diff options
author | Niels Möller <nisse@lysator.liu.se> | 2014-03-27 06:22:59 +0100 |
---|---|---|
committer | Niels Möller <nisse@lysator.liu.se> | 2014-03-27 06:22:59 +0100 |
commit | 27ea18ab63fed4413f7ceaea9e167f5267080648 (patch) | |
tree | 0bba4f7a3aecc902baf05161591fe608669c279f | |
parent | bf85a3dbdfbd25f02f5eff19bd508a0d54643d5e (diff) | |
download | nettle-27ea18ab63fed4413f7ceaea9e167f5267080648.tar.gz |
New function dsa_generate_params.
-rw-r--r-- | ChangeLog | 6 | ||||
-rw-r--r-- | Makefile.in | 3 | ||||
-rw-r--r-- | dsa-gen-params.c | 107 | ||||
-rw-r--r-- | dsa-keygen.c | 61 | ||||
-rw-r--r-- | dsa.h | 7 |
5 files changed, 134 insertions, 50 deletions
@@ -1,3 +1,9 @@ +2014-03-27 Niels Möller <nisse@lysator.liu.se> + + * dsa-gen-params.c (dsa_generate_params): New file and function, + extracted from DSA key generation. + * dsa-keygen.c (dsa_generate_keypair): Use dsa_generate_params. + 2014-03-26 Niels Möller <nisse@lysator.liu.se> * der2dsa.c (dsa_params_from_der_iterator): Converted to new DSA diff --git a/Makefile.in b/Makefile.in index e61cbd03..0faae075 100644 --- a/Makefile.in +++ b/Makefile.in @@ -148,7 +148,8 @@ hogweed_SOURCES = sexp.c sexp-format.c \ rsa-encrypt.c rsa-decrypt.c rsa-decrypt-tr.c \ rsa-keygen.c rsa-compat.c rsa-blind.c \ rsa2sexp.c sexp2rsa.c \ - dsa.c dsa-sign.c dsa-verify.c dsa-keygen.c dsa-hash.c \ + dsa.c dsa-gen-params.c \ + dsa-sign.c dsa-verify.c dsa-keygen.c dsa-hash.c \ dsa-sha1-sign.c dsa-sha1-verify.c \ dsa-sha256-sign.c dsa-sha256-verify.c \ dsa2sexp.c sexp2dsa.c \ diff --git a/dsa-gen-params.c b/dsa-gen-params.c new file mode 100644 index 00000000..ddf3ae1a --- /dev/null +++ b/dsa-gen-params.c @@ -0,0 +1,107 @@ +/* dsa-gen-params.c + * + * Generation of DSA parameters + */ + +/* nettle, low-level cryptographics library + * + * Copyright (C) 2002, 2013, 2014 Niels Möller + * + * The nettle library is free software; you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation; either version 2.1 of the License, or (at your + * option) any later version. + * + * The nettle library is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public + * License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with the nettle library; see the file COPYING.LIB. If not, write to + * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, + * MA 02111-1301, USA. + */ + +#if HAVE_CONFIG_H +# include "config.h" +#endif + +#include <assert.h> +#include <stdlib.h> + +#include "dsa.h" + +#include "bignum.h" +#include "nettle-internal.h" + + +/* Valid sizes, according to FIPS 186-3 are (1024, 160), (2048, 224), + (2048, 256), (3072, 256). */ +int +dsa_generate_params(struct dsa_params *params, + void *random_ctx, nettle_random_func *random, + void *progress_ctx, nettle_progress_func *progress, + unsigned p_bits, unsigned q_bits) +{ + mpz_t r; + unsigned p0_bits; + unsigned a; + + if (q_bits < 30 || p_bits < q_bits + 30) + return 0; + + mpz_init (r); + + nettle_random_prime (params->q, q_bits, 0, random_ctx, random, + progress_ctx, progress); + + if (q_bits >= (p_bits + 2)/3) + _nettle_generate_pocklington_prime (params->p, r, p_bits, 0, + random_ctx, random, + params->q, NULL, params->q); + else + { + mpz_t p0, p0q; + mpz_init (p0); + mpz_init (p0q); + + p0_bits = (p_bits + 3)/2; + + nettle_random_prime (p0, p0_bits, 0, + random_ctx, random, + progress_ctx, progress); + + if (progress) + progress (progress_ctx, 'q'); + + /* Generate p = 2 r q p0 + 1, such that 2^{n-1} < p < 2^n. */ + mpz_mul (p0q, p0, params->q); + + _nettle_generate_pocklington_prime (params->p, r, p_bits, 0, + random_ctx, random, + p0, params->q, p0q); + + mpz_mul (r, r, p0); + + mpz_clear (p0); + mpz_clear (p0q); + } + if (progress) + progress (progress_ctx, 'p'); + + for (a = 2; ; a++) + { + mpz_set_ui (params->g, a); + mpz_powm (params->g, params->g, r, params->p); + if (mpz_cmp_ui (params->g, 1) != 0) + break; + } + + mpz_clear (r); + + if (progress) + progress (progress_ctx, 'g'); + + return 1; +} diff --git a/dsa-keygen.c b/dsa-keygen.c index 71797ddb..36339fd9 100644 --- a/dsa-keygen.c +++ b/dsa-keygen.c @@ -5,7 +5,7 @@ /* nettle, low-level cryptographics library * - * Copyright (C) 2002 Niels Möller + * Copyright (C) 2002, 2014 Niels Möller * * The nettle library is free software; you can redistribute it and/or modify * it under the terms of the GNU Lesser General Public License as published by @@ -36,8 +36,7 @@ /* Valid sizes, according to FIPS 186-3 are (1024, 160), (2048, 224), - (2048, 256), (3072, 256). Currenty, we use only q_bits of 160 or - 256. */ + (2048, 256), (3072, 256). */ int dsa_generate_keypair(struct dsa_public_key *pub, struct dsa_private_key *key, @@ -45,9 +44,8 @@ dsa_generate_keypair(struct dsa_public_key *pub, void *progress_ctx, nettle_progress_func *progress, unsigned p_bits, unsigned q_bits) { - mpz_t p0, p0q, r; - unsigned p0_bits; - unsigned a; + struct dsa_params *params; + mpz_t r; switch (q_bits) { @@ -64,49 +62,16 @@ dsa_generate_keypair(struct dsa_public_key *pub, return 0; } - mpz_init (p0); - mpz_init (p0q); - mpz_init (r); + /* NOTE: Depends on identical layout! */ + params = (struct dsa_params *) pub; - nettle_random_prime (pub->q, q_bits, 0, random_ctx, random, - progress_ctx, progress); - - p0_bits = (p_bits + 3)/2; - - nettle_random_prime (p0, p0_bits, 0, - random_ctx, random, - progress_ctx, progress); - - if (progress) - progress (progress_ctx, 'q'); + if (!dsa_generate_params (params, + random_ctx, random, + progress_ctx, progress, + p_bits, q_bits)) + return 0; - /* Generate p = 2 r q p0 + 1, such that 2^{n-1} < p < 2^n. - * - * We select r in the range i + 1 < r <= 2i, with i = floor (2^{n-2} / (p0 q). */ - - mpz_mul (p0q, p0, pub->q); - - _nettle_generate_pocklington_prime (pub->p, r, p_bits, 0, - random_ctx, random, - p0, pub->q, p0q); - - if (progress) - progress (progress_ctx, 'p'); - - mpz_mul (r, r, p0); - - for (a = 2; ; a++) - { - mpz_set_ui (pub->g, a); - mpz_powm (pub->g, pub->g, r, pub->p); - if (mpz_cmp_ui (pub->g, 1) != 0) - break; - } - - if (progress) - progress (progress_ctx, 'g'); - - mpz_set(r, pub->q); + mpz_init_set(r, pub->q); mpz_sub_ui(r, r, 2); nettle_mpz_random(key->x, random_ctx, random, r); @@ -117,8 +82,6 @@ dsa_generate_keypair(struct dsa_public_key *pub, if (progress) progress (progress_ctx, '\n'); - mpz_clear (p0); - mpz_clear (p0q); mpz_clear (r); return 1; @@ -56,6 +56,7 @@ extern "C" { #define dsa_sha1_verify_digest nettle_dsa_sha1_verify_digest #define dsa_sha256_sign_digest nettle_dsa_sha256_sign_digest #define dsa_sha256_verify_digest nettle_dsa_sha256_verify_digest +#define dsa_generate_params nettle_dsa_generate_params #define dsa_generate_keypair nettle_dsa_generate_keypair #define dsa_signature_from_sexp nettle_dsa_signature_from_sexp #define dsa_keypair_to_sexp nettle_dsa_keypair_to_sexp @@ -236,6 +237,12 @@ dsa_sha256_verify_digest(const struct dsa_public_key *key, /* Key generation */ int +dsa_generate_params(struct dsa_params *params, + void *random_ctx, nettle_random_func *random, + void *progress_ctx, nettle_progress_func *progress, + unsigned p_bits, unsigned q_bits); + +int dsa_generate_keypair(struct dsa_public_key *pub, struct dsa_private_key *key, |