diff options
author | René Korthaus <[email protected]> | 2016-04-13 17:15:36 +0200 |
---|---|---|
committer | René Korthaus <[email protected]> | 2016-05-08 13:38:46 +0200 |
commit | 7a9d0d6630c02c5b8e1123300fc7e74a12c24a03 (patch) | |
tree | 49856f48c372f101486f173c05360764e4705cec /src/lib | |
parent | 5dd6fbc45b356fa34717e77bc252392016baf8a9 (diff) |
Add support probabilistic DSA & ECDSA
Adds support for probabilistic, aka the standard, DSA and ECDSA.
Can be enabled by disabling the rfc6979 module.
Includes test vectors from NIST CAVP.
Adds rfc6979 to the list of prohibited modules in BSI policy.
Diffstat (limited to 'src/lib')
-rw-r--r-- | src/lib/pubkey/dsa/dsa.cpp | 17 | ||||
-rw-r--r-- | src/lib/pubkey/dsa/info.txt | 1 | ||||
-rw-r--r-- | src/lib/pubkey/ecdsa/ecdsa.cpp | 15 | ||||
-rw-r--r-- | src/lib/pubkey/ecdsa/info.txt | 1 |
4 files changed, 23 insertions, 11 deletions
diff --git a/src/lib/pubkey/dsa/dsa.cpp b/src/lib/pubkey/dsa/dsa.cpp index 471189cd8..c7d44c73a 100644 --- a/src/lib/pubkey/dsa/dsa.cpp +++ b/src/lib/pubkey/dsa/dsa.cpp @@ -1,6 +1,7 @@ /* * DSA * (C) 1999-2010,2014 Jack Lloyd +* (C) 2016 René Korthaus * * Botan is released under the Simplified BSD License (see license.txt) */ @@ -10,7 +11,9 @@ #include <botan/keypair.h> #include <botan/pow_mod.h> #include <botan/reducer.h> -#include <botan/rfc6979.h> +#if defined(BOTAN_HAS_RFC6979_GENERATOR) + #include <botan/rfc6979.h> +#endif #include <future> namespace Botan { @@ -84,7 +87,7 @@ class DSA_Signature_Operation : public PK_Ops::Signature_with_EMSA m_x(dsa.get_x()), m_powermod_g_p(dsa.group_g(), dsa.group_p()), m_mod_q(dsa.group_q()), - m_hash(hash_for_deterministic_signature(emsa)) + m_emsa(emsa) { } @@ -99,19 +102,23 @@ class DSA_Signature_Operation : public PK_Ops::Signature_with_EMSA const BigInt& m_x; Fixed_Base_Power_Mod m_powermod_g_p; Modular_Reducer m_mod_q; - std::string m_hash; + std::string m_emsa; }; secure_vector<byte> DSA_Signature_Operation::raw_sign(const byte msg[], size_t msg_len, - RandomNumberGenerator&) + RandomNumberGenerator& rng) { BigInt i(msg, msg_len); while(i >= m_q) i -= m_q; - const BigInt k = generate_rfc6979_nonce(m_x, m_q, i, m_hash); +#if defined(BOTAN_HAS_RFC6979_GENERATOR) + const BigInt k = generate_rfc6979_nonce(m_x, m_q, i, hash_for_deterministic_signature(m_emsa)); +#else + const BigInt k = BigInt::random_integer(rng, 1, m_q); +#endif auto future_r = std::async(std::launch::async, [&]() { return m_mod_q.reduce(m_powermod_g_p(k)); }); diff --git a/src/lib/pubkey/dsa/info.txt b/src/lib/pubkey/dsa/info.txt index 6e0259ce2..94802ed59 100644 --- a/src/lib/pubkey/dsa/info.txt +++ b/src/lib/pubkey/dsa/info.txt @@ -5,5 +5,4 @@ dl_algo dl_group keypair numbertheory -rfc6979 </requires> diff --git a/src/lib/pubkey/ecdsa/ecdsa.cpp b/src/lib/pubkey/ecdsa/ecdsa.cpp index 4a4b0c037..53b5982e0 100644 --- a/src/lib/pubkey/ecdsa/ecdsa.cpp +++ b/src/lib/pubkey/ecdsa/ecdsa.cpp @@ -3,6 +3,7 @@ * (C) 2007 Manuel Hartl, FlexSecure GmbH * 2007 Falko Strenzke, FlexSecure GmbH * 2008-2010,2015 Jack Lloyd +* 2016 René Korthaus * * Botan is released under the Simplified BSD License (see license.txt) */ @@ -10,7 +11,9 @@ #include <botan/internal/pk_utils.h> #include <botan/ecdsa.h> #include <botan/keypair.h> -#include <botan/rfc6979.h> +#if defined(BOTAN_HAS_RFC6979_GENERATOR) + #include <botan/rfc6979.h> +#endif namespace Botan { @@ -43,7 +46,7 @@ class ECDSA_Signature_Operation : public PK_Ops::Signature_with_EMSA m_base_point(ecdsa.domain().get_base_point(), m_order), m_x(ecdsa.private_value()), m_mod_order(m_order), - m_hash(hash_for_deterministic_signature(emsa)) + m_emsa(emsa) { } @@ -59,7 +62,7 @@ class ECDSA_Signature_Operation : public PK_Ops::Signature_with_EMSA Blinded_Point_Multiply m_base_point; const BigInt& m_x; Modular_Reducer m_mod_order; - std::string m_hash; + std::string m_emsa; }; secure_vector<byte> @@ -68,7 +71,11 @@ ECDSA_Signature_Operation::raw_sign(const byte msg[], size_t msg_len, { const BigInt m(msg, msg_len); - const BigInt k = generate_rfc6979_nonce(m_x, m_order, m, m_hash); +#if defined(BOTAN_HAS_RFC6979_GENERATOR) + const BigInt k = generate_rfc6979_nonce(m_x, m_order, m, hash_for_deterministic_signature(m_emsa)); +#else + const BigInt k = BigInt::random_integer(rng, 1, m_order); +#endif const PointGFp k_times_P = m_base_point.blinded_multiply(k, rng); const BigInt r = m_mod_order.reduce(k_times_P.get_affine_x()); diff --git a/src/lib/pubkey/ecdsa/info.txt b/src/lib/pubkey/ecdsa/info.txt index e7941d53d..e98913897 100644 --- a/src/lib/pubkey/ecdsa/info.txt +++ b/src/lib/pubkey/ecdsa/info.txt @@ -7,5 +7,4 @@ ecc_key keypair numbertheory rng -rfc6979 </requires> |