/src/openssl/providers/implementations/keymgmt/rsa_kmgmt.c
Line | Count | Source |
1 | | /* |
2 | | * Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved. |
3 | | * |
4 | | * Licensed under the Apache License 2.0 (the "License"). You may not use |
5 | | * this file except in compliance with the License. You can obtain a copy |
6 | | * in the file LICENSE in the source distribution or at |
7 | | * https://www.openssl.org/source/license.html |
8 | | */ |
9 | | |
10 | | /* |
11 | | * RSA low level APIs are deprecated for public use, but still ok for |
12 | | * internal use. |
13 | | */ |
14 | | #include "internal/deprecated.h" |
15 | | |
16 | | #include <openssl/core_dispatch.h> |
17 | | #include <openssl/core_names.h> |
18 | | #include <openssl/bn.h> |
19 | | #include <openssl/err.h> |
20 | | #include <openssl/rsa.h> |
21 | | #include <openssl/evp.h> |
22 | | #include <openssl/proverr.h> |
23 | | #include "prov/implementations.h" |
24 | | #include "prov/providercommon.h" |
25 | | #include "prov/provider_ctx.h" |
26 | | #include "crypto/rsa.h" |
27 | | #include "crypto/cryptlib.h" |
28 | | #include "internal/fips.h" |
29 | | #include "internal/param_build_set.h" |
30 | | |
31 | | static OSSL_FUNC_keymgmt_new_fn rsa_newdata; |
32 | | static OSSL_FUNC_keymgmt_new_fn rsapss_newdata; |
33 | | static OSSL_FUNC_keymgmt_gen_init_fn rsa_gen_init; |
34 | | static OSSL_FUNC_keymgmt_gen_init_fn rsapss_gen_init; |
35 | | static OSSL_FUNC_keymgmt_gen_set_params_fn rsa_gen_set_params; |
36 | | static OSSL_FUNC_keymgmt_gen_settable_params_fn rsa_gen_settable_params; |
37 | | static OSSL_FUNC_keymgmt_gen_settable_params_fn rsapss_gen_settable_params; |
38 | | static OSSL_FUNC_keymgmt_gen_fn rsa_gen; |
39 | | static OSSL_FUNC_keymgmt_gen_cleanup_fn rsa_gen_cleanup; |
40 | | static OSSL_FUNC_keymgmt_load_fn rsa_load; |
41 | | static OSSL_FUNC_keymgmt_load_fn rsapss_load; |
42 | | static OSSL_FUNC_keymgmt_free_fn rsa_freedata; |
43 | | static OSSL_FUNC_keymgmt_get_params_fn rsa_get_params; |
44 | | static OSSL_FUNC_keymgmt_gettable_params_fn rsa_gettable_params; |
45 | | static OSSL_FUNC_keymgmt_has_fn rsa_has; |
46 | | static OSSL_FUNC_keymgmt_match_fn rsa_match; |
47 | | static OSSL_FUNC_keymgmt_validate_fn rsa_validate; |
48 | | static OSSL_FUNC_keymgmt_import_fn rsa_import; |
49 | | static OSSL_FUNC_keymgmt_import_types_fn rsa_import_types; |
50 | | static OSSL_FUNC_keymgmt_export_fn rsa_export; |
51 | | static OSSL_FUNC_keymgmt_export_types_fn rsa_export_types; |
52 | | static OSSL_FUNC_keymgmt_query_operation_name_fn rsa_query_operation_name; |
53 | | static OSSL_FUNC_keymgmt_dup_fn rsa_dup; |
54 | | |
55 | 0 | #define RSA_DEFAULT_MD "SHA256" |
56 | | #define RSA_POSSIBLE_SELECTIONS \ |
57 | 0 | (OSSL_KEYMGMT_SELECT_KEYPAIR | OSSL_KEYMGMT_SELECT_OTHER_PARAMETERS) |
58 | | |
59 | | DEFINE_STACK_OF(BIGNUM) |
60 | | DEFINE_SPECIAL_STACK_OF_CONST(BIGNUM_const, BIGNUM) |
61 | | |
62 | | static int pss_params_fromdata(RSA_PSS_PARAMS_30 *pss_params, int *defaults_set, |
63 | | const OSSL_PARAM params[], int rsa_type, |
64 | | OSSL_LIB_CTX *libctx) |
65 | 0 | { |
66 | 0 | if (!ossl_rsa_pss_params_30_fromdata(pss_params, defaults_set, |
67 | 0 | params, libctx)) |
68 | 0 | return 0; |
69 | | |
70 | | /* If not a PSS type RSA, sending us PSS parameters is wrong */ |
71 | 0 | if (rsa_type != RSA_FLAG_TYPE_RSASSAPSS |
72 | 0 | && !ossl_rsa_pss_params_30_is_unrestricted(pss_params)) |
73 | 0 | return 0; |
74 | | |
75 | 0 | return 1; |
76 | 0 | } |
77 | | |
78 | | static void *rsa_newdata(void *provctx) |
79 | 0 | { |
80 | 0 | OSSL_LIB_CTX *libctx = PROV_LIBCTX_OF(provctx); |
81 | 0 | RSA *rsa; |
82 | |
|
83 | 0 | if (!ossl_prov_is_running()) |
84 | 0 | return NULL; |
85 | | |
86 | 0 | rsa = ossl_rsa_new_with_ctx(libctx); |
87 | 0 | if (rsa != NULL) { |
88 | 0 | RSA_clear_flags(rsa, RSA_FLAG_TYPE_MASK); |
89 | 0 | RSA_set_flags(rsa, RSA_FLAG_TYPE_RSA); |
90 | 0 | } |
91 | 0 | return rsa; |
92 | 0 | } |
93 | | |
94 | | static void *rsapss_newdata(void *provctx) |
95 | 0 | { |
96 | 0 | OSSL_LIB_CTX *libctx = PROV_LIBCTX_OF(provctx); |
97 | 0 | RSA *rsa; |
98 | |
|
99 | 0 | if (!ossl_prov_is_running()) |
100 | 0 | return NULL; |
101 | | |
102 | 0 | rsa = ossl_rsa_new_with_ctx(libctx); |
103 | 0 | if (rsa != NULL) { |
104 | 0 | RSA_clear_flags(rsa, RSA_FLAG_TYPE_MASK); |
105 | 0 | RSA_set_flags(rsa, RSA_FLAG_TYPE_RSASSAPSS); |
106 | 0 | } |
107 | 0 | return rsa; |
108 | 0 | } |
109 | | |
110 | | static void rsa_freedata(void *keydata) |
111 | 0 | { |
112 | 0 | RSA_free(keydata); |
113 | 0 | } |
114 | | |
115 | | static int rsa_has(const void *keydata, int selection) |
116 | 0 | { |
117 | 0 | const RSA *rsa = keydata; |
118 | 0 | int ok = 1; |
119 | |
|
120 | 0 | if (rsa == NULL || !ossl_prov_is_running()) |
121 | 0 | return 0; |
122 | 0 | if ((selection & RSA_POSSIBLE_SELECTIONS) == 0) |
123 | 0 | return 1; /* the selection is not missing */ |
124 | | |
125 | | /* OSSL_KEYMGMT_SELECT_OTHER_PARAMETERS are always available even if empty */ |
126 | 0 | if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) |
127 | 0 | ok = ok && (RSA_get0_n(rsa) != NULL); |
128 | 0 | if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) |
129 | 0 | ok = ok && (RSA_get0_e(rsa) != NULL); |
130 | 0 | if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) |
131 | 0 | ok = ok && (RSA_get0_d(rsa) != NULL); |
132 | 0 | return ok; |
133 | 0 | } |
134 | | |
135 | | static int rsa_match(const void *keydata1, const void *keydata2, int selection) |
136 | 0 | { |
137 | 0 | const RSA *rsa1 = keydata1; |
138 | 0 | const RSA *rsa2 = keydata2; |
139 | 0 | int ok = 1; |
140 | |
|
141 | 0 | if (!ossl_prov_is_running()) |
142 | 0 | return 0; |
143 | | |
144 | | /* There is always an |e| */ |
145 | 0 | ok = ok && BN_cmp(RSA_get0_e(rsa1), RSA_get0_e(rsa2)) == 0; |
146 | 0 | if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) { |
147 | 0 | int key_checked = 0; |
148 | |
|
149 | 0 | if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) { |
150 | 0 | const BIGNUM *pa = RSA_get0_n(rsa1); |
151 | 0 | const BIGNUM *pb = RSA_get0_n(rsa2); |
152 | |
|
153 | 0 | if (pa != NULL && pb != NULL) { |
154 | 0 | ok = ok && BN_cmp(pa, pb) == 0; |
155 | 0 | key_checked = 1; |
156 | 0 | } |
157 | 0 | } |
158 | 0 | if (!key_checked |
159 | 0 | && (selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) { |
160 | 0 | const BIGNUM *pa = RSA_get0_d(rsa1); |
161 | 0 | const BIGNUM *pb = RSA_get0_d(rsa2); |
162 | |
|
163 | 0 | if (pa != NULL && pb != NULL) { |
164 | 0 | ok = ok && BN_cmp(pa, pb) == 0; |
165 | 0 | key_checked = 1; |
166 | 0 | } |
167 | 0 | } |
168 | 0 | ok = ok && key_checked; |
169 | 0 | } |
170 | 0 | return ok; |
171 | 0 | } |
172 | | |
173 | | static int rsa_import(void *keydata, int selection, const OSSL_PARAM params[]) |
174 | 0 | { |
175 | 0 | RSA *rsa = keydata; |
176 | 0 | int rsa_type; |
177 | 0 | int ok = 1; |
178 | 0 | int pss_defaults_set = 0; |
179 | |
|
180 | 0 | if (!ossl_prov_is_running() || rsa == NULL) |
181 | 0 | return 0; |
182 | | |
183 | 0 | if ((selection & RSA_POSSIBLE_SELECTIONS) == 0) |
184 | 0 | return 0; |
185 | | |
186 | 0 | rsa_type = RSA_test_flags(rsa, RSA_FLAG_TYPE_MASK); |
187 | |
|
188 | 0 | if ((selection & OSSL_KEYMGMT_SELECT_OTHER_PARAMETERS) != 0) |
189 | 0 | ok = ok && pss_params_fromdata(ossl_rsa_get0_pss_params_30(rsa), |
190 | 0 | &pss_defaults_set, |
191 | 0 | params, rsa_type, |
192 | 0 | ossl_rsa_get0_libctx(rsa)); |
193 | 0 | if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) { |
194 | 0 | int include_private = |
195 | 0 | selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY ? 1 : 0; |
196 | |
|
197 | 0 | ok = ok && ossl_rsa_fromdata(rsa, params, include_private); |
198 | 0 | } |
199 | |
|
200 | 0 | return ok; |
201 | 0 | } |
202 | | |
203 | | static int rsa_export(void *keydata, int selection, |
204 | | OSSL_CALLBACK *param_callback, void *cbarg) |
205 | 0 | { |
206 | 0 | RSA *rsa = keydata; |
207 | 0 | const RSA_PSS_PARAMS_30 *pss_params = ossl_rsa_get0_pss_params_30(rsa); |
208 | 0 | OSSL_PARAM_BLD *tmpl; |
209 | 0 | OSSL_PARAM *params = NULL; |
210 | 0 | int ok = 1; |
211 | |
|
212 | 0 | if (!ossl_prov_is_running() || rsa == NULL) |
213 | 0 | return 0; |
214 | | |
215 | 0 | if ((selection & RSA_POSSIBLE_SELECTIONS) == 0) |
216 | 0 | return 0; |
217 | | |
218 | 0 | tmpl = OSSL_PARAM_BLD_new(); |
219 | 0 | if (tmpl == NULL) |
220 | 0 | return 0; |
221 | | |
222 | 0 | if ((selection & OSSL_KEYMGMT_SELECT_OTHER_PARAMETERS) != 0) |
223 | 0 | ok = ok && (ossl_rsa_pss_params_30_is_unrestricted(pss_params) |
224 | 0 | || ossl_rsa_pss_params_30_todata(pss_params, tmpl, NULL)); |
225 | 0 | if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) { |
226 | 0 | int include_private = |
227 | 0 | selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY ? 1 : 0; |
228 | |
|
229 | 0 | ok = ok && ossl_rsa_todata(rsa, tmpl, NULL, include_private); |
230 | 0 | } |
231 | |
|
232 | 0 | if (!ok || (params = OSSL_PARAM_BLD_to_param(tmpl)) == NULL) { |
233 | 0 | ok = 0; |
234 | 0 | goto err; |
235 | 0 | } |
236 | | |
237 | 0 | ok = param_callback(params, cbarg); |
238 | 0 | OSSL_PARAM_clear_free(params); |
239 | 0 | err: |
240 | 0 | OSSL_PARAM_BLD_free(tmpl); |
241 | 0 | return ok; |
242 | 0 | } |
243 | | |
244 | | #ifdef FIPS_MODULE |
245 | | /* In fips mode there are no multi-primes. */ |
246 | | # define RSA_KEY_MP_TYPES() \ |
247 | | OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR1, NULL, 0), \ |
248 | | OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR2, NULL, 0), \ |
249 | | OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT1, NULL, 0), \ |
250 | | OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT2, NULL, 0), \ |
251 | | OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_COEFFICIENT1, NULL, 0), |
252 | | #else |
253 | | /* |
254 | | * We allow up to 10 prime factors (starting with p, q). |
255 | | * NOTE: there is only 9 OSSL_PKEY_PARAM_RSA_COEFFICIENT |
256 | | */ |
257 | | # define RSA_KEY_MP_TYPES() \ |
258 | | OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR1, NULL, 0), \ |
259 | | OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR2, NULL, 0), \ |
260 | | OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR3, NULL, 0), \ |
261 | | OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR4, NULL, 0), \ |
262 | | OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR5, NULL, 0), \ |
263 | | OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR6, NULL, 0), \ |
264 | | OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR7, NULL, 0), \ |
265 | | OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR8, NULL, 0), \ |
266 | | OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR9, NULL, 0), \ |
267 | | OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR10, NULL, 0), \ |
268 | | OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT1, NULL, 0), \ |
269 | | OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT2, NULL, 0), \ |
270 | | OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT3, NULL, 0), \ |
271 | | OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT4, NULL, 0), \ |
272 | | OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT5, NULL, 0), \ |
273 | | OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT6, NULL, 0), \ |
274 | | OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT7, NULL, 0), \ |
275 | | OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT8, NULL, 0), \ |
276 | | OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT9, NULL, 0), \ |
277 | | OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT10, NULL, 0), \ |
278 | | OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_COEFFICIENT1, NULL, 0), \ |
279 | | OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_COEFFICIENT2, NULL, 0), \ |
280 | | OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_COEFFICIENT3, NULL, 0), \ |
281 | | OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_COEFFICIENT4, NULL, 0), \ |
282 | | OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_COEFFICIENT5, NULL, 0), \ |
283 | | OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_COEFFICIENT6, NULL, 0), \ |
284 | | OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_COEFFICIENT7, NULL, 0), \ |
285 | | OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_COEFFICIENT8, NULL, 0), \ |
286 | | OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_COEFFICIENT9, NULL, 0), |
287 | | #endif |
288 | | |
289 | | #define RSA_KEY_TYPES() \ |
290 | | OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_N, NULL, 0), \ |
291 | | OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_E, NULL, 0), \ |
292 | | OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_D, NULL, 0), \ |
293 | | RSA_KEY_MP_TYPES() |
294 | | |
295 | | /* |
296 | | * This provider can export everything in an RSA key, so we use the exact |
297 | | * same type description for export as for import. Other providers might |
298 | | * choose to import full keys, but only export the public parts, and will |
299 | | * therefore have the importkey_types and importkey_types functions return |
300 | | * different arrays. |
301 | | */ |
302 | | static const OSSL_PARAM rsa_key_types[] = { |
303 | | RSA_KEY_TYPES() |
304 | | OSSL_PARAM_END |
305 | | }; |
306 | | /* |
307 | | * We lied about the amount of factors, exponents and coefficients, the |
308 | | * export and import functions can really deal with an infinite amount |
309 | | * of these numbers. However, RSA keys with too many primes are futile, |
310 | | * so we at least pretend to have some limits. |
311 | | */ |
312 | | |
313 | | static const OSSL_PARAM *rsa_imexport_types(int selection) |
314 | 0 | { |
315 | 0 | if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) |
316 | 0 | return rsa_key_types; |
317 | 0 | return NULL; |
318 | 0 | } |
319 | | |
320 | | static const OSSL_PARAM *rsa_import_types(int selection) |
321 | 0 | { |
322 | 0 | return rsa_imexport_types(selection); |
323 | 0 | } |
324 | | |
325 | | static const OSSL_PARAM *rsa_export_types(int selection) |
326 | 0 | { |
327 | 0 | return rsa_imexport_types(selection); |
328 | 0 | } |
329 | | |
330 | | static int rsa_get_params(void *key, OSSL_PARAM params[]) |
331 | 0 | { |
332 | 0 | RSA *rsa = key; |
333 | 0 | const RSA_PSS_PARAMS_30 *pss_params = ossl_rsa_get0_pss_params_30(rsa); |
334 | 0 | int rsa_type = RSA_test_flags(rsa, RSA_FLAG_TYPE_MASK); |
335 | 0 | OSSL_PARAM *p; |
336 | 0 | int empty = RSA_get0_n(rsa) == NULL; |
337 | |
|
338 | 0 | if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_BITS)) != NULL |
339 | 0 | && (empty || !OSSL_PARAM_set_int(p, RSA_bits(rsa)))) |
340 | 0 | return 0; |
341 | 0 | if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_SECURITY_BITS)) != NULL |
342 | 0 | && (empty || !OSSL_PARAM_set_int(p, RSA_security_bits(rsa)))) |
343 | 0 | return 0; |
344 | 0 | if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_MAX_SIZE)) != NULL |
345 | 0 | && (empty || !OSSL_PARAM_set_int(p, RSA_size(rsa)))) |
346 | 0 | return 0; |
347 | 0 | if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_SECURITY_CATEGORY)) != NULL) |
348 | 0 | if (!OSSL_PARAM_set_int(p, 0)) |
349 | 0 | return 0; |
350 | | |
351 | | /* |
352 | | * For restricted RSA-PSS keys, we ignore the default digest request. |
353 | | * With RSA-OAEP keys, this may need to be amended. |
354 | | */ |
355 | 0 | if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_DEFAULT_DIGEST)) != NULL |
356 | 0 | && (rsa_type != RSA_FLAG_TYPE_RSASSAPSS |
357 | 0 | || ossl_rsa_pss_params_30_is_unrestricted(pss_params))) { |
358 | 0 | if (!OSSL_PARAM_set_utf8_string(p, RSA_DEFAULT_MD)) |
359 | 0 | return 0; |
360 | 0 | } |
361 | | |
362 | | /* |
363 | | * For non-RSA-PSS keys, we ignore the mandatory digest request. |
364 | | * With RSA-OAEP keys, this may need to be amended. |
365 | | */ |
366 | 0 | if ((p = OSSL_PARAM_locate(params, |
367 | 0 | OSSL_PKEY_PARAM_MANDATORY_DIGEST)) != NULL |
368 | 0 | && rsa_type == RSA_FLAG_TYPE_RSASSAPSS |
369 | 0 | && !ossl_rsa_pss_params_30_is_unrestricted(pss_params)) { |
370 | 0 | const char *mdname = |
371 | 0 | ossl_rsa_oaeppss_nid2name(ossl_rsa_pss_params_30_hashalg(pss_params)); |
372 | |
|
373 | 0 | if (mdname == NULL || !OSSL_PARAM_set_utf8_string(p, mdname)) |
374 | 0 | return 0; |
375 | 0 | } |
376 | 0 | return (rsa_type != RSA_FLAG_TYPE_RSASSAPSS |
377 | 0 | || ossl_rsa_pss_params_30_todata(pss_params, NULL, params)) |
378 | 0 | && ossl_rsa_todata(rsa, NULL, params, 1); |
379 | 0 | } |
380 | | |
381 | | static const OSSL_PARAM rsa_params[] = { |
382 | | OSSL_PARAM_int(OSSL_PKEY_PARAM_BITS, NULL), |
383 | | OSSL_PARAM_int(OSSL_PKEY_PARAM_SECURITY_BITS, NULL), |
384 | | OSSL_PARAM_int(OSSL_PKEY_PARAM_MAX_SIZE, NULL), |
385 | | OSSL_PARAM_int(OSSL_PKEY_PARAM_SECURITY_CATEGORY, NULL), |
386 | | OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_DEFAULT_DIGEST, NULL, 0), |
387 | | RSA_KEY_TYPES() |
388 | | OSSL_PARAM_END |
389 | | }; |
390 | | |
391 | | static const OSSL_PARAM *rsa_gettable_params(void *provctx) |
392 | 0 | { |
393 | 0 | return rsa_params; |
394 | 0 | } |
395 | | |
396 | | static int rsa_validate(const void *keydata, int selection, int checktype) |
397 | 0 | { |
398 | 0 | const RSA *rsa = keydata; |
399 | 0 | int ok = 1; |
400 | |
|
401 | 0 | if (!ossl_prov_is_running()) |
402 | 0 | return 0; |
403 | | |
404 | 0 | if ((selection & RSA_POSSIBLE_SELECTIONS) == 0) |
405 | 0 | return 1; /* nothing to validate */ |
406 | | |
407 | | /* If the whole key is selected, we do a pairwise validation */ |
408 | 0 | if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) |
409 | 0 | == OSSL_KEYMGMT_SELECT_KEYPAIR) { |
410 | 0 | ok = ok && ossl_rsa_validate_pairwise(rsa); |
411 | 0 | } else { |
412 | 0 | if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) |
413 | 0 | ok = ok && ossl_rsa_validate_private(rsa); |
414 | 0 | if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) |
415 | 0 | ok = ok && ossl_rsa_validate_public(rsa); |
416 | 0 | } |
417 | 0 | return ok; |
418 | 0 | } |
419 | | |
420 | | struct rsa_gen_ctx { |
421 | | OSSL_LIB_CTX *libctx; |
422 | | const char *propq; |
423 | | |
424 | | int rsa_type; |
425 | | |
426 | | size_t nbits; |
427 | | BIGNUM *pub_exp; |
428 | | size_t primes; |
429 | | |
430 | | /* For PSS */ |
431 | | RSA_PSS_PARAMS_30 pss_params; |
432 | | int pss_defaults_set; |
433 | | |
434 | | /* For generation callback */ |
435 | | OSSL_CALLBACK *cb; |
436 | | void *cbarg; |
437 | | |
438 | | #if defined(FIPS_MODULE) && !defined(OPENSSL_NO_ACVP_TESTS) |
439 | | /* ACVP test parameters */ |
440 | | OSSL_PARAM *acvp_test_params; |
441 | | #endif |
442 | | uint32_t a, b; |
443 | | }; |
444 | | |
445 | | static int rsa_gencb(int p, int n, BN_GENCB *cb) |
446 | 0 | { |
447 | 0 | struct rsa_gen_ctx *gctx = BN_GENCB_get_arg(cb); |
448 | 0 | OSSL_PARAM params[] = { OSSL_PARAM_END, OSSL_PARAM_END, OSSL_PARAM_END }; |
449 | |
|
450 | 0 | params[0] = OSSL_PARAM_construct_int(OSSL_GEN_PARAM_POTENTIAL, &p); |
451 | 0 | params[1] = OSSL_PARAM_construct_int(OSSL_GEN_PARAM_ITERATION, &n); |
452 | 0 | return gctx->cb(params, gctx->cbarg); |
453 | 0 | } |
454 | | |
455 | | static void *gen_init(void *provctx, int selection, int rsa_type, |
456 | | const OSSL_PARAM params[]) |
457 | 0 | { |
458 | 0 | OSSL_LIB_CTX *libctx = PROV_LIBCTX_OF(provctx); |
459 | 0 | struct rsa_gen_ctx *gctx = NULL; |
460 | |
|
461 | 0 | if (!ossl_prov_is_running()) |
462 | 0 | return NULL; |
463 | | |
464 | 0 | if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) == 0) |
465 | 0 | return NULL; |
466 | | |
467 | 0 | if ((gctx = OPENSSL_zalloc(sizeof(*gctx))) != NULL) { |
468 | 0 | gctx->libctx = libctx; |
469 | 0 | if ((gctx->pub_exp = BN_new()) == NULL |
470 | 0 | || !BN_set_word(gctx->pub_exp, RSA_F4)) { |
471 | 0 | goto err; |
472 | 0 | } |
473 | 0 | gctx->nbits = 2048; |
474 | 0 | gctx->primes = RSA_DEFAULT_PRIME_NUM; |
475 | 0 | gctx->rsa_type = rsa_type; |
476 | 0 | } else { |
477 | 0 | goto err; |
478 | 0 | } |
479 | | |
480 | 0 | if (!rsa_gen_set_params(gctx, params)) |
481 | 0 | goto err; |
482 | 0 | return gctx; |
483 | | |
484 | 0 | err: |
485 | 0 | if (gctx != NULL) |
486 | 0 | BN_free(gctx->pub_exp); |
487 | 0 | OPENSSL_free(gctx); |
488 | 0 | return NULL; |
489 | 0 | } |
490 | | |
491 | | static void *rsa_gen_init(void *provctx, int selection, |
492 | | const OSSL_PARAM params[]) |
493 | 0 | { |
494 | 0 | return gen_init(provctx, selection, RSA_FLAG_TYPE_RSA, params); |
495 | 0 | } |
496 | | |
497 | | static void *rsapss_gen_init(void *provctx, int selection, |
498 | | const OSSL_PARAM params[]) |
499 | 0 | { |
500 | 0 | return gen_init(provctx, selection, RSA_FLAG_TYPE_RSASSAPSS, params); |
501 | 0 | } |
502 | | |
503 | | /* |
504 | | * This function is common for all RSA sub-types, to detect possible |
505 | | * misuse, such as PSS parameters being passed when a plain RSA key |
506 | | * is generated. |
507 | | */ |
508 | | static int rsa_gen_set_params(void *genctx, const OSSL_PARAM params[]) |
509 | 0 | { |
510 | 0 | struct rsa_gen_ctx *gctx = genctx; |
511 | 0 | const OSSL_PARAM *p; |
512 | |
|
513 | 0 | if (ossl_param_is_empty(params)) |
514 | 0 | return 1; |
515 | | |
516 | 0 | if ((p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_BITS)) != NULL) { |
517 | 0 | if (!OSSL_PARAM_get_size_t(p, &gctx->nbits)) |
518 | 0 | return 0; |
519 | 0 | if (gctx->nbits < RSA_MIN_MODULUS_BITS) { |
520 | 0 | ERR_raise(ERR_LIB_PROV, PROV_R_KEY_SIZE_TOO_SMALL); |
521 | 0 | return 0; |
522 | 0 | } |
523 | 0 | } |
524 | 0 | if ((p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_PRIMES)) != NULL |
525 | 0 | && !OSSL_PARAM_get_size_t(p, &gctx->primes)) |
526 | 0 | return 0; |
527 | 0 | if ((p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_E)) != NULL |
528 | 0 | && !OSSL_PARAM_get_BN(p, &gctx->pub_exp)) |
529 | 0 | return 0; |
530 | 0 | if ((p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_A)) != NULL) { |
531 | 0 | if (!OSSL_PARAM_get_uint32(p, &gctx->a)) |
532 | 0 | return 0; |
533 | | /* a is an optional value that should be one of (0, 1, 3, 5, 7) */ |
534 | 0 | if (gctx->a != 0 && (gctx->a > 7 || (gctx->a & 1) == 0)) { |
535 | 0 | ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_DATA); |
536 | 0 | return 0; |
537 | 0 | } |
538 | 0 | } |
539 | 0 | if ((p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_B)) != NULL) { |
540 | 0 | if (!OSSL_PARAM_get_uint32(p, &gctx->b)) |
541 | 0 | return 0; |
542 | | /* b is an optional value that should be one of (0, 1, 3, 5, 7) */ |
543 | 0 | if (gctx->b != 0 && (gctx->b > 7 || (gctx->b & 1) == 0)) { |
544 | 0 | ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_DATA); |
545 | 0 | return 0; |
546 | 0 | } |
547 | 0 | } |
548 | | |
549 | | /* Only attempt to get PSS parameters when generating an RSA-PSS key */ |
550 | 0 | if (gctx->rsa_type == RSA_FLAG_TYPE_RSASSAPSS |
551 | 0 | && !pss_params_fromdata(&gctx->pss_params, &gctx->pss_defaults_set, params, |
552 | 0 | gctx->rsa_type, gctx->libctx)) |
553 | 0 | return 0; |
554 | | #if defined(FIPS_MODULE) && !defined(OPENSSL_NO_ACVP_TESTS) |
555 | | /* Any ACVP test related parameters are copied into a params[] */ |
556 | | if (!ossl_rsa_acvp_test_gen_params_new(&gctx->acvp_test_params, params)) |
557 | | return 0; |
558 | | #endif |
559 | 0 | return 1; |
560 | 0 | } |
561 | | |
562 | | #define rsa_gen_basic \ |
563 | 0 | OSSL_PARAM_size_t(OSSL_PKEY_PARAM_RSA_BITS, NULL), \ |
564 | 0 | OSSL_PARAM_size_t(OSSL_PKEY_PARAM_RSA_PRIMES, NULL), \ |
565 | 0 | OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_E, NULL, 0), \ |
566 | 0 | OSSL_PARAM_uint32(OSSL_PKEY_PARAM_RSA_A, NULL), \ |
567 | 0 | OSSL_PARAM_uint32(OSSL_PKEY_PARAM_RSA_B, NULL) |
568 | | /* |
569 | | * The following must be kept in sync with ossl_rsa_pss_params_30_fromdata() |
570 | | * in crypto/rsa/rsa_backend.c |
571 | | */ |
572 | | #define rsa_gen_pss \ |
573 | 0 | OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_RSA_DIGEST, NULL, 0), \ |
574 | 0 | OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_RSA_DIGEST_PROPS, NULL, 0), \ |
575 | 0 | OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_RSA_MASKGENFUNC, NULL, 0), \ |
576 | 0 | OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_RSA_MGF1_DIGEST, NULL, 0), \ |
577 | 0 | OSSL_PARAM_int(OSSL_PKEY_PARAM_RSA_PSS_SALTLEN, NULL) |
578 | | |
579 | | static const OSSL_PARAM *rsa_gen_settable_params(ossl_unused void *genctx, |
580 | | ossl_unused void *provctx) |
581 | 0 | { |
582 | 0 | static OSSL_PARAM settable[] = { |
583 | 0 | rsa_gen_basic, |
584 | 0 | OSSL_PARAM_END |
585 | 0 | }; |
586 | |
|
587 | 0 | return settable; |
588 | 0 | } |
589 | | |
590 | | static const OSSL_PARAM *rsapss_gen_settable_params(ossl_unused void *genctx, |
591 | | ossl_unused void *provctx) |
592 | 0 | { |
593 | 0 | static OSSL_PARAM settable[] = { |
594 | 0 | rsa_gen_basic, |
595 | 0 | rsa_gen_pss, |
596 | 0 | OSSL_PARAM_END |
597 | 0 | }; |
598 | |
|
599 | 0 | return settable; |
600 | 0 | } |
601 | | |
602 | | static void *rsa_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg) |
603 | 0 | { |
604 | 0 | struct rsa_gen_ctx *gctx = genctx; |
605 | 0 | RSA *rsa = NULL, *rsa_tmp = NULL; |
606 | 0 | BN_GENCB *gencb = NULL; |
607 | |
|
608 | 0 | if (!ossl_prov_is_running() || gctx == NULL) |
609 | 0 | return NULL; |
610 | | |
611 | 0 | switch (gctx->rsa_type) { |
612 | 0 | case RSA_FLAG_TYPE_RSA: |
613 | | /* For plain RSA keys, PSS parameters must not be set */ |
614 | 0 | if (!ossl_rsa_pss_params_30_is_unrestricted(&gctx->pss_params)) |
615 | 0 | goto err; |
616 | 0 | break; |
617 | 0 | case RSA_FLAG_TYPE_RSASSAPSS: |
618 | | /* |
619 | | * For plain RSA-PSS keys, PSS parameters may be set but don't have |
620 | | * to, so not check. |
621 | | */ |
622 | 0 | break; |
623 | 0 | default: |
624 | | /* Unsupported RSA key sub-type... */ |
625 | 0 | return NULL; |
626 | 0 | } |
627 | | |
628 | 0 | if ((rsa_tmp = ossl_rsa_new_with_ctx(gctx->libctx)) == NULL) |
629 | 0 | return NULL; |
630 | | |
631 | 0 | gctx->cb = osslcb; |
632 | 0 | gctx->cbarg = cbarg; |
633 | 0 | gencb = BN_GENCB_new(); |
634 | 0 | if (gencb != NULL) |
635 | 0 | BN_GENCB_set(gencb, rsa_gencb, genctx); |
636 | |
|
637 | | #if defined(FIPS_MODULE) && !defined(OPENSSL_NO_ACVP_TESTS) |
638 | | if (gctx->acvp_test_params != NULL) { |
639 | | if (!ossl_rsa_acvp_test_set_params(rsa_tmp, gctx->acvp_test_params)) |
640 | | goto err; |
641 | | } |
642 | | #endif |
643 | |
|
644 | 0 | if (!ossl_rsa_generate_multi_prime_key(rsa_tmp, |
645 | 0 | (int)gctx->nbits, (int)gctx->primes, |
646 | 0 | gctx->pub_exp, gencb, |
647 | 0 | gctx->a, gctx->b)) |
648 | 0 | goto err; |
649 | | |
650 | 0 | if (!ossl_rsa_pss_params_30_copy(ossl_rsa_get0_pss_params_30(rsa_tmp), |
651 | 0 | &gctx->pss_params)) |
652 | 0 | goto err; |
653 | | |
654 | 0 | RSA_clear_flags(rsa_tmp, RSA_FLAG_TYPE_MASK); |
655 | 0 | RSA_set_flags(rsa_tmp, gctx->rsa_type); |
656 | |
|
657 | 0 | rsa = rsa_tmp; |
658 | 0 | rsa_tmp = NULL; |
659 | 0 | err: |
660 | 0 | BN_GENCB_free(gencb); |
661 | 0 | RSA_free(rsa_tmp); |
662 | 0 | return rsa; |
663 | 0 | } |
664 | | |
665 | | static void rsa_gen_cleanup(void *genctx) |
666 | 0 | { |
667 | 0 | struct rsa_gen_ctx *gctx = genctx; |
668 | |
|
669 | 0 | if (gctx == NULL) |
670 | 0 | return; |
671 | | #if defined(FIPS_MODULE) && !defined(OPENSSL_NO_ACVP_TESTS) |
672 | | ossl_rsa_acvp_test_gen_params_free(gctx->acvp_test_params); |
673 | | gctx->acvp_test_params = NULL; |
674 | | #endif |
675 | 0 | BN_clear_free(gctx->pub_exp); |
676 | 0 | OPENSSL_free(gctx); |
677 | 0 | } |
678 | | |
679 | | static void *common_load(const void *reference, size_t reference_sz, |
680 | | int expected_rsa_type) |
681 | 0 | { |
682 | 0 | RSA *rsa = NULL; |
683 | |
|
684 | 0 | if (ossl_prov_is_running() && reference_sz == sizeof(rsa)) { |
685 | | /* The contents of the reference is the address to our object */ |
686 | 0 | rsa = *(RSA **)reference; |
687 | |
|
688 | 0 | if (RSA_test_flags(rsa, RSA_FLAG_TYPE_MASK) != expected_rsa_type) |
689 | 0 | return NULL; |
690 | | |
691 | | /* We grabbed, so we detach it */ |
692 | 0 | *(RSA **)reference = NULL; |
693 | 0 | return rsa; |
694 | 0 | } |
695 | 0 | return NULL; |
696 | 0 | } |
697 | | |
698 | | static void *rsa_load(const void *reference, size_t reference_sz) |
699 | 0 | { |
700 | 0 | return common_load(reference, reference_sz, RSA_FLAG_TYPE_RSA); |
701 | 0 | } |
702 | | |
703 | | static void *rsapss_load(const void *reference, size_t reference_sz) |
704 | 0 | { |
705 | 0 | return common_load(reference, reference_sz, RSA_FLAG_TYPE_RSASSAPSS); |
706 | 0 | } |
707 | | |
708 | | static void *rsa_dup(const void *keydata_from, int selection) |
709 | 0 | { |
710 | 0 | if (ossl_prov_is_running() |
711 | | /* do not allow creating empty keys by duplication */ |
712 | 0 | && (selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) |
713 | 0 | return ossl_rsa_dup(keydata_from, selection); |
714 | 0 | return NULL; |
715 | 0 | } |
716 | | |
717 | | /* For any RSA key, we use the "RSA" algorithms regardless of sub-type. */ |
718 | | static const char *rsa_query_operation_name(int operation_id) |
719 | 0 | { |
720 | 0 | return "RSA"; |
721 | 0 | } |
722 | | |
723 | | const OSSL_DISPATCH ossl_rsa_keymgmt_functions[] = { |
724 | | { OSSL_FUNC_KEYMGMT_NEW, (void (*)(void))rsa_newdata }, |
725 | | { OSSL_FUNC_KEYMGMT_GEN_INIT, (void (*)(void))rsa_gen_init }, |
726 | | { OSSL_FUNC_KEYMGMT_GEN_SET_PARAMS, |
727 | | (void (*)(void))rsa_gen_set_params }, |
728 | | { OSSL_FUNC_KEYMGMT_GEN_SETTABLE_PARAMS, |
729 | | (void (*)(void))rsa_gen_settable_params }, |
730 | | { OSSL_FUNC_KEYMGMT_GEN, (void (*)(void))rsa_gen }, |
731 | | { OSSL_FUNC_KEYMGMT_GEN_CLEANUP, (void (*)(void))rsa_gen_cleanup }, |
732 | | { OSSL_FUNC_KEYMGMT_LOAD, (void (*)(void))rsa_load }, |
733 | | { OSSL_FUNC_KEYMGMT_FREE, (void (*)(void))rsa_freedata }, |
734 | | { OSSL_FUNC_KEYMGMT_GET_PARAMS, (void (*) (void))rsa_get_params }, |
735 | | { OSSL_FUNC_KEYMGMT_GETTABLE_PARAMS, (void (*) (void))rsa_gettable_params }, |
736 | | { OSSL_FUNC_KEYMGMT_HAS, (void (*)(void))rsa_has }, |
737 | | { OSSL_FUNC_KEYMGMT_MATCH, (void (*)(void))rsa_match }, |
738 | | { OSSL_FUNC_KEYMGMT_VALIDATE, (void (*)(void))rsa_validate }, |
739 | | { OSSL_FUNC_KEYMGMT_IMPORT, (void (*)(void))rsa_import }, |
740 | | { OSSL_FUNC_KEYMGMT_IMPORT_TYPES, (void (*)(void))rsa_import_types }, |
741 | | { OSSL_FUNC_KEYMGMT_EXPORT, (void (*)(void))rsa_export }, |
742 | | { OSSL_FUNC_KEYMGMT_EXPORT_TYPES, (void (*)(void))rsa_export_types }, |
743 | | { OSSL_FUNC_KEYMGMT_DUP, (void (*)(void))rsa_dup }, |
744 | | OSSL_DISPATCH_END |
745 | | }; |
746 | | |
747 | | const OSSL_DISPATCH ossl_rsapss_keymgmt_functions[] = { |
748 | | { OSSL_FUNC_KEYMGMT_NEW, (void (*)(void))rsapss_newdata }, |
749 | | { OSSL_FUNC_KEYMGMT_GEN_INIT, (void (*)(void))rsapss_gen_init }, |
750 | | { OSSL_FUNC_KEYMGMT_GEN_SET_PARAMS, (void (*)(void))rsa_gen_set_params }, |
751 | | { OSSL_FUNC_KEYMGMT_GEN_SETTABLE_PARAMS, |
752 | | (void (*)(void))rsapss_gen_settable_params }, |
753 | | { OSSL_FUNC_KEYMGMT_GEN, (void (*)(void))rsa_gen }, |
754 | | { OSSL_FUNC_KEYMGMT_GEN_CLEANUP, (void (*)(void))rsa_gen_cleanup }, |
755 | | { OSSL_FUNC_KEYMGMT_LOAD, (void (*)(void))rsapss_load }, |
756 | | { OSSL_FUNC_KEYMGMT_FREE, (void (*)(void))rsa_freedata }, |
757 | | { OSSL_FUNC_KEYMGMT_GET_PARAMS, (void (*) (void))rsa_get_params }, |
758 | | { OSSL_FUNC_KEYMGMT_GETTABLE_PARAMS, (void (*) (void))rsa_gettable_params }, |
759 | | { OSSL_FUNC_KEYMGMT_HAS, (void (*)(void))rsa_has }, |
760 | | { OSSL_FUNC_KEYMGMT_MATCH, (void (*)(void))rsa_match }, |
761 | | { OSSL_FUNC_KEYMGMT_VALIDATE, (void (*)(void))rsa_validate }, |
762 | | { OSSL_FUNC_KEYMGMT_IMPORT, (void (*)(void))rsa_import }, |
763 | | { OSSL_FUNC_KEYMGMT_IMPORT_TYPES, (void (*)(void))rsa_import_types }, |
764 | | { OSSL_FUNC_KEYMGMT_EXPORT, (void (*)(void))rsa_export }, |
765 | | { OSSL_FUNC_KEYMGMT_EXPORT_TYPES, (void (*)(void))rsa_export_types }, |
766 | | { OSSL_FUNC_KEYMGMT_QUERY_OPERATION_NAME, |
767 | | (void (*)(void))rsa_query_operation_name }, |
768 | | { OSSL_FUNC_KEYMGMT_DUP, (void (*)(void))rsa_dup }, |
769 | | OSSL_DISPATCH_END |
770 | | }; |