2N/A/* This file was automatically imported with 2N/A import_gcry.py. Please don't modify it */ 2N/A * Copyright (C) 1998, 2000, 2001, 2002, 2003, 2N/A * 2006, 2008 Free Software Foundation, Inc. 2N/A * This file is part of Libgcrypt. 2N/A * Libgcrypt is free software; you can redistribute it and/or modify 2N/A * it under the terms of the GNU Lesser General Public License as 2N/A * published by the Free Software Foundation; either version 2.1 of 2N/A * the License, or (at your option) any later version. 2N/A * Libgcrypt is distributed in the hope that it will be useful, 2N/A * but WITHOUT ANY WARRANTY; without even the implied warranty of 2N/A * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 2N/A * GNU Lesser General Public License for more details. 2N/A * You should have received a copy of the GNU Lesser General Public 2N/A/* A structure used to hold domain parameters. */ 2N/A/* A sample 1024 bit DSA key used for the selftests. */ 2N/A" (p #00AD7C0025BA1A15F775F3F2D673718391D00456978D347B33D7B49E7F32EDAB" 2N/A" 96273899DD8B2BB46CD6ECA263FAF04A28903503D59062A8865D2AE8ADFB5191" 2N/A" CF36FFB562D0E2F5809801A1F675DAE59698A9E01EFE8D7DCFCA084F4C6F5A44" 2N/A" 44D499A06FFAEA5E8EF5E01F2FD20A7B7EF3F6968AFBA1FB8D91F1559D52D8777B#)" 2N/A" (q #00EB7B5751D25EBBB7BD59D920315FD840E19AEBF9#)" 2N/A" (g #1574363387FDFD1DDF38F4FBE135BB20C7EE4772FB94C337AF86EA8E49666503" 2N/A" AE04B6BE81A2F8DD095311E0217ACA698A11E6C5D33CCDAE71498ED35D13991E" 2N/A" B02F09AB40BD8F4C5ED8C75DA779D0AE104BC34C960B002377068AB4B5A1F984" 2N/A" 3FBA91F537F1B7CAC4D8DD6D89B0D863AF7025D549F9C765D2FC07EE208F8D15#)" 2N/A" (y #64B11EF8871BE4AB572AA810D5D3CA11A6CDBC637A8014602C72960DB135BF46" 2N/A" A1816A724C34F87330FC9E187C5D66897A04535CC2AC9164A7150ABFA8179827" 2N/A" 6E45831AB811EEE848EBB24D9F5F2883B6E5DDC4C659DEF944DCFD80BF4D0A20" 2N/A" 42CAA7DC289F0C5A9D155F02D3D551DB741A81695B74D4C8F477F9C7838EB0FB#)" 2N/A" (x #11D54E4ADBD3034160F2CED4B7CD292A4EBF3EC0#)))";
2N/A/* A sample 1024 bit DSA key used for the selftests (public only). */ 2N/A" (p #00AD7C0025BA1A15F775F3F2D673718391D00456978D347B33D7B49E7F32EDAB" 2N/A" 96273899DD8B2BB46CD6ECA263FAF04A28903503D59062A8865D2AE8ADFB5191" 2N/A" CF36FFB562D0E2F5809801A1F675DAE59698A9E01EFE8D7DCFCA084F4C6F5A44" 2N/A" 44D499A06FFAEA5E8EF5E01F2FD20A7B7EF3F6968AFBA1FB8D91F1559D52D8777B#)" 2N/A" (q #00EB7B5751D25EBBB7BD59D920315FD840E19AEBF9#)" 2N/A" (g #1574363387FDFD1DDF38F4FBE135BB20C7EE4772FB94C337AF86EA8E49666503" 2N/A" AE04B6BE81A2F8DD095311E0217ACA698A11E6C5D33CCDAE71498ED35D13991E" 2N/A" B02F09AB40BD8F4C5ED8C75DA779D0AE104BC34C960B002377068AB4B5A1F984" 2N/A" 3FBA91F537F1B7CAC4D8DD6D89B0D863AF7025D549F9C765D2FC07EE208F8D15#)" 2N/A" (y #64B11EF8871BE4AB572AA810D5D3CA11A6CDBC637A8014602C72960DB135BF46" 2N/A" A1816A724C34F87330FC9E187C5D66897A04535CC2AC9164A7150ABFA8179827" 2N/A" 6E45831AB811EEE848EBB24D9F5F2883B6E5DDC4C659DEF944DCFD80BF4D0A20" 2N/A" 42CAA7DC289F0C5A9D155F02D3D551DB741A81695B74D4C8F477F9C7838EB0FB#)))";
2N/A * Generate a random secret exponent k less than q. 2N/A {
/* Change only some of the higher bits. We could improve 2N/A this by directly requesting more memory at the first call 2N/A to get_random_bytes() and use this the here maybe it is 2N/A/* Check that a freshly generated key actually works. Returns 0 on success. */ 2N/A /* Put the relevant parameters into a public key structure. */ 2N/A /* Create a random plaintext. */ 2N/A /* Sign DATA using the secret key. */ 2N/A /* Verify the signature using the public key. */ 2N/A goto leave;
/* Signature does not match. */ 2N/A /* Modify the data and check that the signing fails. */ 2N/A goto leave;
/* Signature matches but should not. */ 2N/A Generate a DSA key pair with a key of size NBITS. If transient_key 2N/A is true the key is generated using the standard RNG and not the 2N/A Returns: 2 structures filled with all needed values 2N/A and an array with the n-1 factors of (p-1) 2N/A ;
/* Caller supplied qbits. Use this value. */ 2N/A /* Domain parameters are given; use them. */ 2N/A /* Generate new domain parameters. */ 2N/A /* Get q out of factors. */ 2N/A /* Find a generator g (h and e are helpers). 2N/A /* Select a random number X with the property: 2N/A * This must be a very good random number because this is the secret 2N/A * part. The random quality depends on the transient_key flag. */ 2N/A {
/* Change only some of the higher bits (= 2 bytes)*/ 2N/A /* Copy the stuff to the key structures. */ 2N/A /* Now we can test our keys (this should never fail!). */ 2N/A/* Generate a DSA key pair with a key of size NBITS using the 2N/A algorithm given in FIPS-186-3. If USE_FIPS186_2 is true, 2N/A FIPS-186-2 is used and thus the length is restricted to 1024/160. 2N/A If DERIVEPARMS is not NULL it may contain a seed value. If domain 2N/A parameters are specified in DOMAIN, DERIVEPARMS may not be given 2N/A and NBITS and QBITS must match the specified domain parameters. */ 2N/A /* Preset return values. */ 2N/A /* Derive QBITS from NBITS if requested */ 2N/A /* Check that QBITS and NBITS match the standard. Note that FIPS 2N/A 186-3 uses N for QBITS and L for NBITS. */ 2N/A /* Domain parameters are given; use them. */ 2N/A /* Generate new domain parameters. */ 2N/A /* Get an initial seed value. */ 2N/A /* Fixme: Enable 186-3 after it has been approved and after fixing 2N/A the generation function. */ 2N/A /* if (use_fips186_2) */ 2N/A /* ec = _gcry_generate_fips186_3_prime (nbits, qbits, NULL, 0, */ 2N/A /* &prime_q, &prime_p, */ 2N/A /* r_seed, r_seedlen, NULL); */ 2N/A /* Find a generator g (h and e are helpers). 2N/A /* Select a random number x with: 0 < x < q */ 2N/A /* Copy the stuff to the key structures. */ 2N/A /* As a last step test this keys (this should never fail of course). */ 2N/A Test whether the secret key is valid. 2N/A Returns: if this is a valid key. 2N/A Make a DSA signature from HASH and put it into r and s. 2N/A /* Select a random k with 0 < k < q */ 2N/A /* r = (a^k mod p) mod q */ 2N/A /* kinv = k^(-1) mod q */ 2N/A /* s = (kinv * ( hash + x * r)) mod q */ 2N/A Returns true if the signature composed from R and S is valid. 2N/A return 0;
/* assertion 0 < r < q failed */ 2N/A return 0;
/* assertion 0 < s < q failed */ 2N/A /* w = s^(-1) mod q */ 2N/A /* u1 = (hash * w) mod q */ 2N/A /* u2 = r * w mod q */ 2N/A /* v = g^u1 * y^u2 mod p mod q */ 2N/A/********************************************* 2N/A ************** interface ****************** 2N/A *********************************************/ 2N/A (
void)
algo;
/* No need to check it. */ 2N/A /* Parse the optional qbits element. */ 2N/A /* Parse the optional transient-key flag. */ 2N/A /* Get the optional derive parameters. */ 2N/A /* Parse the optional "use-fips186" flags. */ 2N/A /* Check whether domain parameters are given. */ 2N/A /* DERIVEPARMS can't be used together with domain 2N/A parameters. NBITS abnd QBITS may not be specified 2N/A because there values are derived from the domain 2N/A /* Put all domain parameters into the domain object. */ 2N/A /* Check that all domain parameters are available. */ 2N/A /* Get NBITS and QBITS from the domain parameters. */ 2N/A /* Format the seed-values unless domain parameters are used 2N/A for which a H_VALUE of NULL is an indication. */ 2N/A "(seed-values(counter %d)(seed %b)(h %m))",
2N/A /* Old style interface - return the factors - if any - at 2N/A /* No factors and no seedinfo, thus there is nothing to return. */ 2N/A /* Put the factors into extrainfo and set retfactors to NULL 2N/A to make use of the new interface. Note that the factors 2N/A are not confidential thus we can store them in standard 2N/A /* Allocate space for the format string: 2N/A "(misc-key-info%S(pm1-factors%m))" 2N/A with one "%m" for each factor and construct it. */ 2N/A /* Allocate space for the list of factors plus one for 2N/A an S-expression plus an extra NULL entry for safety 2N/A and fill it with the factors. */ 2N/A for (i=0; i <
5; i++)
2N/A/* Run a full self-test for ALGO and return 0 on success. */ 2N/A "pqgy",
"pqgyx",
"",
"rs",
"pqgy",