2012-07-18 11:32:05 +02:00
|
|
|
/** @file
|
|
|
|
RSA Asymmetric Cipher Wrapper Implementation over OpenSSL.
|
|
|
|
|
|
|
|
This file implements following APIs which provide basic capabilities for RSA:
|
|
|
|
1) RsaNew
|
|
|
|
2) RsaFree
|
|
|
|
3) RsaSetKey
|
|
|
|
4) RsaPkcs1Verify
|
|
|
|
|
2013-04-23 03:52:17 +02:00
|
|
|
Copyright (c) 2009 - 2013, Intel Corporation. All rights reserved.<BR>
|
2012-07-18 11:32:05 +02:00
|
|
|
This program and the accompanying materials
|
|
|
|
are licensed and made available under the terms and conditions of the BSD License
|
|
|
|
which accompanies this distribution. The full text of the license may be found at
|
|
|
|
http://opensource.org/licenses/bsd-license.php
|
|
|
|
|
|
|
|
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
|
|
|
|
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
|
|
|
|
|
|
|
|
**/
|
|
|
|
|
|
|
|
#include "InternalCryptLib.h"
|
|
|
|
|
|
|
|
#include <openssl/rsa.h>
|
2013-04-23 03:52:17 +02:00
|
|
|
#include <openssl/objects.h>
|
2012-07-18 11:32:05 +02:00
|
|
|
|
|
|
|
/**
|
|
|
|
Allocates and initializes one RSA context for subsequent use.
|
|
|
|
|
|
|
|
@return Pointer to the RSA context that has been initialized.
|
|
|
|
If the allocations fails, RsaNew() returns NULL.
|
|
|
|
|
|
|
|
**/
|
|
|
|
VOID *
|
|
|
|
EFIAPI
|
|
|
|
RsaNew (
|
|
|
|
VOID
|
|
|
|
)
|
|
|
|
{
|
|
|
|
//
|
|
|
|
// Allocates & Initializes RSA Context by OpenSSL RSA_new()
|
|
|
|
//
|
2012-07-27 09:49:42 +02:00
|
|
|
return (VOID *) RSA_new ();
|
2012-07-18 11:32:05 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
Release the specified RSA context.
|
|
|
|
|
|
|
|
@param[in] RsaContext Pointer to the RSA context to be released.
|
|
|
|
|
|
|
|
**/
|
|
|
|
VOID
|
|
|
|
EFIAPI
|
|
|
|
RsaFree (
|
|
|
|
IN VOID *RsaContext
|
|
|
|
)
|
|
|
|
{
|
|
|
|
//
|
|
|
|
// Free OpenSSL RSA Context
|
|
|
|
//
|
2012-07-27 09:49:42 +02:00
|
|
|
RSA_free ((RSA *) RsaContext);
|
2012-07-18 11:32:05 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
Sets the tag-designated key component into the established RSA context.
|
|
|
|
|
|
|
|
This function sets the tag-designated RSA key component into the established
|
|
|
|
RSA context from the user-specified non-negative integer (octet string format
|
|
|
|
represented in RSA PKCS#1).
|
|
|
|
If BigNumber is NULL, then the specified key componenet in RSA context is cleared.
|
|
|
|
|
|
|
|
If RsaContext is NULL, then return FALSE.
|
|
|
|
|
|
|
|
@param[in, out] RsaContext Pointer to RSA context being set.
|
|
|
|
@param[in] KeyTag Tag of RSA key component being set.
|
|
|
|
@param[in] BigNumber Pointer to octet integer buffer.
|
|
|
|
If NULL, then the specified key componenet in RSA
|
|
|
|
context is cleared.
|
|
|
|
@param[in] BnSize Size of big number buffer in bytes.
|
|
|
|
If BigNumber is NULL, then it is ignored.
|
|
|
|
|
|
|
|
@retval TRUE RSA key component was set successfully.
|
|
|
|
@retval FALSE Invalid RSA key component tag.
|
|
|
|
|
|
|
|
**/
|
|
|
|
BOOLEAN
|
|
|
|
EFIAPI
|
|
|
|
RsaSetKey (
|
|
|
|
IN OUT VOID *RsaContext,
|
|
|
|
IN RSA_KEY_TAG KeyTag,
|
|
|
|
IN CONST UINT8 *BigNumber,
|
|
|
|
IN UINTN BnSize
|
|
|
|
)
|
|
|
|
{
|
|
|
|
RSA *RsaKey;
|
|
|
|
|
|
|
|
//
|
|
|
|
// Check input parameters.
|
|
|
|
//
|
2012-08-02 04:49:24 +02:00
|
|
|
if (RsaContext == NULL || BnSize > INT_MAX) {
|
2012-07-18 11:32:05 +02:00
|
|
|
return FALSE;
|
|
|
|
}
|
|
|
|
|
2012-07-27 09:49:42 +02:00
|
|
|
RsaKey = (RSA *) RsaContext;
|
2012-07-18 11:32:05 +02:00
|
|
|
//
|
|
|
|
// Set RSA Key Components by converting octet string to OpenSSL BN representation.
|
|
|
|
// NOTE: For RSA public key (used in signature verification), only public components
|
|
|
|
// (N, e) are needed.
|
|
|
|
//
|
|
|
|
switch (KeyTag) {
|
|
|
|
|
|
|
|
//
|
|
|
|
// RSA Public Modulus (N)
|
|
|
|
//
|
|
|
|
case RsaKeyN:
|
|
|
|
if (RsaKey->n != NULL) {
|
|
|
|
BN_free (RsaKey->n);
|
|
|
|
}
|
|
|
|
RsaKey->n = NULL;
|
|
|
|
if (BigNumber == NULL) {
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
RsaKey->n = BN_bin2bn (BigNumber, (UINT32) BnSize, RsaKey->n);
|
2012-08-02 04:49:24 +02:00
|
|
|
if (RsaKey->n == NULL) {
|
|
|
|
return FALSE;
|
|
|
|
}
|
|
|
|
|
2012-07-18 11:32:05 +02:00
|
|
|
break;
|
|
|
|
|
|
|
|
//
|
|
|
|
// RSA Public Exponent (e)
|
|
|
|
//
|
|
|
|
case RsaKeyE:
|
|
|
|
if (RsaKey->e != NULL) {
|
|
|
|
BN_free (RsaKey->e);
|
|
|
|
}
|
|
|
|
RsaKey->e = NULL;
|
|
|
|
if (BigNumber == NULL) {
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
RsaKey->e = BN_bin2bn (BigNumber, (UINT32) BnSize, RsaKey->e);
|
2012-08-02 04:49:24 +02:00
|
|
|
if (RsaKey->e == NULL) {
|
|
|
|
return FALSE;
|
|
|
|
}
|
|
|
|
|
2012-07-18 11:32:05 +02:00
|
|
|
break;
|
|
|
|
|
|
|
|
//
|
|
|
|
// RSA Private Exponent (d)
|
|
|
|
//
|
|
|
|
case RsaKeyD:
|
|
|
|
if (RsaKey->d != NULL) {
|
|
|
|
BN_free (RsaKey->d);
|
|
|
|
}
|
|
|
|
RsaKey->d = NULL;
|
|
|
|
if (BigNumber == NULL) {
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
RsaKey->d = BN_bin2bn (BigNumber, (UINT32) BnSize, RsaKey->d);
|
2012-08-02 04:49:24 +02:00
|
|
|
if (RsaKey->d == NULL) {
|
|
|
|
return FALSE;
|
|
|
|
}
|
|
|
|
|
2012-07-18 11:32:05 +02:00
|
|
|
break;
|
|
|
|
|
|
|
|
//
|
|
|
|
// RSA Secret Prime Factor of Modulus (p)
|
|
|
|
//
|
|
|
|
case RsaKeyP:
|
|
|
|
if (RsaKey->p != NULL) {
|
|
|
|
BN_free (RsaKey->p);
|
|
|
|
}
|
|
|
|
RsaKey->p = NULL;
|
|
|
|
if (BigNumber == NULL) {
