Mercurial > dropbear

comparison libtomcrypt/src/pk/dsa/dsa_make_key.c @ 1471:6dba84798cd5

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Update to libtomcrypt 1.18.1, merged with Dropbear changes
author Matt Johnston <matt@ucc.asn.au>
date Fri, 09 Feb 2018 21:44:05 +0800
parents f849a5ca2efc
children
comparison
equal deleted inserted replaced
1470:8bba51a55704 1471:6dba84798cd5
3 * LibTomCrypt is a library that provides various cryptographic 3 * LibTomCrypt is a library that provides various cryptographic
4 * algorithms in a highly modular and flexible manner. 4 * algorithms in a highly modular and flexible manner.
5 * 5 *
6 * The library is free for all purposes without any express 6 * The library is free for all purposes without any express
7 * guarantee it works. 7 * guarantee it works.
8 *
9 * Tom St Denis, [email protected], http://libtom.org
10 */ 8 */
11 #include "tomcrypt.h" 9 #include "tomcrypt.h"
12 10
13 /** 11 /**
14 @file dsa_make_key.c 12 @file dsa_make_key.c
15 DSA implementation, generate a DSA key, Tom St Denis 13 DSA implementation, generate a DSA key
16 */ 14 */
17 15
18 #ifdef LTC_MDSA 16 #ifdef LTC_MDSA
19 17
20 /** 18 /**
21 Create a DSA key 19 Old-style creation of a DSA key
22 @param prng An active PRNG state 20 @param prng An active PRNG state
23 @param wprng The index of the PRNG desired 21 @param wprng The index of the PRNG desired
24 @param group_size Size of the multiplicative group (octets) 22 @param group_size Size of the multiplicative group (octets)
25 @param modulus_size Size of the modulus (octets) 23 @param modulus_size Size of the modulus (octets)
26 @param key [out] Where to store the created key 24 @param key [out] Where to store the created key
27 @return CRYPT_OK if successful, upon error this function will free all allocated memory 25 @return CRYPT_OK if successful.
28 */ 26 */
29 int dsa_make_key(prng_state *prng, int wprng, int group_size, int modulus_size, dsa_key *key) 27 int dsa_make_key(prng_state *prng, int wprng, int group_size, int modulus_size, dsa_key *key)
30 { 28 {
31 void *tmp, *tmp2; 29 int err;
32 int err, res;
33 unsigned char *buf;
34 30
35 LTC_ARGCHK(key != NULL); 31 if ((err = dsa_generate_pqg(prng, wprng, group_size, modulus_size, key)) != CRYPT_OK) { return err; }
36 LTC_ARGCHK(ltc_mp.name != NULL); 32 if ((err = dsa_generate_key(prng, wprng, key)) != CRYPT_OK) { return err; }
37 33
38 /* check prng */ 34 return CRYPT_OK;
39 if ((err = prng_is_valid(wprng)) != CRYPT_OK) {
40 return err;
41 }
42
43 /* check size */
44 if (group_size >= LTC_MDSA_MAX_GROUP || group_size <= 15 ||
45 group_size >= modulus_size || (modulus_size - group_size) >= LTC_MDSA_DELTA) {
46 return CRYPT_INVALID_ARG;
47 }
48
49 /* allocate ram */
50 buf = XMALLOC(LTC_MDSA_DELTA);
51 if (buf == NULL) {
52 return CRYPT_MEM;
53 }
54
55 /* init mp_ints */
56 if ((err = mp_init_multi(&tmp, &tmp2, &key->g, &key->q, &key->p, &key->x, &key->y, NULL)) != CRYPT_OK) {
57 XFREE(buf);
58 return err;
59 }
60
61 /* make our prime q */
62 if ((err = rand_prime(key->q, group_size, prng, wprng)) != CRYPT_OK) { goto error; }
63
64 /* double q */
65 if ((err = mp_add(key->q, key->q, tmp)) != CRYPT_OK) { goto error; }
66
67 /* now make a random string and multply it against q */
68 if (prng_descriptor[wprng].read(buf+1, modulus_size - group_size, prng) != (unsigned long)(modulus_size - group_size)) {
69 err = CRYPT_ERROR_READPRNG;
70 goto error;
71 }
72
73 /* force magnitude */
74 buf[0] |= 0xC0;
75
76 /* force even */
77 buf[modulus_size - group_size - 1] &= ~1;
78
79 if ((err = mp_read_unsigned_bin(tmp2, buf, modulus_size - group_size)) != CRYPT_OK) { goto error; }
80 if ((err = mp_mul(key->q, tmp2, key->p)) != CRYPT_OK) { goto error; }
81 if ((err = mp_add_d(key->p, 1, key->p)) != CRYPT_OK) { goto error; }
82
83 /* now loop until p is prime */
84 for (;;) {
85 if ((err = mp_prime_is_prime(key->p, 8, &res)) != CRYPT_OK) { goto error; }
86 if (res == LTC_MP_YES) break;
87
88 /* add 2q to p and 2 to tmp2 */
89 if ((err = mp_add(tmp, key->p, key->p)) != CRYPT_OK) { goto error; }
90 if ((err = mp_add_d(tmp2, 2, tmp2)) != CRYPT_OK) { goto error; }
91 }
92
93 /* now p = (q * tmp2) + 1 is prime, find a value g for which g^tmp2 != 1 */
94 mp_set(key->g, 1);
95
96 do {
97 if ((err = mp_add_d(key->g, 1, key->g)) != CRYPT_OK) { goto error; }
98 if ((err = mp_exptmod(key->g, tmp2, key->p, tmp)) != CRYPT_OK) { goto error; }
99 } while (mp_cmp_d(tmp, 1) == LTC_MP_EQ);
100
101 /* at this point tmp generates a group of order q mod p */
102 mp_exch(tmp, key->g);
103
104 /* so now we have our DH structure, generator g, order q, modulus p
105 Now we need a random exponent [mod q] and it's power g^x mod p
106 */
107 do {
108 if (prng_descriptor[wprng].read(buf, group_size, prng) != (unsigned long)group_size) {
109 err = CRYPT_ERROR_READPRNG;
110 goto error;
111 }
112 if ((err = mp_read_unsigned_bin(key->x, buf, group_size)) != CRYPT_OK) { goto error; }
113 } while (mp_cmp_d(key->x, 1) != LTC_MP_GT);
114 if ((err = mp_exptmod(key->g, key->x, key->p, key->y)) != CRYPT_OK) { goto error; }
115
116 key->type = PK_PRIVATE;
117 key->qord = group_size;
118
119 #ifdef LTC_CLEAN_STACK
120 zeromem(buf, LTC_MDSA_DELTA);
121 #endif
122
123 err = CRYPT_OK;
124 goto done;
125 error:
126 mp_clear_multi(key->g, key->q, key->p, key->x, key->y, NULL);
127 done:
128 mp_clear_multi(tmp, tmp2, NULL);
129 XFREE(buf);
130 return err;
131 } 35 }
132 36
133 #endif 37 #endif
134 38
135 /* $Source$ */ 39 /* ref: $Format:%D$ */
136 /* $Revision$ */ 40 /* git commit: $Format:%H$ */
137 /* $Date$ */ 41 /* commit time: $Format:%ai$ */