Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
openanolis
dragonwell8_jdk
提交
0f89690c
D
dragonwell8_jdk
项目概览
openanolis
/
dragonwell8_jdk
通知
4
Star
2
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
D
dragonwell8_jdk
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
提交
0f89690c
编写于
5月 18, 2017
作者:
R
robm
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
8175106: Higher quality DSA operations
Reviewed-by: xuelei, apetcher
上级
aa4c2b3f
变更
1
隐藏空白更改
内联
并排
Showing
1 changed file
with
20 addition
and
37 deletion
+20
-37
src/share/classes/sun/security/provider/DSA.java
src/share/classes/sun/security/provider/DSA.java
+20
-37
未找到文件。
src/share/classes/sun/security/provider/DSA.java
浏览文件 @
0f89690c
/*
* Copyright (c) 1996, 201
6
, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1996, 201
7
, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
...
...
@@ -67,6 +67,13 @@ abstract class DSA extends SignatureSpi {
/* Are we debugging? */
private
static
final
boolean
debug
=
false
;
/* The number of bits used in exponent blinding */
private
static
final
int
BLINDING_BITS
=
7
;
/* The constant component of the exponent blinding value */
private
static
final
BigInteger
BLINDING_CONSTANT
=
BigInteger
.
valueOf
(
1
<<
BLINDING_BITS
);
/* The parameter object */
private
DSAParams
params
;
...
...
@@ -312,8 +319,19 @@ abstract class DSA extends SignatureSpi {
return
null
;
}
private
BigInteger
generateR
(
BigInteger
p
,
BigInteger
q
,
BigInteger
g
,
BigInteger
k
)
{
// exponent blinding to hide information from timing channel
SecureRandom
random
=
getSigningRandom
();
// start with a random blinding component
BigInteger
blindingValue
=
new
BigInteger
(
BLINDING_BITS
,
random
);
// add the fixed blinding component
blindingValue
=
blindingValue
.
add
(
BLINDING_CONSTANT
);
// replace k with a blinded value that is congruent (mod q)
k
=
k
.
add
(
q
.
multiply
(
blindingValue
));
BigInteger
temp
=
g
.
modPow
(
k
,
p
);
return
temp
.
mod
(
q
);
}
...
...
@@ -378,43 +396,8 @@ abstract class DSA extends SignatureSpi {
byte
[]
kValue
=
new
byte
[(
q
.
bitLength
()
+
7
)/
8
+
8
];
random
.
nextBytes
(
kValue
);
BigInteger
k
=
new
BigInteger
(
1
,
kValue
).
mod
(
return
new
BigInteger
(
1
,
kValue
).
mod
(
q
.
subtract
(
BigInteger
.
ONE
)).
add
(
BigInteger
.
ONE
);
// Using an equivalent exponent of fixed length (same as q or 1 bit
// less than q) to keep the kG timing relatively constant.
//
// Note that this is an extra step on top of the approach defined in
// FIPS 186-4 AppendixB.2.1 so as to make a fixed length K.
k
=
k
.
add
(
q
).
divide
(
BigInteger
.
valueOf
(
2
));
// An alternative implementation based on FIPS 186-4 AppendixB2.2
// with fixed-length K.
//
// Please keep it here as we may need to switch to it in the future.
//
// SecureRandom random = getSigningRandom();
// byte[] kValue = new byte[(q.bitLength() + 7)/8];
// BigInteger d = q.subtract(BigInteger.TWO);
// BigInteger k;
// do {
// random.nextBytes(kValue);
// BigInteger c = new BigInteger(1, kValue);
// if (c.compareTo(d) <= 0) {
// k = c.add(BigInteger.ONE);
// // Using an equivalent exponent of fixed length to keep
// // the g^k timing relatively constant.
// //
// // Note that this is an extra step on top of the approach
// // defined in FIPS 186-4 AppendixB.2.2 so as to make a
// // fixed length K.
// if (k.bitLength() >= q.bitLength()) {
// break;
// }
// }
// } while (true);
return
k
;
}
// Use the application-specified SecureRandom Object if provided.
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录