crys_rsa_schemes.h 34 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521
  1. /**************************************************************************************
  2. * Copyright (c) 2016-2017, ARM Limited or its affiliates. All rights reserved *
  3. * *
  4. * This file and the related binary are licensed under the following license: *
  5. * *
  6. * ARM Object Code and Header Files License, v1.0 Redistribution. *
  7. * *
  8. * Redistribution and use of object code, header files, and documentation, without *
  9. * modification, are permitted provided that the following conditions are met: *
  10. * *
  11. * 1) Redistributions must reproduce the above copyright notice and the *
  12. * following disclaimer in the documentation and/or other materials *
  13. * provided with the distribution. *
  14. * *
  15. * 2) Unless to the extent explicitly permitted by law, no reverse *
  16. * engineering, decompilation, or disassembly of is permitted. *
  17. * *
  18. * 3) Redistribution and use is permitted solely for the purpose of *
  19. * developing or executing applications that are targeted for use *
  20. * on an ARM-based product. *
  21. * *
  22. * DISCLAIMER. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND *
  23. * CONTRIBUTORS "AS IS." ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT *
  24. * NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT, *
  25. * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE *
  26. * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, *
  27. * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED *
  28. * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR *
  29. * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF *
  30. * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING *
  31. * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS *
  32. * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. *
  33. **************************************************************************************/
  34. #ifndef CRYS_RSA_SCHEMES_H
  35. #define CRYS_RSA_SCHEMES_H
  36. #include "crys_error.h"
  37. #include "crys_rsa_types.h"
  38. #include "crys_rnd.h"
  39. #ifdef __cplusplus
  40. extern "C"
  41. {
  42. #endif
  43. /*!
  44. @file
  45. @brief This module defines APIs that support [PKCS1_1.5] and [PKCS1_2.1] encryption and signature schemes.
  46. @defgroup crys_rsa_schemes CryptoCell RSA encryption and signature schemes
  47. @{
  48. @ingroup crys_rsa
  49. */
  50. /**********************************************************************************************************/
  51. /*!
  52. @brief This function implements the Encrypt algorithm, as defined in [PKCS1_2.1] and [PKCS1_1.5].
  53. It should not be called directly. Instead, use macros ::CRYS_RSA_OAEP_Encrypt or ::CRYS_RSA_PKCS1v15_Encrypt.
  54. @return CRYS_OK on success.
  55. @return A non-zero value from crys_rsa_error.h, crys_rnd_error.h or crys_hash_error.h on failure.
  56. */
  57. CIMPORT_C CRYSError_t SaSi_RsaSchemesEncrypt(
  58. void *rndState_ptr, /*!< [in/out] Pointer to the RND state structure. */
  59. SaSiRndGenerateVectWorkFunc_t rndGenerateVectFunc, /*!< [in] Pointer to the random vector generation function. */
  60. CRYS_RSAUserPubKey_t *UserPubKey_ptr, /*!< [in] Pointer to the public key data structure. */
  61. CRYS_RSAPrimeData_t *PrimeData_ptr, /*!< [in] Pointer to a temporary structure that is internally used as workspace for the
  62. Encryption operation. */
  63. CRYS_RSA_HASH_OpMode_t hashFunc, /*!< [in] The HASH function to be used. One of the supported SHA-x HASH modes, as defined
  64. in ::CRYS_RSA_HASH_OpMode_t (MD5 is not supported).*/
  65. uint8_t *L, /*!< [in] The label input pointer. Relevant for [PKCS1_2.1] only. NULL by default.
  66. NULL for [PKCS1_1.5]. */
  67. uint16_t Llen, /*!< [in] The label length. Relevant for [PKCS1_2.1] only. Zero by default.
  68. Must be <=2048. Zero for [PKCS1_1.5]. */
  69. CRYS_PKCS1_MGF_t MGF, /*!< [in] The mask generation function. [PKCS1_2.1] defines MGF1, so the only value
  70. allowed here is CRYS_PKCS1_MGF1. */
  71. uint8_t *DataIn_ptr, /*!< [in] Pointer to the data to encrypt. */
  72. uint16_t DataInSize, /*!< [in] The size (in bytes) of the data to encrypt. The data size must be:
  73. - For [PKCS1_2.1], DataSize <= modulus size - 2*HashLen - 2.
  74. - For [PKCS1_1.5], DataSize <= modulus size - 11. */
  75. uint8_t *Output_ptr, /*!< [out] Pointer to the encrypted data. The buffer must be at least modulus size bytes long. */
  76. CRYS_PKCS1_version PKCS1_ver /*!< [in] [PKCS1_1.5] or [PKCS1_2.1], according to the functionality required. */
  77. );
  78. /*!
  79. @brief
  80. CRYS_RSA_OAEP_PSS21_Encrypt implements the RSAES-OAEP algorithm
  81. as defined in PKCS#1 v2.1 8.1.
  82. \note It is not recommended to use hash MD5 in OAEP PKCS1 ver 2.1, therefore
  83. it is not supported.
  84. This function combines the RSA encryption primitive and the
  85. EME-OAEP encoding method, to provide an RSA-based encryption
  86. method that is semantically secure against adaptive
  87. chosen-ciphertext attacks. For additional details, please refer to
  88. the PKCS#1 standard.
  89. */
  90. #define CRYS_RSA_OAEP_Encrypt(rndState_ptr, rndGenerateVectFunc, UserPubKey_ptr,PrimeData_ptr,HashMode,L,Llen,MGF,Data_ptr,DataSize,Output_ptr)\
  91. SaSi_RsaSchemesEncrypt(rndState_ptr, rndGenerateVectFunc, UserPubKey_ptr,PrimeData_ptr,HashMode,L,Llen,MGF,Data_ptr,DataSize,Output_ptr,CRYS_PKCS1_VER21)
  92. /*!
  93. @brief
  94. CRYS_RSA_PKCS1v15_Encrypt implements the RSAES-PKCS1v15 algorithm
  95. as defined in PKCS#1 v2.1 8.2.
  96. */
  97. #define CRYS_RSA_PKCS1v15_Encrypt(rndState_ptr, rndGenerateVectFunc, UserPubKey_ptr,PrimeData_ptr,DataIn_ptr,DataInSize,Output_ptr)\
  98. SaSi_RsaSchemesEncrypt(rndState_ptr, rndGenerateVectFunc, UserPubKey_ptr,PrimeData_ptr,CRYS_RSA_HASH_NO_HASH_mode,NULL,0,CRYS_PKCS1_NO_MGF,DataIn_ptr, \
  99. DataInSize, Output_ptr,CRYS_PKCS1_VER15)
  100. /**********************************************************************************************************/
  101. /*!
  102. @brief This function implements the Decrypt algorithm, as defined in [PKCS1_2.1] and [PKCS1_1.5].
  103. It should not be called directly. Instead, use macros ::CRYS_RSA_OAEP_Decrypt or ::CRYS_RSA_PKCS1v15_Decrypt.
  104. @return CRYS_OK on success.
  105. @return A non-zero value from crys_rsa_error.h or crys_hash_error.h on failure.
  106. */
  107. CIMPORT_C CRYSError_t SaSi_RsaSchemesDecrypt(
  108. CRYS_RSAUserPrivKey_t *UserPrivKey_ptr, /*!< [in] Pointer to the private key data structure of the user. */
  109. CRYS_RSAPrimeData_t *PrimeData_ptr, /*!< [in] Pointer to a temporary structure that is internally used as workspace
  110. for the decryption operation. */
  111. CRYS_RSA_HASH_OpMode_t hashFunc, /*!< [in] The HASH function to be used. One of the supported SHA-x HASH modes,
  112. as defined in ::CRYS_RSA_HASH_OpMode_t (MD5 is not supported). */
  113. uint8_t *L, /*!< [in] The label input pointer. Relevant for [PKCS1_2.1] only. NULL by default.
  114. NULL for [PKCS1_1.5]. */
  115. uint16_t Llen, /*!< [in] The label length. Relevant for [PKCS1_2.1] only. Zero by default.
  116. Zero for [PKCS1_1.5]. */
  117. CRYS_PKCS1_MGF_t MGF, /*!< [in] The mask generation function. [PKCS1_2.1] defines MGF1, so the only
  118. value allowed here is CRYS_PKCS1_MGF1. */
  119. uint8_t *DataIn_ptr, /*!< [in] Pointer to the data to decrypt. */
  120. uint16_t DataInSize, /*!< [in] The size (in bytes) of the data to decrypt. DataSize must be &le;
  121. the modulus size. */
  122. uint8_t *Output_ptr, /*!< [in] Pointer to the decrypted data. The buffer must be at least
  123. PrivKey_ptr->N.len bytes long (i.e. the modulus size in bytes). */
  124. uint16_t *OutputSize_ptr, /*!< [in] Pointer to the byte size of the buffer pointed to by Output_buffer.
  125. The size must be:
  126. <ul><li> For PKCS #1 v2.1: Modulus size > OutputSize >=
  127. (modulus size - 2*HashLen - 2).</li>
  128. <li> For PKCS #1 v1.5: Modulus size > OutputSize >= (modulus size - 11).
  129. The value pointed by OutputSize_ptr is updated after decryption with
  130. the actual number of bytes that are loaded to Output_ptr.</li></ul> */
  131. CRYS_PKCS1_version PKCS1_ver /*!< [in] [PKCS1_1.5] or [PKCS1_2.1], according to the functionality required. */
  132. );
  133. /**********************************************************************************************************/
  134. /**
  135. @brief
  136. CRYS_RSA_OAEP_Decrypt implements the RSAES-OAEP algorithm
  137. as defined in PKCS#1 v2.1 8.1.
  138. \note It is not recommended to use hash MD5 in OAEP PKCS1 ver 2.1, therefore
  139. it is not supported.
  140. This function combines the RSA decryption primitive and the
  141. EME-OAEP encoding method, to provide an RSA-based decryption
  142. method that is semantically secure against adaptive
  143. chosen-ciphertext attacks. For more details, please refer to
  144. the PKCS#1 standard.
  145. */
  146. #define CRYS_RSA_OAEP_Decrypt(UserPrivKey_ptr,PrimeData_ptr,HashMode,L,Llen,MGF,Data_ptr,DataSize,Output_ptr,OutputSize_ptr)\
  147. SaSi_RsaSchemesDecrypt(UserPrivKey_ptr,PrimeData_ptr,HashMode,L,Llen,MGF,Data_ptr,DataSize,Output_ptr,OutputSize_ptr,CRYS_PKCS1_VER21)
  148. /**
  149. @brief
  150. CRYS_RSA_PKCS1v15_Decrypt implements the RSAES-PKCS1v15 algorithm as defined
  151. in PKCS#1 v2.1 8.2.
  152. */
  153. #define CRYS_RSA_PKCS1v15_Decrypt(UserPrivKey_ptr,PrimeData_ptr,DataIn_ptr,DataInSize,Output_ptr,OutputSize_ptr)\
  154. SaSi_RsaSchemesDecrypt(UserPrivKey_ptr,PrimeData_ptr,CRYS_RSA_HASH_NO_HASH_mode,NULL,0,CRYS_PKCS1_NO_MGF,DataIn_ptr,DataInSize,Output_ptr,OutputSize_ptr,CRYS_PKCS1_VER15)
  155. /**********************************************************************************************************/
  156. /*!
  157. @brief Implements the Signing algorithm, as defined in [PKCS1_1.5] or [PKCS1_2.1], using a single function.
  158. The input data may be either a non-hashed data or a digest of a hash function.
  159. For a non-hashed data, the input data will be hashed using the hash function indicated by ::CRYS_RSA_HASH_OpMode_t.
  160. For a digest, ::CRYS_RSA_HASH_OpMode_t should indicate the hash function that the input data was created by, and it will not be hashed.
  161. @return CRYS_OK on success.
  162. @return A non-zero value from crys_rsa_error.h, crys_rnd_error.h or crys_hash_error.h on failure.
  163. */
  164. CIMPORT_C CRYSError_t SaSi_RsaSign(
  165. void *rndState_ptr, /*!< [in/out] Pointer to the RND state. */
  166. SaSiRndGenerateVectWorkFunc_t rndGenerateVectFunc, /*!< [in/out] Pointer to the RND Generate vector function pointer. */
  167. CRYS_RSAPrivUserContext_t *UserContext_ptr, /*!< [in] Pointer to a temporary context for internal use. */
  168. CRYS_RSAUserPrivKey_t *UserPrivKey_ptr, /*!< [in] Pointer to the private key data structure of the user.
  169. The representation (pair or quintuple) and hence the algorithm (CRT or not CRT)
  170. is determined by the Private Key build function -
  171. ::CRYS_RSA_Build_PrivKey or ::CRYS_RSA_Build_PrivKeyCRT. */
  172. CRYS_RSA_HASH_OpMode_t rsaHashMode, /*!< [in] One of the supported SHA-x HASH modes, as defined in ::CRYS_RSA_HASH_OpMode_t.
  173. (MD5 is not supported). */
  174. CRYS_PKCS1_MGF_t MGF, /*!< [in] The mask generation function. [PKCS1_2.1] defines only MGF1, so the only value
  175. allowed for [PKCS1_2.1] is CRYS_PKCS1_MGF1. */
  176. uint16_t SaltLen, /*!< [in] The Length of the Salt buffer (relevant for PKCS#1 Ver 2.1 only, typically lengths is 0 or hash Len).
  177. FIPS 186-4 requires, that SaltLen <= hash len. If SaltLen > KeySize - hash Len - 2, the function
  178. returns an error. */
  179. uint8_t *DataIn_ptr, /*!< [in] Pointer to the input data to be signed.
  180. The size of the scatter/gather list representing the data buffer is limited to 128
  181. entries, and the size of each entry is limited to 64KB (fragments larger than
  182. 64KB are broken into fragments <= 64KB). */
  183. uint32_t DataInSize, /*!< [in] The size (in bytes) of the data to sign. */
  184. uint8_t *Output_ptr, /*!< [out] Pointer to the signature. The buffer must be at least PrivKey_ptr->N.len bytes
  185. long (i.e. the modulus size in bytes). */
  186. uint16_t *OutputSize_ptr, /*!< [in/out] Pointer to the signature size value - the input value is the signature
  187. buffer size allocated, the output value is the signature size used.
  188. he buffer must be equal to PrivKey_ptr->N.len bytes long
  189. (i.e. the modulus size in bytes). */
  190. CRYS_PKCS1_version PKCS1_ver /*!< [in] [PKCS1_1.5] or [PKCS1_2.1], according to the functionality required. */
  191. );
  192. /*!
  193. @brief CRYS_RSA_PKCS1v15_Sign implements the RSASSA-PKCS1v15 algorithm as defined in PKCS#1 v1.5.
  194. This function combines the RSASP1 signature primitive and the EMSA-PKCS1v15 encoding method, to provide an RSA-based signature scheme.
  195. For more details, please refer to the PKCS#1 standard.
  196. */
  197. #define CRYS_RSA_PKCS1v15_Sign(rndState_ptr, rndGenerateVectFunc, UserContext_ptr,UserPrivKey_ptr,hashFunc,DataIn_ptr,DataInSize,Output_ptr,OutputSize_ptr)\
  198. SaSi_RsaSign(rndState_ptr, rndGenerateVectFunc, (UserContext_ptr),(UserPrivKey_ptr),(hashFunc),(CRYS_PKCS1_NO_MGF),0,(DataIn_ptr),(DataInSize),(Output_ptr),(OutputSize_ptr),CRYS_PKCS1_VER15)
  199. /*!
  200. @brief CRYS_RSA_PKCS1v15_SHA1_Sign implements the RSASSA-PKCS1v15 algorithm as defined in PKCS#1 v1.5, but without performing a HASH function -
  201. it assumes that the data in has already been hashed using SHA-1.
  202. \note The data_in size is already known after the Hash.
  203. */
  204. #define CRYS_RSA_PKCS1v15_SHA1_Sign(rndState_ptr, rndGenerateVectFunc, UserContext_ptr,UserPrivKey_ptr,DataIn_ptr,Output_ptr,OutputSize_ptr)\
  205. SaSi_RsaSign(rndState_ptr, rndGenerateVectFunc, (UserContext_ptr),(UserPrivKey_ptr),(CRYS_RSA_After_SHA1_mode),(CRYS_PKCS1_NO_MGF),0,(DataIn_ptr),CRYS_HASH_SHA1_DIGEST_SIZE_IN_BYTES,(Output_ptr),(OutputSize_ptr),CRYS_PKCS1_VER15)
  206. /*!
  207. @brief CRYS_RSA_PKCS1v15_MD5_Sign implements the RSASSA-PKCS1v15 algorithm as defined in PKCS#1 v1.5, but without performing a HASH function -
  208. it assumes that the data in has already been hashed using MD5.
  209. \note The data_in size is already known after the Hash.
  210. */
  211. #define CRYS_RSA_PKCS1v15_MD5_Sign(rndState_ptr, rndGenerateVectFunc, UserContext_ptr,UserPrivKey_ptr,DataIn_ptr,Output_ptr,OutputSize_ptr)\
  212. SaSi_RsaSign(rndState_ptr, rndGenerateVectFunc, (UserContext_ptr),(UserPrivKey_ptr),CRYS_RSA_After_MD5_mode,CRYS_PKCS1_NO_MGF,0,(DataIn_ptr),CRYS_HASH_MD5_DIGEST_SIZE_IN_BYTES,(Output_ptr),(OutputSize_ptr),CRYS_PKCS1_VER15)
  213. /*!
  214. @brief CRYS_RSA_PKCS1v15_SHA224_Sign implements the RSASSA-PKCS1v15 algorithm as defined in PKCS#1 v1.5, but without performing a HASH function -
  215. it assumes that the data in has already been hashed using SHA-224.
  216. \note The data_in size is already known after the Hash.
  217. */
  218. #define CRYS_RSA_PKCS1v15_SHA224_Sign(rndState_ptr, rndGenerateVectFunc, UserContext_ptr,UserPrivKey_ptr,DataIn_ptr,Output_ptr,OutputSize_ptr)\
  219. SaSi_RsaSign(rndState_ptr, rndGenerateVectFunc, (UserContext_ptr),(UserPrivKey_ptr),(CRYS_RSA_After_SHA224_mode),(CRYS_PKCS1_NO_MGF),0,(DataIn_ptr),CRYS_HASH_SHA224_DIGEST_SIZE_IN_BYTES,(Output_ptr),(OutputSize_ptr),CRYS_PKCS1_VER15)
  220. /*!
  221. @brief CRYS_RSA_PKCS1v15_SHA256_Sign implements the RSASSA-PKCS1v15 algorithm as defined in PKCS#1 v1.5, but without performing a HASH function -
  222. it assumes that the data in has already been hashed using SHA-256.
  223. \note The data_in size is already known after the Hash.
  224. */
  225. #define CRYS_RSA_PKCS1v15_SHA256_Sign(rndState_ptr, rndGenerateVectFunc, UserContext_ptr,UserPrivKey_ptr,DataIn_ptr,Output_ptr,OutputSize_ptr)\
  226. SaSi_RsaSign(rndState_ptr, rndGenerateVectFunc, (UserContext_ptr),(UserPrivKey_ptr),(CRYS_RSA_After_SHA256_mode),(CRYS_PKCS1_NO_MGF),0,(DataIn_ptr),CRYS_HASH_SHA256_DIGEST_SIZE_IN_BYTES,(Output_ptr),(OutputSize_ptr),CRYS_PKCS1_VER15)
  227. /*!
  228. @brief CRYS_RSA_PKCS1v15_SHA1_Sign implements the RSASSA-PKCS1v15 algorithm as defined in PKCS#1 v1.5, but without performing a HASH function -
  229. it assumes that the data in has already been hashed using SHA-384.
  230. \note The data_in size is already known after the Hash.
  231. */
  232. #define CRYS_RSA_PKCS1v15_SHA384_Sign(rndState_ptr, rndGenerateVectFunc, UserContext_ptr,UserPrivKey_ptr,DataIn_ptr,Output_ptr,OutputSize_ptr)\
  233. SaSi_RsaSign(rndState_ptr, rndGenerateVectFunc, (UserContext_ptr),(UserPrivKey_ptr),(CRYS_RSA_After_SHA384_mode),(CRYS_PKCS1_NO_MGF),0,(DataIn_ptr),CRYS_HASH_SHA384_DIGEST_SIZE_IN_BYTES,(Output_ptr),(OutputSize_ptr),CRYS_PKCS1_VER15)
  234. /*!
  235. @brief CRYS_RSA_PKCS1v15_SHA512_Sign implements the RSASSA-PKCS1v15 algorithm as defined in PKCS#1 v1.5, but without performing a HASH function -
  236. it assumes that the data in has already been hashed using SHA-512.
  237. \note The data_in size is already known after the Hash.
  238. */
  239. #define CRYS_RSA_PKCS1v15_SHA512_Sign(rndState_ptr, rndGenerateVectFunc, UserContext_ptr,UserPrivKey_ptr,DataIn_ptr,Output_ptr,OutputSize_ptr)\
  240. SaSi_RsaSign(rndState_ptr, rndGenerateVectFunc, (UserContext_ptr),(UserPrivKey_ptr),(CRYS_RSA_After_SHA512_mode),(CRYS_PKCS1_NO_MGF),0,(DataIn_ptr),CRYS_HASH_SHA512_DIGEST_SIZE_IN_BYTES,(Output_ptr),(OutputSize_ptr),CRYS_PKCS1_VER15)
  241. /*!
  242. @brief CRYS_RSA_PSS_Sign implements the RSASSA-PSS algorithm as defined in PKCS#1 v2.1 9.1, in a single function call.
  243. \note According to the PKCS#1 ver2.1 it is not recommended to use MD5 Hash, therefore it is not supported.
  244. The actual macro that is used by the user is ::CRYS_RSA_PSS_Sign.
  245. */
  246. #define CRYS_RSA_PSS_Sign(rndState_ptr, rndGenerateVectFunc, UserContext_ptr,UserPrivKey_ptr,hashFunc,MGF,SaltLen,DataIn_ptr,DataInSize,Output_ptr,OutputSize_ptr)\
  247. SaSi_RsaSign(rndState_ptr, rndGenerateVectFunc, UserContext_ptr,UserPrivKey_ptr,hashFunc,MGF,SaltLen,DataIn_ptr,DataInSize,Output_ptr,OutputSize_ptr,CRYS_PKCS1_VER21)
  248. /*!
  249. @brief CRYS_RSA_PSS_SHA1_Sign implements the RSASSA-PSS algorithm as defined in PKCS#1 v2.1 9.1 in a single function call, but without performing a HASH function -
  250. it assumes that the data in has already been hashed using SHA-1.
  251. \note The data_in size is already known after the Hash.
  252. The actual macro that is used by the users is ::CRYS_RSA_PSS_SHA1_Sign.
  253. */
  254. #define CRYS_RSA_PSS_SHA1_Sign(rndState_ptr, rndGenerateVectFunc, UserContext_ptr,UserPrivKey_ptr,MGF,SaltLen,DataIn_ptr,Output_ptr,OutputSize_ptr)\
  255. SaSi_RsaSign(rndState_ptr, rndGenerateVectFunc, UserContext_ptr,UserPrivKey_ptr,CRYS_RSA_After_SHA1_mode,MGF,SaltLen,DataIn_ptr,CRYS_HASH_SHA1_DIGEST_SIZE_IN_BYTES,Output_ptr,OutputSize_ptr,CRYS_PKCS1_VER21)
  256. /*!
  257. @brief CRYS_RSA_PSS_SHA224_Sign implements the RSASSA-PSS algorithm as defined in PKCS#1 v2.1 9.1 in a single function call, but without performing a HASH function -
  258. it assumes that the data in has already been hashed using SHA-224.
  259. \note The data_in size is already known after the Hash.
  260. The actual macro that is used by the users is ::CRYS_RSA_PSS_SHA224_Sign.
  261. */
  262. #define CRYS_RSA_PSS_SHA224_Sign(rndState_ptr, rndGenerateVectFunc, UserContext_ptr,UserPrivKey_ptr,MGF,SaltLen,DataIn_ptr,Output_ptr,OutputSize_ptr)\
  263. SaSi_RsaSign(rndState_ptr, rndGenerateVectFunc, UserContext_ptr,UserPrivKey_ptr,CRYS_RSA_After_SHA224_mode,MGF,SaltLen,DataIn_ptr,CRYS_HASH_SHA224_DIGEST_SIZE_IN_BYTES,Output_ptr,OutputSize_ptr,CRYS_PKCS1_VER21)
  264. /*!
  265. @brief CRYS_RSA_PSS_SHA256_Sign implements the RSASSA-PSS algorithm as defined in PKCS#1 v2.1 9.1 in a single function call, but without performing a HASH function -
  266. it assumes that the data in has already been hashed using SHA-256.
  267. \note The data_in size is already known after the Hash.
  268. The actual macro that is used by the users is ::CRYS_RSA_PSS_SHA256_Sign.
  269. */
  270. #define CRYS_RSA_PSS_SHA256_Sign(rndState_ptr, rndGenerateVectFunc, UserContext_ptr,UserPrivKey_ptr,MGF,SaltLen,DataIn_ptr,Output_ptr,OutputSize_ptr)\
  271. SaSi_RsaSign(rndState_ptr, rndGenerateVectFunc, UserContext_ptr,UserPrivKey_ptr,CRYS_RSA_After_SHA256_mode,MGF,SaltLen,DataIn_ptr,CRYS_HASH_SHA256_DIGEST_SIZE_IN_BYTES,Output_ptr,OutputSize_ptr,CRYS_PKCS1_VER21)
  272. /*!
  273. @brief CRYS_RSA_PSS_SHA384_Sign implements the RSASSA-PSS algorithm as defined in PKCS#1 v2.1 9.1 in a single function call, but without performing a HASH function -
  274. it assumes that the data in has already been hashed using SHA-384.
  275. \note The data_in size is already known after the Hash.
  276. The actual macro that is used by the users is ::CRYS_RSA_PSS_SHA384_Sign.
  277. */
  278. #define CRYS_RSA_PSS_SHA384_Sign(rndState_ptr, rndGenerateVectFunc, UserContext_ptr,UserPrivKey_ptr,MGF,SaltLen,DataIn_ptr,Output_ptr,OutputSize_ptr)\
  279. SaSi_RsaSign(rndState_ptr, rndGenerateVectFunc, UserContext_ptr,UserPrivKey_ptr,CRYS_RSA_After_SHA384_mode,MGF,SaltLen,DataIn_ptr,CRYS_HASH_SHA384_DIGEST_SIZE_IN_BYTES,Output_ptr,OutputSize_ptr,CRYS_PKCS1_VER21)
  280. /*!
  281. @brief CRYS_RSA_PSS_SHA512_Sign implements the RSASSA-PSS algorithm as defined in PKCS#1 v2.1 9.1 in a single function call, but without performing a HASH function -
  282. it assumes that the data in has already been hashed using SHA-512.
  283. \note The data_in size is already known after the Hash.
  284. The actual macro that is used by the users is ::CRYS_RSA_PSS_SHA512_Sign.
  285. */
  286. #define CRYS_RSA_PSS_SHA512_Sign(rndState_ptr, rndGenerateVectFunc, UserContext_ptr,UserPrivKey_ptr,MGF,SaltLen,DataIn_ptr,Output_ptr,OutputSize_ptr)\
  287. SaSi_RsaSign(rndState_ptr, rndGenerateVectFunc, UserContext_ptr,UserPrivKey_ptr,CRYS_RSA_After_SHA512_mode,MGF,SaltLen,DataIn_ptr,CRYS_HASH_SHA512_DIGEST_SIZE_IN_BYTES,Output_ptr,OutputSize_ptr,CRYS_PKCS1_VER21)
  288. /**********************************************************************************************************/
  289. /*!
  290. @brief Implements the RSA signature verification algorithms, in a single function call, as defined in referenced standards [PKCS1_1.5]
  291. and [PKCS1_2.1].
  292. The input data may be either a non-hashed data or a digest of a hash function.
  293. For a non-hashed data, the input data will be hashed using the hash function indicated by ::CRYS_RSA_HASH_OpMode_t.
  294. For a digest, ::CRYS_RSA_HASH_OpMode_t should indicate the hash function that the input data was created by, and it will not be hashed.
  295. @return CRYS_OK on success.
  296. @return A non-zero value from crys_rsa_error.h or crys_hash_error.h on failure.
  297. */
  298. CIMPORT_C CRYSError_t SaSi_RsaVerify(
  299. CRYS_RSAPubUserContext_t *UserContext_ptr, /*!< [in] Pointer to a temporary context for internal use. */
  300. CRYS_RSAUserPubKey_t *UserPubKey_ptr, /*!< [in] Pointer to the public key data structure of the user. */
  301. CRYS_RSA_HASH_OpMode_t rsaHashMode, /*!< [in] One of the supported SHA-x HASH modes, as defined in ::CRYS_RSA_HASH_OpMode_t.
  302. (MD5 is not supported). */
  303. CRYS_PKCS1_MGF_t MGF, /*!< [in] The mask generation function. [PKCS1_2.1] defines only MGF1, so the only
  304. value allowed for [PKCS_2.1] is CRYS_PKCS1_MGF1. */
  305. uint16_t SaltLen, /*!< [in] The Length of the Salt buffer. Relevant only for [PKCS1_2.1].
  306. Typical lengths are 0 or hash Len (20 for SHA-1).
  307. The maximum length allowed is [modulus size - hash Len - 2]. */
  308. uint8_t *DataIn_ptr, /*!< [in] Pointer to the input data to be verified.
  309. The size of the scatter/gather list representing the data buffer is
  310. limited to 128 entries, and the size of each entry is limited to 64KB
  311. (fragments larger than 64KB are broken into fragments <= 64KB). */
  312. uint32_t DataInSize, /*!< [in] The size (in bytes) of the data whose signature is to be verified. */
  313. uint8_t *Sig_ptr, /*!< [in] Pointer to the signature to be verified.
  314. The length of the signature is PubKey_ptr->N.len bytes
  315. (i.e. the modulus size in bytes). */
  316. CRYS_PKCS1_version PKCS1_ver /*!< [in] [PKCS1_1.5] or [PKCS1_2.1], according to the functionality required. */
  317. );
  318. /*!
  319. @brief CRYS_RSA_PKCS1v15_Verify implements the RSASSA-PKCS1v15 Verify algorithm as defined in PKCS#1 v1.5.
  320. */
  321. #define CRYS_RSA_PKCS1v15_Verify(UserContext_ptr,UserPubKey_ptr,hashFunc,DataIn_ptr,DataInSize,Sig_ptr)\
  322. SaSi_RsaVerify(UserContext_ptr,UserPubKey_ptr,hashFunc,CRYS_PKCS1_NO_MGF,0,DataIn_ptr,DataInSize,Sig_ptr,CRYS_PKCS1_VER15)
  323. /*!
  324. @brief CRYS_RSA_PKCS1v15_MD5_Verify implements the RSASSA-PKCS1v15 Verify algorithm as defined in PKCS#1 v1.5, but without operating the HASH function -
  325. it assumes the DataIn_ptr data has already been hashed using MD5.
  326. */
  327. #define CRYS_RSA_PKCS1v15_MD5_Verify(UserContext_ptr,UserPubKey_ptr,DataIn_ptr,Sig_ptr)\
  328. SaSi_RsaVerify(UserContext_ptr,UserPubKey_ptr,CRYS_RSA_After_MD5_mode,CRYS_PKCS1_NO_MGF,0,DataIn_ptr,CRYS_HASH_MD5_DIGEST_SIZE_IN_BYTES,Sig_ptr,CRYS_PKCS1_VER15)
  329. /*!
  330. @brief CRYS_RSA_PKCS1v15_SHA1_Verify implements the RSASSA-PKCS1v15 Verify algorithm as defined in PKCS#1 v1.5, but without operating the HASH function -
  331. it assumes that the DataIn_ptr data has already been hashed using SHA1.
  332. */
  333. #define CRYS_RSA_PKCS1v15_SHA1_Verify(UserContext_ptr,UserPubKey_ptr,DataIn_ptr,Sig_ptr)\
  334. SaSi_RsaVerify(UserContext_ptr,UserPubKey_ptr,CRYS_RSA_After_SHA1_mode,CRYS_PKCS1_NO_MGF,0,DataIn_ptr,CRYS_HASH_SHA1_DIGEST_SIZE_IN_BYTES,Sig_ptr,CRYS_PKCS1_VER15)
  335. /*!
  336. @brief CRYS_RSA_PKCS1v15_SHA224_Verify implements the RSASSA-PKCS1v15 Verify algorithm as defined in PKCS#1 v1.5, but without operating the HASH function -
  337. it assumes that the DataIn_ptr data has already been hashed using SHA224.
  338. */
  339. #define CRYS_RSA_PKCS1v15_SHA224_Verify(UserContext_ptr,UserPubKey_ptr,DataIn_ptr,Sig_ptr)\
  340. SaSi_RsaVerify(UserContext_ptr,UserPubKey_ptr,CRYS_RSA_After_SHA224_mode,CRYS_PKCS1_NO_MGF,0,DataIn_ptr,CRYS_HASH_SHA224_DIGEST_SIZE_IN_BYTES,Sig_ptr,CRYS_PKCS1_VER15)
  341. /*!
  342. @brief CRYS_RSA_PKCS1v15_SHA256_Verify implements the RSASSA-PKCS1v15 Verify algorithm as defined in PKCS#1 v1.5, but without operating the HASH function -
  343. it assumes that the DataIn_ptr data has already been hashed using SHA256.
  344. */
  345. #define CRYS_RSA_PKCS1v15_SHA256_Verify(UserContext_ptr,UserPubKey_ptr,DataIn_ptr,Sig_ptr)\
  346. SaSi_RsaVerify(UserContext_ptr,UserPubKey_ptr,CRYS_RSA_After_SHA256_mode,CRYS_PKCS1_NO_MGF,0,DataIn_ptr,CRYS_HASH_SHA256_DIGEST_SIZE_IN_BYTES,Sig_ptr,CRYS_PKCS1_VER15)
  347. /*!
  348. @brief CRYS_RSA_PKCS1v15_SHA384_Verify implements the RSASSA-PKCS1v15 Verify algorithm as defined in PKCS#1 v1.5, but without operating the HASH function -
  349. it assumes that the DataIn_ptr data has already been hashed using SHA384.
  350. */
  351. #define CRYS_RSA_PKCS1v15_SHA384_Verify(UserContext_ptr,UserPubKey_ptr,DataIn_ptr,Sig_ptr)\
  352. SaSi_RsaVerify(UserContext_ptr,UserPubKey_ptr,CRYS_RSA_After_SHA384_mode,CRYS_PKCS1_NO_MGF,0,DataIn_ptr,CRYS_HASH_SHA384_DIGEST_SIZE_IN_BYTES,Sig_ptr,CRYS_PKCS1_VER15)
  353. /*!
  354. @brief CRYS_RSA_PKCS1v15_SHA512_Verify implements the RSASSA-PKCS1v15 Verify algorithm as defined in PKCS#1 v1.5, but without operating the HASH function -
  355. it assumes that the DataIn_ptr data has already been hashed using SHA512.
  356. */
  357. #define CRYS_RSA_PKCS1v15_SHA512_Verify(UserContext_ptr,UserPubKey_ptr,DataIn_ptr,Sig_ptr)\
  358. SaSi_RsaVerify(UserContext_ptr,UserPubKey_ptr,CRYS_RSA_After_SHA512_mode,CRYS_PKCS1_NO_MGF,0,DataIn_ptr,CRYS_HASH_SHA512_DIGEST_SIZE_IN_BYTES,Sig_ptr,CRYS_PKCS1_VER15)
  359. /*!
  360. @brief CRYS_RSA_PSS_Verify implements the RSASSA-PKCS1v21 Verify algorithm as defined in PKCS#1 v2.1.
  361. */
  362. #define CRYS_RSA_PSS_Verify(UserContext_ptr,UserPubKey_ptr,hashFunc,MGF,SaltLen,DataIn_ptr,DataInSize,Sig_ptr)\
  363. SaSi_RsaVerify(UserContext_ptr,UserPubKey_ptr,hashFunc,MGF,SaltLen,DataIn_ptr,DataInSize,Sig_ptr,CRYS_PKCS1_VER21)
  364. /*!
  365. @brief CRYS_RSA_PSS_SHA1_Verify implements the PKCS1v21 Verify algorithm as defined in PKCS#1 v2.1, but without operating the HASH function -
  366. it assumes the DataIn_ptr has already been hashed using SHA1.
  367. */
  368. #define CRYS_RSA_PSS_SHA1_Verify(UserContext_ptr,UserPubKey_ptr,MGF,SaltLen,DataIn_ptr,Sig_ptr)\
  369. SaSi_RsaVerify(UserContext_ptr,UserPubKey_ptr,CRYS_RSA_After_SHA1_mode,MGF,SaltLen,DataIn_ptr,CRYS_HASH_SHA1_DIGEST_SIZE_IN_BYTES,Sig_ptr,CRYS_PKCS1_VER21)
  370. /*!
  371. @brief CRYS_RSA_PSS_SHA224_Verify implements the PKCS1v21 Verify algorithm as defined in PKCS#1 v2.1, but without operating the HASH function -
  372. it assumes the DataIn_ptr has already been hashed using SHA224.
  373. */
  374. #define CRYS_RSA_PSS_SHA224_Verify(UserContext_ptr,UserPubKey_ptr,MGF,SaltLen,DataIn_ptr,Sig_ptr)\
  375. SaSi_RsaVerify(UserContext_ptr,UserPubKey_ptr,CRYS_RSA_After_SHA224_mode,MGF,SaltLen,DataIn_ptr,CRYS_HASH_SHA224_DIGEST_SIZE_IN_BYTES,Sig_ptr,CRYS_PKCS1_VER21)
  376. /*!
  377. @brief CRYS_RSA_PSS_SHA256_Verify implements the PKCS1v21 Verify algorithm as defined in PKCS#1 v2.1, but without operating the HASH function -
  378. it assumes the DataIn_ptr has already been hashed using SHA256.
  379. */
  380. #define CRYS_RSA_PSS_SHA256_Verify(UserContext_ptr,UserPubKey_ptr,MGF,SaltLen,DataIn_ptr,Sig_ptr)\
  381. SaSi_RsaVerify(UserContext_ptr,UserPubKey_ptr,CRYS_RSA_After_SHA256_mode,MGF,SaltLen,DataIn_ptr,CRYS_HASH_SHA256_DIGEST_SIZE_IN_BYTES,Sig_ptr,CRYS_PKCS1_VER21)
  382. /*!
  383. @brief CRYS_RSA_PSS_SHA384_Verify implements the PKCS1v21 Verify algorithm as defined in PKCS#1 v2.1, but without operating the HASH function -
  384. it assumes the DataIn_ptr has already been hashed using SHA384.
  385. */
  386. #define CRYS_RSA_PSS_SHA384_Verify(UserContext_ptr,UserPubKey_ptr,MGF,SaltLen,DataIn_ptr,Sig_ptr)\
  387. SaSi_RsaVerify(UserContext_ptr,UserPubKey_ptr,CRYS_RSA_After_SHA384_mode,MGF,SaltLen,DataIn_ptr,CRYS_HASH_SHA384_DIGEST_SIZE_IN_BYTES,Sig_ptr,CRYS_PKCS1_VER21)
  388. /*!
  389. @brief CRYS_RSA_PSS_SHA512_Verify implements the PKCS1v21 Verify algorithm as defined in PKCS#1 v2.1, but without operating the HASH function -
  390. it assumes the DataIn_ptr has already been hashed using SHA512.
  391. */
  392. #define CRYS_RSA_PSS_SHA512_Verify(UserContext_ptr,UserPubKey_ptr,MGF,SaltLen,DataIn_ptr,Sig_ptr)\
  393. SaSi_RsaVerify(UserContext_ptr,UserPubKey_ptr,CRYS_RSA_After_SHA512_mode,MGF,SaltLen,DataIn_ptr,CRYS_HASH_SHA512_DIGEST_SIZE_IN_BYTES,Sig_ptr,CRYS_PKCS1_VER21)
  394. /**********************************************************************************************************/
  395. #ifdef __cplusplus
  396. }
  397. #endif
  398. /**
  399. @}
  400. */
  401. #endif