diff options
author | Dmitry Eremin-Solenikov <dbaryshkov@gmail.com> | 2018-11-13 02:45:18 +0300 |
---|---|---|
committer | Dmitry Eremin-Solenikov <dbaryshkov@gmail.com> | 2018-11-16 03:36:27 +0300 |
commit | 3ec994cd50a9cc2650f6825d9b866b3fa7b8851b (patch) | |
tree | 5bc75afe7e7641fc14521f8337313215e34a753f | |
parent | 9e58b6b67cebcc4fb0d1b7550d0663947fedf09f (diff) | |
download | gnutls-3ec994cd50a9cc2650f6825d9b866b3fa7b8851b.tar.gz |
nettle/gost: support GOST key unmasking
New Russian reccomendation defines 'key masking' in the form of
several concatenated numbers, which must be multiplied modulo Q to get
private key.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
-rw-r--r-- | lib/nettle/Makefile.am | 2 | ||||
-rw-r--r-- | lib/nettle/gost/gostdsa-mask.c | 81 | ||||
-rw-r--r-- | lib/nettle/gost/gostdsa.h | 5 |
3 files changed, 87 insertions, 1 deletions
diff --git a/lib/nettle/Makefile.am b/lib/nettle/Makefile.am index b3d9ec5dac..30a195b52b 100644 --- a/lib/nettle/Makefile.am +++ b/lib/nettle/Makefile.am @@ -84,6 +84,6 @@ libcrypto_la_SOURCES += \ gost/ecc-gost512a.c gost/ecc-gost512a-32.h gost/ecc-gost512a-64.h \ gost/ecc-internal.h gost/gmp-glue.h \ gost/ecc-gostdsa-sign.c gost/ecc-gostdsa-verify.c \ - gost/gostdsa-sign.c gost/gostdsa-verify.c \ + gost/gostdsa-mask.c gost/gostdsa-sign.c gost/gostdsa-verify.c \ gost/gostdsa.h gost/ecc-gost-curve.h gost/ecc-gost-hash.c endif diff --git a/lib/nettle/gost/gostdsa-mask.c b/lib/nettle/gost/gostdsa-mask.c new file mode 100644 index 0000000000..cb9a30280b --- /dev/null +++ b/lib/nettle/gost/gostdsa-mask.c @@ -0,0 +1,81 @@ +/* gostdsa-verify.c + + Copyright (C) 2018 Dmitry Eremin-Solenikov + + This file is part of GNU Nettle. + + GNU Nettle is free software: you can redistribute it and/or + modify it under the terms of either: + + * the GNU Lesser General Public License as published by the Free + Software Foundation; either version 3 of the License, or (at your + option) any later version. + + or + + * the GNU General Public License as published by the Free + Software Foundation; either version 2 of the License, or (at your + option) any later version. + + or both in parallel, as here. + + GNU Nettle is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received copies of the GNU General Public License and + the GNU Lesser General Public License along with this program. If + not, see http://www.gnu.org/licenses/. +*/ + +#if HAVE_CONFIG_H +# include "config.h" +#endif + +#include <gnutls_int.h> + +#include <stdlib.h> + +#include "gostdsa.h" +#include "ecc-internal.h" + +#include "gmp-glue.h" + +/* Key comes in form .... M_2 M_1 K_0, + unmask is K_i = K_i-1 * M_i mod Q */ +int +gostdsa_unmask_key (const struct ecc_curve *ecc, + mpz_t key) +{ + unsigned bits = ecc_bit_size (ecc); + unsigned keybits = mpz_sizeinbase (key, 2); + mpz_t unmasked, temp, temp2, q; + + if (keybits <= bits) + return 0; + + mpz_init (unmasked); + mpz_init (temp); + mpz_init (temp2); + mpz_roinit_n (q, ecc->q.m, ecc->q.size); + mpz_tdiv_r_2exp (unmasked, key, bits); + mpz_tdiv_q_2exp (key, key, bits); + keybits -= bits; + while (keybits > bits) + { + mpz_tdiv_r_2exp (temp2, key, bits); + mpz_tdiv_q_2exp (key, key, bits); + keybits -= bits; + mpz_mul (temp, unmasked, temp2); + mpz_mod (unmasked, temp, q); + } + mpz_mul (temp, unmasked, key); + mpz_mod (key, temp, q); + + mpz_clear (temp2); + mpz_clear (temp); + mpz_clear (unmasked); + + return 0; +} diff --git a/lib/nettle/gost/gostdsa.h b/lib/nettle/gost/gostdsa.h index 7546176267..106d17c165 100644 --- a/lib/nettle/gost/gostdsa.h +++ b/lib/nettle/gost/gostdsa.h @@ -46,6 +46,7 @@ extern "C" { /* Name mangling */ #define gostdsa_sign _gnutls_gostdsa_sign #define gostdsa_verify _gnutls_gostdsa_verify +#define gostdsa_unmask_key _gnutls_gostdsa_unmask_key #define ecc_gostdsa_sign _gnutls_ecc_gostdsa_sign #define ecc_gostdsa_sign_itch _gnutls_ecc_gostdsa_sign_itch #define ecc_gostdsa_verify _gnutls_ecc_gostdsa_verify @@ -70,6 +71,10 @@ gostdsa_verify (const struct ecc_point *pub, size_t length, const uint8_t *digest, const struct dsa_signature *signature); +int +gostdsa_unmask_key (const struct ecc_curve *ecc, + mpz_t key); + /* Low-level GOSTDSA functions. */ mp_size_t ecc_gostdsa_sign_itch (const struct ecc_curve *ecc); |