projects / u / mdw / catacomb / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Table for driving key data extraction.
[u/mdw/catacomb] / dsa.h
1 /* -*-c-*-
2 *
3 * $Id: dsa.h,v 1.4 1999/12/22 15:52:44 mdw Exp $
4 *
5 * Digital Signature Algorithm
6 *
7 * (c) 1999 Straylight/Edgeware
8 */
9
10 /*----- Licensing notice --------------------------------------------------*
11 *
12 * This file is part of Catacomb.
13 *
14 * Catacomb is free software; you can redistribute it and/or modify
15 * it under the terms of the GNU Library General Public License as
16 * published by the Free Software Foundation; either version 2 of the
17 * License, or (at your option) any later version.
18 *
19 * Catacomb is distributed in the hope that it will be useful,
20 * but WITHOUT ANY WARRANTY; without even the implied warranty of
21 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
22 * GNU Library General Public License for more details.
23 *
24 * You should have received a copy of the GNU Library General Public
25 * License along with Catacomb; if not, write to the Free
26 * Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
27 * MA 02111-1307, USA.
28 */
29
30 /*----- Revision history --------------------------------------------------*
31 *
32 * $Log: dsa.h,v $
33 * Revision 1.4 1999/12/22 15:52:44 mdw
34 * Reworking for new prime-search system.
35 *
36 * Revision 1.3 1999/12/10 23:29:48 mdw
37 * Change header file guard names.
38 *
39 * Revision 1.2 1999/11/20 22:23:48 mdw
40 * Allow event handler to abort the search process.
41 *
42 * Revision 1.1 1999/11/19 19:28:00 mdw
43 * Implementation of the Digital Signature Algorithm.
44 *
45 */
46
47 #ifndef CATACOMB_DSA_H
48 #define CATACOMB_DSA_H
49
50 #ifdef __cplusplus
51 extern "C" {
52 #endif
53
54 /*----- Notes on the Digital Signature Algorithm --------------------------*
55 *
56 * The Digital Signature Algorithm was designed by the NSA for US Government
57 * use. It's defined in FIPS 186-1. Whether it's covered by patents is
58 * under dispute, although it looks relatively clear. It produces compact
59 * signatures, and is relatively easy to compute. It seems strong, if
60 * appropriate parameters are chosen.
61 */
62
63 /*----- Header files ------------------------------------------------------*/
64
65 #ifndef CATACOMB_MP_H
66 # include "mp.h"
67 #endif
68
69 #ifndef CATACOMB_PGEN_H
70 # include "pgen.h"
71 #endif
72
73 /*----- Data structures ---------------------------------------------------*/
74
75 /* --- DSA parameter structure --- *
76 *
77 * These parameters can, and probably should, be shared among a group of
78 * users.
79 */
80
81 typedef struct dsa_param {
82 mp *p, *q; /* Prime numbers %$p$% and %$q$% */
83 mp *g; /* Generates order-%$q$% subgroup */
84 } dsa_param;
85
86 /* --- DSA signature structure --- *
87 *
88 * This is the recommended structure for a DSA signature. The actual signing
89 * function can cope with arbitrary-sized objects given appropriate
90 * parameters, however.
91 */
92
93 #define DSA_SIGLEN 20
94
95 typedef struct dsa_sig {
96 octet r[DSA_SIGLEN]; /* 160-bit @r@ value */
97 octet s[DSA_SIGLEN]; /* 160-bit @s@ value */
98 } dsa_sig;
99
100 /*----- DSA stepper -------------------------------------------------------*/
101
102 typedef struct dsa_stepctx {
103
104 /* --- To be initialized by the client --- */
105
106 grand *r; /* Random number generator */
107 mp *q; /* Force @p@ to be a multiple */
108 size_t bits; /* Number of bits in the result */
109 unsigned or; /* OR mask for low order bits */
110 } dsa_stepctx;
111
112 /* --- @dsa_step@ --- *
113 *
114 * The stepper chooses random integers, ensures that they are a multiple of
115 * @q@ (if specified), sets the low-order bits, and then tests for
116 * divisibility by small primes.
117 */
118
119 extern int dsa_step(int /*rq*/, pgen_event */*ev*/, void */*p*/);
120
121 /*----- Functions provided ------------------------------------------------*/
122
123 /* --- @dsa_seed@ --- *
124 *
125 * Arguments: @dsa_param *dp@ = where to store parameters
126 * @unsigned ql@ = length of @q@ in bits
127 * @unsigned pl@ = length of @p@ in bits
128 * @unsigned steps@ = number of steps to find @q@
129 * @const void *k@ = pointer to key material
130 * @size_t sz@ = size of key material
131 * @pgen_proc *event@ = event handler function
132 * @void *ectx@ = argument for event handler
133 *
134 * Returns: @PGEN_DONE@ if everything worked ok; @PGEN_ABORT@ otherwise.
135 *
136 * Use: Generates the DSA shared parameters from a given seed value.
137 * This can take quite a long time.
138 *
139 * The algorithm used is a compatible extension of the method
140 * described in the DSA standard, FIPS 186. The standard
141 * requires that %$q$% be 160 bits in size (i.e., @ql == 160@)
142 * and that the length of %$p$% be %$L = 512 + 64l$% for some
143 * %$l$%. Neither limitation applies to this implementation.
144 */
145
146 extern int dsa_seed(dsa_param */*dp*/, unsigned /*ql*/, unsigned /*pl*/,
147 unsigned /*steps*/, const void */*k*/, size_t /*sz*/,
148 pgen_proc */*event*/, void */*ectx*/);
149
150 /* --- @dsa_mksig@ --- *
151 *
152 * Arguments: @const dsa_param *dp@ = pointer to DSA parameters
153 * @mp *a@ = secret signing key
154 * @mp *m@ = message to be signed
155 * @mp *k@ = random data
156 * @mp **rr, **ss@ = where to put output parameters
157 *
158 * Returns: ---
159 *
160 * Use: Computes a DSA signature of a message.
161 */
162
163 extern void dsa_mksig(const dsa_param */*dp*/, mp */*a*/,
164 mp */*m*/, mp */*k*/,
165 mp **/*rr*/, mp **/*ss*/);
166
167 /* --- @dsa_sign@ --- *
168 *
169 * Arguments: @dsa_param *dp@ = pointer to DSA parameters
170 * @mp *a@ = pointer to secret signing key
171 * @const void *m@ = pointer to message
172 * @size_t msz@ = size of the message
173 * @const void *k@ = secret random data for securing signature
174 * @size_t ksz@ = size of secret data
175 * @void *r@ = pointer to output space for @r@
176 * @size_t rsz@ = size of output space for @r@
177 * @void *s@ = pointer to output space for @s@
178 * @size_t ssz@ = size of output space for @s@
179 *
180 * Returns: ---
181 *
182 * Use: Signs a message, storing the results in a big-endian binary
183 * form.
184 */
185
186 extern void dsa_sign(dsa_param */*dp*/, mp */*a*/,
187 const void */*m*/, size_t /*msz*/,
188 const void */*k*/, size_t /*ksz*/,
189 void */*r*/, size_t /*rsz*/,
190 void */*s*/, size_t /*ssz*/);
191
192 /* --- @dsa_vrfy@ --- *
193 *
194 * Arguments: @const dsa_param *dp@ = pointer to DSA parameters
195 * @mp *y@ = public verification key
196 * @mp *m@ = message which was signed
197 * @mp *r, *s@ = the signature
198 *
199 * Returns: Zero if the signature is a forgery, nonzero if it's valid.
200 *
201 * Use: Verifies a DSA digital signature.
202 */
203
204 extern int dsa_vrfy(const dsa_param */*dp*/, mp */*y*/,
205 mp */*m*/, mp */*r*/, mp */*s*/);
206
207 /* --- @dsa_verify@ --- *
208 *
209 * Arguments: @const dsa_param *dp@ = pointer to DSA parameters
210 * @mp *y@ = public verification key
211 * @const void *m@ = pointer to message block
212 * @size_t msz@ = size of message block
213 * @const void *r@ = pointer to @r@ signature half
214 * @size_t rsz@ = size of @r@
215 * @const void *s@ = pointer to @s@ signature half
216 * @size_t ssz@ = size of @s@
217 *
218 * Returns: Zero if the signature is a forgery, nonzero if it's valid.
219 *
220 * Use: Verifies a DSA digital signature.
221 */
222
223 extern int dsa_verify(const dsa_param */*dp*/, mp */*y*/,
224 const void */*m*/, size_t /*msz*/,
225 const void */*r*/, size_t /*rsz*/,
226 const void */*s*/, size_t /*ssz*/);
227
228 /*----- That's all, folks -------------------------------------------------*/
229
230 #ifdef __cplusplus
231 }
232 #endif
233
234 #endif
Catacomb cryptographic library (downstream of http://git.distorted.org.uk/~mdw/catacomb/)