fi
AM_CONDITIONAL(ENABLE_NON_SUITEB_CURVES, test "$enable_non_suiteb" = "yes")
+AC_ARG_ENABLE(dsa,
+ AS_HELP_STRING([--disable-dsa], [disable DSA]),
+ enable_dsa=$enableval, enable_dsa=yes)
+if test x$enable_dsa != xno; then
+ AC_DEFINE([ENABLE_DSA], 1, [Define if DSA is enabled.])
+fi
+AM_CONDITIONAL([ENABLE_DSA], [test x$enable_dsa != xno])
+
# We MUST require a Nettle version that has rsa_sec_decrypt now.
save_LIBS=$LIBS
LIBS="$LIBS $HOGWEED_LIBS $NETTLE_LIBS $GMP_LIBS"
"kTlCAhxYGpVgtfB96qmJukyl9GOGvfkwFTgEyIDoV84M\n"
"-----END DSA PRIVATE KEY-----\n";
+#ifdef ENABLE_DSA
static const char dsa_2048_sig[] =
"\x30\x3d\x02\x1d\x00\xbe\x87\x2f\xcf\xa1\xe4\x86\x5c\x72\x58\x4a"
"\x7b\x8f\x32\x7f\xa5\x1b\xdc\x5c\xae\xda\x98\xea\x15\x32\xed\x0c"
"\x4e\x02\x1c\x4c\x76\x01\x2b\xcd\xb9\x33\x95\xf2\xfa\xde\x56\x01"
"\xb7\xaa\xe4\x5a\x4a\x2e\xf1\x24\x5a\xd1\xb5\x83\x9a\x93\x61";
+#endif
/* secp256r1 private key and signature */
static const char ecdsa_secp256r1_privkey[] =
return 0;
FALLTHROUGH;
+#ifdef ENABLE_DSA
case GNUTLS_PK_DSA:
if (is_post || !is_fips140_mode_enabled) {
PK_KNOWN_TEST(GNUTLS_PK_DSA, 2048, GNUTLS_DIG_SHA256,
return 0;
FALLTHROUGH;
+#endif
case GNUTLS_PK_EC:
/* Test ECDH and ECDSA */
ret = test_ecdh();
}
break;
}
+#ifdef ENABLE_DSA
case GNUTLS_PK_DSA: {
struct dsa_params pub;
bigint_t priv;
}
break;
}
+#endif
case GNUTLS_PK_RSA: {
struct rsa_private_key priv;
struct rsa_public_key pub;
ecc_point_clear(&pub);
break;
}
+#ifdef ENABLE_DSA
case GNUTLS_PK_DSA: {
struct dsa_params pub;
struct dsa_signature sig;
break;
}
+#endif
case GNUTLS_PK_RSA: {
struct rsa_public_key pub;
size_t bits;
{
switch (pk) {
case GNUTLS_PK_RSA:
+#ifdef ENABLE_DSA
case GNUTLS_PK_DSA:
+#endif
case GNUTLS_PK_DH:
case GNUTLS_PK_ECDSA:
case GNUTLS_PK_ECDH_X25519:
{
switch (sign) {
case GNUTLS_SIGN_RSA_SHA1:
+#ifdef ENABLE_DSA
case GNUTLS_SIGN_DSA_SHA1:
+#endif
case GNUTLS_SIGN_RSA_MD5:
case GNUTLS_SIGN_RSA_MD2:
case GNUTLS_SIGN_RSA_RMD160:
case GNUTLS_SIGN_RSA_SHA384:
case GNUTLS_SIGN_RSA_SHA512:
case GNUTLS_SIGN_RSA_SHA224:
+#ifdef ENABLE_DSA
case GNUTLS_SIGN_DSA_SHA224:
case GNUTLS_SIGN_DSA_SHA256:
+#endif
case GNUTLS_SIGN_ECDSA_SHA1:
case GNUTLS_SIGN_ECDSA_SHA224:
case GNUTLS_SIGN_ECDSA_SHA256:
case GNUTLS_SIGN_ECDSA_SHA384:
case GNUTLS_SIGN_ECDSA_SHA512:
+#ifdef ENABLE_DSA
case GNUTLS_SIGN_DSA_SHA384:
case GNUTLS_SIGN_DSA_SHA512:
+#endif
