dsa_ameth.c 14 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574
  1. /*
  2. * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
  3. *
  4. * Licensed under the Apache License 2.0 (the "License"). You may not use
  5. * this file except in compliance with the License. You can obtain a copy
  6. * in the file LICENSE in the source distribution or at
  7. * https://www.openssl.org/source/license.html
  8. */
  9. #include <stdio.h>
  10. #include "internal/cryptlib.h"
  11. #include <openssl/x509.h>
  12. #include <openssl/asn1.h>
  13. #include "dsa_locl.h"
  14. #include <openssl/bn.h>
  15. #include <openssl/cms.h>
  16. #include "internal/asn1_int.h"
  17. #include "internal/evp_int.h"
  18. static int dsa_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey)
  19. {
  20. const unsigned char *p, *pm;
  21. int pklen, pmlen;
  22. int ptype;
  23. const void *pval;
  24. const ASN1_STRING *pstr;
  25. X509_ALGOR *palg;
  26. ASN1_INTEGER *public_key = NULL;
  27. DSA *dsa = NULL;
  28. if (!X509_PUBKEY_get0_param(NULL, &p, &pklen, &palg, pubkey))
  29. return 0;
  30. X509_ALGOR_get0(NULL, &ptype, &pval, palg);
  31. if (ptype == V_ASN1_SEQUENCE) {
  32. pstr = pval;
  33. pm = pstr->data;
  34. pmlen = pstr->length;
  35. if ((dsa = d2i_DSAparams(NULL, &pm, pmlen)) == NULL) {
  36. DSAerr(DSA_F_DSA_PUB_DECODE, DSA_R_DECODE_ERROR);
  37. goto err;
  38. }
  39. } else if ((ptype == V_ASN1_NULL) || (ptype == V_ASN1_UNDEF)) {
  40. if ((dsa = DSA_new()) == NULL) {
  41. DSAerr(DSA_F_DSA_PUB_DECODE, ERR_R_MALLOC_FAILURE);
  42. goto err;
  43. }
  44. } else {
  45. DSAerr(DSA_F_DSA_PUB_DECODE, DSA_R_PARAMETER_ENCODING_ERROR);
  46. goto err;
  47. }
  48. if ((public_key = d2i_ASN1_INTEGER(NULL, &p, pklen)) == NULL) {
  49. DSAerr(DSA_F_DSA_PUB_DECODE, DSA_R_DECODE_ERROR);
  50. goto err;
  51. }
  52. if ((dsa->pub_key = ASN1_INTEGER_to_BN(public_key, NULL)) == NULL) {
  53. DSAerr(DSA_F_DSA_PUB_DECODE, DSA_R_BN_DECODE_ERROR);
  54. goto err;
  55. }
  56. ASN1_INTEGER_free(public_key);
  57. EVP_PKEY_assign_DSA(pkey, dsa);
  58. return 1;
  59. err:
  60. ASN1_INTEGER_free(public_key);
  61. DSA_free(dsa);
  62. return 0;
  63. }
  64. static int dsa_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey)
  65. {
  66. DSA *dsa;
  67. int ptype;
  68. unsigned char *penc = NULL;
  69. int penclen;
  70. ASN1_STRING *str = NULL;
  71. ASN1_INTEGER *pubint = NULL;
  72. ASN1_OBJECT *aobj;
  73. dsa = pkey->pkey.dsa;
  74. if (pkey->save_parameters && dsa->p && dsa->q && dsa->g) {
  75. str = ASN1_STRING_new();
  76. if (str == NULL) {
  77. DSAerr(DSA_F_DSA_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
  78. goto err;
  79. }
  80. str->length = i2d_DSAparams(dsa, &str->data);
  81. if (str->length <= 0) {
  82. DSAerr(DSA_F_DSA_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
  83. goto err;
  84. }
  85. ptype = V_ASN1_SEQUENCE;
  86. } else
  87. ptype = V_ASN1_UNDEF;
  88. pubint = BN_to_ASN1_INTEGER(dsa->pub_key, NULL);
  89. if (pubint == NULL) {
  90. DSAerr(DSA_F_DSA_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
  91. goto err;
  92. }
  93. penclen = i2d_ASN1_INTEGER(pubint, &penc);
  94. ASN1_INTEGER_free(pubint);
  95. if (penclen <= 0) {
  96. DSAerr(DSA_F_DSA_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
  97. goto err;
  98. }
  99. aobj = OBJ_nid2obj(EVP_PKEY_DSA);
  100. if (aobj == NULL)
  101. goto err;
  102. if (X509_PUBKEY_set0_param(pk, aobj, ptype, str, penc, penclen))
  103. return 1;
  104. err:
  105. OPENSSL_free(penc);
  106. ASN1_STRING_free(str);
  107. return 0;
  108. }
  109. /*
  110. * In PKCS#8 DSA: you just get a private key integer and parameters in the
  111. * AlgorithmIdentifier the pubkey must be recalculated.
