New function dsa_generate_params.

ChangeLog

+2014-03-27  Niels Möller  <nisse@lysator.liu.se>
+
+	* dsa-gen-params.c (dsa_generate_params): New file and function,
+	extracted from DSA key generation.
+	* dsa-keygen.c (dsa_generate_keypair): Use dsa_generate_params.
+
 2014-03-26  Niels Möller  <nisse@lysator.liu.se>
 
 	* der2dsa.c (dsa_params_from_der_iterator): Converted to new DSA

Makefile.in

@@ -148,7 +148,8 @@ hogweed_SOURCES = sexp.c sexp-format.c \
 		  rsa-encrypt.c rsa-decrypt.c rsa-decrypt-tr.c \
 		  rsa-keygen.c rsa-compat.c rsa-blind.c \
 		  rsa2sexp.c sexp2rsa.c \
-		  dsa.c dsa-sign.c dsa-verify.c dsa-keygen.c dsa-hash.c \
+		  dsa.c dsa-gen-params.c \
+		  dsa-sign.c dsa-verify.c dsa-keygen.c dsa-hash.c \
 		  dsa-sha1-sign.c dsa-sha1-verify.c \
 		  dsa-sha256-sign.c dsa-sha256-verify.c  \
 		  dsa2sexp.c sexp2dsa.c \

dsa-gen-params.c

+/* dsa-gen-params.c
+ *
+ * Generation of DSA parameters
+ */
+
+/* nettle, low-level cryptographics library
+ *
+ * Copyright (C) 2002, 2013, 2014 Niels Möller
+ *  
+ * The nettle library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ * 
+ * The nettle library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public
+ * License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the nettle library; see the file COPYING.LIB.  If not, write to
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
+ */
+
+#if HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include <assert.h>
+#include <stdlib.h>
+
+#include "dsa.h"
+
+#include "bignum.h"
+#include "nettle-internal.h"
+
+
+/* Valid sizes, according to FIPS 186-3 are (1024, 160), (2048, 224),
+   (2048, 256), (3072, 256). */
+int
+dsa_generate_params(struct dsa_params *params,
+		    void *random_ctx, nettle_random_func *random,
+		    void *progress_ctx, nettle_progress_func *progress,
+		    unsigned p_bits, unsigned q_bits)
+{
+  mpz_t r;
+  unsigned p0_bits;
+  unsigned a;
+
+  if (q_bits < 30 || p_bits < q_bits + 30)
+    return 0;
+
+  mpz_init (r);
+
+  nettle_random_prime (params->q, q_bits, 0, random_ctx, random,
+		       progress_ctx, progress);
+
+  if (q_bits >= (p_bits + 2)/3)
+    _nettle_generate_pocklington_prime (params->p, r, p_bits, 0,
+					random_ctx, random,
+					params->q, NULL, params->q);
+  else
+    {
+      mpz_t p0, p0q;
+      mpz_init (p0);
+      mpz_init (p0q);
+
+      p0_bits = (p_bits + 3)/2;
+  
+      nettle_random_prime (p0, p0_bits, 0,
+			   random_ctx, random,
+			   progress_ctx, progress);
+
+      if (progress)
+	progress (progress_ctx, 'q');
+
+      /* Generate p = 2 r q p0 + 1, such that 2^{n-1} < p < 2^n. */
+      mpz_mul (p0q, p0, params->q);
+
+      _nettle_generate_pocklington_prime (params->p, r, p_bits, 0,
+					  random_ctx, random,
+					  p0, params->q, p0q);
+
+      mpz_mul (r, r, p0);
+
+      mpz_clear (p0);
+      mpz_clear (p0q);
+    }
+  if (progress)
+    progress (progress_ctx, 'p');
+
+  for (a = 2; ; a++)
+    {
+      mpz_set_ui (params->g, a);
+      mpz_powm (params->g, params->g, r, params->p);
+      if (mpz_cmp_ui (params->g, 1) != 0)
+	break;
+    }
+
+  mpz_clear (r);
+  
+  if (progress)
+    progress (progress_ctx, 'g');
+
+  return 1;
+}

dsa-keygen.c

@@ -5,7 +5,7 @@
 
 /* nettle, low-level cryptographics library
  *
- * Copyright (C) 2002 Niels Möller
+ * Copyright (C) 2002, 2014 Niels Möller
  *  
  * The nettle library is free software; you can redistribute it and/or modify
  * it under the terms of the GNU Lesser General Public License as published by
@@ -36,8 +36,7 @@
 
 
 /* Valid sizes, according to FIPS 186-3 are (1024, 160), (2048, 224),
-   (2048, 256), (3072, 256). Currenty, we use only q_bits of 160 or
-   256. */
+   (2048, 256), (3072, 256). */
 int
 dsa_generate_keypair(struct dsa_public_key *pub,
 		     struct dsa_private_key *key,
@@ -45,9 +44,8 @@ dsa_generate_keypair(struct dsa_public_key *pub,
 		     void *progress_ctx, nettle_progress_func *progress,
 		     unsigned p_bits, unsigned q_bits)
 {
-  mpz_t p0, p0q, r;
-  unsigned p0_bits;
-  unsigned a;
+  struct dsa_params *params;
+  mpz_t r;
 
   switch (q_bits)
     {
@@ -64,49 +62,16 @@ dsa_generate_keypair(struct dsa_public_key *pub,
       return 0;
     }
 
-  mpz_init (p0);
-  mpz_init (p0q);
-  mpz_init (r);
+  /* NOTE: Depends on identical layout! */
+  params = (struct dsa_params *) pub;
 
-  nettle_random_prime (pub->q, q_bits, 0, random_ctx, random,
-		       progress_ctx, progress);
-
-  p0_bits = (p_bits + 3)/2;
-  
-  nettle_random_prime (p0, p0_bits, 0,
-		       random_ctx, random,
-		       progress_ctx, progress);
-
-  if (progress)
-    progress (progress_ctx, 'q');
+  if (!dsa_generate_params (params,
+			    random_ctx, random,
+			    progress_ctx, progress,
+			    p_bits, q_bits))
+    return 0;
   
-  /* Generate p = 2 r q p0 + 1, such that 2^{n-1} < p < 2^n.
-   *
-   * We select r in the range i + 1 < r <= 2i, with i = floor (2^{n-2} / (p0 q). */
-
-  mpz_mul (p0q, p0, pub->q);
-
-  _nettle_generate_pocklington_prime (pub->p, r, p_bits, 0,
-				      random_ctx, random,
-				      p0, pub->q, p0q);
-
-  if (progress)
-    progress (progress_ctx, 'p');
-
-  mpz_mul (r, r, p0);
-
-  for (a = 2; ; a++)
-    {
-      mpz_set_ui (pub->g, a);
-      mpz_powm (pub->g, pub->g, r, pub->p);
-      if (mpz_cmp_ui (pub->g, 1) != 0)
-	break;
-    }
-
-  if (progress)
-    progress (progress_ctx, 'g');
-
-  mpz_set(r, pub->q);
+  mpz_init_set(r, pub->q);
   mpz_sub_ui(r, r, 2);
   nettle_mpz_random(key->x, random_ctx, random, r);
 
@@ -117,8 +82,6 @@ dsa_generate_keypair(struct dsa_public_key *pub,
   if (progress)
     progress (progress_ctx, '\n');
   
-  mpz_clear (p0);
-  mpz_clear (p0q);
   mpz_clear (r);
 
   return 1;

dsa.h

@@ -56,6 +56,7 @@ extern "C" {
 #define dsa_sha1_verify_digest nettle_dsa_sha1_verify_digest
 #define dsa_sha256_sign_digest nettle_dsa_sha256_sign_digest
 #define dsa_sha256_verify_digest nettle_dsa_sha256_verify_digest
+#define dsa_generate_params nettle_dsa_generate_params
 #define dsa_generate_keypair nettle_dsa_generate_keypair
 #define dsa_signature_from_sexp nettle_dsa_signature_from_sexp
 #define dsa_keypair_to_sexp nettle_dsa_keypair_to_sexp
@@ -235,6 +236,12 @@ dsa_sha256_verify_digest(const struct dsa_public_key *key,
 
 /* Key generation */
 
+int
+dsa_generate_params(struct dsa_params *params,
+		    void *random_ctx, nettle_random_func *random,
+		    void *progress_ctx, nettle_progress_func *progress,
+		    unsigned p_bits, unsigned q_bits);
+
 int
 dsa_generate_keypair(struct dsa_public_key *pub,
 		     struct dsa_private_key *key,