Mercurial > dropbear

diff libtomcrypt/src/pk/dsa/dsa_sign_hash.c @ 1471:6dba84798cd5

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Update to libtomcrypt 1.18.1, merged with Dropbear changes
author Matt Johnston <matt@ucc.asn.au>
date Fri, 09 Feb 2018 21:44:05 +0800
parents f849a5ca2efc
children
line wrap: on
line diff
--- a/libtomcrypt/src/pk/dsa/dsa_sign_hash.c	Thu Feb 08 23:11:40 2018 +0800
+++ b/libtomcrypt/src/pk/dsa/dsa_sign_hash.c	Fri Feb 09 21:44:05 2018 +0800
@@ -5,8 +5,6 @@
  *
  * The library is free for all purposes without any express
  * guarantee it works.
- *
- * Tom St Denis, [email protected], http://libtom.org
  */
 #include "tomcrypt.h"
 
@@ -34,7 +32,7 @@
 {
    void         *k, *kinv, *tmp;
    unsigned char *buf;
-   int            err;
+   int            err, qbits;
 
    LTC_ARGCHK(in  != NULL);
    LTC_ARGCHK(r   != NULL);
@@ -61,20 +59,15 @@
    /* Init our temps */
    if ((err = mp_init_multi(&k, &kinv, &tmp, NULL)) != CRYPT_OK)                       { goto ERRBUF; }
 
+   qbits = mp_count_bits(key->q);
 retry:
 
    do {
       /* gen random k */
-      if (prng_descriptor[wprng].read(buf, key->qord, prng) != (unsigned long)key->qord) {
-         err = CRYPT_ERROR_READPRNG;
-         goto error;
-      }
+      if ((err = rand_bn_bits(k, qbits, prng, wprng)) != CRYPT_OK)                     { goto error; }
 
-      /* read k */
-      if ((err = mp_read_unsigned_bin(k, buf, key->qord)) != CRYPT_OK)                 { goto error; }
-
-      /* k > 1 ? */
-      if (mp_cmp_d(k, 1) != LTC_MP_GT)                                                 { goto retry; }
+      /* k should be from range: 1 <= k <= q-1 (see FIPS 186-4 B.2.2) */
+      if (mp_cmp_d(k, 0) != LTC_MP_GT || mp_cmp(k, key->q) != LTC_MP_LT)               { goto retry; }
 
       /* test gcd */
       if ((err = mp_gcd(k, key->q, tmp)) != CRYPT_OK)                                  { goto error; }
@@ -89,6 +82,9 @@
 
    if (mp_iszero(r) == LTC_MP_YES)                                                     { goto retry; }
 
+   /* FIPS 186-4 4.6: use leftmost min(bitlen(q), bitlen(hash)) bits of 'hash'*/
+   inlen = MIN(inlen, (unsigned long)(key->qord));
+
    /* now find s = (in + xr)/k mod q */
    if ((err = mp_read_unsigned_bin(tmp, (unsigned char *)in, inlen)) != CRYPT_OK)      { goto error; }
    if ((err = mp_mul(key->x, r, s)) != CRYPT_OK)                                       { goto error; }
@@ -98,7 +94,7 @@
    if (mp_iszero(s) == LTC_MP_YES)                                                     { goto retry; }
 
    err = CRYPT_OK;
-error: 
+error:
    mp_clear_multi(k, kinv, tmp, NULL);
 ERRBUF:
 #ifdef LTC_CLEAN_STACK
@@ -139,9 +135,9 @@
       goto error;
    }
 
-   err = der_encode_sequence_multi(out, outlen, 
-                             LTC_ASN1_INTEGER, 1UL, r, 
-                             LTC_ASN1_INTEGER, 1UL, s, 
+   err = der_encode_sequence_multi(out, outlen,
+                             LTC_ASN1_INTEGER, 1UL, r,
+                             LTC_ASN1_INTEGER, 1UL, s,
                              LTC_ASN1_EOL,     0UL, NULL);
 
 error:
@@ -151,6 +147,6 @@
 
 #endif
 
-/* $Source$ */
-/* $Revision$ */
-/* $Date$ */
+/* ref:         $Format:%D$ */
+/* git commit:  $Format:%H$ */
+/* commit time: $Format:%ai$ */