From: Dr. Stephen Henson Date: Wed, 12 Apr 2006 17:14:48 +0000 (+0000) Subject: Extend DH ASN1 method to support public key encode/decode and parameter X-Git-Tag: OpenSSL_0_9_8k^2~1400 X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff_plain;h=ceb46789563c251cc8e682e1a95cb180fdd50cb0 Extend DH ASN1 method to support public key encode/decode and parameter utilities. --- diff --git a/crypto/dh/dh.h b/crypto/dh/dh.h index 48b6283704..ef918b63cf 100644 --- a/crypto/dh/dh.h +++ b/crypto/dh/dh.h @@ -216,13 +216,18 @@ void ERR_load_DH_strings(void); #define DH_F_DH_BUILTIN_GENPARAMS 106 #define DH_F_DH_NEW_METHOD 105 #define DH_F_DH_PARAM_DECODE 107 +#define DH_F_DH_PUB_DECODE 108 +#define DH_F_DH_PUB_ENCODE 109 #define DH_F_GENERATE_KEY 103 #define DH_F_GENERATE_PARAMETERS 104 /* Reason codes. */ #define DH_R_BAD_GENERATOR 101 +#define DH_R_BN_DECODE_ERROR 103 +#define DH_R_DECODE_ERROR 104 #define DH_R_INVALID_PUBKEY 102 #define DH_R_NO_PRIVATE_VALUE 100 +#define DH_R_PARAMETER_ENCODING_ERROR 105 #ifdef __cplusplus } diff --git a/crypto/dh/dh_ameth.c b/crypto/dh/dh_ameth.c index 03b40d0e5c..ba22f34d40 100644 --- a/crypto/dh/dh_ameth.c +++ b/crypto/dh/dh_ameth.c @@ -67,6 +67,122 @@ static void int_dh_free(EVP_PKEY *pkey) DH_free(pkey->pkey.dh); } +static int dh_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey) + { + const unsigned char *p, *pm; + int pklen, pmlen; + int ptype; + void *pval; + ASN1_STRING *pstr; + X509_ALGOR *palg; + ASN1_INTEGER *public_key = NULL; + + DH *dh = NULL; + + if (!X509_PUBKEY_get0_param(NULL, &p, &pklen, &palg, pubkey)) + return 0; + X509_ALGOR_get0(NULL, &ptype, &pval, palg); + + if (ptype != V_ASN1_SEQUENCE) + { + DHerr(DH_F_DH_PUB_DECODE, DH_R_PARAMETER_ENCODING_ERROR); + goto err; + } + + pstr = pval; + pm = pstr->data; + pmlen = pstr->length; + + if (!(dh = d2i_DHparams(NULL, &pm, pmlen))) + { + DHerr(DH_F_DH_PUB_DECODE, DH_R_DECODE_ERROR); + goto err; + } + + if (!(public_key=d2i_ASN1_INTEGER(NULL, &p, pklen))) + { + DHerr(DH_F_DH_PUB_DECODE, DH_R_DECODE_ERROR); + goto err; + } + + /* We have parameters now set public key */ + if (!(dh->pub_key = ASN1_INTEGER_to_BN(public_key, NULL))) + { + DHerr(DH_F_DH_PUB_DECODE, DH_R_BN_DECODE_ERROR); + goto err; + } + + ASN1_INTEGER_free(public_key); + EVP_PKEY_assign_DH(pkey, dh); + return 1; + + err: + if (pubkey) + ASN1_INTEGER_free(public_key); + if (dh) + DH_free(dh); + return 0; + + } + +static int dh_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey) + { + DH *dh; + void *pval = NULL; + int ptype; + unsigned char *penc = NULL; + int penclen; + ASN1_STRING *str; + ASN1_INTEGER *pub_key = NULL; + + dh=pkey->pkey.dh; + + str = ASN1_STRING_new(); + str->length = i2d_DHparams(dh, &str->data); + if (str->length <= 0) + { + DHerr(DH_F_DH_PUB_ENCODE, ERR_R_MALLOC_FAILURE); + goto err; + } + pval = str; + ptype = V_ASN1_SEQUENCE; + + pub_key = BN_to_ASN1_INTEGER(dh->pub_key, NULL); + if (!pub_key) + goto err; + + penclen = i2d_ASN1_INTEGER(pub_key, &penc); + + ASN1_INTEGER_free(pub_key); + + if (penclen <= 0) + { + DHerr(DH_F_DH_PUB_ENCODE, ERR_R_MALLOC_FAILURE); + goto err; + } + + if (X509_PUBKEY_set0_param(pk, OBJ_nid2obj(EVP_PKEY_DH), + ptype, pval, penc, penclen)) + return 1; + + err: + if (penc) + OPENSSL_free(penc); + if (pval) + ASN1_STRING_free(pval); + + return 0; + } + +static void update_buflen(const BIGNUM *b, size_t *pbuflen) + { + int i; + if (!b) + return; + if (*pbuflen < (i = (size_t)BN_num_bytes(b))) + *pbuflen = i; + } + static int dh_param_decode(EVP_PKEY *pkey, const unsigned char **pder, int derlen) { @@ -85,24 +201,47 @@ static int dh_param_encode(const EVP_PKEY *pkey, unsigned char **pder) return i2d_DHparams(pkey->pkey.dh, pder); } -static int do_dhparam_print(BIO *bp, const DH *x, int indent, - ASN1_PCTX *ctx) +static int do_dh_print(BIO *bp, const DH *x, int indent, + ASN1_PCTX *ctx, int ptype) { unsigned char *m=NULL; int reason=ERR_R_BUF_LIB,ret=0; - size_t buf_len=0, i; + size_t buf_len=0; + + const char *ktype = NULL; + + BIGNUM *priv_key, *pub_key; - if (x->p) - buf_len = (size_t)BN_num_bytes(x->p); + if (ptype == 2) + priv_key = x->priv_key; else + priv_key = NULL; + + if (ptype > 0) + pub_key = x->pub_key; + else + pub_key = NULL; + + update_buflen(x->p, &buf_len); + + if (buf_len == 0) { reason = ERR_R_PASSED_NULL_PARAMETER; goto err; } - if (x->g) - if (buf_len < (i = (size_t)BN_num_bytes(x->g))) - buf_len = i; - m=(unsigned char *)OPENSSL_malloc(buf_len+10); + + update_buflen(x->g, &buf_len); + update_buflen(pub_key, &buf_len); + update_buflen(priv_key, &buf_len); + + if (ptype == 2) + ktype = "PKCS#3 DH Private-Key"; + else if (ptype == 1) + ktype = "PKCS#3 DH Public-Key"; + else + ktype = "PKCS#3 DH Parameters"; + + m= OPENSSL_malloc(buf_len+10); if (m == NULL) { reason=ERR_R_MALLOC_FAILURE; @@ -110,10 +249,13 @@ static int do_dhparam_print(BIO *bp, const DH *x, int indent, } BIO_indent(bp, indent, 128); - if (BIO_printf(bp,"Diffie-Hellman-Parameters: (%d bit)\n", - BN_num_bits(x->p)) <= 0) + if (BIO_printf(bp,"%s: (%d bit)\n", ktype, BN_num_bits(x->p)) <= 0) goto err; indent += 4; + + if (!ASN1_bn_print(bp,"private-key:",priv_key,m,indent)) goto err; + if (!ASN1_bn_print(bp,"public-key:",pub_key,m,indent)) goto err; + if (!ASN1_bn_print(bp,"prime:",x->p,m,indent)) goto err; if (!ASN1_bn_print(bp,"generator:",x->g,m,indent)) goto err; if (x->length != 0) @@ -122,6 +264,8 @@ static int do_dhparam_print(BIO *bp, const DH *x, int indent, if (BIO_printf(bp,"recommended-private-length: %d bits\n", (int)x->length) <= 0) goto err; } + + ret=1; if (0) { @@ -132,15 +276,75 @@ err: return(ret); } +static int int_dh_size(const EVP_PKEY *pkey) + { + return(DH_size(pkey->pkey.dh)); + } + +static int dh_bits(const EVP_PKEY *pkey) + { + return BN_num_bits(pkey->pkey.dh->p); + } + +static int dh_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from) + { + BIGNUM *a; + + if ((a=BN_dup(from->pkey.dh->p)) == NULL) + return 0; + if (to->pkey.dsa->p != NULL) + BN_free(to->pkey.dh->p); + to->pkey.dsa->p=a; + + if ((a=BN_dup(from->pkey.dh->g)) == NULL) + return 0; + if (to->pkey.dsa->g != NULL) + BN_free(to->pkey.dh->g); + to->pkey.dh->g=a; + + return 1; + } + +static int dh_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b) + { + if ( BN_cmp(a->pkey.dh->p,b->pkey.dsa->p) || + BN_cmp(a->pkey.dh->g,b->pkey.dsa->g)) + return 0; + else + return 1; + } + +static int dh_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b) + { + if (dh_cmp_parameters(a, b) == 0) + return 0; + if (BN_cmp(b->pkey.dh->pub_key,a->pkey.dh->pub_key) != 0) + return 0; + else + return 1; + } + static int dh_param_print(BIO *bp, const EVP_PKEY *pkey, int indent, ASN1_PCTX *ctx) { - return do_dhparam_print(bp, pkey->pkey.dh, indent, ctx); + return do_dh_print(bp, pkey->pkey.dh, indent, ctx, 0); + } + +static int dh_public_print(BIO *bp, const EVP_PKEY *pkey, int indent, + ASN1_PCTX *ctx) + { + return do_dh_print(bp, pkey->pkey.dh, indent, ctx, 1); + } + +static int dh_private_print(BIO *bp, const EVP_PKEY *pkey, int indent, + ASN1_PCTX *ctx) + { + return do_dh_print(bp, pkey->pkey.dh, indent, ctx, 2); } int DHparams_print(BIO *bp, const DH *x) { - return do_dhparam_print(bp, x, 4, NULL); + return do_dh_print(bp, x, 4, NULL, 0); } const EVP_PKEY_ASN1_METHOD dh_asn1_meth = @@ -152,21 +356,23 @@ const EVP_PKEY_ASN1_METHOD dh_asn1_meth = "DH", "OpenSSL PKCS#3 DH method", - 0, - 0, - 0, - 0, + dh_pub_decode, + dh_pub_encode, + dh_pub_cmp, + dh_public_print, 0, 0, - 0, + dh_private_print, - 0, - 0, + int_dh_size, + dh_bits, dh_param_decode, dh_param_encode, - 0,0,0, + 0, + dh_copy_parameters, + dh_cmp_parameters, dh_param_print, int_dh_free, diff --git a/crypto/dh/dh_err.c b/crypto/dh/dh_err.c index 4e4deb6d13..2a44f1cc11 100644 --- a/crypto/dh/dh_err.c +++ b/crypto/dh/dh_err.c @@ -76,6 +76,8 @@ static ERR_STRING_DATA DH_str_functs[]= {ERR_FUNC(DH_F_DH_BUILTIN_GENPARAMS), "DH_BUILTIN_GENPARAMS"}, {ERR_FUNC(DH_F_DH_NEW_METHOD), "DH_new_method"}, {ERR_FUNC(DH_F_DH_PARAM_DECODE), "DH_PARAM_DECODE"}, +{ERR_FUNC(DH_F_DH_PUB_DECODE), "DH_PUB_DECODE"}, +{ERR_FUNC(DH_F_DH_PUB_ENCODE), "DH_PUB_ENCODE"}, {ERR_FUNC(DH_F_GENERATE_KEY), "GENERATE_KEY"}, {ERR_FUNC(DH_F_GENERATE_PARAMETERS), "GENERATE_PARAMETERS"}, {0,NULL} @@ -84,8 +86,11 @@ static ERR_STRING_DATA DH_str_functs[]= static ERR_STRING_DATA DH_str_reasons[]= { {ERR_REASON(DH_R_BAD_GENERATOR) ,"bad generator"}, +{ERR_REASON(DH_R_BN_DECODE_ERROR) ,"bn decode error"}, +{ERR_REASON(DH_R_DECODE_ERROR) ,"decode error"}, {ERR_REASON(DH_R_INVALID_PUBKEY) ,"invalid public key"}, {ERR_REASON(DH_R_NO_PRIVATE_VALUE) ,"no private value"}, +{ERR_REASON(DH_R_PARAMETER_ENCODING_ERROR),"parameter encoding error"}, {0,NULL} };