2 * Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
11 * RSA low level APIs are deprecated for public use, but still ok for
14 #include "internal/deprecated.h"
16 #include <openssl/core_numbers.h>
17 #include <openssl/core_names.h>
18 #include <openssl/err.h>
19 #include <openssl/pem.h>
20 #include <openssl/rsa.h>
21 #include <openssl/types.h>
22 #include <openssl/params.h>
23 #include <openssl/safestack.h>
25 #include "prov/implementations.h"
26 #include "prov/providercommonerr.h"
27 #include "serializer_local.h"
29 static OSSL_OP_serializer_newctx_fn rsa_priv_newctx;
30 static OSSL_OP_serializer_freectx_fn rsa_priv_freectx;
31 static OSSL_OP_serializer_set_ctx_params_fn rsa_priv_set_ctx_params;
32 static OSSL_OP_serializer_settable_ctx_params_fn rsa_priv_settable_ctx_params;
33 static OSSL_OP_serializer_serialize_data_fn rsa_priv_der_data;
34 static OSSL_OP_serializer_serialize_object_fn rsa_priv_der;
35 static OSSL_OP_serializer_serialize_data_fn rsa_pem_priv_data;
36 static OSSL_OP_serializer_serialize_object_fn rsa_pem_priv;
38 static OSSL_OP_serializer_newctx_fn rsa_print_newctx;
39 static OSSL_OP_serializer_freectx_fn rsa_print_freectx;
40 static OSSL_OP_serializer_serialize_data_fn rsa_priv_print_data;
41 static OSSL_OP_serializer_serialize_object_fn rsa_priv_print;
44 * Context used for private key serialization.
46 struct rsa_priv_ctx_st {
49 struct pkcs8_encrypt_ctx_st sc;
52 /* Helper functions to prepare RSA-PSS params for serialization */
54 static int prepare_rsa_params(const void *rsa, int nid,
55 void **pstr, int *pstrtype)
57 const RSA_PSS_PARAMS *pss = RSA_get0_pss_params(rsa);
60 /* If RSA it's just NULL type */
61 if (nid != EVP_PKEY_RSA_PSS) {
62 *pstrtype = V_ASN1_NULL;
65 /* If no PSS parameters we omit parameters entirely */
67 *pstrtype = V_ASN1_UNDEF;
70 /* Encode PSS parameters */
71 if (ASN1_item_pack((void *)pss, ASN1_ITEM_rptr(RSA_PSS_PARAMS),
76 *pstrtype = V_ASN1_SEQUENCE;
80 /* Private key : context */
81 static void *rsa_priv_newctx(void *provctx)
83 struct rsa_priv_ctx_st *ctx = OPENSSL_zalloc(sizeof(*ctx));
86 ctx->provctx = provctx;
87 /* -1 is the "whatever" indicator, i.e. the PKCS8 library default PBE */
93 static void rsa_priv_freectx(void *vctx)
95 struct rsa_priv_ctx_st *ctx = vctx;
97 EVP_CIPHER_free(ctx->sc.cipher);
98 OPENSSL_free(ctx->sc.cipher_pass);
102 static const OSSL_PARAM *rsa_priv_settable_ctx_params(void)
104 static const OSSL_PARAM settables[] = {
105 OSSL_PARAM_utf8_string(OSSL_SERIALIZER_PARAM_CIPHER, NULL, 0),
106 OSSL_PARAM_octet_string(OSSL_SERIALIZER_PARAM_PASS, NULL, 0),
113 static int rsa_priv_set_ctx_params(void *vctx, const OSSL_PARAM params[])
115 struct rsa_priv_ctx_st *ctx = vctx;
118 if ((p = OSSL_PARAM_locate_const(params, OSSL_SERIALIZER_PARAM_CIPHER))
120 const OSSL_PARAM *propsp =
121 OSSL_PARAM_locate_const(params, OSSL_SERIALIZER_PARAM_PROPERTIES);
122 const char *props = NULL;
124 if (p->data_type != OSSL_PARAM_UTF8_STRING)
126 if (propsp != NULL && propsp->data_type != OSSL_PARAM_UTF8_STRING)
128 props = (propsp != NULL ? propsp->data : NULL);
130 EVP_CIPHER_free(ctx->sc.cipher);
131 ctx->sc.cipher_intent = p->data != NULL;
133 && ((ctx->sc.cipher = EVP_CIPHER_fetch(NULL, p->data, props))
137 if ((p = OSSL_PARAM_locate_const(params, OSSL_SERIALIZER_PARAM_PASS))
139 OPENSSL_free(ctx->sc.cipher_pass);
140 ctx->sc.cipher_pass = NULL;
141 if (!OSSL_PARAM_get_octet_string(p, &ctx->sc.cipher_pass, 0,
142 &ctx->sc.cipher_pass_length))
148 /* Private key : DER */
149 static int rsa_priv_der_data(void *vctx, const OSSL_PARAM params[], BIO *out,
150 OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg)
152 struct rsa_priv_ctx_st *ctx = vctx;
153 OSSL_OP_keymgmt_new_fn *rsa_new = ossl_prov_get_keymgmt_rsa_new();
154 OSSL_OP_keymgmt_free_fn *rsa_free = ossl_prov_get_keymgmt_rsa_free();
155 OSSL_OP_keymgmt_import_fn *rsa_import = ossl_prov_get_keymgmt_rsa_import();
158 if (rsa_import != NULL) {
161 if ((rsa = rsa_new(ctx->provctx)) != NULL
162 && rsa_import(rsa, OSSL_KEYMGMT_SELECT_KEYPAIR, params)
163 && rsa_priv_der(ctx, rsa, out, cb, cbarg))
170 static int rsa_priv_der(void *vctx, void *rsa, BIO *out,
171 OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg)
173 struct rsa_priv_ctx_st *ctx = vctx;
177 ctx->sc.cbarg = cbarg;
179 ret = ossl_prov_write_priv_der_from_obj(out, rsa, EVP_PKEY_RSA,
181 (i2d_of_void *)i2d_RSAPrivateKey,
187 /* Private key : PEM */
188 static int rsa_pem_priv_data(void *vctx, const OSSL_PARAM params[], BIO *out,
189 OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg)
191 struct rsa_priv_ctx_st *ctx = vctx;
192 OSSL_OP_keymgmt_new_fn *rsa_new = ossl_prov_get_keymgmt_rsa_new();
193 OSSL_OP_keymgmt_free_fn *rsa_free = ossl_prov_get_keymgmt_rsa_free();
194 OSSL_OP_keymgmt_import_fn *rsa_import = ossl_prov_get_keymgmt_rsa_import();
197 if (rsa_import != NULL) {
200 if ((rsa = rsa_new(ctx->provctx)) != NULL
201 && rsa_import(rsa, OSSL_KEYMGMT_SELECT_KEYPAIR, params)
202 && rsa_pem_priv(ctx, rsa, out, cb, cbarg))
209 static int rsa_pem_priv(void *vctx, void *rsa, BIO *out,
210 OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg)
212 struct rsa_priv_ctx_st *ctx = vctx;
216 ctx->sc.cbarg = cbarg;
218 ret = ossl_prov_write_priv_pem_from_obj(out, rsa, EVP_PKEY_RSA,
220 (i2d_of_void *)i2d_RSAPrivateKey,
227 * There's no specific print context, so we use the provider context
229 static void *rsa_print_newctx(void *provctx)
234 static void rsa_print_freectx(void *ctx)
238 static int rsa_priv_print_data(void *vctx, const OSSL_PARAM params[],
240 OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg)
242 struct rsa_priv_ctx_st *ctx = vctx;
243 OSSL_OP_keymgmt_new_fn *rsa_new = ossl_prov_get_keymgmt_rsa_new();
244 OSSL_OP_keymgmt_free_fn *rsa_free = ossl_prov_get_keymgmt_rsa_free();
245 OSSL_OP_keymgmt_import_fn *rsa_import = ossl_prov_get_keymgmt_rsa_import();
248 if (rsa_import != NULL) {
251 if ((rsa = rsa_new(ctx->provctx)) != NULL
252 && rsa_import(rsa, OSSL_KEYMGMT_SELECT_KEYPAIR, params)
253 && rsa_priv_print(ctx, rsa, out, cb, cbarg))
260 static int rsa_priv_print(void *ctx, void *rsa, BIO *out,
261 OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg)
263 return ossl_prov_print_rsa(out, rsa, 1);
266 const OSSL_DISPATCH rsa_priv_der_serializer_functions[] = {
267 { OSSL_FUNC_SERIALIZER_NEWCTX, (void (*)(void))rsa_priv_newctx },
268 { OSSL_FUNC_SERIALIZER_FREECTX, (void (*)(void))rsa_priv_freectx },
269 { OSSL_FUNC_SERIALIZER_SET_CTX_PARAMS,
270 (void (*)(void))rsa_priv_set_ctx_params },
271 { OSSL_FUNC_SERIALIZER_SETTABLE_CTX_PARAMS,
272 (void (*)(void))rsa_priv_settable_ctx_params },
273 { OSSL_FUNC_SERIALIZER_SERIALIZE_DATA, (void (*)(void))rsa_priv_der_data },
274 { OSSL_FUNC_SERIALIZER_SERIALIZE_OBJECT, (void (*)(void))rsa_priv_der },
278 const OSSL_DISPATCH rsa_priv_pem_serializer_functions[] = {
279 { OSSL_FUNC_SERIALIZER_NEWCTX, (void (*)(void))rsa_priv_newctx },
280 { OSSL_FUNC_SERIALIZER_FREECTX, (void (*)(void))rsa_priv_freectx },
281 { OSSL_FUNC_SERIALIZER_SET_CTX_PARAMS,
282 (void (*)(void))rsa_priv_set_ctx_params },
283 { OSSL_FUNC_SERIALIZER_SETTABLE_CTX_PARAMS,
284 (void (*)(void))rsa_priv_settable_ctx_params },
285 { OSSL_FUNC_SERIALIZER_SERIALIZE_DATA, (void (*)(void))rsa_pem_priv_data },
286 { OSSL_FUNC_SERIALIZER_SERIALIZE_OBJECT, (void (*)(void))rsa_pem_priv },
290 const OSSL_DISPATCH rsa_priv_text_serializer_functions[] = {
291 { OSSL_FUNC_SERIALIZER_NEWCTX, (void (*)(void))rsa_print_newctx },
292 { OSSL_FUNC_SERIALIZER_FREECTX, (void (*)(void))rsa_print_freectx },
293 { OSSL_FUNC_SERIALIZER_SERIALIZE_OBJECT, (void (*)(void))rsa_priv_print },
294 { OSSL_FUNC_SERIALIZER_SERIALIZE_DATA,
295 (void (*)(void))rsa_priv_print_data },