1
0
mirror of https://github.com/PurpleI2P/i2pd.git synced 2025-01-25 07:04:18 +00:00
i2pd/libi2pd/Signature.h

538 lines
15 KiB
C
Raw Normal View History

/*
* Copyright (c) 2013-2020, The PurpleI2P Project
*
* This file is part of Purple i2pd project and licensed under BSD3
*
* See full license text in LICENSE file at top of project tree
*/
2014-08-21 11:15:04 -04:00
#ifndef SIGNATURE_H__
#define SIGNATURE_H__
#include <inttypes.h>
2015-11-03 09:15:49 -05:00
#include <string.h>
2016-05-11 16:02:26 -04:00
#include <openssl/dsa.h>
#include <openssl/ec.h>
#include <openssl/ecdsa.h>
#include <openssl/evp.h>
2015-11-03 09:15:49 -05:00
#include "Crypto.h"
2018-06-04 16:06:38 -04:00
#include "Ed25519.h"
2017-03-13 20:28:36 -04:00
#include "Gost.h"
2014-08-21 11:15:04 -04:00
namespace i2p
{
namespace crypto
{
class Verifier
{
public:
2018-01-06 11:48:51 +08:00
2014-08-21 11:15:04 -04:00
virtual ~Verifier () {};
2014-08-23 08:41:06 -04:00
virtual bool Verify (const uint8_t * buf, size_t len, const uint8_t * signature) const = 0;
virtual size_t GetPublicKeyLen () const = 0;
virtual size_t GetSignatureLen () const = 0;
2014-12-10 21:31:06 -05:00
virtual size_t GetPrivateKeyLen () const { return GetSignatureLen ()/2; };
2019-01-01 17:00:37 -05:00
virtual void SetPublicKey (const uint8_t * signingKey) = 0;
2014-08-21 11:15:04 -04:00
};
2014-08-22 16:48:30 -04:00
class Signer
2014-08-22 16:28:25 -04:00
{
public:
2018-01-06 11:48:51 +08:00
virtual ~Signer () {};
virtual void Sign (const uint8_t * buf, int len, uint8_t * signature) const = 0;
2014-08-22 16:28:25 -04:00
};
2014-10-15 14:04:23 -04:00
const size_t DSA_PUBLIC_KEY_LENGTH = 128;
2018-01-06 11:48:51 +08:00
const size_t DSA_SIGNATURE_LENGTH = 40;
2014-10-15 14:04:23 -04:00
const size_t DSA_PRIVATE_KEY_LENGTH = DSA_SIGNATURE_LENGTH/2;
2014-08-21 11:15:04 -04:00
class DSAVerifier: public Verifier
{
public:
2019-01-01 17:00:37 -05:00
DSAVerifier ()
2014-08-21 11:15:04 -04:00
{
m_PublicKey = CreateDSA ();
2019-01-01 17:00:37 -05:00
}
2019-01-01 17:00:37 -05:00
void SetPublicKey (const uint8_t * signingKey)
{
2016-11-04 10:59:55 -04:00
DSA_set0_key (m_PublicKey, BN_bin2bn (signingKey, DSA_PUBLIC_KEY_LENGTH, NULL), NULL);
2014-08-21 11:15:04 -04:00
}
2015-11-03 09:15:49 -05:00
~DSAVerifier ()
{
DSA_free (m_PublicKey);
}
2018-01-06 11:48:51 +08:00
2014-08-23 08:41:06 -04:00
bool Verify (const uint8_t * buf, size_t len, const uint8_t * signature) const
2014-08-21 11:15:04 -04:00
{
2015-11-03 09:15:49 -05:00
// calculate SHA1 digest
uint8_t digest[20];
SHA1 (buf, len, digest);
// signature
DSA_SIG * sig = DSA_SIG_new();
2016-11-04 10:59:55 -04:00
DSA_SIG_set0 (sig, BN_bin2bn (signature, DSA_SIGNATURE_LENGTH/2, NULL), BN_bin2bn (signature + DSA_SIGNATURE_LENGTH/2, DSA_SIGNATURE_LENGTH/2, NULL));
2015-11-03 09:15:49 -05:00
// DSA verification
int ret = DSA_do_verify (digest, 20, sig, m_PublicKey);
DSA_SIG_free(sig);
return ret;
2018-01-06 11:48:51 +08:00
}
2014-08-21 11:15:04 -04:00
2014-10-15 14:04:23 -04:00
size_t GetPublicKeyLen () const { return DSA_PUBLIC_KEY_LENGTH; };
size_t GetSignatureLen () const { return DSA_SIGNATURE_LENGTH; };
2018-01-06 11:48:51 +08:00
2014-08-21 11:15:04 -04:00
private:
2015-11-03 09:15:49 -05:00
DSA * m_PublicKey;
2014-08-21 14:26:15 -04:00
};
2014-08-22 16:48:30 -04:00
class DSASigner: public Signer
2014-08-22 16:28:25 -04:00
{
public:
2016-11-11 12:44:44 -05:00
DSASigner (const uint8_t * signingPrivateKey, const uint8_t * signingPublicKey)
// openssl 1.1 always requires DSA public key even for signing
2014-08-22 16:28:25 -04:00
{
m_PrivateKey = CreateDSA ();
2016-11-11 12:44:44 -05:00
DSA_set0_key (m_PrivateKey, BN_bin2bn (signingPublicKey, DSA_PUBLIC_KEY_LENGTH, NULL), BN_bin2bn (signingPrivateKey, DSA_PRIVATE_KEY_LENGTH, NULL));
2014-08-22 16:28:25 -04:00
}
2015-11-03 09:15:49 -05:00
~DSASigner ()
2014-08-22 16:28:25 -04:00
{
2015-11-03 09:15:49 -05:00
DSA_free (m_PrivateKey);
}
2018-01-06 11:48:51 +08:00
2015-11-03 09:15:49 -05:00
void Sign (const uint8_t * buf, int len, uint8_t * signature) const
{
uint8_t digest[20];
SHA1 (buf, len, digest);
DSA_SIG * sig = DSA_do_sign (digest, 20, m_PrivateKey);
2016-11-04 10:59:55 -04:00
const BIGNUM * r, * s;
DSA_SIG_get0 (sig, &r, &s);
bn2buf (r, signature, DSA_SIGNATURE_LENGTH/2);
bn2buf (s, signature + DSA_SIGNATURE_LENGTH/2, DSA_SIGNATURE_LENGTH/2);
2015-11-03 09:15:49 -05:00
DSA_SIG_free(sig);
2014-08-22 16:28:25 -04:00
}
private:
2015-11-03 09:15:49 -05:00
DSA * m_PrivateKey;
2014-08-22 16:28:25 -04:00
};
2015-11-03 09:15:49 -05:00
inline void CreateDSARandomKeys (uint8_t * signingPrivateKey, uint8_t * signingPublicKey)
2014-08-22 16:48:30 -04:00
{
DSA * dsa = CreateDSA ();
2015-11-03 09:15:49 -05:00
DSA_generate_key (dsa);
2016-11-04 10:59:55 -04:00
const BIGNUM * pub_key, * priv_key;
DSA_get0_key(dsa, &pub_key, &priv_key);
bn2buf (priv_key, signingPrivateKey, DSA_PRIVATE_KEY_LENGTH);
bn2buf (pub_key, signingPublicKey, DSA_PUBLIC_KEY_LENGTH);
2018-01-06 11:48:51 +08:00
DSA_free (dsa);
}
2014-08-22 16:48:30 -04:00
2015-11-03 09:15:49 -05:00
struct SHA256Hash
2018-01-06 11:48:51 +08:00
{
2015-11-03 09:15:49 -05:00
static void CalculateHash (const uint8_t * buf, size_t len, uint8_t * digest)
{
SHA256 (buf, len, digest);
}
enum { hashLen = 32 };
2018-01-06 11:48:51 +08:00
};
2015-11-03 09:15:49 -05:00
struct SHA384Hash
2018-01-06 11:48:51 +08:00
{
2015-11-03 09:15:49 -05:00
static void CalculateHash (const uint8_t * buf, size_t len, uint8_t * digest)
{
SHA384 (buf, len, digest);
}
enum { hashLen = 48 };
};
struct SHA512Hash
2018-01-06 11:48:51 +08:00
{
2015-11-03 09:15:49 -05:00
static void CalculateHash (const uint8_t * buf, size_t len, uint8_t * digest)
{
SHA512 (buf, len, digest);
}
enum { hashLen = 64 };
};
2018-01-06 11:48:51 +08:00
2018-09-21 11:16:38 -04:00
// EcDSA
2015-11-03 09:15:49 -05:00
template<typename Hash, int curve, size_t keyLen>
2014-11-24 20:19:13 -05:00
class ECDSAVerifier: public Verifier
2018-01-06 11:48:51 +08:00
{
2014-08-21 14:26:15 -04:00
public:
2019-01-01 17:00:37 -05:00
ECDSAVerifier ()
2014-08-21 14:26:15 -04:00
{
2015-11-03 09:15:49 -05:00
m_PublicKey = EC_KEY_new_by_curve_name (curve);
2019-01-01 17:00:37 -05:00
}
2019-01-01 17:00:37 -05:00
void SetPublicKey (const uint8_t * signingKey)
{
2016-11-23 16:41:27 -05:00
BIGNUM * x = BN_bin2bn (signingKey, keyLen/2, NULL);
BIGNUM * y = BN_bin2bn (signingKey + keyLen/2, keyLen/2, NULL);
EC_KEY_set_public_key_affine_coordinates (m_PublicKey, x, y);
BN_free (x); BN_free (y);
2014-11-24 20:19:13 -05:00
}
2014-08-21 14:26:15 -04:00
2015-11-03 09:15:49 -05:00
~ECDSAVerifier ()
{
EC_KEY_free (m_PublicKey);
}
2018-01-06 11:48:51 +08:00
2014-08-23 08:41:06 -04:00
bool Verify (const uint8_t * buf, size_t len, const uint8_t * signature) const
2014-08-21 14:26:15 -04:00
{
2015-11-03 09:15:49 -05:00
uint8_t digest[Hash::hashLen];
Hash::CalculateHash (buf, len, digest);
ECDSA_SIG * sig = ECDSA_SIG_new();
2016-11-09 15:59:01 -05:00
auto r = BN_bin2bn (signature, GetSignatureLen ()/2, NULL);
auto s = BN_bin2bn (signature + GetSignatureLen ()/2, GetSignatureLen ()/2, NULL);
ECDSA_SIG_set0(sig, r, s);
2015-11-03 09:15:49 -05:00
// ECDSA verification
int ret = ECDSA_do_verify (digest, Hash::hashLen, sig, m_PublicKey);
ECDSA_SIG_free(sig);
return ret;
2018-01-06 11:48:51 +08:00
}
2014-11-24 20:19:13 -05:00
size_t GetPublicKeyLen () const { return keyLen; };
size_t GetSignatureLen () const { return keyLen; }; // signature length = key length
2015-11-03 09:15:49 -05:00
2018-01-06 11:48:51 +08:00
2014-08-21 14:26:15 -04:00
private:
2015-11-03 09:15:49 -05:00
EC_KEY * m_PublicKey;
2014-11-24 20:19:13 -05:00
};
2014-08-22 16:28:25 -04:00
2015-11-03 09:15:49 -05:00
template<typename Hash, int curve, size_t keyLen>
2014-11-24 20:19:13 -05:00
class ECDSASigner: public Signer
2014-08-22 16:28:25 -04:00
{
public:
2015-11-03 09:15:49 -05:00
ECDSASigner (const uint8_t * signingPrivateKey)
2014-08-22 16:28:25 -04:00
{
2015-11-03 09:15:49 -05:00
m_PrivateKey = EC_KEY_new_by_curve_name (curve);
2018-01-06 11:48:51 +08:00
EC_KEY_set_private_key (m_PrivateKey, BN_bin2bn (signingPrivateKey, keyLen/2, NULL));
2014-08-22 16:28:25 -04:00
}
2015-11-03 09:15:49 -05:00
~ECDSASigner ()
2014-08-22 16:28:25 -04:00
{
2015-11-03 09:15:49 -05:00
EC_KEY_free (m_PrivateKey);
}
2018-01-06 11:48:51 +08:00
2015-11-03 09:15:49 -05:00
void Sign (const uint8_t * buf, int len, uint8_t * signature) const
{
uint8_t digest[Hash::hashLen];
Hash::CalculateHash (buf, len, digest);
ECDSA_SIG * sig = ECDSA_do_sign (digest, Hash::hashLen, m_PrivateKey);
2016-11-09 15:59:01 -05:00
const BIGNUM * r, * s;
ECDSA_SIG_get0 (sig, &r, &s);
2015-11-03 09:15:49 -05:00
// signatureLen = keyLen
2016-11-09 15:59:01 -05:00
bn2buf (r, signature, keyLen/2);
bn2buf (s, signature + keyLen/2, keyLen/2);
2015-11-03 09:15:49 -05:00
ECDSA_SIG_free(sig);
2014-08-22 16:28:25 -04:00
}
private:
2015-11-03 09:15:49 -05:00
EC_KEY * m_PrivateKey;
2014-08-22 16:28:25 -04:00
};
2014-08-22 16:48:30 -04:00
2015-11-03 09:15:49 -05:00
inline void CreateECDSARandomKeys (int curve, size_t keyLen, uint8_t * signingPrivateKey, uint8_t * signingPublicKey)
2014-08-22 16:48:30 -04:00
{
2015-11-03 09:15:49 -05:00
EC_KEY * signingKey = EC_KEY_new_by_curve_name (curve);
EC_KEY_generate_key (signingKey);
bn2buf (EC_KEY_get0_private_key (signingKey), signingPrivateKey, keyLen/2);
BIGNUM * x = BN_new(), * y = BN_new();
EC_POINT_get_affine_coordinates_GFp (EC_KEY_get0_group(signingKey),
EC_KEY_get0_public_key (signingKey), x, y, NULL);
bn2buf (x, signingPublicKey, keyLen/2);
bn2buf (y, signingPublicKey + keyLen/2, keyLen/2);
BN_free (x); BN_free (y);
2018-01-06 11:48:51 +08:00
EC_KEY_free (signingKey);
2015-11-03 09:15:49 -05:00
}
2014-11-24 20:19:13 -05:00
// ECDSA_SHA256_P256
2018-01-06 11:48:51 +08:00
const size_t ECDSAP256_KEY_LENGTH = 64;
2015-11-03 09:15:49 -05:00
typedef ECDSAVerifier<SHA256Hash, NID_X9_62_prime256v1, ECDSAP256_KEY_LENGTH> ECDSAP256Verifier;
typedef ECDSASigner<SHA256Hash, NID_X9_62_prime256v1, ECDSAP256_KEY_LENGTH> ECDSAP256Signer;
2014-11-24 20:19:13 -05:00
2015-11-03 09:15:49 -05:00
inline void CreateECDSAP256RandomKeys (uint8_t * signingPrivateKey, uint8_t * signingPublicKey)
2014-11-24 20:19:13 -05:00
{
2015-11-03 09:15:49 -05:00
CreateECDSARandomKeys (NID_X9_62_prime256v1, ECDSAP256_KEY_LENGTH, signingPrivateKey, signingPublicKey);
2018-01-06 11:48:51 +08:00
}
2014-11-24 20:19:13 -05:00
// ECDSA_SHA384_P384
const size_t ECDSAP384_KEY_LENGTH = 96;
2015-11-03 09:15:49 -05:00
typedef ECDSAVerifier<SHA384Hash, NID_secp384r1, ECDSAP384_KEY_LENGTH> ECDSAP384Verifier;
typedef ECDSASigner<SHA384Hash, NID_secp384r1, ECDSAP384_KEY_LENGTH> ECDSAP384Signer;
2014-11-24 20:19:13 -05:00
2015-11-03 09:15:49 -05:00
inline void CreateECDSAP384RandomKeys (uint8_t * signingPrivateKey, uint8_t * signingPublicKey)
2014-11-24 20:19:13 -05:00
{
2015-11-03 09:15:49 -05:00
CreateECDSARandomKeys (NID_secp384r1, ECDSAP384_KEY_LENGTH, signingPrivateKey, signingPublicKey);
2018-01-06 11:48:51 +08:00
}
2014-11-24 20:19:13 -05:00
// ECDSA_SHA512_P521
const size_t ECDSAP521_KEY_LENGTH = 132;
2015-11-03 09:15:49 -05:00
typedef ECDSAVerifier<SHA512Hash, NID_secp521r1, ECDSAP521_KEY_LENGTH> ECDSAP521Verifier;
typedef ECDSASigner<SHA512Hash, NID_secp521r1, ECDSAP521_KEY_LENGTH> ECDSAP521Signer;
2014-11-24 20:19:13 -05:00
2015-11-03 09:15:49 -05:00
inline void CreateECDSAP521RandomKeys (uint8_t * signingPrivateKey, uint8_t * signingPublicKey)
2014-11-24 20:19:13 -05:00
{
2015-11-03 09:15:49 -05:00
CreateECDSARandomKeys (NID_secp521r1, ECDSAP521_KEY_LENGTH, signingPrivateKey, signingPublicKey);
2014-11-24 20:19:13 -05:00
}
2014-12-10 15:48:07 -05:00
2014-12-15 12:32:06 -05:00
2015-11-03 09:15:49 -05:00
// EdDSA
2015-04-08 16:28:52 -04:00
class EDDSA25519Verifier: public Verifier
2015-04-08 16:18:16 -04:00
{
public:
2019-01-01 17:00:37 -05:00
EDDSA25519Verifier ();
void SetPublicKey (const uint8_t * signingKey);
2018-09-03 17:39:49 -04:00
~EDDSA25519Verifier ();
2015-04-08 16:18:16 -04:00
bool Verify (const uint8_t * buf, size_t len, const uint8_t * signature) const;
2015-04-08 16:28:52 -04:00
size_t GetPublicKeyLen () const { return EDDSA25519_PUBLIC_KEY_LENGTH; };
2015-04-09 10:03:21 -04:00
size_t GetSignatureLen () const { return EDDSA25519_SIGNATURE_LENGTH; };
private:
2015-11-03 09:15:49 -05:00
2018-09-03 17:39:49 -04:00
#if OPENSSL_EDDSA
EVP_PKEY * m_Pkey;
EVP_MD_CTX * m_MDCtx;
#else
2018-01-06 11:48:51 +08:00
EDDSAPoint m_PublicKey;
2015-11-03 09:15:49 -05:00
uint8_t m_PublicKeyEncoded[EDDSA25519_PUBLIC_KEY_LENGTH];
#endif
2015-04-09 10:03:21 -04:00
};
2018-09-14 21:23:16 -04:00
class EDDSA25519SignerCompat: public Signer
{
public:
EDDSA25519SignerCompat (const uint8_t * signingPrivateKey, const uint8_t * signingPublicKey = nullptr);
// we pass signingPublicKey to check if it matches private key
~EDDSA25519SignerCompat ();
2018-09-14 21:23:16 -04:00
void Sign (const uint8_t * buf, int len, uint8_t * signature) const;
const uint8_t * GetPublicKey () const { return m_PublicKeyEncoded; }; // for keys creation
private:
2018-09-14 21:23:16 -04:00
uint8_t m_ExpandedPrivateKey[64];
uint8_t m_PublicKeyEncoded[EDDSA25519_PUBLIC_KEY_LENGTH];
};
#if OPENSSL_EDDSA
2015-04-09 10:03:21 -04:00
class EDDSA25519Signer: public Signer
{
public:
2018-01-06 11:48:51 +08:00
EDDSA25519Signer (const uint8_t * signingPrivateKey, const uint8_t * signingPublicKey = nullptr);
// we pass signingPublicKey to check if it matches private key
2018-09-03 17:39:49 -04:00
~EDDSA25519Signer ();
2018-01-06 11:48:51 +08:00
void Sign (const uint8_t * buf, int len, uint8_t * signature) const;
2015-11-03 09:15:49 -05:00
private:
2018-09-03 17:39:49 -04:00
EVP_PKEY * m_Pkey;
EVP_MD_CTX * m_MDCtx;
2018-09-14 21:23:16 -04:00
EDDSA25519SignerCompat * m_Fallback;
2015-04-08 16:18:16 -04:00
};
2018-09-14 21:23:16 -04:00
#else
2015-11-03 09:15:49 -05:00
2018-09-14 21:23:16 -04:00
typedef EDDSA25519SignerCompat EDDSA25519Signer;
#endif
2015-11-03 09:15:49 -05:00
inline void CreateEDDSA25519RandomKeys (uint8_t * signingPrivateKey, uint8_t * signingPublicKey)
{
#if OPENSSL_EDDSA
2018-09-03 17:39:49 -04:00
EVP_PKEY *pkey = NULL;
EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id (EVP_PKEY_ED25519, NULL);
EVP_PKEY_keygen_init (pctx);
EVP_PKEY_keygen (pctx, &pkey);
EVP_PKEY_CTX_free (pctx);
size_t len = EDDSA25519_PUBLIC_KEY_LENGTH;
EVP_PKEY_get_raw_public_key (pkey, signingPublicKey, &len);
len = EDDSA25519_PRIVATE_KEY_LENGTH;
EVP_PKEY_get_raw_private_key (pkey, signingPrivateKey, &len);
EVP_PKEY_free (pkey);
#else
2015-11-03 09:15:49 -05:00
RAND_bytes (signingPrivateKey, EDDSA25519_PRIVATE_KEY_LENGTH);
EDDSA25519Signer signer (signingPrivateKey);
memcpy (signingPublicKey, signer.GetPublicKey (), EDDSA25519_PUBLIC_KEY_LENGTH);
#endif
2015-11-03 09:15:49 -05:00
}
2017-02-16 21:18:18 -05:00
2017-03-14 16:41:06 -04:00
2018-01-06 11:48:51 +08:00
// ГОСТ Р 34.11
struct GOSTR3411_256_Hash
2018-01-06 11:48:51 +08:00
{
2017-03-14 16:41:06 -04:00
static void CalculateHash (const uint8_t * buf, size_t len, uint8_t * digest)
{
2018-01-06 11:48:51 +08:00
GOSTR3411_2012_256 (buf, len, digest);
2017-03-14 16:41:06 -04:00
}
enum { hashLen = 32 };
};
struct GOSTR3411_512_Hash
2018-01-06 11:48:51 +08:00
{
2017-03-14 16:41:06 -04:00
static void CalculateHash (const uint8_t * buf, size_t len, uint8_t * digest)
{
2018-01-06 11:48:51 +08:00
GOSTR3411_2012_512 (buf, len, digest);
2017-03-14 16:41:06 -04:00
}
enum { hashLen = 64 };
2017-03-14 16:41:06 -04:00
};
// ГОСТ Р 34.10
const size_t GOSTR3410_256_PUBLIC_KEY_LENGTH = 64;
const size_t GOSTR3410_512_PUBLIC_KEY_LENGTH = 128;
2017-02-16 21:18:18 -05:00
2017-03-14 16:41:06 -04:00
template<typename Hash>
2017-02-16 21:18:18 -05:00
class GOSTR3410Verifier: public Verifier
{
public:
enum { keyLen = Hash::hashLen };
2018-01-06 11:48:51 +08:00
2019-01-01 17:00:37 -05:00
GOSTR3410Verifier (GOSTR3410ParamSet paramSet):
m_ParamSet (paramSet), m_PublicKey (nullptr)
{
}
2019-01-01 17:00:37 -05:00
void SetPublicKey (const uint8_t * signingKey)
2017-03-14 16:02:16 -04:00
{
BIGNUM * x = BN_bin2bn (signingKey, GetPublicKeyLen ()/2, NULL);
BIGNUM * y = BN_bin2bn (signingKey + GetPublicKeyLen ()/2, GetPublicKeyLen ()/2, NULL);
2017-03-14 16:02:16 -04:00
m_PublicKey = GetGOSTR3410Curve (m_ParamSet)->CreatePoint (x, y);
BN_free (x); BN_free (y);
}
~GOSTR3410Verifier ()
{
if (m_PublicKey) EC_POINT_free (m_PublicKey);
2019-01-01 17:00:37 -05:00
}
2018-01-06 11:48:51 +08:00
2017-03-14 16:02:16 -04:00
bool Verify (const uint8_t * buf, size_t len, const uint8_t * signature) const
{
2017-03-14 16:41:06 -04:00
uint8_t digest[Hash::hashLen];
Hash::CalculateHash (buf, len, digest);
BIGNUM * d = BN_bin2bn (digest, Hash::hashLen, nullptr);
2017-03-14 16:02:16 -04:00
BIGNUM * r = BN_bin2bn (signature, GetSignatureLen ()/2, NULL);
BIGNUM * s = BN_bin2bn (signature + GetSignatureLen ()/2, GetSignatureLen ()/2, NULL);
bool ret = GetGOSTR3410Curve (m_ParamSet)->Verify (m_PublicKey, d, r, s);
2018-01-06 11:48:51 +08:00
BN_free (d); BN_free (r); BN_free (s);
2017-03-14 16:02:16 -04:00
return ret;
}
size_t GetPublicKeyLen () const { return keyLen*2; }
size_t GetSignatureLen () const { return keyLen*2; }
2017-02-16 21:18:18 -05:00
private:
GOSTR3410ParamSet m_ParamSet;
EC_POINT * m_PublicKey;
2018-01-06 11:48:51 +08:00
};
2017-02-16 21:18:18 -05:00
2017-03-14 16:41:06 -04:00
template<typename Hash>
2017-02-16 21:18:18 -05:00
class GOSTR3410Signer: public Signer
{
public:
enum { keyLen = Hash::hashLen };
2018-01-06 11:48:51 +08:00
GOSTR3410Signer (GOSTR3410ParamSet paramSet, const uint8_t * signingPrivateKey):
m_ParamSet (paramSet)
2018-01-06 11:48:51 +08:00
{
m_PrivateKey = BN_bin2bn (signingPrivateKey, keyLen, nullptr);
}
~GOSTR3410Signer () { BN_free (m_PrivateKey); }
2017-02-16 21:18:18 -05:00
2017-03-14 16:02:16 -04:00
void Sign (const uint8_t * buf, int len, uint8_t * signature) const
{
2017-03-14 16:41:06 -04:00
uint8_t digest[Hash::hashLen];
Hash::CalculateHash (buf, len, digest);
2018-01-06 11:48:51 +08:00
BIGNUM * d = BN_bin2bn (digest, Hash::hashLen, nullptr);
2017-03-14 16:02:16 -04:00
BIGNUM * r = BN_new (), * s = BN_new ();
GetGOSTR3410Curve (m_ParamSet)->Sign (m_PrivateKey, d, r, s);
bn2buf (r, signature, keyLen);
bn2buf (s, signature + keyLen, keyLen);
2017-03-14 16:02:16 -04:00
