1109998Smarkm/* dsa_asn1.c */
2296341Sdelphij/*
3296341Sdelphij * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
4296341Sdelphij * 2000.
5109998Smarkm */
6109998Smarkm/* ====================================================================
7238405Sjkim * Copyright (c) 2000-2005 The OpenSSL Project.  All rights reserved.
8109998Smarkm *
9109998Smarkm * Redistribution and use in source and binary forms, with or without
10109998Smarkm * modification, are permitted provided that the following conditions
11109998Smarkm * are met:
12109998Smarkm *
13109998Smarkm * 1. Redistributions of source code must retain the above copyright
14296341Sdelphij *    notice, this list of conditions and the following disclaimer.
15109998Smarkm *
16109998Smarkm * 2. Redistributions in binary form must reproduce the above copyright
17109998Smarkm *    notice, this list of conditions and the following disclaimer in
18109998Smarkm *    the documentation and/or other materials provided with the
19109998Smarkm *    distribution.
20109998Smarkm *
21109998Smarkm * 3. All advertising materials mentioning features or use of this
22109998Smarkm *    software must display the following acknowledgment:
23109998Smarkm *    "This product includes software developed by the OpenSSL Project
24109998Smarkm *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
25109998Smarkm *
26109998Smarkm * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
27109998Smarkm *    endorse or promote products derived from this software without
28109998Smarkm *    prior written permission. For written permission, please contact
29109998Smarkm *    licensing@OpenSSL.org.
30109998Smarkm *
31109998Smarkm * 5. Products derived from this software may not be called "OpenSSL"
32109998Smarkm *    nor may "OpenSSL" appear in their names without prior written
33109998Smarkm *    permission of the OpenSSL Project.
34109998Smarkm *
35109998Smarkm * 6. Redistributions of any form whatsoever must retain the following
36109998Smarkm *    acknowledgment:
37109998Smarkm *    "This product includes software developed by the OpenSSL Project
38109998Smarkm *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
39109998Smarkm *
40109998Smarkm * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
41109998Smarkm * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42109998Smarkm * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
43109998Smarkm * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
44109998Smarkm * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
45109998Smarkm * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
46109998Smarkm * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
47109998Smarkm * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48109998Smarkm * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
49109998Smarkm * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
50109998Smarkm * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
51109998Smarkm * OF THE POSSIBILITY OF SUCH DAMAGE.
52109998Smarkm * ====================================================================
53109998Smarkm *
54109998Smarkm * This product includes cryptographic software written by Eric Young
55109998Smarkm * (eay@cryptsoft.com).  This product includes software written by Tim
56109998Smarkm * Hudson (tjh@cryptsoft.com).
57109998Smarkm *
58109998Smarkm */
5955714Skris
6055714Skris#include <stdio.h>
6155714Skris#include "cryptlib.h"
6255714Skris#include <openssl/dsa.h>
6355714Skris#include <openssl/asn1.h>
64109998Smarkm#include <openssl/asn1t.h>
65205128Ssimon#include <openssl/rand.h>
6655714Skris
67109998Smarkm/* Override the default new methods */
68238405Sjkimstatic int sig_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
69296341Sdelphij                  void *exarg)
7055714Skris{
71296341Sdelphij    if (operation == ASN1_OP_NEW_PRE) {
72296341Sdelphij        DSA_SIG *sig;
73296341Sdelphij        sig = OPENSSL_malloc(sizeof(DSA_SIG));
74296341Sdelphij        if (!sig) {
75296341Sdelphij            DSAerr(DSA_F_SIG_CB, ERR_R_MALLOC_FAILURE);
76296341Sdelphij            return 0;
77296341Sdelphij        }
78296341Sdelphij        sig->r = NULL;
79296341Sdelphij        sig->s = NULL;
80296341Sdelphij        *pval = (ASN1_VALUE *)sig;
81296341Sdelphij        return 2;
82296341Sdelphij    }
83296341Sdelphij    return 1;
8455714Skris}
8555714Skris
86109998SmarkmASN1_SEQUENCE_cb(DSA_SIG, sig_cb) = {
87296341Sdelphij        ASN1_SIMPLE(DSA_SIG, r, CBIGNUM),
88296341Sdelphij        ASN1_SIMPLE(DSA_SIG, s, CBIGNUM)
89109998Smarkm} ASN1_SEQUENCE_END_cb(DSA_SIG, DSA_SIG)
90109998Smarkm
91238405SjkimIMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA_SIG, DSA_SIG, DSA_SIG)
92109998Smarkm
93109998Smarkm/* Override the default free and new methods */
94238405Sjkimstatic int dsa_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
95296341Sdelphij                  void *exarg)
9655714Skris{
97296341Sdelphij    if (operation == ASN1_OP_NEW_PRE) {
98296341Sdelphij        *pval = (ASN1_VALUE *)DSA_new();
99296341Sdelphij        if (*pval)
100296341Sdelphij            return 2;
101296341Sdelphij        return 0;
102296341Sdelphij    } else if (operation == ASN1_OP_FREE_PRE) {
103296341Sdelphij        DSA_free((DSA *)*pval);
104296341Sdelphij        *pval = NULL;
105296341Sdelphij        return 2;
106296341Sdelphij    }
107296341Sdelphij    return 1;
10855714Skris}
10955714Skris
110109998SmarkmASN1_SEQUENCE_cb(DSAPrivateKey, dsa_cb) = {
111296341Sdelphij        ASN1_SIMPLE(DSA, version, LONG),
112296341Sdelphij        ASN1_SIMPLE(DSA, p, BIGNUM),
113296341Sdelphij        ASN1_SIMPLE(DSA, q, BIGNUM),
114296341Sdelphij        ASN1_SIMPLE(DSA, g, BIGNUM),
115296341Sdelphij        ASN1_SIMPLE(DSA, pub_key, BIGNUM),
116296341Sdelphij        ASN1_SIMPLE(DSA, priv_key, BIGNUM)
117109998Smarkm} ASN1_SEQUENCE_END_cb(DSA, DSAPrivateKey)
11855714Skris
119109998SmarkmIMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA, DSAPrivateKey, DSAPrivateKey)
12055714Skris
121109998SmarkmASN1_SEQUENCE_cb(DSAparams, dsa_cb) = {
122296341Sdelphij        ASN1_SIMPLE(DSA, p, BIGNUM),
123296341Sdelphij        ASN1_SIMPLE(DSA, q, BIGNUM),
124296341Sdelphij        ASN1_SIMPLE(DSA, g, BIGNUM),
125109998Smarkm} ASN1_SEQUENCE_END_cb(DSA, DSAparams)
12655714Skris
127109998SmarkmIMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA, DSAparams, DSAparams)
12855714Skris
129296341Sdelphij/*
130296341Sdelphij * DSA public key is a bit trickier... its effectively a CHOICE type decided
131296341Sdelphij * by a field called write_params which can either write out just the public
132296341Sdelphij * key as an INTEGER or the parameters and public key in a SEQUENCE
133109998Smarkm */
13455714Skris
135109998SmarkmASN1_SEQUENCE(dsa_pub_internal) = {
136296341Sdelphij        ASN1_SIMPLE(DSA, pub_key, BIGNUM),
137296341Sdelphij        ASN1_SIMPLE(DSA, p, BIGNUM),
138296341Sdelphij        ASN1_SIMPLE(DSA, q, BIGNUM),
139296341Sdelphij        ASN1_SIMPLE(DSA, g, BIGNUM)
140109998Smarkm} ASN1_SEQUENCE_END_name(DSA, dsa_pub_internal)
14155714Skris
142109998SmarkmASN1_CHOICE_cb(DSAPublicKey, dsa_cb) = {
143296341Sdelphij        ASN1_SIMPLE(DSA, pub_key, BIGNUM),
144296341Sdelphij        ASN1_EX_COMBINE(0, 0, dsa_pub_internal)
145109998Smarkm} ASN1_CHOICE_END_cb(DSA, DSAPublicKey, write_params)
146109998Smarkm
147109998SmarkmIMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA, DSAPublicKey, DSAPublicKey)
148194206Ssimon
149238405SjkimDSA *DSAparams_dup(DSA *dsa)
150296341Sdelphij{
151296341Sdelphij    return ASN1_item_dup(ASN1_ITEM_rptr(DSAparams), dsa);
152296341Sdelphij}
153238405Sjkim
154296341Sdelphijint DSA_sign(int type, const unsigned char *dgst, int dlen,
155296341Sdelphij             unsigned char *sig, unsigned int *siglen, DSA *dsa)
156296341Sdelphij{
157296341Sdelphij    DSA_SIG *s;
158296341Sdelphij    RAND_seed(dgst, dlen);
159296341Sdelphij    s = DSA_do_sign(dgst, dlen, dsa);
160296341Sdelphij    if (s == NULL) {
161296341Sdelphij        *siglen = 0;
162296341Sdelphij        return (0);
163296341Sdelphij    }
164296341Sdelphij    *siglen = i2d_DSA_SIG(s, &sig);
165296341Sdelphij    DSA_SIG_free(s);
166296341Sdelphij    return (1);
167296341Sdelphij}
168194206Ssimon
169194206Ssimon/* data has already been hashed (probably with SHA or SHA-1). */
170296341Sdelphij/*-
171296341Sdelphij * returns
172194206Ssimon *      1: correct signature
173194206Ssimon *      0: incorrect signature
174194206Ssimon *     -1: error
175194206Ssimon */
176194206Ssimonint DSA_verify(int type, const unsigned char *dgst, int dgst_len,
177296341Sdelphij               const unsigned char *sigbuf, int siglen, DSA *dsa)
178296341Sdelphij{
179296341Sdelphij    DSA_SIG *s;
180296341Sdelphij    const unsigned char *p = sigbuf;
181296341Sdelphij    unsigned char *der = NULL;
182296341Sdelphij    int derlen = -1;
183296341Sdelphij    int ret = -1;
184194206Ssimon
185296341Sdelphij    s = DSA_SIG_new();
186296341Sdelphij    if (s == NULL)
187296341Sdelphij        return (ret);
188296341Sdelphij    if (d2i_DSA_SIG(&s, &p, siglen) == NULL)
189296341Sdelphij        goto err;
190296341Sdelphij    /* Ensure signature uses DER and doesn't have trailing garbage */
191296341Sdelphij    derlen = i2d_DSA_SIG(s, &der);
192296341Sdelphij    if (derlen != siglen || memcmp(sigbuf, der, derlen))
193296341Sdelphij        goto err;
194296341Sdelphij    ret = DSA_do_verify(dgst, dgst_len, s, dsa);
195296341Sdelphij err:
196296341Sdelphij    if (derlen > 0) {
197296341Sdelphij        OPENSSL_cleanse(der, derlen);
198296341Sdelphij        OPENSSL_free(der);
199296341Sdelphij    }
200296341Sdelphij    DSA_SIG_free(s);
201296341Sdelphij    return (ret);
202296341Sdelphij}
203