Add PK_Signer::signature_length

author: Jack Lloyd <[email protected]> 2018-08-09 14:05:29 -0400
committer: Jack Lloyd <[email protected]> 2018-08-10 10:12:49 -0400
commit: 1e18edf2673519c8f8c01dbbaacc5a189f0c0a92 (patch)
tree: 40a7c64752842ce9298de220860af38fe80bb882 /src/lib/pubkey
parent: fe242c20a01ae2e8a4589c353cdbc080ae629487 (diff)
15 files changed, 69 insertions, 2 deletions
diff --git a/src/lib/pubkey/dl_group/dl_group.cpp b/src/lib/pubkey/dl_group/dl_group.cpp
index abc14ec0c..804859044 100644
--- a/src/lib/pubkey/dl_group/dl_group.cpp
+++ b/src/lib/pubkey/dl_group/dl_group.cpp
@@ -67,6 +67,7 @@ class DL_Group_Data final
       size_t p_bits() const { return m_p_bits; }
       size_t q_bits() const { return m_q_bits; }
       size_t p_bytes() const { return (m_p_bits + 7) / 8; }
+      size_t q_bytes() const { return (m_q_bits + 7) / 8; }
 
       size_t estimated_strength() const { return m_estimated_strength; }
 
@@ -448,6 +449,12 @@ size_t DL_Group::q_bits() const
    return data().q_bits();
    }
 
+size_t DL_Group::q_bytes() const
+   {
+   data().assert_q_is_set("q_bytes");
+   return data().q_bytes();
+   }
+
 size_t DL_Group::estimated_strength() const
    {
    return data().estimated_strength();
diff --git a/src/lib/pubkey/dl_group/dl_group.h b/src/lib/pubkey/dl_group/dl_group.h
index 6bc918761..43756c806 100644
--- a/src/lib/pubkey/dl_group/dl_group.h
+++ b/src/lib/pubkey/dl_group/dl_group.h
@@ -269,6 +269,13 @@ class BOTAN_PUBLIC_API(2,0) DL_Group final
       size_t q_bits() const;
 
       /**
+      * Return the size of q in bytes
+      * Same as get_q().bytes()
+      * Throws if q is unset
+      */
+      size_t q_bytes() const;
+
+      /**
       * Return size in bits of a secret exponent
       *
       * This attempts to balance between the attack costs of NFS
diff --git a/src/lib/pubkey/dsa/dsa.cpp b/src/lib/pubkey/dsa/dsa.cpp
index 35240292c..412270173 100644
--- a/src/lib/pubkey/dsa/dsa.cpp
+++ b/src/lib/pubkey/dsa/dsa.cpp
@@ -89,7 +89,8 @@ class DSA_Signature_Operation final : public PK_Ops::Signature_with_EMSA
          m_b_inv = m_group.inverse_mod_q(m_b);
          }
 
-      size_t max_input_bits() const override { return m_group.get_q().bits(); }
+      size_t signature_length() const override { return 2*m_group.q_bytes(); }
+      size_t max_input_bits() const override { return m_group.q_bits(); }
 
       secure_vector<uint8_t> raw_sign(const uint8_t msg[], size_t msg_len,
                                    RandomNumberGenerator& rng) override;
@@ -157,7 +158,7 @@ class DSA_Verification_Operation final : public PK_Ops::Verification_with_EMSA
          {
          }
 
-      size_t max_input_bits() const override { return m_group.get_q().bits(); }
+      size_t max_input_bits() const override { return m_group.q_bits(); }
 
       bool with_recovery() const override { return false; }
 
diff --git a/src/lib/pubkey/ecdsa/ecdsa.cpp b/src/lib/pubkey/ecdsa/ecdsa.cpp
index a239aab73..cbb9eba67 100644
--- a/src/lib/pubkey/ecdsa/ecdsa.cpp
+++ b/src/lib/pubkey/ecdsa/ecdsa.cpp
@@ -65,6 +65,8 @@ class ECDSA_Signature_Operation final : public PK_Ops::Signature_with_EMSA
          m_b_inv = m_group.inverse_mod_order(m_b);
          }
 
+      size_t signature_length() const override { return 2*m_group.get_order_bytes(); }
+
       size_t max_input_bits() const override { return m_group.get_order_bits(); }
 
       secure_vector<uint8_t> raw_sign(const uint8_t msg[], size_t msg_len,
diff --git a/src/lib/pubkey/ecgdsa/ecgdsa.cpp b/src/lib/pubkey/ecgdsa/ecgdsa.cpp
index 61b7ae055..7ed876315 100644
--- a/src/lib/pubkey/ecgdsa/ecgdsa.cpp
+++ b/src/lib/pubkey/ecgdsa/ecgdsa.cpp
@@ -46,6 +46,8 @@ class ECGDSA_Signature_Operation final : public PK_Ops::Signature_with_EMSA
       secure_vector<uint8_t> raw_sign(const uint8_t msg[], size_t msg_len,
                                       RandomNumberGenerator& rng) override;
 
+      size_t signature_length() const override { return 2*m_group.get_order_bytes(); }
+
       size_t max_input_bits() const override { return m_group.get_order_bits(); }
 
    private:
diff --git a/src/lib/pubkey/eckcdsa/eckcdsa.cpp b/src/lib/pubkey/eckcdsa/eckcdsa.cpp
index 90716228a..40d942514 100644
--- a/src/lib/pubkey/eckcdsa/eckcdsa.cpp
+++ b/src/lib/pubkey/eckcdsa/eckcdsa.cpp
@@ -61,6 +61,7 @@ class ECKCDSA_Signature_Operation final : public PK_Ops::Signature_with_EMSA
       secure_vector<uint8_t> raw_sign(const uint8_t msg[], size_t msg_len,
                                       RandomNumberGenerator& rng) override;
 
+      size_t signature_length() const override { return 2*m_group.get_order_bytes(); }
       size_t max_input_bits() const override { return m_group.get_order_bits(); }
 
       bool has_prefix() override { return true; }
diff --git a/src/lib/pubkey/ed25519/ed25519_key.cpp b/src/lib/pubkey/ed25519/ed25519_key.cpp
index 5f5aff369..bdb6a8547 100644
--- a/src/lib/pubkey/ed25519/ed25519_key.cpp
+++ b/src/lib/pubkey/ed25519/ed25519_key.cpp
@@ -175,6 +175,8 @@ class Ed25519_Pure_Sign_Operation final : public PK_Ops::Signature
          return sig;
          }
 
+      size_t signature_length() const override { return 64; }
+
    private:
       std::vector<uint8_t> m_msg;
       const Ed25519_PrivateKey& m_key;
@@ -191,6 +193,8 @@ class Ed25519_Hashed_Sign_Operation final : public PK_Ops::Signature
          m_hash = HashFunction::create_or_throw(hash);
          }
 
+      size_t signature_length() const override { return 64; }
+
       void update(const uint8_t msg[], size_t msg_len) override
          {
          m_hash->update(msg, msg_len);
diff --git a/src/lib/pubkey/gost_3410/gost_3410.cpp b/src/lib/pubkey/gost_3410/gost_3410.cpp
index d6e8874ab..d2324fd13 100644
--- a/src/lib/pubkey/gost_3410/gost_3410.cpp
+++ b/src/lib/pubkey/gost_3410/gost_3410.cpp
@@ -108,6 +108,8 @@ class GOST_3410_Signature_Operation final : public PK_Ops::Signature_with_EMSA
          m_x(gost_3410.private_value())
          {}
 
+      size_t signature_length() const override { return 2*m_group.get_order_bytes(); }
+
       size_t max_input_bits() const override { return m_group.get_order_bits(); }
 
       secure_vector<uint8_t> raw_sign(const uint8_t msg[], size_t msg_len,
diff --git a/src/lib/pubkey/pk_ops.h b/src/lib/pubkey/pk_ops.h
index 0aaf0b0df..3e38cc8ca 100644
--- a/src/lib/pubkey/pk_ops.h
+++ b/src/lib/pubkey/pk_ops.h
@@ -99,6 +99,11 @@ class BOTAN_PUBLIC_API(2,0) Signature
       */
       virtual secure_vector<uint8_t> sign(RandomNumberGenerator& rng) = 0;
 
+      /*
+      * Return an upper bound on the length of the output signature
+      */
+      virtual size_t signature_length() const = 0;
+
       virtual ~Signature() = default;
    };
 
diff --git a/src/lib/pubkey/pubkey.cpp b/src/lib/pubkey/pubkey.cpp
index 99d892766..6296adbb2 100644
--- a/src/lib/pubkey/pubkey.cpp
+++ b/src/lib/pubkey/pubkey.cpp
@@ -252,6 +252,22 @@ std::vector<uint8_t> der_encode_signature(const std::vector<uint8_t>& sig,
 
 }
 
+size_t PK_Signer::signature_length() const
+   {
+   if(m_sig_format == IEEE_1363)
+      {
+      return m_op->signature_length();
+      }
+   else if(m_sig_format == DER_SEQUENCE)
+      {
+      // This is a large over-estimate but its easier than computing
+      // the exact value
+      return m_op->signature_length() + (8 + 4*m_parts);
+      }
+   else
+      throw Internal_Error("PK_Signer: Invalid signature format enum");
+   }
+
 std::vector<uint8_t> PK_Signer::signature(RandomNumberGenerator& rng)
    {
    const std::vector<uint8_t> sig = unlock(m_op->sign(rng));
diff --git a/src/lib/pubkey/pubkey.h b/src/lib/pubkey/pubkey.h
index 64bb1cc9e..8328861fd 100644
--- a/src/lib/pubkey/pubkey.h
+++ b/src/lib/pubkey/pubkey.h
@@ -264,11 +264,19 @@ class BOTAN_PUBLIC_API(2,0) PK_Signer final
       */
       std::vector<uint8_t> signature(RandomNumberGenerator& rng);
 
+
       /**
       * Set the output format of the signature.
       * @param format the signature format to use
       */
       void set_output_format(Signature_Format format) { m_sig_format = format; }
+
+      /**
+      * Return an upper bound on the length of the signatures this
+      * PK_Signer will produce
+      */
+      size_t signature_length() const;
+
    private:
       std::unique_ptr<PK_Ops::Signature> m_op;
       Signature_Format m_sig_format;
diff --git a/src/lib/pubkey/rsa/rsa.cpp b/src/lib/pubkey/rsa/rsa.cpp
index eb4c612ae..eefbea869 100644
--- a/src/lib/pubkey/rsa/rsa.cpp
+++ b/src/lib/pubkey/rsa/rsa.cpp
@@ -298,6 +298,8 @@ class RSA_Signature_Operation final : public PK_Ops::Signature_with_EMSA,
 
       size_t max_input_bits() const override { return get_max_input_bits(); }
 
+      size_t signature_length() const override { return m_key.get_n().bytes(); }
+
       RSA_Signature_Operation(const RSA_PrivateKey& rsa, const std::string& emsa, RandomNumberGenerator& rng) :
          PK_Ops::Signature_with_EMSA(emsa),
          RSA_Private_Operation(rsa, rng)
diff --git a/src/lib/pubkey/sm2/sm2.cpp b/src/lib/pubkey/sm2/sm2.cpp
index c042693b3..45b14dac6 100644
--- a/src/lib/pubkey/sm2/sm2.cpp
+++ b/src/lib/pubkey/sm2/sm2.cpp
@@ -98,6 +98,8 @@ class SM2_Signature_Operation final : public PK_Ops::Signature
          m_hash->update(m_za);
          }
 
+      size_t signature_length() const override { return 2*m_group.get_order_bytes(); }
+
       void update(const uint8_t msg[], size_t msg_len) override
          {
          m_hash->update(msg, msg_len);
diff --git a/src/lib/pubkey/xmss/xmss_signature_operation.cpp b/src/lib/pubkey/xmss/xmss_signature_operation.cpp
index c3e43bfc9..d6a57bb08 100644
--- a/src/lib/pubkey/xmss/xmss_signature_operation.cpp
+++ b/src/lib/pubkey/xmss/xmss_signature_operation.cpp
@@ -52,6 +52,12 @@ XMSS_Signature_Operation::sign(const secure_vector<uint8_t>& msg_hash,
    return sig;
    }
 
+size_t XMSS_Signature_Operation::signature_length() const
+   {
+   // TODO bound this by the params
+   return 128*1024;
+   }
+
 wots_keysig_t
 XMSS_Signature_Operation::build_auth_path(XMSS_PrivateKey& priv_key,
       XMSS_Address& adrs)
diff --git a/src/lib/pubkey/xmss/xmss_signature_operation.h b/src/lib/pubkey/xmss/xmss_signature_operation.h
index 5c1a14662..a1c395fa6 100644
--- a/src/lib/pubkey/xmss/xmss_signature_operation.h
+++ b/src/lib/pubkey/xmss/xmss_signature_operation.h
@@ -48,6 +48,8 @@ class XMSS_Signature_Operation final : public virtual PK_Ops::Signature,
 
       void update(const uint8_t msg[], size_t msg_len) override;
 
+      size_t signature_length() const override;
+
    private:
       /**
        * Algorithm 11: "treeSig"
author	Jack Lloyd <[email protected]>	2018-08-09 14:05:29 -0400
committer	Jack Lloyd <[email protected]>	2018-08-10 10:12:49 -0400
commit	1e18edf2673519c8f8c01dbbaacc5a189f0c0a92 (patch)
tree	40a7c64752842ce9298de220860af38fe80bb882 /src/lib/pubkey
parent	fe242c20a01ae2e8a4589c353cdbc080ae629487 (diff)