Пример #1
0
/* DSA sign and verify */
static	DSA_SIG * surewarehk_dsa_do_sign(const unsigned char *from, int flen, DSA *dsa)
{
	int ret=0;
	char *hptr=NULL;
	DSA_SIG *psign=NULL;
	char msg[64]="ENGINE_dsa_do_sign";
	if (!p_surewarehk_Dsa_Sign)
	{
		SUREWAREerr(SUREWARE_F_SUREWAREHK_DSA_DO_SIGN,ENGINE_R_NOT_INITIALISED);
		goto err;
	}
	/* extract ref to private key */
	else if (!(hptr=DSA_get_ex_data(dsa, dsaHndidx)))
	{
		SUREWAREerr(SUREWARE_F_SUREWAREHK_DSA_DO_SIGN,SUREWARE_R_MISSING_KEY_COMPONENTS);
		goto err;
	}
	else
	{
		if((psign = DSA_SIG_new()) == NULL)
		{
			SUREWAREerr(SUREWARE_F_SUREWAREHK_DSA_DO_SIGN,ERR_R_MALLOC_FAILURE);
			goto err;
		}
		psign->r=BN_new();
		psign->s=BN_new();
		bn_expand2(psign->r, 20/sizeof(BN_ULONG));
		bn_expand2(psign->s, 20/sizeof(BN_ULONG));
		if (!psign->r || psign->r->dmax!=20/sizeof(BN_ULONG) ||
			!psign->s || psign->s->dmax!=20/sizeof(BN_ULONG))
			goto err;
		ret=p_surewarehk_Dsa_Sign(msg,flen,from,
					  (unsigned long *)psign->r->d,
					  (unsigned long *)psign->s->d,
					  hptr);
		surewarehk_error_handling(msg,SUREWARE_F_SUREWAREHK_DSA_DO_SIGN,ret);
	}
	psign->r->top=20/sizeof(BN_ULONG);
	bn_fix_top(psign->r);
	psign->s->top=20/sizeof(BN_ULONG);
	bn_fix_top(psign->s);

err:	
	if (psign)
	{
		DSA_SIG_free(psign);
		psign=NULL;
	}
	return psign;
}
Пример #2
0
/* returns
 *      1: correct signature
 *      0: incorrect signature
 *     -1: error
 */
int DSA_verify(int type, const unsigned char *dgst, int dgst_len,
	     const unsigned char *sigbuf, int siglen, DSA *dsa)
	{
	DSA_SIG *s;
	int ret=-1;

	s = DSA_SIG_new();
	if (s == NULL) return(ret);
	if (d2i_DSA_SIG(&s,&sigbuf,siglen) == NULL) goto err;
	ret=DSA_do_verify(dgst,dgst_len,s,dsa);
err:
	DSA_SIG_free(s);
	return(ret);
	}
Пример #3
0
static int pkey_gost94_cp_verify(EVP_PKEY_CTX *ctx, const unsigned char *sig,
                                 size_t siglen, const unsigned char *tbs,
                                 size_t tbs_len)
{
    int ok = 0;
    EVP_PKEY *pub_key = EVP_PKEY_CTX_get0_pkey(ctx);
    DSA_SIG *s = unpack_cp_signature(sig, siglen);
    if (!s)
        return 0;
    if (pub_key)
        ok = gost_do_verify(tbs, tbs_len, s, EVP_PKEY_get0(pub_key));
    DSA_SIG_free(s);
    return ok;
}
Пример #4
0
ops_boolean_t ops_dsa_verify(const unsigned char *hash,size_t hash_length,
			     const ops_dsa_signature_t *sig,
			     const ops_dsa_public_key_t *dsa)
    {
    DSA_SIG *osig;
    DSA *odsa;
    int ret;

    osig=DSA_SIG_new();
    osig->r=sig->r;
    osig->s=sig->s;

    odsa=DSA_new();
    odsa->p=dsa->p;
    odsa->q=dsa->q;
    odsa->g=dsa->g;
    odsa->pub_key=dsa->y;

    if (debug)
        {
        fprintf(stderr,"hash passed in:\n");
        unsigned i;
        for (i=0; i<hash_length; i++)
            {
            fprintf(stderr,"%02x ", hash[i]);
            }
        fprintf(stderr,"\n");
        }
    //printf("hash_length=%ld\n", hash_length);
    //printf("Q=%d\n", BN_num_bytes(odsa->q));
    unsigned int qlen=BN_num_bytes(odsa->q);
    if (qlen < hash_length)
        hash_length=qlen;
    //    ret=DSA_do_verify(hash,hash_length,osig,odsa);
    ret=DSA_do_verify(hash,hash_length,osig,odsa);
    if (debug)
        {
        fprintf(stderr,"ret=%d\n",ret);
        }
    assert(ret >= 0);

    odsa->p=odsa->q=odsa->g=odsa->pub_key=NULL;
    DSA_free(odsa);
 
    osig->r=osig->s=NULL;
    DSA_SIG_free(osig);

    return ret != 0;
    }
Пример #5
0
static int
xmlSecOpenSSLDsaSha1EvpSign(int type ATTRIBUTE_UNUSED,
                        const unsigned char *dgst, unsigned int dlen,
                        unsigned char *sig, unsigned int *siglen, void *dsa) {
    DSA_SIG *s;
    int rSize, sSize;

    s = DSA_do_sign(dgst, dlen, dsa);
    if(s == NULL) {
        *siglen=0;
        return(0);
    }

    rSize = BN_num_bytes(s->r);
    sSize = BN_num_bytes(s->s);
    if((rSize > (XMLSEC_OPENSSL_DSA_SIGNATURE_SIZE / 2)) ||
       (sSize > (XMLSEC_OPENSSL_DSA_SIGNATURE_SIZE / 2))) {

        xmlSecError(XMLSEC_ERRORS_HERE,
                    NULL,
                    NULL,
                    XMLSEC_ERRORS_R_INVALID_SIZE,
                    "size(r)=%d or size(s)=%d > %d",
                    rSize, sSize, XMLSEC_OPENSSL_DSA_SIGNATURE_SIZE / 2);
        DSA_SIG_free(s);
        return(0);
    }

    memset(sig, 0, XMLSEC_OPENSSL_DSA_SIGNATURE_SIZE);
    BN_bn2bin(s->r, sig + (XMLSEC_OPENSSL_DSA_SIGNATURE_SIZE / 2) - rSize);
    BN_bn2bin(s->s, sig + XMLSEC_OPENSSL_DSA_SIGNATURE_SIZE - sSize);
    *siglen = XMLSEC_OPENSSL_DSA_SIGNATURE_SIZE;

