I have separated the ASN.1 encoding of the DSA signature value from
the cryptographic functions.
That is a cleaner design, and by the following new functions it gives
the user access to the signature values as required by OpenPGP:
DSA_SIG *DSA_do_sign(unsigned char *dgst,int dlen,DSA *dsa);
int DSA_do_verify(unsigned char *dgst,int dgst_len, DSA_SIG *sig, DSA *dsa);
diff -u dsa-orig/Makefile dsa/Makefile
--- dsa-orig/Makefile Sat Mar 6 16:00:09 1999
+++ dsa/Makefile Thu Mar 18 22:50:09 1999
@@ -22,8 +22,8 @@
APPS=
LIB=$(TOP)/libcrypto.a
-LIBSRC= dsa_gen.c dsa_key.c dsa_lib.c dsa_vrf.c dsa_sign.c $(ERRC).c
-LIBOBJ= dsa_gen.o dsa_key.o dsa_lib.o dsa_vrf.o dsa_sign.o $(ERRC).o
+LIBSRC= dsa_gen.c dsa_key.c dsa_lib.c dsa_asn1.c dsa_vrf.c dsa_sign.c $(ERRC).c
+LIBOBJ= dsa_gen.o dsa_key.o dsa_lib.o dsa_asn1.o dsa_vrf.o dsa_sign.o $(ERRC).o
SRC= $(LIBSRC)
@@ -110,3 +110,8 @@
dsa_vrf.o: ../../include/rc5.h ../../include/ripemd.h ../../include/rsa.h
dsa_vrf.o: ../../include/sha.h ../../include/stack.h ../../include/x509.h
dsa_vrf.o: ../../include/x509_vfy.h ../cryptlib.h ../crypto.h dsa.h
+dsa_asn1.o: ../../include/asn1.h ../../include/bio.h ../../include/bn.h
+dsa_asn1.o: ../../include/buffer.h ../../include/e_os.h ../../include/err.h
+dsa_asn1.o: ../../include/rand.h ../../include/stack.h ../cryptlib.h
+dsa_asn1.o: ../crypto.h dsa.h
+
diff -u dsa-orig/Makefile.ssl dsa/Makefile.ssl
--- dsa-orig/Makefile.ssl Sat Mar 6 16:00:09 1999
+++ dsa/Makefile.ssl Thu Mar 18 22:49:53 1999
@@ -22,8 +22,8 @@
APPS=
LIB=$(TOP)/libcrypto.a
-LIBSRC= dsa_gen.c dsa_key.c dsa_lib.c dsa_vrf.c dsa_sign.c $(ERRC).c
-LIBOBJ= dsa_gen.o dsa_key.o dsa_lib.o dsa_vrf.o dsa_sign.o $(ERRC).o
+LIBSRC= dsa_gen.c dsa_key.c dsa_lib.c dsa_asn1.c dsa_vrf.c dsa_sign.c $(ERRC).c
+LIBOBJ= dsa_gen.o dsa_key.o dsa_lib.o dsa_asn1.o dsa_vrf.o dsa_sign.o $(ERRC).o
SRC= $(LIBSRC)
@@ -110,3 +110,7 @@
dsa_vrf.o: ../../include/rc5.h ../../include/ripemd.h ../../include/rsa.h
dsa_vrf.o: ../../include/sha.h ../../include/stack.h ../../include/x509.h
dsa_vrf.o: ../../include/x509_vfy.h ../cryptlib.h ../crypto.h dsa.h
+dsa_asn1.o: ../../include/asn1.h ../../include/bio.h ../../include/bn.h
+dsa_asn1.o: ../../include/buffer.h ../../include/e_os.h ../../include/err.h
+dsa_asn1.o: ../../include/rand.h ../../include/stack.h ../cryptlib.h
+dsa_asn1.o: ../crypto.h dsa.h
diff -u dsa-orig/dsa.err dsa/dsa.err
--- dsa-orig/dsa.err Mon Dec 21 11:52:30 1998
+++ dsa/dsa.err Thu Mar 18 22:34:44 1999
@@ -10,6 +10,10 @@
#define DSA_F_DSA_SIGN 106
#define DSA_F_DSA_SIGN_SETUP 107
#define DSA_F_DSA_VERIFY 108
+#define DSA_F_DSA_SIG_NEW 109
+#define DSA_F_D2I_DSA_SIG 110
+#define DSA_F_DSA_DO_SIGN 111
+#define DSA_F_DSA_DO_VERIFY 112
/* Reason codes. */
#define DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE 100
diff -u dsa-orig/dsa.h dsa/dsa.h
--- dsa-orig/dsa.h Mon Dec 21 11:59:19 1998
+++ dsa/dsa.h Thu Mar 18 22:42:06 1999
@@ -97,6 +97,12 @@
int references;
} DSA;
+typedef struct DSA_SIG_st
+ {
+ BIGNUM *r;
+ BIGNUM *s;
+ } DSA_SIG;
+
#define DSAparams_dup(x) (DSA *)ASN1_dup((int (*)())i2d_DSAparams, \
(char *(*)())d2i_DSAparams,(char *)(x))
#define d2i_DSAparams_fp(fp,x) (DSA *)ASN1_d2i_fp((char *(*)())DSA_new, \
@@ -110,6 +116,15 @@
#ifndef NOPROTO
+DSA_SIG * DSA_SIG_new(void);
+void DSA_SIG_free(DSA_SIG *a);
+int i2d_DSA_SIG(DSA_SIG *a, unsigned char **pp);
+DSA_SIG * d2i_DSA_SIG(DSA_SIG **v, unsigned char **pp, long length);
+
+DSA_SIG * DSA_do_sign(unsigned char *dgst,int dlen,DSA *dsa);
+int DSA_do_verify(unsigned char *dgst,int dgst_len,
+ DSA_SIG *sig,DSA *dsa);
+
DSA * DSA_new(void);
int DSA_size(DSA *);
/* next 4 return -1 on error */
@@ -146,6 +161,14 @@
#else
+DSA_SIG * DSA_SIG_new();
+void DSA_SIG_free();
+int i2d_DSA_SIG();
+DSA_SIG * d2i_DSA_SIG();
+
+DSA_SIG * DSA_do_sign();
+int DSA_do_verify();
+
DSA * DSA_new();
int DSA_size();
int DSA_sign_setup();
@@ -189,6 +212,10 @@
#define DSA_F_DSA_SIGN 106
#define DSA_F_DSA_SIGN_SETUP 107
#define DSA_F_DSA_VERIFY 108
+#define DSA_F_DSA_SIG_NEW 109
+#define DSA_F_D2I_DSA_SIG 110
+#define DSA_F_DSA_DO_SIGN 111
+#define DSA_F_DSA_DO_VERIFY 112
/* Reason codes. */
#define DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE 100
diff -u dsa-orig/dsa_asn1.c dsa/dsa_asn1.c
--- dsa-orig/dsa_asn1.c Thu Mar 18 22:39:33 1999
+++ dsa/dsa_asn1.c Thu Mar 18 23:34:22 1999
@@ -0,0 +1,89 @@
+/* crypto/dsa/dsa_asn1.c */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include "dsa.h"
+#include "asn1.h"
+#include "asn1_mac.h"
+
+DSA_SIG *DSA_SIG_new(void)
+{
+ DSA_SIG *ret;
+
+ ret = Malloc(sizeof(DSA_SIG));
+ if (ret == NULL)
+ {
+ DSAerr(DSA_F_DSA_SIG_NEW,ERR_R_MALLOC_FAILURE);
+ return(NULL);
+ }
+ ret->r = NULL;
+ ret->s = NULL;
+ return(ret);
+}
+
+void DSA_SIG_free(r)
+DSA_SIG *r;
+{
+ if (r == NULL) return;
+ if (r->r) BN_clear_free(r->r);
+ if (r->s) BN_clear_free(r->s);
+ Free(r);
+}
+
+int i2d_DSA_SIG(v,pp)
+DSA_SIG *v;
+unsigned char **pp;
+{
+ int t=0,len;
+ ASN1_INTEGER rbs,sbs;
+ unsigned char *p;
+
+ rbs.data=Malloc(BN_num_bits(v->r)/8+1);
+ rbs.type=V_ASN1_INTEGER;
+ rbs.length=BN_bn2bin(v->r,rbs.data);
+ sbs.data=Malloc(BN_num_bits(v->s)/8+1);
+ sbs.type=V_ASN1_INTEGER;
+ sbs.length=BN_bn2bin(v->s,sbs.data);
+
+ len=i2d_ASN1_INTEGER(&rbs,NULL);
+ len+=i2d_ASN1_INTEGER(&sbs,NULL);
+
+ if (pp)
+ {
+ p=*pp;
+ ASN1_put_object(&p,1,len,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL);
+ i2d_ASN1_INTEGER(&rbs,&p);
+ i2d_ASN1_INTEGER(&sbs,&p);
+ }
+ t=ASN1_object_size(1,len,V_ASN1_SEQUENCE);
+ Free(rbs.data);
+ Free(sbs.data);
+ return(t);
+}
+
+DSA_SIG *d2i_DSA_SIG(a,pp,length)
+DSA_SIG **a;
+unsigned char **pp;
+long length;
+{
+ int i=ERR_R_NESTED_ASN1_ERROR;
+ ASN1_INTEGER *bs=NULL;
+ M_ASN1_D2I_vars(a,DSA_SIG *,DSA_SIG_new);
+
+ M_ASN1_D2I_Init();
+ M_ASN1_D2I_start_sequence();
+ M_ASN1_D2I_get(bs,d2i_ASN1_INTEGER);
+ if ((ret->r=BN_bin2bn(bs->data,bs->length,ret->r)) == NULL) goto err_bn;
+ M_ASN1_D2I_get(bs,d2i_ASN1_INTEGER);
+ if ((ret->s=BN_bin2bn(bs->data,bs->length,ret->s)) == NULL) goto err_bn;
+ ASN1_BIT_STRING_free(bs);
+ M_ASN1_D2I_Finish_2(a);
+
+err_bn:
+ i=ERR_R_BN_LIB;
+err:
+ DSAerr(DSA_F_D2I_DSA_SIG,i);
+ if ((ret != NULL) && ((a == NULL) || (*a != ret))) DSA_SIG_free(ret);
+ if (bs != NULL) ASN1_BIT_STRING_free(bs);
+ return(NULL);
+}
Only in dsa: dsa_asn1.o
diff -u dsa-orig/dsa_err.c dsa/dsa_err.c
--- dsa-orig/dsa_err.c Mon Dec 21 11:59:19 1998
+++ dsa/dsa_err.c Thu Mar 18 22:42:09 1999
@@ -72,6 +72,10 @@
{ERR_PACK(0,DSA_F_DSA_SIGN,0), "DSA_sign"},
{ERR_PACK(0,DSA_F_DSA_SIGN_SETUP,0), "DSA_sign_setup"},
{ERR_PACK(0,DSA_F_DSA_VERIFY,0), "DSA_verify"},
+{ERR_PACK(0,DSA_F_DSA_SIG_NEW,0), "DSA_SIG_new"},
+{ERR_PACK(0,DSA_F_D2I_DSA_SIG,0), "d2i_DSA_SIG"},
+{ERR_PACK(0,DSA_F_DSA_DO_SIGN,0), "DSA_do_sign"},
+{ERR_PACK(0,DSA_F_DSA_DO_VERIFY,0), "DSA_do_verify"},
{0,NULL},
};
diff -u dsa-orig/dsa_sign.c dsa/dsa_sign.c
--- dsa-orig/dsa_sign.c Thu Feb 25 13:00:08 1999
+++ dsa/dsa_sign.c Thu Mar 18 22:59:39 1999
@@ -65,30 +65,21 @@
#include "rand.h"
#include "asn1.h"
-/* data has already been hashed (probably with SHA or SHA-1). */
-/* DSAerr(DSA_F_DSA_SIGN,DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); */
-
-int DSA_sign(type,dgst,dlen,sig,siglen,dsa)
-int type;
+DSA_SIG *DSA_do_sign(dgst,dlen,dsa)
unsigned char *dgst;
int dlen;
-unsigned char *sig; /* out */
-unsigned int *siglen; /* out */
DSA *dsa;
{
- BIGNUM *kinv=NULL,*r=NULL;
+ BIGNUM *kinv=NULL,*r=NULL,*s=NULL;
BIGNUM m;
- BIGNUM xr,s;
+ BIGNUM xr;
BN_CTX *ctx=NULL;
- unsigned char *p;
- int i,len=0,ret=0,reason=ERR_R_BN_LIB;
- ASN1_INTEGER rbs,sbs;
- MS_STATIC unsigned char rbuf[50]; /* assuming r is 20 bytes +extra */
- MS_STATIC unsigned char sbuf[50]; /* assuming s is 20 bytes +extra */
+ int i,reason=ERR_R_BN_LIB;
+ DSA_SIG *ret=NULL;
BN_init(&m);
BN_init(&xr);
- BN_init(&s);
+ s=BN_new();
i=BN_num_bytes(dsa->q); /* should be 20 */
if ((dlen > i) || (dlen > 50))
@@ -116,41 +107,22 @@
/* Compute s = inv(k) (m + xr) mod q */
if (!BN_mod_mul(&xr,dsa->priv_key,r,dsa->q,ctx)) goto err;/* s = xr */
- if (!BN_add(&s, &xr, &m)) goto err; /* s = m + xr */
- if (BN_cmp(&s,dsa->q) > 0)
- BN_sub(&s,&s,dsa->q);
- if (!BN_mod_mul(&s,&s,kinv,dsa->q,ctx)) goto err;
-
- /*
- * Now create a ASN.1 sequence of the integers R and S.
- */
- rbs.data=rbuf;
- sbs.data=sbuf;
- rbs.type = V_ASN1_INTEGER;
- sbs.type = V_ASN1_INTEGER;
- rbs.length=BN_bn2bin(r,rbs.data);
- sbs.length=BN_bn2bin(&s,sbs.data);
-
- len =i2d_ASN1_INTEGER(&rbs,NULL);
- len+=i2d_ASN1_INTEGER(&sbs,NULL);
-
- p=sig;
- ASN1_put_object(&p,1,len,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL);
- i2d_ASN1_INTEGER(&rbs,&p);
- i2d_ASN1_INTEGER(&sbs,&p);
- *siglen=(p-sig);
- ret=1;
+ if (!BN_add(s, &xr, &m)) goto err; /* s = m + xr */
+ if (BN_cmp(s,dsa->q) > 0)
+ BN_sub(s,s,dsa->q);
+ if (!BN_mod_mul(s,s,kinv,dsa->q,ctx)) goto err;
+
+ ret=DSA_SIG_new();
+ ret->r = r;
+ ret->s = s;
+
err:
- if (!ret) DSAerr(DSA_F_DSA_SIGN,reason);
+ if (!ret) DSAerr(DSA_F_DSA_DO_SIGN,reason);
-#if 1 /* do the right thing :-) */
if (kinv != NULL) BN_clear_free(kinv);
- if (r != NULL) BN_clear_free(r);
-#endif
if (ctx != NULL) BN_CTX_free(ctx);
BN_clear_free(&m);
BN_clear_free(&xr);
- BN_clear_free(&s);
return(ret);
}
@@ -218,3 +190,24 @@
return(ret);
}
+
+/* data has already been hashed (probably with SHA or SHA-1). */
+
+int DSA_sign(type,dgst,dlen,sig,siglen,dsa)
+int type;
+unsigned char *dgst;
+int dlen;
+unsigned char *sig; /* out */
+unsigned int *siglen; /* out */
+DSA *dsa;
+ {
+ DSA_SIG *s;
+ s=DSA_do_sign(dgst,dlen,dsa);
+ *siglen=i2d_DSA_SIG(s,&sig);
+ if (s)
+ {
+ DSA_SIG_free(s);
+ return(1);
+ }
+ return(0);
+ }
diff -u dsa-orig/dsa_vrf.c dsa/dsa_vrf.c
--- dsa-orig/dsa_vrf.c Mon Feb 15 23:00:12 1999
+++ dsa/dsa_vrf.c Thu Mar 18 22:44:04 1999
@@ -56,7 +56,7 @@
* [including the GNU Public Licence.]
*/
-/* Origional version from Steven Schoch <[EMAIL PROTECTED]> */
+/* Original version from Steven Schoch <[EMAIL PROTECTED]> */
#include <stdio.h>
#include "cryptlib.h"
@@ -66,57 +66,34 @@
#include "asn1.h"
#include "asn1_mac.h"
-/* data has already been hashed (probably with SHA or SHA-1). */
-/* returns
- * 1: correct signature
- * 0: incorrect signature
- * -1: error
- */
-int DSA_verify(type,dgst,dgst_len,sigbuf,siglen, dsa)
-int type;
+int DSA_do_verify(dgst,dgst_len,sig,dsa)
unsigned char *dgst;
int dgst_len;
-unsigned char *sigbuf;
-int siglen;
+DSA_SIG *sig;
DSA *dsa;
{
- /* The next 3 are used by the M_ASN1 macros */
- long length=siglen;
- ASN1_CTX c;
- unsigned char **pp= &sigbuf;
BN_CTX *ctx;
- BIGNUM r,u1,u2,t1;
- ASN1_INTEGER *bs=NULL;
+ BIGNUM u1,u2,t1;
BN_MONT_CTX *mont=NULL;
int ret = -1;
if ((ctx=BN_CTX_new()) == NULL) goto err;
-
BN_init(&u1);
BN_init(&u2);
- BN_init(&r);
BN_init(&t1);
- M_ASN1_D2I_Init();
- M_ASN1_D2I_start_sequence();
- M_ASN1_D2I_get(bs,d2i_ASN1_INTEGER);
- if ((BN_bin2bn(bs->data,bs->length,&r)) == NULL) goto err_bn;
- M_ASN1_D2I_get(bs,d2i_ASN1_INTEGER);
- if ((BN_bin2bn(bs->data,bs->length,&u1)) == NULL) goto err_bn;
- if (!asn1_Finish(&c)) goto err;
-
/* Calculate W = inv(S) mod Q
* save W in u2 */
- if ((BN_mod_inverse(&u2,&u1,dsa->q,ctx)) == NULL) goto err_bn;
+ if ((BN_mod_inverse(&u2,sig->s,dsa->q,ctx)) == NULL) goto err;
/* save M in u1 */
- if (BN_bin2bn(dgst,dgst_len,&u1) == NULL) goto err_bn;
+ if (BN_bin2bn(dgst,dgst_len,&u1) == NULL) goto err;
/* u1 = M * w mod q */
- if (!BN_mod_mul(&u1,&u1,&u2,dsa->q,ctx)) goto err_bn;
+ if (!BN_mod_mul(&u1,&u1,&u2,dsa->q,ctx)) goto err;
/* u2 = r * w mod q */
- if (!BN_mod_mul(&u2,&r,&u2,dsa->q,ctx)) goto err_bn;
+ if (!BN_mod_mul(&u2,sig->r,&u2,dsa->q,ctx)) goto err;
if ((dsa->method_mont_p == NULL) && (dsa->flags & DSA_FLAG_CACHE_MONT_P))
{
@@ -133,9 +110,9 @@
BN_init(&t2);
/* v = ( g^u1 * y^u2 mod p ) mod q */
/* let t1 = g ^ u1 mod p */
- if (!BN_mod_exp_mont(&t1,dsa->g,&u1,dsa->p,ctx,mont)) goto err_bn;
+ if (!BN_mod_exp_mont(&t1,dsa->g,&u1,dsa->p,ctx,mont)) goto err;
/* let t2 = y ^ u2 mod p */
- if (!BN_mod_exp_mont(&t2,dsa->pub_key,&u2,dsa->p,ctx,mont)) goto err_bn;
+ if (!BN_mod_exp_mont(&t2,dsa->pub_key,&u2,dsa->p,ctx,mont)) goto err;
/* let u1 = t1 * t2 mod p */
if (!BN_mod_mul(&u1,&t1,&t2,dsa->p,ctx)) goto err_bn;
BN_free(&t2);
@@ -145,30 +122,46 @@
#else
{
if (!BN_mod_exp2_mont(&t1,dsa->g,&u1,dsa->pub_key,&u2,dsa->p,ctx,mont))
- goto err_bn;
+ goto err;
/* BN_copy(&u1,&t1); */
/* let u1 = u1 mod q */
- if (!BN_mod(&u1,&t1,dsa->q,ctx)) goto err_bn;
+ if (!BN_mod(&u1,&t1,dsa->q,ctx)) goto err;
}
#endif
/* V is now in u1. If the signature is correct, it will be
* equal to R. */
- ret=(BN_ucmp(&u1, &r) == 0);
- if (0)
- {
-err: /* ASN1 error */
- DSAerr(DSA_F_DSA_VERIFY,c.error);
- }
- if (0)
- {
-err_bn: /* BN error */
- DSAerr(DSA_F_DSA_VERIFY,ERR_R_BN_LIB);
- }
+ ret=(BN_ucmp(&u1, sig->r) == 0);
+
+ err:
+ if (ret != 1) DSAerr(DSA_F_DSA_DO_VERIFY,ERR_R_BN_LIB);
if (ctx != NULL) BN_CTX_free(ctx);
- BN_free(&r);
BN_free(&u1);
BN_free(&u2);
BN_free(&t1);
- if (bs != NULL) ASN1_BIT_STRING_free(bs);
+ return(ret);
+ }
+
+/* data has already been hashed (probably with SHA or SHA-1). */
+/* returns
+ * 1: correct signature
+ * 0: incorrect signature
+ * -1: error
+ */
+int DSA_verify(type,dgst,dgst_len,sigbuf,siglen,dsa)
+int type;
+unsigned char *dgst;
+int dgst_len;
+unsigned char *sigbuf;
+int siglen;
+DSA *dsa;
+ {
+ DSA_SIG *s;
+ int ret=-1;
+
+ s = DSA_SIG_new();
+ if (d2i_DSA_SIG(&s,&sigbuf,siglen) == NULL) goto err;
+ ret=DSA_do_verify(dgst,dgst_len,s,dsa);
+err:
+ DSA_SIG_free(s);
return(ret);
}
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
