static int dsa_compat_test(void) { dsa_key key; unsigned char tmp[1024]; unsigned long x; DO(dsa_import(openssl_priv_dsa, sizeof(openssl_priv_dsa), &key)); x = sizeof(tmp); DO(dsa_export(tmp, &x, PK_PRIVATE | PK_STD, &key)); DO((x == sizeof(openssl_priv_dsa))?CRYPT_OK:CRYPT_ERROR); DO((memcmp(tmp, openssl_priv_dsa, sizeof(openssl_priv_dsa)) == 0)?CRYPT_OK:CRYPT_ERROR); x = sizeof(tmp); DO(dsa_export(tmp, &x, PK_PUBLIC | PK_STD, &key)); DO((x == sizeof(openssl_pub_dsa))?CRYPT_OK:CRYPT_ERROR); DO((memcmp(tmp, openssl_pub_dsa, sizeof(openssl_pub_dsa)) == 0)?CRYPT_OK:CRYPT_ERROR); dsa_free(&key); DO(dsa_import(openssl_pub_dsa, sizeof(openssl_pub_dsa), &key)); x = sizeof(tmp); DO(dsa_export(tmp, &x, PK_PUBLIC | PK_STD, &key)); DO((x == sizeof(openssl_pub_dsa))?CRYPT_OK:CRYPT_ERROR); DO((memcmp(tmp, openssl_pub_dsa, sizeof(openssl_pub_dsa)) == 0)?CRYPT_OK:CRYPT_ERROR); dsa_free(&key); return 0; }
int dsa_test(void) { unsigned char msg[16], out[1024], out2[1024]; unsigned long x; int stat1, stat2; dsa_key key, key2; /* make a random key */ DO(dsa_make_key(&yarrow_prng, find_prng("yarrow"), 20, 128, &key)); /* verify it */ DO(dsa_verify_key(&key, &stat1)); if (stat1 == 0) { fprintf(stderr, "dsa_verify_key "); return 1; } /* sign the message */ x = sizeof(out); DO(dsa_sign_hash(msg, sizeof(msg), out, &x, &yarrow_prng, find_prng("yarrow"), &key)); /* verify it once */ DO(dsa_verify_hash(out, x, msg, sizeof(msg), &stat1, &key)); /* Modify and verify again */ msg[0] ^= 1; DO(dsa_verify_hash(out, x, msg, sizeof(msg), &stat2, &key)); msg[0] ^= 1; if (!(stat1 == 1 && stat2 == 0)) { fprintf(stderr, "dsa_verify %d %d", stat1, stat2); return 1; } /* test exporting it */ x = sizeof(out2); DO(dsa_export(out2, &x, PK_PRIVATE, &key)); DO(dsa_import(out2, x, &key2)); /* verify a signature with it */ DO(dsa_verify_hash(out, x, msg, sizeof(msg), &stat1, &key2)); if (stat1 == 0) { fprintf(stderr, "dsa_verify (import private) %d ", stat1); return 1; } dsa_free(&key2); /* export as public now */ x = sizeof(out2); DO(dsa_export(out2, &x, PK_PUBLIC, &key)); DO(dsa_import(out2, x, &key2)); /* verify a signature with it */ DO(dsa_verify_hash(out, x, msg, sizeof(msg), &stat1, &key2)); if (stat1 == 0) { fprintf(stderr, "dsa_verify (import public) %d ", stat1); return 1; } dsa_free(&key2); dsa_free(&key); return 0; }
/** Generate DSA parameters p, q & g @param prng An active PRNG state @param wprng The index of the PRNG desired @param group_size Size of the multiplicative group (octets) @param modulus_size Size of the modulus (octets) @param key [out] Where to store the created key @return CRYPT_OK if successful. */ int dsa_generate_pqg(prng_state *prng, int wprng, int group_size, int modulus_size, dsa_key *key) { int err; LTC_ARGCHK(key != NULL); LTC_ARGCHK(ltc_mp.name != NULL); /* init mp_ints */ if ((err = mp_init_multi(&key->p, &key->g, &key->q, &key->x, &key->y, NULL)) != CRYPT_OK) { return err; } /* generate params */ err = _dsa_make_params(prng, wprng, group_size, modulus_size, key->p, key->q, key->g); if (err != CRYPT_OK) { goto cleanup; } key->qord = group_size; return CRYPT_OK; cleanup: dsa_free(key); return err; }
ALWAYS_INLINE void FinalizeAsymmetricCipher( JS::HandleObject obj, bool wipe ) { AsymmetricCipherPrivate *pv = (AsymmetricCipherPrivate*)JL_GetPrivate(obj); if ( pv ) { if ( pv->hasKey ) { switch ( pv->cipher ) { case rsa: rsa_free( &pv->key.rsaKey ); break; case ecc: ecc_free( &pv->key.eccKey ); break; case dsa: dsa_free( &pv->key.dsaKey ); break; #ifdef MKAT case katja: katja_free( &pv->key.katjaKey ); break; #endif } } if ( wipe ) zeromem(pv, sizeof(AsymmetricCipherPrivate)); jl_free(pv); } }
/** Import DSA public or private key-part from raw numbers NB: The p, q & g parts must be set beforehand @param in The key-part to import, either public or private. @param inlen The key-part's length @param type Which type of key (PK_PRIVATE or PK_PUBLIC) @param key [out] the destination for the imported key @return CRYPT_OK if successful. */ int dsa_set_key(const unsigned char *in, unsigned long inlen, int type, dsa_key *key) { int err, stat = 0; LTC_ARGCHK(key != NULL); LTC_ARGCHK(key->x != NULL); LTC_ARGCHK(key->y != NULL); LTC_ARGCHK(key->p != NULL); LTC_ARGCHK(key->g != NULL); LTC_ARGCHK(key->q != NULL); LTC_ARGCHK(ltc_mp.name != NULL); if (type == PK_PRIVATE) { key->type = PK_PRIVATE; if ((err = mp_read_unsigned_bin(key->x, (unsigned char *)in, inlen)) != CRYPT_OK) { goto LBL_ERR; } if ((err = mp_exptmod(key->g, key->x, key->p, key->y)) != CRYPT_OK) { goto LBL_ERR; } } else { key->type = PK_PUBLIC; if ((err = mp_read_unsigned_bin(key->y, (unsigned char *)in, inlen)) != CRYPT_OK) { goto LBL_ERR; } } if ((err = dsa_int_validate_xy(key, &stat)) != CRYPT_OK) { goto LBL_ERR; } if (stat == 0) { err = CRYPT_INVALID_PACKET; goto LBL_ERR; } return CRYPT_OK; LBL_ERR: dsa_free(key); return err; }
/** Import DSA's p, q & g from dsaparam dsaparam data: openssl dsaparam -outform DER -out dsaparam.der 2048 @param dsaparam The DSA param DER encoded data @param dsaparamlen The length of dhparam data @param key [out] the destination for the imported key @return CRYPT_OK if successful. */ int dsa_set_pqg_dsaparam(const unsigned char *dsaparam, unsigned long dsaparamlen, dsa_key *key) { int err, stat; LTC_ARGCHK(dsaparam != NULL); LTC_ARGCHK(key != NULL); LTC_ARGCHK(ltc_mp.name != NULL); /* init key */ err = mp_init_multi(&key->p, &key->g, &key->q, &key->x, &key->y, NULL); if (err != CRYPT_OK) return err; if ((err = der_decode_sequence_multi(dsaparam, dsaparamlen, LTC_ASN1_INTEGER, 1UL, key->p, LTC_ASN1_INTEGER, 1UL, key->q, LTC_ASN1_INTEGER, 1UL, key->g, LTC_ASN1_EOL, 0UL, NULL)) != CRYPT_OK) { goto LBL_ERR; } key->qord = mp_unsigned_bin_size(key->q); /* quick p, q, g validation, without primality testing */ if ((err = dsa_int_validate_pqg(key, &stat)) != CRYPT_OK) { goto LBL_ERR; } if (stat == 0) { err = CRYPT_INVALID_PACKET; goto LBL_ERR; } return CRYPT_OK; LBL_ERR: dsa_free(key); return err; }
/** Import DSA's p, q & g from raw numbers @param p DSA's p in binary representation @param plen The length of p @param q DSA's q in binary representation @param qlen The length of q @param g DSA's g in binary representation @param glen The length of g @param key [out] the destination for the imported key @return CRYPT_OK if successful. */ int dsa_set_pqg(const unsigned char *p, unsigned long plen, const unsigned char *q, unsigned long qlen, const unsigned char *g, unsigned long glen, dsa_key *key) { int err, stat; LTC_ARGCHK(p != NULL); LTC_ARGCHK(q != NULL); LTC_ARGCHK(g != NULL); LTC_ARGCHK(key != NULL); LTC_ARGCHK(ltc_mp.name != NULL); /* init key */ err = mp_init_multi(&key->p, &key->g, &key->q, &key->x, &key->y, NULL); if (err != CRYPT_OK) return err; if ((err = mp_read_unsigned_bin(key->p, (unsigned char *)p , plen)) != CRYPT_OK) { goto LBL_ERR; } if ((err = mp_read_unsigned_bin(key->g, (unsigned char *)g , glen)) != CRYPT_OK) { goto LBL_ERR; } if ((err = mp_read_unsigned_bin(key->q, (unsigned char *)q , qlen)) != CRYPT_OK) { goto LBL_ERR; } key->qord = mp_unsigned_bin_size(key->q); /* do only a quick validation, without primality testing */ if ((err = dsa_int_validate_pqg(key, &stat)) != CRYPT_OK) { goto LBL_ERR; } if (stat == 0) { err = CRYPT_INVALID_PACKET; goto LBL_ERR; } return CRYPT_OK; LBL_ERR: dsa_free(key); return err; }
struct iked_dsa * dsa_new(uint16_t id, struct iked_hash *prf, int sign) { struct iked_dsa *dsap = NULL, dsa; bzero(&dsa, sizeof(dsa)); switch (id) { case IKEV2_AUTH_SIG: if (sign) dsa.dsa_priv = EVP_sha256(); /* XXX should be passed */ else dsa.dsa_priv = NULL; /* set later by dsa_init() */ break; case IKEV2_AUTH_RSA_SIG: /* RFC5996 says we SHOULD use SHA1 here */ dsa.dsa_priv = EVP_sha1(); break; case IKEV2_AUTH_SHARED_KEY_MIC: if (prf == NULL || prf->hash_priv == NULL) fatalx("dsa_new: invalid PRF"); dsa.dsa_priv = prf->hash_priv; dsa.dsa_hmac = 1; break; case IKEV2_AUTH_DSS_SIG: dsa.dsa_priv = EVP_dss1(); break; case IKEV2_AUTH_ECDSA_256: dsa.dsa_priv = EVP_sha256(); break; case IKEV2_AUTH_ECDSA_384: dsa.dsa_priv = EVP_sha384(); break; case IKEV2_AUTH_ECDSA_512: dsa.dsa_priv = EVP_sha512(); break; default: log_debug("%s: auth method %s not supported", __func__, print_map(id, ikev2_auth_map)); break; } if ((dsap = calloc(1, sizeof(*dsap))) == NULL) { log_debug("%s: alloc dsa ctx", __func__); return (NULL); } memcpy(dsap, &dsa, sizeof(*dsap)); dsap->dsa_method = id; dsap->dsa_sign = sign; if (dsap->dsa_hmac) { if ((dsap->dsa_ctx = calloc(1, sizeof(HMAC_CTX))) == NULL) { log_debug("%s: alloc hash ctx", __func__); dsa_free(dsap); return (NULL); } HMAC_CTX_init((HMAC_CTX *)dsap->dsa_ctx); } else { if ((dsap->dsa_ctx = EVP_MD_CTX_create()) == NULL) { log_debug("%s: alloc digest ctx", __func__); dsa_free(dsap); return (NULL); } } return (dsap); }
int dsa_test(void) { unsigned char msg[16], out[1024], out2[1024]; unsigned long x, y; int stat1, stat2; dsa_key key, key2; /* make a random key */ DO(dsa_make_key(&yarrow_prng, find_prng("yarrow"), 20, 128, &key)); /* verify it */ DO(dsa_verify_key(&key, &stat1)); if (stat1 == 0) { fprintf(stderr, "dsa_verify_key "); return 1; } /* encrypt a message */ for (x = 0; x < 16; x++) { msg[x] = x; } x = sizeof(out); DO(dsa_encrypt_key(msg, 16, out, &x, &yarrow_prng, find_prng("yarrow"), find_hash("sha1"), &key)); /* decrypt */ y = sizeof(out2); DO(dsa_decrypt_key(out, x, out2, &y, &key)); if (y != 16 || memcmp(out2, msg, 16)) { fprintf(stderr, "dsa_decrypt failed, y == %lu\n", y); return 1; } /* sign the message */ x = sizeof(out); DO(dsa_sign_hash(msg, sizeof(msg), out, &x, &yarrow_prng, find_prng("yarrow"), &key)); /* verify it once */ DO(dsa_verify_hash(out, x, msg, sizeof(msg), &stat1, &key)); /* Modify and verify again */ msg[0] ^= 1; DO(dsa_verify_hash(out, x, msg, sizeof(msg), &stat2, &key)); msg[0] ^= 1; if (!(stat1 == 1 && stat2 == 0)) { fprintf(stderr, "dsa_verify %d %d", stat1, stat2); return 1; } /* test exporting it */ x = sizeof(out2); DO(dsa_export(out2, &x, PK_PRIVATE, &key)); DO(dsa_import(out2, x, &key2)); /* verify a signature with it */ DO(dsa_verify_hash(out, x, msg, sizeof(msg), &stat1, &key2)); if (stat1 == 0) { fprintf(stderr, "dsa_verify (import private) %d ", stat1); return 1; } dsa_free(&key2); /* export as public now */ x = sizeof(out2); DO(dsa_export(out2, &x, PK_PUBLIC, &key)); DO(dsa_import(out2, x, &key2)); /* verify a signature with it */ DO(dsa_verify_hash(out, x, msg, sizeof(msg), &stat1, &key2)); if (stat1 == 0) { fprintf(stderr, "dsa_verify (import public) %d ", stat1); return 1; } dsa_free(&key2); dsa_free(&key); return 0; }
int ikev2_msg_authsign(struct iked *env, struct iked_sa *sa, struct iked_auth *auth, struct ibuf *authmsg) { uint8_t *key, *psk = NULL; ssize_t keylen; struct iked_hash *prf = sa->sa_prf; struct iked_id *id; struct iked_dsa *dsa = NULL; struct ibuf *buf; int ret = -1; uint8_t keytype; if (sa->sa_hdr.sh_initiator) id = &sa->sa_icert; else id = &sa->sa_rcert; if ((dsa = dsa_sign_new(auth->auth_method, prf)) == NULL) { log_debug("%s: invalid auth method", __func__); return (-1); } switch (auth->auth_method) { case IKEV2_AUTH_SHARED_KEY_MIC: if (!auth->auth_length) { log_debug("%s: no pre-shared key found", __func__); goto done; } if ((keylen = ikev2_psk(sa, auth->auth_data, auth->auth_length, &psk)) == -1) { log_debug("%s: failed to get PSK", __func__); goto done; } key = psk; keytype = 0; break; default: if (id == NULL) { log_debug("%s: no cert found", __func__); goto done; } key = ibuf_data(id->id_buf); keylen = ibuf_size(id->id_buf); keytype = id->id_type; break; } if (dsa_setkey(dsa, key, keylen, keytype) == NULL || dsa_init(dsa, NULL, 0) != 0 || dsa_update(dsa, ibuf_data(authmsg), ibuf_size(authmsg))) { log_debug("%s: failed to compute digital signature", __func__); goto done; } ibuf_release(sa->sa_localauth.id_buf); sa->sa_localauth.id_buf = NULL; if ((buf = ibuf_new(NULL, dsa_length(dsa))) == NULL) { log_debug("%s: failed to get auth buffer", __func__); goto done; } if ((ret = dsa_sign_final(dsa, ibuf_data(buf), ibuf_size(buf))) == -1) { log_debug("%s: failed to create auth signature", __func__); ibuf_release(buf); goto done; } sa->sa_localauth.id_type = auth->auth_method; sa->sa_localauth.id_buf = buf; ret = 0; done: free(psk); dsa_free(dsa); return (ret); }
int ikev2_msg_authverify(struct iked *env, struct iked_sa *sa, struct iked_auth *auth, uint8_t *buf, size_t len, struct ibuf *authmsg) { uint8_t *key, *psk = NULL; ssize_t keylen; struct iked_id *id; struct iked_dsa *dsa = NULL; int ret = -1; uint8_t keytype; if (sa->sa_hdr.sh_initiator) id = &sa->sa_rcert; else id = &sa->sa_icert; if ((dsa = dsa_verify_new(auth->auth_method, sa->sa_prf)) == NULL) { log_debug("%s: invalid auth method", __func__); return (-1); } switch (auth->auth_method) { case IKEV2_AUTH_SHARED_KEY_MIC: if (!auth->auth_length) { log_debug("%s: no pre-shared key found", __func__); goto done; } if ((keylen = ikev2_psk(sa, auth->auth_data, auth->auth_length, &psk)) == -1) { log_debug("%s: failed to get PSK", __func__); goto done; } key = psk; keytype = 0; break; default: if (!id->id_type || !ibuf_length(id->id_buf)) { log_debug("%s: no cert found", __func__); goto done; } key = ibuf_data(id->id_buf); keylen = ibuf_size(id->id_buf); keytype = id->id_type; break; } log_debug("%s: method %s keylen %zd type %s", __func__, print_map(auth->auth_method, ikev2_auth_map), keylen, print_map(id->id_type, ikev2_cert_map)); if (dsa_setkey(dsa, key, keylen, keytype) == NULL || dsa_init(dsa, buf, len) != 0 || dsa_update(dsa, ibuf_data(authmsg), ibuf_size(authmsg))) { log_debug("%s: failed to compute digital signature", __func__); goto done; } if ((ret = dsa_verify_final(dsa, buf, len)) == 0) { log_debug("%s: authentication successful", __func__); sa_state(env, sa, IKEV2_STATE_AUTH_SUCCESS); sa_stateflags(sa, IKED_REQ_AUTHVALID); } else { log_debug("%s: authentication failed", __func__); sa_state(env, sa, IKEV2_STATE_AUTH_REQUEST); } done: free(psk); dsa_free(dsa); return (ret); }