diff --git a/lib/dns/sec/dst/Makefile.in b/lib/dns/sec/dst/Makefile.in index 5a11a9796c..a6cec298b1 100644 --- a/lib/dns/sec/dst/Makefile.in +++ b/lib/dns/sec/dst/Makefile.in @@ -41,10 +41,12 @@ LIBS = @LIBS@ # Alphabetically OBJS = bsafe_link.@O@ dst_api.@O@ dst_parse.@O@ hmac_link.@O@ \ - openssl_link.@O@ dst_result.@O@ dst_support.@O@ dst_lib.@O@ + openssl_link.@O@ openssldh_link.@O@ dst_result.@O@ \ + dst_support.@O@ dst_lib.@O@ SRCS = bsafe_link.c dst_api.c dst_parse.c hmac_link.c \ - openssl_link.c dst_result.c dst_support.c dst_lib.c + openssl_link.c openssldh_link.c dst_result.c dst_support.c \ + dst_lib.c SUBDIRS = include TARGETS = ${OBJS} diff --git a/lib/dns/sec/dst/bsafe_link.c b/lib/dns/sec/dst/bsafe_link.c index a3a9e43452..ce826af927 100644 --- a/lib/dns/sec/dst/bsafe_link.c +++ b/lib/dns/sec/dst/bsafe_link.c @@ -19,7 +19,7 @@ /* * Principal Author: Brian Wellington - * $Id: bsafe_link.c,v 1.5 1999/09/23 20:54:34 bwelling Exp $ + * $Id: bsafe_link.c,v 1.6 1999/09/27 16:55:44 bwelling Exp $ */ #include @@ -111,18 +111,19 @@ static dst_result_t dst_bsafe_from_file(dst_key_t *key, const int id, isc_mem_t *mctx); /* - * dst_s_bsafe_init() + * dst_s_bsafersa_init() * Sets up function pointers for BSAFE/DNSSAFE related functions */ void -dst_s_bsafe_init() -{ +dst_s_bsafersa_init() { REQUIRE(dst_t_func[DST_ALG_RSA] == NULL); dst_t_func[DST_ALG_RSA] = &bsafe_functions; memset(&bsafe_functions, 0, sizeof(struct dst_func)); bsafe_functions.sign = dst_bsafe_sign; bsafe_functions.verify = dst_bsafe_verify; + bsafe_functions.computesecret = NULL; bsafe_functions.compare = dst_bsafe_compare; + bsafe_functions.paramcompare = NULL; bsafe_functions.generate = dst_bsafe_generate; bsafe_functions.isprivate = dst_bsafe_isprivate; bsafe_functions.destroy = dst_bsafe_destroy; @@ -388,7 +389,7 @@ dst_bsafe_verify(const unsigned int mode, dst_key_t *key, void **context, * ISC_TRUE * ISC_FALSE */ -isc_boolean_t +static isc_boolean_t dst_bsafe_isprivate(const dst_key_t *key) { RSA_Key *rkey = (RSA_Key *) key->opaque; return (rkey != NULL && rkey->rk_Private_Key != NULL); @@ -469,7 +470,6 @@ dst_bsafe_from_dns(dst_key_t *key, isc_buffer_t *data, isc_mem_t *mctx) { return (DST_R_NOMEMORY); memset(rkey, 0, sizeof(RSA_Key)); - key->opaque = (void *) rkey; if (B_CreateKeyObject(&rkey->rk_Public_Key) != 0) { isc_mem_put(mctx, rkey, sizeof(RSA_Key)); @@ -542,6 +542,9 @@ dst_bsafe_from_dns(dst_key_t *key, isc_buffer_t *data, isc_mem_t *mctx) { memset(public->modulus.data, 0, public->modulus.len); isc_mem_put(mctx, public->modulus.data, public->modulus.len); isc_mem_put(mctx, public, sizeof(*public)); + + key->opaque = (void *) rkey; + return (DST_R_SUCCESS); } diff --git a/lib/dns/sec/dst/dst_api.c b/lib/dns/sec/dst/dst_api.c index f964727a90..8321ee3ab0 100644 --- a/lib/dns/sec/dst/dst_api.c +++ b/lib/dns/sec/dst/dst_api.c @@ -17,7 +17,7 @@ /* * Principal Author: Brian Wellington - * $Id: dst_api.c,v 1.10 1999/09/23 20:54:35 bwelling Exp $ + * $Id: dst_api.c,v 1.11 1999/09/27 16:55:44 bwelling Exp $ */ #include @@ -122,6 +122,8 @@ dst_sign(const unsigned int mode, dst_key_t *key, dst_context_t *context, return (DST_R_UNSUPPORTEDALG); if (key->opaque == NULL) return (DST_R_NULLKEY); + if (key->func->sign == NULL) + return (DST_R_NOTPRIVATEKEY); return (key->func->sign(mode, key, (void **)context, data, sig, key->mctx)); @@ -169,14 +171,55 @@ dst_verify(const unsigned int mode, dst_key_t *key, dst_context_t *context, return (DST_R_UNSUPPORTEDALG); if (key->opaque == NULL) return (DST_R_NULLKEY); + if (key->func->verify == NULL) + return (DST_R_NOTPUBLICKEY); return (key->func->verify(mode, key, (void **)context, data, sig, key->mctx)); } +/* + * dst_computesecret + * A function to compute a shared secret from two (Diffie-Hellman) keys. + * Parameters + * pub The public key + * priv The private key + * secret A buffer into which the secret is written + * Returns + * DST_R_SUCCESS Success + * !DST_R_SUCCESS Failure + */ +dst_result_t +dst_computesecret(const dst_key_t *pub, const dst_key_t *priv, + isc_buffer_t *secret) +{ + RUNTIME_CHECK(isc_once_do(&once, initialize) == ISC_R_SUCCESS); + REQUIRE(VALID_KEY(pub) && VALID_KEY(priv)); + REQUIRE(secret != NULL); + + if (dst_supported_algorithm(pub->key_alg) == ISC_FALSE || + dst_supported_algorithm(priv->key_alg) == ISC_FALSE) + return (DST_R_UNSUPPORTEDALG); + + if (pub->opaque == NULL || priv->opaque == NULL) + return (DST_R_NULLKEY); + + if (pub->key_alg != priv->key_alg || + pub->func->computesecret == NULL || + priv->func->computesecret == NULL) + return (DST_R_KEYCANNOTCOMPUTESECRET); + + if (dst_key_isprivate(priv) == ISC_FALSE) + return (DST_R_NOTPRIVATEKEY); + + return (pub->func->computesecret(pub, priv, secret)); +} + /* * dst_key_tofile * Writes a key to disk. The key can either be a public or private key. + * The public key is written in DNS format and the private key is + * written as a set of base64 encoded values. * Parameters * key The key to be written. * type Either DST_PUBLIC or DST_PRIVATE, or both @@ -441,17 +484,22 @@ dst_key_tobuffer(const dst_key_t *key, isc_buffer_t *target) { /* * dst_key_generate - * Generate and store a public/private keypair. - * Keys will be stored in formatted files. + * Generate a public/private keypair. * Parameters * name Name of the new key. Used to create key files * K++.public * K++.private * alg The algorithm to use * bits Size of the new key in bits - * param Algorithm specific (currently RSA only) + * param Algorithm specific + * RSA: exponent * 0 use exponent 3 * !0 use Fermat4 (2^16 + 1) + * DH: generator + * 0 default - use well-known prime if bits == 768 + * or 1024, otherwise use generator 2 + * !0 use this value as the generator + * DSA/HMACMD5: unused * flags The default value of the DNS Key flags. * protocol Default value of the DNS Key protocol field. * mctx The memory context used to allocate the key @@ -520,6 +568,34 @@ dst_key_compare(const dst_key_t *key1, const dst_key_t *key2) { else return (ISC_FALSE); } +/* + * dst_key_paramcompare + * Compares two keys' parameters for equality. This is designed to + * determine if two (Diffie-Hellman) keys can be used to derive a shared + * secret. + * Parameters + * key1, key2 Two keys whose parameters are to be compared. + * Returns + * ISC_TRUE The keys' parameters are equal. + * ISC_FALSE The keys' parameters are not equal. + */ +isc_boolean_t +dst_key_paramcompare(const dst_key_t *key1, const dst_key_t *key2) { + RUNTIME_CHECK(isc_once_do(&once, initialize) == ISC_R_SUCCESS); + REQUIRE(VALID_KEY(key1)); + REQUIRE(VALID_KEY(key2)); + + if (key1 == key2) + return (ISC_TRUE); + if (key1 == NULL || key2 == NULL) + return (ISC_FALSE); + if (key1->key_alg == key2->key_alg && + key1->func->paramcompare != NULL && + key1->func->paramcompare(key1, key2) == ISC_TRUE) + return (ISC_TRUE); + else + return (ISC_FALSE); +} /* * dst_key_free @@ -609,6 +685,7 @@ dst_sig_size(const dst_key_t *key) { return (16); case DST_ALG_HMACSHA1: return (20); + case DST_ALG_DH: default: REQUIRE(ISC_FALSE); return (-1); @@ -668,10 +745,11 @@ initialize() { dst_s_hmacmd5_init(); #if defined(BSAFE) || defined(DNSSAFE) - dst_s_bsafe_init(); + dst_s_bsafersa_init(); #endif #ifdef OPENSSL - dst_s_openssl_init(); + dst_s_openssldsa_init(); + dst_s_openssldh_init(); #endif } diff --git a/lib/dns/sec/dst/dst_internal.h b/lib/dns/sec/dst/dst_internal.h index 9ede6460aa..2f6f43e618 100644 --- a/lib/dns/sec/dst/dst_internal.h +++ b/lib/dns/sec/dst/dst_internal.h @@ -63,7 +63,12 @@ struct dst_func { dst_result_t (*verify)(const unsigned int mode, dst_key_t *key, void **context, isc_region_t *data, isc_region_t *sig, isc_mem_t *mctx); + dst_result_t (*computesecret)(const dst_key_t *pub, + const dst_key_t *priv, + isc_buffer_t *secret); isc_boolean_t (*compare)(const dst_key_t *key1, const dst_key_t *key2); + isc_boolean_t (*paramcompare)(const dst_key_t *key1, + const dst_key_t *key2); dst_result_t (*generate)(dst_key_t *key, int parms, isc_mem_t *mctx); isc_boolean_t (*isprivate)(const dst_key_t *key); void (*destroy)(void *key, isc_mem_t *mctx); @@ -87,8 +92,9 @@ extern dst_func *dst_t_func[DST_MAX_ALGS]; #endif void dst_s_hmacmd5_init(void); -void dst_s_bsafe_init(void); -void dst_s_openssl_init(void); +void dst_s_bsafersa_init(void); +void dst_s_openssldsa_init(void); +void dst_s_openssldh_init(void); /* support functions */ diff --git a/lib/dns/sec/dst/dst_parse.c b/lib/dns/sec/dst/dst_parse.c index ceaeb2ee6b..fa39801524 100644 --- a/lib/dns/sec/dst/dst_parse.c +++ b/lib/dns/sec/dst/dst_parse.c @@ -17,7 +17,7 @@ /* * Principal Author: Brian Wellington - * $Id: dst_parse.c,v 1.4 1999/09/02 15:56:32 bwelling Exp $ + * $Id: dst_parse.c,v 1.5 1999/09/27 16:55:44 bwelling Exp $ */ #include @@ -47,6 +47,7 @@ #define PRIVATE_KEY_STR "Private-key-format:" #define ALGORITHM_STR "Algorithm:" #define RSA_STR "RSA" +#define DH_STR "DH" #define DSA_STR "DSA" #define HMACMD5_STR "HMAC_MD5" @@ -65,6 +66,11 @@ static struct parse_map map[] = { {TAG_RSA_EXPONENT2, "Exponent2:"}, {TAG_RSA_COEFFICIENT, "Coefficient:"}, + {TAG_DH_PRIME, "Prime(p):"}, + {TAG_DH_GENERATOR, "Generator(g):"}, + {TAG_DH_PRIVATE, "Private_value(x):"}, + {TAG_DH_PUBLIC, "Public_value(y):"}, + {TAG_DSA_PRIME, "Prime(p):"}, {TAG_DSA_SUBPRIME, "Subprime(q):"}, {TAG_DSA_BASE, "Base(g):"}, @@ -114,6 +120,21 @@ check_rsa(const dst_private_t *priv) { return (0); } +static int +check_dh(const dst_private_t *priv) { + int i, j; + if (priv->nelements != DH_NTAGS) + return (-1); + for (i = 0; i < DH_NTAGS; i++) { + for (j = 0; j < priv->nelements; j++) + if (priv->elements[j].tag == TAG(DST_ALG_DH, i)) + break; + if (j == priv->nelements) + return (-1); + } + return (0); +} + static int check_dsa(const dst_private_t *priv) { int i, j; @@ -143,6 +164,8 @@ check_data(const dst_private_t *priv, const int alg) { switch (alg) { case DST_ALG_RSA: return (check_rsa(priv)); + case DST_ALG_DH: + return (check_dh(priv)); case DST_ALG_DSA: return (check_dsa(priv)); case DST_ALG_HMACMD5: @@ -330,6 +353,7 @@ dst_s_write_private_key_file(const char *name, const int alg, const int id, fprintf(fp, "%s %d ", ALGORITHM_STR, alg); switch (alg) { case DST_ALG_RSA: fprintf(fp, "(RSA)\n"); break; + case DST_ALG_DH: fprintf(fp, "(DH)\n"); break; case DST_ALG_DSA: fprintf(fp, "(DSA)\n"); break; case DST_ALG_HMACMD5: fprintf(fp, "(HMAC_MD5)\n"); break; default : fprintf(fp, "(?)\n"); break; diff --git a/lib/dns/sec/dst/dst_parse.h b/lib/dns/sec/dst/dst_parse.h index 78301da4ea..daace7c9b9 100644 --- a/lib/dns/sec/dst/dst_parse.h +++ b/lib/dns/sec/dst/dst_parse.h @@ -43,6 +43,12 @@ ISC_LANG_BEGINDECLS #define TAG_RSA_EXPONENT2 ((DST_ALG_RSA << TAG_SHIFT) + 6) #define TAG_RSA_COEFFICIENT ((DST_ALG_RSA << TAG_SHIFT) + 7) +#define DH_NTAGS 4 +#define TAG_DH_PRIME ((DST_ALG_DH << TAG_SHIFT) + 0) +#define TAG_DH_GENERATOR ((DST_ALG_DH << TAG_SHIFT) + 1) +#define TAG_DH_PRIVATE ((DST_ALG_DH << TAG_SHIFT) + 2) +#define TAG_DH_PUBLIC ((DST_ALG_DH << TAG_SHIFT) + 3) + #define DSA_NTAGS 5 #define TAG_DSA_PRIME ((DST_ALG_DSA << TAG_SHIFT) + 0) #define TAG_DSA_SUBPRIME ((DST_ALG_DSA << TAG_SHIFT) + 1) diff --git a/lib/dns/sec/dst/dst_result.c b/lib/dns/sec/dst/dst_result.c index d340f5196e..16cc3d5a71 100644 --- a/lib/dns/sec/dst/dst_result.c +++ b/lib/dns/sec/dst/dst_result.c @@ -17,7 +17,7 @@ /* * Principal Author: Brian Wellington - * $Id: dst_result.c,v 1.2 1999/09/23 20:54:35 bwelling Exp $ + * $Id: dst_result.c,v 1.3 1999/09/27 16:55:44 bwelling Exp $ */ #include @@ -49,6 +49,8 @@ static char *text[DST_R_NRESULTS] = { "verify final failure", /* 14 */ "not a public key", /* 15 */ "not a private key", /* 16 */ + "not a key that can compute a secret", /* 17 */ + "failure computing a shared secret", /* 18 */ }; #define DST_RESULT_RESULTSET 2 diff --git a/lib/dns/sec/dst/hmac_link.c b/lib/dns/sec/dst/hmac_link.c index 3d8f25d018..9f66b14d9e 100644 --- a/lib/dns/sec/dst/hmac_link.c +++ b/lib/dns/sec/dst/hmac_link.c @@ -17,7 +17,7 @@ /* * Principal Author: Brian Wellington - * $Id: hmac_link.c,v 1.7 1999/09/23 20:54:35 bwelling Exp $ + * $Id: hmac_link.c,v 1.8 1999/09/27 16:55:44 bwelling Exp $ */ #include @@ -87,7 +87,9 @@ dst_s_hmacmd5_init() memset(&hmacmd5_functions, 0, sizeof(struct dst_func)); hmacmd5_functions.sign = dst_hmacmd5_sign; hmacmd5_functions.verify = dst_hmacmd5_verify; + hmacmd5_functions.computesecret = NULL; hmacmd5_functions.compare = dst_hmacmd5_compare; + hmacmd5_functions.paramcompare = NULL; hmacmd5_functions.generate = dst_hmacmd5_generate; hmacmd5_functions.isprivate = dst_hmacmd5_isprivate; hmacmd5_functions.destroy = dst_hmacmd5_destroy; @@ -241,8 +243,10 @@ dst_hmacmd5_verify(const unsigned int mode, dst_key_t *key, void **context, * Returns * ISC_TRUE */ -isc_boolean_t +static isc_boolean_t dst_hmacmd5_isprivate(const dst_key_t *key) { + key = key; /* suppress warning */ + return (ISC_TRUE); } diff --git a/lib/dns/sec/dst/include/dst/dst.h b/lib/dns/sec/dst/include/dst/dst.h index 49fc39e164..d1546bedf8 100644 --- a/lib/dns/sec/dst/include/dst/dst.h +++ b/lib/dns/sec/dst/include/dst/dst.h @@ -96,6 +96,22 @@ dst_result_t dst_verify(const unsigned int mode, dst_key_t *key, dst_context_t *context, isc_region_t *data, isc_region_t *sig); +/* + * dst_computesecret + * A function to compute a shared secret from two (Diffie-Hellman) keys. + * + * Requires: + * "pub" is a valid key that can be used to derive a shared secret + * "priv" is a valid private key that can be used to derive a shared secret + * "secret" is a valid buffer + * + * Ensures: + * If successful, secret will contain the derived shared secret. + */ +dst_result_t +dst_computesecret(const dst_key_t *pub, const dst_key_t *priv, + isc_buffer_t *secret); + /* Reads a key from permanent storage. * * Requires: @@ -205,6 +221,15 @@ dst_key_generate(const char *name, const int alg, const int bits, isc_boolean_t dst_key_compare(const dst_key_t *key1, const dst_key_t *key2); +/* Compares the parameters of two DST keys. + * + * Requires: + * "key1" is a valid key. + * "key2" is a valid key. + */ +isc_boolean_t +dst_key_paramcompare(const dst_key_t *key1, const dst_key_t *key2); + /* Free a DST key. * * Requires: diff --git a/lib/dns/sec/dst/include/dst/result.h b/lib/dns/sec/dst/include/dst/result.h index 387c895991..8239007500 100644 --- a/lib/dns/sec/dst/include/dst/result.h +++ b/lib/dns/sec/dst/include/dst/result.h @@ -30,8 +30,10 @@ typedef unsigned int dst_result_t; #define DST_R_VERIFYFINALFAILURE (ISC_RESULTCLASS_DST + 14) #define DST_R_NOTPUBLICKEY (ISC_RESULTCLASS_DST + 15) #define DST_R_NOTPRIVATEKEY (ISC_RESULTCLASS_DST + 16) +#define DST_R_KEYCANNOTCOMPUTESECRET (ISC_RESULTCLASS_DST + 17) +#define DST_R_COMPUTESECRETFAILURE (ISC_RESULTCLASS_DST + 18) -#define DST_R_NRESULTS 17 /* Number of results */ +#define DST_R_NRESULTS 19 /* Number of results */ char * dst_result_totext(dst_result_t); diff --git a/lib/dns/sec/dst/openssl_link.c b/lib/dns/sec/dst/openssl_link.c index 1e2d4d6017..4f1194c249 100644 --- a/lib/dns/sec/dst/openssl_link.c +++ b/lib/dns/sec/dst/openssl_link.c @@ -19,7 +19,7 @@ /* * Principal Author: Brian Wellington - * $Id: openssl_link.c,v 1.7 1999/09/23 20:54:36 bwelling Exp $ + * $Id: openssl_link.c,v 1.8 1999/09/27 16:55:44 bwelling Exp $ */ #include @@ -55,7 +55,7 @@ static dst_result_t dst_openssl_verify(const unsigned int mode, isc_region_t *sig, isc_mem_t *mctx); static isc_boolean_t dst_openssl_compare(const dst_key_t *key1, const dst_key_t *key2); -static dst_result_t dst_openssl_generate(dst_key_t *key, int exp, +static dst_result_t dst_openssl_generate(dst_key_t *key, int unused, isc_mem_t *mctx); static isc_boolean_t dst_openssl_isprivate(const dst_key_t *key); static void dst_openssl_destroy(void *key, isc_mem_t *mctx); @@ -72,18 +72,19 @@ static int BN_bn2bin_fixed(BIGNUM *bn, unsigned char *buf, /* - * dst_s_openssl_init() + * dst_s_openssldsa_init() * Sets up function pointers for OpenSSL related functions */ void -dst_s_openssl_init() -{ +dst_s_openssldsa_init() { REQUIRE(dst_t_func[DST_ALG_DSA] == NULL); dst_t_func[DST_ALG_DSA] = &openssl_functions; memset(&openssl_functions, 0, sizeof(struct dst_func)); openssl_functions.sign = dst_openssl_sign; openssl_functions.verify = dst_openssl_verify; + openssl_functions.computesecret = NULL; openssl_functions.compare = dst_openssl_compare; + openssl_functions.paramcompare = NULL; /* is this useful for DSA? */ openssl_functions.generate = dst_openssl_generate; openssl_functions.isprivate = dst_openssl_isprivate; openssl_functions.destroy = dst_openssl_destroy; @@ -247,7 +248,7 @@ dst_openssl_verify(const unsigned int mode, dst_key_t *key, void **context, * ISC_TRUE * ISC_FALSE */ -isc_boolean_t +static isc_boolean_t dst_openssl_isprivate(const dst_key_t *key) { DSA *dsa = (DSA *) key->opaque; return (dsa != NULL && dsa->priv_key != NULL); @@ -330,7 +331,6 @@ dst_openssl_from_dns(dst_key_t *key, isc_buffer_t *data, isc_mem_t *mctx) { return (DST_R_NOMEMORY); memset(dsa, 0, sizeof(DSA)); - key->opaque = (void *) dsa; t = (unsigned int) *r.base++; if (t > 8) { @@ -363,6 +363,8 @@ dst_openssl_from_dns(dst_key_t *key, isc_buffer_t *data, isc_mem_t *mctx) { isc_buffer_forward(data, SHA_DIGEST_LENGTH + 3 * p_bytes); + key->opaque = (void *) dsa; + return (DST_R_SUCCESS); } @@ -456,7 +458,7 @@ dst_openssl_from_file(dst_key_t *key, const int id, isc_mem_t *mctx) { dsa = DSA_new(); if (dsa == NULL) DST_RET(DST_R_NOMEMORY); - memset(dsa, 0, sizeof(DSA *)); + memset(dsa, 0, sizeof(DSA)); key->opaque = dsa; for (i=0; i < priv.nelements; i++) { diff --git a/lib/dns/sec/dst/openssldh_link.c b/lib/dns/sec/dst/openssldh_link.c new file mode 100644 index 0000000000..c2aa360fe4 --- /dev/null +++ b/lib/dns/sec/dst/openssldh_link.c @@ -0,0 +1,666 @@ +#if defined(OPENSSL) + +/* + * Portions Copyright (c) 1995-1998 by Network Associates, Inc. + * + * Permission to use, copy modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND NETWORK ASSOCIATES + * DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL + * NETWORK ASSOCIATES BE LIABLE FOR ANY SPECIAL, DIRECT, + * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING + * FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, + * NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION + * WITH THE USE OR PERFORMANCE OF THE SOFTWARE. + */ + +/* + * Principal Author: Brian Wellington + * $Id: openssldh_link.c,v 1.1 1999/09/27 16:55:44 bwelling Exp $ + */ + +#include + +#include +#include +#include +#include +#include + +#include +#include +#include +#include + +#include "dst_internal.h" +#include "dst_parse.h" + +#include +#include +#include + +#define PRIME768 "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A63A3620FFFFFFFFFFFFFFFF" + +#define PRIME1024 "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE65381FFFFFFFFFFFFFFFF" + +static struct dst_func openssldh_functions; + +static dst_result_t dst_openssldh_computesecret(const dst_key_t *pub, + const dst_key_t *priv, + isc_buffer_t *secret); +static isc_boolean_t dst_openssldh_compare(const dst_key_t *key1, + const dst_key_t *key2); +static isc_boolean_t dst_openssldh_paramcompare(const dst_key_t *key1, + const dst_key_t *key2); +static dst_result_t dst_openssldh_generate(dst_key_t *key, int generator, + isc_mem_t *mctx); +static isc_boolean_t dst_openssldh_isprivate(const dst_key_t *key); +static void dst_openssldh_destroy(void *key, isc_mem_t *mctx); +static dst_result_t dst_openssldh_to_dns(const dst_key_t *in_key, + isc_buffer_t *data); +static dst_result_t dst_openssldh_from_dns(dst_key_t *key, + isc_buffer_t *data, + isc_mem_t *mctx); +static dst_result_t dst_openssldh_to_file(const dst_key_t *key); +static dst_result_t dst_openssldh_from_file(dst_key_t *key, const int id, + isc_mem_t *mctx); + +static void uint16_toregion(isc_uint16_t val, isc_region_t *region); +static isc_uint16_t uint16_fromregion(isc_region_t *region); + +static BIGNUM *bn2, *bn768, *bn1024; + +/* + * dst_s_openssldh_init() + * Sets up function pointers for OpenSSL related functions + */ +void +dst_s_openssldh_init() +{ + REQUIRE(dst_t_func[DST_ALG_DH] == NULL); + dst_t_func[DST_ALG_DH] = &openssldh_functions; + memset(&openssldh_functions, 0, sizeof(struct dst_func)); + openssldh_functions.sign = NULL; + openssldh_functions.verify = NULL; + openssldh_functions.computesecret = dst_openssldh_computesecret; + openssldh_functions.compare = dst_openssldh_compare; + openssldh_functions.paramcompare = dst_openssldh_paramcompare; + openssldh_functions.generate = dst_openssldh_generate; + openssldh_functions.isprivate = dst_openssldh_isprivate; + openssldh_functions.destroy = dst_openssldh_destroy; + openssldh_functions.to_dns = dst_openssldh_to_dns; + openssldh_functions.from_dns = dst_openssldh_from_dns; + openssldh_functions.to_file = dst_openssldh_to_file; + openssldh_functions.from_file = dst_openssldh_from_file; + CRYPTO_set_mem_functions(dst_mem_alloc, dst_mem_realloc, dst_mem_free); + + /* BEW - should check for NULL here... */ + bn2 = BN_new(); + bn768 = BN_new(); + bn1024 = BN_new(); + BN_set_word(bn2, 2); + BN_hex2bn(&bn768, PRIME768); + BN_hex2bn(&bn1024, PRIME1024); +} + +/* + * dst_openssldh_computesecret + * Compute a shared secret from this public and private key + * Parameters + * pub The public key + * priv The private key + * secret A buffer into which the secret is written + * Returns + * DST_R_SUCCESS Success + * !DST_R_SUCCESS Failure + */ +static dst_result_t +dst_openssldh_computesecret(const dst_key_t *pub, const dst_key_t *priv, + isc_buffer_t *secret) +{ + DH *dhpub, *dhpriv; + int ret; + isc_region_t r; + unsigned int len; + + REQUIRE(pub->opaque != NULL); + REQUIRE(priv->opaque != NULL); + + dhpub = (DH *) pub->opaque; + dhpriv = (DH *) priv->opaque; + + len = DH_size(dhpriv); + isc_buffer_available(secret, &r); + if (r.length < len) + return (DST_R_NOSPACE); + ret = DH_compute_key(r.base, dhpub->pub_key, dhpriv); + if (ret == 0) + return(DST_R_COMPUTESECRETFAILURE); + isc_buffer_add(secret, len); + return (DST_R_SUCCESS); +} + +/* + * dst_openssldh_isprivate + * Is this a private key? + * Parameters + * key DST KEY structure + * Returns + * ISC_TRUE + * ISC_FALSE + */ +static isc_boolean_t +dst_openssldh_isprivate(const dst_key_t *key) { + DH *dh = (DH *) key->opaque; + return (dh != NULL && dh->priv_key != NULL); +} + + +/* + * dst_openssldh_to_dns + * Converts key from DH to DNS distribution format + * Parameters + * key DST KEY structure + * data output data + * Returns + * DST_R_SUCCESS Success + * !DST_R_SUCCESS Failure + */ + +static dst_result_t +dst_openssldh_to_dns(const dst_key_t *key, isc_buffer_t *data) { + DH *dh; + isc_region_t r; + isc_uint16_t dnslen, plen, glen, publen; + + REQUIRE(key->opaque != NULL); + + dh = (DH *) key->opaque; + + isc_buffer_available(data, &r); + + if (dh->g == bn2 && (dh->p == bn768 || dh->p == bn1024)) { + plen = 1; + glen = 0; + } + else { + plen = BN_num_bytes(dh->p); + glen = BN_num_bytes(dh->g); + } + publen = BN_num_bytes(dh->pub_key); + dnslen = plen + glen + publen + 6; + if (r.length < (unsigned int) dnslen) + return (DST_R_NOSPACE); + + uint16_toregion(plen, &r); + if (plen == 1) { + if (dh->p == bn768) + *r.base = 1; + else + *r.base = 2; + } + else + BN_bn2bin(dh->p, r.base); + r.base += plen; + + uint16_toregion(glen, &r); + if (glen > 0) + BN_bn2bin(dh->g, r.base); + r.base += glen; + + uint16_toregion(publen, &r); + BN_bn2bin(dh->pub_key, r.base); + r.base += publen; + + isc_buffer_add(data, dnslen); + + return (DST_R_SUCCESS); +} + + +/* + * dst_openssldh_from_dns + * Converts from a DNS KEY RR format to a DH KEY. + * Parameters + * key Partially filled key structure + * data Buffer containing key in DNS format + * Return + * DST_R_SUCCESS Success + * !DST_R_SUCCESS Failure + */ +static dst_result_t +dst_openssldh_from_dns(dst_key_t *key, isc_buffer_t *data, isc_mem_t *mctx) { + DH *dh; + isc_region_t r; + isc_uint16_t plen, glen, publen; + int special = 0; + + mctx = mctx; /* make the compiler happy */ + + isc_buffer_remaining(data, &r); + if (r.length == 0) + return (DST_R_SUCCESS); + + dh = DH_new(); + if (dh == NULL) + return (DST_R_NOMEMORY); + + memset(dh, 0, sizeof(DH)); + + /* + * Read the prime length. 1 & 2 are table entries, > 16 means a + * prime follows, otherwise an error. + */ + if (r.length < 2) { + DH_free(dh); + return (DST_R_INVALIDPUBLICKEY); + } + plen = uint16_fromregion(&r); + if (plen < 16 && plen != 1 && plen != 2) { + DH_free(dh); + return (DST_R_INVALIDPUBLICKEY); + } + if (r.length < plen) { + DH_free(dh); + return (DST_R_INVALIDPUBLICKEY); + } + if (plen == 1 || plen == 2) { + if (plen == 1) + special = *r.base++; + else + special = uint16_fromregion(&r); + switch (special) { + case 1: + dh->p = bn768; + break; + case 2: + dh->p = bn1024; + break; + default: + DH_free(dh); + return (DST_R_INVALIDPUBLICKEY); + } + } + else { + dh->p = BN_bin2bn(r.base, plen, NULL); + r.base += plen; + } + + /* + * Read the generator length. This should be 0 if the prime was + * special, but it might not be. If it's 0 and the prime is not + * special, we have a problem. + */ + if (r.length < 2) { + DH_free(dh); + return (DST_R_INVALIDPUBLICKEY); + } + glen = uint16_fromregion(&r); + if (r.length < glen) { + DH_free(dh); + return (DST_R_INVALIDPUBLICKEY); + } + if (special != 0) { + if (glen == 0) + dh->g = bn2; + else { + dh->g = BN_bin2bn(r.base, glen, NULL); + if (BN_cmp(dh->g, bn2) == 0) { + BN_free(dh->g); + dh->g = bn2; + } + else { + DH_free(dh); + return (DST_R_INVALIDPUBLICKEY); + } + } + } + else { + if (glen == 0) { + DH_free(dh); + return (DST_R_INVALIDPUBLICKEY); + } + dh->g = BN_bin2bn(r.base, glen, NULL); + } + r.base += glen; + + if (r.length < 2) { + DH_free(dh); + return (DST_R_INVALIDPUBLICKEY); + } + publen = uint16_fromregion(&r); + if (r.length < publen) { + DH_free(dh); + return (DST_R_INVALIDPUBLICKEY); + } + dh->pub_key = BN_bin2bn(r.base, publen, NULL); + r.base += publen; + + isc_buffer_remaining(data, &r); + key->key_id = dst_s_id_calc(r.base, plen + glen + publen + 6); + key->key_size = BN_num_bits(dh->p); + + isc_buffer_forward(data, plen + glen + publen + 6); + + key->opaque = (void *) dh; + + return (DST_R_SUCCESS); +} + + +/* + * dst_openssldh_to_file + * Encodes a DH Key into the portable file format. + * Parameters + * key DST KEY structure + * Returns + * DST_R_SUCCESS Success + * !DST_R_SUCCESS Failure + */ +static dst_result_t +dst_openssldh_to_file(const dst_key_t *key) { + int cnt = 0; + DH *dh; + dst_private_t priv; + unsigned char bufs[4][128]; + + if (key->opaque == NULL) + return (DST_R_NULLKEY); + + dh = (DH *) key->opaque; + + priv.elements[cnt].tag = TAG_DH_PRIME; + priv.elements[cnt].length = BN_num_bytes(dh->p); + BN_bn2bin(dh->p, bufs[cnt]); + priv.elements[cnt].data = bufs[cnt]; + cnt++; + + priv.elements[cnt].tag = TAG_DH_GENERATOR; + priv.elements[cnt].length = BN_num_bytes(dh->g); + BN_bn2bin(dh->g, bufs[cnt]); + priv.elements[cnt].data = bufs[cnt]; + cnt++; + + priv.elements[cnt].tag = TAG_DH_PRIVATE; + priv.elements[cnt].length = BN_num_bytes(dh->priv_key); + BN_bn2bin(dh->priv_key, bufs[cnt]); + priv.elements[cnt].data = bufs[cnt]; + cnt++; + + priv.elements[cnt].tag = TAG_DH_PUBLIC; + priv.elements[cnt].length = BN_num_bytes(dh->pub_key); + BN_bn2bin(dh->pub_key, bufs[cnt]); + priv.elements[cnt].data = bufs[cnt]; + cnt++; + + priv.nelements = cnt; + return (dst_s_write_private_key_file(key->key_name, key->key_alg, + key->key_id, &priv)); +} + + +/* + * dst_openssldh_from_file + * Converts contents of a private key file into a private DH key. + * Parameters + * key Partially filled DH KEY structure + * id The key id + * path The directory that the file will be read from + * Return + * DST_R_SUCCESS Success + * !DST_R_SUCCESS Failure + */ + +static dst_result_t +dst_openssldh_from_file(dst_key_t *key, const int id, isc_mem_t *mctx) { + dst_private_t priv; + dst_result_t ret; + isc_buffer_t dns; + isc_region_t r; + unsigned char dns_array[1024]; + int i; + DH *dh = NULL; +#define DST_RET(a) {ret = a; goto err;} + + /* read private key file */ + ret = dst_s_parse_private_key_file(key->key_name, key->key_alg, + id, &priv, mctx); + if (ret != DST_R_SUCCESS) + return (ret); + + dh = DH_new(); + if (dh == NULL) + DST_RET(DST_R_NOMEMORY); + memset(dh, 0, sizeof(DH)); + key->opaque = dh; + + for (i=0; i < priv.nelements; i++) { + BIGNUM *bn; + bn = BN_bin2bn(priv.elements[i].data, + priv.elements[i].length, NULL); + if (bn == NULL) + DST_RET(DST_R_NOMEMORY); + + switch (priv.elements[i].tag) { + case TAG_DH_PRIME: + dh->p = bn; + break; + case TAG_DH_GENERATOR: + dh->g = bn; + break; + case TAG_DH_PRIVATE: + dh->priv_key = bn; + break; + case TAG_DH_PUBLIC: + dh->pub_key = bn; + break; + } + } + dst_s_free_private_structure_fields(&priv, mctx); + + key->key_size = BN_num_bits(dh->p); + + if ((key->key_size == 768 || key->key_size == 1024) && + BN_cmp(dh->g, bn2) == 0) + { + if (key->key_size == 768 && BN_cmp(dh->p, bn768)) { + BN_free(dh->p); + BN_free(dh->g); + dh->p = bn768; + dh->g = bn2; + } + else if (key->key_size == 1024 && BN_cmp(dh->p, bn1024)) { + BN_free(dh->p); + BN_free(dh->g); + dh->p = bn1024; + dh->g = bn2; + } + } + isc_buffer_init(&dns, dns_array, sizeof(dns_array), + ISC_BUFFERTYPE_BINARY); + ret = dst_openssldh_to_dns(key, &dns); + if (ret != DST_R_SUCCESS) + DST_RET(ret); + isc_buffer_used(&dns, &r); + key->key_id = dst_s_id_calc(r.base, r.length); + + if (key->key_id != id) + DST_RET(DST_R_INVALIDPRIVATEKEY); + + return (DST_R_SUCCESS); + + err: + key->opaque = NULL; + dst_openssldh_destroy(dh, mctx); + dst_s_free_private_structure_fields(&priv, mctx); + memset(&priv, 0, sizeof(priv)); + return (ret); +} + +/* + * dst_openssldh_destroy + * Frees all dynamically allocated structures in key. + */ +static void +dst_openssldh_destroy(void *key, isc_mem_t *mctx) { + DH *dh = (DH *) key; + if (dh == NULL) + return; + + mctx = mctx; /* make the compiler happy */ + + if (dh->p == bn768 || dh->p == bn1024) + dh->p = NULL; + if (dh->g == bn2) + dh->g = NULL; + DH_free(dh); +} + + +/* + * dst_openssldh_generate + * Generates unique keys that are hard to predict. + * Parameters + * key DST Key structure + * generator generator + * mctx memory context to allocate key + * Return + * DST_R_SUCCESS Success + * !DST_R_SUCCESS Failure + */ + +static dst_result_t +dst_openssldh_generate(dst_key_t *key, int generator, isc_mem_t *mctx) { + DH *dh = NULL; + unsigned char dns_array[1024]; + isc_buffer_t dns; + isc_region_t r; + + mctx = mctx; /* make the compiler happy */ + + if (generator == 0) { + if (key->key_size == 768 || key->key_size == 1024) { + dh = DH_new(); + if (dh == NULL) + return (DST_R_NOMEMORY); + if (key->key_size == 768) + dh->p = bn768; + else + dh->p = bn1024; + dh->g = bn2; + } + else + generator = 2; + } + + if (generator != 0) + dh = DH_generate_parameters(key->key_size, generator, + NULL, NULL); + + if (dh == NULL) + return (DST_R_INVALIDPARAM); + + if (DH_generate_key(dh) == 0) { + DH_free(dh); + return(DST_R_NOMEMORY); + } + + key->opaque = dh; + + isc_buffer_init(&dns, dns_array, sizeof(dns_array), + ISC_BUFFERTYPE_BINARY); + dst_openssldh_to_dns(key, &dns); + isc_buffer_used(&dns, &r); + key->key_id = dst_s_id_calc(r.base, r.length); + + return (DST_R_SUCCESS); +} + + +/************************************************************************** + * dst_openssldh_compare + * Compare two keys for equality. + * Return + * ISC_TRUE The keys are equal + * ISC_FALSE The keys are not equal + */ +static isc_boolean_t +dst_openssldh_compare(const dst_key_t *key1, const dst_key_t *key2) { + int status; + DH *dh1, *dh2; + + dh1 = (DH *) key1->opaque; + dh2 = (DH *) key2->opaque; + + if (dh1 == NULL && dh2 == NULL) + return(ISC_TRUE); + else if (dh1 == NULL || dh2 == NULL) + return (ISC_FALSE); + + status = BN_cmp(dh1->p, dh2->p) || + BN_cmp(dh1->g, dh2->g) || + BN_cmp(dh1->pub_key, dh2->pub_key); + + if (status != 0) + return (ISC_FALSE); + + if (dh1->priv_key != NULL || dh2->priv_key != NULL) { + if (dh1->priv_key == NULL || dh2->priv_key == NULL) + return (ISC_FALSE); + if (BN_cmp(dh1->priv_key, dh2->priv_key)) + return (ISC_FALSE); + } + return (ISC_TRUE); +} + +/************************************************************************** + * dst_openssldh_paramcompare + * Compare two keys' parameters for equality. + * Return + * ISC_TRUE The keys are equal + * ISC_FALSE The keys are not equal + */ +static isc_boolean_t +dst_openssldh_paramcompare(const dst_key_t *key1, const dst_key_t *key2) { + int status; + DH *dh1, *dh2; + + dh1 = (DH *) key1->opaque; + dh2 = (DH *) key2->opaque; + + if (dh1 == NULL && dh2 == NULL) + return(ISC_TRUE); + else if (dh1 == NULL || dh2 == NULL) + return (ISC_FALSE); + + status = BN_cmp(dh1->p, dh2->p) || + BN_cmp(dh1->g, dh2->g); + + if (status != 0) + return (ISC_FALSE); + return (ISC_TRUE); +} + +static void +uint16_toregion(isc_uint16_t val, isc_region_t *region) { + *region->base++ = (val & 0xff00) >> 8; + *region->base++ = (val & 0x00ff); +} + +static isc_uint16_t +uint16_fromregion(isc_region_t *region) { + isc_uint16_t val; + unsigned char *cp = region->base; + + val = ((unsigned int)(cp[0])) << 8; + val |= ((unsigned int)(cp[1])); + + region->base += 2; + return val; +} + + +#endif