Commit 77734043 authored by Niels Möller's avatar Niels Möller

* Makefile.in (hogweed_SOURCES): Added dsa-sha1-sign.c,

dsa-sha1-verify.c, dsa-sha256-sign.c, and dsa-sha256-verify.c.

* dsa.h: Updated and added dsa declarations.

* dsa-sha256-verify.c (dsa_sha256_verify_digest): New file, new
function.
(dsa_sha256_verify): New function.
* dsa-sha256-sign.c (dsa_sha256_sign_digest): New file, new
function.
(dsa_sha256_sign): New function.

* dsa-sha1-verify.c (dsa_sha1_verify_digest): New file. Moved and
renamed function, from dsa_verify_digest, rewrote to use
_dsa_verify.
(dsa_sha1_verify): Analogous change, renamed from dsa_verify.
* dsa-sha1-sign.c (dsa_sha1_sign_digest): New file. Moved and
renamed function, from dsa_sign_digest, rewrote to use _dsa_sign,
and added return value.
(dsa_sha1_sign): Analogous change, renamed from dsa_sign.

* dsa-verify.c (_dsa_verify): New general verification function,
for any hash.
* dsa-sign.c (_dsa_sign): New general signing function, for any
hash. Returns success code, like the rsa signture functions.

Rev: nettle/ChangeLog:1.71
Rev: nettle/Makefile.in:1.22
Rev: nettle/dsa-sha1-sign.c:1.1
Rev: nettle/dsa-sha1-verify.c:1.1
Rev: nettle/dsa-sha256-sign.c:1.1
Rev: nettle/dsa-sha256-verify.c:1.1
Rev: nettle/dsa-sign.c:1.3
Rev: nettle/dsa-verify.c:1.3
Rev: nettle/dsa.h:1.4
parent 553b76bb
2010-03-30 Niels Mller <nisse@lysator.liu.se>
* Makefile.in (hogweed_SOURCES): Added dsa-sha1-sign.c,
dsa-sha1-verify.c, dsa-sha256-sign.c, and dsa-sha256-verify.c.
* dsa.h: Updated and added dsa declarations.
* dsa-sha256-verify.c (dsa_sha256_verify_digest): New file, new
function.
(dsa_sha256_verify): New function.
* dsa-sha256-sign.c (dsa_sha256_sign_digest): New file, new
function.
(dsa_sha256_sign): New function.
* dsa-sha1-verify.c (dsa_sha1_verify_digest): New file. Moved and
renamed function, from dsa_verify_digest, rewrote to use
_dsa_verify.
(dsa_sha1_verify): Analogous change, renamed from dsa_verify.
* dsa-sha1-sign.c (dsa_sha1_sign_digest): New file. Moved and
renamed function, from dsa_sign_digest, rewrote to use _dsa_sign,
and added return value.
(dsa_sha1_sign): Analogous change, renamed from dsa_sign.
* dsa-verify.c (_dsa_verify): New general verification function,
for any hash.
* dsa-sign.c (_dsa_sign): New general signing function, for any
hash. Returns success code, like the rsa signture functions.
2010-03-29 Niels Mller <nisse@lysator.liu.se> 2010-03-29 Niels Mller <nisse@lysator.liu.se>
* configure.ac (ABI): Attempt to use a better, ABI-dependant, * configure.ac (ABI): Attempt to use a better, ABI-dependant,
......
...@@ -88,6 +88,8 @@ hogweed_SOURCES = sexp.c sexp-format.c \ ...@@ -88,6 +88,8 @@ hogweed_SOURCES = sexp.c sexp-format.c \
rsa-keygen.c rsa-compat.c \ rsa-keygen.c rsa-compat.c \
rsa2sexp.c sexp2rsa.c \ rsa2sexp.c sexp2rsa.c \
dsa.c dsa-sign.c dsa-verify.c dsa-keygen.c \ dsa.c dsa-sign.c dsa-verify.c dsa-keygen.c \
dsa-sha1-sign.c dsa-sha1-verify.c \
dsa-sha256-sign.c dsa-sha256-verify.c \
dsa2sexp.c sexp2dsa.c \ dsa2sexp.c sexp2dsa.c \
pgp-encode.c rsa2openpgp.c \ pgp-encode.c rsa2openpgp.c \
der-iterator.c der2rsa.c der2dsa.c der-iterator.c der2rsa.c der2dsa.c
......
/* dsa-sha1-sign.c
*
* The original DSA publickey algorithm, using SHA-1.
*/
/* nettle, low-level cryptographics library
*
* Copyright (C) 2010 Niels Mller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation; either version 2.1 of the License, or (at your
* option) any later version.
*
* The nettle library is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
* License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
* the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
* MA 02111-1307, USA.
*/
#if HAVE_CONFIG_H
# include "config.h"
#endif
#include "dsa.h"
int
dsa_sha1_sign_digest(const struct dsa_public_key *pub,
const struct dsa_private_key *key,
void *random_ctx, nettle_random_func random,
const uint8_t *digest,
struct dsa_signature *signature)
{
return _dsa_sign(pub, key, random_ctx, random,
SHA1_DIGEST_SIZE, digest, signature);
}
int
dsa_sha1_sign(const struct dsa_public_key *pub,
const struct dsa_private_key *key,
void *random_ctx, nettle_random_func random,
struct sha1_ctx *hash,
struct dsa_signature *signature)
{
uint8_t digest[SHA1_DIGEST_SIZE];
sha1_digest(hash, sizeof(digest), digest);
return _dsa_sign(pub, key, random_ctx, random,
sizeof(digest), digest, signature);
}
/* dsa-sha1-verify.c
*
* The original DSA publickey algorithm, using SHA-1.
*/
/* nettle, low-level cryptographics library
*
* Copyright (C) 2002, 2003, 2010 Niels Mller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation; either version 2.1 of the License, or (at your
* option) any later version.
*
* The nettle library is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
* License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
* the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
* MA 02111-1307, USA.
*/
#if HAVE_CONFIG_H
# include "config.h"
#endif
#include <stdlib.h>
#include "dsa.h"
int
dsa_sha1_verify_digest(const struct dsa_public_key *key,
const uint8_t *digest,
const struct dsa_signature *signature)
{
return _dsa_verify(key, SHA1_DIGEST_SIZE, digest, signature);
}
int
dsa_sha1_verify(const struct dsa_public_key *key,
struct sha1_ctx *hash,
const struct dsa_signature *signature)
{
uint8_t digest[SHA1_DIGEST_SIZE];
sha1_digest(hash, sizeof(digest), digest);
return _dsa_verify(key, sizeof(digest), digest, signature);
}
/* dsa-sha256-sign.c
*
* The DSA publickey algorithm, using SHA-256 (FIPS186-3).
*/
/* nettle, low-level cryptographics library
*
* Copyright (C) 2010 Niels Mller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation; either version 2.1 of the License, or (at your
* option) any later version.
*
* The nettle library is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
* License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
* the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
* MA 02111-1307, USA.
*/
#if HAVE_CONFIG_H
# include "config.h"
#endif
#include "dsa.h"
int
dsa_sha256_sign_digest(const struct dsa_public_key *pub,
const struct dsa_private_key *key,
void *random_ctx, nettle_random_func random,
const uint8_t *digest,
struct dsa_signature *signature)
{
return _dsa_sign(pub, key, random_ctx, random,
SHA256_DIGEST_SIZE, digest, signature);
}
int
dsa_sha256_sign(const struct dsa_public_key *pub,
const struct dsa_private_key *key,
void *random_ctx, nettle_random_func random,
struct sha256_ctx *hash,
struct dsa_signature *signature)
{
uint8_t digest[SHA256_DIGEST_SIZE];
sha256_digest(hash, sizeof(digest), digest);
return _dsa_sign(pub, key, random_ctx, random,
sizeof(digest), digest, signature);
}
/* dsa-sha256-verify.c
*
* The DSA publickey algorithm, using SHA-256 (FIPS186-3).
*/
/* nettle, low-level cryptographics library
*
* Copyright (C) 2010 Niels Mller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation; either version 2.1 of the License, or (at your
* option) any later version.
*
* The nettle library is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
* License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
* the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
* MA 02111-1307, USA.
*/
#if HAVE_CONFIG_H
# include "config.h"
#endif
#include <stdlib.h>
#include "dsa.h"
int
dsa_sha256_verify_digest(const struct dsa_public_key *key,
const uint8_t *digest,
const struct dsa_signature *signature)
{
return _dsa_verify(key, SHA256_DIGEST_SIZE, digest, signature);
}
int
dsa_sha256_verify(const struct dsa_public_key *key,
struct sha256_ctx *hash,
const struct dsa_signature *signature)
{
uint8_t digest[SHA256_DIGEST_SIZE];
sha256_digest(hash, sizeof(digest), digest);
return _dsa_verify(key, sizeof(digest), digest, signature);
}
...@@ -5,7 +5,7 @@ ...@@ -5,7 +5,7 @@
/* nettle, low-level cryptographics library /* nettle, low-level cryptographics library
* *
* Copyright (C) 2002 Niels Mller * Copyright (C) 2002, 2010 Niels Mller
* *
* The nettle library is free software; you can redistribute it and/or modify * The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by * it under the terms of the GNU Lesser General Public License as published by
...@@ -27,6 +27,7 @@ ...@@ -27,6 +27,7 @@
# include "config.h" # include "config.h"
#endif #endif
#include <assert.h>
#include <stdlib.h> #include <stdlib.h>
#include "dsa.h" #include "dsa.h"
...@@ -34,17 +35,25 @@ ...@@ -34,17 +35,25 @@
#include "bignum.h" #include "bignum.h"
void int
dsa_sign_digest(const struct dsa_public_key *pub, _dsa_sign(const struct dsa_public_key *pub,
const struct dsa_private_key *key, const struct dsa_private_key *key,
void *random_ctx, nettle_random_func random, void *random_ctx, nettle_random_func random,
const uint8_t *digest, unsigned digest_size,
struct dsa_signature *signature) const uint8_t *digest,
struct dsa_signature *signature)
{ {
mpz_t k; mpz_t k;
mpz_t h; mpz_t h;
mpz_t tmp; mpz_t tmp;
/* Require precise match of bitsize of q and hash size. The general
description of DSA in FIPS186-3 allows both larger and smaller q;
in the the latter case, the hash must be truncated to the right
number of bits. */
if (mpz_sizeinbase(pub->q, 2) != 8 * digest_size)
return 0;
/* Select k, 0<k<q, randomly */ /* Select k, 0<k<q, randomly */
mpz_init_set(tmp, pub->q); mpz_init_set(tmp, pub->q);
mpz_sub_ui(tmp, tmp, 1); mpz_sub_ui(tmp, tmp, 1);
...@@ -59,12 +68,12 @@ dsa_sign_digest(const struct dsa_public_key *pub, ...@@ -59,12 +68,12 @@ dsa_sign_digest(const struct dsa_public_key *pub,
/* Compute hash */ /* Compute hash */
mpz_init(h); mpz_init(h);
nettle_mpz_set_str_256_u(h, SHA1_DIGEST_SIZE, digest); nettle_mpz_set_str_256_u(h, digest_size, digest);
/* Compute k^-1 (mod q) */ /* Compute k^-1 (mod q) */
if (!mpz_invert(k, k, pub->q)) if (!mpz_invert(k, k, pub->q))
/* What do we do now? The key is invalid. */ /* What do we do now? The key is invalid. */
abort(); return 0;
/* Compute signature s = k^-1 (h + xr) (mod q) */ /* Compute signature s = k^-1 (h + xr) (mod q) */
mpz_mul(tmp, signature->r, key->x); mpz_mul(tmp, signature->r, key->x);
...@@ -76,18 +85,6 @@ dsa_sign_digest(const struct dsa_public_key *pub, ...@@ -76,18 +85,6 @@ dsa_sign_digest(const struct dsa_public_key *pub,
mpz_clear(k); mpz_clear(k);
mpz_clear(h); mpz_clear(h);
mpz_clear(tmp); mpz_clear(tmp);
}
void
dsa_sign(const struct dsa_public_key *pub,
const struct dsa_private_key *key,
void *random_ctx, nettle_random_func random,
struct sha1_ctx *hash,
struct dsa_signature *signature)
{
uint8_t digest[SHA1_DIGEST_SIZE];
sha1_digest(hash, sizeof(digest), digest);
dsa_sign_digest(pub, key, random_ctx, random, return 1;
digest, signature);
} }
...@@ -34,16 +34,20 @@ ...@@ -34,16 +34,20 @@
#include "bignum.h" #include "bignum.h"
int int
dsa_verify_digest(const struct dsa_public_key *key, _dsa_verify(const struct dsa_public_key *key,
const uint8_t *digest, unsigned digest_size,
const struct dsa_signature *signature) const uint8_t *digest,
const struct dsa_signature *signature)
{ {
mpz_t w; mpz_t w;
mpz_t tmp; mpz_t tmp;
mpz_t v; mpz_t v;
int res; int res;
if (mpz_sizeinbase(key->q, 2) != 8 * digest_size)
return 0;
/* Check that r and s are in the proper range */ /* Check that r and s are in the proper range */
if (mpz_sgn(signature->r) <= 0 || mpz_cmp(signature->r, key->q) >= 0) if (mpz_sgn(signature->r) <= 0 || mpz_cmp(signature->r, key->q) >= 0)
return 0; return 0;
...@@ -67,7 +71,7 @@ dsa_verify_digest(const struct dsa_public_key *key, ...@@ -67,7 +71,7 @@ dsa_verify_digest(const struct dsa_public_key *key,
mpz_init(v); mpz_init(v);
/* The message digest */ /* The message digest */
nettle_mpz_set_str_256_u(tmp, SHA1_DIGEST_SIZE, digest); nettle_mpz_set_str_256_u(tmp, digest_size, digest);
/* v = g^{w * h (mod q)} (mod p) */ /* v = g^{w * h (mod q)} (mod p) */
mpz_mul(tmp, tmp, w); mpz_mul(tmp, tmp, w);
...@@ -95,14 +99,3 @@ dsa_verify_digest(const struct dsa_public_key *key, ...@@ -95,14 +99,3 @@ dsa_verify_digest(const struct dsa_public_key *key,
return res; return res;
} }
int
dsa_verify(const struct dsa_public_key *key,
struct sha1_ctx *hash,
const struct dsa_signature *signature)
{
uint8_t digest[SHA1_DIGEST_SIZE];
sha1_digest(hash, sizeof(digest), digest);
return dsa_verify_digest(key, digest, signature);
}
...@@ -46,10 +46,14 @@ extern "C" { ...@@ -46,10 +46,14 @@ extern "C" {
#define dsa_private_key_clear nettle_dsa_private_key_clear #define dsa_private_key_clear nettle_dsa_private_key_clear
#define dsa_signature_init nettle_dsa_signature_init #define dsa_signature_init nettle_dsa_signature_init
#define dsa_signature_clear nettle_dsa_signature_clear #define dsa_signature_clear nettle_dsa_signature_clear
#define dsa_sign nettle_dsa_sign #define dsa_sha1_sign nettle_dsa_sha1_sign
#define dsa_verify nettle_dsa_verify #define dsa_sha1_verify nettle_dsa_sha1_verify
#define dsa_sign_digest nettle_dsa_sign_digest #define dsa_sha256_sign nettle_dsa_sha256_sign
#define dsa_verify_digest nettle_dsa_verify_digest #define dsa_sha256_verify nettle_dsa_sha256_verify
#define dsa_sha1_sign_digest nettle_dsa_sha1_sign_digest
#define dsa_sha1_verify_digest nettle_dsa_sha1_verify_digest
#define dsa_sha256_sign_digest nettle_dsa_sha256_sign_digest
#define dsa_sha256_verify_digest nettle_dsa_sha256_verify_digest
#define dsa_generate_keypair nettle_dsa_generate_keypair #define dsa_generate_keypair nettle_dsa_generate_keypair
#define dsa_signature_from_sexp nettle_dsa_signature_from_sexp #define dsa_signature_from_sexp nettle_dsa_signature_from_sexp
#define dsa_keypair_to_sexp nettle_dsa_keypair_to_sexp #define dsa_keypair_to_sexp nettle_dsa_keypair_to_sexp
...@@ -59,6 +63,8 @@ extern "C" { ...@@ -59,6 +63,8 @@ extern "C" {
#define dsa_public_key_from_der_iterator nettle_dsa_public_key_from_der_iterator #define dsa_public_key_from_der_iterator nettle_dsa_public_key_from_der_iterator
#define dsa_openssl_private_key_from_der_iterator nettle_dsa_openssl_private_key_from_der_iterator #define dsa_openssl_private_key_from_der_iterator nettle_dsa_openssl_private_key_from_der_iterator
#define dsa_openssl_private_key_from_der nettle_openssl_provate_key_from_der #define dsa_openssl_private_key_from_der nettle_openssl_provate_key_from_der
#define _dsa_sign _nettle_dsa_sign
#define _dsa_verify _nettle_dsa_verify
#define DSA_MIN_P_BITS 512 #define DSA_MIN_P_BITS 512
#define DSA_Q_OCTETS 20 #define DSA_Q_OCTETS 20
...@@ -138,31 +144,53 @@ void ...@@ -138,31 +144,53 @@ void
dsa_signature_clear(struct dsa_signature *signature); dsa_signature_clear(struct dsa_signature *signature);
void
dsa_sign(const struct dsa_public_key *pub,
const struct dsa_private_key *key,
void *random_ctx, nettle_random_func random,
struct sha1_ctx *hash,
struct dsa_signature *signature);
int int
dsa_verify(const struct dsa_public_key *key, dsa_sha1_sign(const struct dsa_public_key *pub,
struct sha1_ctx *hash, const struct dsa_private_key *key,
const struct dsa_signature *signature); void *random_ctx, nettle_random_func random,
struct sha1_ctx *hash,
struct dsa_signature *signature);
void int
dsa_sign_digest(const struct dsa_public_key *pub, dsa_sha256_sign(const struct dsa_public_key *pub,
const struct dsa_private_key *key, const struct dsa_private_key *key,
void *random_ctx, nettle_random_func random, void *random_ctx, nettle_random_func random,
const uint8_t *digest, struct sha256_ctx *hash,
struct dsa_signature *signature); struct dsa_signature *signature);
int int
dsa_verify_digest(const struct dsa_public_key *key, dsa_sha1_verify(const struct dsa_public_key *key,
const uint8_t *digest, struct sha1_ctx *hash,
const struct dsa_signature *signature);
int
dsa_sha256_verify(const struct dsa_public_key *key,
struct sha256_ctx *hash,
const struct dsa_signature *signature); const struct dsa_signature *signature);
int
dsa_sha1_sign_digest(const struct dsa_public_key *pub,
const struct dsa_private_key *key,
void *random_ctx, nettle_random_func random,
const uint8_t *digest,
struct dsa_signature *signature);
int
dsa_sha256_sign_digest(const struct dsa_public_key *pub,
const struct dsa_private_key *key,
void *random_ctx, nettle_random_func random,
const uint8_t *digest,
struct dsa_signature *signature);
int
dsa_sha1_verify_digest(const struct dsa_public_key *key,
const uint8_t *digest,
const struct dsa_signature *signature);
int
dsa_sha256_verify_digest(const struct dsa_public_key *key,
const uint8_t *digest,
const struct dsa_signature *signature);
/* Key generation */ /* Key generation */
int int
...@@ -235,6 +263,21 @@ dsa_openssl_private_key_from_der(struct dsa_public_key *pub, ...@@ -235,6 +263,21 @@ dsa_openssl_private_key_from_der(struct dsa_public_key *pub,
unsigned length, const uint8_t *data); unsigned length, const uint8_t *data);
/* Internal functions. */
int
_dsa_sign(const struct dsa_public_key *pub,
const struct dsa_private_key *key,
void *random_ctx, nettle_random_func random,
unsigned digest_size,
const uint8_t *digest,
struct dsa_signature *signature);
int
_dsa_verify(const struct dsa_public_key *key,
unsigned digest_size,
const uint8_t *digest,
const struct dsa_signature *signature);
#ifdef __cplusplus #ifdef __cplusplus
} }
#endif #endif
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment