329 lines
6.9 KiB
C
329 lines
6.9 KiB
C
/*
|
|
* libwebsockets - generic RSA api hiding the backend
|
|
*
|
|
* Copyright (C) 2017 Andy Green <andy@warmcat.com>
|
|
*
|
|
* This library is free software; you can redistribute it and/or
|
|
* modify it under the terms of the GNU Lesser General Public
|
|
* License as published by the Free Software Foundation:
|
|
* version 2.1 of the License.
|
|
*
|
|
* This library is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
* Lesser General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU Lesser General Public
|
|
* License along with this library; if not, write to the Free Software
|
|
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
|
|
* MA 02110-1301 USA
|
|
*
|
|
* lws_genhash provides a hash / hmac abstraction api in lws that works the
|
|
* same whether you are using openssl or mbedtls hash functions underneath.
|
|
*/
|
|
#include "core/private.h"
|
|
|
|
LWS_VISIBLE void
|
|
lws_jwk_destroy_genrsa_elements(struct lws_genrsa_elements *el)
|
|
{
|
|
int n;
|
|
|
|
for (n = 0; n < LWS_COUNT_RSA_ELEMENTS; n++)
|
|
if (el->e[n].buf)
|
|
lws_free_set_NULL(el->e[n].buf);
|
|
}
|
|
|
|
LWS_VISIBLE int
|
|
lws_genrsa_create(struct lws_genrsa_ctx *ctx, struct lws_genrsa_elements *el)
|
|
{
|
|
int n;
|
|
|
|
memset(ctx, 0, sizeof(*ctx));
|
|
ctx->ctx = lws_zalloc(sizeof(*ctx->ctx), "genrsa");
|
|
if (!ctx->ctx)
|
|
return 1;
|
|
|
|
mbedtls_rsa_init(ctx->ctx, MBEDTLS_RSA_PKCS_V15, 0);
|
|
|
|
{
|
|
mbedtls_mpi *mpi[LWS_COUNT_RSA_ELEMENTS] = {
|
|
&ctx->ctx->E, &ctx->ctx->N, &ctx->ctx->D, &ctx->ctx->P,
|
|
&ctx->ctx->Q, &ctx->ctx->DP, &ctx->ctx->DQ,
|
|
&ctx->ctx->QP,
|
|
};
|
|
|
|
for (n = 0; n < LWS_COUNT_RSA_ELEMENTS; n++)
|
|
if (el->e[n].buf &&
|
|
mbedtls_mpi_read_binary(mpi[n], el->e[n].buf,
|
|
el->e[n].len)) {
|
|
lwsl_notice("mpi load failed\n");
|
|
lws_free_set_NULL(ctx->ctx);
|
|
|
|
return -1;
|
|
}
|
|
}
|
|
|
|
ctx->ctx->len = el->e[JWK_KEY_N].len;
|
|
|
|
return 0;
|
|
}
|
|
|
|
static int
|
|
_rngf(void *context, unsigned char *buf, size_t len)
|
|
{
|
|
if ((size_t)lws_get_random(context, buf, len) == len)
|
|
return 0;
|
|
|
|
return -1;
|
|
}
|
|
|
|
LWS_VISIBLE int
|
|
lws_genrsa_new_keypair(struct lws_context *context, struct lws_genrsa_ctx *ctx,
|
|
struct lws_genrsa_elements *el, int bits)
|
|
{
|
|
int n;
|
|
|
|
memset(ctx, 0, sizeof(*ctx));
|
|
ctx->ctx = lws_zalloc(sizeof(*ctx->ctx), "genrsa");
|
|
if (!ctx->ctx)
|
|
return -1;
|
|
|
|
mbedtls_rsa_init(ctx->ctx, MBEDTLS_RSA_PKCS_V15, 0);
|
|
|
|
n = mbedtls_rsa_gen_key(ctx->ctx, _rngf, context, bits, 65537);
|
|
if (n) {
|
|
lwsl_err("mbedtls_rsa_gen_key failed 0x%x\n", -n);
|
|
goto cleanup_1;
|
|
}
|
|
|
|
{
|
|
mbedtls_mpi *mpi[LWS_COUNT_RSA_ELEMENTS] = {
|
|
&ctx->ctx->E, &ctx->ctx->N, &ctx->ctx->D, &ctx->ctx->P,
|
|
