3 * Copyright (C) 2006-2015 wolfSSL Inc.
5 * This file is part of wolfSSL. (formerly known as CyaSSL)
7 * wolfSSL is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 2 of the License, or
10 * (at your option) any later version.
12 * wolfSSL is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, write to the Free Software
19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
26 #include <wolfssl/wolfcrypt/settings.h>
30 #include <wolfssl/wolfcrypt/rsa.h>
33 int wc_InitRsaKey(RsaKey* key, void* ptr)
35 return InitRsaKey_fips(key, ptr);
39 int wc_FreeRsaKey(RsaKey* key)
41 return FreeRsaKey_fips(key);
45 int wc_RsaPublicEncrypt(const byte* in, word32 inLen, byte* out,
46 word32 outLen, RsaKey* key, RNG* rng)
48 return RsaPublicEncrypt_fips(in, inLen, out, outLen, key, rng);
52 int wc_RsaPrivateDecryptInline(byte* in, word32 inLen, byte** out,
55 return RsaPrivateDecryptInline_fips(in, inLen, out, key);
59 int wc_RsaPrivateDecrypt(const byte* in, word32 inLen, byte* out,
60 word32 outLen, RsaKey* key)
62 return RsaPrivateDecrypt_fips(in, inLen, out, outLen, key);
66 int wc_RsaSSL_Sign(const byte* in, word32 inLen, byte* out,
67 word32 outLen, RsaKey* key, RNG* rng)
69 return RsaSSL_Sign_fips(in, inLen, out, outLen, key, rng);
73 int wc_RsaSSL_VerifyInline(byte* in, word32 inLen, byte** out, RsaKey* key)
75 return RsaSSL_VerifyInline_fips(in, inLen, out, key);
79 int wc_RsaSSL_Verify(const byte* in, word32 inLen, byte* out,
80 word32 outLen, RsaKey* key)
82 return RsaSSL_Verify_fips(in, inLen, out, outLen, key);
86 int wc_RsaEncryptSize(RsaKey* key)
88 return RsaEncryptSize_fips(key);
92 int wc_RsaFlattenPublicKey(RsaKey* key, byte* a, word32* aSz, byte* b,
95 /* not specified as fips so not needing _fips */
96 return RsaFlattenPublicKey(key, a, aSz, b, bSz);
98 #ifdef WOLFSSL_KEY_GEN
99 int wc_MakeRsaKey(RsaKey* key, int size, long e, RNG* rng)
101 return MakeRsaKey(key, size, e, rng);
107 int wc_RsaInitCavium(RsaKey* key, int i)
109 return RsaInitCavium(key, i);
113 void wc_RsaFreeCavium(RsaKey* key)
119 /* these are functions in asn and are routed to wolfssl/wolfcrypt/asn.c
120 * wc_RsaPrivateKeyDecode
121 * wc_RsaPublicKeyDecode
124 #else /* else build without fips */
125 #include <wolfssl/wolfcrypt/random.h>
126 #include <wolfssl/wolfcrypt/error-crypt.h>
127 #include <wolfssl/wolfcrypt/logging.h>
129 #include <wolfssl/wolfcrypt/misc.h>
131 #include <wolfcrypt/src/misc.c>
143 static int InitCaviumRsaKey(RsaKey* key, void* heap);
144 static int FreeCaviumRsaKey(RsaKey* key);
145 static int CaviumRsaPublicEncrypt(const byte* in, word32 inLen, byte* out,
146 word32 outLen, RsaKey* key);
147 static int CaviumRsaPrivateDecrypt(const byte* in, word32 inLen, byte* out,
148 word32 outLen, RsaKey* key);
