/******************************************************************************************
@brief CRYS_RSA_Get_ModSizeFromPubKey extracts the modulus size from a given public key data structure.
@param[in] UserPubKey_ptr - A pointer to the public key structure, as returned by
CRYS_RSA_Build_PubKey.
@param[out] ModulusSize_ptr - The actual size of the modulus, in bytes.
*/
CEXPORT_C CRYSError_t CRYS_RSA_Get_ModSizeFromPubKey(
CRYS_RSAUserPubKey_t *UserPubKey_ptr,
DxUint16_t *ModulusSize_ptr)
{
/* LOCAL DECLERATIONS */
/* the public key database pointer */
CRYSRSAPubKey_t *PubKey_ptr;
/* FUNCTION DECLERATIONS */
/* ............... if not supported exit .............................. */
/* -------------------------------------------------------------------- */
RETURN_IF_RSA_UNSUPPORTED( UserPubKey_ptr , ModulusSize_ptr , PubKey_ptr ,
PubKey_ptr , PubKey_ptr , PubKey_ptr ,
PubKey_ptr , PubKey_ptr , PubKey_ptr,
PubKey_ptr , PubKey_ptr , PubKey_ptr , PubKey_ptr ,
PubKey_ptr , PubKey_ptr , PubKey_ptr ,
PubKey_ptr , PubKey_ptr , PubKey_ptr ,
PubKey_ptr , PubKey_ptr , PubKey_ptr );
#ifndef CRYS_NO_HASH_SUPPORT
#ifndef CRYS_NO_PKI_SUPPORT
/* ................. checking the validity of the pointer arguments ....... */
/* ------------------------------------------------------------------------ */
/* ...... checking the key database handle pointer .................... */
if(UserPubKey_ptr == DX_NULL)
return CRYS_RSA_INVALID_PUB_KEY_STRUCT_POINTER_ERROR;
/* checking the modulus size output pointer validity */
if(ModulusSize_ptr == DX_NULL)
return CRYS_RSA_INVALID_MOD_BUFFER_SIZE_POINTER;
/* if the users TAG is illegal return an error - the context is invalid */
if(UserPubKey_ptr->valid_tag != CRYS_RSA_PUB_KEY_VALIDATION_TAG)
return CRYS_RSA_PUB_KEY_VALIDATION_TAG_ERROR;
#ifndef DX_OEM_FW
if (DxCcAcl_IsBuffAccessOk(ACCESS_READ, UserPubKey_ptr, sizeof(CRYS_RSAUserPubKey_t)) ||
DxCcAcl_IsBuffAccessOk(ACCESS_READ_WRITE, ModulusSize_ptr, sizeof(DxUint32_t))){
return CRYS_RSA_ILLEGAL_PARAMS_ACCORDING_TO_PRIV_ERROR;
}
#endif
/* setting the pointer to the key database */
PubKey_ptr = (CRYSRSAPubKey_t*)UserPubKey_ptr->PublicKeyDbBuff;
/* calculating the required size in bytes */
*ModulusSize_ptr = (DxUint16_t)((PubKey_ptr->nSizeInBits+7) / 8);
return CRYS_OK;
#endif /* !CRYS_NO_HASH_SUPPORT */
#endif /* !CRYS_NO_PKI_SUPPORT */
}/* END OF CRYS_RSA_Get_ModSizeFromPubKey */
/**
* This function finalizes the HMAC processing of a data block.
* The function receives as input a handle to the HMAC Context that was previously initialized
* by a CRYS_HMAC_Init function or by a CRYS_HMAC_Update function.
* This function finishes the HASH operation on the ipad and text, and then
* executes a new HASH operation with the key XOR opad and the previous HASH operation result.
*
* @param[in] ContextID_ptr - A pointer to the HMAC context buffer allocated by the user
* that is used for the HMAC machine operation.
*
* @retval HmacResultBuff - A pointer to the target buffer where the
* HMAC result stored in the context is loaded to.
*
* @return CRYSError_t - On success the function returns CRYS_OK,
* and on failure a non-ZERO error.
*/
CIMPORT_C CRYSError_t CRYS_HMAC_Finish( CRYS_HMACUserContext_t *ContextID_ptr,
CRYS_HASH_Result_t HmacResultBuff )
{
struct sep_ctx_hmac *pHmacContext;
CRYS_HMACPrivateContext_t *pHmacPrivContext;
int symRc = DX_RET_OK;
uint32_t hmacDigesSize;
/* if the users context ID pointer is DX_NULL return an error */
if( ContextID_ptr == DX_NULL ) {
return CRYS_HMAC_INVALID_USER_CONTEXT_POINTER_ERROR;
}
/* check validity for priv */
if (DxCcAcl_IsBuffAccessOk(ACCESS_READ_WRITE, ContextID_ptr, sizeof(CRYS_HMACUserContext_t))) {
return CRYS_HMAC_ILLEGAL_PARAMS_ERROR;
}
/* Get pointer to contiguous context in the HOST buffer */
pHmacContext = (struct sep_ctx_hmac *)DX_GetUserCtxLocation(ContextID_ptr->buff);
pHmacPrivContext = (CRYS_HMACPrivateContext_t *)&(((uint32_t*)pHmacContext)[CRYS_HMAC_USER_CTX_ACTUAL_SIZE_IN_WORDS-1]);
/* check validity for priv */
if (DxCcAcl_IsBuffAccessOk(ACCESS_READ_WRITE, pHmacContext, sizeof(struct sep_ctx_hmac))) {
return CRYS_HMAC_ILLEGAL_PARAMS_ERROR;
}
if (pHmacPrivContext->isLastBlockProcessed == 0) {
symRc = SymDriverAdaptorFinalize((struct sep_ctx_generic *)pHmacContext, NULL, NULL, 0);
if (symRc != DX_RET_OK) {
return DX_CRYS_RETURN_ERROR(symRc, 0, SymAdaptor2CrysHmacErr);
}
}
switch(pHmacContext->mode){
case SEP_HASH_SHA1:
hmacDigesSize = SEP_SHA1_DIGEST_SIZE;
break;
case SEP_HASH_SHA224:
hmacDigesSize = SEP_SHA224_DIGEST_SIZE;
break;
case SEP_HASH_SHA256:
hmacDigesSize = SEP_SHA256_DIGEST_SIZE;
break;
case SEP_HASH_SHA384:
hmacDigesSize = SEP_SHA384_DIGEST_SIZE;
break;
case SEP_HASH_SHA512:
hmacDigesSize = SEP_SHA512_DIGEST_SIZE;
break;
default:
hmacDigesSize = -1;
break;
}
DX_PAL_MemCopy(HmacResultBuff, pHmacContext->digest, hmacDigesSize);
return CRYS_OK;
}
/**
* @brief This function is used to initialize the RC4 machine.
* To operate the RC4 machine, this should be the first function called.
*
* @param[in] ContextID_ptr - A pointer to the RC4 context buffer that is allocated by the user
* and is used for the RC4 machine operation.
* @param[in] Key_ptr - A pointer to the user's key buffer.
* @param[in] KeySize - The size of the KEY in bytes. Requirements:
* - for SW implementation 0 < KeySize < CRYS_RC4_MAX_KEY_SIZE_IN_BYTES,
* - for HW implementation LLF_RC4_MIN_KEY_SIZE_IN_BYTES < KeySize < LLF_RC4_MAX_KEY_SIZE_IN_BYTES,
*
* @return CRYSError_t - CRYS_OK,
* CRYS_RC4_INVALID_USER_CONTEXT_POINTER_ERROR,
* CRYS_RC4_ILLEGAL_KEY_SIZE_ERROR,
* CRYS_RC4_INVALID_KEY_POINTER_ERROR
*/
CIMPORT_C CRYSError_t CRYS_RC4_Init(CRYS_RC4UserContext_t *ContextID_ptr,
DxUint8_t *Key_ptr,
DxUint32_t KeySizeInBytes)
{
int symRc = DX_RET_OK;
/* pointer on SEP RC4 context struct*/
struct sep_ctx_rc4 *pRc4Context;
/* ............... checking the parameters validity ................... */
/* -------------------------------------------------------------------- */
/* if the users context ID pointer is DX_NULL return an error */
if (ContextID_ptr == DX_NULL) {
return CRYS_RC4_INVALID_USER_CONTEXT_POINTER_ERROR;
}
/* If the Keys size is invalid return an error */
if ((KeySizeInBytes == 0) ||
(KeySizeInBytes > CRYS_RC4_MAX_KEY_SIZE_IN_BYTES)) {
return CRYS_RC4_ILLEGAL_KEY_SIZE_ERROR;
}
/* If the the key pointer is not validity */
if (Key_ptr == DX_NULL) {
return CRYS_RC4_INVALID_KEY_POINTER_ERROR;
}
/* check validity for priv */
if ( DxCcAcl_IsBuffAccessOk(ACCESS_READ, Key_ptr, KeySizeInBytes) ||
DxCcAcl_IsBuffAccessOk(ACCESS_READ_WRITE, ContextID_ptr, sizeof(CRYS_RC4UserContext_t)) ) {
return CRYS_RC4_ILLEGAL_PARAMS_ERROR;
}
/* Get pointer within the buffer that can accomodate context without
crossing a page */
pRc4Context = (struct sep_ctx_rc4 *)DX_InitUserCtxLocation(ContextID_ptr->buff,
sizeof(CRYS_RC4UserContext_t),
sizeof(struct sep_ctx_rc4));
pRc4Context->alg = SEP_CRYPTO_ALG_RC4;
pRc4Context->key_size = KeySizeInBytes;
DX_PAL_MemCopy(pRc4Context->key, Key_ptr, KeySizeInBytes);
/* ................. calling the low level init function ................. */
/* ----------------------------------------------------------------------- */
symRc = SymDriverAdaptorInit((struct sep_ctx_generic *)pRc4Context);
return DX_CRYS_RETURN_ERROR(symRc, 0, SymAdaptor2CrysRc4Err);
}
/**
* @brief This function is used to end the RC4 processing session.
* It is the last function called for the RC4 process.
*
*
* @param[in] ContextID_ptr - A pointer to the RC4 context buffer allocated by the user that
* is used for the RC4 machine operation. This should be the
* same context as was used for the previous call of this session.
*
*
* @return CRYSError_t - CRYS_OK,
* CRYS_RC4_INVALID_USER_CONTEXT_POINTER_ERROR,
*/
CIMPORT_C CRYSError_t CRYS_RC4_Free(CRYS_RC4UserContext_t *ContextID_ptr )
{
/* The return error identifiers */
CRYSError_t Error = CRYS_OK;
/* ............... checking the parameters validity ................... */
/* -------------------------------------------------------------------- */
/* if the users context ID pointer is DX_NULL return an error */
if (ContextID_ptr == DX_NULL) {
return CRYS_RC4_INVALID_USER_CONTEXT_POINTER_ERROR;
}
/* check validity for priv */
if (DxCcAcl_IsBuffAccessOk(ACCESS_READ_WRITE, ContextID_ptr, sizeof(CRYS_RC4UserContext_t))) {
return CRYS_RC4_ILLEGAL_PARAMS_ERROR;
}
/* .............. clearing the users context .......................... */
/* -------------------------------------------------------------------- */
DX_PAL_MemSetZero(ContextID_ptr, sizeof(CRYS_RC4UserContext_t));
return Error;
}
/**
* This function process a block of data via the HASH Hardware.
* The function receives as input an handle to the HASH Context , that was initialized before
* by an CRYS_HASH_Init function or by other CRYS_HASH_Update
* function. The function Sets the hardware with the last H's
* value that where stored in the CRYS HASH context and then
* process the data block using the hardware and in the end of
* the process stores in the HASH context the H's value HASH
* Context with the cryptographic attributes that are needed for
* the HASH block operation ( initialize H's value for the HASH
* algorithm ). This function is used in cases not all the data
* is arrange in one continues buffer.
*
* The function flow:
*
* 1) checking the parameters validty if there is an error the function shall exit with an error code.
* 2) Aquiring the working context from the CCM manager.
* 3) If there isnt enouth data in the previous update data buff in the context plus the received data
* load it to the context buffer and exit the function.
* 4) fill the previous update data buffer to contain an entire block.
* 5) Calling the hardware low level function to execute the update.
* 6) fill the previous update data buffer with the data not processed at the end of the received data.
* 7) release the CCM context.
*
* @param[in] ContextID_ptr - a pointer to the HASH context buffer allocated by the user that
* is used for the HASH machine operation.
*
* @param DataIn_ptr a pointer to the buffer that stores the data to be
* hashed .
*
* @param DataInSize The size of the data to be hashed in bytes.
*
* @return CRYSError_t on success the function returns CRYS_OK else non ZERO error.
*
*/
CEXPORT_C CRYSError_t CRYS_HASH_Update(CRYS_HASHUserContext_t* ContextID_ptr,
DxUint8_t* DataIn_ptr,
DxUint32_t DataInSize )
{
struct sep_ctx_hash *pHashContext;
CRYS_HASHPrivateContext_t *pHashPrivContext;
int symRc = DX_RET_OK;
int hash_block_size_in_bytes = 0;
if ( ContextID_ptr == DX_NULL ) {
return CRYS_HASH_INVALID_USER_CONTEXT_POINTER_ERROR;
}
if( DataInSize == 0 ) {
return CRYS_OK;
}
if( DataIn_ptr == DX_NULL ) {
return CRYS_HASH_DATA_IN_POINTER_INVALID_ERROR;
}
// PRINT_INFO("--->NOW enter into CRYS_HASH_Update\n");
/* check validity for priv */
if (DxCcAcl_IsBuffAccessOk(ACCESS_READ_WRITE, ContextID_ptr, sizeof(CRYS_HASHUserContext_t))) {
return CRYS_HASH_ILLEGAL_PARAMS_ERROR;
}
/* Get pointer to contiguous context in the HOST buffer */
pHashContext = (struct sep_ctx_hash *)DX_GetUserCtxLocation(ContextID_ptr->buff);
pHashPrivContext = (CRYS_HASHPrivateContext_t *)&(((uint32_t*)pHashContext)[CRYS_HASH_USER_CTX_ACTUAL_SIZE_IN_WORDS-1]);
if (pHashPrivContext->isLastBlockProcessed != 0) {
return CRYS_HASH_LAST_BLOCK_ALREADY_PROCESSED_ERROR;
}
if (pHashContext->mode < SEP_HASH_SHA512)
hash_block_size_in_bytes = CRYS_HASH_BLOCK_SIZE_IN_BYTES;
else
hash_block_size_in_bytes = CRYS_HASH_SHA512_BLOCK_SIZE_IN_BYTES;
if ((DataInSize % hash_block_size_in_bytes) == 0) {
symRc = SymDriverAdaptorProcess((struct sep_ctx_generic *)pHashContext,
DataIn_ptr, NULL, DataInSize);
if (symRc != DX_RET_OK) {
return DX_CRYS_RETURN_ERROR(symRc, 0, SymAdaptor2CrysHashErr);
}
} else { /* this is the last block */
pHashPrivContext->isLastBlockProcessed = 1;
symRc = SymDriverAdaptorFinalize((struct sep_ctx_generic *)pHashContext,
DataIn_ptr, NULL, DataInSize);
if (symRc != DX_RET_OK) {
return DX_CRYS_RETURN_ERROR(symRc, 0, SymAdaptor2CrysHashErr);
}
}
//PRINT_INFO("--->NOW leave CRYS_HASH_Update\n");
return CRYS_OK;
}
/**
* This function initializes the HASH machine on the CRYS level.
*
* This function allocates and initializes the HASH Context .
* The function receives as input a pointer to store the context handle to HASH Context ,
* it initializes the
* HASH Context with the cryptographic attributes that are needed for
* the HASH block operation ( initialize H's value for the HASH algorithm ).
*
* The function flow:
*
* 1) checking the validity of the arguments - returnes an error on an illegal argument case.
* 2) Aquiring the working context from the CCM manager.
* 3) Initializing the context with the parameters passed by the user and with the init values
* of the HASH.
* 4) loading the user tag to the context.
* 5) release the CCM context.
*
* @param[in] ContextID_ptr - a pointer to the HASH context buffer allocated by the user that
* is used for the HASH machine operation.
*
* @param[in] OperationMode - The operation mode : MD5 or SHA1.
*
* @return CRYSError_t on success the function returns CRYS_OK else non ZERO error.
*
*/
CEXPORT_C CRYSError_t CRYS_HASH_Init(CRYS_HASHUserContext_t* ContextID_ptr,
CRYS_HASH_OperationMode_t OperationMode)
{
struct sep_ctx_hash *pHashContext;
CRYS_HASHPrivateContext_t *pHashPrivContext;
int symRc = DX_RET_OK;
if ( ContextID_ptr == DX_NULL ) {
return CRYS_HASH_INVALID_USER_CONTEXT_POINTER_ERROR;
}
if( OperationMode >= CRYS_HASH_NumOfModes ) {
//PRINT_INFO("HASH MODE ERROR\n");
return CRYS_HASH_ILLEGAL_OPERATION_MODE_ERROR;
}
/*pointer for CTX allocation*/
/* FUNCTION LOGIC */
/* check validity for priv */
if (DxCcAcl_IsBuffAccessOk(ACCESS_READ_WRITE, ContextID_ptr, sizeof(CRYS_HASHUserContext_t))) {
return CRYS_HASH_ILLEGAL_PARAMS_ERROR;
}
/* Get pointer to contiguous context in the HOST buffer */
pHashContext = (struct sep_ctx_hash *)DX_InitUserCtxLocation(ContextID_ptr->buff,
sizeof(CRYS_HASHUserContext_t),
sizeof(struct sep_ctx_hash));
pHashPrivContext = (CRYS_HASHPrivateContext_t *)&(((uint32_t*)pHashContext)[CRYS_HASH_USER_CTX_ACTUAL_SIZE_IN_WORDS-1]);
pHashContext->alg = SEP_CRYPTO_ALG_HASH;
pHashPrivContext->isLastBlockProcessed = 0;
switch (OperationMode) {
case CRYS_HASH_SHA1_mode:
pHashContext->mode = SEP_HASH_SHA1;
break;
case CRYS_HASH_SHA224_mode:
pHashContext->mode = SEP_HASH_SHA224;
break;
case CRYS_HASH_SHA256_mode:
pHashContext->mode = SEP_HASH_SHA256;
break;
case CRYS_HASH_SHA384_mode:
pHashContext->mode = SEP_HASH_SHA384;
break;
case CRYS_HASH_SHA512_mode:
pHashContext->mode = SEP_HASH_SHA512;
break;
case CRYS_HASH_MD5_mode:
default:
return CRYS_HASH_ILLEGAL_OPERATION_MODE_ERROR;
}
//PRINT_INFO("--->NOW into CRYS_HASH_Init,begin SymDriverAdaptorInit\n");
symRc = SymDriverAdaptorInit((struct sep_ctx_generic *)pHashContext);
//PRINT_INFO("---> after SymDriverAdaptorInit,symRc=0x%x\n",symRc);
return DX_CRYS_RETURN_ERROR(symRc, 0, SymAdaptor2CrysHashErr);
}
CEXPORT_C CRYSError_t CRYS_HASH_Finish( CRYS_HASHUserContext_t* ContextID_ptr,
CRYS_HASH_Result_t HashResultBuff )
{
struct sep_ctx_hash *pHashContext;
CRYS_HASHPrivateContext_t *pHashPrivContext;
int symRc = DX_RET_OK;
//PRINT_INFO("--->NOW enter into CRYS_HASH_Finish\n");
if ( ContextID_ptr == DX_NULL ) {
return CRYS_HASH_INVALID_USER_CONTEXT_POINTER_ERROR;
}
if ( HashResultBuff == DX_NULL ) {
return CRYS_HASH_INVALID_RESULT_BUFFER_POINTER_ERROR;
}
/* check validity for priv */
if (DxCcAcl_IsBuffAccessOk(ACCESS_READ_WRITE, ContextID_ptr, sizeof(CRYS_HASHUserContext_t))) {
return CRYS_HASH_ILLEGAL_PARAMS_ERROR;
}
/* Get pointer to contiguous context in the HOST buffer */
pHashContext = (struct sep_ctx_hash *)DX_GetUserCtxLocation(ContextID_ptr->buff);
pHashPrivContext = (CRYS_HASHPrivateContext_t *)&(((uint32_t*)pHashContext)[CRYS_HASH_USER_CTX_ACTUAL_SIZE_IN_WORDS-1]);
/* check access permission for applet */
if (DxCcAcl_IsBuffAccessOk(ACCESS_READ_WRITE, HashResultBuff, sizeof(struct sep_ctx_hash))) {
return CRYS_HASH_ILLEGAL_PARAMS_ERROR;
}
if (pHashPrivContext->isLastBlockProcessed == 0) {
symRc = SymDriverAdaptorFinalize((struct sep_ctx_generic *)pHashContext, NULL, NULL, 0);
if (symRc != DX_RET_OK) {
return DX_CRYS_RETURN_ERROR(symRc, 0, SymAdaptor2CrysHashErr);
}
}
/* Copy the result to the user buffer */
DX_PAL_MemCopy(HashResultBuff, pHashContext->digest, CRYS_HASH_RESULT_SIZE_IN_WORDS*sizeof(DxUint32_t));
return CRYS_OK;
}
CIMPORT_C CRYSError_t CRYS_HMAC_Update(CRYS_HMACUserContext_t *ContextID_ptr,
DxUint8_t *DataIn_ptr,
DxUint32_t DataInSize )
{
struct sep_ctx_hmac *pHmacContext;
CRYS_HMACPrivateContext_t *pHmacPrivContext;
int symRc = DX_RET_OK;
uint32_t blockSizeBytes;
/* if the users context ID pointer is DX_NULL return an error */
if( ContextID_ptr == DX_NULL ) {
return CRYS_HMAC_INVALID_USER_CONTEXT_POINTER_ERROR;
}
/* if the users Data In pointer is illegal and the size is not 0 return an error */
if( (DataIn_ptr == DX_NULL) && DataInSize ) {
return CRYS_HMAC_DATA_IN_POINTER_INVALID_ERROR;
}
/* if the data size is zero no need to execute an update , return CRYS_OK */
if( DataInSize == 0 ) {
return CRYS_OK;
}
/* check validity for priv */
if (DxCcAcl_IsBuffAccessOk(ACCESS_READ_WRITE, ContextID_ptr, sizeof(CRYS_HMACUserContext_t))) {
return CRYS_HMAC_ILLEGAL_PARAMS_ERROR;
}
/* Get pointer to contiguous context in the HOST buffer */
pHmacContext = (struct sep_ctx_hmac *)DX_GetUserCtxLocation(ContextID_ptr->buff);
pHmacPrivContext = (CRYS_HMACPrivateContext_t *)&(((uint32_t*)pHmacContext)[CRYS_HMAC_USER_CTX_ACTUAL_SIZE_IN_WORDS-1]);
if (pHmacPrivContext->isLastBlockProcessed != 0) {
return CRYS_HMAC_LAST_BLOCK_ALREADY_PROCESSED_ERROR;
}
blockSizeBytes = GetHmacBlocktSize(pHmacContext->mode);
if ((DataInSize % blockSizeBytes) == 0) {
symRc = SymDriverAdaptorProcess((struct sep_ctx_generic *)pHmacContext,
DataIn_ptr, NULL, DataInSize);
if (symRc != DX_RET_OK) {
return DX_CRYS_RETURN_ERROR(symRc, 0, SymAdaptor2CrysHmacErr);
}
} else { /* this is the last block */
pHmacPrivContext->isLastBlockProcessed = 1;
symRc = SymDriverAdaptorFinalize((struct sep_ctx_generic *)pHmacContext,
DataIn_ptr, NULL, DataInSize);
if (symRc != DX_RET_OK) {
return DX_CRYS_RETURN_ERROR(symRc, 0, SymAdaptor2CrysHmacErr);
}
}
return CRYS_OK;
}
/**
* @brief This function is used to process a stream on the RC4 machine.
* This function should be called after the CRYS_RS4_Init.
*
*
* @param[in] ContextID_ptr - A pointer to the RC4 context buffer allocated by the user
* that is used for the RC4 machine operation. This should be the
* same context as was used for the previous call of this session.
*
* @param[in] DataIn_ptr - The pointer to the buffer of the input data to the RC4.
* The pointer's value does not need to be word-aligned.
*
* @param[in] DataInSize - The size of the input data.
*
* @param[in,out] DataOut_ptr - The pointer to the buffer of the output data from the RC4.
* The pointer's value does not need to be word-aligned.
*
* @return CRYSError_t - CRYS_OK,
* CRYS_RC4_INVALID_USER_CONTEXT_POINTER_ERROR,
* CRYS_RC4_ILLEGAL_KEY_SIZE_ERROR,
* CRYS_RC4_INVALID_KEY_POINTER_ERROR
*/
CIMPORT_C CRYSError_t CRYS_RC4_Stream(CRYS_RC4UserContext_t *ContextID_ptr,
DxUint8_t *DataIn_ptr,
DxUint32_t DataInSize,
DxUint8_t *DataOut_ptr)
{
int symRc = DX_RET_OK;
/* pointer on SEP RC4 context struct*/
struct sep_ctx_rc4 *pRc4Context;
/* ............... checking the parameters validity ................... */
/* -------------------------------------------------------------------- */
/* if no data to process -we're done */
if (DataInSize == 0) {
return CRYS_OK;
}
/* if the users context ID pointer is DX_NULL return an error */
if (ContextID_ptr == DX_NULL) {
return CRYS_RC4_INVALID_USER_CONTEXT_POINTER_ERROR;
}
/* if the users Data In pointer is illegal return an error */
if (DataIn_ptr == DX_NULL) {
return CRYS_RC4_DATA_IN_POINTER_INVALID_ERROR;
}
/* if the users Data Out pointer is illegal return an error */
if (DataOut_ptr == DX_NULL) {
return CRYS_RC4_DATA_OUT_POINTER_INVALID_ERROR;
}
/* data size must be a positive number */
if (DataInSize == 0) {
return CRYS_RC4_DATA_SIZE_ILLEGAL;
}
/* check validity for priv */
if (DxCcAcl_IsBuffAccessOk(ACCESS_READ_WRITE, ContextID_ptr, sizeof(CRYS_RC4UserContext_t))) {
return CRYS_RC4_ILLEGAL_PARAMS_ERROR;
}
pRc4Context = (struct sep_ctx_rc4 *)DX_GetUserCtxLocation(ContextID_ptr->buff);
symRc = SymDriverAdaptorProcess((struct sep_ctx_generic *)pRc4Context,
DataIn_ptr, DataOut_ptr, DataInSize);
return DX_CRYS_RETURN_ERROR(symRc, 0, SymAdaptor2CrysRc4Err);
}
/**
* @brief This function clears the hash context
*
* @param[in] ContextID_ptr - a pointer to the HMAC context
* buffer allocated by the user that is
* used for the HMAC machine operation.
* This should be the same context that
* was used on the previous call of this
* session.
*
* @return CRYSError_t - On success CRYS_OK is returned, on failure a
* value MODULE_* crys_hash_error.h
*/
CEXPORT_C CRYSError_t CRYS_HMAC_Free(CRYS_HMACUserContext_t *ContextID_ptr)
{
if ( ContextID_ptr == DX_NULL ) {
return CRYS_HMAC_INVALID_USER_CONTEXT_POINTER_ERROR;
}
/* check validity for priv */
if (DxCcAcl_IsBuffAccessOk(ACCESS_READ_WRITE, ContextID_ptr, sizeof(CRYS_HMACUserContext_t))) {
return CRYS_HMAC_ILLEGAL_PARAMS_ERROR;
}
DX_PAL_MemSetZero(ContextID_ptr, sizeof(CRYS_HMACUserContext_t));
return CRYS_OK;
}
/**
* @brief This function is used to end the DES processing session.
* It is the last function called for the DES process.
*
*
* @param[in] ContextID_ptr - A pointer to the DES context buffer allocated by the user that
* is used for the DES machine operation. this should be the
* same context that was used on the previous call of this session.
*
* @return CRYSError_t - On success the value CRYS_OK is returned,
* and on failure a value from crys_error.h
*/
CIMPORT_C CRYSError_t CRYS_DES_Free(CRYS_DESUserContext_t *ContextID_ptr)
{
/* if the users context ID pointer is DX_NULL return an error */
if( ContextID_ptr == DX_NULL ) {
return CRYS_DES_INVALID_USER_CONTEXT_POINTER_ERROR;
}
/* check validity for priv */
if (DxCcAcl_IsBuffAccessOk(ACCESS_READ_WRITE, ContextID_ptr, sizeof(CRYS_DESUserContext_t))) {
return CRYS_DES_ILLEGAL_PARAMS_ERROR;
}
DX_PAL_MemSetZero(ContextID_ptr, sizeof(CRYS_DESUserContext_t));
return CRYS_OK;
}
/**
* @brief This function clears the hash context
*
* @param[in] ContextID_ptr - a pointer to the HASH context
* buffer allocated by the user that is
* used for the HASH machine operation.
* This should be the same context that
* was used on the previous call of this
* session.
*
* @return CRYSError_t - On success CRYS_OK is returned, on failure a
* value MODULE_* crys_hash_error.h
*/
CEXPORT_C CRYSError_t CRYS_HASH_Free( CRYS_HASHUserContext_t *ContextID_ptr )
{
// PRINT_INFO("--->NOW into CRYS_HASH_Free\n");
if ( ContextID_ptr == DX_NULL ) {
return CRYS_HASH_INVALID_USER_CONTEXT_POINTER_ERROR;
}
/* check validity for priv */
if (DxCcAcl_IsBuffAccessOk(ACCESS_READ_WRITE, ContextID_ptr, sizeof(CRYS_HASHUserContext_t))) {
return CRYS_HASH_ILLEGAL_PARAMS_ERROR;
}
DX_PAL_MemSetZero(ContextID_ptr, sizeof(CRYS_HASHUserContext_t));
//PRINT_INFO("--->NOW leave CRYS_HASH_Free\n");
return CRYS_OK;
}
/*!
* This function is used to initilize the combined or tunneling operations.
* It should be called first in process sequence.
*
* \param pConfig A pointer to the Configuration Nodes array (NodesConfig).
* This array represents the user combined scheme.
*
* \return CIMPORT_C CRYSError_t On success the value CRYS_OK is returned,
* and on failure - a value from crys_combined_error.h
*/
CIMPORT_C CRYSError_t CRYS_Combined_Init(CrysCombinedConfig_t *pConfig)
{
/* parameters check */
if (pConfig == DX_NULL) {
return CRYS_COMBINED_INVALID_NODES_CONFIG_POINTER_ERROR;
}
/* check validity for priv */
if (DxCcAcl_IsBuffAccessOk(ACCESS_READ, pConfig, sizeof(CrysCombinedConfig_t))) {
return CRYS_COMBINED_ILLEGAL_PARAMS_ERROR;
}
/* we do not call adaptor init since the symmetric crypto driver
does nothing for this API */
return CRYS_OK;
}
/**
* @brief This function is used to process a block on the DES machine.
* This function should be called after the CRYS_DES_Init function was called.
*
*
* @param[in] ContextID_ptr - a pointer to the DES context buffer allocated by the user that
* is used for the DES machine operation. this should be the same context that was
* used on the previous call of this session.
*
* @param[in] DataIn_ptr - The pointer to the buffer of the input data to the DES. The pointer does
* not need to be aligned.
*
* @param[in] DataInSize - The size of the input data in bytes: must be not 0 and must be multiple
* of 8 bytes.
*
* @param[in/out] DataOut_ptr - The pointer to the buffer of the output data from the DES. The pointer does not
* need to be aligned.
*
* @return CRYSError_t - On success CRYS_OK is returned, on failure a
* value MODULE_* crys_des_error.h
*/
CIMPORT_C CRYSError_t CRYS_DES_Block( CRYS_DESUserContext_t *ContextID_ptr,
DxUint8_t *DataIn_ptr,
DxUint32_t DataInSize,
DxUint8_t *DataOut_ptr )
{
int symRc = DX_RET_OK;
/* pointer on SEP DES context struct*/
struct sep_ctx_cipher *pDesContext;
/* if the users context ID pointer is DX_NULL return an error */
if( ContextID_ptr == DX_NULL ) {
return CRYS_DES_INVALID_USER_CONTEXT_POINTER_ERROR;
}
/* if the users Data In pointer is illegal return an error */
if( DataIn_ptr == DX_NULL ) {
return CRYS_DES_DATA_IN_POINTER_INVALID_ERROR;
}
/* if the users Data Out pointer is illegal return an error */
if( DataOut_ptr == DX_NULL ) {
return CRYS_DES_DATA_OUT_POINTER_INVALID_ERROR;
}
/* data size must be a positive number and a block size mult */
if (((DataInSize % CRYS_DES_BLOCK_SIZE_IN_BYTES) != 0) || (DataInSize == 0)) {
return CRYS_DES_DATA_SIZE_ILLEGAL;
}
/* check validity for priv */
if (DxCcAcl_IsBuffAccessOk(ACCESS_READ_WRITE, ContextID_ptr, sizeof(CRYS_DESUserContext_t))) {
return CRYS_DES_ILLEGAL_PARAMS_ERROR;
}
/* Get pointer to contiguous context in the HOST buffer */
pDesContext = (struct sep_ctx_cipher *)DX_GetUserCtxLocation(ContextID_ptr->buff);
symRc = SymDriverAdaptorProcess((struct sep_ctx_generic *)pDesContext,
DataIn_ptr, DataOut_ptr, DataInSize);
return DX_CRYS_RETURN_ERROR(symRc, 0, SymAdaptor2CrysDesErr);
}
CEXPORT_C CRYSError_t _DX_RSA_VerifyInit(CRYS_RSAPubUserContext_t *UserContext_ptr,
CRYS_RSAUserPubKey_t *UserPubKey_ptr,
CRYS_RSA_HASH_OpMode_t hashFunc,
CRYS_PKCS1_MGF_t MGF,
DxUint16_t SaltLen,
CRYS_PKCS1_version PKCS1_ver)
{
/* FUNCTION DECLERATIONS */
/* The return error identifier */
CRYSError_t Error;
/* This pointer is allocated in order to remove compiler alias problems */
void *tempWorkingctx_ptr;
/* defining a pointer to the active context allcated by the CCM */
RSAPubContext_t *ccmWorkingContext_ptr ;
/*Pointer to the public key for lengths checking*/
CRYSRSAPubKey_t *PubKey_ptr;
/*The size of the modulus for lengths checking*/
DxUint16_t ModulusSizeBytes;
/* FUNCTION LOGIC */
/* ............... local initializations .............................. */
/* -------------------------------------------------------------------- */
/* initializing the Error to O.K */
Error = CRYS_OK;
/* initialize the module size to cancel compilers warnings */
ModulusSizeBytes = 0;
/* ............... if not supported exit .............................. */
/* -------------------------------------------------------------------- */
RETURN_IF_RSA_UNSUPPORTED(UserContext_ptr , UserPubKey_ptr , hashFunc ,
MGF , SaltLen , PKCS1_ver, ccmWorkingContext_ptr ,
PubKey_ptr , ModulusSizeBytes , Error , Error ,
Error , Error , Error , Error , Error , Error ,
Error , Error , Error , Error , Error);
#ifndef CRYS_NO_HASH_SUPPORT
#ifndef CRYS_NO_PKI_SUPPORT
/* ............... checking the parameters validity ................... */
/* -------------------------------------------------------------------- */
/* if the users context ID pointer is DX_NULL return an error */
if( UserContext_ptr == DX_NULL )
return CRYS_RSA_INVALID_USER_CONTEXT_POINTER_ERROR;
/*if the private key object is DX_NULL return an error*/
if (UserPubKey_ptr == DX_NULL)
return CRYS_RSA_INVALID_PUB_KEY_STRUCT_POINTER_ERROR;
/* check if the hash operation mode is legal */
if( hashFunc >= CRYS_RSA_HASH_NumOfModes)
return CRYS_RSA_HASH_ILLEGAL_OPERATION_MODE_ERROR;
/* check if the MGF operation mode is legal */
if(MGF >= CRYS_RSA_NumOfMGFFunctions)
return CRYS_RSA_MGF_ILLEGAL_ARG_ERROR;
/* check that the PKCS1 version argument is legal*/
if(PKCS1_ver >= CRYS_RSA_NumOf_PKCS1_versions)
return CRYS_RSA_PKCS1_VER_ARG_ERROR;
/*According to the PKCS1 ver 2.1 standart it is not recommended to use MD5 hash
therefore we do not support it */
if(PKCS1_ver == CRYS_PKCS1_VER21 && hashFunc == CRYS_RSA_HASH_MD5_mode)
return CRYS_RSA_HASH_ILLEGAL_OPERATION_MODE_ERROR;
#ifndef DX_OEM_FW
if (DxCcAcl_IsBuffAccessOk(ACCESS_READ_WRITE, UserContext_ptr, sizeof(CRYS_RSAPubUserContext_t)) ||
DxCcAcl_IsBuffAccessOk(ACCESS_READ, UserPubKey_ptr, sizeof(CRYS_RSAUserPubKey_t))){
return CRYS_RSA_ILLEGAL_PARAMS_ACCORDING_TO_PRIV_ERROR;
}
#endif
/*If the validation tag is incorrect*/
if(UserPubKey_ptr->valid_tag != CRYS_RSA_PUB_KEY_VALIDATION_TAG)
return CRYS_RSA_PUB_KEY_VALIDATION_TAG_ERROR;
/*Checking if a check on salt length is needed*/
if(SaltLen != CRYS_RSA_VERIFY_SALT_LENGTH_UNKNOWN && PKCS1_ver == CRYS_PKCS1_VER21)
{
/*Initializing the Modulus Size in Bytes needed for SaltLength parameter check*/
PubKey_ptr = (CRYSRSAPubKey_t *)UserPubKey_ptr->PublicKeyDbBuff;
/*Note: the (-1) is due to the PKCS#1 Ver2.1 standard section 9.1.1*/
ModulusSizeBytes = (DxUint16_t)((PubKey_ptr->nSizeInBits -1) / 8);
if((PubKey_ptr->nSizeInBits -1) % 8)
ModulusSizeBytes++;
}
/* .................. initializing local variables ................... */
/* ------------------------------------------------------------------- */
/* ................. aquiring the RSA context ............................. */
/* ----------------------------------------------------------------------- */
/*Get the working context*/
Error = CRYS_CCM_GetContext( UserContext_ptr, /* the users context space - in */
&tempWorkingctx_ptr, /* the CCM context returned - out */
DX_RSA_VERIFY_CONTEXT, /* AES type - in */
AES_DONT_DECRYPT_CONTEXT); /* need to decrypt context in AES_block*/
if(Error != CRYS_OK )
return Error;
ccmWorkingContext_ptr = (RSAPubContext_t*)tempWorkingctx_ptr;
/*Reset the Context handler for improper previous values initialized*/
DX_VOS_MemSet(ccmWorkingContext_ptr,0,sizeof(RSAPubContext_t));
/* ................. loading the context .................................. */
/* ------------------------------------------------------------------------ */
/*Initializing the Hash operation mode in the RSA Context level*/
