From: Richard Levitte Date: Tue, 19 May 2020 08:43:49 +0000 (+0200) Subject: Refactor the provider side DER constants and writers X-Git-Tag: openssl-3.0.0-alpha3~66 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=a30027b680c4ccf69f0600b3a5406821b2d7fe0b;p=oweals%2Fopenssl.git Refactor the provider side DER constants and writers This splits up all the providers/common/der/*.c.in so the generated portion is on its own and all related DER writing routines are in their own files. This also ensures that the DIGEST consstants aren't reproduced in several files (resulting in symbol clashes). Finally, the production of OID macros is moved to the generated header files, allowing other similar macros, or DER constant arrays, to be built on top of them. Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/11868) --- diff --git a/providers/common/der/DIGESTS.asn1 b/providers/common/der/DIGESTS.asn1 index afed372186..bd955df8f2 100644 --- a/providers/common/der/DIGESTS.asn1 +++ b/providers/common/der/DIGESTS.asn1 @@ -1,5 +1,22 @@ -- ------------------------------------------------------------------- --- Taken from https://csrc.nist.gov/projects/computer-security-objects-register/algorithm-registration +-- From https://tools.ietf.org/html/rfc4055#section-2.1 + +id-sha1 OBJECT IDENTIFIER ::= { iso(1) + identified-organization(3) oiw(14) + secsig(3) algorithms(2) 26 } + +-- ------------------------------------------------------------------- +-- From https://tools.ietf.org/html/rfc5480#appendix-A +-- (OIDs for MD2 and MD5 are allowed only in EMSA-PKCS1-v1_5) + +id-md2 OBJECT IDENTIFIER ::= { + iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 2 } + +id-md5 OBJECT IDENTIFIER ::= { + iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 5 } + +-- ------------------------------------------------------------------- +-- From https://csrc.nist.gov/projects/computer-security-objects-register/algorithm-registration id-sha256 OBJECT IDENTIFIER ::= { hashAlgs 1 } id-sha384 OBJECT IDENTIFIER ::= { hashAlgs 2 } diff --git a/providers/common/der/RSA.asn1 b/providers/common/der/RSA.asn1 index d0c54d71ef..6ba99daa7c 100644 --- a/providers/common/der/RSA.asn1 +++ b/providers/common/der/RSA.asn1 @@ -52,25 +52,6 @@ sha512WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 13 } sha512-224WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 15 } sha512-256WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 16 } --- --- This OID really belongs in a module with the secsig OIDs. --- -id-sha1 OBJECT IDENTIFIER ::= { - iso(1) identified-organization(3) oiw(14) secsig(3) algorithms(2) - 26 -} - --- --- OIDs for MD2 and MD5, allowed only in EMSA-PKCS1-v1_5. --- -id-md2 OBJECT IDENTIFIER ::= { - iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 2 -} - -id-md5 OBJECT IDENTIFIER ::= { - iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 5 -} - -- -- When id-mgf1 is used in an AlgorithmIdentifier, the parameters -- MUST be present and MUST be a HashAlgorithm, for example, sha1. diff --git a/providers/common/der/build.info b/providers/common/der/build.info index 837fe73fed..43fe9038fe 100644 --- a/providers/common/der/build.info +++ b/providers/common/der/build.info @@ -1,32 +1,36 @@ -$FIPSABLE=der_rsa.c der_dsa.c der_ec.c der_digests.c +$FIPSABLE=\ + der_rsa_gen.c der_rsa_key.c der_rsa_sig.c \ + der_dsa_gen.c der_dsa_key.c der_dsa_sig.c \ + der_ec_gen.c der_ec_key.c der_ec_sig.c \ + der_digests_gen.c SOURCE[../../libfips.a]=$FIPSABLE SOURCE[../../libnonfips.a]=$FIPSABLE -GENERATE[der_rsa.c]=der_rsa.c.in -DEPEND[der_rsa.c]=oids_to_c.pm +GENERATE[der_rsa_gen.c]=der_rsa_gen.c.in +DEPEND[der_rsa_gen.c]=oids_to_c.pm -DEPEND[der_rsa.o]=../include/prov/der_rsa.h ../include/prov/der_digests.h +DEPEND[der_rsa_gen.o]=../include/prov/der_rsa.h ../include/prov/der_digests.h GENERATE[../include/prov/der_rsa.h]=der_rsa.h.in DEPEND[../include/prov/der_rsa.h]=oids_to_c.pm -GENERATE[der_dsa.c]=der_dsa.c.in -DEPEND[der_dsa.c]=oids_to_c.pm +GENERATE[der_dsa_gen.c]=der_dsa_gen.c.in +DEPEND[der_dsa_gen.c]=oids_to_c.pm -DEPEND[der_dsa.o]=../include/prov/der_dsa.h +DEPEND[der_dsa_gen.o]=../include/prov/der_dsa.h GENERATE[../include/prov/der_dsa.h]=der_dsa.h.in DEPEND[../include/prov/der_dsa.h]=oids_to_c.pm -GENERATE[der_ec.c]=der_ec.c.in -DEPEND[der_ec.c]=oids_to_c.pm +GENERATE[der_ec_gen.c]=der_ec_gen.c.in +DEPEND[der_ec_gen.c]=oids_to_c.pm -DEPEND[der_ec.o]=../include/prov/der_ec.h +DEPEND[der_ec_gen.o]=../include/prov/der_ec.h GENERATE[../include/prov/der_ec.h]=der_ec.h.in DEPEND[../include/prov/der_ec.h]=oids_to_c.pm -GENERATE[der_digests.c]=der_digests.c.in -DEPEND[der_digests.c]=oids_to_c.pm +GENERATE[der_digests_gen.c]=der_digests_gen.c.in +DEPEND[der_digests_gen.c]=oids_to_c.pm -DEPEND[der_digests.o]=../include/prov/der_digests.h +DEPEND[der_digests_gen.o]=../include/prov/der_digests.h GENERATE[../include/prov/der_digests.h]=der_digests.h.in DEPEND[../include/prov/der_digests.h]=oids_to_c.pm diff --git a/providers/common/der/der_digests.c.in b/providers/common/der/der_digests.c.in deleted file mode 100644 index 433c107420..0000000000 --- a/providers/common/der/der_digests.c.in +++ /dev/null @@ -1,18 +0,0 @@ -/* - * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include "prov/der_digests.h" - -/* Well known OIDs precompiled */ -{- - $OUT = oids_to_c::process_leaves('providers/common/der/NIST.asn1', - 'providers/common/der/DIGESTS.asn1', - { dir => $config{sourcedir}, - filter => \&oids_to_c::filter_to_C }); --} diff --git a/providers/common/der/der_digests_gen.c.in b/providers/common/der/der_digests_gen.c.in new file mode 100644 index 0000000000..433c107420 --- /dev/null +++ b/providers/common/der/der_digests_gen.c.in @@ -0,0 +1,18 @@ +/* + * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include "prov/der_digests.h" + +/* Well known OIDs precompiled */ +{- + $OUT = oids_to_c::process_leaves('providers/common/der/NIST.asn1', + 'providers/common/der/DIGESTS.asn1', + { dir => $config{sourcedir}, + filter => \&oids_to_c::filter_to_C }); +-} diff --git