1119 lines
48 KiB
Diff
1119 lines
48 KiB
Diff
From f8a60b6678b1eb3ccadcb31f36bf7961ed8d5a9a Mon Sep 17 00:00:00 2001
|
|
From: Ingo Franzki <ifranzki@linux.ibm.com>
|
|
Date: Tue, 25 Apr 2023 16:23:52 +0200
|
|
Subject: [PATCH] provider: rsa: Check RSA keys with p < q at key generation
|
|
and import
|
|
|
|
Since OpenSSL 3.0 the OpenSSL RSA key generation taking place within libica
|
|
may generate RSA keys where p < q (privileged form). While such a key is
|
|
automatically corrected with the first call to libica's ica_rsa_crt(), such
|
|
correction modifies the libica RSA key object and may cause concurrency
|
|
problems when the same key object is used by multiple threads.
|
|
|
|
Check and correct such keys right after key generation or during import,
|
|
so that it is ensured that p > q whenever the key is used afterwards, and
|
|
thus no correction is applied by ica_rsa_crt() later on.
|
|
|
|
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
|
|
---
|
|
src/provider/rsa_keymgmt.c | 18 ++++++++++++++++++
|
|
1 file changed, 18 insertions(+)
|
|
|
|
diff --git a/src/provider/rsa_keymgmt.c b/src/provider/rsa_keymgmt.c
|
|
index aabf9d2..f83d90a 100644
|
|
--- a/src/provider/rsa_keymgmt.c
|
|
+++ b/src/provider/rsa_keymgmt.c
|
|
@@ -1203,6 +1203,15 @@ static void *ibmca_keymgmt_rsa_gen(void *vgenctx, OSSL_CALLBACK *osslcb,
|
|
}
|
|
}
|
|
|
|
+ /* If p < q, swap and recalculate now */
|
|
+ rc = ica_rsa_crt_key_check(&key->rsa.private);
|
|
+ if (rc > 1) {
|
|
+ put_error_op_ctx(genctx, IBMCA_ERR_INTERNAL_ERROR,
|
|
+ "ica_rsa_crt_key_check failed");
|
|
+ ibmca_keymgmt_free(key);
|
|
+ return NULL;
|
|
+ }
|
|
+
|
|
p = 3;
|
|
n = 0;
|
|
if (osslcb != NULL && osslcb(cb_params, cbarg) == 0) {
|
|
@@ -1823,6 +1832,15 @@ int ibmca_keymgmt_rsa_import(void *vkey, int selection,
|
|
"BN_bn2binpad failed for private qinv");
|
|
goto out;
|
|
}
|
|
+
|
|
+ /* If p < q, swap and recalculate now */
|
|
+ rc = ica_rsa_crt_key_check(&key->rsa.private);
|
|
+ if (rc > 1) {
|
|
+ rc = 0;
|
|
+ put_error_key(key, IBMCA_ERR_INTERNAL_ERROR,
|
|
+ "ica_rsa_crt_key_check failed");
|
|
+ goto out;
|
|
+ }
|
|
}
|
|
|
|
if ((selection & OSSL_KEYMGMT_SELECT_OTHER_PARAMETERS) != 0 &&
|
|
From acba1d936bd84c7090ed7d3849b0bab3c7f18da0 Mon Sep 17 00:00:00 2001
|
|
From: Ingo Franzki <ifranzki@linux.ibm.com>
|
|
Date: Fri, 7 Jul 2023 14:55:26 +0200
|
|
Subject: [PATCH] provider: Support importing of RSA keys with just ME
|
|
components
|
|
|
|
RSA private keys may contain just CRT (p, q, dp, dq, qinv) or ME (d)
|
|
components, or all of them. If an application imports a private RSA key
|
|
from just the ME components (m, e, and private d), then the IBMCA provider
|
|
can not use ica_rsa_crt() to perform private key operations.
|
|
|
|
Therefore let an RSA key also contain the private key components in ME
|
|
format, and use ica_rsa_mod_expo() if only the ME components are available.
|
|
RSA keys are still always generated in CRT format, but it now allows to
|
|
import an RSA private key in ME format.
|
|
|
|
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
|
|
---
|
|
src/provider/p_ibmca.h | 11 +-
|
|
src/provider/rsa_asym_cipher.c | 2 +-
|
|
src/provider/rsa_blinding.c | 31 +-
|
|
src/provider/rsa_keymgmt.c | 603 +++++++++++++++++++++------------
|
|
src/provider/rsa_signature.c | 2 +-
|
|
5 files changed, 427 insertions(+), 222 deletions(-)
|
|
|
|
diff --git a/src/provider/p_ibmca.h b/src/provider/p_ibmca.h
|
|
index 58f150f..3b3d4f0 100644
|
|
--- a/src/provider/p_ibmca.h
|
|
+++ b/src/provider/p_ibmca.h
|
|
@@ -124,7 +124,9 @@ struct ibmca_key {
|
|
union {
|
|
struct {
|
|
size_t bits;
|
|
- ica_rsa_key_crt_t private;
|
|
+ size_t keylength;
|
|
+ ica_rsa_key_crt_t private_crt;
|
|
+ ica_rsa_key_mod_expo_t private_me;
|
|
ica_rsa_key_mod_expo_t public;
|
|
struct ibmca_pss_params pss; /* For type EVP_PKEY_RSA_PSS only */
|
|
BN_BLINDING *blinding;
|
|
@@ -176,6 +178,9 @@ struct ibmca_op_ctx *ibmca_keymgmt_gen_init(
|
|
int (*dup_cb)
|
|
(const struct ibmca_op_ctx *ctx,
|
|
struct ibmca_op_ctx *new_ctx));
|
|
+bool ibmca_keymgmt_rsa_pub_valid(const ica_rsa_key_mod_expo_t *public);
|
|
+bool ibmca_keymgmt_rsa_priv_crt_valid(const ica_rsa_key_crt_t *private_crt);
|
|
+bool ibmca_keymgmt_rsa_priv_me_valid(const ica_rsa_key_mod_expo_t *private_me);
|
|
|
|
OSSL_FUNC_keymgmt_free_fn ibmca_keymgmt_free;
|
|
OSSL_FUNC_keymgmt_dup_fn ibmca_keymgmt_dup;
|
|
@@ -519,8 +524,8 @@ int ibmca_keymgmt_rsa_derive_kdk(struct ibmca_key *key,
|
|
|
|
int ibmca_keymgmt_rsa_pub_as_bn(struct ibmca_key *key, BIGNUM **n, BIGNUM **e);
|
|
|
|
-int ibmca_rsa_crt_with_blinding(struct ibmca_key *key, const unsigned char *in,
|
|
- unsigned char *out, size_t rsa_size);
|
|
+int ibmca_rsa_priv_with_blinding(struct ibmca_key *key, const unsigned char *in,
|
|
+ unsigned char *out, size_t rsa_size);
|
|
|
|
int ossl_bn_rsa_do_unblind(const unsigned char *intermediate,
|
|
const BIGNUM *unblind,
|
|
diff --git a/src/provider/rsa_asym_cipher.c b/src/provider/rsa_asym_cipher.c
|
|
index 43049ee..624bd60 100644
|
|
--- a/src/provider/rsa_asym_cipher.c
|
|
+++ b/src/provider/rsa_asym_cipher.c
|
|
@@ -844,7 +844,7 @@ static int ibmca_asym_cipher_rsa_decrypt(void *vctx,
|
|
}
|
|
|
|
/* Perform private key decrypt */
|
|
- rc = ibmca_rsa_crt_with_blinding(ctx->key, in, dec_data, rsa_size);
|
|
+ rc = ibmca_rsa_priv_with_blinding(ctx->key, in, dec_data, rsa_size);
|
|
if (rc != 1) {
|
|
ibmca_debug_op_ctx(ctx, "ibmca_asym_cipher_rsa_with_blinding failed");
|
|
|
|
diff --git a/src/provider/rsa_blinding.c b/src/provider/rsa_blinding.c
|
|
index fc13326..4100065 100644
|
|
--- a/src/provider/rsa_blinding.c
|
|
+++ b/src/provider/rsa_blinding.c
|
|
@@ -392,8 +392,8 @@ static int ibmca_rsa_blinding_invert(struct ibmca_key *key,
|
|
return rc;
|
|
}
|
|
|
|
-int ibmca_rsa_crt_with_blinding(struct ibmca_key *key, const unsigned char *in,
|
|
- unsigned char *out, size_t rsa_size)
|
|
+int ibmca_rsa_priv_with_blinding(struct ibmca_key *key, const unsigned char *in,
|
|
+ unsigned char *out, size_t rsa_size)
|
|
{
|
|
BN_BLINDING *blinding;
|
|
bool local_blinding = false;
|
|
@@ -404,7 +404,7 @@ int ibmca_rsa_crt_with_blinding(struct ibmca_key *key, const unsigned char *in,
|
|
|
|
ibmca_debug_key(key, "key: %p rsa_size: %lu", key, rsa_size);
|
|
|
|
- if (rsa_size != key->rsa.private.key_length) {
|
|
+ if (rsa_size != key->rsa.keylength) {
|
|
put_error_key(key, IBMCA_ERR_INTERNAL_ERROR,
|
|
"rsa_size is not modulus size");
|
|
goto out;
|
|
@@ -445,11 +445,26 @@ int ibmca_rsa_crt_with_blinding(struct ibmca_key *key, const unsigned char *in,
|
|
goto out;
|
|
}
|
|
|
|
- rc = ica_rsa_crt(key->provctx->ica_adapter, buf,
|
|
- &key->rsa.private, buf + rsa_size);
|
|
- if (rc != 0) {
|
|
- ibmca_debug_key(key, "ERROR: ica_rsa_crt failed with: %s",
|
|
- strerror(rc));
|
|
+ if (ibmca_keymgmt_rsa_priv_crt_valid(&key->rsa.private_crt)) {
|
|
+ rc = ica_rsa_crt(key->provctx->ica_adapter, buf,
|
|
+ &key->rsa.private_crt, buf + rsa_size);
|
|
+ if (rc != 0) {
|
|
+ ibmca_debug_key(key, "ERROR: ica_rsa_crt failed with: %s",
|
|
+ strerror(rc));
|
|
+ rc = 0;
|
|
+ goto out;
|
|
+ }
|
|
+ } else if (ibmca_keymgmt_rsa_priv_me_valid(&key->rsa.private_me)) {
|
|
+ rc = ica_rsa_mod_expo(key->provctx->ica_adapter, buf,
|
|
+ &key->rsa.private_me, buf + rsa_size);
|
|
+ if (rc != 0) {
|
|
+ ibmca_debug_key(key, "ERROR: ica_rsa_mod_expo failed with: %s",
|
|
+ strerror(rc));
|
|
+ rc = 0;
|
|
+ goto out;
|
|
+ }
|
|
+ } else {
|
|
+ put_error_key(key, IBMCA_ERR_INTERNAL_ERROR, "No private key");
|
|
rc = 0;
|
|
goto out;
|
|
}
|
|
diff --git a/src/provider/rsa_keymgmt.c b/src/provider/rsa_keymgmt.c
|
|
index f83d90a..526f2aa 100644
|
|
--- a/src/provider/rsa_keymgmt.c
|
|
+++ b/src/provider/rsa_keymgmt.c
|
|
@@ -241,25 +241,14 @@ static int ibmca_keymgmt_rsa_pub_key_to_data(
|
|
return 1;
|
|
}
|
|
|
|
-static int ibmca_keymgmt_rsa_priv_key_from_data(
|
|
+static int ibmca_keymgmt_rsa_priv_crt_key_from_data(
|
|
const struct ibmca_prov_ctx *provctx,
|
|
- const OSSL_PARAM params[],
|
|
- BIGNUM **d, BIGNUM **p,
|
|
+ const OSSL_PARAM params[], BIGNUM **p,
|
|
BIGNUM **q, BIGNUM **dp,
|
|
BIGNUM **dq, BIGNUM **qinv)
|
|
{
|
|
int rc;
|
|
|
|
- /* OSSL_PKEY_PARAM_RSA_D */
|
|
- *d = BN_secure_new();
|
|
- if (*d == NULL) {
|
|
- put_error_ctx(provctx, IBMCA_ERR_MALLOC_FAILED, "BN_secure_new failed");
|
|
- goto error;
|
|
- }
|
|
- rc = ibmca_param_get_bn(provctx, params, OSSL_PKEY_PARAM_RSA_D, d);
|
|
- if (rc <= 0)
|
|
- goto error;
|
|
-
|
|
/* OSSL_PKEY_PARAM_RSA_FACTOR1 */
|
|
*p = BN_secure_new();
|
|
if (*p == NULL) {
|
|
@@ -316,8 +305,6 @@ static int ibmca_keymgmt_rsa_priv_key_from_data(
|
|
return 1;
|
|
|
|
error:
|
|
- BN_clear_free(*d);
|
|
- *d = NULL;
|
|
BN_clear_free(*p);
|
|
*p = NULL;
|
|
BN_clear_free(*dp);
|
|
@@ -330,6 +317,31 @@ static int ibmca_keymgmt_rsa_priv_key_from_data(
|
|
return 0;
|
|
}
|
|
|
|
+static int ibmca_keymgmt_rsa_priv_me_key_from_data(
|
|
+ const struct ibmca_prov_ctx *provctx,
|
|
+ const OSSL_PARAM params[], BIGNUM **d)
|
|
+{
|
|
+ int rc;
|
|
+
|
|
+ /* OSSL_PKEY_PARAM_RSA_D */
|
|
+ *d = BN_secure_new();
|
|
+ if (*d == NULL) {
|
|
+ put_error_ctx(provctx, IBMCA_ERR_MALLOC_FAILED, "BN_secure_new failed");
|
|
+ goto error;
|
|
+ }
|
|
+ rc = ibmca_param_get_bn(provctx, params, OSSL_PKEY_PARAM_RSA_D, d);
|
|
+ if (rc <= 0)
|
|
+ goto error;
|
|
+
|
|
+ return 1;
|
|
+
|
|
+error:
|
|
+ BN_clear_free(*d);
|
|
+ *d = NULL;
|
|
+
|
|
+ return 0;
|
|
+}
|
|
+
|
|
static int ibmca_keymgmt_rsa_priv_key_to_data(
|
|
const struct ibmca_prov_ctx *provctx,
|
|
OSSL_PARAM_BLD *bld,
|
|
@@ -451,13 +463,14 @@ static void *ibmca_keymgmt_rsa_pss_new(void *vprovctx)
|
|
|
|
static int ibmca_keymgmt_rsa_alloc_pub(struct ibmca_key *key)
|
|
{
|
|
- key->rsa.public.key_length = (key->rsa.bits + 7) / 8;
|
|
+ key->rsa.public.key_length = key->rsa.keylength;
|
|
|
|
key->rsa.public.modulus = P_ZALLOC(key->provctx,
|
|
key->rsa.public.key_length);
|
|
key->rsa.public.exponent = P_ZALLOC(key->provctx,
|
|
key->rsa.public.key_length);
|
|
- if (key->rsa.public.modulus == NULL || key->rsa.public.exponent == NULL) {
|
|
+
|
|
+ if (!ibmca_keymgmt_rsa_pub_valid(&key->rsa.public)) {
|
|
put_error_key(key, IBMCA_ERR_MALLOC_FAILED,
|
|
"Failed to allocate libica public RSA key");
|
|
return 0;
|
|
@@ -466,24 +479,42 @@ static int ibmca_keymgmt_rsa_alloc_pub(struct ibmca_key *key)
|
|
return 1;
|
|
}
|
|
|
|
-static int ibmca_keymgmt_rsa_alloc_priv(struct ibmca_key *key)
|
|
+static int ibmca_keymgmt_rsa_alloc_priv_crt(struct ibmca_key *key)
|
|
{
|
|
- key->rsa.private.key_length = (key->rsa.bits + 7) / 8;
|
|
- key->rsa.private.p = P_SECURE_ZALLOC(key->provctx,
|
|
- ICA_P_LEN(key->rsa.private.key_length));
|
|
- key->rsa.private.q = P_SECURE_ZALLOC(key->provctx,
|
|
- ICA_Q_LEN(key->rsa.private.key_length));
|
|
- key->rsa.private.dp = P_SECURE_ZALLOC(key->provctx,
|
|
- ICA_DP_LEN(key->rsa.private.key_length));
|
|
- key->rsa.private.dq = P_SECURE_ZALLOC(key->provctx,
|
|
- ICA_DQ_LEN(key->rsa.private.key_length));
|
|
- key->rsa.private.qInverse = P_SECURE_ZALLOC(key->provctx,
|
|
- ICA_QINV_LEN(key->rsa.private.key_length));
|
|
- if (key->rsa.private.p == NULL || key->rsa.private.q == NULL ||
|
|
- key->rsa.private.dp == NULL || key->rsa.private.dq == NULL ||
|
|
- key->rsa.private.qInverse == NULL ) {
|
|
+ key->rsa.private_crt.key_length = key->rsa.keylength;
|
|
+
|
|
+ key->rsa.private_crt.p = P_SECURE_ZALLOC(key->provctx,
|
|
+ ICA_P_LEN(key->rsa.private_crt.key_length));
|
|
+ key->rsa.private_crt.q = P_SECURE_ZALLOC(key->provctx,
|
|
+ ICA_Q_LEN(key->rsa.private_crt.key_length));
|
|
+ key->rsa.private_crt.dp = P_SECURE_ZALLOC(key->provctx,
|
|
+ ICA_DP_LEN(key->rsa.private_crt.key_length));
|
|
+ key->rsa.private_crt.dq = P_SECURE_ZALLOC(key->provctx,
|
|
+ ICA_DQ_LEN(key->rsa.private_crt.key_length));
|
|
+ key->rsa.private_crt.qInverse = P_SECURE_ZALLOC(key->provctx,
|
|
+ ICA_QINV_LEN(key->rsa.private_crt.key_length));
|
|
+
|
|
+ if (!ibmca_keymgmt_rsa_priv_crt_valid(&key->rsa.private_crt)) {
|
|
put_error_key(key, IBMCA_ERR_MALLOC_FAILED,
|
|
- "Failed to allocate libica private RSA key");
|
|
+ "Failed to allocate libica private RSA CRT key");
|
|
+ return 0;
|
|
+ }
|
|
+
|
|
+ return 1;
|
|
+}
|
|
+
|
|
+static int ibmca_keymgmt_rsa_alloc_priv_me(struct ibmca_key *key)
|
|
+{
|
|
+ key->rsa.private_me.key_length = key->rsa.keylength;
|
|
+
|
|
+ key->rsa.private_me.modulus = P_ZALLOC(key->provctx,
|
|
+ key->rsa.private_me.key_length);
|
|
+ key->rsa.private_me.exponent = P_ZALLOC(key->provctx,
|
|
+ key->rsa.private_me.key_length);
|
|
+
|
|
+ if (!ibmca_keymgmt_rsa_priv_me_valid(&key->rsa.private_me)) {
|
|
+ put_error_key(key, IBMCA_ERR_MALLOC_FAILED,
|
|
+ "Failed to allocate libica private RSA ME key");
|
|
return 0;
|
|
}
|
|
|
|
@@ -503,29 +534,42 @@ static void ibmca_keymgmt_rsa_free_pub(struct ibmca_key *key)
|
|
key->rsa.public.key_length = 0;
|
|
}
|
|
|
|
-static void ibmca_keymgmt_rsa_free_priv(struct ibmca_key *key)
|
|
+static void ibmca_keymgmt_rsa_free_priv_crt(struct ibmca_key *key)
|
|
+{
|
|
+ if (key->rsa.private_crt.p != NULL)
|
|
+ P_SECURE_CLEAR_FREE(key->provctx, key->rsa.private_crt.p,
|
|
+ ICA_P_LEN(key->rsa.private_crt.key_length));
|
|
+ key->rsa.private_crt.p = NULL;
|
|
+ if (key->rsa.private_crt.q != NULL)
|
|
+ P_SECURE_CLEAR_FREE(key->provctx, key->rsa.private_crt.q,
|
|
+ ICA_Q_LEN(key->rsa.private_crt.key_length));
|
|
+ key->rsa.private_crt.q = NULL;
|
|
+ if (key->rsa.private_crt.dp != NULL)
|
|
+ P_SECURE_CLEAR_FREE(key->provctx, key->rsa.private_crt.dp,
|
|
+ ICA_DP_LEN(key->rsa.private_crt.key_length));
|
|
+ key->rsa.private_crt.dp = NULL;
|
|
+ if (key->rsa.private_crt.dq != NULL)
|
|
+ P_SECURE_CLEAR_FREE(key->provctx, key->rsa.private_crt.dq,
|
|
+ ICA_DQ_LEN(key->rsa.private_crt.key_length));
|
|
+ key->rsa.private_crt.dq = NULL;
|
|
+ if (key->rsa.private_crt.qInverse != NULL)
|
|
+ P_SECURE_CLEAR_FREE(key->provctx, key->rsa.private_crt.qInverse,
|
|
+ ICA_QINV_LEN(key->rsa.private_crt.key_length));
|
|
+ key->rsa.private_crt.qInverse = NULL;
|
|
+ key->rsa.private_crt.key_length = 0;
|
|
+}
|
|
+
|
|
+static void ibmca_keymgmt_rsa_free_priv_me(struct ibmca_key *key)
|
|
{
|
|
- if (key->rsa.private.p != NULL)
|
|
- P_SECURE_CLEAR_FREE(key->provctx, key->rsa.private.p,
|
|
- ICA_P_LEN(key->rsa.private.key_length));
|
|
- key->rsa.private.p = NULL;
|
|
- if (key->rsa.private.q != NULL)
|
|
- P_SECURE_CLEAR_FREE(key->provctx, key->rsa.private.q,
|
|
- ICA_Q_LEN(key->rsa.private.key_length));
|
|
- key->rsa.private.q = NULL;
|
|
- if (key->rsa.private.dp != NULL)
|
|
- P_SECURE_CLEAR_FREE(key->provctx, key->rsa.private.dp,
|
|
- ICA_DP_LEN(key->rsa.private.key_length));
|
|
- key->rsa.private.dp = NULL;
|
|
- if (key->rsa.private.dq != NULL)
|
|
- P_SECURE_CLEAR_FREE(key->provctx, key->rsa.private.dq,
|
|
- ICA_DQ_LEN(key->rsa.private.key_length));
|
|
- key->rsa.private.dq = NULL;
|
|
- if (key->rsa.private.qInverse != NULL)
|
|
- P_SECURE_CLEAR_FREE(key->provctx, key->rsa.private.qInverse,
|
|
- ICA_QINV_LEN(key->rsa.private.key_length));
|
|
- key->rsa.private.qInverse = NULL;
|
|
- key->rsa.private.key_length = 0;
|
|
+ if (key->rsa.private_me.modulus != NULL)
|
|
+ P_CLEAR_FREE(key->provctx, key->rsa.private_me.modulus,
|
|
+ key->rsa.private_me.key_length);
|
|
+ key->rsa.private_me.modulus = NULL;
|
|
+ if (key->rsa.private_me.exponent != NULL)
|
|
+ P_CLEAR_FREE(key->provctx, key->rsa.private_me.exponent,
|
|
+ key->rsa.private_me.key_length);
|
|
+ key->rsa.private_me.exponent = NULL;
|
|
+ key->rsa.private_me.key_length = 0;
|
|
}
|
|
|
|
static void ibmca_keymgmt_rsa_clean(struct ibmca_key *key)
|
|
@@ -535,7 +579,8 @@ static void ibmca_keymgmt_rsa_clean(struct ibmca_key *key)
|
|
|
|
ibmca_debug_key(key, "key: %p", key);
|
|
|
|
- ibmca_keymgmt_rsa_free_priv(key);
|
|
+ ibmca_keymgmt_rsa_free_priv_crt(key);
|
|
+ ibmca_keymgmt_rsa_free_priv_me(key);
|
|
ibmca_keymgmt_rsa_free_pub(key);
|
|
|
|
if (key->type == EVP_PKEY_RSA_PSS)
|
|
@@ -572,6 +617,30 @@ static void ibmca_keymgmt_rsa_free_cb(struct ibmca_key *key)
|
|
pthread_rwlock_destroy(&key->rsa.blinding_lock);
|
|
}
|
|
|
|
+bool ibmca_keymgmt_rsa_pub_valid(const ica_rsa_key_mod_expo_t *public)
|
|
+{
|
|
+ return public->key_length != 0 &&
|
|
+ public->modulus != NULL &&
|
|
+ public->exponent != NULL;
|
|
+}
|
|
+
|
|
+bool ibmca_keymgmt_rsa_priv_crt_valid(const ica_rsa_key_crt_t *private_crt)
|
|
+{
|
|
+ return private_crt->key_length != 0 &&
|
|
+ private_crt->p != NULL &&
|
|
+ private_crt->q != NULL &&
|
|
+ private_crt->dp != NULL &&
|
|
+ private_crt->dq != NULL &&
|
|
+ private_crt->qInverse != NULL;
|
|
+}
|
|
+
|
|
+bool ibmca_keymgmt_rsa_priv_me_valid(const ica_rsa_key_mod_expo_t *private_me)
|
|
+{
|
|
+ return private_me->key_length != 0 &&
|
|
+ private_me->modulus != NULL &&
|
|
+ private_me->exponent != NULL;
|
|
+}
|
|
+
|
|
static int ibmca_keymgmt_rsa_dup_pub(const struct ibmca_key *key,
|
|
struct ibmca_key *new_key)
|
|
{
|
|
@@ -583,8 +652,8 @@ static int ibmca_keymgmt_rsa_dup_pub(const struct ibmca_key *key,
|
|
new_key->rsa.public.exponent = P_MEMDUP(key->provctx,
|
|
key->rsa.public.exponent,
|
|
key->rsa.public.key_length);
|
|
- if (new_key->rsa.public.modulus == NULL ||
|
|
- new_key->rsa.public.exponent == NULL) {
|
|
+
|
|
+ if (!ibmca_keymgmt_rsa_pub_valid(&new_key->rsa.public)) {
|
|
put_error_key(key, IBMCA_ERR_MALLOC_FAILED,
|
|
"Failed to allocate libica RSA key");
|
|
return 0;
|
|
@@ -593,29 +662,46 @@ static int ibmca_keymgmt_rsa_dup_pub(const struct ibmca_key *key,
|
|
return 1;
|
|
}
|
|
|
|
-static int ibmca_keymgmt_rsa_dup_priv(const struct ibmca_key *key,
|
|
- struct ibmca_key *new_key)
|
|
+static int ibmca_keymgmt_rsa_dup_priv_crt(const struct ibmca_key *key,
|
|
+ struct ibmca_key *new_key)
|
|
{
|
|
- new_key->rsa.private.key_length = key->rsa.private.key_length;
|
|
-
|
|
- new_key->rsa.private.p = P_SECURE_MEMDUP(key->provctx, key->rsa.private.p,
|
|
- ICA_P_LEN(key->rsa.private.key_length));
|
|
- new_key->rsa.private.q = P_SECURE_MEMDUP(key->provctx, key->rsa.private.q,
|
|
- ICA_Q_LEN(key->rsa.private.key_length));
|
|
- new_key->rsa.private.dp = P_SECURE_MEMDUP(key->provctx, key->rsa.private.dp,
|
|
- ICA_DP_LEN(key->rsa.private.key_length));
|
|
- new_key->rsa.private.dq = P_SECURE_MEMDUP(key->provctx, key->rsa.private.dq,
|
|
- ICA_DQ_LEN(key->rsa.private.key_length));
|
|
- new_key->rsa.private.qInverse = P_SECURE_MEMDUP(key->provctx,
|
|
- key->rsa.private.qInverse,
|
|
+ new_key->rsa.private_crt.key_length = key->rsa.private_crt.key_length;
|
|
+
|
|
+ new_key->rsa.private_crt.p = P_SECURE_MEMDUP(key->provctx, key->rsa.private_crt.p,
|
|
+ ICA_P_LEN(key->rsa.private_crt.key_length));
|
|
+ new_key->rsa.private_crt.q = P_SECURE_MEMDUP(key->provctx, key->rsa.private_crt.q,
|
|
+ ICA_Q_LEN(key->rsa.private_crt.key_length));
|
|
+ new_key->rsa.private_crt.dp = P_SECURE_MEMDUP(key->provctx, key->rsa.private_crt.dp,
|
|
+ ICA_DP_LEN(key->rsa.private_crt.key_length));
|
|
+ new_key->rsa.private_crt.dq = P_SECURE_MEMDUP(key->provctx, key->rsa.private_crt.dq,
|
|
+ ICA_DQ_LEN(key->rsa.private_crt.key_length));
|
|
+ new_key->rsa.private_crt.qInverse = P_SECURE_MEMDUP(key->provctx,
|
|
+ key->rsa.private_crt.qInverse,
|
|
ICA_QINV_LEN(
|
|
- key->rsa.private.key_length));
|
|
+ key->rsa.private_crt.key_length));
|
|
|
|
- if (new_key->rsa.private.p == NULL ||
|
|
- new_key->rsa.private.q == NULL ||
|
|
- new_key->rsa.private.dp == NULL ||
|
|
- new_key->rsa.private.dq == NULL ||
|
|
- new_key->rsa.private.qInverse == NULL) {
|
|
+ if (!ibmca_keymgmt_rsa_priv_crt_valid(&new_key->rsa.private_crt)) {
|
|
+ put_error_key(key, IBMCA_ERR_MALLOC_FAILED,
|
|
+ "Failed to allocate libica RSA key");
|
|
+ return 0;
|
|
+ }
|
|
+
|
|
+ return 1;
|
|
+}
|
|
+
|
|
+static int ibmca_keymgmt_rsa_dup_priv_me(const struct ibmca_key *key,
|
|
+ struct ibmca_key *new_key)
|
|
+{
|
|
+ new_key->rsa.private_me.key_length = key->rsa.private_me.key_length;
|
|
+
|
|
+ new_key->rsa.private_me.modulus = P_MEMDUP(key->provctx,
|
|
+ key->rsa.private_me.modulus,
|
|
+ key->rsa.private_me.key_length);
|
|
+ new_key->rsa.private_me.exponent = P_MEMDUP(key->provctx,
|
|
+ key->rsa.private_me.exponent,
|
|
+ key->rsa.private_me.key_length);
|
|
+
|
|
+ if (!ibmca_keymgmt_rsa_priv_me_valid(&new_key->rsa.private_me)) {
|
|
put_error_key(key, IBMCA_ERR_MALLOC_FAILED,
|
|
"Failed to allocate libica RSA key");
|
|
return 0;
|
|
@@ -639,14 +725,20 @@ static int ibmca_keymgmt_rsa_dup_cb(const struct ibmca_key *key,
|
|
}
|
|
|
|
new_key->rsa.bits = key->rsa.bits;
|
|
+ new_key->rsa.keylength = key->rsa.keylength;
|
|
|
|
- if (key->rsa.public.key_length != 0) {
|
|
+ if (ibmca_keymgmt_rsa_pub_valid(&key->rsa.public)) {
|
|
if (ibmca_keymgmt_rsa_dup_pub(key, new_key) == 0)
|
|
return 0;
|
|
}
|
|
|
|
- if (key->rsa.private.key_length != 0) {
|
|
- if (ibmca_keymgmt_rsa_dup_priv(key, new_key) == 0)
|
|
+ if (ibmca_keymgmt_rsa_priv_crt_valid(&key->rsa.private_crt)) {
|
|
+ if (ibmca_keymgmt_rsa_dup_priv_crt(key, new_key) == 0)
|
|
+ return 0;
|
|
+ }
|
|
+
|
|
+ if (ibmca_keymgmt_rsa_priv_me_valid(&key->rsa.private_me)) {
|
|
+ if (ibmca_keymgmt_rsa_dup_priv_me(key, new_key) == 0)
|
|
return 0;
|
|
}
|
|
|
|
@@ -667,21 +759,56 @@ static int ibmca_keymgmt_rsa_has(const void *vkey, int selection)
|
|
ibmca_debug_key(key, "key: %p selection: 0x%x", key, selection);
|
|
|
|
if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0)
|
|
- ok = ok && (key->rsa.public.key_length != 0 &&
|
|
- key->rsa.public.modulus != NULL &&
|
|
- key->rsa.public.exponent != NULL);
|
|
+ ok = ok && ibmca_keymgmt_rsa_pub_valid(&key->rsa.public);
|
|
if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0)
|
|
- ok = ok && (key->rsa.private.key_length != 0 &&
|
|
- key->rsa.private.p != NULL &&
|
|
- key->rsa.private.q != NULL &&
|
|
- key->rsa.private.dp != NULL &&
|
|
- key->rsa.private.dq != NULL &&
|
|
- key->rsa.private.qInverse != NULL);
|
|
+ ok = ok && (ibmca_keymgmt_rsa_priv_crt_valid(&key->rsa.private_crt) ||
|
|
+ ibmca_keymgmt_rsa_priv_me_valid(&key->rsa.private_me));
|
|
|
|
ibmca_debug_key(key, "ok: %d", ok);
|
|
return ok;
|
|
}
|
|
|
|
+static bool ibmca_keymgmt_rsa_pub_equal(const ica_rsa_key_mod_expo_t *public1,
|
|
+ const ica_rsa_key_mod_expo_t *public2)
|
|
+{
|
|
+ return public1->key_length > 0 &&
|
|
+ public1->key_length == public2-> key_length &&
|
|
+ memcmp(public1->exponent, public2->exponent,
|
|
+ public1->key_length) == 0 &&
|
|
+ memcmp(public1->modulus, public2->modulus,
|
|
+ public1->key_length) == 0;
|
|
+}
|
|
+
|
|
+static bool ibmca_keymgmt_rsa_priv_crt_equal(
|
|
+ const ica_rsa_key_crt_t *private_crt1,
|
|
+ const ica_rsa_key_crt_t *private_crt2)
|
|
+{
|
|
+ return private_crt1->key_length > 0 &&
|
|
+ private_crt1->key_length == private_crt2->key_length &&
|
|
+ CRYPTO_memcmp(private_crt1->p, private_crt2->p,
|
|
+ ICA_P_LEN(private_crt1->key_length)) == 0 &&
|
|
+ CRYPTO_memcmp(private_crt1->q, private_crt2->q,
|
|
+ ICA_Q_LEN(private_crt1->key_length)) == 0 &&
|
|
+ CRYPTO_memcmp(private_crt1->dp, private_crt2->dp,
|
|
+ ICA_DP_LEN(private_crt1->key_length)) == 0 &&
|
|
+ CRYPTO_memcmp(private_crt1->dq, private_crt2->dq,
|
|
+ ICA_DQ_LEN(private_crt1->key_length)) == 0 &&
|
|
+ CRYPTO_memcmp(private_crt1->qInverse, private_crt2->qInverse,
|
|
+ ICA_QINV_LEN(private_crt1->key_length)) == 0;
|
|
+}
|
|
+
|
|
+static bool ibmca_keymgmt_rsa_priv_me_equal(
|
|
+ const ica_rsa_key_mod_expo_t *private_me1,
|
|
+ const ica_rsa_key_mod_expo_t *private_me2)
|
|
+{
|
|
+ return private_me1->key_length > 0 &&
|
|
+ private_me1->key_length == private_me2-> key_length &&
|
|
+ CRYPTO_memcmp(private_me1->exponent, private_me2->exponent,
|
|
+ private_me2->key_length) == 0 &&
|
|
+ CRYPTO_memcmp(private_me1->modulus, private_me2->modulus,
|
|
+ private_me1->key_length) == 0;
|
|
+}
|
|
+
|
|
static int ibmca_keymgmt_rsa_match(const void *vkey1, const void *vkey2,
|
|
int selection)
|
|
{
|
|
@@ -699,35 +826,16 @@ static int ibmca_keymgmt_rsa_match(const void *vkey1, const void *vkey2,
|
|
return 0;
|
|
|
|
if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) {
|
|
- ok = ok && (key1->rsa.public.key_length ==
|
|
- key2->rsa.public.key_length &&
|
|
- memcmp(key1->rsa.public.exponent,
|
|
- key2->rsa.public.exponent,
|
|
- key1->rsa.public.key_length) == 0 &&
|
|
- memcmp(key1->rsa.public.modulus,
|
|
- key2->rsa.public.modulus,
|
|
- key1->rsa.public.key_length) == 0);
|
|
+ ok = ok && ibmca_keymgmt_rsa_pub_equal(&key1->rsa.public,
|
|
+ &key2->rsa.public);
|
|
checked = 1;
|
|
}
|
|
|
|
if (!checked && (selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0)
|
|
- ok = ok && (key1->rsa.private.key_length ==
|
|
- key2->rsa.private.key_length &&
|
|
- CRYPTO_memcmp(key1->rsa.private.p,
|
|
- key2->rsa.private.p,
|
|
- ICA_P_LEN(key1->rsa.private.key_length)) == 0 &&
|
|
- CRYPTO_memcmp(key1->rsa.private.q,
|
|
- key2->rsa.private.q,
|
|
- ICA_Q_LEN(key1->rsa.private.key_length)) == 0 &&
|
|
- CRYPTO_memcmp(key1->rsa.private.dp,
|
|
- key2->rsa.private.dp,
|
|
- ICA_DP_LEN(key1->rsa.private.key_length)) == 0 &&
|
|
- CRYPTO_memcmp(key1->rsa.private.dq,
|
|
- key2->rsa.private.dq,
|
|
- ICA_DQ_LEN(key1->rsa.private.key_length)) == 0 &&
|
|
- CRYPTO_memcmp(key1->rsa.private.qInverse,
|
|
- key2->rsa.private.qInverse,
|
|
- ICA_QINV_LEN(key1->rsa.private.key_length)) == 0);
|
|
+ ok = ok && (ibmca_keymgmt_rsa_priv_crt_equal(&key1->rsa.private_crt,
|
|
+ &key2->rsa.private_crt) ||
|
|
+ ibmca_keymgmt_rsa_priv_me_equal(&key1->rsa.private_me,
|
|
+ &key2->rsa.private_me));
|
|
|
|
ibmca_debug_key(key1, "ok: %d", ok);
|
|
return ok;
|
|
@@ -922,7 +1030,7 @@ static int ibmca_keymgmt_rsa_gen_set_template(void *vgenctx, void *vtempl)
|
|
ibmca_keymgmt_rsa_gen_free_cb(genctx);
|
|
|
|
genctx->rsa.gen.bits = templ->rsa.bits;
|
|
- if (templ->rsa.public.exponent != NULL) {
|
|
+ if (ibmca_keymgmt_rsa_pub_valid(&templ->rsa.public)) {
|
|
genctx->rsa.gen.pub_exp = BN_bin2bn(templ->rsa.public.exponent,
|
|
templ->rsa.public.key_length,
|
|
NULL);
|
|
@@ -1153,6 +1261,7 @@ static void *ibmca_keymgmt_rsa_gen(void *vgenctx, OSSL_CALLBACK *osslcb,
|
|
}
|
|
|
|
key->rsa.bits = genctx->rsa.gen.bits;
|
|
+ key->rsa.keylength = (key->rsa.bits + 7) / 8;
|
|
ibmca_debug_op_ctx(genctx, "bits: %lu", key->rsa.bits);
|
|
|
|
if (ibmca_keymgmt_rsa_alloc_pub(key) == 0) {
|
|
@@ -1160,7 +1269,7 @@ static void *ibmca_keymgmt_rsa_gen(void *vgenctx, OSSL_CALLBACK *osslcb,
|
|
return NULL;
|
|
}
|
|
|
|
- if (ibmca_keymgmt_rsa_alloc_priv(key) == 0) {
|
|
+ if (ibmca_keymgmt_rsa_alloc_priv_crt(key) == 0) {
|
|
ibmca_keymgmt_free(key);
|
|
return NULL;
|
|
}
|
|
@@ -1189,7 +1298,7 @@ static void *ibmca_keymgmt_rsa_gen(void *vgenctx, OSSL_CALLBACK *osslcb,
|
|
}
|
|
|
|
rc = ica_rsa_key_generate_crt(genctx->provctx->ica_adapter, key->rsa.bits,
|
|
- &key->rsa.public, &key->rsa.private);
|
|
+ &key->rsa.public, &key->rsa.private_crt);
|
|
if (rc != 0) {
|
|
ibmca_debug_op_ctx(genctx, "ica_rsa_key_generate_crt failed with: %s",
|
|
strerror(rc));
|
|
@@ -1204,7 +1313,7 @@ static void *ibmca_keymgmt_rsa_gen(void *vgenctx, OSSL_CALLBACK *osslcb,
|
|
}
|
|
|
|
/* If p < q, swap and recalculate now */
|
|
- rc = ica_rsa_crt_key_check(&key->rsa.private);
|
|
+ rc = ica_rsa_crt_key_check(&key->rsa.private_crt);
|
|
if (rc > 1) {
|
|
put_error_op_ctx(genctx, IBMCA_ERR_INTERNAL_ERROR,
|
|
"ica_rsa_crt_key_check failed");
|
|
@@ -1256,7 +1365,7 @@ static int ibmca_keymgmt_rsa_security_bits(size_t bits)
|
|
|
|
int ibmca_keymgmt_rsa_pub_as_bn(struct ibmca_key *key, BIGNUM **n, BIGNUM **e)
|
|
{
|
|
- if (key->rsa.public.modulus == NULL || key->rsa.public.exponent == NULL)
|
|
+ if (!ibmca_keymgmt_rsa_pub_valid(&key->rsa.public))
|
|
return 0;
|
|
|
|
*n = BN_bin2bn(key->rsa.public.modulus, key->rsa.public.key_length, NULL);
|
|
@@ -1277,14 +1386,11 @@ int ibmca_keymgmt_rsa_pub_as_bn(struct ibmca_key *key, BIGNUM **n, BIGNUM **e)
|
|
return 0;
|
|
}
|
|
|
|
-
|
|
-static int ibmca_keymgmt_rsa_priv_as_bn(struct ibmca_key *key, BIGNUM **p,
|
|
- BIGNUM **q, BIGNUM **dp, BIGNUM **dq,
|
|
- BIGNUM **qinv)
|
|
+static int ibmca_keymgmt_rsa_priv_crt_as_bn(struct ibmca_key *key, BIGNUM **p,
|
|
+ BIGNUM **q, BIGNUM **dp,
|
|
+ BIGNUM **dq, BIGNUM **qinv)
|
|
{
|
|
- if (key->rsa.private.p == NULL || key->rsa.private.q == NULL ||
|
|
- key->rsa.private.dp == NULL || key->rsa.private.dq == NULL ||
|
|
- key->rsa.private.qInverse == NULL)
|
|
+ if (!ibmca_keymgmt_rsa_priv_crt_valid(&key->rsa.private_crt))
|
|
return 0;
|
|
|
|
*p = BN_secure_new();
|
|
@@ -1298,17 +1404,17 @@ static int ibmca_keymgmt_rsa_priv_as_bn(struct ibmca_key *key, BIGNUM **p,
|
|
goto error;
|
|
}
|
|
|
|
- *p = BN_bin2bn(key->rsa.private.p,
|
|
- ICA_P_LEN(key->rsa.private.key_length), *p);
|
|
- *q = BN_bin2bn(key->rsa.private.q,
|
|
- ICA_Q_LEN(key->rsa.private.key_length), *q);
|
|
- *dp = BN_bin2bn(key->rsa.private.dp,
|
|
- ICA_DP_LEN(key->rsa.private.key_length),
|
|
+ *p = BN_bin2bn(key->rsa.private_crt.p,
|
|
+ ICA_P_LEN(key->rsa.private_crt.key_length), *p);
|
|
+ *q = BN_bin2bn(key->rsa.private_crt.q,
|
|
+ ICA_Q_LEN(key->rsa.private_crt.key_length), *q);
|
|
+ *dp = BN_bin2bn(key->rsa.private_crt.dp,
|
|
+ ICA_DP_LEN(key->rsa.private_crt.key_length),
|
|
*dp);
|
|
- *dq = BN_bin2bn(key->rsa.private.dq,
|
|
- ICA_DQ_LEN(key->rsa.private.key_length), *dq);
|
|
- *qinv = BN_bin2bn(key->rsa.private.qInverse,
|
|
- ICA_QINV_LEN(key->rsa.private.key_length), *qinv);
|
|
+ *dq = BN_bin2bn(key->rsa.private_crt.dq,
|
|
+ ICA_DQ_LEN(key->rsa.private_crt.key_length), *dq);
|
|
+ *qinv = BN_bin2bn(key->rsa.private_crt.qInverse,
|
|
+ ICA_QINV_LEN(key->rsa.private_crt.key_length), *qinv);
|
|
if (*p == NULL || *q == NULL || *dp == NULL ||
|
|
*dq == NULL || *qinv == NULL) {
|
|
put_error_key(key, IBMCA_ERR_INTERNAL_ERROR, "BN_bin2bn failed");
|
|
@@ -1332,6 +1438,33 @@ static int ibmca_keymgmt_rsa_priv_as_bn(struct ibmca_key *key, BIGNUM **p,
|
|
return 0;
|
|
}
|
|
|
|
+int ibmca_keymgmt_rsa_priv_me_as_bn(struct ibmca_key *key, BIGNUM **d)
|
|
+{
|
|
+ if (!ibmca_keymgmt_rsa_priv_me_valid(&key->rsa.private_me))
|
|
+ return 0;
|
|
+
|
|
+ *d = BN_secure_new();
|
|
+ if (*d == NULL) {
|
|
+ put_error_key(key, IBMCA_ERR_MALLOC_FAILED, "BN_secure_new failed");
|
|
+ goto error;
|
|
+ }
|
|
+
|
|
+ *d = BN_bin2bn(key->rsa.private_me.exponent, key->rsa.private_me.key_length,
|
|
+ *d);
|
|
+ if (*d == NULL) {
|
|
+ put_error_key(key, IBMCA_ERR_INTERNAL_ERROR, "BN_bin2bn failed");
|
|
+ goto error;
|
|
+ }
|
|
+
|
|
+ return 1;
|
|
+
|
|
+error:
|
|
+ BN_clear_free(*d);
|
|
+ *d = NULL;
|
|
+
|
|
+ return 0;
|
|
+}
|
|
+
|
|
static int ibmca_keymgmt_rsa_calc_priv_d(struct ibmca_key *key, BIGNUM *n,
|
|
BIGNUM *e, BIGNUM *p, BIGNUM *q,
|
|
BIGNUM **d)
|
|
@@ -1379,8 +1512,9 @@ static int ibmca_keymgmt_rsa_get_params(void *vkey, OSSL_PARAM params[])
|
|
for (parm = params; parm != NULL && parm->key != NULL; parm++)
|
|
ibmca_debug_key(key, "param: %s", parm->key);
|
|
|
|
- empty = (key->rsa.public.key_length == 0 ||
|
|
- key->rsa.private.key_length == 0);
|
|
+ empty = (!ibmca_keymgmt_rsa_pub_valid(&key->rsa.public) ||
|
|
+ (!ibmca_keymgmt_rsa_priv_crt_valid(&key->rsa.private_crt) &&
|
|
+ !ibmca_keymgmt_rsa_priv_me_valid(&key->rsa.private_me)));
|
|
|
|
if (!empty) {
|
|
/* OSSL_PKEY_PARAM_BITS */
|
|
@@ -1439,16 +1573,30 @@ static int ibmca_keymgmt_rsa_get_params(void *vkey, OSSL_PARAM params[])
|
|
}
|
|
|
|
/* Private key parts */
|
|
- rc = ibmca_keymgmt_rsa_priv_as_bn(key, &p, &q, &dp, &dq, &qinv);
|
|
+ rc = ibmca_keymgmt_rsa_priv_crt_as_bn(key, &p, &q, &dp, &dq, &qinv);
|
|
if (rc == 1) {
|
|
- rc = ibmca_keymgmt_rsa_calc_priv_d(key, n, e, p, q, &d);
|
|
- if (rc == 0)
|
|
- goto out;
|
|
+ /* CRT format */
|
|
+ rc = ibmca_keymgmt_rsa_priv_me_as_bn(key, &d);
|
|
+ if (rc == 0) {
|
|
+ rc = ibmca_keymgmt_rsa_calc_priv_d(key, n, e, p, q, &d);
|
|
+ if (rc == 0)
|
|
+ goto out;
|
|
+ }
|
|
|
|
rc = ibmca_keymgmt_rsa_priv_key_to_data(key->provctx, NULL, params, d,
|
|
p, q, dp, dq, qinv);
|
|
if (rc == 0)
|
|
goto out;
|
|
