occ_rsa.h 12 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312
  1. /**
  2. * Copyright (c) 2016 - 2019, Nordic Semiconductor ASA
  3. *
  4. * All rights reserved.
  5. *
  6. * Redistribution and use in source and binary forms, with or without modification,
  7. * are permitted provided that the following conditions are met:
  8. *
  9. * 1. Redistributions of source code must retain the above copyright notice, this
  10. * list of conditions and the following disclaimer.
  11. *
  12. * 2. Redistributions in binary form, except as embedded into a Nordic
  13. * Semiconductor ASA integrated circuit in a product or a software update for
  14. * such product, must reproduce the above copyright notice, this list of
  15. * conditions and the following disclaimer in the documentation and/or other
  16. * materials provided with the distribution.
  17. *
  18. * 3. Neither the name of Nordic Semiconductor ASA nor the names of its
  19. * contributors may be used to endorse or promote products derived from this
  20. * software without specific prior written permission.
  21. *
  22. * 4. This software, with or without modification, must only be used with a
  23. * Nordic Semiconductor ASA integrated circuit.
  24. *
  25. * 5. Any software provided in binary form under this license must not be reverse
  26. * engineered, decompiled, modified and/or disassembled.
  27. *
  28. * THIS SOFTWARE IS PROVIDED BY NORDIC SEMICONDUCTOR ASA "AS IS" AND ANY EXPRESS
  29. * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
  30. * OF MERCHANTABILITY, NONINFRINGEMENT, AND FITNESS FOR A PARTICULAR PURPOSE ARE
  31. * DISCLAIMED. IN NO EVENT SHALL NORDIC SEMICONDUCTOR ASA OR CONTRIBUTORS BE
  32. * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
  33. * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
  34. * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  35. * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  36. * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
  37. * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  38. *
  39. */
  40. /**@file
  41. * RSA is a number theoretic public-key encryption and signature algorithm.
  42. *
  43. * These functions support RSA encrytion and signatures with 1024 and 2048 bit
  44. * modulo and PKCS1 V1.5 padding.
  45. */
  46. #ifndef OCC_RSA_H
  47. #define OCC_RSA_H
  48. #include <stdint.h>
  49. #include "occ_rsa_key.h"
  50. /**@name 1024 Bit RSA Functions.
  51. *
  52. * This group of functions is used for 1024 bit RSA.
  53. */
  54. /**@{*/
  55. /**
  56. * 1024 bit RSA PKCS1 V1.5 encryption.
  57. *
  58. * The message @p m is encryted to a ciphertext returned in @p c.
  59. *
  60. * @param[out] c The generated 128 byte cyphertext.
  61. * @param m,mlen The message to be encrypted. 0 <= mlen <= 117.
  62. * @param seed,slen The random sedd to be used for the padding. slen >= 125 - mlen.
  63. * @param pk A valid 1024 bit RSA public key.
  64. *
  65. * @returns -1 If the message is too long (mlen > 117).
  66. * @returns -2 If the seed is too short (slen < 125 - mlen).
  67. * @returns 0 Otherwise.
  68. *
  69. * @remark The key @p pk should be initialized with @c occ_rsa1024_init_pub_key.
  70. * @remark The @p seed should consist of non-zero random bytes.
  71. * @remark @p c and @p m can point to the same address.
  72. */
  73. int occ_rsa1024_pkcs1_v15_encrypt(uint8_t c[128], const uint8_t *m, int mlen, const uint8_t *seed, int slen, const occ_rsa1024_pub_key *pk);
  74. /**
  75. * 1024 bit RSA PKCS1 V1.5 decryption.
  76. *
  77. * The ciphertext @p c is decryted to the message returned in @p m.
  78. *
  79. * @param[out] m,mlen The decypted message. The buffer must be long enough to hold the meaasge.
  80. * @param c The 128 byte cyphertext to decrypt.
  81. * @param k A valid 1024 bit RSA secret key.
  82. * @returns -1 If decrytion failed.
  83. * @returns -2 If the output buffer is too short (mlen < length of message).
  84. * @returns n If a message of length n was successfully decrypted.
  85. *
  86. * @remark The key @p k should be initialized with @c occ_rsa1024_init_key.
  87. * @remark @p m and @p c can point to the same address.
  88. */
  89. int occ_rsa1024_pkcs1_v15_decrypt(uint8_t *m, int mlen, const uint8_t c[128], const occ_rsa1024_key *k);
  90. /**
  91. * 1024 bit RSA PKCS1 V1.5 decryption with CRT acceleration.
  92. *
  93. * The ciphertext @p c is decryted to the message returned in @p m.
  94. *
  95. * @param[out] m,mlen The decypted message. The buffer must be long enough to hold the meaasge.
  96. * @param c The 128 byte cyphertext to decrypt.
  97. * @param k A valid 1024 bit RSA secret key with CRT coefficients.
