int elgv3sign(const mpbarrett* p, const mpbarrett* n, const mpnumber* g, randomGeneratorContext* rgc, const mpnumber* hm, const mpnumber* x, mpnumber* r, mpnumber* s) { register size_t size = p->size; register mpw* temp = (mpw*) malloc((6*size+2)*sizeof(mpw)); if (temp) { /* get a random k */ mpbrnd_w(p, rgc, temp, temp+2*size); /* compute r = g^k mod p */ mpnfree(r); mpnsize(r, size); mpbpowmod_w(p, g->size, g->data, size, temp, r->data, temp+2*size); /* compute u1 = x*r mod n */ mpbmulmod_w(n, x->size, x->data, size, r->data, temp+size, temp+2*size); /* compute u2 = k*h(m) mod n */ mpbmulmod_w(n, size, temp, hm->size, hm->data, temp, temp+2*size); /* compute s = u1+u2 mod n */ mpnfree(s); mpnsize(s, n->size); mpbaddmod_w(n, size, temp, size, temp+size, s->data, temp+2*size); free(temp); return 0; } return -1; }
/* * mpbslide_w * precomputes the sliding window table for computing powers of x modulo b * needs workspace (4*size+2) */ void mpbslide_w(const mpbarrett* b, size_t xsize, const mpw* xdata, mpw* slide, mpw* wksp) { register size_t size = b->size; mpbsqrmod_w(b, xsize, xdata, slide , wksp); /* x^2 mod b, temp */ mpbmulmod_w(b, xsize, xdata, size, slide , slide+size , wksp); /* x^3 mod b */ mpbmulmod_w(b, size, slide, size, slide+size , slide+2*size, wksp); /* x^5 mod b */ mpbmulmod_w(b, size, slide, size, slide+2*size, slide+3*size, wksp); /* x^7 mod b */ mpbmulmod_w(b, size, slide, size, slide+3*size, slide+4*size, wksp); /* x^9 mod b */ mpbmulmod_w(b, size, slide, size, slide+4*size, slide+5*size, wksp); /* x^11 mod b */ mpbmulmod_w(b, size, slide, size, slide+5*size, slide+6*size, wksp); /* x^13 mod b */ mpbmulmod_w(b, size, slide, size, slide+6*size, slide+7*size, wksp); /* x^15 mod b */ mpsetx(size, slide, xsize, xdata); /* x^1 mod b */ }
int elgv1sign(const mpbarrett* p, const mpbarrett* n, const mpnumber* g, randomGeneratorContext* rgc, const mpnumber* hm, const mpnumber* x, mpnumber* r, mpnumber* s) { register size_t size = p->size; register mpw* temp = (mpw*) malloc((8*size+6)*sizeof(mpw)); if (temp) { /* get a random k, invertible modulo (p-1) */ mpbrndinv_w(n, rgc, temp, temp+size, temp+2*size); /* compute r = g^k mod p */ mpnfree(r); mpnsize(r, size); mpbpowmod_w(p, g->size, g->data, size, temp, r->data, temp+2*size); /* compute x*r mod n */ mpbmulmod_w(n, x->size, x->data, r->size, r->data, temp, temp+2*size); /* compute -(x*r) mod n */ mpneg(size, temp); mpadd(size, temp, n->modl); /* compute h(m) - x*r mod n */ mpbaddmod_w(n, hm->size, hm->data, size, temp, temp, temp+2*size); /* compute s = inv(k)*(h(m) - x*r) mod n */ mpnfree(s); mpnsize(s, size); mpbmulmod_w(n, size, temp, size, temp+size, s->data, temp+2*size); free(temp); return 0; } return -1; }
int elgv1vrfy(const mpbarrett* p, const mpbarrett* n, const mpnumber* g, const mpnumber* hm, const mpnumber* y, const mpnumber* r, const mpnumber* s) { register size_t size = p->size; register mpw* temp; if (mpz(r->size, r->data)) return 0; if (mpgex(r->size, r->data, size, p->modl)) return 0; if (mpz(s->size, s->data)) return 0; if (mpgex(s->size, s->data, n->size, n->modl)) return 0; temp = (mpw*) malloc((6*size+2)*sizeof(mpw)); if (temp) { register int rc; /* compute u1 = y^r mod p */ mpbpowmod_w(p, y->size, y->data, r->size, r->data, temp, temp+2*size); /* compute u2 = r^s mod p */ mpbpowmod_w(p, r->size, r->data, s->size, s->data, temp+size, temp+2*size); /* compute v1 = u1*u2 mod p */ mpbmulmod_w(p, size, temp, size, temp+size, temp+size, temp+2*size); /* compute v2 = g^h(m) mod p */ mpbpowmod_w(p, g->size, g->data, hm->size, hm->data, temp, temp+2*size); rc = mpeq(size, temp, temp+size); free(temp); return rc; } return 0; }
int dsavrfy(const mpbarrett* p, const mpbarrett* q, const mpnumber* g, const mpnumber* hm, const mpnumber* y, const mpnumber* r, const mpnumber* s) { register size_t psize = p->size; register size_t qsize = q->size; register mpw* ptemp; register mpw* qtemp; register mpw* pwksp; register mpw* qwksp; register int rc = 0; /* h(m) shouldn't contain more bits than q */ if (mpbits(hm->size, hm->data) > mpbits(q->size, q->modl)) return rc; /* check 0 < r < q */ if (mpz(r->size, r->data)) return rc; if (mpgex(r->size, r->data, qsize, q->modl)) return rc; /* check 0 < s < q */ if (mpz(s->size, s->data)) return rc; if (mpgex(s->size, s->data, qsize, q->modl)) return rc; ptemp = (mpw*) malloc((6*psize+2)*sizeof(mpw)); if (ptemp == (mpw*) 0) return rc; qtemp = (mpw*) malloc((8*qsize+6)*sizeof(mpw)); if (qtemp == (mpw*) 0) { free(ptemp); return rc; } pwksp = ptemp+2*psize; qwksp = qtemp+2*qsize; mpsetx(qsize, qtemp+qsize, s->size, s->data); /* compute w = inv(s) mod q */ if (mpextgcd_w(qsize, q->modl, qtemp+qsize, qtemp, qwksp)) { /* compute u1 = h(m)*w mod q */ mpbmulmod_w(q, hm->size, hm->data, qsize, qtemp, qtemp+qsize, qwksp); /* compute u2 = r*w mod q */ mpbmulmod_w(q, r->size, r->data, qsize, qtemp, qtemp, qwksp); /* compute g^u1 mod p */ mpbpowmod_w(p, g->size, g->data, qsize, qtemp+qsize, ptemp, pwksp); /* compute y^u2 mod p */ mpbpowmod_w(p, y->size, y->data, qsize, qtemp, ptemp+psize, pwksp); /* multiply mod p */ mpbmulmod_w(p, psize, ptemp, psize, ptemp+psize, ptemp, pwksp); /* modulo q */ mpmod(ptemp+psize, psize, ptemp, qsize, q->modl, pwksp); rc = mpeqx(r->size, r->data, psize, ptemp+psize); } free(qtemp); free(ptemp); return rc; }
int dsasign(const mpbarrett* p, const mpbarrett* q, const mpnumber* g, randomGeneratorContext* rgc, const mpnumber* hm, const mpnumber* x, mpnumber* r, mpnumber* s) { register size_t psize = p->size; register size_t qsize = q->size; register mpw* ptemp; register mpw* qtemp; register mpw* pwksp; register mpw* qwksp; register int rc = -1; ptemp = (mpw*) malloc((5*psize+2)*sizeof(mpw)); if (ptemp == (mpw*) 0) return rc; qtemp = (mpw*) malloc((9*qsize+6)*sizeof(mpw)); if (qtemp == (mpw*) 0) { free(ptemp); return rc; } pwksp = ptemp+psize; qwksp = qtemp+3*qsize; /* allocate r */ mpnfree(r); mpnsize(r, qsize); /* get a random k, invertible modulo q; store k @ qtemp, inv(k) @ qtemp+qsize */ mpbrndinv_w(q, rgc, qtemp, qtemp+qsize, qwksp); /* g^k mod p */ mpbpowmod_w(p, g->size, g->data, qsize, qtemp, ptemp, pwksp); /* (g^k mod p) mod q - simple modulo */ mpmod(qtemp+2*qsize, psize, ptemp, qsize, q->modl, pwksp); mpcopy(qsize, r->data, qtemp+psize+qsize); /* allocate s */ mpnfree(s); mpnsize(s, qsize); /* x*r mod q */ mpbmulmod_w(q, x->size, x->data, r->size, r->data, qtemp, qwksp); /* add h(m) mod q */ mpbaddmod_w(q, qsize, qtemp, hm->size, hm->data, qtemp+2*qsize, qwksp); /* multiply inv(k) mod q */ mpbmulmod_w(q, qsize, qtemp+qsize, qsize, qtemp+2*qsize, s->data, qwksp); rc = 0; free(qtemp); free(ptemp); return rc; }
void mpbpowmodsld_w(const mpbarrett* b, const mpw* slide, size_t psize, const mpw* pdata, mpw* result, mpw* wksp) { /* * Modular exponentiation with precomputed sliding window table, so no x is required * */ size_t size = b->size; mpw temp; mpsetw(size, result, 1); while (psize) { if ((temp = *(pdata++))) /* break when first non-zero word found in power */ break; psize--; } /* if temp is still zero, then we're trying to raise x to power zero, and result stays one */ if (temp) { short l = 0, n = 0, count = MP_WBITS; /* first skip bits until we reach a one */ while (count) { if (temp & MP_MSBMASK) break; temp <<= 1; count--; } while (psize) { while (count) { byte bit = (temp & MP_MSBMASK) ? 1 : 0; n <<= 1; n += bit; if (n) { if (l) l++; else if (bit) l = 1; if (l == 4) { byte s = mpbslide_presq[n]; while (s--) mpbsqrmod_w(b, size, result, result, wksp); mpbmulmod_w(b, size, result, size, slide+mpbslide_mulg[n]*size, result, wksp); s = mpbslide_postsq[n]; while (s--) mpbsqrmod_w(b, size, result, result, wksp); l = n = 0; } } else mpbsqrmod_w(b, size, result, result, wksp); temp <<= 1; count--; } if (--psize) { count = MP_WBITS; temp = *(pdata++); } } if (n) { byte s = mpbslide_presq[n]; while (s--) mpbsqrmod_w(b, size, result, result, wksp); mpbmulmod_w(b, size, result, size, slide+mpbslide_mulg[n]*size, result, wksp); s = mpbslide_postsq[n]; while (s--) mpbsqrmod_w(b, size, result, result, wksp); } } }