case GNUTLS_SIGN_ECDSA_SHA3_224:
case GNUTLS_SIGN_ECDSA_SHA3_256:
case GNUTLS_SIGN_ECDSA_SHA3_384:
case GNUTLS_SIGN_ECDSA_SHA3_512:
+#ifdef ENABLE_DSA
case GNUTLS_SIGN_DSA_SHA3_224:
case GNUTLS_SIGN_DSA_SHA3_256:
case GNUTLS_SIGN_DSA_SHA3_384:
case GNUTLS_SIGN_DSA_SHA3_512:
+#endif
case GNUTLS_SIGN_RSA_SHA3_224:
case GNUTLS_SIGN_RSA_SHA3_256:
case GNUTLS_SIGN_RSA_SHA3_384:
params->algo = algo;
switch (algo) {
+#ifdef ENABLE_DSA
case GNUTLS_PK_DSA:
+#endif
case GNUTLS_PK_DH: {
struct dsa_params pub;
struct dss_params_validation_seeds cert;
case GNUTLS_PK_EC: /* we only do keys for ECDSA */
case GNUTLS_PK_EDDSA_ED25519:
case GNUTLS_PK_EDDSA_ED448:
+#ifdef ENABLE_DSA
case GNUTLS_PK_DSA:
+#endif
case GNUTLS_PK_RSA_PSS:
case GNUTLS_PK_GOST_01:
case GNUTLS_PK_GOST_12_256:
}
switch (algo) {
+#ifdef ENABLE_DSA
case GNUTLS_PK_DSA:
#ifdef ENABLE_FIPS140
if (_gnutls_fips_mode_enabled() != 0) {
}
#endif
FALLTHROUGH;
+#endif
case GNUTLS_PK_DH: {
struct dsa_params pub;
mpz_t r;
}
break;
- case GNUTLS_PK_DH:
- case GNUTLS_PK_DSA: {
+#ifdef ENABLE_DSA
+ case GNUTLS_PK_DSA:
+#endif
+ case GNUTLS_PK_DH: {
bigint_t t1 = NULL;
if (params->params_nr != DSA_PRIVATE_PARAMS)
case GNUTLS_PK_RSA:
case GNUTLS_PK_RSA_PSS:
case GNUTLS_PK_RSA_OAEP:
+#ifdef ENABLE_DSA
case GNUTLS_PK_DSA:
+#endif
case GNUTLS_PK_EDDSA_ED25519:
case GNUTLS_PK_EDDSA_ED448:
return 0;
return 0;
}
+#ifdef ENABLE_DSA
static int calc_dsa_pub(gnutls_pk_params_st *params)
{
int ret;
return 0;
}
+#endif
static int wrap_nettle_pk_fixup(gnutls_pk_algorithm_t algo,
gnutls_direction_t direction,
params->spki.salt_size, pub_size,
GNUTLS_E_PK_INVALID_PUBKEY_PARAMS);
}
- } else if (algo == GNUTLS_PK_DSA) {
+ }
+#ifdef ENABLE_DSA
+ else if (algo == GNUTLS_PK_DSA) {
if (params->params[DSA_Y] == NULL) {
ret = calc_dsa_pub(params);
if (ret < 0)
params->params_nr++;
}
}
+#endif
#if ENABLE_GOST
else if (algo == GNUTLS_PK_GOST_01 || algo == GNUTLS_PK_GOST_12_256 ||
algo == GNUTLS_PK_GOST_12_512) {
TESTS_ENVIRONMENT += ENABLE_SSL3=0
endif
+if ENABLE_DSA
+TESTS_ENVIRONMENT += ENABLE_DSA=1
+else
+TESTS_ENVIRONMENT += ENABLE_DSA=0
+endif
+
if ENABLE_GOST
TESTS_ENVIRONMENT += ENABLE_GOST=1
else
: ${CERTTOOL=../../src/certtool${EXEEXT}}
+if test "x$ENABLE_DSA" != "x1"; then
+ exit 77
+fi
+
if ! test -x "${CERTTOOL}"; then
exit 77
fi
: ${DIFF=diff}
OUTFILE=provable-dh$$.tmp
+if test "x$ENABLE_DSA" != "x1"; then
