/src/openssl/providers/implementations/keymgmt/dsa_kmgmt.c
Line | Count | Source |
1 | | /* |
2 | | * Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved. |
3 | | * |
4 | | * Licensed under the Apache License 2.0 (the "License"). You may not use |
5 | | * this file except in compliance with the License. You can obtain a copy |
6 | | * in the file LICENSE in the source distribution or at |
7 | | * https://www.openssl.org/source/license.html |
8 | | */ |
9 | | |
10 | | |
11 | | /* |
12 | | * DSA low level APIs are deprecated for public use, but still ok for |
13 | | * internal use. |
14 | | */ |
15 | | #include "internal/deprecated.h" |
16 | | |
17 | | #include <openssl/core_dispatch.h> |
18 | | #include <openssl/core_names.h> |
19 | | #include <openssl/bn.h> |
20 | | #include <openssl/err.h> |
21 | | #include <openssl/proverr.h> |
22 | | #include "prov/securitycheck.h" |
23 | | #include "prov/providercommon.h" |
24 | | #include "prov/implementations.h" |
25 | | #include "prov/provider_ctx.h" |
26 | | #include "crypto/dsa.h" |
27 | | #include "internal/sizes.h" |
28 | | #include "internal/nelem.h" |
29 | | #include "internal/param_build_set.h" |
30 | | |
31 | | static OSSL_FUNC_keymgmt_new_fn dsa_newdata; |
32 | | static OSSL_FUNC_keymgmt_free_fn dsa_freedata; |
33 | | static OSSL_FUNC_keymgmt_gen_init_fn dsa_gen_init; |
34 | | static OSSL_FUNC_keymgmt_gen_set_template_fn dsa_gen_set_template; |
35 | | static OSSL_FUNC_keymgmt_gen_set_params_fn dsa_gen_set_params; |
36 | | static OSSL_FUNC_keymgmt_gen_settable_params_fn dsa_gen_settable_params; |
37 | | static OSSL_FUNC_keymgmt_gen_get_params_fn dsa_gen_get_params; |
38 | | static OSSL_FUNC_keymgmt_gen_gettable_params_fn dsa_gen_gettable_params; |
39 | | static OSSL_FUNC_keymgmt_gen_fn dsa_gen; |
40 | | static OSSL_FUNC_keymgmt_gen_cleanup_fn dsa_gen_cleanup; |
41 | | static OSSL_FUNC_keymgmt_load_fn dsa_load; |
42 | | static OSSL_FUNC_keymgmt_get_params_fn dsa_get_params; |
43 | | static OSSL_FUNC_keymgmt_gettable_params_fn dsa_gettable_params; |
44 | | static OSSL_FUNC_keymgmt_has_fn dsa_has; |
45 | | static OSSL_FUNC_keymgmt_match_fn dsa_match; |
46 | | static OSSL_FUNC_keymgmt_validate_fn dsa_validate; |
47 | | static OSSL_FUNC_keymgmt_import_fn dsa_import; |
48 | | static OSSL_FUNC_keymgmt_import_types_fn dsa_import_types; |
49 | | static OSSL_FUNC_keymgmt_export_fn dsa_export; |
50 | | static OSSL_FUNC_keymgmt_export_types_fn dsa_export_types; |
51 | | static OSSL_FUNC_keymgmt_dup_fn dsa_dup; |
52 | | |
53 | 0 | #define DSA_DEFAULT_MD "SHA256" |
54 | | #define DSA_POSSIBLE_SELECTIONS \ |
55 | 0 | (OSSL_KEYMGMT_SELECT_KEYPAIR | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) |
56 | | |
57 | | struct dsa_gen_ctx { |
58 | | OSSL_LIB_CTX *libctx; |
59 | | |
60 | | FFC_PARAMS *ffc_params; |
61 | | int selection; |
62 | | /* All these parameters are used for parameter generation only */ |
63 | | size_t pbits; |
64 | | size_t qbits; |
65 | | unsigned char *seed; /* optional FIPS186-4 param for testing */ |
66 | | size_t seedlen; |
67 | | int gindex; /* optional FIPS186-4 generator index (ignored if -1) */ |
68 | | int gen_type; /* DSA_PARAMGEN_TYPE_FIPS_186_2 or DSA_PARAMGEN_TYPE_FIPS_186_4 */ |
69 | | int pcounter; |
70 | | int hindex; |
71 | | char *mdname; |
72 | | char *mdprops; |
73 | | OSSL_CALLBACK *cb; |
74 | | void *cbarg; |
75 | | OSSL_FIPS_IND_DECLARE |
76 | | }; |
77 | | typedef struct dh_name2id_st{ |
78 | | const char *name; |
79 | | int id; |
80 | | } DSA_GENTYPE_NAME2ID; |
81 | | |
82 | | static const DSA_GENTYPE_NAME2ID dsatype2id[] = { |
83 | | #ifdef FIPS_MODULE |
84 | | { "default", DSA_PARAMGEN_TYPE_FIPS_186_4 }, |
85 | | #else |
86 | | { "default", DSA_PARAMGEN_TYPE_FIPS_DEFAULT }, |
87 | | #endif |
88 | | { "fips186_4", DSA_PARAMGEN_TYPE_FIPS_186_4 }, |
89 | | { "fips186_2", DSA_PARAMGEN_TYPE_FIPS_186_2 }, |
90 | | }; |
91 | | |
92 | | static int dsa_gen_type_name2id(const char *name) |
93 | 0 | { |
94 | 0 | size_t i; |
95 | |
|
96 | 0 | for (i = 0; i < OSSL_NELEM(dsatype2id); ++i) { |
97 | 0 | if (OPENSSL_strcasecmp(dsatype2id[i].name, name) == 0) |
98 | 0 | return dsatype2id[i].id; |
99 | 0 | } |
100 | 0 | return -1; |
101 | 0 | } |
102 | | |
103 | | static int dsa_key_todata(DSA *dsa, OSSL_PARAM_BLD *bld, OSSL_PARAM *pubkey, |
104 | | OSSL_PARAM *privkey, int include_private) |
105 | 0 | { |
106 | 0 | const BIGNUM *priv = NULL, *pub = NULL; |
107 | |
|
108 | 0 | if (dsa == NULL) |
109 | 0 | return 0; |
110 | | |
111 | 0 | DSA_get0_key(dsa, &pub, &priv); |
112 | 0 | if (include_private |
113 | 0 | && priv != NULL |
114 | 0 | && !ossl_param_build_set_bn(bld, privkey, OSSL_PKEY_PARAM_PRIV_KEY, priv)) |
115 | 0 | return 0; |
116 | 0 | if (pub != NULL |
117 | 0 | && !ossl_param_build_set_bn(bld, pubkey, OSSL_PKEY_PARAM_PUB_KEY, pub)) |
118 | 0 | return 0; |
119 | | |
120 | 0 | return 1; |
121 | 0 | } |
122 | | |
123 | | static void *dsa_newdata(void *provctx) |
124 | 0 | { |
125 | 0 | if (!ossl_prov_is_running()) |
126 | 0 | return NULL; |
127 | 0 | return ossl_dsa_new(PROV_LIBCTX_OF(provctx)); |
128 | 0 | } |
129 | | |
130 | | static void dsa_freedata(void *keydata) |
131 | 0 | { |
132 | 0 | DSA_free(keydata); |
133 | 0 | } |
134 | | |
135 | | static int dsa_has(const void *keydata, int selection) |
136 | 0 | { |
137 | 0 | const DSA *dsa = keydata; |
138 | 0 | int ok = 1; |
139 | |
|
140 | 0 | if (!ossl_prov_is_running() || dsa == NULL) |
141 | 0 | return 0; |
142 | 0 | if ((selection & DSA_POSSIBLE_SELECTIONS) == 0) |
143 | 0 | return 1; /* the selection is not missing */ |
144 | | |
145 | 0 | if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) |
146 | 0 | ok = ok && (DSA_get0_pub_key(dsa) != NULL); |
147 | 0 | if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) |
148 | 0 | ok = ok && (DSA_get0_priv_key(dsa) != NULL); |
149 | 0 | if ((selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) != 0) |
150 | 0 | ok = ok && (DSA_get0_p(dsa) != NULL && DSA_get0_g(dsa) != NULL); |
151 | 0 | return ok; |
152 | 0 | } |
153 | | |
154 | | static int dsa_match(const void *keydata1, const void *keydata2, int selection) |
155 | 0 | { |
156 | 0 | const DSA *dsa1 = keydata1; |
157 | 0 | const DSA *dsa2 = keydata2; |
158 | 0 | int ok = 1; |
159 | |
|
160 | 0 | if (!ossl_prov_is_running()) |
161 | 0 | return 0; |
162 | | |
163 | 0 | if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) { |
164 | 0 | int key_checked = 0; |
165 | |
|
166 | 0 | if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) { |
167 | 0 | const BIGNUM *pa = DSA_get0_pub_key(dsa1); |
168 | 0 | const BIGNUM *pb = DSA_get0_pub_key(dsa2); |
169 | |
|
170 | 0 | if (pa != NULL && pb != NULL) { |
171 | 0 | ok = ok && BN_cmp(pa, pb) == 0; |
172 | 0 | key_checked = 1; |
173 | 0 | } |
174 | 0 | } |
175 | 0 | if (!key_checked |
176 | 0 | && (selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) { |
177 | 0 | const BIGNUM *pa = DSA_get0_priv_key(dsa1); |
178 | 0 | const BIGNUM *pb = DSA_get0_priv_key(dsa2); |
179 | |
|
180 | 0 | if (pa != NULL && pb != NULL) { |
181 | 0 | ok = ok && BN_cmp(pa, pb) == 0; |
182 | 0 | key_checked = 1; |
183 | 0 | } |
184 | 0 | } |
185 | 0 | ok = ok && key_checked; |
186 | 0 | } |
187 | 0 | if ((selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) != 0) { |
188 | 0 | FFC_PARAMS *dsaparams1 = ossl_dsa_get0_params((DSA *)dsa1); |
189 | 0 | FFC_PARAMS *dsaparams2 = ossl_dsa_get0_params((DSA *)dsa2); |
190 | |
|
191 | 0 | ok = ok && ossl_ffc_params_cmp(dsaparams1, dsaparams2, 1); |
192 | 0 | } |
193 | 0 | return ok; |
194 | 0 | } |
195 | | |
196 | | static int dsa_import(void *keydata, int selection, const OSSL_PARAM params[]) |
197 | 0 | { |
198 | 0 | DSA *dsa = keydata; |
199 | 0 | int ok = 1; |
200 | |
|
201 | 0 | if (!ossl_prov_is_running() || dsa == NULL) |
202 | 0 | return 0; |
203 | | |
204 | 0 | if ((selection & DSA_POSSIBLE_SELECTIONS) == 0) |
205 | 0 | return 0; |
206 | | |
207 | | /* a key without parameters is meaningless */ |
208 | 0 | ok = ok && ossl_dsa_ffc_params_fromdata(dsa, params); |
209 | |
|
210 | 0 | if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) { |
211 | 0 | int include_private = |
212 | 0 | selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY ? 1 : 0; |
213 | |
|
214 | 0 | ok = ok && ossl_dsa_key_fromdata(dsa, params, include_private); |
215 | 0 | } |
216 | |
|
217 | 0 | return ok; |
218 | 0 | } |
219 | | |
220 | | static int dsa_export(void *keydata, int selection, OSSL_CALLBACK *param_cb, |
221 | | void *cbarg) |
222 | 0 | { |
223 | 0 | DSA *dsa = keydata; |
224 | 0 | OSSL_PARAM_BLD *tmpl; |
225 | 0 | OSSL_PARAM *params = NULL; |
226 | 0 | int ok = 1; |
227 | |
|
228 | 0 | if (!ossl_prov_is_running() || dsa == NULL) |
229 | 0 | return 0; |
230 | | |
231 | 0 | if ((selection & DSA_POSSIBLE_SELECTIONS) == 0) |
232 | 0 | return 0; |
233 | | |
234 | 0 | tmpl = OSSL_PARAM_BLD_new(); |
235 | 0 | if (tmpl == NULL) |
236 | 0 | return 0; |
237 | | |
238 | 0 | if ((selection & OSSL_KEYMGMT_SELECT_ALL_PARAMETERS) != 0) |
239 | 0 | ok = ok && ossl_ffc_params_todata(ossl_dsa_get0_params(dsa), tmpl, NULL); |
240 | 0 | if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) { |
241 | 0 | int include_private = |
242 | 0 | selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY ? 1 : 0; |
243 | |
|
244 | 0 | ok = ok && dsa_key_todata(dsa, tmpl, NULL, NULL, include_private); |
245 | 0 | } |
246 | |
|
247 | 0 | if (!ok || (params = OSSL_PARAM_BLD_to_param(tmpl)) == NULL) { |
248 | 0 | ok = 0; |
249 | 0 | goto err; |
250 | 0 | } |
251 | | |
252 | 0 | ok = param_cb(params, cbarg); |
253 | 0 | OSSL_PARAM_free(params); |
254 | 0 | err: |
255 | 0 | OSSL_PARAM_BLD_free(tmpl); |
256 | 0 | return ok; |
257 | 0 | } |
258 | | |
259 | | /* IMEXPORT = IMPORT + EXPORT */ |
260 | | |
261 | | # define DSA_IMEXPORTABLE_PARAMETERS \ |
262 | | OSSL_PARAM_BN(OSSL_PKEY_PARAM_FFC_P, NULL, 0), \ |
263 | | OSSL_PARAM_BN(OSSL_PKEY_PARAM_FFC_Q, NULL, 0), \ |
264 | | OSSL_PARAM_BN(OSSL_PKEY_PARAM_FFC_G, NULL, 0), \ |
265 | | OSSL_PARAM_BN(OSSL_PKEY_PARAM_FFC_COFACTOR, NULL, 0), \ |
266 | | OSSL_PARAM_int(OSSL_PKEY_PARAM_FFC_GINDEX, NULL), \ |
267 | | OSSL_PARAM_int(OSSL_PKEY_PARAM_FFC_PCOUNTER, NULL), \ |
268 | | OSSL_PARAM_int(OSSL_PKEY_PARAM_FFC_H, NULL), \ |
269 | | OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_FFC_SEED, NULL, 0) |
270 | | # define DSA_IMEXPORTABLE_PUBLIC_KEY \ |
271 | | OSSL_PARAM_BN(OSSL_PKEY_PARAM_PUB_KEY, NULL, 0) |
272 | | # define DSA_IMEXPORTABLE_PRIVATE_KEY \ |
273 | | OSSL_PARAM_BN(OSSL_PKEY_PARAM_PRIV_KEY, NULL, 0) |
274 | | static const OSSL_PARAM dsa_all_types[] = { |
275 | | DSA_IMEXPORTABLE_PARAMETERS, |
276 | | DSA_IMEXPORTABLE_PUBLIC_KEY, |
277 | | DSA_IMEXPORTABLE_PRIVATE_KEY, |
278 | | OSSL_PARAM_END |
279 | | }; |
280 | | static const OSSL_PARAM dsa_parameter_types[] = { |
281 | | DSA_IMEXPORTABLE_PARAMETERS, |
282 | | OSSL_PARAM_END |
283 | | }; |
284 | | static const OSSL_PARAM dsa_key_types[] = { |
285 | | DSA_IMEXPORTABLE_PUBLIC_KEY, |
286 | | DSA_IMEXPORTABLE_PRIVATE_KEY, |
287 | | OSSL_PARAM_END |
288 | | }; |
289 | | static const OSSL_PARAM *dsa_types[] = { |
290 | | NULL, /* Index 0 = none of them */ |
291 | | dsa_parameter_types, /* Index 1 = parameter types */ |
292 | | dsa_key_types, /* Index 2 = key types */ |
293 | | dsa_all_types /* Index 3 = 1 + 2 */ |
294 | | }; |
295 | | |
296 | | static const OSSL_PARAM *dsa_imexport_types(int selection) |
297 | 0 | { |
298 | 0 | int type_select = 0; |
299 | |
|
300 | 0 | if ((selection & OSSL_KEYMGMT_SELECT_ALL_PARAMETERS) != 0) |
301 | 0 | type_select += 1; |
302 | 0 | if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) |
303 | 0 | type_select += 2; |
304 | 0 | return dsa_types[type_select]; |
305 | 0 | } |
306 | | |
307 | | static const OSSL_PARAM *dsa_import_types(int selection) |
308 | 0 | { |
309 | 0 | return dsa_imexport_types(selection); |
310 | 0 | } |
311 | | |
312 | | static const OSSL_PARAM *dsa_export_types(int selection) |
313 | 0 | { |
314 | 0 | return dsa_imexport_types(selection); |
315 | 0 | } |
316 | | |
317 | | struct dsa_params_st { |
318 | | FFC_OSSL_PARAMS ffp; |
319 | | OSSL_PARAM *bits; |
320 | | OSSL_PARAM *secbits; |
321 | | OSSL_PARAM *maxsize; |
322 | | OSSL_PARAM *seccat; |
323 | | OSSL_PARAM *digest; |
324 | | OSSL_PARAM *privkey; |
325 | | OSSL_PARAM *pubkey; |
326 | | }; |
327 | | |
328 | | #define dsa_get_params_st dsa_params_st |
329 | | |
330 | | /* Machine generated by util/perl/OpenSSL/paramnames.pm */ |
331 | | #ifndef dsa_get_params_list |
332 | | static const OSSL_PARAM dsa_get_params_list[] = { |
333 | | OSSL_PARAM_int(OSSL_PKEY_PARAM_BITS, NULL), |
334 | | OSSL_PARAM_int(OSSL_PKEY_PARAM_SECURITY_BITS, NULL), |
335 | | OSSL_PARAM_int(OSSL_PKEY_PARAM_MAX_SIZE, NULL), |
336 | | OSSL_PARAM_int(OSSL_PKEY_PARAM_SECURITY_CATEGORY, NULL), |
337 | | OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_DEFAULT_DIGEST, NULL, 0), |
338 | | OSSL_PARAM_BN(OSSL_PKEY_PARAM_FFC_P, NULL, 0), |
339 | | OSSL_PARAM_BN(OSSL_PKEY_PARAM_FFC_Q, NULL, 0), |
340 | | OSSL_PARAM_BN(OSSL_PKEY_PARAM_FFC_G, NULL, 0), |
341 | | OSSL_PARAM_BN(OSSL_PKEY_PARAM_FFC_COFACTOR, NULL, 0), |
342 | | OSSL_PARAM_int(OSSL_PKEY_PARAM_FFC_GINDEX, NULL), |
343 | | OSSL_PARAM_int(OSSL_PKEY_PARAM_FFC_PCOUNTER, NULL), |
344 | | OSSL_PARAM_int(OSSL_PKEY_PARAM_FFC_H, NULL), |
345 | | OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_FFC_SEED, NULL, 0), |
346 | | OSSL_PARAM_BN(OSSL_PKEY_PARAM_PUB_KEY, NULL, 0), |
347 | | OSSL_PARAM_BN(OSSL_PKEY_PARAM_PRIV_KEY, NULL, 0), |
348 | | OSSL_PARAM_END |
349 | | }; |
350 | | #endif |
351 | | |
352 | | #ifndef dsa_get_params_st |
353 | | struct dsa_get_params_st { |
354 | | OSSL_PARAM *bits; |
355 | | OSSL_PARAM *digest; |
356 | | OSSL_PARAM *ffp.cofactor; |
357 | | OSSL_PARAM *ffp.g; |
358 | | OSSL_PARAM *ffp.g_index; |
359 | | OSSL_PARAM *ffp.h; |
360 | | OSSL_PARAM *ffp.p; |
361 | | OSSL_PARAM *ffp.p_counter; |
362 | | OSSL_PARAM *ffp.q; |
363 | | OSSL_PARAM *ffp.seed; |
364 | | OSSL_PARAM *maxsize; |
365 | | OSSL_PARAM *privkey; |
366 | | OSSL_PARAM *pubkey; |
367 | | OSSL_PARAM *secbits; |
368 | | OSSL_PARAM *seccat; |
369 | | }; |
370 | | #endif |
371 | | |
372 | | #ifndef dsa_get_params_decoder |
373 | | static int dsa_get_params_decoder |
374 | | (const OSSL_PARAM *p, struct dsa_get_params_st *r) |
375 | 0 | { |
376 | 0 | const char *s; |
377 | |
|
378 | 0 | memset(r, 0, sizeof(*r)); |
379 | 0 | if (p != NULL) |
380 | 0 | for (; (s = p->key) != NULL; p++) |
381 | 0 | switch(s[0]) { |
382 | 0 | default: |
383 | 0 | break; |
384 | 0 | case 'b': |
385 | 0 | if (ossl_likely(strcmp("its", s + 1) == 0)) { |
386 | | /* OSSL_PKEY_PARAM_BITS */ |
387 | 0 | if (ossl_unlikely(r->bits != NULL)) { |
388 | 0 | ERR_raise_data(ERR_LIB_PROV, PROV_R_REPEATED_PARAMETER, |
389 | 0 | "param %s is repeated", s); |
390 | 0 | return 0; |
391 | 0 | } |
392 | 0 | r->bits = (OSSL_PARAM *)p; |
393 | 0 | } |
394 | 0 | break; |
395 | 0 | case 'd': |
396 | 0 | if (ossl_likely(strcmp("efault-digest", s + 1) == 0)) { |
397 | | /* OSSL_PKEY_PARAM_DEFAULT_DIGEST */ |
398 | 0 | if (ossl_unlikely(r->digest != NULL)) { |
399 | 0 | ERR_raise_data(ERR_LIB_PROV, PROV_R_REPEATED_PARAMETER, |
400 | 0 | "param %s is repeated", s); |
401 | 0 | return 0; |
402 | 0 | } |
403 | 0 | r->digest = (OSSL_PARAM *)p; |
404 | 0 | } |
405 | 0 | break; |
406 | 0 | case 'g': |
407 | 0 | switch(s[1]) { |
408 | 0 | default: |
409 | 0 | break; |
410 | 0 | case 'i': |
411 | 0 | if (ossl_likely(strcmp("ndex", s + 2) == 0)) { |
412 | | /* OSSL_PKEY_PARAM_FFC_GINDEX */ |
413 | 0 | if (ossl_unlikely(r->ffp.g_index != NULL)) { |
414 | 0 | ERR_raise_data(ERR_LIB_PROV, PROV_R_REPEATED_PARAMETER, |
415 | 0 | "param %s is repeated", s); |
416 | 0 | return 0; |
417 | 0 | } |
418 | 0 | r->ffp.g_index = (OSSL_PARAM *)p; |
419 | 0 | } |
420 | 0 | break; |
421 | 0 | case '\0': |
422 | 0 | if (ossl_unlikely(r->ffp.g != NULL)) { |
423 | 0 | ERR_raise_data(ERR_LIB_PROV, PROV_R_REPEATED_PARAMETER, |
424 | 0 | "param %s is repeated", s); |
425 | 0 | return 0; |
426 | 0 | } |
427 | 0 | r->ffp.g = (OSSL_PARAM *)p; |
428 | 0 | } |
429 | 0 | break; |
430 | 0 | case 'h': |
431 | 0 | if (ossl_likely(strcmp("index", s + 1) == 0)) { |
432 | | /* OSSL_PKEY_PARAM_FFC_H */ |
433 | 0 | if (ossl_unlikely(r->ffp.h != NULL)) { |
434 | 0 | ERR_raise_data(ERR_LIB_PROV, PROV_R_REPEATED_PARAMETER, |
435 | 0 | "param %s is repeated", s); |
436 | 0 | return 0; |
437 | 0 | } |
438 | 0 | r->ffp.h = (OSSL_PARAM *)p; |
439 | 0 | } |
440 | 0 | break; |
441 | 0 | case 'j': |
442 | 0 | switch(s[1]) { |
443 | 0 | default: |
444 | 0 | break; |
445 | 0 | case '\0': |
446 | 0 | if (ossl_unlikely(r->ffp.cofactor != NULL)) { |
447 | 0 | ERR_raise_data(ERR_LIB_PROV, PROV_R_REPEATED_PARAMETER, |
448 | 0 | "param %s is repeated", s); |
449 | 0 | return 0; |
450 | 0 | } |
451 | 0 | r->ffp.cofactor = (OSSL_PARAM *)p; |
452 | 0 | } |
453 | 0 | break; |
454 | 0 | case 'm': |
455 | 0 | if (ossl_likely(strcmp("ax-size", s + 1) == 0)) { |
456 | | /* OSSL_PKEY_PARAM_MAX_SIZE */ |
457 | 0 | if (ossl_unlikely(r->maxsize != NULL)) { |
458 | 0 | ERR_raise_data(ERR_LIB_PROV, PROV_R_REPEATED_PARAMETER, |
459 | 0 | "param %s is repeated", s); |
460 | 0 | return 0; |
461 | 0 | } |
462 | 0 | r->maxsize = (OSSL_PARAM *)p; |
463 | 0 | } |
464 | 0 | break; |
465 | 0 | case 'p': |
466 | 0 | switch(s[1]) { |
467 | 0 | default: |
468 | 0 | break; |
469 | 0 | case 'c': |
470 | 0 | if (ossl_likely(strcmp("ounter", s + 2) == 0)) { |
471 | | /* OSSL_PKEY_PARAM_FFC_PCOUNTER */ |
472 | 0 | if (ossl_unlikely(r->ffp.p_counter != NULL)) { |
473 | 0 | ERR_raise_data(ERR_LIB_PROV, PROV_R_REPEATED_PARAMETER, |
474 | 0 | "param %s is repeated", s); |
475 | 0 | return 0; |
476 | 0 | } |
477 | 0 | r->ffp.p_counter = (OSSL_PARAM *)p; |
478 | 0 | } |
479 | 0 | break; |
480 | 0 | case 'r': |
481 | 0 | if (ossl_likely(strcmp("iv", s + 2) == 0)) { |
482 | | /* OSSL_PKEY_PARAM_PRIV_KEY */ |
483 | 0 | if (ossl_unlikely(r->privkey != NULL)) { |
484 | 0 | ERR_raise_data(ERR_LIB_PROV, PROV_R_REPEATED_PARAMETER, |
485 | 0 | "param %s is repeated", s); |
486 | 0 | return 0; |
487 | 0 | } |
488 | 0 | r->privkey = (OSSL_PARAM *)p; |
489 | 0 | } |
490 | 0 | break; |
491 | 0 | case 'u': |
492 | 0 | if (ossl_likely(strcmp("b", s + 2) == 0)) { |
493 | | /* OSSL_PKEY_PARAM_PUB_KEY */ |
494 | 0 | if (ossl_unlikely(r->pubkey != NULL)) { |
495 | 0 | ERR_raise_data(ERR_LIB_PROV, PROV_R_REPEATED_PARAMETER, |
496 | 0 | "param %s is repeated", s); |
497 | 0 | return 0; |
498 | 0 | } |
499 | 0 | r->pubkey = (OSSL_PARAM *)p; |
500 | 0 | } |
501 | 0 | break; |
502 | 0 | case '\0': |
503 | 0 | if (ossl_unlikely(r->ffp.p != NULL)) { |
504 | 0 | ERR_raise_data(ERR_LIB_PROV, PROV_R_REPEATED_PARAMETER, |
505 | 0 | "param %s is repeated", s); |
506 | 0 | return 0; |
507 | 0 | } |
508 | 0 | r->ffp.p = (OSSL_PARAM *)p; |
509 | 0 | } |
510 | 0 | break; |
511 | 0 | case 'q': |
512 | 0 | switch(s[1]) { |
513 | 0 | default: |
514 | 0 | break; |
515 | 0 | case '\0': |
516 | 0 | if (ossl_unlikely(r->ffp.q != NULL)) { |
517 | 0 | ERR_raise_data(ERR_LIB_PROV, PROV_R_REPEATED_PARAMETER, |
518 | 0 | "param %s is repeated", s); |
519 | 0 | return 0; |
520 | 0 | } |
521 | 0 | r->ffp.q = (OSSL_PARAM *)p; |
522 | 0 | } |
523 | 0 | break; |
524 | 0 | case 's': |
525 | 0 | switch(s[1]) { |
526 | 0 | default: |
527 | 0 | break; |
528 | 0 | case 'e': |
529 | 0 | switch(s[2]) { |
530 | 0 | default: |
531 | 0 | break; |
532 | 0 | case 'c': |
533 | 0 | switch(s[3]) { |
534 | 0 | default: |
535 | 0 | break; |
536 | 0 | case 'u': |
537 | 0 | switch(s[4]) { |
538 | 0 | default: |
539 | 0 | break; |
540 | 0 | case 'r': |
541 | 0 | switch(s[5]) { |
542 | 0 | default: |
543 | 0 | break; |
544 | 0 | case 'i': |
545 | 0 | switch(s[6]) { |
546 | 0 | default: |
547 | 0 | break; |
548 | 0 | case 't': |
549 | 0 | switch(s[7]) { |
550 | 0 | default: |
551 | 0 | break; |
552 | 0 | case 'y': |
553 | 0 | switch(s[8]) { |
554 | 0 | default: |
555 | 0 | break; |
556 | 0 | case '-': |
557 | 0 | switch(s[9]) { |
558 | 0 | default: |
559 | 0 | break; |
560 | 0 | case 'b': |
561 | 0 | if (ossl_likely(strcmp("its", s + 10) == 0)) { |
562 | | /* OSSL_PKEY_PARAM_SECURITY_BITS */ |
563 | 0 | if (ossl_unlikely(r->secbits != NULL)) { |
564 | 0 | ERR_raise_data(ERR_LIB_PROV, PROV_R_REPEATED_PARAMETER, |
565 | 0 | "param %s is repeated", s); |
566 | 0 | return 0; |
567 | 0 | } |
568 | 0 | r->secbits = (OSSL_PARAM *)p; |
569 | 0 | } |
570 | 0 | break; |
571 | 0 | case 'c': |
572 | 0 | if (ossl_likely(strcmp("ategory", s + 10) == 0)) { |
573 | | /* OSSL_PKEY_PARAM_SECURITY_CATEGORY */ |
574 | 0 | if (ossl_unlikely(r->seccat != NULL)) { |
575 | 0 | ERR_raise_data(ERR_LIB_PROV, PROV_R_REPEATED_PARAMETER, |
576 | 0 | "param %s is repeated", s); |
577 | 0 | return 0; |
578 | 0 | } |
579 | 0 | r->seccat = (OSSL_PARAM *)p; |
580 | 0 | } |
581 | 0 | } |
582 | 0 | } |
583 | 0 | } |
584 | 0 | } |
585 | 0 | } |
586 | 0 | } |
587 | 0 | } |
588 | 0 | break; |
589 | 0 | case 'e': |
590 | 0 | if (ossl_likely(strcmp("d", s + 3) == 0)) { |
591 | | /* OSSL_PKEY_PARAM_FFC_SEED */ |
592 | 0 | if (ossl_unlikely(r->ffp.seed != NULL)) { |
593 | 0 | ERR_raise_data(ERR_LIB_PROV, PROV_R_REPEATED_PARAMETER, |
594 | 0 | "param %s is repeated", s); |
595 | 0 | return 0; |
596 | 0 | } |
597 | 0 | r->ffp.seed = (OSSL_PARAM *)p; |
598 | 0 | } |
599 | 0 | } |
600 | 0 | } |
601 | 0 | } |
602 | 0 | return 1; |
603 | 0 | } |
604 | | #endif |
605 | | /* End of machine generated */ |
606 | | |
607 | | static ossl_inline int dsa_get_params(void *key, OSSL_PARAM params[]) |
608 | 0 | { |
609 | 0 | DSA *dsa = key; |
610 | 0 | struct dsa_params_st p; |
611 | |
|
612 | 0 | if (key == NULL || !dsa_get_params_decoder(params, &p)) |
613 | 0 | return 0; |
614 | | |
615 | 0 | if (p.bits != NULL && !OSSL_PARAM_set_int(p.bits, DSA_bits(dsa))) |
616 | 0 | return 0; |
617 | | |
618 | 0 | if (p.secbits != NULL && !OSSL_PARAM_set_int(p.secbits, DSA_security_bits(dsa))) |
619 | 0 | return 0; |
620 | | |
621 | 0 | if (p.maxsize != NULL && !OSSL_PARAM_set_int(p.maxsize, DSA_size(dsa))) |
622 | 0 | return 0; |
623 | | |
624 | 0 | if (p.digest != NULL && !OSSL_PARAM_set_utf8_string(p.digest, DSA_DEFAULT_MD)) |
625 | 0 | return 0; |
626 | | |
627 | 0 | if (p.seccat != NULL && !OSSL_PARAM_set_int(p.seccat, 0)) |
628 | 0 | return 0; |
629 | | |
630 | 0 | return ossl_ffc_params_todata(ossl_dsa_get0_params(dsa), NULL, &p.ffp) |
631 | 0 | && dsa_key_todata(dsa, NULL, p.pubkey, p.privkey, 1); |
632 | 0 | } |
633 | | |
634 | | static const OSSL_PARAM *dsa_gettable_params(void *provctx) |
635 | 0 | { |
636 | 0 | return dsa_get_params_list; |
637 | 0 | } |
638 | | |
639 | | static int dsa_validate_domparams(const DSA *dsa, int checktype) |
640 | 0 | { |
641 | 0 | int status = 0; |
642 | |
|
643 | 0 | return ossl_dsa_check_params(dsa, checktype, &status); |
644 | 0 | } |
645 | | |
646 | | static int dsa_validate_public(const DSA *dsa) |
647 | 0 | { |
648 | 0 | int status = 0; |
649 | 0 | const BIGNUM *pub_key = NULL; |
650 | |
|
651 | 0 | DSA_get0_key(dsa, &pub_key, NULL); |
652 | 0 | if (pub_key == NULL) |
653 | 0 | return 0; |
654 | 0 | return ossl_dsa_check_pub_key(dsa, pub_key, &status); |
655 | 0 | } |
656 | | |
657 | | static int dsa_validate_private(const DSA *dsa) |
658 | 0 | { |
659 | 0 | int status = 0; |
660 | 0 | const BIGNUM *priv_key = NULL; |
661 | |
|
662 | 0 | DSA_get0_key(dsa, NULL, &priv_key); |
663 | 0 | if (priv_key == NULL) |
664 | 0 | return 0; |
665 | 0 | return ossl_dsa_check_priv_key(dsa, priv_key, &status); |
666 | 0 | } |
667 | | |
668 | | static int dsa_validate(const void *keydata, int selection, int checktype) |
669 | 0 | { |
670 | 0 | const DSA *dsa = keydata; |
671 | 0 | int ok = 1; |
672 | |
|
673 | 0 | if (!ossl_prov_is_running()) |
674 | 0 | return 0; |
675 | | |
676 | 0 | if ((selection & DSA_POSSIBLE_SELECTIONS) == 0) |
677 | 0 | return 1; /* nothing to validate */ |
678 | | |
679 | 0 | if ((selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) != 0) |
680 | 0 | ok = ok && dsa_validate_domparams(dsa, checktype); |
681 | |
|
682 | 0 | if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) |
683 | 0 | ok = ok && dsa_validate_public(dsa); |
684 | |
|
685 | 0 | if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) |
686 | 0 | ok = ok && dsa_validate_private(dsa); |
687 | | |
688 | | /* If the whole key is selected, we do a pairwise validation */ |
689 | 0 | if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) |
690 | 0 | == OSSL_KEYMGMT_SELECT_KEYPAIR) |
691 | 0 | ok = ok && ossl_dsa_check_pairwise(dsa); |
692 | 0 | return ok; |
693 | 0 | } |
694 | | |
695 | | static void *dsa_gen_init(void *provctx, int selection, |
696 | | const OSSL_PARAM params[]) |
697 | 0 | { |
698 | 0 | OSSL_LIB_CTX *libctx = PROV_LIBCTX_OF(provctx); |
699 | 0 | struct dsa_gen_ctx *gctx = NULL; |
700 | |
|
701 | 0 | if (!ossl_prov_is_running() || (selection & DSA_POSSIBLE_SELECTIONS) == 0) |
702 | 0 | return NULL; |
703 | | |
704 | 0 | if ((gctx = OPENSSL_zalloc(sizeof(*gctx))) != NULL) { |
705 | 0 | gctx->selection = selection; |
706 | 0 | gctx->libctx = libctx; |
707 | 0 | gctx->pbits = 2048; |
708 | 0 | gctx->qbits = 224; |
709 | | #ifdef FIPS_MODULE |
710 | | gctx->gen_type = DSA_PARAMGEN_TYPE_FIPS_186_4; |
711 | | #else |
712 | 0 | gctx->gen_type = DSA_PARAMGEN_TYPE_FIPS_DEFAULT; |
713 | 0 | #endif |
714 | 0 | gctx->gindex = -1; |
715 | 0 | gctx->pcounter = -1; |
716 | 0 | gctx->hindex = 0; |
717 | 0 | OSSL_FIPS_IND_INIT(gctx) |
718 | 0 | } |
719 | 0 | if (!dsa_gen_set_params(gctx, params)) { |
720 | 0 | dsa_gen_cleanup(gctx); |
721 | 0 | gctx = NULL; |
722 | 0 | } |
723 | 0 | return gctx; |
724 | 0 | } |
725 | | |
726 | | static int dsa_gen_set_template(void *genctx, void *templ) |
727 | 0 | { |
728 | 0 | struct dsa_gen_ctx *gctx = genctx; |
729 | 0 | DSA *dsa = templ; |
730 | |
|
731 | 0 | if (!ossl_prov_is_running() || gctx == NULL || dsa == NULL) |
732 | 0 | return 0; |
733 | 0 | gctx->ffc_params = ossl_dsa_get0_params(dsa); |
734 | 0 | return 1; |
735 | 0 | } |
736 | | |
737 | | static int dsa_set_gen_seed(struct dsa_gen_ctx *gctx, unsigned char *seed, |
738 | | size_t seedlen) |
739 | 0 | { |
740 | 0 | OPENSSL_clear_free(gctx->seed, gctx->seedlen); |
741 | 0 | gctx->seed = NULL; |
742 | 0 | gctx->seedlen = 0; |
743 | 0 | if (seed != NULL && seedlen > 0) { |
744 | 0 | gctx->seed = OPENSSL_memdup(seed, seedlen); |
745 | 0 | if (gctx->seed == NULL) |
746 | 0 | return 0; |
747 | 0 | gctx->seedlen = seedlen; |
748 | 0 | } |
749 | 0 | return 1; |
750 | 0 | } |
751 | | |
752 | | /* Machine generated by util/perl/OpenSSL/paramnames.pm */ |
753 | | #ifndef dsa_gen_set_params_list |
754 | | static const OSSL_PARAM dsa_gen_set_params_list[] = { |
755 | | OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_FFC_TYPE, NULL, 0), |
756 | | OSSL_PARAM_size_t(OSSL_PKEY_PARAM_FFC_PBITS, NULL), |
757 | | OSSL_PARAM_size_t(OSSL_PKEY_PARAM_FFC_QBITS, NULL), |
758 | | OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_FFC_DIGEST, NULL, 0), |
759 | | OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_FFC_DIGEST_PROPS, NULL, 0), |
760 | | OSSL_PARAM_int(OSSL_PKEY_PARAM_FFC_GINDEX, NULL), |
761 | | OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_FFC_SEED, NULL, 0), |
762 | | OSSL_PARAM_int(OSSL_PKEY_PARAM_FFC_PCOUNTER, NULL), |
763 | | OSSL_PARAM_int(OSSL_PKEY_PARAM_FFC_H, NULL), |
764 | | # if defined(FIPS_MODULE) |
765 | | OSSL_PARAM_int(OSSL_PKEY_PARAM_FIPS_SIGN_CHECK, NULL), |
766 | | # endif |
767 | | OSSL_PARAM_END |
768 | | }; |
769 | | #endif |
770 | | |
771 | | #ifndef dsa_gen_set_params_st |
772 | | struct dsa_gen_set_params_st { |
773 | | OSSL_PARAM *digest; |
774 | | OSSL_PARAM *g_index; |
775 | | OSSL_PARAM *h; |
776 | | # if defined(FIPS_MODULE) |
777 | | OSSL_PARAM *ind_sign; |
778 | | # endif |
779 | | OSSL_PARAM *p_counter; |
780 | | OSSL_PARAM *pbits; |
781 | | OSSL_PARAM *propq; |
782 | | OSSL_PARAM *qbits; |
783 | | OSSL_PARAM *seed; |
784 | | OSSL_PARAM *type; |
785 | | }; |
786 | | #endif |
787 | | |
788 | | #ifndef dsa_gen_set_params_decoder |
789 | | static int dsa_gen_set_params_decoder |
790 | | (const OSSL_PARAM *p, struct dsa_gen_set_params_st *r) |
791 | 0 | { |
792 | 0 | const char *s; |
793 | |
|
794 | 0 | memset(r, 0, sizeof(*r)); |
795 | 0 | if (p != NULL) |
796 | 0 | for (; (s = p->key) != NULL; p++) |
797 | 0 | switch(s[0]) { |
798 | 0 | default: |
799 | 0 | break; |
800 | 0 | case 'd': |
801 | 0 | if (ossl_likely(strcmp("igest", s + 1) == 0)) { |
802 | | /* OSSL_PKEY_PARAM_FFC_DIGEST */ |
803 | 0 | if (ossl_unlikely(r->digest != NULL)) { |
804 | 0 | ERR_raise_data(ERR_LIB_PROV, PROV_R_REPEATED_PARAMETER, |
805 | 0 | "param %s is repeated", s); |
806 | 0 | return 0; |
807 | 0 | } |
808 | 0 | r->digest = (OSSL_PARAM *)p; |
809 | 0 | } |
810 | 0 | break; |
811 | 0 | case 'g': |
812 | 0 | if (ossl_likely(strcmp("index", s + 1) == 0)) { |
813 | | /* OSSL_PKEY_PARAM_FFC_GINDEX */ |
814 | 0 | if (ossl_unlikely(r->g_index != NULL)) { |
815 | 0 | ERR_raise_data(ERR_LIB_PROV, PROV_R_REPEATED_PARAMETER, |
816 | 0 | "param %s is repeated", s); |
817 | 0 | return 0; |
818 | 0 | } |
819 | 0 | r->g_index = (OSSL_PARAM *)p; |
820 | 0 | } |
821 | 0 | break; |
822 | 0 | case 'h': |
823 | 0 | if (ossl_likely(strcmp("index", s + 1) == 0)) { |
824 | | /* OSSL_PKEY_PARAM_FFC_H */ |
825 | 0 | if (ossl_unlikely(r->h != NULL)) { |
826 | 0 | ERR_raise_data(ERR_LIB_PROV, PROV_R_REPEATED_PARAMETER, |
827 | 0 | "param %s is repeated", s); |
828 | 0 | return 0; |
829 | 0 | } |
830 | 0 | r->h = (OSSL_PARAM *)p; |
831 | 0 | } |
832 | 0 | break; |
833 | 0 | case 'p': |
834 | 0 | switch(s[1]) { |
835 | 0 | default: |
836 | 0 | break; |
837 | 0 | case 'b': |
838 | 0 | if (ossl_likely(strcmp("its", s + 2) == 0)) { |
839 | | /* OSSL_PKEY_PARAM_FFC_PBITS */ |
840 | 0 | if (ossl_unlikely(r->pbits != NULL)) { |
841 | 0 | ERR_raise_data(ERR_LIB_PROV, PROV_R_REPEATED_PARAMETER, |
842 | 0 | "param %s is repeated", s); |
843 | 0 | return 0; |
844 | 0 | } |
845 | 0 | r->pbits = (OSSL_PARAM *)p; |
846 | 0 | } |
847 | 0 | break; |
848 | 0 | case 'c': |
849 | 0 | if (ossl_likely(strcmp("ounter", s + 2) == 0)) { |
850 | | /* OSSL_PKEY_PARAM_FFC_PCOUNTER */ |
851 | 0 | if (ossl_unlikely(r->p_counter != NULL)) { |
852 | 0 | ERR_raise_data(ERR_LIB_PROV, PROV_R_REPEATED_PARAMETER, |
853 | 0 | "param %s is repeated", s); |
854 | 0 | return 0; |
855 | 0 | } |
856 | 0 | r->p_counter = (OSSL_PARAM *)p; |
857 | 0 | } |
858 | 0 | break; |
859 | 0 | case 'r': |
860 | 0 | if (ossl_likely(strcmp("operties", s + 2) == 0)) { |
861 | | /* OSSL_PKEY_PARAM_FFC_DIGEST_PROPS */ |
862 | 0 | if (ossl_unlikely(r->propq != NULL)) { |
863 | 0 | ERR_raise_data(ERR_LIB_PROV, PROV_R_REPEATED_PARAMETER, |
864 | 0 | "param %s is repeated", s); |
865 | 0 | return 0; |
866 | 0 | } |
867 | 0 | r->propq = (OSSL_PARAM *)p; |
868 | 0 | } |
869 | 0 | } |
870 | 0 | break; |
871 | 0 | case 'q': |
872 | 0 | if (ossl_likely(strcmp("bits", s + 1) == 0)) { |
873 | | /* OSSL_PKEY_PARAM_FFC_QBITS */ |
874 | 0 | if (ossl_unlikely(r->qbits != NULL)) { |
875 | 0 | ERR_raise_data(ERR_LIB_PROV, PROV_R_REPEATED_PARAMETER, |
876 | 0 | "param %s is repeated", s); |
877 | 0 | return 0; |
878 | 0 | } |
879 | 0 | r->qbits = (OSSL_PARAM *)p; |
880 | 0 | } |
881 | 0 | break; |
882 | 0 | case 's': |
883 | 0 | switch(s[1]) { |
884 | 0 | default: |
885 | 0 | break; |
886 | 0 | case 'e': |
887 | 0 | if (ossl_likely(strcmp("ed", s + 2) == 0)) { |
888 | | /* OSSL_PKEY_PARAM_FFC_SEED */ |
889 | 0 | if (ossl_unlikely(r->seed != NULL)) { |
890 | 0 | ERR_raise_data(ERR_LIB_PROV, PROV_R_REPEATED_PARAMETER, |
891 | 0 | "param %s is repeated", s); |
892 | 0 | return 0; |
893 | 0 | } |
894 | 0 | r->seed = (OSSL_PARAM *)p; |
895 | 0 | } |
896 | 0 | break; |
897 | 0 | case 'i': |
898 | | # if defined(FIPS_MODULE) |
899 | | if (ossl_likely(strcmp("gn-check", s + 2) == 0)) { |
900 | | /* OSSL_PKEY_PARAM_FIPS_SIGN_CHECK */ |
901 | | if (ossl_unlikely(r->ind_sign != NULL)) { |
902 | | ERR_raise_data(ERR_LIB_PROV, PROV_R_REPEATED_PARAMETER, |
903 | | "param %s is repeated", s); |
904 | | return 0; |
905 | | } |
906 | | r->ind_sign = (OSSL_PARAM *)p; |
907 | | } |
908 | | # endif |
909 | 0 | break; |
910 | 0 | } |
911 | 0 | break; |
912 | 0 | case 't': |
913 | 0 | if (ossl_likely(strcmp("ype", s + 1) == 0)) { |
914 | | /* OSSL_PKEY_PARAM_FFC_TYPE */ |
915 | 0 | if (ossl_unlikely(r->type != NULL)) { |
916 | 0 | ERR_raise_data(ERR_LIB_PROV, PROV_R_REPEATED_PARAMETER, |
917 | 0 | "param %s is repeated", s); |
918 | 0 | return 0; |
919 | 0 | } |
920 | 0 | r->type = (OSSL_PARAM *)p; |
921 | 0 | } |
922 | 0 | } |
923 | 0 | return 1; |
924 | 0 | } |
925 | | #endif |
926 | | /* End of machine generated */ |
927 | | |
928 | | static int dsa_gen_set_params(void *genctx, const OSSL_PARAM params[]) |
929 | 0 | { |
930 | 0 | struct dsa_gen_ctx *gctx = genctx; |
931 | 0 | struct dsa_gen_set_params_st p; |
932 | 0 | int gen_type = -1; |
933 | |
|
934 | 0 | if (gctx == NULL || !dsa_gen_set_params_decoder(params, &p)) |
935 | 0 | return 0; |
936 | | |
937 | 0 | if (!OSSL_FIPS_IND_SET_CTX_FROM_PARAM(gctx, OSSL_FIPS_IND_SETTABLE0, |
938 | 0 | p.ind_sign)) |
939 | 0 | return 0; |
940 | | |
941 | 0 | if (p.type != NULL) { |
942 | 0 | if (p.type->data_type != OSSL_PARAM_UTF8_STRING |
943 | 0 | || ((gen_type = dsa_gen_type_name2id(p.type->data)) == -1)) { |
944 | 0 | ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_INVALID_ARGUMENT); |
945 | 0 | return 0; |
946 | 0 | } |
947 | | |
948 | | /* |
949 | | * Only assign context gen_type if it was set by dsa_gen_type_name2id |
950 | | * must be in range: |
951 | | * DSA_PARAMGEN_TYPE_FIPS_186_4 <= gen_type <= DSA_PARAMGEN_TYPE_FIPS_DEFAULT |
952 | | */ |
953 | 0 | if (gen_type != -1) |
954 | 0 | gctx->gen_type = gen_type; |
955 | 0 | } |
956 | | |
957 | 0 | if (p.g_index != NULL && !OSSL_PARAM_get_int(p.g_index, &gctx->gindex)) |
958 | 0 | return 0; |
959 | | |
960 | 0 | if (p.p_counter != NULL && !OSSL_PARAM_get_int(p.p_counter, &gctx->pcounter)) |
961 | 0 | return 0; |
962 | | |
963 | 0 | if (p.h != NULL && !OSSL_PARAM_get_int(p.h, &gctx->hindex)) |
964 | 0 | return 0; |
965 | | |
966 | 0 | if (p.seed != NULL |
967 | 0 | && (p.seed->data_type != OSSL_PARAM_OCTET_STRING |
968 | 0 | || !dsa_set_gen_seed(gctx, p.seed->data, p.seed->data_size))) |
969 | 0 | return 0; |
970 | | |
971 | 0 | if (p.pbits != NULL && !OSSL_PARAM_get_size_t(p.pbits, &gctx->pbits)) |
972 | 0 | return 0; |
973 | | |
974 | 0 | if (p.qbits != NULL && !OSSL_PARAM_get_size_t(p.qbits, &gctx->qbits)) |
975 | 0 | return 0; |
976 | | |
977 | 0 | if (p.digest != NULL) { |
978 | 0 | if (p.digest->data_type != OSSL_PARAM_UTF8_STRING) |
979 | 0 | return 0; |
980 | 0 | OPENSSL_free(gctx->mdname); |
981 | 0 | gctx->mdname = OPENSSL_strdup(p.digest->data); |
982 | 0 | if (gctx->mdname == NULL) |
983 | 0 | return 0; |
984 | 0 | } |
985 | | |
986 | 0 | if (p.propq != NULL) { |
987 | 0 | if (p.propq->data_type != OSSL_PARAM_UTF8_STRING) |
988 | 0 | return 0; |
989 | 0 | OPENSSL_free(gctx->mdprops); |
990 | 0 | gctx->mdprops = OPENSSL_strdup(p.propq->data); |
991 | 0 | if (gctx->mdprops == NULL) |
992 | 0 | return 0; |
993 | 0 | } |
994 | 0 | return 1; |
995 | 0 | } |
996 | | |
997 | | static const OSSL_PARAM *dsa_gen_settable_params(ossl_unused void *genctx, |
998 | | ossl_unused void *provctx) |
999 | 0 | { |
1000 | 0 | return dsa_gen_set_params_list; |
1001 | 0 | } |
1002 | | |
1003 | | /* Machine generated by util/perl/OpenSSL/paramnames.pm */ |
1004 | | #ifndef dsa_gen_get_params_list |
1005 | | static const OSSL_PARAM dsa_gen_get_params_list[] = { |
1006 | | # if defined(FIPS_MODULE) |
1007 | | OSSL_PARAM_int(OSSL_PKEY_PARAM_FIPS_APPROVED_INDICATOR, NULL), |
1008 | | # endif |
1009 | | OSSL_PARAM_END |
1010 | | }; |
1011 | | #endif |
1012 | | |
1013 | | #ifndef dsa_gen_get_params_st |
1014 | | struct dsa_gen_get_params_st { |
1015 | | # if defined(FIPS_MODULE) |
1016 | | OSSL_PARAM *ind; |
1017 | | # else |
1018 | | int dummy; /* unused */ |
1019 | | # endif |
1020 | | }; |
1021 | | #endif |
1022 | | |
1023 | | #ifndef dsa_gen_get_params_decoder |
1024 | | static int dsa_gen_get_params_decoder |
1025 | | (const OSSL_PARAM *p, struct dsa_gen_get_params_st *r) |
1026 | 0 | { |
1027 | 0 | const char *s; |
1028 | |
|
1029 | 0 | memset(r, 0, sizeof(*r)); |
1030 | 0 | if (p != NULL) |
1031 | 0 | for (; (s = p->key) != NULL; p++) |
1032 | | # if defined(FIPS_MODULE) |
1033 | | if (ossl_likely(strcmp("fips-indicator", s + 0) == 0)) { |
1034 | | /* OSSL_PKEY_PARAM_FIPS_APPROVED_INDICATOR */ |
1035 | | if (ossl_unlikely(r->ind != NULL)) { |
1036 | | ERR_raise_data(ERR_LIB_PROV, PROV_R_REPEATED_PARAMETER, |
1037 | | "param %s is repeated", s); |
1038 | | return 0; |
1039 | | } |
1040 | | r->ind = (OSSL_PARAM *)p; |
1041 | | } |
1042 | | # else |
1043 | 0 | ; |
1044 | 0 | # endif |
1045 | 0 | return 1; |
1046 | 0 | } |
1047 | | #endif |
1048 | | /* End of machine generated */ |
1049 | | |
1050 | | static int dsa_gen_get_params(void *genctx, OSSL_PARAM *params) |
1051 | 0 | { |
1052 | 0 | struct dsa_gen_ctx *gctx = genctx; |
1053 | 0 | struct dsa_gen_get_params_st p; |
1054 | |
|
1055 | 0 | if (gctx == NULL || !dsa_gen_get_params_decoder(params, &p)) |
1056 | 0 | return 0; |
1057 | | |
1058 | 0 | if (!OSSL_FIPS_IND_GET_CTX_FROM_PARAM(gctx, p.ind)) |
1059 | 0 | return 0; |
1060 | 0 | return 1; |
1061 | 0 | } |
1062 | | |
1063 | | static const OSSL_PARAM *dsa_gen_gettable_params(ossl_unused void *ctx, |
1064 | | ossl_unused void *provctx) |
1065 | 0 | { |
1066 | 0 | return dsa_gen_get_params_list; |
1067 | 0 | } |
1068 | | |
1069 | | static int dsa_gencb(int p, int n, BN_GENCB *cb) |
1070 | 0 | { |
1071 | 0 | struct dsa_gen_ctx *gctx = BN_GENCB_get_arg(cb); |
1072 | 0 | OSSL_PARAM params[] = { OSSL_PARAM_END, OSSL_PARAM_END, OSSL_PARAM_END }; |
1073 | |
|
1074 | 0 | params[0] = OSSL_PARAM_construct_int(OSSL_GEN_PARAM_POTENTIAL, &p); |
1075 | 0 | params[1] = OSSL_PARAM_construct_int(OSSL_GEN_PARAM_ITERATION, &n); |
1076 | |
|
1077 | 0 | return gctx->cb(params, gctx->cbarg); |
1078 | 0 | } |
1079 | | |
1080 | | static void *dsa_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg) |
1081 | 0 | { |
1082 | 0 | struct dsa_gen_ctx *gctx = genctx; |
1083 | 0 | DSA *dsa = NULL; |
1084 | 0 | BN_GENCB *gencb = NULL; |
1085 | 0 | int ret = 0; |
1086 | 0 | FFC_PARAMS *ffc; |
1087 | |
|
1088 | 0 | if (!ossl_prov_is_running() || gctx == NULL) |
1089 | 0 | return NULL; |
1090 | | |
1091 | | #ifdef FIPS_MODULE |
1092 | | /* |
1093 | | * DSA signing is not approved in FIPS 140-3, so there is no |
1094 | | * need for DSA keygen either. |
1095 | | */ |
1096 | | if (!OSSL_FIPS_IND_ON_UNAPPROVED(gctx, OSSL_FIPS_IND_SETTABLE0, |
1097 | | gctx->libctx, "DSA", "Keygen", |
1098 | | ossl_fips_config_dsa_sign_disallowed)) |
1099 | | return 0; |
1100 | | #endif |
1101 | | |
1102 | 0 | dsa = ossl_dsa_new(gctx->libctx); |
1103 | 0 | if (dsa == NULL) |
1104 | 0 | return NULL; |
1105 | | |
1106 | 0 | if (gctx->gen_type == DSA_PARAMGEN_TYPE_FIPS_DEFAULT) |
1107 | 0 | gctx->gen_type = (gctx->pbits >= 2048 ? DSA_PARAMGEN_TYPE_FIPS_186_4 : |
1108 | 0 | DSA_PARAMGEN_TYPE_FIPS_186_2); |
1109 | | |
1110 | | /* |
1111 | | * Do a bounds check on context gen_type. Must be in range: |
1112 | | * DSA_PARAMGEN_TYPE_FIPS_186_4 <= gen_type <= DSA_PARAMGEN_TYPE_FIPS_DEFAULT |
1113 | | * Noted here as this needs to be adjusted if a new type is |
1114 | | * added. |
1115 | | */ |
1116 | 0 | if (!ossl_assert((gctx->gen_type >= DSA_PARAMGEN_TYPE_FIPS_186_4) |
1117 | 0 | && (gctx->gen_type <= DSA_PARAMGEN_TYPE_FIPS_DEFAULT))) { |
1118 | 0 | ERR_raise_data(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR, |
1119 | 0 | "gen_type set to unsupported value %d", gctx->gen_type); |
1120 | 0 | goto end; |
1121 | 0 | } |
1122 | | |
1123 | 0 | gctx->cb = osslcb; |
1124 | 0 | gctx->cbarg = cbarg; |
1125 | 0 | gencb = BN_GENCB_new(); |
1126 | 0 | if (gencb != NULL) |
1127 | 0 | BN_GENCB_set(gencb, dsa_gencb, genctx); |
1128 | |
|
1129 | 0 | ffc = ossl_dsa_get0_params(dsa); |
1130 | | /* Copy the template value if one was passed */ |
1131 | 0 | if (gctx->ffc_params != NULL |
1132 | 0 | && !ossl_ffc_params_copy(ffc, gctx->ffc_params)) |
1133 | 0 | goto end; |
1134 | | |
1135 | 0 | if (gctx->seed != NULL |
1136 | 0 | && !ossl_ffc_params_set_seed(ffc, gctx->seed, gctx->seedlen)) |
1137 | 0 | goto end; |
1138 | 0 | if (gctx->gindex != -1) { |
1139 | 0 | ossl_ffc_params_set_gindex(ffc, gctx->gindex); |
1140 | 0 | if (gctx->pcounter != -1) |
1141 | 0 | ossl_ffc_params_set_pcounter(ffc, gctx->pcounter); |
1142 | 0 | } else if (gctx->hindex != 0) { |
1143 | 0 | ossl_ffc_params_set_h(ffc, gctx->hindex); |
1144 | 0 | } |
1145 | 0 | if (gctx->mdname != NULL) |
1146 | 0 | ossl_ffc_set_digest(ffc, gctx->mdname, gctx->mdprops); |
1147 | |
|
1148 | 0 | if ((gctx->selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) != 0) { |
1149 | |
|
1150 | 0 | if (ossl_dsa_generate_ffc_parameters(dsa, gctx->gen_type, |
1151 | 0 | (int)gctx->pbits, |
1152 | 0 | (int)gctx->qbits, gencb) <= 0) |
1153 | 0 | goto end; |
1154 | 0 | } |
1155 | 0 | ossl_ffc_params_enable_flags(ffc, FFC_PARAM_FLAG_VALIDATE_LEGACY, |
1156 | 0 | gctx->gen_type == DSA_PARAMGEN_TYPE_FIPS_186_2); |
1157 | 0 | if ((gctx->selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) { |
1158 | 0 | if (ffc->p == NULL |
1159 | 0 | || ffc->q == NULL |
1160 | 0 | || ffc->g == NULL) |
1161 | 0 | goto end; |
1162 | 0 | if (DSA_generate_key(dsa) <= 0) |
1163 | 0 | goto end; |
1164 | 0 | } |
1165 | 0 | ret = 1; |
1166 | 0 | end: |
1167 | 0 | if (ret <= 0) { |
1168 | 0 | DSA_free(dsa); |
1169 | 0 | dsa = NULL; |
1170 | 0 | } |
1171 | 0 | BN_GENCB_free(gencb); |
1172 | 0 | return dsa; |
1173 | 0 | } |
1174 | | |
1175 | | static void dsa_gen_cleanup(void *genctx) |
1176 | 0 | { |
1177 | 0 | struct dsa_gen_ctx *gctx = genctx; |
1178 | |
|
1179 | 0 | if (gctx == NULL) |
1180 | 0 | return; |
1181 | | |
1182 | 0 | OPENSSL_free(gctx->mdname); |
1183 | 0 | OPENSSL_free(gctx->mdprops); |
1184 | 0 | OPENSSL_clear_free(gctx->seed, gctx->seedlen); |
1185 | 0 | OPENSSL_free(gctx); |
1186 | 0 | } |
1187 | | |
1188 | | static void *dsa_load(const void *reference, size_t reference_sz) |
1189 | 0 | { |
1190 | 0 | DSA *dsa = NULL; |
1191 | |
|
1192 | 0 | if (ossl_prov_is_running() && reference_sz == sizeof(dsa)) { |
1193 | | /* The contents of the reference is the address to our object */ |
1194 | 0 | dsa = *(DSA **)reference; |
1195 | | /* We grabbed, so we detach it */ |
1196 | 0 | *(DSA **)reference = NULL; |
1197 | 0 | return dsa; |
1198 | 0 | } |
1199 | 0 | return NULL; |
1200 | 0 | } |
1201 | | |
1202 | | static void *dsa_dup(const void *keydata_from, int selection) |
1203 | 0 | { |
1204 | 0 | if (ossl_prov_is_running()) |
1205 | 0 | return ossl_dsa_dup(keydata_from, selection); |
1206 | 0 | return NULL; |
1207 | 0 | } |
1208 | | |
1209 | | const OSSL_DISPATCH ossl_dsa_keymgmt_functions[] = { |
1210 | | { OSSL_FUNC_KEYMGMT_NEW, (void (*)(void))dsa_newdata }, |
1211 | | { OSSL_FUNC_KEYMGMT_GEN_INIT, (void (*)(void))dsa_gen_init }, |
1212 | | { OSSL_FUNC_KEYMGMT_GEN_SET_TEMPLATE, (void (*)(void))dsa_gen_set_template }, |
1213 | | { OSSL_FUNC_KEYMGMT_GEN_SET_PARAMS, (void (*)(void))dsa_gen_set_params }, |
1214 | | { OSSL_FUNC_KEYMGMT_GEN_SETTABLE_PARAMS, |
1215 | | (void (*)(void))dsa_gen_settable_params }, |
1216 | | { OSSL_FUNC_KEYMGMT_GEN_GET_PARAMS, (void (*)(void))dsa_gen_get_params }, |
1217 | | { OSSL_FUNC_KEYMGMT_GEN_GETTABLE_PARAMS, |
1218 | | (void (*)(void))dsa_gen_gettable_params }, |
1219 | | { OSSL_FUNC_KEYMGMT_GEN, (void (*)(void))dsa_gen }, |
1220 | | { OSSL_FUNC_KEYMGMT_GEN_CLEANUP, (void (*)(void))dsa_gen_cleanup }, |
1221 | | { OSSL_FUNC_KEYMGMT_LOAD, (void (*)(void))dsa_load }, |
1222 | | { OSSL_FUNC_KEYMGMT_FREE, (void (*)(void))dsa_freedata }, |
1223 | | { OSSL_FUNC_KEYMGMT_GET_PARAMS, (void (*) (void))dsa_get_params }, |
1224 | | { OSSL_FUNC_KEYMGMT_GETTABLE_PARAMS, (void (*) (void))dsa_gettable_params }, |
1225 | | { OSSL_FUNC_KEYMGMT_HAS, (void (*)(void))dsa_has }, |
1226 | | { OSSL_FUNC_KEYMGMT_MATCH, (void (*)(void))dsa_match }, |
1227 | | { OSSL_FUNC_KEYMGMT_VALIDATE, (void (*)(void))dsa_validate }, |
1228 | | { OSSL_FUNC_KEYMGMT_IMPORT, (void (*)(void))dsa_import }, |
1229 | | { OSSL_FUNC_KEYMGMT_IMPORT_TYPES, (void (*)(void))dsa_import_types }, |
1230 | | { OSSL_FUNC_KEYMGMT_EXPORT, (void (*)(void))dsa_export }, |
1231 | | { OSSL_FUNC_KEYMGMT_EXPORT_TYPES, (void (*)(void))dsa_export_types }, |
1232 | | { OSSL_FUNC_KEYMGMT_DUP, (void (*)(void))dsa_dup }, |
1233 | | OSSL_DISPATCH_END |
1234 | | }; |