1 /* $OpenBSD: dsa_pmeth.c,v 1.19 2023/12/28 22:11:26 tb Exp $ */ 2 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 3 * project 2006. 4 */ 5 /* ==================================================================== 6 * Copyright (c) 2006 The OpenSSL Project. All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in 17 * the documentation and/or other materials provided with the 18 * distribution. 19 * 20 * 3. All advertising materials mentioning features or use of this 21 * software must display the following acknowledgment: 22 * "This product includes software developed by the OpenSSL Project 23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" 24 * 25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 26 * endorse or promote products derived from this software without 27 * prior written permission. For written permission, please contact 28 * licensing@OpenSSL.org. 29 * 30 * 5. Products derived from this software may not be called "OpenSSL" 31 * nor may "OpenSSL" appear in their names without prior written 32 * permission of the OpenSSL Project. 33 * 34 * 6. Redistributions of any form whatsoever must retain the following 35 * acknowledgment: 36 * "This product includes software developed by the OpenSSL Project 37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" 38 * 39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 50 * OF THE POSSIBILITY OF SUCH DAMAGE. 51 * ==================================================================== 52 * 53 * This product includes cryptographic software written by Eric Young 54 * (eay@cryptsoft.com). This product includes software written by Tim 55 * Hudson (tjh@cryptsoft.com). 56 * 57 */ 58 59 #include <limits.h> 60 #include <stdio.h> 61 #include <string.h> 62 63 #include <openssl/asn1t.h> 64 #include <openssl/bn.h> 65 #include <openssl/err.h> 66 #include <openssl/evp.h> 67 #include <openssl/x509.h> 68 69 #include "bn_local.h" 70 #include "dsa_local.h" 71 #include "evp_local.h" 72 73 /* DSA pkey context structure */ 74 75 typedef struct { 76 /* Parameter gen parameters */ 77 int nbits; /* size of p in bits (default: 1024) */ 78 int qbits; /* size of q in bits (default: 160) */ 79 const EVP_MD *pmd; /* MD for parameter generation */ 80 /* Keygen callback info */ 81 int gentmp[2]; 82 /* message digest */ 83 const EVP_MD *md; /* MD for the signature */ 84 } DSA_PKEY_CTX; 85 86 static int 87 pkey_dsa_init(EVP_PKEY_CTX *ctx) 88 { 89 DSA_PKEY_CTX *dctx; 90 91 dctx = malloc(sizeof(DSA_PKEY_CTX)); 92 if (!dctx) 93 return 0; 94 dctx->nbits = 1024; 95 dctx->qbits = 160; 96 dctx->pmd = NULL; 97 dctx->md = NULL; 98 99 ctx->data = dctx; 100 ctx->keygen_info = dctx->gentmp; 101 ctx->keygen_info_count = 2; 102 103 return 1; 104 } 105 106 static int 107 pkey_dsa_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src) 108 { 109 DSA_PKEY_CTX *dctx, *sctx; 110 111 if (!pkey_dsa_init(dst)) 112 return 0; 113 sctx = src->data; 114 dctx = dst->data; 115 dctx->nbits = sctx->nbits; 116 dctx->qbits = sctx->qbits; 117 dctx->pmd = sctx->pmd; 118 dctx->md = sctx->md; 119 return 1; 120 } 121 122 static void 123 pkey_dsa_cleanup(EVP_PKEY_CTX *ctx) 124 { 125 DSA_PKEY_CTX *dctx = ctx->data; 126 127 free(dctx); 128 } 129 130 static int 131 pkey_dsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *out_siglen, 132 const unsigned char *tbs, size_t tbslen) 133 { 134 DSA *dsa = ctx->pkey->pkey.dsa; 135 DSA_PKEY_CTX *dctx = ctx->data; 136 unsigned int siglen; 137 138 *out_siglen = 0; 139 140 if (tbslen > INT_MAX) 141 return 0; 142 143 if (dctx->md != NULL) { 144 if (tbslen != EVP_MD_size(dctx->md)) 145 return 0; 146 } 147 148 if (!DSA_sign(0, tbs, tbslen, sig, &siglen, dsa)) 149 return 0; 150 151 *out_siglen = siglen; 152 153 return 1; 154 } 155 156 static int 157 pkey_dsa_verify(EVP_PKEY_CTX *ctx, const unsigned char *sig, size_t siglen, 158 const unsigned char *tbs, size_t tbslen) 159 { 160 DSA *dsa = ctx->pkey->pkey.dsa; 161 DSA_PKEY_CTX *dctx = ctx->data; 162 163 if (tbslen > INT_MAX || siglen > INT_MAX) 164 return 0; 165 166 if (dctx->md != NULL) { 167 if (tbslen != EVP_MD_size(dctx->md)) 168 return 0; 169 } 170 171 return DSA_verify(0, tbs, tbslen, sig, siglen, dsa); 172 } 173 174 static int 175 pkey_dsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) 176 { 177 DSA_PKEY_CTX *dctx = ctx->data; 