]> git.ipfire.org Git - thirdparty/openssl.git/blob - providers/implementations/keymgmt/dsa_kmgmt.c
projects / thirdparty / openssl.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Update copyright year
[thirdparty/openssl.git] / providers / implementations / keymgmt / dsa_kmgmt.c
1 /*
2 * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 /*
11 * DSA low level APIs are deprecated for public use, but still ok for
12 * internal use.
13 */
14 #include "internal/deprecated.h"
15
16 #include <openssl/core_dispatch.h>
17 #include <openssl/core_names.h>
18 #include <openssl/bn.h>
19 #include <openssl/err.h>
20 #include "prov/providercommon.h"
21 #include "prov/implementations.h"
22 #include "prov/provider_ctx.h"
23 #include "crypto/dsa.h"
24 #include "internal/sizes.h"
25 #include "internal/nelem.h"
26 #include "internal/param_build_set.h"
27
28 static OSSL_FUNC_keymgmt_new_fn dsa_newdata;
29 static OSSL_FUNC_keymgmt_free_fn dsa_freedata;
30 static OSSL_FUNC_keymgmt_gen_init_fn dsa_gen_init;
31 static OSSL_FUNC_keymgmt_gen_set_template_fn dsa_gen_set_template;
32 static OSSL_FUNC_keymgmt_gen_set_params_fn dsa_gen_set_params;
33 static OSSL_FUNC_keymgmt_gen_settable_params_fn dsa_gen_settable_params;
34 static OSSL_FUNC_keymgmt_gen_fn dsa_gen;
35 static OSSL_FUNC_keymgmt_gen_cleanup_fn dsa_gen_cleanup;
36 static OSSL_FUNC_keymgmt_load_fn dsa_load;
37 static OSSL_FUNC_keymgmt_get_params_fn dsa_get_params;
38 static OSSL_FUNC_keymgmt_gettable_params_fn dsa_gettable_params;
39 static OSSL_FUNC_keymgmt_has_fn dsa_has;
40 static OSSL_FUNC_keymgmt_match_fn dsa_match;
41 static OSSL_FUNC_keymgmt_validate_fn dsa_validate;
42 static OSSL_FUNC_keymgmt_import_fn dsa_import;
43 static OSSL_FUNC_keymgmt_import_types_fn dsa_import_types;
44 static OSSL_FUNC_keymgmt_export_fn dsa_export;
45 static OSSL_FUNC_keymgmt_export_types_fn dsa_export_types;
46 static OSSL_FUNC_keymgmt_dup_fn dsa_dup;
47
48 #define DSA_DEFAULT_MD "SHA256"
49 #define DSA_POSSIBLE_SELECTIONS \
50 (OSSL_KEYMGMT_SELECT_KEYPAIR | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS)
51
52 struct dsa_gen_ctx {
53 OSSL_LIB_CTX *libctx;
54
55 FFC_PARAMS *ffc_params;
56 int selection;
57 /* All these parameters are used for parameter generation only */
58 size_t pbits;
59 size_t qbits;
60 unsigned char *seed; /* optional FIPS186-4 param for testing */
61 size_t seedlen;
62 int gindex; /* optional FIPS186-4 generator index (ignored if -1) */
63 int gen_type; /* DSA_PARAMGEN_TYPE_FIPS_186_2 or DSA_PARAMGEN_TYPE_FIPS_186_4 */
64 int pcounter;
65 int hindex;
66 char *mdname;
67 char *mdprops;
68 OSSL_CALLBACK *cb;
69 void *cbarg;
70 };
71 typedef struct dh_name2id_st{
72 const char *name;
73 int id;
74 } DSA_GENTYPE_NAME2ID;
75
76 static const DSA_GENTYPE_NAME2ID dsatype2id[]=
77 {
78 #ifdef FIPS_MODULE
79 { "default", DSA_PARAMGEN_TYPE_FIPS_186_4 },
80 #else
81 { "default", DSA_PARAMGEN_TYPE_FIPS_DEFAULT },
82 #endif
83 { "fips186_4", DSA_PARAMGEN_TYPE_FIPS_186_4 },
84 { "fips186_2", DSA_PARAMGEN_TYPE_FIPS_186_2 },
85 };
86
87 static int dsa_gen_type_name2id(const char *name)
88 {
89 size_t i;
90
91 for (i = 0; i < OSSL_NELEM(dsatype2id); ++i) {
92 if (OPENSSL_strcasecmp(dsatype2id[i].name, name) == 0)
93 return dsatype2id[i].id;
94 }
95 return -1;
96 }
97
98 static int dsa_key_todata(DSA *dsa, OSSL_PARAM_BLD *bld, OSSL_PARAM params[],
99 int include_private)
100 {
101 const BIGNUM *priv = NULL, *pub = NULL;
102
103 if (dsa == NULL)
104 return 0;
105
106 DSA_get0_key(dsa, &pub, &priv);
107 if (include_private
108 && priv != NULL
109 && !ossl_param_build_set_bn(bld, params, OSSL_PKEY_PARAM_PRIV_KEY, priv))
110 return 0;
111 if (pub != NULL
112 && !ossl_param_build_set_bn(bld, params, OSSL_PKEY_PARAM_PUB_KEY, pub))
113 return 0;
114
115 return 1;
116 }
117
118 static void *dsa_newdata(void *provctx)
119 {
120 if (!ossl_prov_is_running())
121 return NULL;
122 return ossl_dsa_new(PROV_LIBCTX_OF(provctx));
123 }
124
125 static void dsa_freedata(void *keydata)
126 {
127 DSA_free(keydata);
128 }
129
130 static int dsa_has(const void *keydata, int selection)
131 {
132 const DSA *dsa = keydata;
133 int ok = 1;
134
135 if (!ossl_prov_is_running() || dsa == NULL)
136 return 0;
137 if ((selection & DSA_POSSIBLE_SELECTIONS) == 0)
138 return 1; /* the selection is not missing */
139
140 if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0)
141 ok = ok && (DSA_get0_pub_key(dsa) != NULL);
142 if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0)
143 ok = ok && (DSA_get0_priv_key(dsa) != NULL);
144 if ((selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) != 0)
145 ok = ok && (DSA_get0_p(dsa) != NULL && DSA_get0_g(dsa) != NULL);
146 return ok;
147 }
148
149 static int dsa_match(const void *keydata1, const void *keydata2, int selection)
150 {
151 const DSA *dsa1 = keydata1;
152 const DSA *dsa2 = keydata2;
153 int ok = 1;
154
155 if (!ossl_prov_is_running())
156 return 0;
157
158 if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) {
159 int key_checked = 0;
160
161 if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) {
162 const BIGNUM *pa = DSA_get0_pub_key(dsa1);
163 const BIGNUM *pb = DSA_get0_pub_key(dsa2);
164
165 if (pa != NULL && pb != NULL) {
166 ok = ok && BN_cmp(pa, pb) == 0;
167 key_checked = 1;
168 }
169 }
170 if (!key_checked
171 && (selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) {
172 const BIGNUM *pa = DSA_get0_priv_key(dsa1);
173 const BIGNUM *pb = DSA_get0_priv_key(dsa2);
174
175 if (pa != NULL && pb != NULL) {
176 ok = ok && BN_cmp(pa, pb) == 0;
177 key_checked = 1;
178 }
179 }
180 ok = ok && key_checked;
181 }
182 if ((selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) != 0) {
183 FFC_PARAMS *dsaparams1 = ossl_dsa_get0_params((DSA *)dsa1);
184 FFC_PARAMS *dsaparams2 = ossl_dsa_get0_params((DSA *)dsa2);
185
186 ok = ok && ossl_ffc_params_cmp(dsaparams1, dsaparams2, 1);
187 }
188 return ok;
189 }
190
191 static int dsa_import(void *keydata, int selection, const OSSL_PARAM params[])
192 {
193 DSA *dsa = keydata;
194 int ok = 1;
195
196 if (!ossl_prov_is_running() || dsa == NULL)
197 return 0;
198
199 if ((selection & DSA_POSSIBLE_SELECTIONS) == 0)
200 return 0;
201
202 if ((selection & OSSL_KEYMGMT_SELECT_ALL_PARAMETERS) != 0)
203 ok = ok && ossl_dsa_ffc_params_fromdata(dsa, params);
204 if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) {
205 int include_private =
206 selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY ? 1 : 0;
207
208 ok = ok && ossl_dsa_key_fromdata(dsa, params, include_private);
209 }
210
211 return ok;
212 }
213
214 static int dsa_export(void *keydata, int selection, OSSL_CALLBACK *param_cb,
215 void *cbarg)
216 {
217 DSA *dsa = keydata;
218 OSSL_PARAM_BLD *tmpl;
219 OSSL_PARAM *params = NULL;
220 int ok = 1;
221
222 if (!ossl_prov_is_running() || dsa == NULL)
223 return 0;
224
225 tmpl = OSSL_PARAM_BLD_new();
226 if (tmpl == NULL)
227 return 0;
228
229 if ((selection & OSSL_KEYMGMT_SELECT_ALL_PARAMETERS) != 0)
230 ok = ok && ossl_ffc_params_todata(ossl_dsa_get0_params(dsa), tmpl, NULL);
231 if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) {
232 int include_private =
233 selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY ? 1 : 0;
234
235 ok = ok && dsa_key_todata(dsa, tmpl, NULL, include_private);
236 }
237
238 if (!ok
239 || (params = OSSL_PARAM_BLD_to_param(tmpl)) == NULL)
240 goto err;
241
242 ok = param_cb(params, cbarg);
243 OSSL_PARAM_free(params);
244 err:
245 OSSL_PARAM_BLD_free(tmpl);
246 return ok;
247 }
248
249 /* IMEXPORT = IMPORT + EXPORT */
250
251 # define DSA_IMEXPORTABLE_PARAMETERS \
252 OSSL_PARAM_BN(OSSL_PKEY_PARAM_FFC_P, NULL, 0), \
253 OSSL_PARAM_BN(OSSL_PKEY_PARAM_FFC_Q, NULL, 0), \
254 OSSL_PARAM_BN(OSSL_PKEY_PARAM_FFC_G, NULL, 0), \
255 OSSL_PARAM_BN(OSSL_PKEY_PARAM_FFC_COFACTOR, NULL, 0), \
256 OSSL_PARAM_int(OSSL_PKEY_PARAM_FFC_GINDEX, NULL), \
257 OSSL_PARAM_int(OSSL_PKEY_PARAM_FFC_PCOUNTER, NULL), \
258 OSSL_PARAM_int(OSSL_PKEY_PARAM_FFC_H, NULL), \
259 OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_FFC_SEED, NULL, 0)
260 # define DSA_IMEXPORTABLE_PUBLIC_KEY \
261 OSSL_PARAM_BN(OSSL_PKEY_PARAM_PUB_KEY, NULL, 0)
262 # define DSA_IMEXPORTABLE_PRIVATE_KEY \
263 OSSL_PARAM_BN(OSSL_PKEY_PARAM_PRIV_KEY, NULL, 0)
264 static const OSSL_PARAM dsa_all_types[] = {
265 DSA_IMEXPORTABLE_PARAMETERS,
266 DSA_IMEXPORTABLE_PUBLIC_KEY,
267 DSA_IMEXPORTABLE_PRIVATE_KEY,
268 OSSL_PARAM_END
269 };
270 static const OSSL_PARAM dsa_parameter_types[] = {
271 DSA_IMEXPORTABLE_PARAMETERS,
272 OSSL_PARAM_END
273 };
274 static const OSSL_PARAM dsa_key_types[] = {
275 DSA_IMEXPORTABLE_PUBLIC_KEY,
276 DSA_IMEXPORTABLE_PRIVATE_KEY,
277 OSSL_PARAM_END
278 };
279 static const OSSL_PARAM *dsa_types[] = {
280 NULL, /* Index 0 = none of them */
281 dsa_parameter_types, /* Index 1 = parameter types */
282 dsa_key_types, /* Index 2 = key types */
283 dsa_all_types /* Index 3 = 1 + 2 */
284 };
285
286 static const OSSL_PARAM *dsa_imexport_types(int selection)
287 {
288 int type_select = 0;
289
290 if ((selection & OSSL_KEYMGMT_SELECT_ALL_PARAMETERS) != 0)
291 type_select += 1;
292 if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0)
293 type_select += 2;
294 return dsa_types[type_select];
295 }
296
297 static const OSSL_PARAM *dsa_import_types(int selection)
298 {
299 return dsa_imexport_types(selection);
300 }
301
302 static const OSSL_PARAM *dsa_export_types(int selection)
303 {
304 return dsa_imexport_types(selection);
305 }
306
307 static ossl_inline int dsa_get_params(void *key, OSSL_PARAM params[])
308 {
309 DSA *dsa = key;
310 OSSL_PARAM *p;
311
312 if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_BITS)) != NULL
313 && !OSSL_PARAM_set_int(p, DSA_bits(dsa)))
314 return 0;
315 if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_SECURITY_BITS)) != NULL
316 && !OSSL_PARAM_set_int(p, DSA_security_bits(dsa)))
317 return 0;
318 if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_MAX_SIZE)) != NULL
319 && !OSSL_PARAM_set_int(p, DSA_size(dsa)))
320 return 0;
321 if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_DEFAULT_DIGEST)) != NULL
322 && !OSSL_PARAM_set_utf8_string(p, DSA_DEFAULT_MD))
323 return 0;
324 return ossl_ffc_params_todata(ossl_dsa_get0_params(dsa), NULL, params)
325 && dsa_key_todata(dsa, NULL, params, 1);
326 }
327
328 static const OSSL_PARAM dsa_params[] = {
329 OSSL_PARAM_int(OSSL_PKEY_PARAM_BITS, NULL),
330 OSSL_PARAM_int(OSSL_PKEY_PARAM_SECURITY_BITS, NULL),
331 OSSL_PARAM_int(OSSL_PKEY_PARAM_MAX_SIZE, NULL),
332 OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_DEFAULT_DIGEST, NULL, 0),
333 DSA_IMEXPORTABLE_PARAMETERS,
334 DSA_IMEXPORTABLE_PUBLIC_KEY,
335 DSA_IMEXPORTABLE_PRIVATE_KEY,
336 OSSL_PARAM_END
337 };
338
339 static const OSSL_PARAM *dsa_gettable_params(void *provctx)
340 {
341 return dsa_params;
342 }
343
344 static int dsa_validate_domparams(const DSA *dsa, int checktype)
345 {
346 int status = 0;
347
348 return ossl_dsa_check_params(dsa, checktype, &status);
349 }
350
351 static int dsa_validate_public(const DSA *dsa)
352 {
353 int status = 0;
354 const BIGNUM *pub_key = NULL;
355
356 DSA_get0_key(dsa, &pub_key, NULL);
357 if (pub_key == NULL)
358 return 0;
359 return ossl_dsa_check_pub_key(dsa, pub_key, &status);
360 }
361
362 static int dsa_validate_private(const DSA *dsa)
363 {
364 int status = 0;
365 const BIGNUM *priv_key = NULL;
366
367 DSA_get0_key(dsa, NULL, &priv_key);
368 if (priv_key == NULL)
369 return 0;
370 return ossl_dsa_check_priv_key(dsa, priv_key, &status);
371 }
372
373 static int dsa_validate(const void *keydata, int selection, int checktype)
374 {
375 const DSA *dsa = keydata;
376 int ok = 1;
377
378 if (!ossl_prov_is_running())
379 return 0;
380
381 if ((selection & DSA_POSSIBLE_SELECTIONS) == 0)
382 return 1; /* nothing to validate */
383
384 if ((selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) != 0)
385 ok = ok && dsa_validate_domparams(dsa, checktype);
386
387 if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0)
388 ok = ok && dsa_validate_public(dsa);
389
390 if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0)
391 ok = ok && dsa_validate_private(dsa);
392
393 /* If the whole key is selected, we do a pairwise validation */
394 if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR)
395 == OSSL_KEYMGMT_SELECT_KEYPAIR)
396 ok = ok && ossl_dsa_check_pairwise(dsa);
397 return ok;
398 }
399
400 static void *dsa_gen_init(void *provctx, int selection,
401 const OSSL_PARAM params[])
402 {
403 OSSL_LIB_CTX *libctx = PROV_LIBCTX_OF(provctx);
404 struct dsa_gen_ctx *gctx = NULL;
405
406 if (!ossl_prov_is_running() || (selection & DSA_POSSIBLE_SELECTIONS) == 0)
407 return NULL;
408
409 if ((gctx = OPENSSL_zalloc(sizeof(*gctx))) != NULL) {
410 gctx->selection = selection;
411 gctx->libctx = libctx;
412 gctx->pbits = 2048;
413 gctx->qbits = 224;
414 #ifdef FIPS_MODULE
415 gctx->gen_type = DSA_PARAMGEN_TYPE_FIPS_186_4;
416 #else
417 gctx->gen_type = DSA_PARAMGEN_TYPE_FIPS_DEFAULT;
418 #endif
419 gctx->gindex = -1;
420 gctx->pcounter = -1;
421 gctx->hindex = 0;
422 }
423 if (!dsa_gen_set_params(gctx, params)) {
424 OPENSSL_free(gctx);
425 gctx = NULL;
426 }
427 return gctx;
428 }
429
430 static int dsa_gen_set_template(void *genctx, void *templ)
431 {
432 struct dsa_gen_ctx *gctx = genctx;
433 DSA *dsa = templ;
434
435 if (!ossl_prov_is_running() || gctx == NULL || dsa == NULL)
436 return 0;
437 gctx->ffc_params = ossl_dsa_get0_params(dsa);
438 return 1;
439 }
440
441 static int dsa_set_gen_seed(struct dsa_gen_ctx *gctx, unsigned char *seed,
442 size_t seedlen)
443 {
444 OPENSSL_clear_free(gctx->seed, gctx->seedlen);
445 gctx->seed = NULL;
446 gctx->seedlen = 0;
447 if (seed != NULL && seedlen > 0) {
448 gctx->seed = OPENSSL_memdup(seed, seedlen);
449 if (gctx->seed == NULL)
450 return 0;
451 gctx->seedlen = seedlen;
452 }
453 return 1;
454 }
455
456 static int dsa_gen_set_params(void *genctx, const OSSL_PARAM params[])
457 {
458 struct dsa_gen_ctx *gctx = genctx;
459 const OSSL_PARAM *p;
460
461 if (gctx == NULL)
462 return 0;
463 if (params == NULL)
464 return 1;
465
466
467 p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_TYPE);
468 if (p != NULL) {
469 if (p->data_type != OSSL_PARAM_UTF8_STRING
470 || ((gctx->gen_type = dsa_gen_type_name2id(p->data)) == -1)) {
471 ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_INVALID_ARGUMENT);
472 return 0;
473 }
474 }
475 p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_GINDEX);
476 if (p != NULL
477 && !OSSL_PARAM_get_int(p, &gctx->gindex))
478 return 0;
479 p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_PCOUNTER);
480 if (p != NULL
481 && !OSSL_PARAM_get_int(p, &gctx->pcounter))
482 return 0;
483 p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_H);
484 if (p != NULL
485 && !OSSL_PARAM_get_int(p, &gctx->hindex))
486 return 0;
487 p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_SEED);
488 if (p != NULL
489 && (p->data_type != OSSL_PARAM_OCTET_STRING
490 || !dsa_set_gen_seed(gctx, p->data, p->data_size)))
491 return 0;
492 if ((p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_PBITS)) != NULL
493 && !OSSL_PARAM_get_size_t(p, &gctx->pbits))
494 return 0;
495 if ((p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_QBITS)) != NULL
496 && !OSSL_PARAM_get_size_t(p, &gctx->qbits))
497 return 0;
498 p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_DIGEST);
499 if (p != NULL) {
500 if (p->data_type != OSSL_PARAM_UTF8_STRING)
501 return 0;
502 OPENSSL_free(gctx->mdname);
503 gctx->mdname = OPENSSL_strdup(p->data);
504 if (gctx->mdname == NULL)
505 return 0;
506 }
507 p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_DIGEST_PROPS);
508 if (p != NULL) {
509 if (p->data_type != OSSL_PARAM_UTF8_STRING)
510 return 0;
511 OPENSSL_free(gctx->mdprops);
512 gctx->mdprops = OPENSSL_strdup(p->data);
513 if (gctx->mdprops == NULL)
514 return 0;
515 }
516 return 1;
517 }
518
519 static const OSSL_PARAM *dsa_gen_settable_params(ossl_unused void *genctx,
520 ossl_unused void *provctx)
521 {
522 static OSSL_PARAM settable[] = {
523 OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_FFC_TYPE, NULL, 0),
524 OSSL_PARAM_size_t(OSSL_PKEY_PARAM_FFC_PBITS, NULL),
525 OSSL_PARAM_size_t(OSSL_PKEY_PARAM_FFC_QBITS, NULL),
526 OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_FFC_DIGEST, NULL, 0),
527 OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_FFC_DIGEST_PROPS, NULL, 0),
528 OSSL_PARAM_int(OSSL_PKEY_PARAM_FFC_GINDEX, NULL),
529 OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_FFC_SEED, NULL, 0),
530 OSSL_PARAM_int(OSSL_PKEY_PARAM_FFC_PCOUNTER, NULL),
531 OSSL_PARAM_int(OSSL_PKEY_PARAM_FFC_H, NULL),
532 OSSL_PARAM_END
533 };
534 return settable;
535 }
536
537 static int dsa_gencb(int p, int n, BN_GENCB *cb)
538 {
539 struct dsa_gen_ctx *gctx = BN_GENCB_get_arg(cb);
540 OSSL_PARAM params[] = { OSSL_PARAM_END, OSSL_PARAM_END, OSSL_PARAM_END };
541
542 params[0] = OSSL_PARAM_construct_int(OSSL_GEN_PARAM_POTENTIAL, &p);
543 params[1] = OSSL_PARAM_construct_int(OSSL_GEN_PARAM_ITERATION, &n);
544
545 return gctx->cb(params, gctx->cbarg);
546 }
547
548 static void *dsa_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg)
549 {
550 struct dsa_gen_ctx *gctx = genctx;
551 DSA *dsa = NULL;
552 BN_GENCB *gencb = NULL;
553 int ret = 0;
554 FFC_PARAMS *ffc;
555
556 if (!ossl_prov_is_running() || gctx == NULL)
557 return NULL;
558 dsa = ossl_dsa_new(gctx->libctx);
559 if (dsa == NULL)
560 return NULL;
561
562 if (gctx->gen_type == DSA_PARAMGEN_TYPE_FIPS_DEFAULT)
563 gctx->gen_type = (gctx->pbits >= 2048 ? DSA_PARAMGEN_TYPE_FIPS_186_4 :
564 DSA_PARAMGEN_TYPE_FIPS_186_2);
565
566 gctx->cb = osslcb;
567 gctx->cbarg = cbarg;
568 gencb = BN_GENCB_new();
569 if (gencb != NULL)
570 BN_GENCB_set(gencb, dsa_gencb, genctx);
571
572 ffc = ossl_dsa_get0_params(dsa);
573 /* Copy the template value if one was passed */
574 if (gctx->ffc_params != NULL
575 && !ossl_ffc_params_copy(ffc, gctx->ffc_params))
576 goto end;
577
578 if (gctx->seed != NULL
579 && !ossl_ffc_params_set_seed(ffc, gctx->seed, gctx->seedlen))
580 goto end;
581 if (gctx->gindex != -1) {
582 ossl_ffc_params_set_gindex(ffc, gctx->gindex);
583 if (gctx->pcounter != -1)
584 ossl_ffc_params_set_pcounter(ffc, gctx->pcounter);
585 } else if (gctx->hindex != 0) {
586 ossl_ffc_params_set_h(ffc, gctx->hindex);
587 }
588 if (gctx->mdname != NULL) {
589 if (!ossl_ffc_set_digest(ffc, gctx->mdname, gctx->mdprops))
590 goto end;
591 }
592 if ((gctx->selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) != 0) {
593
594 if (ossl_dsa_generate_ffc_parameters(dsa, gctx->gen_type,
595 gctx->pbits, gctx->qbits,
596 gencb) <= 0)
597 goto end;
598 }
599 ossl_ffc_params_enable_flags(ffc, FFC_PARAM_FLAG_VALIDATE_LEGACY,
600 gctx->gen_type == DSA_PARAMGEN_TYPE_FIPS_186_2);
601 if ((gctx->selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) {
602 if (ffc->p == NULL
603 || ffc->q == NULL
604 || ffc->g == NULL)
605 goto end;
606 if (DSA_generate_key(dsa) <= 0)
607 goto end;
608 }
609 ret = 1;
610 end:
611 if (ret <= 0) {
612 DSA_free(dsa);
613 dsa = NULL;
614 }
615 BN_GENCB_free(gencb);
616 return dsa;
617 }
618
619 static void dsa_gen_cleanup(void *genctx)
620 {
621 struct dsa_gen_ctx *gctx = genctx;
622
623 if (gctx == NULL)
624 return;
625
626 OPENSSL_free(gctx->mdname);
627 OPENSSL_free(gctx->mdprops);
628 OPENSSL_clear_free(gctx->seed, gctx->seedlen);
629 OPENSSL_free(gctx);
630 }
631
632 static void *dsa_load(const void *reference, size_t reference_sz)
633 {
634 DSA *dsa = NULL;
635
636 if (ossl_prov_is_running() && reference_sz == sizeof(dsa)) {
637 /* The contents of the reference is the address to our object */
638 dsa = *(DSA **)reference;
639 /* We grabbed, so we detach it */
640 *(DSA **)reference = NULL;
641 return dsa;
642 }
643 return NULL;
644 }
645
646 static void *dsa_dup(const void *keydata_from, int selection)
647 {
648 if (ossl_prov_is_running())
649 return ossl_dsa_dup(keydata_from, selection);
650 return NULL;
651 }
652
653 const OSSL_DISPATCH ossl_dsa_keymgmt_functions[] = {
654 { OSSL_FUNC_KEYMGMT_NEW, (void (*)(void))dsa_newdata },
655 { OSSL_FUNC_KEYMGMT_GEN_INIT, (void (*)(void))dsa_gen_init },
656 { OSSL_FUNC_KEYMGMT_GEN_SET_TEMPLATE, (void (*)(void))dsa_gen_set_template },
657 { OSSL_FUNC_KEYMGMT_GEN_SET_PARAMS, (void (*)(void))dsa_gen_set_params },
658 { OSSL_FUNC_KEYMGMT_GEN_SETTABLE_PARAMS,
659 (void (*)(void))dsa_gen_settable_params },
660 { OSSL_FUNC_KEYMGMT_GEN, (void (*)(void))dsa_gen },
661 { OSSL_FUNC_KEYMGMT_GEN_CLEANUP, (void (*)(void))dsa_gen_cleanup },
662 { OSSL_FUNC_KEYMGMT_LOAD, (void (*)(void))dsa_load },
663 { OSSL_FUNC_KEYMGMT_FREE, (void (*)(void))dsa_freedata },
664 { OSSL_FUNC_KEYMGMT_GET_PARAMS, (void (*) (void))dsa_get_params },
665 { OSSL_FUNC_KEYMGMT_GETTABLE_PARAMS, (void (*) (void))dsa_gettable_params },
666 { OSSL_FUNC_KEYMGMT_HAS, (void (*)(void))dsa_has },
667 { OSSL_FUNC_KEYMGMT_MATCH, (void (*)(void))dsa_match },
668 { OSSL_FUNC_KEYMGMT_VALIDATE, (void (*)(void))dsa_validate },
669 { OSSL_FUNC_KEYMGMT_IMPORT, (void (*)(void))dsa_import },
670 { OSSL_FUNC_KEYMGMT_IMPORT_TYPES, (void (*)(void))dsa_import_types },
671 { OSSL_FUNC_KEYMGMT_EXPORT, (void (*)(void))dsa_export },
672 { OSSL_FUNC_KEYMGMT_EXPORT_TYPES, (void (*)(void))dsa_export_types },
673 { OSSL_FUNC_KEYMGMT_DUP, (void (*)(void))dsa_dup },
674 { 0, NULL }
675 };
A mirror of the official openssl repository