]> git.ipfire.org Git - thirdparty/openssl.git/blob - providers/implementations/serializers/serializer_rsa_priv.c
projects / thirdparty / openssl.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Deprecate the low level Diffie-Hellman functions.
[thirdparty/openssl.git] / providers / implementations / serializers / serializer_rsa_priv.c
1 /*
2 * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 /*
11 * RSA low level APIs are deprecated for public use, but still ok for
12 * internal use.
13 */
14 #include "internal/deprecated.h"
15
16 #include <openssl/core_numbers.h>
17 #include <openssl/core_names.h>
18 #include <openssl/err.h>
19 #include <openssl/pem.h>
20 #include <openssl/rsa.h>
21 #include <openssl/types.h>
22 #include <openssl/params.h>
23 #include <openssl/safestack.h>
24 #include "prov/bio.h"
25 #include "prov/implementations.h"
26 #include "prov/providercommonerr.h"
27 #include "serializer_local.h"
28
29 static OSSL_OP_serializer_newctx_fn rsa_priv_newctx;
30 static OSSL_OP_serializer_freectx_fn rsa_priv_freectx;
31 static OSSL_OP_serializer_set_ctx_params_fn rsa_priv_set_ctx_params;
32 static OSSL_OP_serializer_settable_ctx_params_fn rsa_priv_settable_ctx_params;
33 static OSSL_OP_serializer_serialize_data_fn rsa_priv_der_data;
34 static OSSL_OP_serializer_serialize_object_fn rsa_priv_der;
35 static OSSL_OP_serializer_serialize_data_fn rsa_pem_priv_data;
36 static OSSL_OP_serializer_serialize_object_fn rsa_pem_priv;
37
38 static OSSL_OP_serializer_newctx_fn rsa_print_newctx;
39 static OSSL_OP_serializer_freectx_fn rsa_print_freectx;
40 static OSSL_OP_serializer_serialize_data_fn rsa_priv_print_data;
41 static OSSL_OP_serializer_serialize_object_fn rsa_priv_print;
42
43 /*
44 * Context used for private key serialization.
45 */
46 struct rsa_priv_ctx_st {
47 void *provctx;
48
49 struct pkcs8_encrypt_ctx_st sc;
50 };
51
52 /* Helper functions to prepare RSA-PSS params for serialization */
53
54 static int prepare_rsa_params(const void *rsa, int nid,
55 ASN1_STRING **pstr, int *pstrtype)
56 {
57 const RSA_PSS_PARAMS *pss = RSA_get0_pss_params(rsa);
58 *pstr = NULL;
59
60 /* If RSA it's just NULL type */
61 if (nid != EVP_PKEY_RSA_PSS) {
62 *pstrtype = V_ASN1_NULL;
63 return 1;
64 }
65 /* If no PSS parameters we omit parameters entirely */
66 if (pss == NULL) {
67 *pstrtype = V_ASN1_UNDEF;
68 return 1;
69 }
70 /* Encode PSS parameters */
71 if (ASN1_item_pack((void *)pss, ASN1_ITEM_rptr(RSA_PSS_PARAMS), pstr)
72 == NULL)
73 return 0;
74
75 *pstrtype = V_ASN1_SEQUENCE;
76 return 1;
77 }
78
79 /* Private key : context */
80 static void *rsa_priv_newctx(void *provctx)
81 {
82 struct rsa_priv_ctx_st *ctx = OPENSSL_zalloc(sizeof(*ctx));
83
84 if (ctx != NULL) {
85 ctx->provctx = provctx;
86 /* -1 is the "whatever" indicator, i.e. the PKCS8 library default PBE */
87 ctx->sc.pbe_nid = -1;
88 }
89 return ctx;
90 }
91
92 static void rsa_priv_freectx(void *vctx)
93 {
94 struct rsa_priv_ctx_st *ctx = vctx;
95
96 EVP_CIPHER_free(ctx->sc.cipher);
97 OPENSSL_free(ctx->sc.cipher_pass);
98 OPENSSL_free(ctx);
99 }
100
101 static const OSSL_PARAM *rsa_priv_settable_ctx_params(void)
102 {
103 static const OSSL_PARAM settables[] = {
104 OSSL_PARAM_utf8_string(OSSL_SERIALIZER_PARAM_CIPHER, NULL, 0),
105 OSSL_PARAM_octet_string(OSSL_SERIALIZER_PARAM_PASS, NULL, 0),
106 OSSL_PARAM_END,
107 };
108
109 return settables;
110 }
111
112 static int rsa_priv_set_ctx_params(void *vctx, const OSSL_PARAM params[])
113 {
114 struct rsa_priv_ctx_st *ctx = vctx;
115 const OSSL_PARAM *p;
116
117 if ((p = OSSL_PARAM_locate_const(params, OSSL_SERIALIZER_PARAM_CIPHER))
118 != NULL) {
119 const OSSL_PARAM *propsp =
120 OSSL_PARAM_locate_const(params, OSSL_SERIALIZER_PARAM_PROPERTIES);
121 const char *props = NULL;
122
123 if (p->data_type != OSSL_PARAM_UTF8_STRING)
124 return 0;
125 if (propsp != NULL && propsp->data_type != OSSL_PARAM_UTF8_STRING)
126 return 0;
127 props = (propsp != NULL ? propsp->data : NULL);
128
129 EVP_CIPHER_free(ctx->sc.cipher);
130 ctx->sc.cipher_intent = p->data != NULL;
131 if (p->data != NULL
132 && ((ctx->sc.cipher = EVP_CIPHER_fetch(NULL, p->data, props))
133 == NULL))
134 return 0;
135 }
136 if ((p = OSSL_PARAM_locate_const(params, OSSL_SERIALIZER_PARAM_PASS))
137 != NULL) {
138 OPENSSL_free(ctx->sc.cipher_pass);
139 ctx->sc.cipher_pass = NULL;
140 if (!OSSL_PARAM_get_octet_string(p, &ctx->sc.cipher_pass, 0,
141 &ctx->sc.cipher_pass_length))
142 return 0;
143 }
144 return 1;
145 }
146
147 /* Private key : DER */
148 static int rsa_priv_der_data(void *vctx, const OSSL_PARAM params[], BIO *out,
149 OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg)
150 {
151 struct rsa_priv_ctx_st *ctx = vctx;
152 OSSL_OP_keymgmt_new_fn *rsa_new = ossl_prov_get_keymgmt_rsa_new();
153 OSSL_OP_keymgmt_free_fn *rsa_free = ossl_prov_get_keymgmt_rsa_free();
154 OSSL_OP_keymgmt_import_fn *rsa_import = ossl_prov_get_keymgmt_rsa_import();
155 int ok = 0;
156
157 if (rsa_import != NULL) {
158 RSA *rsa;
159
160 if ((rsa = rsa_new(ctx->provctx)) != NULL
161 && rsa_import(rsa, OSSL_KEYMGMT_SELECT_KEYPAIR, params)
162 && rsa_priv_der(ctx, rsa, out, cb, cbarg))
163 ok = 1;
164 rsa_free(rsa);
165 }
166 return ok;
167 }
168
169 static int rsa_priv_der(void *vctx, void *rsa, BIO *out,
170 OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg)
171 {
172 struct rsa_priv_ctx_st *ctx = vctx;
173 int ret;
174
175 ctx->sc.cb = cb;
176 ctx->sc.cbarg = cbarg;
177
178 ret = ossl_prov_write_priv_der_from_obj(out, rsa, EVP_PKEY_RSA,
179 prepare_rsa_params,
180 (i2d_of_void *)i2d_RSAPrivateKey,
181 &ctx->sc);
182
183 return ret;
184 }
185
186 /* Private key : PEM */
187 static int rsa_pem_priv_data(void *vctx, const OSSL_PARAM params[], BIO *out,
188 OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg)
189 {
190 struct rsa_priv_ctx_st *ctx = vctx;
191 OSSL_OP_keymgmt_new_fn *rsa_new = ossl_prov_get_keymgmt_rsa_new();
192 OSSL_OP_keymgmt_free_fn *rsa_free = ossl_prov_get_keymgmt_rsa_free();
193 OSSL_OP_keymgmt_import_fn *rsa_import = ossl_prov_get_keymgmt_rsa_import();
194 int ok = 0;
195
196 if (rsa_import != NULL) {
197 RSA *rsa;
198
199 if ((rsa = rsa_new(ctx->provctx)) != NULL
200 && rsa_import(rsa, OSSL_KEYMGMT_SELECT_KEYPAIR, params)
201 && rsa_pem_priv(ctx, rsa, out, cb, cbarg))
202 ok = 1;
203 rsa_free(rsa);
204 }
205 return ok;
206 }
207
208 static int rsa_pem_priv(void *vctx, void *rsa, BIO *out,
209 OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg)
210 {
211 struct rsa_priv_ctx_st *ctx = vctx;
212 int ret;
213
214 ctx->sc.cb = cb;
215 ctx->sc.cbarg = cbarg;
216
217 ret = ossl_prov_write_priv_pem_from_obj(out, rsa, EVP_PKEY_RSA,
218 prepare_rsa_params,
219 (i2d_of_void *)i2d_RSAPrivateKey,
220 &ctx->sc);
221
222 return ret;
223 }
224
225 /*
226 * There's no specific print context, so we use the provider context
227 */
228 static void *rsa_print_newctx(void *provctx)
229 {
230 return provctx;
231 }
232
233 static void rsa_print_freectx(void *ctx)
234 {
235 }
236
237 static int rsa_priv_print_data(void *vctx, const OSSL_PARAM params[],
238 BIO *out,
239 OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg)
240 {
241 struct rsa_priv_ctx_st *ctx = vctx;
242 OSSL_OP_keymgmt_new_fn *rsa_new = ossl_prov_get_keymgmt_rsa_new();
243 OSSL_OP_keymgmt_free_fn *rsa_free = ossl_prov_get_keymgmt_rsa_free();
244 OSSL_OP_keymgmt_import_fn *rsa_import = ossl_prov_get_keymgmt_rsa_import();
245 int ok = 0;
246
247 if (rsa_import != NULL) {
248 RSA *rsa;
249
250 if ((rsa = rsa_new(ctx->provctx)) != NULL
251 && rsa_import(rsa, OSSL_KEYMGMT_SELECT_KEYPAIR, params)
252 && rsa_priv_print(ctx, rsa, out, cb, cbarg))
253 ok = 1;
254 rsa_free(rsa);
255 }
256 return ok;
257 }
258
259 static int rsa_priv_print(void *ctx, void *rsa, BIO *out,
260 OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg)
261 {
262 return ossl_prov_print_rsa(out, rsa, 1);
263 }
264
265 const OSSL_DISPATCH rsa_priv_der_serializer_functions[] = {
266 { OSSL_FUNC_SERIALIZER_NEWCTX, (void (*)(void))rsa_priv_newctx },
267 { OSSL_FUNC_SERIALIZER_FREECTX, (void (*)(void))rsa_priv_freectx },
268 { OSSL_FUNC_SERIALIZER_SET_CTX_PARAMS,
269 (void (*)(void))rsa_priv_set_ctx_params },
270 { OSSL_FUNC_SERIALIZER_SETTABLE_CTX_PARAMS,
271 (void (*)(void))rsa_priv_settable_ctx_params },
272 { OSSL_FUNC_SERIALIZER_SERIALIZE_DATA, (void (*)(void))rsa_priv_der_data },
273 { OSSL_FUNC_SERIALIZER_SERIALIZE_OBJECT, (void (*)(void))rsa_priv_der },
274 { 0, NULL }
275 };
276
277 const OSSL_DISPATCH rsa_priv_pem_serializer_functions[] = {
278 { OSSL_FUNC_SERIALIZER_NEWCTX, (void (*)(void))rsa_priv_newctx },
279 { OSSL_FUNC_SERIALIZER_FREECTX, (void (*)(void))rsa_priv_freectx },
280 { OSSL_FUNC_SERIALIZER_SET_CTX_PARAMS,
281 (void (*)(void))rsa_priv_set_ctx_params },
282 { OSSL_FUNC_SERIALIZER_SETTABLE_CTX_PARAMS,
283 (void (*)(void))rsa_priv_settable_ctx_params },
284 { OSSL_FUNC_SERIALIZER_SERIALIZE_DATA, (void (*)(void))rsa_pem_priv_data },
285 { OSSL_FUNC_SERIALIZER_SERIALIZE_OBJECT, (void (*)(void))rsa_pem_priv },
286 { 0, NULL }
287 };
288
289 const OSSL_DISPATCH rsa_priv_text_serializer_functions[] = {
290 { OSSL_FUNC_SERIALIZER_NEWCTX, (void (*)(void))rsa_print_newctx },
291 { OSSL_FUNC_SERIALIZER_FREECTX, (void (*)(void))rsa_print_freectx },
292 { OSSL_FUNC_SERIALIZER_SERIALIZE_OBJECT, (void (*)(void))rsa_priv_print },
293 { OSSL_FUNC_SERIALIZER_SERIALIZE_DATA,
294 (void (*)(void))rsa_priv_print_data },
295 { 0, NULL }
296 };
A mirror of the official openssl repository