1/* 2 * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved. 3 * 4 * Licensed under the Apache License 2.0 (the "License"). You may not use 5 * this file except in compliance with the License. You can obtain a copy 6 * in the file LICENSE in the source distribution or at 7 * https://www.openssl.org/source/license.html 8 */ 9 10/* 11 * RSA low level APIs are deprecated for public use, but still ok for 12 * internal use. 13 */ 14#include "internal/deprecated.h" 15 16#include <openssl/core_dispatch.h> 17#include <openssl/core_names.h> 18#include <openssl/bn.h> 19#include <openssl/err.h> 20#include <openssl/rsa.h> 21#include <openssl/evp.h> 22#include <openssl/proverr.h> 23#include "prov/implementations.h" 24#include "prov/providercommon.h" 25#include "prov/provider_ctx.h" 26#include "crypto/rsa.h" 27#include "crypto/cryptlib.h" 28#include "internal/param_build_set.h" 29 30static OSSL_FUNC_keymgmt_new_fn rsa_newdata; 31static OSSL_FUNC_keymgmt_new_fn rsapss_newdata; 32static OSSL_FUNC_keymgmt_gen_init_fn rsa_gen_init; 33static OSSL_FUNC_keymgmt_gen_init_fn rsapss_gen_init; 34static OSSL_FUNC_keymgmt_gen_set_params_fn rsa_gen_set_params; 35static OSSL_FUNC_keymgmt_gen_settable_params_fn rsa_gen_settable_params; 36static OSSL_FUNC_keymgmt_gen_settable_params_fn rsapss_gen_settable_params; 37static OSSL_FUNC_keymgmt_gen_fn rsa_gen; 38static OSSL_FUNC_keymgmt_gen_cleanup_fn rsa_gen_cleanup; 39static OSSL_FUNC_keymgmt_load_fn rsa_load; 40static OSSL_FUNC_keymgmt_load_fn rsapss_load; 41static OSSL_FUNC_keymgmt_free_fn rsa_freedata; 42static OSSL_FUNC_keymgmt_get_params_fn rsa_get_params; 43static OSSL_FUNC_keymgmt_gettable_params_fn rsa_gettable_params; 44static OSSL_FUNC_keymgmt_has_fn rsa_has; 45static OSSL_FUNC_keymgmt_match_fn rsa_match; 46static OSSL_FUNC_keymgmt_validate_fn rsa_validate; 47static OSSL_FUNC_keymgmt_import_fn rsa_import; 48static OSSL_FUNC_keymgmt_import_types_fn rsa_import_types; 49static OSSL_FUNC_keymgmt_export_fn rsa_export; 50static OSSL_FUNC_keymgmt_export_types_fn rsa_export_types; 51static OSSL_FUNC_keymgmt_query_operation_name_fn rsa_query_operation_name; 52static OSSL_FUNC_keymgmt_dup_fn rsa_dup; 53 54#define RSA_DEFAULT_MD "SHA256" 55#define RSA_PSS_DEFAULT_MD OSSL_DIGEST_NAME_SHA1 56#define RSA_POSSIBLE_SELECTIONS \ 57 (OSSL_KEYMGMT_SELECT_KEYPAIR | OSSL_KEYMGMT_SELECT_OTHER_PARAMETERS) 58 59DEFINE_STACK_OF(BIGNUM) 60DEFINE_SPECIAL_STACK_OF_CONST(BIGNUM_const, BIGNUM) 61 62static int pss_params_fromdata(RSA_PSS_PARAMS_30 *pss_params, int *defaults_set, 63 const OSSL_PARAM params[], int rsa_type, 64 OSSL_LIB_CTX *libctx) 65{ 66 if (!ossl_rsa_pss_params_30_fromdata(pss_params, defaults_set, 67 params, libctx)) 68 return 0; 69 70 /* If not a PSS type RSA, sending us PSS parameters is wrong */ 71 if (rsa_type != RSA_FLAG_TYPE_RSASSAPSS 72 && !ossl_rsa_pss_params_30_is_unrestricted(pss_params)) 73 return 0; 74 75 return 1; 76} 77 78static void *rsa_newdata(void *provctx) 79{ 80 OSSL_LIB_CTX *libctx = PROV_LIBCTX_OF(provctx); 81 RSA *rsa; 82 83 if (!ossl_prov_is_running()) 84 return NULL; 85 86 rsa = ossl_rsa_new_with_ctx(libctx); 87 if (rsa != NULL) { 88 RSA_clear_flags(rsa, RSA_FLAG_TYPE_MASK); 89 RSA_set_flags(rsa, RSA_FLAG_TYPE_RSA); 90 } 91 return rsa; 92} 93 94static void *rsapss_newdata(void *provctx) 95{ 96 OSSL_LIB_CTX *libctx = PROV_LIBCTX_OF(provctx); 97 RSA *rsa; 98 99 if (!ossl_prov_is_running()) 100 return NULL; 101 102 rsa = ossl_rsa_new_with_ctx(libctx); 103 if (rsa != NULL) { 104 RSA_clear_flags(rsa, RSA_FLAG_TYPE_MASK); 105 RSA_set_flags(rsa, RSA_FLAG_TYPE_RSASSAPSS); 106 } 107 return rsa; 108} 109 110static void rsa_freedata(void *keydata) 111{ 112 RSA_free(keydata); 113} 114 115static int rsa_has(const void *keydata, int selection) 116{ 117 const RSA *rsa = keydata; 118 int ok = 1; 119 120 if (rsa == NULL || !ossl_prov_is_running()) 121 return 0; 122 if ((selection & RSA_POSSIBLE_SELECTIONS) == 0) 123 return 1; /* the selection is not missing */ 124 125 /* OSSL_KEYMGMT_SELECT_OTHER_PARAMETERS are always available even if empty */ 126 if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) 127 ok = ok && (RSA_get0_n(rsa) != NULL); 128 if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) 129 ok = ok && (RSA_get0_e(rsa) != NULL); 130 if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) 131 ok = ok && (RSA_get0_d(rsa) != NULL); 132 return ok; 133} 134 135static int rsa_match(const void *keydata1, const void *keydata2, int selection) 136{ 137 const RSA *rsa1 = keydata1; 138 const RSA *rsa2 = keydata2; 139 int ok = 1; 140 141 if (!ossl_prov_is_running()) 142 return 0; 143 144 /* There is always an |e| */ 145 ok = ok && BN_cmp(RSA_get0_e(rsa1), RSA_get0_e(rsa2)) == 0; 146 if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) { 147 int key_checked = 0; 148 149 if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) { 150 const BIGNUM *pa = RSA_get0_n(rsa1); 151 const BIGNUM *pb = RSA_get0_n(rsa2); 152 153 if (pa != NULL && pb != NULL) { 154 ok = ok && BN_cmp(pa, pb) == 0; 155 key_checked = 1; 156 } 157 } 158 if (!key_checked 159 && (selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) { 160 const BIGNUM *pa = RSA_get0_d(rsa1); 161 const BIGNUM *pb = RSA_get0_d(rsa2); 162 163 if (pa != NULL && pb != NULL) { 164 ok = ok && BN_cmp(pa, pb) == 0; 165 key_checked = 1; 166 } 167 } 168 ok = ok && key_checked; 169 } 170 return ok; 171} 172 173static int rsa_import(void *keydata, int selection, const OSSL_PARAM params[]) 174{ 175 RSA *rsa = keydata; 176 int rsa_type; 177 int ok = 1; 178 int pss_defaults_set = 0; 179 180 if (!ossl_prov_is_running() || rsa == NULL) 181 return 0; 182 183 if ((selection & RSA_POSSIBLE_SELECTIONS) == 0) 184 return 0; 185 186 rsa_type = RSA_test_flags(rsa, RSA_FLAG_TYPE_MASK); 187 188 if ((selection & OSSL_KEYMGMT_SELECT_OTHER_PARAMETERS) != 0) 189 ok = ok && pss_params_fromdata(ossl_rsa_get0_pss_params_30(rsa), 190 &pss_defaults_set, 191 params, rsa_type, 192 ossl_rsa_get0_libctx(rsa)); 193 if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) { 194 int include_private = 195 selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY ? 