1 files changed, 256 insertions, 0 deletions

diff --git a/SoftHSMv2/src/lib/crypto/OSSLDSAPrivateKey.cpp b/SoftHSMv2/src/lib/crypto/OSSLDSAPrivateKey.cpp
new file mode 100644
index 0000000..527e041
--- /dev/null
+++ b/SoftHSMv2/src/lib/crypto/OSSLDSAPrivateKey.cpp
@@ -0,0 +1,256 @@
+/*
+ * Copyright (c) 2010 SURFnet bv
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
+ * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
+ * IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+ * IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*****************************************************************************
+ OSSLDSAPrivateKey.cpp
+
+ OpenSSL DSA private key class
+ *****************************************************************************/
+
+#include "config.h"
+#include "log.h"
+#include "OSSLComp.h"
+#include "OSSLDSAPrivateKey.h"
+#include "OSSLUtil.h"
+#include <openssl/bn.h>
+#include <openssl/x509.h>
+#ifdef WITH_FIPS
+#include <openssl/fips.h>
+#endif
+#include <string.h>
+
+// Constructors
+OSSLDSAPrivateKey::OSSLDSAPrivateKey()
+{
+	dsa = NULL;
+}
+
+OSSLDSAPrivateKey::OSSLDSAPrivateKey(const DSA* inDSA)
+{
+	dsa = NULL;
+
+	setFromOSSL(inDSA);
+}
+
+// Destructor
+OSSLDSAPrivateKey::~OSSLDSAPrivateKey()
+{
+	DSA_free(dsa);
+}
+
+// The type
+/*static*/ const char* OSSLDSAPrivateKey::type = "OpenSSL DSA Private Key";
+
+// Set from OpenSSL representation
+void OSSLDSAPrivateKey::setFromOSSL(const DSA* inDSA)
+{
+	const BIGNUM* bn_p = NULL;
+	const BIGNUM* bn_q = NULL;
+	const BIGNUM* bn_g = NULL;
+	const BIGNUM* bn_priv_key = NULL;
+
+	DSA_get0_pqg(inDSA, &bn_p, &bn_q, &bn_g);
+	DSA_get0_key(inDSA, NULL, &bn_priv_key);
+
+	if (bn_p)
+	{
+		ByteString inP = OSSL::bn2ByteString(bn_p);
+		setP(inP);
+	}
+	if (bn_q)
+	{
+		ByteString inQ = OSSL::bn2ByteString(bn_q);
+		setQ(inQ);
+	}
+	if (bn_g)
+	{
+		ByteString inG = OSSL::bn2ByteString(bn_g);
+		setG(inG);
+	}
+	if (bn_priv_key)
+	{
+		ByteString inX = OSSL::bn2ByteString(bn_priv_key);
+		setX(inX);
+	}
+}
+
+// Check if the key is of the given type
+bool OSSLDSAPrivateKey::isOfType(const char* inType)
+{
+	return !strcmp(type, inType);
+}
+
+// Setters for the DSA private key components
+void OSSLDSAPrivateKey::setX(const ByteString& inX)
+{
+	DSAPrivateKey::setX(inX);
+
+	if (dsa)
+	{
+		DSA_free(dsa);
+		dsa = NULL;
+	}
+}
+
+
+// Setters for the DSA domain parameters
+void OSSLDSAPrivateKey::setP(const ByteString& inP)
+{
+	DSAPrivateKey::setP(inP);
+
+	if (dsa)
+	{
+		DSA_free(dsa);
+		dsa = NULL;
+	}
+}
+
+void OSSLDSAPrivateKey::setQ(const ByteString& inQ)
+{
+	DSAPrivateKey::setQ(inQ);
+
+	if (dsa)
+	{
+		DSA_free(dsa);
+		dsa = NULL;
+	}
+}
+
+void OSSLDSAPrivateKey::setG(const ByteString& inG)
+{
+	DSAPrivateKey::setG(inG);
+
+	if (dsa)
+	{
+		DSA_free(dsa);
+		dsa = NULL;
+	}
+}
+
+// Encode into PKCS#8 DER
+ByteString OSSLDSAPrivateKey::PKCS8Encode()
+{
+	ByteString der;
+	if (dsa == NULL) createOSSLKey();
+	if (dsa == NULL) return der;
+	EVP_PKEY* pkey = EVP_PKEY_new();
+	if (pkey == NULL) return der;
+	if (!EVP_PKEY_set1_DSA(pkey, dsa))
+	{
+		EVP_PKEY_free(pkey);
+		return der;
+	}
+	PKCS8_PRIV_KEY_INFO* p8inf = EVP_PKEY2PKCS8(pkey);
+	EVP_PKEY_free(pkey);
+	if (p8inf == NULL) return der;
+	int len = i2d_PKCS8_PRIV_KEY_INFO(p8inf, NULL);
+	if (len < 0)
+	{
+		PKCS8_PRIV_KEY_INFO_free(p8inf);
+		return der;
+	}
+	der.resize(len);
+	unsigned char* priv = &der[0];
+	int len2 = i2d_PKCS8_PRIV_KEY_INFO(p8inf, &priv);
+	PKCS8_PRIV_KEY_INFO_free(p8inf);
+	if (len2 != len) der.wipe();
+	return der;
+}
+
+// Decode from PKCS#8 BER
+bool OSSLDSAPrivateKey::PKCS8Decode(const ByteString& ber)
+{
+	int len = ber.size();
+	if (len <= 0) return false;
+	const unsigned char* priv = ber.const_byte_str();
+	PKCS8_PRIV_KEY_INFO* p8 = d2i_PKCS8_PRIV_KEY_INFO(NULL, &priv, len);
+	if (p8 == NULL) return false;
+	EVP_PKEY* pkey = EVP_PKCS82PKEY(p8);
+	PKCS8_PRIV_KEY_INFO_free(p8);
+	if (pkey == NULL) return false;
+	DSA* key = EVP_PKEY_get1_DSA(pkey);
+	EVP_PKEY_free(pkey);
+	if (key == NULL) return false;
+	setFromOSSL(key);
+	DSA_free(key);
+	return true;
+}
+
+// Retrieve the OpenSSL representation of the key
+DSA* OSSLDSAPrivateKey::getOSSLKey()
+{
+	if (dsa == NULL) createOSSLKey();
+
+	return dsa;
+}
+
+// Create the OpenSSL representation of the key
+void OSSLDSAPrivateKey::createOSSLKey()
+{
+	if (dsa != NULL) return;
+
+	BN_CTX *ctx = BN_CTX_new();
+	if (ctx == NULL)
+	{
+		ERROR_MSG("Could not create BN_CTX");
+		return;
+	}
+
+	dsa = DSA_new();
+	if (dsa == NULL)
+	{
+		ERROR_MSG("Could not create DSA object");
+		return;
+	}
+
+	// Use the OpenSSL implementation and not any engine
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+
+#ifdef WITH_FIPS
+	if (FIPS_mode())
+		DSA_set_method(dsa, FIPS_dsa_openssl());
+	else
+		DSA_set_method(dsa, DSA_OpenSSL());
+#else
+	DSA_set_method(dsa, DSA_OpenSSL());
+#endif
+
+#else
+	DSA_set_method(dsa, DSA_OpenSSL());
+#endif
+
+	BIGNUM* bn_p = OSSL::byteString2bn(p);
+	BIGNUM* bn_q = OSSL::byteString2bn(q);
+	BIGNUM* bn_g = OSSL::byteString2bn(g);
+	BIGNUM* bn_priv_key = OSSL::byteString2bn(x);
+	BIGNUM* bn_pub_key = BN_new();
+
+	BN_mod_exp(bn_pub_key, bn_g, bn_priv_key, bn_p, ctx);
+	BN_CTX_free(ctx);
+
+	DSA_set0_pqg(dsa, bn_p, bn_q, bn_g);
+	DSA_set0_key(dsa, bn_pub_key, bn_priv_key);
+}