summaryrefslogtreecommitdiff
path: root/lib/nettle/ecc
diff options
context:
space:
mode:
Diffstat (limited to 'lib/nettle/ecc')
-rw-r--r--lib/nettle/ecc/override/ecc-gostdsa-verify.c.diff19
-rw-r--r--lib/nettle/ecc/override/ecc-internal.h.diff26
-rw-r--r--lib/nettle/ecc/override/ecc-mod-arith.c.diff19
-rw-r--r--lib/nettle/ecc/override/eddsa-hash.c.diff30
-rw-r--r--lib/nettle/ecc/override/gostdsa-vko.c.diff16
5 files changed, 110 insertions, 0 deletions
diff --git a/lib/nettle/ecc/override/ecc-gostdsa-verify.c.diff b/lib/nettle/ecc/override/ecc-gostdsa-verify.c.diff
new file mode 100644
index 0000000000..143143e66d
--- /dev/null
+++ b/lib/nettle/ecc/override/ecc-gostdsa-verify.c.diff
@@ -0,0 +1,19 @@
+diff --git a/ecc-gostdsa-verify.c b/ecc-gostdsa-verify.c
+index 29b82c84..906abbf3 100644
+--- a/ecc-gostdsa-verify.c
++++ b/ecc-gostdsa-verify.c
+@@ -102,11 +102,11 @@ ecc_gostdsa_verify (const struct ecc_curve *ecc,
+ ecc->q.invert (&ecc->q, vp, hp, vp + 2*ecc->p.size);
+
+ /* z1 = s / h, P1 = z1 * G */
+- ecc_mod_mul (&ecc->q, z1, sp, vp);
++ ecc_mod_mul_canonical (&ecc->q, z1, sp, vp);
+
+ /* z2 = - r / h, P2 = z2 * Y */
+- ecc_mod_mul (&ecc->q, z2, rp, vp);
+- mpn_sub_n (z2, ecc->q.m, z2, ecc->p.size);
++ mpn_sub_n (hp, ecc->q.m, rp, ecc->p.size);
++ ecc_mod_mul_canonical (&ecc->q, z2, hp, vp);
+
+ /* Total storage: 5*ecc->p.size + ecc->mul_itch */
+ ecc->mul (ecc, P2, z2, pp, z2 + ecc->p.size);
diff --git a/lib/nettle/ecc/override/ecc-internal.h.diff b/lib/nettle/ecc/override/ecc-internal.h.diff
new file mode 100644
index 0000000000..170191836c
--- /dev/null
+++ b/lib/nettle/ecc/override/ecc-internal.h.diff
@@ -0,0 +1,26 @@
+diff --git a/ecc-internal.h b/ecc-internal.h
+index 9e24e0ce..2cc9b137 100644
+--- a/ecc-internal.h
++++ b/ecc-internal.h
+@@ -49,6 +49,7 @@
+ #define ecc_mod_submul_1 _nettle_ecc_mod_submul_1
+ #define ecc_mod_mul _nettle_ecc_mod_mul
+ #define ecc_mod_sqr _nettle_ecc_mod_sqr
++#define ecc_mod_mul_canonical _nettle_ecc_mod_mul_canonical
+ #define ecc_mod_random _nettle_ecc_mod_random
+ #define ecc_mod _nettle_ecc_mod
+ #define ecc_mod_inv _nettle_ecc_mod_inv
+@@ -256,6 +257,13 @@ void
+ ecc_mod_sqr (const struct ecc_modulo *m, mp_limb_t *rp,
+ const mp_limb_t *ap);
+
++/* mul function produces a canonical result, 0 <= R < M, needs 2*m->size limbs
++ * at rp.