+ } else {
|
|
+ rc = ibmca_keymgmt_rsa_priv_me_as_bn(key, &d);
|
|
+ if (rc == 1) {
|
|
+ /* ME format */
|
|
+ rc = ibmca_keymgmt_rsa_priv_key_to_data(key->provctx, NULL, params,
|
|
+ d, NULL, NULL, NULL, NULL,
|
|
+ NULL);
|
|
+ if (rc == 0)
|
|
+ goto out;
|
|
+ }
|
|
}
|
|
|
|
/* Return RSA-PSS parameters only for restricted RSA-PSS keys */
|
|
@@ -1684,16 +1832,30 @@ int ibmca_keymgmt_rsa_export(void *vkey, int selection,
|
|
|
|
if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) {
|
|
/* Private key parts */
|
|
- rc = ibmca_keymgmt_rsa_priv_as_bn(key, &p, &q, &dp, &dq, &qinv);
|
|
+ rc = ibmca_keymgmt_rsa_priv_crt_as_bn(key, &p, &q, &dp, &dq, &qinv);
|
|
if (rc == 1) {
|
|
- rc = ibmca_keymgmt_rsa_calc_priv_d(key, n, e, p, q, &d);
|
|
- if (rc == 0)
|
|
- goto error;
|
|
+ /* CRT format */
|
|
+ rc = ibmca_keymgmt_rsa_priv_me_as_bn(key, &d);
|
|
+ if (rc == 0) {
|
|
+ rc = ibmca_keymgmt_rsa_calc_priv_d(key, n, e, p, q, &d);
|
|
+ if (rc == 0)
|
|
+ goto error;
|
|
+ }
|
|
|
|
rc = ibmca_keymgmt_rsa_priv_key_to_data(key->provctx, bld, NULL, d,
|
|
p, q, dp, dq, qinv);
|
|
if (rc == 0)
|
|
goto error;
|
|
+ } else {
|
|
+ rc = ibmca_keymgmt_rsa_priv_me_as_bn(key, &d);
|
|
+ if (rc == 1) {
|
|
+ /* ME format */
|
|
+ rc = ibmca_keymgmt_rsa_priv_key_to_data(key->provctx, bld, NULL,
|
|
+ d, NULL, NULL, NULL,
|
|
+ NULL, NULL);
|
|
+ if (rc == 0)
|
|
+ goto error;
|
|
+ }
|
|
}
|
|
}
|
|
|
|
@@ -1773,6 +1935,7 @@ int ibmca_keymgmt_rsa_import(void *vkey, int selection,
|
|
return 0;
|
|
|
|
key->rsa.bits = BN_num_bits(n);
|
|
+ key->rsa.keylength = (key->rsa.bits + 7) / 8;
|
|
ibmca_debug_key(key, "key: %p bits: %u", key, key->rsa.bits);
|
|
|
|
if (ibmca_keymgmt_rsa_alloc_pub(key) == 0)
|
|
@@ -1794,52 +1957,73 @@ int ibmca_keymgmt_rsa_import(void *vkey, int selection,
|
|
|
|
if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) {
|
|
/* Import private key parts */
|
|
- if (ibmca_keymgmt_rsa_alloc_priv(key) == 0)
|
|
- goto out;
|
|
-
|
|
- rc = ibmca_keymgmt_rsa_priv_key_from_data(key->provctx, params, &d,
|
|
- &p, &q, &dp, &dq, &qinv);
|
|
- if (rc == 0)
|
|
- goto out;
|
|
-
|
|
- if (BN_bn2binpad(p, key->rsa.private.p,
|
|
- ICA_P_LEN(key->rsa.private.key_length)) <= 0) {
|
|
- put_error_key(key, IBMCA_ERR_INTERNAL_ERROR,
|
|
- "BN_bn2binpad failed for private p");
|
|
- goto out;
|
|
- }
|
|
- if (BN_bn2binpad(q, key->rsa.private.q,
|
|
- ICA_Q_LEN(key->rsa.private.key_length)) <= 0) {
|
|
- put_error_key(key, IBMCA_ERR_INTERNAL_ERROR,
|
|
- "BN_bn2binpad failed for private q");
|
|
- goto out;
|
|
- }
|
|
- if (BN_bn2binpad(dp, key->rsa.private.dp,
|
|
- ICA_DP_LEN(key->rsa.private.key_length)) <= 0) {
|
|
- put_error_key(key, IBMCA_ERR_INTERNAL_ERROR,
|
|
- "BN_bn2binpad failed for private dp");
|
|
- goto out;
|
|
- }
|
|
- if (BN_bn2binpad(dq, key->rsa.private.dq,
|
|
- ICA_DQ_LEN(key->rsa.private.key_length)) <= 0) {
|
|
- put_error_key(key, IBMCA_ERR_INTERNAL_ERROR,
|
|
- "BN_bn2binpad failed for private dq");
|
|
- goto out;
|
|
- }
|
|
- if (BN_bn2binpad(qinv, key->rsa.private.qInverse,
|
|
- ICA_QINV_LEN(key->rsa.private.key_length)) <= 0) {
|
|
- put_error_key(key, IBMCA_ERR_INTERNAL_ERROR,
|
|
- "BN_bn2binpad failed for private qinv");
|
|
- goto out;
|
|
+ rc = ibmca_keymgmt_rsa_priv_crt_key_from_data(key->provctx, params,
|
|
+ &p, &q, &dp, &dq, &qinv);
|
|
+ if (rc == 1) {
|
|
+ /* CRT components */
|
|
+ if (ibmca_keymgmt_rsa_alloc_priv_crt(key) == 0)
|
|
+ goto out;
|
|
+
|
|
+ if (BN_bn2binpad(p, key->rsa.private_crt.p,
|
|
+ ICA_P_LEN(key->rsa.private_crt.key_length)) <= 0) {
|
|
+ put_error_key(key, IBMCA_ERR_INTERNAL_ERROR,
|
|
+ "BN_bn2binpad failed for private p");
|
|
+ goto out;
|
|
+ }
|
|
+ if (BN_bn2binpad(q, key->rsa.private_crt.q,
|
|
+ ICA_Q_LEN(key->rsa.private_crt.key_length)) <= 0) {
|
|
+ put_error_key(key, IBMCA_ERR_INTERNAL_ERROR,
|
|
+ "BN_bn2binpad failed for private q");
|
|
+ goto out;
|
|
+ }
|
|
+ if (BN_bn2binpad(dp, key->rsa.private_crt.dp,
|
|
+ ICA_DP_LEN(key->rsa.private_crt.key_length)) <= 0) {
|
|
+ put_error_key(key, IBMCA_ERR_INTERNAL_ERROR,
|
|
+ "BN_bn2binpad failed for private dp");
|
|
+ goto out;
|
|
+ }
|
|
+ if (BN_bn2binpad(dq, key->rsa.private_crt.dq,
|
|
+ ICA_DQ_LEN(key->rsa.private_crt.key_length)) <= 0) {
|
|
+ put_error_key(key, IBMCA_ERR_INTERNAL_ERROR,
|
|
+ "BN_bn2binpad failed for private dq");
|
|
+ goto out;
|
|
+ }
|
|
+ if (BN_bn2binpad(qinv, key->rsa.private_crt.qInverse,
|
|
+ ICA_QINV_LEN(key->rsa.private_crt.key_length)) <= 0) {
|
|
+ put_error_key(key, IBMCA_ERR_INTERNAL_ERROR,
|
|
+ "BN_bn2binpad failed for private qinv");
|
|
+ goto out;
|
|
+ }
|
|
+
|
|
+ /* If p < q, swap and recalculate now */
|
|
+ rc = ica_rsa_crt_key_check(&key->rsa.private_crt);
|
|
+ if (rc > 1) {
|
|
+ rc = 0;
|
|
+ put_error_key(key, IBMCA_ERR_INTERNAL_ERROR,
|
|
+ "ica_rsa_crt_key_check failed");
|
|
+ goto out;
|
|
+ }
|
|
}
|
|
|
|
- /* If p < q, swap and recalculate now */
|
|
- rc = ica_rsa_crt_key_check(&key->rsa.private);
|
|
- if (rc > 1) {
|
|
- rc = 0;
|
|
- put_error_key(key, IBMCA_ERR_INTERNAL_ERROR,
|
|
- "ica_rsa_crt_key_check failed");
|
|
- goto out;
|
|
+ rc = ibmca_keymgmt_rsa_priv_me_key_from_data(key->provctx, params, &d);
|
|
+ if (rc == 1) {
|
|
+ /* ME components */
|
|
+ if (ibmca_keymgmt_rsa_alloc_priv_me(key) == 0)
|
|
+ goto out;
|
|
+
|
|
