8 #include <botan/internal/openssl.h>
10 #if defined(BOTAN_HAS_RSA)
12 #include <botan/rsa.h>
13 #include <botan/internal/pk_ops_impl.h>
14 #include <botan/internal/ct_utils.h>
19 #include <openssl/rsa.h>
20 #include <openssl/x509.h>
21 #include <openssl/err.h>
27 std::pair<int, size_t> get_openssl_enc_pad(
const std::string& eme)
29 ERR_load_crypto_strings();
31 return std::make_pair(RSA_NO_PADDING, 0);
32 else if(eme ==
"EME-PKCS1-v1_5")
33 return std::make_pair(RSA_PKCS1_PADDING, 11);
34 else if(eme ==
"OAEP(SHA-1)" || eme ==
"EME1(SHA-1)")
35 return std::make_pair(RSA_PKCS1_OAEP_PADDING, 41);
37 throw Lookup_Error(
"OpenSSL RSA does not support EME " + eme);
40 class OpenSSL_RSA_Encryption_Operation :
public PK_Ops::Encryption
44 OpenSSL_RSA_Encryption_Operation(
const RSA_PublicKey& rsa,
int pad,
size_t pad_overhead) :
45 m_openssl_rsa(nullptr, ::RSA_free), m_padding(pad)
47 const std::vector<uint8_t> der = rsa.public_key_bits();
48 const uint8_t* der_ptr = der.data();
49 m_openssl_rsa.reset(::d2i_RSAPublicKey(
nullptr, &der_ptr, der.size()));
51 throw OpenSSL_Error(
"d2i_RSAPublicKey");
53 m_bits = 8 * (n_size() - pad_overhead) - 1;
56 size_t max_input_bits()
const override {
return m_bits; };
58 secure_vector<uint8_t>
encrypt(
const uint8_t msg[],
size_t msg_len,
59 RandomNumberGenerator&)
override
61 const size_t mod_sz = n_size();
64 throw Invalid_Argument(
"Input too large for RSA key");
66 secure_vector<uint8_t> outbuf(mod_sz);
68 secure_vector<uint8_t> inbuf;
70 if(m_padding == RSA_NO_PADDING)
73 copy_mem(&inbuf[mod_sz - msg_len], msg, msg_len);
77 inbuf.assign(msg, msg + msg_len);
80 int rc = ::RSA_public_encrypt(inbuf.size(), inbuf.data(), outbuf.data(),
81 m_openssl_rsa.get(), m_padding);
83 throw OpenSSL_Error(
"RSA_public_encrypt");
89 size_t n_size()
const { return ::RSA_size(m_openssl_rsa.get()); }
90 std::unique_ptr<RSA, std::function<void (RSA*)>> m_openssl_rsa;
95 class OpenSSL_RSA_Decryption_Operation :
public PK_Ops::Decryption
99 OpenSSL_RSA_Decryption_Operation(
const RSA_PrivateKey& rsa,
int pad) :
100 m_openssl_rsa(nullptr, ::RSA_free), m_padding(pad)
102 const secure_vector<uint8_t> der = rsa.private_key_bits();
103 const uint8_t* der_ptr = der.data();
104 m_openssl_rsa.reset(d2i_RSAPrivateKey(
nullptr, &der_ptr, der.size()));
106 throw OpenSSL_Error(
"d2i_RSAPrivateKey");
109 secure_vector<uint8_t>
decrypt(uint8_t& valid_mask,
110 const uint8_t msg[],
size_t msg_len)
override
112 secure_vector<uint8_t> buf(::RSA_size(m_openssl_rsa.get()));
113 int rc = ::RSA_private_decrypt(msg_len, msg, buf.data(), m_openssl_rsa.get(), m_padding);
114 if(rc < 0 || static_cast<size_t>(rc) > buf.size())
125 if(m_padding == RSA_NO_PADDING)
134 std::unique_ptr<RSA, std::function<void (RSA*)>> m_openssl_rsa;
138 class OpenSSL_RSA_Verification_Operation :
public PK_Ops::Verification_with_EMSA
142 OpenSSL_RSA_Verification_Operation(
const RSA_PublicKey& rsa,
const std::string& emsa) :
143 PK_Ops::Verification_with_EMSA(emsa),
144 m_openssl_rsa(nullptr, ::RSA_free)
146 const std::vector<uint8_t> der = rsa.public_key_bits();
147 const uint8_t* der_ptr = der.data();
148 m_openssl_rsa.reset(::d2i_RSAPublicKey(
nullptr, &der_ptr, der.size()));
151 size_t max_input_bits()
const override { return ::BN_num_bits(m_openssl_rsa->n) - 1; }
153 bool with_recovery()
const override {
return true; }
155 secure_vector<uint8_t> verify_mr(
const uint8_t msg[],
size_t msg_len)
override
157 const size_t mod_sz = ::RSA_size(m_openssl_rsa.get());
160 throw Invalid_Argument(
"OpenSSL RSA verify input too large");
162 secure_vector<uint8_t> inbuf(mod_sz);
163 copy_mem(&inbuf[mod_sz - msg_len], msg, msg_len);
165 secure_vector<uint8_t> outbuf(mod_sz);
167 int rc = ::RSA_public_decrypt(inbuf.size(), inbuf.data(), outbuf.data(),
168 m_openssl_rsa.get(), RSA_NO_PADDING);
170 throw Invalid_Argument(
"RSA_public_decrypt");
175 std::unique_ptr<RSA, std::function<void (RSA*)>> m_openssl_rsa;
178 class OpenSSL_RSA_Signing_Operation :
public PK_Ops::Signature_with_EMSA
182 OpenSSL_RSA_Signing_Operation(
const RSA_PrivateKey& rsa,
const std::string& emsa) :
183 PK_Ops::Signature_with_EMSA(emsa),
184 m_openssl_rsa(nullptr, ::RSA_free)
186 const secure_vector<uint8_t> der = rsa.private_key_bits();
187 const uint8_t* der_ptr = der.data();
188 m_openssl_rsa.reset(d2i_RSAPrivateKey(
nullptr, &der_ptr, der.size()));
190 throw OpenSSL_Error(
"d2i_RSAPrivateKey");
193 secure_vector<uint8_t> raw_sign(
const uint8_t msg[],
size_t msg_len,
194 RandomNumberGenerator&)
override
196 const size_t mod_sz = ::RSA_size(m_openssl_rsa.get());
199 throw Invalid_Argument(
"OpenSSL RSA sign input too large");
201 secure_vector<uint8_t> inbuf(mod_sz);
202 copy_mem(&inbuf[mod_sz - msg_len], msg, msg_len);
204 secure_vector<uint8_t> outbuf(mod_sz);
206 int rc = ::RSA_private_encrypt(inbuf.size(), inbuf.data(), outbuf.data(),
207 m_openssl_rsa.get(), RSA_NO_PADDING);
209 throw OpenSSL_Error(
"RSA_private_encrypt");
214 size_t max_input_bits()
const override { return ::BN_num_bits(m_openssl_rsa->n) - 1; }
217 std::unique_ptr<RSA, std::function<void (RSA*)>> m_openssl_rsa;
222 std::unique_ptr<PK_Ops::Encryption>
223 make_openssl_rsa_enc_op(
const RSA_PublicKey& key,
const std::string& params)
225 auto pad_info = get_openssl_enc_pad(params);
226 return std::unique_ptr<PK_Ops::Encryption>(
227 new OpenSSL_RSA_Encryption_Operation(key, pad_info.first, pad_info.second));
230 std::unique_ptr<PK_Ops::Decryption>
231 make_openssl_rsa_dec_op(
const RSA_PrivateKey& key,
const std::string& params)
233 auto pad_info = get_openssl_enc_pad(params);
234 return std::unique_ptr<PK_Ops::Decryption>(
new OpenSSL_RSA_Decryption_Operation(key, pad_info.first));
237 std::unique_ptr<PK_Ops::Verification>
238 make_openssl_rsa_ver_op(
const RSA_PublicKey& key,
const std::string& params)
240 return std::unique_ptr<PK_Ops::Verification>(
new OpenSSL_RSA_Verification_Operation(key, params));
243 std::unique_ptr<PK_Ops::Signature>
244 make_openssl_rsa_sig_op(
const RSA_PrivateKey& key,
const std::string& params)
246 return std::unique_ptr<PK_Ops::Signature>(
new OpenSSL_RSA_Signing_Operation(key, params));
251 #endif // BOTAN_HAS_RSA
std::string encrypt(const uint8_t input[], size_t input_len, const std::string &passphrase, RandomNumberGenerator &rng)
std::string decrypt(const uint8_t input[], size_t input_len, const std::string &passphrase)
void copy_mem(T *out, const T *in, size_t n)
secure_vector< uint8_t > strip_leading_zeros(const uint8_t in[], size_t length)