ECC curves y^2 = x^3 + ax + b
This commit is contained in:
parent
ea32b2b194
commit
24c0eb84f9
@ -20,7 +20,7 @@ before_script:
|
||||
- curl http://ftp.de.debian.org/debian/pool/main/l/lcov/lcov_1.11.orig.tar.gz | tar xz
|
||||
- export PATH=$PATH:`pwd`/lcov-1.11/bin
|
||||
- curl -s https://packagecloud.io/install/repositories/libtom/packages/script.deb.sh | sudo bash
|
||||
- sudo apt-get install libtfm-dev=0.13-5
|
||||
- sudo apt-get install libtfm-dev=0.13-5 libtommath-dev=1.0-5
|
||||
|
||||
matrix:
|
||||
fast_finish: true
|
||||
|
@ -947,28 +947,28 @@ static void time_ecc(void)
|
||||
unsigned long i, w, x, y, z;
|
||||
int err, stat;
|
||||
static unsigned long sizes[] = {
|
||||
#ifdef LTC_ECC112
|
||||
#ifdef LTC_ECC_SECP112R1
|
||||
112/8,
|
||||
#endif
|
||||
#ifdef LTC_ECC128
|
||||
#ifdef LTC_ECC_SECP128R1
|
||||
128/8,
|
||||
#endif
|
||||
#ifdef LTC_ECC160
|
||||
#ifdef LTC_ECC_SECP160R1
|
||||
160/8,
|
||||
#endif
|
||||
#ifdef LTC_ECC192
|
||||
#ifdef LTC_ECC_SECP192R1
|
||||
192/8,
|
||||
#endif
|
||||
#ifdef LTC_ECC224
|
||||
#ifdef LTC_ECC_SECP224R1
|
||||
224/8,
|
||||
#endif
|
||||
#ifdef LTC_ECC256
|
||||
#ifdef LTC_ECC_SECP256R1
|
||||
256/8,
|
||||
#endif
|
||||
#ifdef LTC_ECC384
|
||||
#ifdef LTC_ECC_SECP384R1
|
||||
384/8,
|
||||
#endif
|
||||
#ifdef LTC_ECC521
|
||||
#ifdef LTC_ECC_SECP512R1
|
||||
521/8,
|
||||
#endif
|
||||
100000};
|
||||
|
@ -663,7 +663,7 @@ void ecc_gen(void)
|
||||
{
|
||||
FILE *out;
|
||||
unsigned char str[512];
|
||||
void *k, *order, *modulus;
|
||||
void *k, *order, *modulus, *a;
|
||||
ecc_point *G, *R;
|
||||
int x;
|
||||
|
||||
@ -674,26 +674,28 @@ void ecc_gen(void)
|
||||
mp_init(&k);
|
||||
mp_init(&order);
|
||||
mp_init(&modulus);
|
||||
mp_init(&a);
|
||||
|
||||
for (x = 0; ltc_ecc_sets[x].size != 0; x++) {
|
||||
fprintf(out, "ECC-%d\n", ltc_ecc_sets[x].size*8);
|
||||
for (x = 0; ltc_ecc_curves[x].prime != NULL; x++) {
|
||||
fprintf(out, "%s\n", ltc_ecc_curves[x].OID);
|
||||
mp_set(k, 1);
|
||||
|
||||
mp_read_radix(order, (char *)ltc_ecc_sets[x].order, 16);
|
||||
mp_read_radix(modulus, (char *)ltc_ecc_sets[x].prime, 16);
|
||||
mp_read_radix(G->x, (char *)ltc_ecc_sets[x].Gx, 16);
|
||||
mp_read_radix(G->y, (char *)ltc_ecc_sets[x].Gy, 16);
|
||||
mp_read_radix(order, (char *)ltc_ecc_curves[x].order, 16);
|
||||
mp_read_radix(modulus, (char *)ltc_ecc_curves[x].prime, 16);
|
||||
mp_read_radix(a, (char *)ltc_ecc_curves[x].A, 16);
|
||||
mp_read_radix(G->x, (char *)ltc_ecc_curves[x].Gx, 16);
|
||||
mp_read_radix(G->y, (char *)ltc_ecc_curves[x].Gy, 16);
|
||||
mp_set(G->z, 1);
|
||||
|
||||
while (mp_cmp(k, order) == LTC_MP_LT) {
|
||||
ltc_mp.ecc_ptmul(k, G, R, modulus, 1);
|
||||
ltc_mp.ecc_ptmul(k, G, R, a, modulus, 1);
|
||||
mp_tohex(k, (char*)str); fprintf(out, "%s, ", (char*)str);
|
||||
mp_tohex(R->x, (char*)str); fprintf(out, "%s, ", (char*)str);
|
||||
mp_tohex(R->y, (char*)str); fprintf(out, "%s\n", (char*)str);
|
||||
mp_mul_d(k, 3, k);
|
||||
}
|
||||
}
|
||||
mp_clear_multi(k, order, modulus, NULL);
|
||||
mp_clear_multi(k, order, modulus, a, NULL);
|
||||
ltc_ecc_del_point(G);
|
||||
ltc_ecc_del_point(R);
|
||||
fclose(out);
|
||||
|
4103
notes/ecc_tv.txt
4103
notes/ecc_tv.txt
File diff suppressed because it is too large
Load Diff
@ -503,14 +503,40 @@
|
||||
#ifdef LTC_MECC
|
||||
/* Supported ECC Key Sizes */
|
||||
#ifndef LTC_NO_CURVES
|
||||
#define LTC_ECC112
|
||||
#define LTC_ECC128
|
||||
#define LTC_ECC160
|
||||
#define LTC_ECC192
|
||||
#define LTC_ECC224
|
||||
#define LTC_ECC256
|
||||
#define LTC_ECC384
|
||||
#define LTC_ECC521
|
||||
#define LTC_ECC_BRAINPOOLP160R1
|
||||
#define LTC_ECC_BRAINPOOLP160T1
|
||||
#define LTC_ECC_BRAINPOOLP192R1
|
||||
#define LTC_ECC_BRAINPOOLP192T1
|
||||
#define LTC_ECC_BRAINPOOLP224R1
|
||||
#define LTC_ECC_BRAINPOOLP224T1
|
||||
#define LTC_ECC_BRAINPOOLP256R1
|
||||
#define LTC_ECC_BRAINPOOLP256T1
|
||||
#define LTC_ECC_BRAINPOOLP320R1
|
||||
#define LTC_ECC_BRAINPOOLP320T1
|
||||
#define LTC_ECC_BRAINPOOLP384R1
|
||||
#define LTC_ECC_BRAINPOOLP384T1
|
||||
#define LTC_ECC_BRAINPOOLP512R1
|
||||
#define LTC_ECC_BRAINPOOLP512T1
|
||||
#define LTC_ECC_PRIME192V2
|
||||
#define LTC_ECC_PRIME192V3
|
||||
#define LTC_ECC_PRIME239V1
|
||||
#define LTC_ECC_PRIME239V2
|
||||
#define LTC_ECC_PRIME239V3
|
||||
#define LTC_ECC_SECP112R1
|
||||
#define LTC_ECC_SECP112R2
|
||||
#define LTC_ECC_SECP128R1
|
||||
#define LTC_ECC_SECP128R2
|
||||
#define LTC_ECC_SECP160K1
|
||||
#define LTC_ECC_SECP160R1
|
||||
#define LTC_ECC_SECP160R2
|
||||
#define LTC_ECC_SECP192K1
|
||||
#define LTC_ECC_SECP192R1
|
||||
#define LTC_ECC_SECP224K1
|
||||
#define LTC_ECC_SECP224R1
|
||||
#define LTC_ECC_SECP256K1
|
||||
#define LTC_ECC_SECP256R1
|
||||
#define LTC_ECC_SECP384R1
|
||||
#define LTC_ECC_SECP521R1
|
||||
#endif
|
||||
#endif
|
||||
|
||||
@ -627,6 +653,40 @@
|
||||
#endif
|
||||
#endif
|
||||
|
||||
/* ECC backwards compatibility */
|
||||
#if !defined(LTC_ECC_SECP112R1) && defined(LTC_ECC112)
|
||||
#define LTC_ECC_SECP112R1
|
||||
#undef LTC_ECC112
|
||||
#endif
|
||||
#if !defined(LTC_ECC_SECP128R1) && defined(LTC_ECC128)
|
||||
#define LTC_ECC_SECP128R1
|
||||
#undef LTC_ECC128
|
||||
#endif
|
||||
#if !defined(LTC_ECC_SECP160R1) && defined(LTC_ECC160)
|
||||
#define LTC_ECC_SECP160R1
|
||||
#undef LTC_ECC160
|
||||
#endif
|
||||
#if !defined(LTC_ECC_SECP192R1) && defined(LTC_ECC192)
|
||||
#define LTC_ECC_SECP192R1
|
||||
#undef LTC_ECC192
|
||||
#endif
|
||||
#if !defined(LTC_ECC_SECP224R1) && defined(LTC_ECC224)
|
||||
#define LTC_ECC_SECP224R1
|
||||
#undef LTC_ECC224
|
||||
#endif
|
||||
#if !defined(LTC_ECC_SECP256R1) && defined(LTC_ECC256)
|
||||
#define LTC_ECC_SECP256R1
|
||||
#undef LTC_ECC256
|
||||
#endif
|
||||
#if !defined(LTC_ECC_SECP384R1) && defined(LTC_ECC384)
|
||||
#define LTC_ECC_SECP384R1
|
||||
#undef LTC_ECC384
|
||||
#endif
|
||||
#if !defined(LTC_ECC_SECP512R1) && defined(LTC_ECC521)
|
||||
#define LTC_ECC_SECP521R1
|
||||
#undef LTC_ECC521
|
||||
#endif
|
||||
|
||||
/* ref: $Format:%D$ */
|
||||
/* git commit: $Format:%H$ */
|
||||
/* commit time: $Format:%ai$ */
|
||||
|
@ -246,6 +246,14 @@ typedef struct {
|
||||
*/
|
||||
int (*sqr)(void *a, void *b);
|
||||
|
||||
/** Square root (mod prime)
|
||||
@param a The integer to compute square root mod prime from
|
||||
@param b The prime
|
||||
@param c The destination
|
||||
@return CRYPT_OK on success
|
||||
*/
|
||||
int (*sqrtmod_prime)(void *a, void *b, void *c);
|
||||
|
||||
/** Divide an integer
|
||||
@param a The dividend
|
||||
@param b The divisor
|
||||
@ -366,14 +374,16 @@ typedef struct {
|
||||
@param k The integer to multiply the point by
|
||||
@param G The point to multiply
|
||||
@param R The destination for kG
|
||||
@param a ECC curve parameter a
|
||||
@param modulus The modulus for the field
|
||||
@param map Boolean indicated whether to map back to affine or not
|
||||
(can be ignored if you work in affine only)
|
||||
@return CRYPT_OK on success
|
||||
*/
|
||||
int (*ecc_ptmul)( void *k,
|
||||
ecc_point *G,
|
||||
const ecc_point *G,
|
||||
ecc_point *R,
|
||||
void *a,
|
||||
void *modulus,
|
||||
int map);
|
||||
|
||||
@ -381,25 +391,29 @@ typedef struct {
|
||||
@param P The first point
|
||||
@param Q The second point
|
||||
@param R The destination of P + Q
|
||||
@param ma The curve parameter "a" in montgomery form
|
||||
@param modulus The modulus
|
||||
@param mp The "b" value from montgomery_setup()
|
||||
@return CRYPT_OK on success
|
||||
*/
|
||||
int (*ecc_ptadd)(ecc_point *P,
|
||||
ecc_point *Q,
|
||||
int (*ecc_ptadd)(const ecc_point *P,
|
||||
const ecc_point *Q,
|
||||
ecc_point *R,
|
||||
void *ma,
|
||||
void *modulus,
|
||||
void *mp);
|
||||
|
||||
/** ECC GF(p) point double
|
||||
@param P The first point
|
||||
@param R The destination of 2P
|
||||
@param ma The curve parameter "a" in montgomery form
|
||||
@param modulus The modulus
|
||||
@param mp The "b" value from montgomery_setup()
|
||||
@return CRYPT_OK on success
|
||||
*/
|
||||
int (*ecc_ptdbl)(ecc_point *P,
|
||||
int (*ecc_ptdbl)(const ecc_point *P,
|
||||
ecc_point *R,
|
||||
void *ma,
|
||||
void *modulus,
|
||||
void *mp);
|
||||
|
||||
@ -421,12 +435,14 @@ typedef struct {
|
||||
@param B Second point to multiply
|
||||
@param kB What to multiple B by
|
||||
@param C [out] Destination point (can overlap with A or B)
|
||||
@param ma The curve parameter "a" in montgomery form
|
||||
@param modulus Modulus for curve
|
||||
@return CRYPT_OK on success
|
||||
*/
|
||||
int (*ecc_mul2add)(ecc_point *A, void *kA,
|
||||
ecc_point *B, void *kB,
|
||||
int (*ecc_mul2add)(const ecc_point *A, void *kA,
|
||||
const ecc_point *B, void *kB,
|
||||
ecc_point *C,
|
||||
void *ma,
|
||||
void *modulus);
|
||||
|
||||
/* ---- (optional) rsa optimized math (for internal CRT) ---- */
|
||||
@ -547,6 +563,7 @@ extern const ltc_math_descriptor gmp_desc;
|
||||
#define mp_mul(a, b, c) ltc_mp.mul(a, b, c)
|
||||
#define mp_mul_d(a, b, c) ltc_mp.muli(a, b, c)
|
||||
#define mp_sqr(a, b) ltc_mp.sqr(a, b)
|
||||
#define mp_sqrtmod_prime(a, b, c) ltc_mp.sqrtmod_prime(a, b, c)
|
||||
#define mp_div(a, b, c, d) ltc_mp.mpdiv(a, b, c, d)
|
||||
#define mp_div_2(a, b) ltc_mp.div_2(a, b)
|
||||
#define mp_mod(a, b, c) ltc_mp.mpdiv(a, b, NULL, c)
|
||||
|
@ -17,6 +17,10 @@ enum public_key_type {
|
||||
|
||||
/* Indicates standard output formats that can be read e.g. by OpenSSL or GnuTLS */
|
||||
PK_STD = 0x1000,
|
||||
/* Indicates compressed public ECC key */
|
||||
PK_COMPRESSED = 0x2000,
|
||||
/* Indicates ECC key with the curve specified by OID */
|
||||
PK_CURVEOID = 0x4000
|
||||
};
|
||||
|
||||
int rand_prime(void *N, long len, prng_state *prng, int wprng);
|
||||
@ -38,6 +42,8 @@ typedef struct Oid {
|
||||
} oid_st;
|
||||
|
||||
int pk_get_oid(int pk, oid_st *st);
|
||||
int pk_oid_str_to_num(const char *OID, unsigned long *oid, unsigned long *oidlen);
|
||||
int pk_oid_num_to_str(const unsigned long *oid, unsigned long oidlen, char *OID, unsigned long *outlen);
|
||||
#endif /* LTC_SOURCE */
|
||||
|
||||
/* ---- RSA ---- */
|
||||
@ -252,17 +258,14 @@ int dh_check_pubkey(const dh_key *key);
|
||||
/* max private key size */
|
||||
#define ECC_MAXSIZE 66
|
||||
|
||||
/** Structure defines a NIST GF(p) curve */
|
||||
/** Structure defines a GF(p) curve */
|
||||
typedef struct {
|
||||
/** The size of the curve in octets */
|
||||
int size;
|
||||
|
||||
/** name of curve */
|
||||
const char *name;
|
||||
|
||||
/** The prime that defines the field the curve is in (encoded in hex) */
|
||||
const char *prime;
|
||||
|
||||
/** The fields A param (hex) */
|
||||
const char *A;
|
||||
|
||||
/** The fields B param (hex) */
|
||||
const char *B;
|
||||
|
||||
@ -274,7 +277,13 @@ typedef struct {
|
||||
|
||||
/** The y co-ordinate of the base point on the curve (hex) */
|
||||
const char *Gy;
|
||||
} ltc_ecc_set_type;
|
||||
|
||||
/** The co-factor */
|
||||
unsigned long cofactor;
|
||||
|
||||
/** The OID */
|
||||
const char *OID;
|
||||
} ltc_ecc_curve;
|
||||
|
||||
/** A point on a ECC curve, stored in Jacbobian format such that (x,y,z) => (x/z^2, y/z^3, 1) when interpretted as affine */
|
||||
typedef struct {
|
||||
@ -288,18 +297,36 @@ typedef struct {
|
||||
void *z;
|
||||
} ecc_point;
|
||||
|
||||
/** ECC key's domain parameters */
|
||||
typedef struct {
|
||||
/** The size of the curve in octets */
|
||||
int size;
|
||||
/** The prime that defines the field the curve is in */
|
||||
void *prime;
|
||||
/** The fields A param */
|
||||
void *A;
|
||||
/** The fields B param */
|
||||
void *B;
|
||||
/** The order of the curve */
|
||||
void *order;
|
||||
/** The base point G on the curve */
|
||||
ecc_point base;
|
||||
/** The co-factor */
|
||||
unsigned long cofactor;
|
||||
/** The OID */
|
||||
unsigned long oid[16];
|
||||
unsigned long oidlen;
|
||||
} ltc_ecc_dp;
|
||||
|
||||
/** An ECC key */
|
||||
typedef struct {
|
||||
/** Type of key, PK_PRIVATE or PK_PUBLIC */
|
||||
int type;
|
||||
|
||||
/** Index into the ltc_ecc_sets[] for the parameters of this curve; if -1, then this key is using user supplied curve in dp */
|
||||
int idx;
|
||||
/** Structure with domain parameters */
|
||||
ltc_ecc_dp dp;
|
||||
|
||||
/** pointer to domain parameters; either points to NIST curves (identified by idx >= 0) or user supplied curve */
|
||||
const ltc_ecc_set_type *dp;
|
||||
|
||||
/** The public key */
|
||||
/** Structure with the public key */
|
||||
ecc_point pubkey;
|
||||
|
||||
/** The private key */
|
||||
@ -307,69 +334,90 @@ typedef struct {
|
||||
} ecc_key;
|
||||
|
||||
/** the ECC params provided */
|
||||
extern const ltc_ecc_set_type ltc_ecc_sets[];
|
||||
extern const ltc_ecc_curve ltc_ecc_curves[];
|
||||
|
||||
int ecc_test(void);
|
||||
void ecc_sizes(int *low, int *high);
|
||||
int ecc_get_size(ecc_key *key);
|
||||
int ecc_get_size(const ecc_key *key);
|
||||
|
||||
int ecc_get_curve(const char* name_or_oid, const ltc_ecc_curve** cu);
|
||||
int ecc_set_dp(const ltc_ecc_curve *cu, ecc_key *key);
|
||||
int ecc_generate_key(prng_state *prng, int wprng, ecc_key *key);
|
||||
int ecc_set_key(const unsigned char *in, unsigned long inlen, int type, ecc_key *key);
|
||||
int ecc_get_key(unsigned char *out, unsigned long *outlen, int type, const ecc_key *key);
|
||||
int ecc_get_oid_str(char *out, unsigned long *outlen, const ecc_key *key);
|
||||
|
||||
int ecc_make_key(prng_state *prng, int wprng, int keysize, ecc_key *key);
|
||||
int ecc_make_key_ex(prng_state *prng, int wprng, ecc_key *key, const ltc_ecc_set_type *dp);
|
||||
int ecc_make_key_ex(prng_state *prng, int wprng, ecc_key *key, const ltc_ecc_curve *cu);
|
||||
void ecc_free(ecc_key *key);
|
||||
|
||||
int ecc_export(unsigned char *out, unsigned long *outlen, int type, ecc_key *key);
|
||||
int ecc_export(unsigned char *out, unsigned long *outlen, int type, const ecc_key *key);
|
||||
int ecc_import(const unsigned char *in, unsigned long inlen, ecc_key *key);
|
||||
int ecc_import_ex(const unsigned char *in, unsigned long inlen, ecc_key *key, const ltc_ecc_set_type *dp);
|
||||
int ecc_import_ex(const unsigned char *in, unsigned long inlen, ecc_key *key, const ltc_ecc_curve *cu);
|
||||
|
||||
int ecc_ansi_x963_export(ecc_key *key, unsigned char *out, unsigned long *outlen);
|
||||
int ecc_ansi_x963_export(const ecc_key *key, unsigned char *out, unsigned long *outlen);
|
||||
int ecc_ansi_x963_import(const unsigned char *in, unsigned long inlen, ecc_key *key);
|
||||
int ecc_ansi_x963_import_ex(const unsigned char *in, unsigned long inlen, ecc_key *key, ltc_ecc_set_type *dp);
|
||||
int ecc_ansi_x963_import_ex(const unsigned char *in, unsigned long inlen, ecc_key *key, const ltc_ecc_curve *cu);
|
||||
|
||||
int ecc_shared_secret(ecc_key *private_key, ecc_key *public_key,
|
||||
int ecc_shared_secret(const ecc_key *private_key, const ecc_key *public_key,
|
||||
unsigned char *out, unsigned long *outlen);
|
||||
|
||||
int ecc_encrypt_key(const unsigned char *in, unsigned long inlen,
|
||||
unsigned char *out, unsigned long *outlen,
|
||||
prng_state *prng, int wprng, int hash,
|
||||
ecc_key *key);
|
||||
const ecc_key *key);
|
||||
|
||||
int ecc_decrypt_key(const unsigned char *in, unsigned long inlen,
|
||||
unsigned char *out, unsigned long *outlen,
|
||||
ecc_key *key);
|
||||
const ecc_key *key);
|
||||
|
||||
int ecc_sign_hash_rfc7518(const unsigned char *in, unsigned long inlen,
|
||||
unsigned char *out, unsigned long *outlen,
|
||||
prng_state *prng, int wprng, ecc_key *key);
|
||||
prng_state *prng, int wprng, const ecc_key *key);
|
||||
|
||||
int ecc_sign_hash(const unsigned char *in, unsigned long inlen,
|
||||
unsigned char *out, unsigned long *outlen,
|
||||
prng_state *prng, int wprng, ecc_key *key);
|
||||
prng_state *prng, int wprng, const ecc_key *key);
|
||||
|
||||
int ecc_verify_hash_rfc7518(const unsigned char *sig, unsigned long siglen,
|
||||
const unsigned char *hash, unsigned long hashlen,
|
||||
int *stat, ecc_key *key);
|
||||
int *stat, const ecc_key *key);
|
||||
|
||||
int ecc_verify_hash(const unsigned char *sig, unsigned long siglen,
|
||||
const unsigned char *hash, unsigned long hashlen,
|
||||
int *stat, ecc_key *key);
|
||||
int *stat, const ecc_key *key);
|
||||
|
||||
|
||||
#ifdef LTC_SOURCE
|
||||
/* INTERNAL ONLY - it should be later moved to src/headers/tomcrypt_internal.h */
|
||||
|
||||
int ecc_set_dp_from_mpis(void *a, void *b, void *prime, void *order, void *gx, void *gy, unsigned long cofactor, ecc_key *key);
|
||||
int ecc_copy_dp(const ecc_key *srckey, ecc_key *key);
|
||||
int ecc_set_dp_by_size(int size, ecc_key *key);
|
||||
|
||||
/* low level functions */
|
||||
ecc_point *ltc_ecc_new_point(void);
|
||||
void ltc_ecc_del_point(ecc_point *p);
|
||||
int ltc_ecc_is_valid_idx(int n);
|
||||
int ltc_ecc_set_point_xyz(ltc_mp_digit x, ltc_mp_digit y, ltc_mp_digit z, ecc_point *p);
|
||||
int ltc_ecc_copy_point(const ecc_point *src, ecc_point *dst);
|
||||
int ltc_ecc_is_point(const ltc_ecc_dp *dp, void *x, void *y);
|
||||
int ltc_ecc_is_point_at_infinity(const ecc_point *P, void *modulus, int *retval);
|
||||
int ltc_ecc_import_point(const unsigned char *in, unsigned long inlen, void *prime, void *a, void *b, void *x, void *y);
|
||||
int ltc_ecc_export_point(unsigned char *out, unsigned long *outlen, void *x, void *y, unsigned long size, int compressed);
|
||||
int ltc_ecc_verify_key(const ecc_key *key);
|
||||
|
||||
/* point ops (mp == montgomery digit) */
|
||||
#if !defined(LTC_MECC_ACCEL) || defined(LTM_DESC) || defined(GMP_DESC)
|
||||
/* R = 2P */
|
||||
int ltc_ecc_projective_dbl_point(ecc_point *P, ecc_point *R, void *modulus, void *mp);
|
||||
int ltc_ecc_projective_dbl_point(const ecc_point *P, ecc_point *R, void *ma, void *modulus, void *mp);
|
||||
|
||||
/* R = P + Q */
|
||||
int ltc_ecc_projective_add_point(ecc_point *P, ecc_point *Q, ecc_point *R, void *modulus, void *mp);
|
||||
int ltc_ecc_projective_add_point(const ecc_point *P, const ecc_point *Q, ecc_point *R, void *ma, void *modulus, void *mp);
|
||||
#endif
|
||||
|
||||
#if defined(LTC_MECC_FP)
|
||||
/* optimized point multiplication using fixed point cache (HAC algorithm 14.117) */
|
||||
int ltc_ecc_fp_mulmod(void *k, ecc_point *G, ecc_point *R, void *modulus, int map);
|
||||
int ltc_ecc_fp_mulmod(void *k, ecc_point *G, ecc_point *R, void *a, void *modulus, int map);
|
||||
|
||||
/* functions for saving/loading/freeing/adding to fixed point cache */
|
||||
int ltc_ecc_fp_save_state(unsigned char **out, unsigned long *outlen);
|
||||
@ -382,20 +430,23 @@ void ltc_ecc_fp_tablelock(int lock);
|
||||
#endif
|
||||
|
||||
/* R = kG */
|
||||
int ltc_ecc_mulmod(void *k, ecc_point *G, ecc_point *R, void *modulus, int map);
|
||||
int ltc_ecc_mulmod(void *k, const ecc_point *G, ecc_point *R, void *a, void *modulus, int map);
|
||||
|
||||
#ifdef LTC_ECC_SHAMIR
|
||||
/* kA*A + kB*B = C */
|
||||
int ltc_ecc_mul2add(ecc_point *A, void *kA,
|
||||
ecc_point *B, void *kB,
|
||||
int ltc_ecc_mul2add(const ecc_point *A, void *kA,
|
||||
const ecc_point *B, void *kB,
|
||||
ecc_point *C,
|
||||
void *ma,
|
||||
void *modulus);
|
||||
|
||||
#ifdef LTC_MECC_FP
|
||||
/* Shamir's trick with optimized point multiplication using fixed point cache */
|
||||
int ltc_ecc_fp_mul2add(ecc_point *A, void *kA,
|
||||
ecc_point *B, void *kB,
|
||||
ecc_point *C, void *modulus);
|
||||
int ltc_ecc_fp_mul2add(const ecc_point *A, void *kA,
|
||||
const ecc_point *B, void *kB,
|
||||
ecc_point *C,
|
||||
void *ma,
|
||||
void *modulus);
|
||||
#endif
|
||||
|
||||
#endif
|
||||
@ -404,6 +455,8 @@ int ltc_ecc_fp_mul2add(ecc_point *A, void *kA,
|
||||
/* map P to affine from projective */
|
||||
int ltc_ecc_map(ecc_point *P, void *modulus, void *mp);
|
||||
|
||||
#endif /* LTC_SOURCE */
|
||||
|
||||
#endif
|
||||
|
||||
#ifdef LTC_MDSA
|
||||
|
@ -668,7 +668,7 @@ static int _add_entry(int idx, ecc_point *g)
|
||||
* The algorithm builds patterns in increasing bit order by first making all
|
||||
* single bit input patterns, then all two bit input patterns and so on
|
||||
*/
|
||||
static int _build_lut(int idx, void *modulus, void *mp, void *mu)
|
||||
static int _build_lut(int idx, void *a, void *modulus, void *mp, void *mu)
|
||||
{
|
||||
unsigned x, y, err, bitlen, lut_gap;
|
||||
void *tmp;
|
||||
@ -707,7 +707,7 @@ static int _build_lut(int idx, void *modulus, void *mp, void *mu)
|
||||
|
||||
/* now double it bitlen/FP_LUT times */
|
||||
for (y = 0; y < lut_gap; y++) {
|
||||
if ((err = ltc_mp.ecc_ptdbl(fp_cache[idx].LUT[1<<x], fp_cache[idx].LUT[1<<x], modulus, mp)) != CRYPT_OK) {
|
||||
if ((err = ltc_mp.ecc_ptdbl(fp_cache[idx].LUT[1<<x], fp_cache[idx].LUT[1<<x], a, modulus, mp)) != CRYPT_OK) {
|
||||
goto ERR;
|
||||
}
|
||||
}
|
||||
@ -720,7 +720,7 @@ static int _build_lut(int idx, void *modulus, void *mp, void *mu)
|
||||
|
||||
/* perform the add */
|
||||
if ((err = ltc_mp.ecc_ptadd(fp_cache[idx].LUT[lut_orders[y].terma], fp_cache[idx].LUT[lut_orders[y].termb],
|
||||
fp_cache[idx].LUT[y], modulus, mp)) != CRYPT_OK) {
|
||||
fp_cache[idx].LUT[y], a, modulus, mp)) != CRYPT_OK) {
|
||||
goto ERR;
|
||||
}
|
||||
}
|
||||
@ -775,7 +775,7 @@ DONE:
|
||||
}
|
||||
|
||||
/* perform a fixed point ECC mulmod */
|
||||
static int _accel_fp_mul(int idx, void *k, ecc_point *R, void *modulus, void *mp, int map)
|
||||
static int _accel_fp_mul(int idx, void *k, ecc_point *R, void *a, void *modulus, void *mp, int map)
|
||||
{
|
||||
unsigned char kb[128];
|
||||
int x;
|
||||
@ -868,14 +868,14 @@ static int _accel_fp_mul(int idx, void *k, ecc_point *R, void *modulus, void *mp
|
||||
|
||||
/* double if not first */
|
||||
if (!first) {
|
||||
if ((err = ltc_mp.ecc_ptdbl(R, R, modulus, mp)) != CRYPT_OK) {
|
||||
if ((err = ltc_mp.ecc_ptdbl(R, R, a, modulus, mp)) != CRYPT_OK) {
|
||||
return err;
|
||||
}
|
||||
}
|
||||
|
||||
/* add if not first, otherwise copy */
|
||||
if (!first && z) {
|
||||
if ((err = ltc_mp.ecc_ptadd(R, fp_cache[idx].LUT[z], R, modulus, mp)) != CRYPT_OK) {
|
||||
if ((err = ltc_mp.ecc_ptadd(R, fp_cache[idx].LUT[z], R, a, modulus, mp)) != CRYPT_OK) {
|
||||
return err;
|
||||
}
|
||||
} else if (z) {
|
||||
@ -900,7 +900,7 @@ static int _accel_fp_mul(int idx, void *k, ecc_point *R, void *modulus, void *mp
|
||||
/* perform a fixed point ECC mulmod */
|
||||
static int _accel_fp_mul2add(int idx1, int idx2,
|
||||
void *kA, void *kB,
|
||||
ecc_point *R, void *modulus, void *mp)
|
||||
ecc_point *R, void *a, void *modulus, void *mp)
|
||||
{
|
||||
unsigned char kb[2][128];
|
||||
int x;
|
||||
@ -1056,7 +1056,7 @@ static int _accel_fp_mul2add(int idx1, int idx2,
|
||||
|
||||
/* double if not first */
|
||||
if (!first) {
|
||||
if ((err = ltc_mp.ecc_ptdbl(R, R, modulus, mp)) != CRYPT_OK) {
|
||||
if ((err = ltc_mp.ecc_ptdbl(R, R, a, modulus, mp)) != CRYPT_OK) {
|
||||
return err;
|
||||
}
|
||||
}
|
||||
@ -1064,12 +1064,12 @@ static int _accel_fp_mul2add(int idx1, int idx2,
|
||||
/* add if not first, otherwise copy */
|
||||
if (!first) {
|
||||
if (zA) {
|
||||
if ((err = ltc_mp.ecc_ptadd(R, fp_cache[idx1].LUT[zA], R, modulus, mp)) != CRYPT_OK) {
|
||||
if ((err = ltc_mp.ecc_ptadd(R, fp_cache[idx1].LUT[zA], R, a, modulus, mp)) != CRYPT_OK) {
|
||||
return err;
|
||||
}
|
||||
}
|
||||
if (zB) {
|
||||
if ((err = ltc_mp.ecc_ptadd(R, fp_cache[idx2].LUT[zB], R, modulus, mp)) != CRYPT_OK) {
|
||||
if ((err = ltc_mp.ecc_ptadd(R, fp_cache[idx2].LUT[zB], R, a, modulus, mp)) != CRYPT_OK) {
|
||||
return err;
|
||||
}
|
||||
}
|
||||
@ -1082,7 +1082,7 @@ static int _accel_fp_mul2add(int idx1, int idx2,
|
||||
}
|
||||
if (zB && first == 0) {
|
||||
if (zB) {
|
||||
if ((err = ltc_mp.ecc_ptadd(R, fp_cache[idx2].LUT[zB], R, modulus, mp)) != CRYPT_OK) {
|
||||
if ((err = ltc_mp.ecc_ptadd(R, fp_cache[idx2].LUT[zB], R, a, modulus, mp)) != CRYPT_OK) {
|
||||
return err;
|
||||
}
|
||||
}
|
||||
@ -1110,7 +1110,9 @@ static int _accel_fp_mul2add(int idx1, int idx2,
|
||||
*/
|
||||
int ltc_ecc_fp_mul2add(ecc_point *A, void *kA,
|
||||
ecc_point *B, void *kB,
|
||||
ecc_point *C, void *modulus)
|
||||
ecc_point *C,
|
||||
void *a,
|
||||
void *modulus)
|
||||
{
|
||||
int idx1, idx2, err;
|
||||
void *mp, *mu;
|
||||
@ -1166,7 +1168,7 @@ int ltc_ecc_fp_mul2add(ecc_point *A, void *kA,
|
||||
}
|
||||
|
||||
/* build the LUT */
|
||||
if ((err = _build_lut(idx1, modulus, mp, mu)) != CRYPT_OK) {
|
||||
if ((err = _build_lut(idx1, a, modulus, mp, mu)) != CRYPT_OK) {
|
||||
goto LBL_ERR;;
|
||||
}
|
||||
}
|
||||
@ -1187,7 +1189,7 @@ int ltc_ecc_fp_mul2add(ecc_point *A, void *kA,
|
||||
}
|
||||
|
||||
/* build the LUT */
|
||||
if ((err = _build_lut(idx2, modulus, mp, mu)) != CRYPT_OK) {
|
||||
if ((err = _build_lut(idx2, a, modulus, mp, mu)) != CRYPT_OK) {
|
||||
goto LBL_ERR;;
|
||||
}
|
||||
}
|
||||
@ -1198,9 +1200,9 @@ int ltc_ecc_fp_mul2add(ecc_point *A, void *kA,
|
||||
/* compute mp */
|
||||
if ((err = mp_montgomery_setup(modulus, &mp)) != CRYPT_OK) { goto LBL_ERR; }
|
||||
}
|
||||
err = _accel_fp_mul2add(idx1, idx2, kA, kB, C, modulus, mp);
|
||||
err = _accel_fp_mul2add(idx1, idx2, kA, kB, C, a, modulus, mp);
|
||||
} else {
|
||||
err = ltc_ecc_mul2add(A, kA, B, kB, C, modulus);
|
||||
err = ltc_ecc_mul2add(A, kA, B, kB, C, a, modulus);
|
||||
}
|
||||
LBL_ERR:
|
||||
LTC_MUTEX_UNLOCK(<c_ecc_fp_lock);
|
||||
@ -1218,11 +1220,12 @@ LBL_ERR:
|
||||
@param k The multiplicand
|
||||
@param G Base point to multiply
|
||||
@param R [out] Destination of product
|
||||
@param a ECC curve parameter a
|
||||
@param modulus The modulus for the curve
|
||||
@param map [boolean] If non-zero maps the point back to affine co-ordinates, otherwise it's left in jacobian-montgomery form
|
||||
@return CRYPT_OK if successful
|
||||
*/
|
||||
int ltc_ecc_fp_mulmod(void *k, ecc_point *G, ecc_point *R, void *modulus, int map)
|
||||
int ltc_ecc_fp_mulmod(void *k, ecc_point *G, ecc_point *R, void *a, void *modulus, int map)
|
||||
{
|
||||
int idx, err;
|
||||
void *mp, *mu;
|
||||
@ -1264,7 +1267,7 @@ int ltc_ecc_fp_mulmod(void *k, ecc_point *G, ecc_point *R, void *modulus, int ma
|
||||
}
|
||||
|
||||
/* build the LUT */
|
||||
if ((err = _build_lut(idx, modulus, mp, mu)) != CRYPT_OK) {
|
||||
if ((err = _build_lut(idx, a, modulus, mp, mu)) != CRYPT_OK) {
|
||||
goto LBL_ERR;;
|
||||
}
|
||||
}
|
||||
@ -1274,9 +1277,9 @@ int ltc_ecc_fp_mulmod(void *k, ecc_point *G, ecc_point *R, void *modulus, int ma
|
||||
/* compute mp */
|
||||
if ((err = mp_montgomery_setup(modulus, &mp)) != CRYPT_OK) { goto LBL_ERR; }
|
||||
}
|
||||
err = _accel_fp_mul(idx, k, R, modulus, mp, map);
|
||||
err = _accel_fp_mul(idx, k, R, a, modulus, mp, map);
|
||||
} else {
|
||||
err = ltc_ecc_mulmod(k, G, R, modulus, map);
|
||||
err = ltc_ecc_mulmod(k, G, R, a, modulus, map);
|
||||
}
|
||||
LBL_ERR:
|
||||
LTC_MUTEX_UNLOCK(<c_ecc_fp_lock);
|
||||
@ -1363,7 +1366,7 @@ ltc_ecc_fp_add_point(ecc_point *g, void *modulus, int lock)
|
||||
}
|
||||
|
||||
/* build the LUT */
|
||||
if ((err = _build_lut(idx, modulus, mp, mu)) != CRYPT_OK) {
|
||||
if ((err = _build_lut(idx, a, modulus, mp, mu)) != CRYPT_OK) {
|
||||
goto LBL_ERR;
|
||||
}
|
||||
fp_cache[idx].lru_count = 2;
|
||||
|
@ -286,6 +286,119 @@ static int sqr(void *a, void *b)
|
||||
return CRYPT_OK;
|
||||
}
|
||||
|
||||
/* sqrtmod_prime */
|
||||
static int sqrtmod_prime(void *n, void *prime, void *ret)
|
||||
{
|
||||
int res, legendre, i;
|
||||
mpz_t t1, C, Q, S, Z, M, T, R, two;
|
||||
|
||||
LTC_ARGCHK(n != NULL);
|
||||
LTC_ARGCHK(prime != NULL);
|
||||
LTC_ARGCHK(ret != NULL);
|
||||
|
||||
/* first handle the simple cases */
|
||||
if (mpz_cmp_ui(((__mpz_struct *)n), 0) == 0) {
|
||||
mpz_set_ui(ret, 0);
|
||||
return CRYPT_OK;
|
||||
}
|
||||
if (mpz_cmp_ui(((__mpz_struct *)prime), 2) == 0) return CRYPT_ERROR; /* prime must be odd */
|
||||
legendre = mpz_legendre(n, prime);
|
||||
if (legendre == -1) return CRYPT_ERROR; /* quadratic non-residue mod prime */
|
||||
|
||||
mpz_init(t1); mpz_init(C); mpz_init(Q);
|
||||
mpz_init(S); mpz_init(Z); mpz_init(M);
|
||||
mpz_init(T); mpz_init(R); mpz_init(two);
|
||||
|
||||
/* SPECIAL CASE: if prime mod 4 == 3
|
||||
* compute directly: res = n^(prime+1)/4 mod prime
|
||||
* Handbook of Applied Cryptography algorithm 3.36
|
||||
*/
|
||||
i = mpz_mod_ui(t1, prime, 4); /* t1 is ignored here */
|
||||
if (i == 3) {
|
||||
mpz_add_ui(t1, prime, 1);
|
||||
mpz_fdiv_q_2exp(t1, t1, 2);
|
||||
mpz_powm(ret, n, t1, prime);
|
||||
res = CRYPT_OK;
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
/* NOW: Tonelli-Shanks algorithm */
|
||||
|
||||
/* factor out powers of 2 from prime-1, defining Q and S as: prime-1 = Q*2^S */
|
||||
mpz_set(Q, prime);
|
||||
mpz_sub_ui(Q, Q, 1);
|
||||
/* Q = prime - 1 */
|
||||
mpz_set_ui(S, 0);
|
||||
/* S = 0 */
|
||||
while (mpz_even_p(Q)) {
|
||||
mpz_fdiv_q_2exp(Q, Q, 1);
|
||||
/* Q = Q / 2 */
|
||||
mpz_add_ui(S, S, 1);
|
||||
/* S = S + 1 */
|
||||
}
|
||||
|
||||
/* find a Z such that the Legendre symbol (Z|prime) == -1 */
|
||||
mpz_set_ui(Z, 2);
|
||||
/* Z = 2 */
|
||||
while(1) {
|
||||
legendre = mpz_legendre(Z, prime);
|
||||
if (legendre == -1) break;
|
||||
mpz_add_ui(Z, Z, 1);
|
||||
/* Z = Z + 1 */
|
||||
}
|
||||
|
||||
mpz_powm(C, Z, Q, prime);
|
||||
/* C = Z ^ Q mod prime */
|
||||
mpz_add_ui(t1, Q, 1);
|
||||
mpz_fdiv_q_2exp(t1, t1, 1);
|
||||
/* t1 = (Q + 1) / 2 */
|
||||
mpz_powm(R, n, t1, prime);
|
||||
/* R = n ^ ((Q + 1) / 2) mod prime */
|
||||
mpz_powm(T, n, Q, prime);
|
||||
/* T = n ^ Q mod prime */
|
||||
mpz_set(M, S);
|
||||
/* M = S */
|
||||
mpz_set_ui(two, 2);
|
||||
|
||||
while (1) {
|
||||
mpz_set(t1, T);
|
||||
i = 0;
|
||||
while (1) {
|
||||
if (mpz_cmp_ui(((__mpz_struct *)t1), 1) == 0) break;
|
||||
mpz_powm(t1, t1, two, prime);
|
||||
i++;
|
||||
}
|
||||
if (i == 0) {
|
||||
mpz_set(ret, R);
|
||||
res = CRYPT_OK;
|
||||
goto cleanup;
|
||||
}
|
||||
mpz_sub_ui(t1, M, i);
|
||||
mpz_sub_ui(t1, t1, 1);
|
||||
mpz_powm(t1, two, t1, prime);
|
||||
/* t1 = 2 ^ (M - i - 1) */
|
||||
mpz_powm(t1, C, t1, prime);
|
||||
/* t1 = C ^ (2 ^ (M - i - 1)) mod prime */
|
||||
mpz_mul(C, t1, t1);
|
||||
mpz_mod(C, C, prime);
|
||||
/* C = (t1 * t1) mod prime */
|
||||
mpz_mul(R, R, t1);
|
||||
mpz_mod(R, R, prime);
|
||||
/* R = (R * t1) mod prime */
|
||||
mpz_mul(T, T, C);
|
||||
mpz_mod(T, T, prime);
|
||||
/* T = (T * C) mod prime */
|
||||
mpz_set_ui(M, i);
|
||||
/* M = i */
|
||||
}
|
||||
|
||||
cleanup:
|
||||
mpz_clear(t1); mpz_clear(C); mpz_clear(Q);
|
||||
mpz_clear(S); mpz_clear(Z); mpz_clear(M);
|
||||
mpz_clear(T); mpz_clear(R); mpz_clear(two);
|
||||
return res;
|
||||
}
|
||||
|
||||
/* div */
|
||||
static int divide(void *a, void *b, void *c, void *d)
|
||||
{
|
||||
@ -493,6 +606,7 @@ const ltc_math_descriptor gmp_desc = {
|
||||
&mul,
|
||||
&muli,
|
||||
&sqr,
|
||||
&sqrtmod_prime,
|
||||
÷,
|
||||
&div_2,
|
||||
&modi,
|
||||
|
@ -257,6 +257,15 @@ static int sqr(void *a, void *b)
|
||||
return mpi_to_ltc_error(mp_sqr(a, b));
|
||||
}
|
||||
|
||||
/* sqrtmod_prime */
|
||||
static int sqrtmod_prime(void *a, void *b, void *c)
|
||||
{
|
||||
LTC_ARGCHK(a != NULL);
|
||||
LTC_ARGCHK(b != NULL);
|
||||
LTC_ARGCHK(c != NULL);
|
||||
return mpi_to_ltc_error(mp_sqrtmod_prime(a, b, c));
|
||||
}
|
||||
|
||||
/* div */
|
||||
static int divide(void *a, void *b, void *c, void *d)
|
||||
{
|
||||
@ -452,6 +461,7 @@ const ltc_math_descriptor ltm_desc = {
|
||||
&mul,
|
||||
&muli,
|
||||
&sqr,
|
||||
&sqrtmod_prime,
|
||||
÷,
|
||||
&div_2,
|
||||
&modi,
|
||||
|
@ -8,7 +8,7 @@
|
||||
*/
|
||||
#include "tomcrypt.h"
|
||||
|
||||
#ifdef LTC_MDSA
|
||||
#if defined(LTC_MDSA) || defined(LTC_MECC)
|
||||
/**
|
||||
Generate a random number N with given bitlength (note: MSB can be 0)
|
||||
*/
|
||||
|
@ -265,6 +265,8 @@ static int sqr(void *a, void *b)
|
||||
return CRYPT_OK;
|
||||
}
|
||||
|
||||
/* sqrtmod_prime - NOT SUPPORTED */
|
||||
|
||||
/* div */
|
||||
static int divide(void *a, void *b, void *c, void *d)
|
||||
{
|
||||
@ -424,10 +426,11 @@ static int isprime(void *a, int b, int *c)
|
||||
|
||||
#if defined(LTC_MECC) && defined(LTC_MECC_ACCEL)
|
||||
|
||||
static int tfm_ecc_projective_dbl_point(ecc_point *P, ecc_point *R, void *modulus, void *Mp)
|
||||
static int tfm_ecc_projective_dbl_point(const ecc_point *P, ecc_point *R, void *ma, void *modulus, void *Mp)
|
||||
{
|
||||
fp_int t1, t2;
|
||||
fp_digit mp;
|
||||
int err, inf;
|
||||
|
||||
LTC_ARGCHK(P != NULL);
|
||||
LTC_ARGCHK(R != NULL);
|
||||
@ -445,6 +448,15 @@ static int tfm_ecc_projective_dbl_point(ecc_point *P, ecc_point *R, void *modulu
|
||||
fp_copy(P->z, R->z);
|
||||
}
|
||||
|
||||
if ((err = ltc_ecc_is_point_at_infinity(P, modulus, &inf)) != CRYPT_OK) return err;
|
||||
if (inf) {
|
||||
/* if P is point at infinity >> Result = point at infinity */
|
||||
ltc_mp.set_int(R->x, 1);
|
||||
ltc_mp.set_int(R->y, 1);
|
||||
ltc_mp.set_int(R->z, 0);
|
||||
return CRYPT_OK;
|
||||
}
|
||||
|
||||
/* t1 = Z * Z */
|
||||
fp_sqr(R->z, &t1);
|
||||
fp_montgomery_reduce(&t1, modulus, mp);
|
||||
@ -457,9 +469,10 @@ static int tfm_ecc_projective_dbl_point(ecc_point *P, ecc_point *R, void *modulu
|
||||
fp_sub(R->z, modulus, R->z);
|
||||
}
|
||||
|
||||
/* &t2 = X - T1 */
|
||||
if (ma == NULL) { /* special case for curves with a == -3 (10% faster than general case) */
|
||||
/* T2 = X - T1 */
|
||||
fp_sub(R->x, &t1, &t2);
|
||||
if (fp_cmp_d(&t2, 0) == FP_LT) {
|
||||
if (fp_cmp_d(&t2, 0) == LTC_MP_LT) {
|
||||
fp_add(&t2, modulus, &t2);
|
||||
}
|
||||
/* T1 = X + T1 */
|
||||
@ -480,6 +493,33 @@ static int tfm_ecc_projective_dbl_point(ecc_point *P, ecc_point *R, void *modulu
|
||||
if (fp_cmp(&t1, modulus) != FP_LT) {
|
||||
fp_sub(&t1, modulus, &t1);
|
||||
}
|
||||
}
|
||||
else {
|
||||
/* T2 = T1 * T1 */
|
||||
fp_sqr(&t1, &t2);
|
||||
fp_montgomery_reduce(&t2, modulus, mp);
|
||||
/* T1 = T2 * a */
|
||||
fp_mul(&t2, ma, &t1);
|
||||
fp_montgomery_reduce(&t1, modulus, mp);
|
||||
/* T2 = X * X */
|
||||
fp_sqr(R->x, &t2);
|
||||
fp_montgomery_reduce(&t2, modulus, mp);
|
||||
/* T1 = T1 + T2 */
|
||||
fp_add(&t1, &t2, &t1);
|
||||
if (fp_cmp(&t1, modulus) != FP_LT) {
|
||||
fp_sub(&t1, modulus, &t1);
|
||||
}
|
||||
/* T1 = T1 + T2 */
|
||||
fp_add(&t1, &t2, &t1);
|
||||
if (fp_cmp(&t1, modulus) != FP_LT) {
|
||||
fp_sub(&t1, modulus, &t1);
|
||||
}
|
||||
/* T1 = T1 + T2 */
|
||||
fp_add(&t1, &t2, &t1);
|
||||
if (fp_cmp(&t1, modulus) != FP_LT) {
|
||||
fp_sub(&t1, modulus, &t1);
|
||||
}
|
||||
}
|
||||
|
||||
/* Y = 2Y */
|
||||
fp_add(R->y, R->y, R->y);
|
||||
@ -541,10 +581,11 @@ static int tfm_ecc_projective_dbl_point(ecc_point *P, ecc_point *R, void *modulu
|
||||
@param Mp The "b" value from montgomery_setup()
|
||||
@return CRYPT_OK on success
|
||||
*/
|
||||
static int tfm_ecc_projective_add_point(ecc_point *P, ecc_point *Q, ecc_point *R, void *modulus, void *Mp)
|
||||
static int tfm_ecc_projective_add_point(const ecc_point *P, const ecc_point *Q, ecc_point *R, void *ma, void *modulus, void *Mp)
|
||||
{
|
||||
fp_int t1, t2, x, y, z;
|
||||
fp_digit mp;
|
||||
int err, inf;
|
||||
|
||||
LTC_ARGCHK(P != NULL);
|
||||
LTC_ARGCHK(Q != NULL);
|
||||
@ -560,12 +601,30 @@ static int tfm_ecc_projective_add_point(ecc_point *P, ecc_point *Q, ecc_point *R
|
||||
fp_init(&y);
|
||||
fp_init(&z);
|
||||
|
||||
if ((err = ltc_ecc_is_point_at_infinity(P, modulus, &inf)) != CRYPT_OK) return err;
|
||||
if (inf) {
|
||||
/* P is point at infinity >> Result = Q */
|
||||
ltc_mp.copy(Q->x, R->x);
|
||||
ltc_mp.copy(Q->y, R->y);
|
||||
ltc_mp.copy(Q->z, R->z);
|
||||
return CRYPT_OK;
|
||||
}
|
||||
|
||||
if ((err = ltc_ecc_is_point_at_infinity(Q, modulus, &inf)) != CRYPT_OK) return err;
|
||||
if (inf) {
|
||||
/* Q is point at infinity >> Result = P */
|
||||
ltc_mp.copy(P->x, R->x);
|
||||
ltc_mp.copy(P->y, R->y);
|
||||
ltc_mp.copy(P->z, R->z);
|
||||
return CRYPT_OK;
|
||||
}
|
||||
|
||||
/* should we dbl instead? */
|
||||
fp_sub(modulus, Q->y, &t1);
|
||||
if ( (fp_cmp(P->x, Q->x) == FP_EQ) &&
|
||||
(Q->z != NULL && fp_cmp(P->z, Q->z) == FP_EQ) &&
|
||||
(fp_cmp(P->y, Q->y) == FP_EQ || fp_cmp(P->y, &t1) == FP_EQ)) {
|
||||
return tfm_ecc_projective_dbl_point(P, R, modulus, Mp);
|
||||
return tfm_ecc_projective_dbl_point(P, R, ma, modulus, Mp);
|
||||
}
|
||||
|
||||
fp_copy(P->x, &x);
|
||||
@ -741,6 +800,7 @@ const ltc_math_descriptor tfm_desc = {
|
||||
&mul,
|
||||
&muli,
|
||||
&sqr,
|
||||
NULL, /* TODO: &sqrtmod_prime */
|
||||
÷,
|
||||
&div_2,
|
||||
&modi,
|
||||
|
@ -245,7 +245,7 @@ static const crypt_size _crypt_sizes[] = {
|
||||
_SZ_STRINGIFY_T(dh_key),
|
||||
#endif
|
||||
#ifdef LTC_MECC
|
||||
_SZ_STRINGIFY_T(ltc_ecc_set_type),
|
||||
_SZ_STRINGIFY_T(ltc_ecc_curve),
|
||||
_SZ_STRINGIFY_T(ecc_point),
|
||||
_SZ_STRINGIFY_T(ecc_key),
|
||||
#endif
|
||||
|
82
src/misc/pk_oid_str.c
Normal file
82
src/misc/pk_oid_str.c
Normal file
@ -0,0 +1,82 @@
|
||||
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
|
||||
*
|
||||
* LibTomCrypt is a library that provides various cryptographic
|
||||
* algorithms in a highly modular and flexible manner.
|
||||
*
|
||||
* The library is free for all purposes without any express
|
||||
* guarantee it works.
|
||||
*/
|
||||
|
||||
#include "tomcrypt.h"
|
||||
|
||||
int pk_oid_str_to_num(const char *OID, unsigned long *oid, unsigned long *oidlen)
|
||||
{
|
||||
unsigned long i, j, limit;
|
||||
|
||||
LTC_ARGCHK(oid != NULL);
|
||||
LTC_ARGCHK(oidlen != NULL);
|
||||
|
||||
limit = *oidlen;
|
||||
*oidlen = 0; /* make sure that we return zero oidlen on error */
|
||||
for (i = 0; i < limit; i++) oid[i] = 0;
|
||||
|
||||
if ((OID == NULL) || (strlen(OID) == 0)) return CRYPT_OK;
|
||||
|
||||
for (i = 0, j = 0; i < strlen(OID); i++) {
|
||||
if (OID[i] == '.') {
|
||||
if (++j >= limit) return CRYPT_ERROR;
|
||||
}
|
||||
else if ((OID[i] >= '0') && (OID[i] <= '9')) {
|
||||
oid[j] = oid[j] * 10 + (OID[i] - '0');
|
||||
}
|
||||
else {
|
||||
return CRYPT_ERROR;
|
||||
}
|
||||
}
|
||||
if (j == 0) return CRYPT_ERROR;
|
||||
*oidlen = j + 1;
|
||||
return CRYPT_OK;
|
||||
}
|
||||
|
||||
int pk_oid_num_to_str(const unsigned long *oid, unsigned long oidlen, char *OID, unsigned long *outlen)
|
||||
{
|
||||
int i;
|
||||
unsigned long j, k;
|
||||
char tmp[256] = { 0 };
|
||||
unsigned long tmpsz = sizeof(tmp);
|
||||
|
||||
LTC_ARGCHK(oid != NULL);
|
||||
LTC_ARGCHK(OID != NULL);
|
||||
LTC_ARGCHK(outlen != NULL);
|
||||
|
||||
for (i = oidlen - 1, k = 0; i >= 0; i--) {
|
||||
j = oid[i];
|
||||
if (j == 0) {
|
||||
tmp[k] = '0';
|
||||
if (++k >= tmpsz) return CRYPT_ERROR;
|
||||
}
|
||||
else {
|
||||
while (j > 0) {
|
||||
tmp[k] = '0' + (j % 10);
|
||||
if (++k >= tmpsz) return CRYPT_ERROR;
|
||||
j /= 10;
|
||||
}
|
||||
}
|
||||
if (i > 0) {
|
||||
tmp[k] = '.';
|
||||
if (++k >= tmpsz) return CRYPT_ERROR;
|
||||
}
|
||||
}
|
||||
if (*outlen < k + 1) {
|
||||
*outlen = k + 1;
|
||||
return CRYPT_BUFFER_OVERFLOW;
|
||||
}
|
||||
for (j = 0; j < k; j++) OID[j] = tmp[k - j - 1];
|
||||
OID[k] = '\0';
|
||||
*outlen = k; /* the length without terminating NUL byte */
|
||||
return CRYPT_OK;
|
||||
}
|
||||
|
||||
/* ref: $Format:%D$ */
|
||||
/* git commit: $Format:%H$ */
|
||||
/* commit time: $Format:%ai$ */
|
466
src/pk/ecc/ecc.c
466
src/pk/ecc/ecc.c
@ -7,11 +7,6 @@
|
||||
* guarantee it works.
|
||||
*/
|
||||
|
||||
/* Implements ECC over Z/pZ for curve y^2 = x^3 - 3x + b
|
||||
*
|
||||
* All curves taken from NIST recommendation paper of July 1999
|
||||
* Available at http://csrc.nist.gov/cryptval/dss.htm
|
||||
*/
|
||||
#include "tomcrypt.h"
|
||||
|
||||
/**
|
||||
@ -21,99 +16,424 @@
|
||||
|
||||
#ifdef LTC_MECC
|
||||
|
||||
/* This holds the key settings. ***MUST*** be organized by size from smallest to largest. */
|
||||
const ltc_ecc_set_type ltc_ecc_sets[] = {
|
||||
#ifdef LTC_ECC112
|
||||
/* This array holds the curve parameters.
|
||||
* Curves (prime field only) are taken from:
|
||||
* - http://www.secg.org/collateral/sec2_final.pdf (named: SECP*)
|
||||
* - http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf (named: NISTP*)
|
||||
* - ANS X9.62 (named: PRIMEP*)
|
||||
* - http://www.ecc-brainpool.org/download/Domain-parameters.pdf (named: BRAINPOOLP*)
|
||||
*/
|
||||
const ltc_ecc_curve ltc_ecc_curves[] = {
|
||||
#ifdef LTC_ECC_SECP112R1
|
||||
{
|
||||
14,
|
||||
"SECP112R1",
|
||||
"DB7C2ABF62E35E668076BEAD208B",
|
||||
"659EF8BA043916EEDE8911702B22",
|
||||
"DB7C2ABF62E35E7628DFAC6561C5",
|
||||
"09487239995A5EE76B55F9C2F098",
|
||||
"A89CE5AF8724C0A23E0E0FF77500"
|
||||
/* prime */ "DB7C2ABF62E35E668076BEAD208B",
|
||||
/* A */ "DB7C2ABF62E35E668076BEAD2088",
|
||||
/* B */ "659EF8BA043916EEDE8911702B22",
|
||||
/* order */ "DB7C2ABF62E35E7628DFAC6561C5",
|
||||
/* Gx */ "09487239995A5EE76B55F9C2F098",
|
||||
/* Gy */ "A89CE5AF8724C0A23E0E0FF77500",
|
||||
/* cofactor */ 1,
|
||||
/* OID */ "1.3.132.0.6"
|
||||
},
|
||||
#endif
|
||||
#ifdef LTC_ECC128
|
||||
#ifdef LTC_ECC_SECP112R2
|
||||
{
|
||||
16,
|
||||
"SECP128R1",
|
||||
"FFFFFFFDFFFFFFFFFFFFFFFFFFFFFFFF",
|
||||
"E87579C11079F43DD824993C2CEE5ED3",
|
||||
"FFFFFFFE0000000075A30D1B9038A115",
|
||||
"161FF7528B899B2D0C28607CA52C5B86",
|
||||
"CF5AC8395BAFEB13C02DA292DDED7A83",
|
||||
/* prime */ "DB7C2ABF62E35E668076BEAD208B",
|
||||
/* A */ "6127C24C05F38A0AAAF65C0EF02C",
|
||||
/* B */ "51DEF1815DB5ED74FCC34C85D709",
|
||||
/* order */ "36DF0AAFD8B8D7597CA10520D04B",
|
||||
/* Gx */ "4BA30AB5E892B4E1649DD0928643",
|
||||
/* Gy */ "ADCD46F5882E3747DEF36E956E97",
|
||||
/* cofactor */ 4,
|
||||
/* OID */ "1.3.132.0.7"
|
||||
},
|
||||
#endif
|
||||
#ifdef LTC_ECC160
|
||||
#ifdef LTC_ECC_SECP128R1
|
||||
{
|
||||
20,
|
||||
"SECP160R1",
|
||||
"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFF",
|
||||
"1C97BEFC54BD7A8B65ACF89F81D4D4ADC565FA45",
|
||||
"0100000000000000000001F4C8F927AED3CA752257",
|
||||
"4A96B5688EF573284664698968C38BB913CBFC82",
|
||||
"23A628553168947D59DCC912042351377AC5FB32",
|
||||
/* prime */ "FFFFFFFDFFFFFFFFFFFFFFFFFFFFFFFF",
|
||||
/* A */ "FFFFFFFDFFFFFFFFFFFFFFFFFFFFFFFC",
|
||||
/* B */ "E87579C11079F43DD824993C2CEE5ED3",
|
||||
/* order */ "FFFFFFFE0000000075A30D1B9038A115",
|
||||
/* Gx */ "161FF7528B899B2D0C28607CA52C5B86",
|
||||
/* Gy */ "CF5AC8395BAFEB13C02DA292DDED7A83",
|
||||
/* cofactor */ 1,
|
||||
/* OID */ "1.3.132.0.28"
|
||||
},
|
||||
#endif
|
||||
#ifdef LTC_ECC192
|
||||
#ifdef LTC_ECC_SECP128R2
|
||||
{
|
||||
24,
|
||||
"ECC-192",
|
||||
"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF",
|
||||
"64210519E59C80E70FA7E9AB72243049FEB8DEECC146B9B1",
|
||||
"FFFFFFFFFFFFFFFFFFFFFFFF99DEF836146BC9B1B4D22831",
|
||||
"188DA80EB03090F67CBF20EB43A18800F4FF0AFD82FF1012",
|
||||
"7192B95FFC8DA78631011ED6B24CDD573F977A11E794811",
|
||||
/* prime */ "FFFFFFFDFFFFFFFFFFFFFFFFFFFFFFFF",
|
||||
/* A */ "D6031998D1B3BBFEBF59CC9BBFF9AEE1",
|
||||
/* B */ "5EEEFCA380D02919DC2C6558BB6D8A5D",
|
||||
/* order */ "3FFFFFFF7FFFFFFFBE0024720613B5A3",
|
||||
/* Gx */ "7B6AA5D85E572983E6FB32A7CDEBC140",
|
||||
/* Gy */ "27B6916A894D3AEE7106FE805FC34B44",
|
||||
/* cofactor */ 4,
|
||||
/* OID */ "1.3.132.0.29"
|
||||
},
|
||||
#endif
|
||||
#ifdef LTC_ECC224
|
||||
#ifdef LTC_ECC_SECP160R1
|
||||
{
|
||||
28,
|
||||
"ECC-224",
|
||||
"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000000000000000000000001",
|
||||
"B4050A850C04B3ABF54132565044B0B7D7BFD8BA270B39432355FFB4",
|
||||
"FFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D",
|
||||
"B70E0CBD6BB4BF7F321390B94A03C1D356C21122343280D6115C1D21",
|
||||
"BD376388B5F723FB4C22DFE6CD4375A05A07476444D5819985007E34",
|
||||
/* prime */ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFF",
|
||||
/* A */ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFC",
|
||||
/* B */ "1C97BEFC54BD7A8B65ACF89F81D4D4ADC565FA45",
|
||||
/* order */ "0100000000000000000001F4C8F927AED3CA752257",
|
||||
/* Gx */ "4A96B5688EF573284664698968C38BB913CBFC82",
|
||||
/* Gy */ "23A628553168947D59DCC912042351377AC5FB32",
|
||||
/* cofactor */ 1,
|
||||
/* OID */ "1.3.132.0.8"
|
||||
},
|
||||
#endif
|
||||
#ifdef LTC_ECC256
|
||||
#ifdef LTC_ECC_SECP160R2
|
||||
{
|
||||
32,
|
||||
"ECC-256",
|
||||
"FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFF",
|
||||
"5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B",
|
||||
"FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551",
|
||||
"6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296",
|
||||
"4FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5",
|
||||
/* prime */ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC73",
|
||||
/* A */ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC70",
|
||||
/* B */ "B4E134D3FB59EB8BAB57274904664D5AF50388BA",
|
||||
/* order */ "0100000000000000000000351EE786A818F3A1A16B",
|
||||
/* Gx */ "52DCB034293A117E1F4FF11B30F7199D3144CE6D",
|
||||
/* Gy */ "FEAFFEF2E331F296E071FA0DF9982CFEA7D43F2E",
|
||||
/* cofactor */ 1,
|
||||
/* OID */ "1.3.132.0.30"
|
||||
},
|
||||
#endif
|
||||
#ifdef LTC_ECC384
|
||||
#ifdef LTC_ECC_SECP160K1
|
||||
{
|
||||
48,
|
||||
"ECC-384",
|
||||
"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFF",
|
||||
"B3312FA7E23EE7E4988E056BE3F82D19181D9C6EFE8141120314088F5013875AC656398D8A2ED19D2A85C8EDD3EC2AEF",
|
||||
"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC7634D81F4372DDF581A0DB248B0A77AECEC196ACCC52973",
|
||||
"AA87CA22BE8B05378EB1C71EF320AD746E1D3B628BA79B9859F741E082542A385502F25DBF55296C3A545E3872760AB7",
|
||||
"3617DE4A96262C6F5D9E98BF9292DC29F8F41DBD289A147CE9DA3113B5F0B8C00A60B1CE1D7E819D7A431D7C90EA0E5F",
|
||||
/* prime */ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC73",
|
||||
/* A */ "0000000000000000000000000000000000000000",
|
||||
/* B */ "0000000000000000000000000000000000000007",
|
||||
/* order */ "0100000000000000000001B8FA16DFAB9ACA16B6B3",
|
||||
/* Gx */ "3B4C382CE37AA192A4019E763036F4F5DD4D7EBB",
|
||||
/* Gy */ "938CF935318FDCED6BC28286531733C3F03C4FEE",
|
||||
/* cofactor */ 1,
|
||||
/* OID */ "1.3.132.0.9"
|
||||
},
|
||||
#endif
|
||||
#ifdef LTC_ECC521
|
||||
#ifdef LTC_ECC_SECP192R1
|
||||
{
|
||||
66,
|
||||
"ECC-521",
|
||||
"1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF",
|
||||
"51953EB9618E1C9A1F929A21A0B68540EEA2DA725B99B315F3B8B489918EF109E156193951EC7E937B1652C0BD3BB1BF073573DF883D2C34F1EF451FD46B503F00",
|
||||
"1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFA51868783BF2F966B7FCC0148F709A5D03BB5C9B8899C47AEBB6FB71E91386409",
|
||||
"C6858E06B70404E9CD9E3ECB662395B4429C648139053FB521F828AF606B4D3DBAA14B5E77EFE75928FE1DC127A2FFA8DE3348B3C1856A429BF97E7E31C2E5BD66",
|
||||
"11839296A789A3BC0045C8A5FB42C7D1BD998F54449579B446817AFBD17273E662C97EE72995EF42640C550B9013FAD0761353C7086A272C24088BE94769FD16650",
|
||||
/* prime */ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF",
|
||||
/* A */ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC",
|
||||
/* B */ "64210519E59C80E70FA7E9AB72243049FEB8DEECC146B9B1",
|
||||
/* order */ "FFFFFFFFFFFFFFFFFFFFFFFF99DEF836146BC9B1B4D22831",
|
||||
/* Gx */ "188DA80EB03090F67CBF20EB43A18800F4FF0AFD82FF1012",
|
||||
/* Gy */ "07192B95FFC8DA78631011ED6B24CDD573F977A11E794811",
|
||||
/* cofactor */ 1,
|
||||
/* OID */ "1.2.840.10045.3.1.1"
|
||||
},
|
||||
#endif
|
||||
#ifdef LTC_ECC_PRIME192V2
|
||||
{
|
||||
/* prime */ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF",
|
||||
/* A */ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC",
|
||||
/* B */ "CC22D6DFB95C6B25E49C0D6364A4E5980C393AA21668D953",
|
||||
/* order */ "FFFFFFFFFFFFFFFFFFFFFFFE5FB1A724DC80418648D8DD31",
|
||||
/* Gx */ "EEA2BAE7E1497842F2DE7769CFE9C989C072AD696F48034A",
|
||||
/* Gy */ "6574D11D69B6EC7A672BB82A083DF2F2B0847DE970B2DE15",
|
||||
/* cofactor */ 1,
|
||||
/* OID */ "1.2.840.10045.3.1.2"
|
||||
},
|
||||
#endif
|
||||
#ifdef LTC_ECC_PRIME192V3
|
||||
{
|
||||
/* prime */ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF",
|
||||
/* A */ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC",
|
||||
/* B */ "22123DC2395A05CAA7423DAECCC94760A7D462256BD56916",
|
||||
/* order */ "FFFFFFFFFFFFFFFFFFFFFFFF7A62D031C83F4294F640EC13",
|
||||
/* Gx */ "7D29778100C65A1DA1783716588DCE2B8B4AEE8E228F1896",
|
||||
/* Gy */ "38A90F22637337334B49DCB66A6DC8F9978ACA7648A943B0",
|
||||
/* cofactor */ 1,
|
||||
/* OID */ "1.2.840.10045.3.1.3"
|
||||
},
|
||||
#endif
|
||||
#ifdef LTC_ECC_SECP192K1
|
||||
{
|
||||
/* prime */ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFEE37",
|
||||
/* A */ "000000000000000000000000000000000000000000000000",
|
||||
/* B */ "000000000000000000000000000000000000000000000003",
|
||||
/* order */ "FFFFFFFFFFFFFFFFFFFFFFFE26F2FC170F69466A74DEFD8D",
|
||||
/* Gx */ "DB4FF10EC057E9AE26B07D0280B7F4341DA5D1B1EAE06C7D",
|
||||
/* Gy */ "9B2F2F6D9C5628A7844163D015BE86344082AA88D95E2F9D",
|
||||
/* cofactor */ 1,
|
||||
/* OID */ "1.3.132.0.31"
|
||||
},
|
||||
#endif
|
||||
#ifdef LTC_ECC_SECP224R1
|
||||
{
|
||||
/* prime */ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000000000000000000000001",
|
||||
/* A */ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFE",
|
||||
/* B */ "B4050A850C04B3ABF54132565044B0B7D7BFD8BA270B39432355FFB4",
|
||||
/* order */ "FFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D",
|
||||
/* Gx */ "B70E0CBD6BB4BF7F321390B94A03C1D356C21122343280D6115C1D21",
|
||||
/* Gy */ "BD376388B5F723FB4C22DFE6CD4375A05A07476444D5819985007E34",
|
||||
/* cofactor */ 1,
|
||||
/* OID */ "1.3.132.0.33"
|
||||
},
|
||||
#endif
|
||||
#ifdef LTC_ECC_SECP224K1
|
||||
{
|
||||
/* prime */ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFE56D",
|
||||
/* A */ "00000000000000000000000000000000000000000000000000000000",
|
||||
/* B */ "00000000000000000000000000000000000000000000000000000005",
|
||||
/* order */ "010000000000000000000000000001DCE8D2EC6184CAF0A971769FB1F7",
|
||||
/* Gx */ "A1455B334DF099DF30FC28A169A467E9E47075A90F7E650EB6B7A45C",
|
||||
/* Gy */ "7E089FED7FBA344282CAFBD6F7E319F7C0B0BD59E2CA4BDB556D61A5",
|
||||
/* cofactor */ 1,
|
||||
/* OID */ "1.3.132.0.32"
|
||||
},
|
||||
#endif
|
||||
#ifdef LTC_ECC_SECP256R1
|
||||
{
|
||||
/* prime */ "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFF",
|
||||
/* A */ "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFC",
|
||||
/* B */ "5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B",
|
||||
/* order */ "FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551",
|
||||
/* Gx */ "6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296",
|
||||
/* Gy */ "4FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5",
|
||||
/* cofactor */ 1,
|
||||
/* OID */ "1.2.840.10045.3.1.7"
|
||||
},
|
||||
#endif
|
||||
#ifdef LTC_ECC_SECP256K1
|
||||
{
|
||||
/* prime */ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F",
|
||||
/* A */ "0000000000000000000000000000000000000000000000000000000000000000",
|
||||
/* B */ "0000000000000000000000000000000000000000000000000000000000000007",
|
||||
/* order */ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141",
|
||||
/* Gx */ "79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798",
|
||||
/* Gy */ "483ADA7726A3C4655DA4FBFC0E1108A8FD17B448A68554199C47D08FFB10D4B8",
|
||||
/* cofactor */ 1,
|
||||
/* OID */ "1.3.132.0.10"
|
||||
},
|
||||
#endif
|
||||
#ifdef LTC_ECC_SECP384R1
|
||||
{
|
||||
/* prime */ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFF",
|
||||
/* A */ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFC",
|
||||
/* B */ "B3312FA7E23EE7E4988E056BE3F82D19181D9C6EFE8141120314088F5013875AC656398D8A2ED19D2A85C8EDD3EC2AEF",
|
||||
/* order */ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC7634D81F4372DDF581A0DB248B0A77AECEC196ACCC52973",
|
||||
/* Gx */ "AA87CA22BE8B05378EB1C71EF320AD746E1D3B628BA79B9859F741E082542A385502F25DBF55296C3A545E3872760AB7",
|
||||
/* Gy */ "3617DE4A96262C6F5D9E98BF9292DC29F8F41DBD289A147CE9DA3113B5F0B8C00A60B1CE1D7E819D7A431D7C90EA0E5F",
|
||||
/* cofactor */ 1,
|
||||
/* OID */ "1.3.132.0.34"
|
||||
},
|
||||
#endif
|
||||
#ifdef LTC_ECC_SECP521R1
|
||||
{
|
||||
/* prime */ "01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF",
|
||||
/* A */ "01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC",
|
||||
/* B */ "0051953EB9618E1C9A1F929A21A0B68540EEA2DA725B99B315F3B8B489918EF109E156193951EC7E937B1652C0BD3BB1BF073573DF883D2C34F1EF451FD46B503F00",
|
||||
/* order */ "01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFA51868783BF2F966B7FCC0148F709A5D03BB5C9B8899C47AEBB6FB71E91386409",
|
||||
/* Gx */ "00C6858E06B70404E9CD9E3ECB662395B4429C648139053FB521F828AF606B4D3DBAA14B5E77EFE75928FE1DC127A2FFA8DE3348B3C1856A429BF97E7E31C2E5BD66",
|
||||
/* Gy */ "011839296A789A3BC0045C8A5FB42C7D1BD998F54449579B446817AFBD17273E662C97EE72995EF42640C550B9013FAD0761353C7086A272C24088BE94769FD16650",
|
||||
/* cofactor */ 1,
|
||||
/* OID */ "1.3.132.0.35"
|
||||
},
|
||||
#endif
|
||||
#ifdef LTC_ECC_PRIME239V1
|
||||
{
|
||||
/* prime */ "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFF",
|
||||
/* A */ "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFC",
|
||||
/* B */ "6B016C3BDCF18941D0D654921475CA71A9DB2FB27D1D37796185C2942C0A",
|
||||
/* order */ "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFF9E5E9A9F5D9071FBD1522688909D0B",
|
||||
/* Gx */ "0FFA963CDCA8816CCC33B8642BEDF905C3D358573D3F27FBBD3B3CB9AAAF",
|
||||
/* Gy */ "7DEBE8E4E90A5DAE6E4054CA530BA04654B36818CE226B39FCCB7B02F1AE",
|
||||
/* cofactor */ 1,
|
||||
/* OID */ "1.2.840.10045.3.1.4"
|
||||
},
|
||||
#endif
|
||||
#ifdef LTC_ECC_PRIME239V2
|
||||
{
|
||||
/* prime */ "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFF",
|
||||
/* A */ "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFC",
|
||||
/* B */ "617FAB6832576CBBFED50D99F0249C3FEE58B94BA0038C7AE84C8C832F2C",
|
||||
/* order */ "7FFFFFFFFFFFFFFFFFFFFFFF800000CFA7E8594377D414C03821BC582063",
|
||||
/* Gx */ "38AF09D98727705120C921BB5E9E26296A3CDCF2F35757A0EAFD87B830E7",
|
||||
/* Gy */ "5B0125E4DBEA0EC7206DA0FC01D9B081329FB555DE6EF460237DFF8BE4BA",
|
||||
/* cofactor */ 1,
|
||||
/* OID */ "1.2.840.10045.3.1.5"
|
||||
},
|
||||
#endif
|
||||
#ifdef LTC_ECC_PRIME239V3
|
||||
{
|
||||
/* prime */ "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFF",
|
||||
/* A */ "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFC",
|
||||
/* B */ "255705FA2A306654B1F4CB03D6A750A30C250102D4988717D9BA15AB6D3E",
|
||||
/* order */ "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFF975DEB41B3A6057C3C432146526551",
|
||||
/* Gx */ "6768AE8E18BB92CFCF005C949AA2C6D94853D0E660BBF854B1C9505FE95A",
|
||||
/* Gy */ "1607E6898F390C06BC1D552BAD226F3B6FCFE48B6E818499AF18E3ED6CF3",
|
||||
/* cofactor */ 1,
|
||||
/* OID */ "1.2.840.10045.3.1.6"
|
||||
},
|
||||
#endif
|
||||
#ifdef LTC_ECC_BRAINPOOLP160R1
|
||||
{
|
||||
/* prime */ "E95E4A5F737059DC60DFC7AD95B3D8139515620F",
|
||||
/* A */ "340E7BE2A280EB74E2BE61BADA745D97E8F7C300",
|
||||
/* B */ "1E589A8595423412134FAA2DBDEC95C8D8675E58",
|
||||
/* order */ "E95E4A5F737059DC60DF5991D45029409E60FC09",
|
||||
/* Gx */ "BED5AF16EA3F6A4F62938C4631EB5AF7BDBCDBC3",
|
||||
/* Gy */ "1667CB477A1A8EC338F94741669C976316DA6321",
|
||||
/* cofactor */ 1,
|
||||
/* OID */ "1.3.36.3.3.2.8.1.1.1"
|
||||
},
|
||||
#endif
|
||||
#ifdef LTC_ECC_BRAINPOOLP192R1
|
||||
{
|
||||
/* prime */ "C302F41D932A36CDA7A3463093D18DB78FCE476DE1A86297",
|
||||
/* A */ "6A91174076B1E0E19C39C031FE8685C1CAE040E5C69A28EF",
|
||||
/* B */ "469A28EF7C28CCA3DC721D044F4496BCCA7EF4146FBF25C9",
|
||||
/* order */ "C302F41D932A36CDA7A3462F9E9E916B5BE8F1029AC4ACC1",
|
||||
/* Gx */ "C0A0647EAAB6A48753B033C56CB0F0900A2F5C4853375FD6",
|
||||
/* Gy */ "14B690866ABD5BB88B5F4828C1490002E6773FA2FA299B8F",
|
||||
/* cofactor */ 1,
|
||||
/* OID */ "1.3.36.3.3.2.8.1.1.3"
|
||||
},
|
||||
#endif
|
||||
#ifdef LTC_ECC_BRAINPOOLP224R1
|
||||
{
|
||||
/* prime */ "D7C134AA264366862A18302575D1D787B09F075797DA89F57EC8C0FF",
|
||||
/* A */ "68A5E62CA9CE6C1C299803A6C1530B514E182AD8B0042A59CAD29F43",
|
||||
/* B */ "2580F63CCFE44138870713B1A92369E33E2135D266DBB372386C400B",
|
||||
/* order */ "D7C134AA264366862A18302575D0FB98D116BC4B6DDEBCA3A5A7939F",
|
||||
/* Gx */ "0D9029AD2C7E5CF4340823B2A87DC68C9E4CE3174C1E6EFDEE12C07D",
|
||||
/* Gy */ "58AA56F772C0726F24C6B89E4ECDAC24354B9E99CAA3F6D3761402CD",
|
||||
/* cofactor */ 1,
|
||||
/* OID */ "1.3.36.3.3.2.8.1.1.5"
|
||||
},
|
||||
#endif
|
||||
#ifdef LTC_ECC_BRAINPOOLP256R1
|
||||
{
|
||||
/* prime */ "A9FB57DBA1EEA9BC3E660A909D838D726E3BF623D52620282013481D1F6E5377",
|
||||
/* A */ "7D5A0975FC2C3057EEF67530417AFFE7FB8055C126DC5C6CE94A4B44F330B5D9",
|
||||
/* B */ "26DC5C6CE94A4B44F330B5D9BBD77CBF958416295CF7E1CE6BCCDC18FF8C07B6",
|
||||
/* order */ "A9FB57DBA1EEA9BC3E660A909D838D718C397AA3B561A6F7901E0E82974856A7",
|
||||
/* Gx */ "8BD2AEB9CB7E57CB2C4B482FFC81B7AFB9DE27E1E3BD23C23A4453BD9ACE3262",
|
||||
/* Gy */ "547EF835C3DAC4FD97F8461A14611DC9C27745132DED8E545C1D54C72F046997",
|
||||
/* cofactor */ 1,
|
||||
/* OID */ "1.3.36.3.3.2.8.1.1.7"
|
||||
},
|
||||
#endif
|
||||
#ifdef LTC_ECC_BRAINPOOLP320R1
|
||||
{
|
||||
/* prime */ "D35E472036BC4FB7E13C785ED201E065F98FCFA6F6F40DEF4F92B9EC7893EC28FCD412B1F1B32E27",
|
||||
/* A */ "3EE30B568FBAB0F883CCEBD46D3F3BB8A2A73513F5EB79DA66190EB085FFA9F492F375A97D860EB4",
|
||||
/* B */ "520883949DFDBC42D3AD198640688A6FE13F41349554B49ACC31DCCD884539816F5EB4AC8FB1F1A6",
|
||||
/* order */ "D35E472036BC4FB7E13C785ED201E065F98FCFA5B68F12A32D482EC7EE8658E98691555B44C59311",
|
||||
/* Gx */ "43BD7E9AFB53D8B85289BCC48EE5BFE6F20137D10A087EB6E7871E2A10A599C710AF8D0D39E20611",
|
||||
/* Gy */ "14FDD05545EC1CC8AB4093247F77275E0743FFED117182EAA9C77877AAAC6AC7D35245D1692E8EE1",
|
||||
/* cofactor */ 1,
|
||||
/* OID */ "1.3.36.3.3.2.8.1.1.9"
|
||||
},
|
||||
#endif
|
||||
#ifdef LTC_ECC_BRAINPOOLP384R1
|
||||
{
|
||||
/* prime */ "8CB91E82A3386D280F5D6F7E50E641DF152F7109ED5456B412B1DA197FB71123ACD3A729901D1A71874700133107EC53",
|
||||
/* A */ "7BC382C63D8C150C3C72080ACE05AFA0C2BEA28E4FB22787139165EFBA91F90F8AA5814A503AD4EB04A8C7DD22CE2826",
|
||||
/* B */ "04A8C7DD22CE28268B39B55416F0447C2FB77DE107DCD2A62E880EA53EEB62D57CB4390295DBC9943AB78696FA504C11",
|
||||
/* order */ "8CB91E82A3386D280F5D6F7E50E641DF152F7109ED5456B31F166E6CAC0425A7CF3AB6AF6B7FC3103B883202E9046565",
|
||||
/* Gx */ "1D1C64F068CF45FFA2A63A81B7C13F6B8847A3E77EF14FE3DB7FCAFE0CBD10E8E826E03436D646AAEF87B2E247D4AF1E",
|
||||
/* Gy */ "8ABE1D7520F9C2A45CB1EB8E95CFD55262B70B29FEEC5864E19C054FF99129280E4646217791811142820341263C5315",
|
||||
/* cofactor */ 1,
|
||||
/* OID */ "1.3.36.3.3.2.8.1.1.11"
|
||||
},
|
||||
#endif
|
||||
#ifdef LTC_ECC_BRAINPOOLP512R1
|
||||
{
|
||||
/* prime */ "AADD9DB8DBE9C48B3FD4E6AE33C9FC07CB308DB3B3C9D20ED6639CCA703308717D4D9B009BC66842AECDA12AE6A380E62881FF2F2D82C68528AA6056583A48F3",
|
||||
/* A */ "7830A3318B603B89E2327145AC234CC594CBDD8D3DF91610A83441CAEA9863BC2DED5D5AA8253AA10A2EF1C98B9AC8B57F1117A72BF2C7B9E7C1AC4D77FC94CA",
|
||||
/* B */ "3DF91610A83441CAEA9863BC2DED5D5AA8253AA10A2EF1C98B9AC8B57F1117A72BF2C7B9E7C1AC4D77FC94CADC083E67984050B75EBAE5DD2809BD638016F723",
|
||||
/* order */ "AADD9DB8DBE9C48B3FD4E6AE33C9FC07CB308DB3B3C9D20ED6639CCA70330870553E5C414CA92619418661197FAC10471DB1D381085DDADDB58796829CA90069",
|
||||
/* Gx */ "81AEE4BDD82ED9645A21322E9C4C6A9385ED9F70B5D916C1B43B62EEF4D0098EFF3B1F78E2D0D48D50D1687B93B97D5F7C6D5047406A5E688B352209BCB9F822",
|
||||
/* Gy */ "7DDE385D566332ECC0EABFA9CF7822FDF209F70024A57B1AA000C55B881F8111B2DCDE494A5F485E5BCA4BD88A2763AED1CA2B2FA8F0540678CD1E0F3AD80892",
|
||||
/* cofactor */ 1,
|
||||
/* OID */ "1.3.36.3.3.2.8.1.1.13"
|
||||
},
|
||||
#endif
|
||||
#ifdef LTC_ECC_BRAINPOOLP160T1
|
||||
{
|
||||
/* prime */ "E95E4A5F737059DC60DFC7AD95B3D8139515620F",
|
||||
/* A */ "E95E4A5F737059DC60DFC7AD95B3D8139515620C",
|
||||
/* B */ "7A556B6DAE535B7B51ED2C4D7DAA7A0B5C55F380",
|
||||
/* order */ "E95E4A5F737059DC60DF5991D45029409E60FC09",
|
||||
/* Gx */ "B199B13B9B34EFC1397E64BAEB05ACC265FF2378",
|
||||
/* Gy */ "ADD6718B7C7C1961F0991B842443772152C9E0AD",
|
||||
/* cofactor */ 1,
|
||||
/* OID */ "1.3.36.3.3.2.8.1.1.2"
|
||||
},
|
||||
#endif
|
||||
#ifdef LTC_ECC_BRAINPOOLP192T1
|
||||
{
|
||||
/* prime */ "C302F41D932A36CDA7A3463093D18DB78FCE476DE1A86297",
|
||||
/* A */ "C302F41D932A36CDA7A3463093D18DB78FCE476DE1A86294",
|
||||
/* B */ "13D56FFAEC78681E68F9DEB43B35BEC2FB68542E27897B79",
|
||||
/* order */ "C302F41D932A36CDA7A3462F9E9E916B5BE8F1029AC4ACC1",
|
||||
/* Gx */ "3AE9E58C82F63C30282E1FE7BBF43FA72C446AF6F4618129",
|
||||
/* Gy */ "097E2C5667C2223A902AB5CA449D0084B7E5B3DE7CCC01C9",
|
||||
/* cofactor */ 1,
|
||||
/* OID */ "1.3.36.3.3.2.8.1.1.4"
|
||||
},
|
||||
#endif
|
||||
#ifdef LTC_ECC_BRAINPOOLP224T1
|
||||
{
|
||||
/* prime */ "D7C134AA264366862A18302575D1D787B09F075797DA89F57EC8C0FF",
|
||||
/* A */ "D7C134AA264366862A18302575D1D787B09F075797DA89F57EC8C0FC",
|
||||
/* B */ "4B337D934104CD7BEF271BF60CED1ED20DA14C08B3BB64F18A60888D",
|
||||
/* order */ "D7C134AA264366862A18302575D0FB98D116BC4B6DDEBCA3A5A7939F",
|
||||
/* Gx */ "6AB1E344CE25FF3896424E7FFE14762ECB49F8928AC0C76029B4D580",
|
||||
/* Gy */ "0374E9F5143E568CD23F3F4D7C0D4B1E41C8CC0D1C6ABD5F1A46DB4C",
|
||||
/* cofactor */ 1,
|
||||
/* OID */ "1.3.36.3.3.2.8.1.1.6"
|
||||
},
|
||||
#endif
|
||||
#ifdef LTC_ECC_BRAINPOOLP256T1
|
||||
{
|
||||
/* prime */ "A9FB57DBA1EEA9BC3E660A909D838D726E3BF623D52620282013481D1F6E5377",
|
||||
/* A */ "A9FB57DBA1EEA9BC3E660A909D838D726E3BF623D52620282013481D1F6E5374",
|
||||
/* B */ "662C61C430D84EA4FE66A7733D0B76B7BF93EBC4AF2F49256AE58101FEE92B04",
|
||||
/* order */ "A9FB57DBA1EEA9BC3E660A909D838D718C397AA3B561A6F7901E0E82974856A7",
|
||||
/* Gx */ "A3E8EB3CC1CFE7B7732213B23A656149AFA142C47AAFBC2B79A191562E1305F4",
|
||||
/* Gy */ "2D996C823439C56D7F7B22E14644417E69BCB6DE39D027001DABE8F35B25C9BE",
|
||||
/* cofactor */ 1,
|
||||
/* OID */ "1.3.36.3.3.2.8.1.1.8"
|
||||
},
|
||||
#endif
|
||||
#ifdef LTC_ECC_BRAINPOOLP320T1
|
||||
{
|
||||
/* prime */ "D35E472036BC4FB7E13C785ED201E065F98FCFA6F6F40DEF4F92B9EC7893EC28FCD412B1F1B32E27",
|
||||
/* A */ "D35E472036BC4FB7E13C785ED201E065F98FCFA6F6F40DEF4F92B9EC7893EC28FCD412B1F1B32E24",
|
||||
/* B */ "A7F561E038EB1ED560B3D147DB782013064C19F27ED27C6780AAF77FB8A547CEB5B4FEF422340353",
|
||||
/* order */ "D35E472036BC4FB7E13C785ED201E065F98FCFA5B68F12A32D482EC7EE8658E98691555B44C59311",
|
||||
/* Gx */ "925BE9FB01AFC6FB4D3E7D4990010F813408AB106C4F09CB7EE07868CC136FFF3357F624A21BED52",
|
||||
/* Gy */ "63BA3A7A27483EBF6671DBEF7ABB30EBEE084E58A0B077AD42A5A0989D1EE71B1B9BC0455FB0D2C3",
|
||||
/* cofactor */ 1,
|
||||
/* OID */ "1.3.36.3.3.2.8.1.1.10"
|
||||
},
|
||||
#endif
|
||||
#ifdef LTC_ECC_BRAINPOOLP384T1
|
||||
{
|
||||
/* prime */ "8CB91E82A3386D280F5D6F7E50E641DF152F7109ED5456B412B1DA197FB71123ACD3A729901D1A71874700133107EC53",
|
||||
/* A */ "8CB91E82A3386D280F5D6F7E50E641DF152F7109ED5456B412B1DA197FB71123ACD3A729901D1A71874700133107EC50",
|
||||
/* B */ "7F519EADA7BDA81BD826DBA647910F8C4B9346ED8CCDC64E4B1ABD11756DCE1D2074AA263B88805CED70355A33B471EE",
|
||||
/* order */ "8CB91E82A3386D280F5D6F7E50E641DF152F7109ED5456B31F166E6CAC0425A7CF3AB6AF6B7FC3103B883202E9046565",
|
||||
/* Gx */ "18DE98B02DB9A306F2AFCD7235F72A819B80AB12EBD653172476FECD462AABFFC4FF191B946A5F54D8D0AA2F418808CC",
|
||||
/* Gy */ "25AB056962D30651A114AFD2755AD336747F93475B7A1FCA3B88F2B6A208CCFE469408584DC2B2912675BF5B9E582928",
|
||||
/* cofactor */ 1,
|
||||
/* OID */ "1.3.36.3.3.2.8.1.1.12"
|
||||
},
|
||||
#endif
|
||||
#ifdef LTC_ECC_BRAINPOOLP512T1
|
||||
{
|
||||
/* prime */ "AADD9DB8DBE9C48B3FD4E6AE33C9FC07CB308DB3B3C9D20ED6639CCA703308717D4D9B009BC66842AECDA12AE6A380E62881FF2F2D82C68528AA6056583A48F3",
|
||||
/* A */ "AADD9DB8DBE9C48B3FD4E6AE33C9FC07CB308DB3B3C9D20ED6639CCA703308717D4D9B009BC66842AECDA12AE6A380E62881FF2F2D82C68528AA6056583A48F0",
|
||||
/* B */ "7CBBBCF9441CFAB76E1890E46884EAE321F70C0BCB4981527897504BEC3E36A62BCDFA2304976540F6450085F2DAE145C22553B465763689180EA2571867423E",
|
||||
/* order */ "AADD9DB8DBE9C48B3FD4E6AE33C9FC07CB308DB3B3C9D20ED6639CCA70330870553E5C414CA92619418661197FAC10471DB1D381085DDADDB58796829CA90069",
|
||||
/* Gx */ "640ECE5C12788717B9C1BA06CBC2A6FEBA85842458C56DDE9DB1758D39C0313D82BA51735CDB3EA499AA77A7D6943A64F7A3F25FE26F06B51BAA2696FA9035DA",
|
||||
/* Gy */ "5B534BD595F5AF0FA2C892376C84ACE1BB4E3019B71634C01131159CAE03CEE9D9932184BEEF216BD71DF2DADF86A627306ECFF96DBB8BACE198B61E00F8B332",
|
||||
/* cofactor */ 1,
|
||||
/* OID */ "1.3.36.3.3.2.8.1.1.14"
|
||||
},
|
||||
#endif
|
||||
{
|
||||
0,
|
||||
NULL, NULL, NULL, NULL, NULL, NULL
|
||||
NULL, NULL, NULL, NULL, NULL, NULL, 0, NULL
|
||||
}
|
||||
};
|
||||
|
||||
|
@ -7,11 +7,6 @@
|
||||
* guarantee it works.
|
||||
*/
|
||||
|
||||
/* Implements ECC over Z/pZ for curve y^2 = x^3 - 3x + b
|
||||
*
|
||||
* All curves taken from NIST recommendation paper of July 1999
|
||||
* Available at http://csrc.nist.gov/cryptval/dss.htm
|
||||
*/
|
||||
#include "tomcrypt.h"
|
||||
|
||||
/**
|
||||
@ -27,47 +22,9 @@
|
||||
@param outlen [in/out] Length of destination and final output size
|
||||
Return CRYPT_OK on success
|
||||
*/
|
||||
int ecc_ansi_x963_export(ecc_key *key, unsigned char *out, unsigned long *outlen)
|
||||
int ecc_ansi_x963_export(const ecc_key *key, unsigned char *out, unsigned long *outlen)
|
||||
{
|
||||
unsigned char buf[ECC_BUF_SIZE];
|
||||
unsigned long numlen, xlen, ylen;
|
||||
|
||||
LTC_ARGCHK(key != NULL);
|
||||
LTC_ARGCHK(outlen != NULL);
|
||||
|
||||
if (ltc_ecc_is_valid_idx(key->idx) == 0) {
|
||||
return CRYPT_INVALID_ARG;
|
||||
}
|
||||
numlen = key->dp->size;
|
||||
xlen = mp_unsigned_bin_size(key->pubkey.x);
|
||||
ylen = mp_unsigned_bin_size(key->pubkey.y);
|
||||
|
||||
if (xlen > numlen || ylen > numlen || sizeof(buf) < numlen) {
|
||||
return CRYPT_BUFFER_OVERFLOW;
|
||||
}
|
||||
|
||||
if (*outlen < (1 + 2*numlen)) {
|
||||
*outlen = 1 + 2*numlen;
|
||||
return CRYPT_BUFFER_OVERFLOW;
|
||||
}
|
||||
|
||||
LTC_ARGCHK(out != NULL);
|
||||
|
||||
/* store byte 0x04 */
|
||||
out[0] = 0x04;
|
||||
|
||||
/* pad and store x */
|
||||
zeromem(buf, sizeof(buf));
|
||||
mp_to_unsigned_bin(key->pubkey.x, buf + (numlen - xlen));
|
||||
XMEMCPY(out+1, buf, numlen);
|
||||
|
||||
/* pad and store y */
|
||||
zeromem(buf, sizeof(buf));
|
||||
mp_to_unsigned_bin(key->pubkey.y, buf + (numlen - ylen));
|
||||
XMEMCPY(out+1+numlen, buf, numlen);
|
||||
|
||||
*outlen = 1 + 2*numlen;
|
||||
return CRYPT_OK;
|
||||
return ecc_get_key(out, outlen, PK_PUBLIC, key);
|
||||
}
|
||||
|
||||
#endif
|
||||
|
@ -7,11 +7,6 @@
|
||||
* guarantee it works.
|
||||
*/
|
||||
|
||||
/* Implements ECC over Z/pZ for curve y^2 = x^3 - 3x + b
|
||||
*
|
||||
* All curves taken from NIST recommendation paper of July 1999
|
||||
* Available at http://csrc.nist.gov/cryptval/dss.htm
|
||||
*/
|
||||
#include "tomcrypt.h"
|
||||
|
||||
/**
|
||||
@ -31,9 +26,9 @@ int ecc_ansi_x963_import(const unsigned char *in, unsigned long inlen, ecc_key *
|
||||
return ecc_ansi_x963_import_ex(in, inlen, key, NULL);
|
||||
}
|
||||
|
||||
int ecc_ansi_x963_import_ex(const unsigned char *in, unsigned long inlen, ecc_key *key, ltc_ecc_set_type *dp)
|
||||
int ecc_ansi_x963_import_ex(const unsigned char *in, unsigned long inlen, ecc_key *key, const ltc_ecc_curve *cu)
|
||||
{
|
||||
int x, err;
|
||||
int err;
|
||||
|
||||
LTC_ARGCHK(in != NULL);
|
||||
LTC_ARGCHK(key != NULL);
|
||||
@ -43,56 +38,21 @@ int ecc_ansi_x963_import_ex(const unsigned char *in, unsigned long inlen, ecc_ke
|
||||
return CRYPT_INVALID_ARG;
|
||||
}
|
||||
|
||||
/* init key */
|
||||
if (mp_init_multi(&key->pubkey.x, &key->pubkey.y, &key->pubkey.z, &key->k, NULL) != CRYPT_OK) {
|
||||
return CRYPT_MEM;
|
||||
/* initialize key->dp */
|
||||
if (cu == NULL) {
|
||||
/* this case works only for uncompressed public keys */
|
||||
if ((err = ecc_set_dp_by_size((inlen-1)>>1, key)) != CRYPT_OK) { return err; }
|
||||
}
|
||||
else {
|
||||
/* this one works for both compressed / uncompressed pubkeys */
|
||||
if ((err = ecc_set_dp(cu, key)) != CRYPT_OK) { return err; }
|
||||
}
|
||||
|
||||
/* check for 4, 6 or 7 */
|
||||
if (in[0] != 4 && in[0] != 6 && in[0] != 7) {
|
||||
err = CRYPT_INVALID_PACKET;
|
||||
goto error;
|
||||
}
|
||||
|
||||
/* read data */
|
||||
if ((err = mp_read_unsigned_bin(key->pubkey.x, (unsigned char *)in+1, (inlen-1)>>1)) != CRYPT_OK) {
|
||||
goto error;
|
||||
}
|
||||
|
||||
if ((err = mp_read_unsigned_bin(key->pubkey.y, (unsigned char *)in+1+((inlen-1)>>1), (inlen-1)>>1)) != CRYPT_OK) {
|
||||
goto error;
|
||||
}
|
||||
if ((err = mp_set(key->pubkey.z, 1)) != CRYPT_OK) { goto error; }
|
||||
|
||||
if (dp == NULL) {
|
||||
/* determine the idx */
|
||||
for (x = 0; ltc_ecc_sets[x].size != 0; x++) {
|
||||
if ((unsigned)ltc_ecc_sets[x].size >= ((inlen-1)>>1)) {
|
||||
break;
|
||||
}
|
||||
}
|
||||
if (ltc_ecc_sets[x].size == 0) {
|
||||
err = CRYPT_INVALID_PACKET;
|
||||
goto error;
|
||||
}
|
||||
/* set the idx */
|
||||
key->idx = x;
|
||||
key->dp = <c_ecc_sets[x];
|
||||
} else {
|
||||
if (((inlen-1)>>1) != (unsigned long) dp->size) {
|
||||
err = CRYPT_INVALID_PACKET;
|
||||
goto error;
|
||||
}
|
||||
key->idx = -1;
|
||||
key->dp = dp;
|
||||
}
|
||||
key->type = PK_PUBLIC;
|
||||
/* load public key */
|
||||
if ((err = ecc_set_key((unsigned char *)in, inlen, PK_PUBLIC, key)) != CRYPT_OK) { return err; }
|
||||
|
||||
/* we're done */
|
||||
return CRYPT_OK;
|
||||
error:
|
||||
mp_clear_multi(key->pubkey.x, key->pubkey.y, key->pubkey.z, key->k, NULL);
|
||||
return err;
|
||||
}
|
||||
|
||||
#endif
|
||||
|
@ -7,11 +7,6 @@
|
||||
* guarantee it works.
|
||||
*/
|
||||
|
||||
/* Implements ECC over Z/pZ for curve y^2 = x^3 - 3x + b
|
||||
*
|
||||
* All curves taken from NIST recommendation paper of July 1999
|
||||
* Available at http://csrc.nist.gov/cryptval/dss.htm
|
||||
*/
|
||||
#include "tomcrypt.h"
|
||||
|
||||
/**
|
||||
@ -32,7 +27,7 @@
|
||||
*/
|
||||
int ecc_decrypt_key(const unsigned char *in, unsigned long inlen,
|
||||
unsigned char *out, unsigned long *outlen,
|
||||
ecc_key *key)
|
||||
const ecc_key *key)
|
||||
{
|
||||
unsigned char *ecc_shared, *skey, *pub_expt;
|
||||
unsigned long x, y;
|
||||
@ -90,9 +85,8 @@ int ecc_decrypt_key(const unsigned char *in, unsigned long inlen,
|
||||
}
|
||||
|
||||
/* import ECC key from packet */
|
||||
if ((err = ecc_import(decode[1].data, decode[1].size, &pubkey)) != CRYPT_OK) {
|
||||
goto LBL_ERR;
|
||||
}
|
||||
if ((err = ecc_copy_dp(key, &pubkey)) != CRYPT_OK) { goto LBL_ERR; }
|
||||
if ((err = ecc_set_key(decode[1].data, decode[1].size, PK_PUBLIC, &pubkey)) != CRYPT_OK) { goto LBL_ERR; }
|
||||
|
||||
/* make shared key */
|
||||
x = ECC_BUF_SIZE;
|
||||
|
@ -7,11 +7,6 @@
|
||||
* guarantee it works.
|
||||
*/
|
||||
|
||||
/* Implements ECC over Z/pZ for curve y^2 = x^3 - 3x + b
|
||||
*
|
||||
* All curves taken from NIST recommendation paper of July 1999
|
||||
* Available at http://csrc.nist.gov/cryptval/dss.htm
|
||||
*/
|
||||
#include "tomcrypt.h"
|
||||
|
||||
/**
|
||||
@ -36,7 +31,7 @@
|
||||
int ecc_encrypt_key(const unsigned char *in, unsigned long inlen,
|
||||
unsigned char *out, unsigned long *outlen,
|
||||
prng_state *prng, int wprng, int hash,
|
||||
ecc_key *key)
|
||||
const ecc_key *key)
|
||||
{
|
||||
unsigned char *pub_expt, *ecc_shared, *skey;
|
||||
ecc_key pubkey;
|
||||
@ -48,11 +43,6 @@ int ecc_encrypt_key(const unsigned char *in, unsigned long inlen,
|
||||
LTC_ARGCHK(outlen != NULL);
|
||||
LTC_ARGCHK(key != NULL);
|
||||
|
||||
/* check that wprng/cipher/hash are not invalid */
|
||||
if ((err = prng_is_valid(wprng)) != CRYPT_OK) {
|
||||
return err;
|
||||
}
|
||||
|
||||
if ((err = hash_is_valid(hash)) != CRYPT_OK) {
|
||||
return err;
|
||||
}
|
||||
@ -62,9 +52,8 @@ int ecc_encrypt_key(const unsigned char *in, unsigned long inlen,
|
||||
}
|
||||
|
||||
/* make a random key and export the public copy */
|
||||
if ((err = ecc_make_key_ex(prng, wprng, &pubkey, key->dp)) != CRYPT_OK) {
|
||||
return err;
|
||||
}
|
||||
if ((err = ecc_copy_dp(key, &pubkey)) != CRYPT_OK) { return err; }
|
||||
if ((err = ecc_generate_key(prng, wprng, &pubkey)) != CRYPT_OK) { return err; }
|
||||
|
||||
pub_expt = XMALLOC(ECC_BUF_SIZE);
|
||||
ecc_shared = XMALLOC(ECC_BUF_SIZE);
|
||||
@ -84,7 +73,14 @@ int ecc_encrypt_key(const unsigned char *in, unsigned long inlen,
|
||||
}
|
||||
|
||||
pubkeysize = ECC_BUF_SIZE;
|
||||
if ((err = ecc_export(pub_expt, &pubkeysize, PK_PUBLIC, &pubkey)) != CRYPT_OK) {
|
||||
if (ltc_mp.sqrtmod_prime != NULL) {
|
||||
/* PK_COMPRESSED requires sqrtmod_prime */
|
||||
err = ecc_get_key(pub_expt, &pubkeysize, PK_PUBLIC|PK_COMPRESSED, &pubkey);
|
||||
}
|
||||
else {
|
||||
err = ecc_get_key(pub_expt, &pubkeysize, PK_PUBLIC, &pubkey);
|
||||
}
|
||||
if (err != CRYPT_OK) {
|
||||
ecc_free(&pubkey);
|
||||
goto LBL_ERR;
|
||||
}
|
||||
|
@ -7,11 +7,6 @@
|
||||
* guarantee it works.
|
||||
*/
|
||||
|
||||
/* Implements ECC over Z/pZ for curve y^2 = x^3 - 3x + b
|
||||
*
|
||||
* All curves taken from NIST recommendation paper of July 1999
|
||||
* Available at http://csrc.nist.gov/cryptval/dss.htm
|
||||
*/
|
||||
#include "tomcrypt.h"
|
||||
|
||||
/**
|
||||
@ -29,7 +24,7 @@
|
||||
@param key The key to export
|
||||
@return CRYPT_OK if successful
|
||||
*/
|
||||
int ecc_export(unsigned char *out, unsigned long *outlen, int type, ecc_key *key)
|
||||
int ecc_export(unsigned char *out, unsigned long *outlen, int type, const ecc_key *key)
|
||||
{
|
||||
int err;
|
||||
unsigned char flags[1];
|
||||
@ -44,12 +39,8 @@ int ecc_export(unsigned char *out, unsigned long *outlen, int type, ecc_key *key
|
||||
return CRYPT_PK_TYPE_MISMATCH;
|
||||
}
|
||||
|
||||
if (ltc_ecc_is_valid_idx(key->idx) == 0) {
|
||||
return CRYPT_INVALID_ARG;
|
||||
}
|
||||
|
||||
/* we store the NIST byte size */
|
||||
key_size = key->dp->size;
|
||||
key_size = key->dp.size;
|
||||
|
||||
if (type == PK_PRIVATE) {
|
||||
flags[0] = 1;
|
||||
|
@ -7,11 +7,6 @@
|
||||
* guarantee it works.
|
||||
*/
|
||||
|
||||
/* Implements ECC over Z/pZ for curve y^2 = x^3 - 3x + b
|
||||
*
|
||||
* All curves taken from NIST recommendation paper of July 1999
|
||||
* Available at http://csrc.nist.gov/cryptval/dss.htm
|
||||
*/
|
||||
#include "tomcrypt.h"
|
||||
|
||||
/**
|
||||
@ -28,7 +23,12 @@
|
||||
void ecc_free(ecc_key *key)
|
||||
{
|
||||
LTC_ARGCHKVD(key != NULL);
|
||||
mp_clear_multi(key->pubkey.x, key->pubkey.y, key->pubkey.z, key->k, NULL);
|
||||
|
||||
mp_cleanup_multi(&key->dp.prime, &key->dp.order,
|
||||
&key->dp.A, &key->dp.B,
|
||||
&key->dp.base.x, &key->dp.base.y, &key->dp.base.z,
|
||||
&key->pubkey.x, &key->pubkey.y, &key->pubkey.z,
|
||||
&key->k, NULL);
|
||||
}
|
||||
|
||||
#endif
|
||||
|
254
src/pk/ecc/ecc_get_curve.c
Normal file
254
src/pk/ecc/ecc_get_curve.c
Normal file
@ -0,0 +1,254 @@
|
||||
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
|
||||
*
|
||||
* LibTomCrypt is a library that provides various cryptographic
|
||||
* algorithms in a highly modular and flexible manner.
|
||||
*
|
||||
* The library is free for all purposes without any express
|
||||
* guarantee it works.
|
||||
*/
|
||||
|
||||
#include "tomcrypt.h"
|
||||
|
||||
#ifdef LTC_MECC
|
||||
|
||||
static const struct {
|
||||
const char *OID;
|
||||
const char *names[6];
|
||||
} _curve_names[] = {
|
||||
#ifdef LTC_ECC_SECP112R1
|
||||
{
|
||||
"1.3.132.0.6", { "SECP112R1", "ECC-112", NULL }
|
||||
},
|
||||
#endif
|
||||
#ifdef LTC_ECC_SECP112R2
|
||||
{
|
||||
"1.3.132.0.7", { "SECP112R2", NULL }
|
||||
},
|
||||
#endif
|
||||
#ifdef LTC_ECC_SECP128R1
|
||||
{
|
||||
"1.3.132.0.28", { "SECP128R1", "ECC-128", NULL }
|
||||
},
|
||||
#endif
|
||||
#ifdef LTC_ECC_SECP128R2
|
||||
{
|
||||
"1.3.132.0.29", { "SECP128R2", NULL }
|
||||
},
|
||||
#endif
|
||||
#ifdef LTC_ECC_SECP160R1
|
||||
{
|
||||
"1.3.132.0.8", { "SECP160R1", "ECC-160", NULL }
|
||||
},
|
||||
#endif
|
||||
#ifdef LTC_ECC_SECP160R2
|
||||
{
|
||||
"1.3.132.0.30", { "SECP160R2", NULL }
|
||||
},
|
||||
#endif
|
||||
#ifdef LTC_ECC_SECP160K1
|
||||
{
|
||||
"1.3.132.0.9", { "SECP160K1", NULL }
|
||||
},
|
||||
#endif
|
||||
#ifdef LTC_ECC_SECP192R1
|
||||
{
|
||||
"1.2.840.10045.3.1.1", { "SECP192R1", "NISTP192", "PRIME192V1", "ECC-192", "P-192", NULL }
|
||||
},
|
||||
#endif
|
||||
#ifdef LTC_ECC_PRIME192V2
|
||||
{
|
||||
"1.2.840.10045.3.1.2", { "PRIME192V2", NULL }
|
||||
},
|
||||
#endif
|
||||
#ifdef LTC_ECC_PRIME192V3
|
||||
{
|
||||
"1.2.840.10045.3.1.3", { "PRIME192V3", NULL }
|
||||
},
|
||||
#endif
|
||||
#ifdef LTC_ECC_SECP192K1
|
||||
{
|
||||
"1.3.132.0.31", { "SECP192K1", NULL }
|
||||
},
|
||||
#endif
|
||||
#ifdef LTC_ECC_SECP224R1
|
||||
{
|
||||
"1.3.132.0.33", { "SECP224R1", "NISTP224", "ECC-224", "P-224", NULL }
|
||||
},
|
||||
#endif
|
||||
#ifdef LTC_ECC_SECP224K1
|
||||
{
|
||||
"1.3.132.0.32", { "SECP224K1", NULL }
|
||||
},
|
||||
#endif
|
||||
#ifdef LTC_ECC_SECP256R1
|
||||
{
|
||||
"1.2.840.10045.3.1.7", { "SECP256R1", "NISTP256", "PRIME256V1", "ECC-256", "P-256", NULL }
|
||||
},
|
||||
#endif
|
||||
#ifdef LTC_ECC_SECP256K1
|
||||
{
|
||||
"1.3.132.0.10", { "SECP256K1", NULL }
|
||||
},
|
||||
#endif
|
||||
#ifdef LTC_ECC_SECP384R1
|
||||
{
|
||||
"1.3.132.0.34", { "SECP384R1", "NISTP384", "ECC-384", "P-384", NULL }
|
||||
},
|
||||
#endif
|
||||
#ifdef LTC_ECC_SECP521R1
|
||||
{
|
||||
"1.3.132.0.35", { "SECP521R1", "NISTP521", "ECC-521", "P-521", NULL }
|
||||
},
|
||||
#endif
|
||||
#ifdef LTC_ECC_PRIME239V1
|
||||
{
|
||||
"1.2.840.10045.3.1.4", { "PRIME239V1", NULL }
|
||||
},
|
||||
#endif
|
||||
#ifdef LTC_ECC_PRIME239V2
|
||||
{
|
||||
"1.2.840.10045.3.1.5", { "PRIME239V2", NULL }
|
||||
},
|
||||
#endif
|
||||
#ifdef LTC_ECC_PRIME239V3
|
||||
{
|
||||
"1.2.840.10045.3.1.6", { "PRIME239V3", NULL }
|
||||
},
|
||||
#endif
|
||||
#ifdef LTC_ECC_BRAINPOOLP160R1
|
||||
{
|
||||
"1.3.36.3.3.2.8.1.1.1", { "BRAINPOOLP160R1", NULL }
|
||||
},
|
||||
#endif
|
||||
#ifdef LTC_ECC_BRAINPOOLP192R1
|
||||
{
|
||||
"1.3.36.3.3.2.8.1.1.3", { "BRAINPOOLP192R1", NULL }
|
||||
},
|
||||
#endif
|
||||
#ifdef LTC_ECC_BRAINPOOLP224R1
|
||||
{
|
||||
"1.3.36.3.3.2.8.1.1.5", { "BRAINPOOLP224R1", NULL }
|
||||
},
|
||||
#endif
|
||||
#ifdef LTC_ECC_BRAINPOOLP256R1
|
||||
{
|
||||
"1.3.36.3.3.2.8.1.1.7", { "BRAINPOOLP256R1", NULL }
|
||||
},
|
||||
#endif
|
||||
#ifdef LTC_ECC_BRAINPOOLP320R1
|
||||
{
|
||||
"1.3.36.3.3.2.8.1.1.9", { "BRAINPOOLP320R1", NULL }
|
||||
},
|
||||
#endif
|
||||
#ifdef LTC_ECC_BRAINPOOLP384R1
|
||||
{
|
||||
"1.3.36.3.3.2.8.1.1.11", { "BRAINPOOLP384R1", NULL }
|
||||
},
|
||||
#endif
|
||||
#ifdef LTC_ECC_BRAINPOOLP512R1
|
||||
{
|
||||
"1.3.36.3.3.2.8.1.1.13", { "BRAINPOOLP512R1", NULL }
|
||||
},
|
||||
#endif
|
||||
#ifdef LTC_ECC_BRAINPOOLP160T1
|
||||
{
|
||||
"1.3.36.3.3.2.8.1.1.2", { "BRAINPOOLP160T1", NULL }
|
||||
},
|
||||
#endif
|
||||
#ifdef LTC_ECC_BRAINPOOLP192T1
|
||||
{
|
||||
"1.3.36.3.3.2.8.1.1.4", { "BRAINPOOLP192T1", NULL }
|
||||
},
|
||||
#endif
|
||||
#ifdef LTC_ECC_BRAINPOOLP224T1
|
||||
{
|
||||
"1.3.36.3.3.2.8.1.1.6", { "BRAINPOOLP224T1", NULL }
|
||||
},
|
||||
#endif
|
||||
#ifdef LTC_ECC_BRAINPOOLP256T1
|
||||
{
|
||||
"1.3.36.3.3.2.8.1.1.8", { "BRAINPOOLP256T1", NULL }
|
||||
},
|
||||
#endif
|
||||
#ifdef LTC_ECC_BRAINPOOLP320T1
|
||||
{
|
||||
"1.3.36.3.3.2.8.1.1.10", { "BRAINPOOLP320T1", NULL }
|
||||
},
|
||||
#endif
|
||||
#ifdef LTC_ECC_BRAINPOOLP384T1
|
||||
{
|
||||
"1.3.36.3.3.2.8.1.1.12", { "BRAINPOOLP384T1", NULL }
|
||||
},
|
||||
#endif
|
||||
#ifdef LTC_ECC_BRAINPOOLP512T1
|
||||
{
|
||||
"1.3.36.3.3.2.8.1.1.14", { "BRAINPOOLP512T1", NULL }
|
||||
},
|
||||
#endif
|
||||
{
|
||||
NULL, { NULL }
|
||||
}
|
||||
};
|
||||
|
||||
/* case-insensitive match + ignore '-', '_', ' ' */
|
||||
static int _name_match(const char *left, const char *right)
|
||||
{
|
||||
char lc_r, lc_l;
|
||||
|
||||
while ((*left != '\0') && (*right != '\0')) {
|
||||
while ((*left == ' ') || (*left == '-') || (*left == '_')) left++;
|
||||
while ((*right == ' ') || (*right == '-') || (*right == '_')) right++;
|
||||
if (*left == '\0' || *right == '\0') break;
|
||||
lc_r = *right;
|
||||
lc_l = *left;
|
||||
if ((lc_r >= 'A') && (lc_r <= 'Z')) lc_r += 32;
|
||||
if ((lc_l >= 'A') && (lc_l <= 'Z')) lc_l += 32;
|
||||
if (lc_l != lc_r) return 0;
|
||||
left++;
|
||||
right++;
|
||||
}
|
||||
|
||||
if ((*left == '\0') && (*right == '\0'))
|
||||
return 1;
|
||||
else
|
||||
return 0;
|
||||
}
|
||||
|
||||
int ecc_get_curve(const char *name_or_oid, const ltc_ecc_curve **cu)
|
||||
{
|
||||
int i, j;
|
||||
const char *OID = NULL;
|
||||
|
||||
LTC_ARGCHK(cu != NULL);
|
||||
LTC_ARGCHK(name_or_oid != NULL);
|
||||
|
||||
*cu = NULL;
|
||||
|
||||
for (i = 0; _curve_names[i].OID != NULL && !OID; i++) {
|
||||
if (XSTRCMP(_curve_names[i].OID, name_or_oid) == 0) {
|
||||
OID = _curve_names[i].OID;
|
||||
}
|
||||
for (j = 0; _curve_names[i].names[j] != NULL && !OID; j++) {
|
||||
if (_name_match(_curve_names[i].names[j], name_or_oid)) {
|
||||
OID = _curve_names[i].OID;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if (OID != NULL) {
|
||||
for (i = 0; ltc_ecc_curves[i].prime != NULL; i++) {
|
||||
if (XSTRCMP(ltc_ecc_curves[i].OID, OID) == 0) {
|
||||
*cu = <c_ecc_curves[i];
|
||||
return CRYPT_OK;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return CRYPT_INVALID_ARG; /* not found */
|
||||
}
|
||||
|
||||
#endif
|
||||
|
||||
/* ref: $Format:%D$ */
|
||||
/* git commit: $Format:%H$ */
|
||||
/* commit time: $Format:%ai$ */
|
60
src/pk/ecc/ecc_get_key.c
Normal file
60
src/pk/ecc/ecc_get_key.c
Normal file
@ -0,0 +1,60 @@
|
||||
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
|
||||
*
|
||||
* LibTomCrypt is a library that provides various cryptographic
|
||||
* algorithms in a highly modular and flexible manner.
|
||||
*
|
||||
* The library is free for all purposes without any express
|
||||
* guarantee it works.
|
||||
*/
|
||||
|
||||
#include "tomcrypt.h"
|
||||
|
||||
#ifdef LTC_MECC
|
||||
|
||||
/** Export raw public or private key (public keys = ANS X9.63 compressed or uncompressed; private keys = raw bytes)
|
||||
@param out [out] destination of export
|
||||
@param outlen [in/out] Length of destination and final output size
|
||||
@param type PK_PRIVATE, PK_PUBLIC or PK_PUBLIC|PK_COMPRESSED
|
||||
@param key Key to export
|
||||
Return CRYPT_OK on success
|
||||
*/
|
||||
|
||||
int ecc_get_key(unsigned char *out, unsigned long *outlen, int type, const ecc_key *key)
|
||||
{
|
||||
unsigned long size, ksize;
|
||||
int err, compressed;
|
||||
|
||||
LTC_ARGCHK(key != NULL);
|
||||
LTC_ARGCHK(out != NULL);
|
||||
LTC_ARGCHK(outlen != NULL);
|
||||
|
||||
size = key->dp.size;
|
||||
compressed = type & PK_COMPRESSED ? 1 : 0;
|
||||
type &= ~PK_COMPRESSED;
|
||||
|
||||
if (type == PK_PUBLIC) {
|
||||
if ((err = ltc_ecc_export_point(out, outlen, key->pubkey.x, key->pubkey.y, size, compressed)) != CRYPT_OK) {
|
||||
return err;
|
||||
}
|
||||
}
|
||||
else if (type == PK_PRIVATE) {
|
||||
if (key->type != PK_PRIVATE) return CRYPT_PK_TYPE_MISMATCH;
|
||||
*outlen = size;
|
||||
if (size > *outlen) return CRYPT_BUFFER_OVERFLOW;
|
||||
if ((ksize = mp_unsigned_bin_size(key->k)) > size) return CRYPT_BUFFER_OVERFLOW;
|
||||
/* pad and store k */
|
||||
if ((err = mp_to_unsigned_bin(key->k, out + (size - ksize))) != CRYPT_OK) return err;
|
||||
zeromem(out, size - ksize);
|
||||
}
|
||||
else {
|
||||
return CRYPT_INVALID_ARG;
|
||||
}
|
||||
|
||||
return CRYPT_OK;
|
||||
}
|
||||
|
||||
#endif
|
||||
|
||||
/* ref: $Format:%D$ */
|
||||
/* git commit: $Format:%H$ */
|
||||
/* commit time: $Format:%ai$ */
|
32
src/pk/ecc/ecc_get_oid_str.c
Normal file
32
src/pk/ecc/ecc_get_oid_str.c
Normal file
@ -0,0 +1,32 @@
|
||||
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
|
||||
*
|
||||
* LibTomCrypt is a library that provides various cryptographic
|
||||
* algorithms in a highly modular and flexible manner.
|
||||
*
|
||||
* The library is free for all purposes without any express
|
||||
* guarantee it works.
|
||||
*/
|
||||
|
||||
#include "tomcrypt.h"
|
||||
|
||||
#ifdef LTC_MECC
|
||||
|
||||
/** Extract OID as a string from ECC key
|
||||
@param out [out] destination buffer
|
||||
@param outlen [in/out] Length of destination buffer and final output size (without terminating NUL byte)
|
||||
@param key The ECC key
|
||||
Return CRYPT_OK on success
|
||||
*/
|
||||
|
||||
int ecc_get_oid_str(char *out, unsigned long *outlen, const ecc_key *key)
|
||||
{
|
||||
LTC_ARGCHK(key != NULL);
|
||||
|
||||
return pk_oid_num_to_str(key->dp.oid, key->dp.oidlen, out, outlen);
|
||||
}
|
||||
|
||||
#endif
|
||||
|
||||
/* ref: $Format:%D$ */
|
||||
/* git commit: $Format:%H$ */
|
||||
/* commit time: $Format:%ai$ */
|
@ -7,11 +7,6 @@
|
||||
* guarantee it works.
|
||||
*/
|
||||
|
||||
/* Implements ECC over Z/pZ for curve y^2 = x^3 - 3x + b
|
||||
*
|
||||
* All curves taken from NIST recommendation paper of July 1999
|
||||
* Available at http://csrc.nist.gov/cryptval/dss.htm
|
||||
*/
|
||||
#include "tomcrypt.h"
|
||||
|
||||
/**
|
||||
@ -26,13 +21,12 @@
|
||||
@param key The key to get the size of
|
||||
@return The size (octets) of the key or INT_MAX on error
|
||||
*/
|
||||
int ecc_get_size(ecc_key *key)
|
||||
int ecc_get_size(const ecc_key *key)
|
||||
{
|
||||
LTC_ARGCHK(key != NULL);
|
||||
if (ltc_ecc_is_valid_idx(key->idx))
|
||||
return key->dp->size;
|
||||
else
|
||||
return INT_MAX; /* large value known to cause it to fail when passed to ecc_make_key() */
|
||||
if (key == NULL) {
|
||||
return INT_MAX;
|
||||
}
|
||||
return key->dp.size;
|
||||
}
|
||||
|
||||
#endif
|
||||
|
@ -7,11 +7,6 @@
|
||||
* guarantee it works.
|
||||
*/
|
||||
|
||||
/* Implements ECC over Z/pZ for curve y^2 = x^3 - 3x + b
|
||||
*
|
||||
* All curves taken from NIST recommendation paper of July 1999
|
||||
* Available at http://csrc.nist.gov/cryptval/dss.htm
|
||||
*/
|
||||
#include "tomcrypt.h"
|
||||
|
||||
/**
|
||||
@ -21,54 +16,6 @@
|
||||
|
||||
#ifdef LTC_MECC
|
||||
|
||||
static int _is_point(ecc_key *key)
|
||||
{
|
||||
void *prime, *b, *t1, *t2;
|
||||
int err;
|
||||
|
||||
if ((err = mp_init_multi(&prime, &b, &t1, &t2, NULL)) != CRYPT_OK) {
|
||||
return err;
|
||||
}
|
||||
|
||||
/* load prime and b */
|
||||
if ((err = mp_read_radix(prime, key->dp->prime, 16)) != CRYPT_OK) { goto error; }
|
||||
if ((err = mp_read_radix(b, key->dp->B, 16)) != CRYPT_OK) { goto error; }
|
||||
|
||||
/* compute y^2 */
|
||||
if ((err = mp_sqr(key->pubkey.y, t1)) != CRYPT_OK) { goto error; }
|
||||
|
||||
/* compute x^3 */
|
||||
if ((err = mp_sqr(key->pubkey.x, t2)) != CRYPT_OK) { goto error; }
|
||||
if ((err = mp_mod(t2, prime, t2)) != CRYPT_OK) { goto error; }
|
||||
if ((err = mp_mul(key->pubkey.x, t2, t2)) != CRYPT_OK) { goto error; }
|
||||
|
||||
/* compute y^2 - x^3 */
|
||||
if ((err = mp_sub(t1, t2, t1)) != CRYPT_OK) { goto error; }
|
||||
|
||||
/* compute y^2 - x^3 + 3x */
|
||||
if ((err = mp_add(t1, key->pubkey.x, t1)) != CRYPT_OK) { goto error; }
|
||||
if ((err = mp_add(t1, key->pubkey.x, t1)) != CRYPT_OK) { goto error; }
|
||||
if ((err = mp_add(t1, key->pubkey.x, t1)) != CRYPT_OK) { goto error; }
|
||||
if ((err = mp_mod(t1, prime, t1)) != CRYPT_OK) { goto error; }
|
||||
while (mp_cmp_d(t1, 0) == LTC_MP_LT) {
|
||||
if ((err = mp_add(t1, prime, t1)) != CRYPT_OK) { goto error; }
|
||||
}
|
||||
while (mp_cmp(t1, prime) != LTC_MP_LT) {
|
||||
if ((err = mp_sub(t1, prime, t1)) != CRYPT_OK) { goto error; }
|
||||
}
|
||||
|
||||
/* compare to b */
|
||||
if (mp_cmp(t1, b) != LTC_MP_EQ) {
|
||||
err = CRYPT_INVALID_PACKET;
|
||||
} else {
|
||||
err = CRYPT_OK;
|
||||
}
|
||||
|
||||
error:
|
||||
mp_clear_multi(prime, b, t1, t2, NULL);
|
||||
return err;
|
||||
}
|
||||
|
||||
/**
|
||||
Import an ECC key from a binary packet
|
||||
@param in The packet to import
|
||||
@ -86,10 +33,10 @@ int ecc_import(const unsigned char *in, unsigned long inlen, ecc_key *key)
|
||||
@param in The packet to import
|
||||
@param inlen The length of the packet
|
||||
@param key [out] The destination of the import
|
||||
@param dp pointer to user supplied params; must be the same as the params used when exporting
|
||||
@param cu pointer to user supplied params; must be the same as the params used when exporting
|
||||
@return CRYPT_OK if successful, upon error all allocated memory will be freed
|
||||
*/
|
||||
int ecc_import_ex(const unsigned char *in, unsigned long inlen, ecc_key *key, const ltc_ecc_set_type *dp)
|
||||
int ecc_import_ex(const unsigned char *in, unsigned long inlen, ecc_key *key, const ltc_ecc_curve *cu)
|
||||
{
|
||||
unsigned long key_size;
|
||||
unsigned char flags[1];
|
||||
@ -99,18 +46,20 @@ int ecc_import_ex(const unsigned char *in, unsigned long inlen, ecc_key *key, co
|
||||
LTC_ARGCHK(key != NULL);
|
||||
LTC_ARGCHK(ltc_mp.name != NULL);
|
||||
|
||||
/* init key */
|
||||
if (mp_init_multi(&key->pubkey.x, &key->pubkey.y, &key->pubkey.z, &key->k, NULL) != CRYPT_OK) {
|
||||
return CRYPT_MEM;
|
||||
}
|
||||
|
||||
/* find out what type of key it is */
|
||||
err = der_decode_sequence_multi(in, inlen, LTC_ASN1_BIT_STRING, 1UL, flags,
|
||||
LTC_ASN1_SHORT_INTEGER, 1UL, &key_size,
|
||||
LTC_ASN1_EOL, 0UL, NULL);
|
||||
if (err != CRYPT_OK && err != CRYPT_INPUT_TOO_LONG) {
|
||||
goto done;
|
||||
return err;
|
||||
}
|
||||
|
||||
/* allocate & initialize the key */
|
||||
if (cu == NULL) {
|
||||
if ((err = ecc_set_dp_by_size(key_size, key)) != CRYPT_OK) { goto done; }
|
||||
} else {
|
||||
if ((err = ecc_set_dp(cu, key)) != CRYPT_OK) { goto done; }
|
||||
}
|
||||
|
||||
if (flags[0] == 1) {
|
||||
/* private key */
|
||||
@ -141,30 +90,17 @@ int ecc_import_ex(const unsigned char *in, unsigned long inlen, ecc_key *key, co
|
||||
goto done;
|
||||
}
|
||||
|
||||
if (dp == NULL) {
|
||||
/* find the idx */
|
||||
for (key->idx = 0; ltc_ecc_sets[key->idx].size && (unsigned long)ltc_ecc_sets[key->idx].size != key_size; ++key->idx);
|
||||
if (ltc_ecc_sets[key->idx].size == 0) {
|
||||
err = CRYPT_INVALID_PACKET;
|
||||
goto done;
|
||||
}
|
||||
key->dp = <c_ecc_sets[key->idx];
|
||||
} else {
|
||||
key->idx = -1;
|
||||
key->dp = dp;
|
||||
}
|
||||
/* set z */
|
||||
if ((err = mp_set(key->pubkey.z, 1)) != CRYPT_OK) { goto done; }
|
||||
|
||||
/* is it a point on the curve? */
|
||||
if ((err = _is_point(key)) != CRYPT_OK) {
|
||||
goto done;
|
||||
}
|
||||
/* point on the curve + other checks */
|
||||
if ((err = ltc_ecc_verify_key(key)) != CRYPT_OK) { goto done; }
|
||||
|
||||
/* we're good */
|
||||
return CRYPT_OK;
|
||||
|
||||
done:
|
||||
mp_clear_multi(key->pubkey.x, key->pubkey.y, key->pubkey.z, key->k, NULL);
|
||||
ecc_free(key);
|
||||
return err;
|
||||
}
|
||||
#endif
|
||||
|
@ -7,11 +7,6 @@
|
||||
* guarantee it works.
|
||||
*/
|
||||
|
||||
/* Implements ECC over Z/pZ for curve y^2 = x^3 - 3x + b
|
||||
*
|
||||
* All curves taken from NIST recommendation paper of July 1999
|
||||
* Available at http://csrc.nist.gov/cryptval/dss.htm
|
||||
*/
|
||||
#include "tomcrypt.h"
|
||||
|
||||
/**
|
||||
@ -31,93 +26,53 @@
|
||||
*/
|
||||
int ecc_make_key(prng_state *prng, int wprng, int keysize, ecc_key *key)
|
||||
{
|
||||
int x, err;
|
||||
int err;
|
||||
|
||||
/* find key size */
|
||||
for (x = 0; (keysize > ltc_ecc_sets[x].size) && (ltc_ecc_sets[x].size != 0); x++);
|
||||
keysize = ltc_ecc_sets[x].size;
|
||||
|
||||
if (keysize > ECC_MAXSIZE || ltc_ecc_sets[x].size == 0) {
|
||||
return CRYPT_INVALID_KEYSIZE;
|
||||
}
|
||||
err = ecc_make_key_ex(prng, wprng, key, <c_ecc_sets[x]);
|
||||
key->idx = x;
|
||||
return err;
|
||||
if ((err = ecc_set_dp_by_size(keysize, key)) != CRYPT_OK) { return err; }
|
||||
if ((err = ecc_generate_key(prng, wprng, key)) != CRYPT_OK) { return err; }
|
||||
return CRYPT_OK;
|
||||
}
|
||||
|
||||
int ecc_make_key_ex(prng_state *prng, int wprng, ecc_key *key, const ltc_ecc_set_type *dp)
|
||||
int ecc_make_key_ex(prng_state *prng, int wprng, ecc_key *key, const ltc_ecc_curve *cu)
|
||||
{
|
||||
int err;
|
||||
if ((err = ecc_set_dp(cu, key)) != CRYPT_OK) { return err; }
|
||||
if ((err = ecc_generate_key(prng, wprng, key)) != CRYPT_OK) { return err; }
|
||||
return CRYPT_OK;
|
||||
}
|
||||
|
||||
int ecc_generate_key(prng_state *prng, int wprng, ecc_key *key)
|
||||
{
|
||||
int err;
|
||||
ecc_point *base;
|
||||
void *prime, *order;
|
||||
unsigned char *buf;
|
||||
int keysize;
|
||||
|
||||
LTC_ARGCHK(key != NULL);
|
||||
LTC_ARGCHK(ltc_mp.name != NULL);
|
||||
LTC_ARGCHK(dp != NULL);
|
||||
LTC_ARGCHK(key != NULL);
|
||||
LTC_ARGCHK(key->dp.size > 0);
|
||||
|
||||
/* good prng? */
|
||||
if ((err = prng_is_valid(wprng)) != CRYPT_OK) {
|
||||
return err;
|
||||
/* ECC key pair generation according to FIPS-186-4 (B.4.2 Key Pair Generation by Testing Candidates):
|
||||
* the generated private key k should be the range [1, order-1]
|
||||
* a/ N = bitlen(order)
|
||||
* b/ generate N random bits and convert them into big integer k
|
||||
* c/ if k not in [1, order-1] go to b/
|
||||
* e/ Q = k*G
|
||||
*/
|
||||
if ((err = rand_bn_upto(key->k, key->dp.order, prng, wprng)) != CRYPT_OK) {
|
||||
goto error;
|
||||
}
|
||||
|
||||
key->idx = -1;
|
||||
key->dp = dp;
|
||||
keysize = dp->size;
|
||||
|
||||
/* allocate ram */
|
||||
base = NULL;
|
||||
buf = XMALLOC(ECC_MAXSIZE);
|
||||
if (buf == NULL) {
|
||||
return CRYPT_MEM;
|
||||
}
|
||||
|
||||
/* make up random string */
|
||||
if (prng_descriptor[wprng].read(buf, (unsigned long)keysize, prng) != (unsigned long)keysize) {
|
||||
err = CRYPT_ERROR_READPRNG;
|
||||
goto ERR_BUF;
|
||||
}
|
||||
|
||||
/* setup the key variables */
|
||||
if ((err = mp_init_multi(&key->pubkey.x, &key->pubkey.y, &key->pubkey.z, &key->k, &prime, &order, NULL)) != CRYPT_OK) {
|
||||
goto ERR_BUF;
|
||||
}
|
||||
base = ltc_ecc_new_point();
|
||||
if (base == NULL) {
|
||||
err = CRYPT_MEM;
|
||||
goto errkey;
|
||||
}
|
||||
|
||||
/* read in the specs for this key */
|
||||
if ((err = mp_read_radix(prime, (char *)key->dp->prime, 16)) != CRYPT_OK) { goto errkey; }
|
||||
if ((err = mp_read_radix(order, (char *)key->dp->order, 16)) != CRYPT_OK) { goto errkey; }
|
||||
if ((err = mp_read_radix(base->x, (char *)key->dp->Gx, 16)) != CRYPT_OK) { goto errkey; }
|
||||
if ((err = mp_read_radix(base->y, (char *)key->dp->Gy, 16)) != CRYPT_OK) { goto errkey; }
|
||||
if ((err = mp_set(base->z, 1)) != CRYPT_OK) { goto errkey; }
|
||||
if ((err = mp_read_unsigned_bin(key->k, (unsigned char *)buf, keysize)) != CRYPT_OK) { goto errkey; }
|
||||
|
||||
/* the key should be smaller than the order of base point */
|
||||
if (mp_cmp(key->k, order) != LTC_MP_LT) {
|
||||
if((err = mp_mod(key->k, order, key->k)) != CRYPT_OK) { goto errkey; }
|
||||
}
|
||||
/* make the public key */
|
||||
if ((err = ltc_mp.ecc_ptmul(key->k, base, &key->pubkey, prime, 1)) != CRYPT_OK) { goto errkey; }
|
||||
if ((err = ltc_mp.ecc_ptmul(key->k, &key->dp.base, &key->pubkey, key->dp.A, key->dp.prime, 1)) != CRYPT_OK) {
|
||||
goto error;
|
||||
}
|
||||
key->type = PK_PRIVATE;
|
||||
|
||||
/* free up ram */
|
||||
/* success */
|
||||
err = CRYPT_OK;
|
||||
goto cleanup;
|
||||
errkey:
|
||||
mp_clear_multi(key->pubkey.x, key->pubkey.y, key->pubkey.z, key->k, NULL);
|
||||
|
||||
error:
|
||||
ecc_free(key);
|
||||
cleanup:
|
||||
ltc_ecc_del_point(base);
|
||||
mp_clear_multi(prime, order, NULL);
|
||||
ERR_BUF:
|
||||
#ifdef LTC_CLEAN_STACK
|
||||
zeromem(buf, ECC_MAXSIZE);
|
||||
#endif
|
||||
XFREE(buf);
|
||||
return err;
|
||||
}
|
||||
|
||||
|
90
src/pk/ecc/ecc_set_dp.c
Normal file
90
src/pk/ecc/ecc_set_dp.c
Normal file
@ -0,0 +1,90 @@
|
||||
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
|
||||
*
|
||||
* LibTomCrypt is a library that provides various cryptographic
|
||||
* algorithms in a highly modular and flexible manner.
|
||||
*
|
||||
* The library is free for all purposes without any express
|
||||
* guarantee it works.
|
||||
*/
|
||||
|
||||
#include "tomcrypt.h"
|
||||
|
||||
#ifdef LTC_MECC
|
||||
|
||||
int ecc_set_dp(const ltc_ecc_curve *curve, ecc_key *key)
|
||||
{
|
||||
int err;
|
||||
|
||||
LTC_ARGCHK(key != NULL);
|
||||
LTC_ARGCHK(curve != NULL);
|
||||
|
||||
if ((err = mp_init_multi(&key->dp.prime, &key->dp.order, &key->dp.A, &key->dp.B,
|
||||
&key->dp.base.x, &key->dp.base.y, &key->dp.base.z,
|
||||
&key->pubkey.x, &key->pubkey.y, &key->pubkey.z, &key->k,
|
||||
NULL)) != CRYPT_OK) {
|
||||
return err;
|
||||
}
|
||||
|
||||
/* A, B, order, prime, Gx, Gy */
|
||||
if ((err = mp_read_radix(key->dp.prime, curve->prime, 16)) != CRYPT_OK) { goto error; }
|
||||
if ((err = mp_read_radix(key->dp.order, curve->order, 16)) != CRYPT_OK) { goto error; }
|
||||
if ((err = mp_read_radix(key->dp.A, curve->A, 16)) != CRYPT_OK) { goto error; }
|
||||
if ((err = mp_read_radix(key->dp.B, curve->B, 16)) != CRYPT_OK) { goto error; }
|
||||
if ((err = mp_read_radix(key->dp.base.x, curve->Gx, 16)) != CRYPT_OK) { goto error; }
|
||||
if ((err = mp_read_radix(key->dp.base.y, curve->Gy, 16)) != CRYPT_OK) { goto error; }
|
||||
if ((err = mp_set(key->dp.base.z, 1)) != CRYPT_OK) { goto error; }
|
||||
/* cofactor & size */
|
||||
key->dp.cofactor = curve->cofactor;
|
||||
key->dp.size = mp_unsigned_bin_size(key->dp.prime);
|
||||
/* OID string >> unsigned long oid[16] + oidlen */
|
||||
key->dp.oidlen = 16;
|
||||
if ((err = pk_oid_str_to_num(curve->OID, key->dp.oid, &key->dp.oidlen)) != CRYPT_OK) { goto error; }
|
||||
/* success */
|
||||
return CRYPT_OK;
|
||||
|
||||
error:
|
||||
ecc_free(key);
|
||||
return err;
|
||||
}
|
||||
|
||||
int ecc_set_dp_by_size(int size, ecc_key *key)
|
||||
{
|
||||
const ltc_ecc_curve *cu = NULL;
|
||||
int err = CRYPT_ERROR;
|
||||
|
||||
/* for compatibility with libtomcrypt-1.17 the sizes below must match the specific curves */
|
||||
if (size <= 14) {
|
||||
err = ecc_get_curve("SECP112R1", &cu);
|
||||
}
|
||||
else if (size <= 16) {
|
||||
err = ecc_get_curve("SECP128R1", &cu);
|
||||
}
|
||||
else if (size <= 20) {
|
||||
err = ecc_get_curve("SECP160R1", &cu);
|
||||
}
|
||||
else if (size <= 24) {
|
||||
err = ecc_get_curve("SECP192R1", &cu);
|
||||
}
|
||||
else if (size <= 28) {
|
||||
err = ecc_get_curve("SECP224R1", &cu);
|
||||
}
|
||||
else if (size <= 32) {
|
||||
err = ecc_get_curve("SECP256R1", &cu);
|
||||
}
|
||||
else if (size <= 48) {
|
||||
err = ecc_get_curve("SECP384R1", &cu);
|
||||
}
|
||||
else if (size <= 66) {
|
||||
err = ecc_get_curve("SECP521R1", &cu);
|
||||
}
|
||||
|
||||
if (err == CRYPT_OK && cu != NULL) return ecc_set_dp(cu, key);
|
||||
|
||||
return CRYPT_INVALID_ARG;
|
||||
}
|
||||
|
||||
#endif
|
||||
|
||||
/* ref: $Format:%D$ */
|
||||
/* git commit: $Format:%H$ */
|
||||
/* commit time: $Format:%ai$ */
|
129
src/pk/ecc/ecc_set_dp_internal.c
Normal file
129
src/pk/ecc/ecc_set_dp_internal.c
Normal file
@ -0,0 +1,129 @@
|
||||
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
|
||||
*
|
||||
* LibTomCrypt is a library that provides various cryptographic
|
||||
* algorithms in a highly modular and flexible manner.
|
||||
*
|
||||
* The library is free for all purposes without any express
|
||||
* guarantee it works.
|
||||
*/
|
||||
|
||||
#include "tomcrypt.h"
|
||||
|
||||
#ifdef LTC_MECC
|
||||
|
||||
static int _ecc_cmp_hex_bn(const char *left_hex, void *right_bn, void *tmp_bn)
|
||||
{
|
||||
if (mp_read_radix(tmp_bn, left_hex, 16) != CRYPT_OK) return 0;
|
||||
if (mp_cmp(tmp_bn, right_bn) != LTC_MP_EQ) return 0;
|
||||
return 1;
|
||||
}
|
||||
|
||||
static void _ecc_oid_lookup(ecc_key *key)
|
||||
{
|
||||
void *bn;
|
||||
const ltc_ecc_curve *curve;
|
||||
|
||||
key->dp.oidlen = 0;
|
||||
if (mp_init(&bn) != CRYPT_OK) return;
|
||||
for (curve = ltc_ecc_curves; curve->prime != NULL; curve++) {
|
||||
if (_ecc_cmp_hex_bn(curve->prime, key->dp.prime, bn) != 1) continue;
|
||||
if (_ecc_cmp_hex_bn(curve->order, key->dp.order, bn) != 1) continue;
|
||||
if (_ecc_cmp_hex_bn(curve->A, key->dp.A, bn) != 1) continue;
|
||||
if (_ecc_cmp_hex_bn(curve->B, key->dp.B, bn) != 1) continue;
|
||||
if (_ecc_cmp_hex_bn(curve->Gx, key->dp.base.x, bn) != 1) continue;
|
||||
if (_ecc_cmp_hex_bn(curve->Gy, key->dp.base.y, bn) != 1) continue;
|
||||
if (key->dp.cofactor != curve->cofactor) continue;
|
||||
break; /* found */
|
||||
}
|
||||
mp_clear(bn);
|
||||
if (curve->prime && curve->OID) {
|
||||
key->dp.oidlen = 16; /* size of key->dp.oid */
|
||||
pk_oid_str_to_num(curve->OID, key->dp.oid, &key->dp.oidlen);
|
||||
}
|
||||
}
|
||||
|
||||
int ecc_copy_dp(const ecc_key *srckey, ecc_key *key)
|
||||
{
|
||||
unsigned long i;
|
||||
int err;
|
||||
|
||||
LTC_ARGCHK(key != NULL);
|
||||
LTC_ARGCHK(srckey != NULL);
|
||||
|
||||
if ((err = mp_init_multi(&key->dp.prime, &key->dp.order, &key->dp.A, &key->dp.B,
|
||||
&key->dp.base.x, &key->dp.base.y, &key->dp.base.z,
|
||||
&key->pubkey.x, &key->pubkey.y, &key->pubkey.z, &key->k,
|
||||
NULL)) != CRYPT_OK) {
|
||||
return err;
|
||||
}
|
||||
|
||||
/* A, B, order, prime, Gx, Gy */
|
||||
if ((err = mp_copy(srckey->dp.prime, key->dp.prime )) != CRYPT_OK) { goto error; }
|
||||
if ((err = mp_copy(srckey->dp.order, key->dp.order )) != CRYPT_OK) { goto error; }
|
||||
if ((err = mp_copy(srckey->dp.A, key->dp.A )) != CRYPT_OK) { goto error; }
|
||||
if ((err = mp_copy(srckey->dp.B, key->dp.B )) != CRYPT_OK) { goto error; }
|
||||
if ((err = ltc_ecc_copy_point(&srckey->dp.base, &key->dp.base)) != CRYPT_OK) { goto error; }
|
||||
/* cofactor & size */
|
||||
key->dp.cofactor = srckey->dp.cofactor;
|
||||
key->dp.size = srckey->dp.size;
|
||||
/* OID */
|
||||
if (srckey->dp.oidlen > 0) {
|
||||
key->dp.oidlen = srckey->dp.oidlen;
|
||||
for (i = 0; i < key->dp.oidlen; i++) key->dp.oid[i] = srckey->dp.oid[i];
|
||||
}
|
||||
else {
|
||||
_ecc_oid_lookup(key); /* try to find OID in ltc_ecc_curves */
|
||||
}
|
||||
/* success */
|
||||
return CRYPT_OK;
|
||||
|
||||
error:
|
||||
ecc_free(key);
|
||||
return err;
|
||||
}
|
||||
|
||||
int ecc_set_dp_from_mpis(void *a, void *b, void *prime, void *order, void *gx, void *gy, unsigned long cofactor, ecc_key *key)
|
||||
{
|
||||
int err;
|
||||
|
||||
LTC_ARGCHK(key != NULL);
|
||||
LTC_ARGCHK(a != NULL);
|
||||
LTC_ARGCHK(b != NULL);
|
||||
LTC_ARGCHK(prime != NULL);
|
||||
LTC_ARGCHK(order != NULL);
|
||||
LTC_ARGCHK(gx != NULL);
|
||||
LTC_ARGCHK(gy != NULL);
|
||||
|
||||
if ((err = mp_init_multi(&key->dp.prime, &key->dp.order, &key->dp.A, &key->dp.B,
|
||||
&key->dp.base.x, &key->dp.base.y, &key->dp.base.z,
|
||||
&key->pubkey.x, &key->pubkey.y, &key->pubkey.z, &key->k,
|
||||
NULL)) != CRYPT_OK) {
|
||||
return err;
|
||||
}
|
||||
|
||||
/* A, B, order, prime, Gx, Gy */
|
||||
if ((err = mp_copy(prime, key->dp.prime )) != CRYPT_OK) { goto error; }
|
||||
if ((err = mp_copy(order, key->dp.order )) != CRYPT_OK) { goto error; }
|
||||
if ((err = mp_copy(a, key->dp.A )) != CRYPT_OK) { goto error; }
|
||||
if ((err = mp_copy(b, key->dp.B )) != CRYPT_OK) { goto error; }
|
||||
if ((err = mp_copy(gx, key->dp.base.x)) != CRYPT_OK) { goto error; }
|
||||
if ((err = mp_copy(gy, key->dp.base.y)) != CRYPT_OK) { goto error; }
|
||||
if ((err = mp_set(key->dp.base.z, 1)) != CRYPT_OK) { goto error; }
|
||||
/* cofactor & size */
|
||||
key->dp.cofactor = cofactor;
|
||||
key->dp.size = mp_unsigned_bin_size(prime);
|
||||
/* try to find OID in ltc_ecc_curves */
|
||||
_ecc_oid_lookup(key);
|
||||
/* success */
|
||||
return CRYPT_OK;
|
||||
|
||||
error:
|
||||
ecc_free(key);
|
||||
return err;
|
||||
}
|
||||
|
||||
#endif
|
||||
|
||||
/* ref: $Format:%D$ */
|
||||
/* git commit: $Format:%H$ */
|
||||
/* commit time: $Format:%ai$ */
|
67
src/pk/ecc/ecc_set_key.c
Normal file
67
src/pk/ecc/ecc_set_key.c
Normal file
@ -0,0 +1,67 @@
|
||||
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
|
||||
*
|
||||
* LibTomCrypt is a library that provides various cryptographic
|
||||
* algorithms in a highly modular and flexible manner.
|
||||
*
|
||||
* The library is free for all purposes without any express
|
||||
* guarantee it works.
|
||||
*/
|
||||
|
||||
#include "tomcrypt.h"
|
||||
|
||||
#ifdef LTC_MECC
|
||||
|
||||
int ecc_set_key(const unsigned char *in, unsigned long inlen, int type, ecc_key *key)
|
||||
{
|
||||
int err;
|
||||
void *prime, *a, *b;
|
||||
|
||||
LTC_ARGCHK(key != NULL);
|
||||
LTC_ARGCHK(in != NULL);
|
||||
LTC_ARGCHK(inlen > 0);
|
||||
|
||||
prime = key->dp.prime;
|
||||
a = key->dp.A;
|
||||
b = key->dp.B;
|
||||
|
||||
if (type == PK_PRIVATE && inlen <= (unsigned long)key->dp.size) {
|
||||
/* load private key */
|
||||
if ((err = mp_read_unsigned_bin(key->k, (unsigned char *)in, inlen)) != CRYPT_OK) {
|
||||
goto error;
|
||||
}
|
||||
if (mp_iszero(key->k)) {
|
||||
err = CRYPT_INVALID_PACKET;
|
||||
goto error;
|
||||
}
|
||||
/* compute public key */
|
||||
if ((err = ltc_mp.ecc_ptmul(key->k, &key->dp.base, &key->pubkey, a, prime, 1)) != CRYPT_OK) { goto error; }
|
||||
key->type = type;
|
||||
}
|
||||
else if (type == PK_PUBLIC) {
|
||||
/* load public key */
|
||||
if ((err = ltc_ecc_import_point(in, inlen, prime, a, b, key->pubkey.x, key->pubkey.y)) != CRYPT_OK) { goto error; }
|
||||
if ((err = mp_set(key->pubkey.z, 1)) != CRYPT_OK) { goto error; }
|
||||
key->type = type;
|
||||
}
|
||||
else {
|
||||
err = CRYPT_INVALID_PACKET;
|
||||
goto error;
|
||||
}
|
||||
|
||||
/* point on the curve + other checks */
|
||||
if ((err = ltc_ecc_verify_key(key)) != CRYPT_OK) {
|
||||
goto error;
|
||||
}
|
||||
|
||||
return CRYPT_OK;
|
||||
|
||||
error:
|
||||
ecc_free(key);
|
||||
return err;
|
||||
}
|
||||
|
||||
#endif
|
||||
|
||||
/* ref: $Format:%D$ */
|
||||
/* git commit: $Format:%H$ */
|
||||
/* commit time: $Format:%ai$ */
|
@ -7,11 +7,6 @@
|
||||
* guarantee it works.
|
||||
*/
|
||||
|
||||
/* Implements ECC over Z/pZ for curve y^2 = x^3 - 3x + b
|
||||
*
|
||||
* All curves taken from NIST recommendation paper of July 1999
|
||||
* Available at http://csrc.nist.gov/cryptval/dss.htm
|
||||
*/
|
||||
#include "tomcrypt.h"
|
||||
|
||||
/**
|
||||
@ -29,12 +24,12 @@
|
||||
@param outlen [in/out] The max size and resulting size of the shared secret
|
||||
@return CRYPT_OK if successful
|
||||
*/
|
||||
int ecc_shared_secret(ecc_key *private_key, ecc_key *public_key,
|
||||
int ecc_shared_secret(const ecc_key *private_key, const ecc_key *public_key,
|
||||
unsigned char *out, unsigned long *outlen)
|
||||
{
|
||||
unsigned long x;
|
||||
ecc_point *result;
|
||||
void *prime;
|
||||
void *prime, *a;
|
||||
int err;
|
||||
|
||||
LTC_ARGCHK(private_key != NULL);
|
||||
@ -47,27 +42,16 @@ int ecc_shared_secret(ecc_key *private_key, ecc_key *public_key,
|
||||
return CRYPT_PK_NOT_PRIVATE;
|
||||
}
|
||||
|
||||
if (ltc_ecc_is_valid_idx(private_key->idx) == 0 || ltc_ecc_is_valid_idx(public_key->idx) == 0) {
|
||||
return CRYPT_INVALID_ARG;
|
||||
}
|
||||
|
||||
if (XSTRCMP(private_key->dp->name, public_key->dp->name) != 0) {
|
||||
return CRYPT_PK_TYPE_MISMATCH;
|
||||
}
|
||||
|
||||
/* make new point */
|
||||
result = ltc_ecc_new_point();
|
||||
if (result == NULL) {
|
||||
return CRYPT_MEM;
|
||||
}
|
||||
|
||||
if ((err = mp_init(&prime)) != CRYPT_OK) {
|
||||
ltc_ecc_del_point(result);
|
||||
return err;
|
||||
}
|
||||
prime = private_key->dp.prime;
|
||||
a = private_key->dp.A;
|
||||
|
||||
if ((err = mp_read_radix(prime, (char *)private_key->dp->prime, 16)) != CRYPT_OK) { goto done; }
|
||||
if ((err = ltc_mp.ecc_ptmul(private_key->k, &public_key->pubkey, result, prime, 1)) != CRYPT_OK) { goto done; }
|
||||
if ((err = ltc_mp.ecc_ptmul(private_key->k, &public_key->pubkey, result, a, prime, 1)) != CRYPT_OK) { goto done; }
|
||||
|
||||
x = (unsigned long)mp_unsigned_bin_size(prime);
|
||||
if (*outlen < x) {
|
||||
@ -81,7 +65,6 @@ int ecc_shared_secret(ecc_key *private_key, ecc_key *public_key,
|
||||
err = CRYPT_OK;
|
||||
*outlen = x;
|
||||
done:
|
||||
mp_clear(prime);
|
||||
ltc_ecc_del_point(result);
|
||||
return err;
|
||||
}
|
||||
|
@ -18,7 +18,7 @@
|
||||
|
||||
static int _ecc_sign_hash(const unsigned char *in, unsigned long inlen,
|
||||
unsigned char *out, unsigned long *outlen,
|
||||
prng_state *prng, int wprng, ecc_key *key, int sigformat)
|
||||
prng_state *prng, int wprng, const ecc_key *key, int sigformat)
|
||||
{
|
||||
ecc_key pubkey;
|
||||
void *r, *s, *e, *p;
|
||||
@ -36,22 +36,13 @@ static int _ecc_sign_hash(const unsigned char *in, unsigned long inlen,
|
||||
return CRYPT_PK_NOT_PRIVATE;
|
||||
}
|
||||
|
||||
/* is the IDX valid ? */
|
||||
if (ltc_ecc_is_valid_idx(key->idx) != 1) {
|
||||
return CRYPT_PK_INVALID_TYPE;
|
||||
}
|
||||
|
||||
if ((err = prng_is_valid(wprng)) != CRYPT_OK) {
|
||||
return err;
|
||||
}
|
||||
|
||||
/* init the bignums */
|
||||
if ((err = mp_init_multi(&r, &s, &p, &e, NULL)) != CRYPT_OK) {
|
||||
if ((err = mp_init_multi(&r, &s, &e, NULL)) != CRYPT_OK) {
|
||||
return err;
|
||||
}
|
||||
if ((err = mp_read_radix(p, (char *)key->dp->order, 16)) != CRYPT_OK) { goto errnokey; }
|
||||
|
||||
/* get the hash and load it as a bignum into 'e' */
|
||||
p = key->dp.order;
|
||||
pbits = mp_count_bits(p);
|
||||
pbytes = (pbits+7) >> 3;
|
||||
if (pbits > inlen*8) {
|
||||
@ -72,9 +63,8 @@ static int _ecc_sign_hash(const unsigned char *in, unsigned long inlen,
|
||||
|
||||
/* make up a key and export the public copy */
|
||||
do {
|
||||
if ((err = ecc_make_key_ex(prng, wprng, &pubkey, key->dp)) != CRYPT_OK) {
|
||||
goto errnokey;
|
||||
}
|
||||
if ((err = ecc_copy_dp(key, &pubkey)) != CRYPT_OK) { goto errnokey; }
|
||||
if ((err = ecc_generate_key(prng, wprng, &pubkey)) != CRYPT_OK) { goto errnokey; }
|
||||
|
||||
/* find r = x1 mod n */
|
||||
if ((err = mp_mod(pubkey.pubkey.x, p, r)) != CRYPT_OK) { goto error; }
|
||||
@ -121,7 +111,7 @@ static int _ecc_sign_hash(const unsigned char *in, unsigned long inlen,
|
||||
error:
|
||||
ecc_free(&pubkey);
|
||||
errnokey:
|
||||
mp_clear_multi(r, s, p, e, NULL);
|
||||
mp_clear_multi(r, s, e, NULL);
|
||||
return err;
|
||||
}
|
||||
|
||||
@ -138,7 +128,7 @@ errnokey:
|
||||
*/
|
||||
int ecc_sign_hash(const unsigned char *in, unsigned long inlen,
|
||||
unsigned char *out, unsigned long *outlen,
|
||||
prng_state *prng, int wprng, ecc_key *key)
|
||||
prng_state *prng, int wprng, const ecc_key *key)
|
||||
{
|
||||
return _ecc_sign_hash(in, inlen, out, outlen, prng, wprng, key, 0);
|
||||
}
|
||||
@ -156,7 +146,7 @@ int ecc_sign_hash(const unsigned char *in, unsigned long inlen,
|
||||
*/
|
||||
int ecc_sign_hash_rfc7518(const unsigned char *in, unsigned long inlen,
|
||||
unsigned char *out, unsigned long *outlen,
|
||||
prng_state *prng, int wprng, ecc_key *key)
|
||||
prng_state *prng, int wprng, const ecc_key *key)
|
||||
{
|
||||
return _ecc_sign_hash(in, inlen, out, outlen, prng, wprng, key, 1);
|
||||
}
|
||||
|
@ -7,11 +7,6 @@
|
||||
* guarantee it works.
|
||||
*/
|
||||
|
||||
/* Implements ECC over Z/pZ for curve y^2 = x^3 - 3x + b
|
||||
*
|
||||
* All curves taken from NIST recommendation paper of July 1999
|
||||
* Available at http://csrc.nist.gov/cryptval/dss.htm
|
||||
*/
|
||||
#include "tomcrypt.h"
|
||||
|
||||
/**
|
||||
@ -23,19 +18,24 @@
|
||||
|
||||
void ecc_sizes(int *low, int *high)
|
||||
{
|
||||
int i;
|
||||
int i, size;
|
||||
void *prime;
|
||||
|
||||
LTC_ARGCHKVD(low != NULL);
|
||||
LTC_ARGCHKVD(high != NULL);
|
||||
|
||||
*low = INT_MAX;
|
||||
*high = 0;
|
||||
for (i = 0; ltc_ecc_sets[i].size != 0; i++) {
|
||||
if (ltc_ecc_sets[i].size < *low) {
|
||||
*low = ltc_ecc_sets[i].size;
|
||||
|
||||
if (mp_init(&prime) == CRYPT_OK) {
|
||||
for (i = 0; ltc_ecc_curves[i].prime != NULL; i++) {
|
||||
if (mp_read_radix(prime, ltc_ecc_curves[i].prime, 16) == CRYPT_OK) {
|
||||
size = mp_unsigned_bin_size(prime);
|
||||
if (size < *low) *low = size;
|
||||
if (size > *high) *high = size;
|
||||
}
|
||||
if (ltc_ecc_sets[i].size > *high) {
|
||||
*high = ltc_ecc_sets[i].size;
|
||||
}
|
||||
mp_clear(prime);
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -7,11 +7,6 @@
|
||||
* guarantee it works.
|
||||
*/
|
||||
|
||||
/* Implements ECC over Z/pZ for curve y^2 = x^3 - 3x + b
|
||||
*
|
||||
* All curves taken from NIST recommendation paper of July 1999
|
||||
* Available at http://csrc.nist.gov/cryptval/dss.htm
|
||||
*/
|
||||
#include "tomcrypt.h"
|
||||
|
||||
/**
|
||||
@ -21,68 +16,12 @@
|
||||
|
||||
#ifdef LTC_MECC
|
||||
|
||||
/**
|
||||
Perform on the ECC system
|
||||
@return CRYPT_OK if successful
|
||||
*/
|
||||
int ecc_test(void)
|
||||
{
|
||||
void *modulus, *order;
|
||||
ecc_point *G, *GG;
|
||||
int i, err, primality;
|
||||
|
||||
if ((err = mp_init_multi(&modulus, &order, NULL)) != CRYPT_OK) {
|
||||
return err;
|
||||
}
|
||||
|
||||
G = ltc_ecc_new_point();
|
||||
GG = ltc_ecc_new_point();
|
||||
if (G == NULL || GG == NULL) {
|
||||
mp_clear_multi(modulus, order, NULL);
|
||||
ltc_ecc_del_point(G);
|
||||
ltc_ecc_del_point(GG);
|
||||
return CRYPT_MEM;
|
||||
}
|
||||
|
||||
for (i = 0; ltc_ecc_sets[i].size; i++) {
|
||||
#if 0
|
||||
printf("Testing %d\n", ltc_ecc_sets[i].size);
|
||||
#endif
|
||||
if ((err = mp_read_radix(modulus, (char *)ltc_ecc_sets[i].prime, 16)) != CRYPT_OK) { goto done; }
|
||||
if ((err = mp_read_radix(order, (char *)ltc_ecc_sets[i].order, 16)) != CRYPT_OK) { goto done; }
|
||||
|
||||
/* is prime actually prime? */
|
||||
if ((err = mp_prime_is_prime(modulus, 8, &primality)) != CRYPT_OK) { goto done; }
|
||||
if (primality == 0) {
|
||||
err = CRYPT_FAIL_TESTVECTOR;
|
||||
goto done;
|
||||
}
|
||||
|
||||
/* is order prime ? */
|
||||
if ((err = mp_prime_is_prime(order, 8, &primality)) != CRYPT_OK) { goto done; }
|
||||
if (primality == 0) {
|
||||
err = CRYPT_FAIL_TESTVECTOR;
|
||||
goto done;
|
||||
}
|
||||
|
||||
if ((err = mp_read_radix(G->x, (char *)ltc_ecc_sets[i].Gx, 16)) != CRYPT_OK) { goto done; }
|
||||
if ((err = mp_read_radix(G->y, (char *)ltc_ecc_sets[i].Gy, 16)) != CRYPT_OK) { goto done; }
|
||||
mp_set(G->z, 1);
|
||||
|
||||
/* then we should have G == (order + 1)G */
|
||||
if ((err = mp_add_d(order, 1, order)) != CRYPT_OK) { goto done; }
|
||||
if ((err = ltc_mp.ecc_ptmul(order, G, GG, modulus, 1)) != CRYPT_OK) { goto done; }
|
||||
if (mp_cmp(G->x, GG->x) != LTC_MP_EQ || mp_cmp(G->y, GG->y) != LTC_MP_EQ) {
|
||||
err = CRYPT_FAIL_TESTVECTOR;
|
||||
goto done;
|
||||
}
|
||||
}
|
||||
err = CRYPT_OK;
|
||||
done:
|
||||
ltc_ecc_del_point(GG);
|
||||
ltc_ecc_del_point(G);
|
||||
mp_clear_multi(order, modulus, NULL);
|
||||
return err;
|
||||
/* the main ECC tests are in tests/ecc_test.c
|
||||
* this function is kept just for API compatibility
|
||||
*/
|
||||
return CRYPT_NOP;
|
||||
}
|
||||
|
||||
#endif
|
||||
|
@ -18,11 +18,11 @@
|
||||
|
||||
static int _ecc_verify_hash(const unsigned char *sig, unsigned long siglen,
|
||||
const unsigned char *hash, unsigned long hashlen,
|
||||
int *stat, ecc_key *key, int sigformat)
|
||||
int *stat, const ecc_key *key, int sigformat)
|
||||
{
|
||||
ecc_point *mG, *mQ;
|
||||
void *r, *s, *v, *w, *u1, *u2, *e, *p, *m;
|
||||
void *mp;
|
||||
ecc_point *mG = NULL, *mQ = NULL;
|
||||
void *r, *s, *v, *w, *u1, *u2, *e, *p, *m, *a, *a_plus3 = NULL, *mu = NULL, *ma = NULL;
|
||||
void *mp = NULL;
|
||||
int err;
|
||||
unsigned long pbits, pbytes, i, shift_right;
|
||||
unsigned char ch, buf[MAXBLOCKSIZE];
|
||||
@ -34,16 +34,17 @@ static int _ecc_verify_hash(const unsigned char *sig, unsigned long siglen,
|
||||
|
||||
/* default to invalid signature */
|
||||
*stat = 0;
|
||||
mp = NULL;
|
||||
|
||||
/* is the IDX valid ? */
|
||||
if (ltc_ecc_is_valid_idx(key->idx) != 1) {
|
||||
return CRYPT_PK_INVALID_TYPE;
|
||||
}
|
||||
|
||||
/* allocate ints */
|
||||
if ((err = mp_init_multi(&r, &s, &v, &w, &u1, &u2, &p, &e, &m, NULL)) != CRYPT_OK) {
|
||||
return CRYPT_MEM;
|
||||
if ((err = mp_init_multi(&r, &s, &v, &w, &u1, &u2, &e, &a_plus3, NULL)) != CRYPT_OK) {
|
||||
return err;
|
||||
}
|
||||
|
||||
p = key->dp.order;
|
||||
m = key->dp.prime;
|
||||
a = key->dp.A;
|
||||
if ((err = mp_add_d(a, 3, a_plus3)) != CRYPT_OK) {
|
||||
goto error;
|
||||
}
|
||||
|
||||
/* allocate points */
|
||||
@ -72,14 +73,9 @@ static int _ecc_verify_hash(const unsigned char *sig, unsigned long siglen,
|
||||
LTC_ASN1_EOL, 0UL, NULL)) != CRYPT_OK) { goto error; }
|
||||
}
|
||||
|
||||
/* get the order */
|
||||
if ((err = mp_read_radix(p, (char *)key->dp->order, 16)) != CRYPT_OK) { goto error; }
|
||||
|
||||
/* get the modulus */
|
||||
if ((err = mp_read_radix(m, (char *)key->dp->prime, 16)) != CRYPT_OK) { goto error; }
|
||||
|
||||
/* check for zero */
|
||||
if (mp_iszero(r) || mp_iszero(s) || mp_cmp(r, p) != LTC_MP_LT || mp_cmp(s, p) != LTC_MP_LT) {
|
||||
if (mp_cmp_d(r, 0) != LTC_MP_GT || mp_cmp_d(s, 0) != LTC_MP_GT ||
|
||||
mp_cmp(r, p) != LTC_MP_LT || mp_cmp(s, p) != LTC_MP_LT) {
|
||||
err = CRYPT_INVALID_PACKET;
|
||||
goto error;
|
||||
}
|
||||
@ -113,30 +109,32 @@ static int _ecc_verify_hash(const unsigned char *sig, unsigned long siglen,
|
||||
if ((err = mp_mulmod(r, w, p, u2)) != CRYPT_OK) { goto error; }
|
||||
|
||||
/* find mG and mQ */
|
||||
if ((err = mp_read_radix(mG->x, (char *)key->dp->Gx, 16)) != CRYPT_OK) { goto error; }
|
||||
if ((err = mp_read_radix(mG->y, (char *)key->dp->Gy, 16)) != CRYPT_OK) { goto error; }
|
||||
if ((err = mp_set(mG->z, 1)) != CRYPT_OK) { goto error; }
|
||||
|
||||
if ((err = mp_copy(key->pubkey.x, mQ->x)) != CRYPT_OK) { goto error; }
|
||||
if ((err = mp_copy(key->pubkey.y, mQ->y)) != CRYPT_OK) { goto error; }
|
||||
if ((err = mp_copy(key->pubkey.z, mQ->z)) != CRYPT_OK) { goto error; }
|
||||
|
||||
/* compute u1*mG + u2*mQ = mG */
|
||||
if (ltc_mp.ecc_mul2add == NULL) {
|
||||
if ((err = ltc_mp.ecc_ptmul(u1, mG, mG, m, 0)) != CRYPT_OK) { goto error; }
|
||||
if ((err = ltc_mp.ecc_ptmul(u2, mQ, mQ, m, 0)) != CRYPT_OK) { goto error; }
|
||||
if ((err = ltc_ecc_copy_point(&key->dp.base, mG)) != CRYPT_OK) { goto error; }
|
||||
if ((err = ltc_ecc_copy_point(&key->pubkey, mQ)) != CRYPT_OK) { goto error; }
|
||||
|
||||
/* find the montgomery mp */
|
||||
if ((err = mp_montgomery_setup(m, &mp)) != CRYPT_OK) { goto error; }
|
||||
|
||||
/* for curves with a == -3 keep ma == NULL */
|
||||
if (mp_cmp(a_plus3, m) != LTC_MP_EQ) {
|
||||
if ((err = mp_init_multi(&mu, &ma, NULL)) != CRYPT_OK) { goto error; }
|
||||
if ((err = mp_montgomery_normalization(mu, m)) != CRYPT_OK) { goto error; }
|
||||
if ((err = mp_mulmod(a, mu, m, ma)) != CRYPT_OK) { goto error; }
|
||||
}
|
||||
|
||||
/* compute u1*mG + u2*mQ = mG */
|
||||
if (ltc_mp.ecc_mul2add == NULL) {
|
||||
if ((err = ltc_mp.ecc_ptmul(u1, mG, mG, a, m, 0)) != CRYPT_OK) { goto error; }
|
||||
if ((err = ltc_mp.ecc_ptmul(u2, mQ, mQ, a, m, 0)) != CRYPT_OK) { goto error; }
|
||||
|
||||
/* add them */
|
||||
if ((err = ltc_mp.ecc_ptadd(mQ, mG, mG, m, mp)) != CRYPT_OK) { goto error; }
|
||||
if ((err = ltc_mp.ecc_ptadd(mQ, mG, mG, ma, m, mp)) != CRYPT_OK) { goto error; }
|
||||
|
||||
/* reduce */
|
||||
if ((err = ltc_mp.ecc_map(mG, m, mp)) != CRYPT_OK) { goto error; }
|
||||
} else {
|
||||
/* use Shamir's trick to compute u1*mG + u2*mQ using half of the doubles */
|
||||
if ((err = ltc_mp.ecc_mul2add(mG, u1, mQ, u2, mG, m)) != CRYPT_OK) { goto error; }
|
||||
if ((err = ltc_mp.ecc_mul2add(mG, u1, mQ, u2, mG, ma, m)) != CRYPT_OK) { goto error; }
|
||||
}
|
||||
|
||||
/* v = X_x1 mod n */
|
||||
@ -150,9 +148,11 @@ static int _ecc_verify_hash(const unsigned char *sig, unsigned long siglen,
|
||||
/* clear up and return */
|
||||
err = CRYPT_OK;
|
||||
error:
|
||||
ltc_ecc_del_point(mG);
|
||||
ltc_ecc_del_point(mQ);
|
||||
mp_clear_multi(r, s, v, w, u1, u2, p, e, m, NULL);
|
||||
if (mG != NULL) ltc_ecc_del_point(mG);
|
||||
if (mQ != NULL) ltc_ecc_del_point(mQ);
|
||||
if (mu != NULL) mp_clear(mu);
|
||||
if (ma != NULL) mp_clear(ma);
|
||||
mp_clear_multi(r, s, v, w, u1, u2, e, a_plus3, NULL);
|
||||
if (mp != NULL) {
|
||||
mp_montgomery_free(mp);
|
||||
}
|
||||
@ -171,7 +171,7 @@ error:
|
||||
*/
|
||||
int ecc_verify_hash(const unsigned char *sig, unsigned long siglen,
|
||||
const unsigned char *hash, unsigned long hashlen,
|
||||
int *stat, ecc_key *key)
|
||||
int *stat, const ecc_key *key)
|
||||
{
|
||||
return _ecc_verify_hash(sig, siglen, hash, hashlen, stat, key, 0);
|
||||
}
|
||||
@ -188,7 +188,7 @@ int ecc_verify_hash(const unsigned char *sig, unsigned long siglen,
|
||||
*/
|
||||
int ecc_verify_hash_rfc7518(const unsigned char *sig, unsigned long siglen,
|
||||
const unsigned char *hash, unsigned long hashlen,
|
||||
int *stat, ecc_key *key)
|
||||
int *stat, const ecc_key *key)
|
||||
{
|
||||
return _ecc_verify_hash(sig, siglen, hash, hashlen, stat, key, 1);
|
||||
}
|
||||
|
63
src/pk/ecc/ltc_ecc_export_point.c
Normal file
63
src/pk/ecc/ltc_ecc_export_point.c
Normal file
@ -0,0 +1,63 @@
|
||||
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
|
||||
*
|
||||
* LibTomCrypt is a library that provides various cryptographic
|
||||
* algorithms in a highly modular and flexible manner.
|
||||
*
|
||||
* The library is free for all purposes without any express
|
||||
* guarantee it works.
|
||||
*/
|
||||
|
||||
#include "tomcrypt.h"
|
||||
|
||||
#ifdef LTC_MECC
|
||||
|
||||
int ltc_ecc_export_point(unsigned char *out, unsigned long *outlen, void *x, void *y, unsigned long size, int compressed)
|
||||
{
|
||||
int err;
|
||||
unsigned char buf[ECC_BUF_SIZE];
|
||||
unsigned long xsize, ysize;
|
||||
|
||||
if (size > sizeof(buf)) return CRYPT_BUFFER_OVERFLOW;
|
||||
if ((xsize = mp_unsigned_bin_size(x)) > size) return CRYPT_BUFFER_OVERFLOW;
|
||||
if ((ysize = mp_unsigned_bin_size(y)) > size) return CRYPT_BUFFER_OVERFLOW;
|
||||
|
||||
if(compressed) {
|
||||
if (*outlen < (1 + size)) {
|
||||
*outlen = 1 + size;
|
||||
return CRYPT_BUFFER_OVERFLOW;
|
||||
}
|
||||
/* store first byte */
|
||||
out[0] = mp_isodd(y) ? 0x03 : 0x02;
|
||||
/* pad and store x */
|
||||
zeromem(buf, sizeof(buf));
|
||||
if ((err = mp_to_unsigned_bin(x, buf + (size - xsize))) != CRYPT_OK) return err;
|
||||
XMEMCPY(out+1, buf, size);
|
||||
/* adjust outlen */
|
||||
*outlen = 1 + size;
|
||||
}
|
||||
else {
|
||||
if (*outlen < (1 + 2*size)) {
|
||||
*outlen = 1 + 2*size;
|
||||
return CRYPT_BUFFER_OVERFLOW;
|
||||
}
|
||||
/* store byte 0x04 */
|
||||
out[0] = 0x04;
|
||||
/* pad and store x */
|
||||
zeromem(buf, sizeof(buf));
|
||||
if ((err = mp_to_unsigned_bin(x, buf + (size - xsize))) != CRYPT_OK) return err;
|
||||
XMEMCPY(out+1, buf, size);
|
||||
/* pad and store y */
|
||||
zeromem(buf, sizeof(buf));
|
||||
if ((err = mp_to_unsigned_bin(y, buf + (size - ysize))) != CRYPT_OK) return err;
|
||||
XMEMCPY(out+1+size, buf, size);
|
||||
/* adjust outlen */
|
||||
*outlen = 1 + 2*size;
|
||||
}
|
||||
return CRYPT_OK;
|
||||
}
|
||||
|
||||
#endif
|
||||
|
||||
/* ref: $Format:%D$ */
|
||||
/* git commit: $Format:%H$ */
|
||||
/* commit time: $Format:%ai$ */
|
71
src/pk/ecc/ltc_ecc_import_point.c
Normal file
71
src/pk/ecc/ltc_ecc_import_point.c
Normal file
@ -0,0 +1,71 @@
|
||||
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
|
||||
*
|
||||
* LibTomCrypt is a library that provides various cryptographic
|
||||
* algorithms in a highly modular and flexible manner.
|
||||
*
|
||||
* The library is free for all purposes without any express
|
||||
* guarantee it works.
|
||||
*/
|
||||
|
||||
#include "tomcrypt.h"
|
||||
|
||||
#ifdef LTC_MECC
|
||||
|
||||
int ltc_ecc_import_point(const unsigned char *in, unsigned long inlen, void *prime, void *a, void *b, void *x, void *y)
|
||||
{
|
||||
int err;
|
||||
unsigned long size;
|
||||
void *t1, *t2;
|
||||
|
||||
/* init key + temporary numbers */
|
||||
if (mp_init_multi(&t1, &t2, NULL) != CRYPT_OK) {
|
||||
return CRYPT_MEM;
|
||||
}
|
||||
|
||||
size = mp_unsigned_bin_size(prime);
|
||||
|
||||
if (in[0] == 0x04 && (inlen&1) && ((inlen-1)>>1) == size) {
|
||||
/* read uncompressed point */
|
||||
/* load x */
|
||||
if ((err = mp_read_unsigned_bin(x, (unsigned char *)in+1, size)) != CRYPT_OK) { goto cleanup; }
|
||||
/* load y */
|
||||
if ((err = mp_read_unsigned_bin(y, (unsigned char *)in+1+size, size)) != CRYPT_OK) { goto cleanup; }
|
||||
}
|
||||
else if ((in[0] == 0x02 || in[0] == 0x03) && (inlen-1) == size && ltc_mp.sqrtmod_prime != NULL) {
|
||||
/* read compressed point - BEWARE: requires sqrtmod_prime */
|
||||
/* load x */
|
||||
if ((err = mp_read_unsigned_bin(x, (unsigned char *)in+1, size)) != CRYPT_OK) { goto cleanup; }
|
||||
/* compute x^3 */
|
||||
if ((err = mp_sqr(x, t1)) != CRYPT_OK) { goto cleanup; }
|
||||
if ((err = mp_mulmod(t1, x, prime, t1)) != CRYPT_OK) { goto cleanup; }
|
||||
/* compute x^3 + a*x */
|
||||
if ((err = mp_mulmod(a, x, prime, t2)) != CRYPT_OK) { goto cleanup; }
|
||||
if ((err = mp_add(t1, t2, t1)) != CRYPT_OK) { goto cleanup; }
|
||||
/* compute x^3 + a*x + b */
|
||||
if ((err = mp_add(t1, b, t1)) != CRYPT_OK) { goto cleanup; }
|
||||
/* compute sqrt(x^3 + a*x + b) */
|
||||
if ((err = mp_sqrtmod_prime(t1, prime, t2)) != CRYPT_OK) { goto cleanup; }
|
||||
/* adjust y */
|
||||
if ((mp_isodd(t2) && in[0] == 0x03) || (!mp_isodd(t2) && in[0] == 0x02)) {
|
||||
if ((err = mp_mod(t2, prime, y)) != CRYPT_OK) { goto cleanup; }
|
||||
}
|
||||
else {
|
||||
if ((err = mp_submod(prime, t2, prime, y)) != CRYPT_OK) { goto cleanup; }
|
||||
}
|
||||
}
|
||||
else {
|
||||
err = CRYPT_INVALID_PACKET;
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
err = CRYPT_OK;
|
||||
cleanup:
|
||||
mp_clear_multi(t1, t2, NULL);
|
||||
return err;
|
||||
}
|
||||
|
||||
#endif
|
||||
|
||||
/* ref: $Format:%D$ */
|
||||
/* git commit: $Format:%H$ */
|
||||
/* commit time: $Format:%ai$ */
|
72
src/pk/ecc/ltc_ecc_is_point.c
Normal file
72
src/pk/ecc/ltc_ecc_is_point.c
Normal file
@ -0,0 +1,72 @@
|
||||
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
|
||||
*
|
||||
* LibTomCrypt is a library that provides various cryptographic
|
||||
* algorithms in a highly modular and flexible manner.
|
||||
*
|
||||
* The library is free for all purposes without any express
|
||||
* guarantee it works.
|
||||
*/
|
||||
|
||||
#include "tomcrypt.h"
|
||||
|
||||
#ifdef LTC_MECC
|
||||
|
||||
/** Returns whether [x,y] is a point on curve defined by dp
|
||||
@param dp curve parameters
|
||||
@param x x point coordinate
|
||||
@param y y point coordinate
|
||||
@return CRYPT_OK if valid
|
||||
*/
|
||||
|
||||
int ltc_ecc_is_point(const ltc_ecc_dp *dp, void *x, void *y)
|
||||
{
|
||||
void *prime, *a, *b, *t1, *t2;
|
||||
int err;
|
||||
|
||||
prime = dp->prime;
|
||||
b = dp->B;
|
||||
a = dp->A;
|
||||
|
||||
if ((err = mp_init_multi(&t1, &t2, NULL)) != CRYPT_OK) return err;
|
||||
|
||||
/* compute y^2 */
|
||||
if ((err = mp_sqr(y, t1)) != CRYPT_OK) goto cleanup;
|
||||
|
||||
/* compute x^3 */
|
||||
if ((err = mp_sqr(x, t2)) != CRYPT_OK) goto cleanup;
|
||||
if ((err = mp_mod(t2, prime, t2)) != CRYPT_OK) goto cleanup;
|
||||
if ((err = mp_mul(x, t2, t2)) != CRYPT_OK) goto cleanup;
|
||||
|
||||
/* compute y^2 - x^3 */
|
||||
if ((err = mp_sub(t1, t2, t1)) != CRYPT_OK) goto cleanup;
|
||||
|
||||
/* compute y^2 - x^3 - a*x */
|
||||
if ((err = mp_submod(prime, a, prime, t2)) != CRYPT_OK) goto cleanup;
|
||||
if ((err = mp_mulmod(t2, x, prime, t2)) != CRYPT_OK) goto cleanup;
|
||||
if ((err = mp_addmod(t1, t2, prime, t1)) != CRYPT_OK) goto cleanup;
|
||||
|
||||
/* adjust range (0, prime) */
|
||||
while (mp_cmp_d(t1, 0) == LTC_MP_LT) {
|
||||
if ((err = mp_add(t1, prime, t1)) != CRYPT_OK) goto cleanup;
|
||||
}
|
||||
while (mp_cmp(t1, prime) != LTC_MP_LT) {
|
||||
if ((err = mp_sub(t1, prime, t1)) != CRYPT_OK) goto cleanup;
|
||||
}
|
||||
|
||||
/* compare to b */
|
||||
if (mp_cmp(t1, b) != LTC_MP_EQ) {
|
||||
err = CRYPT_INVALID_PACKET;
|
||||
} else {
|
||||
err = CRYPT_OK;
|
||||
}
|
||||
|
||||
cleanup:
|
||||
mp_clear_multi(t1, t2, NULL);
|
||||
return err;
|
||||
}
|
||||
|
||||
#endif
|
||||
|
||||
/* ref: $Format:%D$ */
|
||||
/* git commit: $Format:%H$ */
|
||||
/* commit time: $Format:%ai$ */
|
62
src/pk/ecc/ltc_ecc_is_point_at_infinity.c
Normal file
62
src/pk/ecc/ltc_ecc_is_point_at_infinity.c
Normal file
@ -0,0 +1,62 @@
|
||||
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
|
||||
*
|
||||
* LibTomCrypt is a library that provides various cryptographic
|
||||
* algorithms in a highly modular and flexible manner.
|
||||
*
|
||||
* The library is free for all purposes without any express
|
||||
* guarantee it works.
|
||||
*/
|
||||
|
||||
#include "tomcrypt.h"
|
||||
|
||||
#ifdef LTC_MECC
|
||||
|
||||
/* http://crypto.stackexchange.com/questions/41468/point-at-infinity-for-jacobian-coordinates
|
||||
* a point at infinity is any point (x,y,0) such that y^2 == x^3, except (0,0,0)
|
||||
*/
|
||||
|
||||
int ltc_ecc_is_point_at_infinity(const ecc_point *P, void *modulus, int *retval)
|
||||
{
|
||||
int err;
|
||||
void *x3, *y2;
|
||||
|
||||
/* trivial case */
|
||||
if (!mp_iszero(P->z)) {
|
||||
*retval = 0;
|
||||
return CRYPT_OK;
|
||||
}
|
||||
|
||||
/* point (0,0,0) is not at infinity */
|
||||
if (mp_iszero(P->x) && mp_iszero(P->y)) {
|
||||
*retval = 0;
|
||||
return CRYPT_OK;
|
||||
}
|
||||
|
||||
/* initialize */
|
||||
if ((err = mp_init_multi(&x3, &y2, NULL)) != CRYPT_OK) goto done;
|
||||
|
||||
/* compute y^2 */
|
||||
if ((err = mp_mulmod(P->y, P->y, modulus, y2)) != CRYPT_OK) goto cleanup;
|
||||
|
||||
/* compute x^3 */
|
||||
if ((err = mp_mulmod(P->x, P->x, modulus, x3)) != CRYPT_OK) goto cleanup;
|
||||
if ((err = mp_mulmod(P->x, x3, modulus, x3)) != CRYPT_OK) goto cleanup;
|
||||
|
||||
/* test y^2 == x^3 */
|
||||
err = CRYPT_OK;
|
||||
if ((mp_cmp(x3, y2) == LTC_MP_EQ) && !mp_iszero(y2))
|
||||
*retval = 1;
|
||||
else
|
||||
*retval = 0;
|
||||
|
||||
cleanup:
|
||||
mp_clear_multi(x3, y2, NULL);
|
||||
done:
|
||||
return err;
|
||||
}
|
||||
|
||||
#endif
|
||||
|
||||
/* ref: $Format:%D$ */
|
||||
/* git commit: $Format:%H$ */
|
||||
/* commit time: $Format:%ai$ */
|
@ -1,44 +0,0 @@
|
||||
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
|
||||
*
|
||||
* LibTomCrypt is a library that provides various cryptographic
|
||||
* algorithms in a highly modular and flexible manner.
|
||||
*
|
||||
* The library is free for all purposes without any express
|
||||
* guarantee it works.
|
||||
*/
|
||||
|
||||
/* Implements ECC over Z/pZ for curve y^2 = x^3 - 3x + b
|
||||
*
|
||||
* All curves taken from NIST recommendation paper of July 1999
|
||||
* Available at http://csrc.nist.gov/cryptval/dss.htm
|
||||
*/
|
||||
#include "tomcrypt.h"
|
||||
|
||||
/**
|
||||
@file ltc_ecc_is_valid_idx.c
|
||||
ECC Crypto, Tom St Denis
|
||||
*/
|
||||
|
||||
#ifdef LTC_MECC
|
||||
|
||||
/** Returns whether an ECC idx is valid or not
|
||||
@param n The idx number to check
|
||||
@return 1 if valid, 0 if not
|
||||
*/
|
||||
int ltc_ecc_is_valid_idx(int n)
|
||||
{
|
||||
int x;
|
||||
|
||||
for (x = 0; ltc_ecc_sets[x].size != 0; x++);
|
||||
/* -1 is a valid index --- indicating that the domain params were supplied by the user */
|
||||
if ((n >= -1) && (n < x)) {
|
||||
return 1;
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
#endif
|
||||
/* ref: $Format:%D$ */
|
||||
/* git commit: $Format:%H$ */
|
||||
/* commit time: $Format:%ai$ */
|
||||
|
@ -7,11 +7,6 @@
|
||||
* guarantee it works.
|
||||
*/
|
||||
|
||||
/* Implements ECC over Z/pZ for curve y^2 = x^3 - 3x + b
|
||||
*
|
||||
* All curves taken from NIST recommendation paper of July 1999
|
||||
* Available at http://csrc.nist.gov/cryptval/dss.htm
|
||||
*/
|
||||
#include "tomcrypt.h"
|
||||
|
||||
/**
|
||||
@ -37,6 +32,10 @@ int ltc_ecc_map(ecc_point *P, void *modulus, void *mp)
|
||||
LTC_ARGCHK(modulus != NULL);
|
||||
LTC_ARGCHK(mp != NULL);
|
||||
|
||||
if (mp_iszero(P->z)) {
|
||||
return ltc_ecc_set_point_xyz(0, 0, 1, P);
|
||||
}
|
||||
|
||||
if ((err = mp_init_multi(&t1, &t2, NULL)) != CRYPT_OK) {
|
||||
return err;
|
||||
}
|
||||
|
@ -7,11 +7,6 @@
|
||||
* guarantee it works.
|
||||
*/
|
||||
|
||||
/* Implements ECC over Z/pZ for curve y^2 = x^3 - 3x + b
|
||||
*
|
||||
* All curves taken from NIST recommendation paper of July 1999
|
||||
* Available at http://csrc.nist.gov/cryptval/dss.htm
|
||||
*/
|
||||
#include "tomcrypt.h"
|
||||
|
||||
/**
|
||||
@ -28,17 +23,20 @@
|
||||
@param kA What to multiple A by
|
||||
@param B Second point to multiply
|
||||
@param kB What to multiple B by
|
||||
@param C [out] Destination point (can overlap with A or B
|
||||
@param C [out] Destination point (can overlap with A or B)
|
||||
@param ma ECC curve parameter a in montgomery form
|
||||
@param modulus Modulus for curve
|
||||
@return CRYPT_OK on success
|
||||
*/
|
||||
int ltc_ecc_mul2add(ecc_point *A, void *kA,
|
||||
ecc_point *B, void *kB,
|
||||
int ltc_ecc_mul2add(const ecc_point *A, void *kA,
|
||||
const ecc_point *B, void *kB,
|
||||
ecc_point *C,
|
||||
void *ma,
|
||||
void *modulus)
|
||||
{
|
||||
ecc_point *precomp[16];
|
||||
unsigned bitbufA, bitbufB, lenA, lenB, len, x, y, nA, nB, nibble;
|
||||
unsigned bitbufA, bitbufB, lenA, lenB, len, nA, nB, nibble;
|
||||
unsigned x, y;
|
||||
unsigned char *tA, *tB;
|
||||
int err, first;
|
||||
void *mp, *mu;
|
||||
@ -112,17 +110,17 @@ int ltc_ecc_mul2add(ecc_point *A, void *kA,
|
||||
if ((err = mp_mulmod(B->z, mu, modulus, precomp[1<<2]->z)) != CRYPT_OK) { goto ERR_MU; }
|
||||
|
||||
/* precomp [i,0](A + B) table */
|
||||
if ((err = ltc_mp.ecc_ptdbl(precomp[1], precomp[2], modulus, mp)) != CRYPT_OK) { goto ERR_MU; }
|
||||
if ((err = ltc_mp.ecc_ptadd(precomp[1], precomp[2], precomp[3], modulus, mp)) != CRYPT_OK) { goto ERR_MU; }
|
||||
if ((err = ltc_mp.ecc_ptdbl(precomp[1], precomp[2], ma, modulus, mp)) != CRYPT_OK) { goto ERR_MU; }
|
||||
if ((err = ltc_mp.ecc_ptadd(precomp[1], precomp[2], precomp[3], ma, modulus, mp)) != CRYPT_OK) { goto ERR_MU; }
|
||||
|
||||
/* precomp [0,i](A + B) table */
|
||||
if ((err = ltc_mp.ecc_ptdbl(precomp[1<<2], precomp[2<<2], modulus, mp)) != CRYPT_OK) { goto ERR_MU; }
|
||||
if ((err = ltc_mp.ecc_ptadd(precomp[1<<2], precomp[2<<2], precomp[3<<2], modulus, mp)) != CRYPT_OK) { goto ERR_MU; }
|
||||
if ((err = ltc_mp.ecc_ptdbl(precomp[1<<2], precomp[2<<2], ma, modulus, mp)) != CRYPT_OK) { goto ERR_MU; }
|
||||
if ((err = ltc_mp.ecc_ptadd(precomp[1<<2], precomp[2<<2], precomp[3<<2], ma, modulus, mp)) != CRYPT_OK) { goto ERR_MU; }
|
||||
|
||||
/* precomp [i,j](A + B) table (i != 0, j != 0) */
|
||||
for (x = 1; x < 4; x++) {
|
||||
for (y = 1; y < 4; y++) {
|
||||
if ((err = ltc_mp.ecc_ptadd(precomp[x], precomp[(y<<2)], precomp[x+(y<<2)], modulus, mp)) != CRYPT_OK) { goto ERR_MU; }
|
||||
if ((err = ltc_mp.ecc_ptadd(precomp[x], precomp[(y<<2)], precomp[x+(y<<2)], ma, modulus, mp)) != CRYPT_OK) { goto ERR_MU; }
|
||||
}
|
||||
}
|
||||
|
||||
@ -156,8 +154,8 @@ int ltc_ecc_mul2add(ecc_point *A, void *kA,
|
||||
/* double twice, only if this isn't the first */
|
||||
if (first == 0) {
|
||||
/* double twice */
|
||||
if ((err = ltc_mp.ecc_ptdbl(C, C, modulus, mp)) != CRYPT_OK) { goto ERR_MU; }
|
||||
if ((err = ltc_mp.ecc_ptdbl(C, C, modulus, mp)) != CRYPT_OK) { goto ERR_MU; }
|
||||
if ((err = ltc_mp.ecc_ptdbl(C, C, ma, modulus, mp)) != CRYPT_OK) { goto ERR_MU; }
|
||||
if ((err = ltc_mp.ecc_ptdbl(C, C, ma, modulus, mp)) != CRYPT_OK) { goto ERR_MU; }
|
||||
}
|
||||
|
||||
/* if not both zero */
|
||||
@ -165,12 +163,10 @@ int ltc_ecc_mul2add(ecc_point *A, void *kA,
|
||||
if (first == 1) {
|
||||
/* if first, copy from table */
|
||||
first = 0;
|
||||
if ((err = mp_copy(precomp[nA + (nB<<2)]->x, C->x)) != CRYPT_OK) { goto ERR_MU; }
|
||||
if ((err = mp_copy(precomp[nA + (nB<<2)]->y, C->y)) != CRYPT_OK) { goto ERR_MU; }
|
||||
if ((err = mp_copy(precomp[nA + (nB<<2)]->z, C->z)) != CRYPT_OK) { goto ERR_MU; }
|
||||
if ((err = ltc_ecc_copy_point(precomp[nA + (nB<<2)], C)) != CRYPT_OK) { goto ERR_MU; }
|
||||
} else {
|
||||
/* if not first, add from table */
|
||||
if ((err = ltc_mp.ecc_ptadd(C, precomp[nA + (nB<<2)], C, modulus, mp)) != CRYPT_OK) { goto ERR_MU; }
|
||||
if ((err = ltc_mp.ecc_ptadd(C, precomp[nA + (nB<<2)], C, ma, modulus, mp)) != CRYPT_OK) { goto ERR_MU; }
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -7,11 +7,6 @@
|
||||
* guarantee it works.
|
||||
*/
|
||||
|
||||
/* Implements ECC over Z/pZ for curve y^2 = x^3 - 3x + b
|
||||
*
|
||||
* All curves taken from NIST recommendation paper of July 1999
|
||||
* Available at http://csrc.nist.gov/cryptval/dss.htm
|
||||
*/
|
||||
#include "tomcrypt.h"
|
||||
|
||||
/**
|
||||
@ -34,11 +29,11 @@
|
||||
@param map Boolean whether to map back to affine or not (1==map, 0 == leave in projective)
|
||||
@return CRYPT_OK on success
|
||||
*/
|
||||
int ltc_ecc_mulmod(void *k, ecc_point *G, ecc_point *R, void *modulus, int map)
|
||||
int ltc_ecc_mulmod(void *k, const ecc_point *G, ecc_point *R, void *a, void *modulus, int map)
|
||||
{
|
||||
ecc_point *tG, *M[8];
|
||||
int i, j, err;
|
||||
void *mu, *mp;
|
||||
int i, j, err, inf;
|
||||
void *mp = NULL, *mu = NULL, *ma = NULL, *a_plus3 = NULL;
|
||||
ltc_mp_digit buf;
|
||||
int first, bitbuf, bitcpy, bitcnt, mode, digidx;
|
||||
|
||||
@ -47,18 +42,23 @@ int ltc_ecc_mulmod(void *k, ecc_point *G, ecc_point *R, void *modulus, int map)
|
||||
LTC_ARGCHK(R != NULL);
|
||||
LTC_ARGCHK(modulus != NULL);
|
||||
|
||||
if ((err = ltc_ecc_is_point_at_infinity(G, modulus, &inf)) != CRYPT_OK) return err;
|
||||
if (inf) {
|
||||
/* return the point at infinity */
|
||||
return ltc_ecc_set_point_xyz(1, 1, 0, R);
|
||||
}
|
||||
|
||||
/* init montgomery reduction */
|
||||
if ((err = mp_montgomery_setup(modulus, &mp)) != CRYPT_OK) {
|
||||
return err;
|
||||
}
|
||||
if ((err = mp_init(&mu)) != CRYPT_OK) {
|
||||
mp_montgomery_free(mp);
|
||||
return err;
|
||||
}
|
||||
if ((err = mp_montgomery_normalization(mu, modulus)) != CRYPT_OK) {
|
||||
mp_montgomery_free(mp);
|
||||
mp_clear(mu);
|
||||
return err;
|
||||
if ((err = mp_montgomery_setup(modulus, &mp)) != CRYPT_OK) { goto error; }
|
||||
if ((err = mp_init(&mu)) != CRYPT_OK) { goto error; }
|
||||
if ((err = mp_montgomery_normalization(mu, modulus)) != CRYPT_OK) { goto error; }
|
||||
|
||||
/* for curves with a == -3 keep ma == NULL */
|
||||
if ((err = mp_init(&a_plus3)) != CRYPT_OK) { goto error; }
|
||||
if ((err = mp_add_d(a, 3, a_plus3)) != CRYPT_OK) { goto error; }
|
||||
if (mp_cmp(a_plus3, modulus) != LTC_MP_EQ) {
|
||||
if ((err = mp_init(&ma)) != CRYPT_OK) { goto error; }
|
||||
if ((err = mp_mulmod(a, mu, modulus, ma)) != CRYPT_OK) { goto error; }
|
||||
}
|
||||
|
||||
/* alloc ram for window temps */
|
||||
@ -68,9 +68,8 @@ int ltc_ecc_mulmod(void *k, ecc_point *G, ecc_point *R, void *modulus, int map)
|
||||
for (j = 0; j < i; j++) {
|
||||
ltc_ecc_del_point(M[j]);
|
||||
}
|
||||
mp_montgomery_free(mp);
|
||||
mp_clear(mu);
|
||||
return CRYPT_MEM;
|
||||
err = CRYPT_MEM;
|
||||
goto error;
|
||||
}
|
||||
}
|
||||
|
||||
@ -80,9 +79,7 @@ int ltc_ecc_mulmod(void *k, ecc_point *G, ecc_point *R, void *modulus, int map)
|
||||
|
||||
/* tG = G and convert to montgomery */
|
||||
if (mp_cmp_d(mu, 1) == LTC_MP_EQ) {
|
||||
if ((err = mp_copy(G->x, tG->x)) != CRYPT_OK) { goto done; }
|
||||
if ((err = mp_copy(G->y, tG->y)) != CRYPT_OK) { goto done; }
|
||||
if ((err = mp_copy(G->z, tG->z)) != CRYPT_OK) { goto done; }
|
||||
if ((err = ltc_ecc_copy_point(G, tG)) != CRYPT_OK) { goto done; }
|
||||
} else {
|
||||
if ((err = mp_mulmod(G->x, mu, modulus, tG->x)) != CRYPT_OK) { goto done; }
|
||||
if ((err = mp_mulmod(G->y, mu, modulus, tG->y)) != CRYPT_OK) { goto done; }
|
||||
@ -93,13 +90,13 @@ int ltc_ecc_mulmod(void *k, ecc_point *G, ecc_point *R, void *modulus, int map)
|
||||
|
||||
/* calc the M tab, which holds kG for k==8..15 */
|
||||
/* M[0] == 8G */
|
||||
if ((err = ltc_mp.ecc_ptdbl(tG, M[0], modulus, mp)) != CRYPT_OK) { goto done; }
|
||||
if ((err = ltc_mp.ecc_ptdbl(M[0], M[0], modulus, mp)) != CRYPT_OK) { goto done; }
|
||||
if ((err = ltc_mp.ecc_ptdbl(M[0], M[0], modulus, mp)) != CRYPT_OK) { goto done; }
|
||||
if ((err = ltc_mp.ecc_ptdbl(tG, M[0], ma, modulus, mp)) != CRYPT_OK) { goto done; }
|
||||
if ((err = ltc_mp.ecc_ptdbl(M[0], M[0], ma, modulus, mp)) != CRYPT_OK) { goto done; }
|
||||
if ((err = ltc_mp.ecc_ptdbl(M[0], M[0], ma, modulus, mp)) != CRYPT_OK) { goto done; }
|
||||
|
||||
/* now find (8+k)G for k=1..7 */
|
||||
for (j = 9; j < 16; j++) {
|
||||
if ((err = ltc_mp.ecc_ptadd(M[j-9], tG, M[j-8], modulus, mp)) != CRYPT_OK) { goto done; }
|
||||
if ((err = ltc_mp.ecc_ptadd(M[j-9], tG, M[j-8], ma, modulus, mp)) != CRYPT_OK) { goto done; }
|
||||
}
|
||||
|
||||
/* setup sliding window */
|
||||
@ -133,7 +130,7 @@ int ltc_ecc_mulmod(void *k, ecc_point *G, ecc_point *R, void *modulus, int map)
|
||||
|
||||
/* if the bit is zero and mode == 1 then we double */
|
||||
if (mode == 1 && i == 0) {
|
||||
if ((err = ltc_mp.ecc_ptdbl(R, R, modulus, mp)) != CRYPT_OK) { goto done; }
|
||||
if ((err = ltc_mp.ecc_ptdbl(R, R, ma, modulus, mp)) != CRYPT_OK) { goto done; }
|
||||
continue;
|
||||
}
|
||||
|
||||
@ -145,20 +142,18 @@ int ltc_ecc_mulmod(void *k, ecc_point *G, ecc_point *R, void *modulus, int map)
|
||||
/* if this is the first window we do a simple copy */
|
||||
if (first == 1) {
|
||||
/* R = kG [k = first window] */
|
||||
if ((err = mp_copy(M[bitbuf-8]->x, R->x)) != CRYPT_OK) { goto done; }
|
||||
if ((err = mp_copy(M[bitbuf-8]->y, R->y)) != CRYPT_OK) { goto done; }
|
||||
if ((err = mp_copy(M[bitbuf-8]->z, R->z)) != CRYPT_OK) { goto done; }
|
||||
if ((err = ltc_ecc_copy_point(M[bitbuf-8], R)) != CRYPT_OK) { goto done; }
|
||||
first = 0;
|
||||
} else {
|
||||
/* normal window */
|
||||
/* ok window is filled so double as required and add */
|
||||
/* double first */
|
||||
for (j = 0; j < WINSIZE; j++) {
|
||||
if ((err = ltc_mp.ecc_ptdbl(R, R, modulus, mp)) != CRYPT_OK) { goto done; }
|
||||
if ((err = ltc_mp.ecc_ptdbl(R, R, ma, modulus, mp)) != CRYPT_OK) { goto done; }
|
||||
}
|
||||
|
||||
/* then add, bitbuf will be 8..15 [8..2^WINSIZE] guaranteed */
|
||||
if ((err = ltc_mp.ecc_ptadd(R, M[bitbuf-8], R, modulus, mp)) != CRYPT_OK) { goto done; }
|
||||
if ((err = ltc_mp.ecc_ptadd(R, M[bitbuf-8], R, ma, modulus, mp)) != CRYPT_OK) { goto done; }
|
||||
}
|
||||
/* empty window and reset */
|
||||
bitcpy = bitbuf = 0;
|
||||
@ -172,20 +167,18 @@ int ltc_ecc_mulmod(void *k, ecc_point *G, ecc_point *R, void *modulus, int map)
|
||||
for (j = 0; j < bitcpy; j++) {
|
||||
/* only double if we have had at least one add first */
|
||||
if (first == 0) {
|
||||
if ((err = ltc_mp.ecc_ptdbl(R, R, modulus, mp)) != CRYPT_OK) { goto done; }
|
||||
if ((err = ltc_mp.ecc_ptdbl(R, R, ma, modulus, mp)) != CRYPT_OK) { goto done; }
|
||||
}
|
||||
|
||||
bitbuf <<= 1;
|
||||
if ((bitbuf & (1 << WINSIZE)) != 0) {
|
||||
if (first == 1){
|
||||
/* first add, so copy */
|
||||
if ((err = mp_copy(tG->x, R->x)) != CRYPT_OK) { goto done; }
|
||||
if ((err = mp_copy(tG->y, R->y)) != CRYPT_OK) { goto done; }
|
||||
if ((err = mp_copy(tG->z, R->z)) != CRYPT_OK) { goto done; }
|
||||
if ((err = ltc_ecc_copy_point(tG, R)) != CRYPT_OK) { goto done; }
|
||||
first = 0;
|
||||
} else {
|
||||
/* then add */
|
||||
if ((err = ltc_mp.ecc_ptadd(R, tG, R, modulus, mp)) != CRYPT_OK) { goto done; }
|
||||
if ((err = ltc_mp.ecc_ptadd(R, tG, R, ma, modulus, mp)) != CRYPT_OK) { goto done; }
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -198,14 +191,15 @@ int ltc_ecc_mulmod(void *k, ecc_point *G, ecc_point *R, void *modulus, int map)
|
||||
err = CRYPT_OK;
|
||||
}
|
||||
done:
|
||||
if (mu != NULL) {
|
||||
mp_clear(mu);
|
||||
}
|
||||
mp_montgomery_free(mp);
|
||||
ltc_ecc_del_point(tG);
|
||||
for (i = 0; i < 8; i++) {
|
||||
ltc_ecc_del_point(M[i]);
|
||||
}
|
||||
error:
|
||||
if (ma != NULL) mp_clear(ma);
|
||||
if (a_plus3 != NULL) mp_clear(a_plus3);
|
||||
if (mu != NULL) mp_clear(mu);
|
||||
if (mp != NULL) mp_montgomery_free(mp);
|
||||
return err;
|
||||
}
|
||||
|
||||
|
@ -7,11 +7,6 @@
|
||||
* guarantee it works.
|
||||
*/
|
||||
|
||||
/* Implements ECC over Z/pZ for curve y^2 = x^3 - 3x + b
|
||||
*
|
||||
* All curves taken from NIST recommendation paper of July 1999
|
||||
* Available at http://csrc.nist.gov/cryptval/dss.htm
|
||||
*/
|
||||
#include "tomcrypt.h"
|
||||
|
||||
/**
|
||||
@ -28,15 +23,16 @@
|
||||
@param k The scalar to multiply by
|
||||
@param G The base point
|
||||
@param R [out] Destination for kG
|
||||
@param a ECC curve parameter a
|
||||
@param modulus The modulus of the field the ECC curve is in
|
||||
@param map Boolean whether to map back to affine or not (1==map, 0 == leave in projective)
|
||||
@return CRYPT_OK on success
|
||||
*/
|
||||
int ltc_ecc_mulmod(void *k, ecc_point *G, ecc_point *R, void *modulus, int map)
|
||||
int ltc_ecc_mulmod(void *k, const ecc_point *G, ecc_point *R, void *a, void *modulus, int map)
|
||||
{
|
||||
ecc_point *tG, *M[3];
|
||||
int i, j, err;
|
||||
void *mu, *mp;
|
||||
int i, j, err, inf;
|
||||
void *mp = NULL, *mu = NULL, *ma = NULL, *a_plus3 = NULL;
|
||||
ltc_mp_digit buf;
|
||||
int bitcnt, mode, digidx;
|
||||
|
||||
@ -45,18 +41,23 @@ int ltc_ecc_mulmod(void *k, ecc_point *G, ecc_point *R, void *modulus, int map)
|
||||
LTC_ARGCHK(R != NULL);
|
||||
LTC_ARGCHK(modulus != NULL);
|
||||
|
||||
if ((err = ltc_ecc_is_point_at_infinity(G, modulus, &inf)) != CRYPT_OK) return err;
|
||||
if (inf) {
|
||||
/* return the point at infinity */
|
||||
return ltc_ecc_set_point_xyz(1, 1, 0, R);
|
||||
}
|
||||
|
||||
/* init montgomery reduction */
|
||||
if ((err = mp_montgomery_setup(modulus, &mp)) != CRYPT_OK) {
|
||||
return err;
|
||||
}
|
||||
if ((err = mp_init(&mu)) != CRYPT_OK) {
|
||||
mp_montgomery_free(mp);
|
||||
return err;
|
||||
}
|
||||
if ((err = mp_montgomery_normalization(mu, modulus)) != CRYPT_OK) {
|
||||
mp_clear(mu);
|
||||
mp_montgomery_free(mp);
|
||||
return err;
|
||||
if ((err = mp_montgomery_setup(modulus, &mp)) != CRYPT_OK) { goto error; }
|
||||
if ((err = mp_init(&mu)) != CRYPT_OK) { goto error; }
|
||||
if ((err = mp_montgomery_normalization(mu, modulus)) != CRYPT_OK) { goto error; }
|
||||
|
||||
/* for curves with a == -3 keep ma == NULL */
|
||||
if ((err = mp_init(&a_plus3)) != CRYPT_OK) { goto error; }
|
||||
if ((err = mp_add_d(a, 3, a_plus3)) != CRYPT_OK) { goto error; }
|
||||
if (mp_cmp(a_plus3, modulus) != LTC_MP_EQ) {
|
||||
if ((err = mp_init(&ma)) != CRYPT_OK) { goto error; }
|
||||
if ((err = mp_mulmod(a, mu, modulus, ma)) != CRYPT_OK) { goto error; }
|
||||
}
|
||||
|
||||
/* alloc ram for window temps */
|
||||
@ -85,11 +86,9 @@ int ltc_ecc_mulmod(void *k, ecc_point *G, ecc_point *R, void *modulus, int map)
|
||||
|
||||
/* calc the M tab */
|
||||
/* M[0] == G */
|
||||
if ((err = mp_copy(tG->x, M[0]->x)) != CRYPT_OK) { goto done; }
|
||||
if ((err = mp_copy(tG->y, M[0]->y)) != CRYPT_OK) { goto done; }
|
||||
if ((err = mp_copy(tG->z, M[0]->z)) != CRYPT_OK) { goto done; }
|
||||
if ((err = ltc_ecc_copy_point(tG, M[0])) != CRYPT_OK) { goto done; }
|
||||
/* M[1] == 2G */
|
||||
if ((err = ltc_mp.ecc_ptdbl(tG, M[1], modulus, mp)) != CRYPT_OK) { goto done; }
|
||||
if ((err = ltc_mp.ecc_ptdbl(tG, M[1], ma, modulus, mp)) != CRYPT_OK) { goto done; }
|
||||
|
||||
/* setup sliding window */
|
||||
mode = 0;
|
||||
@ -110,32 +109,30 @@ int ltc_ecc_mulmod(void *k, ecc_point *G, ecc_point *R, void *modulus, int map)
|
||||
}
|
||||
|
||||
/* grab the next msb from the ltiplicand */
|
||||
i = (buf >> (MP_DIGIT_BIT - 1)) & 1;
|
||||
i = (int)((buf >> (MP_DIGIT_BIT - 1)) & 1);
|
||||
buf <<= 1;
|
||||
|
||||
if (mode == 0 && i == 0) {
|
||||
/* dummy operations */
|
||||
if ((err = ltc_mp.ecc_ptadd(M[0], M[1], M[2], modulus, mp)) != CRYPT_OK) { goto done; }
|
||||
if ((err = ltc_mp.ecc_ptdbl(M[1], M[2], modulus, mp)) != CRYPT_OK) { goto done; }
|
||||
if ((err = ltc_mp.ecc_ptadd(M[0], M[1], M[2], ma, modulus, mp)) != CRYPT_OK) { goto done; }
|
||||
if ((err = ltc_mp.ecc_ptdbl(M[1], M[2], ma, modulus, mp)) != CRYPT_OK) { goto done; }
|
||||
continue;
|
||||
}
|
||||
|
||||
if (mode == 0 && i == 1) {
|
||||
mode = 1;
|
||||
/* dummy operations */
|
||||
if ((err = ltc_mp.ecc_ptadd(M[0], M[1], M[2], modulus, mp)) != CRYPT_OK) { goto done; }
|
||||
if ((err = ltc_mp.ecc_ptdbl(M[1], M[2], modulus, mp)) != CRYPT_OK) { goto done; }
|
||||
if ((err = ltc_mp.ecc_ptadd(M[0], M[1], M[2], ma, modulus, mp)) != CRYPT_OK) { goto done; }
|
||||
if ((err = ltc_mp.ecc_ptdbl(M[1], M[2], ma, modulus, mp)) != CRYPT_OK) { goto done; }
|
||||
continue;
|
||||
}
|
||||
|
||||
if ((err = ltc_mp.ecc_ptadd(M[0], M[1], M[i^1], modulus, mp)) != CRYPT_OK) { goto done; }
|
||||
if ((err = ltc_mp.ecc_ptdbl(M[i], M[i], modulus, mp)) != CRYPT_OK) { goto done; }
|
||||
if ((err = ltc_mp.ecc_ptadd(M[0], M[1], M[i^1], ma, modulus, mp)) != CRYPT_OK) { goto done; }
|
||||
if ((err = ltc_mp.ecc_ptdbl(M[i], M[i], ma, modulus, mp)) != CRYPT_OK) { goto done; }
|
||||
}
|
||||
|
||||
/* copy result out */
|
||||
if ((err = mp_copy(M[0]->x, R->x)) != CRYPT_OK) { goto done; }
|
||||
if ((err = mp_copy(M[0]->y, R->y)) != CRYPT_OK) { goto done; }
|
||||
if ((err = mp_copy(M[0]->z, R->z)) != CRYPT_OK) { goto done; }
|
||||
if ((err = ltc_ecc_copy_point(M[0], R)) != CRYPT_OK) { goto done; }
|
||||
|
||||
/* map R back from projective space */
|
||||
if (map) {
|
||||
@ -144,14 +141,15 @@ int ltc_ecc_mulmod(void *k, ecc_point *G, ecc_point *R, void *modulus, int map)
|
||||
err = CRYPT_OK;
|
||||
}
|
||||
done:
|
||||
if (mu != NULL) {
|
||||
mp_clear(mu);
|
||||
}
|
||||
mp_montgomery_free(mp);
|
||||
ltc_ecc_del_point(tG);
|
||||
for (i = 0; i < 3; i++) {
|
||||
ltc_ecc_del_point(M[i]);
|
||||
}
|
||||
error:
|
||||
if (ma != NULL) mp_clear(ma);
|
||||
if (a_plus3 != NULL) mp_clear(a_plus3);
|
||||
if (mu != NULL) mp_clear(mu);
|
||||
if (mp != NULL) mp_montgomery_free(mp);
|
||||
return err;
|
||||
}
|
||||
|
||||
|
@ -7,11 +7,6 @@
|
||||
* guarantee it works.
|
||||
*/
|
||||
|
||||
/* Implements ECC over Z/pZ for curve y^2 = x^3 - 3x + b
|
||||
*
|
||||
* All curves taken from NIST recommendation paper of July 1999
|
||||
* Available at http://csrc.nist.gov/cryptval/dss.htm
|
||||
*/
|
||||
#include "tomcrypt.h"
|
||||
|
||||
/**
|
||||
@ -51,6 +46,24 @@ void ltc_ecc_del_point(ecc_point *p)
|
||||
}
|
||||
}
|
||||
|
||||
int ltc_ecc_set_point_xyz(ltc_mp_digit x, ltc_mp_digit y, ltc_mp_digit z, ecc_point *p)
|
||||
{
|
||||
int err;
|
||||
if ((err = ltc_mp.set_int(p->x, x)) != CRYPT_OK) return err;
|
||||
if ((err = ltc_mp.set_int(p->y, y)) != CRYPT_OK) return err;
|
||||
if ((err = ltc_mp.set_int(p->z, z)) != CRYPT_OK) return err;
|
||||
return CRYPT_OK;
|
||||
}
|
||||
|
||||
int ltc_ecc_copy_point(const ecc_point *src, ecc_point *dst)
|
||||
{
|
||||
int err;
|
||||
if ((err = ltc_mp.copy(src->x, dst->x)) != CRYPT_OK) return err;
|
||||
if ((err = ltc_mp.copy(src->y, dst->y)) != CRYPT_OK) return err;
|
||||
if ((err = ltc_mp.copy(src->z, dst->z)) != CRYPT_OK) return err;
|
||||
return CRYPT_OK;
|
||||
}
|
||||
|
||||
#endif
|
||||
/* ref: $Format:%D$ */
|
||||
/* git commit: $Format:%H$ */
|
||||
|
@ -7,11 +7,6 @@
|
||||
* guarantee it works.
|
||||
*/
|
||||
|
||||
/* Implements ECC over Z/pZ for curve y^2 = x^3 - 3x + b
|
||||
*
|
||||
* All curves taken from NIST recommendation paper of July 1999
|
||||
* Available at http://csrc.nist.gov/cryptval/dss.htm
|
||||
*/
|
||||
#include "tomcrypt.h"
|
||||
|
||||
/**
|
||||
@ -26,14 +21,15 @@
|
||||
@param P The point to add
|
||||
@param Q The point to add
|
||||
@param R [out] The destination of the double
|
||||
@param ma ECC curve parameter a in montgomery form
|
||||
@param modulus The modulus of the field the ECC curve is in
|
||||
@param mp The "b" value from montgomery_setup()
|
||||
@return CRYPT_OK on success
|
||||
*/
|
||||
int ltc_ecc_projective_add_point(ecc_point *P, ecc_point *Q, ecc_point *R, void *modulus, void *mp)
|
||||
int ltc_ecc_projective_add_point(const ecc_point *P, const ecc_point *Q, ecc_point *R, void *ma, void *modulus, void *mp)
|
||||
{
|
||||
void *t1, *t2, *x, *y, *z;
|
||||
int err;
|
||||
int err, inf;
|
||||
|
||||
LTC_ARGCHK(P != NULL);
|
||||
LTC_ARGCHK(Q != NULL);
|
||||
@ -45,14 +41,32 @@ int ltc_ecc_projective_add_point(ecc_point *P, ecc_point *Q, ecc_point *R, void
|
||||
return err;
|
||||
}
|
||||
|
||||
/* should we dbl instead? */
|
||||
if ((err = mp_sub(modulus, Q->y, t1)) != CRYPT_OK) { goto done; }
|
||||
if ((err = ltc_ecc_is_point_at_infinity(P, modulus, &inf)) != CRYPT_OK) return err;
|
||||
if (inf) {
|
||||
/* P is point at infinity >> Result = Q */
|
||||
err = ltc_ecc_copy_point(Q, R);
|
||||
goto done;
|
||||
}
|
||||
|
||||
if ( (mp_cmp(P->x, Q->x) == LTC_MP_EQ) &&
|
||||
(Q->z != NULL && mp_cmp(P->z, Q->z) == LTC_MP_EQ) &&
|
||||
(mp_cmp(P->y, Q->y) == LTC_MP_EQ || mp_cmp(P->y, t1) == LTC_MP_EQ)) {
|
||||
if ((err = ltc_ecc_is_point_at_infinity(Q, modulus, &inf)) != CRYPT_OK) return err;
|
||||
if (inf) {
|
||||
/* Q is point at infinity >> Result = P */
|
||||
err = ltc_ecc_copy_point(P, R);
|
||||
goto done;
|
||||
}
|
||||
|
||||
if ((mp_cmp(P->x, Q->x) == LTC_MP_EQ) && (mp_cmp(P->z, Q->z) == LTC_MP_EQ)) {
|
||||
if (mp_cmp(P->y, Q->y) == LTC_MP_EQ) {
|
||||
/* here P = Q >> Result = 2 * P (use doubling) */
|
||||
mp_clear_multi(t1, t2, x, y, z, NULL);
|
||||
return ltc_ecc_projective_dbl_point(P, R, modulus, mp);
|
||||
return ltc_ecc_projective_dbl_point(P, R, ma, modulus, mp);
|
||||
}
|
||||
if ((err = mp_sub(modulus, Q->y, t1)) != CRYPT_OK) { goto done; }
|
||||
if (mp_cmp(P->y, t1) == LTC_MP_EQ) {
|
||||
/* here Q = -P >>> Result = the point at infinity */
|
||||
err = ltc_ecc_set_point_xyz(1, 1, 0, R);
|
||||
goto done;
|
||||
}
|
||||
}
|
||||
|
||||
if ((err = mp_copy(P->x, x)) != CRYPT_OK) { goto done; }
|
||||
|
@ -7,13 +7,26 @@
|
||||
* guarantee it works.
|
||||
*/
|
||||
|
||||
/* Implements ECC over Z/pZ for curve y^2 = x^3 - 3x + b
|
||||
*
|
||||
* All curves taken from NIST recommendation paper of July 1999
|
||||
* Available at http://csrc.nist.gov/cryptval/dss.htm
|
||||
*/
|
||||
#include "tomcrypt.h"
|
||||
|
||||
/* ### Point doubling in Jacobian coordinate system ###
|
||||
*
|
||||
* let us have a curve: y^2 = x^3 + a*x + b
|
||||
* in Jacobian coordinates it becomes: y^2 = x^3 + a*x*z^4 + b*z^6
|
||||
*
|
||||
* The doubling of P = (Xp, Yp, Zp) is given by R = (Xr, Yr, Zr) where:
|
||||
* Xr = M^2 - 2*S
|
||||
* Yr = M * (S - Xr) - 8*T
|
||||
* Zr = 2 * Yp * Zp
|
||||
*
|
||||
* M = 3 * Xp^2 + a*Zp^4
|
||||
* T = Yp^4
|
||||
* S = 4 * Xp * Yp^2
|
||||
*
|
||||
* SPECIAL CASE: when a == -3 we can compute M as
|
||||
* M = 3 * (Xp^2 - Zp^4) = 3 * (Xp + Zp^2) * (Xp - Zp^2)
|
||||
*/
|
||||
|
||||
/**
|
||||
@file ltc_ecc_projective_dbl_point.c
|
||||
ECC Crypto, Tom St Denis
|
||||
@ -25,14 +38,15 @@
|
||||
Double an ECC point
|
||||
@param P The point to double
|
||||
@param R [out] The destination of the double
|
||||
@param ma ECC curve parameter a in montgomery form
|
||||
@param modulus The modulus of the field the ECC curve is in
|
||||
@param mp The "b" value from montgomery_setup()
|
||||
@return CRYPT_OK on success
|
||||
*/
|
||||
int ltc_ecc_projective_dbl_point(ecc_point *P, ecc_point *R, void *modulus, void *mp)
|
||||
int ltc_ecc_projective_dbl_point(const ecc_point *P, ecc_point *R, void *ma, void *modulus, void *mp)
|
||||
{
|
||||
void *t1, *t2;
|
||||
int err;
|
||||
int err, inf;
|
||||
|
||||
LTC_ARGCHK(P != NULL);
|
||||
LTC_ARGCHK(R != NULL);
|
||||
@ -44,9 +58,14 @@ int ltc_ecc_projective_dbl_point(ecc_point *P, ecc_point *R, void *modulus, void
|
||||
}
|
||||
|
||||
if (P != R) {
|
||||
if ((err = mp_copy(P->x, R->x)) != CRYPT_OK) { goto done; }
|
||||
if ((err = mp_copy(P->y, R->y)) != CRYPT_OK) { goto done; }
|
||||
if ((err = mp_copy(P->z, R->z)) != CRYPT_OK) { goto done; }
|
||||
if ((err = ltc_ecc_copy_point(P, R)) != CRYPT_OK) { goto done; }
|
||||
}
|
||||
|
||||
if ((err = ltc_ecc_is_point_at_infinity(P, modulus, &inf)) != CRYPT_OK) return err;
|
||||
if (inf) {
|
||||
/* if P is point at infinity >> Result = point at infinity */
|
||||
err = ltc_ecc_set_point_xyz(1, 1, 0, R);
|
||||
goto done;
|
||||
}
|
||||
|
||||
/* t1 = Z * Z */
|
||||
@ -61,6 +80,7 @@ int ltc_ecc_projective_dbl_point(ecc_point *P, ecc_point *R, void *modulus, void
|
||||
if ((err = mp_sub(R->z, modulus, R->z)) != CRYPT_OK) { goto done; }
|
||||
}
|
||||
|
||||
if (ma == NULL) { /* special case for curves with a == -3 (10% faster than general case) */
|
||||
/* T2 = X - T1 */
|
||||
if ((err = mp_sub(R->x, t1, t2)) != CRYPT_OK) { goto done; }
|
||||
if (mp_cmp_d(t2, 0) == LTC_MP_LT) {
|
||||
@ -84,6 +104,33 @@ int ltc_ecc_projective_dbl_point(ecc_point *P, ecc_point *R, void *modulus, void
|
||||
if (mp_cmp(t1, modulus) != LTC_MP_LT) {
|
||||
if ((err = mp_sub(t1, modulus, t1)) != CRYPT_OK) { goto done; }
|
||||
}
|
||||
}
|
||||
else {
|
||||
/* T2 = T1 * T1 */
|
||||
if ((err = mp_sqr(t1, t2)) != CRYPT_OK) { goto done; }
|
||||
if ((err = mp_montgomery_reduce(t2, modulus, mp)) != CRYPT_OK) { goto done; }
|
||||
/* T1 = T2 * a */
|
||||
if ((err = mp_mul(t2, ma, t1)) != CRYPT_OK) { goto done; }
|
||||
if ((err = mp_montgomery_reduce(t1, modulus, mp)) != CRYPT_OK) { goto done; }
|
||||
/* T2 = X * X */
|
||||
if ((err = mp_sqr(R->x, t2)) != CRYPT_OK) { goto done; }
|
||||
if ((err = mp_montgomery_reduce(t2, modulus, mp)) != CRYPT_OK) { goto done; }
|
||||
/* T1 = T2 + T1 */
|
||||
if ((err = mp_add(t1, t2, t1)) != CRYPT_OK) { goto done; }
|
||||
if (mp_cmp(t1, modulus) != LTC_MP_LT) {
|
||||
if ((err = mp_sub(t1, modulus, t1)) != CRYPT_OK) { goto done; }
|
||||
}
|
||||
/* T1 = T2 + T1 */
|
||||
if ((err = mp_add(t1, t2, t1)) != CRYPT_OK) { goto done; }
|
||||
if (mp_cmp(t1, modulus) != LTC_MP_LT) {
|
||||
if ((err = mp_sub(t1, modulus, t1)) != CRYPT_OK) { goto done; }
|
||||
}
|
||||
/* T1 = T2 + T1 */
|
||||
if ((err = mp_add(t1, t2, t1)) != CRYPT_OK) { goto done; }
|
||||
if (mp_cmp(t1, modulus) != LTC_MP_LT) {
|
||||
if ((err = mp_sub(t1, modulus, t1)) != CRYPT_OK) { goto done; }
|
||||
}
|
||||
}
|
||||
|
||||
/* Y = 2Y */
|
||||
if ((err = mp_add(R->y, R->y, R->y)) != CRYPT_OK) { goto done; }
|
||||
@ -135,7 +182,7 @@ int ltc_ecc_projective_dbl_point(ecc_point *P, ecc_point *R, void *modulus, void
|
||||
|
||||
err = CRYPT_OK;
|
||||
done:
|
||||
mp_clear_multi(t1, t2, NULL);
|
||||
mp_clear_multi(t2, t1, NULL);
|
||||
return err;
|
||||
}
|
||||
#endif
|
||||
|
69
src/pk/ecc/ltc_ecc_verify_key.c
Normal file
69
src/pk/ecc/ltc_ecc_verify_key.c
Normal file
@ -0,0 +1,69 @@
|
||||
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
|
||||
*
|
||||
* LibTomCrypt is a library that provides various cryptographic
|
||||
* algorithms in a highly modular and flexible manner.
|
||||
*
|
||||
* The library is free for all purposes without any express
|
||||
* guarantee it works.
|
||||
*/
|
||||
|
||||
#include "tomcrypt.h"
|
||||
|
||||
/* origin of this code - OLPC */
|
||||
|
||||
#ifdef LTC_MECC
|
||||
|
||||
/**
|
||||
Verify a key according to ANSI spec
|
||||
@param key The key to validate
|
||||
@return CRYPT_OK if successful
|
||||
*/
|
||||
|
||||
int ltc_ecc_verify_key(const ecc_key *key)
|
||||
{
|
||||
int err, inf;
|
||||
ecc_point *point;
|
||||
void *prime = key->dp.prime;
|
||||
void *order = key->dp.order;
|
||||
void *a = key->dp.A;
|
||||
|
||||
/* Test 1: Are the x and y points of the public key in the field? */
|
||||
if (ltc_mp.compare_d(key->pubkey.z, 1) == LTC_MP_EQ) {
|
||||
if ((ltc_mp.compare(key->pubkey.x, prime) != LTC_MP_LT) ||
|
||||
(ltc_mp.compare(key->pubkey.y, prime) != LTC_MP_LT) ||
|
||||
(ltc_mp.compare_d(key->pubkey.x, 0) == LTC_MP_LT) ||
|
||||
(ltc_mp.compare_d(key->pubkey.y, 0) == LTC_MP_LT) ||
|
||||
(mp_iszero(key->pubkey.x) && mp_iszero(key->pubkey.y))
|
||||
)
|
||||
{
|
||||
err = CRYPT_INVALID_PACKET;
|
||||
goto done2;
|
||||
}
|
||||
}
|
||||
|
||||
/* Test 2: is the public key on the curve? */
|
||||
if ((err = ltc_ecc_is_point(&key->dp, key->pubkey.x, key->pubkey.y)) != CRYPT_OK) { goto done2; }
|
||||
|
||||
/* Test 3: does nG = O? (n = order, O = point at infinity, G = public key) */
|
||||
point = ltc_ecc_new_point();
|
||||
if ((err = ltc_ecc_mulmod(order, &(key->pubkey), point, a, prime, 1)) != CRYPT_OK) { goto done1; }
|
||||
|
||||
err = ltc_ecc_is_point_at_infinity(point, prime, &inf);
|
||||
if (err != CRYPT_OK || inf) {
|
||||
err = CRYPT_ERROR;
|
||||
}
|
||||
else {
|
||||
err = CRYPT_OK;
|
||||
}
|
||||
|
||||
done1:
|
||||
ltc_ecc_del_point(point);
|
||||
done2:
|
||||
return err;
|
||||
}
|
||||
|
||||
#endif
|
||||
|
||||
/* ref: $Format:%D$ */
|
||||
/* git commit: $Format:%H$ */
|
||||
/* commit time: $Format:%ai$ */
|
@ -306,21 +306,11 @@ static void _der_tests_print_flexi(ltc_asn1_list* l, unsigned int level)
|
||||
case LTC_ASN1_OBJECT_IDENTIFIER:
|
||||
name = "OBJECT IDENTIFIER";
|
||||
{
|
||||
unsigned long i;
|
||||
int r;
|
||||
char* s = buf;
|
||||
int sz = sizeof(buf);
|
||||
for (i = 0; i < l->size; ++i) {
|
||||
r = snprintf(s, sz, "%lu.", ((unsigned long*)l->data)[i]);
|
||||
if (r < 0 || r >= sz) {
|
||||
unsigned long len = sizeof(buf);
|
||||
if (pk_oid_num_to_str(l->data, l->size, buf, &len) != CRYPT_OK) {
|
||||
fprintf(stderr, "%s boom\n", name);
|
||||
exit(EXIT_FAILURE);
|
||||
}
|
||||
s += r;
|
||||
sz -= r;
|
||||
}
|
||||
/* replace the last . with a \0 */
|
||||
*(s - 1) = '\0';
|
||||
text = buf;
|
||||
}
|
||||
break;
|
||||
|
340
tests/ecc_test.c
340
tests/ecc_test.c
@ -11,41 +11,42 @@
|
||||
#if defined(LTC_MECC)
|
||||
|
||||
static unsigned int sizes[] = {
|
||||
#ifdef LTC_ECC112
|
||||
#ifdef LTC_ECC_SECP112R1
|
||||
14,
|
||||
#endif
|
||||
#ifdef LTC_ECC128
|
||||
#ifdef LTC_ECC_SECP128R1
|
||||
16,
|
||||
#endif
|
||||
#ifdef LTC_ECC160
|
||||
#ifdef LTC_ECC_SECP160R1
|
||||
20,
|
||||
#endif
|
||||
#ifdef LTC_ECC192
|
||||
#ifdef LTC_ECC_SECP192R1
|
||||
24,
|
||||
#endif
|
||||
#ifdef LTC_ECC224
|
||||
#ifdef LTC_ECC_SECP224R1
|
||||
28,
|
||||
#endif
|
||||
#ifdef LTC_ECC256
|
||||
#ifdef LTC_ECC_SECP256R1
|
||||
32,
|
||||
#endif
|
||||
#ifdef LTC_ECC384
|
||||
#ifdef LTC_ECC_SECP384R1
|
||||
48,
|
||||
#endif
|
||||
#ifdef LTC_ECC521
|
||||
65
|
||||
#ifdef LTC_ECC_SECP512R1
|
||||
66
|
||||
#endif
|
||||
};
|
||||
|
||||
#ifdef LTC_ECC_SHAMIR
|
||||
int ecc_test_shamir(void)
|
||||
static int _ecc_test_shamir(void)
|
||||
{
|
||||
void *modulus, *mp, *kA, *kB, *rA, *rB;
|
||||
void *a, *modulus, *mp, *kA, *kB, *rA, *rB;
|
||||
void *mu, *ma;
|
||||
ecc_point *G, *A, *B, *C1, *C2;
|
||||
int x, y, z;
|
||||
unsigned char buf[ECC_BUF_SIZE];
|
||||
|
||||
DO(mp_init_multi(&kA, &kB, &rA, &rB, &modulus, NULL));
|
||||
DO(mp_init_multi(&kA, &kB, &rA, &rB, &modulus, &a, &mu, &ma, NULL));
|
||||
LTC_ARGCHK((G = ltc_ecc_new_point()) != NULL);
|
||||
LTC_ARGCHK((A = ltc_ecc_new_point()) != NULL);
|
||||
LTC_ARGCHK((B = ltc_ecc_new_point()) != NULL);
|
||||
@ -54,17 +55,20 @@ int ecc_test_shamir(void)
|
||||
|
||||
for (x = 0; x < (int)(sizeof(sizes)/sizeof(sizes[0])); x++) {
|
||||
/* get the base point */
|
||||
for (z = 0; ltc_ecc_sets[z].name; z++) {
|
||||
if (sizes[z] < (unsigned int)ltc_ecc_sets[z].size) break;
|
||||
for (z = 0; ltc_ecc_curves[z].prime != NULL; z++) {
|
||||
DO(mp_read_radix(modulus, ltc_ecc_curves[z].prime, 16));
|
||||
if (sizes[x] <= mp_unsigned_bin_size(modulus)) break;
|
||||
}
|
||||
LTC_ARGCHK(ltc_ecc_sets[z].name != NULL);
|
||||
LTC_ARGCHK(ltc_ecc_curves[z].prime != NULL);
|
||||
|
||||
/* load it */
|
||||
DO(mp_read_radix(G->x, ltc_ecc_sets[z].Gx, 16));
|
||||
DO(mp_read_radix(G->y, ltc_ecc_sets[z].Gy, 16));
|
||||
DO(mp_read_radix(G->x, ltc_ecc_curves[z].Gx, 16));
|
||||
DO(mp_read_radix(G->y, ltc_ecc_curves[z].Gy, 16));
|
||||
DO(mp_set(G->z, 1));
|
||||
DO(mp_read_radix(modulus, ltc_ecc_sets[z].prime, 16));
|
||||
DO(mp_read_radix(a, ltc_ecc_curves[z].A, 16));
|
||||
DO(mp_montgomery_setup(modulus, &mp));
|
||||
DO(mp_montgomery_normalization(mu, modulus));
|
||||
DO(mp_mulmod(a, mu, modulus, ma));
|
||||
|
||||
/* do 100 random tests */
|
||||
for (y = 0; y < 100; y++) {
|
||||
@ -75,10 +79,10 @@ int ecc_test_shamir(void)
|
||||
DO(mp_read_unsigned_bin(rB, buf, sizes[x]));
|
||||
|
||||
/* compute rA * G = A */
|
||||
DO(ltc_mp.ecc_ptmul(rA, G, A, modulus, 1));
|
||||
DO(ltc_mp.ecc_ptmul(rA, G, A, a, modulus, 1));
|
||||
|
||||
/* compute rB * G = B */
|
||||
DO(ltc_mp.ecc_ptmul(rB, G, B, modulus, 1));
|
||||
DO(ltc_mp.ecc_ptmul(rB, G, B, a, modulus, 1));
|
||||
|
||||
/* pick a random kA, kB */
|
||||
LTC_ARGCHK(yarrow_read(buf, sizes[x], &yarrow_prng) == sizes[x]);
|
||||
@ -87,13 +91,13 @@ int ecc_test_shamir(void)
|
||||
DO(mp_read_unsigned_bin(kB, buf, sizes[x]));
|
||||
|
||||
/* now, compute kA*A + kB*B = C1 using the older method */
|
||||
DO(ltc_mp.ecc_ptmul(kA, A, C1, modulus, 0));
|
||||
DO(ltc_mp.ecc_ptmul(kB, B, C2, modulus, 0));
|
||||
DO(ltc_mp.ecc_ptadd(C1, C2, C1, modulus, mp));
|
||||
DO(ltc_mp.ecc_ptmul(kA, A, C1, a, modulus, 0));
|
||||
DO(ltc_mp.ecc_ptmul(kB, B, C2, a, modulus, 0));
|
||||
DO(ltc_mp.ecc_ptadd(C1, C2, C1, a, modulus, mp));
|
||||
DO(ltc_mp.ecc_map(C1, modulus, mp));
|
||||
|
||||
/* now compute using mul2add */
|
||||
DO(ltc_mp.ecc_mul2add(A, kA, B, kB, C2, modulus));
|
||||
DO(ltc_mp.ecc_mul2add(A, kA, B, kB, C2, ma, modulus));
|
||||
|
||||
/* is they the sames? */
|
||||
if ((mp_cmp(C1->x, C2->x) != LTC_MP_EQ) || (mp_cmp(C1->y, C2->y) != LTC_MP_EQ) || (mp_cmp(C1->z, C2->z) != LTC_MP_EQ)) {
|
||||
@ -108,26 +112,120 @@ int ecc_test_shamir(void)
|
||||
ltc_ecc_del_point(B);
|
||||
ltc_ecc_del_point(A);
|
||||
ltc_ecc_del_point(G);
|
||||
mp_clear_multi(kA, kB, rA, rB, modulus, NULL);
|
||||
mp_clear_multi(kA, kB, rA, rB, modulus, a, mu, ma, NULL);
|
||||
return 0;
|
||||
}
|
||||
#endif
|
||||
|
||||
int ecc_tests (void)
|
||||
static int _ecc_issue108(void)
|
||||
{
|
||||
void *a, *modulus, *order;
|
||||
ecc_point *Q, *Result;
|
||||
int err;
|
||||
const ltc_ecc_curve* dp;
|
||||
|
||||
/* init */
|
||||
if ((err = mp_init_multi(&modulus, &order, &a, NULL)) != CRYPT_OK) { return err; }
|
||||
Q = ltc_ecc_new_point();
|
||||
Result = ltc_ecc_new_point();
|
||||
|
||||
/* ECC-224 AKA SECP224R1 */
|
||||
if ((err = ecc_get_curve("SECP224R1", &dp)) != CRYPT_OK) { goto done; }
|
||||
/* read A */
|
||||
if ((err = mp_read_radix(a, (char *)dp->A, 16)) != CRYPT_OK) { goto done; }
|
||||
/* read modulus */
|
||||
if ((err = mp_read_radix(modulus, (char *)dp->prime, 16)) != CRYPT_OK) { goto done; }
|
||||
/* read order */
|
||||
if ((err = mp_read_radix(order, (char *)dp->order, 16)) != CRYPT_OK) { goto done; }
|
||||
/* read Q */
|
||||
if ((err = mp_read_radix(Q->x, (char *)"EA3745501BBC6A70BBFDD8AEEDB18CF5073C6DC9AA7CBB5915170D60", 16)) != CRYPT_OK) { goto done; }
|
||||
if ((err = mp_read_radix(Q->y, (char *)"6C9CB8E68AABFEC989CAC5E2326E0448B7E69C3E56039BA21A44FDAC", 16)) != CRYPT_OK) { goto done; }
|
||||
mp_set(Q->z, 1);
|
||||
/* calculate nQ */
|
||||
if ((err = ltc_mp.ecc_ptmul(order, Q, Result, a, modulus, 1)) != CRYPT_OK) { goto done; }
|
||||
|
||||
done:
|
||||
ltc_ecc_del_point(Result);
|
||||
ltc_ecc_del_point(Q);
|
||||
mp_clear_multi(modulus, order, a, NULL);
|
||||
return err;
|
||||
}
|
||||
|
||||
static int _ecc_test_mp(void)
|
||||
{
|
||||
void *a, *modulus, *order;
|
||||
ecc_point *G, *GG;
|
||||
int i, err, primality;
|
||||
|
||||
if ((err = mp_init_multi(&modulus, &order, &a, NULL)) != CRYPT_OK) {
|
||||
return err;
|
||||
}
|
||||
|
||||
G = ltc_ecc_new_point();
|
||||
GG = ltc_ecc_new_point();
|
||||
if (G == NULL || GG == NULL) {
|
||||
mp_clear_multi(modulus, order, NULL);
|
||||
ltc_ecc_del_point(G);
|
||||
ltc_ecc_del_point(GG);
|
||||
return CRYPT_MEM;
|
||||
}
|
||||
|
||||
for (i = 0; ltc_ecc_curves[i].prime != NULL; i++) {
|
||||
if ((err = mp_read_radix(a, (char *)ltc_ecc_curves[i].A, 16)) != CRYPT_OK) { goto done; }
|
||||
if ((err = mp_read_radix(modulus, (char *)ltc_ecc_curves[i].prime, 16)) != CRYPT_OK) { goto done; }
|
||||
if ((err = mp_read_radix(order, (char *)ltc_ecc_curves[i].order, 16)) != CRYPT_OK) { goto done; }
|
||||
|
||||
/* is prime actually prime? */
|
||||
if ((err = mp_prime_is_prime(modulus, 8, &primality)) != CRYPT_OK) { goto done; }
|
||||
if (primality == 0) {
|
||||
err = CRYPT_FAIL_TESTVECTOR;
|
||||
goto done;
|
||||
}
|
||||
|
||||
/* is order prime ? */
|
||||
if ((err = mp_prime_is_prime(order, 8, &primality)) != CRYPT_OK) { goto done; }
|
||||
if (primality == 0) {
|
||||
err = CRYPT_FAIL_TESTVECTOR;
|
||||
goto done;
|
||||
}
|
||||
|
||||
if ((err = mp_read_radix(G->x, (char *)ltc_ecc_curves[i].Gx, 16)) != CRYPT_OK) { goto done; }
|
||||
if ((err = mp_read_radix(G->y, (char *)ltc_ecc_curves[i].Gy, 16)) != CRYPT_OK) { goto done; }
|
||||
mp_set(G->z, 1);
|
||||
|
||||
/* then we should have G == (order + 1)G */
|
||||
if ((err = mp_add_d(order, 1, order)) != CRYPT_OK) { goto done; }
|
||||
if ((err = ltc_mp.ecc_ptmul(order, G, GG, a, modulus, 1)) != CRYPT_OK) { goto done; }
|
||||
if (mp_cmp(G->x, GG->x) != LTC_MP_EQ || mp_cmp(G->y, GG->y) != LTC_MP_EQ) {
|
||||
err = CRYPT_FAIL_TESTVECTOR;
|
||||
goto done;
|
||||
}
|
||||
}
|
||||
err = CRYPT_OK;
|
||||
done:
|
||||
ltc_ecc_del_point(GG);
|
||||
ltc_ecc_del_point(G);
|
||||
mp_clear_multi(order, modulus, a, NULL);
|
||||
return err;
|
||||
}
|
||||
|
||||
int _ecc_old_api(void)
|
||||
{
|
||||
unsigned char buf[4][4096], ch;
|
||||
unsigned long x, y, z, s;
|
||||
int stat, stat2;
|
||||
ecc_key usera, userb, pubKey, privKey;
|
||||
int low, high;
|
||||
|
||||
if (ltc_mp.name == NULL) return CRYPT_NOP;
|
||||
|
||||
DO(ecc_test ());
|
||||
ecc_sizes(&low, &high);
|
||||
if (low < 14 || high < 14 || low > 100 || high > 100 || high < low) return CRYPT_FAIL_TESTVECTOR;
|
||||
|
||||
for (s = 0; s < (sizeof(sizes)/sizeof(sizes[0])); s++) {
|
||||
/* make up two keys */
|
||||
DO(ecc_make_key (&yarrow_prng, find_prng ("yarrow"), sizes[s], &usera));
|
||||
DO(ecc_make_key (&yarrow_prng, find_prng ("yarrow"), sizes[s], &userb));
|
||||
if (ecc_get_size(&usera) != (int)sizes[s]) return CRYPT_FAIL_TESTVECTOR;
|
||||
if (ecc_get_size(&userb) != (int)sizes[s]) return CRYPT_FAIL_TESTVECTOR;
|
||||
|
||||
/* make the shared secret */
|
||||
x = sizeof(buf[0]);
|
||||
@ -249,18 +347,188 @@ int ecc_tests (void)
|
||||
ecc_free (&pubKey);
|
||||
ecc_free (&privKey);
|
||||
}
|
||||
#ifdef LTC_ECC_SHAMIR
|
||||
return ecc_test_shamir();
|
||||
#else
|
||||
return 0;
|
||||
#endif
|
||||
return CRYPT_OK;
|
||||
}
|
||||
|
||||
#else
|
||||
int _ecc_new_api(void)
|
||||
{
|
||||
const char* names[] = {
|
||||
#ifdef LTC_ECC_SECP112R1
|
||||
"SECP112R1", "ECC-112",
|
||||
"secp112r1", /* name is case-insensitive */
|
||||
"S E C-P-1_1_2r1", /* should pass fuzzy matching */
|
||||
#endif
|
||||
#ifdef LTC_ECC_SECP112R2
|
||||
"SECP112R2",
|
||||
#endif
|
||||
#ifdef LTC_ECC_SECP128R1
|
||||
"SECP128R1", "ECC-128",
|
||||
#endif
|
||||
#ifdef LTC_ECC_SECP128R2
|
||||
"SECP128R2",
|
||||
#endif
|
||||
#ifdef LTC_ECC_SECP160R1
|
||||
"SECP160R1", "ECC-160",
|
||||
#endif
|
||||
#ifdef LTC_ECC_SECP160R2
|
||||
"SECP160R2",
|
||||
#endif
|
||||
#ifdef LTC_ECC_SECP160K1
|
||||
"SECP160K1",
|
||||
#endif
|
||||
#ifdef LTC_ECC_BRAINPOOLP160R1
|
||||
"BRAINPOOLP160R1",
|
||||
#endif
|
||||
#ifdef LTC_ECC_SECP192R1
|
||||
"SECP192R1", "NISTP192", "PRIME192V1", "ECC-192", "P-192",
|
||||
#endif
|
||||
#ifdef LTC_ECC_PRIME192V2
|
||||
"PRIME192V2",
|
||||
#endif
|
||||
#ifdef LTC_ECC_PRIME192V3
|
||||
"PRIME192V3",
|
||||
#endif
|
||||
#ifdef LTC_ECC_SECP192K1
|
||||
"SECP192K1",
|
||||
#endif
|
||||
#ifdef LTC_ECC_BRAINPOOLP192R1
|
||||
"BRAINPOOLP192R1",
|
||||
#endif
|
||||
#ifdef LTC_ECC_SECP224R1
|
||||
"SECP224R1", "NISTP224", "ECC-224", "P-224",
|
||||
#endif
|
||||
#ifdef LTC_ECC_SECP224K1
|
||||
"SECP224K1",
|
||||
#endif
|
||||
#ifdef LTC_ECC_BRAINPOOLP224R1
|
||||
"BRAINPOOLP224R1",
|
||||
#endif
|
||||
#ifdef LTC_ECC_PRIME239V1
|
||||
"PRIME239V1",
|
||||
#endif
|
||||
#ifdef LTC_ECC_PRIME239V2
|
||||
"PRIME239V2",
|
||||
#endif
|
||||
#ifdef LTC_ECC_PRIME239V3
|
||||
"PRIME239V3",
|
||||
#endif
|
||||
#ifdef LTC_ECC_SECP256R1
|
||||
"SECP256R1", "NISTP256", "PRIME256V1", "ECC-256", "P-256",
|
||||
#endif
|
||||
#ifdef LTC_ECC_SECP256K1
|
||||
"SECP256K1",
|
||||
#endif
|
||||
#ifdef LTC_ECC_BRAINPOOLP256R1
|
||||
"BRAINPOOLP256R1",
|
||||
#endif
|
||||
#ifdef LTC_ECC_BRAINPOOLP320R1
|
||||
"BRAINPOOLP320R1",
|
||||
#endif
|
||||
#ifdef LTC_ECC_SECP384R1
|
||||
"SECP384R1", "NISTP384", "ECC-384", "P-384",
|
||||
#endif
|
||||
#ifdef LTC_ECC_BRAINPOOLP384R1
|
||||
"BRAINPOOLP384R1",
|
||||
#endif
|
||||
#ifdef LTC_ECC_BRAINPOOLP512R1
|
||||
"BRAINPOOLP512R1",
|
||||
#endif
|
||||
#ifdef LTC_ECC_SECP521R1
|
||||
"SECP521R1", "NISTP521", "ECC-521", "P-521",
|
||||
#endif
|
||||
};
|
||||
int i, j, stat;
|
||||
const ltc_ecc_curve* dp;
|
||||
ecc_key key, privkey, pubkey;
|
||||
unsigned char buf[1000];
|
||||
unsigned long len;
|
||||
unsigned char data16[16] = { 0xd1, 0xd1, 0xd1, 0xd1, 0xd1, 0xd1, 0xd1, 0xd1, 0xd1, 0xd1, 0xd1, 0xd1, 0xd1, 0xd1, 0xd1, 0xd1 };
|
||||
unsigned long len16;
|
||||
|
||||
if (ltc_mp.name == NULL) return CRYPT_NOP;
|
||||
|
||||
for (i = 0; i < (int)(sizeof(names)/sizeof(names[0])); i++) {
|
||||
DO(ecc_get_curve(names[i], &dp));
|
||||
/* make new key */
|
||||
DO(ecc_make_key_ex(&yarrow_prng, find_prng ("yarrow"), &key, dp));
|
||||
len = sizeof(buf);
|
||||
DO(ecc_export(buf, &len, PK_PRIVATE, &key));
|
||||
DO(ecc_import_ex(buf, len, &privkey, dp));
|
||||
ecc_free(&privkey);
|
||||
len = sizeof(buf);
|
||||
DO(ecc_export(buf, &len, PK_PUBLIC, &key));
|
||||
DO(ecc_import_ex(buf, len, &pubkey, dp));
|
||||
ecc_free(&pubkey);
|
||||
len = sizeof(buf);
|
||||
DO(ecc_ansi_x963_export(&key, buf, &len));
|
||||
ecc_free(&key);
|
||||
DO(ecc_ansi_x963_import_ex(buf, len, &pubkey, dp));
|
||||
ecc_free(&pubkey);
|
||||
|
||||
/* generate new key */
|
||||
DO(ecc_set_dp(dp, &key));
|
||||
DO(ecc_generate_key(&yarrow_prng, find_prng ("yarrow"), &key));
|
||||
len = sizeof(buf);
|
||||
DO(ecc_get_key(buf, &len, PK_PRIVATE, &key));
|
||||
ecc_free(&key);
|
||||
|
||||
/* load exported private key */
|
||||
DO(ecc_set_dp(dp, &privkey));
|
||||
DO(ecc_set_key(buf, len, PK_PRIVATE, &privkey));
|
||||
|
||||
#ifndef USE_TFM
|
||||
/* XXX-FIXME: TFM does not support sqrtmod_prime */
|
||||
/* export compressed public key */
|
||||
len = sizeof(buf);
|
||||
DO(ecc_get_key(buf, &len, PK_PUBLIC|PK_COMPRESSED, &privkey));
|
||||
if (len != 1 + (unsigned)ecc_get_size(&privkey)) return CRYPT_FAIL_TESTVECTOR;
|
||||
/* load exported public+compressed key */
|
||||
DO(ecc_set_dp(dp, &pubkey));
|
||||
DO(ecc_set_key(buf, len, PK_PUBLIC, &pubkey));
|
||||
ecc_free(&pubkey);
|
||||
#endif
|
||||
|
||||
/* export long public key */
|
||||
len = sizeof(buf);
|
||||
DO(ecc_get_key(buf, &len, PK_PUBLIC, &privkey));
|
||||
if (len != 1 + 2 * (unsigned)ecc_get_size(&privkey)) return CRYPT_FAIL_TESTVECTOR;
|
||||
/* load exported public key */
|
||||
DO(ecc_set_dp(dp, &pubkey));
|
||||
DO(ecc_set_key(buf, len, PK_PUBLIC, &pubkey));
|
||||
|
||||
/* test signature */
|
||||
len = sizeof(buf);
|
||||
DO(ecc_sign_hash(data16, 16, buf, &len, &yarrow_prng, find_prng ("yarrow"), &privkey));
|
||||
stat = 0;
|
||||
DO(ecc_verify_hash(buf, len, data16, 16, &stat, &pubkey));
|
||||
if (stat != 1) return CRYPT_FAIL_TESTVECTOR;
|
||||
|
||||
/* test encryption */
|
||||
len = sizeof(buf);
|
||||
DO(ecc_encrypt_key(data16, 16, buf, &len, &yarrow_prng, find_prng("yarrow"), find_hash("sha256"), &pubkey));
|
||||
zeromem(data16, 16);
|
||||
len16 = 16;
|
||||
DO(ecc_decrypt_key(buf, len, data16, &len16, &privkey));
|
||||
if (len16 != 16) return CRYPT_FAIL_TESTVECTOR;
|
||||
for (j = 0; j < 16; j++) if (data16[j] != 0xd1) return CRYPT_FAIL_TESTVECTOR;
|
||||
|
||||
/* cleanup */
|
||||
ecc_free(&privkey);
|
||||
ecc_free(&pubkey);
|
||||
}
|
||||
return CRYPT_OK;
|
||||
}
|
||||
|
||||
int ecc_tests(void)
|
||||
{
|
||||
return CRYPT_NOP;
|
||||
DO(_ecc_old_api()); /* up to 1.18 */
|
||||
DO(_ecc_new_api());
|
||||
DO(_ecc_test_mp());
|
||||
DO(_ecc_issue108());
|
||||
#ifdef LTC_ECC_SHAMIR
|
||||
DO(_ecc_test_shamir());
|
||||
#endif
|
||||
return CRYPT_OK;
|
||||
}
|
||||
|
||||
#endif
|
||||
|
Loading…
Reference in New Issue
Block a user