wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-30 10:47:28 +02:00
Code Issues Packages Projects Releases Wiki Activity

Added public API wc_RsaKeyToPublicDer_ex to allow getting RSA public key without ASN.1 header (can return only seq + n + e). Related to PR #4068. Cleanup documentation for RSA and wolfIO. Consolidate duplicate code in wc_RsaPublicKeyDerSize.

Browse Source
This commit is contained in:
David Garske
2021-07-28 14:26:26 -07:00
parent 9df4312c4e
commit c69d6d2491
8 changed files with 105 additions and 89 deletions
Download Patch File Download Diff File Expand all files Collapse all files

64
doc/dox_comments/header_files/rsa.h
View File

@ -144,8 +144,6 @@ WOLFSSL_API int wc_FreeRsaKey(RsaKey* key);
\return Success Upon successfully encrypting the input message, returns \return Success Upon successfully encrypting the input message, returns
0 for success and less than zero for failure. Also returns the number 0 for success and less than zero for failure. Also returns the number
bytes written to out by storing the value in outLen bytes written to out by storing the value in outLen
\return -1 Returned if there is an error during RSA encryption and
hardware acceleration via Cavium is enabled
\return BAD_FUNC_ARG Returned if any of the input parameters are invalid \return BAD_FUNC_ARG Returned if any of the input parameters are invalid
\return RSA_BUFFER_E Returned if the output buffer is too small to store \return RSA_BUFFER_E Returned if the output buffer is too small to store
the ciphertext the ciphertext
@ -907,7 +905,7 @@ WOLFSSL_API int wc_RsaPSS_CheckPadding(const byte* in, word32 inLen, byte* sig,
\param saltLen Length of salt used. RSA_PSS_SALT_LEN_DEFAULT (-1) indicates salt \param saltLen Length of salt used. RSA_PSS_SALT_LEN_DEFAULT (-1) indicates salt
length is the same as the hash length. RSA_PSS_SALT_LEN_DISCOVER length is the same as the hash length. RSA_PSS_SALT_LEN_DISCOVER
indicates salt length is determined from the data. indicates salt length is determined from the data.
\param bits igonred \param bits Can be used to calculate salt size in FIPS case
_Example_ _Example_
\code \code
@ -951,8 +949,7 @@ WOLFSSL_API int wc_RsaPSS_CheckPadding(const byte* in, word32 inLen, byte* sig,
\sa wc_RsaPSS_CheckPadding \sa wc_RsaPSS_CheckPadding
*/ */
WOLFSSL_API int wc_RsaPSS_CheckPadding_ex(const byte* in, word32 inLen, byte* sig, WOLFSSL_API int wc_RsaPSS_CheckPadding_ex(const byte* in, word32 inLen, byte* sig,
word32 sigSz, word32 sigSz, enum wc_HashType hashType, int saltLen, int bits);
enum wc_HashType hashType, int saltLen, int bits);
/*! /*!
\ingroup RSA \ingroup RSA
@ -970,7 +967,6 @@ WOLFSSL_API int wc_RsaPSS_CheckPadding_ex(const byte* in, word32 inLen, byte* s
\sa wc_InitRsaKey \sa wc_InitRsaKey
\sa wc_InitRsaKey_ex \sa wc_InitRsaKey_ex
\sa wc_MakeRsaKey \sa wc_MakeRsaKey
\sa XMEMSET
*/ */
WOLFSSL_API int wc_RsaEncryptSize(RsaKey* key); WOLFSSL_API int wc_RsaEncryptSize(RsaKey* key);
@ -1195,7 +1191,7 @@ WOLFSSL_API int wc_RsaKeyToDer(RsaKey*, byte* output, word32 inLen);
*/ */
WOLFSSL_API int wc_RsaPublicEncrypt_ex(const byte* in, word32 inLen, byte* out, WOLFSSL_API int wc_RsaPublicEncrypt_ex(const byte* in, word32 inLen, byte* out,
word32 outLen, RsaKey* key, WC_RNG* rng, int type, word32 outLen, RsaKey* key, WC_RNG* rng, int type,
enum wc_HashType hash, int mgf, byte* label, word32 lableSz); enum wc_HashType hash, int mgf, byte* label, word32 labelSz);
/*! /*!
\ingroup RSA \ingroup RSA
@ -1248,7 +1244,7 @@ WOLFSSL_API int wc_RsaPublicEncrypt_ex(const byte* in, word32 inLen, byte* out,
*/ */
WOLFSSL_API int wc_RsaPrivateDecrypt_ex(const byte* in, word32 inLen, WOLFSSL_API int wc_RsaPrivateDecrypt_ex(const byte* in, word32 inLen,
byte* out, word32 outLen, RsaKey* key, int type, byte* out, word32 outLen, RsaKey* key, int type,
enum wc_HashType hash, int mgf, byte* label, word32 lableSz); enum wc_HashType hash, int mgf, byte* label, word32 labelSz);
/*! /*!
\ingroup RSA \ingroup RSA
@ -1306,7 +1302,7 @@ WOLFSSL_API int wc_RsaPrivateDecrypt_ex(const byte* in, word32 inLen,
*/ */
WOLFSSL_API int wc_RsaPrivateDecryptInline_ex(byte* in, word32 inLen, WOLFSSL_API int wc_RsaPrivateDecryptInline_ex(byte* in, word32 inLen,
byte** out, RsaKey* key, int type, enum wc_HashType hash, byte** out, RsaKey* key, int type, enum wc_HashType hash,
int mgf, byte* label, word32 lableSz); int mgf, byte* label, word32 labelSz);
/*! /*!
\ingroup RSA \ingroup RSA
@ -1348,7 +1344,6 @@ WOLFSSL_API int wc_RsaPrivateDecryptInline_ex(byte* in, word32 inLen,
\sa wc_InitRsaKey \sa wc_InitRsaKey
\sa wc_InitRsaKey_ex \sa wc_InitRsaKey_ex
\sa wc_MakeRsaKey \sa wc_MakeRsaKey
\sa XMEMSET
*/ */
WOLFSSL_API int wc_RsaFlattenPublicKey(RsaKey*, byte*, word32*, byte*, WOLFSSL_API int wc_RsaFlattenPublicKey(RsaKey*, byte*, word32*, byte*,
word32*); word32*);
@ -1365,7 +1360,7 @@ WOLFSSL_API int wc_RsaFlattenPublicKey(RsaKey*, byte*, word32*, byte*,
\return <0 Error \return <0 Error
\param key The RSA key structure to convert. \param key The RSA key structure to convert.
\param output Output buffer to hold DER. \param output Output buffer to hold DER. (if NULL will return length only)
\param inLen Length of buffer. \param inLen Length of buffer.
_Example_ _Example_
@ -1375,18 +1370,55 @@ WOLFSSL_API int wc_RsaFlattenPublicKey(RsaKey*, byte*, word32*, byte*,
wc_RsaInitKey(&key, NULL); wc_RsaInitKey(&key, NULL);
// Use key // Use key
int BUFFER_SIZE = // Some adequate size for the buffer const int BUFFER_SIZE = 1024; // Some adequate size for the buffer
byte output[BUFFER_SIZE]; byte output[BUFFER_SIZE];
if(wc_RsaKeyToPublicDer(&key, output, sizeof(output)) != 0) if (wc_RsaKeyToPublicDer(&key, output, sizeof(output)) != 0) {
{
// Handle Error // Handle Error
} }
\endcode \endcode
\sa wc_RsaPublicKeyDerSize
\sa wc_RsaKeyToPublicDer_ex
\sa wc_RsaInitKey
*/
WOLFSSL_API int wc_RsaKeyToPublicDer(RsaKey* key, byte* output, word32 inLen);
/*!
\ingroup RSA
\brief Convert RSA Public key to DER format. Writes to output, and
returns count of bytes written. If with_header is 0 then only the
( seq + n + e) is returned in ASN.1 DER format and will exclude the header.
\return >0 Success, number of bytes written.
\return BAD_FUNC_ARG Returned if key or output is null.
\return MEMORY_E Returned when an error allocating memory occurs.
\return <0 Error
\param key The RSA key structure to convert.
\param output Output buffer to hold DER. (if NULL will return length only)
\param inLen Length of buffer.
_Example_
\code
RsaKey key;
wc_RsaInitKey(&key, NULL);
// Use key
const int BUFFER_SIZE = 1024; // Some adequate size for the buffer
byte output[BUFFER_SIZE];
if (wc_RsaKeyToPublicDer_ex(&key, output, sizeof(output), 0) != 0) {
// Handle Error
}
\endcode
\sa wc_RsaPublicKeyDerSize
\sa wc_RsaKeyToPublicDer \sa wc_RsaKeyToPublicDer
\sa wc_RsaInitKey \sa wc_RsaInitKey
*/ */
WOLFSSL_API int wc_RsaKeyToPublicDer(RsaKey*, byte* output, word32 inLen); WOLFSSL_API int wc_RsaKeyToPublicDer_ex(RsaKey* key, byte* output, word32 inLen,
int with_header);
/*! /*!
\ingroup RSA \ingroup RSA
@ -1432,7 +1464,7 @@ WOLFSSL_API int wc_RsaKeyToPublicDer(RsaKey*, byte* output, word32 inLen);
\param key pointer to the RsaKey structure in which to store the \param key pointer to the RsaKey structure in which to store the
generated private key generated private key
\param size desired keylenth, in bits. Required to be greater than \param size desired key length, in bits. Required to be greater than
RSA_MIN_SIZE and less than RSA_MAX_SIZE RSA_MIN_SIZE and less than RSA_MAX_SIZE
\param e exponent parameter to use for generating the key. A secure \param e exponent parameter to use for generating the key. A secure
choice is 65537 choice is 65537

1
doc/dox_comments/header_files/ssl.h
View File

@ -7818,7 +7818,6 @@ WOLFSSL_API void wolfSSL_SetFuzzerCb(WOLFSSL* ssl, CallbackFuzzer cbf, void* fCt
\sa ForceZero \sa ForceZero
\sa wc_RNG_GenerateBlock \sa wc_RNG_GenerateBlock
\sa XMEMCPY
*/ */
WOLFSSL_API int wolfSSL_DTLS_SetCookieSecret(WOLFSSL*, WOLFSSL_API int wolfSSL_DTLS_SetCookieSecret(WOLFSSL*,
const unsigned char*, const unsigned char*,

36
doc/dox_comments/header_files/wolfio.h
View File

@ -35,9 +35,9 @@
} }
\endcode \endcode
\sa wolfSSL_dtls_get_current_timeout \sa EmbedSend
\sa TranslateReturnCode \sa wolfSSL_CTX_SetIORecv
\sa RECV_FUNCTION \sa wolfSSL_SSLSetIORecv
*/ */
WOLFSSL_API int EmbedReceive(WOLFSSL* ssl, char* buf, int sz, void* ctx); WOLFSSL_API int EmbedReceive(WOLFSSL* ssl, char* buf, int sz, void* ctx);
@ -73,11 +73,9 @@ WOLFSSL_API int EmbedReceive(WOLFSSL* ssl, char* buf, int sz, void* ctx);
} }
\endcode \endcode
\sa TranslateReturnCode \sa EmbedReceive
\sa SEND_FUNCTION \sa wolfSSL_CTX_SetIOSend
\sa LastError \sa wolfSSL_SSLSetIOSend
\sa InitSSL_Ctx
\sa LastError
*/ */
WOLFSSL_API int EmbedSend(WOLFSSL* ssl, char* buf, int sz, void* ctx); WOLFSSL_API int EmbedSend(WOLFSSL* ssl, char* buf, int sz, void* ctx);
@ -112,9 +110,10 @@ WOLFSSL_API int EmbedSend(WOLFSSL* ssl, char* buf, int sz, void* ctx);
} }
\endcode \endcode
\sa TranslateReturnCode \sa EmbedSendTo
\sa RECVFROM_FUNCTION \sa wolfSSL_CTX_SetIORecv
\sa Setsockopt \sa wolfSSL_SSLSetIORecv
\sa wolfSSL_dtls_get_current_timeout
*/ */
WOLFSSL_API int EmbedReceiveFrom(WOLFSSL* ssl, char* buf, int sz, void*); WOLFSSL_API int EmbedReceiveFrom(WOLFSSL* ssl, char* buf, int sz, void*);
@ -153,9 +152,9 @@ WOLFSSL_API int EmbedReceiveFrom(WOLFSSL* ssl, char* buf, int sz, void*);
} }
\endcode \endcode
\sa LastError \sa EmbedReceiveFrom
\sa EmbedSend \sa wolfSSL_CTX_SetIOSend
\sa EmbedReceive \sa wolfSSL_SSLSetIOSend
*/ */
WOLFSSL_API int EmbedSendTo(WOLFSSL* ssl, char* buf, int sz, void* ctx); WOLFSSL_API int EmbedSendTo(WOLFSSL* ssl, char* buf, int sz, void* ctx);
@ -188,10 +187,7 @@ WOLFSSL_API int EmbedSendTo(WOLFSSL* ssl, char* buf, int sz, void* ctx);
} }
\endcode \endcode
\sa wc_ShaHash \sa wolfSSL_CTX_SetGenCookie
\sa EmbedGenerateCookie
\sa XMEMCPY
\sa XMEMSET
*/ */
WOLFSSL_API int EmbedGenerateCookie(WOLFSSL* ssl, unsigned char* buf, WOLFSSL_API int EmbedGenerateCookie(WOLFSSL* ssl, unsigned char* buf,
int sz, void*); int sz, void*);
@ -212,7 +208,9 @@ WOLFSSL_API int EmbedGenerateCookie(WOLFSSL* ssl, unsigned char* buf,
EmbedOcspRespFree(ctx, resp); EmbedOcspRespFree(ctx, resp);
\endcode \endcode
\sa XFREE \sa wolfSSL_CertManagerSetOCSP_Cb
\sa wolfSSL_CertManagerEnableOCSPStapling
\sa wolfSSL_CertManagerEnableOCSP
*/ */
WOLFSSL_API void EmbedOcspRespFree(void*, unsigned char*); WOLFSSL_API void EmbedOcspRespFree(void*, unsigned char*);

18
tests/api.c
View File

@ -16859,6 +16859,24 @@ static int test_wc_RsaKeyToPublicDer (void)
} }
} }
#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \
(!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION != 2)))
if (ret == 0) {
/* test getting size only */
ret = wc_RsaKeyToPublicDer_ex(&key, NULL, derLen, 0);
if (ret >= 0)
ret = 0;
}
if (ret == 0) {
ret = wc_RsaKeyToPublicDer_ex(&key, der, derLen, 0);
if (ret >= 0) {
ret = 0;
} else {
ret = WOLFSSL_FATAL_ERROR;
}
}
#endif
#ifndef HAVE_USER_RSA #ifndef HAVE_USER_RSA
/* Pass in bad args. */ /* Pass in bad args. */
if (ret == 0) { if (ret == 0) {

57
wolfcrypt/src/asn.c
View File

@ -12065,55 +12065,7 @@ static int SetRsaPublicKey(byte* output, RsaKey* key,
#if !defined(NO_RSA) && (defined(WOLFSSL_CERT_GEN) || defined(OPENSSL_EXTRA)) #if !defined(NO_RSA) && (defined(WOLFSSL_CERT_GEN) || defined(OPENSSL_EXTRA))
int wc_RsaPublicKeyDerSize(RsaKey* key, int with_header) int wc_RsaPublicKeyDerSize(RsaKey* key, int with_header)
{ {
int idx = 0; return SetRsaPublicKey(NULL, key, 0, with_header);
int nSz, eSz, seqSz, bitStringSz, algoSz;
if (key == NULL)
return BAD_FUNC_ARG;
/* n */
#ifdef HAVE_USER_RSA
nSz = SetASNIntRSA(key->n, NULL);
#else
nSz = SetASNIntMP(&key->n, MAX_RSA_INT_SZ, NULL);
#endif
if (nSz < 0) {
return nSz;
}
/* e */
#ifdef HAVE_USER_RSA
eSz = SetASNIntRSA(key->e, NULL);
#else
eSz = SetASNIntMP(&key->e, MAX_RSA_INT_SZ, NULL);
#endif
if (eSz < 0) {
return eSz;
}
seqSz = SetSequence(nSz + eSz, NULL);
/* headers */
if (with_header) {
algoSz = SetAlgoID(RSAk, NULL, oidKeyType, 0);
bitStringSz = SetBitString(seqSz + nSz + eSz, 0, NULL);
idx += SetSequence(nSz + eSz + seqSz + bitStringSz + algoSz, NULL);
/* algo */
idx += algoSz;
/* bit string */
idx += bitStringSz;
}
/* seq */
idx += seqSz;
/* n */
idx += nSz;
/* e */
idx += eSz;
return idx;
} }
#endif /* !NO_RSA && WOLFSSL_CERT_GEN */ #endif /* !NO_RSA && WOLFSSL_CERT_GEN */
@ -12225,6 +12177,13 @@ int wc_RsaKeyToPublicDer(RsaKey* key, byte* output, word32 inLen)
return SetRsaPublicKey(output, key, inLen, 1); return SetRsaPublicKey(output, key, inLen, 1);
} }
/* Returns public DER version of the RSA key. If with_header is 0 then only a
* seq + n + e is returned in ASN.1 DER format */
int wc_RsaKeyToPublicDer_ex(RsaKey* key, byte* output, word32 inLen,
int with_header)
{
return SetRsaPublicKey(output, key, inLen, with_header);
}
#endif /* (WOLFSSL_KEY_GEN || OPENSSL_EXTRA) && !NO_RSA && !HAVE_USER_RSA */ #endif /* (WOLFSSL_KEY_GEN || OPENSSL_EXTRA) && !NO_RSA && !HAVE_USER_RSA */

1
wolfcrypt/src/rsa.c
View File

@ -3542,6 +3542,7 @@ int wc_RsaPSS_CheckPadding(const byte* in, word32 inSz, byte* sig,
* saltLen Length of salt used. RSA_PSS_SALT_LEN_DEFAULT (-1) indicates salt * saltLen Length of salt used. RSA_PSS_SALT_LEN_DEFAULT (-1) indicates salt
* length is the same as the hash length. RSA_PSS_SALT_LEN_DISCOVER * length is the same as the hash length. RSA_PSS_SALT_LEN_DISCOVER
* indicates salt length is determined from the data. * indicates salt length is determined from the data.
* bits Can be used to calculate salt size in FIPS case
* returns BAD_PADDING_E when the PSS data is invalid, BAD_FUNC_ARG when * returns BAD_PADDING_E when the PSS data is invalid, BAD_FUNC_ARG when
* NULL is passed in to in or sig or inSz is not the same as the hash * NULL is passed in to in or sig or inSz is not the same as the hash
* algorithm length and 0 on success. * algorithm length and 0 on success.

7
wolfcrypt/user-crypto/src/rsa.c
View File

@ -2769,6 +2769,13 @@ int wc_RsaKeyToPublicDer(RsaKey* key, byte* output, word32 inLen)
return SetRsaPublicKey(output, key, inLen, 1); return SetRsaPublicKey(output, key, inLen, 1);
} }
/* Returns public DER version of the RSA key. If with_header is 0 then only a
* seq + n + e is returned in ASN.1 DER format */
int wc_RsaKeyToPublicDer_ex(RsaKey* key, byte* output, word32 inLen,
int with_header)
{
return SetRsaPublicKey(output, key, inLen, with_header);
}
#endif /* WOLFSSL_KEY_GEN || OPENSSL_EXTRA */ #endif /* WOLFSSL_KEY_GEN || OPENSSL_EXTRA */

10
wolfssl/wolfcrypt/rsa.h
View File

@ -332,13 +332,13 @@ WOLFSSL_API int wc_RsaPublicKeyDecodeRaw(const byte* n, word32 nSz,
WOLFSSL_API int wc_RsaPublicEncrypt_ex(const byte* in, word32 inLen, byte* out, WOLFSSL_API int wc_RsaPublicEncrypt_ex(const byte* in, word32 inLen, byte* out,
word32 outLen, RsaKey* key, WC_RNG* rng, int type, word32 outLen, RsaKey* key, WC_RNG* rng, int type,
enum wc_HashType hash, int mgf, byte* label, word32 lableSz); enum wc_HashType hash, int mgf, byte* label, word32 labelSz);
WOLFSSL_API int wc_RsaPrivateDecrypt_ex(const byte* in, word32 inLen, WOLFSSL_API int wc_RsaPrivateDecrypt_ex(const byte* in, word32 inLen,
byte* out, word32 outLen, RsaKey* key, int type, byte* out, word32 outLen, RsaKey* key, int type,
enum wc_HashType hash, int mgf, byte* label, word32 lableSz); enum wc_HashType hash, int mgf, byte* label, word32 labelSz);
WOLFSSL_API int wc_RsaPrivateDecryptInline_ex(byte* in, word32 inLen, WOLFSSL_API int wc_RsaPrivateDecryptInline_ex(byte* in, word32 inLen,
byte** out, RsaKey* key, int type, enum wc_HashType hash, byte** out, RsaKey* key, int type, enum wc_HashType hash,
int mgf, byte* label, word32 lableSz); int mgf, byte* label, word32 labelSz);
#if defined(WC_RSA_DIRECT) || defined(WC_RSA_NO_PADDING) #if defined(WC_RSA_DIRECT) || defined(WC_RSA_NO_PADDING)
WOLFSSL_API int wc_RsaDirect(byte* in, word32 inLen, byte* out, word32* outSz, WOLFSSL_API int wc_RsaDirect(byte* in, word32 inLen, byte* out, word32* outSz,
RsaKey* key, int type, WC_RNG* rng); RsaKey* key, int type, WC_RNG* rng);
@ -355,7 +355,9 @@ WOLFSSL_API int wc_RsaExportKey(RsaKey* key,
byte* p, word32* pSz, byte* p, word32* pSz,
byte* q, word32* qSz); byte* q, word32* qSz);
WOLFSSL_API int wc_RsaKeyToPublicDer(RsaKey*, byte* output, word32 inLen); WOLFSSL_API int wc_RsaKeyToPublicDer(RsaKey* key, byte* output, word32 inLen);
WOLFSSL_API int wc_RsaKeyToPublicDer_ex(RsaKey* key, byte* output, word32 inLen,
int with_header);
#ifdef WOLFSSL_KEY_GEN #ifdef WOLFSSL_KEY_GEN
WOLFSSL_API int wc_MakeRsaKey(RsaKey* key, int size, long e, WC_RNG* rng); WOLFSSL_API int wc_MakeRsaKey(RsaKey* key, int size, long e, WC_RNG* rng);