gost: use gostdsa-vko from nettle 3.6rc3

Now as we have upgraded Nettle to 3.6rc3 (which includes gostdsa_vko),
use this function from imported nettle sources.

Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>

5 files changed, 3 insertions, 118 deletions

diff --git a/configure.ac b/configure.ac
index 2d0a42665e..fb24986bb6 100644
--- a/configure.ac
+++ b/configure.ac
@@ -663,12 +663,6 @@ AC_CHECK_FUNCS([nettle_chacha_set_counter],
 LIBS=$save_LIBS
 AM_CONDITIONAL(NEED_CHACHA, [test "$have_chacha_set_counter" != "yes"])
 
-# Check for VKO
-save_LIBS=$LIBS
-LIBS="$LIBS $NETTLE_LIBS $HOGWEED_LIBS"
-AC_CHECK_FUNCS(nettle_gostdsa_vko)
-LIBS=$save_LIBS
-
 # Check sonames of the linked libraries needed for FIPS selftests.
 save_LIBS=$LIBS
 LIBS="$LIBS $GMP_LIBS"
diff --git a/devel/import-ecc-from-nettle.sh b/devel/import-ecc-from-nettle.sh
index 6bfb9d30d8..da121786dd 100755
--- a/devel/import-ecc-from-nettle.sh
+++ b/devel/import-ecc-from-nettle.sh
@@ -56,6 +56,7 @@ eddsa-verify.c
 gostdsa.h
 gostdsa-sign.c
 gostdsa-verify.c
+gostdsa-vko.c
 gmp-glue.h
 gmp-glue.c
 nettle-write.h
diff --git a/lib/nettle/Makefile.am b/lib/nettle/Makefile.am
index 94aab0262e..9595aef532 100644
--- a/lib/nettle/Makefile.am
+++ b/lib/nettle/Makefile.am
@@ -83,7 +83,7 @@ libcrypto_la_SOURCES += \
 	gost/bignum-le.c gost/bignum-le.h
 
 libcrypto_la_SOURCES += \
-	gost/gostdsa-mask.c gost/gostdsa-vko.c gost/gostdsa2.h
+	gost/gostdsa-mask.c gost/gostdsa2.h
 
 libcrypto_la_SOURCES += gost_keywrap.c
 endif
@@ -156,7 +156,7 @@ libcrypto_la_SOURCES += \
 	ecc/ecc-j-to-a.c \
 	ecc/ecc-gost-gc256b.c ecc/ecc-gost-gc512a.c \
 	ecc/ecc-gostdsa-sign.c ecc/ecc-gostdsa-verify.c \
-	ecc/gostdsa.h ecc/gostdsa-sign.c ecc/gostdsa-verify.c
+	ecc/gostdsa.h ecc/gostdsa-sign.c ecc/gostdsa-verify.c ecc/gostdsa-vko.c
 
 libcrypto_la_SOURCES += \
 	ecc/eddsa.h ecc/eddsa-compress.c ecc/eddsa-decompress.c \
@@ -164,9 +164,6 @@ libcrypto_la_SOURCES += \
 	ecc/eddsa-pubkey.c ecc/eddsa-sign.c ecc/eddsa-verify.c \
 	ecc/ed448-shake256.c ecc/ed448-shake256-pubkey.c \
 	ecc/ed448-shake256-sign.c ecc/ed448-shake256-verify.c
-else
-libcrypto_la_SOURCES += \
-	ecc/gmp-glue.h ecc/gmp-glue.c ecc/ecc-mod-arith.c
 endif
 
