diff --git a/doc/dox_comments/header_files/rsa.h b/doc/dox_comments/header_files/rsa.h index ccb7f971b..757b2a407 100644 --- a/doc/dox_comments/header_files/rsa.h +++ b/doc/dox_comments/header_files/rsa.h @@ -144,8 +144,6 @@ WOLFSSL_API int wc_FreeRsaKey(RsaKey* key); \return Success Upon successfully encrypting the input message, returns 0 for success and less than zero for failure. Also returns the number bytes written to out by storing the value in outLen - \return -1 Returned if there is an error during RSA encryption and - hardware acceleration via Cavium is enabled \return BAD_FUNC_ARG Returned if any of the input parameters are invalid \return RSA_BUFFER_E Returned if the output buffer is too small to store the ciphertext @@ -907,7 +905,7 @@ WOLFSSL_API int wc_RsaPSS_CheckPadding(const byte* in, word32 inLen, byte* sig, \param saltLen Length of salt used. RSA_PSS_SALT_LEN_DEFAULT (-1) indicates salt length is the same as the hash length. RSA_PSS_SALT_LEN_DISCOVER indicates salt length is determined from the data. - \param bits igonred + \param bits Can be used to calculate salt size in FIPS case _Example_ \code @@ -951,8 +949,7 @@ WOLFSSL_API int wc_RsaPSS_CheckPadding(const byte* in, word32 inLen, byte* sig, \sa wc_RsaPSS_CheckPadding */ WOLFSSL_API int wc_RsaPSS_CheckPadding_ex(const byte* in, word32 inLen, byte* sig, - word32 sigSz, - enum wc_HashType hashType, int saltLen, int bits); + word32 sigSz, enum wc_HashType hashType, int saltLen, int bits); /*! \ingroup RSA @@ -970,7 +967,6 @@ WOLFSSL_API int wc_RsaPSS_CheckPadding_ex(const byte* in, word32 inLen, byte* s \sa wc_InitRsaKey \sa wc_InitRsaKey_ex \sa wc_MakeRsaKey - \sa XMEMSET */ WOLFSSL_API int wc_RsaEncryptSize(RsaKey* key); @@ -1195,7 +1191,7 @@ WOLFSSL_API int wc_RsaKeyToDer(RsaKey*, byte* output, word32 inLen); */ WOLFSSL_API int wc_RsaPublicEncrypt_ex(const byte* in, word32 inLen, byte* out, word32 outLen, RsaKey* key, WC_RNG* rng, int type, - enum wc_HashType hash, int mgf, byte* label, word32 lableSz); + enum wc_HashType hash, int mgf, byte* label, word32 labelSz); /*! \ingroup RSA @@ -1248,7 +1244,7 @@ WOLFSSL_API int wc_RsaPublicEncrypt_ex(const byte* in, word32 inLen, byte* out, */ WOLFSSL_API int wc_RsaPrivateDecrypt_ex(const byte* in, word32 inLen, byte* out, word32 outLen, RsaKey* key, int type, - enum wc_HashType hash, int mgf, byte* label, word32 lableSz); + enum wc_HashType hash, int mgf, byte* label, word32 labelSz); /*! \ingroup RSA @@ -1306,7 +1302,7 @@ WOLFSSL_API int wc_RsaPrivateDecrypt_ex(const byte* in, word32 inLen, */ WOLFSSL_API int wc_RsaPrivateDecryptInline_ex(byte* in, word32 inLen, byte** out, RsaKey* key, int type, enum wc_HashType hash, - int mgf, byte* label, word32 lableSz); + int mgf, byte* label, word32 labelSz); /*! \ingroup RSA @@ -1348,7 +1344,6 @@ WOLFSSL_API int wc_RsaPrivateDecryptInline_ex(byte* in, word32 inLen, \sa wc_InitRsaKey \sa wc_InitRsaKey_ex \sa wc_MakeRsaKey - \sa XMEMSET */ WOLFSSL_API int wc_RsaFlattenPublicKey(RsaKey*, byte*, word32*, byte*, word32*); @@ -1365,7 +1360,7 @@ WOLFSSL_API int wc_RsaFlattenPublicKey(RsaKey*, byte*, word32*, byte*, \return <0 Error \param key The RSA key structure to convert. - \param output Output buffer to hold DER. + \param output Output buffer to hold DER. (if NULL will return length only) \param inLen Length of buffer. _Example_ @@ -1375,18 +1370,55 @@ WOLFSSL_API int wc_RsaFlattenPublicKey(RsaKey*, byte*, word32*, byte*, wc_RsaInitKey(&key, NULL); // Use key - int BUFFER_SIZE = // Some adequate size for the buffer + const int BUFFER_SIZE = 1024; // Some adequate size for the buffer byte output[BUFFER_SIZE]; - if(wc_RsaKeyToPublicDer(&key, output, sizeof(output)) != 0) - { + if (wc_RsaKeyToPublicDer(&key, output, sizeof(output)) != 0) { // Handle Error } \endcode + \sa wc_RsaPublicKeyDerSize + \sa wc_RsaKeyToPublicDer_ex + \sa wc_RsaInitKey +*/ +WOLFSSL_API int wc_RsaKeyToPublicDer(RsaKey* key, byte* output, word32 inLen); + +/*! + \ingroup RSA + + \brief Convert RSA Public key to DER format. Writes to output, and + returns count of bytes written. If with_header is 0 then only the + ( seq + n + e) is returned in ASN.1 DER format and will exclude the header. + + \return >0 Success, number of bytes written. + \return BAD_FUNC_ARG Returned if key or output is null. + \return MEMORY_E Returned when an error allocating memory occurs. + \return <0 Error + + \param key The RSA key structure to convert. + \param output Output buffer to hold DER. (if NULL will return length only) + \param inLen Length of buffer. + + _Example_ + \code + RsaKey key; + + wc_RsaInitKey(&key, NULL); + // Use key + + const int BUFFER_SIZE = 1024; // Some adequate size for the buffer + byte output[BUFFER_SIZE]; + if (wc_RsaKeyToPublicDer_ex(&key, output, sizeof(output), 0) != 0) { + // Handle Error + } + \endcode + + \sa wc_RsaPublicKeyDerSize \sa wc_RsaKeyToPublicDer \sa wc_RsaInitKey */ -WOLFSSL_API int wc_RsaKeyToPublicDer(RsaKey*, byte* output, word32 inLen); +WOLFSSL_API int wc_RsaKeyToPublicDer_ex(RsaKey* key, byte* output, word32 inLen, + int with_header); /*! \ingroup RSA @@ -1432,7 +1464,7 @@ WOLFSSL_API int wc_RsaKeyToPublicDer(RsaKey*, byte* output, word32 inLen); \param key pointer to the RsaKey structure in which to store the generated private key - \param size desired keylenth, in bits. Required to be greater than + \param size desired key length, in bits. Required to be greater than RSA_MIN_SIZE and less than RSA_MAX_SIZE \param e exponent parameter to use for generating the key. A secure choice is 65537 diff --git a/doc/dox_comments/header_files/ssl.h b/doc/dox_comments/header_files/ssl.h index fb87141f8..c7f8814c3 100644 --- a/doc/dox_comments/header_files/ssl.h +++ b/doc/dox_comments/header_files/ssl.h @@ -7818,7 +7818,6 @@ WOLFSSL_API void wolfSSL_SetFuzzerCb(WOLFSSL* ssl, CallbackFuzzer cbf, void* fCt \sa ForceZero \sa wc_RNG_GenerateBlock - \sa XMEMCPY */ WOLFSSL_API int wolfSSL_DTLS_SetCookieSecret(WOLFSSL*, const unsigned char*, diff --git a/doc/dox_comments/header_files/wolfio.h b/doc/dox_comments/header_files/wolfio.h index 5fa64de90..0c1f94e8d 100644 --- a/doc/dox_comments/header_files/wolfio.h +++ b/doc/dox_comments/header_files/wolfio.h @@ -35,9 +35,9 @@ } \endcode - \sa wolfSSL_dtls_get_current_timeout - \sa TranslateReturnCode - \sa RECV_FUNCTION + \sa EmbedSend + \sa wolfSSL_CTX_SetIORecv + \sa wolfSSL_SSLSetIORecv */ WOLFSSL_API int EmbedReceive(WOLFSSL* ssl, char* buf, int sz, void* ctx); @@ -73,11 +73,9 @@ WOLFSSL_API int EmbedReceive(WOLFSSL* ssl, char* buf, int sz, void* ctx); } \endcode - \sa TranslateReturnCode - \sa SEND_FUNCTION - \sa LastError - \sa InitSSL_Ctx - \sa LastError + \sa EmbedReceive + \sa wolfSSL_CTX_SetIOSend + \sa wolfSSL_SSLSetIOSend */ WOLFSSL_API