2 #include "knuth-lfib.h"
4 /* Check if y^2 = x^3 - 3x + b */
6 ecc_valid_p (struct ecc_point *pub)
13 size = pub->ecc->size;
15 /* First check range */
16 if (mpn_cmp (pub->p, pub->ecc->p, size) >= 0
17 || mpn_cmp (pub->p + size, pub->ecc->p, size) >= 0)
23 mpz_roinit_n (x, pub->p, size);
24 mpz_roinit_n (y, pub->p + size, size);
28 mpz_sub_ui (rhs, rhs, 3);
29 mpz_mul (rhs, rhs, x);
30 mpz_add (rhs, rhs, mpz_roinit_n (t, pub->ecc->b, size));
32 res = mpz_congruent_p (lhs, rhs, mpz_roinit_n (t, pub->ecc->p, size));
44 struct knuth_lfib_ctx rctx;
45 struct dsa_signature signature;
47 struct tstring *digest;
49 knuth_lfib_init (&rctx, 4711);
50 dsa_signature_init (&signature);
52 digest = SHEX (/* sha256("abc") */
53 "BA7816BF 8F01CFEA 414140DE 5DAE2223"
54 "B00361A3 96177A9C B410FF61 F20015AD");
56 for (i = 0; ecc_curves[i]; i++)
58 const struct ecc_curve *ecc = ecc_curves[i];
60 struct ecc_scalar key;
63 fprintf (stderr, "Curve %d\n", ecc->bit_size);
65 ecc_point_init (&pub, ecc);
66 ecc_scalar_init (&key, ecc);
68 ecdsa_generate_keypair (&pub, &key,
70 (nettle_random_func *) knuth_lfib_random);
75 "Public key:\nx = %Nx\ny = %Nx\n",
76 pub.p, ecc->size, pub.p + ecc->size, ecc->size);
78 "Private key: %Nx\n", key.p, ecc->size);
80 if (!ecc_valid_p (&pub))
81 die ("ecdsa_generate_keypair produced an invalid point.\n");
84 &rctx, (nettle_random_func *) knuth_lfib_random,
85 digest->length, digest->data,
88 if (!ecdsa_verify (&pub, digest->length, digest->data,
90 die ("ecdsa_verify failed.\n");
92 digest->data[3] ^= 17;
93 if (ecdsa_verify (&pub, digest->length, digest->data,
95 die ("ecdsa_verify returned success with invalid digest.\n");
96 digest->data[3] ^= 17;
98 mpz_combit (signature.r, 117);
99 if (ecdsa_verify (&pub, digest->length, digest->data,
101 die ("ecdsa_verify returned success with invalid signature.r.\n");
103 mpz_combit (signature.r, 117);
104 mpz_combit (signature.s, 93);
105 if (ecdsa_verify (&pub, digest->length, digest->data,
107 die ("ecdsa_verify returned success with invalid signature.s.\n");
109 ecc_point_clear (&pub);
110 ecc_scalar_clear (&key);
112 dsa_signature_clear (&signature);