static EVP_PKEY *create_pkey(neverbleed_t *nb, size_t key_index, const char *ebuf, const char *nbuf) { struct st_neverbleed_rsa_exdata_t *exdata; RSA *rsa; EVP_PKEY *pkey; if ((exdata = malloc(sizeof(*exdata))) == NULL) { fprintf(stderr, "no memory\n"); abort(); } exdata->nb = nb; exdata->key_index = key_index; rsa = RSA_new_method(nb->engine); RSA_set_ex_data(rsa, 0, exdata); if (BN_hex2bn(&rsa->e, ebuf) == 0) { fprintf(stderr, "failed to parse e:%s\n", ebuf); abort(); } if (BN_hex2bn(&rsa->n, nbuf) == 0) { fprintf(stderr, "failed to parse n:%s\n", nbuf); abort(); } rsa->flags |= RSA_FLAG_EXT_PKEY; pkey = EVP_PKEY_new(); EVP_PKEY_set1_RSA(pkey, rsa); RSA_free(rsa); return pkey; }
RSA * RSA_new(void) { RSA *r = RSA_new_method(NULL); return r; }
RSA * RSA_new(void) { return RSA_new_method(NULL); }
int MAIN(int argc, char **argv) { BN_GENCB cb; #ifndef OPENSSL_NO_ENGINE ENGINE *e = NULL; #endif int ret=1; int i,num=DEFBITS; long l; const EVP_CIPHER *enc=NULL; unsigned long f4=RSA_F4; char *outfile=NULL; char *passargout = NULL, *passout = NULL; #ifndef OPENSSL_NO_ENGINE char *engine=NULL; #endif char *inrand=NULL; BIO *out=NULL; BIGNUM *bn = BN_new(); RSA *rsa = NULL; if(!bn) goto err; apps_startup(); BN_GENCB_set(&cb, genrsa_cb, bio_err); if (bio_err == NULL) if ((bio_err=BIO_new(BIO_s_file())) != NULL) BIO_set_fp(bio_err,OPENSSL_TYPE__FILE_STDERR,BIO_NOCLOSE|BIO_FP_TEXT); if (!load_config(bio_err, NULL)) goto err; if ((out=BIO_new(BIO_s_file())) == NULL) { BIO_printf(bio_err,"unable to create BIO for output\n"); goto err; } argv++; argc--; for (;;) { if (argc <= 0) break; if (TINYCLR_SSL_STRCMP(*argv,"-out") == 0) { if (--argc < 1) goto bad; outfile= *(++argv); } else if (TINYCLR_SSL_STRCMP(*argv,"-3") == 0) f4=3; else if (TINYCLR_SSL_STRCMP(*argv,"-F4") == 0 || TINYCLR_SSL_STRCMP(*argv,"-f4") == 0) f4=RSA_F4; #ifndef OPENSSL_NO_ENGINE else if (TINYCLR_SSL_STRCMP(*argv,"-engine") == 0) { if (--argc < 1) goto bad; engine= *(++argv); } #endif else if (TINYCLR_SSL_STRCMP(*argv,"-rand") == 0) { if (--argc < 1) goto bad; inrand= *(++argv); } #ifndef OPENSSL_NO_DES else if (TINYCLR_SSL_STRCMP(*argv,"-des") == 0) enc=EVP_des_cbc(); else if (TINYCLR_SSL_STRCMP(*argv,"-des3") == 0) enc=EVP_des_ede3_cbc(); #endif #ifndef OPENSSL_NO_IDEA else if (TINYCLR_SSL_STRCMP(*argv,"-idea") == 0) enc=EVP_idea_cbc(); #endif #ifndef OPENSSL_NO_SEED else if (TINYCLR_SSL_STRCMP(*argv,"-seed") == 0) enc=EVP_seed_cbc(); #endif #ifndef OPENSSL_NO_AES else if (TINYCLR_SSL_STRCMP(*argv,"-aes128") == 0) enc=EVP_aes_128_cbc(); else if (TINYCLR_SSL_STRCMP(*argv,"-aes192") == 0) enc=EVP_aes_192_cbc(); else if (TINYCLR_SSL_STRCMP(*argv,"-aes256") == 0) enc=EVP_aes_256_cbc(); #endif #ifndef OPENSSL_NO_CAMELLIA else if (TINYCLR_SSL_STRCMP(*argv,"-camellia128") == 0) enc=EVP_camellia_128_cbc(); else if (TINYCLR_SSL_STRCMP(*argv,"-camellia192") == 0) enc=EVP_camellia_192_cbc(); else if (TINYCLR_SSL_STRCMP(*argv,"-camellia256") == 0) enc=EVP_camellia_256_cbc(); #endif else if (TINYCLR_SSL_STRCMP(*argv,"-passout") == 0) { if (--argc < 1) goto bad; passargout= *(++argv); } else break; argv++; argc--; } if ((argc >= 1) && ((sscanf(*argv,"%d",&num) == 0) || (num < 0))) { bad: BIO_printf(bio_err,"usage: genrsa [args] [numbits]\n"); BIO_printf(bio_err," -des encrypt the generated key with DES in cbc mode\n"); BIO_printf(bio_err," -des3 encrypt the generated key with DES in ede cbc mode (168 bit key)\n"); #ifndef OPENSSL_NO_IDEA BIO_printf(bio_err," -idea encrypt the generated key with IDEA in cbc mode\n"); #endif #ifndef OPENSSL_NO_SEED BIO_printf(bio_err," -seed\n"); BIO_printf(bio_err," encrypt PEM output with cbc seed\n"); #endif #ifndef OPENSSL_NO_AES BIO_printf(bio_err," -aes128, -aes192, -aes256\n"); BIO_printf(bio_err," encrypt PEM output with cbc aes\n"); #endif #ifndef OPENSSL_NO_CAMELLIA BIO_printf(bio_err," -camellia128, -camellia192, -camellia256\n"); BIO_printf(bio_err," encrypt PEM output with cbc camellia\n"); #endif BIO_printf(bio_err," -out file output the key to 'file\n"); BIO_printf(bio_err," -passout arg output file pass phrase source\n"); BIO_printf(bio_err," -f4 use F4 (0x10001) for the E value\n"); BIO_printf(bio_err," -3 use 3 for the E value\n"); #ifndef OPENSSL_NO_ENGINE BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n"); #endif BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR); BIO_printf(bio_err," load the file (or the files in the directory) into\n"); BIO_printf(bio_err," the random number generator\n"); goto err; } ERR_load_crypto_strings(); if(!app_passwd(bio_err, NULL, passargout, NULL, &passout)) { BIO_printf(bio_err, "Error getting password\n"); goto err; } #ifndef OPENSSL_NO_ENGINE e = setup_engine(bio_err, engine, 0); #endif if (outfile == NULL) { BIO_set_fp(out,OPENSSL_TYPE__FILE_STDOUT,BIO_NOCLOSE); #ifdef OPENSSL_SYS_VMS { BIO *tmpbio = BIO_new(BIO_f_linebuffer()); out = BIO_push(tmpbio, out); } #endif } else { if (BIO_write_filename(out,outfile) <= 0) { TINYCLR_SSL_PERROR(outfile); goto err; } } if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL && !RAND_status()) { BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n"); } if (inrand != NULL) BIO_printf(bio_err,"%ld semi-random bytes loaded\n", app_RAND_load_files(inrand)); BIO_printf(bio_err,"Generating RSA private key, %d bit long modulus\n", num); #ifdef OPENSSL_NO_ENGINE rsa = RSA_new(); #else rsa = RSA_new_method(e); #endif if (!rsa) goto err; if(!BN_set_word(bn, f4) || !RSA_generate_key_ex(rsa, num, bn, &cb)) goto err; app_RAND_write_file(NULL, bio_err); /* We need to do the following for when the base number size is < * long, esp windows 3.1 :-(. */ l=0L; for (i=0; i<rsa->e->top; i++) { #ifndef SIXTY_FOUR_BIT l<<=BN_BITS4; l<<=BN_BITS4; #endif l+=rsa->e->d[i]; } BIO_printf(bio_err,"e is %ld (0x%lX)\n",l,l); { PW_CB_DATA cb_data; cb_data.password = passout; cb_data.prompt_info = outfile; if (!PEM_write_bio_RSAPrivateKey(out,rsa,enc,NULL,0, (pem_password_cb *)password_callback,&cb_data)) goto err; } ret=0; err: if (bn) BN_free(bn); if (rsa) RSA_free(rsa); if (out) BIO_free_all(out); if(passout) OPENSSL_free(passout); if (ret != 0) ERR_print_errors(bio_err); apps_shutdown(); OPENSSL_EXIT(ret); }
static EVP_PKEY *capi_get_pkey(ENGINE *eng, CAPI_KEY *key) { unsigned char *pubkey = NULL; DWORD len; BLOBHEADER *bh; RSA *rkey = NULL; DSA *dkey = NULL; EVP_PKEY *ret = NULL; if (!CryptExportKey(key->key, 0, PUBLICKEYBLOB, 0, NULL, &len)) { CAPIerr(CAPI_F_CAPI_GET_PKEY, CAPI_R_PUBKEY_EXPORT_LENGTH_ERROR); capi_addlasterror(); return NULL; } pubkey = OPENSSL_malloc(len); if (!pubkey) goto memerr; if (!CryptExportKey(key->key, 0, PUBLICKEYBLOB, 0, pubkey, &len)) { CAPIerr(CAPI_F_CAPI_GET_PKEY, CAPI_R_PUBKEY_EXPORT_ERROR); capi_addlasterror(); goto err; } bh = (BLOBHEADER *)pubkey; if (bh->bType != PUBLICKEYBLOB) { CAPIerr(CAPI_F_CAPI_GET_PKEY, CAPI_R_INVALID_PUBLIC_KEY_BLOB); goto err; } if (bh->aiKeyAlg == CALG_RSA_SIGN || bh->aiKeyAlg == CALG_RSA_KEYX) { RSAPUBKEY *rp; DWORD rsa_modlen; unsigned char *rsa_modulus; rp = (RSAPUBKEY *)(bh + 1); if (rp->magic != 0x31415352) { char magstr[10]; BIO_snprintf(magstr, 10, "%lx", rp->magic); CAPIerr(CAPI_F_CAPI_GET_PKEY, CAPI_R_INVALID_RSA_PUBLIC_KEY_BLOB_MAGIC_NUMBER); ERR_add_error_data(2, "magic=0x", magstr); goto err; } rsa_modulus = (unsigned char *)(rp + 1); rkey = RSA_new_method(eng); if (!rkey) goto memerr; rkey->e = BN_new(); rkey->n = BN_new(); if (!rkey->e || !rkey->n) goto memerr; if (!BN_set_word(rkey->e, rp->pubexp)) goto memerr; rsa_modlen = rp->bitlen / 8; if (!lend_tobn(rkey->n, rsa_modulus, rsa_modlen)) goto memerr; RSA_set_ex_data(rkey, rsa_capi_idx, key); if (!(ret = EVP_PKEY_new())) goto memerr; EVP_PKEY_assign_RSA(ret, rkey); rkey = NULL; } else if (bh->aiKeyAlg == CALG_DSS_SIGN) { DSSPUBKEY *dp; DWORD dsa_plen; unsigned char *btmp; dp = (DSSPUBKEY *)(bh + 1); if (dp->magic != 0x31535344) { char magstr[10]; BIO_snprintf(magstr, 10, "%lx", dp->magic); CAPIerr(CAPI_F_CAPI_GET_PKEY, CAPI_R_INVALID_DSA_PUBLIC_KEY_BLOB_MAGIC_NUMBER); ERR_add_error_data(2, "magic=0x", magstr); goto err; } dsa_plen = dp->bitlen / 8; btmp = (unsigned char *)(dp + 1); dkey = DSA_new_method(eng); if (!dkey) goto memerr; dkey->p = BN_new(); dkey->q = BN_new(); dkey->g = BN_new(); dkey->pub_key = BN_new(); if (!dkey->p || !dkey->q || !dkey->g || !dkey->pub_key) goto memerr; if (!lend_tobn(dkey->p, btmp, dsa_plen)) goto memerr; btmp += dsa_plen; if (!lend_tobn(dkey->q, btmp, 20)) goto memerr; btmp += 20; if (!lend_tobn(dkey->g, btmp, dsa_plen)) goto memerr; btmp += dsa_plen; if (!lend_tobn(dkey->pub_key, btmp, dsa_plen)) goto memerr; btmp += dsa_plen; DSA_set_ex_data(dkey, dsa_capi_idx, key); if (!(ret = EVP_PKEY_new())) goto memerr; EVP_PKEY_assign_DSA(ret, dkey); dkey = NULL; } else { char algstr[10]; BIO_snprintf(algstr, 10, "%lx", bh->aiKeyAlg); CAPIerr(CAPI_F_CAPI_GET_PKEY, CAPI_R_UNSUPPORTED_PUBLIC_KEY_ALGORITHM); ERR_add_error_data(2, "aiKeyAlg=0x", algstr); goto err; } err: if (pubkey) OPENSSL_free(pubkey); if (!ret) { if (rkey) RSA_free(rkey); if (dkey) DSA_free(dkey); } return ret; memerr: CAPIerr(CAPI_F_CAPI_GET_PKEY, ERR_R_MALLOC_FAILURE); goto err; }
static EVP_PKEY* sureware_load_public(ENGINE *e,const char *key_id,char *hptr,unsigned long el,char keytype) { EVP_PKEY *res = NULL; #ifndef OPENSSL_NO_RSA RSA *rsatmp = NULL; #endif #ifndef OPENSSL_NO_DSA DSA *dsatmp=NULL; #endif char msg[64]="sureware_load_public"; int ret=0; if(!p_surewarehk_Load_Rsa_Pubkey || !p_surewarehk_Load_Dsa_Pubkey) { SUREWAREerr(SUREWARE_F_SUREWARE_LOAD_PUBLIC,ENGINE_R_NOT_INITIALISED); goto err; } switch (keytype) { #ifndef OPENSSL_NO_RSA case 1: /*RSA*/ /* set private external reference */ rsatmp = RSA_new_method(e); RSA_set_ex_data(rsatmp,rsaHndidx,hptr); rsatmp->flags |= RSA_FLAG_EXT_PKEY; /* set public big nums*/ rsatmp->e = BN_new(); rsatmp->n = BN_new(); bn_expand2(rsatmp->e, el/sizeof(BN_ULONG)); bn_expand2(rsatmp->n, el/sizeof(BN_ULONG)); if (!rsatmp->e || rsatmp->e->dmax!=(int)(el/sizeof(BN_ULONG))|| !rsatmp->n || rsatmp->n->dmax!=(int)(el/sizeof(BN_ULONG))) goto err; ret=p_surewarehk_Load_Rsa_Pubkey(msg,key_id,el, (unsigned long *)rsatmp->n->d, (unsigned long *)rsatmp->e->d); surewarehk_error_handling(msg,SUREWARE_F_SUREWARE_LOAD_PUBLIC,ret); if (ret!=1) { SUREWAREerr(SUREWARE_F_SUREWARE_LOAD_PUBLIC,ENGINE_R_FAILED_LOADING_PUBLIC_KEY); goto err; } /* normalise pub e and pub n */ rsatmp->e->top=el/sizeof(BN_ULONG); bn_fix_top(rsatmp->e); rsatmp->n->top=el/sizeof(BN_ULONG); bn_fix_top(rsatmp->n); /* create an EVP object: engine + rsa key */ res = EVP_PKEY_new(); EVP_PKEY_assign_RSA(res, rsatmp); break; #endif #ifndef OPENSSL_NO_DSA case 2:/*DSA*/ /* set private/public external reference */ dsatmp = DSA_new_method(e); DSA_set_ex_data(dsatmp,dsaHndidx,hptr); /*dsatmp->flags |= DSA_FLAG_EXT_PKEY;*/ /* set public key*/ dsatmp->pub_key = BN_new(); dsatmp->p = BN_new(); dsatmp->q = BN_new(); dsatmp->g = BN_new(); bn_expand2(dsatmp->pub_key, el/sizeof(BN_ULONG)); bn_expand2(dsatmp->p, el/sizeof(BN_ULONG)); bn_expand2(dsatmp->q, 20/sizeof(BN_ULONG)); bn_expand2(dsatmp->g, el/sizeof(BN_ULONG)); if (!dsatmp->pub_key || dsatmp->pub_key->dmax!=(int)(el/sizeof(BN_ULONG))|| !dsatmp->p || dsatmp->p->dmax!=(int)(el/sizeof(BN_ULONG)) || !dsatmp->q || dsatmp->q->dmax!=20/sizeof(BN_ULONG) || !dsatmp->g || dsatmp->g->dmax!=(int)(el/sizeof(BN_ULONG))) goto err; ret=p_surewarehk_Load_Dsa_Pubkey(msg,key_id,el, (unsigned long *)dsatmp->pub_key->d, (unsigned long *)dsatmp->p->d, (unsigned long *)dsatmp->q->d, (unsigned long *)dsatmp->g->d); surewarehk_error_handling(msg,SUREWARE_F_SUREWARE_LOAD_PUBLIC,ret); if (ret!=1) { SUREWAREerr(SUREWARE_F_SUREWARE_LOAD_PUBLIC,ENGINE_R_FAILED_LOADING_PUBLIC_KEY); goto err; } /* set parameters */ /* normalise pubkey and parameters in case of */ dsatmp->pub_key->top=el/sizeof(BN_ULONG); bn_fix_top(dsatmp->pub_key); dsatmp->p->top=el/sizeof(BN_ULONG); bn_fix_top(dsatmp->p); dsatmp->q->top=20/sizeof(BN_ULONG); bn_fix_top(dsatmp->q); dsatmp->g->top=el/sizeof(BN_ULONG); bn_fix_top(dsatmp->g); /* create an EVP object: engine + rsa key */ res = EVP_PKEY_new(); EVP_PKEY_assign_DSA(res, dsatmp); break; #endif default: SUREWAREerr(SUREWARE_F_SUREWARE_LOAD_PUBLIC,ENGINE_R_FAILED_LOADING_PRIVATE_KEY); goto err; } return res; err: #ifndef OPENSSL_NO_RSA if (rsatmp) RSA_free(rsatmp); #endif #ifndef OPENSSL_NO_DSA if (dsatmp) DSA_free(dsatmp); #endif return NULL; }
static EVP_PKEY *ibm_4758_load_pubkey(ENGINE *e, const char *key_id, UI_METHOD *ui_method, void *callback_data) { RSA *rtmp = NULL; EVP_PKEY *res = NULL; unsigned char *keyToken = NULL; long keyTokenLength = MAX_CCA_PKA_TOKEN_SIZE; long returnCode; long reasonCode; long exitDataLength = 0; long ruleArrayLength = 0; unsigned char exitData[8]; unsigned char ruleArray[8]; unsigned char keyLabel[64]; unsigned long keyLabelLength = strlen(key_id); unsigned char modulus[512]; long modulusFieldLength = sizeof(modulus); long modulusLength = 0; unsigned char exponent[512]; long exponentLength = sizeof(exponent); if (keyLabelLength > sizeof(keyLabel)) { CCA4758err(CCA4758_F_IBM_4758_LOAD_PUBKEY, CCA4758_R_SIZE_TOO_LARGE_OR_TOO_SMALL); return NULL; } memset(keyLabel, ' ', sizeof(keyLabel)); memcpy(keyLabel, key_id, keyLabelLength); keyToken = OPENSSL_malloc(MAX_CCA_PKA_TOKEN_SIZE + sizeof(long)); if (!keyToken) { CCA4758err(CCA4758_F_IBM_4758_LOAD_PUBKEY, ERR_R_MALLOC_FAILURE); goto err; } keyRecordRead(&returnCode, &reasonCode, &exitDataLength, exitData, &ruleArrayLength, ruleArray, keyLabel, &keyTokenLength, keyToken + sizeof(long)); if (returnCode) { CCA4758err(CCA4758_F_IBM_4758_LOAD_PUBKEY, ERR_R_MALLOC_FAILURE); goto err; } if (!getModulusAndExponent(keyToken + sizeof(long), &exponentLength, exponent, &modulusLength, &modulusFieldLength, modulus)) { CCA4758err(CCA4758_F_IBM_4758_LOAD_PUBKEY, CCA4758_R_FAILED_LOADING_PUBLIC_KEY); goto err; } (*(long *)keyToken) = keyTokenLength; rtmp = RSA_new_method(e); RSA_set_ex_data(rtmp, hndidx, (char *)keyToken); rtmp->e = BN_bin2bn(exponent, exponentLength, NULL); rtmp->n = BN_bin2bn(modulus, modulusFieldLength, NULL); rtmp->flags |= RSA_FLAG_EXT_PKEY; res = EVP_PKEY_new(); EVP_PKEY_assign_RSA(res, rtmp); return res; err: if (keyToken) OPENSSL_free(keyToken); return NULL; }
static EVP_PKEY *hwcrhk_load_privkey(ENGINE *eng, const char *key_id, UI_METHOD *ui_method, void *callback_data) { #ifndef OPENSSL_NO_RSA RSA *rtmp = NULL; #endif EVP_PKEY *res = NULL; #ifndef OPENSSL_NO_RSA HWCryptoHook_MPI e, n; HWCryptoHook_RSAKeyHandle *hptr; #endif #if !defined(OPENSSL_NO_RSA) char tempbuf[1024]; HWCryptoHook_ErrMsgBuf rmsg; HWCryptoHook_PassphraseContext ppctx; #endif #if !defined(OPENSSL_NO_RSA) rmsg.buf = tempbuf; rmsg.size = sizeof(tempbuf); #endif if(!hwcrhk_context) { HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY, HWCRHK_R_NOT_INITIALISED); goto err; } #ifndef OPENSSL_NO_RSA hptr = OPENSSL_malloc(sizeof(HWCryptoHook_RSAKeyHandle)); if (!hptr) { HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY, ERR_R_MALLOC_FAILURE); goto err; } ppctx.ui_method = ui_method; ppctx.callback_data = callback_data; if (p_hwcrhk_RSALoadKey(hwcrhk_context, key_id, hptr, &rmsg, &ppctx)) { HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY, HWCRHK_R_CHIL_ERROR); ERR_add_error_data(1,rmsg.buf); goto err; } if (!*hptr) { HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY, HWCRHK_R_NO_KEY); goto err; } #endif #ifndef OPENSSL_NO_RSA rtmp = RSA_new_method(eng); RSA_set_ex_data(rtmp, hndidx_rsa, (char *)hptr); rtmp->e = BN_new(); rtmp->n = BN_new(); rtmp->flags |= RSA_FLAG_EXT_PKEY; MPI2BN(rtmp->e, e); MPI2BN(rtmp->n, n); if (p_hwcrhk_RSAGetPublicKey(*hptr, &n, &e, &rmsg) != HWCRYPTOHOOK_ERROR_MPISIZE) { HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY,HWCRHK_R_CHIL_ERROR); ERR_add_error_data(1,rmsg.buf); goto err; } bn_expand2(rtmp->e, e.size/sizeof(BN_ULONG)); bn_expand2(rtmp->n, n.size/sizeof(BN_ULONG)); MPI2BN(rtmp->e, e); MPI2BN(rtmp->n, n); if (p_hwcrhk_RSAGetPublicKey(*hptr, &n, &e, &rmsg)) { HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY, HWCRHK_R_CHIL_ERROR); ERR_add_error_data(1,rmsg.buf); goto err; } rtmp->e->top = e.size / sizeof(BN_ULONG); bn_fix_top(rtmp->e); rtmp->n->top = n.size / sizeof(BN_ULONG); bn_fix_top(rtmp->n); res = EVP_PKEY_new(); EVP_PKEY_assign_RSA(res, rtmp); #endif if (!res) HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY, HWCRHK_R_PRIVATE_KEY_ALGORITHMS_DISABLED); return res; err: #ifndef OPENSSL_NO_RSA if (rtmp) RSA_free(rtmp); #endif return NULL; }
int main(int argc, char **argv) { ENGINE *engine = NULL; int i, j, idx = 0; RSA *rsa; setprogname(argv[0]); /* if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &idx)) usage(1); if (help_flag) usage(0); if(version_flag){ print_version(NULL); exit(0); } */ while(1) { int c = getopt_long(argc, argv, "hq", args, &idx); if (c == -1) break; switch (c) { case 'q': verbose = 0; break; case 'h': usage(0); break; case '?': default: usage(-1); break; } } /* argc -= idx; argv += idx; */ if (verbose) printf("[TEST] RSA\n"); /* OpenSSL_add_all_algorithms(); */ #ifdef OPENSSL ENGINE_load_openssl(); #endif ENGINE_load_builtin_engines(); /* if (argc == 0) { engine = ENGINE_by_id("builtin"); } else { engine = ENGINE_by_id(argv[0]); if (engine == NULL) engine = ENGINE_by_dso(argv[0], id_flag); } if (engine == NULL) { fprintf(stderr, "ENGINE_by_dso failed"\n); return 76; } if (ENGINE_get_RSA(engine) == NULL) return 77; printf("rsa %s\n", ENGINE_get_RSA(engine)->name); */ if (time_keygen) { struct timeval tv1, tv2; BIGNUM *e; rsa = RSA_new_method(engine); if (!key_blinding) rsa->flags |= RSA_FLAG_NO_BLINDING; e = BN_new(); BN_set_word(e, 0x10001); printf("running keygen with %d loops\n", loops); gettimeofday(&tv1, NULL); for (i = 0; i < loops; i++) { rsa = RSA_new_method(engine); if (RSA_generate_key_ex(rsa, 1024, e, NULL) != 1) { RSA_free(rsa); fprintf(stderr, "RSA_generate_key_ex"); fail++; return 1; } RSA_free(rsa); } gettimeofday(&tv2, NULL); timevalsub(&tv2, &tv1); printf("time %lu.%06lu\n", (unsigned long)tv2.tv_sec, (unsigned long)tv2.tv_usec); BN_free(e); /* ENGINE_finish(engine); */ return 0; } /* if (time_key) { const int size = 20; struct timeval tv1, tv2; unsigned char *p; if (strcmp(time_key, "generate") == 0) { BIGNUM *e; rsa = RSA_new_method(engine); if (!key_blinding) rsa->flags |= RSA_FLAG_NO_BLINDING; e = BN_new(); BN_set_word(e, 0x10001); if (RSA_generate_key_ex(rsa, 1024, e, NULL) != 1) { fprintf(stderr, "RSA_generate_key_ex"); fail++; return (1); } } else { rsa = read_key(engine, time_key); } p = emalloc(loops * size); CCRandomCopyBytes(kCCRandomDefault, p, loops * size); gettimeofday(&tv1, NULL); for (i = 0; i < loops; i++) check_rsa(p + (i * size), size, rsa, RSA_PKCS1_PADDING); gettimeofday(&tv2, NULL); timevalsub(&tv2, &tv1); printf("time %lu.%06lu\n", (unsigned long)tv2.tv_sec, (unsigned long)tv2.tv_usec); RSA_free(rsa); ENGINE_finish(engine); return 0; } */ if (rsa_key) { rsa = read_key(engine, rsa_key); /* * Assuming that you use the RSA key in the distribution, this * test will generate a signature have a starting zero and thus * will generate a checksum that is 127 byte instead of the * checksum that is 128 byte (like the key). */ { const unsigned char sha1[20] = { 0x6d, 0x33, 0xf9, 0x40, 0x75, 0x5b, 0x4e, 0xc5, 0x90, 0x35, 0x48, 0xab, 0x75, 0x02, 0x09, 0x76, 0x9a, 0xb4, 0x7d, 0x6b }; check_rsa(sha1, sizeof(sha1), rsa, RSA_PKCS1_PADDING); } for (i = 0; i < 128; i++) { unsigned char sha1[20]; CCRandomCopyBytes(kCCRandomDefault, sha1, sizeof(sha1)); check_rsa(sha1, sizeof(sha1), rsa, RSA_PKCS1_PADDING); } for (i = 0; i < 128; i++) { unsigned char des3[21]; CCRandomCopyBytes(kCCRandomDefault, des3, sizeof(des3)); check_rsa(des3, sizeof(des3), rsa, RSA_PKCS1_PADDING); } for (i = 0; i < 128; i++) { unsigned char aes[32]; CCRandomCopyBytes(kCCRandomDefault, aes, sizeof(aes)); check_rsa(aes, sizeof(aes), rsa, RSA_PKCS1_PADDING); } RSA_free(rsa); } if (verbose) { printf("[BEGIN] RSA loops\n"); printf("Running %d loops\n", loops); } total++; for (i = 0; i < loops; i++) { BN_GENCB cb; BIGNUM *e; unsigned int n; rsa = RSA_new_method(engine); if (!key_blinding) rsa->flags |= RSA_FLAG_NO_BLINDING; e = BN_new(); BN_set_word(e, 0x10001); BN_GENCB_set(&cb, cb_func, NULL); CCRandomCopyBytes(kCCRandomDefault, &n, sizeof(n)); n &= 0x1ff; n += 1024; if (RSA_generate_key_ex(rsa, n, e, &cb) != 1) { fprintf(stderr, "RSA_generate_key_ex"); fail++; return 1; } BN_free(e); for (j = 0; j < 8; j++) { unsigned char sha1[20]; CCRandomCopyBytes(kCCRandomDefault, sha1, sizeof(sha1)); check_rsa(sha1, sizeof(sha1), rsa, RSA_PKCS1_PADDING); } RSA_free(rsa); } if (verbose) printf("[PASS] RSA loops\n"); pass++; if (verbose) { printf("[SUMMARY]\n"); printf("total: %d\n", total); printf("passed: %d\n", pass); printf("failed: %d\n", fail); } /* ENGINE_finish(engine); */ return (fail); }
static EVP_PKEY* HCSP_load_key(ENGINE* e, const char* key_id, UI_METHOD* ui_method, void* callback_data) { int i, j; BYTE modulus[1000]; BYTE pbKeyBlob[1000]; BYTE pubexp[sizeof(DWORD)]; DWORD dwBlobLen = 1000L; DWORD dwLastError = 0L; RSA* rtmp = RSA_new_method(e); EVP_PKEY* res = EVP_PKEY_new(); typedef struct _PKBLOB { PUBLICKEYSTRUC publickeystruc; RSAPUBKEY rsapubkey; BYTE modulus[1024/8]; } PKBLOB; PKBLOB* pkblob = (PKBLOB*) pbKeyBlob; #ifdef DEBUG BIO_printf(err, "Call HCSP_load_key(\"%s\")\n", key_id); #endif #ifndef FILE_CONFIG (void) strcpy(pFindPara, key_id); #endif if (!HCSP_setContext()) { goto error; } /* Get handle to signature key. */ if (!HCSP_getKeyHandle()) { goto error; } if (!CryptExportKey(hKey, 0, PUBLICKEYBLOB, 0, pbKeyBlob, &dwBlobLen)) { # ifdef DEBUG routine = "CryptExportKey"; # endif goto error; } #ifdef DEBUG /* little-endian... writeData(pkblob->modulus,pkblob->rsapubkey.bitlen/8, "modulus"); writeData((unsigned char*)pkblob->rsapubkey.pubexp, sizeof(DWORD), "pubexp"); */ #endif for (i = 0, j = sizeof(DWORD) - 1; i <= j; ++i) { pubexp[i] = ((unsigned char*)&(pkblob->rsapubkey.pubexp))[j - i]; } for (i = 0, j = pkblob->rsapubkey.bitlen/8 - 1; i <= j; ++i) { modulus[i] = pkblob->modulus[j - i]; } rtmp->e = BN_bin2bn(pubexp, sizeof(DWORD), NULL); rtmp->n = BN_bin2bn(modulus, pkblob->rsapubkey.bitlen/8, NULL); #ifdef DEBUG BIO_printf(err, "BLOB size %d - modulus size %d \n", dwBlobLen, pkblob->rsapubkey.bitlen/8); #endif EVP_PKEY_assign_RSA(res, rtmp); goto end; error: #ifndef OPENSSL_NO_ERR dwLastError = GetLastError(); HCSP_err(HCSP_F_LOAD_PRIVKEY, dwLastError); #endif end: #ifdef DEBUG BIO_printf(err, "Return HCSP_load_key(%p)\n", res); #endif return res; }
int main(int argc, char **argv) { ENGINE *engine = NULL; int i, j, idx = 0; RSA *rsa; setprogname(argv[0]); if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &idx)) usage(1); if (help_flag) usage(0); if(version_flag){ print_version(NULL); exit(0); } argc -= idx; argv += idx; OpenSSL_add_all_algorithms(); #ifdef OPENSSL ENGINE_load_openssl(); #endif ENGINE_load_builtin_engines(); if (argc == 0) { engine = ENGINE_by_id("builtin"); } else { engine = ENGINE_by_id(argv[0]); if (engine == NULL) engine = ENGINE_by_dso(argv[0], id_flag); } if (engine == NULL) errx(1, "ENGINE_by_dso failed"); if (ENGINE_get_RSA(engine) == NULL) return 77; printf("rsa %s\n", ENGINE_get_RSA(engine)->name); if (RAND_status() != 1) errx(77, "no functional random device, refusing to run tests"); if (time_keygen) { struct timeval tv1, tv2; BIGNUM *e; rsa = RSA_new_method(engine); if (!key_blinding) rsa->flags |= RSA_FLAG_NO_BLINDING; e = BN_new(); BN_set_word(e, 0x10001); printf("running keygen with %d loops\n", loops); gettimeofday(&tv1, NULL); for (i = 0; i < loops; i++) { rsa = RSA_new_method(engine); if (RSA_generate_key_ex(rsa, 1024, e, NULL) != 1) errx(1, "RSA_generate_key_ex"); RSA_free(rsa); } gettimeofday(&tv2, NULL); timevalsub(&tv2, &tv1); printf("time %lu.%06lu\n", (unsigned long)tv2.tv_sec, (unsigned long)tv2.tv_usec); BN_free(e); ENGINE_finish(engine); return 0; } if (time_key) { const int size = 20; struct timeval tv1, tv2; unsigned char *p; if (strcmp(time_key, "generate") == 0) { BIGNUM *e; rsa = RSA_new_method(engine); if (!key_blinding) rsa->flags |= RSA_FLAG_NO_BLINDING; e = BN_new(); BN_set_word(e, 0x10001); if (RSA_generate_key_ex(rsa, 1024, e, NULL) != 1) errx(1, "RSA_generate_key_ex"); } else { rsa = read_key(engine, time_key); } p = emalloc(loops * size); RAND_bytes(p, loops * size); gettimeofday(&tv1, NULL); for (i = 0; i < loops; i++) check_rsa(p + (i * size), size, rsa, RSA_PKCS1_PADDING); gettimeofday(&tv2, NULL); timevalsub(&tv2, &tv1); printf("time %lu.%06lu\n", (unsigned long)tv2.tv_sec, (unsigned long)tv2.tv_usec); RSA_free(rsa); ENGINE_finish(engine); return 0; } if (rsa_key) { rsa = read_key(engine, rsa_key); /* * Assuming that you use the RSA key in the distribution, this * test will generate a signature have a starting zero and thus * will generate a checksum that is 127 byte instead of the * checksum that is 128 byte (like the key). */ { const unsigned char sha1[20] = { 0x6d, 0x33, 0xf9, 0x40, 0x75, 0x5b, 0x4e, 0xc5, 0x90, 0x35, 0x48, 0xab, 0x75, 0x02, 0x09, 0x76, 0x9a, 0xb4, 0x7d, 0x6b }; check_rsa(sha1, sizeof(sha1), rsa, RSA_PKCS1_PADDING); } for (i = 0; i < 128; i++) { unsigned char sha1[20]; RAND_bytes(sha1, sizeof(sha1)); check_rsa(sha1, sizeof(sha1), rsa, RSA_PKCS1_PADDING); } for (i = 0; i < 128; i++) { unsigned char des3[21]; RAND_bytes(des3, sizeof(des3)); check_rsa(des3, sizeof(des3), rsa, RSA_PKCS1_PADDING); } for (i = 0; i < 128; i++) { unsigned char aes[32]; RAND_bytes(aes, sizeof(aes)); check_rsa(aes, sizeof(aes), rsa, RSA_PKCS1_PADDING); } RSA_free(rsa); } for (i = 0; i < loops; i++) { BN_GENCB cb; BIGNUM *e; unsigned int n; rsa = RSA_new_method(engine); if (!key_blinding) rsa->flags |= RSA_FLAG_NO_BLINDING; e = BN_new(); BN_set_word(e, 0x10001); BN_GENCB_set(&cb, cb_func, NULL); RAND_bytes(&n, sizeof(n)); n &= 0x1ff; n += 1024; if (RSA_generate_key_ex(rsa, n, e, &cb) != 1) errx(1, "RSA_generate_key_ex"); BN_free(e); for (j = 0; j < 8; j++) { unsigned char sha1[20]; RAND_bytes(sha1, sizeof(sha1)); check_rsa(sha1, sizeof(sha1), rsa, RSA_PKCS1_PADDING); } RSA_free(rsa); } ENGINE_finish(engine); return 0; }
int genrsa_main(int argc, char **argv) { BN_GENCB cb; #ifndef OPENSSL_NO_ENGINE ENGINE *e = NULL; #endif int ret = 1; int i, num = DEFBITS; long l; const EVP_CIPHER *enc = NULL; unsigned long f4 = RSA_F4; char *outfile = NULL; char *passargout = NULL, *passout = NULL; #ifndef OPENSSL_NO_ENGINE char *engine = NULL; #endif BIO *out = NULL; BIGNUM *bn = BN_new(); RSA *rsa = NULL; if (!bn) goto err; BN_GENCB_set(&cb, genrsa_cb, bio_err); if (!load_config(bio_err, NULL)) goto err; if ((out = BIO_new(BIO_s_file())) == NULL) { BIO_printf(bio_err, "unable to create BIO for output\n"); goto err; } argv++; argc--; for (;;) { if (argc <= 0) break; if (strcmp(*argv, "-out") == 0) { if (--argc < 1) goto bad; outfile = *(++argv); } else if (strcmp(*argv, "-3") == 0) f4 = 3; else if (strcmp(*argv, "-F4") == 0 || strcmp(*argv, "-f4") == 0) f4 = RSA_F4; #ifndef OPENSSL_NO_ENGINE else if (strcmp(*argv, "-engine") == 0) { if (--argc < 1) goto bad; engine = *(++argv); } #endif #ifndef OPENSSL_NO_DES else if (strcmp(*argv, "-des") == 0) enc = EVP_des_cbc(); else if (strcmp(*argv, "-des3") == 0) enc = EVP_des_ede3_cbc(); #endif #ifndef OPENSSL_NO_IDEA else if (strcmp(*argv, "-idea") == 0) enc = EVP_idea_cbc(); #endif #ifndef OPENSSL_NO_AES else if (strcmp(*argv, "-aes128") == 0) enc = EVP_aes_128_cbc(); else if (strcmp(*argv, "-aes192") == 0) enc = EVP_aes_192_cbc(); else if (strcmp(*argv, "-aes256") == 0) enc = EVP_aes_256_cbc(); #endif #ifndef OPENSSL_NO_CAMELLIA else if (strcmp(*argv, "-camellia128") == 0) enc = EVP_camellia_128_cbc(); else if (strcmp(*argv, "-camellia192") == 0) enc = EVP_camellia_192_cbc(); else if (strcmp(*argv, "-camellia256") == 0) enc = EVP_camellia_256_cbc(); #endif else if (strcmp(*argv, "-passout") == 0) { if (--argc < 1) goto bad; passargout = *(++argv); } else break; argv++; argc--; } if ((argc >= 1) && ((sscanf(*argv, "%d", &num) == 0) || (num < 0))) { bad: BIO_printf(bio_err, "usage: genrsa [args] [numbits]\n"); BIO_printf(bio_err, " -des encrypt the generated key with DES in cbc mode\n"); BIO_printf(bio_err, " -des3 encrypt the generated key with DES in ede cbc mode (168 bit key)\n"); #ifndef OPENSSL_NO_IDEA BIO_printf(bio_err, " -idea encrypt the generated key with IDEA in cbc mode\n"); #endif #ifndef OPENSSL_NO_AES BIO_printf(bio_err, " -aes128, -aes192, -aes256\n"); BIO_printf(bio_err, " encrypt PEM output with cbc aes\n"); #endif #ifndef OPENSSL_NO_CAMELLIA BIO_printf(bio_err, " -camellia128, -camellia192, -camellia256\n"); BIO_printf(bio_err, " encrypt PEM output with cbc camellia\n"); #endif BIO_printf(bio_err, " -out file output the key to 'file\n"); BIO_printf(bio_err, " -passout arg output file pass phrase source\n"); BIO_printf(bio_err, " -f4 use F4 (0x10001) for the E value\n"); BIO_printf(bio_err, " -3 use 3 for the E value\n"); #ifndef OPENSSL_NO_ENGINE BIO_printf(bio_err, " -engine e use engine e, possibly a hardware device.\n"); #endif goto err; } ERR_load_crypto_strings(); if (!app_passwd(bio_err, NULL, passargout, NULL, &passout)) { BIO_printf(bio_err, "Error getting password\n"); goto err; } #ifndef OPENSSL_NO_ENGINE e = setup_engine(bio_err, engine, 0); #endif if (outfile == NULL) { BIO_set_fp(out, stdout, BIO_NOCLOSE); } else { if (BIO_write_filename(out, outfile) <= 0) { perror(outfile); goto err; } } BIO_printf(bio_err, "Generating RSA private key, %d bit long modulus\n", num); #ifdef OPENSSL_NO_ENGINE rsa = RSA_new(); #else rsa = RSA_new_method(e); #endif if (!rsa) goto err; if (!BN_set_word(bn, f4) || !RSA_generate_key_ex(rsa, num, bn, &cb)) goto err; /* * We need to do the following for when the base number size is < * long, esp windows 3.1 :-(. */ l = 0L; for (i = 0; i < rsa->e->top; i++) { #ifndef _LP64 l <<= BN_BITS4; l <<= BN_BITS4; #endif l += rsa->e->d[i]; } BIO_printf(bio_err, "e is %ld (0x%lX)\n", l, l); { PW_CB_DATA cb_data; cb_data.password = passout; cb_data.prompt_info = outfile; if (!PEM_write_bio_RSAPrivateKey(out, rsa, enc, NULL, 0, (pem_password_cb *) password_callback, &cb_data)) goto err; } ret = 0; err: if (bn) BN_free(bn); if (rsa) RSA_free(rsa); if (out) BIO_free_all(out); free(passout); if (ret != 0) ERR_print_errors(bio_err); return (ret); }