]> git.ipfire.org Git - thirdparty/openssl.git/blame - crypto/rsa/rsa_ameth.c
projects / thirdparty / openssl.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Remove unused parameters from internal functions
[thirdparty/openssl.git] / crypto / rsa / rsa_ameth.c
CommitLineData
0f113f3e
MC		 1/*
2 * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
3 * 2006.
448be743
DSH		 4 */
5/* ====================================================================
6 * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
0f113f3e 13 * notice, this list of conditions and the following disclaimer.
448be743
DSH		 14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
b39fc560 60#include "internal/cryptlib.h"
448be743
DSH		 61#include <openssl/asn1t.h>
62#include <openssl/x509.h>
63#include <openssl/rsa.h>
1e26a8ba 64#include <openssl/bn.h>
8931b30d 65#ifndef OPENSSL_NO_CMS
0f113f3e 66# include <openssl/cms.h>
8931b30d 67#endif
5fe736e5 68#include "internal/asn1_int.h"
3aeb9348 69#include "internal/evp_int.h"
448be743 70
e968561d 71#ifndef OPENSSL_NO_CMS
0574cadf
DSH		 72static int rsa_cms_sign(CMS_SignerInfo *si);
73static int rsa_cms_verify(CMS_SignerInfo *si);
74static int rsa_cms_decrypt(CMS_RecipientInfo *ri);
75static int rsa_cms_encrypt(CMS_RecipientInfo *ri);
e968561d 76#endif
0574cadf 77
6f81892e 78static int rsa_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey)
0f113f3e
MC		 79{
80 unsigned char *penc = NULL;
81 int penclen;
82 penclen = i2d_RSAPublicKey(pkey->pkey.rsa, &penc);
83 if (penclen <= 0)
84 return 0;
85 if (X509_PUBKEY_set0_param(pk, OBJ_nid2obj(EVP_PKEY_RSA),
86 V_ASN1_NULL, NULL, penc, penclen))
87 return 1;
88
89 OPENSSL_free(penc);
90 return 0;
91}
448be743
DSH		 92
93static int rsa_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey)
0f113f3e
MC		 94{
95 const unsigned char *p;
96 int pklen;
97 RSA *rsa = NULL;
75ebbd9a 98
0f113f3e
MC		 99 if (!X509_PUBKEY_get0_param(NULL, &p, &pklen, NULL, pubkey))
100 return 0;
75ebbd9a 101 if ((rsa = d2i_RSAPublicKey(NULL, &p, pklen)) == NULL) {
0f113f3e
MC		 102 RSAerr(RSA_F_RSA_PUB_DECODE, ERR_R_RSA_LIB);
103 return 0;
104 }
105 EVP_PKEY_assign_RSA(pkey, rsa);
106 return 1;
107}
448be743 108
6f81892e 109static int rsa_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b)
0f113f3e
MC		 110{
111 if (BN_cmp(b->pkey.rsa->n, a->pkey.rsa->n) != 0
112 || BN_cmp(b->pkey.rsa->e, a->pkey.rsa->e) != 0)
113 return 0;
114 return 1;
115}
6f81892e 116
e4263314 117static int old_rsa_priv_decode(EVP_PKEY *pkey,
0f113f3e
MC		 118 const unsigned char **pder, int derlen)
119{
120 RSA *rsa;
75ebbd9a
RS		 121
122 if ((rsa = d2i_RSAPrivateKey(NULL, pder, derlen)) == NULL) {
0f113f3e
MC		 123 RSAerr(RSA_F_OLD_RSA_PRIV_DECODE, ERR_R_RSA_LIB);
124 return 0;
125 }
126 EVP_PKEY_assign_RSA(pkey, rsa);
127 return 1;
128}
448be743 129
e4263314 130static int old_rsa_priv_encode(const EVP_PKEY *pkey, unsigned char **pder)
0f113f3e
MC		 131{
132 return i2d_RSAPrivateKey(pkey->pkey.rsa, pder);
133}
e4263314 134
6f81892e 135static int rsa_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey)
0f113f3e
MC		 136{
137 unsigned char *rk = NULL;
138 int rklen;
139 rklen = i2d_RSAPrivateKey(pkey->pkey.rsa, &rk);
140
141 if (rklen <= 0) {
142 RSAerr(RSA_F_RSA_PRIV_ENCODE, ERR_R_MALLOC_FAILURE);
143 return 0;
