Annotation of embedaddon/strongswan/src/libstrongswan/plugins/wolfssl/wolfssl_rsa_public_key.c, revision 1.1.1.1
1.1 misho 1: /*
2: * Copyright (C) 2019 Sean Parkinson, wolfSSL Inc.
3: *
4: * Permission is hereby granted, free of charge, to any person obtaining a copy
5: * of this software and associated documentation files (the "Software"), to deal
6: * in the Software without restriction, including without limitation the rights
7: * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
8: * copies of the Software, and to permit persons to whom the Software is
9: * furnished to do so, subject to the following conditions:
10: *
11: * The above copyright notice and this permission notice shall be included in
12: * all copies or substantial portions of the Software.
13: *
14: * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
15: * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
16: * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
17: * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
18: * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
19: * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
20: * THE SOFTWARE.
21: */
22:
23: #include "wolfssl_common.h"
24:
25: #ifndef NO_RSA
26:
27: #include "wolfssl_rsa_public_key.h"
28: #include "wolfssl_util.h"
29:
30: #include <utils/debug.h>
31: #include <asn1/asn1.h>
32: #include <crypto/hashers/hasher.h>
33: #include <credentials/keys/signature_params.h>
34:
35: #include <wolfssl/wolfcrypt/rsa.h>
36: #include <wolfssl/wolfcrypt/asn.h>
37:
38: typedef struct private_wolfssl_rsa_public_key_t private_wolfssl_rsa_public_key_t;
39:
40: /**
41: * Private data
42: */
43: struct private_wolfssl_rsa_public_key_t {
44:
45: /**
46: * Public interface
47: */
48: wolfssl_rsa_public_key_t public;
49:
50: /**
51: * RSA key object from wolfSSL.
52: */
53: RsaKey rsa;
54:
55: /**
56: * Random number generator to use with RSA operations.
57: */
58: WC_RNG rng;
59:
60: /**
61: * Reference counter
62: */
63: refcount_t ref;
64: };
65:
66: /**
67: * Verify RSA signature
68: */
69: static bool verify_signature(private_wolfssl_rsa_public_key_t *this,
70: chunk_t data, chunk_t signature)
71: {
72: bool success = FALSE;
73: int len = wc_RsaEncryptSize(&this->rsa);
74: chunk_t padded;
75: u_char *p;
76:
77: if (signature.len > len)
78: {
79: signature = chunk_skip(signature, signature.len - len);
80: }
81:
82: padded = chunk_copy_pad(chunk_alloca(len), signature, 0x00);
83:
84: len = wc_RsaSSL_VerifyInline(padded.ptr, len, &p, &this->rsa);
85: if (len > 0)
86: {
87: success = chunk_equals_const(data, chunk_create(p, len));
88: }
89: return success;
90: }
91:
92: /**
93: * Verification of an EMSA PKCS1 signature described in PKCS#1
94: */
95: static bool verify_emsa_pkcs1_signature(private_wolfssl_rsa_public_key_t *this,
96: enum wc_HashType hash, chunk_t data,
97: chunk_t signature)
98: {
99: chunk_t dgst, digestInfo;
100: bool success = FALSE;
101: int len;
102:
103: if (wolfssl_hash_chunk(hash, data, &dgst))
104: {
105: digestInfo = chunk_alloc(MAX_DER_DIGEST_SZ);
106: len = wc_EncodeSignature(digestInfo.ptr, dgst.ptr, dgst.len,
107: wc_HashGetOID(hash));
108: if (len > 0)
109: {
110: digestInfo.len = len;
111: success = verify_signature(this, digestInfo, signature);
112: }
113: chunk_free(&digestInfo);
114: chunk_free(&dgst);
115: }
116: return success;
117: }
118:
119: #ifdef WC_RSA_PSS
120: /**
