2 * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
11 * RSA low level APIs are deprecated for public use, but still ok for
14 #include "internal/deprecated.h"
16 #include <openssl/core_numbers.h>
17 #include <openssl/core_names.h>
18 #include <openssl/err.h>
19 #include <openssl/pem.h>
20 #include <openssl/rsa.h>
21 #include <openssl/types.h>
22 #include <openssl/params.h>
23 #include <openssl/safestack.h>
25 #include "prov/implementations.h"
26 #include "prov/providercommonerr.h"
27 #include "serializer_local.h"
29 static OSSL_OP_serializer_newctx_fn rsa_priv_newctx
;
30 static OSSL_OP_serializer_freectx_fn rsa_priv_freectx
;
31 static OSSL_OP_serializer_set_ctx_params_fn rsa_priv_set_ctx_params
;
32 static OSSL_OP_serializer_settable_ctx_params_fn rsa_priv_settable_ctx_params
;
33 static OSSL_OP_serializer_serialize_data_fn rsa_priv_der_data
;
34 static OSSL_OP_serializer_serialize_object_fn rsa_priv_der
;
35 static OSSL_OP_serializer_serialize_data_fn rsa_pem_priv_data
;
36 static OSSL_OP_serializer_serialize_object_fn rsa_pem_priv
;
38 static OSSL_OP_serializer_newctx_fn rsa_print_newctx
;
39 static OSSL_OP_serializer_freectx_fn rsa_print_freectx
;
40 static OSSL_OP_serializer_serialize_data_fn rsa_priv_print_data
;
41 static OSSL_OP_serializer_serialize_object_fn rsa_priv_print
;
44 * Context used for private key serialization.
46 struct rsa_priv_ctx_st
{
49 struct pkcs8_encrypt_ctx_st sc
;
52 /* Helper functions to prepare RSA-PSS params for serialization */
54 static int prepare_rsa_params(const void *rsa
, int nid
,
55 ASN1_STRING
**pstr
, int *pstrtype
)
57 const RSA_PSS_PARAMS
*pss
= RSA_get0_pss_params(rsa
);
60 /* If RSA it's just NULL type */
61 if (nid
!= EVP_PKEY_RSA_PSS
) {
62 *pstrtype
= V_ASN1_NULL
;
65 /* If no PSS parameters we omit parameters entirely */
67 *pstrtype
= V_ASN1_UNDEF
;
70 /* Encode PSS parameters */
71 if (ASN1_item_pack((void *)pss
, ASN1_ITEM_rptr(RSA_PSS_PARAMS
), pstr
)
75 *pstrtype
= V_ASN1_SEQUENCE
;
79 /* Private key : context */
80 static void *rsa_priv_newctx(void *provctx
)
82 struct rsa_priv_ctx_st
*ctx
= OPENSSL_zalloc(sizeof(*ctx
));
85 ctx
->provctx
= provctx
;
86 /* -1 is the "whatever" indicator, i.e. the PKCS8 library default PBE */
92 static void rsa_priv_freectx(void *vctx
)
94 struct rsa_priv_ctx_st
*ctx
= vctx
;
96 EVP_CIPHER_free(ctx
->sc
.cipher
);
97 OPENSSL_free(ctx
->sc
.cipher_pass
);
101 static const OSSL_PARAM
*rsa_priv_settable_ctx_params(void)
103 static const OSSL_PARAM settables
[] = {
104 OSSL_PARAM_utf8_string(OSSL_SERIALIZER_PARAM_CIPHER
, NULL
, 0),
105 OSSL_PARAM_octet_string(OSSL_SERIALIZER_PARAM_PASS
, NULL
, 0),
112 static int rsa_priv_set_ctx_params(void *vctx
, const OSSL_PARAM params
[])
114 struct rsa_priv_ctx_st
*ctx
= vctx
;
117 if ((p
= OSSL_PARAM_locate_const(params
, OSSL_SERIALIZER_PARAM_CIPHER
))
119 const OSSL_PARAM
*propsp
=
120 OSSL_PARAM_locate_const(params
, OSSL_SERIALIZER_PARAM_PROPERTIES
);
121 const char *props
= NULL
;
123 if (p
->data_type
!= OSSL_PARAM_UTF8_STRING
)
125 if (propsp
!= NULL
&& propsp
->data_type
!= OSSL_PARAM_UTF8_STRING
)
127 props
= (propsp
!= NULL
? propsp
->data
: NULL
);
129 EVP_CIPHER_free(ctx
->sc
.cipher
);
130 ctx
->sc
.cipher_intent
= p
->data
!= NULL
;
132 && ((ctx
->sc
.cipher
= EVP_CIPHER_fetch(NULL
, p
->data
, props
))
136 if ((p
= OSSL_PARAM_locate_const(params
, OSSL_SERIALIZER_PARAM_PASS
))
138 OPENSSL_free(ctx
->sc
.cipher_pass
);
139 ctx
->sc
.cipher_pass
= NULL
;
140 if (!OSSL_PARAM_get_octet_string(p
, &ctx
->sc
.cipher_pass
, 0,
141 &ctx
->sc
.cipher_pass_length
))
147 /* Private key : DER */
148 static int rsa_priv_der_data(void *vctx
, const OSSL_PARAM params
[], BIO
*out
,
149 OSSL_PASSPHRASE_CALLBACK
*cb
, void *cbarg
)
151 struct rsa_priv_ctx_st
*ctx
= vctx
;
152 OSSL_OP_keymgmt_new_fn
*rsa_new
= ossl_prov_get_keymgmt_rsa_new();
153 OSSL_OP_keymgmt_free_fn
*rsa_free
= ossl_prov_get_keymgmt_rsa_free();
154 OSSL_OP_keymgmt_import_fn
*rsa_import
= ossl_prov_get_keymgmt_rsa_import();
157 if (rsa_import
!= NULL
) {
160 if ((rsa
= rsa_new(ctx
->provctx
)) != NULL
161 && rsa_import(rsa
, OSSL_KEYMGMT_SELECT_KEYPAIR
, params
)
162 && rsa_priv_der(ctx
, rsa
, out
, cb
, cbarg
))
169 static int rsa_priv_der(void *vctx
, void *rsa
, BIO
*out
,
170 OSSL_PASSPHRASE_CALLBACK
*cb
, void *cbarg
)
172 struct rsa_priv_ctx_st
*ctx
= vctx
;
176 ctx
->sc
.cbarg
= cbarg
;
178 ret
= ossl_prov_write_priv_der_from_obj(out
, rsa
, EVP_PKEY_RSA
,
180 (i2d_of_void
*)i2d_RSAPrivateKey
,
186 /* Private key : PEM */
187 static int rsa_pem_priv_data(void *vctx
, const OSSL_PARAM params
[], BIO
*out
,
188 OSSL_PASSPHRASE_CALLBACK
*cb
, void *cbarg
)
190 struct rsa_priv_ctx_st
*ctx
= vctx
;
191 OSSL_OP_keymgmt_new_fn
*rsa_new
= ossl_prov_get_keymgmt_rsa_new();
192 OSSL_OP_keymgmt_free_fn
*rsa_free
= ossl_prov_get_keymgmt_rsa_free();
193 OSSL_OP_keymgmt_import_fn
*rsa_import
= ossl_prov_get_keymgmt_rsa_import();
196 if (rsa_import
!= NULL
) {
199 if ((rsa
= rsa_new(ctx
->provctx
)) != NULL
200 && rsa_import(rsa
, OSSL_KEYMGMT_SELECT_KEYPAIR
, params
)
201 && rsa_pem_priv(ctx
, rsa
, out
, cb
, cbarg
))
208 static int rsa_pem_priv(void *vctx
, void *rsa
, BIO
*out
,
209 OSSL_PASSPHRASE_CALLBACK
*cb
, void *cbarg
)
211 struct rsa_priv_ctx_st
*ctx
= vctx
;
215 ctx
->sc
.cbarg
= cbarg
;
217 ret
= ossl_prov_write_priv_pem_from_obj(out
, rsa
, EVP_PKEY_RSA
,
219 (i2d_of_void
*)i2d_RSAPrivateKey
,
226 * There's no specific print context, so we use the provider context
228 static void *rsa_print_newctx(void *provctx
)
233 static void rsa_print_freectx(void *ctx
)
237 static int rsa_priv_print_data(void *vctx
, const OSSL_PARAM params
[],
239 OSSL_PASSPHRASE_CALLBACK
*cb
, void *cbarg
)
241 struct rsa_priv_ctx_st
*ctx
= vctx
;
242 OSSL_OP_keymgmt_new_fn
*rsa_new
= ossl_prov_get_keymgmt_rsa_new();
243 OSSL_OP_keymgmt_free_fn
*rsa_free
= ossl_prov_get_keymgmt_rsa_free();
244 OSSL_OP_keymgmt_import_fn
*rsa_import
= ossl_prov_get_keymgmt_rsa_import();
247 if (rsa_import
!= NULL
) {
250 if ((rsa
= rsa_new(ctx
->provctx
)) != NULL
251 && rsa_import(rsa
, OSSL_KEYMGMT_SELECT_KEYPAIR
, params
)
252 && rsa_priv_print(ctx
, rsa
, out
, cb
, cbarg
))
259 static int rsa_priv_print(void *ctx
, void *rsa
, BIO
*out
,
260 OSSL_PASSPHRASE_CALLBACK
*cb
, void *cbarg
)
262 return ossl_prov_print_rsa(out
, rsa
, 1);
265 const OSSL_DISPATCH rsa_priv_der_serializer_functions
[] = {
266 { OSSL_FUNC_SERIALIZER_NEWCTX
, (void (*)(void))rsa_priv_newctx
},
267 { OSSL_FUNC_SERIALIZER_FREECTX
, (void (*)(void))rsa_priv_freectx
},
268 { OSSL_FUNC_SERIALIZER_SET_CTX_PARAMS
,
269 (void (*)(void))rsa_priv_set_ctx_params
},
270 { OSSL_FUNC_SERIALIZER_SETTABLE_CTX_PARAMS
,
271 (void (*)(void))rsa_priv_settable_ctx_params
},
272 { OSSL_FUNC_SERIALIZER_SERIALIZE_DATA
, (void (*)(void))rsa_priv_der_data
},
273 { OSSL_FUNC_SERIALIZER_SERIALIZE_OBJECT
, (void (*)(void))rsa_priv_der
},
277 const OSSL_DISPATCH rsa_priv_pem_serializer_functions
[] = {
278 { OSSL_FUNC_SERIALIZER_NEWCTX
, (void (*)(void))rsa_priv_newctx
},
279 { OSSL_FUNC_SERIALIZER_FREECTX
, (void (*)(void))rsa_priv_freectx
},
280 { OSSL_FUNC_SERIALIZER_SET_CTX_PARAMS
,
281 (void (*)(void))rsa_priv_set_ctx_params
},
282 { OSSL_FUNC_SERIALIZER_SETTABLE_CTX_PARAMS
,
283 (void (*)(void))rsa_priv_settable_ctx_params
},
284 { OSSL_FUNC_SERIALIZER_SERIALIZE_DATA
, (void (*)(void))rsa_pem_priv_data
},
285 { OSSL_FUNC_SERIALIZER_SERIALIZE_OBJECT
, (void (*)(void))rsa_pem_priv
},
289 const OSSL_DISPATCH rsa_priv_text_serializer_functions
[] = {
290 { OSSL_FUNC_SERIALIZER_NEWCTX
, (void (*)(void))rsa_print_newctx
},
291 { OSSL_FUNC_SERIALIZER_FREECTX
, (void (*)(void))rsa_print_freectx
},
292 { OSSL_FUNC_SERIALIZER_SERIALIZE_OBJECT
, (void (*)(void))rsa_priv_print
},
293 { OSSL_FUNC_SERIALIZER_SERIALIZE_DATA
,
294 (void (*)(void))rsa_priv_print_data
},