Crash_Override/OVMS3-idf
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
OVMS3-idf/components/wpa_supplicant/src/tls/rsa.c

353 lines
8.4 KiB
C
Raw Normal View History

wpa_supplicant:move part of codes to IDF
2018-04-20 03:33:04 +00:00
/*
* RSA
* Copyright (c) 2006, Jouni Malinen <j@w1.fi>
*
* This software may be distributed under the terms of the BSD license.
* See README for more details.
*/
supplicant/esp_wifi: move supplicant to idf Move supplicant to idf and do following refactoring: 1. Make the folder structure consitent with supplicant upstream 2. Remove duplicated header files and minimize the public header files 3. Refactor for WiFi/supplicant interfaces
2018-08-13 08:37:56 +00:00
#include "utils/includes.h"
wpa_supplicant:move part of codes to IDF
2018-04-20 03:33:04 +00:00
supplicant/esp_wifi: move supplicant to idf Move supplicant to idf and do following refactoring: 1. Make the folder structure consitent with supplicant upstream 2. Remove duplicated header files and minimize the public header files 3. Refactor for WiFi/supplicant interfaces
2018-08-13 08:37:56 +00:00
#include "utils/common.h"
#include "tls/asn1.h"
#include "tls/bignum.h"
#include "tls/rsa.h"
wpa_supplicant:move part of codes to IDF
2018-04-20 03:33:04 +00:00
struct crypto_rsa_key {
int private_key; /* whether private key is set */
struct bignum *n; /* modulus (p * q) */
struct bignum *e; /* public exponent */
/* The following parameters are available only if private_key is set */
struct bignum *d; /* private exponent */
struct bignum *p; /* prime p (factor of n) */
struct bignum *q; /* prime q (factor of n) */
struct bignum *dmp1; /* d mod (p - 1); CRT exponent */
struct bignum *dmq1; /* d mod (q - 1); CRT exponent */
struct bignum *iqmp; /* 1 / q mod p; CRT coefficient */
};
static const u8 * crypto_rsa_parse_integer(const u8 *pos, const u8 *end,
struct bignum *num)
{
struct asn1_hdr hdr;
if (pos == NULL)
return NULL;
if (asn1_get_next(pos, end - pos, &hdr) < 0 ||
hdr.class != ASN1_CLASS_UNIVERSAL || hdr.tag != ASN1_TAG_INTEGER) {
wpa_printf(MSG_DEBUG, "RSA: Expected INTEGER - found class %d "
"tag 0x%x", hdr.class, hdr.tag);
return NULL;
}
if (bignum_set_unsigned_bin(num, hdr.payload, hdr.length) < 0) {
wpa_printf(MSG_DEBUG, "RSA: Failed to parse INTEGER");
return NULL;
}
return hdr.payload + hdr.length;
}
/**
* crypto_rsa_import_public_key - Import an RSA public key
* @buf: Key buffer (DER encoded RSA public key)
* @len: Key buffer length in bytes
* Returns: Pointer to the public key or %NULL on failure
*/
struct crypto_rsa_key *
crypto_rsa_import_public_key(const u8 *buf, size_t len)
{
struct crypto_rsa_key *key;
struct asn1_hdr hdr;
const u8 *pos, *end;
key = (struct crypto_rsa_key *)os_zalloc(sizeof(*key));
if (key == NULL)
return NULL;
key->n = bignum_init();
key->e = bignum_init();
if (key->n == NULL || key->e == NULL) {
crypto_rsa_free(key);
return NULL;
}
/*
* PKCS #1, 7.1:
* RSAPublicKey ::= SEQUENCE {
* modulus INTEGER, -- n
global: move the soc component out of the common list This MR removes the common dependency from every IDF components to the SOC component. Currently, in the ``idf_functions.cmake`` script, we include the header path of SOC component by default for all components. But for better code organization (or maybe also benifits to the compiling speed), we may remove the dependency to SOC components for most components except the driver and kernel related components. In CMAKE, we have two kinds of header visibilities (set by include path visibility): (Assume component A --(depends on)--> B, B is the current component) 1. public (``COMPONENT_ADD_INCLUDEDIRS``): means this path is visible to other depending components (A) (visible to A and B) 2. private (``COMPONENT_PRIV_INCLUDEDIRS``): means this path is only visible to source files inside the component (visible to B only) and we have two kinds of depending ways: (Assume component A --(depends on)--> B --(depends on)--> C, B is the current component) 1. public (```COMPONENT_REQUIRES```): means B can access to public include path of C. All other components rely on you (A) will also be available for the public headers. (visible to A, B) 2. private (``COMPONENT_PRIV_REQUIRES``): means B can access to public include path of C, but don't propagate this relation to other components (A). (visible to B) 1. remove the common requirement in ``idf_functions.cmake``, this makes the SOC components invisible to all other components by default. 2. if a component (for example, DRIVER) really needs the dependency to SOC, add a private dependency to SOC for it. 3. some other components that don't really depends on the SOC may still meet some errors saying "can't find header soc/...", this is because it's depended component (DRIVER) incorrectly include the header of SOC in its public headers. Moving all this kind of #include into source files, or private headers 4. Fix the include requirements for some file which miss sufficient #include directives. (Previously they include some headers by the long long long header include link) This is a breaking change. Previous code may depends on the long include chain. You may need to include the following headers for some files after this commit: - soc/soc.h - soc/soc_memory_layout.h - driver/gpio.h - esp_sleep.h The major broken include chain includes: 1. esp_system.h no longer includes esp_sleep.h. The latter includes driver/gpio.h and driver/touch_pad.h. 2. ets_sys.h no longer includes soc/soc.h 3. freertos/portmacro.h no longer includes soc/soc_memory_layout.h some peripheral headers no longer includes their hw related headers, e.g. rom/gpio.h no longer includes soc/gpio_pins.h and soc/gpio_reg.h BREAKING CHANGE
2019-04-03 05:17:38 +00:00
* publicExponent INTEGER -- e
wpa_supplicant:move part of codes to IDF
2018-04-20 03:33:04 +00:00
* }
*/
if (asn1_get_next(buf, len, &hdr) < 0 ||
hdr.class != ASN1_CLASS_UNIVERSAL ||
hdr.tag != ASN1_TAG_SEQUENCE) {
wpa_printf(MSG_DEBUG, "RSA: Expected SEQUENCE "
"(public key) - found class %d tag 0x%x",
hdr.class, hdr.tag);
goto error;
}
pos = hdr.payload;
end = pos + hdr.length;
pos = crypto_rsa_parse_integer(pos, end, key->n);
pos = crypto_rsa_parse_integer(pos, end, key->e);
if (pos == NULL)
goto error;
if (pos != end) {
wpa_hexdump(MSG_DEBUG,
"RSA: Extra data in public key SEQUENCE",
pos, end - pos);
goto error;
}
return key;
error:
crypto_rsa_free(key);
return NULL;
}
/**
* crypto_rsa_import_private_key - Import an RSA private key
* @buf: Key buffer (DER encoded RSA private key)
* @len: Key buffer length in bytes
* Returns: Pointer to the private key or %NULL on failure
*/
struct crypto_rsa_key *
crypto_rsa_import_private_key(const u8 *buf, size_t len)
{
struct crypto_rsa_key *key;
struct bignum *zero;
struct asn1_hdr hdr;
const u8 *pos, *end;
key = (struct crypto_rsa_key *)os_zalloc(sizeof(*key));
if (key == NULL)
return NULL;
key->private_key = 1;
key->n = bignum_init();
key->e = bignum_init();
key->d = bignum_init();
key->p = bignum_init();
key->q = bignum_init();
key->dmp1 = bignum_init();
key->dmq1 = bignum_init();
key->iqmp = bignum_init();
if (key->n == NULL || key->e == NULL || key->d == NULL ||
key->p == NULL || key->q == NULL || key->dmp1 == NULL ||
key->dmq1 == NULL || key->iqmp == NULL) {
crypto_rsa_free(key);
return NULL;
}
/*
* PKCS #1, 7.2:
* RSAPrivateKey ::= SEQUENCE {
* version Version,
* modulus INTEGER, -- n
* publicExponent INTEGER, -- e
* privateExponent INTEGER, -- d
* prime1 INTEGER, -- p
* prime2 INTEGER, -- q
* exponent1 INTEGER, -- d mod (p-1)
* exponent2 INTEGER, -- d mod (q-1)
* coefficient INTEGER -- (inverse of q) mod p
* }
*
* Version ::= INTEGER -- shall be 0 for this version of the standard
*/
if (asn1_get_next(buf, len, &hdr) < 0 ||
hdr.class != ASN1_CLASS_UNIVERSAL ||
hdr.tag != ASN1_TAG_SEQUENCE) {
wpa_printf(MSG_DEBUG, "RSA: Expected SEQUENCE "
"(public key) - found class %d tag 0x%x",
hdr.class, hdr.tag);
goto error;
}
pos = hdr.payload;
end = pos + hdr.length;
zero = bignum_init();
if (zero == NULL)
goto error;
pos = crypto_rsa_parse_integer(pos, end, zero);
if (pos == NULL || bignum_cmp_d(zero, 0) != 0) {
wpa_printf(MSG_DEBUG, "RSA: Expected zero INTEGER in the "
"beginning of private key; not found");
bignum_deinit(zero);
goto error;
}
bignum_deinit(zero);
pos = crypto_rsa_parse_integer(pos, end, key->n);
pos = crypto_rsa_parse_integer(pos, end, key->e);
pos = crypto_rsa_parse_integer(pos, end, key->d);
pos = crypto_rsa_parse_integer(pos, end, key->p);
pos = crypto_rsa_parse_integer(pos, end, key->q);
pos = crypto_rsa_parse_integer(pos, end, key->dmp1);
pos = crypto_rsa_parse_integer(pos, end, key->dmq1);
pos = crypto_rsa_parse_integer(pos, end, key->iqmp);
if (pos == NULL)
goto error;
if (pos != end) {
wpa_hexdump(MSG_DEBUG,
"RSA: Extra data in public key SEQUENCE",
pos, end - pos);
goto error;
}
return key;
error:
crypto_rsa_free(key);
return NULL;
}
/**
* crypto_rsa_get_modulus_len - Get the modulus length of the RSA key
* @key: RSA key
* Returns: Modulus length of the key
*/
size_t crypto_rsa_get_modulus_len(struct crypto_rsa_key *key)
{
return bignum_get_unsigned_bin_len(key->n);
}
/**
* crypto_rsa_exptmod - RSA modular exponentiation
* @in: Input data
* @inlen: Input data length
* @out: Buffer for output data
* @outlen: Maximum size of the output buffer and used size on success
* @key: RSA key
* @use_private: 1 = Use RSA private key, 0 = Use RSA public key
* Returns: 0 on success, -1 on failure
*/
int crypto_rsa_exptmod(const u8 *in, size_t inlen, u8 *out, size_t *outlen,
struct crypto_rsa_key *key, int use_private)
{
struct bignum *tmp, *a = NULL, *b = NULL;
int ret = -1;
size_t modlen;
if (use_private && !key->private_key)
return -1;
tmp = bignum_init();
if (tmp == NULL)
return -1;
global: move the soc component out of the common list This MR removes the common dependency from every IDF components to the SOC component. Currently, in the ``idf_functions.cmake`` script, we include the header path of SOC component by default for all components. But for better code organization (or maybe also benifits to the compiling speed), we may remove the dependency to SOC components for most components except the driver and kernel related components. In CMAKE, we have two kinds of header visibilities (set by include path visibility): (Assume component A --(depends on)--> B, B is the current component) 1. public (``COMPONENT_ADD_INCLUDEDIRS``): means this path is visible to other depending components (A) (visible to A and B) 2. private (``COMPONENT_PRIV_INCLUDEDIRS``): means this path is only visible to source files inside the component (visible to B only) and we have two kinds of depending ways: (Assume component A --(depends on)--> B --(depends on)--> C, B is the current component) 1. public (```COMPONENT_REQUIRES```): means B can access to public include path of C. All other components rely on you (A) will also be available for the public headers. (visible to A, B) 2. private (``COMPONENT_PRIV_REQUIRES``): means B can access to public include path of C, but don't propagate this relation to other components (A). (visible to B) 1. remove the common requirement in ``idf_functions.cmake``, this makes the SOC components invisible to all other components by default. 2. if a component (for example, DRIVER) really needs the dependency to SOC, add a private dependency to SOC for it. 3. some other components that don't really depends on the SOC may still meet some errors saying "can't find header soc/...", this is because it's depended component (DRIVER) incorrectly include the header of SOC in its public headers. Moving all this kind of #include into source files, or private headers 4. Fix the include requirements for some file which miss sufficient #include directives. (Previously they include some headers by the long long long header include link) This is a breaking change. Previous code may depends on the long include chain. You may need to include the following headers for some files after this commit: - soc/soc.h - soc/soc_memory_layout.h - driver/gpio.h - esp_sleep.h The major broken include chain includes: 1. esp_system.h no longer includes esp_sleep.h. The latter includes driver/gpio.h and driver/touch_pad.h. 2. ets_sys.h no longer includes soc/soc.h 3. freertos/portmacro.h no longer includes soc/soc_memory_layout.h some peripheral headers no longer includes their hw related headers, e.g. rom/gpio.h no longer includes soc/gpio_pins.h and soc/gpio_reg.h BREAKING CHANGE
2019-04-03 05:17:38 +00:00
wpa_supplicant:move part of codes to IDF
2018-04-20 03:33:04 +00:00
if (bignum_set_unsigned_bin(tmp, in, inlen) < 0)
goto error;
if (bignum_cmp(key->n, tmp) < 0) {
/* Too large input value for the RSA key modulus */
goto error;
}
if (use_private) {
/*
* Decrypt (or sign) using Chinese remainer theorem to speed
* up calculation. This is equivalent to tmp = tmp^d mod n
* (which would require more CPU to calculate directly).
*
* dmp1 = (1/e) mod (p-1)
* dmq1 = (1/e) mod (q-1)
* iqmp = (1/q) mod p, where p > q
* m1 = c^dmp1 mod p
* m2 = c^dmq1 mod q
* h = q^-1 (m1 - m2) mod p
* m = m2 + hq
*/
a = bignum_init();
b = bignum_init();
if (a == NULL || b == NULL)
goto error;
/* a = tmp^dmp1 mod p */
if (bignum_exptmod(tmp, key->dmp1, key->p, a) < 0)
goto error;
/* b = tmp^dmq1 mod q */
if (bignum_exptmod(tmp, key->dmq1, key->q, b) < 0)
goto error;
/* tmp = (a - b) * (1/q mod p) (mod p) */
if (bignum_sub(a, b, tmp) < 0 ||
bignum_mulmod(tmp, key->iqmp, key->p, tmp) < 0)
goto error;
/* tmp = b + q * tmp */
if (bignum_mul(tmp, key->q, tmp) < 0 ||
bignum_add(tmp, b, tmp) < 0)
goto error;
} else {
/* Encrypt (or verify signature) */
/* tmp = tmp^e mod N */
if (bignum_exptmod(tmp, key->e, key->n, tmp) < 0)
goto error;
}
modlen = crypto_rsa_get_modulus_len(key);
if (modlen > *outlen) {
*outlen = modlen;
goto error;
}
if (bignum_get_unsigned_bin_len(tmp) > modlen)
goto error; /* should never happen */
*outlen = modlen;
os_memset(out, 0, modlen);
if (bignum_get_unsigned_bin(
tmp, out +
(modlen - bignum_get_unsigned_bin_len(tmp)), NULL) < 0)
goto error;
ret = 0;
error:
bignum_deinit(tmp);
bignum_deinit(a);
bignum_deinit(b);
return ret;
}
/**
* crypto_rsa_free - Free RSA key
* @key: RSA key to be freed
*
* This function frees an RSA key imported with either
* crypto_rsa_import_public_key() or crypto_rsa_import_private_key().
*/
void crypto_rsa_free(struct crypto_rsa_key *key)
{
if (key) {
bignum_deinit(key->n);
bignum_deinit(key->e);
bignum_deinit(key->d);
bignum_deinit(key->p);
bignum_deinit(key->q);
bignum_deinit(key->dmp1);
bignum_deinit(key->dmq1);
bignum_deinit(key->iqmp);
os_free(key);
}
}
Reference in a new issue Copy permalink