diff options
author | lloyd <[email protected]> | 2010-03-09 02:39:31 +0000 |
---|---|---|
committer | lloyd <[email protected]> | 2010-03-09 02:39:31 +0000 |
commit | 4a9afbb99bb73e43bcb3a30379d6a2dd59dae76a (patch) | |
tree | 4f7a362be278ed63828afeae56444afcbf0b2dac /src/engine | |
parent | a4df64935b788e541206547d5d85665c191e2f5f (diff) |
Deconstify PK_Ops. It's quite reasonable that some op will want to
precompute only as needed, or will want to access some other expensive
resource or etc.
Change how the secret for generating blinding is done in cases where a
PRNG isn't available. Use the operations public op to hide the secret,
for instance the seed for a DH blinding variable is 2^x mod p.
Make use of being able to mutate internal structures in the RW signer,
since that does have access to a PRNG, so use it to initialize the
blinder on first call to sign().
Diffstat (limited to 'src/engine')
-rw-r--r-- | src/engine/gnump/gnump_pk.cpp | 18 | ||||
-rw-r--r-- | src/engine/openssl/openssl_pk.cpp | 20 |
2 files changed, 19 insertions, 19 deletions
diff --git a/src/engine/gnump/gnump_pk.cpp b/src/engine/gnump/gnump_pk.cpp index 3ca1f25ff..8d003a5d4 100644 --- a/src/engine/gnump/gnump_pk.cpp +++ b/src/engine/gnump/gnump_pk.cpp @@ -50,7 +50,7 @@ class GMP_DH_KA_Operation : public PK_Ops::Key_Agreement GMP_DH_KA_Operation(const DH_PrivateKey& dh) : x(dh.get_x()), p(dh.group_p()) {} - SecureVector<byte> agree(const byte w[], u32bit w_len) const + SecureVector<byte> agree(const byte w[], u32bit w_len) { GMP_MPZ z(w, w_len); mpz_powm(z.value, z.value, x.value, p.value); @@ -79,7 +79,7 @@ class GMP_DSA_Signature_Operation : public PK_Ops::Signature u32bit max_input_bits() const { return q_bits; } SecureVector<byte> sign(const byte msg[], u32bit msg_len, - RandomNumberGenerator& rng) const; + RandomNumberGenerator& rng); private: const GMP_MPZ x, p, q, g; u32bit q_bits; @@ -87,7 +87,7 @@ class GMP_DSA_Signature_Operation : public PK_Ops::Signature SecureVector<byte> GMP_DSA_Signature_Operation::sign(const byte msg[], u32bit msg_len, - RandomNumberGenerator& rng) const + RandomNumberGenerator& rng) { const u32bit q_bytes = (q_bits + 7) / 8; @@ -139,14 +139,14 @@ class GMP_DSA_Verification_Operation : public PK_Ops::Verification bool with_recovery() const { return false; } bool verify(const byte msg[], u32bit msg_len, - const byte sig[], u32bit sig_len) const; + const byte sig[], u32bit sig_len); private: const GMP_MPZ y, p, q, g; u32bit q_bits; }; bool GMP_DSA_Verification_Operation::verify(const byte msg[], u32bit msg_len, - const byte sig[], u32bit sig_len) const + const byte sig[], u32bit sig_len) { const u32bit q_bytes = q.bytes(); @@ -205,14 +205,14 @@ class GMP_RSA_Private_Operation : public PK_Ops::Signature, u32bit max_input_bits() const { return (n_bits - 1); } SecureVector<byte> sign(const byte msg[], u32bit msg_len, - RandomNumberGenerator& rng) const + RandomNumberGenerator&) { BigInt m(msg, msg_len); BigInt x = private_op(m); return BigInt::encode_1363(x, (n_bits + 7) / 8); } - SecureVector<byte> decrypt(const byte msg[], u32bit msg_len) const + SecureVector<byte> decrypt(const byte msg[], u32bit msg_len) { BigInt m(msg, msg_len); return BigInt::encode(private_op(m)); @@ -251,13 +251,13 @@ class GMP_RSA_Public_Operation : public PK_Ops::Verification, bool with_recovery() const { return true; } SecureVector<byte> encrypt(const byte msg[], u32bit msg_len, - RandomNumberGenerator&) const + RandomNumberGenerator&) { BigInt m(msg, msg_len); return BigInt::encode_1363(public_op(m), n.bytes()); } - SecureVector<byte> verify_mr(const byte msg[], u32bit msg_len) const + SecureVector<byte> verify_mr(const byte msg[], u32bit msg_len) { BigInt m(msg, msg_len); return BigInt::encode(public_op(m)); diff --git a/src/engine/openssl/openssl_pk.cpp b/src/engine/openssl/openssl_pk.cpp index ebc2bdd82..8b8e83ebe 100644 --- a/src/engine/openssl/openssl_pk.cpp +++ b/src/engine/openssl/openssl_pk.cpp @@ -43,7 +43,7 @@ class OSSL_DH_KA_Operation : public PK_Ops::Key_Agreement OSSL_DH_KA_Operation(const DH_PrivateKey& dh) : x(dh.get_x()), p(dh.group_p()) {} - SecureVector<byte> agree(const byte w[], u32bit w_len) const + SecureVector<byte> agree(const byte w[], u32bit w_len) { OSSL_BN i(w, w_len), r; BN_mod_exp(r.value, i.value, x.value, p.value, ctx.value); @@ -73,7 +73,7 @@ class OSSL_DSA_Signature_Operation : public PK_Ops::Signature u32bit max_input_bits() const { return q_bits; } SecureVector<byte> sign(const byte msg[], u32bit msg_len, - RandomNumberGenerator& rng) const; + RandomNumberGenerator& rng); private: const OSSL_BN x, p, q, g; const OSSL_BN_CTX ctx; @@ -82,7 +82,7 @@ class OSSL_DSA_Signature_Operation : public PK_Ops::Signature SecureVector<byte> OSSL_DSA_Signature_Operation::sign(const byte msg[], u32bit msg_len, - RandomNumberGenerator& rng) const + RandomNumberGenerator& rng) { const u32bit q_bytes = (q_bits + 7) / 8; @@ -133,7 +133,7 @@ class OSSL_DSA_Verification_Operation : public PK_Ops::Verification bool with_recovery() const { return false; } bool verify(const byte msg[], u32bit msg_len, - const byte sig[], u32bit sig_len) const; + const byte sig[], u32bit sig_len); private: const OSSL_BN y, p, q, g; const OSSL_BN_CTX ctx; @@ -141,7 +141,7 @@ class OSSL_DSA_Verification_Operation : public PK_Ops::Verification }; bool OSSL_DSA_Verification_Operation::verify(const byte msg[], u32bit msg_len, - const byte sig[], u32bit sig_len) const + const byte sig[], u32bit sig_len) { const u32bit q_bytes = q.bytes(); @@ -199,14 +199,14 @@ class OSSL_RSA_Private_Operation : public PK_Ops::Signature, u32bit max_input_bits() const { return (n_bits - 1); } SecureVector<byte> sign(const byte msg[], u32bit msg_len, - RandomNumberGenerator& rng) const + RandomNumberGenerator& rng) { BigInt m(msg, msg_len); BigInt x = private_op(m); return BigInt::encode_1363(x, (n_bits + 7) / 8); } - SecureVector<byte> decrypt(const byte msg[], u32bit msg_len) const + SecureVector<byte> decrypt(const byte msg[], u32bit msg_len) { BigInt m(msg, msg_len); return BigInt::encode(private_op(m)); @@ -234,7 +234,7 @@ BigInt OSSL_RSA_Private_Operation::private_op(const BigInt& m) const } class OSSL_RSA_Public_Operation : public PK_Ops::Verification, - public PK_Ops::Encryption + public PK_Ops::Encryption { public: OSSL_RSA_Public_Operation(const RSA_PublicKey& rsa) : @@ -245,13 +245,13 @@ class OSSL_RSA_Public_Operation : public PK_Ops::Verification, bool with_recovery() const { return true; } SecureVector<byte> encrypt(const byte msg[], u32bit msg_len, - RandomNumberGenerator&) const + RandomNumberGenerator&) { BigInt m(msg, msg_len); return BigInt::encode_1363(public_op(m), n.bytes()); } - SecureVector<byte> verify_mr(const byte msg[], u32bit msg_len) const + SecureVector<byte> verify_mr(const byte msg[], u32bit msg_len) { BigInt m(msg, msg_len); return BigInt::encode(public_op(m)); |