source-git / gnutls

Clone
Source Code
GIT

Blame lib/nettle/ecc/eddsa-sign.c

c8 c8s master
  1.   4684c19e6b623dac0517d3f3ac8f576d6fbfd0bb
  2.   lib
  3.   nettle
  4.   ecc
  5.   eddsa-sign.c
Blob History Raw
Packit Service 4684c1 
/* eddsa-sign.c
Packit Service 4684c1
Packit Service 4684c1 
   Copyright (C) 2014 Niels Möller
Packit Service 4684c1
Packit Service 4684c1 
   This file is part of GNU Nettle.
Packit Service 4684c1
Packit Service 4684c1 
   GNU Nettle is free software: you can redistribute it and/or
Packit Service 4684c1 
   modify it under the terms of either:
Packit Service 4684c1
Packit Service 4684c1 
     * the GNU Lesser General Public License as published by the Free
Packit Service 4684c1 
       Software Foundation; either version 3 of the License, or (at your
Packit Service 4684c1 
       option) any later version.
Packit Service 4684c1
Packit Service 4684c1 
   or
Packit Service 4684c1
Packit Service 4684c1 
     * the GNU General Public License as published by the Free
Packit Service 4684c1 
       Software Foundation; either version 2 of the License, or (at your
Packit Service 4684c1 
       option) any later version.
Packit Service 4684c1
Packit Service 4684c1 
   or both in parallel, as here.
Packit Service 4684c1
Packit Service 4684c1 
   GNU Nettle is distributed in the hope that it will be useful,
Packit Service 4684c1 
   but WITHOUT ANY WARRANTY; without even the implied warranty of
Packit Service 4684c1 
   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
Packit Service 4684c1 
   General Public License for more details.
Packit Service 4684c1
Packit Service 4684c1 
   You should have received copies of the GNU General Public License and
Packit Service 4684c1 
   the GNU Lesser General Public License along with this program.  If
Packit Service 4684c1 
   not, see http://www.gnu.org/licenses/.
Packit Service 4684c1 
*/
Packit Service 4684c1
Packit Service 4684c1 
#if HAVE_CONFIG_H
Packit Service 4684c1 
# include "config.h"
Packit Service 4684c1 
#endif
Packit Service 4684c1
Packit Service 4684c1 
#include <assert.h>
Packit Service 4684c1
Packit Service 4684c1 
#include "eddsa.h"
Packit Service 4684c1 
#include "eddsa-internal.h"
Packit Service 4684c1
Packit Service 4684c1 
#include <nettle/ecc.h>
Packit Service 4684c1 
#include "ecc-internal.h"
Packit Service 4684c1 
#include <nettle/nettle-meta.h>
Packit Service 4684c1
Packit Service 4684c1 
mp_size_t
Packit Service 4684c1 
_eddsa_sign_itch (const struct ecc_curve *ecc)
Packit Service 4684c1 
{
Packit Service 4684c1 
  assert (_eddsa_compress_itch (ecc) <= ecc->mul_g_itch);
Packit Service 4684c1 
  return 5*ecc->p.size + ecc->mul_g_itch;
Packit Service 4684c1 
}
Packit Service 4684c1
Packit Service 4684c1 
void
Packit Service 4684c1 
_eddsa_sign (const struct ecc_curve *ecc,
Packit Service 4684c1 
	     const struct ecc_eddsa *eddsa,
Packit Service 4684c1 
	     void *ctx,
Packit Service 4684c1 
	     const uint8_t *pub,
Packit Service 4684c1 
	     const uint8_t *k1,
Packit Service 4684c1 
	     const mp_limb_t *k2,
Packit Service 4684c1 
	     size_t length,
Packit Service 4684c1 
	     const uint8_t *msg,
Packit Service 4684c1 
	     uint8_t *signature,
Packit Service 4684c1 
	     mp_limb_t *scratch)
Packit Service 4684c1 
{
Packit Service 4684c1 
  mp_size_t size;
Packit Service 4684c1 
  size_t nbytes;
Packit Service 4684c1 
  mp_limb_t q, cy;
Packit Service 4684c1
Packit Service 4684c1 
#define rp scratch
Packit Service 4684c1 
#define hp (scratch + size)
Packit Service 4684c1 
#define P (scratch + 2*size)
Packit Service 4684c1 
#define sp (scratch + 2*size)
Packit Service 4684c1 
#define hash ((uint8_t *) (scratch + 3*size))
Packit Service 4684c1 
#define scratch_out (scratch + 5*size)
Packit Service 4684c1
Packit Service 4684c1 
  size = ecc->p.size;
Packit Service 4684c1 
  nbytes = 1 + ecc->p.bit_size / 8;
Packit Service 4684c1
Packit Service 4684c1 
  eddsa->dom (ctx);
Packit Service 4684c1 
  eddsa->update (ctx, nbytes, k1);
Packit Service 4684c1 
  eddsa->update (ctx, length, msg);
Packit Service 4684c1 
  eddsa->digest (ctx, 2*nbytes, hash);
Packit Service 4684c1 
  _eddsa_hash (&ecc->q, rp, 2*nbytes, hash);
Packit Service 4684c1
Packit Service 4684c1 
  ecc->mul_g (ecc, P, rp, scratch_out);
Packit Service 4684c1 
  _eddsa_compress (ecc, signature, P, scratch_out);
Packit Service 4684c1
Packit Service 4684c1 
  eddsa->dom (ctx);
Packit Service 4684c1 
  eddsa->update (ctx, nbytes, signature);
Packit Service 4684c1 
  eddsa->update (ctx, nbytes, pub);
Packit Service 4684c1 
  eddsa->update (ctx, length, msg);
Packit Service 4684c1 
  eddsa->digest (ctx, 2*nbytes, hash);
Packit Service 4684c1 
  _eddsa_hash (&ecc->q, hp, 2*nbytes, hash);
Packit Service 4684c1
Packit Service 4684c1 
  ecc_mod_mul (&ecc->q, sp, hp, k2);
Packit Service 4684c1 
  ecc_mod_add (&ecc->q, sp, sp, rp); /* FIXME: Can be plain add */
Packit Service 4684c1 
  if (ecc->p.bit_size == 255)
Packit Service 4684c1 
    {
Packit Service 4684c1 
      /* FIXME: Special code duplicated in ecc_curve25519_modq
Packit Service 4684c1 
	 Define a suitable method for canonical reduction? */
Packit Service 4684c1
Packit Service 4684c1 
      /* q is slightly larger than 2^252, underflow from below
Packit Service 4684c1 
	 mpn_submul_1 is unlikely. */
Packit Service 4684c1 
      unsigned shift = 252 - GMP_NUMB_BITS * (ecc->p.size - 1);
Packit Service 4684c1 
      q = sp[ecc->p.size-1] >> shift;
Packit Service 4684c1 
    }
Packit Service 4684c1 
  else
Packit Service 4684c1 
    {
Packit Service 4684c1 
      unsigned shift;
Packit Service 4684c1
Packit Service 4684c1 
      assert (ecc->p.bit_size == 448);
Packit Service 4684c1 
      /* q is slightly smaller than 2^446 */
Packit Service 4684c1 
      shift = 446 - GMP_NUMB_BITS * (ecc->p.size - 1);
Packit Service 4684c1 
      /* Add one, then it's possible but unlikely that below
Packit Service 4684c1 
	 mpn_submul_1 does *not* underflow. */
Packit Service 4684c1 
      q = (sp[ecc->p.size-1] >> shift) + 1;
Packit Service 4684c1 
    }
Packit Service 4684c1
Packit Service 4684c1 
  cy = mpn_submul_1 (sp, ecc->q.m, ecc->p.size, q);
Packit Service 4684c1 
  assert (cy < 2);
Packit Service 4684c1 
  cy -= cnd_add_n (cy, sp, ecc->q.m, ecc->p.size);
Packit Service 4684c1 
  assert (cy == 0);
Packit Service 4684c1
Packit Service 4684c1 
  mpn_get_base256_le (signature + nbytes, nbytes, sp, ecc->q.size);
Packit Service 4684c1 
#undef rp
Packit Service 4684c1 
#undef hp
Packit Service 4684c1 
#undef P
Packit Service 4684c1 
#undef sp
Packit Service 4684c1 
#undef hash
Packit Service 4684c1 
}

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation