aboutsummaryrefslogtreecommitdiffstats
path: root/src/lib/pubkey/sm2/sm2.cpp
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/pubkey/sm2/sm2.cpp')
-rw-r--r--src/lib/pubkey/sm2/sm2.cpp38
1 files changed, 16 insertions, 22 deletions
diff --git a/src/lib/pubkey/sm2/sm2.cpp b/src/lib/pubkey/sm2/sm2.cpp
index 652985ec9..e2bc5d92d 100644
--- a/src/lib/pubkey/sm2/sm2.cpp
+++ b/src/lib/pubkey/sm2/sm2.cpp
@@ -1,14 +1,15 @@
/*
* SM2 Signatures
* (C) 2017 Ribose Inc
+* (C) 2018 Jack Lloyd
*
* Botan is released under the Simplified BSD License (see license.txt)
*/
#include <botan/sm2.h>
#include <botan/internal/pk_ops_impl.h>
+#include <botan/numthry.h>
#include <botan/keypair.h>
-#include <botan/reducer.h>
#include <botan/hash.h>
namespace Botan {
@@ -81,11 +82,10 @@ class SM2_Signature_Operation final : public PK_Ops::Signature
SM2_Signature_Operation(const SM2_Signature_PrivateKey& sm2,
const std::string& ident,
const std::string& hash) :
- m_order(sm2.domain().get_order()),
- m_base_point(sm2.domain().get_base_point(), m_order),
+ m_group(sm2.domain()),
+ m_base_point(sm2.domain().get_base_point(), sm2.domain().get_order()),
m_x(sm2.private_value()),
m_da_inv(sm2.get_da_inv()),
- m_mod_order(m_order),
m_hash(HashFunction::create_or_throw(hash))
{
// ZA=H256(ENTLA || IDA || a || b || xG || yG || xA || yA)
@@ -101,11 +101,10 @@ class SM2_Signature_Operation final : public PK_Ops::Signature
secure_vector<uint8_t> sign(RandomNumberGenerator& rng) override;
private:
- const BigInt& m_order;
+ const EC_Group m_group;
Blinded_Point_Multiply m_base_point;
const BigInt& m_x;
const BigInt& m_da_inv;
- Modular_Reducer m_mod_order;
std::vector<uint8_t> m_za;
std::unique_ptr<HashFunction> m_hash;
@@ -114,18 +113,18 @@ class SM2_Signature_Operation final : public PK_Ops::Signature
secure_vector<uint8_t>
SM2_Signature_Operation::sign(RandomNumberGenerator& rng)
{
- const BigInt k = BigInt::random_integer(rng, 1, m_order);
+ const BigInt k = BigInt::random_integer(rng, 1, m_group.get_order());
const PointGFp k_times_P = m_base_point.blinded_multiply(k, rng);
const BigInt e = BigInt::decode(m_hash->final());
- const BigInt r = m_mod_order.reduce(k_times_P.get_affine_x() + e);
- const BigInt s = m_mod_order.multiply(m_da_inv, (k - r*m_x));
+ const BigInt r = m_group.mod_order(k_times_P.get_affine_x() + e);
+ const BigInt s = m_group.multiply_mod_order(m_da_inv, (k - r*m_x));
// prepend ZA for next signature if any
m_hash->update(m_za);
- return BigInt::encode_fixed_length_int_pair(r, s, m_order.bytes());
+ return BigInt::encode_fixed_length_int_pair(r, s, m_group.get_order().bytes());
}
/**
@@ -137,10 +136,8 @@ class SM2_Verification_Operation final : public PK_Ops::Verification
SM2_Verification_Operation(const SM2_Signature_PublicKey& sm2,
const std::string& ident,
const std::string& hash) :
- m_base_point(sm2.domain().get_base_point()),
+ m_group(sm2.domain()),
m_public_point(sm2.public_point()),
- m_order(sm2.domain().get_order()),
- m_mod_order(m_order),
m_hash(HashFunction::create_or_throw(hash))
{
// ZA=H256(ENTLA || IDA || a || b || xG || yG || xA || yA)
@@ -155,11 +152,8 @@ class SM2_Verification_Operation final : public PK_Ops::Verification
bool is_valid_signature(const uint8_t sig[], size_t sig_len) override;
private:
- const PointGFp& m_base_point;
+ const EC_Group m_group;
const PointGFp& m_public_point;
- const BigInt& m_order;
- // FIXME: should be offered by curve
- Modular_Reducer m_mod_order;
std::vector<uint8_t> m_za;
std::unique_ptr<HashFunction> m_hash;
};
@@ -171,27 +165,27 @@ bool SM2_Verification_Operation::is_valid_signature(const uint8_t sig[], size_t
// Update for next verification
m_hash->update(m_za);
- if(sig_len != m_order.bytes()*2)
+ if(sig_len != m_group.get_order().bytes()*2)
return false;
const BigInt r(sig, sig_len / 2);
const BigInt s(sig + sig_len / 2, sig_len / 2);
- if(r <= 0 || r >= m_order || s <= 0 || s >= m_order)
+ if(r <= 0 || r >= m_group.get_order() || s <= 0 || s >= m_group.get_order())
return false;
- const BigInt t = m_mod_order.reduce(r + s);
+ const BigInt t = m_group.mod_order(r + s);
if(t == 0)
return false;
- const PointGFp R = multi_exponentiate(m_base_point, s, m_public_point, t);
+ const PointGFp R = m_group.point_multiply(s, m_public_point, t);
// ???
if(R.is_zero())
return false;
- return (m_mod_order.reduce(R.get_affine_x() + e) == r);
+ return (m_group.mod_order(R.get_affine_x() + e) == r);
}
}