diff --git a/ChangeLog b/ChangeLog
index 55577db283c96d31960e6cbfc6c6ddc4d9d485bc..90ad53a81b72d9ff9dc5c0e086158e22bad6076a 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2014-03-27 Niels Möller <nisse@lysator.liu.se>
+
+ * dsa-gen-params.c (dsa_generate_params): New file and function,
+ extracted from DSA key generation.
+ * dsa-keygen.c (dsa_generate_keypair): Use dsa_generate_params.
+
2014-03-26 Niels Möller <nisse@lysator.liu.se>
* der2dsa.c (dsa_params_from_der_iterator): Converted to new DSA
diff --git a/Makefile.in b/Makefile.in
index e61cbd034adf9c617985a2de16497db39cb19262..0faae075c32eb66142823142463fe348d718f64c 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -148,7 +148,8 @@ hogweed_SOURCES = sexp.c sexp-format.c \
rsa-encrypt.c rsa-decrypt.c rsa-decrypt-tr.c \
rsa-keygen.c rsa-compat.c rsa-blind.c \
rsa2sexp.c sexp2rsa.c \
- dsa.c dsa-sign.c dsa-verify.c dsa-keygen.c dsa-hash.c \
+ dsa.c dsa-gen-params.c \
+ dsa-sign.c dsa-verify.c dsa-keygen.c dsa-hash.c \
dsa-sha1-sign.c dsa-sha1-verify.c \
dsa-sha256-sign.c dsa-sha256-verify.c \
dsa2sexp.c sexp2dsa.c \
diff --git a/dsa-gen-params.c b/dsa-gen-params.c
new file mode 100644
index 0000000000000000000000000000000000000000..ddf3ae1a37ba8f766b84b81f7ecd528f6c7bd629
--- /dev/null
+++ b/dsa-gen-params.c
@@ -0,0 +1,107 @@
+/* dsa-gen-params.c
+ *
+ * Generation of DSA parameters
+ */
+
+/* nettle, low-level cryptographics library
+ *
+ * Copyright (C) 2002, 2013, 2014 Niels Möller
+ *
+ * The nettle library is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation; either version 2.1 of the License, or (at your
+ * option) any later version.
+ *
+ * The nettle library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
+ * License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with the nettle library; see the file COPYING.LIB. If not, write to
+ * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02111-1301, USA.
+ */
+
+#if HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include <assert.h>
+#include <stdlib.h>
+
+#include "dsa.h"
+
+#include "bignum.h"
+#include "nettle-internal.h"
+
+
+/* Valid sizes, according to FIPS 186-3 are (1024, 160), (2048, 224),
+ (2048, 256), (3072, 256). */
+int
+dsa_generate_params(struct dsa_params *params,
+ void *random_ctx, nettle_random_func *random,
+ void *progress_ctx, nettle_progress_func *progress,
+ unsigned p_bits, unsigned q_bits)
+{
+ mpz_t r;
+ unsigned p0_bits;
+ unsigned a;
+
+ if (q_bits < 30 || p_bits < q_bits + 30)
+ return 0;
+
+ mpz_init (r);
+
+ nettle_random_prime (params->q, q_bits, 0, random_ctx, random,
+ progress_ctx, progress);
+
+ if (q_bits >= (p_bits + 2)/3)
+ _nettle_generate_pocklington_prime (params->p, r, p_bits, 0,
+ random_ctx, random,
+ params->q, NULL, params->q);
+ else
+ {
+ mpz_t p0, p0q;
+ mpz_init (p0);
+ mpz_init (p0q);
+
+ p0_bits = (p_bits + 3)/2;
+
+ nettle_random_prime (p0, p0_bits, 0,
+ random_ctx, random,
+ progress_ctx, progress);
+
+ if (progress)
+ progress (progress_ctx, 'q');
+
+ /* Generate p = 2 r q p0 + 1, such that 2^{n-1} < p < 2^n. */
+ mpz_mul (p0q, p0, params->q);
+
+ _nettle_generate_pocklington_prime (params->p, r, p_bits, 0,
+ random_ctx, random,
+ p0, params->q, p0q);
+
+ mpz_mul (r, r, p0);
+
+ mpz_clear (p0);
+ mpz_clear (p0q);
+ }
+ if (progress)
+ progress (progress_ctx, 'p');
+
+ for (a = 2; ; a++)
+ {
+ mpz_set_ui (params->g, a);
+ mpz_powm (params->g, params->g, r, params->p);
+ if (mpz_cmp_ui (params->g, 1) != 0)
+ break;
+ }
+
+ mpz_clear (r);
+
+ if (progress)
+ progress (progress_ctx, 'g');
+
+ return 1;
+}
diff --git a/dsa-keygen.c b/dsa-keygen.c
index 71797ddb0c3391a725bfeaf3d6d8a96e0908971d..36339fd97476e6ef39fa14e8cdf74422ffe54620 100644
--- a/dsa-keygen.c
+++ b/dsa-keygen.c
@@ -5,7 +5,7 @@
/* nettle, low-level cryptographics library
*
- * Copyright (C) 2002 Niels Möller
+ * Copyright (C) 2002, 2014 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
@@ -36,8 +36,7 @@
/* Valid sizes, according to FIPS 186-3 are (1024, 160), (2048, 224),
- (2048, 256), (3072, 256). Currenty, we use only q_bits of 160 or
- 256. */
+ (2048, 256), (3072, 256). */
int
dsa_generate_keypair(struct dsa_public_key *pub,
struct dsa_private_key *key,
@@ -45,9 +44,8 @@ dsa_generate_keypair(struct dsa_public_key *pub,
void *progress_ctx, nettle_progress_func *progress,
unsigned p_bits, unsigned q_bits)
{
- mpz_t p0, p0q, r;
- unsigned p0_bits;
- unsigned a;
+ struct dsa_params *params;
+ mpz_t r;
switch (q_bits)
{
@@ -64,49 +62,16 @@ dsa_generate_keypair(struct dsa_public_key *pub,
return 0;
}
- mpz_init (p0);
- mpz_init (p0q);
- mpz_init (r);
+ /* NOTE: Depends on identical layout! */
+ params = (struct dsa_params *) pub;
- nettle_random_prime (pub->q, q_bits, 0, random_ctx, random,
- progress_ctx, progress);
-
- p0_bits = (p_bits + 3)/2;
-
- nettle_random_prime (p0, p0_bits, 0,
- random_ctx, random,
- progress_ctx, progress);
-
- if (progress)
- progress (progress_ctx, 'q');
+ if (!dsa_generate_params (params,
+ random_ctx, random,
+ progress_ctx, progress,
+ p_bits, q_bits))
+ return 0;
- /* Generate p = 2 r q p0 + 1, such that 2^{n-1} < p < 2^n.
- *
- * We select r in the range i + 1 < r <= 2i, with i = floor (2^{n-2} / (p0 q). */
-
- mpz_mul (p0q, p0, pub->q);
-
- _nettle_generate_pocklington_prime (pub->p, r, p_bits, 0,
- random_ctx, random,
- p0, pub->q, p0q);
-
- if (progress)
- progress (progress_ctx, 'p');
-
- mpz_mul (r, r, p0);
-
- for (a = 2; ; a++)
- {
- mpz_set_ui (pub->g, a);
- mpz_powm (pub->g, pub->g, r, pub->p);
- if (mpz_cmp_ui (pub->g, 1) != 0)
- break;
- }
-
- if (progress)
- progress (progress_ctx, 'g');
-
- mpz_set(r, pub->q);
+ mpz_init_set(r, pub->q);
mpz_sub_ui(r, r, 2);
nettle_mpz_random(key->x, random_ctx, random, r);
@@ -117,8 +82,6 @@ dsa_generate_keypair(struct dsa_public_key *pub,
if (progress)
progress (progress_ctx, '\n');
- mpz_clear (p0);
- mpz_clear (p0q);
mpz_clear (r);
return 1;
diff --git a/dsa.h b/dsa.h
index 33bd00b2a7dd9f59ff03208b0823c064bc4cb7fc..d0d9ce7bacc64063ce416596c7beb722e0c2f538 100644
--- a/dsa.h
+++ b/dsa.h
@@ -56,6 +56,7 @@ extern "C" {
#define dsa_sha1_verify_digest nettle_dsa_sha1_verify_digest
#define dsa_sha256_sign_digest nettle_dsa_sha256_sign_digest
#define dsa_sha256_verify_digest nettle_dsa_sha256_verify_digest
+#define dsa_generate_params nettle_dsa_generate_params
#define dsa_generate_keypair nettle_dsa_generate_keypair
#define dsa_signature_from_sexp nettle_dsa_signature_from_sexp
#define dsa_keypair_to_sexp nettle_dsa_keypair_to_sexp
@@ -235,6 +236,12 @@ dsa_sha256_verify_digest(const struct dsa_public_key *key,
/* Key generation */
+int
+dsa_generate_params(struct dsa_params *params,
+ void *random_ctx, nettle_random_func *random,
+ void *progress_ctx, nettle_progress_func *progress,
+ unsigned p_bits, unsigned q_bits);
+
int
dsa_generate_keypair(struct dsa_public_key *pub,
struct dsa_private_key *key,