Mercurial > dropbear

diff libtomcrypt/src/pk/dsa/dsa_encrypt_key.c @ 1471:6dba84798cd5

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Update to libtomcrypt 1.18.1, merged with Dropbear changes
author Matt Johnston <matt@ucc.asn.au>
date Fri, 09 Feb 2018 21:44:05 +0800
parents f849a5ca2efc
children
line wrap: on
line diff
--- a/libtomcrypt/src/pk/dsa/dsa_encrypt_key.c	Thu Feb 08 23:11:40 2018 +0800
+++ b/libtomcrypt/src/pk/dsa/dsa_encrypt_key.c	Fri Feb 09 21:44:05 2018 +0800
@@ -5,15 +5,13 @@
  *
  * The library is free for all purposes without any express
  * guarantee it works.
- *
- * Tom St Denis, [email protected], http://libtom.org
  */
 #include "tomcrypt.h"
 
 /**
   @file dsa_encrypt_key.c
   DSA Crypto, Tom St Denis
-*/  
+*/
 
 #ifdef LTC_MDSA
 
@@ -24,14 +22,14 @@
   @param out        [out] The destination for the ciphertext
   @param outlen     [in/out] The max size and resulting size of the ciphertext
   @param prng       An active PRNG state
-  @param wprng      The index of the PRNG you wish to use 
-  @param hash       The index of the hash you want to use 
+  @param wprng      The index of the PRNG you wish to use
+  @param hash       The index of the hash you want to use
   @param key        The DSA key you want to encrypt to
   @return CRYPT_OK if successful
 */
 int dsa_encrypt_key(const unsigned char *in,   unsigned long inlen,
-                          unsigned char *out,  unsigned long *outlen, 
-                          prng_state *prng, int wprng, int hash, 
+                          unsigned char *out,  unsigned long *outlen,
+                          prng_state *prng, int wprng, int hash,
                           dsa_key *key)
 {
     unsigned char *expt, *skey;
@@ -61,7 +59,7 @@
     if ((err = mp_init_multi(&g_pub, &g_priv, NULL)) != CRYPT_OK) {
        return err;
     }
-   
+
     expt       = XMALLOC(mp_unsigned_bin_size(key->p) + 1);
     skey       = XMALLOC(MAXBLOCKSIZE);
     if (expt == NULL  || skey == NULL) {
@@ -74,24 +72,19 @@
        mp_clear_multi(g_pub, g_priv, NULL);
        return CRYPT_MEM;
     }
-    
-    /* make a random x, g^x pair */
-    x = mp_unsigned_bin_size(key->q);
-    if (prng_descriptor[wprng].read(expt, x, prng) != x) {
-       err = CRYPT_ERROR_READPRNG;
-       goto LBL_ERR;
+
+    /* make a random g_priv, g_pub = g^x pair
+       private key x should be in range: 1 <= x <= q-1 (see FIPS 186-4 B.1.2)
+     */
+    if ((err = rand_bn_upto(g_priv, key->q, prng, wprng)) != CRYPT_OK) {
+      goto LBL_ERR;
     }
-    
-    /* load x */
-    if ((err = mp_read_unsigned_bin(g_priv, expt, x)) != CRYPT_OK) {
-       goto LBL_ERR;
-    }
-    
+
     /* compute y */
     if ((err = mp_exptmod(key->g, g_priv, key->p, g_pub)) != CRYPT_OK) {
        goto LBL_ERR;
     }
-    
+
     /* make random key */
     x        = mp_unsigned_bin_size(key->p) + 1;
     if ((err = dsa_shared_secret(g_priv, key->y, key, expt, &x)) != CRYPT_OK) {
@@ -102,7 +95,7 @@
     if ((err = hash_memory(hash, expt, x, skey, &y)) != CRYPT_OK) {
        goto LBL_ERR;
     }
-    
+
     /* Encrypt key */
     for (x = 0; x < inlen; x++) {
       skey[x] ^= in[x];
@@ -123,13 +116,13 @@
 
     XFREE(skey);
     XFREE(expt);
-    
+
     mp_clear_multi(g_pub, g_priv, NULL);
     return err;
 }
 
 #endif
-/* $Source$ */
-/* $Revision$ */
-/* $Date$ */
+/* ref:         $Format:%D$ */
+/* git commit:  $Format:%H$ */
+/* commit time: $Format:%ai$ */