VirtualBox

source: vbox/trunk/src/libs/openssl-3.0.7/crypto/cms/cms_rsa.c@ 98024

Last change on this file since 98024 was 94320, checked in by vboxsync, 3 years ago

libs/openssl-3.0.1: Export to OSE and fix copyright headers in Makefiles, bugref:10128
File size: 7.2 KB
Line 
1/*
2 * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10#include <assert.h>
11#include <openssl/cms.h>
12#include <openssl/err.h>
13#include "crypto/asn1.h"
14#include "crypto/rsa.h"
15#include "cms_local.h"
16
17static RSA_OAEP_PARAMS *rsa_oaep_decode(const X509_ALGOR *alg)
18{
19 RSA_OAEP_PARAMS *oaep;
20
21 oaep = ASN1_TYPE_unpack_sequence(ASN1_ITEM_rptr(RSA_OAEP_PARAMS),
22 alg->parameter);
23
24 if (oaep == NULL)
25 return NULL;
26
27 if (oaep->maskGenFunc != NULL) {
28 oaep->maskHash = ossl_x509_algor_mgf1_decode(oaep->maskGenFunc);
29 if (oaep->maskHash == NULL) {
30 RSA_OAEP_PARAMS_free(oaep);
31 return NULL;
32 }
33 }
34 return oaep;
35}
36
37static int rsa_cms_decrypt(CMS_RecipientInfo *ri)
38{
39 EVP_PKEY_CTX *pkctx;
40 X509_ALGOR *cmsalg;
41 int nid;
42 int rv = -1;
43 unsigned char *label = NULL;
44 int labellen = 0;
45 const EVP_MD *mgf1md = NULL, *md = NULL;
46 RSA_OAEP_PARAMS *oaep;
47
48 pkctx = CMS_RecipientInfo_get0_pkey_ctx(ri);
49 if (pkctx == NULL)
50 return 0;
51 if (!CMS_RecipientInfo_ktri_get0_algs(ri, NULL, NULL, &cmsalg))
52 return -1;
53 nid = OBJ_obj2nid(cmsalg->algorithm);
54 if (nid == NID_rsaEncryption)
55 return 1;
56 if (nid != NID_rsaesOaep) {
57 ERR_raise(ERR_LIB_CMS, CMS_R_UNSUPPORTED_ENCRYPTION_TYPE);
58 return -1;
59 }
60 /* Decode OAEP parameters */
61 oaep = rsa_oaep_decode(cmsalg);
62
63 if (oaep == NULL) {
64 ERR_raise(ERR_LIB_CMS, CMS_R_INVALID_OAEP_PARAMETERS);
65 goto err;
66 }
67
68 mgf1md = ossl_x509_algor_get_md(oaep->maskHash);
69 if (mgf1md == NULL)
70 goto err;
71 md = ossl_x509_algor_get_md(oaep->hashFunc);
72 if (md == NULL)
73 goto err;
74
75 if (oaep->pSourceFunc != NULL) {
76 X509_ALGOR *plab = oaep->pSourceFunc;
77
78 if (OBJ_obj2nid(plab->algorithm) != NID_pSpecified) {
79 ERR_raise(ERR_LIB_CMS, CMS_R_UNSUPPORTED_LABEL_SOURCE);
80 goto err;
81 }
82 if (plab->parameter->type != V_ASN1_OCTET_STRING) {
83 ERR_raise(ERR_LIB_CMS, CMS_R_INVALID_LABEL);
84 goto err;
85 }
86
87 label = plab->parameter->value.octet_string->data;
88 /* Stop label being freed when OAEP parameters are freed */
89 plab->parameter->value.octet_string->data = NULL;
90 labellen = plab->parameter->value.octet_string->length;
91 }
92
93 if (EVP_PKEY_CTX_set_rsa_padding(pkctx, RSA_PKCS1_OAEP_PADDING) <= 0)
94 goto err;
95 if (EVP_PKEY_CTX_set_rsa_oaep_md(pkctx, md) <= 0)
96 goto err;
97 if (EVP_PKEY_CTX_set_rsa_mgf1_md(pkctx, mgf1md) <= 0)
98 goto err;
99 if (label != NULL
100 && EVP_PKEY_CTX_set0_rsa_oaep_label(pkctx, label, labellen) <= 0)
101 goto err;
102 /* Carry on */
103 rv = 1;
104
105 err:
106 RSA_OAEP_PARAMS_free(oaep);
107 return rv;
108}
109
110static int rsa_cms_encrypt(CMS_RecipientInfo *ri)
111{
112 const EVP_MD *md, *mgf1md;
113 RSA_OAEP_PARAMS *oaep = NULL;
114 ASN1_STRING *os = NULL;
115 X509_ALGOR *alg;
116 EVP_PKEY_CTX *pkctx = CMS_RecipientInfo_get0_pkey_ctx(ri);
117 int pad_mode = RSA_PKCS1_PADDING, rv = 0, labellen;
118 unsigned char *label;
119
120 if (CMS_RecipientInfo_ktri_get0_algs(ri, NULL, NULL, &alg) <= 0)
121 return 0;
122 if (pkctx != NULL) {
123 if (EVP_PKEY_CTX_get_rsa_padding(pkctx, &pad_mode) <= 0)
124 return 0;
125 }
126 if (pad_mode == RSA_PKCS1_PADDING) {
127 X509_ALGOR_set0(alg, OBJ_nid2obj(NID_rsaEncryption), V_ASN1_NULL, 0);
128 return 1;
129 }
130 /* Not supported */
131 if (pad_mode != RSA_PKCS1_OAEP_PADDING)
132 return 0;
133 if (EVP_PKEY_CTX_get_rsa_oaep_md(pkctx, &md) <= 0)
134 goto err;
135 if (EVP_PKEY_CTX_get_rsa_mgf1_md(pkctx, &mgf1md) <= 0)
136 goto err;
137 labellen = EVP_PKEY_CTX_get0_rsa_oaep_label(pkctx, &label);
138 if (labellen < 0)
139 goto err;
140 oaep = RSA_OAEP_PARAMS_new();
141 if (oaep == NULL)
142 goto err;
143 if (!ossl_x509_algor_new_from_md(&oaep->hashFunc, md))
144 goto err;
145 if (!ossl_x509_algor_md_to_mgf1(&oaep->maskGenFunc, mgf1md))
146 goto err;
147 if (labellen > 0) {
148 ASN1_OCTET_STRING *los;
149
150 oaep->pSourceFunc = X509_ALGOR_new();
151 if (oaep->pSourceFunc == NULL)
152 goto err;
153 los = ASN1_OCTET_STRING_new();
154 if (los == NULL)
155 goto err;
156 if (!ASN1_OCTET_STRING_set(los, label, labellen)) {
157 ASN1_OCTET_STRING_free(los);
158 goto err;
159 }
160 X509_ALGOR_set0(oaep->pSourceFunc, OBJ_nid2obj(NID_pSpecified),
161 V_ASN1_OCTET_STRING, los);
162 }
163 /* create string with pss parameter encoding. */
164 if (!ASN1_item_pack(oaep, ASN1_ITEM_rptr(RSA_OAEP_PARAMS), &os))
165 goto err;
166 X509_ALGOR_set0(alg, OBJ_nid2obj(NID_rsaesOaep), V_ASN1_SEQUENCE, os);
167 os = NULL;
168 rv = 1;
169 err:
170 RSA_OAEP_PARAMS_free(oaep);
171 ASN1_STRING_free(os);
172 return rv;
173}
174
175int ossl_cms_rsa_envelope(CMS_RecipientInfo *ri, int decrypt)
176{
177 assert(decrypt == 0 || decrypt == 1);
178
179 if (decrypt == 1)
180 return rsa_cms_decrypt(ri);
181
182 if (decrypt == 0)
183 return rsa_cms_encrypt(ri);
184
185 ERR_raise(ERR_LIB_CMS, CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
186 return 0;
187}
188
189static int rsa_cms_sign(CMS_SignerInfo *si)
190{
191 int pad_mode = RSA_PKCS1_PADDING;
192 X509_ALGOR *alg;
193 EVP_PKEY_CTX *pkctx = CMS_SignerInfo_get0_pkey_ctx(si);
194 ASN1_STRING *os = NULL;
195
196 CMS_SignerInfo_get0_algs(si, NULL, NULL, NULL, &alg);
197 if (pkctx != NULL) {
198 if (EVP_PKEY_CTX_get_rsa_padding(pkctx, &pad_mode) <= 0)
199 return 0;
200 }
201 if (pad_mode == RSA_PKCS1_PADDING) {
202 X509_ALGOR_set0(alg, OBJ_nid2obj(NID_rsaEncryption), V_ASN1_NULL, 0);
203 return 1;
204 }
205 /* We don't support it */
206 if (pad_mode != RSA_PKCS1_PSS_PADDING)
207 return 0;
208 os = ossl_rsa_ctx_to_pss_string(pkctx);
209 if (os == NULL)
210 return 0;
211 X509_ALGOR_set0(alg, OBJ_nid2obj(EVP_PKEY_RSA_PSS), V_ASN1_SEQUENCE, os);
212 return 1;
213}
214
215static int rsa_cms_verify(CMS_SignerInfo *si)
216{
217 int nid, nid2;
218 X509_ALGOR *alg;
219 EVP_PKEY_CTX *pkctx = CMS_SignerInfo_get0_pkey_ctx(si);
220 EVP_PKEY *pkey = EVP_PKEY_CTX_get0_pkey(pkctx);
221
222 CMS_SignerInfo_get0_algs(si, NULL, NULL, NULL, &alg);
223 nid = OBJ_obj2nid(alg->algorithm);
224 if (nid == EVP_PKEY_RSA_PSS)
225 return ossl_rsa_pss_to_ctx(NULL, pkctx, alg, NULL) > 0;
226 /* Only PSS allowed for PSS keys */
227 if (EVP_PKEY_is_a(pkey, "RSA-PSS")) {
228 ERR_raise(ERR_LIB_RSA, RSA_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE);
229 return 0;
230 }
231 if (nid == NID_rsaEncryption)
232 return 1;
233 /* Workaround for some implementation that use a signature OID */
234 if (OBJ_find_sigid_algs(nid, NULL, &nid2)) {
235 if (nid2 == NID_rsaEncryption)
236 return 1;
237 }
238 return 0;
239}
240
241int ossl_cms_rsa_sign(CMS_SignerInfo *si, int verify)
242{
243 assert(verify == 0 || verify == 1);
244
245 if (verify == 1)
246 return rsa_cms_verify(si);
247
248 if (verify == 0)
249 return rsa_cms_sign(si);
250
251 ERR_raise(ERR_LIB_CMS, CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
252 return 0;
253}
Note: See TracBrowser for help on using the repository browser.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette