From 57ac7c56505f73ce07fd7510c12cb4ab58980836 Mon Sep 17 00:00:00 2001 From: dangfan Date: Thu, 21 May 2020 19:19:11 +0800 Subject: [PATCH 1/2] WIP: add rsa4096 --- include/rsa.h | 34 ++++++++++++++++++++++++++-------- src/rsa.c | 25 +++++++++++++------------ 2 files changed, 39 insertions(+), 20 deletions(-) diff --git a/include/rsa.h b/include/rsa.h index 90fd288..3cb9329 100644 --- a/include/rsa.h +++ b/include/rsa.h @@ -5,20 +5,38 @@ #include #include -#define RSA_N_BIT 2048u +#define RSA_N_BIT_MAX 4096 #define E_LENGTH 4 -#define N_LENGTH (RSA_N_BIT / 8) -#define PQ_LENGTH (RSA_N_BIT / 16) +#define PQ_LENGTH_MAX (RSA_N_BIT_MAX / 16) typedef struct { + uint16_t nbits; alignas(4) uint8_t e[E_LENGTH]; - alignas(4) uint8_t p[PQ_LENGTH]; - alignas(4) uint8_t q[PQ_LENGTH]; - alignas(4) uint8_t n[N_LENGTH]; + alignas(4) uint8_t p[PQ_LENGTH_MAX]; + alignas(4) uint8_t q[PQ_LENGTH_MAX]; + alignas(4) uint8_t dp[PQ_LENGTH_MAX]; + alignas(4) uint8_t dq[PQ_LENGTH_MAX]; + alignas(4) uint8_t qinv[PQ_LENGTH_MAX]; } rsa_key_t; -int rsa_generate_key(rsa_key_t *key); -int rsa_complete_key(rsa_key_t *key); +/** + * Generate a new RSA key. We always set e = 65537. + * + * @param key The generated key. + * + * @return 0 on success. + */ +int rsa_generate_key(rsa_key_t *key, uint16_t nbits); + +/** + * Compute the public key given a RSA private key. + * + * @param key The given private key. + * @param n The corresponding public key. + * + * @return 0 on success. + */ +int rsa_get_public_key(rsa_key_t *key, uint8_t *n); int rsa_private(rsa_key_t *key, const uint8_t *input, uint8_t *output); int rsa_sign_pkcs_v15(rsa_key_t *key, const uint8_t *data, size_t len, uint8_t *sig); int rsa_decrypt_pkcs_v15(rsa_key_t *key, const uint8_t *in, size_t *olen, uint8_t *out); diff --git a/src/rsa.c b/src/rsa.c index 8c22006..75a6844 100644 --- a/src/rsa.c +++ b/src/rsa.c @@ -33,27 +33,28 @@ static int pkcs1_v15_remove_padding(const uint8_t *in, uint16_t in_len, uint8_t return in_len - (i + 1); } -__attribute__((weak)) int rsa_generate_key(rsa_key_t *key) { +__attribute__((weak)) int rsa_generate_key(rsa_key_t *key, uint16_t nbits) { #ifdef USE_MBEDCRYPTO mbedtls_rsa_context rsa; mbedtls_rsa_init(&rsa, MBEDTLS_RSA_PKCS_V15, 0); - if (mbedtls_rsa_gen_key(&rsa, rnd, NULL, RSA_N_BIT, 65537) < 0) return -1; - if (mbedtls_rsa_export_raw(&rsa, key->n, N_LENGTH, key->p, PQ_LENGTH, key->q, PQ_LENGTH, NULL, 0, key->e, 4) < 0) - return -1; + if (mbedtls_rsa_gen_key(&rsa, rnd, NULL, nbits, 65537) < 0) return -1; + key->nbits = nbits; + int pq_len = nbits / 16; + if (mbedtls_rsa_export_raw(&rsa, NULL, 0, key->p, pq_len, key->q, pq_len, NULL, 0, key->e, 4) < 0) return -1; #else (void)key; #endif return 0; } -__attribute__((weak)) int rsa_complete_key(rsa_key_t *key) { +__attribute__((weak)) int rsa_get_public_key(rsa_key_t *key, uint8_t *n) { #ifdef USE_MBEDCRYPTO mbedtls_rsa_context rsa; mbedtls_rsa_init(&rsa, MBEDTLS_RSA_PKCS_V15, 0); - if (mbedtls_rsa_import_raw(&rsa, NULL, 0, key->p, PQ_LENGTH, key->q, PQ_LENGTH, NULL, 0, key->e, 4) < 0) return -1; + int pq_len = key->nbits / 16; + if (mbedtls_rsa_import_raw(&rsa, NULL, 0, key->p, pq_len, key->q, pq_len, NULL, 0, key->e, 4) < 0) return -1; if (mbedtls_rsa_complete(&rsa) < 0) return -1; - if (mbedtls_rsa_export_raw(&rsa, key->n, N_LENGTH, key->p, PQ_LENGTH, key->q, PQ_LENGTH, NULL, 0, key->e, 4) < 0) - return -1; + if (mbedtls_rsa_export_raw(&rsa, n, pq_len * 2, NULL, 0, NULL, 0, NULL, 0, NULL, 0) < 0) return -1; #else (void)key; #endif @@ -64,8 +65,8 @@ __attribute__((weak)) int rsa_private(rsa_key_t *key, const uint8_t *input, uint #ifdef USE_MBEDCRYPTO mbedtls_rsa_context rsa; mbedtls_rsa_init(&rsa, MBEDTLS_RSA_PKCS_V15, 0); - if (mbedtls_rsa_import_raw(&rsa, key->n, N_LENGTH, key->p, PQ_LENGTH, key->q, PQ_LENGTH, NULL, 0, key->e, 4) < 0) - return -1; + int pq_len = key->nbits / 16; + if (mbedtls_rsa_import_raw(&rsa, NULL, 0, key->p, pq_len, key->q, pq_len, NULL, 0, key->e, 4) < 0) return -1; if (mbedtls_rsa_complete(&rsa) < 0) return -1; if (mbedtls_rsa_private(&rsa, rnd, NULL, input, output) < 0) return -1; #else @@ -77,13 +78,13 @@ __attribute__((weak)) int rsa_private(rsa_key_t *key, const uint8_t *input, uint } int rsa_sign_pkcs_v15(rsa_key_t *key, const uint8_t *data, size_t len, uint8_t *sig) { - if (pkcs1_v15_add_padding(data, len, sig, N_LENGTH) < 0) return -1; + if (pkcs1_v15_add_padding(data, len, sig, key->nbits / 8) < 0) return -1; return rsa_private(key, sig, sig); } int rsa_decrypt_pkcs_v15(rsa_key_t *key, const uint8_t *in, size_t *olen, uint8_t *out) { if (rsa_private(key, in, out) < 0) return -1; - int len = pkcs1_v15_remove_padding(out, N_LENGTH, out); + int len = pkcs1_v15_remove_padding(out, key->nbits / 8, out); if (len < 0) return -1; *olen = len; return 0; From 3727cc43033dce40834ac26586e8a251df54ad98 Mon Sep 17 00:00:00 2001 From: dangfan Date: Thu, 21 May 2020 22:38:10 +0800 Subject: [PATCH 2/2] upgrade mbedtls --- include/rsa.h | 1 + mbed-crypto | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/include/rsa.h b/include/rsa.h index 3cb9329..bee0ee7 100644 --- a/include/rsa.h +++ b/include/rsa.h @@ -23,6 +23,7 @@ typedef struct { * Generate a new RSA key. We always set e = 65537. * * @param key The generated key. + * @param nbits The size of the public key in bits. * * @return 0 on success. */ diff --git a/mbed-crypto b/mbed-crypto index 92348d1..cf4a40b 160000 --- a/mbed-crypto +++ b/mbed-crypto @@ -1 +1 @@ -Subproject commit 92348d1c4931f8c33c2d092928afca556f672c42 +Subproject commit cf4a40ba0a3086cabb5a8227245191161fd26383