Implement RFC 6979 determinstic signatures for DSA and ECDSA.

Drop the GNU MP engine. Its implementations were potentially faster in
some scenarios but not well protected against side channels.

2 files changed, 17 insertions, 0 deletions

diff --git a/src/lib/pubkey/rfc6979/rfc6979.cpp b/src/lib/pubkey/rfc6979/rfc6979.cpp
index 0bad4ecbf..21d6c356a 100644
--- a/src/lib/pubkey/rfc6979/rfc6979.cpp
+++ b/src/lib/pubkey/rfc6979/rfc6979.cpp
@@ -8,9 +8,24 @@
 #include <botan/rfc6979.h>
 #include <botan/hmac_drbg.h>
 #include <botan/libstate.h>
+#include <botan/scan_name.h>
 
 namespace Botan {
 
+std::string hash_for_deterministic_signature(const std::string& emsa)
+   {
+   SCAN_Name emsa_name(emsa);
+
+   if(emsa_name.arg_count() > 0)
+      {
+      const std::string pos_hash = emsa_name.arg(0);
+      if(global_state().algorithm_factory().prototype_hash_function(pos_hash))
+         return pos_hash;
+      }
+
+   return "SHA-512"; // safe default if nothing we understand
+   }
+
 BigInt generate_rfc6979_nonce(const BigInt& x,
                               const BigInt& q,
                               const BigInt& h,
diff --git a/src/lib/pubkey/rfc6979/rfc6979.h b/src/lib/pubkey/rfc6979/rfc6979.h
index 6184d0dbb..6e6073154 100644
--- a/src/lib/pubkey/rfc6979/rfc6979.h
+++ b/src/lib/pubkey/rfc6979/rfc6979.h
@@ -24,6 +24,8 @@ BigInt BOTAN_DLL generate_rfc6979_nonce(const BigInt& x,
                                         const BigInt& h,
                                         const std::string& hash);
 
+std::string hash_for_deterministic_signature(const std::string& emsa);
+
 }
 
 #endif