149 static int CaviumRsaSSL_Sign(const byte* in, word32 inLen, byte* out,
150 word32 outLen, RsaKey* key);
151 static int CaviumRsaSSL_Verify(const byte* in, word32 inLen, byte* out,
152 word32 outLen, RsaKey* key);
156 RSA_PUBLIC_ENCRYPT = 0,
157 RSA_PUBLIC_DECRYPT = 1,
158 RSA_PRIVATE_ENCRYPT = 2,
159 RSA_PRIVATE_DECRYPT = 3,
161 RSA_BLOCK_TYPE_1 = 1,
162 RSA_BLOCK_TYPE_2 = 2,
167 RSA_MIN_PAD_SZ = 11 /* seperator + 0 + pad value + 8 pads */
171 int wc_InitRsaKey(RsaKey* key, void* heap)
174 if (key->magic == WOLFSSL_RSA_CAVIUM_MAGIC)
175 return InitCaviumRsaKey(key, heap);
178 key->type = -1; /* haven't decided yet */
181 /* TomsFastMath doesn't use memory allocation */
182 #ifndef USE_FAST_MATH
183 key->n.dp = key->e.dp = 0; /* public alloc parts */
185 key->d.dp = key->p.dp = 0; /* private alloc parts */
186 key->q.dp = key->dP.dp = 0;
187 key->u.dp = key->dQ.dp = 0;
203 int wc_FreeRsaKey(RsaKey* key)
208 if (key->magic == WOLFSSL_RSA_CAVIUM_MAGIC)
209 return FreeCaviumRsaKey(key);
212 /* TomsFastMath doesn't use memory allocation */
213 #ifndef USE_FAST_MATH
214 if (key->type == RSA_PRIVATE) {
229 static int wc_RsaPad(const byte* input, word32 inputLen, byte* pkcsBlock,
230 word32 pkcsBlockLen, byte padValue, RNG* rng)
235 pkcsBlock[0] = 0x0; /* set first byte to zero and advance */
236 pkcsBlock++; pkcsBlockLen--;
237 pkcsBlock[0] = padValue; /* insert padValue */
239 if (padValue == RSA_BLOCK_TYPE_1)
240 /* pad with 0xff bytes */
241 XMEMSET(&pkcsBlock[1], 0xFF, pkcsBlockLen - inputLen - 2);
243 /* pad with non-zero random bytes */
244 word32 padLen = pkcsBlockLen - inputLen - 1, i;
245 int ret = wc_RNG_GenerateBlock(rng, &pkcsBlock[1], padLen);
251 for (i = 1; i < padLen; i++)
252 if (pkcsBlock[i] == 0) pkcsBlock[i] = 0x01;
255 pkcsBlock[pkcsBlockLen-inputLen-1] = 0; /* separator */
256 XMEMCPY(pkcsBlock+pkcsBlockLen-inputLen, input, inputLen);
262 /* UnPad plaintext, set start to *output, return length of plaintext,
264 static int RsaUnPad(const byte *pkcsBlock, unsigned int pkcsBlockLen,
265 byte **output, byte padValue)
267 word32 maxOutputLen = (pkcsBlockLen > 10) ? (pkcsBlockLen - 10) : 0,
272 if (pkcsBlock[0] != 0x0) /* skip past zero */
274 pkcsBlock++; pkcsBlockLen--;
276 /* Require block type padValue */
277 invalid = (pkcsBlock[0] != padValue) || invalid;
279 /* verify the padding until we find the separator */
280 if (padValue == RSA_BLOCK_TYPE_1) {
281 while (i<pkcsBlockLen && pkcsBlock[i++] == 0xFF) {/* Null body */}
284 while (i<pkcsBlockLen && pkcsBlock[i++]) {/* Null body */}
287 if(!(i==pkcsBlockLen || pkcsBlock[i-1]==0)) {
288 WOLFSSL_MSG("RsaUnPad error, bad formatting");
292 outputLen = pkcsBlockLen - i;
293 invalid = (outputLen > maxOutputLen) || invalid;
296 WOLFSSL_MSG("RsaUnPad error, bad formatting");
300 *output = (byte *)(pkcsBlock + i);
305 static int wc_RsaFunction(const byte* in, word32 inLen, byte* out,
306 word32* outLen, int type, RsaKey* key)
308 #define ERROR_OUT(x) { ret = (x); goto done;}
314 if (mp_init(&tmp) != MP_OKAY)
317 if (mp_read_unsigned_bin(&tmp, (byte*)in, inLen) != MP_OKAY)
318 ERROR_OUT(MP_READ_E);
320 if (type == RSA_PRIVATE_DECRYPT || type == RSA_PRIVATE_ENCRYPT) {
321 #ifdef RSA_LOW_MEM /* half as much memory but twice as slow */
322 if (mp_exptmod(&tmp, &key->d, &key->n, &tmp) != MP_OKAY)
323 ERROR_OUT(MP_EXPTMOD_E);
325 #define INNER_ERROR_OUT(x) { ret = (x); goto inner_done; }
329 if (mp_init(&tmpa) != MP_OKAY)
330 ERROR_OUT(MP_INIT_E);
332 if (mp_init(&tmpb) != MP_OKAY) {
334 ERROR_OUT(MP_INIT_E);
337 /* tmpa = tmp^dP mod p */
338 if (mp_exptmod(&tmp, &key->dP, &key->p, &tmpa) != MP_OKAY)
339 INNER_ERROR_OUT(MP_EXPTMOD_E);
341 /* tmpb = tmp^dQ mod q */
342 if (mp_exptmod(&tmp, &key->dQ, &key->q, &tmpb) != MP_OKAY)
343 INNER_ERROR_OUT(MP_EXPTMOD_E);
345 /* tmp = (tmpa - tmpb) * qInv (mod p) */
346 if (mp_sub(&tmpa, &tmpb, &tmp) != MP_OKAY)
347 INNER_ERROR_OUT(MP_SUB_E);
349 if (mp_mulmod(&tmp, &key->u, &key->p, &tmp) != MP_OKAY)
350 INNER_ERROR_OUT(MP_MULMOD_E);
352 /* tmp = tmpb + q * tmp */
353 if (mp_mul(&tmp, &key->q, &tmp) != MP_OKAY)
354 INNER_ERROR_OUT(MP_MUL_E);
356 if (mp_add(&tmp, &tmpb, &tmp) != MP_OKAY)
357 INNER_ERROR_OUT(MP_ADD_E);
363 if (ret != 0) return ret;
365 #endif /* RSA_LOW_MEM */
367 else if (type == RSA_PUBLIC_ENCRYPT || type == RSA_PUBLIC_DECRYPT) {
368 if (mp_exptmod(&tmp, &key->e, &key->n, &tmp) != MP_OKAY)
369 ERROR_OUT(MP_EXPTMOD_E);
372 ERROR_OUT(RSA_WRONG_TYPE_E);
374 keyLen = mp_unsigned_bin_size(&key->n);
375 if (keyLen > *outLen)
376 ERROR_OUT(RSA_BUFFER_E);
378 len = mp_unsigned_bin_size(&tmp);
380 /* pad front w/ zeros to match key length */
381 while (len < keyLen) {
389 if (mp_to_unsigned_bin(&tmp, out) != MP_OKAY)
394 if (ret == MP_EXPTMOD_E) {
395 WOLFSSL_MSG("RSA_FUNCTION MP_EXPTMOD_E: memory/config problem");
401 int wc_RsaPublicEncrypt(const byte* in, word32 inLen, byte* out, word32 outLen,
402 RsaKey* key, RNG* rng)
407 if (key->magic == WOLFSSL_RSA_CAVIUM_MAGIC)
408 return CaviumRsaPublicEncrypt(in, inLen, out, outLen, key);
411 sz = mp_unsigned_bin_size(&key->n);
412 if (sz > (int)outLen)
415 if (inLen > (word32)(sz - RSA_MIN_PAD_SZ))
418 ret = wc_RsaPad(in, inLen, out, sz, RSA_BLOCK_TYPE_2, rng);
422 if ((ret = wc_RsaFunction(out, sz, out, &outLen,
423 RSA_PUBLIC_ENCRYPT, key)) < 0)
430 int wc_RsaPrivateDecryptInline(byte* in, word32 inLen, byte** out, RsaKey* key)
435 if (key->magic == WOLFSSL_RSA_CAVIUM_MAGIC) {
436 ret = CaviumRsaPrivateDecrypt(in, inLen, in, inLen, key);
443 if ((ret = wc_RsaFunction(in, inLen, in, &inLen, RSA_PRIVATE_DECRYPT, key))
