b890704a2ee8c77215bd08db4393c70f7c430c46
[mirror_edk2.git] / CryptoPkg / Library / BaseCryptLib / Pk / CryptRsaExt.c
1 /** @file
2 RSA Asymmetric Cipher Wrapper Implementation over OpenSSL.
3
4 This file implements following APIs which provide more capabilities for RSA:
5 1) RsaGetKey
6 2) RsaGenerateKey
7 3) RsaCheckKey
8 4) RsaPkcs1Sign
9
10 Copyright (c) 2009 - 2013, Intel Corporation. All rights reserved.<BR>
11 This program and the accompanying materials
12 are licensed and made available under the terms and conditions of the BSD License
13 which accompanies this distribution. The full text of the license may be found at
14 http://opensource.org/licenses/bsd-license.php
15
16 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
17 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
18
19 **/
20
21 #include "InternalCryptLib.h"
22
23 #include <openssl/rsa.h>
24 #include <openssl/err.h>
25 #include <openssl/objects.h>
26
27 /**
28 Gets the tag-designated RSA key component from the established RSA context.
29
30 This function retrieves the tag-designated RSA key component from the
31 established RSA context as a non-negative integer (octet string format
32 represented in RSA PKCS#1).
33 If specified key component has not been set or has been cleared, then returned
34 BnSize is set to 0.
35 If the BigNumber buffer is too small to hold the contents of the key, FALSE
36 is returned and BnSize is set to the required buffer size to obtain the key.
37
38 If RsaContext is NULL, then return FALSE.
39 If BnSize is NULL, then return FALSE.
40 If BnSize is large enough but BigNumber is NULL, then return FALSE.
41
42 @param[in, out] RsaContext Pointer to RSA context being set.
43 @param[in] KeyTag Tag of RSA key component being set.
44 @param[out] BigNumber Pointer to octet integer buffer.
45 @param[in, out] BnSize On input, the size of big number buffer in bytes.
46 On output, the size of data returned in big number buffer in bytes.
47
48 @retval TRUE RSA key component was retrieved successfully.
49 @retval FALSE Invalid RSA key component tag.
50 @retval FALSE BnSize is too small.
51
52 **/
53 BOOLEAN
54 EFIAPI
55 RsaGetKey (
56 IN OUT VOID *RsaContext,
57 IN RSA_KEY_TAG KeyTag,
58 OUT UINT8 *BigNumber,
59 IN OUT UINTN *BnSize
60 )
61 {
62 RSA *RsaKey;
63 BIGNUM *BnKey;
64 UINTN Size;
65
66 //
67 // Check input parameters.
68 //
69 if (RsaContext == NULL || BnSize == NULL) {
70 return FALSE;
71 }
72
73 RsaKey = (RSA *) RsaContext;
74 Size = *BnSize;
75 *BnSize = 0;
76
77 switch (KeyTag) {
78
79 //
80 // RSA Public Modulus (N)
81 //
82 case RsaKeyN:
83 if (RsaKey->n == NULL) {
84 return TRUE;
85 }
86 BnKey = RsaKey->n;
87 break;
88
89 //
90 // RSA Public Exponent (e)
91 //
92 case RsaKeyE:
93 if (RsaKey->e == NULL) {
94 return TRUE;
95 }
96 BnKey = RsaKey->e;
97 break;
98
99 //
100 // RSA Private Exponent (d)
101 //
102 case RsaKeyD:
103 if (RsaKey->d == NULL) {
104 return TRUE;
105 }
106 BnKey = RsaKey->d;
107 break;
108
109 //
110 // RSA Secret Prime Factor of Modulus (p)
111 //
112 case RsaKeyP:
113 if (RsaKey->p == NULL) {
114 return TRUE;
115 }
116 BnKey = RsaKey->p;
117 break;
118
119 //
120 // RSA Secret Prime Factor of Modules (q)
121 //
122 case RsaKeyQ:
123 if (RsaKey->q == NULL) {
124 return TRUE;
125 }
126 BnKey = RsaKey->q;
127 break;
128
129 //
130 // p's CRT Exponent (== d mod (p - 1))
131 //
132 case RsaKeyDp:
133 if (RsaKey->dmp1 == NULL) {
134 return TRUE;
135 }
136 BnKey = RsaKey->dmp1;
137 break;
138
139 //
140 // q's CRT Exponent (== d mod (q - 1))
141 //
142 case RsaKeyDq:
143 if (RsaKey->dmq1 == NULL) {
144 return TRUE;
145 }
146 BnKey = RsaKey->dmq1;
147 break;
148
149 //
150 // The CRT Coefficient (== 1/q mod p)
151 //
152 case RsaKeyQInv:
153 if (RsaKey->iqmp == NULL) {
154 return TRUE;
155 }
156 BnKey = RsaKey->iqmp;
157 break;
158
159 default:
160 return FALSE;
161 }
162
163 *BnSize = Size;
164 Size = BN_num_bytes (BnKey);
165
166 if (*BnSize < Size) {
167 *BnSize = Size;
168 return FALSE;
169 }
170
171 if (BigNumber == NULL) {
172 return FALSE;
173 }
174 *BnSize = BN_bn2bin (BnKey, BigNumber) ;
175
176 return TRUE;
177 }
178
179 /**
180 Generates RSA key components.
181
182 This function generates RSA key components. It takes RSA public exponent E and
183 length in bits of RSA modulus N as input, and generates all key components.
184 If PublicExponent is NULL, the default RSA public exponent (0x10001) will be used.
185
186 Before this function can be invoked, pseudorandom number generator must be correctly
187 initialized by RandomSeed().
188
189 If RsaContext is NULL, then return FALSE.
190
191 @param[in, out] RsaContext Pointer to RSA context being set.
192 @param[in] ModulusLength Length of RSA modulus N in bits.
193 @param[in] PublicExponent Pointer to RSA public exponent.
194 @param[in] PublicExponentSize Size of RSA public exponent buffer in bytes.
195
196 @retval TRUE RSA key component was generated successfully.
197 @retval FALSE Invalid RSA key component tag.
198
199 **/
200 BOOLEAN
201 EFIAPI
202 RsaGenerateKey (
203 IN OUT VOID *RsaContext,
204 IN UINTN ModulusLength,
205 IN CONST UINT8 *PublicExponent,
206 IN UINTN PublicExponentSize
207 )
208 {
209 BIGNUM *KeyE;
210 BOOLEAN RetVal;
211
212 //
213 // Check input parameters.
214 //
215 if (RsaContext == NULL || ModulusLength > INT_MAX || PublicExponentSize > INT_MAX) {
216 return FALSE;
217 }
218
219 KeyE = BN_new ();
220 if (KeyE == NULL) {
221 return FALSE;
222 }
223
224 RetVal = FALSE;
225
226 if (PublicExponent == NULL) {
227 if (BN_set_word (KeyE, 0x10001) == 0) {
228 goto _Exit;
229 }
230 } else {
231 if (BN_bin2bn (PublicExponent, (UINT32) PublicExponentSize, KeyE) == NULL) {
232 goto _Exit;
233 }
234 }
235
236 if (RSA_generate_key_ex ((RSA *) RsaContext, (UINT32) ModulusLength, KeyE, NULL) == 1) {
237 RetVal = TRUE;
238 }
239
240 _Exit:
241 BN_free (KeyE);
242 return RetVal;
243 }
244
245 /**
246 Validates key components of RSA context.
247 NOTE: This function performs integrity checks on all the RSA key material, so
248 the RSA key structure must contain all the private key data.
249
250 This function validates key compoents of RSA context in following aspects:
251 - Whether p is a prime
252 - Whether q is a prime
253 - Whether n = p * q
254 - Whether d*e = 1 mod lcm(p-1,q-1)
255
256 If RsaContext is NULL, then return FALSE.
257
258 @param[in] RsaContext Pointer to RSA context to check.
259
260 @retval TRUE RSA key components are valid.
261 @retval FALSE RSA key components are not valid.
262
263 **/
264 BOOLEAN
265 EFIAPI
266 RsaCheckKey (
267 IN VOID *RsaContext
268 )
269 {
270 UINTN Reason;
271
272 //
273 // Check input parameters.
274 //
275 if (RsaContext == NULL) {
276 return FALSE;
277 }
278
279 if (RSA_check_key ((RSA *) RsaContext) != 1) {
280 Reason = ERR_GET_REASON (ERR_peek_last_error ());
281 if (Reason == RSA_R_P_NOT_PRIME ||
282 Reason == RSA_R_Q_NOT_PRIME ||
283 Reason == RSA_R_N_DOES_NOT_EQUAL_P_Q ||
284 Reason == RSA_R_D_E_NOT_CONGRUENT_TO_1) {
285 return FALSE;
286 }
287 }
288
289 return TRUE;
290 }
291
292 /**
293 Carries out the RSA-SSA signature generation with EMSA-PKCS1-v1_5 encoding scheme.
294
295 This function carries out the RSA-SSA signature generation with EMSA-PKCS1-v1_5 encoding scheme defined in
296 RSA PKCS#1.
297 If the Signature buffer is too small to hold the contents of signature, FALSE
298 is returned and SigSize is set to the required buffer size to obtain the signature.
299
300 If RsaContext is NULL, then return FALSE.
301 If MessageHash is NULL, then return FALSE.
302 If HashSize is not equal to the size of MD5, SHA-1 or SHA-256 digest, then return FALSE.
303 If SigSize is large enough but Signature is NULL, then return FALSE.
304
305 @param[in] RsaContext Pointer to RSA context for signature generation.
306 @param[in] MessageHash Pointer to octet message hash to be signed.
307 @param[in] HashSize Size of the message hash in bytes.
308 @param[out] Signature Pointer to buffer to receive RSA PKCS1-v1_5 signature.
309 @param[in, out] SigSize On input, the size of Signature buffer in bytes.
310 On output, the size of data returned in Signature buffer in bytes.
311
312 @retval TRUE Signature successfully generated in PKCS1-v1_5.
313 @retval FALSE Signature generation failed.
314 @retval FALSE SigSize is too small.
315
316 **/
317 BOOLEAN
318 EFIAPI
319 RsaPkcs1Sign (
320 IN VOID *RsaContext,
321 IN CONST UINT8 *MessageHash,
322 IN UINTN HashSize,
323 OUT UINT8 *Signature,
324 IN OUT UINTN *SigSize
325 )
326 {
327 RSA *Rsa;
328 UINTN Size;
329 INT32 DigestType;
330
331 //
332 // Check input parameters.
333 //
334 if (RsaContext == NULL || MessageHash == NULL) {
335 return FALSE;
336 }
337
338 Rsa = (RSA *) RsaContext;
339 Size = BN_num_bytes (Rsa->n);
340
341 if (*SigSize < Size) {
342 *SigSize = Size;
343 return FALSE;
344 }
345
346 if (Signature == NULL) {
347 return FALSE;
348 }
349
350 //
351 // Determine the message digest algorithm according to digest size.
352 // Only MD5, SHA-1 or SHA-256 algorithm is supported.
353 //
354 switch (HashSize) {
355 case MD5_DIGEST_SIZE:
356 DigestType = NID_md5;
357 break;
358
359 case SHA1_DIGEST_SIZE:
360 DigestType = NID_sha1;
361 break;
362
363 case SHA256_DIGEST_SIZE:
364 DigestType = NID_sha256;
365 break;
366
367 default:
368 return FALSE;
369 }
370
371 return (BOOLEAN) RSA_sign (
372 DigestType,
373 MessageHash,
374 (UINT32) HashSize,
375 Signature,
376 (UINT32 *) SigSize,
377 (RSA *) RsaContext
378 );
379 }