a/providers/common/der/der_dsa.c.in b/providers/common/der/der_dsa.c.in deleted file mode 100644 index 28c0ba8c6c..0000000000 --- a/providers/common/der/der_dsa.c.in +++ /dev/null @@ -1,59 +0,0 @@ -/* - * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include "prov/der_dsa.h" - -/* Well known OIDs precompiled */ -{- - $OUT = oids_to_c::process_leaves('providers/common/der/DSA.asn1', - { dir => $config{sourcedir}, - filter => \&oids_to_c::filter_to_C }); --} - -int DER_w_algorithmIdentifier_DSA(WPACKET *pkt, int tag, DSA *dsa) -{ - return DER_w_begin_sequence(pkt, tag) - /* No parameters (yet?) */ - && DER_w_precompiled(pkt, -1, der_oid_id_dsa, sizeof(der_oid_id_dsa)) - && DER_w_end_sequence(pkt, tag); -} - -#define MD_CASE(name) \ - case NID_##name: \ - precompiled = der_oid_id_dsa_with_##name; \ - precompiled_sz = sizeof(der_oid_id_dsa_with_##name); \ - break; - -int DER_w_algorithmIdentifier_DSA_with(WPACKET *pkt, int tag, - DSA *dsa, int mdnid) -{ - const unsigned char *precompiled = NULL; - size_t precompiled_sz = 0; - - switch (mdnid) { - MD_CASE(sha1); - MD_CASE(sha224); - MD_CASE(sha256); - MD_CASE(sha384); - MD_CASE(sha512); - MD_CASE(sha3_224); - MD_CASE(sha3_256); - MD_CASE(sha3_384); - MD_CASE(sha3_512); - default: - return 0; - } - - return DER_w_begin_sequence(pkt, tag) - /* No parameters (yet?) */ - && DER_w_precompiled(pkt, -1, precompiled, precompiled_sz) - && DER_w_end_sequence(pkt, tag); -} diff --git a/providers/common/der/der_dsa.h.in b/providers/common/der/der_dsa.h.in index d9e7bf205a..e9a8718fc6 100644 --- a/providers/common/der/der_dsa.h.in +++ b/providers/common/der/der_dsa.h.in @@ -16,6 +16,8 @@ filter => \&oids_to_c::filter_to_H }); -} +/* Subject Public Key Info */ int DER_w_algorithmIdentifier_DSA(WPACKET *pkt, int tag, DSA *dsa); -int DER_w_algorithmIdentifier_DSA_with(WPACKET *pkt, int tag, - DSA *dsa, int mdnid); +/* Signature */ +int DER_w_algorithmIdentifier_DSA_with_MD(WPACKET *pkt, int tag, + DSA *dsa, int mdnid); diff --git a/providers/common/der/der_dsa_gen.c.in b/providers/common/der/der_dsa_gen.c.in new file mode 100644 index 0000000000..95f1f5cdd1 --- /dev/null +++ b/providers/common/der/der_dsa_gen.c.in @@ -0,0 +1,17 @@ +/* + * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include "prov/der_dsa.h" + +/* Well known OIDs precompiled */ +{- + $OUT = oids_to_c::process_leaves('providers/common/der/DSA.asn1', + { dir => $config{sourcedir}, + filter => \&oids_to_c::filter_to_C }); +-} diff --git a/providers/common/der/der_dsa_key.c b/providers/common/der/der_dsa_key.c new file mode 100644 index 0000000000..6118b275fb --- /dev/null +++ b/providers/common/der/der_dsa_key.c @@ -0,0 +1,20 @@ +/* + * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include "internal/packet.h" +#include "prov/der_dsa.h" + +int DER_w_algorithmIdentifier_DSA(WPACKET *pkt, int tag, DSA *dsa) +{ + return DER_w_begin_sequence(pkt, tag) + /* No parameters (yet?) */ + && DER_w_precompiled(pkt, -1, der_oid_id_dsa, sizeof(der_oid_id_dsa)) + && DER_w_end_sequence(pkt, tag); +} diff --git a/providers/common/der/der_dsa_sig.c b/providers/common/der/der_dsa_sig.c new file mode 100644 index 0000000000..c96a617dad --- /dev/null +++ b/providers/common/der/der_dsa_sig.c @@ -0,0 +1,44 @@ +/* + * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include "internal/packet.h" +#include "prov/der_dsa.h" + +#define MD_CASE(name) \ + case NID_##name: \ + precompiled = der_oid_id_dsa_with_##name; \ + precompiled_sz = sizeof(der_oid_id_dsa_with_##name); \ + break; + +int DER_w_algorithmIdentifier_DSA_with_MD(WPACKET *pkt, int tag, + DSA *dsa, int mdnid) +{ + const unsigned char *precompiled = NULL; + size_t precompiled_sz = 0; + + switch (mdnid) { + MD_CASE(sha1); + MD_CASE(sha224); + MD_CASE(sha256); + MD_CASE(sha384); + MD_CASE(sha512); + MD_CASE(sha3_224); + MD_CASE(sha3_256); + MD_CASE(sha3_384); + MD_CASE(sha3_512); + default: + return 0; + } + + return DER_w_begin_sequence(pkt, tag) + /* No parameters (yet?) */ + && DER_w_precompiled(pkt, -1, precompiled, precompiled_sz) + && DER_w_end_sequence(pkt, tag); +} diff --git a/providers/common/der/der_ec.c.in b/providers/common/der/der_ec.c.in deleted file mode 100644 index a617651e4e..0000000000 --- a/providers/common/der/der_ec.c.in +++ /dev/null @@ -1,67 +0,0 @@ -/* - * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include "prov/der_ec.h" - -/* Well known OIDs precompiled */ -{- - $OUT = oids_to_c::process_leaves('providers/common/der/EC.asn1', - { dir => $config{sourcedir}, - filter => \&oids_to_c::filter_to_C }); --} - -int DER_w_algorithmIdentifier_EC(WPACKET *pkt, int cont, EC_KEY *ec) -{ - return DER_w_begin_sequence(pkt, cont) - /* No parameters (yet?) */ - && DER_w_precompiled(pkt, -1, der_oid_id_ecPublicKey, - sizeof(der_oid_id_ecPublicKey)) - && DER_w_end_sequence(pkt, cont); -} - -/* Aliases so we can have a uniform MD_CASE */ -#define der_oid_id_ecdsa_with_sha1 der_oid_ecdsa_with_SHA1 -#define der_oid_id_ecdsa_with_sha224 der_oid_ecdsa_with_SHA224 -#define der_oid_id_ecdsa_with_sha256 der_oid_ecdsa_with_SHA256 -#define der_oid_id_ecdsa_with_sha384 der_oid_ecdsa_with_SHA384 -#define der_oid_id_ecdsa_with_sha512 der_oid_ecdsa_with_SHA512 - -#define MD_CASE(name) \ - case NID_##name: \ - precompiled = der_oid_id_ecdsa_with_##name; \ - precompiled_sz = sizeof(der_oid_id_ecdsa_with_##name); \ - break; - -int DER_w_algorithmIdentifier_ECDSA_with(WPACKET *pkt, int cont, - EC_KEY *ec, int mdnid) -{ - const unsigned char *precompiled = NULL; - size_t precompiled_sz = 0; - - switch (mdnid) { - MD_CASE(sha1); - MD_CASE(sha224); - MD_CASE(sha256); - MD_CASE(sha384); - MD_CASE(sha512); - MD_CASE(sha3_224); - MD_CASE(sha3_256); - MD_CASE(sha3_384); - MD_CASE(sha3_512); - default: - return 0; - } - - return DER_w_begin_sequence(pkt, cont) - /* No parameters (yet?) */ - && DER_w_precompiled(pkt, -1, precompiled, precompiled_sz) - && DER_w_end_sequence(pkt, cont); -} diff --git a/providers/common/der/der_ec.h.in b/providers/common/der/der_ec.h.in index 24f153cd8f..86a754e4ff 100644 --- a/providers/common/der/der_ec.h.in +++ b/providers/common/der/der_ec.h.in @@ -16,6 +16,8 @@ filter => \&oids_to_c::filter_to_H }); -} +/* Subject Public Key Info */ int DER_w_algorithmIdentifier_EC(WPACKET *pkt, int cont, EC_KEY *ec); -int DER_w_algorithmIdentifier_ECDSA_with(WPACKET *pkt, int cont, - EC_KEY *ec, int mdnid); +/* Signature */ +int DER_w_algorithmIdentifier_ECDSA_with_MD(WPACKET *pkt, int cont, + EC_KEY *ec, int mdnid); diff --git a/providers/common/der/der_ec_gen.c.in b/providers/common/der/der_ec_gen.c.in new file mode 100644 index 0000000000..40acf9a31c --- /dev/null +++ b/providers/common/der/der_ec_gen.c.in @@ -0,0 +1,17 @@ +/* + * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include "prov/der_ec.h" + +/* Well known OIDs precompiled */ +{- + $OUT = oids_to_c::process_leaves('providers/common/der/EC.asn1', + { dir => $config{sourcedir}, + filter => \&oids_to_c::filter_to_C }); +-} diff --git a/providers/common/der/der_ec_key.c b/providers/common/der/der_ec_key.c new file mode 100644 index 0000000000..058596a96e --- /dev/null +++ b/providers/common/der/der_ec_key.c @@ -0,0 +1,21 @@ +/* + * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include "internal/packet.h" +#include "prov/der_ec.h" + +int DER_w_algorithmIdentifier_EC(WPACKET *pkt, int cont, EC_KEY *ec) +{ + return DER_w_begin_sequence(pkt, cont) + /* No parameters (yet?) */ + && DER_w_precompiled(pkt, -1, der_oid_id_ecPublicKey, + sizeof(der_oid_id_ecPublicKey)) + && DER_w_end_sequence(pkt, cont); +} diff --git a/providers/common/der/der_ec_sig.c b/providers/common/der/der_ec_sig.c new file mode 100644 index 0000000000..687ec49c1f --- /dev/null +++ b/providers/common/der/der_ec_sig.c @@ -0,0 +1,51 @@ +/* + * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include "internal/packet.h" +#include "prov/der_ec.h" + +/* Aliases so we can have a uniform MD_CASE */ +#define der_oid_id_ecdsa_with_sha1 der_oid_ecdsa_with_SHA1 +#define der_oid_id_ecdsa_with_sha224 der_oid_ecdsa_with_SHA224 +#define der_oid_id_ecdsa_with_sha256 der_oid_ecdsa_with_SHA256 +#define der_oid_id_ecdsa_with_sha384 der_oid_ecdsa_with_SHA384 +#define der_oid_id_ecdsa_with_sha512 der_oid_ecdsa_with_SHA512 + +#define MD_CASE(name) \ + case NID_##name: \ + precompiled = der_oid_id_ecdsa_with_##name; \ + precompiled_sz = sizeof(der_oid_id_ecdsa_with_##name); \ + break; + +int DER_w_algorithmIdentifier_ECDSA_with_MD(WPACKET *pkt, int cont, + EC_KEY *ec, int mdnid) +{ + const unsigned char *precompiled = NULL; + size_t precompiled_sz = 0; + + switch (mdnid) { + MD_CASE(sha1); + MD_CASE(sha224); + MD_CASE(sha256); + MD_CASE(sha384); + MD_CASE(sha512); + MD_CASE(sha3_224); + MD_CASE(sha3_256); + MD_CASE(sha3_384); + MD_CASE(sha3_512); + default: + return 0; + } + + return DER_w_begin_sequence(pkt, cont) + /* No parameters (yet?) */ + && DER_w_precompiled(pkt, -1, precompiled, precompiled_sz) + && DER_w_end_sequence(pkt, cont); +} diff --git a/providers/common/der/der_rsa.c.in b/providers/common/der/der_rsa.c.in deleted file mode 100644 index 30e945cf58..0000000000 --- a/providers/common/der/der_rsa.c.in +++ /dev/null @@ -1,435 +0,0 @@ -/* - * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include "internal/cryptlib.h" -#include "prov/der_rsa.h" -#include "prov/der_digests.h" - -/* Well known OIDs precompiled */ -{- - $OUT = oids_to_c::process_leaves('providers/common/der/NIST.asn1', - 'providers/common/der/DIGESTS.asn1', - 'providers/common/der/RSA.asn1', - { dir => $config{sourcedir}, - filter => \&oids_to_c::filter_to_C }); --} - -/* More complex pre-compiled sequences. TODO(3.0) refactor? */ -/*- - * From https://tools.ietf.org/html/rfc8017#appendix-A.2.1 - * - * OAEP-PSSDigestAlgorithms ALGORITHM-IDENTIFIER ::= { - * { OID id-sha1 PARAMETERS NULL }| - * { OID id-sha224 PARAMETERS NULL }| - * { OID id-sha256 PARAMETERS NULL }| - * { OID id-sha384 PARAMETERS NULL }| - * { OID id-sha512 PARAMETERS NULL }| - * { OID id-sha512-224 PARAMETERS NULL }| - * { OID id-sha512-256 PARAMETERS NULL }, - * ... -- Allows for future expansion -- - * } - */ -#define DER_V_NULL DER_P_NULL, 0 -#define DER_SZ_NULL 2 - -/* - * The names for the hash function AlgorithmIdentifiers are borrowed and - * expanded from https://tools.ietf.org/html/rfc4055#section-2.1 - * - * sha1Identifier AlgorithmIdentifier ::= { id-sha1, NULL } - * sha224Identifier AlgorithmIdentifier ::= { id-sha224, NULL } - * sha256Identifier AlgorithmIdentifier ::= { id-sha256, NULL } - * sha384Identifier AlgorithmIdentifier ::= { id-sha384, NULL } - * sha512Identifier AlgorithmIdentifier ::= { id-sha512, NULL } - */ -/* - * NOTE: Some of the arrays aren't used other than inside sizeof(), which - * clang complains about (-Wno-unneeded-internal-declaration). To get - * around that, we make them non-static, and declare them an extra time to - * avoid compilers complaining about definitions without declarations. - */ -#if 0 /* Currently unused */ -#define DER_AID_V_sha1Identifier \ - DER_P_SEQUENCE|DER_F_CONSTRUCTED, \ - DER_OID_SZ_id_sha1 + DER_SZ_NULL, \ - DER_OID_V_id_sha1, \ - DER_V_NULL -extern const unsigned char der_aid_sha1Identifier[]; -const unsigned char der_aid_sha1Identifier[] = { - DER_AID_V_sha1Identifier -}; -#define DER_AID_SZ_sha1Identifier sizeof(der_aid_sha1Identifier) -#endif - -#define DER_AID_V_sha224Identifier \ - DER_P_SEQUENCE|DER_F_CONSTRUCTED, \ - DER_OID_SZ_id_sha224 + DER_SZ_NULL, \ - DER_OID_V_id_sha224, \ - DER_V_NULL -extern const unsigned char der_aid_sha224Identifier[]; -const unsigned char der_aid_sha224Identifier[] = { - DER_AID_V_sha224Identifier -}; -#define DER_AID_SZ_sha224Identifier sizeof(der_aid_sha224Identifier) - -#define DER_AID_V_sha256Identifier \ - DER_P_SEQUENCE|DER_F_CONSTRUCTED, \ - DER_OID_SZ_id_sha256 + DER_SZ_NULL, \ - DER_OID_V_id_sha256, \ - DER_V_NULL -extern const unsigned char der_aid_sha256Identifier[]; -const unsigned char der_aid_sha256Identifier[] = { - DER_AID_V_sha256Identifier -}; -#define DER_AID_SZ_sha256Identifier sizeof(der_aid_sha256Identifier) - -#define DER_AID_V_sha384Identifier \ - DER_P_SEQUENCE|DER_F_CONSTRUCTED, \ - DER_OID_SZ_id_sha384 + DER_SZ_NULL, \ - DER_OID_V_id_sha384, \ - DER_V_NULL -extern const unsigned char der_aid_sha384Identifier[]; -const unsigned char der_aid_sha384Identifier[] = { - DER_AID_V_sha384Identifier -}; -#define DER_AID_SZ_sha384Identifier sizeof(der_aid_sha384Identifier) - -#define DER_AID_V_sha512Identifier \ - DER_P_SEQUENCE|DER_F_CONSTRUCTED, \ - DER_OID_SZ_id_sha512 + DER_SZ_NULL, \ - DER_OID_V_id_sha512, \ - DER_V_NULL -extern const unsigned char der_aid_sha512Identifier[]; -const unsigned char der_aid_sha512Identifier[] = { - DER_AID_V_sha512Identifier -}; -#define DER_AID_SZ_sha512Identifier sizeof(der_aid_sha512Identifier) - -#define DER_AID_V_sha512_224Identifier \ - DER_P_SEQUENCE|DER_F_CONSTRUCTED, \ - DER_OID_SZ_id_sha512_224 + DER_SZ_NULL, \ - DER_OID_V_id_sha512_224, \ - DER_V_NULL -extern const unsigned char der_aid_sha512_224Identifier[]; -const unsigned char der_aid_sha512_224Identifier[] = { - DER_AID_V_sha512_224Identifier -}; -#define DER_AID_SZ_sha512_224Identifier sizeof(der_aid_sha512_224Identifier) - -#define DER_AID_V_sha512_256Identifier \ - DER_P_SEQUENCE|DER_F_CONSTRUCTED, \ - DER_OID_SZ_id_sha512_256 + DER_SZ_NULL, \ - DER_OID_V_id_sha512_256, \ - DER_V_NULL -extern const unsigned char der_aid_sha512_256Identifier[]; -const unsigned char der_aid_sha512_256Identifier[] = { - DER_AID_V_sha512_256Identifier -}; -#define DER_AID_SZ_sha512_256Identifier sizeof(der_aid_sha512_256Identifier) - -/*- - * From https://tools.ietf.org/html/rfc8017#appendix-A.2.1 - * - * HashAlgorithm ::= AlgorithmIdentifier { - * {OAEP-PSSDigestAlgorithms} - * } - * - * ... - * - * PKCS1MGFAlgorithms ALGORITHM-IDENTIFIER ::= { - * { OID id-mgf1 PARAMETERS HashAlgorithm }, - * ... -- Allows for future expansion -- - * } - */ - -/* - * The names for the MGF1 AlgorithmIdentifiers are borrowed and expanded - * from https://tools.ietf.org/html/rfc4055#section-2.1 - * - * mgf1SHA1Identifier AlgorithmIdentifier ::= - * { id-mgf1, sha1Identifier } - * mgf1SHA224Identifier AlgorithmIdentifier ::= - * { id-mgf1, sha224Identifier } - * mgf1SHA256Identifier AlgorithmIdentifier ::= - * { id-mgf1, sha256Identifier } - * mgf1SHA384Identifier AlgorithmIdentifier ::= - * { id-mgf1, sha384Identifier } - * mgf1SHA512Identifier AlgorithmIdentifier ::= - * { id-mgf1, sha512Identifier } - */ -#if 0 /* Currently unused */ -#define DER_AID_V_mgf1SHA1Identifier \ - DER_P_SEQUENCE|DER_F_CONSTRUCTED, \ - DER_OID_SZ_id_mgf1 + DER_AID_SZ_sha1Identifier, \ - DER_OID_V_id_mgf1, \ - DER_AID_V_sha1Identifier -static const unsigned char der_aid_mgf1SHA1Identifier[] = { - DER_AID_V_mgf1SHA1Identifier -}; -#define DER_AID_SZ_mgf1SHA1Identifier sizeof(der_aid_mgf1SHA1Identifier) -#endif - -#define DER_AID_V_mgf1SHA224Identifier \ - DER_P_SEQUENCE|DER_F_CONSTRUCTED, \ - DER_OID_SZ_id_mgf1 + DER_AID_SZ_sha224Identifier, \ - DER_OID_V_id_mgf1, \ - DER_AID_V_sha224Identifier -static const unsigned char der_aid_mgf1SHA224Identifier[] = { - DER_AID_V_mgf1SHA224Identifier -}; -#define DER_AID_SZ_mgf1SHA224Identifier sizeof(der_aid_mgf1SHA224Identifier) - -#define DER_AID_V_mgf1SHA256Identifier \ - DER_P_SEQUENCE|DER_F_CONSTRUCTED, \ - DER_OID_SZ_id_mgf1 + DER_AID_SZ_sha256Identifier, \ - DER_OID_V_id_mgf1, \ - DER_AID_V_sha256Identifier -static const unsigned char der_aid_mgf1SHA256Identifier[] = { - DER_AID_V_mgf1SHA256Identifier -}; -#define DER_AID_SZ_mgf1SHA256Identifier sizeof(der_aid_mgf1SHA256Identifier) - -#define DER_AID_V_mgf1SHA384Identifier \ - DER_P_SEQUENCE|DER_F_CONSTRUCTED, \ - DER_OID_SZ_id_mgf1 + DER_AID_SZ_sha384Identifier, \ - DER_OID_V_id_mgf1, \ - DER_AID_V_sha384Identifier -static const unsigned char der_aid_mgf1SHA384Identifier[] = { - DER_AID_V_mgf1SHA384Identifier -}; -#define DER_AID_SZ_mgf1SHA384Identifier sizeof(der_aid_mgf1SHA384Identifier) - -#define DER_AID_V_mgf1SHA512Identifier \ - DER_P_SEQUENCE|DER_F_CONSTRUCTED, \ - DER_OID_SZ_id_mgf1 + DER_AID_SZ_sha512Identifier, \ - DER_OID_V_id_mgf1, \ - DER_AID_V_sha512Identifier -static const unsigned char der_aid_mgf1SHA512Identifier[] = { - DER_AID_V_mgf1SHA512Identifier -}; -#define DER_AID_SZ_mgf1SHA512Identifier sizeof(der_aid_mgf1SHA512Identifier) - -#define DER_AID_V_mgf1SHA512_224Identifier \ - DER_P_SEQUENCE|DER_F_CONSTRUCTED, \ - DER_OID_SZ_id_mgf1 + DER_AID_SZ_sha512_224Identifier, \ - DER_OID_V_id_mgf1, \ - DER_AID_V_sha512_224Identifier -static const unsigned char der_aid_mgf1SHA512_224Identifier[] = { - DER_AID_V_mgf1SHA512_224Identifier -}; -#define DER_AID_SZ_mgf1SHA512_224Identifier sizeof(der_aid_mgf1SHA512_224Identifier) - -#define DER_AID_V_mgf1SHA512_256Identifier \ - DER_P_SEQUENCE|DER_F_CONSTRUCTED, \ - DER_OID_SZ_id_mgf1 + DER_AID_SZ_sha512_256Identifier, \ - DER_OID_V_id_mgf1, \ - DER_AID_V_sha512_256Identifier -static const unsigned char der_aid_mgf1SHA512_256Identifier[] = { - DER_AID_V_mgf1SHA512_256Identifier -}; -#define DER_AID_SZ_mgf1SHA512_256Identifier sizeof(der_aid_mgf1SHA512_256Identifier) - - -#define MGF1_SHA_CASE(bits, var) \ - case NID_sha##bits: \ - var = der_aid_mgf1SHA##bits##Identifier; \ - var##_sz = sizeof(der_aid_mgf1SHA##bits##Identifier); \ - break; - -/*- - * The name is borrowed from https://tools.ietf.org/html/rfc8017#appendix-A.2.1 - * - * MaskGenAlgorithm ::= AlgorithmIdentifier { {PKCS1MGFAlgorithms} } - */ -static int DER_w_MaskGenAlgorithm(WPACKET *pkt, int tag, - const RSA_PSS_PARAMS_30 *pss) -{ - if (pss != NULL && rsa_pss_params_30_maskgenalg(pss) == NID_mgf1) { - int maskgenhashalg_nid = rsa_pss_params_30_maskgenhashalg(pss); - const unsigned char *maskgenalg = NULL; - size_t maskgenalg_sz = 0; - - switch (maskgenhashalg_nid) { - case NID_sha1: - break; - MGF1_SHA_CASE(224, maskgenalg); - MGF1_SHA_CASE(256, maskgenalg); - MGF1_SHA_CASE(384, maskgenalg); - MGF1_SHA_CASE(512, maskgenalg); - MGF1_SHA_CASE(512_224, maskgenalg); - MGF1_SHA_CASE(512_256, maskgenalg); - default: - return 0; - } - - /* If there is none (or it was the default), we write nothing */ - if (maskgenalg == NULL) - return 1; - - return DER_w_precompiled(pkt, tag, maskgenalg, maskgenalg_sz); - } - return 0; -} - -#define OAEP_PSS_MD_CASE(name, var) \ - case NID_##name: \ - var = der_oid_id_##name; \ - var##_sz = sizeof(der_oid_id_##name); \ - break; - -int DER_w_RSASSA_PSS_params(WPACKET *pkt, int tag, const RSA_PSS_PARAMS_30 *pss) -{ - int hashalg_nid, default_hashalg_nid; - int saltlen, default_saltlen; - int trailerfield, default_trailerfield; - const unsigned char *hashalg = NULL; - size_t hashalg_sz = 0; - - /* - * For an unrestricted key, this function should not have been called; - * the caller must be in control, because unrestricted keys are permitted - * in some situations (when encoding the public key in a SubjectKeyInfo, - * for example) while not in others, and this function doesn't know the - * intent. Therefore, we assert that here, the PSS parameters must show - * that the key is restricted. - */ - if (!ossl_assert(pss != NULL && !rsa_pss_params_30_is_unrestricted(pss))) - return 0; - - hashalg_nid = rsa_pss_params_30_hashalg(pss); - saltlen = rsa_pss_params_30_saltlen(pss); - trailerfield = rsa_pss_params_30_trailerfield(pss); - - /* Getting default values */ - default_hashalg_nid = rsa_pss_params_30_hashalg(NULL); - default_saltlen = rsa_pss_params_30_saltlen(NULL); - default_trailerfield = rsa_pss_params_30_trailerfield(NULL); - - /* - * From https://tools.ietf.org/html/rfc8017#appendix-A.2.1: - * - * OAEP-PSSDigestAlgorithms ALGORITHM-IDENTIFIER ::= { - * { OID id-sha1 PARAMETERS NULL }| - * { OID id-sha224 PARAMETERS NULL }| - * { OID id-sha256 PARAMETERS NULL }| - * { OID id-sha384 PARAMETERS NULL }| - * { OID id-sha512 PARAMETERS NULL }| - * { OID id-sha512-224 PARAMETERS NULL }| - * { OID id-sha512-256 PARAMETERS NULL }, - * ... -- Allows for future expansion -- - * } - */ - switch (hashalg_nid) { - OAEP_PSS_MD_CASE(sha1, hashalg); - OAEP_PSS_MD_CASE(sha224, hashalg); - OAEP_PSS_MD_CASE(sha256, hashalg); - OAEP_PSS_MD_CASE(sha384, hashalg); - OAEP_PSS_MD_CASE(sha512, hashalg); - OAEP_PSS_MD_CASE(sha512_224, hashalg); - OAEP_PSS_MD_CASE(sha512_256, hashalg); - default: - return 0; - } - - return DER_w_begin_sequence(pkt, tag) - && (trailerfield == default_trailerfield - || DER_w_ulong(pkt, 3, trailerfield)) - && (saltlen == default_saltlen || DER_w_ulong(pkt, 2, saltlen)) - && DER_w_MaskGenAlgorithm(pkt, 1, pss) - && (hashalg_nid == default_hashalg_nid - || DER_w_precompiled(pkt, 0, hashalg, hashalg_sz)) - && DER_w_end_sequence(pkt, tag); -} - -/* Aliases so we can have a uniform RSA_CASE */ -#define der_oid_rsassaPss der_oid_id_RSASSA_PSS - -#define RSA_CASE(name, var) \ - var##_nid = NID_##name; \ - var##_oid = der_oid_##name; \ - var##_oid_sz = sizeof(der_oid_##name); \ - break; - -int DER_w_algorithmIdentifier_RSA(WPACKET *pkt, int tag, RSA *rsa) -{ - int rsa_nid = NID_undef; - const unsigned char *rsa_oid = NULL; - size_t rsa_oid_sz = 0; - RSA_PSS_PARAMS_30 *pss_params = rsa_get0_pss_params_30(rsa); - - switch (RSA_test_flags(rsa, RSA_FLAG_TYPE_MASK)) { - case RSA_FLAG_TYPE_RSA: - RSA_CASE(rsaEncryption, rsa); - case RSA_FLAG_TYPE_RSASSAPSS: - RSA_CASE(rsassaPss, rsa); - } - - if (rsa_oid == NULL) - return 0; - - return DER_w_begin_sequence(pkt, tag) - && (rsa_nid != NID_rsassaPss - || rsa_pss_params_30_is_unrestricted(pss_params) - || DER_w_RSASSA_PSS_params(pkt, -1, pss_params)) - && DER_w_precompiled(pkt, -1, rsa_oid, rsa_oid_sz) - && DER_w_end_sequence(pkt, tag); -} - -/* Aliases so we can have a uniform MD_with_RSA_CASE */ -#define der_oid_sha3_224WithRSAEncryption \ - der_oid_id_rsassa_pkcs1_v1_5_with_sha3_224 -#define der_oid_sha3_256WithRSAEncryption \ - der_oid_id_rsassa_pkcs1_v1_5_with_sha3_256 -#define der_oid_sha3_384WithRSAEncryption \ - der_oid_id_rsassa_pkcs1_v1_5_with_sha3_384 -#define der_oid_sha3_512WithRSAEncryption \ - der_oid_id_rsassa_pkcs1_v1_5_with_sha3_512 - -#define MD_with_RSA_CASE(name, var) \ - case NID_##name: \ - var = der_oid_##name##WithRSAEncryption; \ - var##_sz = sizeof(der_oid_##name##WithRSAEncryption); \ - break; - -int DER_w_algorithmIdentifier_RSA_with(WPACKET *pkt, int tag, - RSA *rsa, int mdnid) -{ - const unsigned char *precompiled = NULL; - size_t precompiled_sz = 0; - - switch (mdnid) { -#ifndef FIPS_MODULE - MD_with_RSA_CASE(md2, precompiled); - MD_with_RSA_CASE(md5, precompiled); - MD_with_RSA_CASE(md4, precompiled); - MD_with_RSA_CASE(ripemd160, precompiled); -/* TODO(3.0) Decide what to do about mdc2 and md5_sha1 */ -#endif - MD_with_RSA_CASE(sha1, precompiled); - MD_with_RSA_CASE(sha224, precompiled); - MD_with_RSA_CASE(sha256, precompiled); - MD_with_RSA_CASE(sha384, precompiled); - MD_with_RSA_CASE(sha512, precompiled); - MD_with_RSA_CASE(sha512_224, precompiled); - MD_with_RSA_CASE(sha512_256, precompiled); - MD_with_RSA_CASE(sha3_224, precompiled); - MD_with_RSA_CASE(sha3_256, precompiled); - MD_with_RSA_CASE(sha3_384, precompiled); - MD_with_RSA_CASE(sha3_512, precompiled); - default: - return 0; - } - - return DER_w_begin_sequence(pkt, tag) - /* No parameters (yet?) */ - && DER_w_precompiled(pkt, -1, precompiled, precompiled_sz) - && DER_w_end_sequence(pkt, tag); -} diff --git a/providers/common/der/der_rsa.h.in b/providers/common/der/der_rsa.h.in index 53f6227825..c744fc25c5 100644 --- a/providers/common/der/der_rsa.h.in +++ b/providers/common/der/der_rsa.h.in @@ -13,14 +13,16 @@ /* Well known OIDs precompiled */ {- $OUT = oids_to_c::process_leaves('providers/common/der/NIST.asn1', - 'providers/common/der/DIGESTS.asn1', 'providers/common/der/RSA.asn1', { dir => $config{sourcedir}, filter => \&oids_to_c::filter_to_H }); -} +/* PSS parameters */ int DER_w_RSASSA_PSS_params(WPACKET *pkt, int tag, const RSA_PSS_PARAMS_30 *pss); +/* Subject Public Key Info */ int DER_w_algorithmIdentifier_RSA(WPACKET *pkt, int tag, RSA *rsa); -int DER_w_algorithmIdentifier_RSA_with(WPACKET *pkt, int tag, - RSA *rsa, int mdnid); +/* Signature */ +int DER_w_algorithmIdentifier_MDWithRSAEncryption(WPACKET *pkt, int tag, + RSA *rsa, int mdnid); diff --git a/providers/common/der/der_rsa_gen.c.in b/providers/common/der/der_rsa_gen.c.in new file mode 100644 index 0000000000..0d1ca0b10b --- /dev/null +++ b/providers/common/der/der_rsa_gen.c.in @@ -0,0 +1,18 @@ +/* + * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include "prov/der_rsa.h" + +/* Well known OIDs precompiled */ +{- + $OUT = oids_to_c::process_leaves('providers/common/der/NIST.asn1', + 'providers/common/der/RSA.asn1', + { dir => $config{sourcedir}, + filter => \&oids_to_c::filter_to_C }); +-} diff --git a/providers/common/der/der_rsa_key.c b/providers/common/der/der_rsa_key.c new file mode 100644 index 0000000000..bd2de4a6c3 --- /dev/null +++ b/providers/common/der/der_rsa_key.c @@ -0,0 +1,374 @@ +/* + * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include "internal/cryptlib.h" +#include "prov/der_rsa.h" +#include "prov/der_digests.h" + +/* More complex pre-compiled sequences. TODO(3.0) refactor? */ +/*- + * From https://tools.ietf.org/html/rfc8017#appendix-A.2.1 + * + * OAEP-PSSDigestAlgorithms ALGORITHM-IDENTIFIER ::= { + * { OID id-sha1 PARAMETERS NULL }| + * { OID id-sha224 PARAMETERS NULL }| + * { OID id-sha256 PARAMETERS NULL }| + * { OID id-sha384 PARAMETERS NULL }| + * { OID id-sha512 PARAMETERS NULL }| + * { OID id-sha512-224 PARAMETERS NULL }| + * { OID id-sha512-256 PARAMETERS NULL }, + * ... -- Allows for future expansion -- + * } + */ +#define DER_V_NULL DER_P_NULL, 0 +#define DER_SZ_NULL 2 + +/* + * The names for the hash function AlgorithmIdentifiers are borrowed and + * expanded from https://tools.ietf.org/html/rfc4055#section-2.1 + * + * sha1Identifier AlgorithmIdentifier ::= { id-sha1, NULL } + * sha224Identifier AlgorithmIdentifier ::= { id-sha224, NULL } + * sha256Identifier AlgorithmIdentifier ::= { id-sha256, NULL } + * sha384Identifier AlgorithmIdentifier ::= { id-sha384, NULL } + * sha512Identifier AlgorithmIdentifier ::= { id-sha512, NULL } + */ +/* + * NOTE: Some of the arrays aren't used other than inside sizeof(), which + * clang complains about (-Wno-unneeded-internal-declaration). To get + * around that, we make them non-static, and declare them an extra time to + * avoid compilers complaining about definitions without declarations. + */ +#if 0 /* Currently unused */ +#define DER_AID_V_sha1Identifier \ + DER_P_SEQUENCE|DER_F_CONSTRUCTED, \ + DER_OID_SZ_id_sha1 + DER_SZ_NULL, \ + DER_OID_V_id_sha1, \ + DER_V_NULL +extern const unsigned char der_aid_sha1Identifier[]; +const unsigned char der_aid_sha1Identifier[] = { + DER_AID_V_sha1Identifier +}; +#define DER_AID_SZ_sha1Identifier sizeof(der_aid_sha1Identifier) +#endif + +#define DER_AID_V_sha224Identifier \ + DER_P_SEQUENCE|DER_F_CONSTRUCTED, \ + DER_OID_SZ_id_sha224 + DER_SZ_NULL, \ + DER_OID_V_id_sha224, \ + DER_V_NULL +extern const unsigned char der_aid_sha224Identifier[]; +const unsigned char der_aid_sha224Identifier[] = { + DER_AID_V_sha224Identifier +}; +#define DER_AID_SZ_sha224Identifier sizeof(der_aid_sha224Identifier) + +#define DER_AID_V_sha256Identifier \ + DER_P_SEQUENCE|DER_F_CONSTRUCTED, \ + DER_OID_SZ_id_sha256 + DER_SZ_NULL, \ + DER_OID_V_id_sha256, \ + DER_V_NULL +extern const unsigned char der_aid_sha256Identifier[]; +const unsigned char der_aid_sha256Identifier[] = { + DER_AID_V_sha256Identifier +}; +#define DER_AID_SZ_sha256Identifier sizeof(der_aid_sha256Identifier) + +#define DER_AID_V_sha384Identifier \ + DER_P_SEQUENCE|DER_F_CONSTRUCTED, \ + DER_OID_SZ_id_sha384 + DER_SZ_NULL, \ + DER_OID_V_id_sha384, \ + DER_V_NULL +extern const unsigned char der_aid_sha384Identifier[]; +const unsigned char der_aid_sha384Identifier[] = { + DER_AID_V_sha384Identifier +}; +#define DER_AID_SZ_sha384Identifier sizeof(der_aid_sha384Identifier) + +#define DER_AID_V_sha512Identifier \ + DER_P_SEQUENCE|DER_F_CONSTRUCTED, \ + DER_OID_SZ_id_sha512 + DER_SZ_NULL, \ + DER_OID_V_id_sha512, \ + DER_V_NULL +extern const unsigned char der_aid_sha512Identifier[]; +const unsigned char der_aid_sha512Identifier[] = { + DER_AID_V_sha512Identifier +}; +#define DER_AID_SZ_sha512Identifier sizeof(der_aid_sha512Identifier) + +#define DER_AID_V_sha512_224Identifier \ + DER_P_SEQUENCE|DER_F_CONSTRUCTED, \ + DER_OID_SZ_id_sha512_224 + DER_SZ_NULL, \ + DER_OID_V_id_sha512_224, \ + DER_V_NULL +extern const unsigned char der_aid_sha512_224Identifier[]; +const unsigned char der_aid_sha512_224Identifier[] = { + DER_AID_V_sha512_224Identifier +}; +#define DER_AID_SZ_sha512_224Identifier sizeof(der_aid_sha512_224Identifier) + +#define DER_AID_V_sha512_256Identifier \ + DER_P_SEQUENCE|DER_F_CONSTRUCTED, \ + DER_OID_SZ_id_sha512_256 + DER_SZ_NULL, \ + DER_OID_V_id_sha512_256, \ + DER_V_NULL +extern const unsigned char der_aid_sha512_256Identifier[]; +const unsigned char der_aid_sha512_256Identifier[] = { + DER_AID_V_sha512_256Identifier +}; +#define DER_AID_SZ_sha512_256Identifier sizeof(der_aid_sha512_256Identifier) + +/*- + * From https://tools.ietf.org/html/rfc8017#appendix-A.2.1 + * + * HashAlgorithm ::= AlgorithmIdentifier { + * {OAEP-PSSDigestAlgorithms} + * } + * + * ... + * + * PKCS1MGFAlgorithms ALGORITHM-IDENTIFIER ::= { + * { OID id-mgf1 PARAMETERS HashAlgorithm }, + * ... -- Allows for future expansion -- + * } + */ + +/* + * The names for the MGF1 AlgorithmIdentifiers are borrowed and expanded + * from https://tools.ietf.org/html/rfc4055#section-2.1 + * + * mgf1SHA1Identifier AlgorithmIdentifier ::= + * { id-mgf1, sha1Identifier } + * mgf1SHA224Identifier AlgorithmIdentifier ::= + * { id-mgf1, sha224Identifier } + * mgf1SHA256Identifier AlgorithmIdentifier ::= + * { id-mgf1, sha256Identifier } + * mgf1SHA384Identifier AlgorithmIdentifier ::= + * { id-mgf1, sha384Identifier } + * mgf1SHA512Identifier AlgorithmIdentifier ::= + * { id-mgf1, sha512Identifier } + */ +#if 0 /* Currently unused */ +#define DER_AID_V_mgf1SHA1Identifier \ + DER_P_SEQUENCE|DER_F_CONSTRUCTED, \ + DER_OID_SZ_id_mgf1 + DER_AID_SZ_sha1Identifier, \ + DER_OID_V_id_mgf1, \ + DER_AID_V_sha1Identifier +static const unsigned char der_aid_mgf1SHA1Identifier[] = { + DER_AID_V_mgf1SHA1Identifier +}; +#define DER_AID_SZ_mgf1SHA1Identifier sizeof(der_aid_mgf1SHA1Identifier) +#endif + +#define DER_AID_V_mgf1SHA224Identifier \ + DER_P_SEQUENCE|DER_F_CONSTRUCTED, \ + DER_OID_SZ_id_mgf1 + DER_AID_SZ_sha224Identifier, \ + DER_OID_V_id_mgf1, \ + DER_AID_V_sha224Identifier +static const unsigned char der_aid_mgf1SHA224Identifier[] = { + DER_AID_V_mgf1SHA224Identifier +}; +#define DER_AID_SZ_mgf1SHA224Identifier sizeof(der_aid_mgf1SHA224Identifier) + +#define DER_AID_V_mgf1SHA256Identifier \ + DER_P_SEQUENCE|DER_F_CONSTRUCTED, \ + DER_OID_SZ_id_mgf1 + DER_AID_SZ_sha256Identifier, \ + DER_OID_V_id_mgf1, \ + DER_AID_V_sha256Identifier +static const unsigned char der_aid_mgf1SHA256Identifier[] = { + DER_AID_V_mgf1SHA256Identifier +}; +#define DER_AID_SZ_mgf1SHA256Identifier sizeof(der_aid_mgf1SHA256Identifier) + +#define DER_AID_V_mgf1SHA384Identifier \ + DER_P_SEQUENCE|DER_F_CONSTRUCTED, \ + DER_OID_SZ_id_mgf1 + DER_AID_SZ_sha384Identifier, \ + DER_OID_V_id_mgf1, \ + DER_AID_V_sha384Identifier +static const unsigned char der_aid_mgf1SHA384Identifier[] = { + DER_AID_V_mgf1SHA384Identifier +}; +#define DER_AID_SZ_mgf1SHA384Identifier sizeof(der_aid_mgf1SHA384Identifier) + +#define DER_AID_V_mgf1SHA512Identifier \ + DER_P_SEQUENCE|DER_F_CONSTRUCTED, \ + DER_OID_SZ_id_mgf1 + DER_AID_SZ_sha512Identifier, \ + DER_OID_V_id_mgf1, \ + DER_AID_V_sha512Identifier +static const unsigned char der_aid_mgf1SHA512Identifier[] = { + DER_AID_V_mgf1SHA512Identifier +}; +#define DER_AID_SZ_mgf1SHA512Identifier sizeof(der_aid_mgf1SHA512Identifier) + +#define DER_AID_V_mgf1SHA512_224Identifier \ + DER_P_SEQUENCE|DER_F_CONSTRUCTED, \ + DER_OID_SZ_id_mgf1 + DER_AID_SZ_sha512_224Identifier, \ + DER_OID_V_id_mgf1, \ + DER_AID_V_sha512_224Identifier +static const unsigned char der_aid_mgf1SHA512_224Identifier[] = { + DER_AID_V_mgf1SHA512_224Identifier +}; +#define DER_AID_SZ_mgf1SHA512_224Identifier sizeof(der_aid_mgf1SHA512_224Identifier) + +#define DER_AID_V_mgf1SHA512_256Identifier \ + DER_P_SEQUENCE|DER_F_CONSTRUCTED, \ + DER_OID_SZ_id_mgf1 + DER_AID_SZ_sha512_256Identifier, \ + DER_OID_V_id_mgf1, \ + DER_AID_V_sha512_256Identifier +static const unsigned char der_aid_mgf1SHA512_256Identifier[] = { + DER_AID_V_mgf1SHA512_256Identifier +}; +#define DER_AID_SZ_mgf1SHA512_256Identifier sizeof(der_aid_mgf1SHA512_256Identifier) + + +#define MGF1_SHA_CASE(bits, var) \ + case NID_sha##bits: \ + var = der_aid_mgf1SHA##bits##Identifier; \ + var##_sz = sizeof(der_aid_mgf1SHA##bits##Identifier); \ + break; + +/*- + * The name is borrowed from https://tools.ietf.org/html/rfc8017#appendix-A.2.1 + * + * MaskGenAlgorithm ::= AlgorithmIdentifier { {PKCS1MGFAlgorithms} } + */ +static int DER_w_MaskGenAlgorithm(WPACKET *pkt, int tag, + const RSA_PSS_PARAMS_30 *pss) +{ + if (pss != NULL && rsa_pss_params_30_maskgenalg(pss) == NID_mgf1) { + int maskgenhashalg_nid = rsa_pss_params_30_maskgenhashalg(pss); + const unsigned char *maskgenalg = NULL; + size_t maskgenalg_sz = 0; + + switch (maskgenhashalg_nid) { + case NID_sha1: + break; + MGF1_SHA_CASE(224, maskgenalg); + MGF1_SHA_CASE(256, maskgenalg); + MGF1_SHA_CASE(384, maskgenalg); + MGF1_SHA_CASE(512, maskgenalg); + MGF1_SHA_CASE(512_224, maskgenalg); + MGF1_SHA_CASE(512_256, maskgenalg); + default: + return 0; + } + + /* If there is none (or it was the default), we write nothing */ + if (maskgenalg == NULL) + return 1; + + return DER_w_precompiled(pkt, tag, maskgenalg, maskgenalg_sz); + } + return 0; +} + +#define OAEP_PSS_MD_CASE(name, var) \ + case NID_##name: \ + var = der_oid_id_##name; \ + var##_sz = sizeof(der_oid_id_##name); \ + break; + +int DER_w_RSASSA_PSS_params(WPACKET *pkt, int tag, const RSA_PSS_PARAMS_30 *pss) +{ + int hashalg_nid, default_hashalg_nid; + int saltlen, default_saltlen; + int trailerfield, default_trailerfield; + const unsigned char *hashalg = NULL; + size_t hashalg_sz = 0; + + /* + * For an unrestricted key, this function should not have been called; + * the caller must be in control, because unrestricted keys are permitted + * in some situations (when encoding the public key in a SubjectKeyInfo, + * for example) while not in others, and this function doesn't know the + * intent. Therefore, we assert that here, the PSS parameters must show + * that the key is restricted. + */ + if (!ossl_assert(pss != NULL && !rsa_pss_params_30_is_unrestricted(pss))) + return 0; + + hashalg_nid = rsa_pss_params_30_hashalg(pss); + saltlen = rsa_pss_params_30_saltlen(pss); + trailerfield = rsa_pss_params_30_trailerfield(pss); + + /* Getting default values */ + default_hashalg_nid = rsa_pss_params_30_hashalg(NULL); + default_saltlen = rsa_pss_params_30_saltlen(NULL); + default_trailerfield = rsa_pss_params_30_trailerfield(NULL); + + /* + * From https://tools.ietf.org/html/rfc8017#appendix-A.2.1: + * + * OAEP-PSSDigestAlgorithms ALGORITHM-IDENTIFIER ::= { + * { OID id-sha1 PARAMETERS NULL }| + * { OID id-sha224 PARAMETERS NULL }| + * { OID id-sha256 PARAMETERS NULL }| + * { OID id-sha384 PARAMETERS NULL }| + * { OID id-sha512 PARAMETERS NULL }| + * { OID id-sha512-224 PARAMETERS NULL }| + * { OID id-sha512-256 PARAMETERS NULL }, + * ... -- Allows for future expansion -- + * } + */ + switch (hashalg_nid) { + OAEP_PSS_MD_CASE(sha1, hashalg); + OAEP_PSS_MD_CASE(sha224, hashalg); + OAEP_PSS_MD_CASE(sha256, hashalg); + OAEP_PSS_MD_CASE(sha384, hashalg); + OAEP_PSS_MD_CASE(sha512, hashalg); + OAEP_PSS_MD_CASE(sha512_224, hashalg); + OAEP_PSS_MD_CASE(sha512_256, hashalg); + default: + return 0; + } + + return DER_w_begin_sequence(pkt, tag) + && (trailerfield == default_trailerfield + || DER_w_ulong(pkt, 3, trailerfield)) + && (saltlen == default_saltlen || DER_w_ulong(pkt, 2, saltlen)) + && DER_w_MaskGenAlgorithm(pkt, 1, pss) + && (hashalg_nid == default_hashalg_nid + || DER_w_precompiled(pkt, 0, hashalg, hashalg_sz)) + && DER_w_end_sequence(pkt, tag); +} + +/* Aliases so we can have a uniform RSA_CASE */ +#define der_oid_rsassaPss der_oid_id_RSASSA_PSS + +#define RSA_CASE(name, var) \ + var##_nid = NID_##name; \ + var##_oid = der_oid_##name; \ + var##_oid_sz = sizeof(der_oid_##name); \ + break; + +int DER_w_algorithmIdentifier_RSA(WPACKET *pkt, int tag, RSA *rsa) +{ + int rsa_nid = NID_undef; + const unsigned char *rsa_oid = NULL; + size_t rsa_oid_sz = 0; + RSA_PSS_PARAMS_30 *pss_params = rsa_get0_pss_params_30(rsa); + + switch (RSA_test_flags(rsa, RSA_FLAG_TYPE_MASK)) { + case RSA_FLAG_TYPE_RSA: + RSA_CASE(rsaEncryption, rsa); + case RSA_FLAG_TYPE_RSASSAPSS: + RSA_CASE(rsassaPss, rsa); + } + + if (rsa_oid == NULL) + return 0; + + return DER_w_begin_sequence(pkt, tag) + && (rsa_nid != NID_rsassaPss + || rsa_pss_params_30_is_unrestricted(pss_params) + || DER_w_RSASSA_PSS_params(pkt, -1, pss_params)) + && DER_w_precompiled(pkt, -1, rsa_oid, rsa_oid_sz) + && DER_w_end_sequence(pkt, tag); +} diff --git a/providers/common/der/der_rsa_sig.c b/providers/common/der/der_rsa_sig.c new file mode 100644 index 0000000000..a1ab263dc1 --- /dev/null +++ b/providers/common/der/der_rsa_sig.c @@ -0,0 +1,64 @@ +/* + * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include "internal/packet.h" +#include "prov/der_rsa.h" +#include "prov/der_digests.h" + +/* Aliases so we can have a uniform MD_with_RSA_CASE */ +#define der_oid_sha3_224WithRSAEncryption \ + der_oid_id_rsassa_pkcs1_v1_5_with_sha3_224 +#define der_oid_sha3_256WithRSAEncryption \ + der_oid_id_rsassa_pkcs1_v1_5_with_sha3_256 +#define der_oid_sha3_384WithRSAEncryption \ + der_oid_id_rsassa_pkcs1_v1_5_with_sha3_384 +#define der_oid_sha3_512WithRSAEncryption \ + der_oid_id_rsassa_pkcs1_v1_5_with_sha3_512 + +#define MD_with_RSA_CASE(name, var) \ + case NID_##name: \ + var = der_oid_##name##WithRSAEncryption; \ + var##_sz = sizeof(der_oid_##name##WithRSAEncryption); \ + break; + +int DER_w_algorithmIdentifier_MDWithRSAEncryption(WPACKET *pkt, int tag, + RSA *rsa, int mdnid) +{ + const unsigned char *precompiled = NULL; + size_t precompiled_sz = 0; + + switch (mdnid) { +#ifndef FIPS_MODULE + MD_with_RSA_CASE(md2, precompiled); + MD_with_RSA_CASE(md5, precompiled); + MD_with_RSA_CASE(md4, precompiled); + MD_with_RSA_CASE(ripemd160, precompiled); +/* TODO(3.0) Decide what to do about mdc2 and md5_sha1 */ +#endif + MD_with_RSA_CASE(sha1, precompiled); + MD_with_RSA_CASE(sha224, precompiled); + MD_with_RSA_CASE(sha256, precompiled); + MD_with_RSA_CASE(sha384, precompiled); + MD_with_RSA_CASE(sha512, precompiled); + MD_with_RSA_CASE(sha512_224, precompiled); + MD_with_RSA_CASE(sha512_256, precompiled); + MD_with_RSA_CASE(sha3_224, precompiled); + MD_with_RSA_CASE(sha3_256, precompiled); + MD_with_RSA_CASE(sha3_384, precompiled); + MD_with_RSA_CASE(sha3_512, precompiled); + default: + return 0; + } + + return DER_w_begin_sequence(pkt, tag) + /* No parameters (yet?) */ + && DER_w_precompiled(pkt, -1, precompiled, precompiled_sz) + && DER_w_end_sequence(pkt, tag); +} diff --git a/providers/common/der/oids_to_c.pm b/providers/common/der/oids_to_c.pm index 64e6c07df3..dee326316b 100644 --- a/providers/common/der/oids_to_c.pm +++ b/providers/common/der/oids_to_c.pm @@ -28,12 +28,19 @@ use Data::Dumper; sub filter_to_H { my ($name, $comment) = @{ shift() }; my @oid_nums = @_; + my $oid_size = scalar @oid_nums; + (my $C_comment = $comment) =~ s|^| * |msg; + $C_comment = "\n/*\n${C_comment}\n */" if $C_comment ne ''; (my $C_name = $name) =~ s|-|_|g; my $C_bytes_size = 2 + scalar @_; + my $C_bytes = join(', ', map { sprintf("0x%02X", $_) } @oid_nums ); return <<"_____"; -extern const unsigned char der_oid_${C_name}[$C_bytes_size]; +$C_comment +#define DER_OID_V_${C_name} DER_P_OBJECT, $oid_size, ${C_bytes} +#define DER_OID_SZ_${C_name} ${C_bytes_size} +extern const unsigned char der_oid_${C_name}[DER_OID_SZ_${C_name}]; _____ } @@ -48,12 +55,9 @@ sub filter_to_C { $C_comment = "\n/*\n${C_comment}\n */" if $C_comment ne ''; (my $C_name = $name) =~ s|-|_|g; my $C_bytes_size = 2 + $oid_size; - my $C_bytes = join(', ', map { sprintf("0x%02X", $_) } @oid_nums ); return <<"_____"; $C_comment -#define DER_OID_V_${C_name} DER_P_OBJECT, $oid_size, ${C_bytes} -#define DER_OID_SZ_${C_name} ${C_bytes_size} const unsigned char der_oid_${C_name}[DER_OID_SZ_${C_name}] = { DER_OID_V_${C_name} }; diff --git a/providers/implementations/signature/dsa.c b/providers/implementations/signature/dsa.c index bfab22488f..9227cb181c 100644 --- a/providers/implementations/signature/dsa.c +++ b/providers/implementations/signature/dsa.c @@ -177,7 +177,8 @@ static int dsa_setup_md(PROV_DSA_CTX *ctx, */ ctx->aid_len = 0; if (WPACKET_init_der(&pkt, ctx->aid_buf, sizeof(ctx->aid_buf)) - && DER_w_algorithmIdentifier_DSA_with(&pkt, -1, ctx->dsa, md_nid) + && DER_w_algorithmIdentifier_DSA_with_MD(&pkt, -1, ctx->dsa, + md_nid) && WPACKET_finish(&pkt)) { WPACKET_get_total_written(&pkt, &ctx->aid_len); ctx->aid = WPACKET_get_curr(&pkt); diff --git a/providers/implementations/signature/ecdsa.c b/providers/implementations/signature/ecdsa.c index 267950d537..d96f597a92 100644 --- a/providers/implementations/signature/ecdsa.c +++ b/providers/implementations/signature/ecdsa.c @@ -238,7 +238,7 @@ static int ecdsa_digest_signverify_init(void *vctx, const char *mdname, */ ctx->aid_len = 0; if (WPACKET_init_der(&pkt, ctx->aid_buf, sizeof(ctx->aid_buf)) - && DER_w_algorithmIdentifier_ECDSA_with(&pkt, -1, ctx->ec, md_nid) + && DER_w_algorithmIdentifier_ECDSA_with_MD(&pkt, -1, ctx->ec, md_nid) && WPACKET_finish(&pkt)) { WPACKET_get_total_written(&pkt, &ctx->aid_len); ctx->aid = WPACKET_get_curr(&pkt); diff --git a/providers/implementations/signature/rsa.c b/providers/implementations/signature/rsa.c index 4dc3a89878..6f62c2b648 100644 --- a/providers/implementations/signature/rsa.c +++ b/providers/implementations/signature/rsa.c @@ -254,7 +254,8 @@ static int rsa_setup_md(PROV_RSA_CTX *ctx, const char *mdname, */ ctx->aid_len = 0; if (WPACKET_init_der(&pkt, ctx->aid_buf, sizeof(ctx->aid_buf)) - && DER_w_algorithmIdentifier_RSA_with(&pkt, -1, ctx->rsa, md_nid) + && DER_w_algorithmIdentifier_MDWithRSAEncryption(&pkt, -1, ctx->rsa, + md_nid) && WPACKET_finish(&pkt)) { WPACKET_get_total_written(&pkt, &ctx->aid_len); ctx->aid = WPACKET_get_curr(&pkt);