X-Git-Url: https://git.proxmox.com/?a=blobdiff_plain;f=CryptoPkg%2FLibrary%2FBaseCryptLib%2FPk%2FCryptRsaExt.c;h=7cd5fecf04cb139bde01c85abb43eae2ef323540;hb=HEAD;hp=30552e4f4b3f48fadc378371d120c6661c438759;hpb=2998af862469c6a05657e169d7def6f55420caad;p=mirror_edk2.git
diff --git a/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaExt.c b/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaExt.c
index 30552e4f4b..d414ce83f9 100644
--- a/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaExt.c
+++ b/CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaExt.c
@@ -7,14 +7,8 @@
3) RsaCheckKey
4) RsaPkcs1Sign
-Copyright (c) 2009 - 2015, Intel Corporation. All rights reserved.
-This program and the accompanying materials
-are licensed and made available under the terms and conditions of the BSD License
-which accompanies this distribution. The full text of the license may be found at
-http://opensource.org/licenses/bsd-license.php
-
-THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
-WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+Copyright (c) 2009 - 2020, Intel Corporation. All rights reserved.
+SPDX-License-Identifier: BSD-2-Clause-Patent
**/
@@ -60,104 +54,84 @@ RsaGetKey (
IN OUT UINTN *BnSize
)
{
- RSA *RsaKey;
- BIGNUM *BnKey;
- UINTN Size;
+ RSA *RsaKey;
+ BIGNUM *BnKey;
+ UINTN Size;
//
// Check input parameters.
//
- if (RsaContext == NULL || BnSize == NULL) {
+ if ((RsaContext == NULL) || (BnSize == NULL)) {
return FALSE;
}
- RsaKey = (RSA *) RsaContext;
+ RsaKey = (RSA *)RsaContext;
Size = *BnSize;
*BnSize = 0;
+ BnKey = NULL;
switch (KeyTag) {
+ //
+ // RSA Public Modulus (N)
+ //
+ case RsaKeyN:
+ RSA_get0_key (RsaKey, (const BIGNUM **)&BnKey, NULL, NULL);
+ break;
+
+ //
+ // RSA Public Exponent (e)
+ //
+ case RsaKeyE:
+ RSA_get0_key (RsaKey, NULL, (const BIGNUM **)&BnKey, NULL);
+ break;
+
+ //
+ // RSA Private Exponent (d)
+ //
+ case RsaKeyD:
+ RSA_get0_key (RsaKey, NULL, NULL, (const BIGNUM **)&BnKey);
+ break;
+
+ //
+ // RSA Secret Prime Factor of Modulus (p)
+ //
+ case RsaKeyP:
+ RSA_get0_factors (RsaKey, (const BIGNUM **)&BnKey, NULL);
+ break;
+
+ //
+ // RSA Secret Prime Factor of Modules (q)
+ //
+ case RsaKeyQ:
+ RSA_get0_factors (RsaKey, NULL, (const BIGNUM **)&BnKey);
+ break;
+
+ //
+ // p's CRT Exponent (== d mod (p - 1))
+ //
+ case RsaKeyDp:
+ RSA_get0_crt_params (RsaKey, (const BIGNUM **)&BnKey, NULL, NULL);
+ break;
+
+ //
+ // q's CRT Exponent (== d mod (q - 1))
+ //
+ case RsaKeyDq:
+ RSA_get0_crt_params (RsaKey, NULL, (const BIGNUM **)&BnKey, NULL);
+ break;
+
+ //
+ // The CRT Coefficient (== 1/q mod p)
+ //
+ case RsaKeyQInv:
+ RSA_get0_crt_params (RsaKey, NULL, NULL, (const BIGNUM **)&BnKey);
+ break;
+
+ default:
+ return FALSE;
+ }
- //
- // RSA Public Modulus (N)
- //
- case RsaKeyN:
- if (RsaKey->n == NULL) {
- return TRUE;
- }
- BnKey = RsaKey->n;