&ctx->ctx->Q, &ctx->ctx->DP, &ctx->ctx->DQ,
|
|
&ctx->ctx->QP,
|
|
};
|
|
|
|
for (n = 0; n < LWS_COUNT_RSA_ELEMENTS; n++)
|
|
if (mbedtls_mpi_size(mpi[n])) {
|
|
el->e[n].buf = lws_malloc(
|
|
mbedtls_mpi_size(mpi[n]), "genrsakey");
|
|
if (!el->e[n].buf)
|
|
goto cleanup;
|
|
el->e[n].len = mbedtls_mpi_size(mpi[n]);
|
|
mbedtls_mpi_write_binary(mpi[n], el->e[n].buf,
|
|
el->e[n].len);
|
|
}
|
|
}
|
|
|
|
return 0;
|
|
|
|
cleanup:
|
|
for (n = 0; n < LWS_COUNT_RSA_ELEMENTS; n++)
|
|
if (el->e[n].buf)
|
|
lws_free_set_NULL(el->e[n].buf);
|
|
cleanup_1:
|
|
lws_free(ctx->ctx);
|
|
|
|
return -1;
|
|
}
|
|
|
|
LWS_VISIBLE int
|
|
lws_genrsa_public_decrypt(struct lws_genrsa_ctx *ctx, const uint8_t *in,
|
|
size_t in_len, uint8_t *out, size_t out_max)
|
|
{
|
|
size_t olen = 0;
|
|
int n;
|
|
|
|
ctx->ctx->len = in_len;
|
|
n = mbedtls_rsa_rsaes_pkcs1_v15_decrypt(ctx->ctx, NULL, NULL,
|
|
MBEDTLS_RSA_PUBLIC,
|
|
&olen, in, out, out_max);
|
|
if (n) {
|
|
lwsl_notice("%s: -0x%x\n", __func__, -n);
|
|
|
|
return -1;
|
|
}
|
|
|
|
return olen;
|
|
}
|
|
|
|
LWS_VISIBLE int
|
|
lws_genrsa_public_encrypt(struct lws_genrsa_ctx *ctx, const uint8_t *in,
|
|
size_t in_len, uint8_t *out)
|
|
{
|
|
int n;
|
|
|
|
ctx->ctx->len = in_len;
|
|
n = mbedtls_rsa_rsaes_pkcs1_v15_encrypt(ctx->ctx, NULL, NULL,
|
|
MBEDTLS_RSA_PRIVATE,
|
|
in_len, in, out);
|
|
if (n) {
|
|
lwsl_notice("%s: -0x%x\n", __func__, -n);
|
|
|
|
return -1;
|
|
}
|
|
|
|
return 0;
|
|
}
|
|
|
|
static int
|
|
lws_genrsa_genrsa_hash_to_mbed_hash(enum lws_genhash_types hash_type)
|
|
{
|
|
int h = -1;
|
|
|
|
switch (hash_type) {
|
|
case LWS_GENHASH_TYPE_SHA1:
|
|
h = MBEDTLS_MD_SHA1;
|
|
break;
|
|
case LWS_GENHASH_TYPE_SHA256:
|
|
h = MBEDTLS_MD_SHA256;
|
|
break;
|
|
case LWS_GENHASH_TYPE_SHA384:
|
|
h = MBEDTLS_MD_SHA384;
|
|
break;
|
|
case LWS_GENHASH_TYPE_SHA512:
|
|
h = MBEDTLS_MD_SHA512;
|
|
break;
|
|
}
|
|
|
|
return h;
|
|
}
|
|
|
|
LWS_VISIBLE int
|
|
lws_genrsa_public_verify(struct lws_genrsa_ctx *ctx, const uint8_t *in,
|
|
enum lws_genhash_types hash_type, const uint8_t *sig,
|
|
size_t sig_len)
|
|
{
|
|
int n, h = lws_genrsa_genrsa_hash_to_mbed_hash(hash_type);
|
|
|
|
if (h < 0)
|
|
return -1;
|
|
|
|
n = mbedtls_rsa_rsassa_pkcs1_v15_verify(ctx->ctx, NULL, NULL,
|
|
MBEDTLS_RSA_PUBLIC,
|
|
h, 0, in, sig);
|
|
if (n < 0) {
|
|
lwsl_notice("%s: -0x%x\n", __func__, -n);
|
|
|
|
return -1;
|
|
}
|
|
|
|
return n;
|
|
}
|
|
|
|
LWS_VISIBLE int
|
|
lws_genrsa_public_sign(struct lws_genrsa_ctx *ctx, const uint8_t *in,
|
|
enum lws_genhash_types hash_type, uint8_t *sig,
|
|
size_t sig_len)
|
|
{
|
|
int n, h = lws_genrsa_genrsa_hash_to_mbed_hash(hash_type);
|
|
|
|
if (h < 0)
|
|
return -1;
|
|
|
|
/*
|
|
* The "sig" buffer must be as large as the size of ctx->N
|
|
* (eg. 128 bytes if RSA-1024 is used).
|
|
*/
|
|
if (sig_len < ctx->ctx->len)
|
|
return -1;
|
|
|
|
n = mbedtls_rsa_rsassa_pkcs1_v15_sign(ctx->ctx, NULL, NULL,
|
|
MBEDTLS_RSA_PRIVATE, h, 0, in,
|
|
sig);
|
|
if (n < 0) {
|
|
lwsl_notice("%s: -0x%x\n", __func__, -n);
|
|
|
|
return -1;
|
|
}
|
|
|
|
return ctx->ctx->len;
|
|
}
|
|
|
|
LWS_VISIBLE int
|
|
lws_genrsa_render_pkey_asn1(struct lws_genrsa_ctx *ctx, int _private,
|
|
uint8_t *pkey_asn1, size_t pkey_asn1_len)
|
|
{
|
|
uint8_t *p = pkey_asn1, *totlen, *end = pkey_asn1 + pkey_asn1_len - 1;
|
|
mbedtls_mpi *mpi[LWS_COUNT_RSA_ELEMENTS] = {
|
|
&ctx->ctx->N, &ctx->ctx->E, &ctx->ctx->D, &ctx->ctx->P,
|
|
&ctx->ctx->Q, &ctx->ctx->DP, &ctx->ctx->DQ,
|
|
&ctx->ctx->QP,
|
|
};
|
|
int n;
|
|
|
|
/* 30 82 - sequence
|
|
* 09 29 <-- length(0x0929) less 4 bytes
|
|
* 02 01 <- length (1)
|
|
* 00
|
|
* 02 82
|
|
* 02 01 <- length (513) N
|
|
* ...
|
|
*
|
|
* 02 03 <- length (3) E
|
|
* 01 00 01
|
|
*
|
|
* 02 82
|
|
* 02 00 <- length (512) D P Q EXP1 EXP2 COEFF
|
|
*
|
|
* */
|
|
|
|
*p++ = 0x30;
|
|
*p++ = 0x82;
|
|
totlen = p;
|
|
p += 2;
|
|
|
|
*p++ = 0x02;
|
|
*p++ = 0x01;
|
|
*p++ = 0x00;
|
|
|
|
for (n = 0; n < LWS_COUNT_RSA_ELEMENTS; n++) {
|
|
int m = mbedtls_mpi_size(mpi[n]);
|
|
uint8_t *elen;
|
|
|
|
*p++ = 0x02;
|
|
elen = p;
|
|
if (m < 0x7f)
|
|
*p++ = m;
|
|
else {
|
|
*p++ = 0x82;
|
|
*p++ = m >> 8;
|
|
*p++ = m & 0xff;
|
|
}
|
|
|
|
if (p + m > end)
|
|
return -1;
|
|
|
|
mbedtls_mpi_write_binary(mpi[n], p, m);
|
|
if (p[0] & 0x80) {
|
|
p[0] = 0x00;
|
|
mbedtls_mpi_write_binary(mpi[n], &p[1], m);
|
|
m++;
|
|
}
|
|
if (m < 0x7f)
|
|
*elen = m;
|
|
else {
|
|
*elen++ = 0x82;
|
|
*elen++ = m >> 8;
|
|
*elen = m & 0xff;
|
|
}
|
|
p += m;
|
|
}
|
|
|
|
n = lws_ptr_diff(p, pkey_asn1);
|
|
|
|
*totlen++ = (n - 4) >> 8;
|
|
*totlen = (n - 4) & 0xff;
|
|
|
|
return n;
|
|
}
|
|
|
|
LWS_VISIBLE void
|
|
lws_genrsa_destroy(struct lws_genrsa_ctx *ctx)
|
|
{
|
|
if (!ctx->ctx)
|
|
return;
|
|
mbedtls_rsa_free(ctx->ctx);
|
|
lws_free(ctx->ctx);
|
|
ctx->ctx = NULL;
|
|
}
|