dsa.h 8.41 KB
Newer Older
Niels Möller's avatar
Niels Möller committed
1
2
3
4
5
6
7
/* dsa.h
 *
 * The DSA publickey algorithm.
 */

/* nettle, low-level cryptographics library
 *
Niels Möller's avatar
Niels Möller committed
8
 * Copyright (C) 2002 Niels Möller
Niels Möller's avatar
Niels Möller committed
9
10
11
12
13
14
15
16
17
18
19
20
21
 *  
 * The nettle library is free software; you can redistribute it and/or modify
 * it under the terms of the GNU Lesser General Public License as published by
 * the Free Software Foundation; either version 2.1 of the License, or (at your
 * option) any later version.
 * 
 * The nettle library is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
 * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public
 * License for more details.
 * 
 * You should have received a copy of the GNU Lesser General Public License
 * along with the nettle library; see the file COPYING.LIB.  If not, write to
22
23
 * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
 * MA 02111-1301, USA.
Niels Möller's avatar
Niels Möller committed
24
25
26
27
28
29
30
 */
 
#ifndef NETTLE_DSA_H_INCLUDED
#define NETTLE_DSA_H_INCLUDED

#include <gmp.h>

31
32
#include "nettle-types.h"

33
34
#include "sha1.h"
#include "sha2.h"
Niels Möller's avatar
Niels Möller committed
35

Niels Möller's avatar
Niels Möller committed
36
37
38
39
#ifdef __cplusplus
extern "C" {
#endif

40
41
42
43
44
45
46
/* Name mangling */
#define dsa_public_key_init nettle_dsa_public_key_init
#define dsa_public_key_clear nettle_dsa_public_key_clear
#define dsa_private_key_init nettle_dsa_private_key_init
#define dsa_private_key_clear nettle_dsa_private_key_clear
#define dsa_signature_init nettle_dsa_signature_init
#define dsa_signature_clear nettle_dsa_signature_clear
47
48
49
50
#define dsa_sha1_sign nettle_dsa_sha1_sign
#define dsa_sha1_verify nettle_dsa_sha1_verify
#define dsa_sha256_sign nettle_dsa_sha256_sign
#define dsa_sha256_verify nettle_dsa_sha256_verify
51
52
#define dsa_sign nettle_dsa_sign
#define dsa_verify nettle_dsa_verify
53
54
55
56
#define dsa_sha1_sign_digest nettle_dsa_sha1_sign_digest
#define dsa_sha1_verify_digest nettle_dsa_sha1_verify_digest
#define dsa_sha256_sign_digest nettle_dsa_sha256_sign_digest
#define dsa_sha256_verify_digest nettle_dsa_sha256_verify_digest
57
58
#define dsa_generate_keypair nettle_dsa_generate_keypair
#define dsa_signature_from_sexp nettle_dsa_signature_from_sexp
59
#define dsa_keypair_to_sexp nettle_dsa_keypair_to_sexp
60
#define dsa_keypair_from_sexp_alist nettle_dsa_keypair_from_sexp_alist
61
62
#define dsa_sha1_keypair_from_sexp nettle_dsa_sha1_keypair_from_sexp
#define dsa_sha256_keypair_from_sexp nettle_dsa_sha256_keypair_from_sexp
63
64
65
66
#define dsa_params_from_der_iterator nettle_dsa_params_from_der_iterator
#define dsa_public_key_from_der_iterator nettle_dsa_public_key_from_der_iterator
#define dsa_openssl_private_key_from_der_iterator nettle_dsa_openssl_private_key_from_der_iterator 
#define dsa_openssl_private_key_from_der nettle_openssl_provate_key_from_der
67
#define _dsa_hash _nettle_dsa_hash
68

69
70
71
#define DSA_SHA1_MIN_P_BITS 512
#define DSA_SHA1_Q_OCTETS 20
#define DSA_SHA1_Q_BITS 160
Niels Möller's avatar
Niels Möller committed
72

73
74
75
76
#define DSA_SHA256_MIN_P_BITS 1024
#define DSA_SHA256_Q_OCTETS 32
#define DSA_SHA256_Q_BITS 256
  
Niels Möller's avatar
Niels Möller committed
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
struct dsa_public_key
{  
  /* Modulo */
  mpz_t p;

  /* Group order */
  mpz_t q;

  /* Generator */
  mpz_t g;
  
  /* Public value */
  mpz_t y;
};

struct dsa_private_key
{
94
95
  /* Unlike an rsa public key, private key operations will need both
   * the private and the public information. */
Niels Möller's avatar
Niels Möller committed
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
  mpz_t x;
};

struct dsa_signature
{
  mpz_t r;
  mpz_t s;
};

/* Signing a message works as follows:
 *
 * Store the private key in a dsa_private_key struct.
 *
 * Initialize a hashing context, by callling
 *   sha1_init
 *
 * Hash the message by calling
 *   sha1_update
 *
 * Create the signature by calling
Niels Möller's avatar
Niels Möller committed
116
 *   dsa_sha1_sign
Niels Möller's avatar
Niels Möller committed
117
 *
Niels Möller's avatar
Niels Möller committed
118
 * The signature is represented as a struct dsa_signature. This call also
Niels Möller's avatar
Niels Möller committed
119
120
121
 * resets the hashing context.
 *
 * When done with the key and signature, don't forget to call
Niels Möller's avatar
Niels Möller committed
122
 * dsa_signature_clear.
Niels Möller's avatar
Niels Möller committed
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
 */

/* Calls mpz_init to initialize bignum storage. */
void
dsa_public_key_init(struct dsa_public_key *key);

/* Calls mpz_clear to deallocate bignum storage. */
void
dsa_public_key_clear(struct dsa_public_key *key);


/* Calls mpz_init to initialize bignum storage. */
void
dsa_private_key_init(struct dsa_private_key *key);

/* Calls mpz_clear to deallocate bignum storage. */
void
dsa_private_key_clear(struct dsa_private_key *key);

/* Calls mpz_init to initialize bignum storage. */
void
dsa_signature_init(struct dsa_signature *signature);

/* Calls mpz_clear to deallocate bignum storage. */
void
dsa_signature_clear(struct dsa_signature *signature);


int
152
153
dsa_sha1_sign(const struct dsa_public_key *pub,
	      const struct dsa_private_key *key,
154
	      void *random_ctx, nettle_random_func *random,
155
156
	      struct sha1_ctx *hash,
	      struct dsa_signature *signature);
Niels Möller's avatar
Niels Möller committed
157

158
159
int
dsa_sha256_sign(const struct dsa_public_key *pub,
160
		const struct dsa_private_key *key,
161
		void *random_ctx, nettle_random_func *random,
162
		struct sha256_ctx *hash,
163
164
165
		struct dsa_signature *signature);

int
166
167
168
169
170
171
172
dsa_sha1_verify(const struct dsa_public_key *key,
		struct sha1_ctx *hash,
		const struct dsa_signature *signature);

int
dsa_sha256_verify(const struct dsa_public_key *key,
		  struct sha256_ctx *hash,
173
174
		  const struct dsa_signature *signature);

175
int
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
dsa_sign(const struct dsa_public_key *pub,
	 const struct dsa_private_key *key,
	 void *random_ctx, nettle_random_func *random,
	 size_t digest_size,
	 const uint8_t *digest,
	 struct dsa_signature *signature);

int
dsa_verify(const struct dsa_public_key *key,
	   size_t digest_size,
	   const uint8_t *digest,
	   const struct dsa_signature *signature);

