1 /* 2 * Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved. 3 * 4 * Licensed under the Apache License 2.0 (the "License"). You may not use 5 * this file except in compliance with the License. You can obtain a copy 6 * in the file LICENSE in the source distribution or at 7 * https://www.openssl.org/source/license.html 8 */ 9 10 /* 11 * RSA low level APIs are deprecated for public use, but still ok for 12 * internal use. 13 */ 14 #include "internal/deprecated.h" 15 16 #include <openssl/core_dispatch.h> 17 #include <openssl/core_names.h> 18 #include <openssl/bn.h> 19 #include <openssl/err.h> 20 #include <openssl/rsa.h> 21 #include <openssl/evp.h> 22 #include <openssl/proverr.h> 23 #include "prov/implementations.h" 24 #include "prov/providercommon.h" 25 #include "prov/provider_ctx.h" 26 #include "crypto/rsa.h" 27 #include "crypto/cryptlib.h" 28 #include "internal/fips.h" 29 #include "internal/param_build_set.h" 30 31 static OSSL_FUNC_keymgmt_new_fn rsa_newdata; 32 static OSSL_FUNC_keymgmt_new_fn rsapss_newdata; 33 static OSSL_FUNC_keymgmt_gen_init_fn rsa_gen_init; 34 static OSSL_FUNC_keymgmt_gen_init_fn rsapss_gen_init; 35 static OSSL_FUNC_keymgmt_gen_set_params_fn rsa_gen_set_params; 36 static OSSL_FUNC_keymgmt_gen_settable_params_fn rsa_gen_settable_params; 37 static OSSL_FUNC_keymgmt_gen_settable_params_fn rsapss_gen_settable_params; 38 static OSSL_FUNC_keymgmt_gen_fn rsa_gen; 39 static OSSL_FUNC_keymgmt_gen_cleanup_fn rsa_gen_cleanup; 40 static OSSL_FUNC_keymgmt_load_fn rsa_load; 41 static OSSL_FUNC_keymgmt_load_fn rsapss_load; 42 static OSSL_FUNC_keymgmt_free_fn rsa_freedata; 43 static OSSL_FUNC_keymgmt_get_params_fn rsa_get_params; 44 static OSSL_FUNC_keymgmt_gettable_params_fn rsa_gettable_params; 45 static OSSL_FUNC_keymgmt_has_fn rsa_has; 46 static OSSL_FUNC_keymgmt_match_fn rsa_match; 47 static OSSL_FUNC_keymgmt_validate_fn rsa_validate; 48 static OSSL_FUNC_keymgmt_import_fn rsa_import; 49 static OSSL_FUNC_keymgmt_import_types_fn rsa_import_types; 50 static OSSL_FUNC_keymgmt_export_fn rsa_export; 51 static OSSL_FUNC_keymgmt_export_types_fn rsa_export_types; 52 static OSSL_FUNC_keymgmt_query_operation_name_fn rsa_query_operation_name; 53 static OSSL_FUNC_keymgmt_dup_fn rsa_dup; 54 55 #define RSA_DEFAULT_MD "SHA256" 56 #define RSA_POSSIBLE_SELECTIONS \ 57 (OSSL_KEYMGMT_SELECT_KEYPAIR | OSSL_KEYMGMT_SELECT_OTHER_PARAMETERS) 58 59 DEFINE_STACK_OF(BIGNUM) 60 DEFINE_SPECIAL_STACK_OF_CONST(BIGNUM_const, BIGNUM) 61 62 static int pss_params_fromdata(RSA_PSS_PARAMS_30 *pss_params, int *defaults_set, 63 const OSSL_PARAM params[], int rsa_type, 64 OSSL_LIB_CTX *libctx) 65 { 66 if (!ossl_rsa_pss_params_30_fromdata(pss_params, defaults_set, 67 params, libctx)) 68 return 0; 69 70 /* If not a PSS type RSA, sending us PSS parameters is wrong */ 71 if (rsa_type != RSA_FLAG_TYPE_RSASSAPSS 72 && !ossl_rsa_pss_params_30_is_unrestricted(pss_params)) 73 return 0; 74 75 return 1; 76 } 77 78 static void *rsa_newdata(void *provctx) 79 { 80 OSSL_LIB_CTX *libctx = PROV_LIBCTX_OF(provctx); 81 RSA *rsa; 82 83 if (!ossl_prov_is_running()) 84 return NULL; 85 86 rsa = ossl_rsa_new_with_ctx(libctx); 87 if (rsa != NULL) { 88 RSA_clear_flags(rsa, RSA_FLAG_TYPE_MASK); 89 RSA_set_flags(rsa, RSA_FLAG_TYPE_RSA); 90 } 91 return rsa; 92 } 93 94 static void *rsapss_newdata(void *provctx) 95 { 96 OSSL_LIB_CTX *libctx = PROV_LIBCTX_OF(provctx); 97 RSA *rsa; 98 99 if (!ossl_prov_is_running()) 100 return NULL; 101 102 rsa = ossl_rsa_new_with_ctx(libctx); 103 if (rsa != NULL) { 104 RSA_clear_flags(rsa, RSA_FLAG_TYPE_MASK); 105 RSA_set_flags(rsa, RSA_FLAG_TYPE_RSASSAPSS); 106 } 107 return rsa; 108 } 109 110 static void rsa_freedata(void *keydata) 111 { 112 RSA_free(keydata); 113 } 114 115 static int rsa_has(const void *keydata, int selection) 116 { 117 const RSA *rsa = keydata; 118 int ok = 1; 119 120 if (rsa == NULL || !ossl_prov_is_running()) 121 return 0; 122 if ((selection & RSA_POSSIBLE_SELECTIONS) == 0) 123 return 1; /* the selection is not missing */ 124 125 /* OSSL_KEYMGMT_SELECT_OTHER_PARAMETERS are always available even if empty */ 126 if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) 127 ok = ok && (RSA_get0_n(rsa) != NULL); 128 if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) 129 ok = ok && (RSA_get0_e(rsa) != NULL); 130 if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) 131 ok = ok && (RSA_get0_d(rsa) != NULL); 132 return ok; 133 } 134 135 static int rsa_match(const void *keydata1, const void *keydata2, int selection) 136 { 137 const RSA *rsa1 = keydata1; 138 const RSA *rsa2 = keydata2; 139 int ok = 1; 140 141 if (!ossl_prov_is_running()) 142 return 0; 143 144 /* There is always an |e| */ 145 ok = ok && BN_cmp(RSA_get0_e(rsa1), RSA_get0_e(rsa2)) == 0; 146 if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) { 147 int key_checked = 0; 148 149 if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) { 150 const BIGNUM *pa = RSA_get0_n(rsa1); 151 const BIGNUM *pb = RSA_get0_n(rsa2); 152 153 if (pa != NULL && pb != NULL) { 154 ok = ok && BN_cmp(pa, pb) == 0; 155 key_checked = 1; 156 } 157 } 158 if (!key_checked 159 && (selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) { 160 const BIGNUM *pa = RSA_get0_d(rsa1); 161 const BIGNUM *pb = RSA_get0_d(rsa2); 162 163 if (pa != NULL && pb != NULL) { 164 ok = ok && BN_cmp(pa, pb) == 0; 165 key_checked = 1; 166 } 167 } 168 ok = ok && key_checked; 169 } 170 return ok; 171 } 172 173 static int rsa_import(void *keydata, int selection, const OSSL_PARAM params[]) 174 { 175 RSA *rsa = keydata; 176 int rsa_type; 177 int ok = 1; 178 int pss_defaults_set = 0; 179 180 if (!ossl_prov_is_running() || rsa == NULL) 181 return 0; 182 183 if ((selection & RSA_POSSIBLE_SELECTIONS) == 0) 184 return 0; 185 186 rsa_type = RSA_test_flags(rsa, RSA_FLAG_TYPE_MASK); 187 188 if ((selection & OSSL_KEYMGMT_SELECT_OTHER_PARAMETERS) != 0) 189 ok = ok && pss_params_fromdata(ossl_rsa_get0_pss_params_30(rsa), &pss_defaults_set, params, rsa_type, ossl_rsa_get0_libctx(rsa)); 190 if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) { 191 int include_private = selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY ? 1 : 0; 192 193 ok = ok && ossl_rsa_fromdata(rsa, params, include_private); 194 } 195 196 return ok; 197 } 198 199 static int rsa_export(void *keydata, int selection, 200 OSSL_CALLBACK *param_callback, void *cbarg) 201 { 202 RSA *rsa = keydata; 203 const RSA_PSS_PARAMS_30 *pss_params = ossl_rsa_get0_pss_params_30(rsa); 204 OSSL_PARAM_BLD *tmpl; 205 OSSL_PARAM *params = NULL; 206 int ok = 1; 207 208 if (!ossl_prov_is_running() || rsa == NULL) 209 return 0; 210 211 if ((selection & RSA_POSSIBLE_SELECTIONS) == 0) 212 return 0; 213 214 tmpl = OSSL_PARAM_BLD_new(); 215 if (tmpl == NULL) 216 return 0; 217 218 if ((selection & OSSL_KEYMGMT_SELECT_OTHER_PARAMETERS) != 0) 219 ok = ok && (ossl_rsa_pss_params_30_is_unrestricted(pss_params) || ossl_rsa_pss_params_30_todata(pss_params, tmpl, NULL)); 220 if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) { 221 int include_private = selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY ? 1 : 0; 222 223 ok = ok && ossl_rsa_todata(rsa, tmpl, NULL, include_private); 224 } 225 226 if (!ok || (params = OSSL_PARAM_BLD_to_param(tmpl)) == NULL) { 227 ok = 0; 228 goto err; 229 } 230 231 ok = param_callback(params, cbarg); 232 OSSL_PARAM_free(params); 233 err: 234 OSSL_PARAM_BLD_free(tmpl); 235 return ok; 236 } 237 238 #ifdef FIPS_MODULE 239 /* In fips mode there are no multi-primes. */ 240 #define RSA_KEY_MP_TYPES() \ 241 OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR1, NULL, 0), \ 242 OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR2, NULL, 0), \ 243 OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT1, NULL, 0), \ 244 OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT2, NULL, 0), \ 245 OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_COEFFICIENT1, NULL, 0), 246 #else 247 /* 248 * We allow up to 10 prime factors (starting with p, q). 249 * NOTE: there is only 9 OSSL_PKEY_PARAM_RSA_COEFFICIENT 250 */ 251 #define RSA_KEY_MP_TYPES() \ 252 OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR1, NULL, 0), \ 253 OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR2, NULL, 0), \ 254 OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR3, NULL, 0), \ 255 OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR4, NULL, 0), \ 256 OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR5, NULL, 0), \ 257 OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR6, NULL, 0), \ 258 OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR7, NULL, 0), \ 259 OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR8, NULL, 0), \ 260 OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR9, NULL, 0), \ 261 OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR10, NULL, 0), \ 262 OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT1, NULL, 0), \ 263 OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT2, NULL, 0), \ 264 OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT3, NULL, 0), \ 265 OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT4, NULL, 0), \ 266 OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT5, NULL, 0), \ 267 OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT6, NULL, 0), \ 268 OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT7, NULL, 0), \ 269 OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT8, NULL, 0), \ 270 OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT9, NULL, 0), \ 271 OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT10, NULL, 0), \ 272 OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_COEFFICIENT1, NULL, 0), \ 273 OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_COEFFICIENT2, NULL, 0), \ 274 OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_COEFFICIENT3, NULL, 0), \ 275 OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_COEFFICIENT4, NULL, 0), \ 276 OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_COEFFICIENT5, NULL, 0), \ 277 OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_COEFFICIENT6, NULL, 0), \ 278 OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_COEFFICIENT7, NULL, 0), \ 279 OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_COEFFICIENT8, NULL, 0), \ 280 OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_COEFFICIENT9, NULL, 0), 281 #endif 282 283 #define RSA_KEY_TYPES() \ 284 OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_N, NULL, 0), \ 285 OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_E, NULL, 0), \ 286 OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_D, NULL, 0), \ 287 RSA_KEY_MP_TYPES() 288 289 /* 290 * This provider can export everything in an RSA key, so we use the exact 291 * same type description for export as for import. Other providers might 292 * choose to import full keys, but only export the public parts, and will 293 * therefore have the importkey_types and importkey_types functions return 294 * different arrays. 295 */ 296 static const OSSL_PARAM rsa_key_types[] = { 297 RSA_KEY_TYPES() 298 OSSL_PARAM_END 299 }; 300 /* 301 * We lied about the amount of factors, exponents and coefficients, the 302 * export and import functions can really deal with an infinite amount 303 * of these numbers. However, RSA keys with too many primes are futile, 304 * so we at least pretend to have some limits. 305 */ 306 307 static const OSSL_PARAM *rsa_imexport_types(int selection) 308 { 309 if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) 310 return rsa_key_types; 311 return NULL; 312 } 313 314 static const OSSL_PARAM *rsa_import_types(int selection) 315 { 316 return rsa_imexport_types(selection); 317 } 318 319 static const OSSL_PARAM *rsa_export_types(int selection) 320 { 321 return rsa_imexport_types(selection); 322 } 323 324 static int rsa_get_params(void *key, OSSL_PARAM params[]) 325 { 326 RSA *rsa = key; 327 const RSA_PSS_PARAMS_30 *pss_params = ossl_rsa_get0_pss_params_30(rsa); 328 int rsa_type = RSA_test_flags(rsa, RSA_FLAG_TYPE_MASK); 329 OSSL_PARAM *p; 330 int empty = RSA_get0_n(rsa) == NULL; 331 332 if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_BITS)) != NULL 333 && (empty || !OSSL_PARAM_set_int(p, RSA_bits(rsa)))) 334 return 0; 335 if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_SECURITY_BITS)) != NULL 336 && (empty || !OSSL_PARAM_set_int(p, RSA_security_bits(rsa)))) 337 return 0; 338 if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_MAX_SIZE)) != NULL 339 && (empty || !OSSL_PARAM_set_int(p, RSA_size(rsa)))) 340 return 0; 341 342 /* 343 * For restricted RSA-PSS keys, we ignore the default digest request. 344 * With RSA-OAEP keys, this may need to be amended. 345 */ 346 if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_DEFAULT_DIGEST)) != NULL 347 && (rsa_type != RSA_FLAG_TYPE_RSASSAPSS 348 || ossl_rsa_pss_params_30_is_unrestricted(pss_params))) { 349 if (!OSSL_PARAM_set_utf8_string(p, RSA_DEFAULT_MD)) 350 return 0; 351 } 352 353 /* 354 * For non-RSA-PSS keys, we ignore the mandatory digest request. 355 * With RSA-OAEP keys, this may need to be amended. 356 */ 357 if ((p = OSSL_PARAM_locate(params, 358 OSSL_PKEY_PARAM_MANDATORY_DIGEST)) 359 != NULL 360 && rsa_type == RSA_FLAG_TYPE_RSASSAPSS 361 && !ossl_rsa_pss_params_30_is_unrestricted(pss_params)) { 362 const char *mdname = ossl_rsa_oaeppss_nid2name(ossl_rsa_pss_params_30_hashalg(pss_params)); 363 364 if (mdname == NULL || !OSSL_PARAM_set_utf8_string(p, mdname)) 365 return 0; 366 } 367 return (rsa_type != RSA_FLAG_TYPE_RSASSAPSS 368 || ossl_rsa_pss_params_30_todata(pss_params, NULL, params)) 369 && ossl_rsa_todata(rsa, NULL, params, 1); 370 } 371 372 static const OSSL_PARAM rsa_params[] = { 373 OSSL_PARAM_int(OSSL_PKEY_PARAM_BITS, NULL), 374 OSSL_PARAM_int(OSSL_PKEY_PARAM_SECURITY_BITS, NULL), 375 OSSL_PARAM_int(OSSL_PKEY_PARAM_MAX_SIZE, NULL), 376 OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_DEFAULT_DIGEST, NULL, 0), 377 RSA_KEY_TYPES() 378 OSSL_PARAM_END 379 }; 380 381 static const OSSL_PARAM *rsa_gettable_params(void *provctx) 382 { 383 return rsa_params; 384 } 385 386 static int rsa_validate(const void *keydata, int selection, int checktype) 387 { 388 const RSA *rsa = keydata; 389 int ok = 1; 390 391 if (!ossl_prov_is_running()) 392 return 0; 393 394 if ((selection & RSA_POSSIBLE_SELECTIONS) == 0) 395 return 1; /* nothing to validate */ 396 397 /* If the whole key is selected, we do a pairwise validation */ 398 if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) 399 == OSSL_KEYMGMT_SELECT_KEYPAIR) { 400 ok = ok && ossl_rsa_validate_pairwise(rsa); 401 } else { 402 if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) 403 ok = ok && ossl_rsa_validate_private(rsa); 404 if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) 405 ok = ok && ossl_rsa_validate_public(rsa); 406 } 407 return ok; 408 } 409 410 struct rsa_gen_ctx { 411 OSSL_LIB_CTX *libctx; 412 const char *propq; 413 414 int rsa_type; 415 416 size_t nbits; 417 BIGNUM *pub_exp; 418 size_t primes; 419 420 /* For PSS */ 421 RSA_PSS_PARAMS_30 pss_params; 422 int pss_defaults_set; 423 424 /* For generation callback */ 425 OSSL_CALLBACK *cb; 426 void *cbarg; 427 428 #if defined(FIPS_MODULE) && !defined(OPENSSL_NO_ACVP_TESTS) 429 /* ACVP test parameters */ 430 OSSL_PARAM *acvp_test_params; 431 #endif 432 }; 433 434 static int rsa_gencb(int p, int n, BN_GENCB *cb) 435 { 436 struct rsa_gen_ctx *gctx = BN_GENCB_get_arg(cb); 437 OSSL_PARAM params[] = { OSSL_PARAM_END, OSSL_PARAM_END, OSSL_PARAM_END }; 438 439 params[0] = OSSL_PARAM_construct_int(OSSL_GEN_PARAM_POTENTIAL, &p); 440 params[1] = OSSL_PARAM_construct_int(OSSL_GEN_PARAM_ITERATION, &n); 441 return gctx->cb(params, gctx->cbarg); 442 } 443 444 static void *gen_init(void *provctx, int selection, int rsa_type, 445 const OSSL_PARAM params[]) 446 { 447 OSSL_LIB_CTX *libctx = PROV_LIBCTX_OF(provctx); 448 struct rsa_gen_ctx *gctx = NULL; 449 450 if (!ossl_prov_is_running()) 451 return NULL; 452 453 if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) == 0) 454 return NULL; 455 456 if ((gctx = OPENSSL_zalloc(sizeof(*gctx))) != NULL) { 457 gctx->libctx = libctx; 458 if ((gctx->pub_exp = BN_new()) == NULL 459 || !BN_set_word(gctx->pub_exp, RSA_F4)) { 460 goto err; 461 } 462 gctx->nbits = 2048; 463 gctx->primes = RSA_DEFAULT_PRIME_NUM; 464 gctx->rsa_type = rsa_type; 465 } else { 466 goto err; 467 } 468 469 if (!rsa_gen_set_params(gctx, params)) 470 goto err; 471 return gctx; 472 473 err: 474 if (gctx != NULL) 475 BN_free(gctx->pub_exp); 476 OPENSSL_free(gctx); 477 return NULL; 478 } 479 480 static void *rsa_gen_init(void *provctx, int selection, 481 const OSSL_PARAM params[]) 482 { 483 return gen_init(provctx, selection, RSA_FLAG_TYPE_RSA, params); 484 } 485 486 static void *rsapss_gen_init(void *provctx, int selection, 487 const OSSL_PARAM params[]) 488 { 489 return gen_init(provctx, selection, RSA_FLAG_TYPE_RSASSAPSS, params); 490 } 491 492 /* 493 * This function is common for all RSA sub-types, to detect possible 494 * misuse, such as PSS parameters being passed when a plain RSA key 495 * is generated. 496 */ 497 static int rsa_gen_set_params(void *genctx, const OSSL_PARAM params[]) 498 { 499 struct rsa_gen_ctx *gctx = genctx; 500 const OSSL_PARAM *p; 501 502 if (ossl_param_is_empty(params)) 503 return 1; 504 505 if ((p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_BITS)) != NULL) { 506 if (!OSSL_PARAM_get_size_t(p, &gctx->nbits)) 507 return 0; 508 if (gctx->nbits < RSA_MIN_MODULUS_BITS) { 509 ERR_raise(ERR_LIB_PROV, PROV_R_KEY_SIZE_TOO_SMALL); 510 return 0; 511 } 512 } 513 if ((p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_PRIMES)) != NULL 514 && !OSSL_PARAM_get_size_t(p, &gctx->primes)) 515 return 0; 516 if ((p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_E)) != NULL 517 && !OSSL_PARAM_get_BN(p, &gctx->pub_exp)) 518 return 0; 519 /* Only attempt to get PSS parameters when generating an RSA-PSS key */ 520 if (gctx->rsa_type == RSA_FLAG_TYPE_RSASSAPSS 521 && !pss_params_fromdata(&gctx->pss_params, &gctx->pss_defaults_set, params, 522 gctx->rsa_type, gctx->libctx)) 523 return 0; 524 #if defined(FIPS_MODULE) && !defined(OPENSSL_NO_ACVP_TESTS) 525 /* Any ACVP test related parameters are copied into a params[] */ 526 if (!ossl_rsa_acvp_test_gen_params_new(&gctx->acvp_test_params, params)) 527 return 0; 528 #endif 529 return 1; 530 } 531 532 #define rsa_gen_basic \ 533 OSSL_PARAM_size_t(OSSL_PKEY_PARAM_RSA_BITS, NULL), \ 534 OSSL_PARAM_size_t(OSSL_PKEY_PARAM_RSA_PRIMES, NULL), \ 535 OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_E, NULL, 0) 536 537 /* 538 * The following must be kept in sync with ossl_rsa_pss_params_30_fromdata() 539 * in crypto/rsa/rsa_backend.c 540 */ 541 #define rsa_gen_pss \ 542 OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_RSA_DIGEST, NULL, 0), \ 543 OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_RSA_DIGEST_PROPS, NULL, 0), \ 544 OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_RSA_MASKGENFUNC, NULL, 0), \ 545 OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_RSA_MGF1_DIGEST, NULL, 0), \ 546 OSSL_PARAM_int(OSSL_PKEY_PARAM_RSA_PSS_SALTLEN, NULL) 547 548 static const OSSL_PARAM *rsa_gen_settable_params(ossl_unused void *genctx, 549 ossl_unused void *provctx) 550 { 551 static OSSL_PARAM settable[] = { 552 rsa_gen_basic, 553 OSSL_PARAM_END 554 }; 555 556 return settable; 557 } 558 559 static const OSSL_PARAM *rsapss_gen_settable_params(ossl_unused void *genctx, 560 ossl_unused void *provctx) 561 { 562 static OSSL_PARAM settable[] = { 563 rsa_gen_basic, 564 rsa_gen_pss, 565 OSSL_PARAM_END 566 }; 567 568 return settable; 569 } 570 571 static void *rsa_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg) 572 { 573 struct rsa_gen_ctx *gctx = genctx; 574 RSA *rsa = NULL, *rsa_tmp = NULL; 575 BN_GENCB *gencb = NULL; 576 577 if (!ossl_prov_is_running() || gctx == NULL) 578 return NULL; 579 580 switch (gctx->rsa_type) { 581 case RSA_FLAG_TYPE_RSA: 582 /* For plain RSA keys, PSS parameters must not be set */ 583 if (!ossl_rsa_pss_params_30_is_unrestricted(&gctx->pss_params)) 584 goto err; 585 break; 586 case RSA_FLAG_TYPE_RSASSAPSS: 587 /* 588 * For plain RSA-PSS keys, PSS parameters may be set but don't have 589 * to, so not check. 590 */ 591 break; 592 default: 593 /* Unsupported RSA key sub-type... */ 594 return NULL; 595 } 596 597 if ((rsa_tmp = ossl_rsa_new_with_ctx(gctx->libctx)) == NULL) 598 return NULL; 599 600 gctx->cb = osslcb; 601 gctx->cbarg = cbarg; 602 gencb = BN_GENCB_new(); 603 if (gencb != NULL) 604 BN_GENCB_set(gencb, rsa_gencb, genctx); 605 606 #if defined(FIPS_MODULE) && !defined(OPENSSL_NO_ACVP_TESTS) 607 if (gctx->acvp_test_params != NULL) { 608 if (!ossl_rsa_acvp_test_set_params(rsa_tmp, gctx->acvp_test_params)) 609 goto err; 610 } 611 #endif 612 613 if (!RSA_generate_multi_prime_key(rsa_tmp, 614 (int)gctx->nbits, (int)gctx->primes, 615 gctx->pub_exp, gencb)) 616 goto err; 617 618 if (!ossl_rsa_pss_params_30_copy(ossl_rsa_get0_pss_params_30(rsa_tmp), 619 &gctx->pss_params)) 620 goto err; 621 622 RSA_clear_flags(rsa_tmp, RSA_FLAG_TYPE_MASK); 623 RSA_set_flags(rsa_tmp, gctx->rsa_type); 624 625 rsa = rsa_tmp; 626 rsa_tmp = NULL; 627 err: 628 BN_GENCB_free(gencb); 629 RSA_free(rsa_tmp); 630 return rsa; 631 } 632 633 static void rsa_gen_cleanup(void *genctx) 634 { 635 struct rsa_gen_ctx *gctx = genctx; 636 637 if (gctx == NULL) 638 return; 639 #if defined(FIPS_MODULE) && !defined(OPENSSL_NO_ACVP_TESTS) 640 ossl_rsa_acvp_test_gen_params_free(gctx->acvp_test_params); 641 gctx->acvp_test_params = NULL; 642 #endif 643 BN_clear_free(gctx->pub_exp); 644 OPENSSL_free(gctx); 645 } 646 647 static void *common_load(const void *reference, size_t reference_sz, 648 int expected_rsa_type) 649 { 650 RSA *rsa = NULL; 651 652 if (ossl_prov_is_running() && reference_sz == sizeof(rsa)) { 653 /* The contents of the reference is the address to our object */ 654 rsa = *(RSA **)reference; 655 656 if (RSA_test_flags(rsa, RSA_FLAG_TYPE_MASK) != expected_rsa_type) 657 return NULL; 658 659 /* We grabbed, so we detach it */ 660 *(RSA **)reference = NULL; 661 return rsa; 662 } 663 return NULL; 664 } 665 666 static void *rsa_load(const void *reference, size_t reference_sz) 667 { 668 return common_load(reference, reference_sz, RSA_FLAG_TYPE_RSA); 669 } 670 671 static void *rsapss_load(const void *reference, size_t reference_sz) 672 { 673 return common_load(reference, reference_sz, RSA_FLAG_TYPE_RSASSAPSS); 674 } 675 676 static void *rsa_dup(const void *keydata_from, int selection) 677 { 678 if (ossl_prov_is_running() 679 /* do not allow creating empty keys by duplication */ 680 && (selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) 681 return ossl_rsa_dup(keydata_from, selection); 682 return NULL; 683 } 684 685 /* For any RSA key, we use the "RSA" algorithms regardless of sub-type. */ 686 static const char *rsa_query_operation_name(int operation_id) 687 { 688 return "RSA"; 689 } 690 691 const OSSL_DISPATCH ossl_rsa_keymgmt_functions[] = { 692 { OSSL_FUNC_KEYMGMT_NEW, (void (*)(void))rsa_newdata }, 693 { OSSL_FUNC_KEYMGMT_GEN_INIT, (void (*)(void))rsa_gen_init }, 694 { OSSL_FUNC_KEYMGMT_GEN_SET_PARAMS, 695 (void (*)(void))rsa_gen_set_params }, 696 { OSSL_FUNC_KEYMGMT_GEN_SETTABLE_PARAMS, 697 (void (*)(void))rsa_gen_settable_params }, 698 { OSSL_FUNC_KEYMGMT_GEN, (void (*)(void))rsa_gen }, 699 { OSSL_FUNC_KEYMGMT_GEN_CLEANUP, (void (*)(void))rsa_gen_cleanup }, 700 { OSSL_FUNC_KEYMGMT_LOAD, (void (*)(void))rsa_load }, 701 { OSSL_FUNC_KEYMGMT_FREE, (void (*)(void))rsa_freedata }, 702 { OSSL_FUNC_KEYMGMT_GET_PARAMS, (void (*)(void))rsa_get_params }, 703 { OSSL_FUNC_KEYMGMT_GETTABLE_PARAMS, (void (*)(void))rsa_gettable_params }, 704 { OSSL_FUNC_KEYMGMT_HAS, (void (*)(void))rsa_has }, 705 { OSSL_FUNC_KEYMGMT_MATCH, (void (*)(void))rsa_match }, 706 { OSSL_FUNC_KEYMGMT_VALIDATE, (void (*)(void))rsa_validate }, 707 { OSSL_FUNC_KEYMGMT_IMPORT, (void (*)(void))rsa_import }, 708 { OSSL_FUNC_KEYMGMT_IMPORT_TYPES, (void (*)(void))rsa_import_types }, 709 { OSSL_FUNC_KEYMGMT_EXPORT, (void (*)(void))rsa_export }, 710 { OSSL_FUNC_KEYMGMT_EXPORT_TYPES, (void (*)(void))rsa_export_types }, 711 { OSSL_FUNC_KEYMGMT_DUP, (void (*)(void))rsa_dup }, 712 OSSL_DISPATCH_END 713 }; 714 715 const OSSL_DISPATCH ossl_rsapss_keymgmt_functions[] = { 716 { OSSL_FUNC_KEYMGMT_NEW, (void (*)(void))rsapss_newdata }, 717 { OSSL_FUNC_KEYMGMT_GEN_INIT, (void (*)(void))rsapss_gen_init }, 718 { OSSL_FUNC_KEYMGMT_GEN_SET_PARAMS, (void (*)(void))rsa_gen_set_params }, 719 { OSSL_FUNC_KEYMGMT_GEN_SETTABLE_PARAMS, 720 (void (*)(void))rsapss_gen_settable_params }, 721 { OSSL_FUNC_KEYMGMT_GEN, (void (*)(void))rsa_gen }, 722 { OSSL_FUNC_KEYMGMT_GEN_CLEANUP, (void (*)(void))rsa_gen_cleanup }, 723 { OSSL_FUNC_KEYMGMT_LOAD, (void (*)(void))rsapss_load }, 724 { OSSL_FUNC_KEYMGMT_FREE, (void (*)(void))rsa_freedata }, 725 { OSSL_FUNC_KEYMGMT_GET_PARAMS, (void (*)(void))rsa_get_params }, 726 { OSSL_FUNC_KEYMGMT_GETTABLE_PARAMS, (void (*)(void))rsa_gettable_params }, 727 { OSSL_FUNC_KEYMGMT_HAS, (void (*)(void))rsa_has }, 728 { OSSL_FUNC_KEYMGMT_MATCH, (void (*)(void))rsa_match }, 729 { OSSL_FUNC_KEYMGMT_VALIDATE, (void (*)(void))rsa_validate }, 730 { OSSL_FUNC_KEYMGMT_IMPORT, (void (*)(void))rsa_import }, 731 { OSSL_FUNC_KEYMGMT_IMPORT_TYPES, (void (*)(void))rsa_import_types }, 732 { OSSL_FUNC_KEYMGMT_EXPORT, (void (*)(void))rsa_export }, 733 { OSSL_FUNC_KEYMGMT_EXPORT_TYPES, (void (*)(void))rsa_export_types }, 734 { OSSL_FUNC_KEYMGMT_QUERY_OPERATION_NAME, 735 (void (*)(void))rsa_query_operation_name }, 736 { OSSL_FUNC_KEYMGMT_DUP, (void (*)(void))rsa_dup }, 737 OSSL_DISPATCH_END 738 }; 739
Indexes created Sat Feb 28 05:31:39 UTC 2026