]> git.proxmox.com Git - mirror_edk2.git/blame - CryptoPkg/Application/Cryptest/RsaVerify.c
projects / mirror_edk2.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Update CryptoPkg for new ciphers (HMAC, Block Cipher, etc) supports.
[mirror_edk2.git] / CryptoPkg / Application / Cryptest / RsaVerify.c
CommitLineData
a8c44645 1/** @file \r
2 Application for RSA Primitives Validation.\r
3\r
4Copyright (c) 2010, Intel Corporation. All rights reserved.<BR>\r
5This program and the accompanying materials\r
6are licensed and made available under the terms and conditions of the BSD License\r
7which accompanies this distribution. The full text of the license may be found at\r
8http://opensource.org/licenses/bsd-license.php\r
9\r
10THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
11WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
12\r
13**/\r
14\r
15#include "Cryptest.h"\r
16\r
17#define RSA_MODULUS_LENGTH 512\r
18\r
19//\r
20// RSA PKCS#1 Validation Data from OpenSSL "Fips_rsa_selftest.c"\r
21//\r
22\r
23//\r
24// Public Modulus of RSA Key\r
25//\r
26GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 RsaN[] = {\r
27 0xBB, 0xF8, 0x2F, 0x09, 0x06, 0x82, 0xCE, 0x9C, 0x23, 0x38, 0xAC, 0x2B, 0x9D, 0xA8, 0x71, 0xF7, \r
28 0x36, 0x8D, 0x07, 0xEE, 0xD4, 0x10, 0x43, 0xA4, 0x40, 0xD6, 0xB6, 0xF0, 0x74, 0x54, 0xF5, 0x1F,\r
29 0xB8, 0xDF, 0xBA, 0xAF, 0x03, 0x5C, 0x02, 0xAB, 0x61, 0xEA, 0x48, 0xCE, 0xEB, 0x6F, 0xCD, 0x48,\r
30 0x76, 0xED, 0x52, 0x0D, 0x60, 0xE1, 0xEC, 0x46, 0x19, 0x71, 0x9D, 0x8A, 0x5B, 0x8B, 0x80, 0x7F,\r
31 0xAF, 0xB8, 0xE0, 0xA3, 0xDF, 0xC7, 0x37, 0x72, 0x3E, 0xE6, 0xB4, 0xB7, 0xD9, 0x3A, 0x25, 0x84,\r
32 0xEE, 0x6A, 0x64, 0x9D, 0x06, 0x09, 0x53, 0x74, 0x88, 0x34, 0xB2, 0x45, 0x45, 0x98, 0x39, 0x4E,\r
33 0xE0, 0xAA, 0xB1, 0x2D, 0x7B, 0x61, 0xA5, 0x1F, 0x52, 0x7A, 0x9A, 0x41, 0xF6, 0xC1, 0x68, 0x7F,\r
34 0xE2, 0x53, 0x72, 0x98, 0xCA, 0x2A, 0x8F, 0x59, 0x46, 0xF8, 0xE5, 0xFD, 0x09, 0x1D, 0xBD, 0xCB\r
35 };\r
36\r
37//\r
38// Public Exponent of RSA Key\r
39//\r
40GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 RsaE[] = { 0x11 };\r
41\r
42//\r
43// Private Exponent of RSA Key\r
44//\r
45GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 RsaD[] = {\r
46 0xA5, 0xDA, 0xFC, 0x53, 0x41, 0xFA, 0xF2, 0x89, 0xC4, 0xB9, 0x88, 0xDB, 0x30, 0xC1, 0xCD, 0xF8,\r
47 0x3F, 0x31, 0x25, 0x1E, 0x06, 0x68, 0xB4, 0x27, 0x84, 0x81, 0x38, 0x01, 0x57, 0x96, 0x41, 0xB2,\r
48 0x94, 0x10, 0xB3, 0xC7, 0x99, 0x8D, 0x6B, 0xC4, 0x65, 0x74, 0x5E, 0x5C, 0x39, 0x26, 0x69, 0xD6,\r
49 0x87, 0x0D, 0xA2, 0xC0, 0x82, 0xA9, 0x39, 0xE3, 0x7F, 0xDC, 0xB8, 0x2E, 0xC9, 0x3E, 0xDA, 0xC9,\r
50 0x7F, 0xF3, 0xAD, 0x59, 0x50, 0xAC, 0xCF, 0xBC, 0x11, 0x1C, 0x76, 0xF1, 0xA9, 0x52, 0x94, 0x44,\r
51 0xE5, 0x6A, 0xAF, 0x68, 0xC5, 0x6C, 0x09, 0x2C, 0xD3, 0x8D, 0xC3, 0xBE, 0xF5, 0xD2, 0x0A, 0x93,\r
52 0x99, 0x26, 0xED, 0x4F, 0x74, 0xA1, 0x3E, 0xDD, 0xFB, 0xE1, 0xA1, 0xCE, 0xCC, 0x48, 0x94, 0xAF,\r
53 0x94, 0x28, 0xC2, 0xB7, 0xB8, 0x88, 0x3F, 0xE4, 0x46, 0x3A, 0x4B, 0xC8, 0x5B, 0x1C, 0xB3, 0xC1\r
54 };\r
55\r
56//\r
57// Known Answer Test (KAT) Data for RSA PKCS#1 Signing\r
58//\r
59GLOBAL_REMOVE_IF_UNREFERENCED CONST CHAR8 RsaSignData[] = "OpenSSL FIPS 140-2 Public Key RSA KAT";\r
60\r
61//\r
62// Known Signature for the above message, under SHA-1 Digest\r
63//\r
64GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 RsaPkcs1Signature[] = {\r
65 0x71, 0xEE, 0x1A, 0xC0, 0xFE, 0x01, 0x93, 0x54, 0x79, 0x5C, 0xF2, 0x4C, 0x4A, 0xFD, 0x1A, 0x05,\r
66 0x8F, 0x64, 0xB1, 0x6D, 0x61, 0x33, 0x8D, 0x9B, 0xE7, 0xFD, 0x60, 0xA3, 0x83, 0xB5, 0xA3, 0x51,\r
67 0x55, 0x77, 0x90, 0xCF, 0xDC, 0x22, 0x37, 0x8E, 0xD0, 0xE1, 0xAE, 0x09, 0xE3, 0x3D, 0x1E, 0xF8,\r
68 0x80, 0xD1, 0x8B, 0xC2, 0xEC, 0x0A, 0xD7, 0x6B, 0x88, 0x8B, 0x8B, 0xA1, 0x20, 0x22, 0xBE, 0x59,\r
69 0x5B, 0xE0, 0x23, 0x24, 0xA1, 0x49, 0x30, 0xBA, 0xA9, 0x9E, 0xE8, 0xB1, 0x8A, 0x62, 0x16, 0xBF,\r
70 0x4E, 0xCA, 0x2E, 0x4E, 0xBC, 0x29, 0xA8, 0x67, 0x13, 0xB7, 0x9F, 0x1D, 0x04, 0x44, 0xE5, 0x5F,\r
71 0x35, 0x07, 0x11, 0xBC, 0xED, 0x19, 0x37, 0x21, 0xCF, 0x23, 0x48, 0x1F, 0x72, 0x05, 0xDE, 0xE6,\r
72 0xE8, 0x7F, 0x33, 0x8A, 0x76, 0x4B, 0x2F, 0x95, 0xDF, 0xF1, 0x5F, 0x84, 0x80, 0xD9, 0x46, 0xB4\r
73 };\r
74\r
75//\r
76// Default public key 0x10001 = 65537\r
77//\r
78GLOBAL_REMOVE_IF_UNREFERENCED CONST UINT8 DefaultPublicKey[] = {\r
79 0x01, 0x00, 0x01\r
80};\r
81\r
82/**\r
83 Validate UEFI-OpenSSL RSA Interfaces.\r
84\r
85 @retval EFI_SUCCESS Validation succeeded.\r
86 @retval EFI_ABORTED Validation failed.\r
87\r
88**/\r
89EFI_STATUS\r
90ValidateCryptRsa (\r
91 VOID\r
92 )\r
93{\r
94 VOID *Rsa;\r
95 UINT8 HashValue[SHA1_DIGEST_SIZE];\r
96 UINTN HashSize;\r
97 UINTN CtxSize;\r
98 VOID *Sha1Ctx;\r
99 UINT8 *Signature;\r
100 UINTN SigSize;\r
101 BOOLEAN Status;\r
102 UINTN KeySize;\r
103 UINT8 *KeyBuffer;\r
104\r
