source-git / mingw-nss

Clone
Source Code
GIT

Blame nss/lib/freebl/ecl/ecl.c

c8 master
  1.   40b132218b73cfd0c4df769a56c7adbc1a7a53ce
  2.   nss
  3.   lib
  4.   freebl
  5.   ecl
  6.   ecl.c
Blob History Raw
Packit 40b132 
/* This Source Code Form is subject to the terms of the Mozilla Public
Packit 40b132 
 * License, v. 2.0. If a copy of the MPL was not distributed with this
Packit 40b132 
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
Packit 40b132
Packit 40b132 
#include "mpi.h"
Packit 40b132 
#include "mplogic.h"
Packit 40b132 
#include "ecl.h"
Packit 40b132 
#include "ecl-priv.h"
Packit 40b132 
#include "ec2.h"
Packit 40b132 
#include "ecp.h"
Packit 40b132 
#include <stdlib.h>
Packit 40b132 
#include <string.h>
Packit 40b132
Packit 40b132 
/* Allocate memory for a new ECGroup object. */
Packit 40b132 
ECGroup *
Packit 40b132 
ECGroup_new()
Packit 40b132 
{
Packit 40b132 
	mp_err res = MP_OKAY;
Packit 40b132 
	ECGroup *group;
Packit 40b132 
	group = (ECGroup *) malloc(sizeof(ECGroup));
Packit 40b132 
	if (group == NULL)
Packit 40b132 
		return NULL;
Packit 40b132 
	group->constructed = MP_YES;
Packit 40b132 
        group->meth = NULL;
Packit 40b132 
	group->text = NULL;
Packit 40b132 
	MP_DIGITS(&group->curvea) = 0;
Packit 40b132 
	MP_DIGITS(&group->curveb) = 0;
Packit 40b132 
	MP_DIGITS(&group->genx) = 0;
Packit 40b132 
	MP_DIGITS(&group->geny) = 0;
Packit 40b132 
	MP_DIGITS(&group->order) = 0;
Packit 40b132 
	group->base_point_mul = NULL;
Packit 40b132 
	group->points_mul = NULL;
Packit 40b132 
	group->validate_point = NULL;
Packit 40b132 
	group->extra1 = NULL;
Packit 40b132 
	group->extra2 = NULL;
Packit 40b132 
	group->extra_free = NULL;
Packit 40b132 
	MP_CHECKOK(mp_init(&group->curvea));
Packit 40b132 
	MP_CHECKOK(mp_init(&group->curveb));
Packit 40b132 
	MP_CHECKOK(mp_init(&group->genx));
Packit 40b132 
	MP_CHECKOK(mp_init(&group->geny));
Packit 40b132 
	MP_CHECKOK(mp_init(&group->order));
Packit 40b132
Packit 40b132 
  CLEANUP:
Packit 40b132 
	if (res != MP_OKAY) {
Packit 40b132 
		ECGroup_free(group);
Packit 40b132 
		return NULL;
Packit 40b132 
	}
Packit 40b132 
	return group;
Packit 40b132 
}
Packit 40b132
Packit 40b132 
/* Construct a generic ECGroup for elliptic curves over prime fields. */
Packit 40b132 
ECGroup *
Packit 40b132 
ECGroup_consGFp(const mp_int *irr, const mp_int *curvea,
Packit 40b132 
				const mp_int *curveb, const mp_int *genx,
Packit 40b132 
				const mp_int *geny, const mp_int *order, int cofactor)
Packit 40b132 
{
Packit 40b132 
	mp_err res = MP_OKAY;
Packit 40b132 
	ECGroup *group = NULL;
Packit 40b132
Packit 40b132 
	group = ECGroup_new();
Packit 40b132 
	if (group == NULL)
Packit 40b132 
		return NULL;
Packit 40b132
Packit 40b132 
	group->meth = GFMethod_consGFp(irr);
Packit 40b132 
	if (group->meth == NULL) {
Packit 40b132 
		res = MP_MEM;
Packit 40b132 
		goto CLEANUP;
Packit 40b132 
	}
Packit 40b132 
	MP_CHECKOK(mp_copy(curvea, &group->curvea));
Packit 40b132 
	MP_CHECKOK(mp_copy(curveb, &group->curveb));
Packit 40b132 
	MP_CHECKOK(mp_copy(genx, &group->genx));
Packit 40b132 
	MP_CHECKOK(mp_copy(geny, &group->geny));
Packit 40b132 
	MP_CHECKOK(mp_copy(order, &group->order));
Packit 40b132 
	group->cofactor = cofactor;
Packit 40b132 
	group->point_add = &ec_GFp_pt_add_aff;
Packit 40b132 
	group->point_sub = &ec_GFp_pt_sub_aff;
Packit 40b132 
	group->point_dbl = &ec_GFp_pt_dbl_aff;
Packit 40b132 
	group->point_mul = &ec_GFp_pt_mul_jm_wNAF;
Packit 40b132 
	group->base_point_mul = NULL;
Packit 40b132 
	group->points_mul = &ec_GFp_pts_mul_jac;
Packit 40b132 
	group->validate_point = &ec_GFp_validate_point;
Packit 40b132
Packit 40b132 
  CLEANUP:
Packit 40b132 
	if (res != MP_OKAY) {
Packit 40b132 
		ECGroup_free(group);
Packit 40b132 
		return NULL;
Packit 40b132 
	}
Packit 40b132 
	return group;
Packit 40b132 
}
Packit 40b132
Packit 40b132 
/* Construct a generic ECGroup for elliptic curves over prime fields with
Packit 40b132 
 * field arithmetic implemented in Montgomery coordinates. */
Packit 40b132 
ECGroup *
Packit 40b132 
ECGroup_consGFp_mont(const mp_int *irr, const mp_int *curvea,
Packit 40b132 
					 const mp_int *curveb, const mp_int *genx,
Packit 40b132 
					 const mp_int *geny, const mp_int *order, int cofactor)
Packit 40b132 
{
Packit 40b132 
	mp_err res = MP_OKAY;
Packit 40b132 
	ECGroup *group = NULL;
Packit 40b132
Packit 40b132 
	group = ECGroup_new();
Packit 40b132 
	if (group == NULL)
Packit 40b132 
		return NULL;
Packit 40b132
Packit 40b132 
	group->meth = GFMethod_consGFp_mont(irr);
Packit 40b132 
	if (group->meth == NULL) {
Packit 40b132 
		res = MP_MEM;
Packit 40b132 
		goto CLEANUP;
Packit 40b132 
	}
Packit 40b132 
	MP_CHECKOK(group->meth->
Packit 40b132 
			   field_enc(curvea, &group->curvea, group->meth));
Packit 40b132 
	MP_CHECKOK(group->meth->
Packit 40b132 
			   field_enc(curveb, &group->curveb, group->meth));
Packit 40b132 
	MP_CHECKOK(group->meth->field_enc(genx, &group->genx, group->meth));
Packit 40b132 
	MP_CHECKOK(group->meth->field_enc(geny, &group->geny, group->meth));
Packit 40b132 
	MP_CHECKOK(mp_copy(order, &group->order));
Packit 40b132 
	group->cofactor = cofactor;
Packit 40b132 
	group->point_add = &ec_GFp_pt_add_aff;
Packit 40b132 
	group->point_sub = &ec_GFp_pt_sub_aff;
Packit 40b132 
	group->point_dbl = &ec_GFp_pt_dbl_aff;
Packit 40b132 
	group->point_mul = &ec_GFp_pt_mul_jm_wNAF;
Packit 40b132 
	group->base_point_mul = NULL;
Packit 40b132 
	group->points_mul = &ec_GFp_pts_mul_jac;
Packit 40b132 
	group->validate_point = &ec_GFp_validate_point;
Packit 40b132
Packit 40b132 
  CLEANUP:
Packit 40b132 
	if (res != MP_OKAY) {
Packit 40b132 
		ECGroup_free(group);
Packit 40b132 
		return NULL;
Packit 40b132 
	}
Packit 40b132 
	return group;
Packit 40b132 
}
Packit 40b132
Packit 40b132 
#ifdef NSS_ECC_MORE_THAN_SUITE_B
Packit 40b132 
/* Construct a generic ECGroup for elliptic curves over binary polynomial
Packit 40b132 
 * fields. */
Packit 40b132 
ECGroup *
Packit 40b132 
ECGroup_consGF2m(const mp_int *irr, const unsigned int irr_arr[5],
Packit 40b132 
				 const mp_int *curvea, const mp_int *curveb,
Packit 40b132 
				 const mp_int *genx, const mp_int *geny,
Packit 40b132 
				 const mp_int *order, int cofactor)
Packit 40b132 
{
Packit 40b132 
	mp_err res = MP_OKAY;
Packit 40b132 
	ECGroup *group = NULL;
Packit 40b132
Packit 40b132 
	group = ECGroup_new();
Packit 40b132 
	if (group == NULL)
Packit 40b132 
		return NULL;
Packit 40b132
Packit 40b132 
	group->meth = GFMethod_consGF2m(irr, irr_arr);
Packit 40b132 
	if (group->meth == NULL) {
Packit 40b132 
		res = MP_MEM;
Packit 40b132 
		goto CLEANUP;
Packit 40b132 
	}
Packit 40b132 
	MP_CHECKOK(mp_copy(curvea, &group->curvea));
Packit 40b132 
	MP_CHECKOK(mp_copy(curveb, &group->curveb));
Packit 40b132 
	MP_CHECKOK(mp_copy(genx, &group->genx));
Packit 40b132 
	MP_CHECKOK(mp_copy(geny, &group->geny));
Packit 40b132 
	MP_CHECKOK(mp_copy(order, &group->order));
Packit 40b132 
	group->cofactor = cofactor;
Packit 40b132 
	group->point_add = &ec_GF2m_pt_add_aff;
Packit 40b132 
	group->point_sub = &ec_GF2m_pt_sub_aff;
Packit 40b132 
	group->point_dbl = &ec_GF2m_pt_dbl_aff;
Packit 40b132 
	group->point_mul = &ec_GF2m_pt_mul_mont;
Packit 40b132 
	group->base_point_mul = NULL;
Packit 40b132 
	group->points_mul = &ec_pts_mul_basic;
Packit 40b132 
	group->validate_point = &ec_GF2m_validate_point;
Packit 40b132
Packit 40b132 
  CLEANUP:
Packit 40b132 
	if (res != MP_OKAY) {
Packit 40b132 
		ECGroup_free(group);
Packit 40b132 
		return NULL;
Packit 40b132 
	}
Packit 40b132 
	return group;
Packit 40b132 
}
Packit 40b132 
#endif
Packit 40b132
Packit 40b132 
/* Construct ECGroup from hex parameters and name, if any. Called by
Packit 40b132 
 * ECGroup_fromHex and ECGroup_fromName. */
Packit 40b132 
ECGroup *
Packit 40b132 
ecgroup_fromNameAndHex(const ECCurveName name,
Packit 40b132 
					   const ECCurveParams * params)
Packit 40b132 
{
Packit 40b132 
	mp_int irr, curvea, curveb, genx, geny, order;
Packit 40b132 
	int bits;
Packit 40b132 
	ECGroup *group = NULL;
Packit 40b132 
	mp_err res = MP_OKAY;
Packit 40b132
Packit 40b132 
	/* initialize values */
Packit 40b132 
	MP_DIGITS(&irr) = 0;
Packit 40b132 
	MP_DIGITS(&curvea) = 0;
Packit 40b132 
	MP_DIGITS(&curveb) = 0;
Packit 40b132 
	MP_DIGITS(&genx) = 0;
Packit 40b132 
	MP_DIGITS(&geny) = 0;
Packit 40b132 
	MP_DIGITS(&order) = 0;
Packit 40b132 
	MP_CHECKOK(mp_init(&irr));
Packit 40b132 
	MP_CHECKOK(mp_init(&curvea);;
Packit 40b132 
	MP_CHECKOK(mp_init(&curveb));
Packit 40b132 
	MP_CHECKOK(mp_init(&genx));
Packit 40b132 
	MP_CHECKOK(mp_init(&geny));
Packit 40b132 
	MP_CHECKOK(mp_init(&order);;
Packit 40b132 
	MP_CHECKOK(mp_read_radix(&irr, params->irr, 16));
Packit 40b132 
	MP_CHECKOK(mp_read_radix(&curvea, params->curvea, 16));
Packit 40b132 
	MP_CHECKOK(mp_read_radix(&curveb, params->curveb, 16));
Packit 40b132 
	MP_CHECKOK(mp_read_radix(&genx, params->genx, 16));
Packit 40b132 
	MP_CHECKOK(mp_read_radix(&geny, params->geny, 16));
Packit 40b132 
	MP_CHECKOK(mp_read_radix(&order, params->order, 16));
Packit 40b132
Packit 40b132 
	/* determine number of bits */
Packit 40b132 
	bits = mpl_significant_bits(&irr) - 1;
Packit 40b132 
	if (bits < MP_OKAY) {
Packit 40b132 
		res = bits;
Packit 40b132 
		goto CLEANUP;
Packit 40b132 
	}
Packit 40b132
Packit 40b132 
	/* determine which optimizations (if any) to use */
Packit 40b132 
	if (params->field == ECField_GFp) {
Packit 40b132 
	    switch (name) {
Packit 40b132 
#ifdef NSS_ECC_MORE_THAN_SUITE_B
Packit 40b132 
#ifdef ECL_USE_FP
Packit 40b132 
		case ECCurve_SECG_PRIME_160R1:
Packit 40b132 
			group =
Packit 40b132 
				ECGroup_consGFp(&irr, &curvea, &curveb, &genx, &geny,
Packit 40b132 
								&order, params->cofactor);
Packit 40b132 
			if (group == NULL) { res = MP_UNDEF; goto CLEANUP; }
Packit 40b132 
			MP_CHECKOK(ec_group_set_secp160r1_fp(group));
Packit 40b132 
			break;
Packit 40b132 
#endif
Packit 40b132 
		case ECCurve_SECG_PRIME_192R1:
Packit 40b132 
#ifdef ECL_USE_FP
Packit 40b132 
			group =
Packit 40b132 
				ECGroup_consGFp(&irr, &curvea, &curveb, &genx, &geny,
Packit 40b132 
								&order, params->cofactor);
Packit 40b132 
			if (group == NULL) { res = MP_UNDEF; goto CLEANUP; }
Packit 40b132 
			MP_CHECKOK(ec_group_set_nistp192_fp(group));
Packit 40b132 
#else
Packit 40b132 
			group =
Packit 40b132 
				ECGroup_consGFp(&irr, &curvea, &curveb, &genx, &geny,
Packit 40b132 
								&order, params->cofactor);
Packit 40b132 
			if (group == NULL) { res = MP_UNDEF; goto CLEANUP; }
Packit 40b132 
			MP_CHECKOK(ec_group_set_gfp192(group, name));
Packit 40b132 
#endif
Packit 40b132 
			break;
Packit 40b132 
		case ECCurve_SECG_PRIME_224R1:
Packit 40b132 
#ifdef ECL_USE_FP
Packit 40b132 
			group =
Packit 40b132 
				ECGroup_consGFp(&irr, &curvea, &curveb, &genx, &geny,
Packit 40b132 
								&order, params->cofactor);
Packit 40b132 
			if (group == NULL) { res = MP_UNDEF; goto CLEANUP; }
Packit 40b132 
			MP_CHECKOK(ec_group_set_nistp224_fp(group));
Packit 40b132 
#else
Packit 40b132 
			group =
Packit 40b132 
				ECGroup_consGFp(&irr, &curvea, &curveb, &genx, &geny,
Packit 40b132 
								&order, params->cofactor);
Packit 40b132 
			if (group == NULL) { res = MP_UNDEF; goto CLEANUP; }
Packit 40b132 
			MP_CHECKOK(ec_group_set_gfp224(group, name));
Packit 40b132 
#endif
Packit 40b132 
			break;
Packit 40b132 
#endif /* NSS_ECC_MORE_THAN_SUITE_B */
Packit 40b132 
		case ECCurve_SECG_PRIME_256R1:
Packit 40b132 
			group =
Packit 40b132 
				ECGroup_consGFp(&irr, &curvea, &curveb, &genx, &geny,
Packit 40b132 
								&order, params->cofactor);
Packit 40b132 
			if (group == NULL) { res = MP_UNDEF; goto CLEANUP; }
Packit 40b132 
			MP_CHECKOK(ec_group_set_gfp256(group, name));
Packit 40b132 
			MP_CHECKOK(ec_group_set_gfp256_32(group, name));
Packit 40b132 
			break;
Packit 40b132 
		case ECCurve_SECG_PRIME_521R1:
Packit 40b132 
			group =
Packit 40b132 
				ECGroup_consGFp(&irr, &curvea, &curveb, &genx, &geny,
Packit 40b132 
								&order, params->cofactor);
Packit 40b132 
			if (group == NULL) { res = MP_UNDEF; goto CLEANUP; }
Packit 40b132 
			MP_CHECKOK(ec_group_set_gfp521(group, name));
Packit 40b132 
			break;
Packit 40b132 
		default:
Packit 40b132 
			/* use generic arithmetic */
Packit 40b132 
			group =
Packit 40b132 
				ECGroup_consGFp_mont(&irr, &curvea, &curveb, &genx, &geny,
Packit 40b132 
									 &order, params->cofactor);
Packit 40b132 
			if (group == NULL) { res = MP_UNDEF; goto CLEANUP; }
Packit 40b132 
		}
Packit 40b132 
#ifdef NSS_ECC_MORE_THAN_SUITE_B
Packit 40b132 
	} else if (params->field == ECField_GF2m) {
Packit 40b132 
		group = ECGroup_consGF2m(&irr, NULL, &curvea, &curveb, &genx, &geny, &order, params->cofactor);
Packit 40b132 
		if (group == NULL) { res = MP_UNDEF; goto CLEANUP; }
Packit 40b132 
		if ((name == ECCurve_NIST_K163) ||
Packit 40b132 
		    (name == ECCurve_NIST_B163) ||
Packit 40b132 
		    (name == ECCurve_SECG_CHAR2_163R1)) {
Packit 40b132 
			MP_CHECKOK(ec_group_set_gf2m163(group, name));
Packit 40b132 
		} else if ((name == ECCurve_SECG_CHAR2_193R1) ||
Packit 40b132 
		           (name == ECCurve_SECG_CHAR2_193R2)) {
Packit 40b132 
			MP_CHECKOK(ec_group_set_gf2m193(group, name));
Packit 40b132 
		} else if ((name == ECCurve_NIST_K233) ||
Packit 40b132 
		           (name == ECCurve_NIST_B233)) {
Packit 40b132 
			MP_CHECKOK(ec_group_set_gf2m233(group, name));
Packit 40b132 
		}
Packit 40b132 
#endif
Packit 40b132 
	} else {
Packit 40b132 
		res = MP_UNDEF;
Packit 40b132 
		goto CLEANUP;
Packit 40b132 
	}
Packit 40b132
Packit 40b132 
	/* set name, if any */
Packit 40b132 
	if ((group != NULL) && (params->text != NULL)) {
Packit 40b132 
		group->text = strdup(params->text);
Packit 40b132 
		if (group->text == NULL) {
Packit 40b132 
			res = MP_MEM;
Packit 40b132 
		}
Packit 40b132 
	}
Packit 40b132
Packit 40b132 
  CLEANUP:
Packit 40b132 
	mp_clear(&irr);
Packit 40b132 
	mp_clear(&curvea);
Packit 40b132 
	mp_clear(&curveb;;
Packit 40b132 
	mp_clear(&genx);
Packit 40b132 
	mp_clear(&geny);
Packit 40b132 
	mp_clear(&order);
Packit 40b132 
	if (res != MP_OKAY) {
Packit 40b132 
		ECGroup_free(group);
Packit 40b132 
		return NULL;
Packit 40b132 
	}
Packit 40b132 
	return group;
Packit 40b132 
}
Packit 40b132
Packit 40b132 
/* Construct ECGroup from hexadecimal representations of parameters. */
Packit 40b132 
ECGroup *
Packit 40b132 
ECGroup_fromHex(const ECCurveParams * params)
Packit 40b132 
{
Packit 40b132 
	return ecgroup_fromNameAndHex(ECCurve_noName, params);
Packit 40b132 
}
Packit 40b132
Packit 40b132 
/* Construct ECGroup from named parameters. */
Packit 40b132 
ECGroup *
Packit 40b132 
ECGroup_fromName(const ECCurveName name)
Packit 40b132 
{
Packit 40b132 
	ECGroup *group = NULL;
Packit 40b132 
	ECCurveParams *params = NULL;
Packit 40b132 
	mp_err res = MP_OKAY;
Packit 40b132
Packit 40b132 
	params = EC_GetNamedCurveParams(name);
Packit 40b132 
	if (params == NULL) {
Packit 40b132 
		res = MP_UNDEF;
Packit 40b132 
		goto CLEANUP;
Packit 40b132 
	}
Packit 40b132
Packit 40b132 
	/* construct actual group */
Packit 40b132 
	group = ecgroup_fromNameAndHex(name, params);
Packit 40b132 
	if (group == NULL) {
Packit 40b132 
		res = MP_UNDEF;
Packit 40b132 
		goto CLEANUP;
Packit 40b132 
	}
Packit 40b132
Packit 40b132 
  CLEANUP:
Packit 40b132 
	EC_FreeCurveParams(params);
Packit 40b132 
	if (res != MP_OKAY) {
Packit 40b132 
		ECGroup_free(group);
Packit 40b132 
		return NULL;
Packit 40b132 
	}
Packit 40b132 
	return group;
Packit 40b132 
}
Packit 40b132
Packit 40b132 
/* Validates an EC public key as described in Section 5.2.2 of X9.62. */
Packit 40b132 
mp_err ECPoint_validate(const ECGroup *group, const mp_int *px, const
Packit 40b132 
					mp_int *py)
Packit 40b132 
{
Packit 40b132 
    /* 1: Verify that publicValue is not the point at infinity */
Packit 40b132 
    /* 2: Verify that the coordinates of publicValue are elements
Packit 40b132 
     *    of the field.
Packit 40b132 
     */
Packit 40b132 
    /* 3: Verify that publicValue is on the curve. */
Packit 40b132 
    /* 4: Verify that the order of the curve times the publicValue
Packit 40b132 
     *    is the point at infinity.
Packit 40b132 
     */
Packit 40b132 
	return group->validate_point(px, py, group);
Packit 40b132 
}
Packit 40b132
Packit 40b132 
/* Free the memory allocated (if any) to an ECGroup object. */
Packit 40b132 
void
Packit 40b132 
ECGroup_free(ECGroup *group)
Packit 40b132 
{
Packit 40b132 
	if (group == NULL)
Packit 40b132 
		return;
Packit 40b132 
	GFMethod_free(group->meth);
Packit 40b132 
	if (group->constructed == MP_NO)
Packit 40b132 
		return;
Packit 40b132 
	mp_clear(&group->curvea);
Packit 40b132 
	mp_clear(&group->curveb);
Packit 40b132 
	mp_clear(&group->genx);
Packit 40b132 
	mp_clear(&group->geny);
Packit 40b132 
	mp_clear(&group->order);
Packit 40b132 
	if (group->text != NULL)
Packit 40b132 
		free(group->text);
Packit 40b132 
	if (group->extra_free != NULL)
Packit 40b132 
		group->extra_free(group);
Packit 40b132 
	free(group);
Packit 40b132 
}

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation