]> git.ipfire.org Git - thirdparty/openssl.git/blob - crypto/rsa/rsa_pmeth.c
projects / thirdparty / openssl.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Use more flexible method of determining output length, by setting &outlen
[thirdparty/openssl.git] / crypto / rsa / rsa_pmeth.c
1 /* crypto/rsa/rsa_pmeth.c */
2 /* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 2006.
4 */
5 /* ====================================================================
6 * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59 #include <stdio.h>
60 #include "cryptlib.h"
61 #include <openssl/asn1t.h>
62 #include <openssl/x509.h>
63 #include <openssl/rsa.h>
64 #include <openssl/evp.h>
65 #include "evp_locl.h"
66
67 extern int int_rsa_verify(int dtype, const unsigned char *m, unsigned int m_len,
68 unsigned char *rm, unsigned int *prm_len,
69 const unsigned char *sigbuf, unsigned int siglen,
70 RSA *rsa);
71
72 /* RSA pkey context structure */
73
74 typedef struct
75 {
76 /* Key gen parameters */
77 int nbits;
78 BIGNUM *pub_exp;
79 /* Keygen callback info */
80 int gentmp[2];
81 /* RSA padding mode */
82 int pad_mode;
83 /* message digest */
84 const EVP_MD *md;
85 /* PSS/OAEP salt length */
86 int saltlen;
87 /* Temp buffer */
88 unsigned char *tbuf;
89 } RSA_PKEY_CTX;
90
91 static int pkey_rsa_init(EVP_PKEY_CTX *ctx)
92 {
93 RSA_PKEY_CTX *rctx;
94 rctx = OPENSSL_malloc(sizeof(RSA_PKEY_CTX));
95 if (!rctx)
96 return 0;
97 rctx->nbits = 1024;
98 rctx->pub_exp = NULL;
99 rctx->pad_mode = RSA_PKCS1_PADDING;
100 rctx->md = NULL;
101 rctx->tbuf = NULL;
102
103 rctx->saltlen = -2;
104
105 ctx->data = rctx;
106 ctx->keygen_info = rctx->gentmp;
107 ctx->keygen_info_count = 2;
108
109 return 1;
110 }
111
112 static int setup_tbuf(RSA_PKEY_CTX *ctx, EVP_PKEY_CTX *pk)
113 {
114 if (ctx->tbuf)
115 return 1;
116 ctx->tbuf = OPENSSL_malloc(EVP_PKEY_size(pk->pkey));
117 if (!ctx->tbuf)
118 return 0;
119 return 1;
120 }
121
122 static void pkey_rsa_cleanup(EVP_PKEY_CTX *ctx)
123 {
124 RSA_PKEY_CTX *rctx = ctx->data;
125 if (rctx)
126 {
127 if (rctx->pub_exp)
128 BN_free(rctx->pub_exp);
129 if (rctx->tbuf)
130 OPENSSL_free(rctx->tbuf);
131 OPENSSL_free(rctx);
132 }
133 }
134
135 static int pkey_rsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, int *siglen,
136 const unsigned char *tbs, int tbslen)
137 {
138 int ret;
139 RSA_PKEY_CTX *rctx = ctx->data;
140 RSA *rsa = ctx->pkey->pkey.rsa;
141
142 if (rctx->md)
143 {
144 if (tbslen != EVP_MD_size(rctx->md))
145 {
146 RSAerr(RSA_F_PKEY_RSA_SIGN,
147 RSA_R_INVALID_DIGEST_LENGTH);
148 return -1;
149 }
150 if (rctx->pad_mode == RSA_X931_PADDING)
151 {
152 if (!setup_tbuf(rctx, ctx))
153 return -1;
154 memcpy(rctx->tbuf, tbs, tbslen);
155 rctx->tbuf[tbslen] =
156 RSA_X931_hash_id(EVP_MD_type(rctx->md));
157 ret = RSA_private_encrypt(tbslen + 1, rctx->tbuf,
158 sig, rsa, RSA_X931_PADDING);
159 }
160 else if (rctx->pad_mode == RSA_PKCS1_PADDING)
161 {
162 unsigned int sltmp;
163 ret = RSA_sign(EVP_MD_type(rctx->md),
164 tbs, tbslen, sig, &sltmp, rsa);
165 if (ret <= 0)
166 return ret;
167 ret = sltmp;
168 }
169 else if (rctx->pad_mode == RSA_PKCS1_PSS_PADDING)
170 {
171 if (!setup_tbuf(rctx, ctx))
172 return -1;
173 if (!RSA_padding_add_PKCS1_PSS(rsa, rctx->tbuf, tbs,
174 rctx->md, rctx->saltlen))
175 return -1;
176 ret = RSA_private_encrypt(RSA_size(rsa), rctx->tbuf,
177 sig, rsa, RSA_NO_PADDING);
178 }
179 else
180 return -1;
181 }
182 else
183 ret = RSA_private_encrypt(tbslen, tbs, sig, ctx->pkey->pkey.rsa,
184 rctx->pad_mode);
185 if (ret < 0)
186 return ret;
187 *siglen = ret;
188 return 1;
189 }
190
191
192 static int pkey_rsa_verifyrecover(EVP_PKEY_CTX *ctx,
193 unsigned char *rout, int *routlen,
194 const unsigned char *sig, int siglen)
195 {
196 int ret;
197 RSA_PKEY_CTX *rctx = ctx->data;
198
199 if (rctx->md)
200 {
201 if (rctx->pad_mode == RSA_X931_PADDING)
202 {
203 if (!setup_tbuf(rctx, ctx))
204 return -1;
205 ret = RSA_public_decrypt(siglen, sig,
206 rctx->tbuf, ctx->pkey->pkey.rsa,
207 RSA_X931_PADDING);
208 if (ret < 1)
209 return 0;
210 ret--;
211 if (rctx->tbuf[ret] !=
212 RSA_X931_hash_id(EVP_MD_type(rctx->md)))
213 {
214 RSAerr(RSA_F_PKEY_RSA_VERIFYRECOVER,
215 RSA_R_ALGORITHM_MISMATCH);
216 return 0;
217 }
218 if (ret != EVP_MD_size(rctx->md))
219 {
220 RSAerr(RSA_F_PKEY_RSA_VERIFYRECOVER,
221 RSA_R_INVALID_DIGEST_LENGTH);
222 return 0;
223 }
224 if (rout)
225 memcpy(rout, rctx->tbuf, ret);
226 }
227 else if (rctx->pad_mode == RSA_PKCS1_PADDING)
228 {
229 unsigned int sltmp;
230 ret = int_rsa_verify(EVP_MD_type(rctx->md),
231 NULL, 0, rout, &sltmp,
232 sig, siglen, ctx->pkey->pkey.rsa);
233 ret = sltmp;
234 }
235 else
236 return -1;
237 }
238 else
239 ret = RSA_public_decrypt(siglen, sig, rout, ctx->pkey->pkey.rsa,
240 rctx->pad_mode);
241 if (ret < 0)
242 return ret;
243 *routlen = ret;
244 return 1;
245 }
246
247 static int pkey_rsa_verify(EVP_PKEY_CTX *ctx,
248 const unsigned char *sig, int siglen,
249 const unsigned char *tbs, int tbslen)
250 {
251 RSA_PKEY_CTX *rctx = ctx->data;
252 RSA *rsa = ctx->pkey->pkey.rsa;
253 int rslen;
254 if (rctx->md)
255 {
256 if (rctx->pad_mode == RSA_PKCS1_PADDING)
257 return RSA_verify(EVP_MD_type(rctx->md), tbs, tbslen,
258 sig, siglen, rsa);
259 if (rctx->pad_mode == RSA_X931_PADDING)
260 {
261 if (pkey_rsa_verifyrecover(ctx, NULL, &rslen,
262 sig, siglen) <= 0)
263 return 0;
264 }
265 else if (rctx->pad_mode == RSA_PKCS1_PSS_PADDING)
266 {
267 int ret;
268 if (!setup_tbuf(rctx, ctx))
269 return -1;
270 ret = RSA_public_decrypt(siglen, sig, rctx->tbuf,
271 rsa, RSA_NO_PADDING);
272 if (ret <= 0)
273 return 0;
274 ret = RSA_verify_PKCS1_PSS(rsa, tbs, rctx->md,
275 rctx->tbuf, rctx->saltlen);
276 if (ret <= 0)
277 return 0;
278 return 1;
279 }
280 else
281 return -1;
282 }
283 else
284 {
285 if (!setup_tbuf(rctx, ctx))
286 return -1;
287 rslen = RSA_public_decrypt(siglen, sig, rctx->tbuf,
288 rsa, rctx->pad_mode);
289 if (rslen <= 0)
290 return 0;
291 }
292
293 if ((rslen != tbslen) || memcmp(tbs, rctx->tbuf, rslen))
294 return 0;
295
296 return 1;
297
298 }
299
300
301 static int pkey_rsa_encrypt(EVP_PKEY_CTX *ctx, unsigned char *out, int *outlen,
302 const unsigned char *in, int inlen)
303 {
304 int ret;
305 RSA_PKEY_CTX *rctx = ctx->data;
306 ret = RSA_public_encrypt(inlen, in, out, ctx->pkey->pkey.rsa,
307 rctx->pad_mode);
308 if (ret < 0)
309 return ret;
310 *outlen = ret;
311 return 1;
312 }
313
314 static int pkey_rsa_decrypt(EVP_PKEY_CTX *ctx, unsigned char *out, int *outlen,
315 const unsigned char *in, int inlen)
316 {
317 int ret;
318 RSA_PKEY_CTX *rctx = ctx->data;
319 ret = RSA_private_decrypt(inlen, in, out, ctx->pkey->pkey.rsa,
320 rctx->pad_mode);
321 if (ret < 0)
322 return ret;
323 *outlen = ret;
324 return 1;
325 }
326
327 static int check_padding_md(const EVP_MD *md, int padding)
328 {
329 if (!md)
330 return 1;
331
332 if (padding == RSA_NO_PADDING)
333 {
334 RSAerr(RSA_F_CHECK_PADDING_MD, RSA_R_INVALID_PADDING_MODE);
335 return 0;
336 }
337
338 if (padding == RSA_X931_PADDING)
339 {
340 if (RSA_X931_hash_id(EVP_MD_type(md)) == -1)
341 {
342 RSAerr(RSA_F_CHECK_PADDING_MD,
343 RSA_R_INVALID_X931_DIGEST);
344 return 0;
345 }
346 return 1;
347 }
348
349 return 1;
350 }
351
352
353 static int pkey_rsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
354 {
355 RSA_PKEY_CTX *rctx = ctx->data;
356 switch (type)
357 {
358 case EVP_PKEY_CTRL_RSA_PADDING:
359 if ((p1 >= RSA_PKCS1_PADDING) && (p1 <= RSA_PKCS1_PSS_PADDING))
360 {
361 if (!check_padding_md(rctx->md, p1))
362 return 0;
363 if (p1 == RSA_PKCS1_PSS_PADDING)
364 {
365 if (ctx->operation == EVP_PKEY_OP_VERIFYRECOVER)
366 return -2;
367 if (!rctx->md)
368 rctx->md = EVP_sha1();
369 }
370 if (p1 == RSA_PKCS1_OAEP_PADDING)
371 {
372 if (!(ctx->operation & EVP_PKEY_OP_TYPE_CRYPT))
373 return -2;
374 if (!rctx->md)
375 rctx->md = EVP_sha1();
376 }
377 rctx->pad_mode = p1;
378 return 1;
379 }
380 return -2;
381
382 case EVP_PKEY_CTRL_RSA_PSS_SALTLEN:
383 if (p1 < -2)
384 return -2;
385 if (rctx->pad_mode != RSA_PKCS1_PSS_PADDING)
386 return -2;
387 rctx->saltlen = p1;
388 return 1;
389
390 case EVP_PKEY_CTRL_RSA_KEYGEN_BITS:
391 if (p1 < 256)
392 return -2;
393 rctx->nbits = p1;
394 return 1;
395
396 case EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP:
397 if (!p2)
398 return -2;
399 rctx->pub_exp = p2;
400 return 1;
401
402 case EVP_PKEY_CTRL_MD:
403 if (!check_padding_md(p2, rctx->pad_mode))
404 return 0;
405 rctx->md = p2;
406 return 1;
407
408 default:
409 return -2;
410
411 }
412 }
413
414 static int pkey_rsa_ctrl_str(EVP_PKEY_CTX *ctx,
415 const char *type, const char *value)
416 {
417 if (!strcmp(type, "rsa_padding_mode"))
418 {
419 int pm;
420 if (!value)
421 return 0;
422 if (!strcmp(value, "pkcs1"))
423 pm = RSA_PKCS1_PADDING;
424 else if (!strcmp(value, "sslv23"))
425 pm = RSA_SSLV23_PADDING;
426 else if (!strcmp(value, "none"))
427 pm = RSA_NO_PADDING;
428 else if (!strcmp(value, "oeap"))
429 pm = RSA_PKCS1_OAEP_PADDING;
430 else if (!strcmp(value, "x931"))
431 pm = RSA_X931_PADDING;
432 else if (!strcmp(value, "pss"))
433 pm = RSA_PKCS1_PSS_PADDING;
434 else
435 return -2;
436 return EVP_PKEY_CTX_set_rsa_padding(ctx, pm);
437 }
438
439 if (!strcmp(type, "rsa_pss_saltlen"))
440 {
441 int saltlen;
442 saltlen = atoi(value);
443 return EVP_PKEY_CTX_set_rsa_pss_saltlen(ctx, saltlen);
444 }
445
446 if (!strcmp(type, "rsa_keygen_bits"))
447 {
448 int nbits;
449 nbits = atoi(value);
450 return EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, nbits);
451 }
452
453 if (!strcmp(type, "rsa_keygen_pubexp"))
454 {
455 int ret;
456 BIGNUM *pubexp = NULL;
457 if (!BN_asc2bn(&pubexp, value))
458 return 0;
459 ret = EVP_PKEY_CTX_set_rsa_keygen_pubexp(ctx, pubexp);
460 if (ret <= 0)
461 BN_free(pubexp);
462 return ret;
463 }
464
465 return -2;
466 }
467
468 static int pkey_rsa_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
469 {
470 RSA *rsa = NULL;
471 RSA_PKEY_CTX *rctx = ctx->data;
472 BN_GENCB *pcb, cb;
473 int ret;
474 if (!rctx->pub_exp)
475 {
476 rctx->pub_exp = BN_new();
477 if (!rctx->pub_exp || !BN_set_word(rctx->pub_exp, RSA_F4))
478 return 0;
479 }
480 rsa = RSA_new();
481 if (!rsa)
482 return 0;
483 if (ctx->pkey_gencb)
484 {
485 pcb = &cb;
486 evp_pkey_set_cb_translate(pcb, ctx);
487 }
488 else
489 pcb = NULL;
490 ret = RSA_generate_key_ex(rsa, rctx->nbits, rctx->pub_exp, pcb);
491 if (ret > 0)
492 EVP_PKEY_assign_RSA(pkey, rsa);
493 else
494 RSA_free(rsa);
495 return ret;
496 }
497
498 const EVP_PKEY_METHOD rsa_pkey_meth =
499 {
500 EVP_PKEY_RSA,
501 EVP_PKEY_FLAG_AUTOARGLEN,
502 pkey_rsa_init,
503 pkey_rsa_cleanup,
504
505 0,0,
506
507 0,
508 pkey_rsa_keygen,
509
510 0,
511 pkey_rsa_sign,
512
513 0,
514 pkey_rsa_verify,
515
516 0,
517 pkey_rsa_verifyrecover,
518
519
520 0,0,0,0,
521
522 0,
523 pkey_rsa_encrypt,
524
525 0,
526 pkey_rsa_decrypt,
527
528 0,0,
529
530 pkey_rsa_ctrl,
531 pkey_rsa_ctrl_str
532
533
534 };
A mirror of the official openssl repository