summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/lib/libcrypto/ec/ec2_smpl.c3
-rw-r--r--src/lib/libcrypto/ec/ec_lcl.h5
-rw-r--r--src/lib/libcrypto/ec/ec_lib.c19
-rw-r--r--src/lib/libcrypto/ec/ecp_mont.c5
-rw-r--r--src/lib/libcrypto/ec/ecp_nist.c5
-rw-r--r--src/lib/libcrypto/ec/ecp_nistp224.c5
-rw-r--r--src/lib/libcrypto/ec/ecp_nistp256.c5
-rw-r--r--src/lib/libcrypto/ec/ecp_nistp521.c5
-rw-r--r--src/lib/libcrypto/ec/ecp_nistz256.c5
-rw-r--r--src/lib/libcrypto/ec/ecp_smpl.c71
10 files changed, 110 insertions, 18 deletions
diff --git a/src/lib/libcrypto/ec/ec2_smpl.c b/src/lib/libcrypto/ec/ec2_smpl.c
index 1ca04194b3..936cee4898 100644
--- a/src/lib/libcrypto/ec/ec2_smpl.c
+++ b/src/lib/libcrypto/ec/ec2_smpl.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ec2_smpl.c,v 1.20 2018/07/16 17:32:39 tb Exp $ */ 1/* $OpenBSD: ec2_smpl.c,v 1.21 2018/11/05 20:18:21 tb Exp $ */
2/* ==================================================================== 2/* ====================================================================
3 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED. 3 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
4 * 4 *
@@ -115,6 +115,7 @@ EC_GF2m_simple_method(void)
115 .field_mul = ec_GF2m_simple_field_mul, 115 .field_mul = ec_GF2m_simple_field_mul,
116 .field_sqr = ec_GF2m_simple_field_sqr, 116 .field_sqr = ec_GF2m_simple_field_sqr,
117 .field_div = ec_GF2m_simple_field_div, 117 .field_div = ec_GF2m_simple_field_div,
118 .blind_coordinates = NULL,
118 }; 119 };
119 120
120 return &ret; 121 return &ret;
diff --git a/src/lib/libcrypto/ec/ec_lcl.h b/src/lib/libcrypto/ec/ec_lcl.h
index e430b3f64d..c177246f36 100644
--- a/src/lib/libcrypto/ec/ec_lcl.h
+++ b/src/lib/libcrypto/ec/ec_lcl.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: ec_lcl.h,v 1.10 2018/07/16 17:32:39 tb Exp $ */ 1/* $OpenBSD: ec_lcl.h,v 1.11 2018/11/05 20:18:21 tb Exp $ */
2/* 2/*
3 * Originally written by Bodo Moeller for the OpenSSL project. 3 * Originally written by Bodo Moeller for the OpenSSL project.
4 */ 4 */
@@ -182,6 +182,7 @@ struct ec_method_st {
182 int (*field_encode)(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *); /* e.g. to Montgomery */ 182 int (*field_encode)(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *); /* e.g. to Montgomery */
183 int (*field_decode)(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *); /* e.g. from Montgomery */ 183 int (*field_decode)(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *); /* e.g. from Montgomery */
184 int (*field_set_to_one)(const EC_GROUP *, BIGNUM *r, BN_CTX *); 184 int (*field_set_to_one)(const EC_GROUP *, BIGNUM *r, BN_CTX *);
185 int (*blind_coordinates)(const EC_GROUP *group, EC_POINT *p, BN_CTX *ctx);
185} /* EC_METHOD */; 186} /* EC_METHOD */;
186 187
187typedef struct ec_extra_data_st { 188typedef struct ec_extra_data_st {
@@ -339,6 +340,7 @@ int ec_GFp_simple_make_affine(const EC_GROUP *, EC_POINT *, BN_CTX *);
339int ec_GFp_simple_points_make_affine(const EC_GROUP *, size_t num, EC_POINT *[], BN_CTX *); 340int ec_GFp_simple_points_make_affine(const EC_GROUP *, size_t num, EC_POINT *[], BN_CTX *);
340int ec_GFp_simple_field_mul(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *); 341int ec_GFp_simple_field_mul(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *);
341int ec_GFp_simple_field_sqr(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *); 342int ec_GFp_simple_field_sqr(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *);
343int ec_GFp_simple_blind_coordinates(const EC_GROUP *group, EC_POINT *p, BN_CTX *ctx);
342int ec_GFp_simple_mul_generator_ct(const EC_GROUP *, EC_POINT *r, const BIGNUM *scalar, BN_CTX *); 344int ec_GFp_simple_mul_generator_ct(const EC_GROUP *, EC_POINT *r, const BIGNUM *scalar, BN_CTX *);
343int ec_GFp_simple_mul_single_ct(const EC_GROUP *, EC_POINT *r, const BIGNUM *scalar, 345int ec_GFp_simple_mul_single_ct(const EC_GROUP *, EC_POINT *r, const BIGNUM *scalar,
344 const EC_POINT *point, BN_CTX *); 346 const EC_POINT *point, BN_CTX *);
@@ -358,6 +360,7 @@ int ec_GFp_mont_field_encode(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CT
358int ec_GFp_mont_field_decode(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *); 360int ec_GFp_mont_field_decode(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *);
359int ec_GFp_mont_field_set_to_one(const EC_GROUP *, BIGNUM *r, BN_CTX *); 361int ec_GFp_mont_field_set_to_one(const EC_GROUP *, BIGNUM *r, BN_CTX *);
360 362
363int ec_point_blind_coordinates(const EC_GROUP *group, EC_POINT *p, BN_CTX *ctx);
361 364
362/* method functions in ecp_nist.c */ 365/* method functions in ecp_nist.c */
363int ec_GFp_nist_group_copy(EC_GROUP *dest, const EC_GROUP *src); 366int ec_GFp_nist_group_copy(EC_GROUP *dest, const EC_GROUP *src);
diff --git a/src/lib/libcrypto/ec/ec_lib.c b/src/lib/libcrypto/ec/ec_lib.c
index 7e0ea017f9..bf2f652fc7 100644
--- a/src/lib/libcrypto/ec/ec_lib.c
+++ b/src/lib/libcrypto/ec/ec_lib.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ec_lib.c,v 1.29 2018/07/16 17:32:39 tb Exp $ */ 1/* $OpenBSD: ec_lib.c,v 1.30 2018/11/05 20:18:21 tb Exp $ */
2/* 2/*
3 * Originally written by Bodo Moeller for the OpenSSL project. 3 * Originally written by Bodo Moeller for the OpenSSL project.
4 */ 4 */
@@ -533,6 +533,23 @@ EC_GROUP_cmp(const EC_GROUP * a, const EC_GROUP * b, BN_CTX * ctx)
533 return -1; 533 return -1;
534} 534}
535 535
536/*
537 * Coordinate blinding for EC_POINT.
538 *
539 * The underlying EC_METHOD can optionally implement this function:
540 * underlying implementations should return 0 on errors, or 1 on success.
541 *
542 * This wrapper returns 1 in case the underlying EC_METHOD does not support
543 * coordinate blinding.
544 */
545int
546ec_point_blind_coordinates(const EC_GROUP *group, EC_POINT *p, BN_CTX *ctx)
547{
548 if (group->meth->blind_coordinates == NULL)
549 return 1;
550
551 return group->meth->blind_coordinates(group, p, ctx);
552}
536 553
537/* this has 'package' visibility */ 554/* this has 'package' visibility */
538int 555int
diff --git a/src/lib/libcrypto/ec/ecp_mont.c b/src/lib/libcrypto/ec/ecp_mont.c
index ba4b9cad97..f4dff9aa46 100644
--- a/src/lib/libcrypto/ec/ecp_mont.c
+++ b/src/lib/libcrypto/ec/ecp_mont.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ecp_mont.c,v 1.16 2018/07/16 17:32:39 tb Exp $ */ 1/* $OpenBSD: ecp_mont.c,v 1.17 2018/11/05 20:18:21 tb Exp $ */
2/* 2/*
3 * Originally written by Bodo Moeller for the OpenSSL project. 3 * Originally written by Bodo Moeller for the OpenSSL project.
4 */ 4 */
@@ -109,7 +109,8 @@ EC_GFp_mont_method(void)
109 .field_sqr = ec_GFp_mont_field_sqr, 109 .field_sqr = ec_GFp_mont_field_sqr,
110 .field_encode = ec_GFp_mont_field_encode, 110 .field_encode = ec_GFp_mont_field_encode,
111 .field_decode = ec_GFp_mont_field_decode, 111 .field_decode = ec_GFp_mont_field_decode,
112 .field_set_to_one = ec_GFp_mont_field_set_to_one 112 .field_set_to_one = ec_GFp_mont_field_set_to_one,
113 .blind_coordinates = ec_GFp_simple_blind_coordinates,
113 }; 114 };
114 115
115 return &ret; 116 return &ret;
diff --git a/src/lib/libcrypto/ec/ecp_nist.c b/src/lib/libcrypto/ec/ecp_nist.c
index 6ae1170808..073c0419cf 100644
--- a/src/lib/libcrypto/ec/ecp_nist.c
+++ b/src/lib/libcrypto/ec/ecp_nist.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ecp_nist.c,v 1.14 2018/07/16 17:32:39 tb Exp $ */ 1/* $OpenBSD: ecp_nist.c,v 1.15 2018/11/05 20:18:21 tb Exp $ */
2/* 2/*
3 * Written by Nils Larsch for the OpenSSL project. 3 * Written by Nils Larsch for the OpenSSL project.
4 */ 4 */
@@ -107,7 +107,8 @@ EC_GFp_nist_method(void)
107 .mul_single_ct = ec_GFp_simple_mul_single_ct, 107 .mul_single_ct = ec_GFp_simple_mul_single_ct,
108 .mul_double_nonct = ec_GFp_simple_mul_double_nonct, 108 .mul_double_nonct = ec_GFp_simple_mul_double_nonct,
109 .field_mul = ec_GFp_nist_field_mul, 109 .field_mul = ec_GFp_nist_field_mul,
110 .field_sqr = ec_GFp_nist_field_sqr 110 .field_sqr = ec_GFp_nist_field_sqr,
111 .blind_coordinates = ec_GFp_simple_blind_coordinates,
111 }; 112 };
112 113
113 return &ret; 114 return &ret;
diff --git a/src/lib/libcrypto/ec/ecp_nistp224.c b/src/lib/libcrypto/ec/ecp_nistp224.c
index 643e9a69a6..21b431a097 100644
--- a/src/lib/libcrypto/ec/ecp_nistp224.c
+++ b/src/lib/libcrypto/ec/ecp_nistp224.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ecp_nistp224.c,v 1.22 2018/07/15 16:27:39 tb Exp $ */ 1/* $OpenBSD: ecp_nistp224.c,v 1.23 2018/11/05 20:18:21 tb Exp $ */
2/* 2/*
3 * Written by Emilia Kasper (Google) for the OpenSSL project. 3 * Written by Emilia Kasper (Google) for the OpenSSL project.
4 */ 4 */
@@ -270,7 +270,8 @@ EC_GFp_nistp224_method(void)
270 .precompute_mult = ec_GFp_nistp224_precompute_mult, 270 .precompute_mult = ec_GFp_nistp224_precompute_mult,
271 .have_precompute_mult = ec_GFp_nistp224_have_precompute_mult, 271 .have_precompute_mult = ec_GFp_nistp224_have_precompute_mult,
272 .field_mul = ec_GFp_nist_field_mul, 272 .field_mul = ec_GFp_nist_field_mul,
273 .field_sqr = ec_GFp_nist_field_sqr 273 .field_sqr = ec_GFp_nist_field_sqr,
274 .blind_coordinates = NULL,
274 }; 275 };
275 276
276 return &ret; 277 return &ret;
diff --git a/src/lib/libcrypto/ec/ecp_nistp256.c b/src/lib/libcrypto/ec/ecp_nistp256.c
index 5c5fcde694..fc68b6cd8d 100644
--- a/src/lib/libcrypto/ec/ecp_nistp256.c
+++ b/src/lib/libcrypto/ec/ecp_nistp256.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ecp_nistp256.c,v 1.21 2018/07/15 16:27:39 tb Exp $ */ 1/* $OpenBSD: ecp_nistp256.c,v 1.22 2018/11/05 20:18:21 tb Exp $ */
2/* 2/*
3 * Written by Adam Langley (Google) for the OpenSSL project 3 * Written by Adam Langley (Google) for the OpenSSL project
4 */ 4 */
@@ -1724,7 +1724,8 @@ EC_GFp_nistp256_method(void)
1724 .precompute_mult = ec_GFp_nistp256_precompute_mult, 1724 .precompute_mult = ec_GFp_nistp256_precompute_mult,
1725 .have_precompute_mult = ec_GFp_nistp256_have_precompute_mult, 1725 .have_precompute_mult = ec_GFp_nistp256_have_precompute_mult,
1726 .field_mul = ec_GFp_nist_field_mul, 1726 .field_mul = ec_GFp_nist_field_mul,
1727 .field_sqr = ec_GFp_nist_field_sqr 1727 .field_sqr = ec_GFp_nist_field_sqr,
1728 .blind_coordinates = NULL,
1728 }; 1729 };
1729 1730
1730 return &ret; 1731 return &ret;
diff --git a/src/lib/libcrypto/ec/ecp_nistp521.c b/src/lib/libcrypto/ec/ecp_nistp521.c
index b3525bfdad..e085610cbc 100644
--- a/src/lib/libcrypto/ec/ecp_nistp521.c
+++ b/src/lib/libcrypto/ec/ecp_nistp521.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ecp_nistp521.c,v 1.22 2018/07/15 16:27:39 tb Exp $ */ 1/* $OpenBSD: ecp_nistp521.c,v 1.23 2018/11/05 20:18:21 tb Exp $ */
2/* 2/*
3 * Written by Adam Langley (Google) for the OpenSSL project 3 * Written by Adam Langley (Google) for the OpenSSL project
4 */ 4 */
@@ -1614,7 +1614,8 @@ EC_GFp_nistp521_method(void)
1614 .precompute_mult = ec_GFp_nistp521_precompute_mult, 1614 .precompute_mult = ec_GFp_nistp521_precompute_mult,
1615 .have_precompute_mult = ec_GFp_nistp521_have_precompute_mult, 1615 .have_precompute_mult = ec_GFp_nistp521_have_precompute_mult,
1616 .field_mul = ec_GFp_nist_field_mul, 1616 .field_mul = ec_GFp_nist_field_mul,
1617 .field_sqr = ec_GFp_nist_field_sqr 1617 .field_sqr = ec_GFp_nist_field_sqr,
1618 .blind_coordinates = NULL,
1618 }; 1619 };
1619 1620
1620 return &ret; 1621 return &ret;
diff --git a/src/lib/libcrypto/ec/ecp_nistz256.c b/src/lib/libcrypto/ec/ecp_nistz256.c
index 43010db7d0..71e0835e70 100644
--- a/src/lib/libcrypto/ec/ecp_nistz256.c
+++ b/src/lib/libcrypto/ec/ecp_nistz256.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ecp_nistz256.c,v 1.6 2018/07/15 16:27:39 tb Exp $ */ 1/* $OpenBSD: ecp_nistz256.c,v 1.7 2018/11/05 20:18:21 tb Exp $ */
2/* Copyright (c) 2014, Intel Corporation. 2/* Copyright (c) 2014, Intel Corporation.
3 * 3 *
4 * Permission to use, copy, modify, and/or distribute this software for any 4 * Permission to use, copy, modify, and/or distribute this software for any
@@ -1182,7 +1182,8 @@ EC_GFp_nistz256_method(void)
1182 .field_sqr = ec_GFp_mont_field_sqr, 1182 .field_sqr = ec_GFp_mont_field_sqr,
1183 .field_encode = ec_GFp_mont_field_encode, 1183 .field_encode = ec_GFp_mont_field_encode,
1184 .field_decode = ec_GFp_mont_field_decode, 1184 .field_decode = ec_GFp_mont_field_decode,
1185 .field_set_to_one = ec_GFp_mont_field_set_to_one 1185 .field_set_to_one = ec_GFp_mont_field_set_to_one,
1186 .blind_coordinates = NULL,
1186 }; 1187 };
1187 1188
1188 return &ret; 1189 return &ret;
diff --git a/src/lib/libcrypto/ec/ecp_smpl.c b/src/lib/libcrypto/ec/ecp_smpl.c
index a25fd1df84..fe935251d9 100644
--- a/src/lib/libcrypto/ec/ecp_smpl.c
+++ b/src/lib/libcrypto/ec/ecp_smpl.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ecp_smpl.c,v 1.22 2018/07/16 17:32:39 tb Exp $ */ 1/* $OpenBSD: ecp_smpl.c,v 1.23 2018/11/05 20:18:21 tb Exp $ */
2/* Includes code written by Lenka Fibikova <fibikova@exp-math.uni-essen.de> 2/* Includes code written by Lenka Fibikova <fibikova@exp-math.uni-essen.de>
3 * for the OpenSSL project. 3 * for the OpenSSL project.
4 * Includes code written by Bodo Moeller for the OpenSSL project. 4 * Includes code written by Bodo Moeller for the OpenSSL project.
@@ -107,7 +107,8 @@ EC_GFp_simple_method(void)
107 .mul_single_ct = ec_GFp_simple_mul_single_ct, 107 .mul_single_ct = ec_GFp_simple_mul_single_ct,
108 .mul_double_nonct = ec_GFp_simple_mul_double_nonct, 108 .mul_double_nonct = ec_GFp_simple_mul_double_nonct,
109 .field_mul = ec_GFp_simple_field_mul, 109 .field_mul = ec_GFp_simple_field_mul,
110 .field_sqr = ec_GFp_simple_field_sqr 110 .field_sqr = ec_GFp_simple_field_sqr,
111 .blind_coordinates = ec_GFp_simple_blind_coordinates,
111 }; 112 };
112 113
113 return &ret; 114 return &ret;
@@ -1406,13 +1407,70 @@ ec_GFp_simple_field_mul(const EC_GROUP * group, BIGNUM * r, const BIGNUM * a, co
1406 return BN_mod_mul(r, a, b, &group->field, ctx); 1407 return BN_mod_mul(r, a, b, &group->field, ctx);
1407} 1408}
1408 1409
1409
1410int 1410int
1411ec_GFp_simple_field_sqr(const EC_GROUP * group, BIGNUM * r, const BIGNUM * a, BN_CTX * ctx) 1411ec_GFp_simple_field_sqr(const EC_GROUP * group, BIGNUM * r, const BIGNUM * a, BN_CTX * ctx)
1412{ 1412{
1413 return BN_mod_sqr(r, a, &group->field, ctx); 1413 return BN_mod_sqr(r, a, &group->field, ctx);
1414} 1414}
1415 1415
1416/*
1417 * Apply randomization of EC point projective coordinates:
1418 *
1419 * (X, Y, Z) = (lambda^2 * X, lambda^3 * Y, lambda * Z)
1420 *
1421 * where lambda is in the interval [1, group->field).
1422 */
1423int
1424ec_GFp_simple_blind_coordinates(const EC_GROUP *group, EC_POINT *p, BN_CTX *ctx)
1425{
1426 BIGNUM *lambda = NULL;
1427 BIGNUM *tmp = NULL;
1428 int ret = 0;
1429
1430 BN_CTX_start(ctx);
1431 if ((lambda = BN_CTX_get(ctx)) == NULL)
1432 goto err;
1433 if ((tmp = BN_CTX_get(ctx)) == NULL)
1434 goto err;
1435
1436 /* Generate lambda in [1, group->field - 1] */
1437 do {
1438 if (!BN_rand_range(lambda, &group->field))
1439 goto err;
1440 } while (BN_is_zero(lambda));
1441
1442 if (group->meth->field_encode != NULL &&
1443 !group->meth->field_encode(group, lambda, lambda, ctx))
1444 goto err;
1445
1446 /* Z = lambda * Z */
1447 if (!group->meth->field_mul(group, &p->Z, lambda, &p->Z, ctx))
1448 goto err;
1449
1450 /* tmp = lambda^2 */
1451 if (!group->meth->field_sqr(group, tmp, lambda, ctx))
1452 goto err;
1453
1454 /* X = lambda^2 * X */
1455 if (!group->meth->field_mul(group, &p->X, tmp, &p->X, ctx))
1456 goto err;
1457
1458 /* tmp = lambda^3 */
1459 if (!group->meth->field_mul(group, tmp, tmp, lambda, ctx))
1460 goto err;
1461
1462 /* Y = lambda^3 * Y */
1463 if (!group->meth->field_mul(group, &p->Y, tmp, &p->Y, ctx))
1464 goto err;
1465
1466 ret = 1;
1467
1468 err:
1469 BN_CTX_end(ctx);
1470 return ret;
1471}
1472
1473
1416#define EC_POINT_BN_set_flags(P, flags) do { \ 1474#define EC_POINT_BN_set_flags(P, flags) do { \
1417 BN_set_flags(&(P)->X, (flags)); \ 1475 BN_set_flags(&(P)->X, (flags)); \
1418 BN_set_flags(&(P)->Y, (flags)); \ 1476 BN_set_flags(&(P)->Y, (flags)); \
@@ -1537,6 +1595,13 @@ ec_GFp_simple_mul_ct(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
1537 (bn_wexpand(&r->Z, group_top) == NULL)) 1595 (bn_wexpand(&r->Z, group_top) == NULL))
1538 goto err; 1596 goto err;
1539 1597
1598 /*
1599 * Apply coordinate blinding for EC_POINT if the underlying EC_METHOD
1600 * implements it.
1601 */
1602 if (!ec_point_blind_coordinates(group, s, ctx))
1603 goto err;
1604
1540 /* top bit is a 1, in a fixed pos */ 1605 /* top bit is a 1, in a fixed pos */
1541 if (!EC_POINT_copy(r, s)) 1606 if (!EC_POINT_copy(r, s))
1542 goto err; 1607 goto err;
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-10-24 22:18:22 +0000