8 #include <botan/internal/openssl_engine.h>     9 #include <botan/internal/bn_wrap.h>    11 #if defined(BOTAN_HAS_RSA)    12   #include <botan/rsa.h>    15 #if defined(BOTAN_HAS_DIFFIE_HELLMAN)    19 #if defined(BOTAN_HAS_DSA)    20   #include <botan/dsa.h>    23 #if defined(BOTAN_HAS_ECDSA)    24   #include <botan/ecdsa.h>    26   #include <openssl/evp.h>    28 #if !defined(OPENSSL_NO_ECDSA)    29   #include <openssl/ecdsa.h>    38 #if defined(BOTAN_HAS_DIFFIE_HELLMAN)    39 class OSSL_DH_KA_Operation : 
public PK_Ops::Key_Agreement
    42       OSSL_DH_KA_Operation(
const DH_PrivateKey& dh) :
    43          x(dh.get_x()), p(dh.group_p()) {}
    45       SecureVector<byte> agree(
const byte w[], 
size_t w_len)
    47          OSSL_BN i(w, w_len), r;
    48          BN_mod_exp(r.value, i.value, x.value, p.value, ctx.value);
    58 #if defined(BOTAN_HAS_DSA)    60 class OSSL_DSA_Signature_Operation : 
public PK_Ops::Signature
    63       OSSL_DSA_Signature_Operation(
const DSA_PrivateKey& dsa) :
    68          q_bits(dsa.group_q().bits()) {}
    70       size_t message_parts()
 const { 
return 2; }
    71       size_t message_part_size()
 const { 
return (q_bits + 7) / 8; }
    72       size_t max_input_bits()
 const { 
return q_bits; }
    74       SecureVector<byte> sign(
const byte msg[], 
size_t msg_len,
    75                               RandomNumberGenerator& rng);
    77       const OSSL_BN x, p, q, g;
    78       const OSSL_BN_CTX ctx;
    83 OSSL_DSA_Signature_Operation::sign(
const byte msg[], 
size_t msg_len,
    84                                   RandomNumberGenerator& rng)
    86    const size_t q_bytes = (q_bits + 7) / 8;
    88    rng.add_entropy(msg, msg_len);
    92       k_bn.randomize(rng, q_bits);
    93    while(k_bn >= q.to_bigint());
    95    OSSL_BN i(msg, msg_len);
    99    BN_mod_exp(r.value, g.value, k.value, p.value, ctx.value);
   100    BN_nnmod(r.value, r.value, q.value, ctx.value);
   102    BN_mod_inverse(k.value, k.value, q.value, ctx.value);
   105    BN_mul(s.value, x.value, r.value, ctx.value);
   106    BN_add(s.value, s.value, i.value);
   107    BN_mod_mul(s.value, s.value, k.value, q.value, ctx.value);
   109    if(BN_is_zero(r.value) || BN_is_zero(s.value))
   110       throw Internal_Error(
"OpenSSL_DSA_Op::sign: r or s was zero");
   112    SecureVector<byte> output(2*q_bytes);
   113    r.encode(output, q_bytes);
   114    s.encode(output + q_bytes, q_bytes);
   118 class OSSL_DSA_Verification_Operation : 
public PK_Ops::Verification
   121       OSSL_DSA_Verification_Operation(
const DSA_PublicKey& dsa) :
   126          q_bits(dsa.group_q().bits()) {}
   128       size_t message_parts()
 const { 
return 2; }
   129       size_t message_part_size()
 const { 
return (q_bits + 7) / 8; }
   130       size_t max_input_bits()
 const { 
return q_bits; }
   132       bool with_recovery()
 const { 
return false; }
   134       bool verify(
const byte msg[], 
size_t msg_len,
   135                   const byte sig[], 
size_t sig_len);
   137       const OSSL_BN y, p, q, g;
   138       const OSSL_BN_CTX ctx;
   142 bool OSSL_DSA_Verification_Operation::verify(
const byte msg[], 
size_t msg_len,
   143                                             const byte sig[], 
size_t sig_len)
   145    const size_t q_bytes = q.bytes();
   147    if(sig_len != 2*q_bytes || msg_len > q_bytes)
   150    OSSL_BN r(sig, q_bytes);
   151    OSSL_BN s(sig + q_bytes, q_bytes);
   152    OSSL_BN i(msg, msg_len);
   154    if(BN_is_zero(r.value) || BN_cmp(r.value, q.value) >= 0)
   156    if(BN_is_zero(s.value) || BN_cmp(s.value, q.value) >= 0)
   159    if(BN_mod_inverse(s.value, s.value, q.value, ctx.value) == 0)
   163    BN_mod_mul(si.value, s.value, i.value, q.value, ctx.value);
   164    BN_mod_exp(si.value, g.value, si.value, p.value, ctx.value);
   167    BN_mod_mul(sr.value, s.value, r.value, q.value, ctx.value);
   168    BN_mod_exp(sr.value, y.value, sr.value, p.value, ctx.value);
   170    BN_mod_mul(si.value, si.value, sr.value, p.value, ctx.value);
   171    BN_nnmod(si.value, si.value, q.value, ctx.value);
