Wire Sysio Wire Sysion 1.0.0
Loading...
Searching...
No Matches
Namespaces | Classes | Typedefs | Functions
fc::crypto::r1 Namespace Reference

Namespaces

namespace  detail
 

Classes

class  private_key
 an elliptic curve private key. More...
 
struct  private_key_shim
 
class  public_key
 contains only the public point of an elliptic curve key. More...
 
struct  public_key_shim
 
struct  signature_shim
 

Typedefs

typedef fc::array< char, 33 > public_key_data
 
typedef fc::array< char, 65 > public_key_point_data
 the full non-compressed version of the ECC point
 
typedef fc::array< char, 72 > signature
 
typedef fc::array< unsigned char, 65 > compact_signature
 

Functions

int ECDSA_SIG_recover_key_GFp (EC_KEY *eckey, ECDSA_SIG *ecsig, const unsigned char *msg, int msglen, int recid, int check)
 
compact_signature signature_from_ecdsa (const EC_KEY *key, const public_key_data &pub, fc::ecdsa_sig &sig, const fc::sha256 &d)
 

Typedef Documentation

◆ compact_signature

typedef fc::array<unsigned char,65> fc::crypto::r1::compact_signature

Definition at line 24 of file elliptic_r1.hpp.

◆ public_key_data

typedef fc::array<char,33> fc::crypto::r1::public_key_data

Definition at line 20 of file elliptic_r1.hpp.

◆ public_key_point_data

typedef fc::array<char,65> fc::crypto::r1::public_key_point_data

Definition at line 22 of file elliptic_r1.hpp.

◆ signature

typedef fc::array<char,72> fc::crypto::r1::signature

Definition at line 23 of file elliptic_r1.hpp.

Function Documentation

◆ ECDSA_SIG_recover_key_GFp()

int fc::crypto::r1::ECDSA_SIG_recover_key_GFp ( EC_KEY * eckey,
ECDSA_SIG * ecsig,
const unsigned char * msg,
int msglen,
int recid,
int check )

Definition at line 62 of file elliptic_r1.cpp.

63 {
64 if (!eckey) FC_THROW_EXCEPTION( exception, "null key" );
65
66 int ret = 0;
67 BN_CTX *ctx = NULL;
68
69 BIGNUM *x = NULL;
70 BIGNUM *e = NULL;
71 BIGNUM *order = NULL;
72 BIGNUM *sor = NULL;
73 BIGNUM *eor = NULL;
74 BIGNUM *field = NULL;
75 EC_POINT *R = NULL;
76 EC_POINT *O = NULL;
77 EC_POINT *Q = NULL;
78 BIGNUM *rr = NULL;
79 BIGNUM *zero = NULL;
80 int n = 0;
81 int i = recid / 2;
82
83 const BIGNUM *r, *s;
84 ECDSA_SIG_get0(ecsig, &r, &s);
85
86 const EC_GROUP *group = EC_KEY_get0_group(eckey);
87 if ((ctx = BN_CTX_new()) == NULL) { ret = -1; goto err; }
88 BN_CTX_start(ctx);
89 order = BN_CTX_get(ctx);
90 if (!EC_GROUP_get_order(group, order, ctx)) { ret = -2; goto err; }
91 x = BN_CTX_get(ctx);
92 if (!BN_copy(x, order)) { ret=-1; goto err; }
93 if (!BN_mul_word(x, i)) { ret=-1; goto err; }
94 if (!BN_add(x, x, r)) { ret=-1; goto err; }
95 field = BN_CTX_get(ctx);
96 if (!EC_GROUP_get_curve_GFp(group, field, NULL, NULL, ctx)) { ret=-2; goto err; }
97 if (BN_cmp(x, field) >= 0) { ret=0; goto err; }
98 if ((R = EC_POINT_new(group)) == NULL) { ret = -2; goto err; }
99 if (!EC_POINT_set_compressed_coordinates_GFp(group, R, x, recid % 2, ctx)) { ret=0; goto err; }
100 if (check)
101 {
102 if ((O = EC_POINT_new(group)) == NULL) { ret = -2; goto err; }
103 if (!EC_POINT_mul(group, O, NULL, R, order, ctx)) { ret=-2; goto err; }
104 if (!EC_POINT_is_at_infinity(group, O)) { ret = 0; goto err; }
105 }
106 if ((Q = EC_POINT_new(group)) == NULL) { ret = -2; goto err; }
107 n = EC_GROUP_get_degree(group);
108 e = BN_CTX_get(ctx);
109 if (!BN_bin2bn(msg, msglen, e)) { ret=-1; goto err; }
110 if (8*msglen > n) BN_rshift(e, e, 8-(n & 7));
111 zero = BN_CTX_get(ctx);
112 BN_zero(zero);
113 if (!BN_mod_sub(e, zero, e, order, ctx)) { ret=-1; goto err; }
114 rr = BN_CTX_get(ctx);
115 if (!BN_mod_inverse(rr, r, order, ctx)) { ret=-1; goto err; }
116 sor = BN_CTX_get(ctx);
117 if (!BN_mod_mul(sor, s, rr, order, ctx)) { ret=-1; goto err; }
118 eor = BN_CTX_get(ctx);
119 if (!BN_mod_mul(eor, e, rr, order, ctx)) { ret=-1; goto err; }
120 if (!EC_POINT_mul(group, Q, eor, R, sor, ctx)) { ret=-2; goto err; }
121 if (!EC_KEY_set_public_key(eckey, Q)) { ret=-2; goto err; }
122
123 ret = 1;
124
125 err:
126 if (ctx) {
127 BN_CTX_end(ctx);
128 BN_CTX_free(ctx);
129 }
130 if (R != NULL) EC_POINT_free(R);
131 if (O != NULL) EC_POINT_free(O);
132 if (Q != NULL) EC_POINT_free(Q);
133 return ret;
134 }
r
const mie::Vuint & r
Definition bn.cpp:28
FC_THROW_EXCEPTION
#define FC_THROW_EXCEPTION(EXCEPTION, FORMAT,...)
Definition exception.hpp:395
field
ehm field
Definition hello_driver.cpp:80
BIGNUM
bignum_st BIGNUM
Definition bigint.hpp:7
ECDSA_SIG_get0
void ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps)
Definition openssl-compat.c:80
R
#define R
ret
CK_RV ret
Definition yubihsm_pkcs11.c:973
s
char * s
Definition yubihsm_pkcs11.c:524
Here is the call graph for this function:
Here is the caller graph for this function:

◆ signature_from_ecdsa()

compact_signature fc::crypto::r1::signature_from_ecdsa ( const EC_KEY * key,
const public_key_data & pub,
fc::ecdsa_sig & sig,
const fc::sha256 & d )

Definition at line 136 of file elliptic_r1.cpp.

136 {
137 //We can't use ssl_bignum here; _get0() does not transfer ownership to us; _set0() does transfer ownership to fc::ecdsa_sig
138 const BIGNUM *sig_r, *sig_s;
139 BIGNUM *r = BN_new(), *s = BN_new();
140 ECDSA_SIG_get0(sig, &sig_r, &sig_s);
141 BN_copy(r, sig_r);
142 BN_copy(s, sig_s);
143
144 //want to always use the low S value
145 const EC_GROUP* group = EC_KEY_get0_group(key);
146 ssl_bignum order, halforder;
147 EC_GROUP_get_order(group, order, nullptr);
148 BN_rshift1(halforder, order);
149 if(BN_cmp(s, halforder) > 0)
150 BN_sub(s, order, s);
151
152 compact_signature csig;
153
154 int nBitsR = BN_num_bits(r);
155 int nBitsS = BN_num_bits(s);
156 if(nBitsR > 256 || nBitsS > 256)
157 FC_THROW_EXCEPTION( exception, "Unable to sign" );
158
159 ECDSA_SIG_set0(sig, r, s);
160
161 int nRecId = -1;
162 for (int i=0; i<4; i++)
163 {
164 public_key keyRec;
165 keyRec.my->_key = EC_KEY_new_by_curve_name( NID_X9_62_prime256v1 );
166 if (ECDSA_SIG_recover_key_GFp(keyRec.my->_key, sig, (unsigned char*)&d, sizeof(d), i, 1) == 1)
167 {
168 if (keyRec.serialize() == pub_data )
169 {
170 nRecId = i;
171 break;
172 }
173 }
174 }
175 if (nRecId == -1)
176 FC_THROW_EXCEPTION( exception, "unable to construct recoverable key");
177
178 csig.data[0] = nRecId+27+4;
179 BN_bn2bin(r,&csig.data[33-(nBitsR+7)/8]);
180 BN_bn2bin(s,&csig.data[65-(nBitsS+7)/8]);
181
182 return csig;
183 }
fc::array::data
T data[N]
Definition array.hpp:37
fc::crypto::r1::public_key
contains only the public point of an elliptic curve key.
Definition elliptic_r1.hpp:33
fc::crypto::r1::public_key::serialize
public_key_data serialize() const
Definition elliptic_r1.cpp:438
fc::crypto::r1::ECDSA_SIG_recover_key_GFp
int ECDSA_SIG_recover_key_GFp(EC_KEY *eckey, ECDSA_SIG *ecsig, const unsigned char *msg, int msglen, int recid, int check)
Definition elliptic_r1.cpp:62
ECDSA_SIG_set0
int ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s)
Definition openssl-compat.c:64
fc::ssl_bignum
Definition openssl.hpp:55
Here is the caller graph for this function: