]>
Commit | Line | Data |
---|---|---|
532616bb | 1 | /** @file\r |
2 | RSA Asymmetric Cipher Wrapper Implementation over OpenSSL.\r | |
3 | \r | |
4 | This file implements following APIs which provide basic capabilities for RSA:\r | |
5 | 1) RsaNew\r | |
6 | 2) RsaFree\r | |
7 | 3) RsaSetKey\r | |
8 | 4) RsaPkcs1Verify\r | |
9 | \r | |
86b5c3ee | 10 | Copyright (c) 2009 - 2013, Intel Corporation. All rights reserved.<BR>\r |
532616bb | 11 | This program and the accompanying materials\r |
12 | are licensed and made available under the terms and conditions of the BSD License\r | |
13 | which accompanies this distribution. The full text of the license may be found at\r | |
14 | http://opensource.org/licenses/bsd-license.php\r | |
15 | \r | |
16 | THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r | |
17 | WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r | |
18 | \r | |
19 | **/\r | |
20 | \r | |
21 | #include "InternalCryptLib.h"\r | |
22 | \r | |
23 | #include <openssl/rsa.h>\r | |
86b5c3ee | 24 | #include <openssl/objects.h>\r |
532616bb | 25 | \r |
26 | /**\r | |
27 | Allocates and initializes one RSA context for subsequent use.\r | |
28 | \r | |
29 | @return Pointer to the RSA context that has been initialized.\r | |
30 | If the allocations fails, RsaNew() returns NULL.\r | |
31 | \r | |
32 | **/\r | |
33 | VOID *\r | |
34 | EFIAPI\r | |
35 | RsaNew (\r | |
36 | VOID\r | |
37 | )\r | |
38 | {\r | |
39 | //\r | |
40 | // Allocates & Initializes RSA Context by OpenSSL RSA_new()\r | |
41 | //\r | |
6b8ebcb8 | 42 | return (VOID *) RSA_new ();\r |
532616bb | 43 | }\r |
44 | \r | |
45 | /**\r | |
46 | Release the specified RSA context.\r | |
47 | \r | |
48 | @param[in] RsaContext Pointer to the RSA context to be released.\r | |
49 | \r | |
50 | **/\r | |
51 | VOID\r | |
52 | EFIAPI\r | |
53 | RsaFree (\r | |
54 | IN VOID *RsaContext\r | |
55 | )\r | |
56 | {\r | |
57 | //\r | |
58 | // Free OpenSSL RSA Context\r | |
59 | //\r | |
6b8ebcb8 | 60 | RSA_free ((RSA *) RsaContext);\r |
532616bb | 61 | }\r |
62 | \r | |
63 | /**\r | |
64 | Sets the tag-designated key component into the established RSA context.\r | |
65 | \r | |
66 | This function sets the tag-designated RSA key component into the established\r | |
67 | RSA context from the user-specified non-negative integer (octet string format\r | |
68 | represented in RSA PKCS#1).\r | |
69 | If BigNumber is NULL, then the specified key componenet in RSA context is cleared.\r | |
70 | \r | |
71 | If RsaContext is NULL, then return FALSE.\r | |
72 | \r | |
73 | @param[in, out] RsaContext Pointer to RSA context being set.\r | |
74 | @param[in] KeyTag Tag of RSA key component being set.\r | |
75 | @param[in] BigNumber Pointer to octet integer buffer.\r | |
76 | If NULL, then the specified key componenet in RSA\r | |
77 | context is cleared.\r | |
78 | @param[in] BnSize Size of big number buffer in bytes.\r | |
79 | If BigNumber is NULL, then it is ignored.\r | |
80 | \r | |
81 | @retval TRUE RSA key component was set successfully.\r | |
82 | @retval FALSE Invalid RSA key component tag.\r | |
83 | \r | |
84 | **/\r | |
85 | BOOLEAN\r | |
86 | EFIAPI\r | |
87 | RsaSetKey (\r | |
88 | IN OUT VOID *RsaContext,\r | |
89 | IN RSA_KEY_TAG KeyTag,\r | |
90 | IN CONST UINT8 *BigNumber,\r | |
91 | IN UINTN BnSize\r | |
92 | )\r | |
93 | {\r | |
94 | RSA *RsaKey;\r | |
95 | \r | |
96 | //\r | |
97 | // Check input parameters.\r | |
98 | //\r | |
dda39f3a | 99 | if (RsaContext == NULL || BnSize > INT_MAX) {\r |
532616bb | 100 | return FALSE;\r |
101 | }\r | |
102 | \r | |
6b8ebcb8 | 103 | RsaKey = (RSA *) RsaContext;\r |
532616bb | 104 | //\r |
105 | // Set RSA Key Components by converting octet string to OpenSSL BN representation.\r | |
106 | // NOTE: For RSA public key (used in signature verification), only public components\r | |
107 | // (N, e) are needed.\r | |
108 | //\r | |
109 | switch (KeyTag) {\r | |
110 | \r | |
111 | //\r | |
112 | // RSA Public Modulus (N)\r | |
113 | //\r | |
114 | case RsaKeyN:\r | |
115 | if (RsaKey->n != NULL) {\r | |
116 | BN_free (RsaKey->n);\r | |
117 | }\r | |
118 | RsaKey->n = NULL;\r | |
119 | if (BigNumber == NULL) {\r | |
120 | break;\r | |
121 | }\r | |
122 | RsaKey->n = BN_bin2bn (BigNumber, (UINT32) BnSize, RsaKey->n);\r | |
dda39f3a | 123 | if (RsaKey->n == NULL) {\r |
124 | return FALSE;\r | |
125 | }\r | |
126 | \r | |
532616bb | 127 | break;\r |
128 | \r | |
129 | //\r | |
130 | // RSA Public Exponent (e)\r | |
131 | //\r | |
132 | case RsaKeyE:\r | |
133 | if (RsaKey->e != NULL) {\r | |
134 | BN_free (RsaKey->e);\r | |
135 | }\r | |
136 | RsaKey->e = NULL;\r | |
137 | if (BigNumber == NULL) {\r | |
138 | break;\r | |
139 | }\r | |
140 | RsaKey->e = BN_bin2bn (BigNumber, (UINT32) BnSize, RsaKey->e);\r | |
dda39f3a | 141 | if (RsaKey->e == NULL) {\r |
142 | return FALSE;\r | |
143 | }\r | |
144 | \r | |
532616bb | 145 | break;\r |
146 | \r | |
147 | //\r | |
148 | // RSA Private Exponent (d)\r | |
149 | //\r | |
150 | case RsaKeyD:\r | |
151 | if (RsaKey->d != NULL) {\r | |
152 | BN_free (RsaKey->d);\r | |
153 | }\r | |
154 | RsaKey->d = NULL;\r | |
155 | if (BigNumber == NULL) {\r | |
156 | break;\r | |
157 | }\r | |
158 | RsaKey->d = BN_bin2bn (BigNumber, (UINT32) BnSize, RsaKey->d);\r | |
dda39f3a | 159 | if (RsaKey->d == NULL) {\r |
160 | return FALSE;\r | |
161 | }\r | |
162 | \r | |
532616bb | 163 | break;\r |
164 | \r | |
165 | //\r | |
166 | // RSA Secret Prime Factor of Modulus (p)\r | |
167 | //\r | |
168 | case RsaKeyP:\r | |
169 | if (RsaKey->p != NULL) {\r | |
170 | BN_free (RsaKey->p);\r | |
171 | }\r | |
172 | RsaKey->p = NULL;\r | |
173 | if (BigNumber == NULL) {\r | |
174 | break;\r | |
175 | }\r | |
176 | RsaKey->p = BN_bin2bn (BigNumber, (UINT32) BnSize, RsaKey->p);\r | |
dda39f3a | 177 | if (RsaKey->p == NULL) {\r |
178 | return FALSE;\r | |
179 | }\r | |
180 | \r | |
532616bb | 181 | break;\r |
182 | \r | |
183 | //\r | |
184 | // RSA Secret Prime Factor of Modules (q)\r | |
185 | //\r | |
186 | case RsaKeyQ:\r | |
187 | if (RsaKey->q != NULL) {\r | |
188 | BN_free (RsaKey->q);\r | |
189 | }\r | |
190 | RsaKey->q = NULL;\r | |
191 | if (BigNumber == NULL) {\r | |
192 | break;\r | |
193 | }\r | |
194 | RsaKey->q = BN_bin2bn (BigNumber, (UINT32) BnSize, RsaKey->q);\r | |
dda39f3a | 195 | if (RsaKey->q == NULL) {\r |
196 | return FALSE;\r | |
197 | }\r | |
198 | \r | |
532616bb | 199 | break;\r |
200 | \r | |
201 | //\r | |
202 | // p's CRT Exponent (== d mod (p - 1))\r | |
203 | //\r | |
204 | case RsaKeyDp:\r | |
205 | if (RsaKey->dmp1 != NULL) {\r | |
206 | BN_free (RsaKey->dmp1);\r | |
207 | }\r | |
208 | RsaKey->dmp1 = NULL;\r | |
209 | if (BigNumber == NULL) {\r | |
210 | break;\r | |
211 | }\r | |
212 | RsaKey->dmp1 = BN_bin2bn (BigNumber, (UINT32) BnSize, RsaKey->dmp1);\r | |
dda39f3a | 213 | if (RsaKey->dmp1 == NULL) {\r |
214 | return FALSE;\r | |
215 | }\r | |
216 | \r | |
532616bb | 217 | break;\r |
218 | \r | |
219 | //\r | |
220 | // q's CRT Exponent (== d mod (q - 1))\r | |
221 | //\r | |
222 | case RsaKeyDq:\r | |
223 | if (RsaKey->dmq1 != NULL) {\r | |
224 | BN_free (RsaKey->dmq1);\r | |
225 | }\r | |
226 | RsaKey->dmq1 = NULL;\r | |
