[mirror_edk2.git] / CryptoPkg / Library / BaseCryptLib / Pk / CryptRsaBasic.c

/** @file\r
  RSA Asymmetric Cipher Wrapper Implementation over OpenSSL.\r
\r
  This file implements following APIs which provide basic capabilities for RSA:\r
  1) RsaNew\r
  2) RsaFree\r
  3) RsaSetKey\r
  4) RsaPkcs1Verify\r
\r
Copyright (c) 2009 - 2020, Intel Corporation. All rights reserved.<BR>\r
SPDX-License-Identifier: BSD-2-Clause-Patent\r
\r
**/\r
\r
#include "InternalCryptLib.h"\r
\r
#include <openssl/bn.h>\r
#include <openssl/rsa.h>\r
#include <openssl/objects.h>\r
\r
/**\r
  Allocates and initializes one RSA context for subsequent use.\r
\r
  @return  Pointer to the RSA context that has been initialized.\r
           If the allocations fails, RsaNew() returns NULL.\r
\r
**/\r
VOID *\r
EFIAPI\r
RsaNew (\r
  VOID\r
  )\r
{\r
  //\r
  // Allocates & Initializes RSA Context by OpenSSL RSA_new()\r
  //\r
  return (VOID *)RSA_new ();\r
}\r
\r
/**\r
  Release the specified RSA context.\r
\r
  @param[in]  RsaContext  Pointer to the RSA context to be released.\r
\r
**/\r
VOID\r
EFIAPI\r
RsaFree (\r
  IN  VOID  *RsaContext\r
  )\r
{\r
  //\r
  // Free OpenSSL RSA Context\r
  //\r
  RSA_free ((RSA *)RsaContext);\r
}\r
\r
/**\r
  Sets the tag-designated key component into the established RSA context.\r
\r
  This function sets the tag-designated RSA key component into the established\r
  RSA context from the user-specified non-negative integer (octet string format\r
  represented in RSA PKCS#1).\r
  If BigNumber is NULL, then the specified key component in RSA context is cleared.\r
\r
  If RsaContext is NULL, then return FALSE.\r
\r
  @param[in, out]  RsaContext  Pointer to RSA context being set.\r
  @param[in]       KeyTag      Tag of RSA key component being set.\r
  @param[in]       BigNumber   Pointer to octet integer buffer.\r
                               If NULL, then the specified key component in RSA\r
                               context is cleared.\r
  @param[in]       BnSize      Size of big number buffer in bytes.\r
                               If BigNumber is NULL, then it is ignored.\r
\r
  @retval  TRUE   RSA key component was set successfully.\r
  @retval  FALSE  Invalid RSA key component tag.\r
\r
**/\r
BOOLEAN\r
EFIAPI\r
RsaSetKey (\r
  IN OUT  VOID         *RsaContext,\r
  IN      RSA_KEY_TAG  KeyTag,\r
  IN      CONST UINT8  *BigNumber,\r
  IN      UINTN        BnSize\r
  )\r
{\r
  RSA     *RsaKey;\r
  BIGNUM  *BnN;\r
  BIGNUM  *BnE;\r
  BIGNUM  *BnD;\r
  BIGNUM  *BnP;\r
  BIGNUM  *BnQ;\r
  BIGNUM  *BnDp;\r
  BIGNUM  *BnDq;\r
  BIGNUM  *BnQInv;\r
\r
  //\r
  // Check input parameters.\r
  //\r
  if ((RsaContext == NULL) || (BnSize > INT_MAX)) {\r
    return FALSE;\r
  }\r
\r
  BnN    = NULL;\r
  BnE    = NULL;\r
  BnD    = NULL;\r
  BnP    = NULL;\r
  BnQ    = NULL;\r
  BnDp   = NULL;\r
  BnDq   = NULL;\r
  BnQInv = NULL;\r
\r
  //\r
  // Retrieve the components from RSA object.\r
  //\r
  RsaKey = (RSA *)RsaContext;\r
  RSA_get0_key (RsaKey, (const BIGNUM **)&BnN, (const BIGNUM **)&BnE, (const BIGNUM **)&BnD);\r
  RSA_get0_factors (RsaKey, (const BIGNUM **)&BnP, (const BIGNUM **)&BnQ);\r
  RSA_get0_crt_params (RsaKey, (const BIGNUM **)&BnDp, (const BIGNUM **)&BnDq, (const BIGNUM **)&BnQInv);\r
\r
  //\r
  // Set RSA Key Components by converting octet string to OpenSSL BN representation.\r
  // NOTE: For RSA public key (used in signature verification), only public components\r
  //       (N, e) are needed.\r
  //\r
  switch (KeyTag) {\r
    //\r
    // RSA Public Modulus (N), Public Exponent (e) and Private Exponent (d)\r
    //\r
    case RsaKeyN:\r
    case RsaKeyE:\r
    case RsaKeyD:\r
      if (BnN == NULL) {\r
        BnN = BN_new ();\r
      }\r
\r
      if (BnE == NULL) {\r
        BnE = BN_new ();\r
      }\r
\r
      if (BnD == NULL) {\r
        BnD = BN_new ();\r
      }\r
\r
      if ((BnN == NULL) || (BnE == NULL) || (BnD == NULL)) {\r
        return FALSE;\r
      }\r
\r
      switch (KeyTag) {\r
        case RsaKeyN:\r
          BnN = BN_bin2bn (BigNumber, (UINT32)BnSize, BnN);\r
          break;\r
        case RsaKeyE:\r
          BnE = BN_bin2bn (BigNumber, (UINT32)BnSize, BnE);\r
          break;\r
        case RsaKeyD:\r
          BnD = BN_bin2bn (BigNumber, (UINT32)BnSize, BnD);\r
          break;\r
        default:\r
          return FALSE;\r
      }\r
\r
      if (RSA_set0_key (RsaKey, BN_dup (BnN), BN_dup (BnE), BN_dup (BnD)) == 0) {\r
        return FALSE;\r
      }\r
\r
      break;\r
\r
    //\r
    // RSA Secret Prime Factor of Modulus (p and q)\r
    //\r
    case RsaKeyP:\r
    case RsaKeyQ:\r
      if (BnP == NULL) {\r
        BnP = BN_new ();\r
      }\r
\r
      if (BnQ == NULL) {\r
        BnQ = BN_new ();\r
      }\r
\r
      if ((BnP == NULL) || (BnQ == NULL)) {\r
        return FALSE;\r
      }\r
\r
      switch (KeyTag) {\r
        case RsaKeyP:\r
          BnP = BN_bin2bn (BigNumber, (UINT32)BnSize, BnP);\r
          break;\r
        case RsaKeyQ:\r
          BnQ = BN_bin2bn (BigNumber, (UINT32)BnSize, BnQ);\r
          break;\r
        default:\r
          return FALSE;\r
      }\r
\r
      if (RSA_set0_factors (RsaKey, BN_dup (BnP), BN_dup (BnQ)) == 0) {\r
        return FALSE;\r
      }\r
\r
      break;\r
\r
    //\r
    // p's CRT Exponent (== d mod (p - 1)),  q's CRT Exponent (== d mod (q - 1)),\r
    // and CRT Coefficient (== 1/q mod p)\r
    //\r
    case RsaKeyDp:\r
    case RsaKeyDq:\r
    case RsaKeyQInv:\r
      if (BnDp == NULL) {\r
        BnDp = BN_new ();\r
      }\r
\r
      if (BnDq == NULL) {\r
        BnDq = BN_new ();\r
      }\r
\r
      if (BnQInv == NULL) {\r
        BnQInv = BN_new ();\r
      }\r
\r
      if ((BnDp == NULL) || (BnDq == NULL) || (BnQInv == NULL)) {\r
        return FALSE;\r
      }\r
\r
      switch (KeyTag) {\r
        case RsaKeyDp:\r
          BnDp = BN_bin2bn (BigNumber, (UINT32)BnSize, BnDp);\r
          break;\r
        case RsaKeyDq:\r
          BnDq = BN_bin2bn (BigNumber, (UINT32)BnSize, BnDq);\r
          break;\r
        case RsaKeyQInv:\r
          BnQInv = BN_bin2bn (BigNumber, (UINT32)BnSize, BnQInv);\r
          break;\r
        default:\r
          return FALSE;\r
      }\r
\r
      if (RSA_set0_crt_params (RsaKey, BN_dup (BnDp), BN_dup (BnDq), BN_dup (BnQInv)) == 0) {\r
        return FALSE;\r
      }\r
\r
      break;\r
\r
    default:\r
      return FALSE;\r
  }\r
\r
  return TRUE;\r
}\r
\r
/**\r
  Verifies the RSA-SSA signature with EMSA-PKCS1-v1_5 encoding scheme defined in\r
  RSA PKCS#1.\r
\r
  If RsaContext is NULL, then return FALSE.\r
  If MessageHash is NULL, then return FALSE.\r
  If Signature is NULL, then return FALSE.\r
  If HashSize is not equal to the size of MD5, SHA-1, SHA-256, SHA-384 or SHA-512 digest, then return FALSE.\r
\r
  @param[in]  RsaContext   Pointer to RSA context for signature verification.\r
  @param[in]  MessageHash  Pointer to octet message hash to be checked.\r
  @param[in]  HashSize     Size of the message hash in bytes.\r
  @param[in]  Signature    Pointer to RSA PKCS1-v1_5 signature to be verified.\r
  @param[in]  SigSize      Size of signature in bytes.\r
\r
  @retval  TRUE   Valid signature encoded in PKCS1-v1_5.\r
  @retval  FALSE  Invalid signature or invalid RSA context.\r
\r
**/\r
BOOLEAN\r
EFIAPI\r
RsaPkcs1Verify (\r
  IN  VOID         *RsaContext,\r
  IN  CONST UINT8  *MessageHash,\r
  IN  UINTN        HashSize,\r
  IN  CONST UINT8  *Signature,\r
  IN  UINTN        SigSize\r
  )\r
{\r
  INT32  DigestType;\r
  UINT8  *SigBuf;\r
\r
  //\r
  // Check input parameters.\r
  //\r
  if ((RsaContext == NULL) || (MessageHash == NULL) || (Signature == NULL)) {\r
    return FALSE;\r
  }\r
\r
  if ((SigSize > INT_MAX) || (SigSize == 0)) {\r
    return FALSE;\r
  }\r
\r
  //\r
  // Determine the message digest algorithm according to digest size.\r
  //   Only MD5, SHA-1, SHA-256, SHA-384 or SHA-512 algorithm is supported.\r
  //\r
  switch (HashSize) {\r
    case MD5_DIGEST_SIZE:\r
      DigestType = NID_md5;\r
      break;\r
\r
    case SHA1_DIGEST_SIZE:\r
      DigestType = NID_sha1;\r
      break;\r
\r
    case SHA256_DIGEST_SIZE:\r
      DigestType = NID_sha256;\r
      break;\r
\r
    case SHA384_DIGEST_SIZE:\r
      DigestType = NID_sha384;\r
      break;\r
\r
    case SHA512_DIGEST_SIZE:\r
      DigestType = NID_sha512;\r
      break;\r
\r
    default:\r
      return FALSE;\r
  }\r
\r
  SigBuf = (UINT8 *)Signature;\r
  return (BOOLEAN)RSA_verify (\r
                    DigestType,\r
                    MessageHash,\r
                    (UINT32)HashSize,\r
                    SigBuf,\r
                    (UINT32)SigSize,\r
                    (RSA *)RsaContext\r
                    );\r
}\r
Commit	Line	Data
	1	/** @file\r
	2	RSA Asymmetric Cipher Wrapper Implementation over OpenSSL.\r
	3	\r
	4	This file implements following APIs which provide basic capabilities for RSA:\r
	5	1) RsaNew\r
	6	2) RsaFree\r
	7	3) RsaSetKey\r
	8	4) RsaPkcs1Verify\r
	9	\r
	10	Copyright (c) 2009 - 2020, Intel Corporation. All rights reserved.<BR>\r
	11	SPDX-License-Identifier: BSD-2-Clause-Patent\r
	12	\r
	13	**/\r
	14	\r
	15	#include "InternalCryptLib.h"\r
	16	\r
	17	#include <openssl/bn.h>\r
	18	#include <openssl/rsa.h>\r
	19	#include <openssl/objects.h>\r
	20	\r
	21	/**\r
	22	Allocates and initializes one RSA context for subsequent use.\r
	23	\r
	24	@return Pointer to the RSA context that has been initialized.\r
	25	If the allocations fails, RsaNew() returns NULL.\r
	26	\r
	27	**/\r
	28	VOID *\r
	29	EFIAPI\r
	30	RsaNew (\r
	31	VOID\r
	32	)\r
	33	{\r
	34	//\r
	35	// Allocates & Initializes RSA Context by OpenSSL RSA_new()\r
	36	//\r
	37	return (VOID *)RSA_new ();\r
	38	}\r
	39	\r
	40	/**\r
	41	Release the specified RSA context.\r
	42	\r
	43	@param[in] RsaContext Pointer to the RSA context to be released.\r
	44	\r
	45	**/\r
	46	VOID\r
	47	EFIAPI\r
	48	RsaFree (\r
	49	IN VOID *RsaContext\r
	50	)\r
	51	{\r
	52	//\r
	53	// Free OpenSSL RSA Context\r
	54	//\r
	55	RSA_free ((RSA *)RsaContext);\r
	56	}\r
	57	\r
	58	/**\r
	59	Sets the tag-designated key component into the established RSA context.\r
	60	\r
	61	This function sets the tag-designated RSA key component into the established\r
	62	RSA context from the user-specified non-negative integer (octet string format\r
	63	represented in RSA PKCS#1).\r
	64	If BigNumber is NULL, then the specified key component in RSA context is cleared.\r
	65	\r
	66	If RsaContext is NULL, then return FALSE.\r
	67	\r
	68	@param[in, out] RsaContext Pointer to RSA context being set.\r
	69	@param[in] KeyTag Tag of RSA key component being set.\r
	70	@param[in] BigNumber Pointer to octet integer buffer.\r
	71	If NULL, then the specified key component in RSA\r
	72	context is cleared.\r
	73	@param[in] BnSize Size of big number buffer in bytes.\r
	74	If BigNumber is NULL, then it is ignored.\r
	75	\r
	76	@retval TRUE RSA key component was set successfully.\r
	77	@retval FALSE Invalid RSA key component tag.\r
	78	\r
	79	**/\r
	80	BOOLEAN\r
	81	EFIAPI\r
	82	RsaSetKey (\r
	83	IN OUT VOID *RsaContext,\r
	84	IN RSA_KEY_TAG KeyTag,\r
	85	IN CONST UINT8 *BigNumber,\r
	86	IN UINTN BnSize\r
	87	)\r
	88	{\r
	89	RSA *RsaKey;\r
	90	BIGNUM *BnN;\r
	91	BIGNUM *BnE;\r
	92	BIGNUM *BnD;\r
	93	BIGNUM *BnP;\r
	94	BIGNUM *BnQ;\r
	95	BIGNUM *BnDp;\r
	96	BIGNUM *BnDq;\r
	97	BIGNUM *BnQInv;\r
	98	\r
	99	//\r
	100	// Check input parameters.\r
	101	//\r
	102	if ((RsaContext == NULL) \|\| (BnSize > INT_MAX)) {\r
	103	return FALSE;\r
	104	}\r
	105	\r
	106	BnN = NULL;\r
	107	BnE = NULL;\r
	108	BnD = NULL;\r
	109	BnP = NULL;\r
	110	BnQ = NULL;\r
	111	BnDp = NULL;\r
	112	BnDq = NULL;\r
	113	BnQInv = NULL;\r
	114	\r
	115	//\r
	116	// Retrieve the components from RSA object.\r
	117	//\r
	118	RsaKey = (RSA *)RsaContext;\r
	119	RSA_get0_key (RsaKey, (const BIGNUM )&BnN, (const BIGNUM )&BnE, (const BIGNUM **)&BnD);\r
	120	RSA_get0_factors (RsaKey, (const BIGNUM )&BnP, (const BIGNUM )&BnQ);\r
	121	RSA_get0_crt_params (RsaKey, (const BIGNUM )&BnDp, (const BIGNUM )&BnDq, (const BIGNUM **)&BnQInv);\r
	122	\r
	123	//\r
	124	// Set RSA Key Components by converting octet string to OpenSSL BN representation.\r
	125	// NOTE: For RSA public key (used in signature verification), only public components\r
	126	// (N, e) are needed.\r
	127	//\r
	128	switch (KeyTag) {\r
	129	//\r
	130	// RSA Public Modulus (N), Public Exponent (e) and Private Exponent (d)\r
	131	//\r
	132	case RsaKeyN:\r
	133	case RsaKeyE:\r
	134	case RsaKeyD:\r
	135	if (BnN == NULL) {\r
	136	BnN = BN_new ();\r
	137	}\r
	138	\r
	139	if (BnE == NULL) {\r
	140	BnE = BN_new ();\r
	141	}\r
	142	\r
	143	if (BnD == NULL) {\r
	144	BnD = BN_new ();\r
	145	}\r
	146	\r
	147	if ((BnN == NULL) \|\| (BnE == NULL) \|\| (BnD == NULL)) {\r
	148	return FALSE;\r
	149	}\r
	150	\r
	151	switch (KeyTag) {\r
	152	case RsaKeyN:\r
	153	BnN = BN_bin2bn (BigNumber, (UINT32)BnSize, BnN);\r
	154	break;\r
	155	case RsaKeyE:\r
	156	BnE = BN_bin2bn (BigNumber, (UINT32)BnSize, BnE);\r
	157	break;\r
	158	case RsaKeyD:\r
	159	BnD = BN_bin2bn (BigNumber, (UINT32)BnSize, BnD);\r
	160	break;\r
	161	default:\r
	162	return FALSE;\r
	163	}\r
	164	\r
	165	if (RSA_set0_key (RsaKey, BN_dup (BnN), BN_dup (BnE), BN_dup (BnD)) == 0) {\r
	166	return FALSE;\r
	167	}\r
	168	\r
	169	break;\r
	170	\r
	171	//\r
	172	// RSA Secret Prime Factor of Modulus (p and q)\r
	173	//\r
	174	case RsaKeyP:\r
	175	case RsaKeyQ:\r
	176	if (BnP == NULL) {\r
	177	BnP = BN_new ();\r
	178	}\r
	179	\r
	180	if (BnQ == NULL) {\r
	181	BnQ = BN_new ();\r
	182	}\r
	183	\r
	184	if ((BnP == NULL) \|\| (BnQ == NULL)) {\r
	185	return FALSE;\r
	186	}\r
	187	\r
	188	switch (KeyTag) {\r
	189	case RsaKeyP:\r
	190	BnP = BN_bin2bn (BigNumber, (UINT32)BnSize, BnP);\r
	191	break;\r
	192	case RsaKeyQ:\r
	193	BnQ = BN_bin2bn (BigNumber, (UINT32)BnSize, BnQ);\r
	194	break;\r
	195	default:\r
	196	return FALSE;\r
	197	}\r
	198	\r
	199	if (RSA_set0_factors (RsaKey, BN_dup (BnP), BN_dup (BnQ)) == 0) {\r
	200	return FALSE;\r
	201	}\r
	202	\r
	203	break;\r
	204	\r
	205	//\r
	206	// p's CRT Exponent (== d mod (p - 1)), q's CRT Exponent (== d mod (q - 1)),\r
	207	// and CRT Coefficient (== 1/q mod p)\r
	208	//\r
	209	case RsaKeyDp:\r
	210	case RsaKeyDq:\r
	211	case RsaKeyQInv:\r
	212	if (BnDp == NULL) {\r
	213	BnDp = BN_new ();\r
	214	}\r
	215	\r
	216	if (BnDq == NULL) {\r
	217	BnDq = BN_new ();\r
	218	}\r
	219	\r
	220	if (BnQInv == NULL) {\r
	221	BnQInv = BN_new ();\r
	222	}\r
	223	\r
	224	if ((BnDp == NULL) \|\| (BnDq == NULL) \|\| (BnQInv == NULL)) {\r
	225	return FALSE;\r
	226	}\r
	227	\r
	228	switch (KeyTag) {\r
	229	case RsaKeyDp:\r
	230	BnDp = BN_bin2bn (BigNumber, (UINT32)BnSize, BnDp);\r
	231	break;\r
	232	case RsaKeyDq:\r
	233	BnDq = BN_bin2bn (BigNumber, (UINT32)BnSize, BnDq);\r
	234	break;\r
	235	case RsaKeyQInv:\r
	236	BnQInv = BN_bin2bn (BigNumber, (UINT32)BnSize, BnQInv);\r
	237	break;\r
	238	default:\r
	239	return FALSE;\r
	240	}\r
	241	\r
	242	if (RSA_set0_crt_params (RsaKey, BN_dup (BnDp), BN_dup (BnDq), BN_dup (BnQInv)) == 0) {\r
	243	return FALSE;\r
	244	}\r
	245	\r
	246	break;\r
	247	\r
	248	default:\r
	249	return FALSE;\r
	250	}\r
	251	\r
	252	return TRUE;\r
	253	}\r
	254	\r
	255	/**\r
	256	Verifies the RSA-SSA signature with EMSA-PKCS1-v1_5 encoding scheme defined in\r
	257	RSA PKCS#1.\r
	258	\r
	259	If RsaContext is NULL, then return FALSE.\r
	260	If MessageHash is NULL, then return FALSE.\r
	261	If Signature is NULL, then return FALSE.\r
	262	If HashSize is not equal to the size of MD5, SHA-1, SHA-256, SHA-384 or SHA-512 digest, then return FALSE.\r
	263	\r
	264	@param[in] RsaContext Pointer to RSA context for signature verification.\r
	265	@param[in] MessageHash Pointer to octet message hash to be checked.\r
	266	@param[in] HashSize Size of the message hash in bytes.\r
	267	@param[in] Signature Pointer to RSA PKCS1-v1_5 signature to be verified.\r
	268	@param[in] SigSize Size of signature in bytes.\r
	269	\r
	270	@retval TRUE Valid signature encoded in PKCS1-v1_5.\r
	271	@retval FALSE Invalid signature or invalid RSA context.\r
	272	\r
	273	**/\r
	274	BOOLEAN\r
	275	EFIAPI\r
	276	RsaPkcs1Verify (\r
	277	IN VOID *RsaContext,\r
	278	IN CONST UINT8 *MessageHash,\r
	279	IN UINTN HashSize,\r
	280	IN CONST UINT8 *Signature,\r
	281	IN UINTN SigSize\r
	282	)\r
	283	{\r
	284	INT32 DigestType;\r
	285	UINT8 *SigBuf;\r
	286	\r
	287	//\r
	288	// Check input parameters.\r
	289	//\r
	290	if ((RsaContext == NULL) \|\| (MessageHash == NULL) \|\| (Signature == NULL)) {\r
	291	return FALSE;\r
	292	}\r
	293	\r
	294	if ((SigSize > INT_MAX) \|\| (SigSize == 0)) {\r
	295	return FALSE;\r
	296	}\r
	297	\r
	298	//\r
	299	// Determine the message digest algorithm according to digest size.\r
	300	// Only MD5, SHA-1, SHA-256, SHA-384 or SHA-512 algorithm is supported.\r
	301	//\r
	302	switch (HashSize) {\r
	303	case MD5_DIGEST_SIZE:\r
	304	DigestType = NID_md5;\r
	305	break;\r
	306	\r
	307	case SHA1_DIGEST_SIZE:\r
	308	DigestType = NID_sha1;\r
	309	break;\r
	310	\r
	311	case SHA256_DIGEST_SIZE:\r
	312	DigestType = NID_sha256;\r
	313	break;\r
	314	\r
	315	case SHA384_DIGEST_SIZE:\r
	316	DigestType = NID_sha384;\r
	317	break;\r
	318	\r
	319	case SHA512_DIGEST_SIZE:\r
	320	DigestType = NID_sha512;\r
	321	break;\r
	322	\r
	323	default:\r
	324	return FALSE;\r
	325	}\r
	326	\r
	327	SigBuf = (UINT8 *)Signature;\r
	328	return (BOOLEAN)RSA_verify (\r
	329	DigestType,\r
	330	MessageHash,\r
	331	(UINT32)HashSize,\r
	332	SigBuf,\r
	333	(UINT32)SigSize,\r
	334	(RSA *)RsaContext\r
	335	);\r
	336	}\r