1 1.1 christos /* 2 1.1 christos * Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved. 3 1.1 christos * 4 1.1 christos * Licensed under the Apache License 2.0 (the "License"). You may not use 5 1.1 christos * this file except in compliance with the License. You can obtain a copy 6 1.1 christos * in the file LICENSE in the source distribution or at 7 1.1 christos * https://www.openssl.org/source/license.html 8 1.1 christos */ 9 1.1 christos 10 1.1 christos /* 11 1.1 christos * RSA low level APIs are deprecated for public use, but still ok for 12 1.1 christos * internal use. 13 1.1 christos */ 14 1.1 christos #include "internal/deprecated.h" 15 1.1 christos 16 1.1 christos #include <openssl/core_dispatch.h> 17 1.1 christos #include <openssl/core_names.h> 18 1.1 christos #include <openssl/bn.h> 19 1.1 christos #include <openssl/err.h> 20 1.1 christos #include <openssl/rsa.h> 21 1.1 christos #include <openssl/evp.h> 22 1.1 christos #include <openssl/proverr.h> 23 1.1 christos #include "prov/implementations.h" 24 1.1 christos #include "prov/providercommon.h" 25 1.1 christos #include "prov/provider_ctx.h" 26 1.1 christos #include "crypto/rsa.h" 27 1.1 christos #include "crypto/cryptlib.h" 28 1.1.1.2 christos #include "internal/fips.h" 29 1.1 christos #include "internal/param_build_set.h" 30 1.1 christos 31 1.1 christos static OSSL_FUNC_keymgmt_new_fn rsa_newdata; 32 1.1 christos static OSSL_FUNC_keymgmt_new_fn rsapss_newdata; 33 1.1 christos static OSSL_FUNC_keymgmt_gen_init_fn rsa_gen_init; 34 1.1 christos static OSSL_FUNC_keymgmt_gen_init_fn rsapss_gen_init; 35 1.1 christos static OSSL_FUNC_keymgmt_gen_set_params_fn rsa_gen_set_params; 36 1.1 christos static OSSL_FUNC_keymgmt_gen_settable_params_fn rsa_gen_settable_params; 37 1.1 christos static OSSL_FUNC_keymgmt_gen_settable_params_fn rsapss_gen_settable_params; 38 1.1 christos static OSSL_FUNC_keymgmt_gen_fn rsa_gen; 39 1.1 christos static OSSL_FUNC_keymgmt_gen_cleanup_fn rsa_gen_cleanup; 40 1.1 christos static OSSL_FUNC_keymgmt_load_fn rsa_load; 41 1.1 christos static OSSL_FUNC_keymgmt_load_fn rsapss_load; 42 1.1 christos static OSSL_FUNC_keymgmt_free_fn rsa_freedata; 43 1.1 christos static OSSL_FUNC_keymgmt_get_params_fn rsa_get_params; 44 1.1 christos static OSSL_FUNC_keymgmt_gettable_params_fn rsa_gettable_params; 45 1.1 christos static OSSL_FUNC_keymgmt_has_fn rsa_has; 46 1.1 christos static OSSL_FUNC_keymgmt_match_fn rsa_match; 47 1.1 christos static OSSL_FUNC_keymgmt_validate_fn rsa_validate; 48 1.1 christos static OSSL_FUNC_keymgmt_import_fn rsa_import; 49 1.1 christos static OSSL_FUNC_keymgmt_import_types_fn rsa_import_types; 50 1.1 christos static OSSL_FUNC_keymgmt_export_fn rsa_export; 51 1.1 christos static OSSL_FUNC_keymgmt_export_types_fn rsa_export_types; 52 1.1 christos static OSSL_FUNC_keymgmt_query_operation_name_fn rsa_query_operation_name; 53 1.1 christos static OSSL_FUNC_keymgmt_dup_fn rsa_dup; 54 1.1 christos 55 1.1 christos #define RSA_DEFAULT_MD "SHA256" 56 1.1.1.2 christos #define RSA_POSSIBLE_SELECTIONS \ 57 1.1 christos (OSSL_KEYMGMT_SELECT_KEYPAIR | OSSL_KEYMGMT_SELECT_OTHER_PARAMETERS) 58 1.1 christos 59 1.1 christos DEFINE_STACK_OF(BIGNUM) 60 1.1 christos DEFINE_SPECIAL_STACK_OF_CONST(BIGNUM_const, BIGNUM) 61 1.1 christos 62 1.1 christos static int pss_params_fromdata(RSA_PSS_PARAMS_30 *pss_params, int *defaults_set, 63 1.1.1.2 christos const OSSL_PARAM params[], int rsa_type, 64 1.1.1.2 christos OSSL_LIB_CTX *libctx) 65 1.1 christos { 66 1.1 christos if (!ossl_rsa_pss_params_30_fromdata(pss_params, defaults_set, 67 1.1.1.2 christos params, libctx)) 68 1.1 christos return 0; 69 1.1 christos 70 1.1 christos /* If not a PSS type RSA, sending us PSS parameters is wrong */ 71 1.1 christos if (rsa_type != RSA_FLAG_TYPE_RSASSAPSS 72 1.1 christos && !ossl_rsa_pss_params_30_is_unrestricted(pss_params)) 73 1.1 christos return 0; 74 1.1 christos 75 1.1 christos return 1; 76 1.1 christos } 77 1.1 christos 78 1.1 christos static void *rsa_newdata(void *provctx) 79 1.1 christos { 80 1.1 christos OSSL_LIB_CTX *libctx = PROV_LIBCTX_OF(provctx); 81 1.1 christos RSA *rsa; 82 1.1 christos 83 1.1 christos if (!ossl_prov_is_running()) 84 1.1 christos return NULL; 85 1.1 christos 86 1.1 christos rsa = ossl_rsa_new_with_ctx(libctx); 87 1.1 christos if (rsa != NULL) { 88 1.1 christos RSA_clear_flags(rsa, RSA_FLAG_TYPE_MASK); 89 1.1 christos RSA_set_flags(rsa, RSA_FLAG_TYPE_RSA); 90 1.1 christos } 91 1.1 christos return rsa; 92 1.1 christos } 93 1.1 christos 94 1.1 christos static void *rsapss_newdata(void *provctx) 95 1.1 christos { 96 1.1 christos OSSL_LIB_CTX *libctx = PROV_LIBCTX_OF(provctx); 97 1.1 christos RSA *rsa; 98 1.1 christos 99 1.1 christos if (!ossl_prov_is_running()) 100 1.1 christos return NULL; 101 1.1 christos 102 1.1 christos rsa = ossl_rsa_new_with_ctx(libctx); 103 1.1 christos if (rsa != NULL) { 104 1.1 christos RSA_clear_flags(rsa, RSA_FLAG_TYPE_MASK); 105 1.1 christos RSA_set_flags(rsa, RSA_FLAG_TYPE_RSASSAPSS); 106 1.1 christos } 107 1.1 christos return rsa; 108 1.1 christos } 109 1.1 christos 110 1.1 christos static void rsa_freedata(void *keydata) 111 1.1 christos { 112 1.1 christos RSA_free(keydata); 113 1.1 christos } 114 1.1 christos 115 1.1 christos static int rsa_has(const void *keydata, int selection) 116 1.1 christos { 117 1.1 christos const RSA *rsa = keydata; 118 1.1 christos int ok = 1; 119 1.1 christos 120 1.1 christos if (rsa == NULL || !ossl_prov_is_running()) 121 1.1 christos return 0; 122 1.1 christos if ((selection & RSA_POSSIBLE_SELECTIONS) == 0) 123 1.1 christos return 1; /* the selection is not missing */ 124 1.1 christos 125 1.1 christos /* OSSL_KEYMGMT_SELECT_OTHER_PARAMETERS are always available even if empty */ 126 1.1 christos if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) 127 1.1 christos ok = ok && (RSA_get0_n(rsa) != NULL); 128 1.1 christos if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) 129 1.1 christos ok = ok && (RSA_get0_e(rsa) != NULL); 130 1.1 christos if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) 131 1.1 christos ok = ok && (RSA_get0_d(rsa) != NULL); 132 1.1 christos return ok; 133 1.1 christos } 134 1.1 christos 135 1.1 christos static int rsa_match(const void *keydata1, const void *keydata2, int selection) 136 1.1 christos { 137 1.1 christos const RSA *rsa1 = keydata1; 138 1.1 christos const RSA *rsa2 = keydata2; 139 1.1 christos int ok = 1; 140 1.1 christos 141 1.1 christos if (!ossl_prov_is_running()) 142 1.1 christos return 0; 143 1.1 christos 144 1.1 christos /* There is always an |e| */ 145 1.1 christos ok = ok && BN_cmp(RSA_get0_e(rsa1), RSA_get0_e(rsa2)) == 0; 146 1.1 christos if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) { 147 1.1 christos int key_checked = 0; 148 1.1 christos 149 1.1 christos if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) { 150 1.1 christos const BIGNUM *pa = RSA_get0_n(rsa1); 151 1.1 christos const BIGNUM *pb = RSA_get0_n(rsa2); 152 1.1 christos 153 1.1 christos if (pa != NULL && pb != NULL) { 154 1.1 christos ok = ok && BN_cmp(pa, pb) == 0; 155 1.1 christos key_checked = 1; 156 1.1 christos } 157 1.1 christos } 158 1.1 christos if (!key_checked 159 1.1 christos && (selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) { 160 1.1 christos const BIGNUM *pa = RSA_get0_d(rsa1); 161 1.1 christos const BIGNUM *pb = RSA_get0_d(rsa2); 162 1.1 christos 163 1.1 christos if (pa != NULL && pb != NULL) { 164 1.1 christos ok = ok && BN_cmp(pa, pb) == 0; 165 1.1 christos key_checked = 1; 166 1.1 christos } 167 1.1 christos } 168 1.1 christos ok = ok && key_checked; 169 1.1 christos } 170 1.1 christos return ok; 171 1.1 christos } 172 1.1 christos 173 1.1 christos static int rsa_import(void *keydata, int selection, const OSSL_PARAM params[]) 174 1.1 christos { 175 1.1 christos RSA *rsa = keydata; 176 1.1 christos int rsa_type; 177 1.1 christos int ok = 1; 178 1.1 christos int pss_defaults_set = 0; 179 1.1 christos 180 1.1 christos if (!ossl_prov_is_running() || rsa == NULL) 181 1.1 christos return 0; 182 1.1 christos 183 1.1 christos if ((selection & RSA_POSSIBLE_SELECTIONS) == 0) 184 1.1 christos return 0; 185 1.1 christos 186 1.1 christos rsa_type = RSA_test_flags(rsa, RSA_FLAG_TYPE_MASK); 187 1.1 christos 188 1.1 christos if ((selection & OSSL_KEYMGMT_SELECT_OTHER_PARAMETERS) != 0) 189 1.1.1.2 christos ok = ok && pss_params_fromdata(ossl_rsa_get0_pss_params_30(rsa), &pss_defaults_set, params, rsa_type, ossl_rsa_get0_libctx(rsa)); 190 1.1 christos if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) { 191 1.1.1.2 christos int include_private = selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY ? 