kris
/
boringssl
1
0
Bifurcation 0
Code Tickets 0 Demandes d'ajout 0 Versions 0 Wiki Activité
Vous ne pouvez pas sélectionner plus de 25 sujets Les noms de sujets doivent commencer par une lettre ou un nombre, peuvent contenir des tirets ('-') et peuvent comporter jusqu'à 35 caractères.
1624 Révisions
12 Branches
38 MiB
 
 
 
 
 
 
Aborescence: a54cc0c55c
Branches Tags
${ item.name }
Créer la branche ${ searchTerm }
de 'a54cc0c55c'
${ noResults }
boringssl/crypto/rsa/rsa_asn1.c

448 lignes
13 KiB
Brut Annotations Historique 

  1. /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL

  2.  * project 2000.

  3.  */

  4. /* ====================================================================

  5.  * Copyright (c) 2000-2005 The OpenSSL Project.  All rights reserved.

  6.  *

  7.  * Redistribution and use in source and binary forms, with or without

  8.  * modification, are permitted provided that the following conditions

  9.  * are met:

  10.  *

  11.  * 1. Redistributions of source code must retain the above copyright

  12.  *    notice, this list of conditions and the following disclaimer.

  13.  *

  14.  * 2. Redistributions in binary form must reproduce the above copyright

  15.  *    notice, this list of conditions and the following disclaimer in

  16.  *    the documentation and/or other materials provided with the

  17.  *    distribution.

  18.  *

  19.  * 3. All advertising materials mentioning features or use of this

  20.  *    software must display the following acknowledgment:

  21.  *    "This product includes software developed by the OpenSSL Project

  22.  *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

  23.  *

  24.  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

  25.  *    endorse or promote products derived from this software without

  26.  *    prior written permission. For written permission, please contact

  27.  *    licensing@OpenSSL.org.

  28.  *

  29.  * 5. Products derived from this software may not be called "OpenSSL"

  30.  *    nor may "OpenSSL" appear in their names without prior written

  31.  *    permission of the OpenSSL Project.

  32.  *

  33.  * 6. Redistributions of any form whatsoever must retain the following

  34.  *    acknowledgment:

  35.  *    "This product includes software developed by the OpenSSL Project

  36.  *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

  37.  *

  38.  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

  39.  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

  40.  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

  41.  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

  42.  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

  43.  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

  44.  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

  45.  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

  46.  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

  47.  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

  48.  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

  49.  * OF THE POSSIBILITY OF SUCH DAMAGE.

  50.  * ====================================================================

  51.  *

  52.  * This product includes cryptographic software written by Eric Young

  53.  * (eay@cryptsoft.com).  This product includes software written by Tim

  54.  * Hudson (tjh@cryptsoft.com). */

  55. 

  56. #include <openssl/rsa.h>

  57. 

  58. #include <assert.h>

  59. #include <limits.h>

  60. #include <string.h>

  61. 

  62. #include <openssl/asn1.h>

  63. #include <openssl/asn1t.h>

  64. #include <openssl/bn.h>

  65. #include <openssl/bytestring.h>

  66. #include <openssl/err.h>

  67. #include <openssl/mem.h>

  68. 

  69. #include "internal.h"

  70. 

  71. 

  72. static int parse_integer(CBS *cbs, BIGNUM **out) {

  73.   assert(*out == NULL);

  74.   *out = BN_new();

  75.   if (*out == NULL) {

  76.     return 0;

  77.   }

  78.   return BN_cbs2unsigned(cbs, *out);

  79. }

  80. 

  81. static int marshal_integer(CBB *cbb, BIGNUM *bn) {

  82.   if (bn == NULL) {

  83.     /* An RSA object may be missing some components. */

  84.     OPENSSL_PUT_ERROR(RSA, RSA_R_VALUE_MISSING);

  85.     return 0;

  86.   }

  87.   return BN_bn2cbb(cbb, bn);

  88. }

  89. 

  90. RSA *RSA_parse_public_key(CBS *cbs) {

  91.   RSA *ret = RSA_new();

  92.   if (ret == NULL) {

  93.     return NULL;

  94.   }

  95.   CBS child;

  96.   if (!CBS_get_asn1(cbs, &child, CBS_ASN1_SEQUENCE) ||

  97.       !parse_integer(&child, &ret->n) ||

  98.       !parse_integer(&child, &ret->e) ||

  99.       CBS_len(&child) != 0) {

  100.     OPENSSL_PUT_ERROR(RSA, RSA_R_BAD_ENCODING);

  101.     RSA_free(ret);

  102.     return NULL;

  103.   }

  104.   return ret;

  105. }

  106. 

  107. RSA *RSA_public_key_from_bytes(const uint8_t *in, size_t in_len) {

  108.   CBS cbs;

  109.   CBS_init(&cbs, in, in_len);

  110.   RSA *ret = RSA_parse_public_key(&cbs);

  111.   if (ret == NULL || CBS_len(&cbs) != 0) {

  112.     OPENSSL_PUT_ERROR(RSA, RSA_R_BAD_ENCODING);

  113.     RSA_free(ret);

  114.     return NULL;

  115.   }

  116.   return ret;

  117. }

  118. 

  119. int RSA_marshal_public_key(CBB *cbb, const RSA *rsa) {

  120.   CBB child;

  121.   if (!CBB_add_asn1(cbb, &child, CBS_ASN1_SEQUENCE) ||

  122.       !marshal_integer(&child, rsa->n) ||

  123.       !marshal_integer(&child, rsa->e) ||

  124.       !CBB_flush(cbb)) {

  125.     OPENSSL_PUT_ERROR(RSA, RSA_R_ENCODE_ERROR);

  126.     return 0;

  127.   }

  128.   return 1;

  129. }

  130. 

  131. int RSA_public_key_to_bytes(uint8_t **out_bytes, size_t *out_len,

  132.                             const RSA *rsa) {

  133.   CBB cbb;

  134.   CBB_zero(&cbb);

  135.   if (!CBB_init(&cbb, 0) ||

  136.       !RSA_marshal_public_key(&cbb, rsa) ||

  137.       !CBB_finish(&cbb, out_bytes, out_len)) {

  138.     OPENSSL_PUT_ERROR(RSA, RSA_R_ENCODE_ERROR);

  139.     CBB_cleanup(&cbb);

  140.     return 0;

  141.   }

  142.   return 1;

  143. }

  144. 

  145. /* kVersionTwoPrime and kVersionMulti are the supported values of the version

  146.  * field of an RSAPrivateKey structure (RFC 3447). */

  147. static const uint64_t kVersionTwoPrime = 0;

  148. static const uint64_t kVersionMulti = 1;

  149. 

  150. /* rsa_parse_additional_prime parses a DER-encoded OtherPrimeInfo from |cbs| and

  151.  * advances |cbs|. It returns a newly-allocated |RSA_additional_prime| on

  152.  * success or NULL on error. The |r| and |method_mod| fields of the result are

  153.  * set to NULL. */

  154. static RSA_additional_prime *rsa_parse_additional_prime(CBS *cbs) {

  155.   RSA_additional_prime *ret = OPENSSL_malloc(sizeof(RSA_additional_prime));

  156.   if (ret == NULL) {

  157.     OPENSSL_PUT_ERROR(RSA, ERR_R_MALLOC_FAILURE);

  158.     return 0;

  159.   }

  160.   memset(ret, 0, sizeof(RSA_additional_prime));

  161. 

  162.   CBS child;

  163.   if (!CBS_get_asn1(cbs, &child, CBS_ASN1_SEQUENCE) ||

  164.       !parse_integer(&child, &ret->prime) ||

  165.       !parse_integer(&child, &ret->exp) ||

  166.       !parse_integer(&child, &ret->coeff) ||

  167.       CBS_len(&child) != 0) {

  168.     OPENSSL_PUT_ERROR(RSA, RSA_R_BAD_ENCODING);

  169.     RSA_additional_prime_free(ret);

  170.     return NULL;

  171.   }

  172. 

  173.   return ret;

  174. }

  175. 

  176. RSA *RSA_parse_private_key(CBS *cbs) {

  177.   BN_CTX *ctx = NULL;

  178.   BIGNUM *product_of_primes_so_far = NULL;

  179.   RSA *ret = RSA_new();

  180.   if (ret == NULL) {

  181.     return NULL;

  182.   }

  183. 

  184.   CBS child;

  185.   uint64_t version;

  186.   if (!CBS_get_asn1(cbs, &child, CBS_ASN1_SEQUENCE) ||

  187.       !CBS_get_asn1_uint64(&child, &version) ||

  188.       (version != kVersionTwoPrime && version != kVersionMulti) ||

  189.       !parse_integer(&child, &ret->n) ||

  190.       !parse_integer(&child, &ret->e) ||

  191.       !parse_integer(&child, &ret->d) ||

  192.       !parse_integer(&child, &ret->p) ||

  193.       !parse_integer(&child, &ret->q) ||

  194.       !parse_integer(&child, &ret->dmp1) ||

  195.       !parse_integer(&child, &ret->dmq1) ||

  196.       !parse_integer(&child, &ret->iqmp)) {

  197.     OPENSSL_PUT_ERROR(RSA, RSA_R_BAD_VERSION);

  198.     goto err;

  199.   }

  200. 

  201.   /* Multi-prime RSA requires a newer version. */

  202.   if (version == kVersionMulti &&

  203.       CBS_peek_asn1_tag(&child, CBS_ASN1_SEQUENCE)) {

  204.     CBS other_prime_infos;

  205.     if (!CBS_get_asn1(&child, &other_prime_infos, CBS_ASN1_SEQUENCE) ||

  206.         CBS_len(&other_prime_infos) == 0) {

  207.       OPENSSL_PUT_ERROR(RSA, RSA_R_BAD_ENCODING);

  208.       goto err;

  209.     }

  210.     ret->additional_primes = sk_RSA_additional_prime_new_null();

  211.     if (ret->additional_primes == NULL) {

  212.       OPENSSL_PUT_ERROR(RSA, ERR_R_MALLOC_FAILURE);

  213.       goto err;

  214.     }

  215. 

  216.     ctx = BN_CTX_new();

  217.     product_of_primes_so_far = BN_new();

  218.     if (ctx == NULL ||

  219.         product_of_primes_so_far == NULL ||

  220.         !BN_mul(product_of_primes_so_far, ret->p, ret->q, ctx)) {

  221.       goto err;

  222.     }

  223. 

  224.     while (CBS_len(&other_prime_infos) > 0) {

  225.       RSA_additional_prime *ap = rsa_parse_additional_prime(&other_prime_infos);

  226.       if (ap == NULL) {

  227.         goto err;

  228.       }

  229.       if (!sk_RSA_additional_prime_push(ret->additional_primes, ap)) {

  230.         OPENSSL_PUT_ERROR(RSA, ERR_R_MALLOC_FAILURE);

  231.         RSA_additional_prime_free(ap);

  232.         goto err;

  233.       }

  234.       ap->r = BN_dup(product_of_primes_so_far);

  235.       if (ap->r == NULL ||

  236.           !BN_mul(product_of_primes_so_far, product_of_primes_so_far,

  237.                   ap->prime, ctx)) {

  238.         goto err;

  239.       }

  240.     }

  241.   }

  242. 

  243.   if (CBS_len(&child) != 0) {

  244.     OPENSSL_PUT_ERROR(RSA, RSA_R_BAD_ENCODING);

  245.     goto err;

  246.   }

  247. 

  248.   BN_CTX_free(ctx);

  249.   BN_free(product_of_primes_so_far);

  250.   return ret;

  251. 

  252. err:

  253.   BN_CTX_free(ctx);

  254.   BN_free(product_of_primes_so_far);

  255.   RSA_free(ret);

  256.   return NULL;

  257. }

  258. 

  259. RSA *RSA_private_key_from_bytes(const uint8_t *in, size_t in_len) {

  260.   CBS cbs;

  261.   CBS_init(&cbs, in, in_len);

  262.   RSA *ret = RSA_parse_private_key(&cbs);

  263.   if (ret == NULL || CBS_len(&cbs) != 0) {

  264.     OPENSSL_PUT_ERROR(RSA, RSA_R_BAD_ENCODING);

  265.     RSA_free(ret);

  266.     return NULL;

  267.   }

  268.   return ret;

  269. }

  270. 

  271. int RSA_marshal_private_key(CBB *cbb, const RSA *rsa) {

  272.   const int is_multiprime =

  273.       sk_RSA_additional_prime_num(rsa->additional_primes) > 0;

  274. 

  275.   CBB child;

  276.   if (!CBB_add_asn1(cbb, &child, CBS_ASN1_SEQUENCE) ||

  277.       !CBB_add_asn1_uint64(&child,

  278.                            is_multiprime ? kVersionMulti : kVersionTwoPrime) ||

  279.       !marshal_integer(&child, rsa->n) ||

  280.       !marshal_integer(&child, rsa->e) ||

  281.       !marshal_integer(&child, rsa->d) ||

  282.       !marshal_integer(&child, rsa->p) ||

  283.       !marshal_integer(&child, rsa->q) ||

  284.       !marshal_integer(&child, rsa->dmp1) ||

  285.       !marshal_integer(&child, rsa->dmq1) ||

  286.       !marshal_integer(&child, rsa->iqmp)) {

  287.     OPENSSL_PUT_ERROR(RSA, RSA_R_ENCODE_ERROR);

  288.     return 0;

  289.   }

  290. 

  291.   if (is_multiprime) {

  292.     CBB other_prime_infos;

  293.     if (!CBB_add_asn1(&child, &other_prime_infos, CBS_ASN1_SEQUENCE)) {

  294.       OPENSSL_PUT_ERROR(RSA, RSA_R_ENCODE_ERROR);

  295.       return 0;

  296.     }

  297.     size_t i;

  298.     for (i = 0; i < sk_RSA_additional_prime_num(rsa->additional_primes); i++) {

  299.       RSA_additional_prime *ap =

  300.               sk_RSA_additional_prime_value(rsa->additional_primes, i);

  301.       CBB other_prime_info;

  302.       if (!CBB_add_asn1(&other_prime_infos, &other_prime_info,

  303.                         CBS_ASN1_SEQUENCE) ||

  304.           !marshal_integer(&other_prime_info, ap->prime) ||

  305.           !marshal_integer(&other_prime_info, ap->exp) ||

  306.           !marshal_integer(&other_prime_info, ap->coeff)) {

  307.         OPENSSL_PUT_ERROR(RSA, RSA_R_ENCODE_ERROR);

  308.         return 0;

  309.       }

  310.     }

  311.   }

  312. 

  313.   if (!CBB_flush(cbb)) {

  314.     OPENSSL_PUT_ERROR(RSA, RSA_R_ENCODE_ERROR);

  315.     return 0;

  316.   }

  317.   return 1;

  318. }

  319. 

  320. int RSA_private_key_to_bytes(uint8_t **out_bytes, size_t *out_len,

  321.                              const RSA *rsa) {

  322.   CBB cbb;

  323.   CBB_zero(&cbb);

  324.   if (!CBB_init(&cbb, 0) ||

  325.       !RSA_marshal_private_key(&cbb, rsa) ||

  326.       !CBB_finish(&cbb, out_bytes, out_len)) {

  327.     OPENSSL_PUT_ERROR(RSA, RSA_R_ENCODE_ERROR);

  328.     CBB_cleanup(&cbb);

  329.     return 0;

  330.   }

  331.   return 1;

  332. }

  333. 

  334. RSA *d2i_RSAPublicKey(RSA **out, const uint8_t **inp, long len) {

  335.   if (len < 0) {

  336.     return NULL;

  337.   }

  338.   CBS cbs;

  339.   CBS_init(&cbs, *inp, (size_t)len);

  340.   RSA *ret = RSA_parse_public_key(&cbs);

  341.   if (ret == NULL) {

  342.     return NULL;

  343.   }

  344.   if (out != NULL) {

  345.     RSA_free(*out);

  346.     *out = ret;

  347.   }

  348.   *inp += (size_t)len - CBS_len(&cbs);

  349.   return ret;

  350. }

  351. 

  352. int i2d_RSAPublicKey(const RSA *in, uint8_t **outp) {

  353.   uint8_t *der;

  354.   size_t der_len;

  355.   if (!RSA_public_key_to_bytes(&der, &der_len, in)) {

  356.     return -1;

  357.   }

  358.   if (der_len > INT_MAX) {

  359.     OPENSSL_PUT_ERROR(RSA, ERR_R_OVERFLOW);

  360.     OPENSSL_free(der);

  361.     return -1;

  362.   }

  363.   if (outp != NULL) {

  364.     if (*outp == NULL) {

  365.       *outp = der;

  366.       der = NULL;

  367.     } else {

  368.       memcpy(*outp, der, der_len);

  369.       *outp += der_len;

  370.     }

  371.   }

  372.   OPENSSL_free(der);

  373.   return (int)der_len;

  374. }

  375. 

  376. RSA *d2i_RSAPrivateKey(RSA **out, const uint8_t **inp, long len) {

  377.   if (len < 0) {

  378.     return NULL;

  379.   }

  380.   CBS cbs;

  381.   CBS_init(&cbs, *inp, (size_t)len);

  382.   RSA *ret = RSA_parse_private_key(&cbs);

  383.   if (ret == NULL) {

  384.     return NULL;

  385.   }

  386.   if (out != NULL) {

  387.     RSA_free(*out);

  388.     *out = ret;

  389.   }

  390.   *inp += (size_t)len - CBS_len(&cbs);

  391.   return ret;

  392. }

  393. 

  394. int i2d_RSAPrivateKey(const RSA *in, uint8_t **outp) {

  395.   uint8_t *der;

  396.   size_t der_len;

  397.   if (!RSA_private_key_to_bytes(&der, &der_len, in)) {

  398.     return -1;

  399.   }

  400.   if (der_len > INT_MAX) {

  401.     OPENSSL_PUT_ERROR(RSA, ERR_R_OVERFLOW);

  402.     OPENSSL_free(der);

  403.     return -1;

  404.   }

  405.   if (outp != NULL) {

  406.     if (*outp == NULL) {

  407.       *outp = der;

  408.       der = NULL;

  409.     } else {

  410.       memcpy(*outp, der, der_len);

  411.       *outp += der_len;

  412.     }

  413.   }

  414.   OPENSSL_free(der);

  415.   return (int)der_len;

  416. }

  417. 

  418. ASN1_SEQUENCE(RSA_PSS_PARAMS) = {

  419.   ASN1_EXP_OPT(RSA_PSS_PARAMS, hashAlgorithm, X509_ALGOR,0),

  420.   ASN1_EXP_OPT(RSA_PSS_PARAMS, maskGenAlgorithm, X509_ALGOR,1),

  421.   ASN1_EXP_OPT(RSA_PSS_PARAMS, saltLength, ASN1_INTEGER,2),

  422.   ASN1_EXP_OPT(RSA_PSS_PARAMS, trailerField, ASN1_INTEGER,3),

  423. } ASN1_SEQUENCE_END(RSA_PSS_PARAMS);

  424. 

  425. IMPLEMENT_ASN1_FUNCTIONS(RSA_PSS_PARAMS);

  426. 

  427. RSA *RSAPublicKey_dup(const RSA *rsa) {

  428.   uint8_t *der;

  429.   size_t der_len;

  430.   if (!RSA_public_key_to_bytes(&der, &der_len, rsa)) {

  431.     return NULL;

  432.   }

  433.   RSA *ret = RSA_public_key_from_bytes(der, der_len);

  434.   OPENSSL_free(der);

  435.   return ret;

  436. }

  437. 

  438. RSA *RSAPrivateKey_dup(const RSA *rsa) {

  439.   uint8_t *der;

  440.   size_t der_len;

  441.   if (!RSA_private_key_to_bytes(&der, &der_len, rsa)) {

  442.     return NULL;

  443.   }

  444.   RSA *ret = RSA_private_key_from_bytes(der, der_len);

  445.   OPENSSL_free(der);

  446.   return ret;

  447. }