CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaBasic.c

   1 /** @file
   2   RSA Asymmetric Cipher Wrapper Implementation over OpenSSL.
   3
   4   This file implements following APIs which provide basic capabilities for RSA:
   5   1) RsaNew
   6   2) RsaFree
   7   3) RsaSetKey
   8   4) RsaPkcs1Verify
   9
  10 Copyright (c) 2009 - 2020, Intel Corporation. All rights reserved.<BR>
  11 SPDX-License-Identifier: BSD-2-Clause-Patent
  12
  13 **/
  14
  15 #include "InternalCryptLib.h"
  16
  17 #include <openssl/bn.h>
  18 #include <openssl/rsa.h>
  19 #include <openssl/objects.h>
  20
  21 /**
  22   Allocates and initializes one RSA context for subsequent use.
  23
  24   @return  Pointer to the RSA context that has been initialized.
  25            If the allocations fails, RsaNew() returns NULL.
  26
  27 **/
  28 VOID *
  29 EFIAPI
  30 RsaNew (
  31   VOID
  32   )
  33 {
  34   //
  35   // Allocates & Initializes RSA Context by OpenSSL RSA_new()
  36   //
  37   return (VOID *)RSA_new ();
  38 }
  39
  40 /**
  41   Release the specified RSA context.
  42
  43   @param[in]  RsaContext  Pointer to the RSA context to be released.
  44
  45 **/
  46 VOID
  47 EFIAPI
  48 RsaFree (
  49   IN  VOID  *RsaContext
  50   )
  51 {
  52   //
  53   // Free OpenSSL RSA Context
  54   //
  55   RSA_free ((RSA *)RsaContext);
  56 }
  57
  58 /**
  59   Sets the tag-designated key component into the established RSA context.
  60
  61   This function sets the tag-designated RSA key component into the established
  62   RSA context from the user-specified non-negative integer (octet string format
  63   represented in RSA PKCS#1).
  64   If BigNumber is NULL, then the specified key component in RSA context is cleared.
  65
  66   If RsaContext is NULL, then return FALSE.
  67
  68   @param[in, out]  RsaContext  Pointer to RSA context being set.
  69   @param[in]       KeyTag      Tag of RSA key component being set.
  70   @param[in]       BigNumber   Pointer to octet integer buffer.
  71                                If NULL, then the specified key component in RSA
  72                                context is cleared.
  73   @param[in]       BnSize      Size of big number buffer in bytes.
  74                                If BigNumber is NULL, then it is ignored.
  75
  76   @retval  TRUE   RSA key component was set successfully.
  77   @retval  FALSE  Invalid RSA key component tag.
  78
  79 **/
  80 BOOLEAN
  81 EFIAPI
  82 RsaSetKey (
  83   IN OUT  VOID         *RsaContext,
  84   IN      RSA_KEY_TAG  KeyTag,
  85   IN      CONST UINT8  *BigNumber,
  86   IN      UINTN        BnSize
  87   )
  88 {
  89   RSA     *RsaKey;
  90   BIGNUM  *BnN;
  91   BIGNUM  *BnE;
  92   BIGNUM  *BnD;
  93   BIGNUM  *BnP;
  94   BIGNUM  *BnQ;
  95   BIGNUM  *BnDp;
  96   BIGNUM  *BnDq;
  97   BIGNUM  *BnQInv;
  98
  99   //
 100   // Check input parameters.
 101   //
 102   if ((RsaContext == NULL) || (BnSize > INT_MAX)) {
 103     return FALSE;
 104   }
 105
 106   BnN    = NULL;
 107   BnE    = NULL;
 108   BnD    = NULL;
 109   BnP    = NULL;
 110   BnQ    = NULL;
 111   BnDp   = NULL;
 112   BnDq   = NULL;
 113   BnQInv = NULL;
 114
 115   //
 116   // Retrieve the components from RSA object.
 117   //
 118   RsaKey = (RSA *)RsaContext;
 119   RSA_get0_key (RsaKey, (const BIGNUM **)&BnN, (const BIGNUM **)&BnE, (const BIGNUM **)&BnD);
 120   RSA_get0_factors (RsaKey, (const BIGNUM **)&BnP, (const BIGNUM **)&BnQ);
 121   RSA_get0_crt_params (RsaKey, (const BIGNUM **)&BnDp, (const BIGNUM **)&BnDq, (const BIGNUM **)&BnQInv);
 122
 123   //
 124   // Set RSA Key Components by converting octet string to OpenSSL BN representation.
 125   // NOTE: For RSA public key (used in signature verification), only public components
 126   //       (N, e) are needed.
 127   //
 128   switch (KeyTag) {
 129     //
 130     // RSA Public Modulus (N), Public Exponent (e) and Private Exponent (d)
 131     //
 132     case RsaKeyN:
 133     case RsaKeyE:
 134     case RsaKeyD:
 135       if (BnN == NULL) {
 136         BnN = BN_new ();
 137       }
 138
 139       if (BnE == NULL) {
 140         BnE = BN_new ();
 141       }
 142
 143       if (BnD == NULL) {
 144         BnD = BN_new ();
 145       }
 146
 147       if ((BnN == NULL) || (BnE == NULL) || (BnD == NULL)) {
 148         return FALSE;
 149       }
 150
 151       switch (KeyTag) {
 152         case RsaKeyN:
 153           BnN = BN_bin2bn (BigNumber, (UINT32)BnSize, BnN);
 154           break;
 155         case RsaKeyE:
 156           BnE = BN_bin2bn (BigNumber, (UINT32)BnSize, BnE);
 157           break;
 158         case RsaKeyD:
 159           BnD = BN_bin2bn (BigNumber, (UINT32)BnSize, BnD);
 160           break;
 161         default:
 162           return FALSE;
 163       }
 164
 165       if (RSA_set0_key (RsaKey, BN_dup (BnN), BN_dup (BnE), BN_dup (BnD)) == 0) {
 166         return FALSE;
 167       }
 168
 169       break;
 170
 171     //
 172     // RSA Secret Prime Factor of Modulus (p and q)
 173     //
 174     case RsaKeyP:
 175     case RsaKeyQ:
 176       if (BnP == NULL) {
 177         BnP = BN_new ();
 178       }
 179
 180       if (BnQ == NULL) {
 181         BnQ = BN_new ();
 182       }
 183
 184       if ((BnP == NULL) || (BnQ == NULL)) {
 185         return FALSE;
 186       }
 187
 188       switch (KeyTag) {
 189         case RsaKeyP:
 190           BnP = BN_bin2bn (BigNumber, (UINT32)BnSize, BnP);
 191           break;
 192         case RsaKeyQ:
 193           BnQ = BN_bin2bn (BigNumber, (UINT32)BnSize, BnQ);
 194           break;
 195         default:
 196           return FALSE;
 197       }
 198
 199       if (RSA_set0_factors (RsaKey, BN_dup (BnP), BN_dup (BnQ)) == 0) {
 200         return FALSE;
 201       }
 202
 203       break;
 204
 205     //
 206     // p's CRT Exponent (== d mod (p - 1)),  q's CRT Exponent (== d mod (q - 1)),
 207     // and CRT Coefficient (== 1/q mod p)
 208     //
 209     case RsaKeyDp:
 210     case RsaKeyDq:
 211     case RsaKeyQInv:
 212       if (BnDp == NULL) {
 213         BnDp = BN_new ();
 214       }
 215
 216       if (BnDq == NULL) {
 217         BnDq = BN_new ();
 218       }
 219
 220       if (BnQInv == NULL) {
 221         BnQInv = BN_new ();
 222       }
 223
 224       if ((BnDp == NULL) || (BnDq == NULL) || (BnQInv == NULL)) {
 225         return FALSE;
 226       }
 227
 228       switch (KeyTag) {
 229         case RsaKeyDp:
 230           BnDp = BN_bin2bn (BigNumber, (UINT32)BnSize, BnDp);
 231           break;
 232         case RsaKeyDq:
 233           BnDq = BN_bin2bn (BigNumber, (UINT32)BnSize, BnDq);
 234           break;
 235         case RsaKeyQInv:
 236           BnQInv = BN_bin2bn (BigNumber, (UINT32)BnSize, BnQInv);
 237           break;
 238         default:
 239           return FALSE;
 240       }
 241
 242       if (RSA_set0_crt_params (RsaKey, BN_dup (BnDp), BN_dup (BnDq), BN_dup (BnQInv)) == 0) {
 243         return FALSE;
 244       }
 245
 246       break;
 247
 248     default:
 249       return FALSE;
 250   }
 251
 252   return TRUE;
 253 }
 254
 255 /**
 256   Verifies the RSA-SSA signature with EMSA-PKCS1-v1_5 encoding scheme defined in
 257   RSA PKCS#1.
 258
 259   If RsaContext is NULL, then return FALSE.
 260   If MessageHash is NULL, then return FALSE.
 261   If Signature is NULL, then return FALSE.
 262   If HashSize is not equal to the size of MD5, SHA-1, SHA-256, SHA-384 or SHA-512 digest, then return FALSE.
 263
 264   @param[in]  RsaContext   Pointer to RSA context for signature verification.
 265   @param[in]  MessageHash  Pointer to octet message hash to be checked.
 266   @param[in]  HashSize     Size of the message hash in bytes.
 267   @param[in]  Signature    Pointer to RSA PKCS1-v1_5 signature to be verified.
 268   @param[in]  SigSize      Size of signature in bytes.
 269
 270   @retval  TRUE   Valid signature encoded in PKCS1-v1_5.
 271   @retval  FALSE  Invalid signature or invalid RSA context.
 272
 273 **/
 274 BOOLEAN
 275 EFIAPI
 276 RsaPkcs1Verify (
 277   IN  VOID         *RsaContext,
 278   IN  CONST UINT8  *MessageHash,
 279   IN  UINTN        HashSize,
 280   IN  CONST UINT8  *Signature,
 281   IN  UINTN        SigSize
 282   )
 283 {
 284   INT32  DigestType;
 285   UINT8  *SigBuf;
 286
 287   //
 288   // Check input parameters.
 289   //
 290   if ((RsaContext == NULL) || (MessageHash == NULL) || (Signature == NULL)) {
 291     return FALSE;
 292   }
 293
 294   if ((SigSize > INT_MAX) || (SigSize == 0)) {
 295     return FALSE;
 296   }
 297
 298   //
 299   // Determine the message digest algorithm according to digest size.
 300   //   Only MD5, SHA-1, SHA-256, SHA-384 or SHA-512 algorithm is supported.
 301   //
 302   switch (HashSize) {
 303     case MD5_DIGEST_SIZE:
 304       DigestType = NID_md5;
 305       break;
 306
 307     case SHA1_DIGEST_SIZE:
 308       DigestType = NID_sha1;
 309       break;
 310
 311     case SHA256_DIGEST_SIZE:
 312       DigestType = NID_sha256;
 313       break;
 314
 315     case SHA384_DIGEST_SIZE:
 316       DigestType = NID_sha384;
 317       break;
 318
 319     case SHA512_DIGEST_SIZE:
 320       DigestType = NID_sha512;
 321       break;
 322
 323     default:
 324       return FALSE;
 325   }
 326
 327   SigBuf = (UINT8 *)Signature;
 328   return (BOOLEAN)RSA_verify (
 329                     DigestType,
 330                     MessageHash,
 331                     (UINT32)HashSize,
 332                     SigBuf,
 333                     (UINT32)SigSize,
 334                     (RSA *)RsaContext
 335                     );
 336 }