Cryptography Reference
In-Depth Information
// This should be a random number between 0 and n-1
load_huge( &k, ( unsigned char * ) K, sizeof( K ) );
set_huge( &X.x, 0 );
set_huge( &X.y, 0 );
copy_huge( &X.x, ¶ms->G.x );
copy_huge( &X.y, ¶ms->G.y );
multiply_point( &X, &k, ¶ms->a, ¶ms->p );
set_huge( &signature->r, 0 );
copy_huge( &signature->r, &X.x );
divide( &signature->r, ¶ms->n, NULL ); // r = x1 % n
// z is the L_n leftmost bits of hash - cannot be longer than n
load_huge( &z, ( unsigned char * ) hash,
( ( hash_len * 4 ) < params->n.size ) ? ( hash_len * 4 ) : params->n.size );
// s = k^-1 ( z + r d_a ) % n
inv( &k, ¶ms->n );
set_huge( &signature->s, 0 );
copy_huge( &signature->s, private_key );
multiply( &signature->s, &signature->r );
add( &signature->s, &z );
multiply( &signature->s, &k );
divide( &signature->s, ¶ms->n, NULL );
free_huge( &k );
free_huge( &z );
free_huge( &X.x );
free_huge( &X.y );
}
You can see a lot of parallels between the DSA signature verifi cation routine
and the ECDSA signature verifi cation routine in Listing 4-40.
Listing 4-40:
“ecdsa.c” elliptic-curve DSA signature verifi cation
int ecdsa_verify( elliptic_curve *params,
point *public_key,
unsigned int *hash,
int hash_len,
dsa_signature *signature )
{
huge z;
huge w;
point G;
point Q;
int match;
// w = s^-1 % n
Search WWH ::
Custom Search