Mercurial > dropbear
comparison libtomcrypt/src/pk/dsa/dsa_sign_hash.c @ 389:5ff8218bcee9
propagate from branch 'au.asn.ucc.matt.ltm.dropbear' (head 2af95f00ebd5bb7a28b3817db1218442c935388e)
to branch 'au.asn.ucc.matt.dropbear' (head ecd779509ef23a8cdf64888904fc9b31d78aa933)
| author | Matt Johnston <matt@ucc.asn.au> |
|---|---|
| date | Thu, 11 Jan 2007 03:14:55 +0000 |
| parents | 0cbe8f6dbf9e |
| children | f849a5ca2efc |
comparison
equal
deleted
inserted
replaced
| 388:fb54020f78e1 | 389:5ff8218bcee9 |
|---|---|
| 1 /* LibTomCrypt, modular cryptographic library -- Tom St Denis | |
| 2 * | |
| 3 * LibTomCrypt is a library that provides various cryptographic | |
| 4 * algorithms in a highly modular and flexible manner. | |
| 5 * | |
| 6 * The library is free for all purposes without any express | |
| 7 * guarantee it works. | |
| 8 * | |
| 9 * Tom St Denis, [email protected], http://libtomcrypt.com | |
| 10 */ | |
| 11 #include "tomcrypt.h" | |
| 12 | |
| 13 /** | |
| 14 @file dsa_sign_hash.c | |
| 15 DSA implementation, sign a hash, Tom St Denis | |
| 16 */ | |
| 17 | |
| 18 #ifdef MDSA | |
| 19 | |
| 20 /** | |
| 21 Sign a hash with DSA | |
| 22 @param in The hash to sign | |
| 23 @param inlen The length of the hash to sign | |
| 24 @param r The "r" integer of the signature (caller must initialize with mp_init() first) | |
| 25 @param s The "s" integer of the signature (caller must initialize with mp_init() first) | |
| 26 @param prng An active PRNG state | |
| 27 @param wprng The index of the PRNG desired | |
| 28 @param key A private DSA key | |
| 29 @return CRYPT_OK if successful | |
| 30 */ | |
| 31 int dsa_sign_hash_raw(const unsigned char *in, unsigned long inlen, | |
| 32 void *r, void *s, | |
| 33 prng_state *prng, int wprng, dsa_key *key) | |
| 34 { | |
| 35 void *k, *kinv, *tmp; | |
| 36 unsigned char *buf; | |
| 37 int err; | |
| 38 | |
| 39 LTC_ARGCHK(in != NULL); | |
| 40 LTC_ARGCHK(r != NULL); | |
| 41 LTC_ARGCHK(s != NULL); | |
| 42 LTC_ARGCHK(key != NULL); | |
| 43 | |
| 44 if ((err = prng_is_valid(wprng)) != CRYPT_OK) { | |
| 45 return err; | |
| 46 } | |
| 47 if (key->type != PK_PRIVATE) { | |
| 48 return CRYPT_PK_NOT_PRIVATE; | |
| 49 } | |
| 50 | |
| 51 /* check group order size */ | |
| 52 if (key->qord >= MDSA_MAX_GROUP) { | |
| 53 return CRYPT_INVALID_ARG; | |
| 54 } | |
| 55 | |
| 56 buf = XMALLOC(MDSA_MAX_GROUP); | |
| 57 if (buf == NULL) { | |
| 58 return CRYPT_MEM; | |
| 59 } | |
| 60 | |
| 61 /* Init our temps */ | |
| 62 if ((err = mp_init_multi(&k, &kinv, &tmp, NULL)) != CRYPT_OK) { goto ERRBUF; } | |
| 63 | |
| 64 retry: | |
| 65 | |
| 66 do { | |
| 67 /* gen random k */ | |
| 68 if (prng_descriptor[wprng].read(buf, key->qord, prng) != (unsigned long)key->qord) { | |
| 69 err = CRYPT_ERROR_READPRNG; | |
| 70 goto error; | |
| 71 } | |
| 72 | |
| 73 /* read k */ | |
| 74 if ((err = mp_read_unsigned_bin(k, buf, key->qord)) != CRYPT_OK) { goto error; } | |
| 75 | |
| 76 /* k > 1 ? */ | |
| 77 if (mp_cmp_d(k, 1) != LTC_MP_GT) { goto retry; } | |
| 78 | |
| 79 /* test gcd */ | |
| 80 if ((err = mp_gcd(k, key->q, tmp)) != CRYPT_OK) { goto error; } | |
| 81 } while (mp_cmp_d(tmp, 1) != LTC_MP_EQ); | |
| 82 | |
| 83 /* now find 1/k mod q */ | |
| 84 if ((err = mp_invmod(k, key->q, kinv)) != CRYPT_OK) { goto error; } | |
| 85 | |
| 86 /* now find r = g^k mod p mod q */ | |
| 87 if ((err = mp_exptmod(key->g, k, key->p, r)) != CRYPT_OK) { goto error; } | |
| 88 if ((err = mp_mod(r, key->q, r)) != CRYPT_OK) { goto error; } | |
| 89 | |
| 90 if (mp_iszero(r) == LTC_MP_YES) { goto retry; } | |
| 91 | |
| 92 /* now find s = (in + xr)/k mod q */ | |
| 93 if ((err = mp_read_unsigned_bin(tmp, (unsigned char *)in, inlen)) != CRYPT_OK) { goto error; } | |
| 94 if ((err = mp_mul(key->x, r, s)) != CRYPT_OK) { goto error; } | |
| 95 if ((err = mp_add(s, tmp, s)) != CRYPT_OK) { goto error; } | |
| 96 if ((err = mp_mulmod(s, kinv, key->q, s)) != CRYPT_OK) { goto error; } | |
| 97 | |
| 98 if (mp_iszero(s) == LTC_MP_YES) { goto retry; } | |
| 99 | |
| 100 err = CRYPT_OK; | |
| 101 error: | |
| 102 mp_clear_multi(k, kinv, tmp, NULL); | |
| 103 ERRBUF: | |
| 104 #ifdef LTC_CLEAN_STACK | |
| 105 zeromem(buf, MDSA_MAX_GROUP); | |
| 106 #endif | |
| 107 XFREE(buf); | |
| 108 return err; | |
| 109 } | |
| 110 | |
| 111 /** | |
| 112 Sign a hash with DSA | |
| 113 @param in The hash to sign | |
| 114 @param inlen The length of the hash to sign | |
| 115 @param out [out] Where to store the signature | |
| 116 @param outlen [in/out] The max size and resulting size of the signature | |
| 117 @param prng An active PRNG state | |
| 118 @param wprng The index of the PRNG desired | |
| 119 @param key A private DSA key | |
| 120 @return CRYPT_OK if successful | |
| 121 */ | |
| 122 int dsa_sign_hash(const unsigned char *in, unsigned long inlen, | |
| 123 unsigned char *out, unsigned long *outlen, | |
| 124 prng_state *prng, int wprng, dsa_key *key) | |
| 125 { | |
| 126 void *r, *s; | |
| 127 int err; | |
| 128 | |
| 129 LTC_ARGCHK(in != NULL); | |
| 130 LTC_ARGCHK(out != NULL); | |
| 131 LTC_ARGCHK(outlen != NULL); | |
| 132 LTC_ARGCHK(key != NULL); | |
| 133 | |
| 134 if (mp_init_multi(&r, &s, NULL) != CRYPT_OK) { | |
| 135 return CRYPT_MEM; | |
| 136 } | |
| 137 | |
| 138 if ((err = dsa_sign_hash_raw(in, inlen, r, s, prng, wprng, key)) != CRYPT_OK) { | |
| 139 goto error; | |
| 140 } | |
| 141 | |
| 142 err = der_encode_sequence_multi(out, outlen, | |
| 143 LTC_ASN1_INTEGER, 1UL, r, | |
| 144 LTC_ASN1_INTEGER, 1UL, s, | |
| 145 LTC_ASN1_EOL, 0UL, NULL); | |
| 146 | |
| 147 error: | |
| 148 mp_clear_multi(r, s, NULL); | |
| 149 return err; | |
| 150 } | |
| 151 | |
| 152 #endif | |
| 153 | |
| 154 /* $Source: /cvs/libtom/libtomcrypt/src/pk/dsa/dsa_sign_hash.c,v $ */ | |
| 155 /* $Revision: 1.12 $ */ | |
| 156 /* $Date: 2006/12/04 22:27:56 $ */ |