diff options
Diffstat (limited to 'src/lib/pubkey/ecdsa/ecdsa.cpp')
| -rw-r--r-- | src/lib/pubkey/ecdsa/ecdsa.cpp | 17 |
1 files changed, 12 insertions, 5 deletions
diff --git a/src/lib/pubkey/ecdsa/ecdsa.cpp b/src/lib/pubkey/ecdsa/ecdsa.cpp index 4a4b0c037..35a119420 100644 --- a/src/lib/pubkey/ecdsa/ecdsa.cpp +++ b/src/lib/pubkey/ecdsa/ecdsa.cpp @@ -3,6 +3,7 @@ * (C) 2007 Manuel Hartl, FlexSecure GmbH * 2007 Falko Strenzke, FlexSecure GmbH * 2008-2010,2015 Jack Lloyd +* 2016 René Korthaus * * Botan is released under the Simplified BSD License (see license.txt) */ @@ -10,7 +11,9 @@ #include <botan/internal/pk_utils.h> #include <botan/ecdsa.h> #include <botan/keypair.h> -#include <botan/rfc6979.h> +#if defined(BOTAN_HAS_RFC6979_GENERATOR) + #include <botan/rfc6979.h> +#endif namespace Botan { @@ -23,7 +26,7 @@ bool ECDSA_PrivateKey::check_key(RandomNumberGenerator& rng, if(!strong) return true; - return KeyPair::signature_consistency_check(rng, *this, "EMSA1(SHA-1)"); + return KeyPair::signature_consistency_check(rng, *this, "EMSA1(SHA-256)"); } namespace { @@ -43,7 +46,7 @@ class ECDSA_Signature_Operation : public PK_Ops::Signature_with_EMSA m_base_point(ecdsa.domain().get_base_point(), m_order), m_x(ecdsa.private_value()), m_mod_order(m_order), - m_hash(hash_for_deterministic_signature(emsa)) + m_emsa(emsa) { } @@ -59,7 +62,7 @@ class ECDSA_Signature_Operation : public PK_Ops::Signature_with_EMSA Blinded_Point_Multiply m_base_point; const BigInt& m_x; Modular_Reducer m_mod_order; - std::string m_hash; + std::string m_emsa; }; secure_vector<byte> @@ -68,7 +71,11 @@ ECDSA_Signature_Operation::raw_sign(const byte msg[], size_t msg_len, { const BigInt m(msg, msg_len); - const BigInt k = generate_rfc6979_nonce(m_x, m_order, m, m_hash); +#if defined(BOTAN_HAS_RFC6979_GENERATOR) + const BigInt k = generate_rfc6979_nonce(m_x, m_order, m, hash_for_deterministic_signature(m_emsa)); +#else + const BigInt k = BigInt::random_integer(rng, 1, m_order); +#endif const PointGFp k_times_P = m_base_point.blinded_multiply(k, rng); const BigInt r = m_mod_order.reduce(k_times_P.get_affine_x()); |