diff options
Diffstat (limited to 'botan/src/pubkey/ecdsa')
| -rw-r--r-- | botan/src/pubkey/ecdsa/ecdsa.cpp | 230 | ||||
| -rw-r--r-- | botan/src/pubkey/ecdsa/ecdsa.h | 145 | ||||
| -rw-r--r-- | botan/src/pubkey/ecdsa/ecdsa_core.cpp | 55 | ||||
| -rw-r--r-- | botan/src/pubkey/ecdsa/ecdsa_core.h | 47 | ||||
| -rw-r--r-- | botan/src/pubkey/ecdsa/ecdsa_op.cpp | 129 | ||||
| -rw-r--r-- | botan/src/pubkey/ecdsa/ecdsa_op.h | 64 | ||||
| -rw-r--r-- | botan/src/pubkey/ecdsa/info.txt | 25 |
7 files changed, 0 insertions, 695 deletions
diff --git a/botan/src/pubkey/ecdsa/ecdsa.cpp b/botan/src/pubkey/ecdsa/ecdsa.cpp deleted file mode 100644 index 9640c63..0000000 --- a/botan/src/pubkey/ecdsa/ecdsa.cpp +++ /dev/null @@ -1,230 +0,0 @@ -/* -* ECDSA implemenation -* (C) 2007 Manuel Hartl, FlexSecure GmbH -* 2007 Falko Strenzke, FlexSecure GmbH -* 2008 Jack Lloyd -* -* Distributed under the terms of the Botan license -*/ - -#include <botan/ecdsa.h> -#include <botan/numthry.h> -#include <botan/util.h> -#include <botan/der_enc.h> -#include <botan/ber_dec.h> -#include <botan/secmem.h> -#include <botan/point_gfp.h> - -namespace Botan { - -ECDSA_PrivateKey::ECDSA_PrivateKey(RandomNumberGenerator& rng, - const EC_Domain_Params& dom_pars) - { - mp_dom_pars = std::auto_ptr<EC_Domain_Params>(new EC_Domain_Params(dom_pars)); - generate_private_key(rng); - - try - { - mp_public_point->check_invariants(); - } - catch(Illegal_Point& e) - { - throw Invalid_State("ECDSA key generation failed"); - } - - m_ecdsa_core = ECDSA_Core(*mp_dom_pars, m_private_value, *mp_public_point); - } - -/* -* ECDSA_PublicKey -*/ -void ECDSA_PublicKey::affirm_init() const // virtual - { - EC_PublicKey::affirm_init(); - } - -void ECDSA_PublicKey::set_domain_parameters(const EC_Domain_Params& dom_pars) - { - if(mp_dom_pars.get()) - { - // they are already set, we must ensure that they are equal to the arg - if(dom_pars != *mp_dom_pars.get()) - throw Invalid_Argument("EC_PublicKey::set_domain_parameters - cannot reset to a new value"); - - return; - } - - if(m_enc_public_point.size() == 0) - throw Invalid_State("EC_PublicKey::set_domain_parameters(): encoded public point isn't set"); - - // now try to decode the public key ... - PointGFp tmp_pp(OS2ECP(m_enc_public_point, dom_pars.get_curve())); - try - { - tmp_pp.check_invariants(); - } - catch(Illegal_Point e) - { - throw Invalid_State("EC_PublicKey::set_domain_parameters(): point does not lie on provided curve"); - } - - std::auto_ptr<EC_Domain_Params> p_tmp_pars(new EC_Domain_Params(dom_pars)); - ECDSA_Core tmp_ecdsa_core(*p_tmp_pars, BigInt(0), tmp_pp); - mp_public_point.reset(new PointGFp(tmp_pp)); - m_ecdsa_core = tmp_ecdsa_core; - mp_dom_pars = p_tmp_pars; - } - -void ECDSA_PublicKey::set_all_values(const ECDSA_PublicKey& other) - { - m_param_enc = other.m_param_enc; - m_ecdsa_core = other.m_ecdsa_core; - m_enc_public_point = other.m_enc_public_point; - if(other.mp_dom_pars.get()) - mp_dom_pars.reset(new EC_Domain_Params(other.domain_parameters())); - - if(other.mp_public_point.get()) - mp_public_point.reset(new PointGFp(other.public_point())); - } - -ECDSA_PublicKey::ECDSA_PublicKey(const ECDSA_PublicKey& other) - : Public_Key(), - EC_PublicKey(), - PK_Verifying_wo_MR_Key() - { - set_all_values(other); - } - -const ECDSA_PublicKey& ECDSA_PublicKey::operator=(const ECDSA_PublicKey& rhs) - { - set_all_values(rhs); - return *this; - } - -bool ECDSA_PublicKey::verify(const byte message[], - u32bit mess_len, - const byte signature[], - u32bit sig_len) const - { - affirm_init(); - - BigInt r, s; - - BER_Decoder(signature, sig_len) - .start_cons(SEQUENCE) - .decode(r) - .decode(s) - .end_cons() - .verify_end(); - - u32bit enc_len = std::max(r.bytes(), s.bytes()); - - SecureVector<byte> sv_plain_sig; - - sv_plain_sig.append(BigInt::encode_1363(r, enc_len)); - sv_plain_sig.append(BigInt::encode_1363(s, enc_len)); - - return m_ecdsa_core.verify(sv_plain_sig, sv_plain_sig.size(), - message, mess_len); - } - -ECDSA_PublicKey::ECDSA_PublicKey(const EC_Domain_Params& dom_par, - const PointGFp& public_point) - { - mp_dom_pars = std::auto_ptr<EC_Domain_Params>(new EC_Domain_Params(dom_par)); - mp_public_point = std::auto_ptr<PointGFp>(new PointGFp(public_point)); - m_param_enc = ENC_EXPLICIT; - m_ecdsa_core = ECDSA_Core(*mp_dom_pars, BigInt(0), *mp_public_point); - } - -void ECDSA_PublicKey::X509_load_hook() - { - EC_PublicKey::X509_load_hook(); - EC_PublicKey::affirm_init(); - m_ecdsa_core = ECDSA_Core ( *mp_dom_pars, BigInt ( 0 ), *mp_public_point ); - } - -u32bit ECDSA_PublicKey::max_input_bits() const - { - if(!mp_dom_pars.get()) - { - throw Invalid_State("ECDSA_PublicKey::max_input_bits(): domain parameters not set"); - } - return mp_dom_pars->get_order().bits(); - } - -/************************* -* ECDSA_PrivateKey -*************************/ -void ECDSA_PrivateKey::affirm_init() const // virtual - { - EC_PrivateKey::affirm_init(); - } - -void ECDSA_PrivateKey::PKCS8_load_hook(bool generated) - { - EC_PrivateKey::PKCS8_load_hook(generated); - EC_PrivateKey::affirm_init(); - m_ecdsa_core = ECDSA_Core(*mp_dom_pars, m_private_value, *mp_public_point); - } - -void ECDSA_PrivateKey::set_all_values(const ECDSA_PrivateKey& other) - { - m_private_value = other.m_private_value; - m_param_enc = other.m_param_enc; - m_ecdsa_core = other.m_ecdsa_core; - m_enc_public_point = other.m_enc_public_point; - - if(other.mp_dom_pars.get()) - mp_dom_pars.reset(new EC_Domain_Params(other.domain_parameters())); - - if(other.mp_public_point.get()) - mp_public_point.reset(new PointGFp(other.public_point())); - } - -ECDSA_PrivateKey::ECDSA_PrivateKey(ECDSA_PrivateKey const& other) - : Public_Key(), - EC_PublicKey(), - Private_Key(), - ECDSA_PublicKey(), - EC_PrivateKey(), - PK_Signing_Key() - { - set_all_values(other); - } - - -const ECDSA_PrivateKey& ECDSA_PrivateKey::operator=(const ECDSA_PrivateKey& rhs) - { - set_all_values(rhs); - return *this; - } - -SecureVector<byte> ECDSA_PrivateKey::sign(const byte message[], - u32bit mess_len, - RandomNumberGenerator& rng) const - { - affirm_init(); - - SecureVector<byte> sv_sig = m_ecdsa_core.sign(message, mess_len, rng); - - if(sv_sig.size() % 2 != 0) - throw Invalid_Argument("Erroneous length of