]>
Commit | Line | Data |
---|---|---|
9d6b1ce6 | 1 | /* dsa_asn1.c */ |
40720ce3 MC |
2 | /* |
3 | * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project | |
4 | * 2000. | |
9d6b1ce6 DSH |
5 | */ |
6 | /* ==================================================================== | |
7 | * Copyright (c) 2000 The OpenSSL Project. All rights reserved. | |
8 | * | |
9 | * Redistribution and use in source and binary forms, with or without | |
10 | * modification, are permitted provided that the following conditions | |
11 | * are met: | |
12 | * | |
13 | * 1. Redistributions of source code must retain the above copyright | |
40720ce3 | 14 | * notice, this list of conditions and the following disclaimer. |
9d6b1ce6 DSH |
15 | * |
16 | * 2. Redistributions in binary form must reproduce the above copyright | |
17 | * notice, this list of conditions and the following disclaimer in | |
18 | * the documentation and/or other materials provided with the | |
19 | * distribution. | |
20 | * | |
21 | * 3. All advertising materials mentioning features or use of this | |
22 | * software must display the following acknowledgment: | |
23 | * "This product includes software developed by the OpenSSL Project | |
24 | * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" | |
25 | * | |
26 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | |
27 | * endorse or promote products derived from this software without | |
28 | * prior written permission. For written permission, please contact | |
29 | * licensing@OpenSSL.org. | |
30 | * | |
31 | * 5. Products derived from this software may not be called "OpenSSL" | |
32 | * nor may "OpenSSL" appear in their names without prior written | |
33 | * permission of the OpenSSL Project. | |
34 | * | |
35 | * 6. Redistributions of any form whatsoever must retain the following | |
36 | * acknowledgment: | |
37 | * "This product includes software developed by the OpenSSL Project | |
38 | * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" | |
39 | * | |
40 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | |
41 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
42 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | |
43 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | |
44 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | |
45 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | |
46 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | |
47 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | |
49 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | |
50 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | |
51 | * OF THE POSSIBILITY OF SUCH DAMAGE. | |
52 | * ==================================================================== | |
53 | * | |
54 | * This product includes cryptographic software written by Eric Young | |
55 | * (eay@cryptsoft.com). This product includes software written by Tim | |
56 | * Hudson (tjh@cryptsoft.com). | |
57 | * | |
58 | */ | |
a8da8918 UM |
59 | |
60 | #include <stdio.h> | |
61 | #include "cryptlib.h" | |
ec577822 BM |
62 | #include <openssl/dsa.h> |
63 | #include <openssl/asn1.h> | |
9d6b1ce6 | 64 | #include <openssl/asn1t.h> |
e3f2860e | 65 | #include <openssl/bn.h> |
cf51a0dc | 66 | #include <openssl/rand.h> |
e3f2860e | 67 | #ifdef OPENSSL_FIPS |
40720ce3 | 68 | # include <openssl/fips.h> |
e3f2860e DSH |
69 | #endif |
70 | ||
9d6b1ce6 DSH |
71 | /* Override the default new methods */ |
72 | static int sig_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it) | |
a8da8918 | 73 | { |
40720ce3 MC |
74 | if (operation == ASN1_OP_NEW_PRE) { |
75 | DSA_SIG *sig; | |
76 | sig = OPENSSL_malloc(sizeof(DSA_SIG)); | |
77 | sig->r = NULL; | |
78 | sig->s = NULL; | |
79 | *pval = (ASN1_VALUE *)sig; | |
80 | if (sig) | |
81 | return 2; | |
82 | DSAerr(DSA_F_SIG_CB, ERR_R_MALLOC_FAILURE); | |
83 | return 0; | |
84 | } | |
85 | return 1; | |
a8da8918 UM |
86 | } |
87 | ||
9d6b1ce6 | 88 | ASN1_SEQUENCE_cb(DSA_SIG, sig_cb) = { |
40720ce3 MC |
89 | ASN1_SIMPLE(DSA_SIG, r, CBIGNUM), |
90 | ASN1_SIMPLE(DSA_SIG, s, CBIGNUM) | |
d339187b | 91 | } ASN1_SEQUENCE_END_cb(DSA_SIG, DSA_SIG) |
9d6b1ce6 | 92 | |
e3f2860e | 93 | IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA_SIG,DSA_SIG,DSA_SIG) |
9d6b1ce6 DSH |
94 | |
95 | /* Override the default free and new methods */ | |
96 | static int dsa_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it) | |
a8da8918 | 97 | { |
40720ce3 MC |
98 | if (operation == ASN1_OP_NEW_PRE) { |
99 | *pval = (ASN1_VALUE *)DSA_new(); | |
100 | if (*pval) | |
101 | return 2; | |
102 | return 0; | |
103 | } else if (operation == ASN1_OP_FREE_PRE) { | |
104 | DSA_free((DSA *)*pval); | |
105 | *pval = NULL; | |
106 | return 2; | |
107 | } | |
108 | return 1; | |
a8da8918 UM |
109 | } |
110 | ||
9d6b1ce6 | 111 | ASN1_SEQUENCE_cb(DSAPrivateKey, dsa_cb) = { |
40720ce3 MC |
112 | ASN1_SIMPLE(DSA, version, LONG), |
113 | ASN1_SIMPLE(DSA, p, BIGNUM), | |
114 | ASN1_SIMPLE(DSA, q, BIGNUM), | |
115 | ASN1_SIMPLE(DSA, g, BIGNUM), | |
116 | ASN1_SIMPLE(DSA, pub_key, BIGNUM), | |
117 | ASN1_SIMPLE(DSA, priv_key, BIGNUM) | |
d339187b | 118 | } ASN1_SEQUENCE_END_cb(DSA, DSAPrivateKey) |
a8da8918 | 119 | |
9d6b1ce6 | 120 | IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA, DSAPrivateKey, DSAPrivateKey) |
a8da8918 | 121 | |
9d6b1ce6 | 122 | ASN1_SEQUENCE_cb(DSAparams, dsa_cb) = { |
40720ce3 MC |
123 | ASN1_SIMPLE(DSA, p, BIGNUM), |
124 | ASN1_SIMPLE(DSA, q, BIGNUM), | |
125 | ASN1_SIMPLE(DSA, g, BIGNUM), | |
d339187b | 126 | } ASN1_SEQUENCE_END_cb(DSA, DSAparams) |
a8da8918 | 127 | |
9d6b1ce6 | 128 | IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA, DSAparams, DSAparams) |
a8da8918 | 129 | |
40720ce3 MC |
130 | /* |
131 | * DSA public key is a bit trickier... its effectively a CHOICE type decided | |
132 | * by a field called write_params which can either write out just the public | |
133 | * key as an INTEGER or the parameters and public key in a SEQUENCE | |
9d6b1ce6 | 134 | */ |
a8da8918 | 135 | |
9d6b1ce6 | 136 | ASN1_SEQUENCE(dsa_pub_internal) = { |
40720ce3 MC |
137 | ASN1_SIMPLE(DSA, pub_key, BIGNUM), |
138 | ASN1_SIMPLE(DSA, p, BIGNUM), | |
139 | ASN1_SIMPLE(DSA, q, BIGNUM), | |
140 | ASN1_SIMPLE(DSA, g, BIGNUM) | |
d339187b | 141 | } ASN1_SEQUENCE_END_name(DSA, dsa_pub_internal) |
a8da8918 | 142 | |
9d6b1ce6 | 143 | ASN1_CHOICE_cb(DSAPublicKey, dsa_cb) = { |
40720ce3 MC |
144 | ASN1_SIMPLE(DSA, pub_key, BIGNUM), |
145 | ASN1_EX_COMBINE(0, 0, dsa_pub_internal) | |
d339187b | 146 | } ASN1_CHOICE_END_cb(DSA, DSAPublicKey, write_params) |
9d6b1ce6 DSH |
147 | |
148 | IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA, DSAPublicKey, DSAPublicKey) | |
e3f2860e | 149 | |
40720ce3 MC |
150 | int DSA_sign(int type, const unsigned char *dgst, int dlen, |
151 | unsigned char *sig, unsigned int *siglen, DSA *dsa) | |
152 | { | |
153 | DSA_SIG *s; | |
e3f2860e | 154 | #ifdef OPENSSL_FIPS |
40720ce3 MC |
155 | if (FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW)) { |
156 | DSAerr(DSA_F_DSA_SIGN, DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE); | |
157 | return 0; | |
158 | } | |
e3f2860e | 159 | #endif |
40720ce3 MC |
160 | RAND_seed(dgst, dlen); |
161 | s = DSA_do_sign(dgst, dlen, dsa); | |
162 | if (s == NULL) { | |
163 | *siglen = 0; | |
164 | return (0); | |
165 | } | |
166 | *siglen = i2d_DSA_SIG(s, &sig); | |
167 | DSA_SIG_free(s); | |
168 | return (1); | |
169 | } | |
e3f2860e DSH |
170 | |
171 | int DSA_size(const DSA *r) | |
40720ce3 MC |
172 | { |
173 | int ret, i; | |
174 | ASN1_INTEGER bs; | |
175 | unsigned char buf[4]; /* 4 bytes looks really small. However, | |
176 | * i2d_ASN1_INTEGER() will not look beyond | |
177 | * the first byte, as long as the second | |
178 | * parameter is NULL. */ | |
179 | ||
180 | i = BN_num_bits(r->q); | |
181 | bs.length = (i + 7) / 8; | |
182 | bs.data = buf; | |
183 | bs.type = V_ASN1_INTEGER; | |
184 | /* If the top bit is set the asn1 encoding is 1 larger. */ | |
185 | buf[0] = 0xff; | |
186 | ||
187 | i = i2d_ASN1_INTEGER(&bs, NULL); | |
188 | i += i; /* r and s */ | |
189 | ret = ASN1_object_size(1, i, V_ASN1_SEQUENCE); | |
190 | return (ret); | |
191 | } | |
e3f2860e | 192 | |
3e8042c3 MC |
193 | /*- |
194 | * data has already been hashed (probably with SHA or SHA-1). */ | |
40720ce3 MC |
195 | /* |
196 | * returns 1: correct signature 0: incorrect signature -1: error | |
e3f2860e DSH |
197 | */ |
198 | int DSA_verify(int type, const unsigned char *dgst, int dgst_len, | |
40720ce3 MC |
199 | const unsigned char *sigbuf, int siglen, DSA *dsa) |
200 | { | |
201 | DSA_SIG *s; | |
202 | const unsigned char *p = sigbuf; | |
203 | unsigned char *der = NULL; | |
204 | int derlen = -1; | |
205 | int ret = -1; | |
ec2fede9 | 206 | |
e3f2860e | 207 | #ifdef OPENSSL_FIPS |
40720ce3 MC |
208 | if (FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW)) { |
209 | DSAerr(DSA_F_DSA_VERIFY, DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE); | |
210 | return 0; | |
211 | } | |
e3f2860e DSH |
212 | #endif |
213 | ||
40720ce3 MC |
214 | s = DSA_SIG_new(); |
215 | if (s == NULL) | |
216 | return (ret); | |
217 | if (d2i_DSA_SIG(&s, &p, siglen) == NULL) | |
218 | goto err; | |
219 | /* Ensure signature uses DER and doesn't have trailing garbage */ | |
220 | derlen = i2d_DSA_SIG(s, &der); | |
221 | if (derlen != siglen || memcmp(sigbuf, der, derlen)) | |
222 | goto err; | |
223 | ret = DSA_do_verify(dgst, dgst_len, s, dsa); | |
224 | err: | |
225 | if (derlen > 0) { | |
226 | OPENSSL_cleanse(der, derlen); | |
227 | OPENSSL_free(der); | |
228 | } | |
229 | DSA_SIG_free(s); | |
230 | return (ret); | |
231 | } |