dsapgimpl.c

voltage 公司提供的一个开发Ibe的工具包

/* Copyright 2003-2004, Voltage Security, all rights reserved.
 */

#include "vibecrypto.h"
#include "environment.h"
#include "base.h"
#include "libctx.h"
#include "paramobj.h"
#include "dsa.h"
#include "mpint.h"
#include "prime.h"
#include "surrender.h"
#include "errorctx.h"

/* Add increment to the buffer.
 * <p>This function will take the four bytes of increment and add them
 * to the buffer, beginning with the least significant byte. In other
 * words, this adds a vecto of length 4 (passed as a UInt32) to a
 * vector of length bufferLen.
 */
static void VOLT_CALLING_CONV AddValueToBuffer VOLT_PROTO_LIST ((
   unsigned char *buffer,
   unsigned int bufferLen,
   UInt32 increment
));

int DSAGenerateParameters (
   VtParameterObject paramObj,
   VtRandomObject random
   )
{
  int status;
  unsigned int seedLen, counter, callNumber;
  VoltParameterObject *obj = (VoltParameterObject *)paramObj;
  VoltDsaParamGenCtx *dsaParamGenCtx =
    (VoltDsaParamGenCtx *)(obj->localGenerateCtx);
  VtRandomObject randomToUse;
  VoltMpIntCtx *mpCtx = obj->mpCtx;
  VoltLibCtx *libCtx = (VoltLibCtx *)(obj->voltObject.libraryCtx);
  VoltMpInt *primeP = (VoltMpInt *)0;
  VoltMpInt *subprimeQ = (VoltMpInt *)0;
  VoltMpInt *baseG = (VoltMpInt *)0;
  VoltMpInt *hVal = (VoltMpInt *)0;
  VoltSurrenderCtx *surrCtx = (VoltSurrenderCtx *)0;
  unsigned char SEED[20];
  VOLT_DECLARE_ERROR_TYPE (errorType)
  VOLT_DECLARE_FNCT_LINE (fnctLine)

  do
  {
    /* If the object already contains parameters, error.
     */
    VOLT_SET_ERROR_TYPE (errorType, VT_ERROR_TYPE_PRIMARY)
    VOLT_SET_FNCT_LINE (fnctLine)
    status = VT_ERROR_INVALID_PARAM_OBJ;
    if (obj->paramData != (Pointer)0)
      break;

    /* If there's a surrender ctx, call the Surrender function.
     */
    VOLT_SET_ERROR_TYPE (errorType, 0)
    if ( ((obj->voltObject.objectType & VOLT_OBJECT_TYPE_SURRENDER) != 0) &&
         (obj->voltObject.surrenderCtx != (Pointer)0) )
    {
      surrCtx = (VoltSurrenderCtx *)(obj->voltObject.surrenderCtx);
      surrCtx->surrenderInfo.callingFlag = VT_SURRENDER_FNCT_DSA_PARAM_GEN;
      surrCtx->surrenderInfo.callCount = 0;
      surrCtx->surrenderInfo.callNumber = 1;
      VOLT_SET_FNCT_LINE (fnctLine)
      status = surrCtx->Surrender (
        surrCtx->libraryCtx, surrCtx->appData, &(surrCtx->surrenderInfo));
      if (status != 0)
        break;
    }

    /* If there's no random object, get one from the libCtx.
     */
    VOLT_SET_ERROR_TYPE (errorType, VT_ERROR_TYPE_PRIMARY)
    VOLT_SET_FNCT_LINE (fnctLine)
    status = VT_ERROR_NO_RANDOM_OBJECT;
    randomToUse = random;
    if (random == (VtRandomObject)0)
    {
      randomToUse = (VtRandomObject)VoltGetLibCtxInfo (
        (VtLibCtx)libCtx, VOLT_LIB_CTX_INFO_TYPE_RANDOM);

      if (randomToUse == (VtRandomObject)0)
        break;
    }

    /* Make sure the random object is valid.
     */
    VOLT_SET_FNCT_LINE (fnctLine)
    status = VT_ERROR_INVALID_RANDOM_OBJ;
    if (VOLT_OBJECT_TYPE_NOT_EQUAL (randomToUse, VOLT_OBJECT_TYPE_RANDOM))
      break;

    /* Create the MPInt's.
     */
    VOLT_SET_FNCT_LINE (fnctLine)
    status = mpCtx->CreateMpInt ((Pointer)mpCtx, &primeP);
    if (status != 0)
      break;

    VOLT_SET_FNCT_LINE (fnctLine)
    status = mpCtx->CreateMpInt ((Pointer)mpCtx, &subprimeQ);
    if (status != 0)
      break;

    VOLT_SET_FNCT_LINE (fnctLine)
    status = mpCtx->CreateMpInt ((Pointer)mpCtx, &baseG);
    if (status != 0)
      break;

    VOLT_SET_FNCT_LINE (fnctLine)
    status = mpCtx->CreateMpInt ((Pointer)mpCtx, &hVal);
    if (status != 0)
      break;

    /* General purpose PQG gen to share with DH.
     */
    VOLT_SET_FNCT_LINE (fnctLine)
    callNumber = 1;
    status = VoltGeneratePQG (
      mpCtx, surrCtx, &callNumber, dsaParamGenCtx->primeSizeBits, 160,
      randomToUse, primeP, subprimeQ, baseG, hVal, SEED, &seedLen, &counter);
    if (status != 0)
      break;

    /* If that succeeded, set the object with the values.
     */
    VOLT_SET_FNCT_LINE (fnctLine)
    status = AddDSAParametersMpInt (
      obj, primeP, subprimeQ, baseG, hVal, SEED, seedLen, counter);
    if (status != 0)
      break;

    /* If there's a surrender ctx, call it for the last time.
     */
    if (surrCtx != (VoltSurrenderCtx *)0)
    {
      surrCtx->surrenderInfo.callingFlag = VT_SURRENDER_FNCT_DSA_PARAM_GEN;
      surrCtx->surrenderInfo.callCount = 0;
      surrCtx->surrenderInfo.callNumber = 0;
      VOLT_SET_FNCT_LINE (fnctLine)
      status = surrCtx->Surrender (
        surrCtx->libraryCtx, surrCtx->appData, &(surrCtx->surrenderInfo));
    }

  } while (0);

  mpCtx->DestroyMpInt (&hVal);
  Z2Memset (SEED, 0, sizeof (SEED));

  /* If successful, we're done.
   */
  if (status == 0)
    return (0);

  /* If error, clean up some things.
   */
  if (mpCtx != (VoltMpIntCtx *)0)
  {
    mpCtx->DestroyMpInt (&primeP);
    mpCtx->DestroyMpInt (&subprimeQ);
    mpCtx->DestroyMpInt (&baseG);
  }

  VOLT_LOG_ERROR (
    (VtLibCtx)libCtx, status, errorType, fnctLine,
    "DSAGenerateParameters", (char *)0)

  return (status);
}

int VoltGeneratePQG (
   VoltMpIntCtx *mpCtx,
   VoltSurrenderCtx *surrCtx,
   unsigned int *callNumber,
   unsigned int primeSizeBits,
   unsigned int subprimeSizeBits,
   VtRandomObject random,
   VoltMpInt *primeP,
   VoltMpInt *subprimeQ,
   VoltMpInt *baseG,
   VoltMpInt *hVal,
   unsigned char *SEED,
   unsigned int *seedLen,
   unsigned int *count
   )
{
  int status;
  unsigned int bufSize, counter, offset, kVal, nVal, totalLen, digestLen;
  unsigned int bufOffset, bitMask, bitSet, isPrime, msbit, callNum;
  unsigned char *buffer = (unsigned char *)0;
  unsigned char *seedCopy, *digest;
  VoltLibCtx *libCtx = (VoltLibCtx *)(mpCtx->voltObject.libraryCtx);
  VtAlgorithmObject sha1 = (VtAlgorithmObject)0;
  VoltMpInt *remainder = (VoltMpInt *)0;
  VoltMpInt *expo = (VoltMpInt *)0;
  VOLT_DECLARE_ERROR_TYPE (errorType)
  VOLT_DECLARE_FNCT_LINE (fnctLine)

  callNum = 1;
  if (callNumber != (unsigned int *)0)
    callNum = *callNumber;

  do
  {
    /* We'll need this later on.
     */
    VOLT_SET_ERROR_TYPE (errorType, 0)
    VOLT_SET_FNCT_LINE (fnctLine)
    status = VtCreateAlgorithmObject (
      (VtLibCtx)libCtx, VtAlgorithmImplSHA1, (Pointer)0, &sha1);
    if (status != 0)
      break;

    /* We'll also need some masking values to make sure the appropriate
     * high order bits are set or not set depending on the prime size.
     */
    bitSet = primeSizeBits % 8;
    if (bitSet == 0)
      bitSet = 8;
    bitMask = 0xff >> (8 - bitSet);
    /* Make sure the msbit is set. Create a value to OR with the first
     * byte that will set the msbit.
     */
    bitSet = 1 << (bitSet - 1);

    /* FIPS specifies L - 1 = n*160 + b, where L is the bit length of
     * the primeP.
     */
    nVal = primeSizeBits / subprimeSizeBits;

    /* For this implementation, the seedLen is the number of bytes
     * needed to hold subprimeSizeBits.
     */
    *seedLen = (subprimeSizeBits + 7) / 8;

    /* Create the mpInt's we'll need.
     */
    VOLT_SET_FNCT_LINE (fnctLine)
    status = mpCtx->CreateMpInt ((Pointer)mpCtx, &remainder);
    if (status != 0)
      break;

    VOLT_SET_FNCT_LINE (fnctLine)
    status = mpCtx->CreateMpInt ((Pointer)mpCtx, &expo);
    if (status != 0)
      break;

    /* Use baseG as a temp to subtract 1 later on.
     */
    VOLT_SET_FNCT_LINE (fnctLine)
    status = mpCtx->IntToMpInt (0, 1, baseG);
    if (status != 0)
      break;

    /* After we find the subprime, we'll need a buffer to hold the
     * primeP starting point. While we're at it, allocate space for
     * a copy of SEED that we'll be able to manipulate, and a digest
     * buffer.
     */
    VOLT_SET_ERROR_TYPE (errorType, VT_ERROR_TYPE_PRIMARY)
    VOLT_SET_FNCT_LINE (fnctLine)
    status = VT_ERROR_MEMORY;
    bufSize = (primeSizeBits + 7) / 8;
    buffer = (unsigned char *)Z2Malloc (
      bufSize + *seedLen + 20, VOLT_MEMORY_SENSITIVE);
    if (buffer == (unsigned char *)0)
      break;

    seedCopy = buffer + bufSize;
    digest = seedCopy + *seedLen;

    /* This is the beginning of the total loop: find subprimeQ and
     * primeP.
     */
    VOLT_SET_ERROR_TYPE (errorType, 0)
    do
    {
      if (surrCtx != (VoltSurrenderCtx *)0)
      {
        callNum++;
        surrCtx->surrenderInfo.callingFlag = VT_SURRENDER_FNCT_DSA_PARAM_GEN;
        surrCtx->surrenderInfo.callCount = 0;
        surrCtx->surrenderInfo.callNumber = callNum;
        VOLT_SET_FNCT_LINE (fnctLine)
        status = surrCtx->Surrender (
          surrCtx->libraryCtx, surrCtx->appData, &(surrCtx->surrenderInfo));
        if (status != 0)
          break;
      }

      /* Steps 1 - 5: Generate the subprime. (See the comments in
       * VoltGeneratePrimeFips for more on steps 1 - 5.
       */

      /* If the MpIntCtx has a prime finding routine, use it.
       * Init status to ERROR_FIPS, if the mpCtx has no GeneratePrime
       * function, status will be what it needs to be to call the regular
       * toolkit function. If there is a GeneratePrime, the call will
       * change status. Or else it will "reset" status to ERROR_FIPS and
       * we'll use the regular toolkit function.
       */
      VOLT_SET_FNCT_LINE (fnctLine)
      status = VT_ERROR_FIPS;
      if (mpCtx->GeneratePrime != (VGeneratePrime)0)
      {
        VOLT_SET_FNCT_LINE (fnctLine)
        status = mpCtx->GeneratePrime (
          subprimeSizeBits, random, SEED, *seedLen, seedLen, subprimeQ);