  112. */
  113. static int dsa_priv_decode(EVP_PKEY *pkey, const PKCS8_PRIV_KEY_INFO *p8)
  114. {
  115. const unsigned char *p, *pm;
  116. int pklen, pmlen;
  117. int ptype;
  118. const void *pval;
  119. const ASN1_STRING *pstr;
  120. const X509_ALGOR *palg;
  121. ASN1_INTEGER *privkey = NULL;
  122. BN_CTX *ctx = NULL;
  123. DSA *dsa = NULL;
  124. int ret = 0;
  125. if (!PKCS8_pkey_get0(NULL, &p, &pklen, &palg, p8))
  126. return 0;
  127. X509_ALGOR_get0(NULL, &ptype, &pval, palg);
  128. if ((privkey = d2i_ASN1_INTEGER(NULL, &p, pklen)) == NULL)
  129. goto decerr;
  130. if (privkey->type == V_ASN1_NEG_INTEGER || ptype != V_ASN1_SEQUENCE)
  131. goto decerr;
  132. pstr = pval;
  133. pm = pstr->data;
  134. pmlen = pstr->length;
  135. if ((dsa = d2i_DSAparams(NULL, &pm, pmlen)) == NULL)
  136. goto decerr;
  137. /* We have parameters now set private key */
  138. if ((dsa->priv_key = BN_secure_new()) == NULL
  139. || !ASN1_INTEGER_to_BN(privkey, dsa->priv_key)) {
  140. DSAerr(DSA_F_DSA_PRIV_DECODE, DSA_R_BN_ERROR);
  141. goto dsaerr;
  142. }
  143. /* Calculate public key */
  144. if ((dsa->pub_key = BN_new()) == NULL) {
  145. DSAerr(DSA_F_DSA_PRIV_DECODE, ERR_R_MALLOC_FAILURE);
  146. goto dsaerr;
  147. }
  148. if ((ctx = BN_CTX_new()) == NULL) {
  149. DSAerr(DSA_F_DSA_PRIV_DECODE, ERR_R_MALLOC_FAILURE);
  150. goto dsaerr;
  151. }
  152. BN_set_flags(dsa->priv_key, BN_FLG_CONSTTIME);
  153. if (!BN_mod_exp(dsa->pub_key, dsa->g, dsa->priv_key, dsa->p, ctx)) {
  154. DSAerr(DSA_F_DSA_PRIV_DECODE, DSA_R_BN_ERROR);
  155. goto dsaerr;
  156. }
  157. EVP_PKEY_assign_DSA(pkey, dsa);
  158. ret = 1;
  159. goto done;
  160. decerr:
  161. DSAerr(DSA_F_DSA_PRIV_DECODE, DSA_R_DECODE_ERROR);
  162. dsaerr:
  163. DSA_free(dsa);
  164. done:
  165. BN_CTX_free(ctx);
  166. ASN1_STRING_clear_free(privkey);
  167. return ret;
  168. }
  169. static int dsa_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey)
  170. {
  171. ASN1_STRING *params = NULL;
  172. ASN1_INTEGER *prkey = NULL;
  173. unsigned char *dp = NULL;
  174. int dplen;
  175. if (!pkey->pkey.dsa || !pkey->pkey.dsa->priv_key) {
  176. DSAerr(DSA_F_DSA_PRIV_ENCODE, DSA_R_MISSING_PARAMETERS);
  177. goto err;
  178. }
  179. params = ASN1_STRING_new();
  180. if (params == NULL) {
  181. DSAerr(DSA_F_DSA_PRIV_ENCODE, ERR_R_MALLOC_FAILURE);
  182. goto err;
  183. }
  184. params->length = i2d_DSAparams(pkey->pkey.dsa, &params->data);
  185. if (params->length <= 0) {
  186. DSAerr(DSA_F_DSA_PRIV_ENCODE, ERR_R_MALLOC_FAILURE);
  187. goto err;
  188. }
  189. params->type = V_ASN1_SEQUENCE;
  190. /* Get private key into integer */
  191. prkey = BN_to_ASN1_INTEGER(pkey->pkey.dsa->priv_key, NULL);
  192. if (!prkey) {
  193. DSAerr(DSA_F_DSA_PRIV_ENCODE, DSA_R_BN_ERROR);
  194. goto err;
  195. }
  196. dplen = i2d_ASN1_INTEGER(prkey, &dp);
  197. ASN1_STRING_clear_free(prkey);
  198. prkey = NULL;
  199. if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(NID_dsa), 0,
  200. V_ASN1_SEQUENCE, params, dp, dplen))
  201. goto err;
  202. return 1;
  203. err:
  204. OPENSSL_free(dp);
  205. ASN1_STRING_free(params);
  206. ASN1_STRING_clear_free(prkey);
  207. return 0;
  208. }
  209. static int int_dsa_size(const EVP_PKEY *pkey)
  210. {
  211. return DSA_size(pkey->pkey.dsa);
  212. }
  213. static int dsa_bits(const EVP_PKEY *pkey)
  214. {
  215. return DSA_bits(pkey->pkey.dsa);
  216. }
  217. static int dsa_security_bits(const EVP_PKEY *pkey)
  218. {
  219. return DSA_security_bits(pkey->pkey.dsa);
  220. }
  221. static int dsa_missing_parameters(const EVP_PKEY *pkey)
  222. {
  223. DSA *dsa;
  224. dsa = pkey->pkey.dsa;
  225. if (dsa == NULL || dsa->p == NULL || dsa->q == NULL || dsa->g == NULL)
  226. return 1;
  227. return 0;
  228. }
  229. static int dsa_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from)
  230. {
  231. BIGNUM *a;
  232. if (to->pkey.dsa == NULL) {
  233. to->pkey.dsa = DSA_new();
  234. if (to->pkey.dsa == NULL)
  235. return 0;
  236. }
  237. if ((a = BN_dup(from->pkey.dsa->p)) == NULL)
  238. return 0;
  239. BN_free(to->pkey.dsa->p);
  240. to->pkey.dsa->p = a;
  241. if ((a = BN_dup(from->pkey.dsa->q)) == NULL)
  242. return 0;
  243. BN_free(to->pkey.dsa->q);
  244. to->pkey.dsa->q = a;
  245. if ((a = BN_dup(from->pkey.dsa->g)) == NULL)
  246. return 0;
  247. BN_free(to->pkey.dsa->g);
  248. to->pkey.dsa->g = a;
  249. return 1;
  250. }
  251. static int dsa_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b)
  252. {
  253. if (BN_cmp(a->pkey.dsa->p, b->pkey.dsa->p) ||
  254. BN_cmp(a->pkey.dsa->q, b->pkey.dsa->q) ||
  255. BN_cmp(a->pkey.dsa->g, b->pkey.dsa->g))
  256. return 0;
  257. else
  258. return 1;
  259. }
  260. static int dsa_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b)
  261. {
  262. if (BN_cmp(b->pkey.dsa->pub_key, a->pkey.dsa->pub_key) != 0)
  263. return 0;
  264. else
  265. return 1;
  266. }
  267. static void int_dsa_free(EVP_PKEY *pkey)
  268. {
  269. DSA_free(pkey->pkey.dsa);
  270. }
  271. static int do_dsa_print(BIO *bp, const DSA *x, int off, int ptype)
  272. {
  273. int ret = 0;
  274. const char *ktype = NULL;
  275. const BIGNUM *priv_key, *pub_key;
  276. if (ptype == 2)
  277. priv_key = x->priv_key;
  278. else
  279. priv_key = NULL;
  280. if (ptype > 0)
  281. pub_key = x->pub_key;
  282. else
  283. pub_key = NULL;
  284. if (ptype == 2)
  285. ktype = "Private-Key";
  286. else if (ptype == 1)
  287. ktype = "Public-Key";
  288. else
  289. ktype = "DSA-Parameters";
  290. if (priv_key) {
  291. if (!BIO_indent(bp, off, 128))
  292. goto err;
  293. if (BIO_printf(bp, "%s: (%d bit)\n", ktype, BN_num_bits(x->p))
  294. <= 0)
  295. goto err;
  296. }
  297. if (!ASN1_bn_print(bp, "priv:", priv_key, NULL, off))
  298. goto err;
  299. if (!ASN1_bn_print(bp, "pub: ", pub_key, NULL, off))
  300. goto err;
  301. if (!ASN1_bn_print(bp, "P: ", x->p, NULL, off))
  302. goto err;
  303. if (!ASN1_bn_print(bp, "Q: ", x->q, NULL, off))
  304. goto err;
  305. if (!ASN1_bn_print(bp, "G: ", x->g, NULL, off))
  306. goto err;
  307. ret = 1;
  308. err:
  309. return ret;
  310. }
  311. static int dsa_param_decode(EVP_PKEY *pkey,
  312. const unsigned char **pder, int derlen)
  313. {
  314. DSA *dsa;
  315. if ((dsa = d2i_DSAparams(NULL, pder, derlen)) == NULL) {
  316. DSAerr(DSA_F_DSA_PARAM_DECODE, ERR_R_DSA_LIB);
  317. return 0;
  318. }
  319. EVP_PKEY_assign_DSA(pkey, dsa);
  320. return 1;
  321. }
  322. static int dsa_param_encode(const EVP_PKEY *pkey, unsigned char **pder)
  323. {
  324. return i2d_DSAparams(pkey->pkey.dsa, pder);
  325. }
  326. static int dsa_param_print(BIO *bp, const EVP_PKEY *pkey, int indent,
  327. ASN1_PCTX *ctx)
  328. {
  329. return do_dsa_print(bp, pkey->pkey.dsa, indent, 0);
  330. }
  331. static int dsa_pub_print(BIO *bp, const EVP_PKEY *pkey, int indent,
  332. ASN1_PCTX *ctx)
  333. {
  334. return do_dsa_print(bp, pkey->pkey.dsa, indent, 1);
  335. }
  336. static int dsa_priv_print(BIO *bp, const EVP_PKEY *pkey, int indent,
  337. ASN1_PCTX *ctx)
  338. {
  339. return do_dsa_print(bp, pkey->pkey.dsa, indent, 2);
  340. }
  341. static int old_dsa_priv_decode(EVP_PKEY *pkey,
  342. const unsigned char **pder, int derlen)
  343. {
  344. DSA *dsa;
  345. if ((dsa = d2i_DSAPrivateKey(NULL, pder, derlen)) == NULL) {
  346. DSAerr(DSA_F_OLD_DSA_PRIV_DECODE, ERR_R_DSA_LIB);
  347. return 0;
  348. }
  349. EVP_PKEY_assign_DSA(pkey, dsa);
  350. return 1;
  351. }
  352. static int old_dsa_priv_encode(const EVP_PKEY *pkey, unsigned char **pder)
  353. {
  354. return i2d_DSAPrivateKey(pkey->pkey.dsa, pder);
  355. }
  356. static int dsa_sig_print(BIO *bp, const X509_ALGOR *sigalg,
  357. const ASN1_STRING *sig, int indent, ASN1_PCTX *pctx)
  358. {
  359. DSA_SIG *dsa_sig;
  360. const unsigned char *p;
  361. if (!sig) {
  362. if (BIO_puts(bp, "\n") <= 0)
  363. return 0;
  364. else
  365. return 1;
  366. }
  367. p = sig->data;
  368. dsa_sig = d2i_DSA_SIG(NULL, &p, sig->length);
  369. if (dsa_sig) {
  370. int rv = 0;
  371. const BIGNUM *r, *s;
  372. DSA_SIG_get0(dsa_sig, &r, &s);
  373. if (BIO_write(bp, "\n", 1) != 1)
  374. goto err;
  375. if (!ASN1_bn_print(bp, "r: ", r, NULL, indent))
  376. goto err;
  377. if (!ASN1_bn_print(bp, "s: ", s, NULL, indent))
  378. goto err;
  379. rv = 1;
  380. err:
  381. DSA_SIG_free(dsa_sig);
  382. return rv;
  383. }
  384. if (BIO_puts(bp, "\n") <= 0)
  385. return 0;
  386. return X509_signature_dump(bp, sig, indent);
  387. }
  388. static int dsa_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
  389. {
  390. switch (op) {
  391. case ASN1_PKEY_CTRL_PKCS7_SIGN:
  392. if (arg1 == 0) {
  393. int snid, hnid;
  394. X509_ALGOR *alg1, *alg2;
  395. PKCS7_SIGNER_INFO_get0_algs(arg2, NULL, &alg1, &alg2);
  396. if (alg1 == NULL || alg1->algorithm == NULL)
  397. return -1;
  398. hnid = OBJ_obj2nid(alg1->algorithm);
  399. if (hnid == NID_undef)
  400. return -1;
  401. if (!OBJ_find_sigid_by_algs(&snid, hnid, EVP_PKEY_id(pkey)))
  402. return -1;
  403. X509_ALGOR_set0(alg2, OBJ_nid2obj(snid), V_ASN1_UNDEF, 0);
  404. }
  405. return 1;
  406. #ifndef OPENSSL_NO_CMS
  407. case ASN1_PKEY_CTRL_CMS_SIGN:
  408. if (arg1 == 0) {
  409. int snid, hnid;
  410. X509_ALGOR *alg1, *alg2;
  411. CMS_SignerInfo_get0_algs(arg2, NULL, NULL, &alg1, &alg2);
  412. if (alg1 == NULL || alg1->algorithm == NULL)
  413. return -1;
  414. hnid = OBJ_obj2nid(alg1->algorithm);
  415. if (hnid == NID_undef)
  416. return -1;
  417. if (!OBJ_find_sigid_by_algs(&snid, hnid, EVP_PKEY_id(pkey)))
  418. return -1;
  419. X509_ALGOR_set0(alg2, OBJ_nid2obj(snid), V_ASN1_UNDEF, 0);
  420. }
  421. return 1;
  422. case ASN1_PKEY_CTRL_CMS_RI_TYPE:
  423. *(int *)arg2 = CMS_RECIPINFO_NONE;
  424. return 1;
  425. #endif
  426. case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
  427. *(int *)arg2 = NID_sha256;
  428. return 1;
  429. default:
  430. return -2;
  431. }
  432. }
  433. /* NB these are sorted in pkey_id order, lowest first */
  434. const EVP_PKEY_ASN1_METHOD dsa_asn1_meths[5] = {
  435. {
  436. EVP_PKEY_DSA2,
  437. EVP_PKEY_DSA,
  438. ASN1_PKEY_ALIAS},
  439. {
  440. EVP_PKEY_DSA1,
  441. EVP_PKEY_DSA,
  442. ASN1_PKEY_ALIAS},
  443. {
  444. EVP_PKEY_DSA4,
  445. EVP_PKEY_DSA,
  446. ASN1_PKEY_ALIAS},
  447. {
  448. EVP_PKEY_DSA3,
  449. EVP_PKEY_DSA,
  450. ASN1_PKEY_ALIAS},
  451. {
  452. EVP_PKEY_DSA,
  453. EVP_PKEY_DSA,
  454. 0,
  455. "DSA",
  456. "OpenSSL DSA method",
  457. dsa_pub_decode,
  458. dsa_pub_encode,
  459. dsa_pub_cmp,
  460. dsa_pub_print,
  461. dsa_priv_decode,
  462. dsa_priv_encode,
  463. dsa_priv_print,
  464. int_dsa_size,
  465. dsa_bits,
  466. dsa_security_bits,
  467. dsa_param_decode,
  468. dsa_param_encode,
  469. dsa_missing_parameters,
  470. dsa_copy_parameters,
  471. dsa_cmp_parameters,
  472. dsa_param_print,
  473. dsa_sig_print,
  474. int_dsa_free,
  475. dsa_pkey_ctrl,
  476. old_dsa_priv_decode,
  477. old_dsa_priv_encode}
  478. };