1 /* 2 * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. 3 * 4 * Licensed under the Apache License 2.0 (the "License"). You may not use 5 * this file except in compliance with the License. You can obtain a copy 6 * in the file LICENSE in the source distribution or at 7 * https://www.openssl.org/source/license.html 8 */ 9 10 /* 11 * DSA low level APIs are deprecated for public use, but still ok for 12 * internal use. 13 */ 14 #include "internal/deprecated.h" 15 16 #include <stdio.h> 17 #include <time.h> 18 #include "internal/cryptlib.h" 19 #include <openssl/bn.h> 20 #include <openssl/self_test.h> 21 #include "prov/providercommon.h" 22 #include "crypto/dsa.h" 23 #include "dsa_local.h" 24 25 #ifdef FIPS_MODULE 26 # define MIN_STRENGTH 112 27 #else 28 # define MIN_STRENGTH 80 29 #endif 30 31 static int dsa_keygen(DSA *dsa, int pairwise_test); 32 static int dsa_keygen_pairwise_test(DSA *dsa, OSSL_CALLBACK *cb, void *cbarg); 33 34 int DSA_generate_key(DSA *dsa) 35 { 36 #ifndef FIPS_MODULE 37 if (dsa->meth->dsa_keygen != NULL) 38 return dsa->meth->dsa_keygen(dsa); 39 #endif 40 return dsa_keygen(dsa, 0); 41 } 42 43 int ossl_dsa_generate_public_key(BN_CTX *ctx, const DSA *dsa, 44 const BIGNUM *priv_key, BIGNUM *pub_key) 45 { 46 int ret = 0; 47 BIGNUM *prk = BN_new(); 48 49 if (prk == NULL) 50 return 0; 51 BN_with_flags(prk, priv_key, BN_FLG_CONSTTIME); 52 53 /* pub_key = g ^ priv_key mod p */ 54 if (!BN_mod_exp(pub_key, dsa->params.g, prk, dsa->params.p, ctx)) 55 goto err; 56 ret = 1; 57 err: 58 BN_clear_free(prk); 59 return ret; 60 } 61 62 static int dsa_keygen(DSA *dsa, int pairwise_test) 63 { 64 int ok = 0; 65 BN_CTX *ctx = NULL; 66 BIGNUM *pub_key = NULL, *priv_key = NULL; 67 68 if ((ctx = BN_CTX_new_ex(dsa->libctx)) == NULL) 69 goto err; 70 71 if (dsa->priv_key == NULL) { 72 if ((priv_key = BN_secure_new()) == NULL) 73 goto err; 74 } else { 75 priv_key = dsa->priv_key; 76 } 77 78 /* Do a partial check for invalid p, q, g */ 79 if (!ossl_ffc_params_simple_validate(dsa->libctx, &dsa->params, 80 FFC_PARAM_TYPE_DSA, NULL)) 81 goto err; 82 83 /* 84 * For FFC FIPS 186-4 keygen 85 * security strength s = 112, 86 * Max Private key size N = len(q) 87 */ 88 if (!ossl_ffc_generate_private_key(ctx, &dsa->params, 89 BN_num_bits(dsa->params.q), 90 MIN_STRENGTH, priv_key)) 91 goto err; 92 93 if (dsa->pub_key == NULL) { 94 if ((pub_key = BN_new()) == NULL) 95 goto err; 96 } else { 97 pub_key = dsa->pub_key; 98 } 99 100 if (!ossl_dsa_generate_public_key(ctx, dsa, priv_key, pub_key)) 101 goto err; 102 103 dsa->priv_key = priv_key; 104 dsa->pub_key = pub_key; 105 106 #ifdef FIPS_MODULE 107 pairwise_test = 1; 108 #endif /* FIPS_MODULE */ 109 110 ok = 1; 111 if (pairwise_test) { 112 OSSL_CALLBACK *cb = NULL; 113 void *cbarg = NULL; 114 115 OSSL_SELF_TEST_get_callback(dsa->libctx, &cb, &cbarg); 116 ok = dsa_keygen_pairwise_test(dsa, cb, cbarg); 117 if (!ok) { 118 ossl_set_error_state(OSSL_SELF_TEST_TYPE_PCT); 119 BN_free(dsa->pub_key); 120 BN_clear_free(dsa->priv_key); 121 dsa->pub_key = NULL; 122 dsa->priv_key = NULL; 123 BN_CTX_free(ctx); 124 return ok; 125 } 126 } 127 dsa->dirty_cnt++; 128 129 err: 130 if (pub_key != dsa->pub_key) 131 BN_free(pub_key); 132 if (priv_key != dsa->priv_key) 133 BN_free(priv_key); 134 BN_CTX_free(ctx); 135 136 return ok; 137 } 138 139 /* 140 * FIPS 140-2 IG 9.9 AS09.33 141 * Perform a sign/verify operation. 142 */ 143 static int dsa_keygen_pairwise_test(DSA *dsa, OSSL_CALLBACK *cb, void *cbarg) 144 { 145 int ret = 0; 146 unsigned char dgst[16] = {0}; 147 unsigned int dgst_len = (unsigned int)sizeof(dgst); 148 DSA_SIG *sig = NULL; 149 OSSL_SELF_TEST *st = NULL; 150 151 st = OSSL_SELF_TEST_new(cb, cbarg); 152 if (st == NULL) 153 goto err; 154 155 OSSL_SELF_TEST_onbegin(st, OSSL_SELF_TEST_TYPE_PCT, 156 OSSL_SELF_TEST_DESC_PCT_DSA); 157 158 sig = DSA_do_sign(dgst, (int)dgst_len, dsa); 159 if (sig == NULL) 160 goto err; 161 162 OSSL_SELF_TEST_oncorrupt_byte(st, dgst); 163 164 if (DSA_do_verify(dgst, dgst_len, sig, dsa) != 1) 165 goto err; 166 167 ret = 1; 168 err: 169 OSSL_SELF_TEST_onend(st, ret); 170 OSSL_SELF_TEST_free(st); 171 DSA_SIG_free(sig); 172 return ret; 173 } 174