From: Niels Möller <nisse@lysator.liu.se>
Date: Tue, 11 Mar 2014 19:37:18 +0000 (+0100)
Subject: Converted remaining DSA key conversion functions to new interface.
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d0059a042dfde5c5dfc32ed7584fb398543ddbaa;p=thirdparty%2Fnettle.git

Converted remaining DSA key conversion functions to new interface.
---

diff --git a/ChangeLog b/ChangeLog
index 6287a7c1..de5d37e0 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,16 +1,31 @@
 2014-03-11  Niels Möller  <nisse@lysator.liu.se>
 
-	* tools/pkcs1-conv.c (convert_dsa_private_key): Use new DSA
+	* examples/hogweed-benchmark.c: Update dsa benchmarking to use new
+	DSA interface.
+
+	* dsa.h: Updated prototypes.
+
+	* sexp2dsa.c (dsa_sha1_keypair_from_sexp)
+	(dsa_sha256_keypair_from_sexp): Converted to new DSA interface.
+	(dsa_keypair_from_sexp_alist): Converted to new DSA
+	interface. Allow q_size == 0, meaning any q < p is allowed.
+	Additional validity checks.
+
+	* der2dsa.c (dsa_params_from_der_iterator): Likewise.
+	(dsa_public_key_from_der_iterator): Converted to new DSA
+	interface. Also check that the public value is in the correct
+	range.
+	(dsa_openssl_private_key_from_der_iterator): Converted
+	to new DSA interface. Additional validity checks.
+	(dsa_openssl_private_key_from_der): Converted to new DSA
 	interface.
 
-	* dsa.h (dsa_openssl_private_key_from_der_iterator)
-	(dsa_openssl_private_key_from_der, dsa_keypair_to_sexp): Updated
-	prototypes.
+	* tools/pkcs1-conv.c (convert_dsa_private_key): Use new DSA
+	interface.
+	(convert_public_key): Likewise.
 
-	* der2dsa.c (dsa_openssl_private_key_from_der_iterator): Converted
-	to new DSA interface. This is an API change.
-	(dsa_openssl_private_key_from_der): Likewise.
-	* dsa2sexp.c (dsa_keypair_to_sexp): Likewise.
+	* dsa2sexp.c (dsa_keypair_to_sexp): Converted to new DSA
+	interface.
 
 2014-03-09  Niels Möller  <nisse@lysator.liu.se>
 
diff --git a/der2dsa.c b/der2dsa.c
index da63a756..83df2bc4 100644
--- a/der2dsa.c
+++ b/der2dsa.c
@@ -40,9 +40,10 @@
  && asn1_der_get_bignum((i), (x), (l))			\
  && mpz_sgn((x)) > 0)
 
+/* If q_bits > 0, q is required to be of exactly this size. */
 int
-dsa_params_from_der_iterator(struct dsa_public_key *pub,
-			     unsigned p_max_bits,
+dsa_params_from_der_iterator(struct dsa_params *params,
+			     unsigned max_bits, unsigned q_bits,
 			     struct asn1_der_iterator *i)
 {
   /* Dss-Parms ::= SEQUENCE {
@@ -51,25 +52,34 @@ dsa_params_from_der_iterator(struct dsa_public_key *pub,
 	 g  INTEGER
      }
   */
-  return (i->type == ASN1_INTEGER
-	  && asn1_der_get_bignum(i, pub->p, p_max_bits)
-	  && mpz_sgn(pub->p) > 0
-	  && GET(i, pub->q, DSA_SHA1_Q_BITS)
-	  && GET(i, pub->g, p_max_bits)
-	  && asn1_der_iterator_next(i) == ASN1_ITERATOR_END);
+  if (i->type == ASN1_INTEGER
+      && asn1_der_get_bignum(i, params->p, max_bits)
+      && mpz_sgn(params->p) > 0)
+    {
+      unsigned p_bits = mpz_sizeinbase (params->p, 2);
+      return (GET(i, params->q, q_bits ? q_bits : p_bits)
+	      && (q_bits == 0 || mpz_sizeinbase(params->q, 2) == q_bits)
+	      && mpz_cmp (params->q, params->p) < 0
+	      && GET(i, params->g, p_bits)
+	      && mpz_cmp (params->g, params->p) < 0
+	      && asn1_der_iterator_next(i) == ASN1_ITERATOR_END);
+    }
+  else
+    return 0;
 }
 
 int
-dsa_public_key_from_der_iterator(struct dsa_public_key *pub,
-				 unsigned p_max_bits,
+dsa_public_key_from_der_iterator(struct dsa_value *pub,
 				 struct asn1_der_iterator *i)
 {
   /* DSAPublicKey ::= INTEGER
   */
 
   return (i->type == ASN1_INTEGER
-	  && asn1_der_get_bignum(i, pub->y, p_max_bits)
-	  && mpz_sgn(pub->y) > 0);
+	  && asn1_der_get_bignum(i, pub->x,
+				 mpz_sizeinbase (pub->params->p, 2))
+	  && mpz_sgn(pub->x) > 0
+	  && mpz_cmp(pub->x, pub->params->p) < 0);    
 }
 
 int
@@ -93,17 +103,24 @@ dsa_openssl_private_key_from_der_iterator(struct dsa_params *params,
 
   assert (pub->params == params);
   assert (priv->params == params);
-  return (i->type == ASN1_SEQUENCE
+  if (i->type == ASN1_SEQUENCE
 	  && asn1_der_decode_constructed_last(i) == ASN1_ITERATOR_PRIMITIVE
 	  && i->type == ASN1_INTEGER
 	  && asn1_der_get_uint32(i, &version)
 	  && version == 0
-	  && GET(i, params->p, p_max_bits)
-	  && GET(i, params->q, DSA_SHA1_Q_BITS)
-	  && GET(i, params->g, p_max_bits)
-	  && GET(i, pub->x, p_max_bits)
-	  && GET(i, priv->x, DSA_SHA1_Q_BITS)
-	  && asn1_der_iterator_next(i) == ASN1_ITERATOR_END);
+      && GET(i, params->p, p_max_bits))
+    {
+      unsigned p_bits = mpz_sizeinbase (params->p, 2);
+      return (GET(i, params->q, DSA_SHA1_Q_BITS)
+	      && GET(i, params->g, p_bits)
+	      && mpz_cmp (params->g, params->p) < 0
+	      && GET(i, pub->x, p_bits)
+	      && mpz_cmp (pub->x, params->p) < 0
+	      && GET(i, priv->x, DSA_SHA1_Q_BITS)
+	      && asn1_der_iterator_next(i) == ASN1_ITERATOR_END);
+    }
+  else
+    return 0;
 }
 
 int
diff --git a/dsa.h b/dsa.h
index 72a9277b..d13a7ca6 100644
--- a/dsa.h
+++ b/dsa.h
@@ -291,9 +291,10 @@ dsa_signature_from_sexp(struct dsa_signature *rs,
 			unsigned q_bits);
 
 int
-dsa_keypair_from_sexp_alist(struct dsa_public_key *pub,
-			    struct dsa_private_key *priv,
-			    unsigned p_max_bits,
+dsa_keypair_from_sexp_alist(struct dsa_params *params,
+			    struct dsa_value *pub,
+			    struct dsa_value *priv,
+			    unsigned max_bits,
 			    unsigned q_bits,
 			    struct sexp_iterator *i);
 
@@ -302,14 +303,16 @@ dsa_keypair_from_sexp_alist(struct dsa_public_key *pub,
  * the public key. */
 /* Keys must be initialized before calling this function, as usual. */
 int
-dsa_sha1_keypair_from_sexp(struct dsa_public_key *pub,
-			   struct dsa_private_key *priv,
+dsa_sha1_keypair_from_sexp(struct dsa_params *params,
+			   struct dsa_value *pub,
+			   struct dsa_value *priv,
 			   unsigned p_max_bits,
 			   size_t length, const uint8_t *expr);
 
 int
-dsa_sha256_keypair_from_sexp(struct dsa_public_key *pub,
-			     struct dsa_private_key *priv,
+dsa_sha256_keypair_from_sexp(struct dsa_params *params,
+			     struct dsa_value *pub,
+			     struct dsa_value *priv,
 			     unsigned p_max_bits,
 			     size_t length, const uint8_t *expr);
 
@@ -317,12 +320,11 @@ dsa_sha256_keypair_from_sexp(struct dsa_public_key *pub,
 struct asn1_der_iterator;
 
 int
-dsa_params_from_der_iterator(struct dsa_public_key *pub,
-			     unsigned p_max_bits,
+dsa_params_from_der_iterator(struct dsa_params *params,
+			     unsigned max_bits, unsigned q_bits,
 			     struct asn1_der_iterator *i);
 int
-dsa_public_key_from_der_iterator(struct dsa_public_key *pub,
-				 unsigned p_max_bits,
+dsa_public_key_from_der_iterator(struct dsa_value *pub,
 				 struct asn1_der_iterator *i);
 
 int
diff --git a/examples/hogweed-benchmark.c b/examples/hogweed-benchmark.c
index 3513cdd9..3f57a5db 100644
--- a/examples/hogweed-benchmark.c
+++ b/examples/hogweed-benchmark.c
@@ -2,7 +2,7 @@
 
 /* nettle, low-level cryptographics library
  *
- * Copyright (C) 2013 Niels Möller
+ * Copyright (C) 2013, 2014 Niels Möller
  *
  * The nettle library is free software; you can redistribute it and/or modify
  * it under the terms of the GNU Lesser General Public License as published by
@@ -264,9 +264,10 @@ bench_rsa_clear (void *p)
 }
 
 struct dsa_ctx
-{  
-  struct dsa_public_key pub;
-  struct dsa_private_key key;
+{
+  struct dsa_params params;
+  struct dsa_value pub;
+  struct dsa_value key;
   struct knuth_lfib_ctx lfib;
   struct dsa_signature s;
   uint8_t *digest;
@@ -292,8 +293,9 @@ bench_dsa_init (unsigned size)
 
   ctx = xalloc(sizeof(*ctx));
 
-  dsa_public_key_init (&ctx->pub);
-  dsa_private_key_init (&ctx->key);
+  dsa_params_init (&ctx->params);
+  dsa_value_init (&ctx->pub, &ctx->params);
+  dsa_value_init (&ctx->key, &ctx->params);
   dsa_signature_init (&ctx->s);
   knuth_lfib_init (&ctx->lfib, 1);
 
@@ -303,14 +305,14 @@ bench_dsa_init (unsigned size)
   if (! (sexp_transport_iterator_first (&i, sizeof(dsa1024) - 1, dsa1024)
 	 && sexp_iterator_check_type (&i, "private-key")
 	 && sexp_iterator_check_type (&i, "dsa")
-	 && dsa_keypair_from_sexp_alist (&ctx->pub, &ctx->key, 0, DSA_SHA1_Q_BITS, &i)) )
+	 && dsa_keypair_from_sexp_alist (&ctx->params, &ctx->pub, &ctx->key, 0, DSA_SHA1_Q_BITS, &i)) )
     die ("Internal error.\n");
 
   ctx->digest = hash_string (&nettle_sha1, 3, "foo");
 
-  dsa_sha1_sign_digest (&ctx->pub, &ctx->key,
-			&ctx->lfib, (nettle_random_func *)knuth_lfib_random,
-			ctx->digest, &ctx->s);
+  dsa_sign (&ctx->key,
+	    &ctx->lfib, (nettle_random_func *)knuth_lfib_random,
+	    SHA1_DIGEST_SIZE, ctx->digest, &ctx->s);
 
   return ctx;
 }
@@ -322,9 +324,9 @@ bench_dsa_sign (void *p)
   struct dsa_signature s;
 
   dsa_signature_init (&s);
-  dsa_sha1_sign_digest (&ctx->pub, &ctx->key,
-			&ctx->lfib, (nettle_random_func *)knuth_lfib_random,
-			ctx->digest, &s);
+  dsa_sign (&ctx->key,
+	    &ctx->lfib, (nettle_random_func *)knuth_lfib_random,
+	    SHA1_DIGEST_SIZE, ctx->digest, &s);
   dsa_signature_clear (&s);
 }
 
@@ -332,7 +334,7 @@ static void
 bench_dsa_verify (void *p)
 {
   struct dsa_ctx *ctx = p;
-  if (! dsa_sha1_verify_digest (&ctx->pub, ctx->digest, &ctx->s))
+  if (! dsa_verify (&ctx->pub, SHA1_DIGEST_SIZE, ctx->digest, &ctx->s))
     die ("Internal error, dsa_sha1_verify_digest failed.\n");
 }
 
@@ -340,8 +342,9 @@ static void
 bench_dsa_clear (void *p)
 {
   struct dsa_ctx *ctx = p;
-  dsa_public_key_clear (&ctx->pub);
-  dsa_private_key_clear (&ctx->key);
+  dsa_value_clear (&ctx->pub);
+  dsa_value_clear (&ctx->key);
+  dsa_params_clear (&ctx->params);
   dsa_signature_clear (&ctx->s);
   free (ctx->digest);
   free (ctx);
diff --git a/sexp2dsa.c b/sexp2dsa.c
index 538f9cec..de7f6b73 100644
--- a/sexp2dsa.c
+++ b/sexp2dsa.c
@@ -26,6 +26,7 @@
 # include "config.h"
 #endif
 
+#include <assert.h>
 #include <string.h>
 
 #include "dsa.h"
@@ -47,8 +48,9 @@ do {						\
  */
 
 int
-dsa_keypair_from_sexp_alist(struct dsa_public_key *pub,
-			    struct dsa_private_key *priv,
+dsa_keypair_from_sexp_alist(struct dsa_params *params,
+			    struct dsa_value *pub,
+			    struct dsa_value *priv,
 			    unsigned p_max_bits,
 			    unsigned q_bits,
 			    struct sexp_iterator *i)
@@ -57,26 +59,40 @@ dsa_keypair_from_sexp_alist(struct dsa_public_key *pub,
     = { "p", "q", "g", "y", "x" };
   struct sexp_iterator values[5];
   unsigned nvalues = priv ? 5 : 4;
-  
+  unsigned p_bits;
+  assert (pub->params == params);
   if (!sexp_iterator_assoc(i, nvalues, names, values))
     return 0;
 
-  if (priv)
-    GET(priv->x, q_bits, &values[4]);
-  
-  GET(pub->p, p_max_bits, &values[0]);
-  GET(pub->q, q_bits, &values[1]);
-  if (mpz_sizeinbase(pub->q, 2) != q_bits)
+  GET(params->p, p_max_bits, &values[0]);
+  p_bits = mpz_sizeinbase (params->p, 2);
+  GET(params->q, q_bits ? q_bits : p_bits, &values[1]);
+  if (q_bits > 0 && mpz_sizeinbase(params->q, 2) != q_bits)
+    return 0;
+  if (mpz_cmp (params->q, params->p) >= 0)
+    return 0;
+  GET(params->g, p_bits, &values[2]);
+  if (mpz_cmp (params->g, params->p) >= 0)
+    return 0;
+  GET(pub->x, p_bits, &values[3]);
+  if (mpz_cmp (pub->x, params->p) >= 0)
     return 0;
-  GET(pub->g, p_max_bits, &values[2]);
-  GET(pub->y, p_max_bits, &values[3]);
-  
+
+  if (priv)
+    {
+      assert (priv->params == params);
+      GET(priv->x, mpz_sizeinbase (params->q, 2), &values[4]);
+      if (mpz_cmp (priv->x, params->q) >= 0)
+	return 0;
+    }
+
   return 1;
 }
 
 int
-dsa_sha1_keypair_from_sexp(struct dsa_public_key *pub,
-			   struct dsa_private_key *priv,
+dsa_sha1_keypair_from_sexp(struct dsa_params *params,
+			   struct dsa_value *pub,
+			   struct dsa_value *priv,
 			   unsigned p_max_bits, 
 			   size_t length, const uint8_t *expr)
 {
@@ -85,12 +101,14 @@ dsa_sha1_keypair_from_sexp(struct dsa_public_key *pub,
   return sexp_iterator_first(&i, length, expr)
     && sexp_iterator_check_type(&i, priv ? "private-key" : "public-key")
     && sexp_iterator_check_type(&i, "dsa")
-    && dsa_keypair_from_sexp_alist(pub, priv, p_max_bits, DSA_SHA1_Q_BITS, &i);
+    && dsa_keypair_from_sexp_alist(params, pub, priv,
+				   p_max_bits, DSA_SHA1_Q_BITS, &i);
 }
 
 int
-dsa_sha256_keypair_from_sexp(struct dsa_public_key *pub,
-			     struct dsa_private_key *priv,
+dsa_sha256_keypair_from_sexp(struct dsa_params *params,
+			     struct dsa_value *pub,
+			     struct dsa_value *priv,
 			     unsigned p_max_bits, 
 			     size_t length, const uint8_t *expr)
 {
@@ -99,7 +117,8 @@ dsa_sha256_keypair_from_sexp(struct dsa_public_key *pub,
   return sexp_iterator_first(&i, length, expr)
     && sexp_iterator_check_type(&i, priv ? "private-key" : "public-key")
     && sexp_iterator_check_type(&i, "dsa-sha256")
-    && dsa_keypair_from_sexp_alist(pub, priv, p_max_bits, DSA_SHA256_Q_BITS, &i);
+    && dsa_keypair_from_sexp_alist(params, pub, priv,
+				   p_max_bits, DSA_SHA256_Q_BITS, &i);
 }
 
 int
diff --git a/tools/pkcs1-conv.c b/tools/pkcs1-conv.c
index e55f7738..71dbf7a8 100644
--- a/tools/pkcs1-conv.c
+++ b/tools/pkcs1-conv.c
@@ -407,17 +407,20 @@ convert_public_key(struct nettle_buffer *buffer, size_t length, const uint8_t *d
 	      if (asn1_der_iterator_next(&j) == ASN1_ITERATOR_CONSTRUCTED
 		  && asn1_der_decode_constructed_last(&j) == ASN1_ITERATOR_PRIMITIVE)
 		{
-		  struct dsa_public_key pub;
+		  struct dsa_params params;
+		  struct dsa_value pub;
 
-		  dsa_public_key_init(&pub);
+		  dsa_params_init (&params);
+		  dsa_value_init (&pub, &params);
 
-		  if (dsa_params_from_der_iterator(&pub, 0, &i)
-		      && dsa_public_key_from_der_iterator(&pub, 0, &j))
+		  if (dsa_params_from_der_iterator(&params, 0, 0, &i)
+		      && dsa_public_key_from_der_iterator(&pub, &j))
 		    {
 		      nettle_buffer_reset(buffer);
 		      res = dsa_keypair_to_sexp(buffer, NULL, &pub, NULL) > 0;
 		    }
-		  dsa_public_key_clear(&pub);
+		  dsa_value_clear(&pub);
+		  dsa_params_clear(&params);
 		}
 	      if (!res)
 		werror("SubjectPublicKeyInfo: Invalid DSA key.\n");