Move old DSA interface to dsa-compat.h.

ChangeLog

 2014-03-27  Niels Möller  <nisse@lysator.liu.se>
 
+	* dsa-compat.c (dsa_public_key_init, dsa_public_key_clear)
+	(dsa_private_key_init, dsa_private_key_clear): : Move deprecated
+	DSA functions to a separate file...
+	* dsa.c: ...from here.
+	* dsa-compat.h: New file, declaring deprecated DSA interface.
+	Include in corresponding C files.
+	* Makefile.in (hogweed_SOURCES): Add dsa-compat.c.
+	(HEADERS): Add dsa-compat.h.
+
 	* dsa-gen-params.c (dsa_generate_params): New file and function,
 	extracted from DSA key generation.
 	* dsa-keygen.c (dsa_generate_keypair): Use dsa_generate_params.

Makefile.in

@@ -148,7 +148,7 @@ hogweed_SOURCES = sexp.c sexp-format.c \
 		  rsa-encrypt.c rsa-decrypt.c rsa-decrypt-tr.c \
 		  rsa-keygen.c rsa-compat.c rsa-blind.c \
 		  rsa2sexp.c sexp2rsa.c \
-		  dsa.c dsa-gen-params.c \
+		  dsa.c dsa-compat.c dsa-gen-params.c \
 		  dsa-sign.c dsa-verify.c dsa-keygen.c dsa-hash.c \
 		  dsa-sha1-sign.c dsa-sha1-verify.c \
 		  dsa-sha256-sign.c dsa-sha256-verify.c  \
@@ -170,7 +170,8 @@ hogweed_SOURCES = sexp.c sexp-format.c \
 HEADERS = aes.h arcfour.h arctwo.h asn1.h bignum.h blowfish.h \
 	  base16.h base64.h buffer.h camellia.h cast128.h \
 	  cbc.h ccm.h chacha.h chacha-poly1305.h ctr.h \
-	  des.h des-compat.h dsa.h eax.h ecc-curve.h ecc.h ecdsa.h \
+	  des.h des-compat.h dsa.h dsa-compat.h eax.h \
+	  ecc-curve.h ecc.h ecdsa.h \
 	  gcm.h gosthash94.h hmac.h \
 	  knuth-lfib.h \
 	  macros.h \

dsa-compat.c

+/* dsa-compat.c
+ *
+ * The DSA publickey algorithm, old interface.
+ */
+
+
+/* nettle, low-level cryptographics library
+ *
+ * Copyright (C) 2002 Niels Möller
+ *  
+ * The nettle library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ * 
+ * The nettle library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public
+ * License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the nettle library; see the file COPYING.LIB.  If not, write to
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
+ */
+
+#if HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include "dsa-compat.h"
+
+void
+dsa_public_key_init(struct dsa_public_key *key)
+{
+  dsa_params_init ((struct dsa_params *) key);
+  mpz_init(key->y);
+}
+
+void
+dsa_public_key_clear(struct dsa_public_key *key)
+{
+  dsa_params_clear ((struct dsa_params *) key);
+  mpz_clear(key->y);
+}
+
+
+void
+dsa_private_key_init(struct dsa_private_key *key)
+{
+  mpz_init(key->x);
+}
+
+void
+dsa_private_key_clear(struct dsa_private_key *key)
+{
+  mpz_clear(key->x);
+}

dsa-compat.h

+/* dsa-compat.h
+ *
+ * Old DSA publickey interface.
+ */
+
+/* nettle, low-level cryptographics library
+ *
+ * Copyright (C) 2002, 2013, 2014 Niels Möller
+ *  
+ * The nettle library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ * 
+ * The nettle library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public
+ * License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the nettle library; see the file COPYING.LIB.  If not, write to
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
+ */
+
+#ifndef NETTLE_DSA_COMPAT_H_INCLUDED
+#define NETTLE_DSA_COMPAT_H_INCLUDED
+
+#include "dsa.h"
+
+#include "sha1.h"
+#include "sha2.h"
+
+/* Name mangling */
+#define dsa_public_key_init nettle_dsa_public_key_init
+#define dsa_public_key_clear nettle_dsa_public_key_clear
+#define dsa_private_key_init nettle_dsa_private_key_init
+#define dsa_private_key_clear nettle_dsa_private_key_clear
+#define dsa_sha1_sign nettle_dsa_sha1_sign
+#define dsa_sha1_verify nettle_dsa_sha1_verify
+#define dsa_sha256_sign nettle_dsa_sha256_sign
+#define dsa_sha256_verify nettle_dsa_sha256_verify
+#define dsa_sha1_sign_digest nettle_dsa_sha1_sign_digest
+#define dsa_sha1_verify_digest nettle_dsa_sha1_verify_digest
+#define dsa_sha256_sign_digest nettle_dsa_sha256_sign_digest
+#define dsa_sha256_verify_digest nettle_dsa_sha256_verify_digest
+#define dsa_compat_generate_keypair nettle_dsa_compat_generate_keypair
+
+/* Switch meaning of dsa_generate_keypair */
+#undef dsa_generate_keypair
+#define dsa_generate_keypair nettle_dsa_compat_generate_keypair
+#define dsa_generate_keypair_new nettle_dsa_generate_keypair
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+struct dsa_public_key
+{
+  /* Same as struct dsa_params, but can't use that struct here without
+     breaking backwards compatibility. Layout must be identical, since
+     this is cast to a struct dsa_param pointer for calling _dsa_sign
+     and _dsa_verify */
+  mpz_t p;
+  mpz_t q;
+  mpz_t g;
+
+  /* Public value */
+  mpz_t y;
+};
+
+struct dsa_private_key
+{
+  /* Unlike an rsa public key, private key operations will need both
+   * the private and the public information. */
+  mpz_t x;
+};
+
+/* Signing a message works as follows:
+ *
+ * Store the private key in a dsa_private_key struct.
+ *
+ * Initialize a hashing context, by callling
+ *   sha1_init
+ *
+ * Hash the message by calling
+ *   sha1_update
+ *
+ * Create the signature by calling
+ *   dsa_sha1_sign
+ *
+ * The signature is represented as a struct dsa_signature. This call also
+ * resets the hashing context.
+ *
+ * When done with the key and signature, don't forget to call
+ * dsa_signature_clear.
+ */
+
+/* Calls mpz_init to initialize bignum storage. */
+void
+dsa_public_key_init(struct dsa_public_key *key);
+
+/* Calls mpz_clear to deallocate bignum storage. */
+void
+dsa_public_key_clear(struct dsa_public_key *key);
+
+
+/* Calls mpz_init to initialize bignum storage. */
+void
+dsa_private_key_init(struct dsa_private_key *key);
+
+/* Calls mpz_clear to deallocate bignum storage. */
+void
+dsa_private_key_clear(struct dsa_private_key *key);
+
+int
+dsa_sha1_sign(const struct dsa_public_key *pub,
+	      const struct dsa_private_key *key,
+	      void *random_ctx, nettle_random_func *random,
+	      struct sha1_ctx *hash,
+	      struct dsa_signature *signature);
+
+int
+dsa_sha256_sign(const struct dsa_public_key *pub,
+		const struct dsa_private_key *key,
+		void *random_ctx, nettle_random_func *random,
+		struct sha256_ctx *hash,
+		struct dsa_signature *signature);
+
+int
+dsa_sha1_verify(const struct dsa_public_key *key,
+		struct sha1_ctx *hash,
+		const struct dsa_signature *signature);
+
+int
+dsa_sha256_verify(const struct dsa_public_key *key,
+		  struct sha256_ctx *hash,
+		  const struct dsa_signature *signature);
+
+int
+dsa_sha1_sign_digest(const struct dsa_public_key *pub,
+		     const struct dsa_private_key *key,
+		     void *random_ctx, nettle_random_func *random,
+		     const uint8_t *digest,
+		     struct dsa_signature *signature);
+int
+dsa_sha256_sign_digest(const struct dsa_public_key *pub,
+		       const struct dsa_private_key *key,
+		       void *random_ctx, nettle_random_func *random,
+		       const uint8_t *digest,
+		       struct dsa_signature *signature);
+
+int
+dsa_sha1_verify_digest(const struct dsa_public_key *key,
+		       const uint8_t *digest,
+		       const struct dsa_signature *signature);
+
+int
+dsa_sha256_verify_digest(const struct dsa_public_key *key,
+			 const uint8_t *digest,
+			 const struct dsa_signature *signature);
+
+/* Key generation */
+int
+dsa_generate_keypair(struct dsa_public_key *pub,
+		     struct dsa_private_key *key,
+
+		     void *random_ctx, nettle_random_func *random,
+		     void *progress_ctx, nettle_progress_func *progress,
+		     unsigned p_bits, unsigned q_bits);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* NETTLE_DSA_COMPAT_H_INCLUDED */

dsa-keygen.c

@@ -30,7 +30,7 @@
 #include <assert.h>
 #include <stdlib.h>
 
-#include "dsa.h"
+#include "dsa-compat.h"
 
 #include "bignum.h"
 

dsa-sha1-sign.c

@@ -27,7 +27,7 @@
 # include "config.h"
 #endif
 
-#include "dsa.h"
+#include "dsa-compat.h"
 
 int
 dsa_sha1_sign_digest(const struct dsa_public_key *pub,

dsa-sha1-verify.c

@@ -27,7 +27,7 @@
 # include "config.h"
 #endif
 
-#include "dsa.h"
+#include "dsa-compat.h"
 
 int
 dsa_sha1_verify_digest(const struct dsa_public_key *key,

dsa-sha256-sign.c

@@ -27,7 +27,7 @@
 # include "config.h"
 #endif
 
-#include "dsa.h"
+#include "dsa-compat.h"
 
 int
 dsa_sha256_sign_digest(const struct dsa_public_key *pub,

dsa-sha256-verify.c

@@ -27,7 +27,7 @@
 # include "config.h"
 #endif
 
-#include "dsa.h"
+#include "dsa-compat.h"
 
 int
 dsa_sha256_verify_digest(const struct dsa_public_key *key,

dsa.c

-/* dsa.h
+/* dsa.c
  *
  * The DSA publickey algorithm.
  */
@@ -47,34 +47,6 @@ dsa_params_clear (struct dsa_params *params)
   mpz_clear(params->g);
 }
 
-void
-dsa_public_key_init(struct dsa_public_key *key)
-{
-  dsa_params_init ((struct dsa_params *) key);
-  mpz_init(key->y);
-}
-
-void
-dsa_public_key_clear(struct dsa_public_key *key)
-{
-  dsa_params_clear ((struct dsa_params *) key);
-  mpz_clear(key->y);
-}
-
-
-void
-dsa_private_key_init(struct dsa_private_key *key)
-{
-  mpz_init(key->x);
-}
-
-void
-dsa_private_key_clear(struct dsa_private_key *key)
-{
-  mpz_clear(key->x);
-}
-
-
 void
 dsa_signature_init(struct dsa_signature *signature)
 {

dsa.h

@@ -30,9 +30,6 @@
 
 #include "nettle-types.h"
 
-#include "sha1.h"
-#include "sha2.h"
-
 #ifdef __cplusplus
 extern "C" {
 #endif
@@ -40,22 +37,10 @@ extern "C" {
 /* Name mangling */
 #define dsa_params_init nettle_dsa_params_init
 #define dsa_params_clear nettle_dsa_params_clear
-#define dsa_public_key_init nettle_dsa_public_key_init
-#define dsa_public_key_clear nettle_dsa_public_key_clear
-#define dsa_private_key_init nettle_dsa_private_key_init
-#define dsa_private_key_clear nettle_dsa_private_key_clear
 #define dsa_signature_init nettle_dsa_signature_init
 #define dsa_signature_clear nettle_dsa_signature_clear
-#define dsa_sha1_sign nettle_dsa_sha1_sign
-#define dsa_sha1_verify nettle_dsa_sha1_verify
-#define dsa_sha256_sign nettle_dsa_sha256_sign
-#define dsa_sha256_verify nettle_dsa_sha256_verify
 #define dsa_sign nettle_dsa_sign
 #define dsa_verify nettle_dsa_verify
-#define dsa_sha1_sign_digest nettle_dsa_sha1_sign_digest
-#define dsa_sha1_verify_digest nettle_dsa_sha1_verify_digest
-#define dsa_sha256_sign_digest nettle_dsa_sha256_sign_digest
-#define dsa_sha256_verify_digest nettle_dsa_sha256_verify_digest
 #define dsa_generate_params nettle_dsa_generate_params
 #define dsa_generate_keypair nettle_dsa_generate_keypair
 #define dsa_signature_from_sexp nettle_dsa_signature_from_sexp
@@ -96,71 +81,12 @@ dsa_params_init (struct dsa_params *params);
 void
 dsa_params_clear (struct dsa_params *params);
 
-struct dsa_public_key
-{  
-  /* Modulo */
-  mpz_t p;
-
-  /* Group order */
-  mpz_t q;
-
-  /* Generator */
-  mpz_t g;
-  
-  /* Public value */
-  mpz_t y;
-};
-
-struct dsa_private_key
-{
-  /* Unlike an rsa public key, private key operations will need both
-   * the private and the public information. */
-  mpz_t x;
-};
-
 struct dsa_signature
 {
   mpz_t r;
   mpz_t s;
 };
 
-/* Signing a message works as follows:
- *
- * Store the private key in a dsa_private_key struct.
- *
- * Initialize a hashing context, by callling
- *   sha1_init
- *
- * Hash the message by calling
- *   sha1_update
- *
- * Create the signature by calling
- *   dsa_sha1_sign
- *
- * The signature is represented as a struct dsa_signature. This call also
- * resets the hashing context.
- *
- * When done with the key and signature, don't forget to call
- * dsa_signature_clear.
- */
-
-/* Calls mpz_init to initialize bignum storage. */
-void
-dsa_public_key_init(struct dsa_public_key *key);
-
-/* Calls mpz_clear to deallocate bignum storage. */
-void
-dsa_public_key_clear(struct dsa_public_key *key);
-
-
-/* Calls mpz_init to initialize bignum storage. */
-void
-dsa_private_key_init(struct dsa_private_key *key);
-
-/* Calls mpz_clear to deallocate bignum storage. */
-void
-dsa_private_key_clear(struct dsa_private_key *key);
-
 /* Calls mpz_init to initialize bignum storage. */
 void
 dsa_signature_init(struct dsa_signature *signature);
@@ -169,31 +95,6 @@ dsa_signature_init(struct dsa_signature *signature);
 void
 dsa_signature_clear(struct dsa_signature *signature);
 
-
-int
-dsa_sha1_sign(const struct dsa_public_key *pub,
-	      const struct dsa_private_key *key,
-	      void *random_ctx, nettle_random_func *random,
-	      struct sha1_ctx *hash,
-	      struct dsa_signature *signature);
-
-int
-dsa_sha256_sign(const struct dsa_public_key *pub,
-		const struct dsa_private_key *key,
-		void *random_ctx, nettle_random_func *random,
-		struct sha256_ctx *hash,
-		struct dsa_signature *signature);
-
-int
-dsa_sha1_verify(const struct dsa_public_key *key,
-		struct sha1_ctx *hash,
-		const struct dsa_signature *signature);
-
-int
-dsa_sha256_verify(const struct dsa_public_key *key,
-		  struct sha256_ctx *hash,
-		  const struct dsa_signature *signature);
-
 int
 dsa_sign(const struct dsa_params *params,
 	 const mpz_t x,
@@ -209,30 +110,6 @@ dsa_verify(const struct dsa_params *params,
 	   const uint8_t *digest,
 	   const struct dsa_signature *signature);
 
-/* Maybe obsolete these functions? One can just as well call dsa_sign
-   and dsa_verify directly, all that matters is the digest size. */
-int
-dsa_sha1_sign_digest(const struct dsa_public_key *pub,
-		     const struct dsa_private_key *key,
-		     void *random_ctx, nettle_random_func *random,
-		     const uint8_t *digest,
-		     struct dsa_signature *signature);
-int
-dsa_sha256_sign_digest(const struct dsa_public_key *pub,
-		       const struct dsa_private_key *key,
-		       void *random_ctx, nettle_random_func *random,
-		       const uint8_t *digest,
-		       struct dsa_signature *signature);
-
-int
-dsa_sha1_verify_digest(const struct dsa_public_key *key,
-		       const uint8_t *digest,
-		       const struct dsa_signature *signature);
-
-int
-dsa_sha256_verify_digest(const struct dsa_public_key *key,
-			 const uint8_t *digest,
-			 const struct dsa_signature *signature);
 
 /* Key generation */
 
@@ -242,15 +119,6 @@ dsa_generate_params(struct dsa_params *params,
 		    void *progress_ctx, nettle_progress_func *progress,
 		    unsigned p_bits, unsigned q_bits);
 
-int
-dsa_generate_keypair(struct dsa_public_key *pub,
-		     struct dsa_private_key *key,
-
-		     void *random_ctx, nettle_random_func *random,
-
-		     void *progress_ctx, nettle_progress_func *progress,
-		     unsigned p_bits, unsigned q_bits);
-
 /* Keys in sexp form. */
 
 struct nettle_buffer;
@@ -302,7 +170,7 @@ struct asn1_der_iterator;
 int
 dsa_params_from_der_iterator(struct dsa_params *params,
 			     unsigned max_bits, unsigned q_bits,
- 			     struct asn1_der_iterator *i);
+			     struct asn1_der_iterator *i);
 
 int
 dsa_public_key_from_der_iterator(const struct dsa_params *params,
@@ -320,7 +188,7 @@ int
 dsa_openssl_private_key_from_der(struct dsa_params *params,
 				 mpz_t pub,
 				 mpz_t priv,
-				 unsigned p_max_bits, 
+				 unsigned p_max_bits,
 				 size_t length, const uint8_t *data);
 
 

testsuite/testutils.h

@@ -18,7 +18,7 @@
 
 #if WITH_HOGWEED
 # include "rsa.h"
-# include "dsa.h"
+# include "dsa-compat.h"
 # include "ecc-curve.h"
 # include "ecc.h"
 # include "ecc-internal.h"