13262741994

Committed 11 Feb 2025 12:19PM UTC coverage: 91.656% (-0.003%) from 91.659%

Build # 13262741994

Build Type

Pull #4647

github

Committed by

web-flow

Commit Message

Merge 0b8e56724 into f372b5a9e

Pull Request Pull Request #4647: Avoid using mem_ops.h or assert.h in public headers

Run Details

94864 of 103500 relevant lines covered (91.66%)

11330304.66 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

97.62

/src/lib/pubkey/rfc6979/rfc6979.cpp

/*
* RFC 6979 Deterministic Nonce Generator
* (C) 2014,2015,2024 Jack Lloyd
*
* Botan is released under the Simplified BSD License (see license.txt)
*/

#include <botan/internal/rfc6979.h>

#include <botan/assert.h>
#include <botan/hmac_drbg.h>
#include <botan/mac.h>
#include <botan/internal/fmt.h>

namespace Botan {

RFC6979_Nonce_Generator::~RFC6979_Nonce_Generator() = default;

RFC6979_Nonce_Generator::RFC6979_Nonce_Generator(std::string_view hash, size_t order_bits, const BigInt& x) :
      m_qlen(order_bits), m_rlen((m_qlen + 7) / 8), m_rng_in(m_rlen * 2), m_rng_out(m_rlen) {
   m_hmac_drbg = std::make_unique<HMAC_DRBG>(MessageAuthenticationCode::create_or_throw(fmt("HMAC({})", hash)));

   x.serialize_to(std::span{m_rng_in}.first(m_rlen));
}

BigInt RFC6979_Nonce_Generator::nonce_for(const BigInt& order, const BigInt& m) {
   BOTAN_DEBUG_ASSERT(order.bits() == m_qlen);

   m.serialize_to(std::span{m_rng_in}.last(m_rlen));

   m_hmac_drbg->initialize_with(m_rng_in);

   const size_t shift = 8 * m_rlen - m_qlen;
   BOTAN_ASSERT_NOMSG(shift < 8);

   BigInt k;

   do {
      m_hmac_drbg->randomize(m_rng_out);
      k._assign_from_bytes(m_rng_out);

      if(shift > 0) {
         k >>= shift;
      }
   } while(k == 0 || k >= order);

   return k;
}

#if defined(BOTAN_HAS_ECC_GROUP)
RFC6979_Nonce_Generator::RFC6979_Nonce_Generator(std::string_view hash, size_t order_bits, const EC_Scalar& scalar) :
      m_qlen(order_bits), m_rlen((m_qlen + 7) / 8), m_rng_in(m_rlen * 2), m_rng_out(m_rlen) {
   m_hmac_drbg = std::make_unique<HMAC_DRBG>(MessageAuthenticationCode::create_or_throw(fmt("HMAC({})", hash)));

   scalar.serialize_to(std::span{m_rng_in}.first(m_rlen));
}

EC_Scalar RFC6979_Nonce_Generator::nonce_for(const EC_Group& group, const EC_Scalar& m) {
   m.serialize_to(std::span{m_rng_in}.last(m_rlen));

   m_hmac_drbg->initialize_with(m_rng_in);

   const size_t shift = 8 * m_rlen - m_qlen;
   BOTAN_ASSERT_NOMSG(shift < 8);

   for(;;) {
      m_hmac_drbg->randomize(m_rng_out);

      if(shift > 0) {
         uint8_t carry = 0;
         for(uint8_t& b : m_rng_out) {
            const uint8_t w = b;
            b = (w >> shift) | carry;
            carry = w << (8 - shift);
         }
      }

      if(auto k = EC_Scalar::deserialize(group, m_rng_out)) {
         return *k;
      }
   }
}
#endif

}  // namespace Botan

1	/*
2	* RFC 6979 Deterministic Nonce Generator
3	* (C) 2014,2015,2024 Jack Lloyd
4	*
5	* Botan is released under the Simplified BSD License (see license.txt)
6	*/
7
8	#include <botan/internal/rfc6979.h>
9
10	#include <botan/assert.h>
11	#include <botan/hmac_drbg.h>
12	#include <botan/mac.h>
13	#include <botan/internal/fmt.h>
14
15	namespace Botan {
16
17	RFC6979_Nonce_Generator::~RFC6979_Nonce_Generator() = default;	1,980✔
18
19	RFC6979_Nonce_Generator::RFC6979_Nonce_Generator(std::string_view hash, size_t order_bits, const BigInt& x) :	82✔
20	m_qlen(order_bits), m_rlen((m_qlen + 7) / 8), m_rng_in(m_rlen * 2), m_rng_out(m_rlen) {	82✔
21	m_hmac_drbg = std::make_unique<HMAC_DRBG>(MessageAuthenticationCode::create_or_throw(fmt("HMAC({})", hash)));	82✔
22
23	x.serialize_to(std::span{m_rng_in}.first(m_rlen));	82✔
24	}	82✔
25
26	BigInt RFC6979_Nonce_Generator::nonce_for(const BigInt& order, const BigInt& m) {	86✔
27	BOTAN_DEBUG_ASSERT(order.bits() == m_qlen);	86✔
28
29	m.serialize_to(std::span{m_rng_in}.last(m_rlen));	86✔
30
31	m_hmac_drbg->initialize_with(m_rng_in);	86✔
32
33	const size_t shift = 8 * m_rlen - m_qlen;	86✔
34	BOTAN_ASSERT_NOMSG(shift < 8);	86✔
35
36	BigInt k;	86✔
37
38	do {	163✔
39	m_hmac_drbg->randomize(m_rng_out);	163✔
40	k._assign_from_bytes(m_rng_out);	163✔
41
42	if(shift > 0) {	163✔
43	k >>= shift;	12✔
44	}
45	} while(k == 0 \|\| k >= order);	403✔
46
47	return k;	86✔
48	}	×
49
50	#if defined(BOTAN_HAS_ECC_GROUP)
51	RFC6979_Nonce_Generator::RFC6979_Nonce_Generator(std::string_view hash, size_t order_bits, const EC_Scalar& scalar) :	578✔
52	m_qlen(order_bits), m_rlen((m_qlen + 7) / 8), m_rng_in(m_rlen * 2), m_rng_out(m_rlen) {	578✔
53	m_hmac_drbg = std::make_unique<HMAC_DRBG>(MessageAuthenticationCode::create_or_throw(fmt("HMAC({})", hash)));	578✔
54
55	scalar.serialize_to(std::span{m_rng_in}.first(m_rlen));	578✔
56	}	578✔
57
58	EC_Scalar RFC6979_Nonce_Generator::nonce_for(const EC_Group& group, const EC_Scalar& m) {	3,122✔
59	m.serialize_to(std::span{m_rng_in}.last(m_rlen));	3,122✔
60
61	m_hmac_drbg->initialize_with(m_rng_in);	3,122✔
62
63	const size_t shift = 8 * m_rlen - m_qlen;	3,122✔
64	BOTAN_ASSERT_NOMSG(shift < 8);	3,122✔
65
66	for(;;) {	4,452✔
67	m_hmac_drbg->randomize(m_rng_out);	3,787✔
68
69	if(shift > 0) {	3,787✔
70	uint8_t carry = 0;	1,212✔
71	for(uint8_t& b : m_rng_out) {	36,587✔
72	const uint8_t w = b;	35,375✔
73	b = (w >> shift) \| carry;	35,375✔
74	carry = w << (8 - shift);	35,375✔
75	}
76	}
77
78	if(auto k = EC_Scalar::deserialize(group, m_rng_out)) {	3,787✔
79	return *k;	3,122✔
80	}	3,787✔
81	}
82	}
83	#endif
84
85	} // namespace Botan

randombit / botan / 13262741994

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous