comparison libtomcrypt/src/pk/dsa/dsa_sign_hash.c @ 285:1b9e69c058d2

propagate from branch 'au.asn.ucc.matt.ltc.dropbear' (head 20dccfc09627970a312d77fb41dc2970b62689c3) to branch 'au.asn.ucc.matt.dropbear' (head fdf4a7a3b97ae5046139915de7e40399cceb2c01)
author Matt Johnston <matt@ucc.asn.au>
date Wed, 08 Mar 2006 13:23:58 +0000
parents
children 0cbe8f6dbf9e
comparison
equal deleted inserted replaced
281:997e6f7dc01e 285:1b9e69c058d2
1 /* LibTomCrypt, modular cryptographic library -- Tom St Denis
2 *
3 * LibTomCrypt is a library that provides various cryptographic
4 * algorithms in a highly modular and flexible manner.
5 *
6 * The library is free for all purposes without any express
7 * guarantee it works.
8 *
9 * Tom St Denis, [email protected], http://libtomcrypt.org
10 */
11 #include "tomcrypt.h"
12
13 /**
14 @file dsa_sign_hash.c
15 DSA implementation, sign a hash, Tom St Denis
16 */
17
18 #ifdef MDSA
19
20 /**
21 Sign a hash with DSA
22 @param in The hash to sign
23 @param inlen The length of the hash to sign
24 @param r The "r" integer of the signature (caller must initialize with mp_init() first)
25 @param s The "s" integer of the signature (caller must initialize with mp_init() first)
26 @param prng An active PRNG state
27 @param wprng The index of the PRNG desired
28 @param key A private DSA key
29 @return CRYPT_OK if successful
30 */
31 int dsa_sign_hash_raw(const unsigned char *in, unsigned long inlen,
32 mp_int *r, mp_int *s,
33 prng_state *prng, int wprng, dsa_key *key)
34 {
35 mp_int k, kinv, tmp;
36 unsigned char *buf;
37 int err;
38
39 LTC_ARGCHK(in != NULL);
40 LTC_ARGCHK(r != NULL);
41 LTC_ARGCHK(s != NULL);
42 LTC_ARGCHK(key != NULL);
43
44 if ((err = prng_is_valid(wprng)) != CRYPT_OK) {
45 return err;
46 }
47 if (key->type != PK_PRIVATE) {
48 return CRYPT_PK_NOT_PRIVATE;
49 }
50
51 /* check group order size */
52 if (key->qord >= MDSA_MAX_GROUP) {
53 return CRYPT_INVALID_ARG;
54 }
55
56 buf = XMALLOC(MDSA_MAX_GROUP);
57 if (buf == NULL) {
58 return CRYPT_MEM;
59 }
60
61 /* Init our temps */
62 if ((err = mp_init_multi(&k, &kinv, &tmp, NULL)) != MP_OKAY) { goto error; }
63
64 retry:
65
66 do {
67 /* gen random k */
68 if (prng_descriptor[wprng].read(buf, key->qord, prng) != (unsigned long)key->qord) {
69 err = CRYPT_ERROR_READPRNG;
70 goto LBL_ERR;
71 }
72
73 /* read k */
74 if ((err = mp_read_unsigned_bin(&k, buf, key->qord)) != MP_OKAY) { goto error; }
75
76 /* k > 1 ? */
77 if (mp_cmp_d(&k, 1) != MP_GT) { goto retry; }
78
79 /* test gcd */
80 if ((err = mp_gcd(&k, &key->q, &tmp)) != MP_OKAY) { goto error; }
81 } while (mp_cmp_d(&tmp, 1) != MP_EQ);
82
83 /* now find 1/k mod q */
84 if ((err = mp_invmod(&k, &key->q, &kinv)) != MP_OKAY) { goto error; }
85
86 /* now find r = g^k mod p mod q */
87 if ((err = mp_exptmod(&key->g, &k, &key->p, r)) != MP_OKAY) { goto error; }
88 if ((err = mp_mod(r, &key->q, r)) != MP_OKAY) { goto error; }
89
90 if (mp_iszero(r) == MP_YES) { goto retry; }
91
92 /* now find s = (in + xr)/k mod q */
93 if ((err = mp_read_unsigned_bin(&tmp, (unsigned char *)in, inlen)) != MP_OKAY) { goto error; }
94 if ((err = mp_mul(&key->x, r, s)) != MP_OKAY) { goto error; }
95 if ((err = mp_add(s, &tmp, s)) != MP_OKAY) { goto error; }
96 if ((err = mp_mulmod(s, &kinv, &key->q, s)) != MP_OKAY) { goto error; }
97
98 if (mp_iszero(s) == MP_YES) { goto retry; }
99
100 err = CRYPT_OK;
101 goto LBL_ERR;
102
103 error:
104 err = mpi_to_ltc_error(err);
105 LBL_ERR:
106 mp_clear_multi(&k, &kinv, &tmp, NULL);
107 #ifdef LTC_CLEAN_STACK
108 zeromem(buf, MDSA_MAX_GROUP);
109 #endif
110 XFREE(buf);
111 return err;
112 }
113
114 /**
115 Sign a hash with DSA
116 @param in The hash to sign
117 @param inlen The length of the hash to sign
118 @param out [out] Where to store the signature
119 @param outlen [in/out] The max size and resulting size of the signature
120 @param prng An active PRNG state
121 @param wprng The index of the PRNG desired
122 @param key A private DSA key
123 @return CRYPT_OK if successful
124 */
125 int dsa_sign_hash(const unsigned char *in, unsigned long inlen,
126 unsigned char *out, unsigned long *outlen,
127 prng_state *prng, int wprng, dsa_key *key)
128 {
129 mp_int r, s;
130 int err;
131
132 LTC_ARGCHK(in != NULL);
133 LTC_ARGCHK(out != NULL);
134 LTC_ARGCHK(outlen != NULL);
135 LTC_ARGCHK(key != NULL);
136
137 if (mp_init_multi(&r, &s, NULL) != MP_OKAY) {
138 return CRYPT_MEM;
139 }
140
141 if ((err = dsa_sign_hash_raw(in, inlen, &r, &s, prng, wprng, key)) != CRYPT_OK) {
142 goto LBL_ERR;
143 }
144
145 err = der_encode_sequence_multi(out, outlen,
146 LTC_ASN1_INTEGER, 1UL, &r,
147 LTC_ASN1_INTEGER, 1UL, &s,
148 LTC_ASN1_EOL, 0UL, NULL);
149
150 LBL_ERR:
151 mp_clear_multi(&r, &s, NULL);
152 return err;
153 }
154
155 #endif
156
157 /* $Source: /cvs/libtom/libtomcrypt/src/pk/dsa/dsa_sign_hash.c,v $ */
158 /* $Revision: 1.6 $ */
159 /* $Date: 2005/05/15 21:48:59 $ */