11#include <botan/numthry.h>
12#include <botan/internal/divide.h>
13#include <botan/internal/dl_scheme.h>
14#include <botan/internal/keypair.h>
15#include <botan/internal/pk_ops_impl.h>
17#if defined(BOTAN_HAS_RFC6979_GENERATOR)
18 #include <botan/internal/rfc6979.h>
24 return m_public_key->group().q_bytes();
28 return m_public_key->estimated_strength();
32 return m_public_key->p_bits();
36 return m_public_key->get_int_field(
algo_name(), field);
44 return m_public_key->DER_encode();
48 return m_public_key->check_key(rng, strong);
52 return std::make_unique<DSA_PrivateKey>(rng, m_public_key->group());
58 BOTAN_ARG_CHECK(m_public_key->group().has_q(),
"Q parameter must be set for DSA");
62 m_public_key = std::make_shared<DL_PublicKey>(group, y);
64 BOTAN_ARG_CHECK(m_public_key->group().has_q(),
"Q parameter must be set for DSA");
70 m_private_key = std::make_shared<DL_PrivateKey>(group, rng);
71 m_public_key = m_private_key->public_key();
77 m_private_key = std::make_shared<DL_PrivateKey>(group, x);
78 m_public_key = m_private_key->public_key();
83 m_public_key = m_private_key->public_key();
85 BOTAN_ARG_CHECK(m_private_key->group().has_q(),
"Q parameter must be set for DSA");
89 if(!m_private_key->check_key(rng, strong)) {
93 if(m_private_key->private_key() >= m_private_key->group().get_q()) {
101 return m_private_key->DER_encode();
105 return m_private_key->raw_private_key_bits();
109 return m_private_key->get_int_field(
algo_name(), field);
114 return std::unique_ptr<DSA_PublicKey>(
new DSA_PublicKey(m_public_key));
124 DSA_Signature_Operation(
const std::shared_ptr<const DL_PrivateKey>& key,
125 std::string_view emsa,
127 PK_Ops::Signature_with_Hash(emsa), m_key(key) {
129 m_b_inv = m_key->group().inverse_mod_q(m_b);
132 size_t signature_length()
const override {
return 2 * m_key->group().q_bytes(); }
134 secure_vector<uint8_t> raw_sign(
const uint8_t msg[],
size_t msg_len, RandomNumberGenerator& rng)
override;
136 AlgorithmIdentifier algorithm_identifier()
const override;
139 std::shared_ptr<const DL_PrivateKey> m_key;
143AlgorithmIdentifier DSA_Signature_Operation::algorithm_identifier()
const {
144 const std::string full_name =
"DSA/" + hash_function();
145 const OID oid = OID::from_string(full_name);
146 return AlgorithmIdentifier(oid, AlgorithmIdentifier::USE_EMPTY_PARAM);
149secure_vector<uint8_t> DSA_Signature_Operation::raw_sign(
const uint8_t msg[],
151 RandomNumberGenerator& rng) {
152 const DL_Group& group = m_key->group();
153 const BigInt& q = group.get_q();
155 BigInt m = BigInt::from_bytes_with_max_bits(msg, msg_len, group.q_bits());
161#if defined(BOTAN_HAS_RFC6979_GENERATOR)
165 const BigInt k = BigInt::random_integer(rng, 1, q);
168 const BigInt k_inv = group.inverse_mod_q(k);
179 const BigInt r =
ct_modulo(group.power_g_p(k, group.q_bits()), group.get_q());
184 m_b = group.square_mod_q(m_b);
185 m_b_inv = group.square_mod_q(m_b_inv);
187 m = group.multiply_mod_q(m_b, m);
188 const BigInt xr = group.multiply_mod_q(m_b, m_key->private_key(), r);
190 const BigInt s = group.multiply_mod_q(m_b_inv, k_inv, group.mod_q(xr + m));
193 if(r.is_zero() || s.is_zero()) {
197 return BigInt::encode_fixed_length_int_pair(r, s, q.bytes());
203class DSA_Verification_Operation
final :
public PK_Ops::Verification_with_Hash {
205 DSA_Verification_Operation(
const std::shared_ptr<const DL_PublicKey>& key, std::string_view emsa) :
206 PK_Ops::Verification_with_Hash(emsa), m_key(key) {}
