Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
Menu
Open sidebar
Dmitry Baryshkov
nettle
Commits
6f544435
Commit
6f544435
authored
Aug 28, 2014
by
Niels Möller
Browse files
Deleted ECC_ECDSA_VERIFY_ITCH macro. Tweak the corresponding function, and use it.
parent
24c9769b
Changes
4
Hide whitespace changes
Inline
Side-by-side
ChangeLog
View file @
6f544435
2014-08-28 Niels Möller <nisse@lysator.liu.se>
* ecc-internal.h (ECC_ECDSA_VERIFY_ITCH): Deleted macro. Needed
scratch depends on curve type, not just size.
* ecdsa-verify.c (ecdsa_verify): Use the ecc_ecdsa_verify_itch
function, not the corresponding macro.
* ecc-ecdsa-verify.c (ecc_ecdsa_verify_itch): Take ecc->mul_itch
into account. Also reduce to 5*ecc->size + ecc->mul_itch.
* testsuite/ecdsa-sign-test.c (test_main): Added test for the
obscure case of ecdsa using curve25519.
...
...
ecc-ecdsa-verify.c
View file @
6f544435
...
...
@@ -62,9 +62,8 @@ ecdsa_in_range (const struct ecc_curve *ecc, const mp_limb_t *xp)
mp_size_t
ecc_ecdsa_verify_itch
(
const
struct
ecc_curve
*
ecc
)
{
/* Largest storage need is for the ecc_mul_a call, 6 * ecc->size +
ECC_MUL_A_ITCH (size) */
return
ECC_ECDSA_VERIFY_ITCH
(
ecc
->
size
);
/* Largest storage need is for the ecc->mul call. */
return
5
*
ecc
->
size
+
ecc
->
mul_itch
;
}
/* FIXME: Use faster primitives, not requiring side-channel silence. */
...
...
@@ -113,7 +112,7 @@ ecc_ecdsa_verify (const struct ecc_curve *ecc,
/* u2 = r / s, P2 = u2 * Y */
ecc_modq_mul
(
ecc
,
u2
,
rp
,
sinv
);
/* Total storage: 5*ecc->size +
ECC_MUL_A_ITCH (ecc->size)
*/
/* Total storage: 5*ecc->size +
ecc->mul_itch
*/
ecc_mul_a
(
ecc
,
P2
,
u2
,
pp
,
u2
+
ecc
->
size
);
/* u1 = h / s, P1 = u1 * G */
...
...
@@ -124,7 +123,7 @@ ecc_ecdsa_verify (const struct ecc_curve *ecc,
unlikely. */
if
(
!
zero_p
(
u1
,
ecc
->
size
))
{
/* Total storage: 6*ecc->size +
ECC_MUL_G_ITCH
(ecc->size) */
/* Total storage: 6*ecc->size +
ecc->mul_g_itch
(ecc->size) */
ecc_mul_g
(
ecc
,
P1
,
u1
,
u1
+
ecc
->
size
);
/* NOTE: ecc_add_jjj and/or ecc_j_to_a will produce garbage in
...
...
ecc-internal.h
View file @
6f544435
...
...
@@ -285,8 +285,6 @@ ecc_25519_sqrt(mp_limb_t *rp, const mp_limb_t *ap);
(((3 << ECC_MUL_A_EH_WBITS) + 10) * (size))
#endif
#define ECC_ECDSA_SIGN_ITCH(size) (12*(size))
#define ECC_ECDSA_VERIFY_ITCH(size) \
(6*(size) + ECC_MUL_A_ITCH ((size)))
#define ECC_MODQ_RANDOM_ITCH(size) (size)
#define ECC_HASH_ITCH(size) (1+(size))
...
...
ecdsa-verify.c
View file @
6f544435
...
...
@@ -47,7 +47,7 @@ ecdsa_verify (const struct ecc_point *pub,
const
struct
dsa_signature
*
signature
)
{
mp_limb_t
size
=
pub
->
ecc
->
size
;
mp_size_t
itch
=
2
*
size
+
ECC_ECDSA_VERIFY_ITCH
(
size
);
mp_size_t
itch
=
2
*
size
+
ecc_ecdsa_verify_itch
(
pub
->
ecc
);
/* For ECC_MUL_A_WBITS == 0, at most 1512 bytes. With
ECC_MUL_A_WBITS == 4, currently needs 67 * ecc->size, at most
4824 bytes. Don't use stack allocation for this. */
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment