1 /*
2 * Copyright 2006-2019 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the OpenSSL license (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 #include <stdio.h>
11 #include "internal/cryptlib.h"
12 #include <openssl/x509.h>
13 #include <openssl/asn1.h>
14 #include "dsa_local.h"
15 #include <openssl/bn.h>
16 #include <openssl/cms.h>
17 #include "crypto/asn1.h"
18 #include "crypto/evp.h"
19
dsa_pub_decode(EVP_PKEY * pkey,X509_PUBKEY * pubkey)20 static int dsa_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey)
21 {
22 const unsigned char *p, *pm;
23 int pklen, pmlen;
24 int ptype;
25 const void *pval;
26 const ASN1_STRING *pstr;
27 X509_ALGOR *palg;
28 ASN1_INTEGER *public_key = NULL;
29
30 DSA *dsa = NULL;
31
32 if (!X509_PUBKEY_get0_param(NULL, &p, &pklen, &palg, pubkey))
33 return 0;
34 X509_ALGOR_get0(NULL, &ptype, &pval, palg);
35
36 if (ptype == V_ASN1_SEQUENCE) {
37 pstr = pval;
38 pm = pstr->data;
39 pmlen = pstr->length;
40
41 if ((dsa = d2i_DSAparams(NULL, &pm, pmlen)) == NULL) {
42 DSAerr(DSA_F_DSA_PUB_DECODE, DSA_R_DECODE_ERROR);
43 goto err;
44 }
45
46 } else if ((ptype == V_ASN1_NULL) || (ptype == V_ASN1_UNDEF)) {
47 if ((dsa = DSA_new()) == NULL) {
48 DSAerr(DSA_F_DSA_PUB_DECODE, ERR_R_MALLOC_FAILURE);
49 goto err;
50 }
51 } else {
52 DSAerr(DSA_F_DSA_PUB_DECODE, DSA_R_PARAMETER_ENCODING_ERROR);
53 goto err;
54 }
55
56 if ((public_key = d2i_ASN1_INTEGER(NULL, &p, pklen)) == NULL) {
57 DSAerr(DSA_F_DSA_PUB_DECODE, DSA_R_DECODE_ERROR);
58 goto err;
59 }
60
61 if ((dsa->pub_key = ASN1_INTEGER_to_BN(public_key, NULL)) == NULL) {
62 DSAerr(DSA_F_DSA_PUB_DECODE, DSA_R_BN_DECODE_ERROR);
63 goto err;
64 }
65
66 ASN1_INTEGER_free(public_key);
67 EVP_PKEY_assign_DSA(pkey, dsa);
68 return 1;
69
70 err:
71 ASN1_INTEGER_free(public_key);
72 DSA_free(dsa);
73 return 0;
74
75 }
76
dsa_pub_encode(X509_PUBKEY * pk,const EVP_PKEY * pkey)77 static int dsa_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey)
78 {
79 DSA *dsa;
80 int ptype;
81 unsigned char *penc = NULL;
82 int penclen;
83 ASN1_STRING *str = NULL;
84 ASN1_INTEGER *pubint = NULL;
85 ASN1_OBJECT *aobj;
86
87 dsa = pkey->pkey.dsa;
88 if (pkey->save_parameters && dsa->p && dsa->q && dsa->g) {
89 str = ASN1_STRING_new();
90 if (str == NULL) {
91 DSAerr(DSA_F_DSA_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
92 goto err;
93 }
94 str->length = i2d_DSAparams(dsa, &str->data);
95 if (str->length <= 0) {
96 DSAerr(DSA_F_DSA_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
97 goto err;
98 }
99 ptype = V_ASN1_SEQUENCE;
100 } else
101 ptype = V_ASN1_UNDEF;
102
103 pubint = BN_to_ASN1_INTEGER(dsa->pub_key, NULL);
104
105 if (pubint == NULL) {
106 DSAerr(DSA_F_DSA_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
107 goto err;
108 }
109
110 penclen = i2d_ASN1_INTEGER(pubint, &penc);
111 ASN1_INTEGER_free(pubint);
112
113 if (penclen <= 0) {
114 DSAerr(DSA_F_DSA_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
115 goto err;
116 }
117
118 aobj = OBJ_nid2obj(EVP_PKEY_DSA);
119 if (aobj == NULL)
120 goto err;
121
122 if (X509_PUBKEY_set0_param(pk, aobj, ptype, str, penc, penclen))
123 return 1;
124
125 err:
126 OPENSSL_free(penc);
127 ASN1_STRING_free(str);
128
129 return 0;
130 }
131
132 /*
133 * In PKCS#8 DSA: you just get a private key integer and parameters in the
134 * AlgorithmIdentifier the pubkey must be recalculated.
135 */
136
dsa_priv_decode(EVP_PKEY * pkey,const PKCS8_PRIV_KEY_INFO * p8)137 static int dsa_priv_decode(EVP_PKEY *pkey, const PKCS8_PRIV_KEY_INFO *p8)
138 {
139 const unsigned char *p, *pm;
140 int pklen, pmlen;
141 int ptype;
142 const void *pval;
143 const ASN1_STRING *pstr;
144 const X509_ALGOR *palg;
145 ASN1_INTEGER *privkey = NULL;
146 BN_CTX *ctx = NULL;
147
148 DSA *dsa = NULL;
149
150 int ret = 0;
151
152 if (!PKCS8_pkey_get0(NULL, &p, &pklen, &palg, p8))
153 return 0;
154 X509_ALGOR_get0(NULL, &ptype, &pval, palg);
155
156 if ((privkey = d2i_ASN1_INTEGER(NULL, &p, pklen)) == NULL)
157 goto decerr;
158 if (privkey->type == V_ASN1_NEG_INTEGER || ptype != V_ASN1_SEQUENCE)
159 goto decerr;
160
161 pstr = pval;
162 pm = pstr->data;
163 pmlen = pstr->length;
164 if ((dsa = d2i_DSAparams(NULL, &pm, pmlen)) == NULL)
165 goto decerr;
166 /* We have parameters now set private key */
167 if ((dsa->priv_key = BN_secure_new()) == NULL
168 || !ASN1_INTEGER_to_BN(privkey, dsa->priv_key)) {
169 DSAerr(DSA_F_DSA_PRIV_DECODE, DSA_R_BN_ERROR);
170 goto dsaerr;
171 }
172 /* Calculate public key */
173 if ((dsa->pub_key = BN_new()) == NULL) {
174 DSAerr(DSA_F_DSA_PRIV_DECODE, ERR_R_MALLOC_FAILURE);
175 goto dsaerr;
176 }
177 if ((ctx = BN_CTX_new()) == NULL) {
178 DSAerr(DSA_F_DSA_PRIV_DECODE, ERR_R_MALLOC_FAILURE);
179 goto dsaerr;
180 }
181
182 BN_set_flags(dsa->priv_key, BN_FLG_CONSTTIME);
183 if (!BN_mod_exp(dsa->pub_key, dsa->g, dsa->priv_key, dsa->p, ctx)) {
184 DSAerr(DSA_F_DSA_PRIV_DECODE, DSA_R_BN_ERROR);
185 goto dsaerr;
186 }
187
188 EVP_PKEY_assign_DSA(pkey, dsa);
189
190 ret = 1;
191 goto done;
192
193 decerr:
194 DSAerr(DSA_F_DSA_PRIV_DECODE, DSA_R_DECODE_ERROR);
195 dsaerr:
196 DSA_free(dsa);
197 done:
198 BN_CTX_free(ctx);
199 ASN1_STRING_clear_free(privkey);
200 return ret;
201 }
202
dsa_priv_encode(PKCS8_PRIV_KEY_INFO * p8,const EVP_PKEY * pkey)203 static int dsa_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey)
204 {
205 ASN1_STRING *params = NULL;
206 ASN1_INTEGER *prkey = NULL;
207 unsigned char *dp = NULL;
208 int dplen;
209
210 if (!pkey->pkey.dsa || !pkey->pkey.dsa->priv_key) {
211 DSAerr(DSA_F_DSA_PRIV_ENCODE, DSA_R_MISSING_PARAMETERS);
212 goto err;
213 }
214
215 params = ASN1_STRING_new();
216
217 if (params == NULL) {
218 DSAerr(DSA_F_DSA_PRIV_ENCODE, ERR_R_MALLOC_FAILURE);
219 goto err;
220 }
221
222 params->length = i2d_DSAparams(pkey->pkey.dsa, ¶ms->data);
223 if (params->length <= 0) {
224 DSAerr(DSA_F_DSA_PRIV_ENCODE, ERR_R_MALLOC_FAILURE);
225 goto err;
226 }
227 params->type = V_ASN1_SEQUENCE;
228
229 /* Get private key into integer */
230 prkey = BN_to_ASN1_INTEGER(pkey->pkey.dsa->priv_key, NULL);
231
232 if (!prkey) {
233 DSAerr(DSA_F_DSA_PRIV_ENCODE, DSA_R_BN_ERROR);
234 goto err;
235 }
236
237 dplen = i2d_ASN1_INTEGER(prkey, &dp);
238
239 ASN1_STRING_clear_free(prkey);
240 prkey = NULL;
241
242 if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(NID_dsa), 0,
243 V_ASN1_SEQUENCE, params, dp, dplen))
244 goto err;
245
246 return 1;
247
248 err:
249 OPENSSL_free(dp);
250 ASN1_STRING_free(params);
251 ASN1_STRING_clear_free(prkey);
252 return 0;
253 }
254
int_dsa_size(const EVP_PKEY * pkey)255 static int int_dsa_size(const EVP_PKEY *pkey)
256 {
257 return DSA_size(pkey->pkey.dsa);
258 }
259
dsa_bits(const EVP_PKEY * pkey)260 static int dsa_bits(const EVP_PKEY *pkey)
261 {
262 return DSA_bits(pkey->pkey.dsa);
263 }
264
dsa_security_bits(const EVP_PKEY * pkey)265 static int dsa_security_bits(const EVP_PKEY *pkey)
266 {
267 return DSA_security_bits(pkey->pkey.dsa);
268 }
269
dsa_missing_parameters(const EVP_PKEY * pkey)270 static int dsa_missing_parameters(const EVP_PKEY *pkey)
271 {
272 DSA *dsa;
273 dsa = pkey->pkey.dsa;
274 if (dsa == NULL || dsa->p == NULL || dsa->q == NULL || dsa->g == NULL)
275 return 1;
276 return 0;
277 }
278
dsa_copy_parameters(EVP_PKEY * to,const EVP_PKEY * from)279 static int dsa_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from)
280 {
281 BIGNUM *a;
282
283 if (to->pkey.dsa == NULL) {
284 to->pkey.dsa = DSA_new();
285 if (to->pkey.dsa == NULL)
286 return 0;
287 }
288
289 if ((a = BN_dup(from->pkey.dsa->p)) == NULL)
290 return 0;
291 BN_free(to->pkey.dsa->p);
292 to->pkey.dsa->p = a;
293
294 if ((a = BN_dup(from->pkey.dsa->q)) == NULL)
295 return 0;
296 BN_free(to->pkey.dsa->q);
297 to->pkey.dsa->q = a;
298
299 if ((a = BN_dup(from->pkey.dsa->g)) == NULL)
300 return 0;
301 BN_free(to->pkey.dsa->g);
302 to->pkey.dsa->g = a;
303 return 1;
304 }
305
dsa_cmp_parameters(const EVP_PKEY * a,const EVP_PKEY * b)306 static int dsa_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b)
307 {
308 if (BN_cmp(a->pkey.dsa->p, b->pkey.dsa->p) ||
309 BN_cmp(a->pkey.dsa->q, b->pkey.dsa->q) ||
310 BN_cmp(a->pkey.dsa->g, b->pkey.dsa->g))
311 return 0;
312 else
313 return 1;
314 }
315
dsa_pub_cmp(const EVP_PKEY * a,const EVP_PKEY * b)316 static int dsa_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b)
317 {
318 if (BN_cmp(b->pkey.dsa->pub_key, a->pkey.dsa->pub_key) != 0)
319 return 0;
320 else
321 return 1;
322 }
323
int_dsa_free(EVP_PKEY * pkey)324 static void int_dsa_free(EVP_PKEY *pkey)
325 {
326 DSA_free(pkey->pkey.dsa);
327 }
328
do_dsa_print(BIO * bp,const DSA * x,int off,int ptype)329 static int do_dsa_print(BIO *bp, const DSA *x, int off, int ptype)
330 {
331 int ret = 0;
332 const char *ktype = NULL;
333 const BIGNUM *priv_key, *pub_key;
334
335 if (ptype == 2)
336 priv_key = x->priv_key;
337 else
338 priv_key = NULL;
339
340 if (ptype > 0)
341 pub_key = x->pub_key;
342 else
343 pub_key = NULL;
344
345 if (ptype == 2)
346 ktype = "Private-Key";
347 else if (ptype == 1)
348 ktype = "Public-Key";
349 else
350 ktype = "DSA-Parameters";
351
352 if (priv_key) {
353 if (!BIO_indent(bp, off, 128))
354 goto err;
355 if (BIO_printf(bp, "%s: (%d bit)\n", ktype, BN_num_bits(x->p))
356 <= 0)
357 goto err;
358 }
359
360 if (!ASN1_bn_print(bp, "priv:", priv_key, NULL, off))
361 goto err;
362 if (!ASN1_bn_print(bp, "pub: ", pub_key, NULL, off))
363 goto err;
364 if (!ASN1_bn_print(bp, "P: ", x->p, NULL, off))
365 goto err;
366 if (!ASN1_bn_print(bp, "Q: ", x->q, NULL, off))
367 goto err;
368 if (!ASN1_bn_print(bp, "G: ", x->g, NULL, off))
369 goto err;
370 ret = 1;
371 err:
372 return ret;
373 }
374
dsa_param_decode(EVP_PKEY * pkey,const unsigned char ** pder,int derlen)375 static int dsa_param_decode(EVP_PKEY *pkey,
376 const unsigned char **pder, int derlen)
377 {
378 DSA *dsa;
379
380 if ((dsa = d2i_DSAparams(NULL, pder, derlen)) == NULL) {
381 DSAerr(DSA_F_DSA_PARAM_DECODE, ERR_R_DSA_LIB);
382 return 0;
383 }
384 EVP_PKEY_assign_DSA(pkey, dsa);
385 return 1;
386 }
387
dsa_param_encode(const EVP_PKEY * pkey,unsigned char ** pder)388 static int dsa_param_encode(const EVP_PKEY *pkey, unsigned char **pder)
389 {
390 return i2d_DSAparams(pkey->pkey.dsa, pder);
391 }
392
dsa_param_print(BIO * bp,const EVP_PKEY * pkey,int indent,ASN1_PCTX * ctx)393 static int dsa_param_print(BIO *bp, const EVP_PKEY *pkey, int indent,
394 ASN1_PCTX *ctx)
395 {
396 return do_dsa_print(bp, pkey->pkey.dsa, indent, 0);
397 }
398
dsa_pub_print(BIO * bp,const EVP_PKEY * pkey,int indent,ASN1_PCTX * ctx)399 static int dsa_pub_print(BIO *bp, const EVP_PKEY *pkey, int indent,
400 ASN1_PCTX *ctx)
401 {
402 return do_dsa_print(bp, pkey->pkey.dsa, indent, 1);
403 }
404
dsa_priv_print(BIO * bp,const EVP_PKEY * pkey,int indent,ASN1_PCTX * ctx)405 static int dsa_priv_print(BIO *bp, const EVP_PKEY *pkey, int indent,
406 ASN1_PCTX *ctx)
407 {
408 return do_dsa_print(bp, pkey->pkey.dsa, indent, 2);
409 }
410
old_dsa_priv_decode(EVP_PKEY * pkey,const unsigned char ** pder,int derlen)411 static int old_dsa_priv_decode(EVP_PKEY *pkey,
412 const unsigned char **pder, int derlen)
413 {
414 DSA *dsa;
415
416 if ((dsa = d2i_DSAPrivateKey(NULL, pder, derlen)) == NULL) {
417 DSAerr(DSA_F_OLD_DSA_PRIV_DECODE, ERR_R_DSA_LIB);
418 return 0;
419 }
420 EVP_PKEY_assign_DSA(pkey, dsa);
421 return 1;
422 }
423
old_dsa_priv_encode(const EVP_PKEY * pkey,unsigned char ** pder)424 static int old_dsa_priv_encode(const EVP_PKEY *pkey, unsigned char **pder)
425 {
426 return i2d_DSAPrivateKey(pkey->pkey.dsa, pder);
427 }
428
dsa_sig_print(BIO * bp,const X509_ALGOR * sigalg,const ASN1_STRING * sig,int indent,ASN1_PCTX * pctx)429 static int dsa_sig_print(BIO *bp, const X509_ALGOR *sigalg,
430 const ASN1_STRING *sig, int indent, ASN1_PCTX *pctx)
431 {
432 DSA_SIG *dsa_sig;
433 const unsigned char *p;
434
435 if (!sig) {
436 if (BIO_puts(bp, "\n") <= 0)
437 return 0;
438 else
439 return 1;
440 }
441 p = sig->data;
442 dsa_sig = d2i_DSA_SIG(NULL, &p, sig->length);
443 if (dsa_sig) {
444 int rv = 0;
445 const BIGNUM *r, *s;
446
447 DSA_SIG_get0(dsa_sig, &r, &s);
448
449 if (BIO_write(bp, "\n", 1) != 1)
450 goto err;
451
452 if (!ASN1_bn_print(bp, "r: ", r, NULL, indent))
453 goto err;
454 if (!ASN1_bn_print(bp, "s: ", s, NULL, indent))
455 goto err;
456 rv = 1;
457 err:
458 DSA_SIG_free(dsa_sig);
459 return rv;
460 }
461 return X509_signature_dump(bp, sig, indent);
462 }
463
dsa_pkey_ctrl(EVP_PKEY * pkey,int op,long arg1,void * arg2)464 static int dsa_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
465 {
466 switch (op) {
467 case ASN1_PKEY_CTRL_PKCS7_SIGN:
468 if (arg1 == 0) {
469 int snid, hnid;
470 X509_ALGOR *alg1, *alg2;
471 PKCS7_SIGNER_INFO_get0_algs(arg2, NULL, &alg1, &alg2);
472 if (alg1 == NULL || alg1->algorithm == NULL)
473 return -1;
474 hnid = OBJ_obj2nid(alg1->algorithm);
475 if (hnid == NID_undef)
476 return -1;
477 if (!OBJ_find_sigid_by_algs(&snid, hnid, EVP_PKEY_id(pkey)))
478 return -1;
479 X509_ALGOR_set0(alg2, OBJ_nid2obj(snid), V_ASN1_UNDEF, 0);
480 }
481 return 1;
482 #ifndef OPENSSL_NO_CMS
483 case ASN1_PKEY_CTRL_CMS_SIGN:
484 if (arg1 == 0) {
485 int snid, hnid;
486 X509_ALGOR *alg1, *alg2;
487 CMS_SignerInfo_get0_algs(arg2, NULL, NULL, &alg1, &alg2);
488 if (alg1 == NULL || alg1->algorithm == NULL)
489 return -1;
490 hnid = OBJ_obj2nid(alg1->algorithm);
491 if (hnid == NID_undef)
492 return -1;
493 if (!OBJ_find_sigid_by_algs(&snid, hnid, EVP_PKEY_id(pkey)))
494 return -1;
495 X509_ALGOR_set0(alg2, OBJ_nid2obj(snid), V_ASN1_UNDEF, 0);
496 }
497 return 1;
498
499 case ASN1_PKEY_CTRL_CMS_RI_TYPE:
500 *(int *)arg2 = CMS_RECIPINFO_NONE;
501 return 1;
502 #endif
503
504 case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
505 *(int *)arg2 = NID_sha256;
506 return 1;
507
508 default:
509 return -2;
510
511 }
512
513 }
514
515 /* NB these are sorted in pkey_id order, lowest first */
516
517 const EVP_PKEY_ASN1_METHOD dsa_asn1_meths[5] = {
518
519 {
520 EVP_PKEY_DSA2,
521 EVP_PKEY_DSA,
522 ASN1_PKEY_ALIAS},
523
524 {
525 EVP_PKEY_DSA1,
526 EVP_PKEY_DSA,
527 ASN1_PKEY_ALIAS},
528
529 {
530 EVP_PKEY_DSA4,
531 EVP_PKEY_DSA,
532 ASN1_PKEY_ALIAS},
533
534 {
535 EVP_PKEY_DSA3,
536 EVP_PKEY_DSA,
537 ASN1_PKEY_ALIAS},
538
539 {
540 EVP_PKEY_DSA,
541 EVP_PKEY_DSA,
542 0,
543
544 "DSA",
545 "OpenSSL DSA method",
546
547 dsa_pub_decode,
548 dsa_pub_encode,
549 dsa_pub_cmp,
550 dsa_pub_print,
551
552 dsa_priv_decode,
553 dsa_priv_encode,
554 dsa_priv_print,
555
556 int_dsa_size,
557 dsa_bits,
558 dsa_security_bits,
559
560 dsa_param_decode,
561 dsa_param_encode,
562 dsa_missing_parameters,
563 dsa_copy_parameters,
564 dsa_cmp_parameters,
565 dsa_param_print,
566 dsa_sig_print,
567
568 int_dsa_free,
569 dsa_pkey_ctrl,
570 old_dsa_priv_decode,
571 old_dsa_priv_encode}
572 };
573