Add new crypto callback for RSA with padding.

wolfSSL · Aug 27, 2024 · b7299a2 · b7299a2
1 parent d0475de
commit b7299a2
Show file tree

Hide file tree

Showing 8 changed files with 359 additions and 6 deletions.
diff --git a/tests/api.c b/tests/api.c
@@ -83658,6 +83658,13 @@ static int test_CryptoCb_Func(int thisDevId, wc_CryptoInfo* info, void* ctx)
  info->pk.rsa.type, ret, *info->pk.rsa.outLen);
  #endif
  }
+ #ifdef WOLF_CRYPTO_CB_RSA_PAD
+ else if (info->pk.type == WC_PK_TYPE_RSA_PKCS ||
+ info->pk.type == WC_PK_TYPE_RSA_PSS ||
+ info->pk.type == WC_PK_TYPE_RSA_OAEP) {
+ ret = CRYPTOCB_UNAVAILABLE; /* fallback to software */
+ }
+ #endif /* ifdef WOLF_CRYPTO_CB_RSA_PAD */
  #endif /* !NO_RSA */
  #ifdef HAVE_ECC
  if (info->pk.type == WC_PK_TYPE_EC_KEYGEN) {

diff --git a/wolfcrypt/src/cryptocb.c b/wolfcrypt/src/cryptocb.c
@@ -418,6 +418,62 @@ int wc_CryptoCb_Rsa(const byte* in, word32 inLen, byte* out,
  return wc_CryptoCb_TranslateErrorCode(ret);
 }
 
+#ifdef WOLF_CRYPTO_CB_RSA_PAD
+int wc_CryptoCb_RsaPad(const byte* in, word32 inLen, byte* out,
+ word32* outLen, int type, RsaKey* key, WC_RNG* rng,
+ RsaPadding *padding)
+{
+ int ret = WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE);
+ CryptoCb* dev;
+ int pk_type;
+
+ if (key == NULL)
+ return ret;
+
+ /* locate registered callback */
+ dev = wc_CryptoCb_FindDevice(key->devId, WC_ALGO_TYPE_PK);
+
+ if (padding) {
+ switch(padding->pad_type) {
+#ifndef NO_PKCS11_RSA_PKCS
+ case WC_RSA_PKCSV15_PAD:
+ pk_type = WC_PK_TYPE_RSA_PKCS;
+ break;
+ case WC_RSA_PSS_PAD:
+ pk_type = WC_PK_TYPE_RSA_PSS;
+ break;
+ case WC_RSA_OAEP_PAD:
+ pk_type = WC_PK_TYPE_RSA_OAEP;
+ break;
+#endif /* NO_PKCS11_RSA_PKCS */
+ default:
+ pk_type = WC_PK_TYPE_RSA;
+ }
+ } else {
+ pk_type = WC_PK_TYPE_RSA;
+ }
+
+ if (dev && dev->cb) {
+ wc_CryptoInfo cryptoInfo;
+ XMEMSET(&cryptoInfo, 0, sizeof(cryptoInfo));
+ cryptoInfo.algo_type = WC_ALGO_TYPE_PK;
+ cryptoInfo.pk.type = pk_type;
+ cryptoInfo.pk.rsa.in = in;
+ cryptoInfo.pk.rsa.inLen = inLen;
+ cryptoInfo.pk.rsa.out = out;
+ cryptoInfo.pk.rsa.outLen = outLen;
+ cryptoInfo.pk.rsa.type = type;
+ cryptoInfo.pk.rsa.key = key;
+ cryptoInfo.pk.rsa.rng = rng;
+ cryptoInfo.pk.rsa.padding = padding;
+
+ ret = dev->cb(dev->devId, &cryptoInfo, dev->ctx);
+ }
+
+ return wc_CryptoCb_TranslateErrorCode(ret);
+}
+#endif
+
 #ifdef WOLFSSL_KEY_GEN
 int wc_CryptoCb_MakeRsaKey(RsaKey* key, int size, long e, WC_RNG* rng)
 {

diff --git a/wolfcrypt/src/rsa.c b/wolfcrypt/src/rsa.c
@@ -3112,6 +3112,9 @@ static int wc_RsaFunction_ex(const byte* in, word32 inLen, byte* out,
  int ret = 0;
  (void)rng;
  (void)checkSmallCt;
+#if defined(WOLF_CRYPTO_CB) && defined(WOLF_CRYPTO_CB_RSA_PAD)
+ RsaPadding padding;
+#endif
 
  if (key == NULL || in == NULL || inLen == 0 || out == NULL ||
  outLen == NULL || *outLen == 0 || type == RSA_TYPE_UNKNOWN) {
@@ -3123,7 +3126,18 @@ static int wc_RsaFunction_ex(const byte* in, word32 inLen, byte* out,
  if (key->devId != INVALID_DEVID)
  #endif
  {
+ #if defined(WOLF_CRYPTO_CB_RSA_PAD)
+ /* If we are here, either the RSA PAD callback was already called
+ * and returned that it could not implement for that padding scheme,
+ * or this is a public verify operation. Either way indicate to the
+ * callback that this should be a raw RSA operation with no padding.*/
+ XMEMSET(&padding, 0, sizeof(RsaPadding));
+ padding.pad_type = WC_RSA_NO_PAD;
+ ret = wc_CryptoCb_RsaPad(in, inLen, out,
+ outLen, type, key, rng, &padding);
+ #else
  ret = wc_CryptoCb_Rsa(in, inLen, out, outLen, type, key, rng);
+ #endif
  #ifndef WOLF_CRYPTO_CB_ONLY_RSA
  if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
  return ret;
@@ -3231,6 +3245,9 @@ static int RsaPublicEncryptEx(const byte* in, word32 inLen, byte* out,
  int ret = 0;
  int sz;
  int state;
+#if defined(WOLF_CRYPTO_CB) && defined(WOLF_CRYPTO_CB_RSA_PAD)
+ RsaPadding padding;
+#endif
 
  if (in == NULL || inLen == 0 || out == NULL || key == NULL) {
  return BAD_FUNC_ARG;
@@ -3327,6 +3344,29 @@ static int RsaPublicEncryptEx(const byte* in, word32 inLen, byte* out,
  #endif
  #endif /* WOLFSSL_SE050 */
 
+ #if defined(WOLF_CRYPTO_CB) && defined(WOLF_CRYPTO_CB_RSA_PAD)
+ if (key->devId != INVALID_DEVID) {
+ XMEMSET(&padding, 0, sizeof(RsaPadding));
+ padding.pad_value = pad_value;
+ padding.pad_type = pad_type;
+ padding.hash = hash;
+ padding.mgf = mgf;
+ padding.label = label;
+ padding.labelSz = labelSz;
+ padding.saltLen = saltLen;
+ ret = wc_CryptoCb_RsaPad(in, inLen, out, &outLen, rsa_type, key, rng,
+ &padding);
+
+ if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) {
+ if (ret < 0) {
+ break;
+ }
+
+ ret = outLen;
+ break;
+ }
+ }
+ #endif
  key->state = RSA_STATE_ENCRYPT_PAD;
  ret = wc_RsaPad_ex(in, inLen, out, (word32)sz, pad_value, rng, pad_type,
  hash, mgf, label, labelSz, saltLen,
@@ -3406,6 +3446,9 @@ static int RsaPrivateDecryptEx(const byte* in, word32 inLen, byte* out,
 {
  int ret = WC_NO_ERR_TRACE(RSA_WRONG_TYPE_E);
  byte* pad = NULL;
+#if defined(WOLF_CRYPTO_CB) && defined(WOLF_CRYPTO_CB_RSA_PAD)
+ RsaPadding padding;
+#endif
 
  if (in == NULL || inLen == 0 || out == NULL || key == NULL) {
  return BAD_FUNC_ARG;
@@ -3516,6 +3559,25 @@ static int RsaPrivateDecryptEx(const byte* in, word32 inLen, byte* out,
  FALL_THROUGH;
 
  case RSA_STATE_DECRYPT_EXPTMOD:
+#if defined(WOLF_CRYPTO_CB) && defined(WOLF_CRYPTO_CB_RSA_PAD)
+ if ((key->devId != INVALID_DEVID) && (rsa_type != RSA_PUBLIC_DECRYPT)) {
+ /* Everything except verify goes to crypto cb if
+ * WOLF_CRYPTO_CB_RSA_PAD defined */
+ XMEMSET(&padding, 0, sizeof(RsaPadding));
+ padding.pad_value = pad_value;
+ padding.pad_type = pad_type;
+ padding.hash = hash;
+ padding.mgf = mgf;
+ padding.label = label;
+ padding.labelSz = labelSz;
+ padding.saltLen = saltLen;
+ ret = wc_CryptoCb_RsaPad(in, inLen, out,
+ &outLen, rsa_type, key, rng, &padding);
+ if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) {
+ break;
+ }
+ }
+#endif
 #if !defined(WOLFSSL_RSA_VERIFY_ONLY) && !defined(WOLFSSL_RSA_VERIFY_INLINE) && \
  !defined(WOLFSSL_NO_MALLOC)
  ret = wc_RsaFunction_ex(key->data, inLen, key->data, &key->dataLen,