9#include <botan/internal/openssl.h>
11#if defined(BOTAN_HAS_RSA)
15#include <botan/internal/pk_ops_impl.h>
16#include <botan/internal/ct_utils.h>
22#include <openssl/rsa.h>
23#include <openssl/x509.h>
24#include <openssl/err.h>
25#include <openssl/rand.h>
32std::pair<int, size_t> get_openssl_enc_pad(
const std::string& eme)
35 return std::make_pair(RSA_NO_PADDING, 0);
36 else if(eme ==
"EME-PKCS1-v1_5")
37 return std::make_pair(RSA_PKCS1_PADDING, 11);
38 else if(eme ==
"OAEP(SHA-1)" || eme ==
"EME1(SHA-1)")
39 return std::make_pair(RSA_PKCS1_OAEP_PADDING, 41);
41 throw Lookup_Error(
"OpenSSL RSA does not support EME " + eme);
44class OpenSSL_RSA_Encryption_Operation
final :
public PK_Ops::Encryption
48 OpenSSL_RSA_Encryption_Operation(
const RSA_PublicKey& rsa,
int pad,
size_t pad_overhead) :
49 m_openssl_rsa(nullptr, ::RSA_free), m_padding(pad)
51 const std::vector<uint8_t> der = rsa.public_key_bits();
52 const uint8_t* der_ptr = der.data();
53 m_openssl_rsa.reset(::d2i_RSAPublicKey(
nullptr, &der_ptr, der.size()));
55 throw OpenSSL_Error(
"d2i_RSAPublicKey", ERR_get_error());
57 m_bits = 8 * (n_size() - pad_overhead) - 1;
60 size_t ciphertext_length(
size_t)
const override { return ::RSA_size(m_openssl_rsa.get()); }
62 size_t max_input_bits()
const override {
return m_bits; };
64 secure_vector<uint8_t>
encrypt(
const uint8_t msg[],
size_t msg_len,
65 RandomNumberGenerator&)
override
67 const size_t mod_sz = n_size();
70 throw Invalid_Argument(
"Input too large for RSA key");
72 secure_vector<uint8_t> outbuf(mod_sz);
74 secure_vector<uint8_t> inbuf;
76 if(m_padding == RSA_NO_PADDING)
79 copy_mem(&inbuf[mod_sz - msg_len], msg, msg_len);
83 inbuf.assign(msg, msg + msg_len);
86 int rc = ::RSA_public_encrypt(inbuf.size(), inbuf.data(), outbuf.data(),
87 m_openssl_rsa.get(), m_padding);
89 throw OpenSSL_Error(
"RSA_public_encrypt", ERR_get_error());
95 size_t n_size()
const { return ::RSA_size(m_openssl_rsa.get()); }
96 std::unique_ptr<
RSA, std::function<void (RSA*)>> m_openssl_rsa;
101class OpenSSL_RSA_Decryption_Operation
final :
public PK_Ops::Decryption
105 OpenSSL_RSA_Decryption_Operation(
const RSA_PrivateKey& rsa,
int pad) :
106 m_openssl_rsa(nullptr, ::RSA_free), m_padding(pad)
108 const secure_vector<uint8_t> der = rsa.private_key_bits();
109 const uint8_t* der_ptr = der.data();
110 m_openssl_rsa.reset(d2i_RSAPrivateKey(
nullptr, &der_ptr, der.size()));
112 throw OpenSSL_Error(
"d2i_RSAPrivateKey", ERR_get_error());
115 size_t plaintext_length(
size_t)
const override { return ::RSA_size(m_openssl_rsa.get()); }
117 secure_vector<uint8_t>
decrypt(uint8_t& valid_mask,
118 const uint8_t msg[],
size_t msg_len)
override
120 secure_vector<uint8_t> buf(::RSA_size(m_openssl_rsa.get()));
121 int rc = ::RSA_private_decrypt(msg_len, msg, buf.data(), m_openssl_rsa.get(), m_padding);
122 if(rc < 0 ||
static_cast<size_t>(rc) > buf.size())
133 if(m_padding == RSA_NO_PADDING)
142 std::unique_ptr<
RSA, std::function<void (RSA*)>> m_openssl_rsa;
146class OpenSSL_RSA_Verification_Operation
final :
public PK_Ops::Verification_with_EMSA
150 OpenSSL_RSA_Verification_Operation(
const RSA_PublicKey& rsa,
const std::string& emsa) :
151 PK_Ops::Verification_with_EMSA(emsa),
152 m_openssl_rsa(nullptr, ::RSA_free)
154 const std::vector<uint8_t> der = rsa.public_key_bits();
155 const uint8_t* der_ptr = der.data();
156 m_openssl_rsa.reset(::d2i_RSAPublicKey(
nullptr, &der_ptr, der.size()));
158 throw OpenSSL_Error(
"d2i_RSAPublicKey", ERR_get_error());
161 size_t max_input_bits()
const override
163#if OPENSSL_VERSION_NUMBER < 0x10100000L
164 return ::BN_num_bits(m_openssl_rsa->n) - 1;
166 return ::RSA_bits(m_openssl_rsa.get()) - 1;
170 bool with_recovery()
const override {
return true; }
172 secure_vector<uint8_t> verify_mr(
const uint8_t msg[],
size_t msg_len)
override
174 const size_t mod_sz = ::RSA_size(m_openssl_rsa.get());
177 throw Invalid_Argument(
"OpenSSL RSA verify input too large");
179 secure_vector<uint8_t> inbuf(mod_sz);
182 copy_mem(&inbuf[mod_sz - msg_len], msg, msg_len);
184 secure_vector<uint8_t> outbuf(mod_sz);
186 int rc = ::RSA_public_decrypt(inbuf.size(), inbuf.data(), outbuf.data(),
187 m_openssl_rsa.get(), RSA_NO_PADDING);
189 throw Invalid_Argument(
"RSA_public_decrypt");
194 std::unique_ptr<
RSA, std::function<void (RSA*)>> m_openssl_rsa;
197class OpenSSL_RSA_Signing_Operation
final :
public PK_Ops::Signature_with_EMSA
201 OpenSSL_RSA_Signing_Operation(
const RSA_PrivateKey& rsa,
const std::string& emsa) :
202 PK_Ops::Signature_with_EMSA(emsa),
203 m_openssl_rsa(nullptr, ::RSA_free)
205 const secure_vector<uint8_t> der = rsa.private_key_bits();
206 const uint8_t* der_ptr = der.data();
207 m_openssl_rsa.reset(d2i_RSAPrivateKey(
nullptr, &der_ptr, der.size()));
209 throw OpenSSL_Error(
"d2i_RSAPrivateKey", ERR_get_error());
212 size_t signature_length()
const override { return ::RSA_size(m_openssl_rsa.get()); }
214 secure_vector<uint8_t> raw_sign(
const uint8_t msg[],
size_t msg_len,
215 RandomNumberGenerator&)
override
217 const size_t mod_sz = ::RSA_size(m_openssl_rsa.get());
220 throw Invalid_Argument(
"OpenSSL RSA sign input too large");
222 secure_vector<uint8_t> inbuf(mod_sz);
223 copy_mem(&inbuf[mod_sz - msg_len], msg, msg_len);
225 secure_vector<uint8_t> outbuf(mod_sz);
227 int rc = ::RSA_private_encrypt(inbuf.size(), inbuf.data(), outbuf.data(),
228 m_openssl_rsa.get(), RSA_NO_PADDING);
230 throw OpenSSL_Error(
"RSA_private_encrypt", ERR_get_error());
235 size_t max_input_bits()
const override
237#if OPENSSL_VERSION_NUMBER < 0x10100000L
238 return ::BN_num_bits(m_openssl_rsa->n) - 1;
240 return ::RSA_bits(m_openssl_rsa.get()) - 1;
245 std::unique_ptr<
RSA, std::function<void (RSA*)>> m_openssl_rsa;
250std::unique_ptr<PK_Ops::Encryption>
251make_openssl_rsa_enc_op(
const RSA_PublicKey& key,
const std::string& params)
253 auto pad_info = get_openssl_enc_pad(params);
254 return std::unique_ptr<PK_Ops::Encryption>(
255 new OpenSSL_RSA_Encryption_Operation(key, pad_info.first, pad_info.second));
258std::unique_ptr<PK_Ops::Decryption>
259make_openssl_rsa_dec_op(
const RSA_PrivateKey& key,
const std::string& params)
261 auto pad_info = get_openssl_enc_pad(params);
262 return std::unique_ptr<PK_Ops::Decryption>(
new OpenSSL_RSA_Decryption_Operation(key, pad_info.first));
265std::unique_ptr<PK_Ops::Verification>
266make_openssl_rsa_ver_op(
const RSA_PublicKey& key,
const std::string& params)
268 return std::unique_ptr<PK_Ops::Verification>(
new OpenSSL_RSA_Verification_Operation(key, params));
271std::unique_ptr<PK_Ops::Signature>
272make_openssl_rsa_sig_op(
const RSA_PrivateKey& key,
const std::string& params)
274 return std::unique_ptr<PK_Ops::Signature>(
new OpenSSL_RSA_Signing_Operation(key, params));
277std::unique_ptr<RSA_PrivateKey>
278make_openssl_rsa_private_key(RandomNumberGenerator& rng,
size_t rsa_bits)
280 if (rsa_bits > INT_MAX)
283 secure_vector<uint8_t> seed(BOTAN_SYSTEM_RNG_POLL_REQUEST);
284 rng.randomize(seed.data(), seed.size());
285 RAND_seed(seed.data(), seed.size());
287 std::unique_ptr<BIGNUM, std::function<void (BIGNUM*)>> bn(BN_new(), BN_free);
289 throw OpenSSL_Error(
"BN_new", ERR_get_error());
290 if(!BN_set_word(bn.get(), RSA_F4))
291 throw OpenSSL_Error(
"BN_set_word", ERR_get_error());
293 std::unique_ptr<
RSA, std::function<void (RSA*)>> rsa(RSA_new(), RSA_free);
295 throw OpenSSL_Error(
"RSA_new", ERR_get_error());
296 if(!RSA_generate_key_ex(rsa.get(), rsa_bits, bn.get(),
nullptr))
297 throw OpenSSL_Error(
"RSA_generate_key_ex", ERR_get_error());
299 uint8_t* der =
nullptr;
300 int bytes = i2d_RSAPrivateKey(rsa.get(), &der);
302 throw OpenSSL_Error(
"i2d_RSAPrivateKey", ERR_get_error());
304 const secure_vector<uint8_t> keydata(der, der + bytes);
307 return std::unique_ptr<Botan::RSA_PrivateKey>
308 (
new RSA_PrivateKey(AlgorithmIdentifier(), keydata));
int(* final)(unsigned char *, CTX *)
secure_vector< uint8_t > strip_leading_zeros(const uint8_t in[], size_t length)
std::string decrypt(const uint8_t input[], size_t input_len, const std::string &passphrase)
std::string encrypt(const uint8_t input[], size_t input_len, const std::string &passphrase, RandomNumberGenerator &rng)
void secure_scrub_memory(void *ptr, size_t n)
void copy_mem(T *out, const T *in, size_t n)