)
type PrivateKey struct {
- c *Curve
- mode Mode
- key *big.Int
+ C *Curve
+ Mode Mode
+ Key *big.Int
}
func NewPrivateKey(curve *Curve, mode Mode, raw []byte) (*PrivateKey, error) {
}
func (prv *PrivateKey) Raw() []byte {
- raw := pad(prv.key.Bytes(), int(prv.mode))
+ raw := pad(prv.Key.Bytes(), int(prv.Mode))
reverse(raw)
return raw
}
func (prv *PrivateKey) PublicKey() (*PublicKey, error) {
- x, y, err := prv.c.Exp(prv.key, prv.c.Bx, prv.c.By)
+ x, y, err := prv.C.Exp(prv.Key, prv.C.X, prv.C.Y)
if err != nil {
return nil, err
}
- return &PublicKey{prv.c, prv.mode, x, y}, nil
+ return &PublicKey{prv.C, prv.Mode, x, y}, nil
}
func (prv *PrivateKey) SignDigest(digest []byte, rand io.Reader) ([]byte, error) {
e := bytes2big(digest)
- e.Mod(e, prv.c.Q)
+ e.Mod(e, prv.C.Q)
if e.Cmp(zero) == 0 {
e = big.NewInt(1)
}
- kRaw := make([]byte, int(prv.mode))
+ kRaw := make([]byte, int(prv.Mode))
var err error
var k *big.Int
var r *big.Int
return nil, err
}
k = bytes2big(kRaw)
- k.Mod(k, prv.c.Q)
+ k.Mod(k, prv.C.Q)
if k.Cmp(zero) == 0 {
goto Retry
}
- r, _, err = prv.c.Exp(k, prv.c.Bx, prv.c.By)
+ r, _, err = prv.C.Exp(k, prv.C.X, prv.C.Y)
if err != nil {
return nil, err
}
- r.Mod(r, prv.c.Q)
+ r.Mod(r, prv.C.Q)
if r.Cmp(zero) == 0 {
goto Retry
}
- d.Mul(prv.key, r)
+ d.Mul(prv.Key, r)
k.Mul(k, e)
s.Add(d, k)
- s.Mod(s, prv.c.Q)
+ s.Mod(s, prv.C.Q)
if s.Cmp(zero) == 0 {
goto Retry
}
return append(
- pad(s.Bytes(), int(prv.mode)),
- pad(r.Bytes(), int(prv.mode))...,
+ pad(s.Bytes(), int(prv.Mode)),
+ pad(r.Bytes(), int(prv.Mode))...,
), nil
}
)
type PublicKey struct {
- c *Curve
- mode Mode
- x *big.Int
- y *big.Int
+ C *Curve
+ Mode Mode
+ X *big.Int
+ Y *big.Int
}
func NewPublicKey(curve *Curve, mode Mode, raw []byte) (*PublicKey, error) {
func (pub *PublicKey) Raw() []byte {
raw := append(
- pad(pub.y.Bytes(), int(pub.mode)),
- pad(pub.x.Bytes(), int(pub.mode))...,
+ pad(pub.Y.Bytes(), int(pub.Mode)),
+ pad(pub.X.Bytes(), int(pub.Mode))...,
)
reverse(raw)
return raw
}
func (pub *PublicKey) VerifyDigest(digest, signature []byte) (bool, error) {
- if len(signature) != 2*int(pub.mode) {
+ if len(signature) != 2*int(pub.Mode) {
return false, errors.New("Invalid signature length")
}
- s := bytes2big(signature[:pub.mode])
- r := bytes2big(signature[pub.mode:])
- if r.Cmp(zero) <= 0 || r.Cmp(pub.c.Q) >= 0 || s.Cmp(zero) <= 0 || s.Cmp(pub.c.Q) >= 0 {
+ s := bytes2big(signature[:pub.Mode])
+ r := bytes2big(signature[pub.Mode:])
+ if r.Cmp(zero) <= 0 || r.Cmp(pub.C.Q) >= 0 || s.Cmp(zero) <= 0 || s.Cmp(pub.C.Q) >= 0 {
return false, nil
}
e := bytes2big(digest)
- e.Mod(e, pub.c.Q)
+ e.Mod(e, pub.C.Q)
if e.Cmp(zero) == 0 {
e = big.NewInt(1)
}
v := big.NewInt(0)
- v.ModInverse(e, pub.c.Q)
+ v.ModInverse(e, pub.C.Q)
z1 := big.NewInt(0)
z2 := big.NewInt(0)
z1.Mul(s, v)
- z1.Mod(z1, pub.c.Q)
+ z1.Mod(z1, pub.C.Q)
z2.Mul(r, v)
- z2.Mod(z2, pub.c.Q)
- z2.Sub(pub.c.Q, z2)
- p1x, p1y, err := pub.c.Exp(z1, pub.c.Bx, pub.c.By)
+ z2.Mod(z2, pub.C.Q)
+ z2.Sub(pub.C.Q, z2)
+ p1x, p1y, err := pub.C.Exp(z1, pub.C.X, pub.C.Y)
if err != nil {
return false, err
}
- q1x, q1y, err := pub.c.Exp(z2, pub.x, pub.y)
+ q1x, q1y, err := pub.C.Exp(z2, pub.X, pub.Y)
if err != nil {
return false, err
}
lm := big.NewInt(0)
lm.Sub(q1x, p1x)
if lm.Cmp(zero) < 0 {
- lm.Add(lm, pub.c.P)
+ lm.Add(lm, pub.C.P)
}
- lm.ModInverse(lm, pub.c.P)
+ lm.ModInverse(lm, pub.C.P)
z1.Sub(q1y, p1y)
lm.Mul(lm, z1)
- lm.Mod(lm, pub.c.P)
+ lm.Mod(lm, pub.C.P)
lm.Mul(lm, lm)
- lm.Mod(lm, pub.c.P)
+ lm.Mod(lm, pub.C.P)
lm.Sub(lm, p1x)
lm.Sub(lm, q1x)
- lm.Mod(lm, pub.c.P)
+ lm.Mod(lm, pub.C.P)
if lm.Cmp(zero) < 0 {
- lm.Add(lm, pub.c.P)
+ lm.Add(lm, pub.C.P)
}
- lm.Mod(lm, pub.c.Q)
+ lm.Mod(lm, pub.C.Q)
return lm.Cmp(r) == 0, nil
}
)
func (prv *PrivateKey) KEK(pub *PublicKey, ukm *big.Int) ([]byte, error) {
- keyX, keyY, err := prv.c.Exp(prv.key, pub.x, pub.y)
+ keyX, keyY, err := prv.C.Exp(prv.Key, pub.X, pub.Y)
if err != nil {
return nil, err
}
- keyX, keyY, err = prv.c.Exp(ukm, keyX, keyY)
+ keyX, keyY, err = prv.C.Exp(ukm, keyX, keyY)
if err != nil {
return nil, err
}
- pk := PublicKey{prv.c, prv.mode, keyX, keyY}
+ pk := PublicKey{prv.C, prv.Mode, keyX, keyY}
return pk.Raw(), nil
}
// RFC 4357 VKO GOST R 34.10-2001 key agreement function.
// UKM is user keying material, also called VKO-factor.
func (prv *PrivateKey) KEK2001(pub *PublicKey, ukm *big.Int) ([]byte, error) {
- if prv.mode != Mode2001 {
+ if prv.Mode != Mode2001 {
return nil, errors.New("KEK2001 can not be used in Mode2012")
}
key, err := prv.KEK(pub, ukm)
// RFC 7836 VKO GOST R 34.10-2012 256-bit key agreement function.
// UKM is user keying material, also called VKO-factor.
func (prv *PrivateKey) KEK2012256(pub *PublicKey, ukm *big.Int) ([]byte, error) {
- if prv.mode != Mode2012 {
+ if prv.Mode != Mode2012 {
return nil, errors.New("KEK2012 can not be used in Mode2001")
}
key, err := prv.KEK(pub, ukm)
// RFC 7836 VKO GOST R 34.10-2012 512-bit key agreement function.
// UKM is user keying material, also called VKO-factor.
func (prv *PrivateKey) KEK2012512(pub *PublicKey, ukm *big.Int) ([]byte, error) {
- if prv.mode != Mode2012 {
+ if prv.Mode != Mode2012 {
return nil, errors.New("KEK2012 can not be used in Mode2001")
}
key, err := prv.KEK(pub, ukm)