xref: /third_party/openssl/crypto/dsa/dsa_check.c (revision e1051a39) 
1/*
2 * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License").  You may not use
5 * this file except in compliance with the License.  You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10/*
11 * DSA low level APIs are deprecated for public use, but still ok for
12 * internal use.
13 */
14#include "internal/deprecated.h"
15
16#include <stdio.h>
17#include "internal/cryptlib.h"
18#include <openssl/bn.h>
19#include "dsa_local.h"
20#include "crypto/dsa.h"
21
22static int dsa_precheck_params(const DSA *dsa, int *ret)
23{
24    if (dsa->params.p == NULL || dsa->params.q == NULL) {
25        ERR_raise(ERR_LIB_DSA, DSA_R_BAD_FFC_PARAMETERS);
26        *ret = FFC_CHECK_INVALID_PQ;
27        return 0;
28    }
29
30    if (BN_num_bits(dsa->params.p) > OPENSSL_DSA_MAX_MODULUS_BITS) {
31        ERR_raise(ERR_LIB_DSA, DSA_R_MODULUS_TOO_LARGE);
32        *ret = FFC_CHECK_INVALID_PQ;
33        return 0;
34    }
35
36    if (BN_num_bits(dsa->params.q) >= BN_num_bits(dsa->params.p)) {
37        ERR_raise(ERR_LIB_DSA, DSA_R_BAD_Q_VALUE);
38        *ret = FFC_CHECK_INVALID_PQ;
39        return 0;
40    }
41
42    return 1;
43}
44
45int ossl_dsa_check_params(const DSA *dsa, int checktype, int *ret)
46{
47    if (!dsa_precheck_params(dsa, ret))
48        return 0;
49
50    if (checktype == OSSL_KEYMGMT_VALIDATE_QUICK_CHECK)
51        return ossl_ffc_params_simple_validate(dsa->libctx, &dsa->params,
52                                               FFC_PARAM_TYPE_DSA, ret);
53    else
54        /*
55         * Do full FFC domain params validation according to FIPS-186-4
56         *  - always in FIPS_MODULE
57         *  - only if possible (i.e., seed is set) in default provider
58         */
59        return ossl_ffc_params_full_validate(dsa->libctx, &dsa->params,
60                                             FFC_PARAM_TYPE_DSA, ret);
61}
62
63/*
64 * See SP800-56Ar3 Section 5.6.2.3.1 : FFC Full public key validation.
65 */
66int ossl_dsa_check_pub_key(const DSA *dsa, const BIGNUM *pub_key, int *ret)
67{
68    if (!dsa_precheck_params(dsa, ret))
69        return 0;
70
71    return ossl_ffc_validate_public_key(&dsa->params, pub_key, ret);
72}
73
74/*
75 * See SP800-56Ar3 Section 5.6.2.3.1 : FFC Partial public key validation.
76 * To only be used with ephemeral FFC public keys generated using the approved
77 * safe-prime groups.
78 */
79int ossl_dsa_check_pub_key_partial(const DSA *dsa, const BIGNUM *pub_key, int *ret)
80{
81    if (!dsa_precheck_params(dsa, ret))
82        return 0;
83
84    return ossl_ffc_validate_public_key_partial(&dsa->params, pub_key, ret);
85}
86
87int ossl_dsa_check_priv_key(const DSA *dsa, const BIGNUM *priv_key, int *ret)
88{
89    *ret = 0;
90
91    if (!dsa_precheck_params(dsa, ret))
92        return 0;
93
94    return ossl_ffc_validate_private_key(dsa->params.q, priv_key, ret);
95}
96
97/*
98 * FFC pairwise check from SP800-56A R3.
99 *    Section 5.6.2.1.4 Owner Assurance of Pair-wise Consistency
100 */
101int ossl_dsa_check_pairwise(const DSA *dsa)
102{
103    int ret = 0;
104    BN_CTX *ctx = NULL;
105    BIGNUM *pub_key = NULL;
106
107    if (!dsa_precheck_params(dsa, &ret))
108        return 0;
109
110    if (dsa->params.g == NULL
111        || dsa->priv_key == NULL
112        || dsa->pub_key == NULL)
113        return 0;
114
115    ctx = BN_CTX_new_ex(dsa->libctx);
116    if (ctx == NULL)
117        goto err;
118    pub_key = BN_new();
119    if (pub_key == NULL)
120        goto err;
121
122    /* recalculate the public key = (g ^ priv) mod p */
123    if (!ossl_dsa_generate_public_key(ctx, dsa, dsa->priv_key, pub_key))
124        goto err;
125    /* check it matches the existing pubic_key */
126    ret = BN_cmp(pub_key, dsa->pub_key) == 0;
127err:
128    BN_free(pub_key);
129    BN_CTX_free(ctx);
130    return ret;
131}
132