]>
Commit | Line | Data |
---|---|---|
532616bb | 1 | /** @file\r |
2 | RSA Asymmetric Cipher Wrapper Implementation over OpenSSL.\r | |
3 | \r | |
4 | This file implements following APIs which provide basic capabilities for RSA:\r | |
5 | 1) RsaNew\r | |
6 | 2) RsaFree\r | |
7 | 3) RsaSetKey\r | |
8 | 4) RsaPkcs1Verify\r | |
9 | \r | |
c9d72628 | 10 | Copyright (c) 2009 - 2020, Intel Corporation. All rights reserved.<BR>\r |
2009f6b4 | 11 | SPDX-License-Identifier: BSD-2-Clause-Patent\r |
532616bb | 12 | \r |
13 | **/\r | |
14 | \r | |
15 | #include "InternalCryptLib.h"\r | |
16 | \r | |
1cae0c83 | 17 | #include <openssl/bn.h>\r |
532616bb | 18 | #include <openssl/rsa.h>\r |
86b5c3ee | 19 | #include <openssl/objects.h>\r |
532616bb | 20 | \r |
21 | /**\r | |
22 | Allocates and initializes one RSA context for subsequent use.\r | |
23 | \r | |
24 | @return Pointer to the RSA context that has been initialized.\r | |
25 | If the allocations fails, RsaNew() returns NULL.\r | |
26 | \r | |
27 | **/\r | |
28 | VOID *\r | |
29 | EFIAPI\r | |
30 | RsaNew (\r | |
31 | VOID\r | |
32 | )\r | |
33 | {\r | |
34 | //\r | |
35 | // Allocates & Initializes RSA Context by OpenSSL RSA_new()\r | |
36 | //\r | |
6b8ebcb8 | 37 | return (VOID *) RSA_new ();\r |
532616bb | 38 | }\r |
39 | \r | |
40 | /**\r | |
41 | Release the specified RSA context.\r | |
42 | \r | |
43 | @param[in] RsaContext Pointer to the RSA context to be released.\r | |
44 | \r | |
45 | **/\r | |
46 | VOID\r | |
47 | EFIAPI\r | |
48 | RsaFree (\r | |
49 | IN VOID *RsaContext\r | |
50 | )\r | |
51 | {\r | |
52 | //\r | |
53 | // Free OpenSSL RSA Context\r | |
54 | //\r | |
6b8ebcb8 | 55 | RSA_free ((RSA *) RsaContext);\r |
532616bb | 56 | }\r |
57 | \r | |
58 | /**\r | |
59 | Sets the tag-designated key component into the established RSA context.\r | |
60 | \r | |
61 | This function sets the tag-designated RSA key component into the established\r | |
62 | RSA context from the user-specified non-negative integer (octet string format\r | |
63 | represented in RSA PKCS#1).\r | |
2998af86 | 64 | If BigNumber is NULL, then the specified key component in RSA context is cleared.\r |
532616bb | 65 | \r |
66 | If RsaContext is NULL, then return FALSE.\r | |
67 | \r | |
68 | @param[in, out] RsaContext Pointer to RSA context being set.\r | |
69 | @param[in] KeyTag Tag of RSA key component being set.\r | |
70 | @param[in] BigNumber Pointer to octet integer buffer.\r | |
2998af86 | 71 | If NULL, then the specified key component in RSA\r |
532616bb | 72 | context is cleared.\r |
73 | @param[in] BnSize Size of big number buffer in bytes.\r | |
74 | If BigNumber is NULL, then it is ignored.\r | |
75 | \r | |
76 | @retval TRUE RSA key component was set successfully.\r | |
77 | @retval FALSE Invalid RSA key component tag.\r | |
78 | \r | |
79 | **/\r | |
80 | BOOLEAN\r | |
81 | EFIAPI\r | |
82 | RsaSetKey (\r | |
83 | IN OUT VOID *RsaContext,\r | |
84 | IN RSA_KEY_TAG KeyTag,\r | |
85 | IN CONST UINT8 *BigNumber,\r | |
86 | IN UINTN BnSize\r | |
87 | )\r | |
88 | {\r | |
f56b11d2 QL |
89 | RSA *RsaKey;\r |
90 | BIGNUM *BnN;\r | |
91 | BIGNUM *BnE;\r | |
92 | BIGNUM *BnD;\r | |
93 | BIGNUM *BnP;\r | |
94 | BIGNUM *BnQ;\r | |
95 | BIGNUM *BnDp;\r | |
96 | BIGNUM *BnDq;\r | |
97 | BIGNUM *BnQInv;\r | |
532616bb | 98 | \r |
99 | //\r | |
100 | // Check input parameters.\r | |
101 | //\r | |
dda39f3a | 102 | if (RsaContext == NULL || BnSize > INT_MAX) {\r |
532616bb | 103 | return FALSE;\r |
104 | }\r | |
105 | \r | |
f56b11d2 QL |
106 | BnN = NULL;\r |
107 | BnE = NULL;\r | |
108 | BnD = NULL;\r | |
109 | BnP = NULL;\r | |
110 | BnQ = NULL;\r | |
111 | BnDp = NULL;\r | |
112 | BnDq = NULL;\r | |
113 | BnQInv = NULL;\r | |
114 | \r | |
115 | //\r | |
116 | // Retrieve the components from RSA object.\r | |
117 | //\r | |
6b8ebcb8 | 118 | RsaKey = (RSA *) RsaContext;\r |
f56b11d2 QL |
119 | RSA_get0_key (RsaKey, (const BIGNUM **)&BnN, (const BIGNUM **)&BnE, (const BIGNUM **)&BnD);\r |
120 | RSA_get0_factors (RsaKey, (const BIGNUM **)&BnP, (const BIGNUM **)&BnQ);\r | |
121 | RSA_get0_crt_params (RsaKey, (const BIGNUM **)&BnDp, (const BIGNUM **)&BnDq, (const BIGNUM **)&BnQInv);\r | |
122 | \r | |
532616bb | 123 | //\r |
124 | // Set RSA Key Components by converting octet string to OpenSSL BN representation.\r | |
125 | // NOTE: For RSA public key (used in signature verification), only public components\r | |
126 | // (N, e) are needed.\r | |
127 | //\r | |
128 | switch (KeyTag) {\r | |
129 | \r | |
130 | //\r | |
f56b11d2 | 131 | // RSA Public Modulus (N), Public Exponent (e) and Private Exponent (d)\r |
532616bb | 132 | //\r |
133 | case RsaKeyN:\r | |
532616bb | 134 | case RsaKeyE:\r |
f56b11d2 QL |
135 | case RsaKeyD:\r |
136 | if (BnN == NULL) {\r | |
137 | BnN = BN_new ();\r | |
532616bb | 138 | }\r |
f56b11d2 QL |
139 | if (BnE == NULL) {\r |
140 | BnE = BN_new ();\r | |
532616bb | 141 | }\r |
f56b11d2 QL |
142 | if (BnD == NULL) {\r |
143 | BnD = BN_new ();\r | |
dda39f3a | 144 | }\r |
145 | \r | |
f56b11d2 | 146 | if ((BnN == NULL) || (BnE == NULL) || (BnD == NULL)) {\r |
dda39f3a | 147 | return FALSE;\r |
148 | }\r | |
149 | \r | |
f56b11d2 QL |
150 | switch (KeyTag) {\r |
151 | case RsaKeyN:\r | |
152 | BnN = BN_bin2bn (BigNumber, (UINT32)BnSize, BnN);\r | |
153 | break;\r | |
154 | case RsaKeyE:\r | |
155 | BnE = BN_bin2bn (BigNumber, (UINT32)BnSize, BnE);\r | |
532616bb | 156 | break;\r |
f56b11d2 QL |
157 | case RsaKeyD:\r |
158 | BnD = BN_bin2bn (BigNumber, (UINT32)BnSize, BnD);\r | |
159 | break;\r | |
160 | default:\r | |
161 | return FALSE;\r | |
532616bb | 162 | }\r |
f56b11d2 | 163 | if (RSA_set0_key (RsaKey, BN_dup(BnN), BN_dup(BnE), BN_dup(BnD)) == 0) {\r |
dda39f3a | 164 | return FALSE;\r |
165 | }\r | |
166 | \r | |
532616bb | 167 | break;\r |
168 | \r | |
169 | //\r | |
f56b11d2 | 170 | // RSA Secret Prime Factor of Modulus (p and q)\r |
532616bb | 171 | //\r |
f56b11d2 | 172 | case RsaKeyP:\r |
532616bb | 173 | case RsaKeyQ:\r |
f56b11d2 QL |
174 | if (BnP == NULL) {\r |
175 | BnP = BN_new ();\r | |
532616bb | 176 | }\r |
f56b11d2 QL |
177 | if (BnQ == NULL) {\r |
178 | BnQ = BN_new ();\r | |
532616bb | 179 | }\r |
f56b11d2 | 180 | if ((BnP == NULL) || (BnQ == NULL)) {\r |
dda39f3a | 181 | return FALSE;\r |
182 | }\r | |
183 | \r | |
f56b11d2 QL |
184 | switch (KeyTag) {\r |
185 | case RsaKeyP:\r | |
186 | BnP = BN_bin2bn (BigNumber, (UINT32)BnSize, BnP);\r | |
532616bb | 187 | break;\r |
f56b11d2 QL |
188 | case RsaKeyQ:\r |
189 | BnQ = BN_bin2bn (BigNumber, (UINT32)BnSize, BnQ);\r | |
190 | break;\r | |
191 | default:\r | |
192 | return FALSE;\r | |
532616bb | 193 | }\r |
f56b11d2 | 194 | if (RSA_set0_factors (RsaKey, BN_dup(BnP), BN_dup(BnQ)) == 0) {\r |
dda39f3a | 195 | return FALSE;\r |
196 | }\r | |
197 | \r | |
532616bb | 198 | break;\r |
199 | \r | |
200 | //\r | |
f56b11d2 QL |
201 | // p's CRT Exponent (== d mod (p - 1)), q's CRT Exponent (== d mod (q - 1)),\r |
202 | // and CRT Coefficient (== 1/q mod p)\r | |
532616bb | 203 | //\r |
f56b11d2 | 204 | case RsaKeyDp:\r |
532616bb | 205 | case RsaKeyDq:\r |
f56b11d2 QL |
206 | case RsaKeyQInv:\r |
207 | if (BnDp == NULL) {\r | |
208 | BnDp = BN_new ();\r | |
532616bb | 209 | }\r |
f56b11d2 QL |
210 | if (BnDq == NULL) {\r |
211 | BnDq = BN_new ();\r | |
532616bb | 212 | }\r |
f56b11d2 QL |
213 | if (BnQInv == NULL) {\r |
214 | BnQInv = BN_new ();\r | |
215 | }\r | |
216 | if ((BnDp == NULL) || (BnDq == NULL) || (BnQInv == NULL)) {\r | |
dda39f3a | 217 | return FALSE;\r |
218 | }\r | |
219 | \r | |
f56b11d2 QL |
220 | switch (KeyTag) {\r |
221 | case RsaKeyDp:\r | |
222 | BnDp = BN_bin2bn (BigNumber, (UINT32)BnSize, BnDp);\r | |
223 | break;\r | |
224 | case RsaKeyDq:\r | |
225 | BnDq = BN_bin2bn (BigNumber, (UINT32)BnSize, BnDq);\r | |
226 | break;\r | |
227 | case RsaKeyQInv:\r | |
228 | BnQInv = BN_bin2bn (BigNumber, (UINT32)BnSize, BnQInv);\r | |
532616bb | 229 | break;\r |
f56b11d2 QL |
230 | default:\r |
231 | return FALSE;\r | |
532616bb | 232 | }\r |
f56b11d2 | 233 | if (RSA_set0_crt_params (RsaKey, BN_dup(BnDp), BN_dup(BnDq), BN_dup(BnQInv)) == 0) {\r |
dda39f3a | 234 | return FALSE;\r |
235 | }\r | |
236 | \r | |
532616bb | 237 | break;\r |
238 | \r | |
239 | default:\r | |
240 | return FALSE;\r | |
241 | }\r | |
242 | \r | |
243 | return TRUE;\r | |
244 | }\r | |
245 | \r | |
246 | /**\r | |
247 | Verifies the RSA-SSA signature with EMSA-PKCS1-v1_5 encoding scheme defined in\r | |
248 | RSA PKCS#1.\r | |
249 | \r | |
250 | If RsaContext is NULL, then return FALSE.\r | |
251 | If MessageHash is NULL, then return FALSE.\r | |
252 | If Signature is NULL, then return FALSE.\r | |
c9d72628 | 253 | If HashSize is not equal to the size of MD5, SHA-1, SHA-256, SHA-384 or SHA-512 digest, then return FALSE.\r |
532616bb | 254 | \r |
255 | @param[in] RsaContext Pointer to RSA context for signature verification.\r | |
256 | @param[in] MessageHash Pointer to octet message hash to be checked.\r | |
257 | @param[in] HashSize Size of the message hash in bytes.\r | |
258 | @param[in] Signature Pointer to RSA PKCS1-v1_5 signature to be verified.\r | |
259 | @param[in] SigSize Size of signature in bytes.\r | |
260 | \r | |
261 | @retval TRUE Valid signature encoded in PKCS1-v1_5.\r | |
262 | @retval FALSE Invalid signature or invalid RSA context.\r | |
263 | \r | |
264 | **/\r | |
265 | BOOLEAN\r | |
266 | EFIAPI\r | |
267 | RsaPkcs1Verify (\r | |
268 | IN VOID *RsaContext,\r | |
269 | IN CONST UINT8 *MessageHash,\r | |
270 | IN UINTN HashSize,\r | |
8c5720b4 | 271 | IN CONST UINT8 *Signature,\r |
532616bb | 272 | IN UINTN SigSize\r |
273 | )\r | |
274 | {\r | |
86b5c3ee | 275 | INT32 DigestType;\r |
276 | UINT8 *SigBuf;\r | |
532616bb | 277 | \r |
278 | //\r | |
279 | // Check input parameters.\r | |
280 | //\r | |
8c5720b4 | 281 | if (RsaContext == NULL || MessageHash == NULL || Signature == NULL) {\r |
532616bb | 282 | return FALSE;\r |
283 | }\r | |
284 | \r | |
8c5720b4 | 285 | if (SigSize > INT_MAX || SigSize == 0) {\r |
286 | return FALSE;\r | |
287 | }\r | |
8c5720b4 | 288 | \r |
532616bb | 289 | //\r |
86b5c3ee | 290 | // Determine the message digest algorithm according to digest size.\r |
c9d72628 | 291 | // Only MD5, SHA-1, SHA-256, SHA-384 or SHA-512 algorithm is supported.\r |
532616bb | 292 | //\r |
86b5c3ee | 293 | switch (HashSize) {\r |
294 | case MD5_DIGEST_SIZE:\r | |
295 | DigestType = NID_md5;\r | |
296 | break;\r | |
f56b11d2 | 297 | \r |
86b5c3ee | 298 | case SHA1_DIGEST_SIZE:\r |
299 | DigestType = NID_sha1;\r | |
300 | break;\r | |
f56b11d2 | 301 | \r |
86b5c3ee | 302 | case SHA256_DIGEST_SIZE:\r |
303 | DigestType = NID_sha256;\r | |
304 | break;\r | |
532616bb | 305 | \r |
c9d72628 P |
306 | case SHA384_DIGEST_SIZE:\r |
307 | DigestType = NID_sha384;\r | |
308 | break;\r | |
309 | \r | |
310 | case SHA512_DIGEST_SIZE:\r | |
311 | DigestType = NID_sha512;\r | |
312 | break;\r | |
313 | \r | |
86b5c3ee | 314 | default:\r |
532616bb | 315 | return FALSE;\r |
316 | }\r | |
317 | \r | |
86b5c3ee | 318 | SigBuf = (UINT8 *) Signature;\r |
319 | return (BOOLEAN) RSA_verify (\r | |
320 | DigestType,\r | |
321 | MessageHash,\r | |
322 | (UINT32) HashSize,\r | |
323 | SigBuf,\r | |
324 | (UINT32) SigSize,\r | |
325 | (RSA *) RsaContext\r | |
326 | );\r | |
532616bb | 327 | }\r |