diff options
| -rw-r--r-- | ChangeLog | 9 | ||||
| -rw-r--r-- | Makefile.in | 5 | ||||
| -rw-r--r-- | dsa-compat.c | 58 | ||||
| -rw-r--r-- | dsa-compat.h | 176 | ||||
| -rw-r--r-- | dsa-keygen.c | 2 | ||||
| -rw-r--r-- | dsa-sha1-sign.c | 2 | ||||
| -rw-r--r-- | dsa-sha1-verify.c | 2 | ||||
| -rw-r--r-- | dsa-sha256-sign.c | 2 | ||||
| -rw-r--r-- | dsa-sha256-verify.c | 2 | ||||
| -rw-r--r-- | dsa.c | 30 | ||||
| -rw-r--r-- | dsa.h | 136 | ||||
| -rw-r--r-- | testsuite/testutils.h | 2 |
12 files changed, 255 insertions, 171 deletions
@@ -1,5 +1,14 @@ 2014-03-27 Niels Möller <nisse@lysator.liu.se> + * dsa-compat.c (dsa_public_key_init, dsa_public_key_clear) + (dsa_private_key_init, dsa_private_key_clear): : Move deprecated + DSA functions to a separate file... + * dsa.c: ...from here. + * dsa-compat.h: New file, declaring deprecated DSA interface. + Include in corresponding C files. + * Makefile.in (hogweed_SOURCES): Add dsa-compat.c. + (HEADERS): Add dsa-compat.h. + * dsa-gen-params.c (dsa_generate_params): New file and function, extracted from DSA key generation. * dsa-keygen.c (dsa_generate_keypair): Use dsa_generate_params. diff --git a/Makefile.in b/Makefile.in index 0faae075..fe9936b0 100644 --- a/Makefile.in +++ b/Makefile.in @@ -148,7 +148,7 @@ hogweed_SOURCES = sexp.c sexp-format.c \ rsa-encrypt.c rsa-decrypt.c rsa-decrypt-tr.c \ rsa-keygen.c rsa-compat.c rsa-blind.c \ rsa2sexp.c sexp2rsa.c \ - dsa.c dsa-gen-params.c \ + dsa.c dsa-compat.c dsa-gen-params.c \ dsa-sign.c dsa-verify.c dsa-keygen.c dsa-hash.c \ dsa-sha1-sign.c dsa-sha1-verify.c \ dsa-sha256-sign.c dsa-sha256-verify.c \ @@ -170,7 +170,8 @@ hogweed_SOURCES = sexp.c sexp-format.c \ HEADERS = aes.h arcfour.h arctwo.h asn1.h bignum.h blowfish.h \ base16.h base64.h buffer.h camellia.h cast128.h \ cbc.h ccm.h chacha.h chacha-poly1305.h ctr.h \ - des.h des-compat.h dsa.h eax.h ecc-curve.h ecc.h ecdsa.h \ + des.h des-compat.h dsa.h dsa-compat.h eax.h \ + ecc-curve.h ecc.h ecdsa.h \ gcm.h gosthash94.h hmac.h \ knuth-lfib.h \ macros.h \ diff --git a/dsa-compat.c b/dsa-compat.c new file mode 100644 index 00000000..35e309e2 --- /dev/null +++ b/dsa-compat.c @@ -0,0 +1,58 @@ +/* dsa-compat.c + * + * The DSA publickey algorithm, old interface. + */ + + +/* nettle, low-level cryptographics library + * + * Copyright (C) 2002 Niels Möller + * + * The nettle library is free software; you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation; either version 2.1 of the License, or (at your + * option) any later version. + * + * The nettle library is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public + * License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with the nettle library; see the file COPYING.LIB. If not, write to + * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, + * MA 02111-1301, USA. + */ + +#if HAVE_CONFIG_H +# include "config.h" +#endif + +#include "dsa-compat.h" + +void +dsa_public_key_init(struct dsa_public_key *key) +{ + dsa_params_init ((struct dsa_params *) key); + mpz_init(key->y); +} + +void +dsa_public_key_clear(struct dsa_public_key *key) +{ + dsa_params_clear ((struct dsa_params *) key); + mpz_clear(key->y); +} + + +void +dsa_private_key_init(struct dsa_private_key *key) +{ + mpz_init(key->x); +} + +void +dsa_private_key_clear(struct dsa_private_key *key) +{ + mpz_clear(key->x); +} diff --git a/dsa-compat.h b/dsa-compat.h new file mode 100644 index 00000000..427c15d8 --- /dev/null +++ b/dsa-compat.h @@ -0,0 +1,176 @@ +/* dsa-compat.h + * + * Old DSA publickey interface. + */ + +/* nettle, low-level cryptographics library + * + * Copyright (C) 2002, 2013, 2014 Niels Möller + * + * The nettle library is free software; you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation; either version 2.1 of the License, or (at your + * option) any later version. + * + * The nettle library is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public + * License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with the nettle library; see the file COPYING.LIB. If not, write to + * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, + * MA 02111-1301, USA. + */ + +#ifndef NETTLE_DSA_COMPAT_H_INCLUDED +#define NETTLE_DSA_COMPAT_H_INCLUDED + +#include "dsa.h" + +#include "sha1.h" +#include "sha2.h" + +/* Name mangling */ +#define dsa_public_key_init nettle_dsa_public_key_init +#define dsa_public_key_clear nettle_dsa_public_key_clear +#define dsa_private_key_init nettle_dsa_private_key_init +#define dsa_private_key_clear nettle_dsa_private_key_clear +#define dsa_sha1_sign nettle_dsa_sha1_sign +#define dsa_sha1_verify nettle_dsa_sha1_verify +#define dsa_sha256_sign nettle_dsa_sha256_sign +#define dsa_sha256_verify nettle_dsa_sha256_verify +#define dsa_sha1_sign_digest nettle_dsa_sha1_sign_digest +#define dsa_sha1_verify_digest nettle_dsa_sha1_verify_digest +#define dsa_sha256_sign_digest nettle_dsa_sha256_sign_digest +#define dsa_sha256_verify_digest nettle_dsa_sha256_verify_digest +#define dsa_compat_generate_keypair nettle_dsa_compat_generate_keypair + +/* Switch meaning of dsa_generate_keypair */ +#undef dsa_generate_keypair +#define dsa_generate_keypair nettle_dsa_compat_generate_keypair +#define dsa_generate_keypair_new nettle_dsa_generate_keypair + +#ifdef __cplusplus +extern "C" { +#endif + +struct dsa_public_key +{ + /* Same as struct dsa_params, but can't use that struct here without + breaking backwards compatibility. Layout must be identical, since + this is cast to a struct dsa_param pointer for calling _dsa_sign + and _dsa_verify */ + mpz_t p; + mpz_t q; + mpz_t g; + + /* Public value */ + mpz_t y; +}; + +struct dsa_private_key +{ + /* Unlike an rsa public key, private key operations will need both + * the private and the public information. */ + mpz_t x; +}; + +/* Signing a message works as follows: + * + * Store the private key in a dsa_private_key struct. + * + * Initialize a hashing context, by callling + * sha1_init + * + * Hash the message by calling + * sha1_update + * + * Create the signature by calling + * dsa_sha1_sign + * + * The signature is represented as a struct dsa_signature. This call also + * resets the hashing context. + * + * When done with the key and signature, don't forget to call + * dsa_signature_clear. + */ + +/* Calls mpz_init to initialize bignum storage. */ +void +dsa_public_key_init(struct dsa_public_key *key); + +/* Calls mpz_clear to deallocate bignum storage. */ +void +dsa_public_key_clear(struct dsa_public_key *key); + + +/* Calls mpz_init to initialize bignum storage. */ +void +dsa_private_key_init(struct dsa_private_key *key); + +/* Calls mpz_clear to deallocate bignum storage. */ +void +dsa_private_key_clear(struct dsa_private_key *key); + +int +dsa_sha1_sign(const struct dsa_public_key *pub, + const struct dsa_private_key *key, + void *random_ctx, nettle_random_func *random, + struct sha1_ctx *hash, + struct dsa_signature *signature); + +int +dsa_sha256_sign(const struct dsa_public_key *pub, + const struct dsa_private_key *key, + void *random_ctx, nettle_random_func *random, + struct sha256_ctx *hash, + struct dsa_signature *signature); + +int +dsa_sha1_verify(const struct dsa_public_key *key, + struct sha1_ctx *hash, + const struct dsa_signature *signature); + +int +dsa_sha256_verify(const struct dsa_public_key *key, + struct sha256_ctx *hash, + const struct dsa_signature *signature); + +int +dsa_sha1_sign_digest(const struct dsa_public_key *pub, + const struct dsa_private_key *key, + void *random_ctx, nettle_random_func *random, + const uint8_t *digest, + struct dsa_signature *signature); +int +dsa_sha256_sign_digest(const struct dsa_public_key *pub, + const struct dsa_private_key *key, + void *random_ctx, nettle_random_func *random, + const uint8_t *digest, + struct dsa_signature *signature); + +int +dsa_sha1_verify_digest(const struct dsa_public_key *key, + const uint8_t *digest, + const struct dsa_signature *signature); + +int +dsa_sha256_verify_digest(const struct dsa_public_key *key, + const uint8_t *digest, + const struct dsa_signature *signature); + +/* Key generation */ +int +dsa_generate_keypair(struct dsa_public_key *pub, + struct dsa_private_key *key, + + void *random_ctx, nettle_random_func *random, + void *progress_ctx, nettle_progress_func *progress, + unsigned p_bits, unsigned q_bits); + +#ifdef __cplusplus +} +#endif + +#endif /* NETTLE_DSA_COMPAT_H_INCLUDED */ diff --git a/dsa-keygen.c b/dsa-keygen.c index 36339fd9..794810dd 100644 --- a/dsa-keygen.c +++ b/dsa-keygen.c @@ -30,7 +30,7 @@ #include <assert.h> #include <stdlib.h> -#include "dsa.h" +#include "dsa-compat.h" #include "bignum.h" diff --git a/dsa-sha1-sign.c b/dsa-sha1-sign.c index f2c8959e..7b831d07 100644 --- a/dsa-sha1-sign.c +++ b/dsa-sha1-sign.c @@ -27,7 +27,7 @@ # include "config.h" #endif -#include "dsa.h" +#include "dsa-compat.h" int dsa_sha1_sign_digest(const struct dsa_public_key *pub, diff --git a/dsa-sha1-verify.c b/dsa-sha1-verify.c index 4cc2931a..44046a54 100644 --- a/dsa-sha1-verify.c +++ b/dsa-sha1-verify.c @@ -27,7 +27,7 @@ # include "config.h" #endif -#include "dsa.h" +#include "dsa-compat.h" int dsa_sha1_verify_digest(const struct dsa_public_key *key, diff --git a/dsa-sha256-sign.c b/dsa-sha256-sign.c index 1bb7cb82..cb187fcf 100644 --- a/dsa-sha256-sign.c +++ b/dsa-sha256-sign.c @@ -27,7 +27,7 @@ # include "config.h" #endif -#include "dsa.h" +#include "dsa-compat.h" int dsa_sha256_sign_digest(const struct dsa_public_key *pub, diff --git a/dsa-sha256-verify.c b/dsa-sha256-verify.c index 7823d44d..a9c64cde 100644 --- a/dsa-sha256-verify.c +++ b/dsa-sha256-verify.c @@ -27,7 +27,7 @@ # include "config.h" #endif -#include "dsa.h" +#include "dsa-compat.h" int dsa_sha256_verify_digest(const struct dsa_public_key *key, @@ -1,4 +1,4 @@ -/* dsa.h +/* dsa.c * * The DSA publickey algorithm. */ @@ -48,34 +48,6 @@ dsa_params_clear (struct dsa_params *params) } void -dsa_public_key_init(struct dsa_public_key *key) -{ - dsa_params_init ((struct dsa_params *) key); - mpz_init(key->y); -} - -void -dsa_public_key_clear(struct dsa_public_key *key) -{ - dsa_params_clear ((struct dsa_params *) key); - mpz_clear(key->y); -} - - -void -dsa_private_key_init(struct dsa_private_key *key) -{ - mpz_init(key->x); -} - -void -dsa_private_key_clear(struct dsa_private_key *key) -{ - mpz_clear(key->x); -} - - -void dsa_signature_init(struct dsa_signature *signature) { mpz_init(signature->r); @@ -30,9 +30,6 @@ #include "nettle-types.h" -#include "sha1.h" -#include "sha2.h" - #ifdef __cplusplus extern "C" { #endif @@ -40,22 +37,10 @@ extern "C" { /* Name mangling */ #define dsa_params_init nettle_dsa_params_init #define dsa_params_clear nettle_dsa_params_clear -#define dsa_public_key_init nettle_dsa_public_key_init -#define dsa_public_key_clear nettle_dsa_public_key_clear -#define dsa_private_key_init nettle_dsa_private_key_init -#define dsa_private_key_clear nettle_dsa_private_key_clear #define dsa_signature_init nettle_dsa_signature_init #define dsa_signature_clear nettle_dsa_signature_clear -#define dsa_sha1_sign nettle_dsa_sha1_sign -#define dsa_sha1_verify nettle_dsa_sha1_verify -#define dsa_sha256_sign nettle_dsa_sha256_sign -#define dsa_sha256_verify nettle_dsa_sha256_verify #define dsa_sign nettle_dsa_sign #define dsa_verify nettle_dsa_verify -#define dsa_sha1_sign_digest nettle_dsa_sha1_sign_digest -#define dsa_sha1_verify_digest nettle_dsa_sha1_verify_digest -#define dsa_sha256_sign_digest nettle_dsa_sha256_sign_digest -#define dsa_sha256_verify_digest nettle_dsa_sha256_verify_digest #define dsa_generate_params nettle_dsa_generate_params #define dsa_generate_keypair nettle_dsa_generate_keypair #define dsa_signature_from_sexp nettle_dsa_signature_from_sexp @@ -96,71 +81,12 @@ dsa_params_init (struct dsa_params *params); void dsa_params_clear (struct dsa_params *params); -struct dsa_public_key -{ - /* Modulo */ - mpz_t p; - - /* Group order */ - mpz_t q; - - /* Generator */ - mpz_t g; - - /* Public value */ - mpz_t y; -}; - -struct dsa_private_key -{ - /* Unlike an rsa public key, private key operations will need both - * the private and the public information. */ - mpz_t x; -}; - struct dsa_signature { mpz_t r; mpz_t s; }; -/* Signing a message works as follows: - * - * Store the private key in a dsa_private_key struct. - * - * Initialize a hashing context, by callling - * sha1_init - * - * Hash the message by calling - * sha1_update - * - * Create the signature by calling - * dsa_sha1_sign - * - * The signature is represented as a struct dsa_signature. This call also - * resets the hashing context. - * - * When done with the key and signature, don't forget to call - * dsa_signature_clear. - */ - -/* Calls mpz_init to initialize bignum storage. */ -void -dsa_public_key_init(struct dsa_public_key *key); - -/* Calls mpz_clear to deallocate bignum storage. */ -void -dsa_public_key_clear(struct dsa_public_key *key); - - -/* Calls mpz_init to initialize bignum storage. */ -void -dsa_private_key_init(struct dsa_private_key *key); - -/* Calls