   173    if(BN_cmp(si.value, r.value) == 0)
   182 #if defined(BOTAN_HAS_RSA)   184 class OSSL_RSA_Private_Operation : 
public PK_Ops::Signature,
   185                                    public PK_Ops::Decryption
   188       OSSL_RSA_Private_Operation(
const RSA_PrivateKey& rsa) :
   195          n_bits(rsa.get_n().bits())
   198       size_t max_input_bits()
 const { 
return (n_bits - 1); }
   200       SecureVector<byte> sign(
const byte msg[], 
size_t msg_len,
   201                               RandomNumberGenerator&)
   203          BigInt m(msg, msg_len);
   204          BigInt x = private_op(m);
   208       SecureVector<byte> decrypt(
const byte msg[], 
size_t msg_len)
   210          BigInt m(msg, msg_len);
   215       BigInt private_op(
const BigInt& m) 
const;
   217       const OSSL_BN mod, p, q, d1, d2, c;
   218       const OSSL_BN_CTX ctx;
   222 BigInt OSSL_RSA_Private_Operation::private_op(
const BigInt& m)
 const   224    OSSL_BN j1, j2, h(m);
   226    BN_mod_exp(j1.value, h.value, d1.value, p.value, ctx.value);
   227    BN_mod_exp(j2.value, h.value, d2.value, q.value, ctx.value);
   228    BN_sub(h.value, j1.value, j2.value);
   229    BN_mod_mul(h.value, h.value, c.value, p.value, ctx.value);
   230    BN_mul(h.value, h.value, q.value, ctx.value);
   231    BN_add(h.value, h.value, j2.value);
   232    return h.to_bigint();
   235 class OSSL_RSA_Public_Operation : 
public PK_Ops::Verification,
   236                                   public PK_Ops::Encryption
   239       OSSL_RSA_Public_Operation(
const RSA_PublicKey& rsa) :
   240          n(rsa.get_n()), e(rsa.get_e()), mod(rsa.get_n())
   243       size_t max_input_bits()
 const { 
return (n.bits() - 1); }
   244       bool with_recovery()
 const { 
return true; }
   246       SecureVector<byte> encrypt(
const byte msg[], 
size_t msg_len,
   247                                  RandomNumberGenerator&)
   249          BigInt m(msg, msg_len);
   253       SecureVector<byte> verify_mr(
const byte msg[], 
size_t msg_len)
   255          BigInt m(msg, msg_len);
   260       BigInt public_op(
const BigInt& m)
 const   266          BN_mod_exp(r.value, m_bn.value, e.value, mod.value, ctx.value);
   267          return r.to_bigint();
   271       const OSSL_BN e, mod;
   272       const OSSL_BN_CTX ctx;
   279 PK_Ops::Key_Agreement*
   282 #if defined(BOTAN_HAS_DIFFIE_HELLMAN)   283    if(
const DH_PrivateKey* dh = dynamic_cast<const DH_PrivateKey*>(&key))
   284       return new OSSL_DH_KA_Operation(*dh);
   293 #if defined(BOTAN_HAS_RSA)   294    if(
const RSA_PrivateKey* s = dynamic_cast<const RSA_PrivateKey*>(&key))
   295       return new OSSL_RSA_Private_Operation(*s);
   298 #if defined(BOTAN_HAS_DSA)   299    if(
const DSA_PrivateKey* s = dynamic_cast<const DSA_PrivateKey*>(&key))
   300       return new OSSL_DSA_Signature_Operation(*s);
   309 #if defined(BOTAN_HAS_RSA)   310    if(
const RSA_PublicKey* s = dynamic_cast<const RSA_PublicKey*>(&key))
   311       return new OSSL_RSA_Public_Operation(*s);
   314 #if defined(BOTAN_HAS_DSA)   315    if(
const DSA_PublicKey* s = dynamic_cast<const DSA_PublicKey*>(&key))
   316       return new OSSL_DSA_Verification_Operation(*s);
   325 #if defined(BOTAN_HAS_RSA)   326    if(
const RSA_PublicKey* s = dynamic_cast<const RSA_PublicKey*>(&key))
   327       return new OSSL_RSA_Public_Operation(*s);
   336 #if defined(BOTAN_HAS_RSA)   337    if(
const RSA_PrivateKey* s = dynamic_cast<const RSA_PrivateKey*>(&key))
   338       return new OSSL_RSA_Private_Operation(*s);
 PK_Ops::Encryption * get_encryption_op(const Public_Key &key) const
std::invalid_argument Invalid_Argument
static SecureVector< byte > encode(const BigInt &n, Base base=Binary)
PK_Ops::Signature * get_signature_op(const Private_Key &key) const
PK_Ops::Verification * get_verify_op(const Public_Key &key) const
PK_Ops::Decryption * get_decryption_op(const Private_Key &key) const
PK_Ops::Key_Agreement * get_key_agreement_op(const Private_Key &key) const
static SecureVector< byte > encode_1363(const BigInt &n, size_t bytes)