ccmWorkingContext_ptr->HashOperationMode = hashFunc;
switch(ccmWorkingContext_ptr->HashOperationMode)
{
case CRYS_RSA_HASH_MD5_mode :
ccmWorkingContext_ptr->HASH_Result_Size = CRYS_HASH_MD5_DIGEST_SIZE_IN_WORDS;
Error = CRYS_HASH_Init( ((CRYS_HASHUserContext_t *)((ccmWorkingContext_ptr->CRYSPKAHashCtxBuff))),
CRYS_HASH_MD5_mode); /*The MD5 mode according to the Hash level enum*/
if(Error != CRYS_OK)
goto END_WITH_ERROR;
break;
case CRYS_RSA_HASH_SHA1_mode:
ccmWorkingContext_ptr->HASH_Result_Size = CRYS_HASH_SHA1_DIGEST_SIZE_IN_WORDS;
Error = CRYS_HASH_Init( ((CRYS_HASHUserContext_t *)(ccmWorkingContext_ptr->CRYSPKAHashCtxBuff)) ,
CRYS_HASH_SHA1_mode); /*The SHA1 mode according to the Hash level enum*/
if(Error != CRYS_OK)
goto END_WITH_ERROR;
break;
case CRYS_RSA_HASH_SHA224_mode:
ccmWorkingContext_ptr->HASH_Result_Size = CRYS_HASH_SHA224_DIGEST_SIZE_IN_WORDS;
Error = CRYS_HASH_Init( ((CRYS_HASHUserContext_t *)(ccmWorkingContext_ptr->CRYSPKAHashCtxBuff)),
CRYS_HASH_SHA224_mode); /*The SHA224 mode according to the Hash level enum*/
if(Error != CRYS_OK)
goto END_WITH_ERROR;
break;
case CRYS_RSA_HASH_SHA256_mode:
ccmWorkingContext_ptr->HASH_Result_Size = CRYS_HASH_SHA256_DIGEST_SIZE_IN_WORDS;
Error = CRYS_HASH_Init( ((CRYS_HASHUserContext_t *)(ccmWorkingContext_ptr->CRYSPKAHashCtxBuff)),
CRYS_HASH_SHA256_mode); /*The SHA256 mode according to the Hash level enum*/
if(Error != CRYS_OK)
goto END_WITH_ERROR;
break;
case CRYS_RSA_HASH_SHA384_mode:
ccmWorkingContext_ptr->HASH_Result_Size = CRYS_HASH_SHA384_DIGEST_SIZE_IN_WORDS;
Error = CRYS_HASH_Init(((CRYS_HASHUserContext_t *)(ccmWorkingContext_ptr->CRYSPKAHashCtxBuff)),
CRYS_HASH_SHA384_mode); /*The SHA384 mode according to the Hash level enum*/
if(Error != CRYS_OK)
goto END_WITH_ERROR;
break;
case CRYS_RSA_HASH_SHA512_mode:
ccmWorkingContext_ptr->HASH_Result_Size = CRYS_HASH_SHA512_DIGEST_SIZE_IN_WORDS;
Error = CRYS_HASH_Init(((CRYS_HASHUserContext_t *)(ccmWorkingContext_ptr->CRYSPKAHashCtxBuff)),
CRYS_HASH_SHA512_mode); /*The SHA512 mode according to the Hash level enum*/
if(Error != CRYS_OK)
goto END_WITH_ERROR;
break;
case CRYS_RSA_After_MD5_mode: /*For PKCS1 v1.5 when the data in is already hashed with MD5*/
ccmWorkingContext_ptr->HASH_Result_Size = CRYS_HASH_MD5_DIGEST_SIZE_IN_WORDS;
break;
case CRYS_RSA_After_SHA1_mode: /*For PKCS1 v1.5 when the data in is already hashed with SHA1*/
ccmWorkingContext_ptr->HASH_Result_Size = CRYS_HASH_SHA1_DIGEST_SIZE_IN_WORDS;
break;
case CRYS_RSA_After_SHA224_mode: /*For PKCS1 v1.5 when the data in is already hashed with SHA224*/
ccmWorkingContext_ptr->HASH_Result_Size = CRYS_HASH_SHA224_DIGEST_SIZE_IN_WORDS;
break;
case CRYS_RSA_After_SHA256_mode: /*For PKCS1 v1.5 when the data in is already hashed with SHA256*/
ccmWorkingContext_ptr->HASH_Result_Size = CRYS_HASH_SHA256_DIGEST_SIZE_IN_WORDS;
break;
case CRYS_RSA_After_SHA384_mode: /*For PKCS1 v1.5 when the data in is already hashed with SHA384*/
ccmWorkingContext_ptr->HASH_Result_Size = CRYS_HASH_SHA384_DIGEST_SIZE_IN_WORDS;
break;
case CRYS_RSA_After_SHA512_mode: /*For PKCS1 v1.5 when the data in is already hashed with SHA512*/
ccmWorkingContext_ptr->HASH_Result_Size = CRYS_HASH_SHA512_DIGEST_SIZE_IN_WORDS;
break;
case CRYS_RSA_HASH_NO_HASH_mode: /*Used for PKCS1 v1.5 Encrypt and Decrypt - not relevant in Sign-Verify*/
break; /*do nothing*/
case CRYS_RSA_After_HASH_NOT_KNOWN_mode : /*used for PKCS1 v1.5 Verify only - possible to derive the hash mode from the signature*/
if( PKCS1_ver == CRYS_PKCS1_VER21)
{
Error = CRYS_RSA_HASH_ILLEGAL_OPERATION_MODE_ERROR;
goto END_WITH_ERROR;
}
break; /*do nothing*/
default:
Error = CRYS_RSA_HASH_ILLEGAL_OPERATION_MODE_ERROR;
goto END_WITH_ERROR;
}
switch(PKCS1_ver)
{
case CRYS_PKCS1_VER15:
ccmWorkingContext_ptr->PKCS1_Version=CRYS_PKCS1_VER15;
break;
case CRYS_PKCS1_VER21:
ccmWorkingContext_ptr->PKCS1_Version=CRYS_PKCS1_VER21;
/*Checking restriction of Salt Length ; Hash output size and the mosulus*/
if(SaltLen != CRYS_RSA_VERIFY_SALT_LENGTH_UNKNOWN &&
ModulusSizeBytes < (DxUint32_t)(ccmWorkingContext_ptr->HASH_Result_Size*4 + SaltLen + 2))
{
Error = CRYS_RSA_PSS_ENCODING_MODULUS_HASH_SALT_LENGTHS_ERROR;
goto END_WITH_ERROR;
}
break;
default:
Error = CRYS_RSA_PKCS1_VER_ARG_ERROR;
goto END_WITH_ERROR;
}
switch(MGF)
{
case CRYS_PKCS1_MGF1:
case CRYS_PKCS1_NO_MGF:
ccmWorkingContext_ptr->MGF_2use = MGF;
break;
default:
Error = CRYS_RSA_MGF_ILLEGAL_ARG_ERROR;
goto END_WITH_ERROR;
}
/*Copying the RSA Pub key argument to the context*/
DX_VOS_FastMemCpy((DxUint8_t *)&ccmWorkingContext_ptr->PubUserKey,(DxUint8_t *)UserPubKey_ptr,sizeof(CRYS_RSAUserPubKey_t));
/*Initial the Salt random length relevant for PKCS#1 Ver2.1*/
ccmWorkingContext_ptr->SaltLen = SaltLen;
/* Initialize the size of the modulus */
ccmWorkingContext_ptr->nSizeInBytes = (((CRYSRSAPubKey_t*)UserPubKey_ptr->PublicKeyDbBuff)->nSizeInBits+7)/8;
/* set the RSA tag to the users context */
UserContext_ptr->valid_tag = CRYS_RSA_VERIFY_CONTEXT_VALIDATION_TAG;
goto END;
END:
/* ................. release the context ................................. */
/* ----------------------------------------------------------------------- */
Error = CRYS_CCM_ReleaseContext(UserContext_ptr, /* the users context space - in */
ccmWorkingContext_ptr, /* the CCM context returned - in */
DX_RSA_VERIFY_CONTEXT); /* RSA type - in */
return Error;
END_WITH_ERROR:
/* ................. release the context ................................. */
/* ----------------------------------------------------------------------- */
{
CRYSError_t Error1 = CRYS_CCM_ReleaseContext(UserContext_ptr, /* the users context space - in */
ccmWorkingContext_ptr, /* the CCM context returned - in */
DX_RSA_VERIFY_CONTEXT); /* RSA type - in */
if(Error1 != CRYS_OK)
{
PLAT_LOG_DEV_PRINT(( 10 ," \n Error1 from CRYS_CCM_ReleaseContext is %lX \n" ,Error1));
}
}
/* .............. clearing the users context in case of error.......... */
/* -------------------------------------------------------------------- */
DX_VOS_MemSet(UserContext_ptr,0,sizeof(CRYS_RSAPubUserContext_t));
return Error;
#endif /* !CRYS_NO_HASH_SUPPORT */
#endif /* !CRYS_NO_PKI_SUPPORT */
}/* END OF _DX_RSA_VerifyInit */
/*!\brief Builds (imports) the user private key structure from an existing
private key so that this structure can be used by other EC
primitives.
When operating the EC cryptographic operations with existing and saved
EC private keys, this function should be called first.
The function performs the following operations:
- Checks validity of incoming variables and pointers.
- Checks, that 0 < PrivKey < r (r - EC generator order).
- Converts incoming key data from big endian into little endian form.
- Initializes variables and structures.
@param[in] DomainID The enumerator variable defines current EC domain.
@param[in] PrivKeyIn_ptr Pointer to private key data.
@param[in] PrivKeySizeInBytes Size of private key data in bytes. Must be great than null and
less or equall to EC OrderSizeInBytes.
@param[out] UserPrivKey_ptr Pointer to the private key structure.
This structure is used as input to the ECPKI
cryptographic primitives.
@return CRYSError_t:
CRYS_OK
CRYS_ECPKI_BUILD_KEY_INVALID_PRIV_KEY_IN_PTR_ERROR
CRYS_ECPKI_BUILD_KEY_INVALID_USER_PRIV_KEY_PTR_ERROR
CRYS_ECPKI_BUILD_KEY_ILLEGAL_DOMAIN_ID_ERROR
*/
CEXPORT_C CRYSError_t CRYS_ECPKI_BuildPrivKey(
CRYS_ECPKI_DomainID_t DomainID, /*in */
DxUint8_t *PrivKeyIn_ptr, /*in*/
DxUint32_t PrivKeySizeInBytes,/*in*/
CRYS_ECPKI_UserPrivKey_t *UserPrivKey_ptr /*out*/ )
{
/* FUNCTION DECLARATIONS */
/* the private key structure pointer */
CRYS_ECPKI_PrivKey_t *PrivKey_ptr;
/* EC domain info structure and parameters */
CRYS_ECPKI_DomainInfo_t DomainInfo;
DxUint32_t OrderSizeInBytes;
/* the Error return code identifier */
CRYSError_t Error;
/* FUNCTION LOGIC */
/* ............... if not supported exit .............................. */
/* -------------------------------------------------------------------- */
RETURN_IF_ECPKI_UNSUPPORTED( DomainID , PrivKeyIn_ptr , PrivKeySizeInBytes ,
UserPrivKey_ptr , PrivKey_ptr , DomainInfo.EC_ModulusSizeInBits ,
OrderSizeInBytes ,Error , Error , Error , Error , Error , Error , Error ,
Error , Error , Error , Error , Error , Error , Error ,Error );
#ifndef CRYS_NO_ECPKI_SUPPORT
/* Error initialization */
Error = CRYS_OK;
/* ................. checking the validity of the pointer arguments ....... */
/* ------------------------------------------------------------------------ */
/* ...... checking the key database handle pointer .................... */
if( PrivKeyIn_ptr == DX_NULL )
return CRYS_ECPKI_BUILD_KEY_INVALID_PRIV_KEY_IN_PTR_ERROR;
/* ...... checking the validity of the User Private Key pointer ........... */
if( UserPrivKey_ptr == DX_NULL )
return CRYS_ECPKI_BUILD_KEY_INVALID_USER_PRIV_KEY_PTR_ERROR;
/* ...... checking the EC domain ID.................... */
if( DomainID >= CRYS_ECPKI_DomainID_OffMode )
return CRYS_ECPKI_BUILD_KEY_ILLEGAL_DOMAIN_ID_ERROR;
if(DxCcAcl_IsBuffAccessOk(ACCESS_READ, PrivKeyIn_ptr, PrivKeySizeInBytes) ||
DxCcAcl_IsBuffAccessOk(ACCESS_READ_WRITE, UserPrivKey_ptr, sizeof(CRYS_ECPKI_UserPrivKey_t))){
return CRYS_ECC_ILLEGAL_PARAMS_ACCORDING_TO_PRIV_ERROR;
}
/* Get EC Domain information from LLF level */
Error = LLF_ECPKI_GetDomainInfo(DomainID, &DomainInfo);
if( Error != CRYS_OK )
goto End;
/* EC order size in bytes */
OrderSizeInBytes = (DomainInfo.EC_OrderSizeInBits + 7) / 8;
if( PrivKeySizeInBytes == 0 || PrivKeySizeInBytes > OrderSizeInBytes)
return CRYS_ECPKI_BUILD_KEY_INVALID_PRIV_KEY_SIZE_ERROR;
/**************** FUNCTION LOGIC **************************************/
/* ...... copy the buffers to the key handle structure ................ */
/* -------------------------------------------------------------------- */
/* setting the pointer to the key database */
PrivKey_ptr = (CRYS_ECPKI_PrivKey_t *)((void*)UserPrivKey_ptr->PrivKeyDbBuff);
/* clear the private key db */
DX_VOS_MemSet(PrivKey_ptr , 0 , sizeof(CRYS_ECPKI_PrivKey_t));
/* loading the private key db to little endian and domain ID */
Error = CRYS_COMMON_ConvertMsbLsbBytesToLswMswWords(
PrivKey_ptr->PrivKey, sizeof(PrivKey_ptr->PrivKey),
PrivKeyIn_ptr, PrivKeySizeInBytes);
if(Error != CRYS_OK)
return Error;
PrivKey_ptr->DomainID = DomainID;
/* partly check the validity of the private key */
Error = LLF_ECPKI_CheckPrivKeySize(DomainID, PrivKey_ptr->PrivKey, PrivKeySizeInBytes );
if( Error != CRYS_OK )
goto End;
/* initialize LLF private key database */
Error = LLF_ECPKI_InitPrivKeyDb( PrivKey_ptr);
if( Error != CRYS_OK )
goto End;
/* ................. end of the function ................................. */
/* ----------------------------------------------------------------------- */
End:
/* if the created structure is not valid - clear it */
if( Error != CRYS_OK )
{
DX_VOS_MemSet( UserPrivKey_ptr , 0 , sizeof(CRYS_ECPKI_UserPrivKey_t) );
return Error;
}
/* ................ set the private key validation tag ................... */
UserPrivKey_ptr->valid_tag = CRYS_ECPKI_PRIV_KEY_VALIDATION_TAG;
return Error;
#endif /* !CRYS_NO_ECPKI_SUPPORT */
} /* End of CRYS_ECPKI_BuildPrivKey() */
/******************************************************************************************
@brief CRYS_RSA_Build_PrivKeyCRT populates a CRYSRSAPrivKey_t structure with
the provided parameters, marking the key as a "CRT" key.
Note: The "First" factor P must be great, than the "Second" factor Q.
@param[out] UserPrivKey_ptr - A pointer to the public key structure.
This structure is used as input to the CRYS_RSA_PRIM_Decrypt API.
@param[in] P_ptr - A pointer to the first factor stream of bytes (Big-Endian format)
@param[in] PSize - The size of the first factor, in bytes.
@param[in] Q_ptr - A pointer to the second factor stream of bytes (Big-Endian format)
@param[in] QSize - The size of the second factor, in bytes.
@param[in] dP_ptr - A pointer to the first factor's CRT exponent stream of bytes (Big-Endian format)
@param[in] dPSize - The size of the first factor's CRT exponent, in bytes.
@param[in] dQ_ptr - A pointer to the second factor's CRT exponent stream of bytes (Big-Endian format)
@param[in] dQSize - The size of the second factor's CRT exponent, in bytes.
@param[in] qInv_ptr - A pointer to the first CRT coefficient stream of bytes (Big-Endian format)
@param[in] qInvSize - The size of the first CRT coefficient, in bytes.
*/
CEXPORT_C CRYSError_t CRYS_RSA_Build_PrivKeyCRT(
CRYS_RSAUserPrivKey_t *UserPrivKey_ptr,
DxUint8_t *P_ptr,
DxUint16_t PSize,
DxUint8_t *Q_ptr,
DxUint16_t QSize,
DxUint8_t *dP_ptr,
DxUint16_t dPSize,
DxUint8_t *dQ_ptr,
DxUint16_t dQSize,
DxUint8_t *qInv_ptr,
DxUint16_t qInvSize)
{
/* FUNCTION DECLARATIONS */
/* the counter compare result */
CRYS_COMMON_CmpCounter_t CounterCmpResult;
/* the effective size in bits of the modulus factors buffer */
DxUint32_t P_EffectiveSizeInBits;
DxUint32_t Q_EffectiveSizeInBits;
DxUint32_t dP_EffectiveSizeInBits;
DxUint32_t dQ_EffectiveSizeInBits;
DxUint32_t qInv_EffectiveSizeInBits;
DxUint32_t ModulusEffectiveSizeInBits;
/* the private key database pointer */
CRYSRSAPrivKey_t *PrivKey_ptr;
/* Max Size of buffers in CRT Key structure */
DxUint32_t buffSizeBytes = 4*((PSize + 3)/4) + 4;
/* the Error return code identifier */
CRYSError_t Error = CRYS_OK;
/* FUNCTION LOGIC */
/* ............... if not supported exit .............................. */
/* -------------------------------------------------------------------- */
RETURN_IF_RSA_UNSUPPORTED( UserPrivKey_ptr, P_ptr, PSize, Q_ptr, QSize, dP_ptr,
dPSize, dQ_ptr, dQSize, qInv_ptr, qInvSize, qInv_ptr, qInvSize,
CounterCmpResult, P_EffectiveSizeInBits, Q_EffectiveSizeInBits,
dP_EffectiveSizeInBits, dQ_EffectiveSizeInBits, qInv_EffectiveSizeInBits,
ModulusEffectiveSizeInBits, PrivKey_ptr, Error );
#ifndef CRYS_NO_HASH_SUPPORT
#ifndef CRYS_NO_PKI_SUPPORT
/* ................. checking the validity of the pointer arguments ....... */
/* ------------------------------------------------------------------------ */
/* ...... checking the key database handle pointer .................... */
if(UserPrivKey_ptr == DX_NULL)
return CRYS_RSA_INVALID_PRIV_KEY_STRUCT_POINTER_ERROR;
/* checking the first factor pointer validity */
if(P_ptr == DX_NULL)
return CRYS_RSA_INVALID_CRT_FIRST_FACTOR_POINTER_ERROR;
/* checking the second factor pointer validity */
if(Q_ptr == DX_NULL)
return CRYS_RSA_INVALID_CRT_SECOND_FACTOR_POINTER_ERROR;
/* checking the first factor exponent pointer validity */
if(dP_ptr == DX_NULL)
return CRYS_RSA_INVALID_CRT_FIRST_FACTOR_EXP_PTR_ERROR;
/* checking the second factor exponent pointer validity */
if(dQ_ptr == DX_NULL)
return CRYS_RSA_INVALID_CRT_SECOND_FACTOR_EXP_PTR_ERROR;
/* checking the CRT coefficient */
if(qInv_ptr == DX_NULL)
return CRYS_RSA_INVALID_CRT_COEFFICIENT_PTR_ERROR;
/* checking the input sizes */
if(dPSize > PSize ||
dQSize > QSize ||
qInvSize > PSize){
return CRYS_RSA_INVALID_CRT_PARAMETR_SIZE_ERROR;
}
#ifndef DX_OEM_FW
if (DxCcAcl_IsBuffAccessOk(ACCESS_READ_WRITE, UserPrivKey_ptr, sizeof(CRYS_RSAUserPrivKey_t)) ||
DxCcAcl_IsBuffAccessOk(ACCESS_READ, P_ptr, PSize) ||
DxCcAcl_IsBuffAccessOk(ACCESS_READ, Q_ptr, QSize) ||
DxCcAcl_IsBuffAccessOk(ACCESS_READ, dP_ptr, dPSize) ||
DxCcAcl_IsBuffAccessOk(ACCESS_READ, dQ_ptr, dQSize) ||
DxCcAcl_IsBuffAccessOk(ACCESS_READ, qInv_ptr, qInvSize)){
return CRYS_RSA_ILLEGAL_PARAMS_ACCORDING_TO_PRIV_ERROR;
}
#endif
/* verifying the first factor exponent is less then the first factor */
CounterCmpResult =
CRYS_COMMON_CmpMsbUnsignedCounters(dP_ptr, dPSize, P_ptr, PSize);
if(CounterCmpResult != CRYS_COMMON_CmpCounter2GraterThenCounter1){
Error = CRYS_RSA_INVALID_CRT_FIRST_FACTOR_EXPONENT_VAL;
goto End;
}
/* verifying the second factor exponent is less then the second factor */
CounterCmpResult =
CRYS_COMMON_CmpMsbUnsignedCounters(dQ_ptr, dQSize, Q_ptr, QSize);
if(CounterCmpResult != CRYS_COMMON_CmpCounter2GraterThenCounter1){
Error = CRYS_RSA_INVALID_CRT_SECOND_FACTOR_EXPONENT_VAL;
goto End;
}
/* verifying the CRT coefficient is less then the first factor */
CounterCmpResult =
CRYS_COMMON_CmpMsbUnsignedCounters(qInv_ptr, qInvSize, P_ptr, PSize);
if(CounterCmpResult != CRYS_COMMON_CmpCounter2GraterThenCounter1){
Error = CRYS_RSA_INVALID_CRT_COEFF_VAL;
goto End;
}
/* .................. copy the buffers to the key handle structure .... */
/* -------------------------------------------------------------------- */
/* setting the pointer to the key database */
PrivKey_ptr = (CRYSRSAPrivKey_t*)UserPrivKey_ptr->PrivateKeyDbBuff;
/* clear the private key db */
DX_VOS_MemSet(PrivKey_ptr, 0, sizeof(CRYSRSAPrivKey_t));
/* load the buffers to the data base */
Error = CRYS_COMMON_ConvertMsbLsbBytesToLswMswWords(PrivKey_ptr->PriveKeyDb.Crt.P, buffSizeBytes, P_ptr, PSize);
if(Error)
return Error;
Error = CRYS_COMMON_ConvertMsbLsbBytesToLswMswWords(PrivKey_ptr->PriveKeyDb.Crt.Q, buffSizeBytes, Q_ptr, QSize);
if(Error)
return Error;
Error = CRYS_COMMON_ConvertMsbLsbBytesToLswMswWords(PrivKey_ptr->PriveKeyDb.Crt.dP, buffSizeBytes, dP_ptr, dPSize);
if(Error)
return Error;
Error = CRYS_COMMON_ConvertMsbLsbBytesToLswMswWords(PrivKey_ptr->PriveKeyDb.Crt.dQ, buffSizeBytes, dQ_ptr, dQSize);
if(Error)
return Error;
Error = CRYS_COMMON_ConvertMsbLsbBytesToLswMswWords(PrivKey_ptr->PriveKeyDb.Crt.qInv, buffSizeBytes, qInv_ptr, qInvSize);
if(Error)
return Error;
/* ............... initialize local variables ......................... */
/* -------------------------------------------------------------------- */
/* initializing the effective counters size in bits */
P_EffectiveSizeInBits =
CRYS_COMMON_GetWordsCounterEffectiveSizeInBits(PrivKey_ptr->PriveKeyDb.Crt.P, (PSize+3)/4);
Q_EffectiveSizeInBits =
CRYS_COMMON_GetWordsCounterEffectiveSizeInBits(PrivKey_ptr->PriveKeyDb.Crt.Q, (QSize+3)/4);
dP_EffectiveSizeInBits =
CRYS_COMMON_GetWordsCounterEffectiveSizeInBits(PrivKey_ptr->PriveKeyDb.Crt.dP, (dPSize+3)/4);
dQ_EffectiveSizeInBits =
CRYS_COMMON_GetWordsCounterEffectiveSizeInBits(PrivKey_ptr->PriveKeyDb.Crt.dQ, (dQSize+3)/4);
qInv_EffectiveSizeInBits =
CRYS_COMMON_GetWordsCounterEffectiveSizeInBits(PrivKey_ptr->PriveKeyDb.Crt.qInv, (qInvSize+3)/4);
/* the first factor size is not 0 in bits */
if(P_EffectiveSizeInBits == 0){
Error = CRYS_RSA_INVALID_CRT_FIRST_FACTOR_SIZE;
goto End;
}
/* the second factor size is not 0 in bits */
if(Q_EffectiveSizeInBits == 0){
Error = CRYS_RSA_INVALID_CRT_SECOND_FACTOR_SIZE;
goto End;
}
/* checking that sizes of dP, dQ, qInv > 0 */
if(dP_EffectiveSizeInBits == 0 || dQ_EffectiveSizeInBits == 0 || qInv_EffectiveSizeInBits == 0){
Error = CRYS_RSA_INVALID_CRT_PARAMETR_SIZE_ERROR;
goto End;
}
/* ............... calculate the modulus N ........................... */
/* -------------------------------------------------------------------- */
Error = LLF_PKI_RSA_CallRMul(PrivKey_ptr->PriveKeyDb.Crt.P, P_EffectiveSizeInBits,
PrivKey_ptr->PriveKeyDb.Crt.Q, PrivKey_ptr->n);
if(Error)
goto End;
ModulusEffectiveSizeInBits =
CRYS_COMMON_GetWordsCounterEffectiveSizeInBits(PrivKey_ptr->n, (2*P_EffectiveSizeInBits+31)/32);
/* .................. checking the validity of the counters ............... */
/* ------------------------------------------------------------------------ */
/* the size of the modulus */
if(( ModulusEffectiveSizeInBits < CRYS_RSA_MIN_VALID_KEY_SIZE_VALUE_IN_BITS) ||
( ModulusEffectiveSizeInBits > CRYS_RSA_MAX_VALID_KEY_SIZE_VALUE_IN_BITS) ||
( ModulusEffectiveSizeInBits % CRYS_RSA_VALID_KEY_SIZE_MULTIPLE_VALUE_IN_BITS)){
Error = CRYS_RSA_INVALID_MODULUS_SIZE;
goto End;
}
if((P_EffectiveSizeInBits + Q_EffectiveSizeInBits != ModulusEffectiveSizeInBits) &&
(P_EffectiveSizeInBits + Q_EffectiveSizeInBits != ModulusEffectiveSizeInBits - 1)){
Error = CRYS_RSA_INVALID_CRT_FIRST_AND_SECOND_FACTOR_SIZE;
goto End;
}
/* ................. building the structure ............................. */
/* ---------------------------------------------------------------------- */
/* set the mode to CRT mode */
PrivKey_ptr->OperationMode = CRYS_RSA_Crt;
/* set the key source as external */
PrivKey_ptr->KeySource = CRYS_RSA_ExternalKey;
/* loading to structure the buffer sizes... */
PrivKey_ptr->PriveKeyDb.Crt.PSizeInBits = P_EffectiveSizeInBits;
PrivKey_ptr->PriveKeyDb.Crt.QSizeInBits = Q_EffectiveSizeInBits;
PrivKey_ptr->PriveKeyDb.Crt.dPSizeInBits = dP_EffectiveSizeInBits;
PrivKey_ptr->PriveKeyDb.Crt.dQSizeInBits = dQ_EffectiveSizeInBits;
PrivKey_ptr->PriveKeyDb.Crt.qInvSizeInBits = qInv_EffectiveSizeInBits;
PrivKey_ptr->nSizeInBits = ModulusEffectiveSizeInBits;
/* ................ initialize the low level data .............. */
Error = LLF_PKI_RSA_InitPrivKeyDb(PrivKey_ptr);
if( Error != CRYS_OK )
goto End;
/* ................ set the tag ................ */
UserPrivKey_ptr->valid_tag = CRYS_RSA_PRIV_KEY_VALIDATION_TAG;
/* ................. end of the function .................................. */
/* ------------------------------------------------------------------------ */
End:
/* if the structure created is not valid - clear it */
if(Error)
DX_VOS_MemSet(UserPrivKey_ptr, 0, sizeof(CRYS_RSAUserPrivKey_t));
return Error;
#endif /* !CRYS_NO_HASH_SUPPORT */
#endif /* !CRYS_NO_PKI_SUPPORT */
}/* END OF CRYS_RSA_Build_PrivKeyCRT */
/******************************************************************************************
@brief The CRYS_RSA_Build_ConvertPrivKeyToCRT function convert the non CRT private
key to CRT private Key and initializes appropriate fields of input -
output structure provided by pointer UserPrivKey_ptr.
All input and output data is in little endian representation.
@param[in,out] UserPrivKey_ptr - A pointer to the user private key structure. The key must
be in non CRT mode. This structure is used as input to the
CRYS_RSA_PRIM_Encrypt API.
@param[in] Buffers_ptr - A pointer to the structure containing temporary buffers used by LLF functions
called by this function. Size of buffer: 5 + 36 = 41 maximum modulus sizes.
NOTE: All members of input UserPrivKey structure must be initialized, including public key
e-pointer and it size.
*/
CEXPORT_C CRYSError_t CRYS_RSA_Build_ConvertPrivKeyToCRT(CRYS_RSAUserPrivKey_t *UserPrivKey_ptr,
CRYS_RSAConvertKeyToCrtBuffers_t *Buffers_ptr)
{
/******** FUNCTION DECLARATIONS **********/
/* the pointers to the non CRT private key members: modulus n, private key d, public key e */
DxUint32_t *n_ptr;
DxUint32_t *e_ptr;
/* the modulus effective size in bits and in bytes */
DxUint32_t nSizeInBits;
DxUint32_t nSizeInBytes;
/* the effective size in bits of the private and public key exp */
DxUint32_t dSizeInBits;
DxUint32_t eSizeInBits;
/* the private key database pointer */
CRYSRSAPrivKey_t *PrivKey_ptr;
/* the private non CRT key structure pointer (union with CRT key) */
CRYSRSAPrivNonCRTKey_t *PrivNonCRTKey_ptr;
/* the private CRT key structure pointer (union with non CRT key) */
CRYSRSAPrivCRTKey_t *PrivCRTKey_ptr;
/* the Error return code identifier */
CRYSError_t Error = CRYS_OK;
/************* FUNCTION LOGIC ************************/
/* ............... If not supported exit .............................. */
RETURN_IF_RSA_UNSUPPORTED( UserPrivKey_ptr, Buffers_ptr, n_ptr, e_ptr,
nSizeInBits, nSizeInBytes, dSizeInBits, eSizeInBits,
PrivKey_ptr, PrivNonCRTKey_ptr, PrivCRTKey_ptr,
CounterCmpResult, Error, Error, Error, Error,
Error, Error, Error, Error, Error, Error );
#ifndef CRYS_NO_HASH_SUPPORT
#ifndef CRYS_NO_PKI_SUPPORT
/* ...... Checking the validity of the pointer arguments ........... */
/* Checking the key database handle pointer */
if(UserPrivKey_ptr == DX_NULL)
return CRYS_RSA_INVALID_PRIV_KEY_STRUCT_POINTER_ERROR;
/* If the users TAG is illegal return an error - the context is invalid */
if(UserPrivKey_ptr->valid_tag != CRYS_RSA_PRIV_KEY_VALIDATION_TAG)
return CRYS_RSA_PRIV_KEY_VALIDATION_TAG_ERROR;
/* Checking the temp buffers pointer validity */
if(Buffers_ptr == DX_NULL)
return CRYS_RSA_CONV_TO_CRT_INVALID_TEMP_BUFF_POINTER_ERROR;
#ifndef DX_OEM_FW
if(DxCcAcl_IsBuffAccessOk(ACCESS_READ, UserPrivKey_ptr, sizeof(CRYS_RSAUserPrivKey_t)) ||
DxCcAcl_IsBuffAccessOk(ACCESS_READ_WRITE, Buffers_ptr, sizeof(CRYS_RSAConvertKeyToCrtBuffers_t))){
return CRYS_RSA_ILLEGAL_PARAMS_ACCORDING_TO_PRIV_ERROR;
}
#endif
/***** Initialization of pointers and variables *********/
/* The pointer to the key database */
PrivKey_ptr = ( CRYSRSAPrivKey_t *)UserPrivKey_ptr->PrivateKeyDbBuff;
/* The private non CRT key structure pointer (union with CRT key) */
PrivNonCRTKey_ptr = (CRYSRSAPrivNonCRTKey_t *)&PrivKey_ptr->PriveKeyDb;
/* The private CRT key structure pointer (union with non CRT key) */
PrivCRTKey_ptr = (CRYSRSAPrivCRTKey_t *)&PrivKey_ptr->PriveKeyDb;
/* The pointers to modulus, private key and public key exponents */
n_ptr = PrivKey_ptr->n;
e_ptr = PrivKey_ptr->PriveKeyDb.NonCrt.e;
/* The modulus size in bits and in bytes */
nSizeInBits = PrivKey_ptr->nSizeInBits;
nSizeInBytes = (nSizeInBits + 7) / 8;
/* The private key and public key exponents size in bits */
dSizeInBits = PrivKey_ptr->PriveKeyDb.NonCrt.dSizeInBits;
eSizeInBits = PrivKey_ptr->PriveKeyDb.NonCrt.eSizeInBits;
/***************** Additional checking *****************************/
/* check the key operation mode and public key size */
if(PrivKey_ptr->OperationMode != CRYS_RSA_NoCrt)
return CRYS_RSA_WRONG_PRIVATE_KEY_TYPE;
if(e_ptr == DX_NULL)
return CRYS_RSA_INVALID_EXPONENT_POINTER_ERROR;
if(n_ptr == DX_NULL)
return CRYS_RSA_INVALID_MODULUS_POINTER_ERROR;
if(PrivNonCRTKey_ptr->eSizeInBits == 0)
return CRYS_RSA_INVALID_EXPONENT_SIZE;
/* check the size of the modulus */
if(( nSizeInBits < CRYS_RSA_MIN_VALID_KEY_SIZE_VALUE_IN_BITS ) ||
( nSizeInBits > CRYS_RSA_MAX_VALID_KEY_SIZE_VALUE_IN_BITS ) ||
( nSizeInBits % CRYS_RSA_VALID_KEY_SIZE_MULTIPLE_VALUE_IN_BITS))
return CRYS_RSA_INVALID_MODULUS_SIZE;
/* verifying that the modulus is odd */
if((n_ptr[0] & 1UL) == 0)
return CRYS_RSA_MODULUS_EVEN_ERROR;
/******* Call LLF function for converting private key to CRT mode ******/
Error = LLF_PKI_RSA_ConvertPrivKeyToCRT(
PrivNonCRTKey_ptr,
n_ptr, nSizeInBits,
PrivCRTKey_ptr,
Buffers_ptr);
/************* Building the private CRT key structure ************/
if( Error == CRYS_OK )
{
/* Calculating the effective sizes of CRT private key members (in bits) */
PrivCRTKey_ptr->PSizeInBits =
CRYS_COMMON_GetWordsCounterEffectiveSizeInBits(PrivCRTKey_ptr->P, (DxUint16_t)(nSizeInBytes+3)/4);
PrivCRTKey_ptr->QSizeInBits =
CRYS_COMMON_GetWordsCounterEffectiveSizeInBits(PrivCRTKey_ptr->Q, (DxUint16_t)(nSizeInBytes+3)/4);
PrivCRTKey_ptr->dPSizeInBits =
CRYS_COMMON_GetWordsCounterEffectiveSizeInBits(PrivCRTKey_ptr->dP, (DxUint16_t)(nSizeInBytes+3)/4);
PrivCRTKey_ptr->dQSizeInBits =
CRYS_COMMON_GetWordsCounterEffectiveSizeInBits(PrivCRTKey_ptr->dQ, (DxUint16_t)(nSizeInBytes+3)/4);
PrivCRTKey_ptr->qInvSizeInBits =
CRYS_COMMON_GetWordsCounterEffectiveSizeInBits(PrivCRTKey_ptr->qInv, (DxUint16_t)(nSizeInBytes+3)/4);
/* set the mode to CRT mode */
PrivKey_ptr->OperationMode = CRYS_RSA_Crt;
/* set the key source as external */
PrivKey_ptr->KeySource = CRYS_RSA_ExternalKey;
}
/* Delete private information from temporary buffers */
DX_VOS_MemSetZero((DxUint8_t *)Buffers_ptr, sizeof(CRYS_RSAConvertKeyToCrtBuffers_t));
return Error;
#endif /* !CRYS_NO_HASH_SUPPORT */
#endif /* !CRYS_NO_PKI_SUPPORT */
} /* end of CRYS_RSA_Build_ConvertPrivKeyToCRT() */
/**
* @brief CRYS_RSA_Build_PubKey populates a CRYSRSAPubKey_t structure with
* the provided modulus and exponent.
*
* Assumption : the modulus and the exponent are presented in big endian.
*
* @param[out] PubKey_ptr - a pointer to the public key structure. This structure will be
* used as an input to the CRYS_RSA_PRIM_Encrypt API.
*
* @param[in] Exponent_ptr - a pointer to the exponent stream of bytes ( Big endian ).
* @param[in] ExponentSize - The size of the exponent in bytes.
* @param[in] Modulus_ptr - a pointer to the modulus stream of bytes ( Big endian ) the MS
* bit must be set to '1'.
* @param[in] ModulusSize - The size of the modulus in bytes. Sizes supported according to
* used platform from 64 to 256 bytes and in some platforms up to 512 bytes.
*
* @return CRYSError_t - On success CRYS_OK is returned, on failure a
* value MODULE_* as defined in .
*/
CEXPORT_C CRYSError_t CRYS_RSA_Build_PubKey(
CRYS_RSAUserPubKey_t *UserPubKey_ptr,
DxUint8_t *Exponent_ptr,
DxUint16_t ExponentSize,
DxUint8_t *Modulus_ptr,
DxUint16_t ModulusSize )
{
/* FUNCTION DECLARATIONS */
/* the counter compare result */
CRYS_COMMON_CmpCounter_t CounterCmpResult;
/* the effective size in bits of the modulus buffer */
DxUint32_t ModulusEffectiveSizeInBits;
/* the effective size in bits of the exponent buffer */
DxUint32_t ExponentEffectiveSizeInBits;
/* the public key database pointer */
CRYSRSAPubKey_t *PubKey_ptr;
/* the Error return code identifier */
CRYSError_t Error = CRYS_OK;
/* Max Size of buffers in Key structure */
DxUint32_t buffSizeBytes = CRYS_RSA_MAX_VALID_KEY_SIZE_VALUE_IN_BYTES;
/* FUNCTION LOGIC */
/* ............... if not supported exit .............................. */
/* -------------------------------------------------------------------- */
RETURN_IF_RSA_UNSUPPORTED( UserPubKey_ptr, Exponent_ptr, ExponentSize,
Modulus_ptr, ModulusSize, CounterCmpResult,
ModulusEffectiveSizeInBits, ExponentEffectiveSizeInBits,
PubKey_ptr, buffSizeBytes, Error, Error, Error, Error,
Error, Error, Error, Error, Error, Error, Error, Error);
#ifndef CRYS_NO_HASH_SUPPORT
#ifndef CRYS_NO_PKI_SUPPORT
/* ................. checking the validity of the pointer arguments ....... */
/* ------------------------------------------------------------------------ */
#ifndef DX_OEM_FW
if (DxCcAcl_IsBuffAccessOk(ACCESS_READ_WRITE, UserPubKey_ptr, sizeof(CRYS_RSAUserPubKey_t)) ||
DxCcAcl_IsBuffAccessOk(ACCESS_READ, Exponent_ptr, ExponentSize) ||
DxCcAcl_IsBuffAccessOk(ACCESS_READ, Modulus_ptr, ModulusSize)){
return CRYS_RSA_ILLEGAL_PARAMS_ACCORDING_TO_PRIV_ERROR;
}
#endif
/* ...... checking the key database handle pointer .................... */
if( UserPubKey_ptr == DX_NULL )
return CRYS_RSA_INVALID_PUB_KEY_STRUCT_POINTER_ERROR;
/* ...... checking the validity of the exponent pointer ............... */
if( Exponent_ptr == DX_NULL )
return CRYS_RSA_INVALID_EXPONENT_POINTER_ERROR;
/* ...... checking the validity of the modulus pointer .............. */
if( Modulus_ptr == DX_NULL )
return CRYS_RSA_INVALID_MODULUS_POINTER_ERROR;
if( ModulusSize > CRYS_RSA_MAX_VALID_KEY_SIZE_VALUE_IN_BYTES )
return CRYS_RSA_INVALID_MODULUS_SIZE;
if( ExponentSize > CRYS_RSA_MAX_VALID_KEY_SIZE_VALUE_IN_BYTES )
return CRYS_RSA_INVALID_EXPONENT_SIZE;
/* .................. copy the buffers to the key handle structure .... */
/* -------------------------------------------------------------------- */
/* setting the pointer to the key database */
PubKey_ptr = ( CRYSRSAPubKey_t * )UserPubKey_ptr->PublicKeyDbBuff;
/* clear the public key db */
DX_VOS_MemSet( PubKey_ptr , 0 , sizeof(CRYSRSAPubKey_t) );
/* loading the buffers to little endian order of words in array; each word is loaded according to CPU endianness */
Error = CRYS_COMMON_ConvertMsbLsbBytesToLswMswWords(PubKey_ptr->n, buffSizeBytes, Modulus_ptr, ModulusSize);
if(Error)
return Error;
Error = CRYS_COMMON_ConvertMsbLsbBytesToLswMswWords(PubKey_ptr->e, buffSizeBytes, Exponent_ptr, ExponentSize);
if(Error)
return Error;
/* .................. initializing local variables ................... */
/* ------------------------------------------------------------------- */
/* .......... initializing the effective counters size in bits .......... */
ModulusEffectiveSizeInBits = CRYS_COMMON_GetWordsCounterEffectiveSizeInBits(PubKey_ptr->n, (ModulusSize+3)/4);
ExponentEffectiveSizeInBits = CRYS_COMMON_GetWordsCounterEffectiveSizeInBits(PubKey_ptr->e, (ExponentSize+3)/4);
/* .................. checking the validity of the counters ............... */
/* ------------------------------------------------------------------------ */
if((ModulusEffectiveSizeInBits < CRYS_RSA_MIN_VALID_KEY_SIZE_VALUE_IN_BITS ) ||
(ModulusEffectiveSizeInBits > CRYS_RSA_MAX_VALID_KEY_SIZE_VALUE_IN_BITS ) ||
(ModulusEffectiveSizeInBits % CRYS_RSA_VALID_KEY_SIZE_MULTIPLE_VALUE_IN_BITS)){
Error = CRYS_RSA_INVALID_MODULUS_SIZE;
goto End;
}
/* verifying the modulus is odd */
if((PubKey_ptr->n[0] & 1UL) == 0){
Error = CRYS_RSA_MODULUS_EVEN_ERROR;
goto End;
}
/* checking the exponent size is not 0 in bytes */
if( ExponentEffectiveSizeInBits == 0 ){
Error = CRYS_RSA_INVALID_EXPONENT_SIZE;
goto End;
}
/* verifying the exponent is less then the modulus */
CounterCmpResult = CRYS_COMMON_CmpMsbUnsignedCounters(Exponent_ptr, ExponentSize, Modulus_ptr, ModulusSize);
if(CounterCmpResult != CRYS_COMMON_CmpCounter2GraterThenCounter1){
Error = CRYS_RSA_INVALID_EXPONENT_VAL;
goto End;
}
/* verifying the exponent is not less then 3 */
if(ExponentEffectiveSizeInBits < 32 && PubKey_ptr->e[0] < CRYS_RSA_MIN_PUB_EXP_VALUE){
Error = CRYS_RSA_INVALID_EXPONENT_VAL;
goto End;
}
/* ................. building the structure ............................. */
/* ---------------------------------------------------------------------- */
/* setting the modulus and exponent size in bits */
PubKey_ptr->nSizeInBits = ModulusEffectiveSizeInBits;
PubKey_ptr->eSizeInBits = ExponentEffectiveSizeInBits;
/* ................ initialize the low level data .............. */
Error = LLF_PKI_RSA_InitPubKeyDb(PubKey_ptr);
if(Error)
goto End;
/* ................ set the tag ................ */
UserPubKey_ptr->valid_tag = CRYS_RSA_PUB_KEY_VALIDATION_TAG;
/* ................. end of the function .................................. */
/* ------------------------------------------------------------------------ */
End:
/* if the structure created is not valid - clear it */
if( Error != CRYS_OK ){
DX_VOS_MemSet(UserPubKey_ptr, 0, sizeof(CRYS_RSAUserPubKey_t));
}
return Error;
#endif /* !CRYS_NO_HASH_SUPPORT */
#endif /* !CRYS_NO_PKI_SUPPORT */
}/* END OF CRYS_RSA_Build_PubKey */
/******************************************************************************************
@brief CRYS_RSA_Get_PubKey gets the e,n public key from the database.
@param[in] UserPubKey_ptr - A pointer to the public key structure.
This structure is used as input to the CRYS_RSA_PRIM_Encrypt API.
@param[out] Exponent_ptr - A pointer to the exponent stream of bytes (Big-Endian format)
@param[in,out] ExponentSize_ptr - the size of the exponent buffer in bytes, it is updated to the
actual size of the exponent, in bytes.
@param[out] Modulus_ptr - A pointer to the modulus stream of bytes (Big-Endian format).
The MS (most significant) bit must be set to '1'.
@param[in,out] ModulusSize_ptr - the size of the modulus buffer in bytes, it is updated to the
actual size of the modulus, in bytes.
NOTE: All members of input UserPrivKey structure must be initialized, including public key
e pointer and it size.
*/
CEXPORT_C CRYSError_t CRYS_RSA_Get_PubKey(
CRYS_RSAUserPubKey_t *UserPubKey_ptr,
DxUint8_t *Exponent_ptr,
DxUint16_t *ExponentSize_ptr,
DxUint8_t *Modulus_ptr,
DxUint16_t *ModulusSize_ptr )
{
/* LOCAL DECLERATIONS */
/* the size in bytes of the modulus and the exponent */
DxUint32_t nSizeInBytes;
DxUint32_t eSizeInBytes;
/* the public key database pointer */
CRYSRSAPubKey_t *PubKey_ptr;
CRYSError_t Error;
/* FUNCTION DECLERATIONS */
/* ............... if not supported exit .............................. */
/* -------------------------------------------------------------------- */
RETURN_IF_RSA_UNSUPPORTED( UserPubKey_ptr , Exponent_ptr , ExponentSize_ptr ,
Modulus_ptr , ModulusSize_ptr , nSizeInBytes ,
eSizeInBytes , PubKey_ptr , PubKey_ptr,
PubKey_ptr , PubKey_ptr , PubKey_ptr , PubKey_ptr ,
PubKey_ptr , PubKey_ptr , PubKey_ptr ,
PubKey_ptr , PubKey_ptr , PubKey_ptr ,
PubKey_ptr , PubKey_ptr , PubKey_ptr );
#ifndef CRYS_NO_HASH_SUPPORT
#ifndef CRYS_NO_PKI_SUPPORT
/* ................. checking the validity of the pointer arguments ....... */
/* ------------------------------------------------------------------------ */
/* ...... checking the key database handle pointer .................... */
if(UserPubKey_ptr == DX_NULL)
return CRYS_RSA_INVALID_PUB_KEY_STRUCT_POINTER_ERROR;
/* ...... checking the validity of the exponent pointer ............... */
if(Exponent_ptr == DX_NULL)
return CRYS_RSA_INVALID_EXPONENT_POINTER_ERROR;
/* ...... checking the validity of the modulus pointer .............. */
if(Modulus_ptr == DX_NULL)
return CRYS_RSA_INVALID_MODULUS_POINTER_ERROR;
if(ExponentSize_ptr == DX_NULL)
return CRYS_RSA_INVALID_EXP_BUFFER_SIZE_POINTER;
if(ModulusSize_ptr == DX_NULL)
return CRYS_RSA_INVALID_MOD_BUFFER_SIZE_POINTER;
/* if the users TAG is illegal return an error - the context is invalid */
if(UserPubKey_ptr->valid_tag != CRYS_RSA_PUB_KEY_VALIDATION_TAG)
return CRYS_RSA_PUB_KEY_VALIDATION_TAG_ERROR;
#ifndef DX_OEM_FW
if (DxCcAcl_IsBuffAccessOk(ACCESS_READ, UserPubKey_ptr, sizeof(CRYS_RSAUserPubKey_t)) ||
DxCcAcl_IsBuffAccessOk(ACCESS_READ_WRITE, Exponent_ptr, *ExponentSize_ptr) ||
DxCcAcl_IsBuffAccessOk(ACCESS_READ_WRITE, Modulus_ptr, *ModulusSize_ptr) ||
DxCcAcl_IsBuffAccessOk(ACCESS_READ, ExponentSize_ptr, sizeof(DxUint32_t)) ||
DxCcAcl_IsBuffAccessOk(ACCESS_READ_WRITE, ModulusSize_ptr, sizeof(DxUint32_t))){
return CRYS_RSA_ILLEGAL_PARAMS_ACCORDING_TO_PRIV_ERROR;
}
#endif
/* ...... checking the exponent size ................................ */
/* setting the pointer to the key database */
PubKey_ptr = ( CRYSRSAPubKey_t * )UserPubKey_ptr->PublicKeyDbBuff;
/* calculating the required size in bytes */
nSizeInBytes = (PubKey_ptr->nSizeInBits + 7) / 8;
eSizeInBytes = (PubKey_ptr->eSizeInBits + 7) / 8;
/* if the size of the modulus is to small return error */
if(nSizeInBytes > *ModulusSize_ptr)
return CRYS_RSA_INVALID_MODULUS_SIZE;
/* if the size of the exponent buffer is to small return error */
if(eSizeInBytes > *ExponentSize_ptr)
return CRYS_RSA_INVALID_EXPONENT_SIZE;
/* .............. loading the output arguments and buffers ............... */
/* ----------------------------------------------------------------------- */
/* loading the buffers */
Error = CRYS_COMMON_ConvertLswMswWordsToMsbLsbBytes(Exponent_ptr, 4*((*ExponentSize_ptr+3)/4),
PubKey_ptr->e, eSizeInBytes );
if(Error != CRYS_OK)
return Error;
Error = CRYS_COMMON_ConvertLswMswWordsToMsbLsbBytes(Modulus_ptr, 4*((*ModulusSize_ptr+3)/4),
PubKey_ptr->n, nSizeInBytes );
if(Error != CRYS_OK)
return Error;
/* updating the buffer sizes */
*ModulusSize_ptr = (DxUint16_t)nSizeInBytes;
*ExponentSize_ptr = (DxUint16_t)eSizeInBytes;
return CRYS_OK;
#endif /* !CRYS_NO_HASH_SUPPORT */
#endif /* !CRYS_NO_PKI_SUPPORT */
}/* END OF CRYS_RSA_Get_PubKey */
CIMPORT_C CRYSError_t CRYS_DES_Init( CRYS_DESUserContext_t *ContextID_ptr,
CRYS_DES_Iv_t IV_ptr,
CRYS_DES_Key_t *Key_ptr,
CRYS_DES_NumOfKeys_t NumOfKeys,
CRYS_DES_EncryptMode_t EncryptDecryptFlag,
CRYS_DES_OperationMode_t OperationMode )
{
int symRc = DX_RET_OK;
/* pointer on SEP DES context struct*/
struct sep_ctx_cipher *pDesContext;
/* ............... checking the parameters validity ................... */
/* -------------------------------------------------------------------- */
/* if the users context ID pointer is DX_NULL return an error */
if( ContextID_ptr == DX_NULL ) {
return CRYS_DES_INVALID_USER_CONTEXT_POINTER_ERROR;
}
/* check if the operation mode is legal */
if( OperationMode >= CRYS_DES_NumOfModes ) {
return CRYS_DES_ILLEGAL_OPERATION_MODE_ERROR;
}
/* if the operation mode selected is CBC then check the validity of
the IV counter pointer */
if( (OperationMode == CRYS_DES_CBC_mode) && (IV_ptr == DX_NULL) ) {
return CRYS_DES_INVALID_IV_PTR_ON_NON_ECB_MODE_ERROR;
}
/* If the number of keys in invalid return an error */
if( (NumOfKeys >= CRYS_DES_NumOfKeysOptions) || (NumOfKeys == 0) ) {
return CRYS_DES_ILLEGAL_NUM_OF_KEYS_ERROR;
}
/*check the valisity of the key pointer */
if( Key_ptr == DX_NULL ) {
return CRYS_DES_INVALID_KEY_POINTER_ERROR;
}
/* Check the Encrypt / Decrypt flag validity */
if( EncryptDecryptFlag >= CRYS_DES_EncryptNumOfOptions ) {
return CRYS_DES_INVALID_ENCRYPT_MODE_ERROR;
}
/* check validity for priv */
if ( DxCcAcl_IsBuffAccessOk(ACCESS_READ, Key_ptr, NumOfKeys * SEP_DES_ONE_KEY_SIZE) ||
DxCcAcl_IsBuffAccessOk(ACCESS_READ_WRITE, ContextID_ptr, sizeof(CRYS_DESUserContext_t)) ||
((IV_ptr != DX_NULL) && (DxCcAcl_IsBuffAccessOk(ACCESS_READ, IV_ptr, sizeof(CRYS_DES_Iv_t)))) ) {
return CRYS_DES_ILLEGAL_PARAMS_ERROR;
}
/* Get pointer to contiguous context in the HOST buffer */
pDesContext = (struct sep_ctx_cipher *)DX_InitUserCtxLocation(ContextID_ptr->buff,
sizeof(CRYS_DESUserContext_t),
sizeof(struct sep_ctx_cipher));
pDesContext->alg = SEP_CRYPTO_ALG_DES;
pDesContext->mode = MakeSepDesMode(OperationMode);
pDesContext->direction = (enum sep_crypto_direction)EncryptDecryptFlag;
pDesContext->key_size = NumOfKeys * SEP_DES_BLOCK_SIZE;
DX_PAL_MemCopy(pDesContext->key, Key_ptr, pDesContext->key_size);
if (pDesContext->mode == SEP_CIPHER_CBC) {
DX_PAL_MemCopy(pDesContext->block_state, IV_ptr, CRYS_DES_IV_SIZE_IN_BYTES);
}
symRc = SymDriverAdaptorInit((struct sep_ctx_generic *)pDesContext);
return DX_CRYS_RETURN_ERROR(symRc, 0, SymAdaptor2CrysDesErr);
}
CEXPORT_C CRYSError_t _DX_RSA_VerifyUpdate(CRYS_RSAPubUserContext_t *UserContext_ptr,
DxUint8_t *DataIn_ptr,
DxUint32_t DataInSize)
{
/* FUNCTION DECLERATIONS */
/* The return error identifier */
CRYSError_t Error;
/* This pointer is allocated in order to remove compiler alias problems */
void *tempWorkingctx_ptr;
/* defining a pointer to the active context allcated by the CCM */
RSAPubContext_t *ccmWorkingContext_ptr;
/* FUNCTION LOGIC */
/* .................. initializing local variables ................... */
/* ------------------------------------------------------------------- */
/* initializing the Error to O.K */
Error = CRYS_OK;
/* ............... if not supported exit .............................. */
/* -------------------------------------------------------------------- */
RETURN_IF_RSA_UNSUPPORTED( UserContext_ptr , DataIn_ptr , DataInSize ,
ccmWorkingContext_ptr , Error , Error, Error ,
Error , Error ,
Error , Error , Error , Error ,
Error,Error,Error,Error,Error,Error,Error,Error,Error);
#ifndef CRYS_NO_HASH_SUPPORT
#ifndef CRYS_NO_PKI_SUPPORT
/* ............... checking the parameters validity ................... */
/* -------------------------------------------------------------------- */
/* if the users context pointer is DX_NULL return an error */
if( UserContext_ptr == DX_NULL )
return CRYS_RSA_INVALID_USER_CONTEXT_POINTER_ERROR;
/* if the users Data In pointer is illegal and the data size is not 0 return an error */
if( DataIn_ptr == DX_NULL && DataInSize )
return CRYS_RSA_DATA_POINTER_INVALID_ERROR;
/* if the data size is larger then 2^29 (to prevant an overflow on the transition to bits )
return error */
if( DataInSize >= (1UL << 29) )
return CRYS_RSA_INVALID_MESSAGE_DATA_SIZE;
#ifndef DX_OEM_FW
/* DataIn can be smart pointer but it is tested either in the hash or in bypass operations */
if (DxCcAcl_IsBuffAccessOk(ACCESS_READ_WRITE, UserContext_ptr, sizeof(CRYS_RSAPubUserContext_t)) ||
DxCcAcl_IsBuffAccessOk(ACCESS_READ, DataIn_ptr, DataInSize)){
return CRYS_RSA_ILLEGAL_PARAMS_ACCORDING_TO_PRIV_ERROR;
}
#endif
/* if the users context TAG is illegal return an error - the context is invalid */
if( UserContext_ptr->valid_tag != CRYS_RSA_VERIFY_CONTEXT_VALIDATION_TAG )
return CRYS_RSA_USER_CONTEXT_VALIDATION_TAG_ERROR;
/* ................. aquiring the RSA context ............................. */
/* ------------------------------------------------------------------------ */
Error = CRYS_CCM_GetContext( UserContext_ptr, /* the users context space - in */
(void **) &tempWorkingctx_ptr, /* the CCM context returned - out */
DX_RSA_VERIFY_CONTEXT,
AES_DECRYPT_CONTEXT); /* need to decrypt context in AES_block*/
if( Error != CRYS_OK )
return Error;
ccmWorkingContext_ptr = (RSAPubContext_t*)tempWorkingctx_ptr;
switch(ccmWorkingContext_ptr->HashOperationMode)
{
/* The mode is either SHA1 or MD5 */
case CRYS_RSA_HASH_SHA1_mode:
case CRYS_RSA_HASH_MD5_mode:
case CRYS_RSA_HASH_SHA224_mode:
case CRYS_RSA_HASH_SHA256_mode:
case CRYS_RSA_HASH_SHA384_mode:
case CRYS_RSA_HASH_SHA512_mode:
/*Operate the Hash update function for relevant versions*/
Error=CRYS_HASH_Update(((CRYS_HASHUserContext_t *)(ccmWorkingContext_ptr->CRYSPKAHashCtxBuff)),
DataIn_ptr,
DataInSize );
if(Error != CRYS_OK)
goto END_WITH_ERROR;
break;
case CRYS_RSA_After_SHA1_mode:
if(DataInSize != CRYS_HASH_SHA1_DIGEST_SIZE_IN_BYTES)
{ /* DataInSize must fit exactly to the size of Hash output that we support */
Error = CRYS_RSA_INVALID_MESSAGE_DATA_SIZE_IN_SSL_CASE;
goto END_WITH_ERROR;
}
/* Copy the DataIn_ptr to the HashResult in case it is an SSL mode*/
Error = CRYS_Bypass(DataIn_ptr,DataInSize,(DxUint8_t *)ccmWorkingContext_ptr->HASH_Result);
if (Error != CRYS_OK)
goto END_WITH_ERROR;
break;
case CRYS_RSA_After_SHA224_mode:
if(DataInSize != CRYS_HASH_SHA224_DIGEST_SIZE_IN_BYTES)
{ /* DataInSize must fit exactly to the size of Hash output that we support */
Error = CRYS_RSA_INVALID_MESSAGE_DATA_SIZE_IN_SSL_CASE;
goto END_WITH_ERROR;
}
/* Copy the DataIn_ptr to the HashResult in case it is an SSL mode*/
Error = CRYS_Bypass(DataIn_ptr,DataInSize,(DxUint8_t *)ccmWorkingContext_ptr->HASH_Result);
if (Error != CRYS_OK)
goto END_WITH_ERROR;
break;
case CRYS_RSA_After_SHA256_mode:
if(DataInSize != CRYS_HASH_SHA256_DIGEST_SIZE_IN_BYTES)
{ /* DataInSize must fit exactly to the size of Hash output that we support */
Error = CRYS_RSA_INVALID_MESSAGE_DATA_SIZE_IN_SSL_CASE;
goto END_WITH_ERROR;
}
/* Copy the DataIn_ptr to the HashResult in case it is an SSL mode*/
Error = CRYS_Bypass(DataIn_ptr,DataInSize,(DxUint8_t *)ccmWorkingContext_ptr->HASH_Result);
if (Error != CRYS_OK)
goto END_WITH_ERROR;
break;
case CRYS_RSA_After_SHA384_mode:
if(DataInSize != CRYS_HASH_SHA384_DIGEST_SIZE_IN_BYTES)
{ /* DataInSize must fit exactly to the size of Hash output that we support */
Error = CRYS_RSA_INVALID_MESSAGE_DATA_SIZE_IN_SSL_CASE;
goto END_WITH_ERROR;
}
/* Copy the DataIn_ptr to the HashResult in case it is an SSL mode*/
Error = CRYS_Bypass(DataIn_ptr,DataInSize,(DxUint8_t *)ccmWorkingContext_ptr->HASH_Result);
if (Error != CRYS_OK)
goto END_WITH_ERROR;
break;
case CRYS_RSA_After_SHA512_mode:
if(DataInSize != CRYS_HASH_SHA512_DIGEST_SIZE_IN_BYTES)
{ /* DataInSize must fit exactly to the size of Hash output that we support */
Error = CRYS_RSA_INVALID_MESSAGE_DATA_SIZE_IN_SSL_CASE;
goto END_WITH_ERROR;
}
/* Copy the DataIn_ptr to the HashResult in case it is an SSL mode*/
Error = CRYS_Bypass(DataIn_ptr,DataInSize,(DxUint8_t *)ccmWorkingContext_ptr->HASH_Result);
if (Error != CRYS_OK)
goto END_WITH_ERROR;
break;
case CRYS_RSA_After_MD5_mode:
if(DataInSize != CRYS_HASH_MD5_DIGEST_SIZE_IN_BYTES)
{ /* DataInSize must fit exactly to the size of Hash output that we support */
Error = CRYS_RSA_INVALID_MESSAGE_DATA_SIZE_IN_SSL_CASE;
goto END_WITH_ERROR;
}
/* Copy the DataIn_ptr to the HashResult in case it is an SSL mode*/
Error = CRYS_Bypass(DataIn_ptr,DataInSize,(DxUint8_t *)ccmWorkingContext_ptr->HASH_Result);
if (Error != CRYS_OK)
goto END_WITH_ERROR;
break;
case CRYS_RSA_HASH_NO_HASH_mode:
/*Do nothing*/
break;
case CRYS_RSA_After_HASH_NOT_KNOWN_mode : /*used for PKCS1 v1.5 Verify only - possible to derive the hash mode from the signature*/
if( DataInSize > CRYS_HASH_SHA512_DIGEST_SIZE_IN_BYTES ||
DataInSize < CRYS_HASH_MD5_DIGEST_SIZE_IN_BYTES )
{
/* DataInSize must fit exactly to the size of Hash output that we support */
Error = CRYS_RSA_INVALID_MESSAGE_DATA_SIZE_IN_SSL_CASE;
goto END_WITH_ERROR;
}
/* Copy the DataIn_ptr to the HashResult in case it is an SSL mode*/
Error = CRYS_Bypass(DataIn_ptr,DataInSize,(DxUint8_t *)ccmWorkingContext_ptr->HASH_Result);
if (Error != CRYS_OK)
goto END_WITH_ERROR;
/* set message size */
ccmWorkingContext_ptr->HASH_Result_Size = (DxUint16_t)DataInSize / sizeof(DxUint32_t);
break;
default:
Error = CRYS_RSA_HASH_ILLEGAL_OPERATION_MODE_ERROR;
goto END_WITH_ERROR;
}
goto END;
END:
/* ................. release the context ................................. */
/* ----------------------------------------------------------------------- */
Error = CRYS_CCM_ReleaseContext(UserContext_ptr, /* the users context space - in */
ccmWorkingContext_ptr, /* the CCM context returned - in */
DX_RSA_VERIFY_CONTEXT); /* RSA type - in */
return Error;
END_WITH_ERROR:
/* ................. release the context ................................. */
/* ----------------------------------------------------------------------- */
{
CRYSError_t Error1 = CRYS_CCM_ReleaseContext(UserContext_ptr, /* the users context space - in */
ccmWorkingContext_ptr, /* the CCM context returned - in */
DX_RSA_VERIFY_CONTEXT); /* RSA type - in */
if(Error1 != CRYS_OK)
{
PLAT_LOG_DEV_PRINT(( 10 ," \n Error1 from CRYS_CCM_ReleaseContext is %lX \n" ,Error1));
}
}
/* .............. clearing the users context in case of error.......... */
/* -------------------------------------------------------------------- */
DX_VOS_MemSet(UserContext_ptr,0,sizeof(CRYS_RSAPubUserContext_t));
return Error;
#endif /* !CRYS_NO_HASH_SUPPORT */
#endif /* !CRYS_NO_PKI_SUPPORT */
}/* END OF _DX_RSA_VerifyUpdate */
/**
* This function initializes the HMAC machine on the CRYS level.
