From a784142edfbd707157771b076029a8f82f5c0936 Mon Sep 17 00:00:00 2001
From: John Safranek <john@wolfssl.com>
Date: Tue, 31 Oct 2017 13:30:06 -0700
Subject: [PATCH] RSA Update 1. Added FIPS wrappers for MakeRsaKey(),
 CheckProbablePrime(), and RsaFlattenPublicKey(). 2. Update the API test so
 that it used appropriate key and message sizes for the RSA testing. 3. Add
 function to get all parts of a flattened RSA key.

---
 cyassl/ctaocrypt/rsa.h  |  1 +
 wolfcrypt/src/rsa.c     | 91 +++++++++++++++++++++++++++++++++++++----
 wolfcrypt/test/test.c   |  8 +++-
 wolfssl/wolfcrypt/rsa.h |  6 +++
 4 files changed, 97 insertions(+), 9 deletions(-)

diff --git a/cyassl/ctaocrypt/rsa.h b/cyassl/ctaocrypt/rsa.h
index 5ad6fe0a3..03b8f034f 100644
--- a/cyassl/ctaocrypt/rsa.h
+++ b/cyassl/ctaocrypt/rsa.h
@@ -45,6 +45,7 @@
 #ifdef WOLFSSL_KEY_GEN
     #define MakeRsaKey  wc_MakeRsaKey
     #define RsaKeyToDer wc_RsaKeyToDer
+    #define CheckProbablePrime wc_CheckProbablePrime
 #endif
 
 #ifdef WOLFSSL_ASYNC_CRYPT
diff --git a/wolfcrypt/src/rsa.c b/wolfcrypt/src/rsa.c
index 6de416ce6..08991da0e 100644
--- a/wolfcrypt/src/rsa.c
+++ b/wolfcrypt/src/rsa.c
@@ -147,17 +147,47 @@ int  wc_RsaEncryptSize(RsaKey* key)
 }
 
 
-int wc_RsaFlattenPublicKey(RsaKey* key, byte* a, word32* aSz, byte* b,
-                           word32* bSz)
-{
+#ifndef WOLFSSL_KEY_GEN
+    int wc_RsaFlattenPublicKey(RsaKey* key, byte* a, word32* aSz, byte* b,
+                               word32* bSz)
+    {
+
+        /* not specified as fips so not needing _fips */
+        return RsaFlattenPublicKey(key, a, aSz, b, bSz);
+    }
+#else
+    int wc_RsaFlattenPublicKey(RsaKey* key, byte* a, word32* aSz, byte* b,
+                               word32* bSz)
+    {
+
+        /* not specified as fips so not needing _fips */
+        return RsaFlattenPublicKey_fips(key, a, aSz, b, bSz);
+    }
+
+    int wc_RsaExportKey(RsaKey* key,
+                        byte* e, word32* eSz, byte* n, word32* nSz,
+                        byte* d, word32* dSz, byte* p, word32* pSz,
+                        byte* q, word32* qSz)
+    {
+
+        /* not specified as fips so not needing _fips */
+        return RsaExportKey_fips(key, e, eSz, n, nSz, d, dSz, p, pSz, q, qSz);
+    }
+
+    int wc_CheckProbablePrime(const byte* pRaw, word32 pRawSz,
+                              const byte* qRaw, word32 qRawSz,
+                              const byte* eRaw, word32 eRawSz,
+                              int nlen, int* isPrime)
+    {
+        return CheckProbablePrime_fips(pRaw, pRawSz,
+                                       qRaw, qRawSz,
+                                       eRaw, eRawSz,
+                                       nlen, isPrime);
+    }
 
-    /* not specified as fips so not needing _fips */
-    return RsaFlattenPublicKey(key, a, aSz, b, bSz);
-}
-#ifdef WOLFSSL_KEY_GEN
     int wc_MakeRsaKey(RsaKey* key, int size, long e, WC_RNG* rng)
     {
-        return MakeRsaKey(key, size, e, rng);
+        return MakeRsaKey_fips(key, size, e, rng);
     }
 #endif
 
