1 /* 2 * Copyright (c) 2001-2022, Arm Limited and Contributors. All rights reserved. 3 * 4 * SPDX-License-Identifier: BSD-3-Clause 5 */ 6 7 #ifndef _CC_RSA_SCHEMES_H 8 #define _CC_RSA_SCHEMES_H 9 10 #ifdef CC_IOT 11 #include "mbedtls/build_info.h" 12 #endif 13 14 #if !defined(CC_IOT) || ( defined(CC_IOT) && defined(MBEDTLS_RSA_C)) 15 16 #include "cc_error.h" 17 #include "cc_rsa_types.h" 18 #include "cc_rnd_common.h" 19 20 #ifdef __cplusplus 21 extern "C" 22 { 23 #endif 24 25 /*! 26 @file 27 @brief This file defines APIs that support Public-Key Cryptography Standards (PKCS) #1: RSA Encryption Standard Version 1.5 28 and Public-Key Cryptography Standards (PKCS) #1 RSA Cryptography Specifications Version 2.1 encryption and signature schemes. 29 @defgroup cc_rsa_schemes CryptoCell RSA encryption and signature schemes 30 @{ 31 @ingroup cc_rsa 32 */ 33 34 /**********************************************************************************************************/ 35 /*! 36 @brief This function implements the Encrypt algorithm, as defined in Public-Key Cryptography Standards (PKCS) #1 RSA Cryptography Specifications 37 Version 2.1 and Public-Key Cryptography Standards (PKCS) #1: RSA Encryption Standard Version 1.5. 38 39 It should not be called directly. Instead, use macros ::CC_RsaOaepEncrypt or ::CC_RsaPkcs1V15Encrypt. 40 41 @return CC_OK on success. 42 @return A non-zero value from cc_rsa_error.h, cc_rnd_error.h or cc_hash_error.h on failure. 43 */ 44 CIMPORT_C CCError_t CC_RsaSchemesEncrypt( 45 CCRndContext_t *rndContext_ptr, /*!< [in/out] Pointer to the RND context buffer. */ 46 CCRsaUserPubKey_t *UserPubKey_ptr, /*!< [in] Pointer to the public key data structure. */ 47 CCRsaPrimeData_t *PrimeData_ptr, /*!< [in] Pointer to a temporary structure that is internally used as workspace for the 48 Encryption operation. */ 49 CCRsaHashOpMode_t hashFunc, /*!< [in] The HASH function to be used. One of the supported SHA-x HASH modes, as defined 50 in ::CCRsaHashOpMode_t (MD5 is not supported).*/ 51 uint8_t *L, /*!< [in] The label input pointer. Relevant for Public-Key Cryptography Standards (PKCS) #1 RSA 52 Cryptography Specifications Version 2.1 only. NULL by default. 53 NULL for Public-Key Cryptography Standards (PKCS) #1: RSA Encryption Standard Version 1.5. */ 54 size_t Llen, /*!< [in] The label length. Relevant for Public-Key Cryptography Standards (PKCS) #1 RSA Cryptography 55 Specifications Version 2.1 only. Zero by default. Must be <=2048. Zero for Public-Key Cryptography 56 Standards (PKCS) #1: RSA Encryption Standard Version 1.5. */ 57 CCPkcs1Mgf_t MGF, /*!< [in] The mask generation function. [PKCS1_2.1] defines MGF1, so the only value 58 allowed here is CC_PKCS1_MGF1. */ 59 uint8_t *DataIn_ptr, /*!< [in] Pointer to the data to encrypt. */ 60 size_t DataInSize, /*!< [in] The size (in bytes) of the data to encrypt. The data size must be: 61 <ul><li>For Public-Key Cryptography Standards (PKCS) #1 RSA Cryptography Specifications 62 Version 2.1, DataSize <= modulus size - 2*HashLen - 2.</li> 63 <li>For Public-Key Cryptography Standards (PKCS) #1: RSA Encryption Standard Version 1.5, 64 DataSize <= modulus size - 11.</li></ul> */ 65 uint8_t *Output_ptr, /*!< [out] Pointer to the encrypted data. The buffer must be at least modulus size bytes long. */ 66 CCPkcs1Version_t PKCS1_ver /*!< [in] Public-Key Cryptography Standards (PKCS) #1: RSA Encryption Standard Version 1.5 or 67 Public-Key Cryptography Standards (PKCS) #1 RSA Cryptography Specifications Version 2.1, 68 according to the functionality required. */ 69 ); 70 71 /*! 72 @brief CC_RsaOaepEncrypt implements the RSAES-OAEP algorithm 73 as defined in section 8.1 of Public-Key Cryptography Standards (PKCS) #1 RSA Cryptography Specifications Version 2.1. 74 75 \note It is not recommended to use hash MD5 in Public-Key Cryptography Standards (PKCS) #1 RSA Cryptography 76 Specifications Version 2.1, therefore it is not supported. 