diff options
author | lloyd <[email protected]> | 2010-02-25 21:47:19 +0000 |
---|---|---|
committer | lloyd <[email protected]> | 2010-02-25 21:47:19 +0000 |
commit | 08647db8877585a783797c8db22dc76233b200f0 (patch) | |
tree | 1844d9ec5cef596e7f9cef9dd9be6302a0e933ac /src | |
parent | 2208225cb9f448023b30ff42d4bda7cc4d5808f5 (diff) |
Use a Modular_Reducer in ECDSA op for reductions mod the order of the group
Diffstat (limited to 'src')
-rw-r--r-- | src/pubkey/ecdsa/ecdsa_op.cpp | 24 | ||||
-rw-r--r-- | src/pubkey/ecdsa/ecdsa_op.h | 3 |
2 files changed, 9 insertions, 18 deletions
diff --git a/src/pubkey/ecdsa/ecdsa_op.cpp b/src/pubkey/ecdsa/ecdsa_op.cpp index 0fb9fc564..dd92ac5c0 100644 --- a/src/pubkey/ecdsa/ecdsa_op.cpp +++ b/src/pubkey/ecdsa/ecdsa_op.cpp @@ -14,7 +14,8 @@ namespace Botan { Default_ECDSA_Op::Default_ECDSA_Op(const EC_Domain_Params& domain, const BigInt& priv, const PointGFp& pub) : - dom_pars(domain), pub_key(pub), priv_key(priv) + dom_pars(domain), mod_n(dom_pars.get_order()), + pub_key(pub), priv_key(priv) { } @@ -26,10 +27,6 @@ bool Default_ECDSA_Op::verify(const byte msg[], u32bit msg_len, if(sig_len != n.bytes()*2) return false; - // NOTE: it is not checked whether the public point is set - if(dom_pars.get_curve().get_p() == 0) - throw Internal_Error("domain parameters not set"); - BigInt e(msg, msg_len); BigInt r(sig, sig_len / 2); @@ -44,9 +41,7 @@ bool Default_ECDSA_Op::verify(const byte msg[], u32bit msg_len, if(R.is_zero()) return false; - BigInt x = R.get_affine_x(); - - return (x % n == r); + return (mod_n.reduce(R.get_affine_x()) == r); } SecureVector<byte> Default_ECDSA_Op::sign(const byte msg[], u32bit msg_len, @@ -57,25 +52,18 @@ SecureVector<byte> Default_ECDSA_Op::sign(const byte msg[], u32bit msg_len, const BigInt& n = dom_pars.get_order(); - if(n == 0) - throw Internal_Error("Default_ECDSA_Op::sign(): domain parameters not set"); - BigInt e(msg, msg_len); PointGFp k_times_P = dom_pars.get_base_point() * k; - k_times_P.check_invariants(); - BigInt r = k_times_P.get_affine_x() % n; + BigInt r = mod_n.reduce(k_times_P.get_affine_x()); if(r == 0) throw Internal_Error("Default_ECDSA_Op::sign: r was zero"); BigInt k_inv = inverse_mod(k, n); - BigInt s(r); - s *= priv_key; - s += e; - s *= k_inv; - s %= n; + BigInt s = mod_n.reduce(mod_n.multiply(r, priv_key) + e); + s = mod_n.multiply(s, k_inv); SecureVector<byte> output(2*n.bytes()); r.binary_encode(output + (output.size() / 2 - r.bytes())); diff --git a/src/pubkey/ecdsa/ecdsa_op.h b/src/pubkey/ecdsa/ecdsa_op.h index c203905f9..3a492ccf4 100644 --- a/src/pubkey/ecdsa/ecdsa_op.h +++ b/src/pubkey/ecdsa/ecdsa_op.h @@ -10,6 +10,7 @@ #define BOTAN_ECDSA_OPERATIONS_H__ #include <botan/ec_dompar.h> +#include <botan/reducer.h> namespace Botan { @@ -52,6 +53,8 @@ class BOTAN_DLL Default_ECDSA_Op : public ECDSA_Operation const PointGFp& pub_key); private: EC_Domain_Params dom_pars; + Modular_Reducer mod_n; + PointGFp pub_key; BigInt priv_key; }; |