2 * dlls/rsaenh/implossl.c
3 * Encapsulating the OpenSSL dependend parts of RSAENH
5 * Copyright (c) 2004 Michael Jung
7 * based on code by Mike McCormack and David Hammerton
9 * This library is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU Lesser General Public
11 * License as published by the Free Software Foundation; either
12 * version 2.1 of the License, or (at your option) any later version.
14 * This library is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
17 * Lesser General Public License for more details.
19 * You should have received a copy of the GNU Lesser General Public
20 * License along with this library; if not, write to the Free Software
21 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
25 #include "wine/port.h"
26 #include "wine/library.h"
27 #include "wine/debug.h"
36 WINE_DEFAULT_DEBUG_CHANNEL(crypt);
38 #ifndef SONAME_LIBCRYPTO
39 #define SONAME_LIBCRYPTO "libcrypto.so"
42 static void *libcrypto;
44 #define MAKE_FUNCPTR(f) static typeof(f) * p##f
46 /* OpenSSL funtions that we use */
47 #ifdef HAVE_OPENSSL_MD2_H
48 MAKE_FUNCPTR(MD2_Init);
49 MAKE_FUNCPTR(MD2_Update);
50 MAKE_FUNCPTR(MD2_Final);
52 #ifdef HAVE_OPENSSL_RC2_H
53 MAKE_FUNCPTR(RC2_set_key);
54 MAKE_FUNCPTR(RC2_ecb_encrypt);
56 #ifdef HAVE_OPENSSL_RC4_H
57 MAKE_FUNCPTR(RC4_set_key);
60 #ifdef HAVE_OPENSSL_DES_H
61 MAKE_FUNCPTR(DES_set_odd_parity);
62 MAKE_FUNCPTR(DES_set_key_unchecked);
63 MAKE_FUNCPTR(DES_ecb_encrypt);
64 MAKE_FUNCPTR(DES_ecb3_encrypt);
66 #ifdef HAVE_OPENSSL_RSA_H
67 MAKE_FUNCPTR(RSA_generate_key);
68 MAKE_FUNCPTR(RSA_free);
69 MAKE_FUNCPTR(RSA_size);
70 MAKE_FUNCPTR(RSA_check_key);
71 MAKE_FUNCPTR(RSA_public_encrypt);
72 MAKE_FUNCPTR(RSA_private_encrypt);
73 MAKE_FUNCPTR(RSAPrivateKey_dup);
74 MAKE_FUNCPTR(BN_bn2bin);
75 MAKE_FUNCPTR(BN_bin2bn);
76 MAKE_FUNCPTR(BN_get_word);
77 MAKE_FUNCPTR(BN_set_word);
78 MAKE_FUNCPTR(BN_num_bits);
81 /* Function prototypes copied from dlls/advapi32/crypt_md4.c */
82 VOID WINAPI MD4Init( MD4_CTX *ctx );
83 VOID WINAPI MD4Update( MD4_CTX *ctx, const unsigned char *buf, unsigned int len );
84 VOID WINAPI MD4Final( MD4_CTX *ctx );
85 /* Function prototypes copied from dlls/advapi32/crypt_md5.c */
86 VOID WINAPI MD5Init( MD5_CTX *ctx );
87 VOID WINAPI MD5Update( MD5_CTX *ctx, const unsigned char *buf, unsigned int len );
88 VOID WINAPI MD5Final( MD5_CTX *ctx );
89 /* Function prototypes copied from dlls/advapi32/crypt_sha.c */
90 VOID WINAPI A_SHAInit(PSHA_CTX Context);
91 VOID WINAPI A_SHAUpdate(PSHA_CTX Context, PCHAR Buffer, UINT BufferSize);
92 VOID WINAPI A_SHAFinal(PSHA_CTX Context, PULONG Result);
97 /* FIXME: Is this portable? */
98 #if defined HAVE_OPENSSL_MD2_H || defined HAVE_OPENSSL_RC2_H || defined HAVE_OPENSSL_RC4_H || \
99 defined HAVE_OPENSSL_DES_H || defined HAVE_OPENSSL_RSA_H
100 libcrypto = wine_dlopen(SONAME_LIBCRYPTO, RTLD_NOW, NULL, 0);
103 MESSAGE("Couldn't load %s, RSA encryption not available.\n", SONAME_LIBCRYPTO);
104 MESSAGE("Install the openssl package if you're have problems.\n");
105 SetLastError(NTE_PROVIDER_DLL_FAIL);
109 #define GETFUNC(x) p##x = wine_dlsym(libcrypto, #x, NULL, 0);
111 #ifdef HAVE_OPENSSL_MD2_H
116 #ifdef HAVE_OPENSSL_RC2_H
117 GETFUNC(RC2_set_key);
118 GETFUNC(RC2_ecb_encrypt);
120 #ifdef HAVE_OPENSSL_RC4_H
121 GETFUNC(RC4_set_key);
124 #ifdef HAVE_OPENSSL_DES_H
125 GETFUNC(DES_set_odd_parity);
126 GETFUNC(DES_set_key_unchecked);
127 GETFUNC(DES_ecb_encrypt);
128 GETFUNC(DES_ecb3_encrypt);
130 #ifdef HAVE_OPENSSL_RSA_H
131 GETFUNC(RSA_generate_key);
134 GETFUNC(RSA_check_key);
135 GETFUNC(RSA_public_encrypt);
136 GETFUNC(RSA_private_encrypt);
137 GETFUNC(RSAPrivateKey_dup);
140 GETFUNC(BN_get_word);
141 GETFUNC(BN_set_word);
142 GETFUNC(BN_num_bits);
145 #endif /* ifdef have any openssl header */
149 BOOL init_hash_impl(ALG_ID aiAlgid, HASH_CONTEXT *pHashContext)
153 #ifdef HAVE_OPENSSL_MD2_H
157 SetLastError(NTE_PROVIDER_DLL_FAIL);
160 pMD2_Init(&pHashContext->md2);
164 MD4Init(&pHashContext->md4);
168 MD5Init(&pHashContext->md5);
172 A_SHAInit(&pHashContext->sha);
176 SetLastError(NTE_BAD_ALGID);
183 BOOL update_hash_impl(ALG_ID aiAlgid, HASH_CONTEXT *pHashContext, CONST BYTE *pbData,
188 #ifdef HAVE_OPENSSL_MD2_H
192 SetLastError(NTE_PROVIDER_DLL_FAIL);
195 pMD2_Update(&pHashContext->md2, pbData, dwDataLen);
199 MD4Update(&pHashContext->md4, pbData, dwDataLen);
203 MD5Update(&pHashContext->md5, pbData, dwDataLen);
207 A_SHAUpdate(&pHashContext->sha, (PCHAR)pbData, dwDataLen);
211 SetLastError(NTE_BAD_ALGID);
218 BOOL finalize_hash_impl(ALG_ID aiAlgid, HASH_CONTEXT *pHashContext, BYTE *pbHashValue)
222 #ifdef HAVE_OPENSSL_MD2_H
226 SetLastError(NTE_PROVIDER_DLL_FAIL);
229 pMD2_Final(pbHashValue, &pHashContext->md2);
233 MD4Final(&pHashContext->md4);
234 memcpy(pbHashValue, pHashContext->md4.digest, 16);
238 MD5Final(&pHashContext->md5);
239 memcpy(pbHashValue, pHashContext->md5.digest, 16);
243 A_SHAFinal(&pHashContext->sha, (PULONG)pbHashValue);
247 SetLastError(NTE_BAD_ALGID);
254 BOOL duplicate_hash_impl(ALG_ID aiAlgid, CONST HASH_CONTEXT *pSrcHashContext,
255 HASH_CONTEXT *pDestHashContext)
257 memcpy(pDestHashContext, pSrcHashContext, sizeof(HASH_CONTEXT));
262 BOOL new_key_impl(ALG_ID aiAlgid, KEY_CONTEXT *pKeyContext, DWORD dwKeyLen)
266 #ifdef HAVE_OPENSSL_RSA_H
269 if (!pRSA_generate_key)
271 SetLastError(NTE_PROVIDER_DLL_FAIL);
274 pKeyContext->rsa = pRSA_generate_key((int)dwKeyLen*8, 65537, NULL, NULL);
278 SetLastError(NTE_BAD_ALGID);
285 BOOL free_key_impl(ALG_ID aiAlgid, KEY_CONTEXT *pKeyContext)
289 #ifdef HAVE_OPENSSL_RSA_H
294 SetLastError(NTE_PROVIDER_DLL_FAIL);
297 if (pKeyContext->rsa) pRSA_free(pKeyContext->rsa);
301 SetLastError(NTE_BAD_ALGID);
308 BOOL setup_key_impl(ALG_ID aiAlgid, KEY_CONTEXT *pKeyContext, DWORD dwKeyLen, DWORD dwSaltLen,
313 #ifdef HAVE_OPENSSL_RC4_H
317 SetLastError(NTE_PROVIDER_DLL_FAIL);
320 pRC4_set_key(&pKeyContext->rc4, dwKeyLen + dwSaltLen, abKeyValue);
323 #ifdef HAVE_OPENSSL_RC2_H
327 SetLastError(NTE_PROVIDER_DLL_FAIL);
330 pRC2_set_key(&pKeyContext->rc2, dwKeyLen + dwSaltLen, abKeyValue, dwKeyLen * 8);
333 #ifdef HAVE_OPENSSL_DES_H
335 if (!pDES_set_odd_parity || !pDES_set_key_unchecked)
337 SetLastError(NTE_PROVIDER_DLL_FAIL);
340 pDES_set_odd_parity(&((DES_cblock*)abKeyValue)[2]);
341 pDES_set_key_unchecked(&((DES_cblock*)abKeyValue)[2], &pKeyContext->des[2]);
344 if (!pDES_set_odd_parity || !pDES_set_key_unchecked)
346 SetLastError(NTE_PROVIDER_DLL_FAIL);
349 pDES_set_odd_parity(&((DES_cblock*)abKeyValue)[1]);
350 pDES_set_key_unchecked(&((DES_cblock*)abKeyValue)[1], &pKeyContext->des[1]);
353 if (!pDES_set_odd_parity || !pDES_set_key_unchecked)
355 SetLastError(NTE_PROVIDER_DLL_FAIL);
358 pDES_set_odd_parity((DES_cblock*)abKeyValue);
359 pDES_set_key_unchecked((DES_cblock*)abKeyValue, &pKeyContext->des[0]);
363 SetLastError(NTE_BAD_ALGID);
370 BOOL duplicate_key_impl(ALG_ID aiAlgid, CONST KEY_CONTEXT *pSrcKeyContext,
371 KEY_CONTEXT *pDestKeyContext)
380 memcpy(pDestKeyContext, pSrcKeyContext, sizeof(KEY_CONTEXT));
382 #ifdef HAVE_OPENSSL_RSA_H
385 if (!pRSAPrivateKey_dup)
387 SetLastError(NTE_PROVIDER_DLL_FAIL);
390 pDestKeyContext->rsa = pRSAPrivateKey_dup(pSrcKeyContext->rsa);
394 SetLastError(NTE_BAD_ALGID);
401 #ifdef HAVE_OPENSSL_RSA_H
402 static inline void reverse_bytes(BYTE *pbData, DWORD dwLen) {
406 for (i=0; i<dwLen/2; i++) {
408 pbData[i] = pbData[dwLen-i-1];
409 pbData[dwLen-i-1] = swap;
414 BOOL encrypt_block_impl(ALG_ID aiAlgid, KEY_CONTEXT *pKeyContext, CONST BYTE *in, BYTE *out,
417 #ifdef HAVE_OPENSSL_RSA_H
422 #ifdef HAVE_OPENSSL_RC2_H
424 if (!pRC2_ecb_encrypt)
426 SetLastError(NTE_PROVIDER_DLL_FAIL);
429 pRC2_ecb_encrypt(in, out, &pKeyContext->rc2, enc ? RC2_ENCRYPT : RC2_DECRYPT);
432 #ifdef HAVE_OPENSSL_DES_H
434 if (!pDES_ecb_encrypt)
436 SetLastError(NTE_PROVIDER_DLL_FAIL);
439 pDES_ecb_encrypt((const_DES_cblock*)in, (DES_cblock*)out, &pKeyContext->des[0],
440 enc ? DES_ENCRYPT : DES_DECRYPT);
444 if (!pDES_ecb3_encrypt)
446 SetLastError(NTE_PROVIDER_DLL_FAIL);
449 pDES_ecb3_encrypt((const_DES_cblock*)in, (DES_cblock*)out,
450 &pKeyContext->des[0], &pKeyContext->des[1], &pKeyContext->des[0],
451 enc ? DES_ENCRYPT : DES_DECRYPT);
455 if (!pDES_ecb3_encrypt)
457 SetLastError(NTE_PROVIDER_DLL_FAIL);
460 pDES_ecb3_encrypt((const_DES_cblock*)in, (DES_cblock*)out,
461 &pKeyContext->des[0], &pKeyContext->des[1], &pKeyContext->des[2],
462 enc ? DES_ENCRYPT : DES_DECRYPT);
465 #ifdef HAVE_OPENSSL_RSA_H
467 if (!pBN_num_bits || !pRSA_public_encrypt || !pRSA_private_encrypt)
469 SetLastError(NTE_PROVIDER_DLL_FAIL);
472 cLen = pBN_num_bits(pKeyContext->rsa->n)/8;
474 pRSA_public_encrypt(cLen, in, out, pKeyContext->rsa, RSA_NO_PADDING);
475 reverse_bytes((BYTE*)in, cLen);
477 reverse_bytes((BYTE*)in, cLen);
478 pRSA_private_encrypt(cLen, in, out, pKeyContext->rsa, RSA_NO_PADDING);
483 if (!pBN_num_bits || !pRSA_public_encrypt || !pRSA_private_encrypt)
485 SetLastError(NTE_PROVIDER_DLL_FAIL);
488 cLen = pBN_num_bits(pKeyContext->rsa->n)/8;
490 pRSA_private_encrypt(cLen, in, out, pKeyContext->rsa, RSA_NO_PADDING);
491 reverse_bytes((BYTE*)in, cLen);
493 reverse_bytes((BYTE*)in, cLen);
494 pRSA_public_encrypt(cLen, in, out, pKeyContext->rsa, RSA_NO_PADDING);
499 SetLastError(NTE_BAD_ALGID);
506 BOOL encrypt_stream_impl(ALG_ID aiAlgid, KEY_CONTEXT *pKeyContext, BYTE *stream, DWORD dwLen)
509 #ifdef HAVE_OPENSSL_RC4_H
513 SetLastError(NTE_PROVIDER_DLL_FAIL);
516 pRC4(&pKeyContext->rc4, (unsigned long)dwLen, stream, stream);
520 SetLastError(NTE_BAD_ALGID);
527 BOOL gen_rand_impl(BYTE *pbBuffer, DWORD dwLen)
531 /* FIXME: /dev/urandom does not provide random numbers of a sufficient
532 * quality for cryptographic applications. /dev/random is much better,
533 * but it blocks if the kernel has not yet collected enough entropy for
534 * the request, which will suspend the calling thread for an indefinite
536 dev_random = fopen("/dev/urandom", "r");
539 if (fread(pbBuffer, (size_t)dwLen, 1, dev_random) == 1)
546 SetLastError(NTE_FAIL);
550 BOOL export_public_key_impl(BYTE *pbDest, KEY_CONTEXT *pKeyContext, DWORD dwKeyLen,DWORD *pdwPubExp)
552 #ifdef HAVE_OPENSSL_RSA_H
553 if (!pBN_bn2bin || !pBN_get_word)
555 SetLastError(NTE_PROVIDER_DLL_FAIL);
559 pBN_bn2bin(pKeyContext->rsa->n, pbDest);
560 reverse_bytes(pbDest, dwKeyLen);
561 *pdwPubExp = (DWORD)pBN_get_word(pKeyContext->rsa->e);
565 SetLastError(NTE_FAIL);
570 BOOL import_public_key_impl(CONST BYTE *pbSrc, KEY_CONTEXT *pKeyContext, DWORD dwKeyLen,
573 #ifdef HAVE_OPENSSL_RSA_H
576 if (!pBN_bin2bn || !pBN_set_word)
578 SetLastError(NTE_PROVIDER_DLL_FAIL);
582 pbTemp = (BYTE*)HeapAlloc(GetProcessHeap(), 0, dwKeyLen);
583 if (!pbTemp) return FALSE;
584 memcpy(pbTemp, pbSrc, dwKeyLen);
585 reverse_bytes(pbTemp, dwKeyLen);
586 pBN_bin2bn(pbTemp, dwKeyLen, pKeyContext->rsa->n);
587 HeapFree(GetProcessHeap(), 0, pbTemp);
589 pBN_set_word(pKeyContext->rsa->e, (BN_ULONG)dwPubExp);
593 SetLastError(NTE_FAIL);
598 BOOL export_private_key_impl(BYTE *pbDest, KEY_CONTEXT *pKeyContext, DWORD dwKeyLen,
601 #ifdef HAVE_OPENSSL_RSA_H
602 if (!pBN_bn2bin || !pBN_get_word)
604 SetLastError(NTE_PROVIDER_DLL_FAIL);
608 pBN_bn2bin(pKeyContext->rsa->n, pbDest);
609 reverse_bytes(pbDest, dwKeyLen);
611 pBN_bn2bin(pKeyContext->rsa->p, pbDest);
612 reverse_bytes(pbDest, (dwKeyLen+1)>>1);
613 pbDest += (dwKeyLen+1)>>1;
614 pBN_bn2bin(pKeyContext->rsa->q, pbDest);
615 reverse_bytes(pbDest, (dwKeyLen+1)>>1);
616 pbDest += (dwKeyLen+1)>>1;
617 pBN_bn2bin(pKeyContext->rsa->dmp1, pbDest);
618 reverse_bytes(pbDest, (dwKeyLen+1)>>1);
619 pbDest += (dwKeyLen+1)>>1;
620 pBN_bn2bin(pKeyContext->rsa->dmq1, pbDest);
621 reverse_bytes(pbDest, (dwKeyLen+1)>>1);
622 pbDest += (dwKeyLen+1)>>1;
623 pBN_bn2bin(pKeyContext->rsa->iqmp, pbDest);
624 reverse_bytes(pbDest, (dwKeyLen+1)>>1);
625 pbDest += (dwKeyLen+1)>>1;
626 pBN_bn2bin(pKeyContext->rsa->d, pbDest);
627 reverse_bytes(pbDest, dwKeyLen);
628 *pdwPubExp = (DWORD)pBN_get_word(pKeyContext->rsa->e);
632 SetLastError(NTE_FAIL);
637 BOOL import_private_key_impl(CONST BYTE *pbSrc, KEY_CONTEXT *pKeyContext, DWORD dwKeyLen,
640 #ifdef HAVE_OPENSSL_RSA_H
641 BYTE *pbTemp, *pbBigNum;
643 if (!pBN_bin2bn || !pBN_set_word)
645 SetLastError(NTE_PROVIDER_DLL_FAIL);
649 pbTemp = HeapAlloc(GetProcessHeap(), 0, 2*dwKeyLen+5*((dwKeyLen+1)>>1));
650 if (!pbTemp) return FALSE;
651 memcpy(pbTemp, pbSrc, 2*dwKeyLen+5*((dwKeyLen+1)>>1));
654 reverse_bytes(pbBigNum, dwKeyLen);
655 pBN_bin2bn(pbBigNum, dwKeyLen, pKeyContext->rsa->n);
656 pbBigNum += dwKeyLen;
657 reverse_bytes(pbBigNum, (dwKeyLen+1)>>1);
658 pBN_bin2bn(pbBigNum, (dwKeyLen+1)>>1, pKeyContext->rsa->p);
659 pbBigNum += (dwKeyLen+1)>>1;
660 reverse_bytes(pbBigNum, (dwKeyLen+1)>>1);
661 pBN_bin2bn(pbBigNum, (dwKeyLen+1)>>1, pKeyContext->rsa->q);
662 pbBigNum += (dwKeyLen+1)>>1;
663 reverse_bytes(pbBigNum, (dwKeyLen+1)>>1);
664 pBN_bin2bn(pbBigNum, (dwKeyLen+1)>>1, pKeyContext->rsa->dmp1);
665 pbBigNum += (dwKeyLen+1)>>1;
666 reverse_bytes(pbBigNum, (dwKeyLen+1)>>1);
667 pBN_bin2bn(pbBigNum, (dwKeyLen+1)>>1, pKeyContext->rsa->dmq1);
668 pbBigNum += (dwKeyLen+1)>>1;
669 reverse_bytes(pbBigNum, (dwKeyLen+1)>>1);
670 pBN_bin2bn(pbBigNum, (dwKeyLen+1)>>1, pKeyContext->rsa->iqmp);
671 pbBigNum += (dwKeyLen+1)>>1;
672 reverse_bytes(pbBigNum, dwKeyLen);
673 pBN_bin2bn(pbBigNum, dwKeyLen, pKeyContext->rsa->d);
674 pBN_set_word(pKeyContext->rsa->e, (BN_ULONG)dwPubExp);
676 HeapFree(GetProcessHeap(), 0, pbTemp);
680 SetLastError(NTE_FAIL);
projects / wine / blob