77 78 This function combines the RSA encryption primitive and the 79 EME-OAEP encoding method, to provide an RSA-based encryption 80 method that is semantically secure against adaptive 81 chosen-ciphertext attacks. For additional details, see Public-Key Cryptography Standards 82 (PKCS) #1 RSA Cryptography Specifications Version 2.1. 83 */ 84 #define CC_RsaOaepEncrypt(rndContext_ptr, UserPubKey_ptr,PrimeData_ptr,HashMode,L,Llen,MGF,Data_ptr,DataSize,Output_ptr)\ 85 CC_RsaSchemesEncrypt(rndContext_ptr, UserPubKey_ptr,PrimeData_ptr,HashMode,L,Llen,MGF,Data_ptr,DataSize,Output_ptr,CC_PKCS1_VER21) 86 87 /*! 88 @brief 89 CC_RsaPkcs1V15Encrypt implements the RSAES-PKCS1v15 algorithm 90 as defined in section 8.2 of Public-Key Cryptography Standards (PKCS) #1 RSA Cryptography Specifications Version 2.1. 91 */ 92 #define CC_RsaPkcs1V15Encrypt(rndContext_ptr, UserPubKey_ptr,PrimeData_ptr,DataIn_ptr,DataInSize,Output_ptr)\ 93 CC_RsaSchemesEncrypt(rndContext_ptr, UserPubKey_ptr,PrimeData_ptr,CC_RSA_HASH_NO_HASH_mode,NULL,0,CC_PKCS1_NO_MGF,DataIn_ptr,DataInSize, Output_ptr,CC_PKCS1_VER15) 94 95 96 /**********************************************************************************************************/ 97 /*! 98 @brief This function implements the Decrypt algorithm, as defined in Public-Key Cryptography Standards (PKCS) #1 RSA Cryptography Specifications Version 2.1 and 99 Public-Key Cryptography Standards (PKCS) #1: RSA Encryption Standard Version 1.5. 100 101 It should not be called directly. Instead, use macros ::CC_RsaOaepDecrypt or ::CC_RsaPkcs1V15Decrypt. 102 103 @return CC_OK on success. 104 @return A non-zero value from cc_rsa_error.h or cc_hash_error.h on failure. 105 */ 106 CIMPORT_C CCError_t CC_RsaSchemesDecrypt( 107 CCRsaUserPrivKey_t *UserPrivKey_ptr, /*!< [in] Pointer to the private-key data structure of the user. */ 108 CCRsaPrimeData_t *PrimeData_ptr, /*!< [in] Pointer to a temporary structure that is internally used as workspace 109 for the decryption operation. */ 110 CCRsaHashOpMode_t hashFunc, /*!< [in] The HASH function to be used. One of the supported SHA-x HASH modes, 111 as defined in ::CCRsaHashOpMode_t (MD5 is not supported). */ 112 uint8_t *L, /*!< [in] The label input pointer. Relevant for Public-Key Cryptography Standards (PKCS) #1 113 RSA Cryptography Specifications Version 2.1 only. NULL by default. 114 NULL for Public-Key Cryptography Standards (PKCS) #1: RSA Encryption Standard 115 Version 1.5. */ 116 size_t Llen, /*!< [in] The label length. Relevant for Public-Key Cryptography Standards (PKCS) #1 RSA 117 Cryptography Specifications Version 2.1 only. Zero by default. 118 Zero for Public-Key Cryptography Standards (PKCS) #1: RSA Encryption Standard 119 Version 1.5. */ 120 CCPkcs1Mgf_t MGF, /*!< [in] The mask generation function. Public-Key Cryptography Standards (PKCS) #1 RSA Cryptography 121 Specifications Version 2.1 defines MGF1, so the only 122 value allowed here is CC_PKCS1_MGF1. */ 123 uint8_t *DataIn_ptr, /*!< [in] Pointer to the data to decrypt. */ 124 size_t DataInSize, /*!< [in] The size (in bytes) of the data to decrypt. DataSize must be ≤ 125 the modulus size. */ 126 uint8_t *Output_ptr, /*!< [in] Pointer to the decrypted data. The buffer must be at least 127 PrivKey_ptr->N.len bytes long (i.e. the modulus size in bytes). */ 128 size_t *OutputSize_ptr, /*!< [in] Pointer to the byte size of the buffer pointed to by Output_buffer. 129 The size must be: 130 <ul><li> For Public-Key Cryptography Standards (PKCS) #1 RSA Cryptography Specifications 131 Version 2.1: Modulus size > OutputSize >= (modulus size - 2*HashLen - 2).</li> 132 <li> For Public-Key Cryptography Standards (PKCS) #1: RSA Encryption Standard Version 1.5: 133 Modulus size > OutputSize >= (modulus size - 11). 134 The value pointed by OutputSize_ptr is updated after decryption with 135 the actual number of bytes that are loaded to Output_ptr.</li></ul> */ 136 CCPkcs1Version_t PKCS1_ver /*!< [in] Public-Key Cryptography Standards (PKCS) #1: RSA Encryption Standard Version 1.5 or 137 Public-Key Cryptography Standards (PKCS) #1 RSA Cryptography Specifications Version 2.1, 138 according to the functionality required. */ 139 ); 140 141 /**********************************************************************************************************/ 142 /** 143 @brief CC_RsaOaepDecrypt implements the RSAES-OAEP algorithm 144 as section 8.1 of Public-Key Cryptography Standards (PKCS) #1 RSA Cryptography Specifications Version 2.1. 145 146 \note It is not recommended to use hash MD5 in Public-Key Cryptography Standards (PKCS) #1 RSA Cryptography 147 Specifications Version 2.1, therefore it is not supported. 148 149 This function combines the RSA decryption primitive and the 150 EME-OAEP encoding method, to provide an RSA-based decryption 151 method that is semantically secure against adaptive 152 chosen-ciphertext attacks. For more details, see Public-Key Cryptography Standards 153 (PKCS) #1 RSA Cryptography Specifications Version 2.1. 154 155 */ 156 #define CC_RsaOaepDecrypt(UserPrivKey_ptr,PrimeData_ptr,HashMode,L,Llen,MGF,Data_ptr,DataSize,Output_ptr,OutputSize_ptr)\ 157 CC_RsaSchemesDecrypt(UserPrivKey_ptr,PrimeData_ptr,HashMode,L,Llen,MGF,Data_ptr,DataSize,Output_ptr,OutputSize_ptr,CC_PKCS1_VER21) 158 159 160 /** 161 @brief CC_RsaPkcs1V15Decrypt implements the RSAES-PKCS1v15 algorithm as defined 162 in PKCS#1 v2.1 8.2. 163 */ 164 #define CC_RsaPkcs1V15Decrypt(UserPrivKey_ptr,PrimeData_ptr,DataIn_ptr,DataInSize,Output_ptr,OutputSize_ptr)\ 165 CC_RsaSchemesDecrypt(UserPrivKey_ptr,PrimeData_ptr,CC_RSA_HASH_NO_HASH_mode,NULL,0,CC_PKCS1_NO_MGF,DataIn_ptr,DataInSize,Output_ptr,OutputSize_ptr,CC_PKCS1_VER15) 166 167 /**********************************************************************************************************/ 168 /*! 169 @brief Implements the Signing algorithm, as defined in Public-Key Cryptography Standards (PKCS) #1: RSA Encryption Standard Version 1.5 170 or Public-Key Cryptography Standards (PKCS) #1 RSA Cryptography Specifications Version 2.1, using a single function. 171 172 The input data may be either a non-hashed data or a digest of a hash function. 173 For a non-hashed data, the input data will be hashed using the hash function indicated by ::CCRsaHashOpMode_t. 174 For a digest, ::CCRsaHashOpMode_t should indicate the hash function that the input data was created by, and it will not be hashed. 175 176 @return CC_OK on success. 177 @return A non-zero value from cc_rsa_error.h, cc_rnd_error.h or cc_hash_error.h on failure. 178 */ 179 CIMPORT_C CCError_t CC_RsaSign( 180 CCRndContext_t *rndContext_ptr, /*!< [in/out] Pointer to the RND context buffer. */ 181 CCRsaPrivUserContext_t *UserContext_ptr, /*!< [in] Pointer to a temporary context for internal use. */ 182 CCRsaUserPrivKey_t *UserPrivKey_ptr, /*!< [in] Pointer to the private-key data structure of the user. 183 The representation (pair or quintuple) and hence the algorithm (CRT or not CRT) 184 is determined by the Private Key build function - 185 ::CC_RsaPrivKeyBuild or ::CC_RsaPrivKeyCrtBuild. */ 186 CCRsaHashOpMode_t rsaHashMode, /*!< [in] One of the supported SHA-x HASH modes, as defined in ::CCRsaHashOpMode_t. 187 (MD5 is not supported). */ 188 CCPkcs1Mgf_t MGF, /*!< [in] The mask generation function. Public-Key Cryptography Standards (PKCS) #1 RSA Cryptography Specifications 189 Version 2.1 defines only MGF1, so the only value allowed for it is CC_PKCS1_MGF1. */ 190 size_t SaltLen, /*!< [in] The Length of the Salt buffer (relevant for Public-Key Cryptography Standards (PKCS) #1 RSA Cryptography 191 Specifications Version 2.1 only, typically lengths is 0 or hash Len). 192 FIPS Publication 186-4: Digital Signature Standard (DSS) requires, that SaltLen <= hash len. 193 If SaltLen > KeySize - hash Len - 2, the function returns an error. */ 194 uint8_t *DataIn_ptr, /*!< [in] Pointer to the input data to be signed. 