Mercurial > dropbear
comparison dss.c @ 640:76097ec1a29a dropbear-tfm
- Bring in original tomsfastmath patch against 0.52 from Peter Turczak
in 2008
author | Matt Johnston <matt@ucc.asn.au> |
---|---|
date | Mon, 21 Nov 2011 19:19:57 +0800 |
parents | a124aff0cbf1 |
children | 2b1bb792cd4d |
comparison
equal
deleted
inserted
replaced
518:ce104c8b0be1 | 640:76097ec1a29a |
---|---|
45 * Returns DROPBEAR_SUCCESS or DROPBEAR_FAILURE */ | 45 * Returns DROPBEAR_SUCCESS or DROPBEAR_FAILURE */ |
46 int buf_get_dss_pub_key(buffer* buf, dss_key *key) { | 46 int buf_get_dss_pub_key(buffer* buf, dss_key *key) { |
47 | 47 |
48 TRACE(("enter buf_get_dss_pub_key")) | 48 TRACE(("enter buf_get_dss_pub_key")) |
49 dropbear_assert(key != NULL); | 49 dropbear_assert(key != NULL); |
50 key->p = m_malloc(sizeof(mp_int)); | 50 key->p = m_malloc(sizeof(fp_int)); |
51 key->q = m_malloc(sizeof(mp_int)); | 51 key->q = m_malloc(sizeof(fp_int)); |
52 key->g = m_malloc(sizeof(mp_int)); | 52 key->g = m_malloc(sizeof(fp_int)); |
53 key->y = m_malloc(sizeof(mp_int)); | 53 key->y = m_malloc(sizeof(fp_int)); |
54 m_mp_init_multi(key->p, key->q, key->g, key->y, NULL); | 54 fp_init(key->p); |
55 fp_init(key->q); | |
56 fp_init(key->g); | |
57 fp_init(key->y); | |
55 key->x = NULL; | 58 key->x = NULL; |
56 | 59 |
57 buf_incrpos(buf, 4+SSH_SIGNKEY_DSS_LEN); /* int + "ssh-dss" */ | 60 buf_incrpos(buf, 4+SSH_SIGNKEY_DSS_LEN); /* int + "ssh-dss" */ |
58 if (buf_getmpint(buf, key->p) == DROPBEAR_FAILURE | 61 if (buf_getfpint(buf, key->p) == DROPBEAR_FAILURE |
59 || buf_getmpint(buf, key->q) == DROPBEAR_FAILURE | 62 || buf_getfpint(buf, key->q) == DROPBEAR_FAILURE |
60 || buf_getmpint(buf, key->g) == DROPBEAR_FAILURE | 63 || buf_getfpint(buf, key->g) == DROPBEAR_FAILURE |
61 || buf_getmpint(buf, key->y) == DROPBEAR_FAILURE) { | 64 || buf_getfpint(buf, key->y) == DROPBEAR_FAILURE) { |
62 TRACE(("leave buf_get_dss_pub_key: failed reading mpints")) | 65 TRACE(("leave buf_get_dss_pub_key: failed reading fpints")) |
63 return DROPBEAR_FAILURE; | 66 return DROPBEAR_FAILURE; |
64 } | 67 } |
65 | 68 |
66 if (mp_count_bits(key->p) < MIN_DSS_KEYLEN) { | 69 if (fp_count_bits(key->p) < MIN_DSS_KEYLEN) { |
67 dropbear_log(LOG_WARNING, "DSS key too short"); | 70 dropbear_log(LOG_WARNING, "DSS key too short"); |
68 TRACE(("leave buf_get_dss_pub_key: short key")) | 71 TRACE(("leave buf_get_dss_pub_key: short key")) |
69 return DROPBEAR_FAILURE; | 72 return DROPBEAR_FAILURE; |
70 } | 73 } |
71 | 74 |
85 ret = buf_get_dss_pub_key(buf, key); | 88 ret = buf_get_dss_pub_key(buf, key); |
86 if (ret == DROPBEAR_FAILURE) { | 89 if (ret == DROPBEAR_FAILURE) { |
87 return DROPBEAR_FAILURE; | 90 return DROPBEAR_FAILURE; |
88 } | 91 } |
89 | 92 |
90 key->x = m_malloc(sizeof(mp_int)); | 93 key->x = m_malloc(sizeof(fp_int)); |
91 m_mp_init(key->x); | 94 m_fp_init(key->x); |
92 ret = buf_getmpint(buf, key->x); | 95 ret = buf_getfpint(buf, key->x); |
93 if (ret == DROPBEAR_FAILURE) { | 96 if (ret == DROPBEAR_FAILURE) { |
94 m_free(key->x); | 97 m_free(key->x); |
95 } | 98 } |
96 | 99 |
97 return ret; | 100 return ret; |
105 if (key == NULL) { | 108 if (key == NULL) { |
106 TRACE(("enter dsa_key_free: key == NULL")) | 109 TRACE(("enter dsa_key_free: key == NULL")) |
107 return; | 110 return; |
108 } | 111 } |
109 if (key->p) { | 112 if (key->p) { |
110 mp_clear(key->p); | 113 fp_zero(key->p); |
111 m_free(key->p); | 114 m_free(key->p); |
112 } | 115 } |
113 if (key->q) { | 116 if (key->q) { |
114 mp_clear(key->q); | 117 fp_zero(key->q); |
115 m_free(key->q); | 118 m_free(key->q); |
116 } | 119 } |
117 if (key->g) { | 120 if (key->g) { |
118 mp_clear(key->g); | 121 fp_zero(key->g); |
119 m_free(key->g); | 122 m_free(key->g); |
120 } | 123 } |
121 if (key->y) { | 124 if (key->y) { |
122 mp_clear(key->y); | 125 fp_zero(key->y); |
123 m_free(key->y); | 126 m_free(key->y); |
124 } | 127 } |
125 if (key->x) { | 128 if (key->x) { |
126 mp_clear(key->x); | 129 fp_zero(key->x); |
127 m_free(key->x); | 130 m_free(key->x); |
128 } | 131 } |
129 m_free(key); | 132 m_free(key); |
130 TRACE(("leave dsa_key_free")) | 133 TRACE(("leave dsa_key_free")) |
131 } | 134 } |
132 | 135 |
133 /* put the dss public key into the buffer in the required format: | 136 /* put the dss public key into the buffer in the required format: |
134 * | 137 * |
135 * string "ssh-dss" | 138 * string "ssh-dss" |
136 * mpint p | 139 * fpint p |
137 * mpint q | 140 * fpint q |
138 * mpint g | 141 * fpint g |
139 * mpint y | 142 * fpint y |
140 */ | 143 */ |
141 void buf_put_dss_pub_key(buffer* buf, dss_key *key) { | 144 void buf_put_dss_pub_key(buffer* buf, dss_key *key) { |
142 | 145 |
143 dropbear_assert(key != NULL); | 146 dropbear_assert(key != NULL); |
144 buf_putstring(buf, SSH_SIGNKEY_DSS, SSH_SIGNKEY_DSS_LEN); | 147 buf_putstring(buf, SSH_SIGNKEY_DSS, SSH_SIGNKEY_DSS_LEN); |
145 buf_putmpint(buf, key->p); | 148 buf_putfpint(buf, key->p); |
146 buf_putmpint(buf, key->q); | 149 buf_putfpint(buf, key->q); |
147 buf_putmpint(buf, key->g); | 150 buf_putfpint(buf, key->g); |
148 buf_putmpint(buf, key->y); | 151 buf_putfpint(buf, key->y); |
149 | 152 |
150 } | 153 } |
151 | 154 |
152 /* Same as buf_put_dss_pub_key, but with the private "x" key appended */ | 155 /* Same as buf_put_dss_pub_key, but with the private "x" key appended */ |
153 void buf_put_dss_priv_key(buffer* buf, dss_key *key) { | 156 void buf_put_dss_priv_key(buffer* buf, dss_key *key) { |
154 | 157 |
155 dropbear_assert(key != NULL); | 158 dropbear_assert(key != NULL); |
156 buf_put_dss_pub_key(buf, key); | 159 buf_put_dss_pub_key(buf, key); |
157 buf_putmpint(buf, key->x); | 160 buf_putfpint(buf, key->x); |
158 | 161 |
159 } | 162 } |
160 | 163 |
161 #ifdef DROPBEAR_SIGNKEY_VERIFY | 164 #ifdef DROPBEAR_SIGNKEY_VERIFY |
162 /* Verify a DSS signature (in buf) made on data by the key given. | 165 /* Verify a DSS signature (in buf) made on data by the key given. |
165 unsigned int len) { | 168 unsigned int len) { |
166 | 169 |
167 unsigned char msghash[SHA1_HASH_SIZE]; | 170 unsigned char msghash[SHA1_HASH_SIZE]; |
168 hash_state hs; | 171 hash_state hs; |
169 int ret = DROPBEAR_FAILURE; | 172 int ret = DROPBEAR_FAILURE; |
170 DEF_MP_INT(val1); | 173 DEF_FP_INT(val1); |
171 DEF_MP_INT(val2); | 174 DEF_FP_INT(val2); |
172 DEF_MP_INT(val3); | 175 DEF_FP_INT(val3); |
173 DEF_MP_INT(val4); | 176 DEF_FP_INT(val4); |
174 char * string = NULL; | 177 char * string = NULL; |
175 int stringlen; | 178 int stringlen; |
176 | 179 |
177 TRACE(("enter buf_dss_verify")) | 180 TRACE(("enter buf_dss_verify")) |
178 dropbear_assert(key != NULL); | 181 dropbear_assert(key != NULL); |
179 | 182 |
180 m_mp_init_multi(&val1, &val2, &val3, &val4, NULL); | 183 fp_init(&val1); |
184 fp_init(&val2); | |
185 fp_init(&val3); | |
186 fp_init(&val4); | |
181 | 187 |
182 /* get blob, check length */ | 188 /* get blob, check length */ |
183 string = buf_getstring(buf, &stringlen); | 189 string = buf_getstring(buf, &stringlen); |
184 if (stringlen != 2*SHA1_HASH_SIZE) { | 190 if (stringlen != 2*SHA1_HASH_SIZE) { |
185 goto out; | 191 goto out; |
191 sha1_done(&hs, msghash); | 197 sha1_done(&hs, msghash); |
192 | 198 |
193 /* create the signature - s' and r' are the received signatures in buf */ | 199 /* create the signature - s' and r' are the received signatures in buf */ |
194 /* w = (s')-1 mod q */ | 200 /* w = (s')-1 mod q */ |
195 /* let val1 = s' */ | 201 /* let val1 = s' */ |
196 bytes_to_mp(&val1, &string[SHA1_HASH_SIZE], SHA1_HASH_SIZE); | 202 bytes_to_fp(&val1, &string[SHA1_HASH_SIZE], SHA1_HASH_SIZE); |
197 | 203 |
198 if (mp_cmp(&val1, key->q) != MP_LT) { | 204 if (fp_cmp(&val1, key->q) != FP_LT) { |
199 TRACE(("verify failed, s' >= q")) | 205 TRACE(("verify failed, s' >= q")) |
200 goto out; | 206 goto out; |
201 } | 207 } |
202 /* let val2 = w = (s')^-1 mod q*/ | 208 /* let val2 = w = (s')^-1 mod q*/ |
203 if (mp_invmod(&val1, key->q, &val2) != MP_OKAY) { | 209 if (fp_invmod(&val1, key->q, &val2) != FP_OKAY) { |
204 goto out; | 210 goto out; |
205 } | 211 } |
206 | 212 |
207 /* u1 = ((SHA(M')w) mod q */ | 213 /* u1 = ((SHA(M')w) mod q */ |
208 /* let val1 = SHA(M') = msghash */ | 214 /* let val1 = SHA(M') = msghash */ |
209 bytes_to_mp(&val1, msghash, SHA1_HASH_SIZE); | 215 bytes_to_fp(&val1, msghash, SHA1_HASH_SIZE); |
210 | 216 |
211 /* let val3 = u1 = ((SHA(M')w) mod q */ | 217 /* let val3 = u1 = ((SHA(M')w) mod q */ |
212 if (mp_mulmod(&val1, &val2, key->q, &val3) != MP_OKAY) { | 218 if (fp_mulmod(&val1, &val2, key->q, &val3) != FP_OKAY) { |
213 goto out; | 219 goto out; |
214 } | 220 } |
215 | 221 |
216 /* u2 = ((r')w) mod q */ | 222 /* u2 = ((r')w) mod q */ |
217 /* let val1 = r' */ | 223 /* let val1 = r' */ |
218 bytes_to_mp(&val1, &string[0], SHA1_HASH_SIZE); | 224 bytes_to_fp(&val1, &string[0], SHA1_HASH_SIZE); |
219 if (mp_cmp(&val1, key->q) != MP_LT) { | 225 if (fp_cmp(&val1, key->q) != FP_LT) { |
220 TRACE(("verify failed, r' >= q")) | 226 TRACE(("verify failed, r' >= q")) |
221 goto out; | 227 goto out; |
222 } | 228 } |
223 /* let val4 = u2 = ((r')w) mod q */ | 229 /* let val4 = u2 = ((r')w) mod q */ |
224 if (mp_mulmod(&val1, &val2, key->q, &val4) != MP_OKAY) { | 230 if (fp_mulmod(&val1, &val2, key->q, &val4) != FP_OKAY) { |
225 goto out; | 231 goto out; |
226 } | 232 } |
227 | 233 |
228 /* v = (((g)^u1 (y)^u2) mod p) mod q */ | 234 /* v = (((g)^u1 (y)^u2) mod p) mod q */ |
229 /* val2 = g^u1 mod p */ | 235 /* val2 = g^u1 mod p */ |
230 if (mp_exptmod(key->g, &val3, key->p, &val2) != MP_OKAY) { | 236 if (fp_exptmod(key->g, &val3, key->p, &val2) != FP_OKAY) { |
231 goto out; | 237 goto out; |
232 } | 238 } |
233 /* val3 = y^u2 mod p */ | 239 /* val3 = y^u2 mod p */ |
234 if (mp_exptmod(key->y, &val4, key->p, &val3) != MP_OKAY) { | 240 if (fp_exptmod(key->y, &val4, key->p, &val3) != FP_OKAY) { |
235 goto out; | 241 goto out; |
236 } | 242 } |
237 /* val4 = ((g)^u1 (y)^u2) mod p */ | 243 /* val4 = ((g)^u1 (y)^u2) mod p */ |
238 if (mp_mulmod(&val2, &val3, key->p, &val4) != MP_OKAY) { | 244 if (fp_mulmod(&val2, &val3, key->p, &val4) != FP_OKAY) { |
239 goto out; | 245 goto out; |
240 } | 246 } |
241 /* val2 = v = (((g)^u1 (y)^u2) mod p) mod q */ | 247 /* val2 = v = (((g)^u1 (y)^u2) mod p) mod q */ |
242 if (mp_mod(&val4, key->q, &val2) != MP_OKAY) { | 248 if (fp_mod(&val4, key->q, &val2) != FP_OKAY) { |
243 goto out; | 249 goto out; |
244 } | 250 } |
245 | 251 |
246 /* check whether signatures verify */ | 252 /* check whether signatures verify */ |
247 if (mp_cmp(&val2, &val1) == MP_EQ) { | 253 if (fp_cmp(&val2, &val1) == FP_EQ) { |
248 /* good sig */ | 254 /* good sig */ |
249 ret = DROPBEAR_SUCCESS; | 255 ret = DROPBEAR_SUCCESS; |
250 } | 256 } |
251 | 257 |
252 out: | 258 out: |
253 mp_clear_multi(&val1, &val2, &val3, &val4, NULL); | 259 m_fp_zero_multi(&val1, &val2, &val3, &val4, NULL); |
254 m_free(string); | 260 m_free(string); |
255 | 261 |
256 return ret; | 262 return ret; |
257 | 263 |
258 } | 264 } |
260 | 266 |
261 #ifdef DSS_PROTOK | 267 #ifdef DSS_PROTOK |
262 /* convert an unsigned mp into an array of bytes, malloced. | 268 /* convert an unsigned mp into an array of bytes, malloced. |
263 * This array must be freed after use, len contains the length of the array, | 269 * This array must be freed after use, len contains the length of the array, |
264 * if len != NULL */ | 270 * if len != NULL */ |
265 static unsigned char* mptobytes(mp_int *mp, int *len) { | 271 static unsigned char* fptobytes(fp_int *mp, int *len) { |
266 | 272 |
267 unsigned char* ret; | 273 unsigned char* ret; |
268 int size; | 274 int size; |
269 | 275 |
270 size = mp_unsigned_bin_size(mp); | 276 size = fp_unsigned_bin_size(mp); |
271 ret = m_malloc(size); | 277 ret = m_malloc(size); |
272 if (mp_to_unsigned_bin(mp, ret) != MP_OKAY) { | 278 fp_to_unsigned_bin(mp, ret); |
273 dropbear_exit("mem alloc error"); | |
274 } | |
275 if (len != NULL) { | 279 if (len != NULL) { |
276 *len = size; | 280 *len = size; |
277 } | 281 } |
278 return ret; | 282 return ret; |
279 } | 283 } |
300 unsigned int i; | 304 unsigned int i; |
301 #ifdef DSS_PROTOK | 305 #ifdef DSS_PROTOK |
302 unsigned char privkeyhash[SHA512_HASH_SIZE]; | 306 unsigned char privkeyhash[SHA512_HASH_SIZE]; |
303 unsigned char *privkeytmp; | 307 unsigned char *privkeytmp; |
304 unsigned char proto_k[SHA512_HASH_SIZE]; | 308 unsigned char proto_k[SHA512_HASH_SIZE]; |
305 DEF_MP_INT(dss_protok); | 309 DEF_FP_INT(dss_protok); |
306 #endif | 310 #endif |
307 DEF_MP_INT(dss_k); | 311 DEF_FP_INT(dss_k); |
308 DEF_MP_INT(dss_m); | 312 DEF_FP_INT(dss_m); |
309 DEF_MP_INT(dss_temp1); | 313 DEF_FP_INT(dss_temp1); |
310 DEF_MP_INT(dss_temp2); | 314 DEF_FP_INT(dss_temp2); |
311 DEF_MP_INT(dss_r); | 315 DEF_FP_INT(dss_r); |
312 DEF_MP_INT(dss_s); | 316 DEF_FP_INT(dss_s); |
313 hash_state hs; | 317 hash_state hs; |
314 | 318 |
315 TRACE(("enter buf_put_dss_sign")) | 319 TRACE(("enter buf_put_dss_sign")) |
316 dropbear_assert(key != NULL); | 320 dropbear_assert(key != NULL); |
317 | 321 |
318 /* hash the data */ | 322 /* hash the data */ |
319 sha1_init(&hs); | 323 sha1_init(&hs); |
320 sha1_process(&hs, data, len); | 324 sha1_process(&hs, data, len); |
321 sha1_done(&hs, msghash); | 325 sha1_done(&hs, msghash); |
322 | 326 |
323 m_mp_init_multi(&dss_k, &dss_temp1, &dss_temp2, &dss_r, &dss_s, | 327 m_fp_init_multi(&dss_k, &dss_temp1, &dss_temp2, &dss_r, &dss_s, |
324 &dss_m, NULL); | 328 &dss_m, NULL); |
325 #ifdef DSS_PROTOK | 329 #ifdef DSS_PROTOK |
326 /* hash the privkey */ | 330 /* hash the privkey */ |
327 privkeytmp = mptobytes(key->x, &i); | 331 privkeytmp = fptobytes(key->x, &i); |
328 sha512_init(&hs); | 332 sha512_init(&hs); |
329 sha512_process(&hs, "the quick brown fox jumped over the lazy dog", 44); | 333 sha512_process(&hs, "the quick brown fox jumped over the lazy dog", 44); |
330 sha512_process(&hs, privkeytmp, i); | 334 sha512_process(&hs, privkeytmp, i); |
331 sha512_done(&hs, privkeyhash); | 335 sha512_done(&hs, privkeyhash); |
332 m_burn(privkeytmp, i); | 336 m_burn(privkeytmp, i); |
337 sha512_process(&hs, privkeyhash, SHA512_HASH_SIZE); | 341 sha512_process(&hs, privkeyhash, SHA512_HASH_SIZE); |
338 sha512_process(&hs, msghash, SHA1_HASH_SIZE); | 342 sha512_process(&hs, msghash, SHA1_HASH_SIZE); |
339 sha512_done(&hs, proto_k); | 343 sha512_done(&hs, proto_k); |
340 | 344 |
341 /* generate k */ | 345 /* generate k */ |
342 m_mp_init(&dss_protok); | 346 m_fp_init(&dss_protok); |
343 bytes_to_mp(&dss_protok, proto_k, SHA512_HASH_SIZE); | 347 bytes_to_fp(&dss_protok, proto_k, SHA512_HASH_SIZE); |
344 if (mp_mod(&dss_protok, key->q, &dss_k) != MP_OKAY) { | 348 if (fp_mod(&dss_protok, key->q, &dss_k) != FP_OKAY) { |
345 dropbear_exit("dss error"); | 349 dropbear_exit("dss error"); |
346 } | 350 } |
347 mp_clear(&dss_protok); | 351 m_fp_zero(&dss_protok); |
348 m_burn(proto_k, SHA512_HASH_SIZE); | 352 m_burn(proto_k, SHA512_HASH_SIZE); |
349 #else /* DSS_PROTOK not defined*/ | 353 #else /* DSS_PROTOK not defined*/ |
350 gen_random_mpint(key->q, &dss_k); | 354 gen_random_fpint(key->q, &dss_k); |
351 #endif | 355 #endif |
352 | 356 |
353 /* now generate the actual signature */ | 357 /* now generate the actual signature */ |
354 bytes_to_mp(&dss_m, msghash, SHA1_HASH_SIZE); | 358 bytes_to_fp(&dss_m, msghash, SHA1_HASH_SIZE); |
355 | 359 |
356 /* g^k mod p */ | 360 /* g^k mod p */ |
357 if (mp_exptmod(key->g, &dss_k, key->p, &dss_temp1) != MP_OKAY) { | 361 if (fp_exptmod(key->g, &dss_k, key->p, &dss_temp1) != FP_OKAY) { |
358 dropbear_exit("dss error"); | 362 dropbear_exit("dss error"); |
359 } | 363 } |
360 /* r = (g^k mod p) mod q */ | 364 /* r = (g^k mod p) mod q */ |
361 if (mp_mod(&dss_temp1, key->q, &dss_r) != MP_OKAY) { | 365 if (fp_mod(&dss_temp1, key->q, &dss_r) != FP_OKAY) { |
362 dropbear_exit("dss error"); | 366 dropbear_exit("dss error"); |
363 } | 367 } |
364 | 368 |
365 /* x*r mod q */ | 369 /* x*r mod q */ |
366 if (mp_mulmod(&dss_r, key->x, key->q, &dss_temp1) != MP_OKAY) { | 370 if (fp_mulmod(&dss_r, key->x, key->q, &dss_temp1) != FP_OKAY) { |
367 dropbear_exit("dss error"); | 371 dropbear_exit("dss error"); |
368 } | 372 } |
369 /* (SHA1(M) + xr) mod q) */ | 373 /* (SHA1(M) + xr) mod q) */ |
370 if (mp_addmod(&dss_m, &dss_temp1, key->q, &dss_temp2) != MP_OKAY) { | 374 if (fp_addmod(&dss_m, &dss_temp1, key->q, &dss_temp2) != FP_OKAY) { |
371 dropbear_exit("dss error"); | 375 dropbear_exit("dss error"); |
372 } | 376 } |
373 | 377 |
374 /* (k^-1) mod q */ | 378 /* (k^-1) mod q */ |
375 if (mp_invmod(&dss_k, key->q, &dss_temp1) != MP_OKAY) { | 379 if (fp_invmod(&dss_k, key->q, &dss_temp1) != FP_OKAY) { |
376 dropbear_exit("dss error"); | 380 dropbear_exit("dss error"); |
377 } | 381 } |
378 | 382 |
379 /* s = (k^-1(SHA1(M) + xr)) mod q */ | 383 /* s = (k^-1(SHA1(M) + xr)) mod q */ |
380 if (mp_mulmod(&dss_temp1, &dss_temp2, key->q, &dss_s) != MP_OKAY) { | 384 if (fp_mulmod(&dss_temp1, &dss_temp2, key->q, &dss_s) != FP_OKAY) { |
381 dropbear_exit("dss error"); | 385 dropbear_exit("dss error"); |
382 } | 386 } |
383 | 387 |
384 buf_putstring(buf, SSH_SIGNKEY_DSS, SSH_SIGNKEY_DSS_LEN); | 388 buf_putstring(buf, SSH_SIGNKEY_DSS, SSH_SIGNKEY_DSS_LEN); |
385 buf_putint(buf, 2*SHA1_HASH_SIZE); | 389 buf_putint(buf, 2*SHA1_HASH_SIZE); |
386 | 390 |
387 writelen = mp_unsigned_bin_size(&dss_r); | 391 writelen = fp_unsigned_bin_size(&dss_r); |
388 dropbear_assert(writelen <= SHA1_HASH_SIZE); | 392 dropbear_assert(writelen <= SHA1_HASH_SIZE); |
389 /* need to pad to 160 bits with leading zeros */ | 393 /* need to pad to 160 bits with leading zeros */ |
390 for (i = 0; i < SHA1_HASH_SIZE - writelen; i++) { | 394 for (i = 0; i < SHA1_HASH_SIZE - writelen; i++) { |
391 buf_putbyte(buf, 0); | 395 buf_putbyte(buf, 0); |
392 } | 396 } |
393 if (mp_to_unsigned_bin(&dss_r, buf_getwriteptr(buf, writelen)) | 397 fp_to_unsigned_bin(&dss_r, buf_getwriteptr(buf, writelen)); |
394 != MP_OKAY) { | 398 fp_zero(&dss_r); |
395 dropbear_exit("dss error"); | |
396 } | |
397 mp_clear(&dss_r); | |
398 buf_incrwritepos(buf, writelen); | 399 buf_incrwritepos(buf, writelen); |
399 | 400 |
400 writelen = mp_unsigned_bin_size(&dss_s); | 401 writelen = fp_unsigned_bin_size(&dss_s); |
401 dropbear_assert(writelen <= SHA1_HASH_SIZE); | 402 dropbear_assert(writelen <= SHA1_HASH_SIZE); |
402 /* need to pad to 160 bits with leading zeros */ | 403 /* need to pad to 160 bits with leading zeros */ |
403 for (i = 0; i < SHA1_HASH_SIZE - writelen; i++) { | 404 for (i = 0; i < SHA1_HASH_SIZE - writelen; i++) { |
404 buf_putbyte(buf, 0); | 405 buf_putbyte(buf, 0); |
405 } | 406 } |
406 if (mp_to_unsigned_bin(&dss_s, buf_getwriteptr(buf, writelen)) | 407 fp_to_unsigned_bin(&dss_s, buf_getwriteptr(buf, writelen)); |
407 != MP_OKAY) { | 408 fp_zero(&dss_s); |
408 dropbear_exit("dss error"); | |
409 } | |
410 mp_clear(&dss_s); | |
411 buf_incrwritepos(buf, writelen); | 409 buf_incrwritepos(buf, writelen); |
412 | 410 |
413 mp_clear_multi(&dss_k, &dss_temp1, &dss_temp2, &dss_r, &dss_s, | 411 m_fp_zero_multi(&dss_k, &dss_temp1, &dss_temp2, &dss_r, &dss_s, |
414 &dss_m, NULL); | 412 &dss_m, NULL); |
415 | 413 |
416 /* create the signature to return */ | 414 /* create the signature to return */ |
417 | 415 |
418 TRACE(("leave buf_put_dss_sign")) | 416 TRACE(("leave buf_put_dss_sign")) |