diff options
| author | Shane Lontis <shane.lontis@oracle.com> | 2020-04-01 15:51:18 +1000 |
|---|---|---|
| committer | Shane Lontis <shane.lontis@oracle.com> | 2020-04-01 15:51:18 +1000 |
| commit | 96ebe52e897dea29664683e138877fb5eb995e4d (patch) | |
| tree | b32e8fa99b2b4eb53e214b7fa196c8ec8d465777 /providers | |
| parent | f4c88073091592b1ff92ba12c894488ff7d03ece (diff) | |
| download | openssl-96ebe52e897dea29664683e138877fb5eb995e4d.zip openssl-96ebe52e897dea29664683e138877fb5eb995e4d.tar.gz openssl-96ebe52e897dea29664683e138877fb5eb995e4d.tar.bz2 | |
Add EVP_PKEY_gettable_params support for accessing EVP_PKEY key data fields
Currently only RSA, EC and ECX are supported (DH and DSA need to be added to the keygen
PR's seperately because the fields supported have changed significantly).
The API's require the keys to be provider based.
Made the keymanagement export and get_params functions share the same code by supplying
support functions that work for both a OSSL_PARAM_BLD as well as a OSSL_PARAM[].
This approach means that complex code is not required to build an
empty OSSL_PARAM[] with the correct sized fields before then doing a second
pass to populate the array.
The RSA factor arrays have been changed to use unique key names to simplify the interface
needed by the user.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11365)
Diffstat (limited to 'providers')
| -rw-r--r-- | providers/implementations/keymgmt/build.info | 5 | ||||
| -rw-r--r-- | providers/implementations/keymgmt/ec_kmgmt.c | 79 | ||||
| -rw-r--r-- | providers/implementations/keymgmt/ecx_kmgmt.c | 58 | ||||
| -rw-r--r-- | providers/implementations/keymgmt/rsa_kmgmt.c | 156 | ||||
| -rw-r--r-- | providers/implementations/serializers/serializer_rsa.c | 1 |
5 files changed, 154 insertions, 145 deletions
diff --git a/providers/implementations/keymgmt/build.info b/providers/implementations/keymgmt/build.info index 89d33e3..92cac52 100644 --- a/providers/implementations/keymgmt/build.info +++ b/providers/implementations/keymgmt/build.info @@ -4,7 +4,6 @@ $DH_GOAL=../../libimplementations.a $DSA_GOAL=../../libimplementations.a $EC_GOAL=../../libimplementations.a -$RSA_GOAL=../../libimplementations.a $ECX_GOAL=../../libimplementations.a IF[{- !$disabled{dh} -}] @@ -16,7 +15,9 @@ ENDIF IF[{- !$disabled{ec} -}] SOURCE[$EC_GOAL]=ec_kmgmt.c ENDIF -SOURCE[$RSA_GOAL]=rsa_kmgmt.c IF[{- !$disabled{ec} -}] SOURCE[$ECX_GOAL]=ecx_kmgmt.c ENDIF + +SOURCE[../../libfips.a]=rsa_kmgmt.c +SOURCE[../../libnonfips.a]=rsa_kmgmt.c diff --git a/providers/implementations/keymgmt/ec_kmgmt.c b/providers/implementations/keymgmt/ec_kmgmt.c index 82ef3d3..77d4753 100644 --- a/providers/implementations/keymgmt/ec_kmgmt.c +++ b/providers/implementations/keymgmt/ec_kmgmt.c @@ -17,13 +17,12 @@ #include <openssl/core_names.h> #include <openssl/bn.h> #include <openssl/objects.h> -#include <openssl/params.h> #include "crypto/bn.h" #include "crypto/ec.h" -#include "openssl/param_build.h" #include "prov/implementations.h" #include "prov/providercommon.h" #include "prov/provider_ctx.h" +#include "internal/param_build_set.h" static OSSL_OP_keymgmt_new_fn ec_newdata; static OSSL_OP_keymgmt_free_fn ec_freedata; @@ -40,8 +39,8 @@ static OSSL_OP_keymgmt_export_fn ec_export; static OSSL_OP_keymgmt_export_types_fn ec_export_types; static OSSL_OP_keymgmt_query_operation_name_fn ec_query_operation_name; -#define EC_POSSIBLE_SELECTIONS \ - (OSSL_KEYMGMT_SELECT_KEYPAIR | OSSL_KEYMGMT_SELECT_ALL_PARAMETERS ) +#define EC_POSSIBLE_SELECTIONS \ + (OSSL_KEYMGMT_SELECT_KEYPAIR | OSSL_KEYMGMT_SELECT_ALL_PARAMETERS) static const char *ec_query_operation_name(int operation_id) @@ -56,7 +55,8 @@ const char *ec_query_operation_name(int operation_id) } static ossl_inline -int domparams_to_params(const EC_KEY *ec, OSSL_PARAM_BLD *tmpl) +int domparams_to_params(const EC_KEY *ec, OSSL_PARAM_BLD *tmpl, + OSSL_PARAM params[]) { const EC_GROUP *ecg; int curve_nid; @@ -71,11 +71,7 @@ int domparams_to_params(const EC_KEY *ec, OSSL_PARAM_BLD *tmpl) curve_nid = EC_GROUP_get_curve_name(ecg); if (curve_nid == NID_undef) { - /* explicit parameters */ - - /* - * TODO(3.0): should we support explicit parameters curves? - */ + /* TODO(3.0): should we support explicit parameters curves? */ return 0; } else { /* named curve */ @@ -83,9 +79,10 @@ int domparams_to_params(const EC_KEY *ec, OSSL_PARAM_BLD *tmpl) if ((curve_name = ec_curve_nid2name(curve_nid)) == NULL) return 0; + if (!ossl_param_build_set_utf8_string(tmpl, params, + OSSL_PKEY_PARAM_EC_NAME, + curve_name)) - if (!OSSL_PARAM_BLD_push_utf8_string(tmpl, OSSL_PKEY_PARAM_EC_NAME, - curve_name, 0)) return 0; } @@ -100,12 +97,13 @@ int domparams_to_params(const EC_KEY *ec, OSSL_PARAM_BLD *tmpl) * parameters are exported separately. */ static ossl_inline -int key_to_params(const EC_KEY *eckey, OSSL_PARAM_BLD *tmpl, int include_private) +int key_to_params(const EC_KEY *eckey, OSSL_PARAM_BLD *tmpl, + OSSL_PARAM params[], int include_private, + unsigned char **pub_key) { const BIGNUM *priv_key = NULL; const EC_POINT *pub_point = NULL; const EC_GROUP *ecg = NULL; - unsigned char *pub_key = NULL; size_t pub_key_len = 0; int ret = 0; @@ -120,10 +118,10 @@ int key_to_params(const EC_KEY *eckey, OSSL_PARAM_BLD *tmpl, int include_private /* convert pub_point to a octet string according to the SECG standard */ if ((pub_key_len = EC_POINT_point2buf(ecg, pub_point, POINT_CONVERSION_COMPRESSED, - &pub_key, NULL)) == 0 - || !OSSL_PARAM_BLD_push_octet_string(tmpl, - OSSL_PKEY_PARAM_PUB_KEY, - pub_key, pub_key_len)) + pub_key, NULL)) == 0 + || !ossl_param_build_set_octet_string(tmpl, params, + OSSL_PKEY_PARAM_PUB_KEY, + *pub_key, pub_key_len)) goto err; } @@ -168,21 +166,20 @@ int key_to_params(const EC_KEY *eckey, OSSL_PARAM_BLD *tmpl, int include_private if (ecbits <= 0) goto err; sz = (ecbits + 7 ) / 8; - if (!OSSL_PARAM_BLD_push_BN_pad(tmpl, - OSSL_PKEY_PARAM_PRIV_KEY, - priv_key, sz)) + + if (!ossl_param_build_set_bn_pad(tmpl, params, + OSSL_PKEY_PARAM_PRIV_KEY, + priv_key, sz)) goto err; } - ret = 1; - err: - OPENSSL_free(pub_key); return ret; } static ossl_inline -int otherparams_to_params(const EC_KEY *ec, OSSL_PARAM_BLD *tmpl) +int otherparams_to_params(const EC_KEY *ec, OSSL_PARAM_BLD *tmpl, + OSSL_PARAM params[]) { int ecdh_cofactor_mode = 0; @@ -191,12 +188,9 @@ int otherparams_to_params(const EC_KEY *ec, OSSL_PARAM_BLD *tmpl) ecdh_cofactor_mode = (EC_KEY_get_flags(ec) & EC_FLAG_COFACTOR_ECDH) ? 