diff options
| -rw-r--r-- | src/lib/engine/openssl/bn_powm.cpp | 54 | ||||
| -rw-r--r-- | src/lib/engine/openssl/bn_wrap.cpp | 116 | ||||
| -rw-r--r-- | src/lib/engine/openssl/bn_wrap.h | 60 | ||||
| -rw-r--r-- | src/lib/engine/openssl/info.txt | 4 | ||||
| -rw-r--r-- | src/lib/engine/openssl/openssl_engine.h | 16 | ||||
| -rw-r--r-- | src/lib/engine/openssl/ossl_pk.cpp | 338 |
6 files changed, 0 insertions, 588 deletions
diff --git a/src/lib/engine/openssl/bn_powm.cpp b/src/lib/engine/openssl/bn_powm.cpp deleted file mode 100644 index ac06fbe77..000000000 --- a/src/lib/engine/openssl/bn_powm.cpp +++ /dev/null @@ -1,54 +0,0 @@ -/* -* OpenSSL Modular Exponentiation -* (C) 1999-2007 Jack Lloyd -* -* Distributed under the terms of the Botan license -*/ - -#include <botan/internal/openssl_engine.h> -#include <botan/internal/bn_wrap.h> - -namespace Botan { - -namespace { - -/* -* OpenSSL Modular Exponentiator -*/ -class OpenSSL_Modular_Exponentiator : public Modular_Exponentiator - { - public: - void set_base(const BigInt& b) { base = b; } - void set_exponent(const BigInt& e) { exp = e; } - BigInt execute() const; - Modular_Exponentiator* copy() const - { return new OpenSSL_Modular_Exponentiator(*this); } - - OpenSSL_Modular_Exponentiator(const BigInt& n) : mod(n) {} - private: - OSSL_BN base, exp, mod; - OSSL_BN_CTX ctx; - }; - -/* -* Compute the result -*/ -BigInt OpenSSL_Modular_Exponentiator::execute() const - { - OSSL_BN r; - BN_mod_exp(r.ptr(), base.ptr(), exp.ptr(), mod.ptr(), ctx.ptr()); - return r.to_bigint(); - } - -} - -/* -* Return the OpenSSL-based modular exponentiator -*/ -Modular_Exponentiator* OpenSSL_Engine::mod_exp(const BigInt& n, - Power_Mod::Usage_Hints) const - { - return new OpenSSL_Modular_Exponentiator(n); - } - -} diff --git a/src/lib/engine/openssl/bn_wrap.cpp b/src/lib/engine/openssl/bn_wrap.cpp deleted file mode 100644 index 0a7e42368..000000000 --- a/src/lib/engine/openssl/bn_wrap.cpp +++ /dev/null @@ -1,116 +0,0 @@ -/* -* OpenSSL BN Wrapper -* (C) 1999-2007 Jack Lloyd -* -* Distributed under the terms of the Botan license -*/ - -#include <botan/internal/bn_wrap.h> - -namespace Botan { - -/* -* OSSL_BN Constructor -*/ -OSSL_BN::OSSL_BN(const BigInt& in) - { - m_bn = BN_new(); - secure_vector<byte> encoding = BigInt::encode_locked(in); - if(in != 0) - BN_bin2bn(&encoding[0], encoding.size(), m_bn); - } - -/* -* OSSL_BN Constructor -*/ -OSSL_BN::OSSL_BN(const byte in[], size_t length) - { - m_bn = BN_new(); - BN_bin2bn(in, length, m_bn); - } - -/* -* OSSL_BN Copy Constructor -*/ -OSSL_BN::OSSL_BN(const OSSL_BN& other) - { - m_bn = BN_dup(other.m_bn); - } - -/* -* OSSL_BN Destructor -*/ -OSSL_BN::~OSSL_BN() - { - BN_clear_free(m_bn); - } - -/* -* OSSL_BN Assignment Operator -*/ -OSSL_BN& OSSL_BN::operator=(const OSSL_BN& other) - { - BN_copy(m_bn, other.m_bn); - return (*this); - } - -/* -* Export the BIGNUM as a bytestring -*/ -void OSSL_BN::encode(byte out[], size_t length) const - { - BN_bn2bin(m_bn, out + (length - bytes())); - } - -/* -* Return the number of significant bytes -*/ -size_t OSSL_BN::bytes() const - { - return BN_num_bytes(m_bn); - } - -/* -* OpenSSL to BigInt Conversions -*/ -BigInt OSSL_BN::to_bigint() const - { - secure_vector<byte> out(bytes()); - BN_bn2bin(m_bn, &out[0]); - return BigInt::decode(out); - } - -/* -* OSSL_BN_CTX Constructor -*/ -OSSL_BN_CTX::OSSL_BN_CTX() - { - m_ctx = BN_CTX_new(); - } - -/* -* OSSL_BN_CTX Copy Constructor -*/ -OSSL_BN_CTX::OSSL_BN_CTX(const OSSL_BN_CTX&) - { - m_ctx = BN_CTX_new(); - } - -/* -* OSSL_BN_CTX Destructor -*/ -OSSL_BN_CTX::~OSSL_BN_CTX() - { - BN_CTX_free(m_ctx); - } - -/* -* OSSL_BN_CTX Assignment Operator -*/ -OSSL_BN_CTX& OSSL_BN_CTX::operator=(const OSSL_BN_CTX&) - { - m_ctx = BN_CTX_new(); - return (*this); - } - -} diff --git a/src/lib/engine/openssl/bn_wrap.h b/src/lib/engine/openssl/bn_wrap.h deleted file mode 100644 index 12bcec152..000000000 --- a/src/lib/engine/openssl/bn_wrap.h +++ /dev/null @@ -1,60 +0,0 @@ -/* -* OpenSSL BN Wrapper -* (C) 1999-2007 Jack Lloyd -* -* Distributed under the terms of the Botan license -*/ - -#ifndef BOTAN_OPENSSL_BN_WRAP_H__ -#define BOTAN_OPENSSL_BN_WRAP_H__ - -#include <botan/bigint.h> -#include <openssl/bn.h> - -namespace Botan { - -/** -* Lightweight OpenSSL BN wrapper. For internal use only. -*/ -class OSSL_BN - { - public: - BigInt to_bigint() const; - void encode(byte[], size_t) const; - size_t bytes() const; - - secure_vector<byte> to_bytes() const - { return BigInt::encode_locked(to_bigint()); } - - OSSL_BN& operator=(const OSSL_BN&); - - OSSL_BN(const OSSL_BN&); - OSSL_BN(const BigInt& = 0); - OSSL_BN(const byte[], size_t); - ~OSSL_BN(); - - BIGNUM* ptr() const { return m_bn; } - private: - BIGNUM* m_bn; - }; - -/** -* Lightweight OpenSSL BN_CTX wrapper. For internal use only. -*/ -class OSSL_BN_CTX - { - public: - OSSL_BN_CTX& operator=(const OSSL_BN_CTX&); - - OSSL_BN_CTX(); - OSSL_BN_CTX(const OSSL_BN_CTX&); - ~OSSL_BN_CTX(); - - BN_CTX* ptr() const { return m_ctx; } - private: - BN_CTX* m_ctx; - }; - -} - -#endif diff --git a/src/lib/engine/openssl/info.txt b/src/lib/engine/openssl/info.txt index d500816d5..c1be7bf9b 100644 --- a/src/lib/engine/openssl/info.txt +++ b/src/lib/engine/openssl/info.txt @@ -8,16 +8,12 @@ all -> crypto <header:internal> openssl_engine.h -bn_wrap.h </header:internal> <source> -bn_powm.cpp -bn_wrap.cpp ossl_arc4.cpp ossl_bc.cpp ossl_md.cpp -ossl_pk.cpp </source> <requires> diff --git a/src/lib/engine/openssl/openssl_engine.h b/src/lib/engine/openssl/openssl_engine.h index 5c0d1511d..a106f3d21 100644 --- a/src/lib/engine/openssl/openssl_engine.h +++ b/src/lib/engine/openssl/openssl_engine.h @@ -20,22 +20,6 @@ class OpenSSL_Engine : public Engine public: std::string provider_name() const override { return "openssl"; } - PK_Ops::Key_Agreement* - get_key_agreement_op(const Private_Key& key, RandomNumberGenerator& rng) const override; - - PK_Ops::Signature* get_signature_op(const Private_Key& key, const std::string& emsa, - RandomNumberGenerator& rng) const override; - - PK_Ops::Verification* get_verify_op(const Public_Key& key, const std::string& emsa, - RandomNumberGenerator& rng) const override; - - PK_Ops::Encryption* get_encryption_op(const Public_Key& key, RandomNumberGenerator& rng) const override; - - PK_Ops::Decryption* get_decryption_op(const Private_Key& key, RandomNumberGenerator& rng) const override; - - Modular_Exponentiator* mod_exp(const BigInt&, - Power_Mod::Usage_Hints) const override; - BlockCipher* find_block_cipher(const SCAN_Name&, Algorithm_Factory&) const override; diff --git a/src/lib/engine/openssl/ossl_pk.cpp b/src/lib/engine/openssl/ossl_pk.cpp deleted file mode 100644 index b489ad454..000000000 --- a/src/lib/engine/openssl/ossl_pk.cpp +++ /dev/null @@ -1,338 +0,0 @@ -/* -* OpenSSL PK operations -* (C) 1999-2010 Jack Lloyd -* -* Distributed under the terms of the Botan license -*/ - -#include <botan/internal/openssl_engine.h> -#include <botan/internal/bn_wrap.h> - -#if defined(BOTAN_HAS_RSA) - #include <botan/rsa.h> -#endif - -#if defined(BOTAN_HAS_DSA) - #include <botan/dsa.h> -#endif - -#if defined(BOTAN_HAS_ECDSA) - #include <botan/ecdsa.h> - #include <openssl/ecdsa.h> -#endif - -#if defined(BOTAN_HAS_DIFFIE_HELLMAN) - #include <botan/dh.h> -#endif - -namespace Botan { - -namespace { - -#if defined(BOTAN_HAS_DIFFIE_HELLMAN) -class OSSL_DH_KA_Operation : public PK_Ops::Key_Agreement - { - public: - OSSL_DH_KA_Operation(const DH_PrivateKey& dh) : - x(dh.get_x()), p(dh.group_p()) {} - - secure_vector<byte> agree(const byte w[], size_t w_len) - { - OSSL_BN i(w, w_len), r; - BN_mod_exp(r.ptr(), i.ptr(), x.ptr(), p.ptr(), ctx.ptr()); - return r.to_bytes(); - } - - private: - const OSSL_BN x, p; - OSSL_BN_CTX ctx; - }; -#endif - -#if defined(BOTAN_HAS_DSA) - -class OSSL_DSA_Signature_Operation : public PK_Ops::Signature - { - public: - OSSL_DSA_Signature_Operation(const DSA_PrivateKey& dsa) : - x(dsa.get_x()), - p(dsa.group_p()), - q(dsa.group_q()), - g(dsa.group_g()), - q_bits(dsa.group_q().bits()) {} - - size_t message_parts() const { return 2; } - size_t message_part_size() const { return (q_bits + 7) / 8; } - size_t max_input_bits() const { return q_bits; } - - secure_vector<byte> sign(const byte msg[], size_t msg_len, - RandomNumberGenerator& rng); - private: - const OSSL_BN x, p, q, g; - const OSSL_BN_CTX ctx; - size_t q_bits; - }; - -secure_vector<byte> -OSSL_DSA_Signature_Operation::sign(const byte msg[], size_t msg_len, - RandomNumberGenerator& rng) - { - const size_t q_bytes = (q_bits + 7) / 8; - - rng.add_entropy(msg, msg_len); - - BigInt k_bn; - do - k_bn.randomize(rng, q_bits); - while(k_bn >= q.to_bigint()); - - OSSL_BN i(msg, msg_len); - OSSL_BN k(k_bn); - - OSSL_BN r; - BN_mod_exp(r.ptr(), g.ptr(), k.ptr(), p.ptr(), ctx.ptr()); - BN_nnmod(r.ptr(), r.ptr(), q.ptr(), ctx.ptr()); - - BN_mod_inverse(k.ptr(), k.ptr(), q.ptr(), ctx.ptr()); - - OSSL_BN s; - BN_mul(s.ptr(), x.ptr(), r.ptr(), ctx.ptr()); - BN_add(s.ptr(), s.ptr(), i.ptr()); - BN_mod_mul(s.ptr(), s.ptr(), k.ptr(), q.ptr(), ctx.ptr()); - - if(BN_is_zero(r.ptr()) || BN_is_zero(s.ptr())) - throw Internal_Error("OpenSSL_DSA_Op::sign: r or s was zero"); - - secure_vector<byte> output(2*q_bytes); - r.encode(&output[0], q_bytes); - s.encode(&output[q_bytes], q_bytes); - return output; - } - -class OSSL_DSA_Verification_Operation : public PK_Ops::Verification - { - public: - OSSL_DSA_Verification_Operation(const DSA_PublicKey& dsa) : - y(dsa.get_y()), - p(dsa.group_p()), - q(dsa.group_q()), - g(dsa.group_g()), - q_bits(dsa.group_q().bits()) {} - - size_t message_parts() const { return 2; } - size_t message_part_size() const { return (q_bits + 7) / 8; } - size_t max_input_bits() const { return q_bits; } - - bool with_recovery() const { return false; } - - bool verify(const byte msg[], size_t msg_len, - const byte sig[], size_t sig_len); - private: - const OSSL_BN y, p, q, g; - const OSSL_BN_CTX ctx; - size_t q_bits; - }; - -bool OSSL_DSA_Verification_Operation::verify(const byte msg[], size_t msg_len, - const byte sig[], size_t sig_len) - { - const size_t q_bytes = q.bytes(); - - if(sig_len != 2*q_bytes || msg_len > q_bytes) - return false; - - OSSL_BN r(sig, q_bytes); - OSSL_BN s(sig + q_bytes, q_bytes); - OSSL_BN i(msg, msg_len); - - if(BN_is_zero(r.ptr()) || BN_cmp(r.ptr(), q.ptr()) >= 0) - return false; - if(BN_is_zero(s.ptr()) || BN_cmp(s.ptr(), q.ptr()) >= 0) - return false; - - if(BN_mod_inverse(s.ptr(), s.ptr(), q.ptr(), ctx.ptr()) == 0) - return false; - - OSSL_BN si; - BN_mod_mul(si.ptr(), s.ptr(), i.ptr(), q.ptr(), ctx.ptr()); - BN_mod_exp(si.ptr(), g.ptr(), si.ptr(), p.ptr(), ctx.ptr()); - - OSSL_BN sr; - BN_mod_mul(sr.ptr(), s.ptr(), r.ptr(), q.ptr(), ctx.ptr()); - BN_mod_exp(sr.ptr(), y.ptr(), sr.ptr(), p.ptr(), ctx.ptr()); - - BN_mod_mul(si.ptr(), si.ptr(), sr.ptr(), p.ptr(), ctx.ptr()); - BN_nnmod(si.ptr(), si.ptr(), q.ptr(), ctx.ptr()); - - if(BN_cmp(si.ptr(), r.ptr()) == 0) - return true; - return false; - - return false; - } - -#endif - -#if defined(BOTAN_HAS_RSA) - -class OSSL_RSA_Private_Operation : public PK_Ops::Signature, - public PK_Ops::Decryption - { - public: - OSSL_RSA_Private_Operation(const RSA_PrivateKey& rsa) : - mod(rsa.get_n()), - p(rsa.get_p()), - q(rsa.get_q()), - d1(rsa.get_d1()), - d2(rsa.get_d2()), - c(rsa.get_c()), - n_bits(rsa.get_n().bits()) - {} - - size_t max_input_bits() const { return (n_bits - 1); } - - secure_vector<byte> sign(const byte msg[], size_t msg_len, - RandomNumberGenerator&) - { - BigInt m(msg, msg_len); - BigInt x = private_op(m); - return BigInt::encode_1363(x, (n_bits + 7) / 8); - } - - secure_vector<byte> decrypt(const byte msg[], size_t msg_len) - { - BigInt m(msg, msg_len); - return BigInt::encode_locked(private_op(m)); - } - - private: - BigInt private_op(const BigInt& m) const; - - const OSSL_BN mod, p, q, d1, d2, c; - const OSSL_BN_CTX ctx; - size_t n_bits; - }; - -BigInt OSSL_RSA_Private_Operation::private_op(const BigInt& m) const - { - OSSL_BN j1, j2, h(m); - - BN_mod_exp(j1.ptr(), h.ptr(), d1.ptr(), p.ptr(), ctx.ptr()); - BN_mod_exp(j2.ptr(), h.ptr(), d2.ptr(), q.ptr(), ctx.ptr()); - BN_sub(h.ptr(), j1.ptr(), j2.ptr()); - BN_mod_mul(h.ptr(), h.ptr(), c.ptr(), p.ptr(), ctx.ptr()); - BN_mul(h.ptr(), h.ptr(), q.ptr(), ctx.ptr()); - BN_add(h.ptr(), h.ptr(), j2.ptr()); - return h.to_bigint(); - } - -class OSSL_RSA_Public_Operation : public PK_Ops::Verification, - public PK_Ops::Encryption - { - public: - OSSL_RSA_Public_Operation(const RSA_PublicKey& rsa) : - n(rsa.get_n()), e(rsa.get_e()), mod(rsa.get_n()) - {} - - size_t max_input_bits() const { return (n.bits() - 1); } - bool with_recovery() const { return true; } - - secure_vector<byte> encrypt(const byte msg[], size_t msg_len, - RandomNumberGenerator&) - { - BigInt m(msg, msg_len); - return BigInt::encode_1363(public_op(m), n.bytes()); - } - - secure_vector<byte> verify_mr(const byte msg[], size_t msg_len) - { - BigInt m(msg, msg_len); - return BigInt::encode_locked(public_op(m)); - } - - private: - BigInt public_op(const BigInt& m) const - { - if(m >= n) - throw Invalid_Argument("RSA public op - input is too large"); - - OSSL_BN m_bn(m), r; - BN_mod_exp(r.ptr(), m_bn.ptr(), e.ptr(), mod.ptr(), ctx.ptr()); - return r.to_bigint(); - } - - const BigInt& n; - const OSSL_BN e, mod; - const OSSL_BN_CTX ctx; - }; - -#endif - -} - -PK_Ops::Key_Agreement* -OpenSSL_Engine::get_key_agreement_op(const Private_Key& key, RandomNumberGenerator&) const - { -#if defined(BOTAN_HAS_DIFFIE_HELLMAN) - if(const DH_PrivateKey* dh = dynamic_cast<const DH_PrivateKey*>(&key)) - return new OSSL_DH_KA_Operation(*dh); -#endif - - return 0; - } - -PK_Ops::Signature* -OpenSSL_Engine::get_signature_op(const Private_Key& key, const std::string&, RandomNumberGenerator&) const - { -#if defined(BOTAN_HAS_RSA) - if(const RSA_PrivateKey* s = dynamic_cast<const RSA_PrivateKey*>(&key)) - return new OSSL_RSA_Private_Operation(*s); -#endif - -#if defined(BOTAN_HAS_DSA) - if(const DSA_PrivateKey* s = dynamic_cast<const DSA_PrivateKey*>(&key)) - return new OSSL_DSA_Signature_Operation(*s); -#endif - - return 0; - } - -PK_Ops::Verification* -OpenSSL_Engine::get_verify_op(const Public_Key& key, const std::string&, RandomNumberGenerator&) const - { -#if defined(BOTAN_HAS_RSA) - if(const RSA_PublicKey* s = dynamic_cast<const RSA_PublicKey*>(&key)) - return new OSSL_RSA_Public_Operation(*s); -#endif - -#if defined(BOTAN_HAS_DSA) - if(const DSA_PublicKey* s = dynamic_cast<const DSA_PublicKey*>(&key)) - return new OSSL_DSA_Verification_Operation(*s); -#endif - - return 0; - } - -PK_Ops::Encryption* -OpenSSL_Engine::get_encryption_op(const Public_Key& key, RandomNumberGenerator&) const - { -#if defined(BOTAN_HAS_RSA) - if(const RSA_PublicKey* s = dynamic_cast<const RSA_PublicKey*>(&key)) - return new OSSL_RSA_Public_Operation(*s); -#endif - - return 0; - } - -PK_Ops::Decryption* -OpenSSL_Engine::get_decryption_op(const Private_Key& key, RandomNumberGenerator&) const - { -#if defined(BOTAN_HAS_RSA) - if(const RSA_PrivateKey* s = dynamic_cast<const RSA_PrivateKey*>(&key)) - return new OSSL_RSA_Private_Operation(*s); -#endif - - return 0; - } - -} |