1 /*
2 * Copyright (c) 2001-2022, Arm Limited and Contributors. All rights reserved.
3 *
4 * SPDX-License-Identifier: BSD-3-Clause
5 */
6 #ifdef CC_IOT
7 #include "mbedtls/build_info.h"
8 #endif
9
10 #if !defined(CC_IOT) || ( defined(CC_IOT) && defined(MBEDTLS_RSA_C))
11
12 #define CC_PAL_LOG_CUR_COMPONENT CC_LOG_MASK_ASYM_RSA_DH
13
14 /************* Include Files ****************/
15
16 #include "cc_pal_mem.h"
17 #include "cc_rsa_error.h"
18 #include "cc_rsa_prim.h"
19 #include "cc_common_math.h"
20 #include "cc_rsa_local.h"
21 #include "cc_fips_defs.h"
22
23 /************************ Defines ******************************/
24
25 #if ( CC_HASH_USER_CTX_SIZE_IN_WORDS > CC_PKA_RSA_HASH_CTX_SIZE_IN_WORDS )
26 #error CC_PKA_RSA_HASH_CTX_SIZE_IN_WORDS OR CC_HASH_USER_CTX_SIZE_IN_WORDS do not defined correctly.
27 #endif
28
29 /************************ Enums ******************************/
30 /************************ Typedefs ***************************/
31 /************************ Global Data ************************/
32
33
34 /************* Private function prototype ********************/
35
36
37 #ifndef _INTERNAL_CC_NO_RSA_VERIFY_SUPPORT
38
39 /************************ Private Functions ******************************/
40
41 /**
42 \brief RSA_VerifyInit initializes the Verify
43 multi-call algorithm as defined in PKCS#1 v1.5 and 2.1
44
45 NOTE: 1. In PSS_Sign v2.1 MD5 is not supported, since it is not recommended
46 by the PKCS#1 v2.1.
47 2. According to thesaid standard, implementation of the function
48 for version v1.5 is based on DER encoding of the algorithm info.
49
50
51 @param[in] UserContext_ptr - A pointer to the public Context
52 structure of the User.
53 @param[in] UserPubKey_ptr - A pointer to the public key data
54 structure.
55 @param[in] rsaHashMode - The hash function to be used. Currently
56 avaliable HASH functions: SHA1/SHA-256/384/512/MD5
57 (MD5 - allowed only for PKCS#1 v1.5).
58 Also allowed "After" HASH modes for said functions.
59 @param[in] MGF - The mask generation function, relevant only for PKCS#1 v2.1.
60 The currently allowed value for v2.1 is CC_PKCS1_MGF1.
61 @param[in] SaltLen - The Length of the Salt buffer. Relevant for PKCS#1 Ver 2.1 only.
62 Typical lengths are 0 and hashLen (20 for SHA1).
63 The maximum length allowed is NSize - hLen - 2.
64 If the salt length is not available in this process, the user
65 can use the define: CC_RSA_VERIFY_SALT_LENGTH_UNKNOWN.
66 Security Note: it is recommended not to use this flag and provide
67 the Salt length on each verify
68 @param[in] PKCS1_ver - Ver 1.5 or 2.1, according to the functionality required.
69
70 @return CCError_t - CC_OK, or error
71 */
72
CC_RsaVerifyInit(CCRsaPubUserContext_t * UserContext_ptr,CCRsaUserPubKey_t * UserPubKey_ptr,CCRsaHashOpMode_t rsaHashMode,CCPkcs1Mgf_t MGF,size_t SaltLen,CCPkcs1Version_t PKCS1_ver)73 CEXPORT_C CCError_t CC_RsaVerifyInit(CCRsaPubUserContext_t *UserContext_ptr,
74 CCRsaUserPubKey_t *UserPubKey_ptr,
75 CCRsaHashOpMode_t rsaHashMode,
76 CCPkcs1Mgf_t MGF,
77 size_t SaltLen,
78 CCPkcs1Version_t PKCS1_ver)
79 {
80 /* FUNCTION DECLARATIONS */
81
82 /* The return error identifier */
83 CCError_t Error = CC_OK;
84
85 /* defining a pointer to the active context allcated by the CCM */
86 RSAPubContext_t *ccmWorkingContext_ptr;
87 /*Pointer to the public key for lengths checking*/
88 CCRsaPubKey_t *PubKey_ptr;
89 /*The size of the modulus for lengths checking*/
90 uint32_t ModulusSizeBytes;
91 #ifdef USE_MBEDTLS_CRYPTOCELL
92 const mbedtls_md_info_t *md_info=NULL;
93 #endif
94 /* FUNCTION LOGIC */
95
96 /* ............... local initializations .............................. */
97 /* -------------------------------------------------------------------- */
98
99 /* initialize the module size to cancel compilers warnings */
100 ModulusSizeBytes = 0;
101 ccmWorkingContext_ptr = (RSAPubContext_t*)UserContext_ptr->context_buff;
102
103
104 /* ............... checking the parameters validity ................... */
105 /* -------------------------------------------------------------------- */
106
107
108 /* if the users context ID pointer is NULL return an error */
109 if (UserContext_ptr == NULL){
110 return CC_RSA_INVALID_USER_CONTEXT_POINTER_ERROR;
111 }
112
113 /*if the private key object is NULL return an error*/
114 if (UserPubKey_ptr == NULL){
115 Error = CC_RSA_INVALID_PUB_KEY_STRUCT_POINTER_ERROR;
116 goto End;
117 }
118
119 /* check if the hash operation mode is legal */
120 if (rsaHashMode >= CC_RSA_HASH_NumOfModes){
121 Error = CC_RSA_HASH_ILLEGAL_OPERATION_MODE_ERROR;
122 goto End;
123 }
124
125 /* check if the MGF operation mode is legal */
126 if (MGF >= CC_RSA_NumOfMGFFunctions){
127 Error = CC_RSA_MGF_ILLEGAL_ARG_ERROR;
128 goto End;
129 }
130
131 /* check that the PKCS1 version argument is legal*/
132 if (PKCS1_ver >= CC_RSA_NumOf_PKCS1_versions){
133 Error = CC_RSA_PKCS1_VER_ARG_ERROR;
134 goto End;
135 }
136
137 /*According to the PKCS1 ver 2.1 standart it is not recommended to use MD5 hash
138 therefore we do not support it */
139 if (PKCS1_ver == CC_PKCS1_VER21 && rsaHashMode == CC_RSA_HASH_MD5_mode){
140 Error = CC_RSA_HASH_ILLEGAL_OPERATION_MODE_ERROR;
141 goto End;
142 }
143
144 /*If the validation tag is incorrect*/
145 if (UserPubKey_ptr->valid_tag != CC_RSA_PUB_KEY_VALIDATION_TAG){
146 Error = CC_RSA_PUB_KEY_VALIDATION_TAG_ERROR;
147 goto End;
148 }
149
150 /*Checking if a check on salt length is needed*/
151 if (SaltLen != CC_RSA_VERIFY_SALT_LENGTH_UNKNOWN && PKCS1_ver == CC_PKCS1_VER21) {
152 /*Initializing the Modulus Size in Bytes needed for SaltLength parameter check*/
153 PubKey_ptr = (CCRsaPubKey_t *)UserPubKey_ptr->PublicKeyDbBuff;
154
155 /*Note: the (-1) is due to the PKCS#1 Ver2.1 standard section 9.1.1*/
156 ModulusSizeBytes = (PubKey_ptr->nSizeInBits - 1) / 8;
157 if ((PubKey_ptr->nSizeInBits - 1) % 8)
158 ModulusSizeBytes++;
159 }
160
161 /* ............... initializing local variables ................ */
162 /* ------------------------------------------------------------- */
163
164 /*Reset the Context handler for improper previous values initialized*/
165 CC_PalMemSetZero(UserContext_ptr, sizeof(CCRsaPubUserContext_t));
166
167
168 /* Initializing the Hash operation mode in the RSA Context level */
169 /* ------------------------------------------------------------- */
170
171 ccmWorkingContext_ptr->RsaHashOperationMode = rsaHashMode;
172
173 if (RsaSupportedHashModes_t[rsaHashMode] == CC_FALSE){
174 Error = CC_RSA_HASH_ILLEGAL_OPERATION_MODE_ERROR;
175 goto End;
176 }
177
178 ccmWorkingContext_ptr->HashOperationMode = RsaHashInfo_t[rsaHashMode].hashMode;
179 ccmWorkingContext_ptr->HASH_Result_Size = RsaHashInfo_t[rsaHashMode].hashResultSize;
180
181 if ( (ccmWorkingContext_ptr->HashOperationMode == CC_HASH_SHA384_mode) ||
182 (ccmWorkingContext_ptr->HashOperationMode == CC_HASH_SHA512_mode) )
183 ccmWorkingContext_ptr->HashBlockSize = CC_HASH_SHA512_BLOCK_SIZE_IN_WORDS;
184 else
185 ccmWorkingContext_ptr->HashBlockSize = CC_HASH_BLOCK_SIZE_IN_WORDS;
186
187 if ( (rsaHashMode == CC_RSA_HASH_MD5_mode ) ||
188 (rsaHashMode == CC_RSA_HASH_SHA1_mode ) ||
189 (rsaHashMode == CC_RSA_HASH_SHA224_mode ) ||
190 (rsaHashMode == CC_RSA_HASH_SHA256_mode ) ||
191 (rsaHashMode == CC_RSA_HASH_SHA384_mode ) ||
192 (rsaHashMode == CC_RSA_HASH_SHA512_mode ) )
193 ccmWorkingContext_ptr->doHash = true; /* for actual Hash modes */
194 else
195 ccmWorkingContext_ptr->doHash = false;
196
197
198 /* Init HASH */
199 if (ccmWorkingContext_ptr->doHash) {
200 #ifdef USE_MBEDTLS_CRYPTOCELL
201 md_info = mbedtls_md_info_from_type(RsaHash_CC_mbedtls_Info[ccmWorkingContext_ptr->HashOperationMode]);
202 if (NULL == md_info) {
203 goto End;
204 }
205 mbedtls_md_init(&ccmWorkingContext_ptr->RsaHashCtx);
206 Error = mbedtls_md_setup(&ccmWorkingContext_ptr->RsaHashCtx, md_info, 0); // 0 = HASH, not HMAC
207 if (Error != 0) {
208 goto End;
209 }
210
211 Error = mbedtls_md_starts(&ccmWorkingContext_ptr->RsaHashCtx);
212 if (Error != 0) {
213 goto End;
214 }
215 #else
216 Error = CC_HashInit(
217 ((CCHashUserContext_t *)((ccmWorkingContext_ptr->RsaHashCtxBuff))),
218 ccmWorkingContext_ptr->HashOperationMode);
219 if (Error != CC_OK)
220 goto End;
221 #endif
222 }
223
224
225 /* Switch to appropriate PKCS1_version */
226 /*-------------------------------------*/
227 switch (PKCS1_ver) {
228 case CC_PKCS1_VER15:
229 ccmWorkingContext_ptr->PKCS1_Version = CC_PKCS1_VER15;
230 break;
231 case CC_PKCS1_VER21:
232 ccmWorkingContext_ptr->PKCS1_Version = CC_PKCS1_VER21;
233 /*Checking restriction of Salt Length ; Hash output size and the mosulus*/
234 if (SaltLen != CC_RSA_VERIFY_SALT_LENGTH_UNKNOWN &&
235 ModulusSizeBytes < (uint32_t)(ccmWorkingContext_ptr->HASH_Result_Size*4 + SaltLen + 2)) {
236 Error = CC_RSA_PSS_ENCODING_MODULUS_HASH_SALT_LENGTHS_ERROR;
237 goto End;
238 }
239 break;
240 default:
241 Error = CC_RSA_PKCS1_VER_ARG_ERROR;
242 goto End;
243 }
244
245 switch (MGF) {
246 case CC_PKCS1_MGF1:
247 case CC_PKCS1_NO_MGF:
248 ccmWorkingContext_ptr->MGF_2use = MGF;
249 break;
250 default:
251 Error = CC_RSA_MGF_ILLEGAL_ARG_ERROR;
252 goto End;
253 }
254
255 /*Copy the RSA Pub key to the context*/
256 CC_PalMemCopy((uint8_t *)&ccmWorkingContext_ptr->PubUserKey,(uint8_t *)UserPubKey_ptr,sizeof(CCRsaUserPubKey_t));
257
258 /*Initial the Salt random length relevant for PKCS#1 Ver2.1*/
259 ccmWorkingContext_ptr->SaltLen = SaltLen;
260
261 /* Initialize the size of the modulus */
262 ccmWorkingContext_ptr->nSizeInBytes = CALC_FULL_BYTES(((CCRsaPubKey_t*)UserPubKey_ptr->PublicKeyDbBuff)->nSizeInBits);
263
264 /* set the RSA tag to the users context */
265 UserContext_ptr->valid_tag = CC_RSA_VERIFY_CONTEXT_VALIDATION_TAG;
266
267 End:
268
269 /* .............. clearing the users context in case of error.......... */
270 /* -------------------------------------------------------------------- */
271 if (Error != CC_OK) {
272 #ifdef USE_MBEDTLS_CRYPTOCELL
273 if(md_info!=NULL){
274 mbedtls_md_free(&ccmWorkingContext_ptr->RsaHashCtx);
275 }
276 #endif
277 CC_PalMemSetZero(UserContext_ptr, sizeof(CCRsaPubUserContext_t));
278 }
279
280 return Error;
281
282
283 }/* END OF CC_RsaVerifyInit */
284
285
286 /**********************************************************************************************************/
287 /**
288 \brief RSA_VerifyUpdate processes the data to be verified
289 in a given context, according to PKCS1 v1.5 and 2.1
290
291 \note RSA_VerifyUpdate can be called multiple times with data
292
293 @param[in] UserContext_ptr - A pointer to the public Context
294 structure of the User.
295 @param[in] DataIn_ptr - A pointer to the data whose signature is
296 to be verified.
297 @param[in] DataInSize - The size, in bytes, of the data whose
298 signature is to be verified.
299
300 @return CCError_t - CC_OK, or error
301 */
302
CC_RsaVerifyUpdate(CCRsaPubUserContext_t * UserContext_ptr,uint8_t * DataIn_ptr,size_t DataInSize)303 CEXPORT_C CCError_t CC_RsaVerifyUpdate(CCRsaPubUserContext_t *UserContext_ptr,
304 uint8_t *DataIn_ptr,
305 size_t DataInSize)
306 {
307 /* FUNCTION DECLERATIONS */
308
309 /* The return error identifier */
310 CCError_t Error = CC_OK;
311 /* defining a pointer to the active context allcated by the CCM */
312 RSAPubContext_t *ccmWorkingContext_ptr;
313
314 /* FUNCTION LOGIC */
315
316 /* extract the RSA context structure */
317 ccmWorkingContext_ptr = (RSAPubContext_t*)UserContext_ptr->context_buff;
318
319 /* ............... checking the parameters validity ................... */
320 /* -------------------------------------------------------------------- */
321
322 /* if the users context pointer is NULL return an error */
323 if (UserContext_ptr == NULL){
324 return CC_RSA_INVALID_USER_CONTEXT_POINTER_ERROR;
325 }
326
327 /* if the users Data In pointer is illegal return an error */
328 if (DataIn_ptr == NULL && DataInSize) {
329 Error = CC_RSA_DATA_POINTER_INVALID_ERROR;
330 goto End;
331 }
332
333 /* if the data size is larger then 2^29 (to prevant an overflow on the transition to bits )
334 return error */
335 if (DataInSize >= (1UL << 29)) {
336 Error = CC_RSA_INVALID_MESSAGE_DATA_SIZE;
337 goto End;
338 }
339
340 /* if the users context TAG is illegal return an error - the context is invalid */
341 if (UserContext_ptr->valid_tag != CC_RSA_VERIFY_CONTEXT_VALIDATION_TAG) {
342 Error = CC_RSA_USER_CONTEXT_VALIDATION_TAG_ERROR;
343 goto End;
344 }
345
346 if (ccmWorkingContext_ptr->doHash) {
347 /*Operate the Hash update function for relevant versions*/
348 #ifdef USE_MBEDTLS_CRYPTOCELL
349 Error = mbedtls_md_update(&ccmWorkingContext_ptr->RsaHashCtx, DataIn_ptr, DataInSize);
350 if (Error != 0)
351 goto End;
352 #else
353 Error = CC_HashUpdate(((CCHashUserContext_t*)(ccmWorkingContext_ptr->RsaHashCtxBuff)),
354 DataIn_ptr,
355 DataInSize );
356 if (Error != CC_OK)
357 goto End;
358 #endif
359 } else {
360 /* DataInSize must fit exactly to the size of Hash output that we support */
361 if (DataInSize != ccmWorkingContext_ptr->HASH_Result_Size*sizeof(uint32_t)) {
362 Error = CC_RSA_INVALID_MESSAGE_DATA_SIZE_IN_SSL_CASE;
363 goto End;
364 }
365 /* Copy the DataIn_ptr to the HashResult in case it is an SSL mode*/
366 CC_PalMemCopy((uint8_t *)ccmWorkingContext_ptr->HASH_Result, DataIn_ptr, DataInSize);
367 }
368
369 End:
370
371 /* ..... clearing the users context in case of error .... */
372 if (Error != CC_OK) {
373 #ifdef USE_MBEDTLS_CRYPTOCELL
374 mbedtls_md_free(&ccmWorkingContext_ptr->RsaHashCtx);
375 #endif
376 CC_PalMemSetZero(UserContext_ptr, sizeof(CCRsaPubUserContext_t));
377 }
378
379 return Error;
380
381 }/* END OF CC_RsaVerifyUpdate */
382
383
384 /**********************************************************************************************************/
385 /**
386
387 \brief RSA_VerifyFinish implements the Finish Phase of the Verify algorithm
388 as defined in PKCS#1 v2.1 or PKCS#1 v1.5
389
390 @param[in] UserContext_ptr - A pointer to the public Context
391 structure of the User.
392 @param[in] Sig_ptr - A pointer to the signature to be verified.
393 The length of the signature is PubKey_ptr->N.len bytes
394 (that is, the size of the modulus, in bytes).
395 @param[in] bIsRawMode - boolean to indicate if the function is used in Raw
396 mode, which means that the structure T to be signed
397 is passed as input (no need to perform hashing)
398 @param[in] DataIn_ptr - Buffer containing the T structure to be signed
399 (possibly the DER encoding of ASN.1 DigestInfo
400 structure as specified in RFC8017 sect. 9.2 notes)
401 @param[in] DataInSize - Size in bytes of the raw input provided in DataIn_ptr
402
403 @return CCError_t - CC_OK, or error
404 */
405
CC_RsaVerifyFinish(CCRsaPubUserContext_t * UserContext_ptr,uint8_t * Sig_ptr,bool bIsRawMode,const uint8_t * DataIn_ptr,size_t DataInSize)406 CEXPORT_C CCError_t CC_RsaVerifyFinish(CCRsaPubUserContext_t *UserContext_ptr,
407 uint8_t *Sig_ptr,
408 bool bIsRawMode,
409 const uint8_t *DataIn_ptr,
410 size_t DataInSize)
411 {
412 /* FUNCTION DECLERATIONS */
413
414 /* The return error identifier */
415 CCError_t Error = CC_OK;
416
417 /* defining a pointer to the active context allcated by the CCM */
418 RSAPubContext_t *ccmWorkingContext_ptr ;
419
420 /*Parameter for the new size of the modulus N in bytes according to PKCS1 Ver 2.1*/
421 uint16_t modSizeBytes; /*rounded number of Bytes for padding2 length*/
422
423 /*Temporary for the N size*/
424 CCRsaPubKey_t *PubKey_ptr;
425
426
427 /* FUNCTION LOGIC */
428
429 /* ................. aquiring the RSA context ............................. */
430 ccmWorkingContext_ptr = (RSAPubContext_t*)UserContext_ptr->context_buff;
431
432 /* ............... checking the parameters validity ................... */
433 /* -------------------------------------------------------------------- */
434
435 /* if the users context pointer is NULL return an error */
436 if (UserContext_ptr == NULL){
437 return CC_RSA_INVALID_USER_CONTEXT_POINTER_ERROR;
438 }
439
440 /* if the users context pointer is NULL return an error */
441 if (Sig_ptr == NULL) {
442 Error = CC_RSA_INVALID_SIGNATURE_BUFFER_POINTER;
443 goto End;
444 }
445
446 /* if the users context TAG is illegal return an error - the context is invalid */
