Commit 71f5756f authored by Niels Möller's avatar Niels Möller

Update for nettle-3.

parent 70434af4
2016-02-06 Niels Möller <nisse@lysator.liu.se>
Nettle-3 update.
* lsh_string.h: nettle_crypt_func --> nettle_cipher_func.
* src/crypto.c: nettle_crypt_func --> nettle_cipher_func.
(make_cast128_cbc_instance): No key_size argument to
cast128_set_key.
* src/dsa.c: Update to new DSA interface.
* src/lsh-keygen.c (dsa_sha1_generate_key)
(dsa_sha256_generate_key): Update to new DSA interface.
* src/dummy.c: unsigned --> size_t.
* src/randomness.h: unsigned --> size_t.
* src/unix_random.c: unsigned --> size_t.
* src/testsuite/testutils.c: unsigned --> size_t.
* src/lsh_string.c: unsigned --> size_t, nettle_crypt_func -->
nettle_cipher_func,
2014-10-06 Niels Möller <nisse@lysator.liu.se> 2014-10-06 Niels Möller <nisse@lysator.liu.se>
* src/testsuite/tcpconnect.c (main): Ignore ECONNRESET failure of * src/testsuite/tcpconnect.c (main): Ignore ECONNRESET failure of
......
...@@ -119,7 +119,7 @@ do_aes_cbc_encrypt(struct crypto_instance *s, ...@@ -119,7 +119,7 @@ do_aes_cbc_encrypt(struct crypto_instance *s,
lsh_string_cbc_encrypt(dst, di, src, si, length, lsh_string_cbc_encrypt(dst, di, src, si, length,
AES_BLOCK_SIZE, self->ctx.iv, AES_BLOCK_SIZE, self->ctx.iv,
(nettle_crypt_func *) aes_encrypt, (nettle_cipher_func *) aes_encrypt,
&self->ctx.ctx); &self->ctx.ctx);
} }
...@@ -133,7 +133,7 @@ do_aes_cbc_decrypt(struct crypto_instance *s, ...@@ -133,7 +133,7 @@ do_aes_cbc_decrypt(struct crypto_instance *s,
lsh_string_cbc_decrypt(dst, di, src, si, length, lsh_string_cbc_decrypt(dst, di, src, si, length,
AES_BLOCK_SIZE, self->ctx.iv, AES_BLOCK_SIZE, self->ctx.iv,
(nettle_crypt_func *) aes_decrypt, (nettle_cipher_func *) aes_decrypt,
&self->ctx.ctx); &self->ctx.ctx);
} }
...@@ -185,7 +185,7 @@ do_aes_ctr_crypt(struct crypto_instance *s, ...@@ -185,7 +185,7 @@ do_aes_ctr_crypt(struct crypto_instance *s,
lsh_string_ctr_crypt(dst, di, src, si, length, lsh_string_ctr_crypt(dst, di, src, si, length,
AES_BLOCK_SIZE, self->ctx.ctr, AES_BLOCK_SIZE, self->ctx.ctr,
(nettle_crypt_func *) aes_encrypt, (nettle_cipher_func *) aes_encrypt,
&self->ctx.ctx); &self->ctx.ctx);
} }
...@@ -230,7 +230,7 @@ do_des3_encrypt(struct crypto_instance *s, ...@@ -230,7 +230,7 @@ do_des3_encrypt(struct crypto_instance *s,
lsh_string_cbc_encrypt(dst, di, src, si, length, lsh_string_cbc_encrypt(dst, di, src, si, length,
DES3_BLOCK_SIZE, self->ctx.iv, DES3_BLOCK_SIZE, self->ctx.iv,
(nettle_crypt_func *) des3_encrypt, (nettle_cipher_func *) des3_encrypt,
&self->ctx.ctx); &self->ctx.ctx);
} }
...@@ -244,7 +244,7 @@ do_des3_decrypt(struct crypto_instance *s, ...@@ -244,7 +244,7 @@ do_des3_decrypt(struct crypto_instance *s,
lsh_string_cbc_decrypt(dst, di, src, si, length, lsh_string_cbc_decrypt(dst, di, src, si, length,
DES3_BLOCK_SIZE, self->ctx.iv, DES3_BLOCK_SIZE, self->ctx.iv,
(nettle_crypt_func *) des3_decrypt, (nettle_cipher_func *) des3_decrypt,
&self->ctx.ctx); &self->ctx.ctx);
} }
...@@ -294,7 +294,7 @@ do_des3_ctr_crypt(struct crypto_instance *s, ...@@ -294,7 +294,7 @@ do_des3_ctr_crypt(struct crypto_instance *s,
lsh_string_ctr_crypt(dst, di, src, si, length, lsh_string_ctr_crypt(dst, di, src, si, length,
DES3_BLOCK_SIZE, self->ctx.ctr, DES3_BLOCK_SIZE, self->ctx.ctr,
(nettle_crypt_func *) des3_encrypt, (nettle_cipher_func *) des3_encrypt,
&self->ctx.ctx); &self->ctx.ctx);
} }
...@@ -337,7 +337,7 @@ do_cast128_encrypt(struct crypto_instance *s, ...@@ -337,7 +337,7 @@ do_cast128_encrypt(struct crypto_instance *s,
lsh_string_cbc_encrypt(dst, di, src, si, length, lsh_string_cbc_encrypt(dst, di, src, si, length,
CAST128_BLOCK_SIZE, self->ctx.iv, CAST128_BLOCK_SIZE, self->ctx.iv,
(nettle_crypt_func *) cast128_encrypt, (nettle_cipher_func *) cast128_encrypt,
&self->ctx.ctx); &self->ctx.ctx);
} }
...@@ -351,12 +351,12 @@ do_cast128_decrypt(struct crypto_instance *s, ...@@ -351,12 +351,12 @@ do_cast128_decrypt(struct crypto_instance *s,
lsh_string_cbc_decrypt(dst, di, src, si, length, lsh_string_cbc_decrypt(dst, di, src, si, length,
CAST128_BLOCK_SIZE, self->ctx.iv, CAST128_BLOCK_SIZE, self->ctx.iv,
(nettle_crypt_func *) cast128_decrypt, (nettle_cipher_func *) cast128_decrypt,
&self->ctx.ctx); &self->ctx.ctx);
} }
static struct crypto_instance * static struct crypto_instance *
make_cast128_cbc_instance(struct crypto_algorithm *algorithm, int mode, make_cast128_cbc_instance(struct crypto_algorithm *algorithm UNUSED, int mode,
const uint8_t *key, const uint8_t *iv) const uint8_t *key, const uint8_t *iv)
{ {
NEW(cast128_instance, self); NEW(cast128_instance, self);
...@@ -366,7 +366,7 @@ make_cast128_cbc_instance(struct crypto_algorithm *algorithm, int mode, ...@@ -366,7 +366,7 @@ make_cast128_cbc_instance(struct crypto_algorithm *algorithm, int mode,
? do_cast128_encrypt ? do_cast128_encrypt
: do_cast128_decrypt); : do_cast128_decrypt);
cast128_set_key(&self->ctx.ctx, algorithm->key_size, key); cast128_set_key(&self->ctx.ctx, key);
CBC_SET_IV(&self->ctx, iv); CBC_SET_IV(&self->ctx, iv);
return(&self->super); return(&self->super);
...@@ -397,7 +397,7 @@ do_twofish_encrypt(struct crypto_instance *s, ...@@ -397,7 +397,7 @@ do_twofish_encrypt(struct crypto_instance *s,
lsh_string_cbc_encrypt(dst, di, src, si, length, lsh_string_cbc_encrypt(dst, di, src, si, length,
TWOFISH_BLOCK_SIZE, self->ctx.iv, TWOFISH_BLOCK_SIZE, self->ctx.iv,
(nettle_crypt_func *) twofish_encrypt, (nettle_cipher_func *) twofish_encrypt,
&self->ctx.ctx); &self->ctx.ctx);
} }
...@@ -411,7 +411,7 @@ do_twofish_decrypt(struct crypto_instance *s, ...@@ -411,7 +411,7 @@ do_twofish_decrypt(struct crypto_instance *s,
lsh_string_cbc_decrypt(dst, di, src, si, length, lsh_string_cbc_decrypt(dst, di, src, si, length,
TWOFISH_BLOCK_SIZE, self->ctx.iv, TWOFISH_BLOCK_SIZE, self->ctx.iv,
(nettle_crypt_func *) twofish_decrypt, (nettle_cipher_func *) twofish_decrypt,
&self->ctx.ctx); &self->ctx.ctx);
} }
...@@ -456,7 +456,7 @@ do_blowfish_encrypt(struct crypto_instance *s, ...@@ -456,7 +456,7 @@ do_blowfish_encrypt(struct crypto_instance *s,
lsh_string_cbc_encrypt(dst, di, src, si, length, lsh_string_cbc_encrypt(dst, di, src, si, length,
BLOWFISH_BLOCK_SIZE, self->ctx.iv, BLOWFISH_BLOCK_SIZE, self->ctx.iv,
(nettle_crypt_func *) blowfish_encrypt, (nettle_cipher_func *) blowfish_encrypt,
&self->ctx.ctx); &self->ctx.ctx);
} }
...@@ -470,7 +470,7 @@ do_blowfish_decrypt(struct crypto_instance *s, ...@@ -470,7 +470,7 @@ do_blowfish_decrypt(struct crypto_instance *s,
lsh_string_cbc_decrypt(dst, di, src, si, length, lsh_string_cbc_decrypt(dst, di, src, si, length,
BLOWFISH_BLOCK_SIZE, self->ctx.iv, BLOWFISH_BLOCK_SIZE, self->ctx.iv,
(nettle_crypt_func *) blowfish_decrypt, (nettle_cipher_func *) blowfish_decrypt,
&self->ctx.ctx); &self->ctx.ctx);
} }
...@@ -522,7 +522,7 @@ do_serpent_encrypt(struct crypto_instance *s, ...@@ -522,7 +522,7 @@ do_serpent_encrypt(struct crypto_instance *s,
lsh_string_cbc_encrypt(dst, di, src, si, length, lsh_string_cbc_encrypt(dst, di, src, si, length,
SERPENT_BLOCK_SIZE, self->ctx.iv, SERPENT_BLOCK_SIZE, self->ctx.iv,
(nettle_crypt_func *) serpent_encrypt, (nettle_cipher_func *) serpent_encrypt,
&self->ctx.ctx); &self->ctx.ctx);
} }
...@@ -536,7 +536,7 @@ do_serpent_decrypt(struct crypto_instance *s, ...@@ -536,7 +536,7 @@ do_serpent_decrypt(struct crypto_instance *s,
lsh_string_cbc_decrypt(dst, di, src, si, length, lsh_string_cbc_decrypt(dst, di, src, si, length,
SERPENT_BLOCK_SIZE, self->ctx.iv, SERPENT_BLOCK_SIZE, self->ctx.iv,
(nettle_crypt_func *) serpent_decrypt, (nettle_cipher_func *) serpent_decrypt,
&self->ctx.ctx); &self->ctx.ctx);
} }
......
...@@ -64,8 +64,9 @@ ...@@ -64,8 +64,9 @@
(name dsa_verifier) (name dsa_verifier)
(super verifier) (super verifier)
(vars (vars
(key indirect-special "struct dsa_public_key" (params indirect-special "struct dsa_params"
#f dsa_public_key_clear))) #f dsa_params_clear)
(key bignum)))
*/ */
/* GABA: /* GABA:
...@@ -74,8 +75,7 @@ ...@@ -74,8 +75,7 @@
(super signer) (super signer)
(vars (vars
(verifier object dsa_verifier) (verifier object dsa_verifier)
(key indirect-special "struct dsa_private_key" (key bignum)))
#f dsa_private_key_clear)))
*/ */
static int static int
...@@ -87,6 +87,7 @@ do_dsa_verify(struct verifier *c, int algorithm, ...@@ -87,6 +87,7 @@ do_dsa_verify(struct verifier *c, int algorithm,
{ {
CAST(dsa_verifier, self, c); CAST(dsa_verifier, self, c);
struct sha1_ctx hash; struct sha1_ctx hash;
uint8_t digest[SHA1_DIGEST_SIZE];
struct simple_buffer buffer; struct simple_buffer buffer;
...@@ -148,8 +149,8 @@ do_dsa_verify(struct verifier *c, int algorithm, ...@@ -148,8 +149,8 @@ do_dsa_verify(struct verifier *c, int algorithm,
sha1_init(&hash); sha1_init(&hash);
sha1_update(&hash, length, msg); sha1_update(&hash, length, msg);
sha1_digest(&hash, sizeof(digest), digest);
res = dsa_sha1_verify(&self->key, &hash, &sv); res = dsa_verify(&self->params, self->key, sizeof(digest), digest, &sv);
fail: fail:
dsa_signature_clear(&sv); dsa_signature_clear(&sv);
...@@ -164,8 +165,8 @@ do_dsa_public_key(struct verifier *s) ...@@ -164,8 +165,8 @@ do_dsa_public_key(struct verifier *s)
CAST(dsa_verifier, self, s); CAST(dsa_verifier, self, s);
return ssh_format("%a%n%n%n%n", return ssh_format("%a%n%n%n%n",
ATOM_SSH_DSS, ATOM_SSH_DSS,
self->key.p, self->key.q, self->params.p, self->params.q,
self->key.g, self->key.y); self->params.g, self->key);
} }
/* FIXME: Should maybe switch to the name "dsa-sha1". Not sure what we /* FIXME: Should maybe switch to the name "dsa-sha1". Not sure what we
...@@ -179,16 +180,16 @@ do_dsa_public_spki_key(struct verifier *s, int transport) ...@@ -179,16 +180,16 @@ do_dsa_public_spki_key(struct verifier *s, int transport)
return lsh_string_format_sexp(transport, return lsh_string_format_sexp(transport,
"(%0s(%0s(%0s%b)(%0s%b)(%0s%b)(%0s%b)))", "(%0s(%0s(%0s%b)(%0s%b)(%0s%b)(%0s%b)))",
"public-key", "dsa", "public-key", "dsa",
"p", self->key.p, "p", self->params.p,
"q", self->key.q, "q", self->params.q,
"g", self->key.g, "g", self->params.g,
"y", self->key.y); "y", self->key);
} }
static void static void
init_dsa_verifier(struct dsa_verifier *self) init_dsa_verifier(struct dsa_verifier *self)
{ {
dsa_public_key_init(&self->key); dsa_params_init(&self->params);
self->super.verify = do_dsa_verify; self->super.verify = do_dsa_verify;
self->super.public_spki_key = do_dsa_public_spki_key; self->super.public_spki_key = do_dsa_public_spki_key;
...@@ -204,18 +205,18 @@ parse_ssh_dss_public(struct simple_buffer *buffer) ...@@ -204,18 +205,18 @@ parse_ssh_dss_public(struct simple_buffer *buffer)
NEW(dsa_verifier, res); NEW(dsa_verifier, res);
init_dsa_verifier(res); init_dsa_verifier(res);
if (parse_bignum(buffer, res->key.p, DSA_SHA1_MAX_OCTETS) if (parse_bignum(buffer, res->params.p, DSA_SHA1_MAX_OCTETS)
&& (mpz_sgn(res->key.p) == 1) && (mpz_sgn(res->params.p) == 1)
&& parse_bignum(buffer, res->key.q, DSA_SHA1_Q_OCTETS) && parse_bignum(buffer, res->params.q, DSA_SHA1_Q_OCTETS)
&& (mpz_sgn(res->key.q) == 1) && (mpz_sgn(res->params.q) == 1)
&& mpz_sizeinbase(res->key.q, 2) == DSA_SHA1_Q_BITS && mpz_sizeinbase(res->params.q, 2) == DSA_SHA1_Q_BITS
&& (mpz_cmp(res->key.q, res->key.p) < 0) /* q < p */ && (mpz_cmp(res->params.q, res->params.p) < 0) /* q < p */
&& parse_bignum(buffer, res->key.g, DSA_SHA1_MAX_OCTETS) && parse_bignum(buffer, res->params.g, DSA_SHA1_MAX_OCTETS)
&& (mpz_sgn(res->key.g) == 1) && (mpz_sgn(res->params.g) == 1)
&& (mpz_cmp(res->key.g, res->key.p) < 0) /* g < p */ && (mpz_cmp(res->params.g, res->params.p) < 0) /* g < p */
&& parse_bignum(buffer, res->key.y, DSA_SHA1_MAX_OCTETS) && parse_bignum(buffer, res->key, DSA_SHA1_MAX_OCTETS)
&& (mpz_sgn(res->key.y) == 1) && (mpz_sgn(res->key) == 1)
&& (mpz_cmp(res->key.y, res->key.p) < 0) /* y < p */ && (mpz_cmp(res->key, res->params.p) < 0) /* y < p */
&& parse_eod(buffer)) && parse_eod(buffer))
return &res->super; return &res->super;
...@@ -249,6 +250,7 @@ do_dsa_sign(struct signer *c, ...@@ -249,6 +250,7 @@ do_dsa_sign(struct signer *c,
CAST(dsa_signer, self, c); CAST(dsa_signer, self, c);
struct dsa_signature sv; struct dsa_signature sv;
struct sha1_ctx hash; struct sha1_ctx hash;
uint8_t digest[SHA1_DIGEST_SIZE];
struct lsh_string *signature; struct lsh_string *signature;
trace("do_dsa_sign: Signing according to %a\n", algorithm); trace("do_dsa_sign: Signing according to %a\n", algorithm);
