Commit b32afc8e authored by Niels Möller's avatar Niels Möller

Changed ecc_hash argument type from struct ecc_curve to struct ecc_modulo.

parent 8b6cd994
2014-09-23 Niels Möller <nisse@lysator.liu.se>
* ecc-hash.c (ecc_hash): Changed argument type from struct
ecc_curve to struct ecc_modulo. Updated callers.
* testsuite/ecdsa-sign-test.c (test_main): Updated curve25519
signature s. Changed since the hash value is truncated a few bits
more, to match the size of q.
* testsuite/ecdsa-verify-test.c (test_main): Likewise.
* testsuite/ecc-modinv-test.c (zero_p): New function, checking for
zero modulo p.
(test_modulo): Use zero_p. Switch to dynamic allocation. Updated
......
......@@ -86,7 +86,7 @@ ecc_ecdsa_sign (const struct ecc_curve *ecc,
ecc->q.invert (&ecc->q, kinv, kp, tp); /* NOTE: Also clobbers hp */
/* Process hash digest */
ecc_hash (ecc, hp, length, digest);
ecc_hash (&ecc->q, hp, length, digest);
ecc_modq_mul (ecc, tp, zp, rp);
ecc_modq_add (ecc, hp, hp, tp);
......
......@@ -111,7 +111,7 @@ ecc_ecdsa_verify (const struct ecc_curve *ecc,
ecc->q.invert (&ecc->q, sinv, sp, sinv + 2*ecc->p.size);
/* u1 = h / s, P1 = u1 * G */
ecc_hash (ecc, hp, length, digest);
ecc_hash (&ecc->q, hp, length, digest);
ecc_modq_mul (ecc, u1, hp, sinv);
/* u2 = r / s, P2 = u2 * Y */
......
......@@ -44,23 +44,21 @@
/* NOTE: We don't considered the hash value to be secret, so it's ok
if the running time of this conversion depends on h.
Requires ecc->size + 1 limbs, the extra limb may be needed for
Requires m->size + 1 limbs, the extra limb may be needed for
unusual limb sizes.
*/
/* FIXME: Take a struct ecc_modulo * as argument, and it would make
more sense to pass q than p. */
void
ecc_hash (const struct ecc_curve *ecc,
ecc_hash (const struct ecc_modulo *m,
mp_limb_t *hp,
size_t length, const uint8_t *digest)
{
if (length > ((size_t) ecc->p.bit_size + 7) / 8)
length = (ecc->p.bit_size + 7) / 8;
if (length > ((size_t) m->bit_size + 7) / 8)
length = (m->bit_size + 7) / 8;
mpn_set_base256 (hp, ecc->p.size + 1, digest, length);
mpn_set_base256 (hp, m->size + 1, digest, length);
if (8 * length > ecc->p.bit_size)
if (8 * length > m->bit_size)
/* We got a few extra bits, at the low end. Discard them. */
mpn_rshift (hp, hp, ecc->p.size + 1, 8*length - ecc->p.bit_size);
mpn_rshift (hp, hp, m->size + 1, 8*length - m->bit_size);
}
......@@ -237,7 +237,7 @@ ecc_mod_random (const struct ecc_modulo *m, mp_limb_t *xp,
void *ctx, nettle_random_func *random, mp_limb_t *scratch);
void
ecc_hash (const struct ecc_curve *ecc,
ecc_hash (const struct ecc_modulo *m,
mp_limb_t *hp,
size_t length, const uint8_t *digest);
......
......@@ -168,6 +168,6 @@ test_main (void)
"ae760d5331496119 5d967fd881e3b0f5"), /* h */
" 515c3a485f57432 0daf3353a0d08110"
"64157c556296de09 4132f74865961b37", /* r */
" 9ddd3e2fa87328c 372e28ac7a1c0c65"
"697196d643238fd0 c4caa4d1d88a62fe"); /* s */
" 78f23367291b01 3fc430fb09322d95"
"4384723649868d8e 88effc7ac8b141d7"); /* s */
}
......@@ -156,6 +156,6 @@ test_main (void)
"ae760d5331496119 5d967fd881e3b0f5"), /* h */
" 515c3a485f57432 0daf3353a0d08110"
"64157c556296de09 4132f74865961b37", /* r */
" 9ddd3e2fa87328c 372e28ac7a1c0c65"
"697196d643238fd0 c4caa4d1d88a62fe"); /* s */
" 78f23367291b01 3fc430fb09322d95"
"4384723649868d8e 88effc7ac8b141d7"); /* s */
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment