org.bouncycastle.crypto.signers
Class HMacDSAKCalculator

java.lang.Object
  org.bouncycastle.crypto.signers.HMacDSAKCalculator

All Implemented Interfaces:

DSAKCalculator

public class HMacDSAKCalculator

extends java.lang.Object

implements DSAKCalculator

A deterministic K calculator based on the algorithm in section 3.2 of RFC 6979.

Constructor Summary

HMacDSAKCalculator(Digest digest)
Base constructor.

Method Summary

void	init(java.math.BigInteger n, java.math.BigInteger d, byte[] message) Deterministic initialiser.
void	init(java.math.BigInteger n, java.security.SecureRandom random) Non-deterministic initialiser.
protected void	initAdditionalInput0(HMac hmac0) Supply additional input to HMAC_K(V || 0x00 || int2octets(x) || bits2octets(h1)).
protected void	initAdditionalInput1(HMac hmac1) Supply additional input to HMAC_K(V || 0x01 || int2octets(x) || bits2octets(h1)).
boolean	isDeterministic() Return true if this calculator is deterministic, false otherwise.
java.math.BigInteger	nextK() Return the next valid value of K.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

HMacDSAKCalculator

public HMacDSAKCalculator(Digest digest)

Base constructor.

Parameters:

digest - digest to build the HMAC on.

Method Detail

isDeterministic

public boolean isDeterministic()

Description copied from interface: DSAKCalculator

Return true if this calculator is deterministic, false otherwise.

Specified by:

isDeterministic in interface DSAKCalculator

Returns:

true if deterministic, otherwise false.

init

public void init(java.math.BigInteger n,
                 java.security.SecureRandom random)

Description copied from interface: DSAKCalculator

Non-deterministic initialiser.

Specified by:

init in interface DSAKCalculator

Parameters:

n - the order of the DSA group.

random - a source of randomness.

init

public void init(java.math.BigInteger n,
                 java.math.BigInteger d,
                 byte[] message)

Description copied from interface: DSAKCalculator

Deterministic initialiser.

Specified by:

init in interface DSAKCalculator

Parameters:

n - the order of the DSA group.

d - the DSA private value.

message - the message being signed.

nextK

public java.math.BigInteger nextK()

Description copied from interface: DSAKCalculator

Return the next valid value of K.

Specified by:

nextK in interface DSAKCalculator

Returns:

a K value.

initAdditionalInput0

protected void initAdditionalInput0(HMac hmac0)

Supply additional input to HMAC_K(V || 0x00 || int2octets(x) || bits2octets(h1)).

RFC 6979 3.6. Additional data may be added to the input of HMAC [..]. A use case may be a protocol that requires a non-deterministic signature algorithm on a system that does not have access to a high-quality random source. It suffices that the additional data [..] is non-repeating (e.g., a signature counter or a monotonic clock) to ensure "random-looking" signatures are indistinguishable, in a cryptographic way, from plain (EC)DSA signatures.

By default there is no additional input. Override this method to supply additional input, bearing in mind that this calculator may be used for many signatures.

Parameters:

hmac0 - the HMac to which the additional input should be added.

initAdditionalInput1

protected void initAdditionalInput1(HMac hmac1)

Supply additional input to HMAC_K(V || 0x01 || int2octets(x) || bits2octets(h1)).

Refer to comments for initAdditionalInput0(HMac).

Parameters:

hmac1 - the HMac to which the additional input should be added.