2
* RFC 6979 Deterministic Nonce Generator
3
* (C) 2014,2015 Jack Lloyd
5
* Botan is released under the Simplified BSD License (see license.txt)
8
#include <botan/rfc6979.h>
9
#include <botan/hmac_drbg.h>
10
#include <botan/mac.h>
14
RFC6979_Nonce_Generator::RFC6979_Nonce_Generator(const std::string& hash,
18
m_qlen(m_order.bits()),
19
m_rlen(m_qlen / 8 + (m_qlen % 8 ? 1 : 0)),
23
m_hmac_drbg.reset(new HMAC_DRBG(MessageAuthenticationCode::create("HMAC(" + hash + ")")));
24
BigInt::encode_1363(m_rng_in.data(), m_rlen, x);
27
RFC6979_Nonce_Generator::~RFC6979_Nonce_Generator()
32
const BigInt& RFC6979_Nonce_Generator::nonce_for(const BigInt& m)
34
BigInt::encode_1363(&m_rng_in[m_rlen], m_rlen, m);
36
m_hmac_drbg->initialize_with(m_rng_in.data(), m_rng_in.size());
40
m_hmac_drbg->randomize(m_rng_out.data(), m_rng_out.size());
41
m_k.binary_decode(m_rng_out.data(), m_rng_out.size());
42
m_k >>= (8*m_rlen - m_qlen);
44
while(m_k == 0 || m_k >= m_order);
49
BigInt generate_rfc6979_nonce(const BigInt& x,
52
const std::string& hash)
54
RFC6979_Nonce_Generator gen(hash, q, x);
55
BigInt k = gen.nonce_for(h);