1 /* 2 * Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved. 3 * 4 * Licensed under the Apache License 2.0 (the "License"). You may not use 5 * this file except in compliance with the License. You can obtain a copy 6 * in the file LICENSE in the source distribution or at 7 * https://www.openssl.org/source/license.html 8 */ 9 10 /* 11 * RSA low level APIs are deprecated for public use, but still ok for 12 * internal use. 13 */ 14 #include "internal/deprecated.h" 15 16 #include <openssl/core_dispatch.h> 17 #include <openssl/core_names.h> 18 #include <openssl/bn.h> 19 #include <openssl/err.h> 20 #include <openssl/rsa.h> 21 #include <openssl/evp.h> 22 #include <openssl/proverr.h> 23 #include "prov/implementations.h" 24 #include "prov/providercommon.h" 25 #include "prov/provider_ctx.h" 26 #include "crypto/rsa.h" 27 #include "crypto/cryptlib.h" 28 #include "internal/param_build_set.h" 29 30 static OSSL_FUNC_keymgmt_new_fn rsa_newdata; 31 static OSSL_FUNC_keymgmt_new_fn rsapss_newdata; 32 static OSSL_FUNC_keymgmt_gen_init_fn rsa_gen_init; 33 static OSSL_FUNC_keymgmt_gen_init_fn rsapss_gen_init; 34 static OSSL_FUNC_keymgmt_gen_set_params_fn rsa_gen_set_params; 35 static OSSL_FUNC_keymgmt_gen_settable_params_fn rsa_gen_settable_params; 36 static OSSL_FUNC_keymgmt_gen_settable_params_fn rsapss_gen_settable_params; 37 static OSSL_FUNC_keymgmt_gen_fn rsa_gen; 38 static OSSL_FUNC_keymgmt_gen_cleanup_fn rsa_gen_cleanup; 39 static OSSL_FUNC_keymgmt_load_fn rsa_load; 40 static OSSL_FUNC_keymgmt_load_fn rsapss_load; 41 static OSSL_FUNC_keymgmt_free_fn rsa_freedata; 42 static OSSL_FUNC_keymgmt_get_params_fn rsa_get_params; 43 static OSSL_FUNC_keymgmt_gettable_params_fn rsa_gettable_params; 44 static OSSL_FUNC_keymgmt_has_fn rsa_has; 45 static OSSL_FUNC_keymgmt_match_fn rsa_match; 46 static OSSL_FUNC_keymgmt_validate_fn rsa_validate; 47 static OSSL_FUNC_keymgmt_import_fn rsa_import; 48 static OSSL_FUNC_keymgmt_import_types_fn rsa_import_types; 49 static OSSL_FUNC_keymgmt_export_fn rsa_export; 50 static OSSL_FUNC_keymgmt_export_types_fn rsa_export_types; 51 static OSSL_FUNC_keymgmt_query_operation_name_fn rsa_query_operation_name; 52 static OSSL_FUNC_keymgmt_dup_fn rsa_dup; 53 54 #define RSA_DEFAULT_MD "SHA256" 55 #define RSA_POSSIBLE_SELECTIONS \ 56 (OSSL_KEYMGMT_SELECT_KEYPAIR | OSSL_KEYMGMT_SELECT_OTHER_PARAMETERS) 57 58 DEFINE_STACK_OF(BIGNUM) 59 DEFINE_SPECIAL_STACK_OF_CONST(BIGNUM_const, BIGNUM) 60 61 static int pss_params_fromdata(RSA_PSS_PARAMS_30 *pss_params, int *defaults_set, 62 const OSSL_PARAM params[], int rsa_type, 63 OSSL_LIB_CTX *libctx) 64 { 65 if (!ossl_rsa_pss_params_30_fromdata(pss_params, defaults_set, 66 params, libctx)) 67 return 0; 68 69 /* If not a PSS type RSA, sending us PSS parameters is wrong */ 70 if (rsa_type != RSA_FLAG_TYPE_RSASSAPSS 71 && !ossl_rsa_pss_params_30_is_unrestricted(pss_params)) 72 return 0; 73 74 return 1; 75 } 76 77 static void *rsa_newdata(void *provctx) 78 { 79 OSSL_LIB_CTX *libctx = PROV_LIBCTX_OF(provctx); 80 RSA *rsa; 81 82 if (!ossl_prov_is_running()) 83 return NULL; 84 85 rsa = ossl_rsa_new_with_ctx(libctx); 86 if (rsa != NULL) { 87 RSA_clear_flags(rsa, RSA_FLAG_TYPE_MASK); 88 RSA_set_flags(rsa, RSA_FLAG_TYPE_RSA); 89 } 90 return rsa; 91 } 92 93 static void *rsapss_newdata(void *provctx) 94 { 95 OSSL_LIB_CTX *libctx = PROV_LIBCTX_OF(provctx); 96 RSA *rsa; 97 98 if (!ossl_prov_is_running()) 99 return NULL; 100 101 rsa = ossl_rsa_new_with_ctx(libctx); 102 if (rsa != NULL) { 103 RSA_clear_flags(rsa, RSA_FLAG_TYPE_MASK); 104 RSA_set_flags(rsa, RSA_FLAG_TYPE_RSASSAPSS); 105 } 106 return rsa; 107 } 108 109 static void rsa_freedata(void *keydata) 110 { 111 RSA_free(keydata); 112 } 113 114 static int rsa_has(const void *keydata, int selection) 115 { 116 const RSA *rsa = keydata; 117 int ok = 1; 118 119 if (rsa == NULL || !ossl_prov_is_running()) 120 return 0; 121 if ((selection & RSA_POSSIBLE_SELECTIONS) == 0) 122 return 1; /* the selection is not missing */ 123 124 /* OSSL_KEYMGMT_SELECT_OTHER_PARAMETERS are always available even if empty */ 125 if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) 126 ok = ok && (RSA_get0_n(rsa) != NULL); 127 if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) 128 ok = ok && (RSA_get0_e(rsa) != NULL); 129 if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) 130 ok = ok && (RSA_get0_d(rsa) != NULL); 131 return ok; 132 } 133 134 static int rsa_match(const void *keydata1, const void *keydata2, int selection) 135 { 136 const RSA *rsa1 = keydata1; 137 const RSA *rsa2 = keydata2; 138 int ok = 1; 139 140 if (!ossl_prov_is_running()) 141 return 0; 142 143 /* There is always an |e| */ 144 ok = ok && BN_cmp(RSA_get0_e(rsa1), RSA_get0_e(rsa2)) == 0; 145 if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) { 146 int key_checked = 0; 147 148 if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) { 149 const BIGNUM *pa = RSA_get0_n(rsa1); 150 const BIGNUM *pb = RSA_get0_n(rsa2); 151 152 if (pa != NULL && pb != NULL) { 153 ok = ok && BN_cmp(pa, pb) == 0; 154 key_checked = 1; 155 } 156 } 157 if (!key_checked 158 && (selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) { 159 const BIGNUM *pa = RSA_get0_d(rsa1); 160 const BIGNUM *pb = RSA_get0_d(rsa2); 161 162 if (pa != NULL && pb != NULL) { 163 ok = ok && BN_cmp(pa, pb) == 0; 164 key_checked = 1; 165 } 166 } 167 ok = ok && key_checked; 168 } 169 return ok; 170 } 171 172 static int rsa_import(void *keydata, int selection, const OSSL_PARAM params[]) 173 { 174 RSA *rsa = keydata; 175 int rsa_type; 176 int ok = 1; 177 int pss_defaults_set = 0; 178 179 if (!ossl_prov_is_running() || rsa == NULL) 180 return 0; 181 182 if ((selection & RSA_POSSIBLE_SELECTIONS) == 0) 183 return 0; 184 185 rsa_type = RSA_test_flags(rsa, RSA_FLAG_TYPE_MASK); 186 187 if ((selection & OSSL_KEYMGMT_SELECT_OTHER_PARAMETERS) != 0) 188 ok = ok && pss_params_fromdata(ossl_rsa_get0_pss_params_30(rsa), 189 &pss_defaults_set, 190 params, rsa_type, 191 ossl_rsa_get0_libctx(rsa)); 192 if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) { 193 int include_private = 194 selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY ? 1 : 0; 195 196 ok = ok && ossl_rsa_fromdata(rsa, params, include_private); 197 } 198 199 return ok; 200 } 201 202 static int rsa_export(void *keydata, int selection, 203 OSSL_CALLBACK *param_callback, void *cbarg) 204 { 205 RSA *rsa = keydata; 206 const RSA_PSS_PARAMS_30 *pss_params = ossl_rsa_get0_pss_params_30(rsa); 207 OSSL_PARAM_BLD *tmpl; 208 OSSL_PARAM *params = NULL; 209 int ok = 1; 210 211 if (!ossl_prov_is_running() || rsa == NULL) 212 return 0; 213 214 if ((selection & RSA_POSSIBLE_SELECTIONS) == 0) 215 return 0; 216 217 tmpl = OSSL_PARAM_BLD_new(); 218 if (tmpl == NULL) 219 return 0; 220 221 if ((selection & OSSL_KEYMGMT_SELECT_OTHER_PARAMETERS) != 0) 222 ok = ok && (ossl_rsa_pss_params_30_is_unrestricted(pss_params) 223 || ossl_rsa_pss_params_30_todata(pss_params, tmpl, NULL)); 224 if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) { 225 int include_private = 226 selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY ? 1 : 0; 227 228 ok = ok && ossl_rsa_todata(rsa, tmpl, NULL, include_private); 229 } 230 231 if (!ok || (params = OSSL_PARAM_BLD_to_param(tmpl)) == NULL) { 232 ok = 0; 233 goto err; 234 } 235 236 ok = param_callback(params, cbarg); 237 OSSL_PARAM_free(params); 238 err: 239 OSSL_PARAM_BLD_free(tmpl); 240 return ok; 241 } 242 243 #ifdef FIPS_MODULE 244 /* In fips mode there are no multi-primes. */ 245 # define RSA_KEY_MP_TYPES() \ 246 OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR1, NULL, 0), \ 247 OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR2, NULL, 0), \ 248 OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT1, NULL, 0), \ 249 OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT2, NULL, 0), \ 250 OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_COEFFICIENT1, NULL, 0), 251 #else 252 /* 253 * We allow up to 10 prime factors (starting with p, q). 254 * NOTE: there is only 9 OSSL_PKEY_PARAM_RSA_COEFFICIENT 255 */ 256 # define RSA_KEY_MP_TYPES() \ 257 OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR1, NULL, 0), \ 258 OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR2, NULL, 0), \ 259 OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR3, NULL, 0), \ 260 OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR4, NULL, 0), \ 261 OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR5, NULL, 0), \ 262 OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR6, NULL, 0), \ 263 OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR7, NULL, 0), \ 264 OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR8, NULL, 0), \ 265 OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR9, NULL, 0), \ 266 OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR10, NULL, 0), \ 267 OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT1, NULL, 0), \ 268 OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT2, NULL, 0), \ 269 OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT3, NULL, 0), \ 270 OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT4, NULL, 0), \ 271 OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT5, NULL, 0), \ 272 OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT6, NULL, 0), \ 273 OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT7, NULL, 0), \ 274 OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT8, NULL, 0), \ 275 OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT9, NULL, 0), \ 276 OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT10, NULL, 0), \ 277 OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_COEFFICIENT1, NULL, 0), \ 278 OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_COEFFICIENT2, NULL, 0), \ 279 OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_COEFFICIENT3, NULL, 0), \ 280 OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_COEFFICIENT4, NULL, 0), \ 281 OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_COEFFICIENT5, NULL, 0), \ 282 OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_COEFFICIENT6, NULL, 0), \ 283 OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_COEFFICIENT7, NULL, 0), \ 284 OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_COEFFICIENT8, NULL, 0), \ 285 OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_COEFFICIENT9, NULL, 0), 286 #endif 287 288 #define RSA_KEY_TYPES() \ 289 OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_N, NULL, 0), \ 290 OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_E, NULL, 0), \ 291 OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_D, NULL, 0), \ 292 RSA_KEY_MP_TYPES() 293 294 /* 295 * This provider can export everything in an RSA key, so we use the exact 296 * same type description for export as for import. Other providers might 297 * choose to import full keys, but only export the public parts, and will 298 * therefore have the importkey_types and importkey_types functions return 299 * different arrays. 300 */ 301 static const OSSL_PARAM rsa_key_types[] = { 302 RSA_KEY_TYPES() 303 OSSL_PARAM_END 304 }; 305 /* 306 * We lied about the amount of factors, exponents and coefficients, the 307 * export and import functions can really deal with an infinite amount 308 * of these numbers. However, RSA keys with too many primes are futile, 309 * so we at least pretend to have some limits. 310 */ 311 312 static const OSSL_PARAM *rsa_imexport_types(int selection) 313 { 314 if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) 315 return rsa_key_types; 316 return NULL; 317 } 318 319 static const OSSL_PARAM *rsa_import_types(int selection) 320 { 321 return rsa_imexport_types(selection); 322 } 323 324 static const OSSL_PARAM *rsa_export_types(int selection) 325 { 326 return rsa_imexport_types(selection); 327 } 328 329 static int rsa_get_params(void *key, OSSL_PARAM params[]) 330 { 331 RSA *rsa = key; 332 const RSA_PSS_PARAMS_30 *pss_params = ossl_rsa_get0_pss_params_30(rsa); 333 int rsa_type = RSA_test_flags(rsa, RSA_FLAG_TYPE_MASK); 334 OSSL_PARAM *p; 335 int empty = RSA_get0_n(rsa) == NULL; 336 337 if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_BITS)) != NULL 338 && (empty || !OSSL_PARAM_set_int(p, RSA_bits(rsa)))) 339 return 0; 340 if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_SECURITY_BITS)) != NULL 341 && (empty || !OSSL_PARAM_set_int(p, RSA_security_bits(rsa)))) 342 return 0; 343 if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_MAX_SIZE)) != NULL 344 && (empty || !OSSL_PARAM_set_int(p, RSA_size(rsa)))) 345 return 0; 346 347 /* 348 * For restricted RSA-PSS keys, we ignore the default digest request. 349 * With RSA-OAEP keys, this may need to be amended. 350 */ 351 if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_DEFAULT_DIGEST)) != NULL 352 && (rsa_type != RSA_FLAG_TYPE_RSASSAPSS 353 || ossl_rsa_pss_params_30_is_unrestricted(pss_params))) { 354 if (!OSSL_PARAM_set_utf8_string(p, RSA_DEFAULT_MD)) 355 return 0; 356 } 357 358 /* 359 * For non-RSA-PSS keys, we ignore the mandatory digest request. 360 * With RSA-OAEP keys, this may need to be amended. 361 */ 362 if ((p = OSSL_PARAM_locate(params, 363 OSSL_PKEY_PARAM_MANDATORY_DIGEST)) != NULL 364 && rsa_type == RSA_FLAG_TYPE_RSASSAPSS 365 && !ossl_rsa_pss_params_30_is_unrestricted(pss_params)) { 366 const char *mdname = 367 ossl_rsa_oaeppss_nid2name(ossl_rsa_pss_params_30_hashalg(pss_params)); 368 369 if (mdname == NULL || !OSSL_PARAM_set_utf8_string(p, mdname)) 370 return 0; 371 } 372 return (rsa_type != RSA_FLAG_TYPE_RSASSAPSS 373 || ossl_rsa_pss_params_30_todata(pss_params, NULL, params)) 374 && ossl_rsa_todata(rsa, NULL, params, 1); 375 } 376 377 static const OSSL_PARAM rsa_params[] = { 378 OSSL_PARAM_int(OSSL_PKEY_PARAM_BITS, NULL), 379 OSSL_PARAM_int(OSSL_PKEY_PARAM_SECURITY_BITS, NULL), 380 OSSL_PARAM_int(OSSL_PKEY_PARAM_MAX_SIZE, NULL), 381 OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_DEFAULT_DIGEST, NULL, 0), 382 RSA_KEY_TYPES() 383 OSSL_PARAM_END 384 }; 385 386 static const OSSL_PARAM *rsa_gettable_params(void *provctx) 387 { 388 return rsa_params; 389 } 390 391 static int rsa_validate(const void *keydata, int selection, int checktype) 392 { 393 const RSA *rsa = keydata; 394 int ok = 1; 395 396 if (!ossl_prov_is_running()) 397 return 0; 398 399 if ((selection & RSA_POSSIBLE_SELECTIONS) == 0) 400 return 1; /* nothing to validate */ 401 402 /* If the whole key is selected, we do a pairwise validation */ 403 if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) 404 == OSSL_KEYMGMT_SELECT_KEYPAIR) { 405 ok = ok && ossl_rsa_validate_pairwise(rsa); 406 } else { 407 if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) 408 ok = ok && ossl_rsa_validate_private(rsa); 409 if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) 410 ok = ok && ossl_rsa_validate_public(rsa); 411 } 412 return ok; 413 } 414 415 struct rsa_gen_ctx { 416 OSSL_LIB_CTX *libctx; 417 const char *propq; 418 419 int rsa_type; 420 421 size_t nbits; 422 BIGNUM *pub_exp; 423 size_t primes; 424 425 /* For PSS */ 426 RSA_PSS_PARAMS_30 pss_params; 427 int pss_defaults_set; 428 429 /* For generation callback */ 430 OSSL_CALLBACK *cb; 431 void *cbarg; 432 433 #if defined(FIPS_MODULE) && !defined(OPENSSL_NO_ACVP_TESTS) 434 /* ACVP test parameters */ 435 OSSL_PARAM *acvp_test_params; 436 #endif 437 }; 438 439 static int rsa_gencb(int p, int n, BN_GENCB *cb) 440 { 441 struct rsa_gen_ctx *gctx = BN_GENCB_get_arg(cb); 442 OSSL_PARAM params[] = { OSSL_PARAM_END, OSSL_PARAM_END, OSSL_PARAM_END }; 443 444 params[0] = OSSL_PARAM_construct_int(OSSL_GEN_PARAM_POTENTIAL, &p); 445 params[1] = OSSL_PARAM_construct_int(OSSL_GEN_PARAM_ITERATION, &n); 446 return gctx->cb(params, gctx->cbarg); 447 } 448 449 static void *gen_init(void *provctx, int selection, int rsa_type, 450 const OSSL_PARAM params[]) 451 { 452 OSSL_LIB_CTX *libctx = PROV_LIBCTX_OF(provctx); 453 struct rsa_gen_ctx *gctx = NULL; 454 455 if (!ossl_prov_is_running()) 456 return NULL; 457 458 if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) == 0) 459 return NULL; 