From fe6a46ad89788436d17736b286662b793f776885 Mon Sep 17 00:00:00 2001 From: lloyd Date: Wed, 17 Dec 2014 03:24:35 +0000 Subject: In OpenSSL engine drop support for public key operations. These PK ops just call BN directly and so don't get the benefit of side channel protections in either OpenSSL's or Botan's implementations of the algorithms. --- src/lib/engine/openssl/bn_powm.cpp | 54 ----- src/lib/engine/openssl/bn_wrap.cpp | 116 ----------- src/lib/engine/openssl/bn_wrap.h | 60 ------ src/lib/engine/openssl/info.txt | 4 - src/lib/engine/openssl/openssl_engine.h | 16 -- src/lib/engine/openssl/ossl_pk.cpp | 338 -------------------------------- 6 files changed, 588 deletions(-) delete mode 100644 src/lib/engine/openssl/bn_powm.cpp delete mode 100644 src/lib/engine/openssl/bn_wrap.cpp delete mode 100644 src/lib/engine/openssl/bn_wrap.h delete mode 100644 src/lib/engine/openssl/ossl_pk.cpp (limited to 'src') diff --git a/src/lib/engine/openssl/bn_powm.cpp b/src/lib/engine/openssl/bn_powm.cpp deleted file mode 100644 index ac06fbe77..000000000 --- a/src/lib/engine/openssl/bn_powm.cpp +++ /dev/null @@ -1,54 +0,0 @@ -/* -* OpenSSL Modular Exponentiation -* (C) 1999-2007 Jack Lloyd -* -* Distributed under the terms of the Botan license -*/ - -#include -#include - -namespace Botan { - -namespace { - -/* -* OpenSSL Modular Exponentiator -*/ -class OpenSSL_Modular_Exponentiator : public Modular_Exponentiator - { - public: - void set_base(const BigInt& b) { base = b; } - void set_exponent(const BigInt& e) { exp = e; } - BigInt execute() const; - Modular_Exponentiator* copy() const - { return new OpenSSL_Modular_Exponentiator(*this); } - - OpenSSL_Modular_Exponentiator(const BigInt& n) : mod(n) {} - private: - OSSL_BN base, exp, mod; - OSSL_BN_CTX ctx; - }; - -/* -* Compute the result -*/ -BigInt OpenSSL_Modular_Exponentiator::execute() const - { - OSSL_BN r; - BN_mod_exp(r.ptr(), base.ptr(), exp.ptr(), mod.ptr(), ctx.ptr()); - return r.to_bigint(); - } - -} - -/* -* Return the OpenSSL-based modular exponentiator -*/ -Modular_Exponentiator* OpenSSL_Engine::mod_exp(const BigInt& n, - Power_Mod::Usage_Hints) const - { - return new OpenSSL_Modular_Exponentiator(n); - } - -} diff --git a/src/lib/engine/openssl/bn_wrap.cpp b/src/lib/engine/openssl/bn_wrap.cpp deleted file mode 100644 index 0a7e42368..000000000 --- a/src/lib/engine/openssl/bn_wrap.cpp +++ /dev/null @@ -1,116 +0,0 @@ -/* -* OpenSSL BN Wrapper -* (C) 1999-2007 Jack Lloyd -* -* Distributed under the terms of the Botan license -*/ - -#include - -namespace Botan { - -/* -* OSSL_BN Constructor -*/ -OSSL_BN::OSSL_BN(const BigInt& in) - { - m_bn = BN_new(); - secure_vector encoding = BigInt::encode_locked(in); - if(in != 0) - BN_bin2bn(&encoding[0], encoding.size(), m_bn); - } - -/* -* OSSL_BN Constructor -*/ -OSSL_BN::OSSL_BN(const byte in[], size_t length) - { - m_bn = BN_new(); - BN_bin2bn(in, length, m_bn); - } - -/* -* OSSL_BN Copy Constructor -*/ -OSSL_BN::OSSL_BN(const OSSL_BN& other) - { - m_bn = BN_dup(other.m_bn); - } - -/* -* OSSL_BN Destructor -*/ -OSSL_BN::~OSSL_BN() - { - BN_clear_free(m_bn); - } - -/* -* OSSL_BN Assignment Operator -*/ -OSSL_BN& OSSL_BN::operator=(const OSSL_BN& other) - { - BN_copy(m_bn, other.m_bn); - return (*this); - } - -/* -* Export the BIGNUM as a bytestring -*/ -void OSSL_BN::encode(byte out[], size_t length) const - { - BN_bn2bin(m_bn, out + (length - bytes())); - } - -/* -* Return the number of significant bytes -*/ -size_t OSSL_BN::bytes() const - { - return BN_num_bytes(m_bn); - } - -/* -* OpenSSL to BigInt Conversions -*/ -BigInt OSSL_BN::to_bigint() const - { - secure_vector out(bytes()); - BN_bn2bin(m_bn, &out[0]); - return BigInt::decode(out); - } - -/* -* OSSL_BN_CTX Constructor -*/ -OSSL_BN_CTX::OSSL_BN_CTX() - { - m_ctx = BN_CTX_new(); - } - -/* -* OSSL_BN_CTX Copy Constructor -*/ -OSSL_BN_CTX::OSSL_BN_CTX(const OSSL_BN_CTX&) - { - m_ctx = BN_CTX_new(); - } - -/* -* OSSL_BN_CTX Destructor -*/ -OSSL_BN_CTX::~OSSL_BN_CTX() - { - BN_CTX_free(m_ctx); - } - -/* -* OSSL_BN_CTX Assignment Operator -*/ -OSSL_BN_CTX& OSSL_BN_CTX::operator=(const OSSL_BN_CTX&) - { - m_ctx = BN_CTX_new(); - return (*this); - } - -} diff --git a/src/lib/engine/openssl/bn_wrap.h b/src/lib/engine/openssl/bn_wrap.h deleted file mode 100644 index 12bcec152..000000000 --- a/src/lib/engine/openssl/bn_wrap.h +++ /dev/null @@ -1,60 +0,0 @@ -/* -* OpenSSL BN Wrapper -* (C) 1999-2007 Jack Lloyd -* -* Distributed under the terms of the Botan license -*/ - -#ifndef BOTAN_OPENSSL_BN_WRAP_H__ -#define BOTAN_OPENSSL_BN_WRAP_H__ - -#include -#include - -namespace Botan { - -/** -* Lightweight OpenSSL BN wrapper. For internal use only. -*/ -class OSSL_BN - { - public: - BigInt to_bigint() const; - void encode(byte[], size_t) const; - size_t bytes() const; - - secure_vector to_bytes() const - { return BigInt::encode_locked(to_bigint()); } - - OSSL_BN& operator=(const OSSL_BN&); - - OSSL_BN(const OSSL_BN&); - OSSL_BN(const BigInt& = 0); - OSSL_BN(const byte[], size_t); - ~OSSL_BN(); - - BIGNUM* ptr() const { return m_bn; } - private: - BIGNUM* m_bn; - }; - -/** -* Lightweight OpenSSL BN_CTX wrapper. For internal use only. -*/ -class OSSL_BN_CTX - { - public: - OSSL_BN_CTX& operator=(const OSSL_BN_CTX&); - - OSSL_BN_CTX(); - OSSL_BN_CTX(const OSSL_BN_CTX&); - ~OSSL_BN_CTX(); - - BN_CTX* ptr() const { return m_ctx; } - private: - BN_CTX* m_ctx; - }; - -} - -#endif diff --git a/src/lib/engine/openssl/info.txt b/src/lib/engine/openssl/info.txt index d500816d5..c1be7bf9b 100644 --- a/src/lib/engine/openssl/info.txt +++ b/src/lib/engine/openssl/info.txt @@ -8,16 +8,12 @@ all -> crypto openssl_engine.h -bn_wrap.h -bn_powm.cpp -bn_wrap.cpp ossl_arc4.cpp ossl_bc.cpp ossl_md.cpp -ossl_pk.cpp diff --git a/src/lib/engine/openssl/openssl_engine.h b/src/lib/engine/openssl/openssl_engine.h index 5c0d1511d..a106f3d21 100644 --- a/src/lib/engine/openssl/openssl_engine.h +++ b/src/lib/engine/openssl/openssl_engine.h @@ -20,22 +20,6 @@ class OpenSSL_Engine : public Engine public: std::string provider_name() const