8 #include <botan/internal/openssl_engine.h> 9 #include <botan/internal/bn_wrap.h> 11 #if defined(BOTAN_HAS_RSA) 12 #include <botan/rsa.h> 15 #if defined(BOTAN_HAS_DIFFIE_HELLMAN) 19 #if defined(BOTAN_HAS_DSA) 20 #include <botan/dsa.h> 23 #if defined(BOTAN_HAS_ECDSA) 24 #include <botan/ecdsa.h> 26 #include <openssl/evp.h> 28 #if !defined(OPENSSL_NO_ECDSA) 29 #include <openssl/ecdsa.h> 38 #if defined(BOTAN_HAS_DIFFIE_HELLMAN) 39 class OSSL_DH_KA_Operation :
public PK_Ops::Key_Agreement
42 OSSL_DH_KA_Operation(
const DH_PrivateKey& dh) :
43 x(dh.get_x()), p(dh.group_p()) {}
45 SecureVector<byte> agree(
const byte w[],
size_t w_len)
47 OSSL_BN i(w, w_len), r;
48 BN_mod_exp(r.value, i.value, x.value, p.value, ctx.value);
58 #if defined(BOTAN_HAS_DSA) 60 class OSSL_DSA_Signature_Operation :
public PK_Ops::Signature
63 OSSL_DSA_Signature_Operation(
const DSA_PrivateKey& dsa) :
68 q_bits(dsa.group_q().bits()) {}
70 size_t message_parts()
const {
return 2; }
71 size_t message_part_size()
const {
return (q_bits + 7) / 8; }
72 size_t max_input_bits()
const {
return q_bits; }
74 SecureVector<byte> sign(
const byte msg[],
size_t msg_len,
75 RandomNumberGenerator& rng);
77 const OSSL_BN x, p, q, g;
78 const OSSL_BN_CTX ctx;
83 OSSL_DSA_Signature_Operation::sign(
const byte msg[],
size_t msg_len,
84 RandomNumberGenerator& rng)
86 const size_t q_bytes = (q_bits + 7) / 8;
88 rng.add_entropy(msg, msg_len);
92 k_bn.randomize(rng, q_bits);
93 while(k_bn >= q.to_bigint());
95 OSSL_BN i(msg, msg_len);
99 BN_mod_exp(r.value, g.value, k.value, p.value, ctx.value);
100 BN_nnmod(r.value, r.value, q.value, ctx.value);
102 BN_mod_inverse(k.value, k.value, q.value, ctx.value);
105 BN_mul(s.value, x.value, r.value, ctx.value);
106 BN_add(s.value, s.value, i.value);
107 BN_mod_mul(s.value, s.value, k.value, q.value, ctx.value);
109 if(BN_is_zero(r.value) || BN_is_zero(s.value))
110 throw Internal_Error(
"OpenSSL_DSA_Op::sign: r or s was zero");
112 SecureVector<byte> output(2*q_bytes);
113 r.encode(output, q_bytes);
114 s.encode(output + q_bytes, q_bytes);
118 class OSSL_DSA_Verification_Operation :
public PK_Ops::Verification
121 OSSL_DSA_Verification_Operation(
const DSA_PublicKey& dsa) :
126 q_bits(dsa.group_q().bits()) {}
128 size_t message_parts()
const {
return 2; }
129 size_t message_part_size()
const {
return (q_bits + 7) / 8; }
130 size_t max_input_bits()
const {
return q_bits; }
132 bool with_recovery()
const {
return false; }
134 bool verify(
const byte msg[],
size_t msg_len,
135 const byte sig[],
size_t sig_len);
137 const OSSL_BN y, p, q, g;
138 const OSSL_BN_CTX ctx;
142 bool OSSL_DSA_Verification_Operation::verify(
const byte msg[],
size_t msg_len,
143 const byte sig[],
size_t sig_len)
145 const size_t q_bytes = q.bytes();
147 if(sig_len != 2*q_bytes || msg_len > q_bytes)
150 OSSL_BN r(sig, q_bytes);
151 OSSL_BN s(sig + q_bytes, q_bytes);
152 OSSL_BN i(msg, msg_len);
154 if(BN_is_zero(r.value) || BN_cmp(r.value, q.value) >= 0)
156 if(BN_is_zero(s.value) || BN_cmp(s.value, q.value) >= 0)
159 if(BN_mod_inverse(s.value, s.value, q.value, ctx.value) == 0)
163 BN_mod_mul(si.value, s.value, i.value, q.value, ctx.value);
164 BN_mod_exp(si.value, g.value, si.value, p.value, ctx.value);
167 BN_mod_mul(sr.value, s.value, r.value, q.value, ctx.value);
168 BN_mod_exp(sr.value, y.value, sr.value, p.value, ctx.value);
170 BN_mod_mul(si.value, si.value, sr.value, p.value, ctx.value);
171 BN_nnmod(si.value, si.value, q.value, ctx.value);
173 if(BN_cmp(si.value, r.value) == 0)
182 #if defined(BOTAN_HAS_RSA) 184 class OSSL_RSA_Private_Operation :
public PK_Ops::Signature,
185 public PK_Ops::Decryption
188 OSSL_RSA_Private_Operation(
const RSA_PrivateKey& rsa) :
195 n_bits(rsa.get_n().bits())
198 size_t max_input_bits()
const {
return (n_bits - 1); }
200 SecureVector<byte> sign(
const byte msg[],
size_t msg_len,
201 RandomNumberGenerator&)
203 BigInt m(msg, msg_len);
204 BigInt x = private_op(m);
208 SecureVector<byte> decrypt(
const byte msg[],
size_t msg_len)
210 BigInt m(msg, msg_len);
215 BigInt private_op(
const BigInt& m)
const;
217 const OSSL_BN mod, p, q, d1, d2, c;
218 const OSSL_BN_CTX ctx;
222 BigInt OSSL_RSA_Private_Operation::private_op(
const BigInt& m)
const 224 OSSL_BN j1, j2, h(m);
226 BN_mod_exp(j1.value, h.value, d1.value, p.value, ctx.value);
227 BN_mod_exp(j2.value, h.value, d2.value, q.value, ctx.value);
228 BN_sub(h.value, j1.value, j2.value);
229 BN_mod_mul(h.value, h.value, c.value, p.value, ctx.value);
230 BN_mul(h.value, h.value, q.value, ctx.value);
231 BN_add(h.value, h.value, j2.value);
232 return h.to_bigint();
235 class OSSL_RSA_Public_Operation :
public PK_Ops::Verification,
236 public PK_Ops::Encryption
239 OSSL_RSA_Public_Operation(
const RSA_PublicKey& rsa) :
240 n(rsa.get_n()), e(rsa.get_e()), mod(rsa.get_n())
243 size_t max_input_bits()
const {
return (n.bits() - 1); }
244 bool with_recovery()
const {
return true; }
246 SecureVector<byte> encrypt(
const byte msg[],
size_t msg_len,
247 RandomNumberGenerator&)
249 BigInt m(msg, msg_len);
253 SecureVector<byte> verify_mr(
const byte msg[],
size_t msg_len)
255 BigInt m(msg, msg_len);
260 BigInt public_op(
const BigInt& m)
const 266 BN_mod_exp(r.value, m_bn.value, e.value, mod.value, ctx.value);
267 return r.to_bigint();
271 const OSSL_BN e, mod;
272 const OSSL_BN_CTX ctx;
279 PK_Ops::Key_Agreement*
282 #if defined(BOTAN_HAS_DIFFIE_HELLMAN) 283 if(
const DH_PrivateKey* dh = dynamic_cast<const DH_PrivateKey*>(&key))
284 return new OSSL_DH_KA_Operation(*dh);
293 #if defined(BOTAN_HAS_RSA) 294 if(
const RSA_PrivateKey* s = dynamic_cast<const RSA_PrivateKey*>(&key))
295 return new OSSL_RSA_Private_Operation(*s);
298 #if defined(BOTAN_HAS_DSA) 299 if(
const DSA_PrivateKey* s = dynamic_cast<const DSA_PrivateKey*>(&key))
300 return new OSSL_DSA_Signature_Operation(*s);
309 #if defined(BOTAN_HAS_RSA) 310 if(
const RSA_PublicKey* s = dynamic_cast<const RSA_PublicKey*>(&key))
311 return new OSSL_RSA_Public_Operation(*s);
314 #if defined(BOTAN_HAS_DSA) 315 if(
const DSA_PublicKey* s = dynamic_cast<const DSA_PublicKey*>(&key))
316 return new OSSL_DSA_Verification_Operation(*s);
325 #if defined(BOTAN_HAS_RSA) 326 if(
const RSA_PublicKey* s = dynamic_cast<const RSA_PublicKey*>(&key))
327 return new OSSL_RSA_Public_Operation(*s);
336 #if defined(BOTAN_HAS_RSA) 337 if(
const RSA_PrivateKey* s = dynamic_cast<const RSA_PrivateKey*>(&key))
338 return new OSSL_RSA_Private_Operation(*s);
PK_Ops::Encryption * get_encryption_op(const Public_Key &key) const
std::invalid_argument Invalid_Argument
static SecureVector< byte > encode(const BigInt &n, Base base=Binary)
PK_Ops::Signature * get_signature_op(const Private_Key &key) const
PK_Ops::Verification * get_verify_op(const Public_Key &key) const
PK_Ops::Decryption * get_decryption_op(const Private_Key &key) const
PK_Ops::Key_Agreement * get_key_agreement_op(const Private_Key &key) const
static SecureVector< byte > encode_1363(const BigInt &n, size_t bytes)