From: Nikos Mavrogiannopoulos Date: Mon, 24 Nov 2014 09:54:55 +0000 (+0100) Subject: More nettle2 updates (in FIPS140-2 mode) X-Git-Tag: gnutls_3_4_0~523 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=7d65b1c321576c5de73ffcd574eaeb69c492a983;p=thirdparty%2Fgnutls.git More nettle2 updates (in FIPS140-2 mode) --- diff --git a/lib/nettle/int/dsa-fips.h b/lib/nettle/int/dsa-fips.h index 82d545effe..e1edfb5125 100644 --- a/lib/nettle/int/dsa-fips.h +++ b/lib/nettle/int/dsa-fips.h @@ -54,7 +54,7 @@ st_provable_prime (mpz_t p, void *progress_ctx, nettle_progress_func * progress); int -dsa_generate_dss_pqg(struct dsa_public_key *pub, +dsa_generate_dss_pqg(struct dsa_params *params, struct dss_params_validation_seeds* cert, unsigned index, void *random_ctx, nettle_random_func *random, @@ -62,22 +62,23 @@ dsa_generate_dss_pqg(struct dsa_public_key *pub, unsigned p_bits /* = L */, unsigned q_bits /* = N */); int -dsa_generate_dss_keypair(struct dsa_public_key *pub, - struct dsa_private_key *key, +dsa_generate_dss_keypair(struct dsa_params *params, + mpz_t y, + mpz_t x, void *random_ctx, nettle_random_func *random, void *progress_ctx, nettle_progress_func *progress); int -dsa_validate_dss_pqg(struct dsa_public_key *pub, +dsa_validate_dss_pqg(struct dsa_params *pub, struct dss_params_validation_seeds* cert, unsigned index); int -_dsa_validate_dss_pq(struct dsa_public_key *pub, +_dsa_validate_dss_pq(struct dsa_params *pub, struct dss_params_validation_seeds* cert); int -_dsa_validate_dss_g(struct dsa_public_key *pub, +_dsa_validate_dss_g(struct dsa_params *pub, unsigned domain_seed_size, const uint8_t *domain_seed, unsigned index); unsigned _dsa_check_qp_sizes(unsigned q_bits, unsigned p_bits, unsigned generate); @@ -85,21 +86,22 @@ unsigned _dsa_check_qp_sizes(unsigned q_bits, unsigned p_bits, unsigned generate /* The following low-level functions can be used for DH key exchange as well */ int -_dsa_generate_dss_pq(struct dsa_public_key *pub, +_dsa_generate_dss_pq(struct dsa_params *pub, struct dss_params_validation_seeds* cert, unsigned seed_length, void* seed, void *progress_ctx, nettle_progress_func *progress, unsigned p_bits, unsigned q_bits); int -_dsa_generate_dss_g(struct dsa_public_key *pub, +_dsa_generate_dss_g(struct dsa_params *pub, unsigned domain_seed_size, const uint8_t* domain_seed, void *progress_ctx, nettle_progress_func * progress, unsigned index); void -_dsa_generate_dss_xy(struct dsa_public_key *pub, - struct dsa_private_key *key, +_dsa_generate_dss_xy(struct dsa_params *pub, + mpz_t y, + mpz_t x, void *random_ctx, nettle_random_func *random); #define DIGEST_SIZE SHA384_DIGEST_SIZE diff --git a/lib/nettle/int/dsa-keygen-fips186.c b/lib/nettle/int/dsa-keygen-fips186.c index 1ac9441ff9..efe81ed89d 100644 --- a/lib/nettle/int/dsa-keygen-fips186.c +++ b/lib/nettle/int/dsa-keygen-fips186.c @@ -65,7 +65,7 @@ unsigned _dsa_check_qp_sizes(unsigned q_bits, unsigned p_bits, unsigned generate * The hash function used is SHA384. */ int -_dsa_generate_dss_pq(struct dsa_public_key *pub, +_dsa_generate_dss_pq(struct dsa_params *params, struct dss_params_validation_seeds *cert, unsigned seed_length, void *seed, void *progress_ctx, nettle_progress_func * progress, @@ -106,7 +106,7 @@ _dsa_generate_dss_pq(struct dsa_public_key *pub, cert->qseed_length = sizeof(cert->qseed); cert->pseed_length = sizeof(cert->pseed); - ret = st_provable_prime(pub->q, + ret = st_provable_prime(params->q, &cert->qseed_length, cert->qseed, &cert->qgen_counter, q_bits, @@ -162,24 +162,24 @@ _dsa_generate_dss_pq(struct dsa_public_key *pub, /* t = u[x/2c0] */ mpz_mul_2exp(dp0, p0, 1); /* dp0 = 2*p0 */ - mpz_mul(dp0, dp0, pub->q); /* dp0 = 2*p0*q */ + mpz_mul(dp0, dp0, params->q); /* dp0 = 2*p0*q */ mpz_cdiv_q(t, tmp, dp0); retry: /* c = 2p0*q*t + 1 */ - mpz_mul(pub->p, dp0, t); - mpz_add_ui(pub->p, pub->p, 1); + mpz_mul(params->p, dp0, t); + mpz_add_ui(params->p, params->p, 1); - if (mpz_sizeinbase(pub->p, 2) > p_bits) { + if (mpz_sizeinbase(params->p, 2) > p_bits) { /* t = 2^(bits-1)/2qp0 */ mpz_set_ui(tmp, 1); mpz_mul_2exp(tmp, tmp, p_bits - 1); mpz_cdiv_q(t, tmp, dp0); /* p = t* 2tq p0 + 1 */ - mpz_mul(pub->p, dp0, t); - mpz_add_ui(pub->p, pub->p, 1); + mpz_mul(params->p, dp0, t); + mpz_add_ui(params->p, params->p, 1); } cert->pgen_counter++; @@ -204,20 +204,20 @@ _dsa_generate_dss_pq(struct dsa_public_key *pub, nettle_mpz_get_str_256(cert->pseed_length, cert->pseed, s); /* a = 2 + (a mod (p-3)) */ - mpz_sub_ui(tmp, pub->p, 3); /* c is too large to worry about negatives */ + mpz_sub_ui(tmp, params->p, 3); /* c is too large to worry about negatives */ mpz_mod(r, r, tmp); mpz_add_ui(r, r, 2); /* z = a^(2tq) mod p */ mpz_mul_2exp(tmp, t, 1); /* tmp = 2t */ - mpz_mul(tmp, tmp, pub->q); /* tmp = 2tq */ - mpz_powm(z, r, tmp, pub->p); + mpz_mul(tmp, tmp, params->q); /* tmp = 2tq */ + mpz_powm(z, r, tmp, params->p); mpz_sub_ui(tmp, z, 1); - mpz_gcd(tmp, tmp, pub->p); + mpz_gcd(tmp, tmp, params->p); if (mpz_cmp_ui(tmp, 1) == 0) { - mpz_powm(tmp, z, p0, pub->p); + mpz_powm(tmp, z, p0, params->p); if (mpz_cmp_ui(tmp, 1) == 0) { goto success; } @@ -255,7 +255,7 @@ _dsa_generate_dss_pq(struct dsa_public_key *pub, } int -_dsa_generate_dss_g(struct dsa_public_key *pub, +_dsa_generate_dss_g(struct dsa_params *params, unsigned domain_seed_size, const uint8_t* domain_seed, void *progress_ctx, nettle_progress_func * progress, unsigned index) @@ -288,8 +288,8 @@ _dsa_generate_dss_g(struct dsa_public_key *pub, *(dseed + pos) = (uint8_t) index; pos += 1; - mpz_sub_ui(e, pub->p, 1); - mpz_fdiv_q(e, e, pub->q); + mpz_sub_ui(e, params->p, 1); + mpz_fdiv_q(e, e, params->q); for (count = 1; count < 65535; count++) { *(dseed + pos) = (count >> 8) & 0xff; @@ -299,9 +299,9 @@ _dsa_generate_dss_g(struct dsa_public_key *pub, nettle_mpz_set_str_256_u(w, DIGEST_SIZE, digest); - mpz_powm(pub->g, w, e, pub->p); + mpz_powm(params->g, w, e, params->p); - if (mpz_cmp_ui(pub->g, 2) >= 0) { + if (mpz_cmp_ui(params->g, 2) >= 0) { /* found */ goto success; } @@ -332,19 +332,19 @@ _dsa_generate_dss_g(struct dsa_public_key *pub, /* Generates the public and private DSA (or DH) keys */ void -_dsa_generate_dss_xy(struct dsa_public_key *pub, - struct dsa_private_key *key, +_dsa_generate_dss_xy(struct dsa_params *params, + mpz_t y, mpz_t x, void *random_ctx, nettle_random_func * random) { mpz_t r; mpz_init(r); - mpz_set(r, pub->q); + mpz_set(r, params->q); mpz_sub_ui(r, r, 2); - nettle_mpz_random(key->x, random_ctx, random, r); - mpz_add_ui(key->x, key->x, 1); + nettle_mpz_random(x, random_ctx, random, r); + mpz_add_ui(x, x, 1); - mpz_powm(pub->y, pub->g, key->x, pub->p); + mpz_powm(y, params->g, x, params->p); mpz_clear(r); } @@ -364,7 +364,7 @@ _dsa_generate_dss_xy(struct dsa_public_key *pub, * */ int -dsa_generate_dss_pqg(struct dsa_public_key *pub, +dsa_generate_dss_pqg(struct dsa_params *params, struct dss_params_validation_seeds *cert, unsigned index, void *random_ctx, nettle_random_func * random, @@ -386,7 +386,7 @@ dsa_generate_dss_pqg(struct dsa_public_key *pub, random(random_ctx, cert->seed_length, cert->seed); - ret = _dsa_generate_dss_pq(pub, cert, cert->seed_length, cert->seed, + ret = _dsa_generate_dss_pq(params, cert, cert->seed_length, cert->seed, progress_ctx, progress, p_bits, q_bits); if (ret == 0) return 0; @@ -395,7 +395,7 @@ dsa_generate_dss_pqg(struct dsa_public_key *pub, memcpy(domain_seed, cert->seed, cert->seed_length); memcpy(&domain_seed[cert->seed_length], cert->pseed, cert->pseed_length); memcpy(&domain_seed[cert->seed_length+cert->pseed_length], cert->qseed, cert->qseed_length); - ret = _dsa_generate_dss_g(pub, domain_seed_size, domain_seed, + ret = _dsa_generate_dss_g(params, domain_seed_size, domain_seed, progress_ctx, progress, index); if (ret == 0) return 0; @@ -405,12 +405,13 @@ dsa_generate_dss_pqg(struct dsa_public_key *pub, } int -dsa_generate_dss_keypair(struct dsa_public_key *pub, - struct dsa_private_key *key, +dsa_generate_dss_keypair(struct dsa_params *params, + mpz_t y, + mpz_t x, void *random_ctx, nettle_random_func * random, void *progress_ctx, nettle_progress_func * progress) { - _dsa_generate_dss_xy(pub, key, random_ctx, random); + _dsa_generate_dss_xy(params, y, x, random_ctx, random); if (progress) progress(progress_ctx, '\n'); diff --git a/lib/nettle/int/dsa-validate.c b/lib/nettle/int/dsa-validate.c index daa39dadfe..b86ef3d9b9 100644 --- a/lib/nettle/int/dsa-validate.c +++ b/lib/nettle/int/dsa-validate.c @@ -48,7 +48,7 @@ * */ int -dsa_validate_dss_pqg(struct dsa_public_key *pub, +dsa_validate_dss_pqg(struct dsa_params *pub, struct dss_params_validation_seeds *cert, unsigned index) { int ret; @@ -72,12 +72,12 @@ dsa_validate_dss_pqg(struct dsa_public_key *pub, } int -_dsa_validate_dss_g(struct dsa_public_key *pub, +_dsa_validate_dss_g(struct dsa_params *pub, unsigned domain_seed_size, const uint8_t *domain_seed, unsigned index) { int ret; unsigned p_bits, q_bits; - struct dsa_public_key pub2; + struct dsa_params pub2; mpz_t r; p_bits = mpz_sizeinbase(pub->p, 2); @@ -89,7 +89,7 @@ _dsa_validate_dss_g(struct dsa_public_key *pub, } mpz_init(r); - dsa_public_key_init(&pub2); + dsa_params_init(&pub2); mpz_set(pub2.p, pub->p); mpz_set(pub2.q, pub->q); @@ -132,19 +132,19 @@ _dsa_validate_dss_g(struct dsa_public_key *pub, ret = 0; finish: - dsa_public_key_clear(&pub2); + dsa_params_clear(&pub2); mpz_clear(r); return ret; } int -_dsa_validate_dss_pq(struct dsa_public_key *pub, +_dsa_validate_dss_pq(struct dsa_params *pub, struct dss_params_validation_seeds *cert) { int ret; unsigned p_bits, q_bits; - struct dsa_public_key pub2; + struct dsa_params pub2; struct dss_params_validation_seeds cert2; mpz_t r, s; @@ -158,7 +158,7 @@ _dsa_validate_dss_pq(struct dsa_public_key *pub, mpz_init(r); mpz_init(s); - dsa_public_key_init(&pub2); + dsa_params_init(&pub2); nettle_mpz_set_str_256_u(s, cert->seed_length, cert->seed); @@ -235,7 +235,7 @@ _dsa_validate_dss_pq(struct dsa_public_key *pub, ret = 0; finish: - dsa_public_key_clear(&pub2); + dsa_params_clear(&pub2); mpz_clear(r); mpz_clear(s); diff --git a/lib/nettle/pk.c b/lib/nettle/pk.c index fa6a10164a..11f2c8dacf 100644 --- a/lib/nettle/pk.c +++ b/lib/nettle/pk.c @@ -78,15 +78,6 @@ ecc_point_zclear (struct ecc_point *p) ecc_point_clear(p); } - -static void -_dsa_params_to_pubkey(const gnutls_pk_params_st * pk_params, - mpz_t *y) -{ - if (pk_params->params[DSA_Y] != NULL) - memcpy(y, pk_params->params[DSA_Y], SIZEOF_MPZT); -} - static void _dsa_params_get(const gnutls_pk_params_st * pk_params, struct dsa_params *pub) @@ -98,13 +89,6 @@ _dsa_params_get(const gnutls_pk_params_st * pk_params, memcpy(pub->g, pk_params->params[DSA_G], SIZEOF_MPZT); } -static void -_dsa_params_to_privkey(const gnutls_pk_params_st * pk_params, - mpz_t *x) -{ - memcpy(x, pk_params->params[4], SIZEOF_MPZT); -} - static void _rsa_params_to_privkey(const gnutls_pk_params_st * pk_params, struct rsa_private_key *priv) @@ -514,15 +498,14 @@ _wrap_nettle_pk_sign(gnutls_pk_algorithm_t algo, case GNUTLS_PK_DSA: { struct dsa_params pub; - mpz_t y; - mpz_t priv; + bigint_t priv; struct dsa_signature sig; memset(&priv, 0, sizeof(priv)); memset(&pub, 0, sizeof(pub)); _dsa_params_get(pk_params, &pub); - _dsa_params_to_pubkey(pk_params, &y); - _dsa_params_to_privkey(pk_params, &priv); + + priv = pk_params->params[DSA_X]; dsa_signature_init(&sig); @@ -538,7 +521,7 @@ _wrap_nettle_pk_sign(gnutls_pk_algorithm_t algo, } ret = - dsa_sign(&pub, priv, NULL, rnd_func, + dsa_sign(&pub, TOMPZ(priv), NULL, rnd_func, hash_len, vdata->data, &sig); if (ret == 0) { gnutls_assert(); @@ -667,8 +650,8 @@ _wrap_nettle_pk_verify(gnutls_pk_algorithm_t algo, case GNUTLS_PK_DSA: { struct dsa_params pub; - mpz_t y; struct dsa_signature sig; + bigint_t y; ret = _gnutls_decode_ber_rs(signature, &tmp[0], @@ -679,7 +662,8 @@ _wrap_nettle_pk_verify(gnutls_pk_algorithm_t algo, } memset(&pub, 0, sizeof(pub)); _dsa_params_get(pk_params, &pub); - _dsa_params_to_pubkey(pk_params, &y); + y = pk_params->params[DSA_Y]; + memcpy(sig.r, tmp[0], SIZEOF_MPZT); memcpy(sig.s, tmp[1], SIZEOF_MPZT); @@ -689,7 +673,7 @@ _wrap_nettle_pk_verify(gnutls_pk_algorithm_t algo, hash_len = vdata->size; ret = - dsa_verify(&pub, y, hash_len, vdata->data, &sig); + dsa_verify(&pub, TOMPZ(y), hash_len, vdata->data, &sig); if (ret == 0) { gnutls_assert(); ret = GNUTLS_E_PK_SIG_VERIFY_FAILED; @@ -1151,20 +1135,18 @@ wrap_nettle_pk_generate_keys(gnutls_pk_algorithm_t algo, #ifdef ENABLE_FIPS140 if (_gnutls_fips_mode_enabled() != 0) { struct dsa_params pub; - mpz_t y; - mpz_t priv; + mpz_t x, y; if (params->params[DSA_Q] == NULL) return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); _dsa_params_get(params, &pub); - _dsa_params_to_pubkey(params, &y); - dsa_private_key_init(&priv); - mpz_init(pub.y); + mpz_init(x); + mpz_init(y); ret = - dsa_generate_dss_keypair(&pub, &priv, + dsa_generate_dss_keypair(&pub, y, x, NULL, rnd_func, NULL, NULL); if (ret != 1) { @@ -1179,13 +1161,13 @@ wrap_nettle_pk_generate_keys(gnutls_pk_algorithm_t algo, goto dsa_fail; } - mpz_set(TOMPZ(params->params[DSA_Y]), pub.y); - mpz_set(TOMPZ(params->params[DSA_X]), priv.x); + mpz_set(TOMPZ(params->params[DSA_Y]), y); + mpz_set(TOMPZ(params->params[DSA_X]), x); params->params_nr += 2; dsa_fail: - dsa_private_key_clear(&priv); - mpz_clear(pub.y); + mpz_clear(x); + mpz_clear(y); if (ret < 0) goto fail;