Skip to content

Commit

Permalink
PROV: add RSA signature implementation
Browse files Browse the repository at this point in the history 
This includes legacy PSS controls to params conversion, and an attempt
to generalise the parameter names when they are suitable for more than
one operation.

Also added crypto/rsa/rsa_aid.c, containing proper AlgorithmIdentifiers
for known RSA+hash function combinations.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from openssl#10557)
  • Loading branch information
@levitte
levitte committed Feb 22, 2020
1 parent e8d0819 commit 6f4b766
Show file tree
Hide file tree
Showing 19 changed files with 1,517 additions and 122 deletions.
11 changes: 11 additions & 0 deletions crypto/err/openssl.txt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2752,24 +2752,29 @@ PROP_R_PARSE_FAILED:108:parse failed
PROP_R_STRING_TOO_LONG:109:string too long
PROP_R_TRAILING_CHARACTERS:110:trailing characters
PROV_R_AES_KEY_SETUP_FAILED:101:aes key setup failed
PROV_R_ALGORITHM_MISMATCH:173:algorithm mismatch
PROV_R_BAD_DECRYPT:100:bad decrypt
PROV_R_BAD_ENCODING:141:bad encoding
PROV_R_BAD_LENGTH:142:bad length
PROV_R_BAD_TLS_CLIENT_VERSION:161:bad tls client version
PROV_R_BN_ERROR:160:bn error
PROV_R_BOTH_MODE_AND_MODE_INT:127:both mode and mode int
PROV_R_CIPHER_OPERATION_FAILED:102:cipher operation failed
PROV_R_DIGEST_NOT_ALLOWED:174:digest not allowed
PROV_R_FAILED_DURING_DERIVATION:164:failed during derivation
PROV_R_FAILED_TO_DECRYPT:162:failed to decrypt
PROV_R_FAILED_TO_GENERATE_KEY:121:failed to generate key
PROV_R_FAILED_TO_GET_PARAMETER:103:failed to get parameter
PROV_R_FAILED_TO_SET_PARAMETER:104:failed to set parameter
PROV_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE:165:\
illegal or unsupported padding mode
PROV_R_INAVLID_UKM_LENGTH:146:inavlid ukm length
PROV_R_INVALID_AAD:108:invalid aad
PROV_R_INVALID_CONSTANT_LENGTH:157:invalid constant length
PROV_R_INVALID_CUSTOM_LENGTH:111:invalid custom length
PROV_R_INVALID_DATA:115:invalid data
PROV_R_INVALID_DIGEST:122:invalid digest
PROV_R_INVALID_DIGEST_LENGTH:166:invalid digest length
PROV_R_INVALID_ITERATION_COUNT:123:invalid iteration count
PROV_R_INVALID_IVLEN:116:invalid ivlen
PROV_R_INVALID_IV_LENGTH:109:invalid iv length
Expand All @@ -2778,12 +2783,17 @@ PROV_R_INVALID_KEYLEN:117:invalid keylen
PROV_R_INVALID_KEY_LEN:124:invalid key len
PROV_R_INVALID_KEY_LENGTH:105:invalid key length
PROV_R_INVALID_MAC:151:invalid mac
PROV_R_INVALID_MGF1_MD:167:invalid mgf1 md
PROV_R_INVALID_MODE:125:invalid mode
PROV_R_INVALID_MODE_INT:126:invalid mode int
PROV_R_INVALID_PADDING_MODE:168:invalid padding mode
PROV_R_INVALID_PSS_SALTLEN:169:invalid pss saltlen
PROV_R_INVALID_SALT_LENGTH:112:invalid salt length
PROV_R_INVALID_SEED_LENGTH:154:invalid seed length
PROV_R_INVALID_TAG:110:invalid tag
PROV_R_INVALID_TAGLEN:118:invalid taglen