@@ -2095,6 +2125,51 @@ int wc_RsaFlattenPublicKey(RsaKey* key, byte* e, word32* eSz, byte* n,
     return 0;
 }
 
+
+static int RsaGetValue(mp_int* in, byte* out, word32* outSz)
+{
+    word32 sz;
+    int ret = 0;
+
+    sz = (word32)mp_unsigned_bin_size(in);
+    if (sz > *outSz)
+        ret = RSA_BUFFER_E;
+
+    if (ret == 0)
+        ret = mp_to_unsigned_bin(in, out);
+
+    if (ret == MP_OKAY)
+        *outSz = sz;
+
+    return ret;
+}
+
+
+int wc_RsaExportKey(RsaKey* key,
+                    byte* e, word32* eSz, byte* n, word32* nSz,
+                    byte* d, word32* dSz, byte* p, word32* pSz,
+                    byte* q, word32* qSz)
+{
+    int ret = BAD_FUNC_ARG;
+
+    if (key && e && eSz && n && nSz && d && dSz && p && pSz && q && qSz)
+        ret = 0;
+
+    if (ret == 0)
+        ret = RsaGetValue(&key->e, e, eSz);
+    if (ret == 0)
+        ret = RsaGetValue(&key->n, n, nSz);
+    if (ret == 0)
+        ret = RsaGetValue(&key->d, d, dSz);
+    if (ret == 0)
+        ret = RsaGetValue(&key->p, p, pSz);
+    if (ret == 0)
+        ret = RsaGetValue(&key->q, q, qSz);
+
+    return ret;
+}
+
+
 #ifdef WOLFSSL_KEY_GEN
 
 /* Check that |p-q| > 2^((size/2)-100) */
diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c
index c1eb272ab..1731a6726 100644
--- a/wolfcrypt/test/test.c
+++ b/wolfcrypt/test/test.c
@@ -8394,11 +8394,17 @@ int rsa_test(void)
 #ifdef WOLFSSL_KEY_GEN
     {
         int    derSz = 0;
+		int    keySz = 1024;
+
+		#ifdef HAVE_FIPS
+			keySz = 2048;
+		#endif /* HAVE_FIPS */
+
         ret = wc_InitRsaKey(&genKey, HEAP_HINT);
         if (ret != 0) {
             ERROR_OUT(-5550, exit_rsa);
         }
-        ret = wc_MakeRsaKey(&genKey, 1024, WC_RSA_EXPONENT, &rng);
+        ret = wc_MakeRsaKey(&genKey, keySz, WC_RSA_EXPONENT, &rng);
         if (ret != 0) {
             ERROR_OUT(-5551, exit_rsa);
         }
diff --git a/wolfssl/wolfcrypt/rsa.h b/wolfssl/wolfcrypt/rsa.h
index d56a7d136..8749a9c8f 100644
--- a/wolfssl/wolfcrypt/rsa.h
+++ b/wolfssl/wolfcrypt/rsa.h
@@ -222,6 +222,12 @@ WOLFSSL_API int  wc_RsaPrivateDecryptInline_ex(byte* in, word32 inLen,
 #endif /* HAVE_FIPS*/
 WOLFSSL_API int  wc_RsaFlattenPublicKey(RsaKey*, byte*, word32*, byte*,
                                                                        word32*);
+WOLFSSL_API int wc_RsaExportKey(RsaKey* key,
+                                byte* e, word32* eSz,
+                                byte* n, word32* nSz,
+                                byte* d, word32* dSz,
+                                byte* p, word32* pSz,
+                                byte* q, word32* qSz);
 
 #ifdef WOLFSSL_KEY_GEN
     WOLFSSL_API int wc_RsaKeyToPublicDer(RsaKey*, byte* output, word32 inLen);