|
1 /* |
|
2 * Copyright (c) 2003-2009 Nokia Corporation and/or its subsidiary(-ies). |
|
3 * All rights reserved. |
|
4 * This component and the accompanying materials are made available |
|
5 * under the terms of the License "Eclipse Public License v1.0" |
|
6 * which accompanies this distribution, and is available |
|
7 * at the URL "http://www.eclipse.org/legal/epl-v10.html". |
|
8 * |
|
9 * Initial Contributors: |
|
10 * Nokia Corporation - initial contribution. |
|
11 * |
|
12 * Contributors: |
|
13 * |
|
14 * Description: |
|
15 * |
|
16 */ |
|
17 |
|
18 |
|
19 #include <asymmetric.h> |
|
20 |
|
21 EXPORT_C CDSASigner* CDSASigner::NewL(const CDSAPrivateKey& aKey) |
|
22 { |
|
23 CDSASigner* self = new(ELeave) CDSASigner(aKey); |
|
24 return self; |
|
25 } |
|
26 |
|
27 EXPORT_C CDSASigner* CDSASigner::NewLC(const CDSAPrivateKey& aKey) |
|
28 { |
|
29 CDSASigner* self = NewL(aKey); |
|
30 CleanupStack::PushL(self); |
|
31 return self; |
|
32 } |
|
33 |
|
34 TInt CDSASigner::MaxInputLength(void) const |
|
35 { |
|
36 return SHA1_HASH; // from hash.h |
|
37 } |
|
38 |
|
39 CDSASignature* CDSASigner::SignL(const TDesC8& aInput) const |
|
40 { |
|
41 //see HAC 11.56 or DSS section 5 |
|
42 //I'll follow HAC as I like its description better |
|
43 //We don't check that r and s are non both non-null like the DSS |
|
44 //states you _optionally_ can. The chances of this are _incredibly_ small. |
|
45 //You've got a much better chance of a bit failure ocurring in the hardware |
|
46 //than this. |
|
47 |
|
48 // a) Select a random secret integer (k | 0 < k < q) |
|
49 RInteger qminus1 = RInteger::NewL(iPrivateKey.Q()); |
|
50 CleanupStack::PushL(qminus1); |
|
51 --qminus1; |
|
52 RInteger k = RInteger::NewRandomL(TInteger::One(), qminus1); |
|
53 CleanupStack::PopAndDestroy(&qminus1); |
|
54 CleanupStack::PushL(k); |
|
55 |
|
56 // b) compute r = (g^k mod p) mod q |
|
57 RInteger r = TInteger::ModularExponentiateL(iPrivateKey.G(), k, |
|
58 iPrivateKey.P()); |
|
59 CleanupStack::PushL(r); |
|
60 r %= iPrivateKey.Q(); |
|
61 |
|
62 // c) compute k^(-1) mod q |
|
63 RInteger kinv = k.InverseModL(iPrivateKey.Q()); |
|
64 CleanupStack::PushL(kinv); |
|
65 |
|
66 // d) compute s = k^(-1) * {h(m) + xr} mod q |
|
67 // Note that in order to be interoperable, compliant with the DSS, and |
|
68 // secure, aInput must be the result of a SHA-1 hash |
|
69 RInteger hm = RInteger::NewL(aInput); |
|
70 CleanupStack::PushL(hm); |
|
71 |
|
72 RInteger s = iPrivateKey.X().TimesL(r); |
|
73 CleanupStack::PushL(s); |
|
74 s += hm; |
|
75 s *= kinv; |
|
76 s %= iPrivateKey.Q(); |
|
77 |
|
78 // e) signature for m is the pair (r,s) |
|
79 CDSASignature* signature = CDSASignature::NewL(r, s);//transfers ownership |
|
80 CleanupStack::Pop(&s); |
|
81 CleanupStack::PopAndDestroy(&hm); |
|
82 CleanupStack::PopAndDestroy(&kinv); |
|
83 CleanupStack::Pop(&r); |
|
84 CleanupStack::PopAndDestroy(&k); |
|
85 return signature; |
|
86 } |
|
87 |
|
88 CDSASigner::CDSASigner(const CDSAPrivateKey& aKey) |
|
89 : iPrivateKey(aKey) |
|
90 { |
|
91 } |
|
92 |