Merge pull request #36 from LinuxJedi/rsa-padding

Author: haydenroche5

tests/test_aesgcmstream.py

@@ -1,6 +1,6 @@
-# test_hashes.py
+# test_aesgcmstream.py
 #
-# Copyright (C) 2006-2022 wolfSSL Inc.
+# Copyright (C) 2022 wolfSSL Inc.
 #
 # This file is part of wolfSSL. (formerly known as CyaSSL)
 #

tests/test_ciphers.py

@@ -39,7 +39,7 @@
     from wolfcrypt.ciphers import ChaCha
 
 if _lib.RSA_ENABLED:
-    from wolfcrypt.ciphers import (RsaPrivate, RsaPublic)
+    from wolfcrypt.ciphers import (RsaPrivate, RsaPublic, HASH_TYPE_SHA256, MGF1SHA256, HASH_TYPE_SHA, MGF1SHA1)
 
 if _lib.ECC_ENABLED:
     from wolfcrypt.ciphers import (EccPrivate, EccPublic)
@@ -382,6 +382,23 @@ def test_rsa_encrypt_decrypt(rsa_private, rsa_public):
         assert 1024 / 8 == len(ciphertext) == rsa_private.output_size
         assert plaintext == rsa_private.decrypt(ciphertext)
 
+    def test_rsa_encrypt_decrypt_pad_oaep(rsa_private, rsa_public):
+        plaintext = t2b("Everyone gets Friday off.")
+
+        # normal usage, encrypt with public, decrypt with private
+        ciphertext = rsa_public.encrypt_oaep(plaintext, HASH_TYPE_SHA, MGF1SHA1, "")
+
+        assert 1024 / 8 == len(ciphertext) == rsa_public.output_size
+        assert plaintext == rsa_private.decrypt_oaep(ciphertext, HASH_TYPE_SHA, MGF1SHA1, "")
+
+        # private object holds both private and public info, so it can also encrypt
+        # using the known public key.
+        ciphertext = rsa_private.encrypt_oaep(plaintext, HASH_TYPE_SHA, MGF1SHA1, "")
+
+        assert 1024 / 8 == len(ciphertext) == rsa_private.output_size
+        assert plaintext == rsa_private.decrypt_oaep(ciphertext, HASH_TYPE_SHA, MGF1SHA1, "")
+
+
     def test_rsa_pkcs8_encrypt_decrypt(rsa_private_pkcs8, rsa_public):
         plaintext = t2b("Everyone gets Friday off.")
 
@@ -415,6 +432,23 @@ def test_rsa_sign_verify(rsa_private, rsa_public):
         assert 1024 / 8 == len(signature) == rsa_private.output_size
         assert plaintext == rsa_private.verify(signature)
 
+    if _lib.RSA_PSS_ENABLED:
+        def test_rsa_pss_sign_verify(rsa_private, rsa_public):
+            plaintext = t2b("Everyone gets Friday off yippee.")
+
+            # normal usage, sign with private, verify with public
+            signature = rsa_private.sign_pss(plaintext, HASH_TYPE_SHA256, MGF1SHA256)
+
+            assert 1024 / 8 == len(signature) == rsa_private.output_size
+            assert 0 == rsa_public.verify_pss(plaintext, signature, HASH_TYPE_SHA256, MGF1SHA256)
+
+            # private object holds both private and public info, so it can also verify
+            # using the known public key.
+            signature = rsa_private.sign_pss(plaintext, HASH_TYPE_SHA256, MGF1SHA256)
+
+            assert 1024 / 8 == len(signature) == rsa_private.output_size
+            assert 0 == rsa_private.verify_pss(plaintext, signature, HASH_TYPE_SHA256, MGF1SHA256)
+
     def test_rsa_sign_verify_pem(rsa_private_pem, rsa_public_pem):
         plaintext = t2b("Everyone gets Friday off.")
 

wolfcrypt/_build_ffi.py

@@ -103,6 +103,7 @@ def generate_libwolfssl():
 ASN_ENABLED = 1
 WC_RNG_SEED_CB_ENABLED = 0
 AESGCM_STREAM = 1
+RSA_PSS_ENABLED = 1
 
 # detect native features based on options.h defines
 if featureDetection:
@@ -128,6 +129,7 @@ def generate_libwolfssl():
     ASN_ENABLED = 0 if '#define NO_ASN' in optionsHeaderStr else 1
     WC_RNG_SEED_CB_ENABLED = 1 if '#define WC_RNG_SEED_CB' in optionsHeaderStr else 0
     AESGCM_STREAM = 1 if '#define WOLFSSL_AESGCM_STREAM' in optionsHeaderStr else 0
+    RSA_PSS_ENABLED = 1 if '#define WC_RSA_PSS' in optionsHeaderStr else 0
 
     if '#define HAVE_FIPS' in optionsHeaderStr:
         FIPS_ENABLED = 1
@@ -205,6 +207,7 @@ def generate_libwolfssl():
     int ASN_ENABLED = """ + str(ASN_ENABLED) + """;
     int WC_RNG_SEED_CB_ENABLED = """ + str(WC_RNG_SEED_CB_ENABLED) + """;
     int AESGCM_STREAM = """ + str(AESGCM_STREAM) + """;
+    int RSA_PSS_ENABLED = """ + str(RSA_PSS_ENABLED) + """;
     """,
     include_dirs=[wolfssl_inc_path()],
     library_dirs=[wolfssl_lib_path()],
@@ -235,6 +238,7 @@ def generate_libwolfssl():
     extern int ASN_ENABLED;
     extern int WC_RNG_SEED_CB_ENABLED;
     extern int AESGCM_STREAM;
+    extern int RSA_PSS_ENABLED;
 
     typedef unsigned char byte;
     typedef unsigned int word32;
@@ -368,6 +372,34 @@ def generate_libwolfssl():
 
 if RSA_ENABLED:
     _cdef += """
+    static const int WC_RSA_PKCSV15_PAD;
+    static const int WC_RSA_OAEP_PAD;
+    static const int WC_RSA_PSS_PAD;
+    static const int WC_RSA_NO_PAD;
+
+    static const int WC_MGF1NONE;
+    static const int WC_MGF1SHA1;
+    static const int WC_MGF1SHA224;
+    static const int WC_MGF1SHA256;
+    static const int WC_MGF1SHA384;
+    static const int WC_MGF1SHA512;
+
+    static const int WC_HASH_TYPE_NONE;
+    static const int WC_HASH_TYPE_MD2;
+    static const int WC_HASH_TYPE_MD4;
+    static const int WC_HASH_TYPE_MD5;
+    static const int WC_HASH_TYPE_SHA;
+    static const int WC_HASH_TYPE_SHA224;
+    static const int WC_HASH_TYPE_SHA256;
+    static const int WC_HASH_TYPE_SHA384;
+    static const int WC_HASH_TYPE_SHA512;
+    static const int WC_HASH_TYPE_MD5_SHA;
+    static const int WC_HASH_TYPE_SHA3_224;
+    static const int WC_HASH_TYPE_SHA3_256;
+    static const int WC_HASH_TYPE_SHA3_384;
+    static const int WC_HASH_TYPE_SHA3_512;
+    static const int WC_HASH_TYPE_BLAKE2B;
+    static const int WC_HASH_TYPE_BLAKE2S;
     typedef struct {...; } RsaKey;
 
     int wc_InitRsaKey(RsaKey* key, void*);
@@ -381,11 +413,25 @@ def generate_libwolfssl():
                             RsaKey* key);
     int wc_RsaPublicEncrypt(const byte*, word32, byte*, word32,
                             RsaKey*, WC_RNG*);
-
-    int wc_RsaSSL_Sign(const byte*, word32, byte*, word32, RsaKey*, WC_RNG*);
-    int wc_RsaSSL_Verify(const byte*, word32, byte*, word32, RsaKey*);
+    int wc_RsaPublicEncrypt_ex(const byte* in, word32 inLen, byte* out,
+               word32 outLen, RsaKey* key, WC_RNG* rng, int type,
+               enum wc_HashType hash, int mgf, byte* label, word32 labelSz);
+    int wc_RsaPrivateDecrypt_ex(const byte* in, word32 inLen,
+               byte* out, word32 outLen, RsaKey* key, int type,
+               enum wc_HashType hash, int mgf, byte* label, word32 labelSz);
     """
 
+    if RSA_PSS_ENABLED:
+        _cdef += """
+        int wc_RsaPSS_Sign(const byte* in, word32 inLen, byte* out, word32 outLen,
+                           enum wc_HashType hash, int mgf, RsaKey* key, WC_RNG* rng);
+        int wc_RsaPSS_Verify(byte* in, word32 inLen, byte* out, word32 outLen,
+                               enum wc_HashType hash, int mgf, RsaKey* key);
+        int wc_RsaPSS_CheckPadding(const byte* in, word32 inSz, byte* sig,
+                               word32 sigSz, enum wc_HashType hashType);
+        int wc_RsaSSL_Sign(const byte*, word32, byte*, word32, RsaKey*, WC_RNG*);
+        int wc_RsaSSL_Verify(const byte*, word32, byte*, word32, RsaKey*);
+        """
 
     if RSA_BLINDING_ENABLED:
         _cdef += """

wolfcrypt/_build_wolfssl.py

@@ -153,6 +153,7 @@ def make_flags(prefix):
         flags.append("-DWOLFSSL_SHA224=no")
         flags.append("-DWOLFSSL_POLY1305=no")
         flags.append("-DWOLFSSL_RSA=yes")
+        flags.append("-DWOLFSSL_RSA_PSS=yes")
         flags.append("-DWOLFSSL_ECC=yes")
         flags.append("-DWOLFSSL_ED25519=yes")
         flags.append("-DWOLFSSL_ED448=yes")
@@ -165,7 +166,7 @@ def make_flags(prefix):
         flags.append("-DWOLFSSL_EXTENDED_MASTER=no")
         flags.append("-DWOLFSSL_ERROR_STRINGS=no")
         # Part of hack for missing CMake option
-        flags.append("-DCMAKE_C_FLAGS=\"/DWOLFSSL_KEY_GEN=1 /DWOLFCRYPT_ONLY=1 /DWOLFSSL_AESGCM_STREAM=1\"")
+        flags.append("-DCMAKE_C_FLAGS=\"/DWOLFSSL_KEY_GEN=1 /DWOLFCRYPT_ONLY=1 /DWOLFSSL_AESGCM_STREAM=1 /DWOLFSSL_AES_COUNTER=1\"")
 
         return " ".join(flags)
     else:
@@ -205,6 +206,7 @@ def make_flags(prefix):
 
         # asymmetric ciphers
         flags.append("--enable-rsa")
+        flags.append("--enable-rsapss")
         flags.append("--enable-ecc")
         flags.append("--enable-ed25519")
         flags.append("--enable-ed448")
@@ -238,6 +240,8 @@ def cmake_hack():
     contents.insert(29, "#define WOLFCRYPT_ONLY\n")
     contents.insert(30, "#undef WOLFSSL_AESGCM_STREAM\n")
     contents.insert(31, "#define WOLFSSL_AESGCM_STREAM\n")
+    contents.insert(32, "#undef WOLFSSL_AES_COUNTER\n")
+    contents.insert(33, "#define WOLFSSL_AES_COUNTER\n")
 
     with open(options_file, "w") as f:
         contents = "".join(contents)

wolfcrypt/ciphers.py

@@ -82,6 +82,32 @@
 ECC_BRAINPOOLP384R1 = 26
 ECC_BRAINPOOLP512R1 = 27
 
+if _lib.RSA_ENABLED:
+    MGF1NONE = _lib.WC_MGF1NONE
+    MGF1SHA1 = _lib.WC_MGF1SHA1
+    MGF1SHA224 = _lib.WC_MGF1SHA224
+    MGF1SHA256 = _lib.WC_MGF1SHA256
+    MGF1SHA384 = _lib.WC_MGF1SHA384
+    MGF1SHA512 = _lib.WC_MGF1SHA512
+
+    HASH_TYPE_NONE = _lib.WC_HASH_TYPE_NONE
+    HASH_TYPE_MD2 = _lib.WC_HASH_TYPE_MD2
+    HASH_TYPE_MD4 = _lib.WC_HASH_TYPE_MD4
+    HASH_TYPE_MD5 = _lib.WC_HASH_TYPE_MD5
+    HASH_TYPE_SHA = _lib.WC_HASH_TYPE_SHA
+    HASH_TYPE_SHA224 = _lib.WC_HASH_TYPE_SHA224
+    HASH_TYPE_SHA256 = _lib.WC_HASH_TYPE_SHA256
+    HASH_TYPE_SHA384 = _lib.WC_HASH_TYPE_SHA384
+    HASH_TYPE_SHA512 = _lib.WC_HASH_TYPE_SHA512
+    HASH_TYPE_MD5_SHA = _lib.WC_HASH_TYPE_MD5_SHA
+    HASH_TYPE_SHA3_224 = _lib.WC_HASH_TYPE_SHA3_224
+    HASH_TYPE_SHA3_256 = _lib.WC_HASH_TYPE_SHA3_256
+    HASH_TYPE_SHA3_384 = _lib.WC_HASH_TYPE_SHA3_384
+    HASH_TYPE_SHA3_512 = _lib.WC_HASH_TYPE_SHA3_512
+    HASH_TYPE_BLAKE2B = _lib.WC_HASH_TYPE_BLAKE2B
+    HASH_TYPE_BLAKE2S = _lib.WC_HASH_TYPE_BLAKE2S
+
+
 
 class _Cipher(object):
     """
@@ -473,6 +499,23 @@ def encrypt(self, plaintext):
 
             return _ffi.buffer(ciphertext)[:]
 