    DSA_SIG_free(s);
    return(1);
}
int DSA_sign(int type, const unsigned char *dgst, int dlen, unsigned char *sig,
	     unsigned int *siglen, DSA *dsa)
	{
	DSA_SIG *s;
	RAND_seed(dgst, dlen);
	s=DSA_do_sign(dgst,dlen,dsa);
	if (s == NULL)
		{
		*siglen=0;
		return(0);
		}
	*siglen=i2d_DSA_SIG(s,&sig);
	DSA_SIG_free(s);
	return(1);
	}
Пример #7
0
int HsOpenSSL_dsa_verify(DSA *dsa, const unsigned char *ddata, int dlen,
                         const BIGNUM *r, const BIGNUM *s) {
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
  DSA_SIG* sig = DSA_SIG_new();
  DSA_SIG_set0(sig, BN_dup(r), BN_dup(s));
  int res = DSA_do_verify(ddata, dlen, sig, dsa);
  DSA_SIG_free(sig);
  return res;
#else
  DSA_SIG sig;
  sig.r = (BIGNUM *)r;
  sig.s = (BIGNUM *)s;
  return dsa->meth->dsa_do_verify(ddata, dlen, &sig, dsa);
#endif
}
Пример #8
0
DSA_SIG *DSA_SIG_parse(CBS *cbs) {
  DSA_SIG *ret = DSA_SIG_new();
  if (ret == NULL) {
    return NULL;
  }
  CBS child;
  if (!CBS_get_asn1(cbs, &child, CBS_ASN1_SEQUENCE) ||
      !parse_integer(&child, &ret->r) ||
      !parse_integer(&child, &ret->s) ||
      CBS_len(&child) != 0) {
    OPENSSL_PUT_ERROR(DSA, DSA_R_DECODE_ERROR);
    DSA_SIG_free(ret);
    return NULL;
  }
  return ret;
}
Пример #9
0
static void pgpFreeSigDSA(pgpDigAlg pgpsig)
{
    struct pgpDigSigDSA_s *sig = pgpsig->data;
    if (sig) {
        if (sig->dsa_sig) {
            DSA_SIG_free(sig->dsa_sig);
        } else {
            /* If sig->dsa_sig was constructed,
             * the memory management of these BNs
             * are freed with it. */
            BN_clear_free(sig->r);
            BN_clear_free(sig->s);
        }
        free(pgpsig->data);
    }
}
Пример #10
0
DSA_SIG *d2i_DSA_SIG(DSA_SIG **out_sig, const uint8_t **inp, long len) {
  if (len < 0) {
    return NULL;
  }
  CBS cbs;
  CBS_init(&cbs, *inp, (size_t)len);
  DSA_SIG *ret = DSA_SIG_parse(&cbs);
  if (ret == NULL) {
    return NULL;
  }
  if (out_sig != NULL) {
    DSA_SIG_free(*out_sig);
    *out_sig = ret;
  }
  *inp = CBS_data(&cbs);
  return ret;
}
Пример #11
0
static void check_license_signature(license_raw *lptr)
{
    unsigned char message_digest[SHA_DIGEST_LENGTH];
    SHA_CTX sha_ctx;
    DSA *dsa = DSA_new();

    SHA1_Init(&sha_ctx);
    SHA1_Update(&sha_ctx, lptr, sizeof(*lptr) - sizeof(lptr->dsa_signature));
    SHA1_Final(message_digest, &sha_ctx);

    dsa->p = BN_bin2bn(dsa_p, sizeof(dsa_p), NULL);
    dsa->q = BN_bin2bn(dsa_q, sizeof(dsa_q), NULL);
    dsa->g = BN_bin2bn(dsa_g, sizeof(dsa_g), NULL);
    dsa->pub_key = BN_bin2bn(dsa_pub_key, sizeof(dsa_pub_key), NULL);

  // calculate the right len of the signiture
  DSA_SIG *temp_sig=DSA_SIG_new();
  int siglen = -1;
  const unsigned char *data =lptr->dsa_signature; 
  if (temp_sig == NULL || d2i_DSA_SIG(&temp_sig,&data,sizeof(lptr->dsa_signature)) == NULL){
  	fprintf(stderr, "License signature verification failed: %s\n",
	    ERR_error_string(ERR_get_error(), NULL));
	  exit(EXIT_FAILURE);
  }
  unsigned char *tmp_buff= NULL;
  siglen = i2d_DSA_SIG(temp_sig, &tmp_buff);
  OPENSSL_cleanse(tmp_buff, siglen);
	OPENSSL_free(tmp_buff);
	DSA_SIG_free(temp_sig);

    switch(DSA_verify(0, message_digest, sizeof(message_digest),
        lptr->dsa_signature, siglen, dsa)) {
    case 0:
	fputs("License file is corrupted: invalid DSA signature.\n", stderr);
	exit(EXIT_FAILURE);
    case 1:
	break; /* valid signature */
    default:
	fprintf(stderr, "License signature verification failed: %s\n",
	    ERR_error_string(ERR_get_error(), NULL));
	exit(EXIT_FAILURE);
    }

    DSA_free(dsa);
}
Пример #12
0
static int dsa_sig_print(BIO *bp, const X509_ALGOR *sigalg,
                         const ASN1_STRING *sig,
                         int indent, ASN1_PCTX *pctx)
{
    DSA_SIG *dsa_sig;
    const unsigned char *p;
    if (!sig)
    {
        if (BIO_puts(bp, "\n") <= 0)
            return 0;
        else
            return 1;
    }
    p = sig->data;
    dsa_sig = d2i_DSA_SIG(NULL, &p, sig->length);
    if (dsa_sig)
    {
        int rv = 0;
        size_t buf_len = 0;
        unsigned char *m=NULL;
        update_buflen(dsa_sig->r, &buf_len);
        update_buflen(dsa_sig->s, &buf_len);
        m = OPENSSL_malloc(buf_len+10);
        if (m == NULL)
        {
            DSAerr(DSA_F_DSA_SIG_PRINT,ERR_R_MALLOC_FAILURE);
            goto err;
        }

        if (BIO_write(bp, "\n", 1) != 1)
            goto err;

        if (!ASN1_bn_print(bp,"r:   ",dsa_sig->r,m,indent))
            goto err;
        if (!ASN1_bn_print(bp,"s:   ",dsa_sig->s,m,indent))
            goto err;
        rv = 1;
err:
        if (m)
            OPENSSL_free(m);
        DSA_SIG_free(dsa_sig);
        return rv;
    }
    return X509_signature_dump(bp, sig, indent);
}
Пример #13
0
static int pkey_gost01_cp_verify(EVP_PKEY_CTX *ctx, const unsigned char *sig,
	size_t siglen, const unsigned char *tbs, size_t tbs_len)
	{
	int ok = 0;
	EVP_PKEY* pub_key = EVP_PKEY_CTX_get0_pkey(ctx);
	DSA_SIG *s=unpack_cp_signature(sig,siglen);
	if (!s) return 0;
#ifdef DEBUG_SIGN	
	fprintf(stderr,"R=");
	BN_print_fp(stderr,s->r);
	fprintf(stderr,"\nS=");
	BN_print_fp(stderr,s->s);
	fprintf(stderr,"\n");
#endif	
	if (pub_key) ok = gost2001_do_verify(tbs,tbs_len,s,EVP_PKEY_get0(pub_key));
	DSA_SIG_free(s);
	return ok;
	}
static int pkey_gost01_cp_verify(EVP_PKEY_CTX *ctx, const unsigned char *sig,
	size_t siglen, const unsigned char *tbs, size_t tbs_len)
	{
	int ok = 0;
	EVP_PKEY* pub_key = EVP_PKEY_CTX_get0_pkey(ctx);
	DSA_SIG *s=unpack_cp_signature(sig,siglen);
	if (!s) return 0;
#ifdef DEBUG_SIGN	
	TINYCLR_SSL_FPRINTF(OPENSSL_TYPE__FILE_STDERR,"R=");
	BN_print_fp(OPENSSL_TYPE__FILE_STDERR,s->r);
	TINYCLR_SSL_FPRINTF(OPENSSL_TYPE__FILE_STDERR,"\nS=");
	BN_print_fp(OPENSSL_TYPE__FILE_STDERR,s->s);
	TINYCLR_SSL_FPRINTF(OPENSSL_TYPE__FILE_STDERR,"\n");
#endif	
	if (pub_key) ok = gost2001_do_verify(tbs,tbs_len,s,(EC_KEY*)EVP_PKEY_get0(pub_key));
	DSA_SIG_free(s);
	return ok;
	}
Пример #15
0
unsigned 
__ops_dsa_verify(const uint8_t *hash, size_t hash_length,
	       const __ops_dsa_sig_t *sig,
	       const __ops_dsa_pubkey_t *dsa)
{
	unsigned	qlen;
	DSA_SIG        *osig;
	DSA            *odsa;
	int             ret;

	osig = DSA_SIG_new();
	osig->r = sig->r;
	osig->s = sig->s;

	odsa = DSA_new();
	odsa->p = dsa->p;
	odsa->q = dsa->q;
	odsa->g = dsa->g;
	odsa->pub_key = dsa->y;

	if (__ops_get_debug_level(__FILE__)) {
		hexdump(stderr, "input hash", hash, hash_length);
		(void) fprintf(stderr, "Q=%d\n", BN_num_bytes(odsa->q));
	}
	if ((qlen = (unsigned)BN_num_bytes(odsa->q)) < hash_length) {
		hash_length = qlen;
	}
	ret = DSA_do_verify(hash, (int)hash_length, osig, odsa);
	if (__ops_get_debug_level(__FILE__)) {
		(void) fprintf(stderr, "ret=%d\n", ret);
	}
	if (ret < 0) {
		(void) fprintf(stderr, "__ops_dsa_verify: DSA verification\n");
		return 0;
	}

