static int sign_dsa(EVP_PKEY* pkey, keymaster_dsa_sign_params_t* sign_params, const uint8_t* data, const size_t dataLength, uint8_t** signedData, size_t* signedDataLength) { if (sign_params->digest_type != DIGEST_NONE) { ALOGW("Cannot handle digest type %d", sign_params->digest_type); return -1; } Unique_DSA dsa(EVP_PKEY_get1_DSA(pkey)); if (dsa.get() == NULL) { logOpenSSLError("openssl_sign_dsa"); return -1; } unsigned int dsaSize = DSA_size(dsa.get()); UniquePtr<uint8_t, Malloc_Free> signedDataPtr(reinterpret_cast<uint8_t*>(malloc(dsaSize))); if (signedDataPtr.get() == NULL) { logOpenSSLError("openssl_sign_dsa"); return -1; } unsigned char* tmp = reinterpret_cast<unsigned char*>(signedDataPtr.get()); if (DSA_sign(0, data, dataLength, tmp, &dsaSize, dsa.get()) <= 0) { logOpenSSLError("openssl_sign_dsa"); return -1; } *signedDataLength = dsaSize; *signedData = signedDataPtr.release(); return 0; }
int CertificateDialogPrivate::keyLenght( const QSslKey &key ) const { switch( key.algorithm() ) { case QSsl::Dsa: return DSA_size( (DSA*)key.handle() ) * 8; case QSsl::Rsa: return RSA_size( (RSA*)key.handle() ) * 8; } return key.length(); }
int main(int argc, char **argv) { DSA *dsa; unsigned char* input_string; unsigned char* sign_string; unsigned int sig_len; unsigned int i; if ( argc != 2 ) { fprintf(stderr, "%s <plain text>\n", argv[0]); exit(-1); } input_string = (unsigned char*)calloc(strlen(argv[1]) + 1, sizeof(unsigned char)); if ( input_string == NULL ) { fprintf(stderr, "Unable to allocate memory for input_string\n"); exit(-1); } strncpy((char *)input_string, argv[1], strlen(argv[1])); dsa = DSA_generate_parameters(1024, NULL, 0, NULL, NULL, NULL, NULL); DSA_generate_key(dsa); sign_string = (unsigned char *)calloc(DSA_size(dsa), sizeof(unsigned char)); if ( sign_string == NULL ) { fprintf(stderr, "Unable to allocate memory for sign_string\n"); exit(-1); } if ( DSA_sign(0, input_string, strlen((char *)input_string), sign_string, &sig_len, dsa) == 0 ) { fprintf(stderr, "Sign error\n"); exit(-1); } int is_valid_signature = DSA_verify(0, input_string, strlen((char*)input_string), sign_string, sig_len, dsa); DSAparams_print_fp(stdout, dsa); printf("input_string = %s\n", input_string); printf("signed string = "); for ( i = 0; i < sig_len; i++ ) printf("%x%x", (sign_string[i] >> 4) & 0xf, sign_string[i] & 0xf); printf("\n"); printf("is_valid_signature? = %d\n", is_valid_signature); return 0; }
int EVP_PKEY_size(EVP_PKEY *pkey) { if (pkey == NULL) return(0); #ifndef NO_RSA if (pkey->type == EVP_PKEY_RSA) return(RSA_size(pkey->pkey.rsa)); else #endif #ifndef NO_DSA if (pkey->type == EVP_PKEY_DSA) return(DSA_size(pkey->pkey.dsa)); #endif return(0); }
int key_sign(struct key *k, u_char *msg, int mlen, u_char *sig, int slen) { switch (k->type) { case KEY_RSA: if (RSA_size((RSA *)k->data) > slen) { fprintf(stderr, "RSA modulus too large: %d bits\n", RSA_size((RSA *)k->data)); return (-1); } if (RSA_sign(NID_sha1, msg, mlen, sig, &slen, (RSA *)k->data) <= 0) { fprintf(stderr, "RSA signing failed\n"); return (-1); } break; case KEY_DSA: if (DSA_size((DSA *)k->data) > slen) { fprintf(stderr, "DSA signature size too large: " "%d bits\n", DSA_size((DSA *)k->data)); return (-1); } if (DSA_sign(NID_sha1, msg, mlen, sig, &slen, (DSA *)k->data) <= 0) { fprintf(stderr, "DSA signing failed\n"); return (-1); } break; default: fprintf(stderr, "Unknown key type: %d\n", k->type); return (-1); } return (slen); }
bool xr_dsa::verify (public_key_t const & pub_key, u8 const * data, u32 const data_size, shared_str const & dsign) { BN_bin2bn(pub_key.m_value, sizeof(pub_key.m_value), m_dsa->pub_key); BIGNUM* tmp_bn = NULL; BN_hex2bn (&tmp_bn, dsign.c_str()); int sig_size = tmp_bn->top * sizeof(unsigned long); u8* sig_buff = static_cast<u8*>(_alloca(sig_size)); VERIFY (sig_size == DSA_size(m_dsa)); BN_bn2bin (tmp_bn, sig_buff); bool ret = DSA_verify (0, data, data_size, sig_buff, sig_size, m_dsa) == 1 ? true : false; BN_free(tmp_bn); return ret; }
shared_str const xr_dsa::sign (private_key_t const & priv_key, u8 const* data, u32 const data_size) { BN_bin2bn(priv_key.m_value, sizeof(priv_key.m_value), m_dsa->priv_key); unsigned int sign_size = DSA_size(m_dsa); u8* sign_dest = static_cast<u8*>( _alloca(sign_size)); BIGNUM tmp_sign_res_bn; BN_init (&tmp_sign_res_bn); DSA_sign (0, data, data_size, sign_dest, &sign_size, m_dsa); BN_bin2bn (sign_dest, sign_size, &tmp_sign_res_bn); return shared_str(BN_bn2hex(&tmp_sign_res_bn)); }
static int int_dsa_size(const EVP_PKEY *pkey) { return(DSA_size(pkey->pkey.dsa)); }
/** Determine the length of a signatures produced with specified key. * * @param[in] key - The key that will be used for signing. * * @return The length of all signatures generated by this key. */ int SLPCryptoDSASignLen(SLPCryptoDSAKey * key) { return DSA_size(key); }
/* * Sign an assertion. */ static char * keynote_sign_assertion(struct assertion *as, char *sigalg, void *key, int keyalg, int verifyflag) { int slen, i, hashlen = 0, hashtype, alg, encoding, internalenc; unsigned char *sig = NULL, *finalbuf = NULL; unsigned char res2[LARGEST_HASH_SIZE], *sbuf = NULL; BIO *biokey = NULL; DSA *dsa = NULL; RSA *rsa = NULL; SHA_CTX shscontext; MD5_CTX md5context; int len; if (as->as_signature_string_s == NULL || as->as_startofsignature == NULL || as->as_allbutsignature == NULL || as->as_allbutsignature - as->as_startofsignature <= 0 || as->as_authorizer == NULL || key == NULL || as->as_signeralgorithm == KEYNOTE_ALGORITHM_NONE) { keynote_errno = ERROR_SYNTAX; return NULL; } alg = keynote_get_sig_algorithm(sigalg, &hashtype, &encoding, &internalenc); if (((alg != as->as_signeralgorithm) && !((alg == KEYNOTE_ALGORITHM_RSA) && (as->as_signeralgorithm == KEYNOTE_ALGORITHM_X509)) && !((alg == KEYNOTE_ALGORITHM_X509) && (as->as_signeralgorithm == KEYNOTE_ALGORITHM_RSA))) || ((alg != keyalg) && !((alg == KEYNOTE_ALGORITHM_RSA) && (keyalg == KEYNOTE_ALGORITHM_X509)) && !((alg == KEYNOTE_ALGORITHM_X509) && (keyalg == KEYNOTE_ALGORITHM_RSA)))) { keynote_errno = ERROR_SYNTAX; return NULL; } sig = strchr(sigalg, ':'); if (sig == NULL) { keynote_errno = ERROR_SYNTAX; return NULL; } sig++; switch (hashtype) { case KEYNOTE_HASH_SHA1: hashlen = 20; memset(res2, 0, hashlen); SHA1_Init(&shscontext); SHA1_Update(&shscontext, as->as_startofsignature, as->as_allbutsignature - as->as_startofsignature); SHA1_Update(&shscontext, sigalg, (char *) sig - sigalg); SHA1_Final(res2, &shscontext); break; case KEYNOTE_HASH_MD5: hashlen = 16; memset(res2, 0, hashlen); MD5_Init(&md5context); MD5_Update(&md5context, as->as_startofsignature, as->as_allbutsignature - as->as_startofsignature); MD5_Update(&md5context, sigalg, (char *) sig - sigalg); MD5_Final(res2, &md5context); break; case KEYNOTE_HASH_NONE: break; } if ((alg == KEYNOTE_ALGORITHM_DSA) && (hashtype == KEYNOTE_HASH_SHA1) && (internalenc == INTERNAL_ENC_ASN1) && ((encoding == ENCODING_HEX) || (encoding == ENCODING_BASE64))) { dsa = (DSA *) key; sbuf = calloc(DSA_size(dsa), sizeof(unsigned char)); if (sbuf == NULL) { keynote_errno = ERROR_MEMORY; return NULL; } if (DSA_sign(0, res2, hashlen, sbuf, &slen, dsa) <= 0) { free(sbuf); keynote_errno = ERROR_SYNTAX; return NULL; } } else if ((alg == KEYNOTE_ALGORITHM_RSA) && ((hashtype == KEYNOTE_HASH_SHA1) || (hashtype == KEYNOTE_HASH_MD5)) && (internalenc == INTERNAL_ENC_PKCS1) && ((encoding == ENCODING_HEX) || (encoding == ENCODING_BASE64))) { rsa = (RSA *) key; sbuf = calloc(RSA_size(rsa), sizeof(unsigned char)); if (sbuf == NULL) { keynote_errno = ERROR_MEMORY; return NULL; } if (RSA_sign_ASN1_OCTET_STRING(RSA_PKCS1_PADDING, res2, hashlen, sbuf, &slen, rsa) <= 0) { free(sbuf); keynote_errno = ERROR_SYNTAX; return NULL; } } else if ((alg == KEYNOTE_ALGORITHM_X509) && (hashtype == KEYNOTE_HASH_SHA1) && (internalenc == INTERNAL_ENC_ASN1)) { if ((biokey = BIO_new(BIO_s_mem())) == NULL) { keynote_errno = ERROR_SYNTAX; return NULL; } if (BIO_write(biokey, key, strlen(key) + 1) <= 0) { BIO_free(biokey); keynote_errno = ERROR_SYNTAX; return NULL; } /* RSA-specific */ rsa = (RSA *) PEM_read_bio_RSAPrivateKey(biokey, NULL, NULL, NULL); if (rsa == NULL) { BIO_free(biokey); keynote_errno = ERROR_SYNTAX; return NULL; } sbuf = calloc(RSA_size(rsa), sizeof(char)); if (sbuf == NULL) { BIO_free(biokey); RSA_free(rsa); keynote_errno = ERROR_MEMORY; return NULL; } if (RSA_sign(NID_shaWithRSAEncryption, res2, hashlen, sbuf, &slen, rsa) <= 0) { BIO_free(biokey); RSA_free(rsa); free(sbuf); keynote_errno = ERROR_SIGN_FAILURE; return NULL; } BIO_free(biokey); RSA_free(rsa); } else /* Other algorithms here */ { keynote_errno = ERROR_SYNTAX; return NULL; } /* ASCII encoding */ switch (encoding) { case ENCODING_HEX: i = kn_encode_hex(sbuf, (char **) &finalbuf, slen); free(sbuf); if (i != 0) return NULL; break; case ENCODING_BASE64: finalbuf = calloc(2 * slen, sizeof(unsigned char)); if (finalbuf == NULL) { keynote_errno = ERROR_MEMORY; free(sbuf); return NULL; } if ((slen = kn_encode_base64(sbuf, slen, finalbuf, 2 * slen)) == -1) { free(sbuf); return NULL; } break; default: free(sbuf); keynote_errno = ERROR_SYNTAX; return NULL; } /* Replace as->as_signature */ len = strlen(sigalg) + strlen(finalbuf) + 1; as->as_signature = calloc(len, sizeof(char)); if (as->as_signature == NULL) { free(finalbuf); keynote_errno = ERROR_MEMORY; return NULL; } /* Concatenate algorithm name and signature value */ snprintf(as->as_signature, len, "%s%s", sigalg, finalbuf); free(finalbuf); finalbuf = as->as_signature; /* Verify the newly-created signature if requested */ if (verifyflag) { /* Do the signature verification */ if (keynote_sigverify_assertion(as) != SIGRESULT_TRUE) { as->as_signature = NULL; free(finalbuf); if (keynote_errno == 0) keynote_errno = ERROR_SYNTAX; return NULL; } as->as_signature = NULL; } else as->as_signature = NULL; /* Everything ok */ return (char *) finalbuf; }
inline size_t dsa_key::size() const { return DSA_size(ptr().get()); }
void xr_dsa::generate_params() { int counter; unsigned long long_ret; string256 random_string; xr_sprintf (random_string, "%I64d_%s", CPU::QPC(), rnd_seed); //sprintf_s (random_string, "%s", rnd_seed); unsigned char* rnd_seed = static_cast<unsigned char*>((void*)random_string); unsigned int rnd_ssize = xr_strlen(random_string); DSA* tmp_dsa_params = DSA_generate_parameters( key_bit_length, rnd_seed, rnd_ssize, &counter, &long_ret, dsa_genparams_cb, NULL ); DSA_generate_key (tmp_dsa_params); VERIFY (tmp_dsa_params->p->top * sizeof(u32) == public_key_length); VERIFY (tmp_dsa_params->q->top * sizeof(u32) == private_key_length); VERIFY (tmp_dsa_params->g->top * sizeof(u32) == public_key_length); VERIFY (tmp_dsa_params->pub_key->top * sizeof(u32) == public_key_length); VERIFY (tmp_dsa_params->priv_key->top * sizeof(u32)== private_key_length); Msg("// DSA params "); Msg("u8 const p_number[crypto::xr_dsa::public_key_length] = {"); print_big_number (tmp_dsa_params->p); Msg("};//p_number"); Msg("u8 const q_number[crypto::xr_dsa::private_key_length] = {"); print_big_number (tmp_dsa_params->q); Msg("};//q_number"); Msg("u8 const g_number[crypto::xr_dsa::public_key_length] = {"); print_big_number (tmp_dsa_params->g); Msg("};//g_number"); Msg("u8 const public_key[crypto::xr_dsa::public_key_length] = {"); print_big_number (tmp_dsa_params->pub_key); Msg("};//public_key"); u8 priv_bin[private_key_length]; BN_bn2bin (tmp_dsa_params->priv_key, priv_bin); Msg("// Private key:"); for (int i = 0; i < private_key_length; ++i) { Msg(" m_private_key.m_value[%d] = 0x%02x;", i, priv_bin[i]); } u8 debug_digest[] = "this is a test"; u8 debug_bad_digest[] = "this as a test"; u32 siglen = DSA_size(tmp_dsa_params); u8* sig = static_cast<u8*>(_alloca(siglen)); BIGNUM bn_sign; BN_init (&bn_sign); VERIFY (DSA_sign(0, debug_digest, sizeof(debug_digest), sig, &siglen, tmp_dsa_params) == 1); BN_bin2bn (sig, siglen, &bn_sign); shared_str sig_str = BN_bn2hex(&bn_sign); BIGNUM* bn_rsing = NULL; ZeroMemory (sig, siglen); BN_hex2bn (&bn_rsing, sig_str.c_str()); BN_bn2bin (bn_rsing, sig); BN_free (bn_rsing); VERIFY (DSA_verify(0, debug_digest, sizeof(debug_digest), sig, siglen, tmp_dsa_params) == 1); VERIFY (DSA_verify(0, debug_bad_digest, sizeof(debug_bad_digest), sig, siglen, tmp_dsa_params) == 0); DSA_free(tmp_dsa_params); }
int32_t CryptoNative_DsaSizeSignature(DSA* dsa) { return DSA_size(dsa); }