++ */
++void
++ecc_mod_mul_canonical (const struct ecc_modulo *m, mp_limb_t *rp,
++ const mp_limb_t *ap, const mp_limb_t *bp);
++
+ /* mod q operations. */
+ void
+ ecc_mod_random (const struct ecc_modulo *m, mp_limb_t *xp,
diff --git a/lib/nettle/ecc/override/ecc-mod-arith.c.diff b/lib/nettle/ecc/override/ecc-mod-arith.c.diff
new file mode 100644
index 0000000000..17b2592e30
--- /dev/null
+++ b/lib/nettle/ecc/override/ecc-mod-arith.c.diff
@@ -0,0 +1,19 @@
+diff --git a/ecc-mod-arith.c b/ecc-mod-arith.c
+index f2e47f67..959eae1c 100644
+--- a/ecc-mod-arith.c
++++ b/ecc-mod-arith.c
+@@ -125,3 +125,14 @@ ecc_mod_sqr (const struct ecc_modulo *m, mp_limb_t *rp,
+ mpn_sqr (rp, ap, m->size);
+ m->reduce (m, rp);
+ }
++
++void
++ecc_mod_mul_canonical (const struct ecc_modulo *m, mp_limb_t *rp,
++ const mp_limb_t *ap, const mp_limb_t *bp)
++{
++ mp_limb_t cy;
++ ecc_mod_mul(m, rp, ap, bp);
++
++ cy = mpn_sub_n (rp + m->size, rp, m->m, m->size);
++ cnd_copy (!cy, rp, rp + m->size, m->size);
++}
diff --git a/lib/nettle/ecc/override/eddsa-hash.c.diff b/lib/nettle/ecc/override/eddsa-hash.c.diff
new file mode 100644
index 0000000000..f2237e503f
--- /dev/null
+++ b/lib/nettle/ecc/override/eddsa-hash.c.diff
@@ -0,0 +1,30 @@
+diff --git a/eddsa-hash.c b/eddsa-hash.c
+index e05f6ac1..743dc4be 100644
+--- a/eddsa-hash.c
++++ b/eddsa-hash.c
+@@ -44,13 +44,14 @@
+ #include "ecc-internal.h"
+ #include "nettle-internal.h"
+
+-/* Convert hash digest to integer, and reduce modulo q, to m->size
+- limbs. Needs space for 2*m->size + 1 at rp. */
++/* Convert hash digest to integer, and reduce canonically modulo q.
++ Needs space for 2*m->size + 1 at rp. */
+ void
+ _eddsa_hash (const struct ecc_modulo *m,
+ mp_limb_t *rp, size_t digest_size, const uint8_t *digest)
+ {
+ mp_size_t nlimbs = (8*digest_size + GMP_NUMB_BITS - 1) / GMP_NUMB_BITS;
++ mp_limb_t cy;
+
+ mpn_set_base256_le (rp, nlimbs, digest, digest_size);
+
+@@ -75,4 +76,8 @@ _eddsa_hash (const struct ecc_modulo *m,
+ assert (hi == 0);
+ }
+ m->mod (m, rp);
++ /* Ensure canonical reduction. */
++ cy = mpn_sub_n (rp + m->size, rp, m->m, m->size);
++ cnd_copy (cy, rp + m->size, rp, m->size);
++ mpn_copyi (rp, rp + m->size, m->size);
+ }
diff --git a/lib/nettle/ecc/override/gostdsa-vko.c.diff b/lib/nettle/ecc/override/gostdsa-vko.c.diff
new file mode 100644
index 0000000000..8a058db99e
--- /dev/null
+++ b/lib/nettle/ecc/override/gostdsa-vko.c.diff
@@ -0,0 +1,16 @@
+diff --git a/gostdsa-vko.c b/gostdsa-vko.c
+index 7bdcdfc3..c6697ab3 100644
+--- a/gostdsa-vko.c
++++ b/gostdsa-vko.c
+@@ -87,7 +87,8 @@ gostdsa_vko (const struct ecc_scalar *priv,
+ if (mpn_zero_p (UKM, size))
+ UKM[0] = 1;
+
+- ecc_mod_mul (&ecc->q, TEMP, priv->p, UKM); /* TEMP = UKM * priv */
++ ecc_mod_mul_canonical (&ecc->q, TEMP, priv->p, UKM); /* TEMP = UKM * priv */
++
+ ecc->mul (ecc, XYZ, TEMP, pub->p, scratch + 4*size); /* XYZ = UKM * priv * pub */
+ ecc->h_to_a (ecc, 0, TEMP, XYZ, scratch + 5*size); /* TEMP = XYZ */
+ mpn_get_base256_le (out, bsize, TEMP, size);
+--
+2.31.1
View Lorry Controller Status