144 }
145
146 if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(NID_rsaEncryption), 0,
147 V_ASN1_NULL, NULL, rk, rklen)) {
148 RSAerr(RSA_F_RSA_PRIV_ENCODE, ERR_R_MALLOC_FAILURE);
149 return 0;
150 }
151
152 return 1;
153}
448be743 154
e4263314 155static int rsa_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8)
0f113f3e
MC		 156{
157 const unsigned char *p;
158 int pklen;
159 if (!PKCS8_pkey_get0(NULL, &p, &pklen, NULL, p8))
160 return 0;
161 return old_rsa_priv_decode(pkey, &p, pklen);
162}
e4263314 163
6f81892e 164static int int_rsa_size(const EVP_PKEY *pkey)
0f113f3e
MC		 165{
166 return RSA_size(pkey->pkey.rsa);
167}
6f81892e
DSH		 168
169static int rsa_bits(const EVP_PKEY *pkey)
0f113f3e
MC		 170{
171 return BN_num_bits(pkey->pkey.rsa->n);
172}
6f81892e 173
2514fa79 174static int rsa_security_bits(const EVP_PKEY *pkey)
0f113f3e
MC		 175{
176 return RSA_security_bits(pkey->pkey.rsa);
177}
2514fa79 178
6f81892e 179static void int_rsa_free(EVP_PKEY *pkey)
0f113f3e
MC		 180{
181 RSA_free(pkey->pkey.rsa);
182}
35208f36 183
35208f36 184static int do_rsa_print(BIO *bp, const RSA *x, int off, int priv)
0f113f3e
MC		 185{
186 char *str;
187 const char *s;
0f113f3e 188 int ret = 0, mod_len = 0;
0f113f3e
MC		 189
190 if (x->n != NULL)
191 mod_len = BN_num_bits(x->n);
192
193 if (!BIO_indent(bp, off, 128))
194 goto err;
195
196 if (priv && x->d) {
a773b52a 197 if (BIO_printf(bp, "Private-Key: (%d bit)\n", mod_len) <= 0)
0f113f3e
MC		 198 goto err;
199 str = "modulus:";
200 s = "publicExponent:";
201 } else {
a773b52a 202 if (BIO_printf(bp, "Public-Key: (%d bit)\n", mod_len) <= 0)
0f113f3e
MC		 203 goto err;
204 str = "Modulus:";
205 s = "Exponent:";
206 }
a773b52a 207 if (!ASN1_bn_print(bp, str, x->n, NULL, off))
0f113f3e 208 goto err;
a773b52a 209 if (!ASN1_bn_print(bp, s, x->e, NULL, off))
0f113f3e
MC		 210 goto err;
211 if (priv) {
a773b52a 212 if (!ASN1_bn_print(bp, "privateExponent:", x->d, NULL, off))
0f113f3e 213 goto err;
a773b52a 214 if (!ASN1_bn_print(bp, "prime1:", x->p, NULL, off))
0f113f3e 215 goto err;
a773b52a 216 if (!ASN1_bn_print(bp, "prime2:", x->q, NULL, off))
0f113f3e 217 goto err;
a773b52a 218 if (!ASN1_bn_print(bp, "exponent1:", x->dmp1, NULL, off))
0f113f3e 219 goto err;
a773b52a 220 if (!ASN1_bn_print(bp, "exponent2:", x->dmq1, NULL, off))
0f113f3e 221 goto err;
a773b52a 222 if (!ASN1_bn_print(bp, "coefficient:", x->iqmp, NULL, off))
0f113f3e
MC		 223 goto err;
224 }
225 ret = 1;
226 err:
0f113f3e
MC		 227 return (ret);
228}
35208f36
DSH		 229
230static int rsa_pub_print(BIO *bp, const EVP_PKEY *pkey, int indent,
0f113f3e
MC		 231 ASN1_PCTX *ctx)
232{
233 return do_rsa_print(bp, pkey->pkey.rsa, indent, 0);
234}
35208f36
DSH		 235
236static int rsa_priv_print(BIO *bp, const EVP_PKEY *pkey, int indent,
0f113f3e
MC		 237 ASN1_PCTX *ctx)
238{
239 return do_rsa_print(bp, pkey->pkey.rsa, indent, 1);
240}
35208f36 241
0574cadf
DSH		 242/* Given an MGF1 Algorithm ID decode to an Algorithm Identifier */
243static X509_ALGOR *rsa_mgf1_decode(X509_ALGOR *alg)
0f113f3e 244{
0f113f3e
MC		 245 if (alg == NULL)
246 return NULL;
247 if (OBJ_obj2nid(alg->algorithm) != NID_mgf1)
248 return NULL;
e93c8748
DSH		 249 return ASN1_TYPE_unpack_sequence(ASN1_ITEM_rptr(X509_ALGOR),
250 alg->parameter);
0f113f3e 251}
0574cadf 252
63b825c9 253static RSA_PSS_PARAMS *rsa_pss_decode(const X509_ALGOR *alg,
0f113f3e
MC		 254 X509_ALGOR **pmaskHash)
255{
0f113f3e
MC		 256 RSA_PSS_PARAMS *pss;
257
258 *pmaskHash = NULL;
259
e93c8748
DSH		 260 pss = ASN1_TYPE_unpack_sequence(ASN1_ITEM_rptr(RSA_PSS_PARAMS),
261 alg->parameter);
0f113f3e
MC		 262
263 if (!pss)
264 return NULL;
265
266 *pmaskHash = rsa_mgf1_decode(pss->maskGenAlgorithm);
267
268 return pss;
269}
270
271static int rsa_pss_param_print(BIO *bp, RSA_PSS_PARAMS *pss,
272 X509_ALGOR *maskHash, int indent)
273{
274 int rv = 0;
275 if (!pss) {
276 if (BIO_puts(bp, " (INVALID PSS PARAMETERS)\n") <= 0)
277 return 0;
278 return 1;
279 }
280 if (BIO_puts(bp, "\n") <= 0)
281 goto err;
282 if (!BIO_indent(bp, indent, 128))
283 goto err;
284 if (BIO_puts(bp, "Hash Algorithm: ") <= 0)
285 goto err;
286
287 if (pss->hashAlgorithm) {
288 if (i2a_ASN1_OBJECT(bp, pss->hashAlgorithm->algorithm) <= 0)
289 goto err;
290 } else if (BIO_puts(bp, "sha1 (default)") <= 0)
291 goto err;
292
293 if (BIO_puts(bp, "\n") <= 0)
294 goto err;
295
296 if (!BIO_indent(bp, indent, 128))
297 goto err;
298
299 if (BIO_puts(bp, "Mask Algorithm: ") <= 0)
300 goto err;
301 if (pss->maskGenAlgorithm) {
302 if (i2a_ASN1_OBJECT(bp, pss->maskGenAlgorithm->algorithm) <= 0)
303 goto err;
304 if (BIO_puts(bp, " with ") <= 0)
305 goto err;
306 if (maskHash) {
307 if (i2a_ASN1_OBJECT(bp, maskHash->algorithm) <= 0)
308 goto err;
309 } else if (BIO_puts(bp, "INVALID") <= 0)
310 goto err;
311 } else if (BIO_puts(bp, "mgf1 with sha1 (default)") <= 0)
312 goto err;
313 BIO_puts(bp, "\n");
314
315 if (!BIO_indent(bp, indent, 128))
316 goto err;
317 if (BIO_puts(bp, "Salt Length: 0x") <= 0)
318 goto err;
319 if (pss->saltLength) {
320 if (i2a_ASN1_INTEGER(bp, pss->saltLength) <= 0)
321 goto err;
322 } else if (BIO_puts(bp, "14 (default)") <= 0)
323 goto err;
324 BIO_puts(bp, "\n");
325
326 if (!BIO_indent(bp, indent, 128))
327 goto err;
328 if (BIO_puts(bp, "Trailer Field: 0x") <= 0)
329 goto err;
330 if (pss->trailerField) {
331 if (i2a_ASN1_INTEGER(bp, pss->trailerField) <= 0)
332 goto err;
333 } else if (BIO_puts(bp, "BC (default)") <= 0)
334 goto err;
335 BIO_puts(bp, "\n");
336
337 rv = 1;
338
339 err:
340 return rv;
341
342}
ff04bbe3
DSH		 343
344static int rsa_sig_print(BIO *bp, const X509_ALGOR *sigalg,
0f113f3e
MC		 345 const ASN1_STRING *sig, int indent, ASN1_PCTX *pctx)
346{
347 if (OBJ_obj2nid(sigalg->algorithm) == NID_rsassaPss) {
348 int rv;
349 RSA_PSS_PARAMS *pss;
350 X509_ALGOR *maskHash;
351 pss = rsa_pss_decode(sigalg, &maskHash);
352 rv = rsa_pss_param_print(bp, pss, maskHash, indent);
25aaa98a 353 RSA_PSS_PARAMS_free(pss);
222561fe 354 X509_ALGOR_free(maskHash);
0f113f3e
MC		 355 if (!rv)
356 return 0;
357 } else if (!sig && BIO_puts(bp, "\n") <= 0)
358 return 0;
359 if (sig)
360 return X509_signature_dump(bp, sig, indent);
361 return 1;
362}
492a9e24
DSH		 363
364static int rsa_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
0f113f3e
MC		 365{
366 X509_ALGOR *alg = NULL;
367 switch (op) {
368
369 case ASN1_PKEY_CTRL_PKCS7_SIGN:
370 if (arg1 == 0)
371 PKCS7_SIGNER_INFO_get0_algs(arg2, NULL, NULL, &alg);
372 break;
373
374 case ASN1_PKEY_CTRL_PKCS7_ENCRYPT:
375 if (arg1 == 0)
376 PKCS7_RECIP_INFO_get0_alg(arg2, &alg);
377 break;
8931b30d 378#ifndef OPENSSL_NO_CMS
0f113f3e
MC		 379 case ASN1_PKEY_CTRL_CMS_SIGN:
380 if (arg1 == 0)
381 return rsa_cms_sign(arg2);
382 else if (arg1 == 1)
383 return rsa_cms_verify(arg2);
384 break;
385
386 case ASN1_PKEY_CTRL_CMS_ENVELOPE:
387 if (arg1 == 0)
388 return rsa_cms_encrypt(arg2);
389 else if (arg1 == 1)
390 return rsa_cms_decrypt(arg2);
391 break;
392
393 case ASN1_PKEY_CTRL_CMS_RI_TYPE:
394 *(int *)arg2 = CMS_RECIPINFO_TRANS;
395 return 1;
8931b30d 396#endif
a78568b7 397
0f113f3e
MC		 398 case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
399 *(int *)arg2 = NID_sha256;
400 return 1;
03919683 401
0f113f3e
MC		 402 default:
403 return -2;
492a9e24 404
0f113f3e 405 }
492a9e24 406
0f113f3e
MC		 407 if (alg)
408 X509_ALGOR_set0(alg, OBJ_nid2obj(NID_rsaEncryption), V_ASN1_NULL, 0);
4f1aa191 409
0f113f3e 410 return 1;
4f1aa191 411
0f113f3e 412}
492a9e24 413
0574cadf
DSH		 414/* allocate and set algorithm ID from EVP_MD, default SHA1 */
415static int rsa_md_to_algor(X509_ALGOR **palg, const EVP_MD *md)
0f113f3e
MC		 416{
417 if (EVP_MD_type(md) == NID_sha1)
418 return 1;
419 *palg = X509_ALGOR_new();
90945fa3 420 if (*palg == NULL)
0f113f3e
MC		 421 return 0;
422 X509_ALGOR_set_md(*palg, md);
423 return 1;
424}
0574cadf
DSH		 425
426/* Allocate and set MGF1 algorithm ID from EVP_MD */
427static int rsa_md_to_mgf1(X509_ALGOR **palg, const EVP_MD *mgf1md)
0f113f3e
MC		 428{
429 X509_ALGOR *algtmp = NULL;
430 ASN1_STRING *stmp = NULL;
431 *palg = NULL;
432 if (EVP_MD_type(mgf1md) == NID_sha1)
433 return 1;
434 /* need to embed algorithm ID inside another */
435 if (!rsa_md_to_algor(&algtmp, mgf1md))
436 goto err;
437 if (!ASN1_item_pack(algtmp, ASN1_ITEM_rptr(X509_ALGOR), &stmp))
438 goto err;
439 *palg = X509_ALGOR_new();
90945fa3 440 if (*palg == NULL)
0f113f3e
MC		 441 goto err;
442 X509_ALGOR_set0(*palg, OBJ_nid2obj(NID_mgf1), V_ASN1_SEQUENCE, stmp);
443 stmp = NULL;
444 err:
0dfb9398 445 ASN1_STRING_free(stmp);
222561fe 446 X509_ALGOR_free(algtmp);
0f113f3e
MC		 447 if (*palg)
448 return 1;
449 return 0;
450}
0574cadf
DSH		 451
452/* convert algorithm ID to EVP_MD, default SHA1 */
453static const EVP_MD *rsa_algor_to_md(X509_ALGOR *alg)
0f113f3e
MC		 454{
455 const EVP_MD *md;
456 if (!alg)
457 return EVP_sha1();
458 md = EVP_get_digestbyobj(alg->algorithm);
459 if (md == NULL)
460 RSAerr(RSA_F_RSA_ALGOR_TO_MD, RSA_R_UNKNOWN_DIGEST);
461 return md;
462}
463
0574cadf
DSH		 464/* convert MGF1 algorithm ID to EVP_MD, default SHA1 */
465static const EVP_MD *rsa_mgf1_to_md(X509_ALGOR *alg, X509_ALGOR *maskHash)
0f113f3e
MC		 466{
467 const EVP_MD *md;
468 if (!alg)
469 return EVP_sha1();
470 /* Check mask and lookup mask hash algorithm */
471 if (OBJ_obj2nid(alg->algorithm) != NID_mgf1) {
472 RSAerr(RSA_F_RSA_MGF1_TO_MD, RSA_R_UNSUPPORTED_MASK_ALGORITHM);
473 return NULL;
474 }
475 if (!maskHash) {
476 RSAerr(RSA_F_RSA_MGF1_TO_MD, RSA_R_UNSUPPORTED_MASK_PARAMETER);
477 return NULL;
478 }
479 md = EVP_get_digestbyobj(maskHash->algorithm);
480 if (md == NULL) {
481 RSAerr(RSA_F_RSA_MGF1_TO_MD, RSA_R_UNKNOWN_MASK_DIGEST);
482 return NULL;
483 }
484 return md;
485}
486
487/*
488 * Convert EVP_PKEY_CTX is PSS mode into corresponding algorithm parameter,
0574cadf 489 * suitable for setting an AlgorithmIdentifier.
31904ecd
DSH		 490 */
491
0574cadf 492static ASN1_STRING *rsa_ctx_to_pss(EVP_PKEY_CTX *pkctx)
0f113f3e
MC		 493{
494 const EVP_MD *sigmd, *mgf1md;
495 RSA_PSS_PARAMS *pss = NULL;
496 ASN1_STRING *os = NULL;
497 EVP_PKEY *pk = EVP_PKEY_CTX_get0_pkey(pkctx);
498 int saltlen, rv = 0;
499 if (EVP_PKEY_CTX_get_signature_md(pkctx, &sigmd) <= 0)
500 goto err;
501 if (EVP_PKEY_CTX_get_rsa_mgf1_md(pkctx, &mgf1md) <= 0)
502 goto err;
503 if (!EVP_PKEY_CTX_get_rsa_pss_saltlen(pkctx, &saltlen))
504 goto err;
505 if (saltlen == -1)
506 saltlen = EVP_MD_size(sigmd);
507 else if (saltlen == -2) {
508 saltlen = EVP_PKEY_size(pk) - EVP_MD_size(sigmd) - 2;
509 if (((EVP_PKEY_bits(pk) - 1) & 0x7) == 0)
510 saltlen--;
511 }
512 pss = RSA_PSS_PARAMS_new();
90945fa3 513 if (pss == NULL)
0f113f3e
MC		 514 goto err;
515 if (saltlen != 20) {
516 pss->saltLength = ASN1_INTEGER_new();
90945fa3 517 if (pss->saltLength == NULL)
0f113f3e
MC		 518 goto err;
519 if (!ASN1_INTEGER_set(pss->saltLength, saltlen))
520 goto err;
521 }
522 if (!rsa_md_to_algor(&pss->hashAlgorithm, sigmd))
523 goto err;
524 if (!rsa_md_to_mgf1(&pss->maskGenAlgorithm, mgf1md))
525 goto err;
526 /* Finally create string with pss parameter encoding. */
527 if (!ASN1_item_pack(pss, ASN1_ITEM_rptr(RSA_PSS_PARAMS), &os))
528 goto err;
529 rv = 1;
530 err:
25aaa98a 531 RSA_PSS_PARAMS_free(pss);
0f113f3e
MC		 532 if (rv)
533 return os;
0dfb9398 534 ASN1_STRING_free(os);
0f113f3e
MC		 535 return NULL;
536}
537
538/*
539 * From PSS AlgorithmIdentifier set public key parameters. If pkey isn't NULL
0d4fb843 540 * then the EVP_MD_CTX is setup and initialised. If it is NULL parameters are
0f113f3e 541 * passed to pkctx instead.
0574cadf 542 */
31904ecd 543
0574cadf 544static int rsa_pss_to_ctx(EVP_MD_CTX *ctx, EVP_PKEY_CTX *pkctx,
0f113f3e
MC		 545 X509_ALGOR *sigalg, EVP_PKEY *pkey)
546{
547 int rv = -1;
548 int saltlen;
549 const EVP_MD *mgf1md = NULL, *md = NULL;
550 RSA_PSS_PARAMS *pss;
551 X509_ALGOR *maskHash;
552 /* Sanity check: make sure it is PSS */
553 if (OBJ_obj2nid(sigalg->algorithm) != NID_rsassaPss) {
554 RSAerr(RSA_F_RSA_PSS_TO_CTX, RSA_R_UNSUPPORTED_SIGNATURE_TYPE);
555 return -1;
556 }
557 /* Decode PSS parameters */
558 pss = rsa_pss_decode(sigalg, &maskHash);
559
560 if (pss == NULL) {
561 RSAerr(RSA_F_RSA_PSS_TO_CTX, RSA_R_INVALID_PSS_PARAMETERS);
562 goto err;
563 }
564 mgf1md = rsa_mgf1_to_md(pss->maskGenAlgorithm, maskHash);
565 if (!mgf1md)
566 goto err;
567 md = rsa_algor_to_md(pss->hashAlgorithm);
568 if (!md)
569 goto err;
570
571 if (pss->saltLength) {
572 saltlen = ASN1_INTEGER_get(pss->saltLength);
573
574 /*
575 * Could perform more salt length sanity checks but the main RSA
576 * routines will trap other invalid values anyway.
577 */
578 if (saltlen < 0) {
579 RSAerr(RSA_F_RSA_PSS_TO_CTX, RSA_R_INVALID_SALT_LENGTH);
580 goto err;
581 }
582 } else
583 saltlen = 20;
584
585 /*
586 * low-level routines support only trailer field 0xbc (value 1) and
587 * PKCS#1 says we should reject any other value anyway.
