1
by Marek Habersack
Import upstream version 1.10 |
1 |
/* dsa-sign.c
|
2 |
*
|
|
3 |
* The DSA publickey algorithm.
|
|
4 |
*/
|
|
5 |
||
6 |
/* nettle, low-level cryptographics library
|
|
7 |
*
|
|
1.4.2
by Magnus Holmgren
Import upstream version 2.1 |
8 |
* Copyright (C) 2002, 2010 Niels Möller
|
1
by Marek Habersack
Import upstream version 1.10 |
9 |
*
|
10 |
* The nettle library is free software; you can redistribute it and/or modify
|
|
11 |
* it under the terms of the GNU Lesser General Public License as published by
|
|
12 |
* the Free Software Foundation; either version 2.1 of the License, or (at your
|
|
13 |
* option) any later version.
|
|
14 |
*
|
|
15 |
* The nettle library is distributed in the hope that it will be useful, but
|
|
16 |
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
|
|
17 |
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
|
|
18 |
* License for more details.
|
|
19 |
*
|
|
20 |
* You should have received a copy of the GNU Lesser General Public License
|
|
21 |
* along with the nettle library; see the file COPYING.LIB. If not, write to
|
|
22 |
* the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
|
|
23 |
* MA 02111-1307, USA.
|
|
24 |
*/
|
|
25 |
||
26 |
#if HAVE_CONFIG_H
|
|
27 |
# include "config.h"
|
|
28 |
#endif
|
|
29 |
||
1.4.2
by Magnus Holmgren
Import upstream version 2.1 |
30 |
#include <assert.h> |
1
by Marek Habersack
Import upstream version 1.10 |
31 |
#include <stdlib.h> |
32 |
||
33 |
#include "dsa.h" |
|
34 |
||
35 |
#include "bignum.h" |
|
36 |
||
37 |
||
1.4.2
by Magnus Holmgren
Import upstream version 2.1 |
38 |
int
|
39 |
_dsa_sign(const struct dsa_public_key *pub, |
|
40 |
const struct dsa_private_key *key, |
|
41 |
void *random_ctx, nettle_random_func random, |
|
42 |
unsigned digest_size, |
|
43 |
const uint8_t *digest, |
|
44 |
struct dsa_signature *signature) |
|
1
by Marek Habersack
Import upstream version 1.10 |
45 |
{
|
46 |
mpz_t k; |
|
47 |
mpz_t h; |
|
48 |
mpz_t tmp; |
|
1.4.2
by Magnus Holmgren
Import upstream version 2.1 |
49 |
|
50 |
/* Require precise match of bitsize of q and hash size. The general
|
|
51 |
description of DSA in FIPS186-3 allows both larger and smaller q;
|
|
52 |
in the the latter case, the hash must be truncated to the right
|
|
53 |
number of bits. */
|
|
54 |
if (mpz_sizeinbase(pub->q, 2) != 8 * digest_size) |
|
55 |
return 0; |
|
56 |
||
1
by Marek Habersack
Import upstream version 1.10 |
57 |
/* Select k, 0<k<q, randomly */
|
58 |
mpz_init_set(tmp, pub->q); |
|
59 |
mpz_sub_ui(tmp, tmp, 1); |
|
60 |
||
61 |
mpz_init(k); |
|
62 |
nettle_mpz_random(k, random_ctx, random, tmp); |
|
63 |
mpz_add_ui(k, k, 1); |
|
64 |
||
65 |
/* Compute r = (g^k (mod p)) (mod q) */
|
|
66 |
mpz_powm(tmp, pub->g, k, pub->p); |
|
67 |
mpz_fdiv_r(signature->r, tmp, pub->q); |
|
68 |
||
69 |
/* Compute hash */
|
|
70 |
mpz_init(h); |
|
1.4.2
by Magnus Holmgren
Import upstream version 2.1 |
71 |
nettle_mpz_set_str_256_u(h, digest_size, digest); |
1
by Marek Habersack
Import upstream version 1.10 |
72 |
|
73 |
/* Compute k^-1 (mod q) */
|
|
74 |
if (!mpz_invert(k, k, pub->q)) |
|
75 |
/* What do we do now? The key is invalid. */
|
|
1.4.2
by Magnus Holmgren
Import upstream version 2.1 |
76 |
return 0; |
1
by Marek Habersack
Import upstream version 1.10 |
77 |
|
78 |
/* Compute signature s = k^-1 (h + xr) (mod q) */
|
|
79 |
mpz_mul(tmp, signature->r, key->x); |
|
80 |
mpz_fdiv_r(tmp, tmp, pub->q); |
|
81 |
mpz_add(tmp, tmp, h); |
|
82 |
mpz_mul(tmp, tmp, k); |
|
83 |
mpz_fdiv_r(signature->s, tmp, pub->q); |
|
84 |
||
85 |
mpz_clear(k); |
|
86 |
mpz_clear(h); |
|
87 |
mpz_clear(tmp); |
|
1.4.2
by Magnus Holmgren
Import upstream version 2.1 |
88 |
|
89 |
return 1; |
|
1
by Marek Habersack
Import upstream version 1.10 |
90 |
}
|