From 29be60235b9bf86bb38f28349b405bb112250d4b Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Tue, 15 Oct 2019 21:31:45 +0200 Subject: [PATCH] New RSA keymgmt implementation to handle import / export of RSA keys Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/10190) --- crypto/rsa/rsa_ameth.c | 127 ++++++++- crypto/rsa/rsa_gen.c | 2 + crypto/rsa/rsa_lib.c | 4 + crypto/rsa/rsa_local.h | 2 + crypto/rsa/rsa_sp800_56b_gen.c | 2 + crypto/rsa/rsa_x931g.c | 2 + include/openssl/core_names.h | 21 ++ providers/defltprov.c | 1 + .../include/prov/implementations.h | 1 + providers/implementations/keymgmt/build.info | 2 + providers/implementations/keymgmt/rsa_kmgmt.c | 249 ++++++++++++++++++ 11 files changed, 411 insertions(+), 2 deletions(-) create mode 100644 providers/implementations/keymgmt/rsa_kmgmt.c diff --git a/crypto/rsa/rsa_ameth.c b/crypto/rsa/rsa_ameth.c index 69e7c5ea1a..d2f976f681 100644 --- a/crypto/rsa/rsa_ameth.c +++ b/crypto/rsa/rsa_ameth.c @@ -13,8 +13,11 @@ #include #include #include +#include +#include "internal/param_build.h" #include "crypto/asn1.h" #include "crypto/evp.h" +#include "crypto/rsa.h" #include "rsa_local.h" #ifndef OPENSSL_NO_CMS @@ -1045,6 +1048,114 @@ static int rsa_pkey_check(const EVP_PKEY *pkey) return RSA_check_key_ex(pkey->pkey.rsa, NULL); } +static size_t rsa_pkey_dirty_cnt(const EVP_PKEY *pkey) +{ + return pkey->pkey.rsa->dirty_cnt; +} + +DEFINE_SPECIAL_STACK_OF_CONST(BIGNUM_const, BIGNUM) + +static void *rsa_pkey_export_to(const EVP_PKEY *pk, EVP_KEYMGMT *keymgmt, + int want_domainparams) +{ + RSA *rsa = pk->pkey.rsa; + OSSL_PARAM_BLD tmpl; + const BIGNUM *n = RSA_get0_n(rsa), *e = RSA_get0_e(rsa); + const BIGNUM *d = RSA_get0_d(rsa); + STACK_OF(BIGNUM_const) *primes = NULL, *exps = NULL, *coeffs = NULL; + int numprimes = 0, numexps = 0, numcoeffs = 0; + OSSL_PARAM *params = NULL; + void *provkey = NULL; + + /* + * There are no domain parameters for RSA keys, or rather, they are + * included in the key data itself. + */ + if (want_domainparams) + goto err; + + /* Get all the primes and CRT params */ + if ((primes = sk_BIGNUM_const_new_null()) == NULL + || (exps = sk_BIGNUM_const_new_null()) == NULL + || (coeffs = sk_BIGNUM_const_new_null()) == NULL) + goto err; + + if (!rsa_get0_all_params(rsa, primes, exps, coeffs)) + goto err; + + /* Public parameters must always be present */ + if (n == NULL || e == NULL) + goto err; + + if (d != NULL) { + /* It's a private key, so we should have everything else too */ + numprimes = sk_BIGNUM_const_num(primes); + numexps = sk_BIGNUM_const_num(exps); + numcoeffs = sk_BIGNUM_const_num(coeffs); + + if (numprimes < 2 || numexps < 2 || numcoeffs < 1) + goto err; + + /* + * assert that an OSSL_PARAM_BLD has enough space. + * (the current 10 places doesn't have space for multi-primes) + */ + if (!ossl_assert(/* n, e */ 2 + /* d */ 1 + /* numprimes */ 1 + + numprimes + numexps + numcoeffs + <= OSSL_PARAM_BLD_MAX)) + goto err; + } + + ossl_param_bld_init(&tmpl); + if (!ossl_param_bld_push_BN(&tmpl, OSSL_PKEY_PARAM_RSA_N, n) + || !ossl_param_bld_push_BN(&tmpl, OSSL_PKEY_PARAM_RSA_E, e)) + goto err; + + if (d != NULL) { + int i; + + if (!ossl_param_bld_push_BN(&tmpl, OSSL_PKEY_PARAM_RSA_D, d)) + goto err; + + for (i = 0; i < numprimes; i++) { + const BIGNUM *num = sk_BIGNUM_const_value(primes, i); + + if (!ossl_param_bld_push_BN(&tmpl, OSSL_PKEY_PARAM_RSA_FACTOR, + num)) + goto err; + } + + for (i = 0; i < numexps; i++) { + const BIGNUM *num = sk_BIGNUM_const_value(exps, i); + + if (!ossl_param_bld_push_BN(&tmpl, OSSL_PKEY_PARAM_RSA_EXPONENT, + num)) + goto err; + } + + for (i = 0; i < numcoeffs; i++) { + const BIGNUM *num = sk_BIGNUM_const_value(coeffs, i); + + if (!ossl_param_bld_push_BN(&tmpl, OSSL_PKEY_PARAM_RSA_COEFFICIENT, + num)) + goto err; + } + } + + if ((params = ossl_param_bld_to_param(&tmpl)) == NULL) + goto err; + + /* We export, the provider imports */ + provkey = evp_keymgmt_importkey(keymgmt, params); + + err: + sk_BIGNUM_const_free(primes); + sk_BIGNUM_const_free(exps); + sk_BIGNUM_const_free(coeffs); + ossl_param_bld_free(params); + return provkey; +} + const EVP_PKEY_ASN1_METHOD rsa_asn1_meths[2] = { { EVP_PKEY_RSA, @@ -1077,7 +1188,13 @@ const EVP_PKEY_ASN1_METHOD rsa_asn1_meths[2] = { rsa_item_verify, rsa_item_sign, rsa_sig_info_set, - rsa_pkey_check + rsa_pkey_check, + + 0, 0, + 0, 0, 0, 0, + + rsa_pkey_dirty_cnt, + rsa_pkey_export_to }, { @@ -1116,5 +1233,11 @@ const EVP_PKEY_ASN1_METHOD rsa_pss_asn1_meth = { rsa_item_verify, rsa_item_sign, 0, - rsa_pkey_check + rsa_pkey_check, + + 0, 0, + 0, 0, 0, 0, + + rsa_pkey_dirty_cnt, + rsa_pkey_export_to }; diff --git a/crypto/rsa/rsa_gen.c b/crypto/rsa/rsa_gen.c index c87b709722..cb2abff6a1 100644 --- a/crypto/rsa/rsa_gen.c +++ b/crypto/rsa/rsa_gen.c @@ -108,6 +108,8 @@ static int rsa_builtin_keygen(RSA *rsa, int bits, int primes, BIGNUM *e_value, for (i = 0; i < primes; i++) bitsr[i] = (i < rmd) ? quo + 1 : quo; + rsa->dirty_cnt++; + /* We need the RSA components non-NULL */ if (!rsa->n && ((rsa->n = BN_new()) == NULL)) goto err; diff --git a/crypto/rsa/rsa_lib.c b/crypto/rsa/rsa_lib.c index 17ff7e7686..353b9d8725 100644 --- a/crypto/rsa/rsa_lib.c +++ b/crypto/rsa/rsa_lib.c @@ -328,6 +328,7 @@ int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d) r->d = d; BN_set_flags(r->d, BN_FLG_CONSTTIME); } + r->dirty_cnt++; return 1; } @@ -351,6 +352,7 @@ int RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q) r->q = q; BN_set_flags(r->q, BN_FLG_CONSTTIME); } + r->dirty_cnt++; return 1; } @@ -380,6 +382,7 @@ int RSA_set0_crt_params(RSA *r, BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp) r->iqmp = iqmp; BN_set_flags(r->iqmp, BN_FLG_CONSTTIME); } + r->dirty_cnt++; return 1; } @@ -444,6 +447,7 @@ int RSA_set0_multi_prime_params(RSA *r, BIGNUM *primes[], BIGNUM *exps[], } r->version = RSA_ASN1_VERSION_MULTI; + r->dirty_cnt++; return 1; err: diff --git a/crypto/rsa/rsa_local.h b/crypto/rsa/rsa_local.h index 204fde29fa..ae71567f7a 100644 --- a/crypto/rsa/rsa_local.h +++ b/crypto/rsa/rsa_local.h @@ -66,6 +66,8 @@ struct rsa_st { BN_BLINDING *blinding; BN_BLINDING *mt_blinding; CRYPTO_RWLOCK *lock; + + int dirty_cnt; }; struct rsa_meth_st { diff --git a/crypto/rsa/rsa_sp800_56b_gen.c b/crypto/rsa/rsa_sp800_56b_gen.c index c22b10cfbd..5474aaa4b5 100644 --- a/crypto/rsa/rsa_sp800_56b_gen.c +++ b/crypto/rsa/rsa_sp800_56b_gen.c @@ -118,6 +118,7 @@ int rsa_fips186_4_gen_prob_primes(RSA *rsa, BIGNUM *p1, BIGNUM *p2, continue; break; /* successfully finished */ } + rsa->dirty_cnt++; ret = 1; err: /* Zeroize any internally generated values that are not returned */ @@ -239,6 +240,7 @@ int rsa_sp800_56b_derive_params_from_pq(RSA *rsa, int nbits, || BN_mod_inverse(rsa->iqmp, rsa->q, rsa->p, ctx) == NULL) goto err; + rsa->dirty_cnt++; ret = 1; err: if (ret != 1) { diff --git a/crypto/rsa/rsa_x931g.c b/crypto/rsa/rsa_x931g.c index 3798d02b55..1f6042a3d2 100644 --- a/crypto/rsa/rsa_x931g.c +++ b/crypto/rsa/rsa_x931g.c @@ -131,6 +131,7 @@ int RSA_X931_derive_ex(RSA *rsa, BIGNUM *p1, BIGNUM *p2, BIGNUM *q1, if (rsa->iqmp == NULL) goto err; + rsa->dirty_cnt++; ret = 1; err: BN_CTX_end(ctx); @@ -184,6 +185,7 @@ int RSA_X931_generate_key_ex(RSA *rsa, int bits, const BIGNUM *e, NULL, NULL, NULL, NULL, NULL, NULL, e, cb)) goto error; + rsa->dirty_cnt++; ok = 1; error: diff --git a/include/openssl/core_names.h b/include/openssl/core_names.h index f0e6334d89..e7e5ea060e 100644 --- a/include/openssl/core_names.h +++ b/include/openssl/core_names.h @@ -159,6 +159,27 @@ extern "C" { #define OSSL_PKEY_PARAM_DSA_PUB_KEY "pub" #define OSSL_PKEY_PARAM_DSA_PRIV_KEY "priv" +/* RSA Keys */ +/* + * n, e, d are the usual public and private key components + * + * rsa-num is the number of factors, including p and q + * rsa-factor is used for each factor: p, q, r_i (i = 3, ...) + * rsa-exponent is used for each exponent: dP, dQ, d_i (i = 3, ...) + * rsa-coefficient is used for each coefficient: qInv, t_i (i = 3, ...) + * + * The number of rsa-factor items must be equal to the number of rsa-exponent + * items, and the number of rsa-coefficients must be one less. + * (the base i for the coefficients is 2, not 1, at least as implied by + * RFC 8017) + */ +#define OSSL_PKEY_PARAM_RSA_N "n" +#define OSSL_PKEY_PARAM_RSA_E "e" +#define OSSL_PKEY_PARAM_RSA_D "d" +#define OSSL_PKEY_PARAM_RSA_FACTOR "rsa-factor" +#define OSSL_PKEY_PARAM_RSA_EXPONENT "rsa-exponent" +#define OSSL_PKEY_PARAM_RSA_COEFFICIENT "rsa-coefficient" + /* Key Exchange parameters */ #define OSSL_EXCHANGE_PARAM_PAD "pad" /* uint */ diff --git a/providers/defltprov.c b/providers/defltprov.c index 2d457ae53f..8104227fff 100644 --- a/providers/defltprov.c +++ b/providers/defltprov.c @@ -364,6 +364,7 @@ static const OSSL_ALGORITHM deflt_keymgmt[] = { #ifndef OPENSSL_NO_DSA { "DSA", "default=yes", dsa_keymgmt_functions }, #endif + { "RSA", "default=yes", rsa_keymgmt_functions }, { NULL, NULL, NULL } }; diff --git a/providers/implementations/include/prov/implementations.h b/providers/implementations/include/prov/implementations.h index 44b0a6fbc2..16f2129115 100644 --- a/providers/implementations/include/prov/implementations.h +++ b/providers/implementations/include/prov/implementations.h @@ -241,6 +241,7 @@ extern const OSSL_DISPATCH kdf_x942_kdf_functions[]; /* Key management */ extern const OSSL_DISPATCH dh_keymgmt_functions[]; extern const OSSL_DISPATCH dsa_keymgmt_functions[]; +extern const OSSL_DISPATCH rsa_keymgmt_functions[]; /* Key Exchange */ extern const OSSL_DISPATCH dh_keyexch_functions[]; diff --git a/providers/implementations/keymgmt/build.info b/providers/implementations/keymgmt/build.info index dc6039b02d..f4a9d1a5de 100644 --- a/providers/implementations/keymgmt/build.info +++ b/providers/implementations/keymgmt/build.info @@ -3,6 +3,7 @@ $DH_GOAL=../../libimplementations.a $DSA_GOAL=../../libimplementations.a +$RSA_GOAL=../../libimplementations.a IF[{- !$disabled{dh} -}] SOURCE[$DH_GOAL]=dh_kmgmt.c @@ -10,3 +11,4 @@ ENDIF IF[{- !$disabled{dsa} -}] SOURCE[$DSA_GOAL]=dsa_kmgmt.c ENDIF +SOURCE[$RSA_GOAL]=rsa_kmgmt.c diff --git a/providers/implementations/keymgmt/rsa_kmgmt.c b/providers/implementations/keymgmt/rsa_kmgmt.c new file mode 100644 index 0000000000..aaa9815aa9 --- /dev/null +++ b/providers/implementations/keymgmt/rsa_kmgmt.c @@ -0,0 +1,249 @@ +/* + * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include +#include +#include +#include +#include +#include "prov/implementations.h" +#include "crypto/rsa.h" + +static OSSL_OP_keymgmt_importkey_fn rsa_importkey; +static OSSL_OP_keymgmt_exportkey_fn rsa_exportkey; + +DEFINE_STACK_OF(BIGNUM) +DEFINE_SPECIAL_STACK_OF_CONST(BIGNUM_const, BIGNUM) + +static int collect_numbers(STACK_OF(BIGNUM) *numbers, + const OSSL_PARAM params[], const char *key) +{ + const OSSL_PARAM *p = NULL; + + if (numbers == NULL) + return 0; + + for (p = params; (p = OSSL_PARAM_locate_const(p, key)) != NULL; p++) { + BIGNUM *tmp = NULL; + + if (!OSSL_PARAM_get_BN(p, &tmp)) + return 0; + sk_BIGNUM_push(numbers, tmp); + } + + return 1; +} + +static int params_to_key(RSA *rsa, const OSSL_PARAM params[]) +{ + const OSSL_PARAM *param_n, *param_e, *param_d; + BIGNUM *n = NULL, *e = NULL, *d = NULL; + STACK_OF(BIGNUM) *factors = NULL, *exps = NULL, *coeffs = NULL; + int is_private = 0; + + if (rsa == NULL) + return 0; + + param_n = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_N); + param_e = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_E); + param_d = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_D); + + if ((param_n != NULL && !OSSL_PARAM_get_BN(param_n, &n)) + || (param_e != NULL && !OSSL_PARAM_get_BN(param_e, &e)) + || (param_d != NULL && !OSSL_PARAM_get_BN(param_d, &d))) + goto err; + + is_private = (d != NULL); + + if (!RSA_set0_key(rsa, n, e, d)) + goto err; + n = e = d = NULL; + + if (is_private) { + if (!collect_numbers(factors = sk_BIGNUM_new_null(), params, + OSSL_PKEY_PARAM_RSA_FACTOR) + || !collect_numbers(exps = sk_BIGNUM_new_null(), params, + OSSL_PKEY_PARAM_RSA_EXPONENT) + || !collect_numbers(coeffs = sk_BIGNUM_new_null(), params, + OSSL_PKEY_PARAM_RSA_COEFFICIENT)) + goto err; + + /* It's ok if this private key just has n, e and d */ + if (sk_BIGNUM_num(factors) != 0 + && !rsa_set0_all_params(rsa, factors, exps, coeffs)) + goto err; + } + + sk_BIGNUM_free(factors); + sk_BIGNUM_free(exps); + sk_BIGNUM_free(coeffs); + return 1; + + err: + BN_free(n); + BN_free(e); + BN_free(d); + sk_BIGNUM_pop_free(factors, BN_free); + sk_BIGNUM_pop_free(exps, BN_free); + sk_BIGNUM_pop_free(coeffs, BN_free); + return 0; +} + +static int export_numbers(OSSL_PARAM params[], const char *key, + STACK_OF(BIGNUM_const) *numbers) +{ + OSSL_PARAM *p = NULL; + int i, nnum; + + if (numbers == NULL) + return 0; + + nnum = sk_BIGNUM_const_num(numbers); + + for (p = params, i = 0; + i < nnum && (p = OSSL_PARAM_locate(p, key)) != NULL; + p++, i++) { + if (!OSSL_PARAM_set_BN(p, sk_BIGNUM_const_value(numbers, i))) + return 0; + } + + /* + * If we didn't export the amount of numbers we have, the caller didn't + * specify enough OSSL_PARAM entries named |key|. + */ + return i == nnum; +} + +static int key_to_params(RSA *rsa, OSSL_PARAM params[]) +{ + int ret = 0; + OSSL_PARAM *p; + const BIGNUM *rsa_d = NULL, *rsa_n = NULL, *rsa_e = NULL; + STACK_OF(BIGNUM_const) *factors = sk_BIGNUM_const_new_null(); + STACK_OF(BIGNUM_const) *exps = sk_BIGNUM_const_new_null(); + STACK_OF(BIGNUM_const) *coeffs = sk_BIGNUM_const_new_null(); + + if (rsa == NULL || factors == NULL || exps == NULL || coeffs == NULL) + goto err; + + RSA_get0_key(rsa, &rsa_n, &rsa_e, &rsa_d); + rsa_get0_all_params(rsa, factors, exps, coeffs); + + if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_RSA_N)) != NULL + && !OSSL_PARAM_set_BN(p, rsa_n)) + goto err; + if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_RSA_E)) != NULL + && !OSSL_PARAM_set_BN(p, rsa_e)) + goto err; + if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_RSA_D)) != NULL + && !OSSL_PARAM_set_BN(p, rsa_d)) + goto err; + + if (!export_numbers(params, OSSL_PKEY_PARAM_RSA_FACTOR, factors) + || !export_numbers(params, OSSL_PKEY_PARAM_RSA_EXPONENT, exps) + || !export_numbers(params, OSSL_PKEY_PARAM_RSA_COEFFICIENT, coeffs)) + goto err; + + ret = 1; + err: + sk_BIGNUM_const_free(factors); + sk_BIGNUM_const_free(exps); + sk_BIGNUM_const_free(coeffs); + return ret; +} + +static void *rsa_importkey(void *provctx, const OSSL_PARAM params[]) +{ + RSA *rsa; + + if ((rsa = RSA_new()) == NULL + || !params_to_key(rsa, params)) { + RSA_free(rsa); + rsa = NULL; + } + return rsa; +} + +static int rsa_exportkey(void *key, OSSL_PARAM params[]) +{ + RSA *rsa = key; + + return rsa != NULL && key_to_params(rsa, params); +} + +/* + * This provider can export everything in an RSA key, so we use the exact + * same type description for export as for import. Other providers might + * choose to import full keys, but only export the public parts, and will + * therefore have the importkey_types and importkey_types functions return + * different arrays. + */ +static const OSSL_PARAM rsa_key_types[] = { + OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_N, NULL, 0), + OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_E, NULL, 0), + OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_D, NULL, 0), + /* We tolerate up to 10 factors... */ + OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR, NULL, 0), + OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR, NULL, 0), + OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR, NULL, 0), + OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR, NULL, 0), + OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR, NULL, 0), + OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR, NULL, 0), + OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR, NULL, 0), + OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR, NULL, 0), + OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR, NULL, 0), + OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR, NULL, 0), + /* ..., up to 10 CRT exponents... */ + OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT, NULL, 0), + OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT, NULL, 0), + OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT, NULL, 0), + OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT, NULL, 0), + OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT, NULL, 0), + OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT, NULL, 0), + OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT, NULL, 0), + OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT, NULL, 0), + OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT, NULL, 0), + OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT, NULL, 0), + /* ..., and up to 9 CRT coefficients */ + OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_COEFFICIENT, NULL, 0), + OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_COEFFICIENT, NULL, 0), + OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_COEFFICIENT, NULL, 0), + OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_COEFFICIENT, NULL, 0), + OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_COEFFICIENT, NULL, 0), + OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_COEFFICIENT, NULL, 0), + OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_COEFFICIENT, NULL, 0), + OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_COEFFICIENT, NULL, 0), + OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_COEFFICIENT, NULL, 0), +}; +/* + * We lied about the amount of factors, exponents and coefficients, the + * export and import functions can really deal with an infinite amount + * of these numbers. However, RSA keys with too many primes are futile, + * so we at least pretend to have some limits. + */ + +static const OSSL_PARAM *rsa_exportkey_types(void) +{ + return rsa_key_types; +} + +static const OSSL_PARAM *rsa_importkey_types(void) +{ + return rsa_key_types; +} + +const OSSL_DISPATCH rsa_keymgmt_functions[] = { + { OSSL_FUNC_KEYMGMT_IMPORTKEY, (void (*)(void))rsa_importkey }, + { OSSL_FUNC_KEYMGMT_IMPORTKEY_TYPES, (void (*)(void))rsa_importkey_types }, + { OSSL_FUNC_KEYMGMT_EXPORTKEY, (void (*)(void))rsa_exportkey }, + { OSSL_FUNC_KEYMGMT_EXPORTKEY_TYPES, (void (*)(void))rsa_exportkey_types }, + { OSSL_FUNC_KEYMGMT_FREEKEY, (void (*)(void))RSA_free }, + { 0, NULL } +}; -- 2.25.1