Commit 6f544435 authored by Niels Möller's avatar Niels Möller

Deleted ECC_ECDSA_VERIFY_ITCH macro. Tweak the corresponding function, and use it.

parent 24c9769b
2014-08-28 Niels Möller <nisse@lysator.liu.se>
* ecc-internal.h (ECC_ECDSA_VERIFY_ITCH): Deleted macro. Needed
scratch depends on curve type, not just size.
* ecdsa-verify.c (ecdsa_verify): Use the ecc_ecdsa_verify_itch
function, not the corresponding macro.
* ecc-ecdsa-verify.c (ecc_ecdsa_verify_itch): Take ecc->mul_itch
into account. Also reduce to 5*ecc->size + ecc->mul_itch.
* testsuite/ecdsa-sign-test.c (test_main): Added test for the
obscure case of ecdsa using curve25519.
......
......@@ -62,9 +62,8 @@ ecdsa_in_range (const struct ecc_curve *ecc, const mp_limb_t *xp)
mp_size_t
ecc_ecdsa_verify_itch (const struct ecc_curve *ecc)
{
/* Largest storage need is for the ecc_mul_a call, 6 * ecc->size +
ECC_MUL_A_ITCH (size) */
return ECC_ECDSA_VERIFY_ITCH (ecc->size);
/* Largest storage need is for the ecc->mul call. */
return 5*ecc->size + ecc->mul_itch;
}
/* FIXME: Use faster primitives, not requiring side-channel silence. */
......@@ -113,7 +112,7 @@ ecc_ecdsa_verify (const struct ecc_curve *ecc,
/* u2 = r / s, P2 = u2 * Y */
ecc_modq_mul (ecc, u2, rp, sinv);
/* Total storage: 5*ecc->size + ECC_MUL_A_ITCH (ecc->size) */
/* Total storage: 5*ecc->size + ecc->mul_itch */
ecc_mul_a (ecc, P2, u2, pp, u2 + ecc->size);
/* u1 = h / s, P1 = u1 * G */
......@@ -124,7 +123,7 @@ ecc_ecdsa_verify (const struct ecc_curve *ecc,
unlikely. */
if (!zero_p (u1, ecc->size))
{
/* Total storage: 6*ecc->size + ECC_MUL_G_ITCH (ecc->size) */
/* Total storage: 6*ecc->size + ecc->mul_g_itch (ecc->size) */
ecc_mul_g (ecc, P1, u1, u1 + ecc->size);
/* NOTE: ecc_add_jjj and/or ecc_j_to_a will produce garbage in
......
......@@ -285,8 +285,6 @@ ecc_25519_sqrt(mp_limb_t *rp, const mp_limb_t *ap);
(((3 << ECC_MUL_A_EH_WBITS) + 10) * (size))
#endif
#define ECC_ECDSA_SIGN_ITCH(size) (12*(size))
#define ECC_ECDSA_VERIFY_ITCH(size) \
(6*(size) + ECC_MUL_A_ITCH ((size)))
#define ECC_MODQ_RANDOM_ITCH(size) (size)
#define ECC_HASH_ITCH(size) (1+(size))
......
......@@ -47,7 +47,7 @@ ecdsa_verify (const struct ecc_point *pub,
const struct dsa_signature *signature)
{
mp_limb_t size = pub->ecc->size;
mp_size_t itch = 2*size + ECC_ECDSA_VERIFY_ITCH (size);
mp_size_t itch = 2*size + ecc_ecdsa_verify_itch (pub->ecc);
/* For ECC_MUL_A_WBITS == 0, at most 1512 bytes. With
ECC_MUL_A_WBITS == 4, currently needs 67 * ecc->size, at most
4824 bytes. Don't use stack allocation for this. */
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment