aboutsummaryrefslogtreecommitdiffstats
path: root/src/lib
diff options
context:
space:
mode:
authorRené Korthaus <[email protected]>2016-04-13 17:15:36 +0200
committerRené Korthaus <[email protected]>2016-05-08 13:38:46 +0200
commit7a9d0d6630c02c5b8e1123300fc7e74a12c24a03 (patch)
tree49856f48c372f101486f173c05360764e4705cec /src/lib
parent5dd6fbc45b356fa34717e77bc252392016baf8a9 (diff)
Add support probabilistic DSA & ECDSA
Adds support for probabilistic, aka the standard, DSA and ECDSA. Can be enabled by disabling the rfc6979 module. Includes test vectors from NIST CAVP. Adds rfc6979 to the list of prohibited modules in BSI policy.
Diffstat (limited to 'src/lib')
-rw-r--r--src/lib/pubkey/dsa/dsa.cpp17
-rw-r--r--src/lib/pubkey/dsa/info.txt1
-rw-r--r--src/lib/pubkey/ecdsa/ecdsa.cpp15
-rw-r--r--src/lib/pubkey/ecdsa/info.txt1
4 files changed, 23 insertions, 11 deletions
diff --git a/src/lib/pubkey/dsa/dsa.cpp b/src/lib/pubkey/dsa/dsa.cpp
index 471189cd8..c7d44c73a 100644
--- a/src/lib/pubkey/dsa/dsa.cpp
+++ b/src/lib/pubkey/dsa/dsa.cpp
@@ -1,6 +1,7 @@
/*
* DSA
* (C) 1999-2010,2014 Jack Lloyd
+* (C) 2016 René Korthaus
*
* Botan is released under the Simplified BSD License (see license.txt)
*/
@@ -10,7 +11,9 @@
#include <botan/keypair.h>
#include <botan/pow_mod.h>
#include <botan/reducer.h>
-#include <botan/rfc6979.h>
+#if defined(BOTAN_HAS_RFC6979_GENERATOR)
+ #include <botan/rfc6979.h>
+#endif
#include <future>
namespace Botan {
@@ -84,7 +87,7 @@ class DSA_Signature_Operation : public PK_Ops::Signature_with_EMSA
m_x(dsa.get_x()),
m_powermod_g_p(dsa.group_g(), dsa.group_p()),
m_mod_q(dsa.group_q()),
- m_hash(hash_for_deterministic_signature(emsa))
+ m_emsa(emsa)
{
}
@@ -99,19 +102,23 @@ class DSA_Signature_Operation : public PK_Ops::Signature_with_EMSA
const BigInt& m_x;
Fixed_Base_Power_Mod m_powermod_g_p;
Modular_Reducer m_mod_q;
- std::string m_hash;
+ std::string m_emsa;
};
secure_vector<byte>
DSA_Signature_Operation::raw_sign(const byte msg[], size_t msg_len,
- RandomNumberGenerator&)
+ RandomNumberGenerator& rng)
{
BigInt i(msg, msg_len);
while(i >= m_q)
i -= m_q;
- const BigInt k = generate_rfc6979_nonce(m_x, m_q, i, m_hash);
+#if defined(BOTAN_HAS_RFC6979_GENERATOR)
+ const BigInt k = generate_rfc6979_nonce(m_x, m_q, i, hash_for_deterministic_signature(m_emsa));
+#else
+ const BigInt k = BigInt::random_integer(rng, 1, m_q);
+#endif
auto future_r = std::async(std::launch::async,
[&]() { return m_mod_q.reduce(m_powermod_g_p(k)); });
diff --git a/src/lib/pubkey/dsa/info.txt b/src/lib/pubkey/dsa/info.txt
index 6e0259ce2..94802ed59 100644
--- a/src/lib/pubkey/dsa/info.txt
+++ b/src/lib/pubkey/dsa/info.txt
@@ -5,5 +5,4 @@ dl_algo
dl_group
keypair
numbertheory
-rfc6979
</requires>
diff --git a/src/lib/pubkey/ecdsa/ecdsa.cpp b/src/lib/pubkey/ecdsa/ecdsa.cpp
index 4a4b0c037..53b5982e0 100644
--- a/src/lib/pubkey/ecdsa/ecdsa.cpp
+++ b/src/lib/pubkey/ecdsa/ecdsa.cpp
@@ -3,6 +3,7 @@
* (C) 2007 Manuel Hartl, FlexSecure GmbH
* 2007 Falko Strenzke, FlexSecure GmbH
* 2008-2010,2015 Jack Lloyd
+* 2016 René Korthaus
*
* Botan is released under the Simplified BSD License (see license.txt)
*/
@@ -10,7 +11,9 @@
#include <botan/internal/pk_utils.h>
#include <botan/ecdsa.h>
#include <botan/keypair.h>
-#include <botan/rfc6979.h>
+#if defined(BOTAN_HAS_RFC6979_GENERATOR)
+ #include <botan/rfc6979.h>
+#endif
namespace Botan {
@@ -43,7 +46,7 @@ class ECDSA_Signature_Operation : public PK_Ops::Signature_with_EMSA
m_base_point(ecdsa.domain().get_base_point(), m_order),
m_x(ecdsa.private_value()),
m_mod_order(m_order),
- m_hash(hash_for_deterministic_signature(emsa))
+ m_emsa(emsa)
{
}
@@ -59,7 +62,7 @@ class ECDSA_Signature_Operation : public PK_Ops::Signature_with_EMSA
Blinded_Point_Multiply m_base_point;
const BigInt& m_x;
Modular_Reducer m_mod_order;
- std::string m_hash;
+ std::string m_emsa;
};
secure_vector<byte>
@@ -68,7 +71,11 @@ ECDSA_Signature_Operation::raw_sign(const byte msg[], size_t msg_len,
{
const BigInt m(msg, msg_len);
- const BigInt k = generate_rfc6979_nonce(m_x, m_order, m, m_hash);
+#if defined(BOTAN_HAS_RFC6979_GENERATOR)
+ const BigInt k = generate_rfc6979_nonce(m_x, m_order, m, hash_for_deterministic_signature(m_emsa));
+#else
+ const BigInt k = BigInt::random_integer(rng, 1, m_order);
+#endif
const PointGFp k_times_P = m_base_point.blinded_multiply(k, rng);
const BigInt r = m_mod_order.reduce(k_times_P.get_affine_x());
diff --git a/src/lib/pubkey/ecdsa/info.txt b/src/lib/pubkey/ecdsa/info.txt
index e7941d53d..e98913897 100644
--- a/src/lib/pubkey/ecdsa/info.txt
+++ b/src/lib/pubkey/ecdsa/info.txt
@@ -7,5 +7,4 @@ ecc_key
keypair
numbertheory
rng
-rfc6979
</requires>