1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
|
/*
* DSA
* (C) 1999-2010 Jack Lloyd
*
* Distributed under the terms of the Botan license
*/
#include <botan/dsa.h>
#include <botan/numthry.h>
#include <botan/keypair.h>
#include <future>
namespace Botan {
/*
* DSA_PublicKey Constructor
*/
DSA_PublicKey::DSA_PublicKey(const DL_Group& grp, const BigInt& y1)
{
group = grp;
y = y1;
}
/*
* Create a DSA private key
*/
DSA_PrivateKey::DSA_PrivateKey(RandomNumberGenerator& rng,
const DL_Group& grp,
const BigInt& x_arg)
{
group = grp;
x = x_arg;
if(x == 0)
x = BigInt::random_integer(rng, 2, group_q() - 1);
y = power_mod(group_g(), x, group_p());
if(x_arg == 0)
gen_check(rng);
else
load_check(rng);
}
DSA_PrivateKey::DSA_PrivateKey(const AlgorithmIdentifier& alg_id,
const MemoryRegion<byte>& key_bits,
RandomNumberGenerator& rng) :
DL_Scheme_PrivateKey(alg_id, key_bits, DL_Group::ANSI_X9_57)
{
y = power_mod(group_g(), x, group_p());
load_check(rng);
}
/*
* Check Private DSA Parameters
*/
bool DSA_PrivateKey::check_key(RandomNumberGenerator& rng, bool strong) const
{
if(!DL_Scheme_PrivateKey::check_key(rng, strong) || x >= group_q())
return false;
if(!strong)
return true;
try
{
PK_Signer this_signer(*this, "EMSA1(SHA-1)");
PK_Verifier this_verifier(*this, "EMSA1(SHA-1)");
KeyPair::check_key(rng, this_signer, this_verifier);
}
catch(Self_Test_Failure)
{
return false;
}
return true;
}
DSA_Signature_Operation::DSA_Signature_Operation(const DSA_PrivateKey& dsa) :
q(dsa.group_q()),
x(dsa.get_x()),
powermod_g_p(dsa.group_g(), dsa.group_p()),
mod_q(dsa.group_q())
{
}
SecureVector<byte>
DSA_Signature_Operation::sign(const byte msg[], u32bit msg_len,
RandomNumberGenerator& rng)
{
rng.add_entropy(msg, msg_len);
BigInt i(msg, msg_len);
BigInt r = 0, s = 0;
while(r == 0 || s == 0)
{
BigInt k;
do
k.randomize(rng, q.bits());
while(k >= q);
auto future_r = std::async(std::launch::async,
[&]() { return mod_q.reduce(powermod_g_p(k)); });
s = inverse_mod(k, q);
r = future_r.get();
s = mod_q.multiply(s, mul_add(x, r, i));
}
SecureVector<byte> output(2*q.bytes());
r.binary_encode(output + (output.size() / 2 - r.bytes()));
s.binary_encode(output + (output.size() - s.bytes()));
return output;
}
DSA_Verification_Operation::DSA_Verification_Operation(const DSA_PublicKey& dsa) :
q(dsa.group_q()), y(dsa.get_y())
{
powermod_g_p = Fixed_Base_Power_Mod(dsa.group_g(), dsa.group_p());
powermod_y_p = Fixed_Base_Power_Mod(y, dsa.group_p());
mod_p = Modular_Reducer(dsa.group_p());
mod_q = Modular_Reducer(dsa.group_q());
}
bool DSA_Verification_Operation::verify(const byte msg[], u32bit msg_len,
const byte sig[], u32bit sig_len)
{
const BigInt& q = mod_q.get_modulus();
if(sig_len != 2*q.bytes() || msg_len > q.bytes())
return false;
BigInt r(sig, q.bytes());
BigInt s(sig + q.bytes(), q.bytes());
BigInt i(msg, msg_len);
if(r <= 0 || r >= q || s <= 0 || s >= q)
return false;
s = inverse_mod(s, q);
auto future_s_i = std::async(std::launch::async,
[&]() { return powermod_g_p(mod_q.multiply(s, i)); });
BigInt s_r = powermod_y_p(mod_q.multiply(s, r));
BigInt s_i = future_s_i.get();
s = mod_p.multiply(s_i, s_r);
return (mod_q.reduce(s) == r);
}
}
|