From 0e4aa0d2d2807e0cbeac29b65d2b9061daed8941 Mon Sep 17 00:00:00 2001 From: Geoff Thorpe Date: Wed, 15 Jan 2003 02:01:55 +0000 Subject: [PATCH] As with RSA, which was modified recently, this change makes it possible to override key-generation implementations by placing handlers in the methods for DSA and DH. Also, parameter generation for DSA and DH is possible by another new handler for each method. --- CHANGES | 6 ++++++ crypto/dh/dh.h | 2 ++ crypto/dh/dh_gen.c | 11 ++++++++++- crypto/dh/dh_key.c | 1 + crypto/dsa/dsa.h | 7 +++++++ crypto/dsa/dsa_gen.c | 15 +++++++++++++++ crypto/dsa/dsa_key.c | 9 +++++++++ crypto/dsa/dsa_ossl.c | 2 ++ engines/e_aep.c | 5 ++++- engines/e_atalla.c | 5 ++++- engines/e_cswift.c | 5 ++++- engines/e_ncipher.c | 1 + engines/e_nuron.c | 5 ++++- engines/e_sureware.c | 5 ++++- engines/e_ubsec.c | 5 ++++- 15 files changed, 77 insertions(+), 7 deletions(-) diff --git a/CHANGES b/CHANGES index 404f76bd08..4b11fc9c53 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,12 @@ Changes between 0.9.7 and 0.9.8 [xx XXX xxxx] + *) Key-generation can now be implemented in RSA_METHOD, DSA_METHOD + and DH_METHOD (eg. by ENGINE implementations) to override the normal + software implementations. For DSA and DH, parameter generation can + also be overriden by providing the appropriate method callbacks. + [Geoff Thorpe] + *) Change the "progress" mechanism used in key-generation and primality testing to functions that take a new BN_GENCB pointer in place of callback/argument pairs. The new API functions have "_ex" diff --git a/crypto/dh/dh.h b/crypto/dh/dh.h index cab9b1493d..62dba4055c 100644 --- a/crypto/dh/dh.h +++ b/crypto/dh/dh.h @@ -91,6 +91,8 @@ typedef struct dh_method { int (*finish)(DH *dh); int flags; char *app_data; + /* If this is non-NULL, it will be used to generate parameters */ + int (*generate_params)(DH *dh, int prime_len, int generator, BN_GENCB *cb); } DH_METHOD; struct dh_st diff --git a/crypto/dh/dh_gen.c b/crypto/dh/dh_gen.c index a929a0f064..1f805073cf 100644 --- a/crypto/dh/dh_gen.c +++ b/crypto/dh/dh_gen.c @@ -66,6 +66,15 @@ #include #include +static int dh_builtin_genparams(DH *ret, int prime_len, int generator, BN_GENCB *cb); + +int DH_generate_parameters_ex(DH *ret, int prime_len, int generator, BN_GENCB *cb) + { + if(ret->meth->generate_params) + return ret->meth->generate_params(ret, prime_len, generator, cb); + return dh_builtin_genparams(ret, prime_len, generator, cb); + } + /* We generate DH parameters as follows * find a prime q which is prime_len/2 bits long. * p=(2*q)+1 or (p-1)/2 = q @@ -91,7 +100,7 @@ * It's just as OK (and in some sense better) to use a generator of the * order-q subgroup. */ -int DH_generate_parameters_ex(DH *ret, int prime_len, int generator, BN_GENCB *cb) +static int dh_builtin_genparams(DH *ret, int prime_len, int generator, BN_GENCB *cb) { BIGNUM *t1,*t2; int g,ok= -1; diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c index 1a0efca2c4..5e58e0032f 100644 --- a/crypto/dh/dh_key.c +++ b/crypto/dh/dh_key.c @@ -90,6 +90,7 @@ dh_bn_mod_exp, dh_init, dh_finish, 0, +NULL, NULL }; diff --git a/crypto/dsa/dsa.h b/crypto/dsa/dsa.h index 7a126e486b..6ba79b01df 100644 --- a/crypto/dsa/dsa.h +++ b/crypto/dsa/dsa.h @@ -110,6 +110,13 @@ typedef struct dsa_method { int (*finish)(DSA *dsa); int flags; char *app_data; + /* If this is non-NULL, it is used to generate DSA parameters */ + int (*dsa_paramgen)(DSA *dsa, int bits, + unsigned char *seed, int seed_len, + int *counter_ret, unsigned long *h_ret, + BN_GENCB *cb); + /* If this is non-NULL, it is used to generate DSA keys */ + int (*dsa_keygen)(DSA *dsa); } DSA_METHOD; struct dsa_st diff --git a/crypto/dsa/dsa_gen.c b/crypto/dsa/dsa_gen.c index ca2c867089..4b9aff3689 100644 --- a/crypto/dsa/dsa_gen.c +++ b/crypto/dsa/dsa_gen.c @@ -80,10 +80,25 @@ #include #include +static int dsa_builtin_paramgen(DSA *ret, int bits, + unsigned char *seed_in, int seed_len, + int *counter_ret, unsigned long *h_ret, BN_GENCB *cb); + int DSA_generate_parameters_ex(DSA *ret, int bits, unsigned char *seed_in, int seed_len, int *counter_ret, unsigned long *h_ret, BN_GENCB *cb) { + if(ret->meth->dsa_paramgen) + return ret->meth->dsa_paramgen(ret, bits, seed_in, seed_len, + counter_ret, h_ret, cb); + return dsa_builtin_paramgen(ret, bits, seed_in, seed_len, + counter_ret, h_ret, cb); + } + +static int dsa_builtin_paramgen(DSA *ret, int bits, + unsigned char *seed_in, int seed_len, + int *counter_ret, unsigned long *h_ret, BN_GENCB *cb) + { int ok=0; unsigned char seed[SHA_DIGEST_LENGTH]; unsigned char md[SHA_DIGEST_LENGTH]; diff --git a/crypto/dsa/dsa_key.c b/crypto/dsa/dsa_key.c index ef87c3e637..48ff1f423c 100644 --- a/crypto/dsa/dsa_key.c +++ b/crypto/dsa/dsa_key.c @@ -64,7 +64,16 @@ #include #include +static int dsa_builtin_keygen(DSA *dsa); + int DSA_generate_key(DSA *dsa) + { + if(dsa->meth->dsa_keygen) + return dsa->meth->dsa_keygen(dsa); + return dsa_builtin_keygen(dsa); + } + +static int dsa_builtin_keygen(DSA *dsa) { int ok=0; BN_CTX *ctx=NULL; diff --git a/crypto/dsa/dsa_ossl.c b/crypto/dsa/dsa_ossl.c index fc35dfe1f6..313c06fa3f 100644 --- a/crypto/dsa/dsa_ossl.c +++ b/crypto/dsa/dsa_ossl.c @@ -89,6 +89,8 @@ dsa_bn_mod_exp, dsa_init, dsa_finish, 0, +NULL, +NULL, NULL }; diff --git a/engines/e_aep.c b/engines/e_aep.c index 3bb979a5f1..46ccac2823 100644 --- a/engines/e_aep.c +++ b/engines/e_aep.c @@ -190,7 +190,9 @@ static DSA_METHOD aep_dsa = NULL, /* init */ NULL, /* finish */ 0, /* flags */ - NULL /* app_data */ + NULL, /* app_data */ + NULL, /* dsa_paramgen */ + NULL /* dsa_keygen */ }; #endif @@ -205,6 +207,7 @@ static DH_METHOD aep_dh = NULL, NULL, 0, + NULL, NULL }; #endif diff --git a/engines/e_atalla.c b/engines/e_atalla.c index 6807e8400c..64dcc046e8 100644 --- a/engines/e_atalla.c +++ b/engines/e_atalla.c @@ -154,7 +154,9 @@ static DSA_METHOD atalla_dsa = NULL, /* init */ NULL, /* finish */ 0, /* flags */ - NULL /* app_data */ + NULL, /* app_data */ + NULL, /* dsa_paramgen */ + NULL /* dsa_keygen */ }; #endif @@ -169,6 +171,7 @@ static DH_METHOD atalla_dh = NULL, NULL, 0, + NULL, NULL }; #endif diff --git a/engines/e_cswift.c b/engines/e_cswift.c index d3bd9c657d..28a51d1bfd 100644 --- a/engines/e_cswift.c +++ b/engines/e_cswift.c @@ -172,7 +172,9 @@ static DSA_METHOD cswift_dsa = NULL, /* init */ NULL, /* finish */ 0, /* flags */ - NULL /* app_data */ + NULL, /* app_data */ + NULL, /* dsa_paramgen */ + NULL /* dsa_keygen */ }; #endif @@ -187,6 +189,7 @@ static DH_METHOD cswift_dh = NULL, NULL, 0, + NULL, NULL }; #endif diff --git a/engines/e_ncipher.c b/engines/e_ncipher.c index 8e8344379e..bf95ca8612 100644 --- a/engines/e_ncipher.c +++ b/engines/e_ncipher.c @@ -201,6 +201,7 @@ static DH_METHOD hwcrhk_dh = NULL, NULL, 0, + NULL, NULL }; #endif diff --git a/engines/e_nuron.c b/engines/e_nuron.c index 2d3f84b041..f9c3795033 100644 --- a/engines/e_nuron.c +++ b/engines/e_nuron.c @@ -287,7 +287,9 @@ static DSA_METHOD nuron_dsa = NULL, /* init */ NULL, /* finish */ 0, /* flags */ - NULL /* app_data */ + NULL, /* app_data */ + NULL, /* dsa_paramgen */ + NULL /* dsa_keygen */ }; #endif @@ -301,6 +303,7 @@ static DH_METHOD nuron_dh = NULL, NULL, 0, + NULL, NULL }; #endif diff --git a/engines/e_sureware.c b/engines/e_sureware.c index ee7182cd0c..cae8bf4856 100644 --- a/engines/e_sureware.c +++ b/engines/e_sureware.c @@ -145,7 +145,8 @@ static DH_METHOD surewarehk_dh = NULL, /* init*/ NULL, /* finish*/ 0, /* flags*/ - NULL + NULL, + NULL }; #endif @@ -194,6 +195,8 @@ static DSA_METHOD surewarehk_dsa = NULL,/*finish*/ 0, NULL, + NULL, + NULL }; #endif diff --git a/engines/e_ubsec.c b/engines/e_ubsec.c index afb0c9ece6..02927d7b38 100644 --- a/engines/e_ubsec.c +++ b/engines/e_ubsec.c @@ -162,7 +162,9 @@ static DSA_METHOD ubsec_dsa = NULL, /* init */ NULL, /* finish */ 0, /* flags */ - NULL /* app_data */ + NULL, /* app_data */ + NULL, /* dsa_paramgen */ + NULL /* dsa_keygen */ }; #endif @@ -177,6 +179,7 @@ static DH_METHOD ubsec_dh = NULL, NULL, 0, + NULL, NULL }; #endif -- 2.25.1