Botan  1.10.9
ecdsa.cpp
Go to the documentation of this file.
1 /*
2 * ECDSA implemenation
3 * (C) 2007 Manuel Hartl, FlexSecure GmbH
4 * 2007 Falko Strenzke, FlexSecure GmbH
5 * 2008-2010 Jack Lloyd
6 *
7 * Distributed under the terms of the Botan license
8 */
9 
10 #include <botan/ecdsa.h>
11 #include <botan/keypair.h>
12 
13 namespace Botan {
14 
16  bool strong) const
17  {
18  if(!public_point().on_the_curve())
19  return false;
20 
21  if(!strong)
22  return true;
23 
24  return KeyPair::signature_consistency_check(rng, *this, "EMSA1(SHA-1)");
25  }
26 
28  base_point(ecdsa.domain().get_base_point()),
29  order(ecdsa.domain().get_order()),
30  x(ecdsa.private_value()),
31  mod_order(order)
32  {
33  }
34 
36 ECDSA_Signature_Operation::sign(const byte msg[], size_t msg_len,
38  {
39  rng.add_entropy(msg, msg_len);
40 
41  BigInt m(msg, msg_len);
42 
43  BigInt r = 0, s = 0;
44 
45  while(r == 0 || s == 0)
46  {
47  // This contortion is necessary for the tests
48  BigInt k;
49  k.randomize(rng, order.bits());
50 
51  while(k >= order)
52  k.randomize(rng, order.bits() - 1);
53 
54  PointGFp k_times_P = base_point * k;
55  r = mod_order.reduce(k_times_P.get_affine_x());
56  s = mod_order.multiply(inverse_mod(k, order), mul_add(x, r, m));
57  }
58 
59  SecureVector<byte> output(2*order.bytes());
60  r.binary_encode(&output[output.size() / 2 - r.bytes()]);
61  s.binary_encode(&output[output.size() - s.bytes()]);
62  return output;
63  }
64 
66  base_point(ecdsa.domain().get_base_point()),
67  public_point(ecdsa.public_point()),
68  order(ecdsa.domain().get_order())
69  {
70  }
71 
72 bool ECDSA_Verification_Operation::verify(const byte msg[], size_t msg_len,
73  const byte sig[], size_t sig_len)
74  {
75  if(sig_len != order.bytes()*2)
76  return false;
77 
78  BigInt e(msg, msg_len);
79 
80  BigInt r(sig, sig_len / 2);
81  BigInt s(sig + sig_len / 2, sig_len / 2);
82 
83  if(r <= 0 || r >= order || s <= 0 || s >= order)
84  return false;
85 
86  BigInt w = inverse_mod(s, order);
87 
88  PointGFp R = w * multi_exponentiate(base_point, e,
89  public_point, r);
90 
91  if(R.is_zero())
92  return false;
93 
94  return (R.get_affine_x() % order == r);
95  }
96 
97 }
void binary_encode(byte buf[]) const
Definition: bigint.cpp:340
bool signature_consistency_check(RandomNumberGenerator &rng, const Private_Key &key, const std::string &padding)
Definition: keypair.cpp:47
bool verify(const byte msg[], size_t msg_len, const byte sig[], size_t sig_len)
Definition: ecdsa.cpp:72
virtual void add_entropy(const byte in[], size_t length)=0
SecureVector< byte > sign(const byte msg[], size_t msg_len, RandomNumberGenerator &rng)
Definition: ecdsa.cpp:36
const PointGFp & public_point() const
Definition: ecc_key.h:45
unsigned char byte
Definition: types.h:22
BigInt get_affine_x() const
Definition: point_gfp.cpp:392
size_t bits() const
Definition: bigint.cpp:253
RandomNumberGenerator * rng
Definition: global_rng.cpp:165
void randomize(RandomNumberGenerator &rng, size_t bitsize=0)
Definition: big_rand.cpp:29
BigInt multiply(const BigInt &x, const BigInt &y) const
Definition: reducer.h:31
BigInt reduce(const BigInt &x) const
Definition: reducer.cpp:32
BigInt inverse_mod(const BigInt &n, const BigInt &mod)
Definition: numthry.cpp:202
ECDSA_Signature_Operation(const ECDSA_PrivateKey &ecdsa)
Definition: ecdsa.cpp:27
ECDSA_Verification_Operation(const ECDSA_PublicKey &ecdsa)
Definition: ecdsa.cpp:65
BigInt r
Definition: numthry.cpp:26
bool is_zero() const
Definition: point_gfp.h:146
bool check_key(RandomNumberGenerator &rng, bool) const
Definition: ecdsa.cpp:15
PointGFp multi_exponentiate(const PointGFp &p1, const BigInt &z1, const PointGFp &p2, const BigInt &z2)
Definition: point_gfp.cpp:257
BigInt mul_add(const BigInt &a, const BigInt &b, const BigInt &c)
Definition: mp_numth.cpp:33
size_t s
Definition: numthry.cpp:27
size_t bytes() const
Definition: bigint.cpp:245