     CRYPT_RSA_PrvKey *prvKey;
116     CRYPT_RSA_PubKey *pubKey;
117     CRYPT_RSA_Para *para;
118 #ifdef HITLS_CRYPTO_RSA_BLINDING
119     RSA_Blind *scBlind; // Preventing side channel attacks
120 #endif
121     RSAPad pad;
122     uint32_t flags;
123     CRYPT_Data label; // Used for oaep padding
124     BSL_SAL_RefCount references;
125 #ifdef HITLS_CRYPTO_RSA_BSSA
126     RSA_BlindParam *blindParam;
127 #endif
128     void *libCtx;
129 };
130 
131 CRYPT_RSA_PrvKey *RSA_NewPrvKey(uint32_t bits);
132 CRYPT_RSA_PubKey *RSA_NewPubKey(uint32_t bits);
133 void RSA_FreePrvKey(CRYPT_RSA_PrvKey *prvKey);
134 void RSA_FreePubKey(CRYPT_RSA_PubKey *pubKey);
135 int32_t RSA_CalcPrvKey(const CRYPT_RSA_Para *para, CRYPT_RSA_Ctx *ctx, BN_Optimizer *optimizer);
136 int32_t GenPssSalt(void *libCtx, CRYPT_Data *salt, const EAL_MdMethod *mdMethod, int32_t saltLen, uint32_t padBuffLen);
137 void ShallowCopyCtx(CRYPT_RSA_Ctx *ctx, CRYPT_RSA_Ctx *newCtx);
138 CRYPT_RSA_Para *CRYPT_RSA_DupPara(const CRYPT_RSA_Para *para);
139 #ifdef HITLS_CRYPTO_RSA_EMSA_PKCSV15
140 int32_t CRYPT_RSA_UnPackPkcsV15Type1(uint8_t *data, uint32_t dataLen, uint8_t *out, uint32_t *outLen);
141 #endif
142 
143 #if defined(HITLS_CRYPTO_RSA_BLINDING) || defined(HITLS_CRYPTO_RSA_BSSA)
144 /**
145  * @ingroup rsa
146  * @brief   Create a blinding handle.
147  *
148  * @retval  Return the blinding handle.
149  */
150 RSA_Blind *RSA_BlindNewCtx(void);
151 
152 /**
153  * @ingroup rsa
154  * @brief   Release the blinding handle.
155  *
156  * @param   b [IN] blinding Handle. b is set NULL by the invoker.
157  *
158  * @retval  none
159  */
160 void RSA_BlindFreeCtx(RSA_Blind *b);
161 /**
162  * @ingroup rsa
163  * @brief Multiply n by blinding factor A
164  *
165  * @param b [IN] Blinding Handle
166  * @param data [IN] Input data
167  * @param n [IN] n in the public key (n, e)
168  * @param opt [IN] BigNum optimizer
169  *
170  * @retval Return the error code.
171  */
172 int32_t RSA_BlindCovert(RSA_Blind *b, BN_BigNum *data, BN_BigNum *n, BN_Optimizer *opt);
173 
174 /**
175  * @ingroup rsa
176  * @brief Multiply n by the reverse blinding factor Ai
177  *
178  * @param b [IN] Blinding Handle
179  * @param data [IN] Input data
180  * @param n [IN] n in the public key (n, e)
181  * @param opt [IN] BigNum optimizer
182  *
183  * @retval Return the error code.
184  */
185 int32_t RSA_BlindInvert(RSA_Blind *b, BN_BigNum *data, BN_BigNum *n, BN_Optimizer *opt);
186 /**
187  * @ingroup rsa
188  * @brief Create a new Blind parameter with the parameters e and m,
189  * e in the public key (n, e), n in the public key (n, e)
190  *
191  * @param libCtx [IN] libctx
192  * @param b [IN] Blinding Handle
193  * @param e [IN] e in the public key (n, e)
194  * @param n [IN] n in the public key (n, e)
195  * @param bits [IN] bits of n
196  *
197  * @retval Return the error code.
198  */
199 int32_t RSA_BlindCreateParam(void *libCtx, RSA_Blind *b, BN_BigNum *e, BN_BigNum *n, uint32_t bits, BN_Optimizer *opt);
200 
201 int32_t RSA_CreateBlind(RSA_Blind *b, uint32_t bits);
202 #endif
203 
204 #define RSA_FREE_PRV_KEY(prvKey_)               \
205 do {                                            \
206         RSA_FreePrvKey((prvKey_));              \
207         (prvKey_) = NULL;                       \
208     } while (0)
209 
210 #define RSA_FREE_PUB_KEY(pubKey_)               \
211     do {                                        \
212         RSA_FreePubKey((pubKey_));              \
213         (pubKey_) = NULL;                       \
214     } while (0)
215 
216 #define RSA_FREE_PARA(para_)                    \
217     do {                                        \
218         CRYPT_RSA_FreePara((para_));            \
219         (para_) = NULL;                         \
220     } while (0)
221 
222 #ifdef __cplusplus
223 }
224 #endif
225 
226 #endif // HITLS_CRYPTO_RSA
227 
228 #endif