From: Niels Möller Date: Sun, 9 Mar 2014 07:24:51 +0000 (+0100) Subject: New interface for generating DSA parameters and keys. X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d9ba3e905768425bc134824fef7d84cd4b564f43;p=thirdparty%2Fnettle.git New interface for generating DSA parameters and keys. --- diff --git a/ChangeLog b/ChangeLog index 916ce5d0..ad5817aa 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,23 @@ +2014-03-09 Niels Möller + + * Makefile.in (hogweed_SOURCES): Added dsa-gen-params.c and + dsa-keygen-old.c. + + * testsuite/dsa-keygen-test.c (test_main): Updated to use + dsa_generate_keypair_old. + + * dsa.h: Update declarations for key generation functions. + + * dsa-keygen.c (dsa_generate_keypair): New interface, generating + only a keypair, and no new parameters. + + * dsa-keygen-old.c (dsa_generate_keypair_old): Implement old + dsa_generate_keypair interface, based on dsa_generate_params and + dsa_generate_keypair. + + * dsa-gen-params.c (dsa_generate_params): New file and function, + extracted from DSA key generation. + 2014-01-04 Niels Möller * testsuite/testutils.c (test_dsa_sign): #if:ed out, unused. diff --git a/Makefile.in b/Makefile.in index 05e6adeb..0ae8d297 100644 --- a/Makefile.in +++ b/Makefile.in @@ -129,7 +129,9 @@ hogweed_SOURCES = sexp.c sexp-format.c \ rsa-encrypt.c rsa-decrypt.c rsa-decrypt-tr.c \ rsa-keygen.c rsa-compat.c rsa-blind.c \ rsa2sexp.c sexp2rsa.c \ - dsa.c dsa-sign.c dsa-verify.c dsa-keygen.c dsa-hash.c \ + dsa.c dsa-gen-params.c \ + dsa-sign.c dsa-verify.c dsa-keygen.c dsa-keygen-old.c \ + dsa-hash.c \ dsa-sha1-sign.c dsa-sha1-verify.c \ dsa-sha256-sign.c dsa-sha256-verify.c \ dsa2sexp.c sexp2dsa.c \ diff --git a/dsa-gen-params.c b/dsa-gen-params.c new file mode 100644 index 00000000..ddf3ae1a --- /dev/null +++ b/dsa-gen-params.c @@ -0,0 +1,107 @@ +/* dsa-gen-params.c + * + * Generation of DSA parameters + */ + +/* nettle, low-level cryptographics library + * + * Copyright (C) 2002, 2013, 2014 Niels Möller + * + * The nettle library is free software; you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation; either version 2.1 of the License, or (at your + * option) any later version. + * + * The nettle library is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public + * License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with the nettle library; see the file COPYING.LIB. If not, write to + * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, + * MA 02111-1301, USA. + */ + +#if HAVE_CONFIG_H +# include "config.h" +#endif + +#include +#include + +#include "dsa.h" + +#include "bignum.h" +#include "nettle-internal.h" + + +/* Valid sizes, according to FIPS 186-3 are (1024, 160), (2048, 224), + (2048, 256), (3072, 256). */ +int +dsa_generate_params(struct dsa_params *params, + void *random_ctx, nettle_random_func *random, + void *progress_ctx, nettle_progress_func *progress, + unsigned p_bits, unsigned q_bits) +{ + mpz_t r; + unsigned p0_bits; + unsigned a; + + if (q_bits < 30 || p_bits < q_bits + 30) + return 0; + + mpz_init (r); + + nettle_random_prime (params->q, q_bits, 0, random_ctx, random, + progress_ctx, progress); + + if (q_bits >= (p_bits + 2)/3) + _nettle_generate_pocklington_prime (params->p, r, p_bits, 0, + random_ctx, random, + params->q, NULL, params->q); + else + { + mpz_t p0, p0q; + mpz_init (p0); + mpz_init (p0q); + + p0_bits = (p_bits + 3)/2; + + nettle_random_prime (p0, p0_bits, 0, + random_ctx, random, + progress_ctx, progress); + + if (progress) + progress (progress_ctx, 'q'); + + /* Generate p = 2 r q p0 + 1, such that 2^{n-1} < p < 2^n. */ + mpz_mul (p0q, p0, params->q); + + _nettle_generate_pocklington_prime (params->p, r, p_bits, 0, + random_ctx, random, + p0, params->q, p0q); + + mpz_mul (r, r, p0); + + mpz_clear (p0); + mpz_clear (p0q); + } + if (progress) + progress (progress_ctx, 'p'); + + for (a = 2; ; a++) + { + mpz_set_ui (params->g, a); + mpz_powm (params->g, params->g, r, params->p); + if (mpz_cmp_ui (params->g, 1) != 0) + break; + } + + mpz_clear (r); + + if (progress) + progress (progress_ctx, 'g'); + + return 1; +} diff --git a/dsa-keygen-old.c b/dsa-keygen-old.c new file mode 100644 index 00000000..213739a0 --- /dev/null +++ b/dsa-keygen-old.c @@ -0,0 +1,86 @@ +/* dsa-keygen.c + * + * Generation of DSA keypairs + */ + +/* nettle, low-level cryptographics library + * + * Copyright (C) 2002, 2014 Niels Möller + * + * The nettle library is free software; you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation; either version 2.1 of the License, or (at your + * option) any later version. + * + * The nettle library is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public + * License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with the nettle library; see the file COPYING.LIB. If not, write to + * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, + * MA 02111-1301, USA. + */ + +#if HAVE_CONFIG_H +# include "config.h" +#endif + +#include +#include + +#include "dsa.h" + +#include "bignum.h" + + +/* Valid sizes, according to FIPS 186-3 are (1024, 160), (2048, 224), + (2048, 256), (3072, 256). */ +int +dsa_generate_keypair_old(struct dsa_public_key *pub, + struct dsa_private_key *key, + void *random_ctx, nettle_random_func *random, + void *progress_ctx, nettle_progress_func *progress, + unsigned p_bits, unsigned q_bits) +{ + struct dsa_params *params; + struct dsa_value vpub; + struct dsa_value vkey; + + switch (q_bits) + { + case 160: + if (p_bits < DSA_SHA1_MIN_P_BITS) + return 0; + break; + case 224: + case 256: + if (p_bits < DSA_SHA256_MIN_P_BITS) + return 0; + break; + default: + return 0; + } + + /* NOTE: Depends on identical layout! */ + params = (struct dsa_params *) pub; + + if (!dsa_generate_params (params, + random_ctx, random, + progress_ctx, progress, + p_bits, q_bits)) + return 0; + + dsa_value_init (&vpub, params); + dsa_value_init (&vkey, params); + + dsa_generate_keypair (&vpub, &vkey, random_ctx, random); + mpz_swap (pub->y, vpub.x); + mpz_swap (key->x, vkey.x); + + dsa_value_clear (&vpub); + dsa_value_clear (&vkey); + + return 1; +} diff --git a/dsa-keygen.c b/dsa-keygen.c index 71797ddb..0b82d422 100644 --- a/dsa-keygen.c +++ b/dsa-keygen.c @@ -5,7 +5,7 @@ /* nettle, low-level cryptographics library * - * Copyright (C) 2002 Niels Möller + * Copyright (C) 2002, 2014 Niels Möller * * The nettle library is free software; you can redistribute it and/or modify * it under the terms of the GNU Lesser General Public License as published by @@ -38,88 +38,23 @@ /* Valid sizes, according to FIPS 186-3 are (1024, 160), (2048, 224), (2048, 256), (3072, 256). Currenty, we use only q_bits of 160 or 256. */ -int -dsa_generate_keypair(struct dsa_public_key *pub, - struct dsa_private_key *key, - void *random_ctx, nettle_random_func *random, - void *progress_ctx, nettle_progress_func *progress, - unsigned p_bits, unsigned q_bits) -{ - mpz_t p0, p0q, r; - unsigned p0_bits; - unsigned a; - - switch (q_bits) - { - case 160: - if (p_bits < DSA_SHA1_MIN_P_BITS) - return 0; - break; - case 224: - case 256: - if (p_bits < DSA_SHA256_MIN_P_BITS) - return 0; - break; - default: - return 0; - } - - mpz_init (p0); - mpz_init (p0q); - mpz_init (r); - - nettle_random_prime (pub->q, q_bits, 0, random_ctx, random, - progress_ctx, progress); - - p0_bits = (p_bits + 3)/2; - - nettle_random_prime (p0, p0_bits, 0, - random_ctx, random, - progress_ctx, progress); - - if (progress) - progress (progress_ctx, 'q'); - - /* Generate p = 2 r q p0 + 1, such that 2^{n-1} < p < 2^n. - * - * We select r in the range i + 1 < r <= 2i, with i = floor (2^{n-2} / (p0 q). */ - - mpz_mul (p0q, p0, pub->q); +void +dsa_generate_keypair (struct dsa_value *pub, + struct dsa_value *key, - _nettle_generate_pocklington_prime (pub->p, r, p_bits, 0, - random_ctx, random, - p0, pub->q, p0q); - - if (progress) - progress (progress_ctx, 'p'); - - mpz_mul (r, r, p0); - - for (a = 2; ; a++) - { - mpz_set_ui (pub->g, a); - mpz_powm (pub->g, pub->g, r, pub->p); - if (mpz_cmp_ui (pub->g, 1) != 0) - break; - } + void *random_ctx, nettle_random_func *random) +{ + const struct dsa_params *params; + mpz_t r; - if (progress) - progress (progress_ctx, 'g'); + assert (pub->params == key->params); + params = pub->params; - mpz_set(r, pub->q); + mpz_init_set(r, params->q); mpz_sub_ui(r, r, 2); nettle_mpz_random(key->x, random_ctx, random, r); mpz_add_ui(key->x, key->x, 1); - - mpz_powm(pub->y, pub->g, key->x, pub->p); - - if (progress) - progress (progress_ctx, '\n'); - - mpz_clear (p0); - mpz_clear (p0q); + mpz_powm(pub->x, params->g, key->x, params->p); mpz_clear (r); - - return 1; } diff --git a/dsa.h b/dsa.h index a5433f2c..e2e6a04f 100644 --- a/dsa.h +++ b/dsa.h @@ -5,7 +5,7 @@ /* nettle, low-level cryptographics library * - * Copyright (C) 2002 Niels Möller + * Copyright (C) 2002, 2013, 2014 Niels Möller * * The nettle library is free software; you can redistribute it and/or modify * it under the terms of the GNU Lesser General Public License as published by @@ -60,7 +60,9 @@ extern "C" { #define dsa_sha1_verify_digest nettle_dsa_sha1_verify_digest #define dsa_sha256_sign_digest nettle_dsa_sha256_sign_digest #define dsa_sha256_verify_digest nettle_dsa_sha256_verify_digest +#define dsa_generate_params nettle_dsa_generate_params #define dsa_generate_keypair nettle_dsa_generate_keypair +#define dsa_generate_keypair_old nettle_dsa_generate_keypair_old #define dsa_signature_from_sexp nettle_dsa_signature_from_sexp #define dsa_keypair_to_sexp nettle_dsa_keypair_to_sexp #define dsa_keypair_from_sexp_alist nettle_dsa_keypair_from_sexp_alist @@ -141,21 +143,17 @@ dsa_verify(const struct dsa_value *pub, const uint8_t *digest, const struct dsa_signature *signature); -void +int dsa_generate_params (struct dsa_params *params, - void *random_ctx, nettle_random_func *random, - void *progress_ctx, nettle_progress_func *progress, unsigned p_bits, unsigned q_bits); -#if 0 -int +void dsa_generate_keypair (struct dsa_value *pub, struct dsa_value *key, void *random_ctx, nettle_random_func *random); -#endif /* Old nettle interface, kept for backwards compatibility */ @@ -267,13 +265,12 @@ dsa_sha256_verify_digest(const struct dsa_public_key *key, /* Key generation */ int -dsa_generate_keypair(struct dsa_public_key *pub, - struct dsa_private_key *key, - - void *random_ctx, nettle_random_func *random, +dsa_generate_keypair_old(struct dsa_public_key *pub, + struct dsa_private_key *key, - void *progress_ctx, nettle_progress_func *progress, - unsigned p_bits, unsigned q_bits); + void *random_ctx, nettle_random_func *random, + void *progress_ctx, nettle_progress_func *progress, + unsigned p_bits, unsigned q_bits); /* Keys in sexp form. */ diff --git a/testsuite/dsa-keygen-test.c b/testsuite/dsa-keygen-test.c index d57c1107..a34abd3f 100644 --- a/testsuite/dsa-keygen-test.c +++ b/testsuite/dsa-keygen-test.c @@ -21,7 +21,7 @@ test_main(void) knuth_lfib_init(&lfib, 13); - ASSERT (dsa_generate_keypair(&pub, &key, + ASSERT (dsa_generate_keypair_old(&pub, &key, &lfib, (nettle_random_func *) knuth_lfib_random, NULL, verbose ? progress : NULL, @@ -30,7 +30,7 @@ test_main(void) test_dsa_key(&pub, &key, 160); test_dsa160(&pub, &key, NULL); - ASSERT (dsa_generate_keypair(&pub, &key, + ASSERT (dsa_generate_keypair_old(&pub, &key, &lfib, (nettle_random_func *) knuth_lfib_random, NULL, verbose ? progress : NULL, @@ -39,7 +39,7 @@ test_main(void) test_dsa_key(&pub, &key, 256); test_dsa256(&pub, &key, NULL); - ASSERT (dsa_generate_keypair(&pub, &key, + ASSERT (dsa_generate_keypair_old(&pub, &key, &lfib, (nettle_random_func *) knuth_lfib_random, NULL, verbose ? progress : NULL,