1 /* $OpenBSD: rsa_asn1.c,v 1.18 2024/07/08 17:10:18 beck Exp $ */
2 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 2000.
4 */
5 /* ====================================================================
6 * Copyright (c) 2000-2005 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59 #include <stdio.h>
60
61 #include <openssl/asn1t.h>
62 #include <openssl/bn.h>
63 #include <openssl/rsa.h>
64 #include <openssl/x509.h>
65
66 #include "rsa_local.h"
67
68 /* Override the default free and new methods */
69 static int
rsa_cb(int operation,ASN1_VALUE ** pval,const ASN1_ITEM * it,void * exarg)70 rsa_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
71 {
72 if (operation == ASN1_OP_NEW_PRE) {
73 *pval = (ASN1_VALUE *)RSA_new();
74 if (*pval)
75 return 2;
76 return 0;
77 } else if (operation == ASN1_OP_FREE_PRE) {
78 RSA_free((RSA *)*pval);
79 *pval = NULL;
80 return 2;
81 }
82 return 1;
83 }
84
85 static const ASN1_AUX RSAPrivateKey_aux = {
86 .app_data = NULL,
87 .flags = 0,
88 .ref_offset = 0,
89 .ref_lock = 0,
90 .asn1_cb = rsa_cb,
91 .enc_offset = 0,
92 };
93 static const ASN1_TEMPLATE RSAPrivateKey_seq_tt[] = {
94 {
95 .flags = 0,
96 .tag = 0,
97 .offset = offsetof(RSA, version),
98 .field_name = "version",
99 .item = &LONG_it,
100 },
101 {
102 .flags = 0,
103 .tag = 0,
104 .offset = offsetof(RSA, n),
105 .field_name = "n",
106 .item = &BIGNUM_it,
107 },
108 {
109 .flags = 0,
110 .tag = 0,
111 .offset = offsetof(RSA, e),
112 .field_name = "e",
113 .item = &BIGNUM_it,
114 },
115 {
116 .flags = 0,
117 .tag = 0,
118 .offset = offsetof(RSA, d),
119 .field_name = "d",
120 .item = &BIGNUM_it,
121 },
122 {
123 .flags = 0,
124 .tag = 0,
125 .offset = offsetof(RSA, p),
126 .field_name = "p",
127 .item = &BIGNUM_it,
128 },
129 {
130 .flags = 0,
131 .tag = 0,
132 .offset = offsetof(RSA, q),
133 .field_name = "q",
134 .item = &BIGNUM_it,
135 },
136 {
137 .flags = 0,
138 .tag = 0,
139 .offset = offsetof(RSA, dmp1),
140 .field_name = "dmp1",
141 .item = &BIGNUM_it,
142 },
143 {
144 .flags = 0,
145 .tag = 0,
146 .offset = offsetof(RSA, dmq1),
147 .field_name = "dmq1",
148 .item = &BIGNUM_it,
149 },
150 {
151 .flags = 0,
152 .tag = 0,
153 .offset = offsetof(RSA, iqmp),
154 .field_name = "iqmp",
155 .item = &BIGNUM_it,
156 },
157 };
158
159 const ASN1_ITEM RSAPrivateKey_it = {
160 .itype = ASN1_ITYPE_SEQUENCE,
161 .utype = V_ASN1_SEQUENCE,
162 .templates = RSAPrivateKey_seq_tt,
163 .tcount = sizeof(RSAPrivateKey_seq_tt) / sizeof(ASN1_TEMPLATE),
164 .funcs = &RSAPrivateKey_aux,
165 .size = sizeof(RSA),
