diff options
| author | Shane Lontis <shane.lontis@oracle.com> | 2020-04-15 21:02:52 +1000 |
|---|---|---|
| committer | Shane Lontis <shane.lontis@oracle.com> | 2020-04-15 21:02:52 +1000 |
| commit | b03ec3b5d62ee26bf8437556b9040d4141d5bdd8 (patch) | |
| tree | 1f27a892757c24efab70d2fb8f93110f71c0fbb3 /providers/implementations | |
| parent | 09b3654096ed344edd78cf156cb3ddcdbced6f9a (diff) | |
Add DSA keygen to provider
Moved some shared FFC code into the FFC files.
Added extra paramgen parameters for seed, gindex.
Fixed bug in ossl_prov util to print bignums.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11303)
Diffstat (limited to 'providers/implementations')
7 files changed, 421 insertions, 116 deletions
diff --git a/providers/implementations/keymgmt/dh_kmgmt.c b/providers/implementations/keymgmt/dh_kmgmt.c index 6514d8f066..250e7aac95 100644 --- a/providers/implementations/keymgmt/dh_kmgmt.c +++ b/providers/implementations/keymgmt/dh_kmgmt.c @@ -18,11 +18,11 @@ #include <openssl/bn.h> #include <openssl/dh.h> #include <openssl/params.h> +#include <openssl/param_build.h> #include "prov/implementations.h" #include "prov/providercommon.h" #include "prov/provider_ctx.h" #include "crypto/dh.h" -#include "openssl/param_build.h" static OSSL_OP_keymgmt_new_fn dh_newdata; static OSSL_OP_keymgmt_free_fn dh_freedata; @@ -137,7 +137,7 @@ static int dh_import(void *keydata, int selection, const OSSL_PARAM params[]) ok = 1; if ((selection & OSSL_KEYMGMT_SELECT_ALL_PARAMETERS) != 0) - ok = ok && ffc_fromdata(dh_get0_params(dh), params); + ok = ok && ffc_params_fromdata(dh_get0_params(dh), params); if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) ok = ok && dh_key_fromdata(dh, params); @@ -148,7 +148,7 @@ static int dh_export(void *keydata, int selection, OSSL_CALLBACK *param_cb, void *cbarg) { DH *dh = keydata; - OSSL_PARAM_BLD *tmpl; + OSSL_PARAM_BLD *tmpl = NULL; OSSL_PARAM *params = NULL; int ok = 1; @@ -166,13 +166,13 @@ static int dh_export(void *keydata, int selection, OSSL_CALLBACK *param_cb, if (!ok || (params = OSSL_PARAM_BLD_to_param(tmpl)) == NULL) { - OSSL_PARAM_BLD_free(tmpl); - return 0; + ok = 0; + goto err; } - OSSL_PARAM_BLD_free(tmpl); - ok = param_cb(params, cbarg); OSSL_PARAM_BLD_free_params(params); +err: + OSSL_PARAM_BLD_free(tmpl); return ok; } diff --git a/providers/implementations/keymgmt/dsa_kmgmt.c b/providers/implementations/keymgmt/dsa_kmgmt.c index 78edcaa9d4..1261035296 100644 --- a/providers/implementations/keymgmt/dsa_kmgmt.c +++ b/providers/implementations/keymgmt/dsa_kmgmt.c @@ -13,18 +13,27 @@ */ #include "internal/deprecated.h" +#include "e_os.h" /* strcasecmp */ #include <openssl/core_numbers.h> #include <openssl/core_names.h> #include <openssl/bn.h> -#include <openssl/params.h> -#include "prov/implementations.h" +#include <openssl/err.h> #include "prov/providercommon.h" +#include "prov/implementations.h" #include "prov/provider_ctx.h" #include "crypto/dsa.h" -#include "openssl/param_build.h" +#include "internal/sizes.h" +#include "internal/nelem.h" +#include "internal/param_build_set.h" static OSSL_OP_keymgmt_new_fn dsa_newdata; static OSSL_OP_keymgmt_free_fn dsa_freedata; +static OSSL_OP_keymgmt_gen_init_fn dsa_gen_init; +static OSSL_OP_keymgmt_gen_set_template_fn dsa_gen_set_template; +static OSSL_OP_keymgmt_gen_set_params_fn dsa_gen_set_params; +static OSSL_OP_keymgmt_gen_settable_params_fn dsa_gen_settable_params; +static OSSL_OP_keymgmt_gen_fn dsa_gen; +static OSSL_OP_keymgmt_gen_cleanup_fn dsa_gen_cleanup; static OSSL_OP_keymgmt_get_params_fn dsa_get_params; static OSSL_OP_keymgmt_gettable_params_fn dsa_gettable_params; static OSSL_OP_keymgmt_has_fn dsa_has; @@ -36,45 +45,63 @@ static OSSL_OP_keymgmt_export_fn dsa_export; static OSSL_OP_keymgmt_export_types_fn dsa_export_types; #define DSA_DEFAULT_MD "SHA256" -#define DSA_POSSIBLE_SELECTIONS \ +#define DSA_POSSIBLE_SELECTIONS \ (OSSL_KEYMGMT_SELECT_KEYPAIR | OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) -static int domparams_to_params(DSA *dsa, OSSL_PARAM_BLD *tmpl) -{ - const BIGNUM *dsa_p = NULL, *dsa_q = NULL, *dsa_g = NULL; +struct dsa_gen_ctx { + OPENSSL_CTX *libctx; + + FFC_PARAMS *ffc_params; + int selection; + /* All these parameters are used for parameter generation only */ + size_t pbits; + size_t qbits; + EVP_MD *md; + unsigned char *seed; /* optional FIPS186-4 param for testing */ + size_t seedlen; + int gindex; /* optional FIPS186-4 generator index (ignored if -1) */ + int gen_type; /* DSA_PARAMGEN_TYPE_FIPS_186_2 or DSA_PARAMGEN_TYPE_FIPS_186_4 */ + int pcounter; + int hindex; + OSSL_CALLBACK *cb; + void *cbarg; +}; +typedef struct dh_name2id_st{ + const char *name; + int id; +} DSA_GENTYPE_NAME2ID; - if (dsa == NULL) - return 0; +static const DSA_GENTYPE_NAME2ID dsatype2id[]= +{ + { "default", DSA_PARAMGEN_TYPE_FIPS_186_4 }, + { "fips186_4", DSA_PARAMGEN_TYPE_FIPS_186_4 }, + { "fips186_2", DSA_PARAMGEN_TYPE_FIPS_186_2 }, +}; - DSA_get0_pqg(dsa, &dsa_p, &dsa_q, &dsa_g); - if (dsa_p != NULL - && !OSSL_PARAM_BLD_push_BN(tmpl, OSSL_PKEY_PARAM_FFC_P, dsa_p)) - return 0; - if (dsa_q != NULL - && !OSSL_PARAM_BLD_push_BN(tmpl, OSSL_PKEY_PARAM_FFC_Q, dsa_q)) - return 0; - if (dsa_g != NULL - && !OSSL_PARAM_BLD_push_BN(tmpl, OSSL_PKEY_PARAM_FFC_G, dsa_g)) - return 0; +static int dsa_gen_type_name2id(const char *name) +{ + size_t i; - return 1; + for (i = 0; i < OSSL_NELEM(dsatype2id); ++i) { + if (strcasecmp(dsatype2id[i].name, name) == 0) + return dsatype2id[i].id; + } + return -1; } -static int key_to_params(DSA *dsa, OSSL_PARAM_BLD *tmpl) +static int dsa_key_todata(DSA *dsa, OSSL_PARAM_BLD *bld, OSSL_PARAM params[]) { - const BIGNUM *priv_key = NULL, *pub_key = NULL; + const BIGNUM *priv = NULL, *pub = NULL; if (dsa == NULL) return 0; - if (!domparams_to_params(dsa, tmpl)) - return 0; - DSA_get0_key(dsa, &pub_key, &priv_key); - if (priv_key != NULL - && !OSSL_PARAM_BLD_push_BN(tmpl, OSSL_PKEY_PARAM_PRIV_KEY, priv_key)) + DSA_get0_key(dsa, &pub, &priv); + if (priv != NULL + && !ossl_param_build_set_bn(bld, params, OSSL_PKEY_PARAM_PRIV_KEY, priv)) return 0; - if (pub_key != NULL - && !OSSL_PARAM_BLD_push_BN(tmpl, OSSL_PKEY_PARAM_PUB_KEY, pub_key)) + if (pub != NULL + && !ossl_param_build_set_bn(bld, params, OSSL_PKEY_PARAM_PUB_KEY, pub)) return 0; return 1; @@ -133,16 +160,16 @@ static int dsa_match(const void *keydata1, const void *keydata2, int selection) static int dsa_import(void *keydata, int selection, const OSSL_PARAM params[]) { DSA *dsa = keydata; - int ok = 0; + int ok = 1; if (dsa == NULL) return 0; - if ((selection & DSA_POSSIBLE_SELECTIONS) != 0) - ok = 1; + if ((selection & DSA_POSSIBLE_SELECTIONS) == 0) + return 0; if ((selection & OSSL_KEYMGMT_SELECT_ALL_PARAMETERS) != 0) - ok = ok && ffc_fromdata(dsa_get0_params(dsa), params); + ok = ok && dsa_ffc_params_fromdata(dsa, params); if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) ok = ok && dsa_key_fromdata(dsa, params); @@ -158,12 +185,12 @@ static int dsa_export(void *keydata, int selection, OSSL_CALLBACK *param_cb, int ok = 1; if (dsa == NULL) - goto err;; + goto err; if ((selection & OSSL_KEYMGMT_SELECT_ALL_PARAMETERS) != 0) - ok = ok && domparams_to_params(dsa, tmpl); + ok = ok && ffc_params_todata(dsa_get0_params(dsa), tmpl, NULL); if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) - ok = ok && key_to_params(dsa, tmpl); + ok = ok && dsa_key_todata(dsa, tmpl, NULL); if (!ok || (params = OSSL_PARAM_BLD_to_param(tmpl)) == NULL) @@ -178,10 +205,16 @@ err: /* IMEXPORT = IMPORT + EXPORT */ -# define DSA_IMEXPORTABLE_PARAMETERS \ - OSSL_PARAM_BN(OSSL_PKEY_PARAM_FFC_P, NULL, 0), \ - OSSL_PARAM_BN(OSSL_PKEY_PARAM_FFC_Q, NULL, 0), \ - OSSL_PARAM_BN(OSSL_PKEY_PARAM_FFC_G, NULL, 0) +# define DSA_IMEXPORTABLE_PARAMETERS \ + OSSL_PARAM_BN(OSSL_PKEY_PARAM_FFC_P, NULL, 0), \ + OSSL_PARAM_BN(OSSL_PKEY_PARAM_FFC_Q, NULL, 0), \ + OSSL_PARAM_BN(OSSL_PKEY_PARAM_FFC_G, NULL, 0), \ + OSSL_PARAM_BN(OSSL_PKEY_PARAM_FFC_COFACTOR, NULL, 0), \ + OSSL_PARAM_int(OSSL_PKEY_PARAM_FFC_GINDEX, NULL), \ + OSSL_PARAM_int(OSSL_PKEY_PARAM_FFC_PCOUNTER, NULL), \ + OSSL_PARAM_int(OSSL_PKEY_PARAM_FFC_H, NULL), \ + OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_FFC_GROUP, NULL, 0), \ + OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_FFC_SEED, NULL, 0) # define DSA_IMEXPORTABLE_PUBLIC_KEY \ OSSL_PARAM_BN(OSSL_PKEY_PARAM_PUB_KEY, NULL, 0) # define DSA_IMEXPORTABLE_PRIVATE_KEY \ @@ -246,7 +279,8 @@ static ossl_inline int dsa_get_params(void *key, OSSL_PARAM params[]) if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_DEFAULT_DIGEST)) != NULL && !OSSL_PARAM_set_utf8_string(p, DSA_DEFAULT_MD)) return 0; - return 1; + return ffc_params_todata(dsa_get0_params(dsa), NULL, params) + && dsa_key_todata(dsa, NULL, params); } static const OSSL_PARAM dsa_params[] = { @@ -254,6 +288,9 @@ static const OSSL_PARAM dsa_params[] = { OSSL_PARAM_int(OSSL_PKEY_PARAM_SECURITY_BITS, NULL), OSSL_PARAM_int(OSSL_PKEY_PARAM_MAX_SIZE, NULL), OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_DEFAULT_DIGEST, NULL, 0), + DSA_IMEXPORTABLE_PARAMETERS, + DSA_IMEXPORTABLE_PUBLIC_KEY, + DSA_IMEXPORTABLE_PRIVATE_KEY, OSSL_PARAM_END }; @@ -311,8 +348,224 @@ static int dsa_validate(void *keydata, int selection) return ok; } +static void *dsa_gen_init(void *provctx, int selection) +{ + OPENSSL_CTX *libctx = PROV_LIBRARY_CONTEXT_OF(provctx); + struct dsa_gen_ctx *gctx = NULL; + + if ((selection & DSA_POSSIBLE_SELECTIONS) == 0) + return NULL; + + if ((gctx = OPENSSL_zalloc(sizeof(*gctx))) != NULL) { + gctx->selection = selection; + gctx->libctx = libctx; + gctx->pbits = 2048; + gctx->qbits = 224; + gctx->md = NULL; + gctx->gen_type = DSA_PARAMGEN_TYPE_FIPS_186_4; + gctx->gindex = -1; + gctx->pcounter = -1; + gctx->hindex = 0; + } + return gctx; +} + +static int dsa_gen_set_template(void *genctx, void *templ) +{ + struct dsa_gen_ctx *gctx = genctx; + DSA *dsa = templ; + + if (gctx == NULL || dsa == NULL) + return 0; + gctx->ffc_params = dsa_get0_params(dsa); + return 1; +} + +static int dsa_set_gen_seed(struct dsa_gen_ctx *gctx, unsigned char *seed, + size_t seedlen) +{ + OPENSSL_clear_free(gctx->seed, gctx->seedlen); + gctx->seed = NULL; + gctx->seedlen = 0; + if (seed != NULL && seedlen > 0) { + gctx->seed = OPENSSL_memdup(seed, seedlen); + if (gctx->seed == NULL) + return 0; + gctx->seedlen = seedlen; + } + return 1; +} + +static int dsa_gen_set_params(void *genctx, const OSSL_PARAM params[]) +{ + struct dsa_gen_ctx *gctx = genctx; + const OSSL_PARAM *p; + + if (gctx == NULL) + return 0; + + p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_TYPE); + if (p != NULL) { + if (p->data_type != OSSL_PARAM_UTF8_STRING + || ((gctx->gen_type = dsa_gen_type_name2id(p->data)) == -1)) { + ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_INVALID_ARGUMENT); + return 0; + } + } + p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_GINDEX); + if (p != NULL + && !OSSL_PARAM_get_int(p, &gctx->gindex)) + return 0; + p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_PCOUNTER); + if (p != NULL + && !OSSL_PARAM_get_int(p, &gctx->pcounter)) + return 0; + p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_H); + if (p != NULL + && !OSSL_PARAM_get_int(p, &gctx->hindex)) + return 0; + p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_SEED); + if (p != NULL + && (p->data_type != OSSL_PARAM_OCTET_STRING + || !dsa_set_gen_seed(gctx, p->data, p->data_size))) + return 0; + if ((p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_PBITS)) != NULL + && !OSSL_PARAM_get_size_t(p, &gctx->pbits)) + return 0; + if ((p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_QBITS)) != NULL + && !OSSL_PARAM_get_size_t(p, &gctx->qbits)) + return 0; + p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_DIGEST); + if (p != NULL) { + const OSSL_PARAM *p1; + char mdprops[OSSL_MAX_PROPQUERY_SIZE] = { '\0' }; + char *str = mdprops; + + if (p->data_type != OSSL_PARAM_UTF8_STRING) + return 0; + p1 = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_DIGEST_PROPS); + if (p1 != NULL) { + if (!OSSL_PARAM_get_utf8_string(p1, &str, sizeof(mdprops))) + return 0; + } + EVP_MD_free(gctx->md); + gctx->md = EVP_MD_fetch(gctx->libctx, p->data, mdprops); + if (gctx->md == NULL) + return 0; + } + return 1; +} + +static const OSSL_PARAM *dsa_gen_settable_params(void *provctx) +{ + static OSSL_PARAM settable[] = { + OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_FFC_TYPE, NULL, 0), + OSSL_PARAM_size_t(OSSL_PKEY_PARAM_FFC_PBITS, NULL), + OSSL_PARAM_size_t(OSSL_PKEY_PARAM_FFC_QBITS, NULL), + OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_FFC_DIGEST, NULL, 0), + OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_FFC_DIGEST_PROPS, NULL, 0), + OSSL_PARAM_int(OSSL_PKEY_PARAM_FFC_GINDEX, NULL), + OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_FFC_SEED, NULL, 0), + OSSL_PARAM_int(OSSL_PKEY_PARAM_FFC_PCOUNTER, NULL), + OSSL_PARAM_int(OSSL_PKEY_PARAM_FFC_H, NULL), + OSSL_PARAM_END + }; + return settable; +} + +static int dsa_gencb(int p, int n, BN_GENCB *cb) +{ + struct dsa_gen_ctx *gctx = BN_GENCB_get_arg(cb); + OSSL_PARAM params[] = { OSSL_PARAM_END, OSSL_PARAM_END, OSSL_PARAM_END }; + + params[0] = OSSL_PARAM_construct_int(OSSL_GEN_PARAM_POTENTIAL, &p); + params[1] = OSSL_PARAM_construct_int(OSSL_GEN_PARAM_ITERATION, &n); + + return gctx->cb(params, gctx->cbarg); +} + +static void *dsa_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg) +{ + struct dsa_gen_ctx *gctx = genctx; + DSA *dsa = NULL; + BN_GENCB *gencb = NULL; + int ret = 0; + FFC_PARAMS *ffc; + + if (gctx == NULL) + return NULL; + dsa = dsa_new_with_ctx(gctx->libctx); + if (dsa == NULL) + return NULL; + + gctx->cb = osslcb; + gctx->cbarg = cbarg; + gencb = BN_GENCB_new(); + if (gencb != NULL) + BN_GENCB_set(gencb, dsa_gencb, genctx); + + ffc = dsa_get0_params(dsa); + /* Copy the template value if one was passed */ + if (gctx->ffc_params != NULL + && !ffc_params_copy(ffc, gctx->ffc_params)) + goto end; + + if (gctx->seed != NULL + && !ffc_params_set_seed(ffc, gctx->seed, gctx->seedlen)) + goto end; + if (gctx->gindex != -1) { + ffc_params_set_gindex(ffc, gctx->gindex); + if (gctx->pcounter != -1) + ffc_params_set_pcounter(ffc, gctx->pcounter); + } else if (gctx->hindex != 0) { + ffc_params_set_h(ffc, gctx->hindex); + } + if ((gctx->selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) != 0) { + + if (dsa_generate_ffc_parameters(dsa, gctx->gen_type, + gctx->pbits, gctx->qbits, gctx->md, + gencb) <= 0) + goto end; + } + if ((gctx->selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) { + if (ffc->p == NULL + || ffc->q == NULL + || ffc->g == NULL) + goto end; + if (DSA_generate_key(dsa) <= 0) + goto end; + } + ret = 1; +end: + if (ret <= 0) { + DSA_free(dsa); + dsa = NULL; + } + BN_GENCB_free(gencb); + return dsa; +} + +static void dsa_gen_cleanup(void *genctx) +{ + struct dsa_gen_ctx *gctx = genctx; + + if (gctx == NULL) + return; + + OPENSSL_clear_free(gctx->seed, gctx->seedlen); + EVP_MD_free(gctx->md); + OPENSSL_free(gctx); +} + const OSSL_DISPATCH dsa_keymgmt_functions[] = { { OSSL_FUNC_KEYMGMT_NEW, (void (*)(void))dsa_newdata }, + { OSSL_FUNC_KEYMGMT_GEN_INIT, (void (*)(void))dsa_gen_init }, + { OSSL_FUNC_KEYMGMT_GEN_SET_TEMPLATE, (void (*)(void))dsa_gen_set_template }, + { OSSL_FUNC_KEYMGMT_GEN_SET_PARAMS, (void (*)(void))dsa_gen_set_params }, + { OSSL_FUNC_KEYMGMT_GEN_SETTABLE_PARAMS, + (void (*)(void))dsa_gen_settable_params }, + { OSSL_FUNC_KEYMGMT_GEN, (void (*)(void))dsa_gen }, + { OSSL_FUNC_KEYMGMT_GEN_CLEANUP, (void (*)(void))dsa_gen_cleanup }, { OSSL_FUNC_KEYMGMT_FREE, (void (*)(void))dsa_freedata }, { OSSL_FUNC_KEYMGMT_GET_PARAMS, (void (*) (void))dsa_get_params }, { OSSL_FUNC_KEYMGMT_GETTABLE_PARAMS, (void (*) (void))dsa_gettable_params }, diff --git a/providers/implementations/serializers/build.info b/providers/implementations/serializers/build.info index 66502c76aa..097bdcac1c 100644 --- a/providers/implementations/serializers/build.info +++ b/providers/implementations/serializers/build.info @@ -3,6 +3,7 @@ $SERIALIZER_GOAL=../../libimplementations.a $RSA_GOAL=../../libimplementations.a +$FFC_GOAL=../../libimplementations.a $DH_GOAL=../../libimplementations.a $DSA_GOAL=../../libimplementations.a $ECX_GOAL=../../libimplementations.a @@ -10,6 +11,9 @@ $EC_GOAL=../../libimplementations.a SOURCE[$SERIALIZER_GOAL]=serializer_common.c SOURCE[$RSA_GOAL]=serializer_rsa.c serializer_rsa_priv.c serializer_rsa_pub.c +IF[{- !$disabled{"dh"} || !$disabled{"dsa"} -}] + SOURCE[$FFC_GOAL]=serializer_ffc_params.c +ENDIF IF[{- !$disabled{dh} -}] SOURCE[$DH_GOAL]=serializer_dh.c serializer_dh_priv.c serializer_dh_pub.c serializer_dh_param.c ENDIF diff --git a/providers/implementations/serializers/serializer_common.c b/providers/implementations/serializers/serializer_common.c index 7c6b5afe18..2dbbe6b37c 100644 --- a/providers/implementations/serializers/serializer_common.c +++ b/providers/implementations/serializers/serializer_common.c @@ -14,6 +14,7 @@ #include <openssl/types.h> #include <openssl/x509.h> /* i2d_X509_PUBKEY_bio() */ #include "crypto/bn.h" /* bn_get_words() */ +#include "crypto/ctype.h" #include "crypto/ecx.h" #include "prov/bio.h" /* ossl_prov_bio_printf() */ #include "prov/implementations.h" @@ -161,11 +162,13 @@ OSSL_OP_keymgmt_import_fn *ossl_prov_get_keymgmt_import(const OSSL_DISPATCH *fns int ossl_prov_print_labeled_bignum(BIO *out, const char *label, const BIGNUM *bn) { - const char *neg; + int ret = 0, use_sep = 0; + char *hex_str = NULL, *p; + const char spaces[] = " "; const char *post_label_spc = " "; + + const char *neg = ""; int bytes; - BN_ULONG *words; - int n, i; if (bn == NULL) return 0; @@ -174,74 +177,63 @@ int ossl_prov_print_labeled_bignum(BIO *out, const char *label, post_label_spc = ""; } - bytes = BN_num_bytes(bn); - words = bn_get_words(bn); - neg = BN_is_negative(bn) ? "-" : ""; - if (BN_is_zero(bn)) return ossl_prov_bio_printf(out, "%s%s0\n", label, post_label_spc); - if (BN_num_bytes(bn) <= BN_BYTES) + if (BN_num_bytes(bn) <= BN_BYTES) { + BN_ULONG *words = bn_get_words(bn); + + if (BN_is_negative(bn)) + neg = "-"; + return ossl_prov_bio_printf(out, "%s%s%s" BN_FMTu " (%s0x" BN_FMTx ")\n", label, post_label_spc, neg, words[0], neg, words[0]); + } - if (neg[0] == '-') + hex_str = BN_bn2hex(bn); + p = hex_str; + if (*p == '-') { + ++p; neg = " (Negative)"; - + } if (ossl_prov_bio_printf(out, "%s%s\n", label, neg) <= 0) - return 0; + goto err; /* Keep track of how many bytes we have printed out so far */ - n = 0; - - /* - * OpenSSL BIGNUMs are little endian limbs, so we print them last to - * first limb. - * i is used as limb index, j is used as the "byte index" in the limb - */ - for (i = bytes / BN_BYTES - 1; i >= 0; i--) { - BN_ULONG l = words[i]; - int j; - - for (j = BN_BYTES - 1; j >= 0; j--) { - int o = 8 * j; - int b = ((l & (0xffLU << o)) >> o) & 0xff; - - /* Indent every new line with 4 spaces */ - if ((n % 15) == 0) { - if (n > 0) - if (ossl_prov_bio_printf(out, "\n") <= 0) - return 0; - if (ossl_prov_bio_printf(out, " ") <= 0) - return 0; - } - - /* - * Upper bit set, then we print an extra zero and pretend the - * BIGNUM was one byte longer - */ - if (n == 0 && b > 127) { - if (ossl_prov_bio_printf(out, "%02x:", 0) <= 0) - return 0; - n++; - bytes++; - } - - if (++n < bytes) { - if (ossl_prov_bio_printf(out, "%02x:", b) <= 0) - return 0; - } else { - if (ossl_prov_bio_printf(out, "%02x", b) <= 0) - return 0; - } + bytes = 0; + + if (ossl_prov_bio_printf(out, "%s", spaces) <= 0) + goto err; + + /* Add a leading 00 if the top bit is set */ + if (*p >= '8') { + if (ossl_prov_bio_printf(out, "%02x", 0) <= 0) + goto err; + ++bytes; + use_sep = 1; + } + while (*p != '\0') { + /* Do a newline after every 15 hex bytes + add the space indent */ + if ((bytes % 15) == 0 && bytes > 0) { + if (ossl_prov_bio_printf(out, ":\n%s", spaces) <= 0) + goto err; + use_sep = 0; /* The first byte on the next line doesnt have a : */ } + if (ossl_prov_bio_printf(out, "%s%c%c", use_sep ? ":" : "", + ossl_tolower(p[0]), ossl_tolower(p[1])) <= 0) + goto err; + ++bytes; + p += 2; + use_sep = 1; } if (ossl_prov_bio_printf(out, "\n") <= 0) - return 0; - - return 1; + goto err; + ret = 1; +err: + OPENSSL_free(hex_str); + return ret; } /* Number of octets per line */ diff --git a/providers/implementations/serializers/serializer_dsa.c b/providers/implementations/serializers/serializer_dsa.c index c26be47e66..f5189d05fb 100644 --- a/providers/implementations/serializers/serializer_dsa.c +++ b/providers/implementations/serializers/serializer_dsa.c @@ -19,6 +19,8 @@ #include "prov/implementations.h" /* rsa_keymgmt_functions */ #include "prov/providercommonerr.h" /* PROV_R_BN_ERROR */ #include "serializer_local.h" +#include "internal/ffc.h" +#include "crypto/dsa.h" OSSL_OP_keymgmt_new_fn *ossl_prov_get_keymgmt_dsa_new(void) { @@ -39,7 +41,7 @@ int ossl_prov_print_dsa(BIO *out, DSA *dsa, enum dsa_print_type type) { const char *type_label = NULL; const BIGNUM *priv_key = NULL, *pub_key = NULL; - const BIGNUM *p = NULL, *q = NULL, *g = NULL; + const BIGNUM *p = NULL; switch (type) { @@ -66,15 +68,13 @@ int ossl_prov_print_dsa(BIO *out, DSA *dsa, enum dsa_print_type type) goto null_err; } - p = DSA_get0_p(dsa); - q = DSA_get0_q(dsa); - g = DSA_get0_p(dsa); - if (p == NULL || q == NULL || g == NULL) + p = DSA_get0_p(dsa); + if (p == NULL) goto null_err; - if (ossl_prov_bio_printf(out, "%s: (%d bit)\n", type_label, BN_num_bits(p)) - <= 0) + if (ossl_prov_bio_printf(out, "%s: (%d bit)\n", type_label, + BN_num_bits(p)) <= 0) goto err; if (priv_key != NULL && !ossl_prov_print_labeled_bignum(out, "priv:", priv_key)) @@ -82,11 +82,7 @@ int ossl_prov_print_dsa(BIO *out, DSA *dsa, enum dsa_print_type type) if (pub_key != NULL && !ossl_prov_print_labeled_bignum(out, "pub: ", pub_key)) goto err; - if (!ossl_prov_print_labeled_bignum(out, "P: ", p)) - goto err; - if (!ossl_prov_print_labeled_bignum(out, "Q: ", q)) - goto err; - if (!ossl_prov_print_labeled_bignum(out, "G: ", g)) + if (!ffc_params_prov_print(out, dsa_get0_params(dsa))) goto err; return 1; diff --git a/providers/implementations/serializers/serializer_ffc_params.c b/providers/implementations/serializers/serializer_ffc_params.c new file mode 100644 index 0000000000..da38763cfe --- /dev/null +++ b/providers/implementations/serializers/serializer_ffc_params.c @@ -0,0 +1,58 @@ +/* + * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* Utility function for printing DSA/DH params. */ + +#include "prov/bio.h" +#include "serializer_local.h" + +int ffc_params_prov_print(BIO *out, const FFC_PARAMS *ffc) +{ + if (ffc->nid != NID_undef) { + const char *name = ffc_named_group_from_nid(ffc->nid); + + if (name == NULL) + goto err; + if (ossl_prov_bio_printf(out, "GROUP: %s\n", name) <= 0) + goto err; + return 1; + } + + if (!ossl_prov_print_labeled_bignum(out, "P: ", ffc->p)) + goto err; + if (ffc->q != NULL) { + if (!ossl_prov_print_labeled_bignum(out, "Q: ", ffc->q)) + goto err; + } + if (!ossl_prov_print_labeled_bignum(out, "G: ", ffc->g)) + goto err; + if (ffc->j != NULL) { + if (!ossl_prov_print_labeled_bignum(out, "J: ", ffc->j)) + goto err; + } + if (ffc->seed != NULL) { + if (!ossl_prov_print_labeled_buf(out, "SEED:", ffc->seed, ffc->seedlen)) + goto err; + } + if (ffc->gindex != -1) { + if (ossl_prov_bio_printf(out, "gindex: %d\n", ffc->gindex) <= 0) + goto err; + } + if (ffc->pcounter != -1) { + if (ossl_prov_bio_printf(out, "pcounter: %d\n", ffc->pcounter) <= 0) + goto err; + } + if (ffc->h != 0) { + if (ossl_prov_bio_printf(out, "h: %d\n", ffc->h) <= 0) + goto err; + } + return 1; +err: + return 0; +} diff --git a/providers/implementations/serializers/serializer_local.h b/providers/implementations/serializers/serializer_local.h index b1c36a2221..2ee610565e 100644 --- a/providers/implementations/serializers/serializer_local.h +++ b/providers/implementations/serializers/serializer_local.h @@ -14,6 +14,7 @@ #include <openssl/x509.h> /* X509_SIG */ #include <openssl/types.h> #include <crypto/ecx.h> +#include "internal/ffc.h" struct pkcs8_encrypt_ctx_st { /* Set to 1 if intending to encrypt/decrypt, otherwise 0 */ @@ -54,6 +55,7 @@ int ossl_prov_prepare_ec_params(const void *eckey, int nid, int ossl_prov_ec_pub_to_der(const void *eckey, unsigned char **pder); int ossl_prov_ec_priv_to_der(const void *eckey, unsigned char **pder); +int ffc_params_prov_print(BIO *out, const FFC_PARAMS *ffc); int ossl_prov_prepare_dh_params(const void *dh, int nid, void **pstr, int *pstrtype); int ossl_prov_dh_pub_to_der(const void *dh, unsigned char **pder); |