- {
- switch (op)
- {
-#ifndef OPENSSL_NO_CMS
-
- case ASN1_PKEY_CTRL_CMS_ENVELOPE:
- if (arg1 == 1)
- return dh_cms_decrypt(arg2);
- else if (arg1 == 0)
- return dh_cms_encrypt(arg2);
- return -2;
-
- case ASN1_PKEY_CTRL_CMS_RI_TYPE:
- *(int *)arg2 = CMS_RECIPINFO_AGREE;
- return 1;
-#endif
- default:
- return -2;
- }
-
- }
-
-const EVP_PKEY_ASN1_METHOD dh_asn1_meth =
- {
- EVP_PKEY_DH,
- EVP_PKEY_DH,
- 0,
-
- "DH",
- "OpenSSL PKCS#3 DH method",
-
- dh_pub_decode,
- dh_pub_encode,
- dh_pub_cmp,
- dh_public_print,
-
- dh_priv_decode,
- dh_priv_encode,
- dh_private_print,
-
- int_dh_size,
- dh_bits,
-
- dh_param_decode,
- dh_param_encode,
- dh_missing_parameters,
- dh_copy_parameters,
- dh_cmp_parameters,
- dh_param_print,
- 0,
-
- int_dh_free,
- 0
- };
-
-const EVP_PKEY_ASN1_METHOD dhx_asn1_meth =
- {
- EVP_PKEY_DHX,
- EVP_PKEY_DHX,
- 0,
-
- "X9.42 DH",
- "OpenSSL X9.42 DH method",
-
- dh_pub_decode,
- dh_pub_encode,
- dh_pub_cmp,
- dh_public_print,
-
- dh_priv_decode,
- dh_priv_encode,
- dh_private_print,
-
- int_dh_size,
- dh_bits,
-
- dh_param_decode,
- dh_param_encode,
- dh_missing_parameters,
- dh_copy_parameters,
- dh_cmp_parameters,
- dh_param_print,
- 0,
-
- int_dh_free,
- dh_pkey_ctrl
- };
-#ifndef OPENSSL_NO_CMS
-
-static int dh_cms_set_peerkey(EVP_PKEY_CTX *pctx,
- X509_ALGOR *alg, ASN1_BIT_STRING *pubkey)
- {
- ASN1_OBJECT *aoid;
- int atype;
- void *aval;
- ASN1_INTEGER *public_key = NULL;
- int rv = 0;
- EVP_PKEY *pkpeer = NULL, *pk = NULL;
- DH *dhpeer = NULL;
- const unsigned char *p;
- int plen;
-
- X509_ALGOR_get0(&aoid, &atype, &aval, alg);
- if (OBJ_obj2nid(aoid) != NID_dhpublicnumber)
- goto err;
- /* Only absent parameters allowed in RFC XXXX */
- if (atype != V_ASN1_UNDEF && atype == V_ASN1_NULL)
- goto err;
-
- pk = EVP_PKEY_CTX_get0_pkey(pctx);
- if (!pk)
- goto err;
- if (pk->type != EVP_PKEY_DHX)
- goto err;
- /* Get parameters from parent key */
- dhpeer = DHparams_dup(pk->pkey.dh);
- /* We have parameters now set public key */
- plen = ASN1_STRING_length(pubkey);
- p = ASN1_STRING_data(pubkey);
- if (!p || !plen)
- goto err;
-
- if (!(public_key=d2i_ASN1_INTEGER(NULL, &p, plen)))
- {
- DHerr(DH_F_DH_CMS_SET_PEERKEY, DH_R_DECODE_ERROR);
- goto err;
- }
-
- /* We have parameters now set public key */
- if (!(dhpeer->pub_key = ASN1_INTEGER_to_BN(public_key, NULL)))
- {
- DHerr(DH_F_DH_CMS_SET_PEERKEY, DH_R_BN_DECODE_ERROR);
- goto err;
- }
-
- pkpeer = EVP_PKEY_new();
- if (!pkpeer)
- goto err;
- EVP_PKEY_assign(pkpeer, pk->ameth->pkey_id, dhpeer);
- dhpeer = NULL;
- if (EVP_PKEY_derive_set_peer(pctx, pkpeer) > 0)
- rv = 1;
- err:
- if (public_key)
- ASN1_INTEGER_free(public_key);
- if (pkpeer)
- EVP_PKEY_free(pkpeer);
- if (dhpeer)
- DH_free(dhpeer);
- return rv;
- }
-
-static int dh_cms_set_shared_info(EVP_PKEY_CTX *pctx, CMS_RecipientInfo *ri)
- {
- int rv = 0;
-
- X509_ALGOR *alg, *kekalg = NULL;
- ASN1_OCTET_STRING *ukm;
- const unsigned char *p;
- unsigned char *dukm = NULL;
- size_t dukmlen = 0;
- int keylen, plen;
- const EVP_CIPHER *kekcipher;
- EVP_CIPHER_CTX *kekctx;
-
- if (!CMS_RecipientInfo_kari_get0_alg(ri, &alg, &ukm))
- goto err;
-
- /* For DH we only have one OID permissible. If ever any more get
- * defined we will need something cleverer.
- */
- if (OBJ_obj2nid(alg->algorithm) != NID_id_smime_alg_ESDH)
- {
- DHerr(DH_F_DH_CMS_SET_SHARED_INFO, DH_R_KDF_PARAMETER_ERROR);
- goto err;
- }
-
- if (EVP_PKEY_CTX_set_dh_kdf_type(pctx, EVP_PKEY_DH_KDF_X9_42) <= 0)
- goto err;
-
- if (EVP_PKEY_CTX_set_dh_kdf_md(pctx, EVP_sha1()) <= 0)
- goto err;
-
- if (alg->parameter->type != V_ASN1_SEQUENCE)
- goto err;
-
- p = alg->parameter->value.sequence->data;
- plen = alg->parameter->value.sequence->length;
- kekalg = d2i_X509_ALGOR(NULL, &p, plen);
- if (!kekalg)
- goto err;
- kekctx = CMS_RecipientInfo_kari_get0_ctx(ri);
- if (!kekctx)
- goto err;
- kekcipher = EVP_get_cipherbyobj(kekalg->algorithm);
- if (!kekcipher || EVP_CIPHER_mode(kekcipher) != EVP_CIPH_WRAP_MODE)
- goto err;
- if (!EVP_EncryptInit_ex(kekctx, kekcipher, NULL, NULL, NULL))
- goto err;
- if (EVP_CIPHER_asn1_to_param(kekctx, kekalg->parameter) <= 0)
- goto err;
-
- keylen = EVP_CIPHER_CTX_key_length(kekctx);
- if (EVP_PKEY_CTX_set_dh_kdf_outlen(pctx, keylen) <= 0)
- goto err;
- /* Use OBJ_nid2obj to ensure we use built in OID that isn't freed */
- if (EVP_PKEY_CTX_set0_dh_kdf_oid(pctx,
- OBJ_nid2obj(EVP_CIPHER_type(kekcipher))) <= 0)
- goto err;
-
- if (ukm)
- {
- dukmlen = ASN1_STRING_length(ukm);
- dukm = BUF_memdup(ASN1_STRING_data(ukm), dukmlen);
- if (!dukm)
- goto err;
- }
-
- if (EVP_PKEY_CTX_set0_dh_kdf_ukm(pctx, dukm, dukmlen) <= 0)
- goto err;
- dukm = NULL;
-
- rv = 1;
- err:
- if (kekalg)
- X509_ALGOR_free(kekalg);
- if (dukm)
- OPENSSL_free(dukm);
- return rv;
- }
-
-static int dh_cms_decrypt(CMS_RecipientInfo *ri)
- {
- EVP_PKEY_CTX *pctx;
- pctx = CMS_RecipientInfo_get0_pkey_ctx(ri);
- if (!pctx)
- return 0;
- /* See if we need to set peer key */
- if (!EVP_PKEY_CTX_get0_peerkey(pctx))
- {
- X509_ALGOR *alg;
- ASN1_BIT_STRING *pubkey;
- if (!CMS_RecipientInfo_kari_get0_orig_id(ri, &alg, &pubkey,
- NULL, NULL, NULL))
- return 0;
- if (!alg || !pubkey)
- return 0;
- if (!dh_cms_set_peerkey(pctx, alg, pubkey))
- {
- DHerr(DH_F_DH_CMS_DECRYPT, DH_R_PEER_KEY_ERROR);
- return 0;
- }
- }
- /* Set DH derivation parameters and initialise unwrap context */
- if (!dh_cms_set_shared_info(pctx, ri))
- {
- DHerr(DH_F_DH_CMS_DECRYPT, DH_R_SHARED_INFO_ERROR);
- return 0;
- }
- return 1;
- }
-
-static int dh_cms_encrypt(CMS_RecipientInfo *ri)
- {
- EVP_PKEY_CTX *pctx;
- EVP_PKEY *pkey;
- EVP_CIPHER_CTX *ctx;
- int keylen;
- X509_ALGOR *talg, *wrap_alg = NULL;
- ASN1_OBJECT *aoid;
- ASN1_BIT_STRING *pubkey;
- ASN1_STRING *wrap_str;
- ASN1_OCTET_STRING *ukm;
- unsigned char *penc = NULL, *dukm = NULL;
- int penclen;
- size_t dukmlen = 0;
- int rv = 0;
- int kdf_type, wrap_nid;
- const EVP_MD *kdf_md;
- pctx = CMS_RecipientInfo_get0_pkey_ctx(ri);
- if (!pctx)
- return 0;
- /* Get ephemeral key */
- pkey = EVP_PKEY_CTX_get0_pkey(pctx);
- if (!CMS_RecipientInfo_kari_get0_orig_id(ri, &talg, &pubkey,
- NULL, NULL, NULL))
- goto err;
- X509_ALGOR_get0(&aoid, NULL, NULL, talg);
- /* Is everything uninitialised? */
- if (aoid == OBJ_nid2obj(NID_undef))
- {
- ASN1_INTEGER *pubk;
- pubk = BN_to_ASN1_INTEGER(pkey->pkey.dh->pub_key, NULL);
- if (!pubk)
- goto err;
- /* Set the key */
-
- penclen = i2d_ASN1_INTEGER(pubk, &penc);
- ASN1_INTEGER_free(pubk);
- if (penclen <= 0)
- goto err;
- ASN1_STRING_set0(pubkey, penc, penclen);
- pubkey->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07);
- pubkey->flags|=ASN1_STRING_FLAG_BITS_LEFT;
-
- penc = NULL;
- X509_ALGOR_set0(talg, OBJ_nid2obj(NID_dhpublicnumber),
- V_ASN1_UNDEF, NULL);
- }
-
- /* See if custom paraneters set */
- kdf_type = EVP_PKEY_CTX_get_dh_kdf_type(pctx);
- if (kdf_type <= 0)
- goto err;
- if (!EVP_PKEY_CTX_get_dh_kdf_md(pctx, &kdf_md))
- goto err;
-
- if (kdf_type == EVP_PKEY_DH_KDF_NONE)
- {
- kdf_type = EVP_PKEY_DH_KDF_X9_42;
- if (EVP_PKEY_CTX_set_dh_kdf_type(pctx, kdf_type) <= 0)
- goto err;
- }
- else if (kdf_type != EVP_PKEY_DH_KDF_X9_42)
- /* Unknown KDF */
- goto err;
- if (kdf_md == NULL)
- {
- /* Only SHA1 supported */
- kdf_md = EVP_sha1();
- if (EVP_PKEY_CTX_set_dh_kdf_md(pctx, kdf_md) <= 0)
- goto err;
- }
- else if (EVP_MD_type(kdf_md) != NID_sha1)
- /* Unsupported digest */
- goto err;
-
- if (!CMS_RecipientInfo_kari_get0_alg(ri, &talg, &ukm))
- goto err;
-
- /* Get wrap NID */
- ctx = CMS_RecipientInfo_kari_get0_ctx(ri);
- wrap_nid = EVP_CIPHER_CTX_type(ctx);
- if (EVP_PKEY_CTX_set0_dh_kdf_oid(pctx, OBJ_nid2obj(wrap_nid)) <= 0)
- goto err;
- keylen = EVP_CIPHER_CTX_key_length(ctx);
-
- /* Package wrap algorithm in an AlgorithmIdentifier */
-
- wrap_alg = X509_ALGOR_new();
- if (!wrap_alg)
- goto err;
- wrap_alg->algorithm = OBJ_nid2obj(wrap_nid);
- wrap_alg->parameter = ASN1_TYPE_new();
- if (!wrap_alg->parameter)
- goto err;
- if (EVP_CIPHER_param_to_asn1(ctx, wrap_alg->parameter) <= 0)
- goto err;
- if (ASN1_TYPE_get(wrap_alg->parameter) == NID_undef)
- {
- ASN1_TYPE_free(wrap_alg->parameter);
- wrap_alg->parameter = NULL;
- }
-
- if (EVP_PKEY_CTX_set_dh_kdf_outlen(pctx, keylen) <= 0)
- goto err;
-
- if (ukm)
- {
- dukmlen = ASN1_STRING_length(ukm);
- dukm = BUF_memdup(ASN1_STRING_data(ukm), dukmlen);
- if (!dukm)
- goto err;
- }
-
- if (EVP_PKEY_CTX_set0_dh_kdf_ukm(pctx, dukm, dukmlen) <= 0)
- goto err;
- dukm = NULL;
-
- /* Now need to wrap encoding of wrap AlgorithmIdentifier into
- * parameter of another AlgorithmIdentifier.
- */
- penc = NULL;
- penclen = i2d_X509_ALGOR(wrap_alg, &penc);
- if (!penc || !penclen)
- goto err;
- wrap_str = ASN1_STRING_new();
- if (!wrap_str)
- goto err;
- ASN1_STRING_set0(wrap_str, penc, penclen);
- penc = NULL;
- X509_ALGOR_set0(talg, OBJ_nid2obj(NID_id_smime_alg_ESDH),
- V_ASN1_SEQUENCE, wrap_str);
-
- rv = 1;
-
- err:
- if (penc)
- OPENSSL_free(penc);
- if (wrap_alg)
- X509_ALGOR_free(wrap_alg);
- return rv;
- }
-
-#endif
+{
+ switch (op) {
+ case ASN1_PKEY_CTRL_SET1_TLS_ENCPT:
+ /* We should only be here if we have a legacy key */
+ if (!ossl_assert(evp_pkey_is_legacy(pkey)))
+ return 0;
+ return ossl_dh_buf2key(evp_pkey_get0_DH_int(pkey), arg2, arg1);
+ case ASN1_PKEY_CTRL_GET1_TLS_ENCPT:
+ return ossl_dh_key2buf(EVP_PKEY_get0_DH(pkey), arg2, 0, 1);
+ default:
+ return -2;
+ }
+}
+
+static int dhx_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
+{
+ switch (op) {
+ default:
+ return -2;
+ }
+
+}
+
+static int dh_pkey_public_check(const EVP_PKEY *pkey)
+{
+ DH *dh = pkey->pkey.dh;
+
+ if (dh->pub_key == NULL) {
+ ERR_raise(ERR_LIB_DH, DH_R_MISSING_PUBKEY);
+ return 0;
+ }
+
+ return DH_check_pub_key_ex(dh, dh->pub_key);
+}
+
+static int dh_pkey_param_check(const EVP_PKEY *pkey)
+{
+ DH *dh = pkey->pkey.dh;
+
+ return DH_check_ex(dh);
+}
+
+static size_t dh_pkey_dirty_cnt(const EVP_PKEY *pkey)
+{
+ return pkey->pkey.dh->dirty_cnt;
+}
+
+static int dh_pkey_export_to(const EVP_PKEY *from, void *to_keydata,
+ EVP_KEYMGMT *to_keymgmt, OSSL_LIB_CTX *libctx,
+ const char *propq)
+{
+ DH *dh = from->pkey.dh;
+ OSSL_PARAM_BLD *tmpl;
+ const BIGNUM *p = DH_get0_p(dh), *g = DH_get0_g(dh), *q = DH_get0_q(dh);
+ long l = DH_get_length(dh);
+ const BIGNUM *pub_key = DH_get0_pub_key(dh);
+ const BIGNUM *priv_key = DH_get0_priv_key(dh);
+ OSSL_PARAM *params = NULL;
+ int selection = 0;
+ int rv = 0;
+
+ /*
+ * If the DH method is foreign, then we can't be sure of anything, and
+ * can therefore not export or pretend to export.
+ */
+ if (ossl_dh_get_method(dh) != DH_OpenSSL())
+ return 0;
+
+ if (p == NULL || g == NULL)
+ return 0;
+
+ tmpl = OSSL_PARAM_BLD_new();
+ if (tmpl == NULL)
+ return 0;
+ if (!OSSL_PARAM_BLD_push_BN(tmpl, OSSL_PKEY_PARAM_FFC_P, p)
+ || !OSSL_PARAM_BLD_push_BN(tmpl, OSSL_PKEY_PARAM_FFC_G, g))
+ goto err;
+ if (q != NULL) {
+ if (!OSSL_PARAM_BLD_push_BN(tmpl, OSSL_PKEY_PARAM_FFC_Q, q))
+ goto err;
+ }
+ selection |= OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS;
+ if (l > 0) {
+ if (!OSSL_PARAM_BLD_push_long(tmpl, OSSL_PKEY_PARAM_DH_PRIV_LEN, l))
+ goto err;
+ selection |= OSSL_KEYMGMT_SELECT_OTHER_PARAMETERS;
+ }
+ if (pub_key != NULL) {
+ if (!OSSL_PARAM_BLD_push_BN(tmpl, OSSL_PKEY_PARAM_PUB_KEY, pub_key))
+ goto err;
+ selection |= OSSL_KEYMGMT_SELECT_PUBLIC_KEY;
+ }
+ if (priv_key != NULL) {
+ if (!OSSL_PARAM_BLD_push_BN(tmpl, OSSL_PKEY_PARAM_PRIV_KEY,
+ priv_key))
+ goto err;
+ selection |= OSSL_KEYMGMT_SELECT_PRIVATE_KEY;
+ }
+
+ if ((params = OSSL_PARAM_BLD_to_param(tmpl)) == NULL)
+ goto err;
+
+ /* We export, the provider imports */
+ rv = evp_keymgmt_import(to_keymgmt, to_keydata, selection, params);
+
+ OSSL_PARAM_free(params);
+err:
+ OSSL_PARAM_BLD_free(tmpl);
+ return rv;
+}
+
+static int dh_pkey_import_from_type(const OSSL_PARAM params[], void *vpctx,
+ int type)
+{
+ EVP_PKEY_CTX *pctx = vpctx;
+ EVP_PKEY *pkey = EVP_PKEY_CTX_get0_pkey(pctx);
+ DH *dh = ossl_dh_new_ex(pctx->libctx);
+
+ if (dh == NULL) {
+ ERR_raise(ERR_LIB_DH, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ DH_clear_flags(dh, DH_FLAG_TYPE_MASK);
+ DH_set_flags(dh, type == EVP_PKEY_DH ? DH_FLAG_TYPE_DH : DH_FLAG_TYPE_DHX);
+
+ if (!ossl_dh_params_fromdata(dh, params)
+ || !ossl_dh_key_fromdata(dh, params)
+ || !EVP_PKEY_assign(pkey, type, dh)) {
+ DH_free(dh);
+ return 0;
+ }
+ return 1;
+}
+
+static int dh_pkey_import_from(const OSSL_PARAM params[], void *vpctx)
+{
+ return dh_pkey_import_from_type(params, vpctx, EVP_PKEY_DH);
+}
+
+static int dhx_pkey_import_from(const OSSL_PARAM params[], void *vpctx)
+{
+ return dh_pkey_import_from_type(params, vpctx, EVP_PKEY_DHX);
+}
+
+static ossl_inline int dh_bn_dup_check(BIGNUM **out, const BIGNUM *f)
+{
+ if (f != NULL && (*out = BN_dup(f)) == NULL)
+ return 0;
+ return 1;
+}
+
+static DH *dh_dup(const DH *dh)
+{
+ DH *dupkey = NULL;
+
+ /* Do not try to duplicate foreign DH keys */
+ if (ossl_dh_get_method(dh) != DH_OpenSSL())
+ return NULL;
+
+ if ((dupkey = ossl_dh_new_ex(dh->libctx)) == NULL)
+ return NULL;
+
+ dupkey->length = DH_get_length(dh);
+ if (!ossl_ffc_params_copy(&dupkey->params, &dh->params))
+ goto err;
+
+ dupkey->flags = dh->flags;
+
+ if (!dh_bn_dup_check(&dupkey->pub_key, dh->pub_key))
+ goto err;
+ if (!dh_bn_dup_check(&dupkey->priv_key, dh->priv_key))
+ goto err;
+
+ if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_DH,
+ &dupkey->ex_data, &dh->ex_data))
+ goto err;
+
+ return dupkey;
+
+ err:
+ DH_free(dupkey);
+ return NULL;
+}
+
+static int dh_pkey_copy(EVP_PKEY *to, EVP_PKEY *from)
+{
+ DH *dh = from->pkey.dh;
+ DH *dupkey = NULL;
+ int ret;
+
+ if (dh != NULL) {
+ dupkey = dh_dup(dh);
+ if (dupkey == NULL)
+ return 0;
+ }
+
+ ret = EVP_PKEY_assign(to, from->type, dupkey);
+ if (!ret)
+ DH_free(dupkey);
+ return ret;
+}