2 * Portions Copyright (C) 2004-2009, 2011-2013, 2015 Internet Systems Consortium, Inc. ("ISC")
3 * Portions Copyright (C) 1999-2002 Internet Software Consortium.
5 * Permission to use, copy, modify, and/or distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
9 * THE SOFTWARE IS PROVIDED "AS IS" AND ISC AND NETWORK ASSOCIATES DISCLAIMS
10 * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED
11 * WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE
12 * FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR
15 * IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 * Portions Copyright (C) 1995-2000 by Network Associates, Inc.
19 * Permission to use, copy, modify, and/or distribute this software for any
20 * purpose with or without fee is hereby granted, provided that the above
21 * copyright notice and this permission notice appear in all copies.
23 * THE SOFTWARE IS PROVIDED "AS IS" AND ISC AND NETWORK ASSOCIATES DISCLAIMS
24 * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED
25 * WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE
26 * FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
27 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
28 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR
29 * IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
41 #include <isc/entropy.h>
46 #include <dst/result.h>
48 #include "dst_internal.h"
49 #include "dst_openssl.h"
50 #include "dst_parse.h"
52 #include <openssl/dsa.h>
54 static isc_result_t openssldsa_todns(const dst_key_t *key, isc_buffer_t *data);
57 openssldsa_createctx(dst_key_t *key, dst_context_t *dctx) {
59 EVP_MD_CTX *evp_md_ctx;
63 evp_md_ctx = EVP_MD_CTX_create();
64 if (evp_md_ctx == NULL)
65 return (ISC_R_NOMEMORY);
67 if (!EVP_DigestInit_ex(evp_md_ctx, EVP_dss1(), NULL)) {
68 EVP_MD_CTX_destroy(evp_md_ctx);
69 return (ISC_R_FAILURE);
72 dctx->ctxdata.evp_md_ctx = evp_md_ctx;
74 return (ISC_R_SUCCESS);
80 sha1ctx = isc_mem_get(dctx->mctx, sizeof(isc_sha1_t));
81 isc_sha1_init(sha1ctx);
82 dctx->ctxdata.sha1ctx = sha1ctx;
83 return (ISC_R_SUCCESS);
88 openssldsa_destroyctx(dst_context_t *dctx) {
90 EVP_MD_CTX *evp_md_ctx = dctx->ctxdata.evp_md_ctx;
92 if (evp_md_ctx != NULL) {
93 EVP_MD_CTX_destroy(evp_md_ctx);
94 dctx->ctxdata.evp_md_ctx = NULL;
97 isc_sha1_t *sha1ctx = dctx->ctxdata.sha1ctx;
99 if (sha1ctx != NULL) {
100 isc_sha1_invalidate(sha1ctx);
101 isc_mem_put(dctx->mctx, sha1ctx, sizeof(isc_sha1_t));
102 dctx->ctxdata.sha1ctx = NULL;
108 openssldsa_adddata(dst_context_t *dctx, const isc_region_t *data) {
110 EVP_MD_CTX *evp_md_ctx = dctx->ctxdata.evp_md_ctx;
112 if (!EVP_DigestUpdate(evp_md_ctx, data->base, data->length)) {
113 return (ISC_R_FAILURE);
116 isc_sha1_t *sha1ctx = dctx->ctxdata.sha1ctx;
118 isc_sha1_update(sha1ctx, data->base, data->length);
120 return (ISC_R_SUCCESS);
124 BN_bn2bin_fixed(BIGNUM *bn, unsigned char *buf, int size) {
125 int bytes = size - BN_num_bytes(bn);
133 openssldsa_sign(dst_context_t *dctx, isc_buffer_t *sig) {
134 dst_key_t *key = dctx->key;
135 DSA *dsa = key->keydata.dsa;
140 EVP_MD_CTX *evp_md_ctx = dctx->ctxdata.evp_md_ctx;
142 unsigned char *sigbuf;
143 const unsigned char *sb;
146 isc_sha1_t *sha1ctx = dctx->ctxdata.sha1ctx;
147 unsigned char digest[ISC_SHA1_DIGESTLENGTH];
150 isc_buffer_availableregion(sig, &r);
151 if (r.length < ISC_SHA1_DIGESTLENGTH * 2 + 1)
152 return (ISC_R_NOSPACE);
155 pkey = EVP_PKEY_new();
157 return (ISC_R_NOMEMORY);
158 if (!EVP_PKEY_set1_DSA(pkey, dsa)) {
160 return (ISC_R_FAILURE);
162 sigbuf = malloc(EVP_PKEY_size(pkey));
163 if (sigbuf == NULL) {
165 return (ISC_R_NOMEMORY);
167 if (!EVP_SignFinal(evp_md_ctx, sigbuf, &siglen, pkey)) {
170 return (dst__openssl_toresult3(dctx->category,
174 INSIST(EVP_PKEY_size(pkey) >= (int) siglen);
176 /* Convert from Dss-Sig-Value (RFC2459). */
177 dsasig = DSA_SIG_new();
178 if (dsasig == NULL) {
180 return (ISC_R_NOMEMORY);
183 if (d2i_DSA_SIG(&dsasig, &sb, (long) siglen) == NULL) {
185 return (dst__openssl_toresult3(dctx->category,
192 /* Only use EVP for the Digest */
193 if (!EVP_DigestFinal_ex(evp_md_ctx, digest, &siglen)) {
194 return (dst__openssl_toresult3(dctx->category,
195 "EVP_DigestFinal_ex",
198 dsasig = DSA_do_sign(digest, ISC_SHA1_DIGESTLENGTH, dsa);
200 return (dst__openssl_toresult3(dctx->category,
204 isc_sha1_final(sha1ctx, digest);
206 dsasig = DSA_do_sign(digest, ISC_SHA1_DIGESTLENGTH, dsa);
208 return (dst__openssl_toresult3(dctx->category,
213 klen = (key->key_size - 512)/64;
215 return (ISC_R_FAILURE);
217 isc_region_consume(&r, 1);
219 BN_bn2bin_fixed(dsasig->r, r.base, ISC_SHA1_DIGESTLENGTH);
220 isc_region_consume(&r, ISC_SHA1_DIGESTLENGTH);
221 BN_bn2bin_fixed(dsasig->s, r.base, ISC_SHA1_DIGESTLENGTH);
222 isc_region_consume(&r, ISC_SHA1_DIGESTLENGTH);
223 DSA_SIG_free(dsasig);
224 isc_buffer_add(sig, ISC_SHA1_DIGESTLENGTH * 2 + 1);
226 return (ISC_R_SUCCESS);
230 openssldsa_verify(dst_context_t *dctx, const isc_region_t *sig) {
231 dst_key_t *key = dctx->key;
232 DSA *dsa = key->keydata.dsa;
234 unsigned char *cp = sig->base;
237 EVP_MD_CTX *evp_md_ctx = dctx->ctxdata.evp_md_ctx;
240 unsigned char *sigbuf;
244 isc_sha1_t *sha1ctx = dctx->ctxdata.sha1ctx;
246 unsigned char digest[ISC_SHA1_DIGESTLENGTH];
251 /* Only use EVP for the digest */
252 if (!EVP_DigestFinal_ex(evp_md_ctx, digest, &siglen)) {
253 return (ISC_R_FAILURE);
257 isc_sha1_final(sha1ctx, digest);
260 if (sig->length != 2 * ISC_SHA1_DIGESTLENGTH + 1) {
261 return (DST_R_VERIFYFAILURE);
265 dsasig = DSA_SIG_new();
267 return (ISC_R_NOMEMORY);
268 dsasig->r = BN_bin2bn(cp, ISC_SHA1_DIGESTLENGTH, NULL);
269 cp += ISC_SHA1_DIGESTLENGTH;
270 dsasig->s = BN_bin2bn(cp, ISC_SHA1_DIGESTLENGTH, NULL);
273 pkey = EVP_PKEY_new();
275 return (ISC_R_NOMEMORY);
276 if (!EVP_PKEY_set1_DSA(pkey, dsa)) {
278 return (ISC_R_FAILURE);
280 /* Convert to Dss-Sig-Value (RFC2459). */
281 sigbuf = malloc(EVP_PKEY_size(pkey) + 50);
282 if (sigbuf == NULL) {
284 return (ISC_R_NOMEMORY);
286 siglen = (unsigned) i2d_DSA_SIG(dsasig, &sigbuf);
287 INSIST(EVP_PKEY_size(pkey) >= (int) siglen);
288 status = EVP_VerifyFinal(evp_md_ctx, sigbuf, siglen, pkey);
292 status = DSA_do_verify(digest, ISC_SHA1_DIGESTLENGTH, dsasig, dsa);
294 DSA_SIG_free(dsasig);
297 return (ISC_R_SUCCESS);
299 return (dst__openssl_toresult(DST_R_VERIFYFAILURE));
301 return (dst__openssl_toresult3(dctx->category,
303 DST_R_VERIFYFAILURE));
308 openssldsa_compare(const dst_key_t *key1, const dst_key_t *key2) {
312 dsa1 = key1->keydata.dsa;
313 dsa2 = key2->keydata.dsa;
315 if (dsa1 == NULL && dsa2 == NULL)
317 else if (dsa1 == NULL || dsa2 == NULL)
320 status = BN_cmp(dsa1->p, dsa2->p) ||
321 BN_cmp(dsa1->q, dsa2->q) ||
322 BN_cmp(dsa1->g, dsa2->g) ||
323 BN_cmp(dsa1->pub_key, dsa2->pub_key);
328 if (dsa1->priv_key != NULL || dsa2->priv_key != NULL) {
329 if (dsa1->priv_key == NULL || dsa2->priv_key == NULL)
331 if (BN_cmp(dsa1->priv_key, dsa2->priv_key))
337 #if OPENSSL_VERSION_NUMBER > 0x00908000L
339 progress_cb(int p, int n, BN_GENCB *cb)
348 u.dptr = BN_GENCB_get_arg(cb);
356 openssldsa_generate(dst_key_t *key, int unused, void (*callback)(int)) {
358 unsigned char rand_array[ISC_SHA1_DIGESTLENGTH];
360 #if OPENSSL_VERSION_NUMBER > 0x00908000L
362 #if OPENSSL_VERSION_NUMBER < 0x10100000L
376 result = dst__entropy_getdata(rand_array, sizeof(rand_array),
378 if (result != ISC_R_SUCCESS)
381 #if OPENSSL_VERSION_NUMBER > 0x00908000L
384 return (dst__openssl_toresult(DST_R_OPENSSLFAILURE));
386 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
389 return (dst__openssl_toresult(DST_R_OPENSSLFAILURE));
392 if (callback == NULL) {
393 BN_GENCB_set_old(cb, NULL, NULL);
396 BN_GENCB_set(cb, &progress_cb, u.dptr);
399 if (!DSA_generate_parameters_ex(dsa, key->key_size, rand_array,
400 ISC_SHA1_DIGESTLENGTH, NULL, NULL,
405 return (dst__openssl_toresult2("DSA_generate_parameters_ex",
406 DST_R_OPENSSLFAILURE));
410 dsa = DSA_generate_parameters(key->key_size, rand_array,
411 ISC_SHA1_DIGESTLENGTH, NULL, NULL,
