2 * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
11 * DSA low level APIs are deprecated for public use, but still ok for
14 #include "internal/deprecated.h"
17 #include "internal/cryptlib.h"
18 #include <openssl/bn.h>
19 #include "dsa_local.h"
20 #include "crypto/dsa.h"
22 int ossl_dsa_check_params(const DSA
*dsa
, int checktype
, int *ret
)
24 if (checktype
== OSSL_KEYMGMT_VALIDATE_QUICK_CHECK
)
25 return ossl_ffc_params_simple_validate(dsa
->libctx
, &dsa
->params
,
26 FFC_PARAM_TYPE_DSA
, ret
);
29 * Do full FFC domain params validation according to FIPS-186-4
30 * - always in FIPS_MODULE
31 * - only if possible (i.e., seed is set) in default provider
33 return ossl_ffc_params_full_validate(dsa
->libctx
, &dsa
->params
,
34 FFC_PARAM_TYPE_DSA
, ret
);
38 * See SP800-56Ar3 Section 5.6.2.3.1 : FFC Full public key validation.
40 int ossl_dsa_check_pub_key(const DSA
*dsa
, const BIGNUM
*pub_key
, int *ret
)
42 return ossl_ffc_validate_public_key(&dsa
->params
, pub_key
, ret
)
47 * See SP800-56Ar3 Section 5.6.2.3.1 : FFC Partial public key validation.
48 * To only be used with ephemeral FFC public keys generated using the approved
51 int ossl_dsa_check_pub_key_partial(const DSA
*dsa
, const BIGNUM
*pub_key
, int *ret
)
53 return ossl_ffc_validate_public_key_partial(&dsa
->params
, pub_key
, ret
)
57 int ossl_dsa_check_priv_key(const DSA
*dsa
, const BIGNUM
*priv_key
, int *ret
)
61 return (dsa
->params
.q
!= NULL
62 && ossl_ffc_validate_private_key(dsa
->params
.q
, priv_key
, ret
));
66 * FFC pairwise check from SP800-56A R3.
67 * Section 5.6.2.1.4 Owner Assurance of Pair-wise Consistency
69 int ossl_dsa_check_pairwise(const DSA
*dsa
)
73 BIGNUM
*pub_key
= NULL
;
75 if (dsa
->params
.p
== NULL
76 || dsa
->params
.g
== NULL
77 || dsa
->priv_key
== NULL
78 || dsa
->pub_key
== NULL
)
81 ctx
= BN_CTX_new_ex(dsa
->libctx
);
88 /* recalculate the public key = (g ^ priv) mod p */
89 if (!ossl_dsa_generate_public_key(ctx
, dsa
, dsa
->priv_key
, pub_key
))
91 /* check it matches the existing pubic_key */
92 ret
= BN_cmp(pub_key
, dsa
->pub_key
) == 0;