From f0da4adf6c729d06ed4f7c5c0fd019570fc42275 Mon Sep 17 00:00:00 2001 From: Dmitry Eremin-Solenikov Date: Thu, 14 Jun 2018 15:39:39 +0300 Subject: nettle/gost: add support for GOST VKO algorithm GOST VKO is a variant of ECDHE algorithm. Signed-off-by: Dmitry Eremin-Solenikov --- lib/nettle/Makefile.am | 2 +- lib/nettle/gost/gostdsa-vko.c | 78 +++++++++++++++++++++++++++++++++++++++++++ lib/nettle/gost/gostdsa.h | 7 ++++ 3 files changed, 86 insertions(+), 1 deletion(-) create mode 100644 lib/nettle/gost/gostdsa-vko.c diff --git a/lib/nettle/Makefile.am b/lib/nettle/Makefile.am index b194c82f89..7260e39bce 100644 --- a/lib/nettle/Makefile.am +++ b/lib/nettle/Makefile.am @@ -92,6 +92,6 @@ libcrypto_la_SOURCES += \ gost/ecc-gost512a.c gost/ecc-gost512a-32.h gost/ecc-gost512a-64.h \ gost/ecc-internal.h gost/gmp-glue.h \ gost/ecc-gostdsa-sign.c gost/ecc-gostdsa-verify.c \ - gost/gostdsa-mask.c gost/gostdsa-sign.c gost/gostdsa-verify.c \ + gost/gostdsa-mask.c gost/gostdsa-sign.c gost/gostdsa-verify.c gost/gostdsa-vko.c \ gost/gostdsa.h gost/ecc-gost-curve.h gost/ecc-gost-hash.c endif diff --git a/lib/nettle/gost/gostdsa-vko.c b/lib/nettle/gost/gostdsa-vko.c new file mode 100644 index 0000000000..89dff1cc45 --- /dev/null +++ b/lib/nettle/gost/gostdsa-vko.c @@ -0,0 +1,78 @@ +/* gostdsa-vko.c + + Copyright (C) 2016 Dmitry Eremin-Solenikov + + This file is part of GNU Nettle. + + GNU Nettle is free software: you can redistribute it and/or + modify it under the terms of either: + + * the GNU Lesser General Public License as published by the Free + Software Foundation; either version 3 of the License, or (at your + option) any later version. + + or + + * the GNU General Public License as published by the Free + Software Foundation; either version 2 of the License, or (at your + option) any later version. + + or both in parallel, as here. + + GNU Nettle is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received copies of the GNU General Public License and + the GNU Lesser General Public License along with this program. If + not, see http://www.gnu.org/licenses/. +*/ + +#if HAVE_CONFIG_H +# include "config.h" +#endif + +#include + +#include + +#include "ecc-internal.h" +#include "gostdsa.h" + +int +gostdsa_vko(const struct ecc_scalar *key, + const struct ecc_point *pub, + size_t ukm_length, const uint8_t *ukm, + size_t out_length, uint8_t *out) +{ + const struct ecc_curve *ecc = key->ecc; + unsigned bsize = (ecc_bit_size(ecc) + 7) / 8; + mp_size_t size = ecc->p.size; + mp_size_t itch = 4*size + ecc->mul_itch; + mp_limb_t *scratch; + + if (itch < 5*size + ecc->h_to_a_itch) + itch = 5*size + ecc->h_to_a_itch; + + if (pub->ecc != ecc) + return 0; + + if (out_length < 2 * bsize) { + return 0; + } + + scratch = gmp_alloc_limbs (itch); + + mpn_set_base256_le (scratch, size, ukm, ukm_length); + if (mpn_zero_p (scratch, size)) + mpn_add_1 (scratch, scratch, size, 1); + ecc_modq_mul (ecc, scratch + 3*size, key->p, scratch); + ecc->mul (ecc, scratch, scratch + 3*size, pub->p, scratch + 4*size); + ecc->h_to_a (ecc, 0, scratch + 3*size, scratch, scratch + 5*size); + mpn_get_base256_le (out, bsize, scratch + 3*size, size); + mpn_get_base256_le (out+bsize, bsize, scratch + 4*size, size); + gmp_free_limbs (scratch, itch); + + return 2 * bsize; +} diff --git a/lib/nettle/gost/gostdsa.h b/lib/nettle/gost/gostdsa.h index 9b0f517529..9e0375f2ce 100644 --- a/lib/nettle/gost/gostdsa.h +++ b/lib/nettle/gost/gostdsa.h @@ -47,6 +47,7 @@ extern "C" { #define gostdsa_sign _gnutls_gostdsa_sign #define gostdsa_verify _gnutls_gostdsa_verify #define gostdsa_unmask_key _gnutls_gostdsa_unmask_key +#define gostdsa_vko _gnutls_gostdsa_vko #define ecc_gostdsa_sign _gnutls_ecc_gostdsa_sign #define ecc_gostdsa_sign_itch _gnutls_ecc_gostdsa_sign_itch #define ecc_gostdsa_verify _gnutls_ecc_gostdsa_verify @@ -75,6 +76,12 @@ int gostdsa_unmask_key (const struct ecc_curve *ecc, mpz_t key); +int +gostdsa_vko(const struct ecc_scalar *key, + const struct ecc_point *pub, + size_t ukm_length, const uint8_t *ukm, + size_t out_length, uint8_t *out); + /* Low-level GOSTDSA functions. */ mp_size_t ecc_gostdsa_sign_itch (const struct ecc_curve *ecc); -- cgit v1.2.1