Added API to generate private keys from a given seed

Currently it is restricted to RSA and FIPS 186-4 key generation with SHA384. Relates to #34
author: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2015-09-12 15:47:38 +0200
committer: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2015-09-12 16:22:48 +0200
commit: 6c8702587943c426e06d5b545af4f143ae17c670 (patch)
tree: 8a8184b82ccd40564456390f4ab580970a431763 /lib/nettle/int
parent: 9b89f76fc789fd8f8e3bb3c418f25b97b9e71920 (diff)
download: gnutls-6c8702587943c426e06d5b545af4f143ae17c670.tar.gz
3 files changed, 22 insertions, 5 deletions
diff --git a/lib/nettle/int/dsa-fips.h b/lib/nettle/int/dsa-fips.h
index e1edfb5125..9d1e4c06d4 100644
--- a/lib/nettle/int/dsa-fips.h
+++ b/lib/nettle/int/dsa-fips.h
@@ -29,8 +29,6 @@
 #include <nettle/sha2.h>
 #include <fips.h>
 
-#define MAX_PVP_SEED_SIZE 256
-
 #define div_ceil(x,y) ((x+(y)-1)/(y))
 
 struct dss_params_validation_seeds {
diff --git a/lib/nettle/int/rsa-fips.h b/lib/nettle/int/rsa-fips.h
index 6f349909fa..7b1cf701d2 100644
--- a/lib/nettle/int/rsa-fips.h
+++ b/lib/nettle/int/rsa-fips.h
@@ -41,6 +41,8 @@ rsa_generate_fips186_4_keypair(struct rsa_public_key *pub,
 			       void *random_ctx, nettle_random_func * random,
 			       void *progress_ctx,
 			       nettle_progress_func * progress,
+			       unsigned *rseed_size,
+			       void *rseed,
 			       /* Desired size of modulo, in bits */
 			       unsigned n_size);
 
diff --git a/lib/nettle/int/rsa-keygen-fips186.c b/lib/nettle/int/rsa-keygen-fips186.c
index 624aa36535..711c2004ea 100644
--- a/lib/nettle/int/rsa-keygen-fips186.c
+++ b/lib/nettle/int/rsa-keygen-fips186.c
@@ -270,12 +270,17 @@ _rsa_generate_fips186_4_keypair(struct rsa_public_key *pub,
 
 	if (n_size == 2048) {
 		if (seed_length != 14 * 2) {
+			_gnutls_debug_log("Seed length must be 28 bytes\n");
 			return 0;
 		}
-	} else {
+	} else if (n_size == 3072) {
 		if (seed_length != 16 * 2) {
+			_gnutls_debug_log("Seed length must be 32 bytes\n");
 			return 0;
 		}
+	} else {
+		_gnutls_debug_log("Unsupported size for modulus\n");
+		return 0;
 	}
 
 	if (!mpz_tstbit(pub->e, 0)) {
@@ -333,7 +338,6 @@ _rsa_generate_fips186_4_keypair(struct rsa_public_key *pub,
 	} while (mpz_cmp(t, r) <= 0);
 
 	memset(&cert, 0, sizeof(cert));
-	memset(seed, 0, seed_length);
 
 	mpz_mul(pub->n, key->p, key->q);
 
@@ -385,11 +389,14 @@ rsa_generate_fips186_4_keypair(struct rsa_public_key *pub,
 			       void *random_ctx, nettle_random_func * random,
 			       void *progress_ctx,
 			       nettle_progress_func * progress,
+			       unsigned *rseed_size,
+			       void *rseed,
 			       /* Desired size of modulo, in bits */
 			       unsigned n_size)
 {
 	uint8_t seed[32];
 	unsigned seed_length;
+	int ret;
 
 	if (n_size != 2048 && n_size != 3072) {
 		return 0;
@@ -402,6 +409,16 @@ rsa_generate_fips186_4_keypair(struct rsa_public_key *pub,
 
 	random(random_ctx, seed_length, seed);
 
-	return _rsa_generate_fips186_4_keypair(pub, key, seed_length, seed,
+	if (rseed && rseed_size) {
+		if (*rseed_size < seed_length) {
+			return 0;
+		}
+		memcpy(rseed, seed, seed_length);
+		*rseed_size = seed_length;
+	}
+
+	ret = _rsa_generate_fips186_4_keypair(pub, key, seed_length, seed,
 					       progress_ctx, progress, n_size);
+	gnutls_memset(seed, 0, seed_length);
+	return ret;
 }
author	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2015-09-12 15:47:38 +0200
committer	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2015-09-12 16:22:48 +0200
commit	6c8702587943c426e06d5b545af4f143ae17c670 (patch)
tree	8a8184b82ccd40564456390f4ab580970a431763 /lib/nettle/int
parent	9b89f76fc789fd8f8e3bb3c418f25b97b9e71920 (diff)
download	gnutls-6c8702587943c426e06d5b545af4f143ae17c670.tar.gz