]> git.proxmox.com Git - mirror_edk2.git/blob - CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaExt.c
projects / mirror_edk2.git / blob
? search:


d414ce83f95f11156d8b02136dab4848b542d2ee
[mirror_edk2.git] / CryptoPkg / Library / BaseCryptLib / Pk / CryptRsaExt.c
1 /** @file
2 RSA Asymmetric Cipher Wrapper Implementation over OpenSSL.
3
4 This file implements following APIs which provide more capabilities for RSA:
5 1) RsaGetKey
6 2) RsaGenerateKey
7 3) RsaCheckKey
8 4) RsaPkcs1Sign
9
10 Copyright (c) 2009 - 2020, Intel Corporation. All rights reserved.<BR>
11 SPDX-License-Identifier: BSD-2-Clause-Patent
12
13 **/
14
15 #include "InternalCryptLib.h"
16
17 #include <openssl/bn.h>
18 #include <openssl/rsa.h>
19 #include <openssl/err.h>
20 #include <openssl/objects.h>
21
22 /**
23 Gets the tag-designated RSA key component from the established RSA context.
24
25 This function retrieves the tag-designated RSA key component from the
26 established RSA context as a non-negative integer (octet string format
27 represented in RSA PKCS#1).
28 If specified key component has not been set or has been cleared, then returned
29 BnSize is set to 0.
30 If the BigNumber buffer is too small to hold the contents of the key, FALSE
31 is returned and BnSize is set to the required buffer size to obtain the key.
32
33 If RsaContext is NULL, then return FALSE.
34 If BnSize is NULL, then return FALSE.
35 If BnSize is large enough but BigNumber is NULL, then return FALSE.
36
37 @param[in, out] RsaContext Pointer to RSA context being set.
38 @param[in] KeyTag Tag of RSA key component being set.
39 @param[out] BigNumber Pointer to octet integer buffer.
40 @param[in, out] BnSize On input, the size of big number buffer in bytes.
41 On output, the size of data returned in big number buffer in bytes.
42
43 @retval TRUE RSA key component was retrieved successfully.
44 @retval FALSE Invalid RSA key component tag.
45 @retval FALSE BnSize is too small.
46
47 **/
48 BOOLEAN
49 EFIAPI
50 RsaGetKey (
51 IN OUT VOID *RsaContext,
52 IN RSA_KEY_TAG KeyTag,
53 OUT UINT8 *BigNumber,
54 IN OUT UINTN *BnSize
55 )
56 {
57 RSA *RsaKey;
58 BIGNUM *BnKey;
59 UINTN Size;
60
61 //
62 // Check input parameters.
63 //
64 if ((RsaContext == NULL) || (BnSize == NULL)) {
65 return FALSE;
66 }
67
68 RsaKey = (RSA *)RsaContext;
69 Size = *BnSize;
70 *BnSize = 0;
71 BnKey = NULL;
72
73 switch (KeyTag) {
74 //
75 // RSA Public Modulus (N)
76 //
77 case RsaKeyN:
78 RSA_get0_key (RsaKey, (const BIGNUM **)&BnKey, NULL, NULL);
79 break;
80
81 //
82 // RSA Public Exponent (e)
83 //
84 case RsaKeyE:
85 RSA_get0_key (RsaKey, NULL, (const BIGNUM **)&BnKey, NULL);
86 break;
87
88 //
89 // RSA Private Exponent (d)
90 //
91 case RsaKeyD:
92 RSA_get0_key (RsaKey, NULL, NULL, (const BIGNUM **)&BnKey);
93 break;
94
95 //
96 // RSA Secret Prime Factor of Modulus (p)
97 //
98 case RsaKeyP:
99 RSA_get0_factors (RsaKey, (const BIGNUM **)&BnKey, NULL);
100 break;
101
102 //
103 // RSA Secret Prime Factor of Modules (q)
104 //
105 case RsaKeyQ:
106 RSA_get0_factors (RsaKey, NULL, (const BIGNUM **)&BnKey);
107 break;
108
109 //
110 // p's CRT Exponent (== d mod (p - 1))
111 //
112 case RsaKeyDp:
113 RSA_get0_crt_params (RsaKey, (const BIGNUM **)&BnKey, NULL, NULL);
114 break;
115
116 //
117 // q's CRT Exponent (== d mod (q - 1))
118 //
119 case RsaKeyDq:
120 RSA_get0_crt_params (RsaKey, NULL, (const BIGNUM **)&BnKey, NULL);
121 break;
122
123 //
124 // The CRT Coefficient (== 1/q mod p)
125 //
126 case RsaKeyQInv:
127 RSA_get0_crt_params (RsaKey, NULL, NULL, (const BIGNUM **)&BnKey);
128 break;
129
130 default:
131 return FALSE;
132 }
133
134 if (BnKey == NULL) {
135 return FALSE;
136 }
137
138 *BnSize = Size;
139 Size = BN_num_bytes (BnKey);
140
141 if (*BnSize < Size) {
142 *BnSize = Size;
143 return FALSE;
144 }
145
146 if (BigNumber == NULL) {
147 *BnSize = Size;
148 return TRUE;
149 }
150
151 *BnSize = BN_bn2bin (BnKey, BigNumber);
152
153 return TRUE;
154 }
155
156 /**
157 Generates RSA key components.
158
159 This function generates RSA key components. It takes RSA public exponent E and
160 length in bits of RSA modulus N as input, and generates all key components.
161 If PublicExponent is NULL, the default RSA public exponent (0x10001) will be used.
162
163 Before this function can be invoked, pseudorandom number generator must be correctly
164 initialized by RandomSeed().
165
166 If RsaContext is NULL, then return FALSE.
167
168 @param[in, out] RsaContext Pointer to RSA context being set.
169 @param[in] ModulusLength Length of RSA modulus N in bits.
170 @param[in] PublicExponent Pointer to RSA public exponent.
171 @param[in] PublicExponentSize Size of RSA public exponent buffer in bytes.
172
173 @retval TRUE RSA key component was generated successfully.
174 @retval FALSE Invalid RSA key component tag.
175
176 **/
177 BOOLEAN
178 EFIAPI
179 RsaGenerateKey (
180 IN OUT VOID *RsaContext,
181 IN UINTN ModulusLength,
182 IN CONST UINT8 *PublicExponent,
183 IN UINTN PublicExponentSize
184 )
185 {
186 BIGNUM *KeyE;
187 BOOLEAN RetVal;
188
189 //
190 // Check input parameters.
191 //
192 if ((RsaContext == NULL) || (ModulusLength > INT_MAX) || (PublicExponentSize > INT_MAX)) {
193 return FALSE;
194 }
195
196 KeyE = BN_new ();
197 if (KeyE == NULL) {
198 return FALSE;
199 }
200
201 RetVal = FALSE;
202
203 if (PublicExponent == NULL) {
204 if (BN_set_word (KeyE, 0x10001) == 0) {
205 goto _Exit;
206 }
207 } else {
208 if (BN_bin2bn (PublicExponent, (UINT32)PublicExponentSize, KeyE) == NULL) {
209 goto _Exit;
210 }
211 }
212
213 if (RSA_generate_key_ex ((RSA *)RsaContext, (UINT32)ModulusLength, KeyE, NULL) == 1) {
214 RetVal = TRUE;
215 }
216
217 _Exit:
218 BN_free (KeyE);
219 return RetVal;
220 }
221
222 /**
223 Validates key components of RSA context.
224 NOTE: This function performs integrity checks on all the RSA key material, so
225 the RSA key structure must contain all the private key data.
226
227 This function validates key components of RSA context in following aspects:
228 - Whether p is a prime
229 - Whether q is a prime
230 - Whether n = p * q
231 - Whether d*e = 1 mod lcm(p-1,q-1)
232
233 If RsaContext is NULL, then return FALSE.
234
235 @param[in] RsaContext Pointer to RSA context to check.
236
237 @retval TRUE RSA key components are valid.
238 @retval FALSE RSA key components are not valid.
239
240 **/
241 BOOLEAN
242 EFIAPI
243 RsaCheckKey (
244 IN VOID *RsaContext
245 )
246 {
247 UINTN Reason;
248
249 //
250 // Check input parameters.
251 //
252 if (RsaContext == NULL) {
253 return FALSE;
254 }
255
256 if (RSA_check_key ((RSA *)RsaContext) != 1) {
257 Reason = ERR_GET_REASON (ERR_peek_last_error ());
258 if ((Reason == RSA_R_P_NOT_PRIME) ||
259 (Reason == RSA_R_Q_NOT_PRIME) ||
260 (Reason == RSA_R_N_DOES_NOT_EQUAL_P_Q) ||
261 (Reason == RSA_R_D_E_NOT_CONGRUENT_TO_1))
262 {
263 return FALSE;
264 }
265 }
266
267 return TRUE;
268 }
269
270 /**
271 Carries out the RSA-SSA signature generation with EMSA-PKCS1-v1_5 encoding scheme.
272
273 This function carries out the RSA-SSA signature generation with EMSA-PKCS1-v1_5 encoding scheme defined in
274 RSA PKCS#1.
275 If the Signature buffer is too small to hold the contents of signature, FALSE
276 is returned and SigSize is set to the required buffer size to obtain the signature.
277
278 If RsaContext is NULL, then return FALSE.
279 If MessageHash is NULL, then return FALSE.
280 If HashSize is not equal to the size of MD5, SHA-1, SHA-256, SHA-384 or SHA-512 digest, then return FALSE.
281 If SigSize is large enough but Signature is NULL, then return FALSE.
282
283 @param[in] RsaContext Pointer to RSA context for signature generation.
284 @param[in] MessageHash Pointer to octet message hash to be signed.
285 @param[in] HashSize Size of the message hash in bytes.
286 @param[out] Signature Pointer to buffer to receive RSA PKCS1-v1_5 signature.
287 @param[in, out] SigSize On input, the size of Signature buffer in bytes.
288 On output, the size of data returned in Signature buffer in bytes.
289
290 @retval TRUE Signature successfully generated in PKCS1-v1_5.
291 @retval FALSE Signature generation failed.
292 @retval FALSE SigSize is too small.
293
294 **/
295 BOOLEAN
296 EFIAPI
297 RsaPkcs1Sign (
298 IN VOID *RsaContext,
299 IN CONST UINT8 *MessageHash,
300 IN UINTN HashSize,
301 OUT UINT8 *Signature,
302 IN OUT UINTN *SigSize
303 )
304 {
305 RSA *Rsa;
306 UINTN Size;
307 INT32 DigestType;
308
309 //
310 // Check input parameters.
311 //
312 if ((RsaContext == NULL) || (MessageHash == NULL)) {
313 return FALSE;
314 }
315
316 Rsa = (RSA *)RsaContext;
317 Size = RSA_size (Rsa);
318
319 if (*SigSize < Size) {
320 *SigSize = Size;
321 return FALSE;
322 }
323
324 if (Signature == NULL) {
325 return FALSE;
326 }
327
328 //
329 // Determine the message digest algorithm according to digest size.
330 // Only MD5, SHA-1, SHA-256, SHA-384 or SHA-512 algorithm is supported.
331 //
332 switch (HashSize) {
333 case MD5_DIGEST_SIZE:
334 DigestType = NID_md5;
335 break;
336
337 case SHA1_DIGEST_SIZE:
338 DigestType = NID_sha1;
339 break;
340
341 case SHA256_DIGEST_SIZE:
342 DigestType = NID_sha256;
343 break;
344
345 case SHA384_DIGEST_SIZE:
346 DigestType = NID_sha384;
347 break;
348
349 case SHA512_DIGEST_SIZE:
350 DigestType = NID_sha512;
351 break;
352
353 default:
354 return FALSE;
355 }
356
357 return (BOOLEAN)RSA_sign (
358 DigestType,
359 MessageHash,
360 (UINT32)HashSize,
361 Signature,
362 (UINT32 *)SigSize,
363 (RSA *)RsaContext
364 );
365 }
EFI Development Kit II mirror for PVE