588 */
589 if (pss->trailerField && ASN1_INTEGER_get(pss->trailerField) != 1) {
590 RSAerr(RSA_F_RSA_PSS_TO_CTX, RSA_R_INVALID_TRAILER);
591 goto err;
592 }
593
594 /* We have all parameters now set up context */
595
596 if (pkey) {
597 if (!EVP_DigestVerifyInit(ctx, &pkctx, md, NULL, pkey))
598 goto err;
599 } else {
600 const EVP_MD *checkmd;
601 if (EVP_PKEY_CTX_get_signature_md(pkctx, &checkmd) <= 0)
602 goto err;
603 if (EVP_MD_type(md) != EVP_MD_type(checkmd)) {
604 RSAerr(RSA_F_RSA_PSS_TO_CTX, RSA_R_DIGEST_DOES_NOT_MATCH);
605 goto err;
606 }
607 }
608
609 if (EVP_PKEY_CTX_set_rsa_padding(pkctx, RSA_PKCS1_PSS_PADDING) <= 0)
610 goto err;
611
612 if (EVP_PKEY_CTX_set_rsa_pss_saltlen(pkctx, saltlen) <= 0)
613 goto err;
614
615 if (EVP_PKEY_CTX_set_rsa_mgf1_md(pkctx, mgf1md) <= 0)
616 goto err;
617 /* Carry on */
618 rv = 1;
619
620 err:
621 RSA_PSS_PARAMS_free(pss);
222561fe 622 X509_ALGOR_free(maskHash);
0f113f3e
MC		 623 return rv;
624}
492a9e24 625
e968561d 626#ifndef OPENSSL_NO_CMS
0574cadf 627static int rsa_cms_verify(CMS_SignerInfo *si)
0f113f3e
MC		 628{
629 int nid, nid2;
630 X509_ALGOR *alg;
631 EVP_PKEY_CTX *pkctx = CMS_SignerInfo_get0_pkey_ctx(si);
632 CMS_SignerInfo_get0_algs(si, NULL, NULL, NULL, &alg);
633 nid = OBJ_obj2nid(alg->algorithm);
634 if (nid == NID_rsaEncryption)
635 return 1;
636 if (nid == NID_rsassaPss)
637 return rsa_pss_to_ctx(NULL, pkctx, alg, NULL);
638 /* Workaround for some implementation that use a signature OID */
639 if (OBJ_find_sigid_algs(nid, NULL, &nid2)) {
640 if (nid2 == NID_rsaEncryption)
641 return 1;
642 }
643 return 0;
644}
e968561d 645#endif
0f113f3e
MC		 646
647/*
648 * Customised RSA item verification routine. This is called when a signature
649 * is encountered requiring special handling. We currently only handle PSS.
0574cadf
DSH		 650 */
651
0574cadf 652static int rsa_item_verify(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
0f113f3e
MC		 653 X509_ALGOR *sigalg, ASN1_BIT_STRING *sig,
654 EVP_PKEY *pkey)
655{
656 /* Sanity check: make sure it is PSS */
657 if (OBJ_obj2nid(sigalg->algorithm) != NID_rsassaPss) {
658 RSAerr(RSA_F_RSA_ITEM_VERIFY, RSA_R_UNSUPPORTED_SIGNATURE_TYPE);
659 return -1;
660 }
09f06923 661 if (rsa_pss_to_ctx(ctx, NULL, sigalg, pkey) > 0) {
0f113f3e
MC		 662 /* Carry on */
663 return 2;
09f06923 664 }
0f113f3e
MC		 665 return -1;
666}
0574cadf 667
e968561d 668#ifndef OPENSSL_NO_CMS
0574cadf 669static int rsa_cms_sign(CMS_SignerInfo *si)
0f113f3e
MC		 670{
671 int pad_mode = RSA_PKCS1_PADDING;
672 X509_ALGOR *alg;
673 EVP_PKEY_CTX *pkctx = CMS_SignerInfo_get0_pkey_ctx(si);
674 ASN1_STRING *os = NULL;
675 CMS_SignerInfo_get0_algs(si, NULL, NULL, NULL, &alg);
676 if (pkctx) {
677 if (EVP_PKEY_CTX_get_rsa_padding(pkctx, &pad_mode) <= 0)
678 return 0;
679 }
680 if (pad_mode == RSA_PKCS1_PADDING) {
681 X509_ALGOR_set0(alg, OBJ_nid2obj(NID_rsaEncryption), V_ASN1_NULL, 0);
682 return 1;
683 }
684 /* We don't support it */
685 if (pad_mode != RSA_PKCS1_PSS_PADDING)
686 return 0;
687 os = rsa_ctx_to_pss(pkctx);
688 if (!os)
689 return 0;
690 X509_ALGOR_set0(alg, OBJ_nid2obj(NID_rsassaPss), V_ASN1_SEQUENCE, os);
691 return 1;
692}
e968561d 693#endif
0574cadf 694
17c63d1c 695static int rsa_item_sign(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
0f113f3e
MC		 696 X509_ALGOR *alg1, X509_ALGOR *alg2,
697 ASN1_BIT_STRING *sig)
698{
699 int pad_mode;
6e59a892 700 EVP_PKEY_CTX *pkctx = EVP_MD_CTX_pkey_ctx(ctx);
0f113f3e
MC		 701 if (EVP_PKEY_CTX_get_rsa_padding(pkctx, &pad_mode) <= 0)
702 return 0;
703 if (pad_mode == RSA_PKCS1_PADDING)
704 return 2;
705 if (pad_mode == RSA_PKCS1_PSS_PADDING) {
706 ASN1_STRING *os1 = NULL;
707 os1 = rsa_ctx_to_pss(pkctx);
708 if (!os1)
709 return 0;
710 /* Duplicate parameters if we have to */
711 if (alg2) {
712 ASN1_STRING *os2 = ASN1_STRING_dup(os1);
713 if (!os2) {
714 ASN1_STRING_free(os1);
715 return 0;
716 }
717 X509_ALGOR_set0(alg2, OBJ_nid2obj(NID_rsassaPss),
718 V_ASN1_SEQUENCE, os2);
719 }
720 X509_ALGOR_set0(alg1, OBJ_nid2obj(NID_rsassaPss),
721 V_ASN1_SEQUENCE, os1);
722 return 3;
723 }
724 return 2;
725}
17c63d1c 726
e968561d 727#ifndef OPENSSL_NO_CMS
0574cadf 728static RSA_OAEP_PARAMS *rsa_oaep_decode(const X509_ALGOR *alg,
0f113f3e
MC		 729 X509_ALGOR **pmaskHash)
730{
0f113f3e 731 RSA_OAEP_PARAMS *pss;
0574cadf 732
0f113f3e 733 *pmaskHash = NULL;
0574cadf 734
e93c8748
DSH		 735 pss = ASN1_TYPE_unpack_sequence(ASN1_ITEM_rptr(RSA_OAEP_PARAMS),
736 alg->parameter);
0574cadf 737
0f113f3e
MC		 738 if (!pss)
739 return NULL;
0574cadf 740
0f113f3e 741 *pmaskHash = rsa_mgf1_decode(pss->maskGenFunc);
0574cadf 742
0f113f3e
MC		 743 return pss;
744}
0574cadf
DSH		 745
746static int rsa_cms_decrypt(CMS_RecipientInfo *ri)
0f113f3e
MC		 747{
748 EVP_PKEY_CTX *pkctx;
749 X509_ALGOR *cmsalg;
750 int nid;
751 int rv = -1;
752 unsigned char *label = NULL;
753 int labellen = 0;
754 const EVP_MD *mgf1md = NULL, *md = NULL;
755 RSA_OAEP_PARAMS *oaep;
756 X509_ALGOR *maskHash;
757 pkctx = CMS_RecipientInfo_get0_pkey_ctx(ri);
758 if (!pkctx)
759 return 0;
760 if (!CMS_RecipientInfo_ktri_get0_algs(ri, NULL, NULL, &cmsalg))
761 return -1;
762 nid = OBJ_obj2nid(cmsalg->algorithm);
763 if (nid == NID_rsaEncryption)
764 return 1;
765 if (nid != NID_rsaesOaep) {
766 RSAerr(RSA_F_RSA_CMS_DECRYPT, RSA_R_UNSUPPORTED_ENCRYPTION_TYPE);
767 return -1;
768 }
769 /* Decode OAEP parameters */
770 oaep = rsa_oaep_decode(cmsalg, &maskHash);
771
772 if (oaep == NULL) {
773 RSAerr(RSA_F_RSA_CMS_DECRYPT, RSA_R_INVALID_OAEP_PARAMETERS);
774 goto err;
775 }
776
777 mgf1md = rsa_mgf1_to_md(oaep->maskGenFunc, maskHash);
778 if (!mgf1md)
779 goto err;
780 md = rsa_algor_to_md(oaep->hashFunc);
781 if (!md)
782 goto err;
783
784 if (oaep->pSourceFunc) {
785 X509_ALGOR *plab = oaep->pSourceFunc;
786 if (OBJ_obj2nid(plab->algorithm) != NID_pSpecified) {
787 RSAerr(RSA_F_RSA_CMS_DECRYPT, RSA_R_UNSUPPORTED_LABEL_SOURCE);
788 goto err;
789 }
790 if (plab->parameter->type != V_ASN1_OCTET_STRING) {
791 RSAerr(RSA_F_RSA_CMS_DECRYPT, RSA_R_INVALID_LABEL);
792 goto err;
793 }
794
795 label = plab->parameter->value.octet_string->data;
796 /* Stop label being freed when OAEP parameters are freed */
797 plab->parameter->value.octet_string->data = NULL;
798 labellen = plab->parameter->value.octet_string->length;
799 }
800
801 if (EVP_PKEY_CTX_set_rsa_padding(pkctx, RSA_PKCS1_OAEP_PADDING) <= 0)
802 goto err;
803 if (EVP_PKEY_CTX_set_rsa_oaep_md(pkctx, md) <= 0)
804 goto err;
805 if (EVP_PKEY_CTX_set_rsa_mgf1_md(pkctx, mgf1md) <= 0)
806 goto err;
807 if (EVP_PKEY_CTX_set0_rsa_oaep_label(pkctx, label, labellen) <= 0)
808 goto err;
809 /* Carry on */
810 rv = 1;
811
812 err:
813 RSA_OAEP_PARAMS_free(oaep);
222561fe 814 X509_ALGOR_free(maskHash);
0f113f3e
MC		 815 return rv;
816}
0574cadf
DSH		 817
818static int rsa_cms_encrypt(CMS_RecipientInfo *ri)
0f113f3e
MC		 819{
820 const EVP_MD *md, *mgf1md;
821 RSA_OAEP_PARAMS *oaep = NULL;
822 ASN1_STRING *os = NULL;
823 X509_ALGOR *alg;
824 EVP_PKEY_CTX *pkctx = CMS_RecipientInfo_get0_pkey_ctx(ri);
825 int pad_mode = RSA_PKCS1_PADDING, rv = 0, labellen;
826 unsigned char *label;
827 CMS_RecipientInfo_ktri_get0_algs(ri, NULL, NULL, &alg);
828 if (pkctx) {
829 if (EVP_PKEY_CTX_get_rsa_padding(pkctx, &pad_mode) <= 0)
830 return 0;
831 }
832 if (pad_mode == RSA_PKCS1_PADDING) {
833 X509_ALGOR_set0(alg, OBJ_nid2obj(NID_rsaEncryption), V_ASN1_NULL, 0);
834 return 1;
835 }
836 /* Not supported */
837 if (pad_mode != RSA_PKCS1_OAEP_PADDING)
838 return 0;
839 if (EVP_PKEY_CTX_get_rsa_oaep_md(pkctx, &md) <= 0)
840 goto err;
841 if (EVP_PKEY_CTX_get_rsa_mgf1_md(pkctx, &mgf1md) <= 0)
842 goto err;
843 labellen = EVP_PKEY_CTX_get0_rsa_oaep_label(pkctx, &label);
844 if (labellen < 0)
845 goto err;
846 oaep = RSA_OAEP_PARAMS_new();
90945fa3 847 if (oaep == NULL)
0f113f3e
MC		 848 goto err;
849 if (!rsa_md_to_algor(&oaep->hashFunc, md))
850 goto err;
851 if (!rsa_md_to_mgf1(&oaep->maskGenFunc, mgf1md))
852 goto err;
853 if (labellen > 0) {
854 ASN1_OCTET_STRING *los = ASN1_OCTET_STRING_new();
855 oaep->pSourceFunc = X509_ALGOR_new();
90945fa3 856 if (oaep->pSourceFunc == NULL)
0f113f3e 857 goto err;
90945fa3 858 if (los == NULL)
0f113f3e
MC		 859 goto err;
860 if (!ASN1_OCTET_STRING_set(los, label, labellen)) {
861 ASN1_OCTET_STRING_free(los);
862 goto err;
863 }
864 X509_ALGOR_set0(oaep->pSourceFunc, OBJ_nid2obj(NID_pSpecified),
865 V_ASN1_OCTET_STRING, los);
866 }
867 /* create string with pss parameter encoding. */
868 if (!ASN1_item_pack(oaep, ASN1_ITEM_rptr(RSA_OAEP_PARAMS), &os))
869 goto err;
870 X509_ALGOR_set0(alg, OBJ_nid2obj(NID_rsaesOaep), V_ASN1_SEQUENCE, os);
871 os = NULL;
872 rv = 1;
873 err:
25aaa98a 874 RSA_OAEP_PARAMS_free(oaep);
0dfb9398 875 ASN1_STRING_free(os);
0f113f3e
MC		 876 return rv;
877}
e968561d 878#endif
0f113f3e
MC		 879
880const EVP_PKEY_ASN1_METHOD rsa_asn1_meths[] = {
881 {
882 EVP_PKEY_RSA,
883 EVP_PKEY_RSA,
884 ASN1_PKEY_SIGPARAM_NULL,
885
886 "RSA",
887 "OpenSSL RSA method",
888
889 rsa_pub_decode,
890 rsa_pub_encode,
891 rsa_pub_cmp,
892 rsa_pub_print,
893
894 rsa_priv_decode,
895 rsa_priv_encode,
896 rsa_priv_print,
897
898 int_rsa_size,
899 rsa_bits,
900 rsa_security_bits,
901
902 0, 0, 0, 0, 0, 0,
903
904 rsa_sig_print,
905 int_rsa_free,
906 rsa_pkey_ctrl,
907 old_rsa_priv_decode,
908 old_rsa_priv_encode,
909 rsa_item_verify,
910 rsa_item_sign},
911
912 {
913 EVP_PKEY_RSA2,
914 EVP_PKEY_RSA,
915 ASN1_PKEY_ALIAS}
916};
A mirror of the official openssl repository