447 if (UserContext_ptr->valid_tag != CC_RSA_VERIFY_CONTEXT_VALIDATION_TAG) {
448 Error = CC_RSA_USER_CONTEXT_VALIDATION_TAG_ERROR;
449 goto End;
450 }
451
452 PubKey_ptr = (CCRsaPubKey_t *)ccmWorkingContext_ptr->PubUserKey.PublicKeyDbBuff;
453 modSizeBytes = (uint16_t)(CALC_FULL_BYTES(PubKey_ptr->nSizeInBits));
454
455 /* execute the RSA encription of formatted sign block */
456 Error = CC_RsaPrimEncrypt(&ccmWorkingContext_ptr->PubUserKey,
457 &ccmWorkingContext_ptr->PrimeData,
458 Sig_ptr,
459 modSizeBytes,
460 (uint8_t*)ccmWorkingContext_ptr->EBD);
461 if (Error != CC_OK)
462 goto End;
463
464 /* Initialize the Effective size in bits of the result */
465 ccmWorkingContext_ptr->EBDSizeInBits = CC_CommonGetBytesCounterEffectiveSizeInBits((uint8_t*)&ccmWorkingContext_ptr->EBD,
466 modSizeBytes);
467 /*Operating the HASH Finish function only in case that Hash operation is needed*/
468 if (ccmWorkingContext_ptr->doHash) {
469 /*Operating the HASH Finish function*/
470 #ifdef USE_MBEDTLS_CRYPTOCELL
471 Error = mbedtls_md_finish(&ccmWorkingContext_ptr->RsaHashCtx,
472 (unsigned char *)ccmWorkingContext_ptr->HASH_Result);
473 if (Error != 0)
474 goto End;
475 #else
476 Error=CC_HashFinish(((CCHashUserContext_t *)(ccmWorkingContext_ptr->RsaHashCtxBuff)),
477 ccmWorkingContext_ptr->HASH_Result);
478 if (Error != CC_OK)
479 goto End;
480 #endif
481 }
482
483 /*-------------------------------------*/
484 /* switch to appropriate PKCS1 Version */
485 /*-------------------------------------*/
486 switch (ccmWorkingContext_ptr->PKCS1_Version) {
487
488 #ifndef _INTERNAL_CC_NO_RSA_SCHEME_21_SUPPORT
489 case CC_PKCS1_VER21:
490 /*Operating the Verify primitive*/
491 Error = RsaPssVerify21(ccmWorkingContext_ptr);
492 if (Error!=CC_OK)
493 goto End;
494 break;
495 #endif
496
497 #ifndef _INTERNAL_CC_NO_RSA_SCHEME_15_SUPPORT
498 case CC_PKCS1_VER15:
499
500 /* Create expected decrypted signature buff. */
501 Error = RsaEmsaPkcs1v15Encode(
502 modSizeBytes,
503 ccmWorkingContext_ptr->HashOperationMode,
504 (uint8_t*)ccmWorkingContext_ptr->HASH_Result,
505 ccmWorkingContext_ptr->HASH_Result_Size*sizeof(uint32_t),
506 (uint8_t*)&ccmWorkingContext_ptr->PrimeData/*expected buff*/,
507 bIsRawMode,
508 DataIn_ptr,
509 DataInSize);
510 if (Error!=CC_OK)
511 goto End;
512
513 /* compare actual and expected values of signature buffer */
514 if (CC_PalMemCmp(&ccmWorkingContext_ptr->PrimeData,
515 (uint8_t*)ccmWorkingContext_ptr->EBD, modSizeBytes)) {
516 Error = CC_RSA_ERROR_VER15_INCONSISTENT_VERIFY;
517 goto End;
518 }
519 break;
520 #endif
521 default:
522 Error = CC_RSA_PKCS1_VER_ARG_ERROR;
523 goto End;
524
525 }/*End of switch()*/
526
527
528 End:
529 #ifdef USE_MBEDTLS_CRYPTOCELL
530 mbedtls_md_free(&ccmWorkingContext_ptr->RsaHashCtx);
531 #endif
532 /* ..... clearing the users context in case of error ..... */
533 CC_PalMemSetZero(UserContext_ptr, sizeof(CCRsaPubUserContext_t));
534
535 return Error;
536
537
538 }/* END OF CC_RsaVerifyFinish */
539
540
541 /**********************************************************************************************************/
542 /**
543 \brief RSA_Verify implements the RSASSA-PKCS1v15 algorithm
544 in a single function as defined in PKCS#1 v2.1 (including v1.5).
545
546 The user can call the function by appropriate macro according to choosen
547 (and allowed) HASH algorithm SHA1, SHA224... (see macros below).
548
549 NOTE: 1. In PSS_Verify v2.1 MD5 is not supported, since it is not recommended
550 by the PKCS#1 ver2.1.
551 2. According to the said standard, implementation of the function
552 for version v1.5 is based on DER encoding of hash algorithm ID.
553
554
555 @param[in] UserContext_ptr - A pointer to the public Context,
556 for the use of the function as a space to work on
557 @param[in] UserPubKey_ptr - A pointer to the public key data
558 structure of the user.
559 @param[in] rsaHashMode - The hash function to be used. Currently
560 avaliable HASH functions: SHA1/SHA-224/256/384/512, MD5
561 (MD5 - allowed only for PKCS#1 v1.5).
562 Also allowed "After" HASH modes for said functions.
563 @param[in] MGF - The mask generation function. only for PKCS#1 v2.1
564 defines MGF1, so the only value allowed for v2.1
565 is CC_PKCS1_MGF1.
566 @param[in] SaltLen - The Length of the Salt buffer. relevant for PKCS#1 Ver 2.1 Only
567 Typical lengths are 0 and hLen (20 for SHA1)
568 The maximum length allowed is NSize - hLen - 2
569 @param[in] DataIn_ptr - A pointer to the data whose signature is
570 to be verified.
571 @param[in] DataInSize - The size, in bytes, of the data whose
572 signature is to be verified.
573 @param[in] Sig_ptr - A pointer to the signature to be verified.
574 The length of the signature is PubKey_ptr->N.len bytes
575 (that is, the size of the modulus, in bytes).
576 @param[in] PKCS1_ver - Ver 1.5 or 2.1, according to the functionality required
577
578 @return CCError_t - CC_OK, or error
579 */
580
CC_RsaVerify(CCRsaPubUserContext_t * UserContext_ptr,CCRsaUserPubKey_t * UserPubKey_ptr,CCRsaHashOpMode_t rsaHashMode,CCPkcs1Mgf_t MGF,size_t SaltLen,uint8_t * DataIn_ptr,size_t DataInSize,uint8_t * Sig_ptr,CCPkcs1Version_t PKCS1_ver)581 CEXPORT_C CCError_t CC_RsaVerify(CCRsaPubUserContext_t *UserContext_ptr,
582 CCRsaUserPubKey_t *UserPubKey_ptr,
583 CCRsaHashOpMode_t rsaHashMode,
584 CCPkcs1Mgf_t MGF,
585 size_t SaltLen,
586 uint8_t *DataIn_ptr,
587 size_t DataInSize,
588 uint8_t *Sig_ptr,
589 CCPkcs1Version_t PKCS1_ver)
590 {
591 /* FUNCTION DECLERATIONS */
592
593 /* The return error identifier */
594 CCError_t Error = CC_OK;
595 bool bIsRawMode = (rsaHashMode == CC_RSA_HASH_NO_HASH_mode) ? true : false;
596 /* FUNCTION LOGIC */
597
598 CHECK_AND_RETURN_ERR_UPON_FIPS_ERROR();
599 /**********************************************************************
600 * RSA_VerifyInit
601 **********************************************************************/
602 Error = CC_RsaVerifyInit(UserContext_ptr,
603 UserPubKey_ptr,
604 rsaHashMode,
605 MGF,
606 SaltLen,
607 PKCS1_ver);
608 if (Error!=CC_OK)
609 return Error;
610 /**********************************************************************
611 * RSA_VerifyUpdate
612 **********************************************************************/
613 if (!bIsRawMode) {
614 Error = CC_RsaVerifyUpdate(UserContext_ptr,
615 DataIn_ptr,
616 DataInSize);
617 if (Error!=CC_OK)
618 return Error;
619 }
620 /**********************************************************************
621 * RSA_VerifyFinish
622 **********************************************************************/
623 Error = CC_RsaVerifyFinish(UserContext_ptr,
624 Sig_ptr,
625 bIsRawMode,
626 DataIn_ptr,
627 DataInSize);
628 return Error;
629
630 }/* END OF CC_RsaVerify */
631
632 #endif /*_INTERNAL_CC_NO_RSA_VERIFY_SUPPORT*/
633 #endif /* !defined(CC_IOT) || ( defined(CC_IOT) && defined(MBEDTLS_RSA_C)) */
634
