From 67a547086c45068061d8854a164467b35ea99651 Mon Sep 17 00:00:00 2001
From: Karel Miko <miko@dcit.cz>
Date: Mon, 13 Jan 2014 12:59:02 +0100
Subject: [PATCH] DSA sign improvement

---
 src/pk/dsa/dsa_make_key.c  |  2 +-
 src/pk/dsa/dsa_sign_hash.c | 15 +++++----------
 2 files changed, 6 insertions(+), 11 deletions(-)

diff --git a/src/pk/dsa/dsa_make_key.c b/src/pk/dsa/dsa_make_key.c
index fa9805c3..af3a81a6 100644
--- a/src/pk/dsa/dsa_make_key.c
+++ b/src/pk/dsa/dsa_make_key.c
@@ -107,7 +107,7 @@ int dsa_make_key(prng_state *prng, int wprng, int group_size, int modulus_size,
    qbits = mp_count_bits(key->q);
    do {
       if ((err = rand_bn_bits(key->x, qbits, prng, wprng)) != CRYPT_OK)                { goto error; }
-      /* private key x should be from range: 1 <= x <= q-1 */
+      /* private key x should be from range: 1 <= x <= q-1 (see FIPS 186-4 B.1.2) */
    } while (mp_cmp_d(key->x, 0) != LTC_MP_GT || mp_cmp(key->x, key->q) != LTC_MP_LT);
    if ((err = mp_exptmod(key->g, key->x, key->p, key->y)) != CRYPT_OK)                 { goto error; }
   
diff --git a/src/pk/dsa/dsa_sign_hash.c b/src/pk/dsa/dsa_sign_hash.c
index ef547917..3ccfcf57 100644
--- a/src/pk/dsa/dsa_sign_hash.c
+++ b/src/pk/dsa/dsa_sign_hash.c
@@ -34,7 +34,7 @@ int dsa_sign_hash_raw(const unsigned char *in,  unsigned long inlen,
 {
    void         *k, *kinv, *tmp;
    unsigned char *buf;
-   int            err;
+   int            err, qbits;
 
    LTC_ARGCHK(in  != NULL);
    LTC_ARGCHK(r   != NULL);
@@ -61,20 +61,15 @@ int dsa_sign_hash_raw(const unsigned char *in,  unsigned long inlen,
    /* Init our temps */
    if ((err = mp_init_multi(&k, &kinv, &tmp, NULL)) != CRYPT_OK)                       { goto ERRBUF; }
 
+   qbits = mp_count_bits(key->q);
 retry:
 
    do {
       /* gen random k */
-      if (prng_descriptor[wprng].read(buf, key->qord, prng) != (unsigned long)key->qord) {
-         err = CRYPT_ERROR_READPRNG;
-         goto error;
-      }
+      if ((err = rand_bn_bits(k, qbits, prng, wprng)) != CRYPT_OK)                     { goto error; }
 
-      /* read k */
-      if ((err = mp_read_unsigned_bin(k, buf, key->qord)) != CRYPT_OK)                 { goto error; }
-
-      /* k > 1 and k < q ? */
-      if (mp_cmp_d(k, 1) != LTC_MP_GT || mp_cmp(k, key->q) != LTC_MP_LT)               { goto retry; }
+      /* k should be from range: 1 <= k <= q-1 (see FIPS 186-4 B.2.2) */
+      if (mp_cmp_d(k, 0) != LTC_MP_GT || mp_cmp(k, key->q) != LTC_MP_LT)               { goto retry; }
 
       /* test gcd */
       if ((err = mp_gcd(k, key->q, tmp)) != CRYPT_OK)                                  { goto error; }