From e271b9fdbeae00f234a9ec444df1594ff57557de Mon Sep 17 00:00:00 2001
From: Karel Miko <miko@dcit.cz>
Date: Tue, 7 Jan 2014 21:39:25 +0100
Subject: [PATCH] ECC key pair generation according to FIPS-186-4

---
 src/headers/tomcrypt_pk.h |  2 ++
 src/math/rand_bn.c        | 69 +++++++++++++++++++++++++++++++++++++++
 2 files changed, 71 insertions(+)
 create mode 100755 src/math/rand_bn.c

diff --git a/src/headers/tomcrypt_pk.h b/src/headers/tomcrypt_pk.h
index 0d1e725..2a8987b 100644
--- a/src/headers/tomcrypt_pk.h
+++ b/src/headers/tomcrypt_pk.h
@@ -6,6 +6,8 @@ enum {
 };
 
 int rand_prime(void *N, long len, prng_state *prng, int wprng);
+int rand_bn_bits(void *N, int bits, prng_state *prng, int wprng);
+int rand_bn_range(void *N, void *limit, prng_state *prng, int wprng);
 
 enum {
    PKA_RSA,
diff --git a/src/math/rand_bn.c b/src/math/rand_bn.c
new file mode 100755
index 0000000..c066501
--- /dev/null
+++ b/src/math/rand_bn.c
@@ -0,0 +1,69 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ */
+#include "tomcrypt.h"
+
+/**
+  Generate a random number N with given bitlength (note: MSB can be 0)
+*/
+
+int rand_bn_bits(void *N, int bits, prng_state *prng, int wprng)
+{
+   int res, bytes;
+   unsigned char *buf, mask;
+
+   LTC_ARGCHK(N != NULL);
+   LTC_ARGCHK(bits > 1);
+
+   /* check PRNG */
+   if ((res = prng_is_valid(wprng)) != CRYPT_OK) return res;
+
+   bytes = (bits+7) >> 3;
+   mask = 0xff << (8 - bits % 8);
+
+   /* allocate buffer */
+   if ((buf = XCALLOC(1, bytes)) == NULL) return CRYPT_MEM;
+
+   /* generate random bytes */
+   if (prng_descriptor[wprng].read(buf, bytes, prng) != (unsigned long)bytes) {
+      res = CRYPT_ERROR_READPRNG;
+      goto cleanup;
+   }
+   /* mask bits */
+   buf[0] &= ~mask;
+   /* load value */
+   if ((res = mp_read_unsigned_bin(N, buf, bytes)) != CRYPT_OK) goto cleanup;
+
+   res = CRYPT_OK;
+
+cleanup:
+#ifdef LTC_CLEAN_STACK
+   zeromem(buf, len);
+#endif
+   XFREE(buf);
+   return res;
+}
+
+/**
+  Generate a random number N in a range: 0 <= N < limit
+*/
+int rand_bn_range(void *N, void *limit, prng_state *prng, int wprng)
+{
+   int res;
+
+   LTC_ARGCHK(N != NULL);
+   LTC_ARGCHK(limit != NULL);
+
+   do {
+     res = rand_bn_bits(N, mp_count_bits(limit), prng, wprng);
+     if (res != CRYPT_OK) return res;
+   } while (mp_cmp(N, limit) != LTC_MP_LT);
+
+   return CRYPT_OK;
+}