+        def encrypt_oaep(self, plaintext, hash_type, mgf, label):
+            plaintext = t2b(plaintext)
+            label = t2b(label)
+            ciphertext = _ffi.new("byte[%d]" % self.output_size)
+
+            ret = _lib.wc_RsaPublicEncrypt_ex(plaintext, len(plaintext),
+                                              ciphertext, self.output_size,
+                                              self.native_object,
+                                              self._random.native_object,
+                                              _lib.WC_RSA_OAEP_PAD, hash_type,
+                                              mgf, label, len(label))
+
+            if ret != self.output_size:  # pragma: no cover
+                raise WolfCryptError("Encryption error (%d)" % ret)
+
+            return _ffi.buffer(ciphertext)[:]
+
         def verify(self, signature):
             """
             Verifies **signature**, using the public key data in the
@@ -494,6 +537,33 @@ def verify(self, signature):
 
             return _ffi.buffer(plaintext, ret)[:]
 
+        if _lib.RSA_PSS_ENABLED:
+            def verify_pss(self, plaintext, signature, hash_type, mgf):
+                """
+                Verifies **signature**, using the public key data in the
+                object. The signature's length must be equal to:
+
+                    **self.output_size**
+
+                Returns a string containing the plaintext.
+                """
+                plaintext = t2b(plaintext)
+                signature = t2b(signature)
+                verify = _ffi.new("byte[%d]" % self.output_size)
+
+                ret = _lib.wc_RsaPSS_Verify(signature, len(signature),
+                                            verify, self.output_size,
+                                            hash_type, mgf,
+                                            self.native_object)
+
+                if ret < 0:  # pragma: no cover
+                    raise WolfCryptError("Verify error (%d)" % ret)
+                ret = _lib.wc_RsaPSS_CheckPadding(plaintext, len(plaintext),
+                                                  verify, ret, hash_type)
+
+                return ret
+
+
 
     class RsaPrivate(RsaPublic):
         if _lib.KEYGEN_ENABLED:
@@ -597,6 +667,29 @@ def decrypt(self, ciphertext):
 
             return _ffi.buffer(plaintext, ret)[:]
 
+        def decrypt_oaep(self, ciphertext, hash_type, mgf, label):
+            """
+            Decrypts **ciphertext**, using the private key data in the
+            object. The ciphertext's length must be equal to:
+
+                **self.output_size**
+
+            Returns a string containing the plaintext.
+            """
+            ciphertext = t2b(ciphertext)
+            label = t2b(label)
+            plaintext = _ffi.new("byte[%d]" % self.output_size)
+            ret = _lib.wc_RsaPrivateDecrypt_ex(ciphertext, len(ciphertext),
+                                               plaintext, self.output_size,
+                                               self.native_object,
+                                               _lib.WC_RSA_OAEP_PAD, hash_type,
+                                               mgf, label, len(label))
+
+            if ret < 0:  # pragma: no cover
+                raise WolfCryptError("Decryption error (%d)" % ret)
+
+            return _ffi.buffer(plaintext, ret)[:]
+
         def sign(self, plaintext):
             """
             Signs **plaintext**, using the private key data in the object.
@@ -619,6 +712,30 @@ def sign(self, plaintext):
 
             return _ffi.buffer(signature, self.output_size)[:]
 
+        if _lib.RSA_PSS_ENABLED:
+            def sign_pss(self, plaintext, hash_type, mgf):
+                """
+                Signs **plaintext**, using the private key data in the object.
+                The plaintext's length must not be greater than:
+
+                    **self.output_size - self.RSA_MIN_PAD_SIZE**
+
+                Returns a string containing the signature.
+                """
+                plaintext = t2b(plaintext)
+                signature = _ffi.new("byte[%d]" % self.output_size)
+
+                ret = _lib.wc_RsaPSS_Sign(plaintext, len(plaintext),
+                                          signature, self.output_size,
+                                          hash_type, mgf,
+                                          self.native_object,
+                                          self._random.native_object)
+
+                if ret != self.output_size:  # pragma: no cover
+                    raise WolfCryptError("Signature error (%d)" % ret)
+
+                return _ffi.buffer(signature, self.output_size)[:]
+
 
 if _lib.ECC_ENABLED:
     class _Ecc(object):  # pylint: disable=too-few-public-methods