summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--src/lib/libcrypto/ec/ecp_methods.c176
1 files changed, 83 insertions, 93 deletions
diff --git a/src/lib/libcrypto/ec/ecp_methods.c b/src/lib/libcrypto/ec/ecp_methods.c
index 3809bf9928..69eab8120f 100644
--- a/src/lib/libcrypto/ec/ecp_methods.c
+++ b/src/lib/libcrypto/ec/ecp_methods.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ecp_methods.c,v 1.36 2025/01/11 21:20:39 tb Exp $ */ 1/* $OpenBSD: ecp_methods.c,v 1.37 2025/01/17 10:41:31 tb Exp $ */
2/* Includes code written by Lenka Fibikova <fibikova@exp-math.uni-essen.de> 2/* Includes code written by Lenka Fibikova <fibikova@exp-math.uni-essen.de>
3 * for the OpenSSL project. 3 * for the OpenSSL project.
4 * Includes code written by Bodo Moeller for the OpenSSL project. 4 * Includes code written by Bodo Moeller for the OpenSSL project.
@@ -84,6 +84,19 @@
84 * representation (i.e. 'encoding' means multiplying by some factor R). 84 * representation (i.e. 'encoding' means multiplying by some factor R).
85 */ 85 */
86 86
87static inline int
88ec_field_mul(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
89 BN_CTX *ctx)
90{
91 return group->meth->field_mul(group, r, a, b, ctx);
92}
93
94static inline int
95ec_field_sqr(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, BN_CTX *ctx)
96{
97 return group->meth->field_sqr(group, r, a, ctx);
98}
99
87static int 100static int
88ec_decode_scalar(const EC_GROUP *group, BIGNUM *bn, const BIGNUM *x, BN_CTX *ctx) 101ec_decode_scalar(const EC_GROUP *group, BIGNUM *bn, const BIGNUM *x, BN_CTX *ctx)
89{ 102{
@@ -169,19 +182,13 @@ ec_group_get_curve(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b,
169static int 182static int
170ec_point_is_on_curve(const EC_GROUP *group, const EC_POINT *point, BN_CTX *ctx) 183ec_point_is_on_curve(const EC_GROUP *group, const EC_POINT *point, BN_CTX *ctx)
171{ 184{
172 int (*field_mul) (const EC_GROUP *, BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *); 185 const BIGNUM *p = group->p;
173 int (*field_sqr) (const EC_GROUP *, BIGNUM *, const BIGNUM *, BN_CTX *);
174 const BIGNUM *p;
175 BIGNUM *rh, *tmp, *Z4, *Z6; 186 BIGNUM *rh, *tmp, *Z4, *Z6;
176 int ret = -1; 187 int ret = -1;
177 188
178 if (EC_POINT_is_at_infinity(group, point)) 189 if (EC_POINT_is_at_infinity(group, point))
179 return 1; 190 return 1;
180 191
181 field_mul = group->meth->field_mul;
182 field_sqr = group->meth->field_sqr;
183 p = group->p;
184
185 BN_CTX_start(ctx); 192 BN_CTX_start(ctx);
186 193
187 if ((rh = BN_CTX_get(ctx)) == NULL) 194 if ((rh = BN_CTX_get(ctx)) == NULL)
@@ -201,15 +208,15 @@ ec_point_is_on_curve(const EC_GROUP *group, const EC_POINT *point, BN_CTX *ctx)
201 */ 208 */
202 209
203 /* rh := X^2 */ 210 /* rh := X^2 */
204 if (!field_sqr(group, rh, point->X, ctx)) 211 if (!ec_field_sqr(group, rh, point->X, ctx))
205 goto err; 212 goto err;
206 213
207 if (!point->Z_is_one) { 214 if (!point->Z_is_one) {
208 if (!field_sqr(group, tmp, point->Z, ctx)) 215 if (!ec_field_sqr(group, tmp, point->Z, ctx))
209 goto err; 216 goto err;
210 if (!field_sqr(group, Z4, tmp, ctx)) 217 if (!ec_field_sqr(group, Z4, tmp, ctx))
211 goto err; 218 goto err;
212 if (!field_mul(group, Z6, Z4, tmp, ctx)) 219 if (!ec_field_mul(group, Z6, Z4, tmp, ctx))
213 goto err; 220 goto err;
214 221
215 /* rh := (rh + a*Z^4)*X */ 222 /* rh := (rh + a*Z^4)*X */
@@ -220,19 +227,19 @@ ec_point_is_on_curve(const EC_GROUP *group, const EC_POINT *point, BN_CTX *ctx)
220 goto err; 227 goto err;
221 if (!BN_mod_sub_quick(rh, rh, tmp, p)) 228 if (!BN_mod_sub_quick(rh, rh, tmp, p))
222 goto err; 229 goto err;
223 if (!field_mul(group, rh, rh, point->X, ctx)) 230 if (!ec_field_mul(group, rh, rh, point->X, ctx))
224 goto err; 231 goto err;
225 } else { 232 } else {
226 if (!field_mul(group, tmp, Z4, group->a, ctx)) 233 if (!ec_field_mul(group, tmp, Z4, group->a, ctx))
227 goto err; 234 goto err;
228 if (!BN_mod_add_quick(rh, rh, tmp, p)) 235 if (!BN_mod_add_quick(rh, rh, tmp, p))
229 goto err; 236 goto err;
230 if (!field_mul(group, rh, rh, point->X, ctx)) 237 if (!ec_field_mul(group, rh, rh, point->X, ctx))
231 goto err; 238 goto err;
232 } 239 }
233 240
234 /* rh := rh + b*Z^6 */ 241 /* rh := rh + b*Z^6 */
235 if (!field_mul(group, tmp, group->b, Z6, ctx)) 242 if (!ec_field_mul(group, tmp, group->b, Z6, ctx))
236 goto err; 243 goto err;
237 if (!BN_mod_add_quick(rh, rh, tmp, p)) 244 if (!BN_mod_add_quick(rh, rh, tmp, p))
238 goto err; 245 goto err;
@@ -242,7 +249,7 @@ ec_point_is_on_curve(const EC_GROUP *group, const EC_POINT *point, BN_CTX *ctx)
242 /* rh := (rh + a)*X */ 249 /* rh := (rh + a)*X */
243 if (!BN_mod_add_quick(rh, rh, group->a, p)) 250 if (!BN_mod_add_quick(rh, rh, group->a, p))
244 goto err; 251 goto err;
245 if (!field_mul(group, rh, rh, point->X, ctx)) 252 if (!ec_field_mul(group, rh, rh, point->X, ctx))
246 goto err; 253 goto err;
247 /* rh := rh + b */ 254 /* rh := rh + b */
248 if (!BN_mod_add_quick(rh, rh, group->b, p)) 255 if (!BN_mod_add_quick(rh, rh, group->b, p))
@@ -250,7 +257,7 @@ ec_point_is_on_curve(const EC_GROUP *group, const EC_POINT *point, BN_CTX *ctx)
250 } 257 }
251 258
252 /* 'lh' := Y^2 */ 259 /* 'lh' := Y^2 */
253 if (!field_sqr(group, tmp, point->Y, ctx)) 260 if (!ec_field_sqr(group, tmp, point->Y, ctx))
254 goto err; 261 goto err;
255 262
256 ret = (0 == BN_ucmp(tmp, rh)); 263 ret = (0 == BN_ucmp(tmp, rh));
@@ -269,8 +276,6 @@ static int
269ec_point_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b, 276ec_point_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b,
270 BN_CTX *ctx) 277 BN_CTX *ctx)
271{ 278{
272 int (*field_mul) (const EC_GROUP *, BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *);
273 int (*field_sqr) (const EC_GROUP *, BIGNUM *, const BIGNUM *, BN_CTX *);
274 BIGNUM *tmp1, *tmp2, *Za23, *Zb23; 279 BIGNUM *tmp1, *tmp2, *Za23, *Zb23;
275 const BIGNUM *tmp1_, *tmp2_; 280 const BIGNUM *tmp1_, *tmp2_;
276 int ret = -1; 281 int ret = -1;
@@ -283,9 +288,6 @@ ec_point_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b,
283 if (a->Z_is_one && b->Z_is_one) 288 if (a->Z_is_one && b->Z_is_one)
284 return BN_cmp(a->X, b->X) != 0 || BN_cmp(a->Y, b->Y) != 0; 289 return BN_cmp(a->X, b->X) != 0 || BN_cmp(a->Y, b->Y) != 0;
285 290
286 field_mul = group->meth->field_mul;
287 field_sqr = group->meth->field_sqr;
288
289 BN_CTX_start(ctx); 291 BN_CTX_start(ctx);
290 292
291 if ((tmp1 = BN_CTX_get(ctx)) == NULL) 293 if ((tmp1 = BN_CTX_get(ctx)) == NULL)
@@ -303,17 +305,17 @@ ec_point_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b,
303 */ 305 */
304 306
305 if (!b->Z_is_one) { 307 if (!b->Z_is_one) {
306 if (!field_sqr(group, Zb23, b->Z, ctx)) 308 if (!ec_field_sqr(group, Zb23, b->Z, ctx))
307 goto end; 309 goto end;
308 if (!field_mul(group, tmp1, a->X, Zb23, ctx)) 310 if (!ec_field_mul(group, tmp1, a->X, Zb23, ctx))
309 goto end; 311 goto end;
310 tmp1_ = tmp1; 312 tmp1_ = tmp1;
311 } else 313 } else
312 tmp1_ = a->X; 314 tmp1_ = a->X;
313 if (!a->Z_is_one) { 315 if (!a->Z_is_one) {
314 if (!field_sqr(group, Za23, a->Z, ctx)) 316 if (!ec_field_sqr(group, Za23, a->Z, ctx))
315 goto end; 317 goto end;
316 if (!field_mul(group, tmp2, b->X, Za23, ctx)) 318 if (!ec_field_mul(group, tmp2, b->X, Za23, ctx))
317 goto end; 319 goto end;
318 tmp2_ = tmp2; 320 tmp2_ = tmp2;
319 } else 321 } else
@@ -325,17 +327,17 @@ ec_point_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b,
325 goto end; 327 goto end;
326 } 328 }
327 if (!b->Z_is_one) { 329 if (!b->Z_is_one) {
328 if (!field_mul(group, Zb23, Zb23, b->Z, ctx)) 330 if (!ec_field_mul(group, Zb23, Zb23, b->Z, ctx))
329 goto end; 331 goto end;
330 if (!field_mul(group, tmp1, a->Y, Zb23, ctx)) 332 if (!ec_field_mul(group, tmp1, a->Y, Zb23, ctx))
331 goto end; 333 goto end;
332 /* tmp1_ = tmp1 */ 334 /* tmp1_ = tmp1 */
333 } else 335 } else
334 tmp1_ = a->Y; 336 tmp1_ = a->Y;
335 if (!a->Z_is_one) { 337 if (!a->Z_is_one) {
336 if (!field_mul(group, Za23, Za23, a->Z, ctx)) 338 if (!ec_field_mul(group, Za23, Za23, a->Z, ctx))
337 goto end; 339 goto end;
338 if (!field_mul(group, tmp2, b->Y, Za23, ctx)) 340 if (!ec_field_mul(group, tmp2, b->Y, Za23, ctx))
339 goto end; 341 goto end;
340 /* tmp2_ = tmp2 */ 342 /* tmp2_ = tmp2 */
341 } else 343 } else
@@ -602,10 +604,8 @@ static int
602ec_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, const EC_POINT *b, 604ec_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, const EC_POINT *b,
603 BN_CTX *ctx) 605 BN_CTX *ctx)
604{ 606{
605 int (*field_mul) (const EC_GROUP *, BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *); 607 const BIGNUM *p = group->p;
606 int (*field_sqr) (const EC_GROUP *, BIGNUM *, const BIGNUM *, BN_CTX *);
607 BIGNUM *n0, *n1, *n2, *n3, *n4, *n5, *n6; 608 BIGNUM *n0, *n1, *n2, *n3, *n4, *n5, *n6;
608 const BIGNUM *p;
609 int ret = 0; 609 int ret = 0;
610 610
611 if (a == b) 611 if (a == b)
@@ -615,10 +615,6 @@ ec_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, const EC_POINT *b,
615 if (EC_POINT_is_at_infinity(group, b)) 615 if (EC_POINT_is_at_infinity(group, b))
616 return EC_POINT_copy(r, a); 616 return EC_POINT_copy(r, a);
617 617
618 field_mul = group->meth->field_mul;
619 field_sqr = group->meth->field_sqr;
620 p = group->p;
621
622 BN_CTX_start(ctx); 618 BN_CTX_start(ctx);
623 619
624 if ((n0 = BN_CTX_get(ctx)) == NULL) 620 if ((n0 = BN_CTX_get(ctx)) == NULL)
@@ -651,15 +647,15 @@ ec_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, const EC_POINT *b,
651 /* n1 = X_a */ 647 /* n1 = X_a */
652 /* n2 = Y_a */ 648 /* n2 = Y_a */
653 } else { 649 } else {
654 if (!field_sqr(group, n0, b->Z, ctx)) 650 if (!ec_field_sqr(group, n0, b->Z, ctx))
655 goto end; 651 goto end;
656 if (!field_mul(group, n1, a->X, n0, ctx)) 652 if (!ec_field_mul(group, n1, a->X, n0, ctx))
657 goto end; 653 goto end;
658 /* n1 = X_a * Z_b^2 */ 654 /* n1 = X_a * Z_b^2 */
659 655
660 if (!field_mul(group, n0, n0, b->Z, ctx)) 656 if (!ec_field_mul(group, n0, n0, b->Z, ctx))
661 goto end; 657 goto end;
662 if (!field_mul(group, n2, a->Y, n0, ctx)) 658 if (!ec_field_mul(group, n2, a->Y, n0, ctx))
663 goto end; 659 goto end;
664 /* n2 = Y_a * Z_b^3 */ 660 /* n2 = Y_a * Z_b^3 */
665 } 661 }
@@ -673,15 +669,15 @@ ec_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, const EC_POINT *b,
673 /* n3 = X_b */ 669 /* n3 = X_b */
674 /* n4 = Y_b */ 670 /* n4 = Y_b */
675 } else { 671 } else {
676 if (!field_sqr(group, n0, a->Z, ctx)) 672 if (!ec_field_sqr(group, n0, a->Z, ctx))
677 goto end; 673 goto end;
678 if (!field_mul(group, n3, b->X, n0, ctx)) 674 if (!ec_field_mul(group, n3, b->X, n0, ctx))
679 goto end; 675 goto end;
680 /* n3 = X_b * Z_a^2 */ 676 /* n3 = X_b * Z_a^2 */
681 677
682 if (!field_mul(group, n0, n0, a->Z, ctx)) 678 if (!ec_field_mul(group, n0, n0, a->Z, ctx))
683 goto end; 679 goto end;
684 if (!field_mul(group, n4, b->Y, n0, ctx)) 680 if (!ec_field_mul(group, n4, b->Y, n0, ctx))
685 goto end; 681 goto end;
686 /* n4 = Y_b * Z_a^3 */ 682 /* n4 = Y_b * Z_a^3 */
687 } 683 }
@@ -729,21 +725,21 @@ ec_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, const EC_POINT *b,
729 if (!bn_copy(n0, a->Z)) 725 if (!bn_copy(n0, a->Z))
730 goto end; 726 goto end;
731 } else { 727 } else {
732 if (!field_mul(group, n0, a->Z, b->Z, ctx)) 728 if (!ec_field_mul(group, n0, a->Z, b->Z, ctx))
733 goto end; 729 goto end;
734 } 730 }
735 if (!field_mul(group, r->Z, n0, n5, ctx)) 731 if (!ec_field_mul(group, r->Z, n0, n5, ctx))
736 goto end; 732 goto end;
737 } 733 }
738 r->Z_is_one = 0; 734 r->Z_is_one = 0;
739 /* Z_r = Z_a * Z_b * n5 */ 735 /* Z_r = Z_a * Z_b * n5 */
740 736
741 /* X_r */ 737 /* X_r */
742 if (!field_sqr(group, n0, n6, ctx)) 738 if (!ec_field_sqr(group, n0, n6, ctx))
743 goto end; 739 goto end;
744 if (!field_sqr(group, n4, n5, ctx)) 740 if (!ec_field_sqr(group, n4, n5, ctx))
745 goto end; 741 goto end;
746 if (!field_mul(group, n3, n1, n4, ctx)) 742 if (!ec_field_mul(group, n3, n1, n4, ctx))
747 goto end; 743 goto end;
748 if (!BN_mod_sub_quick(r->X, n0, n3, p)) 744 if (!BN_mod_sub_quick(r->X, n0, n3, p))
749 goto end; 745 goto end;
@@ -757,11 +753,11 @@ ec_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, const EC_POINT *b,
757 /* n9 = n5^2 * 'n7' - 2 * X_r */ 753 /* n9 = n5^2 * 'n7' - 2 * X_r */
758 754
759 /* Y_r */ 755 /* Y_r */
760 if (!field_mul(group, n0, n0, n6, ctx)) 756 if (!ec_field_mul(group, n0, n0, n6, ctx))
761 goto end; 757 goto end;
762 if (!field_mul(group, n5, n4, n5, ctx)) 758 if (!ec_field_mul(group, n5, n4, n5, ctx))
763 goto end; /* now n5 is n5^3 */ 759 goto end; /* now n5 is n5^3 */
764 if (!field_mul(group, n1, n2, n5, ctx)) 760 if (!ec_field_mul(group, n1, n2, n5, ctx))
765 goto end; 761 goto end;
766 if (!BN_mod_sub_quick(n0, n0, n1, p)) 762 if (!BN_mod_sub_quick(n0, n0, n1, p))
767 goto end; 763 goto end;
@@ -784,19 +780,13 @@ ec_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, const EC_POINT *b,
784static int 780static int
785ec_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, BN_CTX *ctx) 781ec_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, BN_CTX *ctx)
786{ 782{
787 int (*field_mul) (const EC_GROUP *, BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *); 783 const BIGNUM *p = group->p;
788 int (*field_sqr) (const EC_GROUP *, BIGNUM *, const BIGNUM *, BN_CTX *);
789 const BIGNUM *p;
790 BIGNUM *n0, *n1, *n2, *n3; 784 BIGNUM *n0, *n1, *n2, *n3;
791 int ret = 0; 785 int ret = 0;
792 786
793 if (EC_POINT_is_at_infinity(group, a)) 787 if (EC_POINT_is_at_infinity(group, a))
794 return EC_POINT_set_to_infinity(group, r); 788 return EC_POINT_set_to_infinity(group, r);
795 789
796 field_mul = group->meth->field_mul;
797 field_sqr = group->meth->field_sqr;
798 p = group->p;
799
800 BN_CTX_start(ctx); 790 BN_CTX_start(ctx);
801 791
802 if ((n0 = BN_CTX_get(ctx)) == NULL) 792 if ((n0 = BN_CTX_get(ctx)) == NULL)
@@ -816,7 +806,7 @@ ec_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, BN_CTX *ctx)
816 806
817 /* n1 */ 807 /* n1 */
818 if (a->Z_is_one) { 808 if (a->Z_is_one) {
819 if (!field_sqr(group, n0, a->X, ctx)) 809 if (!ec_field_sqr(group, n0, a->X, ctx))
820 goto err; 810 goto err;
821 if (!BN_mod_lshift1_quick(n1, n0, p)) 811 if (!BN_mod_lshift1_quick(n1, n0, p))
822 goto err; 812 goto err;
@@ -826,13 +816,13 @@ ec_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, BN_CTX *ctx)
826 goto err; 816 goto err;
827 /* n1 = 3 * X_a^2 + a_curve */ 817 /* n1 = 3 * X_a^2 + a_curve */
828 } else if (group->a_is_minus3) { 818 } else if (group->a_is_minus3) {
829 if (!field_sqr(group, n1, a->Z, ctx)) 819 if (!ec_field_sqr(group, n1, a->Z, ctx))
830 goto err; 820 goto err;
831 if (!BN_mod_add_quick(n0, a->X, n1, p)) 821 if (!BN_mod_add_quick(n0, a->X, n1, p))
832 goto err; 822 goto err;
833 if (!BN_mod_sub_quick(n2, a->X, n1, p)) 823 if (!BN_mod_sub_quick(n2, a->X, n1, p))
834 goto err; 824 goto err;
835 if (!field_mul(group, n1, n0, n2, ctx)) 825 if (!ec_field_mul(group, n1, n0, n2, ctx))
836 goto err; 826 goto err;
837 if (!BN_mod_lshift1_quick(n0, n1, p)) 827 if (!BN_mod_lshift1_quick(n0, n1, p))
838 goto err; 828 goto err;
@@ -843,17 +833,17 @@ ec_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, BN_CTX *ctx)
843 * Z_a^4 833 * Z_a^4
844 */ 834 */
845 } else { 835 } else {
846 if (!field_sqr(group, n0, a->X, ctx)) 836 if (!ec_field_sqr(group, n0, a->X, ctx))
847 goto err; 837 goto err;
848 if (!BN_mod_lshift1_quick(n1, n0, p)) 838 if (!BN_mod_lshift1_quick(n1, n0, p))
849 goto err; 839 goto err;
850 if (!BN_mod_add_quick(n0, n0, n1, p)) 840 if (!BN_mod_add_quick(n0, n0, n1, p))
851 goto err; 841 goto err;
852 if (!field_sqr(group, n1, a->Z, ctx)) 842 if (!ec_field_sqr(group, n1, a->Z, ctx))
853 goto err; 843 goto err;
854 if (!field_sqr(group, n1, n1, ctx)) 844 if (!ec_field_sqr(group, n1, n1, ctx))
855 goto err; 845 goto err;
856 if (!field_mul(group, n1, n1, group->a, ctx)) 846 if (!ec_field_mul(group, n1, n1, group->a, ctx))
857 goto err; 847 goto err;
858 if (!BN_mod_add_quick(n1, n1, n0, p)) 848 if (!BN_mod_add_quick(n1, n1, n0, p))
859 goto err; 849 goto err;
@@ -865,7 +855,7 @@ ec_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, BN_CTX *ctx)
865 if (!bn_copy(n0, a->Y)) 855 if (!bn_copy(n0, a->Y))
866 goto err; 856 goto err;
867 } else { 857 } else {
868 if (!field_mul(group, n0, a->Y, a->Z, ctx)) 858 if (!ec_field_mul(group, n0, a->Y, a->Z, ctx))
869 goto err; 859 goto err;
870 } 860 }
871 if (!BN_mod_lshift1_quick(r->Z, n0, p)) 861 if (!BN_mod_lshift1_quick(r->Z, n0, p))
@@ -874,9 +864,9 @@ ec_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, BN_CTX *ctx)
874 /* Z_r = 2 * Y_a * Z_a */ 864 /* Z_r = 2 * Y_a * Z_a */
875 865
876 /* n2 */ 866 /* n2 */
877 if (!field_sqr(group, n3, a->Y, ctx)) 867 if (!ec_field_sqr(group, n3, a->Y, ctx))
878 goto err; 868 goto err;
879 if (!field_mul(group, n2, a->X, n3, ctx)) 869 if (!ec_field_mul(group, n2, a->X, n3, ctx))
880 goto err; 870 goto err;
881 if (!BN_mod_lshift_quick(n2, n2, 2, p)) 871 if (!BN_mod_lshift_quick(n2, n2, 2, p))
882 goto err; 872 goto err;
@@ -885,14 +875,14 @@ ec_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, BN_CTX *ctx)
885 /* X_r */ 875 /* X_r */
886 if (!BN_mod_lshift1_quick(n0, n2, p)) 876 if (!BN_mod_lshift1_quick(n0, n2, p))
887 goto err; 877 goto err;
888 if (!field_sqr(group, r->X, n1, ctx)) 878 if (!ec_field_sqr(group, r->X, n1, ctx))
889 goto err; 879 goto err;
890 if (!BN_mod_sub_quick(r->X, r->X, n0, p)) 880 if (!BN_mod_sub_quick(r->X, r->X, n0, p))
891 goto err; 881 goto err;
892 /* X_r = n1^2 - 2 * n2 */ 882 /* X_r = n1^2 - 2 * n2 */
893 883
894 /* n3 */ 884 /* n3 */
895 if (!field_sqr(group, n0, n3, ctx)) 885 if (!ec_field_sqr(group, n0, n3, ctx))
896 goto err; 886 goto err;
897 if (!BN_mod_lshift_quick(n3, n0, 3, p)) 887 if (!BN_mod_lshift_quick(n3, n0, 3, p))
898 goto err; 888 goto err;
@@ -901,7 +891,7 @@ ec_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, BN_CTX *ctx)
901 /* Y_r */ 891 /* Y_r */
902 if (!BN_mod_sub_quick(n0, n2, r->X, p)) 892 if (!BN_mod_sub_quick(n0, n2, r->X, p))
903 goto err; 893 goto err;
904 if (!field_mul(group, n0, n1, n0, ctx)) 894 if (!ec_field_mul(group, n0, n1, n0, ctx))
905 goto err; 895 goto err;
906 if (!BN_mod_sub_quick(r->Y, n0, n3, p)) 896 if (!BN_mod_sub_quick(r->Y, n0, n3, p))
907 goto err; 897 goto err;
@@ -925,19 +915,6 @@ ec_invert(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx)
925 return BN_usub(point->Y, group->p, point->Y); 915 return BN_usub(point->Y, group->p, point->Y);
926} 916}
927 917
928static int
929ec_field_mul(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
930 BN_CTX *ctx)
931{
932 return BN_mod_mul(r, a, b, group->p, ctx);
933}
934
935static int
936ec_field_sqr(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, BN_CTX *ctx)
937{
938 return BN_mod_sqr(r, a, group->p, ctx);
939}
940
941/* 918/*
942 * Apply randomization of EC point Jacobian projective coordinates: 919 * Apply randomization of EC point Jacobian projective coordinates:
943 * 920 *
@@ -967,7 +944,7 @@ ec_blind_coordinates(const EC_GROUP *group, EC_POINT *p, BN_CTX *ctx)
967 goto err; 944 goto err;
968 945
969 /* Z = lambda * Z */ 946 /* Z = lambda * Z */
970 if (!group->meth->field_mul(group, p->Z, lambda, p->Z, ctx)) 947 if (!ec_field_mul(group, p->Z, lambda, p->Z, ctx))
971 goto err; 948 goto err;
972 949
973 /* tmp = lambda^2 */ 950 /* tmp = lambda^2 */
@@ -975,15 +952,15 @@ ec_blind_coordinates(const EC_GROUP *group, EC_POINT *p, BN_CTX *ctx)
975 goto err; 952 goto err;
976 953
977 /* X = lambda^2 * X */ 954 /* X = lambda^2 * X */
978 if (!group->meth->field_mul(group, p->X, tmp, p->X, ctx)) 955 if (!ec_field_mul(group, p->X, tmp, p->X, ctx))
979 goto err; 956 goto err;
980 957
981 /* tmp = lambda^3 */ 958 /* tmp = lambda^3 */
982 if (!group->meth->field_mul(group, tmp, tmp, lambda, ctx)) 959 if (!ec_field_mul(group, tmp, tmp, lambda, ctx))
983 goto err; 960 goto err;
984 961
985 /* Y = lambda^3 * Y */ 962 /* Y = lambda^3 * Y */
986 if (!group->meth->field_mul(group, p->Y, tmp, p->Y, ctx)) 963 if (!ec_field_mul(group, p->Y, tmp, p->Y, ctx))
987 goto err; 964 goto err;
988 965
989 /* Disable optimized arithmetics after replacing Z by lambda * Z. */ 966 /* Disable optimized arithmetics after replacing Z by lambda * Z. */
@@ -1242,6 +1219,19 @@ ec_mul_double_nonct(const EC_GROUP *group, EC_POINT *r, const BIGNUM *g_scalar,
1242} 1219}
1243 1220
1244static int 1221static int
1222ec_simple_field_mul(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a,
1223 const BIGNUM *b, BN_CTX *ctx)
1224{
1225 return BN_mod_mul(r, a, b, group->p, ctx);
1226}
1227
1228static int
1229ec_simple_field_sqr(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, BN_CTX *ctx)
1230{
1231 return BN_mod_sqr(r, a, group->p, ctx);
1232}
1233
1234static int
1245ec_mont_group_set_curve(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, 1235ec_mont_group_set_curve(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a,
1246 const BIGNUM *b, BN_CTX *ctx) 1236 const BIGNUM *b, BN_CTX *ctx)
1247{ 1237{
@@ -1333,8 +1323,8 @@ static const EC_METHOD ec_GFp_simple_method = {
1333 .mul_generator_ct = ec_mul_generator_ct, 1323 .mul_generator_ct = ec_mul_generator_ct,
1334 .mul_single_ct = ec_mul_single_ct, 1324 .mul_single_ct = ec_mul_single_ct,
1335 .mul_double_nonct = ec_mul_double_nonct, 1325 .mul_double_nonct = ec_mul_double_nonct,
1336 .field_mul = ec_field_mul, 1326 .field_mul = ec_simple_field_mul,
1337 .field_sqr = ec_field_sqr, 1327 .field_sqr = ec_simple_field_sqr,
1338}; 1328};
1339 1329
1340const EC_METHOD * 1330const EC_METHOD *
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-21 15:42:09 +0000