Botan 2.19.3
Crypto and TLS for C&
rfc6979.cpp
Go to the documentation of this file.
1/*
2* RFC 6979 Deterministic Nonce Generator
3* (C) 2014,2015 Jack Lloyd
4*
5* Botan is released under the Simplified BSD License (see license.txt)
6*/
7
8#include <botan/rfc6979.h>
9#include <botan/hmac_drbg.h>
10#include <botan/mac.h>
11
12namespace Botan {
13
15 const BigInt& order,
16 const BigInt& x) :
17 m_order(order),
18 m_qlen(m_order.bits()),
19 m_rlen(m_qlen / 8 + (m_qlen % 8 ? 1 : 0)),
20 m_rng_in(m_rlen * 2),
21 m_rng_out(m_rlen)
22 {
23 m_hmac_drbg.reset(new HMAC_DRBG(MessageAuthenticationCode::create("HMAC(" + hash + ")")));
24 BigInt::encode_1363(m_rng_in.data(), m_rlen, x);
25 }
26
28 {
29 // for ~unique_ptr
30 }
31
33 {
34 BigInt::encode_1363(&m_rng_in[m_rlen], m_rlen, m);
35 m_hmac_drbg->clear();
36 m_hmac_drbg->initialize_with(m_rng_in.data(), m_rng_in.size());
37
38 do
39 {
40 m_hmac_drbg->randomize(m_rng_out.data(), m_rng_out.size());
41 m_k.binary_decode(m_rng_out.data(), m_rng_out.size());
42 m_k >>= (8*m_rlen - m_qlen);
43 }
44 while(m_k == 0 || m_k >= m_order);
45
46 return m_k;
47 }
48
50 const BigInt& q,
51 const BigInt& h,
52 const std::string& hash)
53 {
55 BigInt k = gen.nonce_for(h);
56 return k;
57 }
58
59}
void binary_decode(const uint8_t buf[], size_t length)
Definition bigint.cpp:432
static secure_vector< uint8_t > encode_1363(const BigInt &n, size_t bytes)
Definition big_code.cpp:111
static std::unique_ptr< MessageAuthenticationCode > create(const std::string &algo_spec, const std::string &provider="")
Definition mac.cpp:46
RFC6979_Nonce_Generator(const std::string &hash, const BigInt &order, const BigInt &x)
Definition rfc6979.cpp:14
const BigInt & nonce_for(const BigInt &m)
Definition rfc6979.cpp:32
BigInt generate_rfc6979_nonce(const BigInt &x, const BigInt &q, const BigInt &h, const std::string &hash)
Definition rfc6979.cpp:49
MechanismType hash