| OLD | NEW |
|---|
| 1 // Copyright 2011 The Go Authors. All rights reserved. | 1 // Copyright 2011 The Go Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style | 2 // Use of this source code is governed by a BSD-style |
| 3 // license that can be found in the LICENSE file. | 3 // license that can be found in the LICENSE file. |
| 4 | 4 |
| 5 // Package ecdsa implements the Elliptic Curve Digital Signature Algorithm, as | 5 // Package ecdsa implements the Elliptic Curve Digital Signature Algorithm, as |
| 6 // defined in FIPS 186-3. | 6 // defined in FIPS 186-3. |
| 7 package ecdsa | 7 package ecdsa |
| 8 | 8 |
| 9 // References: | 9 // References: |
| 10 // [NSA]: Suite B implementer's guide to FIPS 186-3, | 10 // [NSA]: Suite B implementer's guide to FIPS 186-3, |
| (...skipping 52 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 63 return | 63 return |
| 64 } | 64 } |
| 65 | 65 |
| 66 // hashToInt converts a hash value to an integer. There is some disagreement | 66 // hashToInt converts a hash value to an integer. There is some disagreement |
| 67 // about how this is done. [NSA] suggests that this is done in the obvious | 67 // about how this is done. [NSA] suggests that this is done in the obvious |
| 68 // manner, but [SECG] truncates the hash to the bit-length of the curve order | 68 // manner, but [SECG] truncates the hash to the bit-length of the curve order |
| 69 // first. We follow [SECG] because that's what OpenSSL does. | 69 // first. We follow [SECG] because that's what OpenSSL does. |
| 70 func hashToInt(hash []byte, c elliptic.Curve) *big.Int { | 70 func hashToInt(hash []byte, c elliptic.Curve) *big.Int { |
| 71 orderBits := c.Params().N.BitLen() | 71 orderBits := c.Params().N.BitLen() |
| 72 orderBytes := (orderBits + 7) / 8 | 72 orderBytes := (orderBits + 7) / 8 |
| 73 var excess int |
| 73 if len(hash) > orderBytes { | 74 if len(hash) > orderBytes { |
| 75 excess = orderBytes*8 - orderBits |
| 74 hash = hash[:orderBytes] | 76 hash = hash[:orderBytes] |
| 75 } | 77 } |
| 76 | 78 |
| 77 ret := new(big.Int).SetBytes(hash) | 79 ret := new(big.Int).SetBytes(hash) |
| 78 excess := orderBytes*8 - orderBits | |
| 79 if excess > 0 { | 80 if excess > 0 { |
| 80 ret.Rsh(ret, uint(excess)) | 81 ret.Rsh(ret, uint(excess)) |
| 81 } | 82 } |
| 82 return ret | 83 return ret |
| 83 } | 84 } |
| 84 | 85 |
| 85 // Sign signs an arbitrary length hash (which should be the result of hashing a | 86 // Sign signs an arbitrary length hash (which should be the result of hashing a |
| 86 // larger message) using the private key, priv. It returns the signature as a | 87 // larger message) using the private key, priv. It returns the signature as a |
| 87 // pair of integers. The security of the private key depends on the entropy of | 88 // pair of integers. The security of the private key depends on the entropy of |
| 88 // rand. | 89 // rand. |
| (...skipping 53 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 142 | 143 |
| 143 x1, y1 := c.ScalarBaseMult(u1.Bytes()) | 144 x1, y1 := c.ScalarBaseMult(u1.Bytes()) |
| 144 x2, y2 := c.ScalarMult(pub.X, pub.Y, u2.Bytes()) | 145 x2, y2 := c.ScalarMult(pub.X, pub.Y, u2.Bytes()) |
| 145 if x1.Cmp(x2) == 0 { | 146 if x1.Cmp(x2) == 0 { |
| 146 return false | 147 return false |
| 147 } | 148 } |
| 148 x, _ := c.Add(x1, y1, x2, y2) | 149 x, _ := c.Add(x1, y1, x2, y2) |
| 149 x.Mod(x, N) | 150 x.Mod(x, N) |
| 150 return x.Cmp(r) == 0 | 151 return x.Cmp(r) == 0 |
| 151 } | 152 } |
| OLD | NEW |
|---|
