release/src/router/nettle/ecdsa-sign.c

   1 /* ecdsa-sign.c */
   2
   3 /* nettle, low-level cryptographics library
   4  *
   5  * Copyright (C) 2013 Niels Möller
   6  *
   7  * The nettle library is free software; you can redistribute it and/or modify
   8  * it under the terms of the GNU Lesser General Public License as published by
   9  * the Free Software Foundation; either version 2.1 of the License, or (at your
  10  * option) any later version.
  11  *
  12  * The nettle library is distributed in the hope that it will be useful, but
  13  * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
  14  * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public
  15  * License for more details.
  16  *
  17  * You should have received a copy of the GNU Lesser General Public License
  18  * along with the nettle library; see the file COPYING.LIB.  If not, write to
  19  * the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
  20  * MA 02111-1301, USA.
  21  */
  22
  23 /* Development of Nettle's ECC support was funded by the .SE Internet Fund. */
  24
  25 #if HAVE_CONFIG_H
  26 # include "config.h"
  27 #endif
  28
  29 #include <assert.h>
  30 #include <stdlib.h>
  31
  32 #include "ecdsa.h"
  33 #include "ecc-internal.h"
  34 #include "nettle-internal.h"
  35
  36 void
  37 ecdsa_sign (const struct ecc_scalar *key,
  38             void *random_ctx, nettle_random_func *random,
  39             unsigned digest_length,
  40             const uint8_t *digest,
  41             struct dsa_signature *signature)
  42 {
  43   /* At most 936 bytes. */
  44   TMP_DECL(k, mp_limb_t, ECC_MAX_SIZE + ECC_ECDSA_SIGN_ITCH (ECC_MAX_SIZE));
  45   mp_limb_t size = key->ecc->size;
  46   mp_limb_t *rp = mpz_limbs_write (signature->r, size);
  47   mp_limb_t *sp = mpz_limbs_write (signature->s, size);
  48
  49   TMP_ALLOC (k, size + ECC_ECDSA_SIGN_ITCH (size));
  50
  51   /* Timing reveals the number of rounds through this loop, but the
  52      timing is still independent of the secret k finally used. */
  53   do
  54     {
  55       ecc_modq_random (key->ecc, k, random_ctx, random, k + size);
  56       ecc_ecdsa_sign (key->ecc, key->p, k, digest_length, digest,
  57                    rp, sp, k + size);
  58       mpz_limbs_finish (signature->r, size);
  59       mpz_limbs_finish (signature->s, size);
  60     }
  61   while (mpz_sgn (signature->r) == 0 || mpz_sgn (signature->s) == 0);
  62 }