RSA Cipher Object

Operations Supported

New, Free, GetInfo, EncInit, DecInit, SignInit, VerifyInit, EncryptUpdate, DecryptUpdate, SignRecover, VerifyRecover and Verify.

To perform an encrypt call

EncInit + EncryptUpdate  

To perform a decrypt call

DecInit + DecryptUpdate  

To generate a signature call

SignInit + SignRecover  

To verify a signature call

> and view the recovered signature:

VerifyInit + VerifyRecover  

> without viewing the signature:

VerifyInit + Verify  

Key encoding

The key format depends on whether the operation is expecting a public key or a private key.

Private Keys are used by:

>DecInit

>SignInit

Public Keys are used by:

>EncInit

>VerifyInit

Public Keys are stored in a CtPubRsaKey structure

Private Keys are stored in a CtPriRsaKey structure (see RSA Key Structures).

RSA Modes and Parameters

X509 Mode

#define RSA_MODE_X509        0

X509 Mode is the RAW uncooked mode. No padding or any other transformations are applied by the Cipher Object.

There is no parameter for this mode.

PKCS Mode

#define RSA_MODE_PKCS        1

PKCS Mode pads the input data into a specified block format according to the methods described in PKCS #1. The actual block padding method depends on whether encryption or signing operations are being performed.

For Encryption and Decryption, Block Type 2 is used.

For Signing, Block Type 1 is used.

There is no parameter for this mode.

9796 Mode

#define RSA_MODE_9796        2

ISO 9796 is a signature method only. Encrypt and Decrypt are not supported.

There is no parameter for this mode.

OAEP Mode

#define RSA_MODE_OAEP        3

OAEP is an Encryption/Decryption method only. Signing and Verification operations are not supported.

The padding is performed using the OAEP block format defined in PKCS #1.

This mode requires a parameter which is a structure of type CK_RSA_PKCS_OAEP_PARAMS (see cryptoki.h).

Restrictions apply to the values of members of the parameter structure:

>hashAlg must be CKM_SHA_1, CKM_SHA_244, CKM_SHA_256, CKM_SHA_384 or CKM_SHA_512

>mgf must be CKG_MGF1_SHA1, CKG_MGF1_SHA244, CKG_MGF1_SHA256, CKG_MGF1_SHA384 or CKG_MGF1_SHA512

>source must be CKZ_DATA_SPECIFIED

NOTE   The hash algorithm must be the same in hashAlg and mgf.

Example
unsigned char data [SZ_DATA];
RSA_PUBLIC_KEY pub;
CipherObj * pRsa;
CK_RSA_PKCS_OAEP_PARAMS param;
param.hashAlg = CKM_SHA_1;
param.mgf = CKG_MGF1_SHA1;
param.source = CKZ_DATA_SPECIFIED;
param.pSourceData = data;
param.sourceDataLen = SZ_DATA;
pRSA->EncInit(pRSA, RSA_MODE_OAEP, &pub, sizeof(pub),
&param, sizeof(param));

NOTE   The data pointed at by pSourceData must remain intact while the object is in use.

KEY WRAP OAEP Mode

#define RSA_MODE_KW_OAEP        4

Key Wrap OAEP is an Encryption/Decryption method only. Signing and Verification operations are not supported.

The padding is performed using the OAEP block format defined in PKCS #1 version 2.0

This mode requires a parameter which is a structure of type CK_KEY_WRAP_SET_OAEP_PARAMS (see cryptoki.h).

RSA Key Structures

#define MAX_RSA_MOD_BYTES (4096/8)
#define MAX_RSA_PRIME_BYTES ((MAX_RSA_MOD_BYTES / 2) + 4)
typedef unsigned char byte;
typedef struct {
    byte bits[2]; /* not used */
    byte mod [MAX_RSA_MOD_BYTES];
    byte exp [MAX_RSA_MOD_BYTES];
}
RSA_PUBLIC_KEY;
struct CtPubRsaKey {
int isPub;/* TRUE */
unsigned int modSz; /* in bytes */
RSA_PUBLIC_KEY key;
};
typedef struct CtPubRsaKey CtPubRsaKey;
typedef struct {
    byte bits[2]; /* not used */
    byte mod [MAX_RSA_MOD_BYTES];
    byte pub [MAX_RSA_MOD_BYTES];
    byte pri [MAX_RSA_MOD_BYTES];
    byte p   [MAX_RSA_PRIME_BYTES];
    byte q   [MAX_RSA_PRIME_BYTES];
    byte e1  [MAX_RSA_PRIME_BYTES];
    byte e2  [MAX_RSA_PRIME_BYTES];
    byte u   [MAX_RSA_PRIME_BYTES];
}
RSA_PRIVATE_KEY_XCRT;
struct CtPriRsaKey {
int isPub;/* FALSE */
int isXcrt;/* TRUE */
unsigned int modSz; /* significant size in bytes */
RSA_PRIVATE_KEY_XCRT key;
};
typedef struct CtPriRsaKey CtPriRsaKey;

NOTE   All values stored Big Endian i.e. most significant byte in mod[0] and least significant byte in mod[MAX_RSA_MOD_BYTES-1].