1/*
2 * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10#include <openssl/core_numbers.h>
11#include <openssl/core_names.h>
12#include <openssl/bn.h>
13#include <openssl/rsa.h>
14#include <openssl/params.h>
15#include <openssl/types.h>
16#include "internal/param_build.h"
17#include "prov/implementations.h"
18#include "prov/providercommon.h"
19#include "crypto/rsa.h"
20
21static OSSL_OP_keymgmt_importkey_fn rsa_importkey;
22static OSSL_OP_keymgmt_exportkey_fn rsa_exportkey;
23
24DEFINE_STACK_OF(BIGNUM)
25DEFINE_SPECIAL_STACK_OF_CONST(BIGNUM_const, BIGNUM)
26
27static int collect_numbers(STACK_OF(BIGNUM) *numbers,
28 const OSSL_PARAM params[], const char *key)
29{
30 const OSSL_PARAM *p = NULL;
31
32 if (numbers == NULL)
33 return 0;
34
35 for (p = params; (p = OSSL_PARAM_locate_const(p, key)) != NULL; p++) {
36 BIGNUM *tmp = NULL;
37
38 if (!OSSL_PARAM_get_BN(p, &tmp))
39 return 0;
40 sk_BIGNUM_push(numbers, tmp);
41 }
42
43 return 1;
44}
45
46static int params_to_key(RSA *rsa, const OSSL_PARAM params[])
47{
48 const OSSL_PARAM *param_n, *param_e, *param_d;
49 BIGNUM *n = NULL, *e = NULL, *d = NULL;
50 STACK_OF(BIGNUM) *factors = NULL, *exps = NULL, *coeffs = NULL;
51 int is_private = 0;
52
53 if (rsa == NULL)
54 return 0;
55
56 param_n = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_N);
57 param_e = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_E);
58 param_d = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_D);
59
60 if ((param_n != NULL && !OSSL_PARAM_get_BN(param_n, &n))
61 || (param_e != NULL && !OSSL_PARAM_get_BN(param_e, &e))
62 || (param_d != NULL && !OSSL_PARAM_get_BN(param_d, &d)))
63 goto err;
64
65 is_private = (d != NULL);
66
67 if (!RSA_set0_key(rsa, n, e, d))
68 goto err;
69 n = e = d = NULL;
70
71 if (is_private) {
72 if (!collect_numbers(factors = sk_BIGNUM_new_null(), params,
73 OSSL_PKEY_PARAM_RSA_FACTOR)
74 || !collect_numbers(exps = sk_BIGNUM_new_null(), params,
75 OSSL_PKEY_PARAM_RSA_EXPONENT)
76 || !collect_numbers(coeffs = sk_BIGNUM_new_null(), params,
77 OSSL_PKEY_PARAM_RSA_COEFFICIENT))
78 goto err;
79
80 /* It's ok if this private key just has n, e and d */
81 if (sk_BIGNUM_num(factors) != 0
82 && !rsa_set0_all_params(rsa, factors, exps, coeffs))
83 goto err;
84 }
85
86 sk_BIGNUM_free(factors);
87 sk_BIGNUM_free(exps);
88 sk_BIGNUM_free(coeffs);
89 return 1;
90
91 err:
92 BN_free(n);
93 BN_free(e);
94 BN_free(d);
95 sk_BIGNUM_pop_free(factors, BN_free);
96 sk_BIGNUM_pop_free(exps, BN_free);
97 sk_BIGNUM_pop_free(coeffs, BN_free);
98 return 0;
99}
100
101static int export_numbers(OSSL_PARAM_BLD *tmpl, const char *key,
102 STACK_OF(BIGNUM_const) *numbers)
103{
104 int i, nnum;
105
106 if (numbers == NULL)
107 return 0;
108
109 nnum = sk_BIGNUM_const_num(numbers);
110
111 for (i = 0; i < nnum; i++) {
112 if (!ossl_param_bld_push_BN(tmpl, key,
113 sk_BIGNUM_const_value(numbers, i)))
114 return 0;
115 }
116
117 return 1;
118}
119
120static int key_to_params(RSA *rsa, OSSL_PARAM_BLD *tmpl)
121{
122 int ret = 0;
123 const BIGNUM *rsa_d = NULL, *rsa_n = NULL, *rsa_e = NULL;
124 STACK_OF(BIGNUM_const) *factors = sk_BIGNUM_const_new_null();
125 STACK_OF(BIGNUM_const) *exps = sk_BIGNUM_const_new_null();
126 STACK_OF(BIGNUM_const) *coeffs = sk_BIGNUM_const_new_null();
127
128 if (rsa == NULL || factors == NULL || exps == NULL || coeffs == NULL)
129 goto err;
130
131 RSA_get0_key(rsa, &rsa_n, &rsa_e, &rsa_d);
132 rsa_get0_all_params(rsa, factors, exps, coeffs);
133
134 if (rsa_n != NULL
135 && !ossl_param_bld_push_BN(tmpl, OSSL_PKEY_PARAM_RSA_N, rsa_n))
136 goto err;
137 if (rsa_e != NULL
138 && !ossl_param_bld_push_BN(tmpl, OSSL_PKEY_PARAM_RSA_E, rsa_e))
139 goto err;
140 if (rsa_d != NULL
141 && !ossl_param_bld_push_BN(tmpl, OSSL_PKEY_PARAM_RSA_D, rsa_d))
142 goto err;
143
144 if (!export_numbers(tmpl, OSSL_PKEY_PARAM_RSA_FACTOR, factors)
145 || !export_numbers(tmpl, OSSL_PKEY_PARAM_RSA_EXPONENT, exps)
146 || !export_numbers(tmpl, OSSL_PKEY_PARAM_RSA_COEFFICIENT, coeffs))
147 goto err;
148
149 ret = 1;
150 err:
151 sk_BIGNUM_const_free(factors);
152 sk_BIGNUM_const_free(exps);
153 sk_BIGNUM_const_free(coeffs);
154 return ret;
155}
156
157static void *rsa_importkey(void *provctx, const OSSL_PARAM params[])
158{
159 RSA *rsa;
160
161 if ((rsa = RSA_new()) == NULL
162 || !params_to_key(rsa, params)) {
163 RSA_free(rsa);
164 rsa = NULL;
165 }
166 return rsa;
167}
168
169static int rsa_exportkey(void *key, OSSL_CALLBACK *param_callback, void *cbarg)
170{
171 RSA *rsa = key;
172 OSSL_PARAM_BLD tmpl;
173 OSSL_PARAM *params = NULL;
174 int ret;
175
176 ossl_param_bld_init(&tmpl);
177 if (rsa == NULL
178 || !key_to_params(rsa, &tmpl)
179 || (params = ossl_param_bld_to_param(&tmpl)) == NULL)
180 return 0;
181 ret = param_callback(params, cbarg);
182 ossl_param_bld_free(params);
183 return ret;
184}
185
186/*
187 * This provider can export everything in an RSA key, so we use the exact
188 * same type description for export as for import. Other providers might
189 * choose to import full keys, but only export the public parts, and will
190 * therefore have the importkey_types and importkey_types functions return
191 * different arrays.
192 */
193static const OSSL_PARAM rsa_key_types[] = {
194 OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_N, NULL, 0),
195 OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_E, NULL, 0),
196 OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_D, NULL, 0),
197 /* We tolerate up to 10 factors... */
198 OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR, NULL, 0),
199 OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR, NULL, 0),
200 OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR, NULL, 0),
201 OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR, NULL, 0),
202 OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR, NULL, 0),
203 OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR, NULL, 0),
204 OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR, NULL, 0),
205 OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR, NULL, 0),
206 OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR, NULL, 0),
207 OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR, NULL, 0),
208 /* ..., up to 10 CRT exponents... */
209 OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT, NULL, 0),
210 OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT, NULL, 0),
211 OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT, NULL, 0),
212 OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT, NULL, 0),
213 OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT, NULL, 0),
214 OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT, NULL, 0),
215 OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT, NULL, 0),
216 OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT, NULL, 0),
217 OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT, NULL, 0),
218 OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT, NULL, 0),
219 /* ..., and up to 9 CRT coefficients */
220 OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_COEFFICIENT, NULL, 0),
221 OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_COEFFICIENT, NULL, 0),
222 OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_COEFFICIENT, NULL, 0),
223 OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_COEFFICIENT, NULL, 0),
224 OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_COEFFICIENT, NULL, 0),
225 OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_COEFFICIENT, NULL, 0),
226 OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_COEFFICIENT, NULL, 0),
227 OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_COEFFICIENT, NULL, 0),
228 OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_COEFFICIENT, NULL, 0),
229};
230/*
231 * We lied about the amount of factors, exponents and coefficients, the
232 * export and import functions can really deal with an infinite amount
233 * of these numbers. However, RSA keys with too many primes are futile,
234 * so we at least pretend to have some limits.
235 */
236
237static const OSSL_PARAM *rsa_exportkey_types(void)
238{
239 return rsa_key_types;
240}
241
242static const OSSL_PARAM *rsa_importkey_types(void)
243{
244 return rsa_key_types;
245}
246
247const OSSL_DISPATCH rsa_keymgmt_functions[] = {
248 { OSSL_FUNC_KEYMGMT_IMPORTKEY, (void (*)(void))rsa_importkey },
249 { OSSL_FUNC_KEYMGMT_IMPORTKEY_TYPES, (void (*)(void))rsa_importkey_types },
250 { OSSL_FUNC_KEYMGMT_EXPORTKEY, (void (*)(void))rsa_exportkey },
251 { OSSL_FUNC_KEYMGMT_EXPORTKEY_TYPES, (void (*)(void))rsa_exportkey_types },
252 { OSSL_FUNC_KEYMGMT_FREEKEY, (void (*)(void))RSA_free },
253 { 0, NULL }
254};
255