1 /* $OpenBSD: dsa_asn1.c,v 1.22 2018/06/14 17:03:19 jsing Exp $ */
2 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
5 /* ====================================================================
6 * Copyright (c) 2000-2005 The OpenSSL Project. All rights reserved.
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
34 * 6. Redistributions of any form whatsoever must retain the following
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
62 #include <openssl/asn1.h>
63 #include <openssl/asn1t.h>
64 #include <openssl/dsa.h>
65 #include <openssl/err.h>
67 /* Override the default new methods */
69 sig_cb(int operation
, ASN1_VALUE
**pval
, const ASN1_ITEM
*it
, void *exarg
)
71 if (operation
== ASN1_OP_NEW_PRE
) {
74 if ((sig
= DSA_SIG_new()) == NULL
) {
75 DSAerror(ERR_R_MALLOC_FAILURE
);
78 *pval
= (ASN1_VALUE
*)sig
;
84 static const ASN1_AUX DSA_SIG_aux
= {
92 static const ASN1_TEMPLATE DSA_SIG_seq_tt
[] = {
96 .offset
= offsetof(DSA_SIG
, r
),
103 .offset
= offsetof(DSA_SIG
, s
),
109 const ASN1_ITEM DSA_SIG_it
= {
110 .itype
= ASN1_ITYPE_SEQUENCE
,
111 .utype
= V_ASN1_SEQUENCE
,
112 .templates
= DSA_SIG_seq_tt
,
113 .tcount
= sizeof(DSA_SIG_seq_tt
) / sizeof(ASN1_TEMPLATE
),
114 .funcs
= &DSA_SIG_aux
,
115 .size
= sizeof(DSA_SIG
),
121 d2i_DSA_SIG(DSA_SIG
**a
, const unsigned char **in
, long len
)
123 return (DSA_SIG
*)ASN1_item_d2i((ASN1_VALUE
**)a
, in
, len
,
128 i2d_DSA_SIG(const DSA_SIG
*a
, unsigned char **out
)
130 return ASN1_item_i2d((ASN1_VALUE
*)a
, out
, &DSA_SIG_it
);
134 DSA_SIG_get0(const DSA_SIG
*sig
, const BIGNUM
**pr
, const BIGNUM
**ps
)
143 DSA_SIG_set0(DSA_SIG
*sig
, BIGNUM
*r
, BIGNUM
*s
)
145 if (r
== NULL
|| s
== NULL
)
148 BN_clear_free(sig
->r
);
150 BN_clear_free(sig
->s
);
156 /* Override the default free and new methods */
158 dsa_cb(int operation
, ASN1_VALUE
**pval
, const ASN1_ITEM
*it
, void *exarg
)
160 if (operation
== ASN1_OP_NEW_PRE
) {
161 *pval
= (ASN1_VALUE
*)DSA_new();
165 } else if (operation
== ASN1_OP_FREE_PRE
) {
166 DSA_free((DSA
*)*pval
);
173 static const ASN1_AUX DSAPrivateKey_aux
= {
181 static const ASN1_TEMPLATE DSAPrivateKey_seq_tt
[] = {
185 .offset
= offsetof(DSA
, version
),
186 .field_name
= "version",
192 .offset
= offsetof(DSA
, p
),
199 .offset
= offsetof(DSA
, q
),
206 .offset
= offsetof(DSA
, g
),
213 .offset
= offsetof(DSA
, pub_key
),
214 .field_name
= "pub_key",
220 .offset
= offsetof(DSA
, priv_key
),
221 .field_name
= "priv_key",
226 const ASN1_ITEM DSAPrivateKey_it
= {
227 .itype
= ASN1_ITYPE_SEQUENCE
,
228 .utype
= V_ASN1_SEQUENCE
,
229 .templates
= DSAPrivateKey_seq_tt
,
230 .tcount
= sizeof(DSAPrivateKey_seq_tt
) / sizeof(ASN1_TEMPLATE
),
231 .funcs
= &DSAPrivateKey_aux
,
238 d2i_DSAPrivateKey(DSA
**a
, const unsigned char **in
, long len
)
240 return (DSA
*)ASN1_item_d2i((ASN1_VALUE
**)a
, in
, len
,
245 i2d_DSAPrivateKey(const DSA
*a
, unsigned char **out
)
247 return ASN1_item_i2d((ASN1_VALUE
*)a
, out
, &DSAPrivateKey_it
);
250 static const ASN1_AUX DSAparams_aux
= {
258 static const ASN1_TEMPLATE DSAparams_seq_tt
[] = {
262 .offset
= offsetof(DSA
, p
),
269 .offset
= offsetof(DSA
, q
),
276 .offset
= offsetof(DSA
, g
),
282 const ASN1_ITEM DSAparams_it
= {
283 .itype
= ASN1_ITYPE_SEQUENCE
,
284 .utype
= V_ASN1_SEQUENCE
,
285 .templates
= DSAparams_seq_tt
,
286 .tcount
= sizeof(DSAparams_seq_tt
) / sizeof(ASN1_TEMPLATE
),
287 .funcs
= &DSAparams_aux
,
294 d2i_DSAparams(DSA
**a
, const unsigned char **in
, long len
)
296 return (DSA
*)ASN1_item_d2i((ASN1_VALUE
**)a
, in
, len
,
301 i2d_DSAparams(const DSA
*a
, unsigned char **out
)
303 return ASN1_item_i2d((ASN1_VALUE
*)a
, out
, &DSAparams_it
);
307 d2i_DSAparams_bio(BIO
*bp
, DSA
**a
)
309 return ASN1_item_d2i_bio(&DSAparams_it
, bp
, a
);
313 i2d_DSAparams_bio(BIO
*bp
, DSA
*a
)
315 return ASN1_item_i2d_bio(&DSAparams_it
, bp
, a
);
319 d2i_DSAparams_fp(FILE *fp
, DSA
**a
)
321 return ASN1_item_d2i_fp(&DSAparams_it
, fp
, a
);
325 i2d_DSAparams_fp(FILE *fp
, DSA
*a
)
327 return ASN1_item_i2d_fp(&DSAparams_it
, fp
, a
);
331 * DSA public key is a bit trickier... its effectively a CHOICE type
332 * decided by a field called write_params which can either write out
333 * just the public key as an INTEGER or the parameters and public key
337 static const ASN1_TEMPLATE dsa_pub_internal_seq_tt
[] = {
341 .offset
= offsetof(DSA
, pub_key
),
342 .field_name
= "pub_key",
348 .offset
= offsetof(DSA
, p
),
355 .offset
= offsetof(DSA
, q
),
362 .offset
= offsetof(DSA
, g
),
368 const ASN1_ITEM dsa_pub_internal_it
= {
369 .itype
= ASN1_ITYPE_SEQUENCE
,
370 .utype
= V_ASN1_SEQUENCE
,
371 .templates
= dsa_pub_internal_seq_tt
,
372 .tcount
= sizeof(dsa_pub_internal_seq_tt
) / sizeof(ASN1_TEMPLATE
),
378 static const ASN1_AUX DSAPublicKey_aux
= {
386 static const ASN1_TEMPLATE DSAPublicKey_ch_tt
[] = {
390 .offset
= offsetof(DSA
, pub_key
),
391 .field_name
= "pub_key",
395 .flags
= 0 | ASN1_TFLG_COMBINE
,
399 .item
= &dsa_pub_internal_it
,
403 const ASN1_ITEM DSAPublicKey_it
= {
404 .itype
= ASN1_ITYPE_CHOICE
,
405 .utype
= offsetof(DSA
, write_params
),
406 .templates
= DSAPublicKey_ch_tt
,
407 .tcount
= sizeof(DSAPublicKey_ch_tt
) / sizeof(ASN1_TEMPLATE
),
408 .funcs
= &DSAPublicKey_aux
,
415 d2i_DSAPublicKey(DSA
**a
, const unsigned char **in
, long len
)
417 return (DSA
*)ASN1_item_d2i((ASN1_VALUE
**)a
, in
, len
,
422 i2d_DSAPublicKey(const DSA
*a
, unsigned char **out
)
424 return ASN1_item_i2d((ASN1_VALUE
*)a
, out
, &DSAPublicKey_it
);
428 DSAparams_dup(DSA
*dsa
)
430 return ASN1_item_dup(&DSAparams_it
, dsa
);
434 DSA_sign(int type
, const unsigned char *dgst
, int dlen
, unsigned char *sig
,
435 unsigned int *siglen
, DSA
*dsa
)
439 s
= DSA_do_sign(dgst
, dlen
, dsa
);
444 *siglen
= i2d_DSA_SIG(s
,&sig
);
450 * data has already been hashed (probably with SHA or SHA-1).
452 * 1: correct signature
453 * 0: incorrect signature
457 DSA_verify(int type
, const unsigned char *dgst
, int dgst_len
,
458 const unsigned char *sigbuf
, int siglen
, DSA
*dsa
)
461 unsigned char *der
= NULL
;
462 const unsigned char *p
= sigbuf
;
469 if (d2i_DSA_SIG(&s
, &p
, siglen
) == NULL
)
471 /* Ensure signature uses DER and doesn't have trailing garbage */
472 derlen
= i2d_DSA_SIG(s
, &der
);
473 if (derlen
!= siglen
|| memcmp(sigbuf
, der
, derlen
))
475 ret
= DSA_do_verify(dgst
, dgst_len
, s
, dsa
);
477 freezero(der
, derlen
);