- break;
-
- //
- // RSA Public Exponent (e)
- //
- case RsaKeyE:
- if (RsaKey->e == NULL) {
- return TRUE;
- }
- BnKey = RsaKey->e;
- break;
-
- //
- // RSA Private Exponent (d)
- //
- case RsaKeyD:
- if (RsaKey->d == NULL) {
- return TRUE;
- }
- BnKey = RsaKey->d;
- break;
-
- //
- // RSA Secret Prime Factor of Modulus (p)
- //
- case RsaKeyP:
- if (RsaKey->p == NULL) {
- return TRUE;
- }
- BnKey = RsaKey->p;
- break;
-
- //
- // RSA Secret Prime Factor of Modules (q)
- //
- case RsaKeyQ:
- if (RsaKey->q == NULL) {
- return TRUE;
- }
- BnKey = RsaKey->q;
- break;
-
- //
- // p's CRT Exponent (== d mod (p - 1))
- //
- case RsaKeyDp:
- if (RsaKey->dmp1 == NULL) {
- return TRUE;
- }
- BnKey = RsaKey->dmp1;
- break;
-
- //
- // q's CRT Exponent (== d mod (q - 1))
- //
- case RsaKeyDq:
- if (RsaKey->dmq1 == NULL) {
- return TRUE;
- }
- BnKey = RsaKey->dmq1;
- break;
-
- //
- // The CRT Coefficient (== 1/q mod p)
- //
- case RsaKeyQInv:
- if (RsaKey->iqmp == NULL) {
- return TRUE;
- }
- BnKey = RsaKey->iqmp;
- break;
-
- default:
+ if (BnKey == NULL) {
return FALSE;
}
@@ -170,10 +144,12 @@ RsaGetKey (
}
if (BigNumber == NULL) {
- return FALSE;
+ *BnSize = Size;
+ return TRUE;
}
- *BnSize = BN_bn2bin (BnKey, BigNumber) ;
-
+
+ *BnSize = BN_bn2bin (BnKey, BigNumber);
+
return TRUE;
}
@@ -192,7 +168,7 @@ RsaGetKey (
@param[in, out] RsaContext Pointer to RSA context being set.
@param[in] ModulusLength Length of RSA modulus N in bits.
@param[in] PublicExponent Pointer to RSA public exponent.
- @param[in] PublicExponentSize Size of RSA public exponent buffer in bytes.
+ @param[in] PublicExponentSize Size of RSA public exponent buffer in bytes.
@retval TRUE RSA key component was generated successfully.
@retval FALSE Invalid RSA key component tag.
@@ -213,29 +189,29 @@ RsaGenerateKey (
//
// Check input parameters.
//
- if (RsaContext == NULL || ModulusLength > INT_MAX || PublicExponentSize > INT_MAX) {
+ if ((RsaContext == NULL) || (ModulusLength > INT_MAX) || (PublicExponentSize > INT_MAX)) {
return FALSE;
}
-
+
KeyE = BN_new ();
if (KeyE == NULL) {
return FALSE;
}
RetVal = FALSE;
-
+
if (PublicExponent == NULL) {
if (BN_set_word (KeyE, 0x10001) == 0) {
goto _Exit;
}
} else {
- if (BN_bin2bn (PublicExponent, (UINT32) PublicExponentSize, KeyE) == NULL) {
+ if (BN_bin2bn (PublicExponent, (UINT32)PublicExponentSize, KeyE) == NULL) {
goto _Exit;
}
}
- if (RSA_generate_key_ex ((RSA *) RsaContext, (UINT32) ModulusLength, KeyE, NULL) == 1) {
- RetVal = TRUE;
+ if (RSA_generate_key_ex ((RSA *)RsaContext, (UINT32)ModulusLength, KeyE, NULL) == 1) {
+ RetVal = TRUE;
}
_Exit:
@@ -244,7 +220,7 @@ _Exit:
}
/**
- Validates key components of RSA context.
+ Validates key components of RSA context.
NOTE: This function performs integrity checks on all the RSA key material, so
the RSA key structure must contain all the private key data.
@@ -276,13 +252,14 @@ RsaCheckKey (
if (RsaContext == NULL) {
return FALSE;
}
-
- if (RSA_check_key ((RSA *) RsaContext) != 1) {
+
+ if (RSA_check_key ((RSA *)RsaContext) != 1) {
Reason = ERR_GET_REASON (ERR_peek_last_error ());
- if (Reason == RSA_R_P_NOT_PRIME ||
- Reason == RSA_R_Q_NOT_PRIME ||
- Reason == RSA_R_N_DOES_NOT_EQUAL_P_Q ||
- Reason == RSA_R_D_E_NOT_CONGRUENT_TO_1) {
+ if ((Reason == RSA_R_P_NOT_PRIME) ||
+ (Reason == RSA_R_Q_NOT_PRIME) ||
+ (Reason == RSA_R_N_DOES_NOT_EQUAL_P_Q) ||
+ (Reason == RSA_R_D_E_NOT_CONGRUENT_TO_1))
+ {
return FALSE;
}
}
@@ -300,7 +277,7 @@ RsaCheckKey (
If RsaContext is NULL, then return FALSE.
If MessageHash is NULL, then return FALSE.
- If HashSize is not equal to the size of MD5, SHA-1 or SHA-256 digest, then return FALSE.
+ If HashSize is not equal to the size of MD5, SHA-1, SHA-256, SHA-384 or SHA-512 digest, then return FALSE.
If SigSize is large enough but Signature is NULL, then return FALSE.
@param[in] RsaContext Pointer to RSA context for signature generation.
@@ -325,56 +302,64 @@ RsaPkcs1Sign (
IN OUT UINTN *SigSize
)
{
- RSA *Rsa;
- UINTN Size;
- INT32 DigestType;
+ RSA *Rsa;
+ UINTN Size;
+ INT32 DigestType;
//
// Check input parameters.
//
- if (RsaContext == NULL || MessageHash == NULL) {
+ if ((RsaContext == NULL) || (MessageHash == NULL)) {
return FALSE;
}
- Rsa = (RSA *) RsaContext;
- Size = BN_num_bytes (Rsa->n);
+ Rsa = (RSA *)RsaContext;
+ Size = RSA_size (Rsa);
if (*SigSize < Size) {
*SigSize = Size;
return FALSE;
}
-
+
if (Signature == NULL) {
return FALSE;
}
-
+
//
// Determine the message digest algorithm according to digest size.
- // Only MD5, SHA-1 or SHA-256 algorithm is supported.
+ // Only MD5, SHA-1, SHA-256, SHA-384 or SHA-512 algorithm is supported.
//
switch (HashSize) {
- case MD5_DIGEST_SIZE:
- DigestType = NID_md5;
- break;
-
- case SHA1_DIGEST_SIZE:
- DigestType = NID_sha1;
- break;
-
- case SHA256_DIGEST_SIZE:
- DigestType = NID_sha256;
- break;
-
- default:
- return FALSE;
- }
-
- return (BOOLEAN) RSA_sign (
- DigestType,
- MessageHash,
- (UINT32) HashSize,
- Signature,
- (UINT32 *) SigSize,
- (RSA *) RsaContext
- );
+ case MD5_DIGEST_SIZE:
+ DigestType = NID_md5;
+ break;
+
+ case SHA1_DIGEST_SIZE:
+ DigestType = NID_sha1;
+ break;
+
+ case SHA256_DIGEST_SIZE:
+ DigestType = NID_sha256;
+ break;
+
+ case SHA384_DIGEST_SIZE:
+ DigestType = NID_sha384;
+ break;
+
+ case SHA512_DIGEST_SIZE:
+ DigestType = NID_sha512;
+ break;
+
+ default:
+ return FALSE;
+ }
+
+ return (BOOLEAN)RSA_sign (
+ DigestType,
+ MessageHash,
+ (UINT32)HashSize,
+ Signature,
+ (UINT32 *)SigSize,
+ (RSA *)RsaContext
+ );
}