RSA WIP

Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>

Author: sjaeckel

src/headers/tomcrypt_pk.h

@@ -154,22 +154,72 @@ int rsa_verify_hash_v2(const unsigned char   *sig,    unsigned long  siglen,
                              int             *stat,
                        const rsa_key         *key);
 
+/* These use PKCS #1 v2.0 padding */
+#define ltc_rsa_encrypt_key(in, inlen, out, outlen, lp, lplen, prng_, prng_idx, hash_idx, key) \
+      rsa_encrypt_key_v2(in, inlen, out, outlen, \
+                         &(ltc_rsa_op_parameters){ \
+                           .u.crypt.lparam = lp, \
+                           .u.crypt.lparamlen = lplen,\
+                           .prng = prng_, \
+                           .wprng = prng_idx, \
+                           .params.mgf1_hash_alg = hash_is_valid(hash_idx) == CRYPT_OK ? hash_descriptor[hash_idx].name : NULL, \
+                           .params.hash_alg = hash_is_valid(hash_idx) == CRYPT_OK ? hash_descriptor[hash_idx].name : NULL, \
+                           .padding = LTC_PKCS_1_OAEP, \
+                         }, key)
+
+#define ltc_rsa_decrypt_key(in, inlen, out, outlen, lp, lplen, hash_idx, stat, key) \
+      rsa_decrypt_key_v2(in, inlen, out, outlen, \
+                         &(ltc_rsa_op_parameters){ \
+                           .u.crypt.lparam = lp, \
+                           .u.crypt.lparamlen = lplen,\
+                           .params.mgf1_hash_alg = hash_is_valid(hash_idx) == CRYPT_OK ? hash_descriptor[hash_idx].name : NULL, \
+                           .params.hash_alg = hash_is_valid(hash_idx) == CRYPT_OK ? hash_descriptor[hash_idx].name : NULL, \
+                           .padding = LTC_PKCS_1_OAEP, \
+                         }, stat, key)
+
+#define ltc_rsa_sign_hash(hash, hashlen, sig, siglen, prng_, prng_idx, hash_idx, saltlen_, key) \
+      rsa_sign_hash_v2(hash, hashlen, sig, siglen, \
+                         &(ltc_rsa_op_parameters){ \
+                           .prng = prng_, \
+                           .wprng = prng_idx, \
+                           .params.mgf1_hash_alg = hash_is_valid(hash_idx) == CRYPT_OK ? hash_descriptor[hash_idx].name : NULL, \
+                           .params.hash_alg = hash_is_valid(hash_idx) == CRYPT_OK ? hash_descriptor[hash_idx].name : NULL, \
+                           .params.saltlen = saltlen_, \
+                           .padding = LTC_PKCS_1_PSS, \
+                         }, key)
+
+#define ltc_rsa_verify_hash(sig, siglen, hash, hashlen, hash_idx, saltlen_, stat, key) \
+      rsa_verify_hash_v2(sig, siglen, hash, hashlen, \
+                         &(ltc_rsa_op_parameters){ \
+                           .params.mgf1_hash_alg = hash_is_valid(hash_idx) == CRYPT_OK ? hash_descriptor[hash_idx].name : NULL, \
+                           .params.hash_alg = hash_is_valid(hash_idx) == CRYPT_OK ? hash_descriptor[hash_idx].name : NULL, \
+                           .params.saltlen = saltlen_, \
+                           .padding = LTC_PKCS_1_PSS, \
+                         }, stat, key)
+
+//#define LTC_NO_DEPRECATED_APIS
+#ifdef LTC_NO_DEPRECATED_APIS
+
+#define rsa_encrypt_key ltc_rsa_encrypt_key
+#define rsa_decrypt_key ltc_rsa_decrypt_key
+#define rsa_sign_hash   ltc_rsa_sign_hash
+#define rsa_verify_hash ltc_rsa_verify_hash
+
+#else /* LTC_NO_DEPRECATED_APIS */
+
 /* These use PKCS #1 v2.0 padding */
 #define rsa_encrypt_key(in, inlen, out, outlen, lparam, lparamlen, prng, prng_idx, hash_idx, key) \
   rsa_encrypt_key_ex(in, inlen, out, outlen, lparam, lparamlen, prng, prng_idx, hash_idx, LTC_PKCS_1_OAEP, key)
 
 #define rsa_decrypt_key(in, inlen, out, outlen, lparam, lparamlen, hash_idx, stat, key) \
   rsa_decrypt_key_ex(in, inlen, out, outlen, lparam, lparamlen, hash_idx, LTC_PKCS_1_OAEP, stat, key)
 
-#define rsa_sign_hash(in, inlen, out, outlen, prng, prng_idx, hash_idx, saltlen, key) \
-  rsa_sign_hash_ex(in, inlen, out, outlen, LTC_PKCS_1_PSS, prng, prng_idx, hash_idx, saltlen, key)
+#define rsa_sign_hash(hash, hashlen, sig, siglen, prng, prng_idx, hash_idx, saltlen, key) \
+  rsa_sign_hash_ex(hash, hashlen, sig, siglen, LTC_PKCS_1_PSS, prng, prng_idx, hash_idx, saltlen, key)
 
 #define rsa_verify_hash(sig, siglen, hash, hashlen, hash_idx, saltlen, stat, key) \
   rsa_verify_hash_ex(sig, siglen, hash, hashlen, LTC_PKCS_1_PSS, hash_idx, saltlen, stat, key)
 
-#define rsa_sign_saltlen_get_max(hash_idx, key) \
-  rsa_sign_saltlen_get_max_ex(LTC_PKCS_1_PSS, hash_idx, key)
-
 /* These can be switched between PKCS #1 v2.x and PKCS #1 v1.5 paddings */
 LTC_DEPRECATED(rsa_encrypt_key_v2)
 int rsa_encrypt_key_ex(const unsigned char *in,       unsigned long  inlen,
@@ -200,6 +250,10 @@ int rsa_verify_hash_ex(const unsigned char *sig,            unsigned long  sigle
                              int            padding,
                              int            hash_idx,       unsigned long  saltlen,
                              int           *stat,     const rsa_key       *key);
+#endif /* LTC_NO_DEPRECATED_APIS */
+
+#define rsa_sign_saltlen_get_max(hash_idx, key) \
+  rsa_sign_saltlen_get_max_ex(LTC_PKCS_1_PSS, hash_idx, key)
 
 int rsa_sign_saltlen_get_max_ex(int padding, int hash_idx, const rsa_key *key);
 

src/pk/rsa/rsa_key.c

@@ -100,7 +100,7 @@ void rsa_free(rsa_key *key)
    XMEMSET(&key->params, 0, sizeof(key->params));
 }
 
-static LTC_INLINE int s_rsa_key_valid_pss_algs(ltc_rsa_op_checked *check)
+static LTC_INLINE int s_rsa_key_valid_rsa_params(ltc_rsa_op_checked *check)
 {
    const ltc_rsa_parameters *key_params;
    int padding = check->params->padding;
@@ -114,7 +114,8 @@ static LTC_INLINE int s_rsa_key_valid_pss_algs(ltc_rsa_op_checked *check)
                || padding == LTC_PKCS_1_V1_5_NA1)) {
       return CRYPT_OK;
    }
-   if (padding != LTC_PKCS_1_PSS) {
+   if (padding != LTC_PKCS_1_PSS
+         && padding != LTC_PKCS_1_OAEP) {
       return CRYPT_PK_TYPE_MISMATCH;
    }
    if (key_params->hash_alg == NULL || find_hash(key_params->hash_alg) != check->hash_alg) {
@@ -165,7 +166,7 @@ static LTC_INLINE int s_rsa_key_valid_sign(ltc_rsa_op_checked *check)
          return CRYPT_INVALID_ARG;
       }
    }
-   return s_rsa_key_valid_pss_algs(check);
+   return s_rsa_key_valid_rsa_params(check);
 }
 
 static LTC_INLINE int s_rsa_key_valid_crypt(ltc_rsa_op_checked *check)
@@ -182,7 +183,7 @@ static LTC_INLINE int s_rsa_key_valid_crypt(ltc_rsa_op_checked *check)
          return err;
       }
    }
-   return s_rsa_key_valid_pss_algs(check);
+   return s_rsa_key_valid_rsa_params(check);
 }
 
 static LTC_INLINE int s_rsa_check_prng(ltc_rsa_op_parameters *params)

tests/deprecated_test.c

@@ -39,10 +39,50 @@ static void s_ecc_test(void)
 }
 #endif
 
+#ifdef LTC_MRSA
+extern const unsigned char ltc_rsa_private_test_key[];
+extern const unsigned long ltc_rsa_private_test_key_sz;
+extern const unsigned char ltc_openssl_public_rsa[];
+extern const unsigned long ltc_openssl_public_rsa_sz;
+static void s_rsa_test(void)
+{
+   rsa_key key, pubkey;
+   int stat;
+   const unsigned char tv[] = "test";
+   unsigned char buf0[1024], buf1[1024];
+   unsigned long buf0len, buf1len;
+
+   /* We need an MPI provider for RSA */
+   if (ltc_mp.name == NULL) return;
+
+   DO(rsa_import(ltc_rsa_private_test_key, ltc_rsa_private_test_key_sz, &key));
+   DO(rsa_import(ltc_openssl_public_rsa, ltc_openssl_public_rsa_sz, &pubkey));
+
+   buf0len = sizeof(buf0);
+   DO(rsa_sign_hash_ex(tv, 4, buf0, &buf0len, LTC_PKCS_1_PSS, &yarrow_prng, find_prng("yarrow"), find_hash("sha1"), 8, &key));
+   buf1len = sizeof(buf1);
+   DO(rsa_verify_hash_ex(buf0, buf0len, tv, 4, LTC_PKCS_1_PSS, find_hash("sha1"), 8, &stat, &pubkey));
+   ENSURE(stat == 1);
+
+   buf0len = sizeof(buf0);
+   DO(rsa_encrypt_key_ex(tv, 4, buf0, &buf0len, NULL, 0, &yarrow_prng, find_prng("yarrow"), find_hash("sha1"), LTC_PKCS_1_OAEP, &pubkey));
+   buf1len = sizeof(buf1);
+   DO(rsa_decrypt_key_ex(buf0, buf0len, buf1, &buf1len, NULL, 0, find_hash("sha1"), LTC_PKCS_1_OAEP, &stat, &key));
+   ENSURE(stat == 1);
+   COMPARE_TESTVECTOR(buf1, buf1len, tv, 4, "s_rsa_test", 0);
+
+   rsa_free(&pubkey);
+   rsa_free(&key);
+}
+#endif
+
 int deprecated_test(void)
 {
 #ifdef LTC_MECC
    s_ecc_test();
+#endif
+#ifdef LTC_MRSA
+   s_rsa_test();
 #endif
    return 0;
 }

tests/rsa_test.c

@@ -134,7 +134,7 @@ static const char *hex_key[] = {
      "DCCC27C8E4DC6248D59BAFF5AB60F621FD53E2B75D09C91AA104A9FC612C5D04583A5A39F14A215667FDCC20A38F78185A793D2E8E7E860AE6A833C104174A9F" };
 
 /*** openssl public RSA key in DER format */
-static const unsigned char openssl_public_rsa[] = {
+const unsigned char ltc_openssl_public_rsa[] = {
    0x30, 0x81, 0x9f, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01,
    0x05, 0x00, 0x03, 0x81, 0x8d, 0x00, 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0xcf, 0x9a, 0xde,
    0x64, 0x8a, 0xda, 0xc8, 0x33, 0x20, 0xa9, 0xd7, 0x83, 0x31, 0x19, 0x54, 0xb2, 0x9a, 0x85, 0xa7,
@@ -146,6 +146,7 @@ static const unsigned char openssl_public_rsa[] = {
    0xe2, 0x76, 0x0c, 0xc9, 0x63, 0x6c, 0x49, 0x58, 0x93, 0xed, 0xcc, 0xaa, 0xdc, 0x25, 0x3b, 0x0a,
    0x60, 0x3f, 0x8b, 0x54, 0x3a, 0xc3, 0x4d, 0x31, 0xe7, 0x94, 0xa4, 0x44, 0xfd, 0x02, 0x03, 0x01,
    0x00, 0x01,  };
+const unsigned long ltc_openssl_public_rsa_sz = sizeof(ltc_openssl_public_rsa);
 
 /* same key but with extra headers stripped */
 static const unsigned char openssl_public_rsa_stripped[] = {
@@ -188,7 +189,7 @@ static int rsa_compat_test(void)
 
    /* try reading the key */
    DO(rsa_import(ltc_rsa_private_test_key, sizeof(ltc_rsa_private_test_key), &key));
-   DO(rsa_import(openssl_public_rsa, sizeof(openssl_public_rsa), &pubkey));
+   DO(rsa_import(ltc_openssl_public_rsa, sizeof(ltc_openssl_public_rsa), &pubkey));
 
    /* sign-verify a message with PKCS #1 v1.5 no ASN.1 */
    len = sizeof(buf);
@@ -224,7 +225,7 @@ static int rsa_compat_test(void)
    rsa_free(&key);
 
    /* try reading the public key */
-   DO(rsa_import(openssl_public_rsa, sizeof(openssl_public_rsa), &key));
+   DO(rsa_import(ltc_openssl_public_rsa, sizeof(ltc_openssl_public_rsa), &key));
    len = sizeof(buf);
    DO(rsa_export(buf, &len, PK_PUBLIC, &key));
    COMPARE_TESTVECTOR(buf, len, openssl_public_rsa_stripped, sizeof(openssl_public_rsa_stripped), "RSA public export (from OpenSSL)", 0);
@@ -259,10 +260,10 @@ static int rsa_compat_test(void)
    rsa_free(&key);
 
    /* try export in SubjectPublicKeyInfo format of the public key */
-   DO(rsa_import(openssl_public_rsa, sizeof(openssl_public_rsa), &key));
+   DO(rsa_import(ltc_openssl_public_rsa, sizeof(ltc_openssl_public_rsa), &key));
    len = sizeof(buf);
    DO(rsa_export(buf, &len, PK_PUBLIC | PK_STD, &key));
-   COMPARE_TESTVECTOR(buf, len, openssl_public_rsa, sizeof(openssl_public_rsa),  "RSA public export (X.509)", 0);
+   COMPARE_TESTVECTOR(buf, len, ltc_openssl_public_rsa, sizeof(ltc_openssl_public_rsa),  "RSA public export (X.509)", 0);
    rsa_free(&key);
 
    return 0;
@@ -452,6 +453,36 @@ static int s_rsa_import_pkcs8(const void *in, unsigned long inlen, void *key)
 #endif
 #endif
 
+static int s_rsa_macros_test(void)
+{
+   rsa_key key, pubkey;
+   int stat;
+   const unsigned char tv[] = "test";
+   unsigned char buf0[1024], buf1[1024];
+   unsigned long buf0len, buf1len;
+
+   DO(rsa_import(ltc_rsa_private_test_key, sizeof(ltc_rsa_private_test_key), &key));
+   DO(rsa_import(ltc_openssl_public_rsa, sizeof(ltc_openssl_public_rsa), &pubkey));
+
+   buf0len = sizeof(buf0);
+   DO(ltc_rsa_sign_hash(tv, 4, buf0, &buf0len, &yarrow_prng, find_prng("yarrow"), find_hash("sha1"), 8, &key));
+   buf1len = sizeof(buf1);
+   DO(ltc_rsa_verify_hash(buf0, buf0len, tv, 4, find_hash("sha1"), 8, &stat, &key));
+   ENSURE(stat == 1);
+
+   buf0len = sizeof(buf0);
+   DO(ltc_rsa_encrypt_key(tv, 4, buf0, &buf0len, NULL, 0, &yarrow_prng, find_prng("yarrow"), find_hash("sha1"), &pubkey));
+   buf1len = sizeof(buf1);
+   DO(ltc_rsa_decrypt_key(buf0, buf0len, buf1, &buf1len, NULL, 0, find_hash("sha1"), &stat, &key));
+   ENSURE(stat == 1);
+   COMPARE_TESTVECTOR(buf1, buf1len, tv, 4, "s_rsa_macros_test", 0);
+
+   rsa_free(&pubkey);
+   rsa_free(&key);
+
+   return CRYPT_OK;
+}
+
 int rsa_test(void)
 {
    unsigned char in[1024], out[1024], tmp[3072];
@@ -489,6 +520,7 @@ int rsa_test(void)
    DO(test_process_dir("tests/rsa-pkcs8", &key, s_rsa_import_pkcs8, NULL, (dir_cleanup_cb)rsa_free, "rsa_pkcs8_test"));
 #endif
 
+   DO(s_rsa_macros_test());
    DO(s_rsa_cryptx_issue_69());
    DO(s_rsa_issue_301(prng_idx));
    DO(s_rsa_public_ubin_e(prng_idx));