1 /* $OpenBSD: ssh-dss.c,v 1.49 2023/03/05 05:34:09 dtucker Exp $ */
3 * Copyright (c) 2000 Markus Friedl. All rights reserved.
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
15 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
16 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
17 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
18 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
19 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
20 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
21 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
22 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
23 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
30 #include <sys/types.h>
32 #include <openssl/bn.h>
33 #include <openssl/dsa.h>
34 #include <openssl/evp.h>
42 #define SSHKEY_INTERNAL
45 #include "openbsd-compat/openssl-compat.h"
47 #define INTBLOB_LEN 20
48 #define SIGBLOB_LEN (2*INTBLOB_LEN)
51 ssh_dss_size(const struct sshkey *key)
57 DSA_get0_pqg(key->dsa, &dsa_p, NULL, NULL);
58 return BN_num_bits(dsa_p);
62 ssh_dss_alloc(struct sshkey *k)
64 if ((k->dsa = DSA_new()) == NULL)
65 return SSH_ERR_ALLOC_FAIL;
70 ssh_dss_cleanup(struct sshkey *k)
77 ssh_dss_equal(const struct sshkey *a, const struct sshkey *b)
79 const BIGNUM *dsa_p_a, *dsa_q_a, *dsa_g_a, *dsa_pub_key_a;
80 const BIGNUM *dsa_p_b, *dsa_q_b, *dsa_g_b, *dsa_pub_key_b;
82 if (a->dsa == NULL || b->dsa == NULL)
84 DSA_get0_pqg(a->dsa, &dsa_p_a, &dsa_q_a, &dsa_g_a);
85 DSA_get0_pqg(b->dsa, &dsa_p_b, &dsa_q_b, &dsa_g_b);
86 DSA_get0_key(a->dsa, &dsa_pub_key_a, NULL);
87 DSA_get0_key(b->dsa, &dsa_pub_key_b, NULL);
88 if (dsa_p_a == NULL || dsa_p_b == NULL ||
89 dsa_q_a == NULL || dsa_q_b == NULL ||
90 dsa_g_a == NULL || dsa_g_b == NULL ||
91 dsa_pub_key_a == NULL || dsa_pub_key_b == NULL)
93 if (BN_cmp(dsa_p_a, dsa_p_b) != 0)
95 if (BN_cmp(dsa_q_a, dsa_q_b) != 0)
97 if (BN_cmp(dsa_g_a, dsa_g_b) != 0)
99 if (BN_cmp(dsa_pub_key_a, dsa_pub_key_b) != 0)
105 ssh_dss_serialize_public(const struct sshkey *key, struct sshbuf *b,
106 enum sshkey_serialize_rep opts)
109 const BIGNUM *dsa_p, *dsa_q, *dsa_g, *dsa_pub_key;
111 if (key->dsa == NULL)
112 return SSH_ERR_INVALID_ARGUMENT;
113 DSA_get0_pqg(key->dsa, &dsa_p, &dsa_q, &dsa_g);
114 DSA_get0_key(key->dsa, &dsa_pub_key, NULL);
115 if (dsa_p == NULL || dsa_q == NULL ||
116 dsa_g == NULL || dsa_pub_key == NULL)
117 return SSH_ERR_INTERNAL_ERROR;
118 if ((r = sshbuf_put_bignum2(b, dsa_p)) != 0 ||
119 (r = sshbuf_put_bignum2(b, dsa_q)) != 0 ||
120 (r = sshbuf_put_bignum2(b, dsa_g)) != 0 ||
121 (r = sshbuf_put_bignum2(b, dsa_pub_key)) != 0)
128 ssh_dss_serialize_private(const struct sshkey *key, struct sshbuf *b,
129 enum sshkey_serialize_rep opts)
132 const BIGNUM *dsa_priv_key;
134 DSA_get0_key(key->dsa, NULL, &dsa_priv_key);
135 if (!sshkey_is_cert(key)) {
136 if ((r = ssh_dss_serialize_public(key, b, opts)) != 0)
139 if ((r = sshbuf_put_bignum2(b, dsa_priv_key)) != 0)
146 ssh_dss_generate(struct sshkey *k, int bits)
151 return SSH_ERR_KEY_LENGTH;
152 if ((private = DSA_new()) == NULL)
153 return SSH_ERR_ALLOC_FAIL;
154 if (!DSA_generate_parameters_ex(private, bits, NULL, 0, NULL,
155 NULL, NULL) || !DSA_generate_key(private)) {
157 return SSH_ERR_LIBCRYPTO_ERROR;
164 ssh_dss_copy_public(const struct sshkey *from, struct sshkey *to)
166 const BIGNUM *dsa_p, *dsa_q, *dsa_g, *dsa_pub_key;
167 BIGNUM *dsa_p_dup = NULL, *dsa_q_dup = NULL, *dsa_g_dup = NULL;
168 BIGNUM *dsa_pub_key_dup = NULL;
169 int r = SSH_ERR_INTERNAL_ERROR;
171 DSA_get0_pqg(from->dsa, &dsa_p, &dsa_q, &dsa_g);
172 DSA_get0_key(from->dsa, &dsa_pub_key, NULL);
173 if ((dsa_p_dup = BN_dup(dsa_p)) == NULL ||
174 (dsa_q_dup = BN_dup(dsa_q)) == NULL ||
175 (dsa_g_dup = BN_dup(dsa_g)) == NULL ||
176 (dsa_pub_key_dup = BN_dup(dsa_pub_key)) == NULL) {
177 r = SSH_ERR_ALLOC_FAIL;
180 if (!DSA_set0_pqg(to->dsa, dsa_p_dup, dsa_q_dup, dsa_g_dup)) {
181 r = SSH_ERR_LIBCRYPTO_ERROR;
184 dsa_p_dup = dsa_q_dup = dsa_g_dup = NULL; /* transferred */
185 if (!DSA_set0_key(to->dsa, dsa_pub_key_dup, NULL)) {
186 r = SSH_ERR_LIBCRYPTO_ERROR;
189 dsa_pub_key_dup = NULL; /* transferred */
193 BN_clear_free(dsa_p_dup);
194 BN_clear_free(dsa_q_dup);
195 BN_clear_free(dsa_g_dup);
196 BN_clear_free(dsa_pub_key_dup);
201 ssh_dss_deserialize_public(const char *ktype, struct sshbuf *b,
204 int ret = SSH_ERR_INTERNAL_ERROR;
205 BIGNUM *dsa_p = NULL, *dsa_q = NULL, *dsa_g = NULL, *dsa_pub_key = NULL;
207 if (sshbuf_get_bignum2(b, &dsa_p) != 0 ||
208 sshbuf_get_bignum2(b, &dsa_q) != 0 ||
209 sshbuf_get_bignum2(b, &dsa_g) != 0 ||
210 sshbuf_get_bignum2(b, &dsa_pub_key) != 0) {
211 ret = SSH_ERR_INVALID_FORMAT;
214 if (!DSA_set0_pqg(key->dsa, dsa_p, dsa_q, dsa_g)) {
215 ret = SSH_ERR_LIBCRYPTO_ERROR;
218 dsa_p = dsa_q = dsa_g = NULL; /* transferred */
219 if (!DSA_set0_key(key->dsa, dsa_pub_key, NULL)) {
220 ret = SSH_ERR_LIBCRYPTO_ERROR;
223 dsa_pub_key = NULL; /* transferred */
225 DSA_print_fp(stderr, key->dsa, 8);
230 BN_clear_free(dsa_p);
231 BN_clear_free(dsa_q);
232 BN_clear_free(dsa_g);
233 BN_clear_free(dsa_pub_key);
238 ssh_dss_deserialize_private(const char *ktype, struct sshbuf *b,
242 BIGNUM *dsa_priv_key = NULL;
244 if (!sshkey_is_cert(key)) {
245 if ((r = ssh_dss_deserialize_public(ktype, b, key)) != 0)
249 if ((r = sshbuf_get_bignum2(b, &dsa_priv_key)) != 0)
251 if (!DSA_set0_key(key->dsa, NULL, dsa_priv_key)) {
252 BN_clear_free(dsa_priv_key);
253 return SSH_ERR_LIBCRYPTO_ERROR;
259 ssh_dss_sign(struct sshkey *key,
260 u_char **sigp, size_t *lenp,
261 const u_char *data, size_t datalen,
262 const char *alg, const char *sk_provider, const char *sk_pin, u_int compat)
265 const BIGNUM *sig_r, *sig_s;
266 u_char digest[SSH_DIGEST_MAX_LENGTH], sigblob[SIGBLOB_LEN];
267 size_t rlen, slen, len, dlen = ssh_digest_bytes(SSH_DIGEST_SHA1);
268 struct sshbuf *b = NULL;
269 int ret = SSH_ERR_INVALID_ARGUMENT;
276 if (key == NULL || key->dsa == NULL ||
277 sshkey_type_plain(key->type) != KEY_DSA)
278 return SSH_ERR_INVALID_ARGUMENT;
280 return SSH_ERR_INTERNAL_ERROR;
282 if ((ret = ssh_digest_memory(SSH_DIGEST_SHA1, data, datalen,
283 digest, sizeof(digest))) != 0)
286 if ((sig = DSA_do_sign(digest, dlen, key->dsa)) == NULL) {
287 ret = SSH_ERR_LIBCRYPTO_ERROR;
291 DSA_SIG_get0(sig, &sig_r, &sig_s);
292 rlen = BN_num_bytes(sig_r);
293 slen = BN_num_bytes(sig_s);
294 if (rlen > INTBLOB_LEN || slen > INTBLOB_LEN) {
295 ret = SSH_ERR_INTERNAL_ERROR;
298 explicit_bzero(sigblob, SIGBLOB_LEN);
299 BN_bn2bin(sig_r, sigblob + SIGBLOB_LEN - INTBLOB_LEN - rlen);
300 BN_bn2bin(sig_s, sigblob + SIGBLOB_LEN - slen);
302 if ((b = sshbuf_new()) == NULL) {
303 ret = SSH_ERR_ALLOC_FAIL;
306 if ((ret = sshbuf_put_cstring(b, "ssh-dss")) != 0 ||
307 (ret = sshbuf_put_string(b, sigblob, SIGBLOB_LEN)) != 0)
312 if ((*sigp = malloc(len)) == NULL) {
313 ret = SSH_ERR_ALLOC_FAIL;
316 memcpy(*sigp, sshbuf_ptr(b), len);
322 explicit_bzero(digest, sizeof(digest));
329 ssh_dss_verify(const struct sshkey *key,
330 const u_char *sig, size_t siglen,
331 const u_char *data, size_t dlen, const char *alg, u_int compat,
332 struct sshkey_sig_details **detailsp)
334 DSA_SIG *dsig = NULL;
335 BIGNUM *sig_r = NULL, *sig_s = NULL;
336 u_char digest[SSH_DIGEST_MAX_LENGTH], *sigblob = NULL;
337 size_t len, hlen = ssh_digest_bytes(SSH_DIGEST_SHA1);
338 int ret = SSH_ERR_INTERNAL_ERROR;
339 struct sshbuf *b = NULL;
342 if (key == NULL || key->dsa == NULL ||
343 sshkey_type_plain(key->type) != KEY_DSA ||
344 sig == NULL || siglen == 0)
345 return SSH_ERR_INVALID_ARGUMENT;
347 return SSH_ERR_INTERNAL_ERROR;
349 /* fetch signature */
350 if ((b = sshbuf_from(sig, siglen)) == NULL)
351 return SSH_ERR_ALLOC_FAIL;
352 if (sshbuf_get_cstring(b, &ktype, NULL) != 0 ||
353 sshbuf_get_string(b, &sigblob, &len) != 0) {
354 ret = SSH_ERR_INVALID_FORMAT;
357 if (strcmp("ssh-dss", ktype) != 0) {
358 ret = SSH_ERR_KEY_TYPE_MISMATCH;
361 if (sshbuf_len(b) != 0) {
362 ret = SSH_ERR_UNEXPECTED_TRAILING_DATA;
366 if (len != SIGBLOB_LEN) {
367 ret = SSH_ERR_INVALID_FORMAT;
371 /* parse signature */
372 if ((dsig = DSA_SIG_new()) == NULL ||
373 (sig_r = BN_new()) == NULL ||
374 (sig_s = BN_new()) == NULL) {
375 ret = SSH_ERR_ALLOC_FAIL;
378 if ((BN_bin2bn(sigblob, INTBLOB_LEN, sig_r) == NULL) ||
379 (BN_bin2bn(sigblob + INTBLOB_LEN, INTBLOB_LEN, sig_s) == NULL)) {
380 ret = SSH_ERR_LIBCRYPTO_ERROR;
383 if (!DSA_SIG_set0(dsig, sig_r, sig_s)) {
384 ret = SSH_ERR_LIBCRYPTO_ERROR;
387 sig_r = sig_s = NULL; /* transferred */
390 if ((ret = ssh_digest_memory(SSH_DIGEST_SHA1, data, dlen,
391 digest, sizeof(digest))) != 0)
394 switch (DSA_do_verify(digest, hlen, dsig, key->dsa)) {
399 ret = SSH_ERR_SIGNATURE_INVALID;
402 ret = SSH_ERR_LIBCRYPTO_ERROR;
407 explicit_bzero(digest, sizeof(digest));
409 BN_clear_free(sig_r);
410 BN_clear_free(sig_s);
414 freezero(sigblob, len);
418 static const struct sshkey_impl_funcs sshkey_dss_funcs = {
419 /* .size = */ ssh_dss_size,
420 /* .alloc = */ ssh_dss_alloc,
421 /* .cleanup = */ ssh_dss_cleanup,
422 /* .equal = */ ssh_dss_equal,
423 /* .ssh_serialize_public = */ ssh_dss_serialize_public,
424 /* .ssh_deserialize_public = */ ssh_dss_deserialize_public,
425 /* .ssh_serialize_private = */ ssh_dss_serialize_private,
426 /* .ssh_deserialize_private = */ ssh_dss_deserialize_private,
427 /* .generate = */ ssh_dss_generate,
428 /* .copy_public = */ ssh_dss_copy_public,
429 /* .sign = */ ssh_dss_sign,
430 /* .verify = */ ssh_dss_verify,
433 const struct sshkey_impl sshkey_dss_impl = {
434 /* .name = */ "ssh-dss",
435 /* .shortname = */ "DSA",
436 /* .sigalg = */ NULL,
437 /* .type = */ KEY_DSA,
442 /* .funcs = */ &sshkey_dss_funcs,
445 const struct sshkey_impl sshkey_dsa_cert_impl = {
446 /* .name = */ "ssh-dss-cert-v01@openssh.com",
447 /* .shortname = */ "DSA-CERT",
448 /* .sigalg = */ NULL,
449 /* .type = */ KEY_DSA_CERT,
454 /* .funcs = */ &sshkey_dss_funcs,
456 #endif /* WITH_OPENSSL */
projects / FreeBSD / FreeBSD.git / blob