/src/botan/src/lib/math/numbertheory/dsa_gen.cpp

Source (jump to first uncovered line)
/*
* DSA Parameter Generation
* (C) 1999-2007 Jack Lloyd
*
* Botan is released under the Simplified BSD License (see license.txt)
*/

#include <botan/internal/primality.h>
#include <botan/numthry.h>
#include <botan/hash.h>
#include <botan/reducer.h>
#include <botan/rng.h>

namespace Botan {

namespace {

/*
* Check if this size is allowed by FIPS 186-3
*/
bool fips186_3_valid_size(size_t pbits, size_t qbits)
   {
   if(qbits == 160)
      return (pbits == 1024);

   if(qbits == 224)
      return (pbits == 2048);

   if(qbits == 256)
      return (pbits == 2048 || pbits == 3072);

   return false;
   }

// qbits assumed to be a valid size for FIPS param gen
std::string hash_function_for(size_t qbits)
   {
   if(qbits == 160)
      return "SHA-1";

   return "SHA-" + std::to_string(qbits);
   }

}

/*
* Attempt DSA prime generation with given seed
*/
bool generate_dsa_primes(RandomNumberGenerator& rng,
                         BigInt& p, BigInt& q,
                         size_t pbits, size_t qbits,
                         const std::vector<uint8_t>& seed_c,
                         size_t offset)
   {
   if(!fips186_3_valid_size(pbits, qbits))
      throw Invalid_Argument(
         "FIPS 186-3 does not allow DSA domain parameters of " +
         std::to_string(pbits) + "/" + std::to_string(qbits) + " bits long");

   if(seed_c.size() * 8 < qbits)
      throw Invalid_Argument(
         "Generating a DSA parameter set with a " + std::to_string(qbits) +
         " bit long q requires a seed at least as many bits long");

   const std::string hash_name = hash_function_for(qbits);
   std::unique_ptr<HashFunction> hash(HashFunction::create_or_throw(hash_name));

   const size_t HASH_SIZE = hash->output_length();

   class Seed final
      {
      public:
         explicit Seed(const std::vector<uint8_t>& s) : m_seed(s) {}

         const std::vector<uint8_t>& value() const { return m_seed; }

         Seed& operator++()
            {
            for(size_t j = m_seed.size(); j > 0; --j)
               if(++m_seed[j-1])
                  break;
            return (*this);
            }
      private:
         std::vector<uint8_t> m_seed;
      };

   Seed seed(seed_c);

   q.binary_decode(hash->process(seed.value()));
   q.set_bit(qbits-1);
   q.set_bit(0);

   if(!is_prime(q, rng, 128, true))
      return false;

   const size_t n = (pbits-1) / (HASH_SIZE * 8),
                b = (pbits-1) % (HASH_SIZE * 8);

   BigInt X;
   std::vector<uint8_t> V(HASH_SIZE * (n+1));

   Modular_Reducer mod_2q(2*q);

   for(size_t j = 0; j != 4*pbits; ++j)
      {
      for(size_t k = 0; k <= n; ++k)
         {
         ++seed;
         hash->update(seed.value());
         hash->final(&V[HASH_SIZE * (n-k)]);
         }

      if(j >= offset)
         {
         X.binary_decode(&V[HASH_SIZE - 1 - b/8],
                         V.size() - (HASH_SIZE - 1 - b/8));
         X.set_bit(pbits-1);

         p = X - (mod_2q.reduce(X) - 1);

         if(p.bits() == pbits && is_prime(p, rng, 128, true))
            return true;
         }
      }
   return false;
   }

/*
* Generate DSA Primes
*/
std::vector<uint8_t> generate_dsa_primes(RandomNumberGenerator& rng,
                                      BigInt& p, BigInt& q,
                                      size_t pbits, size_t qbits)
   {
   while(true)
      {
      std::vector<uint8_t> seed(qbits / 8);
      rng.randomize(seed.data(), seed.size());

      if(generate_dsa_primes(rng, p, q, pbits, qbits, seed))
         return seed;
      }
   }

}

Line	Count	Source (jump to first uncovered line)
1		/*
2		* DSA Parameter Generation
3		* (C) 1999-2007 Jack Lloyd
4		*
5		* Botan is released under the Simplified BSD License (see license.txt)
6		*/
7
8		#include <botan/internal/primality.h>
9		#include <botan/numthry.h>
10		#include <botan/hash.h>
11		#include <botan/reducer.h>
12		#include <botan/rng.h>
13
14		namespace Botan {
15
16		namespace {
17
18		/*
19		* Check if this size is allowed by FIPS 186-3
20		*/
21		bool fips186_3_valid_size(size_t pbits, size_t qbits)
22	0	{
23	0	if(qbits == 160)
24	0	return (pbits == 1024);
25
26	0	if(qbits == 224)
27	0	return (pbits == 2048);
28
29	0	if(qbits == 256)
30	0	return (pbits == 2048 \|\| pbits == 3072);
31
32	0	return false;
33	0	}
34
35		// qbits assumed to be a valid size for FIPS param gen
36		std::string hash_function_for(size_t qbits)
37	0	{
38	0	if(qbits == 160)
39	0	return "SHA-1";
40
41	0	return "SHA-" + std::to_string(qbits);
42	0	}
43
44		}
45
46		/*
47		* Attempt DSA prime generation with given seed
48		*/
49		bool generate_dsa_primes(RandomNumberGenerator& rng,
50		BigInt& p, BigInt& q,
51		size_t pbits, size_t qbits,
52		const std::vector<uint8_t>& seed_c,
53		size_t offset)
54	0	{
55	0	if(!fips186_3_valid_size(pbits, qbits))
56	0	throw Invalid_Argument(
57	0	"FIPS 186-3 does not allow DSA domain parameters of " +
58	0	std::to_string(pbits) + "/" + std::to_string(qbits) + " bits long");
59
60	0	if(seed_c.size() * 8 < qbits)
61	0	throw Invalid_Argument(
62	0	"Generating a DSA parameter set with a " + std::to_string(qbits) +
63	0	" bit long q requires a seed at least as many bits long");
64
65	0	const std::string hash_name = hash_function_for(qbits);
66	0	std::unique_ptr<HashFunction> hash(HashFunction::create_or_throw(hash_name));
67
68	0	const size_t HASH_SIZE = hash->output_length();
69
70	0	class Seed final
71	0	{
72	0	public:
73	0	explicit Seed(const std::vector<uint8_t>& s) : m_seed(s) {}
74
75	0	const std::vector<uint8_t>& value() const { return m_seed; }
76
77	0	Seed& operator++()
78	0	{
79	0	for(size_t j = m_seed.size(); j > 0; --j)
80	0	if(++m_seed[j-1])
81	0	break;
82	0	return (*this);
83	0	}
84	0	private:
85	0	std::vector<uint8_t> m_seed;
86	0	};
87
88	0	Seed seed(seed_c);
89
90	0	q.binary_decode(hash->process(seed.value()));
91	0	q.set_bit(qbits-1);
92	0	q.set_bit(0);
93
94	0	if(!is_prime(q, rng, 128, true))
95	0	return false;
96
97	0	const size_t n = (pbits-1) / (HASH_SIZE * 8),
98	0	b = (pbits-1) % (HASH_SIZE * 8);
99
100	0	BigInt X;
101	0	std::vector<uint8_t> V(HASH_SIZE * (n+1));
102
103	0	Modular_Reducer mod_2q(2*q);
104
105	0	for(size_t j = 0; j != 4*pbits; ++j)
106	0	{
107	0	for(size_t k = 0; k <= n; ++k)
108	0	{
109	0	++seed;
110	0	hash->update(seed.value());
111	0	hash->final(&V[HASH_SIZE * (n-k)]);
112	0	}
113
114	0	if(j >= offset)
115	0	{
116	0	X.binary_decode(&V[HASH_SIZE - 1 - b/8],
117	0	V.size() - (HASH_SIZE - 1 - b/8));
118	0	X.set_bit(pbits-1);
119
120	0	p = X - (mod_2q.reduce(X) - 1);
121
122	0	if(p.bits() == pbits && is_prime(p, rng, 128, true))
123	0	return true;
124	0	}
125	0	}
126	0	return false;
127	0	}
128
129		/*
130		* Generate DSA Primes
131		*/
132		std::vector<uint8_t> generate_dsa_primes(RandomNumberGenerator& rng,
133		BigInt& p, BigInt& q,
134		size_t pbits, size_t qbits)
135	0	{
136	0	while(true)
137	0	{
138	0	std::vector<uint8_t> seed(qbits / 8);
139	0	rng.randomize(seed.data(), seed.size());
140
141	0	if(generate_dsa_primes(rng, p, q, pbits, qbits, seed))
142	0	return seed;
143	0	}
144	0	}
145
146		}

Coverage Report

Created: 2023-02-13 06:21