Botan  1.10.9
dsa_gen.cpp
Go to the documentation of this file.
1 /*
2 * DSA Parameter Generation
3 * (C) 1999-2007 Jack Lloyd
4 *
5 * Distributed under the terms of the Botan license
6 */
7 
8 #include <botan/numthry.h>
9 #include <botan/algo_factory.h>
10 #include <botan/hash.h>
11 #include <botan/parsing.h>
12 #include <algorithm>
13 #include <memory>
14 
15 namespace Botan {
16 
17 namespace {
18 
19 /*
20 * Check if this size is allowed by FIPS 186-3
21 */
22 bool fips186_3_valid_size(size_t pbits, size_t qbits)
23  {
24  if(qbits == 160)
25  return (pbits == 512 || pbits == 768 || pbits == 1024);
26 
27  if(qbits == 224)
28  return (pbits == 2048);
29 
30  if(qbits == 256)
31  return (pbits == 2048 || pbits == 3072);
32 
33  return false;
34  }
35 
36 }
37 
38 /*
39 * Attempt DSA prime generation with given seed
40 */
43  BigInt& p, BigInt& q,
44  size_t pbits, size_t qbits,
45  const MemoryRegion<byte>& seed_c)
46  {
47  if(!fips186_3_valid_size(pbits, qbits))
48  throw Invalid_Argument(
49  "FIPS 186-3 does not allow DSA domain parameters of " +
50  to_string(pbits) + "/" + to_string(qbits) + " bits long");
51 
52  if(seed_c.size() * 8 < qbits)
53  throw Invalid_Argument(
54  "Generating a DSA parameter set with a " + to_string(qbits) +
55  "long q requires a seed at least as many bits long");
56 
57  std::auto_ptr<HashFunction> hash(
58  af.make_hash_function("SHA-" + to_string(qbits)));
59 
60  const size_t HASH_SIZE = hash->output_length();
61 
62  class Seed
63  {
64  public:
65  Seed(const MemoryRegion<byte>& s) : seed(s) {}
66 
67  operator MemoryRegion<byte>& () { return seed; }
68 
69  Seed& operator++()
70  {
71  for(size_t j = seed.size(); j > 0; --j)
72  if(++seed[j-1])
73  break;
74  return (*this);
75  }
76  private:
77  SecureVector<byte> seed;
78  };
79 
80  Seed seed(seed_c);
81 
82  q.binary_decode(hash->process(seed));
83  q.set_bit(qbits-1);
84  q.set_bit(0);
85 
86  if(!check_prime(q, rng))
87  return false;
88 
89  const size_t n = (pbits-1) / (HASH_SIZE * 8),
90  b = (pbits-1) % (HASH_SIZE * 8);
91 
92  BigInt X;
93  SecureVector<byte> V(HASH_SIZE * (n+1));
94 
95  for(size_t j = 0; j != 4096; ++j)
96  {
97  for(size_t k = 0; k <= n; ++k)
98  {
99  ++seed;
100  hash->update(seed);
101  hash->final(&V[HASH_SIZE * (n-k)]);
102  }
103 
104  X.binary_decode(&V[HASH_SIZE - 1 - b/8],
105  V.size() - (HASH_SIZE - 1 - b/8));
106  X.set_bit(pbits-1);
107 
108  p = X - (X % (2*q) - 1);
109 
110  if(p.bits() == pbits && check_prime(p, rng))
111  return true;
112  }
113  return false;
114  }
115 
116 /*
117 * Generate DSA Primes
118 */
120  Algorithm_Factory& af,
121  BigInt& p, BigInt& q,
122  size_t pbits, size_t qbits)
123  {
124  while(true)
125  {
126  SecureVector<byte> seed = rng.random_vec(qbits / 8);
127 
128  if(generate_dsa_primes(rng, af, p, q, pbits, qbits, seed))
129  return seed;
130  }
131  }
132 
133 }
BigInt n
Definition: numthry.cpp:26
SecureVector< byte > random_vec(size_t bytes)
Definition: rng.h:40
void binary_decode(const byte buf[], size_t length)
Definition: bigint.cpp:350
void set_bit(size_t n)
Definition: bigint.cpp:205
std::invalid_argument Invalid_Argument
Definition: exceptn.h:20
size_t bits() const
Definition: bigint.cpp:253
RandomNumberGenerator * rng
Definition: global_rng.cpp:165
size_t size() const
Definition: secmem.h:29
HashFunction * make_hash_function(const std::string &algo_spec, const std::string &provider="")
std::string to_string(u64bit n, size_t min_len)
Definition: parsing.cpp:42
bool generate_dsa_primes(RandomNumberGenerator &rng, Algorithm_Factory &af, BigInt &p, BigInt &q, size_t pbits, size_t qbits, const MemoryRegion< byte > &seed_c)
Definition: dsa_gen.cpp:41
size_t s
Definition: numthry.cpp:27
bool check_prime(const BigInt &n, RandomNumberGenerator &rng)
Definition: numthry.h:143