diff options
Diffstat (limited to 'src/pubkey')
-rw-r--r-- | src/pubkey/blinding.h | 2 | ||||
-rw-r--r-- | src/pubkey/dh/dh.cpp | 4 | ||||
-rw-r--r-- | src/pubkey/dh/dh.h | 2 | ||||
-rw-r--r-- | src/pubkey/dsa/dsa.cpp | 4 | ||||
-rw-r--r-- | src/pubkey/dsa/dsa.h | 4 | ||||
-rw-r--r-- | src/pubkey/ecdh/ecdh.cpp | 37 | ||||
-rw-r--r-- | src/pubkey/ecdh/ecdh.h | 21 | ||||
-rw-r--r-- | src/pubkey/ecdsa/ecdsa.cpp | 4 | ||||
-rw-r--r-- | src/pubkey/ecdsa/ecdsa.h | 4 | ||||
-rw-r--r-- | src/pubkey/elgamal/elgamal.cpp | 6 | ||||
-rw-r--r-- | src/pubkey/elgamal/elgamal.h | 4 | ||||
-rw-r--r-- | src/pubkey/nr/nr.cpp | 4 | ||||
-rw-r--r-- | src/pubkey/nr/nr.h | 4 | ||||
-rw-r--r-- | src/pubkey/pk_ops.h | 15 | ||||
-rw-r--r-- | src/pubkey/pubkey.h | 4 | ||||
-rw-r--r-- | src/pubkey/rsa/rsa.cpp | 11 | ||||
-rw-r--r-- | src/pubkey/rsa/rsa.h | 8 | ||||
-rw-r--r-- | src/pubkey/rw/rw.cpp | 15 | ||||
-rw-r--r-- | src/pubkey/rw/rw.h | 7 |
19 files changed, 59 insertions, 101 deletions
diff --git a/src/pubkey/blinding.h b/src/pubkey/blinding.h index d1d9a8875..3398f8c6f 100644 --- a/src/pubkey/blinding.h +++ b/src/pubkey/blinding.h @@ -22,6 +22,8 @@ class BOTAN_DLL Blinder BigInt blind(const BigInt& x) const; BigInt unblind(const BigInt& x) const; + bool initialized() const { return reducer.initialized(); } + /** * Choose a nonce to use for blinding * @param x a secret seed value diff --git a/src/pubkey/dh/dh.cpp b/src/pubkey/dh/dh.cpp index a99506250..b491be7bc 100644 --- a/src/pubkey/dh/dh.cpp +++ b/src/pubkey/dh/dh.cpp @@ -78,11 +78,11 @@ MemoryVector<byte> DH_PrivateKey::public_value() const DH_KA_Operation::DH_KA_Operation(const DH_PrivateKey& dh) : p(dh.group_p()), powermod_x_p(dh.get_x(), p) { - BigInt k = Blinder::choose_nonce(dh.get_x(), p); + BigInt k = Blinder::choose_nonce(powermod_x_p(2), p); blinder = Blinder(k, powermod_x_p(inverse_mod(k, p)), p); } -SecureVector<byte> DH_KA_Operation::agree(const byte w[], u32bit w_len) const +SecureVector<byte> DH_KA_Operation::agree(const byte w[], u32bit w_len) { BigInt input = BigInt::decode(w, w_len); diff --git a/src/pubkey/dh/dh.h b/src/pubkey/dh/dh.h index 0cc2aaabc..738b3f9c4 100644 --- a/src/pubkey/dh/dh.h +++ b/src/pubkey/dh/dh.h @@ -80,7 +80,7 @@ class BOTAN_DLL DH_KA_Operation : public PK_Ops::Key_Agreement public: DH_KA_Operation(const DH_PrivateKey& key); - SecureVector<byte> agree(const byte w[], u32bit w_len) const; + SecureVector<byte> agree(const byte w[], u32bit w_len); private: const BigInt& p; diff --git a/src/pubkey/dsa/dsa.cpp b/src/pubkey/dsa/dsa.cpp index bd9641856..feac712b8 100644 --- a/src/pubkey/dsa/dsa.cpp +++ b/src/pubkey/dsa/dsa.cpp @@ -86,7 +86,7 @@ DSA_Signature_Operation::DSA_Signature_Operation(const DSA_PrivateKey& dsa) : SecureVector<byte> DSA_Signature_Operation::sign(const byte msg[], u32bit msg_len, - RandomNumberGenerator& rng) const + RandomNumberGenerator& rng) { rng.add_entropy(msg, msg_len); @@ -119,7 +119,7 @@ DSA_Verification_Operation::DSA_Verification_Operation(const DSA_PublicKey& dsa) } bool DSA_Verification_Operation::verify(const byte msg[], u32bit msg_len, - const byte sig[], u32bit sig_len) const + const byte sig[], u32bit sig_len) { const BigInt& q = mod_q.get_modulus(); diff --git a/src/pubkey/dsa/dsa.h b/src/pubkey/dsa/dsa.h index a57cbfcae..8121cfbbc 100644 --- a/src/pubkey/dsa/dsa.h +++ b/src/pubkey/dsa/dsa.h @@ -67,7 +67,7 @@ class BOTAN_DLL DSA_Signature_Operation : public PK_Ops::Signature u32bit max_input_bits() const { return q.bits(); } SecureVector<byte> sign(const byte msg[], u32bit msg_len, - RandomNumberGenerator& rng) const; + RandomNumberGenerator& rng); private: const BigInt& q; const BigInt& x; @@ -87,7 +87,7 @@ class BOTAN_DLL DSA_Verification_Operation : public PK_Ops::Verification bool with_recovery() const { return false; } bool verify(const byte msg[], u32bit msg_len, - const byte sig[], u32bit sig_len) const; + const byte sig[], u32bit sig_len); private: const BigInt& q; const BigInt& y; diff --git a/src/pubkey/ecdh/ecdh.cpp b/src/pubkey/ecdh/ecdh.cpp index d3688fa5c..bf8a57b3b 100644 --- a/src/pubkey/ecdh/ecdh.cpp +++ b/src/pubkey/ecdh/ecdh.cpp @@ -19,7 +19,7 @@ ECDH_KA_Operation::ECDH_KA_Operation(const ECDH_PrivateKey& key) : key.private_value(); } -SecureVector<byte> ECDH_KA_Operation::agree(const byte w[], u32bit w_len) const +SecureVector<byte> ECDH_KA_Operation::agree(const byte w[], u32bit w_len) { PointGFp point = OS2ECP(w, w_len, curve); @@ -30,39 +30,4 @@ SecureVector<byte> ECDH_KA_Operation::agree(const byte w[], u32bit w_len) const curve.get_p().bytes()); } -/** -* Derive a key -*/ -SecureVector<byte> ECDH_PrivateKey::derive_key(const byte key[], - u32bit key_len) const - { - PointGFp point = OS2ECP(key, key_len, public_point().get_curve()); - return derive_key(point); - } - -/** -* Derive a key -*/ -SecureVector<byte> ECDH_PrivateKey::derive_key(const ECDH_PublicKey& key) const - { - return derive_key(key.public_point()); - } - -/** -* Derive a key -*/ -SecureVector<byte> ECDH_PrivateKey::derive_key(const PointGFp& point) const - { - const BigInt& cofactor = domain().get_cofactor(); - const BigInt& n = domain().get_order(); - - BigInt l = inverse_mod(cofactor, n); // can precompute this - - PointGFp S = (cofactor * point) * (private_value() * l); - S.check_invariants(); - - return BigInt::encode_1363(S.get_affine_x(), - point.get_curve().get_p().bytes()); - } - } diff --git a/src/pubkey/ecdh/ecdh.h b/src/pubkey/ecdh/ecdh.h index ef589d982..d670361f6 100644 --- a/src/pubkey/ecdh/ecdh.h +++ b/src/pubkey/ecdh/ecdh.h @@ -76,25 +76,6 @@ class BOTAN_DLL ECDH_PrivateKey : public ECDH_PublicKey, MemoryVector<byte> public_value() const { return EC2OSP(public_point(), PointGFp::UNCOMPRESSED); } - private: - /** - * Derive a shared key with the other parties public key. - * @param key the other partys public key - * @param key_len the other partys public key - */ - SecureVector<byte> derive_key(const byte key[], u32bit key_len) const; - - /** - * Derive a shared key with the other parties public key. - * @param other the other partys public key - */ - SecureVector<byte> derive_key(const ECDH_PublicKey& other) const; - - /** - * Derive a shared key with the other parties public key. - * @param point the public point of the other parties key - */ - SecureVector<byte> derive_key(const PointGFp& point) const; }; /** @@ -105,7 +86,7 @@ class BOTAN_DLL ECDH_KA_Operation : public PK_Ops::Key_Agreement public: ECDH_KA_Operation(const ECDH_PrivateKey& key); - SecureVector<byte> agree(const byte w[], u32bit w_len) const; + SecureVector<byte> agree(const byte w[], u32bit w_len); private: const CurveGFp& curve; const BigInt& cofactor; diff --git a/src/pubkey/ecdsa/ecdsa.cpp b/src/pubkey/ecdsa/ecdsa.cpp index 95dc99e67..afca6cc73 100644 --- a/src/pubkey/ecdsa/ecdsa.cpp +++ b/src/pubkey/ecdsa/ecdsa.cpp @@ -20,7 +20,7 @@ ECDSA_Signature_Operation::ECDSA_Signature_Operation(const ECDSA_PrivateKey& ecd SecureVector<byte> ECDSA_Signature_Operation::sign(const byte msg[], u32bit msg_len, - RandomNumberGenerator& rng) const + RandomNumberGenerator& rng) { rng.add_entropy(msg, msg_len); @@ -56,7 +56,7 @@ ECDSA_Verification_Operation::ECDSA_Verification_Operation(const ECDSA_PublicKey } bool ECDSA_Verification_Operation::verify(const byte msg[], u32bit msg_len, - const byte sig[], u32bit sig_len) const + const byte sig[], u32bit sig_len) { if(sig_len != order.bytes()*2) return false; diff --git a/src/pubkey/ecdsa/ecdsa.h b/src/pubkey/ecdsa/ecdsa.h index 7ea135896..e20a234fc 100644 --- a/src/pubkey/ecdsa/ecdsa.h +++ b/src/pubkey/ecdsa/ecdsa.h @@ -92,7 +92,7 @@ class BOTAN_DLL ECDSA_Signature_Operation : public PK_Ops::Signature ECDSA_Signature_Operation(const ECDSA_PrivateKey& ecdsa); SecureVector<byte> sign(const byte msg[], u32bit msg_len, - RandomNumberGenerator& rng) const; + RandomNumberGenerator& rng); u32bit message_parts() const { return 2; } u32bit message_part_size() const { return order.bytes(); } @@ -116,7 +116,7 @@ class BOTAN_DLL ECDSA_Verification_Operation : public PK_Ops::Verification bool with_recovery() const { return false; } bool verify(const byte msg[], u32bit msg_len, - const byte sig[], u32bit sig_len) const; + const byte sig[], u32bit sig_len); private: const PointGFp& base_point; const PointGFp& public_point; diff --git a/src/pubkey/elgamal/elgamal.cpp b/src/pubkey/elgamal/elgamal.cpp index f55aeaa4c..b9c4803f3 100644 --- a/src/pubkey/elgamal/elgamal.cpp +++ b/src/pubkey/elgamal/elgamal.cpp @@ -91,7 +91,7 @@ ElGamal_Encryption_Operation::ElGamal_Encryption_Operation(const ElGamal_PublicK SecureVector<byte> ElGamal_Encryption_Operation::encrypt(const byte msg[], u32bit msg_len, - RandomNumberGenerator& rng) const + RandomNumberGenerator& rng) { const BigInt& p = mod_p.get_modulus(); @@ -118,12 +118,12 @@ ElGamal_Decryption_Operation::ElGamal_Decryption_Operation(const ElGamal_Private powermod_x_p = Fixed_Exponent_Power_Mod(key.get_x(), p); mod_p = Modular_Reducer(p); - BigInt k = Blinder::choose_nonce(key.get_x(), p); + BigInt k = Blinder::choose_nonce(powermod_x_p(2), p); blinder = Blinder(k, powermod_x_p(k), p); } SecureVector<byte> -ElGamal_Decryption_Operation::decrypt(const byte msg[], u32bit msg_len) const +ElGamal_Decryption_Operation::decrypt(const byte msg[], u32bit msg_len) { const BigInt& p = mod_p.get_modulus(); diff --git a/src/pubkey/elgamal/elgamal.h b/src/pubkey/elgamal/elgamal.h index c94779e96..143b417ec 100644 --- a/src/pubkey/elgamal/elgamal.h +++ b/src/pubkey/elgamal/elgamal.h @@ -63,7 +63,7 @@ class BOTAN_DLL ElGamal_Encryption_Operation : public PK_Ops::Encryption ElGamal_Encryption_Operation(const ElGamal_PublicKey& key); SecureVector<byte> encrypt(const byte msg[], u32bit msg_len, - RandomNumberGenerator& rng) const; + RandomNumberGenerator& rng); private: Fixed_Base_Power_Mod powermod_g_p, powermod_y_p; @@ -77,7 +77,7 @@ class BOTAN_DLL ElGamal_Decryption_Operation : public PK_Ops::Decryption ElGamal_Decryption_Operation(const ElGamal_PrivateKey& key); - SecureVector<byte> decrypt(const byte msg[], u32bit msg_len) const; + SecureVector<byte> decrypt(const byte msg[], u32bit msg_len); private: Fixed_Exponent_Power_Mod powermod_x_p; Modular_Reducer mod_p; diff --git a/src/pubkey/nr/nr.cpp b/src/pubkey/nr/nr.cpp index 8a1b8c261..cf59615da 100644 --- a/src/pubkey/nr/nr.cpp +++ b/src/pubkey/nr/nr.cpp @@ -95,7 +95,7 @@ NR_Signature_Operation::NR_Signature_Operation(const NR_PrivateKey& nr) : SecureVector<byte> NR_Signature_Operation::sign(const byte msg[], u32bit msg_len, - RandomNumberGenerator& rng) const + RandomNumberGenerator& rng) { rng.add_entropy(msg, msg_len); @@ -130,7 +130,7 @@ NR_Verification_Operation::NR_Verification_Operation(const NR_PublicKey& nr) : } SecureVector<byte> -NR_Verification_Operation::verify_mr(const byte msg[], u32bit msg_len) const +NR_Verification_Operation::verify_mr(const byte msg[], u32bit msg_len) { const BigInt& q = mod_q.get_modulus(); diff --git a/src/pubkey/nr/nr.h b/src/pubkey/nr/nr.h index 19eac5cc9..bd125ab92 100644 --- a/src/pubkey/nr/nr.h +++ b/src/pubkey/nr/nr.h @@ -65,7 +65,7 @@ class BOTAN_DLL NR_Signature_Operation : public PK_Ops::Signature u32bit max_input_bits() const { return (q.bits() - 1); } SecureVector<byte> sign(const byte msg[], u32bit msg_len, - RandomNumberGenerator& rng) const; + RandomNumberGenerator& rng); private: const BigInt& q; const BigInt& x; @@ -84,7 +84,7 @@ class BOTAN_DLL NR_Verification_Operation : public PK_Ops::Verification bool with_recovery() const { return true; } - SecureVector<byte> verify_mr(const byte msg[], u32bit msg_len) const; + SecureVector<byte> verify_mr(const byte msg[], u32bit msg_len); private: const BigInt& q; const BigInt& y; diff --git a/src/pubkey/pk_ops.h b/src/pubkey/pk_ops.h index bf846d69f..97ba372c2 100644 --- a/src/pubkey/pk_ops.h +++ b/src/pubkey/pk_ops.h @@ -21,7 +21,7 @@ class BOTAN_DLL Encryption virtual u32bit max_input_bits() const = 0; virtual SecureVector<byte> encrypt(const byte msg[], u32bit msg_len, - RandomNumberGenerator& rng) const = 0; + RandomNumberGenerator& rng) = 0; virtual ~Encryption() {} }; @@ -32,7 +32,7 @@ class BOTAN_DLL Decryption virtual u32bit max_input_bits() const = 0; virtual SecureVector<byte> decrypt(const byte msg[], - u32bit msg_len) const = 0; + u32bit msg_len) = 0; virtual ~Decryption() {} }; @@ -64,9 +64,8 @@ class BOTAN_DLL Signature * @param msg_len the length of msg in bytes * @param rng a random number generator */ - virtual SecureVector<byte> - sign(const byte msg[], u32bit msg_len, - RandomNumberGenerator& rng) const = 0; + virtual SecureVector<byte> sign(const byte msg[], u32bit msg_len, + RandomNumberGenerator& rng) = 0; virtual ~Signature() {} }; @@ -107,7 +106,7 @@ class BOTAN_DLL Verification * @returns if signature is a valid one for message */ virtual bool verify(const byte[], u32bit, - const byte[], u32bit) const + const byte[], u32bit) { throw Invalid_State("Message recovery required"); } @@ -120,7 +119,7 @@ class BOTAN_DLL Verification * @returns recovered message */ virtual SecureVector<byte> verify_mr(const byte[], - u32bit) const + u32bit) { throw Invalid_State("Message recovery not supported"); } @@ -140,7 +139,7 @@ class BOTAN_DLL Key_Agreement * @param w_len the length of w in bytes * @returns the agreed key */ - virtual SecureVector<byte> agree(const byte w[], u32bit w_len) const = 0; + virtual SecureVector<byte> agree(const byte w[], u32bit w_len) = 0; virtual ~Key_Agreement() {} }; diff --git a/src/pubkey/pubkey.h b/src/pubkey/pubkey.h index d8964e1e7..c31aed67b 100644 --- a/src/pubkey/pubkey.h +++ b/src/pubkey/pubkey.h @@ -402,7 +402,7 @@ class BOTAN_DLL PK_Encryptor_EME : public PK_Encryptor SecureVector<byte> enc(const byte[], u32bit, RandomNumberGenerator& rng) const; - const PK_Ops::Encryption* op; + PK_Ops::Encryption* op; const EME* eme; }; @@ -424,7 +424,7 @@ class BOTAN_DLL PK_Decryptor_EME : public PK_Decryptor private: SecureVector<byte> dec(const byte[], u32bit) const; - const PK_Ops::Decryption* op; + PK_Ops::Decryption* op; const EME* eme; }; diff --git a/src/pubkey/rsa/rsa.cpp b/src/pubkey/rsa/rsa.cpp index 5047fdf7a..b278ade52 100644 --- a/src/pubkey/rsa/rsa.cpp +++ b/src/pubkey/rsa/rsa.cpp @@ -80,7 +80,7 @@ RSA_Private_Operation::RSA_Private_Operation(const RSA_PrivateKey& rsa) : powermod_d2_q(rsa.get_d2(), rsa.get_q()), mod_p(rsa.get_p()) { - BigInt k = Blinder::choose_nonce(rsa.get_d(), n); + BigInt k = Blinder::choose_nonce(powermod_e_n(q), n); blinder = Blinder(powermod_e_n(k), inverse_mod(k, n), n); } @@ -99,8 +99,13 @@ BigInt RSA_Private_Operation::private_op(const BigInt& m) const SecureVector<byte> RSA_Private_Operation::sign(const byte msg[], u32bit msg_len, - RandomNumberGenerator&) const + RandomNumberGenerator& rng) { + /* We don't check signatures against powermod_e_n here because + PK_Signer checks verification consistency for all signature + algorithms. + */ + BigInt m(msg, msg_len); BigInt x = blinder.unblind(private_op(blinder.blind(m))); return BigInt::encode_1363(x, n.bytes()); @@ -110,7 +115,7 @@ RSA_Private_Operation::sign(const byte msg[], u32bit msg_len, * RSA Decryption Operation */ SecureVector<byte> -RSA_Private_Operation::decrypt(const byte msg[], u32bit msg_len) const +RSA_Private_Operation::decrypt(const byte msg[], u32bit msg_len) { BigInt m(msg, msg_len); BigInt x = blinder.unblind(private_op(blinder.blind(m))); diff --git a/src/pubkey/rsa/rsa.h b/src/pubkey/rsa/rsa.h index 36f9277ef..72cd80fef 100644 --- a/src/pubkey/rsa/rsa.h +++ b/src/pubkey/rsa/rsa.h @@ -96,9 +96,9 @@ class BOTAN_DLL RSA_Private_Operation : public PK_Ops::Signature, u32bit max_input_bits() const { return (n.bits() - 1); } SecureVector<byte> sign(const byte msg[], u32bit msg_len, - RandomNumberGenerator& rng) const; + RandomNumberGenerator& rng); - SecureVector<byte> decrypt(const byte msg[], u32bit msg_len) const; + SecureVector<byte> decrypt(const byte msg[], u32bit msg_len); private: BigInt private_op(const BigInt& m) const; @@ -123,13 +123,13 @@ class BOTAN_DLL RSA_Public_Operation : public PK_Ops::Verification, bool with_recovery() const { return true; } SecureVector<byte> encrypt(const byte msg[], u32bit msg_len, - RandomNumberGenerator&) const + RandomNumberGenerator&) { BigInt m(msg, msg_len); return BigInt::encode_1363(public_op(m), n.bytes()); } - SecureVector<byte> verify_mr(const byte msg[], u32bit msg_len) const + SecureVector<byte> verify_mr(const byte msg[], u32bit msg_len) { BigInt m(msg, msg_len); return BigInt::encode(public_op(m)); diff --git a/src/pubkey/rw/rw.cpp b/src/pubkey/rw/rw.cpp index af2b849ff..508244112 100644 --- a/src/pubkey/rw/rw.cpp +++ b/src/pubkey/rw/rw.cpp @@ -74,21 +74,26 @@ bool RW_PrivateKey::check_key(RandomNumberGenerator& rng, bool strong) const } RW_Signature_Operation::RW_Signature_Operation(const RW_PrivateKey& rw) : + n(rw.get_n()), + e(rw.get_e()), q(rw.get_q()), c(rw.get_c()), - n(rw.get_n()), powermod_d1_p(rw.get_d1(), rw.get_p()), powermod_d2_q(rw.get_d2(), rw.get_q()), mod_p(rw.get_p()) { - BigInt k = Blinder::choose_nonce(rw.get_d(), n); - blinder = Blinder(power_mod(k, rw.get_e(), n), inverse_mod(k, n), n); } SecureVector<byte> RW_Signature_Operation::sign(const byte msg[], u32bit msg_len, - RandomNumberGenerator&) const + RandomNumberGenerator& rng) { + if(!blinder.initialized()) + { + BigInt k(rng, n.bits() / 2); + blinder = Blinder(power_mod(k, e, n), inverse_mod(k, n), n); + } + BigInt i(msg, msg_len); if(i >= n || i % 16 != 12) @@ -111,7 +116,7 @@ RW_Signature_Operation::sign(const byte msg[], u32bit msg_len, } SecureVector<byte> -RW_Verification_Operation::verify_mr(const byte msg[], u32bit msg_len) const +RW_Verification_Operation::verify_mr(const byte msg[], u32bit msg_len) { BigInt m(msg, msg_len); diff --git a/src/pubkey/rw/rw.h b/src/pubkey/rw/rw.h index 25e7be634..3ca9bb722 100644 --- a/src/pubkey/rw/rw.h +++ b/src/pubkey/rw/rw.h @@ -66,11 +66,12 @@ class BOTAN_DLL RW_Signature_Operation : public PK_Ops::Signature u32bit max_input_bits() const { return (n.bits() - 1); } SecureVector<byte> sign(const byte msg[], u32bit msg_len, - RandomNumberGenerator& rng) const; + RandomNumberGenerator& rng); private: + const BigInt& n; + const BigInt& e; const BigInt& q; const BigInt& c; - const BigInt& n; Fixed_Exponent_Power_Mod powermod_d1_p, powermod_d2_q; Modular_Reducer mod_p; @@ -87,7 +88,7 @@ class BOTAN_DLL RW_Verification_Operation : public PK_Ops::Verification u32bit max_input_bits() const { return (n.bits() - 1); } bool with_recovery() const { return true; } - SecureVector<byte> verify_mr(const byte msg[], u32bit msg_len) const; + SecureVector<byte> verify_mr(const byte msg[], u32bit msg_len); private: const BigInt& n; |