Remove duplicate implementations of some DSA/ECDSA functions

src/lib/CMakeLists.txt

@@ -242,6 +242,7 @@ configure_file(config.h.in config.h)
 if(CRYPTO_BACKEND_OPENSSL)
   set(CRYPTO_SOURCES
     crypto/bn_ossl.cpp
+    crypto/dsa_common.cpp
     crypto/dsa_ossl.cpp
     crypto/ec_curves.cpp
     crypto/ec_ossl.cpp
@@ -272,6 +273,7 @@ if(CRYPTO_BACKEND_OPENSSL)
 elseif(CRYPTO_BACKEND_BOTAN)
   set(CRYPTO_SOURCES
     crypto/bn.cpp
+    crypto/dsa_common.cpp
     crypto/dsa.cpp
     crypto/ec_curves.cpp
     crypto/ec.cpp

src/lib/crypto/dsa.cpp

@@ -82,8 +82,7 @@
 #include "dsa.h"
 #include "bn.h"
 #include "utils.h"
-
-#define DSA_MAX_Q_BITLEN 256
+#include "dsa_common.h"
 
 rnp_result_t
 dsa_validate_key(rnp::RNG *rng, const pgp_dsa_key_t *key, bool secret)
@@ -347,31 +346,3 @@ dsa_generate(rnp::RNG *rng, pgp_dsa_key_t *key, size_t keylen, size_t qbits)
     botan_pubkey_destroy(key_pub);
     return ret;
 }
-
-pgp_hash_alg_t
-dsa_get_min_hash(size_t qsize)
-{
-    /*
-     * I'm using _broken_ SHA1 here only because
-     * some old implementations may not understand keys created
-     * with other hashes. If you're sure we don't have to support
-     * such implementations, please be my guest and remove it.
-     */
-    return (qsize < 160)  ? PGP_HASH_UNKNOWN :
-           (qsize == 160) ? PGP_HASH_SHA1 :
-           (qsize <= 224) ? PGP_HASH_SHA224 :
-           (qsize <= 256) ? PGP_HASH_SHA256 :
-           (qsize <= 384) ? PGP_HASH_SHA384 :
-           (qsize <= 512) ? PGP_HASH_SHA512
-                            /*(qsize>512)*/ :
-                            PGP_HASH_UNKNOWN;
-}
-
-size_t
-dsa_choose_qsize_by_psize(size_t psize)
-{
-    return (psize == 1024) ? 160 :
-           (psize <= 2047) ? 224 :
-           (psize <= 3072) ? DSA_MAX_Q_BITLEN :
-                             0;
-}

src/lib/crypto/dsa_common.cpp

@@ -0,0 +1,77 @@
+/*-
+ * Copyright (c) 2021-2024 Ribose Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDERS OR CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "crypto.h"
+#include "config.h"
+#include "defaults.h"
+#include "dsa_common.h"
+
+pgp_hash_alg_t
+dsa_get_min_hash(size_t qsize)
+{
+    /*
+     * I'm using _broken_ SHA1 here only because
+     * some old implementations may not understand keys created
+     * with other hashes. If you're sure we don't have to support
+     * such implementations, please be my guest and remove it.
+     */
+    return (qsize < 160)  ? PGP_HASH_UNKNOWN :
+           (qsize == 160) ? PGP_HASH_SHA1 :
+           (qsize <= 224) ? PGP_HASH_SHA224 :
+           (qsize <= 256) ? PGP_HASH_SHA256 :
+           (qsize <= 384) ? PGP_HASH_SHA384 :
+           (qsize <= 512) ? PGP_HASH_SHA512
+                            /*(qsize>512)*/ :
+                            PGP_HASH_UNKNOWN;
+}
+
+size_t
+dsa_choose_qsize_by_psize(size_t psize)
+{
+    return (psize == 1024) ? 160 :
+           (psize <= 2047) ? 224 :
+           (psize <= 3072) ? DSA_MAX_Q_BITLEN :
+                             0;
+}
+
+pgp_hash_alg_t
+ecdsa_get_min_hash(pgp_curve_t curve)
+{
+    switch (curve) {
+    case PGP_CURVE_NIST_P_256:
+    case PGP_CURVE_BP256:
+    case PGP_CURVE_P256K1:
+        return PGP_HASH_SHA256;
+    case PGP_CURVE_NIST_P_384:
+    case PGP_CURVE_BP384:
+        return PGP_HASH_SHA384;
+    case PGP_CURVE_NIST_P_521:
+    case PGP_CURVE_BP512:
+        return PGP_HASH_SHA512;
+    default:
+        return PGP_HASH_UNKNOWN;
+    }
+}

src/lib/crypto/dsa_common.h

@@ -0,0 +1,32 @@
+/*-
+ * Copyright (c) 2021-2024 Ribose Inc.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDERS OR CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef RNP_DSA_COMMON_H_
+#define RNP_DSA_COMMON_H_
+
+#define DSA_MAX_Q_BITLEN 256
+
+#endif

src/lib/crypto/dsa_ossl.cpp

@@ -35,13 +35,12 @@
 #include <openssl/dh.h>
 #include <openssl/err.h>
 #include <openssl/evp.h>
+#include "dsa_common.h"
 #if defined(CRYPTO_BACKEND_OPENSSL3)
 #include <openssl/core_names.h>
 #include <openssl/param_build.h>
 #endif
 
-#define DSA_MAX_Q_BITLEN 256
-
 static bool
 dsa_decode_sig(const uint8_t *data, size_t len, pgp_dsa_signature_t &sig)
 {
@@ -403,31 +402,3 @@ dsa_generate(rnp::RNG *rng, pgp_dsa_key_t *key, size_t keylen, size_t qbits)
     EVP_PKEY_free(pkey);
     return ret;
 }
-
-pgp_hash_alg_t
-dsa_get_min_hash(size_t qsize)
-{
-    /*
-     * I'm using _broken_ SHA1 here only because
-     * some old implementations may not understand keys created
-     * with other hashes. If you're sure we don't have to support
-     * such implementations, please be my guest and remove it.
-     */
-    return (qsize < 160)  ? PGP_HASH_UNKNOWN :
-           (qsize == 160) ? PGP_HASH_SHA1 :
-           (qsize <= 224) ? PGP_HASH_SHA224 :
-           (qsize <= 256) ? PGP_HASH_SHA256 :
-           (qsize <= 384) ? PGP_HASH_SHA384 :
-           (qsize <= 512) ? PGP_HASH_SHA512
-                            /*(qsize>512)*/ :
-                            PGP_HASH_UNKNOWN;
-}
-
-size_t
-dsa_choose_qsize_by_psize(size_t psize)
-{
-    return (psize == 1024) ? 160 :
-           (psize <= 2047) ? 224 :
-           (psize <= 3072) ? DSA_MAX_Q_BITLEN :
-                             0;
-}

src/lib/crypto/ecdsa.cpp

@@ -245,22 +245,3 @@ ecdsa_verify(const pgp_ec_signature_t *sig,
     botan_pk_op_verify_destroy(verifier);
     return ret;
 }
-
-pgp_hash_alg_t
-ecdsa_get_min_hash(pgp_curve_t curve)
-{
-    switch (curve) {
-    case PGP_CURVE_NIST_P_256:
-    case PGP_CURVE_BP256:
-    case PGP_CURVE_P256K1:
-        return PGP_HASH_SHA256;
-    case PGP_CURVE_NIST_P_384:
-    case PGP_CURVE_BP384:
-        return PGP_HASH_SHA384;
-    case PGP_CURVE_NIST_P_521:
-    case PGP_CURVE_BP512:
-        return PGP_HASH_SHA512;
-    default:
-        return PGP_HASH_UNKNOWN;
-    }
-}

src/lib/crypto/ecdsa_ossl.cpp

@@ -169,22 +169,3 @@ ecdsa_verify(const pgp_ec_signature_t *sig,
     EVP_PKEY_free(evpkey);
     return ret;
 }
-
-pgp_hash_alg_t
-ecdsa_get_min_hash(pgp_curve_t curve)
-{
-    switch (curve) {
-    case PGP_CURVE_NIST_P_256:
-    case PGP_CURVE_BP256:
-    case PGP_CURVE_P256K1:
-        return PGP_HASH_SHA256;
-    case PGP_CURVE_NIST_P_384:
-    case PGP_CURVE_BP384:
-        return PGP_HASH_SHA384;
-    case PGP_CURVE_NIST_P_521:
-    case PGP_CURVE_BP512:
-        return PGP_HASH_SHA512;
-    default:
-        return PGP_HASH_UNKNOWN;
-    }
-}