dsa_key.c 4.2 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173
  1. /*
  2. * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  3. *
  4. * Licensed under the Apache License 2.0 (the "License"). You may not use
  5. * this file except in compliance with the License. You can obtain a copy
  6. * in the file LICENSE in the source distribution or at
  7. * https://www.openssl.org/source/license.html
  8. */
  9. /*
  10. * DSA low level APIs are deprecated for public use, but still ok for
  11. * internal use.
  12. */
  13. #include "internal/deprecated.h"
  14. #include <stdio.h>
  15. #include <time.h>
  16. #include "internal/cryptlib.h"
  17. #include <openssl/bn.h>
  18. #include <openssl/self_test.h>
  19. #include "prov/providercommon.h"
  20. #include "crypto/dsa.h"
  21. #include "dsa_local.h"
  22. #ifdef FIPS_MODULE
  23. # define MIN_STRENGTH 112
  24. #else
  25. # define MIN_STRENGTH 80
  26. #endif
  27. static int dsa_keygen(DSA *dsa, int pairwise_test);
  28. static int dsa_keygen_pairwise_test(DSA *dsa, OSSL_CALLBACK *cb, void *cbarg);
  29. int DSA_generate_key(DSA *dsa)
  30. {
  31. #ifndef FIPS_MODULE
  32. if (dsa->meth->dsa_keygen != NULL)
  33. return dsa->meth->dsa_keygen(dsa);
  34. #endif
  35. return dsa_keygen(dsa, 0);
  36. }
  37. int ossl_dsa_generate_public_key(BN_CTX *ctx, const DSA *dsa,
  38. const BIGNUM *priv_key, BIGNUM *pub_key)
  39. {
  40. int ret = 0;
  41. BIGNUM *prk = BN_new();
  42. if (prk == NULL)
  43. return 0;
  44. BN_with_flags(prk, priv_key, BN_FLG_CONSTTIME);
  45. /* pub_key = g ^ priv_key mod p */
  46. if (!BN_mod_exp(pub_key, dsa->params.g, prk, dsa->params.p, ctx))
  47. goto err;
  48. ret = 1;
  49. err:
  50. BN_clear_free(prk);
  51. return ret;
  52. }
  53. static int dsa_keygen(DSA *dsa, int pairwise_test)
  54. {
  55. int ok = 0;
  56. BN_CTX *ctx = NULL;
  57. BIGNUM *pub_key = NULL, *priv_key = NULL;
  58. if ((ctx = BN_CTX_new_ex(dsa->libctx)) == NULL)
  59. goto err;
  60. if (dsa->priv_key == NULL) {
  61. if ((priv_key = BN_secure_new()) == NULL)
  62. goto err;
  63. } else {
  64. priv_key = dsa->priv_key;
  65. }
  66. /* Do a partial check for invalid p, q, g */
  67. if (!ossl_ffc_params_simple_validate(dsa->libctx, &dsa->params,
  68. FFC_PARAM_TYPE_DSA, NULL))
  69. goto err;
  70. /*
  71. * For FFC FIPS 186-4 keygen
  72. * security strength s = 112,
  73. * Max Private key size N = len(q)
  74. */
  75. if (!ossl_ffc_generate_private_key(ctx, &dsa->params,
  76. BN_num_bits(dsa->params.q),
  77. MIN_STRENGTH, priv_key))
  78. goto err;
  79. if (dsa->pub_key == NULL) {
  80. if ((pub_key = BN_new()) == NULL)
  81. goto err;
  82. } else {
  83. pub_key = dsa->pub_key;
  84. }
  85. if (!ossl_dsa_generate_public_key(ctx, dsa, priv_key, pub_key))
  86. goto err;
  87. dsa->priv_key = priv_key;
  88. dsa->pub_key = pub_key;
  89. #ifdef FIPS_MODULE
  90. pairwise_test = 1;
  91. #endif /* FIPS_MODULE */
  92. ok = 1;
  93. if (pairwise_test) {
  94. OSSL_CALLBACK *cb = NULL;
  95. void *cbarg = NULL;
  96. OSSL_SELF_TEST_get_callback(dsa->libctx, &cb, &cbarg);
  97. ok = dsa_keygen_pairwise_test(dsa, cb, cbarg);
  98. if (!ok) {
  99. ossl_set_error_state(OSSL_SELF_TEST_TYPE_PCT);
  100. BN_free(dsa->pub_key);
  101. BN_clear_free(dsa->priv_key);
  102. dsa->pub_key = NULL;
  103. dsa->priv_key = NULL;
  104. BN_CTX_free(ctx);
  105. return ok;
  106. }
  107. }
  108. dsa->dirty_cnt++;
  109. err:
  110. if (pub_key != dsa->pub_key)
  111. BN_free(pub_key);
  112. if (priv_key != dsa->priv_key)
  113. BN_free(priv_key);
  114. BN_CTX_free(ctx);
  115. return ok;
  116. }
  117. /*
  118. * FIPS 140-2 IG 9.9 AS09.33
  119. * Perform a sign/verify operation.
  120. */
  121. static int dsa_keygen_pairwise_test(DSA *dsa, OSSL_CALLBACK *cb, void *cbarg)
  122. {
  123. int ret = 0;
  124. unsigned char dgst[16] = {0};
  125. unsigned int dgst_len = (unsigned int)sizeof(dgst);
  126. DSA_SIG *sig = NULL;
  127. OSSL_SELF_TEST *st = NULL;
  128. st = OSSL_SELF_TEST_new(cb, cbarg);
  129. if (st == NULL)
  130. goto err;
  131. OSSL_SELF_TEST_onbegin(st, OSSL_SELF_TEST_TYPE_PCT,
  132. OSSL_SELF_TEST_DESC_PCT_DSA);
  133. sig = DSA_do_sign(dgst, (int)dgst_len, dsa);
  134. if (sig == NULL)
  135. goto err;
  136. OSSL_SELF_TEST_oncorrupt_byte(st, dgst);
  137. if (DSA_do_verify(dgst, dgst_len, sig, dsa) != 1)
  138. goto err;
  139. ret = 1;
  140. err:
  141. OSSL_SELF_TEST_onend(st, ret);
  142. OSSL_SELF_TEST_free(st);
  143. DSA_SIG_free(sig);
  144. return ret;
  145. }