/* DSA sign and verify */
static DSA_SIG * surewarehk_dsa_do_sign(const unsigned char *from, int flen, DSA *dsa)
{
int ret=0;
char *hptr=NULL;
DSA_SIG *psign=NULL;
char msg[64]="ENGINE_dsa_do_sign";
if (!p_surewarehk_Dsa_Sign)
{
SUREWAREerr(SUREWARE_F_SUREWAREHK_DSA_DO_SIGN,ENGINE_R_NOT_INITIALISED);
goto err;
}
/* extract ref to private key */
else if (!(hptr=DSA_get_ex_data(dsa, dsaHndidx)))
{
SUREWAREerr(SUREWARE_F_SUREWAREHK_DSA_DO_SIGN,SUREWARE_R_MISSING_KEY_COMPONENTS);
goto err;
}
else
{
if((psign = DSA_SIG_new()) == NULL)
{
SUREWAREerr(SUREWARE_F_SUREWAREHK_DSA_DO_SIGN,ERR_R_MALLOC_FAILURE);
goto err;
}
psign->r=BN_new();
psign->s=BN_new();
bn_expand2(psign->r, 20/sizeof(BN_ULONG));
bn_expand2(psign->s, 20/sizeof(BN_ULONG));
if (!psign->r || psign->r->dmax!=20/sizeof(BN_ULONG) ||
!psign->s || psign->s->dmax!=20/sizeof(BN_ULONG))
goto err;
ret=p_surewarehk_Dsa_Sign(msg,flen,from,
(unsigned long *)psign->r->d,
(unsigned long *)psign->s->d,
hptr);
surewarehk_error_handling(msg,SUREWARE_F_SUREWAREHK_DSA_DO_SIGN,ret);
}
psign->r->top=20/sizeof(BN_ULONG);
bn_fix_top(psign->r);
psign->s->top=20/sizeof(BN_ULONG);
bn_fix_top(psign->s);
err:
if (psign)
{
DSA_SIG_free(psign);
psign=NULL;
}
return psign;
}
/* returns
* 1: correct signature
* 0: incorrect signature
* -1: error
*/
int DSA_verify(int type, const unsigned char *dgst, int dgst_len,
const unsigned char *sigbuf, int siglen, DSA *dsa)
{
DSA_SIG *s;
int ret=-1;
s = DSA_SIG_new();
if (s == NULL) return(ret);
if (d2i_DSA_SIG(&s,&sigbuf,siglen) == NULL) goto err;
ret=DSA_do_verify(dgst,dgst_len,s,dsa);
err:
DSA_SIG_free(s);
return(ret);
}
static int pkey_gost94_cp_verify(EVP_PKEY_CTX *ctx, const unsigned char *sig,
size_t siglen, const unsigned char *tbs,
size_t tbs_len)
{
int ok = 0;
EVP_PKEY *pub_key = EVP_PKEY_CTX_get0_pkey(ctx);
DSA_SIG *s = unpack_cp_signature(sig, siglen);
if (!s)
return 0;
if (pub_key)
ok = gost_do_verify(tbs, tbs_len, s, EVP_PKEY_get0(pub_key));
DSA_SIG_free(s);
return ok;
}
ops_boolean_t ops_dsa_verify(const unsigned char *hash,size_t hash_length,
const ops_dsa_signature_t *sig,
const ops_dsa_public_key_t *dsa)
{
DSA_SIG *osig;
DSA *odsa;
int ret;
osig=DSA_SIG_new();
osig->r=sig->r;
osig->s=sig->s;
odsa=DSA_new();
odsa->p=dsa->p;
odsa->q=dsa->q;
odsa->g=dsa->g;
odsa->pub_key=dsa->y;
if (debug)
{
fprintf(stderr,"hash passed in:\n");
unsigned i;
for (i=0; i<hash_length; i++)
{
fprintf(stderr,"%02x ", hash[i]);
}
fprintf(stderr,"\n");
}
//printf("hash_length=%ld\n", hash_length);
//printf("Q=%d\n", BN_num_bytes(odsa->q));
unsigned int qlen=BN_num_bytes(odsa->q);
if (qlen < hash_length)
hash_length=qlen;
// ret=DSA_do_verify(hash,hash_length,osig,odsa);
ret=DSA_do_verify(hash,hash_length,osig,odsa);
if (debug)
{
fprintf(stderr,"ret=%d\n",ret);
}
assert(ret >= 0);
odsa->p=odsa->q=odsa->g=odsa->pub_key=NULL;
DSA_free(odsa);
osig->r=osig->s=NULL;
DSA_SIG_free(osig);
return ret != 0;
}
static int
xmlSecOpenSSLDsaSha1EvpSign(int type ATTRIBUTE_UNUSED,
const unsigned char *dgst, unsigned int dlen,
unsigned char *sig, unsigned int *siglen, void *dsa) {
DSA_SIG *s;
int rSize, sSize;
s = DSA_do_sign(dgst, dlen, dsa);
if(s == NULL) {
*siglen=0;
return(0);
}
rSize = BN_num_bytes(s->r);
sSize = BN_num_bytes(s->s);
if((rSize > (XMLSEC_OPENSSL_DSA_SIGNATURE_SIZE / 2)) ||
(sSize > (XMLSEC_OPENSSL_DSA_SIGNATURE_SIZE / 2))) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
NULL,
XMLSEC_ERRORS_R_INVALID_SIZE,
"size(r)=%d or size(s)=%d > %d",
rSize, sSize, XMLSEC_OPENSSL_DSA_SIGNATURE_SIZE / 2);
DSA_SIG_free(s);
return(0);
}
memset(sig, 0, XMLSEC_OPENSSL_DSA_SIGNATURE_SIZE);
BN_bn2bin(s->r, sig + (XMLSEC_OPENSSL_DSA_SIGNATURE_SIZE / 2) - rSize);
BN_bn2bin(s->s, sig + XMLSEC_OPENSSL_DSA_SIGNATURE_SIZE - sSize);
*siglen = XMLSEC_OPENSSL_DSA_SIGNATURE_SIZE;
DSA_SIG_free(s);
return(1);
}
int DSA_sign(int type, const unsigned char *dgst, int dlen, unsigned char *sig,
unsigned int *siglen, DSA *dsa)
{
DSA_SIG *s;
RAND_seed(dgst, dlen);
s=DSA_do_sign(dgst,dlen,dsa);
if (s == NULL)
{
*siglen=0;
return(0);
}
*siglen=i2d_DSA_SIG(s,&sig);
DSA_SIG_free(s);
return(1);
}
int HsOpenSSL_dsa_verify(DSA *dsa, const unsigned char *ddata, int dlen,
const BIGNUM *r, const BIGNUM *s) {
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
DSA_SIG* sig = DSA_SIG_new();
DSA_SIG_set0(sig, BN_dup(r), BN_dup(s));
int res = DSA_do_verify(ddata, dlen, sig, dsa);
DSA_SIG_free(sig);
return res;
#else
DSA_SIG sig;
sig.r = (BIGNUM *)r;
sig.s = (BIGNUM *)s;
return dsa->meth->dsa_do_verify(ddata, dlen, &sig, dsa);
#endif
}
DSA_SIG *DSA_SIG_parse(CBS *cbs) {
DSA_SIG *ret = DSA_SIG_new();
if (ret == NULL) {
return NULL;
}
CBS child;
if (!CBS_get_asn1(cbs, &child, CBS_ASN1_SEQUENCE) ||
!parse_integer(&child, &ret->r) ||
!parse_integer(&child, &ret->s) ||
CBS_len(&child) != 0) {
OPENSSL_PUT_ERROR(DSA, DSA_R_DECODE_ERROR);
DSA_SIG_free(ret);
return NULL;
}
return ret;
}
static void pgpFreeSigDSA(pgpDigAlg pgpsig)
{
struct pgpDigSigDSA_s *sig = pgpsig->data;
if (sig) {
if (sig->dsa_sig) {
DSA_SIG_free(sig->dsa_sig);
} else {
/* If sig->dsa_sig was constructed,
* the memory management of these BNs
* are freed with it. */
BN_clear_free(sig->r);
BN_clear_free(sig->s);
}
free(pgpsig->data);
}
}
DSA_SIG *d2i_DSA_SIG(DSA_SIG **out_sig, const uint8_t **inp, long len) {
if (len < 0) {
return NULL;
}
CBS cbs;
CBS_init(&cbs, *inp, (size_t)len);
DSA_SIG *ret = DSA_SIG_parse(&cbs);
if (ret == NULL) {
return NULL;
}
if (out_sig != NULL) {
DSA_SIG_free(*out_sig);
*out_sig = ret;
}
*inp = CBS_data(&cbs);
return ret;
}
static void check_license_signature(license_raw *lptr)
{
unsigned char message_digest[SHA_DIGEST_LENGTH];
SHA_CTX sha_ctx;
DSA *dsa = DSA_new();
SHA1_Init(&sha_ctx);
SHA1_Update(&sha_ctx, lptr, sizeof(*lptr) - sizeof(lptr->dsa_signature));
SHA1_Final(message_digest, &sha_ctx);
dsa->p = BN_bin2bn(dsa_p, sizeof(dsa_p), NULL);
dsa->q = BN_bin2bn(dsa_q, sizeof(dsa_q), NULL);
dsa->g = BN_bin2bn(dsa_g, sizeof(dsa_g), NULL);
dsa->pub_key = BN_bin2bn(dsa_pub_key, sizeof(dsa_pub_key), NULL);
// calculate the right len of the signiture
DSA_SIG *temp_sig=DSA_SIG_new();
int siglen = -1;
const unsigned char *data =lptr->dsa_signature;
if (temp_sig == NULL || d2i_DSA_SIG(&temp_sig,&data,sizeof(lptr->dsa_signature)) == NULL){
fprintf(stderr, "License signature verification failed: %s\n",
ERR_error_string(ERR_get_error(), NULL));
exit(EXIT_FAILURE);
}
unsigned char *tmp_buff= NULL;
siglen = i2d_DSA_SIG(temp_sig, &tmp_buff);
OPENSSL_cleanse(tmp_buff, siglen);
OPENSSL_free(tmp_buff);
DSA_SIG_free(temp_sig);
switch(DSA_verify(0, message_digest, sizeof(message_digest),
lptr->dsa_signature, siglen, dsa)) {
case 0:
fputs("License file is corrupted: invalid DSA signature.\n", stderr);
exit(EXIT_FAILURE);
case 1:
break; /* valid signature */
default:
fprintf(stderr, "License signature verification failed: %s\n",
ERR_error_string(ERR_get_error(), NULL));
exit(EXIT_FAILURE);
}
DSA_free(dsa);
}
static int dsa_sig_print(BIO *bp, const X509_ALGOR *sigalg,
const ASN1_STRING *sig,
int indent, ASN1_PCTX *pctx)
{
DSA_SIG *dsa_sig;
const unsigned char *p;
if (!sig)
{
if (BIO_puts(bp, "\n") <= 0)
return 0;
else
return 1;
}
p = sig->data;
dsa_sig = d2i_DSA_SIG(NULL, &p, sig->length);
if (dsa_sig)
{
int rv = 0;
size_t buf_len = 0;
unsigned char *m=NULL;
update_buflen(dsa_sig->r, &buf_len);
update_buflen(dsa_sig->s, &buf_len);
m = OPENSSL_malloc(buf_len+10);
if (m == NULL)
{
DSAerr(DSA_F_DSA_SIG_PRINT,ERR_R_MALLOC_FAILURE);
goto err;
}
if (BIO_write(bp, "\n", 1) != 1)
goto err;
if (!ASN1_bn_print(bp,"r: ",dsa_sig->r,m,indent))
goto err;
if (!ASN1_bn_print(bp,"s: ",dsa_sig->s,m,indent))
goto err;
rv = 1;
err:
if (m)
OPENSSL_free(m);
DSA_SIG_free(dsa_sig);
return rv;
}
return X509_signature_dump(bp, sig, indent);
}
static int pkey_gost01_cp_verify(EVP_PKEY_CTX *ctx, const unsigned char *sig,
size_t siglen, const unsigned char *tbs, size_t tbs_len)
{
int ok = 0;
EVP_PKEY* pub_key = EVP_PKEY_CTX_get0_pkey(ctx);
DSA_SIG *s=unpack_cp_signature(sig,siglen);
if (!s) return 0;
#ifdef DEBUG_SIGN
fprintf(stderr,"R=");
BN_print_fp(stderr,s->r);
fprintf(stderr,"\nS=");
BN_print_fp(stderr,s->s);
fprintf(stderr,"\n");
#endif
if (pub_key) ok = gost2001_do_verify(tbs,tbs_len,s,EVP_PKEY_get0(pub_key));
DSA_SIG_free(s);
return ok;
}
static int pkey_gost01_cp_verify(EVP_PKEY_CTX *ctx, const unsigned char *sig,
size_t siglen, const unsigned char *tbs, size_t tbs_len)
{
int ok = 0;
EVP_PKEY* pub_key = EVP_PKEY_CTX_get0_pkey(ctx);
DSA_SIG *s=unpack_cp_signature(sig,siglen);
if (!s) return 0;
#ifdef DEBUG_SIGN
TINYCLR_SSL_FPRINTF(OPENSSL_TYPE__FILE_STDERR,"R=");
BN_print_fp(OPENSSL_TYPE__FILE_STDERR,s->r);
TINYCLR_SSL_FPRINTF(OPENSSL_TYPE__FILE_STDERR,"\nS=");
BN_print_fp(OPENSSL_TYPE__FILE_STDERR,s->s);
TINYCLR_SSL_FPRINTF(OPENSSL_TYPE__FILE_STDERR,"\n");
#endif
if (pub_key) ok = gost2001_do_verify(tbs,tbs_len,s,(EC_KEY*)EVP_PKEY_get0(pub_key));
DSA_SIG_free(s);
return ok;
}
unsigned
__ops_dsa_verify(const uint8_t *hash, size_t hash_length,
const __ops_dsa_sig_t *sig,
const __ops_dsa_pubkey_t *dsa)
{
unsigned qlen;
DSA_SIG *osig;
DSA *odsa;
int ret;
osig = DSA_SIG_new();
osig->r = sig->r;
osig->s = sig->s;
odsa = DSA_new();
odsa->p = dsa->p;
odsa->q = dsa->q;
odsa->g = dsa->g;
odsa->pub_key = dsa->y;
if (__ops_get_debug_level(__FILE__)) {
hexdump(stderr, "input hash", hash, hash_length);
(void) fprintf(stderr, "Q=%d\n", BN_num_bytes(odsa->q));
}
if ((qlen = (unsigned)BN_num_bytes(odsa->q)) < hash_length) {
hash_length = qlen;
}
ret = DSA_do_verify(hash, (int)hash_length, osig, odsa);
if (__ops_get_debug_level(__FILE__)) {
(void) fprintf(stderr, "ret=%d\n", ret);
}
if (ret < 0) {
(void) fprintf(stderr, "__ops_dsa_verify: DSA verification\n");
return 0;
}
odsa->p = odsa->q = odsa->g = odsa->pub_key = NULL;
DSA_free(odsa);
osig->r = osig->s = NULL;
DSA_SIG_free(osig);
return (unsigned)ret;
}
/* OpenSSL sadly wants to ASN1 encode the resulting bignums so we use this
* function to skip that. Returns > 0 on success */
int HsOpenSSL_dsa_sign(DSA *dsa, const unsigned char *ddata, int dlen,
const BIGNUM **r, const BIGNUM **s) {
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
DSA_SIG *const sig = DSA_do_sign(ddata, dlen, dsa);
if (!sig) return 0;
DSA_SIG_get0(sig, r, s);
*r = BN_dup(*r);
*s = BN_dup(*s);
DSA_SIG_free(sig);
return 1;
#else
DSA_SIG *const sig = dsa->meth->dsa_do_sign(ddata, dlen, dsa);
if (!sig) return 0;
*r = sig->r;
*s = sig->s;
free(sig);
return 1;
#endif
}
/* verify */
void DSASigner::verify(
const void *data,
size_t dataLen,
const void *sig,
size_t sigLen)
{
bool throwSigVerify = false;
DSA_SIG *dsaSig = NULL;
CSSM_RETURN crtn = CSSM_OK;
int irtn;
if(mDsaKey == NULL) {
CssmError::throwMe(CSSMERR_CSP_INTERNAL_ERROR);
}
if(mDsaKey->pub_key == NULL) {
CssmError::throwMe(CSSMERR_CSP_INVALID_KEY_CLASS);
}
/* incoming sig is DER encoded....decode into internal format */
dsaSig = DSA_SIG_new();
crtn = DSASigDecode(dsaSig, sig, sigLen);
if(crtn) {
goto abort;
}
irtn = DSA_do_verify((unsigned char *)data, dataLen, dsaSig, mDsaKey);
if(irtn != 1) {
throwSigVerify = true;
}
abort:
if(dsaSig != NULL) {
DSA_SIG_free(dsaSig);
}
if(throwSigVerify) {
clearOpensslErrors();
CssmError::throwMe(CSSMERR_CSP_VERIFY_FAILED);
}
else if(crtn) {
CssmError::throwMe(crtn);
}
}
static int
xmlSecOpenSSLDsaSha1EvpVerify(int type ATTRIBUTE_UNUSED,
const unsigned char *dgst, unsigned int dgst_len,
const unsigned char *sigbuf, unsigned int siglen,
void *dsa) {
DSA_SIG *s;
int ret = -1;
s = DSA_SIG_new();
if (s == NULL) {
return(ret);
}
if(siglen != XMLSEC_OPENSSL_DSA_SIGNATURE_SIZE) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
NULL,
XMLSEC_ERRORS_R_INVALID_SIZE,
"invalid length %d (%d expected)",
siglen, XMLSEC_OPENSSL_DSA_SIGNATURE_SIZE);
goto err;
}
s->r = BN_bin2bn(sigbuf, XMLSEC_OPENSSL_DSA_SIGNATURE_SIZE / 2, NULL);
s->s = BN_bin2bn(sigbuf + (XMLSEC_OPENSSL_DSA_SIGNATURE_SIZE / 2),
XMLSEC_OPENSSL_DSA_SIGNATURE_SIZE / 2, NULL);
if((s->r == NULL) || (s->s == NULL)) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"BN_bin2bn",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
goto err;
}
ret = DSA_do_verify(dgst, dgst_len, s, dsa);
err:
DSA_SIG_free(s);
return(ret);
}
bool
dsa160_key::verify(byte_array const& digest, byte_array const& signature) const
{
assert(type() != invalid);
assert(digest.size() == SHA256_DIGEST_LENGTH);
// The version of DSA currently implemented by OpenSSL only supports digests up to 160 bits.
int digest_size = 160/8;
DSA_SIG *sig = DSA_SIG_new();
if (!sig)
return false;
byte_array_iwrap<flurry::iarchive> read(signature);
read.archive() >> sig->r >> sig->s; // @todo Check if there's more data in the signature, fail.
int rc = DSA_do_verify((const unsigned char*)digest.const_data(), digest_size, sig, dsa_);
DSA_SIG_free(sig);
return rc == 1;
}
static int fips_dsa_sign(int type, const unsigned char *x, int y,
unsigned char *sig, unsigned int *siglen, EVP_MD_SVCTX *sv)
{
DSA *dsa = sv->key;
unsigned char dig[EVP_MAX_MD_SIZE];
unsigned int dlen;
DSA_SIG *s;
EVP_DigestFinal_ex(sv->mctx, dig, &dlen);
s=dsa->meth->dsa_do_sign(dig,dlen,dsa);
OPENSSL_cleanse(dig, dlen);
if (s == NULL)
{
*siglen=0;
return 0;
}
*siglen= FIPS_dsa_sig_encode(sig, s);
DSA_SIG_free(s);
if (*siglen < 0)
return 0;
return 1;
}
static int fips_dsa_verify(int type, const unsigned char *x, int y,
const unsigned char *sigbuf, unsigned int siglen, EVP_MD_SVCTX *sv)
{
DSA *dsa = sv->key;
DSA_SIG *s;
int ret=-1;
unsigned char dig[EVP_MAX_MD_SIZE];
unsigned int dlen;
s = DSA_SIG_new();
if (s == NULL)
return ret;
if (!FIPS_dsa_sig_decode(s,sigbuf,siglen))
goto err;
EVP_DigestFinal_ex(sv->mctx, dig, &dlen);
ret=dsa->meth->dsa_do_verify(dig,dlen,s,dsa);
OPENSSL_cleanse(dig, dlen);
err:
DSA_SIG_free(s);
return ret;
}
void ssh_signature_free(ssh_signature sig)
{
if (sig == NULL) {
return;
}
switch(sig->type) {
case SSH_KEYTYPE_DSS:
#ifdef HAVE_LIBGCRYPT
gcry_sexp_release(sig->dsa_sig);
#elif defined HAVE_LIBCRYPTO
DSA_SIG_free(sig->dsa_sig);
#endif
break;
case SSH_KEYTYPE_RSA:
case SSH_KEYTYPE_RSA1:
#ifdef HAVE_LIBGCRYPT
gcry_sexp_release(sig->rsa_sig);
#elif defined HAVE_LIBCRYPTO
SAFE_FREE(sig->rsa_sig);
#endif
break;
case SSH_KEYTYPE_ECDSA:
#ifdef HAVE_GCRYPT_ECC
gcry_sexp_release(sig->ecdsa_sig);
#elif defined(HAVE_LIBCRYPTO) && defined(HAVE_OPENSSL_ECC)
ECDSA_SIG_free(sig->ecdsa_sig);
#endif
break;
case SSH_KEYTYPE_ED25519:
SAFE_FREE(sig->ed25519_sig);
break;
case SSH_KEYTYPE_DSS_CERT01:
case SSH_KEYTYPE_RSA_CERT01:
case SSH_KEYTYPE_UNKNOWN:
break;
}
SAFE_FREE(sig);
}
static int dsa_sig_print(BIO *bp, const X509_ALGOR *sigalg,
const ASN1_STRING *sig, int indent, ASN1_PCTX *pctx) {
DSA_SIG *dsa_sig;
const uint8_t *p;
if (!sig) {
return BIO_puts(bp, "\n") > 0;
}
p = sig->data;
dsa_sig = d2i_DSA_SIG(NULL, &p, sig->length);
if (dsa_sig == NULL) {
return X509_signature_dump(bp, sig, indent);
}
int rv = 0;
size_t buf_len = 0;
uint8_t *m = NULL;
update_buflen(dsa_sig->r, &buf_len);
update_buflen(dsa_sig->s, &buf_len);
m = OPENSSL_malloc(buf_len + 10);
if (m == NULL) {
OPENSSL_PUT_ERROR(EVP, ERR_R_MALLOC_FAILURE);
goto err;
}
if (BIO_write(bp, "\n", 1) != 1 ||
!ASN1_bn_print(bp, "r: ", dsa_sig->r, m, indent) ||
!ASN1_bn_print(bp, "s: ", dsa_sig->s, m, indent)) {
goto err;
}
rv = 1;
err:
OPENSSL_free(m);
DSA_SIG_free(dsa_sig);
return rv;
}
// Signing functions
bool OSSLDSA::sign(PrivateKey* privateKey, const ByteString& dataToSign,
ByteString& signature, const AsymMech::Type mechanism,
const void* param /* = NULL */, const size_t paramLen /* = 0 */)
{
if (mechanism == AsymMech::DSA)
{
// Separate implementation for DSA signing without hash computation
// Check if the private key is the right type
if (!privateKey->isOfType(OSSLDSAPrivateKey::type))
{
ERROR_MSG("Invalid key type supplied");
return false;
}
OSSLDSAPrivateKey* pk = (OSSLDSAPrivateKey*) privateKey;
DSA* dsa = pk->getOSSLKey();
// Perform the signature operation
unsigned int sigLen = pk->getOutputLength();
signature.resize(sigLen);
memset(&signature[0], 0, sigLen);
int dLen = dataToSign.size();
DSA_SIG* sig = DSA_do_sign(dataToSign.const_byte_str(), dLen, dsa);
if (sig == NULL)
return false;
// Store the 2 values with padding
BN_bn2bin(sig->r, &signature[sigLen / 2 - BN_num_bytes(sig->r)]);
BN_bn2bin(sig->s, &signature[sigLen - BN_num_bytes(sig->s)]);
DSA_SIG_free(sig);
return true;
}
else
{
// Call default implementation
return AsymmetricAlgorithm::sign(privateKey, dataToSign, signature, mechanism, param, paramLen);
}
}
int DSA_sign(int type, const unsigned char *dgst, int dlen, unsigned char *sig,
unsigned int *siglen, DSA *dsa)
{
DSA_SIG *s;
#ifdef OPENSSL_FIPS
if(FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW))
{
DSAerr(DSA_F_DSA_SIGN, DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
return 0;
}
#endif
RAND_seed(dgst, dlen);
s=DSA_do_sign(dgst,dlen,dsa);
if (s == NULL)
{
*siglen=0;
return(0);
}
*siglen=i2d_DSA_SIG(s,&sig);
DSA_SIG_free(s);
return(1);
}
byte_array
dsa160_key::sign(byte_array const& digest) const
{
assert(type() == public_and_private);
assert(digest.size() == SHA256_DIGEST_LENGTH);
// The version of DSA currently implemented by OpenSSL only supports digests up to 160 bits.
int digest_size = 160/8;
DSA_SIG *sig = DSA_do_sign((const unsigned char*)digest.data(), digest_size, dsa_);
assert(sig);
byte_array signature;
{
byte_array_owrap<flurry::oarchive> write(signature);
// write to signature
write.archive() << sig->r << sig->s;
}
DSA_SIG_free(sig);
return signature;
}
int DSA_check_signature(int *out_valid, const uint8_t *digest,
size_t digest_len, const uint8_t *sig, size_t sig_len,
const DSA *dsa) {
DSA_SIG *s = NULL;
int ret = 0;
s = DSA_SIG_new();
if (s == NULL) {
goto err;
}
if (d2i_DSA_SIG(&s, &sig, sig_len) == NULL) {
goto err;
}
ret = DSA_do_check_signature(out_valid, digest, digest_len, s, dsa);
err:
if (s) {
DSA_SIG_free(s);
}
return ret;
}
bool OSSLDSA::signFinal(ByteString& signature)
{
// Save necessary state before calling super class signFinal
OSSLDSAPrivateKey* pk = (OSSLDSAPrivateKey*) currentPrivateKey;
if (!AsymmetricAlgorithm::signFinal(signature))
{
return false;
}
ByteString hash;
bool bFirstResult = pCurrentHash->hashFinal(hash);
delete pCurrentHash;
pCurrentHash = NULL;
if (!bFirstResult)
{
return false;
}
DSA* dsa = pk->getOSSLKey();
// Perform the signature operation
unsigned int sigLen = pk->getOutputLength();
signature.resize(sigLen);
memset(&signature[0], 0, sigLen);
DSA_SIG* sig = DSA_do_sign(&hash[0], hash.size(), dsa);
if (sig == NULL)
return false;
// Store the 2 values with padding
BN_bn2bin(sig->r, &signature[sigLen / 2 - BN_num_bytes(sig->r)]);
BN_bn2bin(sig->s, &signature[sigLen - BN_num_bytes(sig->s)]);
DSA_SIG_free(sig);
return true;
}
void signature_free(SIGNATURE *sign){
if(!sign)
return;
switch(sign->type){
case TYPE_DSS:
#ifdef HAVE_LIBGCRYPT
gcry_sexp_release(sign->dsa_sign);
#elif defined HAVE_LIBCRYPTO
DSA_SIG_free(sign->dsa_sign);
#endif
break;
case TYPE_RSA:
case TYPE_RSA1:
#ifdef HAVE_LIBGCRYPT
gcry_sexp_release(sign->rsa_sign);
#elif defined HAVE_LIBCRYPTO
free(sign->rsa_sign);
#endif
break;
default:
ssh_log(NULL,SSH_LOG_RARE,"freeing a signature with no type !\n");
}
free(sign);
}
static int dsa_sig_print(BIO *bp, const X509_ALGOR *sigalg,
const ASN1_STRING *sig, int indent, ASN1_PCTX *pctx)
{
DSA_SIG *dsa_sig;
const unsigned char *p;
if (!sig) {
if (BIO_puts(bp, "\n") <= 0)
return 0;
else
return 1;
}
p = sig->data;
dsa_sig = d2i_DSA_SIG(NULL, &p, sig->length);
if (dsa_sig) {
int rv = 0;
const BIGNUM *r, *s;
DSA_SIG_get0(dsa_sig, &r, &s);
if (BIO_write(bp, "\n", 1) != 1)
goto err;
if (!ASN1_bn_print(bp, "r: ", r, NULL, indent))
goto err;
if (!ASN1_bn_print(bp, "s: ", s, NULL, indent))
goto err;
rv = 1;
err:
DSA_SIG_free(dsa_sig);
return rv;
}
if (BIO_puts(bp, "\n") <= 0)
return 0;
return X509_signature_dump(bp, sig, indent);
}