Commit b32afc8e authored by Niels Möller's avatar Niels Möller
Browse files

Changed ecc_hash argument type from struct ecc_curve to struct ecc_modulo.

parent 8b6cd994
2014-09-23 Niels Möller <nisse@lysator.liu.se> 2014-09-23 Niels Möller <nisse@lysator.liu.se>
* ecc-hash.c (ecc_hash): Changed argument type from struct
ecc_curve to struct ecc_modulo. Updated callers.
* testsuite/ecdsa-sign-test.c (test_main): Updated curve25519
signature s. Changed since the hash value is truncated a few bits
more, to match the size of q.
* testsuite/ecdsa-verify-test.c (test_main): Likewise.
* testsuite/ecc-modinv-test.c (zero_p): New function, checking for * testsuite/ecc-modinv-test.c (zero_p): New function, checking for
zero modulo p. zero modulo p.
(test_modulo): Use zero_p. Switch to dynamic allocation. Updated (test_modulo): Use zero_p. Switch to dynamic allocation. Updated
......
...@@ -86,7 +86,7 @@ ecc_ecdsa_sign (const struct ecc_curve *ecc, ...@@ -86,7 +86,7 @@ ecc_ecdsa_sign (const struct ecc_curve *ecc,
ecc->q.invert (&ecc->q, kinv, kp, tp); /* NOTE: Also clobbers hp */ ecc->q.invert (&ecc->q, kinv, kp, tp); /* NOTE: Also clobbers hp */
/* Process hash digest */ /* Process hash digest */
ecc_hash (ecc, hp, length, digest); ecc_hash (&ecc->q, hp, length, digest);
ecc_modq_mul (ecc, tp, zp, rp); ecc_modq_mul (ecc, tp, zp, rp);
ecc_modq_add (ecc, hp, hp, tp); ecc_modq_add (ecc, hp, hp, tp);
......
...@@ -111,7 +111,7 @@ ecc_ecdsa_verify (const struct ecc_curve *ecc, ...@@ -111,7 +111,7 @@ ecc_ecdsa_verify (const struct ecc_curve *ecc,
ecc->q.invert (&ecc->q, sinv, sp, sinv + 2*ecc->p.size); ecc->q.invert (&ecc->q, sinv, sp, sinv + 2*ecc->p.size);
/* u1 = h / s, P1 = u1 * G */ /* u1 = h / s, P1 = u1 * G */
ecc_hash (ecc, hp, length, digest); ecc_hash (&ecc->q, hp, length, digest);
ecc_modq_mul (ecc, u1, hp, sinv); ecc_modq_mul (ecc, u1, hp, sinv);
/* u2 = r / s, P2 = u2 * Y */ /* u2 = r / s, P2 = u2 * Y */
......
...@@ -44,23 +44,21 @@ ...@@ -44,23 +44,21 @@
/* NOTE: We don't considered the hash value to be secret, so it's ok /* NOTE: We don't considered the hash value to be secret, so it's ok
if the running time of this conversion depends on h. if the running time of this conversion depends on h.
Requires ecc->size + 1 limbs, the extra limb may be needed for Requires m->size + 1 limbs, the extra limb may be needed for
unusual limb sizes. unusual limb sizes.
*/ */
/* FIXME: Take a struct ecc_modulo * as argument, and it would make
more sense to pass q than p. */
void void
ecc_hash (const struct ecc_curve *ecc, ecc_hash (const struct ecc_modulo *m,
mp_limb_t *hp, mp_limb_t *hp,
size_t length, const uint8_t *digest) size_t length, const uint8_t *digest)
{ {
if (length > ((size_t) ecc->p.bit_size + 7) / 8) if (length > ((size_t) m->bit_size + 7) / 8)
length = (ecc->p.bit_size + 7) / 8; length = (m->bit_size + 7) / 8;
mpn_set_base256 (hp, ecc->p.size + 1, digest, length); mpn_set_base256 (hp, m->size + 1, digest, length);
if (8 * length > ecc->p.bit_size) if (8 * length > m->bit_size)
/* We got a few extra bits, at the low end. Discard them. */ /* We got a few extra bits, at the low end. Discard them. */
mpn_rshift (hp, hp, ecc->p.size + 1, 8*length - ecc->p.bit_size); mpn_rshift (hp, hp, m->size + 1, 8*length - m->bit_size);
} }
...@@ -237,7 +237,7 @@ ecc_mod_random (const struct ecc_modulo *m, mp_limb_t *xp, ...@@ -237,7 +237,7 @@ ecc_mod_random (const struct ecc_modulo *m, mp_limb_t *xp,
void *ctx, nettle_random_func *random, mp_limb_t *scratch); void *ctx, nettle_random_func *random, mp_limb_t *scratch);
void void
ecc_hash (const struct ecc_curve *ecc, ecc_hash (const struct ecc_modulo *m,
mp_limb_t *hp, mp_limb_t *hp,
size_t length, const uint8_t *digest); size_t length, const uint8_t *digest);
......
...@@ -168,6 +168,6 @@ test_main (void) ...@@ -168,6 +168,6 @@ test_main (void)
"ae760d5331496119 5d967fd881e3b0f5"), /* h */ "ae760d5331496119 5d967fd881e3b0f5"), /* h */
" 515c3a485f57432 0daf3353a0d08110" " 515c3a485f57432 0daf3353a0d08110"
"64157c556296de09 4132f74865961b37", /* r */ "64157c556296de09 4132f74865961b37", /* r */
" 9ddd3e2fa87328c 372e28ac7a1c0c65" " 78f23367291b01 3fc430fb09322d95"
"697196d643238fd0 c4caa4d1d88a62fe"); /* s */ "4384723649868d8e 88effc7ac8b141d7"); /* s */
} }
...@@ -156,6 +156,6 @@ test_main (void) ...@@ -156,6 +156,6 @@ test_main (void)
"ae760d5331496119 5d967fd881e3b0f5"), /* h */ "ae760d5331496119 5d967fd881e3b0f5"), /* h */
" 515c3a485f57432 0daf3353a0d08110" " 515c3a485f57432 0daf3353a0d08110"
"64157c556296de09 4132f74865961b37", /* r */ "64157c556296de09 4132f74865961b37", /* r */
" 9ddd3e2fa87328c 372e28ac7a1c0c65" " 78f23367291b01 3fc430fb09322d95"
"697196d643238fd0 c4caa4d1d88a62fe"); /* s */ "4384723649868d8e 88effc7ac8b141d7"); /* s */
} }
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment