Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
wine-mirror
GitHub Repository: wine-mirror/wine
 Path: blob/master/libs/tomcrypt/src/pk/ecc/ecc_sign_hash.c
4396 views
1
/* LibTomCrypt, modular cryptographic library -- Tom St Denis

2
 *

3
 * LibTomCrypt is a library that provides various cryptographic

4
 * algorithms in a highly modular and flexible manner.

5
 *

6
 * The library is free for all purposes without any express

7
 * guarantee it works.

8
 */

9


10
#include "tomcrypt.h"

11


12
#ifdef LTC_MECC

13


14
/**

15
  @file ecc_sign_hash.c

16
  ECC Crypto, Tom St Denis

17
*/

18


19
static int _ecc_sign_hash(const unsigned char *in,  unsigned long inlen,

20
                                unsigned char *out, unsigned long *outlen,

21
                                prng_state *prng, int wprng, ecc_key *key, int sigformat)

22
{

23
   ecc_key       pubkey;

24
   void          *r, *s, *e, *p, *b;

25
   int           err, max_iterations = LTC_PK_MAX_RETRIES;

26
   unsigned long pbits, pbytes, i, shift_right;

27
   unsigned char ch, buf[MAXBLOCKSIZE];

28


29
   LTC_ARGCHK(in     != NULL);

30
   LTC_ARGCHK(out    != NULL);

31
   LTC_ARGCHK(outlen != NULL);

32
   LTC_ARGCHK(key    != NULL);

33


34
   /* is this a private key? */

35
   if (key->type != PK_PRIVATE) {

36
      return CRYPT_PK_NOT_PRIVATE;

37
   }

38


39
   /* is the IDX valid ?  */

40
   if (ltc_ecc_is_valid_idx(key->idx) != 1) {

41
      return CRYPT_PK_INVALID_TYPE;

42
   }

43


44
   if ((err = prng_is_valid(wprng)) != CRYPT_OK) {

45
      return err;

46
   }

47


48
   /* init the bignums */

49
   if ((err = mp_init_multi(&r, &s, &p, &e, &b, NULL)) != CRYPT_OK) {

50
      return err;

51
   }

52
   if ((err = mp_read_radix(p, (char *)key->dp->order, 16)) != CRYPT_OK)              { goto errnokey; }

53


54
   /* get the hash and load it as a bignum into 'e' */

55
   pbits = mp_count_bits(p);

56
   pbytes = (pbits+7) >> 3;

57
   if (pbits > inlen*8) {

58
      if ((err = mp_read_unsigned_bin(e, (unsigned char *)in, inlen)) != CRYPT_OK)    { goto errnokey; }

59
   }

60
   else if (pbits % 8 == 0) {

61
      if ((err = mp_read_unsigned_bin(e, (unsigned char *)in, pbytes)) != CRYPT_OK)   { goto errnokey; }

62
   }

63
   else {

64
      shift_right = 8 - pbits % 8;

65
      for (i=0, ch=0; i<pbytes; i++) {

66
        buf[i] = ch;

67
        ch = (in[i] << (8-shift_right));

68
        buf[i] = buf[i] ^ (in[i] >> shift_right);

69
      }

70
      if ((err = mp_read_unsigned_bin(e, (unsigned char *)buf, pbytes)) != CRYPT_OK)  { goto errnokey; }

71
   }

72


73
   /* make up a key and export the public copy */

74
   do {

75
      if ((err = ecc_make_key_ex(prng, wprng, &pubkey, key->dp)) != CRYPT_OK) {

76
         goto errnokey;

77
      }

78


79
      /* find r = x1 mod n */

80
      if ((err = mp_mod(pubkey.pubkey.x, p, r)) != CRYPT_OK)                          { goto error; }

81


82
      if (mp_iszero(r) == LTC_MP_YES) {

83
         ecc_free(&pubkey);

84
      } else {

85
         if ((err = rand_bn_upto(b, p, prng, wprng)) != CRYPT_OK)          { goto error; } /* b = blinding value */

86
         /* find s = (e + xr)/k */

87
         if ((err = mp_mulmod(pubkey.k, b, p, pubkey.k)) != CRYPT_OK)      { goto error; } /* k = kb */

88
         if ((err = mp_invmod(pubkey.k, p, pubkey.k)) != CRYPT_OK)         { goto error; } /* k = 1/kb */

89
         if ((err = mp_mulmod(key->k, r, p, s)) != CRYPT_OK)               { goto error; } /* s = xr */

90
         if ((err = mp_mulmod(pubkey.k, s, p, s)) != CRYPT_OK)             { goto error; } /* s = xr/kb */

91
         if ((err = mp_mulmod(pubkey.k, e, p, e)) != CRYPT_OK)             { goto error; } /* e = e/kb */

92
         if ((err = mp_add(e, s, s)) != CRYPT_OK)                          { goto error; } /* s = e/kb + xr/kb */

93
         if ((err = mp_mulmod(s, b, p, s)) != CRYPT_OK)                    { goto error; } /* s = b(e/kb + xr/kb) = (e + xr)/k */

94
         ecc_free(&pubkey);

95
         if (mp_iszero(s) == LTC_MP_NO) {

96
            break;

97
         }

98
      }

99
   } while (--max_iterations > 0);

100


101
   if (max_iterations == 0) {

102
      goto errnokey;

103
   }

104


105
   if (sigformat == 1) {

106
      /* RFC7518 format */

107
      if (*outlen < 2*pbytes) { err = CRYPT_MEM; goto errnokey; }

108
      zeromem(out, 2*pbytes);

109
      i = mp_unsigned_bin_size(r);

110
      if ((err = mp_to_unsigned_bin(r, out + (pbytes - i)))   != CRYPT_OK) { goto errnokey; }

111
      i = mp_unsigned_bin_size(s);

112
      if ((err = mp_to_unsigned_bin(s, out + (2*pbytes - i))) != CRYPT_OK) { goto errnokey; }

113
      *outlen = 2*pbytes;

114
      err = CRYPT_OK;

115
   }

116
   else {

117
      /* store as ASN.1 SEQUENCE { r, s -- integer } */

118
      err = der_encode_sequence_multi(out, outlen,

119
                               LTC_ASN1_INTEGER, 1UL, r,

120
                               LTC_ASN1_INTEGER, 1UL, s,

121
                               LTC_ASN1_EOL, 0UL, NULL);

122
   }

123
   goto errnokey;

124
error:

125
   ecc_free(&pubkey);

126
errnokey:

127
   mp_clear_multi(r, s, p, e, b, NULL);

128
   return err;

129
}

130


131
/**

132
  Sign a message digest

133
  @param in        The message digest to sign

134
  @param inlen     The length of the digest

135
  @param out       [out] The destination for the signature

136
  @param outlen    [in/out] The max size and resulting size of the signature

137
  @param prng      An active PRNG state

138
  @param wprng     The index of the PRNG you wish to use

139
  @param key       A private ECC key

140
  @return CRYPT_OK if successful

141
*/

142
int ecc_sign_hash(const unsigned char *in,  unsigned long inlen,

143
                        unsigned char *out, unsigned long *outlen,

144
                        prng_state *prng, int wprng, ecc_key *key)

145
{

146
   return _ecc_sign_hash(in, inlen, out, outlen, prng, wprng, key, 0);

147
}

148


149
/**

150
  Sign a message digest in RFC7518 format

151
  @param in        The message digest to sign

152
  @param inlen     The length of the digest

153
  @param out       [out] The destination for the signature

154
  @param outlen    [in/out] The max size and resulting size of the signature

155
  @param prng      An active PRNG state

156
  @param wprng     The index of the PRNG you wish to use

157
  @param key       A private ECC key

158
  @return CRYPT_OK if successful

159
*/

160
int ecc_sign_hash_rfc7518(const unsigned char *in,  unsigned long inlen,

161
                                unsigned char *out, unsigned long *outlen,

162
                                prng_state *prng, int wprng, ecc_key *key)

163
{

164
   return _ecc_sign_hash(in, inlen, out, outlen, prng, wprng, key, 1);

165
}

166


167
#endif

168


169