diff options
Diffstat (limited to 'src/lib')
-rw-r--r-- | src/lib/pubkey/ecdsa/ecdsa.cpp | 2 | ||||
-rw-r--r-- | src/lib/pubkey/ecgdsa/ecgdsa.cpp | 9 | ||||
-rw-r--r-- | src/lib/pubkey/eckcdsa/eckcdsa.cpp | 3 | ||||
-rw-r--r-- | src/lib/pubkey/gost_3410/gost_3410.cpp | 9 | ||||
-rw-r--r-- | src/lib/pubkey/sm2/sm2.cpp | 8 |
5 files changed, 17 insertions, 14 deletions
diff --git a/src/lib/pubkey/ecdsa/ecdsa.cpp b/src/lib/pubkey/ecdsa/ecdsa.cpp index d473e466c..a2877f7fc 100644 --- a/src/lib/pubkey/ecdsa/ecdsa.cpp +++ b/src/lib/pubkey/ecdsa/ecdsa.cpp @@ -90,7 +90,7 @@ ECDSA_Signature_Operation::raw_sign(const uint8_t msg[], size_t msg_len, const BigInt k_inv = inverse_mod(k, m_group.get_order()); const BigInt r = m_group.mod_order( - m_group.blinded_base_point_multiply(k, rng, m_ws).get_affine_x()); + m_group.blinded_base_point_multiply_x(k, rng, m_ws)); const BigInt xrm = m_group.mod_order(m_group.multiply_mod_order(m_x, r) + m); const BigInt s = m_group.multiply_mod_order(k_inv, xrm); diff --git a/src/lib/pubkey/ecgdsa/ecgdsa.cpp b/src/lib/pubkey/ecgdsa/ecgdsa.cpp index 6cbd3453b..db790b0d1 100644 --- a/src/lib/pubkey/ecgdsa/ecgdsa.cpp +++ b/src/lib/pubkey/ecgdsa/ecgdsa.cpp @@ -61,9 +61,12 @@ ECGDSA_Signature_Operation::raw_sign(const uint8_t msg[], size_t msg_len, BigInt k = BigInt::random_integer(rng, 1, m_group.get_order()); - const PointGFp k_times_P = m_group.blinded_base_point_multiply(k, rng, m_ws); - const BigInt r = m_group.mod_order(k_times_P.get_affine_x()); - const BigInt s = m_group.multiply_mod_order(m_x, mul_sub(k, r, m)); + const BigInt r = m_group.mod_order( + m_group.blinded_base_point_multiply_x(k, rng, m_ws)); + + const BigInt kr = m_group.multiply_mod_order(k, r); + + const BigInt s = m_group.multiply_mod_order(m_x, kr - m); // With overwhelming probability, a bug rather than actual zero r/s if(r.is_zero() || s.is_zero()) diff --git a/src/lib/pubkey/eckcdsa/eckcdsa.cpp b/src/lib/pubkey/eckcdsa/eckcdsa.cpp index be721a6b6..f9d9b2f60 100644 --- a/src/lib/pubkey/eckcdsa/eckcdsa.cpp +++ b/src/lib/pubkey/eckcdsa/eckcdsa.cpp @@ -77,8 +77,7 @@ ECKCDSA_Signature_Operation::raw_sign(const uint8_t msg[], size_t, RandomNumberGenerator& rng) { const BigInt k = BigInt::random_integer(rng, 1, m_group.get_order()); - const PointGFp k_times_P = m_group.blinded_base_point_multiply(k, rng, m_ws); - const BigInt k_times_P_x = k_times_P.get_affine_x(); + const BigInt k_times_P_x = m_group.blinded_base_point_multiply_x(k, rng, m_ws); secure_vector<uint8_t> to_be_hashed(k_times_P_x.bytes()); k_times_P_x.binary_encode(to_be_hashed.data()); diff --git a/src/lib/pubkey/gost_3410/gost_3410.cpp b/src/lib/pubkey/gost_3410/gost_3410.cpp index 79d3f204d..4e2df4cb8 100644 --- a/src/lib/pubkey/gost_3410/gost_3410.cpp +++ b/src/lib/pubkey/gost_3410/gost_3410.cpp @@ -132,11 +132,12 @@ GOST_3410_Signature_Operation::raw_sign(const uint8_t msg[], size_t msg_len, if(e == 0) e = 1; - const PointGFp k_times_P = m_group.blinded_base_point_multiply(k, rng, m_ws); - BOTAN_ASSERT(k_times_P.on_the_curve(), "GOST 34.10 k*g is on the curve"); + const BigInt r = m_group.mod_order( + m_group.blinded_base_point_multiply_x(k, rng, m_ws)); - const BigInt r = m_group.mod_order(k_times_P.get_affine_x()); - const BigInt s = m_group.mod_order(r*m_x + k*e); + const BigInt s = m_group.mod_order( + m_group.multiply_mod_order(r, m_x) + + m_group.multiply_mod_order(k, e)); if(r == 0 || s == 0) throw Internal_Error("GOST 34.10 signature generation failed, r/s equal to zero"); diff --git a/src/lib/pubkey/sm2/sm2.cpp b/src/lib/pubkey/sm2/sm2.cpp index a23708944..cec9eaa38 100644 --- a/src/lib/pubkey/sm2/sm2.cpp +++ b/src/lib/pubkey/sm2/sm2.cpp @@ -112,12 +112,12 @@ class SM2_Signature_Operation final : public PK_Ops::Signature secure_vector<uint8_t> SM2_Signature_Operation::sign(RandomNumberGenerator& rng) { - const BigInt k = BigInt::random_integer(rng, 1, m_group.get_order()); + const BigInt e = BigInt::decode(m_hash->final()); - const PointGFp k_times_P = m_group.blinded_base_point_multiply(k, rng, m_ws); + const BigInt k = BigInt::random_integer(rng, 1, m_group.get_order()); - const BigInt e = BigInt::decode(m_hash->final()); - const BigInt r = m_group.mod_order(k_times_P.get_affine_x() + e); + const BigInt r = m_group.mod_order( + m_group.blinded_base_point_multiply_x(k, rng, m_ws) + e); const BigInt s = m_group.multiply_mod_order(m_da_inv, (k - r*m_x)); // prepend ZA for next signature if any |