Software APIs
rsa_keygen.h
1 // Copyright lowRISC contributors (OpenTitan project).
2 // Licensed under the Apache License, Version 2.0, see LICENSE for details.
3 // SPDX-License-Identifier: Apache-2.0
4 
5 #ifndef OPENTITAN_SW_DEVICE_LIB_CRYPTO_IMPL_RSA_RSA_KEYGEN_H_
6 #define OPENTITAN_SW_DEVICE_LIB_CRYPTO_IMPL_RSA_RSA_KEYGEN_H_
7 
8 #include <stddef.h>
9 #include <stdint.h>
10 
11 #include "sw/device/lib/base/hardened.h"
12 #include "sw/device/lib/crypto/impl/rsa/rsa_datatypes.h"
13 #include "sw/device/lib/crypto/impl/status.h"
14 
15 #ifdef __cplusplus
16 extern "C" {
17 #endif // __cplusplus
18 
19 /**
20  * Starts an RSA-2048 key generation operation; returns immediately.
21  *
22  * The key exponent is always F4=65537; no other exponents are supported.
23  *
24  * Returns an `OTCRYPTO_ASYNC_INCOMPLETE` error if OTBN is busy.
25  *
26  * @return Result of the operation (OK or error).
27  */
28 status_t rsa_keygen_2048_start(void);
29 
30 /**
31  * Waits for an RSA-2048 key generation to complete.
32  *
33  * Should be invoked only after `rsa_keygen_2048_start`. Blocks until OTBN is
34  * done processing.
35  *
36  * @param[out] public_key Generated public key (n, e).
37  * @param[out] private_key Generated private key (d, e).
38  * @return Result of the operation (OK or error).
39  */
40 status_t rsa_keygen_2048_finalize(rsa_2048_public_key_t *public_key,
41  rsa_2048_private_key_t *private_key);
42 
43 /**
44  * Starts an RSA-3072 key generation operation; returns immediately.
45  *
46  * The key exponent is always F4=65537; no other exponents are supported.
47  *
48  * Returns an `OTCRYPTO_ASYNC_INCOMPLETE` error if OTBN is busy.
49  *
50  * @return Result of the operation (OK or error).
51  */
52 status_t rsa_keygen_3072_start(void);
53 
54 /**
55  * Waits for an RSA-3072 key generation to complete.
56  *
57  * Should be invoked only after `rsa_keygen_3072_start`. Blocks until OTBN is
58  * done processing.
59  *
60  * @param[out] public_key Generated public key (n, e).
61  * @param[out] private_key Generated private key (d, e).
62  * @return Result of the operation (OK or error).
63  */
64 status_t rsa_keygen_3072_finalize(rsa_3072_public_key_t *public_key,
65  rsa_3072_private_key_t *private_key);
66 
67 /**
68  * Starts an RSA-4096 key generation operation; returns immediately.
69  *
70  * The key exponent is always F4=65537; no other exponents are supported.
71  *
72  * Returns an `OTCRYPTO_ASYNC_INCOMPLETE` error if OTBN is busy.
73  *
74  * @return Result of the operation (OK or error).
75  */
76 status_t rsa_keygen_4096_start(void);
77 
78 /**
79  * Waits for an RSA-4096 key generation to complete.
80  *
81  * Should be invoked only after `rsa_keygen_4096_start`. Blocks until OTBN is
82  * done processing.
83  *
84  * @param[out] public_key Generated public key (n, e).
85  * @param[out] private_key Generated private key (d, e).
86  * @return Result of the operation (OK or error).
87  */
88 status_t rsa_keygen_4096_finalize(rsa_4096_public_key_t *public_key,
89  rsa_4096_private_key_t *private_key);
90 
91 /**
92  * Starts an RSA-2048 key-from-cofactor operation; returns immediately.
93  *
94  * The key exponent must be F4=65537; no other exponents are supported. This
95  * routine does not perform any checks on the generated keypair (e.g. primality
96  * checks or even range checks).
97  *
98  * Returns an `OTCRYPTO_ASYNC_INCOMPLETE` error if OTBN is busy.
99  *
100  * @param public_key Public key (n, e).
101  * @param cofactor One of the prime cofactors (p or q).
102  * @return Result of the operation (OK or error).
103  */
104 status_t rsa_keygen_from_cofactor_2048_start(
105  const rsa_2048_public_key_t *public_key,
106  const rsa_2048_cofactor_t *cofactor);
107 
108 /**
109  * Waits for an RSA-2048 key-from-cofactor operation to complete.
110  *
111  * Should be invoked only after `rsa_keygen_from_cofactor_2048_start`. Blocks
112  * until OTBN is done processing.
113  *
114  * The public key returned by this function is recomputed by OTBN; callers may
115  * find it helpful to compare the public key modulus returned to the one that
116  * was passed to OTBN originally in order to check for errors.
117  *
118  * @param[out] public_key Generated public key (n, e).
119  * @param[out] private_key Generated private key (d, e).
120  * @return Result of the operation (OK or error).
121  */
122 status_t rsa_keygen_from_cofactor_2048_finalize(
123  rsa_2048_public_key_t *public_key, rsa_2048_private_key_t *private_key);
124 
125 #ifdef __cplusplus
126 } // extern "C"
127 #endif // __cplusplus
128 
129 #endif // OPENTITAN_SW_DEVICE_LIB_CRYPTO_IMPL_RSA_RSA_KEYGEN_H_
Return to OpenTitan Documentation