1 /* $OpenBSD: dsa_pmeth.c,v 1.12 2019/09/09 18:06:25 jsing Exp $ */ 2 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 3 * project 2006. 4 */ 5 /* ==================================================================== 6 * Copyright (c) 2006 The OpenSSL Project. All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in 17 * the documentation and/or other materials provided with the 18 * distribution. 19 * 20 * 3. All advertising materials mentioning features or use of this 21 * software must display the following acknowledgment: 22 * "This product includes software developed by the OpenSSL Project 23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" 24 * 25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 26 * endorse or promote products derived from this software without 27 * prior written permission. For written permission, please contact 28 * licensing@OpenSSL.org. 29 * 30 * 5. Products derived from this software may not be called "OpenSSL" 31 * nor may "OpenSSL" appear in their names without prior written 32 * permission of the OpenSSL Project. 33 * 34 * 6. Redistributions of any form whatsoever must retain the following 35 * acknowledgment: 36 * "This product includes software developed by the OpenSSL Project 37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" 38 * 39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 50 * OF THE POSSIBILITY OF SUCH DAMAGE. 51 * ==================================================================== 52 * 53 * This product includes cryptographic software written by Eric Young 54 * (eay@cryptsoft.com). This product includes software written by Tim 55 * Hudson (tjh@cryptsoft.com). 56 * 57 */ 58 59 #include <limits.h> 60 #include <stdio.h> 61 #include <string.h> 62 63 #include <openssl/asn1t.h> 64 #include <openssl/bn.h> 65 #include <openssl/err.h> 66 #include <openssl/evp.h> 67 #include <openssl/x509.h> 68 69 #include "dsa_locl.h" 70 #include "evp_locl.h" 71 72 /* DSA pkey context structure */ 73 74 typedef struct { 75 /* Parameter gen parameters */ 76 int nbits; /* size of p in bits (default: 1024) */ 77 int qbits; /* size of q in bits (default: 160) */ 78 const EVP_MD *pmd; /* MD for parameter generation */ 79 /* Keygen callback info */ 80 int gentmp[2]; 81 /* message digest */ 82 const EVP_MD *md; /* MD for the signature */ 83 } DSA_PKEY_CTX; 84 85 static int 86 pkey_dsa_init(EVP_PKEY_CTX *ctx) 87 { 88 DSA_PKEY_CTX *dctx; 89 90 dctx = malloc(sizeof(DSA_PKEY_CTX)); 91 if (!dctx) 92 return 0; 93 dctx->nbits = 1024; 94 dctx->qbits = 160; 95 dctx->pmd = NULL; 96 dctx->md = NULL; 97 98 ctx->data = dctx; 99 ctx->keygen_info = dctx->gentmp; 100 ctx->keygen_info_count = 2; 101 102 return 1; 103 } 104 105 static int 106 pkey_dsa_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src) 107 { 108 DSA_PKEY_CTX *dctx, *sctx; 109 110 if (!pkey_dsa_init(dst)) 111 return 0; 112 sctx = src->data; 113 dctx = dst->data; 114 dctx->nbits = sctx->nbits; 115 dctx->qbits = sctx->qbits; 116 dctx->pmd = sctx->pmd; 117 dctx->md = sctx->md; 118 return 1; 119 } 120 121 static void 122 pkey_dsa_cleanup(EVP_PKEY_CTX *ctx) 123 { 124 DSA_PKEY_CTX *dctx = ctx->data; 125 126 free(dctx); 127 } 128 129 static int 130 pkey_dsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, 131 const unsigned char *tbs, size_t tbslen) 132 { 133 int ret, type; 134 unsigned int sltmp; 135 DSA_PKEY_CTX *dctx = ctx->data; 136 DSA *dsa = ctx->pkey->pkey.dsa; 137 138 if (dctx->md) 139 type = EVP_MD_type(dctx->md); 140 else 141 type = NID_sha1; 142 143 ret = DSA_sign(type, tbs, tbslen, sig, &sltmp, dsa); 144 145 if (ret <= 0) 146 return ret; 147 *siglen = sltmp; 148 return 1; 149 } 150 151 static int 152 pkey_dsa_verify(EVP_PKEY_CTX *ctx, const unsigned char *sig, size_t siglen, 153 const unsigned char *tbs, size_t tbslen) 154 { 155 int ret, type; 156 DSA_PKEY_CTX *dctx = ctx->data; 157 DSA *dsa = ctx->pkey->pkey.dsa; 158 159 if (dctx->md) 160 type = EVP_MD_type(dctx->md); 161 else 162 type = NID_sha1; 163 164 ret = DSA_verify(type, tbs, tbslen, sig, siglen, dsa); 165 166 return ret; 167 } 168 169 static int 170 pkey_dsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) 171 { 172 DSA_PKEY_CTX *dctx = ctx->data; 173 174 switch (type) { 175 case EVP_PKEY_CTRL_DSA_PARAMGEN_BITS: 176 if (p1 < 256) 177 return -2; 178 dctx->nbits = p1; 179 return 1; 180 181 case EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS: 182 if (p1 != 160 && p1 != 224 && p1 && p1 != 256) 183 return -2; 184 dctx->qbits = p1; 185 return 1; 186 187 case EVP_PKEY_CTRL_DSA_PARAMGEN_MD: 188 switch (EVP_MD_type((const EVP_MD *)p2)) { 189 case NID_sha1: 190 case NID_sha224: 191 case NID_sha256: 192 break; 193 default: 194 DSAerror(DSA_R_INVALID_DIGEST_TYPE); 195 return 0; 196 } 197 dctx->md = p2; 198 return 1; 199 200 case EVP_PKEY_CTRL_MD: 201 switch (EVP_MD_type((const EVP_MD *)p2)) { 202 case NID_sha1: 203 case NID_dsa: 204 case NID_dsaWithSHA: 205 case NID_sha224: 206 case NID_sha256: 207 case NID_sha384: 208 case NID_sha512: 209 break; 210 default: 211 DSAerror(DSA_R_INVALID_DIGEST_TYPE); 212 return 0; 213 } 214 dctx->md = p2; 215 return 1; 216 217 case EVP_PKEY_CTRL_GET_MD: 218 *(const EVP_MD **)p2 = dctx->md; 219 return 1; 220 221 case EVP_PKEY_CTRL_DIGESTINIT: 222 case EVP_PKEY_CTRL_PKCS7_SIGN: 223 case EVP_PKEY_CTRL_CMS_SIGN: 224 return 1; 225 226 case EVP_PKEY_CTRL_PEER_KEY: 227 DSAerror(EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); 228 return -2; 229 default: 230 return -2; 231 } 232 } 233 234 static int 235 pkey_dsa_ctrl_str(EVP_PKEY_CTX *ctx, const char *type, const char *value) 236 { 237 long lval; 238 char *ep; 239 240 if (!strcmp(type, "dsa_paramgen_bits")) { 241 int nbits; 242 243 errno = 0; 244 lval = strtol(value, &ep, 10); 245 if (value[0] == '\0' || *ep != '\0') 246 goto not_a_number; 247 if ((errno == ERANGE && 248 (lval == LONG_MAX || lval == LONG_MIN)) || 249 (lval > INT_MAX || lval < INT_MIN)) 250 goto out_of_range; 251 nbits = lval; 252 return EVP_PKEY_CTX_set_dsa_paramgen_bits(ctx, nbits); 253 } else if (!strcmp(type, "dsa_paramgen_q_bits")) { 254 int qbits; 255 256 errno = 0; 257 lval = strtol(value, &ep, 10); 258 if (value[0] == '\0' || *ep != '\0') 259 goto not_a_number; 260 if ((errno == ERANGE && 261 (lval == LONG_MAX || lval == LONG_MIN)) || 262 (lval > INT_MAX || lval < INT_MIN)) 263 goto out_of_range; 264 qbits = lval; 265 return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, 266 EVP_PKEY_OP_PARAMGEN, EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS, 267 qbits, NULL); 268 } else if (!strcmp(type, "dsa_paramgen_md")) { 269 return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, 270 EVP_PKEY_OP_PARAMGEN, EVP_PKEY_CTRL_DSA_PARAMGEN_MD, 0, 271 (void *)EVP_get_digestbyname(value)); 272 } 273 not_a_number: 274 out_of_range: 275 return -2; 276 } 277 278 static int 279 pkey_dsa_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) 280 { 281 DSA *dsa = NULL; 282 DSA_PKEY_CTX *dctx = ctx->data; 283 BN_GENCB *pcb, cb; 284 int ret; 285 286 if (ctx->pkey_gencb) { 287 pcb = &cb; 288 evp_pkey_set_cb_translate(pcb, ctx); 289 } else 290 pcb = NULL; 291 dsa = DSA_new(); 292 if (!dsa) 293 return 0; 294 ret = dsa_builtin_paramgen(dsa, dctx->nbits, dctx->qbits, dctx->pmd, 295 NULL, 0, NULL, NULL, NULL, pcb); 296 if (ret) 297 EVP_PKEY_assign_DSA(pkey, dsa); 298 else 299 DSA_free(dsa); 300 return ret; 301 } 302 303 static int 304 pkey_dsa_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) 305 { 306 DSA *dsa = NULL; 307 308 if (ctx->pkey == NULL) { 309 DSAerror(DSA_R_NO_PARAMETERS_SET); 310 return 0; 311 } 312 dsa = DSA_new(); 313 if (!dsa) 314 return 0; 315 EVP_PKEY_assign_DSA(pkey, dsa); 316 /* Note: if error return, pkey is freed by parent routine */ 317 if (!EVP_PKEY_copy_parameters(pkey, ctx->pkey)) 318 return 0; 319 return DSA_generate_key(pkey->pkey.dsa); 320 } 321 322 const EVP_PKEY_METHOD dsa_pkey_meth = { 323 .pkey_id = EVP_PKEY_DSA, 324 .flags = EVP_PKEY_FLAG_AUTOARGLEN, 325 326 .init = pkey_dsa_init, 327 .copy = pkey_dsa_copy, 328 .cleanup = pkey_dsa_cleanup, 329 330 .paramgen = pkey_dsa_paramgen, 331 332 .keygen = pkey_dsa_keygen, 333 334 .sign = pkey_dsa_sign, 335 336 .verify = pkey_dsa_verify, 337 338 .ctrl = pkey_dsa_ctrl, 339 .ctrl_str = pkey_dsa_ctrl_str 340 }; 341