448 return RsaUnPad(in, inLen, out, RSA_BLOCK_TYPE_2);
452 int wc_RsaPrivateDecrypt(const byte* in, word32 inLen, byte* out, word32 outLen,
460 if (key->magic == WOLFSSL_RSA_CAVIUM_MAGIC)
461 return CaviumRsaPrivateDecrypt(in, inLen, out, outLen, key);
464 tmp = (byte*)XMALLOC(inLen, key->heap, DYNAMIC_TYPE_RSA);
469 XMEMCPY(tmp, in, inLen);
471 if ( (plainLen = wc_RsaPrivateDecryptInline(tmp, inLen, &pad, key) ) < 0) {
472 XFREE(tmp, key->heap, DYNAMIC_TYPE_RSA);
475 if (plainLen > (int)outLen)
476 plainLen = BAD_FUNC_ARG;
478 XMEMCPY(out, pad, plainLen);
480 ForceZero(tmp, inLen);
481 XFREE(tmp, key->heap, DYNAMIC_TYPE_RSA);
488 int wc_RsaSSL_VerifyInline(byte* in, word32 inLen, byte** out, RsaKey* key)
493 if (key->magic == WOLFSSL_RSA_CAVIUM_MAGIC) {
494 ret = CaviumRsaSSL_Verify(in, inLen, in, inLen, key);
501 if ((ret = wc_RsaFunction(in, inLen, in, &inLen, RSA_PUBLIC_DECRYPT, key))
506 return RsaUnPad(in, inLen, out, RSA_BLOCK_TYPE_1);
510 int wc_RsaSSL_Verify(const byte* in, word32 inLen, byte* out, word32 outLen,
518 if (key->magic == WOLFSSL_RSA_CAVIUM_MAGIC)
519 return CaviumRsaSSL_Verify(in, inLen, out, outLen, key);
522 tmp = (byte*)XMALLOC(inLen, key->heap, DYNAMIC_TYPE_RSA);
527 XMEMCPY(tmp, in, inLen);
529 if ( (plainLen = wc_RsaSSL_VerifyInline(tmp, inLen, &pad, key) ) < 0) {
530 XFREE(tmp, key->heap, DYNAMIC_TYPE_RSA);
534 if (plainLen > (int)outLen)
535 plainLen = BAD_FUNC_ARG;
537 XMEMCPY(out, pad, plainLen);
539 ForceZero(tmp, inLen);
540 XFREE(tmp, key->heap, DYNAMIC_TYPE_RSA);
547 int wc_RsaSSL_Sign(const byte* in, word32 inLen, byte* out, word32 outLen,
548 RsaKey* key, RNG* rng)
553 if (key->magic == WOLFSSL_RSA_CAVIUM_MAGIC)
554 return CaviumRsaSSL_Sign(in, inLen, out, outLen, key);
557 sz = mp_unsigned_bin_size(&key->n);
558 if (sz > (int)outLen)
561 if (inLen > (word32)(sz - RSA_MIN_PAD_SZ))
564 ret = wc_RsaPad(in, inLen, out, sz, RSA_BLOCK_TYPE_1, rng);
568 if ((ret = wc_RsaFunction(out, sz, out, &outLen,
569 RSA_PRIVATE_ENCRYPT,key)) < 0)
576 int wc_RsaEncryptSize(RsaKey* key)
579 if (key->magic == WOLFSSL_RSA_CAVIUM_MAGIC)
582 return mp_unsigned_bin_size(&key->n);
585 /* flatten RsaKey structure into individual elements (e, n) */
586 int wc_RsaFlattenPublicKey(RsaKey* key, byte* e, word32* eSz, byte* n,
591 if (key == NULL || e == NULL || eSz == NULL || n == NULL || nSz == NULL)
594 sz = mp_unsigned_bin_size(&key->e);
595 if ((word32)sz > *nSz)
597 ret = mp_to_unsigned_bin(&key->e, e);
602 sz = mp_unsigned_bin_size(&key->n);
603 if ((word32)sz > *nSz)
605 ret = mp_to_unsigned_bin(&key->n, n);
614 #ifdef WOLFSSL_KEY_GEN
616 static const int USE_BBS = 1;
618 static int rand_prime(mp_int* N, int len, RNG* rng, void* heap)
624 if (N == NULL || rng == NULL)
635 /* allow sizes between 2 and 512 bytes for a prime size */
636 if (len < 2 || len > 512) {
640 /* allocate buffer to work with */
641 buf = (byte*)XMALLOC(len, heap, DYNAMIC_TYPE_RSA);
645 XMEMSET(buf, 0, len);
653 err = wc_RNG_GenerateBlock(rng, buf, len);
655 XFREE(buf, heap, DYNAMIC_TYPE_RSA);
660 buf[0] |= 0x80 | 0x40;
661 buf[len-1] |= 0x01 | ((type & USE_BBS) ? 0x02 : 0x00);
664 if ((err = mp_read_unsigned_bin(N, buf, len)) != MP_OKAY) {
665 XFREE(buf, heap, DYNAMIC_TYPE_RSA);
670 if ((err = mp_prime_is_prime(N, 8, &res)) != MP_OKAY) {
671 XFREE(buf, heap, DYNAMIC_TYPE_RSA);
674 } while (res == MP_NO);
677 XFREE(buf, heap, DYNAMIC_TYPE_RSA);
683 /* Make an RSA key for size bits, with e specified, 65537 is a good e */
684 int wc_MakeRsaKey(RsaKey* key, int size, long e, RNG* rng)
686 mp_int p, q, tmp1, tmp2, tmp3;
689 if (key == NULL || rng == NULL)
692 if (size < RSA_MIN_SIZE || size > RSA_MAX_SIZE)
695 if (e < 3 || (e & 1) == 0)
698 if ((err = mp_init_multi(&p, &q, &tmp1, &tmp2, &tmp3, NULL)) != MP_OKAY)
701 err = mp_set_int(&tmp3, e);
704 if (err == MP_OKAY) {
706 err = rand_prime(&p, size/16, rng, key->heap); /* size in bytes/2 */
709 err = mp_sub_d(&p, 1, &tmp1); /* tmp1 = p-1 */
712 err = mp_gcd(&tmp1, &tmp3, &tmp2); /* tmp2 = gcd(p-1, e) */
713 } while (err == MP_OKAY && mp_cmp_d(&tmp2, 1) != 0); /* e divdes p-1 */
717 if (err == MP_OKAY) {
719 err = rand_prime(&q, size/16, rng, key->heap); /* size in bytes/2 */
722 err = mp_sub_d(&q, 1, &tmp1); /* tmp1 = q-1 */
725 err = mp_gcd(&tmp1, &tmp3, &tmp2); /* tmp2 = gcd(q-1, e) */
726 } while (err == MP_OKAY && mp_cmp_d(&tmp2, 1) != 0); /* e divdes q-1 */
730 err = mp_init_multi(&key->n, &key->e, &key->d, &key->p, &key->q, NULL);
733 err = mp_init_multi(&key->dP, &key->dQ, &key->u, NULL, NULL, NULL);
736 err = mp_sub_d(&p, 1, &tmp2); /* tmp2 = p-1 */
739 err = mp_lcm(&tmp1, &tmp2, &tmp1); /* tmp1 = lcm(p-1, q-1),last loop */
743 err = mp_set_int(&key->e, e); /* key->e = e */
745 if (err == MP_OKAY) /* key->d = 1/e mod lcm(p-1, q-1) */
746 err = mp_invmod(&key->e, &tmp1, &key->d);
749 err = mp_mul(&p, &q, &key->n); /* key->n = pq */
752 err = mp_sub_d(&p, 1, &tmp1);
755 err = mp_sub_d(&q, 1, &tmp2);
758 err = mp_mod(&key->d, &tmp1, &key->dP);
761 err = mp_mod(&key->d, &tmp2, &key->dQ);
764 err = mp_invmod(&q, &p, &key->u);
767 err = mp_copy(&p, &key->p);
770 err = mp_copy(&q, &key->q);
773 key->type = RSA_PRIVATE;
781 if (err != MP_OKAY) {
790 #endif /* WOLFSSL_KEY_GEN */
795 #include <cyassl/ctaocrypt/logging.h>
796 #include "cavium_common.h"
798 /* Initiliaze RSA for use with Nitrox device */
799 int RsaInitCavium(RsaKey* rsa, int devId)
804 if (CspAllocContext(CONTEXT_SSL, &rsa->contextHandle, devId) != 0)
808 rsa->magic = WOLFSSL_RSA_CAVIUM_MAGIC;
