Skip to content

Commit acaac81

Browse files
committed
added randomizer to DSA signature generation
1 parent bf5cc61 commit acaac81

File tree

3 files changed

+37
-8
lines changed

3 files changed

+37
-8
lines changed

Diff for: core/src/main/java/org/bouncycastle/crypto/signers/DSASigner.java

+10-1
Original file line numberDiff line numberDiff line change
@@ -95,7 +95,8 @@ public BigInteger[] generateSignature(
9595

9696
BigInteger k = kCalculator.nextK();
9797

98-
BigInteger r = params.getG().modPow(k, params.getP()).mod(q);
98+
// the randomizer is to conceal timing information related to k and x.
99+
BigInteger r = params.getG().modPow(k.add(getRandomizer(q, random)), params.getP()).mod(q);
99100

100101
k = k.modInverse(q).multiply(m.add(x.multiply(r)));
101102

@@ -163,4 +164,12 @@ protected SecureRandom initSecureRandom(boolean needed, SecureRandom provided)
163164
{
164165
return !needed ? null : (provided != null) ? provided : new SecureRandom();
165166
}
167+
168+
private BigInteger getRandomizer(BigInteger q, SecureRandom provided)
169+
{
170+
// Calculate a random multiple of q to add to k. Note that g^q = 1 (mod p), so adding multiple of q to k does not change r.
171+
int randomBits = 7;
172+
173+
return new BigInteger(randomBits, provided != null ? provided : new SecureRandom()).add(BigInteger.valueOf(128)).multiply(q);
174+
}
166175
}

Diff for: core/src/test/java/org/bouncycastle/crypto/test/DSATest.java

+24-6
Original file line numberDiff line numberDiff line change
@@ -44,7 +44,7 @@ public class DSATest
4444
byte[] keyData = Hex.decode("b5014e4b60ef2ba8b6211b4062ba3224e0427dd3");
4545

4646
SecureRandom keyRandom = new FixedSecureRandom(
47-
new FixedSecureRandom.Source[] { new FixedSecureRandom.Data(keyData), new FixedSecureRandom.Data(keyData) });
47+
new FixedSecureRandom.Source[] { new FixedSecureRandom.Data(keyData), new FixedSecureRandom.Data(keyData), new FixedSecureRandom.Data(Hex.decode("01020304"))});
4848

4949
BigInteger pValue = new BigInteger("8df2a494492276aa3d25759bb06869cbeac0d83afb8d0cf7cbb8324f0d7882e5d0762fc5b7210eafc2e9adac32ab7aac49693dfbf83724c2ec0736ee31c80291", 16);
5050
BigInteger qValue = new BigInteger("c773218c737ec8ee993b4f2ded30f48edace915f", 16);
@@ -165,7 +165,11 @@ private void testDSAsha3(int size, BigInteger s)
165165
"A5613957D7E5C7A6D5A5834B4CB069E0831753ECF65BA02B", 16);
166166

167167
DSAPrivateKeyParameters priKey = new DSAPrivateKeyParameters(x, dsaParams);
168-
SecureRandom k = new TestRandomBigInteger("72546832179840998877302529996971396893172522460793442785601695562409154906335");
168+
SecureRandom k = new FixedSecureRandom(
169+
new FixedSecureRandom.Source[] {
170+
new FixedSecureRandom.BigInteger(BigIntegers.asUnsignedByteArray(new BigInteger("72546832179840998877302529996971396893172522460793442785601695562409154906335"))),
171+
new FixedSecureRandom.Data(Hex.decode("01020304"))
172+
});
169173

170174
byte[] M = Hex.decode("1BD4ED430B0F384B4E8D458EFF1A8A553286D7AC21CB2F6806172EF5F94A06AD");
171175

@@ -287,7 +291,10 @@ private void dsa2Test1()
287291

288292
DSASigner signer = new DSASigner();
289293

290-
signer.init(true, new ParametersWithRandom(kp.getPrivate(), new TestRandomBigInteger("349C55648DCF992F3F33E8026CFAC87C1D2BA075", 16)));
294+
signer.init(true, new ParametersWithRandom(kp.getPrivate(), new FixedSecureRandom(
295+
new FixedSecureRandom.Source[] {
296+
new FixedSecureRandom.BigInteger("349C55648DCF992F3F33E8026CFAC87C1D2BA075"),
297+
new FixedSecureRandom.Data(Hex.decode("01020304")) })));
291298

