diff --git a/src/headers/tomcrypt_pk.h b/src/headers/tomcrypt_pk.h index 6e263a00..49a5c6b3 100644 --- a/src/headers/tomcrypt_pk.h +++ b/src/headers/tomcrypt_pk.h @@ -450,6 +450,7 @@ int dsa_set_pqg(const unsigned char *p, unsigned long plen, const unsigned char *q, unsigned long qlen, const unsigned char *g, unsigned long glen, dsa_key *key); +int dsa_set_pqg_dsaparam(const unsigned char *dsaparam, unsigned long dsaparamlen, dsa_key *key); int dsa_generate_pqg(prng_state *prng, int wprng, int group_size, int modulus_size, dsa_key *key); int dsa_set_key(const unsigned char *pub, unsigned long publen, diff --git a/src/pk/dsa/dsa_set.c b/src/pk/dsa/dsa_set.c index f7c6b5c2..a1ca64f4 100755 --- a/src/pk/dsa/dsa_set.c +++ b/src/pk/dsa/dsa_set.c @@ -60,6 +60,56 @@ LBL_ERR: return err; } +/** + Import DSA's p, q & g from dsaparam + + dsaparam data: openssl dsaparam -outform DER -out dsaparam.der 2048 + + @param dsaparam The DSA param DER encoded data + @param dsaparamlen The length of dhparam data + @param key [out] the destination for the imported key + @return CRYPT_OK if successful, upon error allocated memory is freed +*/ +int dsa_set_pqg_dsaparam(const unsigned char *dsaparam, unsigned long dsaparamlen, + dsa_key *key) +{ + int err; + + LTC_ARGCHK(dsaparam != NULL); + LTC_ARGCHK(key != NULL); + LTC_ARGCHK(key->x == NULL); + LTC_ARGCHK(key->y == NULL); + LTC_ARGCHK(key->p == NULL); + LTC_ARGCHK(key->g == NULL); + LTC_ARGCHK(key->q == NULL); + LTC_ARGCHK(key->qord == 0); + LTC_ARGCHK(ltc_mp.name != NULL); + + /* init key */ + err = mp_init_multi(&key->p, &key->g, &key->q, &key->x, &key->y, NULL); + if (err != CRYPT_OK) return err; + + if ((err = der_decode_sequence_multi(dsaparam, dsaparamlen, + LTC_ASN1_INTEGER, 1UL, key->p, + LTC_ASN1_INTEGER, 1UL, key->q, + LTC_ASN1_INTEGER, 1UL, key->g, + LTC_ASN1_EOL, 0UL, NULL)) != CRYPT_OK) { + goto LBL_ERR; + } + + key->qord = mp_unsigned_bin_size(key->q); + + if (key->qord >= LTC_MDSA_MAX_GROUP || key->qord <= 15 || + (unsigned long)key->qord >= mp_unsigned_bin_size(key->p) || (mp_unsigned_bin_size(key->p) - key->qord) >= LTC_MDSA_DELTA) { + err = CRYPT_INVALID_PACKET; + goto LBL_ERR; + } + return CRYPT_OK; + +LBL_ERR: + dsa_free(key); + return err; +} /** Import DSA public or private key from raw numbers diff --git a/tests/dsa_test.c b/tests/dsa_test.c index 9dd14d7b..ef5f4ab0 100644 --- a/tests/dsa_test.c +++ b/tests/dsa_test.c @@ -100,6 +100,35 @@ static const unsigned char openssl_pub_dsa[] = { 0xeb, 0x6d, 0x41, 0x27, 0xd7, 0x0d, 0x74, 0xaf, 0xa0, 0x35 }; +static unsigned char dsaparam_der[] = { + 0x30, 0x82, 0x01, 0x1e, 0x02, 0x81, 0x81, 0x00, 0xc5, 0x0a, 0x37, 0x51, + 0x5c, 0xab, 0xd6, 0x18, 0xd5, 0xa2, 0x70, 0xbd, 0x4a, 0x6f, 0x6b, 0x4a, + 0xf9, 0xe1, 0x39, 0x95, 0x0f, 0x2b, 0x99, 0x38, 0x7d, 0x9a, 0x64, 0xd6, + 0x4c, 0xb5, 0x96, 0x7a, 0xdc, 0xed, 0xac, 0xa8, 0xac, 0xc6, 0x1b, 0x65, + 0x5a, 0xde, 0xdb, 0x00, 0x61, 0x25, 0x1a, 0x18, 0x2c, 0xee, 0xa1, 0x07, + 0x90, 0x62, 0x5e, 0x4d, 0x12, 0x31, 0x90, 0xc7, 0x03, 0x21, 0xfa, 0x09, + 0xe7, 0xb1, 0x73, 0xd7, 0x8e, 0xaf, 0xdb, 0xfd, 0xbf, 0xb3, 0xef, 0xad, + 0xd1, 0xa1, 0x2a, 0x03, 0x6d, 0xe7, 0x06, 0x92, 0x4a, 0x85, 0x2a, 0xff, + 0x7a, 0x01, 0x66, 0x53, 0x1f, 0xea, 0xc6, 0x67, 0x41, 0x84, 0x5a, 0xc0, + 0x6c, 0xed, 0x62, 0xf9, 0xc2, 0x62, 0x62, 0x05, 0xa4, 0xfa, 0x48, 0xa0, + 0x66, 0xec, 0x35, 0xc9, 0xa8, 0x11, 0xfe, 0xb9, 0x81, 0xab, 0xee, 0xbe, + 0x31, 0xb6, 0xbf, 0xcf, 0x02, 0x15, 0x00, 0xaa, 0x5b, 0xd7, 0xf4, 0xe5, + 0x06, 0x24, 0x13, 0xe5, 0x88, 0x35, 0xca, 0x00, 0xc7, 0xa6, 0x35, 0x71, + 0x61, 0x94, 0xc5, 0x02, 0x81, 0x80, 0x3b, 0x92, 0xe4, 0xff, 0x59, 0x29, + 0x15, 0x0b, 0x08, 0x99, 0x5a, 0x7b, 0xf2, 0xad, 0x14, 0x40, 0x55, 0x6f, + 0xa0, 0x47, 0xff, 0x90, 0x99, 0xb3, 0x44, 0xb3, 0xd4, 0xfc, 0x45, 0x15, + 0x05, 0xae, 0x67, 0x22, 0x43, 0x9c, 0xba, 0x37, 0x10, 0xa5, 0x89, 0x47, + 0x37, 0xec, 0xcc, 0xf5, 0xae, 0xad, 0xa8, 0xb4, 0x7a, 0x35, 0xcb, 0x9d, + 0x93, 0x5c, 0xed, 0xe6, 0xb0, 0x7e, 0x96, 0x94, 0xc4, 0xa6, 0x0c, 0x7d, + 0xd6, 0x70, 0x8a, 0x09, 0x4f, 0x81, 0x4a, 0x0e, 0xc2, 0x13, 0xfb, 0xeb, + 0x16, 0xbf, 0xea, 0xa4, 0xf4, 0x56, 0xff, 0x72, 0x30, 0x05, 0xde, 0x8a, + 0x44, 0x3f, 0xbe, 0xc6, 0x85, 0x26, 0x55, 0xd6, 0x2d, 0x1d, 0x1e, 0xdb, + 0x15, 0xda, 0xa4, 0x45, 0x83, 0x3c, 0x17, 0x97, 0x98, 0x0b, 0x8d, 0x87, + 0xf3, 0x49, 0x0d, 0x90, 0xbd, 0xa9, 0xab, 0x67, 0x6e, 0x87, 0x68, 0x72, + 0x23, 0xdc + }; + + static int _dsa_compat_test(void) { dsa_key key = LTC_DSA_KEY_INITIALIZER; @@ -107,6 +136,7 @@ static int _dsa_compat_test(void) unsigned long x, len; unsigned char key_parts[5][256]; unsigned long key_lens[5]; + int stat; DO(dsa_import(openssl_priv_dsa, sizeof(openssl_priv_dsa), &key)); @@ -176,6 +206,43 @@ static int _dsa_compat_test(void) } dsa_free(&key); + /* try import dsaparam */ + DO(dsa_set_pqg_dsaparam(dsaparam_der, sizeof(dsaparam_der), &key)); + DO(dsa_make_key_ex(&yarrow_prng, find_prng("yarrow"), &key)); + /* verify it */ + DO(dsa_verify_key(&key, &stat)); + if (stat == 0) { + fprintf(stderr, "dsa_verify_key after dsa_set_pqg_dsaparam()"); + return CRYPT_FAIL_TESTVECTOR; + } + dsa_free(&key); + + /* try import dsaparam - our public key */ + DO(dsa_set_pqg_dsaparam(dsaparam_der, sizeof(dsaparam_der), &key)); + DO(dsa_set_key(key_parts[3], key_lens[3], + NULL, 0, + &key)); + len = sizeof(buf); + DO(dsa_export(buf, &len, PK_PUBLIC | PK_STD, &key)); + if (compare_testvector(buf, len, openssl_pub_dsa, sizeof(openssl_pub_dsa), + "DSA public export failed from dsa_set_pqg_dsaparam()\n", 0)) { + return CRYPT_FAIL_TESTVECTOR; + } + dsa_free(&key); + + /* try import dsaparam - our private key */ + DO(dsa_set_pqg_dsaparam(dsaparam_der, sizeof(dsaparam_der), &key)); + DO(dsa_set_key(key_parts[3], key_lens[3], + key_parts[4], key_lens[4], + &key)); + len = sizeof(buf); + DO(dsa_export(buf, &len, PK_PRIVATE | PK_STD, &key)); + if (compare_testvector(buf, len, openssl_priv_dsa, sizeof(openssl_priv_dsa), + "DSA private export failed from dsa_set_pqg_dsaparam()\n", 0)) { + return CRYPT_FAIL_TESTVECTOR; + } + dsa_free(&key); + return CRYPT_OK; }