aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorlloyd <[email protected]>2010-02-25 21:47:19 +0000
committerlloyd <[email protected]>2010-02-25 21:47:19 +0000
commit08647db8877585a783797c8db22dc76233b200f0 (patch)
tree1844d9ec5cef596e7f9cef9dd9be6302a0e933ac /src
parent2208225cb9f448023b30ff42d4bda7cc4d5808f5 (diff)
Use a Modular_Reducer in ECDSA op for reductions mod the order of the group
Diffstat (limited to 'src')
-rw-r--r--src/pubkey/ecdsa/ecdsa_op.cpp24
-rw-r--r--src/pubkey/ecdsa/ecdsa_op.h3
2 files changed, 9 insertions, 18 deletions
diff --git a/src/pubkey/ecdsa/ecdsa_op.cpp b/src/pubkey/ecdsa/ecdsa_op.cpp
index 0fb9fc564..dd92ac5c0 100644
--- a/src/pubkey/ecdsa/ecdsa_op.cpp
+++ b/src/pubkey/ecdsa/ecdsa_op.cpp
@@ -14,7 +14,8 @@ namespace Botan {
Default_ECDSA_Op::Default_ECDSA_Op(const EC_Domain_Params& domain,
const BigInt& priv,
const PointGFp& pub) :
- dom_pars(domain), pub_key(pub), priv_key(priv)
+ dom_pars(domain), mod_n(dom_pars.get_order()),
+ pub_key(pub), priv_key(priv)
{
}
@@ -26,10 +27,6 @@ bool Default_ECDSA_Op::verify(const byte msg[], u32bit msg_len,
if(sig_len != n.bytes()*2)
return false;
- // NOTE: it is not checked whether the public point is set
- if(dom_pars.get_curve().get_p() == 0)
- throw Internal_Error("domain parameters not set");
-
BigInt e(msg, msg_len);
BigInt r(sig, sig_len / 2);
@@ -44,9 +41,7 @@ bool Default_ECDSA_Op::verify(const byte msg[], u32bit msg_len,
if(R.is_zero())
return false;
- BigInt x = R.get_affine_x();
-
- return (x % n == r);
+ return (mod_n.reduce(R.get_affine_x()) == r);
}
SecureVector<byte> Default_ECDSA_Op::sign(const byte msg[], u32bit msg_len,
@@ -57,25 +52,18 @@ SecureVector<byte> Default_ECDSA_Op::sign(const byte msg[], u32bit msg_len,
const BigInt& n = dom_pars.get_order();
- if(n == 0)
- throw Internal_Error("Default_ECDSA_Op::sign(): domain parameters not set");
-
BigInt e(msg, msg_len);
PointGFp k_times_P = dom_pars.get_base_point() * k;
- k_times_P.check_invariants();
- BigInt r = k_times_P.get_affine_x() % n;
+ BigInt r = mod_n.reduce(k_times_P.get_affine_x());
if(r == 0)
throw Internal_Error("Default_ECDSA_Op::sign: r was zero");
BigInt k_inv = inverse_mod(k, n);
- BigInt s(r);
- s *= priv_key;
- s += e;
- s *= k_inv;
- s %= n;
+ BigInt s = mod_n.reduce(mod_n.multiply(r, priv_key) + e);
+ s = mod_n.multiply(s, k_inv);
SecureVector<byte> output(2*n.bytes());
r.binary_encode(output + (output.size() / 2 - r.bytes()));
diff --git a/src/pubkey/ecdsa/ecdsa_op.h b/src/pubkey/ecdsa/ecdsa_op.h
index c203905f9..3a492ccf4 100644
--- a/src/pubkey/ecdsa/ecdsa_op.h
+++ b/src/pubkey/ecdsa/ecdsa_op.h
@@ -10,6 +10,7 @@
#define BOTAN_ECDSA_OPERATIONS_H__
#include <botan/ec_dompar.h>
+#include <botan/reducer.h>
namespace Botan {
@@ -52,6 +53,8 @@ class BOTAN_DLL Default_ECDSA_Op : public ECDSA_Operation
const PointGFp& pub_key);
private:
EC_Domain_Params dom_pars;
+ Modular_Reducer mod_n;
+
PointGFp pub_key;
BigInt priv_key;
};