Botan  1.10.9
dsa.cpp
Go to the documentation of this file.
1 /*
2 * DSA
3 * (C) 1999-2010 Jack Lloyd
4 *
5 * Distributed under the terms of the Botan license
6 */
7 
8 #include <botan/dsa.h>
9 #include <botan/numthry.h>
10 #include <botan/keypair.h>
11 
12 namespace Botan {
13 
14 /*
15 * DSA_PublicKey Constructor
16 */
18  {
19  group = grp;
20  y = y1;
21  }
22 
23 /*
24 * Create a DSA private key
25 */
27  const DL_Group& grp,
28  const BigInt& x_arg)
29  {
30  group = grp;
31  x = x_arg;
32 
33  if(x == 0)
34  x = BigInt::random_integer(rng, 2, group_q() - 1);
35 
36  y = power_mod(group_g(), x, group_p());
37 
38  if(x_arg == 0)
39  gen_check(rng);
40  else
41  load_check(rng);
42  }
43 
45  const MemoryRegion<byte>& key_bits,
47  DL_Scheme_PrivateKey(alg_id, key_bits, DL_Group::ANSI_X9_57)
48  {
49  y = power_mod(group_g(), x, group_p());
50 
51  load_check(rng);
52  }
53 
54 /*
55 * Check Private DSA Parameters
56 */
58  {
59  if(!DL_Scheme_PrivateKey::check_key(rng, strong) || x >= group_q())
60  return false;
61 
62  if(!strong)
63  return true;
64 
65  return KeyPair::signature_consistency_check(rng, *this, "EMSA1(SHA-1)");
66  }
67 
69  q(dsa.group_q()),
70  x(dsa.get_x()),
71  powermod_g_p(dsa.group_g(), dsa.group_p()),
72  mod_q(dsa.group_q())
73  {
74  }
75 
77 DSA_Signature_Operation::sign(const byte msg[], size_t msg_len,
79  {
80  rng.add_entropy(msg, msg_len);
81 
82  BigInt i(msg, msg_len);
83  BigInt r = 0, s = 0;
84 
85  while(r == 0 || s == 0)
86  {
87  BigInt k;
88  do
89  k.randomize(rng, q.bits());
90  while(k >= q);
91 
92  r = mod_q.reduce(powermod_g_p(k));
93  s = mod_q.multiply(inverse_mod(k, q), mul_add(x, r, i));
94  }
95 
96  SecureVector<byte> output(2*q.bytes());
97  r.binary_encode(&output[output.size() / 2 - r.bytes()]);
98  s.binary_encode(&output[output.size() - s.bytes()]);
99  return output;
100  }
101 
103  q(dsa.group_q()), y(dsa.get_y())
104  {
105  powermod_g_p = Fixed_Base_Power_Mod(dsa.group_g(), dsa.group_p());
106  powermod_y_p = Fixed_Base_Power_Mod(y, dsa.group_p());
107  mod_p = Modular_Reducer(dsa.group_p());
108  mod_q = Modular_Reducer(dsa.group_q());
109  }
110 
111 bool DSA_Verification_Operation::verify(const byte msg[], size_t msg_len,
112  const byte sig[], size_t sig_len)
113  {
114  const BigInt& q = mod_q.get_modulus();
115 
116  if(sig_len != 2*q.bytes() || msg_len > q.bytes())
117  return false;
118 
119  BigInt r(sig, q.bytes());
120  BigInt s(sig + q.bytes(), q.bytes());
121  BigInt i(msg, msg_len);
122 
123  if(r <= 0 || r >= q || s <= 0 || s >= q)
124  return false;
125 
126  s = inverse_mod(s, q);
127  s = mod_p.multiply(powermod_g_p(mod_q.multiply(s, i)),
128  powermod_y_p(mod_q.multiply(s, r)));
129 
130  return (mod_q.reduce(s) == r);
131  }
132 
133 }
void load_check(RandomNumberGenerator &rng) const
Definition: pk_keys.cpp:40
void binary_encode(byte buf[]) const
Definition: bigint.cpp:340
bool signature_consistency_check(RandomNumberGenerator &rng, const Private_Key &key, const std::string &padding)
Definition: keypair.cpp:47
virtual void add_entropy(const byte in[], size_t length)=0
const BigInt & group_q() const
Definition: dl_algo.h:50
const BigInt & group_p() const
Definition: dl_algo.h:44
static BigInt random_integer(RandomNumberGenerator &rng, const BigInt &min, const BigInt &max)
Definition: big_rand.cpp:50
unsigned char byte
Definition: types.h:22
bool check_key(RandomNumberGenerator &rng, bool) const
Definition: dl_algo.cpp:67
size_t bits() const
Definition: bigint.cpp:253
DSA_Verification_Operation(const DSA_PublicKey &dsa)
Definition: dsa.cpp:102
bool verify(const byte msg[], size_t msg_len, const byte sig[], size_t sig_len)
Definition: dsa.cpp:111
RandomNumberGenerator * rng
Definition: global_rng.cpp:165
void randomize(RandomNumberGenerator &rng, size_t bitsize=0)
Definition: big_rand.cpp:29
BigInt multiply(const BigInt &x, const BigInt &y) const
Definition: reducer.h:31
BigInt reduce(const BigInt &x) const
Definition: reducer.cpp:32
SecureVector< byte > sign(const byte msg[], size_t msg_len, RandomNumberGenerator &rng)
Definition: dsa.cpp:77
DSA_Signature_Operation(const DSA_PrivateKey &dsa)
Definition: dsa.cpp:68
BigInt inverse_mod(const BigInt &n, const BigInt &mod)
Definition: numthry.cpp:202
BigInt power_mod(const BigInt &base, const BigInt &exp, const BigInt &mod)
Definition: numthry.cpp:251
BigInt r
Definition: numthry.cpp:26
const BigInt & group_g() const
Definition: dl_algo.h:56
bool check_key(RandomNumberGenerator &rng, bool strong) const
Definition: dsa.cpp:57
void gen_check(RandomNumberGenerator &rng) const
Definition: pk_keys.cpp:49
DSA_PrivateKey(const AlgorithmIdentifier &alg_id, const MemoryRegion< byte > &key_bits, RandomNumberGenerator &rng)
Definition: dsa.cpp:44
const BigInt & get_modulus() const
Definition: reducer.h:21
BigInt mul_add(const BigInt &a, const BigInt &b, const BigInt &c)
Definition: mp_numth.cpp:33
size_t s
Definition: numthry.cpp:27
size_t bytes() const
Definition: bigint.cpp:245