2 * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
10 #include <openssl/core_numbers.h>
11 #include <openssl/core_names.h>
12 #include <openssl/bn.h>
13 #include <openssl/err.h>
14 #include <openssl/rsa.h>
15 #include <openssl/evp.h>
16 #include <openssl/params.h>
17 #include <openssl/types.h>
18 #include "internal/param_build.h"
19 #include "prov/implementations.h"
20 #include "prov/providercommon.h"
21 #include "crypto/rsa.h"
23 static OSSL_OP_keymgmt_importkey_fn rsa_importkey;
24 static OSSL_OP_keymgmt_exportkey_fn rsa_exportkey;
25 static OSSL_OP_keymgmt_get_key_params_fn rsa_get_key_params;
26 static OSSL_OP_keymgmt_validate_public_fn rsa_validatekey_public;
27 static OSSL_OP_keymgmt_validate_private_fn rsa_validatekey_private;
28 static OSSL_OP_keymgmt_validate_pairwise_fn rsa_validatekey_pairwise;
30 #define RSA_DEFAULT_MD "SHA256"
32 DEFINE_STACK_OF(BIGNUM)
33 DEFINE_SPECIAL_STACK_OF_CONST(BIGNUM_const, BIGNUM)
35 static int collect_numbers(STACK_OF(BIGNUM) *numbers,
36 const OSSL_PARAM params[], const char *key)
38 const OSSL_PARAM *p = NULL;
43 for (p = params; (p = OSSL_PARAM_locate_const(p, key)) != NULL; p++) {
46 if (!OSSL_PARAM_get_BN(p, &tmp))
48 sk_BIGNUM_push(numbers, tmp);
54 static int params_to_key(RSA *rsa, const OSSL_PARAM params[])
56 const OSSL_PARAM *param_n, *param_e, *param_d;
57 BIGNUM *n = NULL, *e = NULL, *d = NULL;
58 STACK_OF(BIGNUM) *factors = NULL, *exps = NULL, *coeffs = NULL;
64 param_n = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_N);
65 param_e = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_E);
66 param_d = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_D);
68 if ((param_n != NULL && !OSSL_PARAM_get_BN(param_n, &n))
69 || (param_e != NULL && !OSSL_PARAM_get_BN(param_e, &e))
70 || (param_d != NULL && !OSSL_PARAM_get_BN(param_d, &d)))
73 is_private = (d != NULL);
75 if (!RSA_set0_key(rsa, n, e, d))
80 if (!collect_numbers(factors = sk_BIGNUM_new_null(), params,
81 OSSL_PKEY_PARAM_RSA_FACTOR)
82 || !collect_numbers(exps = sk_BIGNUM_new_null(), params,
83 OSSL_PKEY_PARAM_RSA_EXPONENT)
84 || !collect_numbers(coeffs = sk_BIGNUM_new_null(), params,
85 OSSL_PKEY_PARAM_RSA_COEFFICIENT))
88 /* It's ok if this private key just has n, e and d */
89 if (sk_BIGNUM_num(factors) != 0
90 && !rsa_set0_all_params(rsa, factors, exps, coeffs))
94 sk_BIGNUM_free(factors);
96 sk_BIGNUM_free(coeffs);
103 sk_BIGNUM_pop_free(factors, BN_free);
104 sk_BIGNUM_pop_free(exps, BN_free);
105 sk_BIGNUM_pop_free(coeffs, BN_free);
109 static int export_numbers(OSSL_PARAM_BLD *tmpl, const char *key,
110 STACK_OF(BIGNUM_const) *numbers)
117 nnum = sk_BIGNUM_const_num(numbers);
119 for (i = 0; i < nnum; i++) {
120 if (!ossl_param_bld_push_BN(tmpl, key,
121 sk_BIGNUM_const_value(numbers, i)))
128 static int key_to_params(RSA *rsa, OSSL_PARAM_BLD *tmpl)
131 const BIGNUM *rsa_d = NULL, *rsa_n = NULL, *rsa_e = NULL;
132 STACK_OF(BIGNUM_const) *factors = sk_BIGNUM_const_new_null();
133 STACK_OF(BIGNUM_const) *exps = sk_BIGNUM_const_new_null();
134 STACK_OF(BIGNUM_const) *coeffs = sk_BIGNUM_const_new_null();
136 if (rsa == NULL || factors == NULL || exps == NULL || coeffs == NULL)
139 RSA_get0_key(rsa, &rsa_n, &rsa_e, &rsa_d);
140 rsa_get0_all_params(rsa, factors, exps, coeffs);
143 && !ossl_param_bld_push_BN(tmpl, OSSL_PKEY_PARAM_RSA_N, rsa_n))
146 && !ossl_param_bld_push_BN(tmpl, OSSL_PKEY_PARAM_RSA_E, rsa_e))
149 && !ossl_param_bld_push_BN(tmpl, OSSL_PKEY_PARAM_RSA_D, rsa_d))
152 if (!export_numbers(tmpl, OSSL_PKEY_PARAM_RSA_FACTOR, factors)
153 || !export_numbers(tmpl, OSSL_PKEY_PARAM_RSA_EXPONENT, exps)
154 || !export_numbers(tmpl, OSSL_PKEY_PARAM_RSA_COEFFICIENT, coeffs))
159 sk_BIGNUM_const_free(factors);
160 sk_BIGNUM_const_free(exps);
161 sk_BIGNUM_const_free(coeffs);
165 static void *rsa_importkey(void *provctx, const OSSL_PARAM params[])
169 if ((rsa = RSA_new()) == NULL
170 || !params_to_key(rsa, params)) {
177 static int rsa_exportkey(void *key, OSSL_CALLBACK *param_callback, void *cbarg)
181 OSSL_PARAM *params = NULL;
184 ossl_param_bld_init(&tmpl);
186 || !key_to_params(rsa, &tmpl)
187 || (params = ossl_param_bld_to_param(&tmpl)) == NULL)
189 ret = param_callback(params, cbarg);
190 ossl_param_bld_free(params);
195 * This provider can export everything in an RSA key, so we use the exact
196 * same type description for export as for import. Other providers might
197 * choose to import full keys, but only export the public parts, and will
198 * therefore have the importkey_types and importkey_types functions return
201 static const OSSL_PARAM rsa_key_types[] = {
202 OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_N, NULL, 0),
203 OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_E, NULL, 0),
204 OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_D, NULL, 0),
205 /* We tolerate up to 10 factors... */
206 OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR, NULL, 0),
207 OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR, NULL, 0),
208 OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR, NULL, 0),
209 OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR, NULL, 0),
210 OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR, NULL, 0),
211 OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR, NULL, 0),
212 OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR, NULL, 0),
213 OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR, NULL, 0),
214 OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR, NULL, 0),
215 OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR, NULL, 0),
216 /* ..., up to 10 CRT exponents... */
217 OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT, NULL, 0),
218 OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT, NULL, 0),
219 OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT, NULL, 0),
220 OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT, NULL, 0),
221 OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT, NULL, 0),
222 OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT, NULL, 0),
223 OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT, NULL, 0),
224 OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT, NULL, 0),
225 OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT, NULL, 0),
226 OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT, NULL, 0),
227 /* ..., and up to 9 CRT coefficients */
228 OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_COEFFICIENT, NULL, 0),
229 OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_COEFFICIENT, NULL, 0),
230 OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_COEFFICIENT, NULL, 0),
231 OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_COEFFICIENT, NULL, 0),
232 OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_COEFFICIENT, NULL, 0),
233 OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_COEFFICIENT, NULL, 0),
234 OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_COEFFICIENT, NULL, 0),
235 OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_COEFFICIENT, NULL, 0),
236 OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_COEFFICIENT, NULL, 0),
239 * We lied about the amount of factors, exponents and coefficients, the
240 * export and import functions can really deal with an infinite amount
241 * of these numbers. However, RSA keys with too many primes are futile,
242 * so we at least pretend to have some limits.
245 static const OSSL_PARAM *rsa_exportkey_types(void)
247 return rsa_key_types;
250 static const OSSL_PARAM *rsa_importkey_types(void)
252 return rsa_key_types;
255 static int rsa_get_key_params(void *key, OSSL_PARAM params[])
260 if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_BITS)) != NULL
261 && !OSSL_PARAM_set_int(p, RSA_bits(rsa)))
263 if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_SECURITY_BITS)) != NULL
264 && !OSSL_PARAM_set_int(p, RSA_security_bits(rsa)))
266 if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_MAX_SIZE)) != NULL
267 && !OSSL_PARAM_set_int(p, RSA_size(rsa)))
270 # if 0 /* PSS support pending */
271 if ((p = OSSL_PARAM_locate(params,
272 OSSL_PKEY_PARAM_MANDATORY_DIGEST)) != NULL
273 && RSA_get0_pss_params(rsa) != NULL) {
274 const EVP_MD *md, *mgf1md;
277 if (!rsa_pss_get_param(RSA_get0_pss_params(rsa),
278 &md, &mgf1md, &min_saltlen)) {
279 ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR);
282 if (!OSSL_PARAM_set_utf8_string(p, EVP_MD_name(md)))
286 if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_DEFAULT_DIGEST)) != NULL
287 && RSA_get0_pss_params(rsa) == NULL)
288 if (!OSSL_PARAM_set_utf8_string(p, RSA_DEFAULT_MD))
294 static int rsa_validatekey_public(void *key)
298 return rsa_validate_public(rsa);
301 static int rsa_validatekey_private(void *key)
305 return rsa_validate_private(rsa);
308 static int rsa_validatekey_pairwise(void *key)
312 return rsa_validate_pairwise(rsa);
315 const OSSL_DISPATCH rsa_keymgmt_functions[] = {
316 { OSSL_FUNC_KEYMGMT_IMPORTKEY, (void (*)(void))rsa_importkey },
317 { OSSL_FUNC_KEYMGMT_IMPORTKEY_TYPES, (void (*)(void))rsa_importkey_types },
318 { OSSL_FUNC_KEYMGMT_EXPORTKEY, (void (*)(void))rsa_exportkey },
319 { OSSL_FUNC_KEYMGMT_EXPORTKEY_TYPES, (void (*)(void))rsa_exportkey_types },
320 { OSSL_FUNC_KEYMGMT_FREEKEY, (void (*)(void))RSA_free },
321 { OSSL_FUNC_KEYMGMT_GET_KEY_PARAMS, (void (*) (void))rsa_get_key_params },
322 { OSSL_FUNC_KEYMGMT_VALIDATE_PUBLIC,
323 (void (*)(void))rsa_validatekey_public },
324 { OSSL_FUNC_KEYMGMT_VALIDATE_PRIVATE,
325 (void (*)(void))rsa_validatekey_private },
326 { OSSL_FUNC_KEYMGMT_VALIDATE_PAIRWISE,
327 (void (*)(void))rsa_validatekey_pairwise },