dsa.h

IBE是一种非对称密码技术

/* Copyright 2003-2006, Voltage Security, all rights reserved.
 */

#include "vibecrypto.h"
#include "environment.h"
#include "base.h"
#include "libctx.h"
#include "paramobj.h"
#include "algobj.h"
#include "keyobj.h"
#include "mpint.h"
#include "surrender.h"

#ifndef _DSA_H
#define _DSA_H

#ifdef __cplusplus
extern "C" {
#endif

/* Implements VGenerateParameters
 */
int VOLT_CALLING_CONV DSAGenerateParameters VOLT_PROTO_LIST ((
   VtParameterObject paramObj,
   VtRandomObject random
));

/* This function generates prime P, subprime Q, and base G following
 * the instructions in the FIPS 186-2 document. The primes will be
 * chosen such that subprimeQ is a divisor of (primeP - 1).
 * <p>The SEED, hVal, and counter values are returned because the
 * caller may be doing some FIPS work and will need them. The caller
 * must pass a SEED buffer and it must be big enough to hold
 * subprimeSizeBits. This function will not check the arguments, it is
 * the responsibility of the caller to pass a valid SEED buffer (not
 * NULL) that is big enough, along with valid pointers seedLen and
 * counter.
 * <p>The length of the subprime must be less than the length of the
 * prime. The base will be the same size as the prime.
 * <p>The caller can pass a surrender context if one is available (NULL
 * is allowed). The surrFlag is a VT_SURRENDER_FNCT_ flag (such as
 * VT_SURRENDER_FNCT_DSA_PARAM_GEN) indicating who wants the PQG.
 *
 * @param mpCtx The mpCtx to use for multi-precision operations.
 * @param surrCtx This can be NULL, but if not, the surrender ctx to
 * call at various intervals.
 * @param surrFlag A VT_SURRENDER_FNCT_ flag indicating what operation
 * is running, to tell the surrender function who is calling it.
 * @param callNumber The current callNumber of the surrender ctx. The
 * caller should pass the current value at the address given, the
 * function will return the number it eventually reaches at that
 * address.
 * @param primeSizeBits The size, in bits, of the prime to generate.
 * @param subprimeSizeBits The size, in bits, of the subprime to generate.
 * @param random A random object, the source of any random bytes needed.
 * @param primeP Where the resulting prime will be deposited.
 * @param subprimeQ Where the resulting subprime will be deposited.
 * @param baseG Where the resulting base will be deposited.
 * @param hVal Where the resulting FIPS h value will be deposited.
 * @param SEED The buffer into which the FIPS SEED value will be placed.
 * @param seedLen The address where the function will deposit the
 * length, in bytes, of the value deposited into the SEED buffer.
 * @param counter The address where the function will deposit the FIPS
 * counter value.
 * @return an int, 0 if the function completed successfully or a
 * non-zero error code.
 */
int VOLT_CALLING_CONV VoltGeneratePQGFips186 VOLT_PROTO_LIST ((
   VoltMpIntCtx *mpCtx,
   VoltSurrenderCtx *surrCtx,
   unsigned int surrFlag,
   unsigned int *callNumber,
   unsigned int primeSizeBits,
   unsigned int subprimeSizeBits,
   VtRandomObject random,
   VoltMpInt *primeP,
   VoltMpInt *subprimeQ,
   VoltMpInt *baseG,
   VoltMpInt *hVal,
   unsigned char *SEED,
   unsigned int *seedLen,
   unsigned int *counter
));

/* Implements VGenerateKey
 */
int VOLT_CALLING_CONV DSAGenerateKeyPair VOLT_PROTO_LIST ((
   VtKeyObject priKey,
   VtKeyObject pubKey,
   VtRandomObject random
));

/* This function generates the DSA or DH public value given the params
 * and private value: pub = (base ^ pri) mod prime.
 * <p>It allocates a buffer to hold the octet string version of the
 * public value (using the libCtx passed in) and returns the buffer and
 * its length. It is the responsibility of the caller to free up the
 * memory allocated for the public value (that's what the Alloc in the
 * name means).
 * <p>This function does no arg checking, it is the responsibility of
 * the caller not to make mistakes.
 *
 * @param libCtx The library context to use.
 * @param mpCtx The mpCtx to use.
 * @param primeP The prime to use.
 * @param baseG The base to use.
 * @param priVal The private DSA value.
 * @param priValLen The length, in bytes, of the private value.
 * @param pubVal The address where this function will deposit the
 * pointer to the allocated memory containing the generated public
 * value.
 * @param pubValLen The address where this function will deposit the
 * length of the public value.
 * @return an int, 0 if the function completed successfully or a
 * non-zero error code.
 */
int VOLT_CALLING_CONV VoltGeneratePubValAlloc VOLT_PROTO_LIST ((
   VoltLibCtx *libCtx,
   VoltMpIntCtx *mpCtx,
   VtItem *primeP,
   VtItem *baseG,
   unsigned char *priVal,
   unsigned int priValLen,
   unsigned char **pubVal,
   unsigned int *pubValLen
));

typedef struct
{
  unsigned int primeSizeBits;
} VoltDsaParamGenCtx;

/* This is how params are stored internally.
 */
typedef struct
{
  VoltMpInt *primeP;
  VoltMpInt *subprimeQ;
  VoltMpInt *baseG;
  VtDSAParamInfo paramInfo;
  VtDSAParamFipsInfo fipsInfo;
} VoltDsaParams;

typedef struct
{
  VtMpIntCtx mpCtx;
  unsigned int primeSizeBits;
  VtItem primeP;
  VtItem subprimeQ;
  VtItem baseG;
} VoltDsaKeyGenCtx;

#define VOLT_DSA_PRI_VAL_LEN  20

#define VOLT_DSA_K_VAL_LEN    20

/* This is part of FIPS random x and k generation.
 */
#define VOLT_DSA_XKEY_LEN     32
#define VOLT_DSA_XSEED_LEN    32

/* This is how DSA key data is stored internally.
 * If you build a key and store the key data, it must be this format.
 * That is, if the VOLT_KEY_TYPE_DATA bit in the keyObject->keyType
 * field is set, the keyData must point to this struct.
 * Each of the types, public, private and key pair, must begin with the
 * keyType field, a flag so we can know what the struct is. It will be
 * set to one of the following values.
 *
 *    VOLT_KEY_TYPE_PUBLIC
 *    VOLT_KEY_TYPE_PRIVATE
 *    VOLT_KEY_TYPE_PAIR
 *
 * The public and private key types must look alike from top to bottom,
 * except for the priValX at the bottom. They can both be dereferenced
 * as a public key and the keyItems and params will be in the same
 * place.
 */
typedef struct
{
  unsigned int type;
  VtDSAPriKeyInfo *keyItems;
  VoltMpInt *primeP;
  VoltMpInt *subprimeQ;
  VoltMpInt *baseG;
  VoltMpInt *pubValY;
  VoltMpInt *priValX;
} VoltDsaPrivateKey;

typedef struct
{
  unsigned int type;
  VtDSAPubKeyInfo *keyItems;
  VoltMpInt *primeP;
  VoltMpInt *subprimeQ;
  VoltMpInt *baseG;
  VoltMpInt *pubValY;
} VoltDsaPublicKey;

typedef struct
{
  unsigned int type;
  VtKeyObject pubKey;
  VtKeyObject priKey;
} VoltDsaKeyPair;

/* The random field contains a reference, not an actual object. Users
 * of this struct should not build a random for that field. It will be
 * a reference to the actual random object to use (passed in by the
 * caller or from the libCtx).
 * The tempKey is for when the actual key object passed in is not a
 * regular toolkit DSA private key, but one in which the data is
 * available. We'll build a temp key object to build the required key
 * data.
 */
typedef struct
{
  unsigned int        format;
  VtRandomObject      random;
  VoltDsaPrivateKey  *priKeyData;
  VoltDsaPublicKey   *pubKeyData;
  VtKeyObject         tempKey;
} VoltDsaSignCtx;

/* Sign and verify using DSA. This determines if a pub and pri key are
 * indeed DSA partners. The data to sign and the signature are "thrown
 * away", this function only determines if the keys are indeed partners.
 * <p>If the two are partners, this function will return 0. If the keys
 * are not, the function will return an error code.
 * <p>This routine assumes that the random object is valid.
 *
 * @param libCtx The libCtx to use.
 * @param surrCtx If not NULL, pass it on to signing and verifying
 * objects.
 * @param pubKey The alleged public key.
 * @param priKey The alleged private key.
 * @param random A random object to use as a source of any random bytes
 * if needed.
 * @return an int, 0 if the function completed successfully or a
 * non-zero error code.
 */
int VOLT_CALLING_CONV VoltTestDsaKeyPair VOLT_PROTO_LIST ((
   VoltLibCtx *libCtx,
   VoltSurrenderCtx *surrCtx,
   VtKeyObject pubKey,
   VtKeyObject priKey,
   VtRandomObject random
));

/* Implements VCtxDestroy.
 */
void VOLT_CALLING_CONV DSAParamGenCtxDestroy VOLT_PROTO_LIST ((
   Pointer obj,
   Pointer ctx
));

/* Load these values into the object. This function will copy the
 * references to the MpInt's, it will not copy (clone) them. The caller
 * passes created and set MpInt's to be loaded into the object, the
 * caller should not destroy them unless this routine returns an error.
 * <p>The hVal, SEED, and counter are FIPS values. If hVal is NULL (and
 * SEED is NULL and counter is 0), there are no FIPS values, just load
 * the regular DSA params.
 *
 * @param obj The parameter object to which these values will be added.
 * @param primeP The prime to add.
 * @param subPrimeQ The subprime to add.
 * @param baseG The base to add.
 * @param hVal The FIPS "h" value.
 * @param SEED The FIPS SEED.
 * @param seedLen The length, in bytes, of the SEED.
 * @param counter The FIPS counter.
 * @return an int, 0 if the function completed successfully or a
 * non-zero error code.
 */
int VOLT_CALLING_CONV AddDSAParametersMpInt VOLT_PROTO_LIST ((
   VoltParameterObject *obj,
   VoltMpInt *primeP,
   VoltMpInt *subprimeQ,
   VoltMpInt *baseG,
   VoltMpInt *hVal,
   unsigned char *SEED,
   unsigned int seedLen,
   unsigned int counter
));

/* Load these values into the object. This function will copy the data,
 * not just references. Therefore, any memory allocated for the VtItem's
 * or their data still belongs to the caller.
 *
 * @param obj The parameter object to which these values will be added.
 * @param primeP The prime to add.
 * @param subPrimeQ The subprime to add.
 * @param baseG The base to add.
 * @return an int, 0 if the function completed successfully or a
 * non-zero error code.
 */
int VOLT_CALLING_CONV SetDSAParameters VOLT_PROTO_LIST ((
   VoltParameterObject *obj,
   VtItem *primeP,
   VtItem *subprimeQ,
   VtItem *baseG
));

/* Implements VCopyParams.
 */
int VOLT_CALLING_CONV DSACopyParams VOLT_PROTO_LIST ((
   Pointer sourceParamObj,
   Pointer destParamObj
));

/* Implements VGetDigestObject.
 */
int VOLT_CALLING_CONV DSAGetDigestObject VOLT_PROTO_LIST ((
   VoltAlgorithmObject *obj,
   VtAlgorithmObject *digestObj
));

/* Implements VCheckSignatureInput,
 */
int VOLT_CALLING_CONV DSACheckSignatureInput VOLT_PROTO_LIST ((
   VoltAlgorithmObject *obj,
   VoltKeyObject *key,
   VtRandomObject random,
   unsigned char *dataToSign,
   unsigned int dataToSignLen,
   unsigned int *signatureSize
));

/* DSA requires the input data (the data to sign, or the digest of the
 * data to sign) to be 20 bytes long.
 */
#define VOLT_DSA_SIGN_DATA_LEN 20

#define VOLT_DSA_R_VAL_LEN     20
#define VOLT_DSA_S_VAL_LEN     20

/* Implements VSignData.
 */
int VOLT_CALLING_CONV DSASignData VOLT_PROTO_LIST ((
   VoltAlgorithmObject *obj,
   VoltKeyObject *key,
   VtRandomObject random,
   unsigned char *dataToSign,
   unsigned int dataToSignLen,
   unsigned char *signature,
   unsigned int *sigLen
));

/* A "raw" DSA signature (r || s) will be 40 bytes long. The DER of a
 * DSA signature will be anywhere from 46 to 48 bytes long. Actually,
 * it could be smaller than 46, but that will almost never happen.
 */
#define VOLT_RAW_DSA_SIG_LEN  40
#define VOLT_DER_DSA_SIG_LEN  48

/* Implements VVerifyData.
 */
int VOLT_CALLING_CONV DSAVerifyData VOLT_PROTO_LIST ((
   VoltAlgorithmObject *obj,
   VoltKeyObject *key,
   VtRandomObject random,
   unsigned char *dataToVerify,
   unsigned int dataToVerifyLen,
   unsigned char *signature,
   unsigned int sigLen,
   unsigned int *verifyResult
));

/* This routine does the work. It allocates and fills in the contexts.
 * <p>The reason this is public is that Diffie-Hellman code will use
 * this function as well.
 *
 * @param obj The algorithm object to set.
 * @param primeSizeBits The size primeP needs to be.
 * @return an int, 0 if the function completed successfully or a
 * non-zero error code.
 */
int VOLT_CALLING_CONV SetObjectDSAParamGen VOLT_PROTO_LIST ((
   VoltParameterObject *obj,
   unsigned int primeSizeBits
));

/* Implements VCloneObject.
 */
int VOLT_CALLING_CONV VoltCloneDsaPubKey VOLT_PROTO_LIST ((
   Pointer sourceObject,
   Pointer *destObject
));

/* Implements VCloneObject.
 */
int VOLT_CALLING_CONV VoltCloneDsaPriKey VOLT_PROTO_LIST ((
   Pointer sourceObject,
   Pointer *destObject
));

/* Implements VCtxDestroy.
 */
void VOLT_CALLING_CONV DSAParameterDataDestroy VOLT_PROTO_LIST ((
   Pointer obj,
   Pointer ctx
));

/* Implements VCtxDestroy.
 */
void VOLT_CALLING_CONV DSAKeyPairDataDestroy VOLT_PROTO_LIST ((
   Pointer obj,
   Pointer ctx
));

/* Implements VCtxDestroy.
 */
void VOLT_CALLING_CONV DSAKeyDataDestroy VOLT_PROTO_LIST ((
   Pointer obj,
   Pointer ctx
));

/* Implements VCtxDestroy.
 */
void VOLT_CALLING_CONV DSASignCtxDestroy VOLT_PROTO_LIST ((
   Pointer obj,
   Pointer ctx
));

#ifdef __cplusplus
}
#endif

#endif /* _DSA_H */