A local copy of OpenSSL from GitHub
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

567 lines
14 KiB

  1. /*
  2. * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
  3. *
  4. * Licensed under the OpenSSL license (the "License"). You may not use
  5. * this file except in compliance with the License. You can obtain a copy
  6. * in the file LICENSE in the source distribution or at
  7. * https://www.openssl.org/source/license.html
  8. */
  9. #include <stdio.h>
  10. #include "internal/cryptlib.h"
  11. #include <openssl/x509.h>
  12. #include <openssl/asn1.h>
  13. #include "dsa_locl.h"
  14. #include <openssl/bn.h>
  15. #include <openssl/cms.h>
  16. #include "internal/asn1_int.h"
  17. #include "internal/evp_int.h"
  18. static int dsa_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey)
  19. {
  20. const unsigned char *p, *pm;
  21. int pklen, pmlen;
  22. int ptype;
  23. void *pval;
  24. ASN1_STRING *pstr;
  25. X509_ALGOR *palg;
  26. ASN1_INTEGER *public_key = NULL;
  27. DSA *dsa = NULL;
  28. if (!X509_PUBKEY_get0_param(NULL, &p, &pklen, &palg, pubkey))
  29. return 0;
  30. X509_ALGOR_get0(NULL, &ptype, &pval, palg);
  31. if (ptype == V_ASN1_SEQUENCE) {
  32. pstr = pval;
  33. pm = pstr->data;
  34. pmlen = pstr->length;
  35. if ((dsa = d2i_DSAparams(NULL, &pm, pmlen)) == NULL) {
  36. DSAerr(DSA_F_DSA_PUB_DECODE, DSA_R_DECODE_ERROR);
  37. goto err;
  38. }
  39. } else if ((ptype == V_ASN1_NULL) || (ptype == V_ASN1_UNDEF)) {
  40. if ((dsa = DSA_new()) == NULL) {
  41. DSAerr(DSA_F_DSA_PUB_DECODE, ERR_R_MALLOC_FAILURE);
  42. goto err;
  43. }
  44. } else {
  45. DSAerr(DSA_F_DSA_PUB_DECODE, DSA_R_PARAMETER_ENCODING_ERROR);
  46. goto err;
  47. }
  48. if ((public_key = d2i_ASN1_INTEGER(NULL, &p, pklen)) == NULL) {
  49. DSAerr(DSA_F_DSA_PUB_DECODE, DSA_R_DECODE_ERROR);
  50. goto err;
  51. }
  52. if ((dsa->pub_key = ASN1_INTEGER_to_BN(public_key, NULL)) == NULL) {
  53. DSAerr(DSA_F_DSA_PUB_DECODE, DSA_R_BN_DECODE_ERROR);
  54. goto err;
  55. }
  56. ASN1_INTEGER_free(public_key);
  57. EVP_PKEY_assign_DSA(pkey, dsa);
  58. return 1;
  59. err:
  60. ASN1_INTEGER_free(public_key);
  61. DSA_free(dsa);
  62. return 0;
  63. }
  64. static int dsa_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey)
  65. {
  66. DSA *dsa;
  67. int ptype;
  68. unsigned char *penc = NULL;
  69. int penclen;
  70. ASN1_STRING *str = NULL;
  71. ASN1_INTEGER *pubint = NULL;
  72. dsa = pkey->pkey.dsa;
  73. if (pkey->save_parameters && dsa->p && dsa->q && dsa->g) {
  74. str = ASN1_STRING_new();
  75. if (str == NULL) {
  76. DSAerr(DSA_F_DSA_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
  77. goto err;
  78. }
  79. str->length = i2d_DSAparams(dsa, &str->data);
  80. if (str->length <= 0) {
  81. DSAerr(DSA_F_DSA_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
  82. goto err;
  83. }
  84. ptype = V_ASN1_SEQUENCE;
  85. } else
  86. ptype = V_ASN1_UNDEF;
  87. pubint = BN_to_ASN1_INTEGER(dsa->pub_key, NULL);
  88. if (pubint == NULL) {
  89. DSAerr(DSA_F_DSA_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
  90. goto err;
  91. }
  92. penclen = i2d_ASN1_INTEGER(pubint, &penc);
  93. ASN1_INTEGER_free(pubint);
  94. if (penclen <= 0) {
  95. DSAerr(DSA_F_DSA_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
  96. goto err;
  97. }
  98. if (X509_PUBKEY_set0_param(pk, OBJ_nid2obj(EVP_PKEY_DSA),
  99. ptype, str, penc, penclen))
  100. return 1;
  101. err:
  102. OPENSSL_free(penc);
  103. ASN1_STRING_free(str);
  104. return 0;
  105. }
  106. /*
  107. * In PKCS#8 DSA: you just get a private key integer and parameters in the
  108. * AlgorithmIdentifier the pubkey must be recalculated.
  109. */
  110. static int dsa_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8)
  111. {
  112. const unsigned char *p, *pm;
  113. int pklen, pmlen;
  114. int ptype;
  115. void *pval;
  116. ASN1_STRING *pstr;
  117. X509_ALGOR *palg;
  118. ASN1_INTEGER *privkey = NULL;
  119. BN_CTX *ctx = NULL;
  120. DSA *dsa = NULL;
  121. int ret = 0;
  122. if (!PKCS8_pkey_get0(NULL, &p, &pklen, &palg, p8))
  123. return 0;
  124. X509_ALGOR_get0(NULL, &ptype, &pval, palg);
  125. if ((privkey = d2i_ASN1_INTEGER(NULL, &p, pklen)) == NULL)
  126. goto decerr;
  127. if (privkey->type == V_ASN1_NEG_INTEGER || ptype != V_ASN1_SEQUENCE)
  128. goto decerr;
  129. pstr = pval;
  130. pm = pstr->data;
  131. pmlen = pstr->length;
  132. if ((dsa = d2i_DSAparams(NULL, &pm, pmlen)) == NULL)
  133. goto decerr;
  134. /* We have parameters now set private key */
  135. if ((dsa->priv_key = BN_secure_new()) == NULL
  136. || !ASN1_INTEGER_to_BN(privkey, dsa->priv_key)) {
  137. DSAerr(DSA_F_DSA_PRIV_DECODE, DSA_R_BN_ERROR);
  138. goto dsaerr;
  139. }
  140. /* Calculate public key */
  141. if ((dsa->pub_key = BN_new()) == NULL) {
  142. DSAerr(DSA_F_DSA_PRIV_DECODE, ERR_R_MALLOC_FAILURE);
  143. goto dsaerr;
  144. }
  145. if ((ctx = BN_CTX_new()) == NULL) {
  146. DSAerr(DSA_F_DSA_PRIV_DECODE, ERR_R_MALLOC_FAILURE);
  147. goto dsaerr;
  148. }
  149. if (!BN_mod_exp(dsa->pub_key, dsa->g, dsa->priv_key, dsa->p, ctx)) {
  150. DSAerr(DSA_F_DSA_PRIV_DECODE, DSA_R_BN_ERROR);
  151. goto dsaerr;
  152. }
  153. EVP_PKEY_assign_DSA(pkey, dsa);
  154. ret = 1;
  155. goto done;
  156. decerr:
  157. DSAerr(DSA_F_DSA_PRIV_DECODE, DSA_R_DECODE_ERROR);
  158. dsaerr:
  159. DSA_free(dsa);
  160. done:
  161. BN_CTX_free(ctx);
  162. ASN1_STRING_clear_free(privkey);
  163. return ret;
  164. }
  165. static int dsa_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey)
  166. {
  167. ASN1_STRING *params = NULL;
  168. ASN1_INTEGER *prkey = NULL;
  169. unsigned char *dp = NULL;
  170. int dplen;
  171. if (!pkey->pkey.dsa || !pkey->pkey.dsa->priv_key) {
  172. DSAerr(DSA_F_DSA_PRIV_ENCODE, DSA_R_MISSING_PARAMETERS);
  173. goto err;
  174. }
  175. params = ASN1_STRING_new();
  176. if (params == NULL) {
  177. DSAerr(DSA_F_DSA_PRIV_ENCODE, ERR_R_MALLOC_FAILURE);
  178. goto err;
  179. }
  180. params->length = i2d_DSAparams(pkey->pkey.dsa, &params->data);
  181. if (params->length <= 0) {
  182. DSAerr(DSA_F_DSA_PRIV_ENCODE, ERR_R_MALLOC_FAILURE);
  183. goto err;
  184. }
  185. params->type = V_ASN1_SEQUENCE;
  186. /* Get private key into integer */
  187. prkey = BN_to_ASN1_INTEGER(pkey->pkey.dsa->priv_key, NULL);
  188. if (!prkey) {
  189. DSAerr(DSA_F_DSA_PRIV_ENCODE, DSA_R_BN_ERROR);
  190. goto err;
  191. }
  192. dplen = i2d_ASN1_INTEGER(prkey, &dp);
  193. ASN1_STRING_clear_free(prkey);
  194. prkey = NULL;
  195. if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(NID_dsa), 0,
  196. V_ASN1_SEQUENCE, params, dp, dplen))
  197. goto err;
  198. return 1;
  199. err:
  200. OPENSSL_free(dp);
  201. ASN1_STRING_free(params);
  202. ASN1_STRING_clear_free(prkey);
  203. return 0;
  204. }
  205. static int int_dsa_size(const EVP_PKEY *pkey)
  206. {
  207. return (DSA_size(pkey->pkey.dsa));
  208. }
  209. static int dsa_bits(const EVP_PKEY *pkey)
  210. {
  211. return BN_num_bits(pkey->pkey.dsa->p);
  212. }
  213. static int dsa_security_bits(const EVP_PKEY *pkey)
  214. {
  215. return DSA_security_bits(pkey->pkey.dsa);
  216. }
  217. static int dsa_missing_parameters(const EVP_PKEY *pkey)
  218. {
  219. DSA *dsa;
  220. dsa = pkey->pkey.dsa;
  221. if ((dsa->p == NULL) || (dsa->q == NULL) || (dsa->g == NULL))
  222. return 1;
  223. return 0;
  224. }
  225. static int dsa_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from)
  226. {
  227. BIGNUM *a;
  228. if (to->pkey.dsa == NULL) {
  229. to->pkey.dsa = DSA_new();
  230. if (to->pkey.dsa == NULL)
  231. return 0;
  232. }
  233. if ((a = BN_dup(from->pkey.dsa->p)) == NULL)
  234. return 0;
  235. BN_free(to->pkey.dsa->p);
  236. to->pkey.dsa->p = a;
  237. if ((a = BN_dup(from->pkey.dsa->q)) == NULL)
  238. return 0;
  239. BN_free(to->pkey.dsa->q);
  240. to->pkey.dsa->q = a;
  241. if ((a = BN_dup(from->pkey.dsa->g)) == NULL)
  242. return 0;
  243. BN_free(to->pkey.dsa->g);
  244. to->pkey.dsa->g = a;
  245. return 1;
  246. }
  247. static int dsa_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b)
  248. {
  249. if (BN_cmp(a->pkey.dsa->p, b->pkey.dsa->p) ||
  250. BN_cmp(a->pkey.dsa->q, b->pkey.dsa->q) ||
  251. BN_cmp(a->pkey.dsa->g, b->pkey.dsa->g))
  252. return 0;
  253. else
  254. return 1;
  255. }
  256. static int dsa_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b)
  257. {
  258. if (BN_cmp(b->pkey.dsa->pub_key, a->pkey.dsa->pub_key) != 0)
  259. return 0;
  260. else
  261. return 1;
  262. }
  263. static void int_dsa_free(EVP_PKEY *pkey)
  264. {
  265. DSA_free(pkey->pkey.dsa);
  266. }
  267. static int do_dsa_print(BIO *bp, const DSA *x, int off, int ptype)
  268. {
  269. int ret = 0;
  270. const char *ktype = NULL;
  271. const BIGNUM *priv_key, *pub_key;
  272. if (ptype == 2)
  273. priv_key = x->priv_key;
  274. else
  275. priv_key = NULL;
  276. if (ptype > 0)
  277. pub_key = x->pub_key;
  278. else
  279. pub_key = NULL;
  280. if (ptype == 2)
  281. ktype = "Private-Key";
  282. else if (ptype == 1)
  283. ktype = "Public-Key";
  284. else
  285. ktype = "DSA-Parameters";
  286. if (priv_key) {
  287. if (!BIO_indent(bp, off, 128))
  288. goto err;
  289. if (BIO_printf(bp, "%s: (%d bit)\n", ktype, BN_num_bits(x->p))
  290. <= 0)
  291. goto err;
  292. }
  293. if (!ASN1_bn_print(bp, "priv:", priv_key, NULL, off))
  294. goto err;
  295. if (!ASN1_bn_print(bp, "pub: ", pub_key, NULL, off))
  296. goto err;
  297. if (!ASN1_bn_print(bp, "P: ", x->p, NULL, off))
  298. goto err;
  299. if (!ASN1_bn_print(bp, "Q: ", x->q, NULL, off))
  300. goto err;
  301. if (!ASN1_bn_print(bp, "G: ", x->g, NULL, off))
  302. goto err;
  303. ret = 1;
  304. err:
  305. return (ret);
  306. }
  307. static int dsa_param_decode(EVP_PKEY *pkey,
  308. const unsigned char **pder, int derlen)
  309. {
  310. DSA *dsa;
  311. if ((dsa = d2i_DSAparams(NULL, pder, derlen)) == NULL) {
  312. DSAerr(DSA_F_DSA_PARAM_DECODE, ERR_R_DSA_LIB);
  313. return 0;
  314. }
  315. EVP_PKEY_assign_DSA(pkey, dsa);
  316. return 1;
  317. }
  318. static int dsa_param_encode(const EVP_PKEY *pkey, unsigned char **pder)
  319. {
  320. return i2d_DSAparams(pkey->pkey.dsa, pder);
  321. }
  322. static int dsa_param_print(BIO *bp, const EVP_PKEY *pkey, int indent,
  323. ASN1_PCTX *ctx)
  324. {
  325. return do_dsa_print(bp, pkey->pkey.dsa, indent, 0);
  326. }
  327. static int dsa_pub_print(BIO *bp, const EVP_PKEY *pkey, int indent,
  328. ASN1_PCTX *ctx)
  329. {
  330. return do_dsa_print(bp, pkey->pkey.dsa, indent, 1);
  331. }
  332. static int dsa_priv_print(BIO *bp, const EVP_PKEY *pkey, int indent,
  333. ASN1_PCTX *ctx)
  334. {
  335. return do_dsa_print(bp, pkey->pkey.dsa, indent, 2);
  336. }
  337. static int old_dsa_priv_decode(EVP_PKEY *pkey,
  338. const unsigned char **pder, int derlen)
  339. {
  340. DSA *dsa;
  341. if ((dsa = d2i_DSAPrivateKey(NULL, pder, derlen)) == NULL) {
  342. DSAerr(DSA_F_OLD_DSA_PRIV_DECODE, ERR_R_DSA_LIB);
  343. return 0;
  344. }
  345. EVP_PKEY_assign_DSA(pkey, dsa);
  346. return 1;
  347. }
  348. static int old_dsa_priv_encode(const EVP_PKEY *pkey, unsigned char **pder)
  349. {
  350. return i2d_DSAPrivateKey(pkey->pkey.dsa, pder);
  351. }
  352. static int dsa_sig_print(BIO *bp, const X509_ALGOR *sigalg,
  353. const ASN1_STRING *sig, int indent, ASN1_PCTX *pctx)
  354. {
  355. DSA_SIG *dsa_sig;
  356. const unsigned char *p;
  357. if (!sig) {
  358. if (BIO_puts(bp, "\n") <= 0)
  359. return 0;
  360. else
  361. return 1;
  362. }
  363. p = sig->data;
  364. dsa_sig = d2i_DSA_SIG(NULL, &p, sig->length);
  365. if (dsa_sig) {
  366. int rv = 0;
  367. BIGNUM *r, *s;
  368. DSA_SIG_get0(&r, &s, dsa_sig);
  369. if (BIO_write(bp, "\n", 1) != 1)
  370. goto err;
  371. if (!ASN1_bn_print(bp, "r: ", r, NULL, indent))
  372. goto err;
  373. if (!ASN1_bn_print(bp, "s: ", s, NULL, indent))
  374. goto err;
  375. rv = 1;
  376. err:
  377. DSA_SIG_free(dsa_sig);
  378. return rv;
  379. }
  380. return X509_signature_dump(bp, sig, indent);
  381. }
  382. static int dsa_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
  383. {
  384. switch (op) {
  385. case ASN1_PKEY_CTRL_PKCS7_SIGN:
  386. if (arg1 == 0) {
  387. int snid, hnid;
  388. X509_ALGOR *alg1, *alg2;
  389. PKCS7_SIGNER_INFO_get0_algs(arg2, NULL, &alg1, &alg2);
  390. if (alg1 == NULL || alg1->algorithm == NULL)
  391. return -1;
  392. hnid = OBJ_obj2nid(alg1->algorithm);
  393. if (hnid == NID_undef)
  394. return -1;
  395. if (!OBJ_find_sigid_by_algs(&snid, hnid, EVP_PKEY_id(pkey)))
  396. return -1;
  397. X509_ALGOR_set0(alg2, OBJ_nid2obj(snid), V_ASN1_UNDEF, 0);
  398. }
  399. return 1;
  400. #ifndef OPENSSL_NO_CMS
  401. case ASN1_PKEY_CTRL_CMS_SIGN:
  402. if (arg1 == 0) {
  403. int snid, hnid;
  404. X509_ALGOR *alg1, *alg2;
  405. CMS_SignerInfo_get0_algs(arg2, NULL, NULL, &alg1, &alg2);
  406. if (alg1 == NULL || alg1->algorithm == NULL)
  407. return -1;
  408. hnid = OBJ_obj2nid(alg1->algorithm);
  409. if (hnid == NID_undef)
  410. return -1;
  411. if (!OBJ_find_sigid_by_algs(&snid, hnid, EVP_PKEY_id(pkey)))
  412. return -1;
  413. X509_ALGOR_set0(alg2, OBJ_nid2obj(snid), V_ASN1_UNDEF, 0);
  414. }
  415. return 1;
  416. case ASN1_PKEY_CTRL_CMS_RI_TYPE:
  417. *(int *)arg2 = CMS_RECIPINFO_NONE;
  418. return 1;
  419. #endif
  420. case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
  421. *(int *)arg2 = NID_sha256;
  422. return 2;
  423. default:
  424. return -2;
  425. }
  426. }
  427. /* NB these are sorted in pkey_id order, lowest first */
  428. const EVP_PKEY_ASN1_METHOD dsa_asn1_meths[] = {
  429. {
  430. EVP_PKEY_DSA2,
  431. EVP_PKEY_DSA,
  432. ASN1_PKEY_ALIAS},
  433. {
  434. EVP_PKEY_DSA1,
  435. EVP_PKEY_DSA,
  436. ASN1_PKEY_ALIAS},
  437. {
  438. EVP_PKEY_DSA4,
  439. EVP_PKEY_DSA,
  440. ASN1_PKEY_ALIAS},
  441. {
  442. EVP_PKEY_DSA3,
  443. EVP_PKEY_DSA,
  444. ASN1_PKEY_ALIAS},
  445. {
  446. EVP_PKEY_DSA,
  447. EVP_PKEY_DSA,
  448. 0,
  449. "DSA",
  450. "OpenSSL DSA method",
  451. dsa_pub_decode,
  452. dsa_pub_encode,
  453. dsa_pub_cmp,
  454. dsa_pub_print,
  455. dsa_priv_decode,
  456. dsa_priv_encode,
  457. dsa_priv_print,
  458. int_dsa_size,
  459. dsa_bits,
  460. dsa_security_bits,
  461. dsa_param_decode,
  462. dsa_param_encode,
  463. dsa_missing_parameters,
  464. dsa_copy_parameters,
  465. dsa_cmp_parameters,
  466. dsa_param_print,
  467. dsa_sig_print,
  468. int_dsa_free,
  469. dsa_pkey_ctrl,
  470. old_dsa_priv_decode,
  471. old_dsa_priv_encode}
  472. };