aboutsummaryrefslogtreecommitdiffstats
path: root/src/lib
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib')
-rw-r--r--src/lib/prov/openssl/openssl.h3
-rw-r--r--src/lib/prov/openssl/openssl_rsa.cpp36
-rw-r--r--src/lib/pubkey/pk_algs.cpp36
-rw-r--r--src/lib/pubkey/pk_algs.h7
4 files changed, 80 insertions, 2 deletions
diff --git a/src/lib/prov/openssl/openssl.h b/src/lib/prov/openssl/openssl.h
index 3cd39113b..37e8f9d4b 100644
--- a/src/lib/prov/openssl/openssl.h
+++ b/src/lib/prov/openssl/openssl.h
@@ -27,6 +27,7 @@ class BlockCipher;
class Cipher_Mode;
class StreamCipher;
class HashFunction;
+class RandomNumberGenerator;
enum Cipher_Dir : int;
class OpenSSL_Error : public Exception
@@ -67,6 +68,8 @@ std::unique_ptr<PK_Ops::Verification>
make_openssl_rsa_ver_op(const RSA_PublicKey& key, const std::string& params);
std::unique_ptr<PK_Ops::Signature>
make_openssl_rsa_sig_op(const RSA_PrivateKey& key, const std::string& params);
+std::unique_ptr<RSA_PrivateKey>
+make_openssl_rsa_private_key(RandomNumberGenerator& rng, size_t rsa_bits);
#endif
diff --git a/src/lib/prov/openssl/openssl_rsa.cpp b/src/lib/prov/openssl/openssl_rsa.cpp
index 22cd6eb96..8c25d00ef 100644
--- a/src/lib/prov/openssl/openssl_rsa.cpp
+++ b/src/lib/prov/openssl/openssl_rsa.cpp
@@ -1,6 +1,7 @@
/*
* RSA operations provided by OpenSSL
* (C) 2015 Jack Lloyd
+* (C) 2017 Alexander Bluhm
*
* Botan is released under the Simplified BSD License (see license.txt)
*/
@@ -10,6 +11,7 @@
#if defined(BOTAN_HAS_RSA)
#include <botan/rsa.h>
+#include <botan/rng.h>
#include <botan/internal/pk_ops_impl.h>
#include <botan/internal/ct_utils.h>
@@ -19,6 +21,7 @@
#include <openssl/rsa.h>
#include <openssl/x509.h>
#include <openssl/err.h>
+#include <openssl/rand.h>
namespace Botan {
@@ -247,6 +250,39 @@ make_openssl_rsa_sig_op(const RSA_PrivateKey& key, const std::string& params)
return std::unique_ptr<PK_Ops::Signature>(new OpenSSL_RSA_Signing_Operation(key, params));
}
+std::unique_ptr<RSA_PrivateKey>
+make_openssl_rsa_private_key(RandomNumberGenerator& rng, size_t rsa_bits)
+ {
+ if (rsa_bits > INT_MAX)
+ throw Internal_Error("rsa_bits overflow");
+
+ secure_vector<uint8_t> seed(BOTAN_SYSTEM_RNG_POLL_REQUEST);
+ rng.randomize(seed.data(), seed.size());
+ RAND_seed(seed.data(), seed.size());
+
+ std::unique_ptr<BIGNUM, std::function<void (BIGNUM*)>> bn(BN_new(), BN_free);
+ if(!bn)
+ throw OpenSSL_Error("BN_new");
+ if(!BN_set_word(bn.get(), RSA_F4))
+ throw OpenSSL_Error("BN_set_word");
+
+ std::unique_ptr<RSA, std::function<void (RSA*)>> rsa(RSA_new(), RSA_free);
+ if(!rsa)
+ throw OpenSSL_Error("RSA_new");
+ if(!RSA_generate_key_ex(rsa.get(), rsa_bits, bn.get(), NULL))
+ throw OpenSSL_Error("RSA_generate_key_ex");
+
+ uint8_t* der = NULL;
+ int bytes = i2d_RSAPrivateKey(rsa.get(), &der);
+ if(bytes < 0)
+ throw OpenSSL_Error("i2d_RSAPrivateKey");
+
+ const secure_vector<uint8_t> keydata(der, der + bytes);
+ memset(der, 0, bytes);
+ free(der);
+ return std::unique_ptr<Botan::RSA_PrivateKey>
+ (new RSA_PrivateKey(AlgorithmIdentifier(), keydata));
+ }
}
#endif // BOTAN_HAS_RSA
diff --git a/src/lib/pubkey/pk_algs.cpp b/src/lib/pubkey/pk_algs.cpp
index 1e1fd739a..19d7361b4 100644
--- a/src/lib/pubkey/pk_algs.cpp
+++ b/src/lib/pubkey/pk_algs.cpp
@@ -56,6 +56,10 @@
#include <botan/xmss.h>
#endif
+#if defined(BOTAN_HAS_OPENSSL)
+ #include <botan/internal/openssl.h>
+#endif
+
namespace Botan {
std::unique_ptr<Public_Key>
@@ -203,7 +207,8 @@ load_private_key(const AlgorithmIdentifier& alg_id,
std::unique_ptr<Private_Key>
create_private_key(const std::string& alg_name,
RandomNumberGenerator& rng,
- const std::string& params)
+ const std::string& params,
+ const std::string& provider)
{
/*
* Default paramaters are chosen for work factor > 2**128 where possible
@@ -218,6 +223,17 @@ create_private_key(const std::string& alg_name,
if(alg_name == "RSA")
{
const size_t rsa_bits = (params.empty() ? 3072 : to_u32bit(params));
+#if defined(BOTAN_HAS_OPENSSL)
+ if(provider.empty() || provider == "openssl")
+ {
+ std::unique_ptr<Botan::Private_Key> pk;
+ if(pk = make_openssl_rsa_private_key(rng, rsa_bits))
+ return pk;
+
+ if(!provider.empty())
+ return nullptr;
+ }
+#endif
return std::unique_ptr<Private_Key>(new RSA_PrivateKey(rng, rsa_bits));
}
#endif
@@ -311,4 +327,22 @@ create_private_key(const std::string& alg_name,
return std::unique_ptr<Private_Key>();
}
+std::vector<std::string>
+probe_provider_private_key(const std::string& alg_name,
+ const std::vector<std::string> possible)
+ {
+ std::vector<std::string> providers;
+ for(auto&& prov : possible)
+ {
+ if(prov == "base" ||
+#if defined(BOTAN_HAS_OPENSSL)
+ (prov == "openssl" && alg_name == "RSA") ||
+#endif
+ 0)
+ {
+ providers.push_back(prov); // available
+ }
+ }
+ return providers;
+ }
}
diff --git a/src/lib/pubkey/pk_algs.h b/src/lib/pubkey/pk_algs.h
index 04248459b..5deded423 100644
--- a/src/lib/pubkey/pk_algs.h
+++ b/src/lib/pubkey/pk_algs.h
@@ -33,7 +33,12 @@ load_private_key(const AlgorithmIdentifier& alg_id,
BOTAN_DLL std::unique_ptr<Private_Key>
create_private_key(const std::string& algo_name,
RandomNumberGenerator& rng,
- const std::string& algo_params = "");
+ const std::string& algo_params = "",
+ const std::string& provider = "");
+
+BOTAN_DLL std::vector<std::string>
+probe_provider_private_key(const std::string& algo_name,
+ const std::vector<std::string> possible);
}