2  *  Copyright (C) 2017 - This file is part of libecc project
7  *      Jean-Pierre FLORI <jean-pierre.flori@ssi.gouv.fr>
39         MUST_HAVE((((void *)(A)) != NULL) && ((A)->magic == ECDSA_SIGN_MAGIC), ret, err)
68 	ECDSA_SIGN_CHECK_INITIALIZED(&(ctx->sign_data.ecdsa), ret, err);  in ecdsa_sign_raw()
75 	priv_key = &(ctx->key_pair->priv_key);  in ecdsa_sign_raw()
76 	q = &(priv_key->params->ec_gen_order);  in ecdsa_sign_raw()
77 	q_bit_len = priv_key->params->ec_gen_order_bitlen;  in ecdsa_sign_raw()
78 	G = &(priv_key->params->ec_gen);  in ecdsa_sign_raw()
80 	x = &(priv_key->x);  in ecdsa_sign_raw()
83 	dbg_nn_print("p", &(priv_key->params->ec_fp.p));  in ecdsa_sign_raw()
84 	dbg_nn_print("q", &(priv_key->params->ec_gen_order));  in ecdsa_sign_raw()
86 	dbg_ec_point_print("G", &(priv_key->params->ec_gen));  in ecdsa_sign_raw()
87 	dbg_pub_key_print("Y", &(ctx->key_pair->pub_key));  in ecdsa_sign_raw()
92 	/* 1. Compute h = H(m) */  in ecdsa_sign_raw()
95 	 * to avoid -Werror=type-limits errors:  in ecdsa_sign_raw()
117 		rshift = (bitcnt_t)((hsize * 8) - q_bit_len);  in ecdsa_sign_raw()
121 	 * 3. Compute e = OS2I(h) mod q, i.e. by converting h to an  in ecdsa_sign_raw()
146 		ret = ctx->rand(&k, q); EG(ret, err);  in ecdsa_sign_raw()
158 	/* 5. Compute W = (W_x,W_y) = kG */  in ecdsa_sign_raw()
169 	/* 6. Compute r = W_x mod q */  in ecdsa_sign_raw()
202 	/* 9. Compute s = k^-1 * (xr + e) mod q */  in ecdsa_sign_raw()
209 	/* In case of blinding, we compute (b*k)^-1, and  in ecdsa_sign_raw()
210 	 * b^-1 will automatically unblind (r*x) in the following  in ecdsa_sign_raw()
214 	/* Compute k^-1 mod q */  in ecdsa_sign_raw()
220 	dbg_nn_print("k^-1 mod q", &kinv);  in ecdsa_sign_raw()
222 	/* s = k^-1 * tmp2 mod q */  in ecdsa_sign_raw()
252 		IGNORE_RET_VAL(local_memset(&(ctx->sign_data.ecdsa), 0, sizeof(ecdsa_sign_data)));  in ecdsa_sign_raw()
275         MUST_HAVE((((void *)(A)) != NULL) && ((A)->magic == ECDSA_VERIFY_MAGIC), ret, err)
303 	ECDSA_VERIFY_CHECK_INITIALIZED(&(ctx->verify_data.ecdsa), ret, err);  in ecdsa_verify_raw()
311 	G = &(ctx->pub_key->params->ec_gen);  in ecdsa_verify_raw()
312 	Y = &(ctx->pub_key->y);  in ecdsa_verify_raw()
313 	q = &(ctx->pub_key->params->ec_gen_order);  in ecdsa_verify_raw()
314 	q_bit_len = ctx->pub_key->params->ec_gen_order_bitlen;  in ecdsa_verify_raw()
316 	r = &(ctx->verify_data.ecdsa.r);  in ecdsa_verify_raw()
317 	s = &(ctx->verify_data.ecdsa.s);  in ecdsa_verify_raw()
319 	/* 2. Compute h = H(m) */  in ecdsa_verify_raw()
323 	 * to avoid -Werror=type-limits errors:  in ecdsa_verify_raw()
346 		rshift = (bitcnt_t)((hsize * 8) - q_bit_len);  in ecdsa_verify_raw()
350 	 * 4. Compute e = OS2I(h) mod q, by converting h to an integer  in ecdsa_verify_raw()
364 	/* Compute s^-1 mod q */  in ecdsa_verify_raw()
370 	/* 5. Compute u = (s^-1)e mod q */  in ecdsa_verify_raw()
372 	dbg_nn_print("u = (s^-1)e mod q", &uv);  in ecdsa_verify_raw()
375 	/* 6. Compute v = (s^-1)r mod q */  in ecdsa_verify_raw()
377 	dbg_nn_print("v = (s^-1)r mod q", &uv);  in ecdsa_verify_raw()
380 	/* 7. Compute W' = uG + vY */  in ecdsa_verify_raw()
387 	/* 9. Compute r' = W'_x mod q */  in ecdsa_verify_raw()
389 	dbg_nn_print("W'_x", &(W_prime->X.fp_val));  in ecdsa_verify_raw()
390 	dbg_nn_print("W'_y", &(W_prime->Y.fp_val));  in ecdsa_verify_raw()
391 	ret = nn_mod(&r_prime, &(W_prime->X.fp_val), q); EG(ret, err);  in ecdsa_verify_raw()
395 	ret = (cmp != 0) ? -1 : 0;  in ecdsa_verify_raw()
410 		IGNORE_RET_VAL(local_memset(&(ctx->verify_data.ecdsa), 0, sizeof(ecdsa_verify_data)));  in ecdsa_verify_raw()