1 : 0; 196 197 ok = ok && ossl_rsa_fromdata(rsa, params, include_private); 198 } 199 200 return ok; 201} 202 203static int rsa_export(void *keydata, int selection, 204 OSSL_CALLBACK *param_callback, void *cbarg) 205{ 206 RSA *rsa = keydata; 207 const RSA_PSS_PARAMS_30 *pss_params = ossl_rsa_get0_pss_params_30(rsa); 208 OSSL_PARAM_BLD *tmpl; 209 OSSL_PARAM *params = NULL; 210 int ok = 1; 211 212 if (!ossl_prov_is_running() || rsa == NULL) 213 return 0; 214 215 if ((selection & RSA_POSSIBLE_SELECTIONS) == 0) 216 return 0; 217 218 tmpl = OSSL_PARAM_BLD_new(); 219 if (tmpl == NULL) 220 return 0; 221 222 if ((selection & OSSL_KEYMGMT_SELECT_OTHER_PARAMETERS) != 0) 223 ok = ok && (ossl_rsa_pss_params_30_is_unrestricted(pss_params) 224 || ossl_rsa_pss_params_30_todata(pss_params, tmpl, NULL)); 225 if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) { 226 int include_private = 227 selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY ? 1 : 0; 228 229 ok = ok && ossl_rsa_todata(rsa, tmpl, NULL, include_private); 230 } 231 232 if (!ok || (params = OSSL_PARAM_BLD_to_param(tmpl)) == NULL) { 233 ok = 0; 234 goto err; 235 } 236 237 ok = param_callback(params, cbarg); 238 OSSL_PARAM_free(params); 239err: 240 OSSL_PARAM_BLD_free(tmpl); 241 return ok; 242} 243 244#ifdef FIPS_MODULE 245/* In fips mode there are no multi-primes. */ 246# define RSA_KEY_MP_TYPES() \ 247OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR1, NULL, 0), \ 248OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR2, NULL, 0), \ 249OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT1, NULL, 0), \ 250OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT2, NULL, 0), \ 251OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_COEFFICIENT1, NULL, 0), 252#else 253/* 254 * We allow up to 10 prime factors (starting with p, q). 255 * NOTE: there is only 9 OSSL_PKEY_PARAM_RSA_COEFFICIENT 256 */ 257# define RSA_KEY_MP_TYPES() \ 258OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR1, NULL, 0), \ 259OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR2, NULL, 0), \ 260OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR3, NULL, 0), \ 261OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR4, NULL, 0), \ 262OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR5, NULL, 0), \ 263OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR6, NULL, 0), \ 264OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR7, NULL, 0), \ 265OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR8, NULL, 0), \ 266OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR9, NULL, 0), \ 267OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR10, NULL, 0), \ 268OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT1, NULL, 0), \ 269OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT2, NULL, 0), \ 270OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT3, NULL, 0), \ 271OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT4, NULL, 0), \ 272OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT5, NULL, 0), \ 273OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT6, NULL, 0), \ 274OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT7, NULL, 0), \ 275OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT8, NULL, 0), \ 276OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT9, NULL, 0), \ 277OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT10, NULL, 0), \ 278OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_COEFFICIENT1, NULL, 0), \ 279OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_COEFFICIENT2, NULL, 0), \ 280OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_COEFFICIENT3, NULL, 0), \ 281OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_COEFFICIENT4, NULL, 0), \ 282OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_COEFFICIENT5, NULL, 0), \ 283OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_COEFFICIENT6, NULL, 0), \ 284OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_COEFFICIENT7, NULL, 0), \ 285OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_COEFFICIENT8, NULL, 0), \ 286OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_COEFFICIENT9, NULL, 0), 287#endif 288 289#define RSA_KEY_TYPES() \ 290OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_N, NULL, 0), \ 291OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_E, NULL, 0), \ 292OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_D, NULL, 0), \ 293RSA_KEY_MP_TYPES() 294 295/* 296 * This provider can export everything in an RSA key, so we use the exact 297 * same type description for export as for import. Other providers might 298 * choose to import full keys, but only export the public parts, and will 299 * therefore have the importkey_types and importkey_types functions return 300 * different arrays. 301 */ 302static const OSSL_PARAM rsa_key_types[] = { 303 RSA_KEY_TYPES() 304 OSSL_PARAM_END 305}; 306/* 307 * We lied about the amount of factors, exponents and coefficients, the 308 * export and import functions can really deal with an infinite amount 309 * of these numbers. However, RSA keys with too many primes are futile, 310 * so we at least pretend to have some limits. 311 */ 312 313static const OSSL_PARAM *rsa_imexport_types(int selection) 314{ 315 if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) 316 return rsa_key_types; 317 return NULL; 318} 319 320static const OSSL_PARAM *rsa_import_types(int selection) 321{ 322 return rsa_imexport_types(selection); 323} 324 325static const OSSL_PARAM *rsa_export_types(int selection) 326{ 327 return rsa_imexport_types(selection); 328} 329 330static int rsa_get_params(void *key, OSSL_PARAM params[]) 331{ 332 RSA *rsa = key; 333 const RSA_PSS_PARAMS_30 *pss_params = ossl_rsa_get0_pss_params_30(rsa); 334 int rsa_type = RSA_test_flags(rsa, RSA_FLAG_TYPE_MASK); 335 OSSL_PARAM *p; 336 int empty = RSA_get0_n(rsa) == NULL; 337 338 if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_BITS)) != NULL 339 && (empty || !OSSL_PARAM_set_int(p, RSA_bits(rsa)))) 340 return 0; 341 if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_SECURITY_BITS)) != NULL 342 && (empty || !OSSL_PARAM_set_int(p, RSA_security_bits(rsa)))) 343 return 0; 344 if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_MAX_SIZE)) != NULL 345 && (empty || !OSSL_PARAM_set_int(p, RSA_size(rsa)))) 346 return 0; 347 348 /* 349 * For restricted RSA-PSS keys, we ignore the default digest request. 350 * With RSA-OAEP keys, this may need to be amended. 