[mirror_edk2.git] / CryptoPkg / Library / BaseCryptLib / Pk / CryptRsaBasic.c

/** @file\r
  RSA Asymmetric Cipher Wrapper Implementation over OpenSSL.\r
\r
  This file implements following APIs which provide basic capabilities for RSA:\r
  1) RsaNew\r
  2) RsaFree\r
  3) RsaSetKey\r
  4) RsaPkcs1Verify\r
\r
Copyright (c) 2009 - 2013, Intel Corporation. All rights reserved.<BR>\r
This program and the accompanying materials\r
are licensed and made available under the terms and conditions of the BSD License\r
which accompanies this distribution.  The full text of the license may be found at\r
http://opensource.org/licenses/bsd-license.php\r
\r
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
\r
**/\r
\r
#include "InternalCryptLib.h"\r
\r
#include <openssl/rsa.h>\r
#include <openssl/objects.h>\r
\r
/**\r
  Allocates and initializes one RSA context for subsequent use.\r
\r
  @return  Pointer to the RSA context that has been initialized.\r
           If the allocations fails, RsaNew() returns NULL.\r
\r
**/\r
VOID *\r
EFIAPI\r
RsaNew (\r
  VOID\r
  )\r
{\r
  //\r
  // Allocates & Initializes RSA Context by OpenSSL RSA_new()\r
  //\r
  return (VOID *) RSA_new ();\r
}\r
\r
/**\r
  Release the specified RSA context.\r
\r
  @param[in]  RsaContext  Pointer to the RSA context to be released.\r
\r
**/\r
VOID\r
EFIAPI\r
RsaFree (\r
  IN  VOID  *RsaContext\r
  )\r
{\r
  //\r
  // Free OpenSSL RSA Context\r
  //\r
  RSA_free ((RSA *) RsaContext);\r
}\r
\r
/**\r
  Sets the tag-designated key component into the established RSA context.\r
\r
  This function sets the tag-designated RSA key component into the established\r
  RSA context from the user-specified non-negative integer (octet string format\r
  represented in RSA PKCS#1).\r
  If BigNumber is NULL, then the specified key componenet in RSA context is cleared.\r
\r
  If RsaContext is NULL, then return FALSE.\r
\r
  @param[in, out]  RsaContext  Pointer to RSA context being set.\r
  @param[in]       KeyTag      Tag of RSA key component being set.\r
  @param[in]       BigNumber   Pointer to octet integer buffer.\r
                               If NULL, then the specified key componenet in RSA\r
                               context is cleared.\r
  @param[in]       BnSize      Size of big number buffer in bytes.\r
                               If BigNumber is NULL, then it is ignored.\r
\r
  @retval  TRUE   RSA key component was set successfully.\r
  @retval  FALSE  Invalid RSA key component tag.\r
\r
**/\r
BOOLEAN\r
EFIAPI\r
RsaSetKey (\r
  IN OUT  VOID         *RsaContext,\r
  IN      RSA_KEY_TAG  KeyTag,\r
  IN      CONST UINT8  *BigNumber,\r
  IN      UINTN        BnSize\r
  )\r
{\r
  RSA  *RsaKey;\r
\r
  //\r
  // Check input parameters.\r
  //\r
  if (RsaContext == NULL || BnSize > INT_MAX) {\r
    return FALSE;\r
  }\r
\r
  RsaKey = (RSA *) RsaContext;\r
  //\r
  // Set RSA Key Components by converting octet string to OpenSSL BN representation.\r
  // NOTE: For RSA public key (used in signature verification), only public components\r
  //       (N, e) are needed.\r
  //\r
  switch (KeyTag) {\r
\r
  //\r
  // RSA Public Modulus (N)\r
  //\r
  case RsaKeyN:\r
    if (RsaKey->n != NULL) {\r
      BN_free (RsaKey->n);\r
    }\r
    RsaKey->n = NULL;\r
    if (BigNumber == NULL) {\r
      break;\r
    }\r
    RsaKey->n = BN_bin2bn (BigNumber, (UINT32) BnSize, RsaKey->n);\r
    if (RsaKey->n == NULL) {\r
      return FALSE;\r
    }\r
\r
    break;\r
\r
  //\r
  // RSA Public Exponent (e)\r
  //\r
  case RsaKeyE:\r
    if (RsaKey->e != NULL) {\r
      BN_free (RsaKey->e);\r
    }\r
    RsaKey->e = NULL;\r
    if (BigNumber == NULL) {\r
      break;\r
    }\r
    RsaKey->e = BN_bin2bn (BigNumber, (UINT32) BnSize, RsaKey->e);\r
    if (RsaKey->e == NULL) {\r
      return FALSE;\r
    }\r
\r
    break;\r
\r
  //\r
  // RSA Private Exponent (d)\r
  //\r
  case RsaKeyD:\r
    if (RsaKey->d != NULL) {\r
      BN_free (RsaKey->d);\r
    }\r
    RsaKey->d = NULL;\r
    if (BigNumber == NULL) {\r
      break;\r
    }\r
    RsaKey->d = BN_bin2bn (BigNumber, (UINT32) BnSize, RsaKey->d);\r
    if (RsaKey->d == NULL) {\r
      return FALSE;\r
    }\r
\r
    break;\r
\r
  //\r
  // RSA Secret Prime Factor of Modulus (p)\r
  //\r
  case RsaKeyP:\r
    if (RsaKey->p != NULL) {\r
      BN_free (RsaKey->p);\r
    }\r
    RsaKey->p = NULL;\r
    if (BigNumber == NULL) {\r
      break;\r
    }\r
    RsaKey->p = BN_bin2bn (BigNumber, (UINT32) BnSize, RsaKey->p);\r
    if (RsaKey->p == NULL) {\r
      return FALSE;\r
    }\r
\r
    break;\r
\r
  //\r
  // RSA Secret Prime Factor of Modules (q)\r
  //\r
  case RsaKeyQ:\r
    if (RsaKey->q != NULL) {\r
      BN_free (RsaKey->q);\r
    }\r
    RsaKey->q = NULL;\r
    if (BigNumber == NULL) {\r
      break;\r
    }\r
    RsaKey->q = BN_bin2bn (BigNumber, (UINT32) BnSize, RsaKey->q);\r
    if (RsaKey->q == NULL) {\r
      return FALSE;\r
    }\r
\r
    break;\r
\r
  //\r
  // p's CRT Exponent (== d mod (p - 1))\r
  //\r
  case RsaKeyDp:\r
    if (RsaKey->dmp1 != NULL) {\r
      BN_free (RsaKey->dmp1);\r
    }\r
    RsaKey->dmp1 = NULL;\r
    if (BigNumber == NULL) {\r
      break;\r
    }\r
    RsaKey->dmp1 = BN_bin2bn (BigNumber, (UINT32) BnSize, RsaKey->dmp1);\r
    if (RsaKey->dmp1 == NULL) {\r
      return FALSE;\r
    }\r
\r
    break;\r
\r
  //\r
  // q's CRT Exponent (== d mod (q - 1))\r
  //\r
  case RsaKeyDq:\r
    if (RsaKey->dmq1 != NULL) {\r
      BN_free (RsaKey->dmq1);\r
    }\r
    RsaKey->dmq1 = NULL;\r
    if (BigNumber == NULL) {\r
      break;\r
    }\r
    RsaKey->dmq1 = BN_bin2bn (BigNumber, (UINT32) BnSize, RsaKey->dmq1);\r
    if (RsaKey->dmq1 == NULL) {\r
      return FALSE;\r
    }\r
\r
    break;\r
\r
  //\r
  // The CRT Coefficient (== 1/q mod p)\r
  //\r
  case RsaKeyQInv:\r
    if (RsaKey->iqmp != NULL) {\r
      BN_free (RsaKey->iqmp);\r
    }\r
    RsaKey->iqmp = NULL;\r
    if (BigNumber == NULL) {\r
      break;\r
    }\r
    RsaKey->iqmp = BN_bin2bn (BigNumber, (UINT32) BnSize, RsaKey->iqmp);\r
    if (RsaKey->iqmp == NULL) {\r
      return FALSE;\r
    }\r
\r
    break;\r
\r
  default:\r
    return FALSE;\r
  }\r
\r
  return TRUE;\r
}\r
\r
/**\r
  Verifies the RSA-SSA signature with EMSA-PKCS1-v1_5 encoding scheme defined in\r
  RSA PKCS#1.\r
\r
  If RsaContext is NULL, then return FALSE.\r
  If MessageHash is NULL, then return FALSE.\r
  If Signature is NULL, then return FALSE.\r
  If HashSize is not equal to the size of MD5, SHA-1 or SHA-256 digest, then return FALSE.\r
\r
  @param[in]  RsaContext   Pointer to RSA context for signature verification.\r
  @param[in]  MessageHash  Pointer to octet message hash to be checked.\r
  @param[in]  HashSize     Size of the message hash in bytes.\r
  @param[in]  Signature    Pointer to RSA PKCS1-v1_5 signature to be verified.\r
  @param[in]  SigSize      Size of signature in bytes.\r
\r
  @retval  TRUE   Valid signature encoded in PKCS1-v1_5.\r
  @retval  FALSE  Invalid signature or invalid RSA context.\r
\r
**/\r
BOOLEAN\r
EFIAPI\r
RsaPkcs1Verify (\r
  IN  VOID         *RsaContext,\r
  IN  CONST UINT8  *MessageHash,\r
  IN  UINTN        HashSize,\r
  IN  CONST UINT8  *Signature,\r
  IN  UINTN        SigSize\r
  )\r
{\r
  INT32    DigestType;\r
  UINT8    *SigBuf;\r
\r
  //\r
  // Check input parameters.\r
  //\r
  if (RsaContext == NULL || MessageHash == NULL || Signature == NULL) {\r
    return FALSE;\r
  }\r
\r
  if (SigSize > INT_MAX || SigSize == 0) {\r
    return FALSE;\r
  }\r
\r
  //\r
  // Determine the message digest algorithm according to digest size.\r
  //   Only MD5, SHA-1 or SHA-256 algorithm is supported. \r
  //\r
  switch (HashSize) {\r
  case MD5_DIGEST_SIZE:\r
    DigestType = NID_md5;\r
    break;\r
    \r
  case SHA1_DIGEST_SIZE:\r
    DigestType = NID_sha1;\r
    break;\r
    \r
  case SHA256_DIGEST_SIZE:\r
    DigestType = NID_sha256;\r
    break;\r
\r
  default:\r
    return FALSE;\r
  }\r
\r
  SigBuf = (UINT8 *) Signature;\r
  return (BOOLEAN) RSA_verify (\r
                     DigestType,\r
                     MessageHash,\r
                     (UINT32) HashSize,\r
                     SigBuf,\r
                     (UINT32) SigSize,\r
                     (RSA *) RsaContext\r
                     );\r
}\r
Commit	Line	Data
532616bb	1	/** @file\r
	2	RSA Asymmetric Cipher Wrapper Implementation over OpenSSL.\r
	3	\r
	4	This file implements following APIs which provide basic capabilities for RSA:\r
	5	1) RsaNew\r
	6	2) RsaFree\r
	7	3) RsaSetKey\r
	8	4) RsaPkcs1Verify\r
	9	\r
86b5c3ee	10	Copyright (c) 2009 - 2013, Intel Corporation. All rights reserved.<BR>\r
532616bb	11	This program and the accompanying materials\r
