dsa.h 8.76 KB
Newer Older
Niels Möller's avatar
Niels Möller committed
1 2 3 4 5 6 7
/* dsa.h
 *
 * The DSA publickey algorithm.
 */

/* nettle, low-level cryptographics library
 *
8
 * Copyright (C) 2002, 2013, 2014 Niels Möller
Niels Möller's avatar
Niels Möller committed
9 10 11 12 13 14 15 16 17 18 19 20 21
 *  
 * The nettle library is free software; you can redistribute it and/or modify
 * it under the terms of the GNU Lesser General Public License as published by
 * the Free Software Foundation; either version 2.1 of the License, or (at your
 * option) any later version.
 * 
 * The nettle library is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
 * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public
 * License for more details.
 * 
 * You should have received a copy of the GNU Lesser General Public License
 * along with the nettle library; see the file COPYING.LIB.  If not, write to
22 23
 * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
 * MA 02111-1301, USA.
Niels Möller's avatar
Niels Möller committed
24 25 26 27 28 29 30
 */
 
#ifndef NETTLE_DSA_H_INCLUDED
#define NETTLE_DSA_H_INCLUDED

#include <gmp.h>

31 32
#include "nettle-types.h"

33 34
#include "sha1.h"
#include "sha2.h"
Niels Möller's avatar
Niels Möller committed
35

Niels Möller's avatar
Niels Möller committed
36 37 38 39
#ifdef __cplusplus
extern "C" {
#endif

40
/* Name mangling */
41 42
#define dsa_params_init nettle_dsa_params_init
#define dsa_params_clear nettle_dsa_params_clear
43 44 45 46 47 48
#define dsa_public_key_init nettle_dsa_public_key_init
#define dsa_public_key_clear nettle_dsa_public_key_clear
#define dsa_private_key_init nettle_dsa_private_key_init
#define dsa_private_key_clear nettle_dsa_private_key_clear
#define dsa_signature_init nettle_dsa_signature_init
#define dsa_signature_clear nettle_dsa_signature_clear
49 50 51 52
#define dsa_sha1_sign nettle_dsa_sha1_sign
#define dsa_sha1_verify nettle_dsa_sha1_verify
#define dsa_sha256_sign nettle_dsa_sha256_sign
#define dsa_sha256_verify nettle_dsa_sha256_verify
53 54
#define dsa_sign nettle_dsa_sign
#define dsa_verify nettle_dsa_verify
55 56 57 58
#define dsa_sha1_sign_digest nettle_dsa_sha1_sign_digest
#define dsa_sha1_verify_digest nettle_dsa_sha1_verify_digest
#define dsa_sha256_sign_digest nettle_dsa_sha256_sign_digest
#define dsa_sha256_verify_digest nettle_dsa_sha256_verify_digest
59 60
#define dsa_generate_keypair nettle_dsa_generate_keypair
#define dsa_signature_from_sexp nettle_dsa_signature_from_sexp
61
#define dsa_keypair_to_sexp nettle_dsa_keypair_to_sexp
62
#define dsa_keypair_from_sexp_alist nettle_dsa_keypair_from_sexp_alist
63 64
#define dsa_sha1_keypair_from_sexp nettle_dsa_sha1_keypair_from_sexp
#define dsa_sha256_keypair_from_sexp nettle_dsa_sha256_keypair_from_sexp
65 66 67 68
#define dsa_params_from_der_iterator nettle_dsa_params_from_der_iterator
#define dsa_public_key_from_der_iterator nettle_dsa_public_key_from_der_iterator
#define dsa_openssl_private_key_from_der_iterator nettle_dsa_openssl_private_key_from_der_iterator 
#define dsa_openssl_private_key_from_der nettle_openssl_provate_key_from_der
69
#define _dsa_hash _nettle_dsa_hash
70

71
/* For FIPS approved parameters */
72 73 74
#define DSA_SHA1_MIN_P_BITS 512
#define DSA_SHA1_Q_OCTETS 20
#define DSA_SHA1_Q_BITS 160
Niels Möller's avatar
Niels Möller committed
75

76 77 78
#define DSA_SHA256_MIN_P_BITS 1024
#define DSA_SHA256_Q_OCTETS 32
#define DSA_SHA256_Q_BITS 256
79 80 81 82 83 84 85 86 87 88 89 90 91

struct dsa_params
{  
  /* Modulo */
  mpz_t p;

  /* Group order */
  mpz_t q;

  /* Generator */
  mpz_t g;
};

92 93 94 95 96 97
void
dsa_params_init (struct dsa_params *params);

void
dsa_params_clear (struct dsa_params *params);

Niels Möller's avatar
Niels Möller committed
98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114
struct dsa_public_key
{  
  /* Modulo */
  mpz_t p;

  /* Group order */
  mpz_t q;

  /* Generator */
  mpz_t g;
  
  /* Public value */
  mpz_t y;
};

struct dsa_private_key
{
115 116
  /* Unlike an rsa public key, private key operations will need both
   * the private and the public information. */
Niels Möller's avatar
Niels Möller committed
117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136
  mpz_t x;
};

struct dsa_signature
{
  mpz_t r;
  mpz_t s;
};

/* Signing a message works as follows:
 *
 * Store the private key in a dsa_private_key struct.
 *
 * Initialize a hashing context, by callling
 *   sha1_init
 *
 * Hash the message by calling
 *   sha1_update
 *
 * Create the signature by calling
Niels Möller's avatar
Niels Möller committed
137
 *   dsa_sha1_sign
Niels Möller's avatar
Niels Möller committed
138
 *
Niels Möller's avatar
Niels Möller committed
139
 * The signature is represented as a struct dsa_signature. This call also
Niels Möller's avatar
Niels Möller committed
140 141 142
 * resets the hashing context.
 *
 * When done with the key and signature, don't forget to call
Niels Möller's avatar
Niels Möller committed
143
 * dsa_signature_clear.
Niels Möller's avatar
Niels Möller committed
144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172
 */

/* Calls mpz_init to initialize bignum storage. */
void
dsa_public_key_init(struct dsa_public_key *key);

/* Calls mpz_clear to deallocate bignum storage. */
void
dsa_public_key_clear(struct dsa_public_key *key);


/* Calls mpz_init to initialize bignum storage. */
void
dsa_private_key_init(struct dsa_private_key *key);

/* Calls mpz_clear to deallocate bignum storage. */
void
dsa_private_key_clear(struct dsa_private_key *key);

/* Calls mpz_init to initialize bignum storage. */
void
dsa_signature_init(struct dsa_signature *signature);

/* Calls mpz_clear to deallocate bignum storage. */
void
dsa_signature_clear(struct dsa_signature *signature);


int
173 174
dsa_sha1_sign(const struct dsa_public_key *pub,
	      const struct dsa_private_key *key,
175
	      void *random_ctx, nettle_random_func *random,
176 177
	      struct sha1_ctx *hash,
	      struct dsa_signature *signature);
Niels Möller's avatar
Niels Möller committed
178

179 180
int
dsa_sha256_sign(const struct dsa_public_key *pub,
181
		const struct dsa_private_key *key,
182
		void *random_ctx, nettle_random_func *random,
183
		struct sha256_ctx *hash,
184 185 186
		struct dsa_signature *signature);

int
187 188 189 190 191 192 193
dsa_sha1_verify(const struct dsa_public_key *key,
		struct sha1_ctx *hash,
		const struct dsa_signature *signature);

int
dsa_sha256_verify(const struct dsa_public_key *key,
		  struct sha256_ctx *hash,
194 195
		  const struct dsa_signature *signature);

196
int
197 198
dsa_sign(const struct dsa_params *params,
	 const mpz_t x,
199 200 201 202 203 204
	 void *random_ctx, nettle_random_func *random,
	 size_t digest_size,
	 const uint8_t *digest,
	 struct dsa_signature *signature);

int
205 206
dsa_verify(const struct dsa_params *params,
	   const mpz_t y,
207 208 209 210 211 212 213
	   size_t digest_size,
	   const uint8_t *digest,
	   const struct dsa_signature *signature);

/* Maybe obsolete these functions? One can just as well call dsa_sign
   and dsa_verify directly, all that matters is the digest size. */
int
214 215
dsa_sha1_sign_digest(const struct dsa_public_key *pub,
		     const struct dsa_private_key *key,
216
		     void *random_ctx, nettle_random_func *random,
217 218 219 220 221
		     const uint8_t *digest,
		     struct dsa_signature *signature);
int
dsa_sha256_sign_digest(const struct dsa_public_key *pub,
		       const struct dsa_private_key *key,
222
		       void *random_ctx, nettle_random_func *random,
223 224 225 226 227 228 229 230 231 232 233 234 235
		       const uint8_t *digest,
		       struct dsa_signature *signature);

int
dsa_sha1_verify_digest(const struct dsa_public_key *key,
		       const uint8_t *digest,
		       const struct dsa_signature *signature);

int
dsa_sha256_verify_digest(const struct dsa_public_key *key,
			 const uint8_t *digest,
			 const struct dsa_signature *signature);

Niels Möller's avatar
Niels Möller committed
236 237 238 239 240 241
/* Key generation */

int
dsa_generate_keypair(struct dsa_public_key *pub,
		     struct dsa_private_key *key,

242
		     void *random_ctx, nettle_random_func *random,
Niels Möller's avatar
Niels Möller committed
243

244
		     void *progress_ctx, nettle_progress_func *progress,
245
		     unsigned p_bits, unsigned q_bits);
Niels Möller's avatar
Niels Möller committed
246

247 248 249 250 251 252 253 254
/* Keys in sexp form. */

struct nettle_buffer;

/* Generates a public-key expression if PRIV is NULL .*/
int
dsa_keypair_to_sexp(struct nettle_buffer *buffer,
		    const char *algorithm_name, /* NULL means "dsa" */
255 256 257
		    const struct dsa_params *params,
		    const mpz_t pub,
		    const mpz_t priv);
258

259 260
struct sexp_iterator;

261 262
int
dsa_signature_from_sexp(struct dsa_signature *rs,
263 264
			struct sexp_iterator *i,
			unsigned q_bits);
265

266
int
267 268 269
dsa_keypair_from_sexp_alist(struct dsa_params *params,
			    mpz_t pub,
			    mpz_t priv,
270 271
			    unsigned p_max_bits,
			    unsigned q_bits,
272 273 274 275 276 277 278
			    struct sexp_iterator *i);

/* If PRIV is NULL, expect a public-key expression. If PUB is NULL,
 * expect a private key expression and ignore the parts not needed for
 * the public key. */
/* Keys must be initialized before calling this function, as usual. */
int
279 280 281
dsa_sha1_keypair_from_sexp(struct dsa_params *params,
			   mpz_t pub,
			   mpz_t priv,
282
			   unsigned p_max_bits,
283
			   size_t length, const uint8_t *expr);
284 285

int
286 287 288
dsa_sha256_keypair_from_sexp(struct dsa_params *params,
			     mpz_t pub,
			     mpz_t priv,
289
			     unsigned p_max_bits,
290
			     size_t length, const uint8_t *expr);
291

292 293 294 295
/* Keys in X.509 andd OpenSSL format. */
struct asn1_der_iterator;

int
296
dsa_params_from_der_iterator(struct dsa_public_key *pub,
297
			     unsigned p_max_bits,
298 299 300
			     struct asn1_der_iterator *i);
int
dsa_public_key_from_der_iterator(struct dsa_public_key *pub,
301
				 unsigned p_max_bits,
302
				 struct asn1_der_iterator *i);
303 304

int
305 306
dsa_openssl_private_key_from_der_iterator(struct dsa_public_key *pub,
					  struct dsa_private_key *priv,
307
					  unsigned p_max_bits,
308
					  struct asn1_der_iterator *i);
309 310

int
311 312
dsa_openssl_private_key_from_der(struct dsa_public_key *pub,
				 struct dsa_private_key *priv,
313
				 unsigned p_max_bits, 
Niels Möller's avatar
Niels Möller committed
314
				 size_t length, const uint8_t *data);
315

316

317
/* Internal functions. */
318 319 320 321
void
_dsa_hash (mpz_t h, unsigned bit_size,
	   size_t length, const uint8_t *digest);

Niels Möller's avatar
Niels Möller committed
322 323 324 325
#ifdef __cplusplus
}
#endif

Niels Möller's avatar
Niels Möller committed
326
#endif /* NETTLE_DSA_H_INCLUDED */