]>
Commit | Line | Data |
---|---|---|
9d6b1ce6 | 1 | /* dsa_asn1.c */ |
3795297a | 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL |
9d6b1ce6 DSH |
3 | * project 2000. |
4 | */ | |
5 | /* ==================================================================== | |
6 | * Copyright (c) 2000 The OpenSSL Project. All rights reserved. | |
7 | * | |
8 | * Redistribution and use in source and binary forms, with or without | |
9 | * modification, are permitted provided that the following conditions | |
10 | * are met: | |
11 | * | |
12 | * 1. Redistributions of source code must retain the above copyright | |
13 | * notice, this list of conditions and the following disclaimer. | |
14 | * | |
15 | * 2. Redistributions in binary form must reproduce the above copyright | |
16 | * notice, this list of conditions and the following disclaimer in | |
17 | * the documentation and/or other materials provided with the | |
18 | * distribution. | |
19 | * | |
20 | * 3. All advertising materials mentioning features or use of this | |
21 | * software must display the following acknowledgment: | |
22 | * "This product includes software developed by the OpenSSL Project | |
23 | * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" | |
24 | * | |
25 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | |
26 | * endorse or promote products derived from this software without | |
27 | * prior written permission. For written permission, please contact | |
28 | * licensing@OpenSSL.org. | |
29 | * | |
30 | * 5. Products derived from this software may not be called "OpenSSL" | |
31 | * nor may "OpenSSL" appear in their names without prior written | |
32 | * permission of the OpenSSL Project. | |
33 | * | |
34 | * 6. Redistributions of any form whatsoever must retain the following | |
35 | * acknowledgment: | |
36 | * "This product includes software developed by the OpenSSL Project | |
37 | * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" | |
38 | * | |
39 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | |
40 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
41 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | |
42 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | |
43 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | |
44 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | |
45 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | |
46 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
47 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | |
48 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | |
49 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | |
50 | * OF THE POSSIBILITY OF SUCH DAMAGE. | |
51 | * ==================================================================== | |
52 | * | |
53 | * This product includes cryptographic software written by Eric Young | |
54 | * (eay@cryptsoft.com). This product includes software written by Tim | |
55 | * Hudson (tjh@cryptsoft.com). | |
56 | * | |
57 | */ | |
a8da8918 UM |
58 | |
59 | #include <stdio.h> | |
60 | #include "cryptlib.h" | |
ec577822 BM |
61 | #include <openssl/dsa.h> |
62 | #include <openssl/asn1.h> | |
9d6b1ce6 | 63 | #include <openssl/asn1t.h> |
e3f2860e | 64 | #include <openssl/bn.h> |
cf51a0dc | 65 | #include <openssl/rand.h> |
e3f2860e DSH |
66 | #ifdef OPENSSL_FIPS |
67 | #include <openssl/fips.h> | |
68 | #endif | |
69 | ||
a8da8918 | 70 | |
9d6b1ce6 DSH |
71 | /* Override the default new methods */ |
72 | static int sig_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it) | |
a8da8918 | 73 | { |
9d6b1ce6 DSH |
74 | if(operation == ASN1_OP_NEW_PRE) { |
75 | DSA_SIG *sig; | |
76 | sig = OPENSSL_malloc(sizeof(DSA_SIG)); | |
77 | sig->r = NULL; | |
78 | sig->s = NULL; | |
79 | *pval = (ASN1_VALUE *)sig; | |
80 | if(sig) return 2; | |
81 | DSAerr(DSA_F_SIG_CB, ERR_R_MALLOC_FAILURE); | |
82 | return 0; | |
83 | } | |
84 | return 1; | |
a8da8918 UM |
85 | } |
86 | ||
9d6b1ce6 DSH |
87 | ASN1_SEQUENCE_cb(DSA_SIG, sig_cb) = { |
88 | ASN1_SIMPLE(DSA_SIG, r, CBIGNUM), | |
89 | ASN1_SIMPLE(DSA_SIG, s, CBIGNUM) | |
d339187b | 90 | } ASN1_SEQUENCE_END_cb(DSA_SIG, DSA_SIG) |
9d6b1ce6 | 91 | |
e3f2860e | 92 | IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA_SIG,DSA_SIG,DSA_SIG) |
9d6b1ce6 DSH |
93 | |
94 | /* Override the default free and new methods */ | |
95 | static int dsa_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it) | |
a8da8918 | 96 | { |
9d6b1ce6 DSH |
97 | if(operation == ASN1_OP_NEW_PRE) { |
98 | *pval = (ASN1_VALUE *)DSA_new(); | |
99 | if(*pval) return 2; | |
100 | return 0; | |
101 | } else if(operation == ASN1_OP_FREE_PRE) { | |
102 | DSA_free((DSA *)*pval); | |
103 | *pval = NULL; | |
104 | return 2; | |
105 | } | |
106 | return 1; | |
a8da8918 UM |
107 | } |
108 | ||
9d6b1ce6 DSH |
109 | ASN1_SEQUENCE_cb(DSAPrivateKey, dsa_cb) = { |
110 | ASN1_SIMPLE(DSA, version, LONG), | |
111 | ASN1_SIMPLE(DSA, p, BIGNUM), | |
112 | ASN1_SIMPLE(DSA, q, BIGNUM), | |
113 | ASN1_SIMPLE(DSA, g, BIGNUM), | |
114 | ASN1_SIMPLE(DSA, pub_key, BIGNUM), | |
115 | ASN1_SIMPLE(DSA, priv_key, BIGNUM) | |
d339187b | 116 | } ASN1_SEQUENCE_END_cb(DSA, DSAPrivateKey) |
a8da8918 | 117 | |
9d6b1ce6 | 118 | IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA, DSAPrivateKey, DSAPrivateKey) |
a8da8918 | 119 | |
9d6b1ce6 DSH |
120 | ASN1_SEQUENCE_cb(DSAparams, dsa_cb) = { |
121 | ASN1_SIMPLE(DSA, p, BIGNUM), | |
122 | ASN1_SIMPLE(DSA, q, BIGNUM), | |
123 | ASN1_SIMPLE(DSA, g, BIGNUM), | |
d339187b | 124 | } ASN1_SEQUENCE_END_cb(DSA, DSAparams) |
a8da8918 | 125 | |
9d6b1ce6 | 126 | IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA, DSAparams, DSAparams) |
a8da8918 | 127 | |
9d6b1ce6 DSH |
128 | /* DSA public key is a bit trickier... its effectively a CHOICE type |
129 | * decided by a field called write_params which can either write out | |
130 | * just the public key as an INTEGER or the parameters and public key | |
131 | * in a SEQUENCE | |
132 | */ | |
a8da8918 | 133 | |
9d6b1ce6 DSH |
134 | ASN1_SEQUENCE(dsa_pub_internal) = { |
135 | ASN1_SIMPLE(DSA, pub_key, BIGNUM), | |
136 | ASN1_SIMPLE(DSA, p, BIGNUM), | |
137 | ASN1_SIMPLE(DSA, q, BIGNUM), | |
138 | ASN1_SIMPLE(DSA, g, BIGNUM) | |
d339187b | 139 | } ASN1_SEQUENCE_END_name(DSA, dsa_pub_internal) |
a8da8918 | 140 | |
9d6b1ce6 DSH |
141 | ASN1_CHOICE_cb(DSAPublicKey, dsa_cb) = { |
142 | ASN1_SIMPLE(DSA, pub_key, BIGNUM), | |
143 | ASN1_EX_COMBINE(0, 0, dsa_pub_internal) | |
d339187b | 144 | } ASN1_CHOICE_END_cb(DSA, DSAPublicKey, write_params) |
9d6b1ce6 DSH |
145 | |
146 | IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA, DSAPublicKey, DSAPublicKey) | |
e3f2860e DSH |
147 | |
148 | int DSA_sign(int type, const unsigned char *dgst, int dlen, unsigned char *sig, | |
149 | unsigned int *siglen, DSA *dsa) | |
150 | { | |
151 | DSA_SIG *s; | |
152 | #ifdef OPENSSL_FIPS | |
153 | if(FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW)) | |
154 | { | |
155 | DSAerr(DSA_F_DSA_SIGN, DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE); | |
156 | return 0; | |
157 | } | |
158 | #endif | |
cf51a0dc | 159 | RAND_seed(dgst, dlen); |
e3f2860e DSH |
160 | s=DSA_do_sign(dgst,dlen,dsa); |
161 | if (s == NULL) | |
162 | { | |
163 | *siglen=0; | |
164 | return(0); | |
165 | } | |
166 | *siglen=i2d_DSA_SIG(s,&sig); | |
167 | DSA_SIG_free(s); | |
168 | return(1); | |
169 | } | |
170 | ||
171 | int DSA_size(const DSA *r) | |
172 | { | |
173 | int ret,i; | |
174 | ASN1_INTEGER bs; | |
175 | unsigned char buf[4]; /* 4 bytes looks really small. | |
176 | However, i2d_ASN1_INTEGER() will not look | |
177 | beyond the first byte, as long as the second | |
178 | parameter is NULL. */ | |
179 | ||
180 | i=BN_num_bits(r->q); | |
181 | bs.length=(i+7)/8; | |
182 | bs.data=buf; | |
183 | bs.type=V_ASN1_INTEGER; | |
184 | /* If the top bit is set the asn1 encoding is 1 larger. */ | |
185 | buf[0]=0xff; | |
186 | ||
187 | i=i2d_ASN1_INTEGER(&bs,NULL); | |
188 | i+=i; /* r and s */ | |
189 | ret=ASN1_object_size(1,i,V_ASN1_SEQUENCE); | |
190 | return(ret); | |
191 | } | |
192 | ||
193 | /* data has already been hashed (probably with SHA or SHA-1). */ | |
194 | /* returns | |
195 | * 1: correct signature | |
196 | * 0: incorrect signature | |
197 | * -1: error | |
198 | */ | |
199 | int DSA_verify(int type, const unsigned char *dgst, int dgst_len, | |
200 | const unsigned char *sigbuf, int siglen, DSA *dsa) | |
201 | { | |
202 | DSA_SIG *s; | |
ec2fede9 DSH |
203 | const unsigned char *p = sigbuf; |
204 | unsigned char *der = NULL; | |
205 | int derlen = -1; | |
e3f2860e | 206 | int ret=-1; |
ec2fede9 | 207 | |
e3f2860e DSH |
208 | #ifdef OPENSSL_FIPS |
209 | if(FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW)) | |
210 | { | |
211 | DSAerr(DSA_F_DSA_VERIFY, DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE); | |
212 | return 0; | |
213 | } | |
214 | #endif | |
215 | ||
216 | s = DSA_SIG_new(); | |
217 | if (s == NULL) return(ret); | |
ec2fede9 DSH |
218 | if (d2i_DSA_SIG(&s,&p,siglen) == NULL) goto err; |
219 | /* Ensure signature uses DER and doesn't have trailing garbage */ | |
220 | derlen = i2d_DSA_SIG(s, &der); | |
221 | if (derlen != siglen || memcmp(sigbuf, der, derlen)) | |
222 | goto err; | |
e3f2860e DSH |
223 | ret=DSA_do_verify(dgst,dgst_len,s,dsa); |
224 | err: | |
ec2fede9 DSH |
225 | if (derlen > 0) |
226 | { | |
227 | OPENSSL_cleanse(der, derlen); | |
228 | OPENSSL_free(der); | |
229 | } | |
e3f2860e DSH |
230 | DSA_SIG_free(s); |
231 | return(ret); | |
232 | } |