mpz_clear to deallocate bignum storage. */ -void -dsa_private_key_clear(struct dsa_private_key *key); - /* Calls mpz_init to initialize bignum storage. */ void dsa_signature_init(struct dsa_signature *signature); @@ -169,31 +95,6 @@ dsa_signature_init(struct dsa_signature *signature); void dsa_signature_clear(struct dsa_signature *signature); - -int -dsa_sha1_sign(const struct dsa_public_key *pub, - const struct dsa_private_key *key, - void *random_ctx, nettle_random_func *random, - struct sha1_ctx *hash, - struct dsa_signature *signature); - -int -dsa_sha256_sign(const struct dsa_public_key *pub, - const struct dsa_private_key *key, - void *random_ctx, nettle_random_func *random, - struct sha256_ctx *hash, - struct dsa_signature *signature); - -int -dsa_sha1_verify(const struct dsa_public_key *key, - struct sha1_ctx *hash, - const struct dsa_signature *signature); - -int -dsa_sha256_verify(const struct dsa_public_key *key, - struct sha256_ctx *hash, - const struct dsa_signature *signature); - int dsa_sign(const struct dsa_params *params, const mpz_t x, @@ -209,30 +110,6 @@ dsa_verify(const struct dsa_params *params, const uint8_t *digest, const struct dsa_signature *signature); -/* Maybe obsolete these functions? One can just as well call dsa_sign - and dsa_verify directly, all that matters is the digest size. */ -int -dsa_sha1_sign_digest(const struct dsa_public_key *pub, - const struct dsa_private_key *key, - void *random_ctx, nettle_random_func *random, - const uint8_t *digest, - struct dsa_signature *signature); -int -dsa_sha256_sign_digest(const struct dsa_public_key *pub, - const struct dsa_private_key *key, - void *random_ctx, nettle_random_func *random, - const uint8_t *digest, - struct dsa_signature *signature); - -int -dsa_sha1_verify_digest(const struct dsa_public_key *key, - const uint8_t *digest, - const struct dsa_signature *signature); - -int -dsa_sha256_verify_digest(const struct dsa_public_key *key, - const uint8_t *digest, - const struct dsa_signature *signature); /* Key generation */ @@ -242,15 +119,6 @@ dsa_generate_params(struct dsa_params *params, void *progress_ctx, nettle_progress_func *progress, unsigned p_bits, unsigned q_bits); -int -dsa_generate_keypair(struct dsa_public_key *pub, - struct dsa_private_key *key, - - void *random_ctx, nettle_random_func *random, - - void *progress_ctx, nettle_progress_func *progress, - unsigned p_bits, unsigned q_bits); - /* Keys in sexp form. */ struct nettle_buffer; @@ -302,7 +170,7 @@ struct asn1_der_iterator; int dsa_params_from_der_iterator(struct dsa_params *params, unsigned max_bits, unsigned q_bits, - struct asn1_der_iterator *i); + struct asn1_der_iterator *i); int dsa_public_key_from_der_iterator(const struct dsa_params *params, @@ -320,7 +188,7 @@ int dsa_openssl_private_key_from_der(struct dsa_params *params, mpz_t pub, mpz_t priv, - unsigned p_max_bits, + unsigned p_max_bits, size_t length, const uint8_t *data); diff --git a/testsuite/testutils.h b/testsuite/testutils.h index cc27ac8f..7b079833 100644 --- a/testsuite/testutils.h +++ b/testsuite/testutils.h @@ -18,7 +18,7 @@ #if WITH_HOGWEED # include "rsa.h" -# include "dsa.h" +# include "dsa-compat.h" # include "ecc-curve.h" # include "ecc.h" # include "ecc-internal.h" |