1 /* Demo of how to construct your own engine and using it. The basis of this
2 engine is RSAref, an old reference of the RSA algorithm which can still
3 be found a little here and there. */
7 #include "./source/global.h"
8 #include "./source/rsaref.h"
9 #include "./source/rsa.h"
10 #include "./source/des.h"
11 #include <openssl/err.h>
12 #define OPENSSL_NO_MD2
13 #define OPENSSL_NO_MD5
14 #include <openssl/evp.h>
15 #include <openssl/bn.h>
16 #include <openssl/engine.h>
18 #define RSAREF_LIB_NAME "rsaref engine"
19 #include "rsaref_err.c"
21 /*****************************************************************************
22 *** Function declarations and global variable definitions ***
23 *****************************************************************************/
25 /*****************************************************************************
26 * Constants used when creating the ENGINE
28 static const char *engine_rsaref_id = "rsaref";
29 static const char *engine_rsaref_name = "RSAref engine support";
31 /*****************************************************************************
32 * Functions to handle the engine
34 static int rsaref_destroy(ENGINE *e);
35 static int rsaref_init(ENGINE *e);
36 static int rsaref_finish(ENGINE *e);
38 static int rsaref_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)());
41 /*****************************************************************************
44 static const ENGINE_CMD_DEFN rsaref_cmd_defns[] = {
48 /*****************************************************************************
51 static int rsaref_private_decrypt(int len, const unsigned char *from,
52 unsigned char *to, RSA *rsa, int padding);
53 static int rsaref_private_encrypt(int len, const unsigned char *from,
54 unsigned char *to, RSA *rsa, int padding);
55 static int rsaref_public_encrypt(int len, const unsigned char *from,
56 unsigned char *to, RSA *rsa, int padding);
57 static int rsaref_public_decrypt(int len, const unsigned char *from,
58 unsigned char *to, RSA *rsa, int padding);
59 static int bnref_mod_exp(BIGNUM *r,const BIGNUM *a,const BIGNUM *p,const BIGNUM *m,
60 BN_CTX *ctx, BN_MONT_CTX *m_ctx);
61 static int rsaref_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa);
63 /*****************************************************************************
66 static RSA_METHOD rsaref_rsa =
69 rsaref_public_encrypt,
70 rsaref_public_decrypt,
71 rsaref_private_encrypt,
72 rsaref_private_decrypt,
83 /*****************************************************************************
84 * Symetric cipher and digest function registrars
86 static int rsaref_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
87 const int **nids, int nid);
88 static int rsaref_digests(ENGINE *e, const EVP_MD **digest,
89 const int **nids, int nid);
91 static int rsaref_cipher_nids[] =
92 { NID_des_cbc, NID_des_ede3_cbc, NID_desx_cbc, 0 };
93 static int rsaref_digest_nids[] =
94 { NID_md2, NID_md5, 0 };
96 /*****************************************************************************
99 static int cipher_des_cbc_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
100 const unsigned char *iv, int enc);