	12	are licensed and made available under the terms and conditions of the BSD License\r
	13	which accompanies this distribution. The full text of the license may be found at\r
	14	http://opensource.org/licenses/bsd-license.php\r
	15	\r
	16	THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
	17	WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
	18	\r
	19	**/\r
	20	\r
	21	#include "InternalCryptLib.h"\r
	22	\r
	23	#include <openssl/rsa.h>\r
86b5c3ee	24	#include <openssl/objects.h>\r
532616bb	25	\r
	26	/**\r
	27	Allocates and initializes one RSA context for subsequent use.\r
	28	\r
	29	@return Pointer to the RSA context that has been initialized.\r
	30	If the allocations fails, RsaNew() returns NULL.\r
	31	\r
	32	**/\r
	33	VOID *\r
	34	EFIAPI\r
	35	RsaNew (\r
	36	VOID\r
	37	)\r
	38	{\r
	39	//\r
	40	// Allocates & Initializes RSA Context by OpenSSL RSA_new()\r
	41	//\r
6b8ebcb8	42	return (VOID *) RSA_new ();\r
532616bb	43	}\r
	44	\r
	45	/**\r
	46	Release the specified RSA context.\r
	47	\r
	48	@param[in] RsaContext Pointer to the RSA context to be released.\r
	49	\r
	50	**/\r
	51	VOID\r
	52	EFIAPI\r
	53	RsaFree (\r
	54	IN VOID *RsaContext\r
	55	)\r
	56	{\r
	57	//\r
	58	// Free OpenSSL RSA Context\r
	59	//\r
6b8ebcb8	60	RSA_free ((RSA *) RsaContext);\r
532616bb	61	}\r
	62	\r
	63	/**\r
	64	Sets the tag-designated key component into the established RSA context.\r
	65	\r
	66	This function sets the tag-designated RSA key component into the established\r
	67	RSA context from the user-specified non-negative integer (octet string format\r
	68	represented in RSA PKCS#1).\r
	69	If BigNumber is NULL, then the specified key componenet in RSA context is cleared.\r
	70	\r
	71	If RsaContext is NULL, then return FALSE.\r
	72	\r
	73	@param[in, out] RsaContext Pointer to RSA context being set.\r
	74	@param[in] KeyTag Tag of RSA key component being set.\r
	75	@param[in] BigNumber Pointer to octet integer buffer.\r
	76	If NULL, then the specified key componenet in RSA\r
	77	context is cleared.\r
	78	@param[in] BnSize Size of big number buffer in bytes.\r
	79	If BigNumber is NULL, then it is ignored.\r
	80	\r
	81	@retval TRUE RSA key component was set successfully.\r
	82	@retval FALSE Invalid RSA key component tag.\r
	83	\r
	84	**/\r
	85	BOOLEAN\r
	86	EFIAPI\r
	87	RsaSetKey (\r
	88	IN OUT VOID *RsaContext,\r
	89	IN RSA_KEY_TAG KeyTag,\r
	90	IN CONST UINT8 *BigNumber,\r
	91	IN UINTN BnSize\r
	92	)\r
	93	{\r
	94	RSA *RsaKey;\r
	95	\r
	96	//\r
	97	// Check input parameters.\r
	98	//\r
dda39f3a	99	if (RsaContext == NULL \|\| BnSize > INT_MAX) {\r
532616bb	100	return FALSE;\r
	101	}\r
	102	\r
6b8ebcb8	103	RsaKey = (RSA *) RsaContext;\r
532616bb	104	//\r
	105	// Set RSA Key Components by converting octet string to OpenSSL BN representation.\r
	106	// NOTE: For RSA public key (used in signature verification), only public components\r
