simplify GenerateKeyDSA

microsoft · Dec 10, 2024 · 09305cc · 09305cc
1 parent 550ad80
commit 09305cc
Show file tree

Hide file tree

Showing 2 changed files with 46 additions and 27 deletions.
diff --git a/cng/dsa.go b/cng/dsa.go
@@ -61,11 +61,11 @@ func (p DSAParameters) groupSize() uint32 {
 	return uint32(len(p.Q))
 }
 
-// GenerateDSAParameters generates a set of DSA parameters for a key of size L bytes.
+// GenerateParametersDSA generates a set of DSA parameters for a key of size L bytes.
 // If L is less than or equal to 1024, the parameters are generated according to FIPS 186-2.
 // If L is greater than 1024, the parameters are generated according to FIPS 186-3.
 // The returned parameters are suitable for use in GenerateKey.
-func GenerateDSAParameters(L int) (params DSAParameters, err error) {
+func GenerateParametersDSA(L int) (params DSAParameters, err error) {
 	h, err := loadDSA()
 	if err != nil {
 		return DSAParameters{}, err
@@ -113,35 +113,31 @@ func (k *PublicKeyDSA) finalize() {
 }
 
 // GenerateKeyDSA generates a new private DSA key using the given parameters.
-func GenerateKeyDSA(params DSAParameters) (*PrivateKeyDSA, error) {
+func GenerateKeyDSA(params DSAParameters) (x, y BigInt, err error) {
 	h, err := loadDSA()
 	if err != nil {
-		return nil, err
+		return nil, nil, err
 	}
 	keySize := params.keySize()
 	if !keyIsAllowed(h.allowedKeyLengths, keySize*8) {
-		return nil, errors.New("crypto/dsa: invalid key size")
+		return nil, nil, errors.New("crypto/dsa: invalid key size")
 	}
 	var hkey bcrypt.KEY_HANDLE
 	if err := bcrypt.GenerateKeyPair(h.handle, &hkey, keySize*8, 0); err != nil {
-		return nil, err
+		return nil, nil, err
 	}
+	defer bcrypt.DestroyKey(hkey)
 	if err := setDSAParameter(hkey, params); err != nil {
-		bcrypt.DestroyKey(hkey)
-		return nil, err
+		return nil, nil, err
 	}
 	if err := bcrypt.FinalizeKeyPair(hkey, 0); err != nil {
-		bcrypt.DestroyKey(hkey)
-		return nil, err
+		return nil, nil, err
 	}
-	_, x, y, err := decodeDSAKey(hkey, true)
+	_, x, y, err = decodeDSAKey(hkey, true)
 	if err != nil {
-		bcrypt.DestroyKey(hkey)
-		return nil, err
+		return nil, nil, err
 	}
-	k := &PrivateKeyDSA{params, x, y, hkey}
-	runtime.SetFinalizer(k, (*PrivateKeyDSA).finalize)
-	return k, nil
+	return x, y, nil
 }
 
 // NewPrivateKeyDSA creates a new DSA private key from the given parameters.
@@ -288,7 +284,7 @@ func encodeDSAKey(h bcrypt.ALG_HANDLE, params DSAParameters, X, Y BigInt) (bcryp
 		copy(blob, (*(*[sizeOfDSAV2BlobHeader]byte)(unsafe.Pointer(&hdr)))[:])
 		data := blob[sizeOfDSAV2BlobHeader:]
 		if err := encodeBigInt(data, []sizedBigInt{
-			{dsaSeedNil[:], groupSize},
+			{dsaSeedNil[:groupSize], groupSize},
 			{params.Q, groupSize},
 			{params.P, keySize},
 			{params.G, keySize},
@@ -459,7 +455,7 @@ func hashAlgFromGroup(groupSize int) bcrypt.HASHALGORITHM_ENUM {
 	switch groupSize {
 	case 20:
 		return bcrypt.DSA_HASH_ALGORITHM_SHA1
-	case 32:
+	case 28, 32:
 		return bcrypt.DSA_HASH_ALGORITHM_SHA256
 	case 64:
 		return bcrypt.DSA_HASH_ALGORITHM_SHA512

diff --git a/cng/dsa_test.go b/cng/dsa_test.go
@@ -16,13 +16,13 @@ import (
 )
 
 func TestDSAGenerateParameters(t *testing.T) {
-	testGenerateDSAParameters(t, 1024, 160)
-	testGenerateDSAParameters(t, 2048, 256)
-	testGenerateDSAParameters(t, 3072, 256)
+	testGenerateParametersDSA(t, 1024, 160)
+	testGenerateParametersDSA(t, 2048, 256)
+	testGenerateParametersDSA(t, 3072, 256)
 }
 
-func testGenerateDSAParameters(t *testing.T, L, N int) {
-	params, err := cng.GenerateDSAParameters(L)
+func testGenerateParametersDSA(t *testing.T, L, N int) {
+	params, err := cng.GenerateParametersDSA(L)
 	if err != nil {
 		t.Errorf("%d-%d: error generating parameters: %s", L, N, err)
 		return
@@ -47,17 +47,19 @@ func testGenerateDSAParameters(t *testing.T, L, N int) {
 	if rem.Sign() != 0 {
 		t.Errorf("%d-%d: p-1 mod q != 0", L, N)
 	}
-	x := new(big.Int).Exp(G, quo, P)
-	if x.Cmp(one) == 0 {
+	if x := new(big.Int).Exp(G, quo, P); x.Cmp(one) == 0 {
 		t.Errorf("%d-%d: invalid generator", L, N)
 	}
 
-	priv, err := cng.GenerateKeyDSA(params)
+	x, y, err := cng.GenerateKeyDSA(params)
 	if err != nil {
 		t.Errorf("error generating key: %s", err)
 		return
 	}
-
+	priv, err := cng.NewPrivateKeyDSA(params, x, y)
+	if err != nil {
+		t.Errorf("error creating key: %s", err)
+	}
 	testDSASignAndVerify(t, L, priv)
 }
 
@@ -128,6 +130,27 @@ func TestDSASignAndVerify(t *testing.T) {
 	testDSASignAndVerify(t, 0, priv)
 }
 
+func TestDSASignAndVerify224(t *testing.T) {
+	var gparams dsa.Parameters
+	err := dsa.GenerateParameters(&gparams, cng.RandReader, dsa.L2048N224)
+	if err != nil {
+		t.Fatalf("error generating parameters: %s", err)
+	}
+	params := cng.DSAParameters{
+		P: bbig.Enc(gparams.P),
+		Q: bbig.Enc(gparams.Q),
+		G: bbig.Enc(gparams.G),
+	}
+	X := bbig.Enc(fromHex("5078D4D29795CBE76D3AACFE48C9AF0BCDBEE91A"))
+	Y := bbig.Enc(fromHex("32969E5780CFE1C849A1C276D7AEB4F38A23B591739AA2FE197349AEEBD31366AEE5EB7E6C6DDB7C57D02432B30DB5AA66D9884299FAA72568944E4EEDC92EA3FBC6F39F53412FBCC563208F7C15B737AC8910DBC2D9C9B8C001E72FDC40EB694AB1F06A5A2DBD18D9E36C66F31F566742F11EC0A52E9F7B89355C02FB5D32D2"))
+	priv, err := cng.NewPrivateKeyDSA(params, X, Y)
+	if err != nil {
+		t.Fatalf("error generating key: %s", err)
+	}
+
+	testDSASignAndVerify(t, 0, priv)
+}
+
 func TestDSANewPublicKeyWithBadPublicKey(t *testing.T) {
 	params := cng.DSAParameters{
 		P: bbig.Enc(fromHex("A9B5B793FB4785793D246BAE77E8FF63CA52F442DA763C440259919FE1BC1D6065A9350637A04F75A2F039401D49F08E066C4D275A5A65DA5684BC563C14289D7AB8A67163BFBF79D85972619AD2CFF55AB0EE77A9002B0EF96293BDD0F42685EBB2C66C327079F6C98000FBCB79AACDE1BC6F9D5C7B1A97E3D9D54ED7951FEF")),