Merge d100a06 into 077f4d6

libtom · Apr 12, 2021 · e7bb7b5 · e7bb7b5
2 parents 077f4d6 + d100a06
commit e7bb7b5
Show file tree

Hide file tree

Showing 4 changed files with 30 additions and 11 deletions.
diff --git a/src/headers/tomcrypt_pk.h b/src/headers/tomcrypt_pk.h
@@ -387,8 +387,12 @@ int x25519_shared_secret(const curve25519_key *private_key,
 /* Max diff between group and modulus size in bytes */
 #define LTC_MDSA_DELTA     512
 
-/* Max DSA group size in bytes (default allows 4k-bit groups) */
-#define LTC_MDSA_MAX_GROUP 512
+/* Max DSA group size in bytes */
+#define LTC_MDSA_MAX_GROUP 64
+
+/* Max DSA modulus size in bytes (the actual DSA size, max 4096 bits) */
+#define LTC_MDSA_MAX_MODULUS 512
+
 
 /** DSA key structure */
 typedef struct {

diff --git a/src/misc/crypt/crypt_constants.c b/src/misc/crypt/crypt_constants.c
@@ -102,6 +102,7 @@ static const crypt_constant s_crypt_constants[] = {
     {"LTC_MDSA", 1},
     C_STRINGIFY(LTC_MDSA_DELTA),
     C_STRINGIFY(LTC_MDSA_MAX_GROUP),
+    C_STRINGIFY(LTC_MDSA_MAX_MODULUS),
 #else
     {"LTC_MDSA", 0},
 #endif

diff --git a/src/pk/dsa/dsa_generate_pqg.c b/src/pk/dsa/dsa_generate_pqg.c
@@ -26,9 +26,10 @@ static int s_dsa_make_params(prng_state *prng, int wprng, int group_size, int mo
   int err, res, mr_tests_q, mr_tests_p, found_p, found_q, hash;
   unsigned char *wbuf, *sbuf, digest[MAXBLOCKSIZE];
   void *t2L1, *t2N1, *t2q, *t2seedlen, *U, *W, *X, *c, *h, *e, *seedinc;
+  const char *accepted_hashes[] = { "sha3-512", "sha512", "sha3-384", "sha384", "sha3-256", "sha256" };
 
   /* check size */
-  if (group_size >= LTC_MDSA_MAX_GROUP || group_size < 1 || group_size >= modulus_size) {
+  if (group_size > LTC_MDSA_MAX_GROUP || group_size < 1 || group_size >= modulus_size || modulus_size > LTC_MDSA_MAX_MODULUS) {
     return CRYPT_INVALID_ARG;
   }
 
@@ -87,16 +88,15 @@ static int s_dsa_make_params(prng_state *prng, int wprng, int group_size, int mo
   else                { mr_tests_q = 64; }
 #endif
 
-  if (N <= 256) {
-    hash = register_hash(&sha256_desc);
+  hash = -1;
+  for (i = 0; i < sizeof(accepted_hashes)/sizeof(accepted_hashes[0]); ++i) {
+    hash = find_hash(accepted_hashes[i]);
+    if (hash != -1) break;
   }
-  else if (N <= 384) {
-    hash = register_hash(&sha384_desc);
+  if (hash == -1) {
+    return CRYPT_INVALID_ARG; /* no appropriate hash function found */
   }
-  else if (N <= 512) {
-    hash = register_hash(&sha512_desc);
-  }
-  else {
+  if (N > hash_descriptor[hash].hashsize * 8) {
     return CRYPT_INVALID_ARG; /* group_size too big */
   }
 

diff --git a/tests/dsa_test.c b/tests/dsa_test.c
@@ -298,6 +298,19 @@ static int s_dsa_wycheproof_test(void)
    return CRYPT_OK;
 }
 
+static int s_dsa_gen_test(void)
+{
+   dsa_key key;
+   int sizes[4][2] = { { 20, 128 }, {30, 256 }, {35, 384 }, { 40, 512 } };
+   int i;
+   for (i = 0; i < 4; i++) {
+      DO(dsa_generate_pqg(&yarrow_prng, find_prng("yarrow"), sizes[i][0], sizes[i][1], &key));
+      DO(dsa_generate_key(&yarrow_prng, find_prng("yarrow"), &key));
+      dsa_free(&key);
+   }
+   return CRYPT_OK;
+}
+
 int dsa_test(void)
 {
    unsigned char msg[16], out[1024], out2[1024], ch;
@@ -307,6 +320,7 @@ int dsa_test(void)
 
    if (ltc_mp.name == NULL) return CRYPT_NOP;
 
+   DO(s_dsa_gen_test());
    DO(s_dsa_compat_test());
    DO(s_dsa_wycheproof_test());