diff options
author | Sergio Giro <sgiro@google.com> | 2017-01-19 21:40:17 +0000 |
---|---|---|
committer | android-build-merger <android-build-merger@google.com> | 2017-01-19 21:40:17 +0000 |
commit | fbf7512c8942075f80cba53e708c13682f04ea29 (patch) | |
tree | 8ebc72ead6f9a80938fdba92e217da96ee451037 /bcprov/src/main/java/org/bouncycastle/crypto/signers/DSASigner.java | |
parent | e54ca62fe13a7f6a52a89e409edcf4b6547072be (diff) | |
parent | 07a37e800ceaa1470036078af8d69981604e0945 (diff) | |
download | bouncycastle-fbf7512c8942075f80cba53e708c13682f04ea29.tar.gz |
Merge "bouncycastle: upgrade to version 1.56" am: ae9dc88d85 am: ed012da722
am: 07a37e800c
Change-Id: Ie6a51b57d83037f0f7f1acecedc16da1c1bd6820
Diffstat (limited to 'bcprov/src/main/java/org/bouncycastle/crypto/signers/DSASigner.java')
-rw-r--r-- | bcprov/src/main/java/org/bouncycastle/crypto/signers/DSASigner.java | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/bcprov/src/main/java/org/bouncycastle/crypto/signers/DSASigner.java b/bcprov/src/main/java/org/bouncycastle/crypto/signers/DSASigner.java index 44f838b2..920611bc 100644 --- a/bcprov/src/main/java/org/bouncycastle/crypto/signers/DSASigner.java +++ b/bcprov/src/main/java/org/bouncycastle/crypto/signers/DSASigner.java @@ -95,7 +95,8 @@ public class DSASigner BigInteger k = kCalculator.nextK(); - BigInteger r = params.getG().modPow(k, params.getP()).mod(q); + // the randomizer is to conceal timing information related to k and x. + BigInteger r = params.getG().modPow(k.add(getRandomizer(q, random)), params.getP()).mod(q); k = k.modInverse(q).multiply(m.add(x.multiply(r))); @@ -163,4 +164,12 @@ public class DSASigner { return !needed ? null : (provided != null) ? provided : new SecureRandom(); } + + private BigInteger getRandomizer(BigInteger q, SecureRandom provided) + { + // Calculate a random multiple of q to add to k. Note that g^q = 1 (mod p), so adding multiple of q to k does not change r. + int randomBits = 7; + + return new BigInteger(randomBits, provided != null ? provided : new SecureRandom()).add(BigInteger.valueOf(128)).multiply(q); + } } |