Use blinded_base_point_multiply_x in the various signature schemes

author: Jack Lloyd <[email protected]> 2018-03-08 18:44:32 -0500
committer: Jack Lloyd <[email protected]> 2018-03-08 18:44:32 -0500
commit: 87085b1c844555c1516dd8a930847aa3972b134e (patch)
tree: 2768c8dbcbecfa0cd16a80ed7f4feb2b8bc64218
parent: af4aad7db642607fbf4e07b2f8d7c97865397e94 (diff)
5 files changed, 17 insertions, 14 deletions
diff --git a/src/lib/pubkey/ecdsa/ecdsa.cpp b/src/lib/pubkey/ecdsa/ecdsa.cpp
index d473e466c..a2877f7fc 100644
--- a/src/lib/pubkey/ecdsa/ecdsa.cpp
+++ b/src/lib/pubkey/ecdsa/ecdsa.cpp
@@ -90,7 +90,7 @@ ECDSA_Signature_Operation::raw_sign(const uint8_t msg[], size_t msg_len,
 
    const BigInt k_inv = inverse_mod(k, m_group.get_order());
    const BigInt r = m_group.mod_order(
-      m_group.blinded_base_point_multiply(k, rng, m_ws).get_affine_x());
+      m_group.blinded_base_point_multiply_x(k, rng, m_ws));
 
    const BigInt xrm = m_group.mod_order(m_group.multiply_mod_order(m_x, r) + m);
    const BigInt s = m_group.multiply_mod_order(k_inv, xrm);
diff --git a/src/lib/pubkey/ecgdsa/ecgdsa.cpp b/src/lib/pubkey/ecgdsa/ecgdsa.cpp
index 6cbd3453b..db790b0d1 100644
--- a/src/lib/pubkey/ecgdsa/ecgdsa.cpp
+++ b/src/lib/pubkey/ecgdsa/ecgdsa.cpp
@@ -61,9 +61,12 @@ ECGDSA_Signature_Operation::raw_sign(const uint8_t msg[], size_t msg_len,
 
    BigInt k = BigInt::random_integer(rng, 1, m_group.get_order());
 
-   const PointGFp k_times_P = m_group.blinded_base_point_multiply(k, rng, m_ws);
-   const BigInt r = m_group.mod_order(k_times_P.get_affine_x());
-   const BigInt s = m_group.multiply_mod_order(m_x, mul_sub(k, r, m));
+   const BigInt r = m_group.mod_order(
+      m_group.blinded_base_point_multiply_x(k, rng, m_ws));
+
+   const BigInt kr = m_group.multiply_mod_order(k, r);
+
+   const BigInt s = m_group.multiply_mod_order(m_x, kr - m);
 
    // With overwhelming probability, a bug rather than actual zero r/s
    if(r.is_zero() || s.is_zero())
diff --git a/src/lib/pubkey/eckcdsa/eckcdsa.cpp b/src/lib/pubkey/eckcdsa/eckcdsa.cpp
index be721a6b6..f9d9b2f60 100644
--- a/src/lib/pubkey/eckcdsa/eckcdsa.cpp
+++ b/src/lib/pubkey/eckcdsa/eckcdsa.cpp
@@ -77,8 +77,7 @@ ECKCDSA_Signature_Operation::raw_sign(const uint8_t msg[], size_t,
                                      RandomNumberGenerator& rng)
    {
    const BigInt k = BigInt::random_integer(rng, 1, m_group.get_order());
-   const PointGFp k_times_P = m_group.blinded_base_point_multiply(k, rng, m_ws);
-   const BigInt k_times_P_x = k_times_P.get_affine_x();
+   const BigInt k_times_P_x = m_group.blinded_base_point_multiply_x(k, rng, m_ws);
 
    secure_vector<uint8_t> to_be_hashed(k_times_P_x.bytes());
    k_times_P_x.binary_encode(to_be_hashed.data());
diff --git a/src/lib/pubkey/gost_3410/gost_3410.cpp b/src/lib/pubkey/gost_3410/gost_3410.cpp
index 79d3f204d..4e2df4cb8 100644
--- a/src/lib/pubkey/gost_3410/gost_3410.cpp
+++ b/src/lib/pubkey/gost_3410/gost_3410.cpp
@@ -132,11 +132,12 @@ GOST_3410_Signature_Operation::raw_sign(const uint8_t msg[], size_t msg_len,
    if(e == 0)
       e = 1;
 
-   const PointGFp k_times_P = m_group.blinded_base_point_multiply(k, rng, m_ws);
-   BOTAN_ASSERT(k_times_P.on_the_curve(), "GOST 34.10 k*g is on the curve");
+   const BigInt r = m_group.mod_order(
+      m_group.blinded_base_point_multiply_x(k, rng, m_ws));
 
-   const BigInt r = m_group.mod_order(k_times_P.get_affine_x());
-   const BigInt s = m_group.mod_order(r*m_x + k*e);
+   const BigInt s = m_group.mod_order(
+      m_group.multiply_mod_order(r, m_x) +
+      m_group.multiply_mod_order(k, e));
 
    if(r == 0 || s == 0)
       throw Internal_Error("GOST 34.10 signature generation failed, r/s equal to zero");
diff --git a/src/lib/pubkey/sm2/sm2.cpp b/src/lib/pubkey/sm2/sm2.cpp
index a23708944..cec9eaa38 100644
--- a/src/lib/pubkey/sm2/sm2.cpp
+++ b/src/lib/pubkey/sm2/sm2.cpp
@@ -112,12 +112,12 @@ class SM2_Signature_Operation final : public PK_Ops::Signature
 secure_vector<uint8_t>
 SM2_Signature_Operation::sign(RandomNumberGenerator& rng)
    {
-   const BigInt k = BigInt::random_integer(rng, 1, m_group.get_order());
+   const BigInt e = BigInt::decode(m_hash->final());
 
-   const PointGFp k_times_P = m_group.blinded_base_point_multiply(k, rng, m_ws);
+   const BigInt k = BigInt::random_integer(rng, 1, m_group.get_order());
 
-   const BigInt e = BigInt::decode(m_hash->final());
-   const BigInt r = m_group.mod_order(k_times_P.get_affine_x() + e);
+   const BigInt r = m_group.mod_order(
+      m_group.blinded_base_point_multiply_x(k, rng, m_ws) + e);
    const BigInt s = m_group.multiply_mod_order(m_da_inv, (k - r*m_x));
 
    // prepend ZA for next signature if any
author	Jack Lloyd <[email protected]>	2018-03-08 18:44:32 -0500
committer	Jack Lloyd <[email protected]>	2018-03-08 18:44:32 -0500
commit	87085b1c844555c1516dd8a930847aa3972b134e (patch)
tree	2768c8dbcbecfa0cd16a80ed7f4feb2b8bc64218
parent	af4aad7db642607fbf4e07b2f8d7c97865397e94 (diff)