miti
/
linux-sgx-trts-modified


			
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176
							/*
* Copyright (C) 2016 Intel Corporation. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
*   * Redistributions of source code must retain the above copyright
*     notice, this list of conditions and the following disclaimer.
*   * Redistributions in binary form must reproduce the above copyright
*     notice, this list of conditions and the following disclaimer in
*     the documentation and/or other materials provided with the
*     distribution.
*   * Neither the name of Intel Corporation nor the names of its
*     contributors may be used to endorse or promote products derived
*     from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/

#include "owndefs.h"
#include "owncp.h"
#include "pcptool.h"
#include "pcpngrsa.h"
#include "pcphash.h"


/*F*
// Name: ippsRSAEncrypt_OAEP
//
// Purpose: Performs RSAES-OAEP encryprion scheme
//
// Returns:                   Reason:
//    ippStsNotSupportedModeErr  unknown hashAlg
//
//    ippStsNullPtrErr           NULL == pKey
//                               NULL == pSrc
//                               NULL == pDst
//                               NULL == pLabel
//                               NULL == pSeed
//                               NULL == pBuffer
//
//    ippStsLengthErr            srcLen <0
//                               labLen <0
//                               srcLen > RSAsize -2*hashLen -2
//                               RSAsize < 2*hashLen +2
//
//    ippStsContextMatchErr      !RSA_PUB_KEY_VALID_ID()
//
//    ippStsIncompleteContextErr public key is not set up
//
//    ippStsNoErr                no error
//
// Parameters:
//    pSrc        pointer to the plaintext
//    srcLen      plaintext length (bytes)
//    pLabel      (optional) pointer to the label associated with plaintext
//    labLen      label length (bytes)
//    pSeed       seed string of hashLen size
//    pDst        pointer to the ciphertext (length of pdst is not less then size of RSA modulus)
//    pKey        pointer to the RSA public key context
//    hashAlg     hash alg ID
//    pBuffer     pointer to scratch buffer
*F*/
IPPFUN(IppStatus, ippsRSAEncrypt_OAEP,(const Ipp8u* pSrc, int srcLen,
                                       const Ipp8u* pLabel, int labLen, 
                                       const Ipp8u* pSeed,
                                             Ipp8u* pDst,
                                       const IppsRSAPublicKeyState* pKey,
                                             IppHashAlgId hashAlg,
                                             Ipp8u* pBuffer))
{
   int hashLen;

   /* test hash algorith ID */
   hashAlg = cpValidHashAlg(hashAlg);
   IPP_BADARG_RET(ippHashAlg_Unknown==hashAlg, ippStsNotSupportedModeErr);

   /* test data pointer */
   IPP_BAD_PTR3_RET(pSrc,pDst, pSeed);

   IPP_BADARG_RET(!pLabel && labLen, ippStsNullPtrErr);

   /* test public key context */
   IPP_BAD_PTR2_RET(pKey, pBuffer);
   pKey = (IppsRSAPublicKeyState*)( IPP_ALIGNED_PTR(pKey, RSA_PUBLIC_KEY_ALIGNMENT) );
   IPP_BADARG_RET(!RSA_PUB_KEY_VALID_ID(pKey), ippStsContextMatchErr);
   IPP_BADARG_RET(!RSA_PUB_KEY_IS_SET(pKey), ippStsIncompleteContextErr);

   /* test length */
   IPP_BADARG_RET(srcLen<0||labLen<0, ippStsLengthErr);

    hashLen = cpHashSize(hashAlg);
   /* test compatibility of RSA and hash length */
   IPP_BADARG_RET(BITS2WORD8_SIZE(RSA_PRV_KEY_BITSIZE_N(pKey)) < (2*hashLen +2), ippStsLengthErr);
   /* test compatibility of msg length and other (RSA and hash) lengths */
   IPP_BADARG_RET(BITS2WORD8_SIZE(RSA_PRV_KEY_BITSIZE_N(pKey))-(2*hashLen +2) < srcLen, ippStsLengthErr);

   {
      /* size of RSA modulus in bytes and chunks */
      int k = BITS2WORD8_SIZE(RSA_PUB_KEY_BITSIZE_N(pKey));
      cpSize nsN = BITS_BNU_CHUNK(RSA_PUB_KEY_BITSIZE_N(pKey));

      /*
      // EME-OAEP encoding
      */
      {
         Ipp8u  seedMask[BITS2WORD8_SIZE(IPP_SHA512_DIGEST_BITSIZE)];

         Ipp8u* pMaskedSeed = pDst+1;
         Ipp8u* pMaskedDB = pDst +hashLen +1;

         pDst[0] = 0;

         /* maskedDB = MGF(seed, k-1-hashLen)*/
         ippsMGF(pSeed, hashLen, pMaskedDB, k-1-hashLen, hashAlg);

         /* seedMask = HASH(pLab) */
         ippsHashMessage(pLabel, labLen, seedMask, hashAlg);

         /* maskedDB ^= concat(HASH(pLab),PS,0x01,pSc) */
         XorBlock(pMaskedDB, seedMask, pMaskedDB, hashLen);
         pMaskedDB[k-srcLen-hashLen-2] ^= 0x01;
         XorBlock(pMaskedDB+k-srcLen-hashLen-2+1, pSrc, pMaskedDB+k-srcLen-hashLen-2+1, srcLen);

         /* seedMask = MGF(maskedDB, hashLen) */
         ippsMGF(pMaskedDB, k-1-hashLen, seedMask, hashLen, hashAlg);
         /* maskedSeed = seed ^ seedMask */
         XorBlock(pSeed, seedMask, pMaskedSeed, hashLen);
      }

      /* RSA encryption */
      {
         /* align buffer */
         BNU_CHUNK_T* pScratchBuffer = (BNU_CHUNK_T*)(IPP_ALIGNED_PTR(pBuffer, (int)sizeof(BNU_CHUNK_T)) );

         /* temporary BN */
         __ALIGN8 IppsBigNumState tmpBN;
         BN_Make(pScratchBuffer, pScratchBuffer+nsN+1, nsN, &tmpBN);

         /* updtae buffer pointer */
         pScratchBuffer += (nsN+1)*2;

         ippsSetOctString_BN(pDst, k, &tmpBN);

         gsRSApub_cipher(&tmpBN, &tmpBN, pKey, pScratchBuffer);

         ippsGetOctString_BN(pDst, k, &tmpBN);
      }

      return ippStsNoErr;
   }
}


IPPFUN(IppStatus, ippsRSA_OAEPEncrypt_SHA256,(const Ipp8u* pSrc, int srcLen,
                                              const Ipp8u* pLabel, int labLen,
                                              const Ipp8u* pSeed,
                                              Ipp8u* pDst,
                                              const IppsRSAPublicKeyState* pKey,
                                              Ipp8u* pBuffer))
{ return ippsRSAEncrypt_OAEP(pSrc,srcLen, pLabel,labLen, pSeed,
                             pDst, pKey,
                             IPP_ALG_HASH_SHA256,
                             pBuffer); }