Source code
Revision control
Copy as Markdown
Other Tools
/*
* All rights reserved.
*
* This code is originally derived from software contributed to
* The NetBSD Foundation by Alistair Crooks (agc@netbsd.org), and
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
* TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDERS OR CONTRIBUTORS
* BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*/
#ifndef RNP_DSA_H_
#define RNP_DSA_H_
#include <rnp/rnp_def.h>
#include <repgp/repgp_def.h>
#include "crypto/rng.h"
#include "crypto/mpi.h"
typedef struct pgp_dsa_key_t {
pgp_mpi_t p;
pgp_mpi_t q;
pgp_mpi_t g;
pgp_mpi_t y;
/* secret mpi */
pgp_mpi_t x;
} pgp_dsa_key_t;
typedef struct pgp_dsa_signature_t {
pgp_mpi_t r;
pgp_mpi_t s;
} pgp_dsa_signature_t;
/**
* @brief Checks DSA key fields for validity
*
* @param rng initialized PRNG
* @param key initialized DSA key structure
* @param secret flag which tells whether key has populated secret fields
*
* @return RNP_SUCCESS if key is valid or error code otherwise
*/
rnp_result_t dsa_validate_key(rnp::RNG *rng, const pgp_dsa_key_t *key, bool secret);
/*
* @brief Performs DSA signing
*
* @param rng initialized PRNG
* @param sig[out] created signature
* @param hash hash to sign
* @param hash_len length of `hash`
* @param key DSA key (must include secret mpi)
*
* @returns RNP_SUCCESS
* RNP_ERROR_BAD_PARAMETERS wrong input provided
* RNP_ERROR_SIGNING_FAILED internal error
*/
rnp_result_t dsa_sign(rnp::RNG * rng,
pgp_dsa_signature_t *sig,
const uint8_t * hash,
size_t hash_len,
const pgp_dsa_key_t *key);
/*
* @brief Performs DSA verification
*
* @param hash hash to verify
* @param hash_len length of `hash`
* @param sig signature to be verified
* @param key DSA key (secret mpi is not needed)
*
* @returns RNP_SUCCESS
* RNP_ERROR_BAD_PARAMETERS wrong input provided
* RNP_ERROR_GENERIC internal error
* RNP_ERROR_SIGNATURE_INVALID signature is invalid
*/
rnp_result_t dsa_verify(const pgp_dsa_signature_t *sig,
const uint8_t * hash,
size_t hash_len,
const pgp_dsa_key_t * key);
/*
* @brief Performs DSA key generation
*
* @param rng initialized PRNG
* @param key[out] generated key data will be stored here
* @param keylen length of the key, in bits
* @param qbits subgroup size in bits
*
* @returns RNP_SUCCESS
* RNP_ERROR_BAD_PARAMETERS wrong input provided
* RNP_ERROR_OUT_OF_MEMORY memory allocation failed
* RNP_ERROR_GENERIC internal error
* RNP_ERROR_SIGNATURE_INVALID signature is invalid
*/
rnp_result_t dsa_generate(rnp::RNG *rng, pgp_dsa_key_t *key, size_t keylen, size_t qbits);
/*
* @brief Returns minimally sized hash which will work
* with the DSA subgroup.
*
* @param qsize subgroup order
*
* @returns Either ID of the hash algorithm, or PGP_HASH_UNKNOWN
* if not found
*/
pgp_hash_alg_t dsa_get_min_hash(size_t qsize);
/*
* @brief Helps to determine subgroup size by size of p
* In order not to confuse users, we use less complicated
* approach than suggested by FIPS-186, which is:
* p=1024 => q=160
* p<2048 => q=224
* p<=3072 => q=256
* So we don't generate (2048, 224) pair
*
* @return Size of `q' or 0 in case `psize' is not in <1024,3072> range
*/
size_t dsa_choose_qsize_by_psize(size_t psize);
#endif