diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2015-09-13 10:57:39 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2015-09-13 11:20:27 +0200 |
commit | 18c50b936938f572af39f276e1067fa80fcc1d4f (patch) | |
tree | 9ed4638a8b88682aa32c279c938171f604bf74bf /lib/nettle | |
parent | defc66226abc283c40256ffffb78f38065aa09b9 (diff) | |
download | gnutls-18c50b936938f572af39f276e1067fa80fcc1d4f.tar.gz |
Allow verifying and generating provable DSA keys
Diffstat (limited to 'lib/nettle')
-rw-r--r-- | lib/nettle/Makefile.am | 4 | ||||
-rw-r--r-- | lib/nettle/int/dsa-fips.h | 8 | ||||
-rw-r--r-- | lib/nettle/int/dsa-keygen-fips186.c | 42 | ||||
-rw-r--r-- | lib/nettle/pk.c | 56 |
4 files changed, 84 insertions, 26 deletions
diff --git a/lib/nettle/Makefile.am b/lib/nettle/Makefile.am index eaaae17fc5..2e5e64714d 100644 --- a/lib/nettle/Makefile.am +++ b/lib/nettle/Makefile.am @@ -40,10 +40,10 @@ noinst_LTLIBRARIES = libcrypto.la libcrypto_la_SOURCES = pk.c mpi.c mac.c cipher.c init.c egd.c egd.h \ gnettle.h rnd-common.h rnd-common.c \ - rnd.c int/rsa-fips.h int/rsa-keygen-fips186.c int/provable-prime.c + rnd.c int/rsa-fips.h int/rsa-keygen-fips186.c int/provable-prime.c \ + int/dsa-fips.h int/dsa-keygen-fips186.c int/dsa-validate.c if ENABLE_FIPS140 libcrypto_la_SOURCES += rnd-fips.c int/drbg-aes-self-test.c \ - int/dsa-fips.h int/dsa-keygen-fips186.c int/dsa-validate.c \ int/drbg-aes.c int/drbg-aes.h endif diff --git a/lib/nettle/int/dsa-fips.h b/lib/nettle/int/dsa-fips.h index 9d1e4c06d4..94d62b42bd 100644 --- a/lib/nettle/int/dsa-fips.h +++ b/lib/nettle/int/dsa-fips.h @@ -60,6 +60,14 @@ dsa_generate_dss_pqg(struct dsa_params *params, unsigned p_bits /* = L */, unsigned q_bits /* = N */); int +_dsa_generate_dss_pqg(struct dsa_params *params, + struct dss_params_validation_seeds *cert, + unsigned index, + unsigned seed_size, void *seed, + void *progress_ctx, nettle_progress_func * progress, + unsigned p_bits /* = L */ , unsigned q_bits /* = N */ ); + +int dsa_generate_dss_keypair(struct dsa_params *params, mpz_t y, mpz_t x, diff --git a/lib/nettle/int/dsa-keygen-fips186.c b/lib/nettle/int/dsa-keygen-fips186.c index efe81ed89d..ca073b452e 100644 --- a/lib/nettle/int/dsa-keygen-fips186.c +++ b/lib/nettle/int/dsa-keygen-fips186.c @@ -401,7 +401,49 @@ dsa_generate_dss_pqg(struct dsa_params *params, return 0; return 1; +} + +int +_dsa_generate_dss_pqg(struct dsa_params *params, + struct dss_params_validation_seeds *cert, + unsigned index, + unsigned seed_size, void *seed, + void *progress_ctx, nettle_progress_func * progress, + unsigned p_bits /* = L */ , unsigned q_bits /* = N */ ) +{ + int ret; + uint8_t domain_seed[MAX_PVP_SEED_SIZE*3]; + unsigned domain_seed_size = 0; + + ret = _dsa_check_qp_sizes(q_bits, p_bits, 1); + if (ret == 0) + return 0; + + cert->seed_length = 2 * (q_bits / 8) + 1; + + if (cert->seed_length > sizeof(cert->seed)) + return 0; + + if (cert->seed_length != seed_size) + return 0; + + memcpy(cert->seed, seed, cert->seed_length); + + ret = _dsa_generate_dss_pq(params, cert, cert->seed_length, cert->seed, + progress_ctx, progress, p_bits, q_bits); + if (ret == 0) + return 0; + domain_seed_size = cert->seed_length + cert->qseed_length + cert->pseed_length; + memcpy(domain_seed, cert->seed, cert->seed_length); + memcpy(&domain_seed[cert->seed_length], cert->pseed, cert->pseed_length); + memcpy(&domain_seed[cert->seed_length+cert->pseed_length], cert->qseed, cert->qseed_length); + ret = _dsa_generate_dss_g(params, domain_seed_size, domain_seed, + progress_ctx, progress, index); + if (ret == 0) + return 0; + + return 1; } int diff --git a/lib/nettle/pk.c b/lib/nettle/pk.c index 0b90639267..8b3cba6bf6 100644 --- a/lib/nettle/pk.c +++ b/lib/nettle/pk.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2010-2012 Free Software Foundation, Inc. - * Copyright (C) 2013 Nikos Mavrogiannopoulos + * Copyright (C) 2013-2015 Nikos Mavrogiannopoulos * * Author: Nikos Mavrogiannopoulos * @@ -38,9 +38,7 @@ #include <random.h> #include <pk.h> #include <nettle/dsa.h> -#ifdef ENABLE_FIPS140 -# include <dsa-fips.h> -#endif +#include <dsa-fips.h> #include <rsa-fips.h> #include <nettle/rsa.h> #include <gnutls/crypto.h> @@ -771,10 +769,8 @@ wrap_nettle_pk_generate_params(gnutls_pk_algorithm_t algo, case GNUTLS_PK_DH: { struct dsa_params pub; -#ifdef ENABLE_FIPS140 struct dss_params_validation_seeds cert; unsigned index; -#endif dsa_params_init(&pub); @@ -788,25 +784,45 @@ wrap_nettle_pk_generate_params(gnutls_pk_algorithm_t algo, if (q_bits == 0) return gnutls_assert_val(GNUTLS_E_ILLEGAL_PARAMETER); -#ifdef ENABLE_FIPS140 - if (_gnutls_fips_mode_enabled() != 0) { + if (_gnutls_fips_mode_enabled() != 0 || params->flags & GNUTLS_PK_FLAG_PROVABLE) { if (algo==GNUTLS_PK_DSA) index = 1; else index = 2; - ret = - dsa_generate_dss_pqg(&pub, &cert, - index, - NULL, rnd_func, - NULL, NULL, - level, q_bits); + if (params->palgo != 0 && params->palgo != GNUTLS_DIG_SHA384) { + ret = GNUTLS_E_INVALID_REQUEST; + goto dsa_fail; + } + + params->palgo = GNUTLS_DIG_SHA384; + + if (params->seed_size) { + ret = + _dsa_generate_dss_pqg(&pub, &cert, + index, + params->seed_size, params->seed, + NULL, NULL, + level, q_bits); + } else { + ret = + dsa_generate_dss_pqg(&pub, &cert, + index, + NULL, rnd_func, + NULL, NULL, + level, q_bits); + } if (ret != 1) { gnutls_assert(); ret = GNUTLS_E_PK_GENERATION_ERROR; goto dsa_fail; } + if (cert.seed_length && cert.seed_length < sizeof(params->seed)) { + params->seed_size = cert.seed_length; + memcpy(params->seed, cert.seed, cert.seed_length); + } + /* verify the generated parameters */ ret = dsa_validate_dss_pqg(&pub, &cert, index); if (ret != 1) { @@ -814,9 +830,7 @@ wrap_nettle_pk_generate_params(gnutls_pk_algorithm_t algo, ret = GNUTLS_E_PK_GENERATION_ERROR; goto dsa_fail; } - } else -#endif - { + } else { if (q_bits < 160) q_bits = 160; @@ -1132,9 +1146,6 @@ wrap_nettle_pk_generate_keys(gnutls_pk_algorithm_t algo, switch (algo) { case GNUTLS_PK_DSA: - if (params->flags & GNUTLS_PK_FLAG_PROVABLE) - return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); - #ifdef ENABLE_FIPS140 if (_gnutls_fips_mode_enabled() != 0) { struct dsa_params pub; @@ -1179,9 +1190,6 @@ wrap_nettle_pk_generate_keys(gnutls_pk_algorithm_t algo, } #endif case GNUTLS_PK_DH: - if (params->flags & GNUTLS_PK_FLAG_PROVABLE) - return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); - { struct dsa_params pub; mpz_t r; @@ -1270,7 +1278,7 @@ wrap_nettle_pk_generate_keys(gnutls_pk_algorithm_t algo, ret = GNUTLS_E_INVALID_REQUEST; goto rsa_fail; } - + params->palgo = GNUTLS_DIG_SHA384; if (params->seed_size) { |