| 1 | /*
|
|---|
| 2 | * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
|
|---|
| 3 | *
|
|---|
| 4 | * Licensed under the Apache License 2.0 (the "License"). You may not use
|
|---|
| 5 | * this file except in compliance with the License. You can obtain a copy
|
|---|
| 6 | * in the file LICENSE in the source distribution or at
|
|---|
| 7 | * https://www.openssl.org/source/license.html
|
|---|
| 8 | */
|
|---|
| 9 |
|
|---|
| 10 | /*
|
|---|
| 11 | * DSA low level APIs are deprecated for public use, but still ok for
|
|---|
| 12 | * internal use.
|
|---|
| 13 | */
|
|---|
| 14 | #include "internal/deprecated.h"
|
|---|
| 15 |
|
|---|
| 16 | #include <stdio.h>
|
|---|
| 17 | #include "internal/cryptlib.h"
|
|---|
| 18 | #include <openssl/bn.h>
|
|---|
| 19 | #include "dsa_local.h"
|
|---|
| 20 | #include "crypto/dsa.h"
|
|---|
| 21 |
|
|---|
| 22 | int ossl_dsa_check_params(const DSA *dsa, int checktype, int *ret)
|
|---|
| 23 | {
|
|---|
| 24 | if (checktype == OSSL_KEYMGMT_VALIDATE_QUICK_CHECK)
|
|---|
| 25 | return ossl_ffc_params_simple_validate(dsa->libctx, &dsa->params,
|
|---|
| 26 | FFC_PARAM_TYPE_DSA, ret);
|
|---|
| 27 | else
|
|---|
| 28 | /*
|
|---|
| 29 | * Do full FFC domain params validation according to FIPS-186-4
|
|---|
| 30 | * - always in FIPS_MODULE
|
|---|
| 31 | * - only if possible (i.e., seed is set) in default provider
|
|---|
| 32 | */
|
|---|
| 33 | return ossl_ffc_params_full_validate(dsa->libctx, &dsa->params,
|
|---|
| 34 | FFC_PARAM_TYPE_DSA, ret);
|
|---|
| 35 | }
|
|---|
| 36 |
|
|---|
| 37 | /*
|
|---|
| 38 | * See SP800-56Ar3 Section 5.6.2.3.1 : FFC Full public key validation.
|
|---|
| 39 | */
|
|---|
| 40 | int ossl_dsa_check_pub_key(const DSA *dsa, const BIGNUM *pub_key, int *ret)
|
|---|
| 41 | {
|
|---|
| 42 | return ossl_ffc_validate_public_key(&dsa->params, pub_key, ret);
|
|---|
| 43 | }
|
|---|
| 44 |
|
|---|
| 45 | /*
|
|---|
| 46 | * See SP800-56Ar3 Section 5.6.2.3.1 : FFC Partial public key validation.
|
|---|
| 47 | * To only be used with ephemeral FFC public keys generated using the approved
|
|---|
| 48 | * safe-prime groups.
|
|---|
| 49 | */
|
|---|
| 50 | int ossl_dsa_check_pub_key_partial(const DSA *dsa, const BIGNUM *pub_key, int *ret)
|
|---|
| 51 | {
|
|---|
| 52 | return ossl_ffc_validate_public_key_partial(&dsa->params, pub_key, ret);
|
|---|
| 53 | }
|
|---|
| 54 |
|
|---|
| 55 | int ossl_dsa_check_priv_key(const DSA *dsa, const BIGNUM *priv_key, int *ret)
|
|---|
| 56 | {
|
|---|
| 57 | *ret = 0;
|
|---|
| 58 |
|
|---|
| 59 | return (dsa->params.q != NULL
|
|---|
| 60 | && ossl_ffc_validate_private_key(dsa->params.q, priv_key, ret));
|
|---|
| 61 | }
|
|---|
| 62 |
|
|---|
| 63 | /*
|
|---|
| 64 | * FFC pairwise check from SP800-56A R3.
|
|---|
| 65 | * Section 5.6.2.1.4 Owner Assurance of Pair-wise Consistency
|
|---|
| 66 | */
|
|---|
| 67 | int ossl_dsa_check_pairwise(const DSA *dsa)
|
|---|
| 68 | {
|
|---|
| 69 | int ret = 0;
|
|---|
| 70 | BN_CTX *ctx = NULL;
|
|---|
| 71 | BIGNUM *pub_key = NULL;
|
|---|
| 72 |
|
|---|
| 73 | if (dsa->params.p == NULL
|
|---|
| 74 | || dsa->params.g == NULL
|
|---|
| 75 | || dsa->priv_key == NULL
|
|---|
| 76 | || dsa->pub_key == NULL)
|
|---|
| 77 | return 0;
|
|---|
| 78 |
|
|---|
| 79 | ctx = BN_CTX_new_ex(dsa->libctx);
|
|---|
| 80 | if (ctx == NULL)
|
|---|
| 81 | goto err;
|
|---|
| 82 | pub_key = BN_new();
|
|---|
| 83 | if (pub_key == NULL)
|
|---|
| 84 | goto err;
|
|---|
| 85 |
|
|---|
| 86 | /* recalculate the public key = (g ^ priv) mod p */
|
|---|
| 87 | if (!ossl_dsa_generate_public_key(ctx, dsa, dsa->priv_key, pub_key))
|
|---|
| 88 | goto err;
|
|---|
| 89 | /* check it matches the existing pubic_key */
|
|---|
| 90 | ret = BN_cmp(pub_key, dsa->pub_key) == 0;
|
|---|
| 91 | err:
|
|---|
| 92 | BN_free(pub_key);
|
|---|
| 93 | BN_CTX_free(ctx);
|
|---|
| 94 | return ret;
|
|---|
| 95 | }
|
|---|
