[mirror_edk2.git] / CryptoPkg / Library / BaseCryptLib / Pk / CryptRsaBasic.c

/** @file\r
  RSA Asymmetric Cipher Wrapper Implementation over OpenSSL.\r
\r
  This file implements following APIs which provide basic capabilities for RSA:\r
  1) RsaNew\r
  2) RsaFree\r
  3) RsaSetKey\r
  4) RsaPkcs1Verify\r
\r
Copyright (c) 2009 - 2020, Intel Corporation. All rights reserved.<BR>\r
SPDX-License-Identifier: BSD-2-Clause-Patent\r
\r
**/\r
\r
#include "InternalCryptLib.h"\r
\r
#include <openssl/bn.h>\r
#include <openssl/rsa.h>\r
#include <openssl/objects.h>\r
\r
/**\r
  Allocates and initializes one RSA context for subsequent use.\r
\r
  @return  Pointer to the RSA context that has been initialized.\r
           If the allocations fails, RsaNew() returns NULL.\r
\r
**/\r
VOID *\r
EFIAPI\r
RsaNew (\r
  VOID\r
  )\r
{\r
  //\r
  // Allocates & Initializes RSA Context by OpenSSL RSA_new()\r
  //\r
  return (VOID *) RSA_new ();\r
}\r
\r
/**\r
  Release the specified RSA context.\r
\r
  @param[in]  RsaContext  Pointer to the RSA context to be released.\r
\r
**/\r
VOID\r
EFIAPI\r
RsaFree (\r
  IN  VOID  *RsaContext\r
  )\r
{\r
  //\r
  // Free OpenSSL RSA Context\r
  //\r
  RSA_free ((RSA *) RsaContext);\r
}\r
\r
/**\r
  Sets the tag-designated key component into the established RSA context.\r
\r
  This function sets the tag-designated RSA key component into the established\r
  RSA context from the user-specified non-negative integer (octet string format\r
  represented in RSA PKCS#1).\r
  If BigNumber is NULL, then the specified key component in RSA context is cleared.\r
\r
  If RsaContext is NULL, then return FALSE.\r
\r
  @param[in, out]  RsaContext  Pointer to RSA context being set.\r
  @param[in]       KeyTag      Tag of RSA key component being set.\r
  @param[in]       BigNumber   Pointer to octet integer buffer.\r
                               If NULL, then the specified key component in RSA\r
                               context is cleared.\r
  @param[in]       BnSize      Size of big number buffer in bytes.\r
                               If BigNumber is NULL, then it is ignored.\r
\r
  @retval  TRUE   RSA key component was set successfully.\r
  @retval  FALSE  Invalid RSA key component tag.\r
\r
**/\r
BOOLEAN\r
EFIAPI\r
RsaSetKey (\r
  IN OUT  VOID         *RsaContext,\r
  IN      RSA_KEY_TAG  KeyTag,\r
  IN      CONST UINT8  *BigNumber,\r
  IN      UINTN        BnSize\r
  )\r
{\r
  RSA     *RsaKey;\r
  BIGNUM  *BnN;\r
  BIGNUM  *BnE;\r
  BIGNUM  *BnD;\r
  BIGNUM  *BnP;\r
  BIGNUM  *BnQ;\r
  BIGNUM  *BnDp;\r
  BIGNUM  *BnDq;\r
  BIGNUM  *BnQInv;\r
\r
  //\r
  // Check input parameters.\r
  //\r
  if (RsaContext == NULL || BnSize > INT_MAX) {\r
    return FALSE;\r
  }\r
\r
  BnN    = NULL;\r
  BnE    = NULL;\r
  BnD    = NULL;\r
  BnP    = NULL;\r
  BnQ    = NULL;\r
  BnDp   = NULL;\r
