DSA sign improvement

2014-01-13 12:59:02 +01:00 · 2014-01-13 12:59:02 +01:00 · 67a547086c
commit 67a547086c
parent 3908c70d68
2 changed files with 6 additions and 11 deletions
--- a/src/pk/dsa/dsa_make_key.c
+++ b/src/pk/dsa/dsa_make_key.c
@ -107,7 +107,7 @@ int dsa_make_key(prng_state *prng, int wprng, int group_size, int modulus_size,
   qbits = mp_count_bits(key->q);
   do {
      if ((err = rand_bn_bits(key->x, qbits, prng, wprng)) != CRYPT_OK)                { goto error; }
-      /* private key x should be from range: 1 <= x <= q-1 */
+      /* private key x should be from range: 1 <= x <= q-1 (see FIPS 186-4 B.1.2) */
   } while (mp_cmp_d(key->x, 0) != LTC_MP_GT || mp_cmp(key->x, key->q) != LTC_MP_LT);
   if ((err = mp_exptmod(key->g, key->x, key->p, key->y)) != CRYPT_OK)                 { goto error; }
  
--- a/src/pk/dsa/dsa_sign_hash.c
+++ b/src/pk/dsa/dsa_sign_hash.c
@ -34,7 +34,7 @@ int dsa_sign_hash_raw(const unsigned char *in,  unsigned long inlen,
 {
   void         *k, *kinv, *tmp;
   unsigned char *buf;
-   int            err;
+   int            err, qbits;

   LTC_ARGCHK(in  != NULL);
   LTC_ARGCHK(r   != NULL);
@ -61,20 +61,15 @@ int dsa_sign_hash_raw(const unsigned char *in,  unsigned long inlen,
   /* Init our temps */
   if ((err = mp_init_multi(&k, &kinv, &tmp, NULL)) != CRYPT_OK)                       { goto ERRBUF; }

+   qbits = mp_count_bits(key->q);
 retry:

   do {
      /* gen random k */
-      if (prng_descriptor[wprng].read(buf, key->qord, prng) != (unsigned long)key->qord) {
-         err = CRYPT_ERROR_READPRNG;
-         goto error;
-      }
+      if ((err = rand_bn_bits(k, qbits, prng, wprng)) != CRYPT_OK)                     { goto error; }

-      /* read k */
-      if ((err = mp_read_unsigned_bin(k, buf, key->qord)) != CRYPT_OK)                 { goto error; }
-
-      /* k > 1 and k < q ? */
-      if (mp_cmp_d(k, 1) != LTC_MP_GT || mp_cmp(k, key->q) != LTC_MP_LT)               { goto retry; }
+      /* k should be from range: 1 <= k <= q-1 (see FIPS 186-4 B.2.2) */
+      if (mp_cmp_d(k, 0) != LTC_MP_GT || mp_cmp(k, key->q) != LTC_MP_LT)               { goto retry; }

      /* test gcd */
      if ((err = mp_gcd(k, key->q, tmp)) != CRYPT_OK)                                  { goto error; }