195 The size of the scatter/gather list representing the data buffer is limited to 128 196 entries, and the size of each entry is limited to 64KB (fragments larger than 197 64KB are broken into fragments <= 64KB). */ 198 size_t DataInSize, /*!< [in] The size (in bytes) of the data to sign. */ 199 uint8_t *Output_ptr, /*!< [out] Pointer to the signature. The buffer must be at least PrivKey_ptr->N.len bytes 200 long (i.e. the modulus size in bytes). */ 201 size_t *OutputSize_ptr, /*!< [in/out] Pointer to the signature size value - the input value is the signature 202 buffer size allocated, the output value is the signature size used. 203 he buffer must be equal to PrivKey_ptr->N.len bytes long 204 (i.e. the modulus size in bytes). */ 205 CCPkcs1Version_t PKCS1_ver /*!< [in] Public-Key Cryptography Standards (PKCS) #1: RSA Encryption Standard Version 1.5 or Public-Key Cryptography 206 Standards (PKCS) #1 RSA Cryptography Specifications Version 2.1, according to the functionality required. */ 207 ); 208 209 210 /*! 211 @brief CC_RsaPkcs1V15Sign implements the RSASSA-PKCS1v15 algorithm as defined in Public-Key Cryptography Standards (PKCS) #1: 212 RSA Encryption Standard Version 1.5. 213 214 This function combines the RSASP1 signature primitive and the EMSA-PKCS1v15 encoding method, to provide an RSA-based signature scheme. 215 For more details, see Public-Key Cryptography Standards (PKCS) #1: RSA Encryption Standard Version 1.5. 216 */ 217 218 #define CC_RsaPkcs1V15Sign(rndContext_ptr, UserContext_ptr,UserPrivKey_ptr,hashFunc,DataIn_ptr,DataInSize,Output_ptr,OutputSize_ptr)\ 219 CC_RsaSign(rndContext_ptr, (UserContext_ptr),(UserPrivKey_ptr),(hashFunc),(CC_PKCS1_NO_MGF),0,(DataIn_ptr),(DataInSize),(Output_ptr),(OutputSize_ptr),CC_PKCS1_VER15) 220 221 222 /*! 223 @brief CC_RsaPkcs1V15Sha1Sign implements the RSASSA-PKCS1v15 algorithm as defined in Public-Key Cryptography Standards 224 (PKCS) #1: RSA Encryption Standard Version 1.5, but without performing a HASH function - 225 it assumes that the data in has already been hashed using SHA-1. 226 227 \note The data_in size is already known after the Hash. 228 */ 229 #define CC_RsaPkcs1V15Sha1Sign(rndContext_ptr, UserContext_ptr,UserPrivKey_ptr,DataIn_ptr,Output_ptr,OutputSize_ptr)\ 230 CC_RsaSign(rndContext_ptr, (UserContext_ptr),(UserPrivKey_ptr),(CC_RSA_After_SHA1_mode),(CC_PKCS1_NO_MGF),0,(DataIn_ptr),CC_HASH_SHA1_DIGEST_SIZE_IN_BYTES,(Output_ptr),(OutputSize_ptr),CC_PKCS1_VER15) 231 232 /*! 233 @brief CC_RsaPkcs1V15Md5Sign implements the RSASSA-PKCS1v15 algorithm as defined in Public-Key Cryptography Standards (PKCS) #1: 234 RSA Encryption Standard Version 1.5, but without performing a HASH function - it assumes that the data in has already been 235 hashed using MD5. 236 237 \note The data_in size is already known after the Hash. 238 */ 239 240 #define CC_RsaPkcs1V15Md5Sign(rndContext_ptr, UserContext_ptr,UserPrivKey_ptr,DataIn_ptr,Output_ptr,OutputSize_ptr)\ 241 CC_RsaSign(rndContext_ptr, (UserContext_ptr),(UserPrivKey_ptr),CC_RSA_After_MD5_mode,CC_PKCS1_NO_MGF,0,(DataIn_ptr),CC_HASH_MD5_DIGEST_SIZE_IN_BYTES,(Output_ptr),(OutputSize_ptr),CC_PKCS1_VER15) 242 243 244 /*! 245 @brief CC_RsaPkcs1V15Sha224Sign implements the RSASSA-PKCS1v15 algorithm as defined in Public-Key Cryptography Standards (PKCS) #1: RSA Encryption 246 Standard Version 1.5, but without performing a HASH function - 247 it assumes that the data in has already been hashed using SHA-224. 248 249 \note The data_in size is already known after the Hash. 250 */ 251 #define CC_RsaPkcs1V15Sha224Sign(rndContext_ptr, UserContext_ptr,UserPrivKey_ptr,DataIn_ptr,Output_ptr,OutputSize_ptr)\ 252 CC_RsaSign(rndContext_ptr, (UserContext_ptr),(UserPrivKey_ptr),(CC_RSA_After_SHA224_mode),(CC_PKCS1_NO_MGF),0,(DataIn_ptr),CC_HASH_SHA224_DIGEST_SIZE_IN_BYTES,(Output_ptr),(OutputSize_ptr),CC_PKCS1_VER15) 253 254 255 /*! 256 @brief CC_RsaPkcs1V15Sha256Sign implements the RSASSA-PKCS1v15 algorithm as defined in Public-Key Cryptography Standards (PKCS) #1: RSA Encryption 257 Standard Version 1.5, but without performing a HASH function - 258 it assumes that the data in has already been hashed using SHA-256. 259 260 \note The data_in size is already known after the Hash. 261 */ 262 #define CC_RsaPkcs1V15Sha256Sign(rndContext_ptr, UserContext_ptr,UserPrivKey_ptr,DataIn_ptr,Output_ptr,OutputSize_ptr)\ 263 CC_RsaSign(rndContext_ptr, (UserContext_ptr),(UserPrivKey_ptr),(CC_RSA_After_SHA256_mode),(CC_PKCS1_NO_MGF),0,(DataIn_ptr),CC_HASH_SHA256_DIGEST_SIZE_IN_BYTES,(Output_ptr),(OutputSize_ptr),CC_PKCS1_VER15) 264 265 /*! 266 @brief CC_RsaPkcs1V15Sha1Sign implements the RSASSA-PKCS1v15 algorithm as defined in Public-Key Cryptography Standards (PKCS) #1: RSA Encryption 267 Standard Version 1.5, but without performing a HASH function - 268 it assumes that the data in has already been hashed using SHA-384. 269 270 \note The data_in size is already known after the Hash. 271 */ 272 #define CC_RsaPkcs1V15Sha384Sign(rndContext_ptr, UserContext_ptr,UserPrivKey_ptr,DataIn_ptr,Output_ptr,OutputSize_ptr)\ 273 CC_RsaSign(rndContext_ptr, (UserContext_ptr),(UserPrivKey_ptr),(CC_RSA_After_SHA384_mode),(CC_PKCS1_NO_MGF),0,(DataIn_ptr),CC_HASH_SHA384_DIGEST_SIZE_IN_BYTES,(Output_ptr),(OutputSize_ptr),CC_PKCS1_VER15) 274 275 276 /*! 277 @brief CC_RsaPkcs1V15Sha512Sign implements the RSASSA-PKCS1v15 algorithm as defined in Public-Key Cryptography Standards (PKCS) #1: RSA Encryption 278 Standard Version 1.5, but without performing a HASH function - it assumes that the data in has already been hashed using SHA-512. 279 280 \note The data_in size is already known after the Hash. 281 */ 282 #define CC_RsaPkcs1V15Sha512Sign(rndContext_ptr, UserContext_ptr,UserPrivKey_ptr,DataIn_ptr,Output_ptr,OutputSize_ptr)\ 283 CC_RsaSign(rndContext_ptr, (UserContext_ptr),(UserPrivKey_ptr),(CC_RSA_After_SHA512_mode),(CC_PKCS1_NO_MGF),0,(DataIn_ptr),CC_HASH_SHA512_DIGEST_SIZE_IN_BYTES,(Output_ptr),(OutputSize_ptr),CC_PKCS1_VER15) 284 285 286 287 /*! 288 @brief CC_RsaPssSign implements the RSASSA-PSS algorithm as defined in section 9.1 of Public-Key Cryptography Standards (PKCS) #1 RSA Cryptography Specifications 289 Version 2.1, in a single function call. 290 291 \note According to the Public-Key Cryptography Standards (PKCS) #1 RSA Cryptography Specifications Version 2.1 it is not recommended to use MD5 Hash, 292 therefore it is not supported. 293 294 The actual macro that is used by the user is ::CC_RsaPssSign. 295 */ 296 297 #define CC_RsaPssSign(rndContext_ptr, UserContext_ptr,UserPrivKey_ptr,hashFunc,MGF,SaltLen,DataIn_ptr,DataInSize,Output_ptr,OutputSize_ptr)\ 298 CC_RsaSign(rndContext_ptr, UserContext_ptr,UserPrivKey_ptr,hashFunc,MGF,SaltLen,DataIn_ptr,DataInSize,Output_ptr,OutputSize_ptr,CC_PKCS1_VER21) 299 300 301 /*! 302 @brief CC_RsaPssSha1Sign implements the RSASSA-PSS algorithm as defined in section 9.1 of Public-Key Cryptography Standards (PKCS) #1 303 RSA Cryptography Specifications Version 2.1 in a single function call, but without performing a HASH function - 304 it assumes that the data in has already been hashed using SHA-1. 305 306 \note The data_in size is already known after the Hash. 307 308 The actual macro that is used by the users is ::CC_RsaPssSha1Sign. 309 */ 310 311 #define CC_RsaPssSha1Sign(rndContext_ptr, UserContext_ptr,UserPrivKey_ptr,MGF,SaltLen,DataIn_ptr,Output_ptr,OutputSize_ptr)\ 312 CC_RsaSign(rndContext_ptr, UserContext_ptr,UserPrivKey_ptr,CC_RSA_After_SHA1_mode,MGF,SaltLen,DataIn_ptr,CC_HASH_SHA1_DIGEST_SIZE_IN_BYTES,Output_ptr,OutputSize_ptr,CC_PKCS1_VER21) 313 314 315 /*! 316 @brief CC_RsaPssSha224Sign implements the RSASSA-PSS algorithm as defined in section 9.1 of Public-Key Cryptography Standards (PKCS) #1 RSA Cryptography Specifications 317 Version 2.1 in a single function call, but without performing a HASH function - 318 it assumes that the data in has already been hashed using SHA-224. 