1 /* $OpenBSD: rsa_asn1.c,v 1.18 2024/07/08 17:10:18 beck Exp $ */ 2 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 3 * project 2000. 4 */ 5 /* ==================================================================== 6 * Copyright (c) 2000-2005 The OpenSSL Project. All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in 17 * the documentation and/or other materials provided with the 18 * distribution. 19 * 20 * 3. All advertising materials mentioning features or use of this 21 * software must display the following acknowledgment: 22 * "This product includes software developed by the OpenSSL Project 23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" 24 * 25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 26 * endorse or promote products derived from this software without 27 * prior written permission. For written permission, please contact 28 * licensing@OpenSSL.org. 29 * 30 * 5. Products derived from this software may not be called "OpenSSL" 31 * nor may "OpenSSL" appear in their names without prior written 32 * permission of the OpenSSL Project. 33 * 34 * 6. Redistributions of any form whatsoever must retain the following 35 * acknowledgment: 36 * "This product includes software developed by the OpenSSL Project 37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" 38 * 39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 50 * OF THE POSSIBILITY OF SUCH DAMAGE. 51 * ==================================================================== 52 * 53 * This product includes cryptographic software written by Eric Young 54 * (eay@cryptsoft.com). This product includes software written by Tim 55 * Hudson (tjh@cryptsoft.com). 56 * 57 */ 58 59 #include <stdio.h> 60 61 #include <openssl/asn1t.h> 62 #include <openssl/bn.h> 63 #include <openssl/rsa.h> 64 #include <openssl/x509.h> 65 66 #include "rsa_local.h" 67 68 /* Override the default free and new methods */ 69 static int 70 rsa_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg) 71 { 72 if (operation == ASN1_OP_NEW_PRE) { 73 *pval = (ASN1_VALUE *)RSA_new(); 74 if (*pval) 75 return 2; 76 return 0; 77 } else if (operation == ASN1_OP_FREE_PRE) { 78 RSA_free((RSA *)*pval); 79 *pval = NULL; 80 return 2; 81 } 82 return 1; 83 } 84 85 static const ASN1_AUX RSAPrivateKey_aux = { 86 .app_data = NULL, 87 .flags = 0, 88 .ref_offset = 0, 89 .ref_lock = 0, 90 .asn1_cb = rsa_cb, 91 .enc_offset = 0, 92 }; 93 static const ASN1_TEMPLATE RSAPrivateKey_seq_tt[] = { 94 { 95 .flags = 0, 96 .tag = 0, 97 .offset = offsetof(RSA, version), 98 .field_name = "version", 99 .item = &LONG_it, 100 }, 101 { 102 .flags = 0, 103 .tag = 0, 104 .offset = offsetof(RSA, n), 105 .field_name = "n", 106 .item = &BIGNUM_it, 107 }, 108 { 109 .flags = 0, 110 .tag = 0, 111 .offset = offsetof(RSA, e), 112 .field_name = "e", 113 .item = &BIGNUM_it, 114 }, 115 { 116 .flags = 0, 117 .tag = 0, 118 .offset = offsetof(RSA, d), 119 .field_name = "d", 120 .item = &BIGNUM_it, 121 }, 122 { 123 .flags = 0, 124 .tag = 0, 125 .offset = offsetof(RSA, p), 126 .field_name = "p", 127 .item = &BIGNUM_it, 128 }, 129 { 130 .flags = 0, 131 .tag = 0, 132 .offset = offsetof(RSA, q), 133 .field_name = "q", 134 .item = &BIGNUM_it, 135 }, 136 { 137 .flags = 0, 138 .tag = 0, 139 .offset = offsetof(RSA, dmp1), 140 .field_name = "dmp1", 141 .item = &BIGNUM_it, 142 }, 143 { 144 .flags = 0, 145 .tag = 0, 146 .offset = offsetof(RSA, dmq1), 147 .field_name = "dmq1", 148 .item = &BIGNUM_it, 149 }, 150 { 151 .flags = 0, 152 .tag = 0, 153 .offset = offsetof(RSA, iqmp), 154 .field_name = "iqmp", 155 .item = &BIGNUM_it, 156 }, 157 }; 158 159 const ASN1_ITEM RSAPrivateKey_it = { 160 .itype = ASN1_ITYPE_SEQUENCE, 161 .utype = V_ASN1_SEQUENCE, 162 .templates = RSAPrivateKey_seq_tt, 163 .tcount = sizeof(RSAPrivateKey_seq_tt) / sizeof(ASN1_TEMPLATE), 164 .funcs = &RSAPrivateKey_aux, 165 .size = sizeof(RSA), 166 .sname = "RSA", 167 }; 168 LCRYPTO_ALIAS(RSAPrivateKey_it); 169 170 171 static const ASN1_AUX RSAPublicKey_aux = { 172 .app_data = NULL, 173 .flags = 0, 174 .ref_offset = 0, 175 .ref_lock = 0, 176 .asn1_cb = rsa_cb, 177 .enc_offset = 0, 178 }; 179 static const ASN1_TEMPLATE RSAPublicKey_seq_tt[] = { 180 { 181 .flags = 0, 182 .tag = 0, 183 .offset = offsetof(RSA, n), 184 .field_name = "n", 185 .item = &BIGNUM_it, 186 }, 187 { 188 .flags = 0, 189 .tag = 0, 190 .offset = offsetof(RSA, e), 191 .field_name = "e", 192 .item = &BIGNUM_it, 193 }, 194 }; 195 196 const ASN1_ITEM RSAPublicKey_it = { 197 .itype = ASN1_ITYPE_SEQUENCE, 198 .utype = V_ASN1_SEQUENCE, 199 .templates = RSAPublicKey_seq_tt, 200 .tcount = sizeof(RSAPublicKey_seq_tt) / sizeof(ASN1_TEMPLATE), 201 .funcs = &RSAPublicKey_aux, 202 .size = sizeof(RSA), 203 .sname = "RSA", 204 }; 205 LCRYPTO_ALIAS(RSAPublicKey_it); 206 207 static int 208 rsa_pss_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg) 209 { 210 /* Free up maskHash */ 211 if (operation == ASN1_OP_FREE_PRE) { 212 RSA_PSS_PARAMS *pss = (RSA_PSS_PARAMS *)*pval; 213 X509_ALGOR_free(pss->maskHash); 214 } 215 return 1; 216 } 217 218 static const ASN1_AUX RSA_PSS_PARAMS_aux = { 219 .app_data = NULL, 220 .flags = 0, 221 .ref_offset = 0, 222 .ref_lock = 0, 223 .asn1_cb = rsa_pss_cb, 224 .enc_offset = 0, 225 }; 226 227 static const ASN1_TEMPLATE RSA_PSS_PARAMS_seq_tt[] = { 228 { 229 .flags = ASN1_TFLG_EXPLICIT | ASN1_TFLG_OPTIONAL, 230 .tag = 0, 231 .offset = offsetof(RSA_PSS_PARAMS, hashAlgorithm), 232 .field_name = "hashAlgorithm", 233 .item = &X509_ALGOR_it, 234 }, 235 { 236 .flags = ASN1_TFLG_EXPLICIT | ASN1_TFLG_OPTIONAL, 237 .tag = 1, 238 .offset = offsetof(RSA_PSS_PARAMS, maskGenAlgorithm), 239 .field_name = "maskGenAlgorithm", 240 .item = &X509_ALGOR_it, 241 }, 242 { 243 .flags = ASN1_TFLG_EXPLICIT | ASN1_TFLG_OPTIONAL, 244 .tag = 2, 245 .offset = offsetof(RSA_PSS_PARAMS, saltLength), 246 .field_name = "saltLength", 247 .item = &ASN1_INTEGER_it, 248 }, 249 { 250 .flags = ASN1_TFLG_EXPLICIT | ASN1_TFLG_OPTIONAL, 251 .tag = 3, 252 .offset = offsetof(RSA_PSS_PARAMS, trailerField), 253 .field_name = "trailerField", 254 .item = &ASN1_INTEGER_it, 255 }, 256 }; 257 258 const ASN1_ITEM RSA_PSS_PARAMS_it = { 259 .itype = ASN1_ITYPE_SEQUENCE, 260 .utype = V_ASN1_SEQUENCE, 261 .templates = RSA_PSS_PARAMS_seq_tt, 262 .tcount = sizeof(RSA_PSS_PARAMS_seq_tt) / sizeof(ASN1_TEMPLATE), 263 .funcs = &RSA_PSS_PARAMS_aux, 264 .size = sizeof(RSA_PSS_PARAMS), 265 .sname = "RSA_PSS_PARAMS", 266 }; 267 LCRYPTO_ALIAS(RSA_PSS_PARAMS_it); 268 269 RSA_PSS_PARAMS * 270 d2i_RSA_PSS_PARAMS(RSA_PSS_PARAMS **a, const unsigned char **in, long len) 271 { 272 return (RSA_PSS_PARAMS *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, 273 &RSA_PSS_PARAMS_it); 274 } 275 LCRYPTO_ALIAS(d2i_RSA_PSS_PARAMS); 276 277 int 278 i2d_RSA_PSS_PARAMS(RSA_PSS_PARAMS *a, unsigned char **out) 279 { 280 return ASN1_item_i2d((ASN1_VALUE *)a, out, &RSA_PSS_PARAMS_it); 281 } 282 LCRYPTO_ALIAS(i2d_RSA_PSS_PARAMS); 283 284 RSA_PSS_PARAMS * 285 RSA_PSS_PARAMS_new(void) 286 { 287 return (RSA_PSS_PARAMS *)ASN1_item_new(&RSA_PSS_PARAMS_it); 288 } 289 LCRYPTO_ALIAS(RSA_PSS_PARAMS_new); 290 291 void 292 RSA_PSS_PARAMS_free(RSA_PSS_PARAMS *a) 293 { 294 ASN1_item_free((ASN1_VALUE *)a, &RSA_PSS_PARAMS_it); 295 } 296 LCRYPTO_ALIAS(RSA_PSS_PARAMS_free); 297 298 static int 299 rsa_oaep_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg) 300 { 301 /* Free up maskHash */ 302 if (operation == ASN1_OP_FREE_PRE) { 303 RSA_OAEP_PARAMS *oaep = (RSA_OAEP_PARAMS *)*pval; 304 X509_ALGOR_free(oaep->maskHash); 305 } 306 return 1; 307 } 308 309 static const ASN1_AUX RSA_OAEP_PARAMS_aux = { 310 .app_data = NULL, 311 .flags = 0, 312 .ref_offset = 0, 313 .ref_lock = 0, 314 .asn1_cb = rsa_oaep_cb, 315 .enc_offset = 0, 316 }; 317 318 static const ASN1_TEMPLATE RSA_OAEP_PARAMS_seq_tt[] = { 319 { 320 .flags = ASN1_TFLG_EXPLICIT | ASN1_TFLG_OPTIONAL, 321 .tag = 0, 322 .offset = offsetof(RSA_OAEP_PARAMS, hashFunc), 323 .field_name = "hashFunc", 324 .item = &X509_ALGOR_it, 325 }, 326 { 327 .flags = ASN1_TFLG_EXPLICIT | ASN1_TFLG_OPTIONAL, 328 .tag = 1, 329 .offset = offsetof(RSA_OAEP_PARAMS, maskGenFunc), 330 .field_name = "maskGenFunc", 331 .item = &X509_ALGOR_it, 332 }, 333 { 334 .flags = ASN1_TFLG_EXPLICIT | ASN1_TFLG_OPTIONAL, 335 .tag = 2, 336 .offset = offsetof(RSA_OAEP_PARAMS, pSourceFunc), 337 .field_name = "pSourceFunc", 338 .item = &X509_ALGOR_it, 339 }, 340 }; 341 342 const ASN1_ITEM RSA_OAEP_PARAMS_it = { 343 .itype = ASN1_ITYPE_SEQUENCE, 344 .utype = V_ASN1_SEQUENCE, 345 .templates = RSA_OAEP_PARAMS_seq_tt, 346 .tcount = sizeof(RSA_OAEP_PARAMS_seq_tt) / sizeof(ASN1_TEMPLATE), 347 .funcs = &RSA_OAEP_PARAMS_aux, 348 .size = sizeof(RSA_OAEP_PARAMS), 349 .sname = "RSA_OAEP_PARAMS", 350 }; 351 LCRYPTO_ALIAS(RSA_OAEP_PARAMS_it); 352 353 354 RSA_OAEP_PARAMS * 355 d2i_RSA_OAEP_PARAMS(RSA_OAEP_PARAMS **a, const unsigned char **in, long len) 356 { 357 return (RSA_OAEP_PARAMS *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, 358 &RSA_OAEP_PARAMS_it); 359 } 360 LCRYPTO_ALIAS(d2i_RSA_OAEP_PARAMS); 361 362 int 363 i2d_RSA_OAEP_PARAMS(RSA_OAEP_PARAMS *a, unsigned char **out) 364 { 365 return ASN1_item_i2d((ASN1_VALUE *)a, out, &RSA_OAEP_PARAMS_it); 366 } 367 LCRYPTO_ALIAS(i2d_RSA_OAEP_PARAMS); 368 369 RSA_OAEP_PARAMS * 370 RSA_OAEP_PARAMS_new(void) 371 { 372 return (RSA_OAEP_PARAMS *)ASN1_item_new(&RSA_OAEP_PARAMS_it); 373 } 374 LCRYPTO_ALIAS(RSA_OAEP_PARAMS_new); 375 376 void 377 RSA_OAEP_PARAMS_free(RSA_OAEP_PARAMS *a) 378 { 379 ASN1_item_free((ASN1_VALUE *)a, &RSA_OAEP_PARAMS_it); 380 } 381 LCRYPTO_ALIAS(RSA_OAEP_PARAMS_free); 382 383 RSA * 384 d2i_RSAPrivateKey(RSA **a, const unsigned char **in, long len) 385 { 386 return (RSA *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, 387 &RSAPrivateKey_it); 388 } 389 LCRYPTO_ALIAS(d2i_RSAPrivateKey); 390 391 int 392 i2d_RSAPrivateKey(const RSA *a, unsigned char **out) 393 { 394 return ASN1_item_i2d((ASN1_VALUE *)a, out, &RSAPrivateKey_it); 395 } 396 LCRYPTO_ALIAS(i2d_RSAPrivateKey); 397 398 399 RSA * 400 d2i_RSAPublicKey(RSA **a, const unsigned char **in, long len) 401 { 402 return (RSA *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, 403 &RSAPublicKey_it); 404 } 405 LCRYPTO_ALIAS(d2i_RSAPublicKey); 406 407 int 408 i2d_RSAPublicKey(const RSA *a, unsigned char **out) 409 { 410 return ASN1_item_i2d((ASN1_VALUE *)a, out, &RSAPublicKey_it); 411 } 412 LCRYPTO_ALIAS(i2d_RSAPublicKey); 413 414 RSA * 415 RSAPublicKey_dup(RSA *rsa) 416 { 417 return ASN1_item_dup(&RSAPublicKey_it, rsa); 418 } 419 LCRYPTO_ALIAS(RSAPublicKey_dup); 420 421 RSA * 422 RSAPrivateKey_dup(RSA *rsa) 423 { 424 return ASN1_item_dup(&RSAPrivateKey_it, rsa); 425 } 426 LCRYPTO_ALIAS(RSAPrivateKey_dup); 427