diff options
| author | tb <> | 2025-01-17 10:41:31 +0000 |
|---|---|---|
| committer | tb <> | 2025-01-17 10:41:31 +0000 |
| commit | 5f6cbb82de4f41896ca0b00942c7a2c7f8f3ed8f (patch) | |
| tree | e7daf836450fad948feaac96937c8aa5615fe6b6 | |
| parent | 2b683d542e3fd3eddb68600c2c38c58c6341a332 (diff) | |
| download | openbsd-5f6cbb82de4f41896ca0b00942c7a2c7f8f3ed8f.tar.gz openbsd-5f6cbb82de4f41896ca0b00942c7a2c7f8f3ed8f.tar.bz2 openbsd-5f6cbb82de4f41896ca0b00942c7a2c7f8f3ed8f.zip | |
ecp_methods: rework field_{mul,sqr}() handling
Add wrapper functions that call the methods so that we can get rid of
inconsistent use of ugly function pointers with massively overlong lines
and other ways of reaching into the methods.
ok jsing
| -rw-r--r-- | src/lib/libcrypto/ec/ecp_methods.c | 176 |
1 files changed, 83 insertions, 93 deletions
diff --git a/src/lib/libcrypto/ec/ecp_methods.c b/src/lib/libcrypto/ec/ecp_methods.c index 3809bf9928..69eab8120f 100644 --- a/src/lib/libcrypto/ec/ecp_methods.c +++ b/src/lib/libcrypto/ec/ecp_methods.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ecp_methods.c,v 1.36 2025/01/11 21:20:39 tb Exp $ */ | 1 | /* $OpenBSD: ecp_methods.c,v 1.37 2025/01/17 10:41:31 tb Exp $ */ |
| 2 | /* Includes code written by Lenka Fibikova <fibikova@exp-math.uni-essen.de> | 2 | /* Includes code written by Lenka Fibikova <fibikova@exp-math.uni-essen.de> |
| 3 | * for the OpenSSL project. | 3 | * for the OpenSSL project. |
| 4 | * Includes code written by Bodo Moeller for the OpenSSL project. | 4 | * Includes code written by Bodo Moeller for the OpenSSL project. |
| @@ -84,6 +84,19 @@ | |||
| 84 | * representation (i.e. 'encoding' means multiplying by some factor R). | 84 | * representation (i.e. 'encoding' means multiplying by some factor R). |
| 85 | */ | 85 | */ |
| 86 | 86 | ||
| 87 | static inline int | ||
| 88 | ec_field_mul(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, | ||
| 89 | BN_CTX *ctx) | ||
| 90 | { | ||
| 91 | return group->meth->field_mul(group, r, a, b, ctx); | ||
| 92 | } | ||
| 93 | |||
| 94 | static inline int | ||
| 95 | ec_field_sqr(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, BN_CTX *ctx) | ||
| 96 | { | ||
| 97 | return group->meth->field_sqr(group, r, a, ctx); | ||
| 98 | } | ||
| 99 | |||
| 87 | static int | 100 | static int |
| 88 | ec_decode_scalar(const EC_GROUP *group, BIGNUM *bn, const BIGNUM *x, BN_CTX *ctx) | 101 | ec_decode_scalar(const EC_GROUP *group, BIGNUM *bn, const BIGNUM *x, BN_CTX *ctx) |
| 89 | { | 102 | { |
| @@ -169,19 +182,13 @@ ec_group_get_curve(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b, | |||
| 169 | static int | 182 | static int |
| 170 | ec_point_is_on_curve(const EC_GROUP *group, const EC_POINT *point, BN_CTX *ctx) | 183 | ec_point_is_on_curve(const EC_GROUP *group, const EC_POINT *point, BN_CTX *ctx) |
| 171 | { | 184 | { |
| 172 | int (*field_mul) (const EC_GROUP *, BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *); | 185 | const BIGNUM *p = group->p; |
| 173 | int (*field_sqr) (const EC_GROUP *, BIGNUM *, const BIGNUM *, BN_CTX *); | ||
| 174 | const BIGNUM *p; | ||
| 175 | BIGNUM *rh, *tmp, *Z4, *Z6; | 186 | BIGNUM *rh, *tmp, *Z4, *Z6; |
| 176 | int ret = -1; | 187 | int ret = -1; |
| 177 | 188 | ||
| 178 | if (EC_POINT_is_at_infinity(group, point)) | 189 | if (EC_POINT_is_at_infinity(group, point)) |
| 179 | return 1; | 190 | return 1; |
| 180 | 191 | ||
| 181 | field_mul = group->meth->field_mul; | ||
| 182 | field_sqr = group->meth->field_sqr; | ||
| 183 | p = group->p; | ||
| 184 | |||
| 185 | BN_CTX_start(ctx); | 192 | BN_CTX_start(ctx); |
| 186 | 193 | ||
| 187 | if ((rh = BN_CTX_get(ctx)) == NULL) | 194 | if ((rh = BN_CTX_get(ctx)) == NULL) |
| @@ -201,15 +208,15 @@ ec_point_is_on_curve(const EC_GROUP *group, const EC_POINT *point, BN_CTX *ctx) | |||
| 201 | */ | 208 | */ |
| 202 | 209 | ||
| 203 | /* rh := X^2 */ | 210 | /* rh := X^2 */ |
| 204 | if (!field_sqr(group, rh, point->X, ctx)) | 211 | if (!ec_field_sqr(group, rh, point->X, ctx)) |
| 205 | goto err; | 212 | goto err; |
| 206 | 213 | ||
| 207 | if (!point->Z_is_one) { | 214 | if (!point->Z_is_one) { |
| 208 | if (!field_sqr(group, tmp, point->Z, ctx)) | 215 | if (!ec_field_sqr(group, tmp, point->Z, ctx)) |
| 209 | goto err; | 216 | goto err; |
| 210 | if (!field_sqr(group, Z4, tmp, ctx)) | 217 | if (!ec_field_sqr(group, Z4, tmp, ctx)) |
| 211 | goto err; | 218 | goto err; |
| 212 | if (!field_mul(group, Z6, Z4, tmp, ctx)) | 219 | if (!ec_field_mul(group, Z6, Z4, tmp, ctx)) |
| 213 | goto err; | 220 | goto err; |
| 214 | 221 | ||
| 215 | /* rh := (rh + a*Z^4)*X */ | 222 | /* rh := (rh + a*Z^4)*X */ |
| @@ -220,19 +227,19 @@ ec_point_is_on_curve(const EC_GROUP *group, const EC_POINT *point, BN_CTX *ctx) | |||
| 220 | goto err; | 227 | goto err; |
| 221 | if (!BN_mod_sub_quick(rh, rh, tmp, p)) | 228 | if (!BN_mod_sub_quick(rh, rh, tmp, p)) |
| 222 | goto err; | 229 | goto err; |
| 223 | if (!field_mul(group, rh, rh, point->X, ctx)) | 230 | if (!ec_field_mul(group, rh, rh, point->X, ctx)) |
| 224 | goto err; | 231 | goto err; |
| 225 | } else { | 232 | } else { |
| 226 | if (!field_mul(group, tmp, Z4, group->a, ctx)) | 233 | if (!ec_field_mul(group, tmp, Z4, group->a, ctx)) |
| 227 | goto err; | 234 | goto err; |
| 228 | if (!BN_mod_add_quick(rh, rh, tmp, p)) | 235 | if (!BN_mod_add_quick(rh, rh, tmp, p)) |
| 229 | goto err; | 236 | goto err; |
| 230 | if (!field_mul(group, rh, rh, point->X, ctx)) | 237 | if (!ec_field_mul(group, rh, rh, point->X, ctx)) |
| 231 | goto err; | 238 | goto err; |
| 232 | } | 239 | } |
| 233 | 240 | ||
| 234 | /* rh := rh + b*Z^6 */ | 241 | /* rh := rh + b*Z^6 */ |
| 235 | if (!field_mul(group, tmp, group->b, Z6, ctx)) | 242 | if (!ec_field_mul(group, tmp, group->b, Z6, ctx)) |
| 236 | goto err; | 243 | goto err; |
| 237 | if (!BN_mod_add_quick(rh, rh, tmp, p)) | 244 | if (!BN_mod_add_quick(rh, rh, tmp, p)) |
| 238 | goto err; | 245 | goto err; |
| @@ -242,7 +249,7 @@ ec_point_is_on_curve(const EC_GROUP *group, const EC_POINT *point, BN_CTX *ctx) | |||
| 242 | /* rh := (rh + a)*X */ | 249 | /* rh := (rh + a)*X */ |
| 243 | if (!BN_mod_add_quick(rh, rh, group->a, p)) | 250 | if (!BN_mod_add_quick(rh, rh, group->a, p)) |
| 244 | goto err; | 251 | goto err; |
| 245 | if (!field_mul(group, rh, rh, point->X, ctx)) | 252 | if (!ec_field_mul(group, rh, rh, point->X, ctx)) |
| 246 | goto err; | 253 | goto err; |
| 247 | /* rh := rh + b */ | 254 | /* rh := rh + b */ |
| 248 | if (!BN_mod_add_quick(rh, rh, group->b, p)) | 255 | if (!BN_mod_add_quick(rh, rh, group->b, p)) |
| @@ -250,7 +257,7 @@ ec_point_is_on_curve(const EC_GROUP *group, const EC_POINT *point, BN_CTX *ctx) | |||
| 250 | } | 257 | } |
| 251 | 258 | ||
| 252 | /* 'lh' := Y^2 */ | 259 | /* 'lh' := Y^2 */ |
| 253 | if (!field_sqr(group, tmp, point->Y, ctx)) | 260 | if (!ec_field_sqr(group, tmp, point->Y, ctx)) |
| 254 | goto err; | 261 | goto err; |
| 255 | 262 | ||
| 256 | ret = (0 == BN_ucmp(tmp, rh)); | 263 | ret = (0 == BN_ucmp(tmp, rh)); |
| @@ -269,8 +276,6 @@ static int | |||
| 269 | ec_point_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b, | 276 | ec_point_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b, |
| 270 | BN_CTX *ctx) | 277 | BN_CTX *ctx) |
| 271 | { | 278 | { |
| 272 | int (*field_mul) (const EC_GROUP *, BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *); | ||
| 273 | int (*field_sqr) (const EC_GROUP *, BIGNUM *, const BIGNUM *, BN_CTX *); | ||
| 274 | BIGNUM *tmp1, *tmp2, *Za23, *Zb23; | 279 | BIGNUM *tmp1, *tmp2, *Za23, *Zb23; |
| 275 | const BIGNUM *tmp1_, *tmp2_; | 280 | const BIGNUM *tmp1_, *tmp2_; |
| 276 | int ret = -1; | 281 | int ret = -1; |
| @@ -283,9 +288,6 @@ ec_point_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b, | |||
| 283 | if (a->Z_is_one && b->Z_is_one) | 288 | if (a->Z_is_one && b->Z_is_one) |
| 284 | return BN_cmp(a->X, b->X) != 0 || BN_cmp(a->Y, b->Y) != 0; | 289 | return BN_cmp(a->X, b->X) != 0 || BN_cmp(a->Y, b->Y) != 0; |
| 285 | 290 | ||
| 286 | field_mul = group->meth->field_mul; | ||
| 287 | field_sqr = group->meth->field_sqr; | ||
| 288 | |||
| 289 | BN_CTX_start(ctx); | 291 | BN_CTX_start(ctx); |
| 290 | 292 | ||
| 291 | if ((tmp1 = BN_CTX_get(ctx)) == NULL) | 293 | if ((tmp1 = BN_CTX_get(ctx)) == NULL) |
| @@ -303,17 +305,17 @@ ec_point_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b, | |||
| 303 | */ | 305 | */ |
| 304 | 306 | ||
| 305 | if (!b->Z_is_one) { | 307 | if (!b->Z_is_one) { |
| 306 | if (!field_sqr(group, Zb23, b->Z, ctx)) | 308 | if (!ec_field_sqr(group, Zb23, b->Z, ctx)) |
| 307 | goto end; | 309 | goto end; |
| 308 | if (!field_mul(group, tmp1, a->X, Zb23, ctx)) | 310 | if (!ec_field_mul(group, tmp1, a->X, Zb23, ctx)) |
| 309 | goto end; | 311 | goto end; |
| 310 | tmp1_ = tmp1; | 312 | tmp1_ = tmp1; |
| 311 | } else | 313 | } else |
| 312 | tmp1_ = a->X; | 314 | tmp1_ = a->X; |
| 313 | if (!a->Z_is_one) { | 315 | if (!a->Z_is_one) { |
| 314 | if (!field_sqr(group, Za23, a->Z, ctx)) | 316 | if (!ec_field_sqr(group, Za23, a->Z, ctx)) |
| 315 | goto end; | 317 | goto end; |
| 316 | if (!field_mul(group, tmp2, b->X, Za23, ctx)) | 318 | if (!ec_field_mul(group, tmp2, b->X, Za23, ctx)) |
| 317 | goto end; | 319 | goto end; |
| 318 | tmp2_ = tmp2; | 320 | tmp2_ = tmp2; |
| 319 | } else | 321 | } else |
| @@ -325,17 +327,17 @@ ec_point_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b, | |||
| 325 | goto end; | 327 | goto end; |
| 326 | } | 328 | } |
| 327 | if (!b->Z_is_one) { | 329 | if (!b->Z_is_one) { |
| 328 | if (!field_mul(group, Zb23, Zb23, b->Z, ctx)) | 330 | if (!ec_field_mul(group, Zb23, Zb23, b->Z, ctx)) |
| 329 | goto end; | 331 | goto end; |
| 330 | if (!field_mul(group, tmp1, a->Y, Zb23, ctx)) | 332 | if (!ec_field_mul(group, tmp1, a->Y, Zb23, ctx)) |
| 331 | goto end; | 333 | goto end; |
| 332 | /* tmp1_ = tmp1 */ | 334 | /* tmp1_ = tmp1 */ |
| 333 | } else | 335 | } else |
| 334 | tmp1_ = a->Y; | 336 | tmp1_ = a->Y; |
| 335 | if (!a->Z_is_one) { | 337 | if (!a->Z_is_one) { |
| 336 | if (!field_mul(group, Za23, Za23, a->Z, ctx)) | 338 | if (!ec_field_mul(group, Za23, Za23, a->Z, ctx)) |
| 337 | goto end; | 339 | goto end; |
| 338 | if (!field_mul(group, tmp2, b->Y, Za23, ctx)) | 340 | if (!ec_field_mul(group, tmp2, b->Y, Za23, ctx)) |
| 339 | goto end; | 341 | goto end; |
| 340 | /* tmp2_ = tmp2 */ | 342 | /* tmp2_ = tmp2 */ |
| 341 | } else | 343 | } else |
| @@ -602,10 +604,8 @@ static int | |||
| 602 | ec_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, const EC_POINT *b, | 604 | ec_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, const EC_POINT *b, |
| 603 | BN_CTX *ctx) | 605 | BN_CTX *ctx) |
| 604 | { | 606 | { |
| 605 | int (*field_mul) (const EC_GROUP *, BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *); | 607 | const BIGNUM *p = group->p; |
| 606 | int (*field_sqr) (const EC_GROUP *, BIGNUM *, const BIGNUM *, BN_CTX *); | ||
| 607 | BIGNUM *n0, *n1, *n2, *n3, *n4, *n5, *n6; | 608 | BIGNUM *n0, *n1, *n2, *n3, *n4, *n5, *n6; |
| 608 | const BIGNUM *p; | ||
| 609 | int ret = 0; | 609 | int ret = 0; |
| 610 | 610 | ||
| 611 | if (a == b) | 611 | if (a == b) |
| @@ -615,10 +615,6 @@ ec_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, const EC_POINT *b, | |||
| 615 | if (EC_POINT_is_at_infinity(group, b)) | 615 | if (EC_POINT_is_at_infinity(group, b)) |
| 616 | return EC_POINT_copy(r, a); | 616 | return EC_POINT_copy(r, a); |
| 617 | 617 | ||
| 618 | field_mul = group->meth->field_mul; | ||
| 619 | field_sqr = group->meth->field_sqr; | ||
| 620 | p = group->p; | ||
| 621 | |||
| 622 | BN_CTX_start(ctx); | 618 | BN_CTX_start(ctx); |
| 623 | 619 | ||
| 624 | if ((n0 = BN_CTX_get(ctx)) == NULL) | 620 | if ((n0 = BN_CTX_get(ctx)) == NULL) |
| @@ -651,15 +647,15 @@ ec_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, const EC_POINT *b, | |||
| 651 | /* n1 = X_a */ | 647 | /* n1 = X_a */ |
| 652 | /* n2 = Y_a */ | 648 | /* n2 = Y_a */ |
| 653 | } else { | 649 | } else { |
| 654 | if (!field_sqr(group, n0, b->Z, ctx)) | 650 | if (!ec_field_sqr(group, n0, b->Z, ctx)) |
| 655 | goto end; | 651 | goto end; |
| 656 | if (!field_mul(group, n1, a->X, n0, ctx)) | 652 | if (!ec_field_mul(group, n1, a->X, n0, ctx)) |
| 657 | goto end; | 653 | goto end; |
| 658 | /* n1 = X_a * Z_b^2 */ | 654 | /* n1 = X_a * Z_b^2 */ |
| 659 | 655 | ||
| 660 | if (!field_mul(group, n0, n0, b->Z, ctx)) | 656 | if (!ec_field_mul(group, n0, n0, b->Z, ctx)) |
| 661 | goto end; | 657 | goto end; |
| 662 | if (!field_mul(group, n2, a->Y, n0, ctx)) | 658 | if (!ec_field_mul(group, n2, a->Y, n0, ctx)) |
| 663 | goto end; | 659 | goto end; |
| 664 | /* n2 = Y_a * Z_b^3 */ | 660 | /* n2 = Y_a * Z_b^3 */ |
| 665 | } | 661 | } |
| @@ -673,15 +669,15 @@ ec_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, const EC_POINT *b, | |||
| 673 | /* n3 = X_b */ | 669 | /* n3 = X_b */ |
| 674 | /* n4 = Y_b */ | 670 | /* n4 = Y_b */ |
| 675 | } else { | 671 | } else { |
| 676 | if (!field_sqr(group, n0, a->Z, ctx)) | 672 | if (!ec_field_sqr(group, n0, a->Z, ctx)) |
| 677 | goto end; | 673 | goto end; |
| 678 | if (!field_mul(group, n3, b->X, n0, ctx)) | 674 | if (!ec_field_mul(group, n3, b->X, n0, ctx)) |
| 679 | goto end; | 675 | goto end; |
| 680 | /* n3 = X_b * Z_a^2 */ | 676 | /* n3 = X_b * Z_a^2 */ |
| 681 | 677 | ||
| 682 | if (!field_mul(group, n0, n0, a->Z, ctx)) | 678 | if (!ec_field_mul(group, n0, n0, a->Z, ctx)) |
| 683 | goto end; | 679 | goto end; |
| 684 | if (!field_mul(group, n4, b->Y, n0, ctx)) | 680 | if (!ec_field_mul(group, n4, b->Y, n0, ctx)) |
| 685 | goto end; | 681 | goto end; |
| 686 | /* n4 = Y_b * Z_a^3 */ | 682 | /* n4 = Y_b * Z_a^3 */ |
| 687 | } | 683 | } |
| @@ -729,21 +725,21 @@ ec_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, const EC_POINT *b, | |||
| 729 | if (!bn_copy(n0, a->Z)) | 725 | if (!bn_copy(n0, a->Z)) |
| 730 | goto end; | 726 | goto end; |
| 731 | } else { | 727 | } else { |
| 732 | if (!field_mul(group, n0, a->Z, b->Z, ctx)) | 728 | if (!ec_field_mul(group, n0, a->Z, b->Z, ctx)) |
| 733 | goto end; | 729 | goto end; |
| 734 | } | 730 | } |
| 735 | if (!field_mul(group, r->Z, n0, n5, ctx)) | 731 | if (!ec_field_mul(group, r->Z, n0, n5, ctx)) |
| 736 | goto end; | 732 | goto end; |
| 737 | } | 733 | } |
| 738 | r->Z_is_one = 0; | 734 | r->Z_is_one = 0; |
| 739 | /* Z_r = Z_a * Z_b * n5 */ | 735 | /* Z_r = Z_a * Z_b * n5 */ |
| 740 | 736 | ||
| 741 | /* X_r */ | 737 | /* X_r */ |
| 742 | if (!field_sqr(group, n0, n6, ctx)) | 738 | if (!ec_field_sqr(group, n0, n6, ctx)) |
| 743 | goto end; | 739 | goto end; |
| 744 | if (!field_sqr(group, n4, n5, ctx)) | 740 | if (!ec_field_sqr(group, n4, n5, ctx)) |
| 745 | goto end; | 741 | goto end; |
| 746 | if (!field_mul(group, n3, n1, n4, ctx)) | 742 | if (!ec_field_mul(group, n3, n1, n4, ctx)) |
| 747 | goto end; | 743 | goto end; |
| 748 | if (!BN_mod_sub_quick(r->X, n0, n3, p)) | 744 | if (!BN_mod_sub_quick(r->X, n0, n3, p)) |
| 749 | goto end; | 745 | goto end; |
| @@ -757,11 +753,11 @@ ec_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, const EC_POINT *b, | |||
| 757 | /* n9 = n5^2 * 'n7' - 2 * X_r */ | 753 | /* n9 = n5^2 * 'n7' - 2 * X_r */ |
| 758 | 754 | ||
| 759 | /* Y_r */ | 755 | /* Y_r */ |
| 760 | if (!field_mul(group, n0, n0, n6, ctx)) | 756 | if (!ec_field_mul(group, n0, n0, n6, ctx)) |
| 761 | goto end; | 757 | goto end; |
| 762 | if (!field_mul(group, n5, n4, n5, ctx)) | 758 | if (!ec_field_mul(group, n5, n4, n5, ctx)) |
| 763 | goto end; /* now n5 is n5^3 */ | 759 | goto end; /* now n5 is n5^3 */ |
| 764 | if (!field_mul(group, n1, n2, n5, ctx)) | 760 | if (!ec_field_mul(group, n1, n2, n5, ctx)) |
| 765 | goto end; | 761 | goto end; |
| 766 | if (!BN_mod_sub_quick(n0, n0, n1, p)) | 762 | if (!BN_mod_sub_quick(n0, n0, n1, p)) |
| 767 | goto end; | 763 | goto end; |
| @@ -784,19 +780,13 @@ ec_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, const EC_POINT *b, | |||
| 784 | static int | 780 | static int |
| 785 | ec_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, BN_CTX *ctx) | 781 | ec_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, BN_CTX *ctx) |
| 786 | { | 782 | { |
| 787 | int (*field_mul) (const EC_GROUP *, BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *); | 783 | const BIGNUM *p = group->p; |
| 788 | int (*field_sqr) (const EC_GROUP *, BIGNUM *, const BIGNUM *, BN_CTX *); | ||
| 789 | const BIGNUM *p; | ||
| 790 | BIGNUM *n0, *n1, *n2, *n3; | 784 | BIGNUM *n0, *n1, *n2, *n3; |
| 791 | int ret = 0; | 785 | int ret = 0; |
| 792 | 786 | ||
| 793 | if (EC_POINT_is_at_infinity(group, a)) | 787 | if (EC_POINT_is_at_infinity(group, a)) |
| 794 | return EC_POINT_set_to_infinity(group, r); | 788 | return EC_POINT_set_to_infinity(group, r); |
| 795 | 789 | ||
| 796 | field_mul = group->meth->field_mul; | ||
| 797 | field_sqr = group->meth->field_sqr; | ||
| 798 | p = group->p; | ||
| 799 | |||
| 800 | BN_CTX_start(ctx); | 790 | BN_CTX_start(ctx); |
| 801 | 791 | ||
| 802 | if ((n0 = BN_CTX_get(ctx)) == NULL) | 792 | if ((n0 = BN_CTX_get(ctx)) == NULL) |
| @@ -816,7 +806,7 @@ ec_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, BN_CTX *ctx) | |||
| 816 | 806 | ||
| 817 | /* n1 */ | 807 | /* n1 */ |
| 818 | if (a->Z_is_one) { | 808 | if (a->Z_is_one) { |
| 819 | if (!field_sqr(group, n0, a->X, ctx)) | 809 | if (!ec_field_sqr(group, n0, a->X, ctx)) |
| 820 | goto err; | 810 | goto err; |
| 821 | if (!BN_mod_lshift1_quick(n1, n0, p)) | 811 | if (!BN_mod_lshift1_quick(n1, n0, p)) |
| 822 | goto err; | 812 | goto err; |
| @@ -826,13 +816,13 @@ ec_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, BN_CTX *ctx) | |||
| 826 | goto err; | 816 | goto err; |
| 827 | /* n1 = 3 * X_a^2 + a_curve */ | 817 | /* n1 = 3 * X_a^2 + a_curve */ |
| 828 | } else if (group->a_is_minus3) { | 818 | } else if (group->a_is_minus3) { |
| 829 | if (!field_sqr(group, n1, a->Z, ctx)) | 819 | if (!ec_field_sqr(group, n1, a->Z, ctx)) |
| 830 | goto err; | 820 | goto err; |
| 831 | if (!BN_mod_add_quick(n0, a->X, n1, p)) | 821 | if (!BN_mod_add_quick(n0, a->X, n1, p)) |
| 832 | goto err; | 822 | goto err; |
| 833 | if (!BN_mod_sub_quick(n2, a->X, n1, p)) | 823 | if (!BN_mod_sub_quick(n2, a->X, n1, p)) |
| 834 | goto err; | 824 | goto err; |
| 835 | if (!field_mul(group, n1, n0, n2, ctx)) | 825 | if (!ec_field_mul(group, n1, n0, n2, ctx)) |
| 836 | goto err; | 826 | goto err; |
| 837 | if (!BN_mod_lshift1_quick(n0, n1, p)) | 827 | if (!BN_mod_lshift1_quick(n0, n1, p)) |
| 838 | goto err; | 828 | goto err; |
| @@ -843,17 +833,17 @@ ec_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, BN_CTX *ctx) | |||
| 843 | * Z_a^4 | 833 | * Z_a^4 |
| 844 | */ | 834 | */ |
| 845 | } else { | 835 | } else { |
| 846 | if (!field_sqr(group, n0, a->X, ctx)) | 836 | if (!ec_field_sqr(group, n0, a->X, ctx)) |
| 847 | goto err; | 837 | goto err; |
| 848 | if (!BN_mod_lshift1_quick(n1, n0, p)) | 838 | if (!BN_mod_lshift1_quick(n1, n0, p)) |
| 849 | goto err; | 839 | goto err; |
| 850 | if (!BN_mod_add_quick(n0, n0, n1, p)) | 840 | if (!BN_mod_add_quick(n0, n0, n1, p)) |
| 851 | goto err; | 841 | goto err; |
| 852 | if (!field_sqr(group, n1, a->Z, ctx)) | 842 | if (!ec_field_sqr(group, n1, a->Z, ctx)) |
| 853 | goto err; | 843 | goto err; |
| 854 | if (!field_sqr(group, n1, n1, ctx)) | 844 | if (!ec_field_sqr(group, n1, n1, ctx)) |
| 855 | goto err; | 845 | goto err; |
| 856 | if (!field_mul(group, n1, n1, group->a, ctx)) | 846 | if (!ec_field_mul(group, n1, n1, group->a, ctx)) |
| 857 | goto err; | 847 | goto err; |
| 858 | if (!BN_mod_add_quick(n1, n1, n0, p)) | 848 | if (!BN_mod_add_quick(n1, n1, n0, p)) |
| 859 | goto err; | 849 | goto err; |
| @@ -865,7 +855,7 @@ ec_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, BN_CTX *ctx) | |||
| 865 | if (!bn_copy(n0, a->Y)) | 855 | if (!bn_copy(n0, a->Y)) |
| 866 | goto err; | 856 | goto err; |
| 867 | } else { | 857 | } else { |
| 868 | if (!field_mul(group, n0, a->Y, a->Z, ctx)) | 858 | if (!ec_field_mul(group, n0, a->Y, a->Z, ctx)) |
| 869 | goto err; | 859 | goto err; |
| 870 | } | 860 | } |
| 871 | if (!BN_mod_lshift1_quick(r->Z, n0, p)) | 861 | if (!BN_mod_lshift1_quick(r->Z, n0, p)) |
| @@ -874,9 +864,9 @@ ec_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, BN_CTX *ctx) | |||
| 874 | /* Z_r = 2 * Y_a * Z_a */ | 864 | /* Z_r = 2 * Y_a * Z_a */ |
| 875 | 865 | ||
| 876 | /* n2 */ | 866 | /* n2 */ |
| 877 | if (!field_sqr(group, n3, a->Y, ctx)) | 867 | if (!ec_field_sqr(group, n3, a->Y, ctx)) |
| 878 | goto err; | 868 | goto err; |
| 879 | if (!field_mul(group, n2, a->X, n3, ctx)) | 869 | if (!ec_field_mul(group, n2, a->X, n3, ctx)) |
| 880 | goto err; | 870 | goto err; |
| 881 | if (!BN_mod_lshift_quick(n2, n2, 2, p)) | 871 | if (!BN_mod_lshift_quick(n2, n2, 2, p)) |
| 882 | goto err; | 872 | goto err; |
| @@ -885,14 +875,14 @@ ec_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, BN_CTX *ctx) | |||
| 885 | /* X_r */ | 875 | /* X_r */ |
| 886 | if (!BN_mod_lshift1_quick(n0, n2, p)) | 876 | if (!BN_mod_lshift1_quick(n0, n2, p)) |
| 887 | goto err; | 877 | goto err; |
| 888 | if (!field_sqr(group, r->X, n1, ctx)) | 878 | if (!ec_field_sqr(group, r->X, n1, ctx)) |
| 889 | goto err; | 879 | goto err; |
| 890 | if (!BN_mod_sub_quick(r->X, r->X, n0, p)) | 880 | if (!BN_mod_sub_quick(r->X, r->X, n0, p)) |
| 891 | goto err; | 881 | goto err; |
| 892 | /* X_r = n1^2 - 2 * n2 */ | 882 | /* X_r = n1^2 - 2 * n2 */ |
| 893 | 883 | ||
| 894 | /* n3 */ | 884 | /* n3 */ |
| 895 | if (!field_sqr(group, n0, n3, ctx)) | 885 | if (!ec_field_sqr(group, n0, n3, ctx)) |
| 896 | goto err; | 886 | goto err; |
| 897 | if (!BN_mod_lshift_quick(n3, n0, 3, p)) | 887 | if (!BN_mod_lshift_quick(n3, n0, 3, p)) |
| 898 | goto err; | 888 | goto err; |
| @@ -901,7 +891,7 @@ ec_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, BN_CTX *ctx) | |||
| 901 | /* Y_r */ | 891 | /* Y_r */ |
| 902 | if (!BN_mod_sub_quick(n0, n2, r->X, p)) | 892 | if (!BN_mod_sub_quick(n0, n2, r->X, p)) |
| 903 | goto err; | 893 | goto err; |
| 904 | if (!field_mul(group, n0, n1, n0, ctx)) | 894 | if (!ec_field_mul(group, n0, n1, n0, ctx)) |
| 905 | goto err; | 895 | goto err; |
| 906 | if (!BN_mod_sub_quick(r->Y, n0, n3, p)) | 896 | if (!BN_mod_sub_quick(r->Y, n0, n3, p)) |
| 907 | goto err; | 897 | goto err; |
| @@ -925,19 +915,6 @@ ec_invert(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx) | |||
| 925 | return BN_usub(point->Y, group->p, point->Y); | 915 | return BN_usub(point->Y, group->p, point->Y); |
| 926 | } | 916 | } |
| 927 | 917 | ||
| 928 | static int | ||
| 929 | ec_field_mul(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, | ||
| 930 | BN_CTX *ctx) | ||
| 931 | { | ||
| 932 | return BN_mod_mul(r, a, b, group->p, ctx); | ||
| 933 | } | ||
| 934 | |||
| 935 | static int | ||
| 936 | ec_field_sqr(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, BN_CTX *ctx) | ||
| 937 | { | ||
| 938 | return BN_mod_sqr(r, a, group->p, ctx); | ||
| 939 | } | ||
| 940 | |||
