9 #include <botan/eckcdsa.h>
10 #include <botan/internal/pk_ops_impl.h>
11 #include <botan/internal/point_mul.h>
12 #include <botan/keypair.h>
13 #include <botan/reducer.h>
14 #include <botan/emsa.h>
15 #include <botan/hash.h>
16 #include <botan/rng.h>
46 const std::string& emsa) :
47 PK_Ops::Signature_with_EMSA(emsa),
49 m_x(eckcdsa.private_value()),
61 secure_vector<uint8_t> raw_sign(
const uint8_t msg[],
size_t msg_len,
62 RandomNumberGenerator& rng)
override;
64 size_t signature_length()
const override {
return 2*
m_group.get_order_bytes(); }
65 size_t max_input_bits()
const override {
return m_group.get_order_bits(); }
67 bool has_prefix()
override {
return true; }
68 secure_vector<uint8_t> message_prefix()
const override {
return m_prefix; }
77 secure_vector<uint8_t>
78 ECKCDSA_Signature_Operation::raw_sign(
const uint8_t msg[],
size_t,
79 RandomNumberGenerator& rng)
84 secure_vector<uint8_t> to_be_hashed(k_times_P_x.bytes());
87 std::unique_ptr<EMSA> emsa = this->clone_emsa();
88 emsa->update(to_be_hashed.data(), to_be_hashed.size());
89 secure_vector<uint8_t> c = emsa->raw_data();
90 c = emsa->encoding_of(c, max_input_bits(), rng);
92 const BigInt r(c.data(), c.size());
95 BigInt w(c.data(), c.size());
100 throw Internal_Error(
"During ECKCDSA signature generation created zero s");
110 class ECKCDSA_Verification_Operation
final :
public PK_Ops::Verification_with_EMSA
114 ECKCDSA_Verification_Operation(
const ECKCDSA_PublicKey& eckcdsa,
115 const std::string& emsa) :
116 PK_Ops::Verification_with_EMSA(emsa),
121 const BigInt public_point_x = eckcdsa.public_point().get_affine_x();
122 const BigInt public_point_y = eckcdsa.public_point().get_affine_y();
124 m_prefix.resize(public_point_x.bytes() + public_point_y.bytes());
125 public_point_x.binary_encode(&
m_prefix[0]);
126 public_point_y.binary_encode(&
m_prefix[public_point_x.bytes()]);
130 bool has_prefix()
override {
return true; }
131 secure_vector<uint8_t> message_prefix()
const override {
return m_prefix; }
133 size_t max_input_bits()
const override {
return m_group.get_order_bits(); }
135 bool with_recovery()
const override {
return false; }
137 bool verify(
const uint8_t msg[],
size_t msg_len,
138 const uint8_t sig[],
size_t sig_len)
override;
145 bool ECKCDSA_Verification_Operation::verify(
const uint8_t msg[],
size_t,
146 const uint8_t sig[],
size_t sig_len)
153 const size_t size_r = std::min(hash -> output_length(), order_bytes);
154 if(sig_len != size_r + order_bytes)
159 secure_vector<uint8_t> r(sig, sig + size_r);
162 const BigInt s(sig + size_r, order_bytes);
169 secure_vector<uint8_t> r_xor_e(r);
170 xor_buf(r_xor_e, msg, r.size());
171 BigInt w(r_xor_e.data(), r_xor_e.size());
176 secure_vector<uint8_t> c(q_x.bytes());
178 std::unique_ptr<EMSA> emsa = this->clone_emsa();
179 emsa->update(c.data(), c.size());
180 secure_vector<uint8_t> v = emsa->raw_data();
182 v = emsa->encoding_of(v, max_input_bits(), rng);
189 std::unique_ptr<PK_Ops::Verification>
191 const std::string& provider)
const
193 if(provider ==
"base" || provider.empty())
194 return std::unique_ptr<PK_Ops::Verification>(
new ECKCDSA_Verification_Operation(*
this, params));
198 std::unique_ptr<PK_Ops::Signature>
200 const std::string& params,
201 const std::string& provider)
const
203 if(provider ==
"base" || provider.empty())
204 return std::unique_ptr<PK_Ops::Signature>(
new ECKCDSA_Signature_Operation(*
this, params));
void binary_encode(uint8_t buf[]) const
bool check_key(RandomNumberGenerator &rng, bool) const override
BigInt get_affine_y() const
std::vector< BigInt > m_ws
int(* final)(unsigned char *, CTX *)
BigInt multiply_mod_order(const BigInt &x, const BigInt &y) const
const PointGFp & public_point() const
size_t get_order_bytes() const
BigInt get_affine_x() const
std::unique_ptr< PK_Ops::Signature > create_signature_op(RandomNumberGenerator &rng, const std::string ¶ms, const std::string &provider) const override
bool signature_consistency_check(RandomNumberGenerator &rng, const Private_Key &private_key, const Public_Key &public_key, const std::string &padding)
BigInt mod_order(const BigInt &x) const
void xor_buf(uint8_t out[], const uint8_t in[], size_t length)
const BigInt & get_order() const
std::unique_ptr< PK_Ops::Verification > create_verification_op(const std::string ¶ms, const std::string &provider) const override
const PointGFp_Multi_Point_Precompute m_gy_mul
static std::unique_ptr< HashFunction > create(const std::string &algo_spec, const std::string &provider="")
secure_vector< uint8_t > m_prefix
BigInt blinded_base_point_multiply_x(const BigInt &k, RandomNumberGenerator &rng, std::vector< BigInt > &ws) const
static secure_vector< uint8_t > encode_1363(const BigInt &n, size_t bytes)
PointGFp multi_exp(const BigInt &k1, const BigInt &k2) const
BigInt random_scalar(RandomNumberGenerator &rng) const
std::string algo_name() const override