QuasarApp/openssl
4
0
Fork 0
mirror of https://github.com/QuasarApp/openssl.git synced 2025-05-11 00:49:41 +00:00
Code Issues Projects Releases Wiki Activity
openssl/providers/implementations/serializers/serializer_rsa_priv.c
Shane Lontis f552d90045 Add Serializers for EC 
Provide EC serializers for text, pem and der.

EC parameters use ANS1 'CHOICE' - which means they are more embedded than other parameters used by
other KEY types (which normally have a SEQUENCE at the top level).
For this reason the ANS1_STRING type that was being passed around has been changed to a void so that the
code can still be shared with EC.

The EC serializer only supports named curves currently.

NOTE the serializer code assumes PKCS8 format - if the older encode methods are needed they will need to be
added in another PR. (Probably when deserialization is considered).

EVP_PKEY_key_fromdata_init was changed from using a keypair selection to all bits of a key. A side effect of this was
that the very restrictive checks in the ecx code needed to be relaxed as it was assuming all selection flags were non
optional. As this is not the case for any other key the code has been modified.

Fixed a bug in legacy_ctrl_str_to_params() - "ecdh_cofactor_mode" was being incorrectly converted to the wrong keyname.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11107)
2020-03-04 07:48:45 +10:00

298 lines
9.5 KiB
C
Raw Blame History

/*
* Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
/*
* RSA low level APIs are deprecated for public use, but still ok for
* internal use.
*/
#include "internal/deprecated.h"
#include <openssl/core_numbers.h>
#include <openssl/core_names.h>
#include <openssl/err.h>
#include <openssl/pem.h>
#include <openssl/rsa.h>
#include <openssl/types.h>
#include <openssl/params.h>
#include <openssl/safestack.h>
#include "prov/bio.h"
#include "prov/implementations.h"
#include "prov/providercommonerr.h"
#include "serializer_local.h"
static OSSL_OP_serializer_newctx_fn rsa_priv_newctx;
static OSSL_OP_serializer_freectx_fn rsa_priv_freectx;
static OSSL_OP_serializer_set_ctx_params_fn rsa_priv_set_ctx_params;
static OSSL_OP_serializer_settable_ctx_params_fn rsa_priv_settable_ctx_params;
static OSSL_OP_serializer_serialize_data_fn rsa_priv_der_data;
static OSSL_OP_serializer_serialize_object_fn rsa_priv_der;
static OSSL_OP_serializer_serialize_data_fn rsa_pem_priv_data;
static OSSL_OP_serializer_serialize_object_fn rsa_pem_priv;
static OSSL_OP_serializer_newctx_fn rsa_print_newctx;
static OSSL_OP_serializer_freectx_fn rsa_print_freectx;
static OSSL_OP_serializer_serialize_data_fn rsa_priv_print_data;
static OSSL_OP_serializer_serialize_object_fn rsa_priv_print;
/*
* Context used for private key serialization.
*/
struct rsa_priv_ctx_st {
void *provctx;
struct pkcs8_encrypt_ctx_st sc;
};
/* Helper functions to prepare RSA-PSS params for serialization */
static int prepare_rsa_params(const void *rsa, int nid,
void **pstr, int *pstrtype)
{
const RSA_PSS_PARAMS *pss = RSA_get0_pss_params(rsa);
*pstr = NULL;
/* If RSA it's just NULL type */
if (nid != EVP_PKEY_RSA_PSS) {
*pstrtype = V_ASN1_NULL;
return 1;
}
/* If no PSS parameters we omit parameters entirely */
if (pss == NULL) {
*pstrtype = V_ASN1_UNDEF;
return 1;
}
/* Encode PSS parameters */
if (ASN1_item_pack((void *)pss, ASN1_ITEM_rptr(RSA_PSS_PARAMS),
(ASN1_STRING **)pstr)
== NULL)
return 0;
*pstrtype = V_ASN1_SEQUENCE;
return 1;
}
/* Private key : context */
static void *rsa_priv_newctx(void *provctx)
{
struct rsa_priv_ctx_st *ctx = OPENSSL_zalloc(sizeof(*ctx));
if (ctx != NULL) {
ctx->provctx = provctx;
/* -1 is the "whatever" indicator, i.e. the PKCS8 library default PBE */
ctx->sc.pbe_nid = -1;
}
return ctx;
}
static void rsa_priv_freectx(void *vctx)
{
struct rsa_priv_ctx_st *ctx = vctx;
EVP_CIPHER_free(ctx->sc.cipher);
OPENSSL_free(ctx->sc.cipher_pass);
OPENSSL_free(ctx);
}
static const OSSL_PARAM *rsa_priv_settable_ctx_params(void)
{
static const OSSL_PARAM settables[] = {
OSSL_PARAM_utf8_string(OSSL_SERIALIZER_PARAM_CIPHER, NULL, 0),
OSSL_PARAM_octet_string(OSSL_SERIALIZER_PARAM_PASS, NULL, 0),
OSSL_PARAM_END,
};
return settables;
}
static int rsa_priv_set_ctx_params(void *vctx, const OSSL_PARAM params[])
{
struct rsa_priv_ctx_st *ctx = vctx;
const OSSL_PARAM *p;
if ((p = OSSL_PARAM_locate_const(params, OSSL_SERIALIZER_PARAM_CIPHER))
!= NULL) {
const OSSL_PARAM *propsp =
OSSL_PARAM_locate_const(params, OSSL_SERIALIZER_PARAM_PROPERTIES);
const char *props = NULL;
if (p->data_type != OSSL_PARAM_UTF8_STRING)
return 0;
if (propsp != NULL && propsp->data_type != OSSL_PARAM_UTF8_STRING)
return 0;
props = (propsp != NULL ? propsp->data : NULL);
EVP_CIPHER_free(ctx->sc.cipher);
ctx->sc.cipher_intent = p->data != NULL;
if (p->data != NULL
&& ((ctx->sc.cipher = EVP_CIPHER_fetch(NULL, p->data, props))
== NULL))
return 0;
}
if ((p = OSSL_PARAM_locate_const(params, OSSL_SERIALIZER_PARAM_PASS))
!= NULL) {
OPENSSL_free(ctx->sc.cipher_pass);
ctx->sc.cipher_pass = NULL;
if (!OSSL_PARAM_get_octet_string(p, &ctx->sc.cipher_pass, 0,
&ctx->sc.cipher_pass_length))
return 0;
}
return 1;
}
/* Private key : DER */
static int rsa_priv_der_data(void *vctx, const OSSL_PARAM params[], BIO *out,
OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg)
{
struct rsa_priv_ctx_st *ctx = vctx;
OSSL_OP_keymgmt_new_fn *rsa_new = ossl_prov_get_keymgmt_rsa_new();
OSSL_OP_keymgmt_free_fn *rsa_free = ossl_prov_get_keymgmt_rsa_free();
OSSL_OP_keymgmt_import_fn *rsa_import = ossl_prov_get_keymgmt_rsa_import();
int ok = 0;
if (rsa_import != NULL) {
RSA *rsa;
if ((rsa = rsa_new(ctx->provctx)) != NULL
&& rsa_import(rsa, OSSL_KEYMGMT_SELECT_KEYPAIR, params)
&& rsa_priv_der(ctx, rsa, out, cb, cbarg))
ok = 1;
rsa_free(rsa);
}
return ok;
}
static int rsa_priv_der(void *vctx, void *rsa, BIO *out,
OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg)
{
struct rsa_priv_ctx_st *ctx = vctx;
int ret;
ctx->sc.cb = cb;
ctx->sc.cbarg = cbarg;
ret = ossl_prov_write_priv_der_from_obj(out, rsa, EVP_PKEY_RSA,
prepare_rsa_params,
(i2d_of_void *)i2d_RSAPrivateKey,
&ctx->sc);
return ret;
}
/* Private key : PEM */
static int rsa_pem_priv_data(void *vctx, const OSSL_PARAM params[], BIO *out,
OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg)
{
struct rsa_priv_ctx_st *ctx = vctx;
OSSL_OP_keymgmt_new_fn *rsa_new = ossl_prov_get_keymgmt_rsa_new();
OSSL_OP_keymgmt_free_fn *rsa_free = ossl_prov_get_keymgmt_rsa_free();
OSSL_OP_keymgmt_import_fn *rsa_import = ossl_prov_get_keymgmt_rsa_import();
int ok = 0;
if (rsa_import != NULL) {
RSA *rsa;
if ((rsa = rsa_new(ctx->provctx)) != NULL
&& rsa_import(rsa, OSSL_KEYMGMT_SELECT_KEYPAIR, params)
&& rsa_pem_priv(ctx, rsa, out, cb, cbarg))
ok = 1;
rsa_free(rsa);
}
return ok;
}
static int rsa_pem_priv(void *vctx, void *rsa, BIO *out,
OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg)
{
struct rsa_priv_ctx_st *ctx = vctx;
int ret;
ctx->sc.cb = cb;
ctx->sc.cbarg = cbarg;
ret = ossl_prov_write_priv_pem_from_obj(out, rsa, EVP_PKEY_RSA,
prepare_rsa_params,
(i2d_of_void *)i2d_RSAPrivateKey,
&ctx->sc);
return ret;
}
/*
* There's no specific print context, so we use the provider context
*/
static void *rsa_print_newctx(void *provctx)
{
return provctx;
}
static void rsa_print_freectx(void *ctx)
{
}
static int rsa_priv_print_data(void *vctx, const OSSL_PARAM params[],
BIO *out,
OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg)
{
struct rsa_priv_ctx_st *ctx = vctx;
OSSL_OP_keymgmt_new_fn *rsa_new = ossl_prov_get_keymgmt_rsa_new();
OSSL_OP_keymgmt_free_fn *rsa_free = ossl_prov_get_keymgmt_rsa_free();
OSSL_OP_keymgmt_import_fn *rsa_import = ossl_prov_get_keymgmt_rsa_import();
int ok = 0;
if (rsa_import != NULL) {
RSA *rsa;
if ((rsa = rsa_new(ctx->provctx)) != NULL
&& rsa_import(rsa, OSSL_KEYMGMT_SELECT_KEYPAIR, params)
&& rsa_priv_print(ctx, rsa, out, cb, cbarg))
ok = 1;
rsa_free(rsa);
}
return ok;
}
static int rsa_priv_print(void *ctx, void *rsa, BIO *out,
OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg)
{
return ossl_prov_print_rsa(out, rsa, 1);
}
const OSSL_DISPATCH rsa_priv_der_serializer_functions[] = {
{ OSSL_FUNC_SERIALIZER_NEWCTX, (void (*)(void))rsa_priv_newctx },
{ OSSL_FUNC_SERIALIZER_FREECTX, (void (*)(void))rsa_priv_freectx },
{ OSSL_FUNC_SERIALIZER_SET_CTX_PARAMS,
(void (*)(void))rsa_priv_set_ctx_params },
{ OSSL_FUNC_SERIALIZER_SETTABLE_CTX_PARAMS,
(void (*)(void))rsa_priv_settable_ctx_params },
{ OSSL_FUNC_SERIALIZER_SERIALIZE_DATA, (void (*)(void))rsa_priv_der_data },
{ OSSL_FUNC_SERIALIZER_SERIALIZE_OBJECT, (void (*)(void))rsa_priv_der },
{ 0, NULL }
};
const OSSL_DISPATCH rsa_priv_pem_serializer_functions[] = {
{ OSSL_FUNC_SERIALIZER_NEWCTX, (void (*)(void))rsa_priv_newctx },
{ OSSL_FUNC_SERIALIZER_FREECTX, (void (*)(void))rsa_priv_freectx },
{ OSSL_FUNC_SERIALIZER_SET_CTX_PARAMS,
(void (*)(void))rsa_priv_set_ctx_params },
{ OSSL_FUNC_SERIALIZER_SETTABLE_CTX_PARAMS,
(void (*)(void))rsa_priv_settable_ctx_params },
{ OSSL_FUNC_SERIALIZER_SERIALIZE_DATA, (void (*)(void))rsa_pem_priv_data },
{ OSSL_FUNC_SERIALIZER_SERIALIZE_OBJECT, (void (*)(void))rsa_pem_priv },
{ 0, NULL }
};
const OSSL_DISPATCH rsa_priv_text_serializer_functions[] = {
{ OSSL_FUNC_SERIALIZER_NEWCTX, (void (*)(void))rsa_print_newctx },
{ OSSL_FUNC_SERIALIZER_FREECTX, (void (*)(void))rsa_print_freectx },
{ OSSL_FUNC_SERIALIZER_SERIALIZE_OBJECT, (void (*)(void))rsa_priv_print },
{ OSSL_FUNC_SERIALIZER_SERIALIZE_DATA,
(void (*)(void))rsa_priv_print_data },
{ 0, NULL }
};
Reference in New Issue View Git Blame Copy Permalink