Import OpenSSL-1.0.0a.
[dragonfly.git] / crypto / openssl / crypto / dsa / dsa_ameth.c
CommitLineData
919b01cc
PA
1/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
2 * project 2006.
3 */
4/* ====================================================================
5 * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 *
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 *
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in
16 * the documentation and/or other materials provided with the
17 * distribution.
18 *
19 * 3. All advertising materials mentioning features or use of this
20 * software must display the following acknowledgment:
21 * "This product includes software developed by the OpenSSL Project
22 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
23 *
24 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
25 * endorse or promote products derived from this software without
26 * prior written permission. For written permission, please contact
27 * licensing@OpenSSL.org.
28 *
29 * 5. Products derived from this software may not be called "OpenSSL"
30 * nor may "OpenSSL" appear in their names without prior written
31 * permission of the OpenSSL Project.
32 *
33 * 6. Redistributions of any form whatsoever must retain the following
34 * acknowledgment:
35 * "This product includes software developed by the OpenSSL Project
36 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
37 *
38 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
39 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
40 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
41 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
42 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
43 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
44 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
45 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
46 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
47 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
48 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
49 * OF THE POSSIBILITY OF SUCH DAMAGE.
50 * ====================================================================
51 *
52 * This product includes cryptographic software written by Eric Young
53 * (eay@cryptsoft.com). This product includes software written by Tim
54 * Hudson (tjh@cryptsoft.com).
55 *
56 */
57
58#include <stdio.h>
59#include "cryptlib.h"
60#include <openssl/x509.h>
61#include <openssl/asn1.h>
62#include <openssl/dsa.h>
63#include <openssl/bn.h>
64#ifndef OPENSSL_NO_CMS
65#include <openssl/cms.h>
66#endif
67#include "asn1_locl.h"
68
69static int dsa_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey)
70 {
71 const unsigned char *p, *pm;
72 int pklen, pmlen;
73 int ptype;
74 void *pval;
75 ASN1_STRING *pstr;
76 X509_ALGOR *palg;
77 ASN1_INTEGER *public_key = NULL;
78
79 DSA *dsa = NULL;
80
81 if (!X509_PUBKEY_get0_param(NULL, &p, &pklen, &palg, pubkey))
82 return 0;
83 X509_ALGOR_get0(NULL, &ptype, &pval, palg);
84
85
86 if (ptype == V_ASN1_SEQUENCE)
87 {
88 pstr = pval;
89 pm = pstr->data;
90 pmlen = pstr->length;
91
92 if (!(dsa = d2i_DSAparams(NULL, &pm, pmlen)))
93 {
94 DSAerr(DSA_F_DSA_PUB_DECODE, DSA_R_DECODE_ERROR);
95 goto err;
96 }
97
98 }
99 else if ((ptype == V_ASN1_NULL) || (ptype == V_ASN1_UNDEF))
100 {
101 if (!(dsa = DSA_new()))
102 {
103 DSAerr(DSA_F_DSA_PUB_DECODE, ERR_R_MALLOC_FAILURE);
104 goto err;
105 }
106 }
107 else
108 {
109 DSAerr(DSA_F_DSA_PUB_DECODE, DSA_R_PARAMETER_ENCODING_ERROR);
110 goto err;
111 }
112
113 if (!(public_key=d2i_ASN1_INTEGER(NULL, &p, pklen)))
114 {
115 DSAerr(DSA_F_DSA_PUB_DECODE, DSA_R_DECODE_ERROR);
116 goto err;
117 }
118
119 if (!(dsa->pub_key = ASN1_INTEGER_to_BN(public_key, NULL)))
120 {
121 DSAerr(DSA_F_DSA_PUB_DECODE, DSA_R_BN_DECODE_ERROR);
122 goto err;
123 }
124
125 ASN1_INTEGER_free(public_key);
126 EVP_PKEY_assign_DSA(pkey, dsa);
127 return 1;
128
129 err:
130 if (public_key)
131 ASN1_INTEGER_free(public_key);
132 if (dsa)
133 DSA_free(dsa);
134 return 0;
135
136 }
137
138static int dsa_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey)
139 {
140 DSA *dsa;
141 void *pval = NULL;
142 int ptype;
143 unsigned char *penc = NULL;
144 int penclen;
145
146 dsa=pkey->pkey.dsa;
147 if (pkey->save_parameters && dsa->p && dsa->q && dsa->g)
148 {
149 ASN1_STRING *str;
150 str = ASN1_STRING_new();
151 str->length = i2d_DSAparams(dsa, &str->data);
152 if (str->length <= 0)
153 {
154 DSAerr(DSA_F_DSA_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
155 goto err;
156 }
157 pval = str;
158 ptype = V_ASN1_SEQUENCE;
159 }
160 else
161 ptype = V_ASN1_UNDEF;
162
163 dsa->write_params=0;
164
165 penclen = i2d_DSAPublicKey(dsa, &penc);
166
167 if (penclen <= 0)
168 {
169 DSAerr(DSA_F_DSA_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
170 goto err;
171 }
172
173 if (X509_PUBKEY_set0_param(pk, OBJ_nid2obj(EVP_PKEY_DSA),
174 ptype, pval, penc, penclen))
175 return 1;
176
177 err:
178 if (penc)
179 OPENSSL_free(penc);
180 if (pval)
181 ASN1_STRING_free(pval);
182
183 return 0;
184 }
185
186/* In PKCS#8 DSA: you just get a private key integer and parameters in the
187 * AlgorithmIdentifier the pubkey must be recalculated.
188 */
189
190static int dsa_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8)
191 {
192 const unsigned char *p, *pm;
193 int pklen, pmlen;
194 int ptype;
195 void *pval;
196 ASN1_STRING *pstr;
197 X509_ALGOR *palg;
198 ASN1_INTEGER *privkey = NULL;
199 BN_CTX *ctx = NULL;
200
201 STACK_OF(ASN1_TYPE) *ndsa = NULL;
202 DSA *dsa = NULL;
203
204 if (!PKCS8_pkey_get0(NULL, &p, &pklen, &palg, p8))
205 return 0;
206 X509_ALGOR_get0(NULL, &ptype, &pval, palg);
207
208 /* Check for broken DSA PKCS#8, UGH! */
209 if (*p == (V_ASN1_SEQUENCE|V_ASN1_CONSTRUCTED))
210 {
211 ASN1_TYPE *t1, *t2;
212 if(!(ndsa = d2i_ASN1_SEQUENCE_ANY(NULL, &p, pklen)))
213 goto decerr;
214 if (sk_ASN1_TYPE_num(ndsa) != 2)
215 goto decerr;
216 /* Handle Two broken types:
217 * SEQUENCE {parameters, priv_key}
218 * SEQUENCE {pub_key, priv_key}
219 */
220
221 t1 = sk_ASN1_TYPE_value(ndsa, 0);
222 t2 = sk_ASN1_TYPE_value(ndsa, 1);
223 if (t1->type == V_ASN1_SEQUENCE)
224 {
225 p8->broken = PKCS8_EMBEDDED_PARAM;
226 pval = t1->value.ptr;
227 }
228 else if (ptype == V_ASN1_SEQUENCE)
229 p8->broken = PKCS8_NS_DB;
230 else
231 goto decerr;
232
233 if (t2->type != V_ASN1_INTEGER)
234 goto decerr;
235
236 privkey = t2->value.integer;
237 }
238 else
239 {
240 const unsigned char *q = p;
241 if (!(privkey=d2i_ASN1_INTEGER(NULL, &p, pklen)))
242 goto decerr;
243 if (privkey->type == V_ASN1_NEG_INTEGER)
244 {
245 p8->broken = PKCS8_NEG_PRIVKEY;
246 ASN1_INTEGER_free(privkey);
247 if (!(privkey=d2i_ASN1_UINTEGER(NULL, &q, pklen)))
248 goto decerr;
249 }
250 if (ptype != V_ASN1_SEQUENCE)
251 goto decerr;
252 }
253
254 pstr = pval;
255 pm = pstr->data;
256 pmlen = pstr->length;
257 if (!(dsa = d2i_DSAparams(NULL, &pm, pmlen)))
258 goto decerr;
259 /* We have parameters now set private key */
260 if (!(dsa->priv_key = ASN1_INTEGER_to_BN(privkey, NULL)))
261 {
262 DSAerr(DSA_F_DSA_PRIV_DECODE,DSA_R_BN_ERROR);
263 goto dsaerr;
264 }
265 /* Calculate public key */
266 if (!(dsa->pub_key = BN_new()))
267 {
268 DSAerr(DSA_F_DSA_PRIV_DECODE, ERR_R_MALLOC_FAILURE);
269 goto dsaerr;
270 }
271 if (!(ctx = BN_CTX_new()))
272 {
273 DSAerr(DSA_F_DSA_PRIV_DECODE, ERR_R_MALLOC_FAILURE);
274 goto dsaerr;
275 }
276
277 if (!BN_mod_exp(dsa->pub_key, dsa->g, dsa->priv_key, dsa->p, ctx))
278 {
279 DSAerr(DSA_F_DSA_PRIV_DECODE,DSA_R_BN_ERROR);
280 goto dsaerr;
281 }
282
283 EVP_PKEY_assign_DSA(pkey, dsa);
284 BN_CTX_free (ctx);
285 if(ndsa)
286 sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
287 else
288 ASN1_INTEGER_free(privkey);
289
290 return 1;
291
292 decerr:
293 DSAerr(DSA_F_DSA_PRIV_DECODE, EVP_R_DECODE_ERROR);
294 dsaerr:
295 BN_CTX_free (ctx);
296 if (privkey)
297 ASN1_INTEGER_free(privkey);
298 sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
299 DSA_free(dsa);
300 return 0;
301 }
302
303static int dsa_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey)
304{
305 ASN1_STRING *params = NULL;
306 ASN1_INTEGER *prkey = NULL;
307 unsigned char *dp = NULL;
308 int dplen;
309
310 params = ASN1_STRING_new();
311
312 if (!params)
313 {
314 DSAerr(DSA_F_DSA_PRIV_ENCODE,ERR_R_MALLOC_FAILURE);
315 goto err;
316 }
317
318 params->length = i2d_DSAparams(pkey->pkey.dsa, &params->data);
319 if (params->length <= 0)
320 {
321 DSAerr(DSA_F_DSA_PRIV_ENCODE,ERR_R_MALLOC_FAILURE);
322 goto err;
323 }
324 params->type = V_ASN1_SEQUENCE;
325
326 /* Get private key into integer */
327 prkey = BN_to_ASN1_INTEGER(pkey->pkey.dsa->priv_key, NULL);
328
329 if (!prkey)
330 {
331 DSAerr(DSA_F_DSA_PRIV_ENCODE,DSA_R_BN_ERROR);
332 goto err;
333 }
334
335 dplen = i2d_ASN1_INTEGER(prkey, &dp);
336
337 ASN1_INTEGER_free(prkey);
338
339 if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(NID_dsa), 0,
340 V_ASN1_SEQUENCE, params, dp, dplen))
341 goto err;
342
343 return 1;
344
345err:
346 if (dp != NULL)
347 OPENSSL_free(dp);
348 if (params != NULL)
349 ASN1_STRING_free(params);
350 if (prkey != NULL)
351 ASN1_INTEGER_free(prkey);
352 return 0;
353}
354
355static int int_dsa_size(const EVP_PKEY *pkey)
356 {
357 return(DSA_size(pkey->pkey.dsa));
358 }
359
360static int dsa_bits(const EVP_PKEY *pkey)
361 {
362 return BN_num_bits(pkey->pkey.dsa->p);
363 }
364
365static int dsa_missing_parameters(const EVP_PKEY *pkey)
366 {
367 DSA *dsa;
368 dsa=pkey->pkey.dsa;
369 if ((dsa->p == NULL) || (dsa->q == NULL) || (dsa->g == NULL))
370 return 1;
371 return 0;
372 }
373
374static int dsa_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from)
375 {
376 BIGNUM *a;
377
378 if ((a=BN_dup(from->pkey.dsa->p)) == NULL)
379 return 0;
380 if (to->pkey.dsa->p != NULL)
381 BN_free(to->pkey.dsa->p);
382 to->pkey.dsa->p=a;
383
384 if ((a=BN_dup(from->pkey.dsa->q)) == NULL)
385 return 0;
386 if (to->pkey.dsa->q != NULL)
387 BN_free(to->pkey.dsa->q);
388 to->pkey.dsa->q=a;
389
390 if ((a=BN_dup(from->pkey.dsa->g)) == NULL)
391 return 0;
392 if (to->pkey.dsa->g != NULL)
393 BN_free(to->pkey.dsa->g);
394 to->pkey.dsa->g=a;
395 return 1;
396 }
397
398static int dsa_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b)
399 {
400 if ( BN_cmp(a->pkey.dsa->p,b->pkey.dsa->p) ||
401 BN_cmp(a->pkey.dsa->q,b->pkey.dsa->q) ||
402 BN_cmp(a->pkey.dsa->g,b->pkey.dsa->g))
403 return 0;
404 else
405 return 1;
406 }
407
408static int dsa_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b)
409 {
410 if (BN_cmp(b->pkey.dsa->pub_key,a->pkey.dsa->pub_key) != 0)
411 return 0;
412 else
413 return 1;
414 }
415
416static void int_dsa_free(EVP_PKEY *pkey)
417 {
418 DSA_free(pkey->pkey.dsa);
419 }
420
421static void update_buflen(const BIGNUM *b, size_t *pbuflen)
422 {
423 size_t i;
424 if (!b)
425 return;
426 if (*pbuflen < (i = (size_t)BN_num_bytes(b)))
427 *pbuflen = i;
428 }
429
430static int do_dsa_print(BIO *bp, const DSA *x, int off, int ptype)
431 {
432 unsigned char *m=NULL;
433 int ret=0;
434 size_t buf_len=0;
435 const char *ktype = NULL;
436
437 const BIGNUM *priv_key, *pub_key;
438
439 if (ptype == 2)
440 priv_key = x->priv_key;
441 else
442 priv_key = NULL;
443
444 if (ptype > 0)
445 pub_key = x->pub_key;
446 else
447 pub_key = NULL;
448
449 if (ptype == 2)
450 ktype = "Private-Key";
451 else if (ptype == 1)
452 ktype = "Public-Key";
453 else
454 ktype = "DSA-Parameters";
455
456 update_buflen(x->p, &buf_len);
457 update_buflen(x->q, &buf_len);
458 update_buflen(x->g, &buf_len);
459 update_buflen(priv_key, &buf_len);
460 update_buflen(pub_key, &buf_len);
461
462 m=(unsigned char *)OPENSSL_malloc(buf_len+10);
463 if (m == NULL)
464 {
465 DSAerr(DSA_F_DO_DSA_PRINT,ERR_R_MALLOC_FAILURE);
466 goto err;
467 }
468
469 if (priv_key)
470 {
471 if(!BIO_indent(bp,off,128))
472 goto err;
473 if (BIO_printf(bp,"%s: (%d bit)\n",ktype, BN_num_bits(x->p))
474 <= 0) goto err;
475 }
476
477 if (!ASN1_bn_print(bp,"priv:",priv_key,m,off))
478 goto err;
479 if (!ASN1_bn_print(bp,"pub: ",pub_key,m,off))
480 goto err;
481 if (!ASN1_bn_print(bp,"P: ",x->p,m,off)) goto err;
482 if (!ASN1_bn_print(bp,"Q: ",x->q,m,off)) goto err;
483 if (!ASN1_bn_print(bp,"G: ",x->g,m,off)) goto err;
484 ret=1;
485err:
486 if (m != NULL) OPENSSL_free(m);
487 return(ret);
488 }
489
490static int dsa_param_decode(EVP_PKEY *pkey,
491 const unsigned char **pder, int derlen)
492 {
493 DSA *dsa;
494 if (!(dsa = d2i_DSAparams(NULL, pder, derlen)))
495 {
496 DSAerr(DSA_F_DSA_PARAM_DECODE, ERR_R_DSA_LIB);
497 return 0;
498 }
499 EVP_PKEY_assign_DSA(pkey, dsa);
500 return 1;
501 }
502
503static int dsa_param_encode(const EVP_PKEY *pkey, unsigned char **pder)
504 {
505 return i2d_DSAparams(pkey->pkey.dsa, pder);
506 }
507
508static int dsa_param_print(BIO *bp, const EVP_PKEY *pkey, int indent,
509 ASN1_PCTX *ctx)
510 {
511 return do_dsa_print(bp, pkey->pkey.dsa, indent, 0);
512 }
513
514static int dsa_pub_print(BIO *bp, const EVP_PKEY *pkey, int indent,
515 ASN1_PCTX *ctx)
516 {
517 return do_dsa_print(bp, pkey->pkey.dsa, indent, 1);
518 }
519
520
521static int dsa_priv_print(BIO *bp, const EVP_PKEY *pkey, int indent,
522 ASN1_PCTX *ctx)
523 {
524 return do_dsa_print(bp, pkey->pkey.dsa, indent, 2);
525 }
526
527static int old_dsa_priv_decode(EVP_PKEY *pkey,
528 const unsigned char **pder, int derlen)
529 {
530 DSA *dsa;
531 if (!(dsa = d2i_DSAPrivateKey (NULL, pder, derlen)))
532 {
533 DSAerr(DSA_F_OLD_DSA_PRIV_DECODE, ERR_R_DSA_LIB);
534 return 0;
535 }
536 EVP_PKEY_assign_DSA(pkey, dsa);
537 return 1;
538 }
539
540static int old_dsa_priv_encode(const EVP_PKEY *pkey, unsigned char **pder)
541 {
542 return i2d_DSAPrivateKey(pkey->pkey.dsa, pder);
543 }
544
545static int dsa_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
546 {
547 switch (op)
548 {
549 case ASN1_PKEY_CTRL_PKCS7_SIGN:
550 if (arg1 == 0)
551 {
552 int snid, hnid;
553 X509_ALGOR *alg1, *alg2;
554 PKCS7_SIGNER_INFO_get0_algs(arg2, NULL, &alg1, &alg2);
555 if (alg1 == NULL || alg1->algorithm == NULL)
556 return -1;
557 hnid = OBJ_obj2nid(alg1->algorithm);
558 if (hnid == NID_undef)
559 return -1;
560 if (!OBJ_find_sigid_by_algs(&snid, hnid, EVP_PKEY_id(pkey)))
561 return -1;
562 X509_ALGOR_set0(alg2, OBJ_nid2obj(snid), V_ASN1_UNDEF, 0);
563 }
564 return 1;
565#ifndef OPENSSL_NO_CMS
566 case ASN1_PKEY_CTRL_CMS_SIGN:
567 if (arg1 == 0)
568 {
569 int snid, hnid;
570 X509_ALGOR *alg1, *alg2;
571 CMS_SignerInfo_get0_algs(arg2, NULL, NULL, &alg1, &alg2);
572 if (alg1 == NULL || alg1->algorithm == NULL)
573 return -1;
574 hnid = OBJ_obj2nid(alg1->algorithm);
575 if (hnid == NID_undef)
576 return -1;
577 if (!OBJ_find_sigid_by_algs(&snid, hnid, EVP_PKEY_id(pkey)))
578 return -1;
579 X509_ALGOR_set0(alg2, OBJ_nid2obj(snid), V_ASN1_UNDEF, 0);
580 }
581 return 1;
582#endif
583
584 case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
585 *(int *)arg2 = NID_sha1;
586 return 2;
587
588 default:
589 return -2;
590
591 }
592
593 }
594
595/* NB these are sorted in pkey_id order, lowest first */
596
597const EVP_PKEY_ASN1_METHOD dsa_asn1_meths[] =
598 {
599
600 {
601 EVP_PKEY_DSA2,
602 EVP_PKEY_DSA,
603 ASN1_PKEY_ALIAS
604 },
605
606 {
607 EVP_PKEY_DSA1,
608 EVP_PKEY_DSA,
609 ASN1_PKEY_ALIAS
610 },
611
612 {
613 EVP_PKEY_DSA4,
614 EVP_PKEY_DSA,
615 ASN1_PKEY_ALIAS
616 },
617
618 {
619 EVP_PKEY_DSA3,
620 EVP_PKEY_DSA,
621 ASN1_PKEY_ALIAS
622 },
623
624 {
625 EVP_PKEY_DSA,
626 EVP_PKEY_DSA,
627 0,
628
629 "DSA",
630 "OpenSSL DSA method",
631
632 dsa_pub_decode,
633 dsa_pub_encode,
634 dsa_pub_cmp,
635 dsa_pub_print,
636
637 dsa_priv_decode,
638 dsa_priv_encode,
639 dsa_priv_print,
640
641 int_dsa_size,
642 dsa_bits,
643
644 dsa_param_decode,
645 dsa_param_encode,
646 dsa_missing_parameters,
647 dsa_copy_parameters,
648 dsa_cmp_parameters,
649 dsa_param_print,
650
651 int_dsa_free,
652 dsa_pkey_ctrl,
653 old_dsa_priv_decode,
654 old_dsa_priv_encode
655 }
656 };
657