  BnDq   = NULL;\r
  BnQInv = NULL;\r
\r
  //\r
  // Retrieve the components from RSA object.\r
  //\r
  RsaKey = (RSA *) RsaContext;\r
  RSA_get0_key (RsaKey, (const BIGNUM **)&BnN, (const BIGNUM **)&BnE, (const BIGNUM **)&BnD);\r
  RSA_get0_factors (RsaKey, (const BIGNUM **)&BnP, (const BIGNUM **)&BnQ);\r
  RSA_get0_crt_params (RsaKey, (const BIGNUM **)&BnDp, (const BIGNUM **)&BnDq, (const BIGNUM **)&BnQInv);\r
\r
  //\r
  // Set RSA Key Components by converting octet string to OpenSSL BN representation.\r
  // NOTE: For RSA public key (used in signature verification), only public components\r
  //       (N, e) are needed.\r
  //\r
  switch (KeyTag) {\r
\r
  //\r
  // RSA Public Modulus (N), Public Exponent (e) and Private Exponent (d)\r
  //\r
  case RsaKeyN:\r
  case RsaKeyE:\r
  case RsaKeyD:\r
    if (BnN == NULL) {\r
      BnN = BN_new ();\r
    }\r
    if (BnE == NULL) {\r
      BnE = BN_new ();\r
    }\r
    if (BnD == NULL) {\r
      BnD = BN_new ();\r
    }\r
\r
    if ((BnN == NULL) || (BnE == NULL) || (BnD == NULL)) {\r
      return FALSE;\r
    }\r
\r
    switch (KeyTag) {\r
    case RsaKeyN:\r
      BnN = BN_bin2bn (BigNumber, (UINT32)BnSize, BnN);\r
      break;\r
    case RsaKeyE:\r
      BnE = BN_bin2bn (BigNumber, (UINT32)BnSize, BnE);\r
      break;\r
    case RsaKeyD:\r
      BnD = BN_bin2bn (BigNumber, (UINT32)BnSize, BnD);\r
      break;\r
    default:\r
      return FALSE;\r
    }\r
    if (RSA_set0_key (RsaKey, BN_dup(BnN), BN_dup(BnE), BN_dup(BnD)) == 0) {\r
      return FALSE;\r
    }\r
\r
    break;\r
\r
  //\r
  // RSA Secret Prime Factor of Modulus (p and q)\r
  //\r
  case RsaKeyP:\r
  case RsaKeyQ:\r
    if (BnP == NULL) {\r
      BnP = BN_new ();\r
    }\r
    if (BnQ == NULL) {\r
      BnQ = BN_new ();\r
    }\r
    if ((BnP == NULL) || (BnQ == NULL)) {\r
      return FALSE;\r
    }\r
\r
    switch (KeyTag) {\r
    case RsaKeyP:\r
      BnP = BN_bin2bn (BigNumber, (UINT32)BnSize, BnP);\r
      break;\r
    case RsaKeyQ:\r
      BnQ = BN_bin2bn (BigNumber, (UINT32)BnSize, BnQ);\r
      break;\r
    default:\r
      return FALSE;\r
    }\r
    if (RSA_set0_factors (RsaKey, BN_dup(BnP), BN_dup(BnQ)) == 0) {\r
      return FALSE;\r
    }\r
\r
    break;\r
\r
  //\r
  // p's CRT Exponent (== d mod (p - 1)),  q's CRT Exponent (== d mod (q - 1)),\r
  // and CRT Coefficient (== 1/q mod p)\r
  //\r
  case RsaKeyDp:\r
  case RsaKeyDq:\r
  case RsaKeyQInv:\r
    if (BnDp == NULL) {\r
      BnDp = BN_new ();\r
    }\r
    if (BnDq == NULL) {\r
      BnDq = BN_new ();\r
    }\r
    if (BnQInv == NULL) {\r
      BnQInv = BN_new ();\r
    }\r
    if ((BnDp == NULL) || (BnDq == NULL) || (BnQInv == NULL)) {\r
      return FALSE;\r
    }\r
\r
    switch (KeyTag) {\r
    case RsaKeyDp:\r
      BnDp = BN_bin2bn (BigNumber, (UINT32)BnSize, BnDp);\r
      break;\r
    case RsaKeyDq:\r
      BnDq = BN_bin2bn (BigNumber, (UINT32)BnSize, BnDq);\r
      break;\r
    case RsaKeyQInv:\r
      BnQInv = BN_bin2bn (BigNumber, (UINT32)BnSize, BnQInv);\r
      break;\r
    default:\r
      return FALSE;\r
    }\r
    if (RSA_set0_crt_params (RsaKey, BN_dup(BnDp), BN_dup(BnDq), BN_dup(BnQInv)) == 0) {\r
      return FALSE;\r
    }\r
\r
    break;\r
\r
  default:\r
    return FALSE;\r
  }\r
\r
  return TRUE;\r
}\r
\r
/**\r
  Verifies the RSA-SSA signature with EMSA-PKCS1-v1_5 encoding scheme defined in\r
  RSA PKCS#1.\r
\r
  If RsaContext is NULL, then return FALSE.\r
  If MessageHash is NULL, then return FALSE.\r
  If Signature is NULL, then return FALSE.\r
  If HashSize is not equal to the size of MD5, SHA-1, SHA-256, SHA-384 or SHA-512 digest, then return FALSE.\r
\r
  @param[in]  RsaContext   Pointer to RSA context for signature verification.\r
  @param[in]  MessageHash  Pointer to octet message hash to be checked.\r
  @param[in]  HashSize     Size of the message hash in bytes.\r
  @param[in]  Signature    Pointer to RSA PKCS1-v1_5 signature to be verified.\r
  @param[in]  SigSize      Size of signature in bytes.\r
\r
  @retval  TRUE   Valid signature encoded in PKCS1-v1_5.\r
  @retval  FALSE  Invalid signature or invalid RSA context.\r
\r
**/\r
BOOLEAN\r
EFIAPI\r
RsaPkcs1Verify (\r
  IN  VOID         *RsaContext,\r
  IN  CONST UINT8  *MessageHash,\r
  IN  UINTN        HashSize,\r
  IN  CONST UINT8  *Signature,\r
  IN  UINTN        SigSize\r
  )\r
{\r
  INT32    DigestType;\r
  UINT8    *SigBuf;\r
\r
  //\r
  // Check input parameters.\r
  //\r
  if (RsaContext == NULL || MessageHash == NULL || Signature == NULL) {\r
    return FALSE;\r
  }\r
\r
  if (SigSize > INT_MAX || SigSize == 0) {\r
    return FALSE;\r
  }\r
\r
  //\r
  // Determine the message digest algorithm according to digest size.\r
  //   Only MD5, SHA-1, SHA-256, SHA-384 or SHA-512 algorithm is supported.\r
  //\r
  switch (HashSize) {\r
  case MD5_DIGEST_SIZE:\r
    DigestType = NID_md5;\r
    break;\r
\r
  case SHA1_DIGEST_SIZE:\r
    DigestType = NID_sha1;\r
    break;\r
\r
  case SHA256_DIGEST_SIZE:\r
    DigestType = NID_sha256;\r
    break;\r
\r
  case SHA384_DIGEST_SIZE:\r
    DigestType = NID_sha384;\r
    break;\r
\r
  case SHA512_DIGEST_SIZE:\r
    DigestType = NID_sha512;\r
    break;\r
\r
  default:\r
    return FALSE;\r
  }\r
\r
  SigBuf = (UINT8 *) Signature;\r
  return (BOOLEAN) RSA_verify (\r
                     DigestType,\r
                     MessageHash,\r
                     (UINT32) HashSize,\r
                     SigBuf,\r
                     (UINT32) SigSize,\r
                     (RSA *) RsaContext\r
                     );\r
}\r
Commit	Line	Data
	1	/** @file\r
	2	RSA Asymmetric Cipher Wrapper Implementation over OpenSSL.\r
	3	\r
	4	This file implements following APIs which provide basic capabilities for RSA:\r
	5	1) RsaNew\r
	6	2) RsaFree\r
	7	3) RsaSetKey\r
	8	4) RsaPkcs1Verify\r
	9	\r
	10	Copyright (c) 2009 - 2020, Intel Corporation. All rights reserved.<BR>\r
	11	SPDX-License-Identifier: BSD-2-Clause-Patent\r
	12	\r
	13	**/\r
	14	\r
	15	#include "InternalCryptLib.h"\r
	16	\r
	17	#include <openssl/bn.h>\r
	18	#include <openssl/rsa.h>\r
	19	#include <openssl/objects.h>\r
	20	\r
	21	/**\r
	22	Allocates and initializes one RSA context for subsequent use.\r
	23	\r
	24	@return Pointer to the RSA context that has been initialized.\r
	25	If the allocations fails, RsaNew() returns NULL.\r
	26	\r
	27	**/\r
	28	VOID *\r
	29	EFIAPI\r
	30	RsaNew (\r
	31	VOID\r
	32	)\r
	33	{\r
	34	//\r
	35	// Allocates & Initializes RSA Context by OpenSSL RSA_new()\r
	36	//\r
	37	return (VOID *) RSA_new ();\r
	38	}\r
	39	\r
	40	/**\r
	41	Release the specified RSA context.\r
	42	\r
	43	@param[in] RsaContext Pointer to the RSA context to be released.\r
	44	\r
	45	**/\r
	46	VOID\r
	47	EFIAPI\r
	48	RsaFree (\r
	49	IN VOID *RsaContext\r
	50	)\r
	51	{\r
	52	//\r
	53	// Free OpenSSL RSA Context\r
	54	//\r
	55	RSA_free ((RSA *) RsaContext);\r
	56	}\r
	57	\r
	58	/**\r
	59	Sets the tag-designated key component into the established RSA context.\r
	60	\r
	61	This function sets the tag-designated RSA key component into the established\r
	62	RSA context from the user-specified non-negative integer (octet string format\r
	63	represented in RSA PKCS#1).\r
	64	If BigNumber is NULL, then the specified key component in RSA context is cleared.\r
	65	\r
	66	If RsaContext is NULL, then return FALSE.\r
	67	\r
	68	@param[in, out] RsaContext Pointer to RSA context being set.\r
	69	@param[in] KeyTag Tag of RSA key component being set.\r
	70	@param[in] BigNumber Pointer to octet integer buffer.\r
	71	If NULL, then the specified key component in RSA\r
	72	context is cleared.\r
	73	@param[in] BnSize Size of big number buffer in bytes.\r
	74	If BigNumber is NULL, then it is ignored.\r
	75	\r
	76	@retval TRUE RSA key component was set successfully.\r
	77	@retval FALSE Invalid RSA key component tag.\r
	78	\r
	79	**/\r
	80	BOOLEAN\r
	81	EFIAPI\r
	82	RsaSetKey (\r
	83	IN OUT VOID *RsaContext,\r
	84	IN RSA_KEY_TAG KeyTag,\r
	85	IN CONST UINT8 *BigNumber,\r
	86	IN UINTN BnSize\r
	87	)\r
	88	{\r
	89	RSA *RsaKey;\r
	90	BIGNUM *BnN;\r
	91	BIGNUM *BnE;\r
	92	BIGNUM *BnD;\r
	93	BIGNUM *BnP;\r
	94	BIGNUM *BnQ;\r
	95	BIGNUM *BnDp;\r
	96	BIGNUM *BnDq;\r
	97	BIGNUM *BnQInv;\r
	98	\r
	99	//\r
	100	// Check input parameters.\r
	101	//\r
	102	if (RsaContext == NULL \|\| BnSize > INT_MAX) {\r
	103	return FALSE;\r
	104	}\r
	105	\r
	106	BnN = NULL;\r
	107	BnE = NULL;\r
	108	BnD = NULL;\r
	109	BnP = NULL;\r
	110	BnQ = NULL;\r
	111	BnDp = NULL;\r
	112	BnDq = NULL;\r
	113	BnQInv = NULL;\r
	114	\r
	115	//\r
	116	// Retrieve the components from RSA object.\r