121: * Verification of an EMSA PSS signature described in PKCS#1
122: */
123: static bool verify_emsa_pss_signature(private_wolfssl_rsa_public_key_t *this,
124: rsa_pss_params_t *params, chunk_t data,
125: chunk_t signature)
126: {
127: chunk_t dgst, padded;
128: enum wc_HashType hash;
129: u_char *p;
130: int mgf, len = 0;
131: bool success = FALSE;
132:
133: if (!wolfssl_hash2type(params->hash, &hash))
134: {
135: return FALSE;
136: }
137: if (!wolfssl_hash2mgf1(params->mgf1_hash, &mgf))
138: {
139: return FALSE;
140: }
141: if (!wolfssl_hash_chunk(hash, data, &dgst))
142: {
143: return FALSE;
144: }
145: len = wc_RsaEncryptSize(&this->rsa);
146: if (signature.len > len)
147: {
148: signature = chunk_skip(signature, signature.len - len);
149: }
150: padded = chunk_copy_pad(chunk_alloca(len), signature, 0x00);
151:
152: len = wc_RsaPSS_VerifyInline_ex(padded.ptr, len, &p, hash, mgf,
153: params->salt_len, &this->rsa);
154: if (len > 0)
155: {
156: success = wc_RsaPSS_CheckPadding_ex(dgst.ptr, dgst.len, p, len, hash,
157: params->salt_len, mp_count_bits(&this->rsa.n)) == 0;
158: }
159: chunk_free(&dgst);
160: return success;
161: }
162: #endif
163:
164: METHOD(public_key_t, get_type, key_type_t,
165: private_wolfssl_rsa_public_key_t *this)
166: {
167: return KEY_RSA;
168: }
169:
170: METHOD(public_key_t, verify, bool,
171: private_wolfssl_rsa_public_key_t *this, signature_scheme_t scheme,
172: void *params, chunk_t data, chunk_t signature)
173: {
174: switch (scheme)
175: {
176: case SIGN_RSA_EMSA_PKCS1_NULL:
177: return verify_signature(this, data, signature);
178: case SIGN_RSA_EMSA_PKCS1_SHA2_224:
179: return verify_emsa_pkcs1_signature(this, WC_HASH_TYPE_SHA224, data,
180: signature);
181: case SIGN_RSA_EMSA_PKCS1_SHA2_256:
182: return verify_emsa_pkcs1_signature(this, WC_HASH_TYPE_SHA256, data,
183: signature);
184: case SIGN_RSA_EMSA_PKCS1_SHA2_384:
185: return verify_emsa_pkcs1_signature(this, WC_HASH_TYPE_SHA384, data,
186: signature);
187: case SIGN_RSA_EMSA_PKCS1_SHA2_512:
188: return verify_emsa_pkcs1_signature(this, WC_HASH_TYPE_SHA512, data,
189: signature);
190: case SIGN_RSA_EMSA_PKCS1_SHA1:
191: return verify_emsa_pkcs1_signature(this, WC_HASH_TYPE_SHA, data,
192: signature);
193: case SIGN_RSA_EMSA_PKCS1_MD5:
194: return verify_emsa_pkcs1_signature(this, WC_HASH_TYPE_MD5, data,
195: signature);
196: #ifdef WC_RSA_PSS
197: case SIGN_RSA_EMSA_PSS:
198: return verify_emsa_pss_signature(this, params, data, signature);
199: #endif
200: default:
201: DBG1(DBG_LIB, "signature scheme %N not supported via wolfssl",
202: signature_scheme_names, scheme);
203: return FALSE;
204: }
205: }
206:
207: METHOD(public_key_t, encrypt, bool,
208: private_wolfssl_rsa_public_key_t *this, encryption_scheme_t scheme,
209: chunk_t plain, chunk_t *crypto)
210: {
211: int padding, mgf, len;
212: enum wc_HashType hash;
213:
214: switch (scheme)
215: {
216: case ENCRYPT_RSA_PKCS1:
217: padding = WC_RSA_PKCSV15_PAD;
218: hash = WC_HASH_TYPE_NONE;
219: mgf = WC_MGF1NONE;
220: break;
221: #ifndef WC_NO_RSA_OAEP
222: #ifndef NO_SHA
223: case ENCRYPT_RSA_OAEP_SHA1:
224: padding = WC_RSA_OAEP_PAD;
225: hash = WC_HASH_TYPE_SHA;
226: mgf = WC_MGF1SHA1;
227: break;
228: #endif
229: #ifdef WOLFSSL_SHA224
230: case ENCRYPT_RSA_OAEP_SHA224:
231: padding = WC_RSA_OAEP_PAD;
232: hash = WC_HASH_TYPE_SHA224;
233: mgf = WC_MGF1SHA224;
234: break;
235: #endif
236: #ifndef NO_SHA256
237: case ENCRYPT_RSA_OAEP_SHA256:
238: padding = WC_RSA_OAEP_PAD;
239: hash = WC_HASH_TYPE_SHA256;
240: mgf = WC_MGF1SHA256;
241: break;
242: #endif
243: #ifdef WOLFSSL_SHA384
244: case ENCRYPT_RSA_OAEP_SHA384:
245: padding = WC_RSA_OAEP_PAD;
246: hash = WC_HASH_TYPE_SHA384;
247: mgf = WC_MGF1SHA384;
248: break;
249: #endif
250: #ifdef WOLFSSL_SHA512
251: case ENCRYPT_RSA_OAEP_SHA512:
252: padding = WC_RSA_OAEP_PAD;
253: hash = WC_HASH_TYPE_SHA512;
254: mgf = WC_MGF1SHA512;
255: break;
256: #endif
257: #endif
258: default:
259: DBG1(DBG_LIB, "decryption scheme %N not supported via wolfssl",
260: encryption_scheme_names, scheme);
261: return FALSE;
262: }
263: len = wc_RsaEncryptSize(&this->rsa);
264: *crypto = chunk_alloc(len);
265: len = wc_RsaPublicEncrypt_ex(plain.ptr, plain.len, crypto->ptr, len,
266: &this->rsa, &this->rng, padding, hash, mgf,
267: NULL, 0);
268: if (len < 0)
269: {
270: DBG1(DBG_LIB, "RSA encryption failed");
271: chunk_free(crypto);
272: return FALSE;
273: }
274: crypto->len = len;
275: return TRUE;
276: }
277:
278: METHOD(public_key_t, get_keysize, int,
279: private_wolfssl_rsa_public_key_t *this)
280: {
281: return wc_RsaEncryptSize(&this->rsa) * 8;
282: }
283:
284: /**
285: * Encode the given public key as ASN.1 DER with algorithm identifier
286: */
287: bool wolfssl_rsa_encode_public(RsaKey *rsa, chunk_t *encoding)
288: {
289: int len;
290:
291: len = wc_RsaEncryptSize(rsa) * 2 + 4 * MAX_SEQ_SZ + MAX_ALGO_SZ;
292: *encoding = chunk_alloc(len);
293: len = wc_RsaKeyToPublicDer(rsa, encoding->ptr, len);
294: if (len < 0)
295: {
296: chunk_free(encoding);
297: return FALSE;
298: }
299: encoding->len = len;
300: return TRUE;
301: }
302:
303: /**
304: * Calculate fingerprint from a RSA key, also used in rsa private key.
305: */
306: bool wolfssl_rsa_fingerprint(RsaKey *rsa, cred_encoding_type_t type,
307: chunk_t *fp)
308: {
309: hasher_t *hasher;
310: chunk_t key;
311: bool success = FALSE;
312:
313: if (lib->encoding->get_cache(lib->encoding, type, rsa, fp))
314: {
315: return TRUE;
316: }
317: switch (type)
318: {
319: case KEYID_PUBKEY_SHA1:
320: {
321: chunk_t n = chunk_empty, e = chunk_empty;
322:
323: if (wolfssl_mp2chunk(&rsa->n, &n) &&
324: wolfssl_mp2chunk(&rsa->e, &e))
325: {
326: key = asn1_wrap(ASN1_SEQUENCE, "mm",
327: asn1_integer("m", n),
328: asn1_integer("m", e));
329: }
330: else
331: {
332: chunk_free(&n);
333: chunk_free(&e);
334: return FALSE;
335: }
336: break;
337: }
338: case KEYID_PUBKEY_INFO_SHA1:
339: if (!wolfssl_rsa_encode_public(rsa, &key))
340: {
341: return FALSE;
342: }
343: break;
344: default:
345: return FALSE;
346: }
347:
348: hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1);
349: if (!hasher || !hasher->allocate_hash(hasher, key, fp))
350: {
351: DBG1(DBG_LIB, "SHA1 not supported, fingerprinting failed");
352: }
353: else
354: {
355: lib->encoding->cache(lib->encoding, type, rsa, *fp);
356: success = TRUE;
357: }
358: DESTROY_IF(hasher);
359: chunk_free(&key);
360: return success;
361: }
362:
363: METHOD(public_key_t, get_fingerprint, bool,
364: private_wolfssl_rsa_public_key_t *this, cred_encoding_type_t type,
365: chunk_t *fingerprint)
366: {
367: return wolfssl_rsa_fingerprint(&this->rsa, type, fingerprint);
368: }
369:
370: METHOD(public_key_t, get_encoding, bool,
371: private_wolfssl_rsa_public_key_t *this, cred_encoding_type_t type,
372: chunk_t *encoding)
373: {
374: chunk_t n = chunk_empty, e = chunk_empty;
375: bool success = FALSE;
376:
377: if (type == PUBKEY_SPKI_ASN1_DER)
378: {
379: return wolfssl_rsa_encode_public(&this->rsa, encoding);
380: }
381:
382: if (wolfssl_mp2chunk(&this->rsa.n, &n) &&
383: wolfssl_mp2chunk(&this->rsa.e, &e))
384: {
385: success = lib->encoding->encode(lib->encoding, type, NULL, encoding,
386: CRED_PART_RSA_MODULUS, n,
387: CRED_PART_RSA_PUB_EXP, e, CRED_PART_END);
388: }
389: chunk_free(&n);
390: chunk_free(&e);
391: return success;
392: }
393:
394: METHOD(public_key_t, get_ref, public_key_t*,
395: private_wolfssl_rsa_public_key_t *this)
396: {
397: ref_get(&this->ref);
398: return &this->public.key;
399: }
400:
401: METHOD(public_key_t, destroy, void,
402: private_wolfssl_rsa_public_key_t *this)
403: {
404: if (ref_put(&this->ref))
405: {
406: lib->encoding->clear_cache(lib->encoding, &this->rsa);
407: wc_FreeRsaKey(&this->rsa);
408: wc_FreeRng(&this->rng);
409: free(this);
410: }
411: }
412:
413: /**
414: * Generic private constructor
415: */
416: static private_wolfssl_rsa_public_key_t *create_empty()
417: {
418: private_wolfssl_rsa_public_key_t *this;
419:
420: INIT(this,
421: .public = {
422: .key = {
423: .get_type = _get_type,
424: .verify = _verify,
425: .encrypt = _encrypt,
426: .equals = public_key_equals,
427: .get_keysize = _get_keysize,
428: .get_fingerprint = _get_fingerprint,
429: .has_fingerprint = public_key_has_fingerprint,
430: .get_encoding = _get_encoding,
431: .get_ref = _get_ref,
432: .destroy = _destroy,
433: },
434: },
435: .ref = 1,
436: );
437:
438: if (wc_InitRng(&this->rng) != 0)
439: {
440: DBG1(DBG_LIB, "init RNG failed, rsa public key load failed");
441: free(this);
442: return NULL;
443: }
444: if (wc_InitRsaKey(&this->rsa, NULL) != 0)
445: {
446: DBG1(DBG_LIB, "init RSA failed, rsa public key load failed");
447: wc_FreeRng(&this->rng);
448: free(this);
449: return NULL;
450: }
451: return this;
452: }
453:
454: /*
455: * Described in header
456: */
457: wolfssl_rsa_public_key_t *wolfssl_rsa_public_key_load(key_type_t type,
458: va_list args)
459: {
460: private_wolfssl_rsa_public_key_t *this;
461: chunk_t blob, n, e;
462: word32 idx;
463:
464: n = e = blob = chunk_empty;
465: while (TRUE)
466: {
467: switch (va_arg(args, builder_part_t))
468: {
469: case BUILD_BLOB_ASN1_DER:
470: blob = va_arg(args, chunk_t);
471: continue;
472: case BUILD_RSA_MODULUS:
473: n = va_arg(args, chunk_t);
474: continue;
475: case BUILD_RSA_PUB_EXP:
476: e = va_arg(args, chunk_t);
477: continue;
478: case BUILD_END:
479: break;
480: default:
481: return NULL;
482: }
483: break;
484: }
485:
486: this = create_empty();
487: if (!this)
488: {
489: return NULL;
490: }
491:
492: if (blob.ptr)
493: {
494: switch (type)
495: {
496: case KEY_ANY:
497: case KEY_RSA:
498: idx = 0;
499: if (wc_RsaPublicKeyDecode(blob.ptr, &idx, &this->rsa,
500: blob.len) != 0)
501: {
502: destroy(this);
503: return NULL;
504: }
505: break;
506: default:
507: destroy(this);
508: return NULL;
509: }
510: return &this->public;
511: }
512: else if (n.ptr && e.ptr && type == KEY_RSA)
513: {
514: if (wc_RsaPublicKeyDecodeRaw(n.ptr, n.len, e.ptr, e.len,
515: &this->rsa) != 0)
516: {
517: destroy(this);
518: return NULL;
519: }
520: return &this->public;
521: }
522: destroy(this);
523: return NULL;
524: }
525:
526: #endif /* NO_RSA */
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>