1 : 0; 192 1.1 christos 193 1.1 christos ok = ok && ossl_rsa_fromdata(rsa, params, include_private); 194 1.1 christos } 195 1.1 christos 196 1.1 christos return ok; 197 1.1 christos } 198 1.1 christos 199 1.1 christos static int rsa_export(void *keydata, int selection, 200 1.1.1.2 christos OSSL_CALLBACK *param_callback, void *cbarg) 201 1.1 christos { 202 1.1 christos RSA *rsa = keydata; 203 1.1 christos const RSA_PSS_PARAMS_30 *pss_params = ossl_rsa_get0_pss_params_30(rsa); 204 1.1 christos OSSL_PARAM_BLD *tmpl; 205 1.1 christos OSSL_PARAM *params = NULL; 206 1.1 christos int ok = 1; 207 1.1 christos 208 1.1 christos if (!ossl_prov_is_running() || rsa == NULL) 209 1.1 christos return 0; 210 1.1 christos 211 1.1 christos if ((selection & RSA_POSSIBLE_SELECTIONS) == 0) 212 1.1 christos return 0; 213 1.1 christos 214 1.1 christos tmpl = OSSL_PARAM_BLD_new(); 215 1.1 christos if (tmpl == NULL) 216 1.1 christos return 0; 217 1.1 christos 218 1.1 christos if ((selection & OSSL_KEYMGMT_SELECT_OTHER_PARAMETERS) != 0) 219 1.1.1.2 christos ok = ok && (ossl_rsa_pss_params_30_is_unrestricted(pss_params) || ossl_rsa_pss_params_30_todata(pss_params, tmpl, NULL)); 220 1.1 christos if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) { 221 1.1.1.2 christos int include_private = selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY ? 1 : 0; 222 1.1 christos 223 1.1 christos ok = ok && ossl_rsa_todata(rsa, tmpl, NULL, include_private); 224 1.1 christos } 225 1.1 christos 226 1.1 christos if (!ok || (params = OSSL_PARAM_BLD_to_param(tmpl)) == NULL) { 227 1.1 christos ok = 0; 228 1.1 christos goto err; 229 1.1 christos } 230 1.1 christos 231 1.1 christos ok = param_callback(params, cbarg); 232 1.1 christos OSSL_PARAM_free(params); 233 1.1 christos err: 234 1.1 christos OSSL_PARAM_BLD_free(tmpl); 235 1.1 christos return ok; 236 1.1 christos } 237 1.1 christos 238 1.1 christos #ifdef FIPS_MODULE 239 1.1 christos /* In fips mode there are no multi-primes. */ 240 1.1.1.2 christos #define RSA_KEY_MP_TYPES() \ 241 1.1.1.2 christos OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR1, NULL, 0), \ 242 1.1.1.2 christos OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR2, NULL, 0), \ 243 1.1.1.2 christos OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT1, NULL, 0), \ 244 1.1.1.2 christos OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT2, NULL, 0), \ 245 1.1.1.2 christos OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_COEFFICIENT1, NULL, 0), 246 1.1 christos #else 247 1.1 christos /* 248 1.1 christos * We allow up to 10 prime factors (starting with p, q). 249 1.1 christos * NOTE: there is only 9 OSSL_PKEY_PARAM_RSA_COEFFICIENT 250 1.1 christos */ 251 1.1.1.2 christos #define RSA_KEY_MP_TYPES() \ 252 1.1.1.2 christos OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR1, NULL, 0), \ 253 1.1.1.2 christos OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR2, NULL, 0), \ 254 1.1.1.2 christos OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR3, NULL, 0), \ 255 1.1.1.2 christos OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR4, NULL, 0), \ 256 1.1.1.2 christos OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR5, NULL, 0), \ 257 1.1.1.2 christos OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR6, NULL, 0), \ 258 1.1.1.2 christos OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR7, NULL, 0), \ 259 1.1.1.2 christos OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR8, NULL, 0), \ 260 1.1.1.2 christos OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR9, NULL, 0), \ 261 1.1.1.2 christos OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR10, NULL, 0), \ 262 1.1.1.2 christos OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT1, NULL, 0), \ 263 1.1.1.2 christos OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT2, NULL, 0), \ 264 1.1.1.2 christos OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT3, NULL, 0), \ 265 1.1.1.2 christos OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT4, NULL, 0), \ 266 1.1.1.2 christos OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT5, NULL, 0), \ 267 1.1.1.2 christos OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT6, NULL, 0), \ 268 1.1.1.2 christos OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT7, NULL, 0), \ 269 1.1.1.2 christos OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT8, NULL, 0), \ 270 1.1.1.2 christos OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT9, NULL, 0), \ 271 1.1.1.2 christos OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT10, NULL, 0), \ 272 1.1.1.2 christos OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_COEFFICIENT1, NULL, 0), \ 273 1.1.1.2 christos OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_COEFFICIENT2, NULL, 0), \ 274 1.1.1.2 christos OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_COEFFICIENT3, NULL, 0), \ 275 1.1.1.2 christos OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_COEFFICIENT4, NULL, 0), \ 276 1.1.1.2 christos OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_COEFFICIENT5, NULL, 0), \ 277 1.1.1.2 christos OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_COEFFICIENT6, NULL, 0), \ 278 1.1.1.2 christos OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_COEFFICIENT7, NULL, 0), \ 279 1.1.1.2 christos OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_COEFFICIENT8, NULL, 0), \ 280 1.1.1.2 christos OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_COEFFICIENT9, NULL, 0), 281 1.1 christos #endif 282 1.1 christos 283 1.1.1.2 christos #define RSA_KEY_TYPES() \ 284 1.1.1.2 christos OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_N, NULL, 0), \ 285 1.1.1.2 christos OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_E, NULL, 0), \ 286 1.1.1.2 christos OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_D, NULL, 0), \ 287 1.1.1.2 christos RSA_KEY_MP_TYPES() 288 1.1 christos 289 1.1 christos /* 290 1.1 christos * This provider can export everything in an RSA key, so we use the exact 291 1.1 christos * same type description for export as for import. Other providers might 292 1.1 christos * choose to import full keys, but only export the public parts, and will 293 1.1 christos * therefore have the importkey_types and importkey_types functions return 294 1.1 christos * different arrays. 295 1.1 christos */ 296 1.1 christos static const OSSL_PARAM rsa_key_types[] = { 297 1.1 christos RSA_KEY_TYPES() 298 1.1.1.2 christos OSSL_PARAM_END 299 1.1 christos }; 300 1.1 christos /* 301 1.1 christos * We lied about the amount of factors, exponents and coefficients, the 302 1.1 christos * export and import functions can really deal with an infinite amount 303 1.1 christos * of these numbers. However, RSA keys with too many primes are futile, 304 1.1 christos * so we at least pretend to have some limits. 305 1.1 christos */ 306 1.1 christos 307 1.1 christos static const OSSL_PARAM *rsa_imexport_types(int selection) 308 1.1 christos { 309 1.1 christos if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) 310 1.1 christos return rsa_key_types; 311 1.1 christos return NULL; 312 1.1 christos } 313 1.1 christos 314 1.1 christos static const OSSL_PARAM *rsa_import_types(int selection) 315 1.1 christos { 316 1.1 christos return rsa_imexport_types(selection); 317 1.1 christos } 318 1.1 christos 319 1.1 christos static const OSSL_PARAM *rsa_export_types(int selection) 320 1.1 christos { 321 1.1 christos return rsa_imexport_types(selection); 322 1.1 christos } 323 1.1 christos 324 1.1 christos static int rsa_get_params(void *key, OSSL_PARAM params[]) 325 1.1 christos { 326 1.1 christos RSA *rsa = key; 327 1.1 christos const RSA_PSS_PARAMS_30 *pss_params = ossl_rsa_get0_pss_params_30(rsa); 328 1.1 christos int rsa_type = RSA_test_flags(rsa, RSA_FLAG_TYPE_MASK); 329 1.1 christos OSSL_PARAM *p; 330 1.1 christos int empty = RSA_get0_n(rsa) == NULL; 331 1.1 christos 332 1.1 christos if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_BITS)) != NULL 333 1.1 christos && (empty || !OSSL_PARAM_set_int(p, RSA_bits(rsa)))) 334 1.1 christos return 0; 335 1.1 christos if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_SECURITY_BITS)) != NULL 336 1.1 christos && (empty || !OSSL_PARAM_set_int(p, RSA_security_bits(rsa)))) 337 1.1 christos return 0; 338 1.1 christos if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_MAX_SIZE)) != NULL 339 1.1 christos && (empty || !OSSL_PARAM_set_int(p, RSA_size(rsa)))) 340 1.1 christos return 0; 341 1.1 christos 342 1.1 christos /* 343 1.1 christos * For restricted RSA-PSS keys, we ignore the default digest request. 344 1.1 christos * With RSA-OAEP keys, this may need to be amended. 345 1.1 christos */ 346 1.1 christos if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_DEFAULT_DIGEST)) != NULL 347 1.1 christos && (rsa_type != RSA_FLAG_TYPE_RSASSAPSS 348 1.1 christos || ossl_rsa_pss_params_30_is_unrestricted(pss_params))) { 349 1.1 christos if (!OSSL_PARAM_set_utf8_string(p, RSA_DEFAULT_MD)) 350 1.1 christos return 0; 351 1.1 christos } 352 1.1 christos 353 1.1 christos /* 354 1.1 christos * For non-RSA-PSS keys, we ignore the mandatory digest request. 355 1.1 christos * With RSA-OAEP keys, this may need to be amended. 356 1.1 christos */ 357 1.1 christos if ((p = OSSL_PARAM_locate(params, 358 1.1.1.2 christos OSSL_PKEY_PARAM_MANDATORY_DIGEST)) 359 1.1.1.2 christos != NULL 360 1.1 christos && rsa_type == RSA_FLAG_TYPE_RSASSAPSS 361 1.1 christos && !ossl_rsa_pss_params_30_is_unrestricted(pss_params)) { 362 1.1.1.2 christos const char *mdname = ossl_rsa_oaeppss_nid2name(ossl_rsa_pss_params_30_hashalg(pss_params)); 363 1.1 christos 364 1.1 christos if (mdname == NULL || !OSSL_PARAM_set_utf8_string(p, mdname)) 365 1.1 christos return 0; 366 1.1 christos } 367 1.1 christos return (rsa_type != RSA_FLAG_TYPE_RSASSAPSS 368 1.1.1.2 christos || ossl_rsa_pss_params_30_todata(pss_params, NULL, params)) 369 1.1 christos && ossl_rsa_todata(rsa, NULL, params, 1); 370 1.1 christos } 371 1.1 christos 372 1.1 christos static const OSSL_PARAM rsa_params[] = { 373 1.1 christos OSSL_PARAM_int(OSSL_PKEY_PARAM_BITS, NULL), 374 1.1 christos OSSL_PARAM_int(OSSL_PKEY_PARAM_SECURITY_BITS, NULL), 375 1.1 christos OSSL_PARAM_int(OSSL_PKEY_PARAM_MAX_SIZE, NULL), 376 1.1 christos OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_DEFAULT_DIGEST, NULL, 0), 377 1.1 christos RSA_KEY_TYPES() 378 1.1.1.2 christos OSSL_PARAM_END 379 1.1 christos }; 380 1.1 christos 381 1.1 christos static const OSSL_PARAM *rsa_gettable_params(void *provctx) 382 1.1 christos { 383 1.1 christos return rsa_params; 384 1.1 christos } 385 1.1 christos 386 1.1 christos static int rsa_validate(const void *keydata, int selection, int checktype) 387 1.1 christos { 388 1.1 christos const RSA *rsa = keydata; 389 1.1 christos int ok = 1; 390 1.1 christos 391 1.1 christos if (!ossl_prov_is_running()) 392 1.1 christos return 0; 393 1.1 christos 394 1.1 christos if ((selection & RSA_POSSIBLE_SELECTIONS) == 0) 395 1.1 christos return 1; /* nothing to validate */ 396 1.1 christos 397 1.1 christos /* If the whole key is selected, we do a pairwise validation */ 398 1.1 christos if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) 399 1.1 christos == OSSL_KEYMGMT_SELECT_KEYPAIR) { 400 1.1 christos ok = ok && ossl_rsa_validate_pairwise(rsa); 401 1.1 christos } else { 402 1.1 christos if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) 403 1.1 christos ok = ok && ossl_rsa_validate_private(rsa); 404 1.1 christos if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) 405 1.1 christos ok = ok && ossl_rsa_validate_public(rsa); 406 1.1 christos } 407 1.1 christos return ok; 408 1.1 christos } 409 1.1 christos 410 1.1 christos struct rsa_gen_ctx { 411 1.1 christos OSSL_LIB_CTX *libctx; 412 1.1 christos const char *propq; 413 1.1 christos 414 1.1 christos int rsa_type; 415 1.1 christos 416 1.1 christos size_t nbits; 417 1.1 christos BIGNUM *pub_exp; 418 1.1 christos size_t primes; 419 1.1 christos 420 1.1 christos /* For PSS */ 421 1.1 christos RSA_PSS_PARAMS_30 pss_params; 422 1.1 christos int pss_defaults_set; 423 1.1 christos 424 1.1 christos /* For generation callback */ 425 1.1 christos OSSL_CALLBACK *cb; 426 1.1 christos void *cbarg; 427 1.1 christos 428 1.1 christos #if defined(FIPS_MODULE) && !defined(OPENSSL_NO_ACVP_TESTS) 429 1.1 christos /* ACVP test parameters */ 430 1.1 christos OSSL_PARAM *acvp_test_params; 431 1.1 christos #endif 432 1.1 christos }; 433 1.1 christos 434 1.1 christos static int rsa_gencb(int p, int n, BN_GENCB *cb) 435 1.1 christos { 436 1.1 christos struct rsa_gen_ctx *gctx = BN_GENCB_get_arg(cb); 437 1.1 christos OSSL_PARAM params[] = { OSSL_PARAM_END, OSSL_PARAM_END, OSSL_PARAM_END }; 438 1.1 christos 439 1.1 christos params[0] = OSSL_PARAM_construct_int(OSSL_GEN_PARAM_POTENTIAL, &p); 440 1.1 christos params[1] = OSSL_PARAM_construct_int(OSSL_GEN_PARAM_ITERATION, &n); 441 1.1 christos return gctx->cb(params, gctx->cbarg); 442 1.1 christos } 443 1.1 christos 444 1.1 christos static void *gen_init(void *provctx, int selection, int rsa_type, 445 1.1.1.2 christos const OSSL_PARAM params[]) 446 1.1 christos { 447 1.1 christos OSSL_LIB_CTX *libctx = PROV_LIBCTX_OF(provctx); 448 1.1 christos struct rsa_gen_ctx *gctx = NULL; 449 1.1 christos 450 1.1 christos if (!ossl_prov_is_running()) 451 1.1 christos return NULL; 452 1.1 christos 453 1.1 christos if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) == 0) 454 1.1 christos return NULL; 455 1.1 christos 456 1.1 christos if ((gctx = OPENSSL_zalloc(sizeof(*gctx))) != NULL) { 457 1.1 christos gctx->libctx = libctx; 458 1.1 christos if ((gctx->pub_exp = BN_new()) == NULL 459 1.1 christos || !BN_set_word(gctx->pub_exp, RSA_F4)) { 460 1.1 christos goto err; 461 1.1 christos } 462 1.1 christos gctx->nbits = 2048; 463 1.1 christos gctx->primes = RSA_DEFAULT_PRIME_NUM; 464 1.1 christos gctx->rsa_type = rsa_type; 465 1.1 christos } else { 466 1.1 christos goto err; 467 1.1 christos } 468 1.1 christos 469 1.1 christos if (!rsa_gen_set_params(gctx, params)) 470 1.1 christos goto err; 471 1.1 christos return gctx; 472 1.1 christos 473 1.1 christos err: 474 1.1 christos if (gctx != NULL) 475 1.1 christos BN_free(gctx->pub_exp); 476 1.1 christos OPENSSL_free(gctx); 477 1.1 christos return NULL; 478 1.1 christos } 479 1.1 christos 480 1.1 christos static void *rsa_gen_init(void *provctx, int selection, 481 1.1.1.2 christos const OSSL_PARAM params[]) 482 1.1 christos { 483 1.1 christos return gen_init(provctx, selection, RSA_FLAG_TYPE_RSA, params); 484 1.1 christos } 485 1.1 christos 486 1.1 christos static void *rsapss_gen_init(void *provctx, int selection, 487 1.1.1.2 christos const OSSL_PARAM params[]) 488 1.1 christos { 489 1.1 christos return gen_init(provctx, selection, RSA_FLAG_TYPE_RSASSAPSS, params); 490 1.1 christos } 491 1.1 christos 492 1.1 christos /* 493 1.1 christos * This function is common for all RSA sub-types, to detect possible 494 1.1 christos * misuse, such as PSS parameters being passed when a plain RSA key 495 1.1 christos * is generated. 496 1.1 christos */ 497 1.1 christos static int rsa_gen_set_params(void *genctx, const OSSL_PARAM params[]) 498 1.1 christos { 499 1.1 christos struct rsa_gen_ctx *gctx = genctx; 500 1.1 christos const OSSL_PARAM *p; 501 1.1 christos 502 1.1 christos if (ossl_param_is_empty(params)) 503 1.1 christos return 1; 504 1.1 christos 505 1.1 christos if ((p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_BITS)) != NULL) { 506 1.1 christos if (!OSSL_PARAM_get_size_t(p, &gctx->nbits)) 507 1.1 christos return 0; 508 1.1 christos if (gctx->nbits < RSA_MIN_MODULUS_BITS) { 509 1.1 christos ERR_raise(ERR_LIB_PROV, PROV_R_KEY_SIZE_TOO_SMALL); 510 1.1 christos return 0; 511 1.1 christos } 512 1.1 christos } 513 1.1 christos if ((p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_PRIMES)) != NULL 514 1.1 christos && !OSSL_PARAM_get_size_t(p, &gctx->primes)) 515 1.1 christos return 0; 516 1.1 christos if ((p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_E)) != NULL 517 1.1 christos && !OSSL_PARAM_get_BN(p, &gctx->pub_exp)) 518 1.1 christos return 0; 519 1.1 christos /* Only attempt to get PSS parameters when generating an RSA-PSS key */ 520 1.1 christos if (gctx->rsa_type == RSA_FLAG_TYPE_RSASSAPSS 521 1.1 christos && !pss_params_fromdata(&gctx->pss_params, &gctx->pss_defaults_set, params, 522 1.1.1.2 christos gctx->rsa_type, gctx->libctx)) 523 1.1 christos return 0; 524 1.1 christos #if defined(FIPS_MODULE) && !defined(OPENSSL_NO_ACVP_TESTS) 525 1.1 christos /* Any ACVP test related parameters are copied into a params[] */ 526 1.1 christos if (!ossl_rsa_acvp_test_gen_params_new(&gctx->acvp_test_params, params)) 527 1.1 christos return 0; 528 1.1 christos #endif 529 1.1 christos return 1; 530 1.1 christos } 531 1.1 christos 532 1.1.1.2 christos #define rsa_gen_basic \ 533 1.1.1.2 christos OSSL_PARAM_size_t(OSSL_PKEY_PARAM_RSA_BITS, NULL), \ 534 1.1.1.2 christos OSSL_PARAM_size_t(OSSL_PKEY_PARAM_RSA_PRIMES, NULL), \ 535 1.1.1.2 christos OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_E, NULL, 0) 536 1.1 christos 537 1.1 christos /* 538 1.1 christos * The following must be kept in sync with ossl_rsa_pss_params_30_fromdata() 539 1.1 christos * in crypto/rsa/rsa_backend.c 540 1.1 christos */ 541 1.1.1.2 christos #define rsa_gen_pss \ 542 1.1.1.2 christos OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_RSA_DIGEST, NULL, 0), \ 543 1.1.1.2 christos OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_RSA_DIGEST_PROPS, NULL, 0), \ 544 1.1.1.2 christos OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_RSA_MASKGENFUNC, NULL, 0), \ 545 1.1.1.2 christos OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_RSA_MGF1_DIGEST, NULL, 0), \ 546 1.1.1.2 christos OSSL_PARAM_int(OSSL_PKEY_PARAM_RSA_PSS_SALTLEN, NULL) 547 1.1 christos 548 1.1 christos static const OSSL_PARAM *rsa_gen_settable_params(ossl_unused void *genctx, 549 1.1.1.2 christos ossl_unused void *provctx) 550 1.1 christos { 551 1.1 christos static OSSL_PARAM settable[] = { 552 1.1 christos rsa_gen_basic, 553 1.1 christos OSSL_PARAM_END 554 1.1 christos }; 555 1.1 christos 556 1.1 christos return settable; 557 1.1 christos } 558 1.1 christos 559 1.1 christos static const OSSL_PARAM *rsapss_gen_settable_params(ossl_unused void *genctx, 560 1.1.1.2 christos ossl_unused void *provctx) 561 1.1 christos { 562 1.1 christos static OSSL_PARAM settable[] = { 563 1.1 christos rsa_gen_basic, 564 1.1 christos rsa_gen_pss, 565 1.1 christos OSSL_PARAM_END 566 1.1 christos }; 567 1.1 christos 568 1.1 christos return settable; 569 1.1 christos } 570 1.1 christos 571 1.1 christos static void *rsa_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg) 572 1.1 christos { 573 1.1 christos struct rsa_gen_ctx *gctx = genctx; 574 1.1 christos RSA *rsa = NULL, *rsa_tmp = NULL; 575 1.1 christos BN_GENCB *gencb = NULL; 576 1.1 christos 577 1.1 christos if (!ossl_prov_is_running() || gctx == NULL) 578 1.1 christos return NULL; 579 1.1 christos 580 1.1 christos switch (gctx->rsa_type) { 581 1.1 christos case RSA_FLAG_TYPE_RSA: 582 1.1 christos /* For plain RSA keys, PSS parameters must not be set */ 583 1.1 christos if (!ossl_rsa_pss_params_30_is_unrestricted(&gctx->pss_params)) 584 1.1 christos goto err; 585 1.1 christos break; 586 1.1 christos case RSA_FLAG_TYPE_RSASSAPSS: 587 1.1 christos /* 588 1.1 christos * For plain RSA-PSS keys, PSS parameters may be set but don't have 589 1.1 christos * to, so not check. 590 1.1 christos */ 591 1.1 christos break; 592 1.1 christos default: 593 1.1 christos /* Unsupported RSA key sub-type... */ 594 1.1 christos return NULL; 595 1.1 christos } 596 1.1 christos 597 1.1 christos if ((rsa_tmp = ossl_rsa_new_with_ctx(gctx->libctx)) == NULL) 598 1.1 christos return NULL; 599 1.1 christos 600 1.1 christos gctx->cb = osslcb; 601 1.1 christos gctx->cbarg = cbarg; 602 1.1 christos gencb = BN_GENCB_new(); 603 1.1 christos if (gencb != NULL) 604 1.1 christos BN_GENCB_set(gencb, rsa_gencb, genctx); 605 1.1 christos 606 1.1 christos #if defined(FIPS_MODULE) && !defined(OPENSSL_NO_ACVP_TESTS) 607 1.1 christos if (gctx->acvp_test_params != NULL) { 608 1.1 christos if (!ossl_rsa_acvp_test_set_params(rsa_tmp, gctx->acvp_test_params)) 609 1.1 christos goto err; 610 1.1 christos } 611 1.1 christos #endif 612 1.1 christos 613 1.1 christos if (!RSA_generate_multi_prime_key(rsa_tmp, 614 1.1.1.2 christos (int)gctx->nbits, (int)gctx->primes, 615 1.1.1.2 christos gctx->pub_exp, gencb)) 616 1.1 christos goto err; 617 1.1 christos 618 1.1 christos if (!ossl_rsa_pss_params_30_copy(ossl_rsa_get0_pss_params_30(rsa_tmp), 619 1.1.1.2 christos &gctx->pss_params)) 620 1.1 christos goto err; 621 1.1 christos 622 1.1 christos RSA_clear_flags(rsa_tmp, RSA_FLAG_TYPE_MASK); 623 1.1 christos RSA_set_flags(rsa_tmp, gctx->rsa_type); 624 1.1 christos 625 1.1 christos rsa = rsa_tmp; 626 1.1 christos rsa_tmp = NULL; 627 1.1.1.2 christos err: 628 1.1 christos BN_GENCB_free(gencb); 629 1.1 christos RSA_free(rsa_tmp); 630 1.1 christos return rsa; 631 1.1 christos } 632 1.1 christos 633 1.1 christos static void rsa_gen_cleanup(void *genctx) 634 1.1 christos { 635 1.1 christos struct rsa_gen_ctx *gctx = genctx; 636 1.1 christos 637 1.1 christos if (gctx == NULL) 638 1.1 christos return; 639 1.1 christos #if defined(FIPS_MODULE) && !defined(OPENSSL_NO_ACVP_TESTS) 640 1.1 christos ossl_rsa_acvp_test_gen_params_free(gctx->acvp_test_params); 641 1.1 christos gctx->acvp_test_params = NULL; 642 1.1 christos #endif 643 1.1 christos BN_clear_free(gctx->pub_exp); 644 1.1 christos OPENSSL_free(gctx); 645 1.1 christos } 646 1.1 christos 647 1.1 christos static void *common_load(const void *reference, size_t reference_sz, 648 1.1.1.2 christos int expected_rsa_type) 649 1.1 christos { 650 1.1 christos RSA *rsa = NULL; 651 1.1 christos 652 1.1 christos if (ossl_prov_is_running() && reference_sz == sizeof(rsa)) { 653 1.1 christos /* The contents of the reference is the address to our object */ 654 1.1 christos rsa = *(RSA **)reference; 655 1.1 christos 656 1.1 christos if (RSA_test_flags(rsa, RSA_FLAG_TYPE_MASK) != expected_rsa_type) 657 1.1 christos return NULL; 658 1.1 christos 659 1.1 christos /* We grabbed, so we detach it */ 660 1.1 christos *(RSA **)reference = NULL; 661 1.1 christos return rsa; 662 1.1 christos } 663 1.1 christos return NULL; 664 1.1 christos } 665 1.1 christos 666 1.1 christos static void *rsa_load(const void *reference, size_t reference_sz) 667 1.1 christos { 668 1.1 christos return common_load(reference, reference_sz, RSA_FLAG_TYPE_RSA); 669 1.1 christos } 670 1.1 christos 671 1.1 christos static void *rsapss_load(const void *reference, size_t reference_sz) 672 1.1 christos { 673 1.1 christos return common_load(reference, reference_sz, RSA_FLAG_TYPE_RSASSAPSS); 674 1.1 christos } 675 1.1 christos 676 1.1 christos static void *rsa_dup(const void *keydata_from, int selection) 677 1.1 christos { 678 1.1 christos if (ossl_prov_is_running() 679 1.1 christos /* do not allow creating empty keys by duplication */ 680 1.1 christos && (selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) 681 1.1 christos return ossl_rsa_dup(keydata_from, selection); 682 1.1 christos return NULL; 683 1.1 christos } 684 1.1 christos 685 1.1 christos /* For any RSA key, we use the "RSA" algorithms regardless of sub-type. */ 686 1.1 christos static const char *rsa_query_operation_name(int operation_id) 687 1.1 christos { 688 1.1 christos return "RSA"; 689 1.1 christos } 690 1.1 christos 691 1.1 christos const OSSL_DISPATCH ossl_rsa_keymgmt_functions[] = { 692 1.1 christos { OSSL_FUNC_KEYMGMT_NEW, (void (*)(void))rsa_newdata }, 693 1.1 christos { OSSL_FUNC_KEYMGMT_GEN_INIT, (void (*)(void))rsa_gen_init }, 694 1.1 christos { OSSL_FUNC_KEYMGMT_GEN_SET_PARAMS, 695 1.1.1.2 christos (void (*)(void))rsa_gen_set_params }, 696 1.1 christos { OSSL_FUNC_KEYMGMT_GEN_SETTABLE_PARAMS, 697 1.1.1.2 christos (void (*)(void))rsa_gen_settable_params }, 698 1.1 christos { OSSL_FUNC_KEYMGMT_GEN, (void (*)(void))rsa_gen }, 699 1.1 christos { OSSL_FUNC_KEYMGMT_GEN_CLEANUP, (void (*)(void))rsa_gen_cleanup }, 700 1.1 christos { OSSL_FUNC_KEYMGMT_LOAD, (void (*)(void))rsa_load }, 701 1.1 christos { OSSL_FUNC_KEYMGMT_FREE, (void (*)(void))rsa_freedata }, 702 1.1.1.2 christos { OSSL_FUNC_KEYMGMT_GET_PARAMS, (void (*)(void))rsa_get_params }, 703 1.1.1.2 christos { OSSL_FUNC_KEYMGMT_GETTABLE_PARAMS, (void (*)(void))rsa_gettable_params }, 704 1.1 christos { OSSL_FUNC_KEYMGMT_HAS, (void (*)(void))rsa_has }, 705 1.1 christos { OSSL_FUNC_KEYMGMT_MATCH, (void (*)(void))rsa_match }, 706 1.1 christos { OSSL_FUNC_KEYMGMT_VALIDATE, (void (*)(void))rsa_validate }, 707 1.1 christos { OSSL_FUNC_KEYMGMT_IMPORT, (void (*)(void))rsa_import }, 708 1.1 christos { OSSL_FUNC_KEYMGMT_IMPORT_TYPES, (void (*)(void))rsa_import_types }, 709 1.1 christos { OSSL_FUNC_KEYMGMT_EXPORT, (void (*)(void))rsa_export }, 710 1.1 christos { OSSL_FUNC_KEYMGMT_EXPORT_TYPES, (void (*)(void))rsa_export_types }, 711 1.1 christos { OSSL_FUNC_KEYMGMT_DUP, (void (*)(void))rsa_dup }, 712 1.1 christos OSSL_DISPATCH_END 713 1.1 christos }; 714 1.1 christos 715 1.1 christos const OSSL_DISPATCH ossl_rsapss_keymgmt_functions[] = { 716 1.1 christos { OSSL_FUNC_KEYMGMT_NEW, (void (*)(void))rsapss_newdata }, 717 1.1 christos { OSSL_FUNC_KEYMGMT_GEN_INIT, (void (*)(void))rsapss_gen_init }, 718 1.1 christos { OSSL_FUNC_KEYMGMT_GEN_SET_PARAMS, (void (*)(void))rsa_gen_set_params }, 719 1.1 christos { OSSL_FUNC_KEYMGMT_GEN_SETTABLE_PARAMS, 720 1.1.1.2 christos (void (*)(void))rsapss_gen_settable_params }, 721 1.1 christos { OSSL_FUNC_KEYMGMT_GEN, (void (*)(void))rsa_gen }, 722 1.1 christos { OSSL_FUNC_KEYMGMT_GEN_CLEANUP, (void (*)(void))rsa_gen_cleanup }, 723 1.1 christos { OSSL_FUNC_KEYMGMT_LOAD, (void (*)(void))rsapss_load }, 724 1.1 christos { OSSL_FUNC_KEYMGMT_FREE, (void (*)(void))rsa_freedata }, 725 1.1.1.2 christos { OSSL_FUNC_KEYMGMT_GET_PARAMS, (void (*)(void))rsa_get_params }, 726 1.1.1.2 christos { OSSL_FUNC_KEYMGMT_GETTABLE_PARAMS, (void (*)(void))rsa_gettable_params }, 727 1.1 christos { OSSL_FUNC_KEYMGMT_HAS, (void (*)(void))rsa_has }, 728 1.1 christos { OSSL_FUNC_KEYMGMT_MATCH, (void (*)(void))rsa_match }, 729 1.1 christos { OSSL_FUNC_KEYMGMT_VALIDATE, (void (*)(void))rsa_validate }, 730 1.1 christos { OSSL_FUNC_KEYMGMT_IMPORT, (void (*)(void))rsa_import }, 731 1.1 christos { OSSL_FUNC_KEYMGMT_IMPORT_TYPES, (void (*)(void))rsa_import_types }, 732 1.1 christos { OSSL_FUNC_KEYMGMT_EXPORT, (void (*)(void))rsa_export }, 733 1.1 christos { OSSL_FUNC_KEYMGMT_EXPORT_TYPES, (void (*)(void))rsa_export_types }, 734 1.1 christos { OSSL_FUNC_KEYMGMT_QUERY_OPERATION_NAME, 735 1.1.1.2 christos (void (*)(void))rsa_query_operation_name }, 736 1.1 christos { OSSL_FUNC_KEYMGMT_DUP, (void (*)(void))rsa_dup }, 737 1.1 christos OSSL_DISPATCH_END 738 1.1 christos }; 739
Indexes created Sat Feb 28 05:31:39 UTC 2026