814 /* Free RSA from use with Nitrox device */
815 void wc_RsaFreeCavium(RsaKey* rsa)
820 CspFreeContext(CONTEXT_SSL, rsa->contextHandle, rsa->devId);
825 /* Initialize cavium RSA key */
826 static int InitCaviumRsaKey(RsaKey* key, void* heap)
832 key->type = -1; /* don't know yet */
856 /* Free cavium RSA key */
857 static int FreeCaviumRsaKey(RsaKey* key)
862 XFREE(key->c_n, key->heap, DYNAMIC_TYPE_CAVIUM_TMP);
863 XFREE(key->c_e, key->heap, DYNAMIC_TYPE_CAVIUM_TMP);
864 XFREE(key->c_d, key->heap, DYNAMIC_TYPE_CAVIUM_TMP);
865 XFREE(key->c_p, key->heap, DYNAMIC_TYPE_CAVIUM_TMP);
866 XFREE(key->c_q, key->heap, DYNAMIC_TYPE_CAVIUM_TMP);
867 XFREE(key->c_dP, key->heap, DYNAMIC_TYPE_CAVIUM_TMP);
868 XFREE(key->c_dQ, key->heap, DYNAMIC_TYPE_CAVIUM_TMP);
869 XFREE(key->c_u, key->heap, DYNAMIC_TYPE_CAVIUM_TMP);
871 return InitCaviumRsaKey(key, key->heap); /* reset pointers */
875 static int CaviumRsaPublicEncrypt(const byte* in, word32 inLen, byte* out,
876 word32 outLen, RsaKey* key)
881 if (key == NULL || in == NULL || out == NULL || outLen < (word32)key->c_nSz)
884 ret = CspPkcs1v15Enc(CAVIUM_BLOCKING, BT2, key->c_nSz, key->c_eSz,
885 (word16)inLen, key->c_n, key->c_e, (byte*)in, out,
886 &requestId, key->devId);
888 WOLFSSL_MSG("Cavium Enc BT2 failed");
895 static INLINE void ato16(const byte* c, word16* u16)
897 *u16 = (c[0] << 8) | (c[1]);
901 static int CaviumRsaPrivateDecrypt(const byte* in, word32 inLen, byte* out,
902 word32 outLen, RsaKey* key)
906 word16 outSz = (word16)outLen;
908 if (key == NULL || in == NULL || out == NULL || inLen != (word32)key->c_nSz)
911 ret = CspPkcs1v15CrtDec(CAVIUM_BLOCKING, BT2, key->c_nSz, key->c_q,
912 key->c_dQ, key->c_p, key->c_dP, key->c_u,
913 (byte*)in, &outSz, out, &requestId, key->devId);
915 WOLFSSL_MSG("Cavium CRT Dec BT2 failed");
918 ato16((const byte*)&outSz, &outSz);
924 static int CaviumRsaSSL_Sign(const byte* in, word32 inLen, byte* out,
925 word32 outLen, RsaKey* key)
930 if (key == NULL || in == NULL || out == NULL || inLen == 0 || outLen <
934 ret = CspPkcs1v15CrtEnc(CAVIUM_BLOCKING, BT1, key->c_nSz, (word16)inLen,
935 key->c_q, key->c_dQ, key->c_p, key->c_dP, key->c_u,
936 (byte*)in, out, &requestId, key->devId);
938 WOLFSSL_MSG("Cavium CRT Enc BT1 failed");
945 static int CaviumRsaSSL_Verify(const byte* in, word32 inLen, byte* out,
946 word32 outLen, RsaKey* key)
950 word16 outSz = (word16)outLen;
952 if (key == NULL || in == NULL || out == NULL || inLen != (word32)key->c_nSz)
955 ret = CspPkcs1v15Dec(CAVIUM_BLOCKING, BT1, key->c_nSz, key->c_eSz,
956 key->c_n, key->c_e, (byte*)in, &outSz, out,
957 &requestId, key->devId);
959 WOLFSSL_MSG("Cavium Dec BT1 failed");
962 outSz = ntohs(outSz);
968 #endif /* HAVE_CAVIUM */
970 #endif /* HAVE_FIPS */
begriffs.com / projects / freertos / blob