int EmbedSend(WOLFSSL* ssl, char* buf, int sz, void* ctx); @@ -112,9 +110,10 @@ WOLFSSL_API int EmbedSend(WOLFSSL* ssl, char* buf, int sz, void* ctx); } \endcode - \sa TranslateReturnCode - \sa RECVFROM_FUNCTION - \sa Setsockopt + \sa EmbedSendTo + \sa wolfSSL_CTX_SetIORecv + \sa wolfSSL_SSLSetIORecv + \sa wolfSSL_dtls_get_current_timeout */ WOLFSSL_API int EmbedReceiveFrom(WOLFSSL* ssl, char* buf, int sz, void*); @@ -153,9 +152,9 @@ WOLFSSL_API int EmbedReceiveFrom(WOLFSSL* ssl, char* buf, int sz, void*); } \endcode - \sa LastError - \sa EmbedSend - \sa EmbedReceive + \sa EmbedReceiveFrom + \sa wolfSSL_CTX_SetIOSend + \sa wolfSSL_SSLSetIOSend */ WOLFSSL_API int EmbedSendTo(WOLFSSL* ssl, char* buf, int sz, void* ctx); @@ -188,10 +187,7 @@ WOLFSSL_API int EmbedSendTo(WOLFSSL* ssl, char* buf, int sz, void* ctx); } \endcode - \sa wc_ShaHash - \sa EmbedGenerateCookie - \sa XMEMCPY - \sa XMEMSET + \sa wolfSSL_CTX_SetGenCookie */ WOLFSSL_API int EmbedGenerateCookie(WOLFSSL* ssl, unsigned char* buf, int sz, void*); @@ -212,7 +208,9 @@ WOLFSSL_API int EmbedGenerateCookie(WOLFSSL* ssl, unsigned char* buf, EmbedOcspRespFree(ctx, resp); \endcode - \sa XFREE + \sa wolfSSL_CertManagerSetOCSP_Cb + \sa wolfSSL_CertManagerEnableOCSPStapling + \sa wolfSSL_CertManagerEnableOCSP */ WOLFSSL_API void EmbedOcspRespFree(void*, unsigned char*); diff --git a/tests/api.c b/tests/api.c index 0f3b0024c..dafd06aeb 100644 --- a/tests/api.c +++ b/tests/api.c @@ -16859,6 +16859,24 @@ static int test_wc_RsaKeyToPublicDer (void) } } + #if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \ + (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION != 2))) + if (ret == 0) { + /* test getting size only */ + ret = wc_RsaKeyToPublicDer_ex(&key, NULL, derLen, 0); + if (ret >= 0) + ret = 0; + } + if (ret == 0) { + ret = wc_RsaKeyToPublicDer_ex(&key, der, derLen, 0); + if (ret >= 0) { + ret = 0; + } else { + ret = WOLFSSL_FATAL_ERROR; + } + } + #endif + #ifndef HAVE_USER_RSA /* Pass in bad args. */ if (ret == 0) { diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 4ab62a189..6ee3f3064 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -12065,55 +12065,7 @@ static int SetRsaPublicKey(byte* output, RsaKey* key, #if !defined(NO_RSA) && (defined(WOLFSSL_CERT_GEN) || defined(OPENSSL_EXTRA)) int wc_RsaPublicKeyDerSize(RsaKey* key, int with_header) { - int idx = 0; - int nSz, eSz, seqSz, bitStringSz, algoSz; - - if (key == NULL) - return BAD_FUNC_ARG; - - /* n */ -#ifdef HAVE_USER_RSA - nSz = SetASNIntRSA(key->n, NULL); -#else - nSz = SetASNIntMP(&key->n, MAX_RSA_INT_SZ, NULL); -#endif - if (nSz < 0) { - return nSz; - } - - /* e */ -#ifdef HAVE_USER_RSA - eSz = SetASNIntRSA(key->e, NULL); -#else - eSz = SetASNIntMP(&key->e, MAX_RSA_INT_SZ, NULL); -#endif - if (eSz < 0) { - return eSz; - } - - seqSz = SetSequence(nSz + eSz, NULL); - - /* headers */ - if (with_header) { - algoSz = SetAlgoID(RSAk, NULL, oidKeyType, 0); - bitStringSz = SetBitString(seqSz + nSz + eSz, 0, NULL); - - idx += SetSequence(nSz + eSz + seqSz + bitStringSz + algoSz, NULL); - - /* algo */ - idx += algoSz; - /* bit string */ - idx += bitStringSz; - } - - /* seq */ - idx += seqSz; - /* n */ - idx += nSz; - /* e */ - idx += eSz; - - return idx; + return SetRsaPublicKey(NULL, key, 0, with_header); } #endif /* !NO_RSA && WOLFSSL_CERT_GEN */ @@ -12225,6 +12177,13 @@ int wc_RsaKeyToPublicDer(RsaKey* key, byte* output, word32 inLen) return SetRsaPublicKey(output, key, inLen, 1); } +/* Returns public DER version of the RSA key. If with_header is 0 then only a + * seq + n + e is returned in ASN.1 DER format */ +int wc_RsaKeyToPublicDer_ex(RsaKey* key, byte* output, word32 inLen, + int with_header) +{ + return SetRsaPublicKey(output, key, inLen, with_header); +} #endif /* (WOLFSSL_KEY_GEN || OPENSSL_EXTRA) && !NO_RSA && !HAVE_USER_RSA */ diff --git a/wolfcrypt/src/rsa.c b/wolfcrypt/src/rsa.c index 60dabae18..88ef10610 100644 --- a/wolfcrypt/src/rsa.c +++ b/wolfcrypt/src/rsa.c @@ -3542,6 +3542,7 @@ int wc_RsaPSS_CheckPadding(const byte* in, word32 inSz, byte* sig, * saltLen Length of salt used. RSA_PSS_SALT_LEN_DEFAULT (-1) indicates salt * length is the same as the hash length. RSA_PSS_SALT_LEN_DISCOVER * indicates salt length is determined from the data. + * bits Can be used to calculate salt size in FIPS case * returns BAD_PADDING_E when the PSS data is invalid, BAD_FUNC_ARG when * NULL is passed in to in or sig or inSz is not the same as the hash * algorithm length and 0 on success. diff --git a/wolfcrypt/user-crypto/src/rsa.c b/wolfcrypt/user-crypto/src/rsa.c index 0ff20ff86..ae5218d54 100644 --- a/wolfcrypt/user-crypto/src/rsa.c +++ b/wolfcrypt/user-crypto/src/rsa.c @@ -2769,6 +2769,13 @@ int wc_RsaKeyToPublicDer(RsaKey* key, byte* output, word32 inLen) return SetRsaPublicKey(output, key, inLen, 1); } +/* Returns public DER version of the RSA key. If with_header is 0 then only a + * seq + n + e is returned in ASN.1 DER format */ +int wc_RsaKeyToPublicDer_ex(RsaKey* key, byte* output, word32 inLen, + int with_header) +{ + return SetRsaPublicKey(output, key, inLen, with_header); +} #endif /* WOLFSSL_KEY_GEN || OPENSSL_EXTRA */ diff --git a/wolfssl/wolfcrypt/rsa.h b/wolfssl/wolfcrypt/rsa.h index ad6db4f80..0d724e0c0 100644 --- a/wolfssl/wolfcrypt/rsa.h +++ b/wolfssl/wolfcrypt/rsa.h @@ -332,13 +332,13 @@ WOLFSSL_API int wc_RsaPublicKeyDecodeRaw(const byte* n, word32 nSz, WOLFSSL_API int wc_RsaPublicEncrypt_ex(const byte* in, word32 inLen, byte* out, word32 outLen, RsaKey* key, WC_RNG* rng, int type, - enum wc_HashType hash, int mgf, byte* label, word32 lableSz); + enum wc_HashType hash, int mgf, byte* label, word32 labelSz); WOLFSSL_API int wc_RsaPrivateDecrypt_ex(const byte* in, word32 inLen, byte* out, word32 outLen, RsaKey* key, int type, - enum wc_HashType hash, int mgf, byte* label, word32 lableSz); + enum wc_HashType hash, int mgf, byte* label, word32 labelSz); WOLFSSL_API int wc_RsaPrivateDecryptInline_ex(byte* in, word32 inLen, byte** out, RsaKey* key, int type, enum wc_HashType hash, - int mgf, byte* label, word32 lableSz); + int mgf, byte* label, word32 labelSz); #if defined(WC_RSA_DIRECT) || defined(WC_RSA_NO_PADDING) WOLFSSL_API int wc_RsaDirect(byte* in, word32 inLen, byte* out, word32* outSz, RsaKey* key, int type, WC_RNG* rng); @@ -355,7 +355,9 @@ WOLFSSL_API int wc_RsaExportKey(RsaKey* key, byte* p, word32* pSz, byte* q, word32* qSz); -WOLFSSL_API int wc_RsaKeyToPublicDer(RsaKey*, byte* output, word32 inLen); +WOLFSSL_API int wc_RsaKeyToPublicDer(RsaKey* key, byte* output, word32 inLen); +WOLFSSL_API int wc_RsaKeyToPublicDer_ex(RsaKey* key, byte* output, word32 inLen, + int with_header); #ifdef WOLFSSL_KEY_GEN WOLFSSL_API int wc_MakeRsaKey(RsaKey* key, int size, long e, WC_RNG* rng);