Mercurial > dropbear
comparison libtomcrypt/src/pk/dsa/dsa_sign_hash.c @ 285:1b9e69c058d2
propagate from branch 'au.asn.ucc.matt.ltc.dropbear' (head 20dccfc09627970a312d77fb41dc2970b62689c3)
to branch 'au.asn.ucc.matt.dropbear' (head fdf4a7a3b97ae5046139915de7e40399cceb2c01)
| author | Matt Johnston <matt@ucc.asn.au> |
|---|---|
| date | Wed, 08 Mar 2006 13:23:58 +0000 |
| parents | |
| children | 0cbe8f6dbf9e |
comparison
equal
deleted
inserted
replaced
| 281:997e6f7dc01e | 285:1b9e69c058d2 |
|---|---|
| 1 /* LibTomCrypt, modular cryptographic library -- Tom St Denis | |
| 2 * | |
| 3 * LibTomCrypt is a library that provides various cryptographic | |
| 4 * algorithms in a highly modular and flexible manner. | |
| 5 * | |
| 6 * The library is free for all purposes without any express | |
| 7 * guarantee it works. | |
| 8 * | |
| 9 * Tom St Denis, [email protected], http://libtomcrypt.org | |
| 10 */ | |
| 11 #include "tomcrypt.h" | |
| 12 | |
| 13 /** | |
| 14 @file dsa_sign_hash.c | |
| 15 DSA implementation, sign a hash, Tom St Denis | |
| 16 */ | |
| 17 | |
| 18 #ifdef MDSA | |
| 19 | |
| 20 /** | |
| 21 Sign a hash with DSA | |
| 22 @param in The hash to sign | |
| 23 @param inlen The length of the hash to sign | |
| 24 @param r The "r" integer of the signature (caller must initialize with mp_init() first) | |
| 25 @param s The "s" integer of the signature (caller must initialize with mp_init() first) | |
| 26 @param prng An active PRNG state | |
| 27 @param wprng The index of the PRNG desired | |
| 28 @param key A private DSA key | |
| 29 @return CRYPT_OK if successful | |
| 30 */ | |
| 31 int dsa_sign_hash_raw(const unsigned char *in, unsigned long inlen, | |
| 32 mp_int *r, mp_int *s, | |
| 33 prng_state *prng, int wprng, dsa_key *key) | |
| 34 { | |
| 35 mp_int k, kinv, tmp; | |
| 36 unsigned char *buf; | |
| 37 int err; | |
| 38 | |
| 39 LTC_ARGCHK(in != NULL); | |
| 40 LTC_ARGCHK(r != NULL); | |
| 41 LTC_ARGCHK(s != NULL); | |
| 42 LTC_ARGCHK(key != NULL); | |
| 43 | |
| 44 if ((err = prng_is_valid(wprng)) != CRYPT_OK) { | |
| 45 return err; | |
| 46 } | |
| 47 if (key->type != PK_PRIVATE) { | |
| 48 return CRYPT_PK_NOT_PRIVATE; | |
| 49 } | |
| 50 | |
| 51 /* check group order size */ | |
| 52 if (key->qord >= MDSA_MAX_GROUP) { | |
| 53 return CRYPT_INVALID_ARG; | |
| 54 } | |
| 55 | |
| 56 buf = XMALLOC(MDSA_MAX_GROUP); | |
| 57 if (buf == NULL) { | |
| 58 return CRYPT_MEM; | |
| 59 } | |
| 60 | |
| 61 /* Init our temps */ | |
| 62 if ((err = mp_init_multi(&k, &kinv, &tmp, NULL)) != MP_OKAY) { goto error; } | |
| 63 | |
| 64 retry: | |
| 65 | |
| 66 do { | |
| 67 /* gen random k */ | |
| 68 if (prng_descriptor[wprng].read(buf, key->qord, prng) != (unsigned long)key->qord) { | |
| 69 err = CRYPT_ERROR_READPRNG; | |
| 70 goto LBL_ERR; | |
| 71 } | |
| 72 | |
| 73 /* read k */ | |
| 74 if ((err = mp_read_unsigned_bin(&k, buf, key->qord)) != MP_OKAY) { goto error; } | |
| 75 | |
| 76 /* k > 1 ? */ | |
| 77 if (mp_cmp_d(&k, 1) != MP_GT) { goto retry; } | |
| 78 | |
| 79 /* test gcd */ | |
| 80 if ((err = mp_gcd(&k, &key->q, &tmp)) != MP_OKAY) { goto error; } | |
| 81 } while (mp_cmp_d(&tmp, 1) != MP_EQ); | |
| 82 | |
| 83 /* now find 1/k mod q */ | |
| 84 if ((err = mp_invmod(&k, &key->q, &kinv)) != MP_OKAY) { goto error; } | |
| 85 | |
| 86 /* now find r = g^k mod p mod q */ | |
| 87 if ((err = mp_exptmod(&key->g, &k, &key->p, r)) != MP_OKAY) { goto error; } | |
| 88 if ((err = mp_mod(r, &key->q, r)) != MP_OKAY) { goto error; } | |
| 89 | |
| 90 if (mp_iszero(r) == MP_YES) { goto retry; } | |
| 91 | |
| 92 /* now find s = (in + xr)/k mod q */ | |
| 93 if ((err = mp_read_unsigned_bin(&tmp, (unsigned char *)in, inlen)) != MP_OKAY) { goto error; } | |
| 94 if ((err = mp_mul(&key->x, r, s)) != MP_OKAY) { goto error; } | |
| 95 if ((err = mp_add(s, &tmp, s)) != MP_OKAY) { goto error; } | |
| 96 if ((err = mp_mulmod(s, &kinv, &key->q, s)) != MP_OKAY) { goto error; } | |
| 97 | |
| 98 if (mp_iszero(s) == MP_YES) { goto retry; } | |
| 99 | |
| 100 err = CRYPT_OK; | |
| 101 goto LBL_ERR; | |
| 102 | |
| 103 error: | |
| 104 err = mpi_to_ltc_error(err); | |
| 105 LBL_ERR: | |
| 106 mp_clear_multi(&k, &kinv, &tmp, NULL); | |
| 107 #ifdef LTC_CLEAN_STACK | |
| 108 zeromem(buf, MDSA_MAX_GROUP); | |
| 109 #endif | |
| 110 XFREE(buf); | |
| 111 return err; | |
| 112 } | |
| 113 | |
| 114 /** | |
| 115 Sign a hash with DSA | |
| 116 @param in The hash to sign | |
| 117 @param inlen The length of the hash to sign | |
| 118 @param out [out] Where to store the signature | |
| 119 @param outlen [in/out] The max size and resulting size of the signature | |
| 120 @param prng An active PRNG state | |
| 121 @param wprng The index of the PRNG desired | |
| 122 @param key A private DSA key | |
| 123 @return CRYPT_OK if successful | |
| 124 */ | |
| 125 int dsa_sign_hash(const unsigned char *in, unsigned long inlen, | |
| 126 unsigned char *out, unsigned long *outlen, | |
| 127 prng_state *prng, int wprng, dsa_key *key) | |
| 128 { | |
| 129 mp_int r, s; | |
| 130 int err; | |
| 131 | |
| 132 LTC_ARGCHK(in != NULL); | |
| 133 LTC_ARGCHK(out != NULL); | |
| 134 LTC_ARGCHK(outlen != NULL); | |
| 135 LTC_ARGCHK(key != NULL); | |
| 136 | |
| 137 if (mp_init_multi(&r, &s, NULL) != MP_OKAY) { | |
| 138 return CRYPT_MEM; | |
| 139 } | |
| 140 | |
| 141 if ((err = dsa_sign_hash_raw(in, inlen, &r, &s, prng, wprng, key)) != CRYPT_OK) { | |
| 142 goto LBL_ERR; | |
| 143 } | |
| 144 | |
| 145 err = der_encode_sequence_multi(out, outlen, | |
| 146 LTC_ASN1_INTEGER, 1UL, &r, | |
| 147 LTC_ASN1_INTEGER, 1UL, &s, | |
| 148 LTC_ASN1_EOL, 0UL, NULL); | |
| 149 | |
| 150 LBL_ERR: | |
| 151 mp_clear_multi(&r, &s, NULL); | |
| 152 return err; | |
| 153 } | |
| 154 | |
| 155 #endif | |
| 156 | |
| 157 /* $Source: /cvs/libtom/libtomcrypt/src/pk/dsa/dsa_sign_hash.c,v $ */ | |
| 158 /* $Revision: 1.6 $ */ | |
| 159 /* $Date: 2005/05/15 21:48:59 $ */ |