stdlib/ext/openssl/ossl_pkey_dsa.c

   1 /*
   2  * $Id: ossl_pkey_dsa.c 12043 2007-03-12 04:12:32Z knu $
   3  * 'OpenSSL for Ruby' project
   4  * Copyright (C) 2001-2002  Michal Rokos <m.rokos@sh.cvut.cz>
   5  * All rights reserved.
   6  */
   7 /*
   8  * This program is licenced under the same licence as Ruby.
   9  * (See the file 'LICENCE'.)
  10  */
  11 #if !defined(OPENSSL_NO_DSA)
  12
  13 #include "ossl.h"
  14
  15 #define GetPKeyDSA(obj, pkey) do { \
  16     GetPKey(obj, pkey); \
  17     if (EVP_PKEY_type(pkey->type) != EVP_PKEY_DSA) { /* PARANOIA? */ \
  18         ossl_raise(rb_eRuntimeError, "THIS IS NOT A DSA!"); \
  19     } \
  20 } while (0)
  21
  22 #define DSA_HAS_PRIVATE(dsa) ((dsa)->priv_key)
  23 #define DSA_PRIVATE(obj,dsa) (DSA_HAS_PRIVATE(dsa)||OSSL_PKEY_IS_PRIVATE(obj))
  24
  25 /*
  26  * Classes
  27  */
  28 VALUE cDSA;
  29 VALUE eDSAError;
  30
  31 /*
  32  * Public
  33  */
  34 static VALUE
  35 dsa_instance(VALUE klass, DSA *dsa)
  36 {
  37     EVP_PKEY *pkey;
  38     VALUE obj;
  39
  40     if (!dsa) {
  41         return Qfalse;
  42     }
  43     if (!(pkey = EVP_PKEY_new())) {
  44         return Qfalse;
  45     }
  46     if (!EVP_PKEY_assign_DSA(pkey, dsa)) {
  47         EVP_PKEY_free(pkey);
  48         return Qfalse;
  49     }
  50     WrapPKey(klass, obj, pkey);
  51
  52     return obj;
  53 }
  54
  55 VALUE
  56 ossl_dsa_new(EVP_PKEY *pkey)
  57 {
  58     VALUE obj;
  59
  60     if (!pkey) {
  61         obj = dsa_instance(cDSA, DSA_new());
  62     } else {
  63         if (EVP_PKEY_type(pkey->type) != EVP_PKEY_DSA) {
  64             ossl_raise(rb_eTypeError, "Not a DSA key!");
  65         }
  66         WrapPKey(cDSA, obj, pkey);
  67     }
  68     if (obj == Qfalse) {
  69         ossl_raise(eDSAError, NULL);
  70     }
  71
  72     return obj;
  73 }
  74
  75 /*
  76  * Private
  77  */
  78 static DSA *
  79 dsa_generate(int size)
  80 {
  81     DSA *dsa;
  82     unsigned char seed[20];
  83     int seed_len = 20, counter;
  84     unsigned long h;
  85
  86     if (!RAND_bytes(seed, seed_len)) {
  87         return 0;
  88     }
  89     dsa = DSA_generate_parameters(size, seed, seed_len, &counter, &h,
  90             rb_block_given_p() ? ossl_generate_cb : NULL,
  91             NULL);
  92     if(!dsa) return 0;
  93
  94     if (!DSA_generate_key(dsa)) {
  95         DSA_free(dsa);
  96         return 0;
  97     }
  98
  99     return dsa;
 100 }
 101
 102 static VALUE
 103 ossl_dsa_s_generate(VALUE klass, VALUE size)
 104 {
 105     DSA *dsa = dsa_generate(FIX2INT(size)); /* err handled by dsa_instance */
 106     VALUE obj = dsa_instance(klass, dsa);
 107
 108     if (obj == Qfalse) {
 109         DSA_free(dsa);
 110         ossl_raise(eDSAError, NULL);
 111     }
 112
 113     return obj;
 114 }
 115
 116 static VALUE
 117 ossl_dsa_initialize(int argc, VALUE *argv, VALUE self)
 118 {
 119     EVP_PKEY *pkey;
 120     DSA *dsa;
 121     BIO *in;
 122     char *passwd = NULL;
 123     VALUE arg, pass;
 124
 125     GetPKey(self, pkey);
 126     if(rb_scan_args(argc, argv, "02", &arg, &pass) == 0) {
 127         dsa = DSA_new();
 128     }
 129     else if (FIXNUM_P(arg)) {
 130         if (!(dsa = dsa_generate(FIX2INT(arg)))) {
 131             ossl_raise(eDSAError, NULL);
 132         }
 133     }
 134     else {
 135         if (!NIL_P(pass)) passwd = StringValuePtr(pass);
 136         arg = ossl_to_der_if_possible(arg);
 137         in = ossl_obj2bio(arg);
 138         dsa = PEM_read_bio_DSAPrivateKey(in, NULL, ossl_pem_passwd_cb, passwd);
 139         if (!dsa) {
 140             BIO_reset(in);
 141             dsa = PEM_read_bio_DSAPublicKey(in, NULL, NULL, NULL);
 142         }
 143         if (!dsa) {
 144             BIO_reset(in);
 145             dsa = PEM_read_bio_DSA_PUBKEY(in, NULL, NULL, NULL);
 146         }
 147         if (!dsa) {
 148             BIO_reset(in);
 149             dsa = d2i_DSAPrivateKey_bio(in, NULL);
 150         }
 151         if (!dsa) {
 152             BIO_reset(in);
 153             dsa = d2i_DSA_PUBKEY_bio(in, NULL);
 154         }
 155         BIO_free(in);
 156         if (!dsa) ossl_raise(eDSAError, "Neither PUB key nor PRIV key:");
 157     }
 158     if (!EVP_PKEY_assign_DSA(pkey, dsa)) {
 159         DSA_free(dsa);
 160         ossl_raise(eDSAError, NULL);
 161     }
 162
 163     return self;
 164 }
 165
 166 static VALUE
 167 ossl_dsa_is_public(VALUE self)
 168 {
 169     EVP_PKEY *pkey;
 170
 171     GetPKeyDSA(self, pkey);
 172
 173     /*
 174      * Do we need to check dsap->dsa->public_pkey?
 175      * return Qtrue;
 176      */
 177     return (pkey->pkey.dsa->pub_key) ? Qtrue : Qfalse;
 178 }
 179
 180 static VALUE
 181 ossl_dsa_is_private(VALUE self)
 182 {
 183     EVP_PKEY *pkey;
 184
 185     GetPKeyDSA(self, pkey);
 186
 187     return (DSA_PRIVATE(self, pkey->pkey.dsa)) ? Qtrue : Qfalse;
 188 }
 189
 190 static VALUE
 191 ossl_dsa_export(int argc, VALUE *argv, VALUE self)
 192 {
 193     EVP_PKEY *pkey;
 194     BIO *out;
 195     const EVP_CIPHER *ciph = NULL;
 196     char *passwd = NULL;
 197     VALUE cipher, pass, str;
 198
 199     GetPKeyDSA(self, pkey);
 200     rb_scan_args(argc, argv, "02", &cipher, &pass);
 201     if (!NIL_P(cipher)) {
 202         ciph = GetCipherPtr(cipher);
 203         if (!NIL_P(pass)) {
 204             passwd = StringValuePtr(pass);
 205         }
 206     }
 207     if (!(out = BIO_new(BIO_s_mem()))) {
 208         ossl_raise(eDSAError, NULL);
 209     }
 210     if (DSA_HAS_PRIVATE(pkey->pkey.dsa)) {
 211         if (!PEM_write_bio_DSAPrivateKey(out, pkey->pkey.dsa, ciph,
 212                                          NULL, 0, ossl_pem_passwd_cb, passwd)){
 213             BIO_free(out);
 214             ossl_raise(eDSAError, NULL);
 215         }
 216     } else {
 217         if (!PEM_write_bio_DSAPublicKey(out, pkey->pkey.dsa)) {
 218             BIO_free(out);
 219             ossl_raise(eDSAError, NULL);
 220         }
 221     }
 222     str = ossl_membio2str(out);
 223
 224     return str;
 225 }
 226
 227 static VALUE
 228 ossl_dsa_to_der(VALUE self)
 229 {
 230     EVP_PKEY *pkey;
 231     int (*i2d_func)_((DSA*, unsigned char**));
 232     unsigned char *p;
 233     long len;
 234     VALUE str;
 235
 236     GetPKeyDSA(self, pkey);
 237     if(DSA_HAS_PRIVATE(pkey->pkey.dsa))
 238         i2d_func = (int(*)_((DSA*,unsigned char**)))i2d_DSAPrivateKey;
 239     else
 240         i2d_func = i2d_DSA_PUBKEY;
 241     if((len = i2d_func(pkey->pkey.dsa, NULL)) <= 0)
 242         ossl_raise(eDSAError, NULL);
 243     str = rb_str_new(0, len);
 244     p = RSTRING(str)->ptr;
 245     if(i2d_func(pkey->pkey.dsa, &p) < 0)
 246         ossl_raise(eDSAError, NULL);
 247     ossl_str_adjust(str, p);
 248
 249     return str;
 250 }
 251
 252 /*
 253  * Stores all parameters of key to the hash
 254  * INSECURE: PRIVATE INFORMATIONS CAN LEAK OUT!!!
 255  * Don't use :-)) (I's up to you)
 256  */
 257 static VALUE
 258 ossl_dsa_get_params(VALUE self)
 259 {
 260     EVP_PKEY *pkey;
 261     VALUE hash;
 262
 263     GetPKeyDSA(self, pkey);
 264
 265     hash = rb_hash_new();
 266
 267     rb_hash_aset(hash, rb_str_new2("p"), ossl_bn_new(pkey->pkey.dsa->p));
 268     rb_hash_aset(hash, rb_str_new2("q"), ossl_bn_new(pkey->pkey.dsa->q));
 269     rb_hash_aset(hash, rb_str_new2("g"), ossl_bn_new(pkey->pkey.dsa->g));
 270     rb_hash_aset(hash, rb_str_new2("pub_key"), ossl_bn_new(pkey->pkey.dsa->pub_key));
 271     rb_hash_aset(hash, rb_str_new2("priv_key"), ossl_bn_new(pkey->pkey.dsa->priv_key));
 272
 273     return hash;
 274 }
 275
 276 /*
 277  * Prints all parameters of key to buffer
 278  * INSECURE: PRIVATE INFORMATIONS CAN LEAK OUT!!!
 279  * Don't use :-)) (I's up to you)
 280  */
 281 static VALUE
 282 ossl_dsa_to_text(VALUE self)
 283 {
 284     EVP_PKEY *pkey;
 285     BIO *out;
 286     VALUE str;
 287
 288     GetPKeyDSA(self, pkey);
 289     if (!(out = BIO_new(BIO_s_mem()))) {
 290         ossl_raise(eDSAError, NULL);
 291     }
 292     if (!DSA_print(out, pkey->pkey.dsa, 0)) { /* offset = 0 */
 293         BIO_free(out);
 294         ossl_raise(eDSAError, NULL);
 295     }
 296     str = ossl_membio2str(out);
 297
 298     return str;
 299 }
 300
 301 /*
 302  * Makes new instance DSA PUBLIC_KEY from PRIVATE_KEY
 303  */
 304 static VALUE
 305 ossl_dsa_to_public_key(VALUE self)
 306 {
 307     EVP_PKEY *pkey;
 308     DSA *dsa;
 309     VALUE obj;
 310
 311     GetPKeyDSA(self, pkey);
 312     /* err check performed by dsa_instance */
 313     dsa = DSAPublicKey_dup(pkey->pkey.dsa);
 314     obj = dsa_instance(CLASS_OF(self), dsa);
 315     if (obj == Qfalse) {
 316         DSA_free(dsa);
 317         ossl_raise(eDSAError, NULL);
 318     }
 319     return obj;
 320 }
 321
 322 #define ossl_dsa_buf_size(pkey) (DSA_size((pkey)->pkey.dsa)+16)
 323
 324 static VALUE
 325 ossl_dsa_sign(VALUE self, VALUE data)
 326 {
 327     EVP_PKEY *pkey;
 328     int buf_len;
 329     VALUE str;
 330
 331     GetPKeyDSA(self, pkey);
 332     StringValue(data);
 333     if (!DSA_PRIVATE(self, pkey->pkey.dsa)) {
 334         ossl_raise(eDSAError, "Private DSA key needed!");
 335     }
 336     str = rb_str_new(0, ossl_dsa_buf_size(pkey));
 337     if (!DSA_sign(0, RSTRING(data)->ptr, RSTRING(data)->len, RSTRING(str)->ptr,
 338                   &buf_len, pkey->pkey.dsa)) { /* type is ignored (0) */
 339         ossl_raise(eDSAError, NULL);
 340     }
 341     RSTRING(str)->len = buf_len;
 342     RSTRING(str)->ptr[buf_len] = 0;
 343
 344     return str;
 345 }
 346
 347 static VALUE
 348 ossl_dsa_verify(VALUE self, VALUE digest, VALUE sig)
 349 {
 350     EVP_PKEY *pkey;
 351     int ret;
 352
 353     GetPKeyDSA(self, pkey);
 354     StringValue(digest);
 355     StringValue(sig);
 356     /* type is ignored (0) */
 357     ret = DSA_verify(0, RSTRING(digest)->ptr, RSTRING(digest)->len,
 358                      RSTRING(sig)->ptr, RSTRING(sig)->len, pkey->pkey.dsa);
 359     if (ret < 0) {
 360         ossl_raise(eDSAError, NULL);
 361     }
 362     else if (ret == 1) {
 363         return Qtrue;
 364     }
 365
 366     return Qfalse;
 367 }
 368
 369 OSSL_PKEY_BN(dsa, p);
 370 OSSL_PKEY_BN(dsa, q);
 371 OSSL_PKEY_BN(dsa, g);
 372 OSSL_PKEY_BN(dsa, pub_key);
 373 OSSL_PKEY_BN(dsa, priv_key);
 374
 375 /*
 376  * INIT
 377  */
 378 void
 379 Init_ossl_dsa()
 380 {
 381 #if 0 /* let rdoc know about mOSSL and mPKey */
 382     mOSSL = rb_define_module("OpenSSL");
 383     mPKey = rb_define_module_under(mOSSL, "PKey");
 384 #endif
 385
 386     eDSAError = rb_define_class_under(mPKey, "DSAError", ePKeyError);
 387
 388     cDSA = rb_define_class_under(mPKey, "DSA", cPKey);
 389
 390     rb_define_singleton_method(cDSA, "generate", ossl_dsa_s_generate, 1);
 391     rb_define_method(cDSA, "initialize", ossl_dsa_initialize, -1);
 392
 393     rb_define_method(cDSA, "public?", ossl_dsa_is_public, 0);
 394     rb_define_method(cDSA, "private?", ossl_dsa_is_private, 0);
 395     rb_define_method(cDSA, "to_text", ossl_dsa_to_text, 0);
 396     rb_define_method(cDSA, "export", ossl_dsa_export, -1);
 397     rb_define_alias(cDSA, "to_pem", "export");
 398     rb_define_alias(cDSA, "to_s", "export");
 399     rb_define_method(cDSA, "to_der", ossl_dsa_to_der, 0);
 400     rb_define_method(cDSA, "public_key", ossl_dsa_to_public_key, 0);
 401     rb_define_method(cDSA, "syssign", ossl_dsa_sign, 1);
 402     rb_define_method(cDSA, "sysverify", ossl_dsa_verify, 2);
 403
 404     DEF_OSSL_PKEY_BN(cDSA, dsa, p);
 405     DEF_OSSL_PKEY_BN(cDSA, dsa, q);
 406     DEF_OSSL_PKEY_BN(cDSA, dsa, g);
 407     DEF_OSSL_PKEY_BN(cDSA, dsa, pub_key);
 408     DEF_OSSL_PKEY_BN(cDSA, dsa, priv_key);
 409
 410     rb_define_method(cDSA, "params", ossl_dsa_get_params, 0);
 411 }
 412
 413 #else /* defined NO_DSA */
 414 #   warning >>> OpenSSL is compiled without DSA support <<<
 415
 416 void
 417 Init_ossl_dsa()
 418 {
 419     rb_warning("OpenSSL is compiled without DSA support");
 420 }
 421
 422 #endif /* NO_DSA */