166 .sname = "RSA",
167 };
168 LCRYPTO_ALIAS(RSAPrivateKey_it);
169
170
171 static const ASN1_AUX RSAPublicKey_aux = {
172 .app_data = NULL,
173 .flags = 0,
174 .ref_offset = 0,
175 .ref_lock = 0,
176 .asn1_cb = rsa_cb,
177 .enc_offset = 0,
178 };
179 static const ASN1_TEMPLATE RSAPublicKey_seq_tt[] = {
180 {
181 .flags = 0,
182 .tag = 0,
183 .offset = offsetof(RSA, n),
184 .field_name = "n",
185 .item = &BIGNUM_it,
186 },
187 {
188 .flags = 0,
189 .tag = 0,
190 .offset = offsetof(RSA, e),
191 .field_name = "e",
192 .item = &BIGNUM_it,
193 },
194 };
195
196 const ASN1_ITEM RSAPublicKey_it = {
197 .itype = ASN1_ITYPE_SEQUENCE,
198 .utype = V_ASN1_SEQUENCE,
199 .templates = RSAPublicKey_seq_tt,
200 .tcount = sizeof(RSAPublicKey_seq_tt) / sizeof(ASN1_TEMPLATE),
201 .funcs = &RSAPublicKey_aux,
202 .size = sizeof(RSA),
203 .sname = "RSA",
204 };
205 LCRYPTO_ALIAS(RSAPublicKey_it);
206
207 static int
rsa_pss_cb(int operation,ASN1_VALUE ** pval,const ASN1_ITEM * it,void * exarg)208 rsa_pss_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
209 {
210 /* Free up maskHash */
211 if (operation == ASN1_OP_FREE_PRE) {
212 RSA_PSS_PARAMS *pss = (RSA_PSS_PARAMS *)*pval;
213 X509_ALGOR_free(pss->maskHash);
214 }
215 return 1;
216 }
217
218 static const ASN1_AUX RSA_PSS_PARAMS_aux = {
219 .app_data = NULL,
220 .flags = 0,
221 .ref_offset = 0,
222 .ref_lock = 0,
223 .asn1_cb = rsa_pss_cb,
224 .enc_offset = 0,
225 };
226
227 static const ASN1_TEMPLATE RSA_PSS_PARAMS_seq_tt[] = {
228 {
229 .flags = ASN1_TFLG_EXPLICIT | ASN1_TFLG_OPTIONAL,
230 .tag = 0,
231 .offset = offsetof(RSA_PSS_PARAMS, hashAlgorithm),
232 .field_name = "hashAlgorithm",
233 .item = &X509_ALGOR_it,
234 },
235 {
236 .flags = ASN1_TFLG_EXPLICIT | ASN1_TFLG_OPTIONAL,
237 .tag = 1,
238 .offset = offsetof(RSA_PSS_PARAMS, maskGenAlgorithm),
239 .field_name = "maskGenAlgorithm",
240 .item = &X509_ALGOR_it,
241 },
242 {
243 .flags = ASN1_TFLG_EXPLICIT | ASN1_TFLG_OPTIONAL,
244 .tag = 2,
245 .offset = offsetof(RSA_PSS_PARAMS, saltLength),
246 .field_name = "saltLength",
247 .item = &ASN1_INTEGER_it,
248 },
249 {
250 .flags = ASN1_TFLG_EXPLICIT | ASN1_TFLG_OPTIONAL,
251 .tag = 3,
252 .offset = offsetof(RSA_PSS_PARAMS, trailerField),
253 .field_name = "trailerField",
254 .item = &ASN1_INTEGER_it,
255 },
256 };
257
258 const ASN1_ITEM RSA_PSS_PARAMS_it = {
259 .itype = ASN1_ITYPE_SEQUENCE,
260 .utype = V_ASN1_SEQUENCE,
261 .templates = RSA_PSS_PARAMS_seq_tt,
262 .tcount = sizeof(RSA_PSS_PARAMS_seq_tt) / sizeof(ASN1_TEMPLATE),
263 .funcs = &RSA_PSS_PARAMS_aux,
264 .size = sizeof(RSA_PSS_PARAMS),
265 .sname = "RSA_PSS_PARAMS",
266 };
267 LCRYPTO_ALIAS(RSA_PSS_PARAMS_it);
268
269 RSA_PSS_PARAMS *
d2i_RSA_PSS_PARAMS(RSA_PSS_PARAMS ** a,const unsigned char ** in,long len)270 d2i_RSA_PSS_PARAMS(RSA_PSS_PARAMS **a, const unsigned char **in, long len)
271 {
272 return (RSA_PSS_PARAMS *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
273 &RSA_PSS_PARAMS_it);
274 }
275 LCRYPTO_ALIAS(d2i_RSA_PSS_PARAMS);
276
277 int
i2d_RSA_PSS_PARAMS(RSA_PSS_PARAMS * a,unsigned char ** out)278 i2d_RSA_PSS_PARAMS(RSA_PSS_PARAMS *a, unsigned char **out)
279 {
280 return ASN1_item_i2d((ASN1_VALUE *)a, out, &RSA_PSS_PARAMS_it);
281 }
282 LCRYPTO_ALIAS(i2d_RSA_PSS_PARAMS);
283
284 RSA_PSS_PARAMS *
RSA_PSS_PARAMS_new(void)285 RSA_PSS_PARAMS_new(void)
286 {
287 return (RSA_PSS_PARAMS *)ASN1_item_new(&RSA_PSS_PARAMS_it);
288 }
289 LCRYPTO_ALIAS(RSA_PSS_PARAMS_new);
290
291 void
RSA_PSS_PARAMS_free(RSA_PSS_PARAMS * a)292 RSA_PSS_PARAMS_free(RSA_PSS_PARAMS *a)
293 {
294 ASN1_item_free((ASN1_VALUE *)a, &RSA_PSS_PARAMS_it);
295 }
296 LCRYPTO_ALIAS(RSA_PSS_PARAMS_free);
297
298 static int
rsa_oaep_cb(int operation,ASN1_VALUE ** pval,const ASN1_ITEM * it,void * exarg)299 rsa_oaep_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
300 {
301 /* Free up maskHash */
302 if (operation == ASN1_OP_FREE_PRE) {
303 RSA_OAEP_PARAMS *oaep = (RSA_OAEP_PARAMS *)*pval;
304 X509_ALGOR_free(oaep->maskHash);
305 }
306 return 1;
307 }
308
309 static const ASN1_AUX RSA_OAEP_PARAMS_aux = {
310 .app_data = NULL,
311 .flags = 0,
312 .ref_offset = 0,
313 .ref_lock = 0,
314 .asn1_cb = rsa_oaep_cb,
315 .enc_offset = 0,
316 };
317
318 static const ASN1_TEMPLATE RSA_OAEP_PARAMS_seq_tt[] = {
319 {
320 .flags = ASN1_TFLG_EXPLICIT | ASN1_TFLG_OPTIONAL,
321 .tag = 0,
322 .offset = offsetof(RSA_OAEP_PARAMS, hashFunc),
323 .field_name = "hashFunc",
324 .item = &X509_ALGOR_it,
325 },
326 {
327 .flags = ASN1_TFLG_EXPLICIT | ASN1_TFLG_OPTIONAL,
328 .tag = 1,
329 .offset = offsetof(RSA_OAEP_PARAMS, maskGenFunc),
330 .field_name = "maskGenFunc",
331 .item = &X509_ALGOR_it,
332 },
333 {
334 .flags = ASN1_TFLG_EXPLICIT | ASN1_TFLG_OPTIONAL,
335 .tag = 2,
336 .offset = offsetof(RSA_OAEP_PARAMS, pSourceFunc),
337 .field_name = "pSourceFunc",
338 .item = &X509_ALGOR_it,
339 },
340 };
341
342 const ASN1_ITEM RSA_OAEP_PARAMS_it = {
343 .itype = ASN1_ITYPE_SEQUENCE,
344 .utype = V_ASN1_SEQUENCE,
345 .templates = RSA_OAEP_PARAMS_seq_tt,
346 .tcount = sizeof(RSA_OAEP_PARAMS_seq_tt) / sizeof(ASN1_TEMPLATE),
347 .funcs = &RSA_OAEP_PARAMS_aux,
348 .size = sizeof(RSA_OAEP_PARAMS),
349 .sname = "RSA_OAEP_PARAMS",
350 };
351 LCRYPTO_ALIAS(RSA_OAEP_PARAMS_it);
352
353
354 RSA_OAEP_PARAMS *
d2i_RSA_OAEP_PARAMS(RSA_OAEP_PARAMS ** a,const unsigned char ** in,long len)355 d2i_RSA_OAEP_PARAMS(RSA_OAEP_PARAMS **a, const unsigned char **in, long len)
356 {
357 return (RSA_OAEP_PARAMS *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
358 &RSA_OAEP_PARAMS_it);
359 }
360 LCRYPTO_ALIAS(d2i_RSA_OAEP_PARAMS);
361
362 int
i2d_RSA_OAEP_PARAMS(RSA_OAEP_PARAMS * a,unsigned char ** out)363 i2d_RSA_OAEP_PARAMS(RSA_OAEP_PARAMS *a, unsigned char **out)
364 {
365 return ASN1_item_i2d((ASN1_VALUE *)a, out, &RSA_OAEP_PARAMS_it);
366 }
367 LCRYPTO_ALIAS(i2d_RSA_OAEP_PARAMS);
368
369 RSA_OAEP_PARAMS *
RSA_OAEP_PARAMS_new(void)370 RSA_OAEP_PARAMS_new(void)
371 {
372 return (RSA_OAEP_PARAMS *)ASN1_item_new(&RSA_OAEP_PARAMS_it);
373 }
374 LCRYPTO_ALIAS(RSA_OAEP_PARAMS_new);
375
376 void
RSA_OAEP_PARAMS_free(RSA_OAEP_PARAMS * a)377 RSA_OAEP_PARAMS_free(RSA_OAEP_PARAMS *a)
378 {
379 ASN1_item_free((ASN1_VALUE *)a, &RSA_OAEP_PARAMS_it);
380 }
381 LCRYPTO_ALIAS(RSA_OAEP_PARAMS_free);
382
383 RSA *
d2i_RSAPrivateKey(RSA ** a,const unsigned char ** in,long len)384 d2i_RSAPrivateKey(RSA **a, const unsigned char **in, long len)
385 {
386 return (RSA *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
387 &RSAPrivateKey_it);
388 }
389 LCRYPTO_ALIAS(d2i_RSAPrivateKey);
390
391 int
i2d_RSAPrivateKey(const RSA * a,unsigned char ** out)392 i2d_RSAPrivateKey(const RSA *a, unsigned char **out)
393 {
394 return ASN1_item_i2d((ASN1_VALUE *)a, out, &RSAPrivateKey_it);
395 }
396 LCRYPTO_ALIAS(i2d_RSAPrivateKey);
397
398
399 RSA *
d2i_RSAPublicKey(RSA ** a,const unsigned char ** in,long len)400 d2i_RSAPublicKey(RSA **a, const unsigned char **in, long len)
401 {
402 return (RSA *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
403 &RSAPublicKey_it);
404 }
405 LCRYPTO_ALIAS(d2i_RSAPublicKey);
406
407 int
i2d_RSAPublicKey(const RSA * a,unsigned char ** out)408 i2d_RSAPublicKey(const RSA *a, unsigned char **out)
409 {
410 return ASN1_item_i2d((ASN1_VALUE *)a, out, &RSAPublicKey_it);
411 }
412 LCRYPTO_ALIAS(i2d_RSAPublicKey);
413
414 RSA *
RSAPublicKey_dup(RSA * rsa)415 RSAPublicKey_dup(RSA *rsa)
416 {
417 return ASN1_item_dup(&RSAPublicKey_it, rsa);
418 }
419 LCRYPTO_ALIAS(RSAPublicKey_dup);
420
421 RSA *
RSAPrivateKey_dup(RSA * rsa)422 RSAPrivateKey_dup(RSA *rsa)
423 {
424 return ASN1_item_dup(&RSAPrivateKey_it, rsa);
425 }
426 LCRYPTO_ALIAS(RSAPrivateKey_dup);
427