comparison libtomcrypt/src/pk/ecc/ltc_ecc_mulmod_timing.c @ 478:d4f32c3443ac dbclient-netcat-alike

propagate from branch 'au.asn.ucc.matt.dropbear' (head f21045c791002d81fc6b8dde6537ea481e513eb2) to branch 'au.asn.ucc.matt.dropbear.dbclient-netcat-alike' (head d1f69334581dc4c35f9ca16aa5355074c9dd315d)
author Matt Johnston <matt@ucc.asn.au>
date Sun, 14 Sep 2008 06:47:51 +0000
parents 0cbe8f6dbf9e
children 0e1465709336
comparison
equal deleted inserted replaced
296:6b41e2cbf071 478:d4f32c3443ac
1 /* LibTomCrypt, modular cryptographic library -- Tom St Denis
2 *
3 * LibTomCrypt is a library that provides various cryptographic
4 * algorithms in a highly modular and flexible manner.
5 *
6 * The library is free for all purposes without any express
7 * guarantee it works.
8 *
9 * Tom St Denis, [email protected], http://libtomcrypt.com
10 */
11
12 /* Implements ECC over Z/pZ for curve y^2 = x^3 - 3x + b
13 *
14 * All curves taken from NIST recommendation paper of July 1999
15 * Available at http://csrc.nist.gov/cryptval/dss.htm
16 */
17 #include "tomcrypt.h"
18
19 /**
20 @file ltc_ecc_mulmod_timing.c
21 ECC Crypto, Tom St Denis
22 */
23
24 #ifdef MECC
25
26 #ifdef LTC_ECC_TIMING_RESISTANT
27
28 /**
29 Perform a point multiplication (timing resistant)
30 @param k The scalar to multiply by
31 @param G The base point
32 @param R [out] Destination for kG
33 @param modulus The modulus of the field the ECC curve is in
34 @param map Boolean whether to map back to affine or not (1==map, 0 == leave in projective)
35 @return CRYPT_OK on success
36 */
37 int ltc_ecc_mulmod(void *k, ecc_point *G, ecc_point *R, void *modulus, int map)
38 {
39 ecc_point *tG, *M[3];
40 int i, j, err;
41 void *mu, *mp;
42 unsigned long buf;
43 int first, bitbuf, bitcpy, bitcnt, mode, digidx;
44
45 LTC_ARGCHK(k != NULL);
46 LTC_ARGCHK(G != NULL);
47 LTC_ARGCHK(R != NULL);
48 LTC_ARGCHK(modulus != NULL);
49
50 /* init montgomery reduction */
51 if ((err = mp_montgomery_setup(modulus, &mp)) != CRYPT_OK) {
52 return err;
53 }
54 if ((err = mp_init(&mu)) != CRYPT_OK) {
55 mp_montgomery_free(mp);
56 return err;
57 }
58 if ((err = mp_montgomery_normalization(mu, modulus)) != CRYPT_OK) {
59 mp_clear(mu);
60 mp_montgomery_free(mp);
61 return err;
62 }
63
64 /* alloc ram for window temps */
65 for (i = 0; i < 3; i++) {
66 M[i] = ltc_ecc_new_point();
67 if (M[i] == NULL) {
68 for (j = 0; j < i; j++) {
69 ltc_ecc_del_point(M[j]);
70 }
71 mp_clear(mu);
72 mp_montgomery_free(mp);
73 return CRYPT_MEM;
74 }
75 }
76
77 /* make a copy of G incase R==G */
78 tG = ltc_ecc_new_point();
79 if (tG == NULL) { err = CRYPT_MEM; goto done; }
80
81 /* tG = G and convert to montgomery */
82 if ((err = mp_mulmod(G->x, mu, modulus, tG->x)) != CRYPT_OK) { goto done; }
83 if ((err = mp_mulmod(G->y, mu, modulus, tG->y)) != CRYPT_OK) { goto done; }
84 if ((err = mp_mulmod(G->z, mu, modulus, tG->z)) != CRYPT_OK) { goto done; }
85 mp_clear(mu);
86 mu = NULL;
87
88 /* calc the M tab */
89 /* M[0] == G */
90 if ((err = mp_copy(tG->x, M[0]->x)) != CRYPT_OK) { goto done; }
91 if ((err = mp_copy(tG->y, M[0]->y)) != CRYPT_OK) { goto done; }
92 if ((err = mp_copy(tG->z, M[0]->z)) != CRYPT_OK) { goto done; }
93 /* M[1] == 2G */
94 if ((err = ltc_mp.ecc_ptdbl(tG, M[1], modulus, mp)) != CRYPT_OK) { goto done; }
95
96 /* setup sliding window */
97 mode = 0;
98 bitcnt = 1;
99 buf = 0;
100 digidx = mp_get_digit_count(k) - 1;
101 bitcpy = bitbuf = 0;
102 first = 1;
103
104 /* perform ops */
105 for (;;) {
106 /* grab next digit as required */
107 if (--bitcnt == 0) {
108 if (digidx == -1) {
109 break;
110 }
111 buf = mp_get_digit(k, digidx);
112 bitcnt = (int) MP_DIGIT_BIT;
113 --digidx;
114 }
115
116 /* grab the next msb from the ltiplicand */
117 i = (buf >> (MP_DIGIT_BIT - 1)) & 1;
118 buf <<= 1;
119
120 if (mode == 0 && i == 0) {
121 /* dummy operations */
122 if ((err = ltc_mp.ecc_ptadd(M[0], M[1], M[2], modulus, mp)) != CRYPT_OK) { goto done; }
123 if ((err = ltc_mp.ecc_ptdbl(M[1], M[2], modulus, mp)) != CRYPT_OK) { goto done; }
124 continue;
125 }
126
127 if (mode == 0 && i == 1) {
128 mode = 1;
129 /* dummy operations */
130 if ((err = ltc_mp.ecc_ptadd(M[0], M[1], M[2], modulus, mp)) != CRYPT_OK) { goto done; }
131 if ((err = ltc_mp.ecc_ptdbl(M[1], M[2], modulus, mp)) != CRYPT_OK) { goto done; }
132 continue;
133 }
134
135 if ((err = ltc_mp.ecc_ptadd(M[0], M[1], M[i^1], modulus, mp)) != CRYPT_OK) { goto done; }
136 if ((err = ltc_mp.ecc_ptdbl(M[i], M[i], modulus, mp)) != CRYPT_OK) { goto done; }
137 }
138
139 /* copy result out */
140 if ((err = mp_copy(M[0]->x, R->x)) != CRYPT_OK) { goto done; }
141 if ((err = mp_copy(M[0]->y, R->y)) != CRYPT_OK) { goto done; }
142 if ((err = mp_copy(M[0]->z, R->z)) != CRYPT_OK) { goto done; }
143
144 /* map R back from projective space */
145 if (map) {
146 err = ltc_ecc_map(R, modulus, mp);
147 } else {
148 err = CRYPT_OK;
149 }
150 done:
151 if (mu != NULL) {
152 mp_clear(mu);
153 }
154 mp_montgomery_free(mp);
155 ltc_ecc_del_point(tG);
156 for (i = 0; i < 3; i++) {
157 ltc_ecc_del_point(M[i]);
158 }
159 return err;
160 }
161
162 #endif
163 #endif
164 /* $Source: /cvs/libtom/libtomcrypt/src/pk/ecc/ltc_ecc_mulmod_timing.c,v $ */
165 /* $Revision: 1.11 $ */
166 /* $Date: 2006/12/04 22:17:46 $ */
167