TianoCore EDK2 master
Loading...
Searching...
No Matches
CryptRsaExt.c
Go to the documentation of this file.
1
17#include "InternalCryptLib.h"
18#include <mbedtls/rsa.h>
19
46BOOLEAN
47EFIAPI
48RsaGetKey (
49 IN OUT VOID *RsaContext,
50 IN RSA_KEY_TAG KeyTag,
51 OUT UINT8 *BigNumber,
52 IN OUT UINTN *BnSize
53 )
54{
55 mbedtls_rsa_context *RsaKey;
56 INT32 Ret;
57 mbedtls_mpi Value;
58 UINTN Size;
59
60 //
61 // Check input parameters.
62 //
63 if ((RsaContext == NULL) || (*BnSize > INT_MAX)) {
64 return FALSE;
65 }
66
67 //
68 // Init mbedtls_mpi
69 //
70 mbedtls_mpi_init (&Value);
71 Size = *BnSize;
72 *BnSize = 0;
73
74 RsaKey = (mbedtls_rsa_context *)RsaContext;
75
76 switch (KeyTag) {
77 case RsaKeyN:
78 Ret = mbedtls_rsa_export (RsaKey, &Value, NULL, NULL, NULL, NULL);
79 break;
80 case RsaKeyE:
81 Ret = mbedtls_rsa_export (RsaKey, NULL, NULL, NULL, NULL, &Value);
82 break;
83 case RsaKeyD:
84 Ret = mbedtls_rsa_export (RsaKey, NULL, NULL, NULL, &Value, NULL);
85 break;
86 case RsaKeyQ:
87 Ret = mbedtls_rsa_export (RsaKey, NULL, NULL, &Value, NULL, NULL);
88 break;
89 case RsaKeyP:
90 Ret = mbedtls_rsa_export (RsaKey, NULL, &Value, NULL, NULL, NULL);
91 break;
92 case RsaKeyDp:
93 case RsaKeyDq:
94 case RsaKeyQInv:
95 default:
96 Ret = -1;
97 break;
98 }
99
100 if (Ret != 0) {
101 goto End;
102 }
103
104 if (mbedtls_mpi_size (&Value) == 0) {
105 Ret = 0;
106 goto End;
107 }
108
109 *BnSize = Size;
110
111 Size = mbedtls_mpi_size (&Value);
112 if (*BnSize < Size) {
113 Ret = 1;
114 *BnSize = Size;
115 goto End;
116 }
117
118 if (BigNumber == NULL) {
119 Ret = 0;
120 *BnSize = Size;
121 goto End;
122 }
123
124 if ((BigNumber != NULL) && (Ret == 0)) {
125 Ret = mbedtls_mpi_write_binary (&Value, BigNumber, Size);
126 *BnSize = Size;
127 }
128
129End:
130 mbedtls_mpi_free (&Value);
131 return Ret == 0;
132}
133
155BOOLEAN
156EFIAPI
157RsaGenerateKey (
158 IN OUT VOID *RsaContext,
159 IN UINTN ModulusLength,
160 IN CONST UINT8 *PublicExponent,
161 IN UINTN PublicExponentSize
162 )
163{
164 INT32 Ret;
165 mbedtls_rsa_context *Rsa;
166 INT32 Pe;
167
168 //
169 // Check input parameters.
170 //
171 if ((RsaContext == NULL) || (ModulusLength > INT_MAX) || (PublicExponentSize > INT_MAX)) {
172 return FALSE;
173 }
174
175 Rsa = (mbedtls_rsa_context *)RsaContext;
176
177 if (PublicExponent == NULL) {
178 Pe = 0x10001;
179 } else {
180 if (PublicExponentSize == 0) {
181 return FALSE;
182 }
183
184 switch (PublicExponentSize) {
185 case 1:
186 Pe = PublicExponent[0];
187 break;
188 case 2:
189 Pe = PublicExponent[0] << 8 | PublicExponent[1];
190 break;
191 case 3:
192 Pe = PublicExponent[0] << 16 | PublicExponent[1] << 8 |
193 PublicExponent[2];
194 break;
195 case 4:
196 Pe = PublicExponent[0] << 24 | PublicExponent[1] << 16 |
197 PublicExponent[2] << 8 | PublicExponent[3];
198 break;
199 default:
200 return FALSE;
201 }
202 }
203
204 Ret = mbedtls_rsa_gen_key (
205 Rsa,
206 MbedtlsRand,
207 NULL,
208 (UINT32)ModulusLength,
209 Pe
210 );
211
212 return Ret == 0;
213}
214
234BOOLEAN
235EFIAPI
236RsaCheckKey (
237 IN VOID *RsaContext
238 )
239{
240 if (RsaContext == NULL) {
241 return FALSE;
242 }
243
244 UINT32 Ret;
245
246 Ret = mbedtls_rsa_complete (RsaContext);
247 if (Ret == 0) {
248 Ret = mbedtls_rsa_check_privkey (RsaContext);
249 }
250
251 return Ret == 0;
252}
253
279BOOLEAN
280EFIAPI
281RsaPkcs1Sign (
282 IN VOID *RsaContext,
283 IN CONST UINT8 *MessageHash,
284 IN UINTN HashSize,
285 OUT UINT8 *Signature,
286 IN OUT UINTN *SigSize
287 )
288{
289 INT32 Ret;
290 mbedtls_md_type_t MdAlg;
291
292 if ((RsaContext == NULL) || (MessageHash == NULL)) {
293 return FALSE;
294 }
295
296 if (mbedtls_rsa_complete ((mbedtls_rsa_context *)RsaContext) != 0) {
297 return FALSE;
298 }
299
300 switch (HashSize) {
301 #ifndef DISABLE_SHA1_DEPRECATED_INTERFACES
302 case SHA1_DIGEST_SIZE:
303 MdAlg = MBEDTLS_MD_SHA1;
304 break;
305 #endif
306
307 case SHA256_DIGEST_SIZE:
308 MdAlg = MBEDTLS_MD_SHA256;
309 break;
310
311 case SHA384_DIGEST_SIZE:
312 MdAlg = MBEDTLS_MD_SHA384;
313 break;
314
315 case SHA512_DIGEST_SIZE:
316 MdAlg = MBEDTLS_MD_SHA512;
317 break;
318
319 default:
320 return FALSE;
321 }
322
323 if (mbedtls_rsa_get_len (RsaContext) > *SigSize) {
324 *SigSize = mbedtls_rsa_get_len (RsaContext);
325 return FALSE;
326 }
327
328 if (Signature == NULL) {
329 return FALSE;
330 }
331
332 Ret = mbedtls_rsa_set_padding (RsaContext, MBEDTLS_RSA_PKCS_V15, MdAlg);
333 if (Ret != 0) {
334 return FALSE;
335 }
336
337 Ret = mbedtls_rsa_pkcs1_sign (
338 RsaContext,
339 MbedtlsRand,
340 NULL,
341 MdAlg,
342 (UINT32)HashSize,
343 MessageHash,
344 Signature
345 );
346 if (Ret != 0) {
347 return FALSE;
348 }
349
350 *SigSize = mbedtls_rsa_get_len (RsaContext);
351 return TRUE;
352}
UINTN
UINT64 UINTN
Definition: ProcessorBind.h:112
RSA_KEY_TAG
RSA_KEY_TAG
Definition: BaseCryptLib.h:74
RsaKeyDq
@ RsaKeyDq
q's CRT exponent (== d mod (q - 1))
Definition: BaseCryptLib.h:81
RsaKeyD
@ RsaKeyD
RSA Private exponent (d)
Definition: BaseCryptLib.h:77
RsaKeyDp
@ RsaKeyDp
p's CRT exponent (== d mod (p - 1))
Definition: BaseCryptLib.h:80
RsaKeyP
@ RsaKeyP
RSA secret prime factor of Modulus (p)
Definition: BaseCryptLib.h:78
RsaKeyN
@ RsaKeyN
RSA public Modulus (N)
Definition: BaseCryptLib.h:75
RsaKeyQ
@ RsaKeyQ
RSA secret prime factor of Modules (q)
Definition: BaseCryptLib.h:79
RsaKeyQInv
@ RsaKeyQInv
The CRT coefficient (== 1/q mod p)
Definition: BaseCryptLib.h:82
RsaKeyE
@ RsaKeyE
RSA Public exponent (e)
Definition: BaseCryptLib.h:76
SHA1_DIGEST_SIZE
#define SHA1_DIGEST_SIZE
Definition: BaseCryptLib.h:39
SHA512_DIGEST_SIZE
#define SHA512_DIGEST_SIZE
Definition: BaseCryptLib.h:54
SHA256_DIGEST_SIZE
#define SHA256_DIGEST_SIZE
Definition: BaseCryptLib.h:44
SHA384_DIGEST_SIZE
#define SHA384_DIGEST_SIZE
Definition: BaseCryptLib.h:49
MbedtlsRand
INT32 MbedtlsRand(VOID *RngState, UINT8 *Output, UINTN Len)
Definition: CryptRand.c:103
NULL
#define NULL
Definition: Base.h:319
CONST
#define CONST
Definition: Base.h:259
TRUE
#define TRUE
Definition: Base.h:301
FALSE
#define FALSE
Definition: Base.h:307
IN
#define IN
Definition: Base.h:279
OUT
#define OUT
Definition: Base.h:284
RsaCheckKey
BOOLEAN EFIAPI RsaCheckKey(IN VOID *RsaContext)
Definition: CryptRsaExt.c:243
RsaGetKey
BOOLEAN EFIAPI RsaGetKey(IN OUT VOID *RsaContext, IN RSA_KEY_TAG KeyTag, OUT UINT8 *BigNumber, IN OUT UINTN *BnSize)
Definition: CryptRsaExt.c:50
RsaGenerateKey
BOOLEAN EFIAPI RsaGenerateKey(IN OUT VOID *RsaContext, IN UINTN ModulusLength, IN CONST UINT8 *PublicExponent, IN UINTN PublicExponentSize)
Definition: CryptRsaExt.c:179
RsaPkcs1Sign
BOOLEAN EFIAPI RsaPkcs1Sign(IN VOID *RsaContext, IN CONST UINT8 *MessageHash, IN UINTN HashSize, OUT UINT8 *Signature, IN OUT UINTN *SigSize)
Definition: CryptRsaExt.c:297