dsa_asn1.c revision 296465
1/* dsa_asn1.c */ 2/* 3 * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project 4 * 2000. 5 */ 6/* ==================================================================== 7 * Copyright (c) 2000 The OpenSSL Project. All rights reserved. 8 * 9 * Redistribution and use in source and binary forms, with or without 10 * modification, are permitted provided that the following conditions 11 * are met: 12 * 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 16 * 2. Redistributions in binary form must reproduce the above copyright 17 * notice, this list of conditions and the following disclaimer in 18 * the documentation and/or other materials provided with the 19 * distribution. 20 * 21 * 3. All advertising materials mentioning features or use of this 22 * software must display the following acknowledgment: 23 * "This product includes software developed by the OpenSSL Project 24 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" 25 * 26 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 27 * endorse or promote products derived from this software without 28 * prior written permission. For written permission, please contact 29 * licensing@OpenSSL.org. 30 * 31 * 5. Products derived from this software may not be called "OpenSSL" 32 * nor may "OpenSSL" appear in their names without prior written 33 * permission of the OpenSSL Project. 34 * 35 * 6. Redistributions of any form whatsoever must retain the following 36 * acknowledgment: 37 * "This product includes software developed by the OpenSSL Project 38 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" 39 * 40 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 41 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 43 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 44 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 45 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 46 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 47 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 49 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 50 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 51 * OF THE POSSIBILITY OF SUCH DAMAGE. 52 * ==================================================================== 53 * 54 * This product includes cryptographic software written by Eric Young 55 * (eay@cryptsoft.com). This product includes software written by Tim 56 * Hudson (tjh@cryptsoft.com). 57 * 58 */ 59 60#include <stdio.h> 61#include "cryptlib.h" 62#include <openssl/dsa.h> 63#include <openssl/asn1.h> 64#include <openssl/asn1t.h> 65#include <openssl/bn.h> 66#include <openssl/rand.h> 67#ifdef OPENSSL_FIPS 68# include <openssl/fips.h> 69#endif 70 71/* Override the default new methods */ 72static int sig_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it) 73{ 74 if (operation == ASN1_OP_NEW_PRE) { 75 DSA_SIG *sig; 76 sig = OPENSSL_malloc(sizeof(DSA_SIG)); 77 sig->r = NULL; 78 sig->s = NULL; 79 *pval = (ASN1_VALUE *)sig; 80 if (sig) 81 return 2; 82 DSAerr(DSA_F_SIG_CB, ERR_R_MALLOC_FAILURE); 83 return 0; 84 } 85 return 1; 86} 87 88ASN1_SEQUENCE_cb(DSA_SIG, sig_cb) = { 89 ASN1_SIMPLE(DSA_SIG, r, CBIGNUM), 90 ASN1_SIMPLE(DSA_SIG, s, CBIGNUM) 91} ASN1_SEQUENCE_END_cb(DSA_SIG, DSA_SIG) 92 93IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA_SIG,DSA_SIG,DSA_SIG) 94 95/* Override the default free and new methods */ 96static int dsa_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it) 97{ 98 if (operation == ASN1_OP_NEW_PRE) { 99 *pval = (ASN1_VALUE *)DSA_new(); 100 if (*pval) 101 return 2; 102 return 0; 103 } else if (operation == ASN1_OP_FREE_PRE) { 104 DSA_free((DSA *)*pval); 105 *pval = NULL; 106 return 2; 107 } 108 return 1; 109} 110 111ASN1_SEQUENCE_cb(DSAPrivateKey, dsa_cb) = { 112 ASN1_SIMPLE(DSA, version, LONG), 113 ASN1_SIMPLE(DSA, p, BIGNUM), 114 ASN1_SIMPLE(DSA, q, BIGNUM), 115 ASN1_SIMPLE(DSA, g, BIGNUM), 116 ASN1_SIMPLE(DSA, pub_key, BIGNUM), 117 ASN1_SIMPLE(DSA, priv_key, BIGNUM) 118} ASN1_SEQUENCE_END_cb(DSA, DSAPrivateKey) 119 120IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA, DSAPrivateKey, DSAPrivateKey) 121 122ASN1_SEQUENCE_cb(DSAparams, dsa_cb) = { 123 ASN1_SIMPLE(DSA, p, BIGNUM), 124 ASN1_SIMPLE(DSA, q, BIGNUM), 125 ASN1_SIMPLE(DSA, g, BIGNUM), 126} ASN1_SEQUENCE_END_cb(DSA, DSAparams) 127 128IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA, DSAparams, DSAparams) 129 130/* 131 * DSA public key is a bit trickier... its effectively a CHOICE type decided 132 * by a field called write_params which can either write out just the public 133 * key as an INTEGER or the parameters and public key in a SEQUENCE 134 */ 135 136ASN1_SEQUENCE(dsa_pub_internal) = { 137 ASN1_SIMPLE(DSA, pub_key, BIGNUM), 138 ASN1_SIMPLE(DSA, p, BIGNUM), 139 ASN1_SIMPLE(DSA, q, BIGNUM), 140 ASN1_SIMPLE(DSA, g, BIGNUM) 141} ASN1_SEQUENCE_END_name(DSA, dsa_pub_internal) 142 143ASN1_CHOICE_cb(DSAPublicKey, dsa_cb) = { 144 ASN1_SIMPLE(DSA, pub_key, BIGNUM), 145 ASN1_EX_COMBINE(0, 0, dsa_pub_internal) 146} ASN1_CHOICE_END_cb(DSA, DSAPublicKey, write_params) 147 148IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA, DSAPublicKey, DSAPublicKey) 149 150int DSA_sign(int type, const unsigned char *dgst, int dlen, 151 unsigned char *sig, unsigned int *siglen, DSA *dsa) 152{ 153 DSA_SIG *s; 154#ifdef OPENSSL_FIPS 155 if (FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW)) { 156 DSAerr(DSA_F_DSA_SIGN, DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE); 157 return 0; 158 } 159#endif 160 RAND_seed(dgst, dlen); 161 s = DSA_do_sign(dgst, dlen, dsa); 162 if (s == NULL) { 163 *siglen = 0; 164 return (0); 165 } 166 *siglen = i2d_DSA_SIG(s, &sig); 167 DSA_SIG_free(s); 168 return (1); 169} 170 171int DSA_size(const DSA *r) 172{ 173 int ret, i; 174 ASN1_INTEGER bs; 175 unsigned char buf[4]; /* 4 bytes looks really small. However, 176 * i2d_ASN1_INTEGER() will not look beyond 177 * the first byte, as long as the second 178 * parameter is NULL. */ 179 180 i = BN_num_bits(r->q); 181 bs.length = (i + 7) / 8; 182 bs.data = buf; 183 bs.type = V_ASN1_INTEGER; 184 /* If the top bit is set the asn1 encoding is 1 larger. */ 185 buf[0] = 0xff; 186 187 i = i2d_ASN1_INTEGER(&bs, NULL); 188 i += i; /* r and s */ 189 ret = ASN1_object_size(1, i, V_ASN1_SEQUENCE); 190 return (ret); 191} 192 193/*- 194 * data has already been hashed (probably with SHA or SHA-1). */ 195/* 196 * returns 1: correct signature 0: incorrect signature -1: error 197 */ 198int DSA_verify(int type, const unsigned char *dgst, int dgst_len, 199 const unsigned char *sigbuf, int siglen, DSA *dsa) 200{ 201 DSA_SIG *s; 202 const unsigned char *p = sigbuf; 203 unsigned char *der = NULL; 204 int derlen = -1; 205 int ret = -1; 206 207#ifdef OPENSSL_FIPS 208 if (FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW)) { 209 DSAerr(DSA_F_DSA_VERIFY, DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE); 210 return 0; 211 } 212#endif 213 214 s = DSA_SIG_new(); 215 if (s == NULL) 216 return (ret); 217 if (d2i_DSA_SIG(&s, &p, siglen) == NULL) 218 goto err; 219 /* Ensure signature uses DER and doesn't have trailing garbage */ 220 derlen = i2d_DSA_SIG(s, &der); 221 if (derlen != siglen || memcmp(sigbuf, der, derlen)) 222 goto err; 223 ret = DSA_do_verify(dgst, dgst_len, s, dsa); 224 err: 225 if (derlen > 0) { 226 OPENSSL_cleanse(der, derlen); 227 OPENSSL_free(der); 228 } 229 DSA_SIG_free(s); 230 return (ret); 231} 232