diff options
| author | lloyd <[email protected]> | 2010-03-09 02:39:31 +0000 |
|---|---|---|
| committer | lloyd <[email protected]> | 2010-03-09 02:39:31 +0000 |
| commit | 4a9afbb99bb73e43bcb3a30379d6a2dd59dae76a (patch) | |
| tree | 4f7a362be278ed63828afeae56444afcbf0b2dac /src | |
| parent | a4df64935b788e541206547d5d85665c191e2f5f (diff) | |
Deconstify PK_Ops. It's quite reasonable that some op will want to
precompute only as needed, or will want to access some other expensive
resource or etc.
Change how the secret for generating blinding is done in cases where a
PRNG isn't available. Use the operations public op to hide the secret,
for instance the seed for a DH blinding variable is 2^x mod p.
Make use of being able to mutate internal structures in the RW signer,
since that does have access to a PRNG, so use it to initialize the
blinder on first call to sign().
Diffstat (limited to 'src')
| -rw-r--r-- | src/engine/gnump/gnump_pk.cpp | 18 | ||||
| -rw-r--r-- | src/engine/openssl/openssl_pk.cpp | 20 | ||||
| -rw-r--r-- | src/math/numbertheory/pow_mod.cpp | 2 | ||||
| -rw-r--r-- | src/pubkey/blinding.h | 2 | ||||
| -rw-r--r-- | src/pubkey/dh/dh.cpp | 4 | ||||
| -rw-r--r-- | src/pubkey/dh/dh.h | 2 | ||||
| -rw-r--r-- | src/pubkey/dsa/dsa.cpp | 4 | ||||
| -rw-r--r-- | src/pubkey/dsa/dsa.h | 4 | ||||
| -rw-r--r-- | src/pubkey/ecdh/ecdh.cpp | 37 | ||||
| -rw-r--r-- | src/pubkey/ecdh/ecdh.h | 21 | ||||
| -rw-r--r-- | src/pubkey/ecdsa/ecdsa.cpp | 4 | ||||
| -rw-r--r-- | src/pubkey/ecdsa/ecdsa.h | 4 | ||||
| -rw-r--r-- | src/pubkey/elgamal/elgamal.cpp | 6 | ||||
| -rw-r--r-- | src/pubkey/elgamal/elgamal.h | 4 | ||||
| -rw-r--r-- | src/pubkey/nr/nr.cpp | 4 | ||||
| -rw-r--r-- | src/pubkey/nr/nr.h | 4 | ||||
| -rw-r--r-- | src/pubkey/pk_ops.h | 15 | ||||
| -rw-r--r-- | src/pubkey/pubkey.h | 4 | ||||
| -rw-r--r-- | src/pubkey/rsa/rsa.cpp | 11 | ||||
| -rw-r--r-- | src/pubkey/rsa/rsa.h | 8 | ||||
| -rw-r--r-- | src/pubkey/rw/rw.cpp | 15 | ||||
| -rw-r--r-- | src/pubkey/rw/rw.h | 7 |
22 files changed, 79 insertions, 121 deletions
diff --git a/src/engine/gnump/gnump_pk.cpp b/src/engine/gnump/gnump_pk.cpp index 3ca1f25ff..8d003a5d4 100644 --- a/src/engine/gnump/gnump_pk.cpp +++ b/src/engine/gnump/gnump_pk.cpp @@ -50,7 +50,7 @@ class GMP_DH_KA_Operation : public PK_Ops::Key_Agreement GMP_DH_KA_Operation(const DH_PrivateKey& dh) : x(dh.get_x()), p(dh.group_p()) {} - SecureVector<byte> agree(const byte w[], u32bit w_len) const + SecureVector<byte> agree(const byte w[], u32bit w_len) { GMP_MPZ z(w, w_len); mpz_powm(z.value, z.value, x.value, p.value); @@ -79,7 +79,7 @@ class GMP_DSA_Signature_Operation : public PK_Ops::Signature u32bit max_input_bits() const { return q_bits; } SecureVector<byte> sign(const byte msg[], u32bit msg_len, - RandomNumberGenerator& rng) const; + RandomNumberGenerator& rng); private: const GMP_MPZ x, p, q, g; u32bit q_bits; @@ -87,7 +87,7 @@ class GMP_DSA_Signature_Operation : public PK_Ops::Signature SecureVector<byte> GMP_DSA_Signature_Operation::sign(const byte msg[], u32bit msg_len, - RandomNumberGenerator& rng) const + RandomNumberGenerator& rng) { const u32bit q_bytes = (q_bits + 7) / 8; @@ -139,14 +139,14 @@ class GMP_DSA_Verification_Operation : public PK_Ops::Verification bool with_recovery() const { return false; } bool verify(const byte msg[], u32bit msg_len, - const byte sig[], u32bit sig_len) const; + const byte sig[], u32bit sig_len); private: const GMP_MPZ y, p, q, g; u32bit q_bits; }; bool GMP_DSA_Verification_Operation::verify(const byte msg[], u32bit msg_len, - const byte sig[], u32bit sig_len) const + const byte sig[], u32bit sig_len) { const u32bit q_bytes = q.bytes(); @@ -205,14 +205,14 @@ class GMP_RSA_Private_Operation : public PK_Ops::Signature, u32bit max_input_bits() const { return (n_bits - 1); } SecureVector<byte> sign(const byte msg[], u32bit msg_len, - RandomNumberGenerator& rng) const + RandomNumberGenerator&) { BigInt m(msg, msg_len); BigInt x = private_op(m); return BigInt::encode_1363(x, (n_bits + 7) / 8); } - SecureVector<byte> decrypt(const byte msg[], u32bit msg_len) const + SecureVector<byte> decrypt(const byte msg[], u32bit msg_len) { BigInt m(msg, msg_len); return BigInt::encode(private_op(m)); @@ -251,13 +251,13 @@ class GMP_RSA_Public_Operation : public PK_Ops::Verification, bool with_recovery() const { return true; } SecureVector<byte> encrypt(const byte msg[], u32bit msg_len, - RandomNumberGenerator&) const + RandomNumberGenerator&) { BigInt m(msg, msg_len); return BigInt::encode_1363(public_op(m), n.bytes()); } - SecureVector<byte> verify_mr(const byte msg[], u32bit msg_len) const + SecureVector<byte> verify_mr(const byte msg[], u32bit msg_len) { BigInt m(msg, msg_len); return BigInt::encode(public_op(m)); diff --git a/src/engine/openssl/openssl_pk.cpp b/src/engine/openssl/openssl_pk.cpp index ebc2bdd82..8b8e83ebe 100644 --- a/src/engine/openssl/openssl_pk.cpp +++ b/src/engine/openssl/openssl_pk.cpp @@ -43,7 +43,7 @@ class OSSL_DH_KA_Operation : public PK_Ops::Key_Agreement OSSL_DH_KA_Operation(const DH_PrivateKey& dh) : x(dh.get_x()), p(dh.group_p()) {} - SecureVector<byte> agree(const byte w[], u32bit w_len) const + SecureVector<byte> agree(const byte w[], u32bit w_len) { OSSL_BN i(w, w_len), r; BN_mod_exp(r.value, i.value, x.value, p.value, ctx.value); @@ -73,7 +73,7 @@ class OSSL_DSA_Signature_Operation : public PK_Ops::Signature u32bit max_input_bits() const { return q_bits; } SecureVector<byte> sign(const byte msg[], u32bit msg_len, - RandomNumberGenerator& rng) const; + RandomNumberGenerator& rng); private: const OSSL_BN x, p, q, g; const OSSL_BN_CTX ctx; @@ -82,7 +82,7 @@ class OSSL_DSA_Signature_Operation : public PK_Ops::Signature SecureVector<byte> OSSL_DSA_Signature_Operation::sign(const byte msg[], u32bit msg_len, - RandomNumberGenerator& rng) const + RandomNumberGenerator& rng) { const u32bit q_bytes = (q_bits + 7) / 8; @@ -133,7 +133,7 @@ class OSSL_DSA_Verification_Operation : public PK_Ops::Verification bool with_recovery() const { return false; } bool verify(const byte msg[], u32bit msg_len, - const byte sig[], u32bit sig_len) const; + const byte sig[], u32bit sig_len); private: const OSSL_BN y, p, q, g; const OSSL_BN_CTX ctx; @@ -141,7 +141,7 @@ class OSSL_DSA_Verification_Operation : public PK_Ops::Verification }; bool OSSL_DSA_Verification_Operation::verify(const byte msg[], u32bit msg_len, - const byte sig[], u32bit sig_len) const + const byte sig[], u32bit sig_len) { const u32bit q_bytes = q.bytes(); @@ -199,14 +199,14 @@ class OSSL_RSA_Private_Operation : public PK_Ops::Signature, u32bit max_input_bits() const { return (n_bits - 1); } SecureVector<byte> sign(const byte msg[], u32bit msg_len, - RandomNumberGenerator& rng) const + RandomNumberGenerator& rng) { BigInt m(msg, msg_len); BigInt x = private_op(m); return BigInt::encode_1363(x, (n_bits + 7) / 8); } - SecureVector<byte> decrypt(const byte msg[], u32bit msg_len) const + SecureVector<byte> decrypt(const byte msg[], u32bit msg_len) { BigInt m(msg, msg_len); return BigInt::encode(private_op(m)); @@ -234,7 +234,7 @@ BigInt OSSL_RSA_Private_Operation::private_op(const BigInt& m) const } class OSSL_RSA_Public_Operation : public PK_Ops::Verification, - public PK_Ops::Encryption + public PK_Ops::Encryption { public: OSSL_RSA_Public_Operation(const RSA_PublicKey& rsa) : @@ -245,13 +245,13 @@ class OSSL_RSA_Public_Operation : public PK_Ops::Verification, bool with_recovery() const { return true; } SecureVector<byte> encrypt(const byte msg[], u32bit msg_len, - RandomNumberGenerator&) const + RandomNumberGenerator&) { BigInt m(msg, msg_len); return BigInt::encode_1363(public_op(m), n.bytes()); } - SecureVector<byte> verify_mr(const byte msg[], u32bit msg_len) const + SecureVector<byte> verify_mr(const byte msg[], u32bit msg_len) { BigInt m(msg, msg_len); return BigInt::encode(public_op(m)); diff --git a/src/math/numbertheory/pow_mod.cpp b/src/math/numbertheory/pow_mod.cpp index 96c978d68..5ab5638ea 100644 --- a/src/math/numbertheory/pow_mod.cpp +++ b/src/math/numbertheory/pow_mod.cpp @@ -114,7 +114,7 @@ BigInt Power_Mod::execute() const /* * Try to choose a good window size */ -u32bit Power_Mod::window_bits(u32bit exp_bits, u32bit base_bits, +u32bit Power_Mod::window_bits(u32bit exp_bits, u32bit, Power_Mod::Usage_Hints hints) { static const u32bit wsize[][2] = { diff --git a/src/pubkey/blinding.h b/src/pubkey/blinding.h index d1d9a8875..3398f8c6f 100644 --- a/src/pubkey/blinding.h +++ b/src/pubkey/blinding.h @@ -22,6 +22,8 @@ class BOTAN_DLL Blinder BigInt blind(const BigInt& x) const; BigInt unblind(const BigInt& x) const; + bool initialized() const { return reducer.initialized(); } + /** * Choose a nonce to use for blinding * @param x a secret seed value diff --git a/src/pubkey/dh/dh.cpp b/src/pubkey/dh/dh.cpp index a99506250..b491be7bc 100644 --- a/src/pubkey/dh/dh.cpp +++ b/src/pubkey/dh/dh.cpp @@ -78,11 +78,11 @@ MemoryVector<byte> DH_PrivateKey::public_value() const DH_KA_Operation::DH_KA_Operation(const DH_PrivateKey& dh) : p(dh.group_p()), powermod_x_p(dh.get_x(), p) { - BigInt k = Blinder::choose_nonce(dh.get_x(), p); + BigInt k = Blinder::choose_nonce(powermod_x_p(2), p); blinder = Blinder(k, powermod_x_p(inverse_mod(k, p)), p); } -SecureVector<byte> DH_KA_Operation::agree(const byte w[], u32bit w_len) const +SecureVector<byte> DH_KA_Operation::agree(const byte w[], u32bit w_len) { BigInt input = BigInt::decode(w, w_len); diff --git a/src/pubkey/dh/dh.h b/src/pubkey/dh/dh.h index 0cc2aaabc..738b3f9c4 100644 --- a/src/pubkey/dh/dh.h +++ b/src/pubkey/dh/dh.h @@ -80,7 +80,7 @@ class BOTAN_DLL DH_KA_Operation : public PK_Ops::Key_Agreement public: DH_KA_Operation(const DH_PrivateKey& key); - SecureVector<byte> agree(const byte w[], u32bit w_len) const; + SecureVector<byte> agree(const byte w[], u32bit w_len); private: const BigInt& p; diff --git a/src/pubkey/dsa/dsa.cpp b/src/pubkey/dsa/dsa.cpp index bd9641856..feac712b8 100644 --- a/src/pubkey/dsa/dsa.cpp +++ b/src/pubkey/dsa/dsa.cpp @@ -86,7 +86,7 @@ DSA_Signature_Operation::DSA_Signature_Operation(const DSA_PrivateKey& dsa) : SecureVector<byte> DSA_Signature_Operation::sign(const byte msg[], u32bit msg_len, - RandomNumberGenerator& rng) const + RandomNumberGenerator& rng) { rng.add_entropy(msg, msg_len); @@ -119,7 +119,7 @@ DSA_Verification_Operation::DSA_Verification_Operation(const DSA_PublicKey& dsa) } bool DSA_Verification_Operation::verify(const byte msg[], u32bit msg_len, - const byte sig[], u32bit sig_len) const + const byte sig[], u32bit sig_len) { const BigInt& q = mod_q.get_modulus(); diff --git a/src/pubkey/dsa/dsa.h b/src/pubkey/dsa/dsa.h index a57cbfcae..8121cfbbc 100644 --- a/src/pubkey/dsa/dsa.h +++ b/src/pubkey/dsa/dsa.h @@ -67,7 +67,7 @@ class BOTAN_DLL DSA_Signature_Operation : public PK_Ops::Signature u32bit max_input_bits() const { return q.bits(); } SecureVector<byte> sign(const byte msg[], u32bit msg_len, - RandomNumberGenerator& rng) const; + RandomNumberGenerator& rng); private: const BigInt& q; const BigInt& x; @@ -87,7 +87,7 @@ class BOTAN_DLL DSA_Verification_Operation : public PK_Ops::Verification bool with_recovery() const { return false; } bool verify(const byte msg[], u32bit msg_len, - const byte sig[], u32bit sig_len) const; + const byte sig[], u32bit sig_len); private: const BigInt& q; const BigInt& y; diff --git a/src/pubkey/ecdh/ecdh.cpp b/src/pubkey/ecdh/ecdh.cpp index d3688fa5c..bf8a57b3b 100644 --- a/src/pubkey/ecdh/ecdh.cpp +++ b/src/pubkey/ecdh/ecdh.cpp @@ -19,7 +19,7 @@ ECDH_KA_Operation::ECDH_KA_Operation(const ECDH_PrivateKey& key) : key.private_value(); } -SecureVector<byte> ECDH_KA_Operation::agree(const byte w[], u32bit w_len) const +SecureVector<byte> ECDH_KA_Operation::agree(const byte w[], u32bit w_len) { PointGFp point = OS2ECP(w, w_len, curve); @@ -30,39 +30,4 @@ SecureVector<byte> ECDH_KA_Operation::agree(const byte w[], u32bit w_len) const curve.get_p().bytes()); } -/** -* Derive a key -*/ -SecureVector<byte> ECDH_PrivateKey::derive_key(const byte key[], - u32bit key_len) const - { - PointGFp point = OS2ECP(key, key_len, public_point().get_curve()); - return derive_key(point); - } - -/** -* Derive a key -*/ -SecureVector<byte> ECDH_PrivateKey::derive_key(const ECDH_PublicKey& key) const - { - return derive_key(key.public_point()); - } - -/** -* Derive a key -*/ -SecureVector<byte> ECDH_PrivateKey::derive_key(const PointGFp& point) const - { - const BigInt& cofactor = domain().get_cofactor(); - const BigInt& n = domain().get_order(); - - BigInt l = inverse_mod(cofactor, n); // can precompute this - - PointGFp S = (cofactor * point) * (private_value() * l); - S.check_invariants(); - - return BigInt::encode_1363(S.get_affine_x(), - point.get_curve().get_p().bytes()); - } - } diff --git a/src/pubkey/ecdh/ecdh.h b/src/pubkey/ecdh/ecdh.h index ef589d982..d670361f6 100644 --- a/src/pubkey/ecdh/ecdh.h +++ b/src/pubkey/ecdh/ecdh.h @@ -76,25 +76,6 @@ class BOTAN_DLL ECDH_PrivateKey : public ECDH_PublicKey, MemoryVector<byte> public_value() const { return EC2OSP(public_point(), PointGFp::UNCOMPRESSED); } - private: - /** - * Derive a shared key with the other parties public key. - * @param key the other partys public key - * @param key_len the other partys public key - */ - SecureVector<byte> derive_key(const byte key[], u32bit key_len) const; - - /** - * Derive a shared key with the other parties public key. - * @param other the other partys public key - */ - SecureVector<byte> derive_key(const ECDH_PublicKey& other) const; - - /** - * Derive a shared key with the other parties public key. - * @param point the public point of the other parties key - */ - SecureVector<byte> derive_key(const PointGFp& point) const; }; /** @@ -105,7 +86,7 @@ class BOTAN_DLL ECDH_KA_Operation : public PK_Ops::Key_Agreement public: ECDH_KA_Operation(const ECDH_PrivateKey& key); - SecureVector<byte> agree(const byte w[], u32bit w_len) const; + SecureVector<byte> agree(const byte w[], u32bit w_len); private: const CurveGFp& curve; const BigInt& cofactor; diff --git a/src/pubkey/ecdsa/ecdsa.cpp b/src/pubkey/ecdsa/ecdsa.cpp index 95dc99e67..afca6cc73 100644 --- a/src/pubkey/ecdsa/ecdsa.cpp +++ b/src/pubkey/ecdsa/ecdsa.cpp @@ -20,7 +20,7 @@ ECDSA_Signature_Operation::ECDSA_Signature_Operation(const ECDSA_PrivateKey& ecd SecureVector<byte> ECDSA_Signature_Operation::sign(const byte msg[], u32bit msg_len, - RandomNumberGenerator& rng) const + RandomNumberGenerator& rng) { rng.add_entropy(msg, msg_len); @@ -56,7 +56,7 @@ ECDSA_Verification_Operation::ECDSA_Verification_Operation(const ECDSA_PublicKey } bool ECDSA_Verification_Operation::verify(const byte msg[], u32bit msg_len, - const byte sig[], u32bit sig_len) const + const byte sig[], u32bit sig_len) { if(sig_len != order.bytes()*2) return false; diff --git a/src/pubkey/ecdsa/ecdsa.h b/src/pubkey/ecdsa/ecdsa.h index 7ea135896..e20a234fc 100644 --- a/src/pubkey/ecdsa/ecdsa.h +++ b/src/pubkey/ecdsa/ecdsa.h @@ -92,7 +92,7 @@ class BOTAN_DLL ECDSA_Signature_Operation : public PK_Ops::Signature ECDSA_Signature_Operation(const ECDSA_PrivateKey& ecdsa); SecureVector<byte> sign(const byte msg[], u32bit msg_len, - RandomNumberGenerator& rng) const; + RandomNumberGenerator& rng); u32bit message_parts() const { return 2; } u32bit message_part_size() const { return order.bytes(); } @@ -116,7 +116,7 @@ class BOTAN_DLL ECDSA_Verification_Operation : public PK_Ops::Verification bool with_recovery() const { return false; } bool verify(const byte msg[], u32bit msg_len, - const byte sig[], u32bit sig_len) const; + const byte sig[], u32bit sig_len); private: const PointGFp& base_point; const PointGFp& public_point; diff --git a/src/pubkey/elgamal/elgamal.cpp b/src/pubkey/elgamal/elgamal.cpp index f55aeaa4c..b9c4803f3 100644 --- a/src/pubkey/elgamal/elgamal.cpp +++ b/src/pubkey/elgamal/elgamal.cpp @@ -91,7 +91,7 @@ ElGamal_Encryption_Operation::ElGamal_Encryption_Operation(const ElGamal_PublicK SecureVector<byte> ElGamal_Encryption_Operation::encrypt(const byte msg[], u32bit msg_len, - RandomNumberGenerator& rng) const + RandomNumberGenerator& rng) { const BigInt& p = mod_p.get_modulus(); @@ -118,12 +118,12 @@ ElGamal_Decryption_Operation::ElGamal_Decryption_Operation(const ElGamal_Private powermod_x_p = Fixed_Exponent_Power_Mod(key.get_x(), p); mod_p = Modular_Reducer(p); - BigInt k = Blinder::choose_nonce(key.get_x(), p); + BigInt k = Blinder::choose_nonce(powermod_x_p(2), p); blinder = Blinder(k, powermod_x_p(k), p); } SecureVector<byte> -ElGamal_Decryption_Operation::decrypt(const byte msg[], u32bit msg_len) const +ElGamal_Decryption_Operation::decrypt(const byte msg[], u32bit msg_len) { const BigInt& p = mod_p.get_modulus(); diff --git a/src/pubkey/elgamal/elgamal.h b/src/pubkey/elgamal/elgamal.h index c94779e96..143b417ec 100644 --- a/src/pubkey/elgamal/elgamal.h +++ b/src/pubkey/elgamal/elgamal.h @@ -63,7 +63,7 @@ class BOTAN_DLL ElGamal_Encryption_Operation : public PK_Ops::Encryption ElGamal_Encryption_Operation(const ElGamal_PublicKey& key); SecureVector<byte> encrypt(const byte msg[], u32bit msg_len, - RandomNumberGenerator& rng) const; + RandomNumberGenerator& rng); private: Fixed_Base_Power_Mod powermod_g_p, powermod_y_p; @@ -77,7 +77,7 @@ class BOTAN_DLL ElGamal_Decryption_Operation : public PK_Ops::Decryption ElGamal_Decryption_Operation(const ElGamal_PrivateKey& key); - SecureVector<byte> decrypt(const byte msg[], u32bit msg_len) const; + SecureVector<byte> decrypt(const byte msg[], u32bit msg_len); private: Fixed_Exponent_Power_Mod powermod_x_p; Modular_Reducer mod_p; diff --git a/src/pubkey/nr/nr.cpp b/src/pubkey/nr/nr.cpp index 8a1b8c261..cf59615da 100644 --- a/src/pubkey/nr/nr.cpp +++ b/src/pubkey/nr/nr.cpp @@ -95,7 +95,7 @@ NR_Signature_Operation::NR_Signature_Operation(const NR_PrivateKey& nr) : SecureVector<byte> NR_Signature_Operation::sign(const byte msg[], u32bit msg_len, - RandomNumberGenerator& rng) const + RandomNumberGenerator& rng) { rng.add_entropy(msg, msg_len); @@ -130,7 +130,7 @@ NR_Verification_Operation::NR_Verification_Operation(const NR_PublicKey& nr) : } SecureVector<byte> -NR_Verification_Operation::verify_mr(const byte msg[], u32bit msg_len) const +NR_Verification_Operation::verify_mr(const byte msg[], u32bit msg_len) { const BigInt& q = mod_q.get_modulus(); diff --git a/src/pubkey/nr/nr.h b/src/pubkey/nr/nr.h index 19eac5cc9..bd125ab92 100644 --- a/src/pubkey/nr/nr.h +++ b/src/pubkey/nr/nr.h @@ -65,7 +65,7 @@ class BOTAN_DLL NR_Signature_Operation : public PK_Ops::Signature u32bit max_input_bits() const { return (q.bits() - 1); } SecureVector<byte> sign(const byte msg[], u32bit msg_len, - RandomNumberGenerator& rng) const; + RandomNumberGenerator& rng); private: const BigInt& q; const BigInt& x; @@ -84,7 +84,7 @@ class BOTAN_DLL NR_Verification_Operation : public PK_Ops::Verification bool with_recovery() const { return true; } - SecureVector<byte> verify_mr(const byte msg[], u32bit msg_len) const; + SecureVector<byte> verify_mr(const byte msg[], u32bit msg_len); private: const BigInt& q; const BigInt& y; diff --git a/src/pubkey/pk_ops.h b/src/pubkey/pk_ops.h index bf846d69f..97ba372c2 100644 --- a/src/pubkey/pk_ops.h +++ b/src/pubkey/pk_ops.h @@ -21,7 +21,7 @@ class BOTAN_DLL Encryption virtual u32bit max_input_bits() const = 0; virtual SecureVector<byte> encrypt(const byte msg[], u32bit msg_len, - RandomNumberGenerator& rng) const = 0; + RandomNumberGenerator& rng) = 0; virtual ~Encryption() {} }; @@ -32,7 +32,7 @@ class BOTAN_DLL Decryption virtual u32bit max_input_bits() const = 0; virtual SecureVector<byte> decrypt(const byte msg[], - u32bit msg_len) const = 0; + u32bit msg_len) = 0; virtual ~Decryption() {} }; @@ -64,9 +64,8 @@ class BOTAN_DLL Signature * @param msg_len the length of msg in bytes * @param rng a random number generator */ - virtual SecureVector<byte> - sign(const byte msg[], u32bit msg_len, - RandomNumberGenerator& rng) const = 0; + virtual SecureVector<byte> sign(const byte msg[], u32bit msg_len, + RandomNumberGenerator& rng) = 0; virtual ~Signature() {} }; @@ -107,7 +106,7 @@ class BOTAN_DLL Verification * @returns if signature is a valid one for message */ virtual bool verify(const byte[], u32bit, - const byte[], u32bit) const + const byte[], u32bit) { throw Invalid_State("Message recovery required"); } @@ -120,7 +119,7 @@ class BOTAN_DLL Verification * @returns recovered message */ virtual SecureVector<byte> verify_mr(const byte[], - u32bit) const + u32bit) { throw Invalid_State("Message recovery not supported"); } @@ -140,7 +139,7 @@ class BOTAN_DLL Key_Agreement * @param w_len the length of w in bytes * @returns the agreed key */ - virtual SecureVector<byte> agree(const byte w[], u32bit w_len) const = 0; + virtual SecureVector<byte> agree(const byte w[], u32bit w_len) = 0; virtual ~Key_Agreement() {} }; diff --git a/src/pubkey/pubkey.h b/src/pubkey/pubkey.h index d8964e1e7..c31aed67b 100644 --- a/src/pubkey/pubkey.h +++ b/src/pubkey/pubkey.h @@ -402,7 +402,7 @@ class BOTAN_DLL PK_Encryptor_EME : public PK_Encryptor SecureVector<byte> enc(const byte[], u32bit, RandomNumberGenerator& rng) const; - const PK_Ops::Encryption* op; + PK_Ops::Encryption* op; const EME* eme; }; @@ -424,7 +424,7 @@ class BOTAN_DLL PK_Decryptor_EME : public PK_Decryptor private: SecureVector<byte> dec(const byte[], u32bit) const; - const PK_Ops::Decryption* op; + PK_Ops::Decryption* op; const EME* eme; }; diff --git a/src/pubkey/rsa/rsa.cpp b/src/pubkey/rsa/rsa.cpp index 5047fdf7a..b278ade52 100644 --- a/src/pubkey/rsa/rsa.cpp +++ b/src/pubkey/rsa/rsa.cpp @@ -80,7 +80,7 @@ RSA_Private_Operation::RSA_Private_Operation(const RSA_PrivateKey& rsa) : powermod_d2_q(rsa.get_d2(), rsa.get_q()), mod_p(rsa.get_p()) { - BigInt k = Blinder::choose_nonce(rsa.get_d(), n); + BigInt k = Blinder::choose_nonce(powermod_e_n(q), n); blinder = Blinder(powermod_e_n(k), inverse_mod(k, n), n); } @@ -99,8 +99,13 @@ BigInt RSA_Private_Operation::private_op(const BigInt& m) const SecureVector<byte> RSA_Private_Operation::sign(const byte msg[], u32bit msg_len, - RandomNumberGenerator&) const + RandomNumberGenerator& rng) { + /* We don't check signatures against powermod_e_n here because + PK_Signer checks verification consistency for all signature + algorithms. + */ + BigInt m(msg, msg_len); BigInt x = blinder.unblind(private_op(blinder.blind(m))); return BigInt::encode_1363(x, n.bytes()); @@ -110,7 +115,7 @@ RSA_Private_Operation::sign(const byte msg[], u32bit msg_len, * RSA Decryption Operation */ SecureVector<byte> -RSA_Private_Operation::decrypt(const byte msg[], u32bit msg_len) const +RSA_Private_Operation::decrypt(const byte msg[], u32bit msg_len) { BigInt m(msg, msg_len); BigInt x = blinder.unblind(private_op(blinder.blind(m))); diff --git a/src/pubkey/rsa/rsa.h b/src/pubkey/rsa/rsa.h