openbsd/src/lib/libcrypto/ec, branch OPENBSD_7_8

openbsd/src/lib/libcrypto/ec, branch OPENBSD_7_8_BASE A mirror of https://github.com/libressl/openbsd.git https://git.lua4.win/openbsd/atom?h=OPENBSD_7_8_BASE 2025-08-26T14:14:52+00:00 ec_mult.c: place this code under my ISC license 2025-08-26T14:14:52+00:00 tb 2025-08-26T14:14:52+00:00 urn:sha1:b54b551b03de5db0750e0fffc1a4ad3389fd28d3 I have effectively rewritten the entirety of this file end of 2024. This isn't code I'm particularly proud of, but it's much better than it was before (it's not as if that involved any sort of challenge...) requested by/ok jsing Implement constant time EC scalar multiplication. 2025-08-03T15:44:00+00:00 jsing 2025-08-03T15:44:00+00:00 urn:sha1:7037d4c7b0d5603ef79bf7e7f1b33c2cbbce89f2 Replace simplistic non-constant time scalar multiplication with a constant time version. This is actually faster since we compute multiples of the point, then double four times and add once. The multiple to add is selected conditionally, ensuring that the access patterns remain the same regardless of value. Inspired by Go's scalar multiplication code. ok tb@ Remove duplicate computation for b3. 2025-08-03T15:08:28+00:00 jsing 2025-08-03T15:08:28+00:00 urn:sha1:862ba5f367a460df8a40dceac15e0369f39cdddf Add prototype for EC_GFp_homogeneous_projective_method(). 2025-08-03T15:07:57+00:00 jsing 2025-08-03T15:07:57+00:00 urn:sha1:bf229b0023f2f085d216bc2e742c6b48c7afe2b9 Provide bn_mod_sqr_words() and call it from ec_field_element_sqr(). 2025-08-02T16:20:00+00:00 jsing 2025-08-02T16:20:00+00:00 urn:sha1:39d33c1bb185014e05def87e04f21103d92dc455 For now this still calls bn_montgomery_multiply_words(), however it can be optimised further in the future. Copy EC_FIELD_MODULUS/EC_FIELD_ELEMENTs when copying groups and points. 2025-08-02T15:47:27+00:00 jsing 2025-08-02T15:47:27+00:00 urn:sha1:ad3c9e6996dc8c88567319b6291785b4c0bb15c4 ok tb@ Provide constant time conditional selection between EC_FIELD_ELEMENTs. 2025-08-02T15:44:09+00:00 jsing 2025-08-02T15:44:09+00:00 urn:sha1:1c7727d98f4279760cde2908bbfe7e06b323c209 Provide a ec_field_element_select() function that allows for constant time conditional selection between two EC_FIELD_ELEMENTs. This will become a building block for constant time point multiplication. ok tb@ Fix resource leaks in ec_points_make_affine() 2025-06-01T03:23:33+00:00 tb 2025-06-01T03:23:33+00:00 urn:sha1:5df8087a42612332d095e39b6e5aa10e6a909eed Add missing BN_CTX_end() and free prod_Z. CID 552848 (for prod_Z) Remove bogus alias. 2025-05-25T05:43:33+00:00 jsing 2025-05-25T05:43:33+00:00 urn:sha1:093fd1537f471c36878b48ca845f9f073d7bce93 Provide an EC method that uses homogeneous projective coordinates. 2025-05-25T05:19:26+00:00 jsing 2025-05-25T05:19:26+00:00 urn:sha1:26512301343d2b40a68a67d4f4175ddec368d2fe This makes use of EC_FIELD_ELEMENT to perform fixed width constant time operations. Addition and doubling of points makes use of the formulas from "Complete addition formulas for prime order elliptic curves" (https://eprint.iacr.org/2015/1060). These are complete and operate in constant time. Further work will continue in tree. ok tb@