~ubuntu-branches/ubuntu/precise/nettle/precise : contents of dsa-sign.c at revision 11

~ubuntu-branches/ubuntu/precise/nettle/precise : (revision 11)

/* dsa-sign.c
 *
 * The DSA publickey algorithm.
 */

/* nettle, low-level cryptographics library
 *
 * Copyright (C) 2002, 2010 Niels Möller
 *  
 * The nettle library is free software; you can redistribute it and/or modify
 * it under the terms of the GNU Lesser General Public License as published by
 * the Free Software Foundation; either version 2.1 of the License, or (at your
 * option) any later version.
 * 
 * The nettle library is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
 * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public
 * License for more details.
 * 
 * You should have received a copy of the GNU Lesser General Public License
 * along with the nettle library; see the file COPYING.LIB.  If not, write to
 * the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
 * MA 02111-1307, USA.
 */

#if HAVE_CONFIG_H
# include "config.h"
#endif

#include <assert.h>
#include <stdlib.h>

#include "dsa.h"

#include "bignum.h"


int
_dsa_sign(const struct dsa_public_key *pub,
	  const struct dsa_private_key *key,
	  void *random_ctx, nettle_random_func random,
	  unsigned digest_size,
	  const uint8_t *digest,
	  struct dsa_signature *signature)
{
  mpz_t k;
  mpz_t h;
  mpz_t tmp;

  /* Require precise match of bitsize of q and hash size. The general
     description of DSA in FIPS186-3 allows both larger and smaller q;
     in the the latter case, the hash must be truncated to the right
     number of bits. */
  if (mpz_sizeinbase(pub->q, 2) != 8 * digest_size)
    return 0;

  /* Select k, 0<k<q, randomly */
  mpz_init_set(tmp, pub->q);
  mpz_sub_ui(tmp, tmp, 1);

  mpz_init(k);
  nettle_mpz_random(k, random_ctx, random, tmp);
  mpz_add_ui(k, k, 1);

  /* Compute r = (g^k (mod p)) (mod q) */
  mpz_powm(tmp, pub->g, k, pub->p);
  mpz_fdiv_r(signature->r, tmp, pub->q);

  /* Compute hash */
  mpz_init(h);
  nettle_mpz_set_str_256_u(h, digest_size, digest);

  /* Compute k^-1 (mod q) */
  if (!mpz_invert(k, k, pub->q))
    /* What do we do now? The key is invalid. */
    return 0;

  /* Compute signature s = k^-1 (h + xr) (mod q) */
  mpz_mul(tmp, signature->r, key->x);
  mpz_fdiv_r(tmp, tmp, pub->q);
  mpz_add(tmp, tmp, h);
  mpz_mul(tmp, tmp, k);
  mpz_fdiv_r(signature->s, tmp, pub->q);

  mpz_clear(k);
  mpz_clear(h);
  mpz_clear(tmp);

  return 1;
}

1 by Marek Habersack Import upstream version 1.10	1	/* dsa-sign.c
	2	*
	3	* The DSA publickey algorithm.
	4	*/
	5
	6	/* nettle, low-level cryptographics library
	7	*
1.4.2 by Magnus Holmgren Import upstream version 2.1	8	* Copyright (C) 2002, 2010 Niels Möller
1 by Marek Habersack Import upstream version 1.10	9	*
	10	* The nettle library is free software; you can redistribute it and/or modify
	11	* it under the terms of the GNU Lesser General Public License as published by
	12	* the Free Software Foundation; either version 2.1 of the License, or (at your
	13	* option) any later version.
	14	*
	15	* The nettle library is distributed in the hope that it will be useful, but
	16	* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
	17	* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
	18	* License for more details.
	19	*
	20	* You should have received a copy of the GNU Lesser General Public License
	21	* along with the nettle library; see the file COPYING.LIB. If not, write to
	22	* the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
	23	* MA 02111-1307, USA.
	24	*/
	25
	26	#if HAVE_CONFIG_H
	27	# include "config.h"
	28	#endif
	29
1.4.2 by Magnus Holmgren Import upstream version 2.1	30	#include <assert.h>
1 by Marek Habersack Import upstream version 1.10	31	#include <stdlib.h>
	32
	33	#include "dsa.h"
	34
	35	#include "bignum.h"
	36
	37
1.4.2 by Magnus Holmgren Import upstream version 2.1	38	int
	39	_dsa_sign(const struct dsa_public_key *pub,
	40	const struct dsa_private_key *key,
	41	void *random_ctx, nettle_random_func random,
	42	unsigned digest_size,
	43	const uint8_t *digest,
	44	struct dsa_signature *signature)
1 by Marek Habersack Import upstream version 1.10	45	{
	46	mpz_t k;
	47	mpz_t h;
	48	mpz_t tmp;
1.4.2 by Magnus Holmgren Import upstream version 2.1	49
	50	/* Require precise match of bitsize of q and hash size. The general
	51	description of DSA in FIPS186-3 allows both larger and smaller q;
	52	in the the latter case, the hash must be truncated to the right
	53	number of bits. */
	54	if (mpz_sizeinbase(pub->q, 2) != 8 * digest_size)
	55	return 0;
	56
1 by Marek Habersack Import upstream version 1.10	57	/* Select k, 0<k<q, randomly */
	58	mpz_init_set(tmp, pub->q);
	59	mpz_sub_ui(tmp, tmp, 1);
	60
	61	mpz_init(k);
	62	nettle_mpz_random(k, random_ctx, random, tmp);
	63	mpz_add_ui(k, k, 1);
	64
	65	/* Compute r = (g^k (mod p)) (mod q) */
	66	mpz_powm(tmp, pub->g, k, pub->p);
	67	mpz_fdiv_r(signature->r, tmp, pub->q);
	68
	69	/* Compute hash */
	70	mpz_init(h);
1.4.2 by Magnus Holmgren Import upstream version 2.1	71	nettle_mpz_set_str_256_u(h, digest_size, digest);
1 by Marek Habersack Import upstream version 1.10	72
	73	/* Compute k^-1 (mod q) */
	74	if (!mpz_invert(k, k, pub->q))
	75	/* What do we do now? The key is invalid. */
1.4.2 by Magnus Holmgren Import upstream version 2.1	76	return 0;
1 by Marek Habersack Import upstream version 1.10	77
	78	/* Compute signature s = k^-1 (h + xr) (mod q) */
	79	mpz_mul(tmp, signature->r, key->x);
	80	mpz_fdiv_r(tmp, tmp, pub->q);
	81	mpz_add(tmp, tmp, h);
	82	mpz_mul(tmp, tmp, k);
	83	mpz_fdiv_r(signature->s, tmp, pub->q);
	84
	85	mpz_clear(k);
	86	mpz_clear(h);
	87	mpz_clear(tmp);
1.4.2 by Magnus Holmgren Import upstream version 2.1	88
1.4.2 by Magnus Holmgren Import upstream version 2.1	89	return 1;
1 by Marek Habersack Import upstream version 1.10	90	}