int elgv3sign(const mpbarrett* p, const mpbarrett* n, const mpnumber* g, randomGeneratorContext* rgc, const mpnumber* hm, const mpnumber* x, mpnumber* r, mpnumber* s)
{
register size_t size = p->size;
register mpw* temp = (mpw*) malloc((6*size+2)*sizeof(mpw));
if (temp)
{
/* get a random k */
mpbrnd_w(p, rgc, temp, temp+2*size);
/* compute r = g^k mod p */
mpnfree(r);
mpnsize(r, size);
mpbpowmod_w(p, g->size, g->data, size, temp, r->data, temp+2*size);
/* compute u1 = x*r mod n */
mpbmulmod_w(n, x->size, x->data, size, r->data, temp+size, temp+2*size);
/* compute u2 = k*h(m) mod n */
mpbmulmod_w(n, size, temp, hm->size, hm->data, temp, temp+2*size);
/* compute s = u1+u2 mod n */
mpnfree(s);
mpnsize(s, n->size);
mpbaddmod_w(n, size, temp, size, temp+size, s->data, temp+2*size);
free(temp);
return 0;
}
return -1;
}
/*
* mpbslide_w
* precomputes the sliding window table for computing powers of x modulo b
* needs workspace (4*size+2)
*/
void mpbslide_w(const mpbarrett* b, size_t xsize, const mpw* xdata, mpw* slide, mpw* wksp)
{
register size_t size = b->size;
mpbsqrmod_w(b, xsize, xdata, slide , wksp); /* x^2 mod b, temp */
mpbmulmod_w(b, xsize, xdata, size, slide , slide+size , wksp); /* x^3 mod b */
mpbmulmod_w(b, size, slide, size, slide+size , slide+2*size, wksp); /* x^5 mod b */
mpbmulmod_w(b, size, slide, size, slide+2*size, slide+3*size, wksp); /* x^7 mod b */
mpbmulmod_w(b, size, slide, size, slide+3*size, slide+4*size, wksp); /* x^9 mod b */
mpbmulmod_w(b, size, slide, size, slide+4*size, slide+5*size, wksp); /* x^11 mod b */
mpbmulmod_w(b, size, slide, size, slide+5*size, slide+6*size, wksp); /* x^13 mod b */
mpbmulmod_w(b, size, slide, size, slide+6*size, slide+7*size, wksp); /* x^15 mod b */
mpsetx(size, slide, xsize, xdata); /* x^1 mod b */
}
int elgv1sign(const mpbarrett* p, const mpbarrett* n, const mpnumber* g, randomGeneratorContext* rgc, const mpnumber* hm, const mpnumber* x, mpnumber* r, mpnumber* s)
{
register size_t size = p->size;
register mpw* temp = (mpw*) malloc((8*size+6)*sizeof(mpw));
if (temp)
{
/* get a random k, invertible modulo (p-1) */
mpbrndinv_w(n, rgc, temp, temp+size, temp+2*size);
/* compute r = g^k mod p */
mpnfree(r);
mpnsize(r, size);
mpbpowmod_w(p, g->size, g->data, size, temp, r->data, temp+2*size);
/* compute x*r mod n */
mpbmulmod_w(n, x->size, x->data, r->size, r->data, temp, temp+2*size);
/* compute -(x*r) mod n */
mpneg(size, temp);
mpadd(size, temp, n->modl);
/* compute h(m) - x*r mod n */
mpbaddmod_w(n, hm->size, hm->data, size, temp, temp, temp+2*size);
/* compute s = inv(k)*(h(m) - x*r) mod n */
mpnfree(s);
mpnsize(s, size);
mpbmulmod_w(n, size, temp, size, temp+size, s->data, temp+2*size);
free(temp);
return 0;
}
return -1;
}
int elgv1vrfy(const mpbarrett* p, const mpbarrett* n, const mpnumber* g, const mpnumber* hm, const mpnumber* y, const mpnumber* r, const mpnumber* s)
{
register size_t size = p->size;
register mpw* temp;
if (mpz(r->size, r->data))
return 0;
if (mpgex(r->size, r->data, size, p->modl))
return 0;
if (mpz(s->size, s->data))
return 0;
if (mpgex(s->size, s->data, n->size, n->modl))
return 0;
temp = (mpw*) malloc((6*size+2)*sizeof(mpw));
if (temp)
{
register int rc;
/* compute u1 = y^r mod p */
mpbpowmod_w(p, y->size, y->data, r->size, r->data, temp, temp+2*size);
/* compute u2 = r^s mod p */
mpbpowmod_w(p, r->size, r->data, s->size, s->data, temp+size, temp+2*size);
/* compute v1 = u1*u2 mod p */
mpbmulmod_w(p, size, temp, size, temp+size, temp+size, temp+2*size);
/* compute v2 = g^h(m) mod p */
mpbpowmod_w(p, g->size, g->data, hm->size, hm->data, temp, temp+2*size);
rc = mpeq(size, temp, temp+size);
free(temp);
return rc;
}
return 0;
}
int dsavrfy(const mpbarrett* p, const mpbarrett* q, const mpnumber* g, const mpnumber* hm, const mpnumber* y, const mpnumber* r, const mpnumber* s)
{
register size_t psize = p->size;
register size_t qsize = q->size;
register mpw* ptemp;
register mpw* qtemp;
register mpw* pwksp;
register mpw* qwksp;
register int rc = 0;
/* h(m) shouldn't contain more bits than q */
if (mpbits(hm->size, hm->data) > mpbits(q->size, q->modl))
return rc;
/* check 0 < r < q */
if (mpz(r->size, r->data))
return rc;
if (mpgex(r->size, r->data, qsize, q->modl))
return rc;
/* check 0 < s < q */
if (mpz(s->size, s->data))
return rc;
if (mpgex(s->size, s->data, qsize, q->modl))
return rc;
ptemp = (mpw*) malloc((6*psize+2)*sizeof(mpw));
if (ptemp == (mpw*) 0)
return rc;
qtemp = (mpw*) malloc((8*qsize+6)*sizeof(mpw));
if (qtemp == (mpw*) 0)
{
free(ptemp);
return rc;
}
pwksp = ptemp+2*psize;
qwksp = qtemp+2*qsize;
mpsetx(qsize, qtemp+qsize, s->size, s->data);
/* compute w = inv(s) mod q */
if (mpextgcd_w(qsize, q->modl, qtemp+qsize, qtemp, qwksp))
{
/* compute u1 = h(m)*w mod q */
mpbmulmod_w(q, hm->size, hm->data, qsize, qtemp, qtemp+qsize, qwksp);
/* compute u2 = r*w mod q */
mpbmulmod_w(q, r->size, r->data, qsize, qtemp, qtemp, qwksp);
/* compute g^u1 mod p */
mpbpowmod_w(p, g->size, g->data, qsize, qtemp+qsize, ptemp, pwksp);
/* compute y^u2 mod p */
mpbpowmod_w(p, y->size, y->data, qsize, qtemp, ptemp+psize, pwksp);
/* multiply mod p */
mpbmulmod_w(p, psize, ptemp, psize, ptemp+psize, ptemp, pwksp);
/* modulo q */
mpmod(ptemp+psize, psize, ptemp, qsize, q->modl, pwksp);
rc = mpeqx(r->size, r->data, psize, ptemp+psize);
}
free(qtemp);
free(ptemp);
return rc;
}
int dsasign(const mpbarrett* p, const mpbarrett* q, const mpnumber* g, randomGeneratorContext* rgc, const mpnumber* hm, const mpnumber* x, mpnumber* r, mpnumber* s)
{
register size_t psize = p->size;
register size_t qsize = q->size;
register mpw* ptemp;
register mpw* qtemp;
register mpw* pwksp;
register mpw* qwksp;
register int rc = -1;
ptemp = (mpw*) malloc((5*psize+2)*sizeof(mpw));
if (ptemp == (mpw*) 0)
return rc;
qtemp = (mpw*) malloc((9*qsize+6)*sizeof(mpw));
if (qtemp == (mpw*) 0)
{
free(ptemp);
return rc;
}
pwksp = ptemp+psize;
qwksp = qtemp+3*qsize;
/* allocate r */
mpnfree(r);
mpnsize(r, qsize);
/* get a random k, invertible modulo q; store k @ qtemp, inv(k) @ qtemp+qsize */
mpbrndinv_w(q, rgc, qtemp, qtemp+qsize, qwksp);
/* g^k mod p */
mpbpowmod_w(p, g->size, g->data, qsize, qtemp, ptemp, pwksp);
/* (g^k mod p) mod q - simple modulo */
mpmod(qtemp+2*qsize, psize, ptemp, qsize, q->modl, pwksp);
mpcopy(qsize, r->data, qtemp+psize+qsize);
/* allocate s */
mpnfree(s);
mpnsize(s, qsize);
/* x*r mod q */
mpbmulmod_w(q, x->size, x->data, r->size, r->data, qtemp, qwksp);
/* add h(m) mod q */
mpbaddmod_w(q, qsize, qtemp, hm->size, hm->data, qtemp+2*qsize, qwksp);
/* multiply inv(k) mod q */
mpbmulmod_w(q, qsize, qtemp+qsize, qsize, qtemp+2*qsize, s->data, qwksp);
rc = 0;
free(qtemp);
free(ptemp);
return rc;
}
void mpbpowmodsld_w(const mpbarrett* b, const mpw* slide, size_t psize, const mpw* pdata, mpw* result, mpw* wksp)
{
/*
* Modular exponentiation with precomputed sliding window table, so no x is required
*
*/
size_t size = b->size;
mpw temp;
mpsetw(size, result, 1);
while (psize)
{
if ((temp = *(pdata++))) /* break when first non-zero word found in power */
break;
psize--;
}
/* if temp is still zero, then we're trying to raise x to power zero, and result stays one */
if (temp)
{
short l = 0, n = 0, count = MP_WBITS;
/* first skip bits until we reach a one */
while (count)
{
if (temp & MP_MSBMASK)
break;
temp <<= 1;
count--;
}
while (psize)
{
while (count)
{
byte bit = (temp & MP_MSBMASK) ? 1 : 0;
n <<= 1;
n += bit;
if (n)
{
if (l)
l++;
else if (bit)
l = 1;
if (l == 4)
{
byte s = mpbslide_presq[n];
while (s--)
mpbsqrmod_w(b, size, result, result, wksp);
mpbmulmod_w(b, size, result, size, slide+mpbslide_mulg[n]*size, result, wksp);
s = mpbslide_postsq[n];
while (s--)
mpbsqrmod_w(b, size, result, result, wksp);
l = n = 0;
}
}
else
mpbsqrmod_w(b, size, result, result, wksp);
temp <<= 1;
count--;
}
if (--psize)
{
count = MP_WBITS;
temp = *(pdata++);
}
}
if (n)
{
byte s = mpbslide_presq[n];
while (s--)
mpbsqrmod_w(b, size, result, result, wksp);
mpbmulmod_w(b, size, result, size, slide+mpbslide_mulg[n]*size, result, wksp);
s = mpbslide_postsq[n];
while (s--)
mpbsqrmod_w(b, size, result, result, wksp);
}
}
}
