1 /* $OpenBSD: dsa_pmeth.c,v 1.11 2017/01/29 17:49:22 beck Exp $ */ 2 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 3 * project 2006. 4 */ 5 /* ==================================================================== 6 * Copyright (c) 2006 The OpenSSL Project. All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in 17 * the documentation and/or other materials provided with the 18 * distribution. 19 * 20 * 3. All advertising materials mentioning features or use of this 21 * software must display the following acknowledgment: 22 * "This product includes software developed by the OpenSSL Project 23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" 24 * 25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 26 * endorse or promote products derived from this software without 27 * prior written permission. For written permission, please contact 28 * licensing@OpenSSL.org. 29 * 30 * 5. Products derived from this software may not be called "OpenSSL" 31 * nor may "OpenSSL" appear in their names without prior written 32 * permission of the OpenSSL Project. 33 * 34 * 6. Redistributions of any form whatsoever must retain the following 35 * acknowledgment: 36 * "This product includes software developed by the OpenSSL Project 37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" 38 * 39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 50 * OF THE POSSIBILITY OF SUCH DAMAGE. 51 * ==================================================================== 52 * 53 * This product includes cryptographic software written by Eric Young 54 * (eay@cryptsoft.com). This product includes software written by Tim 55 * Hudson (tjh@cryptsoft.com). 56 * 57 */ 58 59 #include <limits.h> 60 #include <stdio.h> 61 #include <string.h> 62 63 #include <openssl/asn1t.h> 64 #include <openssl/bn.h> 65 #include <openssl/err.h> 66 #include <openssl/evp.h> 67 #include <openssl/x509.h> 68 69 #include "dsa_locl.h" 70 #include "evp_locl.h" 71 72 /* DSA pkey context structure */ 73 74 typedef struct { 75 /* Parameter gen parameters */ 76 int nbits; /* size of p in bits (default: 1024) */ 77 int qbits; /* size of q in bits (default: 160) */ 78 const EVP_MD *pmd; /* MD for parameter generation */ 79 /* Keygen callback info */ 80 int gentmp[2]; 81 /* message digest */ 82 const EVP_MD *md; /* MD for the signature */ 83 } DSA_PKEY_CTX; 84 85 static int 86 pkey_dsa_init(EVP_PKEY_CTX *ctx) 87 { 88 DSA_PKEY_CTX *dctx; 89 90 dctx = malloc(sizeof(DSA_PKEY_CTX)); 91 if (!dctx) 92 return 0; 93 dctx->nbits = 1024; 94 dctx->qbits = 160; 95 dctx->pmd = NULL; 96 dctx->md = NULL; 97 98 ctx->data = dctx; 99 ctx->keygen_info = dctx->gentmp; 100 ctx->keygen_info_count = 2; 101 102 return 1; 103 } 104 105 static int 106 pkey_dsa_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src) 107 { 108 DSA_PKEY_CTX *dctx, *sctx; 109 110 if (!pkey_dsa_init(dst)) 111 return 0; 112 sctx = src->data; 113 dctx = dst->data; 114 dctx->nbits = sctx->nbits; 115 dctx->qbits = sctx->qbits; 116 dctx->pmd = sctx->pmd; 117 dctx->md = sctx->md; 118 return 1; 119 } 120 121 static void 122 pkey_dsa_cleanup(EVP_PKEY_CTX *ctx) 123 { 124 DSA_PKEY_CTX *dctx = ctx->data; 125 126 free(dctx); 127 } 128 129 static int 130 pkey_dsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, 131 const unsigned char *tbs, size_t tbslen) 132 { 133 int ret, type; 134 unsigned int sltmp; 135 DSA_PKEY_CTX *dctx = ctx->data; 136 DSA *dsa = ctx->pkey->pkey.dsa; 137 138 if (dctx->md) 139 type = EVP_MD_type(dctx->md); 140 else 141 type = NID_sha1; 142 143 ret = DSA_sign(type, tbs, tbslen, sig, &sltmp, dsa); 144 145 if (ret <= 0) 146 return ret; 147 *siglen = sltmp; 148 return 1; 149 } 150 151 static int 152 pkey_dsa_verify(EVP_PKEY_CTX *ctx, const unsigned char *sig, size_t siglen, 153 const unsigned char *tbs, size_t tbslen) 154 { 155 int ret, type; 156 DSA_PKEY_CTX *dctx = ctx->data; 157 DSA *dsa = ctx->pkey->pkey.dsa; 158 159 if (dctx->md) 160 type = EVP_MD_type(dctx->md); 161 else 162 type = NID_sha1; 163 164 ret = DSA_verify(type, tbs, tbslen, sig, siglen, dsa); 165 166 return ret; 167 } 168 169 static int 170 pkey_dsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) 171 { 172 DSA_PKEY_CTX *dctx = ctx->data; 173 174 switch (type) { 175 case EVP_PKEY_CTRL_DSA_PARAMGEN_BITS: 176 if (p1 < 256) 177 return -2; 178 dctx->nbits = p1; 179 return 1; 180 181 case EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS: 182 if (p1 != 160 && p1 != 224 && p1 && p1 != 256) 183 return -2; 184 dctx->qbits = p1; 185 return 1; 186 187 case EVP_PKEY_CTRL_DSA_PARAMGEN_MD: 188 switch (EVP_MD_type((const EVP_MD *)p2)) { 189 case NID_sha1: 190 case NID_sha224: 191 case NID_sha256: 192 break; 193 default: 194 DSAerror(DSA_R_INVALID_DIGEST_TYPE); 195 return 0; 196 } 197 dctx->md = p2; 198 return 1; 199 200 case EVP_PKEY_CTRL_MD: 201 switch (EVP_MD_type((const EVP_MD *)p2)) { 202 case NID_sha1: 203 case NID_dsa: 204 case NID_dsaWithSHA: 205 case NID_sha224: 206 case NID_sha256: 207 case NID_sha384: 208 case NID_sha512: 209 break; 210 default: 211 DSAerror(DSA_R_INVALID_DIGEST_TYPE); 212 return 0; 213 } 214 dctx->md = p2; 215 return 1; 216 217 case EVP_PKEY_CTRL_DIGESTINIT: 218 case EVP_PKEY_CTRL_PKCS7_SIGN: 219 case EVP_PKEY_CTRL_CMS_SIGN: 220 return 1; 221 222 case EVP_PKEY_CTRL_PEER_KEY: 223 DSAerror(EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); 224 return -2; 225 default: 226 return -2; 227 } 228 } 229 230 static int 231 pkey_dsa_ctrl_str(EVP_PKEY_CTX *ctx, const char *type, const char *value) 232 { 233 long lval; 234 char *ep; 235 236 if (!strcmp(type, "dsa_paramgen_bits")) { 237 int nbits; 238 239 errno = 0; 240 lval = strtol(value, &ep, 10); 241 if (value[0] == '\0' || *ep != '\0') 242 goto not_a_number; 243 if ((errno == ERANGE && 244 (lval == LONG_MAX || lval == LONG_MIN)) || 245 (lval > INT_MAX || lval < INT_MIN)) 246 goto out_of_range; 247 nbits = lval; 248 return EVP_PKEY_CTX_set_dsa_paramgen_bits(ctx, nbits); 249 } else if (!strcmp(type, "dsa_paramgen_q_bits")) { 250 int qbits; 251 252 errno = 0; 253 lval = strtol(value, &ep, 10); 254 if (value[0] == '\0' || *ep != '\0') 255 goto not_a_number; 256 if ((errno == ERANGE && 257 (lval == LONG_MAX || lval == LONG_MIN)) || 258 (lval > INT_MAX || lval < INT_MIN)) 259 goto out_of_range; 260 qbits = lval; 261 return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, 262 EVP_PKEY_OP_PARAMGEN, EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS, 263 qbits, NULL); 264 } else if (!strcmp(type, "dsa_paramgen_md")) { 265 return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, 266 EVP_PKEY_OP_PARAMGEN, EVP_PKEY_CTRL_DSA_PARAMGEN_MD, 0, 267 (void *)EVP_get_digestbyname(value)); 268 } 269 not_a_number: 270 out_of_range: 271 return -2; 272 } 273 274 static int 275 pkey_dsa_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) 276 { 277 DSA *dsa = NULL; 278 DSA_PKEY_CTX *dctx = ctx->data; 279 BN_GENCB *pcb, cb; 280 int ret; 281 282 if (ctx->pkey_gencb) { 283 pcb = &cb; 284 evp_pkey_set_cb_translate(pcb, ctx); 285 } else 286 pcb = NULL; 287 dsa = DSA_new(); 288 if (!dsa) 289 return 0; 290 ret = dsa_builtin_paramgen(dsa, dctx->nbits, dctx->qbits, dctx->pmd, 291 NULL, 0, NULL, NULL, NULL, pcb); 292 if (ret) 293 EVP_PKEY_assign_DSA(pkey, dsa); 294 else 295 DSA_free(dsa); 296 return ret; 297 } 298 299 static int 300 pkey_dsa_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) 301 { 302 DSA *dsa = NULL; 303 304 if (ctx->pkey == NULL) { 305 DSAerror(DSA_R_NO_PARAMETERS_SET); 306 return 0; 307 } 308 dsa = DSA_new(); 309 if (!dsa) 310 return 0; 311 EVP_PKEY_assign_DSA(pkey, dsa); 312 /* Note: if error return, pkey is freed by parent routine */ 313 if (!EVP_PKEY_copy_parameters(pkey, ctx->pkey)) 314 return 0; 315 return DSA_generate_key(pkey->pkey.dsa); 316 } 317 318 const EVP_PKEY_METHOD dsa_pkey_meth = { 319 .pkey_id = EVP_PKEY_DSA, 320 .flags = EVP_PKEY_FLAG_AUTOARGLEN, 321 322 .init = pkey_dsa_init, 323 .copy = pkey_dsa_copy, 324 .cleanup = pkey_dsa_cleanup, 325 326 .paramgen = pkey_dsa_paramgen, 327 328 .keygen = pkey_dsa_keygen, 329 330 .sign = pkey_dsa_sign, 331 332 .verify = pkey_dsa_verify, 333 334 .ctrl = pkey_dsa_ctrl, 335 .ctrl_str = pkey_dsa_ctrl_str 336 }; 337