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
RsaKey->p = BN_bin2bn (BigNumber, (UINT32) BnSize, RsaKey->p);
|
2012-08-02 04:49:24 +02:00
|
|
|
if (RsaKey->p == NULL) {
|
|
|
|
return FALSE;
|
|
|
|
}
|
|
|
|
|
2012-07-18 11:32:05 +02:00
|
|
|
break;
|
|
|
|
|
|
|
|
//
|
|
|
|
// RSA Secret Prime Factor of Modules (q)
|
|
|
|
//
|
|
|
|
case RsaKeyQ:
|
|
|
|
if (RsaKey->q != NULL) {
|
|
|
|
BN_free (RsaKey->q);
|
|
|
|
}
|
|
|
|
RsaKey->q = NULL;
|
|
|
|
if (BigNumber == NULL) {
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
RsaKey->q = BN_bin2bn (BigNumber, (UINT32) BnSize, RsaKey->q);
|
2012-08-02 04:49:24 +02:00
|
|
|
if (RsaKey->q == NULL) {
|
|
|
|
return FALSE;
|
|
|
|
}
|
|
|
|
|
2012-07-18 11:32:05 +02:00
|
|
|
break;
|
|
|
|
|
|
|
|
//
|
|
|
|
// p's CRT Exponent (== d mod (p - 1))
|
|
|
|
//
|
|
|
|
case RsaKeyDp:
|
|
|
|
if (RsaKey->dmp1 != NULL) {
|
|
|
|
BN_free (RsaKey->dmp1);
|
|
|
|
}
|
|
|
|
RsaKey->dmp1 = NULL;
|
|
|
|
if (BigNumber == NULL) {
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
RsaKey->dmp1 = BN_bin2bn (BigNumber, (UINT32) BnSize, RsaKey->dmp1);
|
2012-08-02 04:49:24 +02:00
|
|
|
if (RsaKey->dmp1 == NULL) {
|
|
|
|
return FALSE;
|
|
|
|
}
|
|
|
|
|
2012-07-18 11:32:05 +02:00
|
|
|
break;
|
|
|
|
|
|
|
|
//
|
|
|
|
// q's CRT Exponent (== d mod (q - 1))
|
|
|
|
//
|
|
|
|
case RsaKeyDq:
|
|
|
|
if (RsaKey->dmq1 != NULL) {
|
|
|
|
BN_free (RsaKey->dmq1);
|
|
|
|
}
|
|
|
|
RsaKey->dmq1 = NULL;
|
|
|
|
if (BigNumber == NULL) {
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
RsaKey->dmq1 = BN_bin2bn (BigNumber, (UINT32) BnSize, RsaKey->dmq1);
|
2012-08-02 04:49:24 +02:00
|
|
|
if (RsaKey->dmq1 == NULL) {
|
|
|
|
return FALSE;
|
|
|
|
}
|
|
|
|
|
2012-07-18 11:32:05 +02:00
|
|
|
break;
|
|
|
|
|
|
|
|
//
|
|
|
|
// The CRT Coefficient (== 1/q mod p)
|
|
|
|
//
|
|
|
|
case RsaKeyQInv:
|
|
|
|
if (RsaKey->iqmp != NULL) {
|
|
|
|
BN_free (RsaKey->iqmp);
|
|
|
|
}
|
|
|
|
RsaKey->iqmp = NULL;
|
|
|
|
if (BigNumber == NULL) {
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
RsaKey->iqmp = BN_bin2bn (BigNumber, (UINT32) BnSize, RsaKey->iqmp);
|
2012-08-02 04:49:24 +02:00
|
|
|
if (RsaKey->iqmp == NULL) {
|
|
|
|
return FALSE;
|
|
|
|
}
|
|
|
|
|
2012-07-18 11:32:05 +02:00
|
|
|
break;
|
|
|
|
|
|
|
|
default:
|
|
|
|
return FALSE;
|
|
|
|
}
|
|
|
|
|
|
|
|
return TRUE;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
Verifies the RSA-SSA signature with EMSA-PKCS1-v1_5 encoding scheme defined in
|
|
|
|
RSA PKCS#1.
|
|
|
|
|
|
|
|
If RsaContext is NULL, then return FALSE.
|
|
|
|
If MessageHash is NULL, then return FALSE.
|
|
|
|
If Signature is NULL, then return FALSE.
|
|
|
|
If HashSize is not equal to the size of MD5, SHA-1 or SHA-256 digest, then return FALSE.
|
|
|
|
|
|
|
|
@param[in] RsaContext Pointer to RSA context for signature verification.
|
|
|
|
@param[in] MessageHash Pointer to octet message hash to be checked.
|
|
|
|
@param[in] HashSize Size of the message hash in bytes.
|
|
|
|
@param[in] Signature Pointer to RSA PKCS1-v1_5 signature to be verified.
|
|
|
|
@param[in] SigSize Size of signature in bytes.
|
|
|
|
|
|
|
|
@retval TRUE Valid signature encoded in PKCS1-v1_5.
|
|
|
|
@retval FALSE Invalid signature or invalid RSA context.
|
|
|
|
|
|
|
|
**/
|
|
|
|
BOOLEAN
|
|
|
|
EFIAPI
|
|
|
|
RsaPkcs1Verify (
|
|
|
|
IN VOID *RsaContext,
|
|
|
|
IN CONST UINT8 *MessageHash,
|
|
|
|
IN UINTN HashSize,
|
2012-11-22 06:07:22 +01:00
|
|
|
IN CONST UINT8 *Signature,
|
2012-07-18 11:32:05 +02:00
|
|
|
IN UINTN SigSize
|
|
|
|
)
|
|
|
|
{
|
2013-04-23 03:52:17 +02:00
|
|
|
INT32 DigestType;
|
|
|
|
UINT8 *SigBuf;
|
2012-07-18 11:32:05 +02:00
|
|
|
|
|
|
|
//
|
|
|
|
// Check input parameters.
|
|
|
|
//
|
2012-11-22 06:07:22 +01:00
|
|
|
if (RsaContext == NULL || MessageHash == NULL || Signature == NULL) {
|
2012-07-18 11:32:05 +02:00
|
|
|
return FALSE;
|
|
|
|
}
|
|
|
|
|
2012-11-22 06:07:22 +01:00
|
|
|
if (SigSize > INT_MAX || SigSize == 0) {
|
|
|
|
return FALSE;
|
|
|
|
}
|
|
|
|
|
2012-07-18 11:32:05 +02:00
|
|
|
//
|
2013-04-23 03:52:17 +02:00
|
|
|
// Determine the message digest algorithm according to digest size.
|
|
|
|
// Only MD5, SHA-1 or SHA-256 algorithm is supported.
|
2012-07-18 11:32:05 +02:00
|
|
|
//
|
2013-04-23 03:52:17 +02:00
|
|
|
switch (HashSize) {
|
|
|
|
case MD5_DIGEST_SIZE:
|
|
|
|
DigestType = NID_md5;
|
|
|
|
break;
|
|
|
|
|
|
|
|
case SHA1_DIGEST_SIZE:
|
|
|
|
DigestType = NID_sha1;
|
|
|
|
break;
|
|
|
|
|
|
|
|
case SHA256_DIGEST_SIZE:
|
|
|
|
DigestType = NID_sha256;
|
|
|
|
break;
|
2012-07-18 11:32:05 +02:00
|
|
|
|
2013-04-23 03:52:17 +02:00
|
|
|
default:
|
2012-07-18 11:32:05 +02:00
|
|
|
return FALSE;
|
|
|
|
}
|
|
|
|
|
2013-04-23 03:52:17 +02:00
|
|
|
SigBuf = (UINT8 *) Signature;
|
|
|
|
return (BOOLEAN) RSA_verify (
|
|
|
|
DigestType,
|
|
|
|
MessageHash,
|
|
|
|
(UINT32) HashSize,
|
|
|
|
SigBuf,
|
|
|
|
(UINT32) SigSize,
|
|
|
|
(RSA *) RsaContext
|
|
|
|
);
|
2012-07-18 11:32:05 +02:00
|
|
|
}
|