2 * Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
11 * RSA low level APIs are deprecated for public use, but still ok for
14 #include "internal/deprecated.h"
16 #include "internal/packet.h"
17 #include "crypto/rsa.h" /* rsa_get0_all_params() */
18 #include "prov/bio.h" /* ossl_prov_bio_printf() */
19 #include "prov/der_rsa.h" /* DER_w_RSASSA_PSS_params() */
20 #include "prov/implementations.h" /* rsa_keymgmt_functions */
21 #include "encoder_local.h"
23 DEFINE_SPECIAL_STACK_OF_CONST(BIGNUM_const
, BIGNUM
)
25 OSSL_FUNC_keymgmt_new_fn
*ossl_prov_get_keymgmt_rsa_new(void)
27 return ossl_prov_get_keymgmt_new(rsa_keymgmt_functions
);
30 OSSL_FUNC_keymgmt_new_fn
*ossl_prov_get_keymgmt_rsapss_new(void)
32 return ossl_prov_get_keymgmt_new(rsapss_keymgmt_functions
);
35 OSSL_FUNC_keymgmt_free_fn
*ossl_prov_get_keymgmt_rsa_free(void)
37 return ossl_prov_get_keymgmt_free(rsa_keymgmt_functions
);
40 OSSL_FUNC_keymgmt_import_fn
*ossl_prov_get_keymgmt_rsa_import(void)
42 return ossl_prov_get_keymgmt_import(rsa_keymgmt_functions
);
45 OSSL_FUNC_keymgmt_export_fn
*ossl_prov_get_keymgmt_rsa_export(void)
47 return ossl_prov_get_keymgmt_export(rsa_keymgmt_functions
);
50 OSSL_FUNC_keymgmt_export_fn
*ossl_prov_get_keymgmt_rsapss_export(void)
52 return ossl_prov_get_keymgmt_export(rsapss_keymgmt_functions
);
55 int ossl_prov_print_rsa(BIO
*out
, RSA
*rsa
, int priv
)
57 const char *modulus_label
;
58 const char *exponent_label
;
59 const BIGNUM
*rsa_d
= NULL
, *rsa_n
= NULL
, *rsa_e
= NULL
;
60 STACK_OF(BIGNUM_const
) *factors
= sk_BIGNUM_const_new_null();
61 STACK_OF(BIGNUM_const
) *exps
= sk_BIGNUM_const_new_null();
62 STACK_OF(BIGNUM_const
) *coeffs
= sk_BIGNUM_const_new_null();
63 RSA_PSS_PARAMS_30
*pss_params
= rsa_get0_pss_params_30(rsa
);
66 if (rsa
== NULL
|| factors
== NULL
|| exps
== NULL
|| coeffs
== NULL
)
69 RSA_get0_key(rsa
, &rsa_n
, &rsa_e
, &rsa_d
);
70 rsa_get0_all_params(rsa
, factors
, exps
, coeffs
);
72 if (priv
&& rsa_d
!= NULL
) {
73 if (BIO_printf(out
, "Private-Key: (%d bit, %d primes)\n",
75 sk_BIGNUM_const_num(factors
)) <= 0)
77 modulus_label
= "modulus:";
78 exponent_label
= "publicExponent:";
80 if (BIO_printf(out
, "Public-Key: (%d bit)\n", BN_num_bits(rsa_n
)) <= 0)
82 modulus_label
= "Modulus:";
83 exponent_label
= "Exponent:";
85 if (!ossl_prov_print_labeled_bignum(out
, modulus_label
, rsa_n
))
87 if (!ossl_prov_print_labeled_bignum(out
, exponent_label
, rsa_e
))
92 if (!ossl_prov_print_labeled_bignum(out
, "privateExponent:", rsa_d
))
94 if (!ossl_prov_print_labeled_bignum(out
, "prime1:",
95 sk_BIGNUM_const_value(factors
, 0)))
97 if (!ossl_prov_print_labeled_bignum(out
, "prime2:",
98 sk_BIGNUM_const_value(factors
, 1)))
100 if (!ossl_prov_print_labeled_bignum(out
, "exponent1:",
101 sk_BIGNUM_const_value(exps
, 0)))
103 if (!ossl_prov_print_labeled_bignum(out
, "exponent2:",
104 sk_BIGNUM_const_value(exps
, 1)))
106 if (!ossl_prov_print_labeled_bignum(out
, "coefficient:",
107 sk_BIGNUM_const_value(coeffs
, 0)))
109 for (i
= 2; i
< sk_BIGNUM_const_num(factors
); i
++) {
110 if (BIO_printf(out
, "prime%d:", i
+ 1) <= 0)
112 if (!ossl_prov_print_labeled_bignum(out
, NULL
,
113 sk_BIGNUM_const_value(factors
,
116 if (BIO_printf(out
, "exponent%d:", i
+ 1) <= 0)
118 if (!ossl_prov_print_labeled_bignum(out
, NULL
,
119 sk_BIGNUM_const_value(exps
, i
)))
121 if (BIO_printf(out
, "coefficient%d:", i
+ 1) <= 0)
123 if (!ossl_prov_print_labeled_bignum(out
, NULL
,
124 sk_BIGNUM_const_value(coeffs
,
130 switch (RSA_test_flags(rsa
, RSA_FLAG_TYPE_MASK
)) {
131 case RSA_FLAG_TYPE_RSA
:
132 if (!rsa_pss_params_30_is_unrestricted(pss_params
)) {
133 if (BIO_printf(out
, "(INVALID PSS PARAMETERS)\n") <= 0)
137 case RSA_FLAG_TYPE_RSASSAPSS
:
138 if (rsa_pss_params_30_is_unrestricted(pss_params
)) {
139 if (BIO_printf(out
, "No PSS parameter restrictions\n") <= 0)
142 int hashalg_nid
= rsa_pss_params_30_hashalg(pss_params
);
143 int maskgenalg_nid
= rsa_pss_params_30_maskgenalg(pss_params
);
144 int maskgenhashalg_nid
=
145 rsa_pss_params_30_maskgenhashalg(pss_params
);
146 int saltlen
= rsa_pss_params_30_saltlen(pss_params
);
147 int trailerfield
= rsa_pss_params_30_trailerfield(pss_params
);
149 if (BIO_printf(out
, "PSS parameter restrictions:\n") <= 0)
151 if (BIO_printf(out
, " Hash Algorithm: %s%s\n",
152 rsa_oaeppss_nid2name(hashalg_nid
),
153 (hashalg_nid
== NID_sha1
154 ? " (default)" : "")) <= 0)
156 if (BIO_printf(out
, " Mask Algorithm: %s with %s%s\n",
157 rsa_mgf_nid2name(maskgenalg_nid
),
158 rsa_oaeppss_nid2name(maskgenhashalg_nid
),
159 (maskgenalg_nid
== NID_mgf1
160 && maskgenhashalg_nid
== NID_sha1
161 ? " (default)" : "")) <= 0)
163 if (BIO_printf(out
, " Minimum Salt Length: %d%s\n",
165 (saltlen
== 20 ? " (default)" : "")) <= 0)
168 * TODO(3.0) Should we show the ASN.1 trailerField value, or
169 * the actual trailerfield byte (i.e. 0xBC for 1)?
170 * crypto/rsa/rsa_ameth.c isn't very clear on that, as it
171 * does display 0xBC when the default applies, but the ASN.1
172 * trailerField value otherwise...
174 if (BIO_printf(out
, " Trailer Field: 0x%x%s\n",
176 (trailerfield
== 1 ? " (default)" : ""))
185 sk_BIGNUM_const_free(factors
);
186 sk_BIGNUM_const_free(exps
);
187 sk_BIGNUM_const_free(coeffs
);
192 * Helper functions to prepare RSA-PSS params for encoding. We would
193 * have simply written the whole AlgorithmIdentifier, but existing libcrypto
194 * functionality doesn't allow that.
197 int ossl_prov_prepare_rsa_params(const void *rsa
, int nid
,
198 void **pstr
, int *pstrtype
)
200 const RSA_PSS_PARAMS_30
*pss
= rsa_get0_pss_params_30((RSA
*)rsa
);
204 switch (RSA_test_flags(rsa
, RSA_FLAG_TYPE_MASK
)) {
205 case RSA_FLAG_TYPE_RSA
:
206 /* If plain RSA, the parameters shall be NULL */
207 *pstrtype
= V_ASN1_NULL
;
209 case RSA_FLAG_TYPE_RSASSAPSS
:
210 if (rsa_pss_params_30_is_unrestricted(pss
)) {
211 *pstrtype
= V_ASN1_UNDEF
;
214 ASN1_STRING
*astr
= NULL
;
216 unsigned char *str
= NULL
;
220 for (i
= 0; i
< 2; i
++) {
223 if (!WPACKET_init_null_der(&pkt
))
227 if ((str
= OPENSSL_malloc(str_sz
)) == NULL
228 || !WPACKET_init_der(&pkt
, str
, str_sz
)) {
233 if (!DER_w_RSASSA_PSS_params(&pkt
, -1, pss
)
234 || !WPACKET_finish(&pkt
)
235 || !WPACKET_get_total_written(&pkt
, &str_sz
))
237 WPACKET_cleanup(&pkt
);
240 * If no PSS parameters are going to be written, there's no
241 * point going for another iteration.
242 * This saves us from getting |str| allocated just to have it
243 * immediately de-allocated.
249 if ((astr
= ASN1_STRING_new()) == NULL
)
251 *pstrtype
= V_ASN1_SEQUENCE
;
252 ASN1_STRING_set0(astr
, str
, (int)str_sz
);
262 /* Currently unsupported RSA key type */
266 int ossl_prov_rsa_type_to_evp(const RSA
*rsa
)
268 switch (RSA_test_flags(rsa
, RSA_FLAG_TYPE_MASK
)) {
269 case RSA_FLAG_TYPE_RSA
:
271 case RSA_FLAG_TYPE_RSASSAPSS
:
272 return EVP_PKEY_RSA_PSS
;
275 /* Currently unsupported RSA key type */
276 return EVP_PKEY_NONE
;