351 */ 352 if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_DEFAULT_DIGEST)) != NULL 353 && (rsa_type != RSA_FLAG_TYPE_RSASSAPSS 354 || ossl_rsa_pss_params_30_is_unrestricted(pss_params))) { 355 if (!OSSL_PARAM_set_utf8_string(p, RSA_DEFAULT_MD)) 356 return 0; 357 } 358 359 /* 360 * For non-RSA-PSS keys, we ignore the mandatory digest request. 361 * With RSA-OAEP keys, this may need to be amended. 362 */ 363 if ((p = OSSL_PARAM_locate(params, 364 OSSL_PKEY_PARAM_MANDATORY_DIGEST)) != NULL 365 && rsa_type == RSA_FLAG_TYPE_RSASSAPSS 366 && !ossl_rsa_pss_params_30_is_unrestricted(pss_params)) { 367 const char *mdname = 368 ossl_rsa_oaeppss_nid2name(ossl_rsa_pss_params_30_hashalg(pss_params)); 369 370 if (mdname == NULL || !OSSL_PARAM_set_utf8_string(p, mdname)) 371 return 0; 372 } 373 return (rsa_type != RSA_FLAG_TYPE_RSASSAPSS 374 || ossl_rsa_pss_params_30_todata(pss_params, NULL, params)) 375 && ossl_rsa_todata(rsa, NULL, params, 1); 376} 377 378static const OSSL_PARAM rsa_params[] = { 379 OSSL_PARAM_int(OSSL_PKEY_PARAM_BITS, NULL), 380 OSSL_PARAM_int(OSSL_PKEY_PARAM_SECURITY_BITS, NULL), 381 OSSL_PARAM_int(OSSL_PKEY_PARAM_MAX_SIZE, NULL), 382 OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_DEFAULT_DIGEST, NULL, 0), 383 RSA_KEY_TYPES() 384 OSSL_PARAM_END 385}; 386 387static const OSSL_PARAM *rsa_gettable_params(void *provctx) 388{ 389 return rsa_params; 390} 391 392static int rsa_validate(const void *keydata, int selection, int checktype) 393{ 394 const RSA *rsa = keydata; 395 int ok = 1; 396 397 if (!ossl_prov_is_running()) 398 return 0; 399 400 if ((selection & RSA_POSSIBLE_SELECTIONS) == 0) 401 return 1; /* nothing to validate */ 402 403 /* If the whole key is selected, we do a pairwise validation */ 404 if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) 405 == OSSL_KEYMGMT_SELECT_KEYPAIR) { 406 ok = ok && ossl_rsa_validate_pairwise(rsa); 407 } else { 408 if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) 409 ok = ok && ossl_rsa_validate_private(rsa); 410 if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) 411 ok = ok && ossl_rsa_validate_public(rsa); 412 } 413 return ok; 414} 415 416struct rsa_gen_ctx { 417 OSSL_LIB_CTX *libctx; 418 const char *propq; 419 420 int rsa_type; 421 422 size_t nbits; 423 BIGNUM *pub_exp; 424 size_t primes; 425 426 /* For PSS */ 427 RSA_PSS_PARAMS_30 pss_params; 428 int pss_defaults_set; 429 430 /* For generation callback */ 431 OSSL_CALLBACK *cb; 432 void *cbarg; 433 434#if defined(FIPS_MODULE) && !defined(OPENSSL_NO_ACVP_TESTS) 435 /* ACVP test parameters */ 436 OSSL_PARAM *acvp_test_params; 437#endif 438}; 439 440static int rsa_gencb(int p, int n, BN_GENCB *cb) 441{ 442 struct rsa_gen_ctx *gctx = BN_GENCB_get_arg(cb); 443 OSSL_PARAM params[] = { OSSL_PARAM_END, OSSL_PARAM_END, OSSL_PARAM_END }; 444 445 params[0] = OSSL_PARAM_construct_int(OSSL_GEN_PARAM_POTENTIAL, &p); 446 params[1] = OSSL_PARAM_construct_int(OSSL_GEN_PARAM_ITERATION, &n); 447 return gctx->cb(params, gctx->cbarg); 448} 449 450static void *gen_init(void *provctx, int selection, int rsa_type, 451 const OSSL_PARAM params[]) 452{ 453 OSSL_LIB_CTX *libctx = PROV_LIBCTX_OF(provctx); 454 struct rsa_gen_ctx *gctx = NULL; 455 456 if (!ossl_prov_is_running()) 457 return NULL; 458 459 if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) == 0) 460 return NULL; 461 462 if ((gctx = OPENSSL_zalloc(sizeof(*gctx))) != NULL) { 463 gctx->libctx = libctx; 464 if ((gctx->pub_exp = BN_new()) == NULL 465 || !BN_set_word(gctx->pub_exp, RSA_F4)) { 466 goto err; 467 } 468 gctx->nbits = 2048; 469 gctx->primes = RSA_DEFAULT_PRIME_NUM; 470 gctx->rsa_type = rsa_type; 471 } else { 472 goto err; 473 } 474 475 if (!rsa_gen_set_params(gctx, params)) 476 goto err; 477 return gctx; 478 479err: 480 if (gctx != NULL) 481 BN_free(gctx->pub_exp); 482 OPENSSL_free(gctx); 483 return NULL; 484} 485 486static void *rsa_gen_init(void *provctx, int selection, 487 const OSSL_PARAM params[]) 488{ 489 return gen_init(provctx, selection, RSA_FLAG_TYPE_RSA, params); 490} 491 492static void *rsapss_gen_init(void *provctx, int selection, 493 const OSSL_PARAM params[]) 494{ 495 return gen_init(provctx, selection, RSA_FLAG_TYPE_RSASSAPSS, params); 496} 497 498/* 499 * This function is common for all RSA sub-types, to detect possible 500 * misuse, such as PSS parameters being passed when a plain RSA key 501 * is generated. 502 */ 503static int rsa_gen_set_params(void *genctx, const OSSL_PARAM params[]) 504{ 505 struct rsa_gen_ctx *gctx = genctx; 506 const OSSL_PARAM *p; 507 508 if (params == NULL) 509 return 1; 510 511 if ((p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_BITS)) != NULL) { 512 if (!OSSL_PARAM_get_size_t(p, &gctx->nbits)) 513 return 0; 514 if (gctx->nbits < RSA_MIN_MODULUS_BITS) { 515 ERR_raise(ERR_LIB_PROV, PROV_R_KEY_SIZE_TOO_SMALL); 516 return 0; 517 } 518 } 519 if ((p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_PRIMES)) != NULL 520 && !OSSL_PARAM_get_size_t(p, &gctx->primes)) 521 return 0; 522 if ((p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_E)) != NULL 523 && !OSSL_PARAM_get_BN(p, &gctx->pub_exp)) 524 return 0; 525 /* Only attempt to get PSS parameters when generating an RSA-PSS key */ 526 if (gctx->rsa_type == RSA_FLAG_TYPE_RSASSAPSS 527 && !pss_params_fromdata(&gctx->pss_params, &gctx->pss_defaults_set, params, 528 gctx->rsa_type, gctx->libctx)) 529 return 0; 530#if defined(FIPS_MODULE) && !defined(OPENSSL_NO_ACVP_TESTS) 531 /* Any ACVP test related parameters are copied into a params[] */ 532 if (!ossl_rsa_acvp_test_gen_params_new(&gctx->acvp_test_params, params)) 533 return 0; 534#endif 535 return 1; 536} 537 538#define rsa_gen_basic \ 539 OSSL_PARAM_size_t(OSSL_PKEY_PARAM_RSA_BITS, NULL), \ 540 OSSL_PARAM_size_t(OSSL_PKEY_PARAM_RSA_PRIMES, NULL), \ 541 OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_E, NULL, 0) 542 543/* 544 * The following must be kept in sync with ossl_rsa_pss_params_30_fromdata() 545 * in crypto/rsa/rsa_backend.c 546 */ 547#define rsa_gen_pss \ 548 OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_RSA_DIGEST, NULL, 0), \ 549 OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_RSA_DIGEST_PROPS, NULL, 0), \ 550 OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_RSA_MASKGENFUNC, NULL, 0), \ 551 OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_RSA_MGF1_DIGEST, NULL, 0), \ 552 OSSL_PARAM_int(OSSL_PKEY_PARAM_RSA_PSS_SALTLEN, NULL) 553 554static const OSSL_PARAM *rsa_gen_settable_params(ossl_unused void *genctx, 555 ossl_unused void *provctx) 556{ 557 static OSSL_PARAM settable[] = { 558 rsa_gen_basic, 559 OSSL_PARAM_END 560 }; 561 562 return settable; 563} 564 565static const OSSL_PARAM *rsapss_gen_settable_params(ossl_unused void *genctx, 566 ossl_unused void *provctx) 567{ 568 static OSSL_PARAM settable[] = { 569 rsa_gen_basic, 570 rsa_gen_pss, 571 OSSL_PARAM_END 572 }; 573 574 return settable; 575} 576 577static void *rsa_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg) 578{ 579 struct rsa_gen_ctx *gctx = genctx; 580 RSA *rsa = NULL, *rsa_tmp = NULL; 581 BN_GENCB *gencb = NULL; 582 583 if (!ossl_prov_is_running() || gctx == NULL) 584 return NULL; 585 586 switch (gctx->rsa_type) { 587 case RSA_FLAG_TYPE_RSA: 588 /* For plain RSA keys, PSS parameters must not be set */ 589 if (!ossl_rsa_pss_params_30_is_unrestricted(&gctx->pss_params)) 590 goto err; 591 break; 592 case RSA_FLAG_TYPE_RSASSAPSS: 593 /* 594 * For plain RSA-PSS keys, PSS parameters may be set but don't have 595 * to, so not check. 596 */ 597 break; 598 default: 599 /* Unsupported RSA key sub-type... */ 600 return NULL; 601 } 602 603 if ((rsa_tmp = ossl_rsa_new_with_ctx(gctx->libctx)) == NULL) 604 return NULL; 605 606 gctx->cb = osslcb; 607 gctx->cbarg = cbarg; 608 gencb = BN_GENCB_new(); 609 if (gencb != NULL) 610 BN_GENCB_set(gencb, rsa_gencb, genctx); 611 612#if defined(FIPS_MODULE) && !defined(OPENSSL_NO_ACVP_TESTS) 613 if (gctx->acvp_test_params != NULL) { 614 if (!ossl_rsa_acvp_test_set_params(rsa_tmp, gctx->acvp_test_params)) 615 goto err; 616 } 617#endif 618 619 if (!RSA_generate_multi_prime_key(rsa_tmp, 620 (int)gctx->nbits, (int)gctx->primes, 621 gctx->pub_exp, gencb)) 622 goto err; 623 624 if (!ossl_rsa_pss_params_30_copy(ossl_rsa_get0_pss_params_30(rsa_tmp), 625 &gctx->pss_params)) 626 goto err; 627 628 RSA_clear_flags(rsa_tmp, RSA_FLAG_TYPE_MASK); 629 RSA_set_flags(rsa_tmp, gctx->rsa_type); 630 631 rsa = rsa_tmp; 632 rsa_tmp = NULL; 633 err: 634 BN_GENCB_free(gencb); 635 RSA_free(rsa_tmp); 636 return rsa; 637} 638 639static void rsa_gen_cleanup(void *genctx) 640{ 641 struct rsa_gen_ctx *gctx = genctx; 642 643 if (gctx == NULL) 644 return; 645#if defined(FIPS_MODULE) && !defined(OPENSSL_NO_ACVP_TESTS) 646 ossl_rsa_acvp_test_gen_params_free(gctx->acvp_test_params); 647 gctx->acvp_test_params = NULL; 648#endif 649 BN_clear_free(gctx->pub_exp); 650 OPENSSL_free(gctx); 651} 652 653static void *common_load(const void *reference, size_t reference_sz, 654 int expected_rsa_type) 655{ 656 RSA *rsa = NULL; 657 658 if (ossl_prov_is_running() && reference_sz == sizeof(rsa)) { 659 /* The contents of the reference is the address to our object */ 660 rsa = *(RSA **)reference; 661 662 if (RSA_test_flags(rsa, RSA_FLAG_TYPE_MASK) != expected_rsa_type) 663 return NULL; 664 665 /* We grabbed, so we detach it */ 666 *(RSA **)reference = NULL; 667 return rsa; 668 } 669 return NULL; 670} 671 672static void *rsa_load(const void *reference, size_t reference_sz) 673{ 674 return common_load(reference, reference_sz, RSA_FLAG_TYPE_RSA); 675} 676 677static void *rsapss_load(const void *reference, size_t reference_sz) 678{ 679 return common_load(reference, reference_sz, RSA_FLAG_TYPE_RSASSAPSS); 680} 681 682static void *rsa_dup(const void *keydata_from, int selection) 683{ 684 if (ossl_prov_is_running() 685 /* do not allow creating empty keys by duplication */ 686 && (selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) 687 return ossl_rsa_dup(keydata_from, selection); 688 return NULL; 689} 690 691/* For any RSA key, we use the "RSA" algorithms regardless of sub-type. */ 692static const char *rsa_query_operation_name(int operation_id) 693{ 694 return "RSA"; 695} 696 697const OSSL_DISPATCH ossl_rsa_keymgmt_functions[] = { 698 { OSSL_FUNC_KEYMGMT_NEW, (void (*)(void))rsa_newdata }, 699 { OSSL_FUNC_KEYMGMT_GEN_INIT, (void (*)(void))rsa_gen_init }, 700 { OSSL_FUNC_KEYMGMT_GEN_SET_PARAMS, 701 (void (*)(void))rsa_gen_set_params }, 702 { OSSL_FUNC_KEYMGMT_GEN_SETTABLE_PARAMS, 703 (void (*)(void))rsa_gen_settable_params }, 704 { OSSL_FUNC_KEYMGMT_GEN, (void (*)(void))rsa_gen }, 705 { OSSL_FUNC_KEYMGMT_GEN_CLEANUP, (void (*)(void))rsa_gen_cleanup }, 706 { OSSL_FUNC_KEYMGMT_LOAD, (void (*)(void))rsa_load }, 707 { OSSL_FUNC_KEYMGMT_FREE, (void (*)(void))rsa_freedata }, 708 { OSSL_FUNC_KEYMGMT_GET_PARAMS, (void (*) (void))rsa_get_params }, 709 { OSSL_FUNC_KEYMGMT_GETTABLE_PARAMS, (void (*) (void))rsa_gettable_params }, 710 { OSSL_FUNC_KEYMGMT_HAS, (void (*)(void))rsa_has }, 711 { OSSL_FUNC_KEYMGMT_MATCH, (void (*)(void))rsa_match }, 712 { OSSL_FUNC_KEYMGMT_VALIDATE, (void (*)(void))rsa_validate }, 713 { OSSL_FUNC_KEYMGMT_IMPORT, (void (*)(void))rsa_import }, 714 { OSSL_FUNC_KEYMGMT_IMPORT_TYPES, (void (*)(void))rsa_import_types }, 715 { OSSL_FUNC_KEYMGMT_EXPORT, (void (*)(void))rsa_export }, 716 { OSSL_FUNC_KEYMGMT_EXPORT_TYPES, (void (*)(void))rsa_export_types }, 717 { OSSL_FUNC_KEYMGMT_DUP, (void (*)(void))rsa_dup }, 718 { 0, NULL } 719}; 720 721const OSSL_DISPATCH ossl_rsapss_keymgmt_functions[] = { 722 { OSSL_FUNC_KEYMGMT_NEW, (void (*)(void))rsapss_newdata }, 723 { OSSL_FUNC_KEYMGMT_GEN_INIT, (void (*)(void))rsapss_gen_init }, 724 { OSSL_FUNC_KEYMGMT_GEN_SET_PARAMS, (void (*)(void))rsa_gen_set_params }, 725 { OSSL_FUNC_KEYMGMT_GEN_SETTABLE_PARAMS, 726 (void (*)(void))rsapss_gen_settable_params }, 727 { OSSL_FUNC_KEYMGMT_GEN, (void (*)(void))rsa_gen }, 728 { OSSL_FUNC_KEYMGMT_GEN_CLEANUP, (void (*)(void))rsa_gen_cleanup }, 729 { OSSL_FUNC_KEYMGMT_LOAD, (void (*)(void))rsapss_load }, 730 { OSSL_FUNC_KEYMGMT_FREE, (void (*)(void))rsa_freedata }, 731 { OSSL_FUNC_KEYMGMT_GET_PARAMS, (void (*) (void))rsa_get_params }, 732 { OSSL_FUNC_KEYMGMT_GETTABLE_PARAMS, (void (*) (void))rsa_gettable_params }, 733 { OSSL_FUNC_KEYMGMT_HAS, (void (*)(void))rsa_has }, 734 { OSSL_FUNC_KEYMGMT_MATCH, (void (*)(void))rsa_match }, 735 { OSSL_FUNC_KEYMGMT_VALIDATE, (void (*)(void))rsa_validate }, 736 { OSSL_FUNC_KEYMGMT_IMPORT, (void (*)(void))rsa_import }, 737 { OSSL_FUNC_KEYMGMT_IMPORT_TYPES, (void (*)(void))rsa_import_types }, 738 { OSSL_FUNC_KEYMGMT_EXPORT, (void (*)(void))rsa_export }, 739 { OSSL_FUNC_KEYMGMT_EXPORT_TYPES, (void (*)(void))rsa_export_types }, 740 { OSSL_FUNC_KEYMGMT_QUERY_OPERATION_NAME, 741 (void (*)(void))rsa_query_operation_name }, 742 { OSSL_FUNC_KEYMGMT_DUP, (void (*)(void))rsa_dup }, 743 { 0, NULL } 744}; 745