signature"); - - u32bit rs_len = sv_sig.size() / 2; - SecureVector<byte> sv_r, sv_s; - sv_r.set(sv_sig.begin(), rs_len); - sv_s.set(&sv_sig[rs_len], rs_len); - - BigInt r = BigInt::decode(sv_r, sv_r.size()); - BigInt s = BigInt::decode(sv_s, sv_s.size()); - - return DER_Encoder() - .start_cons(SEQUENCE) - .encode(r) - .encode(s) - .end_cons() - .get_contents(); - } - -} diff --git a/botan/src/pubkey/ecdsa/ecdsa.h b/botan/src/pubkey/ecdsa/ecdsa.h deleted file mode 100644 index 3794457..0000000 --- a/botan/src/pubkey/ecdsa/ecdsa.h +++ /dev/null @@ -1,145 +0,0 @@ -/* -* ECDSA -* (C) 2007 Falko Strenzke, FlexSecure GmbH -* Manuel Hartl, FlexSecure GmbH -* (C) 2008 Jack Lloyd -* -* Distributed under the terms of the Botan license -*/ - -#ifndef BOTAN_ECDSA_KEY_H__ -#define BOTAN_ECDSA_KEY_H__ - -#include <botan/ecc_key.h> -#include <botan/ecdsa_core.h> - -namespace Botan { - -/** -* This class represents ECDSA Public Keys. -*/ -class BOTAN_DLL ECDSA_PublicKey : public virtual EC_PublicKey, - public PK_Verifying_wo_MR_Key - { - public: - - /** - * Get this keys algorithm name. - * @result this keys algorithm name ("ECDSA") - */ - std::string algo_name() const { return "ECDSA"; } - - /** - * Get the maximum number of bits allowed to be fed to this key. - * This is the bitlength of the order of the base point. - - * @result the maximum number of input bits - */ - u32bit max_input_bits() const; - - /** - * Verify a message with this key. - * @param message the byte array containing the message - * @param mess_len the number of bytes in the message byte array - * @param signature the byte array containing the signature - * @param sig_len the number of bytes in the signature byte array - */ - bool verify(const byte message[], u32bit mess_len, - const byte signature[], u32bit sig_len) const; - - /** - * Default constructor. Use this one if you want to later fill - * this object with data from an encoded key. - */ - ECDSA_PublicKey() {} - - /** - * Construct a public key from a given public point. - * @param dom_par the domain parameters associated with this key - * @param public_point the public point defining this key - */ - ECDSA_PublicKey(const EC_Domain_Params& dom_par, - const PointGFp& public_point); // sets core - - ECDSA_PublicKey const& operator=(const ECDSA_PublicKey& rhs); - - ECDSA_PublicKey(const ECDSA_PublicKey& other); - - /** - * Set the domain parameters of this key. This function has to be - * used when a key encoded without domain parameters was decoded into - * this key. Otherwise it will not be able to verify a signature. - * @param dom_pars the domain_parameters associated with this key - * @throw Invalid_Argument if the point was found not to be satisfying the - * curve equation of the provided domain parameters - * or if this key already has domain parameters set - * and these are differing from those given as the parameter - */ - void set_domain_parameters(const EC_Domain_Params& dom_pars); - - /** - * Ensure that the public point and domain parameters of this key are set. - * @throw Invalid_State if either of the two data members is not set - */ - virtual void affirm_init() const; - - protected: - void X509_load_hook(); - virtual void set_all_values(const ECDSA_PublicKey& other); - - ECDSA_Core m_ecdsa_core; - }; - -/** -* This class represents ECDSA Private Keys -*/ -class BOTAN_DLL ECDSA_PrivateKey : public ECDSA_PublicKey, - public EC_PrivateKey, - public PK_Signing_Key - { - public: - //ctors - - /** - * Default constructor. Use this one if you want to later fill - * this object with data from an encoded key. - */ - ECDSA_PrivateKey() {} - - /** - * Generate a new private key - * @param the domain parameters to used for this key - */ - ECDSA_PrivateKey(RandomNumberGenerator& rng, - const EC_Domain_Params& domain); - - ECDSA_PrivateKey(const ECDSA_PrivateKey& other); - ECDSA_PrivateKey const& operator=(const ECDSA_PrivateKey& rhs); - - /** - * Sign a message with this key. - * @param message the byte array representing the message to be signed - * @param mess_len the length of the message byte array - * @result the signature - */ - - SecureVector<byte> sign(const byte message[], u32bit mess_len, - RandomNumberGenerator& rng) const; - - /** - * Make sure that the public key parts of this object are set - * (calls EC_PublicKey::affirm_init()) as well as the private key - * value. - * @throw Invalid_State if the above conditions are not satisfied - */ - virtual void affirm_init() const; - - protected: - virtual void set_all_values(const ECDSA_PrivateKey& other); - private: - void PKCS8_load_hook(bool = false); - }; - -} - -#endif diff --git a/botan/src/pubkey/ecdsa/ecdsa_core.cpp b/botan/src/pubkey/ecdsa/ecdsa_core.cpp deleted file mode 100644 index 93808cc..0000000 --- a/botan/src/pubkey/ecdsa/ecdsa_core.cpp +++ /dev/null @@ -1,55 +0,0 @@ -/* -* ECDSA Core -* (C) 1999-2007 Jack Lloyd -* (C) 2007 FlexSecure GmbH -* -* Distributed under the terms of the Botan license -*/ - -#include <botan/ecdsa_core.h> -#include <botan/numthry.h> -#include <botan/pk_engine.h> -#include <botan/parsing.h> -#include <algorithm> - -namespace Botan { - -/* -* ECDSA Operation -*/ -bool ECDSA_Core::verify(const byte signature[], u32bit sig_len, - const byte message[], u32bit mess_len) const - { - //assert(op.get()); - return op->verify(signature, sig_len, message, mess_len); - } - -SecureVector<byte> ECDSA_Core::sign(const byte message[], - u32bit mess_len, - RandomNumberGenerator& rng) const - { - //assert(op.get()); - return op->sign(message, mess_len, rng); - } - -ECDSA_Core& ECDSA_Core::operator=(const ECDSA_Core& core) - { - delete op; - if(core.op) - op = core.op->clone(); - return (*this); - } - -ECDSA_Core::ECDSA_Core(const ECDSA_Core& core) - { - op = 0; - if(core.op) - op = core.op->clone(); - } - -ECDSA_Core::ECDSA_Core(EC_Domain_Params const& dom_pars, const BigInt& priv_key, PointGFp const& pub_key) - { - op = Engine_Core::ecdsa_op(dom_pars, priv_key, pub_key); - } - -} diff --git a/botan/src/pubkey/ecdsa/ecdsa_core.h b/botan/src/pubkey/ecdsa/ecdsa_core.h deleted file mode 100644 index ceccc94..0000000 --- a/botan/src/pubkey/ecdsa/ecdsa_core.h +++ /dev/null @@ -1,47 +0,0 @@ -/* -* ECDSA Core -* (C) 1999-2007 Jack Lloyd -* (C) 2007 FlexSecure GmbH -* -* Distributed under the terms of the Botan license -*/ - -#ifndef BOTAN_ECDSA_CORE_H__ -#define BOTAN_ECDSA_CORE_H__ - -#include <botan/ecdsa_op.h> -#include <botan/blinding.h> -#include <botan/ec_dompar.h> - -namespace Botan { - -/* -* ECDSA Core -*/ -class BOTAN_DLL ECDSA_Core - { - public: - bool verify(const byte signature[], u32bit sig_len, - const byte message[], u32bit mess_len) const; - - SecureVector<byte> sign(const byte message[], u32bit mess_len, - RandomNumberGenerator& rng) const; - - ECDSA_Core& operator=(const ECDSA_Core&); - - ECDSA_Core() { op = 0; } - - ECDSA_Core(const ECDSA_Core&); - - ECDSA_Core(const EC_Domain_Params& dom_pars, - const BigInt& priv_key, - const PointGFp& pub_key); - - ~ECDSA_Core() { delete op; } - private: - ECDSA_Operation* op; - }; - -} - -#endif diff --git a/botan/src/pubkey/ecdsa/ecdsa_op.cpp b/botan/src/pubkey/ecdsa/ecdsa_op.cpp deleted file mode 100644 index 986043e..0000000 --- a/botan/src/pubkey/ecdsa/ecdsa_op.cpp +++ /dev/null @@ -1,129 +0,0 @@ -/* -* ECDSA Operation -* (C) 2007 FlexSecure GmbH -* 2008 Jack Lloyd -* -* Distributed under the terms of the Botan license -*/ - -#include <botan/ecdsa_op.h> -#include <botan/numthry.h> - -namespace Botan { - -bool Default_ECDSA_Op::verify(const byte signature[], u32bit sig_len, - const byte message[], u32bit mess_len) const - { - if(sig_len % 2 != 0) - throw Invalid_Argument("Erroneous length of signature"); - - //NOTE: it is not checked whether the public point is set - if(m_dom_pars.get_curve().get_p() == 0) - throw Internal_Error("domain parameters not set"); - - BigInt e(message, mess_len); - - u32bit rs_len = sig_len/2; - SecureVector<byte> sv_r; - SecureVector<byte> sv_s; - sv_r.set(signature, rs_len); - sv_s.set(signature+rs_len, rs_len); - BigInt r = BigInt::decode ( sv_r, sv_r.size()); - BigInt s = BigInt::decode (sv_s, sv_s.size()); - - if(r < 0 || r >= m_dom_pars.get_order()) - throw Invalid_Argument("r in ECDSA signature has an illegal value"); - - if(s < 0 || s >= m_dom_pars.get_order()) - throw Invalid_Argument("s in ECDSA signature has an illegal value"); - - BigInt w = inverse_mod(s, m_dom_pars.get_order()); - - PointGFp R = w*(e*m_dom_pars.get_base_point() + r*m_pub_key); - if(R.is_zero()) - return false; - - BigInt x = R.get_affine_x().get_value(); - bool result = (x % m_dom_pars.get_order() == r); - return result; - } - -SecureVector<byte> Default_ECDSA_Op::sign(const byte message[], - u32bit mess_len, - RandomNumberGenerator& rng) const - { - if(m_priv_key == 0) - throw Internal_Error("Default_ECDSA_Op::sign(): no private key"); - - if(m_dom_pars.get_curve().get_p() == 0) - throw Internal_Error("Default_ECDSA_Op::sign(): domain parameters not set"); - - BigInt e(message, mess_len); - - // generate k - BigInt k; - BigInt r(0); - const BigInt n(m_dom_pars.get_order()); - while(r == 0) - { - k = BigInt::random_integer(rng, 1, n); - - PointGFp k_times_P(m_dom_pars.get_base_point()); - k_times_P.mult_this_secure(k, n, n-1); - k_times_P.check_invariants(); - r = k_times_P.get_affine_x().get_value() % n; - } - BigInt k_inv = inverse_mod(k, n); - - // use randomization against attacks on s: - // a = k_inv * (r*(d + x) + e) mod n - // b = k_inv * r * x mod n - // s = a - b mod n - // where x is a random integer - -#if defined(CMS_RAND) - BigInt x = BigInt::random_integer(0, n); - BigInt s = m_priv_key + x; // obscure the secret from the beginning - // all following operations thus are randomized - s *= r; - s += e; - s *= k_inv; - s %= n; - - BigInt b = x; // again, start with the random number - b *= r; - b *= k_inv; - b %= n; - s -= b; // s = a - b - if(s <= 0) // s %= n - { - s += n; - } -#else // CMS_RAND - // no countermeasure here - BigInt s(r); - s *= m_priv_key; - s += e; - s *= k_inv; - s %= n; - -#endif // CMS_RAND - - SecureVector<byte> sv_r = BigInt::encode_1363 ( r, m_dom_pars.get_order().bytes() ); - SecureVector<byte> sv_s = BigInt::encode_1363 ( s, m_dom_pars.get_order().bytes() ); - - SecureVector<byte> result(sv_r); - result.append(sv_s); - return result; - } - -Default_ECDSA_Op::Default_ECDSA_Op(const EC_Domain_Params& dom_pars, const BigInt& priv_key, const PointGFp& pub_key) - : m_dom_pars(dom_pars), - m_pub_key(pub_key), - m_priv_key(priv_key) - { - - } - -} - diff --git a/botan/src/pubkey/ecdsa/ecdsa_op.h b/botan/src/pubkey/ecdsa/ecdsa_op.h deleted file mode 100644 index 25831a9..0000000 --- a/botan/src/pubkey/ecdsa/ecdsa_op.h +++ /dev/null @@ -1,64 +0,0 @@ -/* -* ECDSA Operations -* (C) 1999-2008 Jack Lloyd -* (C) 2007 FlexSecure GmbH -* -* Distributed under the terms of the Botan license -*/ - -#ifndef BOTAN_ECDSA_OPERATIONS_H__ -#define BOTAN_ECDSA_OPERATIONS_H__ - -#include <botan/ec_dompar.h> -#include <botan/rng.h> - -namespace Botan { - -/* -* ECDSA Operation -*/ -class BOTAN_DLL ECDSA_Operation - { - public: - virtual bool verify(const byte sig[], u32bit sig_len, - const byte msg[], u32bit msg_len) const = 0; - - virtual SecureVector<byte> sign(const byte message[], - u32bit mess_len, - RandomNumberGenerator&) const = 0; - - virtual ECDSA_Operation* clone() const = 0; - - virtual ~ECDSA_Operation() {} - }; - - -/* -* Default ECDSA operation -*/ -class BOTAN_DLL Default_ECDSA_Op : public ECDSA_Operation - { - public: - bool verify(const byte signature[], u32bit sig_len, - const byte message[], u32bit mess_len) const; - - SecureVector<byte> sign(const byte message[], u32bit mess_len, - RandomNumberGenerator& rng) const; - - ECDSA_Operation* clone() const - { - return new Default_ECDSA_Op(*this); - } - - Default_ECDSA_Op(const EC_Domain_Params& dom_pars, - const BigInt& priv_key, - const PointGFp& pub_key); - private: - EC_Domain_Params m_dom_pars; - PointGFp m_pub_key; - BigInt m_priv_key; - }; - -} - -#endif diff --git a/botan/src/pubkey/ecdsa/info.txt b/botan/src/pubkey/ecdsa/info.txt deleted file mode 100644 index 743440f..0000000 --- a/botan/src/pubkey/ecdsa/info.txt +++ /dev/null @@ -1,25 +0,0 @@ -realname "ECDSA" - -define ECDSA - -load_on auto - -<add> -ecdsa.cpp -ecdsa.h -ecdsa_core.cpp -ecdsa_core.h -ecdsa_op.cpp -ecdsa_op.h -</add> - -<requires> -alloc -asn1 -ec_dompar -ecc_key -gfpmath -libstate -numbertheory -rng -</requires> |