/ ltc-rsa.c
ltc-rsa.c
1 /* 2 * Licensed under the Apache License, Version 2.0 (the "License"); 3 * you may not use this file except in compliance with the License. 4 * See the NOTICE file distributed with this work for additional 5 * information regarding copyright ownership. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 #include <stdarg.h> 18 #include <lscore/plugin.h> 19 #include <tomcrypt.h> 20 #include <lsplugin/mkobject.h> 21 #include <lsplugin/mkoperator.h> 22 #include <lsplugin/param.h> 23 #include "ltc-methods.h" 24 25 #define T(x) LE_status_is_OK(x) 26 27 /* Key data with support functions */ 28 struct ltc_rsa_key_st { 29 rsa_key key; 30 31 /* Caches for key data operations */ 32 LSC_key_generator_t *generator; 33 LSC_key_constructor_t *constructor; 34 LSC_key_extractor_t *extractor; 35 /* Caches for primitive operations */ 36 LSC_encryptor_t *encryptor; 37 LSC_decryptor_t *decryptor; 38 LSC_signer_t *signer; 39 LSC_verifier_t *verifier; 40 }; 41 42 /* Diverse parameter specification macros */ 43 44 #define RSA_I_size 0 45 #define RSA_P_size(t) \ 46 { "size", RSA_I_size, \ 47 { LSC_DT_integer, \ 48 { { sizeof(int), sizeof(int) }, }, }, \ 49 .p_private = &rsa_##t##_size_fns, \ 50 .p_docstring = "RSA size in bits" } 51 /* The size tange 1024 to 4096 is documented in the libtomcrypt manual*/ 52 #define RSA_I_N 1 53 #define RSA_P_N(t) \ 54 { "N", RSA_I_N, \ 55 { LSC_DT_unsigned_integer, { { 1024, 4096 }, }, \ 56 .d_auxilliary.d_integer_desc = { \ 57 LSC_DTi_elem_is_bit, \ 58 LSC_DTi_mse_first_order \ 59 }, }, \ 60 .p_private = &rsa_##t##_N_fns } 61 #define RSA_I_e 2 62 #define RSA_P_e(t) \ 63 { "e", RSA_I_e, \ 64 { LSC_DT_unsigned_integer, { { 0, 0 } }, \ 65 .d_auxilliary.d_integer_desc = { \ 66 LSC_DTi_elem_is_bit, \ 67 LSC_DTi_mse_first_order \ 68 }, }, \ 69 .p_private = &rsa_##t##_e_fns } 70 #define RSA_I_d 3 71 #define RSA_P_d(t) \ 72 { "d", RSA_I_d, \ 73 { LSC_DT_unsigned_integer, { { 0, 0 } }, \ 74 .d_auxilliary.d_integer_desc = { \ 75 LSC_DTi_elem_is_bit, \ 76 LSC_DTi_mse_first_order \ 77 }, }, \ 78 .p_private = &rsa_##t##_d_fns } 79 static LSC_data_desc_t ltc_unsigned_integer_desc = { 80 LSC_DT_unsigned_integer, { { 0, 0 }, }, 81 .d_auxilliary.d_integer_desc = { 82 LSC_DTi_elem_is_bit, 83 LSC_DTi_mse_first_order 84 }, 85 }; 86 #define RSA_I_factors 4 87 #define RSA_P_factors(t) \ 88 { "factors", RSA_I_factors, \ 89 { LSC_DT_ordered_array_of, { { 2, 2 }, }, \ 90 .d_auxilliary = { \ 91 .d_array_element_desc = <c_unsigned_integer_desc \ 92 }, }, \ 93 &rsa_##t##_factors_fns } 94 #define RSA_I_exponents 5 95 #define RSA_P_exponents(t) \ 96 { "exponents", RSA_I_exponents, \ 97 { LSC_DT_ordered_array_of, { { 2, 2 }, }, \ 98 .d_auxilliary = { \ 99 .d_array_element_desc = <c_unsigned_integer_desc \ 100 }, }, \ 101 &rsa_##t##_exponents_fns } 102 #define RSA_I_coefficients 6 103 #define RSA_P_coefficients(t) \ 104 { "coefficients", RSA_I_coefficients, \ 105 { LSC_DT_ordered_array_of, { { 1, 1 }, }, \ 106 .d_auxilliary = { \ 107 .d_array_element_desc = <c_unsigned_integer_desc \ 108 }, }, \ 109 &rsa_##t##_coefficients_fns } 110 111 /* 112 * The functions scrub_rsa_key(), new_rsa_key() and destroy_rsa_key() are 113 * defined further down. 114 */ 115 static LE_STATUS scrub_rsa_data(LSC_key_t *key); 116 static LE_STATUS new_rsa_data(LSC_key_t *key, const void *unused); 117 118 /* Key generator operation with support functions */ 119 120 struct ltc_rsa_generator_st { 121 LSC_key_t *key; 122 123 /* Operational parameters */ 124 125 /* 126 * libtomcrypt only supports 2-factor RSA keys, that limits the capabilities 127 * of this generator. Had it been otherwise, this structure would also have 128 * a field for the number of primes. 129 */ 130 131 /* Together with |e|, this is used to generate a key randomly */ 132 int size; 133 134 unsigned char *e; /* RSA public exponent */ 135 size_t e_len; 136 }; 137 138 static LSplugin_param_functions_t rsa_gen_size_fns = { 139 offsetof(struct ltc_rsa_generator_st, size), 0, 0, false, 140 LSplugin_set_int_param, LSplugin_get_int_param 141 }; 142 static LSplugin_param_functions_t rsa_gen_e_fns = { 143 offsetof(struct ltc_rsa_generator_st, e), 144 offsetof(struct ltc_rsa_generator_st, e_len), 145 0, false, 146 LSplugin_set_bitstring_param, LSplugin_get_bitstring_param 147 }; 148 149 static LE_STATUS scrub_rsa_generator_data(LSC_key_generator_t *op) 150 { 151 if (op == NULL || op->lsc_data == NULL) 152 return LE_STS_SUCCESS; 153 154 struct ltc_rsa_generator_st *g = op->lsc_data; 155 156 free(g->e); 157 memset(g, 0, sizeof(*g)); 158 return LE_STS_SUCCESS; 159 } 160 161 static LE_STATUS new_rsa_generator_data(LSC_key_generator_t *op) 162 { 163 LE_STATUS sts; 164 165 if (op == NULL) 166 return LE_STS_ERROR; 167 168 struct ltc_rsa_generator_st **g 169 = (struct ltc_rsa_generator_st **)&op->lsc_data; 170 171 if (*g == NULL && (*g = malloc(sizeof(**g))) != NULL) 172 memset(*g, 0, sizeof(**g)); 173 if (*g == NULL) 174 return LE_STS_FATAL_ERROR; 175 return LE_STS_SUCCESS; 176 } 177 178 static LE_STATUS clean_rsa_generator_data(LSC_key_generator_t *op) 179 { 180 LE_STATUS sts; 181 182 if (op == NULL || op->lsc_data == NULL) 183 return LE_STS_SUCCESS; 184 if (T(sts = scrub_rsa_generator_data(op))) { 185 free(op->lsc_data); 186 op->lsc_data = NULL; 187 } 188 return sts; 189 } 190 191 static LE_STATUS set_rsa_generator(LSC_key_t *key, LSC_key_generator_t *op) 192 { 193 struct ltc_rsa_key_st *k = key->lsc_data; 194 195 k->generator = op; 196 return LE_STS_SUCCESS; 197 } 198 199 static LE_STATUS set_generator_rsa(LSC_key_generator_t *op, LSC_key_t *key) 200 { 201 LE_STATUS sts; 202 203 if (LE_status_is_OK(sts = scrub_rsa_generator_data(op))) { 204 struct ltc_rsa_generator_st *g = op->lsc_data; 205 206 g->key = key; 207 } 208 return sts; 209 } 210 211 static LE_STATUS get_generator_rsa(LSC_key_generator_t *op, LSC_key_t **key) 212 { 213 struct ltc_rsa_generator_st *g = op->lsc_data; 214 215 *key = g->key; 216 return LE_STS_SUCCESS; 217 } 218 219 static LE_STATUS 220 get_generation_param_data(LSC_key_generator_t *op, void **data) 221 { 222 *data = op->lsc_data; 223 return LE_STS_SUCCESS; 224 } 225 226 static LE_STATUS 227 get_settable_generation_param_desc(LSC_key_generator_t *op, 228 const LSC_param_desc_t **param_desc) 229 { 230 static const LSC_param_desc_t pd[] = { 231 RSA_P_size(gen), 232 RSA_P_e(gen), 233 { NULL, } 234 }; 235 *param_desc = pd; 236 return LE_STS_SUCCESS; 237 } 238 239 static LE_STATUS generate_rsa_data(LSC_key_generator_t *op) 240 { 241 int err; /* libtomcrypt status codes */ 242 LE_STATUS sts; 243 244 struct ltc_rsa_generator_st *g = op->lsc_data; 245 struct ltc_rsa_key_st *k = NULL; 246 247 sts = scrub_rsa_data(g->key); 248 if (T(sts)) 249 k = g->key->lsc_data; 250 251 if (k != NULL) { 252 /* 253 * For some reason, rsa_make_key() takes |e| as a long, so transform it 254 */ 255 long e = 0; 256 unsigned char *pe = g->e; 257 size_t e_len = g->e_len / 8; 258 259 /* 260 * p->e is a bit string, always starting with MSB, so shave off zeroes 261 */ 262 for (; e_len > 0 && *pe == 0; e_len--, pe++) 263 ; 264 if (e_len > sizeof(long)) 265 /* Too big */ 266 return LE_STS_ERROR; 267 for (; e_len > 0; e_len--, pe++) 268 e = (e << 8) | (long)*pe; 269 270 /* Done transforming |e| */ 271 272 /* 273 * TODO: Ideally, we should have a randomness operation given by 274 * the application. For the time being, we use fortuna locally. 275 */ 276 prng_state prng; 277 int wprng; 278 279 err = CRYPT_OK; 280 if ((wprng = find_prng("fortuna")) == -1) 281 wprng = register_prng(&fortuna_desc); 282 if (wprng >= 0) 283 err = rng_make_prng(128, wprng, &prng, NULL); 284 if (err == CRYPT_OK) 285 err = rsa_make_key(&prng, wprng, g->size / 8, e, &k->key); 286 fortuna_done(&prng); 287 sts = (err == CRYPT_OK) ? LE_STS_SUCCESS : LE_STS_ERROR; 288 } 289 290 return sts; 291 } 292 293 /* local RSA generator descriptor, used in |ltc_rsa_desc| below */ 294 static LSplugin_key_generator_desc_t ltc_rsa_generator_desc = { 295 NULL, NULL, NULL, NULL, /* lsp_docstring, lsp_id, lsp_priv_desc, lsp_key_id */ 296 new_rsa_generator_data, clean_rsa_generator_data, 297 set_rsa_generator, set_generator_rsa, get_generator_rsa, 298 (int[]){ LSC_NR_get_settable_key_generation_param_desc, 299 LSC_NR_set_key_generation_param, LSC_NR_generate_key, 0 }, 300 get_generation_param_data, 301 NULL, /* No gettable */ 302 get_settable_generation_param_desc, /* settable */ 303 generate_rsa_data 304 }; 305 306 /* Key constructor operation */ 307 308 struct ltc_rsa_constructor_st { 309 LSC_key_t *key; 310 311 /* Operational parameters */ 312 313 /* Key bits */ 314 unsigned char *N; /* RSA modulus */ 315 size_t N_len; 316 unsigned char *e; /* RSA public exponent */ 317 size_t e_len; 318 unsigned char *d; /* RSA private exponent */ 319 size_t d_len; 320 321 /* ---------- */ 322 323 /* 324 * Extra CRT parameters, gives optimization, but otherwise optional 325 * Note that |factors| could be used to generate the key bits. However, 326 * libtomcrypt doesn't support that. 327 */ 328 unsigned char *factors[2]; /* libtomcrypt only supports p and q */ 329 size_t factors_len[2]; 330 unsigned char *exponents[2]; /* libtomcrypt only support dP and dQ */ 331 size_t exponents_len[2]; 332 unsigned char *coefficients[1]; /* libtomcrypt only support qInv */ 333 size_t coefficients_len[1]; 334 }; 335 336 static LSplugin_param_functions_t rsa_constr_N_fns = { 337 offsetof(struct ltc_rsa_constructor_st, N), 338 offsetof(struct ltc_rsa_constructor_st, N_len), 339 0, false, 340 LSplugin_set_bitstring_param, LSplugin_get_bitstring_param 341 }; 342 static LSplugin_param_functions_t rsa_constr_e_fns = { 343 offsetof(struct ltc_rsa_constructor_st, e), 344 offsetof(struct ltc_rsa_constructor_st, e_len), 345 0, false, 346 LSplugin_set_bitstring_param, LSplugin_get_bitstring_param 347 }; 348 static LSplugin_param_functions_t rsa_constr_d_fns = { 349 offsetof(struct ltc_rsa_constructor_st, d), 350 offsetof(struct ltc_rsa_constructor_st, d_len), 351 0, false, 352 LSplugin_set_bitstring_param, LSplugin_get_bitstring_param 353 }; 354 static LSplugin_param_functions_t rsa_constr_factors_fns = { 355 offsetof(struct ltc_rsa_constructor_st, factors), 356 offsetof(struct ltc_rsa_constructor_st, factors_len), 357 0, false, 358 LSplugin_set_bitstring_param, LSplugin_get_bitstring_param 359 }; 360 static LSplugin_param_functions_t rsa_constr_exponents_fns = { 361 offsetof(struct ltc_rsa_constructor_st, exponents), 362 offsetof(struct ltc_rsa_constructor_st, exponents_len), 363 0, false, 364 LSplugin_set_bitstring_param, LSplugin_get_bitstring_param 365 }; 366 static LSplugin_param_functions_t rsa_constr_coefficients_fns = { 367 offsetof(struct ltc_rsa_constructor_st, coefficients), 368 offsetof(struct ltc_rsa_constructor_st, coefficients_len), 369 0, false, 370 LSplugin_set_bitstring_param, LSplugin_get_bitstring_param 371 }; 372 373 static LE_STATUS scrub_rsa_constructor_data(LSC_key_constructor_t *op) 374 { 375 if (op == NULL || op->lsc_data == NULL) 376 return LE_STS_SUCCESS; 377 378 struct ltc_rsa_constructor_st *g = op->lsc_data; 379 380 free(g->N); 381 free(g->e); 382 free(g->d); 383 free(g->factors[0]); 384 free(g->factors[1]); 385 free(g->exponents[0]); 386 free(g->exponents[1]); 387 free(g->coefficients[0]); 388 memset(g, 0, sizeof(*g)); 389 return LE_STS_SUCCESS; 390 } 391 392 static LE_STATUS new_rsa_constructor_data(LSC_key_constructor_t *op) 393 { 394 LE_STATUS sts; 395 396 if (op == NULL) 397 return LE_STS_ERROR; 398 399 struct ltc_rsa_constructor_st **g 400 = (struct ltc_rsa_constructor_st **)&op->lsc_data; 401 402 if (*g == NULL && (*g = malloc(sizeof(**g))) != NULL) 403 memset(*g, 0, sizeof(**g)); 404 if (*g == NULL) 405 return LE_STS_FATAL_ERROR; 406 return LE_STS_SUCCESS; 407 } 408 409 static LE_STATUS clean_rsa_constructor_data(LSC_key_constructor_t *op) 410 { 411 LE_STATUS sts; 412 413 if (op == NULL || op->lsc_data == NULL) 414 return LE_STS_SUCCESS; 415 if (T(sts = scrub_rsa_constructor_data(op))) { 416 free(op->lsc_data); 417 op->lsc_data = NULL; 418 } 419 return sts; 420 } 421 422 static LE_STATUS set_rsa_constructor(LSC_key_t *key, LSC_key_constructor_t *op) 423 { 424 struct ltc_rsa_key_st *k = key->lsc_data; 425 426 k->constructor = op; 427 return LE_STS_SUCCESS; 428 } 429 430 static LE_STATUS set_constructor_rsa(LSC_key_constructor_t *op, LSC_key_t *key) 431 { 432 LE_STATUS sts; 433 434 if (LE_status_is_OK(sts = new_rsa_constructor_data(op))) { 435 struct ltc_rsa_constructor_st *c = op->lsc_data; 436 437 c->key = key; 438 } 439 return sts; 440 } 441 442 static LE_STATUS get_constructor_rsa(LSC_key_constructor_t *op, LSC_key_t **key) 443 { 444 struct ltc_rsa_constructor_st *c = op->lsc_data; 445 446 *key = c->key; 447 return LE_STS_SUCCESS; 448 } 449 450 static LE_STATUS 451 get_construction_param_data(LSC_key_constructor_t *op, void **data) 452 { 453 *data = op->lsc_data; 454 return LE_STS_SUCCESS; 455 } 456 457 static LE_STATUS 458 get_settable_construction_param_desc(LSC_key_constructor_t *op, 459 const LSC_param_desc_t **param_desc) 460 { 461 static const LSC_param_desc_t pd[] = { 462 RSA_P_N(constr), 463 RSA_P_e(constr), 464 RSA_P_d(constr), 465 RSA_P_factors(constr), 466 RSA_P_exponents(constr), 467 RSA_P_coefficients(constr), 468 { NULL, } 469 }; 470 *param_desc = pd; 471 return LE_STS_SUCCESS; 472 } 473 474 LE_STATUS construct_rsa_data(LSC_key_constructor_t *op) 475 { 476 int err; /* libtomcrypt status codes */ 477 LE_STATUS sts; 478 struct ltc_rsa_constructor_st *g = op->lsc_data; 479 480 if (T(sts = scrub_rsa_data(g->key))) { 481 struct ltc_rsa_key_st *k = g->key->lsc_data; 482 483 /* Key bits provided, so set them */ 484 err = rsa_set_key(g->N, (unsigned long)(g->N_len + 7) / 8, 485 g->e, (unsigned long)(g->e_len + 7) / 8, 486 g->d, (unsigned long)(g->d_len + 7) / 8, 487 &k->key); 488 if (err == CRYPT_OK 489 && g->factors[0] != NULL 490 && g->factors[1] != NULL) 491 err = rsa_set_factors(g->factors[0], 492 (unsigned long)(g->factors_len[0] + 7) / 8, 493 g->factors[1], 494 (unsigned long)(g->factors_len[1] + 7) / 8, 495 &k->key); 496 if (err == CRYPT_OK 497 && g->exponents[0] != NULL 498 && g->exponents[1] != NULL 499 && g->coefficients[0] != NULL) 500 err = rsa_set_crt_params(g->exponents[0], 501 (unsigned long)(g->exponents_len[0] + 7) / 8, 502 g->exponents[1], 503 (unsigned long)(g->exponents_len[1] + 7) / 8, 504 g->coefficients[0], 505 (unsigned long)(g->coefficients_len[0] + 7) / 8, 506 &k->key); 507 sts = (err == CRYPT_OK) ? LE_STS_SUCCESS : LE_STS_ERROR; 508 } 509 510 return sts; 511 } 512 513 /* local RSA constructor descriptor, used in |ltc_rsa_desc| below */ 514 static LSplugin_key_constructor_desc_t ltc_rsa_constructor_desc = { 515 NULL, NULL, NULL, NULL, /* lsp_docstring, lsp_id, lsp_priv_desc, lsp_key_id */ 516 new_rsa_constructor_data, clean_rsa_constructor_data, 517 set_rsa_constructor, set_constructor_rsa, get_constructor_rsa, 518 (int[]){ LSC_NR_get_settable_key_construction_param_desc, 519 LSC_NR_set_key_construction_param, LSC_NR_construct_key, 0 }, 520 get_construction_param_data, 521 NULL, /* No gettable */ 522 get_settable_construction_param_desc, /* settable */ 523 construct_rsa_data 524 }; 525 526 /* Key extractor operation */ 527 528 /* 529 * The extractor uses exactly the same parameters as the constructors, so 530 * we reuse the same structure, at least for now. 531 */ 532 #define ltc_rsa_extractor_st ltc_rsa_constructor_st 533 534 static LSplugin_param_functions_t rsa_extr_N_fns = { 535 offsetof(struct ltc_rsa_extractor_st, N), 536 offsetof(struct ltc_rsa_extractor_st, N_len), 537 0, false, 538 NULL, LSplugin_get_bitstring_param 539 }; 540 static LSplugin_param_functions_t rsa_extr_e_fns = { 541 offsetof(struct ltc_rsa_extractor_st, e), 542 offsetof(struct ltc_rsa_extractor_st, e_len), 543 0, false, 544 NULL, LSplugin_get_bitstring_param 545 }; 546 static LSplugin_param_functions_t rsa_extr_d_fns = { 547 offsetof(struct ltc_rsa_extractor_st, d), 548 offsetof(struct ltc_rsa_extractor_st, d_len), 549 0, false, 550 NULL, LSplugin_get_bitstring_param 551 }; 552 static LSplugin_param_functions_t rsa_extr_factors_fns = { 553 offsetof(struct ltc_rsa_extractor_st, factors), 554 offsetof(struct ltc_rsa_extractor_st, factors_len), 555 0, false, 556 NULL, LSplugin_get_bitstring_param 557 }; 558 static LSplugin_param_functions_t rsa_extr_exponents_fns = { 559 offsetof(struct ltc_rsa_extractor_st, exponents), 560 offsetof(struct ltc_rsa_extractor_st, exponents_len), 561 0, false, 562 NULL, LSplugin_get_bitstring_param 563 }; 564 static LSplugin_param_functions_t rsa_extr_coefficients_fns = { 565 offsetof(struct ltc_rsa_extractor_st, coefficients), 566 offsetof(struct ltc_rsa_extractor_st, coefficients_len), 567 0, false, 568 NULL, LSplugin_get_bitstring_param 569 }; 570 571 static LE_STATUS scrub_rsa_extractor_data(LSC_key_extractor_t *op) 572 { 573 if (op == NULL || op->lsc_data == NULL) 574 return LE_STS_SUCCESS; 575 576 struct ltc_rsa_extractor_st *e = op->lsc_data; 577 578 free(e->N); 579 free(e->e); 580 free(e->d); 581 free(e->factors[0]); 582 free(e->factors[1]); 583 free(e->exponents[0]); 584 free(e->exponents[1]); 585 free(e->coefficients[0]); 586 memset(e, 0, sizeof(*e)); 587 return LE_STS_SUCCESS; 588 } 589 590 static LE_STATUS new_rsa_extractor_data(LSC_key_extractor_t *op) 591 { 592 LE_STATUS sts; 593 594 if (op == NULL) 595 return LE_STS_ERROR; 596 597 struct ltc_rsa_extractor_st **e 598 = (struct ltc_rsa_extractor_st **)&op->lsc_data; 599 600 if (*e == NULL && (*e = malloc(sizeof(**e))) != NULL) 601 memset(*e, 0, sizeof(**e)); 602 if (*e == NULL) 603 return LE_STS_FATAL_ERROR; 604 return LE_STS_SUCCESS; 605 } 606 607 static LE_STATUS clean_rsa_extractor_data(LSC_key_extractor_t *op) 608 { 609 LE_STATUS sts; 610 611 if (op == NULL || op->lsc_data == NULL) 612 return LE_STS_SUCCESS; 613 if (T(sts = scrub_rsa_extractor_data(op))) { 614 free(op->lsc_data); 615 op->lsc_data = NULL; 616 } 617 return sts; 618 } 619 620 static LE_STATUS set_rsa_extractor(LSC_key_t *key, LSC_key_extractor_t *op) 621 { 622 struct ltc_rsa_key_st *k = key->lsc_data; 623 624 k->extractor = op; 625 return LE_STS_SUCCESS; 626 } 627 628 static LE_STATUS set_extractor_rsa(LSC_key_extractor_t *op, LSC_key_t *key) 629 { 630 LE_STATUS sts; 631 632 if (LE_status_is_OK(sts = new_rsa_extractor_data(op))) { 633 struct ltc_rsa_extractor_st *e = op->lsc_data; 634 635 e->key = key; 636 } 637 return sts; 638 } 639 640 static LE_STATUS get_extractor_rsa(LSC_key_extractor_t *op, LSC_key_t **key) 641 { 642 struct ltc_rsa_extractor_st *e = op->lsc_data; 643 644 *key = e->key; 645 return LE_STS_SUCCESS; 646 } 647 648 static LE_STATUS 649 get_rsa_extraction_param_data(LSC_key_extractor_t *op, void **data) 650 { 651 struct ltc_rsa_extractor_st *p = op->lsc_data; 652 653 /* 654 * libtomcrypt doesn't have any public data extraction functions for RSA. 655 * It does have all the tools needed to extract the numbers manually, though! 656 */ 657 LSC_key_t *key = p->key; 658 struct ltc_rsa_key_st *k = key->lsc_data; 659 660 /* EXtract the data only if it hasn't been done already */ 661 662 if (p->N == NULL) { 663 p->N_len = ltc_mp.unsigned_size(k->key.N) * 8; 664 p->N = malloc(p->N_len / 8); 665 if (p->N == NULL) 666 return LE_STS_FATAL_ERROR; 667 if (ltc_mp.unsigned_write(k->key.N, p->N) != CRYPT_OK) 668 return LE_STS_ERROR; 669 } 670 671 if (p->e == NULL) { 672 p->e_len = ltc_mp.unsigned_size(k->key.e) * 8; 673 p->e = malloc(p->e_len / 8); 674 if (p->e == NULL) 675 return LE_STS_FATAL_ERROR; 676 if (ltc_mp.unsigned_write(k->key.e, p->e) != CRYPT_OK) 677 return LE_STS_ERROR; 678 } 679 680 if (p->d == NULL) { 681 p->d_len = ltc_mp.unsigned_size(k->key.d) * 8; 682 p->d = malloc(p->d_len / 8); 683 if (p->d == NULL) 684 return LE_STS_FATAL_ERROR; 685 if (ltc_mp.unsigned_write(k->key.d, p->d) != CRYPT_OK) 686 return LE_STS_ERROR; 687 } 688 689 if (p->factors[0] == NULL) { 690 p->factors_len[0] = ltc_mp.unsigned_size(k->key.p) * 8; 691 p->factors[0] = malloc(p->factors_len[0] / 8); 692 if (p->factors[0] == NULL) 693 return LE_STS_FATAL_ERROR; 694 if (ltc_mp.unsigned_write(k->key.p, p->factors[0]) != CRYPT_OK) 695 return LE_STS_ERROR; 696 } 697 if (p->factors[1] == NULL) { 698 p->factors_len[1] = ltc_mp.unsigned_size(k->key.q) * 8; 699 p->factors[1] = malloc(p->factors_len[1] / 8); 700 if (p->factors[1] == NULL) 701 return LE_STS_FATAL_ERROR; 702 if (ltc_mp.unsigned_write(k->key.q, p->factors[1]) != CRYPT_OK) 703 return LE_STS_ERROR; 704 } 705 706 if (p->exponents[0] == NULL) { 707 p->exponents_len[0] = ltc_mp.unsigned_size(k->key.dP) * 8; 708 p->exponents[0] = malloc(p->exponents_len[0] / 8); 709 if (p->exponents[0] == NULL) 710 return LE_STS_FATAL_ERROR; 711 if (ltc_mp.unsigned_write(k->key.dP, p->exponents[0]) != CRYPT_OK) 712 return LE_STS_ERROR; 713 } 714 if (p->exponents[1] == NULL) { 715 p->exponents_len[1] = ltc_mp.unsigned_size(k->key.dQ) * 8; 716 p->exponents[1] = malloc(p->exponents_len[1] / 8); 717 if (p->exponents[1] == NULL) 718 return LE_STS_FATAL_ERROR; 719 if (ltc_mp.unsigned_write(k->key.dQ, p->exponents[1]) != CRYPT_OK) 720 return LE_STS_ERROR; 721 } 722 723 if (p->coefficients[0] == NULL) { 724 p->coefficients_len[0] = ltc_mp.unsigned_size(k->key.qP) * 8; 725 p->coefficients[0] = malloc(p->coefficients_len[0] / 8); 726 if (p->coefficients[0] == NULL) 727 return LE_STS_FATAL_ERROR; 728 if (ltc_mp.unsigned_write(k->key.qP, p->coefficients[0]) != CRYPT_OK) 729 return LE_STS_ERROR; 730 } 731 732 *data = op->lsc_data; 733 return LE_STS_SUCCESS; 734 } 735 736 static LE_STATUS 737 get_rsa_gettable_extraction_param_desc(LSC_key_extractor_t *op, 738 const LSC_param_desc_t **param_desc) 739 { 740 static const LSC_param_desc_t pd[] = { 741 RSA_P_N(extr), 742 RSA_P_e(extr), 743 RSA_P_d(extr), 744 RSA_P_factors(extr), 745 RSA_P_exponents(extr), 746 RSA_P_coefficients(extr), 747 { NULL, } 748 }; 749 *param_desc = pd; 750 return LE_STS_SUCCESS; 751 } 752 753 /* local RSA extractor descriptor, used in |ltc_rsa_desc| below */ 754 static LSplugin_key_extractor_desc_t ltc_rsa_extractor_desc = { 755 NULL, NULL, NULL, NULL, /* lsp_docstring, lsp_id, lsp_priv_desc, lsp_key_id */ 756 NULL, NULL, 757 set_rsa_extractor, set_extractor_rsa, get_extractor_rsa, 758 (int[]){ 0 }, 759 get_rsa_extraction_param_data, 760 get_rsa_gettable_extraction_param_desc, 761 NULL /* No settable */ 762 }; 763 764 /* Key associated operations (they all use the same libtomcrypt function) */ 765 766 LE_STATUS get_rsa_unit_size(LSC_key_t *key, size_t *size) 767 { 768 struct ltc_rsa_key_st *k = key->lsc_data; 769 770 *size = rsa_get_size(&k->key); 771 return LE_STS_SUCCESS; 772 } 773 774 LE_STATUS get_rsa_input_size(LSC_key_t *key, size_t *size) 775 { 776 return get_rsa_unit_size(key, size); 777 } 778 779 LE_STATUS get_rsa_output_size(LSC_key_t *key, size_t *size) 780 { 781 return get_rsa_unit_size(key, size); 782 } 783 784 LE_STATUS perform_rsa_expmod_once(LSC_key_t *key, int kind, 785 const unsigned char *in, 786 size_t inlen, 787 unsigned char *out, 788 size_t outsize, 789 size_t *outlen) 790 { 791 struct ltc_rsa_key_st *k = key->lsc_data; 792 793 unsigned long _outlen = (unsigned long)outsize; 794 int err = rsa_exptmod(in, (unsigned long)inlen, out, &_outlen, 795 kind, &k->key); 796 LE_STATUS sts = (err == CRYPT_OK) ? LE_STS_SUCCESS : LE_STS_ERROR; 797 798 if (T(sts)) 799 *outlen = _outlen; 800 return sts; 801 } 802 803 #define IMPL_ASSOCIATED_OP_FUNCTIONS(T) \ 804 static LE_STATUS set_rsa_##T(LSC_key_t *key, LSC_##T##_t *op) \ 805 { \ 806 struct ltc_rsa_key_st *k = key->lsc_data; \ 807 \ 808 k->T = op; \ 809 return LE_STS_SUCCESS; \ 810 } \ 811 static LE_STATUS set_##T##_rsa(LSC_##T##_t *op, LSC_key_t *key) \ 812 { \ 813 op->lsc_data = key; \ 814 return LE_STS_SUCCESS; \ 815 } \ 816 static LE_STATUS get_##T##_rsa(LSC_##T##_t *op, LSC_key_t **key) \ 817 { \ 818 *key = op->lsc_data; \ 819 return LE_STS_SUCCESS; \ 820 } 821 #define IMPL_ASSOCIATED_PERFORM_FUNCTIONS(T,N,K) \ 822 LE_STATUS perform_rsa_##N##_once(LSC_##T##_t *op, \ 823 const unsigned char *in, \ 824 size_t inlen, \ 825 unsigned char *out, \ 826 size_t outsize, \ 827 size_t *outlen) \ 828 { \ 829 LE_STATUS sts; \ 830 LSC_key_t *key = NULL; \ 831 \ 832 if (!LE_status_is_OK(get_##T##_rsa(op, &key))) \ 833 return sts; \ 834 return perform_rsa_expmod_once(key, K, \ 835 in, inlen, out, outsize, outlen); \ 836 } 837 #define IMPL_PRIMITIVE_SIZE_FUNCTION(T,N,K) \ 838 static LE_STATUS get_rsa_##T##_##K##_size(LSC_##T##_t *op, \ 839 size_t *size) \ 840 { \ 841 LE_STATUS sts; \ 842 LSC_key_t *key = NULL; \ 843 if (!LE_status_is_OK(sts = get_##T##_rsa(op, &key))) \ 844 return sts; \ 845 return get_rsa_unit_size(key, size); \ 846 } 847 848 IMPL_ASSOCIATED_OP_FUNCTIONS(encryptor); 849 IMPL_ASSOCIATED_PERFORM_FUNCTIONS(encryptor,encryption,PK_PUBLIC); 850 IMPL_PRIMITIVE_SIZE_FUNCTION(encryptor,encryption,unit); 851 IMPL_PRIMITIVE_SIZE_FUNCTION(encryptor,encryption,input); 852 IMPL_PRIMITIVE_SIZE_FUNCTION(encryptor,encryption,output); 853 #define SPEC_encryptor_COMMANDS() \ 854 LSC_ENCRYPTOR_SIZE_COMMANDS(), LSC_NR_perform_encryption_once 855 #define SPEC_encryptor_FUNCTIONS() \ 856 get_rsa_encryptor_unit_size, get_rsa_encryptor_input_size, \ 857 get_rsa_encryptor_output_size, perform_rsa_encryption_once 858 859 IMPL_ASSOCIATED_OP_FUNCTIONS(decryptor); 860 IMPL_ASSOCIATED_PERFORM_FUNCTIONS(decryptor,decryption,PK_PRIVATE); 861 IMPL_PRIMITIVE_SIZE_FUNCTION(decryptor,decryption,unit); 862 IMPL_PRIMITIVE_SIZE_FUNCTION(decryptor,decryption,input); 863 IMPL_PRIMITIVE_SIZE_FUNCTION(decryptor,decryption,output); 864 #define SPEC_decryptor_COMMANDS() \ 865 LSC_DECRYPTOR_SIZE_COMMANDS(), LSC_NR_perform_decryption_once 866 #define SPEC_decryptor_FUNCTIONS() \ 867 get_rsa_decryptor_unit_size, get_rsa_decryptor_input_size, \ 868 get_rsa_decryptor_output_size, perform_rsa_decryption_once 869 870 IMPL_ASSOCIATED_OP_FUNCTIONS(signer); 871 IMPL_ASSOCIATED_PERFORM_FUNCTIONS(signer,signature,PK_PRIVATE); 872 IMPL_PRIMITIVE_SIZE_FUNCTION(signer,signature,input); 873 IMPL_PRIMITIVE_SIZE_FUNCTION(signer,signature,signature); 874 #define SPEC_signer_COMMANDS() \ 875 LSC_SIGNER_SIZE_COMMANDS(), LSC_NR_perform_signature_once 876 #define SPEC_signer_FUNCTIONS() \ 877 get_rsa_signer_input_size, get_rsa_signer_signature_size, \ 878 perform_rsa_signature_once 879 880 IMPL_ASSOCIATED_OP_FUNCTIONS(verifier); 881 IMPL_PRIMITIVE_SIZE_FUNCTION(verifier,verification,input); 882 IMPL_PRIMITIVE_SIZE_FUNCTION(verifier,verification,signature); 883 884 LE_STATUS perform_rsa_verification_once(LSC_verifier_t *op, 885 const unsigned char *msg, 886 size_t msglen, 887 const unsigned char *sig, 888 size_t siglen, 889 _Bool *confirmed) 890 { 891 LE_STATUS sts; 892 unsigned char buf[siglen]; 893 size_t buflen; 894 LSC_key_t *key = NULL; 895 896 if (!LE_status_is_OK(get_verifier_rsa(op, &key))) 897 return sts; 898 899 sts = perform_rsa_expmod_once(key, PK_PUBLIC, sig, siglen, 900 buf, sizeof(buf), &buflen); 901 if (LE_status_is_OK(sts)) 902 *confirmed = (buflen == msglen 903 && memcmp(msg, buf, msglen) == 0); 904 return sts; 905 } 906 #define SPEC_verifier_COMMANDS() \ 907 LSC_VERIFIER_SIZE_COMMANDS(), LSC_NR_perform_verification_once 908 #define SPEC_verifier_FUNCTIONS() \ 909 get_rsa_verifier_input_size, get_rsa_verifier_signature_size, \ 910 perform_rsa_verification_once 911 912 #define IMPL_ASSOCIATED_OP(T) \ 913 LSplugin_##T##_desc_t ltc_rsa_##T##_desc = { \ 914 NULL, NULL, NULL, NULL, /* lsp_docstring, lsp_id, lsp_priv_desc, lsp_key_id */ \ 915 NULL, NULL, set_rsa_##T, set_##T##_rsa, get_##T##_rsa, \ 916 (int[]){ SPEC_##T##_COMMANDS() }, \ 917 NULL, NULL, NULL, \ 918 SPEC_##T##_FUNCTIONS() \ 919 } 920 921 IMPL_ASSOCIATED_OP(encryptor); 922 IMPL_ASSOCIATED_OP(decryptor); 923 IMPL_ASSOCIATED_OP(signer); 924 IMPL_ASSOCIATED_OP(verifier); 925 926 /* Main object functions */ 927 928 static LE_STATUS scrub_rsa_data(LSC_key_t *obj) 929 { 930 if (obj == NULL || obj->lsc_data == NULL) 931 return LE_STS_SUCCESS; 932 933 struct ltc_rsa_key_st *p = obj->lsc_data; 934 935 rsa_free(&p->key); 936 /* DO NOTE that we aren't scrubbing the cached primitive operations */ 937 return LE_STS_SUCCESS; 938 } 939 940 static LE_STATUS new_rsa_data(LSC_key_t *obj, const void *unused) 941 { 942 LE_STATUS sts; 943 944 if (obj == NULL) 945 return LE_STS_ERROR; 946 struct ltc_rsa_key_st **p = (struct ltc_rsa_key_st **)&obj->lsc_data; 947 948 if (*p == NULL && (*p = malloc(sizeof(**p))) != NULL) 949 memset(*p, 0, sizeof(**p)); 950 if (*p == NULL) 951 return LE_STS_FATAL_ERROR; 952 return LE_STS_SUCCESS; 953 } 954 955 static LE_STATUS clean_rsa_data(LSC_key_t *key) 956 { 957 LE_STATUS sts; 958 959 if (key == NULL || key->lsc_data == NULL) 960 return LE_STS_SUCCESS; 961 if (T(sts = scrub_rsa_data(key))) { 962 struct ltc_rsa_key_st *k = key->lsc_data; 963 /* 964 * The generator, extractor and derivator are cached, so they don't 965 * provide a destroy function in the operation object, which means 966 * that the LSC_free_key_{operation}() calls end up doing nothing. 967 * Therefore, we must destroy them now, using their destroy functions 968 * (which do exist) directly. 969 */ 970 LSplugin_destroy_key_generator(k->generator); 971 LSplugin_destroy_key_constructor(k->constructor); 972 LSplugin_destroy_key_extractor(k->extractor); 973 LSplugin_destroy_encryptor(k->encryptor); 974 LSplugin_destroy_decryptor(k->decryptor); 975 LSplugin_destroy_signer(k->signer); 976 LSplugin_destroy_verifier(k->verifier); 977 free(k); 978 key->lsc_data = NULL; 979 } 980 return sts; 981 } 982 983 static LE_STATUS get_rsa_key_size(LSC_key_t *key, size_t *keysize) 984 { 985 LE_STATUS sts; 986 987 if (key == NULL || keysize == NULL) 988 return LE_STS_ERROR; 989 990 struct ltc_rsa_key_st *k = key->lsc_data; 991 *keysize = rsa_get_size(&k->key) * 8; 992 return LE_STS_SUCCESS; 993 } 994 995 /* Global RSA key descriptor, used by ltc-key.c */ 996 const LSplugin_key_desc_t ltc_rsa_desc = { 997 NULL, "rsa", NULL, /* docstring, id, libtomcrypt desc */ 998 new_rsa_data, clean_rsa_data, 999 (int[]){ LSC_NR_get_key_generator, LSC_NR_get_key_constructor, 1000 LSC_NR_get_key_extractor, 1001 LSC_NR_get_associated_encryptor, LSC_NR_get_associated_decryptor, 1002 LSC_NR_get_associated_signer, LSC_NR_get_associated_verifier, 1003 0 }, 1004 get_rsa_key_size, 1005 <c_rsa_generator_desc, 1006 <c_rsa_constructor_desc, 1007 <c_rsa_extractor_desc, 1008 <c_rsa_encryptor_desc, 1009 <c_rsa_decryptor_desc, 1010 <c_rsa_signer_desc, 1011 <c_rsa_verifier_desc, 1012 NULL 1013 }; 1014 1015 /* --------------------------------------------------------------- */ 1016 1017 /* 1018 * Operations for signing an unlimited stream of data. For RSA, the 1019 * stream is accumulated through a hash function. 1020 */ 1021 1022 /* PKCS#1 v1.5 style RSA with hash. PSS is implemented separately */ 1023 1024 struct stream_rsa_data_st { 1025 LSC_key_t *key; 1026 hash_state md; 1027 }; 1028 1029 #define IMPL_OP_FUNCTIONS(T) \ 1030 static LE_STATUS setup_stream_##T##_rsa_data(LSC_##T##_t *op) \ 1031 { \ 1032 struct stream_rsa_data_st **d = \ 1033 (struct stream_rsa_data_st **)&op->lsc_data; \ 1034 \ 1035 if (*d == NULL) { \ 1036 *d = malloc(sizeof(**d)); \ 1037 memset(*d, 0, sizeof(**d)); \ 1038 } \ 1039 assert(*d != NULL); \ 1040 return LE_STS_SUCCESS; \ 1041 } \ 1042 static LE_STATUS clean_stream_##T##_rsa_data(LSC_##T##_t *op) \ 1043 { \ 1044 struct stream_rsa_data_st **d = \ 1045 (struct stream_rsa_data_st **)&op->lsc_data; \ 1046 \ 1047 free(*d); \ 1048 *d = NULL; \ 1049 return LE_STS_SUCCESS; \ 1050 } \ 1051 static LE_STATUS set_stream_##T##_rsa(LSC_##T##_t *op, \ 1052 LSC_key_t *key) \ 1053 { \ 1054 struct stream_rsa_data_st *d = op->lsc_data; \ 1055 assert(d != NULL); \ 1056 d->key = key; \ 1057 return LE_STS_SUCCESS; \ 1058 } \ 1059 static LE_STATUS get_stream_##T##_rsa(LSC_##T##_t *op, \ 1060 LSC_key_t **key) \ 1061 { \ 1062 struct stream_rsa_data_st *d = op->lsc_data; \ 1063 assert(d != NULL); \ 1064 assert(key != NULL); \ 1065 *key = d->key; \ 1066 return LE_STS_SUCCESS; \ 1067 } 1068 1069 #define IMPL_PERFORM_FUNCTIONS(T,N) \ 1070 static LE_STATUS start_rsa_##N(LSC_##T##_t *op) \ 1071 { \ 1072 struct stream_rsa_data_st *d = op->lsc_data; \ 1073 \ 1074 if (d->key->lsc_dispatch != LSplugin_key_dispatch) \ 1075 return LE_STS_ERROR; /* Foreign keys are unsupported */ \ 1076 \ 1077 const LSplugin_##T##_desc_t *desc = op->lsc_dispatch_data; \ 1078 const struct ltc_hash_descriptor *hash_desc = desc->lsp_priv_desc; \ 1079 hash_desc->init(&d->md); \ 1080 return LE_STS_SUCCESS; \ 1081 } \ 1082 static LE_STATUS accumulate_rsa_##N##_input(LSC_##T##_t *op, \ 1083 const unsigned char *in, \ 1084 size_t inlen) \ 1085 { \ 1086 struct stream_rsa_data_st *d = op->lsc_data; \ 1087 \ 1088 if (d->key->lsc_dispatch != LSplugin_key_dispatch) \ 1089 return LE_STS_ERROR; /* Foreign keys are unsupported */ \ 1090 \ 1091 const LSplugin_##T##_desc_t *desc = op->lsc_dispatch_data; \ 1092 const struct ltc_hash_descriptor *hash_desc = desc->lsp_priv_desc; \ 1093 hash_desc->process(&d->md, in, inlen); \ 1094 return LE_STS_SUCCESS; \ 1095 } \ 1096 static LE_STATUS stop_rsa_##N(LSC_##T##_t *op) \ 1097 { \ 1098 struct stream_rsa_data_st *d = op->lsc_data; \ 1099 \ 1100 if (d->key->lsc_dispatch != LSplugin_key_dispatch) \ 1101 return LE_STS_ERROR; /* Foreign keys are unsupported */ \ 1102 \ 1103 const LSplugin_##T##_desc_t *desc = op->lsc_dispatch_data; \ 1104 const struct ltc_hash_descriptor *hash_desc = desc->lsp_priv_desc; \ 1105 /* \ 1106 * This should be done with finalization, but we do it here too, \ 1107 * just to be safe. Libtomcrypt requires a buffer, so one is \ 1108 * provided, even though the contents are immediately thrown away. \ 1109 */ \ 1110 unsigned char tmpbuf[hash_desc->hashsize]; \ 1111 hash_desc->done(&d->md, tmpbuf); \ 1112 return LE_STS_SUCCESS; \ 1113 } 1114 1115 #define get_rsa_stream_signer_gettables NULL 1116 #define get_rsa_stream_signer_settables NULL 1117 #define get_rsa_stream_verifier_gettables NULL 1118 #define get_rsa_stream_verifier_settables NULL 1119 1120 IMPL_OP_FUNCTIONS(signer); 1121 IMPL_OP_FUNCTIONS(verifier); 1122 static LE_STATUS get_rsa_stream_signer_input_size(LSC_signer_t *op, 1123 size_t *size) 1124 { 1125 *size = 0; 1126 return LE_STS_SUCCESS; 1127 } 1128 1129 static LE_STATUS get_rsa_stream_verifier_input_size(LSC_verifier_t *op, 1130 size_t *size) 1131 { 1132 *size = 0; 1133 return LE_STS_SUCCESS; 1134 } 1135 1136 IMPL_PERFORM_FUNCTIONS(signer,signature); 1137 1138 static LE_STATUS finalize_rsa_signature(LSC_signer_t *op, 1139 unsigned char *sig, size_t sigsize, 1140 size_t *siglen) 1141 { 1142 struct stream_rsa_data_st *d = op->lsc_data; 1143 LSC_key_t *key = d->key; 1144 1145 if (key->lsc_dispatch != LSplugin_key_dispatch) 1146 return LE_STS_ERROR; /* Foreign keys are unsupported */ 1147 1148 const LSplugin_signer_desc_t *desc = op->lsc_dispatch_data; 1149 const struct ltc_hash_descriptor *hash_desc = desc->lsp_priv_desc; 1150 unsigned char tmpbuf[hash_desc->hashsize]; 1151 hash_desc->done(&d->md, tmpbuf); 1152 1153 struct ltc_rsa_key_st *k = key->lsc_data; 1154 int hash_idx = register_hash(hash_desc); 1155 unsigned long outlen = sigsize; 1156 int ok = rsa_sign_hash_ex(tmpbuf, sizeof(tmpbuf), sig, &outlen, 1157 LTC_PKCS_1_V1_5, NULL, -1, hash_idx, 1158 0 /* saltlen */, &k->key); 1159 1160 *siglen = outlen; 1161 if (ok != CRYPT_OK) 1162 return LE_STS_ERROR; 1163 return LE_STS_SUCCESS; 1164 } 1165 1166 IMPL_PERFORM_FUNCTIONS(verifier,verification); 1167 1168 static LE_STATUS finalize_rsa_verification(LSC_verifier_t *op, 1169 const unsigned char *sig, 1170 size_t siglen, 1171 _Bool *confirmed) 1172 { 1173 struct stream_rsa_data_st *d = op->lsc_data; 1174 LSC_key_t *key = d->key; 1175 1176 if (key->lsc_dispatch != LSplugin_key_dispatch) 1177 return LE_STS_ERROR; /* Foreign keys are unsupported */ 1178 1179 const LSplugin_signer_desc_t *desc = op->lsc_dispatch_data; 1180 const struct ltc_hash_descriptor *hash_desc = desc->lsp_priv_desc; 1181 unsigned char tmpbuf[hash_desc->hashsize]; 1182 hash_desc->done(&d->md, tmpbuf); 1183 1184 struct ltc_rsa_key_st *k = key->lsc_data; 1185 int hash_idx = register_hash(hash_desc); 1186 int res = 0; 1187 int ok = rsa_verify_hash_ex(sig, siglen, tmpbuf, sizeof(tmpbuf), 1188 LTC_PKCS_1_V1_5, hash_idx, 1189 0 /* saltlen */, &res, &k->key); 1190 1191 if (ok != CRYPT_OK) 1192 return LE_STS_ERROR; 1193 *confirmed = res; 1194 return LE_STS_SUCCESS; 1195 } 1196 1197 #define IMPL_HASH_OP(T,Hstr,H) \ 1198 const LSplugin_##T##_desc_t ltc_rsa_##H##_##T##_desc = { \ 1199 NULL, "rsa-" Hstr, &H##_desc, "rsa", /* lsp_docstring, lsp_id, lsp_priv_desc, lsp_key_id */ \ 1200 setup_stream_##T##_rsa_data, clean_stream_##T##_rsa_data, \ 1201 NULL, set_stream_##T##_rsa, get_stream_##T##_rsa, \ 1202 (int[]){ SPEC_stream_##T##_COMMANDS() }, \ 1203 NULL, \ 1204 get_rsa_stream_##T##_gettables, \ 1205 get_rsa_stream_##T##_settables, \ 1206 SPEC_stream_##T##_FUNCTIONS() \ 1207 } 1208 1209 #define SPEC_stream_signer_COMMANDS() \ 1210 LSC_SIGNER_SIZE_COMMANDS(), \ 1211 LSC_NR_start_signature, \ 1212 LSC_NR_accumulate_signature_input, \ 1213 LSC_NR_finalize_signature, \ 1214 LSC_NR_stop_signature 1215 #define SPEC_stream_signer_FUNCTIONS() \ 1216 get_rsa_stream_signer_input_size, get_rsa_signer_signature_size, \ 1217 NULL, start_rsa_signature, accumulate_rsa_signature_input, \ 1218 finalize_rsa_signature, stop_rsa_signature 1219 #define SPEC_stream_verifier_COMMANDS() \ 1220 LSC_VERIFIER_SIZE_COMMANDS(), \ 1221 LSC_NR_start_verification, \ 1222 LSC_NR_accumulate_verification_input, \ 1223 LSC_NR_finalize_verification, \ 1224 LSC_NR_stop_verification 1225 #define SPEC_stream_verifier_FUNCTIONS() \ 1226 get_rsa_stream_verifier_input_size, get_rsa_verifier_signature_size, \ 1227 NULL, start_rsa_verification, accumulate_rsa_verification_input, \ 1228 finalize_rsa_verification, stop_rsa_verification 1229 1230 #define IMPL_SIGVER(Hstr,H) \ 1231 IMPL_HASH_OP(signer,Hstr,H); \ 1232 IMPL_HASH_OP(verifier,Hstr,H); 1233 1234 IMPL_SIGVER("md2",md2); 1235 IMPL_SIGVER("md4",md4); 1236 IMPL_SIGVER("md5",md5); 1237 IMPL_SIGVER("ripemd-160",rmd160); 1238 IMPL_SIGVER("sha1",sha1); 1239 IMPL_SIGVER("sha-224",sha224); 1240 IMPL_SIGVER("sha-256",sha256); 1241 IMPL_SIGVER("sha-384",sha384); 1242 IMPL_SIGVER("sha-512",sha512); 1243 IMPL_SIGVER("sha-512/224",sha512_224); 1244 IMPL_SIGVER("sha-512/256",sha512_256); 1245 IMPL_SIGVER("sha3-224",sha3_224); 1246 IMPL_SIGVER("sha3-256",sha3_256); 1247 IMPL_SIGVER("sha3-384",sha3_384); 1248 IMPL_SIGVER("sha3-512",sha3_512); 1249 1250 /* --------------------------------------------------------------- */ 1251 1252 /* 1253 * Operations for signing an unlimited stream of data. For RSA, the 1254 * stream is accumulated through a hash function. 1255 */ 1256 1257 /* PKCS#1 v2.1 RSA-PSS. There currently is only one way to do this. */ 1258 1259 struct rsa_pss_data_st { 1260 LSC_key_t *key; 1261 hash_state md; 1262 }; 1263 1264 #define IMPL_PSS_OP_FUNCTIONS(T) \ 1265 static LE_STATUS setup_rsa_pss_##T##_data(LSC_##T##_t *op) \ 1266 { \ 1267 struct rsa_pss_data_st **d = \ 1268 (struct rsa_pss_data_st **)&op->lsc_data; \ 1269 \ 1270 if (*d == NULL) { \ 1271 *d = malloc(sizeof(**d)); \ 1272 memset(*d, 0, sizeof(**d)); \ 1273 } \ 1274 assert(*d != NULL); \ 1275 return LE_STS_SUCCESS; \ 1276 } \ 1277 static LE_STATUS clean_rsa_pss_##T##_data(LSC_##T##_t *op) \ 1278 { \ 1279 struct rsa_pss_data_st **d = \ 1280 (struct rsa_pss_data_st **)&op->lsc_data; \ 1281 \ 1282 free(*d); \ 1283 *d = NULL; \ 1284 return LE_STS_SUCCESS; \ 1285 } \ 1286 static LE_STATUS set_rsa_pss_##T(LSC_##T##_t *op, LSC_key_t *key) \ 1287 { \ 1288 struct rsa_pss_data_st *d = op->lsc_data; \ 1289 assert(d != NULL); \ 1290 d->key = key; \ 1291 return LE_STS_SUCCESS; \ 1292 } \ 1293 static LE_STATUS get_rsa_pss_##T(LSC_##T##_t *op, LSC_key_t **key) \ 1294 { \ 1295 struct rsa_pss_data_st *d = op->lsc_data; \ 1296 assert(d != NULL); \ 1297 assert(key != NULL); \ 1298 *key = d->key; \ 1299 return LE_STS_SUCCESS; \ 1300 } 1301 1302 #define IMPL_PSS_PERFORM_FUNCTIONS(T,N) \ 1303 static LE_STATUS start_rsa_pss_##N(LSC_##T##_t *op) \ 1304 { \ 1305 struct rsa_pss_data_st *d = op->lsc_data; \ 1306 \ 1307 if (d->key->lsc_dispatch != LSplugin_key_dispatch) \ 1308 return LE_STS_ERROR; /* Foreign keys are unsupported */ \ 1309 \ 1310 const LSplugin_##T##_desc_t *desc = op->lsc_dispatch_data; \ 1311 const struct ltc_hash_descriptor *hash_desc = desc->lsp_priv_desc; \ 1312 hash_desc->init(&d->md); \ 1313 return LE_STS_SUCCESS; \ 1314 } \ 1315 static LE_STATUS \ 1316 accumulate_rsa_pss_##N##_input(LSC_##T##_t *op, \ 1317 const unsigned char *in, \ 1318 size_t inlen) \ 1319 { \ 1320 struct rsa_pss_data_st *d = op->lsc_data; \ 1321 \ 1322 if (d->key->lsc_dispatch != LSplugin_key_dispatch) \ 1323 return LE_STS_ERROR; /* Foreign keys are unsupported */ \ 1324 \ 1325 const LSplugin_##T##_desc_t *desc = op->lsc_dispatch_data; \ 1326 const struct ltc_hash_descriptor *hash_desc = desc->lsp_priv_desc; \ 1327 hash_desc->process(&d->md, in, inlen); \ 1328 return LE_STS_SUCCESS; \ 1329 } \ 1330 static LE_STATUS stop_rsa_pss_##N(LSC_##T##_t *op) \ 1331 { \ 1332 struct rsa_pss_data_st *d = op->lsc_data; \ 1333 \ 1334 if (d->key->lsc_dispatch != LSplugin_key_dispatch) \ 1335 return LE_STS_ERROR; /* Foreign keys are unsupported */ \ 1336 \ 1337 const LSplugin_##T##_desc_t *desc = op->lsc_dispatch_data; \ 1338 const struct ltc_hash_descriptor *hash_desc = desc->lsp_priv_desc; \ 1339 /* \ 1340 * This should be done with finalization, but we do it here too, \ 1341 * just to be safe. Libtomcrypt requires a buffer, so one is \ 1342 * provided, even though the contents are immediately thrown away. \ 1343 */ \ 1344 unsigned char tmpbuf[hash_desc->hashsize]; \ 1345 hash_desc->done(&d->md, tmpbuf); \ 1346 return LE_STS_SUCCESS; \ 1347 } 1348 1349 #define get_rsa_pss_signer_gettables NULL 1350 #define get_rsa_pss_signer_settables NULL 1351 #define get_rsa_pss_verifier_gettables NULL 1352 #define get_rsa_pss_verifier_settables NULL 1353 1354 IMPL_PSS_OP_FUNCTIONS(signer); 1355 IMPL_PSS_OP_FUNCTIONS(verifier); 1356 static LE_STATUS get_rsa_pss_signer_input_size(LSC_signer_t *op, size_t *size) 1357 { 1358 *size = 0; 1359 return LE_STS_SUCCESS; 1360 } 1361 1362 static LE_STATUS get_rsa_pss_verifier_input_size(LSC_verifier_t *op, size_t *size) 1363 { 1364 *size = 0; 1365 return LE_STS_SUCCESS; 1366 } 1367 1368 IMPL_PSS_PERFORM_FUNCTIONS(signer,signature); 1369 1370 static LE_STATUS finalize_rsa_pss_signature(LSC_signer_t *op, 1371 unsigned char *sig, size_t sigsize, 1372 size_t *siglen) 1373 { 1374 struct rsa_pss_data_st *d = op->lsc_data; 1375 LSC_key_t *key = d->key; 1376 1377 if (key->lsc_dispatch != LSplugin_key_dispatch) 1378 return LE_STS_ERROR; /* Foreign keys are unsupported */ 1379 1380 const LSplugin_signer_desc_t *desc = op->lsc_dispatch_data; 1381 const struct ltc_hash_descriptor *hash_desc = desc->lsp_priv_desc; 1382 unsigned char tmpbuf[hash_desc->hashsize]; 1383 hash_desc->done(&d->md, tmpbuf); 1384 1385 struct ltc_rsa_key_st *k = key->lsc_data; 1386 int hash_idx = register_hash(hash_desc); 1387 unsigned long outlen = sigsize; 1388 int ok = rsa_sign_hash_ex(tmpbuf, sizeof(tmpbuf), sig, &outlen, 1389 LTC_PKCS_1_PSS, NULL, -1, hash_idx, 1390 0 /* saltlen */, &k->key); 1391 1392 *siglen = outlen; 1393 if (ok != CRYPT_OK) 1394 return LE_STS_ERROR; 1395 return LE_STS_SUCCESS; 1396 } 1397 1398 IMPL_PSS_PERFORM_FUNCTIONS(verifier,verification); 1399 1400 static LE_STATUS finalize_rsa_pss_verification(LSC_verifier_t *op, 1401 const unsigned char *sig, 1402 size_t siglen, 1403 _Bool *confirmed) 1404 { 1405 struct rsa_pss_data_st *d = op->lsc_data; 1406 LSC_key_t *key = d->key; 1407 1408 if (key->lsc_dispatch != LSplugin_key_dispatch) 1409 return LE_STS_ERROR; /* Foreign keys are unsupported */ 1410 1411 const LSplugin_signer_desc_t *desc = op->lsc_dispatch_data; 1412 const struct ltc_hash_descriptor *hash_desc = desc->lsp_priv_desc; 1413 unsigned char tmpbuf[hash_desc->hashsize]; 1414 hash_desc->done(&d->md, tmpbuf); 1415 1416 struct ltc_rsa_key_st *k = key->lsc_data; 1417 int hash_idx = register_hash(hash_desc); 1418 int res = 0; 1419 int ok = rsa_verify_hash_ex(sig, siglen, tmpbuf, sizeof(tmpbuf), 1420 LTC_PKCS_1_PSS, hash_idx, 1421 0 /* saltlen */, &res, &k->key); 1422 1423 if (ok != CRYPT_OK) 1424 return LE_STS_ERROR; 1425 *confirmed = res; 1426 return LE_STS_SUCCESS; 1427 } 1428 1429 #define IMPL_PSS_HASH_OP(T) \ 1430 const LSplugin_##T##_desc_t ltc_rsa_pss_##T##_desc = { \ 1431 NULL, "rsa-pss", NULL, "rsa", /* lsp_docstring, lsp_id, lsp_priv_desc, lsp_key_id */ \ 1432 setup_rsa_pss_##T##_data, clean_rsa_pss_##T##_data, \ 1433 NULL, set_rsa_pss_##T, get_rsa_pss_##T, \ 1434 (int[]){ SPEC_pss_##T##_COMMANDS() }, \ 1435 NULL, \ 1436 get_rsa_pss_##T##_gettables, \ 1437 get_rsa_pss_##T##_settables, \ 1438 SPEC_pss_##T##_FUNCTIONS() \ 1439 } 1440 1441 #define SPEC_pss_signer_COMMANDS() \ 1442 LSC_SIGNER_SIZE_COMMANDS(), \ 1443 LSC_NR_start_signature, \ 1444 LSC_NR_accumulate_signature_input, \ 1445 LSC_NR_finalize_signature, \ 1446 LSC_NR_stop_signature 1447 #define SPEC_pss_signer_FUNCTIONS() \ 1448 get_rsa_signer_input_size, get_rsa_signer_signature_size, NULL, \ 1449 start_rsa_pss_signature, accumulate_rsa_pss_signature_input, \ 1450 finalize_rsa_pss_signature, stop_rsa_pss_signature 1451 #define SPEC_pss_verifier_COMMANDS() \ 1452 LSC_VERIFIER_SIZE_COMMANDS(), \ 1453 LSC_NR_start_verification, \ 1454 LSC_NR_accumulate_verification_input, \ 1455 LSC_NR_finalize_verification, \ 1456 LSC_NR_stop_verification 1457 #define SPEC_pss_verifier_FUNCTIONS() \ 1458 get_rsa_verifier_input_size, get_rsa_verifier_signature_size, NULL, \ 1459 start_rsa_pss_verification, accumulate_rsa_pss_verification_input, \ 1460 finalize_rsa_pss_verification, stop_rsa_pss_verification 1461 1462 IMPL_PSS_HASH_OP(signer); 1463 IMPL_PSS_HASH_OP(verifier);