dsa_ameth.c 14 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588
  1. /*
  2. * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved.
  3. *
  4. * Licensed under the Apache License 2.0 (the "License"). You may not use
  5. * this file except in compliance with the License. You can obtain a copy
  6. * in the file LICENSE in the source distribution or at
  7. * https://www.openssl.org/source/license.html
  8. */
  9. /*
  10. * DSA low level APIs are deprecated for public use, but still ok for
  11. * internal use.
  12. */
  13. #include "internal/deprecated.h"
  14. #include <stdio.h>
  15. #include <openssl/x509.h>
  16. #include <openssl/asn1.h>
  17. #include <openssl/bn.h>
  18. #include <openssl/core_names.h>
  19. #include <openssl/param_build.h>
  20. #include "internal/cryptlib.h"
  21. #include "crypto/asn1.h"
  22. #include "crypto/dsa.h"
  23. #include "crypto/evp.h"
  24. #include "internal/ffc.h"
  25. #include "dsa_local.h"
  26. static int dsa_pub_decode(EVP_PKEY *pkey, const X509_PUBKEY *pubkey)
  27. {
  28. const unsigned char *p, *pm;
  29. int pklen, pmlen;
  30. int ptype;
  31. const void *pval;
  32. const ASN1_STRING *pstr;
  33. X509_ALGOR *palg;
  34. ASN1_INTEGER *public_key = NULL;
  35. DSA *dsa = NULL;
  36. if (!X509_PUBKEY_get0_param(NULL, &p, &pklen, &palg, pubkey))
  37. return 0;
  38. X509_ALGOR_get0(NULL, &ptype, &pval, palg);
  39. if (ptype == V_ASN1_SEQUENCE) {
  40. pstr = pval;
  41. pm = pstr->data;
  42. pmlen = pstr->length;
  43. if ((dsa = d2i_DSAparams(NULL, &pm, pmlen)) == NULL) {
  44. ERR_raise(ERR_LIB_DSA, DSA_R_DECODE_ERROR);
  45. goto err;
  46. }
  47. } else if ((ptype == V_ASN1_NULL) || (ptype == V_ASN1_UNDEF)) {
  48. if ((dsa = DSA_new()) == NULL) {
  49. ERR_raise(ERR_LIB_DSA, ERR_R_MALLOC_FAILURE);
  50. goto err;
  51. }
  52. } else {
  53. ERR_raise(ERR_LIB_DSA, DSA_R_PARAMETER_ENCODING_ERROR);
  54. goto err;
  55. }
  56. if ((public_key = d2i_ASN1_INTEGER(NULL, &p, pklen)) == NULL) {
  57. ERR_raise(ERR_LIB_DSA, DSA_R_DECODE_ERROR);
  58. goto err;
  59. }
  60. if ((dsa->pub_key = ASN1_INTEGER_to_BN(public_key, NULL)) == NULL) {
  61. ERR_raise(ERR_LIB_DSA, DSA_R_BN_DECODE_ERROR);
  62. goto err;
  63. }
  64. dsa->dirty_cnt++;
  65. ASN1_INTEGER_free(public_key);
  66. EVP_PKEY_assign_DSA(pkey, dsa);
  67. return 1;
  68. err:
  69. ASN1_INTEGER_free(public_key);
  70. DSA_free(dsa);
  71. return 0;
  72. }
  73. static int dsa_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey)
  74. {
  75. DSA *dsa;
  76. int ptype;
  77. unsigned char *penc = NULL;
  78. int penclen;
  79. ASN1_STRING *str = NULL;
  80. ASN1_INTEGER *pubint = NULL;
  81. ASN1_OBJECT *aobj;
  82. dsa = pkey->pkey.dsa;
  83. if (pkey->save_parameters
  84. && dsa->params.p != NULL
  85. && dsa->params.q != NULL
  86. && dsa->params.g != NULL) {
  87. str = ASN1_STRING_new();
  88. if (str == NULL) {
  89. ERR_raise(ERR_LIB_DSA, ERR_R_MALLOC_FAILURE);
  90. goto err;
  91. }
  92. str->length = i2d_DSAparams(dsa, &str->data);
  93. if (str->length <= 0) {
  94. ERR_raise(ERR_LIB_DSA, ERR_R_MALLOC_FAILURE);
  95. goto err;
  96. }
  97. ptype = V_ASN1_SEQUENCE;
  98. } else
  99. ptype = V_ASN1_UNDEF;
  100. pubint = BN_to_ASN1_INTEGER(dsa->pub_key, NULL);
  101. if (pubint == NULL) {
  102. ERR_raise(ERR_LIB_DSA, ERR_R_MALLOC_FAILURE);
  103. goto err;
  104. }
  105. penclen = i2d_ASN1_INTEGER(pubint, &penc);
  106. ASN1_INTEGER_free(pubint);
  107. if (penclen <= 0) {
  108. ERR_raise(ERR_LIB_DSA, ERR_R_MALLOC_FAILURE);
  109. goto err;
  110. }
  111. aobj = OBJ_nid2obj(EVP_PKEY_DSA);
  112. if (aobj == NULL)
  113. goto err;
  114. if (X509_PUBKEY_set0_param(pk, aobj, ptype, str, penc, penclen))
  115. return 1;
  116. err:
  117. OPENSSL_free(penc);
  118. ASN1_STRING_free(str);
  119. return 0;
  120. }
  121. /*
  122. * In PKCS#8 DSA: you just get a private key integer and parameters in the
  123. * AlgorithmIdentifier the pubkey must be recalculated.
  124. */
  125. static int dsa_priv_decode(EVP_PKEY *pkey, const PKCS8_PRIV_KEY_INFO *p8)
  126. {
  127. int ret = 0;
  128. DSA *dsa = ossl_dsa_key_from_pkcs8(p8, NULL, NULL);
  129. if (dsa != NULL) {
  130. ret = 1;
  131. EVP_PKEY_assign_DSA(pkey, dsa);
  132. }
  133. return ret;
  134. }
  135. static int dsa_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey)
  136. {
  137. ASN1_STRING *params = NULL;
  138. ASN1_INTEGER *prkey = NULL;
  139. unsigned char *dp = NULL;
  140. int dplen;
  141. if (pkey->pkey.dsa == NULL|| pkey->pkey.dsa->priv_key == NULL) {
  142. ERR_raise(ERR_LIB_DSA, DSA_R_MISSING_PARAMETERS);
  143. goto err;
  144. }
  145. params = ASN1_STRING_new();
  146. if (params == NULL) {
  147. ERR_raise(ERR_LIB_DSA, ERR_R_MALLOC_FAILURE);
  148. goto err;
  149. }
  150. params->length = i2d_DSAparams(pkey->pkey.dsa, &params->data);
  151. if (params->length <= 0) {
  152. ERR_raise(ERR_LIB_DSA, ERR_R_MALLOC_FAILURE);
  153. goto err;
  154. }
  155. params->type = V_ASN1_SEQUENCE;
  156. /* Get private key into integer */
  157. prkey = BN_to_ASN1_INTEGER(pkey->pkey.dsa->priv_key, NULL);
  158. if (prkey == NULL) {
  159. ERR_raise(ERR_LIB_DSA, DSA_R_BN_ERROR);
  160. goto err;
  161. }
  162. dplen = i2d_ASN1_INTEGER(prkey, &dp);
  163. ASN1_STRING_clear_free(prkey);
  164. prkey = NULL;
  165. if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(NID_dsa), 0,
  166. V_ASN1_SEQUENCE, params, dp, dplen))
  167. goto err;
  168. return 1;
  169. err:
  170. OPENSSL_free(dp);
  171. ASN1_STRING_free(params);
  172. ASN1_STRING_clear_free(prkey);
  173. return 0;
  174. }
  175. static int int_dsa_size(const EVP_PKEY *pkey)
  176. {
  177. return DSA_size(pkey->pkey.dsa);
  178. }
  179. static int dsa_bits(const EVP_PKEY *pkey)
  180. {
  181. return DSA_bits(pkey->pkey.dsa);
  182. }
  183. static int dsa_security_bits(const EVP_PKEY *pkey)
  184. {
  185. return DSA_security_bits(pkey->pkey.dsa);
  186. }
  187. static int dsa_missing_parameters(const EVP_PKEY *pkey)
  188. {
  189. DSA *dsa;
  190. dsa = pkey->pkey.dsa;
  191. return dsa == NULL
  192. || dsa->params.p == NULL
  193. || dsa->params.q == NULL
  194. || dsa->params.g == NULL;
  195. }
  196. static int dsa_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from)
  197. {
  198. if (to->pkey.dsa == NULL) {
  199. to->pkey.dsa = DSA_new();
  200. if (to->pkey.dsa == NULL)
  201. return 0;
  202. }
  203. if (!ossl_ffc_params_copy(&to->pkey.dsa->params, &from->pkey.dsa->params))
  204. return 0;
  205. to->pkey.dsa->dirty_cnt++;
  206. return 1;
  207. }
  208. static int dsa_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b)
  209. {
  210. return ossl_ffc_params_cmp(&a->pkey.dsa->params, &b->pkey.dsa->params, 1);
  211. }
  212. static int dsa_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b)
  213. {
  214. return BN_cmp(b->pkey.dsa->pub_key, a->pkey.dsa->pub_key) == 0;
  215. }
  216. static void int_dsa_free(EVP_PKEY *pkey)
  217. {
  218. DSA_free(pkey->pkey.dsa);
  219. }
  220. static int do_dsa_print(BIO *bp, const DSA *x, int off, int ptype)
  221. {
  222. int ret = 0;
  223. const char *ktype = NULL;
  224. const BIGNUM *priv_key, *pub_key;
  225. int mod_len = 0;
  226. if (x->params.p != NULL)
  227. mod_len = DSA_bits(x);
  228. if (ptype == 2)
  229. priv_key = x->priv_key;
  230. else
  231. priv_key = NULL;
  232. if (ptype > 0)
  233. pub_key = x->pub_key;
  234. else
  235. pub_key = NULL;
  236. if (ptype == 2)
  237. ktype = "Private-Key";
  238. else if (ptype == 1)
  239. ktype = "Public-Key";
  240. else
  241. ktype = "DSA-Parameters";
  242. if (priv_key != NULL) {
  243. if (!BIO_indent(bp, off, 128))
  244. goto err;
  245. if (BIO_printf(bp, "%s: (%d bit)\n", ktype, mod_len) <= 0)
  246. goto err;
  247. } else {
  248. if (BIO_printf(bp, "Public-Key: (%d bit)\n", mod_len) <= 0)
  249. goto err;
  250. }
  251. if (!ASN1_bn_print(bp, "priv:", priv_key, NULL, off))
  252. goto err;
  253. if (!ASN1_bn_print(bp, "pub: ", pub_key, NULL, off))
  254. goto err;
  255. if (!ossl_ffc_params_print(bp, &x->params, off))
  256. goto err;
  257. ret = 1;
  258. err:
  259. return ret;
  260. }
  261. static int dsa_param_decode(EVP_PKEY *pkey,
  262. const unsigned char **pder, int derlen)
  263. {
  264. DSA *dsa;
  265. if ((dsa = d2i_DSAparams(NULL, pder, derlen)) == NULL)
  266. return 0;
  267. dsa->dirty_cnt++;
  268. EVP_PKEY_assign_DSA(pkey, dsa);
  269. return 1;
  270. }
  271. static int dsa_param_encode(const EVP_PKEY *pkey, unsigned char **pder)
  272. {
  273. return i2d_DSAparams(pkey->pkey.dsa, pder);
  274. }
  275. static int dsa_param_print(BIO *bp, const EVP_PKEY *pkey, int indent,
  276. ASN1_PCTX *ctx)
  277. {
  278. return do_dsa_print(bp, pkey->pkey.dsa, indent, 0);
  279. }
  280. static int dsa_pub_print(BIO *bp, const EVP_PKEY *pkey, int indent,
  281. ASN1_PCTX *ctx)
  282. {
  283. return do_dsa_print(bp, pkey->pkey.dsa, indent, 1);
  284. }
  285. static int dsa_priv_print(BIO *bp, const EVP_PKEY *pkey, int indent,
  286. ASN1_PCTX *ctx)
  287. {
  288. return do_dsa_print(bp, pkey->pkey.dsa, indent, 2);
  289. }
  290. static int old_dsa_priv_decode(EVP_PKEY *pkey,
  291. const unsigned char **pder, int derlen)
  292. {
  293. DSA *dsa;
  294. if ((dsa = d2i_DSAPrivateKey(NULL, pder, derlen)) == NULL) {
  295. ERR_raise(ERR_LIB_DSA, ERR_R_DSA_LIB);
  296. return 0;
  297. }
  298. dsa->dirty_cnt++;
  299. EVP_PKEY_assign_DSA(pkey, dsa);
  300. return 1;
  301. }
  302. static int old_dsa_priv_encode(const EVP_PKEY *pkey, unsigned char **pder)
  303. {
  304. return i2d_DSAPrivateKey(pkey->pkey.dsa, pder);
  305. }
  306. static int dsa_sig_print(BIO *bp, const X509_ALGOR *sigalg,
  307. const ASN1_STRING *sig, int indent, ASN1_PCTX *pctx)
  308. {
  309. DSA_SIG *dsa_sig;
  310. const unsigned char *p;
  311. if (sig == NULL) {
  312. if (BIO_puts(bp, "\n") <= 0)
  313. return 0;
  314. else
  315. return 1;
  316. }
  317. p = sig->data;
  318. dsa_sig = d2i_DSA_SIG(NULL, &p, sig->length);
  319. if (dsa_sig != NULL) {
  320. int rv = 0;
  321. const BIGNUM *r, *s;
  322. DSA_SIG_get0(dsa_sig, &r, &s);
  323. if (BIO_write(bp, "\n", 1) != 1)
  324. goto err;
  325. if (!ASN1_bn_print(bp, "r: ", r, NULL, indent))
  326. goto err;
  327. if (!ASN1_bn_print(bp, "s: ", s, NULL, indent))
  328. goto err;
  329. rv = 1;
  330. err:
  331. DSA_SIG_free(dsa_sig);
  332. return rv;
  333. }
  334. if (BIO_puts(bp, "\n") <= 0)
  335. return 0;
  336. return X509_signature_dump(bp, sig, indent);
  337. }
  338. static int dsa_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
  339. {
  340. switch (op) {
  341. case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
  342. *(int *)arg2 = NID_sha256;
  343. return 1;
  344. default:
  345. return -2;
  346. }
  347. }
  348. static size_t dsa_pkey_dirty_cnt(const EVP_PKEY *pkey)
  349. {
  350. return pkey->pkey.dsa->dirty_cnt;
  351. }
  352. static int dsa_pkey_export_to(const EVP_PKEY *from, void *to_keydata,
  353. OSSL_FUNC_keymgmt_import_fn *importer,
  354. OSSL_LIB_CTX *libctx, const char *propq)
  355. {
  356. DSA *dsa = from->pkey.dsa;
  357. OSSL_PARAM_BLD *tmpl;
  358. const BIGNUM *p = DSA_get0_p(dsa), *g = DSA_get0_g(dsa);
  359. const BIGNUM *q = DSA_get0_q(dsa), *pub_key = DSA_get0_pub_key(dsa);
  360. const BIGNUM *priv_key = DSA_get0_priv_key(dsa);
  361. OSSL_PARAM *params;
  362. int selection = 0;
  363. int rv = 0;
  364. /*
  365. * If the DSA method is foreign, then we can't be sure of anything, and
  366. * can therefore not export or pretend to export.
  367. */
  368. if (DSA_get_method(dsa) != DSA_OpenSSL())
  369. return 0;
  370. if (p == NULL || q == NULL || g == NULL)
  371. return 0;
  372. tmpl = OSSL_PARAM_BLD_new();
  373. if (tmpl == NULL)
  374. return 0;
  375. if (!OSSL_PARAM_BLD_push_BN(tmpl, OSSL_PKEY_PARAM_FFC_P, p)
  376. || !OSSL_PARAM_BLD_push_BN(tmpl, OSSL_PKEY_PARAM_FFC_Q, q)
  377. || !OSSL_PARAM_BLD_push_BN(tmpl, OSSL_PKEY_PARAM_FFC_G, g))
  378. goto err;
  379. selection |= OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS;
  380. if (pub_key != NULL) {
  381. if (!OSSL_PARAM_BLD_push_BN(tmpl, OSSL_PKEY_PARAM_PUB_KEY,
  382. pub_key))
  383. goto err;
  384. selection |= OSSL_KEYMGMT_SELECT_PUBLIC_KEY;
  385. }
  386. if (priv_key != NULL) {
  387. if (!OSSL_PARAM_BLD_push_BN(tmpl, OSSL_PKEY_PARAM_PRIV_KEY,
  388. priv_key))
  389. goto err;
  390. selection |= OSSL_KEYMGMT_SELECT_PRIVATE_KEY;
  391. }
  392. if ((params = OSSL_PARAM_BLD_to_param(tmpl)) == NULL)
  393. goto err;
  394. /* We export, the provider imports */
  395. rv = importer(to_keydata, selection, params);
  396. OSSL_PARAM_free(params);
  397. err:
  398. OSSL_PARAM_BLD_free(tmpl);
  399. return rv;
  400. }
  401. static int dsa_pkey_import_from(const OSSL_PARAM params[], void *vpctx)
  402. {
  403. EVP_PKEY_CTX *pctx = vpctx;
  404. EVP_PKEY *pkey = EVP_PKEY_CTX_get0_pkey(pctx);
  405. DSA *dsa = ossl_dsa_new(pctx->libctx);
  406. if (dsa == NULL) {
  407. ERR_raise(ERR_LIB_DSA, ERR_R_MALLOC_FAILURE);
  408. return 0;
  409. }
  410. if (!ossl_dsa_ffc_params_fromdata(dsa, params)
  411. || !ossl_dsa_key_fromdata(dsa, params)
  412. || !EVP_PKEY_assign_DSA(pkey, dsa)) {
  413. DSA_free(dsa);
  414. return 0;
  415. }
  416. return 1;
  417. }
  418. static int dsa_pkey_copy(EVP_PKEY *to, EVP_PKEY *from)
  419. {
  420. DSA *dsa = from->pkey.dsa;
  421. DSA *dupkey = NULL;
  422. int ret;
  423. if (dsa != NULL) {
  424. dupkey = ossl_dsa_dup(dsa, OSSL_KEYMGMT_SELECT_ALL);
  425. if (dupkey == NULL)
  426. return 0;
  427. }
  428. ret = EVP_PKEY_assign_DSA(to, dupkey);
  429. if (!ret)
  430. DSA_free(dupkey);
  431. return ret;
  432. }
  433. /* NB these are sorted in pkey_id order, lowest first */
  434. const EVP_PKEY_ASN1_METHOD ossl_dsa_asn1_meths[5] = {
  435. {
  436. EVP_PKEY_DSA2,
  437. EVP_PKEY_DSA,
  438. ASN1_PKEY_ALIAS},
  439. {
  440. EVP_PKEY_DSA1,
  441. EVP_PKEY_DSA,
  442. ASN1_PKEY_ALIAS},
  443. {
  444. EVP_PKEY_DSA4,
  445. EVP_PKEY_DSA,
  446. ASN1_PKEY_ALIAS},
  447. {
  448. EVP_PKEY_DSA3,
  449. EVP_PKEY_DSA,
  450. ASN1_PKEY_ALIAS},
  451. {
  452. EVP_PKEY_DSA,
  453. EVP_PKEY_DSA,
  454. 0,
  455. "DSA",
  456. "OpenSSL DSA method",
  457. dsa_pub_decode,
  458. dsa_pub_encode,
  459. dsa_pub_cmp,
  460. dsa_pub_print,
  461. dsa_priv_decode,
  462. dsa_priv_encode,
  463. dsa_priv_print,
  464. int_dsa_size,
  465. dsa_bits,
  466. dsa_security_bits,
  467. dsa_param_decode,
  468. dsa_param_encode,
  469. dsa_missing_parameters,
  470. dsa_copy_parameters,
  471. dsa_cmp_parameters,
  472. dsa_param_print,
  473. dsa_sig_print,
  474. int_dsa_free,
  475. dsa_pkey_ctrl,
  476. old_dsa_priv_decode,
  477. old_dsa_priv_encode,
  478. NULL, NULL, NULL,
  479. NULL, NULL, NULL,
  480. NULL, NULL, NULL, NULL,
  481. dsa_pkey_dirty_cnt,
  482. dsa_pkey_export_to,
  483. dsa_pkey_import_from,
  484. dsa_pkey_copy
  485. }
  486. };