| 941 | /* | 918 | /* |
| 942 | * Apply randomization of EC point Jacobian projective coordinates: | 919 | * Apply randomization of EC point Jacobian projective coordinates: |
| 943 | * | 920 | * |
| @@ -967,7 +944,7 @@ ec_blind_coordinates(const EC_GROUP *group, EC_POINT *p, BN_CTX *ctx) | |||
| 967 | goto err; | 944 | goto err; |
| 968 | 945 | ||
| 969 | /* Z = lambda * Z */ | 946 | /* Z = lambda * Z */ |
| 970 | if (!group->meth->field_mul(group, p->Z, lambda, p->Z, ctx)) | 947 | if (!ec_field_mul(group, p->Z, lambda, p->Z, ctx)) |
| 971 | goto err; | 948 | goto err; |
| 972 | 949 | ||
| 973 | /* tmp = lambda^2 */ | 950 | /* tmp = lambda^2 */ |
| @@ -975,15 +952,15 @@ ec_blind_coordinates(const EC_GROUP *group, EC_POINT *p, BN_CTX *ctx) | |||
| 975 | goto err; | 952 | goto err; |
| 976 | 953 | ||
| 977 | /* X = lambda^2 * X */ | 954 | /* X = lambda^2 * X */ |
| 978 | if (!group->meth->field_mul(group, p->X, tmp, p->X, ctx)) | 955 | if (!ec_field_mul(group, p->X, tmp, p->X, ctx)) |
| 979 | goto err; | 956 | goto err; |
| 980 | 957 | ||
| 981 | /* tmp = lambda^3 */ | 958 | /* tmp = lambda^3 */ |
| 982 | if (!group->meth->field_mul(group, tmp, tmp, lambda, ctx)) | 959 | if (!ec_field_mul(group, tmp, tmp, lambda, ctx)) |
| 983 | goto err; | 960 | goto err; |
| 984 | 961 | ||
| 985 | /* Y = lambda^3 * Y */ | 962 | /* Y = lambda^3 * Y */ |
| 986 | if (!group->meth->field_mul(group, p->Y, tmp, p->Y, ctx)) | 963 | if (!ec_field_mul(group, p->Y, tmp, p->Y, ctx)) |
| 987 | goto err; | 964 | goto err; |
| 988 | 965 | ||
| 989 | /* Disable optimized arithmetics after replacing Z by lambda * Z. */ | 966 | /* Disable optimized arithmetics after replacing Z by lambda * Z. */ |
| @@ -1242,6 +1219,19 @@ ec_mul_double_nonct(const EC_GROUP *group, EC_POINT *r, const BIGNUM *g_scalar, | |||
| 1242 | } | 1219 | } |
| 1243 | 1220 | ||
| 1244 | static int | 1221 | static int |
| 1222 | ec_simple_field_mul(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, | ||
| 1223 | const BIGNUM *b, BN_CTX *ctx) | ||
| 1224 | { | ||
| 1225 | return BN_mod_mul(r, a, b, group->p, ctx); | ||
| 1226 | } | ||
| 1227 | |||
| 1228 | static int | ||
| 1229 | ec_simple_field_sqr(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, BN_CTX *ctx) | ||
| 1230 | { | ||
| 1231 | return BN_mod_sqr(r, a, group->p, ctx); | ||
| 1232 | } | ||
| 1233 | |||
| 1234 | static int | ||
| 1245 | ec_mont_group_set_curve(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, | 1235 | ec_mont_group_set_curve(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, |
| 1246 | const BIGNUM *b, BN_CTX *ctx) | 1236 | const BIGNUM *b, BN_CTX *ctx) |
| 1247 | { | 1237 | { |
| @@ -1333,8 +1323,8 @@ static const EC_METHOD ec_GFp_simple_method = { | |||
| 1333 | .mul_generator_ct = ec_mul_generator_ct, | 1323 | .mul_generator_ct = ec_mul_generator_ct, |
| 1334 | .mul_single_ct = ec_mul_single_ct, | 1324 | .mul_single_ct = ec_mul_single_ct, |
| 1335 | .mul_double_nonct = ec_mul_double_nonct, | 1325 | .mul_double_nonct = ec_mul_double_nonct, |
| 1336 | .field_mul = ec_field_mul, | 1326 | .field_mul = ec_simple_field_mul, |
| 1337 | .field_sqr = ec_field_sqr, | 1327 | .field_sqr = ec_simple_field_sqr, |
| 1338 | }; | 1328 | }; |
| 1339 | 1329 | ||
| 1340 | const EC_METHOD * | 1330 | const EC_METHOD * |