1 /* 2 * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project 3 * 2006. 4 */ 5 /* ==================================================================== 6 * Copyright (c) 2006 The OpenSSL Project. All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in 17 * the documentation and/or other materials provided with the 18 * distribution. 19 * 20 * 3. All advertising materials mentioning features or use of this 21 * software must display the following acknowledgment: 22 * "This product includes software developed by the OpenSSL Project 23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" 24 * 25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 26 * endorse or promote products derived from this software without 27 * prior written permission. For written permission, please contact 28 * licensing@OpenSSL.org. 29 * 30 * 5. Products derived from this software may not be called "OpenSSL" 31 * nor may "OpenSSL" appear in their names without prior written 32 * permission of the OpenSSL Project. 33 * 34 * 6. Redistributions of any form whatsoever must retain the following 35 * acknowledgment: 36 * "This product includes software developed by the OpenSSL Project 37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" 38 * 39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 50 * OF THE POSSIBILITY OF SUCH DAMAGE. 51 * ==================================================================== 52 * 53 * This product includes cryptographic software written by Eric Young 54 * (eay@cryptsoft.com). This product includes software written by Tim 55 * Hudson (tjh@cryptsoft.com). 56 * 57 */ 58 59 #include <stdio.h> 60 #include "cryptlib.h" 61 #include <openssl/asn1t.h> 62 #include <openssl/x509.h> 63 #include <openssl/evp.h> 64 #include <openssl/bn.h> 65 #include "evp_locl.h" 66 #include "dsa_locl.h" 67 68 /* DSA pkey context structure */ 69 70 typedef struct { 71 /* Parameter gen parameters */ 72 int nbits; /* size of p in bits (default: 1024) */ 73 int qbits; /* size of q in bits (default: 160) */ 74 const EVP_MD *pmd; /* MD for parameter generation */ 75 /* Keygen callback info */ 76 int gentmp[2]; 77 /* message digest */ 78 const EVP_MD *md; /* MD for the signature */ 79 } DSA_PKEY_CTX; 80 81 static int pkey_dsa_init(EVP_PKEY_CTX *ctx) 82 { 83 DSA_PKEY_CTX *dctx; 84 dctx = OPENSSL_malloc(sizeof(DSA_PKEY_CTX)); 85 if (!dctx) 86 return 0; 87 dctx->nbits = 1024; 88 dctx->qbits = 160; 89 dctx->pmd = NULL; 90 dctx->md = NULL; 91 92 ctx->data = dctx; 93 ctx->keygen_info = dctx->gentmp; 94 ctx->keygen_info_count = 2; 95 96 return 1; 97 } 98 99 static int pkey_dsa_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src) 100 { 101 DSA_PKEY_CTX *dctx, *sctx; 102 if (!pkey_dsa_init(dst)) 103 return 0; 104 sctx = src->data; 105 dctx = dst->data; 106 dctx->nbits = sctx->nbits; 107 dctx->qbits = sctx->qbits; 108 dctx->pmd = sctx->pmd; 109 dctx->md = sctx->md; 110 return 1; 111 } 112 113 static void pkey_dsa_cleanup(EVP_PKEY_CTX *ctx) 114 { 115 DSA_PKEY_CTX *dctx = ctx->data; 116 if (dctx) 117 OPENSSL_free(dctx); 118 } 119 120 static int pkey_dsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, 121 size_t *siglen, const unsigned char *tbs, 122 size_t tbslen) 123 { 124 int ret, type; 125 unsigned int sltmp; 126 DSA_PKEY_CTX *dctx = ctx->data; 127 DSA *dsa = ctx->pkey->pkey.dsa; 128 129 if (dctx->md) 130 type = EVP_MD_type(dctx->md); 131 else 132 type = NID_sha1; 133 134 ret = DSA_sign(type, tbs, tbslen, sig, &sltmp, dsa); 135 136 if (ret <= 0) 137 return ret; 138 *siglen = sltmp; 139 return 1; 140 } 141 142 static int pkey_dsa_verify(EVP_PKEY_CTX *ctx, 143 const unsigned char *sig, size_t siglen, 144 const unsigned char *tbs, size_t tbslen) 145 { 146 int ret, type; 147 DSA_PKEY_CTX *dctx = ctx->data; 148 DSA *dsa = ctx->pkey->pkey.dsa; 149 150 if (dctx->md) 151 type = EVP_MD_type(dctx->md); 152 else 153 type = NID_sha1; 154 155 ret = DSA_verify(type, tbs, tbslen, sig, siglen, dsa); 156 157 return ret; 158 } 159 160 static int pkey_dsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) 161 { 162 DSA_PKEY_CTX *dctx = ctx->data; 163 switch (type) { 164 case EVP_PKEY_CTRL_DSA_PARAMGEN_BITS: 165 if (p1 < 256) 166 return -2; 167 dctx->nbits = p1; 168 return 1; 169 170 case EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS: 171 if (p1 != 160 && p1 != 224 && p1 && p1 != 256) 172 return -2; 173 dctx->qbits = p1; 174 return 1; 175 176 case EVP_PKEY_CTRL_DSA_PARAMGEN_MD: 177 if (EVP_MD_type((const EVP_MD *)p2) != NID_sha1 && 178 EVP_MD_type((const EVP_MD *)p2) != NID_sha224 && 179 EVP_MD_type((const EVP_MD *)p2) != NID_sha256) { 180 DSAerr(DSA_F_PKEY_DSA_CTRL, DSA_R_INVALID_DIGEST_TYPE); 181 return 0; 182 } 183 dctx->md = p2; 184 return 1; 185 186 case EVP_PKEY_CTRL_MD: 187 if (EVP_MD_type((const EVP_MD *)p2) != NID_sha1 && 188 EVP_MD_type((const EVP_MD *)p2) != NID_dsa && 189 EVP_MD_type((const EVP_MD *)p2) != NID_dsaWithSHA && 190 EVP_MD_type((const EVP_MD *)p2) != NID_sha224 && 191 EVP_MD_type((const EVP_MD *)p2) != NID_sha256 && 192 EVP_MD_type((const EVP_MD *)p2) != NID_sha384 && 193 EVP_MD_type((const EVP_MD *)p2) != NID_sha512) { 194 DSAerr(DSA_F_PKEY_DSA_CTRL, DSA_R_INVALID_DIGEST_TYPE); 195 return 0; 196 } 197 dctx->md = p2; 198 return 1; 199 200 case EVP_PKEY_CTRL_DIGESTINIT: 201 case EVP_PKEY_CTRL_PKCS7_SIGN: 202 case EVP_PKEY_CTRL_CMS_SIGN: 203 return 1; 204 205 case EVP_PKEY_CTRL_PEER_KEY: 206 DSAerr(DSA_F_PKEY_DSA_CTRL, 207 EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); 208 return -2; 209 default: 210 return -2; 211 212 } 213 } 214 215 static int pkey_dsa_ctrl_str(EVP_PKEY_CTX *ctx, 216 const char *type, const char *value) 217 { 218 if (!strcmp(type, "dsa_paramgen_bits")) { 219 int nbits; 220 nbits = atoi(value); 221 return EVP_PKEY_CTX_set_dsa_paramgen_bits(ctx, nbits); 222 } 223 if (!strcmp(type, "dsa_paramgen_q_bits")) { 224 int qbits = atoi(value); 225 return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN, 226 EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS, qbits, 227 NULL); 228 } 229 if (!strcmp(type, "dsa_paramgen_md")) { 230 return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN, 231 EVP_PKEY_CTRL_DSA_PARAMGEN_MD, 0, 232 (void *)EVP_get_digestbyname(value)); 233 } 234 return -2; 235 } 236 237 static int pkey_dsa_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) 238 { 239 DSA *dsa = NULL; 240 DSA_PKEY_CTX *dctx = ctx->data; 241 BN_GENCB *pcb, cb; 242 int ret; 243 if (ctx->pkey_gencb) { 244 pcb = &cb; 245 evp_pkey_set_cb_translate(pcb, ctx); 246 } else 247 pcb = NULL; 248 dsa = DSA_new(); 249 if (!dsa) 250 return 0; 251 ret = dsa_builtin_paramgen(dsa, dctx->nbits, dctx->qbits, dctx->pmd, 252 NULL, 0, NULL, NULL, NULL, pcb); 253 if (ret) 254 EVP_PKEY_assign_DSA(pkey, dsa); 255 else 256 DSA_free(dsa); 257 return ret; 258 } 259 260 static int pkey_dsa_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) 261 { 262 DSA *dsa = NULL; 263 if (ctx->pkey == NULL) { 264 DSAerr(DSA_F_PKEY_DSA_KEYGEN, DSA_R_NO_PARAMETERS_SET); 265 return 0; 266 } 267 dsa = DSA_new(); 268 if (!dsa) 269 return 0; 270 EVP_PKEY_assign_DSA(pkey, dsa); 271 /* Note: if error return, pkey is freed by parent routine */ 272 if (!EVP_PKEY_copy_parameters(pkey, ctx->pkey)) 273 return 0; 274 return DSA_generate_key(pkey->pkey.dsa); 275 } 276 277 const EVP_PKEY_METHOD dsa_pkey_meth = { 278 EVP_PKEY_DSA, 279 EVP_PKEY_FLAG_AUTOARGLEN, 280 pkey_dsa_init, 281 pkey_dsa_copy, 282 pkey_dsa_cleanup, 283 284 0, 285 pkey_dsa_paramgen, 286 287 0, 288 pkey_dsa_keygen, 289 290 0, 291 pkey_dsa_sign, 292 293 0, 294 pkey_dsa_verify, 295 296 0, 0, 297 298 0, 0, 0, 0, 299 300 0, 0, 301 302 0, 0, 303 304 0, 0, 305 306 pkey_dsa_ctrl, 307 pkey_dsa_ctrl_str 308 }; 309