1 /* 2 * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. 3 * 4 * Licensed under the Apache License 2.0 (the "License"). You may not use 5 * this file except in compliance with the License. You can obtain a copy 6 * in the file LICENSE in the source distribution or at 7 * https://www.openssl.org/source/license.html 8 */ 9 10 /* 11 * RSA low level APIs are deprecated for public use, but still ok for 12 * internal use. 13 */ 14 #include "internal/deprecated.h" 15 16 #include <stdio.h> 17 #include "internal/cryptlib.h" 18 #include <openssl/bn.h> 19 #include <openssl/x509.h> 20 #include <openssl/asn1t.h> 21 #include "rsa_local.h" 22 23 /* 24 * Override the default free and new methods, 25 * and calculate helper products for multi-prime 26 * RSA keys. 27 */ 28 static int rsa_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, 29 void *exarg) 30 { 31 if (operation == ASN1_OP_NEW_PRE) { 32 *pval = (ASN1_VALUE *)RSA_new(); 33 if (*pval != NULL) 34 return 2; 35 return 0; 36 } else if (operation == ASN1_OP_FREE_PRE) { 37 RSA_free((RSA *)*pval); 38 *pval = NULL; 39 return 2; 40 } else if (operation == ASN1_OP_D2I_POST) { 41 if (((RSA *)*pval)->version != RSA_ASN1_VERSION_MULTI) { 42 /* not a multi-prime key, skip */ 43 return 1; 44 } 45 return (ossl_rsa_multip_calc_product((RSA *)*pval) == 1) ? 2 : 0; 46 } 47 return 1; 48 } 49 50 /* Based on definitions in RFC 8017 appendix A.1.2 */ 51 ASN1_SEQUENCE(RSA_PRIME_INFO) = { 52 ASN1_SIMPLE(RSA_PRIME_INFO, r, CBIGNUM), 53 ASN1_SIMPLE(RSA_PRIME_INFO, d, CBIGNUM), 54 ASN1_SIMPLE(RSA_PRIME_INFO, t, CBIGNUM), 55 } ASN1_SEQUENCE_END(RSA_PRIME_INFO) 56 57 ASN1_SEQUENCE_cb(RSAPrivateKey, rsa_cb) = { 58 ASN1_EMBED(RSA, version, INT32), 59 ASN1_SIMPLE(RSA, n, BIGNUM), 60 ASN1_SIMPLE(RSA, e, BIGNUM), 61 ASN1_SIMPLE(RSA, d, CBIGNUM), 62 ASN1_SIMPLE(RSA, p, CBIGNUM), 63 ASN1_SIMPLE(RSA, q, CBIGNUM), 64 ASN1_SIMPLE(RSA, dmp1, CBIGNUM), 65 ASN1_SIMPLE(RSA, dmq1, CBIGNUM), 66 ASN1_SIMPLE(RSA, iqmp, CBIGNUM), 67 ASN1_SEQUENCE_OF_OPT(RSA, prime_infos, RSA_PRIME_INFO) 68 } ASN1_SEQUENCE_END_cb(RSA, RSAPrivateKey) 69 70 71 ASN1_SEQUENCE_cb(RSAPublicKey, rsa_cb) = { 72 ASN1_SIMPLE(RSA, n, BIGNUM), 73 ASN1_SIMPLE(RSA, e, BIGNUM), 74 } ASN1_SEQUENCE_END_cb(RSA, RSAPublicKey) 75 76 /* Free up maskHash */ 77 static int rsa_pss_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, 78 void *exarg) 79 { 80 if (operation == ASN1_OP_FREE_PRE) { 81 RSA_PSS_PARAMS *pss = (RSA_PSS_PARAMS *)*pval; 82 X509_ALGOR_free(pss->maskHash); 83 } 84 return 1; 85 } 86 87 ASN1_SEQUENCE_cb(RSA_PSS_PARAMS, rsa_pss_cb) = { 88 ASN1_EXP_OPT(RSA_PSS_PARAMS, hashAlgorithm, X509_ALGOR,0), 89 ASN1_EXP_OPT(RSA_PSS_PARAMS, maskGenAlgorithm, X509_ALGOR,1), 90 ASN1_EXP_OPT(RSA_PSS_PARAMS, saltLength, ASN1_INTEGER,2), 91 ASN1_EXP_OPT(RSA_PSS_PARAMS, trailerField, ASN1_INTEGER,3) 92 } ASN1_SEQUENCE_END_cb(RSA_PSS_PARAMS, RSA_PSS_PARAMS) 93 94 IMPLEMENT_ASN1_FUNCTIONS(RSA_PSS_PARAMS) 95 IMPLEMENT_ASN1_DUP_FUNCTION(RSA_PSS_PARAMS) 96 97 /* Free up maskHash */ 98 static int rsa_oaep_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, 99 void *exarg) 100 { 101 if (operation == ASN1_OP_FREE_PRE) { 102 RSA_OAEP_PARAMS *oaep = (RSA_OAEP_PARAMS *)*pval; 103 X509_ALGOR_free(oaep->maskHash); 104 } 105 return 1; 106 } 107 108 ASN1_SEQUENCE_cb(RSA_OAEP_PARAMS, rsa_oaep_cb) = { 109 ASN1_EXP_OPT(RSA_OAEP_PARAMS, hashFunc, X509_ALGOR, 0), 110 ASN1_EXP_OPT(RSA_OAEP_PARAMS, maskGenFunc, X509_ALGOR, 1), 111 ASN1_EXP_OPT(RSA_OAEP_PARAMS, pSourceFunc, X509_ALGOR, 2), 112 } ASN1_SEQUENCE_END_cb(RSA_OAEP_PARAMS, RSA_OAEP_PARAMS) 113 114 IMPLEMENT_ASN1_FUNCTIONS(RSA_OAEP_PARAMS) 115 116 IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(RSA, RSAPrivateKey, RSAPrivateKey) 117 118 IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(RSA, RSAPublicKey, RSAPublicKey) 119 120 RSA *RSAPublicKey_dup(const RSA *rsa) 121 { 122 return ASN1_item_dup(ASN1_ITEM_rptr(RSAPublicKey), rsa); 123 } 124 125 RSA *RSAPrivateKey_dup(const RSA *rsa) 126 { 127 return ASN1_item_dup(ASN1_ITEM_rptr(RSAPrivateKey), rsa); 128 } 129