diff --git a/src/ninty-233.c b/src/ninty-233.c index 5e26f35..5ad54c7 100644 --- a/src/ninty-233.c +++ b/src/ninty-233.c @@ -111,7 +111,7 @@ void gf2m_to_mpz(const element src, mpz_t dst) { void sha1(const uint8_t * input, uint32_t input_length, unsigned ique_flag, mpz_t hash_out) { SHA1_HASH hash; Sha1Context context; - + Sha1Initialise(&context); Sha1Update(&context, input, input_length); if (ique_flag) { @@ -125,7 +125,7 @@ void sha1(const uint8_t * input, uint32_t input_length, unsigned ique_flag, mpz_ mpz_import(hash_out, 20, 1, sizeof(hash.bytes[0]), 0, 0, (void *)hash.bytes); } -void ecdh(const element private_key, const ec_point * public_key, ec_point * shared_secret_output) { +void ecdh(const element private_key, const ec_point * public_key, ec_point * shared_secret_output) { ec_point_mul(private_key, public_key, shared_secret_output); } @@ -149,11 +149,11 @@ void ecdsa_sign(const mpz_t z, const element private_key, element r_out, element gf2m_copy(G_X, G.x); gf2m_copy(G_Y, G.y); ec_point_mul(k_elem, &G, &P); - + // Calculate r = x_p mod n gf2m_to_mpz(P.x, x_p); mpz_mod(r, x_p, n); - + // Calculate s = k^-1(z + rD) mod n if (mpz_invert(k_inv, k, n) == 0) { fprintf(stderr, "An error occurred while calculating the inverse of k mod n.\n"); @@ -173,39 +173,39 @@ void ecdsa_sign(const mpz_t z, const element private_key, element r_out, element } int ecdsa_verify(const mpz_t z, const ec_point * public_key, const element r_input, const element s_input) { - ec_point Q, test; - ec_point_copy(public_key, &Q); - element zero = { 0 }; + ec_point Q, test; + ec_point_copy(public_key, &Q); + element zero = { 0 }; - // If Q is the identity, Q is invalid - if (gf2m_is_equal(Q.x, zero) && gf2m_is_equal(Q.y, zero)) { + // If Q is the identity, Q is invalid + if (gf2m_is_equal(Q.x, zero) && gf2m_is_equal(Q.y, zero)) { return 0; - } - // If Q is not a point on the curve, Q is invalid - if (!ec_point_on_curve(&Q)) { + } + // If Q is not a point on the curve, Q is invalid + if (!ec_point_on_curve(&Q)) { return 0; - } - // If nQ is not the identity, Q is invalid (or n is messed up) - ec_point_mul(G_ORDER, &Q, &test); - if (!(gf2m_is_equal(test.x, zero) && gf2m_is_equal(test.y, zero))) { + } + // If nQ is not the identity, Q is invalid (or n is messed up) + ec_point_mul(G_ORDER, &Q, &test); + if (!(gf2m_is_equal(test.x, zero) && gf2m_is_equal(test.y, zero))) { return 0; - } + } - // Public key is valid, now verify signature... + // Public key is valid, now verify signature... mpz_t r, s, n; init_mpz_list(3, r, s, n); gf2m_to_mpz(r_input, r); gf2m_to_mpz(s_input, s); gf2m_to_mpz(G_ORDER, n); - // If r or s are not in [1, n - 1], sig is invalid + // If r or s are not in [1, n - 1], sig is invalid if ( (mpz_cmp_ui(r, 1) < 0 || mpz_cmp(r, n) > 0 || mpz_cmp(r, n) == 0) || (mpz_cmp_ui(s, 1) < 0 || mpz_cmp(s, n) > 0 || mpz_cmp(s, n) == 0) ) { clear_mpz_list(3, r, s, n); - return 0; - } + return 0; + } - // Calculate u_1 and u_2 + // Calculate u_1 and u_2 mpz_t s_inv, u_1, u_2; init_mpz_list(3, s_inv, u_1, u_2); @@ -219,28 +219,28 @@ int ecdsa_verify(const mpz_t z, const ec_point * public_key, const element r_inp mpz_mul(u_2, r, s_inv); mpz_mod(u_2, u_2, n); - // Calculate P3 = u_1G + u_2Q - element u_1_elem, u_2_elem; + // Calculate P3 = u_1G + u_2Q + element u_1_elem, u_2_elem; mpz_to_gf2m(u_1, u_1_elem); - mpz_to_gf2m(u_2, u_2_elem); - ec_point G, P1, P2, P3; - gf2m_copy(G_X, G.x); - gf2m_copy(G_Y, G.y); + mpz_to_gf2m(u_2, u_2_elem); + ec_point G, P1, P2, P3; + gf2m_copy(G_X, G.x); + gf2m_copy(G_Y, G.y); - ec_point_mul(u_1_elem, &G, &P1); - ec_point_mul(u_2_elem, &Q, &P2); - ec_point_add(&P1, &P2, &P3); + ec_point_mul(u_1_elem, &G, &P1); + ec_point_mul(u_2_elem, &Q, &P2); + ec_point_add(&P1, &P2, &P3); - // If P3 is the identity, sig is invalid - if (gf2m_is_equal(P3.x, zero) && gf2m_is_equal(P3.y, zero)) { + // If P3 is the identity, sig is invalid + if (gf2m_is_equal(P3.x, zero) && gf2m_is_equal(P3.y, zero)) { clear_mpz_list(6, r, s, n, s_inv, u_1, u_2); - return 0; - } - - // And finally, is r congruent to P3.x mod n? + return 0; + } + + // And finally, is r congruent to P3.x mod n? mpz_t x_p; mpz_init(x_p); - gf2m_to_mpz(P3.x, x_p); + gf2m_to_mpz(P3.x, x_p); int is_congruent = mpz_congruent_p(r, x_p, n) != 0; clear_mpz_list(7, r, s, n, s_inv, u_1, u_2, x_p);