+ exit 77
+fi
+
if ! test -x "${CERTTOOL}"; then
exit 77
fi
: ${DIFF=diff}
OUTFILE=provable-dh$$.tmp
+if test "x$ENABLE_DSA" != "x1"; then
+ exit 77
+fi
+
if ! test -x "${CERTTOOL}"; then
exit 77
fi
: ${DIFF=diff}
OUTFILE=provable-privkey.tmp
+if test "x$ENABLE_DSA" != "x1"; then
+ exit 77
+fi
+
if ! test -x "${CERTTOOL}"; then
exit 77
fi
: ${DIFF=diff}
OUTFILE=provable-privkey$$.tmp
+if test "x$ENABLE_DSA" != "x1"; then
+ exit 77
+fi
+
if ! test -x "${CERTTOOL}"; then
exit 77
fi
USERFILE=user-dsa.$$.tmp
VERIFYFILE=verify-dsa.$$.tmp
+if test "x$ENABLE_DSA" != "x1"; then
+ exit 77
+fi
+
if ! test -x "${CERTTOOL}"; then
exit 77
fi
#include "config.h"
#endif
-#include <stdio.h>
#include <stdlib.h>
+
+#ifndef ENABLE_DSA
+
+int main(int argc, char **argv)
+{
+ exit(77);
+}
+
+#else
+
+#include <stdio.h>
#include <string.h>
#include <sys/types.h>
#if !defined(_WIN32)
if (debug)
success("success");
}
+
+#endif /* ENABLE_DSA */
.pk = GNUTLS_PK_RSA,
.digest = GNUTLS_DIG_SHA256,
.sigalgo = GNUTLS_SIGN_RSA_SHA256 },
+#ifdef ENABLE_DSA
{ .name = "dsa key",
.key = { (void *)clidsa_ca3_key_pem, sizeof(clidsa_ca3_key_pem) - 1 },
.cert = { (void *)clidsa_ca3_cert_pem,
.pk = GNUTLS_PK_DSA,
.digest = GNUTLS_DIG_SHA1,
.sigalgo = GNUTLS_SIGN_DSA_SHA1 },
+#endif
{ .name = "ecdsa key",
.key = { (void *)server_ca3_ecc_key_pem,
sizeof(server_ca3_ecc_key_pem) - 1 },
"9Yzpq6gAi39ZK+LjopgGDkrQjxzBIaoe2bcDqB7X\n"
"-----END X509 CRL-----\n";
+#ifdef ENABLE_DSA
static const char crl_dsa[] =
"-----BEGIN X509 CRL-----\n"
"MIGmMGUwCwYHKoZIzjgEAwUAMDgxCzAJBgNVBAYTAnVzMQwwCgYDVQQKEwNzdW4x\n"
"NTE3MTk1OTQwWjALBgcqhkjOOAQDBQADMAAwLQIUBBFLGYjUCVrRTGf3GTR6SGs/\n"
"accCFQCUhnSmr+CXCWKq8DtydVwH9FLsRA==\n"
"-----END X509 CRL-----\n";
+#endif
static const char crl_rsa_sha1[] =
"-----BEGIN X509 CRL-----\n"
.crt_count = 0,
.this_update = 1410598756,
.next_update = 1442134756 },
+#ifdef ENABLE_DSA
{ .name = "crl-dsa",
.crl = crl_dsa,
.sign_algo = GNUTLS_SIGN_DSA_SHA1,
.crt_count = 0,
.this_update = 1116359980,
.next_update = 1147895980 },
+#endif
{ .name = "crl-rsa-sha1",
.crl = crl_rsa_sha1,
.sign_algo = GNUTLS_SIGN_RSA_SHA1,
for (algorithm = GNUTLS_PK_RSA; algorithm <= GNUTLS_PK_DSA;
algorithm++) {
+#ifndef ENABLE_DSA
+ if (algorithm == GNUTLS_PK_DSA)
+ continue;
+#endif
ret = gnutls_x509_crq_init(&crq);
if (ret < 0)
fail("gnutls_x509_crq_init: %d: %s\n", ret,
* ...
