1 /*
2  * Copyright (c) 2001-2020, Arm Limited and Contributors. All rights reserved.
3  *
4  * SPDX-License-Identifier: BSD-3-Clause
5  */
6 
7 #ifndef _CC_RSA_TYPES_H
8 #define _CC_RSA_TYPES_H
9 
10 #include "cc_hash_defs.h"
11 #include "cc_bitops.h"
12 #include "cc_pka_defs_hw.h"
13 #include "cc_pal_types.h"
14 #include "cc_pal_compiler.h"
15 
16 #ifdef CC_SOFT_KEYGEN
17 #include "ccsw_rsa_shared_types.h"
18 #endif
19 #ifdef USE_MBEDTLS_CRYPTOCELL
20 #include "mbedtls/md.h"
21 #else
22 #include "cc_hash.h"
23 #endif
24 
25 #ifdef __cplusplus
26 extern "C"
27 {
28 #endif
29 /*!
30 @file
31 @@brief This file contains all the enums and definitions that are used for the CryptoCell RSA APIs.
32 @defgroup cc_rsa_types CryptoCell RSA used definitions and enums
33 @{
34 @ingroup cc_rsa
35 */
36 
37 /************************ Defines ******************************/
38 
39 /*! Definition of HASH context size. */
40 #define CC_PKA_RSA_HASH_CTX_SIZE_IN_WORDS CC_HASH_USER_CTX_SIZE_IN_WORDS
41 
42 /*! Maximal key size in bytes. */
43 #define CC_RSA_MAX_VALID_KEY_SIZE_VALUE_IN_BYTES    (CC_RSA_MAX_VALID_KEY_SIZE_VALUE_IN_BITS / CC_BITS_IN_BYTE)
44 
45 /*! Minimal key size in bits. */
46 #define CC_RSA_MIN_VALID_KEY_SIZE_VALUE_IN_BITS              512
47 /*! Valid key size multiplications in RSA. */
48 #define CC_RSA_VALID_KEY_SIZE_MULTIPLE_VALUE_IN_BITS         256
49 
50 /*! Maximal RSA generated key size in bits. */
51 #define CC_RSA_MAX_KEY_GENERATION_SIZE_BITS   CC_RSA_MAX_KEY_GENERATION_HW_SIZE_BITS
52 
53 /* FIPS 184-4 definitions for allowed RSA and FFC DH key sizes */
54 /*! FIPS 184-4 allowed key size - 1024 bits. */
55 #define CC_RSA_FIPS_KEY_SIZE_1024_BITS   1024
56 /*! FIPS 184-4 allowed key size - 2048 bits. */
57 #define CC_RSA_FIPS_KEY_SIZE_2048_BITS   2048
58 /*! FIPS 184-4 allowed key size - 3072 bits. */
59 #define CC_RSA_FIPS_KEY_SIZE_3072_BITS   3072
60 /*! FIPS 184-4 allowed modulus size in bits. */
61 #define CC_RSA_FIPS_MODULUS_SIZE_BITS    CC_RSA_FIPS_KEY_SIZE_2048_BITS
62 
63 /*! FIPS 184-4 DH key size - 1024 bits. */
64 #define CC_DH_FIPS_KEY_SIZE_1024_BITS    1024
65 /*! FIPS 184-4 DH key size - 2048 bits. */
66 #define CC_DH_FIPS_KEY_SIZE_2048_BITS    2048
67 
68 
69 /*! Salt length definition - if the salt length is not available in verify operation, the user can use this define and the algorithm will
70     calculate the salt length alone*/
71 /*!\note Security wise: it is not recommended to use this flag.*/
72 #define CC_RSA_VERIFY_SALT_LENGTH_UNKNOWN                     0xFFFF
73 
74 /*! Minimal public exponent value */
75 #define CC_RSA_MIN_PUB_EXP_VALUE  3
76 /*! Minimal private exponent value */
77 #define CC_RSA_MIN_PRIV_EXP_VALUE 1
78 
79 /* The maximum buffer size for the 'H' value */
80 /*! Temporary buffer size definition.*/
81 #define CC_RSA_TMP_BUFF_SIZE (CC_RSA_OAEP_ENCODE_MAX_MASKDB_SIZE + CC_RSA_OAEP_ENCODE_MAX_SEEDMASK_SIZE + CC_PKA_RSA_HASH_CTX_SIZE_IN_WORDS*sizeof(uint32_t) + sizeof(CCHashResultBuf_t))
82 
83 /*! Hash structure definition.*/
84 #define CCPkcs1HashFunc_t CCHashOperationMode_t
85 
86 /*! OAEP maximal H length.*/
87 #define CC_RSA_OAEP_MAX_HLEN                            CC_HASH_SHA512_DIGEST_SIZE_IN_BYTES
88 
89 /*! MGF1 definitions */
90 #define CC_RSA_MGF_2_POWER_32                       65535 /*!< \internal 0xFFFF This is the 2^32 of the 2^32*hLen boundary check */
91 /*! MGF1 definitions */
92 #define CC_RSA_SIZE_OF_T_STRING_BYTES                   (CC_RSA_MAXIMUM_MOD_BUFFER_SIZE_IN_WORDS*sizeof(uint32_t))
93 
94 /***********************************************************
95  *
96  * RSA PKCS#1 v2.1 DEFINES
97  *
98  ***********************************************************/
99  /*! Size of OEAP seed. */
100 #define CC_RSA_OAEP_ENCODE_MAX_SEEDMASK_SIZE            CC_RSA_OAEP_MAX_HLEN
101 /*! Maximal PSS salt size. */
102 #define CC_RSA_PSS_SALT_LENGTH                  CC_RSA_OAEP_MAX_HLEN
103 /*! PSS padding length. */
104 #define CC_RSA_PSS_PAD1_LEN                 8
105 /*! OAEP encode mask size. */
106 #define CC_RSA_OAEP_ENCODE_MAX_MASKDB_SIZE              (CC_RSA_MAXIMUM_MOD_BUFFER_SIZE_IN_WORDS*sizeof(uint32_t)) /*!< \internal For OAEP Encode; the max size is emLen */
107 /*! OAEP decode mask size. */
108 #define CC_RSA_OAEP_DECODE_MAX_DBMASK_SIZE              (CC_RSA_MAXIMUM_MOD_BUFFER_SIZE_IN_WORDS*sizeof(uint32_t)) /*!< \internal For OAEP Decode; the max size is emLen */
109 
110 /************************ Enums ********************************/
111 
112 /*! Defines the enum for the HASH operation mode. */
113 typedef enum
114 {
115     CC_RSA_HASH_MD5_mode  = 0,  /*!< For Public-Key Cryptography Standards (PKCS) #1 RSA Cryptography Specifications Version 1.5 only.
116                          The input data will be hashed with MD5 */
117     CC_RSA_HASH_SHA1_mode = 1,  /*!< The input data will be hashed with SHA1. */
118     CC_RSA_HASH_SHA224_mode = 2,  /*!< The input data will be hashed with SHA224. */
119     CC_RSA_HASH_SHA256_mode = 3,  /*!< The input data will be hashed with SHA256. */
120     CC_RSA_HASH_SHA384_mode = 4,  /*!< The input data will be hashed with SHA384. */
121     CC_RSA_HASH_SHA512_mode = 5,    /*!< The input data will be hashed with SHA512. */
122     CC_RSA_After_MD5_mode = 6,      /*!< For PKCS1 v1.5 only. The input data is a digest of MD5 and will not be hashed. */
123     CC_RSA_After_SHA1_mode = 7, /*!< The input data is a digest of SHA1 and will not be hashed. */
124     CC_RSA_After_SHA224_mode = 8,   /*!< The input data is a digest of SHA224 and will not be hashed. */
125     CC_RSA_After_SHA256_mode = 9,   /*!< The input data is a digest of SHA256 and will not be hashed. */
126     CC_RSA_After_SHA384_mode = 10,  /*!< The input data is a digest of SHA384 and will not be hashed. */
127     CC_RSA_After_SHA512_mode = 11,  /*!< The input data is a digest of SHA512 and will not be hashed. */
128     CC_RSA_After_HASH_NOT_KNOWN_mode = 12,    /*!< \internal used only for Public-Key Cryptography Standards (PKCS) #1 RSA Cryptography Specifications Version 1.5 -
129                             possible to perform verify operation without hash mode input,
130                         the hash mode is derived from the signature.*/
131     CC_RSA_HASH_NO_HASH_mode = 13,  /*!< Used for Public-Key Cryptography Standards (PKCS) #1 RSA Cryptography Specifications Version 1.5 Encrypt and Decrypt.*/
132     CC_RSA_HASH_NumOfModes,     /*!< Maximal number of hash operations modes. */
133 
134     CC_RSA_HASH_OpModeLast  = 0x7FFFFFFF, /*! Reserved.*/
135 
136 }CCRsaHashOpMode_t;
137 
138 
139 /*! Defines the enum of the RSA decryption mode. */
140 typedef enum
141 {
142     CC_RSA_NoCrt = 10, /*!< Decryption no CRT mode.*/
143     CC_RSA_Crt   = 11, /*!< Decryption CRT mode.*/
144 
145     CC_RSADecryptionNumOfOptions, /*! Reserved.*/
146 
147     CC_RSA_DecryptionModeLast= 0x7FFFFFFF, /*! Reserved.*/
148 
149 }CCRsaDecryptionMode_t;
150 
151 /*! RSA Key source definition. */
152 typedef enum
153 {
154     CC_RSA_ExternalKey = 1, /*!< External key.*/
155     CC_RSA_InternalKey = 2, /*!< Internal key.*/
156 
157     CC_RSA_KeySourceLast= 0x7FFFFFFF, /*!< Reserved. */
158 
159 }CCRsaKeySource_t;
160 
161 /*! MGF values. */
162 typedef enum
163 {
164     CC_PKCS1_MGF1 = 0,   /*! MGF1. */
165     CC_PKCS1_NO_MGF = 1, /*! No MGF. */
166     CC_RSA_NumOfMGFFunctions, /*! Maximal number of MGF options. */
167 
168     CC_PKCS1_MGFLast= 0x7FFFFFFF, /*! Reserved.*/
169 
170 }CCPkcs1Mgf_t;
171 
172 /*! Defines the enum of the various PKCS1 versions. */
173 typedef enum
174 {
175     CC_PKCS1_VER15 = 0, /*! PKCS1 version 15. */
176     CC_PKCS1_VER21 = 1, /*! PKCS1 version 21. */
177 
178     CC_RSA_NumOf_PKCS1_versions, /*! Maximal number of PKCS versions. */
179 
180     CC_PKCS1_versionLast= 0x7FFFFFFF, /*! Reserved.*/
181 
182 }CCPkcs1Version_t;
183 
184 
185 /*! Enum defining primality testing mode in Rabin-Miller
186    and Lucas-Lehmer tests (internal tests). */
187 typedef enum
188 {
189         /* P and Q primes */
190     CC_RSA_PRIME_TEST_MODE     = 0, /*!< PRIME test. */
191 
192         /* FFC (DH, DSA) primes */
193     CC_DH_PRIME_TEST_MODE      = 1, /*!< DH Prime test. */
194 
195     CC_RSA_DH_PRIME_TEST_OFF_MODE /*!< Reserved.*/
196 
197 }CCRsaDhPrimeTestMode_t;
198 
199 /************************ Public and private key database Structs ******************************/
200 
201 /* .................. The public key definitions ...................... */
202 /* --------------------------------------------------------------------- */
203 
204 /*! Public key data structure (used internally). */
205 typedef struct
206 {
207     /*! RSA modulus buffer. */
208     uint32_t n[CC_RSA_MAXIMUM_MOD_BUFFER_SIZE_IN_WORDS];
209     /*! RSA modulus size in bits. */
210     uint32_t nSizeInBits;
211 
212     /*! RSA public exponent buffer. */
213     uint32_t e[CC_RSA_MAXIMUM_MOD_BUFFER_SIZE_IN_WORDS];
214     /*! RSA public exponent buffer. */
215     uint32_t eSizeInBits;
216 
217     /*! Buffer for internal usage.*/
218     uint32_t ccRSAIntBuff[CC_PKA_BARRETT_MOD_TAG_BUFF_SIZE_IN_WORDS];
219 
220 }CCRsaPubKey_t;
221 
222 /*! The public key's user structure prototype. This structure must be saved by the user, and is used as input to the RSA functions
223 (such as ::CC_RsaSchemesEncrypt etc.) */
224 typedef struct CCRsaUserPubKey_t
225 {
226     /*! Validation tag. */
227     uint32_t valid_tag;
228     /*! Public key data. */
229     uint32_t  PublicKeyDbBuff[ sizeof(CCRsaPubKey_t)/sizeof(uint32_t) + 1 ];
230 
231 
232 }CCRsaUserPubKey_t;
233 
234 /* .................. The private key definitions ...................... */
235 /* --------------------------------------------------------------------- */
236 
237 /*! Private key on non-CRT mode data structure (used internally). */
238 typedef struct
239 {
240     /*! RSA private exponent buffer. */
241     uint32_t d[CC_RSA_MAXIMUM_MOD_BUFFER_SIZE_IN_WORDS];
242     /*! RSA private exponent size in bits. */
243     uint32_t dSizeInBits;
244 
245     /*! RSA public exponent buffer. */
246     uint32_t e[CC_RSA_MAXIMUM_MOD_BUFFER_SIZE_IN_WORDS];
247     /*! RSA public exponent size in bits. */
248     uint32_t eSizeInBits;
249 
250 }CCRsaPrivNonCrtKey_t;
251 
252 /*! Private key on CRT mode data structure (used internally). */
253 /* use small CRT buffers */
254 typedef struct
255 {
256     /*! First factor buffer. */
257     uint32_t P[CC_RSA_MAXIMUM_MOD_BUFFER_SIZE_IN_WORDS/2];
258     /*! First factor size in bits. */
259     uint32_t PSizeInBits;
260 
261     /*! Second factor buffer. */
262     uint32_t Q[CC_RSA_MAXIMUM_MOD_BUFFER_SIZE_IN_WORDS/2];
263     /*! Second factor size in bits. */
264     uint32_t QSizeInBits;
265 
266     /*! First CRT exponent buffer. */
267     uint32_t dP[CC_RSA_MAXIMUM_MOD_BUFFER_SIZE_IN_WORDS/2];
268     /*! First CRT exponent size in bits. */
269     uint32_t dPSizeInBits;
270 
271     /*! Second CRT exponent buffer. */
272     uint32_t dQ[CC_RSA_MAXIMUM_MOD_BUFFER_SIZE_IN_WORDS/2];
273     /*! Second CRT exponent size in bits. */
274     uint32_t dQSizeInBits;
275 
276     /*! First CRT coefficient buffer. */
277     uint32_t qInv[CC_RSA_MAXIMUM_MOD_BUFFER_SIZE_IN_WORDS/2];
278     /*! First CRT coefficient size in bits. */
279     uint32_t qInvSizeInBits;
280 
281 }CCRsaPrivCrtKey_t;
282 
283 
284 /*! Private key data structure (used internally). */
285 typedef struct
286 {
287     /*! RSA modulus buffer. */
288     uint32_t n[CC_RSA_MAXIMUM_MOD_BUFFER_SIZE_IN_WORDS];
289     /*! RSA modulus size in bits. */
290     uint32_t nSizeInBits;
291 
292     /*! Decryption operation mode. */
293     CCRsaDecryptionMode_t OperationMode;
294 
295     /*! Key source ( internal or external ). */
296     CCRsaKeySource_t KeySource;
297 
298 
299     /*! Union between the CRT and non-CRT data structures. */
300     union
301     {
302         CCRsaPrivNonCrtKey_t NonCrt; /*!< Non CRT data structure. */
303         CCRsaPrivCrtKey_t    Crt;    /*!< CRT data structure. */
304     }PriveKeyDb;
305 
306     /*! Internal buffer. */
307     uint32_t ccRSAPrivKeyIntBuff[CC_PKA_PRIV_KEY_BUFF_SIZE_IN_WORDS];
308 
309 }CCRsaPrivKey_t;
310 
311 /*! The private key's user structure prototype. This structure must be saved by the user, and is used as input to the RSA functions
312 (such as ::CC_RsaSchemesDecrypt etc.). */
313 typedef struct CCRsaUserPrivKey_t
314 {
315     /*! Validation tag.*/
316     uint32_t valid_tag;
317     /*! Private key data. */
318     uint32_t  PrivateKeyDbBuff[ sizeof(CCRsaPrivKey_t)/sizeof(uint32_t) + 1 ] ;
319 
320 }CCRsaUserPrivKey_t;
321 
322 /*! Temporary buffers for RSA usage. */
323 typedef struct CCRsaPrimeData_t
324 {
325    /* The aligned input and output data buffers */
326     uint32_t DataIn[CC_RSA_MAXIMUM_MOD_BUFFER_SIZE_IN_WORDS];   /*!< Temporary buffer for data in.*/
327     uint32_t DataOut[CC_RSA_MAXIMUM_MOD_BUFFER_SIZE_IN_WORDS];  /*!< Temporary buffer for data out.*/
328     /*! Temporary buffer for internal data.*/
329     uint8_t  InternalBuff[CC_RSA_TMP_BUFF_SIZE] CC_PAL_COMPILER_ALIGN (4);
330 
331 }CCRsaPrimeData_t;
332 
333 /*! KG data type. */
334 typedef union CCRsaKgData_t
335 {
336     /*! RSA Key Generation buffers definitions. */
337     struct
338     {
339         /* The aligned input and output data buffers */
340         /*! First factor buffer. */
341         uint32_t p[CC_RSA_MAXIMUM_MOD_BUFFER_SIZE_IN_WORDS / 2];
342         /*! Second factor buffer. */
343         uint32_t q[CC_RSA_MAXIMUM_MOD_BUFFER_SIZE_IN_WORDS / 2];
344         union {
345             /*! Internal buffer. */
346             uint32_t ccRSAKGDataIntBuff[CC_PKA_KGDATA_BUFF_SIZE_IN_WORDS];
347             #ifdef CC_SOFT_KEYGEN
348             /* # added for compatibility with size of KGData SW type */
349             uint32_t TempbuffExp[PKI_KEY_GEN_TEMP_BUFF_SIZE_WORDS];
350             #endif
351         }kg_buf;
352     }KGData;
353 
354     /*! Buffers for internal usage. */
355     union {
356         /*! Internally used buffer.*/
357             struct {
358             CCRsaPrimeData_t    PrimData;
359         }primExt;
360         #ifdef CC_SOFT_KEYGEN
361         /* # added for compatibility with size of SW CCRsaPrivKey_t type */
362             SwSharedRSAPrimeData_t SW_Shared_PrimData;
363         #endif
364     }prim;
365 }CCRsaKgData_t;
366 
367  /*************
368  *  RSA contexts
369  **************/
370 /************************ CryptoCell RSA struct for Private Key ******************************/
371 
372 
373 /*! Context definition for operations that use the RSA private key. */
374 typedef struct
375 {
376 
377     /*! Private key data.  */
378     CCRsaUserPrivKey_t PrivUserKey;
379 
380     /*! RSA PKCS#1 Version 1.5 or 2.1 */
381     uint8_t   PKCS1_Version;
382 
383     /*! MGF to be used for the PKCS1 Ver 2.1 sign or verify operations. */
384     uint8_t MGF_2use;
385 
386     /*! Salt random length for PKCS#1 PSS Ver 2.1*/
387     uint16_t SaltLen;
388 
389     /*! Internal buffer. */
390     CCRsaPrimeData_t  PrimeData;
391 
392     /*! HASH context buffer. */
393 #ifdef USE_MBEDTLS_CRYPTOCELL
394     mbedtls_md_context_t RsaHashCtx;
395 #else
396     uint32_t RsaHashCtxBuff[CC_PKA_RSA_HASH_CTX_SIZE_IN_WORDS];
397 #endif
398 
399     /*! HASH result buffer. */
400     CCHashResultBuf_t        HASH_Result;
401     /*! HASH result size in words. */
402     uint16_t                  HASH_Result_Size;
403     /*! RSA HASH operation mode (all modes RSA supports).*/
404     CCRsaHashOpMode_t    RsaHashOperationMode;
405     /*! HASH operation mode.*/
406     CCHashOperationMode_t HashOperationMode;
407     /*! HASH block size (in words).*/
408     uint16_t                  HashBlockSize;
409     /*! HASH flag. */
410     bool doHash;
411 
412     /* Used for sensitive data manipulation in the context space, which is safer and which saves stack space */
413     /*! Internal buffer.*/
414     uint32_t EBD[CC_RSA_MAXIMUM_MOD_BUFFER_SIZE_IN_WORDS];
415     /*! Internal bufffer used size in bits. */
416     uint32_t EBDSizeInBits;
417 
418     /* Used for sensitive data manipulation in the context space, which is safer and which saves stack space */
419     /*! Internal buffer.*/
420     uint8_t  T_Buf[CC_RSA_SIZE_OF_T_STRING_BYTES];
421     /*! Internal buffer used size.*/
422     uint16_t T_BufSize;
423 
424     /*! Buffer for the use of the Ber encoder in the case of PKCS#1 Ver 1.5. */
425     uint32_t  BER[CC_RSA_MAXIMUM_MOD_BUFFER_SIZE_IN_WORDS];
426     /*! Ber encoder buffer size.*/
427     uint16_t  BERSize;
428 
429     /*! Internal buffer.*/
430     uint8_t DummyBufAESBlockSize[16];
431 
432 }RSAPrivContext_t;
433 
434 /*! The user's context prototype - the argument type that is passed by the user
435    to the RSA APIs. The context saves the state of the operation and must be saved by the user
436    till the end of the APIs flow . */
437 typedef struct CCRsaPrivUserContext_t
438 {
439     /*! Validation tag. */
440     uint32_t valid_tag;
441     /*! Internally used value.*/
442     uint32_t AES_iv;
443     /*! Private data context buffer. */
444     uint8_t  context_buff[ sizeof(RSAPrivContext_t) + sizeof(uint32_t)] CC_PAL_COMPILER_ALIGN (4);  /* must be aligned to 4 */
445 
446 }CCRsaPrivUserContext_t;
447 
448 
449 /************************ CryptoCell RSA struct for Public Key ******************************/
450 
451 /*! Context definition for operations that use the RSA public key. */
452 typedef struct
453 {
454 
455     /*! RSA public key structure. */
456     CCRsaUserPubKey_t PubUserKey;
457 
458     /*! Public key size in bytes */
459     uint32_t nSizeInBytes;
460 
461     /*! RSA PKCS#1 Version 1.5 or 2.1 */
462     uint8_t   PKCS1_Version;
463 
464     /*! MGF to be used for the PKCS1 Ver 2.1 Sign or Verify operations */
465     uint8_t MGF_2use;
466 
467     /*! Salt random length for PKCS#1 PSS Ver 2.1*/
468     uint16_t SaltLen;
469 
470     /*! Internal buffer. */
471     CCRsaPrimeData_t  PrimeData;
472 
473     /*! HASH context. */
474 #ifdef USE_MBEDTLS_CRYPTOCELL
475     mbedtls_md_context_t RsaHashCtx;
476 #else
477     uint32_t RsaHashCtxBuff[CC_PKA_RSA_HASH_CTX_SIZE_IN_WORDS];
478 #endif
479     /*! HASH result buffer. */
480     CCHashResultBuf_t        HASH_Result;
481     /*! HASH result size. */
482     uint16_t                  HASH_Result_Size; /* denotes the length, in words, of the hash function output */
483     /*! RSA HASH operation mode (all modes RSA supports). */
484     CCRsaHashOpMode_t    RsaHashOperationMode;
485     /*! HASH operation mode. */
486     CCHashOperationMode_t HashOperationMode;
487     /*! HASH block size. */
488     uint16_t                  HashBlockSize; /*in words*/
489     /*! HASH flag.*/
490     bool doHash;
491 
492     /* Used for sensitive data manipulation in the context space, which is safer and which saves stack space */
493     /*! Internal buffer.*/
494     uint32_t EBD[CC_RSA_MAXIMUM_MOD_BUFFER_SIZE_IN_WORDS];
495     /*! Internal bufffer used size in bits. */
496     uint32_t EBDSizeInBits;
497 
498     /* Used for sensitive data manipulation in the context space, which is safer and which saves stack space */
499     /*! Internal buffer.*/
500     uint8_t T_Buf[CC_RSA_SIZE_OF_T_STRING_BYTES];
501     /*! Internal buffer used size.*/
502     uint16_t T_BufSize;
503 
504     /*! Internal buffer.*/
505     uint8_t DummyBufAESBlockSize[16];
506 
507 }RSAPubContext_t;
508 
509 
510 /*! Temporary buffers for the RSA usage. */
511 typedef struct CCRsaPubUserContext_t
512 {
513     /*! Validation tag. */
514     uint32_t valid_tag;
515     /*! Internally used value.*/
516     uint32_t AES_iv;
517     /*! Public data context buffer. */
518     uint32_t  context_buff[ sizeof(RSAPubContext_t)/sizeof(uint32_t) + 1] ;
519 
520 }CCRsaPubUserContext_t;
521 
522 
523 
524 /*! Required for internal FIPS verification for RSA key generation. */
525 typedef struct CCRsaKgFipsContext_t{
526     /*! Internal buffer. */
527     CCRsaPrimeData_t    primData;
528     /*! Buffer used for decryption. */
529     uint8_t         decBuff[((CC_RSA_MIN_VALID_KEY_SIZE_VALUE_IN_BITS/CC_BITS_IN_BYTE) - 2*(CC_HASH_SHA1_DIGEST_SIZE_IN_BYTES) -2)];
530     /*! Buffer used for encryption. */
531     uint8_t         encBuff[CC_RSA_FIPS_MODULUS_SIZE_BITS/CC_BITS_IN_BYTE];
532 }CCRsaKgFipsContext_t;
533 
534 /*! Required for internal FIPS verification for RSA KAT. The RSA KAT tests are defined for Public-Key Cryptography Standards (PKCS) #1 RSA*
535     Cryptography Specifications Version 2.1 with modulus key size of 2048.      */
536 typedef struct CCRsaFipsKatContext_t{
537     /*! RSA user's key (either public or private).*/
538     union {
539         /*! RSA user's public key. */
540         CCRsaUserPubKey_t   userPubKey;     // used for RsaEnc and RsaVerify
541         /*! RSA user's private key. */
542         CCRsaUserPrivKey_t   userPrivKey;  // used for RsaDec and RsaSign
543     }userKey;
544     /*! RSA user's context (either public or private).*/
545     union {
546         /*! RSA user's private context. */
547         CCRsaPrivUserContext_t userPrivContext;  // used for RsaSign
548         /*! RSA public user's context. */
549         CCRsaPubUserContext_t userPubContext;  // used for RsaVerify
550         /*! Internal buffers. */
551         CCRsaPrimeData_t    primData;  // used for RsaEnc and RsaDec
552     }userContext;
553     /*! RSA user's data. */
554     union {
555         struct {   // used for RsaEnc and RsaDec
556             /*! Buffer for encrypted data. */
557             uint8_t     encBuff[CC_RSA_FIPS_MODULUS_SIZE_BITS/CC_BITS_IN_BYTE];
558             /*! Buffer for decrypted data. */
559             uint8_t     decBuff[((CC_RSA_FIPS_MODULUS_SIZE_BITS/CC_BITS_IN_BYTE) - 2*(CC_HASH_SHA1_DIGEST_SIZE_IN_BYTES) -2)];
560         }userOaepData;
561         /*! Buffer for Signed data. */
562         uint8_t         signBuff[CC_RSA_FIPS_MODULUS_SIZE_BITS/CC_BITS_IN_BYTE]; // used for RsaSign and RsaVerify
563     }userData;
564 }CCRsaFipsKatContext_t;
565 
566 
567 #ifdef __cplusplus
568 }
569 #endif
570 /**
571 @}
572  */
573 #endif
574