8 #include <botan/internal/openssl_engine.h>
9 #include <botan/internal/bn_wrap.h>
11 #if defined(BOTAN_HAS_RSA)
12 #include <botan/rsa.h>
15 #if defined(BOTAN_HAS_DSA)
16 #include <botan/dsa.h>
19 #if defined(BOTAN_HAS_ECDSA)
20 #include <botan/ecdsa.h>
21 #include <openssl/ecdsa.h>
24 #if defined(BOTAN_HAS_DIFFIE_HELLMAN)
32 #if defined(BOTAN_HAS_DIFFIE_HELLMAN)
33 class OSSL_DH_KA_Operation :
public PK_Ops::Key_Agreement
36 OSSL_DH_KA_Operation(
const DH_PrivateKey& dh) :
37 x(dh.get_x()), p(dh.group_p()) {}
39 SecureVector<byte> agree(
const byte w[],
size_t w_len)
41 OSSL_BN i(w, w_len),
r;
42 BN_mod_exp(r.value, i.value, x.value, p.value,
ctx.value);
52 #if defined(BOTAN_HAS_DSA)
54 class OSSL_DSA_Signature_Operation :
public PK_Ops::Signature
57 OSSL_DSA_Signature_Operation(
const DSA_PrivateKey& dsa) :
62 q_bits(dsa.group_q().bits()) {}
64 size_t message_parts()
const {
return 2; }
65 size_t message_part_size()
const {
return (q_bits + 7) / 8; }
66 size_t max_input_bits()
const {
return q_bits; }
68 SecureVector<byte> sign(
const byte msg[],
size_t msg_len,
69 RandomNumberGenerator&
rng);
71 const OSSL_BN x, p, q, g;
72 const OSSL_BN_CTX
ctx;
77 OSSL_DSA_Signature_Operation::sign(
const byte msg[],
size_t msg_len,
78 RandomNumberGenerator&
rng)
80 const size_t q_bytes = (q_bits + 7) / 8;
82 rng.add_entropy(msg, msg_len);
86 k_bn.randomize(rng, q_bits);
87 while(k_bn >= q.to_bigint());
89 OSSL_BN i(msg, msg_len);
93 BN_mod_exp(r.value, g.value, k.value, p.value,
ctx.
value);
94 BN_nnmod(r.value, r.value, q.value,
ctx.
value);
96 BN_mod_inverse(k.value, k.value, q.value,
ctx.
value);
99 BN_mul(s.value, x.value, r.value,
ctx.
value);
100 BN_add(s.value, s.value, i.value);
101 BN_mod_mul(s.value, s.value, k.value, q.value,
ctx.
value);
103 if(BN_is_zero(r.value) || BN_is_zero(s.value))
104 throw Internal_Error(
"OpenSSL_DSA_Op::sign: r or s was zero");
106 SecureVector<byte> output(2*q_bytes);
107 r.encode(output, q_bytes);
108 s.encode(output + q_bytes, q_bytes);
112 class OSSL_DSA_Verification_Operation :
public PK_Ops::Verification
115 OSSL_DSA_Verification_Operation(
const DSA_PublicKey& dsa) :
120 q_bits(dsa.group_q().bits()) {}
122 size_t message_parts()
const {
return 2; }
123 size_t message_part_size()
const {
return (q_bits + 7) / 8; }
124 size_t max_input_bits()
const {
return q_bits; }
126 bool with_recovery()
const {
return false; }
128 bool verify(
const byte msg[],
size_t msg_len,
129 const byte sig[],
size_t sig_len);
131 const OSSL_BN y, p, q, g;
132 const OSSL_BN_CTX
ctx;
136 bool OSSL_DSA_Verification_Operation::verify(
const byte msg[],
size_t msg_len,
137 const byte sig[],
size_t sig_len)
139 const size_t q_bytes = q.bytes();
141 if(sig_len != 2*q_bytes || msg_len > q_bytes)
144 OSSL_BN
r(sig, q_bytes);
145 OSSL_BN
s(sig + q_bytes, q_bytes);
146 OSSL_BN i(msg, msg_len);
148 if(BN_is_zero(r.value) || BN_cmp(r.value, q.value) >= 0)
150 if(BN_is_zero(s.value) || BN_cmp(s.value, q.value) >= 0)
153 if(BN_mod_inverse(s.value, s.value, q.value,
ctx.
value) == 0)
157 BN_mod_mul(si.value, s.value, i.value, q.value,
ctx.
value);
158 BN_mod_exp(si.value, g.value, si.value, p.value,
ctx.
value);
161 BN_mod_mul(sr.value, s.value, r.value, q.value,
ctx.
value);
162 BN_mod_exp(sr.value, y.value, sr.value, p.value,
ctx.
value);
164 BN_mod_mul(si.value, si.value, sr.value, p.value,
ctx.
value);
165 BN_nnmod(si.value, si.value, q.value,
ctx.
