kris
/
boringssl
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1256 Commits
12 Branches
38 MiB
 
 
 
 
 
 
Tree: 160f4ef14c
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '160f4ef14c'
${ noResults }
boringssl/crypto/dsa/dsa.c

373 lines
10 KiB
Raw Blame History 

  1. /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)

  2.  * All rights reserved.

  3.  *

  4.  * This package is an SSL implementation written

  5.  * by Eric Young (eay@cryptsoft.com).

  6.  * The implementation was written so as to conform with Netscapes SSL.

  7.  *

  8.  * This library is free for commercial and non-commercial use as long as

  9.  * the following conditions are aheared to.  The following conditions

  10.  * apply to all code found in this distribution, be it the RC4, RSA,

  11.  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

  12.  * included with this distribution is covered by the same copyright terms

  13.  * except that the holder is Tim Hudson (tjh@cryptsoft.com).

  14.  *

  15.  * Copyright remains Eric Young's, and as such any Copyright notices in

  16.  * the code are not to be removed.

  17.  * If this package is used in a product, Eric Young should be given attribution

  18.  * as the author of the parts of the library used.

  19.  * This can be in the form of a textual message at program startup or

  20.  * in documentation (online or textual) provided with the package.

  21.  *

  22.  * Redistribution and use in source and binary forms, with or without

  23.  * modification, are permitted provided that the following conditions

  24.  * are met:

  25.  * 1. Redistributions of source code must retain the copyright

  26.  *    notice, this list of conditions and the following disclaimer.

  27.  * 2. Redistributions in binary form must reproduce the above copyright

  28.  *    notice, this list of conditions and the following disclaimer in the

  29.  *    documentation and/or other materials provided with the distribution.

  30.  * 3. All advertising materials mentioning features or use of this software

  31.  *    must display the following acknowledgement:

  32.  *    "This product includes cryptographic software written by

  33.  *     Eric Young (eay@cryptsoft.com)"

  34.  *    The word 'cryptographic' can be left out if the rouines from the library

  35.  *    being used are not cryptographic related :-).

  36.  * 4. If you include any Windows specific code (or a derivative thereof) from

  37.  *    the apps directory (application code) you must include an acknowledgement:

  38.  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"

  39.  *

  40.  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

  41.  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

  42.  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

  43.  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

  44.  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

  45.  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

  46.  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

  47.  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

  48.  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

  49.  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

  50.  * SUCH DAMAGE.

  51.  *

  52.  * The licence and distribution terms for any publically available version or

  53.  * derivative of this code cannot be changed.  i.e. this code cannot simply be

  54.  * copied and put under another distribution licence

  55.  * [including the GNU Public Licence.]

  56.  *

  57.  * The DSS routines are based on patches supplied by

  58.  * Steven Schoch <schoch@sheba.arc.nasa.gov>. */

  59. 

  60. #include <openssl/dsa.h>

  61. 

  62. #include <string.h>

  63. 

  64. #include <openssl/asn1.h>

  65. #include <openssl/dh.h>

  66. #include <openssl/engine.h>

  67. #include <openssl/err.h>

  68. #include <openssl/ex_data.h>

  69. #include <openssl/mem.h>

  70. #include <openssl/thread.h>

  71. 

  72. #include "internal.h"

  73. #include "../internal.h"

  74. 

  75. 

  76. extern const DSA_METHOD DSA_default_method;

  77. 

  78. static CRYPTO_EX_DATA_CLASS g_ex_data_class = CRYPTO_EX_DATA_CLASS_INIT;

  79. 

  80. DSA *DSA_new(void) { return DSA_new_method(NULL); }

  81. 

  82. DSA *DSA_new_method(const ENGINE *engine) {

  83.   DSA *dsa = (DSA *)OPENSSL_malloc(sizeof(DSA));

  84.   if (dsa == NULL) {

  85.     OPENSSL_PUT_ERROR(DSA, DSA_new_method, ERR_R_MALLOC_FAILURE);

  86.     return NULL;

  87.   }

  88. 

  89.   memset(dsa, 0, sizeof(DSA));

  90. 

  91.   if (engine) {

  92.     dsa->meth = ENGINE_get_DSA_method(engine);

  93.   }

  94. 

  95.   if (dsa->meth == NULL) {

  96.     dsa->meth = (DSA_METHOD*) &DSA_default_method;

  97.   }

  98.   METHOD_ref(dsa->meth);

  99. 

  100.   dsa->write_params = 1;

  101.   dsa->references = 1;

  102. 

  103.   CRYPTO_MUTEX_init(&dsa->method_mont_p_lock);

  104. 

  105.   if (!CRYPTO_new_ex_data(&g_ex_data_class, dsa, &dsa->ex_data)) {

  106.     METHOD_unref(dsa->meth);

  107.     OPENSSL_free(dsa);

  108.     return NULL;

  109.   }

  110. 

  111.   if (dsa->meth->init && !dsa->meth->init(dsa)) {

  112.     CRYPTO_free_ex_data(&g_ex_data_class, dsa, &dsa->ex_data);

  113.     METHOD_unref(dsa->meth);

  114.     OPENSSL_free(dsa);

  115.     return NULL;

  116.   }

  117. 

  118.   return dsa;

  119. }

  120. 

  121. void DSA_free(DSA *dsa) {

  122.   if (dsa == NULL) {

  123.     return;

  124.   }

  125. 

  126.   if (CRYPTO_add(&dsa->references, -1, CRYPTO_LOCK_DSA) > 0) {

  127.     return;

  128.   }

  129. 

  130.   if (dsa->meth->finish) {

  131.     dsa->meth->finish(dsa);

  132.   }

  133.   METHOD_unref(dsa->meth);

  134. 

  135.   CRYPTO_free_ex_data(&g_ex_data_class, dsa, &dsa->ex_data);

  136. 

  137.   if (dsa->p != NULL) {

  138.     BN_clear_free(dsa->p);

  139.   }

  140.   if (dsa->q != NULL) {

  141.     BN_clear_free(dsa->q);

  142.   }

  143.   if (dsa->g != NULL) {

  144.     BN_clear_free(dsa->g);

  145.   }

  146.   if (dsa->pub_key != NULL) {

  147.     BN_clear_free(dsa->pub_key);

  148.   }

  149.   if (dsa->priv_key != NULL) {

  150.     BN_clear_free(dsa->priv_key);

  151.   }

  152.   if (dsa->kinv != NULL) {

  153.     BN_clear_free(dsa->kinv);

  154.   }

  155.   if (dsa->r != NULL) {

  156.     BN_clear_free(dsa->r);

  157.   }

  158.   CRYPTO_MUTEX_cleanup(&dsa->method_mont_p_lock);

  159.   OPENSSL_free(dsa);

  160. }

  161. 

  162. int DSA_up_ref(DSA *dsa) {

  163.   CRYPTO_add(&dsa->references, 1, CRYPTO_LOCK_DSA);

  164.   return 1;

  165. }

  166. 

  167. int DSA_generate_parameters_ex(DSA *dsa, unsigned bits, const uint8_t *seed_in,

  168.                                size_t seed_len, int *out_counter,

  169.                                unsigned long *out_h, BN_GENCB *cb) {

  170.   if (dsa->meth->generate_parameters) {

  171.     return dsa->meth->generate_parameters(dsa, bits, seed_in, seed_len,

  172.                                           out_counter, out_h, cb);

  173.   }

  174.   return DSA_default_method.generate_parameters(dsa, bits, seed_in, seed_len,

  175.                                                 out_counter, out_h, cb);

  176. }

  177. 

  178. int DSA_generate_key(DSA *dsa) {

  179.   if (dsa->meth->keygen) {

  180.     return dsa->meth->keygen(dsa);

  181.   }

  182.   return DSA_default_method.keygen(dsa);

  183. }

  184. 

  185. DSA_SIG *DSA_SIG_new(void) {

  186.   DSA_SIG *sig;

  187.   sig = OPENSSL_malloc(sizeof(DSA_SIG));

  188.   if (!sig) {

  189.     return NULL;

  190.   }

  191.   sig->r = NULL;

  192.   sig->s = NULL;

  193.   return sig;

  194. }

  195. 

  196. void DSA_SIG_free(DSA_SIG *sig) {

  197.   if (!sig) {

  198.     return;

  199.   }

  200. 

  201.   if (sig->r) {

  202.     BN_free(sig->r);

  203.   }

  204.   if (sig->s) {

  205.     BN_free(sig->s);

  206.   }

  207.   OPENSSL_free(sig);

  208. }

  209. 

  210. DSA_SIG *DSA_do_sign(const uint8_t *digest, size_t digest_len, DSA *dsa) {

  211.   if (dsa->meth->sign) {

  212.     return dsa->meth->sign(digest, digest_len, dsa);

  213.   }

  214.   return DSA_default_method.sign(digest, digest_len, dsa);

  215. }

  216. 

  217. int DSA_do_verify(const uint8_t *digest, size_t digest_len, DSA_SIG *sig,

  218.                   const DSA *dsa) {

  219.   int valid;

  220.   if (!DSA_do_check_signature(&valid, digest, digest_len, sig, dsa)) {

  221.     return -1;

  222.   }

  223.   return valid;

  224. }

  225. 

  226. int DSA_do_check_signature(int *out_valid, const uint8_t *digest,

  227.                            size_t digest_len, DSA_SIG *sig, const DSA *dsa) {

  228.   if (dsa->meth->verify) {

  229.     return dsa->meth->verify(out_valid, digest, digest_len, sig, dsa);

  230.   }

  231. 

  232.   return DSA_default_method.verify(out_valid, digest, digest_len, sig, dsa);

  233. }

  234. 

  235. int DSA_sign(int type, const uint8_t *digest, size_t digest_len,

  236.              uint8_t *out_sig, unsigned int *out_siglen, DSA *dsa) {

  237.   DSA_SIG *s;

  238. 

  239.   s = DSA_do_sign(digest, digest_len, dsa);

  240.   if (s == NULL) {

  241.     *out_siglen = 0;

  242.     return 0;

  243.   }

  244. 

  245.   *out_siglen = i2d_DSA_SIG(s, &out_sig);

  246.   DSA_SIG_free(s);

  247.   return 1;

  248. }

  249. 

  250. int DSA_verify(int type, const uint8_t *digest, size_t digest_len,

  251.                const uint8_t *sig, size_t sig_len, const DSA *dsa) {

  252.   int valid;

  253.   if (!DSA_check_signature(&valid, digest, digest_len, sig, sig_len, dsa)) {

  254.     return -1;

  255.   }

  256.   return valid;

  257. }

  258. 

  259. int DSA_check_signature(int *out_valid, const uint8_t *digest,

  260.                         size_t digest_len, const uint8_t *sig, size_t sig_len,

  261.                         const DSA *dsa) {

  262.   DSA_SIG *s = NULL;

  263.   int ret = 0;

  264.   uint8_t *der = NULL;

  265. 

  266.   s = DSA_SIG_new();

  267.   if (s == NULL) {

  268.     goto err;

  269.   }

  270. 

  271.   const uint8_t *sigp = sig;

  272.   if (d2i_DSA_SIG(&s, &sigp, sig_len) == NULL || sigp != sig + sig_len) {

  273.     goto err;

  274.   }

  275. 

  276.   /* Ensure that the signature uses DER and doesn't have trailing garbage. */

  277.   int der_len = i2d_DSA_SIG(s, &der);

  278.   if (der_len < 0 || (size_t)der_len != sig_len || memcmp(sig, der, sig_len)) {

  279.     goto err;

  280.   }

  281. 

  282.   ret = DSA_do_check_signature(out_valid, digest, digest_len, s, dsa);

  283. 

  284. err:

  285.   if (der != NULL) {

  286.     OPENSSL_free(der);

  287.   }

  288.   if (s) {

  289.     DSA_SIG_free(s);

  290.   }

  291.   return ret;

  292. }

  293. 

  294. int DSA_size(const DSA *dsa) {

  295.   int ret, i;

  296.   ASN1_INTEGER bs;

  297.   unsigned char buf[4]; /* 4 bytes looks really small.

  298.                            However, i2d_ASN1_INTEGER() will not look

  299.                            beyond the first byte, as long as the second

  300.                            parameter is NULL. */

  301. 

  302.   i = BN_num_bits(dsa->q);

  303.   bs.length = (i + 7) / 8;

  304.   bs.data = buf;

  305.   bs.type = V_ASN1_INTEGER;

  306.   /* If the top bit is set the asn1 encoding is 1 larger. */

  307.   buf[0] = 0xff;

  308. 

  309.   i = i2d_ASN1_INTEGER(&bs, NULL);

  310.   i += i; /* r and s */

  311.   ret = ASN1_object_size(1, i, V_ASN1_SEQUENCE);

  312.   return ret;

  313. }

  314. 

  315. int DSA_sign_setup(const DSA *dsa, BN_CTX *ctx, BIGNUM **out_kinv,

  316.                    BIGNUM **out_r) {

  317.   if (dsa->meth->sign_setup) {

  318.     return dsa->meth->sign_setup(dsa, ctx, out_kinv, out_r, NULL, 0);

  319.   }

  320. 

  321.   return DSA_default_method.sign_setup(dsa, ctx, out_kinv, out_r, NULL, 0);

  322. }

  323. 

  324. int DSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,

  325.                          CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) {

  326.   int index;

  327.   if (!CRYPTO_get_ex_new_index(&g_ex_data_class, &index, argl, argp, new_func,

  328.                                dup_func, free_func)) {

  329.     return -1;

  330.   }

  331.   return index;

  332. }

  333. 

  334. int DSA_set_ex_data(DSA *d, int idx, void *arg) {

  335.   return CRYPTO_set_ex_data(&d->ex_data, idx, arg);

  336. }

  337. 

  338. void *DSA_get_ex_data(const DSA *d, int idx) {

  339.   return CRYPTO_get_ex_data(&d->ex_data, idx);

  340. }

  341. 

  342. DH *DSA_dup_DH(const DSA *r) {

  343.   DH *ret = NULL;

  344. 

  345.   if (r == NULL) {

  346.     goto err;

  347.   }

  348.   ret = DH_new();

  349.   if (ret == NULL) {

  350.     goto err;

  351.   }

  352.   if (r->q != NULL) {

  353.     ret->priv_length = BN_num_bits(r->q);

  354.     if ((ret->q = BN_dup(r->q)) == NULL) {

  355.       goto err;

  356.     }

  357.   }

  358.   if ((r->p != NULL && (ret->p = BN_dup(r->p)) == NULL) ||

  359.       (r->g != NULL && (ret->g = BN_dup(r->g)) == NULL) ||

  360.       (r->pub_key != NULL && (ret->pub_key = BN_dup(r->pub_key)) == NULL) ||

  361.       (r->priv_key != NULL && (ret->priv_key = BN_dup(r->priv_key)) == NULL)) {

  362.       goto err;

  363.   }

  364. 

  365.   return ret;

  366. 

  367. err:

  368.   if (ret != NULL) {

  369.     DH_free(ret);

  370.   }

  371.   return NULL;

  372. }