summaryrefslogtreecommitdiff
path: root/cipher/ecc-curves.c
diff options
context:
space:
mode:
authorNIIBE Yutaka <gniibe@fsij.org>2019-10-21 10:47:03 +0900
committerNIIBE Yutaka <gniibe@fsij.org>2019-10-21 10:47:03 +0900
commita258ae728de62607b3ef4eca940cfbcf9965fa5f (patch)
treeb9ebab09d4f6323325f2a98da2f7733b617d2b3d /cipher/ecc-curves.c
parent579d5d6017d63b5eabec588b24d1a22566455bac (diff)
downloadlibgcrypt-a258ae728de62607b3ef4eca940cfbcf9965fa5f.tar.gz
ecc: Simply use unsigned int for cofactor, not MPI.
* cipher/ecc-common.h (elliptic_curve_t): Use unsigned int for H. * src/ec-context.h (struct mpi_ec_ctx_s): Ditto. * cipher/ecc-curves.c (ecc_domain_parms_t): Ditto. (domain_parms): Update for the cofactors. (_gcry_ecc_fill_in_curve): H is no longer MPI, but unsigned int. (_gcry_ecc_get_curve): Remove handling for H. (_gcry_mpi_ec_new): In KEYPARM, cofactor is still MPI. (_gcry_ecc_get_param_sexp): H is no longer MPI, but unsigned int. (_gcry_ecc_get_mpi): Keep the API, returning MPI for "h". (_gcry_ecc_set_mpi): Likewise. * cipher/ecc-ecdh.c (_gcry_ecc_mul_point): Fix for unsigned int. * cipher/ecc-eddsa.c (_gcry_ecc_eddsa_genkey): Likewise. * cipher/ecc-misc.c (_gcry_ecc_curve_free): Likewise. * cipher/ecc.c (nist_generate_key, test_ecdh_only_keys): Likewise. (test_ecdh_only_keys, ecc_generate, ecc_check_secret_key): Likewise. (ecc_sign, ecc_verify, ecc_encrypt_raw, ecc_decrypt_raw): Likewise. (_gcry_pk_ecc_get_sexp): Likewise. * mpi/ec.c (ec_deinit): Likewise. Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
Diffstat (limited to 'cipher/ecc-curves.c')
-rw-r--r--cipher/ecc-curves.c128
1 files changed, 60 insertions, 68 deletions
diff --git a/cipher/ecc-curves.c b/cipher/ecc-curves.c
index 11b3347e..45c605a9 100644
--- a/cipher/ecc-curves.c
+++ b/cipher/ecc-curves.c
@@ -126,7 +126,7 @@ typedef struct
Curves (a,b) has ((A-2)/4,B^-1). */
const char *n; /* The order of the base point. */
const char *g_x, *g_y; /* Base point. */
- const char *h; /* Cofactor. */
+ unsigned int h; /* Cofactor. */
} ecc_domain_parms_t;
@@ -143,7 +143,7 @@ static const ecc_domain_parms_t domain_parms[] =
"0x1000000000000000000000000000000014DEF9DEA2F79CD65812631A5CF5D3ED",
"0x216936D3CD6E53FEC0A4E231FDD6DC5C692CC7609525A7B2C9562D608F25D51A",
"0x6666666666666666666666666666666666666666666666666666666666666658",
- "0x08"
+ 8
},
{
/* (y^2 = x^3 + 486662*x^2 + x) */
@@ -155,7 +155,7 @@ static const ecc_domain_parms_t domain_parms[] =
"0x1000000000000000000000000000000014DEF9DEA2F79CD65812631A5CF5D3ED",
"0x0000000000000000000000000000000000000000000000000000000000000009",
"0x20AE19A1B8A086B4E01EDD2C7748D14C923D4D7E6D7C61B229E9C5A27ECED3D9",
- "0x08"
+ 8
/* Note: As per RFC-7748 errata eid4730 the g_y value should be
* "0x5F51E65E475F794B1FE122D388B72EB36DC2B28192839E4DD6163A5D81312C14"
* but that breaks the keygrip. The new value is recovered in
@@ -176,7 +176,7 @@ static const ecc_domain_parms_t domain_parms[] =
"0x1A334905141443300218C0631C326E5FCD46369F44C03EC7F57FF35498A4AB4D"
"6D6BA111301A73FAA8537C64C4FD3812F3CBC595",
"0x22",
- "0x08"
+ 8
},
#endif /*0*/
{
@@ -189,7 +189,7 @@ static const ecc_domain_parms_t domain_parms[] =
"0x188da80eb03090f67cbf20eb43a18800f4ff0afd82ff1012",
"0x07192b95ffc8da78631011ed6b24cdd573f977a11e794811",
- "0x01"
+ 1
},
{
"NIST P-224", 224, 1,
@@ -201,7 +201,7 @@ static const ecc_domain_parms_t domain_parms[] =
"0xb70e0cbd6bb4bf7f321390b94a03c1d356c21122343280d6115c1d21",
"0xbd376388b5f723fb4c22dfe6cd4375a05a07476444d5819985007e34",
- "0x01"
+ 1
},
{
"NIST P-256", 256, 1,
@@ -213,7 +213,7 @@ static const ecc_domain_parms_t domain_parms[] =
"0x6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296",
"0x4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5",
- "0x01"
+ 1
},
{
"NIST P-384", 384, 1,
@@ -231,7 +231,7 @@ static const ecc_domain_parms_t domain_parms[] =
"5502f25dbf55296c3a545e3872760ab7",
"0x3617de4a96262c6f5d9e98bf9292dc29f8f41dbd289a147ce9da3113b5f0b8c0"
"0a60b1ce1d7e819d7a431d7c90ea0e5f",
- "0x01"
+ 1
},
{
"NIST P-521", 521, 1,
@@ -249,7 +249,7 @@ static const ecc_domain_parms_t domain_parms[] =
"3dbaa14b5e77efe75928fe1dc127a2ffa8de3348b3c1856a429bf97e7e31c2e5bd66",
"0x011839296a789a3bc0045c8a5fb42c7d1bd998f54449579b446817afbd17273e"
"662c97ee72995ef42640c550b9013fad0761353c7086a272c24088be94769fd16650",
- "0x01"
+ 1
},
{ "brainpoolP160r1", 160, 0,
@@ -260,7 +260,7 @@ static const ecc_domain_parms_t domain_parms[] =
"0xe95e4a5f737059dc60df5991d45029409e60fc09",
"0xbed5af16ea3f6a4f62938c4631eb5af7bdbcdbc3",
"0x1667cb477a1a8ec338f94741669c976316da6321",
- "0x01"
+ 1
},
{ "brainpoolP192r1", 192, 0,
@@ -271,7 +271,7 @@ static const ecc_domain_parms_t domain_parms[] =
"0xc302f41d932a36cda7a3462f9e9e916b5be8f1029ac4acc1",
"0xc0a0647eaab6a48753b033c56cb0f0900a2f5c4853375fd6",
"0x14b690866abd5bb88b5f4828c1490002e6773fa2fa299b8f",
- "0x01"
+ 1
},
{ "brainpoolP224r1", 224, 0,
@@ -282,7 +282,7 @@ static const ecc_domain_parms_t domain_parms[] =
"0xd7c134aa264366862a18302575d0fb98d116bc4b6ddebca3a5a7939f",
"0x0d9029ad2c7e5cf4340823b2a87dc68c9e4ce3174c1e6efdee12c07d",
"0x58aa56f772c0726f24c6b89e4ecdac24354b9e99caa3f6d3761402cd",
- "0x01"
+ 1
},
{ "brainpoolP256r1", 256, 0,
@@ -293,7 +293,7 @@ static const ecc_domain_parms_t domain_parms[] =
"0xa9fb57dba1eea9bc3e660a909d838d718c397aa3b561a6f7901e0e82974856a7",
"0x8bd2aeb9cb7e57cb2c4b482ffc81b7afb9de27e1e3bd23c23a4453bd9ace3262",
"0x547ef835c3dac4fd97f8461a14611dc9c27745132ded8e545c1d54c72f046997",
- "0x01"
+ 1
},
{ "brainpoolP320r1", 320, 0,
@@ -310,7 +310,7 @@ static const ecc_domain_parms_t domain_parms[] =
"10af8d0d39e20611",
"0x14fdd05545ec1cc8ab4093247f77275e0743ffed117182eaa9c77877aaac6ac7"
"d35245d1692e8ee1",
- "0x01"
+ 1
},
{ "brainpoolP384r1", 384, 0,
@@ -327,7 +327,7 @@ static const ecc_domain_parms_t domain_parms[] =
"e826e03436d646aaef87b2e247d4af1e",
"0x8abe1d7520f9c2a45cb1eb8e95cfd55262b70b29feec5864e19c054ff9912928"
"0e4646217791811142820341263c5315",
- "0x01"
+ 1
},
{ "brainpoolP512r1", 512, 0,
@@ -344,7 +344,7 @@ static const ecc_domain_parms_t domain_parms[] =
"ff3b1f78e2d0d48d50d1687b93b97d5f7c6d5047406a5e688b352209bcb9f822",
"0x7dde385d566332ecc0eabfa9cf7822fdf209f70024a57b1aa000c55b881f8111"
"b2dcde494a5f485e5bca4bd88a2763aed1ca2b2fa8f0540678cd1e0f3ad80892",
- "0x01"
+ 1
},
{
"GOST2001-test", 256, 0,
@@ -356,7 +356,7 @@ static const ecc_domain_parms_t domain_parms[] =
"0x0000000000000000000000000000000000000000000000000000000000000002",
"0x08e2a8a0e65147d4bd6316030e16d19c85c97f0a9ca267122b96abbcea7e8fc8",
- "0x01"
+ 1
},
{
"GOST2001-CryptoPro-A", 256, 0,
@@ -367,7 +367,7 @@ static const ecc_domain_parms_t domain_parms[] =
"0xffffffffffffffffffffffffffffffff6c611070995ad10045841b09b761b893",
"0x0000000000000000000000000000000000000000000000000000000000000001",
"0x8d91e471e0989cda27df505a453f2b7635294f2ddf23e3b122acc99c9e9f1e14",
- "0x01"
+ 1
},
{
"GOST2001-CryptoPro-B", 256, 0,
@@ -378,7 +378,7 @@ static const ecc_domain_parms_t domain_parms[] =
"0x800000000000000000000000000000015f700cfff1a624e5e497161bcc8a198f",
"0x0000000000000000000000000000000000000000000000000000000000000001",
"0x3fa8124359f96680b83d1c3eb2c070e5c545c9858d03ecfb744bf8d717717efc",
- "0x01"
+ 1
},
{
"GOST2001-CryptoPro-C", 256, 0,
@@ -389,7 +389,7 @@ static const ecc_domain_parms_t domain_parms[] =
"0x9b9f605f5a858107ab1ec85e6b41c8aa582ca3511eddfb74f02f3a6598980bb9",
"0x0000000000000000000000000000000000000000000000000000000000000000",
"0x41ece55743711a8c3cbf3783cd08c0ee4d4dc440d4641a8f366e550dfdb3bb67",
- "0x01"
+ 1
},
{
"GOST2012-test", 511, 0,
@@ -406,7 +406,7 @@ static const ecc_domain_parms_t domain_parms[] =
"fd60611262cd838dc6b60aa7eee804e28bc849977fac33b4b530f1b120248a9a",
"0x2bb312a43bd2ce6e0d020613c857acddcfbf061e91e5f2c3f32447c259f39b2"
"c83ab156d77f1496bf7eb3351e1ee4e43dc1a18b91b24640b6dbb92cb1add371e",
- "0x01"
+ 1
},
{
"GOST2012-tc26-A", 512, 0,
@@ -423,7 +423,7 @@ static const ecc_domain_parms_t domain_parms[] =
"0000000000000000000000000000000000000000000000000000000000000003",
"0x7503cfe87a836ae3a61b8816e25450e6ce5e1c93acf1abc1778064fdcbefa921"
"df1626be4fd036e93d75e6a50e3a41e98028fe5fc235f5b889a589cb5215f2a4",
- "0x01"
+ 1
},
{
"GOST2012-tc26-B", 512, 0,
@@ -440,7 +440,7 @@ static const ecc_domain_parms_t domain_parms[] =
"0000000000000000000000000000000000000000000000000000000000000002",
"0x1a8f7eda389b094c2c071e3647a8940f3c123b697578c213be6dd9e6c8ec7335"
"dcb228fd1edf4a39152cbcaaf8c0398828041055f94ceeec7e21340780fe41bd",
- "0x01"
+ 1
},
{
@@ -452,7 +452,7 @@ static const ecc_domain_parms_t domain_parms[] =
"0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141",
"0x79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798",
"0x483ADA7726A3C4655DA4FBFC0E1108A8FD17B448A68554199C47D08FFB10D4B8",
- "0x01"
+ 1
},
{ NULL, 0, 0, 0, 0, NULL, NULL, NULL, NULL, NULL }
@@ -605,12 +605,11 @@ _gcry_ecc_fill_in_curve (unsigned int nbits, const char *name,
}
if (!curve->n)
curve->n = scanval (domain_parms[idx].n);
- if (!curve->h)
- curve->h = scanval (domain_parms[idx].h);
if (!curve->G.x)
curve->G.x = scanval (domain_parms[idx].g_x);
if (!curve->G.y)
curve->G.y = scanval (domain_parms[idx].g_y);
+ curve->h = domain_parms[idx].h;
/*
* In the constants of domain_parms, we defined Curve25519
@@ -727,8 +726,8 @@ _gcry_ecc_get_curve (gcry_sexp_t keyparms, int iterator, unsigned int *r_nbits)
/*
* Extract the curve parameters..
*/
- rc = gpg_err_code (sexp_extract_param (keyparms, NULL, "-pabgnh",
- &E.p, &E.a, &E.b, &mpi_g, &E.n, &E.h,
+ rc = gpg_err_code (sexp_extract_param (keyparms, NULL, "-pabgn",
+ &E.p, &E.a, &E.b, &mpi_g, &E.n,
NULL));
if (rc == GPG_ERR_NO_OBJ)
{
@@ -786,22 +785,17 @@ _gcry_ecc_get_curve (gcry_sexp_t keyparms, int iterator, unsigned int *r_nbits)
if (!mpi_cmp (tmp, E.n))
{
mpi_free (tmp);
- tmp = scanval (domain_parms[idx].h);
- if (!mpi_cmp (tmp, E.h))
+ tmp = scanval (domain_parms[idx].g_x);
+ if (!mpi_cmp (tmp, E.G.x))
{
mpi_free (tmp);
- tmp = scanval (domain_parms[idx].g_x);
- if (!mpi_cmp (tmp, E.G.x))
+ tmp = scanval (domain_parms[idx].g_y);
+ if (!mpi_cmp (tmp, E.G.y))
{
- mpi_free (tmp);
- tmp = scanval (domain_parms[idx].g_y);
- if (!mpi_cmp (tmp, E.G.y))
- {
- result = domain_parms[idx].desc;
- if (r_nbits)
- *r_nbits = domain_parms[idx].nbits;
- goto leave;
- }
+ result = domain_parms[idx].desc;
+ if (r_nbits)
+ *r_nbits = domain_parms[idx].nbits;
+ goto leave;
}
}
}
@@ -818,7 +812,6 @@ _gcry_ecc_get_curve (gcry_sexp_t keyparms, int iterator, unsigned int *r_nbits)
_gcry_mpi_release (mpi_g);
_gcry_mpi_point_free_parts (&E.G);
_gcry_mpi_release (E.n);
- _gcry_mpi_release (E.h);
return result;
}
@@ -947,7 +940,7 @@ _gcry_mpi_ec_new (gcry_ctx_t *r_ctx,
gcry_mpi_t b = NULL;
gcry_mpi_point_t G = NULL;
gcry_mpi_t n = NULL;
- gcry_mpi_t h = NULL;
+ unsigned int h = 1;
gcry_mpi_point_t Q = NULL;
gcry_mpi_t d = NULL;
int flags = 0;
@@ -975,6 +968,8 @@ _gcry_mpi_ec_new (gcry_ctx_t *r_ctx,
explicitly been requested, parse them. */
if (!l1 || (flags & PUBKEY_FLAG_PARAM))
{
+ gcry_mpi_t cofactor = NULL;
+
errc = mpi_from_keyparam (&p, keyparam, "p");
if (errc)
goto leave;
@@ -990,9 +985,14 @@ _gcry_mpi_ec_new (gcry_ctx_t *r_ctx,
errc = mpi_from_keyparam (&n, keyparam, "n");
if (errc)
goto leave;
- errc = mpi_from_keyparam (&h, keyparam, "h");
+ errc = mpi_from_keyparam (&cofactor, keyparam, "h");
if (errc)
goto leave;
+ if (cofactor)
+ {
+ mpi_get_ui (&h, cofactor);
+ mpi_free (cofactor);
+ }
}
}
else
@@ -1066,11 +1066,7 @@ _gcry_mpi_ec_new (gcry_ctx_t *r_ctx,
n = E->n;
E->n = NULL;
}
- if (!h)
- {
- h = E->h;
- E->h = NULL;
- }
+ h = E->h;
_gcry_ecc_curve_free (E);
xfree (E);
}
@@ -1097,11 +1093,7 @@ _gcry_mpi_ec_new (gcry_ctx_t *r_ctx,
ec->n = n;
n = NULL;
}
- if (h)
- {
- ec->h = h;
- h = NULL;
- }
+ ec->h = h;
/* Now that we know the curve name we can look for the public key
Q. point_from_keyparam needs to know the curve parameters so
@@ -1140,7 +1132,6 @@ _gcry_mpi_ec_new (gcry_ctx_t *r_ctx,
mpi_free (b);
_gcry_mpi_point_release (G);
mpi_free (n);
- mpi_free (h);
_gcry_mpi_point_release (Q);
mpi_free (d);
return errc;
@@ -1155,7 +1146,7 @@ _gcry_ecc_get_param_sexp (const char *name)
elliptic_curve_t E;
mpi_ec_t ctx;
gcry_mpi_t g_x, g_y;
- gcry_mpi_t pkey[7];
+ gcry_mpi_t pkey[5];
gcry_sexp_t result;
int i;
@@ -1165,10 +1156,10 @@ _gcry_ecc_get_param_sexp (const char *name)
g_x = mpi_new (0);
g_y = mpi_new (0);
- ctx = _gcry_mpi_ec_p_internal_new (MPI_EC_WEIERSTRASS,
- ECC_DIALECT_STANDARD,
+ ctx = _gcry_mpi_ec_p_internal_new (E.model,
+ E.dialect,
0,
- E.p, E.a, NULL);
+ E.p, E.a, E.b);
if (_gcry_mpi_ec_get_affine (g_x, g_y, &E.G, ctx))
log_fatal ("ecc get param: Failed to get affine coordinates\n");
_gcry_mpi_ec_free (ctx);
@@ -1179,18 +1170,16 @@ _gcry_ecc_get_param_sexp (const char *name)
pkey[2] = E.b;
pkey[3] = _gcry_ecc_ec2os (g_x, g_y, E.p);
pkey[4] = E.n;
- pkey[5] = E.h;
- pkey[6] = NULL;
mpi_free (g_x);
mpi_free (g_y);
if (sexp_build (&result, NULL,
- "(public-key(ecc(p%m)(a%m)(b%m)(g%m)(n%m)(h%m)))",
- pkey[0], pkey[1], pkey[2], pkey[3], pkey[4], pkey[5]))
+ "(public-key(ecc(p%m)(a%m)(b%m)(g%m)(n%m)(h%u)))",
+ pkey[0], pkey[1], pkey[2], pkey[3], pkey[4], E.h))
result = NULL;
- for (i=0; pkey[i]; i++)
+ for (i=0; i < DIM (pkey); i++)
_gcry_mpi_release (pkey[i]);
return result;
@@ -1214,8 +1203,12 @@ _gcry_ecc_get_mpi (const char *name, mpi_ec_t ec, int copy)
return mpi_is_const (ec->b) && !copy? ec->b : mpi_copy (ec->b);
if (!strcmp (name, "n") && ec->n)
return mpi_is_const (ec->n) && !copy? ec->n : mpi_copy (ec->n);
- if (!strcmp (name, "h") && ec->h)
- return mpi_is_const (ec->h) && !copy? ec->h : mpi_copy (ec->h);
+ if (!strcmp (name, "h"))
+ {
+ gcry_mpi_t h = _gcry_mpi_get_const (ec->h);
+
+ return !copy? h : mpi_set (NULL, h);
+ }
if (!strcmp (name, "d") && ec->d)
return mpi_is_const (ec->d) && !copy? ec->d : mpi_copy (ec->d);
@@ -1316,8 +1309,7 @@ _gcry_ecc_set_mpi (const char *name, gcry_mpi_t newvalue, mpi_ec_t ec)
}
else if (!strcmp (name, "h"))
{
- mpi_free (ec->h);
- ec->h = mpi_copy (newvalue);
+ mpi_get_ui (&ec->h, newvalue);
}
else if (*name == 'q' && (!name[1] || name[1] == '@'))
{
View Lorry Controller Status