Return to wolfssl_rsa_public_key.c CVS log | Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / src / libstrongswan / plugins / wolfssl |
1.1 misho 1: /* 2: * Copyright (C) 2019 Sean Parkinson, wolfSSL Inc. 3: * 4: * Permission is hereby granted, free of charge, to any person obtaining a copy 5: * of this software and associated documentation files (the "Software"), to deal 6: * in the Software without restriction, including without limitation the rights 7: * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 8: * copies of the Software, and to permit persons to whom the Software is 9: * furnished to do so, subject to the following conditions: 10: * 11: * The above copyright notice and this permission notice shall be included in 12: * all copies or substantial portions of the Software. 13: * 14: * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 15: * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 16: * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 17: * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 18: * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 19: * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 20: * THE SOFTWARE. 21: */ 22: 23: #include "wolfssl_common.h" 24: 25: #ifndef NO_RSA 26: 27: #include "wolfssl_rsa_public_key.h" 28: #include "wolfssl_util.h" 29: 30: #include <utils/debug.h> 31: #include <asn1/asn1.h> 32: #include <crypto/hashers/hasher.h> 33: #include <credentials/keys/signature_params.h> 34: 35: #include <wolfssl/wolfcrypt/rsa.h> 36: #include <wolfssl/wolfcrypt/asn.h> 37: 38: typedef struct private_wolfssl_rsa_public_key_t private_wolfssl_rsa_public_key_t; 39: 40: /** 41: * Private data 42: */ 43: struct private_wolfssl_rsa_public_key_t { 44: 45: /** 46: * Public interface 47: */ 48: wolfssl_rsa_public_key_t public; 49: 50: /** 51: * RSA key object from wolfSSL. 52: */ 53: RsaKey rsa; 54: 55: /** 56: * Random number generator to use with RSA operations. 57: */ 58: WC_RNG rng; 59: 60: /** 61: * Reference counter 62: */ 63: refcount_t ref; 64: }; 65: 66: /** 67: * Verify RSA signature 68: */ 69: static bool verify_signature(private_wolfssl_rsa_public_key_t *this, 70: chunk_t data, chunk_t signature) 71: { 72: bool success = FALSE; 73: int len = wc_RsaEncryptSize(&this->rsa); 74: chunk_t padded; 75: u_char *p; 76: 77: if (signature.len > len) 78: { 79: signature = chunk_skip(signature, signature.len - len); 80: } 81: 82: padded = chunk_copy_pad(chunk_alloca(len), signature, 0x00); 83: 84: len = wc_RsaSSL_VerifyInline(padded.ptr, len, &p, &this->rsa); 85: if (len > 0) 86: { 87: success = chunk_equals_const(data, chunk_create(p, len)); 88: } 89: return success; 90: } 91: 92: /** 93: * Verification of an EMSA PKCS1 signature described in PKCS#1 94: */ 95: static bool verify_emsa_pkcs1_signature(private_wolfssl_rsa_public_key_t *this, 96: enum wc_HashType hash, chunk_t data, 97: chunk_t signature) 98: { 99: chunk_t dgst, digestInfo; 100: bool success = FALSE; 101: int len; 102: 103: if (wolfssl_hash_chunk(hash, data, &dgst)) 104: { 105: digestInfo = chunk_alloc(MAX_DER_DIGEST_SZ); 106: len = wc_EncodeSignature(digestInfo.ptr, dgst.ptr, dgst.len, 107: wc_HashGetOID(hash)); 108: if (len > 0) 109: { 110: digestInfo.len = len; 111: success = verify_signature(this, digestInfo, signature); 112: } 113: chunk_free(&digestInfo); 114: chunk_free(&dgst); 115: } 116: return success; 117: } 118: 119: #ifdef WC_RSA_PSS 120: /** 121: * Verification of an EMSA PSS signature described in PKCS#1 122: */ 123: static bool verify_emsa_pss_signature(private_wolfssl_rsa_public_key_t *this, 124: rsa_pss_params_t *params, chunk_t data, 125: chunk_t signature) 126: { 127: chunk_t dgst, padded; 128: enum wc_HashType hash; 129: u_char *p; 130: int mgf, len = 0; 131: bool success = FALSE; 132: 133: if (!wolfssl_hash2type(params->hash, &hash)) 134: { 135: return FALSE; 136: } 137: if (!wolfssl_hash2mgf1(params->mgf1_hash, &mgf)) 138: { 139: return FALSE; 140: } 141: if (!wolfssl_hash_chunk(hash, data, &dgst)) 142: { 143: return FALSE; 144: } 145: len = wc_RsaEncryptSize(&this->rsa); 146: if (signature.len > len) 147: { 148: signature = chunk_skip(signature, signature.len - len); 149: } 150: padded = chunk_copy_pad(chunk_alloca(len), signature, 0x00); 151: 152: len = wc_RsaPSS_VerifyInline_ex(padded.ptr, len, &p, hash, mgf, 153: params->salt_len, &this->rsa); 154: if (len > 0) 155: { 156: success = wc_RsaPSS_CheckPadding_ex(dgst.ptr, dgst.len, p, len, hash, 157: params->salt_len, mp_count_bits(&this->rsa.n)) == 0; 158: } 159: chunk_free(&dgst); 160: return success; 161: } 162: #endif 163: 164: METHOD(public_key_t, get_type, key_type_t, 165: private_wolfssl_rsa_public_key_t *this) 166: { 167: return KEY_RSA; 168: } 169: 170: METHOD(public_key_t, verify, bool, 171: private_wolfssl_rsa_public_key_t *this, signature_scheme_t scheme, 172: void *params, chunk_t data, chunk_t signature) 173: { 174: switch (scheme) 175: { 176: case SIGN_RSA_EMSA_PKCS1_NULL: 177: return verify_signature(this, data, signature); 178: case SIGN_RSA_EMSA_PKCS1_SHA2_224: 179: return verify_emsa_pkcs1_signature(this, WC_HASH_TYPE_SHA224, data, 180: signature); 181: case SIGN_RSA_EMSA_PKCS1_SHA2_256: 182: return verify_emsa_pkcs1_signature(this, WC_HASH_TYPE_SHA256, data, 183: signature); 184: case SIGN_RSA_EMSA_PKCS1_SHA2_384: 185: return verify_emsa_pkcs1_signature(this, WC_HASH_TYPE_SHA384, data, 186: signature); 187: case SIGN_RSA_EMSA_PKCS1_SHA2_512: 188: return verify_emsa_pkcs1_signature(this, WC_HASH_TYPE_SHA512, data, 189: signature); 190: case SIGN_RSA_EMSA_PKCS1_SHA1: 191: return verify_emsa_pkcs1_signature(this, WC_HASH_TYPE_SHA, data, 192: signature); 193: case SIGN_RSA_EMSA_PKCS1_MD5: 194: return verify_emsa_pkcs1_signature(this, WC_HASH_TYPE_MD5, data, 195: signature); 196: #ifdef WC_RSA_PSS 197: case SIGN_RSA_EMSA_PSS: 198: return verify_emsa_pss_signature(this, params, data, signature); 199: #endif 200: default: 201: DBG1(DBG_LIB, "signature scheme %N not supported via wolfssl", 202: signature_scheme_names, scheme); 203: return FALSE; 204: } 205: } 206: 207: METHOD(public_key_t, encrypt, bool, 208: private_wolfssl_rsa_public_key_t *this, encryption_scheme_t scheme, 209: chunk_t plain, chunk_t *crypto) 210: { 211: int padding, mgf, len; 212: enum wc_HashType hash; 213: 214: switch (scheme) 215: { 216: case ENCRYPT_RSA_PKCS1: 217: padding = WC_RSA_PKCSV15_PAD; 218: hash = WC_HASH_TYPE_NONE; 219: mgf = WC_MGF1NONE; 220: break; 221: #ifndef WC_NO_RSA_OAEP 222: #ifndef NO_SHA 223: case ENCRYPT_RSA_OAEP_SHA1: 224: padding = WC_RSA_OAEP_PAD; 225: hash = WC_HASH_TYPE_SHA; 226: mgf = WC_MGF1SHA1; 227: break; 228: #endif 229: #ifdef WOLFSSL_SHA224 230: case ENCRYPT_RSA_OAEP_SHA224: 231: padding = WC_RSA_OAEP_PAD; 232: hash = WC_HASH_TYPE_SHA224; 233: mgf = WC_MGF1SHA224; 234: break; 235: #endif 236: #ifndef NO_SHA256 237: case ENCRYPT_RSA_OAEP_SHA256: 238: padding = WC_RSA_OAEP_PAD; 239: hash = WC_HASH_TYPE_SHA256; 240: mgf = WC_MGF1SHA256; 241: break; 242: #endif 243: #ifdef WOLFSSL_SHA384 244: case ENCRYPT_RSA_OAEP_SHA384: 245: padding = WC_RSA_OAEP_PAD; 246: hash = WC_HASH_TYPE_SHA384; 247: mgf = WC_MGF1SHA384; 248: break; 249: #endif 250: #ifdef WOLFSSL_SHA512 251: case ENCRYPT_RSA_OAEP_SHA512: 252: padding = WC_RSA_OAEP_PAD; 253: hash = WC_HASH_TYPE_SHA512; 254: mgf = WC_MGF1SHA512; 255: break; 256: #endif 257: #endif 258: default: 259: DBG1(DBG_LIB, "decryption scheme %N not supported via wolfssl", 260: encryption_scheme_names, scheme); 261: return FALSE; 262: } 263: len = wc_RsaEncryptSize(&this->rsa); 264: *crypto = chunk_alloc(len); 265: len = wc_RsaPublicEncrypt_ex(plain.ptr, plain.len, crypto->ptr, len, 266: &this->rsa, &this->rng, padding, hash, mgf, 267: NULL, 0); 268: if (len < 0) 269: { 270: DBG1(DBG_LIB, "RSA encryption failed"); 271: chunk_free(crypto); 272: return FALSE; 273: } 274: crypto->len = len; 275: return TRUE; 276: } 277: 278: METHOD(public_key_t, get_keysize, int, 279: private_wolfssl_rsa_public_key_t *this) 280: { 281: return wc_RsaEncryptSize(&this->rsa) * 8; 282: } 283: 284: /** 285: * Encode the given public key as ASN.1 DER with algorithm identifier 286: */ 287: bool wolfssl_rsa_encode_public(RsaKey *rsa, chunk_t *encoding) 288: { 289: int len; 290: 291: len = wc_RsaEncryptSize(rsa) * 2 + 4 * MAX_SEQ_SZ + MAX_ALGO_SZ; 292: *encoding = chunk_alloc(len); 293: len = wc_RsaKeyToPublicDer(rsa, encoding->ptr, len); 294: if (len < 0) 295: { 296: chunk_free(encoding); 297: return FALSE; 298: } 299: encoding->len = len; 300: return TRUE; 301: } 302: 303: /** 304: * Calculate fingerprint from a RSA key, also used in rsa private key. 305: */ 306: bool wolfssl_rsa_fingerprint(RsaKey *rsa, cred_encoding_type_t type, 307: chunk_t *fp) 308: { 309: hasher_t *hasher; 310: chunk_t key; 311: bool success = FALSE; 312: 313: if (lib->encoding->get_cache(lib->encoding, type, rsa, fp)) 314: { 315: return TRUE; 316: } 317: switch (type) 318: { 319: case KEYID_PUBKEY_SHA1: 320: { 321: chunk_t n = chunk_empty, e = chunk_empty; 322: 323: if (wolfssl_mp2chunk(&rsa->n, &n) && 324: wolfssl_mp2chunk(&rsa->e, &e)) 325: { 326: key = asn1_wrap(ASN1_SEQUENCE, "mm", 327: asn1_integer("m", n), 328: asn1_integer("m", e)); 329: } 330: else 331: { 332: chunk_free(&n); 333: chunk_free(&e); 334: return FALSE; 335: } 336: break; 337: } 338: case KEYID_PUBKEY_INFO_SHA1: 339: if (!wolfssl_rsa_encode_public(rsa, &key)) 340: { 341: return FALSE; 342: } 343: break; 344: default: 345: return FALSE; 346: } 347: 348: hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1); 349: if (!hasher || !hasher->allocate_hash(hasher, key, fp)) 350: { 351: DBG1(DBG_LIB, "SHA1 not supported, fingerprinting failed"); 352: } 353: else 354: { 355: lib->encoding->cache(lib->encoding, type, rsa, *fp); 356: success = TRUE; 357: } 358: DESTROY_IF(hasher); 359: chunk_free(&key); 360: return success; 361: } 362: 363: METHOD(public_key_t, get_fingerprint, bool, 364: private_wolfssl_rsa_public_key_t *this, cred_encoding_type_t type, 365: chunk_t *fingerprint) 366: { 367: return wolfssl_rsa_fingerprint(&this->rsa, type, fingerprint); 368: } 369: 370: METHOD(public_key_t, get_encoding, bool, 371: private_wolfssl_rsa_public_key_t *this, cred_encoding_type_t type, 372: chunk_t *encoding) 373: { 374: chunk_t n = chunk_empty, e = chunk_empty; 375: bool success = FALSE; 376: 377: if (type == PUBKEY_SPKI_ASN1_DER) 378: { 379: return wolfssl_rsa_encode_public(&this->rsa, encoding); 380: } 381: 382: if (wolfssl_mp2chunk(&this->rsa.n, &n) && 383: wolfssl_mp2chunk(&this->rsa.e, &e)) 384: { 385: success = lib->encoding->encode(lib->encoding, type, NULL, encoding, 386: CRED_PART_RSA_MODULUS, n, 387: CRED_PART_RSA_PUB_EXP, e, CRED_PART_END); 388: } 389: chunk_free(&n); 390: chunk_free(&e); 391: return success; 392: } 393: 394: METHOD(public_key_t, get_ref, public_key_t*, 395: private_wolfssl_rsa_public_key_t *this) 396: { 397: ref_get(&this->ref); 398: return &this->public.key; 399: } 400: 401: METHOD(public_key_t, destroy, void, 402: private_wolfssl_rsa_public_key_t *this) 403: { 404: if (ref_put(&this->ref)) 405: { 406: lib->encoding->clear_cache(lib->encoding, &this->rsa); 407: wc_FreeRsaKey(&this->rsa); 408: wc_FreeRng(&this->rng); 409: free(this); 410: } 411: } 412: 413: /** 414: * Generic private constructor 415: */ 416: static private_wolfssl_rsa_public_key_t *create_empty() 417: { 418: private_wolfssl_rsa_public_key_t *this; 419: 420: INIT(this, 421: .public = { 422: .key = { 423: .get_type = _get_type, 424: .verify = _verify, 425: .encrypt = _encrypt, 426: .equals = public_key_equals, 427: .get_keysize = _get_keysize, 428: .get_fingerprint = _get_fingerprint, 429: .has_fingerprint = public_key_has_fingerprint, 430: .get_encoding = _get_encoding, 431: .get_ref = _get_ref, 432: .destroy = _destroy, 433: }, 434: }, 435: .ref = 1, 436: ); 437: 438: if (wc_InitRng(&this->rng) != 0) 439: { 440: DBG1(DBG_LIB, "init RNG failed, rsa public key load failed"); 441: free(this); 442: return NULL; 443: } 444: if (wc_InitRsaKey(&this->rsa, NULL) != 0) 445: { 446: DBG1(DBG_LIB, "init RSA failed, rsa public key load failed"); 447: wc_FreeRng(&this->rng); 448: free(this); 449: return NULL; 450: } 451: return this; 452: } 453: 454: /* 455: * Described in header 456: */ 457: wolfssl_rsa_public_key_t *wolfssl_rsa_public_key_load(key_type_t type, 458: va_list args) 459: { 460: private_wolfssl_rsa_public_key_t *this; 461: chunk_t blob, n, e; 462: word32 idx; 463: 464: n = e = blob = chunk_empty; 465: while (TRUE) 466: { 467: switch (va_arg(args, builder_part_t)) 468: { 469: case BUILD_BLOB_ASN1_DER: 470: blob = va_arg(args, chunk_t); 471: continue; 472: case BUILD_RSA_MODULUS: 473: n = va_arg(args, chunk_t); 474: continue; 475: case BUILD_RSA_PUB_EXP: 476: e = va_arg(args, chunk_t); 477: continue; 478: case BUILD_END: 479: break; 480: default: 481: return NULL; 482: } 483: break; 484: } 485: 486: this = create_empty(); 487: if (!this) 488: { 489: return NULL; 490: } 491: 492: if (blob.ptr) 493: { 494: switch (type) 495: { 496: case KEY_ANY: 497: case KEY_RSA: 498: idx = 0; 499: if (wc_RsaPublicKeyDecode(blob.ptr, &idx, &this->rsa, 500: blob.len) != 0) 501: { 502: destroy(this); 503: return NULL; 504: } 505: break; 506: default: 507: destroy(this); 508: return NULL; 509: } 510: return &this->public; 511: } 512: else if (n.ptr && e.ptr && type == KEY_RSA) 513: { 514: if (wc_RsaPublicKeyDecodeRaw(n.ptr, n.len, e.ptr, e.len, 515: &this->rsa) != 0) 516: { 517: destroy(this); 518: return NULL; 519: } 520: return &this->public; 521: } 522: destroy(this); 523: return NULL; 524: } 525: 526: #endif /* NO_RSA */