aboutsummaryrefslogtreecommitdiffstats
path: root/src/pubkey
diff options
context:
space:
mode:
Diffstat (limited to 'src/pubkey')
-rw-r--r--src/pubkey/blinding.h2
-rw-r--r--src/pubkey/dh/dh.cpp4
-rw-r--r--src/pubkey/dh/dh.h2
-rw-r--r--src/pubkey/dsa/dsa.cpp4
-rw-r--r--src/pubkey/dsa/dsa.h4
-rw-r--r--src/pubkey/ecdh/ecdh.cpp37
-rw-r--r--src/pubkey/ecdh/ecdh.h21
-rw-r--r--src/pubkey/ecdsa/ecdsa.cpp4
-rw-r--r--src/pubkey/ecdsa/ecdsa.h4
-rw-r--r--src/pubkey/elgamal/elgamal.cpp6
-rw-r--r--src/pubkey/elgamal/elgamal.h4
-rw-r--r--src/pubkey/nr/nr.cpp4
-rw-r--r--src/pubkey/nr/nr.h4
-rw-r--r--src/pubkey/pk_ops.h15
-rw-r--r--src/pubkey/pubkey.h4
-rw-r--r--src/pubkey/rsa/rsa.cpp11
-rw-r--r--src/pubkey/rsa/rsa.h8
-rw-r--r--src/pubkey/rw/rw.cpp15
-rw-r--r--src/pubkey/rw/rw.h7
19 files changed, 59 insertions, 101 deletions
diff --git a/src/pubkey/blinding.h b/src/pubkey/blinding.h
index d1d9a8875..3398f8c6f 100644
--- a/src/pubkey/blinding.h
+++ b/src/pubkey/blinding.h
@@ -22,6 +22,8 @@ class BOTAN_DLL Blinder
BigInt blind(const BigInt& x) const;
BigInt unblind(const BigInt& x) const;
+ bool initialized() const { return reducer.initialized(); }
+
/**
* Choose a nonce to use for blinding
* @param x a secret seed value
diff --git a/src/pubkey/dh/dh.cpp b/src/pubkey/dh/dh.cpp
index a99506250..b491be7bc 100644
--- a/src/pubkey/dh/dh.cpp
+++ b/src/pubkey/dh/dh.cpp
@@ -78,11 +78,11 @@ MemoryVector<byte> DH_PrivateKey::public_value() const
DH_KA_Operation::DH_KA_Operation(const DH_PrivateKey& dh) :
p(dh.group_p()), powermod_x_p(dh.get_x(), p)
{
- BigInt k = Blinder::choose_nonce(dh.get_x(), p);
+ BigInt k = Blinder::choose_nonce(powermod_x_p(2), p);
blinder = Blinder(k, powermod_x_p(inverse_mod(k, p)), p);
}
-SecureVector<byte> DH_KA_Operation::agree(const byte w[], u32bit w_len) const
+SecureVector<byte> DH_KA_Operation::agree(const byte w[], u32bit w_len)
{
BigInt input = BigInt::decode(w, w_len);
diff --git a/src/pubkey/dh/dh.h b/src/pubkey/dh/dh.h
index 0cc2aaabc..738b3f9c4 100644
--- a/src/pubkey/dh/dh.h
+++ b/src/pubkey/dh/dh.h
@@ -80,7 +80,7 @@ class BOTAN_DLL DH_KA_Operation : public PK_Ops::Key_Agreement
public:
DH_KA_Operation(const DH_PrivateKey& key);
- SecureVector<byte> agree(const byte w[], u32bit w_len) const;
+ SecureVector<byte> agree(const byte w[], u32bit w_len);
private:
const BigInt& p;
diff --git a/src/pubkey/dsa/dsa.cpp b/src/pubkey/dsa/dsa.cpp
index bd9641856..feac712b8 100644
--- a/src/pubkey/dsa/dsa.cpp
+++ b/src/pubkey/dsa/dsa.cpp
@@ -86,7 +86,7 @@ DSA_Signature_Operation::DSA_Signature_Operation(const DSA_PrivateKey& dsa) :
SecureVector<byte>
DSA_Signature_Operation::sign(const byte msg[], u32bit msg_len,
- RandomNumberGenerator& rng) const
+ RandomNumberGenerator& rng)
{
rng.add_entropy(msg, msg_len);
@@ -119,7 +119,7 @@ DSA_Verification_Operation::DSA_Verification_Operation(const DSA_PublicKey& dsa)
}
bool DSA_Verification_Operation::verify(const byte msg[], u32bit msg_len,
- const byte sig[], u32bit sig_len) const
+ const byte sig[], u32bit sig_len)
{
