xref: /freebsd/crypto/openssl/crypto/dsa/dsa_check.c (revision 44096ebd22ddd0081a357011714eff8963614b65)
1 /*
2  * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
3  *
4  * Licensed under the Apache License 2.0 (the "License").  You may not use
5  * this file except in compliance with the License.  You can obtain a copy
6  * in the file LICENSE in the source distribution or at
7  * https://www.openssl.org/source/license.html
8  */
9 
10 /*
11  * DSA low level APIs are deprecated for public use, but still ok for
12  * internal use.
13  */
14 #include "internal/deprecated.h"
15 
16 #include <stdio.h>
17 #include "internal/cryptlib.h"
18 #include <openssl/bn.h>
19 #include "dsa_local.h"
20 #include "crypto/dsa.h"
21 
22 static int dsa_precheck_params(const DSA *dsa, int *ret)
23 {
24     if (dsa->params.p == NULL || dsa->params.q == NULL) {
25         ERR_raise(ERR_LIB_DSA, DSA_R_BAD_FFC_PARAMETERS);
26         *ret = FFC_CHECK_INVALID_PQ;
27         return 0;
28     }
29 
30     if (BN_num_bits(dsa->params.p) > OPENSSL_DSA_MAX_MODULUS_BITS) {
31         ERR_raise(ERR_LIB_DSA, DSA_R_MODULUS_TOO_LARGE);
32         *ret = FFC_CHECK_INVALID_PQ;
33         return 0;
34     }
35 
36     if (BN_num_bits(dsa->params.q) >= BN_num_bits(dsa->params.p)) {
37         ERR_raise(ERR_LIB_DSA, DSA_R_BAD_Q_VALUE);
38         *ret = FFC_CHECK_INVALID_PQ;
39         return 0;
40     }
41 
42     return 1;
43 }
44 
45 int ossl_dsa_check_params(const DSA *dsa, int checktype, int *ret)
46 {
47     if (!dsa_precheck_params(dsa, ret))
48         return 0;
49 
50     if (checktype == OSSL_KEYMGMT_VALIDATE_QUICK_CHECK)
51         return ossl_ffc_params_simple_validate(dsa->libctx, &dsa->params,
52                                                FFC_PARAM_TYPE_DSA, ret);
53     else
54         /*
55          * Do full FFC domain params validation according to FIPS-186-4
56          *  - always in FIPS_MODULE
57          *  - only if possible (i.e., seed is set) in default provider
58          */
59         return ossl_ffc_params_full_validate(dsa->libctx, &dsa->params,
60                                              FFC_PARAM_TYPE_DSA, ret);
61 }
62 
63 /*
64  * See SP800-56Ar3 Section 5.6.2.3.1 : FFC Full public key validation.
65  */
66 int ossl_dsa_check_pub_key(const DSA *dsa, const BIGNUM *pub_key, int *ret)
67 {
68     if (!dsa_precheck_params(dsa, ret))
69         return 0;
70 
71     return ossl_ffc_validate_public_key(&dsa->params, pub_key, ret)
72            && *ret == 0;
73 }
74 
75 /*
76  * See SP800-56Ar3 Section 5.6.2.3.1 : FFC Partial public key validation.
77  * To only be used with ephemeral FFC public keys generated using the approved
78  * safe-prime groups.
79  */
80 int ossl_dsa_check_pub_key_partial(const DSA *dsa, const BIGNUM *pub_key, int *ret)
81 {
82     if (!dsa_precheck_params(dsa, ret))
83         return 0;
84 
85     return ossl_ffc_validate_public_key_partial(&dsa->params, pub_key, ret)
86            && *ret == 0;
87 }
88 
89 int ossl_dsa_check_priv_key(const DSA *dsa, const BIGNUM *priv_key, int *ret)
90 {
91     *ret = 0;
92 
93     if (!dsa_precheck_params(dsa, ret))
94         return 0;
95 
96     return ossl_ffc_validate_private_key(dsa->params.q, priv_key, ret);
97 }
98 
99 /*
100  * FFC pairwise check from SP800-56A R3.
101  *    Section 5.6.2.1.4 Owner Assurance of Pair-wise Consistency
102  */
103 int ossl_dsa_check_pairwise(const DSA *dsa)
104 {
105     int ret = 0;
106     BN_CTX *ctx = NULL;
107     BIGNUM *pub_key = NULL;
108 
109     if (!dsa_precheck_params(dsa, &ret))
110         return 0;
111 
112     if (dsa->params.g == NULL
113         || dsa->priv_key == NULL
114         || dsa->pub_key == NULL)
115         return 0;
116 
117     ctx = BN_CTX_new_ex(dsa->libctx);
118     if (ctx == NULL)
119         goto err;
120     pub_key = BN_new();
121     if (pub_key == NULL)
122         goto err;
123 
124     /* recalculate the public key = (g ^ priv) mod p */
125     if (!ossl_dsa_generate_public_key(ctx, dsa, dsa->priv_key, pub_key))
126         goto err;
127     /* check it matches the existing pubic_key */
128     ret = BN_cmp(pub_key, dsa->pub_key) == 0;
129 err:
130     BN_free(pub_key);
131     BN_CTX_free(ctx);
132     return ret;
133 }
134