2 * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
11 * DSA low level APIs are deprecated for public use, but still ok for
14 #include "internal/deprecated.h"
17 #include <openssl/x509.h>
18 #include <openssl/asn1.h>
19 #include <openssl/bn.h>
20 #include <openssl/cms.h>
21 #include <openssl/core_names.h>
22 #include <openssl/param_build.h>
23 #include "internal/cryptlib.h"
24 #include "crypto/asn1.h"
25 #include "crypto/dsa.h"
26 #include "crypto/evp.h"
27 #include "internal/ffc.h"
28 #include "dsa_local.h"
30 static int dsa_pub_decode(EVP_PKEY
*pkey
, X509_PUBKEY
*pubkey
)
32 const unsigned char *p
, *pm
;
36 const ASN1_STRING
*pstr
;
38 ASN1_INTEGER
*public_key
= NULL
;
42 if (!X509_PUBKEY_get0_param(NULL
, &p
, &pklen
, &palg
, pubkey
))
44 X509_ALGOR_get0(NULL
, &ptype
, &pval
, palg
);
46 if (ptype
== V_ASN1_SEQUENCE
) {
51 if ((dsa
= d2i_DSAparams(NULL
, &pm
, pmlen
)) == NULL
) {
52 DSAerr(DSA_F_DSA_PUB_DECODE
, DSA_R_DECODE_ERROR
);
56 } else if ((ptype
== V_ASN1_NULL
) || (ptype
== V_ASN1_UNDEF
)) {
57 if ((dsa
= DSA_new()) == NULL
) {
58 DSAerr(DSA_F_DSA_PUB_DECODE
, ERR_R_MALLOC_FAILURE
);
62 DSAerr(DSA_F_DSA_PUB_DECODE
, DSA_R_PARAMETER_ENCODING_ERROR
);
66 if ((public_key
= d2i_ASN1_INTEGER(NULL
, &p
, pklen
)) == NULL
) {
67 DSAerr(DSA_F_DSA_PUB_DECODE
, DSA_R_DECODE_ERROR
);
71 if ((dsa
->pub_key
= ASN1_INTEGER_to_BN(public_key
, NULL
)) == NULL
) {
72 DSAerr(DSA_F_DSA_PUB_DECODE
, DSA_R_BN_DECODE_ERROR
);
77 ASN1_INTEGER_free(public_key
);
78 EVP_PKEY_assign_DSA(pkey
, dsa
);
82 ASN1_INTEGER_free(public_key
);
88 static int dsa_pub_encode(X509_PUBKEY
*pk
, const EVP_PKEY
*pkey
)
92 unsigned char *penc
= NULL
;
94 ASN1_STRING
*str
= NULL
;
95 ASN1_INTEGER
*pubint
= NULL
;
99 if (pkey
->save_parameters
100 && dsa
->params
.p
!= NULL
101 && dsa
->params
.q
!= NULL
102 && dsa
->params
.g
!= NULL
) {
103 str
= ASN1_STRING_new();
105 DSAerr(DSA_F_DSA_PUB_ENCODE
, ERR_R_MALLOC_FAILURE
);
108 str
->length
= i2d_DSAparams(dsa
, &str
->data
);
109 if (str
->length
<= 0) {
110 DSAerr(DSA_F_DSA_PUB_ENCODE
, ERR_R_MALLOC_FAILURE
);
113 ptype
= V_ASN1_SEQUENCE
;
115 ptype
= V_ASN1_UNDEF
;
117 pubint
= BN_to_ASN1_INTEGER(dsa
->pub_key
, NULL
);
119 if (pubint
== NULL
) {
120 DSAerr(DSA_F_DSA_PUB_ENCODE
, ERR_R_MALLOC_FAILURE
);
124 penclen
= i2d_ASN1_INTEGER(pubint
, &penc
);
125 ASN1_INTEGER_free(pubint
);
128 DSAerr(DSA_F_DSA_PUB_ENCODE
, ERR_R_MALLOC_FAILURE
);
132 aobj
= OBJ_nid2obj(EVP_PKEY_DSA
);
136 if (X509_PUBKEY_set0_param(pk
, aobj
, ptype
, str
, penc
, penclen
))
141 ASN1_STRING_free(str
);
147 * In PKCS#8 DSA: you just get a private key integer and parameters in the
148 * AlgorithmIdentifier the pubkey must be recalculated.
151 static int dsa_priv_decode(EVP_PKEY
*pkey
, const PKCS8_PRIV_KEY_INFO
*p8
)
153 const unsigned char *p
, *pm
;
157 const ASN1_STRING
*pstr
;
158 const X509_ALGOR
*palg
;
159 ASN1_INTEGER
*privkey
= NULL
;
166 if (!PKCS8_pkey_get0(NULL
, &p
, &pklen
, &palg
, p8
))
168 X509_ALGOR_get0(NULL
, &ptype
, &pval
, palg
);
170 if ((privkey
= d2i_ASN1_INTEGER(NULL
, &p
, pklen
)) == NULL
)
172 if (privkey
->type
== V_ASN1_NEG_INTEGER
|| ptype
!= V_ASN1_SEQUENCE
)
177 pmlen
= pstr
->length
;
178 if ((dsa
= d2i_DSAparams(NULL
, &pm
, pmlen
)) == NULL
)
180 /* We have parameters now set private key */
181 if ((dsa
->priv_key
= BN_secure_new()) == NULL
182 || !ASN1_INTEGER_to_BN(privkey
, dsa
->priv_key
)) {
183 DSAerr(DSA_F_DSA_PRIV_DECODE
, DSA_R_BN_ERROR
);
186 /* Calculate public key */
187 if ((dsa
->pub_key
= BN_new()) == NULL
) {
188 DSAerr(DSA_F_DSA_PRIV_DECODE
, ERR_R_MALLOC_FAILURE
);
191 if ((ctx
= BN_CTX_new()) == NULL
) {
192 DSAerr(DSA_F_DSA_PRIV_DECODE
, ERR_R_MALLOC_FAILURE
);
196 BN_set_flags(dsa
->priv_key
, BN_FLG_CONSTTIME
);
197 if (!BN_mod_exp(dsa
->pub_key
, dsa
->params
.g
, dsa
->priv_key
, dsa
->params
.p
,
199 DSAerr(DSA_F_DSA_PRIV_DECODE
, DSA_R_BN_ERROR
);
204 EVP_PKEY_assign_DSA(pkey
, dsa
);
210 DSAerr(DSA_F_DSA_PRIV_DECODE
, DSA_R_DECODE_ERROR
);
215 ASN1_STRING_clear_free(privkey
);
219 static int dsa_priv_encode(PKCS8_PRIV_KEY_INFO
*p8
, const EVP_PKEY
*pkey
)
221 ASN1_STRING
*params
= NULL
;
222 ASN1_INTEGER
*prkey
= NULL
;
223 unsigned char *dp
= NULL
;
226 if (pkey
->pkey
.dsa
== NULL
|| pkey
->pkey
.dsa
->priv_key
== NULL
) {
227 DSAerr(DSA_F_DSA_PRIV_ENCODE
, DSA_R_MISSING_PARAMETERS
);
231 params
= ASN1_STRING_new();
233 if (params
== NULL
) {
234 DSAerr(DSA_F_DSA_PRIV_ENCODE
, ERR_R_MALLOC_FAILURE
);
238 params
->length
= i2d_DSAparams(pkey
->pkey
.dsa
, ¶ms
->data
);
239 if (params
->length
<= 0) {
240 DSAerr(DSA_F_DSA_PRIV_ENCODE
, ERR_R_MALLOC_FAILURE
);
243 params
->type
= V_ASN1_SEQUENCE
;
245 /* Get private key into integer */
246 prkey
= BN_to_ASN1_INTEGER(pkey
->pkey
.dsa
->priv_key
, NULL
);
249 DSAerr(DSA_F_DSA_PRIV_ENCODE
, DSA_R_BN_ERROR
);
253 dplen
= i2d_ASN1_INTEGER(prkey
, &dp
);
255 ASN1_STRING_clear_free(prkey
);
258 if (!PKCS8_pkey_set0(p8
, OBJ_nid2obj(NID_dsa
), 0,
259 V_ASN1_SEQUENCE
, params
, dp
, dplen
))
266 ASN1_STRING_free(params
);
267 ASN1_STRING_clear_free(prkey
);
271 static int int_dsa_size(const EVP_PKEY
*pkey
)
273 return DSA_size(pkey
->pkey
.dsa
);
276 static int dsa_bits(const EVP_PKEY
*pkey
)
278 return DSA_bits(pkey
->pkey
.dsa
);
281 static int dsa_security_bits(const EVP_PKEY
*pkey
)
283 return DSA_security_bits(pkey
->pkey
.dsa
);
286 static int dsa_missing_parameters(const EVP_PKEY
*pkey
)
289 dsa
= pkey
->pkey
.dsa
;
291 || dsa
->params
.p
== NULL
292 || dsa
->params
.q
== NULL
293 || dsa
->params
.g
== NULL
;
296 static int dsa_copy_parameters(EVP_PKEY
*to
, const EVP_PKEY
*from
)
298 if (to
->pkey
.dsa
== NULL
) {
299 to
->pkey
.dsa
= DSA_new();
300 if (to
->pkey
.dsa
== NULL
)
303 if (!ffc_params_copy(&to
->pkey
.dsa
->params
, &from
->pkey
.dsa
->params
))
306 to
->pkey
.dsa
->dirty_cnt
++;
310 static int dsa_cmp_parameters(const EVP_PKEY
*a
, const EVP_PKEY
*b
)
312 return ffc_params_cmp(&a
->pkey
.dsa
->params
, &b
->pkey
.dsa
->params
, 1);
315 static int dsa_pub_cmp(const EVP_PKEY
*a
, const EVP_PKEY
*b
)
317 return BN_cmp(b
->pkey
.dsa
->pub_key
, a
->pkey
.dsa
->pub_key
) == 0;
320 static void int_dsa_free(EVP_PKEY
*pkey
)
322 DSA_free(pkey
->pkey
.dsa
);
325 static int do_dsa_print(BIO
*bp
, const DSA
*x
, int off
, int ptype
)
328 const char *ktype
= NULL
;
329 const BIGNUM
*priv_key
, *pub_key
;
332 if (x
->params
.p
!= NULL
)
333 mod_len
= DSA_bits(x
);
336 priv_key
= x
->priv_key
;
341 pub_key
= x
->pub_key
;
346 ktype
= "Private-Key";
348 ktype
= "Public-Key";
350 ktype
= "DSA-Parameters";
352 if (priv_key
!= NULL
) {
353 if (!BIO_indent(bp
, off
, 128))
355 if (BIO_printf(bp
, "%s: (%d bit)\n", ktype
, mod_len
) <= 0)
358 if (BIO_printf(bp
, "Public-Key: (%d bit)\n", mod_len
) <= 0)
362 if (!ASN1_bn_print(bp
, "priv:", priv_key
, NULL
, off
))
364 if (!ASN1_bn_print(bp
, "pub: ", pub_key
, NULL
, off
))
366 if (!ffc_params_print(bp
, &x
->params
, off
))
373 static int dsa_param_decode(EVP_PKEY
*pkey
,
374 const unsigned char **pder
, int derlen
)
378 if ((dsa
= d2i_DSAparams(NULL
, pder
, derlen
)) == NULL
) {
379 DSAerr(DSA_F_DSA_PARAM_DECODE
, ERR_R_DSA_LIB
);
383 EVP_PKEY_assign_DSA(pkey
, dsa
);
387 static int dsa_param_encode(const EVP_PKEY
*pkey
, unsigned char **pder
)
389 return i2d_DSAparams(pkey
->pkey
.dsa
, pder
);
392 static int dsa_param_print(BIO
*bp
, const EVP_PKEY
*pkey
, int indent
,
395 return do_dsa_print(bp
, pkey
->pkey
.dsa
, indent
, 0);
398 static int dsa_pub_print(BIO
*bp
, const EVP_PKEY
*pkey
, int indent
,
401 return do_dsa_print(bp
, pkey
->pkey
.dsa
, indent
, 1);
404 static int dsa_priv_print(BIO
*bp
, const EVP_PKEY
*pkey
, int indent
,
407 return do_dsa_print(bp
, pkey
->pkey
.dsa
, indent
, 2);
410 static int old_dsa_priv_decode(EVP_PKEY
*pkey
,
411 const unsigned char **pder
, int derlen
)
415 if ((dsa
= d2i_DSAPrivateKey(NULL
, pder
, derlen
)) == NULL
) {
416 DSAerr(DSA_F_OLD_DSA_PRIV_DECODE
, ERR_R_DSA_LIB
);
420 EVP_PKEY_assign_DSA(pkey
, dsa
);
424 static int old_dsa_priv_encode(const EVP_PKEY
*pkey
, unsigned char **pder
)
426 return i2d_DSAPrivateKey(pkey
->pkey
.dsa
, pder
);
429 static int dsa_sig_print(BIO
*bp
, const X509_ALGOR
*sigalg
,
430 const ASN1_STRING
*sig
, int indent
, ASN1_PCTX
*pctx
)
433 const unsigned char *p
;
436 if (BIO_puts(bp
, "\n") <= 0)
442 dsa_sig
= d2i_DSA_SIG(NULL
, &p
, sig
->length
);
443 if (dsa_sig
!= NULL
) {
447 DSA_SIG_get0(dsa_sig
, &r
, &s
);
449 if (BIO_write(bp
, "\n", 1) != 1)
452 if (!ASN1_bn_print(bp
, "r: ", r
, NULL
, indent
))
454 if (!ASN1_bn_print(bp
, "s: ", s
, NULL
, indent
))
458 DSA_SIG_free(dsa_sig
);
461 if (BIO_puts(bp
, "\n") <= 0)
463 return X509_signature_dump(bp
, sig
, indent
);
466 static int dsa_pkey_ctrl(EVP_PKEY
*pkey
, int op
, long arg1
, void *arg2
)
469 case ASN1_PKEY_CTRL_PKCS7_SIGN
:
472 X509_ALGOR
*alg1
, *alg2
;
473 PKCS7_SIGNER_INFO_get0_algs(arg2
, NULL
, &alg1
, &alg2
);
474 if (alg1
== NULL
|| alg1
->algorithm
== NULL
)
476 hnid
= OBJ_obj2nid(alg1
->algorithm
);
477 if (hnid
== NID_undef
)
479 if (!OBJ_find_sigid_by_algs(&snid
, hnid
, EVP_PKEY_id(pkey
)))
481 X509_ALGOR_set0(alg2
, OBJ_nid2obj(snid
), V_ASN1_UNDEF
, 0);
484 #ifndef OPENSSL_NO_CMS
485 case ASN1_PKEY_CTRL_CMS_SIGN
:
488 X509_ALGOR
*alg1
, *alg2
;
489 CMS_SignerInfo_get0_algs(arg2
, NULL
, NULL
, &alg1
, &alg2
);
490 if (alg1
== NULL
|| alg1
->algorithm
== NULL
)
492 hnid
= OBJ_obj2nid(alg1
->algorithm
);
493 if (hnid
== NID_undef
)
495 if (!OBJ_find_sigid_by_algs(&snid
, hnid
, EVP_PKEY_id(pkey
)))
497 X509_ALGOR_set0(alg2
, OBJ_nid2obj(snid
), V_ASN1_UNDEF
, 0);
501 case ASN1_PKEY_CTRL_CMS_RI_TYPE
:
502 *(int *)arg2
= CMS_RECIPINFO_NONE
;
506 case ASN1_PKEY_CTRL_DEFAULT_MD_NID
:
507 *(int *)arg2
= NID_sha256
;
517 static size_t dsa_pkey_dirty_cnt(const EVP_PKEY
*pkey
)
519 return pkey
->pkey
.dsa
->dirty_cnt
;
522 static int dsa_pkey_export_to(const EVP_PKEY
*from
, void *to_keydata
,
523 EVP_KEYMGMT
*to_keymgmt
, OPENSSL_CTX
*libctx
,
526 DSA
*dsa
= from
->pkey
.dsa
;
527 OSSL_PARAM_BLD
*tmpl
;
528 const BIGNUM
*p
= DSA_get0_p(dsa
), *g
= DSA_get0_g(dsa
);
529 const BIGNUM
*q
= DSA_get0_q(dsa
), *pub_key
= DSA_get0_pub_key(dsa
);
530 const BIGNUM
*priv_key
= DSA_get0_priv_key(dsa
);
536 * If the DSA method is foreign, then we can't be sure of anything, and
537 * can therefore not export or pretend to export.
539 if (DSA_get_method(dsa
) != DSA_OpenSSL())
542 if (p
== NULL
|| q
== NULL
|| g
== NULL
)
545 tmpl
= OSSL_PARAM_BLD_new();
549 if (!OSSL_PARAM_BLD_push_BN(tmpl
, OSSL_PKEY_PARAM_FFC_P
, p
)
550 || !OSSL_PARAM_BLD_push_BN(tmpl
, OSSL_PKEY_PARAM_FFC_Q
, q
)
551 || !OSSL_PARAM_BLD_push_BN(tmpl
, OSSL_PKEY_PARAM_FFC_G
, g
))
553 selection
|= OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS
;
554 if (pub_key
!= NULL
) {
555 if (!OSSL_PARAM_BLD_push_BN(tmpl
, OSSL_PKEY_PARAM_PUB_KEY
,
558 selection
|= OSSL_KEYMGMT_SELECT_PUBLIC_KEY
;
560 if (priv_key
!= NULL
) {
561 if (!OSSL_PARAM_BLD_push_BN(tmpl
, OSSL_PKEY_PARAM_PRIV_KEY
,
564 selection
|= OSSL_KEYMGMT_SELECT_PRIVATE_KEY
;
567 if ((params
= OSSL_PARAM_BLD_to_param(tmpl
)) == NULL
)
570 /* We export, the provider imports */
571 rv
= evp_keymgmt_import(to_keymgmt
, to_keydata
, selection
, params
);
573 OSSL_PARAM_BLD_free_params(params
);
575 OSSL_PARAM_BLD_free(tmpl
);
579 static int dsa_pkey_import_from(const OSSL_PARAM params
[], void *key
)
581 EVP_PKEY
*pkey
= key
;
582 DSA
*dsa
= DSA_new();
585 ERR_raise(ERR_LIB_DSA
, ERR_R_MALLOC_FAILURE
);
589 if (!dsa_ffc_params_fromdata(dsa
, params
)
590 || !dsa_key_fromdata(dsa
, params
)
591 || !EVP_PKEY_assign_DSA(pkey
, dsa
)) {
598 /* NB these are sorted in pkey_id order, lowest first */
600 const EVP_PKEY_ASN1_METHOD dsa_asn1_meths
[5] = {
628 "OpenSSL DSA method",
645 dsa_missing_parameters
,
658 NULL
, NULL
, NULL
, NULL
,