diff options
| author | Matt Johnston <matt@ucc.asn.au> | 2018-02-09 21:44:05 +0800 |
|---|---|---|
| committer | Matt Johnston <matt@ucc.asn.au> | 2018-02-09 21:44:05 +0800 |
| commit | 4f2eb1914bdac3ed3ee504ad86061281dbe0d074 (patch) | |
| tree | 078293375c3f3ee2d485cf9559a08d65d460786a /libtomcrypt/src/pk/ecc | |
| parent | d72f50ff3284e15124a0f233c26339229fe305ac (diff) | |
Update to libtomcrypt 1.18.1, merged with Dropbear changes
Diffstat (limited to 'libtomcrypt/src/pk/ecc')
23 files changed, 334 insertions, 274 deletions
diff --git a/libtomcrypt/src/pk/ecc/ecc.c b/libtomcrypt/src/pk/ecc/ecc.c index 56ed526..18da0b3 100644 --- a/libtomcrypt/src/pk/ecc/ecc.c +++ b/libtomcrypt/src/pk/ecc/ecc.c @@ -5,8 +5,6 @@ * * The library is free for all purposes without any express * guarantee it works. - * - * Tom St Denis, tomstdenis@gmail.com, http://libtom.org */ /* Implements ECC over Z/pZ for curve y^2 = x^3 - 3x + b @@ -19,13 +17,13 @@ /** @file ecc.c ECC Crypto, Tom St Denis -*/ +*/ #ifdef LTC_MECC /* This holds the key settings. ***MUST*** be organized by size from smallest to largest. */ const ltc_ecc_set_type ltc_ecc_sets[] = { -#ifdef ECC112 +#ifdef LTC_ECC112 { 14, "SECP112R1", @@ -36,7 +34,7 @@ const ltc_ecc_set_type ltc_ecc_sets[] = { "A89CE5AF8724C0A23E0E0FF77500" }, #endif -#ifdef ECC128 +#ifdef LTC_ECC128 { 16, "SECP128R1", @@ -47,7 +45,7 @@ const ltc_ecc_set_type ltc_ecc_sets[] = { "CF5AC8395BAFEB13C02DA292DDED7A83", }, #endif -#ifdef ECC160 +#ifdef LTC_ECC160 { 20, "SECP160R1", @@ -58,7 +56,7 @@ const ltc_ecc_set_type ltc_ecc_sets[] = { "23A628553168947D59DCC912042351377AC5FB32", }, #endif -#ifdef ECC192 +#ifdef LTC_ECC192 { 24, "ECC-192", @@ -69,7 +67,7 @@ const ltc_ecc_set_type ltc_ecc_sets[] = { "7192B95FFC8DA78631011ED6B24CDD573F977A11E794811", }, #endif -#ifdef ECC224 +#ifdef LTC_ECC224 { 28, "ECC-224", @@ -80,7 +78,7 @@ const ltc_ecc_set_type ltc_ecc_sets[] = { "BD376388B5F723FB4C22DFE6CD4375A05A07476444D5819985007E34", }, #endif -#ifdef ECC256 +#ifdef LTC_ECC256 { 32, "ECC-256", @@ -91,7 +89,7 @@ const ltc_ecc_set_type ltc_ecc_sets[] = { "4FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5", }, #endif -#ifdef ECC384 +#ifdef LTC_ECC384 { 48, "ECC-384", @@ -102,7 +100,7 @@ const ltc_ecc_set_type ltc_ecc_sets[] = { "3617DE4A96262C6F5D9E98BF9292DC29F8F41DBD289A147CE9DA3113B5F0B8C00A60B1CE1D7E819D7A431D7C90EA0E5F", }, #endif -#ifdef ECC521 +#ifdef LTC_ECC521 { 66, "ECC-521", @@ -121,7 +119,7 @@ const ltc_ecc_set_type ltc_ecc_sets[] = { #endif -/* $Source$ */ -/* $Revision$ */ -/* $Date$ */ +/* ref: $Format:%D$ */ +/* git commit: $Format:%H$ */ +/* commit time: $Format:%ai$ */ diff --git a/libtomcrypt/src/pk/ecc/ecc_ansi_x963_export.c b/libtomcrypt/src/pk/ecc/ecc_ansi_x963_export.c index 09dae07..773b683 100644 --- a/libtomcrypt/src/pk/ecc/ecc_ansi_x963_export.c +++ b/libtomcrypt/src/pk/ecc/ecc_ansi_x963_export.c @@ -5,8 +5,6 @@ * * The library is free for all purposes without any express * guarantee it works. - * - * Tom St Denis, tomstdenis@gmail.com, http://libtom.org */ /* Implements ECC over Z/pZ for curve y^2 = x^3 - 3x + b @@ -19,7 +17,7 @@ /** @file ecc_ansi_x963_export.c ECC Crypto, Tom St Denis -*/ +*/ #ifdef LTC_MECC @@ -32,33 +30,40 @@ int ecc_ansi_x963_export(ecc_key *key, unsigned char *out, unsigned long *outlen) { unsigned char buf[ECC_BUF_SIZE]; - unsigned long numlen; + unsigned long numlen, xlen, ylen; LTC_ARGCHK(key != NULL); - LTC_ARGCHK(out != NULL); LTC_ARGCHK(outlen != NULL); if (ltc_ecc_is_valid_idx(key->idx) == 0) { return CRYPT_INVALID_ARG; } numlen = key->dp->size; + xlen = mp_unsigned_bin_size(key->pubkey.x); + ylen = mp_unsigned_bin_size(key->pubkey.y); + + if (xlen > numlen || ylen > numlen || sizeof(buf) < numlen) { + return CRYPT_BUFFER_OVERFLOW; + } if (*outlen < (1 + 2*numlen)) { *outlen = 1 + 2*numlen; return CRYPT_BUFFER_OVERFLOW; } + LTC_ARGCHK(out != NULL); + /* store byte 0x04 */ out[0] = 0x04; /* pad and store x */ zeromem(buf, sizeof(buf)); - mp_to_unsigned_bin(key->pubkey.x, buf + (numlen - mp_unsigned_bin_size(key->pubkey.x))); + mp_to_unsigned_bin(key->pubkey.x, buf + (numlen - xlen)); XMEMCPY(out+1, buf, numlen); /* pad and store y */ zeromem(buf, sizeof(buf)); - mp_to_unsigned_bin(key->pubkey.y, buf + (numlen - mp_unsigned_bin_size(key->pubkey.y))); + mp_to_unsigned_bin(key->pubkey.y, buf + (numlen - ylen)); XMEMCPY(out+1+numlen, buf, numlen); *outlen = 1 + 2*numlen; @@ -67,6 +72,6 @@ int ecc_ansi_x963_export(ecc_key *key, unsigned char *out, unsigned long *outlen #endif -/* $Source$ */ -/* $Revision$ */ -/* $Date$ */ +/* ref: $Format:%D$ */ +/* git commit: $Format:%H$ */ +/* commit time: $Format:%ai$ */ diff --git a/libtomcrypt/src/pk/ecc/ecc_ansi_x963_import.c b/libtomcrypt/src/pk/ecc/ecc_ansi_x963_import.c index ec34245..ee5a4c9 100644 --- a/libtomcrypt/src/pk/ecc/ecc_ansi_x963_import.c +++ b/libtomcrypt/src/pk/ecc/ecc_ansi_x963_import.c @@ -5,8 +5,6 @@ * * The library is free for all purposes without any express * guarantee it works. - * - * Tom St Denis, tomstdenis@gmail.com, http://libtom.org */ /* Implements ECC over Z/pZ for curve y^2 = x^3 - 3x + b @@ -19,11 +17,11 @@ /** @file ecc_ansi_x963_import.c ECC Crypto, Tom St Denis -*/ +*/ #ifdef LTC_MECC -/** Import an ANSI X9.63 format public key +/** Import an ANSI X9.63 format public key @param in The input data to read @param inlen The length of the input data @param key [out] destination to store imported key \ @@ -36,10 +34,10 @@ int ecc_ansi_x963_import(const unsigned char *in, unsigned long inlen, ecc_key * int ecc_ansi_x963_import_ex(const unsigned char *in, unsigned long inlen, ecc_key *key, ltc_ecc_set_type *dp) { int x, err; - + LTC_ARGCHK(in != NULL); LTC_ARGCHK(key != NULL); - + /* must be odd */ if ((inlen & 1) == 0) { return CRYPT_INVALID_ARG; @@ -99,6 +97,6 @@ error: #endif -/* $Source$ */ -/* $Revision$ */ -/* $Date$ */ +/* ref: $Format:%D$ */ +/* git commit: $Format:%H$ */ +/* commit time: $Format:%ai$ */ diff --git a/libtomcrypt/src/pk/ecc/ecc_decrypt_key.c b/libtomcrypt/src/pk/ecc/ecc_decrypt_key.c index 49df8e8..8f8ad2f 100644 --- a/libtomcrypt/src/pk/ecc/ecc_decrypt_key.c +++ b/libtomcrypt/src/pk/ecc/ecc_decrypt_key.c @@ -5,8 +5,6 @@ * * The library is free for all purposes without any express * guarantee it works. - * - * Tom St Denis, tomstdenis@gmail.com, http://libtom.org */ /* Implements ECC over Z/pZ for curve y^2 = x^3 - 3x + b @@ -19,7 +17,7 @@ /** @file ecc_decrypt_key.c ECC Crypto, Tom St Denis -*/ +*/ #if defined(LTC_MECC) && defined(LTC_DER) @@ -33,11 +31,12 @@ @return CRYPT_OK if successful */ int ecc_decrypt_key(const unsigned char *in, unsigned long inlen, - unsigned char *out, unsigned long *outlen, + unsigned char *out, unsigned long *outlen, ecc_key *key) { unsigned char *ecc_shared, *skey, *pub_expt; - unsigned long x, y, hashOID[32]; + unsigned long x, y; + unsigned long hashOID[32] = { 0 }; int hash, err; ecc_key pubkey; ltc_asn1_list decode[3]; @@ -51,15 +50,15 @@ int ecc_decrypt_key(const unsigned char *in, unsigned long inlen, if (key->type != PK_PRIVATE) { return CRYPT_PK_NOT_PRIVATE; } - + /* decode to find out hash */ LTC_SET_ASN1(decode, 0, LTC_ASN1_OBJECT_IDENTIFIER, hashOID, sizeof(hashOID)/sizeof(hashOID[0])); - - if ((err = der_decode_sequence(in, inlen, decode, 1)) != CRYPT_OK) { + err = der_decode_sequence(in, inlen, decode, 1); + if (err != CRYPT_OK && err != CRYPT_INPUT_TOO_LONG) { return err; } - hash = find_hash_oid(hashOID, decode[0].size); + hash = find_hash_oid(hashOID, decode[0].size); if (hash_is_valid(hash) != CRYPT_OK) { return CRYPT_INVALID_PACKET; } @@ -144,7 +143,7 @@ LBL_ERR: #endif -/* $Source$ */ -/* $Revision$ */ -/* $Date$ */ +/* ref: $Format:%D$ */ +/* git commit: $Format:%H$ */ +/* commit time: $Format:%ai$ */ diff --git a/libtomcrypt/src/pk/ecc/ecc_encrypt_key.c b/libtomcrypt/src/pk/ecc/ecc_encrypt_key.c index e97e737..6d26efb 100644 --- a/libtomcrypt/src/pk/ecc/ecc_encrypt_key.c +++ b/libtomcrypt/src/pk/ecc/ecc_encrypt_key.c @@ -5,8 +5,6 @@ * * The library is free for all purposes without any express * guarantee it works. - * - * Tom St Denis, tomstdenis@gmail.com, http://libtom.org */ /* Implements ECC over Z/pZ for curve y^2 = x^3 - 3x + b @@ -19,25 +17,25 @@ /** @file ecc_encrypt_key.c ECC Crypto, Tom St Denis -*/ +*/ #if defined(LTC_MECC) && defined(LTC_DER) /** - Encrypt a symmetric key with ECC + Encrypt a symmetric key with ECC @param in The symmetric key you want to encrypt @param inlen The length of the key to encrypt (octets) @param out [out] The destination for the ciphertext @param outlen [in/out] The max size and resulting size of the ciphertext @param prng An active PRNG state - @param wprng The index of the PRNG you wish to use - @param hash The index of the hash you want to use + @param wprng The index of the PRNG you wish to use + @param hash The index of the hash you want to use @param key The ECC key you want to encrypt to @return CRYPT_OK if successful */ int ecc_encrypt_key(const unsigned char *in, unsigned long inlen, - unsigned char *out, unsigned long *outlen, - prng_state *prng, int wprng, int hash, + unsigned char *out, unsigned long *outlen, + prng_state *prng, int wprng, int hash, ecc_key *key) { unsigned char *pub_expt, *ecc_shared, *skey; @@ -90,7 +88,7 @@ int ecc_encrypt_key(const unsigned char *in, unsigned long inlen, ecc_free(&pubkey); goto LBL_ERR; } - + /* make random key */ x = ECC_BUF_SIZE; if ((err = ecc_shared_secret(&pubkey, key, ecc_shared, &x)) != CRYPT_OK) { @@ -102,7 +100,7 @@ int ecc_encrypt_key(const unsigned char *in, unsigned long inlen, if ((err = hash_memory(hash, ecc_shared, x, skey, &y)) != CRYPT_OK) { goto LBL_ERR; } - + /* Encrypt key */ for (x = 0; x < inlen; x++) { skey[x] ^= in[x]; @@ -130,7 +128,7 @@ LBL_ERR: } #endif -/* $Source$ */ -/* $Revision$ */ -/* $Date$ */ +/* ref: $Format:%D$ */ +/* git commit: $Format:%H$ */ +/* commit time: $Format:%ai$ */ diff --git a/libtomcrypt/src/pk/ecc/ecc_export.c b/libtomcrypt/src/pk/ecc/ecc_export.c index 6a712fd..be137e1 100644 --- a/libtomcrypt/src/pk/ecc/ecc_export.c +++ b/libtomcrypt/src/pk/ecc/ecc_export.c @@ -5,8 +5,6 @@ * * The library is free for all purposes without any express * guarantee it works. - * - * Tom St Denis, tomstdenis@gmail.com, http://libtom.org */ /* Implements ECC over Z/pZ for curve y^2 = x^3 - 3x + b @@ -19,7 +17,7 @@ /** @file ecc_export.c ECC Crypto, Tom St Denis -*/ +*/ #if defined(LTC_MECC) && defined(LTC_DER) @@ -40,7 +38,7 @@ int ecc_export(unsigned char *out, unsigned long *outlen, int type, ecc_key *key LTC_ARGCHK(out != NULL); LTC_ARGCHK(outlen != NULL); LTC_ARGCHK(key != NULL); - + /* type valid? */ if (key->type != PK_PRIVATE && type == PK_PRIVATE) { return CRYPT_PK_TYPE_MISMATCH; @@ -76,7 +74,7 @@ int ecc_export(unsigned char *out, unsigned long *outlen, int type, ecc_key *key } #endif -/* $Source$ */ -/* $Revision$ */ -/* $Date$ */ +/* ref: $Format:%D$ */ +/* git commit: $Format:%H$ */ +/* commit time: $Format:%ai$ */ diff --git a/libtomcrypt/src/pk/ecc/ecc_free.c b/libtomcrypt/src/pk/ecc/ecc_free.c index c9e5d6c..4a8ca45 100644 --- a/libtomcrypt/src/pk/ecc/ecc_free.c +++ b/libtomcrypt/src/pk/ecc/ecc_free.c @@ -5,8 +5,6 @@ * * The library is free for all purposes without any express * guarantee it works. - * - * Tom St Denis, tomstdenis@gmail.com, http://libtom.org */ /* Implements ECC over Z/pZ for curve y^2 = x^3 - 3x + b @@ -19,7 +17,7 @@ /** @file ecc_free.c ECC Crypto, Tom St Denis -*/ +*/ #ifdef LTC_MECC @@ -34,7 +32,7 @@ void ecc_free(ecc_key *key) } #endif -/* $Source$ */ -/* $Revision$ */ -/* $Date$ */ +/* ref: $Format:%D$ */ +/* git commit: $Format:%H$ */ +/* commit time: $Format:%ai$ */ diff --git a/libtomcrypt/src/pk/ecc/ecc_get_size.c b/libtomcrypt/src/pk/ecc/ecc_get_size.c index a824aa4..4dc5d22 100644 --- a/libtomcrypt/src/pk/ecc/ecc_get_size.c +++ b/libtomcrypt/src/pk/ecc/ecc_get_size.c @@ -5,8 +5,6 @@ * * The library is free for all purposes without any express * guarantee it works. - * - * Tom St Denis, tomstdenis@gmail.com, http://libtom.org */ /* Implements ECC over Z/pZ for curve y^2 = x^3 - 3x + b @@ -19,13 +17,13 @@ /** @file ecc_get_size.c ECC Crypto, Tom St Denis -*/ +*/ #ifdef LTC_MECC /** Get the size of an ECC key - @param key The key to get the size of + @param key The key to get the size of @return The size (octets) of the key or INT_MAX on error */ int ecc_get_size(ecc_key *key) @@ -38,7 +36,7 @@ int ecc_get_size(ecc_key *key) } #endif -/* $Source$ */ -/* $Revision$ */ -/* $Date$ */ +/* ref: $Format:%D$ */ +/* git commit: $Format:%H$ */ +/* commit time: $Format:%ai$ */ diff --git a/libtomcrypt/src/pk/ecc/ecc_import.c b/libtomcrypt/src/pk/ecc/ecc_import.c index 9506076..9b61055 100644 --- a/libtomcrypt/src/pk/ecc/ecc_import.c +++ b/libtomcrypt/src/pk/ecc/ecc_import.c @@ -5,8 +5,6 @@ * * The library is free for all purposes without any express * guarantee it works. - * - * Tom St Denis, tomstdenis@gmail.com, http://libtom.org */ /* Implements ECC over Z/pZ for curve y^2 = x^3 - 3x + b @@ -19,34 +17,34 @@ /** @file ecc_import.c ECC Crypto, Tom St Denis -*/ +*/ #if defined(LTC_MECC) && defined(LTC_DER) -static int is_point(ecc_key *key) +static int _is_point(ecc_key *key) { void *prime, *b, *t1, *t2; int err; - + if ((err = mp_init_multi(&prime, &b, &t1, &t2, NULL)) != CRYPT_OK) { return err; } - + /* load prime and b */ if ((err = mp_read_radix(prime, key->dp->prime, 16)) != CRYPT_OK) { goto error; } if ((err = mp_read_radix(b, key->dp->B, 16)) != CRYPT_OK) { goto error; } - + /* compute y^2 */ if ((err = mp_sqr(key->pubkey.y, t1)) != CRYPT_OK) { goto error; } - + /* compute x^3 */ if ((err = mp_sqr(key->pubkey.x, t2)) != CRYPT_OK) { goto error; } if ((err = mp_mod(t2, prime, t2)) != CRYPT_OK) { goto error; } if ((err = mp_mul(key->pubkey.x, t2, t2)) != CRYPT_OK) { goto error; } - + /* compute y^2 - x^3 */ if ((err = mp_sub(t1, t2, t1)) != CRYPT_OK) { goto error; } - + /* compute y^2 - x^3 + 3x */ if ((err = mp_add(t1, key->pubkey.x, t1)) != CRYPT_OK) { goto error; } if ((err = mp_add(t1, key->pubkey.x, t1)) != CRYPT_OK) { goto error; } @@ -58,14 +56,14 @@ static int is_point(ecc_key *key) while (mp_cmp(t1, prime) != LTC_MP_LT) { if ((err = mp_sub(t1, prime, t1)) != CRYPT_OK) { goto error; } } - + /* compare to b */ if (mp_cmp(t1, b) != LTC_MP_EQ) { err = CRYPT_INVALID_PACKET; } else { err = CRYPT_OK; } - + error: mp_clear_multi(prime, b, t1, t2, NULL); return err; @@ -107,9 +105,9 @@ int ecc_import_ex(const unsigned char *in, unsigned long inlen, ecc_key *key, co } /* find out what type of key it is */ - if ((err = der_decode_sequence_multi(in, inlen, - LTC_ASN1_BIT_STRING, 1UL, &flags, - LTC_ASN1_EOL, 0UL, NULL)) != CRYPT_OK) { + err = der_decode_sequence_multi(in, inlen, LTC_ASN1_BIT_STRING, 1UL, flags, + LTC_ASN1_EOL, 0UL, NULL); + if (err != CRYPT_OK && err != CRYPT_INPUT_TOO_LONG) { goto done; } @@ -126,7 +124,7 @@ int ecc_import_ex(const unsigned char *in, unsigned long inlen, ecc_key *key, co LTC_ASN1_EOL, 0UL, NULL)) != CRYPT_OK) { goto done; } - } else { + } else if (flags[0] == 0) { /* public key */ key->type = PK_PUBLIC; if ((err = der_decode_sequence_multi(in, inlen, @@ -138,6 +136,10 @@ int ecc_import_ex(const unsigned char *in, unsigned long inlen, ecc_key *key, co goto done; } } + else { + err = CRYPT_INVALID_PACKET; + goto done; + } if (dp == NULL) { /* find the idx */ @@ -153,9 +155,9 @@ int ecc_import_ex(const unsigned char *in, unsigned long inlen, ecc_key *key, co } /* set z */ if ((err = mp_set(key->pubkey.z, 1)) != CRYPT_OK) { goto done; } - + /* is it a point on the curve? */ - if ((err = is_point(key)) != CRYPT_OK) { + if ((err = _is_point(key)) != CRYPT_OK) { goto done; } @@ -166,7 +168,7 @@ done: return err; } #endif -/* $Source$ */ -/* $Revision$ */ -/* $Date$ */ +/* ref: $Format:%D$ */ +/* git commit: $Format:%H$ */ +/* commit time: $Format:%ai$ */ diff --git a/libtomcrypt/src/pk/ecc/ecc_make_key.c b/libtomcrypt/src/pk/ecc/ecc_make_key.c index 9bbeb44..113a994 100644 --- a/libtomcrypt/src/pk/ecc/ecc_make_key.c +++ b/libtomcrypt/src/pk/ecc/ecc_make_key.c @@ -5,8 +5,6 @@ * * The library is free for all purposes without any express * guarantee it works. - * - * Tom St Denis, tomstdenis@gmail.com, http://libtom.org */ /* Implements ECC over Z/pZ for curve y^2 = x^3 - 3x + b @@ -19,12 +17,12 @@ /** @file ecc_make_key.c ECC Crypto, Tom St Denis -*/ +*/ #ifdef LTC_MECC /** - Make a new ECC key + Make a new ECC key @param prng An active PRNG state @param wprng The index of the PRNG you wish to use @param keysize The keysize for the new key (in octets from 20 to 65 bytes) @@ -124,7 +122,7 @@ ERR_BUF: } #endif -/* $Source$ */ -/* $Revision$ */ -/* $Date$ */ +/* ref: $Format:%D$ */ +/* git commit: $Format:%H$ */ +/* commit time: $Format:%ai$ */ diff --git a/libtomcrypt/src/pk/ecc/ecc_shared_secret.c b/libtomcrypt/src/pk/ecc/ecc_shared_secret.c index 5aece5e..d18a205 100644 --- a/libtomcrypt/src/pk/ecc/ecc_shared_secret.c +++ b/libtomcrypt/src/pk/ecc/ecc_shared_secret.c @@ -5,8 +5,6 @@ * * The library is free for all purposes without any express * guarantee it works. - * - * Tom St Denis, tomstdenis@gmail.com, http://libtom.org */ /* Implements ECC over Z/pZ for curve y^2 = x^3 - 3x + b @@ -19,7 +17,7 @@ /** @file ecc_shared_secret.c ECC Crypto, Tom St Denis -*/ +*/ #ifdef LTC_MECC @@ -89,7 +87,7 @@ done: } #endif -/* $Source$ */ -/* $Revision$ */ -/* $Date$ */ +/* ref: $Format:%D$ */ +/* git commit: $Format:%H$ */ +/* commit time: $Format:%ai$ */ diff --git a/libtomcrypt/src/pk/ecc/ecc_sign_hash.c b/libtomcrypt/src/pk/ecc/ecc_sign_hash.c index 0ef7e2b..bae0c00 100644 --- a/libtomcrypt/src/pk/ecc/ecc_sign_hash.c +++ b/libtomcrypt/src/pk/ecc/ecc_sign_hash.c @@ -5,42 +5,26 @@ * * The library is free for all purposes without any express * guarantee it works. - * - * Tom St Denis, tomstdenis@gmail.com, http://libtom.org */ -/* Implements ECC over Z/pZ for curve y^2 = x^3 - 3x + b - * - * All curves taken from NIST recommendation paper of July 1999 - * Available at http://csrc.nist.gov/cryptval/dss.htm - */ #include "tomcrypt.h" +#ifdef LTC_MECC + /** @file ecc_sign_hash.c ECC Crypto, Tom St Denis */ -#if defined(LTC_MECC) && defined(LTC_DER) - -/** - Sign a message digest - @param in The message digest to sign - @param inlen The length of the digest - @param out [out] The destination for the signature - @param outlen [in/out] The max size and resulting size of the signature - @param prng An active PRNG state - @param wprng The index of the PRNG you wish to use - @param key A private ECC key - @return CRYPT_OK if successful -*/ -int ecc_sign_hash(const unsigned char *in, unsigned long inlen, +static int _ecc_sign_hash(const unsigned char *in, unsigned long inlen, unsigned char *out, unsigned long *outlen, - prng_state *prng, int wprng, ecc_key *key) + prng_state *prng, int wprng, ecc_key *key, int sigformat) { ecc_key pubkey; void *r, *s, *e, *p; - int err; + int err, max_iterations = LTC_PK_MAX_RETRIES; + unsigned long pbits, pbytes, i, shift_right; + unsigned char ch, buf[MAXBLOCKSIZE]; LTC_ARGCHK(in != NULL); LTC_ARGCHK(out != NULL); @@ -61,16 +45,33 @@ int ecc_sign_hash(const unsigned char *in, unsigned long inlen, return err; } - /* get the hash and load it as a bignum into 'e' */ /* init the bignums */ if ((err = mp_init_multi(&r, &s, &p, &e, NULL)) != CRYPT_OK) { return err; } if ((err = mp_read_radix(p, (char *)key->dp->order, 16)) != CRYPT_OK) { goto errnokey; } - if ((err = mp_read_unsigned_bin(e, (unsigned char *)in, (int)inlen)) != CRYPT_OK) { goto errnokey; } + + /* get the hash and load it as a bignum into 'e' */ + pbits = mp_count_bits(p); + pbytes = (pbits+7) >> 3; + if (pbits > inlen*8) { + if ((err = mp_read_unsigned_bin(e, (unsigned char *)in, inlen)) != CRYPT_OK) { goto errnokey; } + } + else if (pbits % 8 == 0) { + if ((err = mp_read_unsigned_bin(e, (unsigned char *)in, pbytes)) != CRYPT_OK) { goto errnokey; } + } + else { + shift_right = 8 - pbits % 8; + for (i=0, ch=0; i<pbytes; i++) { + buf[i] = ch; + ch = (in[i] << (8-shift_right)); + buf[i] = buf[i] ^ (in[i] >> shift_right); + } + if ((err = mp_read_unsigned_bin(e, (unsigned char *)buf, pbytes)) != CRYPT_OK) { goto errnokey; } + } /* make up a key and export the public copy */ - for (;;) { + do { if ((err = ecc_make_key_ex(prng, wprng, &pubkey, key->dp)) != CRYPT_OK) { goto errnokey; } @@ -92,13 +93,30 @@ int ecc_sign_hash(const unsigned char *in, unsigned long inlen, break; } } + } while (--max_iterations > 0); + + if (max_iterations == 0) { + goto errnokey; } - /* store as SEQUENCE { r, s -- integer } */ + if (sigformat == 1) { + /* RFC7518 format */ + if (*outlen < 2*pbytes) { err = CRYPT_MEM; goto errnokey; } + zeromem(out, 2*pbytes); + i = mp_unsigned_bin_size(r); + if ((err = mp_to_unsigned_bin(r, out + (pbytes - i))) != CRYPT_OK) { goto errnokey; } + i = mp_unsigned_bin_size(s); + if ((err = mp_to_unsigned_bin(s, out + (2*pbytes - i))) != CRYPT_OK) { goto errnokey; } + *outlen = 2*pbytes; + err = CRYPT_OK; + } + else { + /* store as ASN.1 SEQUENCE { r, s -- integer } */ err = der_encode_sequence_multi(out, outlen, LTC_ASN1_INTEGER, 1UL, r, LTC_ASN1_INTEGER, 1UL, s, LTC_ASN1_EOL, 0UL, NULL); + } goto errnokey; error: ecc_free(&pubkey); @@ -107,8 +125,44 @@ errnokey: return err; } +/** + Sign a message digest + @param in The message digest to sign + @param inlen The length of the digest + @param out [out] The destination for the signature + @param outlen [in/out] The max size and resulting size of the signature + @param prng An active PRNG state + @param wprng The index of the PRNG you wish to use + @param key A private ECC key + @return CRYPT_OK if successful +*/ +int ecc_sign_hash(const unsigned char *in, unsigned long inlen, + unsigned char *out, unsigned long *outlen, + prng_state *prng, int wprng, ecc_key *key) +{ + return _ecc_sign_hash(in, inlen, out, outlen, prng, wprng, key, 0); +} + +/** + Sign a message digest in RFC7518 format + @param in The message digest to sign + @param inlen The length of the digest + @param out [out] The destination for the signature + @param outlen [in/out] The max size and resulting size of the signature + @param prng An active PRNG state + @param wprng The index of the PRNG you wish to use + @param key A private ECC key + @return CRYPT_OK if successful +*/ +int ecc_sign_hash_rfc7518(const unsigned char *in, unsigned long inlen, + unsigned char *out, unsigned long *outlen, + prng_state *prng, int wprng, ecc_key *key) +{ + return _ecc_sign_hash(in, inlen, out, outlen, prng, wprng, key, 1); +} + #endif -/* $Source$ */ -/* $Revision$ */ -/* $Date$ */ +/* ref: $Format:%D$ */ +/* git commit: $Format:%H$ */ +/* commit time: $Format:%ai$ */ diff --git a/libtomcrypt/src/pk/ecc/ecc_sizes.c b/libtomcrypt/src/pk/ecc/ecc_sizes.c index b02a9f9..7c311fe 100644 --- a/libtomcrypt/src/pk/ecc/ecc_sizes.c +++ b/libtomcrypt/src/pk/ecc/ecc_sizes.c @@ -5,8 +5,6 @@ * * The library is free for all purposes without any express * guarantee it works. - * - * Tom St Denis, tomstdenis@gmail.com, http://libtom.org */ /* Implements ECC over Z/pZ for curve y^2 = x^3 - 3x + b @@ -19,7 +17,7 @@ /** @file ecc_sizes.c ECC Crypto, Tom St Denis -*/ +*/ #ifdef LTC_MECC @@ -42,7 +40,7 @@ void ecc_sizes(int *low, int *high) } #endif -/* $Source$ */ -/* $Revision$ */ -/* $Date$ */ +/* ref: $Format:%D$ */ +/* git commit: $Format:%H$ */ +/* commit time: $Format:%ai$ */ diff --git a/libtomcrypt/src/pk/ecc/ecc_test.c b/libtomcrypt/src/pk/ecc/ecc_test.c index 873e70b..b6d54d1 100644 --- a/libtomcrypt/src/pk/ecc/ecc_test.c +++ b/libtomcrypt/src/pk/ecc/ecc_test.c @@ -5,8 +5,6 @@ * * The library is free for all purposes without any express * guarantee it works. - * - * Tom St Denis, tomstdenis@gmail.com, http://libtom.org */ /* Implements ECC over Z/pZ for curve y^2 = x^3 - 3x + b @@ -19,7 +17,7 @@ /** @file ecc_test.c ECC Crypto, Tom St Denis -*/ +*/ #ifdef LTC_MECC @@ -89,7 +87,7 @@ done: #endif -/* $Source$ */ -/* $Revision$ */ -/* $Date$ */ +/* ref: $Format:%D$ */ +/* git commit: $Format:%H$ */ +/* commit time: $Format:%ai$ */ diff --git a/libtomcrypt/src/pk/ecc/ecc_verify_hash.c b/libtomcrypt/src/pk/ecc/ecc_verify_hash.c index c10076b..e352789 100644 --- a/libtomcrypt/src/pk/ecc/ecc_verify_hash.c +++ b/libtomcrypt/src/pk/ecc/ecc_verify_hash.c @@ -5,52 +5,27 @@ * * The library is free for all purposes without any express * guarantee it works. - * - * Tom St Denis, tomstdenis@gmail.com, http://libtom.org */ -/* Implements ECC over Z/pZ for curve y^2 = x^3 - 3x + b - * - * All curves taken from NIST recommendation paper of July 1999 - * Available at http://csrc.nist.gov/cryptval/dss.htm - */ #include "tomcrypt.h" +#ifdef LTC_MECC + /** @file ecc_verify_hash.c ECC Crypto, Tom St Denis */ -#if defined(LTC_MECC) && defined(LTC_DER) - -/* verify - * - * w = s^-1 mod n - * u1 = xw - * u2 = rw - * X = u1*G + u2*Q - * v = X_x1 mod n - * accept if v == r - */ - -/** - Verify an ECC signature - @param sig The signature to verify - @param siglen The length of the signature (octets) - @param hash The hash (message digest) that was signed - @param hashlen The length of the hash (octets) - @param stat Result of signature, 1==valid, 0==invalid - @param key The corresponding public ECC key - @return CRYPT_OK if successful (even if the signature is not valid) -*/ -int ecc_verify_hash(const unsigned char *sig, unsigned long siglen, +static int _ecc_verify_hash(const unsigned char *sig, unsigned long siglen, const unsigned char *hash, unsigned long hashlen, - int *stat, ecc_key *key) + int *stat, ecc_key *key, int sigformat) { ecc_point *mG, *mQ; void *r, *s, *v, *w, *u1, *u2, *e, *p, *m; void *mp; int err; + unsigned long pbits, pbytes, i, shift_right; + unsigned char ch, buf[MAXBLOCKSIZE]; LTC_ARGCHK(sig != NULL); LTC_ARGCHK(hash != NULL); @@ -79,12 +54,22 @@ int ecc_verify_hash(const unsigned char *sig, unsigned long siglen, goto error; } - /* parse header */ + if (sigformat == 1) { + /* RFC7518 format */ + if ((siglen % 2) == 1) { + err = CRYPT_INVALID_PACKET; + goto error; + } + i = siglen / 2; + if ((err = mp_read_unsigned_bin(r, (unsigned char *)sig, i)) != CRYPT_OK) { goto error; } + if ((err = mp_read_unsigned_bin(s, (unsigned char *)sig+i, i)) != CRYPT_OK) { goto error; } + } + else { + /* ASN.1 format */ if ((err = der_decode_sequence_multi(sig, siglen, LTC_ASN1_INTEGER, 1UL, r, LTC_ASN1_INTEGER, 1UL, s, - LTC_ASN1_EOL, 0UL, NULL)) != CRYPT_OK) { - goto error; + LTC_ASN1_EOL, 0UL, NULL)) != CRYPT_OK) { goto error; } } /* get the order */ @@ -99,8 +84,24 @@ int ecc_verify_hash(const unsigned char *sig, unsigned long siglen, goto error; } - /* read hash */ - if ((err = mp_read_unsigned_bin(e, (unsigned char *)hash, (int)hashlen)) != CRYPT_OK) { goto error; } + /* read hash - truncate if needed */ + pbits = mp_count_bits(p); + pbytes = (pbits+7) >> 3; + if (pbits > hashlen*8) { + if ((err = mp_read_unsigned_bin(e, (unsigned char *)hash, hashlen)) != CRYPT_OK) { goto error; } + } + else if (pbits % 8 == 0) { + if ((err = mp_read_unsigned_bin(e, (unsigned char *)hash, pbytes)) != CRYPT_OK) { goto error; } + } + else { + shift_right = 8 - pbits % 8; + for (i=0, ch=0; i<pbytes; i++) { + buf[i] = ch; + ch = (hash[i] << (8-shift_right)); + buf[i] = buf[i] ^ (hash[i] >> shift_right); + } + if ((err = mp_read_unsigned_bin(e, (unsigned char *)buf, pbytes)) != CRYPT_OK) { goto error; } + } /* w = s^-1 mod n */ if ((err = mp_invmod(s, p, w)) != CRYPT_OK) { goto error; } @@ -158,8 +159,42 @@ error: return err; } +/** + Verify an ECC signature + @param sig The signature to verify + @param siglen The length of the signature (octets) + @param hash The hash (message digest) that was signed + @param hashlen The length of the hash (octets) + @param stat Result of signature, 1==valid, 0==invalid + @param key The corresponding public ECC key + @return CRYPT_OK if successful (even if the signature is not valid) +*/ +int ecc_verify_hash(const unsigned char *sig, unsigned long siglen, + const unsigned char *hash, unsigned long hashlen, + int *stat, ecc_key *key) +{ + return _ecc_verify_hash(sig, siglen, hash, hashlen, stat, key, 0); +} + +/** + Verify an ECC signature in RFC7518 format + @param sig The signature to verify + @param siglen The length of the signature (octets) + @param hash The hash (message digest) that was signed + @param hashlen The length of the hash (octets) + @param stat Result of signature, 1==valid, 0==invalid + @param key The corresponding public ECC key + @return CRYPT_OK if successful (even if the signature is not valid) +*/ +int ecc_verify_hash_rfc7518(const unsigned char *sig, unsigned long siglen, + const unsigned char *hash, unsigned long hashlen, + int *stat, ecc_key *key) +{ + return _ecc_verify_hash(sig, siglen, hash, hashlen, stat, key, 1); +} + #endif -/* $Source$ */ -/* $Revision$ */ -/* $Date$ */ +/* ref: $Format:%D$ */ +/* git commit: $Format:%H$ */ +/* commit time: $Format:%ai$ */ diff --git a/libtomcrypt/src/pk/ecc/ltc_ecc_is_valid_idx.c b/libtomcrypt/src/pk/ecc/ltc_ecc_is_valid_idx.c index 4a02068..057a899 100644 --- a/libtomcrypt/src/pk/ecc/ltc_ecc_is_valid_idx.c +++ b/libtomcrypt/src/pk/ecc/ltc_ecc_is_valid_idx.c @@ -5,8 +5,6 @@ * * The library is free for all purposes without any express * guarantee it works. - * - * Tom St Denis, tomstdenis@gmail.com, http://libtom.org */ /* Implements ECC over Z/pZ for curve y^2 = x^3 - 3x + b @@ -19,14 +17,14 @@ /** @file ltc_ecc_is_valid_idx.c ECC Crypto, Tom St Denis -*/ +*/ #ifdef LTC_MECC /** Returns whether an ECC idx is valid or not @param n The idx number to check @return 1 if valid, 0 if not -*/ +*/ int ltc_ecc_is_valid_idx(int n) { int x; @@ -40,7 +38,7 @@ int ltc_ecc_is_valid_idx(int n) } #endif -/* $Source$ */ -/* $Revision$ */ -/* $Date$ */ +/* ref: $Format:%D$ */ +/* git commit: $Format:%H$ */ +/* commit time: $Format:%ai$ */ diff --git a/libtomcrypt/src/pk/ecc/ltc_ecc_map.c b/libtomcrypt/src/pk/ecc/ltc_ecc_map.c index 4f3ec09..c745f29 100644 --- a/libtomcrypt/src/pk/ecc/ltc_ecc_map.c +++ b/libtomcrypt/src/pk/ecc/ltc_ecc_map.c @@ -5,8 +5,6 @@ * * The library is free for all purposes without any express * guarantee it works. - * - * Tom St Denis, tomstdenis@gmail.com, http://libtom.org */ /* Implements ECC over Z/pZ for curve y^2 = x^3 - 3x + b @@ -19,7 +17,7 @@ /** @file ltc_ecc_map.c ECC Crypto, Tom St Denis -*/ +*/ #ifdef LTC_MECC @@ -40,7 +38,7 @@ int ltc_ecc_map(ecc_point *P, void *modulus, void *mp) LTC_ARGCHK(mp != NULL); if ((err = mp_init_multi(&t1, &t2, NULL)) != CRYPT_OK) { - return CRYPT_MEM; + return err; } /* first map z back to normal */ @@ -48,7 +46,7 @@ int ltc_ecc_map(ecc_point *P, void *modulus, void *mp) /* get 1/z */ if ((err = mp_invmod(P->z, modulus, t1)) != CRYPT_OK) { goto done; } - + /* get 1/z^2 and 1/z^3 */ if ((err = mp_sqr(t1, t2)) != CRYPT_OK) { goto done; } if ((err = mp_mod(t2, modulus, t2)) != CRYPT_OK) { goto done; } @@ -70,7 +68,7 @@ done: #endif -/* $Source$ */ -/* $Revision$ */ -/* $Date$ */ +/* ref: $Format:%D$ */ +/* git commit: $Format:%H$ */ +/* commit time: $Format:%ai$ */ diff --git a/libtomcrypt/src/pk/ecc/ltc_ecc_mul2add.c b/libtomcrypt/src/pk/ecc/ltc_ecc_mul2add.c index a6d1aab..cef1844 100644 --- a/libtomcrypt/src/pk/ecc/ltc_ecc_mul2add.c +++ b/libtomcrypt/src/pk/ecc/ltc_ecc_mul2add.c @@ -5,8 +5,6 @@ * * The library is free for all purposes without any express * guarantee it works. - * - * Tom St Denis, tomstdenis@gmail.com, http://libtom.org */ /* Implements ECC over Z/pZ for curve y^2 = x^3 - 3x + b @@ -19,7 +17,7 @@ /** @file ltc_ecc_mul2add.c ECC Crypto, Shamir's Trick, Tom St Denis -*/ +*/ #ifdef LTC_MECC @@ -31,9 +29,9 @@ @param B Second point to multiply @param kB What to multiple B by @param C [out] Destination point (can overlap with A or B - @param modulus Modulus for curve + @param modulus Modulus for curve @return CRYPT_OK on success -*/ +*/ int ltc_ecc_mul2add(ecc_point *A, void *kA, ecc_point *B, void *kB, ecc_point *C, @@ -44,7 +42,7 @@ int ltc_ecc_mul2add(ecc_point *A, void *kA, unsigned char *tA, *tB; int err, first; void *mp, *mu; - + /* argchks */ LTC_ARGCHK(A != NULL); LTC_ARGCHK(B != NULL); @@ -93,16 +91,16 @@ int ltc_ecc_mul2add(ecc_point *A, void *kA, } } - /* init montgomery reduction */ - if ((err = mp_montgomery_setup(modulus, &mp)) != CRYPT_OK) { + /* init montgomery reduction */ + if ((err = mp_montgomery_setup(modulus, &mp)) != CRYPT_OK) { goto ERR_P; - } - if ((err = mp_init(&mu)) != CRYPT_OK) { + } + if ((err = mp_init(&mu)) != CRYPT_OK) { goto ERR_MP; - } - if ((err = mp_montgomery_normalization(mu, modulus)) != CRYPT_OK) { + } + if ((err = mp_montgomery_normalization(mu, modulus)) != CRYPT_OK) { goto ERR_MU; - } + } /* copy ones ... */ if ((err = mp_mulmod(A->x, mu, modulus, precomp[1]->x)) != CRYPT_OK) { goto ERR_MU; } @@ -126,7 +124,7 @@ int ltc_ecc_mul2add(ecc_point *A, void *kA, for (y = 1; y < 4; y++) { if ((err = ltc_mp.ecc_ptadd(precomp[x], precomp[(y<<2)], precomp[x+(y<<2)], modulus, mp)) != CRYPT_OK) { goto ERR_MU; } } - } + } nibble = 3; first = 1; @@ -134,20 +132,21 @@ int ltc_ecc_mul2add(ecc_point *A, void *kA, bitbufB = tB[0]; /* for every byte of the multiplicands */ - for (x = -1;; ) { + for (x = 0;; ) { /* grab a nibble */ if (++nibble == 4) { - ++x; if (x == len) break; + if (x == len) break; bitbufA = tA[x]; bitbufB = tB[x]; nibble = 0; + ++x; } /* extract two bits from both, shift/update */ nA = (bitbufA >> 6) & 0x03; nB = (bitbufB >> 6) & 0x03; - bitbufA = (bitbufA << 2) & 0xFF; - bitbufB = (bitbufB << 2) & 0xFF; + bitbufA = (bitbufA << 2) & 0xFF; + bitbufB = (bitbufB << 2) & 0xFF; /* if both zero, if first, continue */ if ((nA == 0) && (nB == 0) && (first == 1)) { @@ -202,6 +201,6 @@ ERR_T: #endif #endif -/* $Source$ */ -/* $Revision$ */ -/* $Date$ */ +/* ref: $Format:%D$ */ +/* git commit: $Format:%H$ */ +/* commit time: $Format:%ai$ */ diff --git a/libtomcrypt/src/pk/ecc/ltc_ecc_mulmod.c b/libtomcrypt/src/pk/ecc/ltc_ecc_mulmod.c index 4b11392..5834865 100644 --- a/libtomcrypt/src/pk/ecc/ltc_ecc_mulmod.c +++ b/libtomcrypt/src/pk/ecc/ltc_ecc_mulmod.c @@ -5,8 +5,6 @@ * * The library is free for all purposes without any express * guarantee it works. - * - * Tom St Denis, tomstdenis@gmail.com, http://libtom.org */ /* Implements ECC over Z/pZ for curve y^2 = x^3 - 3x + b @@ -19,7 +17,7 @@ /** @file ltc_ecc_mulmod.c ECC Crypto, Tom St Denis -*/ +*/ #ifdef LTC_MECC #ifndef LTC_ECC_TIMING_RESISTANT @@ -28,7 +26,7 @@ #define WINSIZE 4 /** - Perform a point multiplication + Perform a point multiplication @param k The scalar to multiply by @param G The base point @param R [out] Destination for kG @@ -41,7 +39,7 @@ int ltc_ecc_mulmod(void *k, ecc_point *G, ecc_point *R, void *modulus, int map) ecc_point *tG, *M[8]; int i, j, err; void *mu, *mp; - unsigned long buf; + ltc_mp_digit buf; int first, bitbuf, bitcpy, bitcnt, mode, digidx; LTC_ARGCHK(k != NULL); @@ -62,7 +60,7 @@ int ltc_ecc_mulmod(void *k, ecc_point *G, ecc_point *R, void *modulus, int map) mp_clear(mu); return err; } - + /* alloc ram for window temps */ for (i = 0; i < 8; i++) { M[i] = ltc_ecc_new_point(); @@ -85,14 +83,14 @@ int ltc_ecc_mulmod(void *k, ecc_point *G, ecc_point *R, void *modulus, int map) if ((err = mp_copy(G->x, tG->x)) != CRYPT_OK) { goto done; } if ((err = mp_copy(G->y, tG->y)) != CRYPT_OK) { goto done; } if ((err = mp_copy(G->z, tG->z)) != CRYPT_OK) { goto done; } - } else { + } else { if ((err = mp_mulmod(G->x, mu, modulus, tG->x)) != CRYPT_OK) { goto done; } if ((err = mp_mulmod(G->y, mu, modulus, tG->y)) != CRYPT_OK) { goto done; } if ((err = mp_mulmod(G->z, mu, modulus, tG->z)) != CRYPT_OK) { goto done; } } mp_clear(mu); mu = NULL; - + /* calc the M tab, which holds kG for k==8..15 */ /* M[0] == 8G */ if ((err = ltc_mp.ecc_ptdbl(tG, M[0], modulus, mp)) != CRYPT_OK) { goto done; } @@ -217,6 +215,6 @@ done: #endif -/* $Source$ */ -/* $Revision$ */ -/* $Date$ */ +/* ref: $Format:%D$ */ +/* git commit: $Format:%H$ */ +/* commit time: $Format:%ai$ */ diff --git a/libtomcrypt/src/pk/ecc/ltc_ecc_mulmod_timing.c b/libtomcrypt/src/pk/ecc/ltc_ecc_mulmod_timing.c index 25dcf0a..ca5c9d9 100644 --- a/libtomcrypt/src/pk/ecc/ltc_ecc_mulmod_timing.c +++ b/libtomcrypt/src/pk/ecc/ltc_ecc_mulmod_timing.c @@ -5,8 +5,6 @@ * * The library is free for all purposes without any express * guarantee it works. - * - * Tom St Denis, tomstdenis@gmail.com, http://libtom.org */ /* Implements ECC over Z/pZ for curve y^2 = x^3 - 3x + b @@ -39,7 +37,7 @@ int ltc_ecc_mulmod(void *k, ecc_point *G, ecc_point *R, void *modulus, int map) ecc_point *tG, *M[3]; int i, j, err; void *mu, *mp; - unsigned long buf; + ltc_mp_digit buf; int bitcnt, mode, digidx; LTC_ARGCHK(k != NULL); @@ -159,7 +157,7 @@ done: #endif #endif -/* $Source$ */ -/* $Revision$ */ -/* $Date$ */ +/* ref: $Format:%D$ */ +/* git commit: $Format:%H$ */ +/* commit time: $Format:%ai$ */ diff --git a/libtomcrypt/src/pk/ecc/ltc_ecc_points.c b/libtomcrypt/src/pk/ecc/ltc_ecc_points.c index 9be9eff..a63bdb5 100644 --- a/libtomcrypt/src/pk/ecc/ltc_ecc_points.c +++ b/libtomcrypt/src/pk/ecc/ltc_ecc_points.c @@ -5,8 +5,6 @@ * * The library is free for all purposes without any express * guarantee it works. - * - * Tom St Denis, tomstdenis@gmail.com, http://libtom.org */ /* Implements ECC over Z/pZ for curve y^2 = x^3 - 3x + b @@ -19,13 +17,13 @@ /** @file ltc_ecc_points.c ECC Crypto, Tom St Denis -*/ +*/ #ifdef LTC_MECC /** Allocate a new ECC point - @return A newly allocated point or NULL on error + @return A newly allocated point or NULL on error */ ecc_point *ltc_ecc_new_point(void) { @@ -54,7 +52,7 @@ void ltc_ecc_del_point(ecc_point *p) } #endif -/* $Source$ */ -/* $Revision$ */ -/* $Date$ */ +/* ref: $Format:%D$ */ +/* git commit: $Format:%H$ */ +/* commit time: $Format:%ai$ */ diff --git a/libtomcrypt/src/pk/ecc/ltc_ecc_projective_add_point.c b/libtomcrypt/src/pk/ecc/ltc_ecc_projective_add_point.c index c45a47b..9e22e10 100644 --- a/libtomcrypt/src/pk/ecc/ltc_ecc_projective_add_point.c +++ b/libtomcrypt/src/pk/ecc/ltc_ecc_projective_add_point.c @@ -5,8 +5,6 @@ * * The library is free for all purposes without any express * guarantee it works. - * - * Tom St Denis, tomstdenis@gmail.com, http://libtom.org */ /* Implements ECC over Z/pZ for curve y^2 = x^3 - 3x + b @@ -19,9 +17,9 @@ /** @file ltc_ecc_projective_add_point.c ECC Crypto, Tom St Denis -*/ +*/ -#if defined(LTC_MECC) && (!defined(LTC_MECC_ACCEL) || defined(LTM_LTC_DESC)) +#if defined(LTC_MECC) && (!defined(LTC_MECC_ACCEL) || defined(LTM_DESC)) /** Add two ECC points @@ -46,11 +44,11 @@ int ltc_ecc_projective_add_point(ecc_point *P, ecc_point *Q, ecc_point *R, void if ((err = mp_init_multi(&t1, &t2, &x, &y, &z, NULL)) != CRYPT_OK) { return err; } - + /* should we dbl instead? */ if ((err = mp_sub(modulus, Q->y, t1)) != CRYPT_OK) { goto done; } - if ( (mp_cmp(P->x, Q->x) == LTC_MP_EQ) && + if ( (mp_cmp(P->x, Q->x) == LTC_MP_EQ) && (Q->z != NULL && mp_cmp(P->z, Q->z) == LTC_MP_EQ) && (mp_cmp(P->y, Q->y) == LTC_MP_EQ || mp_cmp(P->y, t1) == LTC_MP_EQ)) { mp_clear_multi(t1, t2, x, y, z, NULL); @@ -144,7 +142,7 @@ int ltc_ecc_projective_add_point(ecc_point *P, ecc_point *Q, ecc_point *R, void /* T1 = T1 * X */ if ((err = mp_mul(t1, x, t1)) != CRYPT_OK) { goto done; } if ((err = mp_montgomery_reduce(t1, modulus, mp)) != CRYPT_OK) { goto done; } - + /* X = Y*Y */ if ((err = mp_sqr(y, x)) != CRYPT_OK) { goto done; } if ((err = mp_montgomery_reduce(x, modulus, mp)) != CRYPT_OK) { goto done; } @@ -158,7 +156,7 @@ int ltc_ecc_projective_add_point(ecc_point *P, ecc_point *Q, ecc_point *R, void if ((err = mp_sub(t2, x, t2)) != CRYPT_OK) { goto done; } if (mp_cmp_d(t2, 0) == LTC_MP_LT) { if ((err = mp_add(t2, modulus, t2)) != CRYPT_OK) { goto done; } - } + } /* T2 = T2 - X */ if ((err = mp_sub(t2, x, t2)) != CRYPT_OK) { goto done; } if (mp_cmp_d(t2, 0) == LTC_MP_LT) { @@ -190,7 +188,7 @@ done: #endif -/* $Source$ */ -/* $Revision$ */ -/* $Date$ */ +/* ref: $Format:%D$ */ +/* git commit: $Format:%H$ */ +/* commit time: $Format:%ai$ */ diff --git a/libtomcrypt/src/pk/ecc/ltc_ecc_projective_dbl_point.c b/libtomcrypt/src/pk/ecc/ltc_ecc_projective_dbl_point.c index ce31ccc..0c6b996 100644 --- a/libtomcrypt/src/pk/ecc/ltc_ecc_projective_dbl_point.c +++ b/libtomcrypt/src/pk/ecc/ltc_ecc_projective_dbl_point.c @@ -5,8 +5,6 @@ * * The library is free for all purposes without any express * guarantee it works. - * - * Tom St Denis, tomstdenis@gmail.com, http://libtom.org */ /* Implements ECC over Z/pZ for curve y^2 = x^3 - 3x + b @@ -19,9 +17,9 @@ /** @file ltc_ecc_projective_dbl_point.c ECC Crypto, Tom St Denis -*/ +*/ -#if defined(LTC_MECC) && (!defined(LTC_MECC_ACCEL) || defined(LTM_LTC_DESC)) +#if defined(LTC_MECC) && (!defined(LTC_MECC_ACCEL) || defined(LTM_DESC)) /** Double an ECC point @@ -62,7 +60,7 @@ int ltc_ecc_projective_dbl_point(ecc_point *P, ecc_point *R, void *modulus, void if (mp_cmp(R->z, modulus) != LTC_MP_LT) { if ((err = mp_sub(R->z, modulus, R->z)) != CRYPT_OK) { goto done; } } - + /* T2 = X - T1 */ if ((err = mp_sub(R->x, t1, t2)) != CRYPT_OK) { goto done; } if (mp_cmp_d(t2, 0) == LTC_MP_LT) { @@ -121,7 +119,7 @@ int ltc_ecc_projective_dbl_point(ecc_point *P, ecc_point *R, void *modulus, void if ((err = mp_add(R->x, modulus, R->x)) != CRYPT_OK) { goto done; } } - /* Y = Y - X */ + /* Y = Y - X */ if ((err = mp_sub(R->y, R->x, R->y)) != CRYPT_OK) { goto done; } if (mp_cmp_d(R->y, 0) == LTC_MP_LT) { if ((err = mp_add(R->y, modulus, R->y)) != CRYPT_OK) { goto done; } @@ -134,14 +132,14 @@ int ltc_ecc_projective_dbl_point(ecc_point *P, ecc_point *R, void *modulus, void if (mp_cmp_d(R->y, 0) == LTC_MP_LT) { if ((err = mp_add(R->y, modulus, R->y)) != CRYPT_OK) { goto done; } } - + err = CRYPT_OK; done: mp_clear_multi(t1, t2, NULL); return err; } #endif -/* $Source$ */ -/* $Revision$ */ -/* $Date$ */ +/* ref: $Format:%D$ */ +/* git commit: $Format:%H$ */ +/* commit time: $Format:%ai$ */ |