Mercurial > dropbear
comparison libtomcrypt/src/pk/ecc/ltc_ecc_mul2add.c @ 1471:6dba84798cd5
Update to libtomcrypt 1.18.1, merged with Dropbear changes
author | Matt Johnston <matt@ucc.asn.au> |
---|---|
date | Fri, 09 Feb 2018 21:44:05 +0800 |
parents | f849a5ca2efc |
children |
comparison
equal
deleted
inserted
replaced
1470:8bba51a55704 | 1471:6dba84798cd5 |
---|---|
3 * LibTomCrypt is a library that provides various cryptographic | 3 * LibTomCrypt is a library that provides various cryptographic |
4 * algorithms in a highly modular and flexible manner. | 4 * algorithms in a highly modular and flexible manner. |
5 * | 5 * |
6 * The library is free for all purposes without any express | 6 * The library is free for all purposes without any express |
7 * guarantee it works. | 7 * guarantee it works. |
8 * | |
9 * Tom St Denis, [email protected], http://libtom.org | |
10 */ | 8 */ |
11 | 9 |
12 /* Implements ECC over Z/pZ for curve y^2 = x^3 - 3x + b | 10 /* Implements ECC over Z/pZ for curve y^2 = x^3 - 3x + b |
13 * | 11 * |
14 * All curves taken from NIST recommendation paper of July 1999 | 12 * All curves taken from NIST recommendation paper of July 1999 |
17 #include "tomcrypt.h" | 15 #include "tomcrypt.h" |
18 | 16 |
19 /** | 17 /** |
20 @file ltc_ecc_mul2add.c | 18 @file ltc_ecc_mul2add.c |
21 ECC Crypto, Shamir's Trick, Tom St Denis | 19 ECC Crypto, Shamir's Trick, Tom St Denis |
22 */ | 20 */ |
23 | 21 |
24 #ifdef LTC_MECC | 22 #ifdef LTC_MECC |
25 | 23 |
26 #ifdef LTC_ECC_SHAMIR | 24 #ifdef LTC_ECC_SHAMIR |
27 | 25 |
29 @param A First point to multiply | 27 @param A First point to multiply |
30 @param kA What to multiple A by | 28 @param kA What to multiple A by |
31 @param B Second point to multiply | 29 @param B Second point to multiply |
32 @param kB What to multiple B by | 30 @param kB What to multiple B by |
33 @param C [out] Destination point (can overlap with A or B | 31 @param C [out] Destination point (can overlap with A or B |
34 @param modulus Modulus for curve | 32 @param modulus Modulus for curve |
35 @return CRYPT_OK on success | 33 @return CRYPT_OK on success |
36 */ | 34 */ |
37 int ltc_ecc_mul2add(ecc_point *A, void *kA, | 35 int ltc_ecc_mul2add(ecc_point *A, void *kA, |
38 ecc_point *B, void *kB, | 36 ecc_point *B, void *kB, |
39 ecc_point *C, | 37 ecc_point *C, |
40 void *modulus) | 38 void *modulus) |
41 { | 39 { |
42 ecc_point *precomp[16]; | 40 ecc_point *precomp[16]; |
43 unsigned bitbufA, bitbufB, lenA, lenB, len, x, y, nA, nB, nibble; | 41 unsigned bitbufA, bitbufB, lenA, lenB, len, x, y, nA, nB, nibble; |
44 unsigned char *tA, *tB; | 42 unsigned char *tA, *tB; |
45 int err, first; | 43 int err, first; |
46 void *mp, *mu; | 44 void *mp, *mu; |
47 | 45 |
48 /* argchks */ | 46 /* argchks */ |
49 LTC_ARGCHK(A != NULL); | 47 LTC_ARGCHK(A != NULL); |
50 LTC_ARGCHK(B != NULL); | 48 LTC_ARGCHK(B != NULL); |
51 LTC_ARGCHK(C != NULL); | 49 LTC_ARGCHK(C != NULL); |
52 LTC_ARGCHK(kA != NULL); | 50 LTC_ARGCHK(kA != NULL); |
91 err = CRYPT_MEM; | 89 err = CRYPT_MEM; |
92 goto ERR_T; | 90 goto ERR_T; |
93 } | 91 } |
94 } | 92 } |
95 | 93 |
96 /* init montgomery reduction */ | 94 /* init montgomery reduction */ |
97 if ((err = mp_montgomery_setup(modulus, &mp)) != CRYPT_OK) { | 95 if ((err = mp_montgomery_setup(modulus, &mp)) != CRYPT_OK) { |
98 goto ERR_P; | 96 goto ERR_P; |
99 } | 97 } |
100 if ((err = mp_init(&mu)) != CRYPT_OK) { | 98 if ((err = mp_init(&mu)) != CRYPT_OK) { |
101 goto ERR_MP; | 99 goto ERR_MP; |
102 } | 100 } |
103 if ((err = mp_montgomery_normalization(mu, modulus)) != CRYPT_OK) { | 101 if ((err = mp_montgomery_normalization(mu, modulus)) != CRYPT_OK) { |
104 goto ERR_MU; | 102 goto ERR_MU; |
105 } | 103 } |
106 | 104 |
107 /* copy ones ... */ | 105 /* copy ones ... */ |
108 if ((err = mp_mulmod(A->x, mu, modulus, precomp[1]->x)) != CRYPT_OK) { goto ERR_MU; } | 106 if ((err = mp_mulmod(A->x, mu, modulus, precomp[1]->x)) != CRYPT_OK) { goto ERR_MU; } |
109 if ((err = mp_mulmod(A->y, mu, modulus, precomp[1]->y)) != CRYPT_OK) { goto ERR_MU; } | 107 if ((err = mp_mulmod(A->y, mu, modulus, precomp[1]->y)) != CRYPT_OK) { goto ERR_MU; } |
110 if ((err = mp_mulmod(A->z, mu, modulus, precomp[1]->z)) != CRYPT_OK) { goto ERR_MU; } | 108 if ((err = mp_mulmod(A->z, mu, modulus, precomp[1]->z)) != CRYPT_OK) { goto ERR_MU; } |
124 /* precomp [i,j](A + B) table (i != 0, j != 0) */ | 122 /* precomp [i,j](A + B) table (i != 0, j != 0) */ |
125 for (x = 1; x < 4; x++) { | 123 for (x = 1; x < 4; x++) { |
126 for (y = 1; y < 4; y++) { | 124 for (y = 1; y < 4; y++) { |
127 if ((err = ltc_mp.ecc_ptadd(precomp[x], precomp[(y<<2)], precomp[x+(y<<2)], modulus, mp)) != CRYPT_OK) { goto ERR_MU; } | 125 if ((err = ltc_mp.ecc_ptadd(precomp[x], precomp[(y<<2)], precomp[x+(y<<2)], modulus, mp)) != CRYPT_OK) { goto ERR_MU; } |
128 } | 126 } |
129 } | 127 } |
130 | 128 |
131 nibble = 3; | 129 nibble = 3; |
132 first = 1; | 130 first = 1; |
133 bitbufA = tA[0]; | 131 bitbufA = tA[0]; |
134 bitbufB = tB[0]; | 132 bitbufB = tB[0]; |
135 | 133 |
136 /* for every byte of the multiplicands */ | 134 /* for every byte of the multiplicands */ |
137 for (x = -1;; ) { | 135 for (x = 0;; ) { |
138 /* grab a nibble */ | 136 /* grab a nibble */ |
139 if (++nibble == 4) { | 137 if (++nibble == 4) { |
140 ++x; if (x == len) break; | 138 if (x == len) break; |
141 bitbufA = tA[x]; | 139 bitbufA = tA[x]; |
142 bitbufB = tB[x]; | 140 bitbufB = tB[x]; |
143 nibble = 0; | 141 nibble = 0; |
142 ++x; | |
144 } | 143 } |
145 | 144 |
146 /* extract two bits from both, shift/update */ | 145 /* extract two bits from both, shift/update */ |
147 nA = (bitbufA >> 6) & 0x03; | 146 nA = (bitbufA >> 6) & 0x03; |
148 nB = (bitbufB >> 6) & 0x03; | 147 nB = (bitbufB >> 6) & 0x03; |
149 bitbufA = (bitbufA << 2) & 0xFF; | 148 bitbufA = (bitbufA << 2) & 0xFF; |
150 bitbufB = (bitbufB << 2) & 0xFF; | 149 bitbufB = (bitbufB << 2) & 0xFF; |
151 | 150 |
152 /* if both zero, if first, continue */ | 151 /* if both zero, if first, continue */ |
153 if ((nA == 0) && (nB == 0) && (first == 1)) { | 152 if ((nA == 0) && (nB == 0) && (first == 1)) { |
154 continue; | 153 continue; |
155 } | 154 } |
200 } | 199 } |
201 | 200 |
202 #endif | 201 #endif |
203 #endif | 202 #endif |
204 | 203 |
205 /* $Source$ */ | 204 /* ref: $Format:%D$ */ |
206 /* $Revision$ */ | 205 /* git commit: $Format:%H$ */ |
207 /* $Date$ */ | 206 /* commit time: $Format:%ai$ */ |