RSA Cipher Object
Operations Supported
New, Free, GetInfo, EncInit, DecInit, SignInit, VerifyInit, EncryptUpdate, DecryptUpdate, SignRecover, VerifyRecover and Verify.
To perform an encrypt call
EncInit + EncryptUpdate
To perform a decrypt call
DecInit + DecryptUpdate
To generate a signature call
SignInit + SignRecover
To verify a signature call
> and view the recovered signature:
VerifyInit + VerifyRecover
> without viewing the signature:
VerifyInit + Verify
Key encoding
The key format depends on whether the operation is expecting a public key or a private key.
Private Keys are used by:
>DecInit
>SignInit
Public Keys are used by:
>EncInit
>VerifyInit
Public Keys are stored in a CtPubRsaKey structure
Private Keys are stored in a CtPriRsaKey structure (see RSA Key Structures).
RSA Modes and Parameters
X509 Mode
#define RSA_MODE_X509 0
X509 Mode is the RAW uncooked mode. No padding or any other transformations are applied by the Cipher Object.
There is no parameter for this mode.
PKCS Mode
#define RSA_MODE_PKCS 1
PKCS Mode pads the input data into a specified block format according to the methods described in PKCS #1. The actual block padding method depends on whether encryption or signing operations are being performed.
For Encryption and Decryption, Block Type 2 is used.
For Signing, Block Type 1 is used.
There is no parameter for this mode.
9796 Mode
#define RSA_MODE_9796 2
ISO 9796 is a signature method only. Encrypt and Decrypt are not supported.
There is no parameter for this mode.
OAEP Mode
#define RSA_MODE_OAEP 3
OAEP is an Encryption/Decryption method only. Signing and Verification operations are not supported.
The padding is performed using the OAEP block format defined in PKCS #1.
This mode requires a parameter which is a structure of type CK_RSA_PKCS_OAEP_PARAMS (see cryptoki.h).
Restrictions apply to the values of members of the parameter structure:
>hashAlg must be CKM_SHA_1, CKM_SHA_244, CKM_SHA_256, CKM_SHA_384 or CKM_SHA_512
>mgf must be CKG_MGF1_SHA1, CKG_MGF1_SHA244, CKG_MGF1_SHA256, CKG_MGF1_SHA384 or CKG_MGF1_SHA512
>source must be CKZ_DATA_SPECIFIED
NOTE The hash algorithm must be the same in hashAlg and mgf.
Example
unsigned char data [SZ_DATA];
RSA_PUBLIC_KEY pub;
CipherObj * pRsa;
CK_RSA_PKCS_OAEP_PARAMS param;
param.hashAlg = CKM_SHA_1;
param.mgf = CKG_MGF1_SHA1;
param.source = CKZ_DATA_SPECIFIED;
param.pSourceData = data;
param.sourceDataLen = SZ_DATA;
pRSA->EncInit(pRSA, RSA_MODE_OAEP, &pub, sizeof(pub),
¶m, sizeof(param));
NOTE The data pointed at by pSourceData must remain intact while the object is in use.
KEY WRAP OAEP Mode
#define RSA_MODE_KW_OAEP 4
Key Wrap OAEP is an Encryption/Decryption method only. Signing and Verification operations are not supported.
The padding is performed using the OAEP block format defined in PKCS #1 version 2.0
This mode requires a parameter which is a structure of type CK_KEY_WRAP_SET_OAEP_PARAMS (see cryptoki.h).
RSA Key Structures
#define MAX_RSA_MOD_BYTES (4096/8)
#define MAX_RSA_PRIME_BYTES ((MAX_RSA_MOD_BYTES / 2) + 4)
typedef unsigned char byte;
typedef struct {
byte bits[2]; /* not used */
byte mod [MAX_RSA_MOD_BYTES];
byte exp [MAX_RSA_MOD_BYTES];
}
RSA_PUBLIC_KEY;
struct CtPubRsaKey {
int isPub;/* TRUE */
unsigned int modSz; /* in bytes */
RSA_PUBLIC_KEY key;
};
typedef struct CtPubRsaKey CtPubRsaKey;
typedef struct {
byte bits[2]; /* not used */
byte mod [MAX_RSA_MOD_BYTES];
byte pub [MAX_RSA_MOD_BYTES];
byte pri [MAX_RSA_MOD_BYTES];
byte p [MAX_RSA_PRIME_BYTES];
byte q [MAX_RSA_PRIME_BYTES];
byte e1 [MAX_RSA_PRIME_BYTES];
byte e2 [MAX_RSA_PRIME_BYTES];
byte u [MAX_RSA_PRIME_BYTES];
}
RSA_PRIVATE_KEY_XCRT;
struct CtPriRsaKey {
int isPub;/* FALSE */
int isXcrt;/* TRUE */
unsigned int modSz; /* significant size in bytes */
RSA_PRIVATE_KEY_XCRT key;
};
typedef struct CtPriRsaKey CtPriRsaKey;
NOTE All values stored Big Endian i.e. most significant byte in mod[0] and least significant byte in mod[MAX_RSA_MOD_BYTES-1].
