1 /* $OpenBSD: ssh-dss.c,v 1.27 2010/08/31 09:58:37 djm Exp $ */
3 * Copyright (c) 2000 Markus Friedl. All rights reserved.
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
15 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
16 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
17 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
18 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
19 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
20 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
21 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
22 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
23 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28 #include <sys/types.h>
30 #include <openssl/bn.h>
31 #include <openssl/evp.h>
42 #define INTBLOB_LEN 20
43 #define SIGBLOB_LEN (2*INTBLOB_LEN)
46 ssh_dss_sign(const Key
*key
, u_char
**sigp
, u_int
*lenp
,
47 const u_char
*data
, u_int datalen
)
50 const EVP_MD
*evp_md
= EVP_sha1();
52 u_char digest
[EVP_MAX_MD_SIZE
], sigblob
[SIGBLOB_LEN
];
53 u_int rlen
, slen
, len
, dlen
;
56 if (key
== NULL
|| key
->dsa
== NULL
|| (key
->type
!= KEY_DSA
&&
57 key
->type
!= KEY_DSA_CERT
&& key
->type
!= KEY_DSA_CERT_V00
)) {
58 error("ssh_dss_sign: no DSA key");
61 EVP_DigestInit(&md
, evp_md
);
62 EVP_DigestUpdate(&md
, data
, datalen
);
63 EVP_DigestFinal(&md
, digest
, &dlen
);
65 sig
= DSA_do_sign(digest
, dlen
, key
->dsa
);
66 memset(digest
, 'd', sizeof(digest
));
69 error("ssh_dss_sign: sign failed");
73 rlen
= BN_num_bytes(sig
->r
);
74 slen
= BN_num_bytes(sig
->s
);
75 if (rlen
> INTBLOB_LEN
|| slen
> INTBLOB_LEN
) {
76 error("bad sig size %u %u", rlen
, slen
);
80 memset(sigblob
, 0, SIGBLOB_LEN
);
81 BN_bn2bin(sig
->r
, sigblob
+ SIGBLOB_LEN
- INTBLOB_LEN
- rlen
);
82 BN_bn2bin(sig
->s
, sigblob
+ SIGBLOB_LEN
- slen
);
85 if (datafellows
& SSH_BUG_SIGBLOB
) {
89 *sigp
= xmalloc(SIGBLOB_LEN
);
90 memcpy(*sigp
, sigblob
, SIGBLOB_LEN
);
95 buffer_put_cstring(&b
, "ssh-dss");
96 buffer_put_string(&b
, sigblob
, SIGBLOB_LEN
);
101 *sigp
= xmalloc(len
);
102 memcpy(*sigp
, buffer_ptr(&b
), len
);
109 ssh_dss_verify(const Key
*key
, const u_char
*signature
, u_int signaturelen
,
110 const u_char
*data
, u_int datalen
)
113 const EVP_MD
*evp_md
= EVP_sha1();
115 u_char digest
[EVP_MAX_MD_SIZE
], *sigblob
;
120 if (key
== NULL
|| key
->dsa
== NULL
|| (key
->type
!= KEY_DSA
&&
121 key
->type
!= KEY_DSA_CERT
&& key
->type
!= KEY_DSA_CERT_V00
)) {
122 error("ssh_dss_verify: no DSA key");
126 /* fetch signature */
127 if (datafellows
& SSH_BUG_SIGBLOB
) {
128 sigblob
= xmalloc(signaturelen
);
129 memcpy(sigblob
, signature
, signaturelen
);
135 buffer_append(&b
, signature
, signaturelen
);
136 ktype
= buffer_get_cstring(&b
, NULL
);
137 if (strcmp("ssh-dss", ktype
) != 0) {
138 error("ssh_dss_verify: cannot handle type %s", ktype
);
144 sigblob
= buffer_get_string(&b
, &len
);
145 rlen
= buffer_len(&b
);
148 error("ssh_dss_verify: "
149 "remaining bytes in signature %d", rlen
);
155 if (len
!= SIGBLOB_LEN
) {
156 fatal("bad sigbloblen %u != SIGBLOB_LEN", len
);
159 /* parse signature */
160 if ((sig
= DSA_SIG_new()) == NULL
)
161 fatal("ssh_dss_verify: DSA_SIG_new failed");
162 if ((sig
->r
= BN_new()) == NULL
)
163 fatal("ssh_dss_verify: BN_new failed");
164 if ((sig
->s
= BN_new()) == NULL
)
165 fatal("ssh_dss_verify: BN_new failed");
166 if ((BN_bin2bn(sigblob
, INTBLOB_LEN
, sig
->r
) == NULL
) ||
167 (BN_bin2bn(sigblob
+ INTBLOB_LEN
, INTBLOB_LEN
, sig
->s
) == NULL
))
168 fatal("ssh_dss_verify: BN_bin2bn failed");
171 memset(sigblob
, 0, len
);
175 EVP_DigestInit(&md
, evp_md
);
176 EVP_DigestUpdate(&md
, data
, datalen
);
177 EVP_DigestFinal(&md
, digest
, &dlen
);
179 ret
= DSA_do_verify(digest
, dlen
, sig
, key
->dsa
);
180 memset(digest
, 'd', sizeof(digest
));
184 debug("ssh_dss_verify: signature %s",
185 ret
== 1 ? "correct" : ret
== 0 ? "incorrect" : "error");