diff options
Diffstat (limited to 'OpenSSL/PKey/RSA.html')
-rw-r--r-- | OpenSSL/PKey/RSA.html | 538 |
1 files changed, 183 insertions, 355 deletions
diff --git a/OpenSSL/PKey/RSA.html b/OpenSSL/PKey/RSA.html index b9e47a43..9ef3024a 100644 --- a/OpenSSL/PKey/RSA.html +++ b/OpenSSL/PKey/RSA.html @@ -82,8 +82,6 @@ <ul class="link-list" role="directory"> <li ><a href="#method-c-generate">::generate</a> <li ><a href="#method-c-new">::new</a> - <li ><a href="#method-i-blinding_off-21">#blinding_off!</a> - <li ><a href="#method-i-blinding_on-21">#blinding_on!</a> <li ><a href="#method-i-export">#export</a> <li ><a href="#method-i-initialize_copy">#initialize_copy</a> <li ><a href="#method-i-params">#params</a> @@ -101,7 +99,6 @@ <li ><a href="#method-i-to_der">#to_der</a> <li ><a href="#method-i-to_pem">#to_pem</a> <li ><a href="#method-i-to_s">#to_s</a> - <li ><a href="#method-i-to_text">#to_text</a> <li ><a href="#method-i-verify_pss">#verify_pss</a> </ul> </div> @@ -123,6 +120,21 @@ <section id="5Buntitled-5D" class="documentation-section"> + <section class="constants-list"> + <header> + <h3>Constants</h3> + </header> + <dl> + <dt id="NO_PADDING">NO_PADDING + <dd> + <dt id="PKCS1_OAEP_PADDING">PKCS1_OAEP_PADDING + <dd> + <dt id="PKCS1_PADDING">PKCS1_PADDING + <dd> + <dt id="SSLV23_PADDING">SSLV23_PADDING + <dd> + </dl> + </section> @@ -134,40 +146,31 @@ <div id="method-c-generate" class="method-detail "> <div class="method-heading"> <span class="method-callseq"> - generate(size) → RSA instance + generate(size, exponent = 65537) → RSA </span> <span class="method-click-advice">click to toggle source</span> </div> - <div class="method-heading"> - <span class="method-callseq"> - generate(size, exponent) → RSA instance - </span> - </div> <div class="method-description"> - <p>Generates an <a href="RSA.html"><code>RSA</code></a> keypair. <em>size</em> is an integer representing the desired key size. Keys smaller than 1024 should be considered insecure. <em>exponent</em> is an odd number normally 3, 17, or 65537.</p> - - <div class="method-source-code" id="generate-source"> - <pre>static VALUE -ossl_rsa_s_generate(int argc, VALUE *argv, VALUE klass) -{ -/* why does this method exist? why can't initialize take an optional exponent? */ - RSA *rsa; - VALUE size, exp; - VALUE obj; - - rb_scan_args(argc, argv, "11", &size, &exp); + <p>Generates an RSA keypair.</p> - rsa = rsa_generate(NUM2INT(size), NIL_P(exp) ? RSA_F4 : NUM2ULONG(exp)); /* err handled by rsa_instance */ - obj = rsa_instance(klass, rsa); - - if (obj == Qfalse) { - RSA_free(rsa); - ossl_raise(eRSAError, NULL); - } +<p>See also <a href="../PKey.html#method-c-generate_key"><code>OpenSSL::PKey.generate_key</code></a>.</p> +<dl class="rdoc-list note-list"><dt><code>size</code> +<dd> +<p>The desired key size in bits.</p> +</dd><dt><code>exponent</code> +<dd> +<p>An odd <a href="../../Integer.html"><code>Integer</code></a>, normally 3, 17, or 65537.</p> +</dd></dl> - return obj; -}</pre> + <div class="method-source-code" id="generate-source"> + <pre><span class="ruby-comment"># File lib/openssl/pkey.rb, line 335</span> +<span class="ruby-keyword">def</span> <span class="ruby-identifier ruby-title">generate</span>(<span class="ruby-identifier">size</span>, <span class="ruby-identifier">exp</span> = <span class="ruby-value">0x10001</span>, <span class="ruby-operator">&</span><span class="ruby-identifier">blk</span>) + <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">PKey</span>.