From 0835be21d95b7483e9e8f7fc193b040f702d8aaa Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Niels=20M=C3=B6ller?= <nisse@lysator.liu.se>
Date: Thu, 27 Mar 2014 19:05:13 +0100
Subject: [PATCH] Move old DSA interface to dsa-compat.h.
---
ChangeLog | 9 +++
Makefile.in | 5 +-
dsa-compat.c | 58 ++++++++++++++
dsa-compat.h | 176 ++++++++++++++++++++++++++++++++++++++++++
dsa-keygen.c | 2 +-
dsa-sha1-sign.c | 2 +-
dsa-sha1-verify.c | 2 +-
dsa-sha256-sign.c | 2 +-
dsa-sha256-verify.c | 2 +-
dsa.c | 30 +------
dsa.h | 136 +-------------------------------
testsuite/testutils.h | 2 +-
12 files changed, 255 insertions(+), 171 deletions(-)
create mode 100644 dsa-compat.c
create mode 100644 dsa-compat.h
diff --git a/ChangeLog b/ChangeLog
index 90ad53a8..5d77d60d 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,14 @@
2014-03-27 Niels Möller <nisse@lysator.liu.se>
+ * dsa-compat.c (dsa_public_key_init, dsa_public_key_clear)
+ (dsa_private_key_init, dsa_private_key_clear): : Move deprecated
+ DSA functions to a separate file...
+ * dsa.c: ...from here.
+ * dsa-compat.h: New file, declaring deprecated DSA interface.
+ Include in corresponding C files.
+ * Makefile.in (hogweed_SOURCES): Add dsa-compat.c.
+ (HEADERS): Add dsa-compat.h.
+
* dsa-gen-params.c (dsa_generate_params): New file and function,
extracted from DSA key generation.
* dsa-keygen.c (dsa_generate_keypair): Use dsa_generate_params.
diff --git a/Makefile.in b/Makefile.in
index 0faae075..fe9936b0 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -148,7 +148,7 @@ hogweed_SOURCES = sexp.c sexp-format.c \
rsa-encrypt.c rsa-decrypt.c rsa-decrypt-tr.c \
rsa-keygen.c rsa-compat.c rsa-blind.c \
rsa2sexp.c sexp2rsa.c \
- dsa.c dsa-gen-params.c \
+ dsa.c dsa-compat.c dsa-gen-params.c \
dsa-sign.c dsa-verify.c dsa-keygen.c dsa-hash.c \
dsa-sha1-sign.c dsa-sha1-verify.c \
dsa-sha256-sign.c dsa-sha256-verify.c \
@@ -170,7 +170,8 @@ hogweed_SOURCES = sexp.c sexp-format.c \
HEADERS = aes.h arcfour.h arctwo.h asn1.h bignum.h blowfish.h \
base16.h base64.h buffer.h camellia.h cast128.h \
cbc.h ccm.h chacha.h chacha-poly1305.h ctr.h \
- des.h des-compat.h dsa.h eax.h ecc-curve.h ecc.h ecdsa.h \
+ des.h des-compat.h dsa.h dsa-compat.h eax.h \
+ ecc-curve.h ecc.h ecdsa.h \
gcm.h gosthash94.h hmac.h \
knuth-lfib.h \
macros.h \
diff --git a/dsa-compat.c b/dsa-compat.c
new file mode 100644
index 00000000..35e309e2
--- /dev/null
+++ b/dsa-compat.c
@@ -0,0 +1,58 @@
+/* dsa-compat.c
+ *
+ * The DSA publickey algorithm, old interface.
+ */
+
+
+/* nettle, low-level cryptographics library
+ *
+ * Copyright (C) 2002 Niels Möller
+ *
+ * The nettle library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ *
+ * The nettle library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the nettle library; see the file COPYING.LIB. If not, write to
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
+ */
+
+#if HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include "dsa-compat.h"
+
+void
+dsa_public_key_init(struct dsa_public_key *key)
+{
+ dsa_params_init ((struct dsa_params *) key);
+ mpz_init(key->y);
+}
+
+void
+dsa_public_key_clear(struct dsa_public_key *key)
+{
+ dsa_params_clear ((struct dsa_params *) key);
+ mpz_clear(key->y);
+}
+
+
+void
+dsa_private_key_init(struct dsa_private_key *key)
+{
+ mpz_init(key->x);
+}
+
+void
+dsa_private_key_clear(struct dsa_private_key *key)
+{
+ mpz_clear(key->x);
+}
diff --git a/dsa-compat.h b/dsa-compat.h
new file mode 100644
index 00000000..427c15d8
--- /dev/null
+++ b/dsa-compat.h
@@ -0,0 +1,176 @@
+/* dsa-compat.h
+ *
+ * Old DSA publickey interface.
+ */
+
+/* nettle, low-level cryptographics library
+ *
+ * Copyright (C) 2002, 2013, 2014 Niels Möller
+ *
+ * The nettle library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ *
+ * The nettle library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the nettle library; see the file COPYING.LIB. If not, write to
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
+ */
+
+#ifndef NETTLE_DSA_COMPAT_H_INCLUDED
+#define NETTLE_DSA_COMPAT_H_INCLUDED
+
+#include "dsa.h"
+
+#include "sha1.h"
+#include "sha2.h"
+
+/* Name mangling */
+#define dsa_public_key_init nettle_dsa_public_key_init
+#define dsa_public_key_clear nettle_dsa_public_key_clear
+#define dsa_private_key_init nettle_dsa_private_key_init
+#define dsa_private_key_clear nettle_dsa_private_key_clear
+#define dsa_sha1_sign nettle_dsa_sha1_sign
+#define dsa_sha1_verify nettle_dsa_sha1_verify
+#define dsa_sha256_sign nettle_dsa_sha256_sign
+#define dsa_sha256_verify nettle_dsa_sha256_verify
+#define dsa_sha1_sign_digest nettle_dsa_sha1_sign_digest
+#define dsa_sha1_verify_digest nettle_dsa_sha1_verify_digest
+#define dsa_sha256_sign_digest nettle_dsa_sha256_sign_digest
+#define dsa_sha256_verify_digest nettle_dsa_sha256_verify_digest
+#define dsa_compat_generate_keypair nettle_dsa_compat_generate_keypair
+
+/* Switch meaning of dsa_generate_keypair */
+#undef dsa_generate_keypair
+#define dsa_generate_keypair nettle_dsa_compat_generate_keypair
+#define dsa_generate_keypair_new nettle_dsa_generate_keypair
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+struct dsa_public_key
+{
+ /* Same as struct dsa_params, but can't use that struct here without
+ breaking backwards compatibility. Layout must be identical, since
+ this is cast to a struct dsa_param pointer for calling _dsa_sign
+ and _dsa_verify */
+ mpz_t p;
+ mpz_t q;
+ mpz_t g;
+
+ /* Public value */
+ mpz_t y;
+};
+
+struct dsa_private_key
+{
+ /* Unlike an rsa public key, private key operations will need both
+ * the private and the public information. */
+ mpz_t x;
+};
+
+/* Signing a message works as follows:
+ *
+ * Store the private key in a dsa_private_key struct.
+ *
+ * Initialize a hashing context, by callling
+ * sha1_init
+ *
+ * Hash the message by calling
+ * sha1_update
+ *
+ * Create the signature by calling
+ * dsa_sha1_sign
+ *
+ * The signature is represented as a struct dsa_signature. This call also
+ * resets the hashing context.
+ *
+ * When done with the key and signature, don't forget to call
+ * dsa_signature_clear.
+ */
+
+/* Calls mpz_init to initialize bignum storage. */
+void
+dsa_public_key_init(struct dsa_public_key *key);
+
+/* Calls mpz_clear to deallocate bignum storage. */
+void
+dsa_public_key_clear(struct dsa_public_key *key);
+
+
+/* Calls mpz_init to initialize bignum storage. */
+void
+dsa_private_key_init(struct dsa_private_key *key);
+
+/* Calls mpz_clear to deallocate bignum storage. */
+void
+dsa_private_key_clear(struct dsa_private_key *key);
+
+int
+dsa_sha1_sign(const struct dsa_public_key *pub,
+ const struct dsa_private_key *key,
+ void *random_ctx, nettle_random_func *random,
+ struct sha1_ctx *hash,
+ struct dsa_signature *signature);
+
+int
+dsa_sha256_sign(const struct dsa_public_key *pub,
+ const struct dsa_private_key *key,
+ void *random_ctx, nettle_random_func *random,
+ struct sha256_ctx *hash,
+ struct dsa_signature *signature);
+
+int
+dsa_sha1_verify(const struct dsa_public_key *key,
+ struct sha1_ctx *hash,
+ const struct dsa_signature *signature);
+
+int
+dsa_sha256_verify(const struct dsa_public_key *key,
+ struct sha256_ctx *hash,
+ const struct dsa_signature *signature);
+
+int
+dsa_sha1_sign_digest(const struct dsa_public_key *pub,
+ const struct dsa_private_key *key,
+ void *random_ctx, nettle_random_func *random,
+ const uint8_t *digest,
+ struct dsa_signature *signature);
+int
+dsa_sha256_sign_digest(const struct dsa_public_key *pub,
+ const struct dsa_private_key *key,
+ void *random_ctx, nettle_random_func *random,
+ const uint8_t *digest,
+ struct dsa_signature *signature);
+
+int
+dsa_sha1_verify_digest(const struct dsa_public_key *key,
+ const uint8_t *digest,
+ const struct dsa_signature *signature);
+
+int
+dsa_sha256_verify_digest(const struct dsa_public_key *key,
+ const uint8_t *digest,
+ const struct dsa_signature *signature);
+
+/* Key generation */
+int
+dsa_generate_keypair(struct dsa_public_key *pub,
+ struct dsa_private_key *key,
+
+ void *random_ctx, nettle_random_func *random,
+ void *progress_ctx, nettle_progress_func *progress,
+ unsigned p_bits, unsigned q_bits);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* NETTLE_DSA_COMPAT_H_INCLUDED */
diff --git a/dsa-keygen.c b/dsa-keygen.c
index 36339fd9..794810dd 100644
--- a/dsa-keygen.c
+++ b/dsa-keygen.c
@@ -30,7 +30,7 @@
#include <assert.h>
#include <stdlib.h>
-#include "dsa.h"
+#include "dsa-compat.h"
#include "bignum.h"
diff --git a/dsa-sha1-sign.c b/dsa-sha1-sign.c
index f2c8959e..7b831d07 100644
--- a/dsa-sha1-sign.c
+++ b/dsa-sha1-sign.c
@@ -27,7 +27,7 @@
# include "config.h"
#endif
-#include "dsa.h"
+#include "dsa-compat.h"
int
dsa_sha1_sign_digest(const struct dsa_public_key *pub,
diff --git a/dsa-sha1-verify.c b/dsa-sha1-verify.c
index 4cc2931a..44046a54 100644
--- a/dsa-sha1-verify.c
+++ b/dsa-sha1-verify.c
@@ -27,7 +27,7 @@
# include "config.h"
#endif
-#include "dsa.h"
+#include "dsa-compat.h"
int
dsa_sha1_verify_digest(const struct dsa_public_key *key,
diff --git a/dsa-sha256-sign.c b/dsa-sha256-sign.c
index 1bb7cb82..cb187fcf 100644
--- a/dsa-sha256-sign.c
+++ b/dsa-sha256-sign.c
@@ -27,7 +27,7 @@
# include "config.h"
#endif
-#include "dsa.h"
+#include "dsa-compat.h"
int
dsa_sha256_sign_digest(const struct dsa_public_key *pub,
diff --git a/dsa-sha256-verify.c b/dsa-sha256-verify.c
index 7823d44d..a9c64cde 100644
--- a/dsa-sha256-verify.c
+++ b/dsa-sha256-verify.c
@@ -27,7 +27,7 @@
# include "config.h"
#endif
-#include "dsa.h"
+#include "dsa-compat.h"
int
dsa_sha256_verify_digest(const struct dsa_public_key *key,
diff --git a/dsa.c b/dsa.c
index cf036365..8b07c177 100644
--- a/dsa.c
+++ b/dsa.c
@@ -1,4 +1,4 @@
-/* dsa.h
+/* dsa.c
*
* The DSA publickey algorithm.
*/
@@ -47,34 +47,6 @@ dsa_params_clear (struct dsa_params *params)
mpz_clear(params->g);
}
-void
-dsa_public_key_init(struct dsa_public_key *key)
-{
- dsa_params_init ((struct dsa_params *) key);
- mpz_init(key->y);
-}
-
-void
-dsa_public_key_clear(struct dsa_public_key *key)
-{
- dsa_params_clear ((struct dsa_params *) key);
- mpz_clear(key->y);
-}
-
-
-void
-dsa_private_key_init(struct dsa_private_key *key)
-{
- mpz_init(key->x);
-}
-
-void
-dsa_private_key_clear(struct dsa_private_key *key)
-{
- mpz_clear(key->x);
-}
-
-
void
dsa_signature_init(struct dsa_signature *signature)
{
diff --git a/dsa.h b/dsa.h
index d0d9ce7b..4f15e784 100644
--- a/dsa.h
+++ b/dsa.h
@@ -30,9 +30,6 @@
#include "nettle-types.h"
-#include "sha1.h"
-#include "sha2.h"
-
#ifdef __cplusplus
extern "C" {
#endif
@@ -40,22 +37,10 @@ extern "C" {
/* Name mangling */
#define dsa_params_init nettle_dsa_params_init
#define dsa_params_clear nettle_dsa_params_clear
-#define dsa_public_key_init nettle_dsa_public_key_init
-#define dsa_public_key_clear nettle_dsa_public_key_clear
-#define dsa_private_key_init nettle_dsa_private_key_init
-#define dsa_private_key_clear nettle_dsa_private_key_clear
#define dsa_signature_init nettle_dsa_signature_init
#define dsa_signature_clear nettle_dsa_signature_clear
-#define dsa_sha1_sign nettle_dsa_sha1_sign
-#define dsa_sha1_verify nettle_dsa_sha1_verify
-#define dsa_sha256_sign nettle_dsa_sha256_sign
-#define dsa_sha256_verify nettle_dsa_sha256_verify
#define dsa_sign nettle_dsa_sign
#define dsa_verify nettle_dsa_verify
-#define dsa_sha1_sign_digest nettle_dsa_sha1_sign_digest
-#define dsa_sha1_verify_digest nettle_dsa_sha1_verify_digest
-#define dsa_sha256_sign_digest nettle_dsa_sha256_sign_digest
-#define dsa_sha256_verify_digest nettle_dsa_sha256_verify_digest
#define dsa_generate_params nettle_dsa_generate_params
#define dsa_generate_keypair nettle_dsa_generate_keypair
#define dsa_signature_from_sexp nettle_dsa_signature_from_sexp
@@ -96,71 +81,12 @@ dsa_params_init (struct dsa_params *params);
void
dsa_params_clear (struct dsa_params *params);
-struct dsa_public_key
-{
- /* Modulo */
- mpz_t p;
-
- /* Group order */
- mpz_t q;
-
- /* Generator */
- mpz_t g;
-
- /* Public value */
- mpz_t y;
-};
-
-struct dsa_private_key
-{
- /* Unlike an rsa public key, private key operations will need both
- * the private and the public information. */
- mpz_t x;
-};
-
struct dsa_signature
{
mpz_t r;
mpz_t s;
};
-/* Signing a message works as follows:
- *
- * Store the private key in a dsa_private_key struct.
- *
- * Initialize a hashing context, by callling
- * sha1_init
- *
- * Hash the message by calling
- * sha1_update
- *
- * Create the signature by calling
- * dsa_sha1_sign
- *
- * The signature is represented as a struct dsa_signature. This call also
- * resets the hashing context.
- *
- * When done with the key and signature, don't forget to call
- * dsa_signature_clear.
- */
-
-/* Calls mpz_init to initialize bignum storage. */
-void
-dsa_public_key_init(struct dsa_public_key *key);
-
-/* Calls mpz_clear to deallocate bignum storage. */
-void
-dsa_public_key_clear(struct dsa_public_key *key);
-
-
-/* Calls mpz_init to initialize bignum storage. */
-void
-dsa_private_key_init(struct dsa_private_key *key);
-
-/* Calls mpz_clear to deallocate bignum storage. */
-void
-dsa_private_key_clear(struct dsa_private_key *key);
-
/* Calls mpz_init to initialize bignum storage. */
void
dsa_signature_init(struct dsa_signature *signature);
@@ -169,31 +95,6 @@ dsa_signature_init(struct dsa_signature *signature);
void
dsa_signature_clear(struct dsa_signature *signature);
-
-int
-dsa_sha1_sign(const struct dsa_public_key *pub,
- const struct dsa_private_key *key,
- void *random_ctx, nettle_random_func *random,
- struct sha1_ctx *hash,
- struct dsa_signature *signature);
-
-int
-dsa_sha256_sign(const struct dsa_public_key *pub,
- const struct dsa_private_key *key,
- void *random_ctx, nettle_random_func *random,
- struct sha256_ctx *hash,
- struct dsa_signature *signature);
-
-int
-dsa_sha1_verify(const struct dsa_public_key *key,
- struct sha1_ctx *hash,
- const struct dsa_signature *signature);
-
-int
-dsa_sha256_verify(const struct dsa_public_key *key,
- struct sha256_ctx *hash,
- const struct dsa_signature *signature);
-
int
dsa_sign(const struct dsa_params *params,
const mpz_t x,
@@ -209,30 +110,6 @@ dsa_verify(const struct dsa_params *params,
const uint8_t *digest,
const struct dsa_signature *signature);
-/* Maybe obsolete these functions? One can just as well call dsa_sign
- and dsa_verify directly, all that matters is the digest size. */
-int
-dsa_sha1_sign_digest(const struct dsa_public_key *pub,
- const struct dsa_private_key *key,
- void *random_ctx, nettle_random_func *random,
- const uint8_t *digest,
- struct dsa_signature *signature);
-int
-dsa_sha256_sign_digest(const struct dsa_public_key *pub,
- const struct dsa_private_key *key,
- void *random_ctx, nettle_random_func *random,
- const uint8_t *digest,
- struct dsa_signature *signature);
-
-int
-dsa_sha1_verify_digest(const struct dsa_public_key *key,
- const uint8_t *digest,
- const struct dsa_signature *signature);
-
-int
-dsa_sha256_verify_digest(const struct dsa_public_key *key,
- const uint8_t *digest,
- const struct dsa_signature *signature);
/* Key generation */
@@ -242,15 +119,6 @@ dsa_generate_params(struct dsa_params *params,
void *progress_ctx, nettle_progress_func *progress,
unsigned p_bits, unsigned q_bits);
-int
-dsa_generate_keypair(struct dsa_public_key *pub,
- struct dsa_private_key *key,
-
- void *random_ctx, nettle_random_func *random,
-
- void *progress_ctx, nettle_progress_func *progress,
- unsigned p_bits, unsigned q_bits);
-
/* Keys in sexp form. */
struct nettle_buffer;
@@ -302,7 +170,7 @@ struct asn1_der_iterator;
int
dsa_params_from_der_iterator(struct dsa_params *params,
unsigned max_bits, unsigned q_bits,
- struct asn1_der_iterator *i);
+ struct asn1_der_iterator *i);
int
dsa_public_key_from_der_iterator(const struct dsa_params *params,
@@ -320,7 +188,7 @@ int
dsa_openssl_private_key_from_der(struct dsa_params *params,
mpz_t pub,
mpz_t priv,
- unsigned p_max_bits,
+ unsigned p_max_bits,
size_t length, const uint8_t *data);
diff --git a/testsuite/testutils.h b/testsuite/testutils.h
index cc27ac8f..7b079833 100644
--- a/testsuite/testutils.h
+++ b/testsuite/testutils.h
@@ -18,7 +18,7 @@
#if WITH_HOGWEED
# include "rsa.h"
-# include "dsa.h"
+# include "dsa-compat.h"
# include "ecc-curve.h"
# include "ecc.h"
# include "ecc-internal.h"
--
GitLab