projects / openssl.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Add RSA key validation to default provider
[openssl.git] / providers / implementations / keymgmt / rsa_kmgmt.c
1 /*
2  * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
3  *
4  * Licensed under the Apache License 2.0 (the "License").  You may not use
5  * this file except in compliance with the License.  You can obtain a copy
6  * in the file LICENSE in the source distribution or at
7  * https://www.openssl.org/source/license.html
8  */
9
10 #include <openssl/core_numbers.h>
11 #include <openssl/core_names.h>
12 #include <openssl/bn.h>
13 #include <openssl/err.h>
14 #include <openssl/rsa.h>
15 #include <openssl/evp.h>
16 #include <openssl/params.h>
17 #include <openssl/types.h>
18 #include "internal/param_build.h"
19 #include "prov/implementations.h"
20 #include "prov/providercommon.h"
21 #include "crypto/rsa.h"
22
23 static OSSL_OP_keymgmt_importkey_fn rsa_importkey;
24 static OSSL_OP_keymgmt_exportkey_fn rsa_exportkey;
25 static OSSL_OP_keymgmt_get_key_params_fn rsa_get_key_params;
26 static OSSL_OP_keymgmt_validate_public_fn rsa_validatekey_public;
27 static OSSL_OP_keymgmt_validate_private_fn rsa_validatekey_private;
28 static OSSL_OP_keymgmt_validate_pairwise_fn rsa_validatekey_pairwise;
29
30 #define RSA_DEFAULT_MD "SHA256"
31
32 DEFINE_STACK_OF(BIGNUM)
33 DEFINE_SPECIAL_STACK_OF_CONST(BIGNUM_const, BIGNUM)
34
35 static int collect_numbers(STACK_OF(BIGNUM) *numbers,
36                            const OSSL_PARAM params[], const char *key)
37 {
38     const OSSL_PARAM *p = NULL;
39
40     if (numbers == NULL)
41         return 0;
42
43     for (p = params; (p = OSSL_PARAM_locate_const(p, key)) != NULL; p++) {
44         BIGNUM *tmp = NULL;
45
46         if (!OSSL_PARAM_get_BN(p, &tmp))
47             return 0;
48         sk_BIGNUM_push(numbers, tmp);
49     }
50
51     return 1;
52 }
53
54 static int params_to_key(RSA *rsa, const OSSL_PARAM params[])
55 {
56     const OSSL_PARAM *param_n, *param_e,  *param_d;
57     BIGNUM *n = NULL, *e = NULL, *d = NULL;
58     STACK_OF(BIGNUM) *factors = NULL, *exps = NULL, *coeffs = NULL;
59     int is_private = 0;
60
61     if (rsa == NULL)
62         return 0;
63
64     param_n = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_N);
65     param_e = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_E);
66     param_d = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_D);
67
68     if ((param_n != NULL && !OSSL_PARAM_get_BN(param_n, &n))
69         || (param_e != NULL && !OSSL_PARAM_get_BN(param_e, &e))
70         || (param_d != NULL && !OSSL_PARAM_get_BN(param_d, &d)))
71         goto err;
72
73     is_private = (d != NULL);
74
75     if (!RSA_set0_key(rsa, n, e, d))
76         goto err;
77     n = e = d = NULL;
78
79     if (is_private) {
80         if (!collect_numbers(factors = sk_BIGNUM_new_null(), params,
81                              OSSL_PKEY_PARAM_RSA_FACTOR)
82             || !collect_numbers(exps = sk_BIGNUM_new_null(), params,
83                                 OSSL_PKEY_PARAM_RSA_EXPONENT)
84             || !collect_numbers(coeffs = sk_BIGNUM_new_null(), params,
85                                 OSSL_PKEY_PARAM_RSA_COEFFICIENT))
86             goto err;
87
88         /* It's ok if this private key just has n, e and d */
89         if (sk_BIGNUM_num(factors) != 0
90             && !rsa_set0_all_params(rsa, factors, exps, coeffs))
91             goto err;
92     }
93
94     sk_BIGNUM_free(factors);
95     sk_BIGNUM_free(exps);
96     sk_BIGNUM_free(coeffs);
97     return 1;
98
99  err:
100     BN_free(n);
101     BN_free(e);
102     BN_free(d);
103     sk_BIGNUM_pop_free(factors, BN_free);
104     sk_BIGNUM_pop_free(exps, BN_free);
105     sk_BIGNUM_pop_free(coeffs, BN_free);
106     return 0;
107 }
108
109 static int export_numbers(OSSL_PARAM_BLD *tmpl, const char *key,
110                           STACK_OF(BIGNUM_const) *numbers)
111 {
112     int i, nnum;
113
114     if (numbers == NULL)
115         return 0;
116
117     nnum = sk_BIGNUM_const_num(numbers);
118
119     for (i = 0; i < nnum; i++) {
120         if (!ossl_param_bld_push_BN(tmpl, key,
121                                     sk_BIGNUM_const_value(numbers, i)))
122             return 0;
123     }
124
125     return 1;
126 }
127
128 static int key_to_params(RSA *rsa, OSSL_PARAM_BLD *tmpl)
129 {
130     int ret = 0;
131     const BIGNUM *rsa_d = NULL, *rsa_n = NULL, *rsa_e = NULL;
132     STACK_OF(BIGNUM_const) *factors = sk_BIGNUM_const_new_null();
133     STACK_OF(BIGNUM_const) *exps = sk_BIGNUM_const_new_null();
134     STACK_OF(BIGNUM_const) *coeffs = sk_BIGNUM_const_new_null();
135
136     if (rsa == NULL || factors == NULL || exps == NULL || coeffs == NULL)
137         goto err;
138
139     RSA_get0_key(rsa, &rsa_n, &rsa_e, &rsa_d);
140     rsa_get0_all_params(rsa, factors, exps, coeffs);
141
142     if (rsa_n != NULL
143         && !ossl_param_bld_push_BN(tmpl, OSSL_PKEY_PARAM_RSA_N, rsa_n))
144         goto err;
145     if (rsa_e != NULL
146         && !ossl_param_bld_push_BN(tmpl, OSSL_PKEY_PARAM_RSA_E, rsa_e))
147         goto err;
148     if (rsa_d != NULL
149         && !ossl_param_bld_push_BN(tmpl, OSSL_PKEY_PARAM_RSA_D, rsa_d))
150         goto err;
151
152     if (!export_numbers(tmpl, OSSL_PKEY_PARAM_RSA_FACTOR, factors)
153         || !export_numbers(tmpl, OSSL_PKEY_PARAM_RSA_EXPONENT, exps)
154         || !export_numbers(tmpl, OSSL_PKEY_PARAM_RSA_COEFFICIENT, coeffs))
155         goto err;
156
157     ret = 1;
158  err:
159     sk_BIGNUM_const_free(factors);
160     sk_BIGNUM_const_free(exps);
161     sk_BIGNUM_const_free(coeffs);
162     return ret;
163 }
164
165 static void *rsa_importkey(void *provctx, const OSSL_PARAM params[])
166 {
167     RSA *rsa;
168
169     if ((rsa = RSA_new()) == NULL
170         || !params_to_key(rsa, params)) {
171         RSA_free(rsa);
172         rsa = NULL;
173     }
174     return rsa;
175 }
176
177 static int rsa_exportkey(void *key, OSSL_CALLBACK *param_callback, void *cbarg)
178 {
179     RSA *rsa = key;
180     OSSL_PARAM_BLD tmpl;
181     OSSL_PARAM *params = NULL;
182     int ret;
183
184     ossl_param_bld_init(&tmpl);
185     if (rsa == NULL
186         || !key_to_params(rsa, &tmpl)
187         || (params = ossl_param_bld_to_param(&tmpl)) == NULL)
188         return 0;
189     ret = param_callback(params, cbarg);
190     ossl_param_bld_free(params);
191     return ret;
192 }
193
194 /*
195  * This provider can export everything in an RSA key, so we use the exact
196  * same type description for export as for import.  Other providers might
197  * choose to import full keys, but only export the public parts, and will
198  * therefore have the importkey_types and importkey_types functions return
199  * different arrays.
200  */
201 static const OSSL_PARAM rsa_key_types[] = {
202     OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_N, NULL, 0),
203     OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_E, NULL, 0),
204     OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_D, NULL, 0),
205     /* We tolerate up to 10 factors... */
206     OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR, NULL, 0),
207     OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR, NULL, 0),
208     OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR, NULL, 0),
209     OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR, NULL, 0),
210     OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR, NULL, 0),
211     OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR, NULL, 0),
212     OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR, NULL, 0),
213     OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR, NULL, 0),
214     OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR, NULL, 0),
215     OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR, NULL, 0),
216     /* ..., up to 10 CRT exponents... */
217     OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT, NULL, 0),
218     OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT, NULL, 0),
219     OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT, NULL, 0),
220     OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT, NULL, 0),
221     OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT, NULL, 0),
222     OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT, NULL, 0),
223     OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT, NULL, 0),
224     OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT, NULL, 0),
225     OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT, NULL, 0),
226     OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT, NULL, 0),
227     /* ..., and up to 9 CRT coefficients */
228     OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_COEFFICIENT, NULL, 0),
229     OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_COEFFICIENT, NULL, 0),
230     OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_COEFFICIENT, NULL, 0),
231     OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_COEFFICIENT, NULL, 0),
232     OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_COEFFICIENT, NULL, 0),
233     OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_COEFFICIENT, NULL, 0),
234     OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_COEFFICIENT, NULL, 0),
235     OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_COEFFICIENT, NULL, 0),
236     OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_COEFFICIENT, NULL, 0),
237 };
238 /*
239  * We lied about the amount of factors, exponents and coefficients, the
240  * export and import functions can really deal with an infinite amount
241  * of these numbers.  However, RSA keys with too many primes are futile,
242  * so we at least pretend to have some limits.
243  */
244
245 static const OSSL_PARAM *rsa_exportkey_types(void)
246 {
247     return rsa_key_types;
248 }
249
250 static const OSSL_PARAM *rsa_importkey_types(void)
251 {
252     return rsa_key_types;
253 }
254
255 static int rsa_get_key_params(void *key, OSSL_PARAM params[])
256 {
257     RSA *rsa = key;
258     OSSL_PARAM *p;
259
260     if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_BITS)) != NULL
261         && !OSSL_PARAM_set_int(p, RSA_bits(rsa)))
262         return 0;
263     if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_SECURITY_BITS)) != NULL
264         && !OSSL_PARAM_set_int(p, RSA_security_bits(rsa)))
265         return 0;
266     if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_MAX_SIZE)) != NULL
267         && !OSSL_PARAM_set_int(p, RSA_size(rsa)))
268         return 0;
269
270 # if 0                           /* PSS support pending */
271     if ((p = OSSL_PARAM_locate(params,
272                                OSSL_PKEY_PARAM_MANDATORY_DIGEST)) != NULL
273         && RSA_get0_pss_params(rsa) != NULL) {
274         const EVP_MD *md, *mgf1md;
275         int min_saltlen;
276
277         if (!rsa_pss_get_param(RSA_get0_pss_params(rsa),
278                                &md, &mgf1md, &min_saltlen)) {
279             ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR);
280             return 0;
281         }
282         if (!OSSL_PARAM_set_utf8_string(p, EVP_MD_name(md)))
283             return 0;
284     }
285 #endif
286     if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_DEFAULT_DIGEST)) != NULL
287         && RSA_get0_pss_params(rsa) == NULL)
288         if (!OSSL_PARAM_set_utf8_string(p, RSA_DEFAULT_MD))
289             return 0;
290
291     return 1;
292 }
293
294 static int rsa_validatekey_public(void *key)
295 {
296     RSA *rsa = key;
297
298     return rsa_validate_public(rsa);
299 }
300
301 static int rsa_validatekey_private(void *key)
302 {
303     RSA *rsa = key;
304
305     return rsa_validate_private(rsa);
306 }
307
308 static int rsa_validatekey_pairwise(void *key)
309 {
310     RSA *rsa = key;
311
312     return rsa_validate_pairwise(rsa);
313 }
314
315 const OSSL_DISPATCH rsa_keymgmt_functions[] = {
316     { OSSL_FUNC_KEYMGMT_IMPORTKEY, (void (*)(void))rsa_importkey },
317     { OSSL_FUNC_KEYMGMT_IMPORTKEY_TYPES, (void (*)(void))rsa_importkey_types },
318     { OSSL_FUNC_KEYMGMT_EXPORTKEY, (void (*)(void))rsa_exportkey },
319     { OSSL_FUNC_KEYMGMT_EXPORTKEY_TYPES, (void (*)(void))rsa_exportkey_types },
320     { OSSL_FUNC_KEYMGMT_FREEKEY, (void (*)(void))RSA_free },
321     { OSSL_FUNC_KEYMGMT_GET_KEY_PARAMS,  (void (*) (void))rsa_get_key_params },
322     { OSSL_FUNC_KEYMGMT_VALIDATE_PUBLIC,
323           (void (*)(void))rsa_validatekey_public },
324     { OSSL_FUNC_KEYMGMT_VALIDATE_PRIVATE,
325           (void (*)(void))rsa_validatekey_private },
326     { OSSL_FUNC_KEYMGMT_VALIDATE_PAIRWISE,
327           (void (*)(void))rsa_validatekey_pairwise },
328     { 0, NULL }
329 };
Unnamed repository; edit this file 'description' to name the repository.