~mdw / catacomb / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
pub/dsa-misc.c, pub/dsa.h: Make arg name in comment match declaration.
[catacomb] / pub / dsa.h
1 /* -*-c-*-
2 *
3 * Digital Signature Algorithm
4 *
5 * (c) 1999 Straylight/Edgeware
6 */
7
8 /*----- Licensing notice --------------------------------------------------*
9 *
10 * This file is part of Catacomb.
11 *
12 * Catacomb is free software; you can redistribute it and/or modify
13 * it under the terms of the GNU Library General Public License as
14 * published by the Free Software Foundation; either version 2 of the
15 * License, or (at your option) any later version.
16 *
17 * Catacomb is distributed in the hope that it will be useful,
18 * but WITHOUT ANY WARRANTY; without even the implied warranty of
19 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
20 * GNU Library General Public License for more details.
21 *
22 * You should have received a copy of the GNU Library General Public
23 * License along with Catacomb; if not, write to the Free
24 * Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
25 * MA 02111-1307, USA.
26 */
27
28 #ifndef CATACOMB_DSA_H
29 #define CATACOMB_DSA_H
30
31 #ifdef __cplusplus
32 extern "C" {
33 #endif
34
35 /*----- Notes on the Digital Signature Algorithm --------------------------*
36 *
37 * The Digital Signature Algorithm was designed by the NSA for US Government
38 * use. It's defined in FIPS 186-1. Whether it's covered by patents is
39 * under dispute, although it looks relatively clear. It produces compact
40 * signatures, and is relatively easy to compute. It seems strong, if
41 * appropriate parameters are chosen.
42 */
43
44 /*----- Header files ------------------------------------------------------*/
45
46 #ifndef CATACOMB_DH_H
47 # include "dh.h"
48 #endif
49
50 #ifndef CATACOMB_KEY_H
51 # include "key.h"
52 #endif
53
54 #ifndef CATACOMB_KEYCHECK_H
55 # include "keycheck.h"
56 #endif
57
58 #ifndef CATACOMB_MP_H
59 # include "mp.h"
60 #endif
61
62 #ifndef CATACOMB_PGEN_H
63 # include "pgen.h"
64 #endif
65
66 /*----- Data structures ---------------------------------------------------*/
67
68 /* --- The parameters and keys are the same as for Diffie-Hellman --- */
69
70 typedef dh_param dsa_param;
71 typedef dh_pub dsa_pub;
72 typedef dh_priv dsa_priv;
73
74 /* --- DSA key seed structure --- */
75
76 typedef struct dsa_seed {
77 void *p; /* Pointer to seed material */
78 size_t sz; /* Size of seed material */
79 unsigned count; /* Iterations to find @p@ */
80 } dsa_seed;
81
82 /* --- DSA signature structure --- *
83 *
84 * This is the recommended structure for a DSA signature. The actual signing
85 * function can cope with arbitrary-sized objects given appropriate
86 * parameters, however.
87 */
88
89 #define DSA_SIGLEN 20
90
91 typedef struct dsa_sig {
92 octet r[DSA_SIGLEN]; /* 160-bit @r@ value */
93 octet s[DSA_SIGLEN]; /* 160-bit @s@ value */
94 } dsa_sig;
95
96 /*----- Key fetching ------------------------------------------------------*/
97
98 #define dsa_paramfetch dh_paramfetch
99 #define dsa_pubfetch dh_pubfetch
100 #define dsa_privfetch dh_privfetch
101
102 #define DSA_PARAMFETCHSZ DH_PARAMFETCHSZ
103 #define DSA_PUBFETCHSZ DH_PUBFETCHSZ
104 #define DSA_PRIVFETCHSZ DH_PRIVFETCHSZ
105
106 #define dsa_paramfree dh_paramfree
107 #define dsa_pubfree dh_pubfree
108 #define dsa_privfree dh_privfree
109
110 /*----- DSA stepper -------------------------------------------------------*/
111
112 typedef struct dsa_stepctx {
113
114 /* --- To be initialized by the client --- */
115
116 grand *r; /* Random number generator */
117 mp *q; /* Force @p@ to be a multiple */
118 size_t bits; /* Number of bits in the result */
119 unsigned or; /* OR mask for low order bits */
120 unsigned count; /* Counts the number of steps made */
121 void *seedbuf; /* Pointer to seed buffer */
122 } dsa_stepctx;
123
124 /* --- @dsa_step@ --- *
125 *
126 * The stepper chooses random integers, ensures that they are a multiple of
127 * @q@ (if specified), sets the low-order bits, and then tests for
128 * divisibility by small primes.
129 */
130
131 extern pgen_proc dsa_step;
132
133 /*----- Functions provided ------------------------------------------------*/
134
135 /* --- @dsa_gen@ --- *
136 *
137 * Arguments: @dsa_param *dp@ = where to store parameters
138 * @unsigned ql@ = length of @q@ in bits
139 * @unsigned pl@ = length of @p@ in bits
140 * @unsigned steps@ = number of steps to find @q@
141 * @const void *k@ = pointer to key material
142 * @size_t sz@ = size of key material
143 * @dsa_seed *sd@ = optional pointer for output seed information
144 * @pgen_proc *event@ = event handler function
145 * @void *ectx@ = argument for event handler
146 *
147 * Returns: @PGEN_DONE@ if everything worked ok; @PGEN_ABORT@ otherwise.
148 *
149 * Use: Generates the DSA shared parameters from a given seed value.
150 * This can take quite a long time.
151 *
152 * The algorithm used is a compatible extension of the method
153 * described in the DSA standard, FIPS 186. The standard
154 * requires that %$q$% be 160 bits in size (i.e., @ql == 160@)
155 * and that the length of %$p$% be %$L = 512 + 64l$% for some
156 * %$l$%. Neither limitation applies to this implementation.
157 */
158
159 extern int dsa_gen(dsa_param */*dp*/, unsigned /*ql*/, unsigned /*pl*/,
160 unsigned /*steps*/, const void */*k*/, size_t /*sz*/,
161 dsa_seed */*sd*/, pgen_proc */*event*/, void */*ectx*/);
162
163 /* --- @dsa_checkparam@ --- *
164 *
165 * Arguments: @keycheck *kc@ = keycheck state
166 * @const dsa_param *dp@ = pointer to the parameter set
167 * @const dsa_seed *ds@ = pointer to seed information
168 *
169 * Returns: Zero if all OK, or return status from function.
170 *
171 * Use: Checks a set of DSA parameters for consistency and security.
172 */
173
174 extern int dsa_checkparam(keycheck */*kc*/, const dsa_param */*dp*/,
175 const dsa_seed */*ds*/);
176
177 /* --- @dsa_h2n@ --- *
178 *
179 * Arguments: @mp *d@ = destination integer
180 * @mp *r@ = order of the DSA group
181 * @const void *h@ = pointer to message hash
182 * @size_t hsz@ = size (in bytes) of the hash output
183 *
184 * Returns: Resulting integer.
185 *
186 * Use: Converts a hash to an integer in the demented way necessary
187 * for DSA/ECDSA. This is, of course, completely insane, but
188 * there you go.
189 */
190
191 extern mp *dsa_h2n(mp */*d*/, mp */*r*/, const void */*h*/, size_t /*hsz*/);
192
193 /* --- @dsa_nonce@ --- *
194 *
195 * Arguments: @mp *d@ = destination integer
196 * @mp *q@ = order of the DSA group
197 * @mp *x@ = secret key
198 * @const octet *m@ = message hash
199 * @const gchash *ch@ = hash class
200 * @grand *r@ = random bit source, or null
201 *
202 * Returns: A nonce.
203 *
204 * Use: Generates a nonce for use in DSA (or another Fiat--Shamir
205 * signature scheme).
206 */
207
208 extern mp *dsa_nonce(mp */*d*/, mp */*q*/, mp */*x*/, const octet */*m*/,
209 const gchash */*ch*/, grand */*r*/);
210
211 /* --- @dsa_mksig@ --- *
212 *
213 * Arguments: @const dsa_param *dp@ = pointer to DSA parameters
214 * @mp *a@ = secret signing key
215 * @mp *m@ = message to be signed
216 * @mp *k@ = random data
217 * @mp **rr, **ss@ = where to put output parameters
218 *
219 * Returns: ---
220 *
221 * Use: Computes a DSA signature of a message.
222 */
223
224 extern void dsa_mksig(const dsa_param */*dp*/, mp */*a*/,
225 mp */*m*/, mp */*k*/,
226 mp **/*rr*/, mp **/*ss*/);
227
228 /* --- @dsa_sign@ --- *
229 *
230 * Arguments: @dsa_param *dp@ = pointer to DSA parameters
231 * @mp *a@ = pointer to secret signing key
232 * @const void *m@ = pointer to message
233 * @size_t msz@ = size of the message
234 * @const void *k@ = secret random data for securing signature
235 * @size_t ksz@ = size of secret data
236 * @void *r@ = pointer to output space for @r@
237 * @size_t rsz@ = size of output space for @r@
238 * @void *s@ = pointer to output space for @s@
239 * @size_t ssz@ = size of output space for @s@
240 *
241 * Returns: ---
242 *
243 * Use: Signs a message, storing the results in a big-endian binary
244 * form.
245 */
246
247 extern void dsa_sign(dsa_param */*dp*/, mp */*a*/,
248 const void */*m*/, size_t /*msz*/,
249 const void */*k*/, size_t /*ksz*/,
250 void */*r*/, size_t /*rsz*/,
251 void */*s*/, size_t /*ssz*/);
252
253 /* --- @dsa_vrfy@ --- *
254 *
255 * Arguments: @const dsa_param *dp@ = pointer to DSA parameters
256 * @mp *y@ = public verification key
257 * @mp *m@ = message which was signed
258 * @mp *r, *s@ = the signature
259 *
260 * Returns: Zero if the signature is a forgery, nonzero if it's valid.
261 *
262 * Use: Verifies a DSA digital signature.
263 */
264
265 extern int dsa_vrfy(const dsa_param */*dp*/, mp */*y*/,
266 mp */*m*/, mp */*r*/, mp */*s*/);
267
268 /* --- @dsa_verify@ --- *
269 *
270 * Arguments: @const dsa_param *dp@ = pointer to DSA parameters
271 * @mp *y@ = public verification key
272 * @const void *m@ = pointer to message block
273 * @size_t msz@ = size of message block
274 * @const void *r@ = pointer to @r@ signature half
275 * @size_t rsz@ = size of @r@
276 * @const void *s@ = pointer to @s@ signature half
277 * @size_t ssz@ = size of @s@
278 *
279 * Returns: Zero if the signature is a forgery, nonzero if it's valid.
280 *
281 * Use: Verifies a DSA digital signature.
282 */
283
284 extern int dsa_verify(const dsa_param */*dp*/, mp */*y*/,
285 const void */*m*/, size_t /*msz*/,
286 const void */*r*/, size_t /*rsz*/,
287 const void */*s*/, size_t /*ssz*/);
288
289 /*----- That's all, folks -------------------------------------------------*/
290
291 #ifdef __cplusplus
292 }
293 #endif
294
295 #endif
Catacomb cryptographic library