From 0073d22328d043ee79dbaa9705605bcc23456d4a Mon Sep 17 00:00:00 2001 From: tb <> Date: Thu, 12 Dec 2024 10:00:15 +0000 Subject: Rename group->field to group->p Now that we only do curves over GF(p) fields, there's no need to use a weird, confusing name for what we usually call p. Adjust some comments in the vicinity as well. --- src/lib/libcrypto/ec/ec_convert.c | 14 +++++----- src/lib/libcrypto/ec/ec_lib.c | 15 +++++------ src/lib/libcrypto/ec/ec_local.h | 15 ++++------- src/lib/libcrypto/ec/ecp_methods.c | 54 +++++++++++++++++++------------------- 4 files changed, 46 insertions(+), 52 deletions(-) (limited to 'src') diff --git a/src/lib/libcrypto/ec/ec_convert.c b/src/lib/libcrypto/ec/ec_convert.c index a4237cda95..f2410c163c 100644 --- a/src/lib/libcrypto/ec/ec_convert.c +++ b/src/lib/libcrypto/ec/ec_convert.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ec_convert.c,v 1.11 2024/11/08 02:24:37 tb Exp $ */ +/* $OpenBSD: ec_convert.c,v 1.12 2024/12/12 10:00:15 tb Exp $ */ /* * Originally written by Bodo Moeller for the OpenSSL project. */ @@ -157,11 +157,11 @@ ec_encoded_length(const EC_GROUP *group, uint8_t form, size_t *out_len) *out_len = 1; return 1; case EC_POINT_COMPRESSED: - *out_len = 1 + BN_num_bytes(&group->field); + *out_len = 1 + BN_num_bytes(&group->p); return 1; case EC_POINT_UNCOMPRESSED: case EC_POINT_HYBRID: - *out_len = 1 + 2 * BN_num_bytes(&group->field); + *out_len = 1 + 2 * BN_num_bytes(&group->p); return 1; default: return 0; @@ -171,15 +171,15 @@ ec_encoded_length(const EC_GROUP *group, uint8_t form, size_t *out_len) static int ec_field_element_is_valid(const EC_GROUP *group, const BIGNUM *bn) { - /* Ensure bn is in the range [0, field). */ - return !BN_is_negative(bn) && BN_cmp(&group->field, bn) > 0; + /* Ensure bn is in the range [0, p). */ + return !BN_is_negative(bn) && BN_cmp(&group->p, bn) > 0; } static int ec_add_field_element_cbb(CBB *cbb, const EC_GROUP *group, const BIGNUM *bn) { uint8_t *buf = NULL; - int buf_len = BN_num_bytes(&group->field); + int buf_len = BN_num_bytes(&group->p); if (!ec_field_element_is_valid(group, bn)) { ECerror(EC_R_BIGNUM_OUT_OF_RANGE); @@ -202,7 +202,7 @@ ec_get_field_element_cbs(CBS *cbs, const EC_GROUP *group, BIGNUM *bn) { CBS field_element; - if (!CBS_get_bytes(cbs, &field_element, BN_num_bytes(&group->field))) { + if (!CBS_get_bytes(cbs, &field_element, BN_num_bytes(&group->p))) { ECerror(EC_R_INVALID_ENCODING); return 0; } diff --git a/src/lib/libcrypto/ec/ec_lib.c b/src/lib/libcrypto/ec/ec_lib.c index a1c80c328b..9f1a742d38 100644 --- a/src/lib/libcrypto/ec/ec_lib.c +++ b/src/lib/libcrypto/ec/ec_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ec_lib.c,v 1.89 2024/11/30 21:09:59 tb Exp $ */ +/* $OpenBSD: ec_lib.c,v 1.90 2024/12/12 10:00:15 tb Exp $ */ /* * Originally written by Bodo Moeller for the OpenSSL project. */ @@ -275,8 +275,7 @@ ec_set_cofactor(EC_GROUP *group, const BIGNUM *in_cofactor) * If the cofactor is too large, we cannot guess it and default to zero. * The RHS of below is a strict overestimate of log(4 * sqrt(q)). */ - if (BN_num_bits(&group->order) <= - (BN_num_bits(&group->field) + 1) / 2 + 3) + if (BN_num_bits(&group->order) <= (BN_num_bits(&group->p) + 1) / 2 + 3) goto done; /* @@ -291,7 +290,7 @@ ec_set_cofactor(EC_GROUP *group, const BIGNUM *in_cofactor) if (!BN_add_word(cofactor, 1)) goto err; /* h = q + 1 + n/2 */ - if (!BN_add(cofactor, cofactor, &group->field)) + if (!BN_add(cofactor, cofactor, &group->p)) goto err; /* h = (q + 1 + n/2) / n */ if (!BN_div_ct(cofactor, NULL, cofactor, &group->order, ctx)) @@ -299,7 +298,7 @@ ec_set_cofactor(EC_GROUP *group, const BIGNUM *in_cofactor) done: /* Use Hasse's theorem to bound the cofactor. */ - if (BN_num_bits(cofactor) > BN_num_bits(&group->field) + 1) { + if (BN_num_bits(cofactor) > BN_num_bits(&group->p) + 1) { ECerror(EC_R_INVALID_GROUP_ORDER); goto err; } @@ -325,8 +324,8 @@ EC_GROUP_set_generator(EC_GROUP *group, const EC_POINT *generator, return 0; } - /* Require group->field >= 1. */ - if (BN_is_zero(&group->field) || BN_is_negative(&group->field)) { + /* Require p >= 1. */ + if (BN_is_zero(&group->p) || BN_is_negative(&group->p)) { ECerror(EC_R_INVALID_FIELD); return 0; } @@ -336,7 +335,7 @@ EC_GROUP_set_generator(EC_GROUP *group, const EC_POINT *generator, * than the field cardinality due to Hasse's theorem. */ if (order == NULL || BN_cmp(order, BN_value_one()) <= 0 || - BN_num_bits(order) > BN_num_bits(&group->field) + 1) { + BN_num_bits(order) > BN_num_bits(&group->p) + 1) { ECerror(EC_R_INVALID_GROUP_ORDER); return 0; } diff --git a/src/lib/libcrypto/ec/ec_local.h b/src/lib/libcrypto/ec/ec_local.h index da706d5324..ea1cd7adad 100644 --- a/src/lib/libcrypto/ec/ec_local.h +++ b/src/lib/libcrypto/ec/ec_local.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ec_local.h,v 1.42 2024/12/06 15:49:37 tb Exp $ */ +/* $OpenBSD: ec_local.h,v 1.43 2024/12/12 10:00:15 tb Exp $ */ /* * Originally written by Bodo Moeller for the OpenSSL project. */ @@ -181,16 +181,11 @@ struct ec_group_st { */ /* - * Field specification. For GF(p) this is the modulus; for GF(2^m), - * this is the irreducible polynomial defining the field. + * Coefficients of the Weierstrass equation y^2 = x^3 + a*x + b (mod p). */ - BIGNUM field; - - /* - * Curve coefficients. In characteristic > 3, the curve is defined by a - * Weierstrass equation of the form y^2 = x^3 + a*x + b. - */ - BIGNUM a, b; + BIGNUM p; + BIGNUM a; + BIGNUM b; /* Enables optimized point arithmetics for special case. */ int a_is_minus3; diff --git a/src/lib/libcrypto/ec/ecp_methods.c b/src/lib/libcrypto/ec/ecp_methods.c index 50607ea216..8f04a24e28 100644 --- a/src/lib/libcrypto/ec/ecp_methods.c +++ b/src/lib/libcrypto/ec/ecp_methods.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ecp_methods.c,v 1.13 2024/12/06 15:49:37 tb Exp $ */ +/* $OpenBSD: ecp_methods.c,v 1.14 2024/12/12 10:00:15 tb Exp $ */ /* Includes code written by Lenka Fibikova * for the OpenSSL project. * Includes code written by Bodo Moeller for the OpenSSL project. @@ -87,7 +87,7 @@ static int ec_group_init(EC_GROUP *group) { - BN_init(&group->field); + BN_init(&group->p); BN_init(&group->a); BN_init(&group->b); group->a_is_minus3 = 0; @@ -97,7 +97,7 @@ ec_group_init(EC_GROUP *group) static void ec_group_finish(EC_GROUP *group) { - BN_free(&group->field); + BN_free(&group->p); BN_free(&group->a); BN_free(&group->b); } @@ -105,7 +105,7 @@ ec_group_finish(EC_GROUP *group) static int ec_group_copy(EC_GROUP *dest, const EC_GROUP *src) { - if (!bn_copy(&dest->field, &src->field)) + if (!bn_copy(&dest->p, &src->p)) return 0; if (!bn_copy(&dest->a, &src->a)) return 0; @@ -132,7 +132,7 @@ ec_decode_scalar(const EC_GROUP *group, BIGNUM *bn, const BIGNUM *x, BN_CTX *ctx static int ec_encode_scalar(const EC_GROUP *group, BIGNUM *bn, const BIGNUM *x, BN_CTX *ctx) { - if (!BN_nnmod(bn, x, &group->field, ctx)) + if (!BN_nnmod(bn, x, &group->p, ctx)) return 0; if (group->meth->field_encode != NULL) @@ -145,7 +145,7 @@ static int ec_encode_z_coordinate(const EC_GROUP *group, BIGNUM *bn, int *is_one, const BIGNUM *z, BN_CTX *ctx) { - if (!BN_nnmod(bn, z, &group->field, ctx)) + if (!BN_nnmod(bn, z, &group->p, ctx)) return 0; *is_one = BN_is_one(bn); @@ -176,9 +176,9 @@ ec_group_set_curve(EC_GROUP *group, if ((a_plus_3 = BN_CTX_get(ctx)) == NULL) goto err; - if (!bn_copy(&group->field, p)) + if (!bn_copy(&group->p, p)) goto err; - BN_set_negative(&group->field, 0); + BN_set_negative(&group->p, 0); if (!ec_encode_scalar(group, &group->a, a, ctx)) goto err; @@ -187,7 +187,7 @@ ec_group_set_curve(EC_GROUP *group, if (!BN_set_word(a_plus_3, 3)) goto err; - if (!BN_mod_add(a_plus_3, a_plus_3, a, &group->field, ctx)) + if (!BN_mod_add(a_plus_3, a_plus_3, a, &group->p, ctx)) goto err; group->a_is_minus3 = BN_is_zero(a_plus_3); @@ -205,7 +205,7 @@ ec_group_get_curve(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *ctx) { if (p != NULL) { - if (!bn_copy(p, &group->field)) + if (!bn_copy(p, &group->p)) return 0; } if (!ec_decode_scalar(group, a, &group->a, ctx)) @@ -219,7 +219,7 @@ ec_group_get_curve(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b, static int ec_group_get_degree(const EC_GROUP *group) { - return BN_num_bits(&group->field); + return BN_num_bits(&group->p); } static int @@ -375,7 +375,7 @@ ec_point_get_affine_coordinates(const EC_GROUP *group, const EC_POINT *point, goto done; } - if (BN_mod_inverse_ct(Z_1, z, &group->field, ctx) == NULL) { + if (BN_mod_inverse_ct(Z_1, z, &group->p, ctx) == NULL) { ECerror(ERR_R_BN_LIB); goto err; } @@ -384,7 +384,7 @@ ec_point_get_affine_coordinates(const EC_GROUP *group, const EC_POINT *point, if (!group->meth->field_sqr(group, Z_2, Z_1, ctx)) goto err; } else { - if (!BN_mod_sqr(Z_2, Z_1, &group->field, ctx)) + if (!BN_mod_sqr(Z_2, Z_1, &group->p, ctx)) goto err; } @@ -402,7 +402,7 @@ ec_point_get_affine_coordinates(const EC_GROUP *group, const EC_POINT *point, if (!group->meth->field_mul(group, Z_3, Z_2, Z_1, ctx)) goto err; } else { - if (!BN_mod_mul(Z_3, Z_2, Z_1, &group->field, ctx)) + if (!BN_mod_mul(Z_3, Z_2, Z_1, &group->p, ctx)) goto err; } @@ -427,7 +427,7 @@ static int ec_set_compressed_coordinates(const EC_GROUP *group, EC_POINT *point, const BIGNUM *in_x, int y_bit, BN_CTX *ctx) { - const BIGNUM *p = &group->field, *a = &group->a, *b = &group->b; + const BIGNUM *p = &group->p, *a = &group->a, *b = &group->b; BIGNUM *w, *x, *y; int ret = 0; @@ -500,7 +500,7 @@ ec_set_compressed_coordinates(const EC_GROUP *group, EC_POINT *point, ECerror(EC_R_INVALID_COMPRESSION_BIT); goto err; } - if (!BN_usub(y, &group->field, y)) + if (!BN_usub(y, &group->p, y)) goto err; if (y_bit != BN_is_odd(y)) { @@ -540,7 +540,7 @@ ec_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, const EC_POINT *b, field_mul = group->meth->field_mul; field_sqr = group->meth->field_sqr; - p = &group->field; + p = &group->p; BN_CTX_start(ctx); @@ -718,7 +718,7 @@ ec_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, BN_CTX *ctx) field_mul = group->meth->field_mul; field_sqr = group->meth->field_sqr; - p = &group->field; + p = &group->p; BN_CTX_start(ctx); @@ -845,7 +845,7 @@ ec_invert(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx) /* point is its own inverse */ return 1; - return BN_usub(&point->Y, &group->field, &point->Y); + return BN_usub(&point->Y, &group->p, &point->Y); } static int @@ -862,7 +862,7 @@ ec_is_on_curve(const EC_GROUP *group, const EC_POINT *point, BN_CTX *ctx) field_mul = group->meth->field_mul; field_sqr = group->meth->field_sqr; - p = &group->field; + p = &group->p; BN_CTX_start(ctx); @@ -1130,7 +1130,7 @@ ec_points_make_affine(const EC_GROUP *group, size_t num, EC_POINT *points[], * Now use a single explicit inversion to replace every non-zero * points[i]->Z by its inverse. */ - if (!BN_mod_inverse_nonct(tmp, prod_Z[num - 1], &group->field, ctx)) { + if (!BN_mod_inverse_nonct(tmp, prod_Z[num - 1], &group->p, ctx)) { ECerror(ERR_R_BN_LIB); goto err; } @@ -1214,13 +1214,13 @@ static int ec_field_mul(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) { - return BN_mod_mul(r, a, b, &group->field, ctx); + return BN_mod_mul(r, a, b, &group->p, ctx); } static int ec_field_sqr(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, BN_CTX *ctx) { - return BN_mod_sqr(r, a, &group->field, ctx); + return BN_mod_sqr(r, a, &group->p, ctx); } /* @@ -1228,7 +1228,7 @@ ec_field_sqr(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, BN_CTX *ctx) * * (X, Y, Z) = (lambda^2 * X, lambda^3 * Y, lambda * Z) * - * where lambda is in the interval [1, group->field). + * where lambda is in the interval [1, p). */ static int ec_blind_coordinates(const EC_GROUP *group, EC_POINT *p, BN_CTX *ctx) @@ -1243,8 +1243,8 @@ ec_blind_coordinates(const EC_GROUP *group, EC_POINT *p, BN_CTX *ctx) if ((tmp = BN_CTX_get(ctx)) == NULL) goto err; - /* Generate lambda in [1, group->field). */ - if (!bn_rand_interval(lambda, 1, &group->field)) + /* Generate lambda in [1, p). */ + if (!bn_rand_interval(lambda, 1, &group->p)) goto err; if (group->meth->field_encode != NULL && @@ -1392,7 +1392,7 @@ ec_mul_ct(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, if (!BN_swap_ct(kbit, k, lambda, group_top + 2)) goto err; - group_top = group->field.top; + group_top = group->p.top; if (!bn_wexpand(&s->X, group_top) || !bn_wexpand(&s->Y, group_top) || !bn_wexpand(&s->Z, group_top) || -- cgit v1.2.3-55-g6feb