diff options
author | Jack Lloyd <[email protected]> | 2016-06-07 08:41:44 -0400 |
---|---|---|
committer | Jack Lloyd <[email protected]> | 2016-06-07 08:41:44 -0400 |
commit | a025e78f737d171848cd9b83fe567f0763d890f4 (patch) | |
tree | 4feefc3e23dd001618a051d1b07f149ccfa54795 /src/lib | |
parent | 67a215deb593c6850992537cb6cb3f55ab65a6ab (diff) | |
parent | 7a9d0d6630c02c5b8e1123300fc7e74a12c24a03 (diff) |
Merge GH #489 Add support probabilistic DSA & ECDSA
Diffstat (limited to 'src/lib')
-rw-r--r-- | src/lib/pubkey/dsa/dsa.cpp | 17 | ||||
-rw-r--r-- | src/lib/pubkey/dsa/info.txt | 1 | ||||
-rw-r--r-- | src/lib/pubkey/ecdsa/ecdsa.cpp | 15 | ||||
-rw-r--r-- | src/lib/pubkey/ecdsa/info.txt | 1 |
4 files changed, 23 insertions, 11 deletions
diff --git a/src/lib/pubkey/dsa/dsa.cpp b/src/lib/pubkey/dsa/dsa.cpp index 471189cd8..c7d44c73a 100644 --- a/src/lib/pubkey/dsa/dsa.cpp +++ b/src/lib/pubkey/dsa/dsa.cpp @@ -1,6 +1,7 @@ /* * DSA * (C) 1999-2010,2014 Jack Lloyd +* (C) 2016 René Korthaus * * Botan is released under the Simplified BSD License (see license.txt) */ @@ -10,7 +11,9 @@ #include <botan/keypair.h> #include <botan/pow_mod.h> #include <botan/reducer.h> -#include <botan/rfc6979.h> +#if defined(BOTAN_HAS_RFC6979_GENERATOR) + #include <botan/rfc6979.h> +#endif #include <future> namespace Botan { @@ -84,7 +87,7 @@ class DSA_Signature_Operation : public PK_Ops::Signature_with_EMSA m_x(dsa.get_x()), m_powermod_g_p(dsa.group_g(), dsa.group_p()), m_mod_q(dsa.group_q()), - m_hash(hash_for_deterministic_signature(emsa)) + m_emsa(emsa) { } @@ -99,19 +102,23 @@ class DSA_Signature_Operation : public PK_Ops::Signature_with_EMSA const BigInt& m_x; Fixed_Base_Power_Mod m_powermod_g_p; Modular_Reducer m_mod_q; - std::string m_hash; + std::string m_emsa; }; secure_vector<byte> DSA_Signature_Operation::raw_sign(const byte msg[], size_t msg_len, - RandomNumberGenerator&) + RandomNumberGenerator& rng) { BigInt i(msg, msg_len); while(i >= m_q) i -= m_q; - const BigInt k = generate_rfc6979_nonce(m_x, m_q, i, m_hash); +#if defined(BOTAN_HAS_RFC6979_GENERATOR) + const BigInt k = generate_rfc6979_nonce(m_x, m_q, i, hash_for_deterministic_signature(m_emsa)); +#else + const BigInt k = BigInt::random_integer(rng, 1, m_q); +#endif auto future_r = std::async(std::launch::async, [&]() { return m_mod_q.reduce(m_powermod_g_p(k)); }); diff --git a/src/lib/pubkey/dsa/info.txt b/src/lib/pubkey/dsa/info.txt index 6e0259ce2..94802ed59 100644 --- a/src/lib/pubkey/dsa/info.txt +++ b/src/lib/pubkey/dsa/info.txt @@ -5,5 +5,4 @@ dl_algo dl_group keypair numbertheory -rfc6979 </requires> diff --git a/src/lib/pubkey/ecdsa/ecdsa.cpp b/src/lib/pubkey/ecdsa/ecdsa.cpp index 4a4b0c037..53b5982e0 100644 --- a/src/lib/pubkey/ecdsa/ecdsa.cpp +++ b/src/lib/pubkey/ecdsa/ecdsa.cpp @@ -3,6 +3,7 @@ * (C) 2007 Manuel Hartl, FlexSecure GmbH * 2007 Falko Strenzke, FlexSecure GmbH * 2008-2010,2015 Jack Lloyd +* 2016 René Korthaus * * Botan is released under the Simplified BSD License (see license.txt) */ @@ -10,7 +11,9 @@ #include <botan/internal/pk_utils.h> #include <botan/ecdsa.h> #include <botan/keypair.h> -#include <botan/rfc6979.h> +#if defined(BOTAN_HAS_RFC6979_GENERATOR) + #include <botan/rfc6979.h> +#endif namespace Botan { @@ -43,7 +46,7 @@ class ECDSA_Signature_Operation : public PK_Ops::Signature_with_EMSA m_base_point(ecdsa.domain().get_base_point(), m_order), m_x(ecdsa.private_value()), m_mod_order(m_order), - m_hash(hash_for_deterministic_signature(emsa)) + m_emsa(emsa) { } @@ -59,7 +62,7 @@ class ECDSA_Signature_Operation : public PK_Ops::Signature_with_EMSA Blinded_Point_Multiply m_base_point; const BigInt& m_x; Modular_Reducer m_mod_order; - std::string m_hash; + std::string m_emsa; }; secure_vector<byte> @@ -68,7 +71,11 @@ ECDSA_Signature_Operation::raw_sign(const byte msg[], size_t msg_len, { const BigInt m(msg, msg_len); - const BigInt k = generate_rfc6979_nonce(m_x, m_order, m, m_hash); +#if defined(BOTAN_HAS_RFC6979_GENERATOR) + const BigInt k = generate_rfc6979_nonce(m_x, m_order, m, hash_for_deterministic_signature(m_emsa)); +#else + const BigInt k = BigInt::random_integer(rng, 1, m_order); +#endif const PointGFp k_times_P = m_base_point.blinded_multiply(k, rng); const BigInt r = m_mod_order.reduce(k_times_P.get_affine_x()); diff --git a/src/lib/pubkey/ecdsa/info.txt b/src/lib/pubkey/ecdsa/info.txt index e7941d53d..e98913897 100644 --- a/src/lib/pubkey/ecdsa/info.txt +++ b/src/lib/pubkey/ecdsa/info.txt @@ -7,5 +7,4 @@ ecc_key keypair numbertheory rng -rfc6979 </requires> |