diff options
| author | Jack Lloyd <[email protected]> | 2018-12-10 07:08:05 -0500 |
|---|---|---|
| committer | Jack Lloyd <[email protected]> | 2018-12-10 07:14:42 -0500 |
| commit | b5bdefe234f6ea07b57c5bebfc06221298295e88 (patch) | |
| tree | f335236a9c584241c08a1bf3fffcb9795b2607b9 /src/cli | |
| parent | df760ea61ae294f7d23572cf9104d55c63e94632 (diff) | |
Work around a problem when built with OpenSSL
It appears OpenSSL has a different interpretation from us of how the
message representative is formed for P-521 when given a hash to sign
that is larger than the group order; signatures generated by us do
not verify with OpenSSL and vice versa.
Diffstat (limited to 'src/cli')
| -rw-r--r-- | src/cli/speed.cpp | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/src/cli/speed.cpp b/src/cli/speed.cpp index 57206a1fa..518601a81 100644 --- a/src/cli/speed.cpp +++ b/src/cli/speed.cpp @@ -454,6 +454,7 @@ class Speed final : public Command else if(format != "default") throw CLI_Usage_Error("Unknown --format type '" + format + "'"); +#if defined(BOTAN_HAS_ECC_GROUP) if(ecc_groups.empty()) { ecc_groups = { "secp256r1", "brainpool256r1", @@ -465,6 +466,7 @@ class Speed final : public Command auto all = Botan::EC_Group::known_named_groups(); ecc_groups.assign(all.begin(), all.end()); } +#endif std::vector<std::string> algos = get_arg_list("algos"); @@ -1860,15 +1862,20 @@ class Speed final : public Command { Botan::ECDSA_PrivateKey key(rng(), group); - std::vector<uint8_t> message(group.get_order_bytes()); + std::vector<uint8_t> message(group.get_order_bits() / 8); rng().randomize(message.data(), message.size()); Botan::PK_Signer signer(key, rng(), "Raw"); signer.update(message); std::vector<uint8_t> signature = signer.signature(rng()); + Botan::PK_Verifier verifier(key, "Raw", Botan::IEEE_1363, "base"); + verifier.update(message); + BOTAN_ASSERT(verifier.check_signature(signature), "Valid signature"); + Botan::BigInt r(signature.data(), signature.size()/2); Botan::BigInt s(signature.data() + signature.size()/2, signature.size()/2); + const uint8_t v = key.recovery_param(message, r, s); recovery_timer->run([&]() { |