1f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project/* LibTomCrypt, modular cryptographic library -- Tom St Denis 2f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project * 3f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project * LibTomCrypt is a library that provides various cryptographic 4f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project * algorithms in a highly modular and flexible manner. 5f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project * 6f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project * The library is free for all purposes without any express 7f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project * guarantee it works. 8f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project * 9f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com 10f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project */ 11f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project#include "tomcrypt.h" 12f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project 13f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project/** 14f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project @file dsa_sign_hash.c 15f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project DSA implementation, sign a hash, Tom St Denis 16f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project*/ 17f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project 18f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project#ifdef MDSA 19f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project 20f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project/** 21f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project Sign a hash with DSA 22f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project @param in The hash to sign 23f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project @param inlen The length of the hash to sign 24f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project @param r The "r" integer of the signature (caller must initialize with mp_init() first) 25f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project @param s The "s" integer of the signature (caller must initialize with mp_init() first) 26f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project @param prng An active PRNG state 27f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project @param wprng The index of the PRNG desired 28f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project @param key A private DSA key 29f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project @return CRYPT_OK if successful 30f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project*/ 31f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Projectint dsa_sign_hash_raw(const unsigned char *in, unsigned long inlen, 32f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project void *r, void *s, 33f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project prng_state *prng, int wprng, dsa_key *key) 34f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project{ 35f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project void *k, *kinv, *tmp; 36f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project unsigned char *buf; 37f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project int err; 38f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project 39f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project LTC_ARGCHK(in != NULL); 40f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project LTC_ARGCHK(r != NULL); 41f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project LTC_ARGCHK(s != NULL); 42f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project LTC_ARGCHK(key != NULL); 43f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project 44f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project if ((err = prng_is_valid(wprng)) != CRYPT_OK) { 45f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project return err; 46f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project } 47f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project if (key->type != PK_PRIVATE) { 48f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project return CRYPT_PK_NOT_PRIVATE; 49f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project } 50f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project 51f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project /* check group order size */ 52f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project if (key->qord >= MDSA_MAX_GROUP) { 53f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project return CRYPT_INVALID_ARG; 54f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project } 55f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project 56f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project buf = XMALLOC(MDSA_MAX_GROUP); 57f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project if (buf == NULL) { 58f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project return CRYPT_MEM; 59f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project } 60f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project 61f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project /* Init our temps */ 62f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project if ((err = mp_init_multi(&k, &kinv, &tmp, NULL)) != CRYPT_OK) { goto ERRBUF; } 63f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project 64f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Projectretry: 65f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project 66f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project do { 67f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project /* gen random k */ 68f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project if (prng_descriptor[wprng].read(buf, key->qord, prng) != (unsigned long)key->qord) { 69f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project err = CRYPT_ERROR_READPRNG; 70f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project goto error; 71f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project } 72f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project 73f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project /* read k */ 74f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project if ((err = mp_read_unsigned_bin(k, buf, key->qord)) != CRYPT_OK) { goto error; } 75f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project 76f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project /* k > 1 ? */ 77f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project if (mp_cmp_d(k, 1) != LTC_MP_GT) { goto retry; } 78f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project 79f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project /* test gcd */ 80f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project if ((err = mp_gcd(k, key->q, tmp)) != CRYPT_OK) { goto error; } 81f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project } while (mp_cmp_d(tmp, 1) != LTC_MP_EQ); 82f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project 83f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project /* now find 1/k mod q */ 84f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project if ((err = mp_invmod(k, key->q, kinv)) != CRYPT_OK) { goto error; } 85f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project 86f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project /* now find r = g^k mod p mod q */ 87f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project if ((err = mp_exptmod(key->g, k, key->p, r)) != CRYPT_OK) { goto error; } 88f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project if ((err = mp_mod(r, key->q, r)) != CRYPT_OK) { goto error; } 89f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project 90f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project if (mp_iszero(r) == LTC_MP_YES) { goto retry; } 91f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project 92f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project /* now find s = (in + xr)/k mod q */ 93f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project if ((err = mp_read_unsigned_bin(tmp, (unsigned char *)in, inlen)) != CRYPT_OK) { goto error; } 94f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project if ((err = mp_mul(key->x, r, s)) != CRYPT_OK) { goto error; } 95f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project if ((err = mp_add(s, tmp, s)) != CRYPT_OK) { goto error; } 96f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project if ((err = mp_mulmod(s, kinv, key->q, s)) != CRYPT_OK) { goto error; } 97f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project 98f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project if (mp_iszero(s) == LTC_MP_YES) { goto retry; } 99f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project 100f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project err = CRYPT_OK; 101f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Projecterror: 102f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project mp_clear_multi(k, kinv, tmp, NULL); 103f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source ProjectERRBUF: 104f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project#ifdef LTC_CLEAN_STACK 105f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project zeromem(buf, MDSA_MAX_GROUP); 106f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project#endif 107f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project XFREE(buf); 108f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project return err; 109f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project} 110f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project 111f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project/** 112f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project Sign a hash with DSA 113f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project @param in The hash to sign 114f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project @param inlen The length of the hash to sign 115f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project @param out [out] Where to store the signature 116f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project @param outlen [in/out] The max size and resulting size of the signature 117f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project @param prng An active PRNG state 118f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project @param wprng The index of the PRNG desired 119f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project @param key A private DSA key 120f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project @return CRYPT_OK if successful 121f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project*/ 122f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Projectint dsa_sign_hash(const unsigned char *in, unsigned long inlen, 123f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project unsigned char *out, unsigned long *outlen, 124f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project prng_state *prng, int wprng, dsa_key *key) 125f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project{ 126f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project void *r, *s; 127f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project int err; 128f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project 129f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project LTC_ARGCHK(in != NULL); 130f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project LTC_ARGCHK(out != NULL); 131f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project LTC_ARGCHK(outlen != NULL); 132f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project LTC_ARGCHK(key != NULL); 133f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project 134f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project if (mp_init_multi(&r, &s, NULL) != CRYPT_OK) { 135f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project return CRYPT_MEM; 136f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project } 137f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project 138f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project if ((err = dsa_sign_hash_raw(in, inlen, r, s, prng, wprng, key)) != CRYPT_OK) { 139f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project goto error; 140f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project } 141f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project 142f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project err = der_encode_sequence_multi(out, outlen, 143f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project LTC_ASN1_INTEGER, 1UL, r, 144f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project LTC_ASN1_INTEGER, 1UL, s, 145f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project LTC_ASN1_EOL, 0UL, NULL); 146f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project 147f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Projecterror: 148f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project mp_clear_multi(r, s, NULL); 149f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project return err; 150f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project} 151f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project 152f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project#endif 153f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project 154f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project/* $Source: /cvs/libtom/libtomcrypt/src/pk/dsa/dsa_sign_hash.c,v $ */ 155f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project/* $Revision: 1.12 $ */ 156f7fc46c63fdc8f39234fea409b8dbe116d73ebf8The Android Open Source Project/* $Date: 2006/12/04 22:27:56 $ */ 157