diff options
Diffstat (limited to 'src/engine/openssl')
| -rw-r--r-- | src/engine/openssl/bn_powm.cpp | 54 | ||||
| -rw-r--r-- | src/engine/openssl/bn_wrap.cpp | 116 | ||||
| -rw-r--r-- | src/engine/openssl/bn_wrap.h | 60 | ||||
| -rw-r--r-- | src/engine/openssl/info.txt | 25 | ||||
| -rw-r--r-- | src/engine/openssl/openssl_engine.h | 49 | ||||
| -rw-r--r-- | src/engine/openssl/ossl_arc4.cpp | 89 | ||||
| -rw-r--r-- | src/engine/openssl/ossl_bc.cpp | 248 | ||||
| -rw-r--r-- | src/engine/openssl/ossl_md.cpp | 150 | ||||
| -rw-r--r-- | src/engine/openssl/ossl_pk.cpp | 338 |
9 files changed, 0 insertions, 1129 deletions
diff --git a/src/engine/openssl/bn_powm.cpp b/src/engine/openssl/bn_powm.cpp deleted file mode 100644 index ac06fbe77..000000000 --- a/src/engine/openssl/bn_powm.cpp +++ /dev/null @@ -1,54 +0,0 @@ -/* -* OpenSSL Modular Exponentiation -* (C) 1999-2007 Jack Lloyd -* -* Distributed under the terms of the Botan license -*/ - -#include <botan/internal/openssl_engine.h> -#include <botan/internal/bn_wrap.h> - -namespace Botan { - -namespace { - -/* -* OpenSSL Modular Exponentiator -*/ -class OpenSSL_Modular_Exponentiator : public Modular_Exponentiator - { - public: - void set_base(const BigInt& b) { base = b; } - void set_exponent(const BigInt& e) { exp = e; } - BigInt execute() const; - Modular_Exponentiator* copy() const - { return new OpenSSL_Modular_Exponentiator(*this); } - - OpenSSL_Modular_Exponentiator(const BigInt& n) : mod(n) {} - private: - OSSL_BN base, exp, mod; - OSSL_BN_CTX ctx; - }; - -/* -* Compute the result -*/ -BigInt OpenSSL_Modular_Exponentiator::execute() const - { - OSSL_BN r; - BN_mod_exp(r.ptr(), base.ptr(), exp.ptr(), mod.ptr(), ctx.ptr()); - return r.to_bigint(); - } - -} - -/* -* Return the OpenSSL-based modular exponentiator -*/ -Modular_Exponentiator* OpenSSL_Engine::mod_exp(const BigInt& n, - Power_Mod::Usage_Hints) const - { - return new OpenSSL_Modular_Exponentiator(n); - } - -} diff --git a/src/engine/openssl/bn_wrap.cpp b/src/engine/openssl/bn_wrap.cpp deleted file mode 100644 index 0a7e42368..000000000 --- a/src/engine/openssl/bn_wrap.cpp +++ /dev/null @@ -1,116 +0,0 @@ -/* -* OpenSSL BN Wrapper -* (C) 1999-2007 Jack Lloyd -* -* Distributed under the terms of the Botan license -*/ - -#include <botan/internal/bn_wrap.h> - -namespace Botan { - -/* -* OSSL_BN Constructor -*/ -OSSL_BN::OSSL_BN(const BigInt& in) - { - m_bn = BN_new(); - secure_vector<byte> encoding = BigInt::encode_locked(in); - if(in != 0) - BN_bin2bn(&encoding[0], encoding.size(), m_bn); - } - -/* -* OSSL_BN Constructor -*/ -OSSL_BN::OSSL_BN(const byte in[], size_t length) - { - m_bn = BN_new(); - BN_bin2bn(in, length, m_bn); - } - -/* -* OSSL_BN Copy Constructor -*/ -OSSL_BN::OSSL_BN(const OSSL_BN& other) - { - m_bn = BN_dup(other.m_bn); - } - -/* -* OSSL_BN Destructor -*/ -OSSL_BN::~OSSL_BN() - { - BN_clear_free(m_bn); - } - -/* -* OSSL_BN Assignment Operator -*/ -OSSL_BN& OSSL_BN::operator=(const OSSL_BN& other) - { - BN_copy(m_bn, other.m_bn); - return (*this); - } - -/* -* Export the BIGNUM as a bytestring -*/ -void OSSL_BN::encode(byte out[], size_t length) const - { - BN_bn2bin(m_bn, out + (length - bytes())); - } - -/* -* Return the number of significant bytes -*/ -size_t OSSL_BN::bytes() const - { - return BN_num_bytes(m_bn); - } - -/* -* OpenSSL to BigInt Conversions -*/ -BigInt OSSL_BN::to_bigint() const - { - secure_vector<byte> out(bytes()); - BN_bn2bin(m_bn, &out[0]); - return