CryptoPkg/Library/BaseCryptLib/Pk/CryptRsaPss.c

   1 /** @file
   2   RSA Asymmetric Cipher Wrapper Implementation over OpenSSL.
   3
   4   This file implements following APIs which provide basic capabilities for RSA:
   5   1) RsaPssVerify
   6
   7 Copyright (c) 2021, Intel Corporation. All rights reserved.<BR>
   8 SPDX-License-Identifier: BSD-2-Clause-Patent
   9
  10 **/
  11
  12 #include "InternalCryptLib.h"
  13
  14 #include <openssl/bn.h>
  15 #include <openssl/rsa.h>
  16 #include <openssl/objects.h>
  17 #include <openssl/evp.h>
  18
  19 /**
  20   Retrieve a pointer to EVP message digest object.
  21
  22   @param[in]  DigestLen   Length of the message digest.
  23
  24 **/
  25 STATIC
  26 const
  27 EVP_MD *
  28 GetEvpMD (
  29   IN UINT16  DigestLen
  30   )
  31 {
  32   switch (DigestLen) {
  33     case SHA256_DIGEST_SIZE:
  34       return EVP_sha256 ();
  35       break;
  36     case SHA384_DIGEST_SIZE:
  37       return EVP_sha384 ();
  38       break;
  39     case SHA512_DIGEST_SIZE:
  40       return EVP_sha512 ();
  41       break;
  42     default:
  43       return NULL;
  44   }
  45 }
  46
  47 /**
  48   Verifies the RSA signature with RSASSA-PSS signature scheme defined in RFC 8017.
  49   Implementation determines salt length automatically from the signature encoding.
  50   Mask generation function is the same as the message digest algorithm.
  51   Salt length should be equal to digest length.
  52
  53   @param[in]  RsaContext      Pointer to RSA context for signature verification.
  54   @param[in]  Message         Pointer to octet message to be verified.
  55   @param[in]  MsgSize         Size of the message in bytes.
  56   @param[in]  Signature       Pointer to RSASSA-PSS signature to be verified.
  57   @param[in]  SigSize         Size of signature in bytes.
  58   @param[in]  DigestLen       Length of digest for RSA operation.
  59   @param[in]  SaltLen         Salt length for PSS encoding.
  60
  61   @retval  TRUE   Valid signature encoded in RSASSA-PSS.
  62   @retval  FALSE  Invalid signature or invalid RSA context.
  63
  64 **/
  65 BOOLEAN
  66 EFIAPI
  67 RsaPssVerify (
  68   IN  VOID         *RsaContext,
  69   IN  CONST UINT8  *Message,
  70   IN  UINTN        MsgSize,
  71   IN  CONST UINT8  *Signature,
  72   IN  UINTN        SigSize,
  73   IN  UINT16       DigestLen,
  74   IN  UINT16       SaltLen
  75   )
  76 {
  77   BOOLEAN       Result;
  78   EVP_PKEY      *EvpRsaKey;
  79   EVP_MD_CTX    *EvpVerifyCtx;
  80   EVP_PKEY_CTX  *KeyCtx;
  81   CONST EVP_MD  *HashAlg;
  82
  83   Result       = FALSE;
  84   EvpRsaKey    = NULL;
  85   EvpVerifyCtx = NULL;
  86   KeyCtx       = NULL;
  87   HashAlg      = NULL;
  88
  89   if (RsaContext == NULL) {
  90     return FALSE;
  91   }
  92
  93   if ((Message == NULL) || (MsgSize == 0) || (MsgSize > INT_MAX)) {
  94     return FALSE;
  95   }
  96
  97   if ((Signature == NULL) || (SigSize == 0) || (SigSize > INT_MAX)) {
  98     return FALSE;
  99   }
 100
 101   if (SaltLen != DigestLen) {
 102     return FALSE;
 103   }
 104
 105   HashAlg = GetEvpMD (DigestLen);
 106
 107   if (HashAlg == NULL) {
 108     return FALSE;
 109   }
 110
 111   EvpRsaKey = EVP_PKEY_new ();
 112   if (EvpRsaKey == NULL) {
 113     goto _Exit;
 114   }
 115
 116   EVP_PKEY_set1_RSA (EvpRsaKey, RsaContext);
 117
 118   EvpVerifyCtx = EVP_MD_CTX_create ();
 119   if (EvpVerifyCtx == NULL) {
 120     goto _Exit;
 121   }
 122
 123   Result = EVP_DigestVerifyInit (EvpVerifyCtx, &KeyCtx, HashAlg, NULL, EvpRsaKey) > 0;
 124   if (KeyCtx == NULL) {
 125     goto _Exit;
 126   }
 127
 128   if (Result) {
 129     Result = EVP_PKEY_CTX_set_rsa_padding (KeyCtx, RSA_PKCS1_PSS_PADDING) > 0;
 130   }
 131
 132   if (Result) {
 133     Result = EVP_PKEY_CTX_set_rsa_pss_saltlen (KeyCtx, SaltLen) > 0;
 134   }
 135
 136   if (Result) {
 137     Result = EVP_PKEY_CTX_set_rsa_mgf1_md (KeyCtx, HashAlg) > 0;
 138   }
 139
 140   if (Result) {
 141     Result = EVP_DigestVerifyUpdate (EvpVerifyCtx, Message, (UINT32)MsgSize) > 0;
 142   }
 143
 144   if (Result) {
 145     Result = EVP_DigestVerifyFinal (EvpVerifyCtx, Signature, (UINT32)SigSize) > 0;
 146   }
 147
 148 _Exit:
 149   if (EvpRsaKey != NULL) {
 150     EVP_PKEY_free (EvpRsaKey);
 151   }
 152
 153   if (EvpVerifyCtx != NULL) {
 154     EVP_MD_CTX_destroy (EvpVerifyCtx);
 155   }
 156
 157   return Result;
 158 }