2 * Portions Copyright (C) 2004-2009, 2011-2015 Internet Systems Consortium, Inc. ("ISC")
3 * Portions Copyright (C) 1999-2002 Internet Software Consortium.
5 * Permission to use, copy, modify, and/or distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
9 * THE SOFTWARE IS PROVIDED "AS IS" AND ISC AND NETWORK ASSOCIATES DISCLAIMS
10 * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED
11 * WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE
12 * FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR
15 * IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 * Portions Copyright (C) 1995-2000 by Network Associates, Inc.
19 * Permission to use, copy, modify, and/or distribute this software for any
20 * purpose with or without fee is hereby granted, provided that the above
21 * copyright notice and this permission notice appear in all copies.
23 * THE SOFTWARE IS PROVIDED "AS IS" AND ISC AND NETWORK ASSOCIATES DISCLAIMS
24 * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED
25 * WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE
26 * FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
27 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
28 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR
29 * IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
33 * Principal Author: Brian Wellington
34 * $Id: openssldh_link.c,v 1.20 2011/01/11 23:47:13 tbox Exp $
44 #include <isc/string.h>
47 #include <dst/result.h>
49 #include "dst_internal.h"
50 #include "dst_openssl.h"
51 #include "dst_parse.h"
53 #define PRIME768 "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088" \
54 "A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25" \
55 "F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A63A3620FFFFFFFFFFFFFFFF"
57 #define PRIME1024 "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E08" \
58 "8A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF2" \
59 "5F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406" \
60 "B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE65381FFFFFFFFFFFFFFFF"
62 #define PRIME1536 "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1" \
63 "29024E088A67CC74020BBEA63B139B22514A08798E3404DD" \
64 "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245" \
65 "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED" \
66 "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D" \
67 "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F" \
68 "83655D23DCA3AD961C62F356208552BB9ED529077096966D" \
69 "670C354E4ABC9804F1746C08CA237327FFFFFFFFFFFFFFFF"
72 static isc_result_t openssldh_todns(const dst_key_t *key, isc_buffer_t *data);
74 static BIGNUM *bn2, *bn768, *bn1024, *bn1536;
77 openssldh_computesecret(const dst_key_t *pub, const dst_key_t *priv,
85 REQUIRE(pub->keydata.dh != NULL);
86 REQUIRE(priv->keydata.dh != NULL);
88 dhpub = pub->keydata.dh;
89 dhpriv = priv->keydata.dh;
91 len = DH_size(dhpriv);
92 isc_buffer_availableregion(secret, &r);
94 return (ISC_R_NOSPACE);
95 ret = DH_compute_key(r.base, dhpub->pub_key, dhpriv);
97 return (dst__openssl_toresult2("DH_compute_key",
98 DST_R_COMPUTESECRETFAILURE));
99 isc_buffer_add(secret, len);
100 return (ISC_R_SUCCESS);
104 openssldh_compare(const dst_key_t *key1, const dst_key_t *key2) {
108 dh1 = key1->keydata.dh;
109 dh2 = key2->keydata.dh;
111 if (dh1 == NULL && dh2 == NULL)
113 else if (dh1 == NULL || dh2 == NULL)
116 status = BN_cmp(dh1->p, dh2->p) ||
117 BN_cmp(dh1->g, dh2->g) ||
118 BN_cmp(dh1->pub_key, dh2->pub_key);
123 if (dh1->priv_key != NULL || dh2->priv_key != NULL) {
124 if (dh1->priv_key == NULL || dh2->priv_key == NULL)
126 if (BN_cmp(dh1->priv_key, dh2->priv_key) != 0)
133 openssldh_paramcompare(const dst_key_t *key1, const dst_key_t *key2) {
137 dh1 = key1->keydata.dh;
138 dh2 = key2->keydata.dh;
140 if (dh1 == NULL && dh2 == NULL)
142 else if (dh1 == NULL || dh2 == NULL)
145 status = BN_cmp(dh1->p, dh2->p) ||
146 BN_cmp(dh1->g, dh2->g);
153 #if OPENSSL_VERSION_NUMBER > 0x00908000L
155 progress_cb(int p, int n, BN_GENCB *cb)
164 u.dptr = BN_GENCB_get_arg(cb);
172 openssldh_generate(dst_key_t *key, int generator, void (*callback)(int)) {
174 #if OPENSSL_VERSION_NUMBER > 0x00908000L
176 #if OPENSSL_VERSION_NUMBER < 0x10100000L
188 if (generator == 0) {
189 if (key->key_size == 768 ||
190 key->key_size == 1024 ||
191 key->key_size == 1536)
195 return (dst__openssl_toresult(ISC_R_NOMEMORY));
196 if (key->key_size == 768)
198 else if (key->key_size == 1024)
207 if (generator != 0) {
208 #if OPENSSL_VERSION_NUMBER > 0x00908000L
211 return (dst__openssl_toresult(ISC_R_NOMEMORY));
213 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
216 return (dst__openssl_toresult(ISC_R_NOMEMORY));
219 if (callback == NULL) {
220 BN_GENCB_set_old(cb, NULL, NULL);
223 BN_GENCB_set(cb, &progress_cb, u.dptr);
226 if (!DH_generate_parameters_ex(dh, key->key_size, generator,
230 return (dst__openssl_toresult2(
231 "DH_generate_parameters_ex",
232 DST_R_OPENSSLFAILURE));
236 dh = DH_generate_parameters(key->key_size, generator,
239 return (dst__openssl_toresult2(
240 "DH_generate_parameters",
241 DST_R_OPENSSLFAILURE));
245 if (DH_generate_key(dh) == 0) {
247 return (dst__openssl_toresult2("DH_generate_key",
248 DST_R_OPENSSLFAILURE));
250 dh->flags &= ~DH_FLAG_CACHE_MONT_P;
252 key->keydata.dh = dh;
254 return (ISC_R_SUCCESS);
258 openssldh_isprivate(const dst_key_t *key) {
259 DH *dh = key->keydata.dh;
260 return (ISC_TF(dh != NULL && dh->priv_key != NULL));
264 openssldh_destroy(dst_key_t *key) {
265 DH *dh = key->keydata.dh;
270 if (dh->p == bn768 || dh->p == bn1024 || dh->p == bn1536)
275 key->keydata.dh = NULL;
279 uint16_toregion(isc_uint16_t val, isc_region_t *region) {
280 *region->base = (val & 0xff00) >> 8;
281 isc_region_consume(region, 1);
282 *region->base = (val & 0x00ff);
283 isc_region_consume(region, 1);
287 uint16_fromregion(isc_region_t *region) {
289 unsigned char *cp = region->base;
291 val = ((unsigned int)(cp[0])) << 8;
292 val |= ((unsigned int)(cp[1]));
294 isc_region_consume(region, 2);
300 openssldh_todns(const dst_key_t *key, isc_buffer_t *data) {
303 isc_uint16_t dnslen, plen, glen, publen;
305 REQUIRE(key->keydata.dh != NULL);
307 dh = key->keydata.dh;
309 isc_buffer_availableregion(data, &r);
312 (dh->p == bn768 || dh->p == bn1024 || dh->p == bn1536)) {
317 plen = BN_num_bytes(dh->p);
318 glen = BN_num_bytes(dh->g);
320 publen = BN_num_bytes(dh->pub_key);
321 dnslen = plen + glen + publen + 6;
322 if (r.length < (unsigned int) dnslen)
323 return (ISC_R_NOSPACE);
325 uint16_toregion(plen, &r);
329 else if (dh->p == bn1024)
335 BN_bn2bin(dh->p, r.base);
336 isc_region_consume(&r, plen);
338 uint16_toregion(glen, &r);
340 BN_bn2bin(dh->g, r.base);
341 isc_region_consume(&r, glen);
343 uint16_toregion(publen, &r);
344 BN_bn2bin(dh->pub_key, r.base);
345 isc_region_consume(&r, publen);
347 isc_buffer_add(data, dnslen);
349 return (ISC_R_SUCCESS);
353 openssldh_fromdns(dst_key_t *key, isc_buffer_t *data) {
356 isc_uint16_t plen, glen, publen;
359 isc_buffer_remainingregion(data, &r);
361 return (ISC_R_SUCCESS);
365 return (dst__openssl_toresult(ISC_R_NOMEMORY));
366 dh->flags &= ~DH_FLAG_CACHE_MONT_P;
369 * Read the prime length. 1 & 2 are table entries, > 16 means a
370 * prime follows, otherwise an error.
374 return (DST_R_INVALIDPUBLICKEY);
376 plen = uint16_fromregion(&r);
377 if (plen < 16 && plen != 1 && plen != 2) {
379 return (DST_R_INVALIDPUBLICKEY);
381 if (r.length < plen) {
383 return (DST_R_INVALIDPUBLICKEY);
385 if (plen == 1 || plen == 2) {
388 isc_region_consume(&r, 1);
390 special = uint16_fromregion(&r);
404 return (DST_R_INVALIDPUBLICKEY);
407 dh->p = BN_bin2bn(r.base, plen, NULL);
408 isc_region_consume(&r, plen);
412 * Read the generator length. This should be 0 if the prime was
413 * special, but it might not be. If it's 0 and the prime is not
414 * special, we have a problem.
418 return (DST_R_INVALIDPUBLICKEY);
420 glen = uint16_fromregion(&r);
421 if (r.length < glen) {
423 return (DST_R_INVALIDPUBLICKEY);
429 dh->g = BN_bin2bn(r.base, glen, NULL);
430 if (BN_cmp(dh->g, bn2) == 0) {
436 return (DST_R_INVALIDPUBLICKEY);
442 return (DST_R_INVALIDPUBLICKEY);
444 dh->g = BN_bin2bn(r.base, glen, NULL);
446 isc_region_consume(&r, glen);
450 return (DST_R_INVALIDPUBLICKEY);
452 publen = uint16_fromregion(&r);
453 if (r.length < publen) {
455 return (DST_R_INVALIDPUBLICKEY);
457 dh->pub_key = BN_bin2bn(r.base, publen, NULL);
458 isc_region_consume(&r, publen);
460 key->key_size = BN_num_bits(dh->p);
462 isc_buffer_forward(data, plen + glen + publen + 6);
464 key->keydata.dh = dh;
466 return (ISC_R_SUCCESS);
470 openssldh_tofile(const dst_key_t *key, const char *directory) {
474 unsigned char *bufs[4];
477 if (key->keydata.dh == NULL)
478 return (DST_R_NULLKEY);
480 dh = key->keydata.dh;
482 memset(bufs, 0, sizeof(bufs));
483 for (i = 0; i < 4; i++) {
484 bufs[i] = isc_mem_get(key->mctx, BN_num_bytes(dh->p));
485 if (bufs[i] == NULL) {
486 result = ISC_R_NOMEMORY;
493 priv.elements[i].tag = TAG_DH_PRIME;
494 priv.elements[i].length = BN_num_bytes(dh->p);
495 BN_bn2bin(dh->p, bufs[i]);
496 priv.elements[i].data = bufs[i];
499 priv.elements[i].tag = TAG_DH_GENERATOR;
500 priv.elements[i].length = BN_num_bytes(dh->g);
501 BN_bn2bin(dh->g, bufs[i]);
502 priv.elements[i].data = bufs[i];
505 priv.elements[i].tag = TAG_DH_PRIVATE;
506 priv.elements[i].length = BN_num_bytes(dh->priv_key);
507 BN_bn2bin(dh->priv_key, bufs[i]);
508 priv.elements[i].data = bufs[i];
511 priv.elements[i].tag = TAG_DH_PUBLIC;
512 priv.elements[i].length = BN_num_bytes(dh->pub_key);
513 BN_bn2bin(dh->pub_key, bufs[i]);
514 priv.elements[i].data = bufs[i];
518 result = dst__privstruct_writefile(key, &priv, directory);
520 for (i = 0; i < 4; i++) {
523 isc_mem_put(key->mctx, bufs[i], BN_num_bytes(dh->p));
529 openssldh_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) {
535 #define DST_RET(a) {ret = a; goto err;}
540 /* read private key file */
541 ret = dst__privstruct_parse(key, DST_ALG_DH, lexer, mctx, &priv);
542 if (ret != ISC_R_SUCCESS)
547 DST_RET(ISC_R_NOMEMORY);
548 dh->flags &= ~DH_FLAG_CACHE_MONT_P;
549 key->keydata.dh = dh;
551 for (i = 0; i < priv.nelements; i++) {
553 bn = BN_bin2bn(priv.elements[i].data,
554 priv.elements[i].length, NULL);
556 DST_RET(ISC_R_NOMEMORY);
558 switch (priv.elements[i].tag) {
562 case TAG_DH_GENERATOR:
573 dst__privstruct_free(&priv, mctx);
575 key->key_size = BN_num_bits(dh->p);
577 if ((key->key_size == 768 ||
578 key->key_size == 1024 ||
579 key->key_size == 1536) &&
580 BN_cmp(dh->g, bn2) == 0)
582 if (key->key_size == 768 && BN_cmp(dh->p, bn768) == 0) {
587 } else if (key->key_size == 1024 &&
588 BN_cmp(dh->p, bn1024) == 0) {
593 } else if (key->key_size == 1536 &&
594 BN_cmp(dh->p, bn1536) == 0) {
602 return (ISC_R_SUCCESS);
605 openssldh_destroy(key);
606 dst__privstruct_free(&priv, mctx);
607 memset(&priv, 0, sizeof(priv));
612 BN_fromhex(BIGNUM *b, const char *str) {
613 static const char hexdigits[] = "0123456789abcdef";
614 unsigned char data[512];
618 RUNTIME_CHECK(strlen(str) < 1024U && strlen(str) % 2 == 0U);
619 for (i = 0; i < strlen(str); i += 2) {
621 unsigned int high, low;
623 s = strchr(hexdigits, tolower((unsigned char)str[i]));
624 RUNTIME_CHECK(s != NULL);
625 high = (unsigned int)(s - hexdigits);
627 s = strchr(hexdigits, tolower((unsigned char)str[i + 1]));
628 RUNTIME_CHECK(s != NULL);
629 low = (unsigned int)(s - hexdigits);
631 data[i/2] = (unsigned char)((high << 4) + low);
633 out = BN_bin2bn(data, strlen(str)/2, b);
634 RUNTIME_CHECK(out != NULL);
638 openssldh_cleanup(void) {
645 static dst_func_t openssldh_functions = {
646 NULL, /*%< createctx */
647 NULL, /*%< destroyctx */
648 NULL, /*%< adddata */
649 NULL, /*%< openssldh_sign */
650 NULL, /*%< openssldh_verify */
651 NULL, /*%< openssldh_verify2 */
652 openssldh_computesecret,
654 openssldh_paramcompare,
663 NULL, /*%< fromlabel */
665 NULL, /*%< restore */
669 dst__openssldh_init(dst_func_t **funcp) {
670 REQUIRE(funcp != NULL);
671 if (*funcp == NULL) {
676 if (bn2 == NULL || bn768 == NULL ||
677 bn1024 == NULL || bn1536 == NULL)
680 BN_fromhex(bn768, PRIME768);
681 BN_fromhex(bn1024, PRIME1024);
682 BN_fromhex(bn1536, PRIME1536);
683 *funcp = &openssldh_functions;
685 return (ISC_R_SUCCESS);
688 if (bn2 != NULL) BN_free(bn2);
689 if (bn768 != NULL) BN_free(bn768);
690 if (bn1024 != NULL) BN_free(bn1024);
691 if (bn1536 != NULL) BN_free(bn1536);
692 return (ISC_R_NOMEMORY);
697 #include <isc/util.h>
699 EMPTY_TRANSLATION_UNIT