On Mon, 2013-12-09 at 17:23 +0100, Niels Möller wrote:
Simplest would be to just drop these requirements from dsa_generate_keypair, and let it do whatever the caller asks for. Do you think that makes sense?
Sounds reasonable. Nettle is low-level anyway.
I'll strive for that then. It's some work to support arbitrary p_size > q_size, though. I've spent some of the day looking into pocklington's theorem and variants again. The cases q_size < p_size/2 and q_size > p_size / 2 need different handling.
I think having a limitation that q_size < p_size/2 is pretty much reasonable. The recommendations for DH parameters have q_size << p_size/2.
I think I can do that *almost* without breaking source-level compatibility. API draft:
Looks reasonable.
THis is a change of an advertised function in the API, and it existing code. Not sure what to do, either, give a new name to the new function. Or rename the old function, and let applications do preprocessor tricks like
#ifdef dsa_generate_keypair_old #undef dsa_generate_keypair #define dsa_generate_keypair dsa_generate_keypair_old #endif
I don't think it makes much sense to keep the old function if the ABI breaks anyway. It's not that big deal of a change, but it's up to you.
regards, Nikos