319 320 \note The data_in size is already known after the Hash. 321 322 The actual macro that is used by the users is ::CC_RsaPssSha224Sign. 323 */ 324 325 #define CC_RsaPssSha224Sign(rndContext_ptr, UserContext_ptr,UserPrivKey_ptr,MGF,SaltLen,DataIn_ptr,Output_ptr,OutputSize_ptr)\ 326 CC_RsaSign(rndContext_ptr, UserContext_ptr,UserPrivKey_ptr,CC_RSA_After_SHA224_mode,MGF,SaltLen,DataIn_ptr,CC_HASH_SHA224_DIGEST_SIZE_IN_BYTES,Output_ptr,OutputSize_ptr,CC_PKCS1_VER21) 327 328 329 /*! 330 @brief CC_RsaPssSha256Sign implements the RSASSA-PSS algorithm as defined in section 9.1 of Public-Key Cryptography Standards (PKCS) #1 RSA Cryptography Specifications 331 Version 2.1 in a single function call, but without performing a HASH function - 332 it assumes that the data in has already been hashed using SHA-256. 333 334 \note The data_in size is already known after the Hash. 335 336 The actual macro that is used by the users is ::CC_RsaPssSha256Sign. 337 */ 338 339 #define CC_RsaPssSha256Sign(rndContext_ptr, UserContext_ptr,UserPrivKey_ptr,MGF,SaltLen,DataIn_ptr,Output_ptr,OutputSize_ptr)\ 340 CC_RsaSign(rndContext_ptr, UserContext_ptr,UserPrivKey_ptr,CC_RSA_After_SHA256_mode,MGF,SaltLen,DataIn_ptr,CC_HASH_SHA256_DIGEST_SIZE_IN_BYTES,Output_ptr,OutputSize_ptr,CC_PKCS1_VER21) 341 342 343 /*! 344 @brief CC_RsaPssSha384Sign implements the RSASSA-PSS algorithm as defined in section 9.1 of Public-Key Cryptography Standards (PKCS) #1 RSA Cryptography Specifications 345 Version 2.1 in a single function call, but without performing a HASH function - 346 it assumes that the data in has already been hashed using SHA-384. 347 348 \note The data_in size is already known after the Hash. 349 350 The actual macro that is used by the users is ::CC_RsaPssSha384Sign. 351 */ 352 353 #define CC_RsaPssSha384Sign(rndContext_ptr, UserContext_ptr,UserPrivKey_ptr,MGF,SaltLen,DataIn_ptr,Output_ptr,OutputSize_ptr)\ 354 CC_RsaSign(rndContext_ptr, UserContext_ptr,UserPrivKey_ptr,CC_RSA_After_SHA384_mode,MGF,SaltLen,DataIn_ptr,CC_HASH_SHA384_DIGEST_SIZE_IN_BYTES,Output_ptr,OutputSize_ptr,CC_PKCS1_VER21) 355 356 357 /*! 358 @brief CC_RsaPssSha512Sign implements the RSASSA-PSS algorithm as defined in section 9.1 of Public-Key Cryptography Standards (PKCS) #1 RSA Cryptography Specifications 359 Version 2.1 in a single function call, but without performing a HASH function - 360 it assumes that the data in has already been hashed using SHA-512. 361 362 \note The data_in size is already known after the Hash. 363 364 The actual macro that is used by the users is ::CC_RsaPssSha512Sign. 365 */ 366 367 #define CC_RsaPssSha512Sign(rndContext_ptr, UserContext_ptr,UserPrivKey_ptr,MGF,SaltLen,DataIn_ptr,Output_ptr,OutputSize_ptr)\ 368 CC_RsaSign(rndContext_ptr, UserContext_ptr,UserPrivKey_ptr,CC_RSA_After_SHA512_mode,MGF,SaltLen,DataIn_ptr,CC_HASH_SHA512_DIGEST_SIZE_IN_BYTES,Output_ptr,OutputSize_ptr,CC_PKCS1_VER21) 369 370 371 /**********************************************************************************************************/ 372 /*! 373 @brief Implements the RSA signature verification algorithms, in a single function call, as defined in Public-Key Cryptography Standards (PKCS) #1: RSA Encryption 374 Standard Version 1.5 and in Public-Key Cryptography Standards (PKCS) #1 RSA Cryptography Specifications Version 2.1. 375 376 The input data may be either a non-hashed data or a digest of a hash function. 377 For a non-hashed data, the input data will be hashed using the hash function indicated by ::CCRsaHashOpMode_t. 378 For a digest, ::CCRsaHashOpMode_t should indicate the hash function that the input data was created by, and it will not be hashed. 379 380 @return CC_OK on success. 381 @return A non-zero value from cc_rsa_error.h or cc_hash_error.h on failure. 382 */ 383 384 CIMPORT_C CCError_t CC_RsaVerify( 385 CCRsaPubUserContext_t *UserContext_ptr, /*!< [in] Pointer to a temporary context for internal use. */ 386 CCRsaUserPubKey_t *UserPubKey_ptr, /*!< [in] Pointer to the public key data structure of the user. */ 387 CCRsaHashOpMode_t rsaHashMode, /*!< [in] One of the supported SHA-x HASH modes, as defined in ::CCRsaHashOpMode_t. 388 (MD5 is not supported). */ 389 CCPkcs1Mgf_t MGF, /*!< [in] The mask generation function. Public-Key Cryptography Standards (PKCS) #1 RSA 390 Cryptography Specifications Version 2.1 defines only MGF1, so the only 391 value allowed for it is CC_PKCS1_MGF1. */ 392 size_t SaltLen, /*!< [in] The Length of the Salt buffer. Relevant only for Public-Key Cryptography Standards 393 (PKCS) #1 RSA Cryptography Specifications Version 2.1. 394 Typical lengths are 0 or hash Len (20 for SHA-1). 395 The maximum length allowed is [modulus size - hash Len - 2]. */ 396 uint8_t *DataIn_ptr, /*!< [in] Pointer to the input data to be verified. 397 The size of the scatter/gather list representing the data buffer is 398 limited to 128 entries, and the size of each entry is limited to 64KB 399 (fragments larger than 64KB are broken into fragments <= 64KB). */ 400 size_t DataInSize, /*!< [in] The size (in bytes) of the data whose signature is to be verified. */ 401 uint8_t *Sig_ptr, /*!< [in] Pointer to the signature to be verified. 402 The length of the signature is PubKey_ptr->N.len bytes 403 (i.e. the modulus size in bytes). */ 404 CCPkcs1Version_t PKCS1_ver /*!< [in] Public-Key Cryptography Standards (PKCS) #1: RSA Encryption Standard Version 1.5 or 405 Public-Key Cryptography Standards (PKCS) #1 RSA Cryptography Specifications Version 406 2.1, according to the functionality required. */ 407 ); 408 /*! 409 @brief CRYS_RSA_PKCS1v15_Verify implements the Public-Key Cryptography Standards (PKCS) #1: RSA Encryption 410 Standard Version 1.5 Verify algorithm. 411 */ 412 #define CC_RsaPkcs1V15Verify(UserContext_ptr,UserPubKey_ptr,hashFunc,DataIn_ptr,DataInSize,Sig_ptr)\ 413 CC_RsaVerify(UserContext_ptr,UserPubKey_ptr,hashFunc,CC_PKCS1_NO_MGF,0,DataIn_ptr,DataInSize,Sig_ptr,CC_PKCS1_VER15) 414 415 416 /*! 417 @brief CC_RsaPkcs1V15Md5Verify implements the RSASSA-PKCS1v15 Verify algorithm as defined in PKCS#1 v1.5, but without operating the HASH function - 418 it assumes the DataIn_ptr data has already been hashed using MD5. 419 */ 420 421 #define CC_RsaPkcs1V15Md5Verify(UserContext_ptr,UserPubKey_ptr,DataIn_ptr,Sig_ptr)\ 422 CC_RsaVerify(UserContext_ptr,UserPubKey_ptr,CC_RSA_After_MD5_mode,CC_PKCS1_NO_MGF,0,DataIn_ptr,CC_HASH_MD5_DIGEST_SIZE_IN_BYTES,Sig_ptr,CC_PKCS1_VER15) 423 424 425 /*! 426 @brief CC_RsaPkcs1V15Sha1Verify implements the RSASSA-PKCS1v15 Verify algorithm as defined in PKCS#1 v1.5, but without operating the HASH function - 427 it assumes that the DataIn_ptr data has already been hashed using SHA1. 428 429 */ 430 #define CC_RsaPkcs1V15Sha1Verify(UserContext_ptr,UserPubKey_ptr,DataIn_ptr,Sig_ptr)\ 431 CC_RsaVerify(UserContext_ptr,UserPubKey_ptr,CC_RSA_After_SHA1_mode,CC_PKCS1_NO_MGF,0,DataIn_ptr,CC_HASH_SHA1_DIGEST_SIZE_IN_BYTES,Sig_ptr,CC_PKCS1_VER15) 432 433 /*! 434 @brief CC_RsaPkcs1V15Sha224Verify implements the RSASSA-PKCS1v15 Verify algorithm as defined in PKCS#1 v1.5, but without operating the HASH function - 435 it assumes that the DataIn_ptr data has already been hashed using SHA224. 436 437 */ 438 #define CC_RsaPkcs1V15Sha224Verify(UserContext_ptr,UserPubKey_ptr,DataIn_ptr,Sig_ptr)\ 439 CC_RsaVerify(UserContext_ptr,UserPubKey_ptr,CC_RSA_After_SHA224_mode,CC_PKCS1_NO_MGF,0,DataIn_ptr,CC_HASH_SHA224_DIGEST_SIZE_IN_BYTES,Sig_ptr,CC_PKCS1_VER15) 440 441 /*! 442 @brief CC_RsaPkcs1V15Sha256Verify implements the RSASSA-PKCS1v15 Verify algorithm as defined in PKCS#1 v1.5, but without operating the HASH function - 443 it assumes that the DataIn_ptr data has already been hashed using SHA256. 444 445 */ 446 #define CC_RsaPkcs1V15Sha256Verify(UserContext_ptr,UserPubKey_ptr,DataIn_ptr,Sig_ptr)\ 447 CC_RsaVerify(UserContext_ptr,UserPubKey_ptr,CC_RSA_After_SHA256_mode,CC_PKCS1_NO_MGF,0,DataIn_ptr,CC_HASH_SHA256_DIGEST_SIZE_IN_BYTES,Sig_ptr,CC_PKCS1_VER15) 448 449 /*! 450 @brief CC_RsaPkcs1V15Sha384Verify implements the RSASSA-PKCS1v15 Verify algorithm as defined in PKCS#1 v1.5, but without operating the HASH function - 451 it assumes that the DataIn_ptr data has already been hashed using SHA384. 452 453 */ 454 #define CC_RsaPkcs1V15Sha384Verify(UserContext_ptr,UserPubKey_ptr,DataIn_ptr,Sig_ptr)\ 455 CC_RsaVerify(UserContext_ptr,UserPubKey_ptr,CC_RSA_After_SHA384_mode,CC_PKCS1_NO_MGF,0,DataIn_ptr,CC_HASH_SHA384_DIGEST_SIZE_IN_BYTES,Sig_ptr,CC_PKCS1_VER15) 456 457 /*! 458 @brief CC_RsaPkcs1V15Sha512Verify implements the RSASSA-PKCS1v15 Verify algorithm as defined in PKCS#1 v1.5, but without operating the HASH function - 459 it assumes that the DataIn_ptr data has already been hashed using SHA512. 460 461 */ 462 #define CC_RsaPkcs1V15Sha512Verify(UserContext_ptr,UserPubKey_ptr,DataIn_ptr,Sig_ptr)\ 463 CC_RsaVerify(UserContext_ptr,UserPubKey_ptr,CC_RSA_After_SHA512_mode,CC_PKCS1_NO_MGF,0,DataIn_ptr,CC_HASH_SHA512_DIGEST_SIZE_IN_BYTES,Sig_ptr,CC_PKCS1_VER15) 464 465 /*! 466 @brief CC_RsaPssVerify implements the RSASSA-PKCS1v21 Verify algorithm as defined in PKCS#1 v2.1. 467 */ 468 469 #define CC_RsaPssVerify(UserContext_ptr,UserPubKey_ptr,hashFunc,MGF,SaltLen,DataIn_ptr,DataInSize,Sig_ptr)\ 470 CC_RsaVerify(UserContext_ptr,UserPubKey_ptr,hashFunc,MGF,SaltLen,DataIn_ptr,DataInSize,Sig_ptr,CC_PKCS1_VER21) 471 472 /*! 473 @brief CC_RsaPssSha1Verify implements the PKCS1v21 Verify algorithm as defined in PKCS#1 v2.1, but without operating the HASH function - 474 it assumes the DataIn_ptr has already been hashed using SHA1. 475 */ 476 477 #define CC_RsaPssSha1Verify(UserContext_ptr,UserPubKey_ptr,MGF,SaltLen,DataIn_ptr,Sig_ptr)\ 478 CC_RsaVerify(UserContext_ptr,UserPubKey_ptr,CC_RSA_After_SHA1_mode,MGF,SaltLen,DataIn_ptr,CC_HASH_SHA1_DIGEST_SIZE_IN_BYTES,Sig_ptr,CC_PKCS1_VER21) 479 /*! 480 @brief CC_RsaPssSha224Verify implements the PKCS1v21 Verify algorithm as defined in PKCS#1 v2.1, but without operating the HASH function - 481 it assumes the DataIn_ptr has already been hashed using SHA224. 482 */ 483 484 #define CC_RsaPssSha224Verify(UserContext_ptr,UserPubKey_ptr,MGF,SaltLen,DataIn_ptr,Sig_ptr)\ 485 CC_RsaVerify(UserContext_ptr,UserPubKey_ptr,CC_RSA_After_SHA224_mode,MGF,SaltLen,DataIn_ptr,CC_HASH_SHA224_DIGEST_SIZE_IN_BYTES,Sig_ptr,CC_PKCS1_VER21) 486 487 /*! 488 @brief CC_RsaPssSha256Verify implements the PKCS1v21 Verify algorithm as defined in PKCS#1 v2.1, but without operating the HASH function - 489 it assumes the DataIn_ptr has already been hashed using SHA256. 490 */ 491 492 #define CC_RsaPssSha256Verify(UserContext_ptr,UserPubKey_ptr,MGF,SaltLen,DataIn_ptr,Sig_ptr)\ 493 CC_RsaVerify(UserContext_ptr,UserPubKey_ptr,CC_RSA_After_SHA256_mode,MGF,SaltLen,DataIn_ptr,CC_HASH_SHA256_DIGEST_SIZE_IN_BYTES,Sig_ptr,CC_PKCS1_VER21) 494 495 496 /*! 497 @brief CC_RsaPssSha384Verify implements the PKCS1v21 Verify algorithm as defined in PKCS#1 v2.1, but without operating the HASH function - 498 it assumes the DataIn_ptr has already been hashed using SHA384. 499 500 */ 501 502 #define CC_RsaPssSha384Verify(UserContext_ptr,UserPubKey_ptr,MGF,SaltLen,DataIn_ptr,Sig_ptr)\ 503 CC_RsaVerify(UserContext_ptr,UserPubKey_ptr,CC_RSA_After_SHA384_mode,MGF,SaltLen,DataIn_ptr,CC_HASH_SHA384_DIGEST_SIZE_IN_BYTES,Sig_ptr,CC_PKCS1_VER21) 504 505 506 /*! 507 @brief CC_RsaPssSha512Verify implements the PKCS1v21 Verify algorithm as defined in PKCS#1 v2.1, but without operating the HASH function - 508 it assumes the DataIn_ptr has already been hashed using SHA512. 509 */ 510 511 #define CC_RsaPssSha512Verify(UserContext_ptr,UserPubKey_ptr,MGF,SaltLen,DataIn_ptr,Sig_ptr)\ 512 CC_RsaVerify(UserContext_ptr,UserPubKey_ptr,CC_RSA_After_SHA512_mode,MGF,SaltLen,DataIn_ptr,CC_HASH_SHA512_DIGEST_SIZE_IN_BYTES,Sig_ptr,CC_PKCS1_VER21) 513 514 /**********************************************************************************************************/ 515 516 517 #ifdef __cplusplus 518 } 519 #endif 520 /** 521 @} 522 */ 523 #endif /* !defined(CC_IOT) || ( defined(CC_IOT) && defined(MBEDTLS_RSA_C)) */ 524 #endif /* _CC_RSA_SCHEMES_H */ 525
