/* IEEE ECDSA Signature, C and D are signature on F using private key S */
public static int ECPSP_DSA(RAND RNG, sbyte[] S, sbyte[] F, sbyte[] C, sbyte[] D)
{
sbyte[] T = new sbyte[EFS];
BIG gx, gy, r, s, f, c, d, u, vx;
ECP G, V;
HASH H = new HASH();
H.process_array(F);
sbyte[] B = H.hash();
gx = new BIG(ROM.CURVE_Gx);
gy = new BIG(ROM.CURVE_Gy);
G = new ECP(gx, gy);
r = new BIG(ROM.CURVE_Order);
s = BIG.fromBytes(S);
f = BIG.fromBytes(B);
c = new BIG(0);
d = new BIG(0);
V = new ECP();
do
{
u = BIG.randomnum(r, RNG);
V.copy(G);
V = V.mul(u);
vx = V.X;
c.copy(vx);
c.mod(r);
if (c.iszilch())
{
continue;
}
u.invmodp(r);
d.copy(BIG.modmul(s, c, r));
d.add(f);
d.copy(BIG.modmul(u, d, r));
} while (d.iszilch());
c.toBytes(T);
for (int i = 0; i < EFS; i++)
{
C[i] = T[i];
}
d.toBytes(T);
for (int i = 0; i < EFS; i++)
{
D[i] = T[i];
}
return(0);
}
/* Multiply P by e in group G1 */
public static ECP G1mul(ECP P, BIG e)
{
ECP R;
if (ROM.USE_GLV)
{
P.affine();
R = new ECP();
R.copy(P);
int i, np, nn;
ECP Q = new ECP();
Q.copy(P);
BIG q = new BIG(ROM.CURVE_Order);
FP cru = new FP(new BIG(ROM.CURVE_Cru));
BIG t = new BIG(0);
BIG[] u = glv(e);
Q.getx().mul(cru);
np = u[0].nbits();
t.copy(BIG.modneg(u[0], q));
nn = t.nbits();
if (nn < np)
{
u[0].copy(t);
R.neg();
}
np = u[1].nbits();
t.copy(BIG.modneg(u[1], q));
nn = t.nbits();
if (nn < np)
{
u[1].copy(t);
Q.neg();
}
R = R.mul2(u[0], Q, u[1]);
}
else
{
R = P.mul(e);
}
return(R);
}
/* validate public key. Set full=true for fuller check */
public static int PUBLIC_KEY_VALIDATE(bool full, sbyte[] W)
{
BIG r;
ECP WP = ECP.fromBytes(W);
int res = 0;
r = new BIG(ROM.CURVE_Order);
if (WP.is_infinity())
{
res = INVALID_PUBLIC_KEY;
}
if (res == 0 && full)
{
WP = WP.mul(r);
if (!WP.is_infinity())
{
res = INVALID_PUBLIC_KEY;
}
}
return(res);
}