]>
Commit | Line | Data |
---|---|---|
0f113f3e | 1 | /* |
d2e9e320 | 2 | * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. |
448be743 | 3 | * |
3cdbea65 | 4 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
d2e9e320 RS |
5 | * this file except in compliance with the License. You can obtain a copy |
6 | * in the file LICENSE in the source distribution or at | |
7 | * https://www.openssl.org/source/license.html | |
448be743 DSH |
8 | */ |
9 | ||
10 | #include <stdio.h> | |
448be743 DSH |
11 | #include <openssl/x509.h> |
12 | #include <openssl/asn1.h> | |
1e26a8ba | 13 | #include <openssl/bn.h> |
3c27208f | 14 | #include <openssl/cms.h> |
4889dadc MC |
15 | #include <openssl/core_names.h> |
16 | #include "internal/cryptlib.h" | |
5fe736e5 | 17 | #include "internal/asn1_int.h" |
3aeb9348 | 18 | #include "internal/evp_int.h" |
4889dadc MC |
19 | #include "internal/param_build.h" |
20 | #include "dsa_locl.h" | |
448be743 DSH |
21 | |
22 | static int dsa_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey) | |
0f113f3e MC |
23 | { |
24 | const unsigned char *p, *pm; | |
25 | int pklen, pmlen; | |
26 | int ptype; | |
ac4e2577 DSH |
27 | const void *pval; |
28 | const ASN1_STRING *pstr; | |
0f113f3e MC |
29 | X509_ALGOR *palg; |
30 | ASN1_INTEGER *public_key = NULL; | |
31 | ||
32 | DSA *dsa = NULL; | |
33 | ||
34 | if (!X509_PUBKEY_get0_param(NULL, &p, &pklen, &palg, pubkey)) | |
35 | return 0; | |
36 | X509_ALGOR_get0(NULL, &ptype, &pval, palg); | |
37 | ||
38 | if (ptype == V_ASN1_SEQUENCE) { | |
39 | pstr = pval; | |
40 | pm = pstr->data; | |
41 | pmlen = pstr->length; | |
42 | ||
75ebbd9a | 43 | if ((dsa = d2i_DSAparams(NULL, &pm, pmlen)) == NULL) { |
0f113f3e MC |
44 | DSAerr(DSA_F_DSA_PUB_DECODE, DSA_R_DECODE_ERROR); |
45 | goto err; | |
46 | } | |
47 | ||
48 | } else if ((ptype == V_ASN1_NULL) || (ptype == V_ASN1_UNDEF)) { | |
75ebbd9a | 49 | if ((dsa = DSA_new()) == NULL) { |
0f113f3e MC |
50 | DSAerr(DSA_F_DSA_PUB_DECODE, ERR_R_MALLOC_FAILURE); |
51 | goto err; | |
52 | } | |
53 | } else { | |
54 | DSAerr(DSA_F_DSA_PUB_DECODE, DSA_R_PARAMETER_ENCODING_ERROR); | |
55 | goto err; | |
56 | } | |
57 | ||
75ebbd9a | 58 | if ((public_key = d2i_ASN1_INTEGER(NULL, &p, pklen)) == NULL) { |
0f113f3e MC |
59 | DSAerr(DSA_F_DSA_PUB_DECODE, DSA_R_DECODE_ERROR); |
60 | goto err; | |
61 | } | |
62 | ||
75ebbd9a | 63 | if ((dsa->pub_key = ASN1_INTEGER_to_BN(public_key, NULL)) == NULL) { |
0f113f3e MC |
64 | DSAerr(DSA_F_DSA_PUB_DECODE, DSA_R_BN_DECODE_ERROR); |
65 | goto err; | |
66 | } | |
67 | ||
4889dadc | 68 | dsa->dirty_cnt++; |
0f113f3e MC |
69 | ASN1_INTEGER_free(public_key); |
70 | EVP_PKEY_assign_DSA(pkey, dsa); | |
71 | return 1; | |
72 | ||
73 | err: | |
2ace7450 | 74 | ASN1_INTEGER_free(public_key); |
d6407083 | 75 | DSA_free(dsa); |
0f113f3e MC |
76 | return 0; |
77 | ||
78 | } | |
448be743 | 79 | |
6f81892e | 80 | static int dsa_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey) |
0f113f3e MC |
81 | { |
82 | DSA *dsa; | |
0f113f3e MC |
83 | int ptype; |
84 | unsigned char *penc = NULL; | |
85 | int penclen; | |
0c7ca403 | 86 | ASN1_STRING *str = NULL; |
ea6b07b5 | 87 | ASN1_INTEGER *pubint = NULL; |
7760384b | 88 | ASN1_OBJECT *aobj; |
0f113f3e MC |
89 | |
90 | dsa = pkey->pkey.dsa; | |
91 | if (pkey->save_parameters && dsa->p && dsa->q && dsa->g) { | |
0f113f3e | 92 | str = ASN1_STRING_new(); |
90945fa3 | 93 | if (str == NULL) { |
0c7ca403 MC |
94 | DSAerr(DSA_F_DSA_PUB_ENCODE, ERR_R_MALLOC_FAILURE); |
95 | goto err; | |
96 | } | |
0f113f3e MC |
97 | str->length = i2d_DSAparams(dsa, &str->data); |
98 | if (str->length <= 0) { | |
99 | DSAerr(DSA_F_DSA_PUB_ENCODE, ERR_R_MALLOC_FAILURE); | |
100 | goto err; | |
101 | } | |
0f113f3e MC |
102 | ptype = V_ASN1_SEQUENCE; |
103 | } else | |
104 | ptype = V_ASN1_UNDEF; | |
105 | ||
ea6b07b5 | 106 | pubint = BN_to_ASN1_INTEGER(dsa->pub_key, NULL); |
0f113f3e | 107 | |
ea6b07b5 DSH |
108 | if (pubint == NULL) { |
109 | DSAerr(DSA_F_DSA_PUB_ENCODE, ERR_R_MALLOC_FAILURE); | |
110 | goto err; | |
111 | } | |
112 | ||
113 | penclen = i2d_ASN1_INTEGER(pubint, &penc); | |
114 | ASN1_INTEGER_free(pubint); | |
0f113f3e MC |
115 | |
116 | if (penclen <= 0) { | |
117 | DSAerr(DSA_F_DSA_PUB_ENCODE, ERR_R_MALLOC_FAILURE); | |
118 | goto err; | |
119 | } | |
120 | ||
7760384b PK |
121 | aobj = OBJ_nid2obj(EVP_PKEY_DSA); |
122 | if (aobj == NULL) | |
123 | goto err; | |
124 | ||
125 | if (X509_PUBKEY_set0_param(pk, aobj, ptype, str, penc, penclen)) | |
0f113f3e MC |
126 | return 1; |
127 | ||
128 | err: | |
b548a1f1 | 129 | OPENSSL_free(penc); |
0dfb9398 | 130 | ASN1_STRING_free(str); |
0f113f3e MC |
131 | |
132 | return 0; | |
133 | } | |
134 | ||
135 | /* | |
136 | * In PKCS#8 DSA: you just get a private key integer and parameters in the | |
448be743 DSH |
137 | * AlgorithmIdentifier the pubkey must be recalculated. |
138 | */ | |
0f113f3e | 139 | |
245c6bc3 | 140 | static int dsa_priv_decode(EVP_PKEY *pkey, const PKCS8_PRIV_KEY_INFO *p8) |
0f113f3e | 141 | { |
dfb10af9 | 142 | const unsigned char *p, *pm; |
0f113f3e MC |
143 | int pklen, pmlen; |
144 | int ptype; | |
ac4e2577 DSH |
145 | const void *pval; |
146 | const ASN1_STRING *pstr; | |
245c6bc3 | 147 | const X509_ALGOR *palg; |
0f113f3e MC |
148 | ASN1_INTEGER *privkey = NULL; |
149 | BN_CTX *ctx = NULL; | |
150 | ||
0f113f3e MC |
151 | DSA *dsa = NULL; |
152 | ||
ab4a81f6 DSH |
153 | int ret = 0; |
154 | ||
0f113f3e MC |
155 | if (!PKCS8_pkey_get0(NULL, &p, &pklen, &palg, p8)) |
156 | return 0; | |
157 | X509_ALGOR_get0(NULL, &ptype, &pval, palg); | |
158 | ||
ab4a81f6 DSH |
159 | if ((privkey = d2i_ASN1_INTEGER(NULL, &p, pklen)) == NULL) |
160 | goto decerr; | |
dfb10af9 | 161 | if (privkey->type == V_ASN1_NEG_INTEGER || ptype != V_ASN1_SEQUENCE) |
ab4a81f6 | 162 | goto decerr; |
0f113f3e MC |
163 | |
164 | pstr = pval; | |
165 | pm = pstr->data; | |
166 | pmlen = pstr->length; | |
75ebbd9a | 167 | if ((dsa = d2i_DSAparams(NULL, &pm, pmlen)) == NULL) |
0f113f3e MC |
168 | goto decerr; |
169 | /* We have parameters now set private key */ | |
74924dcb RS |
170 | if ((dsa->priv_key = BN_secure_new()) == NULL |
171 | || !ASN1_INTEGER_to_BN(privkey, dsa->priv_key)) { | |
0f113f3e MC |
172 | DSAerr(DSA_F_DSA_PRIV_DECODE, DSA_R_BN_ERROR); |
173 | goto dsaerr; | |
174 | } | |
175 | /* Calculate public key */ | |
75ebbd9a | 176 | if ((dsa->pub_key = BN_new()) == NULL) { |
0f113f3e MC |
177 | DSAerr(DSA_F_DSA_PRIV_DECODE, ERR_R_MALLOC_FAILURE); |
178 | goto dsaerr; | |
179 | } | |
75ebbd9a | 180 | if ((ctx = BN_CTX_new()) == NULL) { |
0f113f3e MC |
181 | DSAerr(DSA_F_DSA_PRIV_DECODE, ERR_R_MALLOC_FAILURE); |
182 | goto dsaerr; | |
183 | } | |
184 | ||
6364475a | 185 | BN_set_flags(dsa->priv_key, BN_FLG_CONSTTIME); |
0f113f3e MC |
186 | if (!BN_mod_exp(dsa->pub_key, dsa->g, dsa->priv_key, dsa->p, ctx)) { |
187 | DSAerr(DSA_F_DSA_PRIV_DECODE, DSA_R_BN_ERROR); | |
188 | goto dsaerr; | |
189 | } | |
190 | ||
4889dadc | 191 | dsa->dirty_cnt++; |
0f113f3e | 192 | EVP_PKEY_assign_DSA(pkey, dsa); |
0f113f3e | 193 | |
ab4a81f6 DSH |
194 | ret = 1; |
195 | goto done; | |
0f113f3e MC |
196 | |
197 | decerr: | |
f6fb7f18 | 198 | DSAerr(DSA_F_DSA_PRIV_DECODE, DSA_R_DECODE_ERROR); |
0f113f3e | 199 | dsaerr: |
ab4a81f6 DSH |
200 | DSA_free(dsa); |
201 | done: | |
0f113f3e | 202 | BN_CTX_free(ctx); |
2ace7450 | 203 | ASN1_STRING_clear_free(privkey); |
ab4a81f6 | 204 | return ret; |
0f113f3e | 205 | } |
448be743 | 206 | |
6f81892e | 207 | static int dsa_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey) |
448be743 | 208 | { |
0f113f3e MC |
209 | ASN1_STRING *params = NULL; |
210 | ASN1_INTEGER *prkey = NULL; | |
211 | unsigned char *dp = NULL; | |
212 | int dplen; | |
213 | ||
214 | if (!pkey->pkey.dsa || !pkey->pkey.dsa->priv_key) { | |
215 | DSAerr(DSA_F_DSA_PRIV_ENCODE, DSA_R_MISSING_PARAMETERS); | |
216 | goto err; | |
217 | } | |
218 | ||
219 | params = ASN1_STRING_new(); | |
220 | ||
90945fa3 | 221 | if (params == NULL) { |
0f113f3e MC |
222 | DSAerr(DSA_F_DSA_PRIV_ENCODE, ERR_R_MALLOC_FAILURE); |
223 | goto err; | |
224 | } | |
225 | ||
226 | params->length = i2d_DSAparams(pkey->pkey.dsa, ¶ms->data); | |
227 | if (params->length <= 0) { | |
228 | DSAerr(DSA_F_DSA_PRIV_ENCODE, ERR_R_MALLOC_FAILURE); | |
229 | goto err; | |
230 | } | |
231 | params->type = V_ASN1_SEQUENCE; | |
232 | ||
233 | /* Get private key into integer */ | |
234 | prkey = BN_to_ASN1_INTEGER(pkey->pkey.dsa->priv_key, NULL); | |
235 | ||
236 | if (!prkey) { | |
237 | DSAerr(DSA_F_DSA_PRIV_ENCODE, DSA_R_BN_ERROR); | |
238 | goto err; | |
239 | } | |
240 | ||
241 | dplen = i2d_ASN1_INTEGER(prkey, &dp); | |
242 | ||
a8ae0891 | 243 | ASN1_STRING_clear_free(prkey); |
fa4629b6 | 244 | prkey = NULL; |
0f113f3e MC |
245 | |
246 | if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(NID_dsa), 0, | |
247 | V_ASN1_SEQUENCE, params, dp, dplen)) | |
248 | goto err; | |
249 | ||
250 | return 1; | |
251 | ||
252 | err: | |
b548a1f1 | 253 | OPENSSL_free(dp); |
0dfb9398 | 254 | ASN1_STRING_free(params); |
2ace7450 | 255 | ASN1_STRING_clear_free(prkey); |
0f113f3e | 256 | return 0; |
448be743 DSH |
257 | } |
258 | ||
6f81892e | 259 | static int int_dsa_size(const EVP_PKEY *pkey) |
0f113f3e | 260 | { |
26a7d938 | 261 | return DSA_size(pkey->pkey.dsa); |
0f113f3e | 262 | } |
6f81892e DSH |
263 | |
264 | static int dsa_bits(const EVP_PKEY *pkey) | |
0f113f3e | 265 | { |
5d8d9a8e | 266 | return DSA_bits(pkey->pkey.dsa); |
0f113f3e | 267 | } |
6f81892e | 268 | |
2514fa79 | 269 | static int dsa_security_bits(const EVP_PKEY *pkey) |
0f113f3e MC |
270 | { |
271 | return DSA_security_bits(pkey->pkey.dsa); | |
272 | } | |
2514fa79 | 273 | |
6f81892e | 274 | static int dsa_missing_parameters(const EVP_PKEY *pkey) |
0f113f3e MC |
275 | { |
276 | DSA *dsa; | |
277 | dsa = pkey->pkey.dsa; | |
f72f00d4 | 278 | if (dsa == NULL || dsa->p == NULL || dsa->q == NULL || dsa->g == NULL) |
0f113f3e MC |
279 | return 1; |
280 | return 0; | |
281 | } | |
6f81892e DSH |
282 | |
283 | static int dsa_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from) | |
0f113f3e MC |
284 | { |
285 | BIGNUM *a; | |
286 | ||
2986ecdc DSH |
287 | if (to->pkey.dsa == NULL) { |
288 | to->pkey.dsa = DSA_new(); | |
289 | if (to->pkey.dsa == NULL) | |
290 | return 0; | |
291 | } | |
292 | ||
0f113f3e MC |
293 | if ((a = BN_dup(from->pkey.dsa->p)) == NULL) |
294 | return 0; | |
23a1d5e9 | 295 | BN_free(to->pkey.dsa->p); |
0f113f3e MC |
296 | to->pkey.dsa->p = a; |
297 | ||
298 | if ((a = BN_dup(from->pkey.dsa->q)) == NULL) | |
299 | return 0; | |
23a1d5e9 | 300 | BN_free(to->pkey.dsa->q); |
0f113f3e MC |
301 | to->pkey.dsa->q = a; |
302 | ||
303 | if ((a = BN_dup(from->pkey.dsa->g)) == NULL) | |
304 | return 0; | |
23a1d5e9 | 305 | BN_free(to->pkey.dsa->g); |
0f113f3e | 306 | to->pkey.dsa->g = a; |
4889dadc | 307 | to->pkey.dsa->dirty_cnt++; |
0f113f3e MC |
308 | return 1; |
309 | } | |
6f81892e DSH |
310 | |
311 | static int dsa_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b) | |
0f113f3e MC |
312 | { |
313 | if (BN_cmp(a->pkey.dsa->p, b->pkey.dsa->p) || | |
314 | BN_cmp(a->pkey.dsa->q, b->pkey.dsa->q) || | |
315 | BN_cmp(a->pkey.dsa->g, b->pkey.dsa->g)) | |
316 | return 0; | |
317 | else | |
318 | return 1; | |
319 | } | |
6f81892e | 320 | |
0cb8499b | 321 | static int dsa_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b) |
0f113f3e MC |
322 | { |
323 | if (BN_cmp(b->pkey.dsa->pub_key, a->pkey.dsa->pub_key) != 0) | |
324 | return 0; | |
325 | else | |
326 | return 1; | |
327 | } | |
0cb8499b | 328 | |
6f81892e | 329 | static void int_dsa_free(EVP_PKEY *pkey) |
0f113f3e MC |
330 | { |
331 | DSA_free(pkey->pkey.dsa); | |
332 | } | |
6f81892e | 333 | |
777c47ac | 334 | static int do_dsa_print(BIO *bp, const DSA *x, int off, int ptype) |
0f113f3e | 335 | { |
0f113f3e | 336 | int ret = 0; |
0f113f3e | 337 | const char *ktype = NULL; |
0f113f3e MC |
338 | const BIGNUM *priv_key, *pub_key; |
339 | ||
340 | if (ptype == 2) | |
341 | priv_key = x->priv_key; | |
342 | else | |
343 | priv_key = NULL; | |
344 | ||
345 | if (ptype > 0) | |
346 | pub_key = x->pub_key; | |
347 | else | |
348 | pub_key = NULL; | |
349 | ||
350 | if (ptype == 2) | |
351 | ktype = "Private-Key"; | |
352 | else if (ptype == 1) | |
353 | ktype = "Public-Key"; | |
354 | else | |
355 | ktype = "DSA-Parameters"; | |
356 | ||
0f113f3e MC |
357 | if (priv_key) { |
358 | if (!BIO_indent(bp, off, 128)) | |
359 | goto err; | |
360 | if (BIO_printf(bp, "%s: (%d bit)\n", ktype, BN_num_bits(x->p)) | |
361 | <= 0) | |
362 | goto err; | |
363 | } | |
364 | ||
a773b52a | 365 | if (!ASN1_bn_print(bp, "priv:", priv_key, NULL, off)) |
0f113f3e | 366 | goto err; |
a773b52a | 367 | if (!ASN1_bn_print(bp, "pub: ", pub_key, NULL, off)) |
0f113f3e | 368 | goto err; |
a773b52a | 369 | if (!ASN1_bn_print(bp, "P: ", x->p, NULL, off)) |
0f113f3e | 370 | goto err; |
a773b52a | 371 | if (!ASN1_bn_print(bp, "Q: ", x->q, NULL, off)) |
0f113f3e | 372 | goto err; |
a773b52a | 373 | if (!ASN1_bn_print(bp, "G: ", x->g, NULL, off)) |
0f113f3e MC |
374 | goto err; |
375 | ret = 1; | |
376 | err: | |
26a7d938 | 377 | return ret; |
0f113f3e | 378 | } |
35208f36 | 379 | |
3e4585c8 | 380 | static int dsa_param_decode(EVP_PKEY *pkey, |
0f113f3e MC |
381 | const unsigned char **pder, int derlen) |
382 | { | |
383 | DSA *dsa; | |
75ebbd9a RS |
384 | |
385 | if ((dsa = d2i_DSAparams(NULL, pder, derlen)) == NULL) { | |
0f113f3e MC |
386 | DSAerr(DSA_F_DSA_PARAM_DECODE, ERR_R_DSA_LIB); |
387 | return 0; | |
388 | } | |
4889dadc | 389 | dsa->dirty_cnt++; |
0f113f3e MC |
390 | EVP_PKEY_assign_DSA(pkey, dsa); |
391 | return 1; | |
392 | } | |
3e4585c8 DSH |
393 | |
394 | static int dsa_param_encode(const EVP_PKEY *pkey, unsigned char **pder) | |
0f113f3e MC |
395 | { |
396 | return i2d_DSAparams(pkey->pkey.dsa, pder); | |
397 | } | |
35208f36 DSH |
398 | |
399 | static int dsa_param_print(BIO *bp, const EVP_PKEY *pkey, int indent, | |
0f113f3e MC |
400 | ASN1_PCTX *ctx) |
401 | { | |
402 | return do_dsa_print(bp, pkey->pkey.dsa, indent, 0); | |
403 | } | |
35208f36 DSH |
404 | |
405 | static int dsa_pub_print(BIO *bp, const EVP_PKEY *pkey, int indent, | |
0f113f3e MC |
406 | ASN1_PCTX *ctx) |
407 | { | |
408 | return do_dsa_print(bp, pkey->pkey.dsa, indent, 1); | |
409 | } | |
35208f36 DSH |
410 | |
411 | static int dsa_priv_print(BIO *bp, const EVP_PKEY *pkey, int indent, | |
0f113f3e MC |
412 | ASN1_PCTX *ctx) |
413 | { | |
414 | return do_dsa_print(bp, pkey->pkey.dsa, indent, 2); | |
415 | } | |
35208f36 | 416 | |
e4263314 | 417 | static int old_dsa_priv_decode(EVP_PKEY *pkey, |
0f113f3e MC |
418 | const unsigned char **pder, int derlen) |
419 | { | |
420 | DSA *dsa; | |
75ebbd9a RS |
421 | |
422 | if ((dsa = d2i_DSAPrivateKey(NULL, pder, derlen)) == NULL) { | |
0f113f3e MC |
423 | DSAerr(DSA_F_OLD_DSA_PRIV_DECODE, ERR_R_DSA_LIB); |
424 | return 0; | |
425 | } | |
4889dadc | 426 | dsa->dirty_cnt++; |
0f113f3e MC |
427 | EVP_PKEY_assign_DSA(pkey, dsa); |
428 | return 1; | |
429 | } | |
e4263314 DSH |
430 | |
431 | static int old_dsa_priv_encode(const EVP_PKEY *pkey, unsigned char **pder) | |
0f113f3e MC |
432 | { |
433 | return i2d_DSAPrivateKey(pkey->pkey.dsa, pder); | |
434 | } | |
e4263314 | 435 | |
fa1ba589 | 436 | static int dsa_sig_print(BIO *bp, const X509_ALGOR *sigalg, |
0f113f3e MC |
437 | const ASN1_STRING *sig, int indent, ASN1_PCTX *pctx) |
438 | { | |
439 | DSA_SIG *dsa_sig; | |
440 | const unsigned char *p; | |
a773b52a | 441 | |
0f113f3e MC |
442 | if (!sig) { |
443 | if (BIO_puts(bp, "\n") <= 0) | |
444 | return 0; | |
445 | else | |
446 | return 1; | |
447 | } | |
448 | p = sig->data; | |
449 | dsa_sig = d2i_DSA_SIG(NULL, &p, sig->length); | |
450 | if (dsa_sig) { | |
451 | int rv = 0; | |
9267c11b | 452 | const BIGNUM *r, *s; |
706a13f1 | 453 | |
9267c11b | 454 | DSA_SIG_get0(dsa_sig, &r, &s); |
0f113f3e MC |
455 | |
456 | if (BIO_write(bp, "\n", 1) != 1) | |
457 | goto err; | |
458 | ||
706a13f1 | 459 | if (!ASN1_bn_print(bp, "r: ", r, NULL, indent)) |
0f113f3e | 460 | goto err; |
706a13f1 | 461 | if (!ASN1_bn_print(bp, "s: ", s, NULL, indent)) |
0f113f3e MC |
462 | goto err; |
463 | rv = 1; | |
464 | err: | |
0f113f3e MC |
465 | DSA_SIG_free(dsa_sig); |
466 | return rv; | |
467 | } | |
a4c467c9 DO |
468 | if (BIO_puts(bp, "\n") <= 0) |
469 | return 0; | |
0f113f3e MC |
470 | return X509_signature_dump(bp, sig, indent); |
471 | } | |
fa1ba589 | 472 | |
492a9e24 | 473 | static int dsa_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2) |
0f113f3e MC |
474 | { |
475 | switch (op) { | |
476 | case ASN1_PKEY_CTRL_PKCS7_SIGN: | |
477 | if (arg1 == 0) { | |
478 | int snid, hnid; | |
479 | X509_ALGOR *alg1, *alg2; | |
480 | PKCS7_SIGNER_INFO_get0_algs(arg2, NULL, &alg1, &alg2); | |
481 | if (alg1 == NULL || alg1->algorithm == NULL) | |
482 | return -1; | |
483 | hnid = OBJ_obj2nid(alg1->algorithm); | |
484 | if (hnid == NID_undef) | |
485 | return -1; | |
486 | if (!OBJ_find_sigid_by_algs(&snid, hnid, EVP_PKEY_id(pkey))) | |
487 | return -1; | |
488 | X509_ALGOR_set0(alg2, OBJ_nid2obj(snid), V_ASN1_UNDEF, 0); | |
489 | } | |
490 | return 1; | |
8931b30d | 491 | #ifndef OPENSSL_NO_CMS |
0f113f3e MC |
492 | case ASN1_PKEY_CTRL_CMS_SIGN: |
493 | if (arg1 == 0) { | |
494 | int snid, hnid; | |
495 | X509_ALGOR *alg1, *alg2; | |
496 | CMS_SignerInfo_get0_algs(arg2, NULL, NULL, &alg1, &alg2); | |
497 | if (alg1 == NULL || alg1->algorithm == NULL) | |
498 | return -1; | |
499 | hnid = OBJ_obj2nid(alg1->algorithm); | |
500 | if (hnid == NID_undef) | |
501 | return -1; | |
502 | if (!OBJ_find_sigid_by_algs(&snid, hnid, EVP_PKEY_id(pkey))) | |
503 | return -1; | |
504 | X509_ALGOR_set0(alg2, OBJ_nid2obj(snid), V_ASN1_UNDEF, 0); | |
505 | } | |
506 | return 1; | |
507 | ||
508 | case ASN1_PKEY_CTRL_CMS_RI_TYPE: | |
509 | *(int *)arg2 = CMS_RECIPINFO_NONE; | |
510 | return 1; | |
8931b30d | 511 | #endif |
492a9e24 | 512 | |
0f113f3e MC |
513 | case ASN1_PKEY_CTRL_DEFAULT_MD_NID: |
514 | *(int *)arg2 = NID_sha256; | |
cd4c83b5 | 515 | return 1; |
03919683 | 516 | |
0f113f3e MC |
517 | default: |
518 | return -2; | |
492a9e24 | 519 | |
0f113f3e | 520 | } |
492a9e24 | 521 | |
0f113f3e | 522 | } |
492a9e24 | 523 | |
4889dadc MC |
524 | static size_t dsa_pkey_dirty_cnt(const EVP_PKEY *pkey) |
525 | { | |
526 | return pkey->pkey.dsa->dirty_cnt; | |
527 | } | |
528 | ||
529 | static void *dsa_pkey_export_to(const EVP_PKEY *pk, EVP_KEYMGMT *keymgmt) | |
530 | { | |
531 | DSA *dsa = pk->pkey.dsa; | |
532 | OSSL_PARAM_BLD tmpl; | |
533 | const BIGNUM *p = DSA_get0_p(dsa), *g = DSA_get0_g(dsa); | |
534 | const BIGNUM *q = DSA_get0_q(dsa), *pub_key = DSA_get0_pub_key(dsa); | |
535 | const BIGNUM *priv_key = DSA_get0_priv_key(dsa); | |
536 | OSSL_PARAM *params; | |
537 | void *provkey = NULL; | |
538 | ||
539 | if (p == NULL || q == NULL || g == NULL) | |
540 | return NULL; | |
541 | ||
542 | ossl_param_bld_init(&tmpl); | |
543 | if (!ossl_param_bld_push_BN(&tmpl, OSSL_PKEY_PARAM_FFC_P, p) | |
544 | || !ossl_param_bld_push_BN(&tmpl, OSSL_PKEY_PARAM_FFC_Q, q) | |
545 | || !ossl_param_bld_push_BN(&tmpl, OSSL_PKEY_PARAM_FFC_G, g)) | |
546 | return NULL; | |
547 | ||
548 | /* | |
549 | * This may be used to pass domain parameters only without any key data - | |
550 | * so "pub_key" is optional. We can never have a "priv_key" without a | |
551 | * corresponding "pub_key" though. | |
552 | */ | |
553 | if (pub_key != NULL) { | |
554 | if (!ossl_param_bld_push_BN(&tmpl, OSSL_PKEY_PARAM_DSA_PUB_KEY, | |
555 | pub_key)) | |
556 | return NULL; | |
557 | ||
558 | if (priv_key != NULL) { | |
559 | if (!ossl_param_bld_push_BN(&tmpl, OSSL_PKEY_PARAM_DSA_PRIV_KEY, | |
560 | priv_key)) | |
561 | return NULL; | |
562 | } | |
563 | } | |
564 | ||
565 | params = ossl_param_bld_to_param(&tmpl); | |
566 | ||
567 | /* We export, the provider imports */ | |
568 | provkey = evp_keymgmt_importkey(keymgmt, params); | |
569 | ||
570 | ossl_param_bld_free(params); | |
571 | return provkey; | |
572 | } | |
573 | ||
448be743 DSH |
574 | /* NB these are sorted in pkey_id order, lowest first */ |
575 | ||
578b5514 | 576 | const EVP_PKEY_ASN1_METHOD dsa_asn1_meths[5] = { |
0f113f3e MC |
577 | |
578 | { | |
579 | EVP_PKEY_DSA2, | |
580 | EVP_PKEY_DSA, | |
581 | ASN1_PKEY_ALIAS}, | |
582 | ||
583 | { | |
584 | EVP_PKEY_DSA1, | |
585 | EVP_PKEY_DSA, | |
586 | ASN1_PKEY_ALIAS}, | |
587 | ||
588 | { | |
589 | EVP_PKEY_DSA4, | |
590 | EVP_PKEY_DSA, | |
591 | ASN1_PKEY_ALIAS}, | |
592 | ||
593 | { | |
594 | EVP_PKEY_DSA3, | |
595 | EVP_PKEY_DSA, | |
596 | ASN1_PKEY_ALIAS}, | |
597 | ||
598 | { | |
599 | EVP_PKEY_DSA, | |
600 | EVP_PKEY_DSA, | |
601 | 0, | |
602 | ||
603 | "DSA", | |
604 | "OpenSSL DSA method", | |
605 | ||
606 | dsa_pub_decode, | |
607 | dsa_pub_encode, | |
608 | dsa_pub_cmp, | |
609 | dsa_pub_print, | |
610 | ||
611 | dsa_priv_decode, | |
612 | dsa_priv_encode, | |
613 | dsa_priv_print, | |
614 | ||
615 | int_dsa_size, | |
616 | dsa_bits, | |
617 | dsa_security_bits, | |
618 | ||
619 | dsa_param_decode, | |
620 | dsa_param_encode, | |
621 | dsa_missing_parameters, | |
622 | dsa_copy_parameters, | |
623 | dsa_cmp_parameters, | |
624 | dsa_param_print, | |
625 | dsa_sig_print, | |
626 | ||
627 | int_dsa_free, | |
628 | dsa_pkey_ctrl, | |
629 | old_dsa_priv_decode, | |
4889dadc MC |
630 | old_dsa_priv_encode, |
631 | ||
632 | NULL, NULL, NULL, | |
633 | NULL, NULL, NULL, | |
634 | NULL, NULL, NULL, NULL, | |
635 | ||
636 | dsa_pkey_dirty_cnt, | |
637 | dsa_pkey_export_to | |
638 | } | |
0f113f3e | 639 | }; |