178 179 switch (type) { 180 case EVP_PKEY_CTRL_DSA_PARAMGEN_BITS: 181 if (p1 < 256) 182 return -2; 183 dctx->nbits = p1; 184 return 1; 185 186 case EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS: 187 if (p1 != 160 && p1 != 224 && p1 && p1 != 256) 188 return -2; 189 dctx->qbits = p1; 190 return 1; 191 192 case EVP_PKEY_CTRL_DSA_PARAMGEN_MD: 193 switch (EVP_MD_type((const EVP_MD *)p2)) { 194 case NID_sha1: 195 case NID_sha224: 196 case NID_sha256: 197 break; 198 default: 199 DSAerror(DSA_R_INVALID_DIGEST_TYPE); 200 return 0; 201 } 202 dctx->md = p2; 203 return 1; 204 205 case EVP_PKEY_CTRL_MD: 206 /* ANSI X9.57 and NIST CSOR. */ 207 switch (EVP_MD_type((const EVP_MD *)p2)) { 208 case NID_sha1: 209 case NID_dsa: 210 case NID_dsaWithSHA: 211 case NID_sha224: 212 case NID_sha256: 213 case NID_sha384: 214 case NID_sha512: 215 case NID_sha3_224: 216 case NID_sha3_256: 217 case NID_sha3_384: 218 case NID_sha3_512: 219 break; 220 default: 221 DSAerror(DSA_R_INVALID_DIGEST_TYPE); 222 return 0; 223 } 224 dctx->md = p2; 225 return 1; 226 227 case EVP_PKEY_CTRL_GET_MD: 228 *(const EVP_MD **)p2 = dctx->md; 229 return 1; 230 231 case EVP_PKEY_CTRL_DIGESTINIT: 232 case EVP_PKEY_CTRL_PKCS7_SIGN: 233 case EVP_PKEY_CTRL_CMS_SIGN: 234 return 1; 235 236 case EVP_PKEY_CTRL_PEER_KEY: 237 DSAerror(EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); 238 return -2; 239 default: 240 return -2; 241 } 242 } 243 244 static int 245 pkey_dsa_ctrl_str(EVP_PKEY_CTX *ctx, const char *type, const char *value) 246 { 247 long lval; 248 char *ep; 249 250 if (!strcmp(type, "dsa_paramgen_bits")) { 251 int nbits; 252 253 errno = 0; 254 lval = strtol(value, &ep, 10); 255 if (value[0] == '\0' || *ep != '\0') 256 goto not_a_number; 257 if ((errno == ERANGE && 258 (lval == LONG_MAX || lval == LONG_MIN)) || 259 (lval > INT_MAX || lval < INT_MIN)) 260 goto out_of_range; 261 nbits = lval; 262 return EVP_PKEY_CTX_set_dsa_paramgen_bits(ctx, nbits); 263 } else if (!strcmp(type, "dsa_paramgen_q_bits")) { 264 int qbits; 265 266 errno = 0; 267 lval = strtol(value, &ep, 10); 268 if (value[0] == '\0' || *ep != '\0') 269 goto not_a_number; 270 if ((errno == ERANGE && 271 (lval == LONG_MAX || lval == LONG_MIN)) || 272 (lval > INT_MAX || lval < INT_MIN)) 273 goto out_of_range; 274 qbits = lval; 275 return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, 276 EVP_PKEY_OP_PARAMGEN, EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS, 277 qbits, NULL); 278 } else if (!strcmp(type, "dsa_paramgen_md")) { 279 return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, 280 EVP_PKEY_OP_PARAMGEN, EVP_PKEY_CTRL_DSA_PARAMGEN_MD, 0, 281 (void *)EVP_get_digestbyname(value)); 282 } 283 not_a_number: 284 out_of_range: 285 return -2; 286 } 287 288 static int 289 pkey_dsa_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) 290 { 291 DSA *dsa; 292 DSA_PKEY_CTX *dctx = ctx->data; 293 BN_GENCB *pcb = NULL; 294 BN_GENCB cb = {0}; 295 int ret = 0; 296 297 if ((dsa = DSA_new()) == NULL) 298 goto err; 299 if (ctx->pkey_gencb != NULL) { 300 pcb = &cb; 301 evp_pkey_set_cb_translate(pcb, ctx); 302 } 303 if (!dsa_builtin_paramgen(dsa, dctx->nbits, dctx->qbits, dctx->pmd, 304 NULL, 0, NULL, NULL, NULL, pcb)) 305 goto err; 306 if (!EVP_PKEY_assign_DSA(pkey, dsa)) 307 goto err; 308 dsa = NULL; 309 310 ret = 1; 311 312 err: 313 DSA_free(dsa); 314 315 return ret; 316 } 317 318 static int 319 pkey_dsa_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) 320 { 321 DSA *dsa = NULL; 322 int ret = 0; 323 324 if (ctx->pkey == NULL) { 325 DSAerror(DSA_R_NO_PARAMETERS_SET); 326 goto err; 327 } 328 if ((dsa = DSA_new()) == NULL) 329 goto err; 330 if (!EVP_PKEY_set1_DSA(pkey, dsa)) 331 goto err; 332 333 if (!EVP_PKEY_copy_parameters(pkey, ctx->pkey)) 334 goto err; 335 if (!DSA_generate_key(dsa)) 336 goto err; 337 338 ret = 1; 339 340 err: 341 DSA_free(dsa); 342 343 return ret; 344 } 345 346 const EVP_PKEY_METHOD dsa_pkey_meth = { 347 .pkey_id = EVP_PKEY_DSA, 348 .flags = EVP_PKEY_FLAG_AUTOARGLEN, 349 350 .init = pkey_dsa_init, 351 .copy = pkey_dsa_copy, 352 .cleanup = pkey_dsa_cleanup, 353 354 .paramgen = pkey_dsa_paramgen, 355 356 .keygen = pkey_dsa_keygen, 357 358 .sign = pkey_dsa_sign, 359 360 .verify = pkey_dsa_verify, 361 362 .ctrl = pkey_dsa_ctrl, 363 .ctrl_str = pkey_dsa_ctrl_str 364 }; 365