|
Packit |
aea12f |
/* ecdsa-hash.c
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
Copyright (C) 2013 Niels Möller
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This file is part of GNU Nettle.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
GNU Nettle is free software: you can redistribute it and/or
|
|
Packit |
aea12f |
modify it under the terms of either:
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
* the GNU Lesser General Public License as published by the Free
|
|
Packit |
aea12f |
Software Foundation; either version 3 of the License, or (at your
|
|
Packit |
aea12f |
option) any later version.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
or
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
* the GNU General Public License as published by the Free
|
|
Packit |
aea12f |
Software Foundation; either version 2 of the License, or (at your
|
|
Packit |
aea12f |
option) any later version.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
or both in parallel, as here.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
GNU Nettle is distributed in the hope that it will be useful,
|
|
Packit |
aea12f |
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
Packit |
aea12f |
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
Packit |
aea12f |
General Public License for more details.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
You should have received copies of the GNU General Public License and
|
|
Packit |
aea12f |
the GNU Lesser General Public License along with this program. If
|
|
Packit |
aea12f |
not, see https://www.gnu.org/licenses/.
|
|
Packit |
aea12f |
*/
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
/* Development of Nettle's ECC support was funded by the .SE Internet Fund. */
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
#if HAVE_CONFIG_H
|
|
Packit |
aea12f |
# include "config.h"
|
|
Packit |
aea12f |
#endif
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
#include <gnutls_int.h>
|
|
Packit |
aea12f |
|
|
Packit Service |
991b93 |
#include "ecc/ecc-internal.h"
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
/* Convert hash value to an integer. If the digest is larger than
|
|
Packit |
aea12f |
the ecc bit size, then we must truncate it and use the leftmost
|
|
Packit |
aea12f |
bits. */
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
/* NOTE: We don't considered the hash value to be secret, so it's ok
|
|
Packit |
aea12f |
if the running time of this conversion depends on h.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
Requires m->size + 1 limbs, the extra limb may be needed for
|
|
Packit |
aea12f |
unusual limb sizes.
|
|
Packit |
aea12f |
*/
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
void
|
|
Packit |
aea12f |
gost_hash (const struct ecc_modulo *m,
|
|
Packit |
aea12f |
mp_limb_t *hp,
|
|
Packit |
aea12f |
size_t length, const uint8_t *digest)
|
|
Packit |
aea12f |
{
|
|
Packit |
aea12f |
if (length > ((size_t) m->bit_size + 7) / 8)
|
|
Packit |
aea12f |
length = (m->bit_size + 7) / 8;
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
mpn_set_base256_le (hp, m->size + 1, digest, length);
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
if (8 * length > m->bit_size)
|
|
Packit |
aea12f |
/* We got a few extra bits, at the low end. Discard them. */
|
|
Packit |
aea12f |
mpn_rshift (hp, hp, m->size + 1, 8*length - m->bit_size);
|
|
Packit |
aea12f |
}
|