1 // GoGOST -- Pure Go GOST cryptographic functions library
2 // Copyright (C) 2015-2019 Sergey Matveev <stargrave@stargrave.org>
4 // This program is free software: you can redistribute it and/or modify
5 // it under the terms of the GNU General Public License as published by
6 // the Free Software Foundation, either version 3 of the License, or
7 // (at your option) any later version.
9 // This program is distributed in the hope that it will be useful,
10 // but WITHOUT ANY WARRANTY; without even the implied warranty of
11 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 // GNU General Public License for more details.
14 // You should have received a copy of the GNU General Public License
15 // along with this program. If not, see <http://www.gnu.org/licenses/>.
24 type PublicKey struct {
31 func NewPublicKey(curve *Curve, mode Mode, raw []byte) (*PublicKey, error) {
32 key := make([]byte, 2*int(mode))
33 if len(raw) != len(key) {
34 return nil, errors.New("Invalid public key length")
36 for i := 0; i < len(key); i++ {
37 key[i] = raw[len(raw)-i-1]
42 bytes2big(key[int(mode) : 2*int(mode)]),
43 bytes2big(key[:int(mode)]),
47 func (pub *PublicKey) Raw() []byte {
49 pad(pub.Y.Bytes(), int(pub.Mode)),
50 pad(pub.X.Bytes(), int(pub.Mode))...,
56 func (pub *PublicKey) VerifyDigest(digest, signature []byte) (bool, error) {
57 if len(signature) != 2*int(pub.Mode) {
58 return false, errors.New("Invalid signature length")
60 s := bytes2big(signature[:pub.Mode])
61 r := bytes2big(signature[pub.Mode:])
62 if r.Cmp(zero) <= 0 || r.Cmp(pub.C.Q) >= 0 || s.Cmp(zero) <= 0 || s.Cmp(pub.C.Q) >= 0 {
65 e := bytes2big(digest)
71 v.ModInverse(e, pub.C.Q)
79 p1x, p1y, err := pub.C.Exp(z1, pub.C.X, pub.C.Y)
83 q1x, q1y, err := pub.C.Exp(z2, pub.X, pub.Y)
92 lm.ModInverse(lm, pub.C.P)
101 if lm.Cmp(zero) < 0 {
105 return lm.Cmp(r) == 0, nil