mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-29 08:54:23 +01:00
Adapt ecp_gen_keypair() to Curve25519
This commit is contained in:
parent
9a4a5ac4de
commit
fe0af405f9
@ -31,6 +31,8 @@
|
|||||||
* FIPS 186-3 http://csrc.nist.gov/publications/fips/fips186-3/fips_186-3.pdf
|
* FIPS 186-3 http://csrc.nist.gov/publications/fips/fips186-3/fips_186-3.pdf
|
||||||
* RFC 4492 for the related TLS structures and constants
|
* RFC 4492 for the related TLS structures and constants
|
||||||
*
|
*
|
||||||
|
* [M255] http://cr.yp.to/ecdh/curve25519-20060209.pdf
|
||||||
|
*
|
||||||
* [2] CORON, Jean-Sébastien. Resistance against differential power analysis
|
* [2] CORON, Jean-Sébastien. Resistance against differential power analysis
|
||||||
* for elliptic curve cryptosystems. In : Cryptographic Hardware and
|
* for elliptic curve cryptosystems. In : Cryptographic Hardware and
|
||||||
* Embedded Systems. Springer Berlin Heidelberg, 1999. p. 292-302.
|
* Embedded Systems. Springer Berlin Heidelberg, 1999. p. 292-302.
|
||||||
@ -1534,7 +1536,7 @@ int ecp_check_pubkey( const ecp_group *grp, const ecp_point *pt )
|
|||||||
|
|
||||||
if( ecp_is_montgomery( grp ) )
|
if( ecp_is_montgomery( grp ) )
|
||||||
{
|
{
|
||||||
/* Just check X is the correct number of bytes */
|
/* [M255 p. 5] Just check X is the correct number of bytes */
|
||||||
if( mpi_size( &pt->X ) > ( grp->nbits + 7 ) / 8 )
|
if( mpi_size( &pt->X ) > ( grp->nbits + 7 ) / 8 )
|
||||||
return( POLARSSL_ERR_ECP_INVALID_KEY );
|
return( POLARSSL_ERR_ECP_INVALID_KEY );
|
||||||
|
|
||||||
@ -1587,7 +1589,7 @@ int ecp_check_privkey( const ecp_group *grp, const mpi *d )
|
|||||||
{
|
{
|
||||||
if( ecp_is_montgomery( grp ) )
|
if( ecp_is_montgomery( grp ) )
|
||||||
{
|
{
|
||||||
/* see the Curve25519 paper */
|
/* see [M255] page 5 */
|
||||||
if( mpi_get_bit( d, 0 ) != 0 ||
|
if( mpi_get_bit( d, 0 ) != 0 ||
|
||||||
mpi_get_bit( d, 1 ) != 0 ||
|
mpi_get_bit( d, 1 ) != 0 ||
|
||||||
mpi_get_bit( d, 2 ) != 0 ||
|
mpi_get_bit( d, 2 ) != 0 ||
|
||||||
@ -1606,7 +1608,7 @@ int ecp_check_privkey( const ecp_group *grp, const mpi *d )
|
|||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Generate a keypair (SEC1 3.2.1)
|
* Generate a keypair
|
||||||
*/
|
*/
|
||||||
int ecp_gen_keypair( ecp_group *grp, mpi *d, ecp_point *Q,
|
int ecp_gen_keypair( ecp_group *grp, mpi *d, ecp_point *Q,
|
||||||
int (*f_rng)(void *, unsigned char *, size_t),
|
int (*f_rng)(void *, unsigned char *, size_t),
|
||||||
@ -1615,9 +1617,28 @@ int ecp_gen_keypair( ecp_group *grp, mpi *d, ecp_point *Q,
|
|||||||
int count = 0;
|
int count = 0;
|
||||||
size_t n_size = (grp->nbits + 7) / 8;
|
size_t n_size = (grp->nbits + 7) / 8;
|
||||||
|
|
||||||
/*
|
if( ecp_is_montgomery( grp ) )
|
||||||
* Generate d such that 1 <= n < N
|
{
|
||||||
*/
|
/* [M225] page 5 */
|
||||||
|
size_t b;
|
||||||
|
|
||||||
|
mpi_fill_random( d, n_size, f_rng, p_rng );
|
||||||
|
|
||||||
|
/* Make sure the most significant bit is nbits */
|
||||||
|
b = mpi_msb( d ) - 1; /* mpi_msb is one-based */
|
||||||
|
if( b > grp->nbits )
|
||||||
|
mpi_shift_r( d, b - grp->nbits );
|
||||||
|
else
|
||||||
|
mpi_set_bit( d, grp->nbits, 1 );
|
||||||
|
|
||||||
|
/* Make sure the last three bits are unset */
|
||||||
|
mpi_set_bit( d, 0, 0 );
|
||||||
|
mpi_set_bit( d, 1, 0 );
|
||||||
|
mpi_set_bit( d, 2, 0 );
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
/* SEC1 3.2.1: Generate d such that 1 <= n < N */
|
||||||
do
|
do
|
||||||
{
|
{
|
||||||
mpi_fill_random( d, n_size, f_rng, p_rng );
|
mpi_fill_random( d, n_size, f_rng, p_rng );
|
||||||
@ -1629,6 +1650,7 @@ int ecp_gen_keypair( ecp_group *grp, mpi *d, ecp_point *Q,
|
|||||||
return( POLARSSL_ERR_ECP_RANDOM_FAILED );
|
return( POLARSSL_ERR_ECP_RANDOM_FAILED );
|
||||||
}
|
}
|
||||||
while( mpi_cmp_int( d, 1 ) < 0 );
|
while( mpi_cmp_int( d, 1 ) < 0 );
|
||||||
|
}
|
||||||
|
|
||||||
return( ecp_mul( grp, Q, d, &grp->G, f_rng, p_rng ) );
|
return( ecp_mul( grp, Q, d, &grp->G, f_rng, p_rng ) );
|
||||||
}
|
}
|
||||||
|
@ -325,6 +325,10 @@ ECP gen keypair
|
|||||||
depends_on:POLARSSL_ECP_DP_SECP192R1_ENABLED
|
depends_on:POLARSSL_ECP_DP_SECP192R1_ENABLED
|
||||||
ecp_gen_keypair:POLARSSL_ECP_DP_SECP192R1
|
ecp_gen_keypair:POLARSSL_ECP_DP_SECP192R1
|
||||||
|
|
||||||
|
ECP gen keypair
|
||||||
|
depends_on:POLARSSL_ECP_DP_M255_ENABLED
|
||||||
|
ecp_gen_keypair:POLARSSL_ECP_DP_M255
|
||||||
|
|
||||||
ECP gen keypair wrapper
|
ECP gen keypair wrapper
|
||||||
depends_on:POLARSSL_ECP_DP_SECP192R1_ENABLED
|
depends_on:POLARSSL_ECP_DP_SECP192R1_ENABLED
|
||||||
ecp_gen_key:POLARSSL_ECP_DP_SECP192R1
|
ecp_gen_key:POLARSSL_ECP_DP_SECP192R1
|
||||||
|
Loading…
Reference in New Issue
Block a user