Mercurial > dropbear
comparison dss.c @ 188:c9483550701b
- refactored random mp_int generation and byte->mp_int code
- added RSA blinding
| author | Matt Johnston <matt@ucc.asn.au> |
|---|---|
| date | Thu, 05 May 2005 03:58:21 +0000 |
| parents | 4349ed1b3f38 |
| children | c5d3ef11155f |
comparison
equal
deleted
inserted
replaced
| 187:c44df7123b0a | 188:c9483550701b |
|---|---|
| 188 sha1_done(&hs, msghash); | 188 sha1_done(&hs, msghash); |
| 189 | 189 |
| 190 /* create the signature - s' and r' are the received signatures in buf */ | 190 /* create the signature - s' and r' are the received signatures in buf */ |
| 191 /* w = (s')-1 mod q */ | 191 /* w = (s')-1 mod q */ |
| 192 /* let val1 = s' */ | 192 /* let val1 = s' */ |
| 193 if (mp_read_unsigned_bin(&val1, &string[SHA1_HASH_SIZE], SHA1_HASH_SIZE) | 193 bytes_to_mp(&val1, &string[SHA1_HASH_SIZE], SHA1_HASH_SIZE); |
| 194 != MP_OKAY) { | 194 |
| 195 goto out; | |
| 196 } | |
| 197 if (mp_cmp(&val1, key->q) != MP_LT) { | 195 if (mp_cmp(&val1, key->q) != MP_LT) { |
| 198 TRACE(("verify failed, s' >= q")) | 196 TRACE(("verify failed, s' >= q")) |
| 199 goto out; | 197 goto out; |
| 200 } | 198 } |
| 201 /* let val2 = w = (s')^-1 mod q*/ | 199 /* let val2 = w = (s')^-1 mod q*/ |
| 203 goto out; | 201 goto out; |
| 204 } | 202 } |
| 205 | 203 |
| 206 /* u1 = ((SHA(M')w) mod q */ | 204 /* u1 = ((SHA(M')w) mod q */ |
| 207 /* let val1 = SHA(M') = msghash */ | 205 /* let val1 = SHA(M') = msghash */ |
| 208 if (mp_read_unsigned_bin(&val1, msghash, SHA1_HASH_SIZE) != MP_OKAY) { | 206 bytes_to_mp(&val1, msghash, SHA1_HASH_SIZE); |
| 209 goto out; | 207 |
| 210 } | |
| 211 /* let val3 = u1 = ((SHA(M')w) mod q */ | 208 /* let val3 = u1 = ((SHA(M')w) mod q */ |
| 212 if (mp_mulmod(&val1, &val2, key->q, &val3) != MP_OKAY) { | 209 if (mp_mulmod(&val1, &val2, key->q, &val3) != MP_OKAY) { |
| 213 goto out; | 210 goto out; |
| 214 } | 211 } |
| 215 | 212 |
| 216 /* u2 = ((r')w) mod q */ | 213 /* u2 = ((r')w) mod q */ |
| 217 /* let val1 = r' */ | 214 /* let val1 = r' */ |
| 218 if (mp_read_unsigned_bin(&val1, &string[0], SHA1_HASH_SIZE) | 215 bytes_to_mp(&val1, &string[0], SHA1_HASH_SIZE); |
| 219 != MP_OKAY) { | |
| 220 goto out; | |
| 221 } | |
| 222 if (mp_cmp(&val1, key->q) != MP_LT) { | 216 if (mp_cmp(&val1, key->q) != MP_LT) { |
| 223 TRACE(("verify failed, r' >= q")) | 217 TRACE(("verify failed, r' >= q")) |
| 224 goto out; | 218 goto out; |
| 225 } | 219 } |
| 226 /* let val4 = u2 = ((r')w) mod q */ | 220 /* let val4 = u2 = ((r')w) mod q */ |
| 304 #ifdef DSS_PROTOK | 298 #ifdef DSS_PROTOK |
| 305 unsigned char privkeyhash[SHA512_HASH_SIZE]; | 299 unsigned char privkeyhash[SHA512_HASH_SIZE]; |
| 306 unsigned char *privkeytmp; | 300 unsigned char *privkeytmp; |
| 307 unsigned char proto_k[SHA512_HASH_SIZE]; | 301 unsigned char proto_k[SHA512_HASH_SIZE]; |
| 308 DEF_MP_INT(dss_protok); | 302 DEF_MP_INT(dss_protok); |
| 309 #else | |
| 310 unsigned char kbuf[SHA1_HASH_SIZE]; | |
| 311 #endif | 303 #endif |
| 312 DEF_MP_INT(dss_k); | 304 DEF_MP_INT(dss_k); |
| 313 DEF_MP_INT(dss_m); | 305 DEF_MP_INT(dss_m); |
| 314 DEF_MP_INT(dss_temp1); | 306 DEF_MP_INT(dss_temp1); |
| 315 DEF_MP_INT(dss_temp2); | 307 DEF_MP_INT(dss_temp2); |
| 343 sha512_process(&hs, msghash, SHA1_HASH_SIZE); | 335 sha512_process(&hs, msghash, SHA1_HASH_SIZE); |
| 344 sha512_done(&hs, proto_k); | 336 sha512_done(&hs, proto_k); |
| 345 | 337 |
| 346 /* generate k */ | 338 /* generate k */ |
| 347 m_mp_init(&dss_protok); | 339 m_mp_init(&dss_protok); |
| 348 bytestomp(&dss_protok, proto_k, SHA512_HASH_SIZE); | 340 bytes_to_mp(&dss_protok, proto_k, SHA512_HASH_SIZE); |
| 349 mp_mod(&dss_protok, key->q, &dss_k); | 341 mp_mod(&dss_protok, key->q, &dss_k); |
| 350 mp_clear(&dss_protok); | 342 mp_clear(&dss_protok); |
| 351 m_burn(proto_k, SHA512_HASH_SIZE); | 343 m_burn(proto_k, SHA512_HASH_SIZE); |
| 352 #else /* DSS_PROTOK not defined*/ | 344 #else /* DSS_PROTOK not defined*/ |
| 353 do { | 345 gen_random_mpint(key->q, &dss_k); |
| 354 genrandom(kbuf, SHA1_HASH_SIZE); | |
| 355 if (mp_read_unsigned_bin(&dss_k, kbuf, SHA1_HASH_SIZE) != MP_OKAY) { | |
| 356 dropbear_exit("dss error"); | |
| 357 } | |
| 358 } while (mp_cmp(&dss_k, key->q) == MP_GT || mp_cmp_d(&dss_k, 0) != MP_GT); | |
| 359 m_burn(kbuf, SHA1_HASH_SIZE); | |
| 360 #endif | 346 #endif |
| 361 | 347 |
| 362 /* now generate the actual signature */ | 348 /* now generate the actual signature */ |
| 363 bytestomp(&dss_m, msghash, SHA1_HASH_SIZE); | 349 bytes_to_mp(&dss_m, msghash, SHA1_HASH_SIZE); |
| 364 | 350 |
| 365 /* g^k mod p */ | 351 /* g^k mod p */ |
| 366 if (mp_exptmod(key->g, &dss_k, key->p, &dss_temp1) != MP_OKAY) { | 352 if (mp_exptmod(key->g, &dss_k, key->p, &dss_temp1) != MP_OKAY) { |
| 367 dropbear_exit("dss error"); | 353 dropbear_exit("dss error"); |
| 368 } | 354 } |