dsa_asn1.c revision 296341 
1/* dsa_asn1.c */
2/*
3 * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
4 * 2000.
5 */
6/* ====================================================================
7 * Copyright (c) 2000-2005 The OpenSSL Project.  All rights reserved.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 *
13 * 1. Redistributions of source code must retain the above copyright
14 *    notice, this list of conditions and the following disclaimer.
15 *
16 * 2. Redistributions in binary form must reproduce the above copyright
17 *    notice, this list of conditions and the following disclaimer in
18 *    the documentation and/or other materials provided with the
19 *    distribution.
20 *
21 * 3. All advertising materials mentioning features or use of this
22 *    software must display the following acknowledgment:
23 *    "This product includes software developed by the OpenSSL Project
24 *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
25 *
26 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
27 *    endorse or promote products derived from this software without
28 *    prior written permission. For written permission, please contact
29 *    licensing@OpenSSL.org.
30 *
31 * 5. Products derived from this software may not be called "OpenSSL"
32 *    nor may "OpenSSL" appear in their names without prior written
33 *    permission of the OpenSSL Project.
34 *
35 * 6. Redistributions of any form whatsoever must retain the following
36 *    acknowledgment:
37 *    "This product includes software developed by the OpenSSL Project
38 *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
39 *
40 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
41 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
43 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
44 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
45 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
46 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
47 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
49 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
50 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
51 * OF THE POSSIBILITY OF SUCH DAMAGE.
52 * ====================================================================
53 *
54 * This product includes cryptographic software written by Eric Young
55 * (eay@cryptsoft.com).  This product includes software written by Tim
56 * Hudson (tjh@cryptsoft.com).
57 *
58 */
59
60#include <stdio.h>
61#include "cryptlib.h"
62#include <openssl/dsa.h>
63#include <openssl/asn1.h>
64#include <openssl/asn1t.h>
65#include <openssl/rand.h>
66
67/* Override the default new methods */
68static int sig_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
69                  void *exarg)
70{
71    if (operation == ASN1_OP_NEW_PRE) {
72        DSA_SIG *sig;
73        sig = OPENSSL_malloc(sizeof(DSA_SIG));
74        if (!sig) {
75            DSAerr(DSA_F_SIG_CB, ERR_R_MALLOC_FAILURE);
76            return 0;
77        }
78        sig->r = NULL;
79        sig->s = NULL;
80        *pval = (ASN1_VALUE *)sig;
81        return 2;
82    }
83    return 1;
84}
85
86ASN1_SEQUENCE_cb(DSA_SIG, sig_cb) = {
87        ASN1_SIMPLE(DSA_SIG, r, CBIGNUM),
88        ASN1_SIMPLE(DSA_SIG, s, CBIGNUM)
89} ASN1_SEQUENCE_END_cb(DSA_SIG, DSA_SIG)
90
91IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA_SIG, DSA_SIG, DSA_SIG)
92
93/* Override the default free and new methods */
94static int dsa_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
95                  void *exarg)
96{
97    if (operation == ASN1_OP_NEW_PRE) {
98        *pval = (ASN1_VALUE *)DSA_new();
99        if (*pval)
100            return 2;
101        return 0;
102    } else if (operation == ASN1_OP_FREE_PRE) {
103        DSA_free((DSA *)*pval);
104        *pval = NULL;
105        return 2;
106    }
107    return 1;
108}
109
110ASN1_SEQUENCE_cb(DSAPrivateKey, dsa_cb) = {
111        ASN1_SIMPLE(DSA, version, LONG),
112        ASN1_SIMPLE(DSA, p, BIGNUM),
113        ASN1_SIMPLE(DSA, q, BIGNUM),
114        ASN1_SIMPLE(DSA, g, BIGNUM),
115        ASN1_SIMPLE(DSA, pub_key, BIGNUM),
116        ASN1_SIMPLE(DSA, priv_key, BIGNUM)
117} ASN1_SEQUENCE_END_cb(DSA, DSAPrivateKey)
118
119IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA, DSAPrivateKey, DSAPrivateKey)
120
121ASN1_SEQUENCE_cb(DSAparams, dsa_cb) = {
122        ASN1_SIMPLE(DSA, p, BIGNUM),
123        ASN1_SIMPLE(DSA, q, BIGNUM),
124        ASN1_SIMPLE(DSA, g, BIGNUM),
125} ASN1_SEQUENCE_END_cb(DSA, DSAparams)
126
127IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA, DSAparams, DSAparams)
128
129/*
130 * DSA public key is a bit trickier... its effectively a CHOICE type decided
131 * by a field called write_params which can either write out just the public
132 * key as an INTEGER or the parameters and public key in a SEQUENCE
133 */
134
135ASN1_SEQUENCE(dsa_pub_internal) = {
136        ASN1_SIMPLE(DSA, pub_key, BIGNUM),
137        ASN1_SIMPLE(DSA, p, BIGNUM),
138        ASN1_SIMPLE(DSA, q, BIGNUM),
139        ASN1_SIMPLE(DSA, g, BIGNUM)
140} ASN1_SEQUENCE_END_name(DSA, dsa_pub_internal)
141
142ASN1_CHOICE_cb(DSAPublicKey, dsa_cb) = {
143        ASN1_SIMPLE(DSA, pub_key, BIGNUM),
144        ASN1_EX_COMBINE(0, 0, dsa_pub_internal)
145} ASN1_CHOICE_END_cb(DSA, DSAPublicKey, write_params)
146
147IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA, DSAPublicKey, DSAPublicKey)
148
149DSA *DSAparams_dup(DSA *dsa)
150{
151    return ASN1_item_dup(ASN1_ITEM_rptr(DSAparams), dsa);
152}
153
154int DSA_sign(int type, const unsigned char *dgst, int dlen,
155             unsigned char *sig, unsigned int *siglen, DSA *dsa)
156{
157    DSA_SIG *s;
158    RAND_seed(dgst, dlen);
159    s = DSA_do_sign(dgst, dlen, dsa);
160    if (s == NULL) {
161        *siglen = 0;
162        return (0);
163    }
164    *siglen = i2d_DSA_SIG(s, &sig);
165    DSA_SIG_free(s);
166    return (1);
167}
168
169/* data has already been hashed (probably with SHA or SHA-1). */
170/*-
171 * returns
172 *      1: correct signature
173 *      0: incorrect signature
174 *     -1: error
175 */
176int DSA_verify(int type, const unsigned char *dgst, int dgst_len,
177               const unsigned char *sigbuf, int siglen, DSA *dsa)
178{
179    DSA_SIG *s;
180    const unsigned char *p = sigbuf;
181    unsigned char *der = NULL;
182    int derlen = -1;
183    int ret = -1;
184
185    s = DSA_SIG_new();
186    if (s == NULL)
187        return (ret);
188    if (d2i_DSA_SIG(&s, &p, siglen) == NULL)
189        goto err;
190    /* Ensure signature uses DER and doesn't have trailing garbage */
191    derlen = i2d_DSA_SIG(s, &der);
192    if (derlen != siglen || memcmp(sigbuf, der, derlen))
193        goto err;
194    ret = DSA_do_verify(dgst, dgst_len, s, dsa);
195 err:
196    if (derlen > 0) {
197        OPENSSL_cleanse(der, derlen);
198        OPENSSL_free(der);
199    }
200    DSA_SIG_free(s);
201    return (ret);
202}
203