[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU gnutls branch, master, updated. gnutls_3_1_0-41-g5c367d5
|
From: |
Nikos Mavrogiannopoulos |
|
Subject: |
[SCM] GNU gnutls branch, master, updated. gnutls_3_1_0-41-g5c367d5 |
|
Date: |
Fri, 31 Aug 2012 17:37:40 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".
http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=5c367d5f8a8cfe8deecca0360040e78d7249d0d1
The branch, master has been updated
via 5c367d5f8a8cfe8deecca0360040e78d7249d0d1 (commit)
from aa5afd19f79e4a45935e3db82ae5ffb4d4465f6c (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 5c367d5f8a8cfe8deecca0360040e78d7249d0d1
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Fri Aug 31 19:36:41 2012 +0200
Removed unused ECC code.
Renamed ecc_mulmod_wmnaf -> ecc_mulmod
Renamed ecc_projective_add_point_ng -> ecc_projective_add_point
-----------------------------------------------------------------------
Summary of changes:
lib/nettle/Makefile.am | 5 +-
lib/nettle/ecc.h | 12 +-
lib/nettle/ecc_make_key.c | 4 +-
lib/nettle/ecc_mulmod.c | 289 +++++++++-----------
...c_mulmod_wmnaf_cached.c => ecc_mulmod_cached.c} | 12 +-
lib/nettle/ecc_mulmod_timing.c | 176 ------------
lib/nettle/ecc_mulmod_wmnaf.c | 165 -----------
lib/nettle/ecc_projective_add_point.c | 255 -----------------
lib/nettle/ecc_projective_add_point_ng.c | 2 +-
lib/nettle/ecc_shared_secret.c | 2 +-
lib/nettle/ecc_verify_hash.c | 6 +-
lib/nettle/pk.c | 2 +-
12 files changed, 151 insertions(+), 779 deletions(-)
rename lib/nettle/{ecc_mulmod_wmnaf_cached.c => ecc_mulmod_cached.c} (96%)
delete mode 100644 lib/nettle/ecc_mulmod_timing.c
delete mode 100644 lib/nettle/ecc_mulmod_wmnaf.c
delete mode 100644 lib/nettle/ecc_projective_add_point.c
diff --git a/lib/nettle/Makefile.am b/lib/nettle/Makefile.am
index 313a69d..add6baa 100644
--- a/lib/nettle/Makefile.am
+++ b/lib/nettle/Makefile.am
@@ -35,8 +35,7 @@ noinst_LTLIBRARIES = libcrypto.la
libcrypto_la_SOURCES = pk.c mpi.c mac.c cipher.c rnd.c init.c egd.c egd.h \
multi.c wmnaf.c ecc_free.c ecc.h ecc_make_key.c ecc_shared_secret.c \
- ecc_map.c ecc_mulmod.c ecc_mulmod_wmnaf.c ecc_mulmod_wmnaf_cached.c \
+ ecc_map.c ecc_mulmod.c ecc_mulmod_cached.c \
ecc_points.c ecc_projective_dbl_point_3.c ecc_projective_isneutral.c \
ecc_projective_check_point.c ecc_projective_negate_point.c \
- ecc_projective_add_point.c ecc_projective_add_point_ng.c \
- ecc_sign_hash.c ecc_verify_hash.c gnettle.h ecc_mulmod_timing.c
+ ecc_projective_add_point_ng.c ecc_sign_hash.c ecc_verify_hash.c
gnettle.h
diff --git a/lib/nettle/ecc.h b/lib/nettle/ecc.h
index 44adffb..2f8f2dd 100644
--- a/lib/nettle/ecc.h
+++ b/lib/nettle/ecc.h
@@ -139,23 +139,19 @@ int ecc_projective_dbl_point(ecc_point *P, ecc_point *R,
mpz_t a, mpz_t modulus
/* R = P + Q */
int ecc_projective_add_point(ecc_point *P, ecc_point *Q, ecc_point *R, mpz_t
A, mpz_t modulus);
-int ecc_projective_add_point_ng(ecc_point *P, ecc_point *Q, ecc_point *R,
mpz_t A, mpz_t modulus);
int ecc_projective_madd (ecc_point* P, ecc_point* Q, ecc_point* R, mpz_t a,
mpz_t modulus);
/* R = kG */
-int ecc_mulmod(mpz_t k, ecc_point *G, ecc_point *R, mpz_t a, mpz_t modulus,
int map);
-int ecc_mulmod_timing(mpz_t k, ecc_point *G, ecc_point *R, mpz_t a, mpz_t
modulus, int map);
-
/* wMNAF-based mulmod */
signed char* ecc_wMNAF(mpz_t x, size_t *ret_len);
-int ecc_mulmod_wmnaf(mpz_t k, ecc_point *G, ecc_point *R, mpz_t a, mpz_t
modulus, int map);
+int ecc_mulmod(mpz_t k, ecc_point *G, ecc_point *R, mpz_t a, mpz_t modulus,
int map);
/* cache-enabled wMNAF-based mulmod */
int ecc_wmnaf_cache_init(void);
void ecc_wmnaf_cache_free(void);
-int ecc_mulmod_wmnaf_cached (mpz_t k, gnutls_ecc_curve_t id, ecc_point * R,
mpz_t a, mpz_t modulus, int map);
-int ecc_mulmod_wmnaf_cached_timing (mpz_t k, gnutls_ecc_curve_t id, ecc_point
* R, mpz_t a, mpz_t modulus, int map);
-int ecc_mulmod_wmnaf_cached_lookup (mpz_t k, ecc_point *G, ecc_point *R, mpz_t
a, mpz_t modulus, int map);
+int ecc_mulmod_cached (mpz_t k, gnutls_ecc_curve_t id, ecc_point * R, mpz_t a,
mpz_t modulus, int map);
+int ecc_mulmod_cached_timing (mpz_t k, gnutls_ecc_curve_t id, ecc_point * R,
mpz_t a, mpz_t modulus, int map);
+int ecc_mulmod_cached_lookup (mpz_t k, ecc_point *G, ecc_point *R, mpz_t a,
mpz_t modulus, int map);
/* check if the given point is neutral point */
int ecc_projective_isneutral(ecc_point *P, mpz_t modulus);
diff --git a/lib/nettle/ecc_make_key.c b/lib/nettle/ecc_make_key.c
index 8c777da..a0652a2 100644
--- a/lib/nettle/ecc_make_key.c
+++ b/lib/nettle/ecc_make_key.c
@@ -103,9 +103,9 @@ ecc_make_key_ex (void *random_ctx, nettle_random_func
random, ecc_key * key,
}
/* make the public key */
if (timing_res)
- err = ecc_mulmod_wmnaf_cached_timing (key->k, curve_id, &key->pubkey,
key->A, key->prime, 1);
+ err = ecc_mulmod_cached_timing (key->k, curve_id, &key->pubkey, key->A,
key->prime, 1);
else
- err = ecc_mulmod_wmnaf_cached (key->k, curve_id, &key->pubkey, key->A,
key->prime, 1);
+ err = ecc_mulmod_cached (key->k, curve_id, &key->pubkey, key->A,
key->prime, 1);
if (err != 0)
goto errkey;
diff --git a/lib/nettle/ecc_mulmod.c b/lib/nettle/ecc_mulmod.c
index 859a9ee..782113a 100644
--- a/lib/nettle/ecc_mulmod.c
+++ b/lib/nettle/ecc_mulmod.c
@@ -1,6 +1,8 @@
/*
* Copyright (C) 2011-2012 Free Software Foundation, Inc.
*
+ * Author: Ilya Tumaykin
+ *
* This file is part of GNUTLS.
*
* The GNUTLS library is free software; you can redistribute it and/or
@@ -18,175 +20,146 @@
*
*/
-/* Based on public domain code of LibTomCrypt by Tom St Denis.
- * Adapted to gmp and nettle by Nikos Mavrogiannopoulos.
- */
-
#include "ecc.h"
-/* size of sliding window, don't change this! */
-#define WINSIZE 4
/*
- Perform a point multiplication
+ Perform a point multiplication using wMNAF representation
@param k The scalar to multiply by
@param G The base point
@param R [out] Destination for kG
+ @param a The curve's A value
@param modulus The modulus of the field the ECC curve is in
- @param map Boolean whether to map back to affine or not (1==map, 0 ==
leave in projective)
- @return CRYPT_OK on success
+ @param map Boolean whether to map back to affine or not (1 == map, 0
== leave in projective)
+ @return GNUTLS_E_SUCCESS on success
*/
int
-ecc_mulmod (mpz_t k, ecc_point * G, ecc_point * R, mpz_t a, mpz_t modulus,
- int map)
-
+ecc_mulmod (mpz_t k, ecc_point * G, ecc_point * R, mpz_t a,
+ mpz_t modulus, int map)
{
- ecc_point *tG, *M[8];
- int i, j, err, bitidx;
- int first, bitbuf, bitcpy, mode;
-
- if (k == NULL || G == NULL || R == NULL || modulus == NULL)
- return -1;
-
- /* alloc ram for window temps */
- for (i = 0; i < 8; i++) {
- M[i] = ecc_new_point();
- if (M[i] == NULL) {
- for (j = 0; j < i; j++) {
- ecc_del_point(M[j]);
- }
-
- return -1;
- }
- }
-
- /* make a copy of G incase R==G */
- tG = ecc_new_point();
- if (tG == NULL)
- {
- err = -1;
- goto done;
- }
-
- /* tG = G and convert to montgomery */
- mpz_set (tG->x, G->x);
- mpz_set (tG->y, G->y);
- mpz_set (tG->z, G->z);
-
- /* calc the M tab, which holds kG for k==8..15 */
- /* M[0] == 8G */
- if ((err = ecc_projective_dbl_point (tG, M[0], a, modulus)) != 0)
- goto done;
-
- if ((err = ecc_projective_dbl_point (M[0], M[0], a, modulus)) != 0)
- goto done;
-
- if ((err = ecc_projective_dbl_point (M[0], M[0], a, modulus)) != 0)
- goto done;
-
- /* now find (8+k)G for k=1..7 */
- for (j = 9; j < 16; j++) {
- if (ecc_projective_add_point(M[j-9], tG, M[j-8], a, modulus) != 0)
- goto done;
- }
-
- /* setup sliding window */
- mode = 0;
- bitidx = mpz_size (k) * GMP_NUMB_BITS - 1;
- bitcpy = bitbuf = 0;
- first = 1;
-
- /* perform ops */
- for (;;) {
- /* grab next digit as required */
- if (bitidx == -1) {
- break;
- }
-
- /* grab the next msb from the ltiplicand */
- i = mpz_tstbit (k, bitidx--);
-
- /* skip leading zero bits */
- if (mode == 0 && i == 0) {
- continue;
- }
-
- /* if the bit is zero and mode == 1 then we double */
- if (mode == 1 && i == 0) {
- if ((err = ecc_projective_dbl_point(R, R, a, modulus)) != 0)
- goto done;
- continue;
- }
-
- /* else we add it to the window */
- bitbuf |= (i << (WINSIZE - ++bitcpy));
- mode = 2;
-
- if (bitcpy == WINSIZE) {
- /* if this is the first window we do a simple copy */
- if (first == 1) {
- /* R = kG [k = first window] */
- mpz_set(R->x, M[bitbuf-8]->x);
- mpz_set(R->y, M[bitbuf-8]->y);
- mpz_set(R->z, M[bitbuf-8]->z);
- first = 0;
- } else {
- /* normal window */
- /* ok window is filled so double as required and add */
- /* double first */
- for (j = 0; j < WINSIZE; j++) {
- if ((err = ecc_projective_dbl_point(R, R, a, modulus)) != 0)
- goto done;
- }
-
- /* then add, bitbuf will be 8..15 [8..2^WINSIZE] guaranteed */
- if ((err = ecc_projective_add_point(R, M[bitbuf-8], R, a, modulus))
!= 0)
- goto done;
- }
- /* empty window and reset */
- bitcpy = bitbuf = 0;
- mode = 1;
+ ecc_point *pos[WMNAF_PRECOMPUTED_LENGTH], *neg[WMNAF_PRECOMPUTED_LENGTH];
+ int i, j, err;
+
+ signed char *wmnaf = NULL;
+ size_t wmnaf_len;
+ signed char digit;
+
+ if (k == NULL || G == NULL || R == NULL || modulus == NULL)
+ return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
+
+ /* alloc ram for precomputed values */
+ for (i = 0; i < WMNAF_PRECOMPUTED_LENGTH; ++i)
+ {
+ pos[i] = ecc_new_point ();
+ neg[i] = ecc_new_point ();
+ if (pos[i] == NULL || neg[i] == NULL)
+ {
+ for (j = 0; j < i; ++j)
+ {
+ ecc_del_point (pos[j]);
+ ecc_del_point (neg[j]);
+ }
+
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+ }
+
+ /* fill in pos and neg arrays with precomputed values
+ * pos holds kG for k == 1, 3, 5, ..., (2^w - 1)
+ * neg holds kG for k == -1,-3,-5, ...,-(2^w - 1)
+ */
+
+ /* pos[0] == 2G for a while, later it will be set to the expected 1G */
+ if ((err = ecc_projective_dbl_point (G, pos[0], a, modulus)) != 0)
+ goto done;
+
+ /* pos[1] == 3G */
+ if ((err =
+ ecc_projective_add_point (pos[0], G, pos[1], a, modulus)) != 0)
+ goto done;
+
+ /* fill in kG for k = 5, 7, ..., (2^w - 1) */
+ for (j = 2; j < WMNAF_PRECOMPUTED_LENGTH; ++j)
+ {
+ if ((err =
+ ecc_projective_add_point (pos[j - 1], pos[0], pos[j], a,
+ modulus)) != 0)
+ goto done;
+ }
+
+ /* set pos[0] == 1G as expected
+ * after this step we don't need G at all
+ * and can change it without worries even if R == G */
+ mpz_set (pos[0]->x, G->x);
+ mpz_set (pos[0]->y, G->y);
+ mpz_set (pos[0]->z, G->z);
+
+ /* neg[i] == -pos[i] */
+ for (j = 0; j < WMNAF_PRECOMPUTED_LENGTH; ++j)
+ {
+ if ((err = ecc_projective_negate_point (pos[j], neg[j], modulus)) != 0)
+ goto done;
+ }
+
+ /* calculate wMNAF */
+ wmnaf = ecc_wMNAF (k, &wmnaf_len);
+ if (!wmnaf)
+ {
+ err = GNUTLS_E_INTERNAL_ERROR;
+ goto done;
+ }
+
+ /* actual point computation */
+
+ /* set R to neutral */
+ mpz_set_ui (R->x, 1);
+ mpz_set_ui (R->y, 1);
+ mpz_set_ui (R->z, 0);
+
+ /* perform ops */
+ for (j = wmnaf_len - 1; j >= 0; --j)
+ {
+ if ((err = ecc_projective_dbl_point (R, R, a, modulus)) != 0)
+ goto done;
+
+ digit = wmnaf[j];
+
+ if (digit)
+ {
+ if (digit > 0)
+ {
+ if ((err =
+ ecc_projective_add_point (R, pos[(digit / 2)], R, a,
+ modulus)) != 0)
+ goto done;
+ }
+ else
+ {
+ if ((err =
+ ecc_projective_add_point (R, neg[(-digit / 2)], R, a,
+ modulus)) != 0)
+ goto done;
+ }
+ }
+ }
+
+
+ /* map R back from projective space */
+ if (map)
+ {
+ err = ecc_map (R, modulus);
+ }
+ else
+ {
+ err = GNUTLS_E_SUCCESS;
}
- }
-
- /* if bits remain then double/add */
- if (mode == 2 && bitcpy > 0) {
- /* double then add */
- for (j = 0; j < bitcpy; j++) {
- /* only double if we have had at least one add first */
- if (first == 0) {
- if ((err = ecc_projective_dbl_point(R, R, a, modulus)) != 0)
- goto done;
- }
-
- bitbuf <<= 1;
- if ((bitbuf & (1 << WINSIZE)) != 0) {
- if (first == 1){
- /* first add, so copy */
- mpz_set(R->x, tG->x);
- mpz_set(R->y, tG->y);
- mpz_set(R->z, tG->z);
- first = 0;
- } else {
- /* then add */
- if ((err = ecc_projective_add_point(R, tG, R, a, modulus)) != 0)
- goto done;
- }
- }
- }
- }
-
- /* map R back from projective space */
- if (map) {
- err = ecc_map(R, modulus);
- } else {
- err = 0;
- }
done:
- ecc_del_point(tG);
- for (i = 0; i < 8; i++) {
- ecc_del_point(M[i]);
- }
- return err;
+ for (i = 0; i < WMNAF_PRECOMPUTED_LENGTH; ++i)
+ {
+ ecc_del_point (pos[i]);
+ ecc_del_point (neg[i]);
+ }
+ if (wmnaf)
+ free (wmnaf);
+ return err;
}
-
diff --git a/lib/nettle/ecc_mulmod_wmnaf_cached.c
b/lib/nettle/ecc_mulmod_cached.c
similarity index 96%
rename from lib/nettle/ecc_mulmod_wmnaf_cached.c
rename to lib/nettle/ecc_mulmod_cached.c
index e75b884..c69596e 100644
--- a/lib/nettle/ecc_mulmod_wmnaf_cached.c
+++ b/lib/nettle/ecc_mulmod_cached.c
@@ -146,7 +146,7 @@ _ecc_wmnaf_cache_entry_init (gnutls_ecc_curve_cache_entry_t
* p,
/* pos[1] == 3G */
if ((err =
- ecc_projective_add_point_ng (p->pos[0], G, p->pos[1], a,
+ ecc_projective_add_point (p->pos[0], G, p->pos[1], a,
modulus)) != 0)
goto done;
@@ -154,7 +154,7 @@ _ecc_wmnaf_cache_entry_init (gnutls_ecc_curve_cache_entry_t
* p,
for (j = 2; j < WMNAF_PRECOMPUTED_LENGTH; ++j)
{
if ((err =
- ecc_projective_add_point_ng (p->pos[j - 1], p->pos[0], p->pos[j],
+ ecc_projective_add_point (p->pos[j - 1], p->pos[0], p->pos[j],
a, modulus)) != 0)
goto done;
}
@@ -243,7 +243,7 @@ done:
@return GNUTLS_E_SUCCESS on success
*/
int
-ecc_mulmod_wmnaf_cached (mpz_t k, gnutls_ecc_curve_t id, ecc_point * R,
+ecc_mulmod_cached (mpz_t k, gnutls_ecc_curve_t id, ecc_point * R,
mpz_t a, mpz_t modulus, int map)
{
int j, err;
@@ -327,7 +327,7 @@ done:
@return GNUTLS_E_SUCCESS on success
*/
int
-ecc_mulmod_wmnaf_cached_timing (mpz_t k, gnutls_ecc_curve_t id, ecc_point * R,
+ecc_mulmod_cached_timing (mpz_t k, gnutls_ecc_curve_t id, ecc_point * R,
mpz_t a, mpz_t modulus, int map)
{
int j, err;
@@ -436,7 +436,7 @@ done:
@return GNUTLS_E_SUCCESS on success
*/
int
-ecc_mulmod_wmnaf_cached_lookup (mpz_t k, ecc_point * G, ecc_point * R,
+ecc_mulmod_cached_lookup (mpz_t k, ecc_point * G, ecc_point * R,
mpz_t a, mpz_t modulus, int map)
{
int i, id;
@@ -453,5 +453,5 @@ ecc_mulmod_wmnaf_cached_lookup (mpz_t k, ecc_point * G,
ecc_point * R,
}
}
- return ecc_mulmod_wmnaf_cached (k, id, R, a, modulus, map);
+ return ecc_mulmod_cached (k, id, R, a, modulus, map);
}
diff --git a/lib/nettle/ecc_mulmod_timing.c b/lib/nettle/ecc_mulmod_timing.c
deleted file mode 100644
index a6b053d..0000000
--- a/lib/nettle/ecc_mulmod_timing.c
+++ /dev/null
@@ -1,176 +0,0 @@
-/*
- * Copyright (C) 2011-2012 Free Software Foundation, Inc.
- *
- * This file is part of GNUTLS.
- *
- * The GNUTLS library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public License
- * as published by the Free Software Foundation; either version 3 of
- * the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public License
- * along with this program. If not, see <http://www.gnu.org/licenses/>
- *
- */
-
-/* Based on public domain code of LibTomCrypt by Tom St Denis.
- * Adapted to gmp and nettle by Nikos Mavrogiannopoulos.
