Botan  2.1.0
Crypto and TLS for C++11
dsa_gen.cpp
Go to the documentation of this file.
1 /*
2 * DSA Parameter Generation
3 * (C) 1999-2007 Jack Lloyd
4 *
5 * Botan is released under the Simplified BSD License (see license.txt)
6 */
7 
8 #include <botan/numthry.h>
9 #include <botan/hash.h>
10 #include <botan/parsing.h>
11 #include <algorithm>
12 
13 namespace Botan {
14 
15 namespace {
16 
17 /*
18 * Check if this size is allowed by FIPS 186-3
19 */
20 bool fips186_3_valid_size(size_t pbits, size_t qbits)
21  {
22  if(qbits == 160)
23  return (pbits == 1024);
24 
25  if(qbits == 224)
26  return (pbits == 2048);
27 
28  if(qbits == 256)
29  return (pbits == 2048 || pbits == 3072);
30 
31  return false;
32  }
33 
34 }
35 
36 /*
37 * Attempt DSA prime generation with given seed
38 */
40  BigInt& p, BigInt& q,
41  size_t pbits, size_t qbits,
42  const std::vector<uint8_t>& seed_c,
43  size_t offset)
44  {
45  if(!fips186_3_valid_size(pbits, qbits))
46  throw Invalid_Argument(
47  "FIPS 186-3 does not allow DSA domain parameters of " +
48  std::to_string(pbits) + "/" + std::to_string(qbits) + " bits long");
49 
50  if(seed_c.size() * 8 < qbits)
51  throw Invalid_Argument(
52  "Generating a DSA parameter set with a " + std::to_string(qbits) +
53  "long q requires a seed at least as many bits long");
54 
55  const std::string hash_name = "SHA-" + std::to_string(qbits);
56  std::unique_ptr<HashFunction> hash(HashFunction::create_or_throw(hash_name));
57 
58  const size_t HASH_SIZE = hash->output_length();
59 
60  class Seed
61  {
62  public:
63  explicit Seed(const std::vector<uint8_t>& s) : m_seed(s) {}
64 
65  operator std::vector<uint8_t>& () { return m_seed; }
66 
67  Seed& operator++()
68  {
69  for(size_t j = m_seed.size(); j > 0; --j)
70  if(++m_seed[j-1])
71  break;
72  return (*this);
73  }
74  private:
75  std::vector<uint8_t> m_seed;
76  };
77 
78  Seed seed(seed_c);
79 
80  q.binary_decode(hash->process(seed));
81  q.set_bit(qbits-1);
82  q.set_bit(0);
83 
84  if(!is_prime(q, rng, 126))
85  return false;
86 
87  const size_t n = (pbits-1) / (HASH_SIZE * 8),
88  b = (pbits-1) % (HASH_SIZE * 8);
89 
90  BigInt X;
91  std::vector<uint8_t> V(HASH_SIZE * (n+1));
92 
93  for(size_t j = 0; j != 4*pbits; ++j)
94  {
95  for(size_t k = 0; k <= n; ++k)
96  {
97  ++seed;
98  hash->update(seed);
99  hash->final(&V[HASH_SIZE * (n-k)]);
100  }
101 
102  if(j >= offset)
103  {
104  X.binary_decode(&V[HASH_SIZE - 1 - b/8],
105  V.size() - (HASH_SIZE - 1 - b/8));
106  X.set_bit(pbits-1);
107 
108  p = X - (X % (2*q) - 1);
109 
110  if(p.bits() == pbits && is_prime(p, rng, 126))
111  return true;
112  }
113  }
114  return false;
115  }
116 
117 /*
118 * Generate DSA Primes
119 */
120 std::vector<uint8_t> generate_dsa_primes(RandomNumberGenerator& rng,
121  BigInt& p, BigInt& q,
122  size_t pbits, size_t qbits)
123  {
124  while(true)
125  {
126  std::vector<uint8_t> seed(qbits / 8);
127  rng.randomize(seed.data(), seed.size());
128 
129  if(generate_dsa_primes(rng, p, q, pbits, qbits, seed))
130  return seed;
131  }
132  }
133 
134 }
static std::unique_ptr< HashFunction > create_or_throw(const std::string &algo_spec, const std::string &provider="")
Definition: hash.cpp:303
virtual void randomize(uint8_t output[], size_t length)=0
bool is_prime(const BigInt &n, RandomNumberGenerator &rng, size_t prob, bool is_random)
Definition: numthry.cpp:441
void set_bit(size_t n)
Definition: bigint.cpp:157
std::string to_string(const BER_Object &obj)
Definition: asn1_obj.cpp:47
bool generate_dsa_primes(RandomNumberGenerator &rng, BigInt &p, BigInt &q, size_t pbits, size_t qbits, const std::vector< uint8_t > &seed_c, size_t offset)
Definition: dsa_gen.cpp:39
size_t bits() const
Definition: bigint.cpp:184
Definition: alg_id.cpp:13
void binary_decode(const uint8_t buf[], size_t length)
Definition: bigint.cpp:280
MechanismType hash