fix alignment
This commit is contained in:
Jbop1626
parent
162c3771c8
commit
429fb0916a
|
|
@ -111,7 +111,7 @@ void gf2m_to_mpz(const element src, mpz_t dst) {
|
|||
void sha1(const uint8_t * input, uint32_t input_length, unsigned ique_flag, mpz_t hash_out) {
|
||||
SHA1_HASH hash;
|
||||
Sha1Context context;
|
||||
|
||||
|
||||
Sha1Initialise(&context);
|
||||
Sha1Update(&context, input, input_length);
|
||||
if (ique_flag) {
|
||||
|
|
@ -125,7 +125,7 @@ void sha1(const uint8_t * input, uint32_t input_length, unsigned ique_flag, mpz_
|
|||
mpz_import(hash_out, 20, 1, sizeof(hash.bytes[0]), 0, 0, (void *)hash.bytes);
|
||||
}
|
||||
|
||||
void ecdh(const element private_key, const ec_point * public_key, ec_point * shared_secret_output) {
|
||||
void ecdh(const element private_key, const ec_point * public_key, ec_point * shared_secret_output) {
|
||||
ec_point_mul(private_key, public_key, shared_secret_output);
|
||||
}
|
||||
|
||||
|
|
@ -149,11 +149,11 @@ void ecdsa_sign(const mpz_t z, const element private_key, element r_out, element
|
|||
gf2m_copy(G_X, G.x);
|
||||
gf2m_copy(G_Y, G.y);
|
||||
ec_point_mul(k_elem, &G, &P);
|
||||
|
||||
|
||||
// Calculate r = x_p mod n
|
||||
gf2m_to_mpz(P.x, x_p);
|
||||
mpz_mod(r, x_p, n);
|
||||
|
||||
|
||||
// Calculate s = k^-1(z + rD) mod n
|
||||
if (mpz_invert(k_inv, k, n) == 0) {
|
||||
fprintf(stderr, "An error occurred while calculating the inverse of k mod n.\n");
|
||||
|
|
@ -173,39 +173,39 @@ void ecdsa_sign(const mpz_t z, const element private_key, element r_out, element
|
|||
}
|
||||
|
||||
int ecdsa_verify(const mpz_t z, const ec_point * public_key, const element r_input, const element s_input) {
|
||||
ec_point Q, test;
|
||||
ec_point_copy(public_key, &Q);
|
||||
element zero = { 0 };
|
||||
ec_point Q, test;
|
||||
ec_point_copy(public_key, &Q);
|
||||
element zero = { 0 };
|
||||
|
||||
// If Q is the identity, Q is invalid
|
||||
if (gf2m_is_equal(Q.x, zero) && gf2m_is_equal(Q.y, zero)) {
|
||||
// If Q is the identity, Q is invalid
|
||||
if (gf2m_is_equal(Q.x, zero) && gf2m_is_equal(Q.y, zero)) {
|
||||
return 0;
|
||||
}
|
||||
// If Q is not a point on the curve, Q is invalid
|
||||
if (!ec_point_on_curve(&Q)) {
|
||||
}
|
||||
// If Q is not a point on the curve, Q is invalid
|
||||
if (!ec_point_on_curve(&Q)) {
|
||||
return 0;
|
||||
}
|
||||
// If nQ is not the identity, Q is invalid (or n is messed up)
|
||||
ec_point_mul(G_ORDER, &Q, &test);
|
||||
if (!(gf2m_is_equal(test.x, zero) && gf2m_is_equal(test.y, zero))) {
|
||||
}
|
||||
// If nQ is not the identity, Q is invalid (or n is messed up)
|
||||
ec_point_mul(G_ORDER, &Q, &test);
|
||||
if (!(gf2m_is_equal(test.x, zero) && gf2m_is_equal(test.y, zero))) {
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
|
||||
// Public key is valid, now verify signature...
|
||||
// Public key is valid, now verify signature...
|
||||
mpz_t r, s, n;
|
||||
init_mpz_list(3, r, s, n);
|
||||
gf2m_to_mpz(r_input, r);
|
||||
gf2m_to_mpz(s_input, s);
|
||||
gf2m_to_mpz(G_ORDER, n);
|
||||
|
||||
// If r or s are not in [1, n - 1], sig is invalid
|
||||
// If r or s are not in [1, n - 1], sig is invalid
|
||||
if ( (mpz_cmp_ui(r, 1) < 0 || mpz_cmp(r, n) > 0 || mpz_cmp(r, n) == 0) ||
|
||||
(mpz_cmp_ui(s, 1) < 0 || mpz_cmp(s, n) > 0 || mpz_cmp(s, n) == 0) ) {
|
||||
clear_mpz_list(3, r, s, n);
|
||||
return 0;
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
// Calculate u_1 and u_2
|
||||
// Calculate u_1 and u_2
|
||||
mpz_t s_inv, u_1, u_2;
|
||||
init_mpz_list(3, s_inv, u_1, u_2);
|
||||
|
||||
|
|
@ -219,28 +219,28 @@ int ecdsa_verify(const mpz_t z, const ec_point * public_key, const element r_inp
|
|||
mpz_mul(u_2, r, s_inv);
|
||||
mpz_mod(u_2, u_2, n);
|
||||
|
||||
// Calculate P3 = u_1G + u_2Q
|
||||
element u_1_elem, u_2_elem;
|
||||
// Calculate P3 = u_1G + u_2Q
|
||||
element u_1_elem, u_2_elem;
|
||||
mpz_to_gf2m(u_1, u_1_elem);
|
||||
mpz_to_gf2m(u_2, u_2_elem);
|
||||
ec_point G, P1, P2, P3;
|
||||
gf2m_copy(G_X, G.x);
|
||||
gf2m_copy(G_Y, G.y);
|
||||
mpz_to_gf2m(u_2, u_2_elem);
|
||||
ec_point G, P1, P2, P3;
|
||||
gf2m_copy(G_X, G.x);
|
||||
gf2m_copy(G_Y, G.y);
|
||||
|
||||
ec_point_mul(u_1_elem, &G, &P1);
|
||||
ec_point_mul(u_2_elem, &Q, &P2);
|
||||
ec_point_add(&P1, &P2, &P3);
|
||||
ec_point_mul(u_1_elem, &G, &P1);
|
||||
ec_point_mul(u_2_elem, &Q, &P2);
|
||||
ec_point_add(&P1, &P2, &P3);
|
||||
|
||||
// If P3 is the identity, sig is invalid
|
||||
if (gf2m_is_equal(P3.x, zero) && gf2m_is_equal(P3.y, zero)) {
|
||||
// If P3 is the identity, sig is invalid
|
||||
if (gf2m_is_equal(P3.x, zero) && gf2m_is_equal(P3.y, zero)) {
|
||||
clear_mpz_list(6, r, s, n, s_inv, u_1, u_2);
|
||||
return 0;
|
||||
}
|
||||
|
||||
// And finally, is r congruent to P3.x mod n?
|
||||
return 0;
|
||||
}
|
||||
|
||||
// And finally, is r congruent to P3.x mod n?
|
||||
mpz_t x_p;
|
||||
mpz_init(x_p);
|
||||
gf2m_to_mpz(P3.x, x_p);
|
||||
gf2m_to_mpz(P3.x, x_p);
|
||||
|
||||
int is_congruent = mpz_congruent_p(r, x_p, n) != 0;
|
||||
clear_mpz_list(7, r, s, n, s_inv, u_1, u_2, x_p);
|
||||
|
|
|
|||
Loading…
Reference in New Issue