diff options
author | lloyd <[email protected]> | 2010-03-09 14:31:07 +0000 |
---|---|---|
committer | lloyd <[email protected]> | 2010-03-09 14:31:07 +0000 |
commit | 535eb4d66574a0a6d49554de40c277512c7fada1 (patch) | |
tree | a24cb69cd155a111e9e3aa75d820f87f55157a0a /src/pubkey/nr | |
parent | 80a3459993c6b4531617f5c4f8b32cbe98d15529 (diff) |
DSA and NR require certain parameters (which depend on the randomly
choosen nonce) not be 0. Previously it would just check and throw an
exception if this was the case. Change to generate a new nonce and
retry if this happens.
Diffstat (limited to 'src/pubkey/nr')
-rw-r--r-- | src/pubkey/nr/nr.cpp | 21 |
1 files changed, 12 insertions, 9 deletions
diff --git a/src/pubkey/nr/nr.cpp b/src/pubkey/nr/nr.cpp index cf59615da..f9ba37c41 100644 --- a/src/pubkey/nr/nr.cpp +++ b/src/pubkey/nr/nr.cpp @@ -99,20 +99,23 @@ NR_Signature_Operation::sign(const byte msg[], u32bit msg_len, { rng.add_entropy(msg, msg_len); - BigInt k; - do - k.randomize(rng, q.bits()); - while(k >= q); - BigInt f(msg, msg_len); if(f >= q) throw Invalid_Argument("NR_Signature_Operation: Input is out of range"); - BigInt c = mod_q.reduce(powermod_g_p(k) + f); - if(c.is_zero()) - throw Internal_Error("NR_Signature_Operation: c was zero"); - BigInt d = mod_q.reduce(k - x * c); + BigInt c, d; + + while(c == 0) + { + BigInt k; + do + k.randomize(rng, q.bits()); + while(k >= q); + + c = mod_q.reduce(powermod_g_p(k) + f); + d = mod_q.reduce(k - x * c); + } SecureVector<byte> output(2*q.bytes()); c.binary_encode(output + (output.size() / 2 - c.bytes())); |