]>
Commit | Line | Data |
---|---|---|
0f113f3e | 1 | /* |
2039c421 | 2 | * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. |
0b6f3c66 | 3 | * |
2039c421 RS |
4 | * Licensed under the OpenSSL license (the "License"). You may not use |
5 | * this file except in compliance with the License. You can obtain a copy | |
6 | * in the file LICENSE in the source distribution or at | |
7 | * https://www.openssl.org/source/license.html | |
0b6f3c66 DSH |
8 | */ |
9 | ||
10 | #include <stdio.h> | |
b39fc560 | 11 | #include "internal/cryptlib.h" |
0b6f3c66 DSH |
12 | #include <openssl/asn1t.h> |
13 | #include <openssl/x509.h> | |
14 | #include <openssl/rsa.h> | |
1e26a8ba | 15 | #include <openssl/bn.h> |
b2a97be7 | 16 | #include <openssl/evp.h> |
271fef0e | 17 | #include <openssl/x509v3.h> |
3c27208f | 18 | #include <openssl/cms.h> |
27af42f9 | 19 | #include "internal/evp_int.h" |
777c47ac | 20 | #include "rsa_locl.h" |
b2a97be7 | 21 | |
07e970c7 DSH |
22 | /* RSA pkey context structure */ |
23 | ||
0f113f3e MC |
24 | typedef struct { |
25 | /* Key gen parameters */ | |
26 | int nbits; | |
27 | BIGNUM *pub_exp; | |
28 | /* Keygen callback info */ | |
29 | int gentmp[2]; | |
30 | /* RSA padding mode */ | |
31 | int pad_mode; | |
32 | /* message digest */ | |
33 | const EVP_MD *md; | |
34 | /* message digest for MGF1 */ | |
35 | const EVP_MD *mgf1md; | |
36 | /* PSS salt length */ | |
37 | int saltlen; | |
38 | /* Temp buffer */ | |
39 | unsigned char *tbuf; | |
40 | /* OAEP label */ | |
41 | unsigned char *oaep_label; | |
42 | size_t oaep_labellen; | |
43 | } RSA_PKEY_CTX; | |
07e970c7 DSH |
44 | |
45 | static int pkey_rsa_init(EVP_PKEY_CTX *ctx) | |
0f113f3e MC |
46 | { |
47 | RSA_PKEY_CTX *rctx; | |
64b25758 | 48 | rctx = OPENSSL_zalloc(sizeof(*rctx)); |
90945fa3 | 49 | if (rctx == NULL) |
0f113f3e MC |
50 | return 0; |
51 | rctx->nbits = 1024; | |
0f113f3e | 52 | rctx->pad_mode = RSA_PKCS1_PADDING; |
0f113f3e | 53 | rctx->saltlen = -2; |
0f113f3e MC |
54 | ctx->data = rctx; |
55 | ctx->keygen_info = rctx->gentmp; | |
56 | ctx->keygen_info_count = 2; | |
57 | ||
58 | return 1; | |
59 | } | |
b2a97be7 | 60 | |
8bdcef40 | 61 | static int pkey_rsa_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src) |
0f113f3e MC |
62 | { |
63 | RSA_PKEY_CTX *dctx, *sctx; | |
64 | if (!pkey_rsa_init(dst)) | |
65 | return 0; | |
66 | sctx = src->data; | |
67 | dctx = dst->data; | |
68 | dctx->nbits = sctx->nbits; | |
69 | if (sctx->pub_exp) { | |
70 | dctx->pub_exp = BN_dup(sctx->pub_exp); | |
71 | if (!dctx->pub_exp) | |
72 | return 0; | |
73 | } | |
74 | dctx->pad_mode = sctx->pad_mode; | |
75 | dctx->md = sctx->md; | |
76 | dctx->mgf1md = sctx->mgf1md; | |
77 | if (sctx->oaep_label) { | |
b548a1f1 | 78 | OPENSSL_free(dctx->oaep_label); |
7644a9ae | 79 | dctx->oaep_label = OPENSSL_memdup(sctx->oaep_label, sctx->oaep_labellen); |
0f113f3e MC |
80 | if (!dctx->oaep_label) |
81 | return 0; | |
82 | dctx->oaep_labellen = sctx->oaep_labellen; | |
83 | } | |
84 | return 1; | |
85 | } | |
8bdcef40 | 86 | |
b2a97be7 | 87 | static int setup_tbuf(RSA_PKEY_CTX *ctx, EVP_PKEY_CTX *pk) |
0f113f3e MC |
88 | { |
89 | if (ctx->tbuf) | |
90 | return 1; | |
91 | ctx->tbuf = OPENSSL_malloc(EVP_PKEY_size(pk->pkey)); | |
90945fa3 | 92 | if (ctx->tbuf == NULL) |
0f113f3e MC |
93 | return 0; |
94 | return 1; | |
95 | } | |
07e970c7 DSH |
96 | |
97 | static void pkey_rsa_cleanup(EVP_PKEY_CTX *ctx) | |
0f113f3e MC |
98 | { |
99 | RSA_PKEY_CTX *rctx = ctx->data; | |
100 | if (rctx) { | |
23a1d5e9 | 101 | BN_free(rctx->pub_exp); |
b548a1f1 RS |
102 | OPENSSL_free(rctx->tbuf); |
103 | OPENSSL_free(rctx->oaep_label); | |
0f113f3e MC |
104 | OPENSSL_free(rctx); |
105 | } | |
106 | } | |
107 | ||
108 | static int pkey_rsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, | |
109 | size_t *siglen, const unsigned char *tbs, | |
110 | size_t tbslen) | |
111 | { | |
112 | int ret; | |
113 | RSA_PKEY_CTX *rctx = ctx->data; | |
114 | RSA *rsa = ctx->pkey->pkey.rsa; | |
115 | ||
116 | if (rctx->md) { | |
117 | if (tbslen != (size_t)EVP_MD_size(rctx->md)) { | |
118 | RSAerr(RSA_F_PKEY_RSA_SIGN, RSA_R_INVALID_DIGEST_LENGTH); | |
119 | return -1; | |
120 | } | |
121 | ||
122 | if (EVP_MD_type(rctx->md) == NID_mdc2) { | |
123 | unsigned int sltmp; | |
124 | if (rctx->pad_mode != RSA_PKCS1_PADDING) | |
125 | return -1; | |
a773b52a | 126 | ret = RSA_sign_ASN1_OCTET_STRING(0, |
0f113f3e MC |
127 | tbs, tbslen, sig, &sltmp, rsa); |
128 | ||
129 | if (ret <= 0) | |
130 | return ret; | |
131 | ret = sltmp; | |
132 | } else if (rctx->pad_mode == RSA_X931_PADDING) { | |
34166d41 MC |
133 | if ((size_t)EVP_PKEY_size(ctx->pkey) < tbslen + 1) { |
134 | RSAerr(RSA_F_PKEY_RSA_SIGN, RSA_R_KEY_SIZE_TOO_SMALL); | |
0f113f3e | 135 | return -1; |
34166d41 MC |
136 | } |
137 | if (!setup_tbuf(rctx, ctx)) { | |
138 | RSAerr(RSA_F_PKEY_RSA_SIGN, ERR_R_MALLOC_FAILURE); | |
139 | return -1; | |
140 | } | |
0f113f3e MC |
141 | memcpy(rctx->tbuf, tbs, tbslen); |
142 | rctx->tbuf[tbslen] = RSA_X931_hash_id(EVP_MD_type(rctx->md)); | |
143 | ret = RSA_private_encrypt(tbslen + 1, rctx->tbuf, | |
144 | sig, rsa, RSA_X931_PADDING); | |
145 | } else if (rctx->pad_mode == RSA_PKCS1_PADDING) { | |
146 | unsigned int sltmp; | |
147 | ret = RSA_sign(EVP_MD_type(rctx->md), | |
148 | tbs, tbslen, sig, &sltmp, rsa); | |
149 | if (ret <= 0) | |
150 | return ret; | |
151 | ret = sltmp; | |
152 | } else if (rctx->pad_mode == RSA_PKCS1_PSS_PADDING) { | |
153 | if (!setup_tbuf(rctx, ctx)) | |
154 | return -1; | |
155 | if (!RSA_padding_add_PKCS1_PSS_mgf1(rsa, | |
156 | rctx->tbuf, tbs, | |
157 | rctx->md, rctx->mgf1md, | |
158 | rctx->saltlen)) | |
159 | return -1; | |
160 | ret = RSA_private_encrypt(RSA_size(rsa), rctx->tbuf, | |
161 | sig, rsa, RSA_NO_PADDING); | |
162 | } else | |
163 | return -1; | |
164 | } else | |
165 | ret = RSA_private_encrypt(tbslen, tbs, sig, ctx->pkey->pkey.rsa, | |
166 | rctx->pad_mode); | |
167 | if (ret < 0) | |
168 | return ret; | |
169 | *siglen = ret; | |
170 | return 1; | |
171 | } | |
07e970c7 DSH |
172 | |
173 | static int pkey_rsa_verifyrecover(EVP_PKEY_CTX *ctx, | |
0f113f3e MC |
174 | unsigned char *rout, size_t *routlen, |
175 | const unsigned char *sig, size_t siglen) | |
176 | { | |
177 | int ret; | |
178 | RSA_PKEY_CTX *rctx = ctx->data; | |
179 | ||
180 | if (rctx->md) { | |
181 | if (rctx->pad_mode == RSA_X931_PADDING) { | |
182 | if (!setup_tbuf(rctx, ctx)) | |
183 | return -1; | |
184 | ret = RSA_public_decrypt(siglen, sig, | |
185 | rctx->tbuf, ctx->pkey->pkey.rsa, | |
186 | RSA_X931_PADDING); | |
187 | if (ret < 1) | |
188 | return 0; | |
189 | ret--; | |
190 | if (rctx->tbuf[ret] != RSA_X931_hash_id(EVP_MD_type(rctx->md))) { | |
191 | RSAerr(RSA_F_PKEY_RSA_VERIFYRECOVER, | |
192 | RSA_R_ALGORITHM_MISMATCH); | |
193 | return 0; | |
194 | } | |
195 | if (ret != EVP_MD_size(rctx->md)) { | |
196 | RSAerr(RSA_F_PKEY_RSA_VERIFYRECOVER, | |
197 | RSA_R_INVALID_DIGEST_LENGTH); | |
198 | return 0; | |
199 | } | |
200 | if (rout) | |
201 | memcpy(rout, rctx->tbuf, ret); | |
202 | } else if (rctx->pad_mode == RSA_PKCS1_PADDING) { | |
203 | size_t sltmp; | |
204 | ret = int_rsa_verify(EVP_MD_type(rctx->md), | |
205 | NULL, 0, rout, &sltmp, | |
206 | sig, siglen, ctx->pkey->pkey.rsa); | |
207 | if (ret <= 0) | |
208 | return 0; | |
209 | ret = sltmp; | |
210 | } else | |
211 | return -1; | |
212 | } else | |
213 | ret = RSA_public_decrypt(siglen, sig, rout, ctx->pkey->pkey.rsa, | |
214 | rctx->pad_mode); | |
215 | if (ret < 0) | |
216 | return ret; | |
217 | *routlen = ret; | |
218 | return 1; | |
219 | } | |
07e970c7 | 220 | |
4f59b658 | 221 | static int pkey_rsa_verify(EVP_PKEY_CTX *ctx, |
0f113f3e MC |
222 | const unsigned char *sig, size_t siglen, |
223 | const unsigned char *tbs, size_t tbslen) | |
224 | { | |
225 | RSA_PKEY_CTX *rctx = ctx->data; | |
226 | RSA *rsa = ctx->pkey->pkey.rsa; | |
227 | size_t rslen; | |
228 | if (rctx->md) { | |
229 | if (rctx->pad_mode == RSA_PKCS1_PADDING) | |
230 | return RSA_verify(EVP_MD_type(rctx->md), tbs, tbslen, | |
231 | sig, siglen, rsa); | |
71bbc79b DSH |
232 | if (tbslen != (size_t)EVP_MD_size(rctx->md)) { |
233 | RSAerr(RSA_F_PKEY_RSA_VERIFY, RSA_R_INVALID_DIGEST_LENGTH); | |
234 | return -1; | |
235 | } | |
0f113f3e MC |
236 | if (rctx->pad_mode == RSA_X931_PADDING) { |
237 | if (pkey_rsa_verifyrecover(ctx, NULL, &rslen, sig, siglen) <= 0) | |
238 | return 0; | |
239 | } else if (rctx->pad_mode == RSA_PKCS1_PSS_PADDING) { | |
240 | int ret; | |
241 | if (!setup_tbuf(rctx, ctx)) | |
242 | return -1; | |
243 | ret = RSA_public_decrypt(siglen, sig, rctx->tbuf, | |
244 | rsa, RSA_NO_PADDING); | |
245 | if (ret <= 0) | |
246 | return 0; | |
247 | ret = RSA_verify_PKCS1_PSS_mgf1(rsa, tbs, | |
248 | rctx->md, rctx->mgf1md, | |
249 | rctx->tbuf, rctx->saltlen); | |
250 | if (ret <= 0) | |
251 | return 0; | |
252 | return 1; | |
253 | } else | |
254 | return -1; | |
255 | } else { | |
256 | if (!setup_tbuf(rctx, ctx)) | |
257 | return -1; | |
258 | rslen = RSA_public_decrypt(siglen, sig, rctx->tbuf, | |
259 | rsa, rctx->pad_mode); | |
260 | if (rslen == 0) | |
261 | return 0; | |
262 | } | |
263 | ||
264 | if ((rslen != tbslen) || memcmp(tbs, rctx->tbuf, rslen)) | |
265 | return 0; | |
266 | ||
267 | return 1; | |
268 | ||
269 | } | |
4f59b658 | 270 | |
eaff5a14 | 271 | static int pkey_rsa_encrypt(EVP_PKEY_CTX *ctx, |
0f113f3e MC |
272 | unsigned char *out, size_t *outlen, |
273 | const unsigned char *in, size_t inlen) | |
274 | { | |
275 | int ret; | |
276 | RSA_PKEY_CTX *rctx = ctx->data; | |
277 | if (rctx->pad_mode == RSA_PKCS1_OAEP_PADDING) { | |
278 | int klen = RSA_size(ctx->pkey->pkey.rsa); | |
279 | if (!setup_tbuf(rctx, ctx)) | |
280 | return -1; | |
281 | if (!RSA_padding_add_PKCS1_OAEP_mgf1(rctx->tbuf, klen, | |
282 | in, inlen, | |
283 | rctx->oaep_label, | |
284 | rctx->oaep_labellen, | |
285 | rctx->md, rctx->mgf1md)) | |
286 | return -1; | |
287 | ret = RSA_public_encrypt(klen, rctx->tbuf, out, | |
288 | ctx->pkey->pkey.rsa, RSA_NO_PADDING); | |
289 | } else | |
290 | ret = RSA_public_encrypt(inlen, in, out, ctx->pkey->pkey.rsa, | |
291 | rctx->pad_mode); | |
292 | if (ret < 0) | |
293 | return ret; | |
294 | *outlen = ret; | |
295 | return 1; | |
296 | } | |
8cd44e36 | 297 | |
eaff5a14 | 298 | static int pkey_rsa_decrypt(EVP_PKEY_CTX *ctx, |
0f113f3e MC |
299 | unsigned char *out, size_t *outlen, |
300 | const unsigned char *in, size_t inlen) | |
301 | { | |
302 | int ret; | |
303 | RSA_PKEY_CTX *rctx = ctx->data; | |
304 | if (rctx->pad_mode == RSA_PKCS1_OAEP_PADDING) { | |
305 | int i; | |
306 | if (!setup_tbuf(rctx, ctx)) | |
307 | return -1; | |
308 | ret = RSA_private_decrypt(inlen, in, rctx->tbuf, | |
309 | ctx->pkey->pkey.rsa, RSA_NO_PADDING); | |
310 | if (ret <= 0) | |
311 | return ret; | |
312 | for (i = 0; i < ret; i++) { | |
313 | if (rctx->tbuf[i]) | |
314 | break; | |
315 | } | |
316 | ret = RSA_padding_check_PKCS1_OAEP_mgf1(out, ret, rctx->tbuf + i, | |
317 | ret - i, ret, | |
318 | rctx->oaep_label, | |
319 | rctx->oaep_labellen, | |
320 | rctx->md, rctx->mgf1md); | |
321 | } else | |
322 | ret = RSA_private_decrypt(inlen, in, out, ctx->pkey->pkey.rsa, | |
323 | rctx->pad_mode); | |
324 | if (ret < 0) | |
325 | return ret; | |
326 | *outlen = ret; | |
327 | return 1; | |
328 | } | |
07e970c7 | 329 | |
75d44c04 | 330 | static int check_padding_md(const EVP_MD *md, int padding) |
0f113f3e | 331 | { |
7f572e95 | 332 | int mdnid; |
0f113f3e MC |
333 | if (!md) |
334 | return 1; | |
335 | ||
7f572e95 DSH |
336 | mdnid = EVP_MD_type(md); |
337 | ||
0f113f3e MC |
338 | if (padding == RSA_NO_PADDING) { |
339 | RSAerr(RSA_F_CHECK_PADDING_MD, RSA_R_INVALID_PADDING_MODE); | |
340 | return 0; | |
341 | } | |
342 | ||
343 | if (padding == RSA_X931_PADDING) { | |
7f572e95 | 344 | if (RSA_X931_hash_id(mdnid) == -1) { |
0f113f3e MC |
345 | RSAerr(RSA_F_CHECK_PADDING_MD, RSA_R_INVALID_X931_DIGEST); |
346 | return 0; | |
347 | } | |
7f572e95 DSH |
348 | } else { |
349 | switch(mdnid) { | |
350 | /* List of all supported RSA digests */ | |
351 | case NID_sha1: | |
352 | case NID_sha224: | |
353 | case NID_sha256: | |
354 | case NID_sha384: | |
355 | case NID_sha512: | |
356 | case NID_md5: | |
357 | case NID_md5_sha1: | |
358 | case NID_md2: | |
359 | case NID_md4: | |
360 | case NID_mdc2: | |
361 | case NID_ripemd160: | |
362 | return 1; | |
363 | ||
364 | default: | |
365 | RSAerr(RSA_F_CHECK_PADDING_MD, RSA_R_INVALID_DIGEST); | |
366 | return 0; | |
367 | ||
368 | } | |
0f113f3e MC |
369 | } |
370 | ||
371 | return 1; | |
372 | } | |
b2a97be7 | 373 | |
4a3dc3c0 | 374 | static int pkey_rsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) |
0f113f3e MC |
375 | { |
376 | RSA_PKEY_CTX *rctx = ctx->data; | |
377 | switch (type) { | |
378 | case EVP_PKEY_CTRL_RSA_PADDING: | |
379 | if ((p1 >= RSA_PKCS1_PADDING) && (p1 <= RSA_PKCS1_PSS_PADDING)) { | |
380 | if (!check_padding_md(rctx->md, p1)) | |
381 | return 0; | |
382 | if (p1 == RSA_PKCS1_PSS_PADDING) { | |
383 | if (!(ctx->operation & | |
384 | (EVP_PKEY_OP_SIGN | EVP_PKEY_OP_VERIFY))) | |
385 | goto bad_pad; | |
386 | if (!rctx->md) | |
387 | rctx->md = EVP_sha1(); | |
388 | } | |
389 | if (p1 == RSA_PKCS1_OAEP_PADDING) { | |
390 | if (!(ctx->operation & EVP_PKEY_OP_TYPE_CRYPT)) | |
391 | goto bad_pad; | |
392 | if (!rctx->md) | |
393 | rctx->md = EVP_sha1(); | |
394 | } | |
395 | rctx->pad_mode = p1; | |
396 | return 1; | |
397 | } | |
398 | bad_pad: | |
399 | RSAerr(RSA_F_PKEY_RSA_CTRL, | |
400 | RSA_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE); | |
401 | return -2; | |
402 | ||
403 | case EVP_PKEY_CTRL_GET_RSA_PADDING: | |
404 | *(int *)p2 = rctx->pad_mode; | |
405 | return 1; | |
406 | ||
407 | case EVP_PKEY_CTRL_RSA_PSS_SALTLEN: | |
408 | case EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN: | |
409 | if (rctx->pad_mode != RSA_PKCS1_PSS_PADDING) { | |
410 | RSAerr(RSA_F_PKEY_RSA_CTRL, RSA_R_INVALID_PSS_SALTLEN); | |
411 | return -2; | |
412 | } | |
413 | if (type == EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN) | |
414 | *(int *)p2 = rctx->saltlen; | |
415 | else { | |
416 | if (p1 < -2) | |
417 | return -2; | |
418 | rctx->saltlen = p1; | |
419 | } | |
420 | return 1; | |
421 | ||
422 | case EVP_PKEY_CTRL_RSA_KEYGEN_BITS: | |
423 | if (p1 < 512) { | |
424 | RSAerr(RSA_F_PKEY_RSA_CTRL, RSA_R_KEY_SIZE_TOO_SMALL); | |
425 | return -2; | |
426 | } | |
427 | rctx->nbits = p1; | |
428 | return 1; | |
429 | ||
430 | case EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP: | |
464d59a5 RS |
431 | if (p2 == NULL || !BN_is_odd((BIGNUM *)p2) || BN_is_one((BIGNUM *)p2)) { |
432 | RSAerr(RSA_F_PKEY_RSA_CTRL, RSA_R_BAD_E_VALUE); | |
0f113f3e | 433 | return -2; |
464d59a5 | 434 | } |
0f113f3e MC |
435 | BN_free(rctx->pub_exp); |
436 | rctx->pub_exp = p2; | |
437 | return 1; | |
438 | ||
439 | case EVP_PKEY_CTRL_RSA_OAEP_MD: | |
440 | case EVP_PKEY_CTRL_GET_RSA_OAEP_MD: | |
441 | if (rctx->pad_mode != RSA_PKCS1_OAEP_PADDING) { | |
442 | RSAerr(RSA_F_PKEY_RSA_CTRL, RSA_R_INVALID_PADDING_MODE); | |
443 | return -2; | |
444 | } | |
445 | if (type == EVP_PKEY_CTRL_GET_RSA_OAEP_MD) | |
446 | *(const EVP_MD **)p2 = rctx->md; | |
447 | else | |
448 | rctx->md = p2; | |
449 | return 1; | |
450 | ||
451 | case EVP_PKEY_CTRL_MD: | |
452 | if (!check_padding_md(p2, rctx->pad_mode)) | |
453 | return 0; | |
454 | rctx->md = p2; | |
455 | return 1; | |
456 | ||
457 | case EVP_PKEY_CTRL_GET_MD: | |
458 | *(const EVP_MD **)p2 = rctx->md; | |
459 | return 1; | |
460 | ||
461 | case EVP_PKEY_CTRL_RSA_MGF1_MD: | |
462 | case EVP_PKEY_CTRL_GET_RSA_MGF1_MD: | |
463 | if (rctx->pad_mode != RSA_PKCS1_PSS_PADDING | |
464 | && rctx->pad_mode != RSA_PKCS1_OAEP_PADDING) { | |
465 | RSAerr(RSA_F_PKEY_RSA_CTRL, RSA_R_INVALID_MGF1_MD); | |
466 | return -2; | |
467 | } | |
468 | if (type == EVP_PKEY_CTRL_GET_RSA_MGF1_MD) { | |
469 | if (rctx->mgf1md) | |
470 | *(const EVP_MD **)p2 = rctx->mgf1md; | |
471 | else | |
472 | *(const EVP_MD **)p2 = rctx->md; | |
473 | } else | |
474 | rctx->mgf1md = p2; | |
475 | return 1; | |
476 | ||
477 | case EVP_PKEY_CTRL_RSA_OAEP_LABEL: | |
478 | if (rctx->pad_mode != RSA_PKCS1_OAEP_PADDING) { | |
479 | RSAerr(RSA_F_PKEY_RSA_CTRL, RSA_R_INVALID_PADDING_MODE); | |
480 | return -2; | |
481 | } | |
b548a1f1 | 482 | OPENSSL_free(rctx->oaep_label); |
0f113f3e MC |
483 | if (p2 && p1 > 0) { |
484 | rctx->oaep_label = p2; | |
485 | rctx->oaep_labellen = p1; | |
486 | } else { | |
487 | rctx->oaep_label = NULL; | |
488 | rctx->oaep_labellen = 0; | |
489 | } | |
490 | return 1; | |
491 | ||
492 | case EVP_PKEY_CTRL_GET_RSA_OAEP_LABEL: | |
493 | if (rctx->pad_mode != RSA_PKCS1_OAEP_PADDING) { | |
494 | RSAerr(RSA_F_PKEY_RSA_CTRL, RSA_R_INVALID_PADDING_MODE); | |
495 | return -2; | |
496 | } | |
497 | *(unsigned char **)p2 = rctx->oaep_label; | |
498 | return rctx->oaep_labellen; | |
499 | ||
500 | case EVP_PKEY_CTRL_DIGESTINIT: | |
501 | case EVP_PKEY_CTRL_PKCS7_ENCRYPT: | |
502 | case EVP_PKEY_CTRL_PKCS7_DECRYPT: | |
503 | case EVP_PKEY_CTRL_PKCS7_SIGN: | |
504 | return 1; | |
8931b30d | 505 | #ifndef OPENSSL_NO_CMS |
0f113f3e MC |
506 | case EVP_PKEY_CTRL_CMS_DECRYPT: |
507 | case EVP_PKEY_CTRL_CMS_ENCRYPT: | |
508 | case EVP_PKEY_CTRL_CMS_SIGN: | |
509 | return 1; | |
b3339050 | 510 | #endif |
0f113f3e MC |
511 | case EVP_PKEY_CTRL_PEER_KEY: |
512 | RSAerr(RSA_F_PKEY_RSA_CTRL, | |
513 | RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); | |
514 | return -2; | |
515 | ||
516 | default: | |
517 | return -2; | |
399a6f0b | 518 | |
0f113f3e MC |
519 | } |
520 | } | |
4a3dc3c0 | 521 | |
4a3dc3c0 | 522 | static int pkey_rsa_ctrl_str(EVP_PKEY_CTX *ctx, |
0f113f3e MC |
523 | const char *type, const char *value) |
524 | { | |
525 | if (!value) { | |
526 | RSAerr(RSA_F_PKEY_RSA_CTRL_STR, RSA_R_VALUE_MISSING); | |
527 | return 0; | |
528 | } | |
86885c28 | 529 | if (strcmp(type, "rsa_padding_mode") == 0) { |
0f113f3e | 530 | int pm; |
86885c28 | 531 | if (strcmp(value, "pkcs1") == 0) |
0f113f3e | 532 | pm = RSA_PKCS1_PADDING; |
86885c28 | 533 | else if (strcmp(value, "sslv23") == 0) |
0f113f3e | 534 | pm = RSA_SSLV23_PADDING; |
86885c28 | 535 | else if (strcmp(value, "none") == 0) |
0f113f3e | 536 | pm = RSA_NO_PADDING; |
86885c28 | 537 | else if (strcmp(value, "oeap") == 0) |
0f113f3e | 538 | pm = RSA_PKCS1_OAEP_PADDING; |
86885c28 | 539 | else if (strcmp(value, "oaep") == 0) |
0f113f3e | 540 | pm = RSA_PKCS1_OAEP_PADDING; |
86885c28 | 541 | else if (strcmp(value, "x931") == 0) |
0f113f3e | 542 | pm = RSA_X931_PADDING; |
86885c28 | 543 | else if (strcmp(value, "pss") == 0) |
0f113f3e MC |
544 | pm = RSA_PKCS1_PSS_PADDING; |
545 | else { | |
546 | RSAerr(RSA_F_PKEY_RSA_CTRL_STR, RSA_R_UNKNOWN_PADDING_TYPE); | |
547 | return -2; | |
548 | } | |
549 | return EVP_PKEY_CTX_set_rsa_padding(ctx, pm); | |
550 | } | |
551 | ||
86885c28 | 552 | if (strcmp(type, "rsa_pss_saltlen") == 0) { |
0f113f3e MC |
553 | int saltlen; |
554 | saltlen = atoi(value); | |
555 | return EVP_PKEY_CTX_set_rsa_pss_saltlen(ctx, saltlen); | |
556 | } | |
557 | ||
86885c28 | 558 | if (strcmp(type, "rsa_keygen_bits") == 0) { |
0f113f3e MC |
559 | int nbits; |
560 | nbits = atoi(value); | |
561 | return EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, nbits); | |
562 | } | |
563 | ||
86885c28 | 564 | if (strcmp(type, "rsa_keygen_pubexp") == 0) { |
0f113f3e MC |
565 | int ret; |
566 | BIGNUM *pubexp = NULL; | |
567 | if (!BN_asc2bn(&pubexp, value)) | |
568 | return 0; | |
569 | ret = EVP_PKEY_CTX_set_rsa_keygen_pubexp(ctx, pubexp); | |
570 | if (ret <= 0) | |
571 | BN_free(pubexp); | |
572 | return ret; | |
573 | } | |
574 | ||
86885c28 | 575 | if (strcmp(type, "rsa_mgf1_md") == 0) { |
0f113f3e | 576 | const EVP_MD *md; |
75ebbd9a | 577 | if ((md = EVP_get_digestbyname(value)) == NULL) { |
0f113f3e MC |
578 | RSAerr(RSA_F_PKEY_RSA_CTRL_STR, RSA_R_INVALID_DIGEST); |
579 | return 0; | |
580 | } | |
581 | return EVP_PKEY_CTX_set_rsa_mgf1_md(ctx, md); | |
582 | } | |
583 | ||
86885c28 | 584 | if (strcmp(type, "rsa_oaep_md") == 0) { |
0f113f3e | 585 | const EVP_MD *md; |
75ebbd9a | 586 | if ((md = EVP_get_digestbyname(value)) == NULL) { |
0f113f3e MC |
587 | RSAerr(RSA_F_PKEY_RSA_CTRL_STR, RSA_R_INVALID_DIGEST); |
588 | return 0; | |
589 | } | |
590 | return EVP_PKEY_CTX_set_rsa_oaep_md(ctx, md); | |
591 | } | |
86885c28 | 592 | if (strcmp(type, "rsa_oaep_label") == 0) { |
0f113f3e MC |
593 | unsigned char *lab; |
594 | long lablen; | |
595 | int ret; | |
14f051a0 | 596 | lab = OPENSSL_hexstr2buf(value, &lablen); |
0f113f3e MC |
597 | if (!lab) |
598 | return 0; | |
599 | ret = EVP_PKEY_CTX_set0_rsa_oaep_label(ctx, lab, lablen); | |
600 | if (ret <= 0) | |
601 | OPENSSL_free(lab); | |
602 | return ret; | |
603 | } | |
604 | ||
605 | return -2; | |
606 | } | |
4a3dc3c0 | 607 | |
f5cda4cb | 608 | static int pkey_rsa_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) |
0f113f3e MC |
609 | { |
610 | RSA *rsa = NULL; | |
611 | RSA_PKEY_CTX *rctx = ctx->data; | |
612 | BN_GENCB *pcb; | |
613 | int ret; | |
90945fa3 | 614 | if (rctx->pub_exp == NULL) { |
0f113f3e | 615 | rctx->pub_exp = BN_new(); |
90945fa3 | 616 | if (rctx->pub_exp == NULL || !BN_set_word(rctx->pub_exp, RSA_F4)) |
0f113f3e MC |
617 | return 0; |
618 | } | |
619 | rsa = RSA_new(); | |
90945fa3 | 620 | if (rsa == NULL) |
0f113f3e MC |
621 | return 0; |
622 | if (ctx->pkey_gencb) { | |
623 | pcb = BN_GENCB_new(); | |
90945fa3 | 624 | if (pcb == NULL) { |
0f113f3e MC |
625 | RSA_free(rsa); |
626 | return 0; | |
627 | } | |
628 | evp_pkey_set_cb_translate(pcb, ctx); | |
629 | } else | |
630 | pcb = NULL; | |
631 | ret = RSA_generate_key_ex(rsa, rctx->nbits, rctx->pub_exp, pcb); | |
632 | BN_GENCB_free(pcb); | |
633 | if (ret > 0) | |
faa02fe2 | 634 | EVP_PKEY_assign(pkey, ctx->pmeth->pkey_id, rsa); |
0f113f3e MC |
635 | else |
636 | RSA_free(rsa); | |
637 | return ret; | |
638 | } | |
639 | ||
640 | const EVP_PKEY_METHOD rsa_pkey_meth = { | |
641 | EVP_PKEY_RSA, | |
642 | EVP_PKEY_FLAG_AUTOARGLEN, | |
643 | pkey_rsa_init, | |
644 | pkey_rsa_copy, | |
645 | pkey_rsa_cleanup, | |
646 | ||
647 | 0, 0, | |
648 | ||
649 | 0, | |
650 | pkey_rsa_keygen, | |
651 | ||
652 | 0, | |
653 | pkey_rsa_sign, | |
654 | ||
655 | 0, | |
656 | pkey_rsa_verify, | |
657 | ||
658 | 0, | |
659 | pkey_rsa_verifyrecover, | |
660 | ||
661 | 0, 0, 0, 0, | |
662 | ||
663 | 0, | |
664 | pkey_rsa_encrypt, | |
665 | ||
666 | 0, | |
667 | pkey_rsa_decrypt, | |
668 | ||
669 | 0, 0, | |
670 | ||
671 | pkey_rsa_ctrl, | |
672 | pkey_rsa_ctrl_str | |
673 | }; |