460 461 if ((gctx = OPENSSL_zalloc(sizeof(*gctx))) != NULL) { 462 gctx->libctx = libctx; 463 if ((gctx->pub_exp = BN_new()) == NULL 464 || !BN_set_word(gctx->pub_exp, RSA_F4)) { 465 goto err; 466 } 467 gctx->nbits = 2048; 468 gctx->primes = RSA_DEFAULT_PRIME_NUM; 469 gctx->rsa_type = rsa_type; 470 } else { 471 goto err; 472 } 473 474 if (!rsa_gen_set_params(gctx, params)) 475 goto err; 476 return gctx; 477 478 err: 479 if (gctx != NULL) 480 BN_free(gctx->pub_exp); 481 OPENSSL_free(gctx); 482 return NULL; 483 } 484 485 static void *rsa_gen_init(void *provctx, int selection, 486 const OSSL_PARAM params[]) 487 { 488 return gen_init(provctx, selection, RSA_FLAG_TYPE_RSA, params); 489 } 490 491 static void *rsapss_gen_init(void *provctx, int selection, 492 const OSSL_PARAM params[]) 493 { 494 return gen_init(provctx, selection, RSA_FLAG_TYPE_RSASSAPSS, params); 495 } 496 497 /* 498 * This function is common for all RSA sub-types, to detect possible 499 * misuse, such as PSS parameters being passed when a plain RSA key 500 * is generated. 501 */ 502 static int rsa_gen_set_params(void *genctx, const OSSL_PARAM params[]) 503 { 504 struct rsa_gen_ctx *gctx = genctx; 505 const OSSL_PARAM *p; 506 507 if (ossl_param_is_empty(params)) 508 return 1; 509 510 if ((p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_BITS)) != NULL) { 511 if (!OSSL_PARAM_get_size_t(p, &gctx->nbits)) 512 return 0; 513 if (gctx->nbits < RSA_MIN_MODULUS_BITS) { 514 ERR_raise(ERR_LIB_PROV, PROV_R_KEY_SIZE_TOO_SMALL); 515 return 0; 516 } 517 } 518 if ((p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_PRIMES)) != NULL 519 && !OSSL_PARAM_get_size_t(p, &gctx->primes)) 520 return 0; 521 if ((p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_E)) != NULL 522 && !OSSL_PARAM_get_BN(p, &gctx->pub_exp)) 523 return 0; 524 /* Only attempt to get PSS parameters when generating an RSA-PSS key */ 525 if (gctx->rsa_type == RSA_FLAG_TYPE_RSASSAPSS 526 && !pss_params_fromdata(&gctx->pss_params, &gctx->pss_defaults_set, params, 527 gctx->rsa_type, gctx->libctx)) 528 return 0; 529 #if defined(FIPS_MODULE) && !defined(OPENSSL_NO_ACVP_TESTS) 530 /* Any ACVP test related parameters are copied into a params[] */ 531 if (!ossl_rsa_acvp_test_gen_params_new(&gctx->acvp_test_params, params)) 532 return 0; 533 #endif 534 return 1; 535 } 536 537 #define rsa_gen_basic \ 538 OSSL_PARAM_size_t(OSSL_PKEY_PARAM_RSA_BITS, NULL), \ 539 OSSL_PARAM_size_t(OSSL_PKEY_PARAM_RSA_PRIMES, NULL), \ 540 OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_E, NULL, 0) 541 542 /* 543 * The following must be kept in sync with ossl_rsa_pss_params_30_fromdata() 544 * in crypto/rsa/rsa_backend.c 545 */ 546 #define rsa_gen_pss \ 547 OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_RSA_DIGEST, NULL, 0), \ 548 OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_RSA_DIGEST_PROPS, NULL, 0), \ 549 OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_RSA_MASKGENFUNC, NULL, 0), \ 550 OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_RSA_MGF1_DIGEST, NULL, 0), \ 551 OSSL_PARAM_int(OSSL_PKEY_PARAM_RSA_PSS_SALTLEN, NULL) 552 553 static const OSSL_PARAM *rsa_gen_settable_params(ossl_unused void *genctx, 554 ossl_unused void *provctx) 555 { 556 static OSSL_PARAM settable[] = { 557 rsa_gen_basic, 558 OSSL_PARAM_END 559 }; 560 561 return settable; 562 } 563 564 static const OSSL_PARAM *rsapss_gen_settable_params(ossl_unused void *genctx, 565 ossl_unused void *provctx) 566 { 567 static OSSL_PARAM settable[] = { 568 rsa_gen_basic, 569 rsa_gen_pss, 570 OSSL_PARAM_END 571 }; 572 573 return settable; 574 } 575 576 static void *rsa_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg) 577 { 578 struct rsa_gen_ctx *gctx = genctx; 579 RSA *rsa = NULL, *rsa_tmp = NULL; 580 BN_GENCB *gencb = NULL; 581 582 if (!ossl_prov_is_running() || gctx == NULL) 583 return NULL; 584 585 switch (gctx->rsa_type) { 586 case RSA_FLAG_TYPE_RSA: 587 /* For plain RSA keys, PSS parameters must not be set */ 588 if (!ossl_rsa_pss_params_30_is_unrestricted(&gctx->pss_params)) 589 goto err; 590 break; 591 case RSA_FLAG_TYPE_RSASSAPSS: 592 /* 593 * For plain RSA-PSS keys, PSS parameters may be set but don't have 594 * to, so not check. 595 */ 596 break; 597 default: 598 /* Unsupported RSA key sub-type... */ 599 return NULL; 600 } 601 602 if ((rsa_tmp = ossl_rsa_new_with_ctx(gctx->libctx)) == NULL) 603 return NULL; 604 605 gctx->cb = osslcb; 606 gctx->cbarg = cbarg; 607 gencb = BN_GENCB_new(); 608 if (gencb != NULL) 609 BN_GENCB_set(gencb, rsa_gencb, genctx); 610 611 #if defined(FIPS_MODULE) && !defined(OPENSSL_NO_ACVP_TESTS) 612 if (gctx->acvp_test_params != NULL) { 613 if (!ossl_rsa_acvp_test_set_params(rsa_tmp, gctx->acvp_test_params)) 614 goto err; 615 } 616 #endif 617 618 if (!RSA_generate_multi_prime_key(rsa_tmp, 619 (int)gctx->nbits, (int)gctx->primes, 620 gctx->pub_exp, gencb)) 621 goto err; 622 623 if (!ossl_rsa_pss_params_30_copy(ossl_rsa_get0_pss_params_30(rsa_tmp), 624 &gctx->pss_params)) 625 goto err; 626 627 RSA_clear_flags(rsa_tmp, RSA_FLAG_TYPE_MASK); 628 RSA_set_flags(rsa_tmp, gctx->rsa_type); 629 630 rsa = rsa_tmp; 631 rsa_tmp = NULL; 632 err: 633 BN_GENCB_free(gencb); 634 RSA_free(rsa_tmp); 635 return rsa; 636 } 637 638 static void rsa_gen_cleanup(void *genctx) 639 { 640 struct rsa_gen_ctx *gctx = genctx; 641 642 if (gctx == NULL) 643 return; 644 #if defined(FIPS_MODULE) && !defined(OPENSSL_NO_ACVP_TESTS) 645 ossl_rsa_acvp_test_gen_params_free(gctx->acvp_test_params); 646 gctx->acvp_test_params = NULL; 647 #endif 648 BN_clear_free(gctx->pub_exp); 649 OPENSSL_free(gctx); 650 } 651 652 static void *common_load(const void *reference, size_t reference_sz, 653 int expected_rsa_type) 654 { 655 RSA *rsa = NULL; 656 657 if (ossl_prov_is_running() && reference_sz == sizeof(rsa)) { 658 /* The contents of the reference is the address to our object */ 659 rsa = *(RSA **)reference; 660 661 if (RSA_test_flags(rsa, RSA_FLAG_TYPE_MASK) != expected_rsa_type) 662 return NULL; 663 664 /* We grabbed, so we detach it */ 665 *(RSA **)reference = NULL; 666 return rsa; 667 } 668 return NULL; 669 } 670 671 static void *rsa_load(const void *reference, size_t reference_sz) 672 { 673 return common_load(reference, reference_sz, RSA_FLAG_TYPE_RSA); 674 } 675 676 static void *rsapss_load(const void *reference, size_t reference_sz) 677 { 678 return common_load(reference, reference_sz, RSA_FLAG_TYPE_RSASSAPSS); 679 } 680 681 static void *rsa_dup(const void *keydata_from, int selection) 682 { 683 if (ossl_prov_is_running() 684 /* do not allow creating empty keys by duplication */ 685 && (selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) 686 return ossl_rsa_dup(keydata_from, selection); 687 return NULL; 688 } 689 690 /* For any RSA key, we use the "RSA" algorithms regardless of sub-type. */ 691 static const char *rsa_query_operation_name(int operation_id) 692 { 693 return "RSA"; 694 } 695 696 const OSSL_DISPATCH ossl_rsa_keymgmt_functions[] = { 697 { OSSL_FUNC_KEYMGMT_NEW, (void (*)(void))rsa_newdata }, 698 { OSSL_FUNC_KEYMGMT_GEN_INIT, (void (*)(void))rsa_gen_init }, 699 { OSSL_FUNC_KEYMGMT_GEN_SET_PARAMS, 700 (void (*)(void))rsa_gen_set_params }, 701 { OSSL_FUNC_KEYMGMT_GEN_SETTABLE_PARAMS, 702 (void (*)(void))rsa_gen_settable_params }, 703 { OSSL_FUNC_KEYMGMT_GEN, (void (*)(void))rsa_gen }, 704 { OSSL_FUNC_KEYMGMT_GEN_CLEANUP, (void (*)(void))rsa_gen_cleanup }, 705 { OSSL_FUNC_KEYMGMT_LOAD, (void (*)(void))rsa_load }, 706 { OSSL_FUNC_KEYMGMT_FREE, (void (*)(void))rsa_freedata }, 707 { OSSL_FUNC_KEYMGMT_GET_PARAMS, (void (*) (void))rsa_get_params }, 708 { OSSL_FUNC_KEYMGMT_GETTABLE_PARAMS, (void (*) (void))rsa_gettable_params }, 709 { OSSL_FUNC_KEYMGMT_HAS, (void (*)(void))rsa_has }, 710 { OSSL_FUNC_KEYMGMT_MATCH, (void (*)(void))rsa_match }, 711 { OSSL_FUNC_KEYMGMT_VALIDATE, (void (*)(void))rsa_validate }, 712 { OSSL_FUNC_KEYMGMT_IMPORT, (void (*)(void))rsa_import }, 713 { OSSL_FUNC_KEYMGMT_IMPORT_TYPES, (void (*)(void))rsa_import_types }, 714 { OSSL_FUNC_KEYMGMT_EXPORT, (void (*)(void))rsa_export }, 715 { OSSL_FUNC_KEYMGMT_EXPORT_TYPES, (void (*)(void))rsa_export_types }, 716 { OSSL_FUNC_KEYMGMT_DUP, (void (*)(void))rsa_dup }, 717 OSSL_DISPATCH_END 718 }; 719 720 const OSSL_DISPATCH ossl_rsapss_keymgmt_functions[] = { 721 { OSSL_FUNC_KEYMGMT_NEW, (void (*)(void))rsapss_newdata }, 722 { OSSL_FUNC_KEYMGMT_GEN_INIT, (void (*)(void))rsapss_gen_init }, 723 { OSSL_FUNC_KEYMGMT_GEN_SET_PARAMS, (void (*)(void))rsa_gen_set_params }, 724 { OSSL_FUNC_KEYMGMT_GEN_SETTABLE_PARAMS, 725 (void (*)(void))rsapss_gen_settable_params }, 726 { OSSL_FUNC_KEYMGMT_GEN, (void (*)(void))rsa_gen }, 727 { OSSL_FUNC_KEYMGMT_GEN_CLEANUP, (void (*)(void))rsa_gen_cleanup }, 728 { OSSL_FUNC_KEYMGMT_LOAD, (void (*)(void))rsapss_load }, 729 { OSSL_FUNC_KEYMGMT_FREE, (void (*)(void))rsa_freedata }, 730 { OSSL_FUNC_KEYMGMT_GET_PARAMS, (void (*) (void))rsa_get_params }, 731 { OSSL_FUNC_KEYMGMT_GETTABLE_PARAMS, (void (*) (void))rsa_gettable_params }, 732 { OSSL_FUNC_KEYMGMT_HAS, (void (*)(void))rsa_has }, 733 { OSSL_FUNC_KEYMGMT_MATCH, (void (*)(void))rsa_match }, 734 { OSSL_FUNC_KEYMGMT_VALIDATE, (void (*)(void))rsa_validate }, 735 { OSSL_FUNC_KEYMGMT_IMPORT, (void (*)(void))rsa_import }, 736 { OSSL_FUNC_KEYMGMT_IMPORT_TYPES, (void (*)(void))rsa_import_types }, 737 { OSSL_FUNC_KEYMGMT_EXPORT, (void (*)(void))rsa_export }, 738 { OSSL_FUNC_KEYMGMT_EXPORT_TYPES, (void (*)(void))rsa_export_types }, 739 { OSSL_FUNC_KEYMGMT_QUERY_OPERATION_NAME, 740 (void (*)(void))rsa_query_operation_name }, 741 { OSSL_FUNC_KEYMGMT_DUP, (void (*)(void))rsa_dup }, 742 OSSL_DISPATCH_END 743 }; 744