292299
byte[] msg = Hex.decode("A9993E364706816ABA3E25717850C26C9CD0D89D");
293300

@@ -404,7 +411,11 @@ private void dsa2Test2()
404411

405412
DSASigner signer = new DSASigner();
406413

407-
signer.init(true, new ParametersWithRandom(kp.getPrivate(), new TestRandomData(Hex.decode("735959CC4463B8B440E407EECA8A473BF6A6D1FE657546F67D401F05"))));
414+
signer.init(true, new ParametersWithRandom(kp.getPrivate(), new FixedSecureRandom(
415+
new FixedSecureRandom.Source[] {
416+
new FixedSecureRandom.BigInteger(Hex.decode("735959CC4463B8B440E407EECA8A473BF6A6D1FE657546F67D401F05")),
417+
new FixedSecureRandom.Data(Hex.decode("01020304"))
418+
})));
408419

409420
byte[] msg = Hex.decode("23097D223405D8228642A477BDA255B32AADBCE4BDA0B3F7E36C9DA7");
410421

@@ -520,7 +531,11 @@ private void dsa2Test3()
520531

521532
DSASigner signer = new DSASigner();
522533

523-
signer.init(true, new ParametersWithRandom(kp.getPrivate(), new TestRandomData(Hex.decode("0CAF2EF547EC49C4F3A6FE6DF4223A174D01F2C115D49A6F73437C29A2A8458C"))));
534+
signer.init(true, new ParametersWithRandom(kp.getPrivate(), new FixedSecureRandom(
535+
new FixedSecureRandom.Source[] {
536+
new FixedSecureRandom.BigInteger(Hex.decode("0CAF2EF547EC49C4F3A6FE6DF4223A174D01F2C115D49A6F73437C29A2A8458C")),
537+
new FixedSecureRandom.Data(Hex.decode("01020304"))
538+
})));
524539

525540
byte[] msg = Hex.decode("BA7816BF8F01CFEA414140DE5DAE2223B00361A396177A9CB410FF61F20015AD");
526541

@@ -651,7 +666,10 @@ private void dsa2Test4()
651666

652667
DSASigner signer = new DSASigner();
653668

654-
signer.init(true, new ParametersWithRandom(kp.getPrivate(), new TestRandomData(Hex.decode("A6902C1E6E3943C5628061588A8B007BCCEA91DBF12915483F04B24AB0678BEE"))));
669+
signer.init(true, new ParametersWithRandom(kp.getPrivate(), new FixedSecureRandom(
670+
new FixedSecureRandom.Source[]
671+
{ new FixedSecureRandom.BigInteger("A6902C1E6E3943C5628061588A8B007BCCEA91DBF12915483F04B24AB0678BEE"),
672+
new FixedSecureRandom.Data(Hex.decode("01020304")) })));
655673

656674
byte[] msg = Hex.decode("BA7816BF8F01CFEA414140DE5DAE2223B00361A396177A9CB410FF61F20015AD");
657675

Diff for: prov/src/test/java/org/bouncycastle/jce/provider/test/DSATest.java

+3-1
Original file line numberDiff line numberDiff line change
@@ -686,7 +686,9 @@ private void testDSAsha3(ASN1ObjectIdentifier sigOid, int size, BigInteger s)
686686
private void doDsaTest(String sigName, BigInteger s, KeyFactory ecKeyFact, DSAPublicKeySpec pubKey, DSAPrivateKeySpec priKey)
687687
throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeyException, InvalidKeySpecException, SignatureException
688688
{
689-
SecureRandom k = new TestRandomBigInteger(BigIntegers.asUnsignedByteArray(new BigInteger("72546832179840998877302529996971396893172522460793442785601695562409154906335")));
689+
SecureRandom k = new FixedSecureRandom(
690+
new FixedSecureRandom.Source[] { new FixedSecureRandom.BigInteger(BigIntegers.asUnsignedByteArray(new BigInteger("72546832179840998877302529996971396893172522460793442785601695562409154906335"))),
691+
new FixedSecureRandom.Data(Hex.decode("01020304")) });
690692

691693
byte[] M = Hex.decode("1BD4ED430B0F384B4E8D458EFF1A8A553286D7AC21CB2F6806172EF5F94A06AD");
692694

0 commit comments

Comments
 (0)