GitBucket
Newer
/*
* Copyright (c) 2022, Nuvoton Technology Corporation
*
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef CRYPTO_RSA_HW_H
#define CRYPTO_RSA_HW_H
#include "mbedtls/rsa.h"
#if defined(MBEDTLS_RSA_ALT)
#include <stdbool.h>
#ifdef __cplusplus
extern "C" {
#endif
/**
* \brief Initialize/Free Crypto RSA H/W
*
* \return \c 0 on success.
* \return A non-zero error code on failure.
*
* \note crypto_rsa_init()/crypto_rsa_free() are like pre-op/post-op calls
* and they guarantee:
*
* 1. Paired
* 2. No overlapping
* 3. Upper public function cannot return when RSA alter. is still activated.
*/
int crypto_rsa_init(mbedtls_rsa_context *ctx);
void crypto_rsa_free(mbedtls_rsa_context *ctx);
/**
* \brief Query whether or not RSA H/W supports encrypt/decrypt operation in this context
* in normal/CRT algorithm
*
* \param ctx The initialized RSA context to use.
* \param decrypt true for decrypt, or encrypt.
* \param crt true for CRT algorithm, or normal.
* \param blinding Blinding (SCAP) or not.
*
* \return \c 1 on capable, or 0 on incapable.
*
* \note Blinding is applicable only for decrypt operation.
* \note CRT is applicable only for decrypt operation.
*/
int crypto_rsa_encrypt_norm_capable(const mbedtls_rsa_context *ctx);
int crypto_rsa_decrypt_norm_capable(const mbedtls_rsa_context *ctx, bool blinding);
int crypto_rsa_decrypt_crt_capable(const mbedtls_rsa_context *ctx, bool blinding);
int crypto_rsa_crypt_capable(const mbedtls_rsa_context *ctx,
bool decrypt,
bool crt,
bool blinding);
/**
* \brief Run RSA encrypt/decrypt operation in normal/CRT algorithm
*
* \param ctx The initialized RSA context to use.
* \param decrypt true for decrypt, or encrypt.
* \param crt true for CRT algorithm, or normal.
* \param blinding Blinding (SCAP) or not.
* \param input The input buffer. This must be a readable buffer
* of length \c ctx->len Bytes. For example, \c 256 Bytes
* for an 2048-bit RSA modulus.
* \param output The output buffer. This must be a writable buffer
* of length \c ctx->len Bytes. For example, \c 256 Bytes
* for an 2048-bit RSA modulus.
*
* \return \c 0 on success.
* \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
*/
int crypto_rsa_encrypt_norm(mbedtls_rsa_context *ctx,
const unsigned char *input,
unsigned char *output);
int crypto_rsa_decrypt_norm(mbedtls_rsa_context *ctx,
bool blinding,
const unsigned char *input,
unsigned char *output);
int crypto_rsa_decrypt_crt(mbedtls_rsa_context *ctx,
bool blinding,
const unsigned char *input,
unsigned char *output);
int crypto_rsa_crypt(mbedtls_rsa_context *ctx,
bool decrypt,
bool crt,
bool blinding,
const unsigned char *input,
unsigned char *output);
/**
* \brief Abort Crypto RSA H/W
*
* \param ctx The initialized RSA context to use.
* \param timeout_us Timeout in microseconds.
*
* \return \c 0 on success.
* \return A non-zero error code on failure.
*/
int crypto_rsa_abort(mbedtls_rsa_context *ctx,
uint32_t timeout_us);
#ifdef __cplusplus
}
#endif
#endif /* MBEDTLS_RSA_ALT */
#endif /* CRYPTO_RSA_HW_H */