---

dsa.h

Go to the documentation of this file.

#ifndef CRYPTOPP_DSA_H
#define CRYPTOPP_DSA_H

#include "pubkey.h"
#include "modexppc.h"
#include "sha.h"

#include <limits.h>

NAMESPACE_BEGIN(CryptoPP)

enum DSASignatureFormat {DSA_P1363, DSA_DER, DSA_OPENPGP};
unsigned int DSAConvertSignatureFormat(byte *buffer, unsigned int bufferSize, DSASignatureFormat toFormat, 
        const byte *signature, unsigned int signatureLen, DSASignatureFormat fromFormat);


class GDSADigestVerifier : public PK_WithPrecomputation<DigestVerifier>
{
public:
        GDSADigestVerifier(const Integer &p, const Integer &q, const Integer &g, const Integer &y);
        GDSADigestVerifier(BufferedTransformation &bt);

        void Precompute(unsigned int precomputationStorage=16);
        void LoadPrecomputation(BufferedTransformation &storedPrecomputation);
        void SavePrecomputation(BufferedTransformation &storedPrecomputation) const;

        void DEREncode(BufferedTransformation &bt) const;
        bool VerifyDigest(const byte *digest, unsigned int digestLen, const byte *signature) const;

        unsigned int MaxDigestLength() const {return UINT_MAX;}
        unsigned int DigestSignatureLength() const {return 2*m_q.ByteCount();}

        const Integer & GetModulus() const {return m_p;}
        const Integer & GetSubgroupSize() const {return m_q;}
        const Integer & GetGenerator() const {return m_g;}
        const Integer & GetPublicResidue() const {return m_y;}

        // exposed for validation testing
        bool RawVerify(const Integer &m, const Integer &a, const Integer &b) const;

protected:
        GDSADigestVerifier() {}
        unsigned int ExponentBitLength() const;
        Integer EncodeDigest(const byte *digest, unsigned int digestLen) const;

        Integer m_p, m_q, m_g, m_y;
        ModExpPrecomputation m_gpc, m_ypc;
};

class GDSADigestSigner : public GDSADigestVerifier, public PK_WithPrecomputation<DigestSigner>
{
public:
        GDSADigestSigner(const Integer &p, const Integer &q, const Integer &g, const Integer &y, const Integer &x);
        GDSADigestSigner(RandomNumberGenerator &rng, unsigned int pbits);
        GDSADigestSigner(RandomNumberGenerator &rng, const Integer &p, const Integer &q, const Integer &g);
        GDSADigestSigner(BufferedTransformation &bt);

        void DEREncode(BufferedTransformation &bt) const;
        void SignDigest(RandomNumberGenerator &rng, const byte *digest, unsigned int digestLen, byte *signature) const;

        const Integer & GetPrivateExponent() const {return m_x;}

        // exposed for validation testing
        void RawSign(const Integer &k, const Integer &h, Integer &r, Integer &s) const;

protected:
        GDSADigestSigner() {}

        Integer m_x;
};

template <class H>
class GDSASigner : public SignerTemplate<GDSADigestSigner, H>, public PK_WithPrecomputation<PK_Signer>
{
        typedef GDSADigestSigner Base;
public:
        GDSASigner(const Integer &p, const Integer &q, const Integer &g, const Integer &y, const Integer &x)
                : Base(p, q, g, y, x) {}

        // generate a random private key
        GDSASigner(RandomNumberGenerator &rng, unsigned int keybits)
                : Base(rng, keybits) {}

        // generate a random private key, given p, q, and g
        GDSASigner(RandomNumberGenerator &rng, const Integer &p, const Integer &q, const Integer &g)
                : Base(rng, p, q, g) {}

        // load a previously generated key
        GDSASigner(BufferedTransformation &storedKey)
                : Base(storedKey) {}

protected:
        GDSASigner() {}
};

template <class H>
class GDSAVerifier : public VerifierTemplate<GDSADigestVerifier, H>, public PK_WithPrecomputation<PK_Verifier>
{
        typedef GDSADigestVerifier Base;
public:
        GDSAVerifier(const Integer &p, const Integer &q, const Integer &g, const Integer &y)
                : Base(p, q, g, y) {}

        // create a matching public key from a private key
        GDSAVerifier(const GDSASigner<H> &priv)
                : Base(priv) {}

        // load a previously generated key
        GDSAVerifier(BufferedTransformation &storedKey)
                : Base(storedKey) {}
};

// ***********************************************************

const int MIN_DSA_PRIME_LENGTH = 512;
const int MAX_DSA_PRIME_LENGTH = 1024;


bool GenerateDSAPrimes(byte *seed, unsigned int seedLength, int &counter,
                                                  Integer &p, unsigned int primeLength, Integer &q);

class SHA;

class DSAPrivateKey : public GDSASigner<SHA>
{
public:
        DSAPrivateKey(const Integer &p, const Integer &q, const Integer &g, const Integer &y, const Integer &x)
                : GDSADigestSigner(p, q, g, y, x) {}

        // generate a random private key
        // keybits must be between 512 and 1024, and divisible by 64
        DSAPrivateKey(RandomNumberGenerator &rng, unsigned int keybits);

        // generate a random private key, given p, q, and g
        DSAPrivateKey(RandomNumberGenerator &rng, const Integer &p, const Integer &q, const Integer &g)
                : GDSADigestSigner(rng, p, q, g) {}

        // load a previously generated key
        DSAPrivateKey(BufferedTransformation &storedKey)
                : GDSADigestSigner(storedKey) {}
};

typedef GDSAVerifier<SHA> DSAPublicKey;

NAMESPACE_END

#endif

---