	107	// (N, e) are needed.\r
	108	//\r
	109	switch (KeyTag) {\r
	110	\r
	111	//\r
	112	// RSA Public Modulus (N)\r
	113	//\r
	114	case RsaKeyN:\r
	115	if (RsaKey->n != NULL) {\r
	116	BN_free (RsaKey->n);\r
	117	}\r
	118	RsaKey->n = NULL;\r
	119	if (BigNumber == NULL) {\r
	120	break;\r
	121	}\r
	122	RsaKey->n = BN_bin2bn (BigNumber, (UINT32) BnSize, RsaKey->n);\r
dda39f3a	123	if (RsaKey->n == NULL) {\r
	124	return FALSE;\r
	125	}\r
	126	\r
532616bb	127	break;\r
	128	\r
	129	//\r
	130	// RSA Public Exponent (e)\r
	131	//\r
	132	case RsaKeyE:\r
	133	if (RsaKey->e != NULL) {\r
	134	BN_free (RsaKey->e);\r
	135	}\r
	136	RsaKey->e = NULL;\r
	137	if (BigNumber == NULL) {\r
	138	break;\r
	139	}\r
	140	RsaKey->e = BN_bin2bn (BigNumber, (UINT32) BnSize, RsaKey->e);\r
dda39f3a	141	if (RsaKey->e == NULL) {\r
	142	return FALSE;\r
	143	}\r
	144	\r
532616bb	145	break;\r
	146	\r
	147	//\r
	148	// RSA Private Exponent (d)\r
	149	//\r
	150	case RsaKeyD:\r
	151	if (RsaKey->d != NULL) {\r
	152	BN_free (RsaKey->d);\r
	153	}\r
	154	RsaKey->d = NULL;\r
	155	if (BigNumber == NULL) {\r
	156	break;\r
	157	}\r
	158	RsaKey->d = BN_bin2bn (BigNumber, (UINT32) BnSize, RsaKey->d);\r
dda39f3a	159	if (RsaKey->d == NULL) {\r
	160	return FALSE;\r
	161	}\r
	162	\r
532616bb	163	break;\r
	164	\r
	165	//\r
	166	// RSA Secret Prime Factor of Modulus (p)\r
	167	//\r
	168	case RsaKeyP:\r
	169	if (RsaKey->p != NULL) {\r
	170	BN_free (RsaKey->p);\r
	171	}\r
	172	RsaKey->p = NULL;\r
	173	if (BigNumber == NULL) {\r
	174	break;\r
	175	}\r
	176	RsaKey->p = BN_bin2bn (BigNumber, (UINT32) BnSize, RsaKey->p);\r
dda39f3a	177	if (RsaKey->p == NULL) {\r
	178	return FALSE;\r
	179	}\r
	180	\r
532616bb	181	break;\r
	182	\r
	183	//\r
	184	// RSA Secret Prime Factor of Modules (q)\r
	185	//\r
	186	case RsaKeyQ:\r
	187	if (RsaKey->q != NULL) {\r
	188	BN_free (RsaKey->q);\r
	189	}\r
	190	RsaKey->q = NULL;\r
	191	if (BigNumber == NULL) {\r
	192	break;\r
	193	}\r
	194	RsaKey->q = BN_bin2bn (BigNumber, (UINT32) BnSize, RsaKey->q);\r
dda39f3a	195	if (RsaKey->q == NULL) {\r
	196	return FALSE;\r
	197	}\r
	198	\r
532616bb	199	break;\r
	200	\r
	201	//\r
	202	// p's CRT Exponent (== d mod (p - 1))\r
	203	//\r
	204	case RsaKeyDp:\r
	205	if (RsaKey->dmp1 != NULL) {\r
	206	BN_free (RsaKey->dmp1);\r
	207	}\r
	208	RsaKey->dmp1 = NULL;\r
	209	if (BigNumber == NULL) {\r
	210	break;\r
	211	}\r
	212	RsaKey->dmp1 = BN_bin2bn (BigNumber, (UINT32) BnSize, RsaKey->dmp1);\r
dda39f3a	213	if (RsaKey->dmp1 == NULL) {\r
	214	return FALSE;\r
	215	}\r
	216	\r
532616bb	217	break;\r
	218	\r
	219	//\r
	220	// q's CRT Exponent (== d mod (q - 1))\r
	221	//\r
	222	case RsaKeyDq:\r
	223	if (RsaKey->dmq1 != NULL) {\r
	224	BN_free (RsaKey->dmq1);\r
	225	}\r
	226	RsaKey->dmq1 = NULL;\r
	227	if (BigNumber == NULL) {\r
	228	break;\r
	229	}\r
	230	RsaKey->dmq1 = BN_bin2bn (BigNumber, (UINT32) BnSize, RsaKey->dmq1);\r
dda39f3a	231	if (RsaKey->dmq1 == NULL) {\r
	232	return FALSE;\r
	233	}\r
	234	\r
532616bb	235	break;\r
	236	\r
	237	//\r
	238	// The CRT Coefficient (== 1/q mod p)\r
	239	//\r
	240	case RsaKeyQInv:\r
	241	if (RsaKey->iqmp != NULL) {\r
	242	BN_free (RsaKey->iqmp);\r
	243	}\r
	244	RsaKey->iqmp = NULL;\r
	245	if (BigNumber == NULL) {\r
	246	break;\r
	247	}\r
	248	RsaKey->iqmp = BN_bin2bn (BigNumber, (UINT32) BnSize, RsaKey->iqmp);\r
dda39f3a	249	if (RsaKey->iqmp == NULL) {\r
	250	return FALSE;\r
	251	}\r
	252	\r
532616bb	253	break;\r
	254	\r
	255	default:\r
	256	return FALSE;\r
	257	}\r
	258	\r
	259	return TRUE;\r
	260	}\r
	261	\r
	262	/**\r
	263	Verifies the RSA-SSA signature with EMSA-PKCS1-v1_5 encoding scheme defined in\r
	264	RSA PKCS#1.\r
	265	\r
	266	If RsaContext is NULL, then return FALSE.\r
	267	If MessageHash is NULL, then return FALSE.\r
	268	If Signature is NULL, then return FALSE.\r
	269	If HashSize is not equal to the size of MD5, SHA-1 or SHA-256 digest, then return FALSE.\r
	270	\r
	271	@param[in] RsaContext Pointer to RSA context for signature verification.\r
	272	@param[in] MessageHash Pointer to octet message hash to be checked.\r
	273	@param[in] HashSize Size of the message hash in bytes.\r
	274	@param[in] Signature Pointer to RSA PKCS1-v1_5 signature to be verified.\r
	275	@param[in] SigSize Size of signature in bytes.\r
	276	\r
	277	@retval TRUE Valid signature encoded in PKCS1-v1_5.\r
	278	@retval FALSE Invalid signature or invalid RSA context.\r
	279	\r
	280	**/\r
	281	BOOLEAN\r
	282	EFIAPI\r
	283	RsaPkcs1Verify (\r
	284	IN VOID *RsaContext,\r
	285	IN CONST UINT8 *MessageHash,\r
	286	IN UINTN HashSize,\r
8c5720b4	287	IN CONST UINT8 *Signature,\r
532616bb	288	IN UINTN SigSize\r
	289	)\r
	290	{\r
86b5c3ee	291	INT32 DigestType;\r
86b5c3ee	292	UINT8 *SigBuf;\r
532616bb	293	\r
	294	//\r
	295	// Check input parameters.\r
	296	//\r
8c5720b4	297	if (RsaContext == NULL \|\| MessageHash == NULL \|\| Signature == NULL) {\r
532616bb	298	return FALSE;\r
	299	}\r
	300	\r
8c5720b4	301	if (SigSize > INT_MAX \|\| SigSize == 0) {\r
	302	return FALSE;\r
	303	}\r
8c5720b4	304	\r
532616bb	305	//\r
86b5c3ee	306	// Determine the message digest algorithm according to digest size.\r
86b5c3ee	307	// Only MD5, SHA-1 or SHA-256 algorithm is supported. \r
532616bb	308	//\r
86b5c3ee	309	switch (HashSize) {\r
	310	case MD5_DIGEST_SIZE:\r
	311	DigestType = NID_md5;\r
	312	break;\r
	313	\r
	314	case SHA1_DIGEST_SIZE:\r
	315	DigestType = NID_sha1;\r
	316	break;\r
	317	\r
	318	case SHA256_DIGEST_SIZE:\r
	319	DigestType = NID_sha256;\r
	320	break;\r
532616bb	321	\r
86b5c3ee	322	default:\r
532616bb	323	return FALSE;\r
	324	}\r
	325	\r
86b5c3ee	326	SigBuf = (UINT8 *) Signature;\r
	327	return (BOOLEAN) RSA_verify (\r
	328	DigestType,\r
	329	MessageHash,\r
	330	(UINT32) HashSize,\r
	331	SigBuf,\r
	332	(UINT32) SigSize,\r
	333	(RSA *) RsaContext\r
	334	);\r
532616bb	335	}\r