1 : 0; - if (!OSSL_PARAM_BLD_push_int(tmpl, - OSSL_PKEY_PARAM_USE_COFACTOR_ECDH, - ecdh_cofactor_mode)) - return 0; - - return 1; + return ossl_param_build_set_int(tmpl, params, + OSSL_PKEY_PARAM_USE_COFACTOR_ECDH, + ecdh_cofactor_mode); } static @@ -314,6 +308,7 @@ int ec_export(void *keydata, int selection, OSSL_CALLBACK *param_cb, EC_KEY *ec = keydata; OSSL_PARAM_BLD *tmpl; OSSL_PARAM *params = NULL; + unsigned char *pub_key = NULL; int ok = 1; if (ec == NULL) @@ -346,15 +341,16 @@ int ec_export(void *keydata, int selection, OSSL_CALLBACK *param_cb, return 0; if ((selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) != 0) - ok = ok && domparams_to_params(ec, tmpl); + ok = ok && domparams_to_params(ec, tmpl, NULL); + if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) { int include_private = selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY ? 1 : 0; - ok = ok && key_to_params(ec, tmpl, include_private); + ok = ok && key_to_params(ec, tmpl, NULL, include_private, &pub_key); } if ((selection & OSSL_KEYMGMT_SELECT_OTHER_PARAMETERS) != 0) - ok = ok && otherparams_to_params(ec, tmpl); + ok = ok && otherparams_to_params(ec, tmpl, NULL); if (!ok || (params = OSSL_PARAM_BLD_to_param(tmpl)) == NULL) @@ -364,6 +360,7 @@ int ec_export(void *keydata, int selection, OSSL_CALLBACK *param_cb, OSSL_PARAM_BLD_free_params(params); err: OSSL_PARAM_BLD_free(tmpl); + OPENSSL_free(pub_key); return ok; } @@ -423,9 +420,11 @@ const OSSL_PARAM *ec_export_types(int selection) static int ec_get_params(void *key, OSSL_PARAM params[]) { + int ret; EC_KEY *eck = key; const EC_GROUP *ecg = NULL; OSSL_PARAM *p; + unsigned char *pub_key = NULL; ecg = EC_KEY_get0_group(eck); if (ecg == NULL) @@ -485,15 +484,21 @@ int ec_get_params(void *key, OSSL_PARAM params[]) if (!OSSL_PARAM_set_int(p, ecdh_cofactor_mode)) return 0; } - - return 1; + ret = domparams_to_params(eck, NULL, params) + && key_to_params(eck, NULL, params, 1, &pub_key) + && otherparams_to_params(eck, NULL, params); + OPENSSL_free(pub_key); + return ret; } static const OSSL_PARAM ec_known_gettable_params[] = { OSSL_PARAM_int(OSSL_PKEY_PARAM_BITS, NULL), OSSL_PARAM_int(OSSL_PKEY_PARAM_SECURITY_BITS, NULL), OSSL_PARAM_int(OSSL_PKEY_PARAM_MAX_SIZE, NULL), - OSSL_PARAM_int(OSSL_PKEY_PARAM_USE_COFACTOR_ECDH, NULL), + EC_IMEXPORTABLE_DOM_PARAMETERS, + EC_IMEXPORTABLE_PUBLIC_KEY, + EC_IMEXPORTABLE_PRIVATE_KEY, + EC_IMEXPORTABLE_OTHER_PARAMETERS, OSSL_PARAM_END }; diff --git a/providers/implementations/keymgmt/ecx_kmgmt.c b/providers/implementations/keymgmt/ecx_kmgmt.c index be11f0b..ca53a93 100644 --- a/providers/implementations/keymgmt/ecx_kmgmt.c +++ b/providers/implementations/keymgmt/ecx_kmgmt.c @@ -10,11 +10,10 @@ #include <assert.h> #include <openssl/core_numbers.h> #include <openssl/core_names.h> -#include <openssl/params.h> -#include "openssl/param_build.h" #include "crypto/ecx.h" #include "prov/implementations.h" #include "prov/providercommon.h" +#include "internal/param_build_set.h" static OSSL_OP_keymgmt_new_fn x25519_new_key; static OSSL_OP_keymgmt_new_fn x448_new_key; @@ -90,18 +89,21 @@ static int ecx_import(void *keydata, int selection, const OSSL_PARAM params[]) return ok; } -static int key_to_params(ECX_KEY *key, OSSL_PARAM_BLD *tmpl) +static int key_to_params(ECX_KEY *key, OSSL_PARAM_BLD *tmpl, + OSSL_PARAM params[]) { if (key == NULL) return 0; - if (!OSSL_PARAM_BLD_push_octet_string(tmpl, OSSL_PKEY_PARAM_PUB_KEY, - key->pubkey, key->keylen)) + if (!ossl_param_build_set_octet_string(tmpl, params, + OSSL_PKEY_PARAM_PUB_KEY, + key->pubkey, key->keylen)) return 0; if (key->privkey != NULL - && !OSSL_PARAM_BLD_push_octet_string(tmpl, OSSL_PKEY_PARAM_PRIV_KEY, - key->privkey, key->keylen)) + && !ossl_param_build_set_octet_string(tmpl, params, + OSSL_PKEY_PARAM_PRIV_KEY, + key->privkey, key->keylen)) return 