Example #1
0
static EVP_PKEY *create_pkey(neverbleed_t *nb, size_t key_index, const char *ebuf, const char *nbuf)
{
    struct st_neverbleed_rsa_exdata_t *exdata;
    RSA *rsa;
    EVP_PKEY *pkey;

    if ((exdata = malloc(sizeof(*exdata))) == NULL) {
        fprintf(stderr, "no memory\n");
        abort();
    }
    exdata->nb = nb;
    exdata->key_index = key_index;

    rsa = RSA_new_method(nb->engine);
    RSA_set_ex_data(rsa, 0, exdata);
    if (BN_hex2bn(&rsa->e, ebuf) == 0) {
        fprintf(stderr, "failed to parse e:%s\n", ebuf);
        abort();
    }
    if (BN_hex2bn(&rsa->n, nbuf) == 0) {
        fprintf(stderr, "failed to parse n:%s\n", nbuf);
        abort();
    }
    rsa->flags |= RSA_FLAG_EXT_PKEY;

    pkey = EVP_PKEY_new();
    EVP_PKEY_set1_RSA(pkey, rsa);
    RSA_free(rsa);

    return pkey;
}
RSA *
RSA_new(void)
{
	RSA *r = RSA_new_method(NULL);

	return r;
}
Example #3
0
RSA *
RSA_new(void)
{
    return RSA_new_method(NULL);
}
int MAIN(int argc, char **argv)
	{
	BN_GENCB cb;
#ifndef OPENSSL_NO_ENGINE
	ENGINE *e = NULL;
#endif
	int ret=1;
	int i,num=DEFBITS;
	long l;
	const EVP_CIPHER *enc=NULL;
	unsigned long f4=RSA_F4;
	char *outfile=NULL;
	char *passargout = NULL, *passout = NULL;
#ifndef OPENSSL_NO_ENGINE
	char *engine=NULL;
#endif
	char *inrand=NULL;
	BIO *out=NULL;
	BIGNUM *bn = BN_new();
	RSA *rsa = NULL;

	if(!bn) goto err;

	apps_startup();
	BN_GENCB_set(&cb, genrsa_cb, bio_err);

	if (bio_err == NULL)
		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
			BIO_set_fp(bio_err,OPENSSL_TYPE__FILE_STDERR,BIO_NOCLOSE|BIO_FP_TEXT);

	if (!load_config(bio_err, NULL))
		goto err;
	if ((out=BIO_new(BIO_s_file())) == NULL)
		{
		BIO_printf(bio_err,"unable to create BIO for output\n");
		goto err;
		}

	argv++;
	argc--;
	for (;;)
		{
		if (argc <= 0) break;
		if (TINYCLR_SSL_STRCMP(*argv,"-out") == 0)
			{
			if (--argc < 1) goto bad;
			outfile= *(++argv);
			}
		else if (TINYCLR_SSL_STRCMP(*argv,"-3") == 0)
			f4=3;
		else if (TINYCLR_SSL_STRCMP(*argv,"-F4") == 0 || TINYCLR_SSL_STRCMP(*argv,"-f4") == 0)
			f4=RSA_F4;
#ifndef OPENSSL_NO_ENGINE
		else if (TINYCLR_SSL_STRCMP(*argv,"-engine") == 0)
			{
			if (--argc < 1) goto bad;
			engine= *(++argv);
			}
#endif
		else if (TINYCLR_SSL_STRCMP(*argv,"-rand") == 0)
			{
			if (--argc < 1) goto bad;
			inrand= *(++argv);
			}
#ifndef OPENSSL_NO_DES
		else if (TINYCLR_SSL_STRCMP(*argv,"-des") == 0)
			enc=EVP_des_cbc();
		else if (TINYCLR_SSL_STRCMP(*argv,"-des3") == 0)
			enc=EVP_des_ede3_cbc();
#endif
#ifndef OPENSSL_NO_IDEA
		else if (TINYCLR_SSL_STRCMP(*argv,"-idea") == 0)
			enc=EVP_idea_cbc();
#endif
#ifndef OPENSSL_NO_SEED
		else if (TINYCLR_SSL_STRCMP(*argv,"-seed") == 0)
			enc=EVP_seed_cbc();
#endif
#ifndef OPENSSL_NO_AES
		else if (TINYCLR_SSL_STRCMP(*argv,"-aes128") == 0)
			enc=EVP_aes_128_cbc();
		else if (TINYCLR_SSL_STRCMP(*argv,"-aes192") == 0)
			enc=EVP_aes_192_cbc();
		else if (TINYCLR_SSL_STRCMP(*argv,"-aes256") == 0)
			enc=EVP_aes_256_cbc();
#endif
#ifndef OPENSSL_NO_CAMELLIA
		else if (TINYCLR_SSL_STRCMP(*argv,"-camellia128") == 0)
			enc=EVP_camellia_128_cbc();
		else if (TINYCLR_SSL_STRCMP(*argv,"-camellia192") == 0)
			enc=EVP_camellia_192_cbc();
		else if (TINYCLR_SSL_STRCMP(*argv,"-camellia256") == 0)
			enc=EVP_camellia_256_cbc();
#endif
		else if (TINYCLR_SSL_STRCMP(*argv,"-passout") == 0)
			{
			if (--argc < 1) goto bad;
			passargout= *(++argv);
			}
		else
			break;
		argv++;
		argc--;
		}
	if ((argc >= 1) && ((sscanf(*argv,"%d",&num) == 0) || (num < 0)))
		{
bad:
		BIO_printf(bio_err,"usage: genrsa [args] [numbits]\n");
		BIO_printf(bio_err," -des            encrypt the generated key with DES in cbc mode\n");
		BIO_printf(bio_err," -des3           encrypt the generated key with DES in ede cbc mode (168 bit key)\n");
#ifndef OPENSSL_NO_IDEA
		BIO_printf(bio_err," -idea           encrypt the generated key with IDEA in cbc mode\n");
#endif
#ifndef OPENSSL_NO_SEED
		BIO_printf(bio_err," -seed\n");
		BIO_printf(bio_err,"                 encrypt PEM output with cbc seed\n");
#endif
#ifndef OPENSSL_NO_AES
		BIO_printf(bio_err," -aes128, -aes192, -aes256\n");
		BIO_printf(bio_err,"                 encrypt PEM output with cbc aes\n");
#endif
#ifndef OPENSSL_NO_CAMELLIA
		BIO_printf(bio_err," -camellia128, -camellia192, -camellia256\n");
		BIO_printf(bio_err,"                 encrypt PEM output with cbc camellia\n");
#endif
		BIO_printf(bio_err," -out file       output the key to 'file\n");
		BIO_printf(bio_err," -passout arg    output file pass phrase source\n");
		BIO_printf(bio_err," -f4             use F4 (0x10001) for the E value\n");
		BIO_printf(bio_err," -3              use 3 for the E value\n");
#ifndef OPENSSL_NO_ENGINE
		BIO_printf(bio_err," -engine e       use engine e, possibly a hardware device.\n");
#endif
		BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
		BIO_printf(bio_err,"                 load the file (or the files in the directory) into\n");
		BIO_printf(bio_err,"                 the random number generator\n");
		goto err;
		}
		
	ERR_load_crypto_strings();

	if(!app_passwd(bio_err, NULL, passargout, NULL, &passout)) {
		BIO_printf(bio_err, "Error getting password\n");
		goto err;
	}

#ifndef OPENSSL_NO_ENGINE
        e = setup_engine(bio_err, engine, 0);
#endif

	if (outfile == NULL)
		{
		BIO_set_fp(out,OPENSSL_TYPE__FILE_STDOUT,BIO_NOCLOSE);
#ifdef OPENSSL_SYS_VMS
		{
		BIO *tmpbio = BIO_new(BIO_f_linebuffer());
		out = BIO_push(tmpbio, out);
		}
#endif
		}
	else
		{
		if (BIO_write_filename(out,outfile) <= 0)
			{
			TINYCLR_SSL_PERROR(outfile);
			goto err;
			}
		}

	if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL
		&& !RAND_status())
		{
		BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n");
		}
	if (inrand != NULL)
		BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
			app_RAND_load_files(inrand));

	BIO_printf(bio_err,"Generating RSA private key, %d bit long modulus\n",
		num);
#ifdef OPENSSL_NO_ENGINE
	rsa = RSA_new();
#else
	rsa = RSA_new_method(e);
#endif
	if (!rsa)
		goto err;

	if(!BN_set_word(bn, f4) || !RSA_generate_key_ex(rsa, num, bn, &cb))
		goto err;
		
	app_RAND_write_file(NULL, bio_err);

	/* We need to do the following for when the base number size is <
	 * long, esp windows 3.1 :-(. */
	l=0L;
	for (i=0; i<rsa->e->top; i++)
		{
#ifndef SIXTY_FOUR_BIT
		l<<=BN_BITS4;
		l<<=BN_BITS4;
#endif
		l+=rsa->e->d[i];
		}
	BIO_printf(bio_err,"e is %ld (0x%lX)\n",l,l);
	{
	PW_CB_DATA cb_data;
	cb_data.password = passout;
	cb_data.prompt_info = outfile;
	if (!PEM_write_bio_RSAPrivateKey(out,rsa,enc,NULL,0,
		(pem_password_cb *)password_callback,&cb_data))
		goto err;
	}

	ret=0;
err:
	if (bn) BN_free(bn);
	if (rsa) RSA_free(rsa);
	if (out) BIO_free_all(out);
	if(passout) OPENSSL_free(passout);
	if (ret != 0)
		ERR_print_errors(bio_err);
	apps_shutdown();
	OPENSSL_EXIT(ret);
	}
Example #5
0
static EVP_PKEY *capi_get_pkey(ENGINE *eng, CAPI_KEY *key)
	{
	unsigned char *pubkey = NULL;
	DWORD len;
	BLOBHEADER *bh;
	RSA *rkey = NULL;
	DSA *dkey = NULL;
	EVP_PKEY *ret = NULL;
	if (!CryptExportKey(key->key, 0, PUBLICKEYBLOB, 0, NULL, &len))
		{
		CAPIerr(CAPI_F_CAPI_GET_PKEY, CAPI_R_PUBKEY_EXPORT_LENGTH_ERROR);
		capi_addlasterror();
		return NULL;
		}

	pubkey = OPENSSL_malloc(len);

	if (!pubkey)
		goto memerr;

	if (!CryptExportKey(key->key, 0, PUBLICKEYBLOB, 0, pubkey, &len))
		{
		CAPIerr(CAPI_F_CAPI_GET_PKEY, CAPI_R_PUBKEY_EXPORT_ERROR);
		capi_addlasterror();
		goto err;
		}

	bh = (BLOBHEADER *)pubkey;
	if (bh->bType != PUBLICKEYBLOB)
		{
		CAPIerr(CAPI_F_CAPI_GET_PKEY, CAPI_R_INVALID_PUBLIC_KEY_BLOB);
		goto err;
		}
	if (bh->aiKeyAlg == CALG_RSA_SIGN || bh->aiKeyAlg == CALG_RSA_KEYX)
		{
		RSAPUBKEY *rp;
		DWORD rsa_modlen;
		unsigned char *rsa_modulus;
		rp = (RSAPUBKEY *)(bh + 1);
		if (rp->magic != 0x31415352)
			{
			char magstr[10];
			BIO_snprintf(magstr, 10, "%lx", rp->magic);
			CAPIerr(CAPI_F_CAPI_GET_PKEY, CAPI_R_INVALID_RSA_PUBLIC_KEY_BLOB_MAGIC_NUMBER);
			ERR_add_error_data(2, "magic=0x", magstr);
			goto err;
			}
		rsa_modulus = (unsigned char *)(rp + 1);
		rkey = RSA_new_method(eng);
		if (!rkey)
			goto memerr;

		rkey->e = BN_new();
		rkey->n = BN_new();

		if (!rkey->e || !rkey->n)
			goto memerr;

		if (!BN_set_word(rkey->e, rp->pubexp))
			goto memerr;

		rsa_modlen = rp->bitlen / 8;
		if (!lend_tobn(rkey->n, rsa_modulus, rsa_modlen))
			goto memerr;

		RSA_set_ex_data(rkey, rsa_capi_idx, key);

		if (!(ret = EVP_PKEY_new()))
			goto memerr;

		EVP_PKEY_assign_RSA(ret, rkey);
		rkey = NULL;

		}
	else if (bh->aiKeyAlg == CALG_DSS_SIGN)
		{
		DSSPUBKEY *dp;
		DWORD dsa_plen;
		unsigned char *btmp;
		dp = (DSSPUBKEY *)(bh + 1);
		if (dp->magic != 0x31535344)
			{
			char magstr[10];
			BIO_snprintf(magstr, 10, "%lx", dp->magic);
			CAPIerr(CAPI_F_CAPI_GET_PKEY, CAPI_R_INVALID_DSA_PUBLIC_KEY_BLOB_MAGIC_NUMBER);
			ERR_add_error_data(2, "magic=0x", magstr);
			goto err;
			}
		dsa_plen = dp->bitlen / 8;
		btmp = (unsigned char *)(dp + 1);
		dkey = DSA_new_method(eng);
		if (!dkey)
			goto memerr;
		dkey->p = BN_new();
		dkey->q = BN_new();
		dkey->g = BN_new();
		dkey->pub_key = BN_new();
		if (!dkey->p || !dkey->q || !dkey->g || !dkey->pub_key)
			goto memerr;
		if (!lend_tobn(dkey->p, btmp, dsa_plen))
			goto memerr;
		btmp += dsa_plen;
		if (!lend_tobn(dkey->q, btmp, 20))
			goto memerr;
		btmp += 20;
		if (!lend_tobn(dkey->g, btmp, dsa_plen))
			goto memerr;
		btmp += dsa_plen;
		if (!lend_tobn(dkey->pub_key, btmp, dsa_plen))
			goto memerr;
		btmp += dsa_plen;

		DSA_set_ex_data(dkey, dsa_capi_idx, key);

		if (!(ret = EVP_PKEY_new()))
			goto memerr;

		EVP_PKEY_assign_DSA(ret, dkey);
		dkey = NULL;
		}
	else
		{
		char algstr[10];
		BIO_snprintf(algstr, 10, "%lx", bh->aiKeyAlg);
		CAPIerr(CAPI_F_CAPI_GET_PKEY, CAPI_R_UNSUPPORTED_PUBLIC_KEY_ALGORITHM);
		ERR_add_error_data(2, "aiKeyAlg=0x", algstr);
		goto err;
		}


	err:
	if (pubkey)
		OPENSSL_free(pubkey);
	if (!ret)
		{
		if (rkey)
			RSA_free(rkey);
		if (dkey)
			DSA_free(dkey);
		}

	return ret;

memerr:
	CAPIerr(CAPI_F_CAPI_GET_PKEY, ERR_R_MALLOC_FAILURE);
	goto err;

	}
Example #6
0
static EVP_PKEY* sureware_load_public(ENGINE *e,const char *key_id,char *hptr,unsigned long el,char keytype)
{
    EVP_PKEY *res = NULL;
#ifndef OPENSSL_NO_RSA
    RSA *rsatmp = NULL;
#endif
#ifndef OPENSSL_NO_DSA
    DSA *dsatmp=NULL;
#endif
    char msg[64]="sureware_load_public";
    int ret=0;
    if(!p_surewarehk_Load_Rsa_Pubkey || !p_surewarehk_Load_Dsa_Pubkey)
    {
        SUREWAREerr(SUREWARE_F_SUREWARE_LOAD_PUBLIC,ENGINE_R_NOT_INITIALISED);
        goto err;
    }
    switch (keytype)
    {
#ifndef OPENSSL_NO_RSA
    case 1: /*RSA*/
        /* set private external reference */
        rsatmp = RSA_new_method(e);
        RSA_set_ex_data(rsatmp,rsaHndidx,hptr);
        rsatmp->flags |= RSA_FLAG_EXT_PKEY;

        /* set public big nums*/
        rsatmp->e = BN_new();
        rsatmp->n = BN_new();
        bn_expand2(rsatmp->e, el/sizeof(BN_ULONG));
        bn_expand2(rsatmp->n, el/sizeof(BN_ULONG));
        if (!rsatmp->e || rsatmp->e->dmax!=(int)(el/sizeof(BN_ULONG))||
                !rsatmp->n || rsatmp->n->dmax!=(int)(el/sizeof(BN_ULONG)))
            goto err;
        ret=p_surewarehk_Load_Rsa_Pubkey(msg,key_id,el,
                                         (unsigned long *)rsatmp->n->d,
                                         (unsigned long *)rsatmp->e->d);
        surewarehk_error_handling(msg,SUREWARE_F_SUREWARE_LOAD_PUBLIC,ret);
        if (ret!=1)
        {
            SUREWAREerr(SUREWARE_F_SUREWARE_LOAD_PUBLIC,ENGINE_R_FAILED_LOADING_PUBLIC_KEY);
            goto err;
        }
        /* normalise pub e and pub n */
        rsatmp->e->top=el/sizeof(BN_ULONG);
        bn_fix_top(rsatmp->e);
        rsatmp->n->top=el/sizeof(BN_ULONG);
        bn_fix_top(rsatmp->n);
        /* create an EVP object: engine + rsa key */
        res = EVP_PKEY_new();
        EVP_PKEY_assign_RSA(res, rsatmp);
        break;
#endif

#ifndef OPENSSL_NO_DSA
    case 2:/*DSA*/
        /* set private/public external reference */
        dsatmp = DSA_new_method(e);
        DSA_set_ex_data(dsatmp,dsaHndidx,hptr);
        /*dsatmp->flags |= DSA_FLAG_EXT_PKEY;*/

        /* set public key*/
        dsatmp->pub_key = BN_new();
        dsatmp->p = BN_new();
        dsatmp->q = BN_new();
        dsatmp->g = BN_new();
        bn_expand2(dsatmp->pub_key, el/sizeof(BN_ULONG));
        bn_expand2(dsatmp->p, el/sizeof(BN_ULONG));
        bn_expand2(dsatmp->q, 20/sizeof(BN_ULONG));
        bn_expand2(dsatmp->g, el/sizeof(BN_ULONG));
        if (!dsatmp->pub_key || dsatmp->pub_key->dmax!=(int)(el/sizeof(BN_ULONG))||
                !dsatmp->p || dsatmp->p->dmax!=(int)(el/sizeof(BN_ULONG)) ||
                !dsatmp->q || dsatmp->q->dmax!=20/sizeof(BN_ULONG) ||
                !dsatmp->g || dsatmp->g->dmax!=(int)(el/sizeof(BN_ULONG)))
            goto err;

        ret=p_surewarehk_Load_Dsa_Pubkey(msg,key_id,el,
                                         (unsigned long *)dsatmp->pub_key->d,
                                         (unsigned long *)dsatmp->p->d,
                                         (unsigned long *)dsatmp->q->d,
                                         (unsigned long *)dsatmp->g->d);
        surewarehk_error_handling(msg,SUREWARE_F_SUREWARE_LOAD_PUBLIC,ret);
        if (ret!=1)
        {
            SUREWAREerr(SUREWARE_F_SUREWARE_LOAD_PUBLIC,ENGINE_R_FAILED_LOADING_PUBLIC_KEY);
            goto err;
        }
        /* set parameters */
        /* normalise pubkey and parameters in case of */
        dsatmp->pub_key->top=el/sizeof(BN_ULONG);
        bn_fix_top(dsatmp->pub_key);
        dsatmp->p->top=el/sizeof(BN_ULONG);
        bn_fix_top(dsatmp->p);
        dsatmp->q->top=20/sizeof(BN_ULONG);
        bn_fix_top(dsatmp->q);
        dsatmp->g->top=el/sizeof(BN_ULONG);
        bn_fix_top(dsatmp->g);

        /* create an EVP object: engine + rsa key */
        res = EVP_PKEY_new();
        EVP_PKEY_assign_DSA(res, dsatmp);
        break;
#endif

    default:
        SUREWAREerr(SUREWARE_F_SUREWARE_LOAD_PUBLIC,ENGINE_R_FAILED_LOADING_PRIVATE_KEY);
        goto err;
    }
    return res;
err:
#ifndef OPENSSL_NO_RSA
    if (rsatmp)
        RSA_free(rsatmp);
#endif
#ifndef OPENSSL_NO_DSA
    if (dsatmp)
        DSA_free(dsatmp);
#endif
    return NULL;
}
Example #7
0
static EVP_PKEY *ibm_4758_load_pubkey(ENGINE *e, const char *key_id,
                                      UI_METHOD *ui_method,
                                      void *callback_data)
{
    RSA *rtmp = NULL;
    EVP_PKEY *res = NULL;
    unsigned char *keyToken = NULL;
    long keyTokenLength = MAX_CCA_PKA_TOKEN_SIZE;
    long returnCode;
    long reasonCode;
    long exitDataLength = 0;
    long ruleArrayLength = 0;
    unsigned char exitData[8];
    unsigned char ruleArray[8];
    unsigned char keyLabel[64];
    unsigned long keyLabelLength = strlen(key_id);
    unsigned char modulus[512];
    long modulusFieldLength = sizeof(modulus);
    long modulusLength = 0;
    unsigned char exponent[512];
    long exponentLength = sizeof(exponent);

    if (keyLabelLength > sizeof(keyLabel)) {
        CCA4758err(CCA4758_F_IBM_4758_LOAD_PUBKEY,
                   CCA4758_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
        return NULL;
    }

    memset(keyLabel, ' ', sizeof(keyLabel));
    memcpy(keyLabel, key_id, keyLabelLength);

    keyToken = OPENSSL_malloc(MAX_CCA_PKA_TOKEN_SIZE + sizeof(long));
    if (!keyToken) {
        CCA4758err(CCA4758_F_IBM_4758_LOAD_PUBKEY, ERR_R_MALLOC_FAILURE);
        goto err;
    }

    keyRecordRead(&returnCode, &reasonCode, &exitDataLength, exitData,
                  &ruleArrayLength, ruleArray, keyLabel, &keyTokenLength,
                  keyToken + sizeof(long));

    if (returnCode) {
        CCA4758err(CCA4758_F_IBM_4758_LOAD_PUBKEY, ERR_R_MALLOC_FAILURE);
        goto err;
    }

    if (!getModulusAndExponent(keyToken + sizeof(long), &exponentLength,
                               exponent, &modulusLength, &modulusFieldLength,
                               modulus)) {
        CCA4758err(CCA4758_F_IBM_4758_LOAD_PUBKEY,
                   CCA4758_R_FAILED_LOADING_PUBLIC_KEY);
        goto err;
    }

    (*(long *)keyToken) = keyTokenLength;
    rtmp = RSA_new_method(e);
    RSA_set_ex_data(rtmp, hndidx, (char *)keyToken);
    rtmp->e = BN_bin2bn(exponent, exponentLength, NULL);
    rtmp->n = BN_bin2bn(modulus, modulusFieldLength, NULL);
    rtmp->flags |= RSA_FLAG_EXT_PKEY;
    res = EVP_PKEY_new();
    EVP_PKEY_assign_RSA(res, rtmp);

    return res;
 err:
    if (keyToken)
        OPENSSL_free(keyToken);
    return NULL;
}
static EVP_PKEY *hwcrhk_load_privkey(ENGINE *eng, const char *key_id,
	UI_METHOD *ui_method, void *callback_data)
	{
#ifndef OPENSSL_NO_RSA
	RSA *rtmp = NULL;
#endif
	EVP_PKEY *res = NULL;
#ifndef OPENSSL_NO_RSA
	HWCryptoHook_MPI e, n;
	HWCryptoHook_RSAKeyHandle *hptr;
#endif
#if !defined(OPENSSL_NO_RSA)
	char tempbuf[1024];
	HWCryptoHook_ErrMsgBuf rmsg;
	HWCryptoHook_PassphraseContext ppctx;
#endif

#if !defined(OPENSSL_NO_RSA)
	rmsg.buf = tempbuf;
	rmsg.size = sizeof(tempbuf);
#endif

	if(!hwcrhk_context)
		{
		HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY,
			HWCRHK_R_NOT_INITIALISED);
		goto err;
		}
#ifndef OPENSSL_NO_RSA
	hptr = OPENSSL_malloc(sizeof(HWCryptoHook_RSAKeyHandle));
	if (!hptr)
		{
		HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY,
			ERR_R_MALLOC_FAILURE);
		goto err;
		}
        ppctx.ui_method = ui_method;
	ppctx.callback_data = callback_data;
	if (p_hwcrhk_RSALoadKey(hwcrhk_context, key_id, hptr,
		&rmsg, &ppctx))
		{
		HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY,
			HWCRHK_R_CHIL_ERROR);
		ERR_add_error_data(1,rmsg.buf);
		goto err;
		}
	if (!*hptr)
		{
		HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY,
			HWCRHK_R_NO_KEY);
		goto err;
		}
#endif
#ifndef OPENSSL_NO_RSA
	rtmp = RSA_new_method(eng);
	RSA_set_ex_data(rtmp, hndidx_rsa, (char *)hptr);
	rtmp->e = BN_new();
	rtmp->n = BN_new();
	rtmp->flags |= RSA_FLAG_EXT_PKEY;
	MPI2BN(rtmp->e, e);
	MPI2BN(rtmp->n, n);
	if (p_hwcrhk_RSAGetPublicKey(*hptr, &n, &e, &rmsg)
		!= HWCRYPTOHOOK_ERROR_MPISIZE)
		{
		HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY,HWCRHK_R_CHIL_ERROR);
		ERR_add_error_data(1,rmsg.buf);
		goto err;
		}

	bn_expand2(rtmp->e, e.size/sizeof(BN_ULONG));
	bn_expand2(rtmp->n, n.size/sizeof(BN_ULONG));
	MPI2BN(rtmp->e, e);
	MPI2BN(rtmp->n, n);

	if (p_hwcrhk_RSAGetPublicKey(*hptr, &n, &e, &rmsg))
		{
		HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY,
			HWCRHK_R_CHIL_ERROR);
		ERR_add_error_data(1,rmsg.buf);
		goto err;
		}
	rtmp->e->top = e.size / sizeof(BN_ULONG);
	bn_fix_top(rtmp->e);
	rtmp->n->top = n.size / sizeof(BN_ULONG);
	bn_fix_top(rtmp->n);

	res = EVP_PKEY_new();
	EVP_PKEY_assign_RSA(res, rtmp);
#endif

        if (!res)
                HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY,
                        HWCRHK_R_PRIVATE_KEY_ALGORITHMS_DISABLED);

	return res;
 err:
#ifndef OPENSSL_NO_RSA
	if (rtmp)
		RSA_free(rtmp);
#endif
	return NULL;
	}
Example #9
0
int
main(int argc, char **argv)
{
    ENGINE *engine = NULL;
    int i, j, idx = 0;
    RSA *rsa;

    setprogname(argv[0]);

    /*
    if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &idx))
	usage(1);

    if (help_flag)
	usage(0);

    if(version_flag){
	print_version(NULL);
	exit(0);
    }
    */

    while(1) {
	    int c = getopt_long(argc, argv, "hq", args, &idx);

	    if (c == -1)
		    break;

	    switch (c) {
	    case 'q':
		    verbose = 0;
		    break;
	    case 'h':
		    usage(0);
		    break;
	    case '?':
	    default:
		    usage(-1);
		    break;
	    }
    }

    /*
    argc -= idx;
    argv += idx;
    */

    if (verbose) printf("[TEST] RSA\n");

    /* OpenSSL_add_all_algorithms(); */
#ifdef OPENSSL
    ENGINE_load_openssl();
#endif
    ENGINE_load_builtin_engines();

    /*
    if (argc == 0) {
	engine = ENGINE_by_id("builtin");
    } else {
	engine = ENGINE_by_id(argv[0]);
	if (engine == NULL)
	    engine = ENGINE_by_dso(argv[0], id_flag);
    }
    if (engine == NULL) {
	fprintf(stderr, "ENGINE_by_dso failed"\n);
	return 76;
    }

    if (ENGINE_get_RSA(engine) == NULL)
	return 77;

    printf("rsa %s\n", ENGINE_get_RSA(engine)->name);
    */

    if (time_keygen) {
	struct timeval tv1, tv2;
	BIGNUM *e;

	rsa = RSA_new_method(engine);
	if (!key_blinding)
	    rsa->flags |= RSA_FLAG_NO_BLINDING;

	e = BN_new();
	BN_set_word(e, 0x10001);

	printf("running keygen with %d loops\n", loops);

	gettimeofday(&tv1, NULL);

	for (i = 0; i < loops; i++) {
	    rsa = RSA_new_method(engine);
	    if (RSA_generate_key_ex(rsa, 1024, e, NULL) != 1) {
		RSA_free(rsa);
		fprintf(stderr, "RSA_generate_key_ex");
		fail++;
		return 1;
	    }
	    RSA_free(rsa);
	}

	gettimeofday(&tv2, NULL);
	timevalsub(&tv2, &tv1);

	printf("time %lu.%06lu\n",
	       (unsigned long)tv2.tv_sec,
	       (unsigned long)tv2.tv_usec);

	BN_free(e);
	/*
	ENGINE_finish(engine);
	*/

	return 0;
    }

/*
    if (time_key) {
	const int size = 20;
	struct timeval tv1, tv2;
	unsigned char *p;

	if (strcmp(time_key, "generate") == 0) {
	    BIGNUM *e;

	    rsa = RSA_new_method(engine);
	    if (!key_blinding)
		rsa->flags |= RSA_FLAG_NO_BLINDING;

	    e = BN_new();
	    BN_set_word(e, 0x10001);

	    if (RSA_generate_key_ex(rsa, 1024, e, NULL) != 1) {
		fprintf(stderr, "RSA_generate_key_ex");
		fail++;
		return (1);
	    }
	} else {
	    rsa = read_key(engine, time_key);
	}

	p = emalloc(loops * size);

	CCRandomCopyBytes(kCCRandomDefault, p, loops * size);

	gettimeofday(&tv1, NULL);
	for (i = 0; i < loops; i++)
	    check_rsa(p + (i * size), size, rsa, RSA_PKCS1_PADDING);
	gettimeofday(&tv2, NULL);

	timevalsub(&tv2, &tv1);

	printf("time %lu.%06lu\n",
	       (unsigned long)tv2.tv_sec,
	       (unsigned long)tv2.tv_usec);