value);
167 if(BN_cmp(si.value, r.value) == 0)
176 #if defined(BOTAN_HAS_RSA)
178 class OSSL_RSA_Private_Operation :
public PK_Ops::Signature,
179 public PK_Ops::Decryption
182 OSSL_RSA_Private_Operation(
const RSA_PrivateKey& rsa) :
189 n_bits(rsa.get_n().bits())
192 size_t max_input_bits()
const {
return (n_bits - 1); }
194 SecureVector<byte> sign(
const byte msg[],
size_t msg_len,
195 RandomNumberGenerator&)
197 BigInt m(msg, msg_len);
198 BigInt x = private_op(m);
202 SecureVector<byte>
decrypt(
const byte msg[],
size_t msg_len)
204 BigInt m(msg, msg_len);
209 BigInt private_op(
const BigInt& m)
const;
211 const OSSL_BN
mod, p, q, d1, d2, c;
212 const OSSL_BN_CTX
ctx;
216 BigInt OSSL_RSA_Private_Operation::private_op(
const BigInt& m)
const
218 OSSL_BN j1, j2, h(m);
220 BN_mod_exp(j1.value, h.value, d1.value, p.value,
ctx.
value);
221 BN_mod_exp(j2.value, h.value, d2.value, q.value,
ctx.
value);
222 BN_sub(h.value, j1.value, j2.value);
223 BN_mod_mul(h.value, h.value, c.value, p.value,
ctx.
value);
224 BN_mul(h.value, h.value, q.value,
ctx.
value);
225 BN_add(h.value, h.value, j2.value);
226 return h.to_bigint();
229 class OSSL_RSA_Public_Operation :
public PK_Ops::Verification,
230 public PK_Ops::Encryption
233 OSSL_RSA_Public_Operation(
const RSA_PublicKey& rsa) :
234 n(rsa.get_n()), e(rsa.get_e()),
mod(rsa.get_n())
237 size_t max_input_bits()
const {
return (
n.bits() - 1); }
238 bool with_recovery()
const {
return true; }
240 SecureVector<byte>
encrypt(
const byte msg[],
size_t msg_len,
241 RandomNumberGenerator&)
243 BigInt m(msg, msg_len);
247 SecureVector<byte> verify_mr(
const byte msg[],
size_t msg_len)
249 BigInt m(msg, msg_len);
254 BigInt public_op(
const BigInt& m)
const
260 BN_mod_exp(r.value, m_bn.value, e.value,
mod.value,
ctx.value);
261 return r.to_bigint();
265 const OSSL_BN e,
mod;
266 const OSSL_BN_CTX
ctx;
273 PK_Ops::Key_Agreement*
276 #if defined(BOTAN_HAS_DIFFIE_HELLMAN)
277 if(
const DH_PrivateKey* dh = dynamic_cast<const DH_PrivateKey*>(&key))
278 return new OSSL_DH_KA_Operation(*dh);
287 #if defined(BOTAN_HAS_RSA)
288 if(
const RSA_PrivateKey* s = dynamic_cast<const RSA_PrivateKey*>(&key))
289 return new OSSL_RSA_Private_Operation(*s);
292 #if defined(BOTAN_HAS_DSA)
293 if(
const DSA_PrivateKey* s = dynamic_cast<const DSA_PrivateKey*>(&key))
294 return new OSSL_DSA_Signature_Operation(*s);
303 #if defined(BOTAN_HAS_RSA)
304 if(
const RSA_PublicKey* s = dynamic_cast<const RSA_PublicKey*>(&key))
305 return new OSSL_RSA_Public_Operation(*s);
308 #if defined(BOTAN_HAS_DSA)
309 if(
const DSA_PublicKey* s = dynamic_cast<const DSA_PublicKey*>(&key))
310 return new OSSL_DSA_Verification_Operation(*s);
319 #if defined(BOTAN_HAS_RSA)
320 if(
const RSA_PublicKey* s = dynamic_cast<const RSA_PublicKey*>(&key))
321 return new OSSL_RSA_Public_Operation(*s);
330 #if defined(BOTAN_HAS_RSA)
331 if(
const RSA_PrivateKey* s = dynamic_cast<const RSA_PrivateKey*>(&key))
332 return new OSSL_RSA_Private_Operation(*s);
PK_Ops::Key_Agreement * get_key_agreement_op(const Private_Key &key) const
PK_Ops::Decryption * get_decryption_op(const Private_Key &key) const
std::invalid_argument Invalid_Argument
static SecureVector< byte > encode(const BigInt &n, Base base=Binary)
PK_Ops::Encryption * get_encryption_op(const Public_Key &key) const
PK_Ops::Signature * get_signature_op(const Private_Key &key) const
RandomNumberGenerator * rng
static SecureVector< byte > encode_1363(const BigInt &n, size_t bytes)
PK_Ops::Verification * get_verify_op(const Public_Key &key) const