3e4309899c94b49fc1dba85b8fe6c2b971d861ee
[mirror_edk2.git] / CryptoPkg / Library / BaseCryptLib / Pk / CryptRsaBasic.c
1 /** @file
2 RSA Asymmetric Cipher Wrapper Implementation over OpenSSL.
3
4 This file implements following APIs which provide basic capabilities for RSA:
5 1) RsaNew
6 2) RsaFree
7 3) RsaSetKey
8 4) RsaPkcs1Verify
9
10 Copyright (c) 2009 - 2013, Intel Corporation. All rights reserved.<BR>
11 This program and the accompanying materials
12 are licensed and made available under the terms and conditions of the BSD License
13 which accompanies this distribution. The full text of the license may be found at
14 http://opensource.org/licenses/bsd-license.php
15
16 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
17 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
18
19 **/
20
21 #include "InternalCryptLib.h"
22
23 #include <openssl/rsa.h>
24 #include <openssl/objects.h>
25
26 /**
27 Allocates and initializes one RSA context for subsequent use.
28
29 @return Pointer to the RSA context that has been initialized.
30 If the allocations fails, RsaNew() returns NULL.
31
32 **/
33 VOID *
34 EFIAPI
35 RsaNew (
36 VOID
37 )
38 {
39 //
40 // Allocates & Initializes RSA Context by OpenSSL RSA_new()
41 //
42 return (VOID *) RSA_new ();
43 }
44
45 /**
46 Release the specified RSA context.
47
48 @param[in] RsaContext Pointer to the RSA context to be released.
49
50 **/
51 VOID
52 EFIAPI
53 RsaFree (
54 IN VOID *RsaContext
55 )
56 {
57 //
58 // Free OpenSSL RSA Context
59 //
60 RSA_free ((RSA *) RsaContext);
61 }
62
63 /**
64 Sets the tag-designated key component into the established RSA context.
65
66 This function sets the tag-designated RSA key component into the established
67 RSA context from the user-specified non-negative integer (octet string format
68 represented in RSA PKCS#1).
69 If BigNumber is NULL, then the specified key componenet in RSA context is cleared.
70
71 If RsaContext is NULL, then return FALSE.
72
73 @param[in, out] RsaContext Pointer to RSA context being set.
74 @param[in] KeyTag Tag of RSA key component being set.
75 @param[in] BigNumber Pointer to octet integer buffer.
76 If NULL, then the specified key componenet in RSA
77 context is cleared.
78 @param[in] BnSize Size of big number buffer in bytes.
79 If BigNumber is NULL, then it is ignored.
80
81 @retval TRUE RSA key component was set successfully.
82 @retval FALSE Invalid RSA key component tag.
83
84 **/
85 BOOLEAN
86 EFIAPI
87 RsaSetKey (
88 IN OUT VOID *RsaContext,
89 IN RSA_KEY_TAG KeyTag,
90 IN CONST UINT8 *BigNumber,
91 IN UINTN BnSize
92 )
93 {
94 RSA *RsaKey;
95
96 //
97 // Check input parameters.
98 //
99 if (RsaContext == NULL || BnSize > INT_MAX) {
100 return FALSE;
101 }
102
103 RsaKey = (RSA *) RsaContext;
104 //
105 // Set RSA Key Components by converting octet string to OpenSSL BN representation.
106 // NOTE: For RSA public key (used in signature verification), only public components
107 // (N, e) are needed.
108 //
109 switch (KeyTag) {
110
111 //
112 // RSA Public Modulus (N)
113 //
114 case RsaKeyN:
115 if (RsaKey->n != NULL) {
116 BN_free (RsaKey->n);
117 }
118 RsaKey->n = NULL;
119 if (BigNumber == NULL) {
120 break;
121 }
122 RsaKey->n = BN_bin2bn (BigNumber, (UINT32) BnSize, RsaKey->n);
123 if (RsaKey->n == NULL) {
124 return FALSE;
125 }
126
127 break;
128
129 //
130 // RSA Public Exponent (e)
131 //
132 case RsaKeyE:
133 if (RsaKey->e != NULL) {
134 BN_free (RsaKey->e);
135 }
136 RsaKey->e = NULL;
137 if (BigNumber == NULL) {
138 break;
139 }
140 RsaKey->e = BN_bin2bn (BigNumber, (UINT32) BnSize, RsaKey->e);
141 if (RsaKey->e == NULL) {
142 return FALSE;
143 }
144
145 break;
146
147 //
148 // RSA Private Exponent (d)
149 //
150 case RsaKeyD:
151 if (RsaKey->d != NULL) {
152 BN_free (RsaKey->d);
153 }
154 RsaKey->d = NULL;
155 if (BigNumber == NULL) {
156 break;
157 }