105 Print (L"\nUEFI-OpenSSL RSA Engine Testing: ");\r
106\r
107 //\r
108 // Generate & Initialize RSA Context\r
109 //\r
110 Rsa = RsaNew ();\r
111 Print (L"\n- Generate RSA Context ... ");\r
112 if (Rsa == NULL) {\r
113 Print (L"[Fail]");\r
114 return EFI_ABORTED;\r
115 }\r
116\r
117 //\r
118 // Set/Get RSA Key Components\r
119 //\r
120 Print (L"Set/Get RSA Key Components ... ");\r
121\r
122 //\r
123 // Set/Get RSA Key N\r
124 //\r
125 Status = RsaSetKey (Rsa, RsaKeyN, RsaN, sizeof (RsaN));\r
126 if (!Status) {\r
127 Print (L"[Fail]");\r
128 return EFI_ABORTED;\r
129 }\r
130\r
131 KeySize = 0;\r
132 Status = RsaGetKey (Rsa, RsaKeyN, NULL, &KeySize);\r
133 if (Status || KeySize != sizeof (RsaN)) {\r
134 Print (L"[Fail]");\r
135 return EFI_ABORTED;\r
136 }\r
137\r
138 KeyBuffer = AllocatePool (KeySize);\r
139 Status = RsaGetKey (Rsa, RsaKeyN, KeyBuffer, &KeySize);\r
140 if (!Status || KeySize != sizeof (RsaN)) {\r
141 Print (L"[Fail]");\r
142 return EFI_ABORTED;\r
143 }\r
144\r
145 if (CompareMem (KeyBuffer, RsaN, KeySize) != 0) {\r
146 Print (L"[Fail]");\r
147 return EFI_ABORTED;\r
148 }\r
149\r
150 FreePool (KeyBuffer);\r
151\r
152 //\r
153 // Set/Get RSA Key E\r
154 //\r
155 Status = RsaSetKey (Rsa, RsaKeyE, RsaE, sizeof (RsaE));\r
156 if (!Status) {\r
157 Print (L"[Fail]");\r
158 return EFI_ABORTED;\r
159 }\r
160\r
161 KeySize = 0;\r
162 Status = RsaGetKey (Rsa, RsaKeyE, NULL, &KeySize);\r
163 if (Status || KeySize != sizeof (RsaE)) {\r
164 Print (L"[Fail]");\r
165 return EFI_ABORTED;\r
166 }\r
167\r
168 KeyBuffer = AllocatePool (KeySize);\r
169 Status = RsaGetKey (Rsa, RsaKeyE, KeyBuffer, &KeySize);\r
170 if (!Status || KeySize != sizeof (RsaE)) {\r
171 Print (L"[Fail]");\r
172 return EFI_ABORTED;\r
173 }\r
174\r
175 if (CompareMem (KeyBuffer, RsaE, KeySize) != 0) {\r
176 Print (L"[Fail]");\r
177 return EFI_ABORTED;\r
178 }\r
179\r
180 FreePool (KeyBuffer);\r
181\r
182 //\r
183 // Clear/Get RSA Key Components\r
184 //\r
185 Print (L"Clear/Get RSA Key Components ... ");\r
186\r
187 //\r
188 // Clear/Get RSA Key N\r
189 //\r
190 Status = RsaSetKey (Rsa, RsaKeyN, NULL, 0);\r
191 if (!Status) {\r
192 Print (L"[Fail]");\r
193 return EFI_ABORTED;\r
194 }\r
195\r
196 KeySize = 1;\r
197 Status = RsaGetKey (Rsa, RsaKeyN, NULL, &KeySize);\r
198 if (!Status || KeySize != 0) {\r
199 Print (L"[Fail]");\r
200 return EFI_ABORTED;\r
201 }\r
202\r
203 //\r
204 // Clear/Get RSA Key E\r
205 //\r
206 Status = RsaSetKey (Rsa, RsaKeyE, NULL, 0);\r
207 if (!Status) {\r
208 Print (L"[Fail]");\r
209 return EFI_ABORTED;\r
210 }\r
211\r
212 KeySize = 1;\r
213 Status = RsaGetKey (Rsa, RsaKeyE, NULL, &KeySize);\r
214 if (!Status || KeySize != 0) {\r
215 Print (L"[Fail]");\r
216 return EFI_ABORTED;\r
217 }\r
218\r
219 //\r
220 // Generate RSA Key Components\r
221 //\r
222 Print (L"Generate RSA Key Components ... ");\r
223\r
224 Status = RsaGenerateKey (Rsa, RSA_MODULUS_LENGTH, NULL, 0);\r
225 if (!Status) {\r
226 Print (L"[Fail]");\r
227 return EFI_ABORTED;\r
228 }\r
229\r
230 KeySize = RSA_MODULUS_LENGTH / 8;\r
231 KeyBuffer = AllocatePool (KeySize);\r
232 Status = RsaGetKey (Rsa, RsaKeyE, KeyBuffer, &KeySize);\r
233 if (!Status) {\r
234 Print (L"[Fail]");\r
235 return EFI_ABORTED;\r
236 }\r
237 \r
238 if (KeySize != 3 ||\r
239 CompareMem (KeyBuffer, DefaultPublicKey, 3) != 0) {\r
240 Print (L"[Fail]");\r
241 return EFI_ABORTED;\r
242 }\r
243\r
244 KeySize = RSA_MODULUS_LENGTH / 8;\r
245 Status = RsaGetKey (Rsa, RsaKeyN, KeyBuffer, &KeySize);\r
246 if (!Status) {\r
247 Print (L"[Fail]");\r
248 return EFI_ABORTED;\r
249 }\r
250\r
251 if (KeySize != RSA_MODULUS_LENGTH / 8) {\r
252 Print (L"[Fail]");\r
253 return EFI_ABORTED;\r
254 }\r
255\r
256 if (!RsaCheckKey (Rsa)) {\r
257 Print (L"[Fail]");\r
258 return EFI_ABORTED;\r
259 }\r
260\r
261 //\r
262 // Check invalid RSA key components\r
263 //\r
264 Print (L"Check Invalid RSA Key Components ... ");\r
265\r
266 Status = RsaSetKey (Rsa, RsaKeyN, RsaN, sizeof (RsaN));\r
267 if (!Status) {\r
268 Print (L"[Fail]");\r
269 return EFI_ABORTED;\r
270 }\r
271\r
272 if (RsaCheckKey (Rsa)) {\r
273 Print (L"[Fail]");\r
274 return EFI_ABORTED;\r
275 }\r
276\r
277 Status = RsaSetKey (Rsa, RsaKeyN, KeyBuffer, KeySize);\r
278 if (!Status) {\r
279 Print (L"[Fail]");\r
280 return EFI_ABORTED;\r
281 }\r
282\r
283 if (!RsaCheckKey (Rsa)) {\r
284 Print (L"[Fail]");\r
285 return EFI_ABORTED;\r
286 }\r
287\r
288 Status = RsaSetKey (Rsa, RsaKeyE, RsaE, sizeof (RsaE));\r
289 if (!Status) {\r
290 Print (L"[Fail]");\r
291 return EFI_ABORTED;\r
292 }\r
293\r
294 if (RsaCheckKey (Rsa)) {\r
295 Print (L"[Fail]");\r
296 return EFI_ABORTED;\r
297 }\r
298\r
299 FreePool (KeyBuffer);\r
300\r
301 //\r
302 // SHA-1 Digest Message for PKCS#1 Signature \r
303 //\r
304 Print (L"Hash Original Message ... ");\r
305 HashSize = SHA1_DIGEST_SIZE;\r
306 ZeroMem (HashValue, HashSize);\r
307 CtxSize = Sha1GetContextSize ();\r
308 Sha1Ctx = AllocatePool (CtxSize);\r
309\r
310 Status = Sha1Init (Sha1Ctx);\r
311 if (!Status) {\r
312 Print (L"[Fail]");\r
313 return EFI_ABORTED;\r
314 }\r
315\r
316 Status = Sha1Update (Sha1Ctx, RsaSignData, AsciiStrLen (RsaSignData));\r
317 if (!Status) {\r
318 Print (L"[Fail]");\r
319 return EFI_ABORTED;\r
320 }\r
321\r
322 Status = Sha1Final (Sha1Ctx, HashValue);\r
323 if (!Status) {\r
324 Print (L"[Fail]");\r
325 return EFI_ABORTED;\r
326 }\r
327\r
328 FreePool (Sha1Ctx);\r
329\r
330 //\r
331 // Sign RSA PKCS#1-encoded Signature\r
332 //\r
333 Print (L"PKCS#1 Signature ... ");\r
334\r
335 RsaFree (Rsa);\r
336\r
337 Rsa = RsaNew ();\r
338 if (Rsa == NULL) {\r
339 Print (L"[Fail]");\r
340 return EFI_ABORTED;\r
341 }\r
342\r
343 Status = RsaSetKey (Rsa, RsaKeyN, RsaN, sizeof (RsaN));\r
344 if (!Status) {\r
345 Print (L"[Fail]");\r
346 return EFI_ABORTED;\r
347 }\r
348\r
349 Status = RsaSetKey (Rsa, RsaKeyE, RsaE, sizeof (RsaE));\r
350 if (!Status) {\r
351 Print (L"[Fail]");\r
352 return EFI_ABORTED;\r
353 }\r
354\r
355 Status = RsaSetKey (Rsa, RsaKeyD, RsaD, sizeof (RsaD));\r
356 if (!Status) {\r
357 Print (L"[Fail]");\r
358 return EFI_ABORTED;\r
359 }\r
360\r
361 SigSize = 0;\r
362 Status = RsaPkcs1Sign (Rsa, HashValue, HashSize, NULL, &SigSize);\r
363 if (Status || SigSize == 0) {\r
364 Print (L"[Fail]");\r
365 return EFI_ABORTED;\r
366 }\r
367\r
368 Signature = AllocatePool (SigSize);\r
369 Status = RsaPkcs1Sign (Rsa, HashValue, HashSize, Signature, &SigSize);\r
370 if (!Status) {\r
371 Print (L"[Fail]");\r
372 return EFI_ABORTED;\r
373 }\r
374\r
375 if (SigSize != sizeof (RsaPkcs1Signature)) {\r
376 Print (L"[Fail]");\r
377 return EFI_ABORTED;\r
378 }\r
379\r
380 if (CompareMem (Signature, RsaPkcs1Signature, SigSize) != 0) {\r
381 Print (L"[Fail]");\r
382 return EFI_ABORTED;\r
383 }\r
384\r
385 //\r
386 // Verify RSA PKCS#1-encoded Signature\r
387 //\r
388\r
389 Print (L"PKCS#1 Signature Verification ... ");\r
390\r
391 Status = RsaPkcs1Verify (Rsa, HashValue, HashSize, Signature, SigSize);\r
392 if (!Status) {\r
393 Print (L"[Fail]");\r
394 return EFI_ABORTED;\r
395 }\r
396\r
397 //\r
398 // Release Resources\r
399 //\r
400 RsaFree (Rsa);\r
401 Print (L"Release RSA Context ... [Pass]");\r
402\r
403 Print (L"\n");\r
404\r
405 return EFI_SUCCESS;\r
406}\r
EFI Development Kit II mirror for PVE