The openssl API RSA_public_decrypt() and RSA_private_encrypt() are deprecated, use...
[mirror_edk2.git] / CryptoPkg / Library / BaseCryptLib / Pk / CryptRsaExt.c
1 /** @file
2 RSA Asymmetric Cipher Wrapper Implementation over OpenSSL.
3
4 This file implements following APIs which provide more capabilities for RSA:
5 1) RsaGetKey
6 2) RsaGenerateKey
7 3) RsaCheckKey
8 4) RsaPkcs1Sign
9
10 Copyright (c) 2009 - 2013, Intel Corporation. All rights reserved.<BR>
11 This program and the accompanying materials
12 are licensed and made available under the terms and conditions of the BSD License
13 which accompanies this distribution. The full text of the license may be found at
14 http://opensource.org/licenses/bsd-license.php
15
16 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
17 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
18
19 **/
20
21 #include "InternalCryptLib.h"
22
23 #include <openssl/rsa.h>
24 #include <openssl/err.h>
25 #include <openssl/objects.h>
26
27 /**
28 Gets the tag-designated RSA key component from the established RSA context.
29
30 This function retrieves the tag-designated RSA key component from the
31 established RSA context as a non-negative integer (octet string format
32 represented in RSA PKCS#1).
33 If specified key component has not been set or has been cleared, then returned
34 BnSize is set to 0.
35 If the BigNumber buffer is too small to hold the contents of the key, FALSE
36 is returned and BnSize is set to the required buffer size to obtain the key.
37
38 If RsaContext is NULL, then return FALSE.
39 If BnSize is NULL, then return FALSE.
40 If BnSize is large enough but BigNumber is NULL, then return FALSE.
41
42 @param[in, out] RsaContext Pointer to RSA context being set.
43 @param[in] KeyTag Tag of RSA key component being set.
44 @param[out] BigNumber Pointer to octet integer buffer.
45 @param[in, out] BnSize On input, the size of big number buffer in bytes.
46 On output, the size of data returned in big number buffer in bytes.
47
48 @retval TRUE RSA key component was retrieved successfully.
49 @retval FALSE Invalid RSA key component tag.
50 @retval FALSE BnSize is too small.
51
52 **/
53 BOOLEAN
54 EFIAPI
55 RsaGetKey (
56 IN OUT VOID *RsaContext,
57 IN RSA_KEY_TAG KeyTag,
58 OUT UINT8 *BigNumber,
59 IN OUT UINTN *BnSize
60 )
61 {
62 RSA *RsaKey;
63 BIGNUM *BnKey;
64 UINTN Size;
65
66 //
67 // Check input parameters.
68 //
69 if (RsaContext == NULL || BnSize == NULL) {
70 return FALSE;
71 }
72
73 RsaKey = (RSA *) RsaContext;
74 Size = *BnSize;
75 *BnSize = 0;
76
77 switch (KeyTag) {
78
79 //
80 // RSA Public Modulus (N)
81 //
82 case RsaKeyN:
83 if (RsaKey->n == NULL) {
84 return TRUE;
85 }
86 BnKey = RsaKey->n;
87 break;
88
89 //
90 // RSA Public Exponent (e)
91 //
92 case RsaKeyE:
93 if (RsaKey->e == NULL) {
94 return TRUE;
95 }
96 BnKey = RsaKey->e;
97 break;
98
99 //
100 // RSA Private Exponent (d)
101 //
102 case RsaKeyD:
103 if (RsaKey->d == NULL) {
104 return TRUE;
105 }
106 BnKey = RsaKey->d;
107 break;
108
109 //
110 // RSA Secret Prime Factor of Modulus (p)
111 //
112 case RsaKeyP:
113 if (RsaKey->p == NULL) {
114 return TRUE;
115 }