BN_free (d); BN_free (r); BN_free (s);
}
2018-01-06 11:48:51 +08:00
2017-02-16 21:18:18 -05:00
private:
GOSTR3410ParamSet m_ParamSet;
BIGNUM * m_PrivateKey;
2018-01-06 11:48:51 +08:00
};
2017-02-16 21:45:12 -05:00
2017-03-14 16:02:16 -04:00
inline void CreateGOSTR3410RandomKeys (GOSTR3410ParamSet paramSet, uint8_t * signingPrivateKey, uint8_t * signingPublicKey)
{
const auto& curve = GetGOSTR3410Curve (paramSet);
2017-03-14 16:41:06 -04:00
auto keyLen = curve->GetKeyLen ();
RAND_bytes (signingPrivateKey, keyLen);
BIGNUM * priv = BN_bin2bn (signingPrivateKey, keyLen, nullptr);
2018-01-06 11:48:51 +08:00
2017-03-14 16:02:16 -04:00
auto pub = curve->MulP (priv);
BN_free (priv);
BIGNUM * x = BN_new (), * y = BN_new ();
curve->GetXY (pub, x, y);
EC_POINT_free (pub);
2017-03-14 16:41:06 -04:00
bn2buf (x, signingPublicKey, keyLen);
bn2buf (y, signingPublicKey + keyLen, keyLen);
2018-01-06 11:48:51 +08:00
BN_free (x); BN_free (y);
2017-03-14 16:02:16 -04:00
}
2017-03-14 16:41:06 -04:00
typedef GOSTR3410Verifier<GOSTR3411_256_Hash> GOSTR3410_256_Verifier;
typedef GOSTR3410Signer<GOSTR3411_256_Hash> GOSTR3410_256_Signer;
typedef GOSTR3410Verifier<GOSTR3411_512_Hash> GOSTR3410_512_Verifier;
typedef GOSTR3410Signer<GOSTR3411_512_Hash> GOSTR3410_512_Signer;
2019-03-24 18:42:52 -04:00
// RedDSA
typedef EDDSA25519Verifier RedDSA25519Verifier;
class RedDSA25519Signer: public Signer
{
public:
RedDSA25519Signer (const uint8_t * signingPrivateKey)
{
memcpy (m_PrivateKey, signingPrivateKey, EDDSA25519_PRIVATE_KEY_LENGTH);
BN_CTX * ctx = BN_CTX_new ();
auto publicKey = GetEd25519 ()->GeneratePublicKey (m_PrivateKey, ctx);
GetEd25519 ()->EncodePublicKey (publicKey, m_PublicKeyEncoded, ctx);
BN_CTX_free (ctx);
}
2019-03-24 18:42:52 -04:00
~RedDSA25519Signer () {};
2019-03-24 18:42:52 -04:00
void Sign (const uint8_t * buf, int len, uint8_t * signature) const
{
GetEd25519 ()->SignRedDSA (m_PrivateKey, m_PublicKeyEncoded, buf, len, signature);
2019-03-24 18:42:52 -04:00
}
2019-03-24 18:42:52 -04:00
const uint8_t * GetPublicKey () const { return m_PublicKeyEncoded; }; // for keys creation
private:
2019-03-24 18:42:52 -04:00
uint8_t m_PrivateKey[EDDSA25519_PRIVATE_KEY_LENGTH];
uint8_t m_PublicKeyEncoded[EDDSA25519_PUBLIC_KEY_LENGTH];
};
inline void CreateRedDSA25519RandomKeys (uint8_t * signingPrivateKey, uint8_t * signingPublicKey)
{
GetEd25519 ()->CreateRedDSAPrivateKey (signingPrivateKey);
RedDSA25519Signer signer (signingPrivateKey);
memcpy (signingPublicKey, signer.GetPublicKey (), EDDSA25519_PUBLIC_KEY_LENGTH);
2019-03-24 18:42:52 -04:00
}
2014-08-21 11:15:04 -04:00
}
}
#endif