	odsa->p = odsa->q = odsa->g = odsa->pub_key = NULL;
	DSA_free(odsa);

	osig->r = osig->s = NULL;
	DSA_SIG_free(osig);

	return (unsigned)ret;
}
Пример #16
0
/* OpenSSL sadly wants to ASN1 encode the resulting bignums so we use this
 * function to skip that. Returns > 0 on success */
int HsOpenSSL_dsa_sign(DSA *dsa, const unsigned char *ddata, int dlen,
                       const BIGNUM **r, const BIGNUM **s) {
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
  DSA_SIG *const sig = DSA_do_sign(ddata, dlen, dsa);
  if (!sig) return 0;
  DSA_SIG_get0(sig, r, s);
  *r = BN_dup(*r);
  *s = BN_dup(*s);
  DSA_SIG_free(sig);
  return 1;
#else
  DSA_SIG *const sig = dsa->meth->dsa_do_sign(ddata, dlen, dsa);
  if (!sig) return 0;
  *r = sig->r;
  *s = sig->s;
  free(sig);
  return 1;
#endif
}
/* verify */
void DSASigner::verify(
	const void 		*data, 
	size_t 			dataLen,
	const void		*sig,			
	size_t			sigLen)
{
	bool 			throwSigVerify = false;
	DSA_SIG 		*dsaSig = NULL;
	CSSM_RETURN		crtn = CSSM_OK;
	int					irtn;
	
	if(mDsaKey == NULL) {
		CssmError::throwMe(CSSMERR_CSP_INTERNAL_ERROR);
	}
	if(mDsaKey->pub_key == NULL) {
		CssmError::throwMe(CSSMERR_CSP_INVALID_KEY_CLASS);
	}

	/* incoming sig is DER encoded....decode into internal format */
	dsaSig = DSA_SIG_new();
	crtn = DSASigDecode(dsaSig, sig, sigLen);
	if(crtn) {
		goto abort;
	}

	irtn = DSA_do_verify((unsigned char *)data, dataLen, dsaSig, mDsaKey);
	if(irtn != 1) {
		throwSigVerify = true;
	}

abort:
	if(dsaSig != NULL) {
		DSA_SIG_free(dsaSig);
	}	
	if(throwSigVerify) {
		clearOpensslErrors();
		CssmError::throwMe(CSSMERR_CSP_VERIFY_FAILED);
	}
	else if(crtn) {
		CssmError::throwMe(crtn);
	}
}
Пример #18
0
static int
xmlSecOpenSSLDsaSha1EvpVerify(int type ATTRIBUTE_UNUSED,
                        const unsigned char *dgst, unsigned int dgst_len,
                        const unsigned char *sigbuf, unsigned int siglen,
                        void *dsa) {
    DSA_SIG *s;
    int ret = -1;

    s = DSA_SIG_new();
    if (s == NULL) {
        return(ret);
    }

    if(siglen != XMLSEC_OPENSSL_DSA_SIGNATURE_SIZE) {
        xmlSecError(XMLSEC_ERRORS_HERE,
                    NULL,
                    NULL,
                    XMLSEC_ERRORS_R_INVALID_SIZE,
                    "invalid length %d (%d expected)",
                    siglen, XMLSEC_OPENSSL_DSA_SIGNATURE_SIZE);
        goto err;
    }

    s->r = BN_bin2bn(sigbuf, XMLSEC_OPENSSL_DSA_SIGNATURE_SIZE / 2, NULL);
    s->s = BN_bin2bn(sigbuf + (XMLSEC_OPENSSL_DSA_SIGNATURE_SIZE / 2),
                       XMLSEC_OPENSSL_DSA_SIGNATURE_SIZE / 2, NULL);
    if((s->r == NULL) || (s->s == NULL)) {
        xmlSecError(XMLSEC_ERRORS_HERE,
                    NULL,
                    "BN_bin2bn",
                    XMLSEC_ERRORS_R_CRYPTO_FAILED,
                    XMLSEC_ERRORS_NO_MESSAGE);
        goto err;
    }

    ret = DSA_do_verify(dgst, dgst_len, s, dsa);

err:
    DSA_SIG_free(s);
    return(ret);
}
Пример #19
0
bool
dsa160_key::verify(byte_array const& digest, byte_array const& signature) const
{
    assert(type() != invalid);
    assert(digest.size() == SHA256_DIGEST_LENGTH);

