Cryptography Reference
In-Depth Information
// s = ( inv(k) * ( z + xr ) ) % q
inv( &k, ¶ms->q );
set_huge( &signature->s, 0 );
copy_huge( &signature->s, private_key );
multiply( &signature->s, &signature->r );
add( &signature->s, &z );
multiply( &signature->s, &k );
copy_huge( &q, ¶ms->q );
divide( &signature->s, &q, NULL );
free_huge( &z );
}
Notice that this keeps essentially the same variable names that the specifi cation
suggests, although it does call
x
private_key
to make it a bit clearer what it does.
You should be able to follow the last parts of the code. I've added comments to
indicate what each section is doing with respect to the overall algorithm. Note
that this calls the
inv
routine defi ned in Listing 3-36 to compute (k
-1
% q) as
part of the computation of
s
. Also, the caller passes in the hash, not the message
itself; this makes the routine a bit more fl exible, although DSA is only offi cially
approved for use with SHA. The signature function doesn't know or care what
the original message was.
The computation of
k
is delegated to its own routine in Listing 4-32.
Listing 4-32:
“dsa.c” message secret generation
static void generate_message_secret( dsa_params *params, huge *k )
{
int i;
huge q;
huge one;
set_huge( &q, 0 ); // initialize this so that copy works
set_huge( &one, 1 );
copy_huge( &q, ¶ms->q );
subtract( &q, &one );
// XXX the extra + 8 aren't really necessary since we're not generating
// a random “c”
k->sign = 0;
k->size = params->q.size + 8;
k->rep = malloc( k->size );
// TODO this should be filled with random bytes
for ( i = 0; i < k->size; i++ )
{
k->rep[ i ] = i + 1;
}
Search WWH ::
Custom Search