3a5600cf349015d978d7479c5317bf87d3bbc1a1
[openssl.git] / crypto / dh / dh_ameth.c
1 /* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
2  * project 2006.
3  */
4 /* ====================================================================
5  * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
6  *
7  * Redistribution and use in source and binary forms, with or without
8  * modification, are permitted provided that the following conditions
9  * are met:
10  *
11  * 1. Redistributions of source code must retain the above copyright
12  *    notice, this list of conditions and the following disclaimer. 
13  *
14  * 2. Redistributions in binary form must reproduce the above copyright
15  *    notice, this list of conditions and the following disclaimer in
16  *    the documentation and/or other materials provided with the
17  *    distribution.
18  *
19  * 3. All advertising materials mentioning features or use of this
20  *    software must display the following acknowledgment:
21  *    "This product includes software developed by the OpenSSL Project
22  *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
23  *
24  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
25  *    endorse or promote products derived from this software without
26  *    prior written permission. For written permission, please contact
27  *    licensing@OpenSSL.org.
28  *
29  * 5. Products derived from this software may not be called "OpenSSL"
30  *    nor may "OpenSSL" appear in their names without prior written
31  *    permission of the OpenSSL Project.
32  *
33  * 6. Redistributions of any form whatsoever must retain the following
34  *    acknowledgment:
35  *    "This product includes software developed by the OpenSSL Project
36  *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
37  *
38  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
39  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
40  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
41  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
42  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
43  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
44  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
45  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
46  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
47  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
48  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
49  * OF THE POSSIBILITY OF SUCH DAMAGE.
50  * ====================================================================
51  *
52  * This product includes cryptographic software written by Eric Young
53  * (eay@cryptsoft.com).  This product includes software written by Tim
54  * Hudson (tjh@cryptsoft.com).
55  *
56  */
57
58 #include <stdio.h>
59 #include "cryptlib.h"
60 #include <openssl/x509.h>
61 #include <openssl/asn1.h>
62 #include <openssl/dh.h>
63 #include "asn1_locl.h"
64
65 static void int_dh_free(EVP_PKEY *pkey)
66         {
67         DH_free(pkey->pkey.dh);
68         }
69
70 static int dh_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey)
71         {
72         const unsigned char *p, *pm;
73         int pklen, pmlen;
74         int ptype;
75         void *pval;
76         ASN1_STRING *pstr;
77         X509_ALGOR *palg;
78         ASN1_INTEGER *public_key = NULL;
79
80         DH *dh = NULL;
81
82         if (!X509_PUBKEY_get0_param(NULL, &p, &pklen, &palg, pubkey))
83                 return 0;
84         X509_ALGOR_get0(NULL, &ptype, &pval, palg);
85
86         if (ptype != V_ASN1_SEQUENCE)
87                 {
88                 DHerr(DH_F_DH_PUB_DECODE, DH_R_PARAMETER_ENCODING_ERROR);
89                 goto err;
90                 }
91
92         pstr = pval;    
93         pm = pstr->data;
94         pmlen = pstr->length;
95
96         if (!(dh = d2i_DHparams(NULL, &pm, pmlen)))
97                 {
98                 DHerr(DH_F_DH_PUB_DECODE, DH_R_DECODE_ERROR);
99                 goto err;
100                 }
101
102         if (!(public_key=d2i_ASN1_INTEGER(NULL, &p, pklen)))
103                 {
104                 DHerr(DH_F_DH_PUB_DECODE, DH_R_DECODE_ERROR);
105                 goto err;
106                 }
107
108         /* We have parameters now set public key */
109         if (!(dh->pub_key = ASN1_INTEGER_to_BN(public_key, NULL)))
110                 {
111                 DHerr(DH_F_DH_PUB_DECODE, DH_R_BN_DECODE_ERROR);
112                 goto err;
113                 }
114
115         ASN1_INTEGER_free(public_key);
116         EVP_PKEY_assign_DH(pkey, dh);
117         return 1;
118
119         err:
120         if (pubkey)
121                 ASN1_INTEGER_free(public_key);
122         if (dh)
123                 DH_free(dh);
124         return 0;
125
126         }
127
128 static int dh_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey)
129         {
130         DH *dh;
131         void *pval = NULL;
132         int ptype;
133         unsigned char *penc = NULL;
134         int penclen;
135         ASN1_STRING *str;
136         ASN1_INTEGER *pub_key = NULL;
137
138         dh=pkey->pkey.dh;
139
140         str = ASN1_STRING_new();
141         str->length = i2d_DHparams(dh, &str->data);
142         if (str->length <= 0)
143                 {
144                 DHerr(DH_F_DH_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
145                 goto err;
146                 }
147         pval = str;
148         ptype = V_ASN1_SEQUENCE;
149
150         pub_key = BN_to_ASN1_INTEGER(dh->pub_key, NULL);
151         if (!pub_key)
152                 goto err;
153
154         penclen = i2d_ASN1_INTEGER(pub_key, &penc);
155
156         ASN1_INTEGER_free(pub_key);
157
158         if (penclen <= 0)
159                 {
160                 DHerr(DH_F_DH_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
161                 goto err;
162                 }
163
164         if (X509_PUBKEY_set0_param(pk, OBJ_nid2obj(EVP_PKEY_DH),
165                                 ptype, pval, penc, penclen))
166                 return 1;
167
168         err:
169         if (penc)
170                 OPENSSL_free(penc);
171         if (pval)
172                 ASN1_STRING_free(pval);
173
174         return 0;
175         }
176
177
178 /* PKCS#8 DH is defined in PKCS#11 of all places. It is similar to DH in
179  * that the AlgorithmIdentifier contains the paramaters, the private key
180  * is explcitly included and the pubkey must be recalculated.
181  */
182         
183 static int dh_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8)
184         {
185         const unsigned char *p, *pm;
186         int pklen, pmlen;
187         int ptype;
188         void *pval;
189         ASN1_STRING *pstr;
190         X509_ALGOR *palg;
191         ASN1_INTEGER *privkey = NULL;
192
193         DH *dh = NULL;
194
195         if (!PKCS8_pkey_get0(NULL, &p, &pklen, &palg, p8))
196                 return 0;
197
198         X509_ALGOR_get0(NULL, &ptype, &pval, palg);
199
200         if (ptype != V_ASN1_SEQUENCE)
201                         goto decerr;
202
203         if (!(privkey=d2i_ASN1_INTEGER(NULL, &p, pklen)))
204                 goto decerr;
205
206
207         pstr = pval;    
208         pm = pstr->data;
209         pmlen = pstr->length;
210         if (!(dh = d2i_DHparams(NULL, &pm, pmlen)))
211                 goto decerr;
212         /* We have parameters now set private key */
213         if (!(dh->priv_key = ASN1_INTEGER_to_BN(privkey, NULL)))
214                 {
215                 DHerr(DH_F_DH_PRIV_DECODE,DH_R_BN_ERROR);
216                 goto dherr;
217                 }
218         /* Calculate public key */
219         if (!DH_generate_key(dh))
220                 goto dherr;
221
222         EVP_PKEY_assign_DH(pkey, dh);
223
224         ASN1_INTEGER_free(privkey);
225
226         return 1;
227
228         decerr:
229         DHerr(DH_F_DH_PRIV_DECODE, EVP_R_DECODE_ERROR);
230         dherr:
231         DH_free(dh);
232         return 0;
233         }
234
235 static int dh_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey)
236 {
237         ASN1_STRING *params = NULL;
238         ASN1_INTEGER *prkey = NULL;
239         unsigned char *dp = NULL;
240         int dplen;
241
242         params = ASN1_STRING_new();
243
244         if (!params)
245                 {
246                 DHerr(DH_F_DH_PRIV_ENCODE,ERR_R_MALLOC_FAILURE);
247                 goto err;
248                 }
249
250         params->length = i2d_DHparams(pkey->pkey.dh, &params->data);
251         if (params->length <= 0)
252                 {
253                 DHerr(DH_F_DH_PRIV_ENCODE,ERR_R_MALLOC_FAILURE);
254                 goto err;
255                 }
256         params->type = V_ASN1_SEQUENCE;
257
258         /* Get private key into integer */
259         prkey = BN_to_ASN1_INTEGER(pkey->pkey.dh->priv_key, NULL);
260
261         if (!prkey)
262                 {
263                 DHerr(DH_F_DSA_PRIV_ENCODE,DH_R_BN_ERROR);
264                 goto err;
265                 }
266
267         dplen = i2d_ASN1_INTEGER(prkey, &dp);
268
269         ASN1_INTEGER_free(prkey);
270
271         if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(NID_dsa), 0,
272                                 V_ASN1_SEQUENCE, params, dp, dplen))
273                 goto err;
274
275         return 1;
276
277 err:
278         if (dp != NULL)
279                 OPENSSL_free(dp);
280         if (params != NULL)
281                 ASN1_STRING_free(params);
282         if (prkey != NULL)
283                 ASN1_INTEGER_free(prkey);
284         return 0;
285 }
286
287
288 static void update_buflen(const BIGNUM *b, size_t *pbuflen)
289         {
290         int i;
291         if (!b)
292                 return;
293         if (*pbuflen < (i = (size_t)BN_num_bytes(b)))
294                         *pbuflen = i;
295         }
296
297 static int dh_param_decode(EVP_PKEY *pkey,
298                                         const unsigned char **pder, int derlen)
299         {
300         DH *dh;
301         if (!(dh = d2i_DHparams(NULL, pder, derlen)))
302                 {
303                 DHerr(DH_F_DH_PARAM_DECODE, ERR_R_DH_LIB);
304                 return 0;
305                 }
306         EVP_PKEY_assign_DH(pkey, dh);
307         return 1;
308         }
309
310 static int dh_param_encode(const EVP_PKEY *pkey, unsigned char **pder)
311         {
312         return i2d_DHparams(pkey->pkey.dh, pder);
313         }
314
315 static int do_dh_print(BIO *bp, const DH *x, int indent,
316                                                 ASN1_PCTX *ctx, int ptype)
317         {
318         unsigned char *m=NULL;
319         int reason=ERR_R_BUF_LIB,ret=0;
320         size_t buf_len=0;
321
322         const char *ktype = NULL;
323
324         BIGNUM *priv_key, *pub_key;
325
326         if (ptype == 2)
327                 priv_key = x->priv_key;
328         else
329                 priv_key = NULL;
330
331         if (ptype > 0)
332                 pub_key = x->pub_key;
333         else
334                 pub_key = NULL;
335
336         update_buflen(x->p, &buf_len);
337
338         if (buf_len == 0)
339                 {
340                 reason = ERR_R_PASSED_NULL_PARAMETER;
341                 goto err;
342                 }
343
344         update_buflen(x->g, &buf_len);
345         update_buflen(pub_key, &buf_len);
346         update_buflen(priv_key, &buf_len);
347
348         if (ptype == 2)
349                 ktype = "PKCS#3 DH Private-Key";
350         else if (ptype == 1)
351                 ktype = "PKCS#3 DH Public-Key";
352         else
353                 ktype = "PKCS#3 DH Parameters";
354
355         m= OPENSSL_malloc(buf_len+10);
356         if (m == NULL)
357                 {
358                 reason=ERR_R_MALLOC_FAILURE;
359                 goto err;
360                 }
361
362         BIO_indent(bp, indent, 128);
363         if (BIO_printf(bp,"%s: (%d bit)\n", ktype, BN_num_bits(x->p)) <= 0)
364                 goto err;
365         indent += 4;
366
367         if (!ASN1_bn_print(bp,"private-key:",priv_key,m,indent)) goto err;
368         if (!ASN1_bn_print(bp,"public-key:",pub_key,m,indent)) goto err;
369
370         if (!ASN1_bn_print(bp,"prime:",x->p,m,indent)) goto err;
371         if (!ASN1_bn_print(bp,"generator:",x->g,m,indent)) goto err;
372         if (x->length != 0)
373                 {
374                 BIO_indent(bp, indent, 128);
375                 if (BIO_printf(bp,"recommended-private-length: %d bits\n",
376                         (int)x->length) <= 0) goto err;
377                 }
378
379
380         ret=1;
381         if (0)
382                 {
383 err:
384                 DHerr(DH_F_DHPARAMS_PRINT,reason);
385                 }
386         if (m != NULL) OPENSSL_free(m);
387         return(ret);
388         }
389
390 static int int_dh_size(const EVP_PKEY *pkey)
391         {
392         return(DH_size(pkey->pkey.dh));
393         }
394
395 static int dh_bits(const EVP_PKEY *pkey)
396         {
397         return BN_num_bits(pkey->pkey.dh->p);
398         }
399
400 static int dh_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from)
401         {
402         BIGNUM *a;
403
404         if ((a=BN_dup(from->pkey.dh->p)) == NULL)
405                 return 0;
406         if (to->pkey.dsa->p != NULL)
407                 BN_free(to->pkey.dh->p);
408         to->pkey.dsa->p=a;
409
410         if ((a=BN_dup(from->pkey.dh->g)) == NULL)
411                 return 0;
412         if (to->pkey.dsa->g != NULL)
413                 BN_free(to->pkey.dh->g);
414         to->pkey.dh->g=a;
415
416         return 1;
417         }
418
419 static int dh_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b)
420         {
421         if (    BN_cmp(a->pkey.dh->p,b->pkey.dsa->p) ||
422                 BN_cmp(a->pkey.dh->g,b->pkey.dsa->g))
423                 return 0;
424         else
425                 return 1;
426         }
427
428 static int dh_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b)
429         {
430         if (dh_cmp_parameters(a, b) == 0)
431                 return 0;
432         if (BN_cmp(b->pkey.dh->pub_key,a->pkey.dh->pub_key) != 0)
433                 return 0;
434         else
435                 return 1;
436         }
437
438 static int dh_param_print(BIO *bp, const EVP_PKEY *pkey, int indent,
439                                                         ASN1_PCTX *ctx)
440         {
441         return do_dh_print(bp, pkey->pkey.dh, indent, ctx, 0);
442         }
443
444 static int dh_public_print(BIO *bp, const EVP_PKEY *pkey, int indent,
445                                                         ASN1_PCTX *ctx)
446         {
447         return do_dh_print(bp, pkey->pkey.dh, indent, ctx, 1);
448         }
449
450 static int dh_private_print(BIO *bp, const EVP_PKEY *pkey, int indent,
451                                                         ASN1_PCTX *ctx)
452         {
453         return do_dh_print(bp, pkey->pkey.dh, indent, ctx, 2);
454         }
455
456 int DHparams_print(BIO *bp, const DH *x)
457         {
458         return do_dh_print(bp, x, 4, NULL, 0);
459         }
460
461 const EVP_PKEY_ASN1_METHOD dh_asn1_meth = 
462         {
463         EVP_PKEY_DH,
464         EVP_PKEY_DH,
465         0,
466
467         "DH",
468         "OpenSSL PKCS#3 DH method",
469
470         dh_pub_decode,
471         dh_pub_encode,
472         dh_pub_cmp,
473         dh_public_print,
474
475         dh_priv_decode,
476         dh_priv_encode,
477         dh_private_print,
478
479         int_dh_size,
480         dh_bits,
481
482         dh_param_decode,
483         dh_param_encode,
484         0,
485         dh_copy_parameters,
486         dh_cmp_parameters,
487         dh_param_print,
488
489         int_dh_free,
490         0
491         };
492