summaryrefslogtreecommitdiff
path: root/cipher/dsa.c
diff options
context:
space:
mode:
authorWerner Koch <wk@gnupg.org>2008-08-19 15:55:46 +0000
committerWerner Koch <wk@gnupg.org>2008-08-19 15:55:46 +0000
commite77613e7b89ee150ae9e945029f11b04744a6fd3 (patch)
treebc41644fb0e68f6d353e640eb77a3b7e8b8c4d3e /cipher/dsa.c
parentb202832f13ca0ecce65767e4448e7e91eda1214e (diff)
downloadlibgcrypt-e77613e7b89ee150ae9e945029f11b04744a6fd3.tar.gz
A whole bunch of changes to eventually support
FIPS restricted mode. Also some documentation improvements and other minor enhancements. See the ChangeLogs. Stay tuned.
Diffstat (limited to 'cipher/dsa.c')
-rw-r--r--cipher/dsa.c60
1 files changed, 59 insertions, 1 deletions
diff --git a/cipher/dsa.c b/cipher/dsa.c
index bf5bf6d9..ccfd6860 100644
--- a/cipher/dsa.c
+++ b/cipher/dsa.c
@@ -1,6 +1,6 @@
/* dsa.c - DSA signature scheme
* Copyright (C) 1998, 2000, 2001, 2002, 2003,
- * 2006 Free Software Foundation, Inc.
+ * 2006, 2008 Free Software Foundation, Inc.
*
* This file is part of Libgcrypt.
*
@@ -207,6 +207,9 @@ generate (DSA_secret_key *sk, unsigned int nbits, unsigned int qbits,
if (nbits < 2*qbits || nbits > 15360)
return GPG_ERR_INV_VALUE;
+ if (nbits < 1024 && fips_mode ())
+ return GPG_ERR_INV_VALUE;
+
p = _gcry_generate_elg_prime( 1, nbits, qbits, NULL, ret_factors );
/* get q out of factors */
q = mpi_copy((*ret_factors)[0]);
@@ -531,6 +534,57 @@ _gcry_dsa_get_nbits (int algo, gcry_mpi_t *pkey)
return mpi_get_nbits (pkey[0]);
}
+
+
+/*
+ Self-test section.
+ */
+
+
+static gpg_err_code_t
+selftests_dsa (selftest_report_func_t report)
+{
+ const char *what;
+ const char *errtxt;
+
+ what = "low-level";
+ errtxt = NULL; /*selftest ();*/
+ if (errtxt)
+ goto failed;
+
+ /* FIXME: need more tests. */
+
+ return 0; /* Succeeded. */
+
+ failed:
+ if (report)
+ report ("pubkey", GCRY_PK_DSA, what, errtxt);
+ return GPG_ERR_SELFTEST_FAILED;
+}
+
+
+/* Run a full self-test for ALGO and return 0 on success. */
+static gpg_err_code_t
+run_selftests (int algo, selftest_report_func_t report)
+{
+ gpg_err_code_t ec;
+
+ switch (algo)
+ {
+ case GCRY_PK_DSA:
+ ec = selftests_dsa (report);
+ break;
+ default:
+ ec = GPG_ERR_PUBKEY_ALGO;
+ break;
+
+ }
+ return ec;
+}
+
+
+
+
static const char *dsa_names[] =
{
"dsa",
@@ -551,4 +605,8 @@ gcry_pk_spec_t _gcry_pubkey_spec_dsa =
_gcry_dsa_verify,
_gcry_dsa_get_nbits,
};
+pk_extra_spec_t _gcry_pubkey_extraspec_dsa =
+ {
+ run_selftests
+ };
generated by cgit v1.2.1 (git 2.18.0) at 2024-05-16 20:11:10 +0000