diff options
| author | NIIBE Yutaka <gniibe@fsij.org> | 2019-10-28 09:09:43 +0900 |
|---|---|---|
| committer | NIIBE Yutaka <gniibe@fsij.org> | 2019-10-28 09:09:43 +0900 |
| commit | d9c418305e1053decebefbd5a98a95f845404a09 (patch) | |
| tree | dc614585bda0119d49e0be385ec427041ba0d177 /cipher/ecc-curves.c | |
| parent | 498ab6d9f2f8b0775da41553be7868e59cf4cc2e (diff) | |
| download | libgcrypt-d9c418305e1053decebefbd5a98a95f845404a09.tar.gz | |
ecc: Add Curve for X448 with ECC_DIALECT_SAFECURVE.
* cipher/ecc-curves.c (domain_parms): Add X448.
* cipher/ecc-ecdh.c (_gcry_ecc_mul_point): Support X448.
* mpi/ec.c (ec_addm_448, ec_subm_448, ec_mulm_448): New.
(ec_mul2_448, ec_pow2_448): New.
(field_table): Add for X448.
(curve448_bad_points): New.
(bad_points_table): New.
(ec_p_init): Use bad_points_table.
* tests/Makefile.am (t-x448): Add.
* tests/curves.c (N_CURVES): Update.
* tests/t-x448.c: New.
--
Note that it uses new practice of ECC_DIALECT_SAFECURVE (that is:
native for the algorithm; fixed-size and little-endian) for its point
representation and secret representation. It uses new practice in
public key, secret key, and ephemeral key in ECDH.
In future, when it will be applied to EdDSA, it will use new practice
also in "s" (integer) in signature, as well as "r" (point) in
signature.
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
Diffstat (limited to 'cipher/ecc-curves.c')
| -rw-r--r-- | cipher/ecc-curves.c | 18 |
1 files changed, 17 insertions, 1 deletions
diff --git a/cipher/ecc-curves.c b/cipher/ecc-curves.c index b657eb9c..581ba4d6 100644 --- a/cipher/ecc-curves.c +++ b/cipher/ecc-curves.c @@ -54,9 +54,9 @@ static const struct { "Ed448", "1.3.101.113" }, /* rfc8410 */ { "X22519", "1.3.101.110" }, /* rfc8410 */ +#endif { "X448", "1.3.101.111" }, /* rfc8410 */ -#endif { "NIST P-192", "1.2.840.10045.3.1.1" }, /* X9.62 OID */ { "NIST P-192", "prime192v1" }, /* X9.62 name. */ @@ -162,6 +162,22 @@ static const ecc_domain_parms_t domain_parms[] = * the function _gcry_ecc_fill_in_curve. */ }, + { + /* (y^2 = x^3 + 156326*x^2 + x) */ + "X448", 448, 0, + MPI_EC_MONTGOMERY, ECC_DIALECT_SAFECURVE, + "0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE" + "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF", + "0x98A9", + "0x01", + "0x3FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" + "7CCA23E9C44EDB49AED63690216CC2728DC58F552378C292AB5844F3", + "0x00000000000000000000000000000000000000000000000000000000" + "00000000000000000000000000000000000000000000000000000005", + "0x7D235D1295F5B1F66C98AB6E58326FCECBAE5D34F55545D060F75DC2" + "8DF3F6EDB8027E2346430D211312C4B150677AF76FD7223D457B5B1A", + 4, + }, #if 0 /* No real specs yet found. */ { /* x^2 + y^2 = 1 + 3617x^2y^2 mod 2^414 - 17 */ |