Browse Source

correct param set for GOST R 34.10 verification

pull/824/head
orignal 8 years ago
parent
commit
ba89c60b6d
  1. 6
      Identity.cpp
  2. 56
      Signature.cpp
  3. 28
      Signature.h

6
Identity.cpp

@ -97,14 +97,14 @@ namespace data
} }
case SIGNING_KEY_TYPE_EDDSA_SHA512_ED25519: case SIGNING_KEY_TYPE_EDDSA_SHA512_ED25519:
{ {
size_t padding = 128 - i2p::crypto::EDDSA25519_PUBLIC_KEY_LENGTH; // 96 = 128 - 32 size_t padding = 128 - i2p::crypto::EDDSA25519_PUBLIC_KEY_LENGTH; // 96 = 128 - 32
RAND_bytes (m_StandardIdentity.signingKey, padding); RAND_bytes (m_StandardIdentity.signingKey, padding);
memcpy (m_StandardIdentity.signingKey + padding, signingKey, i2p::crypto::EDDSA25519_PUBLIC_KEY_LENGTH); memcpy (m_StandardIdentity.signingKey + padding, signingKey, i2p::crypto::EDDSA25519_PUBLIC_KEY_LENGTH);
break; break;
} }
case SIGNING_KEY_TYPE_GOSTR3410_A_GOSTR3411: case SIGNING_KEY_TYPE_GOSTR3410_A_GOSTR3411:
{ {
size_t padding = 128 - i2p::crypto::GOSTR3410_PUBLIC_KEY_LENGTH; // 64 = 128 - 64 size_t padding = 128 - i2p::crypto::GOSTR3410_PUBLIC_KEY_LENGTH; // 64 = 128 - 64
RAND_bytes (m_StandardIdentity.signingKey, padding); RAND_bytes (m_StandardIdentity.signingKey, padding);
memcpy (m_StandardIdentity.signingKey + padding, signingKey, i2p::crypto::GOSTR3410_PUBLIC_KEY_LENGTH); memcpy (m_StandardIdentity.signingKey + padding, signingKey, i2p::crypto::GOSTR3410_PUBLIC_KEY_LENGTH);
break; break;
@ -380,7 +380,7 @@ namespace data
case SIGNING_KEY_TYPE_GOSTR3410_A_GOSTR3411: case SIGNING_KEY_TYPE_GOSTR3410_A_GOSTR3411:
{ {
size_t padding = 128 - i2p::crypto::GOSTR3410_PUBLIC_KEY_LENGTH; // 64 = 128 - 64 size_t padding = 128 - i2p::crypto::GOSTR3410_PUBLIC_KEY_LENGTH; // 64 = 128 - 64
UpdateVerifier (new i2p::crypto::GOSTR3410Verifier (m_StandardIdentity.signingKey + padding)); UpdateVerifier (new i2p::crypto::GOSTR3410Verifier (i2p::crypto::eGOSTR3410CryptoProA, m_StandardIdentity.signingKey + padding));
break; break;
} }
default: default:

56
Signature.cpp

@ -532,6 +532,13 @@ namespace crypto
return EC_POINT_get_affine_coordinates_GFp (m_Group, p, x, y, nullptr); return EC_POINT_get_affine_coordinates_GFp (m_Group, p, x, y, nullptr);
} }
EC_POINT * CreatePoint (const BIGNUM * x, const BIGNUM * y) const
{
EC_POINT * p = EC_POINT_new (m_Group);
EC_POINT_set_affine_coordinates_GFp (m_Group, p, x, y, nullptr);
return p;
}
void Sign (const BIGNUM * priv, const BIGNUM * digest, BIGNUM * r, BIGNUM * s) void Sign (const BIGNUM * priv, const BIGNUM * digest, BIGNUM * r, BIGNUM * s)
{ {
BN_CTX * ctx = BN_CTX_new (); BN_CTX * ctx = BN_CTX_new ();
@ -551,6 +558,31 @@ namespace crypto
BN_CTX_free (ctx); BN_CTX_free (ctx);
} }
bool Verify (const EC_POINT * pub, const BIGNUM * digest, const BIGNUM * r, const BIGNUM * s)
{
BN_CTX * ctx = BN_CTX_new ();
BN_CTX_start (ctx);
BIGNUM * q = BN_CTX_get (ctx);
EC_GROUP_get_order(m_Group, q, ctx);
BIGNUM * h = BN_CTX_get (ctx);
BN_mod (h, digest, q, ctx); // h = digest % q
BN_mod_inverse (h, h, q, ctx); // 1/h mod q
BIGNUM * z1 = BN_CTX_get (ctx);
BN_mod_mul (z1, s, h, q, ctx); // z1 = s/h
BIGNUM * z2 = BN_CTX_get (ctx);
BN_sub (z2, q, r); // z2 = -r
BN_mod_mul (z2, z2, h, q, ctx); // z2 = -r/h
EC_POINT * C = EC_POINT_new (m_Group);
EC_POINT_mul (m_Group, C, z1, pub, z2, ctx); // z1*P + z2*pub
BIGNUM * x = BN_CTX_get (ctx);
GetXY (C, x, nullptr); // Cx
BN_mod (x, x, q, ctx); // Cx % q
bool ret = !BN_cmp (x, r); // Cx = r ?
EC_POINT_free (C);
BN_CTX_end (ctx);
BN_CTX_free (ctx);
return ret;
}
private: private:
@ -614,14 +646,34 @@ namespace crypto
return g_GOSTR3410Curves[paramSet]; return g_GOSTR3410Curves[paramSet];
} }
GOSTR3410Verifier::GOSTR3410Verifier (GOSTR3410ParamSet paramSet, const uint8_t * signingKey):
m_ParamSet (paramSet)
{
BIGNUM * x = BN_bin2bn (signingKey, GOSTR3410_PUBLIC_KEY_LENGTH/2, NULL);
BIGNUM * y = BN_bin2bn (signingKey + GOSTR3410_PUBLIC_KEY_LENGTH/2, GOSTR3410_PUBLIC_KEY_LENGTH/2, NULL);
m_PublicKey = GetGOSTR3410Curve (m_ParamSet)->CreatePoint (x, y);
BN_free (x); BN_free (y);
}
bool GOSTR3410Verifier::Verify (const uint8_t * buf, size_t len, const uint8_t * signature) const
{
uint8_t digest[32];
GOSTR3411 (buf, len, digest);
BIGNUM * d = BN_bin2bn (digest, 32, nullptr);
BIGNUM * r = BN_bin2bn (signature, GetSignatureLen ()/2, NULL);
BIGNUM * s = BN_bin2bn (signature + GetSignatureLen ()/2, GetSignatureLen ()/2, NULL);
bool ret = GetGOSTR3410Curve (m_ParamSet)->Verify (m_PublicKey, d, r, s);
BN_free (d); BN_free (r); BN_free (s);
return ret;
}
void GOSTR3410Signer::Sign (const uint8_t * buf, int len, uint8_t * signature) const void GOSTR3410Signer::Sign (const uint8_t * buf, int len, uint8_t * signature) const
{ {
uint8_t digest[32]; uint8_t digest[32];
GOSTR3411 (buf, len, digest); GOSTR3411 (buf, len, digest);
BIGNUM * d = BN_bin2bn (digest, 32, nullptr); BIGNUM * d = BN_bin2bn (digest, 32, nullptr);
BIGNUM * r = BN_new (), * s = BN_new (); BIGNUM * r = BN_new (), * s = BN_new ();
const auto& curve = GetGOSTR3410Curve (m_ParamSet); GetGOSTR3410Curve (m_ParamSet)->Sign (m_PrivateKey, d, r, s);
curve->Sign (m_PrivateKey, d, r, s);
bn2buf (r, signature, GOSTR3410_SIGNATURE_LENGTH/2); bn2buf (r, signature, GOSTR3410_SIGNATURE_LENGTH/2);
bn2buf (s, signature + GOSTR3410_SIGNATURE_LENGTH/2, GOSTR3410_SIGNATURE_LENGTH/2); bn2buf (s, signature + GOSTR3410_SIGNATURE_LENGTH/2, GOSTR3410_SIGNATURE_LENGTH/2);
BN_free (d); BN_free (r); BN_free (s); BN_free (d); BN_free (r); BN_free (s);

28
Signature.h

@ -462,36 +462,18 @@ namespace crypto
{ {
public: public:
GOSTR3410Verifier (const uint8_t * signingKey) GOSTR3410Verifier (GOSTR3410ParamSet paramSet, const uint8_t * signingKey);
{ ~GOSTR3410Verifier () { EC_POINT_free (m_PublicKey); }
m_PublicKey = EVP_PKEY_new ();
EC_KEY * ecKey = EC_KEY_new ();
EVP_PKEY_assign (m_PublicKey, NID_id_GostR3410_2001, ecKey);
EVP_PKEY_copy_parameters (m_PublicKey, GetGostPKEY ());
BIGNUM * x = BN_bin2bn (signingKey, GOSTR3410_PUBLIC_KEY_LENGTH/2, NULL);
BIGNUM * y = BN_bin2bn (signingKey + GOSTR3410_PUBLIC_KEY_LENGTH/2, GOSTR3410_PUBLIC_KEY_LENGTH/2, NULL);
EC_KEY_set_public_key_affine_coordinates (ecKey, x, y);
BN_free (x); BN_free (y);
}
~GOSTR3410Verifier () { EVP_PKEY_free (m_PublicKey); }
bool Verify (const uint8_t * buf, size_t len, const uint8_t * signature) const bool Verify (const uint8_t * buf, size_t len, const uint8_t * signature) const;
{
uint8_t digest[32];
GOSTR3411 (buf, len, digest);
EVP_PKEY_CTX *ctx = EVP_PKEY_CTX_new (m_PublicKey, nullptr);
EVP_PKEY_verify_init (ctx);
int ret = EVP_PKEY_verify (ctx, signature, GOSTR3410_SIGNATURE_LENGTH, digest, 32);
EVP_PKEY_CTX_free (ctx);
return ret == 1;
}
size_t GetPublicKeyLen () const { return GOSTR3410_PUBLIC_KEY_LENGTH; } size_t GetPublicKeyLen () const { return GOSTR3410_PUBLIC_KEY_LENGTH; }
size_t GetSignatureLen () const { return GOSTR3410_SIGNATURE_LENGTH; } size_t GetSignatureLen () const { return GOSTR3410_SIGNATURE_LENGTH; }
private: private:
EVP_PKEY * m_PublicKey; GOSTR3410ParamSet m_ParamSet;
EC_POINT * m_PublicKey;
}; };
class GOSTR3410Signer: public Signer class GOSTR3410Signer: public Signer

Loading…
Cancel
Save