Beispiel #1
0
func UnmarshalMark(c elliptic.Curve, bytes []byte) *Mark {
	bytelen := (c.Params().BitSize + 7) >> 3
	pointlen := 1 + 2*bytelen
	if len(bytes) != 2*pointlen {
		return nil
	}
	ret := new(Mark)
	ret.ax, ret.ay = elliptic.Unmarshal(c, bytes[:pointlen])
	ret.bx, ret.by = elliptic.Unmarshal(c, bytes[pointlen:2*pointlen])
	return ret
}
Beispiel #2
0
// Decode Q point from CKA_EC_POINT attribute
func readECPoint(curve elliptic.Curve, ecpoint []byte) (*big.Int, *big.Int) {
	x, y := elliptic.Unmarshal(curve, ecpoint)
	if x == nil {
		// http://docs.oasis-open.org/pkcs11/pkcs11-curr/v2.40/os/pkcs11-curr-v2.40-os.html#_ftn1
		// PKCS#11 v2.20 specified that the CKA_EC_POINT was to be store in a DER-encoded
		// OCTET STRING.
		var point asn1.RawValue
		asn1.Unmarshal(ecpoint, &point)
		if len(point.Bytes) > 0 {
			x, y = elliptic.Unmarshal(curve, point.Bytes)
		}
	}
	return x, y
}
Beispiel #3
0
func loadPublicKey(csr *CertificateSignatureRequest, req *certificateRequest) bool {
	var pkInfo = req.Info.PKInfo
	var algo = pkInfo.Algorithm.Algorithm
	switch {
	case algo.Equal(asn1RSAEncryption):
		csr.Algo = RSA
		var pub rsa.PublicKey
		_, err := asn1.Unmarshal(pkInfo.Public.Bytes, &pub)
		if err != nil {
			return false
		}
		csr.Public = pub
		return true
	case algo.Equal(asn1ECCEncryption):
		csr.Algo = ECDSA
		var pub ecdsa.PublicKey
		curveOID := decodeOID(req.Info.PKInfo.Algorithm.Parameters.FullBytes)
		if curveOID == nil {
			return false
		}
		pub.Curve = oidToCurve(curveOID)
		if pub.Curve == nil {
			return false
		}
		pub.X, pub.Y = elliptic.Unmarshal(pub.Curve, req.Info.PKInfo.Public.Bytes)
		if pub.X == nil {
			return false
		}
		csr.Public = pub
		return true
	default:
		return false
	}
}
Beispiel #4
0
// Decode a DER-encoded public key.
func UnmarshalPublic(in []byte) (pub *PublicKey, err error) {
	var subj asnSubjectPublicKeyInfo

	if _, err = asn1.Unmarshal(in, &subj); err != nil {
		return
	}
	if !subj.Algorithm.Equal(idEcPublicKeySupplemented) {
		err = ErrInvalidPublicKey
		return
	}
	pub = new(PublicKey)
	pub.Curve = namedCurveFromOID(subj.Supplements.ECDomain)
	x, y := elliptic.Unmarshal(pub.Curve, subj.PublicKey.Bytes)
	if x == nil {
		err = ErrInvalidPublicKey
		return
	}
	pub.X = x
	pub.Y = y
	pub.Params = new(ECIESParams)
	asnECIEStoParams(subj.Supplements.ECCAlgorithms.ECIES, pub.Params)
	asnECDHtoParams(subj.Supplements.ECCAlgorithms.ECDH, pub.Params)
	if pub.Params == nil {
		if pub.Params = ParamsFromCurve(pub.Curve); pub.Params == nil {
			err = ErrInvalidPublicKey
		}
	}
	return
}
Beispiel #5
0
func CreateExchangedCipher(peerPub, priv []byte) (Cipher, Cipher, error) {
	x, y := elliptic.Unmarshal(curve, peerPub)

	sx, _ := curve.ScalarMult(x, y, priv)

	secret := cryptohash(sx.Bytes())

	aesKey1 := secret[0:aes.BlockSize]
	aesKey2 := secret[aes.BlockSize : 2*aes.BlockSize]
	vector1 := secret[2*aes.BlockSize : 3*aes.BlockSize]
	vector2 := secret[3*aes.BlockSize : 4*aes.BlockSize]

	block1, err := aes.NewCipher(aesKey1)

	if err != nil {
		return nil, nil, err
	}

	block2, err := aes.NewCipher(aesKey2)

	if err != nil {
		return nil, nil, err
	}

	stream1 := cipher.NewOFB(block1, vector1)
	stream2 := cipher.NewOFB(block2, vector2)

	return stream1, stream2, nil
}
Beispiel #6
0
// verify a signature given the hash
func (v *ECDSAVerifier) VerifyHash(h, sig []byte) (err error) {
	r, s := elliptic.Unmarshal(v.c, sig)
	if r == nil || s == nil || !ecdsa.Verify(v.k, h, r, s) {
		err = ErrInvalidSignature
	}
	return
}
Beispiel #7
0
func ToECDSAPub(pub []byte) *ecdsa.PublicKey {
	if len(pub) == 0 {
		return nil
	}
	x, y := elliptic.Unmarshal(secp256k1.S256(), pub)
	return &ecdsa.PublicKey{Curve: secp256k1.S256(), X: x, Y: y}
}
Beispiel #8
0
// UnmarshalSignerProto decodes a signing key from a CryptoKey protobuf
// message.
func UnmarshalSignerProto(ck *CryptoKey) (*Signer, error) {
	if *ck.Version != CryptoVersion_CRYPTO_VERSION_1 {
		return nil, newError("bad version")
	}

	if *ck.Purpose != CryptoKey_SIGNING {
		return nil, newError("bad purpose")
	}

	if *ck.Algorithm != CryptoKey_ECDSA_SHA {
		return nil, newError("bad algorithm")
	}

	var k ECDSA_SHA_SigningKeyV1
	defer ZeroBytes(k.EcPrivate)
	if err := proto.Unmarshal(ck.Key, &k); err != nil {
		return nil, err
	}

	if *k.Curve != NamedEllipticCurve_PRIME256_V1 {
		return nil, newError("bad Curve")
	}

	x, y := elliptic.Unmarshal(elliptic.P256(), k.EcPublic)
	pk := &ecdsa.PrivateKey{
		D: new(big.Int).SetBytes(k.EcPrivate),
		PublicKey: ecdsa.PublicKey{
			Curve: elliptic.P256(),
			X:     x,
			Y:     y,
		},
	}

	return &Signer{pk}, nil
}
Beispiel #9
0
// parseECDSA parses an ECDSA key according to RFC 5656, section 3.1.
func parseECDSA(in []byte) (out PublicKey, rest []byte, err error) {
	var identifier []byte
	var ok bool
	if identifier, in, ok = parseString(in); !ok {
		return nil, nil, errShortRead
	}

	key := new(ecdsa.PublicKey)

	switch string(identifier) {
	case "nistp256":
		key.Curve = elliptic.P256()
	case "nistp384":
		key.Curve = elliptic.P384()
	case "nistp521":
		key.Curve = elliptic.P521()
	default:
		return nil, nil, errors.New("ssh: unsupported curve")
	}

	var keyBytes []byte
	if keyBytes, in, ok = parseString(in); !ok {
		return nil, nil, errShortRead
	}

	key.X, key.Y = elliptic.Unmarshal(key.Curve, keyBytes)
	if key.X == nil || key.Y == nil {
		return nil, nil, errors.New("ssh: invalid curve point")
	}
	return (*ecdsaPublicKey)(key), in, nil
}
Beispiel #10
0
func (p *curvePoint) UnmarshalBinary(buf []byte) error {
	p.x, p.y = elliptic.Unmarshal(p.c, buf)
	if p.x == nil || !p.Valid() {
		return errors.New("invalid elliptic curve point")
	}
	return nil
}
Beispiel #11
0
// UnmarshalSignerProto decodes a signing key from a CryptoKey protobuf
// message.
func UnmarshalSignerProto(ck *CryptoKey) (*Signer, error) {
	if *ck.Version != CryptoVersion_CRYPTO_VERSION_1 {
		return nil, newError("bad version")
	}

	if *ck.Purpose != CryptoKey_SIGNING {
		return nil, newError("bad purpose")
	}

	if *ck.Algorithm != CryptoKey_ECDSA_SHA {
		return nil, newError("bad algorithm")
	}

	k := new(ECDSA_SHA_SigningKeyV1)
	defer ZeroBytes(k.EcPrivate)
	if err := proto.Unmarshal(ck.Key, k); err != nil {
		return nil, err
	}

	if *k.Curve != NamedEllipticCurve_PRIME256_V1 {
		return nil, newError("bad Curve")
	}

	s := new(Signer)
	s.ec = new(ecdsa.PrivateKey)
	s.ec.D = new(big.Int).SetBytes(k.EcPrivate)
	s.ec.Curve = elliptic.P256()
	s.ec.X, s.ec.Y = elliptic.Unmarshal(elliptic.P256(), k.EcPublic)
	if s.ec.X == nil || s.ec.Y == nil {
		return nil, fmt.Errorf("failed to unmarshal EC point: X=%v, Y=%v", s.ec.X, s.ec.Y)
	}

	return s, nil
}
Beispiel #12
0
// Decrypt authentications and recovers the original message from
// its input using the private key and the ephemeral key included in
// the message.
func Decrypt(priv *ecdsa.PrivateKey, in []byte) (out []byte, err error) {
	ephLen := int(in[0])
	ephPub := in[1 : 1+ephLen]
	ct := in[1+ephLen:]
	if len(ct) < (sha1.Size + aes.BlockSize) {
		return nil, errors.New("Invalid ciphertext")
	}

	x, y := elliptic.Unmarshal(Curve(), ephPub)
	if x == nil {
		return nil, errors.New("Invalid public key")
	}

	x, _ = priv.Curve.ScalarMult(x, y, priv.D.Bytes())
	if x == nil {
		return nil, errors.New("Failed to generate encryption key")
	}
	shared := sha256.Sum256(x.Bytes())

	tagStart := len(ct) - sha1.Size
	h := hmac.New(sha1.New, shared[16:])
	h.Write(ct[:tagStart])
	mac := h.Sum(nil)
	if !hmac.Equal(mac, ct[tagStart:]) {
		return nil, errors.New("Invalid MAC")
	}

	paddedOut, err := symcrypt.DecryptCBC(ct[aes.BlockSize:tagStart], ct[:aes.BlockSize], shared[:16])
	if err != nil {
		return
	}
	out, err = padding.RemovePadding(paddedOut)
	return
}
Beispiel #13
0
// parseECDSA parses an ECDSA key according to RFC 5656, section 3.1.
func parseECDSA(in []byte) (out *ecdsa.PublicKey, rest []byte, ok bool) {
	var identifier []byte
	if identifier, in, ok = parseString(in); !ok {
		return
	}

	key := new(ecdsa.PublicKey)

	switch string(identifier) {
	case "nistp256":
		key.Curve = elliptic.P256()
	case "nistp384":
		key.Curve = elliptic.P384()
	case "nistp521":
		key.Curve = elliptic.P521()
	default:
		ok = false
		return
	}

	var keyBytes []byte
	if keyBytes, in, ok = parseString(in); !ok {
		return
	}

	key.X, key.Y = elliptic.Unmarshal(key.Curve, keyBytes)
	if key.X == nil || key.Y == nil {
		ok = false
		return
	}
	return key, in, ok
}
Beispiel #14
0
func ToECDSAPub(pub []byte) *ecdsa.PublicKey {
	if len(pub) == 0 {
		return nil
	}
	x, y := elliptic.Unmarshal(S256(), pub)
	return &ecdsa.PublicKey{S256(), x, y}
}
Beispiel #15
0
func (ka *ecdheKeyAgreement) processServerKeyExchange(config *Config, clientHello *clientHelloMsg, serverHello *serverHelloMsg, cert *x509.Certificate, skx *serverKeyExchangeMsg) error {
	if len(skx.key) < 4 {
		return errServerKeyExchange
	}
	if skx.key[0] != 3 { // named curve
		return errors.New("tls: server selected unsupported curve")
	}
	curveid := CurveID(skx.key[1])<<8 | CurveID(skx.key[2])

	var ok bool
	if ka.curve, ok = curveForCurveID(curveid); !ok {
		return errors.New("tls: server selected unsupported curve")
	}

	publicLen := int(skx.key[3])
	if publicLen+4 > len(skx.key) {
		return errServerKeyExchange
	}
	ka.x, ka.y = elliptic.Unmarshal(ka.curve, skx.key[4:4+publicLen])
	if ka.x == nil {
		return errServerKeyExchange
	}
	serverECDHParams := skx.key[:4+publicLen]
	sig := skx.key[4+publicLen:]

	return ka.auth.verifyParameters(config, clientHello, serverHello, cert, serverECDHParams, sig)
}
Beispiel #16
0
func (ka *ecdheKeyAgreement) processClientKeyExchange(config *Config, cert *Certificate, ckx *clientKeyExchangeMsg, version uint16) ([]byte, error) {
	if len(ckx.ciphertext) == 0 || int(ckx.ciphertext[0]) != len(ckx.ciphertext)-1 {
		return nil, errClientKeyExchange
	}

	if ka.curveid == X25519 {
		if len(ckx.ciphertext) != 1+32 {
			return nil, errClientKeyExchange
		}

		var theirPublic, sharedKey, scalar [32]byte
		copy(theirPublic[:], ckx.ciphertext[1:])
		copy(scalar[:], ka.privateKey)
		curve25519.ScalarMult(&sharedKey, &scalar, &theirPublic)
		return sharedKey[:], nil
	}

	curve, ok := curveForCurveID(ka.curveid)
	if !ok {
		panic("internal error")
	}
	x, y := elliptic.Unmarshal(curve, ckx.ciphertext[1:])
	if x == nil {
		return nil, errClientKeyExchange
	}
	if !curve.IsOnCurve(x, y) {
		return nil, errClientKeyExchange
	}
	x, _ = curve.ScalarMult(x, y, ka.privateKey)
	preMasterSecret := make([]byte, (curve.Params().BitSize+7)>>3)
	xBytes := x.Bytes()
	copy(preMasterSecret[len(preMasterSecret)-len(xBytes):], xBytes)

	return preMasterSecret, nil
}
Beispiel #17
0
// UnmarshalVerifierProto decodes a verifying key from a CryptoKey protobuf
// message.
func UnmarshalVerifierProto(ck *CryptoKey) (*Verifier, error) {
	if *ck.Version != CryptoVersion_CRYPTO_VERSION_1 {
		return nil, newError("bad version")
	}

	if *ck.Purpose != CryptoKey_VERIFYING {
		return nil, newError("bad purpose")
	}

	if *ck.Algorithm != CryptoKey_ECDSA_SHA {
		return nil, newError("bad algorithm")
	}

	k := new(ECDSA_SHA_VerifyingKeyV1)
	if err := proto.Unmarshal(ck.Key, k); err != nil {
		return nil, err
	}

	if *k.Curve != NamedEllipticCurve_PRIME256_V1 {
		return nil, newError("bad curve")
	}

	s := new(Verifier)
	s.ec = new(ecdsa.PublicKey)
	s.ec.Curve = elliptic.P256()
	s.ec.X, s.ec.Y = elliptic.Unmarshal(elliptic.P256(), k.EcPublic)
	return s, nil
}
Beispiel #18
0
// parseECDSA parses an ECDSA key according to RFC 5656, section 3.1.
func parseECDSA(in []byte) (out PublicKey, rest []byte, err error) {
	var w struct {
		Curve    string
		KeyBytes []byte
		Rest     []byte `ssh:"rest"`
	}

	if err := Unmarshal(in, &w); err != nil {
		return nil, nil, err
	}

	key := new(ecdsa.PublicKey)

	switch w.Curve {
	case "nistp256":
		key.Curve = elliptic.P256()
	case "nistp384":
		key.Curve = elliptic.P384()
	case "nistp521":
		key.Curve = elliptic.P521()
	default:
		return nil, nil, errors.New("ssh: unsupported curve")
	}

	key.X, key.Y = elliptic.Unmarshal(key.Curve, w.KeyBytes)
	if key.X == nil || key.Y == nil {
		return nil, nil, errors.New("ssh: invalid curve point")
	}
	return (*ecdsaPublicKey)(key), w.Rest, nil
}
Beispiel #19
0
// Encrypt plainText into an Encrypted Message using the given public key.
func Encrypt(log chan string, dest_pubkey []byte, plainText string) *EncryptedMessage {
	// Generate New Public/Private Key Pair
	D1, X1, Y1 := CreateKey(log)
	// Unmarshal the Destination's Pubkey
	X2, Y2 := elliptic.Unmarshal(elliptic.P256(), dest_pubkey)

	// Point Multiply to get new Pubkey
	PubX, PubY := elliptic.P256().ScalarMult(X2, Y2, D1)

	// Generate Pubkey hashes
	PubHash := sha512.Sum512(elliptic.Marshal(elliptic.P256(), PubX, PubY))
	PubHash_E := PubHash[:32]
	PubHash_M := PubHash[32:64]

	IV, cipherText, _ := SymmetricEncrypt(PubHash_E, plainText)

	// Generate HMAC
	mac := hmac.New(sha256.New, PubHash_M)
	mac.Write(cipherText)
	HMAC := mac.Sum(nil)

	ret := new(EncryptedMessage)
	copy(ret.IV[:], IV[:])
	copy(ret.PublicKey[:], elliptic.Marshal(elliptic.P256(), X1, Y1))
	ret.CipherText = cipherText
	copy(ret.HMAC[:], HMAC)

	return ret
}
Beispiel #20
0
// ComputeSharedKey computes and returns the shared key based on the local private key and the remote public key.
func (this *p256) ComputeSharedKey(remotePublicKey []byte) (error, []byte) {
	remotePublicX, remotePublicY := elliptic.Unmarshal(this.curve, remotePublicKey)
	if !this.curve.IsOnCurve(remotePublicX, remotePublicY) {
		return errors.New("ECDH : invalid P-256 KeyExchange"), nil
	}
	x, _ := this.curve.ScalarMult(remotePublicX, remotePublicY, this.privateKey)
	return nil, x.Bytes()
}
Beispiel #21
0
func parseECDSAPublicKey(raw []byte) (key *ecdsa.PublicKey, err error) {
	buf := bytes.NewBuffer(raw)
	var algorithm, curveName, public []byte
	var length int32

	err = binary.Read(buf, binary.BigEndian, &length)
	if err != nil {
		return
	}

	algorithm = make([]byte, length)
	_, err = io.ReadFull(buf, algorithm)
	if err != nil {
		return
	}

	err = binary.Read(buf, binary.BigEndian, &length)
	if err != nil {
		return
	}
	curveName = make([]byte, length)
	_, err = io.ReadFull(buf, curveName)
	if err != nil {
		return
	}

	err = binary.Read(buf, binary.BigEndian, &length)
	if err != nil {
		return
	}
	public = make([]byte, length)
	_, err = io.ReadFull(buf, public)
	if err != nil {
		return
	}

	key = new(ecdsa.PublicKey)
	var curve elliptic.Curve
	switch string(curveName) {
	case "nistp256":
		curve = elliptic.P256()
	case "nistp384":
		curve = elliptic.P384()
	case "nistp521":
		curve = elliptic.P521()
	default:
		err = ErrUnsupportedPublicKey
		return
	}

	key.X, key.Y = elliptic.Unmarshal(curve, public)
	if key.X == nil {
		err = ErrInvalidPublicKey
		return
	}
	key.Curve = curve
	return
}
Beispiel #22
0
// kexECDH performs Elliptic Curve Diffie-Hellman key exchange as
// described in RFC 5656, section 4.
func (c *ClientConn) kexECDH(curve elliptic.Curve, magics *handshakeMagics, hostKeyAlgo string) (*kexResult, error) {
	ephKey, err := ecdsa.GenerateKey(curve, c.config.rand())
	if err != nil {
		return nil, err
	}

	kexInit := kexECDHInitMsg{
		ClientPubKey: elliptic.Marshal(curve, ephKey.PublicKey.X, ephKey.PublicKey.Y),
	}

	serialized := marshal(msgKexECDHInit, kexInit)
	if err := c.writePacket(serialized); err != nil {
		return nil, err
	}

	packet, err := c.readPacket()
	if err != nil {
		return nil, err
	}

	var reply kexECDHReplyMsg
	if err = unmarshal(&reply, packet, msgKexECDHReply); err != nil {
		return nil, err
	}

	x, y := elliptic.Unmarshal(curve, reply.EphemeralPubKey)
	if x == nil {
		return nil, errors.New("ssh: elliptic.Unmarshal failure")
	}
	if !validateECPublicKey(curve, x, y) {
		return nil, errors.New("ssh: ephemeral server key not on curve")
	}

	// generate shared secret
	secret, _ := curve.ScalarMult(x, y, ephKey.D.Bytes())

	hashFunc := ecHash(curve)
	h := hashFunc.New()
	writeString(h, magics.clientVersion)
	writeString(h, magics.serverVersion)
	writeString(h, magics.clientKexInit)
	writeString(h, magics.serverKexInit)
	writeString(h, reply.HostKey)
	writeString(h, kexInit.ClientPubKey)
	writeString(h, reply.EphemeralPubKey)
	K := make([]byte, intLength(secret))
	marshalInt(K, secret)
	h.Write(K)

	return &kexResult{
		H:         h.Sum(nil),
		K:         K,
		HostKey:   reply.HostKey,
		Signature: reply.Signature,
		Hash:      hashFunc,
	}, nil
}
Beispiel #23
0
func SigToPub(hash, sig []byte) (*ecdsa.PublicKey, error) {
	s, err := Ecrecover(hash, sig)
	if err != nil {
		return nil, err
	}

	x, y := elliptic.Unmarshal(S256(), s)
	return &ecdsa.PublicKey{S256(), x, y}, nil
}
Beispiel #24
0
func SigToPub(hash, sig []byte) (*ecdsa.PublicKey, error) {
	s, err := Ecrecover(hash, sig)
	if err != nil {
		return nil, err
	}

	x, y := elliptic.Unmarshal(secp256k1.S256(), s)
	return &ecdsa.PublicKey{Curve: secp256k1.S256(), X: x, Y: y}, nil
}
Beispiel #25
0
func (t *Tack) Verify() bool {
	curve := elliptic.P256()
	x, y := elliptic.Unmarshal(curve, append([]byte{4}, t.PublicKey...))
	pubKey := ecdsa.PublicKey{curve, x, y}

	var r, s big.Int
	r.SetBytes(t.Signature[:SIG_LENGTH/2])
	s.SetBytes(t.Signature[SIG_LENGTH/2:])
	return ecdsa.Verify(&pubKey, t.hashForSig(), &r, &s)
}
Beispiel #26
0
// Q' = curve.G * k'
// K(x,y) = Q' * k = G * k' * k
func (k *ECKey) ComputeKey(bobPub []byte) ([]byte, error) {
	curve := k.curve
	bobX, bobY := elliptic.Unmarshal(curve, bobPub)
	if bobX == nil || bobY == nil {
		// the point is not on the curve
		return nil, InvalidECCParam
	}
	xk, _ := curve.ScalarMult(bobX, bobY, k.priv)
	return xk.Bytes(), nil
}
Beispiel #27
0
// unmarshalECKey parses and checks an EC key.
func unmarshalECKey(curve elliptic.Curve, pubkey []byte) (x, y *big.Int, err error) {
	x, y = elliptic.Unmarshal(curve, pubkey)
	if x == nil {
		return nil, nil, errors.New("ssh: elliptic.Unmarshal failure")
	}
	if !validateECPublicKey(curve, x, y) {
		return nil, nil, errors.New("ssh: public key not on curve")
	}
	return x, y, nil
}
Beispiel #28
0
func verify(signerKeyFile, userKeyFile, sigFile string) bool {
	rawSigner, err := ioutil.ReadFile(signerKeyFile)
	if err != nil {
		fmt.Printf("Failed to read signature key: %v\n", err)
		return false
	}
	var signer ecdsa.PublicKey
	signer.X, signer.Y = elliptic.Unmarshal(elliptic.P521(), rawSigner)
	if signer.X == nil {
		fmt.Println("Invalid signature key.")
		return false
	}
	signer.Curve = elliptic.P521()

	rawUser, err := ioutil.ReadFile(userKeyFile)
	if err != nil {
		fmt.Printf("Failed to read user key: %v\n", err)
		return false
	}

	x, _ := elliptic.Unmarshal(elliptic.P521(), rawUser)
	if x == nil {
		fmt.Println("Invalid user key.")
		return false
	}

	rawSig, err := ioutil.ReadFile(sigFile)
	if err != nil {
		fmt.Printf("Failed to load signature: %v\n", err)
		return false
	}

	var sig ECDSASignature
	_, err = asn1.Unmarshal(rawSig, &sig)
	if err != nil {
		fmt.Printf("Failed to parse signature: %v\n", err)
		return false
	}

	h := sha512.Sum384(rawUser)
	return ecdsa.Verify(&signer, h[:], sig.R, sig.S)
}
Beispiel #29
0
func UnmarshalCheckbox(c elliptic.Curve, bytes []byte) *Checkbox {
	bytelen := (c.Params().BitSize + 7) >> 3
	pointlen := 1 + 2*bytelen
	scalarlen := bytelen
	if len(bytes) != 2*pointlen+4*scalarlen {
		return nil
	}
	ret := new(Checkbox)
	ret.ax, ret.ay = elliptic.Unmarshal(c, bytes[:pointlen])
	ret.bx, ret.by = elliptic.Unmarshal(c, bytes[pointlen:2*pointlen])
	ret.c1 = new(big.Int)
	ret.c2 = new(big.Int)
	ret.r1 = new(big.Int)
	ret.r2 = new(big.Int)
	ret.c1.SetBytes(bytes[2*pointlen : 2*pointlen+scalarlen])
	ret.c2.SetBytes(bytes[2*pointlen+scalarlen : 2*pointlen+2*scalarlen])
	ret.r1.SetBytes(bytes[2*pointlen+2*scalarlen : 2*pointlen+3*scalarlen])
	ret.r2.SetBytes(bytes[2*pointlen+3*scalarlen : 2*pointlen+4*scalarlen])
	return ret
}
Beispiel #30
0
func UnmarshalPublicCertificate(data []byte) PublicCertificate {
	x, y := elliptic.Unmarshal(curve, data)

	cert := new(ecdsa.PublicKey)

	cert.Curve = curve
	cert.X = x
	cert.Y = y

	return cert
}