uint8_t dsa_verify_bigint(const dsa_signature_t* s, const bigint_t* m,
const dsa_ctx_t* ctx) {
if(s->r.length_B==0 || s->s.length_B==0) {
return DSA_SIGNATURE_FAIL;
}
if(bigint_cmp_u(&(s->r), &(ctx->domain.q))>=0 || bigint_cmp_u(&(s->s), &(ctx->domain.q))>=0) {
return DSA_SIGNATURE_FAIL;
}
bigint_t w, u1, u2, v1, v2;
uint8_t w_b[ctx->domain.q.length_B], u1_b[ctx->domain.q.length_B*2], u2_b[ctx->domain.q.length_B*2];
uint8_t v1_b[ctx->domain.p.length_B*2], v2_b[ctx->domain.p.length_B];
w.wordv = w_b;
u1.wordv = u1_b;
u2.wordv = u2_b;
v1.wordv = v1_b;
v2.wordv = v2_b;
bigint_inverse(&w, &(s->s), &(ctx->domain.q));
bigint_mul_u(&u1, &w, m);
bigint_reduce(&u1, &(ctx->domain.q));
bigint_mul_u(&u2, &w, &(s->r));
bigint_reduce(&u2, &(ctx->domain.q));
bigint_expmod_u(&v1, &(ctx->domain.g), &u1, &(ctx->domain.p));
bigint_expmod_u(&v2, &(ctx->pub), &u2, &(ctx->domain.p));
bigint_mul_u(&v1, &v1, &v2);
bigint_reduce(&v1, &(ctx->domain.p));
bigint_reduce(&v1, &(ctx->domain.q));
if(bigint_cmp_u(&v1, &(s->r))==0) {
return DSA_SIGNATURE_OK;
}
return DSA_SIGNATURE_FAIL;
}
void testrun_performance_invert_bigint(void){
printf_P(PSTR("\n=== performance measurement (invert) ===\n"));
unsigned i,j;
uint64_t time = 0;
bigint_t a, v;
bigint_word_t v_w[192 / BIGINT_WORD_SIZE];
bigint_word_t a_w[192 / BIGINT_WORD_SIZE];
a.wordv = a_w;
v.wordv = v_w;
for(j = 0; j < 32; ++j){
for(i = 0; i < 192 / BIGINT_WORD_SIZE; ++i){
((uint8_t*)v_w)[i] = random();
}
v.length_W = 192 / BIGINT_WORD_SIZE;
v.info = 0;
bigint_adjust(&v);
for(i = 0; i < 16; ++i){
startTimer(1);
START_TIMER;
bigint_inverse(&a, &v, &nist_curve_p192_p);
STOP_TIMER;
time += stopTimer();
}
}
time >>= 8;
++time;
time >>= 1;
printf_P(PSTR(" invert costs %"PRIu32" cycles\n"), (uint32_t)time);
}
