• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
2  * 2006.
3  */
4 /* ====================================================================
5  * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
6  *
7  * Redistribution and use in source and binary forms, with or without
8  * modification, are permitted provided that the following conditions
9  * are met:
10  *
11  * 1. Redistributions of source code must retain the above copyright
12  *    notice, this list of conditions and the following disclaimer.
13  *
14  * 2. Redistributions in binary form must reproduce the above copyright
15  *    notice, this list of conditions and the following disclaimer in
16  *    the documentation and/or other materials provided with the
17  *    distribution.
18  *
19  * 3. All advertising materials mentioning features or use of this
20  *    software must display the following acknowledgment:
21  *    "This product includes software developed by the OpenSSL Project
22  *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
23  *
24  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
25  *    endorse or promote products derived from this software without
26  *    prior written permission. For written permission, please contact
27  *    licensing@OpenSSL.org.
28  *
29  * 5. Products derived from this software may not be called "OpenSSL"
30  *    nor may "OpenSSL" appear in their names without prior written
31  *    permission of the OpenSSL Project.
32  *
33  * 6. Redistributions of any form whatsoever must retain the following
34  *    acknowledgment:
35  *    "This product includes software developed by the OpenSSL Project
36  *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
37  *
38  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
39  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
40  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
41  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
42  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
43  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
44  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
45  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
46  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
47  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
48  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
49  * OF THE POSSIBILITY OF SUCH DAMAGE.
50  * ====================================================================
51  *
52  * This product includes cryptographic software written by Eric Young
53  * (eay@cryptsoft.com).  This product includes software written by Tim
54  * Hudson (tjh@cryptsoft.com). */
55 
56 #include <openssl/evp.h>
57 
58 #include <openssl/digest.h>
59 #include <openssl/bn.h>
60 #include <openssl/bytestring.h>
61 #include <openssl/dsa.h>
62 #include <openssl/err.h>
63 
64 #include "internal.h"
65 
66 
dsa_pub_decode(EVP_PKEY * out,CBS * params,CBS * key)67 static int dsa_pub_decode(EVP_PKEY *out, CBS *params, CBS *key) {
68   // See RFC 3279, section 2.3.2.
69 
70   // Parameters may or may not be present.
71   DSA *dsa;
72   if (CBS_len(params) == 0) {
73     dsa = DSA_new();
74     if (dsa == NULL) {
75       return 0;
76     }
77   } else {
78     dsa = DSA_parse_parameters(params);
79     if (dsa == NULL || CBS_len(params) != 0) {
80       OPENSSL_PUT_ERROR(EVP, EVP_R_DECODE_ERROR);
81       goto err;
82     }
83   }
84 
85   dsa->pub_key = BN_new();
86   if (dsa->pub_key == NULL) {
87     goto err;
88   }
89 
90   if (!BN_parse_asn1_unsigned(key, dsa->pub_key) ||
91       CBS_len(key) != 0) {
92     OPENSSL_PUT_ERROR(EVP, EVP_R_DECODE_ERROR);
93     goto err;
94   }
95 
96   EVP_PKEY_assign_DSA(out, dsa);
97   return 1;
98 
99 err:
100   DSA_free(dsa);
101   return 0;
102 }
103 
dsa_pub_encode(CBB * out,const EVP_PKEY * key)104 static int dsa_pub_encode(CBB *out, const EVP_PKEY *key) {
105   const DSA *dsa = key->pkey.dsa;
106   const int has_params = dsa->p != NULL && dsa->q != NULL && dsa->g != NULL;
107 
108   // See RFC 5480, section 2.
109   CBB spki, algorithm, oid, key_bitstring;
110   if (!CBB_add_asn1(out, &spki, CBS_ASN1_SEQUENCE) ||
111       !CBB_add_asn1(&spki, &algorithm, CBS_ASN1_SEQUENCE) ||
112       !CBB_add_asn1(&algorithm, &oid, CBS_ASN1_OBJECT) ||
113       !CBB_add_bytes(&oid, dsa_asn1_meth.oid, dsa_asn1_meth.oid_len) ||
114       (has_params &&
115        !DSA_marshal_parameters(&algorithm, dsa)) ||
116       !CBB_add_asn1(&spki, &key_bitstring, CBS_ASN1_BITSTRING) ||
117       !CBB_add_u8(&key_bitstring, 0 /* padding */) ||
118       !BN_marshal_asn1(&key_bitstring, dsa->pub_key) ||
119       !CBB_flush(out)) {
120     OPENSSL_PUT_ERROR(EVP, EVP_R_ENCODE_ERROR);
121     return 0;
122   }
123 
124   return 1;
125 }
126 
dsa_priv_decode(EVP_PKEY * out,CBS * params,CBS * key)127 static int dsa_priv_decode(EVP_PKEY *out, CBS *params, CBS *key) {
128   // See PKCS#11, v2.40, section 2.5.
129 
130   // Decode parameters.
131   BN_CTX *ctx = NULL;
132   DSA *dsa = DSA_parse_parameters(params);
133   if (dsa == NULL || CBS_len(params) != 0) {
134     OPENSSL_PUT_ERROR(EVP, EVP_R_DECODE_ERROR);
135     goto err;
136   }
137 
138   dsa->priv_key = BN_new();
139   dsa->pub_key = BN_new();
140   if (dsa->priv_key == NULL || dsa->pub_key == NULL) {
141     goto err;
142   }
143 
144   // Decode the key.
145   if (!BN_parse_asn1_unsigned(key, dsa->priv_key) ||
146       CBS_len(key) != 0) {
147     OPENSSL_PUT_ERROR(EVP, EVP_R_DECODE_ERROR);
148     goto err;
149   }
150 
151   // Calculate the public key.
152   ctx = BN_CTX_new();
153   if (ctx == NULL ||
154       !BN_mod_exp_mont_consttime(dsa->pub_key, dsa->g, dsa->priv_key, dsa->p,
155                                  ctx, NULL)) {
156     goto err;
157   }
158 
159   BN_CTX_free(ctx);
160   EVP_PKEY_assign_DSA(out, dsa);
161   return 1;
162 
163 err:
164   BN_CTX_free(ctx);
165   DSA_free(dsa);
166   return 0;
167 }
168 
dsa_priv_encode(CBB * out,const EVP_PKEY * key)169 static int dsa_priv_encode(CBB *out, const EVP_PKEY *key) {
170   const DSA *dsa = key->pkey.dsa;
171   if (dsa == NULL || dsa->priv_key == NULL) {
172     OPENSSL_PUT_ERROR(EVP, EVP_R_MISSING_PARAMETERS);
173     return 0;
174   }
175 
176   // See PKCS#11, v2.40, section 2.5.
177   CBB pkcs8, algorithm, oid, private_key;
178   if (!CBB_add_asn1(out, &pkcs8, CBS_ASN1_SEQUENCE) ||
179       !CBB_add_asn1_uint64(&pkcs8, 0 /* version */) ||
180       !CBB_add_asn1(&pkcs8, &algorithm, CBS_ASN1_SEQUENCE) ||
181       !CBB_add_asn1(&algorithm, &oid, CBS_ASN1_OBJECT) ||
182       !CBB_add_bytes(&oid, dsa_asn1_meth.oid, dsa_asn1_meth.oid_len) ||
183       !DSA_marshal_parameters(&algorithm, dsa) ||
184       !CBB_add_asn1(&pkcs8, &private_key, CBS_ASN1_OCTETSTRING) ||
185       !BN_marshal_asn1(&private_key, dsa->priv_key) ||
186       !CBB_flush(out)) {
187     OPENSSL_PUT_ERROR(EVP, EVP_R_ENCODE_ERROR);
188     return 0;
189   }
190 
191   return 1;
192 }
193 
int_dsa_size(const EVP_PKEY * pkey)194 static int int_dsa_size(const EVP_PKEY *pkey) {
195   return DSA_size(pkey->pkey.dsa);
196 }
197 
dsa_bits(const EVP_PKEY * pkey)198 static int dsa_bits(const EVP_PKEY *pkey) {
199   return BN_num_bits(pkey->pkey.dsa->p);
200 }
201 
dsa_missing_parameters(const EVP_PKEY * pkey)202 static int dsa_missing_parameters(const EVP_PKEY *pkey) {
203   DSA *dsa;
204   dsa = pkey->pkey.dsa;
205   if (dsa->p == NULL || dsa->q == NULL || dsa->g == NULL) {
206     return 1;
207   }
208   return 0;
209 }
210 
dup_bn_into(BIGNUM ** out,BIGNUM * src)211 static int dup_bn_into(BIGNUM **out, BIGNUM *src) {
212   BIGNUM *a;
213 
214   a = BN_dup(src);
215   if (a == NULL) {
216     return 0;
217   }
218   BN_free(*out);
219   *out = a;
220 
221   return 1;
222 }
223 
dsa_copy_parameters(EVP_PKEY * to,const EVP_PKEY * from)224 static int dsa_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from) {
225   if (!dup_bn_into(&to->pkey.dsa->p, from->pkey.dsa->p) ||
226       !dup_bn_into(&to->pkey.dsa->q, from->pkey.dsa->q) ||
227       !dup_bn_into(&to->pkey.dsa->g, from->pkey.dsa->g)) {
228     return 0;
229   }
230 
231   return 1;
232 }
233 
dsa_cmp_parameters(const EVP_PKEY * a,const EVP_PKEY * b)234 static int dsa_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b) {
235   return BN_cmp(a->pkey.dsa->p, b->pkey.dsa->p) == 0 &&
236          BN_cmp(a->pkey.dsa->q, b->pkey.dsa->q) == 0 &&
237          BN_cmp(a->pkey.dsa->g, b->pkey.dsa->g) == 0;
238 }
239 
dsa_pub_cmp(const EVP_PKEY * a,const EVP_PKEY * b)240 static int dsa_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b) {
241   return BN_cmp(b->pkey.dsa->pub_key, a->pkey.dsa->pub_key) == 0;
242 }
243 
int_dsa_free(EVP_PKEY * pkey)244 static void int_dsa_free(EVP_PKEY *pkey) { DSA_free(pkey->pkey.dsa); }
245 
246 const EVP_PKEY_ASN1_METHOD dsa_asn1_meth = {
247   EVP_PKEY_DSA,
248   // 1.2.840.10040.4.1
249   {0x2a, 0x86, 0x48, 0xce, 0x38, 0x04, 0x01}, 7,
250 
251   dsa_pub_decode,
252   dsa_pub_encode,
253   dsa_pub_cmp,
254 
255   dsa_priv_decode,
256   dsa_priv_encode,
257 
258   NULL /* pkey_opaque */,
259 
260   int_dsa_size,
261   dsa_bits,
262 
263   dsa_missing_parameters,
264   dsa_copy_parameters,
265   dsa_cmp_parameters,
266 
267   int_dsa_free,
268 };
269