Botan  2.8.0
Crypto and TLS for C++11
rfc6979.cpp
Go to the documentation of this file.
1 /*
2 * RFC 6979 Deterministic Nonce Generator
3 * (C) 2014,2015 Jack Lloyd
4 *
5 * Botan is released under the Simplified BSD License (see license.txt)
6 */
7 
8 #include <botan/rfc6979.h>
9 #include <botan/hmac_drbg.h>
10 #include <botan/mac.h>
11 
12 namespace Botan {
13 
15  const BigInt& order,
16  const BigInt& x) :
17  m_order(order),
18  m_qlen(m_order.bits()),
19  m_rlen(m_qlen / 8 + (m_qlen % 8 ? 1 : 0)),
20  m_rng_in(m_rlen * 2),
21  m_rng_out(m_rlen)
22  {
23  m_hmac_drbg.reset(new HMAC_DRBG(MessageAuthenticationCode::create("HMAC(" + hash + ")")));
24  BigInt::encode_1363(m_rng_in.data(), m_rlen, x);
25  }
26 
28  {
29  // for ~unique_ptr
30  }
31 
33  {
34  BigInt::encode_1363(&m_rng_in[m_rlen], m_rlen, m);
35  m_hmac_drbg->clear();
36  m_hmac_drbg->initialize_with(m_rng_in.data(), m_rng_in.size());
37 
38  do
39  {
40  m_hmac_drbg->randomize(m_rng_out.data(), m_rng_out.size());
41  m_k.binary_decode(m_rng_out.data(), m_rng_out.size());
42  m_k >>= (8*m_rlen - m_qlen);
43  }
44  while(m_k == 0 || m_k >= m_order);
45 
46  return m_k;
47  }
48 
50  const BigInt& q,
51  const BigInt& h,
52  const std::string& hash)
53  {
54  RFC6979_Nonce_Generator gen(hash, q, x);
55  BigInt k = gen.nonce_for(h);
56  return k;
57  }
58 
59 }
static std::unique_ptr< MessageAuthenticationCode > create(const std::string &algo_spec, const std::string &provider="")
Definition: mac.cpp:46
BigInt generate_rfc6979_nonce(const BigInt &x, const BigInt &q, const BigInt &h, const std::string &hash)
Definition: rfc6979.cpp:49
Definition: alg_id.cpp:13
RFC6979_Nonce_Generator(const std::string &hash, const BigInt &order, const BigInt &x)
Definition: rfc6979.cpp:14
void binary_decode(const uint8_t buf[], size_t length)
Definition: bigint.cpp:327
static secure_vector< uint8_t > encode_1363(const BigInt &n, size_t bytes)
Definition: big_code.cpp:124
MechanismType hash
const BigInt & nonce_for(const BigInt &m)
Definition: rfc6979.cpp:32