Fix leading zero bytes in DSA, ECDSA, ECGDSA and ECKCDSA signatures

2 files changed, 20 insertions, 0 deletions

diff --git a/src/lib/math/bigint/big_code.cpp b/src/lib/math/bigint/big_code.cpp
index 299fdc246..c8687715d 100644
--- a/src/lib/math/bigint/big_code.cpp
+++ b/src/lib/math/bigint/big_code.cpp
@@ -98,6 +98,17 @@ void BigInt::encode_1363(byte output[], size_t bytes, const BigInt& n)
    }
 
 /*
+* Encode two BigInt, with leading 0s if needed, and concatenate
+*/
+secure_vector<byte> BigInt::encode_fixed_length_int_pair(const BigInt& n1, const BigInt& n2, size_t bytes)
+   {
+   secure_vector<byte> output(2 * bytes);
+   BigInt::encode_1363(output.data(), bytes, n1);
+   BigInt::encode_1363(output.data() + bytes, bytes, n2);
+   return output;
+   }
+
+/*
 * Decode a BigInt
 */
 BigInt BigInt::decode(const byte buf[], size_t length, Base base)
diff --git a/src/lib/math/bigint/bigint.h b/src/lib/math/bigint/bigint.h
index 2963ba35d..a61bee39c 100644
--- a/src/lib/math/bigint/bigint.h
+++ b/src/lib/math/bigint/bigint.h
@@ -566,6 +566,15 @@ class BOTAN_DLL BigInt
 
      static void encode_1363(byte out[], size_t bytes, const BigInt& n);
 
+     /**
+     * Encode two BigInt to a byte array according to IEEE 1363
+     * @param n1 the first BigInt to encode
+     * @param n2 the second BigInt to encode
+     * @param bytes the length of the encoding of each single BigInt
+     * @result a secure_vector<byte> containing the concatenation of the two encoded BigInt
+     */
+     static secure_vector<byte> encode_fixed_length_int_pair(const BigInt& n1, const BigInt& n2, size_t bytes);
+
    private:
       secure_vector<word> m_reg;
       Sign m_signedness = Positive;