10#include <botan/keypair.h>
11#include <botan/reducer.h>
13#include <botan/divide.h>
14#include <botan/internal/pk_ops_impl.h>
16#if defined(BOTAN_HAS_RFC6979_GENERATOR)
17 #include <botan/emsa.h>
18 #include <botan/rfc6979.h>
79 const std::string& emsa,
81 PK_Ops::Signature_with_EMSA(emsa),
82 m_group(dsa.get_group()),
85#if defined(BOTAN_HAS_RFC6979_GENERATOR)
90 m_b_inv = m_group.inverse_mod_q(m_b);
93 size_t signature_length()
const override {
return 2*m_group.q_bytes(); }
94 size_t max_input_bits()
const override {
return m_group.q_bits(); }
96 secure_vector<uint8_t> raw_sign(
const uint8_t msg[],
size_t msg_len,
97 RandomNumberGenerator& rng)
override;
99 const DL_Group m_group;
101#if defined(BOTAN_HAS_RFC6979_GENERATOR)
102 std::string m_rfc6979_hash;
108secure_vector<uint8_t>
109DSA_Signature_Operation::raw_sign(
const uint8_t msg[],
size_t msg_len,
110 RandomNumberGenerator& rng)
112 const BigInt& q = m_group.
get_q();
114 BigInt m(msg, msg_len, m_group.
q_bits());
119#if defined(BOTAN_HAS_RFC6979_GENERATOR)
151 if(r.is_zero() || s.is_zero())
160class DSA_Verification_Operation
final :
public PK_Ops::Verification_with_EMSA
163 DSA_Verification_Operation(
const DSA_PublicKey& dsa,
164 const std::string& emsa) :
165 PK_Ops::Verification_with_EMSA(emsa),
166 m_group(dsa.get_group()),
171 size_t max_input_bits()
const override {
return m_group.q_bits(); }
173 bool with_recovery()
const override {
return false; }
175 bool verify(
const uint8_t msg[],
size_t msg_len,
176 const uint8_t sig[],
size_t sig_len)
override;
178 const DL_Group m_group;
182bool DSA_Verification_Operation::verify(
const uint8_t msg[],
size_t msg_len,
183 const uint8_t sig[],
size_t sig_len)
185 const BigInt& q = m_group.
get_q();
186 const size_t q_bytes = q.
bytes();
188 if(sig_len != 2*q_bytes || msg_len > q_bytes)
191 BigInt r(sig, q_bytes);
192 BigInt s(sig + q_bytes, q_bytes);
193 BigInt i(msg, msg_len, q.bits());
195 if(r <= 0 || r >= q || s <= 0 || s >= q)
206 return (s % m_group.
get_q() == r);
211std::unique_ptr<PK_Ops::Verification>
213 const std::string& provider)
const
215 if(provider ==
"base" || provider.empty())
216 return std::unique_ptr<PK_Ops::Verification>(
new DSA_Verification_Operation(*
this, params));
220std::unique_ptr<PK_Ops::Signature>
222 const std::string& params,
223 const std::string& provider)
const
225 if(provider ==
"base" || provider.empty())
226 return std::unique_ptr<PK_Ops::Signature>(
new DSA_Signature_Operation(*
this, params, rng));
#define BOTAN_UNUSED(...)
static BigInt random_integer(RandomNumberGenerator &rng, const BigInt &min, const BigInt &max)
static secure_vector< uint8_t > encode_fixed_length_int_pair(const BigInt &n1, const BigInt &n2, size_t bytes)
BigInt power_g_p(const BigInt &x) const
BigInt multi_exponentiate(const BigInt &x, const BigInt &y, const BigInt &z) const
BigInt square_mod_q(const BigInt &x) const
BigInt inverse_mod_q(const BigInt &x) const
BigInt multiply_mod_q(const BigInt &x, const BigInt &y) const
BigInt mod_q(const BigInt &x) const
const BigInt & get_q() const
bool check_key(RandomNumberGenerator &rng, bool) const override
const BigInt & group_q() const
bool check_key(RandomNumberGenerator &rng, bool strong) const override
DSA_PrivateKey(const AlgorithmIdentifier &alg_id, const secure_vector< uint8_t > &key_bits)
std::unique_ptr< PK_Ops::Signature > create_signature_op(RandomNumberGenerator &rng, const std::string ¶ms, const std::string &provider) const override
std::unique_ptr< PK_Ops::Verification > create_verification_op(const std::string ¶ms, const std::string &provider) const override
std::string algo_name() const override
int(* final)(unsigned char *, CTX *)
bool signature_consistency_check(RandomNumberGenerator &rng, const Private_Key &private_key, const Public_Key &public_key, const std::string &padding)
std::string hash_for_emsa(const std::string &algo_spec)
BigInt generate_rfc6979_nonce(const BigInt &x, const BigInt &q, const BigInt &h, const std::string &hash)
BigInt inverse_mod(const BigInt &n, const BigInt &mod)
std::vector< T, secure_allocator< T > > secure_vector
BigInt ct_modulo(const BigInt &x, const BigInt &y)