ssh-dss.c revision 162852
150477Speter/* $OpenBSD: ssh-dss.c,v 1.23 2006/08/03 03:34:42 deraadt Exp $ */ 240269Srnordier/* 3213136Spjd * Copyright (c) 2000 Markus Friedl. All rights reserved. 440326Srnordier * 5172940Sjhb * Redistribution and use in source and binary forms, with or without 6172940Sjhb * modification, are permitted provided that the following conditions 780751Sjhb * are met: 880751Sjhb * 1. Redistributions of source code must retain the above copyright 942480Srnordier * notice, this list of conditions and the following disclaimer. 1042480Srnordier * 2. Redistributions in binary form must reproduce the above copyright 1140541Srnordier * notice, this list of conditions and the following disclaimer in the 1240541Srnordier * documentation and/or other materials provided with the distribution. 13104673Sgreen * 1440269Srnordier * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 15172940Sjhb * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 1640269Srnordier * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 17125537Sru * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 18172940Sjhb * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 19172940Sjhb * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 20172940Sjhb * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 21104635Sphk * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 22213136Spjd * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 23213136Spjd * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 24132870Skan */ 25132870Skan 26132870Skan#include "includes.h" 27108149Sobrien 2896327Sjhb#include <sys/types.h> 29148046Sache 30213136Spjd#include <openssl/bn.h> 31172940Sjhb#include <openssl/evp.h> 32125932Sru 33125932Sru#include <stdarg.h> 34125932Sru#include <string.h> 3597860Sphk 36213136Spjd#include "xmalloc.h" 37173026Sjhb#include "buffer.h" 38172940Sjhb#include "compat.h" 39213568Spho#include "log.h" 4040269Srnordier#include "key.h" 4140269Srnordier 42169732Skan#define INTBLOB_LEN 20 43169732Skan#define SIGBLOB_LEN (2*INTBLOB_LEN) 4440269Srnordier 45125621Sruint 4640269Srnordierssh_dss_sign(const Key *key, u_char **sigp, u_int *lenp, 47125537Sru const u_char *data, u_int datalen) 48125537Sru{ 4940269Srnordier DSA_SIG *sig; 50172940Sjhb const EVP_MD *evp_md = EVP_sha1(); 51125537Sru EVP_MD_CTX md; 52172940Sjhb u_char digest[EVP_MAX_MD_SIZE], sigblob[SIGBLOB_LEN]; 53172940Sjhb u_int rlen, slen, len, dlen; 54172940Sjhb Buffer b; 55109886Sphk 56172940Sjhb if (key == NULL || key->type != KEY_DSA || key->dsa == NULL) { 57125537Sru error("ssh_dss_sign: no DSA key"); 58172940Sjhb return -1; 59172940Sjhb } 6040269Srnordier EVP_DigestInit(&md, evp_md); 61172940Sjhb EVP_DigestUpdate(&md, data, datalen); 62172940Sjhb EVP_DigestFinal(&md, digest, &dlen); 6340269Srnordier 64213136Spjd sig = DSA_do_sign(digest, dlen, key->dsa); 6596424Speter memset(digest, 'd', sizeof(digest)); 66172940Sjhb 67172940Sjhb if (sig == NULL) { 6880751Sjhb error("ssh_dss_sign: sign failed"); 69213136Spjd return -1; 70213136Spjd } 7140269Srnordier 72172940Sjhb rlen = BN_num_bytes(sig->r); 7380751Sjhb slen = BN_num_bytes(sig->s); 74211677Simp if (rlen > INTBLOB_LEN || slen > INTBLOB_LEN) { 75172940Sjhb error("bad sig size %u %u", rlen, slen); 76125556Sru DSA_SIG_free(sig); 77116864Speter return -1; 78116864Speter } 79116864Speter memset(sigblob, 0, SIGBLOB_LEN); 80116864Speter BN_bn2bin(sig->r, sigblob+ SIGBLOB_LEN - INTBLOB_LEN - rlen); 81125537Sru BN_bn2bin(sig->s, sigblob+ SIGBLOB_LEN - slen); 82 DSA_SIG_free(sig); 83 84 if (datafellows & SSH_BUG_SIGBLOB) { 85 if (lenp != NULL) 86 *lenp = SIGBLOB_LEN; 87 if (sigp != NULL) { 88 *sigp = xmalloc(SIGBLOB_LEN); 89 memcpy(*sigp, sigblob, SIGBLOB_LEN); 90 } 91 } else { 92 /* ietf-drafts */ 93 buffer_init(&b); 94 buffer_put_cstring(&b, "ssh-dss"); 95 buffer_put_string(&b, sigblob, SIGBLOB_LEN); 96 len = buffer_len(&b); 97 if (lenp != NULL) 98 *lenp = len; 99 if (sigp != NULL) { 100 *sigp = xmalloc(len); 101 memcpy(*sigp, buffer_ptr(&b), len); 102 } 103 buffer_free(&b); 104 } 105 return 0; 106} 107int 108ssh_dss_verify(const Key *key, const u_char *signature, u_int signaturelen, 109 const u_char *data, u_int datalen) 110{ 111 DSA_SIG *sig; 112 const EVP_MD *evp_md = EVP_sha1(); 113 EVP_MD_CTX md; 114 u_char digest[EVP_MAX_MD_SIZE], *sigblob; 115 u_int len, dlen; 116 int rlen, ret; 117 Buffer b; 118 119 if (key == NULL || key->type != KEY_DSA || key->dsa == NULL) { 120 error("ssh_dss_verify: no DSA key"); 121 return -1; 122 } 123 124 /* fetch signature */ 125 if (datafellows & SSH_BUG_SIGBLOB) { 126 sigblob = xmalloc(signaturelen); 127 memcpy(sigblob, signature, signaturelen); 128 len = signaturelen; 129 } else { 130 /* ietf-drafts */ 131 char *ktype; 132 buffer_init(&b); 133 buffer_append(&b, signature, signaturelen); 134 ktype = buffer_get_string(&b, NULL); 135 if (strcmp("ssh-dss", ktype) != 0) { 136 error("ssh_dss_verify: cannot handle type %s", ktype); 137 buffer_free(&b); 138 xfree(ktype); 139 return -1; 140 } 141 xfree(ktype); 142 sigblob = buffer_get_string(&b, &len); 143 rlen = buffer_len(&b); 144 buffer_free(&b); 145 if (rlen != 0) { 146 error("ssh_dss_verify: " 147 "remaining bytes in signature %d", rlen); 148 xfree(sigblob); 149 return -1; 150 } 151 } 152 153 if (len != SIGBLOB_LEN) { 154 fatal("bad sigbloblen %u != SIGBLOB_LEN", len); 155 } 156 157 /* parse signature */ 158 if ((sig = DSA_SIG_new()) == NULL) 159 fatal("ssh_dss_verify: DSA_SIG_new failed"); 160 if ((sig->r = BN_new()) == NULL) 161 fatal("ssh_dss_verify: BN_new failed"); 162 if ((sig->s = BN_new()) == NULL) 163 fatal("ssh_dss_verify: BN_new failed"); 164 BN_bin2bn(sigblob, INTBLOB_LEN, sig->r); 165 BN_bin2bn(sigblob+ INTBLOB_LEN, INTBLOB_LEN, sig->s); 166 167 /* clean up */ 168 memset(sigblob, 0, len); 169 xfree(sigblob); 170 171 /* sha1 the data */ 172 EVP_DigestInit(&md, evp_md); 173 EVP_DigestUpdate(&md, data, datalen); 174 EVP_DigestFinal(&md, digest, &dlen); 175 176 ret = DSA_do_verify(digest, dlen, sig, key->dsa); 177 memset(digest, 'd', sizeof(digest)); 178 179 DSA_SIG_free(sig); 180 181 debug("ssh_dss_verify: signature %s", 182 ret == 1 ? "correct" : ret == 0 ? "incorrect" : "error"); 183 return ret; 184} 185