 if NEED_CHACHA
diff --git a/lib/nettle/gost/gostdsa-vko.c b/lib/nettle/gost/gostdsa-vko.c
deleted file mode 100644
index ec6fba5831..0000000000
--- a/lib/nettle/gost/gostdsa-vko.c
+++ /dev/null
@@ -1,97 +0,0 @@
-/* gostdsa-vko.c
-
-   Copyright (C) 2016 Dmitry Eremin-Solenikov
-
-   This file is part of GNU Nettle.
-
-   GNU Nettle is free software: you can redistribute it and/or
-   modify it under the terms of either:
-
-     * the GNU Lesser General Public License as published by the Free
-       Software Foundation; either version 3 of the License, or (at your
-       option) any later version.
-
-   or
-
-     * the GNU General Public License as published by the Free
-       Software Foundation; either version 2 of the License, or (at your
-       option) any later version.
-
-   or both in parallel, as here.
-
-   GNU Nettle is distributed in the hope that it will be useful,
-   but WITHOUT ANY WARRANTY; without even the implied warranty of
-   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-   General Public License for more details.
-
-   You should have received copies of the GNU General Public License and
-   the GNU Lesser General Public License along with this program.  If
-   not, see http://www.gnu.org/licenses/.
-*/
-
-#if HAVE_CONFIG_H
-# include "config.h"
-#endif
-
-#ifndef HAVE_NETTLE_GOSTDSA_VKO
-
-#include <gnutls_int.h>
-
-#include <stdlib.h>
-
-#include "ecc/ecc-internal.h"
-#include "gostdsa2.h"
-
-/*
- * Shared key derivation/key agreement for GOST DSA algorithm.
- * It is defined in RFC 4357 Section 5.2 and RFC 7836 Section 4.3.1
- *
- * Basically shared key is equal to hash(cofactor * ukm * priv * pub). This
- * function does multiplication. Caller should do hashing on his own.
- *
- * UKM is not a secret value (consider it as a nonce).
- *
- * For supported GOST curves cofactor is equal to 1.
- */
-void
-gostdsa_vko(const struct ecc_scalar *priv,
-	    const struct ecc_point *pub,
-	    size_t ukm_length, const uint8_t *ukm,
-	    uint8_t *out)
-{
-  const struct ecc_curve *ecc = priv->ecc;
-  unsigned bsize = (ecc_bit_size(ecc) + 7) / 8;
-  mp_size_t size = ecc->p.size;
-  mp_size_t itch = 4*size + ecc->mul_itch;
-  mp_limb_t *scratch;
-
-  if (itch < 5*size + ecc->h_to_a_itch)
-      itch = 5*size + ecc->h_to_a_itch;
-
-  assert (pub->ecc == ecc);
-  assert (priv->ecc == ecc);
-  assert (ukm_length <= bsize);
-
-  scratch = gmp_alloc_limbs (itch);
-
-#define UKM scratch
-#define TEMP (scratch + 3*size)
-#define XYZ scratch
-#define TEMP_Y (scratch + 4*size)
-
-  mpn_set_base256_le (UKM, size, ukm, ukm_length);
-
-  /* If ukm is 0, set it to 1, otherwise the result will be allways equal to 0,
-   * no matter what private and public keys are. See RFC 4357 referencing GOST
-   * R 34.10-2001 (RFC 5832) Section 6.1 step 2. */
-  if (mpn_zero_p (UKM, size))
-    UKM[0] = 1;
-
-  ecc_mod_mul (&ecc->q, TEMP, priv->p, UKM); /* TEMP = UKM * priv */
-  ecc->mul (ecc, XYZ, TEMP, pub->p, scratch + 4*size); /* XYZ = UKM * priv * pub */
-  ecc->h_to_a (ecc, 0, TEMP, XYZ, scratch + 5*size); /* TEMP = XYZ */
-  mpn_get_base256_le (out, bsize, TEMP, size);
-  mpn_get_base256_le (out+bsize, bsize, TEMP_Y, size);
-  gmp_free_limbs (scratch, itch);
-}
-#endif
diff --git a/lib/nettle/gost/gostdsa2.h b/lib/nettle/gost/gostdsa2.h
index a9767556b9..9328a8af73 100644
--- a/lib/nettle/gost/gostdsa2.h
+++ b/lib/nettle/gost/gostdsa2.h
@@ -52,16 +52,6 @@ int
 gostdsa_unmask_key (const struct ecc_curve *ecc,
 		    mpz_t key);
 
-#ifndef HAVE_NETTLE_GOSTDSA_VKO
-
-#define gostdsa_vko _gnutls_gostdsa_vko
-void
-gostdsa_vko(const struct ecc_scalar *priv,
-	    const struct ecc_point *pub,
-	    size_t ukm_length, const uint8_t *ukm,
-	    uint8_t *out);
-#endif
-
 #ifdef __cplusplus
 }
 #endif