index 36f9277ef..72cd80fef 100644 --- a/src/pubkey/rsa/rsa.h +++ b/src/pubkey/rsa/rsa.h @@ -96,9 +96,9 @@ class BOTAN_DLL RSA_Private_Operation : public PK_Ops::Signature, u32bit max_input_bits() const { return (n.bits() - 1); } SecureVector<byte> sign(const byte msg[], u32bit msg_len, - RandomNumberGenerator& rng) const; + RandomNumberGenerator& rng); - SecureVector<byte> decrypt(const byte msg[], u32bit msg_len) const; + SecureVector<byte> decrypt(const byte msg[], u32bit msg_len); private: BigInt private_op(const BigInt& m) const; @@ -123,13 +123,13 @@ class BOTAN_DLL RSA_Public_Operation : public PK_Ops::Verification, bool with_recovery() const { return true; } SecureVector<byte> encrypt(const byte msg[], u32bit msg_len, - RandomNumberGenerator&) const + RandomNumberGenerator&) { BigInt m(msg, msg_len); return BigInt::encode_1363(public_op(m), n.bytes()); } - SecureVector<byte> verify_mr(const byte msg[], u32bit msg_len) const + SecureVector<byte> verify_mr(const byte msg[], u32bit msg_len) { BigInt m(msg, msg_len); return BigInt::encode(public_op(m)); diff --git a/src/pubkey/rw/rw.cpp b/src/pubkey/rw/rw.cpp index af2b849ff..508244112 100644 --- a/src/pubkey/rw/rw.cpp +++ b/src/pubkey/rw/rw.cpp @@ -74,21 +74,26 @@ bool RW_PrivateKey::check_key(RandomNumberGenerator& rng, bool strong) const } RW_Signature_Operation::RW_Signature_Operation(const RW_PrivateKey& rw) : + n(rw.get_n()), + e(rw.get_e()), q(rw.get_q()), c(rw.get_c()), - n(rw.get_n()), powermod_d1_p(rw.get_d1(), rw.get_p()), powermod_d2_q(rw.get_d2(), rw.get_q()), mod_p(rw.get_p()) { - BigInt k = Blinder::choose_nonce(rw.get_d(), n); - blinder = Blinder(power_mod(k, rw.get_e(), n), inverse_mod(k, n), n); } SecureVector<byte> RW_Signature_Operation::sign(const byte msg[], u32bit msg_len, - RandomNumberGenerator&) const + RandomNumberGenerator& rng) { + if(!blinder.initialized()) + { + BigInt k(rng, n.bits() / 2); + blinder = Blinder(power_mod(k, e, n), inverse_mod(k, n), n); + } + BigInt i(msg, msg_len); if(i >= n || i % 16 != 12) @@ -111,7 +116,7 @@ RW_Signature_Operation::sign(const byte msg[], u32bit msg_len, } SecureVector<byte> -RW_Verification_Operation::verify_mr(const byte msg[], u32bit msg_len) const +RW_Verification_Operation::verify_mr(const byte msg[], u32bit msg_len) { BigInt m(msg, msg_len); diff --git a/src/pubkey/rw/rw.h b/src/pubkey/rw/rw.h index 25e7be634..3ca9bb722 100644 --- a/src/pubkey/rw/rw.h +++ b/src/pubkey/rw/rw.h @@ -66,11 +66,12 @@ class BOTAN_DLL RW_Signature_Operation : public PK_Ops::Signature u32bit max_input_bits() const { return (n.bits() - 1); } SecureVector<byte> sign(const byte msg[], u32bit msg_len, - RandomNumberGenerator& rng) const; + RandomNumberGenerator& rng); private: + const BigInt& n; + const BigInt& e; const BigInt& q; const BigInt& c; - const BigInt& n; Fixed_Exponent_Power_Mod powermod_d1_p, powermod_d2_q; Modular_Reducer mod_p; @@ -87,7 +88,7 @@ class BOTAN_DLL RW_Verification_Operation : public PK_Ops::Verification u32bit max_input_bits() const { return (n.bits() - 1); } bool with_recovery() const { return true; } - SecureVector<byte> verify_mr(const byte msg[], u32bit msg_len) const; + SecureVector<byte> verify_mr(const byte msg[], u32bit msg_len); private: const BigInt& n; |