projects / u / mdw / catacomb / blob
? search:


97f82411b6c69f5ea95eff4a1d0ae41f9d7a8e32
[u/mdw/catacomb] / dsa.h
1 /* -*-c-*-
2 *
3 * $Id: dsa.h,v 1.2 1999/11/20 22:23:48 mdw Exp $
4 *
5 * Digital Signature Algorithm
6 *
7 * (c) 1999 Straylight/Edgeware
8 */
9
10 /*----- Licensing notice --------------------------------------------------*
11 *
12 * This file is part of Catacomb.
13 *
14 * Catacomb is free software; you can redistribute it and/or modify
15 * it under the terms of the GNU Library General Public License as
16 * published by the Free Software Foundation; either version 2 of the
17 * License, or (at your option) any later version.
18 *
19 * Catacomb is distributed in the hope that it will be useful,
20 * but WITHOUT ANY WARRANTY; without even the implied warranty of
21 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
22 * GNU Library General Public License for more details.
23 *
24 * You should have received a copy of the GNU Library General Public
25 * License along with Catacomb; if not, write to the Free
26 * Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
27 * MA 02111-1307, USA.
28 */
29
30 /*----- Revision history --------------------------------------------------*
31 *
32 * $Log: dsa.h,v $
33 * Revision 1.2 1999/11/20 22:23:48 mdw
34 * Allow event handler to abort the search process.
35 *
36 * Revision 1.1 1999/11/19 19:28:00 mdw
37 * Implementation of the Digital Signature Algorithm.
38 *
39 */
40
41 #ifndef DSA_H
42 #define DSA_H
43
44 #ifdef __cplusplus
45 extern "C" {
46 #endif
47
48 /*----- Notes on the Digital Signature Algorithm --------------------------*
49 *
50 * The Digital Signature Algorithm was designed by the NSA for US Government
51 * use. It's defined in FIPS 186-1. Whether it's covered by patents is
52 * under dispute, although it looks relatively clear. It produces compact
53 * signatures, and is relatively easy to compute. It seems strong, if
54 * appropriate parameters are chosen.
55 */
56
57 /*----- Header files ------------------------------------------------------*/
58
59 #ifndef MP_H
60 # include "mp.h"
61 #endif
62
63 /*----- Event codes -------------------------------------------------------*/
64
65 enum {
66 DSAEV_OK, /* Everything is fine */
67
68 DSAEV_FAILQ, /* @q@ failed primality test */
69 DSAEV_PASSQ, /* @q@ passeed one iteration */
70 DSAEV_GOODQ, /* Found good prime @q@ */
71
72 DSAEV_TRYP, /* Try prospective @p@ */
73 DSAEV_FAILP, /* @p@ failed primality test */
74 DSAEV_PASSP, /* @p@ passed one iteration */
75 DSAEV_GOODP, /* @p@ accepted as being prime */
76
77 DSAEV_TRYH, /* Try prospective @h@ */
78 DSAEV_FAILH, /* @h@ failed */
79 DSAEV_GOODG /* @g@ accepted as a generator */
80 };
81
82 /*----- Data structures ---------------------------------------------------*/
83
84 /* --- DSA parameter structure --- *
85 *
86 * These parameters can, and probably should, be shared among a group of
87 * users.
88 */
89
90 typedef struct dsa_param {
91 mp *p, *q; /* Prime numbers %$p$% and %$q$% */
92 mp *g; /* Generates order-%$q$% subgroup */
93 } dsa_param;
94
95 /* --- DSA signature structure --- *
96 *
97 * This is the recommended structure for a DSA signature. The actual signing
98 * function can cope with arbitrary-sized objects given appropriate
99 * parameters, however.
100 */
101
102 #define DSA_SIGLEN 20
103
104 typedef struct dsa_sig {
105 octet r[DSA_SIGLEN]; /* 160-bit @r@ value */
106 octet s[DSA_SIGLEN]; /* 160-bit @s@ value */
107 } dsa_sig;
108
109 /*----- Functions provided ------------------------------------------------*/
110
111 /* --- @dsa_seed@ --- *
112 *
113 * Arguments: @dsa_param *dp@ = where to store parameters
114 * @unsigned l@ = bitlength of @p@ in bits
115 * @const void *k@ = pointer to key material
116 * @int (*proc)(int ev, mp *m, void *p)@ = event procedure
117 * @size_t sz@ = size of key material
118 *
119 * Returns: Zero if all went well, nonzero if key material was
120 * unsuitable (one of the @DSAEV@ codes).
121 *
122 * Use: Generates the DSA shared parameters from a given seed value.
123 * This can take quite a long time. The size of @p@ in bits is
124 * %$l = 512 + 64l'$%. The DSA standard, FIPS 186, only allows
125 * %$0 \le l' \le 8$%. This implementation has no such limit,
126 * although @l@ must be a multiple of 8.
127 *
128 * The event procedure is informed of various happenings during
129 * generation. It is passed an event code describing what
130 * happened, and a multiprecision number which pertains to the
131 * event code. It may abort the search at any time by returning
132 * a nonzero value, which is returned as the result of the
133 * function.
134 */
135
136 extern int dsa_seed(dsa_param */*dp*/, unsigned /*l*/,
137 const void */*k*/, size_t /*sz*/,
138 int (*proc)(int /*ev*/, mp */*m*/, void */*p*/),
139 void */*p*/);
140
141 /* --- @dsa_mksig@ --- *
142 *
143 * Arguments: @const dsa_param *dp@ = pointer to DSA parameters
144 * @const mp *a@ = secret signing key
145 * @const mp *m@ = message to be signed
146 * @const mp *k@ = random data
147 * @mp **rr, **ss@ = where to put output parameters
148 *
149 * Returns: ---
150 *
151 * Use: Computes a DSA signature of a message.
152 */
153
154 extern void dsa_mksig(const dsa_param */*dp*/, const mp */*a*/,
155 const mp */*m*/, const mp */*k*/,
156 mp **/*rr*/, mp **/*ss*/);
157
158 /* --- @dsa_sign@ --- *
159 *
160 * Arguments: @dsa_param *dp@ = pointer to DSA parameters
161 * @mp *a@ = pointer to secret signing key
162 * @const void *m@ = pointer to message
163 * @size_t msz@ = size of the message
164 * @const void *k@ = secret random data for securing signature
165 * @size_t ksz@ = size of secret data
166 * @void *r@ = pointer to output space for @r@
167 * @size_t rsz@ = size of output space for @r@
168 * @void *s@ = pointer to output space for @s@
169 * @size_t ssz@ = size of output space for @s@
170 *
171 * Returns: ---
172 *
173 * Use: Signs a message, storing the results in a big-endian binary
174 * form.
175 */
176
177 extern void dsa_sign(dsa_param */*dp*/, mp */*a*/,
178 const void */*m*/, size_t /*msz*/,
179 const void */*k*/, size_t /*ksz*/,
180 void */*r*/, size_t /*rsz*/,
181 void */*s*/, size_t /*ssz*/);
182
183 /* --- @dsa_vrfy@ --- *
184 *
185 * Arguments: @const dsa_param *dp@ = pointer to DSA parameters
186 * @const mp *y@ = public verification key
187 * @const mp *m@ = message which was signed
188 * @const mp *r, *s@ = the signature
189 *
190 * Returns: Zero if the signature is a forgery, nonzero if it's valid.
191 *
192 * Use: Verifies a DSA digital signature.
193 */
194
195 extern int dsa_vrfy(const dsa_param */*dp*/, const mp */*y*/,
196 const mp */*m*/, const mp */*r*/, const mp */*s*/);
197
198 /* --- @dsa_verify@ --- *
199 *
200 * Arguments: @const dsa_param *dp@ = pointer to DSA parameters
201 * @const mp *y@ = public verification key
202 * @const void *m@ = pointer to message block
203 * @size_t msz@ = size of message block
204 * @const void *r@ = pointer to @r@ signature half
205 * @size_t rsz@ = size of @r@
206 * @const void *s@ = pointer to @s@ signature half
207 * @size_t ssz@ = size of @s@
208 *
209 * Returns: Zero if the signature is a forgery, nonzero if it's valid.
210 *
211 * Use: Verifies a DSA digital signature.
212 */
213
214 extern int dsa_verify(const dsa_param */*dp*/, const mp */*y*/,
215 const void */*m*/, size_t /*msz*/,
216 const void */*r*/, size_t /*rsz*/,
217 const void */*s*/, size_t /*ssz*/);
218
219 /*----- That's all, folks -------------------------------------------------*/
220
221 #ifdef __cplusplus
222 }
223 #endif
224
225 #endif
Catacomb cryptographic library (downstream of http://git.distorted.org.uk/~mdw/catacomb/)