diff options
| author | lloyd <[email protected]> | 2010-03-09 02:39:31 +0000 |
|---|---|---|
| committer | lloyd <[email protected]> | 2010-03-09 02:39:31 +0000 |
| commit | 4a9afbb99bb73e43bcb3a30379d6a2dd59dae76a (patch) | |
| tree | 4f7a362be278ed63828afeae56444afcbf0b2dac /src/pubkey/rw | |
| parent | a4df64935b788e541206547d5d85665c191e2f5f (diff) | |
Deconstify PK_Ops. It's quite reasonable that some op will want to
precompute only as needed, or will want to access some other expensive
resource or etc.
Change how the secret for generating blinding is done in cases where a
PRNG isn't available. Use the operations public op to hide the secret,
for instance the seed for a DH blinding variable is 2^x mod p.
Make use of being able to mutate internal structures in the RW signer,
since that does have access to a PRNG, so use it to initialize the
blinder on first call to sign().
Diffstat (limited to 'src/pubkey/rw')
| -rw-r--r-- | src/pubkey/rw/rw.cpp | 15 | ||||
| -rw-r--r-- | src/pubkey/rw/rw.h | 7 |
2 files changed, 14 insertions, 8 deletions
diff --git a/src/pubkey/rw/rw.cpp b/src/pubkey/rw/rw.cpp index af2b849ff..508244112 100644 --- a/src/pubkey/rw/rw.cpp +++ b/src/pubkey/rw/rw.cpp @@ -74,21 +74,26 @@ bool RW_PrivateKey::check_key(RandomNumberGenerator& rng, bool strong) const } RW_Signature_Operation::RW_Signature_Operation(const RW_PrivateKey& rw) : + n(rw.get_n()), + e(rw.get_e()), q(rw.get_q()), c(rw.get_c()), - n(rw.get_n()), powermod_d1_p(rw.get_d1(), rw.get_p()), powermod_d2_q(rw.get_d2(), rw.get_q()), mod_p(rw.get_p()) { - BigInt k = Blinder::choose_nonce(rw.get_d(), n); - blinder = Blinder(power_mod(k, rw.get_e(), n), inverse_mod(k, n), n); } SecureVector<byte> RW_Signature_Operation::sign(const byte msg[], u32bit msg_len, - RandomNumberGenerator&) const + RandomNumberGenerator& rng) { + if(!blinder.initialized()) + { + BigInt k(rng, n.bits() / 2); + blinder = Blinder(power_mod(k, e, n), inverse_mod(k, n), n); + } + BigInt i(msg, msg_len); if(i >= n || i % 16 != 12) @@ -111,7 +116,7 @@ RW_Signature_Operation::sign(const byte msg[], u32bit msg_len, } SecureVector<byte> -RW_Verification_Operation::verify_mr(const byte msg[], u32bit msg_len) const +RW_Verification_Operation::verify_mr(const byte msg[], u32bit msg_len) { BigInt m(msg, msg_len); diff --git a/src/pubkey/rw/rw.h b/src/pubkey/rw/rw.h index 25e7be634..3ca9bb722 100644 --- a/src/pubkey/rw/rw.h +++ b/src/pubkey/rw/rw.h @@ -66,11 +66,12 @@ class BOTAN_DLL RW_Signature_Operation : public PK_Ops::Signature u32bit max_input_bits() const { return (n.bits() - 1); } SecureVector<byte> sign(const byte msg[], u32bit msg_len, - RandomNumberGenerator& rng) const; + RandomNumberGenerator& rng); private: + const BigInt& n; + const BigInt& e; const BigInt& q; const BigInt& c; - const BigInt& n; Fixed_Exponent_Power_Mod powermod_d1_p, powermod_d2_q; Modular_Reducer mod_p; @@ -87,7 +88,7 @@ class BOTAN_DLL RW_Verification_Operation : public PK_Ops::Verification u32bit max_input_bits() const { return (n.bits() - 1); } bool with_recovery() const { return true; } - SecureVector<byte> verify_mr(const byte msg[], u32bit msg_len) const; + SecureVector<byte> verify_mr(const byte msg[], u32bit msg_len); private: const BigInt& n; |