- */
-
-#include "ecc.h"
-
-/*
- @file ecc_mulmod_timing.c
- ECC Crypto, Tom St Denis
-*/
-
-/*
- Perform a point multiplication (timing resistant)
- @param k The scalar to multiply by
- @param G The base point
- @param R [out] Destination for kG
- @param a The a value of the curve
- @param modulus The modulus of the field the ECC curve is in
- @param map Boolean whether to map back to affine or not (1==map, 0 ==
leave in projective)
- @return 0 on success
-*/
-int
-ecc_mulmod_timing (mpz_t k, ecc_point * G, ecc_point * R, mpz_t a, mpz_t
modulus,
- int map)
-{
- ecc_point *tG, *M[3];
- int i, j, err;
- int bit_to_read;
- int mode;
-
- if (k == NULL || G == NULL || R == NULL || modulus == NULL)
- return -1;
-
- /* alloc ram for window temps */
- for (i = 0; i < 3; i++)
- {
- M[i] = ecc_new_point ();
- if (M[i] == NULL)
- {
- for (j = 0; j < i; j++)
- {
- ecc_del_point (M[j]);
- }
- return -1;
- }
- }
-
- /* make a copy of G incase R==G */
- tG = ecc_new_point ();
- if (tG == NULL)
- {
- err = -1;
- goto done;
- }
-
- /* tG = G and convert to montgomery */
- mpz_set (tG->x, G->x);
- mpz_set (tG->y, G->y);
- mpz_set (tG->z, G->z);
-
- /* calc the M tab */
- /* M[0] == G */
- mpz_set (M[0]->x, tG->x);
- mpz_set (M[0]->y, tG->y);
- mpz_set (M[0]->z, tG->z);
- /* M[1] == 2G */
- if ((err = ecc_projective_dbl_point (tG, M[1], a, modulus)) != 0)
- {
- goto done;
- }
-
- /* setup sliding window */
- mode = 0;
- bit_to_read = mpz_size (k) * GMP_NUMB_BITS - 1;
-
- /* perform ops */
- for (;;)
- {
- /* grab next digit as required */
- if (bit_to_read == -1)
- break;
- i = mpz_tstbit (k, bit_to_read--);
-
- if (mode == 0 && i == 0)
- {
- /* dummy operations */
- if ((err =
- ecc_projective_add_point (M[0], M[1], M[2], a,
- modulus)) != 0)
- {
- goto done;
- }
- if ((err =
- ecc_projective_dbl_point (M[1], M[2], a, modulus)) != 0)
- {
- goto done;
- }
- continue;
- }
-
- if (mode == 0 && i == 1)
- {
- mode = 1;
- /* dummy operations */
- if ((err =
- ecc_projective_add_point (M[0], M[1], M[2], a,
- modulus)) != 0)
- {
- goto done;
- }
- if ((err =
- ecc_projective_dbl_point (M[1], M[2], a, modulus)) != 0)
- {
- goto done;
- }
- continue;
- }
-
- if ((err =
- ecc_projective_add_point (M[0], M[1], M[i ^ 1], a,
- modulus)) != 0)
- {
- goto done;
- }
- if ((err = ecc_projective_dbl_point (M[i], M[i], a, modulus)) != 0)
- {
- goto done;
- }
- }
-
- /* copy result out */
- mpz_set (R->x, M[0]->x);
- mpz_set (R->y, M[0]->y);
- mpz_set (R->z, M[0]->z);
-
- /* map R back from projective space */
- if (map)
- {
- err = ecc_map (R, modulus);
- }
- else
- {
- err = 0;
- }
-done:
- ecc_del_point (tG);
- for (i = 0; i < 3; i++)
- {
- ecc_del_point (M[i]);
- }
- return err;
-}
-
-/* $Source: /cvs/libtom/libtomcrypt/src/pk/ecc/ecc_mulmod_timing.c,v $ */
-/* $Revision: 1.13 $ */
-/* $Date: 2007/05/12 14:32:35 $ */
diff --git a/lib/nettle/ecc_mulmod_wmnaf.c b/lib/nettle/ecc_mulmod_wmnaf.c
deleted file mode 100644
index 87d6a38..0000000
--- a/lib/nettle/ecc_mulmod_wmnaf.c
+++ /dev/null
@@ -1,165 +0,0 @@
-/*
- * Copyright (C) 2011-2012 Free Software Foundation, Inc.
- *
- * Author: Ilya Tumaykin
- *
- * This file is part of GNUTLS.
- *
- * The GNUTLS library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public License
- * as published by the Free Software Foundation; either version 3 of
- * the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public License
- * along with this program. If not, see <http://www.gnu.org/licenses/>
- *
- */
-
-#include "ecc.h"
-
-
-/*
- Perform a point multiplication using wMNAF representation
- @param k The scalar to multiply by
- @param G The base point
- @param R [out] Destination for kG
- @param a The curve's A value
- @param modulus The modulus of the field the ECC curve is in
- @param map Boolean whether to map back to affine or not (1 == map, 0
== leave in projective)
- @return GNUTLS_E_SUCCESS on success
-*/
-int
-ecc_mulmod_wmnaf (mpz_t k, ecc_point * G, ecc_point * R, mpz_t a,
- mpz_t modulus, int map)
-{
- ecc_point *pos[WMNAF_PRECOMPUTED_LENGTH], *neg[WMNAF_PRECOMPUTED_LENGTH];
- int i, j, err;
-
- signed char *wmnaf = NULL;
- size_t wmnaf_len;
- signed char digit;
-
- if (k == NULL || G == NULL || R == NULL || modulus == NULL)
- return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
-
- /* alloc ram for precomputed values */
- for (i = 0; i < WMNAF_PRECOMPUTED_LENGTH; ++i)
- {
- pos[i] = ecc_new_point ();
- neg[i] = ecc_new_point ();
- if (pos[i] == NULL || neg[i] == NULL)
- {
- for (j = 0; j < i; ++j)
- {
- ecc_del_point (pos[j]);
- ecc_del_point (neg[j]);
- }
-
- return GNUTLS_E_MEMORY_ERROR;
- }
- }
-
- /* fill in pos and neg arrays with precomputed values
- * pos holds kG for k == 1, 3, 5, ..., (2^w - 1)
- * neg holds kG for k == -1,-3,-5, ...,-(2^w - 1)
- */
-
- /* pos[0] == 2G for a while, later it will be set to the expected 1G */
- if ((err = ecc_projective_dbl_point (G, pos[0], a, modulus)) != 0)
- goto done;
-
- /* pos[1] == 3G */
- if ((err =
- ecc_projective_add_point_ng (pos[0], G, pos[1], a, modulus)) != 0)
- goto done;
-
- /* fill in kG for k = 5, 7, ..., (2^w - 1) */
- for (j = 2; j < WMNAF_PRECOMPUTED_LENGTH; ++j)
- {
- if ((err =
- ecc_projective_add_point_ng (pos[j - 1], pos[0], pos[j], a,
- modulus)) != 0)
- goto done;
- }
-
- /* set pos[0] == 1G as expected
- * after this step we don't need G at all
- * and can change it without worries even if R == G */
- mpz_set (pos[0]->x, G->x);
- mpz_set (pos[0]->y, G->y);
- mpz_set (pos[0]->z, G->z);
-
- /* neg[i] == -pos[i] */
- for (j = 0; j < WMNAF_PRECOMPUTED_LENGTH; ++j)
- {
- if ((err = ecc_projective_negate_point (pos[j], neg[j], modulus)) != 0)
- goto done;
- }
-
- /* calculate wMNAF */
- wmnaf = ecc_wMNAF (k, &wmnaf_len);
- if (!wmnaf)
- {
- err = GNUTLS_E_INTERNAL_ERROR;
- goto done;
- }
-
- /* actual point computation */
-
- /* set R to neutral */
- mpz_set_ui (R->x, 1);
- mpz_set_ui (R->y, 1);
- mpz_set_ui (R->z, 0);
-
- /* perform ops */
- for (j = wmnaf_len - 1; j >= 0; --j)
- {
- if ((err = ecc_projective_dbl_point (R, R, a, modulus)) != 0)
- goto done;
-
- digit = wmnaf[j];
-
- if (digit)
- {
- if (digit > 0)
- {
- if ((err =
- ecc_projective_add_point_ng (R, pos[(digit / 2)], R, a,
- modulus)) != 0)
- goto done;
- }
- else
- {
- if ((err =
- ecc_projective_add_point_ng (R, neg[(-digit / 2)], R, a,
- modulus)) != 0)
- goto done;
- }
- }
- }
-
-
- /* map R back from projective space */
- if (map)
- {
- err = ecc_map (R, modulus);
- }
- else
- {
- err = GNUTLS_E_SUCCESS;
- }
-done:
- for (i = 0; i < WMNAF_PRECOMPUTED_LENGTH; ++i)
- {
- ecc_del_point (pos[i]);
- ecc_del_point (neg[i]);
- }
- if (wmnaf)
- free (wmnaf);
- return err;
-}
diff --git a/lib/nettle/ecc_projective_add_point.c
b/lib/nettle/ecc_projective_add_point.c
deleted file mode 100644
index 586f116..0000000
--- a/lib/nettle/ecc_projective_add_point.c
+++ /dev/null
@@ -1,255 +0,0 @@
-/*
- * Copyright (C) 2011-2012 Free Software Foundation, Inc.
- *
- * This file is part of GNUTLS.
- *
- * The GNUTLS library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public License
- * as published by the Free Software Foundation; either version 3 of
- * the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public License
- * along with this program. If not, see <http://www.gnu.org/licenses/>
- *
- */
-
-/* Based on public domain code of LibTomCrypt by Tom St Denis.
- * Adapted to gmp and nettle by Nikos Mavrogiannopoulos.
- */
-
-#include "ecc.h"
-
-/*
- @file ecc_projective_add_point.c
- ECC Crypto, Tom St Denis
-*/
-
-/*
- Add two ECC points
- @param P The point to add
- @param Q The point to add
- @param R [out] The destination of the double
- @param a Curve's a value
- @param modulus The modulus of the field the ECC curve is in
- @return GNUTLS_E_SUCCESS on success
-*/
-int
-ecc_projective_add_point (ecc_point * P, ecc_point * Q, ecc_point * R,
- mpz_t a, mpz_t modulus)
-{
- /* Using "(m)add-2004-hmv" algorithm
- * It costs 12M + 4S + half. */
- mpz_t t1, t2, x, y, z;
- int err;
-
- if (P == NULL || Q == NULL || R == NULL || modulus == NULL)
- return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
-
- /* check for neutral points */
- if ( (err = ecc_projective_isneutral(Q, modulus)) == 0 ) {
- /* P + Q = P + neutral = P */
-
- mpz_set (R->x, P->x);
- mpz_set (R->y, P->y);
- mpz_set (R->z, P->z);
-
- return GNUTLS_E_SUCCESS;
- } else if (err < 0) {
- return err;
- }
-
- if ( (err = ecc_projective_isneutral(P, modulus)) == 0 ) {
- /* P + Q = neutral + Q = Q */
-
- mpz_set (R->x, Q->x);
- mpz_set (R->y, Q->y);
- mpz_set (R->z, Q->z);
-
- return GNUTLS_E_SUCCESS;
- } else if (err < 0) {
- return err;
- }
-
- if ((err = mp_init_multi (&t1, &t2, &x, &y, &z, NULL)) != 0)
- {
- return err;
- }
-
- /* Check if P == Q and do doubling in that case
- * If Q == -P then P + Q = neutral element
- */
- if ((mpz_cmp (P->x, Q->x) == 0) &&
- (mpz_cmp (P->z, Q->z) == 0))
- {
- /* x and z coordinates match. Check if P->y = Q->y, or P->y = -Q->y
- */
- if (mpz_cmp (P->y, Q->y) == 0)
- {
- mp_clear_multi (&t1, &t2, &x, &y, &z, NULL);
- return ecc_projective_dbl_point (P, R, a, modulus);
- }
-
- mpz_sub (t1, modulus, Q->y);
- if (mpz_cmp (P->y, t1) == 0)
- {
- mp_clear_multi (&t1, &t2, &x, &y, &z, NULL);
- mpz_set_ui(R->x, 1);
- mpz_set_ui(R->y, 1);
- mpz_set_ui(R->z, 0);
- return GNUTLS_E_SUCCESS;
- }
- }
-
-
- mpz_set (x, P->x);
- mpz_set (y, P->y);
- mpz_set (z, P->z);
-
- /* if Z is one then these are no-operations */
- if (mpz_cmp_ui (Q->z, 1) != 0)
- {
- /* T1 = Z' * Z' */
- mpz_mul (t1, Q->z, Q->z);
- mpz_mod (t1, t1, modulus);
- /* X = X * T1 */
- mpz_mul (x, x, t1);
- mpz_mod (x, x, modulus);
- /* T1 = Z' * T1 */
- mpz_mul (t1, t1, Q->z);
- mpz_mod (t1, t1, modulus);
- /* Y = Y * T1 */
- mpz_mul (y, y, t1);
- mpz_mod (y, y, modulus);
- }
-
- /* T1 = Z*Z */
- mpz_mul (t1, z, z);
- mpz_mod (t1, t1, modulus);
- /* T2 = X' * T1 */
- mpz_mul (t2, t1, Q->x);
- mpz_mod (t2, t2, modulus);
- /* T1 = Z * T1 */
- mpz_mul (t1, t1, z);
- mpz_mod (t1, t1, modulus);
- /* T1 = Y' * T1 */
- mpz_mul (t1, t1, Q->y);
- mpz_mod (t1, t1, modulus);
-
- /* Y = Y - T1 */
- mpz_sub (y, y, t1);
- if (mpz_cmp_ui (y, 0) < 0)
- {
- mpz_add (y, y, modulus);
- }
- /* T1 = 2T1 */
- mpz_add (t1, t1, t1);
- if (mpz_cmp (t1, modulus) >= 0)
- {
- mpz_sub (t1, t1, modulus);
- }
- /* T1 = Y + T1 */
- mpz_add (t1, t1, y);
- if (mpz_cmp (t1, modulus) >= 0)
- {
- mpz_sub (t1, t1, modulus);
- }
- /* X = X - T2 */
- mpz_sub (x, x, t2);
- if (mpz_cmp_ui (x, 0) < 0)
- {
- mpz_add (x, x, modulus);
- }
- /* T2 = 2T2 */
- mpz_add (t2, t2, t2);
- if (mpz_cmp (t2, modulus) >= 0)
- {
- mpz_sub (t2, t2, modulus);
- }
- /* T2 = X + T2 */
- mpz_add (t2, t2, x);
- if (mpz_cmp (t2, modulus) >= 0)
- {
- mpz_sub (t2, t2, modulus);
- }
-
- /* if Z' != 1 */
- if (mpz_cmp_ui (Q->z, 1) != 0)
- {
- /* Z = Z * Z' */
- mpz_mul (z, z, Q->z);
- mpz_mod (z, z, modulus);
- }
-
- /* Z = Z * X */
- mpz_mul (z, z, x);
- mpz_mod (z, z, modulus);
-
- /* T1 = T1 * X */
- mpz_mul (t1, t1, x);
- mpz_mod (t1, t1, modulus);
- /* X = X * X */
- mpz_mul (x, x, x);
- mpz_mod (x, x, modulus);
