|
72
|
1 |
/*
|
|
|
2 |
* Copyright (c) 2003-2009 Nokia Corporation and/or its subsidiary(-ies).
|
|
|
3 |
* All rights reserved.
|
|
|
4 |
* This component and the accompanying materials are made available
|
|
|
5 |
* under the terms of the License "Eclipse Public License v1.0"
|
|
|
6 |
* which accompanies this distribution, and is available
|
|
|
7 |
* at the URL "http://www.eclipse.org/legal/epl-v10.html".
|
|
|
8 |
*
|
|
|
9 |
* Initial Contributors:
|
|
|
10 |
* Nokia Corporation - initial contribution.
|
|
|
11 |
*
|
|
|
12 |
* Contributors:
|
|
|
13 |
*
|
|
|
14 |
* Description:
|
|
|
15 |
*
|
|
|
16 |
*/
|
|
|
17 |
|
|
|
18 |
|
|
|
19 |
#include <asymmetric.h>
|
|
|
20 |
|
|
|
21 |
EXPORT_C CDSASigner* CDSASigner::NewL(const CDSAPrivateKey& aKey)
|
|
|
22 |
{
|
|
|
23 |
CDSASigner* self = new(ELeave) CDSASigner(aKey);
|
|
|
24 |
return self;
|
|
|
25 |
}
|
|
|
26 |
|
|
|
27 |
EXPORT_C CDSASigner* CDSASigner::NewLC(const CDSAPrivateKey& aKey)
|
|
|
28 |
{
|
|
|
29 |
CDSASigner* self = NewL(aKey);
|
|
|
30 |
CleanupStack::PushL(self);
|
|
|
31 |
return self;
|
|
|
32 |
}
|
|
|
33 |
|
|
|
34 |
TInt CDSASigner::MaxInputLength(void) const
|
|
|
35 |
{
|
|
|
36 |
return SHA1_HASH; // from hash.h
|
|
|
37 |
}
|
|
|
38 |
|
|
|
39 |
CDSASignature* CDSASigner::SignL(const TDesC8& aInput) const
|
|
|
40 |
{
|
|
|
41 |
//see HAC 11.56 or DSS section 5
|
|
|
42 |
//I'll follow HAC as I like its description better
|
|
|
43 |
//We don't check that r and s are non both non-null like the DSS
|
|
|
44 |
//states you _optionally_ can. The chances of this are _incredibly_ small.
|
|
|
45 |
//You've got a much better chance of a bit failure ocurring in the hardware
|
|
|
46 |
//than this.
|
|
|
47 |
|
|
|
48 |
// a) Select a random secret integer (k | 0 < k < q)
|
|
|
49 |
RInteger qminus1 = RInteger::NewL(iPrivateKey.Q());
|
|
|
50 |
CleanupStack::PushL(qminus1);
|
|
|
51 |
--qminus1;
|
|
|
52 |
RInteger k = RInteger::NewRandomL(TInteger::One(), qminus1);
|
|
|
53 |
CleanupStack::PopAndDestroy(&qminus1);
|
|
|
54 |
CleanupStack::PushL(k);
|
|
|
55 |
|
|
|
56 |
// b) compute r = (g^k mod p) mod q
|
|
|
57 |
RInteger r = TInteger::ModularExponentiateL(iPrivateKey.G(), k,
|
|
|
58 |
iPrivateKey.P());
|
|
|
59 |
CleanupStack::PushL(r);
|
|
|
60 |
r %= iPrivateKey.Q();
|
|
|
61 |
|
|
|
62 |
// c) compute k^(-1) mod q
|
|
|
63 |
RInteger kinv = k.InverseModL(iPrivateKey.Q());
|
|
|
64 |
CleanupStack::PushL(kinv);
|
|
|
65 |
|
|
|
66 |
// d) compute s = k^(-1) * {h(m) + xr} mod q
|
|
|
67 |
// Note that in order to be interoperable, compliant with the DSS, and
|
|
|
68 |
// secure, aInput must be the result of a SHA-1 hash
|
|
|
69 |
RInteger hm = RInteger::NewL(aInput);
|
|
|
70 |
CleanupStack::PushL(hm);
|
|
|
71 |
|
|
|
72 |
RInteger s = iPrivateKey.X().TimesL(r);
|
|
|
73 |
CleanupStack::PushL(s);
|
|
|
74 |
s += hm;
|
|
|
75 |
s *= kinv;
|
|
|
76 |
s %= iPrivateKey.Q();
|
|
|
77 |
|
|
|
78 |
// e) signature for m is the pair (r,s)
|
|
|
79 |
CDSASignature* signature = CDSASignature::NewL(r, s);//transfers ownership
|
|
|
80 |
CleanupStack::Pop(&s);
|
|
|
81 |
CleanupStack::PopAndDestroy(&hm);
|
|
|
82 |
CleanupStack::PopAndDestroy(&kinv);
|
|
|
83 |
CleanupStack::Pop(&r);
|
|
|
84 |
CleanupStack::PopAndDestroy(&k);
|
|
|
85 |
return signature;
|
|
|
86 |
}
|
|
|
87 |
|
|
|
88 |
CDSASigner::CDSASigner(const CDSAPrivateKey& aKey)
|
|
|
89 |
: iPrivateKey(aKey)
|
|
|
90 |
{
|
|
|
91 |
}
|
|
|
92 |
|