X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=crypto%2Frsa%2Frsa_ameth.c;h=649291ef7ec8fea520a31dcc3df8cfc3776d8fb9;hp=96e537571c6d525bc58308425bbd034d9e2ec271;hb=ff04bbe363ae8e98ab78c9d1c3735e9ac220c4b9;hpb=448be743350791d32764fac38f5d3c8ffda481b2 diff --git a/crypto/rsa/rsa_ameth.c b/crypto/rsa/rsa_ameth.c index 96e537571c..649291ef7e 100644 --- a/crypto/rsa/rsa_ameth.c +++ b/crypto/rsa/rsa_ameth.c @@ -1,4 +1,5 @@ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL +/* crypto/rsa/rsa_ameth.c */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2006. */ /* ==================================================================== @@ -60,8 +61,13 @@ #include #include #include +#include +#ifndef OPENSSL_NO_CMS +#include +#endif +#include "asn1_locl.h" -static int rsa_pub_encode(X509_PUBKEY *pk, EVP_PKEY *pkey) +static int rsa_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey) { unsigned char *penc = NULL; int penclen; @@ -92,23 +98,33 @@ static int rsa_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey) return 1; } -static int rsa_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8) +static int rsa_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b) { - const unsigned char *p; - int pklen; - RSA *rsa = NULL; - if (!PKCS8_pkey_get0(NULL, &p, &pklen, NULL, p8)) - return 0; - if (!(rsa = d2i_RSAPrivateKey (NULL, &p, pklen))) + if (BN_cmp(b->pkey.rsa->n,a->pkey.rsa->n) != 0 + || BN_cmp(b->pkey.rsa->e,a->pkey.rsa->e) != 0) + return 0; + return 1; + } + +static int old_rsa_priv_decode(EVP_PKEY *pkey, + const unsigned char **pder, int derlen) + { + RSA *rsa; + if (!(rsa = d2i_RSAPrivateKey (NULL, pder, derlen))) { - RSAerr(RSA_F_RSA_PRIV_DECODE, ERR_R_RSA_LIB); + RSAerr(RSA_F_OLD_RSA_PRIV_DECODE, ERR_R_RSA_LIB); return 0; } - EVP_PKEY_assign_RSA (pkey, rsa); + EVP_PKEY_assign_RSA(pkey, rsa); return 1; } -static int rsa_priv_encode(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey) +static int old_rsa_priv_encode(const EVP_PKEY *pkey, unsigned char **pder) + { + return i2d_RSAPrivateKey(pkey->pkey.rsa, pder); + } + +static int rsa_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey) { unsigned char *rk = NULL; int rklen; @@ -130,20 +146,308 @@ static int rsa_priv_encode(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey) return 1; } +static int rsa_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8) + { + const unsigned char *p; + int pklen; + if (!PKCS8_pkey_get0(NULL, &p, &pklen, NULL, p8)) + return 0; + return old_rsa_priv_decode(pkey, &p, pklen); + } + +static int int_rsa_size(const EVP_PKEY *pkey) + { + return RSA_size(pkey->pkey.rsa); + } + +static int rsa_bits(const EVP_PKEY *pkey) + { + return BN_num_bits(pkey->pkey.rsa->n); + } + +static void int_rsa_free(EVP_PKEY *pkey) + { + RSA_free(pkey->pkey.rsa); + } + + +static void update_buflen(const BIGNUM *b, size_t *pbuflen) + { + size_t i; + if (!b) + return; + if (*pbuflen < (i = (size_t)BN_num_bytes(b))) + *pbuflen = i; + } + +static int do_rsa_print(BIO *bp, const RSA *x, int off, int priv) + { + char *str; + const char *s; + unsigned char *m=NULL; + int ret=0, mod_len = 0; + size_t buf_len=0; + + update_buflen(x->n, &buf_len); + update_buflen(x->e, &buf_len); + + if (priv) + { + update_buflen(x->d, &buf_len); + update_buflen(x->p, &buf_len); + update_buflen(x->q, &buf_len); + update_buflen(x->dmp1, &buf_len); + update_buflen(x->dmq1, &buf_len); + update_buflen(x->iqmp, &buf_len); + } + + m=(unsigned char *)OPENSSL_malloc(buf_len+10); + if (m == NULL) + { + RSAerr(RSA_F_DO_RSA_PRINT,ERR_R_MALLOC_FAILURE); + goto err; + } + + if (x->n != NULL) + mod_len = BN_num_bits(x->n); + + if(!BIO_indent(bp,off,128)) + goto err; + + if (priv && x->d) + { + if (BIO_printf(bp,"Private-Key: (%d bit)\n", mod_len) + <= 0) goto err; + str = "modulus:"; + s = "publicExponent:"; + } + else + { + if (BIO_printf(bp,"Public-Key: (%d bit)\n", mod_len) + <= 0) goto err; + str = "Modulus:"; + s= "Exponent:"; + } + if (!ASN1_bn_print(bp,str,x->n,m,off)) goto err; + if (!ASN1_bn_print(bp,s,x->e,m,off)) + goto err; + if (priv) + { + if (!ASN1_bn_print(bp,"privateExponent:",x->d,m,off)) + goto err; + if (!ASN1_bn_print(bp,"prime1:",x->p,m,off)) + goto err; + if (!ASN1_bn_print(bp,"prime2:",x->q,m,off)) + goto err; + if (!ASN1_bn_print(bp,"exponent1:",x->dmp1,m,off)) + goto err; + if (!ASN1_bn_print(bp,"exponent2:",x->dmq1,m,off)) + goto err; + if (!ASN1_bn_print(bp,"coefficient:",x->iqmp,m,off)) + goto err; + } + ret=1; +err: + if (m != NULL) OPENSSL_free(m); + return(ret); + } + +static int rsa_pub_print(BIO *bp, const EVP_PKEY *pkey, int indent, + ASN1_PCTX *ctx) + { + return do_rsa_print(bp, pkey->pkey.rsa, indent, 0); + } + + +static int rsa_priv_print(BIO *bp, const EVP_PKEY *pkey, int indent, + ASN1_PCTX *ctx) + { + return do_rsa_print(bp, pkey->pkey.rsa, indent, 1); + } + +static int rsa_pss_param_print(BIO *bp, RSASSA_PSS_PARAMS *pss, int indent) + { + int rv = 0; + X509_ALGOR *maskHash = NULL; + if (!pss) + { + if (BIO_puts(bp, " (INVALID PSS PARAMETERS)\n") <= 0) + return 0; + } + if (BIO_puts(bp, "\n") <= 0) + goto err; + if (!BIO_indent(bp, indent, 128)) + goto err; + if (BIO_puts(bp, "Hash Algorithm: ") <= 0) + goto err; + + if (pss->hashAlgorithm) + { + if (i2a_ASN1_OBJECT(bp, pss->hashAlgorithm->algorithm) <= 0) + goto err; + } + else if (BIO_puts(bp, "sha1 (default)") <= 0) + goto err; + + if (BIO_puts(bp, "\n") <= 0) + goto err; + + if (!BIO_indent(bp, indent, 128)) + goto err; + + if (BIO_puts(bp, "Mask Algorithm: ") <= 0) + goto err; + if (pss->maskGenAlgorithm) + { + ASN1_TYPE *param = pss->maskGenAlgorithm->parameter; + if (param->type == V_ASN1_SEQUENCE) + { + const unsigned char *p = param->value.sequence->data; + int plen = param->value.sequence->length; + maskHash = d2i_X509_ALGOR(NULL, &p, plen); + } + if (i2a_ASN1_OBJECT(bp, pss->maskGenAlgorithm->algorithm) <= 0) + goto err; + if (BIO_puts(bp, " with ") <= 0) + goto err; + if (i2a_ASN1_OBJECT(bp, maskHash->algorithm) <= 0) + goto err; + } + else if (BIO_puts(bp, "mgf1 with sha1 (default)") <= 0) + goto err; + BIO_puts(bp, "\n"); + + if (!BIO_indent(bp, indent, 128)) + goto err; + if (BIO_puts(bp, "Salt Length: ") <= 0) + goto err; + if (pss->saltLength) + { + if (i2a_ASN1_INTEGER(bp, pss->saltLength) <= 0) + goto err; + } + else if (BIO_puts(bp, "20 (default)") <= 0) + goto err; + BIO_puts(bp, "\n"); + + if (!BIO_indent(bp, indent, 128)) + goto err; + if (BIO_puts(bp, "Trailer Field: ") <= 0) + goto err; + if (pss->trailerField) + { + if (i2a_ASN1_INTEGER(bp, pss->trailerField) <= 0) + goto err; + } + else if (BIO_puts(bp, "0xbc (default)") <= 0) + goto err; + BIO_puts(bp, "\n"); + + rv = 1; + + err: + if (maskHash) + X509_ALGOR_free(maskHash); + RSASSA_PSS_PARAMS_free(pss); + return rv; + + } + +static int rsa_sig_print(BIO *bp, const X509_ALGOR *sigalg, + const ASN1_STRING *sig, + int indent, ASN1_PCTX *pctx) + { + if (OBJ_obj2nid(sigalg->algorithm) == NID_rsassaPss) + { + RSASSA_PSS_PARAMS *pss = NULL; + ASN1_TYPE *param = sigalg->parameter; + if (param && param->type == V_ASN1_SEQUENCE) + { + const unsigned char *p = param->value.sequence->data; + int plen = param->value.sequence->length; + pss = d2i_RSASSA_PSS_PARAMS(NULL, &p, plen); + } + if (!rsa_pss_param_print(bp, pss, indent)) + return 0; + } + + return X509_signature_dump(bp, sig, indent); + } + +static int rsa_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2) + { + X509_ALGOR *alg = NULL; + switch (op) + { + + case ASN1_PKEY_CTRL_PKCS7_SIGN: + if (arg1 == 0) + PKCS7_SIGNER_INFO_get0_algs(arg2, NULL, NULL, &alg); + break; + + case ASN1_PKEY_CTRL_PKCS7_ENCRYPT: + if (arg1 == 0) + PKCS7_RECIP_INFO_get0_alg(arg2, &alg); + break; +#ifndef OPENSSL_NO_CMS + case ASN1_PKEY_CTRL_CMS_SIGN: + if (arg1 == 0) + CMS_SignerInfo_get0_algs(arg2, NULL, NULL, NULL, &alg); + break; + + case ASN1_PKEY_CTRL_CMS_ENVELOPE: + if (arg1 == 0) + CMS_RecipientInfo_ktri_get0_algs(arg2, NULL, NULL, &alg); + break; +#endif + + case ASN1_PKEY_CTRL_DEFAULT_MD_NID: + *(int *)arg2 = NID_sha1; + return 1; + + default: + return -2; + + } + + if (alg) + X509_ALGOR_set0(alg, OBJ_nid2obj(NID_rsaEncryption), + V_ASN1_NULL, 0); + + return 1; + + } + + const EVP_PKEY_ASN1_METHOD rsa_asn1_meths[] = { { EVP_PKEY_RSA, EVP_PKEY_RSA, - 0, + ASN1_PKEY_SIGPARAM_NULL, + + "RSA", + "OpenSSL RSA method", + rsa_pub_decode, rsa_pub_encode, - 0, + rsa_pub_cmp, + rsa_pub_print, + rsa_priv_decode, rsa_priv_encode, - 0, - 0, - 0 + rsa_priv_print, + + int_rsa_size, + rsa_bits, + + 0,0,0,0,0,0, + + rsa_sig_print, + int_rsa_free, + rsa_pkey_ctrl, + old_rsa_priv_decode, + old_rsa_priv_encode }, {