*
* The function allocates and initializes the HMAC Context .
* The function receives as input a pointer to store the context handle to HMAC Context.
*
* The function executes a HASH_init session and processes a HASH update
* on the Key XOR ipad and stores it in the context.
*
* @param[in] ContextID_ptr - A pointer to the HMAC context buffer allocated by the user
* that is used for the HMAC machine operation.
*
* @param[in] OperationMode - The operation mode: MD5 or SHA1.
*
* @param[in] key_ptr - The pointer to the user's key buffer,
* or its digest (if larger than the hash block size).
*
* @param[in] keySize - The size of the received key. Must not exceed the associated
* hash block size. For larger keys the caller must provide
* a hash digest of the key as the actual key.
*
* @return CRYSError_t - On success the function returns the value CRYS_OK,
* and on failure a non-ZERO error.
*
*/
CIMPORT_C CRYSError_t CRYS_HMAC_Init(CRYS_HMACUserContext_t *ContextID_ptr,
CRYS_HASH_OperationMode_t OperationMode,
DxUint8_t *key_ptr,
DxUint16_t keySize)
{
struct sep_ctx_hmac *pHmacContext;
CRYS_HMACPrivateContext_t *pHmacPrivContext;
int symRc = DX_RET_OK;
DxUint32_t HashBlockSize;
/* if the users context ID pointer is DX_NULL return an error */
if( ContextID_ptr == DX_NULL ) {
return CRYS_HMAC_INVALID_USER_CONTEXT_POINTER_ERROR;
}
/* check if the key pointer is valid */
if( key_ptr == DX_NULL ) {
return CRYS_HMAC_INVALID_KEY_POINTER_ERROR;
}
/* check if the operation mode is legal and set hash block size */
switch (OperationMode) {
case CRYS_HASH_SHA1_mode:
case CRYS_HASH_SHA224_mode:
case CRYS_HASH_SHA256_mode:
HashBlockSize = CRYS_HASH_BLOCK_SIZE_IN_BYTES;
break;
case CRYS_HASH_SHA384_mode:
case CRYS_HASH_SHA512_mode:
HashBlockSize = CRYS_HASH_SHA512_BLOCK_SIZE_IN_BYTES;
break;
default:
return CRYS_HMAC_ILLEGAL_OPERATION_MODE_ERROR;
}
/* check if the key size is valid */
if (keySize == 0) {
return CRYS_HMAC_UNVALID_KEY_SIZE_ERROR;
}
/* check validity for priv */
if ( DxCcAcl_IsBuffAccessOk(ACCESS_READ, key_ptr, keySize) ||
DxCcAcl_IsBuffAccessOk(ACCESS_READ_WRITE, ContextID_ptr, sizeof(CRYS_HMACUserContext_t)) ) {
return CRYS_HMAC_ILLEGAL_PARAMS_ERROR;
}
/* Get pointer to contiguous context in the HOST buffer */
pHmacContext = (struct sep_ctx_hmac *)DX_InitUserCtxLocation(ContextID_ptr->buff,
sizeof(CRYS_HMACUserContext_t),
sizeof(struct sep_ctx_hmac));
pHmacPrivContext = (CRYS_HMACPrivateContext_t *)&(((uint32_t*)pHmacContext)[CRYS_HMAC_USER_CTX_ACTUAL_SIZE_IN_WORDS-1]);
pHmacContext->alg = SEP_CRYPTO_ALG_HMAC;
pHmacContext->mode = Crys2SepHashMode(OperationMode);
pHmacPrivContext->isLastBlockProcessed = 0;
if( keySize > HashBlockSize ) {
symRc = CRYS_HASH ( OperationMode,
key_ptr,
keySize,
(uint32_t*)pHmacContext->k0 );/*Write the result into th context*/
if( symRc != CRYS_OK )
return symRc;
/* update the new key size according to the mode */
switch(OperationMode) {
case CRYS_HASH_SHA1_mode:
keySize = CRYS_HASH_SHA1_DIGEST_SIZE_IN_BYTES;
break;
case CRYS_HASH_SHA224_mode:
keySize = CRYS_HASH_SHA224_DIGEST_SIZE_IN_BYTES;
break;
case CRYS_HASH_SHA256_mode:
keySize = CRYS_HASH_SHA256_DIGEST_SIZE_IN_BYTES;
break;
case CRYS_HASH_SHA384_mode:
keySize = CRYS_HASH_SHA384_DIGEST_SIZE_IN_BYTES;
break;
case CRYS_HASH_SHA512_mode:
keySize = CRYS_HASH_SHA512_DIGEST_SIZE_IN_BYTES;
break;
default:
break;
}
}/* end of key larger then 64 bytes case */
else {
DX_PAL_MemCopy(pHmacContext->k0 , key_ptr , keySize );
}
pHmacContext->k0_size = keySize;
symRc = SymDriverAdaptorInit((struct sep_ctx_generic *)pHmacContext);
return DX_CRYS_RETURN_ERROR(symRc, 0, SymAdaptor2CrysHmacErr);
}
/**
@brief The function converts an existed public key into the big endian and outputs it.
The function performs the following steps:
- checks input parameters,
- Converts the X,Y coordinates of public key EC point to big endianness.
- Sets the public key as follows:
In case "Uncompressed" point: PubKey = PC||X||Y, PC = 0x4 - single byte;
In other cases returns an error.
- Exits.
NOTE: - At this stage supported only uncompressed point form,
- Size of output X and Y coordinates is equal to ModSizeInBytes.
@param[in] UserPublKey_ptr - A pointer to the public key structure initialized by CRYS.
@param[in] Compression - An enumerator parameter, defines point compression.
@param[out] ExternPublKey_ptr - A pointer to the buffer for export the public key bytes array in big
endian order of bytes. Size of buffer must be not less than:
2*ModSiseInBytes+1 bytes.
@param[in/out] PublKeySizeInBytes - A pointer to size of user passed public key buffer (in) and
the actual size of exported public key (out).
@return CRYSError_t - CRYS_OK,
CRYS_ECPKI_EXPORT_PUBL_KEY_INVALID_USER_PUBL_KEY_PTR_ERROR
CRYS_ECPKI_EXPORT_PUBL_KEY_ILLEGAL_COMPRESSION_MODE_ERROR
CRYS_ECPKI_EXPORT_PUBL_KEY_INVALID_EXTERN_PUBL_KEY_PTR_ERROR
CRYS_ECPKI_EXPORT_PUBL_KEY_INVALID_PUBL_KEY_SIZE_PTR_ERROR
CRYS_ECPKI_EXPORT_PUBL_KEY_INVALID_PUBL_KEY_SIZE_ERROR
CRYS_ECPKI_EXPORT_PUBL_KEY_ILLEGAL_DOMAIN_ID_ERROR
*/
CEXPORT_C CRYSError_t CRYS_ECPKI_ExportPublKey(
CRYS_ECPKI_UserPublKey_t *UserPublKey_ptr, /*in*/
CRYS_ECPKI_PointCompression_t Compression, /*in*/
DxUint8_t *ExternPublKey_ptr, /*in*/
DxUint32_t *PublKeySizeInBytes_ptr /*in/out*/)
{
/*-------------------- FUNCTION DECLARATIONS ------------------------*/
/* the private key structure pointer */
CRYS_ECPKI_PublKey_t *PublKey_ptr;
/* Domain ID and DomainInfo - structure containing part of domain information */
CRYS_ECPKI_DomainID_t DomainID;
CRYS_ECPKI_DomainInfo_t DomainInfo;
/* EC modulus size in words and in bytes*/
DxUint32_t ModSizeInBytes;
/* the Error return code identifier */
CRYSError_t Error;
/* FUNCTION LOGIC */
/* .................. if not supported exit .............................. */
RETURN_IF_ECPKI_UNSUPPORTED( UserPublKey_ptr, Compression, ExternPublKey_ptr,
PublKeySizeInBytes_ptr, PublKey_ptr, DomainInfo.EC_ModulusSizeInBits,
DomainID, ModSizeInBytes, Error, Error, Error, Error, Error, Error,
Error, Error, Error, Error, Error, Error, Error, Error );
#ifndef CRYS_NO_ECPKI_SUPPORT
/* .................. INITIALIZATIONS ................................. */
Error = CRYS_OK; /* Error initialization */
/*............. Checking input parameters ..............................*/
/* ...... checking the key database handle pointer .................... */
if( UserPublKey_ptr == DX_NULL )
return CRYS_ECPKI_EXPORT_PUBL_KEY_INVALID_USER_PUBL_KEY_PTR_ERROR;
/* ...... checking the validity of the extern Public Key pointer ........ */
if( ExternPublKey_ptr == DX_NULL )
return CRYS_ECPKI_EXPORT_PUBL_KEY_INVALID_EXTERN_PUBL_KEY_PTR_ERROR;
/* ... checking the validity of the extern Public Key size pointer ...... */
if( PublKeySizeInBytes_ptr == DX_NULL )
return CRYS_ECPKI_EXPORT_PUBL_KEY_INVALID_PUBL_KEY_SIZE_PTR_ERROR;
PublKey_ptr = (CRYS_ECPKI_PublKey_t *)((void*)UserPublKey_ptr->PublKeyDbBuff);
DomainID = PublKey_ptr->DomainID;
/* ...... checking the EC domain ID...................................... */
if( DomainID >= CRYS_ECPKI_DomainID_OffMode )
return CRYS_ECPKI_EXPORT_PUBL_KEY_ILLEGAL_DOMAIN_ID_ERROR;
if (DxCcAcl_IsBuffAccessOk(ACCESS_READ, UserPublKey_ptr, sizeof(CRYS_ECPKI_UserPublKey_t)) ||
DxCcAcl_IsBuffAccessOk(ACCESS_READ_WRITE, ExternPublKey_ptr, *PublKeySizeInBytes_ptr) ||
DxCcAcl_IsBuffAccessOk(ACCESS_READ_WRITE, PublKeySizeInBytes_ptr, sizeof(DxUint32_t))){
return CRYS_ECC_ILLEGAL_PARAMS_ACCORDING_TO_PRIV_ERROR;
}
/*------------------------ FUNCTION LOGIC --------------------------------*/
/* get domain info and modulus size */
Error = LLF_ECPKI_GetDomainInfo(DomainID, &DomainInfo);
if(Error != CRYS_OK)
return Error;
ModSizeInBytes = (DomainInfo.EC_ModulusSizeInBits + 7)/8;
/* Convert public key to big endianness export form */
switch( Compression ){
case CRYS_EC_PointUncompressed:
/* check uzer passed size of buffer for public key*/
if( *PublKeySizeInBytes_ptr < 2*ModSizeInBytes + 1 )
return CRYS_ECPKI_EXPORT_PUBL_KEY_INVALID_PUBL_KEY_SIZE_ERROR;
/* Set ExternPublKey[0] = PC = 4 */
ExternPublKey_ptr[0] = 4;
Error = CRYS_COMMON_ConvertLswMswWordsToMsbLsbBytes(
ExternPublKey_ptr + 1, 4*((ModSizeInBytes+3)/4),
PublKey_ptr->PublKeyX, ModSizeInBytes );
if(Error != CRYS_OK)
return Error;
Error = CRYS_COMMON_ConvertLswMswWordsToMsbLsbBytes(
ExternPublKey_ptr + 1 + ModSizeInBytes, 4*((ModSizeInBytes+3)/4),
PublKey_ptr->PublKeyY, ModSizeInBytes );
if(Error != CRYS_OK)
return Error;
/* Set PublKeySizeInBytes */
*PublKeySizeInBytes_ptr = 2*ModSizeInBytes + 1;
break;
case CRYS_EC_PointHybrid:
case CRYS_EC_PointCompressed:
case CRYS_EC_PointContWrong:
case CRYS_EC_PointCompresOffMode:
default:
return CRYS_ECPKI_EXPORT_PUBL_KEY_ILLEGAL_COMPRESSION_MODE_ERROR;
}
return Error;
#endif /* !CRYS_NO_ECPKI_SUPPORT */
} /* End of CRYS_ECPKI_ExportPublKey */
/*!
* This function is used to process block of data in the combined or tunneling mode.
*
* \param pConfig A pointer to the Configuration Nodes array (NodesConfig).
* This array represents the user combined scheme.
* \param cipherOffset Relevant in cases where the authenticated data resides in
* a different offset from the cipher data.
* Note: currently an error returned for any value other than zero.
* \param pDataIn A pointer on a block of input data ready for processing.
* \param dataInSize The size of the input data.
* \param pDataOut A pointer on output data. Could be the same as input data pointer
* (for inplace operations) or NULL if there is only
* authentication for output.
*
* \return CIMPORT_C CRYSError_t On success the value CRYS_OK is returned,
* and on failure - a value from crys_combined_error.h
*/
CIMPORT_C CRYSError_t CRYS_Combined_Process(
CrysCombinedConfig_t *pConfig,
uint32_t cipherOffset,
uint8_t *pDataIn,
uint32_t dataInSize,
uint8_t *pDataOut)
{
CRYS_COMBINED_UserContext_t combinedUsrCtx;
struct sep_ctx_combined *pcombinedCtx;
CRYSError_t crysErr = CRYS_OK;
int symRc = DX_RET_OK;
/* parameters check */
if (pConfig == DX_NULL) {
return CRYS_COMBINED_INVALID_NODES_CONFIG_POINTER_ERROR;
}
if (cipherOffset != 0) {
/*currently cipher address must be equal to the auth address*/
return CRYS_COMBINED_ILLEGAL_OPERATION_MODE_ERROR;
}
if (pDataIn == NULL) {
return CRYS_COMBINED_DATA_IN_POINTER_INVALID_ERROR;
}
/* data size must be a positive number and a block size mult */
if (dataInSize == 0) {
return CRYS_COMBINED_DATA_IN_SIZE_ILLEGAL;
}
/* check validity for priv */
if (DxCcAcl_IsBuffAccessOk(ACCESS_READ, pConfig, sizeof(CrysCombinedConfig_t))) {
return CRYS_COMBINED_ILLEGAL_PARAMS_ERROR;
}
/* Get pointer to contiguous context in the HOST buffer */
pcombinedCtx = (struct sep_ctx_combined *)DX_InitUserCtxLocation(combinedUsrCtx.buff,
sizeof(CRYS_COMBINED_UserContext_t),
sizeof(struct sep_ctx_combined));
InitCombinedContext(pcombinedCtx, pConfig);
switch (pcombinedCtx->mode) {
case SEP_COMBINED_DIN_TO_AES_TO_HASH_MODE:
break;
case SEP_COMBINED_DIN_TO_AES_AND_HASH_MODE:
case SEP_COMBINED_DIN_TO_AES_TO_HASH_AND_DOUT_MODE:
case SEP_COMBINED_DIN_TO_AES_TO_AES_TO_DOUT_MODE:
if (pDataOut == NULL) {
return CRYS_COMBINED_DATA_OUT_POINTER_INVALID_ERROR;
}
break;
default:
return CRYS_COMBINED_ILLEGAL_OPERATION_MODE_ERROR;
}
crysErr = ValidateSupportedModes(pcombinedCtx);
if (crysErr != CRYS_OK) {
return crysErr;
}
symRc = SymDriverAdaptorProcess((struct sep_ctx_generic *)pcombinedCtx,
pDataIn, pDataOut, dataInSize);
return DX_CRYS_RETURN_ERROR(symRc, 0, SymAdaptor2CrysCombinedErr);
}
CEXPORT_C CRYSError_t _DX_RSA_VerifyFinish(CRYS_RSAPubUserContext_t *UserContext_ptr,
DxUint8_t *Sig_ptr)
{
/* FUNCTION DECLERATIONS */
/* The return error identifier */
CRYSError_t Error;
/* This pointer is allocated in order to remove compiler alias problems */
void *tempWorkingctx_ptr;
/* defining a pointer to the active context allcated by the CCM */
RSAPubContext_t *ccmWorkingContext_ptr ;
/*Pointer to the buffer inside the context for manipulation of Data*/
DxUint8_t *ED_ptr;
/*Parameter for the new size of the modulus N in bytes according to PKCS1 Ver 2.1*/
DxUint16_t PrvNNewSizeBytes;/*rounded number of Bytes for padding2 length*/
/*Temporary for the N size*/
CRYSRSAPubKey_t *PubKey_ptr;
/*Pointers to the Decrypted Data and Size*/
DxUint8_t *D_ptr;
DxUint16_t *DSize_ptr;
/*The local variables for PKCS#1 Ver 1.5*/
BerParserObj_t BerParserObj;
/* FUNCTION LOGIC */
/* .................. initializing local variables ................... */
/* ------------------------------------------------------------------- */
/* initializing the Error to O.K */
Error = CRYS_OK;
/* ............... if not supported exit .............................. */
/* -------------------------------------------------------------------- */
RETURN_IF_RSA_UNSUPPORTED( UserContext_ptr , Sig_ptr , ccmWorkingContext_ptr ,
ED_ptr , PrvNNewSizeBytes , PubKey_ptr, D_ptr ,
DSize_ptr , BerParserObj.DigestAlg ,
Error , Error , Error , Error ,
Error,Error,Error,Error,Error,Error,Error,Error,Error);
#ifndef CRYS_NO_HASH_SUPPORT
#ifndef CRYS_NO_PKI_SUPPORT
/* ............... checking the parameters validity ................... */
/* -------------------------------------------------------------------- */
/* if the users context pointer is DX_NULL return an error */
if( UserContext_ptr == DX_NULL )
return CRYS_RSA_INVALID_USER_CONTEXT_POINTER_ERROR;
/* if the users context pointer is DX_NULL return an error */
if( Sig_ptr == DX_NULL )
return CRYS_RSA_INVALID_SIGNATURE_BUFFER_POINTER;
#ifndef DX_OEM_FW
/* sizeof signature need to be fixed */
if (DxCcAcl_IsBuffAccessOk(ACCESS_READ_WRITE, UserContext_ptr, sizeof(CRYS_RSAPubUserContext_t)) ||
DxCcAcl_IsBuffAccessOk(ACCESS_READ_WRITE, Sig_ptr, sizeof(DxUint32_t))){
return CRYS_RSA_ILLEGAL_PARAMS_ACCORDING_TO_PRIV_ERROR;
}
#endif
/* if the users context TAG is illegal return an error - the context is invalid */
if( UserContext_ptr->valid_tag != CRYS_RSA_VERIFY_CONTEXT_VALIDATION_TAG )
return CRYS_RSA_USER_CONTEXT_VALIDATION_TAG_ERROR;
/* ................. aquiring the RSA context ............................. */
/* ------------------------------------------------------------------------ */
Error = CRYS_CCM_GetContext( UserContext_ptr, /* the users context space - in */
(void **) &tempWorkingctx_ptr, /* the CCM context returned - out */
DX_RSA_VERIFY_CONTEXT,
AES_DECRYPT_CONTEXT); /* need to decrypt context in AES_block*/
if( Error != CRYS_OK )
return Error;
ccmWorkingContext_ptr = (RSAPubContext_t*)tempWorkingctx_ptr;
ED_ptr = (DxUint8_t *)ccmWorkingContext_ptr->EBD;
PubKey_ptr = (CRYSRSAPubKey_t *)ccmWorkingContext_ptr->PubUserKey.PublicKeyDbBuff;
PrvNNewSizeBytes = (DxUint16_t)(PubKey_ptr->nSizeInBits/8);
/*rounding */
if(((PubKey_ptr->nSizeInBits) % 8) != 0)
PrvNNewSizeBytes++;
D_ptr = ccmWorkingContext_ptr->T_Buf;
DSize_ptr = &ccmWorkingContext_ptr->T_BufSize;
*DSize_ptr = sizeof(ccmWorkingContext_ptr->T_Buf);
PLAT_LOG_DEV_PRINT(( 10 ," \n In RSA_VerifyFinish Before PRIM_Encrypt operation:\n" ));
PLAT_LOG_DEV_PRINT_DisplayBuffer(( 10 , (char *)" \nModulus N =\n" ,(DxUint8_t *)PubKey_ptr->n , PubKey_ptr->nSizeInBits/8));
PLAT_LOG_DEV_PRINT_DisplayBuffer(( 10 , (char *)" \nExp e =\n" ,(DxUint8_t *)PubKey_ptr->e , PubKey_ptr->eSizeInBits/8));
/* execute the expomnent - after correct building it is working with either CRT or PAIR mode*/
Error = CRYS_RSA_PRIM_Encrypt(&ccmWorkingContext_ptr->PubUserKey,
&ccmWorkingContext_ptr->PrimeData,
Sig_ptr,
PrvNNewSizeBytes,
ED_ptr);
if( Error != CRYS_OK )
goto END_WITH_ERROR;
PLAT_LOG_DEV_PRINT_DisplayBuffer(( 10 , (char *)" \nSig in =\n" ,(DxUint8_t *)Sig_ptr , PrvNNewSizeBytes));
PLAT_LOG_DEV_PRINT_DisplayBuffer(( 10 , (char *)" \nIn RSA_VerifyFinish after CRYS_RSA_PRIM_Encrypt ; Output_ptr = " ,(DxUint8_t*)ED_ptr ,PrvNNewSizeBytes));
/*Initialize the Effective size in bits of the result*/
ccmWorkingContext_ptr->EBDSizeInBits = CRYS_COMMON_GetBytesCounterEffectiveSizeInBits( ED_ptr,PrvNNewSizeBytes );
/*Operating the HASH Finish function only in case that Hash operation is needed*/
if(ccmWorkingContext_ptr->HashOperationMode <= CRYS_RSA_HASH_SHA512_mode)
{
/*Operating the HASH Finish function*/
Error=CRYS_HASH_Finish(((CRYS_HASHUserContext_t *)(ccmWorkingContext_ptr->CRYSPKAHashCtxBuff)),
ccmWorkingContext_ptr->HASH_Result);
}
if( Error != CRYS_OK )
goto END_WITH_ERROR;
switch(ccmWorkingContext_ptr->PKCS1_Version)
{
#ifndef _INTERNAL_CRYS_NO_RSA_SCHEME_21_SUPPORT
case CRYS_PKCS1_VER21:
/*Operating the Verify primitive*/
Error = CRYS_RSA_PSS_Verify21(ccmWorkingContext_ptr);
if(Error!=CRYS_OK)
goto END_WITH_ERROR;
break;
#endif
#ifndef _INTERNAL_CRYS_NO_RSA_SCHEME_15_SUPPORT
case CRYS_PKCS1_VER15:
Error = CRYS_RSA_PKCS1_v1_5_Decode(ED_ptr,
PrvNNewSizeBytes,
D_ptr,
DSize_ptr);
if(Error!=CRYS_OK)
goto END_WITH_ERROR;
PLAT_LOG_DEV_PRINT_DisplayBuffer(( 10 , (char *)" \n In RSA_VerifyFinish ; After CRYS_RSA_PKCS1_v1_5_Decode ; D_ptr = " ,(DxUint8_t *)D_ptr ,*DSize_ptr));
/*Space for the Ber Parser output*/
BerParserObj.MessageDigest_ptr=ED_ptr;
/***********************
* Call the BER Parser - it can derive the hash mode from the input signature
***********************/
Error=CRYS_RSA_BER_BerParser( D_ptr,
*DSize_ptr,
&BerParserObj);
if(Error!=CRYS_OK)
goto END_WITH_ERROR;
/* setting the ber parser digest algorithm according to the selected HASH algorithm */
switch(ccmWorkingContext_ptr->HashOperationMode)
{
case CRYS_RSA_HASH_SHA1_mode:
case CRYS_RSA_After_SHA1_mode:
if(BerParserObj.DigestAlg != (DxUint8_t)CRYS_HASH_SHA1_mode)
{
/*check that the hash operation mode is consistent with the hash that was derived in the Ber encoder*/
Error = CRYS_RSA_PKCS15_VERIFY_BER_ENCODING_HASH_TYPE;
goto END_WITH_ERROR;
}
break;
case CRYS_RSA_HASH_SHA224_mode:
case CRYS_RSA_After_SHA224_mode:
if(BerParserObj.DigestAlg != (DxUint8_t)CRYS_HASH_SHA224_mode)
{
/*check that the hash operation mode is consistent with the hash that was derived in the Ber encoder*/
Error = CRYS_RSA_PKCS15_VERIFY_BER_ENCODING_HASH_TYPE;
goto END_WITH_ERROR;
}
break;
case CRYS_RSA_HASH_SHA256_mode:
case CRYS_RSA_After_SHA256_mode:
if(BerParserObj.DigestAlg != (DxUint8_t)CRYS_HASH_SHA256_mode)
{
/*check that the hash operation mode is consistent with the hash that was derived in the Ber encoder*/
Error = CRYS_RSA_PKCS15_VERIFY_BER_ENCODING_HASH_TYPE;
goto END_WITH_ERROR;
}
break;
case CRYS_RSA_HASH_SHA384_mode:
case CRYS_RSA_After_SHA384_mode:
if(BerParserObj.DigestAlg != (DxUint8_t)CRYS_HASH_SHA384_mode)
{
/*check that the hash operation mode is consistent with the hash that was derived in the Ber encoder*/
Error = CRYS_RSA_PKCS15_VERIFY_BER_ENCODING_HASH_TYPE;
goto END_WITH_ERROR;
}
break;
case CRYS_RSA_HASH_SHA512_mode:
case CRYS_RSA_After_SHA512_mode:
if(BerParserObj.DigestAlg != (DxUint8_t)CRYS_HASH_SHA512_mode)
{
/*check that the hash operation mode is consistent with the hash that was derived in the Ber encoder*/
Error = CRYS_RSA_PKCS15_VERIFY_BER_ENCODING_HASH_TYPE;
goto END_WITH_ERROR;
}
break;
case CRYS_RSA_HASH_MD5_mode:
case CRYS_RSA_After_MD5_mode:
if(BerParserObj.DigestAlg != (DxUint8_t)CRYS_HASH_MD5_mode)
{
/*check that the hash operation mode is consistent with the hash that was derived in the Ber encoder*/
Error = CRYS_RSA_PKCS15_VERIFY_BER_ENCODING_HASH_TYPE;
goto END_WITH_ERROR;
}
break;
case CRYS_RSA_After_HASH_NOT_KNOWN_mode : /*used for PKCS1 v1.5 Verify only - possible to derive the hash mode from the signature*/
/*do nothing ==> the BER encoder already derived the correct hash function type*/
break;
case CRYS_RSA_HASH_NO_HASH_mode:
default:
Error = CRYS_RSA_HASH_ILLEGAL_OPERATION_MODE_ERROR;
goto END_WITH_ERROR;
}
if(DX_VOS_MemCmp(&BerParserObj.MessageDigest_ptr[0],(DxUint8_t *)ccmWorkingContext_ptr->HASH_Result,ccmWorkingContext_ptr->HASH_Result_Size*4))/*The result Size is in words*/
{
Error = CRYS_RSA_ERROR_VER15_INCONSISTENT_VERIFY;
goto END_WITH_ERROR;
}
break;
#endif
default:
Error = CRYS_RSA_PKCS1_VER_ARG_ERROR;
goto END_WITH_ERROR;
}/*End of switch()*/
goto END;
END: /*On finish operation need to memset the context to zero so END and END_WITH_ERROR are the same*/
END_WITH_ERROR:
/* ................. release the context ................................. */
/* ----------------------------------------------------------------------- */
{
CRYSError_t Error1 = CRYS_CCM_ReleaseContext(UserContext_ptr, /* the users context space - in */
ccmWorkingContext_ptr, /* the CCM context returned - in */
DX_RSA_VERIFY_CONTEXT); /* RSA type - in */
if(Error1 != CRYS_OK)
{
PLAT_LOG_DEV_PRINT(( 10 ," \n Error1 from CRYS_CCM_ReleaseContext is %lX \n" ,Error1));
}
}
/* .............. clearing the users context in case of error.......... */
/* -------------------------------------------------------------------- */
DX_VOS_MemSet(UserContext_ptr,0,sizeof(CRYS_RSAPubUserContext_t));
return Error;
#endif /* !CRYS_NO_HASH_SUPPORT */
#endif /* !CRYS_NO_PKI_SUPPORT */
}/* END OF _DX_RSA_VerifyFinish */
/**
@brief Generates a pair of private and public keys
in little endian ordinary (non-Montgomery) form.
This function generates a new key pair and initializes
the variables and structures so that these can be used by other EC primitives.
The function performs the following:
1. Checks the validity of all of the function inputs. If one of the received
parameters is not valid, it returns an error. The major checks are:
- Whether DomainID is valid
- Whether the user private key pointer(UserPrivKey_ptr) is not NULL
- Whether the User Public Key pointer (UserPublKey_ptr) is not NULL
- Whether the User passed temp data buffer is not NULL.
2. Cleans buffers for private and public key structures.
3. Calls the low level function LLF_ECPKI_GenKeyPair.
4. Outputs user public and private key structures in little endian form.
5. Cleans temporary buffers.
6. Exits.
@param[in] DomainID - The enumerator variable defines current EC domain.
@param[out] UserPrivKey_ptr - A pointer to the private key structure.
@param[out] UserPubKey_ptr - A pointer to the public key structure.
@param[in] TempData_ptr - Temporary buffers of size defined in CRYS_ECPKI_KG_TempData_t.
@return <b>CRYSError_t</b>: <br>
CRYS_OK<br>
CRYS_ECPKI_GEN_KEY_ILLEGAL_D0MAIN_ID_ERROR<br>
CRYS_ECPKI_GEN_KEY_INVALID_PRIVATE_KEY_PTR_ERROR<br>
CRYS_ECPKI_GEN_KEY_INVALID_PUBLIC_KEY_PTR_ERROR<br>
CRYS_ECPKI_GEN_KEY_INVALID_TEMP_DATA_PTR_ERROR<br>
*/
CEXPORT_C CRYSError_t CRYS_ECPKI_GenKeyPair(
CRYS_ECPKI_DomainID_t DomainID, /*in*/
CRYS_ECPKI_UserPrivKey_t *UserPrivKey_ptr, /*out*/
CRYS_ECPKI_UserPublKey_t *UserPublKey_ptr, /*out*/
CRYS_ECPKI_KG_TempData_t *TempData_ptr /*in*/ )
{
/* LOCAL INITIALIZATIONS AND DECLERATIONS */
/* the error identifier */
CRYSError_t Error;
/* FUNCTION LOGIC */
/* ............... if not supported exit .............................. */
/* -------------------------------------------------------------------- */
RETURN_IF_ECPKI_UNSUPPORTED( DomainID, UserPrivKey_ptr, UserPublKey_ptr, TempData_ptr,
Error, Error, Error, Error, Error, Error,
Error, Error, Error, Error, Error, Error,
Error, Error, Error, Error, Error, Error );
#ifndef CRYS_NO_HASH_SUPPORT
#ifndef CRYS_NO_ECPKI_SUPPORT
/* ................. checking the validity of the pointer arguments ...... */
/* ----------------------------------------------------------------------- */
/* ...... checking the EC domain ID.................... */
if( DomainID >= CRYS_ECPKI_DomainID_OffMode )
return CRYS_ECPKI_GEN_KEY_ILLEGAL_D0MAIN_ID_ERROR;
/* ...... checking the validity of the user private key pointer .......... */
if( UserPrivKey_ptr == DX_NULL )
return CRYS_ECPKI_GEN_KEY_INVALID_PRIVATE_KEY_PTR_ERROR;
/* ...... checking the validity of the user public key pointer ........... */
if( UserPublKey_ptr == DX_NULL )
return CRYS_ECPKI_GEN_KEY_INVALID_PUBLIC_KEY_PTR_ERROR;
/* ...... checking the validity of temp buffers .................. */
if( TempData_ptr == DX_NULL )
return CRYS_ECPKI_GEN_KEY_INVALID_TEMP_DATA_PTR_ERROR;
if (DxCcAcl_IsBuffAccessOk(ACCESS_READ_WRITE, UserPrivKey_ptr, sizeof(CRYS_ECPKI_UserPrivKey_t)) ||
DxCcAcl_IsBuffAccessOk(ACCESS_READ_WRITE, UserPublKey_ptr, sizeof(CRYS_ECPKI_UserPublKey_t)) ||
((TempData_ptr != DX_NULL) && DxCcAcl_IsBuffAccessOk(ACCESS_READ_WRITE, TempData_ptr, sizeof(CRYS_ECPKI_KG_TempData_t)))){
return CRYS_ECC_ILLEGAL_PARAMS_ACCORDING_TO_PRIV_ERROR;
}
/* ................ initializations ............ */
/* ---------------------------------------------- */
/* initialize the error identifier to OK */
Error = CRYS_OK;
/* ................ clear all input structures ............................. */
/* ------------------------------------------------------------------------- */
DX_VOS_MemSet( UserPrivKey_ptr, 0, sizeof(CRYS_ECPKI_UserPrivKey_t) );
DX_VOS_MemSet( UserPublKey_ptr, 0, sizeof(CRYS_ECPKI_UserPublKey_t) );
/* executing the key generation */
Error = LLF_ECPKI_GenKeyPairCall( DomainID, UserPrivKey_ptr,
UserPublKey_ptr, TempData_ptr );
/* on failure exit the function */
if( Error != CRYS_OK )
goto End;
/* set the key valid tags */
UserPrivKey_ptr->valid_tag = CRYS_ECPKI_PRIV_KEY_VALIDATION_TAG;
UserPublKey_ptr->valid_tag = CRYS_ECPKI_PUBL_KEY_VALIDATION_TAG;
End:
/* clear the KG data structure */
DX_VOS_MemSet ( TempData_ptr, 0, sizeof(CRYS_ECPKI_KG_TempData_t) );
return Error;
#endif /* CRYS_NO_ECPKI_SUPPORT */
#endif /* CRYS_NO_HASH_SUPPORT */
}/* END OF CRYS_ECPKI_GenKeyPair */
/**
* @brief This function is used to initialize the AES machine or SW structures.
* To perform the AES operations this should be the first function called.
*
* The actual macros, that will be used by the user for calling this function, are described
* in crys_aes.h file.
*
* @param[in] ContextID_ptr - A pointer to the AES context buffer that is allocated by the user
* and is used for the AES machine operation.
* @param[in] IVCounter_ptr - A buffer containing an initial value: IV, Counter or Tweak according
* to operation mode:
* - on ECB, XCBC, CMAC mode this parameter is not used and may be NULL,
* - on CBC and MAC modes it contains the IV value,
* - on CTR and OFB modes it contains the init counter,
* - on XTS mode it contains the initial tweak value - 128-bit consecutive number
* of data unit (in little endian).
* @param[in] Key_ptr - A pointer to the user's key buffer.
* @param[in] KeySize - An enum parameter, defines size of used key (128, 192, 256, 512 bits):
* On XCBC mode allowed 128 bit size only, on XTS - 256 or 512 bit, on other modes <= 256 bit.
* @param[in] EncryptDecryptFlag - A flag specifying whether the AES should perform an Encrypt operation (0)
* or a Decrypt operation (1). In XCBC, MAC and CMAC modes it must be Encrypt.
* @param[in] OperationMode - The operation mode: ECB, CBC, MAC, CTR, OFB, XCBC (PRF and 96), CMAC.
*
* @return CRYSError_t - On success the value CRYS_OK is returned, and on failure - a value from crys_aes_error.h
*/
CIMPORT_C CRYSError_t CRYS_AES_Init(
CRYS_AESUserContext_t *ContextID_ptr,
CRYS_AES_IvCounter_t IVCounter_ptr,
CRYS_AES_Key_t Key_ptr,
CRYS_AES_KeySize_t KeySizeID,
CRYS_AES_EncryptMode_t EncryptDecryptFlag,
CRYS_AES_OperationMode_t OperationMode )
{
int symRc;
/* Aes key size bytes */
DxUint32_t keySizeBytes = 0;
/* pointer on SEP AES context struct*/
struct sep_ctx_cipher *pAesContext;
uint32_t keyAddr;
DX_CRYPTO_KEY_TYPE_t cryptoKeyType;
KeyPtrType_t keyPtrType;
/* FUNCTION LOGIC */
/* ............... local initializations .............................. */
/* -------------------------------------------------------------------- */
/* ............... checking the parameters validity ................... */
/* -------------------------------------------------------------------- */
/* if the users context ID pointer is DX_NULL return an error */
if( ContextID_ptr == DX_NULL ) {
return CRYS_AES_INVALID_USER_CONTEXT_POINTER_ERROR;
}
/* check if the operation mode is legal */
if( OperationMode >= CRYS_AES_NumOfModes || OperationMode == CRYS_AES_CCM_mode) {
return CRYS_AES_ILLEGAL_OPERATION_MODE_ERROR;
}
/* check if the OFB mode is supported */
#ifdef CRYS_NO_AES_OFB_SUPPORT
if(OperationMode == CRYS_AES_OFB_mode) {
return CRYS_AES_ILLEGAL_OPERATION_MODE_ERROR;
}
#endif
/* if the operation mode selected is CBC,CTS, MAC, CTR, XTS or OFB then check the validity of
the IV counter pointer (note: on XTS mode it is the Tweak pointer) */
if( ((OperationMode == CRYS_AES_CBC_mode) ||
(OperationMode == CRYS_AES_CTR_mode) ||
(OperationMode == CRYS_AES_MAC_mode) ||
(OperationMode == CRYS_AES_XTS_mode) ||
(OperationMode == CRYS_AES_CBC_CTS_mode) ||
(OperationMode == CRYS_AES_OFB_mode)) &&
(IVCounter_ptr == DX_NULL) ) {
return CRYS_AES_INVALID_IV_OR_TWEAK_PTR_ERROR;
}
/* in XCBC mode enable only key size = 128 bit */
if( (OperationMode == CRYS_AES_XCBC_MAC_mode) &&
(KeySizeID != CRYS_AES_Key128BitSize) ) {
return CRYS_AES_ILLEGAL_KEY_SIZE_ERROR;
}
/* check the Encrypt / Decrypt flag validity */
if ( EncryptDecryptFlag >= CRYS_AES_EncryptNumOfOptions ) {
return CRYS_AES_INVALID_ENCRYPT_MODE_ERROR;
}
/* in MAC,XCBC,CMAC modes enable only encrypt mode */
if( ((OperationMode == CRYS_AES_XCBC_MAC_mode) ||
(OperationMode == CRYS_AES_CMAC_mode) ||
(OperationMode == CRYS_AES_MAC_mode)) &&
(EncryptDecryptFlag != CRYS_AES_Encrypt) ) {
return CRYS_AES_DECRYPTION_NOT_ALLOWED_ON_THIS_MODE;
}
/* check the validity of the key pointer */
if ( Key_ptr == DX_NULL ) {
return CRYS_AES_INVALID_KEY_POINTER_ERROR;
}
if(getKeyDataFromKeyObj((uint8_t*)Key_ptr, &keyAddr, &cryptoKeyType, &keyPtrType, DX_AES_API_INIT) != CRYS_OK)
return CRYS_AES_INVALID_KEY_POINTER_ERROR;
/* check validity for priv */
if ( DxCcAcl_IsBuffAccessOk(ACCESS_READ, (uint8_t *)keyAddr, KeySizeID * SEP_AES_128_BIT_KEY_SIZE) ||
DxCcAcl_IsBuffAccessOk(ACCESS_READ_WRITE, ContextID_ptr, sizeof(CRYS_AESUserContext_t)) ||
((IVCounter_ptr != NULL) && DxCcAcl_IsBuffAccessOk(ACCESS_READ_WRITE, IVCounter_ptr, sizeof(CRYS_AES_IvCounter_t))) ) {
return CRYS_AES_ILLEGAL_PARAMS_ERROR;
}
/* Get pointer to contiguous context in the HOST buffer */
pAesContext = (struct sep_ctx_cipher *)DX_InitUserCtxLocation(ContextID_ptr->buff,
sizeof(CRYS_AESUserContext_t),
sizeof(struct sep_ctx_cipher));
pAesContext->alg = SEP_CRYPTO_ALG_AES;
pAesContext->mode = MakeSepAesMode(OperationMode);
pAesContext->direction = (enum sep_crypto_direction)EncryptDecryptFlag;
pAesContext->key_size = 0;
pAesContext->crypto_key_type = cryptoKeyType;
/* check key size in XTS mode */
if ( OperationMode == CRYS_AES_XTS_mode ) {
if( (KeySizeID != CRYS_AES_Key256BitSize) &&
(KeySizeID != CRYS_AES_Key512BitSize) ) {
return CRYS_AES_ILLEGAL_KEY_SIZE_ERROR;
}
} else if ( KeySizeID > CRYS_AES_Key256BitSize ) {
/* check the max key size for all modes besides XTS */
return CRYS_AES_ILLEGAL_KEY_SIZE_ERROR;
}
/* get AES_Key size in bytes */
switch( KeySizeID ) {
case CRYS_AES_Key128BitSize:
keySizeBytes = 16;
break;
case CRYS_AES_Key192BitSize:
keySizeBytes = 24;
break;
case CRYS_AES_Key256BitSize:
keySizeBytes = 32;
break;
case CRYS_AES_Key512BitSize:
keySizeBytes = 64;
break;
default:
return CRYS_AES_ILLEGAL_KEY_SIZE_ERROR; /*for preventing compiler warnings*/
}
/* HDCP max allowed key size is 16 bytes */
if ((pAesContext->crypto_key_type == DX_XOR_HDCP_KEY) && (keySizeBytes > 16)) {
return CRYS_AES_ILLEGAL_KEY_SIZE_ERROR;
}
DX_PAL_MemCopy(pAesContext->key, (uint8_t *)keyAddr, keySizeBytes);
pAesContext->key_size = keySizeBytes;
if (pAesContext->mode == SEP_CIPHER_XTS ) {
/* Divide by two (we have two keys of the same size) */
pAesContext->key_size >>= 1;
/* copy second half of the double-key as XEX-key */
DX_PAL_MemCopy(pAesContext->xex_key, (uint8_t*)keyAddr + pAesContext->key_size, pAesContext->key_size);
}
/*!
* This function is used to finish the combined or tunneling operations
* It releases all used contexts (including suboperation ones).
*
* \param pConfig A pointer to the Configuration Nodes array (NodesConfig).
* This array represents the user combined scheme.
* \param cipherOffset Relevant in cases where the authenticated data resides in
* a different offset from the cipher data.
* Note: currently an error returned for any value other than zero.
* \param pDataIn A pointer on a block of input data ready for processing.
* \param dataInSize The size of the input data.
* \param pDataOut A pointer to output data. Could be the same as input data pointer
* (for inplace operations) or NULL if there is only
* authentication for output.
* \param pAuthDataOut A pointer to authenticated or digested output result.
*
* \return CIMPORT_C CRYSError_t On success the value CRYS_OK is returned,
* and on failure - a value from crys_combined_error.h
*/
CIMPORT_C CRYSError_t CRYS_Combined_Finish(
CrysCombinedConfig_t *pConfig,
uint32_t cipherOffset,
uint8_t *pDataIn,
uint32_t dataInSize,
uint8_t *pDataOut,
uint8_t *pAuthDataOut,
uint32_t *pAuthDataOutSize)
{
CRYS_COMBINED_UserContext_t combinedUsrCtx;
struct sep_ctx_combined *pcombinedCtx;
CRYSError_t crysErr = CRYS_OK;
int symRc = DX_RET_OK;
/* parameters check */
if (pConfig == DX_NULL) {
return CRYS_COMBINED_INVALID_NODES_CONFIG_POINTER_ERROR;
}
if (cipherOffset != 0) {
/*currently cipher address must be equal to the auth address*/
return CRYS_COMBINED_ILLEGAL_OPERATION_MODE_ERROR;
}
/* check validity for priv */
if ( DxCcAcl_IsBuffAccessOk(ACCESS_READ, pConfig, sizeof(CrysCombinedConfig_t)) ||
DxCcAcl_IsBuffAccessOk(ACCESS_READ_WRITE, pAuthDataOutSize, sizeof(uint32_t)) ||
DxCcAcl_IsBuffAccessOk(ACCESS_READ_WRITE, pAuthDataOut, *pAuthDataOutSize)) {
return CRYS_COMBINED_ILLEGAL_PARAMS_ERROR;
}
/* Get pointer to contiguous context in the HOST buffer */
pcombinedCtx = (struct sep_ctx_combined *)DX_InitUserCtxLocation(combinedUsrCtx.buff,
sizeof(CRYS_COMBINED_UserContext_t),
sizeof(struct sep_ctx_combined));
InitCombinedContext(pcombinedCtx, pConfig);
if ((pcombinedCtx->mode != SEP_COMBINED_DIN_TO_AES_TO_AES_TO_DOUT_MODE) &&
(pAuthDataOutSize == DX_NULL)) {
return CRYS_COMBINED_DATA_AUTH_BUFFER_SIZE_INVALID_ERROR;
}
switch (pcombinedCtx->mode) {
case SEP_COMBINED_DIN_TO_AES_TO_HASH_MODE:
case SEP_COMBINED_DIN_TO_AES_AND_HASH_MODE:
case SEP_COMBINED_DIN_TO_AES_TO_HASH_AND_DOUT_MODE:
if (pAuthDataOut == NULL) {
return CRYS_COMBINED_DATA_AUTH_POINTER_INVALID_ERROR;
}
break;
case SEP_COMBINED_DIN_TO_AES_TO_AES_TO_DOUT_MODE:
break;
default:
return CRYS_COMBINED_ILLEGAL_OPERATION_MODE_ERROR;
}
crysErr = ValidateSupportedModes(pcombinedCtx);
if (crysErr != CRYS_OK) {
return crysErr;
}
symRc = SymDriverAdaptorFinalize((struct sep_ctx_generic *)pcombinedCtx,
pDataIn, pDataOut, dataInSize);
if (symRc != DX_RET_OK) {
return DX_CRYS_RETURN_ERROR(symRc, 0, SymAdaptor2CrysCombinedErr);
}
switch (pcombinedCtx->mode) {
case SEP_COMBINED_DIN_TO_AES_TO_HASH_MODE:
case SEP_COMBINED_DIN_TO_AES_AND_HASH_MODE:
case SEP_COMBINED_DIN_TO_AES_TO_HASH_AND_DOUT_MODE:
{
struct sep_ctx_hash *pHashCtx = (struct sep_ctx_hash *)pcombinedCtx->sub_ctx[1];
uint32_t digestSize;
crysErr = GetHashDigestSize(pHashCtx->mode, &digestSize);
if (crysErr != CRYS_OK) {
return CRYS_COMBINED_HASH_DIGEST_SIZE_ERROR;
}
if ((digestSize == 0) || (*pAuthDataOutSize < digestSize)) {
return CRYS_COMBINED_DATA_AUTH_BUFFER_SIZE_INVALID_ERROR;
}
/* set the digest length out and copy digest result */
*pAuthDataOutSize = digestSize;
DX_PAL_MemCopy( pAuthDataOut, pHashCtx->digest, *pAuthDataOutSize );
break;
}
case SEP_COMBINED_DIN_TO_AES_TO_AES_TO_DOUT_MODE:
break;
default:
return CRYS_COMBINED_ILLEGAL_OPERATION_MODE_ERROR;
}
return CRYS_OK;
}
/**
@brief The _DX_ECPKI_BuildPublKey function checks the validity and builds the user public
key structure from imported public key data for using it in other ECC primitives.
When operating the EC cryptographic algorithms with imported EC public
key, this function should be called before using of the public key.
The user must call this function by appropriate macros, according to necessary
validation level [SEC1. ECC standard: 3.2]:
- full checking of public key - CRYS_ECPKI_BuildPublKeyFullCheck,
- partly checking of public key - CRYS_ECPKI_BuildPublKeyPartCheck,
- checking the input pointers and sizes only - CRYS_ECPKI_BuildPublKey.
The function performs the following operations:
- Checks validity of incoming variables and pointers;
- Converts incoming key data from big endian into little endian as follows:
If public key is given in uncompressed form the function converts
coordinates X and Y separately to words arrays with little endian order of
the wordsand copies them in output buffer, else returns an error;
- according to CheckMode parameter performs full or partly checking of public
key validaty by calling the LLF function.
- Initializes variables and structures.
Incoming public key PublKeyIn is given in big endianness as butes array, containing
concatenation PC||X||Y, where:
PC - point control single byte, defining the type of point: 0x4 - uncompressed,
other types not supported.
X,Y - EC point coordinates of public key, size of X and Y equal to size of EC modulus,
Size of buffers for X and also Y must be equal ModSizeInBytes.
@param[in] ECPKI_DomainID - The enumerator variable defines current EC domain.
@param[in] PublKeyIn_ptr - The pointer to private key data.
@param[in] PublKeySizeInBytes - Size of private key data in bytes 2*modulusSize + 1byte.
@param[in] CheckMode - The parameter defining what checking of public key is necessary:
preliminary check - 0, partly check - 1, full check - 2 .
@param[out] UserPublKey_ptr - A pointer to the private key structure.
@param[in] TempBuff_ptr - A pointer to the temp buffer structure for build function.
@return CRYSError_t - CRYS_OK,
CRYS_ECPKI_BUILD_KEY_INVALID_PUBL_KEY_IN_PTR_ERROR
CRYS_ECPKI_BUILD_KEY_INVALID_USER_PUBL_KEY_PTR_ERROR
CRYS_ECPKI_BUILD_KEY_ILLEGAL_DOMAIN_ID_ERROR
CRYS_ECPKI_BUILD_KEY_INVALID_PUBL_KEY_DATA_ERROR
CRYS_ECPKI_BUILD_KEY_INVALID_COMPRESSION_MODE_ERROR
*/
CEXPORT_C CRYSError_t _DX_ECPKI_BuildPublKey(
CRYS_ECPKI_DomainID_t DomainID, /*in*/
DxUint8_t *PublKeyIn_ptr, /*in*/
DxUint32_t PublKeySizeInBytes, /*in*/
EC_PublKeyCheckMode_t CheckMode, /*in*/
CRYS_ECPKI_UserPublKey_t *UserPublKey_ptr, /*out*/
CRYS_ECPKI_BUILD_TempData_t *TempBuff_ptr /*in*/ )
{
/* FUNCTION DECLARATIONS */
/* the private key structure pointer */
CRYS_ECPKI_PublKey_t *PublKey_ptr;
/* structure containing part of domain information */
CRYS_ECPKI_DomainInfo_t DomainInfo;
/* EC modulus size in bytes*/
DxUint32_t ModSizeInBytes;
/* Point control PC ( 1 byte) PC and PC1 = PC&6*/
DxUint8_t PC, PC1;
/* the Error return code identifier */
CRYSError_t Error;
/* FUNCTION LOGIC */
/* ............... if not supported exit .............................. */
/* -------------------------------------------------------------------- */
RETURN_IF_ECPKI_UNSUPPORTED( DomainID, PublKeyIn_ptr, PublKeySizeInBytes, CheckMode,
UserPublKey_ptr, TempBuff_ptr, PublKey_ptr,
DomainInfo.EC_ModulusSizeInBits, ModSizeInBytes, PC, PC1,
Error, Error, Error, Error, Error, Error, Error,
Error, Error, Error, Error );
#ifndef CRYS_NO_ECPKI_SUPPORT
/* ...... checking the validity of the User Private Key pointer ......... */
if( UserPublKey_ptr == DX_NULL )
return CRYS_ECPKI_BUILD_KEY_INVALID_USER_PUBL_KEY_PTR_ERROR;
/* ...... checking the key database handle pointer .................... */
if(PublKeyIn_ptr == DX_NULL)
return CRYS_ECPKI_BUILD_KEY_INVALID_PUBL_KEY_IN_PTR_ERROR;
/* ...... checking the EC domain ID.................... */
if(DomainID >= CRYS_ECPKI_DomainID_OffMode)
return CRYS_ECPKI_BUILD_KEY_ILLEGAL_DOMAIN_ID_ERROR;
if( CheckMode >= PublKeyChecingOffMode )
return CRYS_ECPKI_BUILD_KEY_INVALID_CHECK_MODE_ERROR;
if(CheckMode != CheckPointersAndSizesOnly && TempBuff_ptr == DX_NULL)
return CRYS_ECPKI_BUILD_KEY_INVALID_TEMP_BUFF_PTR_ERROR;
if(DxCcAcl_IsBuffAccessOk(ACCESS_READ, PublKeyIn_ptr, PublKeySizeInBytes) ||
DxCcAcl_IsBuffAccessOk(ACCESS_READ_WRITE, UserPublKey_ptr, sizeof(CRYS_ECPKI_UserPublKey_t)) ||
((TempBuff_ptr != DX_NULL) && DxCcAcl_IsBuffAccessOk(ACCESS_READ_WRITE, TempBuff_ptr, sizeof(CRYS_ECPKI_BUILD_TempData_t)))){
return CRYS_ECC_ILLEGAL_PARAMS_ACCORDING_TO_PRIV_ERROR;
}
/* ...... Initializations ............... */
Error = CRYS_OK;
/* get domain info and modulus size */
Error = LLF_ECPKI_GetDomainInfo(DomainID, &DomainInfo);
if(Error != CRYS_OK)
return Error;
ModSizeInBytes = (DomainInfo.EC_ModulusSizeInBits + 7)/8;
/* point control */
PC = PublKeyIn_ptr[0];
PC1 = PC & 0x6;
/* preliminary check key size */
if( PublKeySizeInBytes != 2*ModSizeInBytes + 1)
return CRYS_ECPKI_BUILD_KEY_INVALID_PUBL_KEY_SIZE_ERROR;
/* ...... copy the buffers to the key handle structure ................ */
/* -------------------------------------------------------------------- */
/* setting the pointer to the key database */
PublKey_ptr = (CRYS_ECPKI_PublKey_t *)((void*)UserPublKey_ptr->PublKeyDbBuff);
/* clear the public key db */
DX_VOS_MemSet((DxUint8_t*)UserPublKey_ptr , 0 , sizeof(CRYS_ECPKI_UserPublKey_t));
/* Set DomainID into Builded public key */
PublKey_ptr->DomainID = DomainID;
if(PC1 == CRYS_EC_PointUncompressed || PC1 == CRYS_EC_PointHybrid) /* PC1 = 4 or PC1 = 6 */
{
/* Reverse mem copy public key Xin to X, Yin to Y */
Error = CRYS_COMMON_ConvertMsbLsbBytesToLswMswWords(PublKey_ptr->PublKeyX, sizeof(PublKey_ptr->PublKeyX),
PublKeyIn_ptr + 1, ModSizeInBytes);
if(Error != CRYS_OK)
return Error;
Error = CRYS_COMMON_ConvertMsbLsbBytesToLswMswWords(PublKey_ptr->PublKeyY, sizeof(PublKey_ptr->PublKeyY),
PublKeyIn_ptr + 1 + ModSizeInBytes, ModSizeInBytes);
if(Error != CRYS_OK)
return Error;
}
else
return CRYS_ECPKI_BUILD_KEY_INVALID_COMPRESSION_MODE_ERROR;
/* initialize LLF public key database */
/*--------------------------------------*/
LLF_ECPKI_InitPubKeyDb( PublKey_ptr);
/*................ checking the public key ............................*/
/*---------------------------------------------------------------------*/
if(CheckMode >= ECpublKeyPartlyCheck){
/* full checking of the public key validity */
Error = LLF_ECPKI_CheckPublKeyCall(PublKey_ptr, CheckMode, (DxUint32_t*)TempBuff_ptr);
}
else{
/* partly checking of the public key validity */
Error = LLF_ECPKI_CheckPublKeySize(DomainID, PublKey_ptr->PublKeyX, 2*ModSizeInBytes);
}
if(Error != CRYS_OK){
/* if created structure is not valid - clear it and exit */
DX_VOS_MemSet(UserPublKey_ptr, 0, sizeof(CRYS_ECPKI_UserPublKey_t));
return Error;
}
/* ................ set the private key validation tag ................... */
UserPublKey_ptr->valid_tag = CRYS_ECPKI_PUBL_KEY_VALIDATION_TAG;
/* ................. end of the function ................................. */
/* ----------------------------------------------------------------------- */
return Error;
#endif /* !CRYS_NO_ECPKI_SUPPORT */
} /* End of _DX_ECPKI_BuildPublKey() */
