]>
Commit | Line | Data |
---|---|---|
09b88a4a | 1 | /* crypto/rsa/rsa_pmeth.c */ |
2e597528 | 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL |
0b6f3c66 DSH |
3 | * project 2006. |
4 | */ | |
5 | /* ==================================================================== | |
6 | * Copyright (c) 2006 The OpenSSL Project. All rights reserved. | |
7 | * | |
8 | * Redistribution and use in source and binary forms, with or without | |
9 | * modification, are permitted provided that the following conditions | |
10 | * are met: | |
11 | * | |
12 | * 1. Redistributions of source code must retain the above copyright | |
13 | * notice, this list of conditions and the following disclaimer. | |
14 | * | |
15 | * 2. Redistributions in binary form must reproduce the above copyright | |
16 | * notice, this list of conditions and the following disclaimer in | |
17 | * the documentation and/or other materials provided with the | |
18 | * distribution. | |
19 | * | |
20 | * 3. All advertising materials mentioning features or use of this | |
21 | * software must display the following acknowledgment: | |
22 | * "This product includes software developed by the OpenSSL Project | |
23 | * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" | |
24 | * | |
25 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | |
26 | * endorse or promote products derived from this software without | |
27 | * prior written permission. For written permission, please contact | |
28 | * licensing@OpenSSL.org. | |
29 | * | |
30 | * 5. Products derived from this software may not be called "OpenSSL" | |
31 | * nor may "OpenSSL" appear in their names without prior written | |
32 | * permission of the OpenSSL Project. | |
33 | * | |
34 | * 6. Redistributions of any form whatsoever must retain the following | |
35 | * acknowledgment: | |
36 | * "This product includes software developed by the OpenSSL Project | |
37 | * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" | |
38 | * | |
39 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | |
40 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
41 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | |
42 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | |
43 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | |
44 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | |
45 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | |
46 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
47 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | |
48 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | |
49 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | |
50 | * OF THE POSSIBILITY OF SUCH DAMAGE. | |
51 | * ==================================================================== | |
52 | * | |
53 | * This product includes cryptographic software written by Eric Young | |
54 | * (eay@cryptsoft.com). This product includes software written by Tim | |
55 | * Hudson (tjh@cryptsoft.com). | |
56 | * | |
57 | */ | |
58 | ||
59 | #include <stdio.h> | |
60 | #include "cryptlib.h" | |
61 | #include <openssl/asn1t.h> | |
62 | #include <openssl/x509.h> | |
63 | #include <openssl/rsa.h> | |
1e26a8ba | 64 | #include <openssl/bn.h> |
b2a97be7 | 65 | #include <openssl/evp.h> |
0b6f3c66 | 66 | #include "evp_locl.h" |
777c47ac | 67 | #include "rsa_locl.h" |
b2a97be7 | 68 | |
07e970c7 DSH |
69 | /* RSA pkey context structure */ |
70 | ||
71 | typedef struct | |
72 | { | |
73 | /* Key gen parameters */ | |
74 | int nbits; | |
75 | BIGNUM *pub_exp; | |
f5cda4cb DSH |
76 | /* Keygen callback info */ |
77 | int gentmp[2]; | |
07e970c7 DSH |
78 | /* RSA padding mode */ |
79 | int pad_mode; | |
4f59b658 | 80 | /* message digest */ |
75d44c04 | 81 | const EVP_MD *md; |
77f4b6ba DSH |
82 | /* message digest for MGF1 */ |
83 | const EVP_MD *mgf1md; | |
a7ffd9d1 DSH |
84 | /* PSS/OAEP salt length */ |
85 | int saltlen; | |
b2a97be7 DSH |
86 | /* Temp buffer */ |
87 | unsigned char *tbuf; | |
07e970c7 DSH |
88 | } RSA_PKEY_CTX; |
89 | ||
90 | static int pkey_rsa_init(EVP_PKEY_CTX *ctx) | |
91 | { | |
92 | RSA_PKEY_CTX *rctx; | |
93 | rctx = OPENSSL_malloc(sizeof(RSA_PKEY_CTX)); | |
94 | if (!rctx) | |
95 | return 0; | |
96 | rctx->nbits = 1024; | |
97 | rctx->pub_exp = NULL; | |
98 | rctx->pad_mode = RSA_PKCS1_PADDING; | |
75d44c04 | 99 | rctx->md = NULL; |
77f4b6ba | 100 | rctx->mgf1md = NULL; |
b2a97be7 DSH |
101 | rctx->tbuf = NULL; |
102 | ||
a7ffd9d1 | 103 | rctx->saltlen = -2; |
29db322e | 104 | |
07e970c7 | 105 | ctx->data = rctx; |
f5cda4cb DSH |
106 | ctx->keygen_info = rctx->gentmp; |
107 | ctx->keygen_info_count = 2; | |
b2a97be7 DSH |
108 | |
109 | return 1; | |
110 | } | |
111 | ||
8bdcef40 DSH |
112 | static int pkey_rsa_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src) |
113 | { | |
114 | RSA_PKEY_CTX *dctx, *sctx; | |
115 | if (!pkey_rsa_init(dst)) | |
116 | return 0; | |
117 | sctx = src->data; | |
118 | dctx = dst->data; | |
119 | dctx->nbits = sctx->nbits; | |
120 | if (sctx->pub_exp) | |
121 | { | |
122 | dctx->pub_exp = BN_dup(sctx->pub_exp); | |
123 | if (!dctx->pub_exp) | |
124 | return 0; | |
125 | } | |
126 | dctx->pad_mode = sctx->pad_mode; | |
127 | dctx->md = sctx->md; | |
128 | return 1; | |
129 | } | |
130 | ||
b2a97be7 DSH |
131 | static int setup_tbuf(RSA_PKEY_CTX *ctx, EVP_PKEY_CTX *pk) |
132 | { | |
133 | if (ctx->tbuf) | |
134 | return 1; | |
135 | ctx->tbuf = OPENSSL_malloc(EVP_PKEY_size(pk->pkey)); | |
136 | if (!ctx->tbuf) | |
137 | return 0; | |
07e970c7 DSH |
138 | return 1; |
139 | } | |
140 | ||
141 | static void pkey_rsa_cleanup(EVP_PKEY_CTX *ctx) | |
142 | { | |
143 | RSA_PKEY_CTX *rctx = ctx->data; | |
144 | if (rctx) | |
145 | { | |
146 | if (rctx->pub_exp) | |
147 | BN_free(rctx->pub_exp); | |
9fdab72d DSH |
148 | if (rctx->tbuf) |
149 | OPENSSL_free(rctx->tbuf); | |
c927df3f | 150 | OPENSSL_free(rctx); |
07e970c7 | 151 | } |
07e970c7 DSH |
152 | } |
153 | ||
eaff5a14 DSH |
154 | static int pkey_rsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, |
155 | const unsigned char *tbs, size_t tbslen) | |
07e970c7 DSH |
156 | { |
157 | int ret; | |
158 | RSA_PKEY_CTX *rctx = ctx->data; | |
a7ffd9d1 | 159 | RSA *rsa = ctx->pkey->pkey.rsa; |
b2a97be7 | 160 | |
75d44c04 | 161 | if (rctx->md) |
b2a97be7 | 162 | { |
eaff5a14 | 163 | if (tbslen != (size_t)EVP_MD_size(rctx->md)) |
75d44c04 DSH |
164 | { |
165 | RSAerr(RSA_F_PKEY_RSA_SIGN, | |
166 | RSA_R_INVALID_DIGEST_LENGTH); | |
167 | return -1; | |
168 | } | |
b2a97be7 DSH |
169 | if (rctx->pad_mode == RSA_X931_PADDING) |
170 | { | |
171 | if (!setup_tbuf(rctx, ctx)) | |
172 | return -1; | |
173 | memcpy(rctx->tbuf, tbs, tbslen); | |
75d44c04 DSH |
174 | rctx->tbuf[tbslen] = |
175 | RSA_X931_hash_id(EVP_MD_type(rctx->md)); | |
b2a97be7 | 176 | ret = RSA_private_encrypt(tbslen + 1, rctx->tbuf, |
a7ffd9d1 | 177 | sig, rsa, RSA_X931_PADDING); |
b2a97be7 DSH |
178 | } |
179 | else if (rctx->pad_mode == RSA_PKCS1_PADDING) | |
180 | { | |
181 | unsigned int sltmp; | |
75d44c04 | 182 | ret = RSA_sign(EVP_MD_type(rctx->md), |
a7ffd9d1 | 183 | tbs, tbslen, sig, &sltmp, rsa); |
4f59b658 DSH |
184 | if (ret <= 0) |
185 | return ret; | |
186 | ret = sltmp; | |
b2a97be7 | 187 | } |
a7ffd9d1 DSH |
188 | else if (rctx->pad_mode == RSA_PKCS1_PSS_PADDING) |
189 | { | |
77f4b6ba DSH |
190 | const EVP_MD *pssmd; |
191 | pssmd = rctx->mgf1md; | |
192 | if (pssmd == NULL) | |
193 | pssmd = rctx->md; | |
a7ffd9d1 DSH |
194 | if (!setup_tbuf(rctx, ctx)) |
195 | return -1; | |
196 | if (!RSA_padding_add_PKCS1_PSS(rsa, rctx->tbuf, tbs, | |
77f4b6ba | 197 | pssmd, rctx->saltlen)) |
a7ffd9d1 DSH |
198 | return -1; |
199 | ret = RSA_private_encrypt(RSA_size(rsa), rctx->tbuf, | |
200 | sig, rsa, RSA_NO_PADDING); | |
201 | } | |
b2a97be7 DSH |
202 | else |
203 | return -1; | |
204 | } | |
205 | else | |
206 | ret = RSA_private_encrypt(tbslen, tbs, sig, ctx->pkey->pkey.rsa, | |
07e970c7 DSH |
207 | rctx->pad_mode); |
208 | if (ret < 0) | |
209 | return ret; | |
210 | *siglen = ret; | |
211 | return 1; | |
212 | } | |
213 | ||
214 | ||
215 | static int pkey_rsa_verifyrecover(EVP_PKEY_CTX *ctx, | |
eaff5a14 DSH |
216 | unsigned char *rout, size_t *routlen, |
217 | const unsigned char *sig, size_t siglen) | |
07e970c7 DSH |
218 | { |
219 | int ret; | |
220 | RSA_PKEY_CTX *rctx = ctx->data; | |
b2a97be7 | 221 | |
75d44c04 | 222 | if (rctx->md) |
b2a97be7 DSH |
223 | { |
224 | if (rctx->pad_mode == RSA_X931_PADDING) | |
225 | { | |
226 | if (!setup_tbuf(rctx, ctx)) | |
227 | return -1; | |
4f59b658 | 228 | ret = RSA_public_decrypt(siglen, sig, |
b2a97be7 DSH |
229 | rctx->tbuf, ctx->pkey->pkey.rsa, |
230 | RSA_X931_PADDING); | |
231 | if (ret < 1) | |
232 | return 0; | |
9fdab72d | 233 | ret--; |
75d44c04 DSH |
234 | if (rctx->tbuf[ret] != |
235 | RSA_X931_hash_id(EVP_MD_type(rctx->md))) | |
b2a97be7 DSH |
236 | { |
237 | RSAerr(RSA_F_PKEY_RSA_VERIFYRECOVER, | |
238 | RSA_R_ALGORITHM_MISMATCH); | |
239 | return 0; | |
240 | } | |
75d44c04 DSH |
241 | if (ret != EVP_MD_size(rctx->md)) |
242 | { | |
243 | RSAerr(RSA_F_PKEY_RSA_VERIFYRECOVER, | |
244 | RSA_R_INVALID_DIGEST_LENGTH); | |
245 | return 0; | |
246 | } | |
4f59b658 DSH |
247 | if (rout) |
248 | memcpy(rout, rctx->tbuf, ret); | |
b2a97be7 DSH |
249 | } |
250 | else if (rctx->pad_mode == RSA_PKCS1_PADDING) | |
251 | { | |
786aa98d | 252 | size_t sltmp; |
75d44c04 | 253 | ret = int_rsa_verify(EVP_MD_type(rctx->md), |
4f59b658 DSH |
254 | NULL, 0, rout, &sltmp, |
255 | sig, siglen, ctx->pkey->pkey.rsa); | |
716630c0 | 256 | ret = sltmp; |
b2a97be7 DSH |
257 | } |
258 | else | |
259 | return -1; | |
260 | } | |
261 | else | |
4f59b658 | 262 | ret = RSA_public_decrypt(siglen, sig, rout, ctx->pkey->pkey.rsa, |
07e970c7 DSH |
263 | rctx->pad_mode); |
264 | if (ret < 0) | |
265 | return ret; | |
4f59b658 | 266 | *routlen = ret; |
07e970c7 DSH |
267 | return 1; |
268 | } | |
269 | ||
4f59b658 | 270 | static int pkey_rsa_verify(EVP_PKEY_CTX *ctx, |
eaff5a14 DSH |
271 | const unsigned char *sig, size_t siglen, |
272 | const unsigned char *tbs, size_t tbslen) | |
4f59b658 DSH |
273 | { |
274 | RSA_PKEY_CTX *rctx = ctx->data; | |
a7ffd9d1 | 275 | RSA *rsa = ctx->pkey->pkey.rsa; |
eaff5a14 | 276 | size_t rslen; |
4f59b658 DSH |
277 | if (rctx->md) |
278 | { | |
279 | if (rctx->pad_mode == RSA_PKCS1_PADDING) | |
280 | return RSA_verify(EVP_MD_type(rctx->md), tbs, tbslen, | |
a7ffd9d1 | 281 | sig, siglen, rsa); |
4f59b658 DSH |
282 | if (rctx->pad_mode == RSA_X931_PADDING) |
283 | { | |
284 | if (pkey_rsa_verifyrecover(ctx, NULL, &rslen, | |
285 | sig, siglen) <= 0) | |
286 | return 0; | |
287 | } | |
a7ffd9d1 DSH |
288 | else if (rctx->pad_mode == RSA_PKCS1_PSS_PADDING) |
289 | { | |
290 | int ret; | |
77f4b6ba DSH |
291 | const EVP_MD *pssmd; |
292 | pssmd = rctx->mgf1md; | |
293 | if (pssmd == NULL) | |
294 | pssmd = rctx->md; | |
a7ffd9d1 DSH |
295 | if (!setup_tbuf(rctx, ctx)) |
296 | return -1; | |
297 | ret = RSA_public_decrypt(siglen, sig, rctx->tbuf, | |
298 | rsa, RSA_NO_PADDING); | |
299 | if (ret <= 0) | |
300 | return 0; | |
77f4b6ba | 301 | ret = RSA_verify_PKCS1_PSS(rsa, tbs, pssmd, |
a7ffd9d1 DSH |
302 | rctx->tbuf, rctx->saltlen); |
303 | if (ret <= 0) | |
304 | return 0; | |
305 | return 1; | |
306 | } | |
4f59b658 DSH |
307 | else |
308 | return -1; | |
309 | } | |
310 | else | |
311 | { | |
312 | if (!setup_tbuf(rctx, ctx)) | |
313 | return -1; | |
314 | rslen = RSA_public_decrypt(siglen, sig, rctx->tbuf, | |
a7ffd9d1 | 315 | rsa, rctx->pad_mode); |
0cfc80c4 | 316 | if (rslen == 0) |
4f59b658 DSH |
317 | return 0; |
318 | } | |
319 | ||
320 | if ((rslen != tbslen) || memcmp(tbs, rctx->tbuf, rslen)) | |
321 | return 0; | |
322 | ||
323 | return 1; | |
324 | ||
325 | } | |
326 | ||
327 | ||
eaff5a14 DSH |
328 | static int pkey_rsa_encrypt(EVP_PKEY_CTX *ctx, |
329 | unsigned char *out, size_t *outlen, | |
330 | const unsigned char *in, size_t inlen) | |
8cd44e36 DSH |
331 | { |
332 | int ret; | |
333 | RSA_PKEY_CTX *rctx = ctx->data; | |
334 | ret = RSA_public_encrypt(inlen, in, out, ctx->pkey->pkey.rsa, | |
335 | rctx->pad_mode); | |
336 | if (ret < 0) | |
337 | return ret; | |
338 | *outlen = ret; | |
339 | return 1; | |
340 | } | |
341 | ||
eaff5a14 DSH |
342 | static int pkey_rsa_decrypt(EVP_PKEY_CTX *ctx, |
343 | unsigned char *out, size_t *outlen, | |
344 | const unsigned char *in, size_t inlen) | |
8cd44e36 DSH |
345 | { |
346 | int ret; | |
347 | RSA_PKEY_CTX *rctx = ctx->data; | |
348 | ret = RSA_private_decrypt(inlen, in, out, ctx->pkey->pkey.rsa, | |
349 | rctx->pad_mode); | |
350 | if (ret < 0) | |
351 | return ret; | |
352 | *outlen = ret; | |
353 | return 1; | |
354 | } | |
07e970c7 | 355 | |
75d44c04 | 356 | static int check_padding_md(const EVP_MD *md, int padding) |
b2a97be7 | 357 | { |
75d44c04 | 358 | if (!md) |
b2a97be7 | 359 | return 1; |
a7ffd9d1 | 360 | |
b2a97be7 DSH |
361 | if (padding == RSA_NO_PADDING) |
362 | { | |
c927df3f | 363 | RSAerr(RSA_F_CHECK_PADDING_MD, RSA_R_INVALID_PADDING_MODE); |
b2a97be7 DSH |
364 | return 0; |
365 | } | |
366 | ||
367 | if (padding == RSA_X931_PADDING) | |
368 | { | |
75d44c04 | 369 | if (RSA_X931_hash_id(EVP_MD_type(md)) == -1) |
b2a97be7 | 370 | { |
c927df3f | 371 | RSAerr(RSA_F_CHECK_PADDING_MD, |
b2a97be7 DSH |
372 | RSA_R_INVALID_X931_DIGEST); |
373 | return 0; | |
374 | } | |
375 | return 1; | |
376 | } | |
377 | ||
378 | return 1; | |
379 | } | |
380 | ||
381 | ||
4a3dc3c0 DSH |
382 | static int pkey_rsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) |
383 | { | |
384 | RSA_PKEY_CTX *rctx = ctx->data; | |
385 | switch (type) | |
386 | { | |
4a3dc3c0 | 387 | case EVP_PKEY_CTRL_RSA_PADDING: |
29db322e | 388 | if ((p1 >= RSA_PKCS1_PADDING) && (p1 <= RSA_PKCS1_PSS_PADDING)) |
4a3dc3c0 | 389 | { |
75d44c04 | 390 | if (!check_padding_md(rctx->md, p1)) |
b2a97be7 | 391 | return 0; |
a7ffd9d1 DSH |
392 | if (p1 == RSA_PKCS1_PSS_PADDING) |
393 | { | |
7f57b076 DSH |
394 | if (!(ctx->operation & |
395 | (EVP_PKEY_OP_SIGN | EVP_PKEY_OP_VERIFY))) | |
396 | goto bad_pad; | |
a7ffd9d1 DSH |
397 | if (!rctx->md) |
398 | rctx->md = EVP_sha1(); | |
399 | } | |
400 | if (p1 == RSA_PKCS1_OAEP_PADDING) | |
401 | { | |
402 | if (!(ctx->operation & EVP_PKEY_OP_TYPE_CRYPT)) | |
7f57b076 | 403 | goto bad_pad; |
a7ffd9d1 DSH |
404 | if (!rctx->md) |
405 | rctx->md = EVP_sha1(); | |
406 | } | |
4a3dc3c0 DSH |
407 | rctx->pad_mode = p1; |
408 | return 1; | |
409 | } | |
7f57b076 DSH |
410 | bad_pad: |
411 | RSAerr(RSA_F_PKEY_RSA_CTRL, | |
412 | RSA_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE); | |
6471c9f4 | 413 | return -2; |
4a3dc3c0 | 414 | |
f9a6348a DSH |
415 | case EVP_PKEY_CTRL_RSA_PSS_SALTLEN: |
416 | if (p1 < -2) | |
417 | return -2; | |
418 | if (rctx->pad_mode != RSA_PKCS1_PSS_PADDING) | |
7f57b076 DSH |
419 | { |
420 | RSAerr(RSA_F_PKEY_RSA_CTRL, RSA_R_INVALID_PSS_SALTLEN); | |
f9a6348a | 421 | return -2; |
7f57b076 | 422 | } |
f9a6348a DSH |
423 | rctx->saltlen = p1; |
424 | return 1; | |
425 | ||
54d853eb DSH |
426 | case EVP_PKEY_CTRL_RSA_KEYGEN_BITS: |
427 | if (p1 < 256) | |
7f57b076 DSH |
428 | { |
429 | RSAerr(RSA_F_PKEY_RSA_CTRL, RSA_R_INVALID_KEYBITS); | |
54d853eb | 430 | return -2; |
7f57b076 | 431 | } |
54d853eb DSH |
432 | rctx->nbits = p1; |
433 | return 1; | |
434 | ||
435 | case EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP: | |
436 | if (!p2) | |
437 | return -2; | |
438 | rctx->pub_exp = p2; | |
439 | return 1; | |
440 | ||
75d44c04 DSH |
441 | case EVP_PKEY_CTRL_MD: |
442 | if (!check_padding_md(p2, rctx->pad_mode)) | |
b2a97be7 | 443 | return 0; |
75d44c04 | 444 | rctx->md = p2; |
b2a97be7 DSH |
445 | return 1; |
446 | ||
31904ecd | 447 | case EVP_PKEY_CTRL_RSA_MGF1_MD: |
77f4b6ba DSH |
448 | rctx->mgf1md = p2; |
449 | return 1; | |
450 | ||
156ee882 | 451 | case EVP_PKEY_CTRL_DIGESTINIT: |
399a6f0b DSH |
452 | case EVP_PKEY_CTRL_PKCS7_ENCRYPT: |
453 | case EVP_PKEY_CTRL_PKCS7_DECRYPT: | |
b7683e3a | 454 | case EVP_PKEY_CTRL_PKCS7_SIGN: |
8931b30d DSH |
455 | #ifndef OPENSSL_NO_CMS |
456 | case EVP_PKEY_CTRL_CMS_ENCRYPT: | |
457 | case EVP_PKEY_CTRL_CMS_DECRYPT: | |
458 | case EVP_PKEY_CTRL_CMS_SIGN: | |
459 | #endif | |
399a6f0b | 460 | return 1; |
0e1dba93 DSH |
461 | case EVP_PKEY_CTRL_PEER_KEY: |
462 | RSAerr(RSA_F_PKEY_RSA_CTRL, | |
4f1aa191 | 463 | RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); |
0e1dba93 | 464 | return -2; |
399a6f0b | 465 | |
4a3dc3c0 DSH |
466 | default: |
467 | return -2; | |
468 | ||
469 | } | |
470 | } | |
471 | ||
472 | static int pkey_rsa_ctrl_str(EVP_PKEY_CTX *ctx, | |
473 | const char *type, const char *value) | |
474 | { | |
7f57b076 DSH |
475 | if (!value) |
476 | { | |
477 | RSAerr(RSA_F_PKEY_RSA_CTRL_STR, RSA_R_VALUE_MISSING); | |
478 | return 0; | |
479 | } | |
4a3dc3c0 DSH |
480 | if (!strcmp(type, "rsa_padding_mode")) |
481 | { | |
482 | int pm; | |
4a3dc3c0 DSH |
483 | if (!strcmp(value, "pkcs1")) |
484 | pm = RSA_PKCS1_PADDING; | |
485 | else if (!strcmp(value, "sslv23")) | |
486 | pm = RSA_SSLV23_PADDING; | |
487 | else if (!strcmp(value, "none")) | |
488 | pm = RSA_NO_PADDING; | |
489 | else if (!strcmp(value, "oeap")) | |
490 | pm = RSA_PKCS1_OAEP_PADDING; | |
491 | else if (!strcmp(value, "x931")) | |
492 | pm = RSA_X931_PADDING; | |
29db322e DSH |
493 | else if (!strcmp(value, "pss")) |
494 | pm = RSA_PKCS1_PSS_PADDING; | |
4a3dc3c0 | 495 | else |
7f57b076 DSH |
496 | { |
497 | RSAerr(RSA_F_PKEY_RSA_CTRL_STR, | |
498 | RSA_R_UNKNOWN_PADDING_TYPE); | |
4a3dc3c0 | 499 | return -2; |
7f57b076 | 500 | } |
6471c9f4 | 501 | return EVP_PKEY_CTX_set_rsa_padding(ctx, pm); |
4a3dc3c0 | 502 | } |
54d853eb | 503 | |
f9a6348a DSH |
504 | if (!strcmp(type, "rsa_pss_saltlen")) |
505 | { | |
506 | int saltlen; | |
507 | saltlen = atoi(value); | |
508 | return EVP_PKEY_CTX_set_rsa_pss_saltlen(ctx, saltlen); | |
509 | } | |
54d853eb DSH |
510 | |
511 | if (!strcmp(type, "rsa_keygen_bits")) | |
512 | { | |
513 | int nbits; | |
514 | nbits = atoi(value); | |
515 | return EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, nbits); | |
516 | } | |
517 | ||
518 | if (!strcmp(type, "rsa_keygen_pubexp")) | |
519 | { | |
520 | int ret; | |
521 | BIGNUM *pubexp = NULL; | |
522 | if (!BN_asc2bn(&pubexp, value)) | |
523 | return 0; | |
524 | ret = EVP_PKEY_CTX_set_rsa_keygen_pubexp(ctx, pubexp); | |
525 | if (ret <= 0) | |
526 | BN_free(pubexp); | |
527 | return ret; | |
528 | } | |
529 | ||
4a3dc3c0 DSH |
530 | return -2; |
531 | } | |
532 | ||
f5cda4cb DSH |
533 | static int pkey_rsa_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) |
534 | { | |
535 | RSA *rsa = NULL; | |
536 | RSA_PKEY_CTX *rctx = ctx->data; | |
537 | BN_GENCB *pcb, cb; | |
538 | int ret; | |
539 | if (!rctx->pub_exp) | |
540 | { | |
541 | rctx->pub_exp = BN_new(); | |
542 | if (!rctx->pub_exp || !BN_set_word(rctx->pub_exp, RSA_F4)) | |
543 | return 0; | |
544 | } | |
545 | rsa = RSA_new(); | |
546 | if (!rsa) | |
547 | return 0; | |
548 | if (ctx->pkey_gencb) | |
549 | { | |
550 | pcb = &cb; | |
551 | evp_pkey_set_cb_translate(pcb, ctx); | |
552 | } | |
553 | else | |
554 | pcb = NULL; | |
555 | ret = RSA_generate_key_ex(rsa, rctx->nbits, rctx->pub_exp, pcb); | |
556 | if (ret > 0) | |
557 | EVP_PKEY_assign_RSA(pkey, rsa); | |
558 | else | |
559 | RSA_free(rsa); | |
560 | return ret; | |
561 | } | |
562 | ||
0b6f3c66 DSH |
563 | const EVP_PKEY_METHOD rsa_pkey_meth = |
564 | { | |
565 | EVP_PKEY_RSA, | |
b010b7c4 | 566 | EVP_PKEY_FLAG_AUTOARGLEN, |
07e970c7 | 567 | pkey_rsa_init, |
8bdcef40 | 568 | pkey_rsa_copy, |
07e970c7 DSH |
569 | pkey_rsa_cleanup, |
570 | ||
571 | 0,0, | |
572 | ||
f5cda4cb DSH |
573 | 0, |
574 | pkey_rsa_keygen, | |
07e970c7 DSH |
575 | |
576 | 0, | |
577 | pkey_rsa_sign, | |
578 | ||
4f59b658 DSH |
579 | 0, |
580 | pkey_rsa_verify, | |
07e970c7 DSH |
581 | |
582 | 0, | |
8cd44e36 DSH |
583 | pkey_rsa_verifyrecover, |
584 | ||
585 | ||
586 | 0,0,0,0, | |
587 | ||
588 | 0, | |
589 | pkey_rsa_encrypt, | |
590 | ||
591 | 0, | |
592 | pkey_rsa_decrypt, | |
593 | ||
d87e6152 DSH |
594 | 0,0, |
595 | ||
4a3dc3c0 DSH |
596 | pkey_rsa_ctrl, |
597 | pkey_rsa_ctrl_str | |
8cd44e36 | 598 | |
07e970c7 | 599 | |
0b6f3c66 | 600 | }; |