Mercurial > dropbear

comparison libtomcrypt/src/pk/dsa/dsa_encrypt_key.c @ 1471:6dba84798cd5

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Update to libtomcrypt 1.18.1, merged with Dropbear changes
author Matt Johnston <matt@ucc.asn.au>
date Fri, 09 Feb 2018 21:44:05 +0800
parents f849a5ca2efc
children
comparison
equal deleted inserted replaced
1470:8bba51a55704 1471:6dba84798cd5
3 * LibTomCrypt is a library that provides various cryptographic 3 * LibTomCrypt is a library that provides various cryptographic
4 * algorithms in a highly modular and flexible manner. 4 * algorithms in a highly modular and flexible manner.
5 * 5 *
6 * The library is free for all purposes without any express 6 * The library is free for all purposes without any express
7 * guarantee it works. 7 * guarantee it works.
8 *
9 * Tom St Denis, [email protected], http://libtom.org
10 */ 8 */
11 #include "tomcrypt.h" 9 #include "tomcrypt.h"
12 10
13 /** 11 /**
14 @file dsa_encrypt_key.c 12 @file dsa_encrypt_key.c
15 DSA Crypto, Tom St Denis 13 DSA Crypto, Tom St Denis
16 */ 14 */
17 15
18 #ifdef LTC_MDSA 16 #ifdef LTC_MDSA
19 17
20 /** 18 /**
21 Encrypt a symmetric key with DSA 19 Encrypt a symmetric key with DSA
22 @param in The symmetric key you want to encrypt 20 @param in The symmetric key you want to encrypt
23 @param inlen The length of the key to encrypt (octets) 21 @param inlen The length of the key to encrypt (octets)
24 @param out [out] The destination for the ciphertext 22 @param out [out] The destination for the ciphertext
25 @param outlen [in/out] The max size and resulting size of the ciphertext 23 @param outlen [in/out] The max size and resulting size of the ciphertext
26 @param prng An active PRNG state 24 @param prng An active PRNG state
27 @param wprng The index of the PRNG you wish to use 25 @param wprng The index of the PRNG you wish to use
28 @param hash The index of the hash you want to use 26 @param hash The index of the hash you want to use
29 @param key The DSA key you want to encrypt to 27 @param key The DSA key you want to encrypt to
30 @return CRYPT_OK if successful 28 @return CRYPT_OK if successful
31 */ 29 */
32 int dsa_encrypt_key(const unsigned char *in, unsigned long inlen, 30 int dsa_encrypt_key(const unsigned char *in, unsigned long inlen,
33 unsigned char *out, unsigned long *outlen, 31 unsigned char *out, unsigned long *outlen,
34 prng_state *prng, int wprng, int hash, 32 prng_state *prng, int wprng, int hash,
35 dsa_key *key) 33 dsa_key *key)
36 { 34 {
37 unsigned char *expt, *skey; 35 unsigned char *expt, *skey;
38 void *g_pub, *g_priv; 36 void *g_pub, *g_priv;
39 unsigned long x, y; 37 unsigned long x, y;
59 57
60 /* make a random key and export the public copy */ 58 /* make a random key and export the public copy */
61 if ((err = mp_init_multi(&g_pub, &g_priv, NULL)) != CRYPT_OK) { 59 if ((err = mp_init_multi(&g_pub, &g_priv, NULL)) != CRYPT_OK) {
62 return err; 60 return err;
63 } 61 }
64 62
65 expt = XMALLOC(mp_unsigned_bin_size(key->p) + 1); 63 expt = XMALLOC(mp_unsigned_bin_size(key->p) + 1);
66 skey = XMALLOC(MAXBLOCKSIZE); 64 skey = XMALLOC(MAXBLOCKSIZE);
67 if (expt == NULL || skey == NULL) { 65 if (expt == NULL || skey == NULL) {
68 if (expt != NULL) { 66 if (expt != NULL) {
69 XFREE(expt); 67 XFREE(expt);
72 XFREE(skey); 70 XFREE(skey);
73 } 71 }
74 mp_clear_multi(g_pub, g_priv, NULL); 72 mp_clear_multi(g_pub, g_priv, NULL);
75 return CRYPT_MEM; 73 return CRYPT_MEM;
76 } 74 }
77 75
78 /* make a random x, g^x pair */ 76 /* make a random g_priv, g_pub = g^x pair
79 x = mp_unsigned_bin_size(key->q); 77 private key x should be in range: 1 <= x <= q-1 (see FIPS 186-4 B.1.2)
80 if (prng_descriptor[wprng].read(expt, x, prng) != x) { 78 */
81 err = CRYPT_ERROR_READPRNG; 79 if ((err = rand_bn_upto(g_priv, key->q, prng, wprng)) != CRYPT_OK) {
82 goto LBL_ERR; 80 goto LBL_ERR;
83 } 81 }
84 82
85 /* load x */
86 if ((err = mp_read_unsigned_bin(g_priv, expt, x)) != CRYPT_OK) {
87 goto LBL_ERR;
88 }
89
90 /* compute y */ 83 /* compute y */
91 if ((err = mp_exptmod(key->g, g_priv, key->p, g_pub)) != CRYPT_OK) { 84 if ((err = mp_exptmod(key->g, g_priv, key->p, g_pub)) != CRYPT_OK) {
92 goto LBL_ERR; 85 goto LBL_ERR;
93 } 86 }
94 87
95 /* make random key */ 88 /* make random key */
96 x = mp_unsigned_bin_size(key->p) + 1; 89 x = mp_unsigned_bin_size(key->p) + 1;
97 if ((err = dsa_shared_secret(g_priv, key->y, key, expt, &x)) != CRYPT_OK) { 90 if ((err = dsa_shared_secret(g_priv, key->y, key, expt, &x)) != CRYPT_OK) {
98 goto LBL_ERR; 91 goto LBL_ERR;
99 } 92 }
100 93
101 y = MAXBLOCKSIZE; 94 y = MAXBLOCKSIZE;
102 if ((err = hash_memory(hash, expt, x, skey, &y)) != CRYPT_OK) { 95 if ((err = hash_memory(hash, expt, x, skey, &y)) != CRYPT_OK) {
103 goto LBL_ERR; 96 goto LBL_ERR;
104 } 97 }
105 98
106 /* Encrypt key */ 99 /* Encrypt key */
107 for (x = 0; x < inlen; x++) { 100 for (x = 0; x < inlen; x++) {
108 skey[x] ^= in[x]; 101 skey[x] ^= in[x];
109 } 102 }
110 103
121 zeromem(skey, MAXBLOCKSIZE); 114 zeromem(skey, MAXBLOCKSIZE);
122 #endif 115 #endif
123 116
124 XFREE(skey); 117 XFREE(skey);
125 XFREE(expt); 118 XFREE(expt);
126 119
127 mp_clear_multi(g_pub, g_priv, NULL); 120 mp_clear_multi(g_pub, g_priv, NULL);
128 return err; 121 return err;
129 } 122 }
130 123
131 #endif 124 #endif
132 /* $Source$ */ 125 /* ref: $Format:%D$ */
133 /* $Revision$ */ 126 /* git commit: $Format:%H$ */
134 /* $Date$ */ 127 /* commit time: $Format:%ai$ */
135 128