...@@ -256,9 +258,10 @@ do_dsa_sign(struct signer *c, ...@@ -256,9 +258,10 @@ do_dsa_sign(struct signer *c,
dsa_signature_init(&sv); dsa_signature_init(&sv);
sha1_init(&hash); sha1_init(&hash);
sha1_update(&hash, msg_length, msg); sha1_update(&hash, msg_length, msg);
sha1_digest(&hash, sizeof(digest), digest);
if (dsa_sha1_sign(&self->verifier->key, &self->key, if (dsa_sign(&self->verifier->params, self->key,
NULL, lsh_random, &hash, &sv)) NULL, lsh_random, sizeof(digest), digest, &sv))
/* Build signature */ /* Build signature */
switch (algorithm) switch (algorithm)
{ {
...@@ -310,7 +313,7 @@ make_dsa_verifier(struct signature_algorithm *self UNUSED, ...@@ -310,7 +313,7 @@ make_dsa_verifier(struct signature_algorithm *self UNUSED,
NEW(dsa_verifier, res); NEW(dsa_verifier, res);
init_dsa_verifier(res); init_dsa_verifier(res);
if (dsa_keypair_from_sexp_alist(&res->key, NULL, if (dsa_keypair_from_sexp_alist(&res->params, res->key, NULL,
DSA_SHA1_MAX_BITS, DSA_SHA1_Q_BITS, DSA_SHA1_MAX_BITS, DSA_SHA1_Q_BITS,
i)) i))
return &res->super; return &res->super;
...@@ -328,9 +331,7 @@ make_dsa_signer(struct signature_algorithm *self UNUSED, ...@@ -328,9 +331,7 @@ make_dsa_signer(struct signature_algorithm *self UNUSED,
init_dsa_verifier(verifier); init_dsa_verifier(verifier);
dsa_private_key_init(&res->key); if (dsa_keypair_from_sexp_alist(&verifier->params, verifier->key, res->key,
if (dsa_keypair_from_sexp_alist(&verifier->key, &res->key,
DSA_SHA1_MAX_BITS, DSA_SHA1_Q_BITS, DSA_SHA1_MAX_BITS, DSA_SHA1_Q_BITS,
i)) i))
{ {
...@@ -375,6 +376,7 @@ do_dsa_sha256_verify(struct verifier *c, int algorithm, ...@@ -375,6 +376,7 @@ do_dsa_sha256_verify(struct verifier *c, int algorithm,
{ {
CAST(dsa_verifier, self, c); CAST(dsa_verifier, self, c);
struct sha256_ctx hash; struct sha256_ctx hash;
uint8_t digest[SHA256_DIGEST_SIZE];
struct simple_buffer buffer; struct simple_buffer buffer;
...@@ -411,8 +413,9 @@ do_dsa_sha256_verify(struct verifier *c, int algorithm, ...@@ -411,8 +413,9 @@ do_dsa_sha256_verify(struct verifier *c, int algorithm,
sha256_init(&hash); sha256_init(&hash);
sha256_update(&hash, length, msg); sha256_update(&hash, length, msg);
sha256_digest(&hash, sizeof(digest), digest);
res = dsa_sha256_verify(&self->key, &hash, &sv); res = dsa_verify(&self->params, self->key, sizeof(digest), digest, &sv);
fail: fail:
dsa_signature_clear(&sv); dsa_signature_clear(&sv);
...@@ -427,8 +430,8 @@ do_dsa_sha256_public_key(struct verifier *s) ...@@ -427,8 +430,8 @@ do_dsa_sha256_public_key(struct verifier *s)
CAST(dsa_verifier, self, s); CAST(dsa_verifier, self, s);
return ssh_format("%a%n%n%n%n", return ssh_format("%a%n%n%n%n",
ATOM_SSH_DSA, ATOM_SSH_DSA,
self->key.p, self->key.q, self->params.p, self->params.q,
self->key.g, self->key.y); self->params.g, self->key);
} }
static struct lsh_string * static struct lsh_string *
...@@ -439,23 +442,23 @@ do_dsa_sha256_public_spki_key(struct verifier *s, int transport) ...@@ -439,23 +442,23 @@ do_dsa_sha256_public_spki_key(struct verifier *s, int transport)
return lsh_string_format_sexp(transport, return lsh_string_format_sexp(transport,
"(%0s(%0s(%0s%b)(%0s%b)(%0s%b)(%0s%b)))", "(%0s(%0s(%0s%b)(%0s%b)(%0s%b)(%0s%b)))",
"public-key", "dsa-sha256", "public-key", "dsa-sha256",
"p", self->key.p, "p", self->params.p,
"q", self->key.q, "q", self->params.q,
"g", self->key.g, "g", self->params.g,
"y", self->key.y); "y", self->key);
} }
static void static void
init_dsa_sha256_verifier(struct dsa_verifier *self) init_dsa_sha256_verifier(struct dsa_verifier *self)
{ {
dsa_public_key_init(&self->key); dsa_params_init(&self->params);
self->super.verify = do_dsa_sha256_verify; self->super.verify = do_dsa_sha256_verify;
self->super.public_spki_key = do_dsa_sha256_public_spki_key; self->super.public_spki_key = do_dsa_sha256_public_spki_key;
self->super.public_key = do_dsa_sha256_public_key; self->super.public_key = do_dsa_sha256_public_key;
} }
/* FIXME: Duplicated code with plain ssh_dss. */
/* Alternative constructor using a key of type ssh-dsa-sha256, when /* Alternative constructor using a key of type ssh-dsa-sha256, when
* the atom "ssh-dss" is already read from the buffer. */ * the atom "ssh-dss" is already read from the buffer. */
struct verifier * struct verifier *
...@@ -464,18 +467,18 @@ parse_ssh_dsa_sha256_public(struct simple_buffer *buffer) ...@@ -464,18 +467,18 @@ parse_ssh_dsa_sha256_public(struct simple_buffer *buffer)
NEW(dsa_verifier, res); NEW(dsa_verifier, res);
init_dsa_verifier(res); init_dsa_verifier(res);
if (parse_bignum(buffer, res->key.p, DSA_SHA256_MAX_OCTETS) if (parse_bignum(buffer, res->params.p, DSA_SHA256_MAX_OCTETS)
&& (mpz_sgn(res->key.p) == 1) && (mpz_sgn(res->params.p) == 1)
&& parse_bignum(buffer, res->key.q, DSA_SHA256_Q_OCTETS) && parse_bignum(buffer, res->params.q, DSA_SHA256_Q_OCTETS)
&& (mpz_sgn(res->key.q) == 1) && (mpz_sgn(res->params.q) == 1)
&& mpz_sizeinbase(res->key.q, 2) == DSA_SHA256_Q_BITS && mpz_sizeinbase(res->params.q, 2) == DSA_SHA256_Q_BITS
&& (mpz_cmp(res->key.q, res->key.p) < 0) /* q < p */ && (mpz_cmp(res->params.q, res->params.p) < 0) /* q < p */
&& parse_bignum(buffer, res->key.g, DSA_SHA256_MAX_OCTETS) && parse_bignum(buffer, res->params.g, DSA_SHA256_MAX_OCTETS)
&& (mpz_sgn(res->key.g) == 1) && (mpz_sgn(res->params.g) == 1)
&& (mpz_cmp(res->key.g, res->key.p) < 0) /* g < p */ && (mpz_cmp(res->params.g, res->params.p) < 0) /* g < p */
&& parse_bignum(buffer, res->key.y, DSA_SHA256_MAX_OCTETS) && parse_bignum(buffer, res->key, DSA_SHA256_MAX_OCTETS)
&& (mpz_sgn(res->key.y) == 1) && (mpz_sgn(res->key) == 1)
&& (mpz_cmp(res->key.y, res->key.p) < 0) /* y < p */ && (mpz_cmp(res->key, res->params.p) < 0) /* y < p */
&& parse_eod(buffer)) && parse_eod(buffer))
return &res->super; return &res->super;
...@@ -499,6 +502,7 @@ do_dsa_sha256_sign(struct signer *c, ...@@ -499,6 +502,7 @@ do_dsa_sha256_sign(struct signer *c,
CAST(dsa_signer, self, c); CAST(dsa_signer, self, c);
struct dsa_signature sv; struct dsa_signature sv;
struct sha256_ctx hash; struct sha256_ctx hash;
uint8_t digest[SHA256_DIGEST_SIZE];
struct lsh_string *signature; struct lsh_string *signature;
trace("do_dsa_sign: Signing according to %a\n", algorithm); trace("do_dsa_sign: Signing according to %a\n", algorithm);
...@@ -506,9 +510,10 @@ do_dsa_sha256_sign(struct signer *c, ...@@ -506,9 +510,10 @@ do_dsa_sha256_sign(struct signer *c,
dsa_signature_init(&sv); dsa_signature_init(&sv);
sha256_init(&hash); sha256_init(&hash);
sha256_update(&hash, msg_length, msg); sha256_update(&hash, msg_length, msg);
sha256_digest(&hash, sizeof(digest), digest);
if (dsa_sha256_sign(&self->verifier->key, &self->key, if (dsa_sign(&self->verifier->params, self->key,
NULL, lsh_random, &hash, &sv)) NULL, lsh_random, sizeof(digest), digest, &sv))
/* Build signature */ /* Build signature */
switch (algorithm) switch (algorithm)
{ {
...@@ -554,7 +559,7 @@ make_dsa_sha256_verifier(struct signature_algorithm *self UNUSED, ...@@ -554,7 +559,7 @@ make_dsa_sha256_verifier(struct signature_algorithm *self UNUSED,
NEW(dsa_verifier, res); NEW(dsa_verifier, res);
init_dsa_sha256_verifier(res); init_dsa_sha256_verifier(res);
if (dsa_keypair_from_sexp_alist(&res->key, NULL, if (dsa_keypair_from_sexp_alist(&res->params, res->key, NULL,
DSA_SHA256_MAX_BITS, DSA_SHA256_Q_BITS, DSA_SHA256_MAX_BITS, DSA_SHA256_Q_BITS,
i)) i))
return &res->super; return &res->super;
...@@ -572,9 +577,7 @@ make_dsa_sha256_signer(struct signature_algorithm *self UNUSED, ...@@ -572,9 +577,7 @@ make_dsa_sha256_signer(struct signature_algorithm *self UNUSED,
init_dsa_verifier(verifier); init_dsa_verifier(verifier);
dsa_private_key_init(&res->key); if (dsa_keypair_from_sexp_alist(&verifier->params, verifier->key, res->key,
if (dsa_keypair_from_sexp_alist(&verifier->key, &res->key,
DSA_SHA256_MAX_BITS, DSA_SHA256_Q_BITS, DSA_SHA256_MAX_BITS, DSA_SHA256_Q_BITS,
i)) i))
{ {
......
...@@ -76,12 +76,12 @@ hmac_digest(const void *outer UNUSED, const void *inner UNUSED, void *state UNUS ...@@ -76,12 +76,12 @@ hmac_digest(const void *outer UNUSED, const void *inner UNUSED, void *state UNUS
unsigned length UNUSED, uint8_t *digest UNUSED) unsigned length UNUSED, uint8_t *digest UNUSED)
{ abort(); } { abort(); }
unsigned size_t
sexp_vformat(struct nettle_buffer *buffer UNUSED, sexp_vformat(struct nettle_buffer *buffer UNUSED,
const char *format UNUSED, va_list args UNUSED) const char *format UNUSED, va_list args UNUSED)
{ abort(); } { abort(); }
unsigned size_t
sexp_transport_vformat(struct nettle_buffer *buffer UNUSED, sexp_transport_vformat(struct nettle_buffer *buffer UNUSED,
const char *format UNUSED, va_list args UNUSED) const char *format UNUSED, va_list args UNUSED)
{ abort(); } { abort(); }
......
...@@ -476,54 +476,64 @@ progress(void *ctx UNUSED, int c) ...@@ -476,54 +476,64 @@ progress(void *ctx UNUSED, int c)
static struct lsh_string * static struct lsh_string *
dsa_sha1_generate_key(unsigned bits) dsa_sha1_generate_key(unsigned bits)
{ {
struct dsa_public_key public; struct dsa_params params;
struct dsa_private_key private;
struct lsh_string *key = NULL; struct lsh_string *key = NULL;
dsa_public_key_init(&public); dsa_params_init(&params);
dsa_private_key_init(&private);
if (dsa_generate_keypair(&public, &private, if (dsa_generate_params(&params,
NULL, lsh_random, NULL, lsh_random,