Annotation of embedaddon/strongswan/src/libstrongswan/plugins/wolfssl/wolfssl_rsa_public_key.c, revision 1.1
1.1 ! misho 1: /*
! 2: * Copyright (C) 2019 Sean Parkinson, wolfSSL Inc.
! 3: *
! 4: * Permission is hereby granted, free of charge, to any person obtaining a copy
! 5: * of this software and associated documentation files (the "Software"), to deal
! 6: * in the Software without restriction, including without limitation the rights
! 7: * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
! 8: * copies of the Software, and to permit persons to whom the Software is
! 9: * furnished to do so, subject to the following conditions:
! 10: *
! 11: * The above copyright notice and this permission notice shall be included in
! 12: * all copies or substantial portions of the Software.
! 13: *
! 14: * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
! 15: * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
! 16: * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
! 17: * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
! 18: * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
! 19: * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
! 20: * THE SOFTWARE.
! 21: */
! 22:
! 23: #include "wolfssl_common.h"
! 24:
! 25: #ifndef NO_RSA
! 26:
! 27: #include "wolfssl_rsa_public_key.h"
! 28: #include "wolfssl_util.h"
! 29:
! 30: #include <utils/debug.h>
! 31: #include <asn1/asn1.h>
! 32: #include <crypto/hashers/hasher.h>
! 33: #include <credentials/keys/signature_params.h>
! 34:
! 35: #include <wolfssl/wolfcrypt/rsa.h>
! 36: #include <wolfssl/wolfcrypt/asn.h>
! 37:
! 38: typedef struct private_wolfssl_rsa_public_key_t private_wolfssl_rsa_public_key_t;
! 39:
! 40: /**
! 41: * Private data
! 42: */
! 43: struct private_wolfssl_rsa_public_key_t {
! 44:
! 45: /**
! 46: * Public interface
! 47: */
! 48: wolfssl_rsa_public_key_t public;
! 49:
! 50: /**
! 51: * RSA key object from wolfSSL.
! 52: */
! 53: RsaKey rsa;
! 54:
! 55: /**
! 56: * Random number generator to use with RSA operations.
! 57: */
! 58: WC_RNG rng;
! 59:
! 60: /**
! 61: * Reference counter
! 62: */
! 63: refcount_t ref;
! 64: };
! 65:
! 66: /**
! 67: * Verify RSA signature
! 68: */
! 69: static bool verify_signature(private_wolfssl_rsa_public_key_t *this,
! 70: chunk_t data, chunk_t signature)
! 71: {
! 72: bool success = FALSE;
! 73: int len = wc_RsaEncryptSize(&this->rsa);
! 74: chunk_t padded;
! 75: u_char *p;
! 76:
! 77: if (signature.len > len)
! 78: {
! 79: signature = chunk_skip(signature, signature.len - len);
! 80: }
! 81:
! 82: padded = chunk_copy_pad(chunk_alloca(len), signature, 0x00);
! 83:
! 84: len = wc_RsaSSL_VerifyInline(padded.ptr, len, &p, &this->rsa);
! 85: if (len > 0)
! 86: {
! 87: success = chunk_equals_const(data, chunk_create(p, len));
! 88: }
! 89: return success;
! 90: }
! 91:
! 92: /**
! 93: * Verification of an EMSA PKCS1 signature described in PKCS#1
! 94: */
! 95: static bool verify_emsa_pkcs1_signature(private_wolfssl_rsa_public_key_t *this,
! 96: enum wc_HashType hash, chunk_t data,
! 97: chunk_t signature)
! 98: {
! 99: chunk_t dgst, digestInfo;
! 100: bool success = FALSE;
! 101: int len;
! 102:
! 103: if (wolfssl_hash_chunk(hash, data, &dgst))
! 104: {
! 105: digestInfo = chunk_alloc(MAX_DER_DIGEST_SZ);
! 106: len = wc_EncodeSignature(digestInfo.ptr, dgst.ptr, dgst.len,
! 107: wc_HashGetOID(hash));
! 108: if (len > 0)
! 109: {
! 110: digestInfo.len = len;
! 111: success = verify_signature(this, digestInfo, signature);
! 112: }
! 113: chunk_free(&digestInfo);
! 114: chunk_free(&dgst);
! 115: }
! 116: return success;
! 117: }
! 118:
! 119: #ifdef WC_RSA_PSS
! 120: /**
! 121: * Verification of an EMSA PSS signature described in PKCS#1
! 122: */
! 123: static bool verify_emsa_pss_signature(private_wolfssl_rsa_public_key_t *this,
! 124: rsa_pss_params_t *params, chunk_t data,
! 125: chunk_t signature)
! 126: {
! 127: chunk_t dgst, padded;
! 128: enum wc_HashType hash;
! 129: u_char *p;
! 130: int mgf, len = 0;
! 131: bool success = FALSE;
! 132:
! 133: if (!wolfssl_hash2type(params->hash, &hash))
! 134: {
! 135: return FALSE;
! 136: }
! 137: if (!wolfssl_hash2mgf1(params->mgf1_hash, &mgf))
! 138: {
! 139: return FALSE;
! 140: }
! 141: if (!wolfssl_hash_chunk(hash, data, &dgst))
! 142: {
! 143: return FALSE;
! 144: }
! 145: len = wc_RsaEncryptSize(&this->rsa);
! 146: if (signature.len > len)
! 147: {
! 148: signature = chunk_skip(signature, signature.len - len);
! 149: }
! 150: padded = chunk_copy_pad(chunk_alloca(len), signature, 0x00);
! 151:
! 152: len = wc_RsaPSS_VerifyInline_ex(padded.ptr, len, &p, hash, mgf,
! 153: params->salt_len, &this->rsa);
! 154: if (len > 0)
! 155: {
! 156: success = wc_RsaPSS_CheckPadding_ex(dgst.ptr, dgst.len, p, len, hash,
! 157: params->salt_len, mp_count_bits(&this->rsa.n)) == 0;
! 158: }
! 159: chunk_free(&dgst);
! 160: return success;
! 161: }
! 162: #endif
! 163:
! 164: METHOD(public_key_t, get_type, key_type_t,
! 165: private_wolfssl_rsa_public_key_t *this)
! 166: {
! 167: return KEY_RSA;
! 168: }
! 169:
! 170: METHOD(public_key_t, verify, bool,
! 171: private_wolfssl_rsa_public_key_t *this, signature_scheme_t scheme,
! 172: void *params, chunk_t data, chunk_t signature)
! 173: {
! 174: switch (scheme)
! 175: {
! 176: case SIGN_RSA_EMSA_PKCS1_NULL:
! 177: return verify_signature(this, data, signature);
! 178: case SIGN_RSA_EMSA_PKCS1_SHA2_224:
! 179: return verify_emsa_pkcs1_signature(this, WC_HASH_TYPE_SHA224, data,
! 180: signature);
! 181: case SIGN_RSA_EMSA_PKCS1_SHA2_256:
! 182: return verify_emsa_pkcs1_signature(this, WC_HASH_TYPE_SHA256, data,
! 183: signature);
! 184: case SIGN_RSA_EMSA_PKCS1_SHA2_384:
! 185: return verify_emsa_pkcs1_signature(this, WC_HASH_TYPE_SHA384, data,
! 186: signature);
! 187: case SIGN_RSA_EMSA_PKCS1_SHA2_512:
! 188: return verify_emsa_pkcs1_signature(this, WC_HASH_TYPE_SHA512, data,
! 189: signature);
! 190: case SIGN_RSA_EMSA_PKCS1_SHA1:
! 191: return verify_emsa_pkcs1_signature(this, WC_HASH_TYPE_SHA, data,
! 192: signature);
! 193: case SIGN_RSA_EMSA_PKCS1_MD5:
! 194: return verify_emsa_pkcs1_signature(this, WC_HASH_TYPE_MD5, data,
! 195: signature);
! 196: #ifdef WC_RSA_PSS
! 197: case SIGN_RSA_EMSA_PSS:
! 198: return verify_emsa_pss_signature(this, params, data, signature);
! 199: #endif
! 200: default:
! 201: DBG1(DBG_LIB, "signature scheme %N not supported via wolfssl",
! 202: signature_scheme_names, scheme);
! 203: return FALSE;
! 204: }
! 205: }
! 206:
! 207: METHOD(public_key_t, encrypt, bool,
! 208: private_wolfssl_rsa_public_key_t *this, encryption_scheme_t scheme,
! 209: chunk_t plain, chunk_t *crypto)
! 210: {
! 211: int padding, mgf, len;
! 212: enum wc_HashType hash;
! 213:
! 214: switch (scheme)
! 215: {
! 216: case ENCRYPT_RSA_PKCS1:
! 217: padding = WC_RSA_PKCSV15_PAD;
! 218: hash = WC_HASH_TYPE_NONE;
! 219: mgf = WC_MGF1NONE;
! 220: break;
! 221: #ifndef WC_NO_RSA_OAEP
! 222: #ifndef NO_SHA
! 223: case ENCRYPT_RSA_OAEP_SHA1:
! 224: padding = WC_RSA_OAEP_PAD;
! 225: hash = WC_HASH_TYPE_SHA;
! 226: mgf = WC_MGF1SHA1;
! 227: break;
! 228: #endif
! 229: #ifdef WOLFSSL_SHA224
! 230: case ENCRYPT_RSA_OAEP_SHA224:
! 231: padding = WC_RSA_OAEP_PAD;
! 232: hash = WC_HASH_TYPE_SHA224;
! 233: mgf = WC_MGF1SHA224;
! 234: break;
! 235: #endif
! 236: #ifndef NO_SHA256
! 237: case ENCRYPT_RSA_OAEP_SHA256:
! 238: padding = WC_RSA_OAEP_PAD;
! 239: hash = WC_HASH_TYPE_SHA256;
! 240: mgf = WC_MGF1SHA256;
! 241: break;
! 242: #endif
! 243: #ifdef WOLFSSL_SHA384
! 244: case ENCRYPT_RSA_OAEP_SHA384:
! 245: padding = WC_RSA_OAEP_PAD;
! 246: hash = WC_HASH_TYPE_SHA384;
! 247: mgf = WC_MGF1SHA384;
! 248: break;
! 249: #endif
! 250: #ifdef WOLFSSL_SHA512
! 251: case ENCRYPT_RSA_OAEP_SHA512:
! 252: padding = WC_RSA_OAEP_PAD;
! 253: hash = WC_HASH_TYPE_SHA512;
! 254: mgf = WC_MGF1SHA512;
! 255: break;
! 256: #endif
! 257: #endif
! 258: default:
! 259: DBG1(DBG_LIB, "decryption scheme %N not supported via wolfssl",
! 260: encryption_scheme_names, scheme);
! 261: return FALSE;
! 262: }
! 263: len = wc_RsaEncryptSize(&this->rsa);
! 264: *crypto = chunk_alloc(len);
! 265: len = wc_RsaPublicEncrypt_ex(plain.ptr, plain.len, crypto->ptr, len,
! 266: &this->rsa, &this->rng, padding, hash, mgf,
! 267: NULL, 0);
! 268: if (len < 0)
! 269: {
! 270: DBG1(DBG_LIB, "RSA encryption failed");
! 271: chunk_free(crypto);
! 272: return FALSE;
! 273: }
! 274: crypto->len = len;
! 275: return TRUE;
! 276: }
! 277:
! 278: METHOD(public_key_t, get_keysize, int,
! 279: private_wolfssl_rsa_public_key_t *this)
! 280: {
! 281: return wc_RsaEncryptSize(&this->rsa) * 8;
! 282: }
! 283:
! 284: /**
! 285: * Encode the given public key as ASN.1 DER with algorithm identifier
! 286: */
! 287: bool wolfssl_rsa_encode_public(RsaKey *rsa, chunk_t *encoding)
! 288: {
! 289: int len;
! 290:
! 291: len = wc_RsaEncryptSize(rsa) * 2 + 4 * MAX_SEQ_SZ + MAX_ALGO_SZ;
! 292: *encoding = chunk_alloc(len);
! 293: len = wc_RsaKeyToPublicDer(rsa, encoding->ptr, len);
! 294: if (len < 0)
! 295: {
! 296: chunk_free(encoding);
! 297: return FALSE;
! 298: }
! 299: encoding->len = len;
! 300: return TRUE;
! 301: }
! 302:
! 303: /**
! 304: * Calculate fingerprint from a RSA key, also used in rsa private key.
! 305: */
! 306: bool wolfssl_rsa_fingerprint(RsaKey *rsa, cred_encoding_type_t type,
! 307: chunk_t *fp)
! 308: {
! 309: hasher_t *hasher;
! 310: chunk_t key;
! 311: bool success = FALSE;
! 312:
! 313: if (lib->encoding->get_cache(lib->encoding, type, rsa, fp))
! 314: {
! 315: return TRUE;
! 316: }
! 317: switch (type)
! 318: {
! 319: case KEYID_PUBKEY_SHA1:
! 320: {
! 321: chunk_t n = chunk_empty, e = chunk_empty;
! 322:
! 323: if (wolfssl_mp2chunk(&rsa->n, &n) &&
! 324: wolfssl_mp2chunk(&rsa->e, &e))
! 325: {
! 326: key = asn1_wrap(ASN1_SEQUENCE, "mm",
! 327: asn1_integer("m", n),
! 328: asn1_integer("m", e));
! 329: }
! 330: else
! 331: {
! 332: chunk_free(&n);
! 333: chunk_free(&e);
! 334: return FALSE;
! 335: }
! 336: break;
! 337: }
! 338: case KEYID_PUBKEY_INFO_SHA1:
! 339: if (!wolfssl_rsa_encode_public(rsa, &key))
! 340: {
! 341: return FALSE;
! 342: }
! 343: break;
! 344: default:
! 345: return FALSE;
! 346: }
! 347:
! 348: hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1);
! 349: if (!hasher || !hasher->allocate_hash(hasher, key, fp))
! 350: {
! 351: DBG1(DBG_LIB, "SHA1 not supported, fingerprinting failed");
! 352: }
! 353: else
! 354: {
! 355: lib->encoding->cache(lib->encoding, type, rsa, *fp);
! 356: success = TRUE;
! 357: }
! 358: DESTROY_IF(hasher);
! 359: chunk_free(&key);
! 360: return success;
! 361: }
! 362:
! 363: METHOD(public_key_t, get_fingerprint, bool,
! 364: private_wolfssl_rsa_public_key_t *this, cred_encoding_type_t type,
! 365: chunk_t *fingerprint)
! 366: {
! 367: return wolfssl_rsa_fingerprint(&this->rsa, type, fingerprint);
! 368: }
! 369:
! 370: METHOD(public_key_t, get_encoding, bool,
! 371: private_wolfssl_rsa_public_key_t *this, cred_encoding_type_t type,
! 372: chunk_t *encoding)
! 373: {
! 374: chunk_t n = chunk_empty, e = chunk_empty;
! 375: bool success = FALSE;
! 376:
! 377: if (type == PUBKEY_SPKI_ASN1_DER)
! 378: {
! 379: return wolfssl_rsa_encode_public(&this->rsa, encoding);
! 380: }
! 381:
! 382: if (wolfssl_mp2chunk(&this->rsa.n, &n) &&
! 383: wolfssl_mp2chunk(&this->rsa.e, &e))
! 384: {
! 385: success = lib->encoding->encode(lib->encoding, type, NULL, encoding,
! 386: CRED_PART_RSA_MODULUS, n,
! 387: CRED_PART_RSA_PUB_EXP, e, CRED_PART_END);
! 388: }
! 389: chunk_free(&n);
! 390: chunk_free(&e);
! 391: return success;
! 392: }
! 393:
! 394: METHOD(public_key_t, get_ref, public_key_t*,
! 395: private_wolfssl_rsa_public_key_t *this)
! 396: {
! 397: ref_get(&this->ref);
! 398: return &this->public.key;
! 399: }
! 400:
! 401: METHOD(public_key_t, destroy, void,
! 402: private_wolfssl_rsa_public_key_t *this)
! 403: {
! 404: if (ref_put(&this->ref))
! 405: {
! 406: lib->encoding->clear_cache(lib->encoding, &this->rsa);
! 407: wc_FreeRsaKey(&this->rsa);
! 408: wc_FreeRng(&this->rng);
! 409: free(this);
! 410: }
! 411: }
! 412:
! 413: /**
! 414: * Generic private constructor
! 415: */
! 416: static private_wolfssl_rsa_public_key_t *create_empty()
! 417: {
! 418: private_wolfssl_rsa_public_key_t *this;
! 419:
! 420: INIT(this,
! 421: .public = {
! 422: .key = {
! 423: .get_type = _get_type,
! 424: .verify = _verify,
! 425: .encrypt = _encrypt,
! 426: .equals = public_key_equals,
! 427: .get_keysize = _get_keysize,
! 428: .get_fingerprint = _get_fingerprint,
! 429: .has_fingerprint = public_key_has_fingerprint,
! 430: .get_encoding = _get_encoding,
! 431: .get_ref = _get_ref,
! 432: .destroy = _destroy,
! 433: },
! 434: },
! 435: .ref = 1,
! 436: );
! 437:
! 438: if (wc_InitRng(&this->rng) != 0)
! 439: {
! 440: DBG1(DBG_LIB, "init RNG failed, rsa public key load failed");
! 441: free(this);
! 442: return NULL;
! 443: }
! 444: if (wc_InitRsaKey(&this->rsa, NULL) != 0)
! 445: {
! 446: DBG1(DBG_LIB, "init RSA failed, rsa public key load failed");
! 447: wc_FreeRng(&this->rng);
! 448: free(this);
! 449: return NULL;
! 450: }
! 451: return this;
! 452: }
! 453:
! 454: /*
! 455: * Described in header
! 456: */
! 457: wolfssl_rsa_public_key_t *wolfssl_rsa_public_key_load(key_type_t type,
! 458: va_list args)
! 459: {
! 460: private_wolfssl_rsa_public_key_t *this;
! 461: chunk_t blob, n, e;
! 462: word32 idx;
! 463:
! 464: n = e = blob = chunk_empty;
! 465: while (TRUE)
! 466: {
! 467: switch (va_arg(args, builder_part_t))
! 468: {
! 469: case BUILD_BLOB_ASN1_DER:
! 470: blob = va_arg(args, chunk_t);
! 471: continue;
! 472: case BUILD_RSA_MODULUS:
! 473: n = va_arg(args, chunk_t);
! 474: continue;
! 475: case BUILD_RSA_PUB_EXP:
! 476: e = va_arg(args, chunk_t);
! 477: continue;
! 478: case BUILD_END:
! 479: break;
! 480: default:
! 481: return NULL;
! 482: }
! 483: break;
! 484: }
! 485:
! 486: this = create_empty();
! 487: if (!this)
! 488: {
! 489: return NULL;
! 490: }
! 491:
! 492: if (blob.ptr)
! 493: {
! 494: switch (type)
! 495: {
! 496: case KEY_ANY:
! 497: case KEY_RSA:
! 498: idx = 0;
! 499: if (wc_RsaPublicKeyDecode(blob.ptr, &idx, &this->rsa,
! 500: blob.len) != 0)
! 501: {
! 502: destroy(this);
! 503: return NULL;
! 504: }
! 505: break;
! 506: default:
! 507: destroy(this);
! 508: return NULL;
! 509: }
! 510: return &this->public;
! 511: }
! 512: else if (n.ptr && e.ptr && type == KEY_RSA)
! 513: {
! 514: if (wc_RsaPublicKeyDecodeRaw(n.ptr, n.len, e.ptr, e.len,
! 515: &this->rsa) != 0)
! 516: {
! 517: destroy(this);
! 518: return NULL;
! 519: }
! 520: return &this->public;
! 521: }
! 522: destroy(this);
! 523: return NULL;
! 524: }
! 525:
! 526: #endif /* NO_RSA */
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>