override { return "openssl"; } - PK_Ops::Key_Agreement* - get_key_agreement_op(const Private_Key& key, RandomNumberGenerator& rng) const override; - - PK_Ops::Signature* get_signature_op(const Private_Key& key, const std::string& emsa, - RandomNumberGenerator& rng) const override; - - PK_Ops::Verification* get_verify_op(const Public_Key& key, const std::string& emsa, - RandomNumberGenerator& rng) const override; - - PK_Ops::Encryption* get_encryption_op(const Public_Key& key, RandomNumberGenerator& rng) const override; - - PK_Ops::Decryption* get_decryption_op(const Private_Key& key, RandomNumberGenerator& rng) const override; - - Modular_Exponentiator* mod_exp(const BigInt&, - Power_Mod::Usage_Hints) const override; - BlockCipher* find_block_cipher(const SCAN_Name&, Algorithm_Factory&) const override; diff --git a/src/lib/engine/openssl/ossl_pk.cpp b/src/lib/engine/openssl/ossl_pk.cpp deleted file mode 100644 index b489ad454..000000000 --- a/src/lib/engine/openssl/ossl_pk.cpp +++ /dev/null @@ -1,338 +0,0 @@ -/* -* OpenSSL PK operations -* (C) 1999-2010 Jack Lloyd -* -* Distributed under the terms of the Botan license -*/ - -#include -#include - -#if defined(BOTAN_HAS_RSA) - #include -#endif - -#if defined(BOTAN_HAS_DSA) - #include -#endif - -#if defined(BOTAN_HAS_ECDSA) - #include - #include -#endif - -#if defined(BOTAN_HAS_DIFFIE_HELLMAN) - #include -#endif - -namespace Botan { - -namespace { - -#if defined(BOTAN_HAS_DIFFIE_HELLMAN) -class OSSL_DH_KA_Operation : public PK_Ops::Key_Agreement - { - public: - OSSL_DH_KA_Operation(const DH_PrivateKey& dh) : - x(dh.get_x()), p(dh.group_p()) {} - - secure_vector agree(const byte w[], size_t w_len) - { - OSSL_BN i(w, w_len), r; - BN_mod_exp(r.ptr(), i.ptr(), x.ptr(), p.ptr(), ctx.ptr()); - return r.to_bytes(); - } - - private: - const OSSL_BN x, p; - OSSL_BN_CTX ctx; - }; -#endif - -#if defined(BOTAN_HAS_DSA) - -class OSSL_DSA_Signature_Operation : public PK_Ops::Signature - { - public: - OSSL_DSA_Signature_Operation(const DSA_PrivateKey& dsa) : - x(dsa.get_x()), - p(dsa.group_p()), - q(dsa.group_q()), - g(dsa.group_g()), - q_bits(dsa.group_q().bits()) {} - - size_t message_parts() const { return 2; } - size_t message_part_size() const { return (q_bits + 7) / 8; } - size_t max_input_bits() const { return q_bits; } - - secure_vector sign(const byte msg[], size_t msg_len, - RandomNumberGenerator& rng); - private: - const OSSL_BN x, p, q, g; - const OSSL_BN_CTX ctx; - size_t q_bits; - }; - -secure_vector -OSSL_DSA_Signature_Operation::sign(const byte msg[], size_t msg_len, - RandomNumberGenerator& rng) - { - const size_t q_bytes = (q_bits + 7) / 8; - - rng.add_entropy(msg, msg_len); - - BigInt k_bn; - do - k_bn.randomize(rng, q_bits); - while(k_bn >= q.to_bigint()); - - OSSL_BN i(msg, msg_len); - OSSL_BN k(k_bn); - - OSSL_BN r; - BN_mod_exp(r.ptr(), g.ptr(), k.ptr(), p.ptr(), ctx.ptr()); - BN_nnmod(r.ptr(), r.ptr(), q.ptr(), ctx.ptr()); - - BN_mod_inverse(k.ptr(), k.ptr(), q.ptr(), ctx.ptr()); - - OSSL_BN