]>
Commit | Line | Data |
---|---|---|
1 | /* | |
2 | * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved. | |
3 | * | |
4 | * Licensed under the Apache License 2.0 (the "License"). You may not use | |
5 | * this file except in compliance with the License. You can obtain a copy | |
6 | * in the file LICENSE in the source distribution or at | |
7 | * https://www.openssl.org/source/license.html | |
8 | */ | |
9 | ||
10 | /* | |
11 | * RSA low level APIs are deprecated for public use, but still ok for | |
12 | * internal use. | |
13 | */ | |
14 | #include "internal/deprecated.h" | |
15 | ||
16 | #include <openssl/core_dispatch.h> | |
17 | #include <openssl/core_names.h> | |
18 | #include <openssl/bn.h> | |
19 | #include <openssl/err.h> | |
20 | #include <openssl/rsa.h> | |
21 | #include <openssl/evp.h> | |
22 | #include <openssl/proverr.h> | |
23 | #include "prov/implementations.h" | |
24 | #include "prov/providercommon.h" | |
25 | #include "prov/provider_ctx.h" | |
26 | #include "crypto/rsa.h" | |
27 | #include "crypto/cryptlib.h" | |
28 | #include "internal/param_build_set.h" | |
29 | ||
30 | static OSSL_FUNC_keymgmt_new_fn rsa_newdata; | |
31 | static OSSL_FUNC_keymgmt_new_fn rsapss_newdata; | |
32 | static OSSL_FUNC_keymgmt_gen_init_fn rsa_gen_init; | |
33 | static OSSL_FUNC_keymgmt_gen_init_fn rsapss_gen_init; | |
34 | static OSSL_FUNC_keymgmt_gen_set_params_fn rsa_gen_set_params; | |
35 | static OSSL_FUNC_keymgmt_gen_settable_params_fn rsa_gen_settable_params; | |
36 | static OSSL_FUNC_keymgmt_gen_settable_params_fn rsapss_gen_settable_params; | |
37 | static OSSL_FUNC_keymgmt_gen_fn rsa_gen; | |
38 | static OSSL_FUNC_keymgmt_gen_cleanup_fn rsa_gen_cleanup; | |
39 | static OSSL_FUNC_keymgmt_load_fn rsa_load; | |
40 | static OSSL_FUNC_keymgmt_load_fn rsapss_load; | |
41 | static OSSL_FUNC_keymgmt_free_fn rsa_freedata; | |
42 | static OSSL_FUNC_keymgmt_get_params_fn rsa_get_params; | |
43 | static OSSL_FUNC_keymgmt_gettable_params_fn rsa_gettable_params; | |
44 | static OSSL_FUNC_keymgmt_has_fn rsa_has; | |
45 | static OSSL_FUNC_keymgmt_match_fn rsa_match; | |
46 | static OSSL_FUNC_keymgmt_validate_fn rsa_validate; | |
47 | static OSSL_FUNC_keymgmt_import_fn rsa_import; | |
48 | static OSSL_FUNC_keymgmt_import_types_fn rsa_import_types; | |
49 | static OSSL_FUNC_keymgmt_export_fn rsa_export; | |
50 | static OSSL_FUNC_keymgmt_export_types_fn rsa_export_types; | |
51 | static OSSL_FUNC_keymgmt_query_operation_name_fn rsa_query_operation_name; | |
52 | static OSSL_FUNC_keymgmt_dup_fn rsa_dup; | |
53 | ||
54 | #define RSA_DEFAULT_MD "SHA256" | |
55 | #define RSA_PSS_DEFAULT_MD OSSL_DIGEST_NAME_SHA1 | |
56 | #define RSA_POSSIBLE_SELECTIONS \ | |
57 | (OSSL_KEYMGMT_SELECT_KEYPAIR | OSSL_KEYMGMT_SELECT_OTHER_PARAMETERS) | |
58 | ||
59 | DEFINE_STACK_OF(BIGNUM) | |
60 | DEFINE_SPECIAL_STACK_OF_CONST(BIGNUM_const, BIGNUM) | |
61 | ||
62 | static int pss_params_fromdata(RSA_PSS_PARAMS_30 *pss_params, int *defaults_set, | |
63 | const OSSL_PARAM params[], int rsa_type, | |
64 | OSSL_LIB_CTX *libctx) | |
65 | { | |
66 | if (!ossl_rsa_pss_params_30_fromdata(pss_params, defaults_set, | |
67 | params, libctx)) | |
68 | return 0; | |
69 | ||
70 | /* If not a PSS type RSA, sending us PSS parameters is wrong */ | |
71 | if (rsa_type != RSA_FLAG_TYPE_RSASSAPSS | |
72 | && !ossl_rsa_pss_params_30_is_unrestricted(pss_params)) | |
73 | return 0; | |
74 | ||
75 | return 1; | |
76 | } | |
77 | ||
78 | static void *rsa_newdata(void *provctx) | |
79 | { | |
80 | OSSL_LIB_CTX *libctx = PROV_LIBCTX_OF(provctx); | |
81 | RSA *rsa; | |
82 | ||
83 | if (!ossl_prov_is_running()) | |
84 | return NULL; | |
85 | ||
86 | rsa = ossl_rsa_new_with_ctx(libctx); | |
87 | if (rsa != NULL) { | |
88 | RSA_clear_flags(rsa, RSA_FLAG_TYPE_MASK); | |
89 | RSA_set_flags(rsa, RSA_FLAG_TYPE_RSA); | |
90 | } | |
91 | return rsa; | |
92 | } | |
93 | ||
94 | static void *rsapss_newdata(void *provctx) | |
95 | { | |
96 | OSSL_LIB_CTX *libctx = PROV_LIBCTX_OF(provctx); | |
97 | RSA *rsa; | |
98 | ||
99 | if (!ossl_prov_is_running()) | |
100 | return NULL; | |
101 | ||
102 | rsa = ossl_rsa_new_with_ctx(libctx); | |
103 | if (rsa != NULL) { | |
104 | RSA_clear_flags(rsa, RSA_FLAG_TYPE_MASK); | |
105 | RSA_set_flags(rsa, RSA_FLAG_TYPE_RSASSAPSS); | |
106 | } | |
107 | return rsa; | |
108 | } | |
109 | ||
110 | static void rsa_freedata(void *keydata) | |
111 | { | |
112 | RSA_free(keydata); | |
113 | } | |
114 | ||
115 | static int rsa_has(const void *keydata, int selection) | |
116 | { | |
117 | const RSA *rsa = keydata; | |
118 | int ok = 1; | |
119 | ||
120 | if (rsa == NULL || !ossl_prov_is_running()) | |
121 | return 0; | |
122 | if ((selection & RSA_POSSIBLE_SELECTIONS) == 0) | |
123 | return 1; /* the selection is not missing */ | |
124 | ||
125 | /* OSSL_KEYMGMT_SELECT_OTHER_PARAMETERS are always available even if empty */ | |
126 | if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) | |
127 | ok = ok && (RSA_get0_n(rsa) != NULL); | |
128 | if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) | |
129 | ok = ok && (RSA_get0_e(rsa) != NULL); | |
130 | if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) | |
131 | ok = ok && (RSA_get0_d(rsa) != NULL); | |
132 | return ok; | |
133 | } | |
134 | ||
135 | static int rsa_match(const void *keydata1, const void *keydata2, int selection) | |
136 | { | |
137 | const RSA *rsa1 = keydata1; | |
138 | const RSA *rsa2 = keydata2; | |
139 | int ok = 1; | |
140 | ||
141 | if (!ossl_prov_is_running()) | |
142 | return 0; | |
143 | ||
144 | /* There is always an |e| */ | |
145 | ok = ok && BN_cmp(RSA_get0_e(rsa1), RSA_get0_e(rsa2)) == 0; | |
146 | if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) { | |
147 | int key_checked = 0; | |
148 | ||
149 | if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) { | |
150 | const BIGNUM *pa = RSA_get0_n(rsa1); | |
151 | const BIGNUM *pb = RSA_get0_n(rsa2); | |
152 | ||
153 | if (pa != NULL && pb != NULL) { | |
154 | ok = ok && BN_cmp(pa, pb) == 0; | |
155 | key_checked = 1; | |
156 | } | |
157 | } | |
158 | if (!key_checked | |
159 | && (selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) { | |
160 | const BIGNUM *pa = RSA_get0_d(rsa1); | |
161 | const BIGNUM *pb = RSA_get0_d(rsa2); | |
162 | ||
163 | if (pa != NULL && pb != NULL) { | |
164 | ok = ok && BN_cmp(pa, pb) == 0; | |
165 | key_checked = 1; | |
166 | } | |
167 | } | |
168 | ok = ok && key_checked; | |
169 | } | |
170 | return ok; | |
171 | } | |
172 | ||
173 | static int rsa_import(void *keydata, int selection, const OSSL_PARAM params[]) | |
174 | { | |
175 | RSA *rsa = keydata; | |
176 | int rsa_type; | |
177 | int ok = 1; | |
178 | int pss_defaults_set = 0; | |
179 | ||
180 | if (!ossl_prov_is_running() || rsa == NULL) | |
181 | return 0; | |
182 | ||
183 | if ((selection & RSA_POSSIBLE_SELECTIONS) == 0) | |
184 | return 0; | |
185 | ||
186 | rsa_type = RSA_test_flags(rsa, RSA_FLAG_TYPE_MASK); | |
187 | ||
188 | if ((selection & OSSL_KEYMGMT_SELECT_OTHER_PARAMETERS) != 0) | |
189 | ok = ok && pss_params_fromdata(ossl_rsa_get0_pss_params_30(rsa), | |
190 | &pss_defaults_set, | |
191 | params, rsa_type, | |
192 | ossl_rsa_get0_libctx(rsa)); | |
193 | if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) { | |
194 | int include_private = | |
195 | selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY ? 1 : 0; | |
196 | ||
197 | ok = ok && ossl_rsa_fromdata(rsa, params, include_private); | |
198 | } | |
199 | ||
200 | return ok; | |
201 | } | |
202 | ||
203 | static int rsa_export(void *keydata, int selection, | |
204 | OSSL_CALLBACK *param_callback, void *cbarg) | |
205 | { | |
206 | RSA *rsa = keydata; | |
207 | const RSA_PSS_PARAMS_30 *pss_params = ossl_rsa_get0_pss_params_30(rsa); | |
208 | OSSL_PARAM_BLD *tmpl; | |
209 | OSSL_PARAM *params = NULL; | |
210 | int ok = 1; | |
211 | ||
212 | if (!ossl_prov_is_running() || rsa == NULL) | |
213 | return 0; | |
214 | ||
215 | if ((selection & RSA_POSSIBLE_SELECTIONS) == 0) | |
216 | return 0; | |
217 | ||
218 | tmpl = OSSL_PARAM_BLD_new(); | |
219 | if (tmpl == NULL) | |
220 | return 0; | |
221 | ||
222 | if ((selection & OSSL_KEYMGMT_SELECT_OTHER_PARAMETERS) != 0) | |
223 | ok = ok && (ossl_rsa_pss_params_30_is_unrestricted(pss_params) | |
224 | || ossl_rsa_pss_params_30_todata(pss_params, tmpl, NULL)); | |
225 | if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) { | |
226 | int include_private = | |
227 | selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY ? 1 : 0; | |
228 | ||
229 | ok = ok && ossl_rsa_todata(rsa, tmpl, NULL, include_private); | |
230 | } | |
231 | ||
232 | if (!ok || (params = OSSL_PARAM_BLD_to_param(tmpl)) == NULL) { | |
233 | ok = 0; | |
234 | goto err; | |
235 | } | |
236 | ||
237 | ok = param_callback(params, cbarg); | |
238 | OSSL_PARAM_free(params); | |
239 | err: | |
240 | OSSL_PARAM_BLD_free(tmpl); | |
241 | return ok; | |
242 | } | |
243 | ||
244 | #ifdef FIPS_MODULE | |
245 | /* In fips mode there are no multi-primes. */ | |
246 | # define RSA_KEY_MP_TYPES() \ | |
247 | OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR1, NULL, 0), \ | |
248 | OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR2, NULL, 0), \ | |
249 | OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT1, NULL, 0), \ | |
250 | OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT2, NULL, 0), \ | |
251 | OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_COEFFICIENT1, NULL, 0), | |
252 | #else | |
253 | /* | |
254 | * We allow up to 10 prime factors (starting with p, q). | |
255 | * NOTE: there is only 9 OSSL_PKEY_PARAM_RSA_COEFFICIENT | |
256 | */ | |
257 | # define RSA_KEY_MP_TYPES() \ | |
258 | OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR1, NULL, 0), \ | |
259 | OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR2, NULL, 0), \ | |
260 | OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR3, NULL, 0), \ | |
261 | OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR4, NULL, 0), \ | |
262 | OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR5, NULL, 0), \ | |
263 | OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR6, NULL, 0), \ | |
264 | OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR7, NULL, 0), \ | |
265 | OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR8, NULL, 0), \ | |
266 | OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR9, NULL, 0), \ | |
267 | OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR10, NULL, 0), \ | |
268 | OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT1, NULL, 0), \ | |
269 | OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT2, NULL, 0), \ | |
270 | OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT3, NULL, 0), \ | |
271 | OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT4, NULL, 0), \ | |
272 | OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT5, NULL, 0), \ | |
273 | OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT6, NULL, 0), \ | |
274 | OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT7, NULL, 0), \ | |
275 | OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT8, NULL, 0), \ | |
276 | OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT9, NULL, 0), \ | |
277 | OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT10, NULL, 0), \ | |
278 | OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_COEFFICIENT1, NULL, 0), \ | |
279 | OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_COEFFICIENT2, NULL, 0), \ | |
280 | OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_COEFFICIENT3, NULL, 0), \ | |
281 | OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_COEFFICIENT4, NULL, 0), \ | |
282 | OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_COEFFICIENT5, NULL, 0), \ | |
283 | OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_COEFFICIENT6, NULL, 0), \ | |
284 | OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_COEFFICIENT7, NULL, 0), \ | |
285 | OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_COEFFICIENT8, NULL, 0), \ | |
286 | OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_COEFFICIENT9, NULL, 0), | |
287 | #endif | |
288 | ||
289 | #define RSA_KEY_TYPES() \ | |
290 | OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_N, NULL, 0), \ | |
291 | OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_E, NULL, 0), \ | |
292 | OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_D, NULL, 0), \ | |
293 | RSA_KEY_MP_TYPES() | |
294 | ||
295 | /* | |
296 | * This provider can export everything in an RSA key, so we use the exact | |
297 | * same type description for export as for import. Other providers might | |
298 | * choose to import full keys, but only export the public parts, and will | |
299 | * therefore have the importkey_types and importkey_types functions return | |
300 | * different arrays. | |
301 | */ | |
302 | static const OSSL_PARAM rsa_key_types[] = { | |
303 | RSA_KEY_TYPES() | |
304 | OSSL_PARAM_END | |
305 | }; | |
306 | /* | |
307 | * We lied about the amount of factors, exponents and coefficients, the | |
308 | * export and import functions can really deal with an infinite amount | |
309 | * of these numbers. However, RSA keys with too many primes are futile, | |
310 | * so we at least pretend to have some limits. | |
311 | */ | |
312 | ||
313 | static const OSSL_PARAM *rsa_imexport_types(int selection) | |
314 | { | |
315 | if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) | |
316 | return rsa_key_types; | |
317 | return NULL; | |
318 | } | |
319 | ||
320 | static const OSSL_PARAM *rsa_import_types(int selection) | |
321 | { | |
322 | return rsa_imexport_types(selection); | |
323 | } | |
324 | ||
325 | static const OSSL_PARAM *rsa_export_types(int selection) | |
326 | { | |
327 | return rsa_imexport_types(selection); | |
328 | } | |
329 | ||
330 | static int rsa_get_params(void *key, OSSL_PARAM params[]) | |
331 | { | |
332 | RSA *rsa = key; | |
333 | const RSA_PSS_PARAMS_30 *pss_params = ossl_rsa_get0_pss_params_30(rsa); | |
334 | int rsa_type = RSA_test_flags(rsa, RSA_FLAG_TYPE_MASK); | |
335 | OSSL_PARAM *p; | |
336 | int empty = RSA_get0_n(rsa) == NULL; | |
337 | ||
338 | if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_BITS)) != NULL | |
339 | && (empty || !OSSL_PARAM_set_int(p, RSA_bits(rsa)))) | |
340 | return 0; | |
341 | if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_SECURITY_BITS)) != NULL | |
342 | && (empty || !OSSL_PARAM_set_int(p, RSA_security_bits(rsa)))) | |
343 | return 0; | |
344 | if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_MAX_SIZE)) != NULL | |
345 | && (empty || !OSSL_PARAM_set_int(p, RSA_size(rsa)))) | |
346 | return 0; | |
347 | ||
348 | /* | |
349 | * For restricted RSA-PSS keys, we ignore the default digest request. | |
350 | * With RSA-OAEP keys, this may need to be amended. | |
351 | */ | |
352 | if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_DEFAULT_DIGEST)) != NULL | |
353 | && (rsa_type != RSA_FLAG_TYPE_RSASSAPSS | |
354 | || ossl_rsa_pss_params_30_is_unrestricted(pss_params))) { | |
355 | if (!OSSL_PARAM_set_utf8_string(p, RSA_DEFAULT_MD)) | |
356 | return 0; | |
357 | } | |
358 | ||
359 | /* | |
360 | * For non-RSA-PSS keys, we ignore the mandatory digest request. | |
361 | * With RSA-OAEP keys, this may need to be amended. | |
362 | */ | |
363 | if ((p = OSSL_PARAM_locate(params, | |
364 | OSSL_PKEY_PARAM_MANDATORY_DIGEST)) != NULL | |
365 | && rsa_type == RSA_FLAG_TYPE_RSASSAPSS | |
366 | && !ossl_rsa_pss_params_30_is_unrestricted(pss_params)) { | |
367 | const char *mdname = | |
368 | ossl_rsa_oaeppss_nid2name(ossl_rsa_pss_params_30_hashalg(pss_params)); | |
369 | ||
370 | if (mdname == NULL || !OSSL_PARAM_set_utf8_string(p, mdname)) | |
371 | return 0; | |
372 | } | |
373 | return (rsa_type != RSA_FLAG_TYPE_RSASSAPSS | |
374 | || ossl_rsa_pss_params_30_todata(pss_params, NULL, params)) | |
375 | && ossl_rsa_todata(rsa, NULL, params, 1); | |
376 | } | |
377 | ||
378 | static const OSSL_PARAM rsa_params[] = { | |
379 | OSSL_PARAM_int(OSSL_PKEY_PARAM_BITS, NULL), | |
380 | OSSL_PARAM_int(OSSL_PKEY_PARAM_SECURITY_BITS, NULL), | |
381 | OSSL_PARAM_int(OSSL_PKEY_PARAM_MAX_SIZE, NULL), | |
382 | OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_DEFAULT_DIGEST, NULL, 0), | |
383 | RSA_KEY_TYPES() | |
384 | OSSL_PARAM_END | |
385 | }; | |
386 | ||
387 | static const OSSL_PARAM *rsa_gettable_params(void *provctx) | |
388 | { | |
389 | return rsa_params; | |
390 | } | |
391 | ||
392 | static int rsa_validate(const void *keydata, int selection, int checktype) | |
393 | { | |
394 | const RSA *rsa = keydata; | |
395 | int ok = 1; | |
396 | ||
397 | if (!ossl_prov_is_running()) | |
398 | return 0; | |
399 | ||
400 | if ((selection & RSA_POSSIBLE_SELECTIONS) == 0) | |
401 | return 1; /* nothing to validate */ | |
402 | ||
403 | /* If the whole key is selected, we do a pairwise validation */ | |
404 | if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) | |
405 | == OSSL_KEYMGMT_SELECT_KEYPAIR) { | |
406 | ok = ok && ossl_rsa_validate_pairwise(rsa); | |
407 | } else { | |
408 | if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) | |
409 | ok = ok && ossl_rsa_validate_private(rsa); | |
410 | if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) | |
411 | ok = ok && ossl_rsa_validate_public(rsa); | |
412 | } | |
413 | return ok; | |
414 | } | |
415 | ||
416 | struct rsa_gen_ctx { | |
417 | OSSL_LIB_CTX *libctx; | |
418 | const char *propq; | |
419 | ||
420 | int rsa_type; | |
421 | ||
422 | size_t nbits; | |
423 | BIGNUM *pub_exp; | |
424 | size_t primes; | |
425 | ||
426 | /* For PSS */ | |
427 | RSA_PSS_PARAMS_30 pss_params; | |
428 | int pss_defaults_set; | |
429 | ||
430 | /* For generation callback */ | |
431 | OSSL_CALLBACK *cb; | |
432 | void *cbarg; | |
433 | ||
434 | #if defined(FIPS_MODULE) && !defined(OPENSSL_NO_ACVP_TESTS) | |
435 | /* ACVP test parameters */ | |
436 | OSSL_PARAM *acvp_test_params; | |
437 | #endif | |
438 | }; | |
439 | ||
440 | static int rsa_gencb(int p, int n, BN_GENCB *cb) | |
441 | { | |
442 | struct rsa_gen_ctx *gctx = BN_GENCB_get_arg(cb); | |
443 | OSSL_PARAM params[] = { OSSL_PARAM_END, OSSL_PARAM_END, OSSL_PARAM_END }; | |
444 | ||
445 | params[0] = OSSL_PARAM_construct_int(OSSL_GEN_PARAM_POTENTIAL, &p); | |
446 | params[1] = OSSL_PARAM_construct_int(OSSL_GEN_PARAM_ITERATION, &n); | |
447 | return gctx->cb(params, gctx->cbarg); | |
448 | } | |
449 | ||
450 | static void *gen_init(void *provctx, int selection, int rsa_type, | |
451 | const OSSL_PARAM params[]) | |
452 | { | |
453 | OSSL_LIB_CTX *libctx = PROV_LIBCTX_OF(provctx); | |
454 | struct rsa_gen_ctx *gctx = NULL; | |
455 | ||
456 | if (!ossl_prov_is_running()) | |
457 | return NULL; | |
458 | ||
459 | if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) == 0) | |
460 | return NULL; | |
461 | ||
462 | if ((gctx = OPENSSL_zalloc(sizeof(*gctx))) != NULL) { | |
463 | gctx->libctx = libctx; | |
464 | if ((gctx->pub_exp = BN_new()) == NULL | |
465 | || !BN_set_word(gctx->pub_exp, RSA_F4)) { | |
466 | goto err; | |
467 | } | |
468 | gctx->nbits = 2048; | |
469 | gctx->primes = RSA_DEFAULT_PRIME_NUM; | |
470 | gctx->rsa_type = rsa_type; | |
471 | } else { | |
472 | goto err; | |
473 | } | |
474 | ||
475 | if (!rsa_gen_set_params(gctx, params)) | |
476 | goto err; | |
477 | return gctx; | |
478 | ||
479 | err: | |
480 | if (gctx != NULL) | |
481 | BN_free(gctx->pub_exp); | |
482 | OPENSSL_free(gctx); | |
483 | return NULL; | |
484 | } | |
485 | ||
486 | static void *rsa_gen_init(void *provctx, int selection, | |
487 | const OSSL_PARAM params[]) | |
488 | { | |
489 | return gen_init(provctx, selection, RSA_FLAG_TYPE_RSA, params); | |
490 | } | |
491 | ||
492 | static void *rsapss_gen_init(void *provctx, int selection, | |
493 | const OSSL_PARAM params[]) | |
494 | { | |
495 | return gen_init(provctx, selection, RSA_FLAG_TYPE_RSASSAPSS, params); | |
496 | } | |
497 | ||
498 | /* | |
499 | * This function is common for all RSA sub-types, to detect possible | |
500 | * misuse, such as PSS parameters being passed when a plain RSA key | |
501 | * is generated. | |
502 | */ | |
503 | static int rsa_gen_set_params(void *genctx, const OSSL_PARAM params[]) | |
504 | { | |
505 | struct rsa_gen_ctx *gctx = genctx; | |
506 | const OSSL_PARAM *p; | |
507 | ||
508 | if (params == NULL) | |
509 | return 1; | |
510 | ||
511 | if ((p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_BITS)) != NULL) { | |
512 | if (!OSSL_PARAM_get_size_t(p, &gctx->nbits)) | |
513 | return 0; | |
514 | if (gctx->nbits < RSA_MIN_MODULUS_BITS) { | |
515 | ERR_raise(ERR_LIB_PROV, PROV_R_KEY_SIZE_TOO_SMALL); | |
516 | return 0; | |
517 | } | |
518 | } | |
519 | if ((p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_PRIMES)) != NULL | |
520 | && !OSSL_PARAM_get_size_t(p, &gctx->primes)) | |
521 | return 0; | |
522 | if ((p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_E)) != NULL | |
523 | && !OSSL_PARAM_get_BN(p, &gctx->pub_exp)) | |
524 | return 0; | |
525 | /* Only attempt to get PSS parameters when generating an RSA-PSS key */ | |
526 | if (gctx->rsa_type == RSA_FLAG_TYPE_RSASSAPSS | |
527 | && !pss_params_fromdata(&gctx->pss_params, &gctx->pss_defaults_set, params, | |
528 | gctx->rsa_type, gctx->libctx)) | |
529 | return 0; | |
530 | #if defined(FIPS_MODULE) && !defined(OPENSSL_NO_ACVP_TESTS) | |
531 | /* Any ACVP test related parameters are copied into a params[] */ | |
532 | if (!ossl_rsa_acvp_test_gen_params_new(&gctx->acvp_test_params, params)) | |
533 | return 0; | |
534 | #endif | |
535 | return 1; | |
536 | } | |
537 | ||
538 | #define rsa_gen_basic \ | |
539 | OSSL_PARAM_size_t(OSSL_PKEY_PARAM_RSA_BITS, NULL), \ | |
540 | OSSL_PARAM_size_t(OSSL_PKEY_PARAM_RSA_PRIMES, NULL), \ | |
541 | OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_E, NULL, 0) | |
542 | ||
543 | /* | |
544 | * The following must be kept in sync with ossl_rsa_pss_params_30_fromdata() | |
545 | * in crypto/rsa/rsa_backend.c | |
546 | */ | |
547 | #define rsa_gen_pss \ | |
548 | OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_RSA_DIGEST, NULL, 0), \ | |
549 | OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_RSA_DIGEST_PROPS, NULL, 0), \ | |
550 | OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_RSA_MASKGENFUNC, NULL, 0), \ | |
551 | OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_RSA_MGF1_DIGEST, NULL, 0), \ | |
552 | OSSL_PARAM_int(OSSL_PKEY_PARAM_RSA_PSS_SALTLEN, NULL) | |
553 | ||
554 | static const OSSL_PARAM *rsa_gen_settable_params(ossl_unused void *genctx, | |
555 | ossl_unused void *provctx) | |
556 | { | |
557 | static OSSL_PARAM settable[] = { | |
558 | rsa_gen_basic, | |
559 | OSSL_PARAM_END | |
560 | }; | |
561 | ||
562 | return settable; | |
563 | } | |
564 | ||
565 | static const OSSL_PARAM *rsapss_gen_settable_params(ossl_unused void *genctx, | |
566 | ossl_unused void *provctx) | |
567 | { | |
568 | static OSSL_PARAM settable[] = { | |
569 | rsa_gen_basic, | |
570 | rsa_gen_pss, | |
571 | OSSL_PARAM_END | |
572 | }; | |
573 | ||
574 | return settable; | |
575 | } | |
576 | ||
577 | static void *rsa_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg) | |
578 | { | |
579 | struct rsa_gen_ctx *gctx = genctx; | |
580 | RSA *rsa = NULL, *rsa_tmp = NULL; | |
581 | BN_GENCB *gencb = NULL; | |
582 | ||
583 | if (!ossl_prov_is_running() || gctx == NULL) | |
584 | return NULL; | |
585 | ||
586 | switch (gctx->rsa_type) { | |
587 | case RSA_FLAG_TYPE_RSA: | |
588 | /* For plain RSA keys, PSS parameters must not be set */ | |
589 | if (!ossl_rsa_pss_params_30_is_unrestricted(&gctx->pss_params)) | |
590 | goto err; | |
591 | break; | |
592 | case RSA_FLAG_TYPE_RSASSAPSS: | |
593 | /* | |
594 | * For plain RSA-PSS keys, PSS parameters may be set but don't have | |
595 | * to, so not check. | |
596 | */ | |
597 | break; | |
598 | default: | |
599 | /* Unsupported RSA key sub-type... */ | |
600 | return NULL; | |
601 | } | |
602 | ||
603 | if ((rsa_tmp = ossl_rsa_new_with_ctx(gctx->libctx)) == NULL) | |
604 | return NULL; | |
605 | ||
606 | gctx->cb = osslcb; | |
607 | gctx->cbarg = cbarg; | |
608 | gencb = BN_GENCB_new(); | |
609 | if (gencb != NULL) | |
610 | BN_GENCB_set(gencb, rsa_gencb, genctx); | |
611 | ||
612 | #if defined(FIPS_MODULE) && !defined(OPENSSL_NO_ACVP_TESTS) | |
613 | if (gctx->acvp_test_params != NULL) { | |
614 | if (!ossl_rsa_acvp_test_set_params(rsa_tmp, gctx->acvp_test_params)) | |
615 | goto err; | |
616 | } | |
617 | #endif | |
618 | ||
619 | if (!RSA_generate_multi_prime_key(rsa_tmp, | |
620 | (int)gctx->nbits, (int)gctx->primes, | |
621 | gctx->pub_exp, gencb)) | |
622 | goto err; | |
623 | ||
624 | if (!ossl_rsa_pss_params_30_copy(ossl_rsa_get0_pss_params_30(rsa_tmp), | |
625 | &gctx->pss_params)) | |
626 | goto err; | |
627 | ||
628 | RSA_clear_flags(rsa_tmp, RSA_FLAG_TYPE_MASK); | |
629 | RSA_set_flags(rsa_tmp, gctx->rsa_type); | |
630 | ||
631 | rsa = rsa_tmp; | |
632 | rsa_tmp = NULL; | |
633 | err: | |
634 | BN_GENCB_free(gencb); | |
635 | RSA_free(rsa_tmp); | |
636 | return rsa; | |
637 | } | |
638 | ||
639 | static void rsa_gen_cleanup(void *genctx) | |
640 | { | |
641 | struct rsa_gen_ctx *gctx = genctx; | |
642 | ||
643 | if (gctx == NULL) | |
644 | return; | |
645 | #if defined(FIPS_MODULE) && !defined(OPENSSL_NO_ACVP_TESTS) | |
646 | ossl_rsa_acvp_test_gen_params_free(gctx->acvp_test_params); | |
647 | gctx->acvp_test_params = NULL; | |
648 | #endif | |
649 | BN_clear_free(gctx->pub_exp); | |
650 | OPENSSL_free(gctx); | |
651 | } | |
652 | ||
653 | static void *common_load(const void *reference, size_t reference_sz, | |
654 | int expected_rsa_type) | |
655 | { | |
656 | RSA *rsa = NULL; | |
657 | ||
658 | if (ossl_prov_is_running() && reference_sz == sizeof(rsa)) { | |
659 | /* The contents of the reference is the address to our object */ | |
660 | rsa = *(RSA **)reference; | |
661 | ||
662 | if (RSA_test_flags(rsa, RSA_FLAG_TYPE_MASK) != expected_rsa_type) | |
663 | return NULL; | |
664 | ||
665 | /* We grabbed, so we detach it */ | |
666 | *(RSA **)reference = NULL; | |
667 | return rsa; | |
668 | } | |
669 | return NULL; | |
670 | } | |
671 | ||
672 | static void *rsa_load(const void *reference, size_t reference_sz) | |
673 | { | |
674 | return common_load(reference, reference_sz, RSA_FLAG_TYPE_RSA); | |
675 | } | |
676 | ||
677 | static void *rsapss_load(const void *reference, size_t reference_sz) | |
678 | { | |
679 | return common_load(reference, reference_sz, RSA_FLAG_TYPE_RSASSAPSS); | |
680 | } | |
681 | ||
682 | static void *rsa_dup(const void *keydata_from, int selection) | |
683 | { | |
684 | if (ossl_prov_is_running() | |
685 | /* do not allow creating empty keys by duplication */ | |
686 | && (selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) | |
687 | return ossl_rsa_dup(keydata_from, selection); | |
688 | return NULL; | |
689 | } | |
690 | ||
691 | /* For any RSA key, we use the "RSA" algorithms regardless of sub-type. */ | |
692 | static const char *rsa_query_operation_name(int operation_id) | |
693 | { | |
694 | return "RSA"; | |
695 | } | |
696 | ||
697 | const OSSL_DISPATCH ossl_rsa_keymgmt_functions[] = { | |
698 | { OSSL_FUNC_KEYMGMT_NEW, (void (*)(void))rsa_newdata }, | |
699 | { OSSL_FUNC_KEYMGMT_GEN_INIT, (void (*)(void))rsa_gen_init }, | |
700 | { OSSL_FUNC_KEYMGMT_GEN_SET_PARAMS, | |
701 | (void (*)(void))rsa_gen_set_params }, | |
702 | { OSSL_FUNC_KEYMGMT_GEN_SETTABLE_PARAMS, | |
703 | (void (*)(void))rsa_gen_settable_params }, | |
704 | { OSSL_FUNC_KEYMGMT_GEN, (void (*)(void))rsa_gen }, | |
705 | { OSSL_FUNC_KEYMGMT_GEN_CLEANUP, (void (*)(void))rsa_gen_cleanup }, | |
706 | { OSSL_FUNC_KEYMGMT_LOAD, (void (*)(void))rsa_load }, | |
707 | { OSSL_FUNC_KEYMGMT_FREE, (void (*)(void))rsa_freedata }, | |
708 | { OSSL_FUNC_KEYMGMT_GET_PARAMS, (void (*) (void))rsa_get_params }, | |
709 | { OSSL_FUNC_KEYMGMT_GETTABLE_PARAMS, (void (*) (void))rsa_gettable_params }, | |
710 | { OSSL_FUNC_KEYMGMT_HAS, (void (*)(void))rsa_has }, | |
711 | { OSSL_FUNC_KEYMGMT_MATCH, (void (*)(void))rsa_match }, | |
712 | { OSSL_FUNC_KEYMGMT_VALIDATE, (void (*)(void))rsa_validate }, | |
713 | { OSSL_FUNC_KEYMGMT_IMPORT, (void (*)(void))rsa_import }, | |
714 | { OSSL_FUNC_KEYMGMT_IMPORT_TYPES, (void (*)(void))rsa_import_types }, | |
715 | { OSSL_FUNC_KEYMGMT_EXPORT, (void (*)(void))rsa_export }, | |
716 | { OSSL_FUNC_KEYMGMT_EXPORT_TYPES, (void (*)(void))rsa_export_types }, | |
717 | { OSSL_FUNC_KEYMGMT_DUP, (void (*)(void))rsa_dup }, | |
718 | OSSL_DISPATCH_END | |
719 | }; | |
720 | ||
721 | const OSSL_DISPATCH ossl_rsapss_keymgmt_functions[] = { | |
722 | { OSSL_FUNC_KEYMGMT_NEW, (void (*)(void))rsapss_newdata }, | |
723 | { OSSL_FUNC_KEYMGMT_GEN_INIT, (void (*)(void))rsapss_gen_init }, | |
724 | { OSSL_FUNC_KEYMGMT_GEN_SET_PARAMS, (void (*)(void))rsa_gen_set_params }, | |
725 | { OSSL_FUNC_KEYMGMT_GEN_SETTABLE_PARAMS, | |
726 | (void (*)(void))rsapss_gen_settable_params }, | |
727 | { OSSL_FUNC_KEYMGMT_GEN, (void (*)(void))rsa_gen }, | |
728 | { OSSL_FUNC_KEYMGMT_GEN_CLEANUP, (void (*)(void))rsa_gen_cleanup }, | |
729 | { OSSL_FUNC_KEYMGMT_LOAD, (void (*)(void))rsapss_load }, | |
730 | { OSSL_FUNC_KEYMGMT_FREE, (void (*)(void))rsa_freedata }, | |
731 | { OSSL_FUNC_KEYMGMT_GET_PARAMS, (void (*) (void))rsa_get_params }, | |
732 | { OSSL_FUNC_KEYMGMT_GETTABLE_PARAMS, (void (*) (void))rsa_gettable_params }, | |
733 | { OSSL_FUNC_KEYMGMT_HAS, (void (*)(void))rsa_has }, | |
734 | { OSSL_FUNC_KEYMGMT_MATCH, (void (*)(void))rsa_match }, | |
735 | { OSSL_FUNC_KEYMGMT_VALIDATE, (void (*)(void))rsa_validate }, | |
736 | { OSSL_FUNC_KEYMGMT_IMPORT, (void (*)(void))rsa_import }, | |
737 | { OSSL_FUNC_KEYMGMT_IMPORT_TYPES, (void (*)(void))rsa_import_types }, | |
738 | { OSSL_FUNC_KEYMGMT_EXPORT, (void (*)(void))rsa_export }, | |
739 | { OSSL_FUNC_KEYMGMT_EXPORT_TYPES, (void (*)(void))rsa_export_types }, | |
740 | { OSSL_FUNC_KEYMGMT_QUERY_OPERATION_NAME, | |
741 | (void (*)(void))rsa_query_operation_name }, | |
742 | { OSSL_FUNC_KEYMGMT_DUP, (void (*)(void))rsa_dup }, | |
743 | OSSL_DISPATCH_END | |
744 | }; |