[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU gnutls branch, master, updated. gnutls_2_99_1-43-g14cdffd
|
From: |
Nikos Mavrogiannopoulos |
|
Subject: |
[SCM] GNU gnutls branch, master, updated. gnutls_2_99_1-43-g14cdffd |
|
Date: |
Fri, 20 May 2011 19:07:46 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".
http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=14cdffd508a834f0df1935732455c40432ad36b0
The branch, master has been updated
via 14cdffd508a834f0df1935732455c40432ad36b0 (commit)
via 48b9a6905e347e8d88ee724ccdfd57239d60da8f (commit)
via 03397384d1a3c5035d8a43c1ad0f1b2790f27c75 (commit)
from 5854b4c2557dcb75c6263df32932047688d5c64b (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 14cdffd508a834f0df1935732455c40432ad36b0
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Fri May 20 21:07:31 2011 +0200
client side ECC fixes.
commit 48b9a6905e347e8d88ee724ccdfd57239d60da8f
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Fri May 20 21:07:12 2011 +0200
corrected debugging.
commit 03397384d1a3c5035d8a43c1ad0f1b2790f27c75
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Fri May 20 20:50:03 2011 +0200
Account 'A' in calculations for point doubling.
-----------------------------------------------------------------------
Summary of changes:
lib/auth/ecdh_common.c | 23 ++-
lib/gnutls_algorithms.c | 2 +
lib/gnutls_algorithms.h | 2 +
lib/gnutls_global.c | 4 +
lib/gnutls_handshake.c | 9 +
lib/includes/gnutls/crypto.h | 13 +-
lib/nettle/ecc.h | 12 +-
lib/nettle/ecc_free.c | 13 +-
lib/nettle/ecc_make_key.c | 161 +++++++++------
lib/nettle/ecc_shared_secret.c | 72 ++++---
lib/nettle/ecc_sign_hash.c | 114 ++++++-----
lib/nettle/ecc_test.c | 135 +++++++------
lib/nettle/ecc_verify_hash.c | 148 ++++++++------
lib/nettle/ltc_ecc_map.c | 55 +++---
lib/nettle/ltc_ecc_mulmod.c | 231 +++++++++++++---------
lib/nettle/ltc_ecc_points.c | 40 ++--
lib/nettle/ltc_ecc_projective_add_point.c | 310 +++++++++++++++--------------
lib/nettle/ltc_ecc_projective_dbl_point.c | 261 ++++++++++++++----------
lib/nettle/pk.c | 38 ++--
lib/x509/x509_int.h | 4 +-
src/cli.c | 2 +-
src/common.c | 3 +-
22 files changed, 948 insertions(+), 704 deletions(-)
diff --git a/lib/auth/ecdh_common.c b/lib/auth/ecdh_common.c
index e3d247e..502396d 100644
--- a/lib/auth/ecdh_common.c
+++ b/lib/auth/ecdh_common.c
@@ -52,17 +52,18 @@ int ret;
pub.params[1] = session->key->ecdh_params.params[1];
pub.params[2] = session->key->ecdh_params.params[2];
pub.params[3] = session->key->ecdh_params.params[3];
- pub.params[4] = session->key->ecdh_x;
- pub.params[5] = session->key->ecdh_y;
- pub.params[6] = _gnutls_mpi_new(1);
- if (pub.params[6] == NULL)
+ pub.params[4] = session->key->ecdh_params.params[4];
+ pub.params[5] = session->key->ecdh_x;
+ pub.params[6] = session->key->ecdh_y;
+ pub.params[7] = _gnutls_mpi_new(1);
+ if (pub.params[7] == NULL)
return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
- _gnutls_mpi_set_ui(pub.params[6], 1);
+ _gnutls_mpi_set_ui(pub.params[7], 1);
ret = _gnutls_pk_derive(GNUTLS_PK_ECDH, &session->key->key,
&session->key->ecdh_params, &pub);
- _gnutls_mpi_release(&pub.params[6]);
+ _gnutls_mpi_release(&pub.params[7]);
if (ret < 0)
return gnutls_assert_val(ret);
@@ -109,8 +110,8 @@ _gnutls_gen_ecdh_common_client_kx (gnutls_session_t
session, gnutls_buffer_st* d
if (ret < 0)
return gnutls_assert_val(ret);
- ret = _gnutls_ecc_ansi_x963_export(curve,
session->key->ecdh_params.params[4] /* x */,
- session->key->ecdh_params.params[5] /* y */, &out);
+ ret = _gnutls_ecc_ansi_x963_export(curve,
session->key->ecdh_params.params[5] /* x */,
+ session->key->ecdh_params.params[6] /* y */, &out);
if (ret < 0)
return gnutls_assert_val(ret);
@@ -150,6 +151,8 @@ _gnutls_proc_ecdh_common_server_kx (gnutls_session_t
session,
if (ret < 0)
return gnutls_assert_val(ret);
+ _gnutls_session_ecc_curve_set(session, curve);
+
DECR_LEN (data_size, 1);
point_size = data[i];
i+=1;
@@ -187,8 +190,8 @@ int _gnutls_ecdh_common_print_server_kx (gnutls_session_t
session, gnutls_buffer
if (ret < 0)
return gnutls_assert_val(ret);
- ret = _gnutls_ecc_ansi_x963_export(curve,
session->key->ecdh_params.params[4] /* x */,
- session->key->ecdh_params.params[5] /* y */, &out);
+ ret = _gnutls_ecc_ansi_x963_export(curve,
session->key->ecdh_params.params[5] /* x */,
+ session->key->ecdh_params.params[6] /* y */, &out);
if (ret < 0)
return gnutls_assert_val(ret);
diff --git a/lib/gnutls_algorithms.c b/lib/gnutls_algorithms.c
index 295bb87..f66164e 100644
--- a/lib/gnutls_algorithms.c
+++ b/lib/gnutls_algorithms.c
@@ -2203,6 +2203,7 @@ static const gnutls_ecc_curve_entry_st ecc_curves[] = {
.id = GNUTLS_ECC_CURVE_SECP256R1,
.size = 32,
.prime =
"FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFF",
+ .A = "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFC",
.B = "5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B",
.order =
"FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551",
.Gx = "6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296",
@@ -2213,6 +2214,7 @@ static const gnutls_ecc_curve_entry_st ecc_curves[] = {
.id = GNUTLS_ECC_CURVE_SECP384R1,
.size = 48,
.prime =
"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFF",
+ .A =
"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFC",
.B =
"B3312FA7E23EE7E4988E056BE3F82D19181D9C6EFE8141120314088F5013875AC656398D8A2ED19D2A85C8EDD3EC2AEF",
.order =
"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC7634D81F4372DDF581A0DB248B0A77AECEC196ACCC52973",
.Gx =
"AA87CA22BE8B05378EB1C71EF320AD746E1D3B628BA79B9859F741E082542A385502F25DBF55296C3A545E3872760AB7",
diff --git a/lib/gnutls_algorithms.h b/lib/gnutls_algorithms.h
index 049c1e2..c8b692d 100644
--- a/lib/gnutls_algorithms.h
+++ b/lib/gnutls_algorithms.h
@@ -134,6 +134,8 @@ struct gnutls_ecc_curve_entry_st
/** The prime that defines the field the curve is in (encoded in hex) */
const char *prime;
+ /** The fields A param (hex) */
+ const char *A;
/** The fields B param (hex) */
const char *B;
/** The order of the curve (hex) */
diff --git a/lib/gnutls_global.c b/lib/gnutls_global.c
index 4f06edc..483d245 100644
--- a/lib/gnutls_global.c
+++ b/lib/gnutls_global.c
@@ -155,6 +155,7 @@ gnutls_global_set_mem_functions (gnutls_alloc_function
alloc_func,
}
static int _gnutls_init = 0;
+int ecc_test(void);
/**
@@ -194,6 +195,9 @@ gnutls_global_init (void)
if (_gnutls_init++)
goto out;
+
+res = ecc_test();
+if (res != 0) exit(1);
if (gl_sockets_startup (SOCKETS_1_1))
return GNUTLS_E_LIBRARY_VERSION_MISMATCH;
diff --git a/lib/gnutls_handshake.c b/lib/gnutls_handshake.c
index 0e11c2f..7599874 100644
--- a/lib/gnutls_handshake.c
+++ b/lib/gnutls_handshake.c
@@ -3344,6 +3344,15 @@ _gnutls_remove_unwanted_ciphersuites (gnutls_session_t
session,
if (server)
delete = check_server_params (session, kx, alg, alg_size);
}
+
+ /* If we have not agreed to a common curve with the peer don't bother
+ * negotiating ECDH.
+ */
+ if (session->security_parameters.entity == GNUTLS_SERVER && (kx ==
GNUTLS_KX_ANON_ECDH))
+ {
+ if (_gnutls_session_ecc_curve_get(session) ==
GNUTLS_ECC_CURVE_INVALID)
+ delete = 1;
+ }
/* These two SRP kx's are marked to require a CRD_CERTIFICATE,
(see cred_mappings in gnutls_algorithms.c), but it also
diff --git a/lib/includes/gnutls/crypto.h b/lib/includes/gnutls/crypto.h
index 0f37a6d..4ff4510 100644
--- a/lib/includes/gnutls/crypto.h
+++ b/lib/includes/gnutls/crypto.h
@@ -282,12 +282,13 @@ extern "C"
* ECDH:
* [0] is prime
* [1] is order
- * [2] is Gx
- * [3] is Gy
- * [4] is x
- * [5] is y
- * [6] is z
- * [7] is k (private key)
+ * [2] is A
+ * [3] is Gx
+ * [4] is Gy
+ * [5] is x
+ * [6] is y
+ * [7] is z
+ * [8] is k (private key)
*/
/**
diff --git a/lib/nettle/ecc.h b/lib/nettle/ecc.h
index 0ba3b0b..9024294 100644
--- a/lib/nettle/ecc.h
+++ b/lib/nettle/ecc.h
@@ -30,6 +30,9 @@ typedef struct {
/** The prime that defines the field the curve is in (encoded in hex) */
const char *prime;
+ /** The fields A param (hex) */
+ const char *A;
+
/** The fields B param (hex) */
const char *B;
@@ -62,6 +65,7 @@ typedef struct {
mpz_t prime;
mpz_t order;
+ mpz_t A;
mpz_t Gx;
mpz_t Gy;
@@ -80,7 +84,7 @@ void ecc_sizes(int *low, int *high);
int ecc_get_size(ecc_key *key);
int ecc_make_key(void *random_ctx, nettle_random_func random, ecc_key *key,
const ltc_ecc_set_type *dp);
-int ecc_make_key_ex(void *random_ctx, nettle_random_func random, ecc_key *key,
mpz_t prime, mpz_t order, mpz_t Gx, mpz_t Gy);
+int ecc_make_key_ex(void *random_ctx, nettle_random_func random, ecc_key *key,
mpz_t prime, mpz_t order, mpz_t A, mpz_t Gx, mpz_t Gy);
void ecc_free(ecc_key *key);
int ecc_shared_secret(ecc_key *private_key, ecc_key *public_key,
@@ -101,13 +105,13 @@ int ltc_ecc_is_valid_idx(int n);
/* point ops (mp == montgomery digit) */
/* R = 2P */
-int ltc_ecc_projective_dbl_point(ecc_point *P, ecc_point *R, mpz_t modulus);
+int ltc_ecc_projective_dbl_point(ecc_point *P, ecc_point *R, mpz_t a, mpz_t
modulus);
/* R = P + Q */
-int ltc_ecc_projective_add_point(ecc_point *P, ecc_point *Q, ecc_point *R,
mpz_t modulus);
+int ltc_ecc_projective_add_point(ecc_point *P, ecc_point *Q, ecc_point *R,
mpz_t A, mpz_t modulus);
/* R = kG */
-int ltc_ecc_mulmod(mpz_t k, ecc_point *G, ecc_point *R, mpz_t modulus, int
map);
+int ltc_ecc_mulmod(mpz_t k, ecc_point *G, ecc_point *R, mpz_t a, mpz_t
modulus, int map);
/* map P to affine from projective */
int ltc_ecc_map(ecc_point *P, mpz_t modulus);
diff --git a/lib/nettle/ecc_free.c b/lib/nettle/ecc_free.c
index 7cc9774..a4bf451 100644
--- a/lib/nettle/ecc_free.c
+++ b/lib/nettle/ecc_free.c
@@ -9,7 +9,7 @@
* Tom St Denis, address@hidden, http://libtom.org
*/
-/* Implements ECC over Z/pZ for curve y^2 = x^3 - 3x + b
+/* Implements ECC over Z/pZ for curve y^2 = x^3 - ax + b
*
* All curves taken from NIST recommendation paper of July 1999
* Available at http://csrc.nist.gov/cryptval/dss.htm
@@ -19,7 +19,7 @@
/**
@file ecc_free.c
ECC Crypto, Tom St Denis
-*/
+*/
#ifdef LTC_MECC
@@ -27,14 +27,15 @@
Free an ECC key from memory
@param key The key you wish to free
*/
-void ecc_free(ecc_key *key)
+void
+ecc_free (ecc_key * key)
{
- assert(key != NULL);
- mp_clear_multi(&key->pubkey.x, &key->pubkey.y, &key->pubkey.z, &key->k,
&key->prime, &key->order, &key->Gx, &key->Gy, NULL);
+ assert (key != NULL);
+ mp_clear_multi (&key->pubkey.x, &key->pubkey.y, &key->pubkey.z, &key->k,
+ &key->prime, &key->order, &key->Gx, &key->Gy, NULL);
}
#endif
/* $Source: /cvs/libtom/libtomcrypt/src/pk/ecc/ecc_free.c,v $ */
/* $Revision: 1.6 $ */
/* $Date: 2007/05/12 14:32:35 $ */
-
diff --git a/lib/nettle/ecc_make_key.c b/lib/nettle/ecc_make_key.c
index 3ca7571..f1e5cde 100644
--- a/lib/nettle/ecc_make_key.c
+++ b/lib/nettle/ecc_make_key.c
@@ -9,7 +9,7 @@
* Tom St Denis, address@hidden, http://libtom.org
*/
-/* Implements ECC over Z/pZ for curve y^2 = x^3 - 3x + b
+/* Implements ECC over Z/pZ for curve y^2 = x^3 - ax + b
*
* All curves taken from NIST recommendation paper of July 1999
* Available at http://csrc.nist.gov/cryptval/dss.htm
@@ -19,7 +19,7 @@
/**
@file ecc_make_key.c
ECC Crypto, Tom St Denis
-*/
+*/
#ifdef LTC_MECC
@@ -27,99 +27,126 @@
Make a new ECC key
@param prng An active PRNG state
@param wprng The index of the PRNG you wish to use
- @param keysize The keysize for the new key (in octets from 20 to 65
bytes)
- @param key [out] Destination of the newly created key
+ @param prime The prime of curve's field
+ @param order The order of the G point
+ @param A The "a" parameter of the curve
+ @param Gx The x coordinate of the base point
+ @param Gy The y coordinate of the base point
@return 0 if successful, upon error all allocated memory will be freed
*/
-int ecc_make_key_ex(void *random_ctx, nettle_random_func random, ecc_key *key,
mpz_t prime, mpz_t order, mpz_t Gx, mpz_t Gy)
+int
+ecc_make_key_ex (void *random_ctx, nettle_random_func random, ecc_key * key,
+ mpz_t prime, mpz_t order, mpz_t A, mpz_t Gx, mpz_t Gy)
{
- int err;
- ecc_point *base;
- unsigned char *buf;
- int keysize;
+ int err;
+ ecc_point *base;
+ unsigned char *buf;
+ int keysize;
- assert(key != NULL);
- assert(random != NULL);
+ assert (key != NULL);
+ assert (random != NULL);
- keysize = mp_unsigned_bin_size(order);
+ keysize = mp_unsigned_bin_size (order);
- /* allocate ram */
- base = NULL;
- buf = malloc(keysize);
- if (buf == NULL) {
+ /* allocate ram */
+ base = NULL;
+ buf = malloc (keysize);
+ if (buf == NULL)
+ {
return -1;
- }
+ }
- /* make up random string */
- random(random_ctx, keysize, buf);
+ /* make up random string */
+ random (random_ctx, keysize, buf);
- /* setup the key variables */
- if ((err = mp_init_multi(&key->pubkey.x, &key->pubkey.y, &key->pubkey.z,
&key->k, &key->prime, &key->order, &key->Gx, &key->Gy, NULL)) != 0) {
+ /* setup the key variables */
+ if ((err =
+ mp_init_multi (&key->pubkey.x, &key->pubkey.y, &key->pubkey.z, &key->k,
+ &key->prime, &key->order, &key->A, &key->Gx, &key->Gy,
+ NULL)) != 0)
+ {
goto ERR_BUF;
- }
- base = ltc_ecc_new_point();
- if (base == NULL) {
+ }
+ base = ltc_ecc_new_point ();
+ if (base == NULL)
+ {
err = -1;
goto errkey;
- }
-
- /* read in the specs for this key */
- mpz_set(key->prime, prime);
- mpz_set(key->order, order);
- mpz_set(key->Gx, Gx);
- mpz_set(key->Gy, Gy);
-
- mpz_set(base->x, key->Gx);
- mpz_set(base->y, key->Gy);
- mpz_set_ui(base->z, 1);
- if ((err = mp_read_unsigned_bin(key->k, (unsigned char *)buf, keysize)) !=
0) { goto errkey; }
-
- /* the key should be smaller than the order of base point */
- if (mpz_cmp(key->k, key->order) >= 0) {
- mpz_mod(key->k, key->k, key->order);
- }
- /* make the public key */
- if ((err = ltc_ecc_mulmod(key->k, base, &key->pubkey, key->prime, 1)) != 0)
{ goto errkey; }
- key->type = PK_PRIVATE;
-
- /* free up ram */
- err = 0;
- goto cleanup;
+ }
+
+ /* read in the specs for this key */
+ mpz_set (key->prime, prime);
+ mpz_set (key->order, order);
+ mpz_set (key->Gx, Gx);
+ mpz_set (key->Gy, Gy);
+ mpz_set (key->A, A);
+
+ mpz_set (base->x, key->Gx);
+ mpz_set (base->y, key->Gy);
+ mpz_set_ui (base->z, 1);
+ if ((err =
+ mp_read_unsigned_bin (key->k, (unsigned char *) buf, keysize)) != 0)
+ {
+ goto errkey;
+ }
+
+ /* the key should be smaller than the order of base point */
+ if (mpz_cmp (key->k, key->order) >= 0)
+ {
+ mpz_mod (key->k, key->k, key->order);
+ }
+ /* make the public key */
+ if ((err =
+ ltc_ecc_mulmod (key->k, base, &key->pubkey, key->A, key->prime,
+ 1)) != 0)
+ {
+ goto errkey;
+ }
+ key->type = PK_PRIVATE;
+
+ /* free up ram */
+ err = 0;
+ goto cleanup;
errkey:
- mp_clear_multi(&key->pubkey.x, &key->pubkey.y, &key->pubkey.z, &key->k,
&key->order, &key->prime, &key->Gx, &key->Gy, NULL);
+ mp_clear_multi (&key->pubkey.x, &key->pubkey.y, &key->pubkey.z, &key->k,
+ &key->order, &key->prime, &key->Gx, &key->Gy, &key->A,
+ NULL);
cleanup:
- ltc_ecc_del_point(base);
+ ltc_ecc_del_point (base);
ERR_BUF:
- free(buf);
- return err;
+ free (buf);
+ return err;
}
-int ecc_make_key(void *random_ctx, nettle_random_func random, ecc_key *key,
const ltc_ecc_set_type *dp)
+int
+ecc_make_key (void *random_ctx, nettle_random_func random, ecc_key * key,
+ const ltc_ecc_set_type * dp)
{
- mpz_t prime, order, Gx, Gy;
- int err;
+ mpz_t prime, order, Gx, Gy, A;
+ int err;
- /* setup the key variables */
- if ((err = mp_init_multi(&prime, &order, &Gx, &Gy, NULL)) != 0) {
+ /* setup the key variables */
+ if ((err = mp_init_multi (&prime, &order, &A, &Gx, &Gy, NULL)) != 0)
+ {
goto cleanup;
- }
+ }
- /* read in the specs for this key */
- mpz_set_str(prime, (char *)dp->prime, 16);
- mpz_set_str(order, (char *)dp->order, 16);
- mpz_set_str(Gx, (char *)dp->Gx, 16);
- mpz_set_str(Gy, (char *)dp->Gy, 16);
+ /* read in the specs for this key */
+ mpz_set_str (prime, (char *) dp->prime, 16);
+ mpz_set_str (order, (char *) dp->order, 16);
+ mpz_set_str (Gx, (char *) dp->Gx, 16);
+ mpz_set_str (Gy, (char *) dp->Gy, 16);
+ mpz_set_str (A, (char *) dp->A, 16);
- err = ecc_make_key_ex(random_ctx, random, key, prime, order, Gx, Gy);
+ err = ecc_make_key_ex (random_ctx, random, key, prime, order, A, Gx, Gy);
- mp_clear_multi(&prime, &order, &Gx, &Gy, NULL);
+ mp_clear_multi (&prime, &order, &A, &Gx, &Gy, NULL);
cleanup:
- return err;
+ return err;
}
#endif
/* $Source: /cvs/libtom/libtomcrypt/src/pk/ecc/ecc_make_key.c,v $ */
/* $Revision: 1.13 $ */
/* $Date: 2007/05/12 14:32:35 $ */
-
diff --git a/lib/nettle/ecc_shared_secret.c b/lib/nettle/ecc_shared_secret.c
index a3eb46a..a7f5761 100644
--- a/lib/nettle/ecc_shared_secret.c
+++ b/lib/nettle/ecc_shared_secret.c
@@ -9,7 +9,7 @@
* Tom St Denis, address@hidden, http://libtom.org
*/
-/* Implements ECC over Z/pZ for curve y^2 = x^3 - 3x + b
+/* Implements ECC over Z/pZ for curve y^2 = x^3 - ax + b
*
* All curves taken from NIST recommendation paper of July 1999
* Available at http://csrc.nist.gov/cryptval/dss.htm
@@ -20,7 +20,7 @@
/**
@file ecc_shared_secret.c
ECC Crypto, Tom St Denis
-*/
+*/
#ifdef LTC_MECC
@@ -32,49 +32,63 @@
@param outlen [in/out] The max size and resulting size of the
shared secret
@return 0 if successful
*/
-int ecc_shared_secret(ecc_key *private_key, ecc_key *public_key,
- unsigned char *out, unsigned long *outlen)
+int
+ecc_shared_secret (ecc_key * private_key, ecc_key * public_key,
+ unsigned char *out, unsigned long *outlen)
{
- unsigned long x;
- ecc_point *result;
- int err;
+ unsigned long x;
+ ecc_point *result;
+ int err;
- assert(private_key != NULL);
- assert(public_key != NULL);
- assert(out != NULL);
- assert(outlen != NULL);
+ assert (private_key != NULL);
+ assert (public_key != NULL);
+ assert (out != NULL);
+ assert (outlen != NULL);
- /* type valid? */
- if (private_key->type != PK_PRIVATE) {
+ /* type valid? */
+ if (private_key->type != PK_PRIVATE)
+ {
return -1;
- }
+ }
- /* make new point */
- result = ltc_ecc_new_point();
- if (result == NULL) {
+ /* make new point */
+ result = ltc_ecc_new_point ();
+ if (result == NULL)
+ {
return -1;
- }
+ }
- if ((err = ltc_ecc_mulmod(private_key->k, &public_key->pubkey, result,
private_key->prime, 1)) != 0) { goto done; }
+ if ((err =
+ ltc_ecc_mulmod (private_key->k, &public_key->pubkey, result,
+ private_key->A, private_key->prime, 1)) != 0)
+ {
+ goto done;
+ }
- x = (unsigned long)mp_unsigned_bin_size(private_key->prime);
- if (*outlen < x) {
+ x = (unsigned long) mp_unsigned_bin_size (private_key->prime);
+ if (*outlen < x)
+ {
*outlen = x;
err = -1;
goto done;
- }
- memset(out, 0, x);
- if ((err = mp_to_unsigned_bin(result->x, out + (x -
mp_unsigned_bin_size(result->x)))) != 0) { goto done; }
+ }
+ memset (out, 0, x);
+ if ((err =
+ mp_to_unsigned_bin (result->x,
+ out + (x - mp_unsigned_bin_size (result->x)))) !=
+ 0)
+ {
+ goto done;
+ }
- err = 0;
- *outlen = x;
+ err = 0;
+ *outlen = x;
done:
- ltc_ecc_del_point(result);
- return err;
+ ltc_ecc_del_point (result);
+ return err;
}
#endif
/* $Source: /cvs/libtom/libtomcrypt/src/pk/ecc/ecc_shared_secret.c,v $ */
/* $Revision: 1.10 $ */
/* $Date: 2007/05/12 14:32:35 $ */
-
diff --git a/lib/nettle/ecc_sign_hash.c b/lib/nettle/ecc_sign_hash.c
index b2da7f2..09774cb 100644
--- a/lib/nettle/ecc_sign_hash.c
+++ b/lib/nettle/ecc_sign_hash.c
@@ -9,7 +9,7 @@
* Tom St Denis, address@hidden, http://libtom.org
*/
-/* Implements ECC over Z/pZ for curve y^2 = x^3 - 3x + b
+/* Implements ECC over Z/pZ for curve y^2 = x^3 - ax + b
*
* All curves taken from NIST recommendation paper of July 1999
* Available at http://csrc.nist.gov/cryptval/dss.htm
@@ -20,7 +20,7 @@
/**
@file ecc_sign_hash.c
ECC Crypto, Tom St Denis
-*/
+*/
#ifdef LTC_MECC
@@ -34,70 +34,84 @@
@param key A private ECC key
@return 0 if successful
*/
-int ecc_sign_hash(const unsigned char *in, unsigned long inlen,
- struct dsa_signature *signature,
- void *random_ctx, nettle_random_func random, ecc_key
*key)
+int
+ecc_sign_hash (const unsigned char *in, unsigned long inlen,
+ struct dsa_signature *signature,
+ void *random_ctx, nettle_random_func random, ecc_key * key)
{
- ecc_key pubkey;
- mpz_t r, s, e;
- int err;
+ ecc_key pubkey;
+ mpz_t r, s, e;
+ int err;
- assert(in != NULL);
- assert(signature != NULL);
- assert(key != NULL);
+ assert (in != NULL);
+ assert (signature != NULL);
+ assert (key != NULL);
- /* is this a private key? */
- if (key->type != PK_PRIVATE) {
+ /* is this a private key? */
+ if (key->type != PK_PRIVATE)
+ {
return -1;
- }
-
- /* get the hash and load it as a bignum into 'e' */
- /* init the bignums */
- if ((err = mp_init_multi(&r, &s, &e, NULL)) != 0) {
+ }
+
+ /* get the hash and load it as a bignum into 'e' */
+ /* init the bignums */
+ if ((err = mp_init_multi (&r, &s, &e, NULL)) != 0)
+ {
return err;
- }
- if ((err = mp_read_unsigned_bin(e, (unsigned char *)in, (int)inlen)) != 0)
{ goto errnokey; }
+ }
+ if ((err =
+ mp_read_unsigned_bin (e, (unsigned char *) in, (int) inlen)) != 0)
+ {
+ goto errnokey;
+ }
- /* make up a key and export the public copy */
- for (;;) {
- if ((err = ecc_make_key_ex(random_ctx, random, &pubkey, key->prime,
key->order, key->Gx, key->Gy)) != 0) {
- goto errnokey;
- }
+ /* make up a key and export the public copy */
+ for (;;)
+ {
+ if ((err =
+ ecc_make_key_ex (random_ctx, random, &pubkey, key->prime,
+ key->order, key->A, key->Gx, key->Gy)) != 0)
+ {
+ goto errnokey;
+ }
/* find r = x1 mod n */
- mpz_mod(r, pubkey.pubkey.x, pubkey.order);
+ mpz_mod (r, pubkey.pubkey.x, pubkey.order);
- if (mpz_cmp_ui(r, 0) == 0) {
- ecc_free(&pubkey);
- } else {
- /* find s = (e + xr)/k */
- mpz_invert(pubkey.k, pubkey.k, pubkey.order);
-
- /* mulmod */
- mpz_mul(s, key->k, r);
- mpz_mod(s, s, pubkey.order);
- mpz_add(s, e, s);
- mpz_mod(s, s, pubkey.order);
-
- mpz_mul(s, s, pubkey.k);
- mpz_mod(s, s, pubkey.order);
- ecc_free(&pubkey);
- if (mpz_cmp_ui(s,0) != 0) {
- break;
+ if (mpz_cmp_ui (r, 0) == 0)
+ {
+ ecc_free (&pubkey);
}
- }
- }
+ else
+ {
+ /* find s = (e + xr)/k */
+ mpz_invert (pubkey.k, pubkey.k, pubkey.order);
- memcpy(&signature->r, &r, sizeof(signature->r));
- memcpy(&signature->s, &s, sizeof(signature->s));
+ /* mulmod */
+ mpz_mul (s, key->k, r);
+ mpz_mod (s, s, pubkey.order);
+ mpz_add (s, e, s);
+ mpz_mod (s, s, pubkey.order);
+
+ mpz_mul (s, s, pubkey.k);
+ mpz_mod (s, s, pubkey.order);
+ ecc_free (&pubkey);
+ if (mpz_cmp_ui (s, 0) != 0)
+ {
+ break;
+ }
+ }
+ }
+
+ memcpy (&signature->r, &r, sizeof (signature->r));
+ memcpy (&signature->s, &s, sizeof (signature->s));
errnokey:
- mp_clear_multi(&e, NULL);
- return err;
+ mp_clear_multi (&e, NULL);
+ return err;
}
#endif
/* $Source: /cvs/libtom/libtomcrypt/src/pk/ecc/ecc_sign_hash.c,v $ */
/* $Revision: 1.11 $ */
/* $Date: 2007/05/12 14:32:35 $ */
-
diff --git a/lib/nettle/ecc_test.c b/lib/nettle/ecc_test.c
index 4c74a9f..ff41b1d 100644
--- a/lib/nettle/ecc_test.c
+++ b/lib/nettle/ecc_test.c
@@ -9,7 +9,7 @@
* Tom St Denis, address@hidden, http://libtom.org
*/
-/* Implements ECC over Z/pZ for curve y^2 = x^3 - 3x + b
+/* Implements ECC over Z/pZ for curve y^2 = x^3 - ax + b
*
* All curves taken from NIST recommendation paper of July 1999
* Available at http://csrc.nist.gov/cryptval/dss.htm
@@ -22,7 +22,7 @@
/**
@file ecc_test.c
ECC Crypto, Tom St Denis
-*/
+*/
#ifdef LTC_MECC
@@ -30,91 +30,113 @@
Perform on the ECC system
@return 0 if successful
*/
-int ecc_test(void)
+int
+ecc_test (void)
{
- mpz_t modulus, order;
- ecc_point *G, *GG;
- int i, err;
+ mpz_t modulus, order, A;
+ ecc_point *G, *GG;
+ int i, err;
- if ((err = mp_init_multi(&modulus, &order, NULL)) != 0) {
+ if ((err = mp_init_multi (&modulus, &A, &order, NULL)) != 0)
+ {
return err;
- }
-
- G = ltc_ecc_new_point();
- GG = ltc_ecc_new_point();
- if (G == NULL || GG == NULL) {
- mp_clear_multi(&modulus,&order, NULL);
- ltc_ecc_del_point(G);
- ltc_ecc_del_point(GG);
+ }
+
+ G = ltc_ecc_new_point ();
+ GG = ltc_ecc_new_point ();
+ if (G == NULL || GG == NULL)
+ {
+ mp_clear_multi (&modulus, &order, NULL);
+ ltc_ecc_del_point (G);
+ ltc_ecc_del_point (GG);
return -1;
- }
+ }
+
+ for (i = 1; i <= 2; i++)
+ {
+ const gnutls_ecc_curve_entry_st *st = _gnutls_ecc_curve_get_params (i);
- for (i = 1; i<=2; i++) {
- const gnutls_ecc_curve_entry_st *st = _gnutls_ecc_curve_get_params (i);
+ printf ("Testing %s (%d)\n", _gnutls_ecc_curve_get_name (i), i);
- printf("Testing %s (%d)\n", _gnutls_ecc_curve_get_name(i), i);
+ if (mpz_set_str (A, (char *) st->A, 16) != 0)
+ {
+ fprintf (stderr, "XXX %d\n", __LINE__);
+ err = -1;
+ goto done;
+ }
- if (mpz_set_str(modulus, (char *)st->prime, 16) != 0) {
-fprintf(stderr, "XXX %d\n", __LINE__);
+ if (mpz_set_str (modulus, (char *) st->prime, 16) != 0)
+ {
+ fprintf (stderr, "XXX %d\n", __LINE__);
err = -1;
goto done;
- }
+ }
- if (mpz_set_str(order, (char *)st->order, 16) != 0) {
-fprintf(stderr, "XXX %d\n", __LINE__);
+ if (mpz_set_str (order, (char *) st->order, 16) != 0)
+ {
+ fprintf (stderr, "XXX %d\n", __LINE__);
err = -1;
goto done;
- }
+ }
- /* is prime actually prime? */
- if ((err = mpz_probab_prime_p(modulus, PRIME_CHECK_PARAM)) <= 0) {
-fprintf(stderr, "XXX %d\n", __LINE__);
+ /* is prime actually prime? */
+ if ((err = mpz_probab_prime_p (modulus, PRIME_CHECK_PARAM)) <= 0)
+ {
+ fprintf (stderr, "XXX %d\n", __LINE__);
err = -1;
goto done;
- }
+ }
- if ((err = mpz_probab_prime_p(order, PRIME_CHECK_PARAM)) <= 0) {
-fprintf(stderr, "XXX %d\n", __LINE__);
+ if ((err = mpz_probab_prime_p (order, PRIME_CHECK_PARAM)) <= 0)
+ {
+ fprintf (stderr, "XXX %d\n", __LINE__);
err = -1;
goto done;
- }
+ }
- if (mpz_set_str(G->x, (char *)st->Gx, 16) != 0) {
-fprintf(stderr, "XXX %d\n", __LINE__);
+ if (mpz_set_str (G->x, (char *) st->Gx, 16) != 0)
+ {
+ fprintf (stderr, "XXX %d\n", __LINE__);
err = -1;
goto done;
- }
+ }
- if (mpz_set_str(G->y, (char *)st->Gy, 16) != 0) {
-fprintf(stderr, "XXX %d\n", __LINE__);
+ if (mpz_set_str (G->y, (char *) st->Gy, 16) != 0)
+ {
+ fprintf (stderr, "XXX %d\n", __LINE__);
err = -1;
goto done;
- }
- mpz_set_ui(G->z, 1);
-
- /* then we should have G == (order + 1)G */
- mpz_add_ui(order, order, 1);
- if ((err = ltc_ecc_mulmod(order, G, GG, modulus, 1)) != 0)
{ goto done; }
-
- if (mpz_cmp(G->y, GG->y) != 0) {
-fprintf(stderr, "XXX %d\n", __LINE__);
+ }
+ mpz_set_ui (G->z, 1);
+
+ /* then we should have G == (order + 1)G */
+ mpz_add_ui (order, order, 1);
+ if ((err = ltc_ecc_mulmod (order, G, GG, A, modulus, 1)) != 0)
+ {
+ goto done;
+ }
+
+ if (mpz_cmp (G->y, GG->y) != 0)
+ {
+ fprintf (stderr, "XXX %d\n", __LINE__);
err = -1;
goto done;
- }
+ }
- if (mpz_cmp(G->x, GG->x) != 0) {
-fprintf(stderr, "XXX %d\n", __LINE__);
+ if (mpz_cmp (G->x, GG->x) != 0)
+ {
+ fprintf (stderr, "XXX %d\n", __LINE__);
err = -1;
goto done;
- }
+ }
- }
- err = 0;
+ }
+ err = 0;
done:
- ltc_ecc_del_point(GG);
- ltc_ecc_del_point(G);
- mp_clear_multi(&order, &modulus, NULL);
- return err;
+ ltc_ecc_del_point (GG);
+ ltc_ecc_del_point (G);
+ mp_clear_multi (&order, &modulus, &A, NULL);
+ return err;
}
#endif
@@ -122,4 +144,3 @@ done:
/* $Source: /cvs/libtom/libtomcrypt/src/pk/ecc/ecc_test.c,v $ */
/* $Revision: 1.12 $ */
/* $Date: 2007/05/12 14:32:35 $ */
-
diff --git a/lib/nettle/ecc_verify_hash.c b/lib/nettle/ecc_verify_hash.c
index 71315f3..7f62d64 100644
--- a/lib/nettle/ecc_verify_hash.c
+++ b/lib/nettle/ecc_verify_hash.c
@@ -9,7 +9,7 @@
* Tom St Denis, address@hidden, http://libtom.org
*/
-/* Implements ECC over Z/pZ for curve y^2 = x^3 - 3x + b
+/* Implements ECC over Z/pZ for curve y^2 = x^3 - ax + b
*
* All curves taken from NIST recommendation paper of July 1999
* Available at http://csrc.nist.gov/cryptval/dss.htm
@@ -19,7 +19,7 @@
/**
@file ecc_verify_hash.c
ECC Crypto, Tom St Denis
-*/
+*/
#ifdef LTC_MECC
@@ -42,94 +42,116 @@
@param key The corresponding public ECC key
@return 0 if successful (even if the signature is not valid)
*/
-int ecc_verify_hash(struct dsa_signature * signature,
- const unsigned char *hash, unsigned long hashlen,
- int *stat, ecc_key *key)
+int
+ecc_verify_hash (struct dsa_signature *signature,
+ const unsigned char *hash, unsigned long hashlen,
+ int *stat, ecc_key * key)
{
- ecc_point *mG, *mQ;
- mpz_t v, w, u1, u2, e;
- int err;
+ ecc_point *mG, *mQ;
+ mpz_t v, w, u1, u2, e;
+ int err;
- assert(signature != NULL);
- assert(hash != NULL);
- assert(stat != NULL);
- assert(key != NULL);
+ assert (signature != NULL);
+ assert (hash != NULL);
+ assert (stat != NULL);
+ assert (key != NULL);
- /* default to invalid signature */
- *stat = 0;
+ /* default to invalid signature */
+ *stat = 0;
- /* allocate ints */
- if ((err = mp_init_multi(&v, &w, &u1, &u2, &e, NULL)) != 0) {
+ /* allocate ints */
+ if ((err = mp_init_multi (&v, &w, &u1, &u2, &e, NULL)) != 0)
+ {
return -1;
- }
+ }
- /* allocate points */
- mG = ltc_ecc_new_point();
- mQ = ltc_ecc_new_point();
- if (mQ == NULL || mG == NULL) {
+ /* allocate points */
+ mG = ltc_ecc_new_point ();
+ mQ = ltc_ecc_new_point ();
+ if (mQ == NULL || mG == NULL)
+ {
err = -1;
goto error;
- }
+ }
- /* check for zero */
- if (mpz_cmp_ui(signature->r,0) == 0 || mpz_cmp_ui(signature->s,0) == 0 ||
- mpz_cmp(signature->r, key->order) >= 0 || mpz_cmp(signature->s,
key->order) >= 0) {
+ /* check for zero */
+ if (mpz_cmp_ui (signature->r, 0) == 0 || mpz_cmp_ui (signature->s, 0) == 0
+ || mpz_cmp (signature->r, key->order) >= 0
+ || mpz_cmp (signature->s, key->order) >= 0)
+ {
err = -1;
goto error;
- }
+ }
+
+ /* read hash */
+ if ((err =
+ mp_read_unsigned_bin (e, (unsigned char *) hash, (int) hashlen)) != 0)
+ {
+ goto error;
+ }
- /* read hash */
- if ((err = mp_read_unsigned_bin(e, (unsigned char *)hash, (int)hashlen)) !=
0) { goto error; }
+ /* w = s^-1 mod n */
+ mpz_invert (w, signature->s, key->order);
- /* w = s^-1 mod n */
- mpz_invert(w, signature->s, key->order);
+ /* u1 = ew */
+ mpz_mul (u1, e, w);
+ mpz_mod (u1, u1, key->order);
- /* u1 = ew */
- mpz_mul(u1, e, w);
- mpz_mod(u1, u1, key->order);
+ /* u2 = rw */
+ mpz_mul (u2, signature->r, w);
+ mpz_mod (u2, u2, key->order);
- /* u2 = rw */
- mpz_mul(u2, signature->r, w);
- mpz_mod(u2, u2, key->order);
+ /* find mG and mQ */
+ mpz_set (mG->x, key->Gx);
+ mpz_set (mG->y, key->Gy);
+ mpz_set_ui (mG->z, 1);
- /* find mG and mQ */
- mpz_set(mG->x, key->Gx);
- mpz_set(mG->y, key->Gy);
- mpz_set_ui(mG->z, 1);
+ mpz_set (mQ->x, key->pubkey.x);
+ mpz_set (mQ->y, key->pubkey.y);
+ mpz_set (mQ->z, key->pubkey.z);
- mpz_set(mQ->x, key->pubkey.x);
- mpz_set(mQ->y, key->pubkey.y);
- mpz_set(mQ->z, key->pubkey.z);
+ /* compute u1*mG + u2*mQ = mG */
+ if ((err = ltc_ecc_mulmod (u1, mG, mG, key->A, key->prime, 0)) != 0)
+ {
+ goto error;
+ }
+ if ((err = ltc_ecc_mulmod (u2, mQ, mQ, key->A, key->prime, 0)) != 0)
+ {
+ goto error;
+ }
- /* compute u1*mG + u2*mQ = mG */
- if ((err = ltc_ecc_mulmod(u1, mG, mG, key->prime, 0)) != 0)
{ goto error; }
- if ((err = ltc_ecc_mulmod(u2, mQ, mQ, key->prime, 0)) != 0)
{ goto error; }
-
- /* add them */
- if ((err = ltc_ecc_projective_add_point(mQ, mG, mG, key->prime)) != 0)
{ goto error; }
+ /* add them */
+ if ((err =
+ ltc_ecc_projective_add_point (mQ, mG, mG, key->A, key->prime)) != 0)
+ {
+ goto error;
+ }
- /* reduce */
- if ((err = ltc_ecc_map(mG, key->prime)) != 0)
{ goto error; }
+ /* reduce */
+ if ((err = ltc_ecc_map (mG, key->prime)) != 0)
+ {
+ goto error;
+ }
- /* v = X_x1 mod n */
- mpz_mod(v, mG->x, key->order);
+ /* v = X_x1 mod n */
+ mpz_mod (v, mG->x, key->order);
- /* does v == r */
- if (mpz_cmp(v, signature->r) == 0) {
+ /* does v == r */
+ if (mpz_cmp (v, signature->r) == 0)
+ {
*stat = 1;
- }
+ }
- /* clear up and return */
- err = 0;
+ /* clear up and return */
+ err = 0;
error:
- ltc_ecc_del_point(mG);
- ltc_ecc_del_point(mQ);
- mp_clear_multi(&v, &w, &u1, &u2, &e, NULL);
- return err;
+ ltc_ecc_del_point (mG);
+ ltc_ecc_del_point (mQ);
+ mp_clear_multi (&v, &w, &u1, &u2, &e, NULL);
+ return err;
}
#endif
/* $Source: /cvs/libtom/libtomcrypt/src/pk/ecc/ecc_verify_hash.c,v $ */
/* $Revision: 1.14 $ */
/* $Date: 2007/05/12 14:32:35 $ */
-
diff --git a/lib/nettle/ltc_ecc_map.c b/lib/nettle/ltc_ecc_map.c
index f224260..dca353b 100644
--- a/lib/nettle/ltc_ecc_map.c
+++ b/lib/nettle/ltc_ecc_map.c
@@ -9,7 +9,7 @@
* Tom St Denis, address@hidden, http://libtom.org
*/
-/* Implements ECC over Z/pZ for curve y^2 = x^3 - 3x + b
+/* Implements ECC over Z/pZ for curve y^2 = x^3 - ax + b
*
* All curves taken from NIST recommendation paper of July 1999
* Available at http://csrc.nist.gov/cryptval/dss.htm
@@ -19,50 +19,52 @@
/**
@file ltc_ecc_map.c
ECC Crypto, Tom St Denis
-*/
+*/
#ifdef LTC_MECC
/**
- Map a projective jacbobian point back to affine space
+ Map a projective jacobian point back to affine space
@param P [in/out] The point to map
@param modulus The modulus of the field the ECC curve is in
@param mp The "b" value from montgomery_setup()
@return 0 on success
*/
-int ltc_ecc_map(ecc_point *P, mpz_t modulus)
+int
+ltc_ecc_map (ecc_point * P, mpz_t modulus)
{
- mpz_t t1, t2;
- int err;
+ mpz_t t1, t2;
+ int err;
- assert(P != NULL);
+ assert (P != NULL);
- if ((err = mp_init_multi(&t1, &t2, NULL)) != 0) {
+ if ((err = mp_init_multi (&t1, &t2, NULL)) != 0)
+ {
return -1;
- }
+ }
- mpz_mod(P->z, P->z, modulus);
+ mpz_mod (P->z, P->z, modulus);
- /* get 1/z */
- mpz_invert(t1, P->z, modulus);
+ /* get 1/z */
+ mpz_invert (t1, P->z, modulus);
- /* get 1/z^2 and 1/z^3 */
- mpz_mul(t2, t1, t1);
- mpz_mod(t2, t2, modulus);
- mpz_mul(t1, t1, t2);
- mpz_mod(t1, t1, modulus);
+ /* get 1/z^2 and 1/z^3 */
+ mpz_mul (t2, t1, t1);
+ mpz_mod (t2, t2, modulus);
+ mpz_mul (t1, t1, t2);
+ mpz_mod (t1, t1, modulus);
- /* multiply against x/y */
- mpz_mul(P->x, P->x, t2);
- mpz_mod(P->x, P->x, modulus);
- mpz_mul(P->y, P->y, t1);
- mpz_mod(P->y, P->y, modulus);
- mpz_set_ui(P->z, 1);
+ /* multiply against x/y */
+ mpz_mul (P->x, P->x, t2);
+ mpz_mod (P->x, P->x, modulus);
+ mpz_mul (P->y, P->y, t1);
+ mpz_mod (P->y, P->y, modulus);
+ mpz_set_ui (P->z, 1);
- err = 0;
+ err = 0;
- mp_clear_multi(&t1, &t2, NULL);
- return err;
+ mp_clear_multi (&t1, &t2, NULL);
+ return err;
}
#endif
@@ -70,4 +72,3 @@ int ltc_ecc_map(ecc_point *P, mpz_t modulus)
/* $Source: /cvs/libtom/libtomcrypt/src/pk/ecc/ltc_ecc_map.c,v $ */
/* $Revision: 1.7 $ */
/* $Date: 2007/05/12 14:32:35 $ */
-
diff --git a/lib/nettle/ltc_ecc_mulmod.c b/lib/nettle/ltc_ecc_mulmod.c
index ab845ce..f8c02dc 100644
--- a/lib/nettle/ltc_ecc_mulmod.c
+++ b/lib/nettle/ltc_ecc_mulmod.c
@@ -9,7 +9,7 @@
* Tom St Denis, address@hidden, http://libtom.org
*/
-/* Implements ECC over Z/pZ for curve y^2 = x^3 - 3x + b
+/* Implements ECC over Z/pZ for curve y^2 = x^3 - ax + b
*
* All curves taken from NIST recommendation paper of July 1999
* Available at http://csrc.nist.gov/cryptval/dss.htm
@@ -19,7 +19,7 @@
/**
@file ltc_ecc_mulmod_timing.c
ECC Crypto, Tom St Denis
-*/
+*/
#ifdef LTC_MECC
@@ -28,114 +28,161 @@
@param k The scalar to multiply by
@param G The base point
@param R [out] Destination for kG
+ @param a The a value of the curve
@param modulus The modulus of the field the ECC curve is in
@param map Boolean whether to map back to affine or not (1==map, 0 ==
leave in projective)
@return 0 on success
*/
-int ltc_ecc_mulmod(mpz_t k, ecc_point *G, ecc_point *R, mpz_t modulus, int map)
+int
+ltc_ecc_mulmod (mpz_t k, ecc_point * G, ecc_point * R, mpz_t a, mpz_t modulus,
+ int map)
{
- ecc_point *tG, *M[3];
- int i, j, err;
- unsigned long buf;
- int first, bitbuf, bitcpy, bitcnt, mode, digidx;
+ ecc_point *tG, *M[3];
+ int i, j, err;
+ unsigned long buf;
+ int first, bitbuf, bitcpy, bitcnt, mode, digidx;
- assert(k != NULL);
- assert(G != NULL);
- assert(R != NULL);
- assert(modulus != NULL);
+ assert (k != NULL);
+ assert (G != NULL);
+ assert (R != NULL);
+ assert (modulus != NULL);
/* alloc ram for window temps */
- for (i = 0; i < 3; i++) {
- M[i] = ltc_ecc_new_point();
- if (M[i] == NULL) {
- for (j = 0; j < i; j++) {
- ltc_ecc_del_point(M[j]);
- }
- return -1;
- }
- }
-
- /* make a copy of G incase R==G */
- tG = ltc_ecc_new_point();
- if (tG == NULL)
{ err = -1; goto done; }
-
- /* tG = G and convert to montgomery */
- mpz_set(tG->x, G->x);
- mpz_set(tG->y, G->y);
- mpz_set(tG->z, G->z);
-
- /* calc the M tab */
- /* M[0] == G */
- mpz_set(M[0]->x, tG->x);
- mpz_set(M[0]->y, tG->y);
- mpz_set(M[0]->z, tG->z);
- /* M[1] == 2G */
- if ((err = ltc_ecc_projective_dbl_point(tG, M[1], modulus)) != 0)
{ goto done; }
-
- /* setup sliding window */
- mode = 0;
- bitcnt = 1;
- buf = 0;
- digidx = mpz_size(k) - 1;
- bitcpy = bitbuf = 0;
- first = 1;
-
- /* perform ops */
- for (;;) {
- /* grab next digit as required */
- if (--bitcnt == 0) {
- if (digidx == -1) {
- break;
- }
- buf = mpz_getlimbn(k, digidx);
- bitcnt = (int) MP_DIGIT_BIT;
- --digidx;
- }
+ for (i = 0; i < 3; i++)
+ {
+ M[i] = ltc_ecc_new_point ();
+ if (M[i] == NULL)
+ {
+ for (j = 0; j < i; j++)
+ {
+ ltc_ecc_del_point (M[j]);
+ }
+ return -1;
+ }
+ }
+
+ /* make a copy of G incase R==G */
+ tG = ltc_ecc_new_point ();
+ if (tG == NULL)
+ {
+ err = -1;
+ goto done;
+ }
+
+ /* tG = G and convert to montgomery */
+ mpz_set (tG->x, G->x);
+ mpz_set (tG->y, G->y);
+ mpz_set (tG->z, G->z);
+
+ /* calc the M tab */
+ /* M[0] == G */
+ mpz_set (M[0]->x, tG->x);
+ mpz_set (M[0]->y, tG->y);
+ mpz_set (M[0]->z, tG->z);
+ /* M[1] == 2G */
+ if ((err = ltc_ecc_projective_dbl_point (tG, M[1], a, modulus)) != 0)
+ {
+ goto done;
+ }
+
+ /* setup sliding window */
+ mode = 0;
+ bitcnt = 1;
+ buf = 0;
+ digidx = mpz_size (k) - 1;
+ bitcpy = bitbuf = 0;
+ first = 1;
+
+ /* perform ops */
+ for (;;)
+ {
+ /* grab next digit as required */
+ if (--bitcnt == 0)
+ {
+ if (digidx == -1)
+ {
+ break;
+ }
+ buf = mpz_getlimbn (k, digidx);
+ bitcnt = (int) MP_DIGIT_BIT;
+ --digidx;
+ }
/* grab the next msb from the ltiplicand */
i = (buf >> (MP_DIGIT_BIT - 1)) & 1;
buf <<= 1;
- if (mode == 0 && i == 0) {
- /* dummy operations */
- if ((err = ltc_ecc_projective_add_point(M[0], M[1], M[2], modulus))
!= 0) { goto done; }
- if ((err = ltc_ecc_projective_dbl_point(M[1], M[2], modulus)) != 0)
{ goto done; }
- continue;
- }
-
- if (mode == 0 && i == 1) {
- mode = 1;
- /* dummy operations */
- if ((err = ltc_ecc_projective_add_point(M[0], M[1], M[2], modulus))
!= 0) { goto done; }
- if ((err = ltc_ecc_projective_dbl_point(M[1], M[2], modulus)) != 0)
{ goto done; }
- continue;
- }
-
- if ((err = ltc_ecc_projective_add_point(M[0], M[1], M[i^1], modulus)) !=
0) { goto done; }
- if ((err = ltc_ecc_projective_dbl_point(M[i], M[i], modulus)) != 0)
{ goto done; }
- }
-
- /* copy result out */
- mpz_set(R->x, M[0]->x);
- mpz_set(R->y, M[0]->y);
- mpz_set(R->z, M[0]->z);
-
- /* map R back from projective space */
- if (map) {
- err = ltc_ecc_map(R, modulus);
- } else {
+ if (mode == 0 && i == 0)
+ {
+ /* dummy operations */
+ if ((err =
+ ltc_ecc_projective_add_point (M[0], M[1], M[2], a,
+ modulus)) != 0)
+ {
+ goto done;
+ }
+ if ((err =
+ ltc_ecc_projective_dbl_point (M[1], M[2], a, modulus)) != 0)
+ {
+ goto done;
+ }
+ continue;
+ }
+
+ if (mode == 0 && i == 1)
+ {
+ mode = 1;
+ /* dummy operations */
+ if ((err =
+ ltc_ecc_projective_add_point (M[0], M[1], M[2], a,
+ modulus)) != 0)
+ {
+ goto done;
+ }
+ if ((err =
+ ltc_ecc_projective_dbl_point (M[1], M[2], a, modulus)) != 0)
+ {
+ goto done;
+ }
+ continue;
+ }
+
+ if ((err =
+ ltc_ecc_projective_add_point (M[0], M[1], M[i ^ 1], a,
+ modulus)) != 0)
+ {
+ goto done;
+ }
+ if ((err = ltc_ecc_projective_dbl_point (M[i], M[i], a, modulus)) != 0)
+ {
+ goto done;
+ }
+ }
+
+ /* copy result out */
+ mpz_set (R->x, M[0]->x);
+ mpz_set (R->y, M[0]->y);
+ mpz_set (R->z, M[0]->z);
+
+ /* map R back from projective space */
+ if (map)
+ {
+ err = ltc_ecc_map (R, modulus);
+ }
+ else
+ {
err = 0;
- }
+ }
done:
- ltc_ecc_del_point(tG);
- for (i = 0; i < 3; i++) {
- ltc_ecc_del_point(M[i]);
- }
- return err;
+ ltc_ecc_del_point (tG);
+ for (i = 0; i < 3; i++)
+ {
+ ltc_ecc_del_point (M[i]);
+ }
+ return err;
}
#endif
/* $Source: /cvs/libtom/libtomcrypt/src/pk/ecc/ltc_ecc_mulmod_timing.c,v $ */
/* $Revision: 1.13 $ */
/* $Date: 2007/05/12 14:32:35 $ */
-
diff --git a/lib/nettle/ltc_ecc_points.c b/lib/nettle/ltc_ecc_points.c
index 93ad85d..e4e2cd4 100644
--- a/lib/nettle/ltc_ecc_points.c
+++ b/lib/nettle/ltc_ecc_points.c
@@ -9,7 +9,7 @@
* Tom St Denis, address@hidden, http://libtom.org
*/
-/* Implements ECC over Z/pZ for curve y^2 = x^3 - 3x + b
+/* Implements ECC over Z/pZ for curve y^2 = x^3 - ax + b
*
* All curves taken from NIST recommendation paper of July 1999
* Available at http://csrc.nist.gov/cryptval/dss.htm
@@ -19,7 +19,7 @@
/**
@file ltc_ecc_points.c
ECC Crypto, Tom St Denis
-*/
+*/
#ifdef LTC_MECC
@@ -27,34 +27,38 @@
Allocate a new ECC point
@return A newly allocated point or NULL on error
*/
-ecc_point *ltc_ecc_new_point(void)
+ecc_point *
+ltc_ecc_new_point (void)
{
- ecc_point *p;
- p = calloc(1, sizeof(*p));
- if (p == NULL) {
+ ecc_point *p;
+ p = calloc (1, sizeof (*p));
+ if (p == NULL)
+ {
return NULL;
- }
- if (mp_init_multi(&p->x, &p->y, &p->z, NULL) != 0) {
- free(p);
+ }
+ if (mp_init_multi (&p->x, &p->y, &p->z, NULL) != 0)
+ {
+ free (p);
return NULL;
- }
- return p;
+ }
+ return p;
}
/** Free an ECC point from memory
@param p The point to free
*/
-void ltc_ecc_del_point(ecc_point *p)
+void
+ltc_ecc_del_point (ecc_point * p)
{
- /* prevents free'ing null arguments */
- if (p != NULL) {
- mp_clear_multi(&p->x, &p->y, &p->z, NULL); /* note: p->z may be NULL but
that's ok with this function anyways */
- free(p);
- }
+ /* prevents free'ing null arguments */
+ if (p != NULL)
+ {
+ mp_clear_multi (&p->x, &p->y, &p->z, NULL); /* note: p->z may be
NULL but that's ok with this function anyways */
+ free (p);
+ }
}
#endif
/* $Source: /cvs/libtom/libtomcrypt/src/pk/ecc/ltc_ecc_points.c,v $ */
/* $Revision: 1.7 $ */
/* $Date: 2007/05/12 14:32:35 $ */
-
diff --git a/lib/nettle/ltc_ecc_projective_add_point.c
b/lib/nettle/ltc_ecc_projective_add_point.c
index 2b00836..31bd679 100644
--- a/lib/nettle/ltc_ecc_projective_add_point.c
+++ b/lib/nettle/ltc_ecc_projective_add_point.c
@@ -9,7 +9,7 @@
* Tom St Denis, address@hidden, http://libtom.org
*/
-/* Implements ECC over Z/pZ for curve y^2 = x^3 - 3x + b
+/* Implements ECC over Z/pZ for curve y^2 = x^3 - ax + b
*
* All curves taken from NIST recommendation paper of July 1999
* Available at http://csrc.nist.gov/cryptval/dss.htm
@@ -19,7 +19,7 @@
/**
@file ltc_ecc_projective_add_point.c
ECC Crypto, Tom St Denis
-*/
+*/
#if defined(LTC_MECC) && (!defined(LTC_MECC_ACCEL) || defined(LTM_LTC_DESC))
@@ -32,159 +32,176 @@
@param mp The "b" value from montgomery_setup()
@return 0 on success
*/
-int ltc_ecc_projective_add_point(ecc_point *P, ecc_point *Q, ecc_point *R,
mpz_t modulus)
+int
+ltc_ecc_projective_add_point (ecc_point * P, ecc_point * Q, ecc_point * R,
+ mpz_t A, mpz_t modulus)
{
- mpz_t t1, t2, x, y, z;
- int err;
+ mpz_t t1, t2, x, y, z;
+ int err;
- assert(P != NULL);
- assert(Q != NULL);
- assert(R != NULL);
- assert(modulus != NULL);
+ assert (P != NULL);
+ assert (Q != NULL);
+ assert (R != NULL);
+ assert (modulus != NULL);
- if ((err = mp_init_multi(&t1, &t2, &x, &y, &z, NULL)) != 0) {
+ if ((err = mp_init_multi (&t1, &t2, &x, &y, &z, NULL)) != 0)
+ {
return err;
- }
-
- /* should we dbl instead? */
- mpz_sub(t1, modulus, Q->y);
-
- if ( (mpz_cmp(P->x, Q->x) == 0) &&
- (Q->z != NULL && mpz_cmp(P->z, Q->z) == 0) &&
- (mpz_cmp(P->y, Q->y) == 0 || mpz_cmp(P->y, t1) == 0)) {
- mp_clear_multi(&t1, &t2, &x, &y, &z, NULL);
- return ltc_ecc_projective_dbl_point(P, R, modulus);
- }
-
- mpz_set(x, P->x);
- mpz_set(y, P->y);
- mpz_set(z, P->z);
-
- /* if Z is one then these are no-operations */
- if (mpz_cmp_ui(Q->z, 1) != 0) {
+ }
+
+ /* should we dbl instead? */
+ mpz_sub (t1, modulus, Q->y);
+
+ if ((mpz_cmp (P->x, Q->x) == 0) &&
+ (Q->z != NULL && mpz_cmp (P->z, Q->z) == 0) &&
+ (mpz_cmp (P->y, Q->y) == 0 || mpz_cmp (P->y, t1) == 0))
+ {
+ mp_clear_multi (&t1, &t2, &x, &y, &z, NULL);
+ return ltc_ecc_projective_dbl_point (P, R, A, modulus);
+ }
+
+ mpz_set (x, P->x);
+ mpz_set (y, P->y);
+ mpz_set (z, P->z);
+
+ /* if Z is one then these are no-operations */
+ if (mpz_cmp_ui (Q->z, 1) != 0)
+ {
/* T1 = Z' * Z' */
- mpz_mul(t1, Q->z, Q->z);
- mpz_mod(t1, t1, modulus);
+ mpz_mul (t1, Q->z, Q->z);
+ mpz_mod (t1, t1, modulus);
/* X = X * T1 */
- mpz_mul(x, x, t1);
- mpz_mod(x, x, modulus);
+ mpz_mul (x, x, t1);
+ mpz_mod (x, x, modulus);
/* T1 = Z' * T1 */
- mpz_mul(t1, t1, Q->z);
- mpz_mod(t1, t1, modulus);
+ mpz_mul (t1, t1, Q->z);
+ mpz_mod (t1, t1, modulus);
/* Y = Y * T1 */
- mpz_mul(y, y, t1);
- mpz_mod(y, y, modulus);
- }
-
- /* T1 = Z*Z */
- mpz_mul(t1, z, z);
- mpz_mod(t1, t1, modulus);
- /* T2 = X' * T1 */
- mpz_mul(t2, t1, Q->x);
- mpz_mod(t2, t2, modulus);
- /* T1 = Z * T1 */
- mpz_mul(t1, t1, z);
- mpz_mod(t1, t1, modulus);
- /* T1 = Y' * T1 */
- mpz_mul(t1, t1, Q->y);
- mpz_mod(t1, t1, modulus);
-
- /* Y = Y - T1 */
- mpz_sub(y, y, t1);
- if (mpz_cmp_ui(y, 0) < 0) {
- mpz_add(y, y, modulus);
- }
- /* T1 = 2T1 */
- mpz_add(t1, t1, t1);
- if (mpz_cmp(t1, modulus) >= 0) {
- mpz_sub(t1, t1, modulus);
- }
- /* T1 = Y + T1 */
- mpz_add(t1, t1, y);
- if (mpz_cmp(t1, modulus) >= 0) {
- mpz_sub(t1, t1, modulus);
- }
- /* X = X - T2 */
- mpz_sub(x, x, t2);
- if (mpz_cmp_ui(x, 0) < 0) {
- mpz_add(x, x, modulus);
- }
- /* T2 = 2T2 */
- mpz_add(t2, t2, t2);
- if (mpz_cmp(t2, modulus) >= 0) {
- mpz_sub(t2, t2, modulus);
- }
- /* T2 = X + T2 */
- mpz_add(t2, t2, x);
- if (mpz_cmp(t2, modulus) >= 0) {
- mpz_sub(t2, t2, modulus);
- }
-
- /* if Z' != 1 */
- if (mpz_cmp_ui(Q->z, 1) != 0) {
+ mpz_mul (y, y, t1);
+ mpz_mod (y, y, modulus);
+ }
+
+ /* T1 = Z*Z */
+ mpz_mul (t1, z, z);
+ mpz_mod (t1, t1, modulus);
+ /* T2 = X' * T1 */
+ mpz_mul (t2, t1, Q->x);
+ mpz_mod (t2, t2, modulus);
+ /* T1 = Z * T1 */
+ mpz_mul (t1, t1, z);
+ mpz_mod (t1, t1, modulus);
+ /* T1 = Y' * T1 */
+ mpz_mul (t1, t1, Q->y);
+ mpz_mod (t1, t1, modulus);
+
+ /* Y = Y - T1 */
+ mpz_sub (y, y, t1);
+ if (mpz_cmp_ui (y, 0) < 0)
+ {
+ mpz_add (y, y, modulus);
+ }
+ /* T1 = 2T1 */
+ mpz_add (t1, t1, t1);
+ if (mpz_cmp (t1, modulus) >= 0)
+ {
+ mpz_sub (t1, t1, modulus);
+ }
+ /* T1 = Y + T1 */
+ mpz_add (t1, t1, y);
+ if (mpz_cmp (t1, modulus) >= 0)
+ {
+ mpz_sub (t1, t1, modulus);
+ }
+ /* X = X - T2 */
+ mpz_sub (x, x, t2);
+ if (mpz_cmp_ui (x, 0) < 0)
+ {
+ mpz_add (x, x, modulus);
+ }
+ /* T2 = 2T2 */
+ mpz_add (t2, t2, t2);
+ if (mpz_cmp (t2, modulus) >= 0)
+ {
+ mpz_sub (t2, t2, modulus);
+ }
+ /* T2 = X + T2 */
+ mpz_add (t2, t2, x);
+ if (mpz_cmp (t2, modulus) >= 0)
+ {
+ mpz_sub (t2, t2, modulus);
+ }
+
+ /* if Z' != 1 */
+ if (mpz_cmp_ui (Q->z, 1) != 0)
+ {
/* Z = Z * Z' */
- mpz_mul(z, z, Q->z);
- mpz_mod(z, z, modulus);
- }
-
- /* Z = Z * X */
- mpz_mul(z, z, x);
- mpz_mod(z, z, modulus);
-
- /* T1 = T1 * X */
- mpz_mul(t1, t1, x);
- mpz_mod(t1, t1, modulus);
- /* X = X * X */
- mpz_mul(x, x, x);
- mpz_mod(x, x, modulus);
- /* T2 = T2 * x */
- mpz_mul(t2, t2, x);
- mpz_mod(t2, t2, modulus);
- /* T1 = T1 * X */
- mpz_mul(t1, t1, x);
- mpz_mod(t1, t1, modulus);
-
- /* X = Y*Y */
- mpz_mul(x, y, y);
- mpz_mod(x, x, modulus);
- /* X = X - T2 */
- mpz_sub(x, x, t2);
- if (mpz_cmp_ui(x, 0) < 0) {
- mpz_add(x, x, modulus);
- }
-
- /* T2 = T2 - X */
- mpz_sub(t2, t2, x);
- if (mpz_cmp_ui(t2, 0) < 0) {
- mpz_add(t2, t2, modulus);
- }
- /* T2 = T2 - X */
- mpz_sub(t2, t2, x);
- if (mpz_cmp_ui(t2, 0) < 0) {
- mpz_add(t2, t2, modulus);
- }
- /* T2 = T2 * Y */
- mpz_mul(t2, t2, y);
- mpz_mod(t2, t2, modulus);
- /* Y = T2 - T1 */
- mpz_sub(y, t2, t1);
- if (mpz_cmp_ui(y, 0) < 0) {
- mpz_add(y, y, modulus);
- }
- /* Y = Y/2 */
- if (mp_isodd(y)) {
- mpz_add(y, y, modulus);
- }
- mpz_divexact_ui(y, y, 2);
-
- mpz_set(R->x, x);
- mpz_set(R->y, y);
- mpz_set(R->z, z);
-
- err = 0;
-
- mp_clear_multi(&t1, &t2, &x, &y, &z, NULL);
- return err;
+ mpz_mul (z, z, Q->z);
+ mpz_mod (z, z, modulus);
+ }
+
+ /* Z = Z * X */
+ mpz_mul (z, z, x);
+ mpz_mod (z, z, modulus);
+
+ /* T1 = T1 * X */
+ mpz_mul (t1, t1, x);
+ mpz_mod (t1, t1, modulus);
+ /* X = X * X */
+ mpz_mul (x, x, x);
+ mpz_mod (x, x, modulus);
+ /* T2 = T2 * x */
+ mpz_mul (t2, t2, x);
+ mpz_mod (t2, t2, modulus);
+ /* T1 = T1 * X */
+ mpz_mul (t1, t1, x);
+ mpz_mod (t1, t1, modulus);
+
+ /* X = Y*Y */
+ mpz_mul (x, y, y);
+ mpz_mod (x, x, modulus);
+ /* X = X - T2 */
+ mpz_sub (x, x, t2);
+ if (mpz_cmp_ui (x, 0) < 0)
+ {
+ mpz_add (x, x, modulus);
+ }
+
+ /* T2 = T2 - X */
+ mpz_sub (t2, t2, x);
+ if (mpz_cmp_ui (t2, 0) < 0)
+ {
+ mpz_add (t2, t2, modulus);
+ }
+ /* T2 = T2 - X */
+ mpz_sub (t2, t2, x);
+ if (mpz_cmp_ui (t2, 0) < 0)
+ {
+ mpz_add (t2, t2, modulus);
+ }
+ /* T2 = T2 * Y */
+ mpz_mul (t2, t2, y);
+ mpz_mod (t2, t2, modulus);
+ /* Y = T2 - T1 */
+ mpz_sub (y, t2, t1);
+ if (mpz_cmp_ui (y, 0) < 0)
+ {
+ mpz_add (y, y, modulus);
+ }
+ /* Y = Y/2 */
+ if (mp_isodd (y))
+ {
+ mpz_add (y, y, modulus);
+ }
+ mpz_divexact_ui (y, y, 2);
+
+ mpz_set (R->x, x);
+ mpz_set (R->y, y);
+ mpz_set (R->z, z);
+
+ err = 0;
+
+ mp_clear_multi (&t1, &t2, &x, &y, &z, NULL);
+ return err;
}
#endif
@@ -192,4 +209,3 @@ int ltc_ecc_projective_add_point(ecc_point *P, ecc_point
*Q, ecc_point *R, mpz_t
/* $Source:
/cvs/libtom/libtomcrypt/src/pk/ecc/ltc_ecc_projective_add_point.c,v $ */
/* $Revision: 1.16 $ */
/* $Date: 2007/05/12 14:32:35 $ */
-
diff --git a/lib/nettle/ltc_ecc_projective_dbl_point.c
b/lib/nettle/ltc_ecc_projective_dbl_point.c
index d9b7ec6..618f0d9 100644
--- a/lib/nettle/ltc_ecc_projective_dbl_point.c
+++ b/lib/nettle/ltc_ecc_projective_dbl_point.c
@@ -9,7 +9,7 @@
* Tom St Denis, address@hidden, http://libtom.org
*/
-/* Implements ECC over Z/pZ for curve y^2 = x^3 - 3x + b
+/* Implements ECC over Z/pZ for curve y^2 = x^3 - ax + b
*
* All curves taken from NIST recommendation paper of July 1999
* Available at http://csrc.nist.gov/cryptval/dss.htm
@@ -19,7 +19,7 @@
/**
@file ltc_ecc_projective_dbl_point.c
ECC Crypto, Tom St Denis
-*/
+*/
#if defined(LTC_MECC) && (!defined(LTC_MECC_ACCEL) || defined(LTM_LTC_DESC))
@@ -27,120 +27,167 @@
Double an ECC point
@param P The point to double
@param R [out] The destination of the double
+ @param a The "a" value from curve
@param modulus The modulus of the field the ECC curve is in
- @param mp The "b" value from montgomery_setup()
@return 0 on success
*/
-int ltc_ecc_projective_dbl_point(ecc_point *P, ecc_point *R, mpz_t modulus)
+int
+ltc_ecc_projective_dbl_point (ecc_point * P, ecc_point * R, mpz_t a,
+ mpz_t modulus)
{
- mpz_t t1, t2;
- int err;
+ mpz_t t1, m, s;
+ int err;
- assert(P != NULL);
- assert(R != NULL);
- assert(modulus != NULL);
+ assert (P != NULL);
+ assert (R != NULL);
+ assert (modulus != NULL);
- if ((err = mp_init_multi(&t1, &t2, NULL)) != 0) {
+ if ((err = mp_init_multi (&t1, &m, &s, NULL)) != 0)
+ {
return err;
- }
-
- if (P != R) {
- mpz_set(R->x, P->x);
- mpz_set(R->y, P->y);
- mpz_set(R->z, P->z);
- }
-
- /* t1 = Z * Z */
- mpz_mul(t1, R->z, R->z);
- mpz_mod(t1, t1, modulus);
- /* Z = Y * Z */
- mpz_mul(R->z, R->y, R->z);
- mpz_mod(R->z, R->z, modulus);
- /* Z = 2Z */
- mpz_add(R->z, R->z, R->z);
- if (mpz_cmp(R->z, modulus) >= 0) {
- mpz_sub(R->z, R->z, modulus);
- }
-
- /* T2 = X - T1 */
- mpz_sub(t2, R->x, t1);
- if (mpz_cmp_ui(t2, 0) < 0) {
- mpz_add(t2, t2, modulus);
- }
- /* T1 = X + T1 */
- mpz_add(t1, t1, R->x);
- if (mpz_cmp(t1, modulus) >= 0) {
- mpz_sub(t1, t1, modulus);
- }
- /* T2 = T1 * T2 */
- mpz_mul(t2, t1, t2);
- mpz_mod(t2, t2, modulus);
- /* T1 = 2T2 */
- mpz_add(t1, t2, t2);
- if (mpz_cmp(t1, modulus) >= 0) {
- mpz_sub(t1, t1, modulus);
- }
- /* T1 = T1 + T2 */
- mpz_add(t1, t1, t2);
- if (mpz_cmp(t1, modulus) >= 0) {
- mpz_sub(t1, t1, modulus);
- }
-
- /* Y = 2Y */
- mpz_add(R->y, R->y, R->y);
- if (mpz_cmp(R->y, modulus) >= 0) {
- mpz_sub(R->y, R->y, modulus);
- }
- /* Y = Y * Y */
- mpz_mul(R->y, R->y, R->y);
- mpz_mod(R->y, R->y, modulus);
- /* T2 = Y * Y */
- mpz_mul(t2, R->y, R->y);
- mpz_mod(t2, t2, modulus);
- /* T2 = T2/2 */
- if (mp_isodd(t2)) {
- mpz_add(t2, t2, modulus);
- }
- mpz_divexact_ui(t2, t2, 2);
- /* Y = Y * X */
- mpz_mul(R->y, R->y, R->x);
- mpz_mod(R->y, R->y, modulus);
-
- /* X = T1 * T1 */
- mpz_mul(R->x, t1, t1);
- mpz_mod(R->x, R->x, modulus);
- /* X = X - Y */
- mpz_sub(R->x, R->x, R->y);
- if (mpz_cmp_ui(R->x, 0) < 0) {
- mpz_add(R->x, R->x, modulus);
- }
- /* X = X - Y */
- mpz_sub(R->x, R->x, R->y);
- if (mpz_cmp_ui(R->x, 0) < 0) {
- mpz_add(R->x, R->x, modulus);
- }
-
- /* Y = Y - X */
- mpz_sub(R->y, R->y, R->x);
- if (mpz_cmp_ui(R->y, 0) < 0) {
- mpz_add(R->y, R->y, modulus);
- }
- /* Y = Y * T1 */
- mpz_mul(R->y, R->y, t1);
- mpz_mod(R->y, R->y, modulus);
- /* Y = Y - T2 */
- mpz_sub(R->y, R->y, t2);
- if (mpz_cmp_ui(R->y, 0) < 0) {
- mpz_add( R->y, R->y, modulus);
- }
-
- err = 0;
-
- mp_clear_multi(&t1, &t2, NULL);
- return err;
+ }
+
+ if (P != R)
+ {
+ mpz_set (R->x, P->x);
+ mpz_set (R->y, P->y);
+ mpz_set (R->z, P->z);
+ }
+
+ /*
+ if (Y == 0)
+ return POINT_AT_INFINITY
+ S = 4*X*Y^2
+ M = 3*X^2 + a*Z^4
+ X' = M^2 - 2*S
+ Y' = M*(S - X') - 8*Y^4
+ Z' = 2*Y*Z
+ return (X', Y', Z')
+ */
+
+ /* m = Z * Z */
+ mpz_mul (m, R->z, R->z);
+ mpz_mod (m, m, modulus);
+
+ /* Calculate Z and get rid of it */
+ /* Z = Y * Z */
+ mpz_mul (R->z, R->y, R->z);
+ mpz_mod (R->z, R->z, modulus);
+ /* Z = 2Z */
+ mpz_add (R->z, R->z, R->z);
+ if (mpz_cmp (R->z, modulus) >= 0)
+ {
+ mpz_sub (R->z, R->z, modulus);
+ }
+
+ /* continue with M and S calculations */
+
+ /* m = m * m = z^4 */
+ mpz_mul (m, m, m);
+ mpz_mod (m, m, modulus);
+
+ /* m = a * m = a*z^4 */
+ mpz_mul (m, a, m);
+ mpz_mod (m, m, modulus);
+
+ /* Y = 2y */
+ mpz_add (R->y, R->y, R->y);
+ if (mpz_cmp (R->y, modulus) >= 0)
+ {
+ mpz_sub (R->y, R->y, modulus);
+ }
+
+ /* Y = Y * Y = 4y^2 */
+ mpz_mul (R->y, R->y, R->y);
+ mpz_mod (R->y, R->y, modulus);
+
+ /* s = X*Y = 4xy^2 */
+ mpz_mul (s, R->x, R->y);
+ mpz_mod (s, s, modulus);
+
+ /* X = x^2 */
+ mpz_mul (R->x, R->x, R->x);
+ mpz_mod (R->x, R->x, modulus);
+
+ /* t1 = 2X = 2x^2 */
+ mpz_add (t1, R->x, R->x);
+ if (mpz_cmp (t1, modulus) >= 0)
+ {
+ mpz_sub (t1, t1, modulus);
+ }
+
+ /* t1 = t1+X = 3X = 3x^2 */
+ mpz_add (t1, t1, R->x);
+ if (mpz_cmp (t1, modulus) >= 0)
+ {
+ mpz_sub (t1, t1, modulus);
+ }
+
+ /* m = t1+m = 3x^2 + a*z^4 */
+ mpz_add (m, m, t1);
+ if (mpz_cmp (m, modulus) >= 0)
+ {
+ mpz_sub (m, m, modulus);
+ }
+
+ /*
+ X' = M^2 - 2*S
+ Y' = M*(S - X') - 8*Y^4
+ */
+
+ /* Y = Y*Y = 16y^4 */
+ mpz_mul (R->y, R->y, R->y);
+ mpz_mod (R->y, R->y, modulus);
+
+ /* Y = 8y^4 */
+ if (mp_isodd (R->y))
+ {
+ mpz_add (R->y, R->y, modulus);
+ }
+ mpz_divexact_ui (R->y, R->y, 2);
+
+ /* X = m^2 */
+ mpz_mul (R->x, m, m);
+ mpz_mod (R->x, R->x, modulus);
+
+ /* X = X - s = m^2 - s */
+ mpz_sub (R->x, R->x, s);
+ if (mpz_cmp_ui (R->x, 0) < 0)
+ {
+ mpz_add (R->x, R->x, modulus);
+ }
+
+ /* X = X - s = m^2 - 2s */
+ mpz_sub (R->x, R->x, s);
+ if (mpz_cmp_ui (R->x, 0) < 0)
+ {
+ mpz_add (R->x, R->x, modulus);
+ }
+
+ /* t1 = s - X */
+ mpz_sub (t1, s, R->x);
+ if (mpz_cmp_ui (t1, 0) < 0)
+ {
+ mpz_add (t1, t1, modulus);
+ }
+
+ /* t1 = M * t1 = M * (s-X) */
+ mpz_mul (t1, m, t1);
+ mpz_mod (t1, t1, modulus);
+
+ /* Y = t1 - Y = (M * (s-X)) - 8y^4 */
+ mpz_sub (R->y, t1, R->y);
+ if (mpz_cmp_ui (R->y, 0) < 0)
+ {
+ mpz_add (R->y, R->y, modulus);
+ }
+
+ err = 0;
+
+ mp_clear_multi (&t1, &m, &s, NULL);
+ return err;
}
#endif
/* $Source:
/cvs/libtom/libtomcrypt/src/pk/ecc/ltc_ecc_projective_dbl_point.c,v $ */
/* $Revision: 1.11 $ */
/* $Date: 2007/05/12 14:32:35 $ */
-
diff --git a/lib/nettle/pk.c b/lib/nettle/pk.c
index f1722be..62342d9 100644
--- a/lib/nettle/pk.c
+++ b/lib/nettle/pk.c
@@ -104,21 +104,23 @@ static int _wrap_nettle_pk_derive(gnutls_pk_algorithm_t
algo, gnutls_datum_t * o
ecc_pub.type = PK_PUBLIC;
memcpy(&ecc_pub.prime, pub->params[0], sizeof(mpz_t));
memcpy(&ecc_pub.order, pub->params[1], sizeof(mpz_t));
- memcpy(&ecc_pub.Gx, pub->params[2], sizeof(mpz_t));
- memcpy(&ecc_pub.Gy, pub->params[3], sizeof(mpz_t));
- memcpy(&ecc_pub.pubkey.x, pub->params[4], sizeof(mpz_t));
- memcpy(&ecc_pub.pubkey.y, pub->params[5], sizeof(mpz_t));
- memcpy(&ecc_pub.pubkey.z, pub->params[6], sizeof(mpz_t));
+ memcpy(&ecc_pub.A, pub->params[2], sizeof(mpz_t));
+ memcpy(&ecc_pub.Gx, pub->params[3], sizeof(mpz_t));
+ memcpy(&ecc_pub.Gy, pub->params[4], sizeof(mpz_t));
+ memcpy(&ecc_pub.pubkey.x, pub->params[5], sizeof(mpz_t));
+ memcpy(&ecc_pub.pubkey.y, pub->params[6], sizeof(mpz_t));
+ memcpy(&ecc_pub.pubkey.z, pub->params[7], sizeof(mpz_t));
ecc_priv.type = PK_PRIVATE;
memcpy(&ecc_priv.prime, priv->params[0], sizeof(mpz_t));
memcpy(&ecc_priv.order, priv->params[1], sizeof(mpz_t));
- memcpy(&ecc_priv.Gx, priv->params[2], sizeof(mpz_t));
- memcpy(&ecc_priv.Gy, priv->params[3], sizeof(mpz_t));
- memcpy(&ecc_priv.pubkey.x, priv->params[4], sizeof(mpz_t));
- memcpy(&ecc_priv.pubkey.y, priv->params[5], sizeof(mpz_t));
- memcpy(&ecc_priv.pubkey.z, priv->params[6], sizeof(mpz_t));
- memcpy(&ecc_priv.k, priv->params[7], sizeof(mpz_t));
+ memcpy(&ecc_priv.A, priv->params[2], sizeof(mpz_t));
+ memcpy(&ecc_priv.Gx, priv->params[3], sizeof(mpz_t));
+ memcpy(&ecc_priv.Gy, priv->params[4], sizeof(mpz_t));
+ memcpy(&ecc_priv.pubkey.x, priv->params[5], sizeof(mpz_t));
+ memcpy(&ecc_priv.pubkey.y, priv->params[6], sizeof(mpz_t));
+ memcpy(&ecc_priv.pubkey.z, priv->params[7], sizeof(mpz_t));
+ memcpy(&ecc_priv.k, priv->params[8], sizeof(mpz_t));
sz = ECC_BUF_SIZE;
out->data = gnutls_malloc(sz);
@@ -694,6 +696,7 @@ rsa_fail:
tls_ecc_set.order = st->order;
tls_ecc_set.Gx = st->Gx;
tls_ecc_set.Gy = st->Gy;
+ tls_ecc_set.A = st->A;
ret = ecc_make_key(NULL, _int_random_func, &key, &tls_ecc_set);
if (ret != 0)
@@ -714,12 +717,13 @@ rsa_fail:
mpz_set(TOMPZ(params->params[0]), key.prime);
mpz_set(TOMPZ(params->params[1]), key.order);
- mpz_set(TOMPZ(params->params[2]), key.Gx);
- mpz_set(TOMPZ(params->params[3]), key.Gy);
- mpz_set(TOMPZ(params->params[4]), key.pubkey.x);
- mpz_set(TOMPZ(params->params[5]), key.pubkey.y);
- mpz_set(TOMPZ(params->params[6]), key.pubkey.z);
- mpz_set(TOMPZ(params->params[7]), key.k);
+ mpz_set(TOMPZ(params->params[2]), key.A);
+ mpz_set(TOMPZ(params->params[3]), key.Gx);
+ mpz_set(TOMPZ(params->params[4]), key.Gy);
+ mpz_set(TOMPZ(params->params[5]), key.pubkey.x);
+ mpz_set(TOMPZ(params->params[6]), key.pubkey.y);
+ mpz_set(TOMPZ(params->params[7]), key.pubkey.z);
+ mpz_set(TOMPZ(params->params[8]), key.k);
ecc_fail:
ecc_free(&key);
diff --git a/lib/x509/x509_int.h b/lib/x509/x509_int.h
index b35ecd2..ce9faae 100644
--- a/lib/x509/x509_int.h
+++ b/lib/x509/x509_int.h
@@ -78,7 +78,7 @@ typedef struct gnutls_pkcs7_int
/* parameters should not be larger than this limit */
#define DSA_PUBLIC_PARAMS 4
#define RSA_PUBLIC_PARAMS 2
-#define ECDH_PUBLIC_PARAMS 7
+#define ECDH_PUBLIC_PARAMS 8
#define MAX_PRIV_PARAMS_SIZE GNUTLS_MAX_PK_PARAMS /* ok for RSA and DSA
*/
@@ -86,7 +86,7 @@ typedef struct gnutls_pkcs7_int
/* parameters should not be larger than this limit */
#define DSA_PRIVATE_PARAMS 5
#define RSA_PRIVATE_PARAMS 8
-#define ECDH_PRIVATE_PARAMS 8
+#define ECDH_PRIVATE_PARAMS 9
#if MAX_PRIV_PARAMS_SIZE - RSA_PRIVATE_PARAMS < 0
#error INCREASE MAX_PRIV_PARAMS
diff --git a/src/cli.c b/src/cli.c
index cfe0470..fbefe7f 100644
--- a/src/cli.c
+++ b/src/cli.c
@@ -719,6 +719,7 @@ main (int argc, char **argv)
ssize_t bytes;
set_program_name (argv[0]);
+ gaa_parser (argc, argv);
gnutls_global_set_log_function (tls_log_func);
gnutls_global_set_log_level (info.debug);
@@ -730,7 +731,6 @@ main (int argc, char **argv)
}
pkcs11_common ();
- gaa_parser (argc, argv);
if (hostname == NULL)
{
fprintf (stderr, "No hostname given\n");
diff --git a/src/common.c b/src/common.c
index ef537c3..3dfea1b 100644
--- a/src/common.c
+++ b/src/common.c
@@ -410,7 +410,8 @@ print_info (gnutls_session_t session, const char *hostname,
int insecure)
{
#ifdef ENABLE_ANON
case GNUTLS_CRD_ANON:
- print_dh_info (session, "Anonymous ");
+ if (kx != GNUTLS_KX_ANON_ECDH)
+ print_dh_info (session, "Anonymous ");
break;
#endif
#ifdef ENABLE_SRP
hooks/post-receive
--
GNU gnutls
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU gnutls branch, master, updated. gnutls_2_99_1-43-g14cdffd,
Nikos Mavrogiannopoulos <=