VerificationVerdict verify(const DigitalSignature & data, const DataInputPolicy * dip = NULL)
{
if ( ! _isPublicKeyLoaded )
throw std::exception();
ZZ t = OS2IP(data.R);
ZZ s = OS2IP(data.S);
if ((L(t) > _Ln ||
(IsZero(t))) ||
(s > _Curve.getOrder()))
return VerificationVerdict();
t %= _Curve.getOrder();
_Curve.enter_mod_context(EC_Dscr::aEC::FIELD_CONTEXT);
typename EC_Dscr::aECP R = toAffine(_publicKey * t + _BasePoint * s);
_Curve.leave_mod_context();
const Octet P = EC2OSP(R, EC_Dscr::aEC::EC2OSP_COMPRESSED);
const ZZ d = (t - OS2IP(P)) % _Curve.getOrder();
Octet vdata = I2OSP(d);
/* MAKE CHECKS */
const DSSDataOutput vmsg =
dip == NULL ?
_ECNR_Data.createOutput(vdata) :
TDataInput<ECNR_Input>(*dip).createOutput(vdata);
ManagedBlob M = vmsg.M_rec || data.M_clr;
const DSSDataInput vsign =
dip == NULL ?
_ECNR_Data.createInput(M, P) :
TDataInput<ECNR_Input>(*dip).createInput(M, P);
if (vsign.d == vmsg.d_pad)
{
return VerificationVerdict(M);
}
else
{
return VerificationVerdict();
}
}
DigitalSignature sign(const ManagedBlob & data, const DataInputPolicy * dip = NULL)
{
if (! _isPrivateKeyLoaded)
throw std::exception();
const ZZ k = OS2IP(_PRNG()) % _Curve.getOrder();
Octet P;
do
{
_Curve.enter_mod_context(EC_Dscr::aEC::FIELD_CONTEXT);
const typename EC_Dscr::aECP PP = toAffine(_BasePoint * k);
_Curve.leave_mod_context();
if (PP.isZero())
continue;
P = EC2OSP(PP, EC_Dscr::aEC::EC2OSP_COMPRESSED);
break;
}
while(1);
/* FIX IT */
const DSSDataInput SignData =
dip == NULL ?
_ECNR_Data.createInput(data, P) :
TDataInput<ECNR_Input>(*dip).createInput(data, P);
_Curve.enter_mod_context(EC_Dscr::aEC::ORDER_CONTEXT);
const ZZ_p pi = InMod(OS2IP(P));
const ZZ_p d = InMod(OS2IP(SignData.d));
const ZZ_p r = (d + pi);
const ZZ_p s = (InMod(k) - InMod(_privateKey)*r);
_Curve.leave_mod_context();
const ByteSeq R = I2OSP(r,_Ln);
const ByteSeq S = I2OSP(s,_Ln);
return DigitalSignature(R, S, SignData.M_clr);
}
ECPoint ECCurve::multiplyPoint(BigInteger &k, ECPoint &p)
{
BigInteger m = k;
ECPointJacobian q = toJacobian(p);
m = m % _q;
ECPointJacobian r;
while (!m.isZero()) {
if (m.lsb()) {
r = addJacobian(r, q);
}
m = m.rshift(1);
q = doubleJacobian(q);
}
return toAffine(r);
}
virtual Octet generatePublicKey()
{
if (! _isPrivateKeyLoaded)
throw std::exception(); // Operation unaviable
_Curve.enter_mod_context(EC_Dscr::aEC::FIELD_CONTEXT);
_publicKey = _BasePoint * _privateKey;
typename EC_Dscr::aECP _AffinePublicKey = toAffine(_publicKey);
_Curve.leave_mod_context();
_isPublicKeyLoaded = true;
setPublicKeyHook();
return FE2OSP(_AffinePublicKey.getX(), _Lcm) ||
FE2OSP(_AffinePublicKey.getY(), _Lcm);
}
