OLD | NEW |
1 /* crypto/dsa/dsa.h */ | 1 /* crypto/dsa/dsa.h */ |
2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
3 * All rights reserved. | 3 * All rights reserved. |
4 * | 4 * |
5 * This package is an SSL implementation written | 5 * This package is an SSL implementation written |
6 * by Eric Young (eay@cryptsoft.com). | 6 * by Eric Young (eay@cryptsoft.com). |
7 * The implementation was written so as to conform with Netscapes SSL. | 7 * The implementation was written so as to conform with Netscapes SSL. |
8 * | 8 * |
9 * This library is free for commercial and non-commercial use as long as | 9 * This library is free for commercial and non-commercial use as long as |
10 * the following conditions are aheared to. The following conditions | 10 * the following conditions are aheared to. The following conditions |
(...skipping 70 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
81 #include <openssl/bn.h> | 81 #include <openssl/bn.h> |
82 #ifndef OPENSSL_NO_DH | 82 #ifndef OPENSSL_NO_DH |
83 # include <openssl/dh.h> | 83 # include <openssl/dh.h> |
84 #endif | 84 #endif |
85 #endif | 85 #endif |
86 | 86 |
87 #ifndef OPENSSL_DSA_MAX_MODULUS_BITS | 87 #ifndef OPENSSL_DSA_MAX_MODULUS_BITS |
88 # define OPENSSL_DSA_MAX_MODULUS_BITS 10000 | 88 # define OPENSSL_DSA_MAX_MODULUS_BITS 10000 |
89 #endif | 89 #endif |
90 | 90 |
91 #define OPENSSL_DSA_FIPS_MIN_MODULUS_BITS 1024 | |
92 | |
93 #define DSA_FLAG_CACHE_MONT_P 0x01 | 91 #define DSA_FLAG_CACHE_MONT_P 0x01 |
94 #define DSA_FLAG_NO_EXP_CONSTTIME 0x02 /* new with 0.9.7h; the built-in DS
A | 92 #define DSA_FLAG_NO_EXP_CONSTTIME 0x02 /* new with 0.9.7h; the built-in DS
A |
95 * implementation now uses constant
time | 93 * implementation now uses constant
time |
96 * modular exponentiation for secre
t exponents | 94 * modular exponentiation for secre
t exponents |
97 * by default. This flag causes the | 95 * by default. This flag causes the |
98 * faster variable sliding window m
ethod to | 96 * faster variable sliding window m
ethod to |
99 * be used for all exponents. | 97 * be used for all exponents. |
100 */ | 98 */ |
101 | 99 |
102 /* If this flag is set the DSA method is FIPS compliant and can be used | |
103 * in FIPS mode. This is set in the validated module method. If an | |
104 * application sets this flag in its own methods it is its reposibility | |
105 * to ensure the result is compliant. | |
106 */ | |
107 | |
108 #define DSA_FLAG_FIPS_METHOD 0x0400 | |
109 | |
110 /* If this flag is set the operations normally disabled in FIPS mode are | |
111 * permitted it is then the applications responsibility to ensure that the | |
112 * usage is compliant. | |
113 */ | |
114 | |
115 #define DSA_FLAG_NON_FIPS_ALLOW 0x0400 | |
116 | |
117 #ifdef OPENSSL_FIPS | |
118 #define FIPS_DSA_SIZE_T int | |
119 #endif | |
120 | |
121 #ifdef __cplusplus | 100 #ifdef __cplusplus |
122 extern "C" { | 101 extern "C" { |
123 #endif | 102 #endif |
124 | 103 |
125 /* Already defined in ossl_typ.h */ | 104 /* Already defined in ossl_typ.h */ |
126 /* typedef struct dsa_st DSA; */ | 105 /* typedef struct dsa_st DSA; */ |
127 /* typedef struct dsa_method DSA_METHOD; */ | 106 /* typedef struct dsa_method DSA_METHOD; */ |
128 | 107 |
129 typedef struct DSA_SIG_st | 108 typedef struct DSA_SIG_st |
130 { | 109 { |
131 BIGNUM *r; | 110 BIGNUM *r; |
132 BIGNUM *s; | 111 BIGNUM *s; |
133 } DSA_SIG; | 112 } DSA_SIG; |
134 | 113 |
135 struct dsa_method | 114 struct dsa_method |
136 { | 115 { |
137 const char *name; | 116 const char *name; |
138 DSA_SIG * (*dsa_do_sign)(const unsigned char *dgst, int dlen, DSA *dsa); | 117 DSA_SIG * (*dsa_do_sign)(const unsigned char *dgst, int dlen, DSA *dsa); |
139 int (*dsa_sign_setup)(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, | 118 int (*dsa_sign_setup)(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, |
140 BIGNUM **rp); | 119 BIGNUM **rp); |
141 int (*dsa_do_verify)(const unsigned char *dgst, int dgst_len, | 120 int (*dsa_do_verify)(const unsigned char *dgst, int dgst_len, |
142 » » » » » » » DSA_SIG *sig, DSA *dsa); | 121 » » » DSA_SIG *sig, DSA *dsa); |
143 int (*dsa_mod_exp)(DSA *dsa, BIGNUM *rr, BIGNUM *a1, BIGNUM *p1, | 122 int (*dsa_mod_exp)(DSA *dsa, BIGNUM *rr, BIGNUM *a1, BIGNUM *p1, |
144 BIGNUM *a2, BIGNUM *p2, BIGNUM *m, BN_CTX *ctx, | 123 BIGNUM *a2, BIGNUM *p2, BIGNUM *m, BN_CTX *ctx, |
145 BN_MONT_CTX *in_mont); | 124 BN_MONT_CTX *in_mont); |
146 int (*bn_mod_exp)(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p, | 125 int (*bn_mod_exp)(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p, |
147 const BIGNUM *m, BN_CTX *ctx, | 126 const BIGNUM *m, BN_CTX *ctx, |
148 BN_MONT_CTX *m_ctx); /* Can be null */ | 127 BN_MONT_CTX *m_ctx); /* Can be null */ |
149 int (*init)(DSA *dsa); | 128 int (*init)(DSA *dsa); |
150 int (*finish)(DSA *dsa); | 129 int (*finish)(DSA *dsa); |
151 int flags; | 130 int flags; |
152 char *app_data; | 131 char *app_data; |
153 /* If this is non-NULL, it is used to generate DSA parameters */ | 132 /* If this is non-NULL, it is used to generate DSA parameters */ |
154 int (*dsa_paramgen)(DSA *dsa, int bits, | 133 int (*dsa_paramgen)(DSA *dsa, int bits, |
155 » » » unsigned char *seed, int seed_len, | 134 » » » const unsigned char *seed, int seed_len, |
156 int *counter_ret, unsigned long *h_ret, | 135 int *counter_ret, unsigned long *h_ret, |
157 BN_GENCB *cb); | 136 BN_GENCB *cb); |
158 /* If this is non-NULL, it is used to generate DSA keys */ | 137 /* If this is non-NULL, it is used to generate DSA keys */ |
159 int (*dsa_keygen)(DSA *dsa); | 138 int (*dsa_keygen)(DSA *dsa); |
160 }; | 139 }; |
161 | 140 |
162 struct dsa_st | 141 struct dsa_st |
163 { | 142 { |
164 /* This first variable is used to pick up errors where | 143 /* This first variable is used to pick up errors where |
165 * a DSA is passed instead of of a EVP_PKEY */ | 144 * a DSA is passed instead of of a EVP_PKEY */ |
(...skipping 13 matching lines...) Expand all Loading... |
179 int flags; | 158 int flags; |
180 /* Normally used to cache montgomery values */ | 159 /* Normally used to cache montgomery values */ |
181 BN_MONT_CTX *method_mont_p; | 160 BN_MONT_CTX *method_mont_p; |
182 int references; | 161 int references; |
183 CRYPTO_EX_DATA ex_data; | 162 CRYPTO_EX_DATA ex_data; |
184 const DSA_METHOD *meth; | 163 const DSA_METHOD *meth; |
185 /* functional reference if 'meth' is ENGINE-provided */ | 164 /* functional reference if 'meth' is ENGINE-provided */ |
186 ENGINE *engine; | 165 ENGINE *engine; |
187 }; | 166 }; |
188 | 167 |
189 #define DSAparams_dup(x) ASN1_dup_of_const(DSA,i2d_DSAparams,d2i_DSAparams,x) | |
190 #define d2i_DSAparams_fp(fp,x) (DSA *)ASN1_d2i_fp((char *(*)())DSA_new, \ | 168 #define d2i_DSAparams_fp(fp,x) (DSA *)ASN1_d2i_fp((char *(*)())DSA_new, \ |
191 (char *(*)())d2i_DSAparams,(fp),(unsigned char **)(x)) | 169 (char *(*)())d2i_DSAparams,(fp),(unsigned char **)(x)) |
192 #define i2d_DSAparams_fp(fp,x) ASN1_i2d_fp(i2d_DSAparams,(fp), \ | 170 #define i2d_DSAparams_fp(fp,x) ASN1_i2d_fp(i2d_DSAparams,(fp), \ |
193 (unsigned char *)(x)) | 171 (unsigned char *)(x)) |
194 #define d2i_DSAparams_bio(bp,x) ASN1_d2i_bio_of(DSA,DSA_new,d2i_DSAparams,bp,x) | 172 #define d2i_DSAparams_bio(bp,x) ASN1_d2i_bio_of(DSA,DSA_new,d2i_DSAparams,bp,x) |
195 #define i2d_DSAparams_bio(bp,x) ASN1_i2d_bio_of_const(DSA,i2d_DSAparams,bp,x) | 173 #define i2d_DSAparams_bio(bp,x) ASN1_i2d_bio_of_const(DSA,i2d_DSAparams,bp,x) |
196 | 174 |
197 | 175 |
| 176 DSA *DSAparams_dup(DSA *x); |
198 DSA_SIG * DSA_SIG_new(void); | 177 DSA_SIG * DSA_SIG_new(void); |
199 void DSA_SIG_free(DSA_SIG *a); | 178 void DSA_SIG_free(DSA_SIG *a); |
200 int i2d_DSA_SIG(const DSA_SIG *a, unsigned char **pp); | 179 int i2d_DSA_SIG(const DSA_SIG *a, unsigned char **pp); |
201 DSA_SIG * d2i_DSA_SIG(DSA_SIG **v, const unsigned char **pp, long length); | 180 DSA_SIG * d2i_DSA_SIG(DSA_SIG **v, const unsigned char **pp, long length); |
202 | 181 |
203 DSA_SIG * DSA_do_sign(const unsigned char *dgst,int dlen,DSA *dsa); | 182 DSA_SIG * DSA_do_sign(const unsigned char *dgst,int dlen,DSA *dsa); |
204 int DSA_do_verify(const unsigned char *dgst,int dgst_len, | 183 int DSA_do_verify(const unsigned char *dgst,int dgst_len, |
205 DSA_SIG *sig,DSA *dsa); | 184 DSA_SIG *sig,DSA *dsa); |
206 | 185 |
207 const DSA_METHOD *DSA_OpenSSL(void); | 186 const DSA_METHOD *DSA_OpenSSL(void); |
208 | 187 |
209 void DSA_set_default_method(const DSA_METHOD *); | 188 void DSA_set_default_method(const DSA_METHOD *); |
210 const DSA_METHOD *DSA_get_default_method(void); | 189 const DSA_METHOD *DSA_get_default_method(void); |
211 int DSA_set_method(DSA *dsa, const DSA_METHOD *); | 190 int DSA_set_method(DSA *dsa, const DSA_METHOD *); |
212 | 191 |
213 #ifdef OPENSSL_FIPS | |
214 DSA * FIPS_dsa_new(void); | |
215 void FIPS_dsa_free (DSA *r); | |
216 #endif | |
217 | |
218 DSA * DSA_new(void); | 192 DSA * DSA_new(void); |
219 DSA * DSA_new_method(ENGINE *engine); | 193 DSA * DSA_new_method(ENGINE *engine); |
220 void DSA_free (DSA *r); | 194 void DSA_free (DSA *r); |
221 /* "up" the DSA object's reference count */ | 195 /* "up" the DSA object's reference count */ |
222 int DSA_up_ref(DSA *r); | 196 int DSA_up_ref(DSA *r); |
223 int DSA_size(const DSA *); | 197 int DSA_size(const DSA *); |
224 /* next 4 return -1 on error */ | 198 /* next 4 return -1 on error */ |
225 int DSA_sign_setup( DSA *dsa,BN_CTX *ctx_in,BIGNUM **kinvp,BIGNUM **rp); | 199 int DSA_sign_setup( DSA *dsa,BN_CTX *ctx_in,BIGNUM **kinvp,BIGNUM **rp); |
226 int DSA_sign(int type,const unsigned char *dgst,int dlen, | 200 int DSA_sign(int type,const unsigned char *dgst,int dlen, |
227 unsigned char *sig, unsigned int *siglen, DSA *dsa); | 201 unsigned char *sig, unsigned int *siglen, DSA *dsa); |
(...skipping 11 matching lines...) Expand all Loading... |
239 /* Deprecated version */ | 213 /* Deprecated version */ |
240 #ifndef OPENSSL_NO_DEPRECATED | 214 #ifndef OPENSSL_NO_DEPRECATED |
241 DSA * DSA_generate_parameters(int bits, | 215 DSA * DSA_generate_parameters(int bits, |
242 unsigned char *seed,int seed_len, | 216 unsigned char *seed,int seed_len, |
243 int *counter_ret, unsigned long *h_ret,void | 217 int *counter_ret, unsigned long *h_ret,void |
244 (*callback)(int, int, void *),void *cb_arg); | 218 (*callback)(int, int, void *),void *cb_arg); |
245 #endif /* !defined(OPENSSL_NO_DEPRECATED) */ | 219 #endif /* !defined(OPENSSL_NO_DEPRECATED) */ |
246 | 220 |
247 /* New version */ | 221 /* New version */ |
248 int DSA_generate_parameters_ex(DSA *dsa, int bits, | 222 int DSA_generate_parameters_ex(DSA *dsa, int bits, |
249 » » unsigned char *seed,int seed_len, | 223 » » const unsigned char *seed,int seed_len, |
250 int *counter_ret, unsigned long *h_ret, BN_GENCB *cb); | 224 int *counter_ret, unsigned long *h_ret, BN_GENCB *cb); |
251 | 225 |
252 int DSA_generate_key(DSA *a); | 226 int DSA_generate_key(DSA *a); |
253 int i2d_DSAPublicKey(const DSA *a, unsigned char **pp); | 227 int i2d_DSAPublicKey(const DSA *a, unsigned char **pp); |
254 int i2d_DSAPrivateKey(const DSA *a, unsigned char **pp); | 228 int i2d_DSAPrivateKey(const DSA *a, unsigned char **pp); |
255 int i2d_DSAparams(const DSA *a,unsigned char **pp); | 229 int i2d_DSAparams(const DSA *a,unsigned char **pp); |
256 | 230 |
257 #ifndef OPENSSL_NO_BIO | 231 #ifndef OPENSSL_NO_BIO |
258 int DSAparams_print(BIO *bp, const DSA *x); | 232 int DSAparams_print(BIO *bp, const DSA *x); |
259 int DSA_print(BIO *bp, const DSA *x, int off); | 233 int DSA_print(BIO *bp, const DSA *x, int off); |
260 #endif | 234 #endif |
261 #ifndef OPENSSL_NO_FP_API | 235 #ifndef OPENSSL_NO_FP_API |
262 int DSAparams_print_fp(FILE *fp, const DSA *x); | 236 int DSAparams_print_fp(FILE *fp, const DSA *x); |
263 int DSA_print_fp(FILE *bp, const DSA *x, int off); | 237 int DSA_print_fp(FILE *bp, const DSA *x, int off); |
264 #endif | 238 #endif |
265 | 239 |
266 #define DSS_prime_checks 50 | 240 #define DSS_prime_checks 50 |
267 /* Primality test according to FIPS PUB 186[-1], Appendix 2.1: | 241 /* Primality test according to FIPS PUB 186[-1], Appendix 2.1: |
268 * 50 rounds of Rabin-Miller */ | 242 * 50 rounds of Rabin-Miller */ |
269 #define DSA_is_prime(n, callback, cb_arg) \ | 243 #define DSA_is_prime(n, callback, cb_arg) \ |
270 BN_is_prime(n, DSS_prime_checks, callback, NULL, cb_arg) | 244 BN_is_prime(n, DSS_prime_checks, callback, NULL, cb_arg) |
271 | 245 |
272 #ifndef OPENSSL_NO_DH | 246 #ifndef OPENSSL_NO_DH |
273 /* Convert DSA structure (key or just parameters) into DH structure | 247 /* Convert DSA structure (key or just parameters) into DH structure |
274 * (be careful to avoid small subgroup attacks when using this!) */ | 248 * (be careful to avoid small subgroup attacks when using this!) */ |
275 DH *DSA_dup_DH(const DSA *r); | 249 DH *DSA_dup_DH(const DSA *r); |
276 #endif | 250 #endif |
277 | 251 |
278 #ifdef OPENSSL_FIPS | 252 #define EVP_PKEY_CTX_set_dsa_paramgen_bits(ctx, nbits) \ |
279 int FIPS_dsa_sig_encode(unsigned char *out, DSA_SIG *sig); | 253 » EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN, \ |
280 int FIPS_dsa_sig_decode(DSA_SIG *sig, const unsigned char *in, int inlen); | 254 » » » » EVP_PKEY_CTRL_DSA_PARAMGEN_BITS, nbits, NULL) |
281 #endif | 255 |
| 256 #define»EVP_PKEY_CTRL_DSA_PARAMGEN_BITS»» (EVP_PKEY_ALG_CTRL + 1) |
| 257 #define»EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS» (EVP_PKEY_ALG_CTRL + 2) |
| 258 #define»EVP_PKEY_CTRL_DSA_PARAMGEN_MD» » (EVP_PKEY_ALG_CTRL + 3) |
282 | 259 |
283 /* BEGIN ERROR CODES */ | 260 /* BEGIN ERROR CODES */ |
284 /* The following lines are auto generated by the script mkerr.pl. Any changes | 261 /* The following lines are auto generated by the script mkerr.pl. Any changes |
285 * made after this point may be overwritten when the script is next run. | 262 * made after this point may be overwritten when the script is next run. |
286 */ | 263 */ |
287 void ERR_load_DSA_strings(void); | 264 void ERR_load_DSA_strings(void); |
288 | 265 |
289 /* Error codes for the DSA functions. */ | 266 /* Error codes for the DSA functions. */ |
290 | 267 |
291 /* Function codes. */ | 268 /* Function codes. */ |
292 #define DSA_F_D2I_DSA_SIG 110 | 269 #define DSA_F_D2I_DSA_SIG 110 |
| 270 #define DSA_F_DO_DSA_PRINT 104 |
293 #define DSA_F_DSAPARAMS_PRINT 100 | 271 #define DSA_F_DSAPARAMS_PRINT 100 |
294 #define DSA_F_DSAPARAMS_PRINT_FP 101 | 272 #define DSA_F_DSAPARAMS_PRINT_FP 101 |
295 #define DSA_F_DSA_BUILTIN_KEYGEN 119 | |
296 #define DSA_F_DSA_BUILTIN_PARAMGEN 118 | |
297 #define DSA_F_DSA_DO_SIGN 112 | 273 #define DSA_F_DSA_DO_SIGN 112 |
298 #define DSA_F_DSA_DO_VERIFY 113 | 274 #define DSA_F_DSA_DO_VERIFY 113 |
299 #define DSA_F_DSA_GENERATE_PARAMETERS 117 | |
300 #define DSA_F_DSA_NEW_METHOD 103 | 275 #define DSA_F_DSA_NEW_METHOD 103 |
301 #define DSA_F_DSA_PRINT»» » » » 104 | 276 #define DSA_F_DSA_PARAM_DECODE» » » » 119 |
302 #define DSA_F_DSA_PRINT_FP 105 | 277 #define DSA_F_DSA_PRINT_FP 105 |
303 #define DSA_F_DSA_SET_DEFAULT_METHOD» » » 115 | 278 #define DSA_F_DSA_PRIV_DECODE» » » » 115 |
304 #define DSA_F_DSA_SET_METHOD» » » » 116 | 279 #define DSA_F_DSA_PRIV_ENCODE» » » » 116 |
| 280 #define DSA_F_DSA_PUB_DECODE» » » » 117 |
| 281 #define DSA_F_DSA_PUB_ENCODE» » » » 118 |
305 #define DSA_F_DSA_SIGN 106 | 282 #define DSA_F_DSA_SIGN 106 |
306 #define DSA_F_DSA_SIGN_SETUP 107 | 283 #define DSA_F_DSA_SIGN_SETUP 107 |
307 #define DSA_F_DSA_SIG_NEW 109 | 284 #define DSA_F_DSA_SIG_NEW 109 |
308 #define DSA_F_DSA_VERIFY 108 | 285 #define DSA_F_DSA_VERIFY 108 |
309 #define DSA_F_I2D_DSA_SIG 111 | 286 #define DSA_F_I2D_DSA_SIG 111 |
| 287 #define DSA_F_OLD_DSA_PRIV_DECODE 122 |
| 288 #define DSA_F_PKEY_DSA_CTRL 120 |
| 289 #define DSA_F_PKEY_DSA_KEYGEN 121 |
310 #define DSA_F_SIG_CB 114 | 290 #define DSA_F_SIG_CB 114 |
311 | 291 |
312 /* Reason codes. */ | 292 /* Reason codes. */ |
313 #define DSA_R_BAD_Q_VALUE 102 | 293 #define DSA_R_BAD_Q_VALUE 102 |
| 294 #define DSA_R_BN_DECODE_ERROR 108 |
| 295 #define DSA_R_BN_ERROR 109 |
314 #define DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE 100 | 296 #define DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE 100 |
315 #define DSA_R_KEY_SIZE_TOO_SMALL» » » 106 | 297 #define DSA_R_DECODE_ERROR» » » » 104 |
| 298 #define DSA_R_INVALID_DIGEST_TYPE» » » 106 |
316 #define DSA_R_MISSING_PARAMETERS 101 | 299 #define DSA_R_MISSING_PARAMETERS 101 |
317 #define DSA_R_MODULUS_TOO_LARGE 103 | 300 #define DSA_R_MODULUS_TOO_LARGE 103 |
318 #define DSA_R_NON_FIPS_METHOD» » » » 104 | 301 #define DSA_R_NO_PARAMETERS_SET»» » » 107 |
319 #define DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE» 105 | 302 #define DSA_R_PARAMETER_ENCODING_ERROR» » » 105 |
320 | 303 |
321 #ifdef __cplusplus | 304 #ifdef __cplusplus |
322 } | 305 } |
323 #endif | 306 #endif |
324 #endif | 307 #endif |
OLD | NEW |