Mercurial > dropbear

comparison dsa_make_key.c @ 0:d7da3b1e1540 libtomcrypt

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
put back the 0.95 makefile which was inadvertently merged over
author Matt Johnston <matt@ucc.asn.au>
date Mon, 31 May 2004 18:21:40 +0000
parents
children 5d99163f7e32
comparison
equal deleted inserted replaced
-1:000000000000 0:d7da3b1e1540
1 /* LibTomCrypt, modular cryptographic library -- Tom St Denis
2 *
3 * LibTomCrypt is a library that provides various cryptographic
4 * algorithms in a highly modular and flexible manner.
5 *
6 * The library is free for all purposes without any express
7 * guarantee it works.
8 *
9 * Tom St Denis, [email protected], http://libtomcrypt.org
10 */
11 #include "mycrypt.h"
12
13 #ifdef MDSA
14
15 int dsa_make_key(prng_state *prng, int wprng, int group_size, int modulus_size, dsa_key *key)
16 {
17 mp_int tmp, tmp2;
18 int err, res;
19 unsigned char buf[512];
20
21 _ARGCHK(key != NULL);
22
23 /* check prng */
24 if ((err = prng_is_valid(wprng)) != CRYPT_OK) {
25 return err;
26 }
27
28 /* check size */
29 if (group_size >= 1024 || group_size <= 15 ||
30 group_size >= modulus_size || (modulus_size - group_size) >= (int)sizeof(buf)) {
31 return CRYPT_INVALID_ARG;
32 }
33
34 /* init mp_ints */
35 if ((err = mp_init_multi(&tmp, &tmp2, &key->g, &key->q, &key->p, &key->x, &key->y, NULL)) != MP_OKAY) {
36 return mpi_to_ltc_error(err);
37 }
38
39 /* make our prime q */
40 if ((err = rand_prime(&key->q, group_size*8, prng, wprng)) != CRYPT_OK) { goto error2; }
41
42 /* double q */
43 if ((err = mp_mul_2(&key->q, &tmp)) != MP_OKAY) { goto error; }
44
45 /* now make a random string and multply it against q */
46 if (prng_descriptor[wprng].read(buf+1, modulus_size - group_size, prng) != (unsigned long)(modulus_size - group_size)) {
47 err = CRYPT_ERROR_READPRNG;
48 goto error2;
49 }
50
51 /* force magnitude */
52 buf[0] = 1;
53
54 /* force even */
55 buf[modulus_size - group_size] &= ~1;
56
57 if ((err = mp_read_unsigned_bin(&tmp2, buf, modulus_size - group_size+1)) != MP_OKAY) { goto error; }
58 if ((err = mp_mul(&key->q, &tmp2, &key->p)) != MP_OKAY) { goto error; }
59 if ((err = mp_add_d(&key->p, 1, &key->p)) != MP_OKAY) { goto error; }
60
61 /* now loop until p is prime */
62 for (;;) {
63 if ((err = is_prime(&key->p, &res)) != CRYPT_OK) { goto error2; }
64 if (res == MP_YES) break;
65
66 /* add 2q to p and 2 to tmp2 */
67 if ((err = mp_add(&tmp, &key->p, &key->p)) != MP_OKAY) { goto error; }
68 if ((err = mp_add_d(&tmp2, 2, &tmp2)) != MP_OKAY) { goto error; }
69 }
70
71 /* now p = (q * tmp2) + 1 is prime, find a value g for which g^tmp2 != 1 */
72 mp_set(&key->g, 1);
73
74 do {
75 if ((err = mp_add_d(&key->g, 1, &key->g)) != MP_OKAY) { goto error; }
76 if ((err = mp_exptmod(&key->g, &tmp2, &key->p, &tmp)) != MP_OKAY) { goto error; }
77 } while (mp_cmp_d(&tmp, 1) == MP_EQ);
78
79 /* at this point tmp generates a group of order q mod p */
80 mp_exch(&tmp, &key->g);
81
82 /* so now we have our DH structure, generator g, order q, modulus p
83 Now we need a random exponent [mod q] and it's power g^x mod p
84 */
85 do {
86 if (prng_descriptor[wprng].read(buf, group_size, prng) != (unsigned long)group_size) {
87 err = CRYPT_ERROR_READPRNG;
88 goto error2;
89 }
90 if ((err = mp_read_unsigned_bin(&key->x, buf, group_size)) != MP_OKAY) { goto error; }
91 } while (mp_cmp_d(&key->x, 1) != MP_GT);
92 if ((err = mp_exptmod(&key->g, &key->x, &key->p, &key->y)) != MP_OKAY) { goto error; }
93
94 key->type = PK_PRIVATE;
95 key->qord = group_size;
96
97 /* shrink the ram required */
98 if ((err = mp_shrink(&key->g)) != MP_OKAY) { goto error; }
99 if ((err = mp_shrink(&key->p)) != MP_OKAY) { goto error; }
100 if ((err = mp_shrink(&key->q)) != MP_OKAY) { goto error; }
101 if ((err = mp_shrink(&key->x)) != MP_OKAY) { goto error; }
102 if ((err = mp_shrink(&key->y)) != MP_OKAY) { goto error; }
103
104 err = CRYPT_OK;
105
106 #ifdef CLEAN_STACK
107 zeromem(buf, sizeof(buf));
108 #endif
109
110 goto done;
111 error : err = mpi_to_ltc_error(err);
112 error2: mp_clear_multi(&key->g, &key->q, &key->p, &key->x, &key->y, NULL);
113 done : mp_clear_multi(&tmp, &tmp2, NULL);
114 return err;
115 }
116
117 #endif