X-Git-Url: https://git.distorted.org.uk/~mdw/catacomb/blobdiff_plain/bb77b1d1f5d16f3e8fce3d15fc2d88eb0597346f..HEAD:/pub/gkcdsa.c

diff --git a/pub/gkcdsa.c b/pub/gkcdsa.c
index 52e91ba6..23994259 100644
--- a/pub/gkcdsa.c
+++ b/pub/gkcdsa.c
@@ -27,6 +27,9 @@
 
 /*----- Header files ------------------------------------------------------*/
 
+#include <mLib/macros.h>
+
+#include "dsa.h"
 #include "gkcdsa.h"
 #include "group.h"
 #include "ghash.h"
@@ -125,7 +128,7 @@ void gkcdsa_sign(const gkcdsa *c, gkcdsa_sig *s, const void *m, mp *k)
 
   if (k) { MP_COPY(k); goto have_k; }
 new_k:
-  k = mprand_range(k, g->r, c->r, 0);
+  k = dsa_nonce(k, g->r, c->u, m, c->h, c->r);
 have_k:
   if (MP_ZEROP(k)) goto new_k;
   G_EXP(g, z, g->g, k);
@@ -174,7 +177,7 @@ int gkcdsa_verify(const gkcdsa *c, const gkcdsa_sig *s, const void *m)
   e[1].base = g->g; e[1].exp = x;
   z = G_CREATE(g); G_MEXP(g, z, e, 2);
   h = hashge(g, c->h, z); p = GH_DONE(h, 0);
-  if (memcmp(p, s->r, hsz) == 0) rc = 0;
+  if (MEMCMP(p, ==, s->r, hsz)) rc = 0;
   mp_drop(x); mp_drop(y); G_DESTROY(g, z); GH_DESTROY(h);
   return (rc);
 }
@@ -183,6 +186,8 @@ int gkcdsa_verify(const gkcdsa *c, const gkcdsa_sig *s, const void *m)
 
 #ifdef TEST_RIG
 
+#include "rand.h"
+
 static group *getgroup(const char *p) {
   group *g; qd_parse qd;
   qd.p = p; qd.e = 0; g = group_parse(&qd);
@@ -219,6 +224,7 @@ static int tsign(dstr *v)
   gdsa c;
   gkcdsa_sig s, ss = GKCDSA_SIG_INIT;
   ghash *h;
+  octet *m;
   mp *k;
   dstr d = DSTR_INIT;
   mp *x;
@@ -236,7 +242,8 @@ static int tsign(dstr *v)
   GH_HASH(h, v[3].buf, v[3].len);
   gkcdsa_endhash(&c, h);
   gkcdsa_sign(&c, &ss, GH_DONE(h, 0), k);
-  if (memcmp(s.r, ss.r, c.h->hashsz) || !MP_EQ(s.s, ss.s)) {
+  GH_DESTROY(h);
+  if (MEMCMP(s.r, !=, ss.r, c.h->hashsz) || !MP_EQ(s.s, ss.s)) {
     ok = 0;
     fprintf(stderr, "*** sign failed!\n");
     fprintf(stderr, "*** group: %s\n", v[0].buf);
@@ -247,12 +254,32 @@ static int tsign(dstr *v)
     fprintf(stderr, "*** computed r = ");
     type_hex.dump(&d, stderr); putc('\n', stderr);
     showmp("computed s", ss.s, 16);
-    fprintf(stderr, "*** computed r = ");
+    fprintf(stderr, "*** expected r = ");
     type_hex.dump(&v[5], stderr); putc('\n', stderr);
     showmp("expected s", s.s, 16);
   }
-  mp_drop(s.s); dstr_destroy(&d); mp_drop(ss.s); mp_drop(x); mp_drop(k);
-  mp_drop(c.u); G_DESTROY(c.g, c.p); G_DESTROYGROUP(c.g); GH_DESTROY(h);
+
+  c.r = &rand_global;
+  h = gkcdsa_beginhash(&c);
+  GH_HASH(h, v[3].buf, v[3].len);
+  m = GH_DONE(h, 0);
+  GH_DESTROY(h);
+  gkcdsa_sign(&c, &ss, m, 0);
+  if (gkcdsa_verify(&c, &ss, m)) {
+    ok = 0;
+    fprintf(stderr, "*** sign cross-check failed!\n");
+    fprintf(stderr, "*** group: %s\n", v[0].buf);
+    fprintf(stderr, "*** hash: %s\n", c.h->name);
+    showmp("private key", c.u, 16);
+    showge(c.g, "public key", c.p);
+    fprintf(stderr, "*** message: `%s'\n", v[3].buf);
+    fprintf(stderr, "*** computed r = ");
+    type_hex.dump(&d, stderr); putc('\n', stderr);
+    showmp("computed s", ss.s, 16);
+  }
+
+  mp_drop(s.s); mp_drop(x); mp_drop(k); dstr_destroy(&d); mp_drop(ss.s);
+  mp_drop(c.u); G_DESTROY(c.g, c.p); G_DESTROYGROUP(c.g);
   assert(mparena_count(MPARENA_GLOBAL) == 0);
   return (ok);
 }