]> git.ipfire.org Git - people/ms/strongswan.git/blob - src/libstrongswan/plugins/wolfssl/wolfssl_rsa_public_key.c
projects / people / ms / strongswan.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
wolfssl: Full support of SHA3 signatures
[people/ms/strongswan.git] / src / libstrongswan / plugins / wolfssl / wolfssl_rsa_public_key.c
1 /*
2 * Copyright (C) 2019 Sean Parkinson, wolfSSL Inc.
3 *
4 * Permission is hereby granted, free of charge, to any person obtaining a copy
5 * of this software and associated documentation files (the "Software"), to deal
6 * in the Software without restriction, including without limitation the rights
7 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
8 * copies of the Software, and to permit persons to whom the Software is
9 * furnished to do so, subject to the following conditions:
10 *
11 * The above copyright notice and this permission notice shall be included in
12 * all copies or substantial portions of the Software.
13 *
14 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
15 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
16 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
17 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
18 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
19 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
20 * THE SOFTWARE.
21 */
22
23 #include "wolfssl_common.h"
24
25 #ifndef NO_RSA
26
27 #include "wolfssl_rsa_public_key.h"
28 #include "wolfssl_util.h"
29
30 #include <utils/debug.h>
31 #include <asn1/asn1.h>
32 #include <crypto/hashers/hasher.h>
33 #include <credentials/keys/signature_params.h>
34
35 #include <wolfssl/wolfcrypt/rsa.h>
36 #include <wolfssl/wolfcrypt/asn.h>
37
38 typedef struct private_wolfssl_rsa_public_key_t private_wolfssl_rsa_public_key_t;
39
40 /**
41 * Private data
42 */
43 struct private_wolfssl_rsa_public_key_t {
44
45 /**
46 * Public interface
47 */
48 wolfssl_rsa_public_key_t public;
49
50 /**
51 * RSA key object from wolfSSL.
52 */
53 RsaKey rsa;
54
55 /**
56 * Random number generator to use with RSA operations.
57 */
58 WC_RNG rng;
59
60 /**
61 * Reference counter
62 */
63 refcount_t ref;
64 };
65
66 /**
67 * Verify RSA signature
68 */
69 static bool verify_signature(private_wolfssl_rsa_public_key_t *this,
70 chunk_t data, chunk_t signature)
71 {
72 bool success = FALSE;
73 int len = wc_RsaEncryptSize(&this->rsa);
74 chunk_t padded;
75 u_char *p;
76
77 if (signature.len > len)
78 {
79 signature = chunk_skip(signature, signature.len - len);
80 }
81
82 padded = chunk_copy_pad(chunk_alloca(len), signature, 0x00);
83
84 len = wc_RsaSSL_VerifyInline(padded.ptr, len, &p, &this->rsa);
85 if (len > 0)
86 {
87 success = chunk_equals_const(data, chunk_create(p, len));
88 }
89 return success;
90 }
91
92 /**
93 * Verification of an EMSA PKCS1 signature described in PKCS#1
94 */
95 static bool verify_emsa_pkcs1_signature(private_wolfssl_rsa_public_key_t *this,
96 enum wc_HashType hash, chunk_t data,
97 chunk_t signature)
98 {
99 chunk_t dgst, digestInfo;
100 bool success = FALSE;
101 int len;
102
103 if (wolfssl_hash_chunk(hash, data, &dgst))
104 {
105 digestInfo = chunk_alloc(MAX_DER_DIGEST_SZ);
106 len = wc_EncodeSignature(digestInfo.ptr, dgst.ptr, dgst.len,
107 wc_HashGetOID(hash));
108 if (len > 0)
109 {
110 digestInfo.len = len;
111 success = verify_signature(this, digestInfo, signature);
112 }
113 chunk_free(&digestInfo);
114 chunk_free(&dgst);
115 }
116 return success;
117 }
118
119 #ifdef WC_RSA_PSS
120 /**
121 * Verification of an EMSA PSS signature described in PKCS#1
122 */
123 static bool verify_emsa_pss_signature(private_wolfssl_rsa_public_key_t *this,
124 rsa_pss_params_t *params, chunk_t data,
125 chunk_t signature)
126 {
127 chunk_t dgst, padded;
128 enum wc_HashType hash;
129 u_char *p;
130 int mgf, len = 0;
131 bool success = FALSE;
132
133 if (!wolfssl_hash2type(params->hash, &hash))
134 {
135 return FALSE;
136 }
137 if (!wolfssl_hash2mgf1(params->mgf1_hash, &mgf))
138 {
139 return FALSE;
140 }
141 if (!wolfssl_hash_chunk(hash, data, &dgst))
142 {
143 return FALSE;
144 }
145 len = wc_RsaEncryptSize(&this->rsa);
146 if (signature.len > len)
147 {
148 signature = chunk_skip(signature, signature.len - len);
149 }
150 padded = chunk_copy_pad(chunk_alloca(len), signature, 0x00);
151
152 len = wc_RsaPSS_VerifyInline_ex(padded.ptr, len, &p, hash, mgf,
153 params->salt_len, &this->rsa);
154 if (len > 0)
155 {
156 success = wc_RsaPSS_CheckPadding_ex(dgst.ptr, dgst.len, p, len, hash,
157 params->salt_len, mp_count_bits(&this->rsa.n)) == 0;
158 }
159 chunk_free(&dgst);
160 return success;
161 }
162 #endif
163
164 METHOD(public_key_t, get_type, key_type_t,
165 private_wolfssl_rsa_public_key_t *this)
166 {
167 return KEY_RSA;
168 }
169
170 METHOD(public_key_t, verify, bool,
171 private_wolfssl_rsa_public_key_t *this, signature_scheme_t scheme,
172 void *params, chunk_t data, chunk_t signature)
173 {
174 switch (scheme)
175 {
176 case SIGN_RSA_EMSA_PKCS1_NULL:
177 return verify_signature(this, data, signature);
178 case SIGN_RSA_EMSA_PKCS1_SHA2_224:
179 return verify_emsa_pkcs1_signature(this, WC_HASH_TYPE_SHA224, data,
180 signature);
181 case SIGN_RSA_EMSA_PKCS1_SHA2_256:
182 return verify_emsa_pkcs1_signature(this, WC_HASH_TYPE_SHA256, data,
183 signature);
184 case SIGN_RSA_EMSA_PKCS1_SHA2_384:
185 return verify_emsa_pkcs1_signature(this, WC_HASH_TYPE_SHA384, data,
186 signature);
187 case SIGN_RSA_EMSA_PKCS1_SHA2_512:
188 return verify_emsa_pkcs1_signature(this, WC_HASH_TYPE_SHA512, data,
189 signature);
190 case SIGN_RSA_EMSA_PKCS1_SHA3_224:
191 return verify_emsa_pkcs1_signature(this, WC_HASH_TYPE_SHA3_224, data,
192 signature);
193 case SIGN_RSA_EMSA_PKCS1_SHA3_256:
194 return verify_emsa_pkcs1_signature(this, WC_HASH_TYPE_SHA3_256, data,
195 signature);
196 case SIGN_RSA_EMSA_PKCS1_SHA3_384:
197 return verify_emsa_pkcs1_signature(this, WC_HASH_TYPE_SHA3_384, data,
198 signature);
199 case SIGN_RSA_EMSA_PKCS1_SHA3_512:
200 return verify_emsa_pkcs1_signature(this, WC_HASH_TYPE_SHA3_512, data,
201 signature);
202 case SIGN_RSA_EMSA_PKCS1_SHA1:
203 return verify_emsa_pkcs1_signature(this, WC_HASH_TYPE_SHA, data,
204 signature);
205 case SIGN_RSA_EMSA_PKCS1_MD5:
206 return verify_emsa_pkcs1_signature(this, WC_HASH_TYPE_MD5, data,
207 signature);
208 #ifdef WC_RSA_PSS
209 case SIGN_RSA_EMSA_PSS:
210 return verify_emsa_pss_signature(this, params, data, signature);
211 #endif
212 default:
213 DBG1(DBG_LIB, "signature scheme %N not supported via wolfssl",
214 signature_scheme_names, scheme);
215 return FALSE;
216 }
217 }
218
219 METHOD(public_key_t, encrypt, bool,
220 private_wolfssl_rsa_public_key_t *this, encryption_scheme_t scheme,
221 chunk_t plain, chunk_t *crypto)
222 {
223 int padding, mgf, len;
224 enum wc_HashType hash;
225
226 switch (scheme)
227 {
228 case ENCRYPT_RSA_PKCS1:
229 padding = WC_RSA_PKCSV15_PAD;
230 hash = WC_HASH_TYPE_NONE;
231 mgf = WC_MGF1NONE;
232 break;
233 #ifndef WC_NO_RSA_OAEP
234 #ifndef NO_SHA
235 case ENCRYPT_RSA_OAEP_SHA1:
236 padding = WC_RSA_OAEP_PAD;
237 hash = WC_HASH_TYPE_SHA;
238 mgf = WC_MGF1SHA1;
239 break;
240 #endif
241 #ifdef WOLFSSL_SHA224
242 case ENCRYPT_RSA_OAEP_SHA224:
243 padding = WC_RSA_OAEP_PAD;
244 hash = WC_HASH_TYPE_SHA224;
245 mgf = WC_MGF1SHA224;
246 break;
247 #endif
248 #ifndef NO_SHA256
249 case ENCRYPT_RSA_OAEP_SHA256:
250 padding = WC_RSA_OAEP_PAD;
251 hash = WC_HASH_TYPE_SHA256;
252 mgf = WC_MGF1SHA256;
253 break;
254 #endif
255 #ifdef WOLFSSL_SHA384
256 case ENCRYPT_RSA_OAEP_SHA384:
257 padding = WC_RSA_OAEP_PAD;
258 hash = WC_HASH_TYPE_SHA384;
259 mgf = WC_MGF1SHA384;
260 break;
261 #endif
262 #ifdef WOLFSSL_SHA512
263 case ENCRYPT_RSA_OAEP_SHA512:
264 padding = WC_RSA_OAEP_PAD;
265 hash = WC_HASH_TYPE_SHA512;
266 mgf = WC_MGF1SHA512;
267 break;
268 #endif
269 #endif
270 default:
271 DBG1(DBG_LIB, "decryption scheme %N not supported via wolfssl",
272 encryption_scheme_names, scheme);
273 return FALSE;
274 }
275 len = wc_RsaEncryptSize(&this->rsa);
276 *crypto = chunk_alloc(len);
277 len = wc_RsaPublicEncrypt_ex(plain.ptr, plain.len, crypto->ptr, len,
278 &this->rsa, &this->rng, padding, hash, mgf,
279 NULL, 0);
280 if (len < 0)
281 {
282 DBG1(DBG_LIB, "RSA encryption failed");
283 chunk_free(crypto);
284 return FALSE;
285 }
286 crypto->len = len;
287 return TRUE;
288 }
289
290 METHOD(public_key_t, get_keysize, int,
291 private_wolfssl_rsa_public_key_t *this)
292 {
293 return wc_RsaEncryptSize(&this->rsa) * 8;
294 }
295
296 /**
297 * Encode the given public key as ASN.1 DER with algorithm identifier
298 */
299 bool wolfssl_rsa_encode_public(RsaKey *rsa, chunk_t *encoding)
300 {
301 int len;
302
303 len = wc_RsaEncryptSize(rsa) * 2 + 4 * MAX_SEQ_SZ + MAX_ALGO_SZ;
304 *encoding = chunk_alloc(len);
305 len = wc_RsaKeyToPublicDer(rsa, encoding->ptr, len);
306 if (len < 0)
307 {
308 chunk_free(encoding);
309 return FALSE;
310 }
311 encoding->len = len;
312 return TRUE;
313 }
314
315 /**
316 * Calculate fingerprint from a RSA key, also used in rsa private key.
317 */
318 bool wolfssl_rsa_fingerprint(RsaKey *rsa, cred_encoding_type_t type,
319 chunk_t *fp)
320 {
321 hasher_t *hasher;
322 chunk_t key;
323 bool success = FALSE;
324
325 if (lib->encoding->get_cache(lib->encoding, type, rsa, fp))
326 {
327 return TRUE;
328 }
329 switch (type)
330 {
331 case KEYID_PUBKEY_SHA1:
332 {
333 chunk_t n = chunk_empty, e = chunk_empty;
334
335 if (wolfssl_mp2chunk(&rsa->n, &n) &&
336 wolfssl_mp2chunk(&rsa->e, &e))
337 {
338 key = asn1_wrap(ASN1_SEQUENCE, "mm",
339 asn1_integer("m", n),
340 asn1_integer("m", e));
341 }
342 else
343 {
344 chunk_free(&n);
345 chunk_free(&e);
346 return FALSE;
347 }
348 break;
349 }
350 case KEYID_PUBKEY_INFO_SHA1:
351 if (!wolfssl_rsa_encode_public(rsa, &key))
352 {
353 return FALSE;
354 }
355 break;
356 default:
357 return FALSE;
358 }
359
360 hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1);
361 if (!hasher || !hasher->allocate_hash(hasher, key, fp))
362 {
363 DBG1(DBG_LIB, "SHA1 not supported, fingerprinting failed");
364 }
365 else
366 {
367 lib->encoding->cache(lib->encoding, type, rsa, *fp);
368 success = TRUE;
369 }
370 DESTROY_IF(hasher);
371 chunk_free(&key);
372 return success;
373 }
374
375 METHOD(public_key_t, get_fingerprint, bool,
376 private_wolfssl_rsa_public_key_t *this, cred_encoding_type_t type,
377 chunk_t *fingerprint)
378 {
379 return wolfssl_rsa_fingerprint(&this->rsa, type, fingerprint);
380 }
381
382 METHOD(public_key_t, get_encoding, bool,
383 private_wolfssl_rsa_public_key_t *this, cred_encoding_type_t type,
384 chunk_t *encoding)
385 {
386 chunk_t n = chunk_empty, e = chunk_empty;
387 bool success = FALSE;
388
389 if (type == PUBKEY_SPKI_ASN1_DER)
390 {
391 return wolfssl_rsa_encode_public(&this->rsa, encoding);
392 }
393
394 if (wolfssl_mp2chunk(&this->rsa.n, &n) &&
395 wolfssl_mp2chunk(&this->rsa.e, &e))
396 {
397 success = lib->encoding->encode(lib->encoding, type, NULL, encoding,
398 CRED_PART_RSA_MODULUS, n,
399 CRED_PART_RSA_PUB_EXP, e, CRED_PART_END);
400 }
401 chunk_free(&n);
402 chunk_free(&e);
403 return success;
404 }
405
406 METHOD(public_key_t, get_ref, public_key_t*,
407 private_wolfssl_rsa_public_key_t *this)
408 {
409 ref_get(&this->ref);
410 return &this->public.key;
411 }
412
413 METHOD(public_key_t, destroy, void,
414 private_wolfssl_rsa_public_key_t *this)
415 {
416 if (ref_put(&this->ref))
417 {
418 lib->encoding->clear_cache(lib->encoding, &this->rsa);
419 wc_FreeRsaKey(&this->rsa);
420 wc_FreeRng(&this->rng);
421 free(this);
422 }
423 }
424
425 /**
426 * Generic private constructor
427 */
428 static private_wolfssl_rsa_public_key_t *create_empty()
429 {
430 private_wolfssl_rsa_public_key_t *this;
431
432 INIT(this,
433 .public = {
434 .key = {
435 .get_type = _get_type,
436 .verify = _verify,
437 .encrypt = _encrypt,
438 .equals = public_key_equals,
439 .get_keysize = _get_keysize,
440 .get_fingerprint = _get_fingerprint,
441 .has_fingerprint = public_key_has_fingerprint,
442 .get_encoding = _get_encoding,
443 .get_ref = _get_ref,
444 .destroy = _destroy,
445 },
446 },
447 .ref = 1,
448 );
449
450 if (wc_InitRng(&this->rng) != 0)
451 {
452 DBG1(DBG_LIB, "init RNG failed, rsa public key load failed");
453 free(this);
454 return NULL;
455 }
456 if (wc_InitRsaKey(&this->rsa, NULL) != 0)
457 {
458 DBG1(DBG_LIB, "init RSA failed, rsa public key load failed");
459 wc_FreeRng(&this->rng);
460 free(this);
461 return NULL;
462 }
463 return this;
464 }
465
466 /*
467 * Described in header
468 */
469 wolfssl_rsa_public_key_t *wolfssl_rsa_public_key_load(key_type_t type,
470 va_list args)
471 {
472 private_wolfssl_rsa_public_key_t *this;
473 chunk_t blob, n, e;
474 word32 idx;
475
476 n = e = blob = chunk_empty;
477 while (TRUE)
478 {
479 switch (va_arg(args, builder_part_t))
480 {
481 case BUILD_BLOB_ASN1_DER:
482 blob = va_arg(args, chunk_t);
483 continue;
484 case BUILD_RSA_MODULUS:
485 n = va_arg(args, chunk_t);
486 continue;
487 case BUILD_RSA_PUB_EXP:
488 e = va_arg(args, chunk_t);
489 continue;
490 case BUILD_END:
491 break;
492 default:
493 return NULL;
494 }
495 break;
496 }
497
498 this = create_empty();
499 if (!this)
500 {
501 return NULL;
502 }
503
504 if (blob.ptr)
505 {
506 switch (type)
507 {
508 case KEY_ANY:
509 case KEY_RSA:
510 idx = 0;
511 if (wc_RsaPublicKeyDecode(blob.ptr, &idx, &this->rsa,
512 blob.len) != 0)
513 {
514 destroy(this);
515 return NULL;
516 }
517 break;
518 default:
519 destroy(this);
520 return NULL;
521 }
522 return &this->public;
523 }
524 else if (n.ptr && e.ptr && type == KEY_RSA)
525 {
526 if (wc_RsaPublicKeyDecodeRaw(n.ptr, n.len, e.ptr, e.len,
527 &this->rsa) != 0)
528 {
529 destroy(this);
530 return NULL;
531 }
532 return &this->public;
533 }
534 destroy(this);
535 return NULL;
536 }
537
538 #endif /* NO_RSA */
Michael's strongswan development tree