158 RsaKey->d = BN_bin2bn (BigNumber, (UINT32) BnSize, RsaKey->d);
159 if (RsaKey->d == NULL) {
160 return FALSE;
161 }
162
163 break;
164
165 //
166 // RSA Secret Prime Factor of Modulus (p)
167 //
168 case RsaKeyP:
169 if (RsaKey->p != NULL) {
170 BN_free (RsaKey->p);
171 }
172 RsaKey->p = NULL;
173 if (BigNumber == NULL) {
174 break;
175 }
176 RsaKey->p = BN_bin2bn (BigNumber, (UINT32) BnSize, RsaKey->p);
177 if (RsaKey->p == NULL) {
178 return FALSE;
179 }
180
181 break;
182
183 //
184 // RSA Secret Prime Factor of Modules (q)
185 //
186 case RsaKeyQ:
187 if (RsaKey->q != NULL) {
188 BN_free (RsaKey->q);
189 }
190 RsaKey->q = NULL;
191 if (BigNumber == NULL) {
192 break;
193 }
194 RsaKey->q = BN_bin2bn (BigNumber, (UINT32) BnSize, RsaKey->q);
195 if (RsaKey->q == NULL) {
196 return FALSE;
197 }
198
199 break;
200
201 //
202 // p's CRT Exponent (== d mod (p - 1))
203 //
204 case RsaKeyDp:
205 if (RsaKey->dmp1 != NULL) {
206 BN_free (RsaKey->dmp1);
207 }
208 RsaKey->dmp1 = NULL;
209 if (BigNumber == NULL) {
210 break;
211 }
212 RsaKey->dmp1 = BN_bin2bn (BigNumber, (UINT32) BnSize, RsaKey->dmp1);
213 if (RsaKey->dmp1 == NULL) {
214 return FALSE;
215 }
216
217 break;
218
219 //
220 // q's CRT Exponent (== d mod (q - 1))
221 //
222 case RsaKeyDq:
223 if (RsaKey->dmq1 != NULL) {
224 BN_free (RsaKey->dmq1);
225 }
226 RsaKey->dmq1 = NULL;
227 if (BigNumber == NULL) {
228 break;
229 }
230 RsaKey->dmq1 = BN_bin2bn (BigNumber, (UINT32) BnSize, RsaKey->dmq1);
231 if (RsaKey->dmq1 == NULL) {
232 return FALSE;
233 }
234
235 break;
236
237 //
238 // The CRT Coefficient (== 1/q mod p)
239 //
240 case RsaKeyQInv:
241 if (RsaKey->iqmp != NULL) {
242 BN_free (RsaKey->iqmp);
243 }
244 RsaKey->iqmp = NULL;
245 if (BigNumber == NULL) {
246 break;
247 }
248 RsaKey->iqmp = BN_bin2bn (BigNumber, (UINT32) BnSize, RsaKey->iqmp);
249 if (RsaKey->iqmp == NULL) {
250 return FALSE;
251 }
252
253 break;
254
255 default:
256 return FALSE;
257 }
258
259 return TRUE;
260 }
261
262 /**
263 Verifies the RSA-SSA signature with EMSA-PKCS1-v1_5 encoding scheme defined in
264 RSA PKCS#1.
265
266 If RsaContext is NULL, then return FALSE.
267 If MessageHash is NULL, then return FALSE.
268 If Signature is NULL, then return FALSE.
269 If HashSize is not equal to the size of MD5, SHA-1 or SHA-256 digest, then return FALSE.
270
271 @param[in] RsaContext Pointer to RSA context for signature verification.
272 @param[in] MessageHash Pointer to octet message hash to be checked.
273 @param[in] HashSize Size of the message hash in bytes.
274 @param[in] Signature Pointer to RSA PKCS1-v1_5 signature to be verified.
275 @param[in] SigSize Size of signature in bytes.
276
277 @retval TRUE Valid signature encoded in PKCS1-v1_5.
278 @retval FALSE Invalid signature or invalid RSA context.
279
280 **/
281 BOOLEAN
282 EFIAPI
283 RsaPkcs1Verify (
284 IN VOID *RsaContext,
285 IN CONST UINT8 *MessageHash,
286 IN UINTN HashSize,
287 IN CONST UINT8 *Signature,
288 IN UINTN SigSize
289 )
290 {
291 INT32 DigestType;
292 UINT8 *SigBuf;
293
294 //
295 // Check input parameters.
296 //
297 if (RsaContext == NULL || MessageHash == NULL || Signature == NULL) {
298 return FALSE;
299 }
300
301 if (SigSize > INT_MAX || SigSize == 0) {
302 return FALSE;
303 }
304
305 //
306 // Determine the message digest algorithm according to digest size.
307 // Only MD5, SHA-1 or SHA-256 algorithm is supported.
308 //
309 switch (HashSize) {
310 case MD5_DIGEST_SIZE:
311 DigestType = NID_md5;
312 break;
313
314 case SHA1_DIGEST_SIZE:
315 DigestType = NID_sha1;
316 break;
317
318 case SHA256_DIGEST_SIZE:
319 DigestType = NID_sha256;
320 break;
321
322 default:
323 return FALSE;
324 }
325
326 SigBuf = (UINT8 *) Signature;
327 return (BOOLEAN) RSA_verify (
328 DigestType,
329 MessageHash,
330 (UINT32) HashSize,
331 SigBuf,
332 (UINT32) SigSize,
333 (RSA *) RsaContext
334 );
335 }