diff options
| -rw-r--r-- | crypto/src/crypto/signers/HMacDsaKCalculator.cs | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/crypto/src/crypto/signers/HMacDsaKCalculator.cs b/crypto/src/crypto/signers/HMacDsaKCalculator.cs index 05c4ae5c2..2641f58b6 100644 --- a/crypto/src/crypto/signers/HMacDsaKCalculator.cs +++ b/crypto/src/crypto/signers/HMacDsaKCalculator.cs @@ -74,6 +74,7 @@ namespace Org.BouncyCastle.Crypto.Signers hMac.Update((byte)0x00); hMac.BlockUpdate(x, 0, x.Length); hMac.BlockUpdate(m, 0, m.Length); + InitAdditionalInput0(hMac); hMac.DoFinal(K, 0); @@ -136,6 +137,22 @@ namespace Org.BouncyCastle.Crypto.Signers } } + /// <summary>Supports use of additional input.</summary> + /// <remarks> + /// RFC 6979 3.6. Additional data may be added to the input of HMAC [..]. A use case may be a protocol that + /// requires a non-deterministic signature algorithm on a system that does not have access to a high-quality + /// random source. It suffices that the additional data[..] is non-repeating(e.g., a signature counter or a + /// monotonic clock) to ensure "random-looking" signatures are indistinguishable, in a cryptographic way, from + /// plain (EC)DSA signatures. + /// <para/> + /// By default there is no additional input. Override this method to supply additional input, bearing in mind + /// that this calculator may be used for many signatures. + /// </remarks> + /// <param name="hmac0">The <see cref="HMac"/> to which the additional input should be added.</param> + protected virtual void InitAdditionalInput0(HMac hmac0) + { + } + private BigInteger BitsToInt(byte[] t) { BigInteger v = new BigInteger(1, t); |