414 return (dst__openssl_toresult2("DSA_generate_parameters",
415 DST_R_OPENSSLFAILURE));
418 if (DSA_generate_key(dsa) == 0) {
420 return (dst__openssl_toresult2("DSA_generate_key",
421 DST_R_OPENSSLFAILURE));
423 dsa->flags &= ~DSA_FLAG_CACHE_MONT_P;
425 key->keydata.dsa = dsa;
427 return (ISC_R_SUCCESS);
431 openssldsa_isprivate(const dst_key_t *key) {
432 DSA *dsa = key->keydata.dsa;
433 return (ISC_TF(dsa != NULL && dsa->priv_key != NULL));
437 openssldsa_destroy(dst_key_t *key) {
438 DSA *dsa = key->keydata.dsa;
440 key->keydata.dsa = NULL;
445 openssldsa_todns(const dst_key_t *key, isc_buffer_t *data) {
449 unsigned int t, p_bytes;
451 REQUIRE(key->keydata.dsa != NULL);
453 dsa = key->keydata.dsa;
455 isc_buffer_availableregion(data, &r);
457 t = (BN_num_bytes(dsa->p) - 64) / 8;
459 return (DST_R_INVALIDPUBLICKEY);
460 p_bytes = 64 + 8 * t;
462 dnslen = 1 + (key->key_size * 3)/8 + ISC_SHA1_DIGESTLENGTH;
463 if (r.length < (unsigned int) dnslen)
464 return (ISC_R_NOSPACE);
467 isc_region_consume(&r, 1);
468 BN_bn2bin_fixed(dsa->q, r.base, ISC_SHA1_DIGESTLENGTH);
469 isc_region_consume(&r, ISC_SHA1_DIGESTLENGTH);
470 BN_bn2bin_fixed(dsa->p, r.base, key->key_size/8);
471 isc_region_consume(&r, p_bytes);
472 BN_bn2bin_fixed(dsa->g, r.base, key->key_size/8);
473 isc_region_consume(&r, p_bytes);
474 BN_bn2bin_fixed(dsa->pub_key, r.base, key->key_size/8);
475 isc_region_consume(&r, p_bytes);
477 isc_buffer_add(data, dnslen);
479 return (ISC_R_SUCCESS);
483 openssldsa_fromdns(dst_key_t *key, isc_buffer_t *data) {
486 unsigned int t, p_bytes;
487 isc_mem_t *mctx = key->mctx;
491 isc_buffer_remainingregion(data, &r);
493 return (ISC_R_SUCCESS);
497 return (ISC_R_NOMEMORY);
498 dsa->flags &= ~DSA_FLAG_CACHE_MONT_P;
500 t = (unsigned int) *r.base;
501 isc_region_consume(&r, 1);
504 return (DST_R_INVALIDPUBLICKEY);
506 p_bytes = 64 + 8 * t;
508 if (r.length < ISC_SHA1_DIGESTLENGTH + 3 * p_bytes) {
510 return (DST_R_INVALIDPUBLICKEY);
513 dsa->q = BN_bin2bn(r.base, ISC_SHA1_DIGESTLENGTH, NULL);
514 isc_region_consume(&r, ISC_SHA1_DIGESTLENGTH);
516 dsa->p = BN_bin2bn(r.base, p_bytes, NULL);
517 isc_region_consume(&r, p_bytes);
519 dsa->g = BN_bin2bn(r.base, p_bytes, NULL);
520 isc_region_consume(&r, p_bytes);
522 dsa->pub_key = BN_bin2bn(r.base, p_bytes, NULL);
523 isc_region_consume(&r, p_bytes);
525 key->key_size = p_bytes * 8;
527 isc_buffer_forward(data, 1 + ISC_SHA1_DIGESTLENGTH + 3 * p_bytes);
529 key->keydata.dsa = dsa;
531 return (ISC_R_SUCCESS);
536 openssldsa_tofile(const dst_key_t *key, const char *directory) {
540 unsigned char bufs[5][128];
542 if (key->keydata.dsa == NULL)
543 return (DST_R_NULLKEY);
547 return (dst__privstruct_writefile(key, &priv, directory));
550 dsa = key->keydata.dsa;
552 priv.elements[cnt].tag = TAG_DSA_PRIME;
553 priv.elements[cnt].length = BN_num_bytes(dsa->p);
554 BN_bn2bin(dsa->p, bufs[cnt]);
555 priv.elements[cnt].data = bufs[cnt];
558 priv.elements[cnt].tag = TAG_DSA_SUBPRIME;
559 priv.elements[cnt].length = BN_num_bytes(dsa->q);
560 BN_bn2bin(dsa->q, bufs[cnt]);
561 priv.elements[cnt].data = bufs[cnt];
564 priv.elements[cnt].tag = TAG_DSA_BASE;
565 priv.elements[cnt].length = BN_num_bytes(dsa->g);
566 BN_bn2bin(dsa->g, bufs[cnt]);
567 priv.elements[cnt].data = bufs[cnt];
570 priv.elements[cnt].tag = TAG_DSA_PRIVATE;
571 priv.elements[cnt].length = BN_num_bytes(dsa->priv_key);
572 BN_bn2bin(dsa->priv_key, bufs[cnt]);
573 priv.elements[cnt].data = bufs[cnt];
576 priv.elements[cnt].tag = TAG_DSA_PUBLIC;
577 priv.elements[cnt].length = BN_num_bytes(dsa->pub_key);
578 BN_bn2bin(dsa->pub_key, bufs[cnt]);
579 priv.elements[cnt].data = bufs[cnt];
582 priv.nelements = cnt;
583 return (dst__privstruct_writefile(key, &priv, directory));
587 openssldsa_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) {
592 isc_mem_t *mctx = key->mctx;
593 #define DST_RET(a) {ret = a; goto err;}
597 /* read private key file */
598 ret = dst__privstruct_parse(key, DST_ALG_DSA, lexer, mctx, &priv);
599 if (ret != ISC_R_SUCCESS)
604 DST_RET(ISC_R_NOMEMORY);
605 dsa->flags &= ~DSA_FLAG_CACHE_MONT_P;
606 key->keydata.dsa = dsa;
608 for (i=0; i < priv.nelements; i++) {
610 bn = BN_bin2bn(priv.elements[i].data,
611 priv.elements[i].length, NULL);
613 DST_RET(ISC_R_NOMEMORY);
615 switch (priv.elements[i].tag) {
619 case TAG_DSA_SUBPRIME:
625 case TAG_DSA_PRIVATE:
633 dst__privstruct_free(&priv, mctx);
637 DST_RET(DST_R_INVALIDPRIVATEKEY);
638 dsa->q = pub->keydata.dsa->q;
639 pub->keydata.dsa->q = NULL;
640 dsa->p = pub->keydata.dsa->p;
641 pub->keydata.dsa->p = NULL;
642 dsa->g = pub->keydata.dsa->g;
643 pub->keydata.dsa->g = NULL;
644 dsa->pub_key = pub->keydata.dsa->pub_key;
645 pub->keydata.dsa->pub_key = NULL;
648 key->key_size = BN_num_bits(dsa->p);
650 return (ISC_R_SUCCESS);
653 openssldsa_destroy(key);
654 dst__privstruct_free(&priv, mctx);
655 memset(&priv, 0, sizeof(priv));
659 static dst_func_t openssldsa_functions = {
660 openssldsa_createctx,
661 openssldsa_destroyctx,
665 NULL, /*%< verify2 */
666 NULL, /*%< computesecret */
668 NULL, /*%< paramcompare */
670 openssldsa_isprivate,
676 NULL, /*%< cleanup */
677 NULL, /*%< fromlabel */
679 NULL, /*%< restore */
683 dst__openssldsa_init(dst_func_t **funcp) {
684 REQUIRE(funcp != NULL);
686 *funcp = &openssldsa_functions;
687 return (ISC_R_SUCCESS);
692 #include <isc/util.h>
694 EMPTY_TRANSLATION_UNIT