s; - BN_mul(s.ptr(), x.ptr(), r.ptr(), ctx.ptr()); - BN_add(s.ptr(), s.ptr(), i.ptr()); - BN_mod_mul(s.ptr(), s.ptr(), k.ptr(), q.ptr(), ctx.ptr()); - - if(BN_is_zero(r.ptr()) || BN_is_zero(s.ptr())) - throw Internal_Error("OpenSSL_DSA_Op::sign: r or s was zero"); - - secure_vector output(2*q_bytes); - r.encode(&output[0], q_bytes); - s.encode(&output[q_bytes], q_bytes); - return output; - } - -class OSSL_DSA_Verification_Operation : public PK_Ops::Verification - { - public: - OSSL_DSA_Verification_Operation(const DSA_PublicKey& dsa) : - y(dsa.get_y()), - p(dsa.group_p()), - q(dsa.group_q()), - g(dsa.group_g()), - q_bits(dsa.group_q().bits()) {} - - size_t message_parts() const { return 2; } - size_t message_part_size() const { return (q_bits + 7) / 8; } - size_t max_input_bits() const { return q_bits; } - - bool with_recovery() const { return false; } - - bool verify(const byte msg[], size_t msg_len, - const byte sig[], size_t sig_len); - private: - const OSSL_BN y, p, q, g; - const OSSL_BN_CTX ctx; - size_t q_bits; - }; - -bool OSSL_DSA_Verification_Operation::verify(const byte msg[], size_t msg_len, - const byte sig[], size_t sig_len) - { - const size_t q_bytes = q.bytes(); - - if(sig_len != 2*q_bytes || msg_len > q_bytes) - return false; - - OSSL_BN r(sig, q_bytes); - OSSL_BN s(sig + q_bytes, q_bytes); - OSSL_BN i(msg, msg_len); - - if(BN_is_zero(r.ptr()) || BN_cmp(r.ptr(), q.ptr()) >= 0) - return false; - if(BN_is_zero(s.ptr()) || BN_cmp(s.ptr(), q.ptr()) >= 0) - return false; - - if(BN_mod_inverse(s.ptr(), s.ptr(), q.ptr(), ctx.ptr()) == 0) - return false; - - OSSL_BN si; - BN_mod_mul(si.ptr(), s.ptr(), i.ptr(), q.ptr(), ctx.ptr()); - BN_mod_exp(si.ptr(), g.ptr(), si.ptr(), p.ptr(), ctx.ptr()); - - OSSL_BN sr; - BN_mod_mul(sr.ptr(), s.ptr(), r.ptr(), q.ptr(), ctx.ptr()); - BN_mod_exp(sr.ptr(), y.ptr(), sr.ptr(), p.ptr(), ctx.ptr()); - - BN_mod_mul(si.ptr(), si.ptr(), sr.ptr(), p.ptr(), ctx.ptr()); - BN_nnmod(si.ptr(), si.ptr(), q.ptr(), ctx.ptr()); - - if(BN_cmp(si.ptr(), r.ptr()) == 0) - return true; - return false; - - return false; - } - -#endif - -#if defined(BOTAN_HAS_RSA) - -class OSSL_RSA_Private_Operation : public PK_Ops::Signature, - public PK_Ops::Decryption - { - public: - OSSL_RSA_Private_Operation(const RSA_PrivateKey& rsa) : - mod(rsa.get_n()), - p(rsa.get_p()), - q(rsa.get_q()), - d1(rsa.get_d1()), - d2(rsa.get_d2()), - c(rsa.get_c()), - n_bits(rsa.get_n().bits()) - {} - - size_t max_input_bits() const { return (n_bits - 1); } - - secure_vector sign(const byte msg[], size_t msg_len, - RandomNumberGenerator&) - { - BigInt m(msg, msg_len); - BigInt x = private_op(m); - return BigInt::encode_1363(x, (n_bits + 7) / 8); - } - - secure_vector decrypt(const byte msg[], size_t msg_len) - { - BigInt m(msg, msg_len); - return BigInt::encode_locked(private_op(m)); - } - - private: - BigInt private_op(const BigInt& m) const; - - const OSSL_BN mod, p, q, d1, d2, c; - const OSSL_BN_CTX ctx; - size_t n_bits; - }; - -BigInt OSSL_RSA_Private_Operation::private_op(const BigInt& m) const - { - OSSL_BN j1, j2, h(m); - - BN_mod_exp(j1.ptr(), h.ptr(), d1.ptr(), p.ptr(), ctx.ptr()); - BN_mod_exp(j2.ptr(), h.ptr(), d2.ptr(), q.ptr(), ctx.ptr()); - BN_sub(h.ptr(), j1.ptr(), j2.ptr()); - BN_mod_mul(h.ptr(), h.ptr(), c.ptr(), p.ptr(), ctx.ptr()); - BN_mul(h.ptr(), h.ptr(), q.ptr(), ctx.ptr()); - BN_add(h.ptr(), h.ptr(), j2.ptr()); - return h.to_bigint(); - } - -class OSSL_RSA_Public_Operation : public PK_Ops::Verification, - public PK_Ops::Encryption - { - public: - OSSL_RSA_Public_Operation(const RSA_PublicKey& rsa) : - n(rsa.get_n()), e(rsa.get_e()), mod(rsa.get_n()) - {} - - size_t max_input_bits() const { return (n.bits() - 1); } - bool with_recovery() const { return true; } - - secure_vector encrypt(const byte msg[], size_t msg_len, - RandomNumberGenerator&) - { - BigInt m(msg, msg_len); - return BigInt::encode_1363(public_op(m), n.bytes()); - } - - secure_vector verify_mr(const byte msg[], size_t msg_len) - { - BigInt m(msg, msg_len); - return BigInt::encode_locked(public_op(m)); - } - - private: - BigInt public_op(const BigInt& m) const - { - if(m >= n) - throw Invalid_Argument("RSA public op - input is too large"); - - OSSL_BN m_bn(m), r; - BN_mod_exp(r.ptr(), m_bn.ptr(), e.ptr(), mod.ptr(), ctx.ptr()); - return r.to_bigint(); - } - - const BigInt& n; - const OSSL_BN e, mod; - const OSSL_BN_CTX ctx; - }; - -#endif - -} - -PK_Ops::Key_Agreement* -OpenSSL_Engine::get_key_agreement_op(const Private_Key& key, RandomNumberGenerator&) const - { -#if defined(BOTAN_HAS_DIFFIE_HELLMAN) - if(const DH_PrivateKey* dh = dynamic_cast(&key)) - return new OSSL_DH_KA_Operation(*dh); -#endif - - return 0; - } - -PK_Ops::Signature* -OpenSSL_Engine::get_signature_op(const Private_Key& key, const std::string&, RandomNumberGenerator&) const - { -#if defined(BOTAN_HAS_RSA) - if(const RSA_PrivateKey* s = dynamic_cast(&key)) - return new OSSL_RSA_Private_Operation(*s); -#endif - -#if defined(BOTAN_HAS_DSA) - if(const DSA_PrivateKey* s = dynamic_cast(&key)) - return new OSSL_DSA_Signature_Operation(*s); -#endif - - return 0; - } - -PK_Ops::Verification* -OpenSSL_Engine::get_verify_op(const Public_Key& key, const std::string&, RandomNumberGenerator&) const - { -#if defined(BOTAN_HAS_RSA) - if(const RSA_PublicKey* s = dynamic_cast(&key)) - return new OSSL_RSA_Public_Operation(*s); -#endif - -#if defined(BOTAN_HAS_DSA) - if(const DSA_PublicKey* s = dynamic_cast(&key)) - return new OSSL_DSA_Verification_Operation(*s); -#endif - - return 0; - } - -PK_Ops::Encryption* -OpenSSL_Engine::get_encryption_op(const Public_Key& key, RandomNumberGenerator&) const - { -#if defined(BOTAN_HAS_RSA) - if(const RSA_PublicKey* s = dynamic_cast(&key)) - return new OSSL_RSA_Public_Operation(*s); -#endif - - return 0; - } - -PK_Ops::Decryption* -OpenSSL_Engine::get_decryption_op(const Private_Key& key, RandomNumberGenerator&) const - { -#if defined(BOTAN_HAS_RSA) - if(const RSA_PrivateKey* s = dynamic_cast(&key)) - return new OSSL_RSA_Private_Operation(*s); -#endif - - return 0; - } - -} -- cgit v1.2.3