LTKCPP-- LLRP Toolkit C Plus Plus Library
|
00001 /* crypto/dsa/dsa.h */ 00002 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 00003 * All rights reserved. 00004 * 00005 * This package is an SSL implementation written 00006 * by Eric Young (eay@cryptsoft.com). 00007 * The implementation was written so as to conform with Netscapes SSL. 00008 * 00009 * This library is free for commercial and non-commercial use as long as 00010 * the following conditions are aheared to. The following conditions 00011 * apply to all code found in this distribution, be it the RC4, RSA, 00012 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 00013 * included with this distribution is covered by the same copyright terms 00014 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 00015 * 00016 * Copyright remains Eric Young's, and as such any Copyright notices in 00017 * the code are not to be removed. 00018 * If this package is used in a product, Eric Young should be given attribution 00019 * as the author of the parts of the library used. 00020 * This can be in the form of a textual message at program startup or 00021 * in documentation (online or textual) provided with the package. 00022 * 00023 * Redistribution and use in source and binary forms, with or without 00024 * modification, are permitted provided that the following conditions 00025 * are met: 00026 * 1. Redistributions of source code must retain the copyright 00027 * notice, this list of conditions and the following disclaimer. 00028 * 2. Redistributions in binary form must reproduce the above copyright 00029 * notice, this list of conditions and the following disclaimer in the 00030 * documentation and/or other materials provided with the distribution. 00031 * 3. All advertising materials mentioning features or use of this software 00032 * must display the following acknowledgement: 00033 * "This product includes cryptographic software written by 00034 * Eric Young (eay@cryptsoft.com)" 00035 * The word 'cryptographic' can be left out if the rouines from the library 00036 * being used are not cryptographic related :-). 00037 * 4. If you include any Windows specific code (or a derivative thereof) from 00038 * the apps directory (application code) you must include an acknowledgement: 00039 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 00040 * 00041 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 00042 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 00043 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 00044 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 00045 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 00046 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 00047 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 00048 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 00049 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 00050 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 00051 * SUCH DAMAGE. 00052 * 00053 * The licence and distribution terms for any publically available version or 00054 * derivative of this code cannot be changed. i.e. this code cannot simply be 00055 * copied and put under another distribution licence 00056 * [including the GNU Public Licence.] 00057 */ 00058 00059 /* 00060 * The DSS routines are based on patches supplied by 00061 * Steven Schoch <schoch@sheba.arc.nasa.gov>. He basically did the 00062 * work and I have just tweaked them a little to fit into my 00063 * stylistic vision for SSLeay :-) */ 00064 00065 #ifndef HEADER_DSA_H 00066 # define HEADER_DSA_H 00067 00068 # include <openssl/e_os2.h> 00069 00070 # ifdef OPENSSL_NO_DSA 00071 # error DSA is disabled. 00072 # endif 00073 00074 # ifndef OPENSSL_NO_BIO 00075 # include <openssl/bio.h> 00076 # endif 00077 # include <openssl/crypto.h> 00078 # include <openssl/ossl_typ.h> 00079 00080 # ifndef OPENSSL_NO_DEPRECATED 00081 # include <openssl/bn.h> 00082 # ifndef OPENSSL_NO_DH 00083 # include <openssl/dh.h> 00084 # endif 00085 # endif 00086 00087 # ifndef OPENSSL_DSA_MAX_MODULUS_BITS 00088 # define OPENSSL_DSA_MAX_MODULUS_BITS 10000 00089 # endif 00090 00091 # define DSA_FLAG_CACHE_MONT_P 0x01 00092 /* 00093 * new with 0.9.7h; the built-in DSA implementation now uses constant time 00094 * modular exponentiation for secret exponents by default. This flag causes 00095 * the faster variable sliding window method to be used for all exponents. 00096 */ 00097 # define DSA_FLAG_NO_EXP_CONSTTIME 0x02 00098 00099 /* 00100 * If this flag is set the DSA method is FIPS compliant and can be used in 00101 * FIPS mode. This is set in the validated module method. If an application 00102 * sets this flag in its own methods it is its reposibility to ensure the 00103 * result is compliant. 00104 */ 00105 00106 # define DSA_FLAG_FIPS_METHOD 0x0400 00107 00108 /* 00109 * If this flag is set the operations normally disabled in FIPS mode are 00110 * permitted it is then the applications responsibility to ensure that the 00111 * usage is compliant. 00112 */ 00113 00114 # define DSA_FLAG_NON_FIPS_ALLOW 0x0400 00115 00116 #ifdef __cplusplus 00117 extern "C" { 00118 #endif 00119 00120 /* Already defined in ossl_typ.h */ 00121 /* typedef struct dsa_st DSA; */ 00122 /* typedef struct dsa_method DSA_METHOD; */ 00123 00124 typedef struct DSA_SIG_st { 00125 BIGNUM *r; 00126 BIGNUM *s; 00127 } DSA_SIG; 00128 00129 struct dsa_method { 00130 const char *name; 00131 DSA_SIG *(*dsa_do_sign) (const unsigned char *dgst, int dlen, DSA *dsa); 00132 int (*dsa_sign_setup) (DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, 00133 BIGNUM **rp); 00134 int (*dsa_do_verify) (const unsigned char *dgst, int dgst_len, 00135 DSA_SIG *sig, DSA *dsa); 00136 int (*dsa_mod_exp) (DSA *dsa, BIGNUM *rr, BIGNUM *a1, BIGNUM *p1, 00137 BIGNUM *a2, BIGNUM *p2, BIGNUM *m, BN_CTX *ctx, 00138 BN_MONT_CTX *in_mont); 00139 /* Can be null */ 00140 int (*bn_mod_exp) (DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p, 00141 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); 00142 int (*init) (DSA *dsa); 00143 int (*finish) (DSA *dsa); 00144 int flags; 00145 char *app_data; 00146 /* If this is non-NULL, it is used to generate DSA parameters */ 00147 int (*dsa_paramgen) (DSA *dsa, int bits, 00148 const unsigned char *seed, int seed_len, 00149 int *counter_ret, unsigned long *h_ret, 00150 BN_GENCB *cb); 00151 /* If this is non-NULL, it is used to generate DSA keys */ 00152 int (*dsa_keygen) (DSA *dsa); 00153 }; 00154 00155 struct dsa_st { 00156 /* 00157 * This first variable is used to pick up errors where a DSA is passed 00158 * instead of of a EVP_PKEY 00159 */ 00160 int pad; 00161 long version; 00162 int write_params; 00163 BIGNUM *p; 00164 BIGNUM *q; /* == 20 */ 00165 BIGNUM *g; 00166 BIGNUM *pub_key; /* y public key */ 00167 BIGNUM *priv_key; /* x private key */ 00168 BIGNUM *kinv; /* Signing pre-calc */ 00169 BIGNUM *r; /* Signing pre-calc */ 00170 int flags; 00171 /* Normally used to cache montgomery values */ 00172 BN_MONT_CTX *method_mont_p; 00173 int references; 00174 CRYPTO_EX_DATA ex_data; 00175 const DSA_METHOD *meth; 00176 /* functional reference if 'meth' is ENGINE-provided */ 00177 ENGINE *engine; 00178 }; 00179 00180 # define d2i_DSAparams_fp(fp,x) (DSA *)ASN1_d2i_fp((char *(*)())DSA_new, \ 00181 (char *(*)())d2i_DSAparams,(fp),(unsigned char **)(x)) 00182 # define i2d_DSAparams_fp(fp,x) ASN1_i2d_fp(i2d_DSAparams,(fp), \ 00183 (unsigned char *)(x)) 00184 # define d2i_DSAparams_bio(bp,x) ASN1_d2i_bio_of(DSA,DSA_new,d2i_DSAparams,bp,x) 00185 # define i2d_DSAparams_bio(bp,x) ASN1_i2d_bio_of_const(DSA,i2d_DSAparams,bp,x) 00186 00187 DSA *DSAparams_dup(DSA *x); 00188 DSA_SIG *DSA_SIG_new(void); 00189 void DSA_SIG_free(DSA_SIG *a); 00190 int i2d_DSA_SIG(const DSA_SIG *a, unsigned char **pp); 00191 DSA_SIG *d2i_DSA_SIG(DSA_SIG **v, const unsigned char **pp, long length); 00192 00193 DSA_SIG *DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa); 00194 int DSA_do_verify(const unsigned char *dgst, int dgst_len, 00195 DSA_SIG *sig, DSA *dsa); 00196 00197 const DSA_METHOD *DSA_OpenSSL(void); 00198 00199 void DSA_set_default_method(const DSA_METHOD *); 00200 const DSA_METHOD *DSA_get_default_method(void); 00201 int DSA_set_method(DSA *dsa, const DSA_METHOD *); 00202 00203 DSA *DSA_new(void); 00204 DSA *DSA_new_method(ENGINE *engine); 00205 void DSA_free(DSA *r); 00206 /* "up" the DSA object's reference count */ 00207 int DSA_up_ref(DSA *r); 00208 int DSA_size(const DSA *); 00209 /* next 4 return -1 on error */ 00210 int DSA_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp); 00211 int DSA_sign(int type, const unsigned char *dgst, int dlen, 00212 unsigned char *sig, unsigned int *siglen, DSA *dsa); 00213 int DSA_verify(int type, const unsigned char *dgst, int dgst_len, 00214 const unsigned char *sigbuf, int siglen, DSA *dsa); 00215 int DSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, 00216 CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); 00217 int DSA_set_ex_data(DSA *d, int idx, void *arg); 00218 void *DSA_get_ex_data(DSA *d, int idx); 00219 00220 DSA *d2i_DSAPublicKey(DSA **a, const unsigned char **pp, long length); 00221 DSA *d2i_DSAPrivateKey(DSA **a, const unsigned char **pp, long length); 00222 DSA *d2i_DSAparams(DSA **a, const unsigned char **pp, long length); 00223 00224 /* Deprecated version */ 00225 # ifndef OPENSSL_NO_DEPRECATED 00226 DSA *DSA_generate_parameters(int bits, 00227 unsigned char *seed, int seed_len, 00228 int *counter_ret, unsigned long *h_ret, void 00229 (*callback) (int, int, void *), void *cb_arg); 00230 # endif /* !defined(OPENSSL_NO_DEPRECATED) */ 00231 00232 /* New version */ 00233 int DSA_generate_parameters_ex(DSA *dsa, int bits, 00234 const unsigned char *seed, int seed_len, 00235 int *counter_ret, unsigned long *h_ret, 00236 BN_GENCB *cb); 00237 00238 int DSA_generate_key(DSA *a); 00239 int i2d_DSAPublicKey(const DSA *a, unsigned char **pp); 00240 int i2d_DSAPrivateKey(const DSA *a, unsigned char **pp); 00241 int i2d_DSAparams(const DSA *a, unsigned char **pp); 00242 00243 # ifndef OPENSSL_NO_BIO 00244 int DSAparams_print(BIO *bp, const DSA *x); 00245 int DSA_print(BIO *bp, const DSA *x, int off); 00246 # endif 00247 # ifndef OPENSSL_NO_FP_API 00248 int DSAparams_print_fp(FILE *fp, const DSA *x); 00249 int DSA_print_fp(FILE *bp, const DSA *x, int off); 00250 # endif 00251 00252 # define DSS_prime_checks 50 00253 /* 00254 * Primality test according to FIPS PUB 186[-1], Appendix 2.1: 50 rounds of 00255 * Rabin-Miller 00256 */ 00257 # define DSA_is_prime(n, callback, cb_arg) \ 00258 BN_is_prime(n, DSS_prime_checks, callback, NULL, cb_arg) 00259 00260 # ifndef OPENSSL_NO_DH 00261 /* 00262 * Convert DSA structure (key or just parameters) into DH structure (be 00263 * careful to avoid small subgroup attacks when using this!) 00264 */ 00265 DH *DSA_dup_DH(const DSA *r); 00266 # endif 00267 00268 # define EVP_PKEY_CTX_set_dsa_paramgen_bits(ctx, nbits) \ 00269 EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN, \ 00270 EVP_PKEY_CTRL_DSA_PARAMGEN_BITS, nbits, NULL) 00271 00272 # define EVP_PKEY_CTRL_DSA_PARAMGEN_BITS (EVP_PKEY_ALG_CTRL + 1) 00273 # define EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS (EVP_PKEY_ALG_CTRL + 2) 00274 # define EVP_PKEY_CTRL_DSA_PARAMGEN_MD (EVP_PKEY_ALG_CTRL + 3) 00275 00276 /* BEGIN ERROR CODES */ 00277 /* 00278 * The following lines are auto generated by the script mkerr.pl. Any changes 00279 * made after this point may be overwritten when the script is next run. 00280 */ 00281 void ERR_load_DSA_strings(void); 00282 00283 /* Error codes for the DSA functions. */ 00284 00285 /* Function codes. */ 00286 # define DSA_F_D2I_DSA_SIG 110 00287 # define DSA_F_DO_DSA_PRINT 104 00288 # define DSA_F_DSAPARAMS_PRINT 100 00289 # define DSA_F_DSAPARAMS_PRINT_FP 101 00290 # define DSA_F_DSA_BUILTIN_PARAMGEN2 126 00291 # define DSA_F_DSA_DO_SIGN 112 00292 # define DSA_F_DSA_DO_VERIFY 113 00293 # define DSA_F_DSA_GENERATE_KEY 124 00294 # define DSA_F_DSA_GENERATE_PARAMETERS_EX 123 00295 # define DSA_F_DSA_NEW_METHOD 103 00296 # define DSA_F_DSA_PARAM_DECODE 119 00297 # define DSA_F_DSA_PRINT_FP 105 00298 # define DSA_F_DSA_PRIV_DECODE 115 00299 # define DSA_F_DSA_PRIV_ENCODE 116 00300 # define DSA_F_DSA_PUB_DECODE 117 00301 # define DSA_F_DSA_PUB_ENCODE 118 00302 # define DSA_F_DSA_SIGN 106 00303 # define DSA_F_DSA_SIGN_SETUP 107 00304 # define DSA_F_DSA_SIG_NEW 109 00305 # define DSA_F_DSA_SIG_PRINT 125 00306 # define DSA_F_DSA_VERIFY 108 00307 # define DSA_F_I2D_DSA_SIG 111 00308 # define DSA_F_OLD_DSA_PRIV_DECODE 122 00309 # define DSA_F_PKEY_DSA_CTRL 120 00310 # define DSA_F_PKEY_DSA_KEYGEN 121 00311 # define DSA_F_SIG_CB 114 00312 00313 /* Reason codes. */ 00314 # define DSA_R_BAD_Q_VALUE 102 00315 # define DSA_R_BN_DECODE_ERROR 108 00316 # define DSA_R_BN_ERROR 109 00317 # define DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE 100 00318 # define DSA_R_DECODE_ERROR 104 00319 # define DSA_R_INVALID_DIGEST_TYPE 106 00320 # define DSA_R_INVALID_PARAMETERS 112 00321 # define DSA_R_MISSING_PARAMETERS 101 00322 # define DSA_R_MODULUS_TOO_LARGE 103 00323 # define DSA_R_NEED_NEW_SETUP_VALUES 110 00324 # define DSA_R_NON_FIPS_DSA_METHOD 111 00325 # define DSA_R_NO_PARAMETERS_SET 107 00326 # define DSA_R_PARAMETER_ENCODING_ERROR 105 00327 # define DSA_R_Q_NOT_PRIME 113 00328 00329 #ifdef __cplusplus 00330 } 00331 #endif 00332 #endif