	RSA_free(rsa);
	ENGINE_finish(engine);

	return 0;
    }
*/

    if (rsa_key) {
	rsa = read_key(engine, rsa_key);

	/*
	 * Assuming that you use the RSA key in the distribution, this
	 * test will generate a signature have a starting zero and thus
	 * will generate a checksum that is 127 byte instead of the
	 * checksum that is 128 byte (like the key).
	 */
	{
	    const unsigned char sha1[20] = {
		0x6d, 0x33, 0xf9, 0x40, 0x75, 0x5b, 0x4e, 0xc5, 0x90, 0x35,
		0x48, 0xab, 0x75, 0x02, 0x09, 0x76, 0x9a, 0xb4, 0x7d, 0x6b
	    };

	    check_rsa(sha1, sizeof(sha1), rsa, RSA_PKCS1_PADDING);
	}

	for (i = 0; i < 128; i++) {
	    unsigned char sha1[20];
	
	    CCRandomCopyBytes(kCCRandomDefault, sha1, sizeof(sha1));
	    check_rsa(sha1, sizeof(sha1), rsa, RSA_PKCS1_PADDING);
	}
	for (i = 0; i < 128; i++) {
	    unsigned char des3[21];

	    CCRandomCopyBytes(kCCRandomDefault, des3, sizeof(des3));
	    check_rsa(des3, sizeof(des3), rsa, RSA_PKCS1_PADDING);
	}
	for (i = 0; i < 128; i++) {
	    unsigned char aes[32];

	    CCRandomCopyBytes(kCCRandomDefault, aes, sizeof(aes));
	    check_rsa(aes, sizeof(aes), rsa, RSA_PKCS1_PADDING);
	}

	RSA_free(rsa);
    }

    if (verbose) {
	    printf("[BEGIN] RSA loops\n");
	    printf("Running %d loops\n", loops);
    }
    total++;
    for (i = 0; i < loops; i++) {
	BN_GENCB cb;
	BIGNUM *e;
	unsigned int n;

	rsa = RSA_new_method(engine);
	if (!key_blinding)
	    rsa->flags |= RSA_FLAG_NO_BLINDING;

	e = BN_new();
	BN_set_word(e, 0x10001);

	BN_GENCB_set(&cb, cb_func, NULL);
	
	CCRandomCopyBytes(kCCRandomDefault, &n, sizeof(n));
	n &= 0x1ff;
	n += 1024;

	if (RSA_generate_key_ex(rsa, n, e, &cb) != 1) {
	    fprintf(stderr, "RSA_generate_key_ex");
	    fail++;
	    return 1;
	}

	BN_free(e);

	for (j = 0; j < 8; j++) {
	    unsigned char sha1[20];
	    CCRandomCopyBytes(kCCRandomDefault, sha1, sizeof(sha1));
	    check_rsa(sha1, sizeof(sha1), rsa, RSA_PKCS1_PADDING);
	}

	RSA_free(rsa);
    }

    if (verbose) printf("[PASS] RSA loops\n");
    pass++;


    if (verbose) {
	    printf("[SUMMARY]\n");
	    printf("total: %d\n", total);
	    printf("passed: %d\n", pass);
	    printf("failed: %d\n", fail);
    }

    /* ENGINE_finish(engine); */

    return (fail);
}
Example #10
0
static EVP_PKEY* HCSP_load_key(ENGINE* e, const char* key_id, UI_METHOD* ui_method, void* callback_data)
{
   int i, j;
   BYTE modulus[1000];
   BYTE pbKeyBlob[1000];
   BYTE pubexp[sizeof(DWORD)];
   DWORD dwBlobLen = 1000L;
   DWORD dwLastError = 0L;

   RSA* rtmp     = RSA_new_method(e);
   EVP_PKEY* res = EVP_PKEY_new();

   typedef struct _PKBLOB {
      PUBLICKEYSTRUC  publickeystruc;
      RSAPUBKEY rsapubkey;
      BYTE modulus[1024/8];
   } PKBLOB;

   PKBLOB* pkblob = (PKBLOB*) pbKeyBlob;

#ifdef DEBUG
   BIO_printf(err, "Call HCSP_load_key(\"%s\")\n", key_id);
#endif

#ifndef FILE_CONFIG
   (void) strcpy(pFindPara, key_id);
#endif

   if (!HCSP_setContext())
      {
      goto error;
      }

   /* Get handle to signature key. */

   if (!HCSP_getKeyHandle())
      {
      goto error;
      }

   if (!CryptExportKey(hKey, 0, PUBLICKEYBLOB, 0, pbKeyBlob, &dwBlobLen))
      {
#  ifdef DEBUG
      routine = "CryptExportKey";
#  endif

      goto error;
      }

#ifdef DEBUG
   /* little-endian...
   writeData(pkblob->modulus,pkblob->rsapubkey.bitlen/8, "modulus");
   writeData((unsigned char*)pkblob->rsapubkey.pubexp, sizeof(DWORD), "pubexp");
   */
#endif

   for (i = 0, j = sizeof(DWORD) - 1; i <= j; ++i)
      {
      pubexp[i] = ((unsigned char*)&(pkblob->rsapubkey.pubexp))[j - i];
      }

   for (i = 0, j = pkblob->rsapubkey.bitlen/8 - 1; i <= j; ++i)
      {
      modulus[i] = pkblob->modulus[j - i];
      }

   rtmp->e = BN_bin2bn(pubexp, sizeof(DWORD), NULL);
   rtmp->n = BN_bin2bn(modulus, pkblob->rsapubkey.bitlen/8, NULL);

#ifdef DEBUG
   BIO_printf(err, "BLOB size %d - modulus size %d \n", dwBlobLen, pkblob->rsapubkey.bitlen/8);
#endif

   EVP_PKEY_assign_RSA(res, rtmp);

   goto end;

error:

#ifndef OPENSSL_NO_ERR
   dwLastError = GetLastError();

   HCSP_err(HCSP_F_LOAD_PRIVKEY, dwLastError);
#endif

end:

#ifdef DEBUG
   BIO_printf(err, "Return HCSP_load_key(%p)\n", res);
#endif

   return res;
}
Example #11
0
int
main(int argc, char **argv)
{
    ENGINE *engine = NULL;
    int i, j, idx = 0;
    RSA *rsa;

    setprogname(argv[0]);

    if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &idx))
	usage(1);

    if (help_flag)
	usage(0);

    if(version_flag){
	print_version(NULL);
	exit(0);
    }

    argc -= idx;
    argv += idx;

    OpenSSL_add_all_algorithms();
#ifdef OPENSSL
    ENGINE_load_openssl();
#endif
    ENGINE_load_builtin_engines();

    if (argc == 0) {
	engine = ENGINE_by_id("builtin");
    } else {
	engine = ENGINE_by_id(argv[0]);
	if (engine == NULL)
	    engine = ENGINE_by_dso(argv[0], id_flag);
    }
    if (engine == NULL)
	errx(1, "ENGINE_by_dso failed");

    if (ENGINE_get_RSA(engine) == NULL)
	return 77;

    printf("rsa %s\n", ENGINE_get_RSA(engine)->name);

    if (RAND_status() != 1)
	errx(77, "no functional random device, refusing to run tests");

    if (time_keygen) {
	struct timeval tv1, tv2;
	BIGNUM *e;

	rsa = RSA_new_method(engine);
	if (!key_blinding)
	    rsa->flags |= RSA_FLAG_NO_BLINDING;

	e = BN_new();
	BN_set_word(e, 0x10001);

	printf("running keygen with %d loops\n", loops);

	gettimeofday(&tv1, NULL);

	for (i = 0; i < loops; i++) {
	    rsa = RSA_new_method(engine);
	    if (RSA_generate_key_ex(rsa, 1024, e, NULL) != 1)
		errx(1, "RSA_generate_key_ex");
	    RSA_free(rsa);
	}

	gettimeofday(&tv2, NULL);
	timevalsub(&tv2, &tv1);

	printf("time %lu.%06lu\n",
	       (unsigned long)tv2.tv_sec,
	       (unsigned long)tv2.tv_usec);

	BN_free(e);
	ENGINE_finish(engine);

	return 0;
    }

    if (time_key) {
	const int size = 20;
	struct timeval tv1, tv2;
	unsigned char *p;

	if (strcmp(time_key, "generate") == 0) {
	    BIGNUM *e;

	    rsa = RSA_new_method(engine);
	    if (!key_blinding)
		rsa->flags |= RSA_FLAG_NO_BLINDING;

	    e = BN_new();
	    BN_set_word(e, 0x10001);

	    if (RSA_generate_key_ex(rsa, 1024, e, NULL) != 1)
		errx(1, "RSA_generate_key_ex");
	} else {
	    rsa = read_key(engine, time_key);
	}

	p = emalloc(loops * size);

	RAND_bytes(p, loops * size);

	gettimeofday(&tv1, NULL);
	for (i = 0; i < loops; i++)
	    check_rsa(p + (i * size), size, rsa, RSA_PKCS1_PADDING);
	gettimeofday(&tv2, NULL);

	timevalsub(&tv2, &tv1);

	printf("time %lu.%06lu\n",
	       (unsigned long)tv2.tv_sec,
	       (unsigned long)tv2.tv_usec);

	RSA_free(rsa);
	ENGINE_finish(engine);

	return 0;
    }

    if (rsa_key) {
	rsa = read_key(engine, rsa_key);

	/*
	 * Assuming that you use the RSA key in the distribution, this
	 * test will generate a signature have a starting zero and thus
	 * will generate a checksum that is 127 byte instead of the
	 * checksum that is 128 byte (like the key).
	 */
	{
	    const unsigned char sha1[20] = {
		0x6d, 0x33, 0xf9, 0x40, 0x75, 0x5b, 0x4e, 0xc5, 0x90, 0x35,
		0x48, 0xab, 0x75, 0x02, 0x09, 0x76, 0x9a, 0xb4, 0x7d, 0x6b
	    };
	
	    check_rsa(sha1, sizeof(sha1), rsa, RSA_PKCS1_PADDING);
	}
	
	for (i = 0; i < 128; i++) {
	    unsigned char sha1[20];
	
	    RAND_bytes(sha1, sizeof(sha1));
	    check_rsa(sha1, sizeof(sha1), rsa, RSA_PKCS1_PADDING);
	}
	for (i = 0; i < 128; i++) {
	    unsigned char des3[21];

	    RAND_bytes(des3, sizeof(des3));
	    check_rsa(des3, sizeof(des3), rsa, RSA_PKCS1_PADDING);
	}
	for (i = 0; i < 128; i++) {
	    unsigned char aes[32];

	    RAND_bytes(aes, sizeof(aes));
	    check_rsa(aes, sizeof(aes), rsa, RSA_PKCS1_PADDING);
	}

	RSA_free(rsa);
    }

    for (i = 0; i < loops; i++) {
	BN_GENCB cb;
	BIGNUM *e;
	unsigned int n;

	rsa = RSA_new_method(engine);
	if (!key_blinding)
	    rsa->flags |= RSA_FLAG_NO_BLINDING;

	e = BN_new();
	BN_set_word(e, 0x10001);
	
	BN_GENCB_set(&cb, cb_func, NULL);
	
	RAND_bytes(&n, sizeof(n));
	n &= 0x1ff;
	n += 1024;

	if (RSA_generate_key_ex(rsa, n, e, &cb) != 1)
	    errx(1, "RSA_generate_key_ex");

	BN_free(e);
	
	for (j = 0; j < 8; j++) {
	    unsigned char sha1[20];
	    RAND_bytes(sha1, sizeof(sha1));
	    check_rsa(sha1, sizeof(sha1), rsa, RSA_PKCS1_PADDING);
	}

	RSA_free(rsa);
    }

    ENGINE_finish(engine);

    return 0;
}
Example #12
0
int
genrsa_main(int argc, char **argv)
{
	BN_GENCB cb;
#ifndef OPENSSL_NO_ENGINE
	ENGINE *e = NULL;
#endif
	int ret = 1;
	int i, num = DEFBITS;
	long l;
	const EVP_CIPHER *enc = NULL;
	unsigned long f4 = RSA_F4;
	char *outfile = NULL;
	char *passargout = NULL, *passout = NULL;
#ifndef OPENSSL_NO_ENGINE
	char *engine = NULL;
#endif
	BIO *out = NULL;
	BIGNUM *bn = BN_new();
	RSA *rsa = NULL;

	if (!bn)
		goto err;

	BN_GENCB_set(&cb, genrsa_cb, bio_err);

	if (!load_config(bio_err, NULL))
		goto err;

	if ((out = BIO_new(BIO_s_file())) == NULL) {
		BIO_printf(bio_err, "unable to create BIO for output\n");
		goto err;
	}
	argv++;
	argc--;
	for (;;) {
		if (argc <= 0)
			break;
		if (strcmp(*argv, "-out") == 0) {
			if (--argc < 1)
				goto bad;
			outfile = *(++argv);
		} else if (strcmp(*argv, "-3") == 0)
			f4 = 3;
		else if (strcmp(*argv, "-F4") == 0 || strcmp(*argv, "-f4") == 0)
			f4 = RSA_F4;
#ifndef OPENSSL_NO_ENGINE
		else if (strcmp(*argv, "-engine") == 0) {
			if (--argc < 1)
				goto bad;
			engine = *(++argv);
		}
#endif
#ifndef OPENSSL_NO_DES
		else if (strcmp(*argv, "-des") == 0)
			enc = EVP_des_cbc();
		else if (strcmp(*argv, "-des3") == 0)
			enc = EVP_des_ede3_cbc();
#endif
#ifndef OPENSSL_NO_IDEA
		else if (strcmp(*argv, "-idea") == 0)
			enc = EVP_idea_cbc();
#endif
#ifndef OPENSSL_NO_AES
		else if (strcmp(*argv, "-aes128") == 0)
			enc = EVP_aes_128_cbc();
		else if (strcmp(*argv, "-aes192") == 0)
			enc = EVP_aes_192_cbc();
		else if (strcmp(*argv, "-aes256") == 0)
			enc = EVP_aes_256_cbc();
#endif
#ifndef OPENSSL_NO_CAMELLIA
		else if (strcmp(*argv, "-camellia128") == 0)
			enc = EVP_camellia_128_cbc();
		else if (strcmp(*argv, "-camellia192") == 0)
			enc = EVP_camellia_192_cbc();
		else if (strcmp(*argv, "-camellia256") == 0)
			enc = EVP_camellia_256_cbc();
#endif
		else if (strcmp(*argv, "-passout") == 0) {
			if (--argc < 1)
				goto bad;
			passargout = *(++argv);
		} else
			break;
		argv++;
		argc--;
	}
	if ((argc >= 1) && ((sscanf(*argv, "%d", &num) == 0) || (num < 0))) {
bad:
		BIO_printf(bio_err, "usage: genrsa [args] [numbits]\n");
		BIO_printf(bio_err, " -des            encrypt the generated key with DES in cbc mode\n");
		BIO_printf(bio_err, " -des3           encrypt the generated key with DES in ede cbc mode (168 bit key)\n");
#ifndef OPENSSL_NO_IDEA
		BIO_printf(bio_err, " -idea           encrypt the generated key with IDEA in cbc mode\n");
#endif
#ifndef OPENSSL_NO_AES
		BIO_printf(bio_err, " -aes128, -aes192, -aes256\n");
		BIO_printf(bio_err, "                 encrypt PEM output with cbc aes\n");
#endif
#ifndef OPENSSL_NO_CAMELLIA
		BIO_printf(bio_err, " -camellia128, -camellia192, -camellia256\n");
		BIO_printf(bio_err, "                 encrypt PEM output with cbc camellia\n");
#endif
		BIO_printf(bio_err, " -out file       output the key to 'file\n");
		BIO_printf(bio_err, " -passout arg    output file pass phrase source\n");
		BIO_printf(bio_err, " -f4             use F4 (0x10001) for the E value\n");
		BIO_printf(bio_err, " -3              use 3 for the E value\n");
#ifndef OPENSSL_NO_ENGINE
		BIO_printf(bio_err, " -engine e       use engine e, possibly a hardware device.\n");
#endif
		goto err;
	}
	ERR_load_crypto_strings();

	if (!app_passwd(bio_err, NULL, passargout, NULL, &passout)) {
		BIO_printf(bio_err, "Error getting password\n");
		goto err;
	}
#ifndef OPENSSL_NO_ENGINE
	e = setup_engine(bio_err, engine, 0);
#endif

	if (outfile == NULL) {
		BIO_set_fp(out, stdout, BIO_NOCLOSE);
	} else {
		if (BIO_write_filename(out, outfile) <= 0) {
			perror(outfile);
			goto err;
		}
	}

	BIO_printf(bio_err, "Generating RSA private key, %d bit long modulus\n",
	    num);
#ifdef OPENSSL_NO_ENGINE
	rsa = RSA_new();
#else
	rsa = RSA_new_method(e);
#endif
	if (!rsa)
		goto err;

	if (!BN_set_word(bn, f4) || !RSA_generate_key_ex(rsa, num, bn, &cb))
		goto err;

	/*
	 * We need to do the following for when the base number size is <
	 * long, esp windows 3.1 :-(.
	 */
	l = 0L;
	for (i = 0; i < rsa->e->top; i++) {
#ifndef _LP64
		l <<= BN_BITS4;
		l <<= BN_BITS4;
#endif
		l += rsa->e->d[i];
	}
	BIO_printf(bio_err, "e is %ld (0x%lX)\n", l, l);
	{
		PW_CB_DATA cb_data;
		cb_data.password = passout;
		cb_data.prompt_info = outfile;
		if (!PEM_write_bio_RSAPrivateKey(out, rsa, enc, NULL, 0,
			(pem_password_cb *) password_callback, &cb_data))
			goto err;
	}

	ret = 0;
err:
	if (bn)
		BN_free(bn);
	if (rsa)
		RSA_free(rsa);
	if (out)
		BIO_free_all(out);
	free(passout);
	if (ret != 0)
		ERR_print_errors(bio_err);
	
	return (ret);
}