*/
+#include <stdlib.h>
+
+#ifndef ENABLE_DSA
+
+int main(int argc, char **argv)
+{
+ exit(77);
+}
+
+#else
+
#include <stdio.h>
#include <stdarg.h>
-#include <stdlib.h>
#include "utils.h"
#include <gnutls/gnutls.h>
return 0;
}
+
+#endif /* ENABLE_DSA */
*
*/
+#include <stdlib.h>
+
+#ifndef ENABLE_DSA
+
+int main(int argc, char **argv)
+{
+ exit(77);
+}
+
+#else
+
#include <stdio.h>
#include <stdarg.h>
-#include <stdlib.h>
#include <string.h>
#include "utils.h"
return 0;
}
+
+#endif /* ENABLE_DSA */
for (i = GNUTLS_SIGN_UNKNOWN + 1; i <= GNUTLS_SIGN_MAX; i++) {
if (i == 19)
continue;
+#ifndef ENABLE_DSA
+ if (i == GNUTLS_SIGN_DSA_SHA1 || i == GNUTLS_SIGN_DSA_SHA224 ||
+ i == GNUTLS_SIGN_DSA_SHA256 ||
+ i == GNUTLS_SIGN_DSA_SHA384 ||
+ i == GNUTLS_SIGN_DSA_SHA512 ||
+ i == GNUTLS_SIGN_DSA_SHA3_224 ||
+ i == GNUTLS_SIGN_DSA_SHA3_256 ||
+ i == GNUTLS_SIGN_DSA_SHA3_384 ||
+ i == GNUTLS_SIGN_DSA_SHA3_512)
+ continue;
+#endif
check_unique_non_null(gnutls_sign_algorithm_get_name(i));
}
.sig = GNUTLS_SIGN_RSA_PSS_SHA256,
.key = &server_ca3_rsa_pss2_key,
},
+#ifdef ENABLE_DSA
{
.name = "dsa key",
.pk = GNUTLS_PK_DSA,
.sig = GNUTLS_SIGN_DSA_SHA1,
.key = &dsa_key,
},
+#endif
{
.name = "ed25519 key (PKCS#8)",
.pk = GNUTLS_PK_EDDSA_ED25519,
{ &_rsa_u, NULL, &_rsa_e2 },
};
gnutls_privkey_t key;
- gnutls_datum_t p, q, g, y, x;
+#ifdef ENABLE_DSA
+ gnutls_datum_t g;
+#endif
+ gnutls_datum_t p, q, y, x;
gnutls_datum_t m, e, u, e1, e2, d;
gnutls_ecc_curve_t curve;
#ifdef ENABLE_GOST
global_init();
+#ifdef ENABLE_DSA
ret = gnutls_privkey_init(&key);
if (ret < 0)
fail("error\n");
gnutls_free(y.data);
gnutls_free(x.data);
gnutls_privkey_deinit(key);
+#endif
/* RSA */
return 0;
}
+#ifdef ENABLE_DSA
static int check_dsa(void)
{
gnutls_privkey_t key;
return 0;
}
+#endif
static int check_rsa(void)
{
exit(1);
}
+#ifdef ENABLE_DSA
if (check_dsa() != 0) {
fail("error in DSA check\n");
exit(1);
}
+#endif
if (check_rsa() != 0) {
fail("error in RSA check\n");
for (algorithm = GNUTLS_PK_RSA; algorithm <= GNUTLS_PK_MAX;
algorithm++) {
if (algorithm == GNUTLS_PK_DH ||
+#ifndef ENABLE_DSA
+ algorithm == GNUTLS_PK_DSA ||
+#endif
algorithm == GNUTLS_PK_ECDH_X25519 ||
algorithm == GNUTLS_PK_ECDH_X448)
continue;
unsigned i;
CHECK_INSECURE_FOR_CERTS_SIG(GNUTLS_SIGN_RSA_SHA1);
+#ifdef ENABLE_DSA
CHECK_INSECURE_FOR_CERTS_SIG(GNUTLS_SIGN_DSA_SHA1);
+#endif
CHECK_INSECURE_FOR_CERTS_SIG(GNUTLS_SIGN_ECDSA_SHA1);
CHECK_INSECURE_SIG(GNUTLS_SIGN_RSA_MD5);
};
/* Test vectors from RFC 6979 */
+#ifdef ENABLE_DSA
static const char dsa_privkey_rfc6979[] =
"-----BEGIN DSA PRIVATE KEY-----\n"
"MIIBugIBAAKBgQCG9coD3P6yJQY/+DCgx2m53Z1hU62R184n94fEMni0R+ZTO4ax\n"
"xeRzUIJTseaC9ly9xPrpPC6iEjkOVJBahuIiMXC0Tqp9pd2f/Pt/OwIUQRYCyxmm\n"
"zMNElNedmO8eftWvJfc=\n"
"-----END DSA PRIVATE KEY-----\n";
+#endif
static const char ecdsa_secp256r1_privkey_rfc6979[] =
"-----BEGIN EC PRIVATE KEY-----\n"
static const char sample[] = "sample";
static const struct _key_tests_st tests[] = {
+#ifdef ENABLE_DSA
{ .name = "dsa key",
.key = { (void *)dsa_privkey_rfc6979,
sizeof(dsa_privkey_rfc6979) - 1 },
.digest = GNUTLS_DIG_SHA256,
.sigalgo = GNUTLS_SIGN_DSA_SHA256,
.sign_flags = GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE },
+#endif
{ .name = "ecdsa key",
.key = { (void *)ecdsa_secp256r1_privkey_rfc6979,
sizeof(ecdsa_secp256r1_privkey_rfc6979) - 1 },
generate_temp_rsa_privkey "${TOKEN}" "${TEST_PIN}" 2048
delete_temp_privkey "${TOKEN}" "${TEST_PIN}" rsa-2048
-generate_temp_dsa_privkey "${TOKEN}" "${TEST_PIN}" 3072
-delete_temp_privkey "${TOKEN}" "${TEST_PIN}" dsa-3072
+if test "x$ENABLE_DSA" = "x1"; then
+ generate_temp_dsa_privkey "${TOKEN}" "${TEST_PIN}" 3072
+ delete_temp_privkey "${TOKEN}" "${TEST_PIN}" dsa-3072
+fi
import_temp_rsa_privkey "${TOKEN}" "${TEST_PIN}" 1024
delete_temp_privkey "${TOKEN}" "${TEST_PIN}" rsa-1024
import_temp_ecc_privkey "${TOKEN}" "${TEST_PIN}" 256
delete_temp_privkey "${TOKEN}" "${TEST_PIN}" ecc-256
-import_temp_dsa_privkey "${TOKEN}" "${TEST_PIN}" 2048
-delete_temp_privkey "${TOKEN}" "${TEST_PIN}" dsa-2048
+
+if test "x$ENABLE_DSA" = "x1"; then
+ import_temp_dsa_privkey "${TOKEN}" "${TEST_PIN}" 2048
+ delete_temp_privkey "${TOKEN}" "${TEST_PIN}" dsa-2048
+fi
if test $have_ed25519 != 0;then
import_temp_ed25519_privkey "${TOKEN}" "${TEST_PIN}" ed25519
"QcDzQ8REwidsfh9uKAluk1c/KQ==\n"
"-----END CERTIFICATE-----\n";
+#ifdef ENABLE_DSA
static char pem2_key[] =
"-----BEGIN DSA PRIVATE KEY-----\n"
"MIIBugIBAAKBgQC5hPVagb4aDcWKc48Mmy+btg5Lw3Qaf2StnfMoxaBHvJtXVvGX\n"
"jlvXN8gyPpbCPvRD2n2RAg+3vPjvj/dBAF6W3w8IltzqsukGgq/SLwIUS5/r/2ya\n"
"AoNBXjeBjgCGMei2m8E=\n"
"-----END DSA PRIVATE KEY-----\n";
+#endif
const gnutls_datum_t cert_dat[] = { { (void *)pem1_cert, sizeof(pem1_cert) },
{ (void *)pem2_cert, sizeof(pem2_cert) } };
const gnutls_datum_t key_dat[] = { { (void *)pem1_key, sizeof(pem1_key) },
- { (void *)pem2_key, sizeof(pem2_key) } };
+#ifdef ENABLE_DSA
+ { (void *)pem2_key, sizeof(pem2_key) }
+#endif
+};
void _gnutls_lib_simulate_error(void);
void _gnutls_lib_force_operational(void);
projects / thirdparty / gnutls.git / commitdiff
