dsa.h 8.16 KB
Newer Older
Niels Möller's avatar
Niels Möller committed
1
2
3
4
5
6
7
/* dsa.h
 *
 * The DSA publickey algorithm.
 */

/* nettle, low-level cryptographics library
 *
Niels Möller's avatar
Niels Möller committed
8
 * Copyright (C) 2002 Niels Möller
Niels Möller's avatar
Niels Möller committed
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
 *  
 * The nettle library is free software; you can redistribute it and/or modify
 * it under the terms of the GNU Lesser General Public License as published by
 * the Free Software Foundation; either version 2.1 of the License, or (at your
 * option) any later version.
 * 
 * The nettle library is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
 * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public
 * License for more details.
 * 
 * You should have received a copy of the GNU Lesser General Public License
 * along with the nettle library; see the file COPYING.LIB.  If not, write to
 * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
 * MA 02111-1307, USA.
 */
 
#ifndef NETTLE_DSA_H_INCLUDED
#define NETTLE_DSA_H_INCLUDED

#include <gmp.h>

31
32
#include "nettle-types.h"

Niels Möller's avatar
Niels Möller committed
33
34
#include "sha.h"

Niels Möller's avatar
Niels Möller committed
35
36
37
38
#ifdef __cplusplus
extern "C" {
#endif

39
40
41
42
43
44
45
/* Name mangling */
#define dsa_public_key_init nettle_dsa_public_key_init
#define dsa_public_key_clear nettle_dsa_public_key_clear
#define dsa_private_key_init nettle_dsa_private_key_init
#define dsa_private_key_clear nettle_dsa_private_key_clear
#define dsa_signature_init nettle_dsa_signature_init
#define dsa_signature_clear nettle_dsa_signature_clear
46
47
48
49
50
51
52
53
#define dsa_sha1_sign nettle_dsa_sha1_sign
#define dsa_sha1_verify nettle_dsa_sha1_verify
#define dsa_sha256_sign nettle_dsa_sha256_sign
#define dsa_sha256_verify nettle_dsa_sha256_verify
#define dsa_sha1_sign_digest nettle_dsa_sha1_sign_digest
#define dsa_sha1_verify_digest nettle_dsa_sha1_verify_digest
#define dsa_sha256_sign_digest nettle_dsa_sha256_sign_digest
#define dsa_sha256_verify_digest nettle_dsa_sha256_verify_digest
54
55
#define dsa_generate_keypair nettle_dsa_generate_keypair
#define dsa_signature_from_sexp nettle_dsa_signature_from_sexp
56
#define dsa_keypair_to_sexp nettle_dsa_keypair_to_sexp
57
#define dsa_keypair_from_sexp_alist nettle_dsa_keypair_from_sexp_alist
58
59
#define dsa_sha1_keypair_from_sexp nettle_dsa_sha1_keypair_from_sexp
#define dsa_sha256_keypair_from_sexp nettle_dsa_sha256_keypair_from_sexp
60
61
62
63
#define dsa_params_from_der_iterator nettle_dsa_params_from_der_iterator
#define dsa_public_key_from_der_iterator nettle_dsa_public_key_from_der_iterator
#define dsa_openssl_private_key_from_der_iterator nettle_dsa_openssl_private_key_from_der_iterator 
#define dsa_openssl_private_key_from_der nettle_openssl_provate_key_from_der
64
65
#define _dsa_sign _nettle_dsa_sign
#define _dsa_verify _nettle_dsa_verify
66

67
68
69
#define DSA_SHA1_MIN_P_BITS 512
#define DSA_SHA1_Q_OCTETS 20
#define DSA_SHA1_Q_BITS 160
Niels Möller's avatar
Niels Möller committed
70

71
72
73
74
#define DSA_SHA256_MIN_P_BITS 1024
#define DSA_SHA256_Q_OCTETS 32
#define DSA_SHA256_Q_BITS 256
  
Niels Möller's avatar
Niels Möller committed
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
struct dsa_public_key
{  
  /* Modulo */
  mpz_t p;

  /* Group order */
  mpz_t q;

  /* Generator */
  mpz_t g;
  
  /* Public value */
  mpz_t y;
};

struct dsa_private_key
{
92
93
  /* Unlike an rsa public key, private key operations will need both
   * the private and the public information. */
Niels Möller's avatar
Niels Möller committed
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
  mpz_t x;
};

struct dsa_signature
{
  mpz_t r;
  mpz_t s;
};

/* Signing a message works as follows:
 *
 * Store the private key in a dsa_private_key struct.
 *
 * Initialize a hashing context, by callling
 *   sha1_init
 *
 * Hash the message by calling
 *   sha1_update
 *
 * Create the signature by calling
Niels Möller's avatar
Niels Möller committed
114
 *   dsa_sha1_sign
Niels Möller's avatar
Niels Möller committed
115
 *
Niels Möller's avatar
Niels Möller committed
116
 * The signature is represented as a struct dsa_signature. This call also
Niels Möller's avatar
Niels Möller committed
117
118
119
 * resets the hashing context.
 *
 * When done with the key and signature, don't forget to call
Niels Möller's avatar
Niels Möller committed
120
 * dsa_signature_clear.
Niels Möller's avatar
Niels Möller committed
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
 */

/* Calls mpz_init to initialize bignum storage. */
void
dsa_public_key_init(struct dsa_public_key *key);

/* Calls mpz_clear to deallocate bignum storage. */
void
dsa_public_key_clear(struct dsa_public_key *key);


/* Calls mpz_init to initialize bignum storage. */
void
dsa_private_key_init(struct dsa_private_key *key);

/* Calls mpz_clear to deallocate bignum storage. */
void
dsa_private_key_clear(struct dsa_private_key *key);

/* Calls mpz_init to initialize bignum storage. */
void
dsa_signature_init(struct dsa_signature *signature);

/* Calls mpz_clear to deallocate bignum storage. */
void
dsa_signature_clear(struct dsa_signature *signature);


int
150
151
dsa_sha1_sign(const struct dsa_public_key *pub,
	      const struct dsa_private_key *key,
152
	      void *random_ctx, nettle_random_func *random,
153
154
	      struct sha1_ctx *hash,
	      struct dsa_signature *signature);
Niels Möller's avatar
Niels Möller committed
155

156
157
int
dsa_sha256_sign(const struct dsa_public_key *pub,
158
		const struct dsa_private_key *key,
159
		void *random_ctx, nettle_random_func *random,
160
		struct sha256_ctx *hash,
161
162
163
		struct dsa_signature *signature);

int
164
165
166
167
168
169
170
dsa_sha1_verify(const struct dsa_public_key *key,
		struct sha1_ctx *hash,
		const struct dsa_signature *signature);

int
dsa_sha256_verify(const struct dsa_public_key *key,
		  struct sha256_ctx *hash,
171
172
		  const struct dsa_signature *signature);

173
174
175
int
dsa_sha1_sign_digest(const struct dsa_public_key *pub,
		     const struct dsa_private_key *key,
176
		     void *random_ctx, nettle_random_func *random,
177
178
179
180
181
		     const uint8_t *digest,
		     struct dsa_signature *signature);
int
dsa_sha256_sign_digest(const struct dsa_public_key *pub,
		       const struct dsa_private_key *key,
182
		       void *random_ctx, nettle_random_func *random,
183
184
185
186
187
188
189
190
191
192
193
194
195
		       const uint8_t *digest,
		       struct dsa_signature *signature);

int
dsa_sha1_verify_digest(const struct dsa_public_key *key,
		       const uint8_t *digest,
		       const struct dsa_signature *signature);

int
dsa_sha256_verify_digest(const struct dsa_public_key *key,
			 const uint8_t *digest,
			 const struct dsa_signature *signature);

Niels Möller's avatar
Niels Möller committed
196
197
198
199
200
201
/* Key generation */

int
dsa_generate_keypair(struct dsa_public_key *pub,
		     struct dsa_private_key *key,

202
		     void *random_ctx, nettle_random_func *random,
Niels Möller's avatar
Niels Möller committed
203

204
		     void *progress_ctx, nettle_progress_func *progress,
205
		     unsigned p_bits, unsigned q_bits);
Niels Möller's avatar
Niels Möller committed
206

207
208
209
210
211
212
213
214
215
216
217
/* Keys in sexp form. */

struct nettle_buffer;

/* Generates a public-key expression if PRIV is NULL .*/
int
dsa_keypair_to_sexp(struct nettle_buffer *buffer,
		    const char *algorithm_name, /* NULL means "dsa" */
		    const struct dsa_public_key *pub,
		    const struct dsa_private_key *priv);

218
219
struct sexp_iterator;

220
221
int
dsa_signature_from_sexp(struct dsa_signature *rs,
222
223
			struct sexp_iterator *i,
			unsigned q_bits);
224

225
226
227
int
dsa_keypair_from_sexp_alist(struct dsa_public_key *pub,
			    struct dsa_private_key *priv,
228
229
			    unsigned p_max_bits,
			    unsigned q_bits,
230
231
232
233
234
235
236
			    struct sexp_iterator *i);

/* If PRIV is NULL, expect a public-key expression. If PUB is NULL,
 * expect a private key expression and ignore the parts not needed for
 * the public key. */
/* Keys must be initialized before calling this function, as usual. */
int
237
238
239
240
241
242
243
244
245
246
dsa_sha1_keypair_from_sexp(struct dsa_public_key *pub,
			   struct dsa_private_key *priv,
			   unsigned p_max_bits,
			   unsigned length, const uint8_t *expr);

int
dsa_sha256_keypair_from_sexp(struct dsa_public_key *pub,
			     struct dsa_private_key *priv,
			     unsigned p_max_bits,
			     unsigned length, const uint8_t *expr);
247

248
249
250
251
/* Keys in X.509 andd OpenSSL format. */
struct asn1_der_iterator;

int
252
dsa_params_from_der_iterator(struct dsa_public_key *pub,
253
			     unsigned p_max_bits,
254
255
256
			     struct asn1_der_iterator *i);
int
dsa_public_key_from_der_iterator(struct dsa_public_key *pub,
257
				 unsigned p_max_bits,
258
				 struct asn1_der_iterator *i);
259
260

int
261
262
dsa_openssl_private_key_from_der_iterator(struct dsa_public_key *pub,
					  struct dsa_private_key *priv,
263
					  unsigned p_max_bits,
264
					  struct asn1_der_iterator *i);
265
266

int
267
268
dsa_openssl_private_key_from_der(struct dsa_public_key *pub,
				 struct dsa_private_key *priv,
269
				 unsigned p_max_bits, 
270
				 unsigned length, const uint8_t *data);
271

272

273
274
275
276
/* Internal functions. */
int
_dsa_sign(const struct dsa_public_key *pub,
	  const struct dsa_private_key *key,
277
	  void *random_ctx, nettle_random_func *random,
278
279
280
281
282
283
284
285
286
287
	  unsigned digest_size,
	  const uint8_t *digest,
	  struct dsa_signature *signature);

int
_dsa_verify(const struct dsa_public_key *key,
	    unsigned digest_size,
	    const uint8_t *digest,
	    const struct dsa_signature *signature);

Niels Möller's avatar
Niels Möller committed
288
289
290
291
#ifdef __cplusplus
}
#endif

Niels Möller's avatar
Niels Möller committed
292
#endif /* NETTLE_DSA_H_INCLUDED */