1 /* $OpenBSD: ssh-dss.c,v 1.39 2020/02/26 13:40:09 jsg Exp $ */
3 * Copyright (c) 2000 Markus Friedl. All rights reserved.
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
15 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
16 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
17 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
18 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
19 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
20 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
21 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
22 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
23 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
30 #include <sys/types.h>
32 #include <openssl/bn.h>
33 #include <openssl/dsa.h>
34 #include <openssl/evp.h>
43 #define SSHKEY_INTERNAL
46 #include "openbsd-compat/openssl-compat.h"
48 #define INTBLOB_LEN 20
49 #define SIGBLOB_LEN (2*INTBLOB_LEN)
52 ssh_dss_sign(const struct sshkey
*key
, u_char
**sigp
, size_t *lenp
,
53 const u_char
*data
, size_t datalen
, u_int compat
)
56 const BIGNUM
*sig_r
, *sig_s
;
57 u_char digest
[SSH_DIGEST_MAX_LENGTH
], sigblob
[SIGBLOB_LEN
];
58 size_t rlen
, slen
, len
, dlen
= ssh_digest_bytes(SSH_DIGEST_SHA1
);
59 struct sshbuf
*b
= NULL
;
60 int ret
= SSH_ERR_INVALID_ARGUMENT
;
67 if (key
== NULL
|| key
->dsa
== NULL
||
68 sshkey_type_plain(key
->type
) != KEY_DSA
)
69 return SSH_ERR_INVALID_ARGUMENT
;
71 return SSH_ERR_INTERNAL_ERROR
;
73 if ((ret
= ssh_digest_memory(SSH_DIGEST_SHA1
, data
, datalen
,
74 digest
, sizeof(digest
))) != 0)
77 if ((sig
= DSA_do_sign(digest
, dlen
, key
->dsa
)) == NULL
) {
78 ret
= SSH_ERR_LIBCRYPTO_ERROR
;
82 DSA_SIG_get0(sig
, &sig_r
, &sig_s
);
83 rlen
= BN_num_bytes(sig_r
);
84 slen
= BN_num_bytes(sig_s
);
85 if (rlen
> INTBLOB_LEN
|| slen
> INTBLOB_LEN
) {
86 ret
= SSH_ERR_INTERNAL_ERROR
;
89 explicit_bzero(sigblob
, SIGBLOB_LEN
);
90 BN_bn2bin(sig_r
, sigblob
+ SIGBLOB_LEN
- INTBLOB_LEN
- rlen
);
91 BN_bn2bin(sig_s
, sigblob
+ SIGBLOB_LEN
- slen
);
93 if ((b
= sshbuf_new()) == NULL
) {
94 ret
= SSH_ERR_ALLOC_FAIL
;
97 if ((ret
= sshbuf_put_cstring(b
, "ssh-dss")) != 0 ||
98 (ret
= sshbuf_put_string(b
, sigblob
, SIGBLOB_LEN
)) != 0)
103 if ((*sigp
= malloc(len
)) == NULL
) {
104 ret
= SSH_ERR_ALLOC_FAIL
;
107 memcpy(*sigp
, sshbuf_ptr(b
), len
);
113 explicit_bzero(digest
, sizeof(digest
));
120 ssh_dss_verify(const struct sshkey
*key
,
121 const u_char
*signature
, size_t signaturelen
,
122 const u_char
*data
, size_t datalen
, u_int compat
)
125 BIGNUM
*sig_r
= NULL
, *sig_s
= NULL
;
126 u_char digest
[SSH_DIGEST_MAX_LENGTH
], *sigblob
= NULL
;
127 size_t len
, dlen
= ssh_digest_bytes(SSH_DIGEST_SHA1
);
128 int ret
= SSH_ERR_INTERNAL_ERROR
;
129 struct sshbuf
*b
= NULL
;
132 if (key
== NULL
|| key
->dsa
== NULL
||
133 sshkey_type_plain(key
->type
) != KEY_DSA
||
134 signature
== NULL
|| signaturelen
== 0)
135 return SSH_ERR_INVALID_ARGUMENT
;
137 return SSH_ERR_INTERNAL_ERROR
;
139 /* fetch signature */
140 if ((b
= sshbuf_from(signature
, signaturelen
)) == NULL
)
141 return SSH_ERR_ALLOC_FAIL
;
142 if (sshbuf_get_cstring(b
, &ktype
, NULL
) != 0 ||
143 sshbuf_get_string(b
, &sigblob
, &len
) != 0) {
144 ret
= SSH_ERR_INVALID_FORMAT
;
147 if (strcmp("ssh-dss", ktype
) != 0) {
148 ret
= SSH_ERR_KEY_TYPE_MISMATCH
;
151 if (sshbuf_len(b
) != 0) {
152 ret
= SSH_ERR_UNEXPECTED_TRAILING_DATA
;
156 if (len
!= SIGBLOB_LEN
) {
157 ret
= SSH_ERR_INVALID_FORMAT
;
161 /* parse signature */
162 if ((sig
= DSA_SIG_new()) == NULL
||
163 (sig_r
= BN_new()) == NULL
||
164 (sig_s
= BN_new()) == NULL
) {
165 ret
= SSH_ERR_ALLOC_FAIL
;
168 if ((BN_bin2bn(sigblob
, INTBLOB_LEN
, sig_r
) == NULL
) ||
169 (BN_bin2bn(sigblob
+ INTBLOB_LEN
, INTBLOB_LEN
, sig_s
) == NULL
)) {
170 ret
= SSH_ERR_LIBCRYPTO_ERROR
;
173 if (!DSA_SIG_set0(sig
, sig_r
, sig_s
)) {
174 ret
= SSH_ERR_LIBCRYPTO_ERROR
;
177 sig_r
= sig_s
= NULL
; /* transferred */
180 if ((ret
= ssh_digest_memory(SSH_DIGEST_SHA1
, data
, datalen
,
181 digest
, sizeof(digest
))) != 0)
184 switch (DSA_do_verify(digest
, dlen
, sig
, key
->dsa
)) {
189 ret
= SSH_ERR_SIGNATURE_INVALID
;
192 ret
= SSH_ERR_LIBCRYPTO_ERROR
;
197 explicit_bzero(digest
, sizeof(digest
));
199 BN_clear_free(sig_r
);
200 BN_clear_free(sig_s
);
204 freezero(sigblob
, len
);
207 #endif /* WITH_OPENSSL */