Allow verifying and generating provable DSA keys

author: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2015-09-13 10:57:39 +0200
committer: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2015-09-13 11:20:27 +0200
commit: 18c50b936938f572af39f276e1067fa80fcc1d4f (patch)
tree: 9ed4638a8b88682aa32c279c938171f604bf74bf /lib/nettle
parent: defc66226abc283c40256ffffb78f38065aa09b9 (diff)
download: gnutls-18c50b936938f572af39f276e1067fa80fcc1d4f.tar.gz
4 files changed, 84 insertions, 26 deletions
diff --git a/lib/nettle/Makefile.am b/lib/nettle/Makefile.am
index eaaae17fc5..2e5e64714d 100644
--- a/lib/nettle/Makefile.am
+++ b/lib/nettle/Makefile.am
@@ -40,10 +40,10 @@ noinst_LTLIBRARIES = libcrypto.la
 
 libcrypto_la_SOURCES = pk.c mpi.c mac.c cipher.c init.c egd.c egd.h \
 	gnettle.h rnd-common.h rnd-common.c \
-	rnd.c int/rsa-fips.h int/rsa-keygen-fips186.c int/provable-prime.c
+	rnd.c int/rsa-fips.h int/rsa-keygen-fips186.c int/provable-prime.c \
+	int/dsa-fips.h int/dsa-keygen-fips186.c int/dsa-validate.c
 
 if ENABLE_FIPS140
 libcrypto_la_SOURCES += rnd-fips.c int/drbg-aes-self-test.c \
-	int/dsa-fips.h int/dsa-keygen-fips186.c int/dsa-validate.c \
 	int/drbg-aes.c int/drbg-aes.h
 endif
diff --git a/lib/nettle/int/dsa-fips.h b/lib/nettle/int/dsa-fips.h
index 9d1e4c06d4..94d62b42bd 100644
--- a/lib/nettle/int/dsa-fips.h
+++ b/lib/nettle/int/dsa-fips.h
@@ -60,6 +60,14 @@ dsa_generate_dss_pqg(struct dsa_params *params,
 		     unsigned p_bits /* = L */, unsigned q_bits /* = N */);
 
 int
+_dsa_generate_dss_pqg(struct dsa_params *params,
+			 struct dss_params_validation_seeds *cert,
+			 unsigned index,
+			 unsigned seed_size, void *seed,
+			 void *progress_ctx, nettle_progress_func * progress,
+			 unsigned p_bits /* = L */ , unsigned q_bits /* = N */ );
+
+int
 dsa_generate_dss_keypair(struct dsa_params *params,
 		     mpz_t y,
 		     mpz_t x,
diff --git a/lib/nettle/int/dsa-keygen-fips186.c b/lib/nettle/int/dsa-keygen-fips186.c
index efe81ed89d..ca073b452e 100644
--- a/lib/nettle/int/dsa-keygen-fips186.c
+++ b/lib/nettle/int/dsa-keygen-fips186.c
@@ -401,7 +401,49 @@ dsa_generate_dss_pqg(struct dsa_params *params,
 		return 0;
 
 	return 1;
+}
+
+int
+_dsa_generate_dss_pqg(struct dsa_params *params,
+			 struct dss_params_validation_seeds *cert,
+			 unsigned index,
+			 unsigned seed_size, void *seed,
+			 void *progress_ctx, nettle_progress_func * progress,
+			 unsigned p_bits /* = L */ , unsigned q_bits /* = N */ )
+{
+	int ret;
+	uint8_t domain_seed[MAX_PVP_SEED_SIZE*3];
+	unsigned domain_seed_size = 0;
+
+	ret = _dsa_check_qp_sizes(q_bits, p_bits, 1);
+	if (ret == 0)
+		return 0;
+
+	cert->seed_length = 2 * (q_bits / 8) + 1;
+
+	if (cert->seed_length > sizeof(cert->seed))
+		return 0;
+
+	if (cert->seed_length != seed_size)
+		return 0;
+
+	memcpy(cert->seed, seed, cert->seed_length);
+
+	ret = _dsa_generate_dss_pq(params, cert, cert->seed_length, cert->seed,
+				   progress_ctx, progress, p_bits, q_bits);
+	if (ret == 0)
+		return 0;
 
+	domain_seed_size = cert->seed_length + cert->qseed_length + cert->pseed_length;
+	memcpy(domain_seed, cert->seed, cert->seed_length);
+	memcpy(&domain_seed[cert->seed_length], cert->pseed, cert->pseed_length);
+	memcpy(&domain_seed[cert->seed_length+cert->pseed_length], cert->qseed, cert->qseed_length);
+	ret = _dsa_generate_dss_g(params, domain_seed_size, domain_seed,
+				  progress_ctx, progress, index);
+	if (ret == 0)
+		return 0;
+
+	return 1;
 }
 
 int
diff --git a/lib/nettle/pk.c b/lib/nettle/pk.c
index 0b90639267..8b3cba6bf6 100644
--- a/lib/nettle/pk.c
+++ b/lib/nettle/pk.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (C) 2010-2012 Free Software Foundation, Inc.
- * Copyright (C) 2013 Nikos Mavrogiannopoulos
+ * Copyright (C) 2013-2015 Nikos Mavrogiannopoulos
  *
  * Author: Nikos Mavrogiannopoulos
  *
@@ -38,9 +38,7 @@
 #include <random.h>
 #include <pk.h>
 #include <nettle/dsa.h>
-#ifdef ENABLE_FIPS140
-# include <dsa-fips.h>
-#endif
+#include <dsa-fips.h>
 #include <rsa-fips.h>
 #include <nettle/rsa.h>
 #include <gnutls/crypto.h>
@@ -771,10 +769,8 @@ wrap_nettle_pk_generate_params(gnutls_pk_algorithm_t algo,
 	case GNUTLS_PK_DH:
 		{
 			struct dsa_params pub;
-#ifdef ENABLE_FIPS140
 			struct dss_params_validation_seeds cert;
 			unsigned index;
-#endif
 
 			dsa_params_init(&pub);
 
@@ -788,25 +784,45 @@ wrap_nettle_pk_generate_params(gnutls_pk_algorithm_t algo,
 			if (q_bits == 0)
 				return gnutls_assert_val(GNUTLS_E_ILLEGAL_PARAMETER);
 
-#ifdef ENABLE_FIPS140
-			if (_gnutls_fips_mode_enabled() != 0) {
+			if (_gnutls_fips_mode_enabled() != 0 || params->flags & GNUTLS_PK_FLAG_PROVABLE) {
 				if (algo==GNUTLS_PK_DSA)
 					index = 1;
 				else
 					index = 2;
 
-				ret =
-				    dsa_generate_dss_pqg(&pub, &cert,
-			    			 index,
-						 NULL, rnd_func, 
-						 NULL, NULL,
-						 level, q_bits);
+				if (params->palgo != 0 && params->palgo != GNUTLS_DIG_SHA384) {
+					ret = GNUTLS_E_INVALID_REQUEST;
+					goto dsa_fail;
+				}
+
+				params->palgo = GNUTLS_DIG_SHA384;
+
+				if (params->seed_size) {
+					ret =
+					    _dsa_generate_dss_pqg(&pub, &cert,
+				    			 index,
+							 params->seed_size, params->seed, 
+							 NULL, NULL,
+							 level, q_bits);
+				} else {
+					ret =
+					    dsa_generate_dss_pqg(&pub, &cert,
+				    			 index,
+							 NULL, rnd_func, 
+							 NULL, NULL,
+							 level, q_bits);
+				}
 				if (ret != 1) {
 					gnutls_assert();
 					ret = GNUTLS_E_PK_GENERATION_ERROR;
 					goto dsa_fail;
 				}
 
+				if (cert.seed_length && cert.seed_length < sizeof(params->seed)) {
+					params->seed_size = cert.seed_length;
+					memcpy(params->seed, cert.seed, cert.seed_length);
+				}
+
 				/* verify the generated parameters */
 				ret = dsa_validate_dss_pqg(&pub, &cert, index);
 				if (ret != 1) {
@@ -814,9 +830,7 @@ wrap_nettle_pk_generate_params(gnutls_pk_algorithm_t algo,
 					ret = GNUTLS_E_PK_GENERATION_ERROR;
 					goto dsa_fail;
 				}
-			} else 
-#endif
-			{
+			} else {
 				if (q_bits < 160)
 					q_bits = 160;
 
@@ -1132,9 +1146,6 @@ wrap_nettle_pk_generate_keys(gnutls_pk_algorithm_t algo,
 
 	switch (algo) {
 	case GNUTLS_PK_DSA:
-		if (params->flags & GNUTLS_PK_FLAG_PROVABLE)
-			return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
-
 #ifdef ENABLE_FIPS140
 		if (_gnutls_fips_mode_enabled() != 0) {
 			struct dsa_params pub;
@@ -1179,9 +1190,6 @@ wrap_nettle_pk_generate_keys(gnutls_pk_algorithm_t algo,
 		}
 #endif
 	case GNUTLS_PK_DH:
-		if (params->flags & GNUTLS_PK_FLAG_PROVABLE)
-			return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
-
 		{
 			struct dsa_params pub;
 			mpz_t r;
@@ -1270,7 +1278,7 @@ wrap_nettle_pk_generate_keys(gnutls_pk_algorithm_t algo,
 					ret = GNUTLS_E_INVALID_REQUEST;
 					goto rsa_fail;
 				}
-				
+
 				params->palgo = GNUTLS_DIG_SHA384;
 
 				if (params->seed_size) {
author	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2015-09-13 10:57:39 +0200
committer	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2015-09-13 11:20:27 +0200
commit	18c50b936938f572af39f276e1067fa80fcc1d4f (patch)
tree	9ed4638a8b88682aa32c279c938171f604bf74bf /lib/nettle
parent	defc66226abc283c40256ffffb78f38065aa09b9 (diff)
download	gnutls-18c50b936938f572af39f276e1067fa80fcc1d4f.tar.gz