BigInt::decode(out); - } - -/* -* OSSL_BN_CTX Constructor -*/ -OSSL_BN_CTX::OSSL_BN_CTX() - { - m_ctx = BN_CTX_new(); - } - -/* -* OSSL_BN_CTX Copy Constructor -*/ -OSSL_BN_CTX::OSSL_BN_CTX(const OSSL_BN_CTX&) - { - m_ctx = BN_CTX_new(); - } - -/* -* OSSL_BN_CTX Destructor -*/ -OSSL_BN_CTX::~OSSL_BN_CTX() - { - BN_CTX_free(m_ctx); - } - -/* -* OSSL_BN_CTX Assignment Operator -*/ -OSSL_BN_CTX& OSSL_BN_CTX::operator=(const OSSL_BN_CTX&) - { - m_ctx = BN_CTX_new(); - return (*this); - } - -} diff --git a/src/engine/openssl/bn_wrap.h b/src/engine/openssl/bn_wrap.h deleted file mode 100644 index 12bcec152..000000000 --- a/src/engine/openssl/bn_wrap.h +++ /dev/null @@ -1,60 +0,0 @@ -/* -* OpenSSL BN Wrapper -* (C) 1999-2007 Jack Lloyd -* -* Distributed under the terms of the Botan license -*/ - -#ifndef BOTAN_OPENSSL_BN_WRAP_H__ -#define BOTAN_OPENSSL_BN_WRAP_H__ - -#include <botan/bigint.h> -#include <openssl/bn.h> - -namespace Botan { - -/** -* Lightweight OpenSSL BN wrapper. For internal use only. -*/ -class OSSL_BN - { - public: - BigInt to_bigint() const; - void encode(byte[], size_t) const; - size_t bytes() const; - - secure_vector<byte> to_bytes() const - { return BigInt::encode_locked(to_bigint()); } - - OSSL_BN& operator=(const OSSL_BN&); - - OSSL_BN(const OSSL_BN&); - OSSL_BN(const BigInt& = 0); - OSSL_BN(const byte[], size_t); - ~OSSL_BN(); - - BIGNUM* ptr() const { return m_bn; } - private: - BIGNUM* m_bn; - }; - -/** -* Lightweight OpenSSL BN_CTX wrapper. For internal use only. -*/ -class OSSL_BN_CTX - { - public: - OSSL_BN_CTX& operator=(const OSSL_BN_CTX&); - - OSSL_BN_CTX(); - OSSL_BN_CTX(const OSSL_BN_CTX&); - ~OSSL_BN_CTX(); - - BN_CTX* ptr() const { return m_ctx; } - private: - BN_CTX* m_ctx; - }; - -} - -#endif diff --git a/src/engine/openssl/info.txt b/src/engine/openssl/info.txt deleted file mode 100644 index d500816d5..000000000 --- a/src/engine/openssl/info.txt +++ /dev/null @@ -1,25 +0,0 @@ -define ENGINE_OPENSSL 20131128 - -load_on request - -<libs> -all -> crypto -</libs> - -<header:internal> -openssl_engine.h -bn_wrap.h -</header:internal> - -<source> -bn_powm.cpp -bn_wrap.cpp -ossl_arc4.cpp -ossl_bc.cpp -ossl_md.cpp -ossl_pk.cpp -</source> - -<requires> -bigint -</requires> diff --git a/src/engine/openssl/openssl_engine.h b/src/engine/openssl/openssl_engine.h deleted file mode 100644 index 90f315c00..000000000 --- a/src/engine/openssl/openssl_engine.h +++ /dev/null @@ -1,49 +0,0 @@ -/* -* OpenSSL Engine -* (C) 1999-2007 Jack Lloyd -* -* Distributed under the terms of the Botan license -*/ - -#ifndef BOTAN_ENGINE_OPENSSL_H__ -#define BOTAN_ENGINE_OPENSSL_H__ - -#include <botan/engine.h> - -namespace Botan { - -/** -* OpenSSL Engine -*/ -class OpenSSL_Engine : public Engine - { - public: - std::string provider_name() const override { return "openssl"; } - - PK_Ops::Key_Agreement* - get_key_agreement_op(const Private_Key& key, RandomNumberGenerator& rng) const override; - - PK_Ops::Signature* - get_signature_op(const Private_Key& key, RandomNumberGenerator& rng) const override; - - PK_Ops::Verification* get_verify_op(const Public_Key& key, RandomNumberGenerator& rng) const override; - - PK_Ops::Encryption* get_encryption_op(const Public_Key& key, RandomNumberGenerator& rng) const override; - - PK_Ops::Decryption* get_decryption_op(const Private_Key& key, RandomNumberGenerator& rng) const override; - - Modular_Exponentiator* mod_exp(const