3 * Useful functions for doing DSA
5 * (c) 2008 Straylight/Edgeware
8 /*----- Licensing notice --------------------------------------------------*
10 * This file is part of Catacomb.
12 * Catacomb is free software; you can redistribute it and/or modify
13 * it under the terms of the GNU Library General Public License as
14 * published by the Free Software Foundation; either version 2 of the
15 * License, or (at your option) any later version.
17 * Catacomb is distributed in the hope that it will be useful,
18 * but WITHOUT ANY WARRANTY; without even the implied warranty of
19 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
20 * GNU Library General Public License for more details.
22 * You should have received a copy of the GNU Library General Public
23 * License along with Catacomb; if not, write to the Free
24 * Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
28 /*----- Header files ------------------------------------------------------*/
32 /*----- Main code ---------------------------------------------------------*/
34 /* --- @dsa_h2n@ --- *
36 * Arguments: @mp *d@ = destination integer
37 * @mp *r@ = order of the DSA group
38 * @const void *h@ = pointer to message hash
39 * @size_t hsz@ = size (in bytes) of the hash output
41 * Returns: Resulting integer.
43 * Use: Converts a hash to an integer in the demented way necessary
44 * for DSA/ECDSA. This is, of course, completely insane, but
48 mp
*dsa_h2n(mp
*d
, mp
*r
, const void *h
, size_t hsz
)
50 size_t n
= mp_bits(r
);
58 d
= mp_loadb(d
, h
, l
);
64 /* --- @dsa_nonce@ --- *
66 * Arguments: @mp *d@ = destination integer
67 * @mp *q@ = order of the DSA group
68 * @mp *x@ = secret key
69 * @const octet *m@ = message hash
70 * @const gchash *h@ = hash class
71 * @grand *r@ = random bit source, or null
75 * Use: Generates a nonce for use in DSA (or another Fiat--Shamir
79 mp
*dsa_nonce(mp
*d
, mp
*q
, mp
*x
, const octet
*m
,
80 const gchash
*ch
, grand
*r
)
83 size_t nb
= mp_bits(q
), n
= (nb
+ 7)/8, j
;
84 size_t bsz
= 2*n
+ 2*ch
->hashsz
;
85 octet
*b
= XS_ALLOC(bsz
);
86 octet
*kb
= b
, *rb
= kb
+ n
, *hb
= rb
+ ch
->hashsz
;
90 if (r
) grand_fill(r
, rb
, ch
->hashsz
);
93 for (j
= 0; j
< n
; j
+= ch
->hashsz
) {
95 GH_HASHBUF32(h
, kb
, n
);
96 GH_HASHBUF32(h
, m
, ch
->hashsz
);
97 if (r
) GH_HASHBUF32(h
, rb
, ch
->hashsz
);
103 d
= mp_loadb(d
, hb
, n
);
104 d
= mp_lsr(d
, d
, 8*n
- nb
);
105 } while (MP_CMP(d
, >=, q
));
107 memset(b
, 0, bsz
); XS_FREE(b
);
111 /*----- That's all, folks -------------------------------------------------*/