	117	//\r
	118	RsaKey = (RSA *) RsaContext;\r
	119	RSA_get0_key (RsaKey, (const BIGNUM )&BnN, (const BIGNUM )&BnE, (const BIGNUM **)&BnD);\r
	120	RSA_get0_factors (RsaKey, (const BIGNUM )&BnP, (const BIGNUM )&BnQ);\r
	121	RSA_get0_crt_params (RsaKey, (const BIGNUM )&BnDp, (const BIGNUM )&BnDq, (const BIGNUM **)&BnQInv);\r
	122	\r
	123	//\r
	124	// Set RSA Key Components by converting octet string to OpenSSL BN representation.\r
	125	// NOTE: For RSA public key (used in signature verification), only public components\r
	126	// (N, e) are needed.\r
	127	//\r
	128	switch (KeyTag) {\r
	129	\r
	130	//\r
	131	// RSA Public Modulus (N), Public Exponent (e) and Private Exponent (d)\r
	132	//\r
	133	case RsaKeyN:\r
	134	case RsaKeyE:\r
	135	case RsaKeyD:\r
	136	if (BnN == NULL) {\r
	137	BnN = BN_new ();\r
	138	}\r
	139	if (BnE == NULL) {\r
	140	BnE = BN_new ();\r
	141	}\r
	142	if (BnD == NULL) {\r
	143	BnD = BN_new ();\r
	144	}\r
	145	\r
	146	if ((BnN == NULL) \|\| (BnE == NULL) \|\| (BnD == NULL)) {\r
	147	return FALSE;\r
	148	}\r
	149	\r
	150	switch (KeyTag) {\r
	151	case RsaKeyN:\r
	152	BnN = BN_bin2bn (BigNumber, (UINT32)BnSize, BnN);\r
	153	break;\r
	154	case RsaKeyE:\r
	155	BnE = BN_bin2bn (BigNumber, (UINT32)BnSize, BnE);\r
	156	break;\r
	157	case RsaKeyD:\r
	158	BnD = BN_bin2bn (BigNumber, (UINT32)BnSize, BnD);\r
	159	break;\r
	160	default:\r
	161	return FALSE;\r
	162	}\r
	163	if (RSA_set0_key (RsaKey, BN_dup(BnN), BN_dup(BnE), BN_dup(BnD)) == 0) {\r
	164	return FALSE;\r
	165	}\r
	166	\r
	167	break;\r
	168	\r
	169	//\r
	170	// RSA Secret Prime Factor of Modulus (p and q)\r
	171	//\r
	172	case RsaKeyP:\r
	173	case RsaKeyQ:\r
	174	if (BnP == NULL) {\r
	175	BnP = BN_new ();\r
	176	}\r
	177	if (BnQ == NULL) {\r
	178	BnQ = BN_new ();\r
	179	}\r
	180	if ((BnP == NULL) \|\| (BnQ == NULL)) {\r
	181	return FALSE;\r
	182	}\r
	183	\r
	184	switch (KeyTag) {\r
	185	case RsaKeyP:\r
	186	BnP = BN_bin2bn (BigNumber, (UINT32)BnSize, BnP);\r
	187	break;\r
	188	case RsaKeyQ:\r
	189	BnQ = BN_bin2bn (BigNumber, (UINT32)BnSize, BnQ);\r
	190	break;\r
	191	default:\r
	192	return FALSE;\r
	193	}\r
	194	if (RSA_set0_factors (RsaKey, BN_dup(BnP), BN_dup(BnQ)) == 0) {\r
	195	return FALSE;\r
	196	}\r
	197	\r
	198	break;\r
	199	\r
	200	//\r
	201	// p's CRT Exponent (== d mod (p - 1)), q's CRT Exponent (== d mod (q - 1)),\r
	202	// and CRT Coefficient (== 1/q mod p)\r
	203	//\r
	204	case RsaKeyDp:\r
	205	case RsaKeyDq:\r
	206	case RsaKeyQInv:\r
	207	if (BnDp == NULL) {\r
	208	BnDp = BN_new ();\r
	209	}\r
	210	if (BnDq == NULL) {\r
	211	BnDq = BN_new ();\r
	212	}\r
	213	if (BnQInv == NULL) {\r
	214	BnQInv = BN_new ();\r
	215	}\r
	216	if ((BnDp == NULL) \|\| (BnDq == NULL) \|\| (BnQInv == NULL)) {\r
	217	return FALSE;\r
	218	}\r
	219	\r
	220	switch (KeyTag) {\r
	221	case RsaKeyDp:\r
	222	BnDp = BN_bin2bn (BigNumber, (UINT32)BnSize, BnDp);\r
	223	break;\r
	224	case RsaKeyDq:\r
	225	BnDq = BN_bin2bn (BigNumber, (UINT32)BnSize, BnDq);\r
	226	break;\r
	227	case RsaKeyQInv:\r
	228	BnQInv = BN_bin2bn (BigNumber, (UINT32)BnSize, BnQInv);\r
	229	break;\r
	230	default:\r
	231	return FALSE;\r
	232	}\r
	233	if (RSA_set0_crt_params (RsaKey, BN_dup(BnDp), BN_dup(BnDq), BN_dup(BnQInv)) == 0) {\r
	234	return FALSE;\r
	235	}\r
	236	\r
	237	break;\r
	238	\r
	239	default:\r
	240	return FALSE;\r
	241	}\r
	242	\r
	243	return TRUE;\r
	244	}\r
	245	\r
	246	/**\r
	247	Verifies the RSA-SSA signature with EMSA-PKCS1-v1_5 encoding scheme defined in\r
	248	RSA PKCS#1.\r
	249	\r
	250	If RsaContext is NULL, then return FALSE.\r
	251	If MessageHash is NULL, then return FALSE.\r
	252	If Signature is NULL, then return FALSE.\r
	253	If HashSize is not equal to the size of MD5, SHA-1, SHA-256, SHA-384 or SHA-512 digest, then return FALSE.\r
	254	\r
	255	@param[in] RsaContext Pointer to RSA context for signature verification.\r
	256	@param[in] MessageHash Pointer to octet message hash to be checked.\r
	257	@param[in] HashSize Size of the message hash in bytes.\r
	258	@param[in] Signature Pointer to RSA PKCS1-v1_5 signature to be verified.\r
	259	@param[in] SigSize Size of signature in bytes.\r
	260	\r
	261	@retval TRUE Valid signature encoded in PKCS1-v1_5.\r
	262	@retval FALSE Invalid signature or invalid RSA context.\r
	263	\r
	264	**/\r
	265	BOOLEAN\r
	266	EFIAPI\r
	267	RsaPkcs1Verify (\r
	268	IN VOID *RsaContext,\r
	269	IN CONST UINT8 *MessageHash,\r
	270	IN UINTN HashSize,\r
	271	IN CONST UINT8 *Signature,\r
	272	IN UINTN SigSize\r
	273	)\r
	274	{\r
	275	INT32 DigestType;\r
	276	UINT8 *SigBuf;\r
	277	\r
	278	//\r
	279	// Check input parameters.\r
	280	//\r
	281	if (RsaContext == NULL \|\| MessageHash == NULL \|\| Signature == NULL) {\r
	282	return FALSE;\r
	283	}\r
	284	\r
	285	if (SigSize > INT_MAX \|\| SigSize == 0) {\r
	286	return FALSE;\r
	287	}\r
	288	\r
	289	//\r
	290	// Determine the message digest algorithm according to digest size.\r
	291	// Only MD5, SHA-1, SHA-256, SHA-384 or SHA-512 algorithm is supported.\r
	292	//\r
	293	switch (HashSize) {\r
	294	case MD5_DIGEST_SIZE:\r
	295	DigestType = NID_md5;\r
	296	break;\r
	297	\r
	298	case SHA1_DIGEST_SIZE:\r
	299	DigestType = NID_sha1;\r
	300	break;\r
	301	\r
	302	case SHA256_DIGEST_SIZE:\r
	303	DigestType = NID_sha256;\r
	304	break;\r
	305	\r
	306	case SHA384_DIGEST_SIZE:\r
	307	DigestType = NID_sha384;\r
	308	break;\r
	309	\r
	310	case SHA512_DIGEST_SIZE:\r
	311	DigestType = NID_sha512;\r
	312	break;\r
	313	\r
	314	default:\r
	315	return FALSE;\r
	316	}\r
	317	\r
	318	SigBuf = (UINT8 *) Signature;\r
	319	return (BOOLEAN) RSA_verify (\r
	320	DigestType,\r
	321	MessageHash,\r
	322	(UINT32) HashSize,\r
	323	SigBuf,\r
	324	(UINT32) SigSize,\r
	325	(RSA *) RsaContext\r
	326	);\r
	327	}\r