42 #include <openssl/bio.h>
43 #include <openssl/err.h>
44 #include <openssl/pem.h>
45 #if OPENSSL_VERSION_NUMBER >= 0x30000000L
46 #include <openssl/core_names.h>
49 #if OPENSSL_VERSION_NUMBER < 0x10100000L
52 if (pkey->type != EVP_PKEY_RSA) {
55 return pkey->pkey.rsa;
59 const BIGNUM **n,
const BIGNUM **e,
const BIGNUM **d)
72 #if OPENSSL_VERSION_NUMBER < 0x10101000L
75 rc = RSA_check_key(rsa);
79 EVP_PKEY_CTX *ckctx = EVP_PKEY_CTX_new(pkey, 0);
80 rc = EVP_PKEY_check(ckctx);
81 EVP_PKEY_CTX_free(ckctx);
93 EPNAME(
"RSA::XrdCryptosslRSA");
105 DEBUG(
"bits: "<<bits<<
", exp: "<<exp);
108 BIGNUM *e = BN_new();
110 DEBUG(
"cannot allocate new exponent");
116 EVP_PKEY_CTX *pkctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, 0);
117 EVP_PKEY_keygen_init(pkctx);
118 EVP_PKEY_CTX_set_rsa_keygen_bits(pkctx, bits);
119 #if OPENSSL_VERSION_NUMBER >= 0x30000000L
120 EVP_PKEY_CTX_set1_rsa_keygen_pubexp(pkctx, e);
123 EVP_PKEY_CTX_set_rsa_keygen_pubexp(pkctx, e);
125 EVP_PKEY_keygen(pkctx, &fEVP);
126 EVP_PKEY_CTX_free(pkctx);
132 DEBUG(
"basic length: "<<EVP_PKEY_size(fEVP)<<
" bytes");
134 DEBUG(
"WARNING: generated key is invalid");
163 EPNAME(
"RSA::XrdCryptosslRSA_key");
171 DEBUG(
"no input key");
182 DEBUG(
"key contains inconsistent information");
197 EPNAME(
"RSA::XrdCryptosslRSA_copy");
204 DEBUG(
"input key is empty");
209 #if OPENSSL_VERSION_NUMBER >= 0x30000000L
210 BIGNUM *d = BN_new();
212 (EVP_PKEY_get_bn_param(r.fEVP, OSSL_PKEY_PARAM_RSA_D, &d) != 1);
217 bool publiconly = (d == 0);
221 BIO *bcpy = BIO_new(BIO_s_mem());
226 ok = (PEM_write_bio_PUBKEY(bcpy, r.fEVP) != 0);
229 ok = (PEM_write_bio_PrivateKey(bcpy,r.fEVP,0,0,0,0,0) != 0);
234 if ((fEVP = PEM_read_bio_PUBKEY(bcpy, 0, 0, 0))) {
238 if ((fEVP = PEM_read_bio_PrivateKey(bcpy,0,0,0))) {
268 int lcmax = EVP_PKEY_size(fEVP) - 42;
270 return ((lin / lcmax) + 1) * EVP_PKEY_size(fEVP);
291 EVP_PKEY *keytmp = 0;
294 BIO *bpub = BIO_new(BIO_s_mem());
297 lpub = (lpub <= 0) ? strlen(pub) : lpub;
300 BIO_write(bpub,(
void *)pub,lpub);
303 if ((keytmp = PEM_read_bio_PUBKEY(bpub, 0, 0, 0))) {
330 BIO *bpri = BIO_new(BIO_s_mem());
333 lpri = (lpri <= 0) ? strlen(pri) : lpri;
336 BIO_write(bpri,(
void *)pri,lpri);
339 if (PEM_read_bio_PrivateKey(bpri, &fEVP, 0, 0)) {
354 DEBUG(
"---------------------------------------");
355 DEBUG(
"address: "<<
this);
360 DEBUG(
"export pub key:"<<std::endl<<btmp);
363 DEBUG(
"cannot allocate memory for public key");
366 DEBUG(
"key is invalid");
368 DEBUG(
"---------------------------------------");
378 BIO *bkey = BIO_new(BIO_s_mem());
380 PEM_write_bio_PUBKEY(bkey,fEVP);
383 publen = (int) BIO_get_mem_data(bkey, &cbio);
395 EPNAME(
"RSA::ExportPublic");
399 DEBUG(
"key not valid");
405 DEBUG(
"output buffer undefined!");
410 BIO *bkey = BIO_new(BIO_s_mem());
413 PEM_write_bio_PUBKEY(bkey,fEVP);
417 int lbio = (int) BIO_get_mem_data(bkey, &cbio);
418 if (lbio <= 0 || !cbio) {
419 DEBUG(
"problems attaching to BIO content");
424 memcpy(out, cbio, lbio);
427 DEBUG(
"("<<lbio<<
" bytes) "<< std::endl <<out);
440 BIO *bkey = BIO_new(BIO_s_mem());
442 PEM_write_bio_PrivateKey(bkey,fEVP,0,0,0,0,0);
445 prilen = (int) BIO_get_mem_data(bkey, &cbio);
458 EPNAME(
"RSA::ExportPrivate");
462 DEBUG(
"key not valid");
468 DEBUG(
"output buffer undefined!");
473 BIO *bkey = BIO_new(BIO_s_mem());
476 PEM_write_bio_PrivateKey(bkey,fEVP,0,0,0,0,0);
480 int lbio = (int) BIO_get_mem_data(bkey, &cbio);
481 if (lbio <= 0 || !cbio) {
482 DEBUG(
"problems attaching to BIO content");
487 memcpy(out, cbio, lbio);
490 DEBUG(
"("<<lbio<<
" bytes) "<< std::endl <<out);
503 EPNAME(
"RSA::EncryptPrivate");
506 if (!in || lin <= 0) {
507 DEBUG(
"input buffer undefined");
512 if (!out || loutmax <= 0) {
513 DEBUG(
"output buffer undefined");
519 size_t lcmax = EVP_PKEY_size(fEVP) - 11;
525 EVP_PKEY_CTX *ctx = EVP_PKEY_CTX_new(fEVP, 0);
526 EVP_PKEY_sign_init(ctx);
527 EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING);
528 while (len > 0 && ke <=
int(loutmax - lout)) {
529 size_t lc = (len > lcmax) ? lcmax : len;
531 if (EVP_PKEY_sign(ctx, (
unsigned char *)&out[ke], &lout,
532 (
unsigned char *)&in[kk], lc) <= 0) {
533 EVP_PKEY_CTX_free(ctx);
535 ERR_error_string(ERR_get_error(), serr);
536 DEBUG(
"error: " <<serr);
543 EVP_PKEY_CTX_free(ctx);
544 if (len > 0 && ke >
int(loutmax - lout))
545 DEBUG(
"buffer truncated");
558 EPNAME(
"RSA::EncryptPublic");
561 if (!in || lin <= 0) {
562 DEBUG(
"input buffer undefined");
567 if (!out || loutmax <= 0) {
568 DEBUG(
"output buffer undefined");
574 size_t lcmax = EVP_PKEY_size(fEVP) - 42;
580 EVP_PKEY_CTX *ctx = EVP_PKEY_CTX_new(fEVP, 0);
581 EVP_PKEY_encrypt_init(ctx);
582 EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_OAEP_PADDING);
583 while (len > 0 && ke <=
int(loutmax - lout)) {
584 size_t lc = (len > lcmax) ? lcmax : len;
586 if (EVP_PKEY_encrypt(ctx, (
unsigned char *)&out[ke], &lout,
587 (
unsigned char *)&in[kk], lc) <= 0) {
588 EVP_PKEY_CTX_free(ctx);
590 ERR_error_string(ERR_get_error(), serr);
591 DEBUG(
"error: " <<serr);
598 EVP_PKEY_CTX_free(ctx);
599 if (len > 0 && ke >
int(loutmax - lout))
600 DEBUG(
"buffer truncated");
613 EPNAME(
"RSA::DecryptPrivate");
616 if (!in || lin <= 0) {
617 DEBUG(
"input buffer undefined");
622 if (!out || loutmax <= 0) {
623 DEBUG(
"output buffer undefined");
629 size_t lcmax = EVP_PKEY_size(fEVP);
635 EVP_PKEY_CTX *ctx = EVP_PKEY_CTX_new(fEVP, 0);
636 EVP_PKEY_decrypt_init(ctx);
637 EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_OAEP_PADDING);
638 while (len > 0 && ke <=
int(loutmax - lout)) {
640 if (EVP_PKEY_decrypt(ctx, (
unsigned char *)&out[ke], &lout,
641 (
unsigned char *)&in[kk], lcmax) <= 0) {
642 EVP_PKEY_CTX_free(ctx);
644 ERR_error_string(ERR_get_error(), serr);
645 DEBUG(
"error: " <<serr);
652 EVP_PKEY_CTX_free(ctx);
653 if (len > 0 && ke >
int(loutmax - lout))
654 PRINT(
"buffer truncated");
667 EPNAME(
"RSA::DecryptPublic");
670 if (!in || lin <= 0) {
671 DEBUG(
"input buffer undefined");
676 if (!out || loutmax <= 0) {
677 DEBUG(
"output buffer undefined");
683 size_t lcmax = EVP_PKEY_size(fEVP);
689 EVP_PKEY_CTX *ctx = EVP_PKEY_CTX_new(fEVP, 0);
690 EVP_PKEY_verify_recover_init(ctx);
691 EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING);
692 while (len > 0 && ke <=
int(loutmax - lout)) {
694 if (EVP_PKEY_verify_recover(ctx, (
unsigned char *)&out[ke], &lout,
695 (
unsigned char *)&in[kk], lcmax) <= 0) {
696 EVP_PKEY_CTX_free(ctx);
698 ERR_error_string(ERR_get_error(), serr);
699 PRINT(
"error: " <<serr);
706 EVP_PKEY_CTX_free(ctx);
707 if (len > 0 && ke >
int(loutmax - lout))
708 PRINT(
"buffer truncated");
#define XrdCryptoMinRSABits
#define XrdCryptoDefRSAExp
#define XrdCryptoDefRSABits
static int XrdCheckRSA(EVP_PKEY *pkey)
static void RSA_get0_key(const RSA *r, const BIGNUM **n, const BIGNUM **e, const BIGNUM **d)
static RSA * EVP_PKEY_get0_RSA(EVP_PKEY *pkey)
int EncryptPrivate(const char *in, int lin, char *out, int lout)
int ExportPublic(char *out, int lout)
int ImportPublic(const char *in, int lin)
XrdCryptosslRSA(int bits=XrdCryptoMinRSABits, int exp=XrdCryptoDefRSAExp)
int DecryptPrivate(const char *in, int lin, char *out, int lout)
int ExportPrivate(char *out, int lout)
int ImportPrivate(const char *in, int lin)
virtual ~XrdCryptosslRSA()
int EncryptPublic(const char *in, int lin, char *out, int lout)
int DecryptPublic(const char *in, int lin, char *out, int lout)