X-Git-Url: https://git.distorted.org.uk/u/mdw/catacomb/blobdiff_plain/b3f050848e5d285c2a1d7f8a4bea98984c201805..f41f820e4b3e230d9314cc4323abf59babdd4e67:/dsa.h diff --git a/dsa.h b/dsa.h index ba3bad8..2b4949d 100644 --- a/dsa.h +++ b/dsa.h @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: dsa.h,v 1.3 1999/12/10 23:29:48 mdw Exp $ + * $Id: dsa.h,v 1.6 2000/07/01 11:20:51 mdw Exp $ * * Digital Signature Algorithm * @@ -30,6 +30,15 @@ /*----- Revision history --------------------------------------------------* * * $Log: dsa.h,v $ + * Revision 1.6 2000/07/01 11:20:51 mdw + * New functions for freeing public and private keys. + * + * Revision 1.5 2000/06/17 10:53:42 mdw + * Minor changes for key fetching. Typesetting fixes. + * + * Revision 1.4 1999/12/22 15:52:44 mdw + * Reworking for new prime-search system. + * * Revision 1.3 1999/12/10 23:29:48 mdw * Change header file guard names. * @@ -59,31 +68,17 @@ /*----- Header files ------------------------------------------------------*/ +#ifndef CATACOMB_KEY_H +# include "key.h" +#endif + #ifndef CATACOMB_MP_H # include "mp.h" #endif - -/*----- Event codes -------------------------------------------------------*/ - -enum { - DSAEV_OK, /* Everything is fine */ - - DSAEV_FINDQ, /* Search for a @q@ */ - DSAEV_FAILQ, /* @q@ failed primality test */ - DSAEV_PASSQ, /* @q@ passeed one iteration */ - DSAEV_GOODQ, /* Found good prime @q@ */ - - DSAEV_FINDP, /* Search for a @p@ */ - DSAEV_TRYP, /* Try prospective @p@ */ - DSAEV_FAILP, /* @p@ failed primality test */ - DSAEV_PASSP, /* @p@ passed one iteration */ - DSAEV_GOODP, /* @p@ accepted as being prime */ - - DSAEV_FINDG, /* Search for a @g@ */ - DSAEV_TRYH, /* Try prospective @h@ */ - DSAEV_FAILH, /* @h@ failed */ - DSAEV_GOODG /* @g@ accepted as a generator */ -}; + +#ifndef CATACOMB_PGEN_H +# include "pgen.h" +#endif /*----- Data structures ---------------------------------------------------*/ @@ -98,6 +93,17 @@ typedef struct dsa_param { mp *g; /* Generates order-%$q$% subgroup */ } dsa_param; +typedef struct dsa_pub { + dsa_param dp; /* Shared parameters */ + mp *y; /* Public key */ +} dsa_pub; + +typedef struct dsa_priv { + dsa_param dp; /* Shared parameters */ + mp *x; /* Private key */ + mp *y; /* %$y \equiv g^x \pmod{p}$% */ +} dsa_priv; + /* --- DSA signature structure --- * * * This is the recommended structure for a DSA signature. The actual signing @@ -112,37 +118,80 @@ typedef struct dsa_sig { octet s[DSA_SIGLEN]; /* 160-bit @s@ value */ } dsa_sig; +/*----- Key fetching ------------------------------------------------------*/ + +extern const key_fetchdef dsa_paramfetch[]; +#define DSA_PARAMFETCHSZ 5 + +extern const key_fetchdef dsa_pubfetch[]; +#define DSA_PUBFETCHSZ 6 + +extern const key_fetchdef dsa_privfetch[]; +#define DSA_PRIVFETCHSZ 9 + +/* --- @dsa_paramfree@, @dsa_pubfree@, @dsa_privfree@ --- * + * + * Arguments: @dsa_param *dp@, @dsa_pub *dp@, @dsa_priv *dp@ = pointer + * to key block to free + * + * Returns: --- + * + * Use: Frees a DSA key block. + */ + +extern void dsa_paramfree(dsa_param */*dp*/); +extern void dsa_pubfree(dsa_pub */*dp*/); +extern void dsa_privfree(dsa_priv */*dp*/); + +/*----- DSA stepper -------------------------------------------------------*/ + +typedef struct dsa_stepctx { + + /* --- To be initialized by the client --- */ + + grand *r; /* Random number generator */ + mp *q; /* Force @p@ to be a multiple */ + size_t bits; /* Number of bits in the result */ + unsigned or; /* OR mask for low order bits */ +} dsa_stepctx; + +/* --- @dsa_step@ --- * + * + * The stepper chooses random integers, ensures that they are a multiple of + * @q@ (if specified), sets the low-order bits, and then tests for + * divisibility by small primes. + */ + +extern int dsa_step(int /*rq*/, pgen_event */*ev*/, void */*p*/); + /*----- Functions provided ------------------------------------------------*/ /* --- @dsa_seed@ --- * * * Arguments: @dsa_param *dp@ = where to store parameters - * @unsigned l@ = bitlength of @p@ in bits + * @unsigned ql@ = length of @q@ in bits + * @unsigned pl@ = length of @p@ in bits + * @unsigned steps@ = number of steps to find @q@ * @const void *k@ = pointer to key material - * @int (*proc)(int ev, mp *m, void *p)@ = event procedure * @size_t sz@ = size of key material + * @pgen_proc *event@ = event handler function + * @void *ectx@ = argument for event handler * - * Returns: Zero if all went well, nonzero if key material was - * unsuitable (one of the @DSAEV@ codes). + * Returns: @PGEN_DONE@ if everything worked ok; @PGEN_ABORT@ otherwise. * * Use: Generates the DSA shared parameters from a given seed value. - * This can take quite a long time. The size of @p@ in bits is - * %$l = 512 + 64l'$%. The DSA standard, FIPS 186, only allows - * %$0 \le l' \le 8$%. This implementation has no such limit, - * although @l@ must be a multiple of 8. - * - * The event procedure is informed of various happenings during - * generation. It is passed an event code describing what - * happened, and a multiprecision number which pertains to the - * event code. It may abort the search at any time by returning - * a nonzero value, which is returned as the result of the - * function. + * This can take quite a long time. + * + * The algorithm used is a compatible extension of the method + * described in the DSA standard, FIPS 186. The standard + * requires that %$q$% be 160 bits in size (i.e., @ql == 160@) + * and that the length of %$p$% be %$L = 512 + 64l$% for some + * %$l$%. Neither limitation applies to this implementation. */ -extern int dsa_seed(dsa_param */*dp*/, unsigned /*l*/, - const void */*k*/, size_t /*sz*/, - int (*proc)(int /*ev*/, mp */*m*/, void */*p*/), - void */*p*/); +extern int dsa_seed(dsa_param */*dp*/, unsigned /*ql*/, unsigned /*pl*/, + unsigned /*steps*/, const void */*k*/, size_t /*sz*/, + pgen_proc */*event*/, void */*ectx*/); /* --- @dsa_mksig@ --- * * @@ -218,9 +267,9 @@ extern int dsa_vrfy(const dsa_param */*dp*/, mp */*y*/, */ extern int dsa_verify(const dsa_param */*dp*/, mp */*y*/, - const void */*m*/, size_t /*msz*/, - const void */*r*/, size_t /*rsz*/, - const void */*s*/, size_t /*ssz*/); + const void */*m*/, size_t /*msz*/, + const void */*r*/, size_t /*rsz*/, + const void */*s*/, size_t /*ssz*/); /*----- That's all, folks -------------------------------------------------*/