Adapt ecp_gen_keypair() to Curve25519

This commit is contained in:
Manuel Pégourié-Gonnard 2013-12-04 18:14:55 +01:00
parent 9a4a5ac4de
commit fe0af405f9
2 changed files with 38 additions and 12 deletions

View File

@ -31,6 +31,8 @@
* FIPS 186-3 http://csrc.nist.gov/publications/fips/fips186-3/fips_186-3.pdf * FIPS 186-3 http://csrc.nist.gov/publications/fips/fips186-3/fips_186-3.pdf
* RFC 4492 for the related TLS structures and constants * RFC 4492 for the related TLS structures and constants
* *
* [M255] http://cr.yp.to/ecdh/curve25519-20060209.pdf
*
* [2] CORON, Jean-Sébastien. Resistance against differential power analysis * [2] CORON, Jean-Sébastien. Resistance against differential power analysis
* for elliptic curve cryptosystems. In : Cryptographic Hardware and * for elliptic curve cryptosystems. In : Cryptographic Hardware and
* Embedded Systems. Springer Berlin Heidelberg, 1999. p. 292-302. * Embedded Systems. Springer Berlin Heidelberg, 1999. p. 292-302.
@ -1534,7 +1536,7 @@ int ecp_check_pubkey( const ecp_group *grp, const ecp_point *pt )
if( ecp_is_montgomery( grp ) ) if( ecp_is_montgomery( grp ) )
{ {
/* Just check X is the correct number of bytes */ /* [M255 p. 5] Just check X is the correct number of bytes */
if( mpi_size( &pt->X ) > ( grp->nbits + 7 ) / 8 ) if( mpi_size( &pt->X ) > ( grp->nbits + 7 ) / 8 )
return( POLARSSL_ERR_ECP_INVALID_KEY ); return( POLARSSL_ERR_ECP_INVALID_KEY );
@ -1587,7 +1589,7 @@ int ecp_check_privkey( const ecp_group *grp, const mpi *d )
{ {
if( ecp_is_montgomery( grp ) ) if( ecp_is_montgomery( grp ) )
{ {
/* see the Curve25519 paper */ /* see [M255] page 5 */
if( mpi_get_bit( d, 0 ) != 0 || if( mpi_get_bit( d, 0 ) != 0 ||
mpi_get_bit( d, 1 ) != 0 || mpi_get_bit( d, 1 ) != 0 ||
mpi_get_bit( d, 2 ) != 0 || mpi_get_bit( d, 2 ) != 0 ||
@ -1606,7 +1608,7 @@ int ecp_check_privkey( const ecp_group *grp, const mpi *d )
} }
/* /*
* Generate a keypair (SEC1 3.2.1) * Generate a keypair
*/ */
int ecp_gen_keypair( ecp_group *grp, mpi *d, ecp_point *Q, int ecp_gen_keypair( ecp_group *grp, mpi *d, ecp_point *Q,
int (*f_rng)(void *, unsigned char *, size_t), int (*f_rng)(void *, unsigned char *, size_t),
@ -1615,9 +1617,28 @@ int ecp_gen_keypair( ecp_group *grp, mpi *d, ecp_point *Q,
int count = 0; int count = 0;
size_t n_size = (grp->nbits + 7) / 8; size_t n_size = (grp->nbits + 7) / 8;
/* if( ecp_is_montgomery( grp ) )
* Generate d such that 1 <= n < N {
*/ /* [M225] page 5 */
size_t b;
mpi_fill_random( d, n_size, f_rng, p_rng );
/* Make sure the most significant bit is nbits */
b = mpi_msb( d ) - 1; /* mpi_msb is one-based */
if( b > grp->nbits )
mpi_shift_r( d, b - grp->nbits );
else
mpi_set_bit( d, grp->nbits, 1 );
/* Make sure the last three bits are unset */
mpi_set_bit( d, 0, 0 );
mpi_set_bit( d, 1, 0 );
mpi_set_bit( d, 2, 0 );
}
else
{
/* SEC1 3.2.1: Generate d such that 1 <= n < N */
do do
{ {
mpi_fill_random( d, n_size, f_rng, p_rng ); mpi_fill_random( d, n_size, f_rng, p_rng );
@ -1629,6 +1650,7 @@ int ecp_gen_keypair( ecp_group *grp, mpi *d, ecp_point *Q,
return( POLARSSL_ERR_ECP_RANDOM_FAILED ); return( POLARSSL_ERR_ECP_RANDOM_FAILED );
} }
while( mpi_cmp_int( d, 1 ) < 0 ); while( mpi_cmp_int( d, 1 ) < 0 );
}
return( ecp_mul( grp, Q, d, &grp->G, f_rng, p_rng ) ); return( ecp_mul( grp, Q, d, &grp->G, f_rng, p_rng ) );
} }

View File

@ -325,6 +325,10 @@ ECP gen keypair
depends_on:POLARSSL_ECP_DP_SECP192R1_ENABLED depends_on:POLARSSL_ECP_DP_SECP192R1_ENABLED
ecp_gen_keypair:POLARSSL_ECP_DP_SECP192R1 ecp_gen_keypair:POLARSSL_ECP_DP_SECP192R1
ECP gen keypair
depends_on:POLARSSL_ECP_DP_M255_ENABLED
ecp_gen_keypair:POLARSSL_ECP_DP_M255
ECP gen keypair wrapper ECP gen keypair wrapper
depends_on:POLARSSL_ECP_DP_SECP192R1_ENABLED depends_on:POLARSSL_ECP_DP_SECP192R1_ENABLED
ecp_gen_key:POLARSSL_ECP_DP_SECP192R1 ecp_gen_key:POLARSSL_ECP_DP_SECP192R1