116 BnKey = RsaKey->p;
117 break;
118
119 //
120 // RSA Secret Prime Factor of Modules (q)
121 //
122 case RsaKeyQ:
123 if (RsaKey->q == NULL) {
124 return TRUE;
125 }
126 BnKey = RsaKey->q;
127 break;
128
129 //
130 // p's CRT Exponent (== d mod (p - 1))
131 //
132 case RsaKeyDp:
133 if (RsaKey->dmp1 == NULL) {
134 return TRUE;
135 }
136 BnKey = RsaKey->dmp1;
137 break;
138
139 //
140 // q's CRT Exponent (== d mod (q - 1))
141 //
142 case RsaKeyDq:
143 if (RsaKey->dmq1 == NULL) {
144 return TRUE;
145 }
146 BnKey = RsaKey->dmq1;
147 break;
148
149 //
150 // The CRT Coefficient (== 1/q mod p)
151 //
152 case RsaKeyQInv:
153 if (RsaKey->iqmp == NULL) {
154 return TRUE;
155 }
156 BnKey = RsaKey->iqmp;
157 break;
158
159 default:
160 return FALSE;
161 }
162
163 *BnSize = Size;
164 Size = BN_num_bytes (BnKey);
165
166 if (*BnSize < Size) {
167 *BnSize = Size;
168 return FALSE;
169 }
170
171 if (BigNumber == NULL) {
172 return FALSE;
173 }
174 *BnSize = BN_bn2bin (BnKey, BigNumber) ;
175
176 return TRUE;
177 }
178
179 /**
180 Generates RSA key components.
181
182 This function generates RSA key components. It takes RSA public exponent E and
183 length in bits of RSA modulus N as input, and generates all key components.
184 If PublicExponent is NULL, the default RSA public exponent (0x10001) will be used.
185
186 Before this function can be invoked, pseudorandom number generator must be correctly
187 initialized by RandomSeed().
188
189 If RsaContext is NULL, then return FALSE.
190
191 @param[in, out] RsaContext Pointer to RSA context being set.
192 @param[in] ModulusLength Length of RSA modulus N in bits.
193 @param[in] PublicExponent Pointer to RSA public exponent.
194 @param[in] PublicExponentSize Size of RSA public exponent buffer in bytes.
195
196 @retval TRUE RSA key component was generated successfully.
197 @retval FALSE Invalid RSA key component tag.
198
199 **/
200 BOOLEAN
201 EFIAPI
202 RsaGenerateKey (
203 IN OUT VOID *RsaContext,
204 IN UINTN ModulusLength,
205 IN CONST UINT8 *PublicExponent,
206 IN UINTN PublicExponentSize
207 )
208 {
209 BIGNUM *KeyE;
210 BOOLEAN RetVal;
211
212 //
213 // Check input parameters.
214 //
215 if (RsaContext == NULL || ModulusLength > INT_MAX || PublicExponentSize > INT_MAX) {
216 return FALSE;
217 }
218
219 KeyE = BN_new ();
220 if (KeyE == NULL) {
221 return FALSE;
222 }
223
224 RetVal = FALSE;
225
226 if (PublicExponent == NULL) {
227 if (BN_set_word (KeyE, 0x10001) == 0) {
228 goto _Exit;
229 }
230 } else {
231 if (BN_bin2bn (PublicExponent, (UINT32) PublicExponentSize, KeyE) == NULL) {
232 goto _Exit;
233 }
234 }
235
236 if (RSA_generate_key_ex ((RSA *) RsaContext, (UINT32) ModulusLength, KeyE, NULL) == 1) {
237 RetVal = TRUE;
238 }
239
240 _Exit:
241 BN_free (KeyE);
242 return RetVal;
243 }
244
245 /**
246 Validates key components of RSA context.
247
248 This function validates key compoents of RSA context in following aspects:
249 - Whether p is a prime
250 - Whether q is a prime
251 - Whether n = p * q
252 - Whether d*e = 1 mod lcm(p-1,q-1)
253
254 If RsaContext is NULL, then return FALSE.
255
256 @param[in] RsaContext Pointer to RSA context to check.
257
258 @retval TRUE RSA key components are valid.
259 @retval FALSE RSA key components are not valid.
260
261 **/
262 BOOLEAN
263 EFIAPI
264 RsaCheckKey (
265 IN VOID *RsaContext
266 )
267 {
268 UINTN Reason;
269
270 //
271 // Check input parameters.
272 //
273 if (RsaContext == NULL) {
274 return FALSE;
275 }
276
277 if (RSA_check_key ((RSA *) RsaContext) != 1) {
278 Reason = ERR_GET_REASON (ERR_peek_last_error ());
279 if (Reason == RSA_R_P_NOT_PRIME ||
280 Reason == RSA_R_Q_NOT_PRIME ||
281 Reason == RSA_R_N_DOES_NOT_EQUAL_P_Q ||
282 Reason == RSA_R_D_E_NOT_CONGRUENT_TO_1) {
283 return FALSE;
284 }
285 }
286
287 return TRUE;
288 }
289
290 /**
291 Carries out the RSA-SSA signature generation with EMSA-PKCS1-v1_5 encoding scheme.
292
293 This function carries out the RSA-SSA signature generation with EMSA-PKCS1-v1_5 encoding scheme defined in
294 RSA PKCS#1.
295 If the Signature buffer is too small to hold the contents of signature, FALSE
296 is returned and SigSize is set to the required buffer size to obtain the signature.
297
298 If RsaContext is NULL, then return FALSE.
299 If MessageHash is NULL, then return FALSE.
300 If HashSize is not equal to the size of MD5, SHA-1 or SHA-256 digest, then return FALSE.
301 If SigSize is large enough but Signature is NULL, then return FALSE.
302
303 @param[in] RsaContext Pointer to RSA context for signature generation.
304 @param[in] MessageHash Pointer to octet message hash to be signed.
305 @param[in] HashSize Size of the message hash in bytes.
306 @param[out] Signature Pointer to buffer to receive RSA PKCS1-v1_5 signature.
307 @param[in, out] SigSize On input, the size of Signature buffer in bytes.
308 On output, the size of data returned in Signature buffer in bytes.
309
310 @retval TRUE Signature successfully generated in PKCS1-v1_5.
311 @retval FALSE Signature generation failed.
312 @retval FALSE SigSize is too small.
313
314 **/
315 BOOLEAN
316 EFIAPI
317 RsaPkcs1Sign (
318 IN VOID *RsaContext,
319 IN CONST UINT8 *MessageHash,
320 IN UINTN HashSize,
321 OUT UINT8 *Signature,
322 IN OUT UINTN *SigSize
323 )
324 {
325 RSA *Rsa;
326 UINTN Size;
327 INT32 DigestType;
328
329 //
330 // Check input parameters.
331 //
332 if (RsaContext == NULL || MessageHash == NULL) {
333 return FALSE;
334 }
335
336 Rsa = (RSA *) RsaContext;
337 Size = BN_num_bytes (Rsa->n);
338
339 if (*SigSize < Size) {
340 *SigSize = Size;
341 return FALSE;
342 }
343
344 if (Signature == NULL) {
345 return FALSE;
346 }
347
348 //
349 // Determine the message digest algorithm according to digest size.
350 // Only MD5, SHA-1 or SHA-256 algorithm is supported.
351 //
352 switch (HashSize) {
353 case MD5_DIGEST_SIZE:
354 DigestType = NID_md5;
355 break;
356
357 case SHA1_DIGEST_SIZE:
358 DigestType = NID_sha1;
359 break;
360
361 case SHA256_DIGEST_SIZE:
362 DigestType = NID_sha256;
363 break;
364
365 default:
366 return FALSE;
367 }
368
369 return (BOOLEAN) RSA_sign (
370 DigestType,
371 MessageHash,
372 (UINT32) HashSize,
373 Signature,
374 (UINT32 *) SigSize,
375 (RSA *) RsaContext
376 );
377 }