summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/dsa
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libcrypto/dsa')
-rw-r--r--src/lib/libcrypto/dsa/dsa.h194
-rw-r--r--src/lib/libcrypto/dsa/dsa_err.c99
-rw-r--r--src/lib/libcrypto/dsa/dsa_gen.c328
-rw-r--r--src/lib/libcrypto/dsa/dsa_key.c112
-rw-r--r--src/lib/libcrypto/dsa/dsa_lib.c145
-rw-r--r--src/lib/libcrypto/dsa/dsa_sign.c215
-rw-r--r--src/lib/libcrypto/dsa/dsa_vrf.c152
7 files changed, 1245 insertions, 0 deletions
diff --git a/src/lib/libcrypto/dsa/dsa.h b/src/lib/libcrypto/dsa/dsa.h
new file mode 100644
index 0000000000..1ca87c1cbe
--- /dev/null
+++ b/src/lib/libcrypto/dsa/dsa.h
@@ -0,0 +1,194 @@
1/* crypto/dsa/dsa.h */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59/*
60 * The DSS routines are based on patches supplied by
61 * Steven Schoch <schoch@sheba.arc.nasa.gov>. He basically did the
62 * work and I have just tweaked them a little to fit into my
63 * stylistic vision for SSLeay :-) */
64
65#ifndef HEADER_DSA_H
66#define HEADER_DSA_H
67
68#ifdef __cplusplus
69extern "C" {
70#endif
71
72#include "bn.h"
73
74typedef struct dsa_st
75 {
76 /* This first variable is used to pick up errors where
77 * a DSA is passed instead of of a EVP_PKEY */
78 int pad;
79 int version;
80 int write_params;
81 BIGNUM *p;
82 BIGNUM *q; /* == 20 */
83 BIGNUM *g;
84
85 BIGNUM *pub_key; /* y public key */
86 BIGNUM *priv_key; /* x private key */
87
88 BIGNUM *kinv; /* Signing pre-calc */
89 BIGNUM *r; /* Signing pre-calc */
90
91 int references;
92 } DSA;
93
94#define DSAparams_dup(x) (DSA *)ASN1_dup((int (*)())i2d_DSAparams, \
95 (char *(*)())d2i_DSAparams,(char *)(x))
96#define d2i_DSAparams_fp(fp,x) (DSA *)ASN1_d2i_fp((char *(*)())DSA_new, \
97 (char *(*)())d2i_DSAparams,(fp),(unsigned char **)(x))
98#define i2d_DSAparams_fp(fp,x) ASN1_i2d_fp(i2d_DSAparams,(fp), \
99 (unsigned char *)(x))
100#define d2i_DSAparams_bio(bp,x) (DSA *)ASN1_d2i_bio((char *(*)())DSA_new, \
101 (char *(*)())d2i_DSAparams,(bp),(unsigned char **)(x))
102#define i2d_DSAparams_bio(bp,x) ASN1_i2d_bio(i2d_DSAparams,(bp), \
103 (unsigned char *)(x))
104
105#ifndef NOPROTO
106
107DSA * DSA_new(void);
108int DSA_size(DSA *);
109 /* next 4 return -1 on error */
110int DSA_sign_setup( DSA *dsa,BN_CTX *ctx_in,BIGNUM **kinvp,BIGNUM **rp);
111int DSA_sign(int type,unsigned char *dgst,int dlen,
112 unsigned char *sig, unsigned int *siglen, DSA *dsa);
113int DSA_verify(int type,unsigned char *dgst,int dgst_len,
114 unsigned char *sigbuf, int siglen, DSA *dsa);
115void DSA_free (DSA *r);
116
117void ERR_load_DSA_strings(void );
118
119DSA * d2i_DSAPublicKey(DSA **a, unsigned char **pp, long length);
120DSA * d2i_DSAPrivateKey(DSA **a, unsigned char **pp, long length);
121DSA * d2i_DSAparams(DSA **a, unsigned char **pp, long length);
122DSA * DSA_generate_parameters(int bits, unsigned char *seed,int seed_len,
123 int *counter_ret, unsigned long *h_ret,void
124 (*callback)(),char *cb_arg);
125int DSA_generate_key(DSA *a);
126int i2d_DSAPublicKey(DSA *a, unsigned char **pp);
127int i2d_DSAPrivateKey(DSA *a, unsigned char **pp);
128int i2d_DSAparams(DSA *a,unsigned char **pp);
129
130#ifdef HEADER_BIO_H
131int DSAparams_print(BIO *bp, DSA *x);
132int DSA_print(BIO *bp, DSA *x, int off);
133#endif
134#ifndef NO_FP_API
135int DSAparams_print_fp(FILE *fp, DSA *x);
136int DSA_print_fp(FILE *bp, DSA *x, int off);
137#endif
138
139int DSA_is_prime(BIGNUM *q,void (*callback)(),char *cb_arg);
140
141#else
142
143DSA * DSA_new();
144int DSA_size();
145int DSA_sign_setup();
146int DSA_sign();
147int DSA_verify();
148void DSA_free ();
149
150void ERR_load_DSA_strings();
151
152DSA * d2i_DSAPublicKey();
153DSA * d2i_DSAPrivateKey();
154DSA * d2i_DSAparams();
155DSA * DSA_generate_parameters();
156int DSA_generate_key();
157int i2d_DSAPublicKey();
158int i2d_DSAPrivateKey();
159int i2d_DSAparams();
160
161int DSA_is_prime();
162
163int DSAparams_print();
164int DSA_print();
165
166#ifndef NO_FP_API
167int DSAparams_print_fp();
168int DSA_print_fp();
169#endif
170
171#endif
172
173/* BEGIN ERROR CODES */
174/* Error codes for the DSA functions. */
175
176/* Function codes. */
177#define DSA_F_DSAPARAMS_PRINT 100
178#define DSA_F_DSAPARAMS_PRINT_FP 101
179#define DSA_F_DSA_IS_PRIME 102
180#define DSA_F_DSA_NEW 103
181#define DSA_F_DSA_PRINT 104
182#define DSA_F_DSA_PRINT_FP 105
183#define DSA_F_DSA_SIGN 106
184#define DSA_F_DSA_SIGN_SETUP 107
185#define DSA_F_DSA_VERIFY 108
186
187/* Reason codes. */
188#define DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE 100
189
190#ifdef __cplusplus
191}
192#endif
193#endif
194
diff --git a/src/lib/libcrypto/dsa/dsa_err.c b/src/lib/libcrypto/dsa/dsa_err.c
new file mode 100644
index 0000000000..318e9f31aa
--- /dev/null
+++ b/src/lib/libcrypto/dsa/dsa_err.c
@@ -0,0 +1,99 @@
1/* lib/dsa/dsa_err.c */
2/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58#include <stdio.h>
59#include "err.h"
60#include "dsa.h"
61
62/* BEGIN ERROR CODES */
63#ifndef NO_ERR
64static ERR_STRING_DATA DSA_str_functs[]=
65 {
66{ERR_PACK(0,DSA_F_DSAPARAMS_PRINT,0), "DSAparams_print"},
67{ERR_PACK(0,DSA_F_DSAPARAMS_PRINT_FP,0), "DSAparams_print_fp"},
68{ERR_PACK(0,DSA_F_DSA_IS_PRIME,0), "DSA_is_prime"},
69{ERR_PACK(0,DSA_F_DSA_NEW,0), "DSA_new"},
70{ERR_PACK(0,DSA_F_DSA_PRINT,0), "DSA_print"},
71{ERR_PACK(0,DSA_F_DSA_PRINT_FP,0), "DSA_print_fp"},
72{ERR_PACK(0,DSA_F_DSA_SIGN,0), "DSA_sign"},
73{ERR_PACK(0,DSA_F_DSA_SIGN_SETUP,0), "DSA_sign_setup"},
74{ERR_PACK(0,DSA_F_DSA_VERIFY,0), "DSA_verify"},
75{0,NULL},
76 };
77
78static ERR_STRING_DATA DSA_str_reasons[]=
79 {
80{DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE ,"data too large for key size"},
81{0,NULL},
82 };
83
84#endif
85
86void ERR_load_DSA_strings()
87 {
88 static int init=1;
89
90 if (init);
91 {;
92 init=0;
93#ifndef NO_ERR
94 ERR_load_strings(ERR_LIB_DSA,DSA_str_functs);
95 ERR_load_strings(ERR_LIB_DSA,DSA_str_reasons);
96#endif
97
98 }
99 }
diff --git a/src/lib/libcrypto/dsa/dsa_gen.c b/src/lib/libcrypto/dsa/dsa_gen.c
new file mode 100644
index 0000000000..d7d30bf90a
--- /dev/null
+++ b/src/lib/libcrypto/dsa/dsa_gen.c
@@ -0,0 +1,328 @@
1/* crypto/dsa/dsa_gen.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#undef GENUINE_DSA
60
61#ifdef GENUINE_DSA
62#define HASH SHA
63#else
64#define HASH SHA1
65#endif
66
67#include <stdio.h>
68#include <time.h>
69#include "cryptlib.h"
70#include "sha.h"
71#include "bn.h"
72#include "dsa.h"
73#include "rand.h"
74
75DSA *DSA_generate_parameters(bits,seed_in,seed_len,counter_ret,h_ret,callback,
76 cb_arg)
77int bits;
78unsigned char *seed_in;
79int seed_len;
80int *counter_ret;
81unsigned long *h_ret;
82void (*callback)();
83char *cb_arg;
84 {
85 int ok=0;
86 unsigned char seed[SHA_DIGEST_LENGTH];
87 unsigned char md[SHA_DIGEST_LENGTH];
88 unsigned char buf[SHA_DIGEST_LENGTH],buf2[SHA_DIGEST_LENGTH];
89 BIGNUM *r0,*W,*X,*c,*test;
90 BIGNUM *g=NULL,*q=NULL,*p=NULL;
91 int k,n=0,i,b,m=0;
92 int counter=0;
93 BN_CTX *ctx=NULL,*ctx2=NULL;
94 unsigned int h=2;
95 DSA *ret=NULL;
96
97 if (bits < 512) bits=512;
98 bits=(bits+63)/64*64;
99
100 if ((seed_in != NULL) && (seed_len == 20))
101 memcpy(seed,seed_in,seed_len);
102
103 ctx=BN_CTX_new();
104 if (ctx == NULL) goto err;
105 ctx2=BN_CTX_new();
106 if (ctx2 == NULL) goto err;
107 ret=DSA_new();
108 if (ret == NULL) goto err;
109 r0=ctx2->bn[0];
110 g=ctx2->bn[1];
111 W=ctx2->bn[2];
112 q=ctx2->bn[3];
113 X=ctx2->bn[4];
114 c=ctx2->bn[5];
115 p=ctx2->bn[6];
116 test=ctx2->bn[7];
117
118 BN_lshift(test,BN_value_one(),bits-1);
119
120 for (;;)
121 {
122 for (;;)
123 {
124 /* step 1 */
125 if (callback != NULL) callback(0,m++,cb_arg);
126
127 if (!seed_len)
128 RAND_bytes(seed,SHA_DIGEST_LENGTH);
129 else
130 seed_len=0;
131
132 memcpy(buf,seed,SHA_DIGEST_LENGTH);
133 memcpy(buf2,seed,SHA_DIGEST_LENGTH);
134 for (i=SHA_DIGEST_LENGTH-1; i >= 0; i--)
135 {
136 buf[i]++;
137 if (buf[i] != 0) break;
138 }
139
140 /* step 2 */
141 HASH(seed,SHA_DIGEST_LENGTH,md);
142 HASH(buf,SHA_DIGEST_LENGTH,buf2);
143 for (i=0; i<SHA_DIGEST_LENGTH; i++)
144 md[i]^=buf2[i];
145
146 /* step 3 */
147 md[0]|=0x80;
148 md[SHA_DIGEST_LENGTH-1]|=0x01;
149 if (!BN_bin2bn(md,SHA_DIGEST_LENGTH,q)) abort();
150
151 /* step 4 */
152 if (DSA_is_prime(q,callback,cb_arg) > 0) break;
153 /* do a callback call */
154 /* step 5 */
155 }
156
157 if (callback != NULL) callback(2,0,cb_arg);
158 if (callback != NULL) callback(3,0,cb_arg);
159
160 /* step 6 */
161 counter=0;
162
163 n=(bits-1)/160;
164 b=(bits-1)-n*160;
165
166 for (;;)
167 {
168 /* step 7 */
169 BN_zero(W);
170 for (k=0; k<=n; k++)
171 {
172 for (i=SHA_DIGEST_LENGTH-1; i >= 0; i--)
173 {
174 buf[i]++;
175 if (buf[i] != 0) break;
176 }
177
178 HASH(buf,SHA_DIGEST_LENGTH,md);
179
180 /* step 8 */
181 if (!BN_bin2bn(md,SHA_DIGEST_LENGTH,r0)) abort();
182 BN_lshift(r0,r0,160*k);
183 BN_add(W,W,r0);
184 }
185
186 /* more of step 8 */
187 BN_mask_bits(W,bits-1);
188 BN_copy(X,W); /* this should be ok */
189 BN_add(X,X,test); /* this should be ok */
190
191 /* step 9 */
192 BN_lshift1(r0,q);
193 BN_mod(c,X,r0,ctx);
194 BN_sub(r0,c,BN_value_one());
195 BN_sub(p,X,r0);
196
197 /* step 10 */
198 if (BN_cmp(p,test) >= 0)
199 {
200 /* step 11 */
201 if (DSA_is_prime(p,callback,cb_arg) > 0)
202 goto end;
203 }
204
205 /* step 13 */
206 counter++;
207
208 /* step 14 */
209 if (counter >= 4096) break;
210
211 if (callback != NULL) callback(0,counter,cb_arg);
212 }
213 }
214end:
215 if (callback != NULL) callback(2,1,cb_arg);
216
217 /* We now need to gernerate g */
218 /* Set r0=(p-1)/q */
219 BN_sub(test,p,BN_value_one());
220 BN_div(r0,NULL,test,q,ctx);
221
222 BN_set_word(test,h);
223 for (;;)
224 {
225 /* g=test^r0%p */
226 BN_mod_exp(g,test,r0,p,ctx);
227 if (!BN_is_one(g)) break;
228 BN_add(test,test,BN_value_one());
229 h++;
230 }
231
232 if (callback != NULL) callback(3,1,cb_arg);
233
234 ok=1;
235err:
236 if (!ok)
237 {
238 if (ret != NULL) DSA_free(ret);
239 }
240 else
241 {
242 ret->p=BN_dup(p);
243 ret->q=BN_dup(q);
244 ret->g=BN_dup(g);
245 if ((m > 1) && (seed_in != NULL)) memcpy(seed_in,seed,20);
246 if (counter_ret != NULL) *counter_ret=counter;
247 if (h_ret != NULL) *h_ret=h;
248 }
249 BN_CTX_free(ctx);
250 BN_CTX_free(ctx2);
251 return(ok?ret:NULL);
252 }
253
254int DSA_is_prime(w, callback,cb_arg)
255BIGNUM *w;
256void (*callback)();
257char *cb_arg;
258 {
259 int ok= -1,j,i,n;
260 BN_CTX *ctx=NULL,*ctx2=NULL;
261 BIGNUM *w_1,*b,*m,*z;
262 int a;
263
264 if (!BN_is_bit_set(w,0)) return(0);
265
266 ctx=BN_CTX_new();
267 if (ctx == NULL) goto err;
268 ctx2=BN_CTX_new();
269 if (ctx2 == NULL) goto err;
270
271 m= ctx2->bn[2];
272 b= ctx2->bn[3];
273 z= ctx2->bn[4];
274 w_1=ctx2->bn[5];
275
276 /* step 1 */
277 n=50;
278
279 /* step 2 */
280 if (!BN_sub(w_1,w,BN_value_one())) goto err;
281 for (a=1; !BN_is_bit_set(w_1,a); a++)
282 ;
283 if (!BN_rshift(m,w_1,a)) goto err;
284
285 for (i=1; i < n; i++)
286 {
287 /* step 3 */
288 BN_rand(b,BN_num_bits(w)-2/*-1*/,0,0);
289 BN_set_word(b,0x10001L);
290
291 /* step 4 */
292 j=0;
293 if (!BN_mod_exp(z,b,m,w,ctx)) goto err;
294
295 /* step 5 */
296 for (;;)
297 {
298 if (((j == 0) && BN_is_one(z)) || (BN_cmp(z,w_1) == 0))
299 break;
300
301 /* step 6 */
302 if ((j > 0) && BN_is_one(z))
303 {
304 ok=0;
305 goto err;
306 }
307
308 j++;
309 if (j >= a)
310 {
311 ok=0;
312 goto err;
313 }
314
315 if (!BN_mod_mul(z,z,z,w,ctx)) goto err;
316 if (callback != NULL) callback(1,j,cb_arg);
317 }
318 }
319
320 ok=1;
321err:
322 if (ok == -1) DSAerr(DSA_F_DSA_IS_PRIME,ERR_R_BN_LIB);
323 BN_CTX_free(ctx);
324 BN_CTX_free(ctx2);
325
326 return(ok);
327 }
328
diff --git a/src/lib/libcrypto/dsa/dsa_key.c b/src/lib/libcrypto/dsa/dsa_key.c
new file mode 100644
index 0000000000..d51ed9395f
--- /dev/null
+++ b/src/lib/libcrypto/dsa/dsa_key.c
@@ -0,0 +1,112 @@
1/* crypto/dsa/dsa_key.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <time.h>
61#include "cryptlib.h"
62#include "sha.h"
63#include "bn.h"
64#include "dsa.h"
65#include "rand.h"
66
67int DSA_generate_key(dsa)
68DSA *dsa;
69 {
70 int ok=0;
71 unsigned int i;
72 BN_CTX *ctx=NULL;
73 BIGNUM *pub_key=NULL,*priv_key=NULL;
74
75 if ((ctx=BN_CTX_new()) == NULL) goto err;
76
77 if (dsa->priv_key == NULL)
78 {
79 if ((priv_key=BN_new()) == NULL) goto err;
80 }
81 else
82 priv_key=dsa->priv_key;
83
84 i=BN_num_bits(dsa->q);
85 for (;;)
86 {
87 BN_rand(priv_key,i,1,0);
88 if (BN_cmp(priv_key,dsa->q) >= 0)
89 BN_sub(priv_key,priv_key,dsa->q);
90 if (!BN_is_zero(priv_key)) break;
91 }
92
93 if (dsa->pub_key == NULL)
94 {
95 if ((pub_key=BN_new()) == NULL) goto err;
96 }
97 else
98 pub_key=dsa->pub_key;
99
100 if (!BN_mod_exp(pub_key,dsa->g,priv_key,dsa->p,ctx)) goto err;
101
102 dsa->priv_key=priv_key;
103 dsa->pub_key=pub_key;
104 ok=1;
105
106err:
107 if ((pub_key != NULL) && (dsa->pub_key == NULL)) BN_free(pub_key);
108 if ((priv_key != NULL) && (dsa->priv_key == NULL)) BN_free(priv_key);
109 if (ctx != NULL) BN_CTX_free(ctx);
110 return(ok);
111 }
112
diff --git a/src/lib/libcrypto/dsa/dsa_lib.c b/src/lib/libcrypto/dsa/dsa_lib.c
new file mode 100644
index 0000000000..b647257f9f
--- /dev/null
+++ b/src/lib/libcrypto/dsa/dsa_lib.c
@@ -0,0 +1,145 @@
1/* crypto/dsa/dsa_lib.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59/* Origional version from Steven Schoch <schoch@sheba.arc.nasa.gov> */
60
61#include <stdio.h>
62#include "cryptlib.h"
63#include "bn.h"
64#include "dsa.h"
65#include "asn1.h"
66
67char *DSA_version="\0DSA part of SSLeay 0.9.0b 29-Jun-1998";
68
69DSA *DSA_new()
70 {
71 DSA *ret;
72
73 ret=(DSA *)Malloc(sizeof(DSA));
74 if (ret == NULL)
75 {
76 DSAerr(DSA_F_DSA_NEW,ERR_R_MALLOC_FAILURE);
77 return(NULL);
78 }
79 ret->pad=0;
80 ret->version=0;
81 ret->write_params=1;
82 ret->p=NULL;
83 ret->q=NULL;
84 ret->g=NULL;
85
86 ret->pub_key=NULL;
87 ret->priv_key=NULL;
88
89 ret->kinv=NULL;
90 ret->r=NULL;
91
92 ret->references=1;
93 return(ret);
94 }
95
96void DSA_free(r)
97DSA *r;
98 {
99 int i;
100
101 if (r == NULL) return;
102
103 i=CRYPTO_add(&r->references,-1,CRYPTO_LOCK_DSA);
104#ifdef REF_PRINT
105 REF_PRINT("DSA",r);
106#endif
107 if (i > 0) return;
108#ifdef REF_CHECK
109 if (i < 0)
110 {
111 fprintf(stderr,"DSA_free, bad reference count\n");
112 abort();
113 }
114#endif
115
116 if (r->p != NULL) BN_clear_free(r->p);
117 if (r->q != NULL) BN_clear_free(r->q);
118 if (r->g != NULL) BN_clear_free(r->g);
119 if (r->pub_key != NULL) BN_clear_free(r->pub_key);
120 if (r->priv_key != NULL) BN_clear_free(r->priv_key);
121 if (r->kinv != NULL) BN_clear_free(r->kinv);
122 if (r->r != NULL) BN_clear_free(r->r);
123 Free(r);
124 }
125
126int DSA_size(r)
127DSA *r;
128 {
129 int ret,i;
130 ASN1_INTEGER bs;
131 unsigned char buf[4];
132
133 i=BN_num_bits(r->q);
134 bs.length=(i+7)/8;
135 bs.data=buf;
136 bs.type=V_ASN1_INTEGER;
137 /* If the top bit is set the asn1 encoding is 1 larger. */
138 buf[0]=0xff;
139
140 i=i2d_ASN1_INTEGER(&bs,NULL);
141 i+=i; /* r and s */
142 ret=ASN1_object_size(1,i,V_ASN1_SEQUENCE);
143 return(ret);
144 }
145
diff --git a/src/lib/libcrypto/dsa/dsa_sign.c b/src/lib/libcrypto/dsa/dsa_sign.c
new file mode 100644
index 0000000000..6ca1c318f2
--- /dev/null
+++ b/src/lib/libcrypto/dsa/dsa_sign.c
@@ -0,0 +1,215 @@
1/* crypto/dsa/dsa_sign.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59/* Origional version from Steven Schoch <schoch@sheba.arc.nasa.gov> */
60
61#include <stdio.h>
62#include "cryptlib.h"
63#include "bn.h"
64#include "dsa.h"
65#include "rand.h"
66#include "asn1.h"
67
68/* data has already been hashed (probably with SHA or SHA-1). */
69/* DSAerr(DSA_F_DSA_SIGN,DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); */
70
71int DSA_sign(type,dgst,dlen,sig,siglen,dsa)
72int type;
73unsigned char *dgst;
74int dlen;
75unsigned char *sig; /* out */
76unsigned int *siglen; /* out */
77DSA *dsa;
78 {
79 BIGNUM *kinv=NULL,*r=NULL;
80 BIGNUM *m=NULL;
81 BIGNUM *xr=NULL,*s=NULL;
82 BN_CTX *ctx=NULL;
83 unsigned char *p;
84 int i,len=0,ret=0,reason=ERR_R_BN_LIB;
85 ASN1_INTEGER rbs,sbs;
86 MS_STATIC unsigned char rbuf[50]; /* assuming r is 20 bytes +extra */
87 MS_STATIC unsigned char sbuf[50]; /* assuming s is 20 bytes +extra */
88
89 i=BN_num_bytes(dsa->q); /* should be 20 */
90 if ((dlen > i) || (dlen > 50))
91 {
92 reason=DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE;
93 goto err;
94 }
95
96 ctx=BN_CTX_new();
97 if (ctx == NULL) goto err;
98
99 if ((dsa->kinv == NULL) || (dsa->r == NULL))
100 {
101 if (!DSA_sign_setup(dsa,ctx,&kinv,&r)) goto err;
102 }
103 else
104 {
105 kinv=dsa->kinv;
106 dsa->kinv=NULL;
107 r=dsa->r;
108 dsa->r=NULL;
109 }
110
111 m=BN_new();
112 xr=BN_new();
113 s=BN_new();
114 if (m == NULL || xr == NULL || s == NULL) goto err;
115
116 if (BN_bin2bn(dgst,dlen,m) == NULL) goto err;
117
118 /* Compute s = inv(k) (m + xr) mod q */
119 if (!BN_mul(xr, dsa->priv_key, r)) goto err; /* s = xr */
120 if (!BN_add(s, xr, m)) goto err; /* s = m + xr */
121 if (!BN_mod_mul(s,s,kinv,dsa->q,ctx)) goto err;
122
123 /*
124 * Now create a ASN.1 sequence of the integers R and S.
125 */
126 rbs.data=rbuf;
127 sbs.data=sbuf;
128 rbs.type = V_ASN1_INTEGER;
129 sbs.type = V_ASN1_INTEGER;
130 rbs.length=BN_bn2bin(r,rbs.data);
131 sbs.length=BN_bn2bin(s,sbs.data);
132
133 len =i2d_ASN1_INTEGER(&rbs,NULL);
134 len+=i2d_ASN1_INTEGER(&sbs,NULL);
135
136 p=sig;
137 ASN1_put_object(&p,1,len,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL);
138 i2d_ASN1_INTEGER(&rbs,&p);
139 i2d_ASN1_INTEGER(&sbs,&p);
140 *siglen=(p-sig);
141 ret=1;
142err:
143 if (!ret) DSAerr(DSA_F_DSA_SIGN,reason);
144
145#if 1 /* do the right thing :-) */
146 if (kinv != NULL) BN_clear_free(kinv);
147 if (r != NULL) BN_clear_free(r);
148#endif
149 if (ctx != NULL) BN_CTX_free(ctx);
150 if (m != NULL) BN_clear_free(m);
151 if (xr != NULL) BN_clear_free(xr);
152 if (s != NULL) BN_clear_free(s);
153 return(ret);
154 }
155
156int DSA_sign_setup(dsa,ctx_in,kinvp,rp)
157DSA *dsa;
158BN_CTX *ctx_in;
159BIGNUM **kinvp;
160BIGNUM **rp;
161 {
162 BN_CTX *ctx;
163 BIGNUM *k=NULL,*kinv=NULL,*r=NULL;
164 int ret=0;
165
166 if (ctx_in == NULL)
167 {
168 if ((ctx=BN_CTX_new()) == NULL) goto err;
169 }
170 else
171 ctx=ctx_in;
172
173 r=BN_new();
174 k=BN_new();
175 if ((r == NULL) || (k == NULL))
176 goto err;
177 kinv=NULL;
178
179 if (r == NULL) goto err;
180
181 /* Get random k */
182 for (;;)
183 {
184 if (!BN_rand(k, BN_num_bits(dsa->q), 1, 0)) goto err;
185 if (BN_cmp(k,dsa->q) >= 0)
186 BN_sub(k,k,dsa->q);
187 if (!BN_is_zero(k)) break;
188 }
189
190 /* Compute r = (g^k mod p) mod q */
191 if (!BN_mod_exp(r,dsa->g,k,dsa->p,ctx)) goto err;
192 if (!BN_mod(r,r,dsa->q,ctx)) goto err;
193
194 /* Compute part of 's = inv(k) (m + xr) mod q' */
195 if ((kinv=BN_mod_inverse(k,dsa->q,ctx)) == NULL) goto err;
196
197 if (*kinvp != NULL) BN_clear_free(*kinvp);
198 *kinvp=kinv;
199 kinv=NULL;
200 if (*rp != NULL) BN_clear_free(*rp);
201 *rp=r;
202 ret=1;
203err:
204 if (!ret)
205 {
206 DSAerr(DSA_F_DSA_SIGN_SETUP,ERR_R_BN_LIB);
207 if (kinv != NULL) BN_clear_free(kinv);
208 if (r != NULL) BN_clear_free(r);
209 }
210 if (ctx_in == NULL) BN_CTX_free(ctx);
211 if (k != NULL) BN_clear_free(k);
212 if (kinv != NULL) BN_clear_free(kinv);
213 return(ret);
214 }
215
diff --git a/src/lib/libcrypto/dsa/dsa_vrf.c b/src/lib/libcrypto/dsa/dsa_vrf.c
new file mode 100644
index 0000000000..0f860984ed
--- /dev/null
+++ b/src/lib/libcrypto/dsa/dsa_vrf.c
@@ -0,0 +1,152 @@
1/* crypto/dsa/dsa_vrf.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59/* Origional version from Steven Schoch <schoch@sheba.arc.nasa.gov> */
60
61#include <stdio.h>
62#include "cryptlib.h"
63#include "bn.h"
64#include "dsa.h"
65#include "rand.h"
66#include "asn1.h"
67#include "asn1_mac.h"
68
69/* data has already been hashed (probably with SHA or SHA-1). */
70/* returns
71 * 1: correct signature
72 * 0: incorrect signature
73 * -1: error
74 */
75int DSA_verify(type,dgst,dgst_len,sigbuf,siglen, dsa)
76int type;
77unsigned char *dgst;
78int dgst_len;
79unsigned char *sigbuf;
80int siglen;
81DSA *dsa;
82 {
83 /* The next 3 are used by the M_ASN1 macros */
84 long length=siglen;
85 ASN1_CTX c;
86 unsigned char **pp= &sigbuf;
87 BN_CTX *ctx;
88 BIGNUM *r=NULL;
89 BIGNUM *t1=NULL,*t2=NULL;
90 BIGNUM *u1=NULL,*u2=NULL;
91 ASN1_INTEGER *bs=NULL;
92 int ret = -1;
93
94 ctx=BN_CTX_new();
95 if (ctx == NULL) goto err;
96
97 t1=BN_new();
98 t2=BN_new();
99 if (t1 == NULL || t2 == NULL) goto err;
100
101 M_ASN1_D2I_Init();
102 M_ASN1_D2I_start_sequence();
103 M_ASN1_D2I_get(bs,d2i_ASN1_INTEGER);
104 if ((r=BN_bin2bn(bs->data,bs->length,NULL)) == NULL) goto err_bn;
105 M_ASN1_D2I_get(bs,d2i_ASN1_INTEGER);
106 if ((u1=BN_bin2bn(bs->data,bs->length,NULL)) == NULL) goto err_bn;
107 if (!asn1_Finish(&c)) goto err;
108
109 /* Calculate W = inv(S) mod Q
110 * save W in u2 */
111 if ((u2=BN_mod_inverse(u1,dsa->q,ctx)) == NULL) goto err_bn;
112
113 /* save M in u1 */
114 if (BN_bin2bn(dgst,dgst_len,u1) == NULL) goto err_bn;
115
116 /* u1 = M * w mod q */
117 if (!BN_mod_mul(u1,u1,u2,dsa->q,ctx)) goto err_bn;
118
119 /* u2 = r * w mod q */
120 if (!BN_mod_mul(u2,r,u2,dsa->q,ctx)) goto err_bn;
121
122 /* v = ( g^u1 * y^u2 mod p ) mod q */
123 /* let t1 = g ^ u1 mod p */
124 if (!BN_mod_exp(t1,dsa->g,u1,dsa->p,ctx)) goto err_bn;
125 /* let t2 = y ^ u2 mod p */
126 if (!BN_mod_exp(t2,dsa->pub_key,u2,dsa->p,ctx)) goto err_bn;
127 /* let u1 = t1 * t2 mod p */
128 if (!BN_mod_mul(u1,t1,t2,dsa->p,ctx)) goto err_bn;
129 /* let u1 = u1 mod q */
130 if (!BN_mod(u1,u1,dsa->q,ctx)) goto err_bn;
131 /* V is now in u1. If the signature is correct, it will be
132 * equal to R. */
133 ret=(BN_ucmp(u1, r) == 0);
134 if (0)
135 {
136err: /* ASN1 error */
137 DSAerr(DSA_F_DSA_VERIFY,c.error);
138 }
139 if (0)
140 {
141err_bn: /* BN error */
142 DSAerr(DSA_F_DSA_VERIFY,ERR_R_BN_LIB);
143 }
144 if (ctx != NULL) BN_CTX_free(ctx);
145 if (r != NULL) BN_free(r);
146 if (t1 != NULL) BN_free(t1);
147 if (t2 != NULL) BN_free(t2);
148 if (u1 != NULL) BN_free(u1);
149 if (u2 != NULL) BN_free(u2);
150 if (bs != NULL) ASN1_BIT_STRING_free(bs);
151 return(ret);
152 }
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-10-24 18:16:31 +0000