    // The version of DSA currently implemented by OpenSSL only supports digests up to 160 bits.
    int digest_size = 160/8;

    DSA_SIG *sig = DSA_SIG_new();
    if (!sig)
        return false;

    byte_array_iwrap<flurry::iarchive> read(signature);
    read.archive() >> sig->r >> sig->s; // @todo Check if there's more data in the signature, fail.

    int rc = DSA_do_verify((const unsigned char*)digest.const_data(), digest_size, sig, dsa_);

    DSA_SIG_free(sig);
    return rc == 1;
}
Пример #20
0
static int fips_dsa_sign(int type, const unsigned char *x, int y,
	     unsigned char *sig, unsigned int *siglen, EVP_MD_SVCTX *sv)
	{
	DSA *dsa = sv->key;
	unsigned char dig[EVP_MAX_MD_SIZE];
	unsigned int dlen;
	DSA_SIG *s;
        EVP_DigestFinal_ex(sv->mctx, dig, &dlen);
	s=dsa->meth->dsa_do_sign(dig,dlen,dsa);
	OPENSSL_cleanse(dig, dlen);
	if (s == NULL)
		{
		*siglen=0;
		return 0;
		}
	*siglen= FIPS_dsa_sig_encode(sig, s);
	DSA_SIG_free(s);
	if (*siglen < 0)
		return 0;
	return 1;
	}
Пример #21
0
static int fips_dsa_verify(int type, const unsigned char *x, int y,
	     const unsigned char *sigbuf, unsigned int siglen, EVP_MD_SVCTX *sv)
	{
	DSA *dsa = sv->key;
	DSA_SIG *s;
	int ret=-1;
	unsigned char dig[EVP_MAX_MD_SIZE];
	unsigned int dlen;

	s = DSA_SIG_new();
	if (s == NULL)
		return ret;
	if (!FIPS_dsa_sig_decode(s,sigbuf,siglen))
		goto err;
        EVP_DigestFinal_ex(sv->mctx, dig, &dlen);
	ret=dsa->meth->dsa_do_verify(dig,dlen,s,dsa);
	OPENSSL_cleanse(dig, dlen);
err:
	DSA_SIG_free(s);
	return ret;
	}
Пример #22
0
void ssh_signature_free(ssh_signature sig)
{
    if (sig == NULL) {
        return;
    }

    switch(sig->type) {
        case SSH_KEYTYPE_DSS:
#ifdef HAVE_LIBGCRYPT
            gcry_sexp_release(sig->dsa_sig);
#elif defined HAVE_LIBCRYPTO
            DSA_SIG_free(sig->dsa_sig);
#endif
            break;
        case SSH_KEYTYPE_RSA:
        case SSH_KEYTYPE_RSA1:
#ifdef HAVE_LIBGCRYPT
            gcry_sexp_release(sig->rsa_sig);
#elif defined HAVE_LIBCRYPTO
            SAFE_FREE(sig->rsa_sig);
#endif
            break;
        case SSH_KEYTYPE_ECDSA:
#ifdef HAVE_GCRYPT_ECC
            gcry_sexp_release(sig->ecdsa_sig);
#elif defined(HAVE_LIBCRYPTO) && defined(HAVE_OPENSSL_ECC)
            ECDSA_SIG_free(sig->ecdsa_sig);
#endif
            break;
        case SSH_KEYTYPE_ED25519:
            SAFE_FREE(sig->ed25519_sig);
            break;
        case SSH_KEYTYPE_DSS_CERT01:
        case SSH_KEYTYPE_RSA_CERT01:
        case SSH_KEYTYPE_UNKNOWN:
            break;
    }

    SAFE_FREE(sig);
}
Пример #23
0
static int dsa_sig_print(BIO *bp, const X509_ALGOR *sigalg,
                         const ASN1_STRING *sig, int indent, ASN1_PCTX *pctx) {
  DSA_SIG *dsa_sig;
  const uint8_t *p;

  if (!sig) {
    return BIO_puts(bp, "\n") > 0;
  }

  p = sig->data;
  dsa_sig = d2i_DSA_SIG(NULL, &p, sig->length);
  if (dsa_sig == NULL) {
    return X509_signature_dump(bp, sig, indent);
  }

  int rv = 0;
  size_t buf_len = 0;
  uint8_t *m = NULL;

  update_buflen(dsa_sig->r, &buf_len);
  update_buflen(dsa_sig->s, &buf_len);
  m = OPENSSL_malloc(buf_len + 10);
  if (m == NULL) {
    OPENSSL_PUT_ERROR(EVP, ERR_R_MALLOC_FAILURE);
    goto err;
  }

  if (BIO_write(bp, "\n", 1) != 1 ||
      !ASN1_bn_print(bp, "r:   ", dsa_sig->r, m, indent) ||
      !ASN1_bn_print(bp, "s:   ", dsa_sig->s, m, indent)) {
    goto err;
  }
  rv = 1;

err:
  OPENSSL_free(m);
  DSA_SIG_free(dsa_sig);
  return rv;
}
Пример #24
0
// Signing functions
bool OSSLDSA::sign(PrivateKey* privateKey, const ByteString& dataToSign,
		   ByteString& signature, const AsymMech::Type mechanism,
		   const void* param /* = NULL */, const size_t paramLen /* = 0 */)
{
	if (mechanism == AsymMech::DSA)
	{
		// Separate implementation for DSA signing without hash computation

		// Check if the private key is the right type
		if (!privateKey->isOfType(OSSLDSAPrivateKey::type))
		{
			ERROR_MSG("Invalid key type supplied");

			return false;
		}

		OSSLDSAPrivateKey* pk = (OSSLDSAPrivateKey*) privateKey;
		DSA* dsa = pk->getOSSLKey();

		// Perform the signature operation
		unsigned int sigLen = pk->getOutputLength();
		signature.resize(sigLen);
		memset(&signature[0], 0, sigLen);
		int dLen = dataToSign.size();
		DSA_SIG* sig = DSA_do_sign(dataToSign.const_byte_str(), dLen, dsa);
		if (sig == NULL)
			return false;
		// Store the 2 values with padding
		BN_bn2bin(sig->r, &signature[sigLen / 2 - BN_num_bytes(sig->r)]);
		BN_bn2bin(sig->s, &signature[sigLen - BN_num_bytes(sig->s)]);
		DSA_SIG_free(sig);
		return true;
	}
	else
	{
		// Call default implementation
		return AsymmetricAlgorithm::sign(privateKey, dataToSign, signature, mechanism, param, paramLen);
	}
}
Пример #25
0
int DSA_sign(int type, const unsigned char *dgst, int dlen, unsigned char *sig,
	     unsigned int *siglen, DSA *dsa)
	{
	DSA_SIG *s;
#ifdef OPENSSL_FIPS
	if(FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW))
		{
		DSAerr(DSA_F_DSA_SIGN, DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
		return 0;
		}
#endif
	RAND_seed(dgst, dlen);
	s=DSA_do_sign(dgst,dlen,dsa);
	if (s == NULL)
		{
		*siglen=0;
		return(0);
		}
	*siglen=i2d_DSA_SIG(s,&sig);
	DSA_SIG_free(s);
	return(1);
	}
Пример #26
0
byte_array
dsa160_key::sign(byte_array const& digest) const
{
    assert(type() == public_and_private);
    assert(digest.size() == SHA256_DIGEST_LENGTH);

    // The version of DSA currently implemented by OpenSSL only supports digests up to 160 bits.
    int digest_size = 160/8;

    DSA_SIG *sig = DSA_do_sign((const unsigned char*)digest.data(), digest_size, dsa_);
    assert(sig);

    byte_array signature;
    {
        byte_array_owrap<flurry::oarchive> write(signature);
        // write to signature
        write.archive() << sig->r << sig->s;
    }

    DSA_SIG_free(sig);

    return signature;
}
Пример #27
0
int DSA_check_signature(int *out_valid, const uint8_t *digest,
                        size_t digest_len, const uint8_t *sig, size_t sig_len,
                        const DSA *dsa) {
  DSA_SIG *s = NULL;
  int ret = 0;

  s = DSA_SIG_new();
  if (s == NULL) {
    goto err;
  }

  if (d2i_DSA_SIG(&s, &sig, sig_len) == NULL) {
    goto err;
  }

  ret = DSA_do_check_signature(out_valid, digest, digest_len, s, dsa);

err:
  if (s) {
    DSA_SIG_free(s);
  }
  return ret;
}
Пример #28
0
bool OSSLDSA::signFinal(ByteString& signature)
{
	// Save necessary state before calling super class signFinal
	OSSLDSAPrivateKey* pk = (OSSLDSAPrivateKey*) currentPrivateKey;

	if (!AsymmetricAlgorithm::signFinal(signature))
	{
		return false;
	}

	ByteString hash;

	bool bFirstResult = pCurrentHash->hashFinal(hash);

	delete pCurrentHash;
	pCurrentHash = NULL;

	if (!bFirstResult)
	{
		return false;
	}

	DSA* dsa = pk->getOSSLKey();

	// Perform the signature operation
	unsigned int sigLen = pk->getOutputLength();
	signature.resize(sigLen);
	memset(&signature[0], 0, sigLen);
	DSA_SIG* sig = DSA_do_sign(&hash[0], hash.size(), dsa);
	if (sig == NULL)
		return false;
	// Store the 2 values with padding
	BN_bn2bin(sig->r, &signature[sigLen / 2 - BN_num_bytes(sig->r)]);
	BN_bn2bin(sig->s, &signature[sigLen - BN_num_bytes(sig->s)]);
	DSA_SIG_free(sig);
	return true;
}
Пример #29
0
void signature_free(SIGNATURE *sign){
    if(!sign)
        return;
    switch(sign->type){
        case TYPE_DSS:
#ifdef HAVE_LIBGCRYPT
            gcry_sexp_release(sign->dsa_sign);
#elif defined HAVE_LIBCRYPTO
            DSA_SIG_free(sign->dsa_sign);
#endif
            break;
        case TYPE_RSA:
        case TYPE_RSA1:
#ifdef HAVE_LIBGCRYPT
            gcry_sexp_release(sign->rsa_sign);
#elif defined HAVE_LIBCRYPTO
            free(sign->rsa_sign);
#endif
            break;
        default:
            ssh_log(NULL,SSH_LOG_RARE,"freeing a signature with no type !\n");
    }
    free(sign);
}
Пример #30
0
static int dsa_sig_print(BIO *bp, const X509_ALGOR *sigalg,
                         const ASN1_STRING *sig, int indent, ASN1_PCTX *pctx)
{
    DSA_SIG *dsa_sig;
    const unsigned char *p;

    if (!sig) {
        if (BIO_puts(bp, "\n") <= 0)
            return 0;
        else
            return 1;
    }
    p = sig->data;
    dsa_sig = d2i_DSA_SIG(NULL, &p, sig->length);
    if (dsa_sig) {
        int rv = 0;
        const BIGNUM *r, *s;

        DSA_SIG_get0(dsa_sig, &r, &s);

        if (BIO_write(bp, "\n", 1) != 1)
            goto err;

        if (!ASN1_bn_print(bp, "r:   ", r, NULL, indent))
            goto err;
        if (!ASN1_bn_print(bp, "s:   ", s, NULL, indent))
            goto err;
        rv = 1;
 err:
        DSA_SIG_free(dsa_sig);
        return rv;
    }
    if (BIO_puts(bp, "\n") <= 0)
        return 0;
    return X509_signature_dump(bp, sig, indent);
}