1 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2 * project 2006. 3 */ 4 /* ==================================================================== 5 * Copyright (c) 2006 The OpenSSL Project. All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 14 * 2. Redistributions in binary form must reproduce the above copyright 15 * notice, this list of conditions and the following disclaimer in 16 * the documentation and/or other materials provided with the 17 * distribution. 18 * 19 * 3. All advertising materials mentioning features or use of this 20 * software must display the following acknowledgment: 21 * "This product includes software developed by the OpenSSL Project 22 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" 23 * 24 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 25 * endorse or promote products derived from this software without 26 * prior written permission. For written permission, please contact 27 * licensing@OpenSSL.org. 28 * 29 * 5. Products derived from this software may not be called "OpenSSL" 30 * nor may "OpenSSL" appear in their names without prior written 31 * permission of the OpenSSL Project. 32 * 33 * 6. Redistributions of any form whatsoever must retain the following 34 * acknowledgment: 35 * "This product includes software developed by the OpenSSL Project 36 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" 37 * 38 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 39 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 40 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 41 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 42 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 43 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 44 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 45 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 46 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 47 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 48 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 49 * OF THE POSSIBILITY OF SUCH DAMAGE. 50 * ==================================================================== 51 * 52 * This product includes cryptographic software written by Eric Young 53 * (eay@cryptsoft.com). This product includes software written by Tim 54 * Hudson (tjh@cryptsoft.com). 55 * 56 */ 57 58 #include <stdio.h> 59 #include "cryptlib.h" 60 #include <openssl/x509.h> 61 #include <openssl/asn1.h> 62 #include <openssl/dsa.h> 63 #include <openssl/bn.h> 64 #ifndef OPENSSL_NO_CMS 65 #include <openssl/cms.h> 66 #endif 67 #include "asn1_locl.h" 68 69 static int dsa_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey) 70 { 71 const unsigned char *p, *pm; 72 int pklen, pmlen; 73 int ptype; 74 void *pval; 75 ASN1_STRING *pstr; 76 X509_ALGOR *palg; 77 ASN1_INTEGER *public_key = NULL; 78 79 DSA *dsa = NULL; 80 81 if (!X509_PUBKEY_get0_param(NULL, &p, &pklen, &palg, pubkey)) 82 return 0; 83 X509_ALGOR_get0(NULL, &ptype, &pval, palg); 84 85 86 if (ptype == V_ASN1_SEQUENCE) 87 { 88 pstr = pval; 89 pm = pstr->data; 90 pmlen = pstr->length; 91 92 if (!(dsa = d2i_DSAparams(NULL, &pm, pmlen))) 93 { 94 DSAerr(DSA_F_DSA_PUB_DECODE, DSA_R_DECODE_ERROR); 95 goto err; 96 } 97 98 } 99 else if ((ptype == V_ASN1_NULL) || (ptype == V_ASN1_UNDEF)) 100 { 101 if (!(dsa = DSA_new())) 102 { 103 DSAerr(DSA_F_DSA_PUB_DECODE, ERR_R_MALLOC_FAILURE); 104 goto err; 105 } 106 } 107 else 108 { 109 DSAerr(DSA_F_DSA_PUB_DECODE, DSA_R_PARAMETER_ENCODING_ERROR); 110 goto err; 111 } 112 113 if (!(public_key=d2i_ASN1_INTEGER(NULL, &p, pklen))) 114 { 115 DSAerr(DSA_F_DSA_PUB_DECODE, DSA_R_DECODE_ERROR); 116 goto err; 117 } 118 119 if (!(dsa->pub_key = ASN1_INTEGER_to_BN(public_key, NULL))) 120 { 121 DSAerr(DSA_F_DSA_PUB_DECODE, DSA_R_BN_DECODE_ERROR); 122 goto err; 123 } 124 125 ASN1_INTEGER_free(public_key); 126 EVP_PKEY_assign_DSA(pkey, dsa); 127 return 1; 128 129 err: 130 if (public_key) 131 ASN1_INTEGER_free(public_key); 132 if (dsa) 133 DSA_free(dsa); 134 return 0; 135 136 } 137 138 static int dsa_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey) 139 { 140 DSA *dsa; 141 void *pval = NULL; 142 int ptype; 143 unsigned char *penc = NULL; 144 int penclen; 145 146 dsa=pkey->pkey.dsa; 147 if (pkey->save_parameters && dsa->p && dsa->q && dsa->g) 148 { 149 ASN1_STRING *str; 150 str = ASN1_STRING_new(); 151 str->length = i2d_DSAparams(dsa, &str->data); 152 if (str->length <= 0) 153 { 154 DSAerr(DSA_F_DSA_PUB_ENCODE, ERR_R_MALLOC_FAILURE); 155 goto err; 156 } 157 pval = str; 158 ptype = V_ASN1_SEQUENCE; 159 } 160 else 161 ptype = V_ASN1_UNDEF; 162 163 dsa->write_params=0; 164 165 penclen = i2d_DSAPublicKey(dsa, &penc); 166 167 if (penclen <= 0) 168 { 169 DSAerr(DSA_F_DSA_PUB_ENCODE, ERR_R_MALLOC_FAILURE); 170 goto err; 171 } 172 173 if (X509_PUBKEY_set0_param(pk, OBJ_nid2obj(EVP_PKEY_DSA), 174 ptype, pval, penc, penclen)) 175 return 1; 176 177 err: 178 if (penc) 179 OPENSSL_free(penc); 180 if (pval) 181 ASN1_STRING_free(pval); 182 183 return 0; 184 } 185 186 /* In PKCS#8 DSA: you just get a private key integer and parameters in the 187 * AlgorithmIdentifier the pubkey must be recalculated. 188 */ 189 190 static int dsa_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8) 191 { 192 const unsigned char *p, *pm; 193 int pklen, pmlen; 194 int ptype; 195 void *pval; 196 ASN1_STRING *pstr; 197 X509_ALGOR *palg; 198 ASN1_INTEGER *privkey = NULL; 199 BN_CTX *ctx = NULL; 200 201 STACK_OF(ASN1_TYPE) *ndsa = NULL; 202 DSA *dsa = NULL; 203 204 if (!PKCS8_pkey_get0(NULL, &p, &pklen, &palg, p8)) 205 return 0; 206 X509_ALGOR_get0(NULL, &ptype, &pval, palg); 207 208 /* Check for broken DSA PKCS#8, UGH! */ 209 if (*p == (V_ASN1_SEQUENCE|V_ASN1_CONSTRUCTED)) 210 { 211 ASN1_TYPE *t1, *t2; 212 if(!(ndsa = d2i_ASN1_SEQUENCE_ANY(NULL, &p, pklen))); 213 goto decerr; 214 if (sk_ASN1_TYPE_num(ndsa) != 2) 215 goto decerr; 216 /* Handle Two broken types: 217 * SEQUENCE {parameters, priv_key} 218 * SEQUENCE {pub_key, priv_key} 219 */ 220 221 t1 = sk_ASN1_TYPE_value(ndsa, 0); 222 t2 = sk_ASN1_TYPE_value(ndsa, 1); 223 if (t1->type == V_ASN1_SEQUENCE) 224 { 225 p8->broken = PKCS8_EMBEDDED_PARAM; 226 pval = t1->value.ptr; 227 } 228 else if (ptype == V_ASN1_SEQUENCE) 229 p8->broken = PKCS8_NS_DB; 230 else 231 goto decerr; 232 233 if (t2->type != V_ASN1_INTEGER) 234 goto decerr; 235 236 privkey = t2->value.integer; 237 } 238 else 239 { 240 if (!(privkey=d2i_ASN1_INTEGER(NULL, &p, pklen))) 241 goto decerr; 242 if (ptype != V_ASN1_SEQUENCE) 243 goto decerr; 244 } 245 246 pstr = pval; 247 pm = pstr->data; 248 pmlen = pstr->length; 249 if (!(dsa = d2i_DSAparams(NULL, &pm, pmlen))) 250 goto decerr; 251 /* We have parameters now set private key */ 252 if (!(dsa->priv_key = ASN1_INTEGER_to_BN(privkey, NULL))) 253 { 254 DSAerr(DSA_F_DSA_PRIV_DECODE,DSA_R_BN_ERROR); 255 goto dsaerr; 256 } 257 /* Calculate public key */ 258 if (!(dsa->pub_key = BN_new())) 259 { 260 DSAerr(DSA_F_DSA_PRIV_DECODE, ERR_R_MALLOC_FAILURE); 261 goto dsaerr; 262 } 263 if (!(ctx = BN_CTX_new())) 264 { 265 DSAerr(DSA_F_DSA_PRIV_DECODE, ERR_R_MALLOC_FAILURE); 266 goto dsaerr; 267 } 268 269 if (!BN_mod_exp(dsa->pub_key, dsa->g, dsa->priv_key, dsa->p, ctx)) 270 { 271 DSAerr(DSA_F_DSA_PRIV_DECODE,DSA_R_BN_ERROR); 272 goto dsaerr; 273 } 274 275 EVP_PKEY_assign_DSA(pkey, dsa); 276 BN_CTX_free (ctx); 277 if(ndsa) 278 sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free); 279 else 280 ASN1_INTEGER_free(privkey); 281 282 return 1; 283 284 decerr: 285 DSAerr(DSA_F_DSA_PRIV_DECODE, EVP_R_DECODE_ERROR); 286 dsaerr: 287 BN_CTX_free (ctx); 288 if (privkey) 289 ASN1_INTEGER_free(privkey); 290 sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free); 291 DSA_free(dsa); 292 return 0; 293 } 294 295 static int dsa_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey) 296 { 297 ASN1_STRING *params = NULL; 298 ASN1_INTEGER *prkey = NULL; 299 unsigned char *dp = NULL; 300 int dplen; 301 302 params = ASN1_STRING_new(); 303 304 if (!params) 305 { 306 DSAerr(DSA_F_DSA_PRIV_ENCODE,ERR_R_MALLOC_FAILURE); 307 goto err; 308 } 309 310 params->length = i2d_DSAparams(pkey->pkey.dsa, ¶ms->data); 311 if (params->length <= 0) 312 { 313 DSAerr(DSA_F_DSA_PRIV_ENCODE,ERR_R_MALLOC_FAILURE); 314 goto err; 315 } 316 params->type = V_ASN1_SEQUENCE; 317 318 /* Get private key into integer */ 319 prkey = BN_to_ASN1_INTEGER(pkey->pkey.dsa->priv_key, NULL); 320 321 if (!prkey) 322 { 323 DSAerr(DSA_F_DSA_PRIV_ENCODE,DSA_R_BN_ERROR); 324 goto err; 325 } 326 327 dplen = i2d_ASN1_INTEGER(prkey, &dp); 328 329 ASN1_INTEGER_free(prkey); 330 331 if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(NID_dsa), 0, 332 V_ASN1_SEQUENCE, params, dp, dplen)) 333 goto err; 334 335 return 1; 336 337 err: 338 if (dp != NULL) 339 OPENSSL_free(dp); 340 if (params != NULL) 341 ASN1_STRING_free(params); 342 if (prkey != NULL) 343 ASN1_INTEGER_free(prkey); 344 return 0; 345 } 346 347 static int int_dsa_size(const EVP_PKEY *pkey) 348 { 349 return(DSA_size(pkey->pkey.dsa)); 350 } 351 352 static int dsa_bits(const EVP_PKEY *pkey) 353 { 354 return BN_num_bits(pkey->pkey.dsa->p); 355 } 356 357 static int dsa_missing_parameters(const EVP_PKEY *pkey) 358 { 359 DSA *dsa; 360 dsa=pkey->pkey.dsa; 361 if ((dsa->p == NULL) || (dsa->q == NULL) || (dsa->g == NULL)) 362 return 1; 363 return 0; 364 } 365 366 static int dsa_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from) 367 { 368 BIGNUM *a; 369 370 if ((a=BN_dup(from->pkey.dsa->p)) == NULL) 371 return 0; 372 if (to->pkey.dsa->p != NULL) 373 BN_free(to->pkey.dsa->p); 374 to->pkey.dsa->p=a; 375 376 if ((a=BN_dup(from->pkey.dsa->q)) == NULL) 377 return 0; 378 if (to->pkey.dsa->q != NULL) 379 BN_free(to->pkey.dsa->q); 380 to->pkey.dsa->q=a; 381 382 if ((a=BN_dup(from->pkey.dsa->g)) == NULL) 383 return 0; 384 if (to->pkey.dsa->g != NULL) 385 BN_free(to->pkey.dsa->g); 386 to->pkey.dsa->g=a; 387 return 1; 388 } 389 390 static int dsa_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b) 391 { 392 if ( BN_cmp(a->pkey.dsa->p,b->pkey.dsa->p) || 393 BN_cmp(a->pkey.dsa->q,b->pkey.dsa->q) || 394 BN_cmp(a->pkey.dsa->g,b->pkey.dsa->g)) 395 return 0; 396 else 397 return 1; 398 } 399 400 static int dsa_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b) 401 { 402 if (BN_cmp(b->pkey.dsa->pub_key,a->pkey.dsa->pub_key) != 0) 403 return 0; 404 else 405 return 1; 406 } 407 408 static void int_dsa_free(EVP_PKEY *pkey) 409 { 410 DSA_free(pkey->pkey.dsa); 411 } 412 413 static void update_buflen(const BIGNUM *b, size_t *pbuflen) 414 { 415 size_t i; 416 if (!b) 417 return; 418 if (*pbuflen < (i = (size_t)BN_num_bytes(b))) 419 *pbuflen = i; 420 } 421 422 static int do_dsa_print(BIO *bp, const DSA *x, int off, int ptype) 423 { 424 unsigned char *m=NULL; 425 int ret=0; 426 size_t buf_len=0; 427 const char *ktype = NULL; 428 429 const BIGNUM *priv_key, *pub_key; 430 431 if (ptype == 2) 432 priv_key = x->priv_key; 433 else 434 priv_key = NULL; 435 436 if (ptype > 0) 437 pub_key = x->pub_key; 438 else 439 pub_key = NULL; 440 441 if (ptype == 2) 442 ktype = "Private-Key"; 443 else if (ptype == 1) 444 ktype = "Public-Key"; 445 else 446 ktype = "DSA-Parameters"; 447 448 update_buflen(x->p, &buf_len); 449 update_buflen(x->q, &buf_len); 450 update_buflen(x->g, &buf_len); 451 update_buflen(priv_key, &buf_len); 452 update_buflen(pub_key, &buf_len); 453 454 m=(unsigned char *)OPENSSL_malloc(buf_len+10); 455 if (m == NULL) 456 { 457 DSAerr(DSA_F_DO_DSA_PRINT,ERR_R_MALLOC_FAILURE); 458 goto err; 459 } 460 461 if (priv_key) 462 { 463 if(!BIO_indent(bp,off,128)) 464 goto err; 465 if (BIO_printf(bp,"%s: (%d bit)\n",ktype, BN_num_bits(x->p)) 466 <= 0) goto err; 467 } 468 469 if (!ASN1_bn_print(bp,"priv:",priv_key,m,off)) 470 goto err; 471 if (!ASN1_bn_print(bp,"pub: ",pub_key,m,off)) 472 goto err; 473 if (!ASN1_bn_print(bp,"P: ",x->p,m,off)) goto err; 474 if (!ASN1_bn_print(bp,"Q: ",x->q,m,off)) goto err; 475 if (!ASN1_bn_print(bp,"G: ",x->g,m,off)) goto err; 476 ret=1; 477 err: 478 if (m != NULL) OPENSSL_free(m); 479 return(ret); 480 } 481 482 static int dsa_param_decode(EVP_PKEY *pkey, 483 const unsigned char **pder, int derlen) 484 { 485 DSA *dsa; 486 if (!(dsa = d2i_DSAparams(NULL, pder, derlen))) 487 { 488 DSAerr(DSA_F_DSA_PARAM_DECODE, ERR_R_DSA_LIB); 489 return 0; 490 } 491 EVP_PKEY_assign_DSA(pkey, dsa); 492 return 1; 493 } 494 495 static int dsa_param_encode(const EVP_PKEY *pkey, unsigned char **pder) 496 { 497 return i2d_DSAparams(pkey->pkey.dsa, pder); 498 } 499 500 static int dsa_param_print(BIO *bp, const EVP_PKEY *pkey, int indent, 501 ASN1_PCTX *ctx) 502 { 503 return do_dsa_print(bp, pkey->pkey.dsa, indent, 0); 504 } 505 506 static int dsa_pub_print(BIO *bp, const EVP_PKEY *pkey, int indent, 507 ASN1_PCTX *ctx) 508 { 509 return do_dsa_print(bp, pkey->pkey.dsa, indent, 1); 510 } 511 512 513 static int dsa_priv_print(BIO *bp, const EVP_PKEY *pkey, int indent, 514 ASN1_PCTX *ctx) 515 { 516 return do_dsa_print(bp, pkey->pkey.dsa, indent, 2); 517 } 518 519 static int old_dsa_priv_decode(EVP_PKEY *pkey, 520 const unsigned char **pder, int derlen) 521 { 522 DSA *dsa; 523 if (!(dsa = d2i_DSAPrivateKey (NULL, pder, derlen))) 524 { 525 DSAerr(DSA_F_OLD_DSA_PRIV_DECODE, ERR_R_DSA_LIB); 526 return 0; 527 } 528 EVP_PKEY_assign_DSA(pkey, dsa); 529 return 1; 530 } 531 532 static int old_dsa_priv_encode(const EVP_PKEY *pkey, unsigned char **pder) 533 { 534 return i2d_DSAPrivateKey(pkey->pkey.dsa, pder); 535 } 536 537 static int dsa_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2) 538 { 539 switch (op) 540 { 541 case ASN1_PKEY_CTRL_PKCS7_SIGN: 542 if (arg1 == 0) 543 { 544 int snid, hnid; 545 X509_ALGOR *alg1, *alg2; 546 PKCS7_SIGNER_INFO_get0_algs(arg2, NULL, &alg1, &alg2); 547 if (alg1 == NULL || alg1->algorithm == NULL) 548 return -1; 549 hnid = OBJ_obj2nid(alg1->algorithm); 550 if (hnid == NID_undef) 551 return -1; 552 if (!OBJ_find_sigid_by_algs(&snid, hnid, EVP_PKEY_id(pkey))) 553 return -1; 554 X509_ALGOR_set0(alg2, OBJ_nid2obj(snid), V_ASN1_UNDEF, 0); 555 } 556 return 1; 557 #ifndef OPENSSL_NO_CMS 558 case ASN1_PKEY_CTRL_CMS_SIGN: 559 if (arg1 == 0) 560 { 561 int snid, hnid; 562 X509_ALGOR *alg1, *alg2; 563 CMS_SignerInfo_get0_algs(arg2, NULL, NULL, &alg1, &alg2); 564 if (alg1 == NULL || alg1->algorithm == NULL) 565 return -1; 566 hnid = OBJ_obj2nid(alg1->algorithm); 567 if (hnid == NID_undef) 568 return -1; 569 if (!OBJ_find_sigid_by_algs(&snid, hnid, EVP_PKEY_id(pkey))) 570 return -1; 571 X509_ALGOR_set0(alg2, OBJ_nid2obj(snid), V_ASN1_UNDEF, 0); 572 } 573 return 1; 574 #endif 575 576 case ASN1_PKEY_CTRL_DEFAULT_MD_NID: 577 *(int *)arg2 = NID_sha1; 578 return 2; 579 580 default: 581 return -2; 582 583 } 584 585 } 586 587 /* NB these are sorted in pkey_id order, lowest first */ 588 589 const EVP_PKEY_ASN1_METHOD dsa_asn1_meths[] = 590 { 591 592 { 593 EVP_PKEY_DSA2, 594 EVP_PKEY_DSA, 595 ASN1_PKEY_ALIAS 596 }, 597 598 { 599 EVP_PKEY_DSA1, 600 EVP_PKEY_DSA, 601 ASN1_PKEY_ALIAS 602 }, 603 604 { 605 EVP_PKEY_DSA4, 606 EVP_PKEY_DSA, 607 ASN1_PKEY_ALIAS 608 }, 609 610 { 611 EVP_PKEY_DSA3, 612 EVP_PKEY_DSA, 613 ASN1_PKEY_ALIAS 614 }, 615 616 { 617 EVP_PKEY_DSA, 618 EVP_PKEY_DSA, 619 0, 620 621 "DSA", 622 "OpenSSL DSA method", 623 624 dsa_pub_decode, 625 dsa_pub_encode, 626 dsa_pub_cmp, 627 dsa_pub_print, 628 629 dsa_priv_decode, 630 dsa_priv_encode, 631 dsa_priv_print, 632 633 int_dsa_size, 634 dsa_bits, 635 636 dsa_param_decode, 637 dsa_param_encode, 638 dsa_missing_parameters, 639 dsa_copy_parameters, 640 dsa_cmp_parameters, 641 dsa_param_print, 642 643 int_dsa_free, 644 dsa_pkey_ctrl, 645 old_dsa_priv_decode, 646 old_dsa_priv_encode 647 } 648 }; 649 650