dsa.h 8.21 KB
Newer Older
Niels Möller's avatar
Niels Möller committed
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
/* dsa.h
 *
 * The DSA publickey algorithm.
 */

/* nettle, low-level cryptographics library
 *
 * Copyright (C) 2002 Niels Mller
 *  
 * The nettle library is free software; you can redistribute it and/or modify
 * it under the terms of the GNU Lesser General Public License as published by
 * the Free Software Foundation; either version 2.1 of the License, or (at your
 * option) any later version.
 * 
 * The nettle library is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
 * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public
 * License for more details.
 * 
 * You should have received a copy of the GNU Lesser General Public License
 * along with the nettle library; see the file COPYING.LIB.  If not, write to
 * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
 * MA 02111-1307, USA.
 */
 
#ifndef NETTLE_DSA_H_INCLUDED
#define NETTLE_DSA_H_INCLUDED

#include <gmp.h>

31
32
#include "nettle-types.h"

Niels Möller's avatar
Niels Möller committed
33
34
35
36
37
#include "sha.h"

/* For nettle_random_func */
#include "nettle-meta.h"

Niels Möller's avatar
Niels Möller committed
38
39
40
41
#ifdef __cplusplus
extern "C" {
#endif

42
43
44
45
46
47
48
/* Name mangling */
#define dsa_public_key_init nettle_dsa_public_key_init
#define dsa_public_key_clear nettle_dsa_public_key_clear
#define dsa_private_key_init nettle_dsa_private_key_init
#define dsa_private_key_clear nettle_dsa_private_key_clear
#define dsa_signature_init nettle_dsa_signature_init
#define dsa_signature_clear nettle_dsa_signature_clear
49
50
51
52
53
54
55
56
#define dsa_sha1_sign nettle_dsa_sha1_sign
#define dsa_sha1_verify nettle_dsa_sha1_verify
#define dsa_sha256_sign nettle_dsa_sha256_sign
#define dsa_sha256_verify nettle_dsa_sha256_verify
#define dsa_sha1_sign_digest nettle_dsa_sha1_sign_digest
#define dsa_sha1_verify_digest nettle_dsa_sha1_verify_digest
#define dsa_sha256_sign_digest nettle_dsa_sha256_sign_digest
#define dsa_sha256_verify_digest nettle_dsa_sha256_verify_digest
57
58
#define dsa_generate_keypair nettle_dsa_generate_keypair
#define dsa_signature_from_sexp nettle_dsa_signature_from_sexp
59
#define dsa_keypair_to_sexp nettle_dsa_keypair_to_sexp
60
#define dsa_keypair_from_sexp_alist nettle_dsa_keypair_from_sexp_alist
61
62
#define dsa_sha1_keypair_from_sexp nettle_dsa_sha1_keypair_from_sexp
#define dsa_sha256_keypair_from_sexp nettle_dsa_sha256_keypair_from_sexp
63
64
65
66
#define dsa_params_from_der_iterator nettle_dsa_params_from_der_iterator
#define dsa_public_key_from_der_iterator nettle_dsa_public_key_from_der_iterator
#define dsa_openssl_private_key_from_der_iterator nettle_dsa_openssl_private_key_from_der_iterator 
#define dsa_openssl_private_key_from_der nettle_openssl_provate_key_from_der
67
68
#define _dsa_sign _nettle_dsa_sign
#define _dsa_verify _nettle_dsa_verify
69

70
71
72
#define DSA_SHA1_MIN_P_BITS 512
#define DSA_SHA1_Q_OCTETS 20
#define DSA_SHA1_Q_BITS 160
Niels Möller's avatar
Niels Möller committed
73

74
75
76
77
#define DSA_SHA256_MIN_P_BITS 1024
#define DSA_SHA256_Q_OCTETS 32
#define DSA_SHA256_Q_BITS 256
  
Niels Möller's avatar
Niels Möller committed
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
struct dsa_public_key
{  
  /* Modulo */
  mpz_t p;

  /* Group order */
  mpz_t q;

  /* Generator */
  mpz_t g;
  
  /* Public value */
  mpz_t y;
};

struct dsa_private_key
{
95
96
  /* Unlike an rsa public key, private key operations will need both
   * the private and the public information. */
Niels Möller's avatar
Niels Möller committed
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
  mpz_t x;
};

struct dsa_signature
{
  mpz_t r;
  mpz_t s;
};

/* Signing a message works as follows:
 *
 * Store the private key in a dsa_private_key struct.
 *
 * Initialize a hashing context, by callling
 *   sha1_init
 *
 * Hash the message by calling
 *   sha1_update
 *
 * Create the signature by calling
Niels Möller's avatar
Niels Möller committed
117
 *   dsa_sha1_sign
Niels Möller's avatar
Niels Möller committed
118
 *
Niels Möller's avatar
Niels Möller committed
119
 * The signature is represented as a struct dsa_signature. This call also
Niels Möller's avatar
Niels Möller committed
120
121
122
 * resets the hashing context.
 *
 * When done with the key and signature, don't forget to call
Niels Möller's avatar
Niels Möller committed
123
 * dsa_signature_clear.
Niels Möller's avatar
Niels Möller committed
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
 */

/* Calls mpz_init to initialize bignum storage. */
void
dsa_public_key_init(struct dsa_public_key *key);

/* Calls mpz_clear to deallocate bignum storage. */
void
dsa_public_key_clear(struct dsa_public_key *key);


/* Calls mpz_init to initialize bignum storage. */
void
dsa_private_key_init(struct dsa_private_key *key);

/* Calls mpz_clear to deallocate bignum storage. */
void
dsa_private_key_clear(struct dsa_private_key *key);

/* Calls mpz_init to initialize bignum storage. */
void
dsa_signature_init(struct dsa_signature *signature);

/* Calls mpz_clear to deallocate bignum storage. */
void
dsa_signature_clear(struct dsa_signature *signature);


int
153
154
155
156
157
dsa_sha1_sign(const struct dsa_public_key *pub,
	      const struct dsa_private_key *key,
	      void *random_ctx, nettle_random_func random,
	      struct sha1_ctx *hash,
	      struct dsa_signature *signature);
Niels Möller's avatar
Niels Möller committed
158

159
160
int
dsa_sha256_sign(const struct dsa_public_key *pub,
161
162
		const struct dsa_private_key *key,
		void *random_ctx, nettle_random_func random,
163
		struct sha256_ctx *hash,
164
165
166
		struct dsa_signature *signature);

int
167
168
169
170
171
172
173
dsa_sha1_verify(const struct dsa_public_key *key,
		struct sha1_ctx *hash,
		const struct dsa_signature *signature);

int
dsa_sha256_verify(const struct dsa_public_key *key,
		  struct sha256_ctx *hash,
174
175
		  const struct dsa_signature *signature);

176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
int
dsa_sha1_sign_digest(const struct dsa_public_key *pub,
		     const struct dsa_private_key *key,
		     void *random_ctx, nettle_random_func random,
		     const uint8_t *digest,
		     struct dsa_signature *signature);
int
dsa_sha256_sign_digest(const struct dsa_public_key *pub,
		       const struct dsa_private_key *key,
		       void *random_ctx, nettle_random_func random,
		       const uint8_t *digest,
		       struct dsa_signature *signature);

int
dsa_sha1_verify_digest(const struct dsa_public_key *key,
		       const uint8_t *digest,
		       const struct dsa_signature *signature);

int
dsa_sha256_verify_digest(const struct dsa_public_key *key,
			 const uint8_t *digest,
			 const struct dsa_signature *signature);

Niels Möller's avatar
Niels Möller committed
199
200
201
202
203
204
205
206
/* Key generation */

int
dsa_generate_keypair(struct dsa_public_key *pub,
		     struct dsa_private_key *key,

		     void *random_ctx, nettle_random_func random,

207
208
		     void *progress_ctx, nettle_progress_func progress,
		     unsigned p_bits, unsigned q_bits);
Niels Möller's avatar
Niels Möller committed
209

210
211
212
213
214
215
216
217
218
219
220
/* Keys in sexp form. */

struct nettle_buffer;

/* Generates a public-key expression if PRIV is NULL .*/
int
dsa_keypair_to_sexp(struct nettle_buffer *buffer,
		    const char *algorithm_name, /* NULL means "dsa" */
		    const struct dsa_public_key *pub,
		    const struct dsa_private_key *priv);

221
222
struct sexp_iterator;

223
224
int
dsa_signature_from_sexp(struct dsa_signature *rs,
225
226
			struct sexp_iterator *i,
			unsigned q_bits);
227

228
229
230
int
dsa_keypair_from_sexp_alist(struct dsa_public_key *pub,
			    struct dsa_private_key *priv,
231
232
			    unsigned p_max_bits,
			    unsigned q_bits,
233
234
235
236
237
238
239
			    struct sexp_iterator *i);

/* If PRIV is NULL, expect a public-key expression. If PUB is NULL,
 * expect a private key expression and ignore the parts not needed for
 * the public key. */
/* Keys must be initialized before calling this function, as usual. */
int
240
241
242
243
244
245
246
247
248
249
dsa_sha1_keypair_from_sexp(struct dsa_public_key *pub,
			   struct dsa_private_key *priv,
			   unsigned p_max_bits,
			   unsigned length, const uint8_t *expr);

int
dsa_sha256_keypair_from_sexp(struct dsa_public_key *pub,
			     struct dsa_private_key *priv,
			     unsigned p_max_bits,
			     unsigned length, const uint8_t *expr);
250

251
252
253
254
/* Keys in X.509 andd OpenSSL format. */
struct asn1_der_iterator;

int
255
dsa_params_from_der_iterator(struct dsa_public_key *pub,
256
			     unsigned p_max_bits,
257
258
259
			     struct asn1_der_iterator *i);
int
dsa_public_key_from_der_iterator(struct dsa_public_key *pub,
260
				 unsigned p_max_bits,
261
				 struct asn1_der_iterator *i);
262
263

int
264
265
dsa_openssl_private_key_from_der_iterator(struct dsa_public_key *pub,
					  struct dsa_private_key *priv,
266
					  unsigned p_max_bits,
267
					  struct asn1_der_iterator *i);
268
269

int
270
271
dsa_openssl_private_key_from_der(struct dsa_public_key *pub,
				 struct dsa_private_key *priv,
272
				 unsigned p_max_bits, 
273
				 unsigned length, const uint8_t *data);
274

275

276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
/* Internal functions. */
int
_dsa_sign(const struct dsa_public_key *pub,
	  const struct dsa_private_key *key,
	  void *random_ctx, nettle_random_func random,
	  unsigned digest_size,
	  const uint8_t *digest,
	  struct dsa_signature *signature);

int
_dsa_verify(const struct dsa_public_key *key,
	    unsigned digest_size,
	    const uint8_t *digest,
	    const struct dsa_signature *signature);

Niels Möller's avatar
Niels Möller committed
291
292
293
294
#ifdef __cplusplus
}
#endif

Niels Möller's avatar
Niels Möller committed
295
#endif /* NETTLE_DSA_H_INCLUDED */