Skip to content

Commit

Permalink
Change HmacDrbg to support variable output size
Browse files Browse the repository at this point in the history
This is simply a matter of iterating the hashing of self.v until
sufficient output bytes have been produced.

This is necessary for the upcoming DSA implementation.
  • Loading branch information
rvolgers committed Feb 12, 2021
1 parent e24ccec commit 4b22b57
Showing 1 changed file with 11 additions and 8 deletions.
19 changes: 11 additions & 8 deletions ecdsa/src/rfc6979.rs
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,9 @@ where
x.zeroize();

loop {
if let Some(k) = NonZeroScalar::from_repr(hmac_drbg.next()) {
let mut tmp = FieldBytes::<C>::default();
hmac_drbg.generate_to_slice(&mut tmp);
if let Some(k) = NonZeroScalar::from_repr(tmp) {
return Zeroizing::new(k);
}
}
Expand Down Expand Up @@ -87,17 +89,18 @@ where
}

/// Get the next `HMAC_DRBG` output
pub fn next(&mut self) -> GenericArray<u8, D::OutputSize> {
self.k.update(&self.v);
let t = self.k.finalize_reset().into_bytes();
pub fn generate_to_slice(&mut self, out: &mut [u8]) {
for out_chunk in out.chunks_mut(self.v.len()) {
self.k.update(&self.v);
self.v = self.k.finalize_reset().into_bytes();
out_chunk.copy_from_slice(&self.v[..out_chunk.len()]);
}

self.k.update(&t);
self.k.update(&self.v);
self.k.update(&[0x00]);
self.k = Hmac::new_varkey(&self.k.finalize_reset().into_bytes()).unwrap();
self.k.update(&t);
self.k.update(&self.v);
self.v = self.k.finalize_reset().into_bytes();

t
}
}

Expand Down

0 comments on commit 4b22b57

Please sign in to comment.