diff options
| -rw-r--r-- | cipher/dsa.c | 8 | ||||
| -rw-r--r-- | cipher/ecc-ecdsa.c | 3 |
2 files changed, 6 insertions, 5 deletions
diff --git a/cipher/dsa.c b/cipher/dsa.c index 24a53528..b93e385e 100644 --- a/cipher/dsa.c +++ b/cipher/dsa.c @@ -635,16 +635,16 @@ sign (gcry_mpi_t r, gcry_mpi_t s, gcry_mpi_t input, DSA_secret_key *skey, k = _gcry_dsa_gen_k (skey->q, GCRY_STRONG_RANDOM); } + /* kinv = k^(-1) mod q */ + kinv = mpi_alloc( mpi_get_nlimbs(k) ); + mpi_invm(kinv, k, skey->q ); + _gcry_dsa_modify_k (k, skey->q, qbits); /* r = (a^k mod p) mod q */ mpi_powm( r, skey->g, k, skey->p ); mpi_fdiv_r( r, r, skey->q ); - /* kinv = k^(-1) mod q */ - kinv = mpi_alloc( mpi_get_nlimbs(k) ); - mpi_invm(kinv, k, skey->q ); - /* s = (kinv * ( hash + x * r)) mod q */ tmp = mpi_alloc( mpi_get_nlimbs(skey->p) ); mpi_mul( tmp, skey->x, r ); diff --git a/cipher/ecc-ecdsa.c b/cipher/ecc-ecdsa.c index 256f478b..d540578e 100644 --- a/cipher/ecc-ecdsa.c +++ b/cipher/ecc-ecdsa.c @@ -110,6 +110,8 @@ _gcry_ecc_ecdsa_sign (gcry_mpi_t input, mpi_ec_t ec, else k = _gcry_dsa_gen_k (ec->n, GCRY_STRONG_RANDOM); + mpi_invm (k_1, k, ec->n); /* k_1 = k^(-1) mod n */ + _gcry_dsa_modify_k (k, ec->n, qbits); _gcry_mpi_ec_mul_point (&I, k, ec->G, ec); @@ -129,7 +131,6 @@ _gcry_ecc_ecdsa_sign (gcry_mpi_t input, mpi_ec_t ec, mpi_mulm (dr, dr, r, ec->n); /* dr = d*r mod n */ mpi_mulm (sum, b, hash, ec->n); mpi_addm (sum, sum, dr, ec->n); /* sum = hash + (d*r) mod n */ - mpi_invm (k_1, k, ec->n); /* k_1 = k^(-1) mod n */ mpi_mulm (s, k_1, sum, ec->n); /* s = k^(-1)*(hash+(d*r)) mod n */ /* Undo blinding by b^-1 */ mpi_mulm (s, bi, s, ec->n); |