1 // GoGOST -- Pure Go GOST cryptographic functions library
2 // Copyright (C) 2015-2016 Sergey Matveev <stargrave@stargrave.org>
4 // This program is free software: you can redistribute it and/or modify
5 // it under the terms of the GNU General Public License as published by
6 // the Free Software Foundation, either version 3 of the License, or
7 // (at your option) any later version.
9 // This program is distributed in the hope that it will be useful,
10 // but WITHOUT ANY WARRANTY; without even the implied warranty of
11 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 // GNU General Public License for more details.
14 // You should have received a copy of the GNU General Public License
15 // along with this program. If not, see <http://www.gnu.org/licenses/>.
24 type PublicKey struct {
31 func NewPublicKey(curve *Curve, ds DigestSize, raw []byte) (*PublicKey, error) {
32 if len(raw) != 2*int(ds) {
33 return nil, errors.New("Invalid public key length")
35 key := make([]byte, 2*int(ds))
41 bytes2big(key[int(ds) : 2*int(ds)]),
42 bytes2big(key[:int(ds)]),
46 func (pk *PublicKey) Raw() []byte {
47 raw := append(pad(pk.y.Bytes(), pk.ds), pad(pk.x.Bytes(), pk.ds)...)
52 func (pk *PublicKey) VerifyDigest(digest, signature []byte) (bool, error) {
53 if len(digest) != pk.ds {
54 return false, errors.New("Invalid input digest length")
56 if len(signature) != 2*pk.ds {
57 return false, errors.New("Invalid signature length")
59 s := bytes2big(signature[:pk.ds])
60 r := bytes2big(signature[pk.ds:])
61 if r.Cmp(zero) <= 0 || r.Cmp(pk.c.Q) >= 0 || s.Cmp(zero) <= 0 || s.Cmp(pk.c.Q) >= 0 {
64 e := bytes2big(digest)
70 v.ModInverse(e, pk.c.Q)
78 p1x, p1y, err := pk.c.Exp(z1, pk.c.Bx, pk.c.By)
82 q1x, q1y, err := pk.c.Exp(z2, pk.x, pk.y)
91 lm.ModInverse(lm, pk.c.P)
100 if lm.Cmp(zero) < 0 {
104 return lm.Cmp(r) == 0, nil