  98. * @returns -1 If decrytion failed.
  99. * @returns -2 If the output buffer is too short (mlen < length of message).
  100. * @returns n If a message of length n was successfully decrypted.
  101. *
  102. * @remark The key @p k should be initialized with @c occ_rsa1024_init_crt_key.
  103. * @remark @p m and @p c can point to the same address.
  104. */
  105. int occ_rsa1024_pkcs1_v15_crt_decrypt(uint8_t *m, int mlen, const uint8_t c[128], const occ_rsa1024_crt_key *k);
  106. /**
  107. * 1024 bit RSA PKCS1 V1.5 SHA-256 sign.
  108. *
  109. * The message @p m is signed and the signature returned in @p s.
  110. *
  111. * @param[out] s The generated 128 byte signature.
  112. * @param m,mlen The message to be signed.
  113. * @param k A valid 1024 bit RSA secret key.
  114. * @returns 0
  115. *
  116. * @remark The key @p k should be initialized with @c occ_rsa1024_init_key.
  117. * @remark @p s and @p m can point to the same address.
  118. */
  119. int occ_rsa1024_pkcs1_v15_sha256_sign(uint8_t s[128], const uint8_t *m, int mlen, const occ_rsa1024_key *k);
  120. /**
  121. * 1024 bit RSA PKCS1 V1.5 SHA-256 sign with CRT acceleration.
  122. *
  123. * The message @p m is signed and the signature returned in @p s.
  124. *
  125. * @param[out] s The generated 128 byte signature.
  126. * @param m,mlen The message to be signed.
  127. * @param k A valid 1024 bit RSA secret key with CRT coefficients.
  128. * @returns 0
  129. *
  130. * @remark The key @p k should be initialized with @c occ_rsa1024_init_crt_key.
  131. * @remark @p s and @p m can point to the same address.
  132. */
  133. int occ_rsa1024_pkcs1_v15_sha256_crt_sign(uint8_t s[128], const uint8_t *m, int mlen, const occ_rsa1024_crt_key *k);
  134. /**
  135. * 1024 bit RSA PKCS1 V1.5 SHA-256 signature verify.
  136. *
  137. * The signature @p s is verified for a correct signature of message @p m.
  138. *
  139. * @param s The 128 byte signature.
  140. * @param m,mlen The signed message.
  141. * @param pk A valid 1024 bit RSA public key.
  142. *
  143. * @returns 0 If the signature is successfully verified.
  144. * @returns -1 If verification failed.
  145. *
  146. * @remark The key @p pk should be initialized with @c occ_rsa1024_init_pub_key.
  147. */
  148. int occ_rsa1024_pkcs1_v15_sha256_verify(const uint8_t s[128], const uint8_t *m, int mlen, const occ_rsa1024_pub_key *pk);
  149. /**
  150. * 1024 bit RSA PKCS1 V1.5 SHA-256 signature verify.
  151. *
  152. * The signature @p s is verified for a correct signature of message @p m.
  153. *
  154. * @param s The 128 byte signature.
  155. * @param m,mlen The signed message.
  156. * @param pk A valid 1024 bit RSA public key.
  157. *
  158. * @returns 0 If the signature is successfully verified.
  159. * @returns -1 If verification failed.
  160. *
  161. * @remark The key @p pk should be initialized with @c occ_rsa1024_init_pub_key.
  162. */
  163. int occ_rsa1024_pkcs1_v15_sha256_verify_hash(const uint8_t s[128], const uint8_t digest[32], const occ_rsa1024_pub_key *pk);
  164. /**@}*/
  165. /**@name 2048 Bit RSA Functions.
  166. *
  167. * This group of functions is used for 2048 bit RSA.
  168. */
  169. /**@{*/
  170. /**
  171. * 2048 bit RSA PKCS1 V1.5 encryption.
  172. *
  173. * The message @p m is encryted to a ciphertext returned in @p c.
  174. *
  175. * @param[out] c The generated 256 byte cyphertext.
  176. * @param m,mlen The message to be encrypted. 0 <= mlen <= 245.
  177. * @param seed,slen The random sedd to be used for the padding. slen >= 253 - mlen.
  178. * @param pk A valid 2048 bit RSA public key.
  179. *
  180. * @returns -1 If the message is too long (mlen > 245).
  181. * @returns -2 If the seed is too short (slen < 253 - mlen).
  182. * @returns 0 Otherwise.
  183. *
  184. * @remark The key @p pk should be initialized with @c occ_rsa2048_init_pub_key.
  185. * @remark The @p seed should consist of non-zero random bytes.
  186. * @remark @p c and @p m can point to the same address.
  187. */
  188. int occ_rsa2048_pkcs1_v15_encrypt(uint8_t c[256], const uint8_t *m, int mlen, const uint8_t *seed, int slen, const occ_rsa2048_pub_key *pk);
  189. /**
  190. * 2048 bit RSA PKCS1 V1.5 decryption.
  191. *
  192. * The ciphertext @p c is decryted to the message returned in @p m.
  193. *
  194. * @param[out] m,mlen The decypted message. The buffer must be long enough to hold the meaasge.
  195. * @param c The 256 byte cyphertext to decrypt.
  196. * @param k A valid 2048 bit RSA secret key.
  197. * @returns -1 If decrytion failed.
  198. * @returns -2 If the output buffer is too short (mlen < length of message).
  199. * @returns n If a message of length n was successfully decrypted.
  200. *
  201. * @remark The key @p k should be initialized with @c occ_rsa2048_init_key.
  202. * @remark @p m and @p c can point to the same address.
  203. */
  204. int occ_rsa2048_pkcs1_v15_decrypt(uint8_t *m, int mlen, const uint8_t c[256], const occ_rsa2048_key *k);
  205. /**
  206. * 2048 bit RSA PKCS1 V1.5 decryption with CRT acceleration.
  207. *
  208. * The ciphertext @p c is decryted to the message returned in @p m.
  209. *
  210. * @param[out] m,mlen The decypted message. The buffer must be long enough to hold the meaasge.
  211. * @param c The 256 byte cyphertext to decrypt.
  212. * @param k A valid 2048 bit RSA secret key with CRT coefficients.
  213. * @returns -1 If decrytion failed.
  214. * @returns -2 If the output buffer is too short (mlen < length of message).
  215. * @returns n If a message of length n was successfully decrypted.
  216. *
  217. * @remark The key @p k should be initialized with @c occ_rsa2048_init_crt_key.
  218. * @remark @p m and @p c can point to the same address.
  219. */
  220. int occ_rsa2048_pkcs1_v15_crt_decrypt(uint8_t *m, int mlen, const uint8_t c[256], const occ_rsa2048_crt_key *k);
  221. /**
  222. * 2048 bit RSA PKCS1 V1.5 SHA-256 sign.
  223. *
  224. * The message @p m is signed and the signature returned in @p s.
  225. *
  226. * @param[out] s The generated 256 byte signature.
  227. * @param m,mlen The message to be signed.
  228. * @param k A valid 2048 bit RSA secret key.
  229. * @returns 0
  230. *
  231. * @remark The key @p k should be initialized with @c occ_rsa2048_init_key.
  232. * @remark @p s and @p m can point to the same address.
  233. */
  234. int occ_rsa2048_pkcs1_v15_sha256_sign(uint8_t s[256], const uint8_t *m, int mlen, const occ_rsa2048_key *k);
  235. /**
  236. * 2048 bit RSA PKCS1 V1.5 SHA-256 sign with CRT acceleration.
  237. *
  238. * The message @p m is signed and the signature returned in @p s.
  239. *
  240. * @param[out] s The generated 256 byte signature.
  241. * @param m,mlen The message to be signed.
  242. * @param k A valid 2048 bit RSA secret key with CRT coefficients.
  243. * @returns 0
  244. *
  245. * @remark The key @p k should be initialized with @c occ_rsa2048_init_crt_key.
  246. * @remark @p s and @p m can point to the same address.
  247. */
  248. int occ_rsa2048_pkcs1_v15_sha256_crt_sign(uint8_t s[256], const uint8_t *m, int mlen, const occ_rsa2048_crt_key *k);
  249. /**
  250. * 2048 bit RSA PKCS1 V1.5 SHA-256 signature verify.
  251. *
  252. * The signature @p s is verified for a correct signature of message @p m.
  253. *
  254. * @param s The 256 byte signature.
  255. * @param m,mlen The signed message.
  256. * @param pk A valid 2048 bit RSA public key.
  257. *
  258. * @returns 0 If the signature is successfully verified.
  259. * @returns -1 If verification failed.
  260. *
  261. * @remark The key @p pk should be initialized with @c occ_rsa2048_init_pub_key.
  262. */
  263. int occ_rsa2048_pkcs1_v15_sha256_verify(const uint8_t s[256], const uint8_t *m, int mlen, const occ_rsa2048_pub_key *pk);
  264. /**
  265. * 2048 bit RSA PKCS1 V1.5 SHA-256 signature verify.
  266. *
  267. * The signature @p s is verified for a correct signature of message @p m.
  268. *
  269. * @param s The 256 byte signature.
  270. * @param m,mlen The signed message.
  271. * @param pk A valid 2048 bit RSA public key.
  272. *
  273. * @returns 0 If the signature is successfully verified.
  274. * @returns -1 If verification failed.
  275. *
  276. * @remark The key @p pk should be initialized with @c occ_rsa2048_init_pub_key.
  277. */
  278. int occ_rsa2048_pkcs1_v15_sha256_verify_hash(const uint8_t s[256], const uint8_t digest[32], const occ_rsa2048_pub_key *pk);
  279. /**@}*/
  280. #endif