Nikos Mavrogiannopoulos nmav@gnutls.org writes:
On Fri, 2013-12-06 at 20:00 +0100, Niels Möller wrote:
Simplest would be to just drop these requirements from dsa_generate_keypair, and let it do whatever the caller asks for. Do you think that makes sense?
Sounds reasonable. Nettle is low-level anyway.
I'll strive for that then. It's some work to support arbitrary p_size > q_size, though. I've spent some of the day looking into pocklington's theorem and variants again. The cases q_size < p_size/2 and q_size > p_size / 2 need different handling.
In the master branch you break the ABI anyway, so it may be a good time to introduce that. Otherwise you may simply introduce new functions for the new structures and leave the old API intact.
I think I can do that *almost* without breaking source-level compatibility. API draft:
New structs:
struct dsa_params { /* Modulo */ mpz_t p;
/* Group order */ mpz_t q;
/* Generator */ mpz_t g; };
struct dsa_value { const struct dsa_params *params; /* For private keys, represents an exponent (0 < x < q). For public keys, represents a group element, 0 < x < p) */ mpz_t x; };
New functions:
int dsa_sign(const struct dsa_value *key, void *random_ctx, nettle_random_func *random, size_t digest_size, const uint8_t *digest, struct dsa_signature *signature);
int dsa_verify(const struct dsa_value *pub, size_t digest_size, const uint8_t *digest, const struct dsa_signature *signature);
These two names exists in the repo since a few weeks ago, but in no released version, so it's no problem to change them.
void dsa_generate_params (struct dsa_params *params,
void *random_ctx, nettle_random_func *random,
void *progress_ctx, nettle_progress_func *progress, unsigned p_bits, unsigned q_bits);
New, obviously.
int dsa_generate_keypair (struct dsa_value *pub, struct dsa_value *key,
void *random_ctx, nettle_random_func *random);
THis is a change of an advertised function in the API, and it existing code. Not sure what to do, either, give a new name to the new function. Or rename the old function, and let applications do preprocessor tricks like
#ifdef dsa_generate_keypair_old #undef dsa_generate_keypair #define dsa_generate_keypair dsa_generate_keypair_old #endif
if they want to keep using the old function with no other changes. Or check some define #NETTLE_OLD_DSA_API in the header file to do that extra name mangling for the application.
And the rest of the old DSA API kept with no changes, possibly to be retired in the distant future.
Comments?
Regards, /Niels