/src/openssl30/crypto/dsa/dsa_key.c
Line | Count | Source (jump to first uncovered line) |
1 | | /* |
2 | | * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. |
3 | | * |
4 | | * Licensed under the Apache License 2.0 (the "License"). You may not use |
5 | | * this file except in compliance with the License. You can obtain a copy |
6 | | * in the file LICENSE in the source distribution or at |
7 | | * https://www.openssl.org/source/license.html |
8 | | */ |
9 | | |
10 | | /* |
11 | | * DSA low level APIs are deprecated for public use, but still ok for |
12 | | * internal use. |
13 | | */ |
14 | | #include "internal/deprecated.h" |
15 | | |
16 | | #include <stdio.h> |
17 | | #include <time.h> |
18 | | #include "internal/cryptlib.h" |
19 | | #include <openssl/bn.h> |
20 | | #include <openssl/self_test.h> |
21 | | #include "prov/providercommon.h" |
22 | | #include "crypto/dsa.h" |
23 | | #include "dsa_local.h" |
24 | | |
25 | | #ifdef FIPS_MODULE |
26 | | # define MIN_STRENGTH 112 |
27 | | #else |
28 | 0 | # define MIN_STRENGTH 80 |
29 | | #endif |
30 | | |
31 | | static int dsa_keygen(DSA *dsa, int pairwise_test); |
32 | | static int dsa_keygen_pairwise_test(DSA *dsa, OSSL_CALLBACK *cb, void *cbarg); |
33 | | |
34 | | int DSA_generate_key(DSA *dsa) |
35 | 0 | { |
36 | 0 | #ifndef FIPS_MODULE |
37 | 0 | if (dsa->meth->dsa_keygen != NULL) |
38 | 0 | return dsa->meth->dsa_keygen(dsa); |
39 | 0 | #endif |
40 | 0 | return dsa_keygen(dsa, 0); |
41 | 0 | } |
42 | | |
43 | | int ossl_dsa_generate_public_key(BN_CTX *ctx, const DSA *dsa, |
44 | | const BIGNUM *priv_key, BIGNUM *pub_key) |
45 | 23 | { |
46 | 23 | int ret = 0; |
47 | 23 | BIGNUM *prk = BN_new(); |
48 | | |
49 | 23 | if (prk == NULL) |
50 | 0 | return 0; |
51 | 23 | BN_with_flags(prk, priv_key, BN_FLG_CONSTTIME); |
52 | | |
53 | | /* pub_key = g ^ priv_key mod p */ |
54 | 23 | if (!BN_mod_exp(pub_key, dsa->params.g, prk, dsa->params.p, ctx)) |
55 | 2 | goto err; |
56 | 21 | ret = 1; |
57 | 23 | err: |
58 | 23 | BN_clear_free(prk); |
59 | 23 | return ret; |
60 | 21 | } |
61 | | |
62 | | static int dsa_keygen(DSA *dsa, int pairwise_test) |
63 | 0 | { |
64 | 0 | int ok = 0; |
65 | 0 | BN_CTX *ctx = NULL; |
66 | 0 | BIGNUM *pub_key = NULL, *priv_key = NULL; |
67 | |
|
68 | 0 | if ((ctx = BN_CTX_new_ex(dsa->libctx)) == NULL) |
69 | 0 | goto err; |
70 | | |
71 | 0 | if (dsa->priv_key == NULL) { |
72 | 0 | if ((priv_key = BN_secure_new()) == NULL) |
73 | 0 | goto err; |
74 | 0 | } else { |
75 | 0 | priv_key = dsa->priv_key; |
76 | 0 | } |
77 | | |
78 | | /* Do a partial check for invalid p, q, g */ |
79 | 0 | if (!ossl_ffc_params_simple_validate(dsa->libctx, &dsa->params, |
80 | 0 | FFC_PARAM_TYPE_DSA, NULL)) |
81 | 0 | goto err; |
82 | | |
83 | | /* |
84 | | * For FFC FIPS 186-4 keygen |
85 | | * security strength s = 112, |
86 | | * Max Private key size N = len(q) |
87 | | */ |
88 | 0 | if (!ossl_ffc_generate_private_key(ctx, &dsa->params, |
89 | 0 | BN_num_bits(dsa->params.q), |
90 | 0 | MIN_STRENGTH, priv_key)) |
91 | 0 | goto err; |
92 | | |
93 | 0 | if (dsa->pub_key == NULL) { |
94 | 0 | if ((pub_key = BN_new()) == NULL) |
95 | 0 | goto err; |
96 | 0 | } else { |
97 | 0 | pub_key = dsa->pub_key; |
98 | 0 | } |
99 | | |
100 | 0 | if (!ossl_dsa_generate_public_key(ctx, dsa, priv_key, pub_key)) |
101 | 0 | goto err; |
102 | | |
103 | 0 | dsa->priv_key = priv_key; |
104 | 0 | dsa->pub_key = pub_key; |
105 | |
|
106 | | #ifdef FIPS_MODULE |
107 | | pairwise_test = 1; |
108 | | #endif /* FIPS_MODULE */ |
109 | |
|
110 | 0 | ok = 1; |
111 | 0 | if (pairwise_test) { |
112 | 0 | OSSL_CALLBACK *cb = NULL; |
113 | 0 | void *cbarg = NULL; |
114 | |
|
115 | 0 | OSSL_SELF_TEST_get_callback(dsa->libctx, &cb, &cbarg); |
116 | 0 | ok = dsa_keygen_pairwise_test(dsa, cb, cbarg); |
117 | 0 | if (!ok) { |
118 | 0 | ossl_set_error_state(OSSL_SELF_TEST_TYPE_PCT); |
119 | 0 | BN_free(dsa->pub_key); |
120 | 0 | BN_clear_free(dsa->priv_key); |
121 | 0 | dsa->pub_key = NULL; |
122 | 0 | dsa->priv_key = NULL; |
123 | 0 | BN_CTX_free(ctx); |
124 | 0 | return ok; |
125 | 0 | } |
126 | 0 | } |
127 | 0 | dsa->dirty_cnt++; |
128 | |
|
129 | 0 | err: |
130 | 0 | if (pub_key != dsa->pub_key) |
131 | 0 | BN_free(pub_key); |
132 | 0 | if (priv_key != dsa->priv_key) |
133 | 0 | BN_free(priv_key); |
134 | 0 | BN_CTX_free(ctx); |
135 | |
|
136 | 0 | return ok; |
137 | 0 | } |
138 | | |
139 | | /* |
140 | | * FIPS 140-2 IG 9.9 AS09.33 |
141 | | * Perform a sign/verify operation. |
142 | | */ |
143 | | static int dsa_keygen_pairwise_test(DSA *dsa, OSSL_CALLBACK *cb, void *cbarg) |
144 | 0 | { |
145 | 0 | int ret = 0; |
146 | 0 | unsigned char dgst[16] = {0}; |
147 | 0 | unsigned int dgst_len = (unsigned int)sizeof(dgst); |
148 | 0 | DSA_SIG *sig = NULL; |
149 | 0 | OSSL_SELF_TEST *st = NULL; |
150 | |
|
151 | 0 | st = OSSL_SELF_TEST_new(cb, cbarg); |
152 | 0 | if (st == NULL) |
153 | 0 | goto err; |
154 | | |
155 | 0 | OSSL_SELF_TEST_onbegin(st, OSSL_SELF_TEST_TYPE_PCT, |
156 | 0 | OSSL_SELF_TEST_DESC_PCT_DSA); |
157 | |
|
158 | 0 | sig = DSA_do_sign(dgst, (int)dgst_len, dsa); |
159 | 0 | if (sig == NULL) |
160 | 0 | goto err; |
161 | | |
162 | 0 | OSSL_SELF_TEST_oncorrupt_byte(st, dgst); |
163 | |
|
164 | 0 | if (DSA_do_verify(dgst, dgst_len, sig, dsa) != 1) |
165 | 0 | goto err; |
166 | | |
167 | 0 | ret = 1; |
168 | 0 | err: |
169 | 0 | OSSL_SELF_TEST_onend(st, ret); |
170 | 0 | OSSL_SELF_TEST_free(st); |
171 | 0 | DSA_SIG_free(sig); |
172 | 0 | return ret; |
173 | 0 | } |