Botan  1.10.9
nr.cpp
Go to the documentation of this file.
1 /*
2 * Nyberg-Rueppel
3 * (C) 1999-2010 Jack Lloyd
4 *
5 * Distributed under the terms of the Botan license
6 */
7 
8 #include <botan/nr.h>
9 #include <botan/numthry.h>
10 #include <botan/keypair.h>
11 
12 namespace Botan {
13 
15  const MemoryRegion<byte>& key_bits) :
16  DL_Scheme_PublicKey(alg_id, key_bits, DL_Group::ANSI_X9_57)
17  {
18  }
19 
20 /*
21 * NR_PublicKey Constructor
22 */
24  {
25  group = grp;
26  y = y1;
27  }
28 
29 /*
30 * Create a NR private key
31 */
33  const DL_Group& grp,
34  const BigInt& x_arg)
35  {
36  group = grp;
37  x = x_arg;
38 
39  if(x == 0)
40  x = BigInt::random_integer(rng, 2, group_q() - 1);
41 
42  y = power_mod(group_g(), x, group_p());
43 
44  if(x_arg == 0)
45  gen_check(rng);
46  else
47  load_check(rng);
48  }
49 
51  const MemoryRegion<byte>& key_bits,
53  DL_Scheme_PrivateKey(alg_id, key_bits, DL_Group::ANSI_X9_57)
54  {
55  y = power_mod(group_g(), x, group_p());
56 
57  load_check(rng);
58  }
59 
60 /*
61 * Check Private Nyberg-Rueppel Parameters
62 */
64  {
65  if(!DL_Scheme_PrivateKey::check_key(rng, strong) || x >= group_q())
66  return false;
67 
68  if(!strong)
69  return true;
70 
71  return KeyPair::signature_consistency_check(rng, *this, "EMSA1(SHA-1)");
72  }
73 
75  q(nr.group_q()),
76  x(nr.get_x()),
77  powermod_g_p(nr.group_g(), nr.group_p()),
78  mod_q(nr.group_q())
79  {
80  }
81 
83 NR_Signature_Operation::sign(const byte msg[], size_t msg_len,
85  {
86  rng.add_entropy(msg, msg_len);
87 
88  BigInt f(msg, msg_len);
89 
90  if(f >= q)
91  throw Invalid_Argument("NR_Signature_Operation: Input is out of range");
92 
93  BigInt c, d;
94 
95  while(c == 0)
96  {
97  BigInt k;
98  do
99  k.randomize(rng, q.bits());
100  while(k >= q);
101 
102  c = mod_q.reduce(powermod_g_p(k) + f);
103  d = mod_q.reduce(k - x * c);
104  }
105 
106  SecureVector<byte> output(2*q.bytes());
107  c.binary_encode(&output[output.size() / 2 - c.bytes()]);
108  d.binary_encode(&output[output.size() - d.bytes()]);
109  return output;
110  }
111 
113  q(nr.group_q()), y(nr.get_y())
114  {
115  powermod_g_p = Fixed_Base_Power_Mod(nr.group_g(), nr.group_p());
116  powermod_y_p = Fixed_Base_Power_Mod(y, nr.group_p());
117  mod_p = Modular_Reducer(nr.group_p());
118  mod_q = Modular_Reducer(nr.group_q());
119  }
120 
122 NR_Verification_Operation::verify_mr(const byte msg[], size_t msg_len)
123  {
124  const BigInt& q = mod_q.get_modulus();
125 
126  if(msg_len != 2*q.bytes())
127  throw Invalid_Argument("NR verification: Invalid signature");
128 
129  BigInt c(msg, q.bytes());
130  BigInt d(msg + q.bytes(), q.bytes());
131 
132  if(c.is_zero() || c >= q || d >= q)
133  throw Invalid_Argument("NR verification: Invalid signature");
134 
135  BigInt i = mod_p.multiply(powermod_g_p(d), powermod_y_p(c));
136  return BigInt::encode(mod_q.reduce(c - i));
137  }
138 
139 }
void load_check(RandomNumberGenerator &rng) const
Definition: pk_keys.cpp:40
void binary_encode(byte buf[]) const
Definition: bigint.cpp:340
SecureVector< byte > sign(const byte msg[], size_t msg_len, RandomNumberGenerator &rng)
Definition: nr.cpp:83
bool signature_consistency_check(RandomNumberGenerator &rng, const Private_Key &key, const std::string &padding)
Definition: keypair.cpp:47
NR_PrivateKey(const AlgorithmIdentifier &alg_id, const MemoryRegion< byte > &key_bits, RandomNumberGenerator &rng)
Definition: nr.cpp:50
virtual void add_entropy(const byte in[], size_t length)=0
const BigInt & group_q() const
Definition: dl_algo.h:50
const BigInt & group_p() const
Definition: dl_algo.h:44
NR_Verification_Operation(const NR_PublicKey &nr)
Definition: nr.cpp:112
SecureVector< byte > verify_mr(const byte msg[], size_t msg_len)
Definition: nr.cpp:122
std::invalid_argument Invalid_Argument
Definition: exceptn.h:20
static SecureVector< byte > encode(const BigInt &n, Base base=Binary)
Definition: big_code.cpp:64
static BigInt random_integer(RandomNumberGenerator &rng, const BigInt &min, const BigInt &max)
Definition: big_rand.cpp:50
bool check_key(RandomNumberGenerator &rng, bool strong) const
Definition: nr.cpp:63
unsigned char byte
Definition: types.h:22
bool check_key(RandomNumberGenerator &rng, bool) const
Definition: dl_algo.cpp:67
size_t bits() const
Definition: bigint.cpp:253
RandomNumberGenerator * rng
Definition: global_rng.cpp:165
void randomize(RandomNumberGenerator &rng, size_t bitsize=0)
Definition: big_rand.cpp:29
NR_Signature_Operation(const NR_PrivateKey &nr)
Definition: nr.cpp:74
BigInt multiply(const BigInt &x, const BigInt &y) const
Definition: reducer.h:31
BigInt reduce(const BigInt &x) const
Definition: reducer.cpp:32
BigInt power_mod(const BigInt &base, const BigInt &exp, const BigInt &mod)
Definition: numthry.cpp:251
const BigInt & group_g() const
Definition: dl_algo.h:56
void gen_check(RandomNumberGenerator &rng) const
Definition: pk_keys.cpp:49
const BigInt & get_modulus() const
Definition: reducer.h:21
size_t bytes() const
Definition: bigint.cpp:245