0; return 1; @@ -113,7 +115,7 @@ static int ecx_export(void *keydata, int selection, OSSL_CALLBACK *param_cb, ECX_KEY *key = keydata; OSSL_PARAM_BLD *tmpl; OSSL_PARAM *params = NULL; - int ret; + int ret = 0; if (key == NULL) return 0; @@ -123,24 +125,30 @@ static int ecx_export(void *keydata, int selection, OSSL_CALLBACK *param_cb, return 0; if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0 - && !key_to_params(key, tmpl)) { - OSSL_PARAM_BLD_free(tmpl); - return 0; - } + && !key_to_params(key, tmpl, NULL)) + goto err; + + if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0 + && !key_to_params(key, tmpl, NULL)) + goto err; params = OSSL_PARAM_BLD_to_param(tmpl); - OSSL_PARAM_BLD_free(tmpl); if (params == NULL) - return 0; + goto err; ret = param_cb(params, cbarg); OSSL_PARAM_BLD_free_params(params); +err: + OSSL_PARAM_BLD_free(tmpl); return ret; } +#define ECX_KEY_TYPES() \ +OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_PUB_KEY, NULL, 0), \ +OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_PRIV_KEY, NULL, 0) + static const OSSL_PARAM ecx_key_types[] = { - OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_PUB_KEY, NULL, 0), - OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_PRIV_KEY, NULL, 0), + ECX_KEY_TYPES(), OSSL_PARAM_END }; static const OSSL_PARAM *ecx_imexport_types(int selection) @@ -150,9 +158,10 @@ static const OSSL_PARAM *ecx_imexport_types(int selection) return NULL; } -static int ecx_get_params(OSSL_PARAM params[], int bits, int secbits, +static int ecx_get_params(void *key, OSSL_PARAM params[], int bits, int secbits, int size) { + ECX_KEY *ecx = key; OSSL_PARAM *p; if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_BITS)) != NULL @@ -164,33 +173,38 @@ static int ecx_get_params(OSSL_PARAM params[], int bits, int secbits, if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_MAX_SIZE)) != NULL && !OSSL_PARAM_set_int(p, size)) return 0; - return 1; + return key_to_params(ecx, NULL, params); } static int x25519_get_params(void *key, OSSL_PARAM params[]) { - return ecx_get_params(params, X25519_BITS, X25519_SECURITY_BITS, X25519_KEYLEN); + return ecx_get_params(key, params, X25519_BITS, X25519_SECURITY_BITS, + X25519_KEYLEN); } static int x448_get_params(void *key, OSSL_PARAM params[]) { - return ecx_get_params(params, X448_BITS, X448_SECURITY_BITS, X448_KEYLEN); + return ecx_get_params(key, params, X448_BITS, X448_SECURITY_BITS, + X448_KEYLEN); } static int ed25519_get_params(void *key, OSSL_PARAM params[]) { - return ecx_get_params(params, ED25519_BITS, ED25519_SECURITY_BITS, ED25519_KEYLEN); + return ecx_get_params(key, params, ED25519_BITS, ED25519_SECURITY_BITS, + ED25519_KEYLEN); } static int ed448_get_params(void *key, OSSL_PARAM params[]) { - return ecx_get_params(params, ED448_BITS, ED448_SECURITY_BITS, ED448_KEYLEN); + return ecx_get_params(key, params, ED448_BITS, ED448_SECURITY_BITS, + ED448_KEYLEN); } static const OSSL_PARAM ecx_params[] = { OSSL_PARAM_int(OSSL_PKEY_PARAM_BITS, NULL), OSSL_PARAM_int(OSSL_PKEY_PARAM_SECURITY_BITS, NULL), OSSL_PARAM_int(OSSL_PKEY_PARAM_MAX_SIZE, NULL), + ECX_KEY_TYPES(), OSSL_PARAM_END }; diff --git a/providers/implementations/keymgmt/rsa_kmgmt.c b/providers/implementations/keymgmt/rsa_kmgmt.c index 50647eb..8ea3941 100644 --- a/providers/implementations/keymgmt/rsa_kmgmt.c +++ b/providers/implementations/keymgmt/rsa_kmgmt.c @@ -1,5 +1,5 @@ /* - * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -19,13 +19,11 @@ #include <openssl/err.h> #include <openssl/rsa.h> #include <openssl/evp.h> -#include <openssl/params.h> -#include <openssl/types.h> -#include "openssl/param_build.h" #include "prov/implementations.h" #include "prov/providercommon.h" #include "prov/provider_ctx.h" #include "crypto/rsa.h" +#include "internal/param_build_set.h" static OSSL_OP_keymgmt_new_fn rsa_newdata; static OSSL_OP_keymgmt_gen_init_fn rsa_gen_init; @@ -45,32 +43,13 @@ static OSSL_OP_keymgmt_export_fn rsa_export; static OSSL_OP_keymgmt_export_types_fn rsa_export_types; #define RSA_DEFAULT_MD "SHA256" -#define RSA_POSSIBLE_SELECTIONS \ +#define RSA_POSSIBLE_SELECTIONS \ (OSSL_KEYMGMT_SELECT_KEYPAIR | OSSL_KEYMGMT_SELECT_OTHER_PARAMETERS) DEFINE_STACK_OF(BIGNUM) DEFINE_SPECIAL_STACK_OF_CONST(BIGNUM_const, BIGNUM) -static int export_numbers(OSSL_PARAM_BLD *tmpl, const char *key, - STACK_OF(BIGNUM_const) *numbers) -{ - int i, nnum; - - if (numbers == NULL) - return 0; - - nnum = sk_BIGNUM_const_num(numbers); - - for (i = 0; i < nnum; i++) { - if (!OSSL_PARAM_BLD_push_BN(tmpl, key, - sk_BIGNUM_const_value(numbers, i))) - return 0; - } - - return 1; -} - -static int key_to_params(RSA *rsa, OSSL_PARAM_BLD *tmpl) +static int key_to_params(RSA *rsa, OSSL_PARAM_BLD *bld, OSSL_PARAM params[]) { int ret = 0; const BIGNUM *rsa_d = NULL, *rsa_n = NULL, *rsa_e = NULL; @@ -84,21 +63,16 @@ static int key_to_params(RSA *rsa, OSSL_PARAM_BLD *tmpl) RSA_get0_key(rsa, &rsa_n, &rsa_e, &rsa_d); rsa_get0_all_params(rsa, factors, exps, coeffs); - if (rsa_n != NULL - && !OSSL_PARAM_BLD_push_BN(tmpl, OSSL_PKEY_PARAM_RSA_N, rsa_n)) - goto err; - if (rsa_e != NULL - && !OSSL_PARAM_BLD_push_BN(tmpl, OSSL_PKEY_PARAM_RSA_E, rsa_e)) - goto err; - if (rsa_d != NULL - && !OSSL_PARAM_BLD_push_BN(tmpl, OSSL_PKEY_PARAM_RSA_D, rsa_d)) - goto err; - - if (!export_numbers(tmpl, OSSL_PKEY_PARAM_RSA_FACTOR, factors) - || !export_numbers(tmpl, OSSL_PKEY_PARAM_RSA_EXPONENT, exps) - || !export_numbers(tmpl, OSSL_PKEY_PARAM_RSA_COEFFICIENT, coeffs)) + if (!ossl_param_build_set_bn(bld, params, OSSL_PKEY_PARAM_RSA_N, rsa_n) + || !ossl_param_build_set_bn(bld, params, OSSL_PKEY_PARAM_RSA_E, rsa_e) + || !ossl_param_build_set_bn(bld, params, OSSL_PKEY_PARAM_RSA_D, rsa_d) + || !ossl_param_build_set_multi_key_bn(bld, params, rsa_mp_factor_names, + factors) + || !ossl_param_build_set_multi_key_bn(bld, params, rsa_mp_exp_names, + exps) + || !ossl_param_build_set_multi_key_bn(bld, params, rsa_mp_coeff_names, + coeffs)) goto err; - ret = 1; err: sk_BIGNUM_const_free(factors); @@ -189,20 +163,70 @@ static int rsa_export(void *keydata, int selection, return 0; if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) - ok = ok && key_to_params(rsa, tmpl); + ok = ok && key_to_params(rsa, tmpl, NULL); if (!ok - || (params = OSSL_PARAM_BLD_to_param(tmpl)) == NULL) { - OSSL_PARAM_BLD_free(tmpl); - return 0; - } - OSSL_PARAM_BLD_free(tmpl); + || (params = OSSL_PARAM_BLD_to_param(tmpl)) == NULL) + goto err; ok = param_callback(params, cbarg); OSSL_PARAM_BLD_free_params(params); +err: + OSSL_PARAM_BLD_free(tmpl); return ok; } +#ifdef FIPS_MODE +/* In fips mode there are no multi-primes. */ +# define RSA_KEY_MP_TYPES() \ +OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR1, NULL, 0), \ +OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR2, NULL, 