227 | if (BigNumber == NULL) {\r | |
228 | break;\r | |
229 | }\r | |
230 | RsaKey->dmq1 = BN_bin2bn (BigNumber, (UINT32) BnSize, RsaKey->dmq1);\r | |
dda39f3a | 231 | if (RsaKey->dmq1 == NULL) {\r |
232 | return FALSE;\r | |
233 | }\r | |
234 | \r | |
532616bb | 235 | break;\r |
236 | \r | |
237 | //\r | |
238 | // The CRT Coefficient (== 1/q mod p)\r | |
239 | //\r | |
240 | case RsaKeyQInv:\r | |
241 | if (RsaKey->iqmp != NULL) {\r | |
242 | BN_free (RsaKey->iqmp);\r | |
243 | }\r | |
244 | RsaKey->iqmp = NULL;\r | |
245 | if (BigNumber == NULL) {\r | |
246 | break;\r | |
247 | }\r | |
248 | RsaKey->iqmp = BN_bin2bn (BigNumber, (UINT32) BnSize, RsaKey->iqmp);\r | |
dda39f3a | 249 | if (RsaKey->iqmp == NULL) {\r |
250 | return FALSE;\r | |
251 | }\r | |
252 | \r | |
532616bb | 253 | break;\r |
254 | \r | |
255 | default:\r | |
256 | return FALSE;\r | |
257 | }\r | |
258 | \r | |
259 | return TRUE;\r | |
260 | }\r | |
261 | \r | |
262 | /**\r | |
263 | Verifies the RSA-SSA signature with EMSA-PKCS1-v1_5 encoding scheme defined in\r | |
264 | RSA PKCS#1.\r | |
265 | \r | |
266 | If RsaContext is NULL, then return FALSE.\r | |
267 | If MessageHash is NULL, then return FALSE.\r | |
268 | If Signature is NULL, then return FALSE.\r | |
269 | If HashSize is not equal to the size of MD5, SHA-1 or SHA-256 digest, then return FALSE.\r | |
270 | \r | |
271 | @param[in] RsaContext Pointer to RSA context for signature verification.\r | |
272 | @param[in] MessageHash Pointer to octet message hash to be checked.\r | |
273 | @param[in] HashSize Size of the message hash in bytes.\r | |
274 | @param[in] Signature Pointer to RSA PKCS1-v1_5 signature to be verified.\r | |
275 | @param[in] SigSize Size of signature in bytes.\r | |
276 | \r | |
277 | @retval TRUE Valid signature encoded in PKCS1-v1_5.\r | |
278 | @retval FALSE Invalid signature or invalid RSA context.\r | |
279 | \r | |
280 | **/\r | |
281 | BOOLEAN\r | |
282 | EFIAPI\r | |
283 | RsaPkcs1Verify (\r | |
284 | IN VOID *RsaContext,\r | |
285 | IN CONST UINT8 *MessageHash,\r | |
286 | IN UINTN HashSize,\r | |
8c5720b4 | 287 | IN CONST UINT8 *Signature,\r |
532616bb | 288 | IN UINTN SigSize\r |
289 | )\r | |
290 | {\r | |
86b5c3ee | 291 | INT32 DigestType;\r |
292 | UINT8 *SigBuf;\r | |
532616bb | 293 | \r |
294 | //\r | |
295 | // Check input parameters.\r | |
296 | //\r | |
8c5720b4 | 297 | if (RsaContext == NULL || MessageHash == NULL || Signature == NULL) {\r |
532616bb | 298 | return FALSE;\r |
299 | }\r | |
300 | \r | |
8c5720b4 | 301 | if (SigSize > INT_MAX || SigSize == 0) {\r |
302 | return FALSE;\r | |
303 | }\r | |
8c5720b4 | 304 | \r |
532616bb | 305 | //\r |
86b5c3ee | 306 | // Determine the message digest algorithm according to digest size.\r |
307 | // Only MD5, SHA-1 or SHA-256 algorithm is supported. \r | |
532616bb | 308 | //\r |
86b5c3ee | 309 | switch (HashSize) {\r |
310 | case MD5_DIGEST_SIZE:\r | |
311 | DigestType = NID_md5;\r | |
312 | break;\r | |
313 | \r | |
314 | case SHA1_DIGEST_SIZE:\r | |
315 | DigestType = NID_sha1;\r | |
316 | break;\r | |
317 | \r | |
318 | case SHA256_DIGEST_SIZE:\r | |
319 | DigestType = NID_sha256;\r | |
320 | break;\r | |
532616bb | 321 | \r |
86b5c3ee | 322 | default:\r |
532616bb | 323 | return FALSE;\r |
324 | }\r | |
325 | \r | |
86b5c3ee | 326 | SigBuf = (UINT8 *) Signature;\r |
327 | return (BOOLEAN) RSA_verify (\r | |
328 | DigestType,\r | |
329 | MessageHash,\r | |
330 | (UINT32) HashSize,\r | |
331 | SigBuf,\r | |
332 | (UINT32) SigSize,\r | |
333 | (RSA *) RsaContext\r | |
334 | );\r | |
532616bb | 335 | }\r |