/src/botan/src/lib/pubkey/rfc6979/rfc6979.cpp
Line | Count | Source (jump to first uncovered line) |
1 | | /* |
2 | | * RFC 6979 Deterministic Nonce Generator |
3 | | * (C) 2014,2015 Jack Lloyd |
4 | | * |
5 | | * Botan is released under the Simplified BSD License (see license.txt) |
6 | | */ |
7 | | |
8 | | #include <botan/internal/rfc6979.h> |
9 | | #include <botan/hmac_drbg.h> |
10 | | #include <botan/mac.h> |
11 | | |
12 | | namespace Botan { |
13 | | |
14 | | RFC6979_Nonce_Generator::RFC6979_Nonce_Generator(const std::string& hash, |
15 | | const BigInt& order, |
16 | | const BigInt& x) : |
17 | | m_order(order), |
18 | | m_qlen(m_order.bits()), |
19 | | m_rlen(m_qlen / 8 + (m_qlen % 8 ? 1 : 0)), |
20 | | m_rng_in(m_rlen * 2), |
21 | | m_rng_out(m_rlen) |
22 | 0 | { |
23 | 0 | m_hmac_drbg.reset(new HMAC_DRBG(MessageAuthenticationCode::create("HMAC(" + hash + ")"))); |
24 | 0 | BigInt::encode_1363(m_rng_in.data(), m_rlen, x); |
25 | 0 | } |
26 | | |
27 | | RFC6979_Nonce_Generator::~RFC6979_Nonce_Generator() |
28 | 0 | { |
29 | | // for ~unique_ptr |
30 | 0 | } |
31 | | |
32 | | const BigInt& RFC6979_Nonce_Generator::nonce_for(const BigInt& m) |
33 | 0 | { |
34 | 0 | BigInt::encode_1363(&m_rng_in[m_rlen], m_rlen, m); |
35 | 0 | m_hmac_drbg->clear(); |
36 | 0 | m_hmac_drbg->initialize_with(m_rng_in.data(), m_rng_in.size()); |
37 | |
|
38 | 0 | do |
39 | 0 | { |
40 | 0 | m_hmac_drbg->randomize(m_rng_out.data(), m_rng_out.size()); |
41 | 0 | m_k.binary_decode(m_rng_out.data(), m_rng_out.size()); |
42 | 0 | m_k >>= (8*m_rlen - m_qlen); |
43 | 0 | } |
44 | 0 | while(m_k == 0 || m_k >= m_order); |
45 | |
|
46 | 0 | return m_k; |
47 | 0 | } |
48 | | |
49 | | BigInt generate_rfc6979_nonce(const BigInt& x, |
50 | | const BigInt& q, |
51 | | const BigInt& h, |
52 | | const std::string& hash) |
53 | 0 | { |
54 | 0 | RFC6979_Nonce_Generator gen(hash, q, x); |
55 | 0 | BigInt k = gen.nonce_for(h); |
56 | 0 | return k; |
57 | 0 | } |
58 | | |
59 | | } |