kris
/
boringssl
1
0
Förgrening 0
Kod Ärenden 0 Pull-förfrågningar 0 Släpp 0 Wiki Aktiviteter
Du kan inte välja fler än 25 ämnen Ämnen måste starta med en bokstav eller siffra, kan innehålla bindestreck ('-') och vara max 35 tecken långa.
1387 Incheckningar
12 Grenar
38 MiB
 
 
 
 
 
 
Träd: cff0b90cbb
Grenar Taggar
${ item.name }
Skapa branchen ${ searchTerm }
från 'cff0b90cbb'
${ noResults }
boringssl/crypto/dsa/dsa.c

349 rader
10 KiB
Blame Historik 

  1. /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)

  2.  * All rights reserved.

  3.  *

  4.  * This package is an SSL implementation written

  5.  * by Eric Young (eay@cryptsoft.com).

  6.  * The implementation was written so as to conform with Netscapes SSL.

  7.  *

  8.  * This library is free for commercial and non-commercial use as long as

  9.  * the following conditions are aheared to.  The following conditions

  10.  * apply to all code found in this distribution, be it the RC4, RSA,

  11.  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

  12.  * included with this distribution is covered by the same copyright terms

  13.  * except that the holder is Tim Hudson (tjh@cryptsoft.com).

  14.  *

  15.  * Copyright remains Eric Young's, and as such any Copyright notices in

  16.  * the code are not to be removed.

  17.  * If this package is used in a product, Eric Young should be given attribution

  18.  * as the author of the parts of the library used.

  19.  * This can be in the form of a textual message at program startup or

  20.  * in documentation (online or textual) provided with the package.

  21.  *

  22.  * Redistribution and use in source and binary forms, with or without

  23.  * modification, are permitted provided that the following conditions

  24.  * are met:

  25.  * 1. Redistributions of source code must retain the copyright

  26.  *    notice, this list of conditions and the following disclaimer.

  27.  * 2. Redistributions in binary form must reproduce the above copyright

  28.  *    notice, this list of conditions and the following disclaimer in the

  29.  *    documentation and/or other materials provided with the distribution.

  30.  * 3. All advertising materials mentioning features or use of this software

  31.  *    must display the following acknowledgement:

  32.  *    "This product includes cryptographic software written by

  33.  *     Eric Young (eay@cryptsoft.com)"

  34.  *    The word 'cryptographic' can be left out if the rouines from the library

  35.  *    being used are not cryptographic related :-).

  36.  * 4. If you include any Windows specific code (or a derivative thereof) from

  37.  *    the apps directory (application code) you must include an acknowledgement:

  38.  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"

  39.  *

  40.  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

  41.  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

  42.  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

  43.  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

  44.  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

  45.  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

  46.  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

  47.  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

  48.  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

  49.  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

  50.  * SUCH DAMAGE.

  51.  *

  52.  * The licence and distribution terms for any publically available version or

  53.  * derivative of this code cannot be changed.  i.e. this code cannot simply be

  54.  * copied and put under another distribution licence

  55.  * [including the GNU Public Licence.]

  56.  *

  57.  * The DSS routines are based on patches supplied by

  58.  * Steven Schoch <schoch@sheba.arc.nasa.gov>. */

  59. 

  60. #include <openssl/dsa.h>

  61. 

  62. #include <string.h>

  63. 

  64. #include <openssl/asn1.h>

  65. #include <openssl/dh.h>

  66. #include <openssl/engine.h>

  67. #include <openssl/err.h>

  68. #include <openssl/ex_data.h>

  69. #include <openssl/mem.h>

  70. #include <openssl/thread.h>

  71. 

  72. #include "internal.h"

  73. #include "../internal.h"

  74. 

  75. 

  76. extern const DSA_METHOD DSA_default_method;

  77. 

  78. static CRYPTO_EX_DATA_CLASS g_ex_data_class = CRYPTO_EX_DATA_CLASS_INIT;

  79. 

  80. DSA *DSA_new(void) { return DSA_new_method(NULL); }

  81. 

  82. DSA *DSA_new_method(const ENGINE *engine) {

  83.   DSA *dsa = (DSA *)OPENSSL_malloc(sizeof(DSA));

  84.   if (dsa == NULL) {

  85.     OPENSSL_PUT_ERROR(DSA, DSA_new_method, ERR_R_MALLOC_FAILURE);

  86.     return NULL;

  87.   }

  88. 

  89.   memset(dsa, 0, sizeof(DSA));

  90. 

  91.   if (engine) {

  92.     dsa->meth = ENGINE_get_DSA_method(engine);

  93.   }

  94. 

  95.   if (dsa->meth == NULL) {

  96.     dsa->meth = (DSA_METHOD*) &DSA_default_method;

  97.   }

  98.   METHOD_ref(dsa->meth);

  99. 

  100.   dsa->write_params = 1;

  101.   dsa->references = 1;

  102. 

  103.   CRYPTO_MUTEX_init(&dsa->method_mont_p_lock);

  104. 

  105.   if (!CRYPTO_new_ex_data(&g_ex_data_class, dsa, &dsa->ex_data)) {

  106.     METHOD_unref(dsa->meth);

  107.     OPENSSL_free(dsa);

  108.     return NULL;

  109.   }

  110. 

  111.   if (dsa->meth->init && !dsa->meth->init(dsa)) {

  112.     CRYPTO_free_ex_data(&g_ex_data_class, dsa, &dsa->ex_data);

  113.     METHOD_unref(dsa->meth);

  114.     OPENSSL_free(dsa);

  115.     return NULL;

  116.   }

  117. 

  118.   return dsa;

  119. }

  120. 

  121. void DSA_free(DSA *dsa) {

  122.   if (dsa == NULL) {

  123.     return;

  124.   }

  125. 

  126.   if (!CRYPTO_refcount_dec_and_test_zero(&dsa->references)) {

  127.     return;

  128.   }

  129. 

  130.   if (dsa->meth->finish) {

  131.     dsa->meth->finish(dsa);

  132.   }

  133.   METHOD_unref(dsa->meth);

  134. 

  135.   CRYPTO_free_ex_data(&g_ex_data_class, dsa, &dsa->ex_data);

  136. 

  137.   BN_clear_free(dsa->p);

  138.   BN_clear_free(dsa->q);

  139.   BN_clear_free(dsa->g);

  140.   BN_clear_free(dsa->pub_key);

  141.   BN_clear_free(dsa->priv_key);

  142.   BN_clear_free(dsa->kinv);

  143.   BN_clear_free(dsa->r);

  144.   CRYPTO_MUTEX_cleanup(&dsa->method_mont_p_lock);

  145.   OPENSSL_free(dsa);

  146. }

  147. 

  148. int DSA_up_ref(DSA *dsa) {

  149.   CRYPTO_refcount_inc(&dsa->references);

  150.   return 1;

  151. }

  152. 

  153. int DSA_generate_parameters_ex(DSA *dsa, unsigned bits, const uint8_t *seed_in,

  154.                                size_t seed_len, int *out_counter,

  155.                                unsigned long *out_h, BN_GENCB *cb) {

  156.   if (dsa->meth->generate_parameters) {

  157.     return dsa->meth->generate_parameters(dsa, bits, seed_in, seed_len,

  158.                                           out_counter, out_h, cb);

  159.   }

  160.   return DSA_default_method.generate_parameters(dsa, bits, seed_in, seed_len,

  161.                                                 out_counter, out_h, cb);

  162. }

  163. 

  164. int DSA_generate_key(DSA *dsa) {

  165.   if (dsa->meth->keygen) {

  166.     return dsa->meth->keygen(dsa);

  167.   }

  168.   return DSA_default_method.keygen(dsa);

  169. }

  170. 

  171. DSA_SIG *DSA_SIG_new(void) {

  172.   DSA_SIG *sig;

  173.   sig = OPENSSL_malloc(sizeof(DSA_SIG));

  174.   if (!sig) {

  175.     return NULL;

  176.   }

  177.   sig->r = NULL;

  178.   sig->s = NULL;

  179.   return sig;

  180. }

  181. 

  182. void DSA_SIG_free(DSA_SIG *sig) {

  183.   if (!sig) {

  184.     return;

  185.   }

  186. 

  187.   BN_free(sig->r);

  188.   BN_free(sig->s);

  189.   OPENSSL_free(sig);

  190. }

  191. 

  192. DSA_SIG *DSA_do_sign(const uint8_t *digest, size_t digest_len, DSA *dsa) {

  193.   if (dsa->meth->sign) {

  194.     return dsa->meth->sign(digest, digest_len, dsa);

  195.   }

  196.   return DSA_default_method.sign(digest, digest_len, dsa);

  197. }

  198. 

  199. int DSA_do_verify(const uint8_t *digest, size_t digest_len, DSA_SIG *sig,

  200.                   const DSA *dsa) {

  201.   int valid;

  202.   if (!DSA_do_check_signature(&valid, digest, digest_len, sig, dsa)) {

  203.     return -1;

  204.   }

  205.   return valid;

  206. }

  207. 

  208. int DSA_do_check_signature(int *out_valid, const uint8_t *digest,

  209.                            size_t digest_len, DSA_SIG *sig, const DSA *dsa) {

  210.   if (dsa->meth->verify) {

  211.     return dsa->meth->verify(out_valid, digest, digest_len, sig, dsa);

  212.   }

  213. 

  214.   return DSA_default_method.verify(out_valid, digest, digest_len, sig, dsa);

  215. }

  216. 

  217. int DSA_sign(int type, const uint8_t *digest, size_t digest_len,

  218.              uint8_t *out_sig, unsigned int *out_siglen, DSA *dsa) {

  219.   DSA_SIG *s;

  220. 

  221.   s = DSA_do_sign(digest, digest_len, dsa);

  222.   if (s == NULL) {

  223.     *out_siglen = 0;

  224.     return 0;

  225.   }

  226. 

  227.   *out_siglen = i2d_DSA_SIG(s, &out_sig);

  228.   DSA_SIG_free(s);

  229.   return 1;

  230. }

  231. 

  232. int DSA_verify(int type, const uint8_t *digest, size_t digest_len,

  233.                const uint8_t *sig, size_t sig_len, const DSA *dsa) {

  234.   int valid;

  235.   if (!DSA_check_signature(&valid, digest, digest_len, sig, sig_len, dsa)) {

  236.     return -1;

  237.   }

  238.   return valid;

  239. }

  240. 

  241. int DSA_check_signature(int *out_valid, const uint8_t *digest,

  242.                         size_t digest_len, const uint8_t *sig, size_t sig_len,

  243.                         const DSA *dsa) {

  244.   DSA_SIG *s = NULL;

  245.   int ret = 0;

  246.   uint8_t *der = NULL;

  247. 

  248.   s = DSA_SIG_new();

  249.   if (s == NULL) {

  250.     goto err;

  251.   }

  252. 

  253.   const uint8_t *sigp = sig;

  254.   if (d2i_DSA_SIG(&s, &sigp, sig_len) == NULL || sigp != sig + sig_len) {

  255.     goto err;

  256.   }

  257. 

  258.   /* Ensure that the signature uses DER and doesn't have trailing garbage. */

  259.   int der_len = i2d_DSA_SIG(s, &der);

  260.   if (der_len < 0 || (size_t)der_len != sig_len || memcmp(sig, der, sig_len)) {

  261.     goto err;

  262.   }

  263. 

  264.   ret = DSA_do_check_signature(out_valid, digest, digest_len, s, dsa);

  265. 

  266. err:

  267.   OPENSSL_free(der);

  268.   DSA_SIG_free(s);

  269.   return ret;

  270. }

  271. 

  272. int DSA_size(const DSA *dsa) {

  273.   int ret, i;

  274.   ASN1_INTEGER bs;

  275.   unsigned char buf[4]; /* 4 bytes looks really small.

  276.                            However, i2d_ASN1_INTEGER() will not look

  277.                            beyond the first byte, as long as the second

  278.                            parameter is NULL. */

  279. 

  280.   i = BN_num_bits(dsa->q);

  281.   bs.length = (i + 7) / 8;

  282.   bs.data = buf;

  283.   bs.type = V_ASN1_INTEGER;

  284.   /* If the top bit is set the asn1 encoding is 1 larger. */

  285.   buf[0] = 0xff;

  286. 

  287.   i = i2d_ASN1_INTEGER(&bs, NULL);

  288.   i += i; /* r and s */

  289.   ret = ASN1_object_size(1, i, V_ASN1_SEQUENCE);

  290.   return ret;

  291. }

  292. 

  293. int DSA_sign_setup(const DSA *dsa, BN_CTX *ctx, BIGNUM **out_kinv,

  294.                    BIGNUM **out_r) {

  295.   if (dsa->meth->sign_setup) {

  296.     return dsa->meth->sign_setup(dsa, ctx, out_kinv, out_r, NULL, 0);

  297.   }

  298. 

  299.   return DSA_default_method.sign_setup(dsa, ctx, out_kinv, out_r, NULL, 0);

  300. }

  301. 

  302. int DSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,

  303.                          CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) {

  304.   int index;

  305.   if (!CRYPTO_get_ex_new_index(&g_ex_data_class, &index, argl, argp, new_func,

  306.                                dup_func, free_func)) {

  307.     return -1;

  308.   }

  309.   return index;

  310. }

  311. 

  312. int DSA_set_ex_data(DSA *d, int idx, void *arg) {

  313.   return CRYPTO_set_ex_data(&d->ex_data, idx, arg);

  314. }

  315. 

  316. void *DSA_get_ex_data(const DSA *d, int idx) {

  317.   return CRYPTO_get_ex_data(&d->ex_data, idx);

  318. }

  319. 

  320. DH *DSA_dup_DH(const DSA *r) {

  321.   DH *ret = NULL;

  322. 

  323.   if (r == NULL) {

  324.     goto err;

  325.   }

  326.   ret = DH_new();

  327.   if (ret == NULL) {

  328.     goto err;

  329.   }

  330.   if (r->q != NULL) {

  331.     ret->priv_length = BN_num_bits(r->q);

  332.     if ((ret->q = BN_dup(r->q)) == NULL) {

  333.       goto err;

  334.     }

  335.   }

  336.   if ((r->p != NULL && (ret->p = BN_dup(r->p)) == NULL) ||

  337.       (r->g != NULL && (ret->g = BN_dup(r->g)) == NULL) ||

  338.       (r->pub_key != NULL && (ret->pub_key = BN_dup(r->pub_key)) == NULL) ||

  339.       (r->priv_key != NULL && (ret->priv_key = BN_dup(r->priv_key)) == NULL)) {

  340.       goto err;

  341.   }

  342. 

  343.   return ret;

  344. 

  345. err:

  346.   DH_free(ret);

  347.   return NULL;

  348. }