dsa_asn1.c revision 277195
1/* dsa_asn1.c */ 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 3 * project 2000. 4 */ 5/* ==================================================================== 6 * Copyright (c) 2000 The OpenSSL Project. All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in 17 * the documentation and/or other materials provided with the 18 * distribution. 19 * 20 * 3. All advertising materials mentioning features or use of this 21 * software must display the following acknowledgment: 22 * "This product includes software developed by the OpenSSL Project 23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" 24 * 25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 26 * endorse or promote products derived from this software without 27 * prior written permission. For written permission, please contact 28 * licensing@OpenSSL.org. 29 * 30 * 5. Products derived from this software may not be called "OpenSSL" 31 * nor may "OpenSSL" appear in their names without prior written 32 * permission of the OpenSSL Project. 33 * 34 * 6. Redistributions of any form whatsoever must retain the following 35 * acknowledgment: 36 * "This product includes software developed by the OpenSSL Project 37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" 38 * 39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 50 * OF THE POSSIBILITY OF SUCH DAMAGE. 51 * ==================================================================== 52 * 53 * This product includes cryptographic software written by Eric Young 54 * (eay@cryptsoft.com). This product includes software written by Tim 55 * Hudson (tjh@cryptsoft.com). 56 * 57 */ 58 59#include <stdio.h> 60#include "cryptlib.h" 61#include <openssl/dsa.h> 62#include <openssl/asn1.h> 63#include <openssl/asn1t.h> 64#include <openssl/bn.h> 65#include <openssl/rand.h> 66#ifdef OPENSSL_FIPS 67#include <openssl/fips.h> 68#endif 69 70 71/* Override the default new methods */ 72static int sig_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it) 73{ 74 if(operation == ASN1_OP_NEW_PRE) { 75 DSA_SIG *sig; 76 sig = OPENSSL_malloc(sizeof(DSA_SIG)); 77 sig->r = NULL; 78 sig->s = NULL; 79 *pval = (ASN1_VALUE *)sig; 80 if(sig) return 2; 81 DSAerr(DSA_F_SIG_CB, ERR_R_MALLOC_FAILURE); 82 return 0; 83 } 84 return 1; 85} 86 87ASN1_SEQUENCE_cb(DSA_SIG, sig_cb) = { 88 ASN1_SIMPLE(DSA_SIG, r, CBIGNUM), 89 ASN1_SIMPLE(DSA_SIG, s, CBIGNUM) 90} ASN1_SEQUENCE_END_cb(DSA_SIG, DSA_SIG) 91 92IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA_SIG,DSA_SIG,DSA_SIG) 93 94/* Override the default free and new methods */ 95static int dsa_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it) 96{ 97 if(operation == ASN1_OP_NEW_PRE) { 98 *pval = (ASN1_VALUE *)DSA_new(); 99 if(*pval) return 2; 100 return 0; 101 } else if(operation == ASN1_OP_FREE_PRE) { 102 DSA_free((DSA *)*pval); 103 *pval = NULL; 104 return 2; 105 } 106 return 1; 107} 108 109ASN1_SEQUENCE_cb(DSAPrivateKey, dsa_cb) = { 110 ASN1_SIMPLE(DSA, version, LONG), 111 ASN1_SIMPLE(DSA, p, BIGNUM), 112 ASN1_SIMPLE(DSA, q, BIGNUM), 113 ASN1_SIMPLE(DSA, g, BIGNUM), 114 ASN1_SIMPLE(DSA, pub_key, BIGNUM), 115 ASN1_SIMPLE(DSA, priv_key, BIGNUM) 116} ASN1_SEQUENCE_END_cb(DSA, DSAPrivateKey) 117 118IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA, DSAPrivateKey, DSAPrivateKey) 