diff options
| -rw-r--r-- | checks/pk.cpp | 21 | ||||
| -rw-r--r-- | checks/pk_valid.dat | 40 | ||||
| -rw-r--r-- | doc/log.txt | 1 | ||||
| -rw-r--r-- | src/engine/gnump/gnump_pk.cpp | 18 | ||||
| -rw-r--r-- | src/engine/openssl/openssl_pk.cpp | 20 | ||||
| -rw-r--r-- | src/math/numbertheory/pow_mod.cpp | 2 | ||||
| -rw-r--r-- | src/pubkey/blinding.h | 2 | ||||
| -rw-r--r-- | src/pubkey/dh/dh.cpp | 4 | ||||
| -rw-r--r-- | src/pubkey/dh/dh.h | 2 | ||||
| -rw-r--r-- | src/pubkey/dsa/dsa.cpp | 4 | ||||
| -rw-r--r-- | src/pubkey/dsa/dsa.h | 4 | ||||
| -rw-r--r-- | src/pubkey/ecdh/ecdh.cpp | 37 | ||||
| -rw-r--r-- | src/pubkey/ecdh/ecdh.h | 21 | ||||
| -rw-r--r-- | src/pubkey/ecdsa/ecdsa.cpp | 4 | ||||
| -rw-r--r-- | src/pubkey/ecdsa/ecdsa.h | 4 | ||||
| -rw-r--r-- | src/pubkey/elgamal/elgamal.cpp | 6 | ||||
| -rw-r--r-- | src/pubkey/elgamal/elgamal.h | 4 | ||||
| -rw-r--r-- | src/pubkey/nr/nr.cpp | 4 | ||||
| -rw-r--r-- | src/pubkey/nr/nr.h | 4 | ||||
| -rw-r--r-- | src/pubkey/pk_ops.h | 15 | ||||
| -rw-r--r-- | src/pubkey/pubkey.h | 4 | ||||
| -rw-r--r-- | src/pubkey/rsa/rsa.cpp | 11 | ||||
| -rw-r--r-- | src/pubkey/rsa/rsa.h | 8 | ||||
| -rw-r--r-- | src/pubkey/rw/rw.cpp | 15 | ||||
| -rw-r--r-- | src/pubkey/rw/rw.h | 7 |
25 files changed, 114 insertions, 148 deletions
diff --git a/checks/pk.cpp b/checks/pk.cpp index f0343afec..bc1308f1c 100644 --- a/checks/pk.cpp +++ b/checks/pk.cpp @@ -161,14 +161,14 @@ void validate_encryption(PK_Encryptor& e, PK_Decryptor& d, } void validate_signature(PK_Verifier& v, PK_Signer& s, const std::string& algo, - const std::string& input, const std::string& random, + const std::string& input, + RandomNumberGenerator& rng, const std::string& exp, bool& failure) { SecureVector<byte> message = decode_hex(input); SecureVector<byte> expected = decode_hex(exp); - Fixed_Output_RNG rng(decode_hex(random)); SecureVector<byte> sig = s.sign_message(message, message.size(), rng); if(sig != expected) @@ -194,6 +194,16 @@ void validate_signature(PK_Verifier& v, PK_Signer& s, const std::string& algo, } } +void validate_signature(PK_Verifier& v, PK_Signer& s, const std::string& algo, + const std::string& input, + const std::string& random, + const std::string& exp, bool& failure) + { + Fixed_Output_RNG rng(decode_hex(random)); + + validate_signature(v, s, algo, input, rng, exp, failure); + } + void validate_kas(PK_Key_Agreement& kas, const std::string& algo, const SecureVector<byte>& pubkey, const std::string& output, u32bit keylen, bool& failure) @@ -397,8 +407,6 @@ u32bit validate_rw_ver(const std::string& algo, if(str.size() != 5) throw std::runtime_error("Invalid input from pk_valid.dat"); - - #if defined(BOTAN_HAS_RW) RW_PublicKey key(to_bigint(str[1]), to_bigint(str[0])); @@ -421,10 +429,9 @@ u32bit validate_rw_sig(const std::string& algo, const std::vector<std::string>& str, RandomNumberGenerator& rng) { - if(str.size() != 6) + if(str.size() != 5) throw std::runtime_error("Invalid input from pk_valid.dat"); - #if defined(BOTAN_HAS_RW) RW_PrivateKey privkey(rng, to_bigint(str[1]), to_bigint(str[2]), to_bigint(str[0])); @@ -436,7 +443,7 @@ u32bit validate_rw_sig(const std::string& algo, PK_Signer s(privkey, emsa); bool failure = false; - validate_signature(v, s, algo, str[3], str[4], str[5], failure); + validate_signature(v, s, algo, str[3], rng, str[4], failure); return (failure ? 1 : 0); #endif diff --git a/checks/pk_valid.dat b/checks/pk_valid.dat index fbf3c3b45..40bd830c2 100644 --- a/checks/pk_valid.dat +++ b/checks/pk_valid.dat @@ -3642,12 +3642,12 @@ D2F20D5BB1E28D6A0D3D722B2F044670B20530FD1F7983513D7F3527A662571A3AE98E1DAFF9403\ 5EFFC02FD41C583E1CBDA53C1821BB79FB392D68A4524B0F65EBB64FF6656C52BF54D5774DF2D91\ 6C9B793E206E0D5351D7B4D18DE3CA4CCFA8F7A3ABFB36048C9297F7512B3FDA70F7 -# RW Format: exponent:p:q:message:nonce:output +# RW Format: exponent:p:q:message:output [RW/EMSA2(SHA-1)] 2:\ F21624A28732743BBE9B1A2B320CA31EF4A127456547ACDF5C523995E25A990B:\ BC6EDE730E7CEC8993A6E6296EA8DFBBC7D46615122F23F635FF988E284E31CF:\ -5075752E::\ +5075752E:\ 44CB3C6CD992A656AC2D8C92E044FCCC60FAA1B47FE153E7BA4B647136DA4A42\ 88BD50FB0935E3B9180AF477F8B88E1EA1106569CCAB8D354E0A7E3AC92D70B3 @@ -3655,7 +3655,7 @@ BC6EDE730E7CEC8993A6E6296EA8DFBBC7D46615122F23F635FF988E284E31CF:\ F2E5CDF6CA7387C132242CE031CEC8FE2CEAFA8530EC9795F16605B1CBD97BCB:\ DA330E4440FE5CD00A37A738DDFBDD5623A31FAE273AD98E41DA0D3DB937CEBF:\ 4C6F7665207375636B732E20556E7265717569746564206C6F7665207375636B\ -73206D6F72652E::\ +73206D6F72652E:\ 5AB035B8E6415D691951DBCEACC6A61987599000A590A414363BF52FB95C5BAB\ C12812152C5BCBC6A443C68B971EE0AA5E864C9FF9ABE0A85BB86FA544239958 @@ -3663,21 +3663,21 @@ C12812152C5BCBC6A443C68B971EE0AA5E864C9FF9ABE0A85BB86FA544239958 13CE5CDF6CA7387C132242CE031CEC8FE2CEAFA8530EC9795F16605B1CBD978A3:\ 14FE360AA550965F93CE76E4B01F55FBFDD7A049B2761817505CB6959A73A4C07:\ 4C6F7665207375636B732E20556E7265717569746564206C6F7665207375636B7\ -3206D6F72652E::\ +3206D6F72652E:\ 0085AC363AEA57F36E348936599A77167BAF17194D250787F347C710019558A9F\ 773DDC25A2216DA694D38E03CAA4F7423BDF03DB0E75161221906222FC9E0F23D 2:\ 1947A060ECFEFA3F8DDED8AE580D45B02D82DE108496AFC322FFD14EA02B7BFE3:\ 1E1384A66A21500DEE4DC2B36F43EF398B1C50BDEE7600CD4340B663471F0F16F:\ -4A65737369652048616E68616D20697320612064616D6E2063757465206769726C::\ +4A65737369652048616E68616D20697320612064616D6E2063757465206769726C:\ 00BE5B2A5EE3CB613ABE4548C856F6C8F8B4B9EAD3795675E59E4DDC4A015D019\ 2F29B6352CDD913C289961BE57F84005F0BBD3AE7E2BBE73DABC50B2201923CC0 2:\ 1AA83F51426F2BDA398221C48E8D322EF66D59098D0418E0C2B06DE6EA2F97D33:\ 1E4C7924C9E6D7ABDB372B112601D4C091FAE6C8FEB518595DF436FE9B354E26F:\ -492077616E742061206472696E6B2E204E6F772E::\ +492077616E742061206472696E6B2E204E6F772E:\ 010E8838216B05B4C2739B65AB2A7ABC114A046E3CD37CF1E97815ECA53750B1B\ F486A9BA684B9FE2D983BBA5F9D97565F0DCF6A5176C169EC67B6BB6C9616CEA6 @@ -3685,7 +3685,7 @@ F486A9BA684B9FE2D983BBA5F9D97565F0DCF6A5176C169EC67B6BB6C9616CEA6 22C9D42C6803B9AC87F641E9465D300DE8898694427D138761C4A5B121B0632DB:\ 25DA5C05701C99EDDF0FBAA61DCDBA404C05D860DD539E06B0AECA7E56354DEA7:\ 54657374696E6720766172696F7573206B657973697A657320666F72205257207\ -369676E6174757265733A2035313220746F203531392C20616E642031303234::\ +369676E6174757265733A2035313220746F203531392C20616E642031303234:\ 0191F1BA45BC571445612D8C1A7818B52DFF78566E6CCFF7AB55B2F35FA21210C\ 951F171E27A2921032718AE01BB4F209164BA0B21A5842D1925B35D09C7538050 @@ -3693,7 +3693,7 @@ F486A9BA684B9FE2D983BBA5F9D97565F0DCF6A5176C169EC67B6BB6C9616CEA6 388F732F05B06F5BA10816242E8F75A000E235C97174F57931E8D845442147F8B:\ 2F3758EBE44182841FB1743D3BA6AEEC0AEC5758660E1DB37C818199B90A1A307:\ 54657374696E6720766172696F7573206B657973697A657320666F72205257207\ -369676E6174757265733A2035313220746F203531392C20616E642031303234::\ +369676E6174757265733A2035313220746F203531392C20616E642031303234:\ 046C31E4EA320DF130FE1F361184DDC03713BBAC169E08266B91655B42A01F39E\ 1E3FF781B04B2F44B2504F37ACC9688C1ADD7EB94A998779EFCDFBEB9FAFFC82D @@ -3701,14 +3701,14 @@ F486A9BA684B9FE2D983BBA5F9D97565F0DCF6A5176C169EC67B6BB6C9616CEA6 4AE4F716610D77E35A6FA2FEAAAC3E92706B996414C012EF72BCBE86E3F1A97BB:\ 5145D9E08DA9021E87080C437BE1835B06E5C9ECCDA8E7CF7E30F682D0CB1A9F7:\ 54657374696E6720766172696F7573206B657973697A657320666F72205257207\ -369676E6174757265733A2035313220746F203531392C20616E642031303234::\ +369676E6174757265733A2035313220746F203531392C20616E642031303234:\ 01BF0E20BF646E5E427B8D28CBAF696D7AA6B6DE878BB91C295D5559B1FA9A94F\ 114FF61C11C0BC97066C2FC919815B0FD150CE70F63D696CEA4D5D1D7BDEDC035 2:\ 6AA3DB8710567A30D7E9E61956962D4E4D50BC0510C2238D9136A93CC5DC3A73B:\ 6CAC9FF49F1035D179668B399927A610608788A8C884B76A94A6DDBCA94A52327:\ -57414E5445443A2043757465204A6170616E657365206769726C667269656E64::\ +57414E5445443A2043757465204A6170616E657365206769726C667269656E64:\ 1695A91578EBC67ED86C20EC4886B2E3895E11A7647D22FFB41091E1C7A3CA0DC\ E091A1FCBACB859C4A5C8B3B841C0F0F7039BEFEA790A423114F35F9D809DBCD2 @@ -3716,7 +3716,7 @@ E091A1FCBACB859C4A5C8B3B841C0F0F7039BEFEA790A423114F35F9D809DBCD2 9EADA4F7D1BEC405BC2BFB4F836E19A488E079030F8C09DE76810B9E63FB41873:\ AD5DEBCF83372200B106812A6A7CF3A702C35BAF4FC095617794314EBCAC4DE47:\ 476F6C642073747564733F213F204576656E20746865204D544120756E6465727\ -374616E647320746865206E65656420666F722074686520424C494E472D424C494E4721::\ +374616E647320746865206E65656420666F722074686520424C494E472D424C494E4721:\ 203FCE80570CA0DA3C2D50634A33BAACEA6D397618F36620EE10DE4E6A51018C0\ BADE98DF220E47DBA140AEAE910A28F3177D4349740EC05A5EB7BA280D7BF8F34 @@ -3727,7 +3727,7 @@ CDC7D5FE3805572EA3FF554C086C7DD4020A3CE48DF5A09A5CEB75E6AABCD338\ F800F362448E87CE7E1A55331ADF2BBF3A22B3E6134035FDA52D9578FD3F72F7:\ 57687920696E20746865206E616D65206F6620616C6C20746861742069732067\ 6F6F6420616E6420686F6C792061726520796F752072656164696E6720746869\ -733F213F21::\ +733F213F21:\ 05BDC911B3F19F2201EDF6CCC792A68BCEC40506F00112A6DCAEEAA2D7A62192\ 931D8968F7312EBFE7F7646CED6A8948E58327862527EFD960F15CD8EC74D1DF\ 1FDC37F369A4A844D15DB7ACC6DB5ADA884B119148929439D5305B6916D0A081\ @@ -3738,7 +3738,7 @@ EF86DD7AF3F32CDE8A9F6564E43A559A0C9F8BAD36CC25330548B347AC158A34\ 5631FA90F7B873C36EFFAE2F7823227A3F580B5DD18304D5932751E743E9281B:\ F5BB4289C389D9019C36F96C6B81FFFBF20BE0620C6343E2B800AEFB1B55A330\ 8CC1402DA7A2A558579A2A5146B30CB08E3F20B501081248F2F1DE36CDFCE9DF:\ -2CA039854B55688740E3::\ +2CA039854B55688740E3:\ 1AF029CBEC9C692CE5096E73E4E9A52EC9A28D207A5511CCEC7681E5E3D867A4\ AE2E22DE4909D89196A272F1B50DE6FA3248BCA334D46E0D57171A790B6F4697\ E7BA7047DB79DECD47BD21995243DEBBF25915DDBC93C45875C14DE953792257\ @@ -3749,7 +3749,7 @@ EF86DD7AF3F32CDE8A9F6564E43A559A0C9F8BAD36CC25330548B347AC158A34\ 5631FA90F7B873C36EFFAE2F7823227A3F580B5DD18304D5932751E743E9281B:\ F5BB4289C389D9019C36F96C6B81FFFBF20BE0620C6343E2B800AEFB1B55A330\ 8CC1402DA7A2A558579A2A5146B30CB08E3F20B501081248F2F1DE36CDFCE9DF:\ -2119A954F1AC0F3DCDB2::\ +2119A954F1AC0F3DCDB2:\ 60C3CCF4F086B15B7F850B445F384333F7AE5A4B5EDE2820C7233239E1B86D6E\ 4B4FCA4F50B087CE1DF17DA5D62672A17F2CF87A2875BBD9B138CAF6863821D6\ A4D553E9EB64C9254A8F9A6B960E57E39069D65E3F561AA1FA91643D42FEEFB9\ @@ -3760,7 +3760,7 @@ EF86DD7AF3F32CDE8A9F6564E43A559A0C9F8BAD36CC25330548B347AC158A34\ 5631FA90F7B873C36EFFAE2F7823227A3F580B5DD18304D5932751E743E9281B:\ F5BB4289C389D9019C36F96C6B81FFFBF20BE0620C6343E2B800AEFB1B55A330\ 8CC1402DA7A2A558579A2A5146B30CB08E3F20B501081248F2F1DE36CDFCE9DF:\ -7A4C634DE6F16315BD5F::\ +7A4C634DE6F16315BD5F:\ 308A5D65224201BED626CC83FB901EC84874EE03B2E7AB4E752EDBDE024C754E\ 3CC9841CA062100A8843DE9183354B4E0596E8C68F1605828287884F0F9BA696\ 8FC7A9F0CA09418A8485B90465E5D3F96CE4995A5FC7A6E5ABD9CC06BB8A2C3C\ @@ -3771,7 +3771,7 @@ F5BB4289C389D9019C36F96C6B81FFFBF20BE0620C6343E2B800AEFB1B55A330\ 976C3B14FBD253F0F988C354725289F2897D7FB62C5C74AF7D597A1E22AAFBA1D3:\ 0F816BF0ADD559AFDA38B008E4087F6A38B575C56FFF453056EAAAB3381C9552\ 0969546F954D458D48E44850938B1DB471CF4B40AFC47E067FB5BCE67BA98BE8D7:\ -EF0F1D56F4E5D587C212::\ +EF0F1D56F4E5D587C212:\ 3E544FEBB6623F5D392003B729FE2BFC20E2CB3ECAC22734DFCA55150254E616\ A41C5E54CE3B50FBC2FE2363EE9AF9B15C70615497B0A458F8AB6D850992EEEB\ 56D65F87EA1BD6E2B4B7E40A0F5E1635C7DDB17110C61039CF712D3524C9C2C1\ @@ -3782,7 +3782,7 @@ F35D9163BE5C70276F46634514BE16EC09602782E88FE74EAEB2F50CBB0E3B5C4A 976C3B14FBD253F0F988C354725289F2897D7FB62C5C74AF7D597A1E22AAFBA1D3:\ 0F816BF0ADD559AFDA38B008E4087F6A38B575C56FFF453056EAAAB3381C9552\ 0969546F954D458D48E44850938B1DB471CF4B40AFC47E067FB5BCE67BA98BE8D7:\ -EC5CC4228C3C70EE8F35::\ +EC5CC4228C3C70EE8F35:\ 228BAA85062F10DCC9D99A23D340BC4B9E463D8AB86A6781A6D2143564303E2D\ C78772BF68449BE1E2711A68D5A15CF04A23573FB3870454308F583BBB5F2467\ 069EF1395431E70F91BD56D846DC8DB2E88AB3D26A9770660B87A76D6C3575DE\ @@ -3793,7 +3793,7 @@ C78772BF68449BE1E2711A68D5A15CF04A23573FB3870454308F583BBB5F2467\ 976C3B14FBD253F0F988C354725289F2897D7FB62C5C74AF7D597A1E22AAFBA1D3:\ 0F816BF0ADD559AFDA38B008E4087F6A38B575C56FFF453056EAAAB3381C9552\ 0969546F954D458D48E44850938B1DB471CF4B40AFC47E067FB5BCE67BA98BE8D7:\ -FEF5EE07C74118DA30B9::\ +FEF5EE07C74118DA30B9:\ 2637E16E2599B6EC2F4728C73D3B29F483C2B881F1E1969C426027605EF080E9\ B17D258D5E1EBC6472A2501E04CF19C144537FCB38A1DA00D948EBD39FA11322\ D9230B62E2C12AEDB366BD85A2089588A8D52E941FD986D89828A342B83438A9\ @@ -3808,7 +3808,7 @@ BADCC718DD2D761C4893C4831D56ADA30FC5C7C148D473BEDF7615B7E821B92F\ 319676CE278349F1309FB3D264C1A22BDE71B221354C7A4D31117B3EC3C9D480\ 2E0A26BD8EC05D28B6502C65F35C687AF7F8396B963ED029A2C5AE38DD7C5C96\ 2A953C113C0F590957AB19A6E2AFDA6DB84F22C0C31AE243DEBD2920FBE9FBDF:\ -15E7B7B7ED0F176B6799::\ +15E7B7B7ED0F176B6799:\ 39FF4B5FA50AE498F3C91A655E6865840D1FC401EE02DBC8460A59DEB8816E66\ 80F712B7BAF8D4DC11A3B54BF906BE698306F0449BB43F3F223B944D930A1A3C\ 718E8A9E2EEDEC5A07AB817C26A80CC2A2EE2846A597EAB8A999D38DB9849016\ @@ -3827,7 +3827,7 @@ BADCC718DD2D761C4893C4831D56ADA30FC5C7C148D473BEDF7615B7E821B92F\ 319676CE278349F1309FB3D264C1A22BDE71B221354C7A4D31117B3EC3C9D480\ 2E0A26BD8EC05D28B6502C65F35C687AF7F8396B963ED029A2C5AE38DD7C5C96\ 2A953C113C0F590957AB19A6E2AFDA6DB84F22C0C31AE243DEBD2920FBE9FBDF:\ -B36724C92954C38D0288::\ +B36724C92954C38D0288:\ 3C8CD3614555568BBECA99174B7B203D0BC6FABE9E6FFE0C41EB4D9A2C601D23\ 93CA1E01B7D7E99337758AC914C9F151311E5AE6708DAF1D8C825DA471652C6E\ 13A8FE5802D7AE097BFC899A4EC8CA235B5982B9058C53AAD52823ACF692290E\ diff --git a/doc/log.txt b/doc/log.txt index c2d9b0f1b..472a87a3c 100644 --- a/doc/log.txt +++ b/doc/log.txt @@ -12,6 +12,7 @@ - Add support for password hashing for authentication (passhash9.h) - Add support for Win32 high resolution system timers - Major refactoring and API changes in the public key code + - Use consistency checking (anti-fault attack) for all signature schemes - Changed S2K interface: derive_key now takes salt, iteration count - Remove dependency on TR1 for ECC and CVC code - Renamed ECKAEG to its more usual name, ECDH diff --git a/src/engine/gnump/gnump_pk.cpp b/src/engine/gnump/gnump_pk.cpp index 3ca1f25ff..8d003a5d4 100644 --- a/src/engine/gnump/gnump_pk.cpp +++ b/src/engine/gnump/gnump_pk.cpp @@ -50,7 +50,7 @@ class GMP_DH_KA_Operation : public PK_Ops::Key_Agreement GMP_DH_KA_Operation(const DH_PrivateKey& dh) : x(dh.get_x()), p(dh.group_p()) {} - SecureVector<byte> agree(const byte w[], u32bit w_len) const + SecureVector<byte> agree(const byte w[], u32bit w_len) { GMP_MPZ z(w, w_len); mpz_powm(z.value, z.value, x.value, p.value); @@ -79,7 +79,7 @@ class GMP_DSA_Signature_Operation : public PK_Ops::Signature u32bit max_input_bits() const { return q_bits; } SecureVector<byte> sign(const byte msg[], u32bit msg_len, - RandomNumberGenerator& rng) const; + RandomNumberGenerator& rng); private: const GMP_MPZ x, p, q, g; u32bit q_bits; @@ -87,7 +87,7 @@ class GMP_DSA_Signature_Operation : public PK_Ops::Signature SecureVector<byte> GMP_DSA_Signature_Operation::sign(const byte msg[], u32bit msg_len, - RandomNumberGenerator& rng) const + RandomNumberGenerator& rng) { const u32bit q_bytes = (q_bits + 7) / 8; @@ -139,14 +139,14 @@ class GMP_DSA_Verification_Operation : public PK_Ops::Verification bool with_recovery() const { return false; } bool verify(const byte msg[], u32bit msg_len, - const byte sig[], u32bit sig_len) const; + const byte sig[], u32bit sig_len); private: const GMP_MPZ y, p, q, g; u32bit q_bits; }; bool GMP_DSA_Verification_Operation::verify(const byte msg[], u32bit msg_len, - const byte sig[], u32bit sig_len) const + const byte sig[], u32bit sig_len) { const u32bit q_bytes = q.bytes(); @@ -205,14 +205,14 @@ class GMP_RSA_Private_Operation : public PK_Ops::Signature, u32bit max_input_bits() const { return (n_bits - 1); } SecureVector<byte> sign(const byte msg[], u32bit msg_len, - RandomNumberGenerator& rng) const + RandomNumberGenerator&) { BigInt m(msg, msg_len); BigInt x = private_op(m); return BigInt::encode_1363(x, (n_bits + 7) / 8); } - SecureVector<byte> decrypt(const byte msg[], u32bit msg_len) const + SecureVector<byte> decrypt(const byte msg[], u32bit msg_len) { BigInt m(msg, msg_len); return BigInt::encode(private_op(m)); @@ -251,13 +251,13 @@ class GMP_RSA_Public_Operation : public PK_Ops::Verification, bool with_recovery() const { return true; } SecureVector<byte> encrypt(const byte msg[], u32bit msg_len, - RandomNumberGenerator&) const + RandomNumberGenerator&) { BigInt m(msg, msg_len); return BigInt::encode_1363(public_op(m), n.bytes()); } - SecureVector<byte> verify_mr(const byte msg[], u32bit msg_len) const + SecureVector<byte> verify_mr(const byte msg[], u32bit msg_len) { BigInt m(msg, msg_len); return BigInt::encode(public_op(m)); diff --git a/src/engine/openssl/openssl_pk.cpp b/src/engine/openssl/openssl_pk.cpp index ebc2bdd82..8b8e83ebe 100644 --- a/src/engine/openssl/openssl_pk.cpp +++ b/src/engine/openssl/openssl_pk.cpp @@ -43,7 +43,7 @@ class OSSL_DH_KA_Operation : public PK_Ops::Key_Agreement OSSL_DH_KA_Operation(const DH_PrivateKey& dh) : x(dh.get_x()), p(dh.group_p()) {} - SecureVector<byte> agree(const byte w[], u32bit w_len) const + SecureVector<byte> agree(const byte w[], u32bit w_len) { OSSL_BN i(w, w_len), r; BN_mod_exp(r.value, i.value, x.value, p.value, ctx.value); @@ -73,7 +73,7 @@ class OSSL_DSA_Signature_Operation : public PK_Ops::Signature u32bit max_input_bits() const { return q_bits; } SecureVector<byte> sign(const byte msg[], u32bit msg_len, - RandomNumberGenerator& rng) const; + RandomNumberGenerator& rng); private: const OSSL_BN x, p, q, g; const OSSL_BN_CTX ctx; @@ -82,7 +82,7 @@ class OSSL_DSA_Signature_Operation : public PK_Ops::Signature SecureVector<byte> OSSL_DSA_Signature_Operation::sign(const byte msg[], u32bit msg_len, - RandomNumberGenerator& rng) const + RandomNumberGenerator& rng) { const u32bit q_bytes = (q_bits + 7) / 8; @@ -133,7 +133,7 @@ class OSSL_DSA_Verification_Operation : public PK_Ops::Verification bool with_recovery() const { return false; } bool verify(const byte msg[], u32bit msg_len, - const byte sig[], u32bit sig_len) const; + const byte sig[], u32bit sig_len); private: const OSSL_BN y, p, q, g; const OSSL_BN_CTX ctx; @@ -141,7 +141,7 @@ class OSSL_DSA_Verification_Operation : public PK_Ops::Verification }; bool OSSL_DSA_Verification_Operation::verify(const byte msg[], u32bit msg_len, - const byte sig[], u32bit sig_len) const + const byte sig[], u32bit sig_len) { const u32bit q_bytes = q.bytes(); @@ -199,14 +199,14 @@ class OSSL_RSA_Private_Operation : public PK_Ops::Signature, u32bit max_input_bits() const { return (n_bits - 1); } SecureVector<byte> sign(const byte msg[], u32bit msg_len, - RandomNumberGenerator& rng) const + RandomNumberGenerator& rng) { BigInt m(msg, msg_len); BigInt x = private_op(m); return BigInt::encode_1363(x, (n_bits + 7) / 8); } - SecureVector<byte> decrypt(const byte msg[], u32bit msg_len) const + SecureVector<byte> decrypt(const byte msg[], u32bit msg_len) { BigInt m(msg, msg_len); return BigInt::encode(private_op(m)); @@ -234,7 +234,7 @@ BigInt OSSL_RSA_Private_Operation::private_op(const BigInt& m) const } class OSSL_RSA_Public_Operation : public PK_Ops::Verification, - public PK_Ops::Encryption + public PK_Ops::Encryption { public: OSSL_RSA_Public_Operation(const RSA_PublicKey& rsa) : @@ -245,13 +245,13 @@ class OSSL_RSA_Public_Operation : public PK_Ops::Verification, bool with_recovery() const { return true; } SecureVector<byte> encrypt(const byte msg[], u32bit msg_len, - RandomNumberGenerator&) const + RandomNumberGenerator&) { BigInt m(msg, msg_len); return BigInt::encode_1363(public_op(m), n.bytes()); } - SecureVector<byte> verify_mr(const byte msg[], u32bit msg_len) const + SecureVector<byte> verify_mr(const byte msg[], u32bit msg_len) { BigInt m(msg, msg_len); return BigInt::encode(public_op(m)); diff --git a/src/math/numbertheory/pow_mod.cpp b/src/math/numbertheory/pow_mod.cpp index 96c978d68..5ab5638ea 100644 --- a/src/math/numbertheory/pow_mod.cpp +++ b/src/math/numbertheory/pow_mod.cpp @@ -114,7 +114,7 @@ BigInt Power_Mod::execute() const /* * Try to choose a good window size */ -u32bit Power_Mod::window_bits(u32bit exp_bits, u32bit base_bits, +u32bit Power_Mod::window_bits(u32bit exp_bits, u32bit, Power_Mod::Usage_Hints hints) { static const u32bit wsize[][2] = { diff --git a/src/pubkey/blinding.h b/src/pubkey/blinding.h index d1d9a8875..3398f8c6f 100644 --- a/src/pubkey/blinding.h +++ b/src/pubkey/blinding.h @@ -22,6 +22,8 @@ class BOTAN_DLL Blinder BigInt blind(const BigInt& x) const; BigInt unblind(const BigInt& x) const; + bool initialized() const { return reducer.initialized(); } + /** * Choose a nonce to use for blinding * @param x a secret seed value diff --git a/src/pubkey/dh/dh.cpp b/src/pubkey/dh/dh.cpp index a99506250..b491be7bc 100644 --- a/src/pubkey/dh/dh.cpp +++ b/src/pubkey/dh/dh.cpp @@ -78,11 +78,11 @@ MemoryVector<byte> DH_PrivateKey::public_value() const DH_KA_Operation::DH_KA_Operation(const DH_PrivateKey& dh) : p(dh.group_p()), powermod_x_p(dh.get_x(), p) { - BigInt k = Blinder::choose_nonce(dh.get_x(), p); + BigInt k = Blinder::choose_nonce(powermod_x_p(2), p); blinder = Blinder(k, powermod_x_p(inverse_mod(k, p)), p); } -SecureVector<byte> DH_KA_Operation::agree(const byte w[], u32bit w_len) const +SecureVector<byte> DH_KA_Operation::agree(const byte w[], u32bit w_len) { BigInt input = BigInt::decode(w, w_len); diff --git a/src/pubkey/dh/dh.h b/src/pubkey/dh/dh.h index 0cc2aaabc..738b3f9c4 100644 --- a/src/pubkey/dh/dh.h +++ b/src/pubkey/dh/dh.h @@ -80,7 +80,7 @@ class BOTAN_DLL DH_KA_Operation : public PK_Ops::Key_Agreement public: DH_KA_Operation(const DH_PrivateKey& key); - SecureVector<byte> agree(const byte w[], u32bit w_len) const; + SecureVector<byte> agree(const byte w[], u32bit w_len); private: const BigInt& p; diff --git a/src/pubkey/dsa/dsa.cpp b/src/pubkey/dsa/dsa.cpp index bd9641856..feac712b8 100644 --- a/src/pubkey/dsa/dsa.cpp +++ b/src/pubkey/dsa/dsa.cpp @@ -86,7 +86,7 @@ DSA_Signature_Operation::DSA_Signature_Operation(const DSA_PrivateKey& dsa) : SecureVector<byte> DSA_Signature_Operation::sign(const byte msg[], u32bit msg_len, - RandomNumberGenerator& rng) const + RandomNumberGenerator& rng) { rng.add_entropy(msg, msg_len); @@ -119,7 +119,7 @@ DSA_Verification_Operation::DSA_Verification_Operation(const DSA_PublicKey& dsa) } bool DSA_Verification_Operation::verify(const byte msg[], u32bit msg_len, - const byte sig[], u32bit sig_len) const + const byte sig[], u32bit sig_len) { const BigInt& q = mod_q.get_modulus(); diff --git a/src/pubkey/dsa/dsa.h b/src/pubkey/dsa/dsa.h index a57cbfcae..8121cfbbc 100644 --- a/src/pubkey/dsa/dsa.h +++ b/src/pubkey/dsa/dsa.h @@ -67,7 +67,7 @@ class BOTAN_DLL DSA_Signature_Operation : public PK_Ops::Signature u32bit max_input_bits() const { return q.bits(); } SecureVector<byte> sign(const byte msg[], u32bit msg_len, - RandomNumberGenerator& rng) const; + RandomNumberGenerator& rng); private: const BigInt& q; const BigInt& x; @@ -87,7 +87,7 @@ class BOTAN_DLL DSA_Verification_Operation : public PK_Ops::Verification bool with_recovery() const { return false; } bool verify(const byte msg[], u32bit msg_len, - const byte sig[], u32bit sig_len) const; + const byte sig[], u32bit sig_len); private: const BigInt& q; const BigInt& y; diff --git a/src/pubkey/ecdh/ecdh.cpp b/src/pubkey/ecdh/ecdh.cpp index d3688fa5c..bf8a57b3b 100644 --- a/src/pubkey/ecdh/ecdh.cpp +++ b/src/pubkey/ecdh/ecdh.cpp @@ -19,7 +19,7 @@ ECDH_KA_Operation::ECDH_KA_Operation(const ECDH_PrivateKey& key) : key.private_value(); } -SecureVector<byte> ECDH_KA_Operation::agree(const byte w[], u32bit w_len) const +SecureVector<byte> ECDH_KA_Operation::agree(const byte w[], u32bit w_len) { PointGFp point = OS2ECP(w, w_len, curve); @@ -30,39 +30,4 @@ SecureVector<byte> ECDH_KA_Operation::agree(const byte w[], u32bit w_len) const curve.get_p().bytes()); } -/** -* Derive a key -*/ -SecureVector<byte> ECDH_PrivateKey::derive_key(const byte key[], - u32bit key_len) const - { - PointGFp point = OS2ECP(key, key_len, public_point().get_curve()); - return derive_key(point); - } - -/** -* Derive a key -*/ -SecureVector<byte> ECDH_PrivateKey::derive_key(const ECDH_PublicKey& key) const - { - return derive_key(key.public_point()); - } - -/** -* Derive a key -*/ -SecureVector<byte> ECDH_PrivateKey::derive_key(const PointGFp& point) const - { - const BigInt& cofactor = domain().get_cofactor(); - const BigInt& n = domain().get_order(); - - BigInt l = inverse_mod(cofactor, n); // can precompute this - - PointGFp S = (cofactor * point) * (private_value() * l); - S.check_invariants(); - - return BigInt::encode_1363(S.get_affine_x(), - point.get_curve().get_p().bytes()); - } - } diff --git a/src/pubkey/ecdh/ecdh.h b/src/pubkey/ecdh/ecdh.h index ef589d982..d670361f6 100644 --- a/src/pubkey/ecdh/ecdh.h +++ b/src/pubkey/ecdh/ecdh.h @@ -76,25 +76,6 @@ class BOTAN_DLL ECDH_PrivateKey : public ECDH_PublicKey, MemoryVector<byte> public_value() const { return EC2OSP(public_point(), PointGFp::UNCOMPRESSED); } - private: - /** - * Derive a shared key with the other parties public key. - * @param key the other partys public key - * @param key_len the other partys public key - */ - SecureVector<byte> derive_key(const byte key[], u32bit key_len) const; - - /** - * Derive a shared key with the other parties public key. - * @param other the other partys public key - */ - SecureVector<byte> derive_key(const ECDH_PublicKey& other) const; - - /** - * Derive a shared key with the other parties public key. - * @param point the public point of the other parties key - */ - SecureVector<byte> derive_key(const PointGFp& point) const; }; /** @@ -105,7 +86,7 @@ class BOTAN_DLL ECDH_KA_Operation : public PK_Ops::Key_Agreement public: ECDH_KA_Operation(const ECDH_PrivateKey& key); - SecureVector<byte> agree(const byte w[], u32bit w_len) const; + SecureVector<byte> agree(const byte w[], u32bit w_len); private: const CurveGFp& curve; const BigInt& cofactor; diff --git a/src/pubkey/ecdsa/ecdsa.cpp b/src/pubkey/ecdsa/ecdsa.cpp index 95dc99e67..afca6cc73 100644 --- a/src/pubkey/ecdsa/ecdsa.cpp +++ b/src/pubkey/ecdsa/ecdsa.cpp @@ -20,7 +20,7 @@ ECDSA_Signature_Operation::ECDSA_Signature_Operation(const ECDSA_PrivateKey& ecd SecureVector<byte> ECDSA_Signature_Operation::sign(const byte msg[], u32bit msg_len, - RandomNumberGenerator& rng) const + RandomNumberGenerator& rng) { rng.add_entropy(msg, msg_len); @@ -56,7 +56,7 @@ ECDSA_Verification_Operation::ECDSA_Verification_Operation(const ECDSA_PublicKey } bool ECDSA_Verification_Operation::verify(const byte msg[], u32bit msg_len, - const byte sig[], u32bit sig_len) const + const byte sig[], u32bit sig_len) { if(sig_len != order.bytes()*2) return false; diff --git a/src/pubkey/ecdsa/ecdsa.h b/src/pubkey/ecdsa/ecdsa.h index 7ea135896..e20a234fc 100644 --- a/src/pubkey/ecdsa/ecdsa.h +++ b/src/pubkey/ecdsa/ecdsa.h @@ -92,7 +92,7 @@ class BOTAN_DLL ECDSA_Signature_Operation : public PK_Ops::Signature ECDSA_Signature_Operation(const ECDSA_PrivateKey& ecdsa); SecureVector<byte> sign(const byte msg[], u32bit msg_len, - RandomNumberGenerator& rng) const; + RandomNumberGenerator& rng); u32bit message_parts() const { return 2; } u32bit message_part_size() const { return order.bytes(); } @@ -116,7 +116,7 @@ class BOTAN_DLL ECDSA_Verification_Operation : public PK_Ops::Verification bool with_recovery() const { return false; } bool verify(const byte msg[], u32bit msg_len, - const byte sig[], u32bit sig_len) const; + const byte sig[], u32bit sig_len); private: const PointGFp& base_point; const PointGFp& public_point; diff --git a/src/pubkey/elgamal/elgamal.cpp b/src/pubkey/elgamal/elgamal.cpp index f55aeaa4c..b9c4803f3 100644 --- a/src/pubkey/elgamal/elgamal.cpp +++ b/src/pubkey/elgamal/elgamal.cpp @@ -91,7 +91,7 @@ ElGamal_Encryption_Operation::ElGamal_Encryption_Operation(const ElGamal_PublicK SecureVector<byte> ElGamal_Encryption_Operation::encrypt(const byte msg[], u32bit msg_len, - RandomNumberGenerator& rng) const + RandomNumberGenerator& rng) { const BigInt& p = mod_p.get_modulus(); @@ -118,12 +118,12 @@ ElGamal_Decryption_Operation::ElGamal_Decryption_Operation(const ElGamal_Private powermod_x_p = Fixed_Exponent_Power_Mod(key.get_x(), p); mod_p = Modular_Reducer(p); - BigInt k = Blinder::choose_nonce(key.get_x(), p); + BigInt k = Blinder::choose_nonce(powermod_x_p(2), p); blinder = Blinder(k, powermod_x_p(k), p); } SecureVector<byte> -ElGamal_Decryption_Operation::decrypt(const byte msg[], u32bit msg_len) const +ElGamal_Decryption_Operation::decrypt(const byte msg[], u32bit msg_len) { const BigInt& p = mod_p.get_modulus(); diff --git a/src/pubkey/elgamal/elgamal.h b/src/pubkey/elgamal/elgamal.h index c94779e96..143b417ec 100644 --- a/src/pubkey/elgamal/elgamal.h +++ b/src/pubkey/elgamal/elgamal.h @@ -63,7 +63,7 @@ class BOTAN_DLL ElGamal_Encryption_Operation : public PK_Ops::Encryption ElGamal_Encryption_Operation(const ElGamal_PublicKey& key); SecureVector<byte> encrypt(const byte msg[], u32bit msg_len, - RandomNumberGenerator& rng) const; + RandomNumberGenerator& rng); private: Fixed_Base_Power_Mod powermod_g_p, powermod_y_p; @@ -77,7 +77,7 @@ class BOTAN_DLL ElGamal_Decryption_Operation : public PK_Ops::Decryption ElGamal_Decryption_Operation(const ElGamal_PrivateKey& key); - SecureVector<byte> decrypt(const byte msg[], u32bit msg_len) const; + SecureVector<byte> decrypt(const byte msg[], u32bit msg_len); private: Fixed_Exponent_Power_Mod powermod_x_p; Modular_Reducer mod_p; diff --git a/src/pubkey/nr/nr.cpp b/src/pubkey/nr/nr.cpp index 8a1b8c261..cf59615da 100644 --- a/src/pubkey/nr/nr.cpp +++ b/src/pubkey/nr/nr.cpp @@ -95,7 +95,7 @@ NR_Signature_Operation::NR_Signature_Operation(const NR_PrivateKey& nr) : SecureVector<byte> NR_Signature_Operation::sign(const byte msg[], u32bit msg_len, - RandomNumberGenerator& rng) const + RandomNumberGenerator& rng) { rng.add_entropy(msg, msg_len); @@ -130,7 +130,7 @@ NR_Verification_Operation::NR_Verification_Operation(const NR_PublicKey& nr) : } SecureVector<byte> -NR_Verification_Operation::verify_mr(const byte msg[], u32bit msg_len) const +NR_Verification_Operation::verify_mr(const byte msg[], u32bit msg_len) { const BigInt& q = mod_q.get_modulus(); diff --git a/src/pubkey/nr/nr.h b/src/pubkey/nr/nr.h index 19eac5cc9..bd125ab92 100644 --- a/src/pubkey/nr/nr.h +++ b/src/pubkey/nr/nr.h @@ -65,7 +65,7 @@ class BOTAN_DLL NR_Signature_Operation : public PK_Ops::Signature u32bit max_input_bits() const { return (q.bits() - 1); } SecureVector<byte> sign(const byte msg[], u32bit msg_len, - RandomNumberGenerator& rng) const; + RandomNumberGenerator& rng); private: const BigInt& q; const BigInt& x; @@ -84,7 +84,7 @@ class BOTAN_DLL NR_Verification_Operation : public PK_Ops::Verification bool with_recovery() const { return true; } - SecureVector<byte> verify_mr(const byte msg[], u32bit msg_len) const; + SecureVector<byte> verify_mr(const byte msg[], u32bit msg_len); private: const BigInt& q; const BigInt& y; diff --git a/src/pubkey/pk_ops.h b/src/pubkey/pk_ops.h index bf846d69f..97ba372c2 100644 --- a/src/pubkey/pk_ops.h +++ b/src/pubkey/pk_ops.h @@ -21,7 +21,7 @@ class BOTAN_DLL Encryption virtual u32bit max_input_bits() const = 0; virtual SecureVector<byte> encrypt(const byte msg[], u32bit msg_len, - RandomNumberGenerator& rng) const = 0; + RandomNumberGenerator& rng) = 0; virtual ~Encryption() {} }; @@ -32,7 +32,7 @@ class BOTAN_DLL Decryption virtual u32bit max_input_bits() const = 0; virtual SecureVector<byte> decrypt(const byte msg[], - u32bit msg_len) const = 0; + u32bit msg_len) = 0; virtual ~Decryption() {} }; @@ -64,9 +64,8 @@ class BOTAN_DLL Signature * @param msg_len the length of msg in bytes * @param rng a random number generator */ - virtual SecureVector<byte> - sign(const byte msg[], u32bit msg_len, - RandomNumberGenerator& rng) const = 0; + virtual SecureVector<byte> sign(const byte msg[], u32bit msg_len, + RandomNumberGenerator& rng) = 0; virtual ~Signature() {} }; @@ -107,7 +106,7 @@ class BOTAN_DLL Verification * @returns if signature is a valid one for message */ virtual bool verify(const byte[], u32bit, - const byte[], u32bit) const + const byte[], u32bit) { throw Invalid_State("Message recovery required"); } @@ -120,7 +119,7 @@ class BOTAN_DLL Verification * @returns recovered message */ virtual SecureVector<byte> verify_mr(const byte[], - u32bit) const + u32bit) { throw Invalid_State("Message recovery not supported"); } @@ -140,7 +139,7 @@ class BOTAN_DLL Key_Agreement * @param w_len the length of w in bytes * @returns the agreed key */ - virtual SecureVector<byte> agree(const byte w[], u32bit w_len) const = 0; + virtual SecureVector<byte> agree(const byte w[], u32bit w_len) = 0; virtual ~Key_Agreement() {} }; diff --git a/src/pubkey/pubkey.h b/src/pubkey/pubkey.h index d8964e1e7..c31aed67b 100644 --- a/src/pubkey/pubkey.h +++ b/src/pubkey/pubkey.h @@ -402,7 +402,7 @@ class BOTAN_DLL PK_Encryptor_EME : public PK_Encryptor SecureVector<byte> enc(const byte[], u32bit, RandomNumberGenerator& rng) const; - const PK_Ops::Encryption* op; + PK_Ops::Encryption* op; const EME* eme; }; @@ -424,7 +424,7 @@ class BOTAN_DLL PK_Decryptor_EME : public PK_Decryptor private: SecureVector<byte> dec(const byte[], u32bit) const; - const PK_Ops::Decryption* op; + PK_Ops::Decryption* op; const EME* eme; }; diff --git a/src/pubkey/rsa/rsa.cpp b/src/pubkey/rsa/rsa.cpp index 5047fdf7a..b278ade52 100644 --- a/src/pubkey/rsa/rsa.cpp +++ b/src/pubkey/rsa/rsa.cpp @@ -80,7 +80,7 @@ RSA_Private_Operation::RSA_Private_Operation(const RSA_PrivateKey& rsa) : powermod_d2_q(rsa.get_d2(), rsa.get_q()), mod_p(rsa.get_p()) { - BigInt k = Blinder::choose_nonce(rsa.get_d(), n); + BigInt k = Blinder::choose_nonce(powermod_e_n(q), n); blinder = Blinder(powermod_e_n(k), inverse_mod(k, n), n); } @@ -99,8 +99,13 @@ BigInt RSA_Private_Operation::private_op(const BigInt& m) const SecureVector<byte> RSA_Private_Operation::sign(const byte msg[], u32bit msg_len, - RandomNumberGenerator&) const + RandomNumberGenerator& rng) { + /* We don't check signatures against powermod_e_n here because + PK_Signer checks verification consistency for all signature + algorithms. + */ + BigInt m(msg, msg_len); BigInt x = blinder.unblind(private_op(blinder.blind(m))); return BigInt::encode_1363(x, n.bytes()); @@ -110,7 +115,7 @@ RSA_Private_Operation::sign(const byte msg[], u32bit msg_len, * RSA Decryption Operation */ SecureVector<byte> -RSA_Private_Operation::decrypt(const byte msg[], u32bit msg_len) const +RSA_Private_Operation::decrypt(const byte msg[], u32bit msg_len) { BigInt m(msg, msg_len); BigInt x = blinder.unblind(private_op(blinder.blind(m))); diff --git a/src/pubkey/rsa/rsa.h b/src/pubkey/rsa/rsa.h index 36f9277ef..72cd80fef 100644 --- a/src/pubkey/rsa/rsa.h +++ b/src/pubkey/rsa/rsa.h @@ -96,9 +96,9 @@ class BOTAN_DLL RSA_Private_Operation : public PK_Ops::Signature, u32bit max_input_bits() const { return (n.bits() - 1); } SecureVector<byte> sign(const byte msg[], u32bit msg_len, - RandomNumberGenerator& rng) const; + RandomNumberGenerator& rng); - SecureVector<byte> decrypt(const byte msg[], u32bit msg_len) const; + SecureVector<byte> decrypt(const byte msg[], u32bit msg_len); private: BigInt private_op(const BigInt& m) const; @@ -123,13 +123,13 @@ class BOTAN_DLL RSA_Public_Operation : public PK_Ops::Verification, bool with_recovery() const { return true; } SecureVector<byte> encrypt(const byte msg[], u32bit msg_len, - RandomNumberGenerator&) const + RandomNumberGenerator&) { BigInt m(msg, msg_len); return BigInt::encode_1363(public_op(m), n.bytes()); } - SecureVector<byte> verify_mr(const byte msg[], u32bit msg_len) const + SecureVector<byte> verify_mr(const byte msg[], u32bit msg_len) { BigInt m(msg, msg_len); return BigInt::encode(public_op(m)); diff --git a/src/pubkey/rw/rw.cpp b/src/pubkey/rw/rw.cpp index af2b849ff..508244112 100644 --- a/src/pubkey/rw/rw.cpp +++ b/src/pubkey/rw/rw.cpp @@ -74,21 +74,26 @@ bool RW_PrivateKey::check_key(RandomNumberGenerator& rng, bool strong) const } RW_Signature_Operation::RW_Signature_Operation(const RW_PrivateKey& rw) : + n(rw.get_n()), + e(rw.get_e()), q(rw.get_q()), c(rw.get_c()), - n(rw.get_n()), powermod_d1_p(rw.get_d1(), rw.get_p()), powermod_d2_q(rw.get_d2(), rw.get_q()), mod_p(rw.get_p()) { - BigInt k = Blinder::choose_nonce(rw.get_d(), n); - blinder = Blinder(power_mod(k, rw.get_e(), n), inverse_mod(k, n), n); } SecureVector<byte> RW_Signature_Operation::sign(const byte msg[], u32bit msg_len, - RandomNumberGenerator&) const + RandomNumberGenerator& rng) { + if(!blinder.initialized()) + { + BigInt k(rng, n.bits() / 2); + blinder = Blinder(power_mod(k, e, n), inverse_mod(k, n), n); + } + BigInt i(msg, msg_len); if(i >= n || i % 16 != 12) @@ -111,7 +116,7 @@ RW_Signature_Operation::sign(const byte msg[], u32bit msg_len, } SecureVector<byte> -RW_Verification_Operation::verify_mr(const byte msg[], u32bit msg_len) const +RW_Verification_Operation::verify_mr(const byte msg[], u32bit msg_len) { BigInt m(msg, msg_len); diff --git a/src/pubkey/rw/rw.h b/src/pubkey/rw/rw.h index 25e7be634..3ca9bb722 100644 --- a/src/pubkey/rw/rw.h +++ b/src/pubkey/rw/rw.h @@ -66,11 +66,12 @@ class BOTAN_DLL RW_Signature_Operation : public PK_Ops::Signature u32bit max_input_bits() const { return (n.bits() - 1); } SecureVector<byte> sign(const byte msg[], u32bit msg_len, - RandomNumberGenerator& rng) const; + RandomNumberGenerator& rng); private: + const BigInt& n; + const BigInt& e; const BigInt& q; const BigInt& c; - const BigInt& n; Fixed_Exponent_Power_Mod powermod_d1_p, powermod_d2_q; Modular_Reducer mod_p; @@ -87,7 +88,7 @@ class BOTAN_DLL RW_Verification_Operation : public PK_Ops::Verification u32bit max_input_bits() const { return (n.bits() - 1); } bool with_recovery() const { return true; } - SecureVector<byte> verify_mr(const byte msg[], u32bit msg_len) const; + SecureVector<byte> verify_mr(const byte msg[], u32bit msg_len); private: const BigInt& n; |