From 9510a6f60869b3d37f5fa07e26403482b85c9502 Mon Sep 17 00:00:00 2001 From: Peter Dettman Date: Thu, 27 Jan 2022 15:08:42 +0700 Subject: Support additional input in "deterministic (EC)DSA" --- crypto/src/crypto/signers/HMacDsaKCalculator.cs | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/crypto/src/crypto/signers/HMacDsaKCalculator.cs b/crypto/src/crypto/signers/HMacDsaKCalculator.cs index 05c4ae5c2..2641f58b6 100644 --- a/crypto/src/crypto/signers/HMacDsaKCalculator.cs +++ b/crypto/src/crypto/signers/HMacDsaKCalculator.cs @@ -74,6 +74,7 @@ namespace Org.BouncyCastle.Crypto.Signers hMac.Update((byte)0x00); hMac.BlockUpdate(x, 0, x.Length); hMac.BlockUpdate(m, 0, m.Length); + InitAdditionalInput0(hMac); hMac.DoFinal(K, 0); @@ -136,6 +137,22 @@ namespace Org.BouncyCastle.Crypto.Signers } } + /// Supports use of additional input. + /// + /// RFC 6979 3.6. Additional data may be added to the input of HMAC [..]. A use case may be a protocol that + /// requires a non-deterministic signature algorithm on a system that does not have access to a high-quality + /// random source. It suffices that the additional data[..] is non-repeating(e.g., a signature counter or a + /// monotonic clock) to ensure "random-looking" signatures are indistinguishable, in a cryptographic way, from + /// plain (EC)DSA signatures. + /// + /// By default there is no additional input. Override this method to supply additional input, bearing in mind + /// that this calculator may be used for many signatures. + /// + /// The to which the additional input should be added. + protected virtual void InitAdditionalInput0(HMac hmac0) + { + } + private BigInteger BitsToInt(byte[] t) { BigInteger v = new BigInteger(1, t); -- cgit 1.4.1