101 static int cipher_des_cbc_code(EVP_CIPHER_CTX *ctx, unsigned char *out,
102 const unsigned char *in, unsigned int inl);
103 static int cipher_des_cbc_clean(EVP_CIPHER_CTX *);
104 static int cipher_des_ede3_cbc_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
105 const unsigned char *iv, int enc);
106 static int cipher_des_ede3_cbc_code(EVP_CIPHER_CTX *ctx, unsigned char *out,
107 const unsigned char *in, unsigned int inl);
108 static int cipher_des_ede3_cbc_clean(EVP_CIPHER_CTX *);
109 static int cipher_desx_cbc_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
110 const unsigned char *iv, int enc);
111 static int cipher_desx_cbc_code(EVP_CIPHER_CTX *ctx, unsigned char *out,
112 const unsigned char *in, unsigned int inl);
113 static int cipher_desx_cbc_clean(EVP_CIPHER_CTX *);
115 /*****************************************************************************
118 static const EVP_CIPHER cipher_des_cbc =
122 0 | EVP_CIPH_CBC_MODE,
125 cipher_des_cbc_clean,
133 static const EVP_CIPHER cipher_des_ede3_cbc =
137 0 | EVP_CIPH_CBC_MODE,
138 cipher_des_ede3_cbc_init,
139 cipher_des_ede3_cbc_code,
140 cipher_des_ede3_cbc_clean,
141 sizeof(DES3_CBC_CTX),
148 static const EVP_CIPHER cipher_desx_cbc =
152 0 | EVP_CIPH_CBC_MODE,
153 cipher_desx_cbc_init,
154 cipher_desx_cbc_code,
155 cipher_desx_cbc_clean,
156 sizeof(DESX_CBC_CTX),
163 /*****************************************************************************
166 static int digest_md2_init(EVP_MD_CTX *ctx);
167 static int digest_md2_update(EVP_MD_CTX *ctx,const void *data,
168 unsigned long count);
169 static int digest_md2_final(EVP_MD_CTX *ctx,unsigned char *md);
170 static int digest_md5_init(EVP_MD_CTX *ctx);
171 static int digest_md5_update(EVP_MD_CTX *ctx,const void *data,
172 unsigned long count);
173 static int digest_md5_final(EVP_MD_CTX *ctx,unsigned char *md);
175 /*****************************************************************************
178 static const EVP_MD digest_md2 =
181 NID_md2WithRSAEncryption,
194 static const EVP_MD digest_md5 =
197 NID_md5WithRSAEncryption,
210 /*****************************************************************************
211 *** Function definitions ***
212 *****************************************************************************/
214 /*****************************************************************************
215 * Functions to handle the engine
218 static int bind_rsaref(ENGINE *e)
220 const RSA_METHOD *meth1;
221 if(!ENGINE_set_id(e, engine_rsaref_id)
222 || !ENGINE_set_name(e, engine_rsaref_name)
223 || !ENGINE_set_RSA(e, &rsaref_rsa)
224 || !ENGINE_set_ciphers(e, rsaref_ciphers)
225 || !ENGINE_set_digests(e, rsaref_digests)
226 || !ENGINE_set_destroy_function(e, rsaref_destroy)
227 || !ENGINE_set_init_function(e, rsaref_init)
228 || !ENGINE_set_finish_function(e, rsaref_finish)
229 /* || !ENGINE_set_ctrl_function(e, rsaref_ctrl) */
230 /* || !ENGINE_set_cmd_defns(e, rsaref_cmd_defns) */)
233 /* Ensure the rsaref error handling is set up */
234 ERR_load_RSAREF_strings();
238 #ifdef ENGINE_DYNAMIC_SUPPORT
239 static int bind_helper(ENGINE *e, const char *id)
241 if(id && (strcmp(id, engine_rsaref_id) != 0))
247 IMPLEMENT_DYNAMIC_CHECK_FN()
248 IMPLEMENT_DYNAMIC_BIND_FN(bind_helper)
250 static ENGINE *engine_rsaref(void)
252 ENGINE *ret = ENGINE_new();
255 if(!bind_rsaref(ret))
263 void ENGINE_load_rsaref(void)
265 /* Copied from eng_[openssl|dyn].c */
266 ENGINE *toadd = engine_rsaref();
274 /* Initiator which is only present to make sure this engine looks available */
275 static int rsaref_init(ENGINE *e)
280 /* Finisher which is only present to make sure this engine looks available */
281 static int rsaref_finish(ENGINE *e)
286 /* Destructor (complements the "ENGINE_ncipher()" constructor) */
287 static int rsaref_destroy(ENGINE *e)
289 ERR_unload_RSAREF_strings();
293 /*****************************************************************************
297 static int rsaref_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa)
299 RSAREFerr(RSAREF_F_RSAREF_MOD_EXP,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
303 static int bnref_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
304 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
306 RSAREFerr(RSAREF_F_BNREF_MOD_EXP,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
310 /* unsigned char *to: [max] */
311 static int RSAref_bn2bin(BIGNUM *from, unsigned char *to, int max)
315 i=BN_num_bytes(from);
318 RSAREFerr(RSAREF_F_RSAREF_BN2BIN,RSAREF_R_LEN);
322 memset(to,0,(unsigned int)max);
323 if (!BN_bn2bin(from,&(to[max-i])))
329 /* unsigned char *from: [max] */
330 static BIGNUM *RSAref_bin2bn(unsigned char *from, BIGNUM *to, int max)
335 for (i=0; i<max; i++)
338 ret=BN_bin2bn(&(from[i]),max-i,to);
342 static int RSAref_Public_ref2eay(RSArefPublicKey *from, RSA *to)
344 to->n=RSAref_bin2bn(from->m,NULL,RSAref_MAX_LEN);
345 to->e=RSAref_bin2bn(from->e,NULL,RSAref_MAX_LEN);
346 if ((to->n == NULL) || (to->e == NULL)) return(0);
351 static int RSAref_Public_eay2ref(RSA *from, R_RSA_PUBLIC_KEY *to)
353 to->bits=BN_num_bits(from->n);
354 if (!RSAref_bn2bin(from->n,to->modulus,MAX_RSA_MODULUS_LEN)) return(0);
355 if (!RSAref_bn2bin(from->e,to->exponent,MAX_RSA_MODULUS_LEN)) return(0);
360 static int RSAref_Private_ref2eay(RSArefPrivateKey *from, RSA *to)
362 if ((to->n=RSAref_bin2bn(from->m,NULL,RSAref_MAX_LEN)) == NULL)
364 if ((to->e=RSAref_bin2bn(from->e,NULL,RSAref_MAX_LEN)) == NULL)
366 if ((to->d=RSAref_bin2bn(from->d,NULL,RSAref_MAX_LEN)) == NULL)
368 if ((to->p=RSAref_bin2bn(from->prime[0],NULL,RSAref_MAX_PLEN)) == NULL)
370 if ((to->q=RSAref_bin2bn(from->prime[1],NULL,RSAref_MAX_PLEN)) == NULL)
372 if ((to->dmp1=RSAref_bin2bn(from->pexp[0],NULL,RSAref_MAX_PLEN))
375 if ((to->dmq1=RSAref_bin2bn(from->pexp[1],NULL,RSAref_MAX_PLEN))
378 if ((to->iqmp=RSAref_bin2bn(from->coef,NULL,RSAref_MAX_PLEN)) == NULL)
384 static int RSAref_Private_eay2ref(RSA *from, R_RSA_PRIVATE_KEY *to)
386 to->bits=BN_num_bits(from->n);
387 if (!RSAref_bn2bin(from->n,to->modulus,MAX_RSA_MODULUS_LEN)) return(0);
388 if (!RSAref_bn2bin(from->e,to->publicExponent,MAX_RSA_MODULUS_LEN)) return(0);
389 if (!RSAref_bn2bin(from->d,to->exponent,MAX_RSA_MODULUS_LEN)) return(0);
390 if (!RSAref_bn2bin(from->p,to->prime[0],MAX_RSA_PRIME_LEN)) return(0);
391 if (!RSAref_bn2bin(from->q,to->prime[1],MAX_RSA_PRIME_LEN)) return(0);
392 if (!RSAref_bn2bin(from->dmp1,to->primeExponent[0],MAX_RSA_PRIME_LEN)) return(0);
393 if (!RSAref_bn2bin(from->dmq1,to->primeExponent[1],MAX_RSA_PRIME_LEN)) return(0);
394 if (!RSAref_bn2bin(from->iqmp,to->coefficient,MAX_RSA_PRIME_LEN)) return(0);
398 static int rsaref_private_decrypt(int len, const unsigned char *from, unsigned char *to,
399 RSA *rsa, int padding)
402 R_RSA_PRIVATE_KEY RSAkey;
404 if (!RSAref_Private_eay2ref(rsa,&RSAkey))
406 if ((i=RSAPrivateDecrypt(to,(unsigned int *)&outlen,(unsigned char *)from,len,&RSAkey)) != 0)
408 RSAREFerr(RSAREF_F_RSAREF_PRIVATE_DECRYPT,i);
412 memset(&RSAkey,0,sizeof(RSAkey));
416 static int rsaref_private_encrypt(int len, const unsigned char *from, unsigned char *to,
417 RSA *rsa, int padding)
420 R_RSA_PRIVATE_KEY RSAkey;
422 if (padding != RSA_PKCS1_PADDING)
424 RSAREFerr(RSAREF_F_RSAREF_PRIVATE_ENCRYPT, RSA_R_UNKNOWN_PADDING_TYPE);
427 if (!RSAref_Private_eay2ref(rsa,&RSAkey))
429 if ((i=RSAPrivateEncrypt(to,(unsigned int *)&outlen,(unsigned char *)from,len,&RSAkey)) != 0)
431 RSAREFerr(RSAREF_F_RSAREF_PRIVATE_ENCRYPT,i);
435 memset(&RSAkey,0,sizeof(RSAkey));
439 static int rsaref_public_decrypt(int len, const unsigned char *from, unsigned char *to,
440 RSA *rsa, int padding)
443 R_RSA_PUBLIC_KEY RSAkey;
445 if (!RSAref_Public_eay2ref(rsa,&RSAkey))
447 if ((i=RSAPublicDecrypt(to,(unsigned int *)&outlen,(unsigned char *)from,len,&RSAkey)) != 0)
449 RSAREFerr(RSAREF_F_RSAREF_PUBLIC_DECRYPT,i);
453 memset(&RSAkey,0,sizeof(RSAkey));
457 static int rsaref_public_encrypt(int len, const unsigned char *from, unsigned char *to,
458 RSA *rsa, int padding)
462 R_RSA_PUBLIC_KEY RSAkey;
464 unsigned char buf[16];
466 if (padding != RSA_PKCS1_PADDING && padding != RSA_SSLV23_PADDING)
468 RSAREFerr(RSAREF_F_RSAREF_PUBLIC_ENCRYPT, RSA_R_UNKNOWN_PADDING_TYPE);
473 R_GetRandomBytesNeeded((unsigned int *)&i,&rnd);
476 if (RAND_bytes(buf,16) <= 0)
478 R_RandomUpdate(&rnd,buf,(unsigned int)((i>16)?16:i));
482 if (!RSAref_Public_eay2ref(rsa,&RSAkey))
484 if ((i=RSAPublicEncrypt(to,(unsigned int *)&outlen,(unsigned char *)from,len,&RSAkey,&rnd)) != 0)
486 RSAREFerr(RSAREF_F_RSAREF_PUBLIC_ENCRYPT,i);
491 memset(&RSAkey,0,sizeof(RSAkey));
493 memset(&rnd,0,sizeof(rnd));
497 /*****************************************************************************
498 * Symetric cipher and digest function registrars
500 static int rsaref_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
501 const int **nids, int nid)
506 /* We are returning a list of supported nids */
507 *nids = rsaref_cipher_nids;
508 return (sizeof(rsaref_cipher_nids)-1)/sizeof(rsaref_cipher_nids[0]);
510 /* We are being asked for a specific cipher */
514 *cipher = &cipher_des_cbc; break;
515 case NID_des_ede3_cbc:
516 *cipher = &cipher_des_ede3_cbc; break;
518 *cipher = &cipher_desx_cbc; break;
526 static int rsaref_digests(ENGINE *e, const EVP_MD **digest,
527 const int **nids, int nid)
532 /* We are returning a list of supported nids */
533 *nids = rsaref_digest_nids;
534 return (sizeof(rsaref_digest_nids)-1)/sizeof(rsaref_digest_nids[0]);
536 /* We are being asked for a specific digest */
540 *digest = &digest_md2; break;
542 *digest = &digest_md5; break;
551 /*****************************************************************************
555 #define data(ctx) ((DES_CBC_CTX *)(ctx)->cipher_data)
556 static int cipher_des_cbc_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
557 const unsigned char *iv, int enc)
559 DES_CBCInit(data(ctx), (unsigned char *)key, (unsigned char *)iv, enc);
562 static int cipher_des_cbc_code(EVP_CIPHER_CTX *ctx, unsigned char *out,
563 const unsigned char *in, unsigned int inl)
565 int ret = DES_CBCUpdate(data(ctx), out, (unsigned char *)in, inl);
569 RSAREFerr(RSAREF_F_CIPHER_DES_CBC_CODE,RSAREF_R_LENGTH_NOT_BLOCK_ALIGNED);
574 RSAREFerr(RSAREF_F_CIPHER_DES_CBC_CODE,RSAREF_R_UNKNOWN_FAULT);
578 static int cipher_des_cbc_clean(EVP_CIPHER_CTX *ctx)
580 memset(data(ctx), 0, ctx->cipher->ctx_size);
585 #define data(ctx) ((DES3_CBC_CTX *)(ctx)->cipher_data)
586 static int cipher_des_ede3_cbc_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
587 const unsigned char *iv, int enc)
589 DES3_CBCInit(data(ctx), (unsigned char *)key, (unsigned char *)iv,
593 static int cipher_des_ede3_cbc_code(EVP_CIPHER_CTX *ctx, unsigned char *out,
594 const unsigned char *in, unsigned int inl)
596 int ret = DES3_CBCUpdate(data(ctx), out, (unsigned char *)in, inl);
600 RSAREFerr(RSAREF_F_CIPHER_DES_CBC_CODE,RSAREF_R_LENGTH_NOT_BLOCK_ALIGNED);
605 RSAREFerr(RSAREF_F_CIPHER_DES_CBC_CODE,RSAREF_R_UNKNOWN_FAULT);
609 static int cipher_des_ede3_cbc_clean(EVP_CIPHER_CTX *ctx)
611 memset(data(ctx), 0, ctx->cipher->ctx_size);
616 #define data(ctx) ((DESX_CBC_CTX *)(ctx)->cipher_data)
617 static int cipher_desx_cbc_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
618 const unsigned char *iv, int enc)
620 DESX_CBCInit(data(ctx), (unsigned char *)key, (unsigned char *)iv,
624 static int cipher_desx_cbc_code(EVP_CIPHER_CTX *ctx, unsigned char *out,
625 const unsigned char *in, unsigned int inl)
627 int ret = DESX_CBCUpdate(data(ctx), out, (unsigned char *)in, inl);
631 RSAREFerr(RSAREF_F_CIPHER_DES_CBC_CODE,RSAREF_R_LENGTH_NOT_BLOCK_ALIGNED);
636 RSAREFerr(RSAREF_F_CIPHER_DES_CBC_CODE,RSAREF_R_UNKNOWN_FAULT);
640 static int cipher_desx_cbc_clean(EVP_CIPHER_CTX *ctx)
642 memset(data(ctx), 0, ctx->cipher->ctx_size);
646 /*****************************************************************************
650 #define data(ctx) ((MD2_CTX *)(ctx)->md_data)
651 static int digest_md2_init(EVP_MD_CTX *ctx)
656 static int digest_md2_update(EVP_MD_CTX *ctx,const void *data,
659 MD2Update(data(ctx), (unsigned char *)data, (unsigned int)count);
662 static int digest_md2_final(EVP_MD_CTX *ctx,unsigned char *md)
664 MD2Final(md, data(ctx));
669 #define data(ctx) ((MD5_CTX *)(ctx)->md_data)
670 static int digest_md5_init(EVP_MD_CTX *ctx)
675 static int digest_md5_update(EVP_MD_CTX *ctx,const void *data,
678 MD5Update(data(ctx), (unsigned char *)data, (unsigned int)count);
681 static int digest_md5_final(EVP_MD_CTX *ctx,unsigned char *md)
683 MD5Final(md, data(ctx));