diff options
Diffstat (limited to 'src/lib/pubkey/sm2/sm2.cpp')
-rw-r--r-- | src/lib/pubkey/sm2/sm2.cpp | 38 |
1 files changed, 16 insertions, 22 deletions
diff --git a/src/lib/pubkey/sm2/sm2.cpp b/src/lib/pubkey/sm2/sm2.cpp index 652985ec9..e2bc5d92d 100644 --- a/src/lib/pubkey/sm2/sm2.cpp +++ b/src/lib/pubkey/sm2/sm2.cpp @@ -1,14 +1,15 @@ /* * SM2 Signatures * (C) 2017 Ribose Inc +* (C) 2018 Jack Lloyd * * Botan is released under the Simplified BSD License (see license.txt) */ #include <botan/sm2.h> #include <botan/internal/pk_ops_impl.h> +#include <botan/numthry.h> #include <botan/keypair.h> -#include <botan/reducer.h> #include <botan/hash.h> namespace Botan { @@ -81,11 +82,10 @@ class SM2_Signature_Operation final : public PK_Ops::Signature SM2_Signature_Operation(const SM2_Signature_PrivateKey& sm2, const std::string& ident, const std::string& hash) : - m_order(sm2.domain().get_order()), - m_base_point(sm2.domain().get_base_point(), m_order), + m_group(sm2.domain()), + m_base_point(sm2.domain().get_base_point(), sm2.domain().get_order()), m_x(sm2.private_value()), m_da_inv(sm2.get_da_inv()), - m_mod_order(m_order), m_hash(HashFunction::create_or_throw(hash)) { // ZA=H256(ENTLA || IDA || a || b || xG || yG || xA || yA) @@ -101,11 +101,10 @@ class SM2_Signature_Operation final : public PK_Ops::Signature secure_vector<uint8_t> sign(RandomNumberGenerator& rng) override; private: - const BigInt& m_order; + const EC_Group m_group; Blinded_Point_Multiply m_base_point; const BigInt& m_x; const BigInt& m_da_inv; - Modular_Reducer m_mod_order; std::vector<uint8_t> m_za; std::unique_ptr<HashFunction> m_hash; @@ -114,18 +113,18 @@ class SM2_Signature_Operation final : public PK_Ops::Signature secure_vector<uint8_t> SM2_Signature_Operation::sign(RandomNumberGenerator& rng) { - const BigInt k = BigInt::random_integer(rng, 1, m_order); + const BigInt k = BigInt::random_integer(rng, 1, m_group.get_order()); const PointGFp k_times_P = m_base_point.blinded_multiply(k, rng); const BigInt e = BigInt::decode(m_hash->final()); - const BigInt r = m_mod_order.reduce(k_times_P.get_affine_x() + e); - const BigInt s = m_mod_order.multiply(m_da_inv, (k - r*m_x)); + const BigInt r = m_group.mod_order(k_times_P.get_affine_x() + e); + const BigInt s = m_group.multiply_mod_order(m_da_inv, (k - r*m_x)); // prepend ZA for next signature if any m_hash->update(m_za); - return BigInt::encode_fixed_length_int_pair(r, s, m_order.bytes()); + return BigInt::encode_fixed_length_int_pair(r, s, m_group.get_order().bytes()); } /** @@ -137,10 +136,8 @@ class SM2_Verification_Operation final : public PK_Ops::Verification SM2_Verification_Operation(const SM2_Signature_PublicKey& sm2, const std::string& ident, const std::string& hash) : - m_base_point(sm2.domain().get_base_point()), + m_group(sm2.domain()), m_public_point(sm2.public_point()), - m_order(sm2.domain().get_order()), - m_mod_order(m_order), m_hash(HashFunction::create_or_throw(hash)) { // ZA=H256(ENTLA || IDA || a || b || xG || yG || xA || yA) @@ -155,11 +152,8 @@ class SM2_Verification_Operation final : public PK_Ops::Verification bool is_valid_signature(const uint8_t sig[], size_t sig_len) override; private: - const PointGFp& m_base_point; + const EC_Group m_group; const PointGFp& m_public_point; - const BigInt& m_order; - // FIXME: should be offered by curve - Modular_Reducer m_mod_order; std::vector<uint8_t> m_za; std::unique_ptr<HashFunction> m_hash; }; @@ -171,27 +165,27 @@ bool SM2_Verification_Operation::is_valid_signature(const uint8_t sig[], size_t // Update for next verification m_hash->update(m_za); - if(sig_len != m_order.bytes()*2) + if(sig_len != m_group.get_order().bytes()*2) return false; const BigInt r(sig, sig_len / 2); const BigInt s(sig + sig_len / 2, sig_len / 2); - if(r <= 0 || r >= m_order || s <= 0 || s >= m_order) + if(r <= 0 || r >= m_group.get_order() || s <= 0 || s >= m_group.get_order()) return false; - const BigInt t = m_mod_order.reduce(r + s); + const BigInt t = m_group.mod_order(r + s); if(t == 0) return false; - const PointGFp R = multi_exponentiate(m_base_point, s, m_public_point, t); + const PointGFp R = m_group.point_multiply(s, m_public_point, t); // ??? if(R.is_zero()) return false; - return (m_mod_order.reduce(R.get_affine_x() + e) == r); + return (m_group.mod_order(R.get_affine_x() + e) == r); } } |