dsa_check.c 3.6 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133
  1. /*
  2. * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
  3. *
  4. * Licensed under the Apache License 2.0 (the "License"). You may not use
  5. * this file except in compliance with the License. You can obtain a copy
  6. * in the file LICENSE in the source distribution or at
  7. * https://www.openssl.org/source/license.html
  8. */
  9. /*
  10. * DSA low level APIs are deprecated for public use, but still ok for
  11. * internal use.
  12. */
  13. #include "internal/deprecated.h"
  14. #include <stdio.h>
  15. #include "internal/cryptlib.h"
  16. #include <openssl/bn.h>
  17. #include "dsa_local.h"
  18. #include "crypto/dsa.h"
  19. static int dsa_precheck_params(const DSA *dsa, int *ret)
  20. {
  21. if (dsa->params.p == NULL || dsa->params.q == NULL) {
  22. ERR_raise(ERR_LIB_DSA, DSA_R_BAD_FFC_PARAMETERS);
  23. *ret = FFC_CHECK_INVALID_PQ;
  24. return 0;
  25. }
  26. if (BN_num_bits(dsa->params.p) > OPENSSL_DSA_MAX_MODULUS_BITS) {
  27. ERR_raise(ERR_LIB_DSA, DSA_R_MODULUS_TOO_LARGE);
  28. *ret = FFC_CHECK_INVALID_PQ;
  29. return 0;
  30. }
  31. if (BN_num_bits(dsa->params.q) >= BN_num_bits(dsa->params.p)) {
  32. ERR_raise(ERR_LIB_DSA, DSA_R_BAD_Q_VALUE);
  33. *ret = FFC_CHECK_INVALID_PQ;
  34. return 0;
  35. }
  36. return 1;
  37. }
  38. int ossl_dsa_check_params(const DSA *dsa, int checktype, int *ret)
  39. {
  40. if (!dsa_precheck_params(dsa, ret))
  41. return 0;
  42. if (checktype == OSSL_KEYMGMT_VALIDATE_QUICK_CHECK)
  43. return ossl_ffc_params_simple_validate(dsa->libctx, &dsa->params,
  44. FFC_PARAM_TYPE_DSA, ret);
  45. else
  46. /*
  47. * Do full FFC domain params validation according to FIPS-186-4
  48. * - always in FIPS_MODULE
  49. * - only if possible (i.e., seed is set) in default provider
  50. */
  51. return ossl_ffc_params_full_validate(dsa->libctx, &dsa->params,
  52. FFC_PARAM_TYPE_DSA, ret);
  53. }
  54. /*
  55. * See SP800-56Ar3 Section 5.6.2.3.1 : FFC Full public key validation.
  56. */
  57. int ossl_dsa_check_pub_key(const DSA *dsa, const BIGNUM *pub_key, int *ret)
  58. {
  59. if (!dsa_precheck_params(dsa, ret))
  60. return 0;
  61. return ossl_ffc_validate_public_key(&dsa->params, pub_key, ret)
  62. && *ret == 0;
  63. }
  64. /*
  65. * See SP800-56Ar3 Section 5.6.2.3.1 : FFC Partial public key validation.
  66. * To only be used with ephemeral FFC public keys generated using the approved
  67. * safe-prime groups.
  68. */
  69. int ossl_dsa_check_pub_key_partial(const DSA *dsa, const BIGNUM *pub_key, int *ret)
  70. {
  71. if (!dsa_precheck_params(dsa, ret))
  72. return 0;
  73. return ossl_ffc_validate_public_key_partial(&dsa->params, pub_key, ret)
  74. && *ret == 0;
  75. }
  76. int ossl_dsa_check_priv_key(const DSA *dsa, const BIGNUM *priv_key, int *ret)
  77. {
  78. *ret = 0;
  79. if (!dsa_precheck_params(dsa, ret))
  80. return 0;
  81. return ossl_ffc_validate_private_key(dsa->params.q, priv_key, ret);
  82. }
  83. /*
  84. * FFC pairwise check from SP800-56A R3.
  85. * Section 5.6.2.1.4 Owner Assurance of Pair-wise Consistency
  86. */
  87. int ossl_dsa_check_pairwise(const DSA *dsa)
  88. {
  89. int ret = 0;
  90. BN_CTX *ctx = NULL;
  91. BIGNUM *pub_key = NULL;
  92. if (!dsa_precheck_params(dsa, &ret))
  93. return 0;
  94. if (dsa->params.g == NULL
  95. || dsa->priv_key == NULL
  96. || dsa->pub_key == NULL)
  97. return 0;
  98. ctx = BN_CTX_new_ex(dsa->libctx);
  99. if (ctx == NULL)
  100. goto err;
  101. pub_key = BN_new();
  102. if (pub_key == NULL)
  103. goto err;
  104. /* recalculate the public key = (g ^ priv) mod p */
  105. if (!ossl_dsa_generate_public_key(ctx, dsa, dsa->priv_key, pub_key))
  106. goto err;
  107. /* check it matches the existing public_key */
  108. ret = BN_cmp(pub_key, dsa->pub_key) == 0;
  109. err:
  110. BN_free(pub_key);
  111. BN_CTX_free(ctx);
  112. return ret;
  113. }