BigInt&, - Power_Mod::Usage_Hints) const override; - - BlockCipher* find_block_cipher(const SCAN_Name&, - Algorithm_Factory&) const override; - - StreamCipher* find_stream_cipher(const SCAN_Name&, - Algorithm_Factory&) const override; - - HashFunction* find_hash(const SCAN_Name&, Algorithm_Factory&) const override; - }; - -} - -#endif diff --git a/src/engine/openssl/ossl_arc4.cpp b/src/engine/openssl/ossl_arc4.cpp deleted file mode 100644 index 0eb404af1..000000000 --- a/src/engine/openssl/ossl_arc4.cpp +++ /dev/null @@ -1,89 +0,0 @@ -/* -* OpenSSL RC4 -* (C) 1999-2007 Jack Lloyd -* -* Distributed under the terms of the Botan license -*/ - -#include <botan/internal/openssl_engine.h> -#include <botan/parsing.h> -#include <openssl/rc4.h> - -namespace Botan { - -namespace { - -/** -* RC4 as implemented by OpenSSL -*/ -class RC4_OpenSSL : public StreamCipher - { - public: - void clear() { clear_mem(&state, 1); } - - std::string name() const; - StreamCipher* clone() const { return new RC4_OpenSSL(SKIP); } - - Key_Length_Specification key_spec() const - { - return Key_Length_Specification(1, 32); - } - - - RC4_OpenSSL(size_t s = 0) : SKIP(s) { clear(); } - ~RC4_OpenSSL() { clear(); } - private: - void cipher(const byte[], byte[], size_t); - void key_schedule(const byte[], size_t); - - const size_t SKIP; - RC4_KEY state; - }; - -/* -* Return the name of this type -*/ -std::string RC4_OpenSSL::name() const - { - if(SKIP == 0) return "RC4"; - if(SKIP == 256) return "MARK-4"; - else return "RC4_skip(" + std::to_string(SKIP) + ")"; - } - -/* -* RC4 Key Schedule -*/ -void RC4_OpenSSL::key_schedule(const byte key[], size_t length) - { - RC4_set_key(&state, length, key); - byte dummy = 0; - for(size_t i = 0; i != SKIP; ++i) - RC4(&state, 1, &dummy, &dummy); - } - -/* -* RC4 Encryption -*/ -void RC4_OpenSSL::cipher(const byte in[], byte out[], size_t length) - { - RC4(&state, length, in, out); - } - -} - -/** -* Look for an OpenSSL-supported stream cipher (RC4) -*/ -StreamCipher* -OpenSSL_Engine::find_stream_cipher(const SCAN_Name& request, - Algorithm_Factory&) const - { - if(request.algo_name() == "RC4") - return new RC4_OpenSSL(request.arg_as_integer(0, 0)); - if(request.algo_name() == "RC4_drop") - return new RC4_OpenSSL(768); - - return 0; - } - -} diff --git a/src/engine/openssl/ossl_bc.cpp b/src/engine/openssl/ossl_bc.cpp deleted file mode 100644 index b3b509c36..000000000 --- a/src/engine/openssl/ossl_bc.cpp +++ /dev/null @@ -1,248 +0,0 @@ -/* -* OpenSSL Block Cipher -* (C) 1999-2010 Jack Lloyd -* -* Distributed under the terms of the Botan license -*/ - -#include <botan/internal/openssl_engine.h> -#include <openssl/evp.h> - -namespace Botan { - -namespace { - -/* -* EVP Block Cipher -*/ -class EVP_BlockCipher : public BlockCipher - { - public: - void clear(); - std::string name() const { return cipher_name; } - BlockCipher* clone() const; - - size_t block_size() const { return block_sz; } - - EVP_BlockCipher(const EVP_CIPHER*, const std::string&); - - EVP_BlockCipher(const EVP_CIPHER*, const std::string&, - size_t, size_t, size_t); - - Key_Length_Specification key_spec() const { return cipher_key_spec; } - - ~EVP_BlockCipher(); - private: - void encrypt_n(const byte in[], byte out[], size_t blocks) const; - void decrypt_n(const byte in[], byte out[], size_t blocks) const; - void key_schedule(const byte[], size_t); - - size_t block_sz; - Key_Length_Specification cipher_key_spec; - std::string cipher_name; - mutable EVP_CIPHER_CTX encrypt, decrypt; - }; - -/* -* EVP Block Cipher Constructor -*/ -EVP_BlockCipher::EVP_BlockCipher(const EVP_CIPHER* algo, - const std::string& algo_name) : - block_sz(EVP_CIPHER_block_size(algo)), - cipher_key_spec(EVP_CIPHER_key_length(algo)), - cipher_name(algo_name) - { - if(EVP_CIPHER_mode(algo) != EVP_CIPH_ECB_MODE) - throw Invalid_Argument("EVP_BlockCipher: Non-ECB EVP was passed in"); - - EVP_CIPHER_CTX_init(&encrypt); - EVP_CIPHER_CTX_init(&decrypt); - - EVP_EncryptInit_ex(&encrypt, algo, 0, 0, 0); - EVP_DecryptInit_ex(&decrypt, algo, 0, 0, 0); - - EVP_CIPHER_CTX_set_padding(&encrypt, 0); - EVP_CIPHER_CTX_set_padding(&decrypt, 0); - } - -/* -* EVP Block Cipher Constructor -*/ -EVP_BlockCipher::EVP_BlockCipher(const EVP_CIPHER* algo, - const std::string& algo_name, - size_t key_min, size_t key_max, - size_t key_mod) : - block_sz(EVP_CIPHER_block_size(algo)), - cipher_key_spec(key_min, key_max, key_mod), - cipher_name(algo_name) - { - if(EVP_CIPHER_mode(algo) != EVP_CIPH_ECB_MODE) - throw Invalid_Argument("EVP_BlockCipher: Non-ECB EVP was passed in"); - - EVP_CIPHER_CTX_init(&encrypt); - EVP_CIPHER_CTX_init(&decrypt); - - EVP_EncryptInit_ex(&encrypt, algo, 0, 0, 0); - EVP_DecryptInit_ex(&decrypt, algo, 0, 0, 0); - - EVP_CIPHER_CTX_set_padding(&encrypt, 0); - EVP_CIPHER_CTX_set_padding(&decrypt, 0); - } - -/* -* EVP Block Cipher Destructor -*/ -EVP_BlockCipher::~EVP_BlockCipher() - { - EVP_CIPHER_CTX_cleanup(&encrypt); - EVP_CIPHER_CTX_cleanup(&decrypt); - } - -/* -* Encrypt a block -*/ -void EVP_BlockCipher::encrypt_n(const byte in[], byte out[], - size_t blocks) const - { - int out_len = 0; - EVP_EncryptUpdate(&encrypt, out, &out_len, in, blocks * block_sz); - } - -/* -* Decrypt a block -*/ -void EVP_BlockCipher::decrypt_n(const byte in[], byte out[], - size_t blocks) const - { - int out_len = 0; - EVP_DecryptUpdate(&decrypt, out, &out_len, in, blocks * block_sz); - } - -/* -* Set the key -*/ -void EVP_BlockCipher::key_schedule(const byte key[], size_t length) - { - secure_vector<byte> full_key(key, key + length); - - if(cipher_name == "TripleDES" && length == 16) - { - full_key += std::make_pair(key, 8); - } - else - if(EVP_CIPHER_CTX_set_key_length(&encrypt, length) == 0 || - EVP_CIPHER_CTX_set_key_length(&decrypt, length) == 0) - throw Invalid_Argument("EVP_BlockCipher: Bad key length for " + - cipher_name); - - if(cipher_name == "RC2") - { - EVP_CIPHER_CTX_ctrl(&encrypt, EVP_CTRL_SET_RC2_KEY_BITS, length*8, 0); - EVP_CIPHER_CTX_ctrl(&decrypt, EVP_CTRL_SET_RC2_KEY_BITS, length*8, 0); - } - - EVP_EncryptInit_ex(&encrypt, 0, 0, &full_key[0], 0); - EVP_DecryptInit_ex(&decrypt, 0, 0, &full_key[0], 0); - } - -/* -* Return a clone of this object -*/ -BlockCipher* EVP_BlockCipher::clone() const - { - return new EVP_BlockCipher(EVP_CIPHER_CTX_cipher(&encrypt), - cipher_name, - cipher_key_spec.minimum_keylength(), - cipher_key_spec.maximum_keylength(), - cipher_key_spec.keylength_multiple()); - } - -/* -* Clear memory of sensitive data -*/ -void EVP_BlockCipher::clear() - { - const EVP_CIPHER* algo = EVP_CIPHER_CTX_cipher(&encrypt); - - EVP_CIPHER_CTX_cleanup(&encrypt); - EVP_CIPHER_CTX_cleanup(&decrypt); - EVP_CIPHER_CTX_init(&encrypt); - EVP_CIPHER_CTX_init(&decrypt); - EVP_EncryptInit_ex(&encrypt, algo, 0, 0, 0); - EVP_DecryptInit_ex(&decrypt, algo, 0, 0, 0); - EVP_CIPHER_CTX_set_padding(&encrypt, 0); - EVP_CIPHER_CTX_set_padding(&decrypt, 0); - } - -} - -/* -* Look for an algorithm with this name -*/ -BlockCipher* -OpenSSL_Engine::find_block_cipher(const SCAN_Name& request, - Algorithm_Factory&) const - { -#define HANDLE_EVP_CIPHER(NAME, EVP) \ - if(request.algo_name() == NAME && request.arg_count() == 0) \ - return new EVP_BlockCipher(EVP, NAME); - -#define HANDLE_EVP_CIPHER_KEYLEN(NAME, EVP, MIN, MAX, MOD) \ - if(request.algo_name() == NAME && request.arg_count() == 0) \ - return new EVP_BlockCipher(EVP, NAME, MIN, MAX, MOD); - -#if !defined(OPENSSL_NO_AES) - /* - Using OpenSSL's AES causes crashes inside EVP on x86-64 with OpenSSL 0.9.8g - cause is unknown - */ - HANDLE_EVP_CIPHER("AES-128", EVP_aes_128_ecb()); - HANDLE_EVP_CIPHER("AES-192", EVP_aes_192_ecb()); - HANDLE_EVP_CIPHER("AES-256", EVP_aes_256_ecb()); -#endif - -#if !defined(OPENSSL_NO_DES) - HANDLE_EVP_CIPHER("DES", EVP_des_ecb()); - HANDLE_EVP_CIPHER_KEYLEN("TripleDES", EVP_des_ede3_ecb(), 16, 24, 8); -#endif - -#if !defined(OPENSSL_NO_BF) - HANDLE_EVP_CIPHER_KEYLEN("Blowfish", EVP_bf_ecb(), 1, 56, 1); -#endif - -#if !defined(OPENSSL_NO_CAST) - HANDLE_EVP_CIPHER_KEYLEN("CAST-128", EVP_cast5_ecb(), 1, 16, 1); -#endif - -#if !defined(OPENSSL_NO_CAMELLIA) - HANDLE_EVP_CIPHER("Camellia-128", EVP_camellia_128_ecb()); - HANDLE_EVP_CIPHER("Camellia-192", EVP_camellia_192_ecb()); - HANDLE_EVP_CIPHER("Camellia-256", EVP_camellia_256_ecb()); -#endif - -#if !defined(OPENSSL_NO_RC2) - HANDLE_EVP_CIPHER_KEYLEN("RC2", EVP_rc2_ecb(), 1, 32, 1); -#endif - -#if !defined(OPENSSL_NO_RC5) && 0 - if(request.algo_name() == "RC5") - if(request.arg_as_integer(0, 12) == 12) - return new EVP_BlockCipher(EVP_rc5_32_12_16_ecb(), - "RC5(12)", 1, 32, 1); -#endif - -#if !defined(OPENSSL_NO_IDEA) && 0 - HANDLE_EVP_CIPHER("IDEA", EVP_idea_ecb()); -#endif - -#if !defined(OPENSSL_NO_SEED) - HANDLE_EVP_CIPHER("SEED", EVP_seed_ecb()); -#endif - -#undef HANDLE_EVP_CIPHER -#undef HANDLE_EVP_CIPHER_KEYLEN - - return 0; - } - -} diff --git a/src/engine/openssl/ossl_md.cpp b/src/engine/openssl/ossl_md.cpp deleted file mode 100644 index e09a68a8e..000000000 --- a/src/engine/openssl/ossl_md.cpp +++ /dev/null @@ -1,150 +0,0 @@ -/* -* OpenSSL Hash Functions -* (C) 1999-2007 Jack Lloyd -* -* Distributed under the terms of the Botan license -*/ - -#include <botan/internal/openssl_engine.h> -#include <openssl/evp.h> - -namespace Botan { - -namespace { - -/* -* EVP Hash Function -*/ -class EVP_HashFunction : public HashFunction - { - public: - void clear(); - std::string name() const { return algo_name; } - HashFunction* clone() const; - - size_t output_length() const - { - return EVP_MD_size(EVP_MD_CTX_md(&md)); - } - - size_t hash_block_size() const - { - return EVP_MD_block_size(EVP_MD_CTX_md(&md)); - } - - EVP_HashFunction(const EVP_MD*, const std::string&); - ~EVP_HashFunction(); - private: - void add_data(const byte[], size_t); - void final_result(byte[]); - - std::string algo_name; - EVP_MD_CTX md; - }; - -/* -* Update an EVP Hash Calculation -*/ -void EVP_HashFunction::add_data(const byte input[], size_t length) - { - EVP_DigestUpdate(&md, input, length); - } - -/* -* Finalize an EVP Hash Calculation -*/ -void EVP_HashFunction::final_result(byte output[]) - { - EVP_DigestFinal_ex(&md, output, 0); - const EVP_MD* algo = EVP_MD_CTX_md(&md); - EVP_DigestInit_ex(&md, algo, 0); - } - -/* -* Clear memory of sensitive data -*/ -void EVP_HashFunction::clear() - { - const EVP_MD* algo = EVP_MD_CTX_md(&md); - EVP_DigestInit_ex(&md, algo, 0); - } - -/* -* Return a clone of this object -*/ -HashFunction* EVP_HashFunction::clone() const - { - const EVP_MD* algo = EVP_MD_CTX_md(&md); - return new EVP_HashFunction(algo, name()); - } - -/* -* Create an EVP hash function -*/ -EVP_HashFunction::EVP_HashFunction(const EVP_MD* algo, - const std::string& name) : - algo_name(name) - { - EVP_MD_CTX_init(&md); - EVP_DigestInit_ex(&md, algo, 0); - } - -/* -* Destroy an EVP hash function -*/ -EVP_HashFunction::~EVP_HashFunction() - { - EVP_MD_CTX_cleanup(&md); - } - -} - -/* -* Look for an algorithm with this name -*/ -HashFunction* OpenSSL_Engine::find_hash(const SCAN_Name& request, - Algorithm_Factory&) const - { -#if !defined(OPENSSL_NO_SHA) - if(request.algo_name() == "SHA-160") - return new EVP_HashFunction(EVP_sha1(), "SHA-160"); -#endif - -#if !defined(OPENSSL_NO_SHA256) - if(request.algo_name() == "SHA-224") - return new EVP_HashFunction(EVP_sha224(), "SHA-224"); - if(request.algo_name() == "SHA-256") - return new EVP_HashFunction(EVP_sha256(), "SHA-256"); -#endif - -#if !defined(OPENSSL_NO_SHA512) - if(request.algo_name() == "SHA-384") - return new EVP_HashFunction(EVP_sha384(), "SHA-384"); - if(request.algo_name() == "SHA-512") - return new EVP_HashFunction(EVP_sha512(), "SHA-512"); -#endif - -#if !defined(OPENSSL_NO_MD2) - if(request.algo_name() == "MD2") - return new EVP_HashFunction(EVP_md2(), "MD2"); -#endif - -#if !defined(OPENSSL_NO_MD4) - if(request.algo_name() == "MD4") - return new EVP_HashFunction(EVP_md4(), "MD4"); -#endif - -#if !defined(OPENSSL_NO_MD5) - if(request.algo_name() == "MD5") - return new EVP_HashFunction(EVP_md5(), "MD5"); -#endif - -#if !defined(OPENSSL_NO_RIPEMD) - if(request.algo_name() == "RIPEMD-160") - return new EVP_HashFunction(EVP_ripemd160(), "RIPEMD-160"); -#endif - - return 0; - } - -} diff --git a/src/engine/openssl/ossl_pk.cpp b/src/engine/openssl/ossl_pk.cpp deleted file mode 100644 index cbe03d7b3..000000000 --- a/src/engine/openssl/ossl_pk.cpp +++ /dev/null @@ -1,338 +0,0 @@ -/* -* OpenSSL PK operations -* (C) 1999-2010 Jack Lloyd -* -* Distributed under the terms of the Botan license -*/ - -#include <botan/internal/openssl_engine.h> -#include <botan/internal/bn_wrap.h> - -#if defined(BOTAN_HAS_RSA) - #include <botan/rsa.h> -#endif - -#if defined(BOTAN_HAS_DSA) - #include <botan/dsa.h> -#endif - -#if defined(BOTAN_HAS_ECDSA) - #include <botan/ecdsa.h> - #include <openssl/ecdsa.h> -#endif - -#if defined(BOTAN_HAS_DIFFIE_HELLMAN) - #include <botan/dh.h> -#endif - -namespace Botan { - -namespace { - -#if defined(BOTAN_HAS_DIFFIE_HELLMAN) -class OSSL_DH_KA_Operation : public PK_Ops::Key_Agreement - { - public: - OSSL_DH_KA_Operation(const DH_PrivateKey& dh) : - x(dh.get_x()), p(dh.group_p()) {} - - secure_vector<byte> agree(const byte w[], size_t w_len) - { - OSSL_BN i(w, w_len), r; - BN_mod_exp(r.ptr(), i.ptr(), x.ptr(), p.ptr(), ctx.ptr()); - return r.to_bytes(); - } - - private: - const OSSL_BN x, p; - OSSL_BN_CTX ctx; - }; -#endif - -#if defined(BOTAN_HAS_DSA) - -class OSSL_DSA_Signature_Operation : public PK_Ops::Signature - { - public: - OSSL_DSA_Signature_Operation(const DSA_PrivateKey& dsa) : - x(dsa.get_x()), - p(dsa.group_p()), - q(dsa.group_q()), - g(dsa.group_g()), - q_bits(dsa.group_q().bits()) {} - - size_t message_parts() const { return 2; } - size_t message_part_size() const { return (q_bits + 7) / 8; } - size_t max_input_bits() const { return q_bits; } - - secure_vector<byte> sign(const byte msg[], size_t msg_len, - RandomNumberGenerator& rng); - private: - const OSSL_BN x, p, q, g; - const OSSL_BN_CTX ctx; - size_t q_bits; - }; - -secure_vector<byte> -OSSL_DSA_Signature_Operation::sign(const byte msg[], size_t msg_len, - RandomNumberGenerator& rng) - { - const size_t q_bytes = (q_bits + 7) / 8; - - rng.add_entropy(msg, msg_len); - - BigInt k_bn; - do - k_bn.randomize(rng, q_bits); - while(k_bn >= q.to_bigint()); - - OSSL_BN i(msg, msg_len); - OSSL_BN k(k_bn); - - OSSL_BN r; - BN_mod_exp(r.ptr(), g.ptr(), k.ptr(), p.ptr(), ctx.ptr()); - BN_nnmod(r.ptr(), r.ptr(), q.ptr(), ctx.ptr()); - - BN_mod_inverse(k.ptr(), k.ptr(), q.ptr(), ctx.ptr()); - - OSSL_BN s; - BN_mul(s.ptr(), x.ptr(), r.ptr(), ctx.ptr()); - BN_add(s.ptr(), s.ptr(), i.ptr()); - BN_mod_mul(s.ptr(), s.ptr(), k.ptr(), q.ptr(), ctx.ptr()); - - if(BN_is_zero(r.ptr()) || BN_is_zero(s.ptr())) - throw Internal_Error("OpenSSL_DSA_Op::sign: r or s was zero"); - - secure_vector<byte> output(2*q_bytes); - r.encode(&output[0], q_bytes); - s.encode(&output[q_bytes], q_bytes); - return output; - } - -class OSSL_DSA_Verification_Operation : public PK_Ops::Verification - { - public: - OSSL_DSA_Verification_Operation(const DSA_PublicKey& dsa) : - y(dsa.get_y()), - p(dsa.group_p()), - q(dsa.group_q()), - g(dsa.group_g()), - q_bits(dsa.group_q().bits()) {} - - size_t message_parts() const { return 2; } - size_t message_part_size() const { return (q_bits + 7) / 8; } - size_t max_input_bits() const { return q_bits; } - - bool with_recovery() const { return false; } - - bool verify(const byte msg[], size_t msg_len, - const byte sig[], size_t sig_len); - private: - const OSSL_BN y, p, q, g; - const OSSL_BN_CTX ctx; - size_t q_bits; - }; - -bool OSSL_DSA_Verification_Operation::verify(const byte msg[], size_t msg_len, - const byte sig[], size_t sig_len) - { - const size_t q_bytes = q.bytes(); - - if(sig_len != 2*q_bytes || msg_len > q_bytes) - return false; - - OSSL_BN r(sig, q_bytes); - OSSL_BN s(sig + q_bytes, q_bytes); - OSSL_BN i(msg, msg_len); - - if(BN_is_zero(r.ptr()) || BN_cmp(r.ptr(), q.ptr()) >= 0) - return false; - if(BN_is_zero(s.ptr()) || BN_cmp(s.ptr(), q.ptr()) >= 0) - return false; - - if(BN_mod_inverse(s.ptr(), s.ptr(), q.ptr(), ctx.ptr()) == 0) - return false; - - OSSL_BN si; - BN_mod_mul(si.ptr(), s.ptr(), i.ptr(), q.ptr(), ctx.ptr()); - BN_mod_exp(si.ptr(), g.ptr(), si.ptr(), p.ptr(), ctx.ptr()); - - OSSL_BN sr; - BN_mod_mul(sr.ptr(), s.ptr(), r.ptr(), q.ptr(), ctx.ptr()); - BN_mod_exp(sr.ptr(), y.ptr(), sr.ptr(), p.ptr(), ctx.ptr()); - - BN_mod_mul(si.ptr(), si.ptr(), sr.ptr(), p.ptr(), ctx.ptr()); - BN_nnmod(si.ptr(), si.ptr(), q.ptr(), ctx.ptr()); - - if(BN_cmp(si.ptr(), r.ptr()) == 0) - return true; - return false; - - return false; - } - -#endif - -#if defined(BOTAN_HAS_RSA) - -class OSSL_RSA_Private_Operation : public PK_Ops::Signature, - public PK_Ops::Decryption - { - public: - OSSL_RSA_Private_Operation(const RSA_PrivateKey& rsa) : - mod(rsa.get_n()), - p(rsa.get_p()), - q(rsa.get_q()), - d1(rsa.get_d1()), - d2(rsa.get_d2()), - c(rsa.get_c()), - n_bits(rsa.get_n().bits()) - {} - - size_t max_input_bits() const { return (n_bits - 1); } - - secure_vector<byte> sign(const byte msg[], size_t msg_len, - RandomNumberGenerator&) - { - BigInt m(msg, msg_len); - BigInt x = private_op(m); - return BigInt::encode_1363(x, (n_bits + 7) / 8); - } - - secure_vector<byte> decrypt(const byte msg[], size_t msg_len) - { - BigInt m(msg, msg_len); - return BigInt::encode_locked(private_op(m)); - } - - private: - BigInt private_op(const BigInt& m) const; - - const OSSL_BN mod, p, q, d1, d2, c; - const OSSL_BN_CTX ctx; - size_t n_bits; - }; - -BigInt OSSL_RSA_Private_Operation::private_op(const BigInt& m) const - { - OSSL_BN j1, j2, h(m); - - BN_mod_exp(j1.ptr(), h.ptr(), d1.ptr(), p.ptr(), ctx.ptr()); - BN_mod_exp(j2.ptr(), h.ptr(), d2.ptr(), q.ptr(), ctx.ptr()); - BN_sub(h.ptr(), j1.ptr(), j2.ptr()); - BN_mod_mul(h.ptr(), h.ptr(), c.ptr(), p.ptr(), ctx.ptr()); - BN_mul(h.ptr(), h.ptr(), q.ptr(), ctx.ptr()); - BN_add(h.ptr(), h.ptr(), j2.ptr()); - return h.to_bigint(); - } - -class OSSL_RSA_Public_Operation : public PK_Ops::Verification, - public PK_Ops::Encryption - { - public: - OSSL_RSA_Public_Operation(const RSA_PublicKey& rsa) : - n(rsa.get_n()), e(rsa.get_e()), mod(rsa.get_n()) - {} - - size_t max_input_bits() const { return (n.bits() - 1); } - bool with_recovery() const { return true; } - - secure_vector<byte> encrypt(const byte msg[], size_t msg_len, - RandomNumberGenerator&) - { - BigInt m(msg, msg_len); - return BigInt::encode_1363(public_op(m), n.bytes()); - } - - secure_vector<byte> verify_mr(const byte msg[], size_t msg_len) - { - BigInt m(msg, msg_len); - return BigInt::encode_locked(public_op(m)); - } - - private: - BigInt public_op(const BigInt& m) const - { - if(m >= n) - throw Invalid_Argument("RSA public op - input is too large"); - - OSSL_BN m_bn(m), r; - BN_mod_exp(r.ptr(), m_bn.ptr(), e.ptr(), mod.ptr(), ctx.ptr()); - return r.to_bigint(); - } - - const BigInt& n; - const OSSL_BN e, mod; - const OSSL_BN_CTX ctx; - }; - -#endif - -} - -PK_Ops::Key_Agreement* -OpenSSL_Engine::get_key_agreement_op(const Private_Key& key, RandomNumberGenerator&) const - { -#if defined(BOTAN_HAS_DIFFIE_HELLMAN) - if(const DH_PrivateKey* dh = dynamic_cast<const DH_PrivateKey*>(&key)) - return new OSSL_DH_KA_Operation(*dh); -#endif - - return 0; - } - -PK_Ops::Signature* -OpenSSL_Engine::get_signature_op(const Private_Key& key, RandomNumberGenerator&) const - { -#if defined(BOTAN_HAS_RSA) - if(const RSA_PrivateKey* s = dynamic_cast<const RSA_PrivateKey*>(&key)) - return new OSSL_RSA_Private_Operation(*s); -#endif - -#if defined(BOTAN_HAS_DSA) - if(const DSA_PrivateKey* s = dynamic_cast<const DSA_PrivateKey*>(&key)) - return new OSSL_DSA_Signature_Operation(*s); -#endif - - return 0; - } - -PK_Ops::Verification* -OpenSSL_Engine::get_verify_op(const Public_Key& key, RandomNumberGenerator&) const - { -#if defined(BOTAN_HAS_RSA) - if(const RSA_PublicKey* s = dynamic_cast<const RSA_PublicKey*>(&key)) - return new OSSL_RSA_Public_Operation(*s); -#endif - -#if defined(BOTAN_HAS_DSA) - if(const DSA_PublicKey* s = dynamic_cast<const DSA_PublicKey*>(&key)) - return new OSSL_DSA_Verification_Operation(*s); -#endif - - return 0; - } - -PK_Ops::Encryption* -OpenSSL_Engine::get_encryption_op(const Public_Key& key, RandomNumberGenerator&) const - { -#if defined(BOTAN_HAS_RSA) - if(const RSA_PublicKey* s = dynamic_cast<const RSA_PublicKey*>(&key)) - return new OSSL_RSA_Public_Operation(*s); -#endif - - return 0; - } - -PK_Ops::Decryption* -OpenSSL_Engine::get_decryption_op(const Private_Key& key, RandomNumberGenerator&) const - { -#if defined(BOTAN_HAS_RSA) - if(const RSA_PrivateKey* s = dynamic_cast<const RSA_PrivateKey*>(&key)) - return new OSSL_RSA_Private_Operation(*s); -#endif - - return 0; - } - -} |