208 DSA_Verification_Operation(
const std::shared_ptr<const DL_PublicKey>& key,
const AlgorithmIdentifier& alg_id) :
209 PK_Ops::Verification_with_Hash(alg_id,
"DSA"), m_key(key) {}
211 bool verify(
const uint8_t msg[],
size_t msg_len,
const uint8_t sig[],
size_t sig_len)
override;
214 std::shared_ptr<const DL_PublicKey> m_key;
217bool DSA_Verification_Operation::verify(
const uint8_t msg[],
size_t msg_len,
const uint8_t sig[],
size_t sig_len) {
218 const auto group = m_key->group();
220 const BigInt& q = group.get_q();
221 const size_t q_bytes = q.bytes();
223 if(sig_len != 2 * q_bytes) {
227 BigInt r(sig, q_bytes);
228 BigInt s(sig + q_bytes, q_bytes);
229 BigInt i = BigInt::from_bytes_with_max_bits(msg, msg_len, group.q_bits());
234 if(r <= 0 || r >= q || s <= 0 || s >= q) {
240 const BigInt sr = group.multiply_mod_q(s, r);
241 const BigInt si = group.multiply_mod_q(s, i);
243 s = group.multi_exponentiate(si, m_key->public_key(), sr);
246 return (s % group.get_q() == r);
252 std::string_view provider)
const {
253 if(provider ==
"base" || provider.empty()) {
254 return std::make_unique<DSA_Verification_Operation>(this->m_public_key, params);
261 if(provider ==
"base" || provider.empty()) {
262 return std::make_unique<DSA_Verification_Operation>(this->m_public_key, signature_algorithm);
269 std::string_view params,
270 std::string_view provider)
const {
271 if(provider ==
"base" || provider.empty()) {
272 return std::make_unique<DSA_Signature_Operation>(this->m_private_key, params, rng);
#define BOTAN_ARG_CHECK(expr, msg)
virtual OID object_identifier() const
static BigInt random_integer(RandomNumberGenerator &rng, const BigInt &min, const BigInt &max)
secure_vector< uint8_t > private_key_bits() const override
bool check_key(RandomNumberGenerator &rng, bool strong) const override
std::unique_ptr< PK_Ops::Signature > create_signature_op(RandomNumberGenerator &rng, std::string_view params, std::string_view provider) const override
secure_vector< uint8_t > raw_private_key_bits() const override
std::unique_ptr< Public_Key > public_key() const override
const BigInt & get_int_field(std::string_view field) const override
size_t estimated_strength() const override
size_t message_part_size() const override
std::unique_ptr< PK_Ops::Verification > create_x509_verification_op(const AlgorithmIdentifier &signature_algorithm, std::string_view provider) const override
friend class DSA_PrivateKey
bool check_key(RandomNumberGenerator &rng, bool strong) const override
std::vector< uint8_t > public_key_bits() const override
AlgorithmIdentifier algorithm_identifier() const override
const BigInt & get_int_field(std::string_view field) const override
std::string algo_name() const override
std::unique_ptr< Private_Key > generate_another(RandomNumberGenerator &rng) const final
size_t key_length() const override
std::unique_ptr< PK_Ops::Verification > create_verification_op(std::string_view params, std::string_view provider) const override
int(* final)(unsigned char *, CTX *)
bool signature_consistency_check(RandomNumberGenerator &rng, const Private_Key &private_key, const Public_Key &public_key, std::string_view padding)
BigInt generate_rfc6979_nonce(const BigInt &x, const BigInt &q, const BigInt &h, std::string_view hash)
BigInt ct_modulo(const BigInt &x, const BigInt &y)
std::vector< T, secure_allocator< T > > secure_vector
BigInt inverse_mod(const BigInt &n, const BigInt &mod)