ecc: Add Curve for X448 with ECC_DIALECT_SAFECURVE.

* cipher/ecc-curves.c (domain_parms): Add X448.
* cipher/ecc-ecdh.c (_gcry_ecc_mul_point): Support X448.
* mpi/ec.c (ec_addm_448, ec_subm_448, ec_mulm_448): New.
(ec_mul2_448, ec_pow2_448): New.
(field_table): Add for X448.
(curve448_bad_points): New.
(bad_points_table): New.
(ec_p_init): Use bad_points_table.
* tests/Makefile.am (t-x448): Add.
* tests/curves.c (N_CURVES): Update.
* tests/t-x448.c: New.

--

Note that it uses new practice of ECC_DIALECT_SAFECURVE (that is:
native for the algorithm; fixed-size and little-endian) for its point
representation and secret representation.  It uses new practice in
public key, secret key, and ephemeral key in ECDH.

In future, when it will be applied to EdDSA, it will use new practice
also in "s" (integer) in signature, as well as "r" (point) in
signature.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>

1 files changed, 5 insertions, 5 deletions

diff --git a/cipher/ecc-ecdh.c b/cipher/ecc-ecdh.c
index 0b2d6c02..615b108d 100644
--- a/cipher/ecc-ecdh.c
+++ b/cipher/ecc-ecdh.c
@@ -37,7 +37,10 @@
 static gpg_err_code_t
 prepare_ec (mpi_ec_t *r_ec, const char *name)
 {
-  int flags = PUBKEY_FLAG_DJB_TWEAK;
+  int flags = 0;
+
+  if (!strcmp (name, "Curve25519"))
+    flags = PUBKEY_FLAG_DJB_TWEAK;
 
   return _gcry_mpi_ec_internal_new (r_ec, &flags, "ecc_mul_point", NULL, name);
 }
@@ -73,10 +76,7 @@ _gcry_ecc_mul_point (int algo, unsigned char *result,
   if (algo == GCRY_ECC_CURVE25519)
     curve = "Curve25519";
   else if (algo == GCRY_ECC_CURVE448)
-    {
-      curve = "X448";
-      return gpg_error (GPG_ERR_UNSUPPORTED_ALGORITHM);
-    }
+    curve = "X448";
   else
     return gpg_error (GPG_ERR_UNKNOWN_ALGORITHM);