aboutsummaryrefslogtreecommitdiffstats
path: root/src/engine/openssl
diff options
context:
space:
mode:
authorlloyd <[email protected]>2010-03-05 21:03:31 +0000
committerlloyd <[email protected]>2010-03-05 21:03:31 +0000
commit6b39750947767194af6503a79fe699527e499796 (patch)
tree5bbffc2a7d459ca016a6e7ba726a893cfd0db5ab /src/engine/openssl
parenta1edf776a21ceb55f783d8ef3da255b2d083259c (diff)
Update OpenSSL engine for new interface. Similiar to GMP engine, drop
support for ElGamal and NR, leaving only RSA, DSA, and DH support.
Diffstat (limited to 'src/engine/openssl')
-rw-r--r--src/engine/openssl/bn_wrap.h3
-rw-r--r--src/engine/openssl/info.txt6
-rw-r--r--src/engine/openssl/openssl_engine.h26
-rw-r--r--src/engine/openssl/openssl_pk.cpp345
-rw-r--r--src/engine/openssl/ossl_dh.cpp60
-rw-r--r--src/engine/openssl/ossl_dsa.cpp126
-rw-r--r--src/engine/openssl/ossl_elg.cpp95
-rw-r--r--src/engine/openssl/ossl_if.cpp85
-rw-r--r--src/engine/openssl/ossl_nr.cpp113
9 files changed, 356 insertions, 503 deletions
diff --git a/src/engine/openssl/bn_wrap.h b/src/engine/openssl/bn_wrap.h
index 0307189a9..02a229fdd 100644
--- a/src/engine/openssl/bn_wrap.h
+++ b/src/engine/openssl/bn_wrap.h
@@ -25,6 +25,9 @@ class OSSL_BN
void encode(byte[], u32bit) const;
u32bit bytes() const;
+ SecureVector<byte> to_bytes() const
+ { return BigInt::encode(to_bigint()); }
+
OSSL_BN& operator=(const OSSL_BN&);
OSSL_BN(const OSSL_BN&);
diff --git a/src/engine/openssl/info.txt b/src/engine/openssl/info.txt
index c65f80a29..38322bfff 100644
--- a/src/engine/openssl/info.txt
+++ b/src/engine/openssl/info.txt
@@ -16,12 +16,8 @@ arc4_openssl.cpp
bn_powm.cpp
bn_wrap.cpp
ossl_bc.cpp
-ossl_dh.cpp
-ossl_dsa.cpp
-ossl_elg.cpp
-ossl_if.cpp
ossl_md.cpp
-ossl_nr.cpp
+openssl_pk.cpp
</source>
<requires>
diff --git a/src/engine/openssl/openssl_engine.h b/src/engine/openssl/openssl_engine.h
index 4ee2be2c0..1ee7e4c11 100644
--- a/src/engine/openssl/openssl_engine.h
+++ b/src/engine/openssl/openssl_engine.h
@@ -23,29 +23,17 @@ class OpenSSL_Engine : public Engine
*/
std::string provider_name() const { return "openssl"; }
-#if defined(BOTAN_HAS_IF_PUBLIC_KEY_FAMILY)
- IF_Operation* if_op(const BigInt&, const BigInt&, const BigInt&,
- const BigInt&, const BigInt&, const BigInt&,
- const BigInt&, const BigInt&) const;
-#endif
+ PK_Ops::Key_Agreement*
+ get_key_agreement_op(const Private_Key& key) const;
-#if defined(BOTAN_HAS_DSA)
- DSA_Operation* dsa_op(const DL_Group&, const BigInt&,
- const BigInt&) const;
-#endif
+ PK_Ops::Signature*
+ get_signature_op(const Private_Key& key) const;
-#if defined(BOTAN_HAS_NYBERG_RUEPPEL)
- NR_Operation* nr_op(const DL_Group&, const BigInt&, const BigInt&) const;
-#endif
+ PK_Ops::Verification* get_verify_op(const Public_Key& key) const;
-#if defined(BOTAN_HAS_ELGAMAL)
- ELG_Operation* elg_op(const DL_Group&, const BigInt&,
- const BigInt&) const;
-#endif
+ PK_Ops::Encryption* get_encryption_op(const Public_Key& key) const;
-#if defined(BOTAN_HAS_DIFFIE_HELLMAN)
- DH_Operation* dh_op(const DL_Group&, const BigInt&) const;
-#endif
+ PK_Ops::Decryption* get_decryption_op(const Private_Key& key) const;
Modular_Exponentiator* mod_exp(const BigInt&,
Power_Mod::Usage_Hints) const;
diff --git a/src/engine/openssl/openssl_pk.cpp b/src/engine/openssl/openssl_pk.cpp
new file mode 100644
index 000000000..ebc2bdd82
--- /dev/null
+++ b/src/engine/openssl/openssl_pk.cpp
@@ -0,0 +1,345 @@
+/*
+* OpenSSL PK operations
+* (C) 1999-2010 Jack Lloyd
+*
+* Distributed under the terms of the Botan license
+*/
+
+#include <botan/internal/openssl_engine.h>
+#include <botan/internal/bn_wrap.h>
+
+#if defined(BOTAN_HAS_RSA)
+ #include <botan/rsa.h>
+#endif
+
+#if defined(BOTAN_HAS_RW)
+ #include <botan/rw.h>
+#endif
+
+#if defined(BOTAN_HAS_DSA)
+ #include <botan/dsa.h>
+#endif
+
+#if defined(BOTAN_HAS_ELGAMAL)
+ #include <botan/elgamal.h>
+#endif
+
+#if defined(BOTAN_HAS_NYBERG_RUEPPEL)
+ #include <botan/nr.h>
+#endif
+
+#if defined(BOTAN_HAS_DIFFIE_HELLMAN)
+ #include <botan/dh.h>
+#endif
+
+namespace Botan {
+
+namespace {
+
+#if defined(BOTAN_HAS_DIFFIE_HELLMAN)
+class OSSL_DH_KA_Operation : public PK_Ops::Key_Agreement
+ {
+ public:
+ OSSL_DH_KA_Operation(const DH_PrivateKey& dh) :
+ x(dh.get_x()), p(dh.group_p()) {}
+
+ SecureVector<byte> agree(const byte w[], u32bit w_len) const
+ {
+ OSSL_BN i(w, w_len), r;
+ BN_mod_exp(r.value, i.value, x.value, p.value, ctx.value);
+ return r.to_bytes();
+ }
+
+ private:
+ const OSSL_BN x, p;
+ OSSL_BN_CTX ctx;
+ };
+#endif
+
+#if defined(BOTAN_HAS_DSA)
+
+class OSSL_DSA_Signature_Operation : public PK_Ops::Signature
+ {
+ public:
+ OSSL_DSA_Signature_Operation(const DSA_PrivateKey& dsa) :
+ x(dsa.get_x()),
+ p(dsa.group_p()),
+ q(dsa.group_q()),
+ g(dsa.group_g()),
+ q_bits(dsa.group_q().bits()) {}
+
+ u32bit message_parts() const { return 2; }
+ u32bit message_part_size() const { return (q_bits + 7) / 8; }
+ u32bit max_input_bits() const { return q_bits; }
+
+ SecureVector<byte> sign(const byte msg[], u32bit msg_len,
+ RandomNumberGenerator& rng) const;
+ private:
+ const OSSL_BN x, p, q, g;
+ const OSSL_BN_CTX ctx;
+ u32bit q_bits;
+ };
+
+SecureVector<byte>
+OSSL_DSA_Signature_Operation::sign(const byte msg[], u32bit msg_len,
+ RandomNumberGenerator& rng) const
+ {
+ const u32bit q_bytes = (q_bits + 7) / 8;
+
+ rng.add_entropy(msg, msg_len);
+
+ BigInt k_bn;
+ do
+ k_bn.randomize(rng, q_bits);
+ while(k_bn >= q.to_bigint());
+
+ OSSL_BN i(msg, msg_len);
+ OSSL_BN k(k_bn);
+
+ OSSL_BN r;
+ BN_mod_exp(r.value, g.value, k.value, p.value, ctx.value);
+ BN_nnmod(r.value, r.value, q.value, ctx.value);
+
+ BN_mod_inverse(k.value, k.value, q.value, ctx.value);
+
+ OSSL_BN s;
+ BN_mul(s.value, x.value, r.value, ctx.value);
+ BN_add(s.value, s.value, i.value);
+ BN_mod_mul(s.value, s.value, k.value, q.value, ctx.value);
+
+ if(BN_is_zero(r.value) || BN_is_zero(s.value))
+ throw Internal_Error("OpenSSL_DSA_Op::sign: r or s was zero");
+
+ SecureVector<byte> output(2*q_bytes);
+ r.encode(output, q_bytes);
+ s.encode(output + q_bytes, q_bytes);
+ return output;
+ }
+
+class OSSL_DSA_Verification_Operation : public PK_Ops::Verification
+ {
+ public:
+ OSSL_DSA_Verification_Operation(const DSA_PublicKey& dsa) :
+ y(dsa.get_y()),
+ p(dsa.group_p()),
+ q(dsa.group_q()),
+ g(dsa.group_g()),
+ q_bits(dsa.group_q().bits()) {}
+
+ u32bit message_parts() const { return 2; }
+ u32bit message_part_size() const { return (q_bits + 7) / 8; }
+ u32bit max_input_bits() const { return q_bits; }
+
+ bool with_recovery() const { return false; }
+
+ bool verify(const byte msg[], u32bit msg_len,
+ const byte sig[], u32bit sig_len) const;
+ private:
+ const OSSL_BN y, p, q, g;
+ const OSSL_BN_CTX ctx;
+ u32bit q_bits;
+ };
+
+bool OSSL_DSA_Verification_Operation::verify(const byte msg[], u32bit msg_len,
+ const byte sig[], u32bit sig_len) const
+ {
+ const u32bit q_bytes = q.bytes();
+
+ if(sig_len != 2*q_bytes || msg_len > q_bytes)
+ return false;
+
+ OSSL_BN r(sig, q_bytes);
+ OSSL_BN s(sig + q_bytes, q_bytes);
+ OSSL_BN i(msg, msg_len);
+
+ if(BN_is_zero(r.value) || BN_cmp(r.value, q.value) >= 0)
+ return false;
+ if(BN_is_zero(s.value) || BN_cmp(s.value, q.value) >= 0)
+ return false;
+
+ if(BN_mod_inverse(s.value, s.value, q.value, ctx.value) == 0)
+ return false;
+
+ OSSL_BN si;
+ BN_mod_mul(si.value, s.value, i.value, q.value, ctx.value);
+ BN_mod_exp(si.value, g.value, si.value, p.value, ctx.value);
+
+ OSSL_BN sr;
+ BN_mod_mul(sr.value, s.value, r.value, q.value, ctx.value);
+ BN_mod_exp(sr.value, y.value, sr.value, p.value, ctx.value);
+
+ BN_mod_mul(si.value, si.value, sr.value, p.value, ctx.value);
+ BN_nnmod(si.value, si.value, q.value, ctx.value);
+
+ if(BN_cmp(si.value, r.value) == 0)
+ return true;
+ return false;
+
+ return false;
+ }
+
+#endif
+
+#if defined(BOTAN_HAS_RSA)
+
+class OSSL_RSA_Private_Operation : public PK_Ops::Signature,
+ public PK_Ops::Decryption
+ {
+ public:
+ OSSL_RSA_Private_Operation(const RSA_PrivateKey& rsa) :
+ mod(rsa.get_n()),
+ p(rsa.get_p()),
+ q(rsa.get_q()),
+ d1(rsa.get_d1()),
+ d2(rsa.get_d2()),
+ c(rsa.get_c()),
+ n_bits(rsa.get_n().bits())
+ {}
+
+ u32bit max_input_bits() const { return (n_bits - 1); }
+
+ SecureVector<byte> sign(const byte msg[], u32bit msg_len,
+ RandomNumberGenerator& rng) const
+ {
+ BigInt m(msg, msg_len);
+ BigInt x = private_op(m);
+ return BigInt::encode_1363(x, (n_bits + 7) / 8);
+ }
+
+ SecureVector<byte> decrypt(const byte msg[], u32bit msg_len) const
+ {
+ BigInt m(msg, msg_len);
+ return BigInt::encode(private_op(m));
+ }
+
+ private:
+ BigInt private_op(const BigInt& m) const;
+
+ const OSSL_BN mod, p, q, d1, d2, c;
+ const OSSL_BN_CTX ctx;
+ u32bit n_bits;
+ };
+
+BigInt OSSL_RSA_Private_Operation::private_op(const BigInt& m) const
+ {
+ OSSL_BN j1, j2, h(m);
+
+ BN_mod_exp(j1.value, h.value, d1.value, p.value, ctx.value);
+ BN_mod_exp(j2.value, h.value, d2.value, q.value, ctx.value);
+ BN_sub(h.value, j1.value, j2.value);
+ BN_mod_mul(h.value, h.value, c.value, p.value, ctx.value);
+ BN_mul(h.value, h.value, q.value, ctx.value);
+ BN_add(h.value, h.value, j2.value);
+ return h.to_bigint();
+ }
+
+class OSSL_RSA_Public_Operation : public PK_Ops::Verification,
+ public PK_Ops::Encryption
+ {
+ public:
+ OSSL_RSA_Public_Operation(const RSA_PublicKey& rsa) :
+ n(rsa.get_n()), e(rsa.get_e()), mod(rsa.get_n())
+ {}
+
+ u32bit max_input_bits() const { return (n.bits() - 1); }
+ bool with_recovery() const { return true; }
+
+ SecureVector<byte> encrypt(const byte msg[], u32bit msg_len,
+ RandomNumberGenerator&) const
+ {
+ BigInt m(msg, msg_len);
+ return BigInt::encode_1363(public_op(m), n.bytes());
+ }
+
+ SecureVector<byte> verify_mr(const byte msg[], u32bit msg_len) const
+ {
+ BigInt m(msg, msg_len);
+ return BigInt::encode(public_op(m));
+ }
+
+ private:
+ BigInt public_op(const BigInt& m) const
+ {
+ if(m >= n)
+ throw Invalid_Argument("RSA public op - input is too large");
+
+ OSSL_BN m_bn(m), r;
+ BN_mod_exp(r.value, m_bn.value, e.value, mod.value, ctx.value);
+ return r.to_bigint();
+ }
+
+ const BigInt& n;
+ const OSSL_BN e, mod;
+ const OSSL_BN_CTX ctx;
+ };
+
+#endif
+
+}
+
+PK_Ops::Key_Agreement*
+OpenSSL_Engine::get_key_agreement_op(const Private_Key& key) const
+ {
+#if defined(BOTAN_HAS_DIFFIE_HELLMAN)
+ if(const DH_PrivateKey* dh = dynamic_cast<const DH_PrivateKey*>(&key))
+ return new OSSL_DH_KA_Operation(*dh);
+#endif
+
+ return 0;
+ }
+
+PK_Ops::Signature*
+OpenSSL_Engine::get_signature_op(const Private_Key& key) const
+ {
+#if defined(BOTAN_HAS_RSA)
+ if(const RSA_PrivateKey* s = dynamic_cast<const RSA_PrivateKey*>(&key))
+ return new OSSL_RSA_Private_Operation(*s);
+#endif
+
+#if defined(BOTAN_HAS_DSA)
+ if(const DSA_PrivateKey* s = dynamic_cast<const DSA_PrivateKey*>(&key))
+ return new OSSL_DSA_Signature_Operation(*s);
+#endif
+
+ return 0;
+ }
+
+PK_Ops::Verification*
+OpenSSL_Engine::get_verify_op(const Public_Key& key) const
+ {
+#if defined(BOTAN_HAS_RSA)
+ if(const RSA_PublicKey* s = dynamic_cast<const RSA_PublicKey*>(&key))
+ return new OSSL_RSA_Public_Operation(*s);
+#endif
+
+#if defined(BOTAN_HAS_DSA)
+ if(const DSA_PublicKey* s = dynamic_cast<const DSA_PublicKey*>(&key))
+ return new OSSL_DSA_Verification_Operation(*s);
+#endif
+
+ return 0;
+ }
+
+PK_Ops::Encryption*
+OpenSSL_Engine::get_encryption_op(const Public_Key& key) const
+ {
+#if defined(BOTAN_HAS_RSA)
+ if(const RSA_PublicKey* s = dynamic_cast<const RSA_PublicKey*>(&key))
+ return new OSSL_RSA_Public_Operation(*s);
+#endif
+
+ return 0;
+ }
+
+PK_Ops::Decryption*
+OpenSSL_Engine::get_decryption_op(const Private_Key& key) const
+ {
+#if defined(BOTAN_HAS_RSA)
+ if(const RSA_PrivateKey* s = dynamic_cast<const RSA_PrivateKey*>(&key))
+ return new OSSL_RSA_Private_Operation(*s);
+#endif
+
+ return 0;
+ }
+
+}
diff --git a/src/engine/openssl/ossl_dh.cpp b/src/engine/openssl/ossl_dh.cpp
deleted file mode 100644
index 7cbe6477d..000000000
--- a/src/engine/openssl/ossl_dh.cpp
+++ /dev/null
@@ -1,60 +0,0 @@
-/*
-* OpenSSL Engine
-* (C) 1999-2007 Jack Lloyd
-*
-* Distributed under the terms of the Botan license
-*/
-
-#include <botan/internal/openssl_engine.h>
-#include <botan/internal/bn_wrap.h>
-#include <openssl/opensslv.h>
-
-#if OPENSSL_VERSION_NUMBER < 0x0090700F
- #error Your OpenSSL install is too old, upgrade to 0.9.7 or later
-#endif
-
-namespace Botan {
-
-#if defined(BOTAN_HAS_DIFFIE_HELLMAN)
-
-namespace {
-
-/*
-* OpenSSL DH Operation
-*/
-class OpenSSL_DH_Op : public DH_Operation
- {
- public:
- BigInt agree(const BigInt& i) const;
- DH_Operation* clone() const { return new OpenSSL_DH_Op(*this); }
-
- OpenSSL_DH_Op(const DL_Group& group, const BigInt& x_bn) :
- x(x_bn), p(group.get_p()) {}
- private:
- OSSL_BN x, p;
- OSSL_BN_CTX ctx;
- };
-
-/*
-* OpenSSL DH Key Agreement Operation
-*/
-BigInt OpenSSL_DH_Op::agree(const BigInt& i_bn) const
- {
- OSSL_BN i(i_bn), r;
- BN_mod_exp(r.value, i.value, x.value, p.value, ctx.value);
- return r.to_bigint();
- }
-
-}
-
-/*
-* Acquire a DH op
-*/
-DH_Operation* OpenSSL_Engine::dh_op(const DL_Group& group,
- const BigInt& x) const
- {
- return new OpenSSL_DH_Op(group, x);
- }
-#endif
-
-}
diff --git a/src/engine/openssl/ossl_dsa.cpp b/src/engine/openssl/ossl_dsa.cpp
deleted file mode 100644
index 66529bcec..000000000
--- a/src/engine/openssl/ossl_dsa.cpp
+++ /dev/null
@@ -1,126 +0,0 @@
-/*
-* OpenSSL DSA Engine
-* (C) 1999-2007 Jack Lloyd
-*
-* Distributed under the terms of the Botan license
-*/
-
-#include <botan/internal/openssl_engine.h>
-#include <botan/internal/bn_wrap.h>
-#include <openssl/opensslv.h>
-
-#if OPENSSL_VERSION_NUMBER < 0x0090700F
- #error Your OpenSSL install is too old, upgrade to 0.9.7 or later
-#endif
-
-namespace Botan {
-
-#if defined(BOTAN_HAS_DSA)
-
-namespace {
-
-/*
-* OpenSSL DSA Operation
-*/
-class OpenSSL_DSA_Op : public DSA_Operation
- {
- public:
- bool verify(const byte[], u32bit, const byte[], u32bit) const;
- SecureVector<byte> sign(const byte[], u32bit, const BigInt&) const;
-
- DSA_Operation* clone() const { return new OpenSSL_DSA_Op(*this); }
-
- OpenSSL_DSA_Op(const DL_Group& group, const BigInt& y1,
- const BigInt& x1) :
- x(x1), y(y1), p(group.get_p()), q(group.get_q()), g(group.get_g()) {}
- private:
- const OSSL_BN x, y, p, q, g;
- OSSL_BN_CTX ctx;
- };
-
-/*
-* OpenSSL DSA Verify Operation
-*/
-bool OpenSSL_DSA_Op::verify(const byte msg[], u32bit msg_len,
- const byte sig[], u32bit sig_len) const
- {
- const u32bit q_bytes = q.bytes();
-
- if(sig_len != 2*q_bytes || msg_len > q_bytes)
- return false;
-
- OSSL_BN r(sig, q_bytes);
- OSSL_BN s(sig + q_bytes, q_bytes);
- OSSL_BN i(msg, msg_len);
-
- if(BN_is_zero(r.value) || BN_cmp(r.value, q.value) >= 0)
- return false;
- if(BN_is_zero(s.value) || BN_cmp(s.value, q.value) >= 0)
- return false;
-
- if(BN_mod_inverse(s.value, s.value, q.value, ctx.value) == 0)
- return false;
-
- OSSL_BN si;
- BN_mod_mul(si.value, s.value, i.value, q.value, ctx.value);
- BN_mod_exp(si.value, g.value, si.value, p.value, ctx.value);
-
- OSSL_BN sr;
- BN_mod_mul(sr.value, s.value, r.value, q.value, ctx.value);
- BN_mod_exp(sr.value, y.value, sr.value, p.value, ctx.value);
-
- BN_mod_mul(si.value, si.value, sr.value, p.value, ctx.value);
- BN_nnmod(si.value, si.value, q.value, ctx.value);
-
- if(BN_cmp(si.value, r.value) == 0)
- return true;
- return false;
- }
-
-/*
-* OpenSSL DSA Sign Operation
-*/
-SecureVector<byte> OpenSSL_DSA_Op::sign(const byte in[], u32bit length,
- const BigInt& k_bn) const
- {
- if(BN_is_zero(x.value))
- throw Internal_Error("OpenSSL_DSA_Op::sign: No private key");
-
- OSSL_BN i(in, length);
- OSSL_BN k(k_bn);
-
- OSSL_BN r;
- BN_mod_exp(r.value, g.value, k.value, p.value, ctx.value);
- BN_nnmod(r.value, r.value, q.value, ctx.value);
-
- BN_mod_inverse(k.value, k.value, q.value, ctx.value);
-
- OSSL_BN s;
- BN_mul(s.value, x.value, r.value, ctx.value);
- BN_add(s.value, s.value, i.value);
- BN_mod_mul(s.value, s.value, k.value, q.value, ctx.value);
-
- if(BN_is_zero(r.value) || BN_is_zero(s.value))
- throw Internal_Error("OpenSSL_DSA_Op::sign: r or s was zero");
-
- const u32bit q_bytes = q.bytes();
-
- SecureVector<byte> output(2*q_bytes);
- r.encode(output, q_bytes);
- s.encode(output + q_bytes, q_bytes);
- return output;
- }
-
-}
-
-/*
-* Acquire a DSA op
-*/
-DSA_Operation* OpenSSL_Engine::dsa_op(const DL_Group& group, const BigInt& y,
- const BigInt& x) const
- {
- return new OpenSSL_DSA_Op(group, y, x);
- }
-#endif
-
-}
diff --git a/src/engine/openssl/ossl_elg.cpp b/src/engine/openssl/ossl_elg.cpp
deleted file mode 100644
index 35c59a7ff..000000000
--- a/src/engine/openssl/ossl_elg.cpp
+++ /dev/null
@@ -1,95 +0,0 @@
-/*
-* OpenSSL Engine
-* (C) 1999-2007 Jack Lloyd
-*
-* Distributed under the terms of the Botan license
-*/
-
-#include <botan/internal/openssl_engine.h>
-#include <botan/internal/bn_wrap.h>
-#include <openssl/opensslv.h>
-
-#if OPENSSL_VERSION_NUMBER < 0x0090700F
- #error Your OpenSSL install is too old, upgrade to 0.9.7 or later
-#endif
-
-namespace Botan {
-
-#if defined(BOTAN_HAS_ELGAMAL)
-
-namespace {
-
-/*
-* OpenSSL ElGamal Operation
-*/
-class OpenSSL_ELG_Op : public ELG_Operation
- {
- public:
- SecureVector<byte> encrypt(const byte[], u32bit, const BigInt&) const;
- BigInt decrypt(const BigInt&, const BigInt&) const;
-
- ELG_Operation* clone() const { return new OpenSSL_ELG_Op(*this); }
- OpenSSL_ELG_Op(const DL_Group& group, const BigInt& y1,
- const BigInt& x1) :
- x(x1), y(y1), g(group.get_g()), p(group.get_p()) {}
- private:
- OSSL_BN x, y, g, p;
- OSSL_BN_CTX ctx;
- };
-
-/*
-* OpenSSL ElGamal Encrypt Operation
-*/
-SecureVector<byte> OpenSSL_ELG_Op::encrypt(const byte in[], u32bit length,
- const BigInt& k_bn) const
- {
- OSSL_BN i(in, length);
-
- if(BN_cmp(i.value, p.value) >= 0)
- throw Invalid_Argument("OpenSSL_ELG_Op: Input is too large");
-
- OSSL_BN a, b, k(k_bn);
-
- BN_mod_exp(a.value, g.value, k.value, p.value, ctx.value);
- BN_mod_exp(b.value, y.value, k.value, p.value, ctx.value);
- BN_mod_mul(b.value, b.value, i.value, p.value, ctx.value);
-
- const u32bit p_bytes = p.bytes();
- SecureVector<byte> output(2*p_bytes);
- a.encode(output, p_bytes);
- b.encode(output + p_bytes, p_bytes);
- return output;
- }
-
-/*
-* OpenSSL ElGamal Decrypt Operation
-*/
-BigInt OpenSSL_ELG_Op::decrypt(const BigInt& a_bn, const BigInt& b_bn) const
- {
- if(BN_is_zero(x.value))
- throw Internal_Error("OpenSSL_ELG_Op::decrypt: No private key");
-
- OSSL_BN a(a_bn), b(b_bn), t;
-
- if(BN_cmp(a.value, p.value) >= 0 || BN_cmp(b.value, p.value) >= 0)
- throw Invalid_Argument("OpenSSL_ELG_Op: Invalid message");
-
- BN_mod_exp(t.value, a.value, x.value, p.value, ctx.value);
- BN_mod_inverse(a.value, t.value, p.value, ctx.value);
- BN_mod_mul(a.value, a.value, b.value, p.value, ctx.value);
- return a.to_bigint();
- }
-
-}
-
-/*
-* Acquire an ElGamal op
-*/
-ELG_Operation* OpenSSL_Engine::elg_op(const DL_Group& group, const BigInt& y,
- const BigInt& x) const
- {
- return new OpenSSL_ELG_Op(group, y, x);
- }
-#endif
-
-}
diff --git a/src/engine/openssl/ossl_if.cpp b/src/engine/openssl/ossl_if.cpp
deleted file mode 100644
index a30a4d8b4..000000000
--- a/src/engine/openssl/ossl_if.cpp
+++ /dev/null
@@ -1,85 +0,0 @@
-/*
-* OpenSSL IF Engine
-* (C) 1999-2007 Jack Lloyd
-*
-* Distributed under the terms of the Botan license
-*/
-
-#include <botan/internal/openssl_engine.h>
-#include <botan/internal/bn_wrap.h>
-#include <openssl/opensslv.h>
-
-#if OPENSSL_VERSION_NUMBER < 0x0090700F
- #error Your OpenSSL install is too old, upgrade to 0.9.7 or later
-#endif
-
-namespace Botan {
-
-#if defined(BOTAN_HAS_IF_PUBLIC_KEY_FAMILY)
-
-namespace {
-
-/*
-* OpenSSL IF Operation
-*/
-class OpenSSL_IF_Op : public IF_Operation
- {
- public:
- BigInt public_op(const BigInt&) const;
- BigInt private_op(const BigInt&) const;
-
- IF_Operation* clone() const { return new OpenSSL_IF_Op(*this); }
-
- OpenSSL_IF_Op(const BigInt& e_bn, const BigInt& n_bn, const BigInt&,
- const BigInt& p_bn, const BigInt& q_bn, const BigInt& d1_bn,
- const BigInt& d2_bn, const BigInt& c_bn) :
- e(e_bn), n(n_bn), p(p_bn), q(q_bn), d1(d1_bn), d2(d2_bn), c(c_bn) {}
- private:
- const OSSL_BN e, n, p, q, d1, d2, c;
- OSSL_BN_CTX ctx;
- };
-
-/*
-* OpenSSL IF Public Operation
-*/
-BigInt OpenSSL_IF_Op::public_op(const BigInt& i_bn) const
- {
- OSSL_BN i(i_bn), r;
- BN_mod_exp(r.value, i.value, e.value, n.value, ctx.value);
- return r.to_bigint();
- }
-
-/*
-* OpenSSL IF Private Operation
-*/
-BigInt OpenSSL_IF_Op::private_op(const BigInt& i_bn) const
- {
- if(BN_is_zero(p.value))
- throw Internal_Error("OpenSSL_IF_Op::private_op: No private key");
-
- OSSL_BN j1, j2, h(i_bn);
-
- BN_mod_exp(j1.value, h.value, d1.value, p.value, ctx.value);
- BN_mod_exp(j2.value, h.value, d2.value, q.value, ctx.value);
- BN_sub(h.value, j1.value, j2.value);
- BN_mod_mul(h.value, h.value, c.value, p.value, ctx.value);
- BN_mul(h.value, h.value, q.value, ctx.value);
- BN_add(h.value, h.value, j2.value);
- return h.to_bigint();
- }
-
-}
-
-/*
-* Acquire an IF op
-*/
-IF_Operation* OpenSSL_Engine::if_op(const BigInt& e, const BigInt& n,
- const BigInt& d, const BigInt& p,
- const BigInt& q, const BigInt& d1,
- const BigInt& d2, const BigInt& c) const
- {
- return new OpenSSL_IF_Op(e, n, d, p, q, d1, d2, c);
- }
-#endif
-
-}
diff --git a/src/engine/openssl/ossl_nr.cpp b/src/engine/openssl/ossl_nr.cpp
deleted file mode 100644
index b14ec7f8c..000000000
--- a/src/engine/openssl/ossl_nr.cpp
+++ /dev/null
@@ -1,113 +0,0 @@
-/*
-* OpenSSL NR Engine
-* (C) 1999-2007 Jack Lloyd
-*
-* Distributed under the terms of the Botan license
-*/
-
-#include <botan/internal/openssl_engine.h>
-#include <botan/internal/bn_wrap.h>
-#include <openssl/opensslv.h>
-
-#if OPENSSL_VERSION_NUMBER < 0x0090700F
- #error Your OpenSSL install is too old, upgrade to 0.9.7 or later
-#endif
-
-namespace Botan {
-
-#if defined(BOTAN_HAS_NYBERG_RUEPPEL)
-
-namespace {
-
-/*
-* OpenSSL NR Operation
-*/
-class OpenSSL_NR_Op : public NR_Operation
- {
- public:
- SecureVector<byte> verify(const byte[], u32bit) const;
- SecureVector<byte> sign(const byte[], u32bit, const BigInt&) const;
-
- NR_Operation* clone() const { return new OpenSSL_NR_Op(*this); }
-
- OpenSSL_NR_Op(const DL_Group& group, const BigInt& y1,
- const BigInt& x1) :
- x(x1), y(y1), p(group.get_p()), q(group.get_q()), g(group.get_g()) {}
- private:
- const OSSL_BN x, y, p, q, g;
- OSSL_BN_CTX ctx;
- };
-
-/*
-* OpenSSL NR Verify Operation
-*/
-SecureVector<byte> OpenSSL_NR_Op::verify(const byte sig[],
- u32bit sig_len) const
- {
- const u32bit q_bytes = q.bytes();
-
- if(sig_len != 2*q_bytes)
- return false;
-
- OSSL_BN c(sig, q_bytes);
- OSSL_BN d(sig + q_bytes, q_bytes);
-
- if(BN_is_zero(c.value) || BN_cmp(c.value, q.value) >= 0 ||
- BN_cmp(d.value, q.value) >= 0)
- throw Invalid_Argument("OpenSSL_NR_Op::verify: Invalid signature");
-
- OSSL_BN i1, i2;
- BN_mod_exp(i1.value, g.value, d.value, p.value, ctx.value);
- BN_mod_exp(i2.value, y.value, c.value, p.value, ctx.value);
- BN_mod_mul(i1.value, i1.value, i2.value, p.value, ctx.value);
- BN_sub(i1.value, c.value, i1.value);
- BN_nnmod(i1.value, i1.value, q.value, ctx.value);
- return BigInt::encode(i1.to_bigint());
- }
-
-/*
-* OpenSSL NR Sign Operation
-*/
-SecureVector<byte> OpenSSL_NR_Op::sign(const byte in[], u32bit length,
- const BigInt& k_bn) const
- {
- if(BN_is_zero(x.value))
- throw Internal_Error("OpenSSL_NR_Op::sign: No private key");
-
- OSSL_BN f(in, length);
- OSSL_BN k(k_bn);
-
- if(BN_cmp(f.value, q.value) >= 0)
- throw Invalid_Argument("OpenSSL_NR_Op::sign: Input is out of range");
-
- OSSL_BN c, d;
- BN_mod_exp(c.value, g.value, k.value, p.value, ctx.value);
- BN_add(c.value, c.value, f.value);
- BN_nnmod(c.value, c.value, q.value, ctx.value);
- BN_mul(d.value, x.value, c.value, ctx.value);
- BN_sub(d.value, k.value, d.value);
- BN_nnmod(d.value, d.value, q.value, ctx.value);
-
- if(BN_is_zero(c.value))
- throw Internal_Error("Default_NR_Op::sign: c was zero");
-
- const u32bit q_bytes = q.bytes();
- SecureVector<byte> output(2*q_bytes);
- c.encode(output, q_bytes);
- d.encode(output + q_bytes, q_bytes);
- return output;
- }
-
-}
-
-/*
-* Acquire a NR op
-*/
-NR_Operation* OpenSSL_Engine::nr_op(const DL_Group& group, const BigInt& y,
- const BigInt& x) const
- {
- return new OpenSSL_NR_Op(group, y, x);
- }
-#endif
-
-}