Implement EC field element operations.

Provide EC_FIELD_ELEMENT and EC_FIELD_MODULUS, which allow for operations on fixed width fields in constant time. These can in turn be used to implement Elliptic Curve cryptography for prime fields, without needing to use BN. This will improve the code, reduces timing leaks and enable further optimisation. ok beck@ tb@
author: jsing <> 2025-05-25 05:12:05 +0000
committer: jsing <> 2025-05-25 05:12:05 +0000
commit: 2f7bf75477a5741ad76c3c793c7ed887b41fcceb (patch)
tree: d2a89424948ea33ced8fe1bb82297f1988893a57 /src/lib/libcrypto/ec/ec_internal.h
parent: aada760c0a63cc97f8def7686fe6d76d3a3cc4d9 (diff)
download: openbsd-2f7bf75477a5741ad76c3c793c7ed887b41fcceb.tar.gz
openbsd-2f7bf75477a5741ad76c3c793c7ed887b41fcceb.tar.bz2
openbsd-2f7bf75477a5741ad76c3c793c7ed887b41fcceb.zip
1 files changed, 63 insertions, 0 deletions
diff --git a/src/lib/libcrypto/ec/ec_internal.h b/src/lib/libcrypto/ec/ec_internal.h
new file mode 100644
index 0000000000..29b447e8c9
--- /dev/null
+++ b/src/lib/libcrypto/ec/ec_internal.h
@@ -0,0 +1,63 @@
+/*      $OpenBSD: ec_internal.h,v 1.1 2025/05/25 05:12:05 jsing Exp $   */
+/*
+ * Copyright (c) 2024 Joel Sing <jsing@openbsd.org>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+#include <openssl/bn.h>
+#ifndef HEADER_EC_INTERNAL_H
+#define HEADER_EC_INTERNAL_H
+#define EC_FIELD_ELEMENT_MAX_BITS 521
+#define EC_FIELD_ELEMENT_MAX_BYTES \
+    (EC_FIELD_ELEMENT_MAX_BITS + 7) / 8
+#define EC_FIELD_ELEMENT_MAX_WORDS \
+    ((EC_FIELD_ELEMENT_MAX_BYTES + BN_BYTES - 1) / BN_BYTES)
+typedef struct {
+        BN_ULONG w[EC_FIELD_ELEMENT_MAX_WORDS];
+} EC_FIELD_ELEMENT;
+typedef struct {
+        size_t n;
+        EC_FIELD_ELEMENT m;
+        EC_FIELD_ELEMENT rr;
+        BN_ULONG minv0;
+} EC_FIELD_MODULUS;
+int ec_field_modulus_from_bn(EC_FIELD_MODULUS *fm, const BIGNUM *bn,
+    BN_CTX *ctx);
+int ec_field_element_from_bn(const EC_FIELD_MODULUS *fm, const EC_GROUP *group,
+    EC_FIELD_ELEMENT *fe, const BIGNUM *bn, BN_CTX *ctx);
+int ec_field_element_to_bn(const EC_FIELD_MODULUS *fm, const EC_FIELD_ELEMENT *fe,
+    BIGNUM *bn, BN_CTX *ctx);
+void ec_field_element_copy(EC_FIELD_ELEMENT *dst, const EC_FIELD_ELEMENT *src);
+int ec_field_element_equal(const EC_FIELD_MODULUS *fm, const EC_FIELD_ELEMENT *a,
+    const EC_FIELD_ELEMENT *b);
+int ec_field_element_is_zero(const EC_FIELD_MODULUS *fm, const EC_FIELD_ELEMENT *fe);
+void ec_field_element_add(const EC_FIELD_MODULUS *m, EC_FIELD_ELEMENT *r,
+    const EC_FIELD_ELEMENT *a, const EC_FIELD_ELEMENT *b);
+void ec_field_element_sub(const EC_FIELD_MODULUS *m, EC_FIELD_ELEMENT *r,
+    const EC_FIELD_ELEMENT *a, const EC_FIELD_ELEMENT *b);
+void ec_field_element_mul(const EC_FIELD_MODULUS *m, EC_FIELD_ELEMENT *r,
+    const EC_FIELD_ELEMENT *a, const EC_FIELD_ELEMENT *b);
+void ec_field_element_sqr(const EC_FIELD_MODULUS *m, EC_FIELD_ELEMENT *r,
+    const EC_FIELD_ELEMENT *a);
+#endif
author	jsing <>	2025-05-25 05:12:05 +0000
committer	jsing <>	2025-05-25 05:12:05 +0000
commit	2f7bf75477a5741ad76c3c793c7ed887b41fcceb (patch)
tree	d2a89424948ea33ced8fe1bb82297f1988893a57 /src/lib/libcrypto/ec/ec_internal.h
parent	aada760c0a63cc97f8def7686fe6d76d3a3cc4d9 (diff)
download	openbsd-2f7bf75477a5741ad76c3c793c7ed887b41fcceb.tar.gz openbsd-2f7bf75477a5741ad76c3c793c7ed887b41fcceb.tar.bz2 openbsd-2f7bf75477a5741ad76c3c793c7ed887b41fcceb.zip

diff --git a/src/lib/libcrypto/ec/ec_internal.h b/src/lib/libcrypto/ec/ec_internal.h new file mode 100644 index 0000000000..29b447e8c9 --- /dev/null +++ b/src/lib/libcrypto/ec/ec_internal.h
@@ -0,0 +1,63 @@
	1	/* $OpenBSD: ec_internal.h,v 1.1 2025/05/25 05:12:05 jsing Exp $ */
	2	/*
	3	* Copyright (c) 2024 Joel Sing <jsing@openbsd.org>
	4	*
	5	* Permission to use, copy, modify, and distribute this software for any
	6	* purpose with or without fee is hereby granted, provided that the above
	7	* copyright notice and this permission notice appear in all copies.
	8	*
	9	* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
	10	* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
	11	* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
	12	* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
	13	* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
	14	* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
	15	* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
	16	*/
	17
	18	#include <openssl/bn.h>
	19
	20	#ifndef HEADER_EC_INTERNAL_H
	21	#define HEADER_EC_INTERNAL_H
	22
	23	#define EC_FIELD_ELEMENT_MAX_BITS 521
	24	#define EC_FIELD_ELEMENT_MAX_BYTES \
	25	(EC_FIELD_ELEMENT_MAX_BITS + 7) / 8
	26	#define EC_FIELD_ELEMENT_MAX_WORDS \
	27	((EC_FIELD_ELEMENT_MAX_BYTES + BN_BYTES - 1) / BN_BYTES)
	28
	29	typedef struct {
	30	BN_ULONG w[EC_FIELD_ELEMENT_MAX_WORDS];
	31	} EC_FIELD_ELEMENT;
	32
	33	typedef struct {
	34	size_t n;
	35	EC_FIELD_ELEMENT m;
	36	EC_FIELD_ELEMENT rr;
	37	BN_ULONG minv0;
	38	} EC_FIELD_MODULUS;
	39
	40	int ec_field_modulus_from_bn(EC_FIELD_MODULUS fm, const BIGNUM bn,
	41	BN_CTX *ctx);
	42
	43	int ec_field_element_from_bn(const EC_FIELD_MODULUS fm, const EC_GROUP group,
	44	EC_FIELD_ELEMENT fe, const BIGNUM bn, BN_CTX *ctx);
	45	int ec_field_element_to_bn(const EC_FIELD_MODULUS fm, const EC_FIELD_ELEMENT fe,
	46	BIGNUM bn, BN_CTX ctx);
	47
	48	void ec_field_element_copy(EC_FIELD_ELEMENT dst, const EC_FIELD_ELEMENT src);
	49
	50	int ec_field_element_equal(const EC_FIELD_MODULUS fm, const EC_FIELD_ELEMENT a,
	51	const EC_FIELD_ELEMENT *b);
	52	int ec_field_element_is_zero(const EC_FIELD_MODULUS fm, const EC_FIELD_ELEMENT fe);
	53
	54	void ec_field_element_add(const EC_FIELD_MODULUS m, EC_FIELD_ELEMENT r,
	55	const EC_FIELD_ELEMENT a, const EC_FIELD_ELEMENT b);
	56	void ec_field_element_sub(const EC_FIELD_MODULUS m, EC_FIELD_ELEMENT r,
	57	const EC_FIELD_ELEMENT a, const EC_FIELD_ELEMENT b);
	58	void ec_field_element_mul(const EC_FIELD_MODULUS m, EC_FIELD_ELEMENT r,
	59	const EC_FIELD_ELEMENT a, const EC_FIELD_ELEMENT b);
	60	void ec_field_element_sqr(const EC_FIELD_MODULUS m, EC_FIELD_ELEMENT r,
	61	const EC_FIELD_ELEMENT *a);
	62
	63	#endif