X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=crypto%2Frsa%2Frsa_pmeth.c;h=01a4030f16c59508183d0f9d9be764784393cf7b;hp=001dbd0badcfe644afeda88267b6eaf50284035e;hb=399a6f0bd179960209df83b548ba5869acfdab86;hpb=75d44c0452e8807dcd9dd126390dd8df35c57efa

diff --git a/crypto/rsa/rsa_pmeth.c b/crypto/rsa/rsa_pmeth.c
index 001dbd0bad..01a4030f16 100644
--- a/crypto/rsa/rsa_pmeth.c
+++ b/crypto/rsa/rsa_pmeth.c
@@ -1,3 +1,4 @@
+/* crypto/rsa/rsa_pmeth.c */
 /* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
  * project 2006.
  */
@@ -75,10 +76,14 @@ typedef struct
 	/* Key gen parameters */
 	int nbits;
 	BIGNUM *pub_exp;
+	/* Keygen callback info */
+	int gentmp[2];
 	/* RSA padding mode */
 	int pad_mode;
-	/* nid for message digest */
+	/* message digest */
 	const EVP_MD *md;
+	/* PSS/OAEP salt length */
+	int saltlen;
 	/* Temp buffer */
 	unsigned char *tbuf;
 	} RSA_PKEY_CTX;
@@ -95,7 +100,11 @@ static int pkey_rsa_init(EVP_PKEY_CTX *ctx)
 	rctx->md = NULL;
 	rctx->tbuf = NULL;
 
+	rctx->saltlen = -2;
+
 	ctx->data = rctx;
+	ctx->keygen_info = rctx->gentmp;
+	ctx->keygen_info_count = 2;
 	
 	return 1;
 	}
@@ -119,8 +128,8 @@ static void pkey_rsa_cleanup(EVP_PKEY_CTX *ctx)
 			BN_free(rctx->pub_exp);
 		if (rctx->tbuf)
 			OPENSSL_free(rctx->tbuf);
+		OPENSSL_free(rctx);
 		}
-	OPENSSL_free(rctx);
 	}
 
 static int pkey_rsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, int *siglen,
@@ -128,6 +137,7 @@ static int pkey_rsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, int *siglen,
 	{
 	int ret;
 	RSA_PKEY_CTX *rctx = ctx->data;
+	RSA *rsa = ctx->pkey->pkey.rsa;
 
 	if (rctx->md)
 		{
@@ -145,15 +155,26 @@ static int pkey_rsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, int *siglen,
 			rctx->tbuf[tbslen] =
 				RSA_X931_hash_id(EVP_MD_type(rctx->md));
 			ret = RSA_private_encrypt(tbslen + 1, rctx->tbuf,
-						sig, ctx->pkey->pkey.rsa,
-						RSA_X931_PADDING);
+						sig, rsa, RSA_X931_PADDING);
 			}
 		else if (rctx->pad_mode == RSA_PKCS1_PADDING)
 			{
 			unsigned int sltmp;
 			ret = RSA_sign(EVP_MD_type(rctx->md),
-						tbs, tbslen, sig, &sltmp,
-							ctx->pkey->pkey.rsa);
+						tbs, tbslen, sig, &sltmp, rsa);
+			if (ret <= 0)
+				return ret;
+			ret = sltmp;
+			}
+		else if (rctx->pad_mode == RSA_PKCS1_PSS_PADDING)
+			{
+			if (!setup_tbuf(rctx, ctx))
+				return -1;
+			if (!RSA_padding_add_PKCS1_PSS(rsa, rctx->tbuf, tbs,
+						rctx->md, rctx->saltlen))
+				return -1;
+			ret = RSA_private_encrypt(RSA_size(rsa), rctx->tbuf,
+						sig, rsa, RSA_NO_PADDING);
 			}
 		else
 			return -1;
@@ -169,8 +190,8 @@ static int pkey_rsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, int *siglen,
 
 
 static int pkey_rsa_verifyrecover(EVP_PKEY_CTX *ctx,
-					unsigned char *sig, int *siglen,
-                                        const unsigned char *tbs, int tbslen)
+					unsigned char *rout, int *routlen,
+                                        const unsigned char *sig, int siglen)
 	{
 	int ret;
 	RSA_PKEY_CTX *rctx = ctx->data;
@@ -181,7 +202,7 @@ static int pkey_rsa_verifyrecover(EVP_PKEY_CTX *ctx,
 			{
 			if (!setup_tbuf(rctx, ctx))
 				return -1;
-			ret = RSA_public_decrypt(tbslen, tbs,
+			ret = RSA_public_decrypt(siglen, sig,
 						rctx->tbuf, ctx->pkey->pkey.rsa,
 						RSA_X931_PADDING);
 			if (ret < 1)
@@ -200,27 +221,83 @@ static int pkey_rsa_verifyrecover(EVP_PKEY_CTX *ctx,
 					RSA_R_INVALID_DIGEST_LENGTH);
 				return 0;
 				}
-			memcpy(sig, rctx->tbuf, ret);
+			if (rout)
+				memcpy(rout, rctx->tbuf, ret);
 			}
 		else if (rctx->pad_mode == RSA_PKCS1_PADDING)
 			{
 			unsigned int sltmp;
 			ret = int_rsa_verify(EVP_MD_type(rctx->md),
-						NULL, 0, sig, &sltmp,
-					tbs, tbslen, ctx->pkey->pkey.rsa);
+						NULL, 0, rout, &sltmp,
+					sig, siglen, ctx->pkey->pkey.rsa);
+			ret = sltmp;
 			}
 		else
 			return -1;
 		}
 	else
-		ret = RSA_public_decrypt(tbslen, tbs, sig, ctx->pkey->pkey.rsa,
+		ret = RSA_public_decrypt(siglen, sig, rout, ctx->pkey->pkey.rsa,
 							rctx->pad_mode);
 	if (ret < 0)
 		return ret;
-	*siglen = ret;
+	*routlen = ret;
 	return 1;
 	}
 
+static int pkey_rsa_verify(EVP_PKEY_CTX *ctx,
+					const unsigned char *sig, int siglen,
+                                        const unsigned char *tbs, int tbslen)
+	{
+	RSA_PKEY_CTX *rctx = ctx->data;
+	RSA *rsa = ctx->pkey->pkey.rsa;
+	int rslen;
+	if (rctx->md)
+		{
+		if (rctx->pad_mode == RSA_PKCS1_PADDING)
+			return RSA_verify(EVP_MD_type(rctx->md), tbs, tbslen,
+					sig, siglen, rsa);
+		if (rctx->pad_mode == RSA_X931_PADDING)
+			{
+			if (pkey_rsa_verifyrecover(ctx, NULL, &rslen,
+					sig, siglen) <= 0)
+				return 0;
+			}
+		else if (rctx->pad_mode == RSA_PKCS1_PSS_PADDING)
+			{
+			int ret;
+			if (!setup_tbuf(rctx, ctx))
+				return -1;
+			ret = RSA_public_decrypt(siglen, sig, rctx->tbuf,
+							rsa, RSA_NO_PADDING);
+			if (ret <= 0)
+				return 0;
+			ret = RSA_verify_PKCS1_PSS(rsa, tbs, rctx->md,
+						rctx->tbuf, rctx->saltlen);
+			if (ret <= 0)
+				return 0;
+			return 1;
+			}
+		else
+			return -1;
+		}
+	else
+		{
+		if (!setup_tbuf(rctx, ctx))
+			return -1;
+		rslen = RSA_public_decrypt(siglen, sig, rctx->tbuf,
+						rsa, rctx->pad_mode);
+		if (rslen <= 0)
+			return 0;
+		}
+
+	if ((rslen != tbslen) || memcmp(tbs, rctx->tbuf, rslen))
+		return 0;
+
+	return 1;
+			
+	}
+	
+
 static int pkey_rsa_encrypt(EVP_PKEY_CTX *ctx, unsigned char *out, int *outlen,
                                         const unsigned char *in, int inlen)
 	{
@@ -251,9 +328,10 @@ static int check_padding_md(const EVP_MD *md, int padding)
 	{
 	if (!md)
 		return 1;
+
 	if (padding == RSA_NO_PADDING)
 		{
-		RSAerr(RSA_F_CHECK_PADDING_NID, RSA_R_INVALID_PADDING_MODE);
+		RSAerr(RSA_F_CHECK_PADDING_MD, RSA_R_INVALID_PADDING_MODE);
 		return 0;
 		}
 
@@ -261,7 +339,7 @@ static int check_padding_md(const EVP_MD *md, int padding)
 		{
 		if (RSA_X931_hash_id(EVP_MD_type(md)) == -1)
 			{
-			RSAerr(RSA_F_CHECK_PADDING_NID,
+			RSAerr(RSA_F_CHECK_PADDING_MD,
 						RSA_R_INVALID_X931_DIGEST);
 			return 0;
 			}
@@ -278,24 +356,59 @@ static int pkey_rsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
 	switch (type)
 		{
 		case EVP_PKEY_CTRL_RSA_PADDING:
-		/* TODO: add PSS support */
-		if ((p1 >= RSA_PKCS1_PADDING) && (p1 <= RSA_X931_PADDING))
+		if ((p1 >= RSA_PKCS1_PADDING) && (p1 <= RSA_PKCS1_PSS_PADDING))
 			{
-			if (ctx->operation == EVP_PKEY_OP_KEYGEN)
-				return -2;
 			if (!check_padding_md(rctx->md, p1))
 				return 0;
+			if (p1 == RSA_PKCS1_PSS_PADDING) 
+				{
+				if (ctx->operation == EVP_PKEY_OP_VERIFYRECOVER)
+					return -2;
+				if (!rctx->md)
+					rctx->md = EVP_sha1();
+				}
+			if (p1 == RSA_PKCS1_OAEP_PADDING) 
+				{
+				if (!(ctx->operation & EVP_PKEY_OP_TYPE_CRYPT))
+					return -2;
+				if (!rctx->md)
+					rctx->md = EVP_sha1();
+				}
 			rctx->pad_mode = p1;
 			return 1;
 			}
 		return -2;
 
+		case EVP_PKEY_CTRL_RSA_PSS_SALTLEN:
+		if (p1 < -2)
+			return -2;
+		if (rctx->pad_mode != RSA_PKCS1_PSS_PADDING)
+			return -2;
+		rctx->saltlen = p1;
+		return 1;
+
+		case EVP_PKEY_CTRL_RSA_KEYGEN_BITS:
+		if (p1 < 256)
+			return -2;
+		rctx->nbits = p1;
+		return 1;
+
+		case EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP:
+		if (!p2)
+			return -2;
+		rctx->pub_exp = p2;
+		return 1;
+
 		case EVP_PKEY_CTRL_MD:
 		if (!check_padding_md(p2, rctx->pad_mode))
 			return 0;
 		rctx->md = p2;
 		return 1;
 
+		case EVP_PKEY_CTRL_PKCS7_ENCRYPT:
+		case EVP_PKEY_CTRL_PKCS7_DECRYPT:
+		return 1;
+
 		default:
 		return -2;
 
@@ -320,28 +433,89 @@ static int pkey_rsa_ctrl_str(EVP_PKEY_CTX *ctx,
 			pm = RSA_PKCS1_OAEP_PADDING;
 		else if (!strcmp(value, "x931"))
 			pm = RSA_X931_PADDING;
+		else if (!strcmp(value, "pss"))
+			pm = RSA_PKCS1_PSS_PADDING;
 		else
 			return -2;
 		return EVP_PKEY_CTX_set_rsa_padding(ctx, pm);
 		}
+
+	if (!strcmp(type, "rsa_pss_saltlen"))
+		{
+		int saltlen;
+		saltlen = atoi(value);
+		return EVP_PKEY_CTX_set_rsa_pss_saltlen(ctx, saltlen);
+		}
+
+	if (!strcmp(type, "rsa_keygen_bits"))
+		{
+		int nbits;
+		nbits = atoi(value);
+		return EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, nbits);
+		}
+
+	if (!strcmp(type, "rsa_keygen_pubexp"))
+		{
+		int ret;
+		BIGNUM *pubexp = NULL;
+		if (!BN_asc2bn(&pubexp, value))
+			return 0;
+		ret = EVP_PKEY_CTX_set_rsa_keygen_pubexp(ctx, pubexp);
+		if (ret <= 0)
+			BN_free(pubexp);
+		return ret;
+		}
+
 	return -2;
 	}
 
+static int pkey_rsa_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
+	{
+	RSA *rsa = NULL;
+	RSA_PKEY_CTX *rctx = ctx->data;
+	BN_GENCB *pcb, cb;
+	int ret;
+	if (!rctx->pub_exp)
+		{
+		rctx->pub_exp = BN_new();
+		if (!rctx->pub_exp || !BN_set_word(rctx->pub_exp, RSA_F4))
+			return 0;
+		}
+	rsa = RSA_new();
+	if (!rsa)
+		return 0;
+	if (ctx->pkey_gencb)
+		{
+		pcb = &cb;
+		evp_pkey_set_cb_translate(pcb, ctx);
+		}
+	else
+		pcb = NULL;
+	ret = RSA_generate_key_ex(rsa, rctx->nbits, rctx->pub_exp, pcb);
+	if (ret > 0)
+		EVP_PKEY_assign_RSA(pkey, rsa);
+	else
+		RSA_free(rsa);
+	return ret;
+	}
+
 const EVP_PKEY_METHOD rsa_pkey_meth = 
 	{
 	EVP_PKEY_RSA,
-	0,
+	EVP_PKEY_FLAG_AUTOARGLEN,
 	pkey_rsa_init,
 	pkey_rsa_cleanup,
 
 	0,0,
 
-	0,0,
+	0,
+	pkey_rsa_keygen,
 
 	0,
 	pkey_rsa_sign,
 
-	0,0,
+	0,
+	pkey_rsa_verify,
 
 	0,
 	pkey_rsa_verifyrecover,
@@ -355,6 +529,8 @@ const EVP_PKEY_METHOD rsa_pkey_meth =
 	0,
 	pkey_rsa_decrypt,
 
+	0,0,
+
 	pkey_rsa_ctrl,
 	pkey_rsa_ctrl_str