Merge branch 'fix-gost-nettle-master' into 'master'

lib/nettle/gost: restore compatibility with nettle master

See merge request gnutls/gnutls!1176

4 files changed, 74 insertions, 1 deletions

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 1f124e6e95..f91523821f 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -644,7 +644,7 @@ nettle-master.Fedora:
   - make -j$(nproc) install
   - popd
   - SUBMODULE_NOFETCH=1 ./bootstrap
-  - PKG_CONFIG_PATH=$NETTLE_DIR/lib64/pkgconfig dash ./configure --cache-file cache/config.cache --disable-gcc-warnings --disable-doc --disable-guile --disable-gost
+  - PKG_CONFIG_PATH=$NETTLE_DIR/lib64/pkgconfig dash ./configure --cache-file cache/config.cache --disable-gcc-warnings --disable-doc --disable-guile
   - make -j$(nproc)
   - PKG_CONFIG_PATH=$NETTLE_DIR/lib64/pkgconfig LD_LIBRARY_PATH=$NETTLE_DIR/lib64 make -j$(nproc) check
   tags:
diff --git a/lib/nettle/gost/ecc-gost256cpa.c b/lib/nettle/gost/ecc-gost256cpa.c
index 46525695d2..6d7fa51b3e 100644
--- a/lib/nettle/gost/ecc-gost256cpa.c
+++ b/lib/nettle/gost/ecc-gost256cpa.c
@@ -109,19 +109,33 @@ static const struct ecc_curve _gnutls_gost_256cpa =
   ECC_PIPPENGER_K,
   ECC_PIPPENGER_C,
 
+#ifdef HAVE_NETTLE_CURVE448_MUL
+  ECC_ADD_JJA_ITCH (ECC_LIMB_SIZE),
+#endif
   ECC_ADD_JJJ_ITCH (ECC_LIMB_SIZE),
+#ifdef HAVE_NETTLE_CURVE448_MUL
+  ECC_DUP_JJ_ITCH (ECC_LIMB_SIZE),
+#endif
   ECC_MUL_A_ITCH (ECC_LIMB_SIZE),
   ECC_MUL_G_ITCH (ECC_LIMB_SIZE),
   ECC_J_TO_A_ITCH (ECC_LIMB_SIZE),
 
+#ifdef HAVE_NETTLE_CURVE448_MUL
+  ecc_add_jja,
+#endif
   ecc_add_jjj,
+#ifdef HAVE_NETTLE_CURVE448_MUL
+  ecc_dup_jj,
+#endif
   ecc_mul_a,
   ecc_mul_g,
   ecc_j_to_a,
 
   ecc_b,
   ecc_g,
+#ifndef HAVE_NETTLE_CURVE448_MUL
   NULL,
+#endif
   ecc_unit,
   ecc_table
 };
diff --git a/lib/nettle/gost/ecc-gost512a.c b/lib/nettle/gost/ecc-gost512a.c
index 07d7a97e12..1bd4d1b7af 100644
--- a/lib/nettle/gost/ecc-gost512a.c
+++ b/lib/nettle/gost/ecc-gost512a.c
@@ -109,19 +109,33 @@ static const struct ecc_curve _gnutls_gost_512a =
   ECC_PIPPENGER_K,
   ECC_PIPPENGER_C,
 
+#ifdef HAVE_NETTLE_CURVE448_MUL
+  ECC_ADD_JJA_ITCH (ECC_LIMB_SIZE),
+#endif
   ECC_ADD_JJJ_ITCH (ECC_LIMB_SIZE),
+#ifdef HAVE_NETTLE_CURVE448_MUL
+  ECC_DUP_JJ_ITCH (ECC_LIMB_SIZE),
+#endif
   ECC_MUL_A_ITCH (ECC_LIMB_SIZE),
   ECC_MUL_G_ITCH (ECC_LIMB_SIZE),
   ECC_J_TO_A_ITCH (ECC_LIMB_SIZE),
 
+#ifdef HAVE_NETTLE_CURVE448_MUL
+  ecc_add_jja,
+#endif
   ecc_add_jjj,
+#ifdef HAVE_NETTLE_CURVE448_MUL
+  ecc_dup_jj,
+#endif
   ecc_mul_a,
   ecc_mul_g,
   ecc_j_to_a,
 
   ecc_b,
   ecc_g,
+#ifndef HAVE_NETTLE_CURVE448_MUL
   NULL,
+#endif
   ecc_unit,
   ecc_table
 };
diff --git a/lib/nettle/gost/ecc-internal.h b/lib/nettle/gost/ecc-internal.h
index a553983c9d..2cf6645c23 100644
--- a/lib/nettle/gost/ecc-internal.h
+++ b/lib/nettle/gost/ecc-internal.h
@@ -34,6 +34,10 @@
 #ifndef GNUTLS_LIB_NETTLE_GOST_ECC_INTERNAL_H
 #define GNUTLS_LIB_NETTLE_GOST_ECC_INTERNAL_H
 
+#ifdef HAVE_CONFIG_H
+# include "config.h"
+#endif
+
 #include <nettle/nettle-types.h>
 #include <nettle/bignum.h>
 #include <nettle/ecc-curve.h>
@@ -46,6 +50,8 @@
 #define ecc_mod_inv _nettle_ecc_mod_inv
 #define gost_hash _gnutls_gost_hash
 #define ecc_j_to_a _nettle_ecc_j_to_a
+#define ecc_dup_jj _nettle_ecc_dup_jj
+#define ecc_add_jja _nettle_ecc_add_jja
 #define ecc_add_jjj _nettle_ecc_add_jjj
 #define ecc_mul_g _nettle_ecc_mul_g
 #define ecc_mul_a _nettle_ecc_mul_a
@@ -80,6 +86,10 @@ typedef void ecc_add_func (const struct ecc_curve *ecc,
 			   const mp_limb_t *p, const mp_limb_t *q,
 			   mp_limb_t *scratch);
 
+typedef void ecc_dup_func (const struct ecc_curve *ecc,
+			   mp_limb_t *r, const mp_limb_t *p,
+			   mp_limb_t *scratch);
+
 typedef void ecc_mul_g_func (const struct ecc_curve *ecc, mp_limb_t *r,
 			     const mp_limb_t *np, mp_limb_t *scratch);
 
@@ -136,12 +146,24 @@ struct ecc_curve
   unsigned short pippenger_k;
   unsigned short pippenger_c;
 
+#ifdef HAVE_NETTLE_CURVE448_MUL
+  unsigned short add_hh_itch;
+#endif
   unsigned short add_hhh_itch;
+#ifdef HAVE_NETTLE_CURVE448_MUL
+  unsigned short dup_itch;
+#endif
   unsigned short mul_itch;
   unsigned short mul_g_itch;
   unsigned short h_to_a_itch;
 
+#ifdef HAVE_NETTLE_CURVE448_MUL
+  ecc_add_func *add_hh;
+#endif
   ecc_add_func *add_hhh;
+#ifdef HAVE_NETTLE_CURVE448_MUL
+  ecc_dup_func *dup;
+#endif
   ecc_mul_func *mul;
   ecc_mul_g_func *mul_g;
   ecc_h_to_a_func *h_to_a;
@@ -153,7 +175,9 @@ struct ecc_curve
   const mp_limb_t *g;
   /* If non-NULL, the constant needed for transformation to the
      equivalent Edwards curve. */
+#ifndef HAVE_NETTLE_CURVE448_MUL
   const mp_limb_t *edwards_root;
+#endif
 
   /* For redc, same as B mod p, otherwise 1. */
   const mp_limb_t *unit;
@@ -211,6 +235,25 @@ ecc_j_to_a (const struct ecc_curve *ecc,
 	    mp_limb_t *r, const mp_limb_t *p,
 	    mp_limb_t *scratch);
 
+/* Point doubling, with jacobian input and output. Corner cases:
+   Correctly sets R = 0 (r_Z = 0) if p = 0 or 2p = 0. */
+void
+ecc_dup_jj (const struct ecc_curve *ecc,
+	    mp_limb_t *r, const mp_limb_t *p,
+	    mp_limb_t *scratch);
+
+/* Point addition, with jacobian output, one jacobian input and one
+   affine input. Corner cases: Fails for the cases
+
+     P = Q != 0                       Duplication of non-zero point
+     P = 0, Q != 0 or P != 0, Q = 0   One input zero
+   
+     Correctly gives R = 0 if P = Q = 0 or P = -Q. */
+void
+ecc_add_jja (const struct ecc_curve *ecc,
+	     mp_limb_t *r, const mp_limb_t *p, const mp_limb_t *q,
+	     mp_limb_t *scratch);
+
 /* Point addition with Jacobian input and output. */
 void
 ecc_add_jjj (const struct ecc_curve *ecc,
@@ -240,6 +283,8 @@ cnd_copy (int cnd, mp_limb_t *rp, const mp_limb_t *ap, mp_size_t n);
 /* Current scratch needs: */
 #define ECC_MOD_INV_ITCH(size) (2*(size))
 #define ECC_J_TO_A_ITCH(size) (5*(size))
+#define ECC_DUP_JJ_ITCH(size) (5*(size))
+#define ECC_ADD_JJA_ITCH(size) (6*(size))
 #define ECC_ADD_JJJ_ITCH(size) (8*(size))
 #define ECC_MUL_G_ITCH(size) (9*(size))
 #if ECC_MUL_A_WBITS == 0