From 471232577795a4b2e27eb84dc552eb3821f3c5cd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Sat, 10 Nov 2012 14:44:24 +0100 Subject: [PATCH] Clarifications in comments; code cosmetics & style --- include/polarssl/ecp.h | 14 +++-- library/ecp.c | 118 +++++++++++++++++++---------------------- 2 files changed, 67 insertions(+), 65 deletions(-) diff --git a/include/polarssl/ecp.h b/include/polarssl/ecp.h index 6a504f1de..a7f6258cb 100644 --- a/include/polarssl/ecp.h +++ b/include/polarssl/ecp.h @@ -55,7 +55,15 @@ ecp_point; * The curves we consider are defined by y^2 = x^3 - 3x + b mod p, * and a generator for a large subgroup is fixed. * - * modp may be NULL; pbits will not be used in this case. + * If modp is NULL, pbits will not be used, and reduction modulo P is + * done using a generic algorithm. + * + * If modp is not NULL, pbits must be the size of P in bits and modp + * must be a function that takes an mpi in the range 0..2^(2*pbits) and + * transforms it in-place in an integer of little more than pbits, so + * that the integer may be efficiently brought in the 0..P range by a + * few additions or substractions. It must return 0 on success and a + * POLARSSL_ERR_ECP_XXX error on failure. */ typedef struct { @@ -77,7 +85,7 @@ ecp_group; * * \warning This library does not support validation of arbitrary domain * parameters. Therefore, only well-known domain parameters from trusted - * sources (such as the ones below) should be used. See ecp_use_known_dp(). + * sources should be used. See ecp_use_known_dp(). */ #define POLARSSL_ECP_DP_SECP192R1 0 #define POLARSSL_ECP_DP_SECP224R1 1 @@ -161,7 +169,7 @@ int ecp_group_read_string( ecp_group *grp, int radix, * \param grp Destination group * \param index Index in the list of well-known domain parameters * - * \return O if successul, + * \return O if successful, * POLARSSL_ERR_MPI_XXX if initialization failed * POLARSSL_ERR_ECP_GENERIC if index is out of range * diff --git a/library/ecp.c b/library/ecp.c index 2fe456f82..574b181db 100644 --- a/library/ecp.c +++ b/library/ecp.c @@ -109,11 +109,11 @@ void ecp_set_zero( ecp_point *pt ) */ int ecp_copy( ecp_point *P, const ecp_point *Q ) { - int ret = 0; + int ret; if( Q->is_zero ) { ecp_set_zero( P ); - return( ret ); + return( 0 ); } P->is_zero = Q->is_zero; @@ -130,7 +130,7 @@ cleanup: int ecp_point_read_string( ecp_point *P, int radix, const char *x, const char *y ) { - int ret = 0; + int ret; P->is_zero = 0; MPI_CHK( mpi_read_string( &P->X, radix, x ) ); @@ -147,7 +147,7 @@ int ecp_group_read_string( ecp_group *grp, int radix, const char *p, const char *b, const char *gx, const char *gy, const char *n) { - int ret = 0; + int ret; MPI_CHK( mpi_read_string( &grp->P, radix, p ) ); MPI_CHK( mpi_read_string( &grp->B, radix, b ) ); @@ -159,15 +159,11 @@ cleanup: } /* - * Wrapper around fast quasi-modp functions, with fallback to mpi_mod_mpi - * - * The quasi-modp functions expect an mpi N such that 0 <= N < 2^(2*pbits) - * and change it in-place so that it can easily be brought in the 0..P-1 - * range by a few additions or substractions. + * Wrapper around fast quasi-modp functions, with fall-back to mpi_mod_mpi */ static int ecp_modp( mpi *N, const ecp_group *grp ) { - int ret = 0; + int ret; if( grp->modp == NULL ) return( mpi_mod_mpi( N, N, &grp->P ) ); @@ -206,7 +202,7 @@ cleanup: */ static int ecp_mod_p521( mpi *N ) { - int ret = 0; + int ret; t_uint Mp[P521_SIZE_INT]; mpi M; @@ -353,13 +349,13 @@ int ecp_use_known_dp( ecp_group *grp, size_t index ) } /* - * Fast mod-p functions expect an argument in the 0 .. p^2 range. + * Fast mod-p functions expect their argument to be in the 0..p^2 range. * - * In order to garantee that, we need to ensure that operands of - * mpi_mul_mpi are in the 0 .. p range. So, after each operation we will + * In order to guarantee that, we need to ensure that operands of + * mpi_mul_mpi are in the 0..p range. So, after each operation we will * bring the result back to this range. * - * The following macros are helpers for that. + * The following macros are shortcuts for doing that. */ /* @@ -412,7 +408,7 @@ static void ecp_ptjac_free( ecp_ptjac *P ) */ static int ecp_ptjac_copy( ecp_ptjac *R, const ecp_ptjac *P ) { - int ret = 0; + int ret; MPI_CHK( mpi_copy( &R->X, &P->X ) ); MPI_CHK( mpi_copy( &R->Y, &P->Y ) ); @@ -427,7 +423,7 @@ cleanup: */ static int ecp_ptjac_set_zero( ecp_ptjac *P ) { - int ret = 0; + int ret; MPI_CHK( mpi_lset( &P->X, 1 ) ); MPI_CHK( mpi_lset( &P->Y, 1 ) ); @@ -442,7 +438,7 @@ cleanup: */ static int ecp_aff_to_jac( ecp_ptjac *jac, const ecp_point *aff ) { - int ret = 0; + int ret; if( aff->is_zero ) return( ecp_ptjac_set_zero( jac ) ); @@ -461,7 +457,7 @@ cleanup: static int ecp_jac_to_aff( const ecp_group *grp, ecp_point *aff, const ecp_ptjac *jac ) { - int ret = 0; + int ret; mpi Zi, ZZi, T; if( mpi_cmp_int( &jac->Z, 0 ) == 0 ) { @@ -499,7 +495,7 @@ cleanup: static int ecp_double_jac( const ecp_group *grp, ecp_ptjac *R, const ecp_ptjac *P ) { - int ret = 0; + int ret; mpi T1, T2, T3, X, Y, Z; if( mpi_cmp_int( &P->Z, 0 ) == 0 ) @@ -508,17 +504,16 @@ static int ecp_double_jac( const ecp_group *grp, ecp_ptjac *R, mpi_init( &T1 ); mpi_init( &T2 ); mpi_init( &T3 ); mpi_init( &X ); mpi_init( &Y ); mpi_init( &Z ); - MPI_CHK( mpi_mul_mpi( &T1, &P->Z, &P->Z ) ); MOD_MUL( T1 ); - MPI_CHK( mpi_sub_mpi( &T2, &P->X, &T1 ) ); MOD_SUB( T2 ); - MPI_CHK( mpi_add_mpi( &T1, &P->X, &T1 ) ); MOD_ADD( T1 ); - MPI_CHK( mpi_mul_mpi( &T2, &T2, &T1 ) ); MOD_MUL( T2 ); - MPI_CHK( mpi_mul_int( &T2, &T2, 3 ) ); MOD_ADD( T2 ); - MPI_CHK( mpi_copy ( &Y, &P->Y ) ); - MPI_CHK( mpi_shift_l( &Y, 1 ) ); MOD_ADD( Y ); - MPI_CHK( mpi_mul_mpi( &Z, &Y, &P->Z ) ); MOD_MUL( Z ); - MPI_CHK( mpi_mul_mpi( &Y, &Y, &Y ) ); MOD_MUL( Y ); - MPI_CHK( mpi_mul_mpi( &T3, &Y, &P->X ) ); MOD_MUL( T3 ); - MPI_CHK( mpi_mul_mpi( &Y, &Y, &Y ) ); MOD_MUL( Y ); + MPI_CHK( mpi_mul_mpi( &T1, &P->Z, &P->Z ) ); MOD_MUL( T1 ); + MPI_CHK( mpi_sub_mpi( &T2, &P->X, &T1 ) ); MOD_SUB( T2 ); + MPI_CHK( mpi_add_mpi( &T1, &P->X, &T1 ) ); MOD_ADD( T1 ); + MPI_CHK( mpi_mul_mpi( &T2, &T2, &T1 ) ); MOD_MUL( T2 ); + MPI_CHK( mpi_mul_int( &T2, &T2, 3 ) ); MOD_ADD( T2 ); + MPI_CHK( mpi_mul_int( &Y, &P->Y, 2 ) ); MOD_ADD( Y ); + MPI_CHK( mpi_mul_mpi( &Z, &Y, &P->Z ) ); MOD_MUL( Z ); + MPI_CHK( mpi_mul_mpi( &Y, &Y, &Y ) ); MOD_MUL( Y ); + MPI_CHK( mpi_mul_mpi( &T3, &Y, &P->X ) ); MOD_MUL( T3 ); + MPI_CHK( mpi_mul_mpi( &Y, &Y, &Y ) ); MOD_MUL( Y ); /* * For Y = Y / 2 mod p, we must make sure that Y is even before @@ -528,13 +523,12 @@ static int ecp_double_jac( const ecp_group *grp, ecp_ptjac *R, MPI_CHK( mpi_add_mpi( &Y, &Y, &grp->P ) ); MPI_CHK( mpi_shift_r( &Y, 1 ) ); - MPI_CHK( mpi_mul_mpi( &X, &T2, &T2 ) ); MOD_MUL( X ); - MPI_CHK( mpi_copy ( &T1, &T3 ) ); - MPI_CHK( mpi_shift_l( &T1, 1 ) ); MOD_ADD( T1 ); - MPI_CHK( mpi_sub_mpi( &X, &X, &T1 ) ); MOD_SUB( X ); - MPI_CHK( mpi_sub_mpi( &T1, &T3, &X ) ); MOD_SUB( T1 ); - MPI_CHK( mpi_mul_mpi( &T1, &T1, &T2 ) ); MOD_MUL( T1 ); - MPI_CHK( mpi_sub_mpi( &Y, &T1, &Y ) ); MOD_SUB( Y ); + MPI_CHK( mpi_mul_mpi( &X, &T2, &T2 ) ); MOD_MUL( X ); + MPI_CHK( mpi_mul_int( &T1, &T3, 2 ) ); MOD_ADD( T1 ); + MPI_CHK( mpi_sub_mpi( &X, &X, &T1 ) ); MOD_SUB( X ); + MPI_CHK( mpi_sub_mpi( &T1, &T3, &X ) ); MOD_SUB( T1 ); + MPI_CHK( mpi_mul_mpi( &T1, &T1, &T2 ) ); MOD_MUL( T1 ); + MPI_CHK( mpi_sub_mpi( &Y, &T1, &Y ) ); MOD_SUB( Y ); MPI_CHK( mpi_copy( &R->X, &X ) ); MPI_CHK( mpi_copy( &R->Y, &Y ) ); @@ -554,7 +548,7 @@ cleanup: static int ecp_add_mixed( const ecp_group *grp, ecp_ptjac *R, const ecp_ptjac *P, const ecp_point *Q ) { - int ret = 0; + int ret; mpi T1, T2, T3, T4, X, Y, Z; /* @@ -569,12 +563,12 @@ static int ecp_add_mixed( const ecp_group *grp, ecp_ptjac *R, mpi_init( &T1 ); mpi_init( &T2 ); mpi_init( &T3 ); mpi_init( &T4 ); mpi_init( &X ); mpi_init( &Y ); mpi_init( &Z ); - MPI_CHK( mpi_mul_mpi( &T1, &P->Z, &P->Z ) ); MOD_MUL( T1 ); - MPI_CHK( mpi_mul_mpi( &T2, &T1, &P->Z ) ); MOD_MUL( T2 ); - MPI_CHK( mpi_mul_mpi( &T1, &T1, &Q->X ) ); MOD_MUL( T1 ); - MPI_CHK( mpi_mul_mpi( &T2, &T2, &Q->Y ) ); MOD_MUL( T2 ); - MPI_CHK( mpi_sub_mpi( &T1, &T1, &P->X ) ); MOD_SUB( T1 ); - MPI_CHK( mpi_sub_mpi( &T2, &T2, &P->Y ) ); MOD_SUB( T2 ); + MPI_CHK( mpi_mul_mpi( &T1, &P->Z, &P->Z ) ); MOD_MUL( T1 ); + MPI_CHK( mpi_mul_mpi( &T2, &T1, &P->Z ) ); MOD_MUL( T2 ); + MPI_CHK( mpi_mul_mpi( &T1, &T1, &Q->X ) ); MOD_MUL( T1 ); + MPI_CHK( mpi_mul_mpi( &T2, &T2, &Q->Y ) ); MOD_MUL( T2 ); + MPI_CHK( mpi_sub_mpi( &T1, &T1, &P->X ) ); MOD_SUB( T1 ); + MPI_CHK( mpi_sub_mpi( &T2, &T2, &P->Y ) ); MOD_SUB( T2 ); if( mpi_cmp_int( &T1, 0 ) == 0 ) { @@ -590,18 +584,18 @@ static int ecp_add_mixed( const ecp_group *grp, ecp_ptjac *R, } } - MPI_CHK( mpi_mul_mpi( &Z, &P->Z, &T1 ) ); MOD_MUL( Z ); - MPI_CHK( mpi_mul_mpi( &T3, &T1, &T1 ) ); MOD_MUL( T3 ); - MPI_CHK( mpi_mul_mpi( &T4, &T3, &T1 ) ); MOD_MUL( T4 ); - MPI_CHK( mpi_mul_mpi( &T3, &T3, &P->X ) ); MOD_MUL( T3 ); - MPI_CHK( mpi_mul_int( &T1, &T3, 2 ) ); MOD_ADD( T1 ); - MPI_CHK( mpi_mul_mpi( &X, &T2, &T2 ) ); MOD_MUL( X ); - MPI_CHK( mpi_sub_mpi( &X, &X, &T1 ) ); MOD_SUB( X ); - MPI_CHK( mpi_sub_mpi( &X, &X, &T4 ) ); MOD_SUB( X ); - MPI_CHK( mpi_sub_mpi( &T3, &T3, &X ) ); MOD_SUB( T3 ); - MPI_CHK( mpi_mul_mpi( &T3, &T3, &T2 ) ); MOD_MUL( T3 ); - MPI_CHK( mpi_mul_mpi( &T4, &T4, &P->Y ) ); MOD_MUL( T4 ); - MPI_CHK( mpi_sub_mpi( &Y, &T3, &T4 ) ); MOD_SUB( Y ); + MPI_CHK( mpi_mul_mpi( &Z, &P->Z, &T1 ) ); MOD_MUL( Z ); + MPI_CHK( mpi_mul_mpi( &T3, &T1, &T1 ) ); MOD_MUL( T3 ); + MPI_CHK( mpi_mul_mpi( &T4, &T3, &T1 ) ); MOD_MUL( T4 ); + MPI_CHK( mpi_mul_mpi( &T3, &T3, &P->X ) ); MOD_MUL( T3 ); + MPI_CHK( mpi_mul_int( &T1, &T3, 2 ) ); MOD_ADD( T1 ); + MPI_CHK( mpi_mul_mpi( &X, &T2, &T2 ) ); MOD_MUL( X ); + MPI_CHK( mpi_sub_mpi( &X, &X, &T1 ) ); MOD_SUB( X ); + MPI_CHK( mpi_sub_mpi( &X, &X, &T4 ) ); MOD_SUB( X ); + MPI_CHK( mpi_sub_mpi( &T3, &T3, &X ) ); MOD_SUB( T3 ); + MPI_CHK( mpi_mul_mpi( &T3, &T3, &T2 ) ); MOD_MUL( T3 ); + MPI_CHK( mpi_mul_mpi( &T4, &T4, &P->Y ) ); MOD_MUL( T4 ); + MPI_CHK( mpi_sub_mpi( &Y, &T3, &T4 ) ); MOD_SUB( Y ); MPI_CHK( mpi_copy( &R->X, &X ) ); MPI_CHK( mpi_copy( &R->Y, &Y ) ); @@ -621,7 +615,7 @@ cleanup: int ecp_add( const ecp_group *grp, ecp_point *R, const ecp_point *P, const ecp_point *Q ) { - int ret = 0; + int ret; ecp_ptjac J; ecp_ptjac_init( &J ); @@ -643,20 +637,20 @@ cleanup: int ecp_mul( const ecp_group *grp, ecp_point *R, const mpi *m, const ecp_point *P ) { - int ret = 0; + int ret; size_t pos; ecp_ptjac Q[2]; - ecp_ptjac_init( &Q[0] ); ecp_ptjac_init( &Q[1] ); - /* * The general method works only for m >= 1 */ if( mpi_cmp_int( m, 0 ) == 0 ) { ecp_set_zero( R ); - goto cleanup; + return( 0 ); } + ecp_ptjac_init( &Q[0] ); ecp_ptjac_init( &Q[1] ); + ecp_ptjac_set_zero( &Q[0] ); for( pos = mpi_msb( m ) - 1 ; ; pos-- )