/* Maybe obsolete these functions? One can just as well call dsa_sign
   and dsa_verify directly, all that matters is the digest size. */
int
192
193
dsa_sha1_sign_digest(const struct dsa_public_key *pub,
		     const struct dsa_private_key *key,
194
		     void *random_ctx, nettle_random_func *random,
195
196
197
198
199
		     const uint8_t *digest,
		     struct dsa_signature *signature);
int
dsa_sha256_sign_digest(const struct dsa_public_key *pub,
		       const struct dsa_private_key *key,
200
		       void *random_ctx, nettle_random_func *random,
201
202
203
204
205
206
207
208
209
210
211
212
213
		       const uint8_t *digest,
		       struct dsa_signature *signature);

int
dsa_sha1_verify_digest(const struct dsa_public_key *key,
		       const uint8_t *digest,
		       const struct dsa_signature *signature);

int
dsa_sha256_verify_digest(const struct dsa_public_key *key,
			 const uint8_t *digest,
			 const struct dsa_signature *signature);

Niels Möller's avatar
Niels Möller committed
214
215
216
217
218
219
/* Key generation */

int
dsa_generate_keypair(struct dsa_public_key *pub,
		     struct dsa_private_key *key,

220
		     void *random_ctx, nettle_random_func *random,
Niels Möller's avatar
Niels Möller committed
221

222
		     void *progress_ctx, nettle_progress_func *progress,
223
		     unsigned p_bits, unsigned q_bits);
Niels Möller's avatar
Niels Möller committed
224

225
226
227
228
229
230
231
232
233
234
235
/* Keys in sexp form. */

struct nettle_buffer;

/* Generates a public-key expression if PRIV is NULL .*/
int
dsa_keypair_to_sexp(struct nettle_buffer *buffer,
		    const char *algorithm_name, /* NULL means "dsa" */
		    const struct dsa_public_key *pub,
		    const struct dsa_private_key *priv);

236
237
struct sexp_iterator;

238
239
int
dsa_signature_from_sexp(struct dsa_signature *rs,
240
241
			struct sexp_iterator *i,
			unsigned q_bits);
242

243
244
245
int
dsa_keypair_from_sexp_alist(struct dsa_public_key *pub,
			    struct dsa_private_key *priv,
246
247
			    unsigned p_max_bits,
			    unsigned q_bits,
248
249
250
251
252
253
254
			    struct sexp_iterator *i);

/* If PRIV is NULL, expect a public-key expression. If PUB is NULL,
 * expect a private key expression and ignore the parts not needed for
 * the public key. */
/* Keys must be initialized before calling this function, as usual. */
int
255
256
257
dsa_sha1_keypair_from_sexp(struct dsa_public_key *pub,
			   struct dsa_private_key *priv,
			   unsigned p_max_bits,
258
			   size_t length, const uint8_t *expr);
259
260
261
262
263

int
dsa_sha256_keypair_from_sexp(struct dsa_public_key *pub,
			     struct dsa_private_key *priv,
			     unsigned p_max_bits,
264
			     size_t length, const uint8_t *expr);
265

266
267
268
269
/* Keys in X.509 andd OpenSSL format. */
struct asn1_der_iterator;

int
270
dsa_params_from_der_iterator(struct dsa_public_key *pub,
271
			     unsigned p_max_bits,
272
273
274
			     struct asn1_der_iterator *i);
int
dsa_public_key_from_der_iterator(struct dsa_public_key *pub,
275
				 unsigned p_max_bits,
276
				 struct asn1_der_iterator *i);
277
278

int
279
280
dsa_openssl_private_key_from_der_iterator(struct dsa_public_key *pub,
					  struct dsa_private_key *priv,
281
					  unsigned p_max_bits,
282
					  struct asn1_der_iterator *i);
283
284

int
285
286
dsa_openssl_private_key_from_der(struct dsa_public_key *pub,
				 struct dsa_private_key *priv,
287
				 unsigned p_max_bits, 
Niels Möller's avatar
Niels Möller committed
288
				 size_t length, const uint8_t *data);
289

290

291
/* Internal functions. */
292
293
294
295
void
_dsa_hash (mpz_t h, unsigned bit_size,
	   size_t length, const uint8_t *digest);

Niels Möller's avatar
Niels Möller committed
296
297
298
299
#ifdef __cplusplus
}
#endif

Niels Möller's avatar
Niels Möller committed
300
#endif /* NETTLE_DSA_H_INCLUDED */