diff options
Diffstat (limited to 'src/lib')
-rw-r--r-- | src/lib/prov/openssl/openssl.h | 3 | ||||
-rw-r--r-- | src/lib/prov/openssl/openssl_rsa.cpp | 36 | ||||
-rw-r--r-- | src/lib/pubkey/pk_algs.cpp | 36 | ||||
-rw-r--r-- | src/lib/pubkey/pk_algs.h | 7 |
4 files changed, 80 insertions, 2 deletions
diff --git a/src/lib/prov/openssl/openssl.h b/src/lib/prov/openssl/openssl.h index 3cd39113b..37e8f9d4b 100644 --- a/src/lib/prov/openssl/openssl.h +++ b/src/lib/prov/openssl/openssl.h @@ -27,6 +27,7 @@ class BlockCipher; class Cipher_Mode; class StreamCipher; class HashFunction; +class RandomNumberGenerator; enum Cipher_Dir : int; class OpenSSL_Error : public Exception @@ -67,6 +68,8 @@ std::unique_ptr<PK_Ops::Verification> make_openssl_rsa_ver_op(const RSA_PublicKey& key, const std::string& params); std::unique_ptr<PK_Ops::Signature> make_openssl_rsa_sig_op(const RSA_PrivateKey& key, const std::string& params); +std::unique_ptr<RSA_PrivateKey> +make_openssl_rsa_private_key(RandomNumberGenerator& rng, size_t rsa_bits); #endif diff --git a/src/lib/prov/openssl/openssl_rsa.cpp b/src/lib/prov/openssl/openssl_rsa.cpp index 22cd6eb96..8c25d00ef 100644 --- a/src/lib/prov/openssl/openssl_rsa.cpp +++ b/src/lib/prov/openssl/openssl_rsa.cpp @@ -1,6 +1,7 @@ /* * RSA operations provided by OpenSSL * (C) 2015 Jack Lloyd +* (C) 2017 Alexander Bluhm * * Botan is released under the Simplified BSD License (see license.txt) */ @@ -10,6 +11,7 @@ #if defined(BOTAN_HAS_RSA) #include <botan/rsa.h> +#include <botan/rng.h> #include <botan/internal/pk_ops_impl.h> #include <botan/internal/ct_utils.h> @@ -19,6 +21,7 @@ #include <openssl/rsa.h> #include <openssl/x509.h> #include <openssl/err.h> +#include <openssl/rand.h> namespace Botan { @@ -247,6 +250,39 @@ make_openssl_rsa_sig_op(const RSA_PrivateKey& key, const std::string& params) return std::unique_ptr<PK_Ops::Signature>(new OpenSSL_RSA_Signing_Operation(key, params)); } +std::unique_ptr<RSA_PrivateKey> +make_openssl_rsa_private_key(RandomNumberGenerator& rng, size_t rsa_bits) + { + if (rsa_bits > INT_MAX) + throw Internal_Error("rsa_bits overflow"); + + secure_vector<uint8_t> seed(BOTAN_SYSTEM_RNG_POLL_REQUEST); + rng.randomize(seed.data(), seed.size()); + RAND_seed(seed.data(), seed.size()); + + std::unique_ptr<BIGNUM, std::function<void (BIGNUM*)>> bn(BN_new(), BN_free); + if(!bn) + throw OpenSSL_Error("BN_new"); + if(!BN_set_word(bn.get(), RSA_F4)) + throw OpenSSL_Error("BN_set_word"); + + std::unique_ptr<RSA, std::function<void (RSA*)>> rsa(RSA_new(), RSA_free); + if(!rsa) + throw OpenSSL_Error("RSA_new"); + if(!RSA_generate_key_ex(rsa.get(), rsa_bits, bn.get(), NULL)) + throw OpenSSL_Error("RSA_generate_key_ex"); + + uint8_t* der = NULL; + int bytes = i2d_RSAPrivateKey(rsa.get(), &der); + if(bytes < 0) + throw OpenSSL_Error("i2d_RSAPrivateKey"); + + const secure_vector<uint8_t> keydata(der, der + bytes); + memset(der, 0, bytes); + free(der); + return std::unique_ptr<Botan::RSA_PrivateKey> + (new RSA_PrivateKey(AlgorithmIdentifier(), keydata)); + } } #endif // BOTAN_HAS_RSA diff --git a/src/lib/pubkey/pk_algs.cpp b/src/lib/pubkey/pk_algs.cpp index 1e1fd739a..19d7361b4 100644 --- a/src/lib/pubkey/pk_algs.cpp +++ b/src/lib/pubkey/pk_algs.cpp @@ -56,6 +56,10 @@ #include <botan/xmss.h> #endif +#if defined(BOTAN_HAS_OPENSSL) + #include <botan/internal/openssl.h> +#endif + namespace Botan { std::unique_ptr<Public_Key> @@ -203,7 +207,8 @@ load_private_key(const AlgorithmIdentifier& alg_id, std::unique_ptr<Private_Key> create_private_key(const std::string& alg_name, RandomNumberGenerator& rng, - const std::string& params) + const std::string& params, + const std::string& provider) { /* * Default paramaters are chosen for work factor > 2**128 where possible @@ -218,6 +223,17 @@ create_private_key(const std::string& alg_name, if(alg_name == "RSA") { const size_t rsa_bits = (params.empty() ? 3072 : to_u32bit(params)); +#if defined(BOTAN_HAS_OPENSSL) + if(provider.empty() || provider == "openssl") + { + std::unique_ptr<Botan::Private_Key> pk; + if(pk = make_openssl_rsa_private_key(rng, rsa_bits)) + return pk; + + if(!provider.empty()) + return nullptr; + } +#endif return std::unique_ptr<Private_Key>(new RSA_PrivateKey(rng, rsa_bits)); } #endif @@ -311,4 +327,22 @@ create_private_key(const std::string& alg_name, return std::unique_ptr<Private_Key>(); } +std::vector<std::string> +probe_provider_private_key(const std::string& alg_name, + const std::vector<std::string> possible) + { + std::vector<std::string> providers; + for(auto&& prov : possible) + { + if(prov == "base" || +#if defined(BOTAN_HAS_OPENSSL) + (prov == "openssl" && alg_name == "RSA") || +#endif + 0) + { + providers.push_back(prov); // available + } + } + return providers; + } } diff --git a/src/lib/pubkey/pk_algs.h b/src/lib/pubkey/pk_algs.h index 04248459b..5deded423 100644 --- a/src/lib/pubkey/pk_algs.h +++ b/src/lib/pubkey/pk_algs.h @@ -33,7 +33,12 @@ load_private_key(const AlgorithmIdentifier& alg_id, BOTAN_DLL std::unique_ptr<Private_Key> create_private_key(const std::string& algo_name, RandomNumberGenerator& rng, - const std::string& algo_params = ""); + const std::string& algo_params = "", + const std::string& provider = ""); + +BOTAN_DLL std::vector<std::string> +probe_provider_private_key(const std::string& algo_name, + const std::vector<std::string> possible); } |