PROV_R_INVALID_X931_DIGEST:170:invalid x931 digest
PROV_R_KEY_SIZE_TOO_SMALL:171:key size too small
PROV_R_MISSING_CEK_ALG:144:missing cek alg
PROV_R_MISSING_CIPHER:155:missing cipher
PROV_R_MISSING_CONSTANT:156:missing constant
Expand All @@ -2801,6 +2811,7 @@ PROV_R_NOT_SUPPORTED:136:not supported
PROV_R_NOT_XOF_OR_INVALID_LENGTH:113:not xof or invalid length
PROV_R_NO_KEY_SET:114:no key set
PROV_R_OUTPUT_BUFFER_TOO_SMALL:106:output buffer too small
PROV_R_PSS_SALTLEN_TOO_SMALL:172:pss saltlen too small
PROV_R_READ_KEY:159:read key
PROV_R_TAG_NOTSET:119:tag notset
PROV_R_TAG_NOT_NEEDED:120:tag not needed
Expand Down
118 changes: 62 additions & 56 deletions crypto/evp/pmeth_lib.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -786,69 +786,73 @@ static int legacy_ctrl_to_param(EVP_PKEY_CTX *ctx, int keytype, int optype,
# ifndef OPENSSL_NO_EC
if (keytype == EVP_PKEY_EC) {
switch (cmd) {
case EVP_PKEY_CTRL_EC_ECDH_COFACTOR:
if (p1 == -2) {
return EVP_PKEY_CTX_get_ecdh_cofactor_mode(ctx);
} else if (p1 < -1 || p1 > 1) {
/* Uses the same return values as EVP_PKEY_CTX_ctrl */
return -2;
} else {
return EVP_PKEY_CTX_set_ecdh_cofactor_mode(ctx, p1);
}
case EVP_PKEY_CTRL_EC_KDF_TYPE:
if (p1 == -2) {
return EVP_PKEY_CTX_get_ecdh_kdf_type(ctx);
} else {
return EVP_PKEY_CTX_set_ecdh_kdf_type(ctx, p1);
}
case EVP_PKEY_CTRL_GET_EC_KDF_MD:
return EVP_PKEY_CTX_get_ecdh_kdf_md(ctx, p2);
case EVP_PKEY_CTRL_EC_KDF_MD:
return EVP_PKEY_CTX_set_ecdh_kdf_md(ctx, p2);
case EVP_PKEY_CTRL_GET_EC_KDF_OUTLEN:
return EVP_PKEY_CTX_get_ecdh_kdf_outlen(ctx, p2);
case EVP_PKEY_CTRL_EC_KDF_OUTLEN:
return EVP_PKEY_CTX_set_ecdh_kdf_outlen(ctx, p1);
case EVP_PKEY_CTRL_GET_EC_KDF_UKM:
return EVP_PKEY_CTX_get0_ecdh_kdf_ukm(ctx, p2);
case EVP_PKEY_CTRL_EC_KDF_UKM:
return EVP_PKEY_CTX_set0_ecdh_kdf_ukm(ctx, p2, p1);
case EVP_PKEY_CTRL_EC_ECDH_COFACTOR:
if (p1 == -2) {
return EVP_PKEY_CTX_get_ecdh_cofactor_mode(ctx);
} else if (p1 < -1 || p1 > 1) {
/* Uses the same return values as EVP_PKEY_CTX_ctrl */
return -2;
} else {
return EVP_PKEY_CTX_set_ecdh_cofactor_mode(ctx, p1);
}
case EVP_PKEY_CTRL_EC_KDF_TYPE:
if (p1 == -2) {
return EVP_PKEY_CTX_get_ecdh_kdf_type(ctx);
} else {
return EVP_PKEY_CTX_set_ecdh_kdf_type(ctx, p1);
}
case EVP_PKEY_CTRL_GET_EC_KDF_MD:
return EVP_PKEY_CTX_get_ecdh_kdf_md(ctx, p2);
case EVP_PKEY_CTRL_EC_KDF_MD:
return EVP_PKEY_CTX_set_ecdh_kdf_md(ctx, p2);
case EVP_PKEY_CTRL_GET_EC_KDF_OUTLEN:
return EVP_PKEY_CTX_get_ecdh_kdf_outlen(ctx, p2);
case EVP_PKEY_CTRL_EC_KDF_OUTLEN:
return EVP_PKEY_CTX_set_ecdh_kdf_outlen(ctx, p1);
case EVP_PKEY_CTRL_GET_EC_KDF_UKM:
return EVP_PKEY_CTX_get0_ecdh_kdf_ukm(ctx, p2);
case EVP_PKEY_CTRL_EC_KDF_UKM:
return EVP_PKEY_CTX_set0_ecdh_kdf_ukm(ctx, p2, p1);
}
}
# endif
if (keytype == -1) {
switch (cmd) {
case EVP_PKEY_CTRL_MD:
return EVP_PKEY_CTX_set_signature_md(ctx, p2);
case EVP_PKEY_CTRL_GET_MD:
return EVP_PKEY_CTX_get_signature_md(ctx, p2);
case EVP_PKEY_CTRL_RSA_PADDING:
return EVP_PKEY_CTX_set_rsa_padding(ctx, p1);
case EVP_PKEY_CTRL_GET_RSA_PADDING:
return EVP_PKEY_CTX_get_rsa_padding(ctx, p2);
case EVP_PKEY_CTRL_RSA_OAEP_MD:
return EVP_PKEY_CTX_set_rsa_oaep_md(ctx, p2);
case EVP_PKEY_CTRL_GET_RSA_OAEP_MD:
return EVP_PKEY_CTX_get_rsa_oaep_md(ctx, p2);
case EVP_PKEY_CTRL_RSA_MGF1_MD:
return EVP_PKEY_CTX_set_rsa_oaep_md(ctx, p2);
case EVP_PKEY_CTRL_GET_RSA_MGF1_MD:
return EVP_PKEY_CTX_get_rsa_oaep_md(ctx, p2);
case EVP_PKEY_CTRL_RSA_OAEP_LABEL:
return EVP_PKEY_CTX_set0_rsa_oaep_label(ctx, p2, p1);
case EVP_PKEY_CTRL_GET_RSA_OAEP_LABEL:
return EVP_PKEY_CTX_get0_rsa_oaep_label(ctx, (unsigned char **)p2);
case EVP_PKEY_CTRL_PKCS7_ENCRYPT:
case EVP_PKEY_CTRL_PKCS7_DECRYPT:
case EVP_PKEY_CTRL_MD:
return EVP_PKEY_CTX_set_signature_md(ctx, p2);
case EVP_PKEY_CTRL_GET_MD:
return EVP_PKEY_CTX_get_signature_md(ctx, p2);
case EVP_PKEY_CTRL_RSA_PADDING:
return EVP_PKEY_CTX_set_rsa_padding(ctx, p1);
case EVP_PKEY_CTRL_GET_RSA_PADDING:
return EVP_PKEY_CTX_get_rsa_padding(ctx, p2);
case EVP_PKEY_CTRL_RSA_OAEP_MD:
return EVP_PKEY_CTX_set_rsa_oaep_md(ctx, p2);
case EVP_PKEY_CTRL_GET_RSA_OAEP_MD:
return EVP_PKEY_CTX_get_rsa_oaep_md(ctx, p2);
case EVP_PKEY_CTRL_RSA_MGF1_MD:
return EVP_PKEY_CTX_set_rsa_oaep_md(ctx, p2);
case EVP_PKEY_CTRL_GET_RSA_MGF1_MD:
return EVP_PKEY_CTX_get_rsa_oaep_md(ctx, p2);
case EVP_PKEY_CTRL_RSA_OAEP_LABEL:
return EVP_PKEY_CTX_set0_rsa_oaep_label(ctx, p2, p1);
case EVP_PKEY_CTRL_GET_RSA_OAEP_LABEL:
return EVP_PKEY_CTX_get0_rsa_oaep_label(ctx, (unsigned char **)p2);
case EVP_PKEY_CTRL_RSA_PSS_SALTLEN:
return EVP_PKEY_CTX_set_rsa_pss_saltlen(ctx, p1);
case EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN:
return EVP_PKEY_CTX_get_rsa_pss_saltlen(ctx, p2);
case EVP_PKEY_CTRL_PKCS7_ENCRYPT:
case EVP_PKEY_CTRL_PKCS7_DECRYPT:
# ifndef OPENSSL_NO_CMS
case EVP_PKEY_CTRL_CMS_DECRYPT:
case EVP_PKEY_CTRL_CMS_ENCRYPT:
case EVP_PKEY_CTRL_CMS_DECRYPT:
case EVP_PKEY_CTRL_CMS_ENCRYPT:
# endif
if (ctx->pmeth->pkey_id != EVP_PKEY_RSA_PSS)
return 1;
ERR_raise(ERR_LIB_EVP,
EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
return -2;
if (ctx->pmeth->pkey_id != EVP_PKEY_RSA_PSS)
return 1;
ERR_raise(ERR_LIB_EVP,
EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
return -2;
}
}
return 0;
Expand Down Expand Up @@ -918,6 +922,8 @@ static int legacy_ctrl_str_to_param(EVP_PKEY_CTX *ctx, const char *name,
name = OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST;
else if (strcmp(name, "rsa_oaep_label") == 0)
name = OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL;
else if (strcmp(name, "rsa_pss_saltlen") == 0)
name = OSSL_SIGNATURE_PARAM_PSS_SALTLEN;
# ifndef OPENSSL_NO_DH
else if (strcmp(name, "dh_pad") == 0)
name = OSSL_EXCHANGE_PARAM_PAD;
Expand Down
2 changes: 1 addition & 1 deletion crypto/rsa/build.info
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
LIBS=../../libcrypto

$COMMON=rsa_ossl.c rsa_gen.c rsa_lib.c rsa_sign.c rsa_pk1.c \
$COMMON=rsa_ossl.c rsa_gen.c rsa_lib.c rsa_sign.c rsa_aid.c rsa_pk1.c \
rsa_none.c rsa_oaep.c rsa_chk.c rsa_pss.c rsa_x931.c rsa_crpt.c \
rsa_x931g.c rsa_sp800_56b_gen.c rsa_sp800_56b_check.c

Expand Down
98 changes: 98 additions & 0 deletions crypto/rsa/rsa_aid.c
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,98 @@
/*
* Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/

#include <stdlib.h>

#include <openssl/objects.h>
#include "crypto/rsa.h"

#define ASN1_SEQUENCE 0x30
#define ASN1_OID 0x06

/*
* -- RFC 2313
* pkcs-1 OBJECT IDENTIFIER ::= {
* iso(1) member-body(2) US(840) rsadsi(113549) pkcs(1) 1
* }
*/

/*
* -- RFC 3279
* md2WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 2 }
* md5WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 4 }
* sha1WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 5 }
*/
#define ENCODE_ALGORITHMIDENTIFIER_PKCS1(name, n) \
static const unsigned char algorithmidentifier_##name##_der[] = { \
ASN1_SEQUENCE, 0x0b, \
ASN1_OID, 0x09, 1 * 40 + 2, 134, 72, 134, 247, 13, 1, 1, n \
}
#ifndef FIPS_MODE
ENCODE_ALGORITHMIDENTIFIER_PKCS1(md2, 2);
ENCODE_ALGORITHMIDENTIFIER_PKCS1(md5, 4);
#endif
ENCODE_ALGORITHMIDENTIFIER_PKCS1(sha1, 5);

/*
* -- RFC 4055
* sha224WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 14 }
* sha256WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 11 }
* sha384WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 12 }
* sha512WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 13 }
*/
ENCODE_ALGORITHMIDENTIFIER_PKCS1(sha224, 14);
ENCODE_ALGORITHMIDENTIFIER_PKCS1(sha256, 11);
ENCODE_ALGORITHMIDENTIFIER_PKCS1(sha384, 12);
ENCODE_ALGORITHMIDENTIFIER_PKCS1(sha512, 13);

/*
* -- https://csrc.nist.gov/projects/computer-security-objects-register/algorithm-registration
*
* sigAlgs OBJECT IDENTIFIER ::= { 2 16 840 1 101 3 4 3 }
*
* id-rsassa-pkcs1-v1_5-with-sha3-224 ::= { sigAlgs 13 }
* id-rsassa-pkcs1-v1_5-with-sha3-256 ::= { sigAlgs 14 }
* id-rsassa-pkcs1-v1_5-with-sha3-384 ::= { sigAlgs 15 }
* id-rsassa-pkcs1-v1_5-with-sha3-512 ::= { sigAlgs 16 }
*/
#define ENCODE_ALGORITHMIDENTIFIER_SIGALGS(name, n) \
static const unsigned char algorithmidentifier_##name##_der[] = { \
ASN1_SEQUENCE, 0x0c, \
ASN1_OID, 0x0a, 1 * 40 + 2, 16, 134, 72, 1, 101, 3, 4, 3, n \
}
ENCODE_ALGORITHMIDENTIFIER_SIGALGS(sha3_224, 13);
ENCODE_ALGORITHMIDENTIFIER_SIGALGS(sha3_256, 14);
ENCODE_ALGORITHMIDENTIFIER_SIGALGS(sha3_384, 15);
ENCODE_ALGORITHMIDENTIFIER_SIGALGS(sha3_512, 16);

#define MD_CASE(name) \
case NID_##name: \
*len = sizeof(algorithmidentifier_##name##_der); \
return algorithmidentifier_##name##_der

const unsigned char *rsa_algorithmidentifier_encoding(int md_nid, size_t *len)
{
switch (md_nid) {
#ifndef FIPS_MODE
MD_CASE(md2);
MD_CASE(md5);
#endif
MD_CASE(sha1);
MD_CASE(sha224);
MD_CASE(sha256);
MD_CASE(sha384);
MD_CASE(sha512);
MD_CASE(sha3_224);
MD_CASE(sha3_256);
MD_CASE(sha3_384);
MD_CASE(sha3_512);
default:
return NULL;
}
}

0 comments on commit 6f4b766

Please sign in to comment.