Skip to content

dsa: support for different size of keys #1058

Description

@baloo

Context: PGP has some very old keys including some very weak DSA keys (768 / 960 bit keys). But also some odd-ball 4096 bit keys (that I can't find a documentation/standard for). See rpgp/rpgp#573 (comment)

Since we migrated dsa to crypto-bigint (#906), dsa will only accept key sizes specified by NIST:

pub const DSA_1024_160: Self = Self { l: 1024, n: 160 };
/// DSA parameter size constant: L = 2048, N = 224
pub const DSA_2048_224: Self = Self { l: 2048, n: 224 };
/// DSA parameter size constant: L = 2048, N = 256
pub const DSA_2048_256: Self = Self { l: 2048, n: 256 };
/// DSA parameter size constant: L = 3072, N = 256
pub const DSA_3072_256: Self = Self { l: 3072, n: 256 };

NIST standard NIST.FIPS.186-4 Section 4.2 Selection of Parameter Sizes and Hash Functions for DSA:
https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf#page=25

  • Is there a will to support older / weak key sizes (under an hazmat flag)?

  • Should we just skip the key size checks? A Components::from_components_unchecked method?

    let key_size = match (p.bits_precision(), q.bits_precision()) {
    #[allow(deprecated)]
    (p, q) if KeySize::DSA_1024_160.matches(p, q) => KeySize::DSA_1024_160,
    (p, q) if KeySize::DSA_2048_224.matches(p, q) => KeySize::DSA_2048_224,
    (p, q) if KeySize::DSA_2048_256.matches(p, q) => KeySize::DSA_2048_256,
    (p, q) if KeySize::DSA_3072_256.matches(p, q) => KeySize::DSA_3072_256,
    _ => return Err(signature::Error::new()),
    };

cc @hko-s @dignifiedquire

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions