11 static char *phasenames[] = {
23 decryptkey(Fsstate *fss, char *key, char *password)
25 uchar keyenc[53], hash[32];
29 if(base58dec(key, keyenc, 53) < 0)
30 return failure(fss, "invalid base58");
31 sha2_256((uchar *)password, strlen(password), hash, nil);
32 sha2_256(hash, 32, hash, nil);
33 setupAESstate(&s, hash, 32, keyenc+37);
34 aesCBCdecrypt(keyenc, 37, &s);
37 sha2_256(keyenc, 33, hash, nil);
38 sha2_256(hash, 32, hash, nil);
39 if(memcmp(keyenc + 33, hash, 4) != 0)
42 st->p.d = betomp(keyenc + 1, 32, nil);
45 ecmul(&dom, dom.G, st->p.d, &st->p);
50 ecdsainit(Proto *, Fsstate *fss)
60 dom.p = strtomp("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F", nil, 16, nil);
61 dom.a = uitomp(0, nil);
62 dom.b = uitomp(7, nil);
63 dom.n = strtomp("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141", nil, 16, nil);
64 dom.h = uitomp(1, nil);
65 dom.G = strtoec(&dom, "0279BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798", nil, nil);
68 if((iscli = isclient(_strfindattr(fss->attr, "role"))) < 0)
69 return failure(fss, nil);
71 return failure(fss, "ecdsa server unimplemented");
72 mkkeyinfo(&ki, fss, nil);
73 ret = findkey(&k, &ki, "key? !password?");
75 key = _strfindattr(k->attr, "key");
76 password = _strfindattr(k->privattr, "!password");
79 if(!_strfindattr(fss->attr, "dom"))
81 attr = _copyattr(fss->attr);
82 _delattr(attr, "key");
83 mkkeyinfo(&ki, fss, attr);
84 ret = findkey(&k, &ki, "dom? !password?");
87 key = _strfindattr(fss->attr, "key");
88 password = _strfindattr(k->privattr, "!password");
90 if(key == nil || password == nil)
92 fss->ps = emalloc(sizeof(State));
93 ret = decryptkey(fss, key, password);
97 setattrs(fss->attr, k->attr);
98 fss->phasename = phasenames;
99 fss->maxphase = Maxphase;
100 fss->phase = CHaveKey;
105 derencode(mpint *r, mpint *s, uchar *buf, int *n)
107 uchar rk[33], sk[33];
110 mptobe(r, rk, 32, nil);
111 mptobe(s, sk, 32, nil);
112 rl = (mpsignif(r) + 7)/8;
113 sl = (mpsignif(s) + 7)/8;
115 memmove(rk + 1, rk, 32);
120 memmove(sk + 1, sk, 32);
125 buf[1] = 4 + rl + sl;
128 memmove(buf + 4, rk, rl);
131 memmove(buf + 6 + rl, sk, sl);
136 ecdsawrite(Fsstate *fss, void *va, uint n)
144 return phaseerror(fss, "write");
148 ecdsasign(&dom, &st->p, va, n, r, s);
149 derencode(r, s, st->buf, &st->n);
152 fss->phase = CHaveText;
158 ecdsaread(Fsstate *fss, void *va, uint *n)
165 return phaseerror(fss, "read");
169 memcpy(va, st->buf, *n);
170 fss->phase = Established;
176 ecdsaclose(Fsstate *fss)
198 .addkey = replacekey,
199 .keyprompt= "key? !password?",