Mercurial > dropbear

comparison libtomcrypt/src/pk/ecc/ltc_ecc_mul2add.c @ 1471:6dba84798cd5

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Update to libtomcrypt 1.18.1, merged with Dropbear changes
author Matt Johnston <matt@ucc.asn.au>
date Fri, 09 Feb 2018 21:44:05 +0800
parents f849a5ca2efc
children
comparison
equal deleted inserted replaced
1470:8bba51a55704 1471:6dba84798cd5
3 * LibTomCrypt is a library that provides various cryptographic 3 * LibTomCrypt is a library that provides various cryptographic
4 * algorithms in a highly modular and flexible manner. 4 * algorithms in a highly modular and flexible manner.
5 * 5 *
6 * The library is free for all purposes without any express 6 * The library is free for all purposes without any express
7 * guarantee it works. 7 * guarantee it works.
8 *
9 * Tom St Denis, [email protected], http://libtom.org
10 */ 8 */
11 9
12 /* Implements ECC over Z/pZ for curve y^2 = x^3 - 3x + b 10 /* Implements ECC over Z/pZ for curve y^2 = x^3 - 3x + b
13 * 11 *
14 * All curves taken from NIST recommendation paper of July 1999 12 * All curves taken from NIST recommendation paper of July 1999
17 #include "tomcrypt.h" 15 #include "tomcrypt.h"
18 16
19 /** 17 /**
20 @file ltc_ecc_mul2add.c 18 @file ltc_ecc_mul2add.c
21 ECC Crypto, Shamir's Trick, Tom St Denis 19 ECC Crypto, Shamir's Trick, Tom St Denis
22 */ 20 */
23 21
24 #ifdef LTC_MECC 22 #ifdef LTC_MECC
25 23
26 #ifdef LTC_ECC_SHAMIR 24 #ifdef LTC_ECC_SHAMIR
27 25
29 @param A First point to multiply 27 @param A First point to multiply
30 @param kA What to multiple A by 28 @param kA What to multiple A by
31 @param B Second point to multiply 29 @param B Second point to multiply
32 @param kB What to multiple B by 30 @param kB What to multiple B by
33 @param C [out] Destination point (can overlap with A or B 31 @param C [out] Destination point (can overlap with A or B
34 @param modulus Modulus for curve 32 @param modulus Modulus for curve
35 @return CRYPT_OK on success 33 @return CRYPT_OK on success
36 */ 34 */
37 int ltc_ecc_mul2add(ecc_point *A, void *kA, 35 int ltc_ecc_mul2add(ecc_point *A, void *kA,
38 ecc_point *B, void *kB, 36 ecc_point *B, void *kB,
39 ecc_point *C, 37 ecc_point *C,
40 void *modulus) 38 void *modulus)
41 { 39 {
42 ecc_point *precomp[16]; 40 ecc_point *precomp[16];
43 unsigned bitbufA, bitbufB, lenA, lenB, len, x, y, nA, nB, nibble; 41 unsigned bitbufA, bitbufB, lenA, lenB, len, x, y, nA, nB, nibble;
44 unsigned char *tA, *tB; 42 unsigned char *tA, *tB;
45 int err, first; 43 int err, first;
46 void *mp, *mu; 44 void *mp, *mu;
47 45
48 /* argchks */ 46 /* argchks */
49 LTC_ARGCHK(A != NULL); 47 LTC_ARGCHK(A != NULL);
50 LTC_ARGCHK(B != NULL); 48 LTC_ARGCHK(B != NULL);
51 LTC_ARGCHK(C != NULL); 49 LTC_ARGCHK(C != NULL);
52 LTC_ARGCHK(kA != NULL); 50 LTC_ARGCHK(kA != NULL);
91 err = CRYPT_MEM; 89 err = CRYPT_MEM;
92 goto ERR_T; 90 goto ERR_T;
93 } 91 }
94 } 92 }
95 93
96 /* init montgomery reduction */ 94 /* init montgomery reduction */
97 if ((err = mp_montgomery_setup(modulus, &mp)) != CRYPT_OK) { 95 if ((err = mp_montgomery_setup(modulus, &mp)) != CRYPT_OK) {
98 goto ERR_P; 96 goto ERR_P;
99 } 97 }
100 if ((err = mp_init(&mu)) != CRYPT_OK) { 98 if ((err = mp_init(&mu)) != CRYPT_OK) {
101 goto ERR_MP; 99 goto ERR_MP;
102 } 100 }
103 if ((err = mp_montgomery_normalization(mu, modulus)) != CRYPT_OK) { 101 if ((err = mp_montgomery_normalization(mu, modulus)) != CRYPT_OK) {
104 goto ERR_MU; 102 goto ERR_MU;
105 } 103 }
106 104
107 /* copy ones ... */ 105 /* copy ones ... */
108 if ((err = mp_mulmod(A->x, mu, modulus, precomp[1]->x)) != CRYPT_OK) { goto ERR_MU; } 106 if ((err = mp_mulmod(A->x, mu, modulus, precomp[1]->x)) != CRYPT_OK) { goto ERR_MU; }
109 if ((err = mp_mulmod(A->y, mu, modulus, precomp[1]->y)) != CRYPT_OK) { goto ERR_MU; } 107 if ((err = mp_mulmod(A->y, mu, modulus, precomp[1]->y)) != CRYPT_OK) { goto ERR_MU; }
110 if ((err = mp_mulmod(A->z, mu, modulus, precomp[1]->z)) != CRYPT_OK) { goto ERR_MU; } 108 if ((err = mp_mulmod(A->z, mu, modulus, precomp[1]->z)) != CRYPT_OK) { goto ERR_MU; }
124 /* precomp [i,j](A + B) table (i != 0, j != 0) */ 122 /* precomp [i,j](A + B) table (i != 0, j != 0) */
125 for (x = 1; x < 4; x++) { 123 for (x = 1; x < 4; x++) {
126 for (y = 1; y < 4; y++) { 124 for (y = 1; y < 4; y++) {
127 if ((err = ltc_mp.ecc_ptadd(precomp[x], precomp[(y<<2)], precomp[x+(y<<2)], modulus, mp)) != CRYPT_OK) { goto ERR_MU; } 125 if ((err = ltc_mp.ecc_ptadd(precomp[x], precomp[(y<<2)], precomp[x+(y<<2)], modulus, mp)) != CRYPT_OK) { goto ERR_MU; }
128 } 126 }
129 } 127 }
130 128
131 nibble = 3; 129 nibble = 3;
132 first = 1; 130 first = 1;
133 bitbufA = tA[0]; 131 bitbufA = tA[0];
134 bitbufB = tB[0]; 132 bitbufB = tB[0];
135 133
136 /* for every byte of the multiplicands */ 134 /* for every byte of the multiplicands */
137 for (x = -1;; ) { 135 for (x = 0;; ) {
138 /* grab a nibble */ 136 /* grab a nibble */
139 if (++nibble == 4) { 137 if (++nibble == 4) {
140 ++x; if (x == len) break; 138 if (x == len) break;
141 bitbufA = tA[x]; 139 bitbufA = tA[x];
142 bitbufB = tB[x]; 140 bitbufB = tB[x];
143 nibble = 0; 141 nibble = 0;
142 ++x;
144 } 143 }
145 144
146 /* extract two bits from both, shift/update */ 145 /* extract two bits from both, shift/update */
147 nA = (bitbufA >> 6) & 0x03; 146 nA = (bitbufA >> 6) & 0x03;
148 nB = (bitbufB >> 6) & 0x03; 147 nB = (bitbufB >> 6) & 0x03;
149 bitbufA = (bitbufA << 2) & 0xFF; 148 bitbufA = (bitbufA << 2) & 0xFF;
150 bitbufB = (bitbufB << 2) & 0xFF; 149 bitbufB = (bitbufB << 2) & 0xFF;
151 150
152 /* if both zero, if first, continue */ 151 /* if both zero, if first, continue */
153 if ((nA == 0) && (nB == 0) && (first == 1)) { 152 if ((nA == 0) && (nB == 0) && (first == 1)) {
154 continue; 153 continue;
155 } 154 }
200 } 199 }
201 200
202 #endif 201 #endif
203 #endif 202 #endif
204 203
205 /* $Source$ */ 204 /* ref: $Format:%D$ */
206 /* $Revision$ */ 205 /* git commit: $Format:%H$ */
207 /* $Date$ */ 206 /* commit time: $Format:%ai$ */