iPXE
Macros | Functions | Variables
rsa.c File Reference

RSA public-key cryptography. More...

#include <stdint.h>
#include <stdlib.h>
#include <stdarg.h>
#include <string.h>
#include <errno.h>
#include <ipxe/asn1.h>
#include <ipxe/crypto.h>
#include <ipxe/bigint.h>
#include <ipxe/random_nz.h>
#include <ipxe/rsa.h>

Go to the source code of this file.

Macros

#define EACCES_VERIFY   __einfo_error ( EINFO_EACCES_VERIFY )
 
#define EINFO_EACCES_VERIFY   __einfo_uniqify ( EINFO_EACCES, 0x01, "RSA signature incorrect" )
 

Functions

 FILE_LICENCE (GPL2_OR_LATER_OR_UBDL)
 
static struct rsa_digestinfo_prefixrsa_find_prefix (struct digest_algorithm *digest)
 Identify RSA prefix. More...
 
static void rsa_free (struct rsa_context *context)
 Free RSA dynamic storage. More...
 
static int rsa_alloc (struct rsa_context *context, size_t modulus_len, size_t exponent_len)
 Allocate RSA dynamic storage. More...
 
static int rsa_parse_integer (struct asn1_cursor *integer, const struct asn1_cursor *raw)
 Parse RSA integer. More...
 
static int rsa_parse_mod_exp (struct asn1_cursor *modulus, struct asn1_cursor *exponent, const struct asn1_cursor *raw)
 Parse RSA modulus and exponent. More...
 
static int rsa_init (void *ctx, const void *key, size_t key_len)
 Initialise RSA cipher. More...
 
static size_t rsa_max_len (void *ctx)
 Calculate RSA maximum output length. More...
 
static void rsa_cipher (struct rsa_context *context, const void *in, void *out)
 Perform RSA cipher operation. More...
 
static int rsa_encrypt (void *ctx, const void *plaintext, size_t plaintext_len, void *ciphertext)
 Encrypt using RSA. More...
 
static int rsa_decrypt (void *ctx, const void *ciphertext, size_t ciphertext_len, void *plaintext)
 Decrypt using RSA. More...
 
static int rsa_encode_digest (struct rsa_context *context, struct digest_algorithm *digest, const void *value, void *encoded)
 Encode RSA digest. More...
 
static int rsa_sign (void *ctx, struct digest_algorithm *digest, const void *value, void *signature)
 Sign digest value using RSA. More...
 
static int rsa_verify (void *ctx, struct digest_algorithm *digest, const void *value, const void *signature, size_t signature_len)
 Verify signed digest value using RSA. More...
 
static void rsa_final (void *ctx)
 Finalise RSA cipher. More...
 
static int rsa_match (const void *private_key, size_t private_key_len, const void *public_key, size_t public_key_len)
 Check for matching RSA public/private key pair. More...
 
 REQUIRING_SYMBOL (rsa_algorithm)
 
 REQUIRE_OBJECT (config_crypto)
 

Variables

struct pubkey_algorithm rsa_algorithm
 RSA public-key algorithm. More...
 

Detailed Description

RSA public-key cryptography.

RSA is documented in RFC 3447.

Definition in file rsa.c.

Macro Definition Documentation

◆ EACCES_VERIFY

#define EACCES_VERIFY   __einfo_error ( EINFO_EACCES_VERIFY )

Definition at line 45 of file rsa.c.

◆ EINFO_EACCES_VERIFY

#define EINFO_EACCES_VERIFY   __einfo_uniqify ( EINFO_EACCES, 0x01, "RSA signature incorrect" )

Definition at line 47 of file rsa.c.

Function Documentation

◆ FILE_LICENCE()

FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL  )

◆ rsa_find_prefix()

static struct rsa_digestinfo_prefix* rsa_find_prefix ( struct digest_algorithm digest)
static

Identify RSA prefix.

Parameters
digestDigest algorithm
Return values
prefixRSA prefix, or NULL

Definition at line 57 of file rsa.c.

57  {
58  struct rsa_digestinfo_prefix *prefix;
59 
60  for_each_table_entry ( prefix, RSA_DIGESTINFO_PREFIXES ) {
61  if ( prefix->digest == digest )
62  return prefix;
63  }
64  return NULL;
65 }
prefix
char prefix[4]
Definition: vmconsole.c:53
digest
struct md4_digest digest
Digest of data already processed.
Definition: md4.h:12
for_each_table_entry
#define for_each_table_entry(pointer, table)
Iterate through all entries within a linker table.
Definition: tables.h:385
rsa_digestinfo_prefix
An RSA digestInfo prefix.
Definition: rsa.h:42
NULL
#define NULL
NULL pointer (VOID *)
Definition: Base.h:321
RSA_DIGESTINFO_PREFIXES
#define RSA_DIGESTINFO_PREFIXES
RSA digestInfo prefix table.
Definition: rsa.h:52

References digest, for_each_table_entry, NULL, prefix, and RSA_DIGESTINFO_PREFIXES.

Referenced by rsa_encode_digest().

◆ rsa_free()

static void rsa_free ( struct rsa_context context)
static

Free RSA dynamic storage.

Parameters
contextRSA context

Definition at line 72 of file rsa.c.

72  {
73 
74  free ( context->dynamic );
75  context->dynamic = NULL;
76 }
rsa_context::dynamic
void * dynamic
Allocated memory.
Definition: rsa.h:61
free
static void(* free)(struct refcnt *refcnt))
Definition: refcnt.h:54
NULL
#define NULL
NULL pointer (VOID *)
Definition: Base.h:321

References rsa_context::dynamic, free, and NULL.

Referenced by rsa_alloc(), rsa_final(), and rsa_init().

◆ rsa_alloc()

static int rsa_alloc ( struct rsa_context context,
size_t  modulus_len,
size_t  exponent_len 
)
static

Allocate RSA dynamic storage.

Parameters
contextRSA context
modulus_lenModulus length
exponent_lenExponent length
Return values
rcReturn status code

Definition at line 86 of file rsa.c.

87  {
88  unsigned int size = bigint_required_size ( modulus_len );
89  unsigned int exponent_size = bigint_required_size ( exponent_len );
90  bigint_t ( size ) *modulus;
91  bigint_t ( exponent_size ) *exponent;
92  size_t tmp_len = bigint_mod_exp_tmp_len ( modulus, exponent );
93  struct {
94  bigint_t ( size ) modulus;
95  bigint_t ( exponent_size ) exponent;
96  bigint_t ( size ) input;
97  bigint_t ( size ) output;
98  uint8_t tmp[tmp_len];
99  } __attribute__ (( packed )) *dynamic;
100 
101  /* Free any existing dynamic storage */
102  rsa_free ( context );
103 
104  /* Allocate dynamic storage */
105  dynamic = malloc ( sizeof ( *dynamic ) );
106  if ( ! dynamic )
107  return -ENOMEM;
108 
109  /* Assign dynamic storage */
110  context->dynamic = dynamic;
111  context->modulus0 = &dynamic->modulus.element[0];
112  context->size = size;
113  context->max_len = modulus_len;
114  context->exponent0 = &dynamic->exponent.element[0];
115  context->exponent_size = exponent_size;
116  context->input0 = &dynamic->input.element[0];
117  context->output0 = &dynamic->output.element[0];
118  context->tmp = &dynamic->tmp;
119 
120  return 0;
121 }
__attribute__
#define __attribute__(x)
Definition: compiler.h:10
rsa_context::tmp
void * tmp
Temporary working space for modular exponentiation.
Definition: rsa.h:77
rsa_context::output0
bigint_element_t * output0
Output buffer.
Definition: rsa.h:75
rsa_context::exponent_size
unsigned int exponent_size
Exponent size.
Definition: rsa.h:71
input
Definition: bnxt_hsi.h:68
rsa_context::modulus0
bigint_element_t * modulus0
Modulus.
Definition: rsa.h:63
tmp
unsigned long tmp
Definition: linux_pci.h:53
ENOMEM
#define ENOMEM
Not enough space.
Definition: errno.h:534
bigint_mod_exp_tmp_len
#define bigint_mod_exp_tmp_len(modulus, exponent)
Calculate temporary working space required for moduluar exponentiation.
Definition: bigint.h:248
rsa_context::size
unsigned int size
Modulus size.
Definition: rsa.h:65
rsa_context::max_len
size_t max_len
Modulus length.
Definition: rsa.h:67
rsa_context::dynamic
void * dynamic
Allocated memory.
Definition: rsa.h:61
rsa_context::input0
bigint_element_t * input0
Input buffer.
Definition: rsa.h:73
bigint_t
#define bigint_t(size)
Define a big-integer type.
Definition: bigint.h:17
rsa_free
static void rsa_free(struct rsa_context *context)
Free RSA dynamic storage.
Definition: rsa.c:72
bigint_required_size
#define bigint_required_size(len)
Determine number of elements required for a big-integer type.
Definition: bigint.h:28
uint8_t
unsigned char uint8_t
Definition: stdint.h:10
malloc
void * malloc(size_t size)
Allocate memory.
Definition: malloc.c:583
rsa_context::exponent0
bigint_element_t * exponent0
Exponent.
Definition: rsa.h:69
size
uint8_t size
Entry size (in 32-bit words)
Definition: ena.h:16

References __attribute__, bigint_mod_exp_tmp_len, bigint_required_size, bigint_t, rsa_context::dynamic, ENOMEM, rsa_context::exponent0, rsa_context::exponent_size, rsa_context::input0, malloc(), rsa_context::max_len, rsa_context::modulus0, rsa_context::output0, rsa_free(), size, rsa_context::size, tmp, and rsa_context::tmp.

Referenced by rsa_init().

◆ rsa_parse_integer()

static int rsa_parse_integer ( struct asn1_cursor integer,
const struct asn1_cursor raw 
)
static

Parse RSA integer.

Parameters
integerInteger to fill in
rawASN.1 cursor
Return values
rcReturn status code

Definition at line 130 of file rsa.c.

131  {
132 
133  /* Enter integer */
134  memcpy ( integer, raw, sizeof ( *integer ) );
135  asn1_enter ( integer, ASN1_INTEGER );
136 
137  /* Skip initial sign byte if applicable */
138  if ( ( integer->len > 1 ) &&
139  ( *( ( uint8_t * ) integer->data ) == 0x00 ) ) {
140  integer->data++;
141  integer->len--;
142  }
143 
144  /* Fail if cursor or integer are invalid */
145  if ( ! integer->len )
146  return -EINVAL;
147 
148  return 0;
149 }
EINVAL
#define EINVAL
Invalid argument.
Definition: errno.h:428
asn1_enter
int asn1_enter(struct asn1_cursor *cursor, unsigned int type)
Enter ASN.1 object.
Definition: asn1.c:160
asn1_cursor::data
const void * data
Start of data.
Definition: asn1.h:22
asn1_cursor::len
size_t len
Length of data.
Definition: asn1.h:24
memcpy
void * memcpy(void *dest, const void *src, size_t len) __nonnull
uint8_t
unsigned char uint8_t
Definition: stdint.h:10
ASN1_INTEGER
#define ASN1_INTEGER
ASN.1 integer.
Definition: asn1.h:62
raw
__be32 raw[7]
Definition: CIB_PRM.h:28

References asn1_enter(), ASN1_INTEGER, asn1_cursor::data, EINVAL, asn1_cursor::len, memcpy(), and raw.

Referenced by rsa_parse_mod_exp().

◆ rsa_parse_mod_exp()

static int rsa_parse_mod_exp ( struct asn1_cursor modulus,
struct asn1_cursor exponent,
const struct asn1_cursor raw 
)
static

Parse RSA modulus and exponent.

Parameters
modulusModulus to fill in
exponentExponent to fill in
rawASN.1 cursor
Return values
rcReturn status code

Definition at line 159 of file rsa.c.

161  {
162  struct asn1_bit_string bits;
163  struct asn1_cursor cursor;
164  int is_private;
165  int rc;
166 
167  /* Enter subjectPublicKeyInfo/privateKeyInfo/RSAPrivateKey */
168  memcpy ( &cursor, raw, sizeof ( cursor ) );
169  asn1_enter ( &cursor, ASN1_SEQUENCE );
170 
171  /* Determine key format */
172  if ( asn1_type ( &cursor ) == ASN1_INTEGER ) {
173 
174  /* Private key */
175  is_private = 1;
176 
177  /* Skip version */
178  asn1_skip_any ( &cursor );
179 
180  /* Enter privateKey, if present */
181  if ( asn1_check_algorithm ( &cursor,
182  &rsa_encryption_algorithm ) == 0 ) {
183 
184  /* Skip privateKeyAlgorithm */
185  asn1_skip_any ( &cursor );
186 
187  /* Enter privateKey */
188  asn1_enter ( &cursor, ASN1_OCTET_STRING );
189 
190  /* Enter RSAPrivateKey */
191  asn1_enter ( &cursor, ASN1_SEQUENCE );
192 
193  /* Skip version */
194  asn1_skip ( &cursor, ASN1_INTEGER );
195  }
196 
197  } else {
198 
199  /* Public key */
200  is_private = 0;
201 
202  /* Skip algorithm */
203  asn1_skip ( &cursor, ASN1_SEQUENCE );
204 
205  /* Enter subjectPublicKey */
206  if ( ( rc = asn1_integral_bit_string ( &cursor, &bits ) ) != 0 )
207  return rc;
208  cursor.data = bits.data;
209  cursor.len = bits.len;
210 
211  /* Enter RSAPublicKey */
212  asn1_enter ( &cursor, ASN1_SEQUENCE );
213  }
214 
215  /* Extract modulus */
216  if ( ( rc = rsa_parse_integer ( modulus, &cursor ) ) != 0 )
217  return rc;
218  asn1_skip_any ( &cursor );
219 
220  /* Skip public exponent, if applicable */
221  if ( is_private )
222  asn1_skip ( &cursor, ASN1_INTEGER );
223 
224  /* Extract publicExponent/privateExponent */
225  if ( ( rc = rsa_parse_integer ( exponent, &cursor ) ) != 0 )
226  return rc;
227 
228  return 0;
229 }
rc
struct arbelprm_rc_send_wqe rc
Definition: arbel.h:14
asn1_enter
int asn1_enter(struct asn1_cursor *cursor, unsigned int type)
Enter ASN.1 object.
Definition: asn1.c:160
asn1_type
static unsigned int asn1_type(const struct asn1_cursor *cursor)
Extract ASN.1 type.
Definition: asn1.h:373
asn1_skip_any
int asn1_skip_any(struct asn1_cursor *cursor)
Skip ASN.1 object of any type.
Definition: asn1.c:276
memcpy
void * memcpy(void *dest, const void *src, size_t len) __nonnull
rsa_parse_integer
static int rsa_parse_integer(struct asn1_cursor *integer, const struct asn1_cursor *raw)
Parse RSA integer.
Definition: rsa.c:130
asn1_check_algorithm
int asn1_check_algorithm(const struct asn1_cursor *cursor, struct asn1_algorithm *expected)
Check ASN.1 OID-identified algorithm.
Definition: asn1.c:599
asn1_integral_bit_string
int asn1_integral_bit_string(const struct asn1_cursor *cursor, struct asn1_bit_string *bits)
Parse ASN.1 bit string that must be an integral number of bytes.
Definition: asn1.c:414
ASN1_SEQUENCE
#define ASN1_SEQUENCE
ASN.1 sequence.
Definition: asn1.h:89
ASN1_INTEGER
#define ASN1_INTEGER
ASN.1 integer.
Definition: asn1.h:62
bits
static volatile void * bits
Definition: bitops.h:27
asn1_skip
int asn1_skip(struct asn1_cursor *cursor, unsigned int type)
Skip ASN.1 object.
Definition: asn1.c:218
raw
__be32 raw[7]
Definition: CIB_PRM.h:28
arbelprm_rc_send_wqe::data
struct arbelprm_wqe_segment_data_ptr data[ARBEL_MAX_GATHER]
Definition: arbel.h:237
ASN1_OCTET_STRING
#define ASN1_OCTET_STRING
ASN.1 octet string.
Definition: asn1.h:68
asn1_cursor
An ASN.1 object cursor.
Definition: asn1.h:20
asn1_bit_string
An ASN.1 bit string.
Definition: asn1.h:347

References asn1_check_algorithm(), asn1_enter(), ASN1_INTEGER, asn1_integral_bit_string(), ASN1_OCTET_STRING, ASN1_SEQUENCE, asn1_skip(), asn1_skip_any(), asn1_type(), bits, asn1_cursor::data, asn1_cursor::len, memcpy(), raw, rc, and rsa_parse_integer().

Referenced by rsa_init(), and rsa_match().

◆ rsa_init()

static int rsa_init ( void *  ctx,
const void *  key,
size_t  key_len 
)
static

Initialise RSA cipher.

Parameters
ctxRSA context
keyKey
key_lenLength of key
Return values
rcReturn status code

Definition at line 239 of file rsa.c.

239  {
240  struct rsa_context *context = ctx;
241  struct asn1_cursor modulus;
242  struct asn1_cursor exponent;
243  struct asn1_cursor cursor;
244  int rc;
245 
246  /* Initialise context */
247  memset ( context, 0, sizeof ( *context ) );
248 
249  /* Initialise cursor */
250  cursor.data = key;
251  cursor.len = key_len;
252 
253  /* Parse modulus and exponent */
254  if ( ( rc = rsa_parse_mod_exp ( &modulus, &exponent, &cursor ) ) != 0 ){
255  DBGC ( context, "RSA %p invalid modulus/exponent:\n", context );
256  DBGC_HDA ( context, 0, cursor.data, cursor.len );
257  goto err_parse;
258  }
259 
260  DBGC ( context, "RSA %p modulus:\n", context );
261  DBGC_HDA ( context, 0, modulus.data, modulus.len );
262  DBGC ( context, "RSA %p exponent:\n", context );
263  DBGC_HDA ( context, 0, exponent.data, exponent.len );
264 
265  /* Allocate dynamic storage */
266  if ( ( rc = rsa_alloc ( context, modulus.len, exponent.len ) ) != 0 )
267  goto err_alloc;
268 
269  /* Construct big integers */
270  bigint_init ( ( ( bigint_t ( context->size ) * ) context->modulus0 ),
271  modulus.data, modulus.len );
272  bigint_init ( ( ( bigint_t ( context->exponent_size ) * )
273  context->exponent0 ), exponent.data, exponent.len );
274 
275  return 0;
276 
277  rsa_free ( context );
278  err_alloc:
279  err_parse:
280  return rc;
281 }
rsa_parse_mod_exp
static int rsa_parse_mod_exp(struct asn1_cursor *modulus, struct asn1_cursor *exponent, const struct asn1_cursor *raw)
Parse RSA modulus and exponent.
Definition: rsa.c:159
rc
struct arbelprm_rc_send_wqe rc
Definition: arbel.h:14
DBGC
#define DBGC(...)
Definition: compiler.h:505
rsa_context::exponent_size
unsigned int exponent_size
Exponent size.
Definition: rsa.h:71
bigint_init
#define bigint_init(value, data, len)
Initialise big integer.
Definition: bigint.h:48
ctx
struct golan_eq_context ctx
Definition: CIB_PRM.h:28
rsa_context::modulus0
bigint_element_t * modulus0
Modulus.
Definition: rsa.h:63
rsa_context
An RSA context.
Definition: rsa.h:59
DBGC_HDA
#define DBGC_HDA(...)
Definition: compiler.h:506
rsa_context::size
unsigned int size
Modulus size.
Definition: rsa.h:65
bigint_t
#define bigint_t(size)
Define a big-integer type.
Definition: bigint.h:17
rsa_free
static void rsa_free(struct rsa_context *context)
Free RSA dynamic storage.
Definition: rsa.c:72
rsa_context::exponent0
bigint_element_t * exponent0
Exponent.
Definition: rsa.h:69
asn1_cursor
An ASN.1 object cursor.
Definition: asn1.h:20
rsa_alloc
static int rsa_alloc(struct rsa_context *context, size_t modulus_len, size_t exponent_len)
Allocate RSA dynamic storage.
Definition: rsa.c:86
key
union @382 key
Sense key.
Definition: scsi.h:18
memset
void * memset(void *dest, int character, size_t len) __nonnull

References bigint_init, bigint_t, ctx, asn1_cursor::data, DBGC, DBGC_HDA, rsa_context::exponent0, rsa_context::exponent_size, key, asn1_cursor::len, memset(), rsa_context::modulus0, rc, rsa_alloc(), rsa_free(), rsa_parse_mod_exp(), and rsa_context::size.

◆ rsa_max_len()

static size_t rsa_max_len ( void *  ctx)
static

Calculate RSA maximum output length.

Parameters
ctxRSA context
Return values
max_lenMaximum output length

Definition at line 289 of file rsa.c.

289  {
290  struct rsa_context *context = ctx;
291 
292  return context->max_len;
293 }
ctx
struct golan_eq_context ctx
Definition: CIB_PRM.h:28
rsa_context
An RSA context.
Definition: rsa.h:59
rsa_context::max_len
size_t max_len
Modulus length.
Definition: rsa.h:67

References ctx, and rsa_context::max_len.

◆ rsa_cipher()

static void rsa_cipher ( struct rsa_context context,
const void *  in,
void *  out 
)
static

Perform RSA cipher operation.

Parameters
contextRSA context
inInput buffer
outOutput buffer

Definition at line 302 of file rsa.c.

303  {
304  bigint_t ( context->size ) *input = ( ( void * ) context->input0 );
305  bigint_t ( context->size ) *output = ( ( void * ) context->output0 );
306  bigint_t ( context->size ) *modulus = ( ( void * ) context->modulus0 );
307  bigint_t ( context->exponent_size ) *exponent =
308  ( ( void * ) context->exponent0 );
309 
310  /* Initialise big integer */
311  bigint_init ( input, in, context->max_len );
312 
313  /* Perform modular exponentiation */
314  bigint_mod_exp ( input, modulus, exponent, output, context->tmp );
315 
316  /* Copy out result */
317  bigint_done ( output, out, context->max_len );
318 }
rsa_context::tmp
void * tmp
Temporary working space for modular exponentiation.
Definition: rsa.h:77
rsa_context::output0
bigint_element_t * output0
Output buffer.
Definition: rsa.h:75
bigint_mod_exp
#define bigint_mod_exp(base, modulus, exponent, result, tmp)
Perform modular exponentiation of big integers.
Definition: bigint.h:233
in
__be32 in[4]
Definition: CIB_PRM.h:35
rsa_context::exponent_size
unsigned int exponent_size
Exponent size.
Definition: rsa.h:71
input
Definition: bnxt_hsi.h:68
bigint_init
#define bigint_init(value, data, len)
Initialise big integer.
Definition: bigint.h:48
rsa_context::modulus0
bigint_element_t * modulus0
Modulus.
Definition: rsa.h:63
rsa_context::size
unsigned int size
Modulus size.
Definition: rsa.h:65
rsa_context::max_len
size_t max_len
Modulus length.
Definition: rsa.h:67
rsa_context::input0
bigint_element_t * input0
Input buffer.
Definition: rsa.h:73
out
__be32 out[4]
Definition: CIB_PRM.h:36
bigint_t
#define bigint_t(size)
Define a big-integer type.
Definition: bigint.h:17
bigint_done
#define bigint_done(value, out, len)
Finalise big integer.
Definition: bigint.h:61
rsa_context::exponent0
bigint_element_t * exponent0
Exponent.
Definition: rsa.h:69

References bigint_done, bigint_init, bigint_mod_exp, bigint_t, rsa_context::exponent0, rsa_context::exponent_size, in, rsa_context::input0, rsa_context::max_len, rsa_context::modulus0, out, rsa_context::output0, rsa_context::size, and rsa_context::tmp.

Referenced by rsa_decrypt(), rsa_encrypt(), rsa_sign(), and rsa_verify().

◆ rsa_encrypt()

static int rsa_encrypt ( void *  ctx,
const void *  plaintext,
size_t  plaintext_len,
void *  ciphertext 
)
static

Encrypt using RSA.

Parameters
ctxRSA context
plaintextPlaintext
plaintext_lenLength of plaintext
ciphertextCiphertext
Return values
ciphertext_lenLength of ciphertext, or negative error

Definition at line 329 of file rsa.c.

330  {
331  struct rsa_context *context = ctx;
332  void *temp;
333  uint8_t *encoded;
334  size_t max_len = ( context->max_len - 11 );
335  size_t random_nz_len = ( max_len - plaintext_len + 8 );
336  int rc;
337 
338  /* Sanity check */
339  if ( plaintext_len > max_len ) {
340  DBGC ( context, "RSA %p plaintext too long (%zd bytes, max "
341  "%zd)\n", context, plaintext_len, max_len );
342  return -ERANGE;
343  }
344  DBGC ( context, "RSA %p encrypting:\n", context );
345  DBGC_HDA ( context, 0, plaintext, plaintext_len );
346 
347  /* Construct encoded message (using the big integer output
348  * buffer as temporary storage)
349  */
350  temp = context->output0;
351  encoded = temp;
352  encoded[0] = 0x00;
353  encoded[1] = 0x02;
354  if ( ( rc = get_random_nz ( &encoded[2], random_nz_len ) ) != 0 ) {
355  DBGC ( context, "RSA %p could not generate random data: %s\n",
356  context, strerror ( rc ) );
357  return rc;
358  }
359  encoded[ 2 + random_nz_len ] = 0x00;
360  memcpy ( &encoded[ context->max_len - plaintext_len ],
361  plaintext, plaintext_len );
362 
363  /* Encipher the encoded message */
364  rsa_cipher ( context, encoded, ciphertext );
365  DBGC ( context, "RSA %p encrypted:\n", context );
366  DBGC_HDA ( context, 0, ciphertext, context->max_len );
367 
368  return context->max_len;
369 }
rc
struct arbelprm_rc_send_wqe rc
Definition: arbel.h:14
rsa_context::output0
bigint_element_t * output0
Output buffer.
Definition: rsa.h:75
max_len
uint16_t max_len
Maximum length (in bytes)
Definition: ntlm.h:18
DBGC
#define DBGC(...)
Definition: compiler.h:505
get_random_nz
int get_random_nz(void *data, size_t len)
Get random non-zero bytes.
Definition: random_nz.c:62
rsa_cipher
static void rsa_cipher(struct rsa_context *context, const void *in, void *out)
Perform RSA cipher operation.
Definition: rsa.c:302
ctx
struct golan_eq_context ctx
Definition: CIB_PRM.h:28
memcpy
void * memcpy(void *dest, const void *src, size_t len) __nonnull
rsa_context
An RSA context.
Definition: rsa.h:59
DBGC_HDA
#define DBGC_HDA(...)
Definition: compiler.h:506
rsa_context::max_len
size_t max_len
Modulus length.
Definition: rsa.h:67
ERANGE
#define ERANGE
Result too large.
Definition: errno.h:639
strerror
char * strerror(int errno)
Retrieve string representation of error number.
Definition: strerror.c:78
uint8_t
unsigned char uint8_t
Definition: stdint.h:10

References ctx, DBGC, DBGC_HDA, ERANGE, get_random_nz(), max_len, rsa_context::max_len, memcpy(), rsa_context::output0, rc, rsa_cipher(), and strerror().

◆ rsa_decrypt()

static int rsa_decrypt ( void *  ctx,
const void *  ciphertext,
size_t  ciphertext_len,
void *  plaintext 
)
static

Decrypt using RSA.

Parameters
ctxRSA context
ciphertextCiphertext
ciphertext_lenCiphertext length
plaintextPlaintext
Return values
plaintext_lenPlaintext length, or negative error

Definition at line 380 of file rsa.c.

381  {
382  struct rsa_context *context = ctx;
383  void *temp;
384  uint8_t *encoded;
385  uint8_t *end;
386  uint8_t *zero;
387  uint8_t *start;
388  size_t plaintext_len;
389 
390  /* Sanity check */
391  if ( ciphertext_len != context->max_len ) {
392  DBGC ( context, "RSA %p ciphertext incorrect length (%zd "
393  "bytes, should be %zd)\n",
394  context, ciphertext_len, context->max_len );
395  return -ERANGE;
396  }
397  DBGC ( context, "RSA %p decrypting:\n", context );
398  DBGC_HDA ( context, 0, ciphertext, ciphertext_len );
399 
400  /* Decipher the message (using the big integer input buffer as
401  * temporary storage)
402  */
403  temp = context->input0;
404  encoded = temp;
405  rsa_cipher ( context, ciphertext, encoded );
406 
407  /* Parse the message */
408  end = ( encoded + context->max_len );
409  if ( ( encoded[0] != 0x00 ) || ( encoded[1] != 0x02 ) )
410  goto invalid;
411  zero = memchr ( &encoded[2], 0, ( end - &encoded[2] ) );
412  if ( ! zero )
413  goto invalid;
414  start = ( zero + 1 );
415  plaintext_len = ( end - start );
416 
417  /* Copy out message */
418  memcpy ( plaintext, start, plaintext_len );
419  DBGC ( context, "RSA %p decrypted:\n", context );
420  DBGC_HDA ( context, 0, plaintext, plaintext_len );
421 
422  return plaintext_len;
423 
424  invalid:
425  DBGC ( context, "RSA %p invalid decrypted message:\n", context );
426  DBGC_HDA ( context, 0, encoded, context->max_len );
427  return -EINVAL;
428 }
EINVAL
#define EINVAL
Invalid argument.
Definition: errno.h:428
DBGC
#define DBGC(...)
Definition: compiler.h:505
rsa_cipher
static void rsa_cipher(struct rsa_context *context, const void *in, void *out)
Perform RSA cipher operation.
Definition: rsa.c:302
zero
uint32_t zero
Must be zero.
Definition: ntlm.h:24
ctx
struct golan_eq_context ctx
Definition: CIB_PRM.h:28
memchr
void * memchr(const void *src, int character, size_t len)
Find character within a memory region.
Definition: string.c:135
start
uint32_t start
Starting offset.
Definition: netvsc.h:12
memcpy
void * memcpy(void *dest, const void *src, size_t len) __nonnull
rsa_context
An RSA context.
Definition: rsa.h:59
DBGC_HDA
#define DBGC_HDA(...)
Definition: compiler.h:506
rsa_context::max_len
size_t max_len
Modulus length.
Definition: rsa.h:67
rsa_context::input0
bigint_element_t * input0
Input buffer.
Definition: rsa.h:73
ERANGE
#define ERANGE
Result too large.
Definition: errno.h:639
uint8_t
unsigned char uint8_t
Definition: stdint.h:10
end
uint32_t end
Ending offset.
Definition: netvsc.h:18

References ctx, DBGC, DBGC_HDA, EINVAL, end, ERANGE, rsa_context::input0, rsa_context::max_len, memchr(), memcpy(), rsa_cipher(), start, and zero.

◆ rsa_encode_digest()

static int rsa_encode_digest ( struct rsa_context context,
struct digest_algorithm digest,
const void *  value,
void *  encoded 
)
static

Encode RSA digest.

Parameters
contextRSA context
digestDigest algorithm
valueDigest value
encodedEncoded digest
Return values
rcReturn status code

Definition at line 439 of file rsa.c.

441  {
442  struct rsa_digestinfo_prefix *prefix;
443  size_t digest_len = digest->digestsize;
444  uint8_t *temp = encoded;
445  size_t digestinfo_len;
446  size_t max_len;
447  size_t pad_len;
448 
449  /* Identify prefix */
450  prefix = rsa_find_prefix ( digest );
451  if ( ! prefix ) {
452  DBGC ( context, "RSA %p has no prefix for %s\n",
453  context, digest->name );
454  return -ENOTSUP;
455  }
456  digestinfo_len = ( prefix->len + digest_len );
457 
458  /* Sanity check */
459  max_len = ( context->max_len - 11 );
460  if ( digestinfo_len > max_len ) {
461  DBGC ( context, "RSA %p %s digestInfo too long (%zd bytes, max"
462  "%zd)\n",
463  context, digest->name, digestinfo_len, max_len );
464  return -ERANGE;
465  }
466  DBGC ( context, "RSA %p encoding %s digest:\n",
467  context, digest->name );
468  DBGC_HDA ( context, 0, value, digest_len );
469 
470  /* Construct encoded message */
471  *(temp++) = 0x00;
472  *(temp++) = 0x01;
473  pad_len = ( max_len - digestinfo_len + 8 );
474  memset ( temp, 0xff, pad_len );
475  temp += pad_len;
476  *(temp++) = 0x00;
477  memcpy ( temp, prefix->data, prefix->len );
478  temp += prefix->len;
479  memcpy ( temp, value, digest_len );
480  temp += digest_len;
481  assert ( temp == ( encoded + context->max_len ) );
482  DBGC ( context, "RSA %p encoded %s digest:\n", context, digest->name );
483  DBGC_HDA ( context, 0, encoded, context->max_len );
484 
485  return 0;
486 }
max_len
uint16_t max_len
Maximum length (in bytes)
Definition: ntlm.h:18
DBGC
#define DBGC(...)
Definition: compiler.h:505
prefix
char prefix[4]
Definition: vmconsole.c:53
rsa_find_prefix
static struct rsa_digestinfo_prefix * rsa_find_prefix(struct digest_algorithm *digest)
Identify RSA prefix.
Definition: rsa.c:57
digest
struct md4_digest digest
Digest of data already processed.
Definition: md4.h:12
ENOTSUP
#define ENOTSUP
Operation not supported.
Definition: errno.h:589
memcpy
void * memcpy(void *dest, const void *src, size_t len) __nonnull
assert
assert((readw(&hdr->flags) &(GTF_reading|GTF_writing))==0)
DBGC_HDA
#define DBGC_HDA(...)
Definition: compiler.h:506
rsa_context::max_len
size_t max_len
Modulus length.
Definition: rsa.h:67
value
pseudo_bit_t value[0x00020]
Definition: arbel.h:13
ERANGE
#define ERANGE
Result too large.
Definition: errno.h:639
rsa_digestinfo_prefix
An RSA digestInfo prefix.
Definition: rsa.h:42
uint8_t
unsigned char uint8_t
Definition: stdint.h:10
pad_len
long pad_len
Definition: bigint.h:30
memset
void * memset(void *dest, int character, size_t len) __nonnull

References assert(), DBGC, DBGC_HDA, digest, ENOTSUP, ERANGE, max_len, rsa_context::max_len, memcpy(), memset(), pad_len, prefix, rsa_find_prefix(), and value.

Referenced by rsa_sign(), and rsa_verify().

◆ rsa_sign()

static int rsa_sign ( void *  ctx,
struct digest_algorithm digest,
const void *  value,
void *  signature 
)
static

Sign digest value using RSA.

Parameters
ctxRSA context
digestDigest algorithm
valueDigest value
signatureSignature
Return values
signature_lenSignature length, or negative error

Definition at line 497 of file rsa.c.

498  {
499  struct rsa_context *context = ctx;
500  void *temp;
501  int rc;
502 
503  DBGC ( context, "RSA %p signing %s digest:\n", context, digest->name );
504  DBGC_HDA ( context, 0, value, digest->digestsize );
505 
506  /* Encode digest (using the big integer output buffer as
507  * temporary storage)
508  */
509  temp = context->output0;
510  if ( ( rc = rsa_encode_digest ( context, digest, value, temp ) ) != 0 )
511  return rc;
512 
513  /* Encipher the encoded digest */
514  rsa_cipher ( context, temp, signature );
515  DBGC ( context, "RSA %p signed %s digest:\n", context, digest->name );
516  DBGC_HDA ( context, 0, signature, context->max_len );
517 
518  return context->max_len;
519 }
rc
struct arbelprm_rc_send_wqe rc
Definition: arbel.h:14
rsa_context::output0
bigint_element_t * output0
Output buffer.
Definition: rsa.h:75
rsa_encode_digest
static int rsa_encode_digest(struct rsa_context *context, struct digest_algorithm *digest, const void *value, void *encoded)
Encode RSA digest.
Definition: rsa.c:439
DBGC
#define DBGC(...)
Definition: compiler.h:505
rsa_cipher
static void rsa_cipher(struct rsa_context *context, const void *in, void *out)
Perform RSA cipher operation.
Definition: rsa.c:302
ctx
struct golan_eq_context ctx
Definition: CIB_PRM.h:28
digest
struct md4_digest digest
Digest of data already processed.
Definition: md4.h:12
rsa_context
An RSA context.
Definition: rsa.h:59
DBGC_HDA
#define DBGC_HDA(...)
Definition: compiler.h:506
rsa_context::max_len
size_t max_len
Modulus length.
Definition: rsa.h:67
value
pseudo_bit_t value[0x00020]
Definition: arbel.h:13
signature
u8 signature
Signature.
Definition: CIB_PRM.h:35

References ctx, DBGC, DBGC_HDA, digest, rsa_context::max_len, rsa_context::output0, rc, rsa_cipher(), rsa_encode_digest(), signature, and value.

◆ rsa_verify()

static int rsa_verify ( void *  ctx,
struct digest_algorithm digest,
const void *  value,
const void *  signature,
size_t  signature_len 
)
static

Verify signed digest value using RSA.

Parameters
ctxRSA context
digestDigest algorithm
valueDigest value
signatureSignature
signature_lenSignature length
Return values
rcReturn status code

Definition at line 531 of file rsa.c.

533  {
534  struct rsa_context *context = ctx;
535  void *temp;
536  void *expected;
537  void *actual;
538  int rc;
539 
540  /* Sanity check */
541  if ( signature_len != context->max_len ) {
542  DBGC ( context, "RSA %p signature incorrect length (%zd "
543  "bytes, should be %zd)\n",
544  context, signature_len, context->max_len );
545  return -ERANGE;
546  }
547  DBGC ( context, "RSA %p verifying %s digest:\n",
548  context, digest->name );
549  DBGC_HDA ( context, 0, value, digest->digestsize );
550  DBGC_HDA ( context, 0, signature, signature_len );
551 
552  /* Decipher the signature (using the big integer input buffer
553  * as temporary storage)
554  */
555  temp = context->input0;
556  expected = temp;
557  rsa_cipher ( context, signature, expected );
558  DBGC ( context, "RSA %p deciphered signature:\n", context );
559  DBGC_HDA ( context, 0, expected, context->max_len );
560 
561  /* Encode digest (using the big integer output buffer as
562  * temporary storage)
563  */
564  temp = context->output0;
565  actual = temp;
566  if ( ( rc = rsa_encode_digest ( context, digest, value, actual ) ) !=0 )
567  return rc;
568 
569  /* Verify the signature */
570  if ( memcmp ( actual, expected, context->max_len ) != 0 ) {
571  DBGC ( context, "RSA %p signature verification failed\n",
572  context );
573  return -EACCES_VERIFY;
574  }
575 
576  DBGC ( context, "RSA %p signature verified successfully\n", context );
577  return 0;
578 }
rc
struct arbelprm_rc_send_wqe rc
Definition: arbel.h:14
rsa_context::output0
bigint_element_t * output0
Output buffer.
Definition: rsa.h:75
rsa_encode_digest
static int rsa_encode_digest(struct rsa_context *context, struct digest_algorithm *digest, const void *value, void *encoded)
Encode RSA digest.
Definition: rsa.c:439
DBGC
#define DBGC(...)
Definition: compiler.h:505
rsa_cipher
static void rsa_cipher(struct rsa_context *context, const void *in, void *out)
Perform RSA cipher operation.
Definition: rsa.c:302
ctx
struct golan_eq_context ctx
Definition: CIB_PRM.h:28
digest
struct md4_digest digest
Digest of data already processed.
Definition: md4.h:12
EACCES_VERIFY
#define EACCES_VERIFY
Definition: rsa.c:45
rsa_context
An RSA context.
Definition: rsa.h:59
DBGC_HDA
#define DBGC_HDA(...)
Definition: compiler.h:506
rsa_context::max_len
size_t max_len
Modulus length.
Definition: rsa.h:67
rsa_context::input0
bigint_element_t * input0
Input buffer.
Definition: rsa.h:73
value
pseudo_bit_t value[0x00020]
Definition: arbel.h:13
ERANGE
#define ERANGE
Result too large.
Definition: errno.h:639
signature
u8 signature
Signature.
Definition: CIB_PRM.h:35
memcmp
int memcmp(const void *first, const void *second, size_t len)
Compare memory regions.
Definition: string.c:114

References ctx, DBGC, DBGC_HDA, digest, EACCES_VERIFY, ERANGE, rsa_context::input0, rsa_context::max_len, memcmp(), rsa_context::output0, rc, rsa_cipher(), rsa_encode_digest(), signature, and value.

◆ rsa_final()

static void rsa_final ( void *  ctx)
static

Finalise RSA cipher.

Parameters
ctxRSA context

Definition at line 585 of file rsa.c.

585  {
586  struct rsa_context *context = ctx;
587 
588  rsa_free ( context );
589 }
ctx
struct golan_eq_context ctx
Definition: CIB_PRM.h:28
rsa_context
An RSA context.
Definition: rsa.h:59
rsa_free
static void rsa_free(struct rsa_context *context)
Free RSA dynamic storage.
Definition: rsa.c:72

References ctx, and rsa_free().

◆ rsa_match()

static int rsa_match ( const void *  private_key,
size_t  private_key_len,
const void *  public_key,
size_t  public_key_len 
)
static

Check for matching RSA public/private key pair.

Parameters
private_keyPrivate key
private_key_lenPrivate key length
public_keyPublic key
public_key_lenPublic key length
Return values
rcReturn status code

Definition at line 600 of file rsa.c.

601  {
602  struct asn1_cursor private_modulus;
603  struct asn1_cursor private_exponent;
604  struct asn1_cursor private_cursor;
605  struct asn1_cursor public_modulus;
606  struct asn1_cursor public_exponent;
607  struct asn1_cursor public_cursor;
608  int rc;
609 
610  /* Initialise cursors */
611  private_cursor.data = private_key;
612  private_cursor.len = private_key_len;
613  public_cursor.data = public_key;
614  public_cursor.len = public_key_len;
615 
616  /* Parse moduli and exponents */
617  if ( ( rc = rsa_parse_mod_exp ( &private_modulus, &private_exponent,
618  &private_cursor ) ) != 0 )
619  return rc;
620  if ( ( rc = rsa_parse_mod_exp ( &public_modulus, &public_exponent,
621  &public_cursor ) ) != 0 )
622  return rc;
623 
624  /* Compare moduli */
625  if ( asn1_compare ( &private_modulus, &public_modulus ) != 0 )
626  return -ENOTTY;
627 
628  return 0;
629 }
rsa_parse_mod_exp
static int rsa_parse_mod_exp(struct asn1_cursor *modulus, struct asn1_cursor *exponent, const struct asn1_cursor *raw)
Parse RSA modulus and exponent.
Definition: rsa.c:159
rc
struct arbelprm_rc_send_wqe rc
Definition: arbel.h:14
asn1_compare
int asn1_compare(const struct asn1_cursor *cursor1, const struct asn1_cursor *cursor2)
Compare two ASN.1 objects.
Definition: asn1.c:443
private_key_len
char private_key_len[]
ENOTTY
#define ENOTTY
Inappropriate I/O control operation.
Definition: errno.h:594
arbelprm_rc_send_wqe::data
struct arbelprm_wqe_segment_data_ptr data[ARBEL_MAX_GATHER]
Definition: arbel.h:237
private_key
struct private_key private_key
Private key.
Definition: privkey.c:67
asn1_cursor
An ASN.1 object cursor.
Definition: asn1.h:20

References asn1_compare(), asn1_cursor::data, ENOTTY, asn1_cursor::len, private_key, private_key_len, rc, and rsa_parse_mod_exp().

◆ REQUIRING_SYMBOL()

REQUIRING_SYMBOL ( rsa_algorithm  )

◆ REQUIRE_OBJECT()

REQUIRE_OBJECT ( config_crypto  )

Variable Documentation

◆ rsa_algorithm

struct pubkey_algorithm rsa_algorithm
Initial value:
= {
.name = "rsa",
.ctxsize = RSA_CTX_SIZE,
.init = rsa_init,
.max_len = rsa_max_len,
.encrypt = rsa_encrypt,
.decrypt = rsa_decrypt,
.sign = rsa_sign,
.verify = rsa_verify,
.final = rsa_final,
.match = rsa_match,
}
rsa_encrypt
static int rsa_encrypt(void *ctx, const void *plaintext, size_t plaintext_len, void *ciphertext)
Encrypt using RSA.
Definition: rsa.c:329
rsa_decrypt
static int rsa_decrypt(void *ctx, const void *ciphertext, size_t ciphertext_len, void *plaintext)
Decrypt using RSA.
Definition: rsa.c:380
rsa_final
static void rsa_final(void *ctx)
Finalise RSA cipher.
Definition: rsa.c:585
rsa_verify
static int rsa_verify(void *ctx, struct digest_algorithm *digest, const void *value, const void *signature, size_t signature_len)
Verify signed digest value using RSA.
Definition: rsa.c:531
RSA_CTX_SIZE
#define RSA_CTX_SIZE
RSA context size.
Definition: rsa.h:81
rsa_init
static int rsa_init(void *ctx, const void *key, size_t key_len)
Initialise RSA cipher.
Definition: rsa.c:239
rsa_match
static int rsa_match(const void *private_key, size_t private_key_len, const void *public_key, size_t public_key_len)
Check for matching RSA public/private key pair.
Definition: rsa.c:600
rsa_sign
static int rsa_sign(void *ctx, struct digest_algorithm *digest, const void *value, void *signature)
Sign digest value using RSA.
Definition: rsa.c:497
rsa_max_len
static size_t rsa_max_len(void *ctx)
Calculate RSA maximum output length.
Definition: rsa.c:289

RSA public-key algorithm.

Definition at line 632 of file rsa.c.

Referenced by icert_cert().

Generated by   doxygen 1.8.15