const BigInt& q = mod_q.get_modulus();
diff --git a/src/pubkey/dsa/dsa.h b/src/pubkey/dsa/dsa.h
index a57cbfcae..8121cfbbc 100644
--- a/src/pubkey/dsa/dsa.h
+++ b/src/pubkey/dsa/dsa.h
@@ -67,7 +67,7 @@ class BOTAN_DLL DSA_Signature_Operation : public PK_Ops::Signature
u32bit max_input_bits() const { return q.bits(); }
SecureVector<byte> sign(const byte msg[], u32bit msg_len,
- RandomNumberGenerator& rng) const;
+ RandomNumberGenerator& rng);
private:
const BigInt& q;
const BigInt& x;
@@ -87,7 +87,7 @@ class BOTAN_DLL DSA_Verification_Operation : public PK_Ops::Verification
bool with_recovery() const { return false; }
bool verify(const byte msg[], u32bit msg_len,
- const byte sig[], u32bit sig_len) const;
+ const byte sig[], u32bit sig_len);
private:
const BigInt& q;
const BigInt& y;
diff --git a/src/pubkey/ecdh/ecdh.cpp b/src/pubkey/ecdh/ecdh.cpp
index d3688fa5c..bf8a57b3b 100644
--- a/src/pubkey/ecdh/ecdh.cpp
+++ b/src/pubkey/ecdh/ecdh.cpp
@@ -19,7 +19,7 @@ ECDH_KA_Operation::ECDH_KA_Operation(const ECDH_PrivateKey& key) :
key.private_value();
}
-SecureVector<byte> ECDH_KA_Operation::agree(const byte w[], u32bit w_len) const
+SecureVector<byte> ECDH_KA_Operation::agree(const byte w[], u32bit w_len)
{
PointGFp point = OS2ECP(w, w_len, curve);
@@ -30,39 +30,4 @@ SecureVector<byte> ECDH_KA_Operation::agree(const byte w[], u32bit w_len) const
curve.get_p().bytes());
}
-/**
-* Derive a key
-*/
-SecureVector<byte> ECDH_PrivateKey::derive_key(const byte key[],
- u32bit key_len) const
- {
- PointGFp point = OS2ECP(key, key_len, public_point().get_curve());
- return derive_key(point);
- }
-
-/**
-* Derive a key
-*/
-SecureVector<byte> ECDH_PrivateKey::derive_key(const ECDH_PublicKey& key) const
- {
- return derive_key(key.public_point());
- }
-
-/**
-* Derive a key
-*/
-SecureVector<byte> ECDH_PrivateKey::derive_key(const PointGFp& point) const
- {
- const BigInt& cofactor = domain().get_cofactor();
- const BigInt& n = domain().get_order();
-
- BigInt l = inverse_mod(cofactor, n); // can precompute this
-
- PointGFp S = (cofactor * point) * (private_value() * l);
- S.check_invariants();
-
- return BigInt::encode_1363(S.get_affine_x(),
- point.get_curve().get_p().bytes());
- }
-
}
diff --git a/src/pubkey/ecdh/ecdh.h b/src/pubkey/ecdh/ecdh.h
index ef589d982..d670361f6 100644
--- a/src/pubkey/ecdh/ecdh.h
+++ b/src/pubkey/ecdh/ecdh.h
@@ -76,25 +76,6 @@ class BOTAN_DLL ECDH_PrivateKey : public ECDH_PublicKey,
MemoryVector<byte> public_value() const
{ return EC2OSP(public_point(), PointGFp::UNCOMPRESSED); }
- private:
- /**
- * Derive a shared key with the other parties public key.
- * @param key the other partys public key
- * @param key_len the other partys public key
- */
- SecureVector<byte> derive_key(const byte key[], u32bit key_len) const;
-
- /**
- * Derive a shared key with the other parties public key.
- * @param other the other partys public key
- */
- SecureVector<byte> derive_key(const ECDH_PublicKey& other) const;
-
- /**
- * Derive a shared key with the other parties public key.
- * @param point the public point of the other parties key
- */
- SecureVector<byte> derive_key(const PointGFp& point) const;
};
/**
@@ -105,7 +86,7 @@ class BOTAN_DLL ECDH_KA_Operation : public PK_Ops::Key_Agreement
public:
ECDH_KA_Operation(const ECDH_PrivateKey& key);
- SecureVector<byte> agree(const byte w[], u32bit w_len) const;
+ SecureVector<byte> agree(const byte w[], u32bit w_len);
private:
const CurveGFp& curve;
const BigInt& cofactor;
diff --git a/src/pubkey/ecdsa/ecdsa.cpp b/src/pubkey/ecdsa/ecdsa.cpp
index 95dc99e67..afca6cc73 100644
--- a/src/pubkey/ecdsa/ecdsa.cpp
+++ b/src/pubkey/ecdsa/ecdsa.cpp
@@ -20,7 +20,7 @@ ECDSA_Signature_Operation::ECDSA_Signature_Operation(const ECDSA_PrivateKey& ecd
SecureVector<byte>
ECDSA_Signature_Operation::sign(const byte msg[], u32bit msg_len,
- RandomNumberGenerator& rng) const
+ RandomNumberGenerator& rng)
{
rng.add_entropy(msg, msg_len);
@@ -56,7 +56,7 @@ ECDSA_Verification_Operation::ECDSA_Verification_Operation(const ECDSA_PublicKey
}
bool ECDSA_Verification_Operation::verify(const byte msg[], u32bit msg_len,
- const byte sig[], u32bit sig_len) const
+ const byte sig[], u32bit sig_len)
{
if(sig_len != order.bytes()*2)
return false;
diff --git a/src/pubkey/ecdsa/ecdsa.h b/src/pubkey/ecdsa/ecdsa.h
index 7ea135896..e20a234fc 100644
--- a/src/pubkey/ecdsa/ecdsa.h
+++ b/src/pubkey/ecdsa/ecdsa.h
@@ -92,7 +92,7 @@ class BOTAN_DLL ECDSA_Signature_Operation : public PK_Ops::Signature
ECDSA_Signature_Operation(const ECDSA_PrivateKey& ecdsa);
SecureVector<byte> sign(const byte msg[], u32bit msg_len,
- RandomNumberGenerator& rng) const;
+ RandomNumberGenerator& rng);
u32bit message_parts() const { return 2; }
u32bit message_part_size() const { return order.bytes(); }
@@ -116,7 +116,7 @@ class BOTAN_DLL ECDSA_Verification_Operation : public PK_Ops::Verification
bool with_recovery() const { return false; }
bool verify(const byte msg[], u32bit msg_len,
- const byte sig[], u32bit sig_len) const;
+ const byte sig[], u32bit sig_len);
private:
const PointGFp& base_point;
const PointGFp& public_point;
diff --git a/src/pubkey/elgamal/elgamal.cpp b/src/pubkey/elgamal/elgamal.cpp
index f55aeaa4c..b9c4803f3 100644
--- a/src/pubkey/elgamal/elgamal.cpp
+++ b/src/pubkey/elgamal/elgamal.cpp
@@ -91,7 +91,7 @@ ElGamal_Encryption_Operation::ElGamal_Encryption_Operation(const ElGamal_PublicK
SecureVector<byte>
ElGamal_Encryption_Operation::encrypt(const byte msg[], u32bit msg_len,
- RandomNumberGenerator& rng) const
+ RandomNumberGenerator& rng)
{
const BigInt& p = mod_p.get_modulus();
@@ -118,12 +118,12 @@ ElGamal_Decryption_Operation::ElGamal_Decryption_Operation(const ElGamal_Private
powermod_x_p = Fixed_Exponent_Power_Mod(key.get_x(), p);
mod_p = Modular_Reducer(p);
- BigInt k = Blinder::choose_nonce(key.get_x(), p);
+ BigInt k = Blinder::choose_nonce(powermod_x_p(2), p);
blinder = Blinder(k, powermod_x_p(k), p);
}
SecureVector<byte>
-ElGamal_Decryption_Operation::decrypt(const byte msg[], u32bit msg_len) const
+ElGamal_Decryption_Operation::decrypt(const byte msg[], u32bit msg_len)
{
const BigInt& p = mod_p.get_modulus();
diff --git a/src/pubkey/elgamal/elgamal.h b/src/pubkey/elgamal/elgamal.h
index c94779e96..143b417ec 100644
--- a/src/pubkey/elgamal/elgamal.h
+++ b/src/pubkey/elgamal/elgamal.h
@@ -63,7 +63,7 @@ class BOTAN_DLL ElGamal_Encryption_Operation : public PK_Ops::Encryption
ElGamal_Encryption_Operation(const ElGamal_PublicKey& key);
SecureVector<byte> encrypt(const byte msg[], u32bit msg_len,
- RandomNumberGenerator& rng) const;
+ RandomNumberGenerator& rng);
private:
Fixed_Base_Power_Mod powermod_g_p, powermod_y_p;
@@ -77,7 +77,7 @@ class BOTAN_DLL ElGamal_Decryption_Operation : public PK_Ops::Decryption
ElGamal_Decryption_Operation(const ElGamal_PrivateKey& key);
- SecureVector<byte> decrypt(const byte msg[], u32bit msg_len) const;
+ SecureVector<byte> decrypt(const byte msg[], u32bit msg_len);
private:
Fixed_Exponent_Power_Mod powermod_x_p;
Modular_Reducer mod_p;
diff --git a/src/pubkey/nr/nr.cpp b/src/pubkey/nr/nr.cpp
index 8a1b8c261..cf59615da 100644
--- a/src/pubkey/nr/nr.cpp
+++ b/src/pubkey/nr/nr.cpp
@@ -95,7 +95,7 @@ NR_Signature_Operation::NR_Signature_Operation(const NR_PrivateKey& nr) :
SecureVector<byte>
NR_Signature_Operation::sign(const byte msg[], u32bit msg_len,
- RandomNumberGenerator& rng) const
+ RandomNumberGenerator& rng)
{
rng.add_entropy(msg, msg_len);
@@ -130,7 +130,7 @@ NR_Verification_Operation::NR_Verification_Operation(const NR_PublicKey& nr) :
}
SecureVector<byte>
-NR_Verification_Operation::verify_mr(const byte msg[], u32bit msg_len) const
+NR_Verification_Operation::verify_mr(const byte msg[], u32bit msg_len)
{
const BigInt& q = mod_q.get_modulus();
diff --git a/src/pubkey/nr/nr.h b/src/pubkey/nr/nr.h
index 19eac5cc9..bd125ab92 100644
--- a/src/pubkey/nr/nr.h
+++ b/src/pubkey/nr/nr.h
@@ -65,7 +65,7 @@ class BOTAN_DLL NR_Signature_Operation : public PK_Ops::Signature
u32bit max_input_bits() const { return (q.bits() - 1); }
SecureVector<byte> sign(const byte msg[], u32bit msg_len,
- RandomNumberGenerator& rng) const;
+ RandomNumberGenerator& rng);
private:
const BigInt& q;
const BigInt& x;
@@ -84,7 +84,7 @@ class BOTAN_DLL NR_Verification_Operation : public PK_Ops::Verification
bool with_recovery() const { return true; }
- SecureVector<byte> verify_mr(const byte msg[], u32bit msg_len) const;
+ SecureVector<byte> verify_mr(const byte msg[], u32bit msg_len);
private:
const BigInt& q;
const BigInt& y;
diff --git a/src/pubkey/pk_ops.h b/src/pubkey/pk_ops.h
index bf846d69f..97ba372c2 100644
--- a/src/pubkey/pk_ops.h
+++ b/src/pubkey/pk_ops.h
@@ -21,7 +21,7 @@ class BOTAN_DLL Encryption
virtual u32bit max_input_bits() const = 0;
virtual SecureVector<byte> encrypt(const byte msg[], u32bit msg_len,
- RandomNumberGenerator& rng) const = 0;
+ RandomNumberGenerator& rng) = 0;
virtual ~Encryption() {}
};
@@ -32,7 +32,7 @@ class BOTAN_DLL Decryption
virtual u32bit max_input_bits() const = 0;
virtual SecureVector<byte> decrypt(const byte msg[],
- u32bit msg_len) const = 0;
+ u32bit msg_len) = 0;
virtual ~Decryption() {}
};
@@ -64,9 +64,8 @@ class BOTAN_DLL Signature
* @param msg_len the length of msg in bytes
* @param rng a random number generator
*/
- virtual SecureVector<byte>
- sign(const byte msg[], u32bit msg_len,
- RandomNumberGenerator& rng) const = 0;
+ virtual SecureVector<byte> sign(const byte msg[], u32bit msg_len,
+ RandomNumberGenerator& rng) = 0;
virtual ~Signature() {}
};
@@ -107,7 +106,7 @@ class BOTAN_DLL Verification
* @returns if signature is a valid one for message
*/
virtual bool verify(const byte[], u32bit,
- const byte[], u32bit) const
+ const byte[], u32bit)
{
throw Invalid_State("Message recovery required");
}
@@ -120,7 +119,7 @@ class BOTAN_DLL Verification
* @returns recovered message
*/
virtual SecureVector<byte> verify_mr(const byte[],
- u32bit) const
+ u32bit)
{
throw Invalid_State("Message recovery not supported");
}
@@ -140,7 +139,7 @@ class BOTAN_DLL Key_Agreement
* @param w_len the length of w in bytes
* @returns the agreed key
*/
- virtual SecureVector<byte> agree(const byte w[], u32bit w_len) const = 0;
+ virtual SecureVector<byte> agree(const byte w[], u32bit w_len) = 0;
virtual ~Key_Agreement() {}
};
diff --git a/src/pubkey/pubkey.h b/src/pubkey/pubkey.h
index d8964e1e7..c31aed67b 100644
--- a/src/pubkey/pubkey.h
+++ b/src/pubkey/pubkey.h
@@ -402,7 +402,7 @@ class BOTAN_DLL PK_Encryptor_EME : public PK_Encryptor
SecureVector<byte> enc(const byte[], u32bit,
RandomNumberGenerator& rng) const;
- const PK_Ops::Encryption* op;
+ PK_Ops::Encryption* op;
const EME* eme;
};
@@ -424,7 +424,7 @@ class BOTAN_DLL PK_Decryptor_EME : public PK_Decryptor
private:
SecureVector<byte> dec(const byte[], u32bit) const;
- const PK_Ops::Decryption* op;
+ PK_Ops::Decryption* op;
const EME* eme;
};
diff --git a/src/pubkey/rsa/rsa.cpp b/src/pubkey/rsa/rsa.cpp
index 5047fdf7a..b278ade52 100644
--- a/src/pubkey/rsa/rsa.cpp
+++ b/src/pubkey/rsa/rsa.cpp
@@ -80,7 +80,7 @@ RSA_Private_Operation::RSA_Private_Operation(const RSA_PrivateKey& rsa) :
powermod_d2_q(rsa.get_d2(), rsa.get_q()),
mod_p(rsa.get_p())
{
- BigInt k = Blinder::choose_nonce(rsa.get_d(), n);
+ BigInt k = Blinder::choose_nonce(powermod_e_n(q), n);
blinder = Blinder(powermod_e_n(k), inverse_mod(k, n), n);
}
@@ -99,8 +99,13 @@ BigInt RSA_Private_Operation::private_op(const BigInt& m) const
SecureVector<byte>
RSA_Private_Operation::sign(const byte msg[], u32bit msg_len,
- RandomNumberGenerator&) const
+ RandomNumberGenerator& rng)
{
+ /* We don't check signatures against powermod_e_n here because
+ PK_Signer checks verification consistency for all signature
+ algorithms.
+ */
+
BigInt m(msg, msg_len);
BigInt x = blinder.unblind(private_op(blinder.blind(m)));
return BigInt::encode_1363(x, n.bytes());
@@ -110,7 +115,7 @@ RSA_Private_Operation::sign(const byte msg[], u32bit msg_len,
* RSA Decryption Operation
*/
SecureVector<byte>
-RSA_Private_Operation::decrypt(const byte msg[], u32bit msg_len) const
+RSA_Private_Operation::decrypt(const byte msg[], u32bit msg_len)
{
BigInt m(msg, msg_len);
BigInt x = blinder.unblind(private_op(blinder.blind(m)));
diff --git a/src/pubkey/rsa/rsa.h b/src/pubkey/rsa/rsa.h
index 36f9277ef..72cd80fef 100644
--- a/src/pubkey/rsa/rsa.h
+++ b/src/pubkey/rsa/rsa.h
@@ -96,9 +96,9 @@ class BOTAN_DLL RSA_Private_Operation : public PK_Ops::Signature,
u32bit max_input_bits() const { return (n.bits() - 1); }
SecureVector<byte> sign(const byte msg[], u32bit msg_len,
- RandomNumberGenerator& rng) const;
+ RandomNumberGenerator& rng);
- SecureVector<byte> decrypt(const byte msg[], u32bit msg_len) const;
+ SecureVector<byte> decrypt(const byte msg[], u32bit msg_len);
private:
BigInt private_op(const BigInt& m) const;
@@ -123,13 +123,13 @@ class BOTAN_DLL RSA_Public_Operation : public PK_Ops::Verification,
bool with_recovery() const { return true; }
SecureVector<byte> encrypt(const byte msg[], u32bit msg_len,
- RandomNumberGenerator&) const
+ RandomNumberGenerator&)
{
BigInt m(msg, msg_len);
return BigInt::encode_1363(public_op(m), n.bytes());
}
- SecureVector<byte> verify_mr(const byte msg[], u32bit msg_len) const
+ SecureVector<byte> verify_mr(const byte msg[], u32bit msg_len)
{
BigInt m(msg, msg_len);
return BigInt::encode(public_op(m));
diff --git a/src/pubkey/rw/rw.cpp b/src/pubkey/rw/rw.cpp
index af2b849ff..508244112 100644
--- a/src/pubkey/rw/rw.cpp
+++ b/src/pubkey/rw/rw.cpp
@@ -74,21 +74,26 @@ bool RW_PrivateKey::check_key(RandomNumberGenerator& rng, bool strong) const
}
RW_Signature_Operation::RW_Signature_Operation(const RW_PrivateKey& rw) :
+ n(rw.get_n()),
+ e(rw.get_e()),
q(rw.get_q()),
c(rw.get_c()),
- n(rw.get_n()),
powermod_d1_p(rw.get_d1(), rw.get_p()),
powermod_d2_q(rw.get_d2(), rw.get_q()),
mod_p(rw.get_p())
{
- BigInt k = Blinder::choose_nonce(rw.get_d(), n);
- blinder = Blinder(power_mod(k, rw.get_e(), n), inverse_mod(k, n), n);
}
SecureVector<byte>
RW_Signature_Operation::sign(const byte msg[], u32bit msg_len,
- RandomNumberGenerator&) const
+ RandomNumberGenerator& rng)
{
+ if(!blinder.initialized())
+ {
+ BigInt k(rng, n.bits() / 2);
+ blinder = Blinder(power_mod(k, e, n), inverse_mod(k, n), n);
+ }
+
BigInt i(msg, msg_len);
if(i >= n || i % 16 != 12)
@@ -111,7 +116,7 @@ RW_Signature_Operation::sign(const byte msg[], u32bit msg_len,
}
SecureVector<byte>
-RW_Verification_Operation::verify_mr(const byte msg[], u32bit msg_len) const
+RW_Verification_Operation::verify_mr(const byte msg[], u32bit msg_len)
{
BigInt m(msg, msg_len);
diff --git a/src/pubkey/rw/rw.h b/src/pubkey/rw/rw.h
index 25e7be634..3ca9bb722 100644
--- a/src/pubkey/rw/rw.h
+++ b/src/pubkey/rw/rw.h
@@ -66,11 +66,12 @@ class BOTAN_DLL RW_Signature_Operation : public PK_Ops::Signature
u32bit max_input_bits() const { return (n.bits() - 1); }
SecureVector<byte> sign(const byte msg[], u32bit msg_len,
- RandomNumberGenerator& rng) const;
+ RandomNumberGenerator& rng);
private:
+ const BigInt& n;
+ const BigInt& e;
const BigInt& q;
const BigInt& c;
- const BigInt& n;
Fixed_Exponent_Power_Mod powermod_d1_p, powermod_d2_q;
Modular_Reducer mod_p;
@@ -87,7 +88,7 @@ class BOTAN_DLL RW_Verification_Operation : public PK_Ops::Verification
u32bit max_input_bits() const { return (n.bits() - 1); }
bool with_recovery() const { return true; }
- SecureVector<byte> verify_mr(const byte msg[], u32bit msg_len) const;
+ SecureVector<byte> verify_mr(const byte msg[], u32bit msg_len);
private:
const BigInt& n;