+ if (BN_bn2binpad(n, key->rsa.private_me.modulus,
|
|
+ key->rsa.private_me.key_length) <= 0) {
|
|
+ put_error_key(key, IBMCA_ERR_INTERNAL_ERROR,
|
|
+ "BN_bn2binpad failed for modulus");
|
|
+ goto out;
|
|
+ }
|
|
+
|
|
+ if (BN_bn2binpad(d, key->rsa.private_me.exponent,
|
|
+ key->rsa.private_me.key_length) <= 0) {
|
|
+ put_error_key(key, IBMCA_ERR_INTERNAL_ERROR,
|
|
+ "BN_bn2binpad failed for private d");
|
|
+ goto out;
|
|
+ }
|
|
}
|
|
}
|
|
|
|
@@ -1902,19 +2086,22 @@ int ibmca_keymgmt_rsa_derive_kdk(struct ibmca_key *key,
|
|
return 0;
|
|
}
|
|
|
|
- rc = ibmca_keymgmt_rsa_priv_as_bn(key, &p, &q, &dp, &dq, &qinv);
|
|
- if (rc == 0)
|
|
- goto out;
|
|
+ rc = ibmca_keymgmt_rsa_priv_me_as_bn(key, &d);
|
|
+ if (rc == 0) {
|
|
+ rc = ibmca_keymgmt_rsa_priv_crt_as_bn(key, &p, &q, &dp, &dq, &qinv);
|
|
+ if (rc == 0)
|
|
+ goto out;
|
|
|
|
- rc = ibmca_keymgmt_rsa_pub_as_bn(key, &n, &e);
|
|
- if (rc == 0)
|
|
- goto out;
|
|
+ rc = ibmca_keymgmt_rsa_pub_as_bn(key, &n, &e);
|
|
+ if (rc == 0)
|
|
+ goto out;
|
|
|
|
- rc = ibmca_keymgmt_rsa_calc_priv_d(key, n, e, p, q, &d);
|
|
- if (rc == 0)
|
|
- goto out;
|
|
+ rc = ibmca_keymgmt_rsa_calc_priv_d(key, n, e, p, q, &d);
|
|
+ if (rc == 0)
|
|
+ goto out;
|
|
+ }
|
|
|
|
- buf = P_SECURE_ZALLOC(key->provctx, key->rsa.private.key_length);
|
|
+ buf = P_SECURE_ZALLOC(key->provctx, key->rsa.keylength);
|
|
if (buf == NULL) {
|
|
put_error_key(key, IBMCA_ERR_MALLOC_FAILED,
|
|
"Failed to allocate buffer for private key");
|
|
@@ -1922,7 +2109,7 @@ int ibmca_keymgmt_rsa_derive_kdk(struct ibmca_key *key,
|
|
}
|
|
|
|
BN_set_flags(d, BN_FLG_CONSTTIME);
|
|
- if (BN_bn2binpad(d, buf, key->rsa.private.key_length) < 0) {
|
|
+ if (BN_bn2binpad(d, buf, key->rsa.keylength) < 0) {
|
|
put_error_key(key, IBMCA_ERR_INTERNAL_ERROR,
|
|
"BN_bn2binpad failed");
|
|
goto out;
|
|
@@ -1942,8 +2129,7 @@ int ibmca_keymgmt_rsa_derive_kdk(struct ibmca_key *key,
|
|
goto out;
|
|
}
|
|
|
|
- if (EVP_Digest(buf, key->rsa.private.key_length, d_hash, NULL, md, NULL)
|
|
- <= 0) {
|
|
+ if (EVP_Digest(buf, key->rsa.keylength, d_hash, NULL, md, NULL) <= 0) {
|
|
put_error_key(key, IBMCA_ERR_INTERNAL_ERROR, "EVP_Digest failed");
|
|
goto out;
|
|
}
|
|
@@ -1971,10 +2157,9 @@ int ibmca_keymgmt_rsa_derive_kdk(struct ibmca_key *key,
|
|
goto out;
|
|
}
|
|
|
|
- if (inlen < key->rsa.private.key_length) {
|
|
- memset(buf, 0, key->rsa.private.key_length - inlen);
|
|
- if (EVP_MAC_update(ctx, buf, key->rsa.private.key_length - inlen)
|
|
- != 1) {
|
|
+ if (inlen < key->rsa.keylength) {
|
|
+ memset(buf, 0, key->rsa.keylength - inlen);
|
|
+ if (EVP_MAC_update(ctx, buf, key->rsa.keylength - inlen) != 1) {
|
|
put_error_key(key, IBMCA_ERR_INTERNAL_ERROR,
|
|
"EVP_MAC_update failed");
|
|
goto out;
|
|
@@ -2003,7 +2188,7 @@ int ibmca_keymgmt_rsa_derive_kdk(struct ibmca_key *key,
|
|
BN_free(dq);
|
|
BN_free(qinv);
|
|
if (buf != NULL)
|
|
- P_SECURE_CLEAR_FREE(key->provctx, buf, key->rsa.private.key_length);
|
|
+ P_SECURE_CLEAR_FREE(key->provctx, buf, key->rsa.keylength);
|
|
EVP_MAC_free(hmac);
|
|
EVP_MAC_CTX_free(ctx);
|
|
EVP_MD_free(md);
|
|
diff --git a/src/provider/rsa_signature.c b/src/provider/rsa_signature.c
|
|
index cfc10a1..f7a0a91 100644
|
|
--- a/src/provider/rsa_signature.c
|
|
+++ b/src/provider/rsa_signature.c
|
|
@@ -719,7 +719,7 @@ static int ibmca_signature_rsa_sign(void *vctx,
|
|
goto out;
|
|
|
|
/* Perform private key encrypt */
|
|
- rc = ibmca_rsa_crt_with_blinding(ctx->key, enc_data, sig, rsa_size);
|
|
+ rc = ibmca_rsa_priv_with_blinding(ctx->key, enc_data, sig, rsa_size);
|
|
if (rc != 1) {
|
|
ibmca_debug_op_ctx(ctx, "ibmca_asym_cipher_rsa_with_blinding failed");
|
|
|
|
From 67efa9ad713e8283cb20111a15629f15a8ea8c86 Mon Sep 17 00:00:00 2001
|
|
From: Ingo Franzki <ifranzki@linux.ibm.com>
|
|
Date: Tue, 25 Jul 2023 14:52:49 +0200
|
|
Subject: [PATCH] provider: RSA: Fix get_params to retrieve max-size, bits, and
|
|
security-bits
|
|
|
|
The RSA key management's get_params() function should be able to return the
|
|
values for max-size, bits, and security-bits if at least the public key is
|
|
available.
|
|
|
|
The detection whether the key is 'empty', i.e. has neither the public nor the
|
|
private key components was wrong. This leads to the fact that those parameters
|
|
were not returned when only the public key was available.
|
|
|
|
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
|
|
---
|
|
src/provider/rsa_keymgmt.c | 6 +++---
|
|
1 file changed, 3 insertions(+), 3 deletions(-)
|
|
|
|
diff --git a/src/provider/rsa_keymgmt.c b/src/provider/rsa_keymgmt.c
|
|
index 526f2aa..ce49c88 100644
|
|
--- a/src/provider/rsa_keymgmt.c
|
|
+++ b/src/provider/rsa_keymgmt.c
|
|
@@ -1512,9 +1512,9 @@ static int ibmca_keymgmt_rsa_get_params(void *vkey, OSSL_PARAM params[])
|
|
for (parm = params; parm != NULL && parm->key != NULL; parm++)
|
|
ibmca_debug_key(key, "param: %s", parm->key);
|
|
|
|
- empty = (!ibmca_keymgmt_rsa_pub_valid(&key->rsa.public) ||
|
|
- (!ibmca_keymgmt_rsa_priv_crt_valid(&key->rsa.private_crt) &&
|
|
- !ibmca_keymgmt_rsa_priv_me_valid(&key->rsa.private_me)));
|
|
+ empty = (!ibmca_keymgmt_rsa_pub_valid(&key->rsa.public) &&
|
|
+ !ibmca_keymgmt_rsa_priv_crt_valid(&key->rsa.private_crt) &&
|
|
+ !ibmca_keymgmt_rsa_priv_me_valid(&key->rsa.private_me));
|
|
|
|
if (!empty) {
|
|
/* OSSL_PKEY_PARAM_BITS */
|