119 120ASN1_SEQUENCE_cb(DSAparams, dsa_cb) = { 121 ASN1_SIMPLE(DSA, p, BIGNUM), 122 ASN1_SIMPLE(DSA, q, BIGNUM), 123 ASN1_SIMPLE(DSA, g, BIGNUM), 124} ASN1_SEQUENCE_END_cb(DSA, DSAparams) 125 126IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA, DSAparams, DSAparams) 127 128/* DSA public key is a bit trickier... its effectively a CHOICE type 129 * decided by a field called write_params which can either write out 130 * just the public key as an INTEGER or the parameters and public key 131 * in a SEQUENCE 132 */ 133 134ASN1_SEQUENCE(dsa_pub_internal) = { 135 ASN1_SIMPLE(DSA, pub_key, BIGNUM), 136 ASN1_SIMPLE(DSA, p, BIGNUM), 137 ASN1_SIMPLE(DSA, q, BIGNUM), 138 ASN1_SIMPLE(DSA, g, BIGNUM) 139} ASN1_SEQUENCE_END_name(DSA, dsa_pub_internal) 140 141ASN1_CHOICE_cb(DSAPublicKey, dsa_cb) = { 142 ASN1_SIMPLE(DSA, pub_key, BIGNUM), 143 ASN1_EX_COMBINE(0, 0, dsa_pub_internal) 144} ASN1_CHOICE_END_cb(DSA, DSAPublicKey, write_params) 145 146IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA, DSAPublicKey, DSAPublicKey) 147 148int DSA_sign(int type, const unsigned char *dgst, int dlen, unsigned char *sig, 149 unsigned int *siglen, DSA *dsa) 150 { 151 DSA_SIG *s; 152#ifdef OPENSSL_FIPS 153 if(FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW)) 154 { 155 DSAerr(DSA_F_DSA_SIGN, DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE); 156 return 0; 157 } 158#endif 159 RAND_seed(dgst, dlen); 160 s=DSA_do_sign(dgst,dlen,dsa); 161 if (s == NULL) 162 { 163 *siglen=0; 164 return(0); 165 } 166 *siglen=i2d_DSA_SIG(s,&sig); 167 DSA_SIG_free(s); 168 return(1); 169 } 170 171int DSA_size(const DSA *r) 172 { 173 int ret,i; 174 ASN1_INTEGER bs; 175 unsigned char buf[4]; /* 4 bytes looks really small. 176 However, i2d_ASN1_INTEGER() will not look 177 beyond the first byte, as long as the second 178 parameter is NULL. */ 179 180 i=BN_num_bits(r->q); 181 bs.length=(i+7)/8; 182 bs.data=buf; 183 bs.type=V_ASN1_INTEGER; 184 /* If the top bit is set the asn1 encoding is 1 larger. */ 185 buf[0]=0xff; 186 187 i=i2d_ASN1_INTEGER(&bs,NULL); 188 i+=i; /* r and s */ 189 ret=ASN1_object_size(1,i,V_ASN1_SEQUENCE); 190 return(ret); 191 } 192 193/* data has already been hashed (probably with SHA or SHA-1). */ 194/* returns 195 * 1: correct signature 196 * 0: incorrect signature 197 * -1: error 198 */ 199int DSA_verify(int type, const unsigned char *dgst, int dgst_len, 200 const unsigned char *sigbuf, int siglen, DSA *dsa) 201 { 202 DSA_SIG *s; 203 const unsigned char *p = sigbuf; 204 unsigned char *der = NULL; 205 int derlen = -1; 206 int ret=-1; 207 208#ifdef OPENSSL_FIPS 209 if(FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW)) 210 { 211 DSAerr(DSA_F_DSA_VERIFY, DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE); 212 return 0; 213 } 214#endif 215 216 s = DSA_SIG_new(); 217 if (s == NULL) return(ret); 218 if (d2i_DSA_SIG(&s,&p,siglen) == NULL) goto err; 219 /* Ensure signature uses DER and doesn't have trailing garbage */ 220 derlen = i2d_DSA_SIG(s, &der); 221 if (derlen != siglen || memcmp(sigbuf, der, derlen)) 222 goto err; 223 ret=DSA_do_verify(dgst,dgst_len,s,dsa); 224err: 225 if (derlen > 0) 226 { 227 OPENSSL_cleanse(der, derlen); 228 OPENSSL_free(der); 229 } 230 DSA_SIG_free(s); 231 return(ret); 232 } 233