1 /* $OpenBSD: ssh-dss.c,v 1.32 2014/06/24 01:13:21 djm Exp $ */
3 * Copyright (c) 2000 Markus Friedl. All rights reserved.
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
15 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
16 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
17 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
18 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
19 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
20 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
21 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
22 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
23 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28 #include <sys/types.h>
30 #include <openssl/bn.h>
31 #include <openssl/dsa.h>
32 #include <openssl/evp.h>
41 #define SSHKEY_INTERNAL
44 #define INTBLOB_LEN 20
45 #define SIGBLOB_LEN (2*INTBLOB_LEN)
48 ssh_dss_sign(const struct sshkey
*key
, u_char
**sigp
, size_t *lenp
,
49 const u_char
*data
, size_t datalen
, u_int compat
)
52 u_char digest
[SSH_DIGEST_MAX_LENGTH
], sigblob
[SIGBLOB_LEN
];
53 size_t rlen
, slen
, len
, dlen
= ssh_digest_bytes(SSH_DIGEST_SHA1
);
54 struct sshbuf
*b
= NULL
;
55 int ret
= SSH_ERR_INVALID_ARGUMENT
;
62 if (key
== NULL
|| key
->dsa
== NULL
||
63 sshkey_type_plain(key
->type
) != KEY_DSA
)
64 return SSH_ERR_INVALID_ARGUMENT
;
66 return SSH_ERR_INTERNAL_ERROR
;
68 if ((ret
= ssh_digest_memory(SSH_DIGEST_SHA1
, data
, datalen
,
69 digest
, sizeof(digest
))) != 0)
72 if ((sig
= DSA_do_sign(digest
, dlen
, key
->dsa
)) == NULL
) {
73 ret
= SSH_ERR_LIBCRYPTO_ERROR
;
77 rlen
= BN_num_bytes(sig
->r
);
78 slen
= BN_num_bytes(sig
->s
);
79 if (rlen
> INTBLOB_LEN
|| slen
> INTBLOB_LEN
) {
80 ret
= SSH_ERR_INTERNAL_ERROR
;
83 explicit_bzero(sigblob
, SIGBLOB_LEN
);
84 BN_bn2bin(sig
->r
, sigblob
+ SIGBLOB_LEN
- INTBLOB_LEN
- rlen
);
85 BN_bn2bin(sig
->s
, sigblob
+ SIGBLOB_LEN
- slen
);
87 if (compat
& SSH_BUG_SIGBLOB
) {
89 if ((*sigp
= malloc(SIGBLOB_LEN
)) == NULL
) {
90 ret
= SSH_ERR_ALLOC_FAIL
;
93 memcpy(*sigp
, sigblob
, SIGBLOB_LEN
);
100 if ((b
= sshbuf_new()) == NULL
) {
101 ret
= SSH_ERR_ALLOC_FAIL
;
104 if ((ret
= sshbuf_put_cstring(b
, "ssh-dss")) != 0 ||
105 (ret
= sshbuf_put_string(b
, sigblob
, SIGBLOB_LEN
)) != 0)
109 if ((*sigp
= malloc(len
)) == NULL
) {
110 ret
= SSH_ERR_ALLOC_FAIL
;
113 memcpy(*sigp
, sshbuf_ptr(b
), len
);
120 explicit_bzero(digest
, sizeof(digest
));
129 ssh_dss_verify(const struct sshkey
*key
,
130 const u_char
*signature
, size_t signaturelen
,
131 const u_char
*data
, size_t datalen
, u_int compat
)
134 u_char digest
[SSH_DIGEST_MAX_LENGTH
], *sigblob
= NULL
;
135 size_t len
, dlen
= ssh_digest_bytes(SSH_DIGEST_SHA1
);
136 int ret
= SSH_ERR_INTERNAL_ERROR
;
137 struct sshbuf
*b
= NULL
;
140 if (key
== NULL
|| key
->dsa
== NULL
||
141 sshkey_type_plain(key
->type
) != KEY_DSA
)
142 return SSH_ERR_INVALID_ARGUMENT
;
144 return SSH_ERR_INTERNAL_ERROR
;
146 /* fetch signature */
147 if (compat
& SSH_BUG_SIGBLOB
) {
148 if ((sigblob
= malloc(signaturelen
)) == NULL
)
149 return SSH_ERR_ALLOC_FAIL
;
150 memcpy(sigblob
, signature
, signaturelen
);
154 if ((b
= sshbuf_from(signature
, signaturelen
)) == NULL
)
155 return SSH_ERR_ALLOC_FAIL
;
156 if (sshbuf_get_cstring(b
, &ktype
, NULL
) != 0 ||
157 sshbuf_get_string(b
, &sigblob
, &len
) != 0) {
158 ret
= SSH_ERR_INVALID_FORMAT
;
161 if (strcmp("ssh-dss", ktype
) != 0) {
162 ret
= SSH_ERR_KEY_TYPE_MISMATCH
;
165 if (sshbuf_len(b
) != 0) {
166 ret
= SSH_ERR_UNEXPECTED_TRAILING_DATA
;
171 if (len
!= SIGBLOB_LEN
) {
172 ret
= SSH_ERR_INVALID_FORMAT
;
176 /* parse signature */
177 if ((sig
= DSA_SIG_new()) == NULL
||
178 (sig
->r
= BN_new()) == NULL
||
179 (sig
->s
= BN_new()) == NULL
) {
180 ret
= SSH_ERR_ALLOC_FAIL
;
183 if ((BN_bin2bn(sigblob
, INTBLOB_LEN
, sig
->r
) == NULL
) ||
184 (BN_bin2bn(sigblob
+ INTBLOB_LEN
, INTBLOB_LEN
, sig
->s
) == NULL
)) {
185 ret
= SSH_ERR_LIBCRYPTO_ERROR
;
190 if ((ret
= ssh_digest_memory(SSH_DIGEST_SHA1
, data
, datalen
,
191 digest
, sizeof(digest
))) != 0)
194 switch (DSA_do_verify(digest
, dlen
, sig
, key
->dsa
)) {
199 ret
= SSH_ERR_SIGNATURE_INVALID
;
202 ret
= SSH_ERR_LIBCRYPTO_ERROR
;
207 explicit_bzero(digest
, sizeof(digest
));
214 if (sigblob
!= NULL
) {
215 explicit_bzero(sigblob
, len
);