0), \ +OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT1, NULL, 0), \ +OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT2, NULL, 0), \ +OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_COEFFICIENT1, NULL, 0), +#else +/* + * We allow up to 10 prime factors (starting with p, q). + * NOTE: there is only 9 OSSL_PKEY_PARAM_RSA_COEFFICIENT + */ +# define RSA_KEY_MP_TYPES() \ +OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR1, NULL, 0), \ +OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR2, NULL, 0), \ +OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR3, NULL, 0), \ +OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR4, NULL, 0), \ +OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR5, NULL, 0), \ +OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR6, NULL, 0), \ +OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR7, NULL, 0), \ +OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR8, NULL, 0), \ +OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR9, NULL, 0), \ +OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR10, NULL, 0), \ +OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT1, NULL, 0), \ +OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT2, NULL, 0), \ +OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT3, NULL, 0), \ +OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT4, NULL, 0), \ +OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT5, NULL, 0), \ +OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT6, NULL, 0), \ +OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT7, NULL, 0), \ +OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT8, NULL, 0), \ +OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT9, NULL, 0), \ +OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT10, NULL, 0), \ +OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_COEFFICIENT1, NULL, 0), \ +OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_COEFFICIENT2, NULL, 0), \ +OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_COEFFICIENT3, NULL, 0), \ +OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_COEFFICIENT4, NULL, 0), \ +OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_COEFFICIENT5, NULL, 0), \ +OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_COEFFICIENT6, NULL, 0), \ +OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_COEFFICIENT7, NULL, 0), \ +OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_COEFFICIENT8, NULL, 0), \ +OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_COEFFICIENT9, NULL, 0), +#endif + +#define RSA_KEY_TYPES() \ +OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_N, NULL, 0), \ +OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_E, NULL, 0), \ +OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_D, NULL, 0), \ +RSA_KEY_MP_TYPES() + /* * This provider can export everything in an RSA key, so we use the exact * same type description for export as for import. Other providers might @@ -211,41 +235,8 @@ static int rsa_export(void *keydata, int selection, * different arrays. */ static const OSSL_PARAM rsa_key_types[] = { - OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_N, NULL, 0), - OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_E, NULL, 0), - OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_D, NULL, 0), - /* We tolerate up to 10 factors... */ - OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR, NULL, 0), - OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR, NULL, 0), - OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR, NULL, 0), - OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR, NULL, 0), - OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR, NULL, 0), - OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR, NULL, 0), - OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR, NULL, 0), - OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR, NULL, 0), - OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR, NULL, 0), - OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR, NULL, 0), - /* ..., up to 10 CRT exponents... */ - OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT, NULL, 0), - OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT, NULL, 0), - OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT, NULL, 0), - OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT, NULL, 0), - OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT, NULL, 0), - OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT, NULL, 0), - OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT, NULL, 0), - OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT, NULL, 0), - OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT, NULL, 0), - OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT, NULL, 0), - /* ..., and up to 9 CRT coefficients */ - OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_COEFFICIENT, NULL, 0), - OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_COEFFICIENT, NULL, 0), - OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_COEFFICIENT, NULL, 0), - OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_COEFFICIENT, NULL, 0), - OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_COEFFICIENT, NULL, 0), - OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_COEFFICIENT, NULL, 0), - OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_COEFFICIENT, NULL, 0), - OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_COEFFICIENT, NULL, 0), - OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_COEFFICIENT, NULL, 0), + RSA_KEY_TYPES() + OSSL_PARAM_END }; /* * We lied about the amount of factors, exponents and coefficients, the @@ -266,7 +257,6 @@ static const OSSL_PARAM *rsa_import_types(int selection) return rsa_imexport_types(selection); } - static const OSSL_PARAM *rsa_export_types(int selection) { return rsa_imexport_types(selection); @@ -312,8 +302,7 @@ static int rsa_get_params(void *key, OSSL_PARAM params[]) if (!OSSL_PARAM_set_utf8_string(p, RSA_DEFAULT_MD)) return 0; } - - return 1; + return key_to_params(rsa, NULL, params); } static const OSSL_PARAM rsa_params[] = { @@ -321,6 +310,7 @@ static const OSSL_PARAM rsa_params[] = { OSSL_PARAM_int(OSSL_PKEY_PARAM_SECURITY_BITS, NULL), OSSL_PARAM_int(OSSL_PKEY_PARAM_MAX_SIZE, NULL), OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_DEFAULT_DIGEST, NULL, 0), + RSA_KEY_TYPES() OSSL_PARAM_END }; diff --git a/providers/implementations/serializers/serializer_rsa.c b/providers/implementations/serializers/serializer_rsa.c index ddc7074..21898f9 100644 --- a/providers/implementations/serializers/serializer_rsa.c +++ b/providers/implementations/serializers/serializer_rsa.c @@ -116,4 +116,3 @@ int ossl_prov_print_rsa(BIO *out, RSA *rsa, int priv) sk_BIGNUM_const_free(coeffs); return ret; } - |