- /* T2 = T2 * x */
- mpz_mul (t2, t2, x);
- mpz_mod (t2, t2, modulus);
- /* T1 = T1 * X */
- mpz_mul (t1, t1, x);
- mpz_mod (t1, t1, modulus);
-
- /* X = Y*Y */
- mpz_mul (x, y, y);
- mpz_mod (x, x, modulus);
- /* X = X - T2 */
- mpz_sub (x, x, t2);
- if (mpz_cmp_ui (x, 0) < 0)
- {
- mpz_add (x, x, modulus);
- }
-
- /* T2 = T2 - X */
- mpz_sub (t2, t2, x);
- if (mpz_cmp_ui (t2, 0) < 0)
- {
- mpz_add (t2, t2, modulus);
- }
- /* T2 = T2 - X */
- mpz_sub (t2, t2, x);
- if (mpz_cmp_ui (t2, 0) < 0)
- {
- mpz_add (t2, t2, modulus);
- }
- /* T2 = T2 * Y */
- mpz_mul (t2, t2, y);
- mpz_mod (t2, t2, modulus);
- /* Y = T2 - T1 */
- mpz_sub (y, t2, t1);
- if (mpz_cmp_ui (y, 0) < 0)
- {
- mpz_add (y, y, modulus);
- }
- /* Y = Y/2 */
- if (mpz_odd_p (y))
- {
- mpz_add (y, y, modulus);
- }
- mpz_divexact_ui (y, y, 2);
-
- mpz_set (R->x, x);
- mpz_set (R->y, y);
- mpz_set (R->z, z);
-
- err = GNUTLS_E_SUCCESS;
-
- mp_clear_multi (&t1, &t2, &x, &y, &z, NULL);
- return err;
-}
-
-/* $Source: /cvs/libtom/libtomcrypt/src/pk/ecc/ecc_projective_add_point.c,v $
*/
-/* $Revision: 1.16 $ */
-/* $Date: 2007/05/12 14:32:35 $ */
diff --git a/lib/nettle/ecc_projective_add_point_ng.c
b/lib/nettle/ecc_projective_add_point_ng.c
index 72a7e7c..c425143 100644
--- a/lib/nettle/ecc_projective_add_point_ng.c
+++ b/lib/nettle/ecc_projective_add_point_ng.c
@@ -69,7 +69,7 @@
It will work in general case without a change.
*/
int
-ecc_projective_add_point_ng (ecc_point * P, ecc_point * Q, ecc_point * R,
+ecc_projective_add_point (ecc_point * P, ecc_point * Q, ecc_point * R,
mpz_t a, mpz_t modulus)
{
mpz_t t0, t1, S1, H, HHH, r, V;
diff --git a/lib/nettle/ecc_shared_secret.c b/lib/nettle/ecc_shared_secret.c
index 74466ed..c9ed006 100644
--- a/lib/nettle/ecc_shared_secret.c
+++ b/lib/nettle/ecc_shared_secret.c
@@ -63,7 +63,7 @@ ecc_shared_secret (ecc_key * private_key, ecc_key *
public_key,
}
if ((err =
- ecc_mulmod_wmnaf (private_key->k, &public_key->pubkey, result,
+ ecc_mulmod (private_key->k, &public_key->pubkey, result,
private_key->A, private_key->prime, 1)) != 0)
{
goto done;
diff --git a/lib/nettle/ecc_verify_hash.c b/lib/nettle/ecc_verify_hash.c
index fc31735..be939de 100644
--- a/lib/nettle/ecc_verify_hash.c
+++ b/lib/nettle/ecc_verify_hash.c
@@ -112,18 +112,18 @@ ecc_verify_hash (struct dsa_signature *signature,
mpz_set (mQ->z, key->pubkey.z);
/* compute u1*mG + u2*mQ = mG */
- if ((err = ecc_mulmod_wmnaf_cached (u1, curve_id, mG, key->A, key->prime,
0)) != 0)
+ if ((err = ecc_mulmod_cached (u1, curve_id, mG, key->A, key->prime, 0)) != 0)
{
goto error;
}
- if ((err = ecc_mulmod_wmnaf (u2, mQ, mQ, key->A, key->prime, 0)) != 0)
+ if ((err = ecc_mulmod (u2, mQ, mQ, key->A, key->prime, 0)) != 0)
{
goto error;
}
/* add them */
if ((err =
- ecc_projective_add_point_ng (mQ, mG, mG, key->A, key->prime)) != 0)
+ ecc_projective_add_point (mQ, mG, mG, key->A, key->prime)) != 0)
{
goto error;
}
diff --git a/lib/nettle/pk.c b/lib/nettle/pk.c
index c54d83b..8769278 100644
--- a/lib/nettle/pk.c
+++ b/lib/nettle/pk.c
@@ -897,7 +897,7 @@ dsa_cleanup:
memcpy(&zero.z, ecc_priv.pubkey.z, sizeof(mpz_t)); /* z = 1 */
/* verify that k*(Gx,Gy)=(x,y) */
- ret = ecc_mulmod_wmnaf_cached(ecc_priv.k, curve, R,
TOMPZ(params->params[ECC_A]), TOMPZ(params->params[ECC_PRIME]), 1);
+ ret = ecc_mulmod_cached(ecc_priv.k, curve, R,
TOMPZ(params->params[ECC_A]), TOMPZ(params->params[ECC_PRIME]), 1);
if (ret != 0)
{
ret = gnutls_assert_val(GNUTLS_E_ILLEGAL_PARAMETER);
hooks/post-receive
--
GNU gnutls
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU gnutls branch, master, updated. gnutls_3_1_0-41-g5c367d5,
Nikos Mavrogiannopoulos <=