Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Implement a robust DSA API + support for deterministic DSA #53

Closed
wants to merge 6 commits into from

Conversation

Projects
None yet
1 participant
@Legrandin
Copy link
Contributor

Legrandin commented Jul 15, 2013

This patch introduces a new module (Crypto.Signature.DSS)
with a less error prone API for performing DSA signatures.

Similarly to Crypto.Signature.PKCS1_PSS, the module
creates a signer object that only works with hash objects,
not directly with messages.

Additionally, the caller does not need to provide any RNG.
The module will use the default one and will correctly pick
the critical nonce K.

Example of API usage:

from Crypto.Signature.DSS
from Crypto.Hash import SHA256
from Crypto.PublicKey import DSA

message = b'I give my permission to order #4355'
key = DSA.importKey(open('privkey.der').read())
h = SHA256.new(message)
signer = DSS.new(key, 'fips-186-3')
signature = signer.sign(h)

A later patch adds support for deterministic DSA, to make DSA robust in case of RNG failures.

The example above remains applicable, but the signer object must now be created with:

signer = DSS.new(key, 'deterministic-rfc6979')

Finally, the set of patches includes one to generate 2 DSA keys in the same domain:

key_one = DSA.generate(2048)
key_two = DSA.generate(2048, domain=key_one.domain())

@Legrandin Legrandin closed this Dec 17, 2013

@Legrandin Legrandin reopened this Dec 21, 2013

Legrandin added some commits Jul 8, 2013

Implement a robust DSA API.
This patch introduces a new module (Crypto.Signature.DSS)
with a less error prone API for performing DSA signatures.

Similarly to Crypto.Signature.PKCS1_PSS, the module
creates a signer object that only works with hash objects,
not directly with messages.

Additionally, the caller does not need to provide any RNG.
The module will use the default one and will correctly pick
the critical nonce K.

Example of API usage:

>>> from Crypto.Signature.DSS
>>> from Crypto.Hash import SHA256
>>> from Crypto.PublicKey import DSA
>>>
>>> message = b'I give my permission to order #4355'
>>> key = DSA.importKey(open('privkey.der').read())
>>> h = SHA256.new(message)
>>> signer = DSS.new(key)
>>> signature = signer.sign(h)
Add support for deterministic DSA.
This patch implements the variant of DSA
described in http://tools.ietf.org/html/draft-pornin-deterministic-dsa-02.

The nonce k is not taken from the RNG: instead, it is derived from
the message and the key.

DSA is still secure even on platforms where the RNG is not reliable
(e.g. in VMs).
Generate DSA key given the domain parameters.
This patch makes it possible to generate a new DSA key so that it uses
a set of pre-defined domain parameters.

For instance, it is possible to generate 2 distinct DSA keys that
share the same domain parameters:

    >> key_one = DSA.generate(2048)
    >> key_two = DSA.generate(2048, domain=key_one.domain())
Fix to bug #1209399
The SHA-2 modules lost the "block_size" attribute along the way.
As result, the HMAC wrongly assumes they all have block size
of 64 bytes instead of 128 bytes (for SHA-384 and -512).

@Legrandin Legrandin closed this May 18, 2014

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.