Commit 64b9a7f8 authored by Niels Möller's avatar Niels Möller

Renamed and generalized ecc_modq_random -> ecc_mod_random.

parent 296b09cc
2014-09-22 Niels Möller <nisse@lysator.liu.se>
* ecc-random.c (ecc_mod_random): Renamed, and take a const struct
ecc_modulo * as argument. Updated callers.
(ecc_modq_random): ... old name.
* ecc-mod-arith.c: New file, replacing ecc-modp.c and ecc-modq.c.
All functions take a struct ecc_modulo as argument.
(ecc_mod_add, ecc_mod_sub, ecc_mod_mul_1, ecc_mod_addmul_1)
......
......@@ -49,7 +49,7 @@
#define ecc_mod_submul_1 _nettle_ecc_mod_submul_1
#define ecc_mod_mul _nettle_ecc_mod_mul
#define ecc_mod_sqr _nettle_ecc_mod_sqr
#define ecc_modq_random _nettle_ecc_modq_random
#define ecc_mod_random _nettle_ecc_mod_random
#define ecc_mod _nettle_ecc_mod
#define ecc_mod_inv _nettle_ecc_mod_inv
#define ecc_hash _nettle_ecc_hash
......@@ -232,8 +232,8 @@ ecc_mod_sqr (const struct ecc_modulo *m, mp_limb_t *rp,
/* mod q operations. */
void
ecc_modq_random (const struct ecc_curve *ecc, mp_limb_t *xp,
void *ctx, nettle_random_func *random, mp_limb_t *scratch);
ecc_mod_random (const struct ecc_modulo *m, mp_limb_t *xp,
void *ctx, nettle_random_func *random, mp_limb_t *scratch);
void
ecc_hash (const struct ecc_curve *ecc,
......@@ -287,7 +287,7 @@ curve25519_eh_to_x (mp_limb_t *xp, const mp_limb_t *p,
(((3 << ECC_MUL_A_EH_WBITS) + 10) * (size))
#endif
#define ECC_ECDSA_SIGN_ITCH(size) (12*(size))
#define ECC_MODQ_RANDOM_ITCH(size) (size)
#define ECC_MOD_RANDOM_ITCH(size) (size)
#define ECC_HASH_ITCH(size) (1+(size))
#endif /* NETTLE_ECC_INTERNAL_H_INCLUDED */
......@@ -42,56 +42,54 @@
#include "nettle-internal.h"
static int
zero_p (const struct ecc_curve *ecc,
zero_p (const struct ecc_modulo *m,
const mp_limb_t *xp)
{
mp_limb_t t;
mp_size_t i;
for (i = t = 0; i < ecc->p.size; i++)
for (i = t = 0; i < m->size; i++)
t |= xp[i];
return t == 0;
}
static int
ecdsa_in_range (const struct ecc_curve *ecc,
ecdsa_in_range (const struct ecc_modulo *m,
const mp_limb_t *xp, mp_limb_t *scratch)
{
/* Check if 0 < x < q, with data independent timing. */
return !zero_p (ecc, xp)
& (mpn_sub_n (scratch, xp, ecc->q.m, ecc->p.size) != 0);
return !zero_p (m, xp)
& (mpn_sub_n (scratch, xp, m->m, m->size) != 0);
}
void
ecc_modq_random (const struct ecc_curve *ecc, mp_limb_t *xp,
void *ctx, nettle_random_func *random, mp_limb_t *scratch)
ecc_mod_random (const struct ecc_modulo *m, mp_limb_t *xp,
void *ctx, nettle_random_func *random, mp_limb_t *scratch)
{
uint8_t *buf = (uint8_t *) scratch;
unsigned nbytes = (ecc->q.bit_size + 7)/8;
unsigned nbytes = (m->bit_size + 7)/8;
/* The bytes ought to fit in the scratch area, unless we have very
unusual limb and byte sizes. */
assert (nbytes <= ecc->p.size * sizeof (mp_limb_t));
assert (nbytes <= m->size * sizeof (mp_limb_t));
do
{
random (ctx, nbytes, buf);
buf[0] &= 0xff >> (nbytes * 8 - ecc->q.bit_size);
buf[0] &= 0xff >> (nbytes * 8 - m->bit_size);
mpn_set_base256 (xp, ecc->p.size, buf, nbytes);
mpn_set_base256 (xp, m->size, buf, nbytes);
}
while (!ecdsa_in_range (ecc, xp, scratch));
while (!ecdsa_in_range (m, xp, scratch));
}
void
ecc_scalar_random (struct ecc_scalar *x,
void *random_ctx, nettle_random_func *random)
{
TMP_DECL (scratch, mp_limb_t, ECC_MODQ_RANDOM_ITCH (ECC_MAX_SIZE));
TMP_ALLOC (scratch, ECC_MODQ_RANDOM_ITCH (x->ecc->p.size));
TMP_DECL (scratch, mp_limb_t, ECC_MOD_RANDOM_ITCH (ECC_MAX_SIZE));
TMP_ALLOC (scratch, ECC_MOD_RANDOM_ITCH (x->ecc->q.size));
ecc_modq_random (x->ecc, x->p, random_ctx, random, scratch);
ecc_mod_random (&x->ecc->q, x->p, random_ctx, random, scratch);
}
......@@ -55,7 +55,7 @@ ecdsa_generate_keypair (struct ecc_point *pub,
TMP_ALLOC (p, itch);
ecc_modq_random (ecc, key->p, random_ctx, random, p);
ecc_mod_random (&ecc->q, key->p, random_ctx, random, p);
ecc->mul_g (ecc, p, key->p, p + 3*ecc->p.size);
ecc->h_to_a (ecc, 0, pub->p, p, p + 3*ecc->p.size);
}
......@@ -61,7 +61,7 @@ ecdsa_sign (const struct ecc_scalar *key,
timing is still independent of the secret k finally used. */
do
{
ecc_modq_random (key->ecc, k, random_ctx, random, k + size);
ecc_mod_random (&key->ecc->q, k, random_ctx, random, k + size);
ecc_ecdsa_sign (key->ecc, key->p, k, digest_length, digest,
rp, sp, k + size);
mpz_limbs_finish (signature->r, size);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment