From 535eb4d66574a0a6d49554de40c277512c7fada1 Mon Sep 17 00:00:00 2001 From: lloyd Date: Tue, 9 Mar 2010 14:31:07 +0000 Subject: DSA and NR require certain parameters (which depend on the randomly choosen nonce) not be 0. Previously it would just check and throw an exception if this was the case. Change to generate a new nonce and retry if this happens. --- src/pubkey/dsa/dsa.cpp | 21 ++++++++++++--------- 1 file changed, 12 insertions(+), 9 deletions(-) (limited to 'src/pubkey/dsa') diff --git a/src/pubkey/dsa/dsa.cpp b/src/pubkey/dsa/dsa.cpp index feac712b8..d1f721084 100644 --- a/src/pubkey/dsa/dsa.cpp +++ b/src/pubkey/dsa/dsa.cpp @@ -9,6 +9,8 @@ #include #include +#include + namespace Botan { /* @@ -90,18 +92,19 @@ DSA_Signature_Operation::sign(const byte msg[], u32bit msg_len, { rng.add_entropy(msg, msg_len); - BigInt k; - do - k.randomize(rng, q.bits()); - while(k >= q); - BigInt i(msg, msg_len); + BigInt r = 0, s = 0; - BigInt r = mod_q.reduce(powermod_g_p(k)); - BigInt s = mod_q.multiply(inverse_mod(k, q), mul_add(x, r, i)); + while(r == 0 || s == 0) + { + BigInt k; + do + k.randomize(rng, q.bits()); + while(k >= q); - if(r.is_zero() || s.is_zero()) - throw Internal_Error("DSA signature gen failure: r or s was zero"); + r = mod_q.reduce(powermod_g_p(k)); + s = mod_q.multiply(inverse_mod(k, q), mul_add(x, r, i)); + } SecureVector output(2*q.bytes()); r.binary_encode(output + (output.size() / 2 - r.bytes())); -- cgit v1.2.3