1/*
2 * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10#include <stdio.h>
11#include "internal/cryptlib.h"
12#include "dsa_local.h"
13#include <openssl/asn1.h>
14#include <openssl/asn1t.h>
15#include <openssl/rand.h>
16#include "crypto/asn1_dsa.h"
17
18DSA_SIG *DSA_SIG_new(void)
19{
20 DSA_SIG *sig = OPENSSL_zalloc(sizeof(*sig));
21 if (sig == NULL)
22 DSAerr(DSA_F_DSA_SIG_NEW, ERR_R_MALLOC_FAILURE);
23 return sig;
24}
25
26void DSA_SIG_free(DSA_SIG *sig)
27{
28 if (sig == NULL)
29 return;
30 BN_clear_free(sig->r);
31 BN_clear_free(sig->s);
32 OPENSSL_free(sig);
33}
34
35DSA_SIG *d2i_DSA_SIG(DSA_SIG **psig, const unsigned char **ppin, long len)
36{
37 DSA_SIG *sig;
38
39 if (len < 0)
40 return NULL;
41 if (psig != NULL && *psig != NULL) {
42 sig = *psig;
43 } else {
44 sig = DSA_SIG_new();
45 if (sig == NULL)
46 return NULL;
47 }
48 if (sig->r == NULL)
49 sig->r = BN_new();
50 if (sig->s == NULL)
51 sig->s = BN_new();
52 if (decode_der_dsa_sig(sig->r, sig->s, ppin, (size_t)len) == 0) {
53 if (psig == NULL || *psig == NULL)
54 DSA_SIG_free(sig);
55 return NULL;
56 }
57 if (psig != NULL && *psig == NULL)
58 *psig = sig;
59 return sig;
60}
61
62int i2d_DSA_SIG(const DSA_SIG *sig, unsigned char **ppout)
63{
64 BUF_MEM *buf = NULL;
65 size_t encoded_len;
66 WPACKET pkt;
67
68 if (ppout == NULL) {
69 if (!WPACKET_init_null(&pkt, 0))
70 return -1;
71 } else if (*ppout == NULL) {
72 if ((buf = BUF_MEM_new()) == NULL
73 || !WPACKET_init_len(&pkt, buf, 0)) {
74 BUF_MEM_free(buf);
75 return -1;
76 }
77 } else {
78 if (!WPACKET_init_static_len(&pkt, *ppout, SIZE_MAX, 0))
79 return -1;
80 }
81
82 if (!encode_der_dsa_sig(&pkt, sig->r, sig->s)
83 || !WPACKET_get_total_written(&pkt, &encoded_len)
84 || !WPACKET_finish(&pkt)) {
85 BUF_MEM_free(buf);
86 WPACKET_cleanup(&pkt);
87 return -1;
88 }
89
90 if (ppout != NULL) {
91 if (*ppout == NULL) {
92 *ppout = (unsigned char *)buf->data;
93 buf->data = NULL;
94 BUF_MEM_free(buf);
95 } else {
96 *ppout += encoded_len;
97 }
98 }
99
100 return (int)encoded_len;
101}
102
103void DSA_SIG_get0(const DSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps)
104{
105 if (pr != NULL)
106 *pr = sig->r;
107 if (ps != NULL)
108 *ps = sig->s;
109}
110
111int DSA_SIG_set0(DSA_SIG *sig, BIGNUM *r, BIGNUM *s)
112{
113 if (r == NULL || s == NULL)
114 return 0;
115 BN_clear_free(sig->r);
116 BN_clear_free(sig->s);
117 sig->r = r;
118 sig->s = s;
119 return 1;
120}
121
122/* Override the default free and new methods */
123static int dsa_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
124 void *exarg)
125{
126 if (operation == ASN1_OP_NEW_PRE) {
127 *pval = (ASN1_VALUE *)DSA_new();
128 if (*pval != NULL)
129 return 2;
130 return 0;
131 } else if (operation == ASN1_OP_FREE_PRE) {
132 DSA_free((DSA *)*pval);
133 *pval = NULL;
134 return 2;
135 }
136 return 1;
137}
138
139ASN1_SEQUENCE_cb(DSAPrivateKey, dsa_cb) = {
140 ASN1_EMBED(DSA, version, INT32),
141 ASN1_SIMPLE(DSA, p, BIGNUM),
142 ASN1_SIMPLE(DSA, q, BIGNUM),
143 ASN1_SIMPLE(DSA, g, BIGNUM),
144 ASN1_SIMPLE(DSA, pub_key, BIGNUM),
145 ASN1_SIMPLE(DSA, priv_key, CBIGNUM)
146} static_ASN1_SEQUENCE_END_cb(DSA, DSAPrivateKey)
147
148IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(DSA, DSAPrivateKey, DSAPrivateKey)
149
150ASN1_SEQUENCE_cb(DSAparams, dsa_cb) = {
151 ASN1_SIMPLE(DSA, p, BIGNUM),
152 ASN1_SIMPLE(DSA, q, BIGNUM),
153 ASN1_SIMPLE(DSA, g, BIGNUM),
154} static_ASN1_SEQUENCE_END_cb(DSA, DSAparams)
155
156IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(DSA, DSAparams, DSAparams)
157
158ASN1_SEQUENCE_cb(DSAPublicKey, dsa_cb) = {
159 ASN1_SIMPLE(DSA, pub_key, BIGNUM),
160 ASN1_SIMPLE(DSA, p, BIGNUM),
161 ASN1_SIMPLE(DSA, q, BIGNUM),
162 ASN1_SIMPLE(DSA, g, BIGNUM)
163} static_ASN1_SEQUENCE_END_cb(DSA, DSAPublicKey)
164
165IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(DSA, DSAPublicKey, DSAPublicKey)
166
167DSA *DSAparams_dup(const DSA *dsa)
168{
169 return ASN1_item_dup(ASN1_ITEM_rptr(DSAparams), dsa);
170}
171
172int DSA_sign(int type, const unsigned char *dgst, int dlen,
173 unsigned char *sig, unsigned int *siglen, DSA *dsa)
174{
175 DSA_SIG *s;
176
177 s = DSA_do_sign(dgst, dlen, dsa);
178 if (s == NULL) {
179 *siglen = 0;
180 return 0;
181 }
182 *siglen = i2d_DSA_SIG(s, &sig);
183 DSA_SIG_free(s);
184 return 1;
185}
186
187/* data has already been hashed (probably with SHA or SHA-1). */
188/*-
189 * returns
190 * 1: correct signature
191 * 0: incorrect signature
192 * -1: error
193 */
194int DSA_verify(int type, const unsigned char *dgst, int dgst_len,
195 const unsigned char *sigbuf, int siglen, DSA *dsa)
196{
197 DSA_SIG *s;
198 const unsigned char *p = sigbuf;
199 unsigned char *der = NULL;
200 int derlen = -1;
201 int ret = -1;
202
203 s = DSA_SIG_new();
204 if (s == NULL)
205 return ret;
206 if (d2i_DSA_SIG(&s, &p, siglen) == NULL)
207 goto err;
208 /* Ensure signature uses DER and doesn't have trailing garbage */
209 derlen = i2d_DSA_SIG(s, &der);
210 if (derlen != siglen || memcmp(sigbuf, der, derlen))
211 goto err;
212 ret = DSA_do_verify(dgst, dgst_len, s, dsa);
213 err:
214 OPENSSL_clear_free(der, derlen);
215 DSA_SIG_free(s);
216 return ret;
217}
218