]>
Commit | Line | Data |
---|---|---|
29be6023 | 1 | /* |
a28d06f3 | 2 | * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. |
29be6023 RL |
3 | * |
4 | * Licensed under the Apache License 2.0 (the "License"). You may not use | |
5 | * this file except in compliance with the License. You can obtain a copy | |
6 | * in the file LICENSE in the source distribution or at | |
7 | * https://www.openssl.org/source/license.html | |
8 | */ | |
9 | ||
c5f87134 P |
10 | /* |
11 | * RSA low level APIs are deprecated for public use, but still ok for | |
12 | * internal use. | |
13 | */ | |
14 | #include "internal/deprecated.h" | |
15 | ||
23c48d94 | 16 | #include <openssl/core_dispatch.h> |
29be6023 RL |
17 | #include <openssl/core_names.h> |
18 | #include <openssl/bn.h> | |
8baa49ae | 19 | #include <openssl/err.h> |
29be6023 | 20 | #include <openssl/rsa.h> |
8baa49ae | 21 | #include <openssl/evp.h> |
29be6023 | 22 | #include "prov/implementations.h" |
1640d48c | 23 | #include "prov/providercommon.h" |
afb638f1 | 24 | #include "prov/provider_ctx.h" |
29be6023 | 25 | #include "crypto/rsa.h" |
1017b8e4 | 26 | #include "crypto/cryptlib.h" |
96ebe52e | 27 | #include "internal/param_build_set.h" |
29be6023 | 28 | |
363b1e5d DMSP |
29 | static OSSL_FUNC_keymgmt_new_fn rsa_newdata; |
30 | static OSSL_FUNC_keymgmt_new_fn rsapss_newdata; | |
31 | static OSSL_FUNC_keymgmt_gen_init_fn rsa_gen_init; | |
32 | static OSSL_FUNC_keymgmt_gen_init_fn rsapss_gen_init; | |
33 | static OSSL_FUNC_keymgmt_gen_set_params_fn rsa_gen_set_params; | |
34 | static OSSL_FUNC_keymgmt_gen_settable_params_fn rsa_gen_settable_params; | |
35 | static OSSL_FUNC_keymgmt_gen_settable_params_fn rsapss_gen_settable_params; | |
36 | static OSSL_FUNC_keymgmt_gen_fn rsa_gen; | |
37 | static OSSL_FUNC_keymgmt_gen_cleanup_fn rsa_gen_cleanup; | |
1017b8e4 | 38 | static OSSL_FUNC_keymgmt_load_fn rsa_load; |
363b1e5d DMSP |
39 | static OSSL_FUNC_keymgmt_free_fn rsa_freedata; |
40 | static OSSL_FUNC_keymgmt_get_params_fn rsa_get_params; | |
41 | static OSSL_FUNC_keymgmt_gettable_params_fn rsa_gettable_params; | |
42 | static OSSL_FUNC_keymgmt_has_fn rsa_has; | |
43 | static OSSL_FUNC_keymgmt_match_fn rsa_match; | |
44 | static OSSL_FUNC_keymgmt_validate_fn rsa_validate; | |
45 | static OSSL_FUNC_keymgmt_import_fn rsa_import; | |
46 | static OSSL_FUNC_keymgmt_import_types_fn rsa_import_types; | |
47 | static OSSL_FUNC_keymgmt_export_fn rsa_export; | |
48 | static OSSL_FUNC_keymgmt_export_types_fn rsa_export_types; | |
80f4fd18 | 49 | static OSSL_FUNC_keymgmt_query_operation_name_fn rsa_query_operation_name; |
29be6023 | 50 | |
8baa49ae | 51 | #define RSA_DEFAULT_MD "SHA256" |
8a758e96 RL |
52 | #define RSA_PSS_DEFAULT_MD OSSL_DIGEST_NAME_SHA1 |
53 | #define RSA_POSSIBLE_SELECTIONS \ | |
8dd5c603 | 54 | (OSSL_KEYMGMT_SELECT_KEYPAIR | OSSL_KEYMGMT_SELECT_OTHER_PARAMETERS) |
8baa49ae | 55 | |
29be6023 RL |
56 | DEFINE_STACK_OF(BIGNUM) |
57 | DEFINE_SPECIAL_STACK_OF_CONST(BIGNUM_const, BIGNUM) | |
58 | ||
bbde8566 | 59 | static int pss_params_fromdata(RSA_PSS_PARAMS_30 *pss_params, int *defaults_set, |
8a758e96 | 60 | const OSSL_PARAM params[], int rsa_type, |
b4250010 | 61 | OSSL_LIB_CTX *libctx) |
29be6023 | 62 | { |
bbde8566 TM |
63 | if (!ossl_rsa_pss_params_30_fromdata(pss_params, defaults_set, |
64 | params, libctx)) | |
8a758e96 | 65 | return 0; |
29be6023 | 66 | |
8a758e96 RL |
67 | /* If not a PSS type RSA, sending us PSS parameters is wrong */ |
68 | if (rsa_type != RSA_FLAG_TYPE_RSASSAPSS | |
23b2fc0b | 69 | && !ossl_rsa_pss_params_30_is_unrestricted(pss_params)) |
8a758e96 | 70 | return 0; |
29be6023 | 71 | |
8a758e96 | 72 | return 1; |
29be6023 RL |
73 | } |
74 | ||
8dd5c603 | 75 | static void *rsa_newdata(void *provctx) |
29be6023 | 76 | { |
a829b735 | 77 | OSSL_LIB_CTX *libctx = PROV_LIBCTX_OF(provctx); |
422cbcee | 78 | RSA *rsa; |
8a758e96 | 79 | |
422cbcee P |
80 | if (!ossl_prov_is_running()) |
81 | return NULL; | |
82 | ||
23b2fc0b | 83 | rsa = ossl_rsa_new_with_ctx(libctx); |
8a758e96 RL |
84 | if (rsa != NULL) { |
85 | RSA_clear_flags(rsa, RSA_FLAG_TYPE_MASK); | |
86 | RSA_set_flags(rsa, RSA_FLAG_TYPE_RSA); | |
87 | } | |
88 | return rsa; | |
89 | } | |
90 | ||
91 | static void *rsapss_newdata(void *provctx) | |
92 | { | |
a829b735 | 93 | OSSL_LIB_CTX *libctx = PROV_LIBCTX_OF(provctx); |
422cbcee P |
94 | RSA *rsa; |
95 | ||
96 | if (!ossl_prov_is_running()) | |
97 | return NULL; | |
afb638f1 | 98 | |
23b2fc0b | 99 | rsa = ossl_rsa_new_with_ctx(libctx); |
8a758e96 RL |
100 | if (rsa != NULL) { |
101 | RSA_clear_flags(rsa, RSA_FLAG_TYPE_MASK); | |
102 | RSA_set_flags(rsa, RSA_FLAG_TYPE_RSASSAPSS); | |
103 | } | |
104 | return rsa; | |
8dd5c603 | 105 | } |
29be6023 | 106 | |
8dd5c603 RL |
107 | static void rsa_freedata(void *keydata) |
108 | { | |
109 | RSA_free(keydata); | |
29be6023 RL |
110 | } |
111 | ||
3d914185 | 112 | static int rsa_has(const void *keydata, int selection) |
29be6023 | 113 | { |
3d914185 | 114 | const RSA *rsa = keydata; |
9a485440 TM |
115 | int ok = 1; |
116 | ||
117 | if (rsa == NULL || !ossl_prov_is_running()) | |
118 | return 0; | |
119 | if ((selection & RSA_POSSIBLE_SELECTIONS) == 0) | |
120 | return 1; /* the selection is not missing */ | |
121 | ||
122 | if ((selection & OSSL_KEYMGMT_SELECT_OTHER_PARAMETERS) != 0) | |
123 | /* This will change with OAEP */ | |
124 | ok = ok && (RSA_test_flags(rsa, RSA_FLAG_TYPE_RSASSAPSS) != 0); | |
125 | if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) | |
126 | ok = ok && (RSA_get0_e(rsa) != NULL); | |
127 | if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) | |
128 | ok = ok && (RSA_get0_n(rsa) != NULL); | |
129 | if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) | |
130 | ok = ok && (RSA_get0_d(rsa) != NULL); | |
8dd5c603 RL |
131 | return ok; |
132 | } | |
133 | ||
2888fc15 RL |
134 | static int rsa_match(const void *keydata1, const void *keydata2, int selection) |
135 | { | |
136 | const RSA *rsa1 = keydata1; | |
137 | const RSA *rsa2 = keydata2; | |
138 | int ok = 1; | |
139 | ||
422cbcee P |
140 | if (!ossl_prov_is_running()) |
141 | return 0; | |
142 | ||
2888fc15 RL |
143 | /* There is always an |e| */ |
144 | ok = ok && BN_cmp(RSA_get0_e(rsa1), RSA_get0_e(rsa2)) == 0; | |
145 | if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) | |
146 | ok = ok && BN_cmp(RSA_get0_n(rsa1), RSA_get0_n(rsa2)) == 0; | |
147 | if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) | |
148 | ok = ok && BN_cmp(RSA_get0_d(rsa1), RSA_get0_d(rsa2)) == 0; | |
149 | return ok; | |
150 | } | |
151 | ||
8dd5c603 RL |
152 | static int rsa_import(void *keydata, int selection, const OSSL_PARAM params[]) |
153 | { | |
154 | RSA *rsa = keydata; | |
8a758e96 | 155 | int rsa_type; |
8dd5c603 | 156 | int ok = 1; |
bbde8566 | 157 | int pss_defaults_set = 0; |
8dd5c603 | 158 | |
422cbcee | 159 | if (!ossl_prov_is_running() || rsa == NULL) |
8dd5c603 RL |
160 | return 0; |
161 | ||
8a758e96 RL |
162 | if ((selection & RSA_POSSIBLE_SELECTIONS) == 0) |
163 | return 0; | |
164 | ||
165 | rsa_type = RSA_test_flags(rsa, RSA_FLAG_TYPE_MASK); | |
166 | ||
8a758e96 | 167 | if ((selection & OSSL_KEYMGMT_SELECT_OTHER_PARAMETERS) != 0) |
bbde8566 TM |
168 | ok = ok && pss_params_fromdata(ossl_rsa_get0_pss_params_30(rsa), |
169 | &pss_defaults_set, | |
170 | params, rsa_type, | |
171 | ossl_rsa_get0_libctx(rsa)); | |
8dd5c603 | 172 | if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) |
23b2fc0b | 173 | ok = ok && ossl_rsa_fromdata(rsa, params); |
8dd5c603 RL |
174 | |
175 | return ok; | |
176 | } | |
177 | ||
178 | static int rsa_export(void *keydata, int selection, | |
179 | OSSL_CALLBACK *param_callback, void *cbarg) | |
180 | { | |
181 | RSA *rsa = keydata; | |
23b2fc0b | 182 | const RSA_PSS_PARAMS_30 *pss_params = ossl_rsa_get0_pss_params_30(rsa); |
6d4e6009 | 183 | OSSL_PARAM_BLD *tmpl; |
1640d48c | 184 | OSSL_PARAM *params = NULL; |
8dd5c603 RL |
185 | int ok = 1; |
186 | ||
422cbcee | 187 | if (!ossl_prov_is_running() || rsa == NULL) |
8dd5c603 RL |
188 | return 0; |
189 | ||
9a485440 TM |
190 | if ((selection & RSA_POSSIBLE_SELECTIONS) == 0) |
191 | return 0; | |
192 | ||
6d4e6009 P |
193 | tmpl = OSSL_PARAM_BLD_new(); |
194 | if (tmpl == NULL) | |
195 | return 0; | |
8dd5c603 | 196 | |
8a758e96 | 197 | if ((selection & OSSL_KEYMGMT_SELECT_OTHER_PARAMETERS) != 0) |
23b2fc0b P |
198 | ok = ok && (ossl_rsa_pss_params_30_is_unrestricted(pss_params) |
199 | || ossl_rsa_pss_params_30_todata(pss_params, tmpl, NULL)); | |
8dd5c603 | 200 | if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) |
23b2fc0b | 201 | ok = ok && ossl_rsa_todata(rsa, tmpl, NULL); |
8dd5c603 RL |
202 | |
203 | if (!ok | |
96ebe52e SL |
204 | || (params = OSSL_PARAM_BLD_to_param(tmpl)) == NULL) |
205 | goto err; | |
8dd5c603 RL |
206 | |
207 | ok = param_callback(params, cbarg); | |
6d4e6009 | 208 | OSSL_PARAM_BLD_free_params(params); |
96ebe52e SL |
209 | err: |
210 | OSSL_PARAM_BLD_free(tmpl); | |
8dd5c603 | 211 | return ok; |
29be6023 RL |
212 | } |
213 | ||
f844f9eb | 214 | #ifdef FIPS_MODULE |
96ebe52e SL |
215 | /* In fips mode there are no multi-primes. */ |
216 | # define RSA_KEY_MP_TYPES() \ | |
217 | OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR1, NULL, 0), \ | |
218 | OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR2, NULL, 0), \ | |
219 | OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT1, NULL, 0), \ | |
220 | OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT2, NULL, 0), \ | |
221 | OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_COEFFICIENT1, NULL, 0), | |
222 | #else | |
223 | /* | |
224 | * We allow up to 10 prime factors (starting with p, q). | |
225 | * NOTE: there is only 9 OSSL_PKEY_PARAM_RSA_COEFFICIENT | |
226 | */ | |
227 | # define RSA_KEY_MP_TYPES() \ | |
228 | OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR1, NULL, 0), \ | |
229 | OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR2, NULL, 0), \ | |
230 | OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR3, NULL, 0), \ | |
231 | OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR4, NULL, 0), \ | |
232 | OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR5, NULL, 0), \ | |
233 | OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR6, NULL, 0), \ | |
234 | OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR7, NULL, 0), \ | |
235 | OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR8, NULL, 0), \ | |
236 | OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR9, NULL, 0), \ | |
237 | OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR10, NULL, 0), \ | |
238 | OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT1, NULL, 0), \ | |
239 | OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT2, NULL, 0), \ | |
240 | OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT3, NULL, 0), \ | |
241 | OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT4, NULL, 0), \ | |
242 | OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT5, NULL, 0), \ | |
243 | OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT6, NULL, 0), \ | |
244 | OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT7, NULL, 0), \ | |
245 | OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT8, NULL, 0), \ | |
246 | OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT9, NULL, 0), \ | |
247 | OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT10, NULL, 0), \ | |
248 | OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_COEFFICIENT1, NULL, 0), \ | |
249 | OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_COEFFICIENT2, NULL, 0), \ | |
250 | OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_COEFFICIENT3, NULL, 0), \ | |
251 | OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_COEFFICIENT4, NULL, 0), \ | |
252 | OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_COEFFICIENT5, NULL, 0), \ | |
253 | OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_COEFFICIENT6, NULL, 0), \ | |
254 | OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_COEFFICIENT7, NULL, 0), \ | |
255 | OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_COEFFICIENT8, NULL, 0), \ | |
256 | OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_COEFFICIENT9, NULL, 0), | |
257 | #endif | |
258 | ||
259 | #define RSA_KEY_TYPES() \ | |
260 | OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_N, NULL, 0), \ | |
261 | OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_E, NULL, 0), \ | |
262 | OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_D, NULL, 0), \ | |
263 | RSA_KEY_MP_TYPES() | |
264 | ||
29be6023 RL |
265 | /* |
266 | * This provider can export everything in an RSA key, so we use the exact | |
267 | * same type description for export as for import. Other providers might | |
268 | * choose to import full keys, but only export the public parts, and will | |
269 | * therefore have the importkey_types and importkey_types functions return | |
270 | * different arrays. | |
271 | */ | |
272 | static const OSSL_PARAM rsa_key_types[] = { | |
96ebe52e SL |
273 | RSA_KEY_TYPES() |
274 | OSSL_PARAM_END | |
29be6023 RL |
275 | }; |
276 | /* | |
277 | * We lied about the amount of factors, exponents and coefficients, the | |
278 | * export and import functions can really deal with an infinite amount | |
279 | * of these numbers. However, RSA keys with too many primes are futile, | |
280 | * so we at least pretend to have some limits. | |
281 | */ | |
282 | ||
273a67e3 | 283 | static const OSSL_PARAM *rsa_imexport_types(int selection) |
29be6023 | 284 | { |
273a67e3 | 285 | if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) |
8dd5c603 RL |
286 | return rsa_key_types; |
287 | return NULL; | |
29be6023 RL |
288 | } |
289 | ||
8dd5c603 | 290 | static const OSSL_PARAM *rsa_import_types(int selection) |
29be6023 | 291 | { |
273a67e3 RL |
292 | return rsa_imexport_types(selection); |
293 | } | |
294 | ||
273a67e3 RL |
295 | static const OSSL_PARAM *rsa_export_types(int selection) |
296 | { | |
297 | return rsa_imexport_types(selection); | |
29be6023 RL |
298 | } |
299 | ||
8dd5c603 | 300 | static int rsa_get_params(void *key, OSSL_PARAM params[]) |
9e5aaf78 RL |
301 | { |
302 | RSA *rsa = key; | |
23b2fc0b | 303 | const RSA_PSS_PARAMS_30 *pss_params = ossl_rsa_get0_pss_params_30(rsa); |
8a758e96 | 304 | int rsa_type = RSA_test_flags(rsa, RSA_FLAG_TYPE_MASK); |
9e5aaf78 RL |
305 | OSSL_PARAM *p; |
306 | ||
307 | if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_BITS)) != NULL | |
308 | && !OSSL_PARAM_set_int(p, RSA_bits(rsa))) | |
309 | return 0; | |
310 | if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_SECURITY_BITS)) != NULL | |
311 | && !OSSL_PARAM_set_int(p, RSA_security_bits(rsa))) | |
312 | return 0; | |
313 | if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_MAX_SIZE)) != NULL | |
314 | && !OSSL_PARAM_set_int(p, RSA_size(rsa))) | |
315 | return 0; | |
8baa49ae | 316 | |
8a758e96 | 317 | /* |
a2a5506b TM |
318 | * For restricted RSA-PSS keys, we ignore the default digest request. |
319 | * With RSA-OAEP keys, this may need to be amended. | |
8a758e96 RL |
320 | */ |
321 | if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_DEFAULT_DIGEST)) != NULL | |
a2a5506b TM |
322 | && (rsa_type != RSA_FLAG_TYPE_RSASSAPSS |
323 | || ossl_rsa_pss_params_30_is_unrestricted(pss_params))) { | |
8a758e96 RL |
324 | if (!OSSL_PARAM_set_utf8_string(p, RSA_DEFAULT_MD)) |
325 | return 0; | |
326 | } | |
327 | ||
328 | /* | |
a2a5506b TM |
329 | * For non-RSA-PSS keys, we ignore the mandatory digest request. |
330 | * With RSA-OAEP keys, this may need to be amended. | |
8a758e96 | 331 | */ |
8baa49ae RL |
332 | if ((p = OSSL_PARAM_locate(params, |
333 | OSSL_PKEY_PARAM_MANDATORY_DIGEST)) != NULL | |
e442cdae P |
334 | && rsa_type == RSA_FLAG_TYPE_RSASSAPSS |
335 | && !ossl_rsa_pss_params_30_is_unrestricted(pss_params)) { | |
336 | const char *mdname = | |
337 | ossl_rsa_oaeppss_nid2name(ossl_rsa_pss_params_30_hashalg(pss_params)); | |
8baa49ae | 338 | |
e442cdae P |
339 | if (mdname == NULL || !OSSL_PARAM_set_utf8_string(p, mdname)) |
340 | return 0; | |
afb638f1 | 341 | } |
8a758e96 | 342 | return (rsa_type != RSA_FLAG_TYPE_RSASSAPSS |
23b2fc0b P |
343 | || ossl_rsa_pss_params_30_todata(pss_params, NULL, params)) |
344 | && ossl_rsa_todata(rsa, NULL, params); | |
9e5aaf78 RL |
345 | } |
346 | ||
273a67e3 RL |
347 | static const OSSL_PARAM rsa_params[] = { |
348 | OSSL_PARAM_int(OSSL_PKEY_PARAM_BITS, NULL), | |
349 | OSSL_PARAM_int(OSSL_PKEY_PARAM_SECURITY_BITS, NULL), | |
350 | OSSL_PARAM_int(OSSL_PKEY_PARAM_MAX_SIZE, NULL), | |
351 | OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_DEFAULT_DIGEST, NULL, 0), | |
96ebe52e | 352 | RSA_KEY_TYPES() |
273a67e3 RL |
353 | OSSL_PARAM_END |
354 | }; | |
355 | ||
af5e1e85 | 356 | static const OSSL_PARAM *rsa_gettable_params(void *provctx) |
273a67e3 RL |
357 | { |
358 | return rsa_params; | |
359 | } | |
360 | ||
899e2564 | 361 | static int rsa_validate(const void *keydata, int selection, int checktype) |
12603de6 | 362 | { |
d1fb6b48 | 363 | const RSA *rsa = keydata; |
9a485440 | 364 | int ok = 1; |
8dd5c603 | 365 | |
422cbcee P |
366 | if (!ossl_prov_is_running()) |
367 | return 0; | |
368 | ||
9a485440 TM |
369 | if ((selection & RSA_POSSIBLE_SELECTIONS) == 0) |
370 | return 1; /* nothing to validate */ | |
8dd5c603 RL |
371 | |
372 | /* If the whole key is selected, we do a pairwise validation */ | |
373 | if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) | |
374 | == OSSL_KEYMGMT_SELECT_KEYPAIR) { | |
23b2fc0b | 375 | ok = ok && ossl_rsa_validate_pairwise(rsa); |
8dd5c603 RL |
376 | } else { |
377 | if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) | |
23b2fc0b | 378 | ok = ok && ossl_rsa_validate_private(rsa); |
8dd5c603 | 379 | if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) |
23b2fc0b | 380 | ok = ok && ossl_rsa_validate_public(rsa); |
8dd5c603 RL |
381 | } |
382 | return ok; | |
12603de6 SL |
383 | } |
384 | ||
2972af10 | 385 | struct rsa_gen_ctx { |
b4250010 | 386 | OSSL_LIB_CTX *libctx; |
719523c7 | 387 | const char *propq; |
2972af10 | 388 | |
8a758e96 RL |
389 | int rsa_type; |
390 | ||
2972af10 RL |
391 | size_t nbits; |
392 | BIGNUM *pub_exp; | |
393 | size_t primes; | |
394 | ||
8a758e96 RL |
395 | /* For PSS */ |
396 | RSA_PSS_PARAMS_30 pss_params; | |
bbde8566 | 397 | int pss_defaults_set; |
8a758e96 | 398 | |
2972af10 RL |
399 | /* For generation callback */ |
400 | OSSL_CALLBACK *cb; | |
401 | void *cbarg; | |
4f2271d5 SL |
402 | |
403 | #if defined(FIPS_MODULE) && !defined(OPENSSL_NO_ACVP_TESTS) | |
404 | /* ACVP test parameters */ | |
405 | OSSL_PARAM *acvp_test_params; | |
406 | #endif | |
2972af10 RL |
407 | }; |
408 | ||
409 | static int rsa_gencb(int p, int n, BN_GENCB *cb) | |
410 | { | |
411 | struct rsa_gen_ctx *gctx = BN_GENCB_get_arg(cb); | |
412 | OSSL_PARAM params[] = { OSSL_PARAM_END, OSSL_PARAM_END, OSSL_PARAM_END }; | |
413 | ||
414 | params[0] = OSSL_PARAM_construct_int(OSSL_GEN_PARAM_POTENTIAL, &p); | |
415 | params[1] = OSSL_PARAM_construct_int(OSSL_GEN_PARAM_ITERATION, &n); | |
2972af10 RL |
416 | return gctx->cb(params, gctx->cbarg); |
417 | } | |
418 | ||
f9562909 P |
419 | static void *gen_init(void *provctx, int selection, int rsa_type, |
420 | const OSSL_PARAM params[]) | |
2972af10 | 421 | { |
a829b735 | 422 | OSSL_LIB_CTX *libctx = PROV_LIBCTX_OF(provctx); |
2972af10 RL |
423 | struct rsa_gen_ctx *gctx = NULL; |
424 | ||
422cbcee P |
425 | if (!ossl_prov_is_running()) |
426 | return NULL; | |
427 | ||
2972af10 RL |
428 | if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) == 0) |
429 | return NULL; | |
430 | ||
431 | if ((gctx = OPENSSL_zalloc(sizeof(*gctx))) != NULL) { | |
432 | gctx->libctx = libctx; | |
433 | if ((gctx->pub_exp = BN_new()) == NULL | |
434 | || !BN_set_word(gctx->pub_exp, RSA_F4)) { | |
435 | BN_free(gctx->pub_exp); | |
ba61a0e6 | 436 | OPENSSL_free(gctx); |
2972af10 RL |
437 | gctx = NULL; |
438 | } else { | |
439 | gctx->nbits = 2048; | |
440 | gctx->primes = RSA_DEFAULT_PRIME_NUM; | |
4d55122e | 441 | gctx->rsa_type = rsa_type; |
2972af10 RL |
442 | } |
443 | } | |
f9562909 P |
444 | if (!rsa_gen_set_params(gctx, params)) { |
445 | OPENSSL_free(gctx); | |
446 | gctx = NULL; | |
447 | } | |
2972af10 RL |
448 | return gctx; |
449 | } | |
450 | ||
f9562909 P |
451 | static void *rsa_gen_init(void *provctx, int selection, |
452 | const OSSL_PARAM params[]) | |
8a758e96 | 453 | { |
f9562909 | 454 | return gen_init(provctx, selection, RSA_FLAG_TYPE_RSA, params); |
8a758e96 RL |
455 | } |
456 | ||
f9562909 P |
457 | static void *rsapss_gen_init(void *provctx, int selection, |
458 | const OSSL_PARAM params[]) | |
8a758e96 | 459 | { |
f9562909 | 460 | return gen_init(provctx, selection, RSA_FLAG_TYPE_RSASSAPSS, params); |
8a758e96 RL |
461 | } |
462 | ||
463 | /* | |
464 | * This function is common for all RSA sub-types, to detect possible | |
465 | * misuse, such as PSS parameters being passed when a plain RSA key | |
466 | * is generated. | |
467 | */ | |
2972af10 RL |
468 | static int rsa_gen_set_params(void *genctx, const OSSL_PARAM params[]) |
469 | { | |
470 | struct rsa_gen_ctx *gctx = genctx; | |
471 | const OSSL_PARAM *p; | |
472 | ||
f9562909 P |
473 | if (params == NULL) |
474 | return 1; | |
475 | ||
2972af10 RL |
476 | if ((p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_BITS)) != NULL |
477 | && !OSSL_PARAM_get_size_t(p, &gctx->nbits)) | |
478 | return 0; | |
479 | if ((p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_PRIMES)) != NULL | |
480 | && !OSSL_PARAM_get_size_t(p, &gctx->primes)) | |
481 | return 0; | |
482 | if ((p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_E)) != NULL | |
483 | && !OSSL_PARAM_get_BN(p, &gctx->pub_exp)) | |
484 | return 0; | |
8a758e96 RL |
485 | /* Only attempt to get PSS parameters when generating an RSA-PSS key */ |
486 | if (gctx->rsa_type == RSA_FLAG_TYPE_RSASSAPSS | |
bbde8566 TM |
487 | && !pss_params_fromdata(&gctx->pss_params, &gctx->pss_defaults_set, params, |
488 | gctx->rsa_type, gctx->libctx)) | |
8a758e96 | 489 | return 0; |
4f2271d5 SL |
490 | #if defined(FIPS_MODULE) && !defined(OPENSSL_NO_ACVP_TESTS) |
491 | /* Any ACVP test related parameters are copied into a params[] */ | |
492 | if (!rsa_acvp_test_gen_params_new(&gctx->acvp_test_params, params)) | |
493 | return 0; | |
494 | #endif | |
2972af10 RL |
495 | return 1; |
496 | } | |
497 | ||
8a758e96 RL |
498 | #define rsa_gen_basic \ |
499 | OSSL_PARAM_size_t(OSSL_PKEY_PARAM_RSA_BITS, NULL), \ | |
500 | OSSL_PARAM_size_t(OSSL_PKEY_PARAM_RSA_PRIMES, NULL), \ | |
501 | OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_E, NULL, 0) | |
502 | ||
503 | /* | |
23b2fc0b | 504 | * The following must be kept in sync with ossl_rsa_pss_params_30_fromdata() |
8a758e96 RL |
505 | * in crypto/rsa/rsa_backend.c |
506 | */ | |
507 | #define rsa_gen_pss \ | |
508 | OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_RSA_DIGEST, NULL, 0), \ | |
719523c7 | 509 | OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_RSA_DIGEST_PROPS, NULL, 0), \ |
8a758e96 RL |
510 | OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_RSA_MASKGENFUNC, NULL, 0), \ |
511 | OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_RSA_MGF1_DIGEST, NULL, 0), \ | |
512 | OSSL_PARAM_int(OSSL_PKEY_PARAM_RSA_PSS_SALTLEN, NULL) | |
513 | ||
fb67126e TM |
514 | static const OSSL_PARAM *rsa_gen_settable_params(ossl_unused void *genctx, |
515 | ossl_unused void *provctx) | |
2972af10 RL |
516 | { |
517 | static OSSL_PARAM settable[] = { | |
8a758e96 RL |
518 | rsa_gen_basic, |
519 | OSSL_PARAM_END | |
520 | }; | |
521 | ||
522 | return settable; | |
523 | } | |
524 | ||
fb67126e TM |
525 | static const OSSL_PARAM *rsapss_gen_settable_params(ossl_unused void *genctx, |
526 | ossl_unused void *provctx) | |
8a758e96 RL |
527 | { |
528 | static OSSL_PARAM settable[] = { | |
529 | rsa_gen_basic, | |
530 | rsa_gen_pss, | |
2972af10 RL |
531 | OSSL_PARAM_END |
532 | }; | |
533 | ||
534 | return settable; | |
535 | } | |
536 | ||
537 | static void *rsa_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg) | |
538 | { | |
539 | struct rsa_gen_ctx *gctx = genctx; | |
8a758e96 | 540 | RSA *rsa = NULL, *rsa_tmp = NULL; |
2972af10 RL |
541 | BN_GENCB *gencb = NULL; |
542 | ||
422cbcee | 543 | if (!ossl_prov_is_running() || gctx == NULL) |
3f17066f P |
544 | return NULL; |
545 | ||
8a758e96 RL |
546 | switch (gctx->rsa_type) { |
547 | case RSA_FLAG_TYPE_RSA: | |
548 | /* For plain RSA keys, PSS parameters must not be set */ | |
23b2fc0b | 549 | if (!ossl_rsa_pss_params_30_is_unrestricted(&gctx->pss_params)) |
8a758e96 RL |
550 | goto err; |
551 | break; | |
552 | case RSA_FLAG_TYPE_RSASSAPSS: | |
553 | /* | |
554 | * For plain RSA-PSS keys, PSS parameters may be set but don't have | |
555 | * to, so not check. | |
556 | */ | |
557 | break; | |
558 | default: | |
559 | /* Unsupported RSA key sub-type... */ | |
560 | return NULL; | |
561 | } | |
562 | ||
23b2fc0b | 563 | if ((rsa_tmp = ossl_rsa_new_with_ctx(gctx->libctx)) == NULL) |
2972af10 RL |
564 | return NULL; |
565 | ||
566 | gctx->cb = osslcb; | |
567 | gctx->cbarg = cbarg; | |
568 | gencb = BN_GENCB_new(); | |
569 | if (gencb != NULL) | |
570 | BN_GENCB_set(gencb, rsa_gencb, genctx); | |
571 | ||
4f2271d5 SL |
572 | #if defined(FIPS_MODULE) && !defined(OPENSSL_NO_ACVP_TESTS) |
573 | if (gctx->acvp_test_params != NULL) { | |
574 | if (!rsa_acvp_test_set_params(rsa_tmp, gctx->acvp_test_params)) | |
575 | goto err; | |
576 | } | |
577 | #endif | |
578 | ||
8a758e96 RL |
579 | if (!RSA_generate_multi_prime_key(rsa_tmp, |
580 | (int)gctx->nbits, (int)gctx->primes, | |
581 | gctx->pub_exp, gencb)) | |
582 | goto err; | |
2972af10 | 583 | |
23b2fc0b P |
584 | if (!ossl_rsa_pss_params_30_copy(ossl_rsa_get0_pss_params_30(rsa_tmp), |
585 | &gctx->pss_params)) | |
8a758e96 | 586 | goto err; |
2972af10 | 587 | |
8a758e96 RL |
588 | RSA_clear_flags(rsa_tmp, RSA_FLAG_TYPE_MASK); |
589 | RSA_set_flags(rsa_tmp, gctx->rsa_type); | |
590 | ||
591 | rsa = rsa_tmp; | |
592 | rsa_tmp = NULL; | |
593 | err: | |
594 | BN_GENCB_free(gencb); | |
595 | RSA_free(rsa_tmp); | |
2972af10 RL |
596 | return rsa; |
597 | } | |
598 | ||
599 | static void rsa_gen_cleanup(void *genctx) | |
600 | { | |
601 | struct rsa_gen_ctx *gctx = genctx; | |
602 | ||
603 | if (gctx == NULL) | |
604 | return; | |
4f2271d5 SL |
605 | #if defined(FIPS_MODULE) && !defined(OPENSSL_NO_ACVP_TESTS) |
606 | rsa_acvp_test_gen_params_free(gctx->acvp_test_params); | |
607 | gctx->acvp_test_params = NULL; | |
608 | #endif | |
2972af10 RL |
609 | BN_clear_free(gctx->pub_exp); |
610 | OPENSSL_free(gctx); | |
611 | } | |
612 | ||
1017b8e4 RL |
613 | void *rsa_load(const void *reference, size_t reference_sz) |
614 | { | |
615 | RSA *rsa = NULL; | |
616 | ||
422cbcee | 617 | if (ossl_prov_is_running() && reference_sz == sizeof(rsa)) { |
1017b8e4 RL |
618 | /* The contents of the reference is the address to our object */ |
619 | rsa = *(RSA **)reference; | |
620 | /* We grabbed, so we detach it */ | |
621 | *(RSA **)reference = NULL; | |
622 | return rsa; | |
623 | } | |
624 | return NULL; | |
625 | } | |
626 | ||
8a758e96 | 627 | /* For any RSA key, we use the "RSA" algorithms regardless of sub-type. */ |
80f4fd18 | 628 | static const char *rsa_query_operation_name(int operation_id) |
8a758e96 RL |
629 | { |
630 | return "RSA"; | |
631 | } | |
632 | ||
1be63951 | 633 | const OSSL_DISPATCH ossl_rsa_keymgmt_functions[] = { |
8dd5c603 | 634 | { OSSL_FUNC_KEYMGMT_NEW, (void (*)(void))rsa_newdata }, |
2972af10 RL |
635 | { OSSL_FUNC_KEYMGMT_GEN_INIT, (void (*)(void))rsa_gen_init }, |
636 | { OSSL_FUNC_KEYMGMT_GEN_SET_PARAMS, | |
637 | (void (*)(void))rsa_gen_set_params }, | |
638 | { OSSL_FUNC_KEYMGMT_GEN_SETTABLE_PARAMS, | |
639 | (void (*)(void))rsa_gen_settable_params }, | |
640 | { OSSL_FUNC_KEYMGMT_GEN, (void (*)(void))rsa_gen }, | |
641 | { OSSL_FUNC_KEYMGMT_GEN_CLEANUP, (void (*)(void))rsa_gen_cleanup }, | |
1017b8e4 | 642 | { OSSL_FUNC_KEYMGMT_LOAD, (void (*)(void))rsa_load }, |
8dd5c603 | 643 | { OSSL_FUNC_KEYMGMT_FREE, (void (*)(void))rsa_freedata }, |
273a67e3 RL |
644 | { OSSL_FUNC_KEYMGMT_GET_PARAMS, (void (*) (void))rsa_get_params }, |
645 | { OSSL_FUNC_KEYMGMT_GETTABLE_PARAMS, (void (*) (void))rsa_gettable_params }, | |
8dd5c603 | 646 | { OSSL_FUNC_KEYMGMT_HAS, (void (*)(void))rsa_has }, |
2888fc15 | 647 | { OSSL_FUNC_KEYMGMT_MATCH, (void (*)(void))rsa_match }, |
273a67e3 | 648 | { OSSL_FUNC_KEYMGMT_VALIDATE, (void (*)(void))rsa_validate }, |
8dd5c603 RL |
649 | { OSSL_FUNC_KEYMGMT_IMPORT, (void (*)(void))rsa_import }, |
650 | { OSSL_FUNC_KEYMGMT_IMPORT_TYPES, (void (*)(void))rsa_import_types }, | |
651 | { OSSL_FUNC_KEYMGMT_EXPORT, (void (*)(void))rsa_export }, | |
652 | { OSSL_FUNC_KEYMGMT_EXPORT_TYPES, (void (*)(void))rsa_export_types }, | |
29be6023 RL |
653 | { 0, NULL } |
654 | }; | |
8a758e96 | 655 | |
1be63951 | 656 | const OSSL_DISPATCH ossl_rsapss_keymgmt_functions[] = { |
8a758e96 RL |
657 | { OSSL_FUNC_KEYMGMT_NEW, (void (*)(void))rsapss_newdata }, |
658 | { OSSL_FUNC_KEYMGMT_GEN_INIT, (void (*)(void))rsapss_gen_init }, | |
659 | { OSSL_FUNC_KEYMGMT_GEN_SET_PARAMS, (void (*)(void))rsa_gen_set_params }, | |
660 | { OSSL_FUNC_KEYMGMT_GEN_SETTABLE_PARAMS, | |
661 | (void (*)(void))rsapss_gen_settable_params }, | |
662 | { OSSL_FUNC_KEYMGMT_GEN, (void (*)(void))rsa_gen }, | |
663 | { OSSL_FUNC_KEYMGMT_GEN_CLEANUP, (void (*)(void))rsa_gen_cleanup }, | |
a4e55ccc | 664 | { OSSL_FUNC_KEYMGMT_LOAD, (void (*)(void))rsa_load }, |
8a758e96 RL |
665 | { OSSL_FUNC_KEYMGMT_FREE, (void (*)(void))rsa_freedata }, |
666 | { OSSL_FUNC_KEYMGMT_GET_PARAMS, (void (*) (void))rsa_get_params }, | |
667 | { OSSL_FUNC_KEYMGMT_GETTABLE_PARAMS, (void (*) (void))rsa_gettable_params }, | |
668 | { OSSL_FUNC_KEYMGMT_HAS, (void (*)(void))rsa_has }, | |
456b3b97 | 669 | { OSSL_FUNC_KEYMGMT_MATCH, (void (*)(void))rsa_match }, |
8a758e96 RL |
670 | { OSSL_FUNC_KEYMGMT_VALIDATE, (void (*)(void))rsa_validate }, |
671 | { OSSL_FUNC_KEYMGMT_IMPORT, (void (*)(void))rsa_import }, | |
672 | { OSSL_FUNC_KEYMGMT_IMPORT_TYPES, (void (*)(void))rsa_import_types }, | |
673 | { OSSL_FUNC_KEYMGMT_EXPORT, (void (*)(void))rsa_export }, | |
674 | { OSSL_FUNC_KEYMGMT_EXPORT_TYPES, (void (*)(void))rsa_export_types }, | |
675 | { OSSL_FUNC_KEYMGMT_QUERY_OPERATION_NAME, | |
80f4fd18 | 676 | (void (*)(void))rsa_query_operation_name }, |
8a758e96 RL |
677 | { 0, NULL } |
678 | }; |