<span class="ruby-identifier">generate_key</span>(<span class="ruby-string">"RSA"</span>, { + <span class="ruby-string">"rsa_keygen_bits"</span> <span class="ruby-operator">=></span> <span class="ruby-identifier">size</span>, + <span class="ruby-string">"rsa_keygen_pubexp"</span> <span class="ruby-operator">=></span> <span class="ruby-identifier">exp</span>, + }, <span class="ruby-operator">&</span><span class="ruby-identifier">blk</span>) +<span class="ruby-keyword">end</span></pre> </div> </div> @@ -177,27 +180,36 @@ ossl_rsa_s_generate(int argc, VALUE *argv, VALUE klass) <div id="method-c-new" class="method-detail "> <div class="method-heading"> <span class="method-callseq"> - new(key_size) → RSA instance + new → rsa </span> <span class="method-click-advice">click to toggle source</span> </div> <div class="method-heading"> <span class="method-callseq"> - new(encoded_key) → RSA instance + new(encoded_key [, passphrase]) → rsa </span> </div> <div class="method-heading"> <span class="method-callseq"> - new(encoded_key, pass_phrase) → RSA instance + new(encoded_key) { passphrase } → rsa + </span> + </div> + <div class="method-heading"> + <span class="method-callseq"> + new(size [, exponent]) → rsa </span> </div> <div class="method-description"> - <p>Generates or loads an <a href="RSA.html"><code>RSA</code></a> keypair. If an integer <em>key_size</em> is given it represents the desired key size. Keys less than 1024 bits should be considered insecure.</p> + <p>Generates or loads an RSA keypair.</p> + +<p>If called without arguments, creates a new instance with no key components set. They can be set individually by <a href="RSA.html#method-i-set_key"><code>set_key</code></a>, <a href="RSA.html#method-i-set_factors"><code>set_factors</code></a>, and <a href="RSA.html#method-i-set_crt_params"><code>set_crt_params</code></a>.</p> -<p>A key can instead be loaded from an <em>encoded_key</em> which must be PEM or DER encoded. A <em>pass_phrase</em> can be used to decrypt the key. If none is given <a href="../../OpenSSL.html"><code>OpenSSL</code></a> will prompt for the pass phrase.</p> +<p>If called with a String, tries to parse as DER or PEM encoding of an RSA key. Note that, if <em>passphrase</em> is not specified but the key is encrypted with a passphrase, OpenSSL will prompt for it. See also <a href="../PKey.html#method-c-read"><code>OpenSSL::PKey.read</code></a> which can parse keys of any kinds.</p> -<h1 id="method-c-new-label-Examples">Examples<span><a href="#method-c-new-label-Examples">¶</a> <a href="#top">↑</a></span></h1> +<p>If called with a number, generates a new key pair. This form works as an alias of <a href="RSA.html#method-c-generate"><code>RSA.generate</code></a>.</p> + +<p>Examples:</p> <pre class="ruby"><span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">PKey</span><span class="ruby-operator">::</span><span class="ruby-constant">RSA</span>.<span class="ruby-identifier">new</span> <span class="ruby-value">2048</span> <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">PKey</span><span class="ruby-operator">::</span><span class="ruby-constant">RSA</span>.<span class="ruby-identifier">new</span> <span class="ruby-constant">File</span>.<span class="ruby-identifier">read</span> <span class="ruby-string">'rsa.pem'</span> @@ -210,52 +222,60 @@ ossl_rsa_initialize(int argc, VALUE *argv, VALUE self) { EVP_PKEY *pkey; RSA *rsa; - BIO *in; + BIO *in = NULL; VALUE arg, pass; + int type; - GetPKey(self, pkey); - if(rb_scan_args(argc, argv, "02", &arg, &pass) == 0) { + TypedData_Get_Struct(self, EVP_PKEY, &ossl_evp_pkey_type, pkey); + if (pkey) + rb_raise(rb_eTypeError, "pkey already initialized"); + + /* The RSA.new(size, generator) form is handled by lib/openssl/pkey.rb */ + rb_scan_args(argc, argv, "02", &arg, &pass); + if (argc == 0) { rsa = RSA_new(); + if (!rsa) + ossl_raise(eRSAError, "RSA_new"); + goto legacy; } - else if (RB_INTEGER_TYPE_P(arg)) { - rsa = rsa_generate(NUM2INT(arg), NIL_P(pass) ? RSA_F4 : NUM2ULONG(pass)); - if (!rsa) ossl_raise(eRSAError, NULL); - } - else { - pass = ossl_pem_passwd_value(pass); - arg = ossl_to_der_if_possible(arg); - in = ossl_obj2bio(&arg); - rsa = PEM_read_bio_RSAPrivateKey(in, NULL, ossl_pem_passwd_cb, (void *)pass); - if (!rsa) { - OSSL_BIO_reset(in); - rsa = PEM_read_bio_RSA_PUBKEY(in, NULL, NULL, NULL); - } - if (!rsa) { - OSSL_BIO_reset(in); - rsa = d2i_RSAPrivateKey_bio(in, NULL); - } - if (!rsa) { - OSSL_BIO_reset(in); - rsa = d2i_RSA_PUBKEY_bio(in, NULL); - } - if (!rsa) { - OSSL_BIO_reset(in); - rsa = PEM_read_bio_RSAPublicKey(in, NULL, NULL, NULL); - } - if (!rsa) { - OSSL_BIO_reset(in); - rsa = d2i_RSAPublicKey_bio(in, NULL); - } - BIO_free(in); - if (!rsa) { - ossl_raise(eRSAError, "Neither PUB key nor PRIV key"); - } + + pass = ossl_pem_passwd_value(pass); + arg = ossl_to_der_if_possible(arg); + in = ossl_obj2bio(&arg); + + /* First try RSAPublicKey format */ + rsa = d2i_RSAPublicKey_bio(in, NULL); + if (rsa) + goto legacy; + OSSL_BIO_reset(in); + rsa = PEM_read_bio_RSAPublicKey(in, NULL, NULL, NULL); + if (rsa) + goto legacy; + OSSL_BIO_reset(in); + + /* Use the generic routine */ + pkey = ossl_pkey_read_generic(in, pass); + BIO_free(in); + if (!pkey) + ossl_raise(eRSAError, "Neither PUB key nor PRIV key"); + + type = EVP_PKEY_base_id(pkey); + if (type != EVP_PKEY_RSA) { + EVP_PKEY_free(pkey); + rb_raise(eRSAError, "incorrect pkey type: %s", OBJ_nid2sn(type)); } - if (!EVP_PKEY_assign_RSA(pkey, rsa)) { + RTYPEDDATA_DATA(self) = pkey; + return self; + + legacy: + BIO_free(in); + pkey = EVP_PKEY_new(); + if (!pkey || EVP_PKEY_assign_RSA(pkey, rsa) != 1) { + EVP_PKEY_free(pkey); RSA_free(rsa); - ossl_raise(eRSAError, NULL); + ossl_raise(eRSAError, "EVP_PKEY_assign_RSA"); } - + RTYPEDDATA_DATA(self) = pkey; return self; }</pre> </div> @@ -271,62 +291,6 @@ ossl_rsa_initialize(int argc, VALUE *argv, VALUE self) <h3>Public Instance Methods</h3> </header> - <div id="method-i-blinding_off-21" class="method-detail "> - <div class="method-heading"> - <span class="method-name">blinding_off!</span><span - class="method-args">()</span> - <span class="method-click-advice">click to toggle source</span> - </div> - - <div class="method-description"> - - - <div class="method-source-code" id="blinding_off-21-source"> - <pre>static VALUE -ossl_rsa_blinding_off(VALUE self) -{ - RSA *rsa; - - GetRSA(self, rsa); - RSA_blinding_off(rsa); - - return self; -}</pre> - </div> - </div> - - - </div> - - <div id="method-i-blinding_on-21" class="method-detail "> - <div class="method-heading"> - <span class="method-name">blinding_on!</span><span - class="method-args">()</span> - <span class="method-click-advice">click to toggle source</span> - </div> - - <div class="method-description"> - - - <div class="method-source-code" id="blinding_on-21-source"> - <pre>static VALUE -ossl_rsa_blinding_on(VALUE self) -{ - RSA *rsa; - - GetRSA(self, rsa); - - if (RSA_blinding_on(rsa, ossl_bn_ctx) != 1) { - ossl_raise(eRSAError, NULL); - } - return self; -}</pre> - </div> - </div> - - - </div> - <div id="method-i-export" class="method-detail "> <div class="method-heading"> <span class="method-callseq"> @@ -342,41 +306,10 @@ ossl_rsa_blinding_on(VALUE self) <pre>static VALUE ossl_rsa_export(int argc, VALUE *argv, VALUE self) { - RSA *rsa; - const BIGNUM *n, *e, *d, *p, *q, *dmp1, *dmq1, *iqmp; - BIO *out; - const EVP_CIPHER *ciph = NULL; - VALUE cipher, pass, str; - - GetRSA(self, rsa); - - rb_scan_args(argc, argv, "02", &cipher, &pass); - - if (!NIL_P(cipher)) { - ciph = ossl_evp_get_cipherbyname(cipher); - pass = ossl_pem_passwd_value(pass); - } - if (!(out = BIO_new(BIO_s_mem()))) { - ossl_raise(eRSAError, NULL); - } - RSA_get0_key(rsa, &n, &e, &d); - RSA_get0_factors(rsa, &p, &q); - RSA_get0_crt_params(rsa, &dmp1, &dmq1, &iqmp); - if (n && e && d && p && q && dmp1 && dmq1 && iqmp) { - if (!PEM_write_bio_RSAPrivateKey(out, rsa, ciph, NULL, 0, - ossl_pem_passwd_cb, (void *)pass)) { - BIO_free(out); - ossl_raise(eRSAError, NULL); - } - } else { - if (!PEM_write_bio_RSA_PUBKEY(out, rsa)) { - BIO_free(out); - ossl_raise(eRSAError, NULL); - } - } - str = ossl_membio2str(out); - - return str; + if (can_export_rsaprivatekey(self)) + return ossl_pkey_export_traditional(argc, argv, self, 0); + else + return ossl_pkey_export_spki(self, 0); }</pre> </div> </div> @@ -404,16 +337,23 @@ ossl_rsa_initialize_copy(VALUE self, VALUE other) EVP_PKEY *pkey; RSA *rsa, *rsa_new; - GetPKey(self, pkey); - if (EVP_PKEY_base_id(pkey) != EVP_PKEY_NONE) - ossl_raise(eRSAError, "RSA already initialized"); + TypedData_Get_Struct(self, EVP_PKEY, &ossl_evp_pkey_type, pkey); + if (pkey) + rb_raise(rb_eTypeError, "pkey already initialized"); GetRSA(other, rsa); - rsa_new = ASN1_dup((i2d_of_void *)i2d_RSAPrivateKey, (d2i_of_void *)d2i_RSAPrivateKey, (char *)rsa); + rsa_new = (RSA *)ASN1_dup((i2d_of_void *)i2d_RSAPrivateKey, + (d2i_of_void *)d2i_RSAPrivateKey, + (char *)rsa); if (!rsa_new) ossl_raise(eRSAError, "ASN1_dup"); - EVP_PKEY_assign_RSA(pkey, rsa_new); + pkey = EVP_PKEY_new(); + if (!pkey || EVP_PKEY_assign_RSA(pkey, rsa_new) != 1) { + RSA_free(rsa_new); + ossl_raise(eRSAError, "EVP_PKEY_assign_RSA"); + } + RTYPEDDATA_DATA(self) = pkey; return self; }</pre> @@ -510,34 +450,23 @@ ossl_rsa_is_private(VALUE self) </div> <div class="method-description"> - <p>Decrypt <em>string</em>, which has been encrypted with the public key, with the private key. <em>padding</em> defaults to PKCS1_PADDING.</p> + <p>Decrypt <code>string</code>, which has been encrypted with the public key, with the private key. <code>padding</code> defaults to <a href="RSA.html#PKCS1_PADDING"><code>PKCS1_PADDING</code></a>.</p> - <div class="method-source-code" id="private_decrypt-source"> - <pre>static VALUE -ossl_rsa_private_decrypt(int argc, VALUE *argv, VALUE self) -{ - RSA *rsa; - const BIGNUM *rsa_n; - int buf_len, pad; - VALUE str, buffer, padding; +<p><strong>Deprecated in version 3.0</strong>. Consider using <a href="PKey.html#method-i-encrypt"><code>PKey::PKey#encrypt</code></a> and <a href="PKey.html#method-i-decrypt"><code>PKey::PKey#decrypt</code></a> instead.</p> - GetRSA(self, rsa); - RSA_get0_key(rsa, &rsa_n, NULL, NULL); - if (!rsa_n) - ossl_raise(eRSAError, "incomplete RSA"); - if (!RSA_PRIVATE(self, rsa)) - ossl_raise(eRSAError, "private key needed."); - rb_scan_args(argc, argv, "11", &buffer, &padding); - pad = (argc == 1) ? RSA_PKCS1_PADDING : NUM2INT(padding); - StringValue(buffer); - str = rb_str_new(0, RSA_size(rsa)); - buf_len = RSA_private_decrypt(RSTRING_LENINT(buffer), (unsigned char *)RSTRING_PTR(buffer), - (unsigned char *)RSTRING_PTR(str), rsa, pad); - if (buf_len < 0) ossl_raise(eRSAError, NULL); - rb_str_set_len(str, buf_len); - - return str; -}</pre> + <div class="method-source-code" id="private_decrypt-source"> + <pre><span class="ruby-comment"># File lib/openssl/pkey.rb, line 427</span> +<span class="ruby-keyword">def</span> <span class="ruby-identifier ruby-title">private_decrypt</span>(<span class="ruby-identifier">data</span>, <span class="ruby-identifier">padding</span> = <span class="ruby-constant">PKCS1_PADDING</span>) + <span class="ruby-identifier">n</span> <span class="ruby-keyword">or</span> <span class="ruby-identifier">raise</span> <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">PKey</span><span class="ruby-operator">::</span><span class="ruby-constant">RSAError</span>, <span class="ruby-string">"incomplete RSA"</span> + <span class="ruby-identifier">private?</span> <span class="ruby-keyword">or</span> <span class="ruby-identifier">raise</span> <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">PKey</span><span class="ruby-operator">::</span><span class="ruby-constant">RSAError</span>, <span class="ruby-string">"private key needed."</span> + <span class="ruby-keyword">begin</span> + <span class="ruby-identifier">decrypt</span>(<span class="ruby-identifier">data</span>, { + <span class="ruby-string">"rsa_padding_mode"</span> <span class="ruby-operator">=></span> <span class="ruby-identifier">translate_padding_mode</span>(<span class="ruby-identifier">padding</span>), + }) + <span class="ruby-keyword">rescue</span> <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">PKey</span><span class="ruby-operator">::</span><span class="ruby-constant">PKeyError</span> + <span class="ruby-identifier">raise</span> <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">PKey</span><span class="ruby-operator">::</span><span class="ruby-constant">RSAError</span>, <span class="ruby-identifier">$!</span>.<span class="ruby-identifier">message</span> + <span class="ruby-keyword">end</span> +<span class="ruby-keyword">end</span></pre> </div> </div> @@ -558,34 +487,23 @@ ossl_rsa_private_decrypt(int argc, VALUE *argv, VALUE self) </div> <div class="method-description"> - <p>Encrypt <em>string</em> with the private key. <em>padding</em> defaults to PKCS1_PADDING. The encrypted string output can be decrypted using <a href="RSA.html#method-i-public_decrypt"><code>public_decrypt</code></a>.</p> + <p>Encrypt <code>string</code> with the private key. <code>padding</code> defaults to <a href="RSA.html#PKCS1_PADDING"><code>PKCS1_PADDING</code></a>. The encrypted string output can be decrypted using <a href="RSA.html#method-i-public_decrypt"><code>public_decrypt</code></a>.</p> - <div class="method-source-code" id="private_encrypt-source"> - <pre>static VALUE -ossl_rsa_private_encrypt(int argc, VALUE *argv, VALUE self) -{ - RSA *rsa; - const BIGNUM *rsa_n; - int buf_len, pad; - VALUE str, buffer, padding; +<p><strong>Deprecated in version 3.0</strong>. Consider using <a href="PKey.html#method-i-sign_raw"><code>PKey::PKey#sign_raw</code></a> and <a href="PKey.html#method-i-verify_raw"><code>PKey::PKey#verify_raw</code></a>, and <a href="PKey.html#method-i-verify_recover"><code>PKey::PKey#verify_recover</code></a> instead.</p> - GetRSA(self, rsa); - RSA_get0_key(rsa, &rsa_n, NULL, NULL); - if (!rsa_n) - ossl_raise(eRSAError, "incomplete RSA"); - if (!RSA_PRIVATE(self, rsa)) - ossl_raise(eRSAError, "private key needed."); - rb_scan_args(argc, argv, "11", &buffer, &padding); - pad = (argc == 1) ? RSA_PKCS1_PADDING : NUM2INT(padding); - StringValue(buffer); - str = rb_str_new(0, RSA_size(rsa)); - buf_len = RSA_private_encrypt(RSTRING_LENINT(buffer), (unsigned char *)RSTRING_PTR(buffer), - (unsigned char *)RSTRING_PTR(str), rsa, pad); - if (buf_len < 0) ossl_raise(eRSAError, NULL); - rb_str_set_len(str, buf_len); - - return str; -}</pre> + <div class="method-source-code" id="private_encrypt-source"> + <pre><span class="ruby-comment"># File lib/openssl/pkey.rb, line 364</span> +<span class="ruby-keyword">def</span> <span class="ruby-identifier ruby-title">private_encrypt</span>(<span class="ruby-identifier">string</span>, <span class="ruby-identifier">padding</span> = <span class="ruby-constant">PKCS1_PADDING</span>) + <span class="ruby-identifier">n</span> <span class="ruby-keyword">or</span> <span class="ruby-identifier">raise</span> <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">PKey</span><span class="ruby-operator">::</span><span class="ruby-constant">RSAError</span>, <span class="ruby-string">"incomplete RSA"</span> + <span class="ruby-identifier">private?</span> <span class="ruby-keyword">or</span> <span class="ruby-identifier">raise</span> <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">PKey</span><span class="ruby-operator">::</span><span class="ruby-constant">RSAError</span>, <span class="ruby-string">"private key needed."</span> + <span class="ruby-keyword">begin</span> + <span class="ruby-identifier">sign_raw</span>(<span class="ruby-keyword">nil</span>, <span class="ruby-identifier">string</span>, { + <span class="ruby-string">"rsa_padding_mode"</span> <span class="ruby-operator">=></span> <span class="ruby-identifier">translate_padding_mode</span>(<span class="ruby-identifier">padding</span>), + }) + <span class="ruby-keyword">rescue</span> <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">PKey</span><span class="ruby-operator">::</span><span class="ruby-constant">PKeyError</span> + <span class="ruby-identifier">raise</span> <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">PKey</span><span class="ruby-operator">::</span><span class="ruby-constant">RSAError</span>, <span class="ruby-identifier">$!</span>.<span class="ruby-identifier">message</span> + <span class="ruby-keyword">end</span> +<span class="ruby-keyword">end</span></pre> </div> </div> @@ -636,32 +554,22 @@ ossl_rsa_is_public(VALUE self) </div> <div class="method-description"> - <p>Decrypt <em>string</em>, which has been encrypted with the private key, with the public key. <em>padding</em> defaults to PKCS1_PADDING.</p> + <p>Decrypt <code>string</code>, which has been encrypted with the private key, with the public key. <code>padding</code> defaults to <a href="RSA.html#PKCS1_PADDING"><code>PKCS1_PADDING</code></a>.</p> - <div class="method-source-code" id="public_decrypt-source"> - <pre>static VALUE -ossl_rsa_public_decrypt(int argc, VALUE *argv, VALUE self) -{ - RSA *rsa; - const BIGNUM *rsa_n; - int buf_len, pad; - VALUE str, buffer, padding; +<p><strong>Deprecated in version 3.0</strong>. Consider using <a href="PKey.html#method-i-sign_raw"><code>PKey::PKey#sign_raw</code></a> and <a href="PKey.html#method-i-verify_raw"><code>PKey::PKey#verify_raw</code></a>, and <a href="PKey.html#method-i-verify_recover"><code>PKey::PKey#verify_recover</code></a> instead.</p> - GetRSA(self, rsa); - RSA_get0_key(rsa, &rsa_n, NULL, NULL); - if (!rsa_n) - ossl_raise(eRSAError, "incomplete RSA"); - rb_scan_args(argc, argv, "11", &buffer, &padding); - pad = (argc == 1) ? RSA_PKCS1_PADDING : NUM2INT(padding); - StringValue(buffer); - str = rb_str_new(0, RSA_size(rsa)); - buf_len = RSA_public_decrypt(RSTRING_LENINT(buffer), (unsigned char *)RSTRING_PTR(buffer), - (unsigned char *)RSTRING_PTR(str), rsa, pad); - if (buf_len < 0) ossl_raise(eRSAError, NULL); - rb_str_set_len(str, buf_len); - - return str; -}</pre> + <div class="method-source-code" id="public_decrypt-source"> + <pre><span class="ruby-comment"># File lib/openssl/pkey.rb, line 386</span> +<span class="ruby-keyword">def</span> <span class="ruby-identifier ruby-title">public_decrypt</span>(<span class="ruby-identifier">string</span>, <span class="ruby-identifier">padding</span> = <span class="ruby-constant">PKCS1_PADDING</span>) + <span class="ruby-identifier">n</span> <span class="ruby-keyword">or</span> <span class="ruby-identifier">raise</span> <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">PKey</span><span class="ruby-operator">::</span><span class="ruby-constant">RSAError</span>, <span class="ruby-string">"incomplete RSA"</span> + <span class="ruby-keyword">begin</span> + <span class="ruby-identifier">verify_recover</span>(<span class="ruby-keyword">nil</span>, <span class="ruby-identifier">string</span>, { + <span class="ruby-string">"rsa_padding_mode"</span> <span class="ruby-operator">=></span> <span class="ruby-identifier">translate_padding_mode</span>(<span class="ruby-identifier">padding</span>), + }) + <span class="ruby-keyword">rescue</span> <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">PKey</span><span class="ruby-operator">::</span><span class="ruby-constant">PKeyError</span> + <span class="ruby-identifier">raise</span> <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">PKey</span><span class="ruby-operator">::</span><span class="ruby-constant">RSAError</span>, <span class="ruby-identifier">$!</span>.<span class="ruby-identifier">message</span> + <span class="ruby-keyword">end</span> +<span class="ruby-keyword">end</span></pre> </div> </div> @@ -682,32 +590,22 @@ ossl_rsa_public_decrypt(int argc, VALUE *argv, VALUE self) </div> <div class="method-description"> - <p>Encrypt <em>string</em> with the public key. <em>padding</em> defaults to PKCS1_PADDING. The encrypted string output can be decrypted using <a href="RSA.html#method-i-private_decrypt"><code>private_decrypt</code></a>.</p> + <p>Encrypt <code>string</code> with the public key. <code>padding</code> defaults to <a href="RSA.html#PKCS1_PADDING"><code>PKCS1_PADDING</code></a>. The encrypted string output can be decrypted using <a href="RSA.html#method-i-private_decrypt"><code>private_decrypt</code></a>.</p> - <div class="method-source-code" id="public_encrypt-source"> - <pre>static VALUE -ossl_rsa_public_encrypt(int argc, VALUE *argv, VALUE self) -{ - RSA *rsa; - const BIGNUM *rsa_n; - int buf_len, pad; - VALUE str, buffer, padding; +<p><strong>Deprecated in version 3.0</strong>. Consider using <a href="PKey.html#method-i-encrypt"><code>PKey::PKey#encrypt</code></a> and <a href="PKey.html#method-i-decrypt"><code>PKey::PKey#decrypt</code></a> instead.</p> - GetRSA(self, rsa); - RSA_get0_key(rsa, &rsa_n, NULL, NULL); - if (!rsa_n) - ossl_raise(eRSAError, "incomplete RSA"); - rb_scan_args(argc, argv, "11", &buffer, &padding); - pad = (argc == 1) ? RSA_PKCS1_PADDING : NUM2INT(padding); - StringValue(buffer); - str = rb_str_new(0, RSA_size(rsa)); - buf_len = RSA_public_encrypt(RSTRING_LENINT(buffer), (unsigned char *)RSTRING_PTR(buffer), - (unsigned char *)RSTRING_PTR(str), rsa, pad); - if (buf_len < 0) ossl_raise(eRSAError, NULL); - rb_str_set_len(str, buf_len); - - return str; -}</pre> + <div class="method-source-code" id="public_encrypt-source"> + <pre><span class="ruby-comment"># File lib/openssl/pkey.rb, line 407</span> +<span class="ruby-keyword">def</span> <span class="ruby-identifier ruby-title">public_encrypt</span>(<span class="ruby-identifier">data</span>, <span class="ruby-identifier">padding</span> = <span class="ruby-constant">PKCS1_PADDING</span>) + <span class="ruby-identifier">n</span> <span class="ruby-keyword">or</span> <span class="ruby-identifier">raise</span> <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">PKey</span><span class="ruby-operator">::</span><span class="ruby-constant">RSAError</span>, <span class="ruby-string">"incomplete RSA"</span> + <span class="ruby-keyword">begin</span> + <span class="ruby-identifier">encrypt</span>(<span class="ruby-identifier">data</span>, { + <span class="ruby-string">"rsa_padding_mode"</span> <span class="ruby-operator">=></span> <span class="ruby-identifier">translate_padding_mode</span>(<span class="ruby-identifier">padding</span>), + }) + <span class="ruby-keyword">rescue</span> <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">PKey</span><span class="ruby-operator">::</span><span class="ruby-constant">PKeyError</span> + <span class="ruby-identifier">raise</span> <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">PKey</span><span class="ruby-operator">::</span><span class="ruby-constant">RSAError</span>, <span class="ruby-identifier">$!</span>.<span class="ruby-identifier">message</span> + <span class="ruby-keyword">end</span> +<span class="ruby-keyword">end</span></pre> </div> </div> @@ -717,32 +615,23 @@ ossl_rsa_public_encrypt(int argc, VALUE *argv, VALUE self) <div id="method-i-public_key" class="method-detail "> <div class="method-heading"> <span class="method-callseq"> - public_key → RSA + public_key → rsanew </span> <span class="method-click-advice">click to toggle source</span> </div> <div class="method-description"> - <p>Makes new <a href="RSA.html"><code>RSA</code></a> instance containing the public key from the private key.</p> + <p>Returns a new <a href="RSA.html"><code>RSA</code></a> instance that carries just the public key components.</p> - <div class="method-source-code" id="public_key-source"> - <pre>static VALUE -ossl_rsa_to_public_key(VALUE self) -{ - EVP_PKEY *pkey; - RSA *rsa; - VALUE obj; +<p>This method is provided for backwards compatibility. In most cases, there is no need to call this method.</p> - GetPKeyRSA(self, pkey); - /* err check performed by rsa_instance */ - rsa = RSAPublicKey_dup(EVP_PKEY_get0_RSA(pkey)); - obj = rsa_instance(rb_obj_class(self), rsa); - if (obj == Qfalse) { - RSA_free(rsa); - ossl_raise(eRSAError, NULL); - } - return obj; -}</pre> +<p>For the purpose of serializing the public key, to PEM or DER encoding of X.509 SubjectPublicKeyInfo format, check <a href="PKey.html#method-i-public_to_pem"><code>PKey#public_to_pem</code></a> and <a href="PKey.html#method-i-public_to_der"><code>PKey#public_to_der</code></a>.</p> + + <div class="method-source-code" id="public_key-source"> + <pre><span class="ruby-comment"># File lib/openssl/pkey.rb, line 319</span> +<span class="ruby-keyword">def</span> <span class="ruby-identifier ruby-title">public_key</span> + <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">PKey</span>.<span class="ruby-identifier">read</span>(<span class="ruby-identifier">public_to_der</span>) +<span class="ruby-keyword">end</span></pre> </div> </div> @@ -829,7 +718,7 @@ ossl_rsa_to_public_key(VALUE self) <pre class="ruby"><span class="ruby-identifier">data</span> = <span class="ruby-string">"Sign me!"</span> <span class="ruby-identifier">pkey</span> = <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">PKey</span><span class="ruby-operator">::</span><span class="ruby-constant">RSA</span>.<span class="ruby-identifier">new</span>(<span class="ruby-value">2048</span>) <span class="ruby-identifier">signature</span> = <span class="ruby-identifier">pkey</span>.<span class="ruby-identifier">sign_pss</span>(<span class="ruby-string">"SHA256"</span>, <span class="ruby-identifier">data</span>, <span class="ruby-value">salt_length:</span> <span class="ruby-value">:max</span>, <span class="ruby-value">mgf1_hash:</span> <span class="ruby-string">"SHA256"</span>) -<span class="ruby-identifier">pub_key</span> = <span class="ruby-identifier">pkey</span>.<span class="ruby-identifier">public_key</span> +<span class="ruby-identifier">pub_key</span> = <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">PKey</span>.<span class="ruby-identifier">read</span>(<span class="ruby-identifier">pkey</span>.<span class="ruby-identifier">public_to_der</span>) <span class="ruby-identifier">puts</span> <span class="ruby-identifier">pub_key</span>.<span class="ruby-identifier">verify_pss</span>(<span class="ruby-string">"SHA256"</span>, <span class="ruby-identifier">signature</span>, <span class="ruby-identifier">data</span>, <span class="ruby-value">salt_length:</span> <span class="ruby-value">:auto</span>, <span class="ruby-value">mgf1_hash:</span> <span class="ruby-string">"SHA256"</span>) <span class="ruby-comment"># => true</span> </pre> @@ -919,30 +808,10 @@ ossl_rsa_sign_pss(int argc, VALUE *argv, VALUE self) <pre>static VALUE ossl_rsa_to_der(VALUE self) { - RSA *rsa; - const BIGNUM *n, *e, *d, *p, *q, *dmp1, *dmq1, *iqmp; - int (*i2d_func)(const RSA *, unsigned char **); - unsigned char *ptr; - long len; - VALUE str; - - GetRSA(self, rsa); - RSA_get0_key(rsa, &n, &e, &d); - RSA_get0_factors(rsa, &p, &q); - RSA_get0_crt_params(rsa, &dmp1, &dmq1, &iqmp); - if (n && e && d && p && q && dmp1 && dmq1 && iqmp) - i2d_func = i2d_RSAPrivateKey; + if (can_export_rsaprivatekey(self)) + return ossl_pkey_export_traditional(0, NULL, self, 1); else - i2d_func = (int (*)(const RSA *, unsigned char **))i2d_RSA_PUBKEY; - if((len = i2d_func(rsa, NULL)) <= 0) - ossl_raise(eRSAError, NULL); - str = rb_str_new(0, len); - ptr = (unsigned char *)RSTRING_PTR(str); - if(i2d_func(rsa, &ptr) < 0) - ossl_raise(eRSAError, NULL); - ossl_str_adjust(str, ptr); - - return str; + return ossl_pkey_export_spki(self, 1); }</pre> </div> </div> @@ -986,47 +855,6 @@ ossl_rsa_to_der(VALUE self) </div> </div> - <div id="method-i-to_text" class="method-detail "> - <div class="method-heading"> - <span class="method-callseq"> - to_text → String - </span> - <span class="method-click-advice">click to toggle source</span> - </div> - - <div class="method-description"> - <p>THIS METHOD IS INSECURE, PRIVATE INFORMATION CAN LEAK OUT!!!</p> - -<p>Dumps all parameters of a keypair to a String</p> - -<p>Don’t use :-)) (It’s up to you)</p> - - <div class="method-source-code" id="to_text-source"> - <pre>static VALUE -ossl_rsa_to_text(VALUE self) -{ - RSA *rsa; - BIO *out; - VALUE str; - - GetRSA(self, rsa); - if (!(out = BIO_new(BIO_s_mem()))) { - ossl_raise(eRSAError, NULL); - } - if (!RSA_print(out, rsa, 0)) { /* offset = 0 */ - BIO_free(out); - ossl_raise(eRSAError, NULL); - } - str = ossl_membio2str(out); - - return str; -}</pre> - </div> - </div> - - - </div> - <div id="method-i-verify_pss" class="method-detail "> <div class="method-heading"> <span class="method-callseq"> |