📄 ecc.c
字号:
/* Y = Y - T1 */ if ((err = mp_sub(&y, &t1, &y)) != MP_OKAY) { goto error; } if (mp_cmp_d(&y, 0) == MP_LT) { if ((err = mp_add(&y, modulus, &y)) != MP_OKAY) { goto error; } } /* T1 = 2T1 */ if ((err = mp_mul_2(&t1, &t1)) != MP_OKAY) { goto error; } if (mp_cmp(&t1, modulus) != MP_LT) { if ((err = mp_sub(&t1, modulus, &t1)) != MP_OKAY) { goto error; } } /* T1 = Y + T1 */ if ((err = mp_add(&t1, &y, &t1)) != MP_OKAY) { goto error; } if (mp_cmp(&t1, modulus) != MP_LT) { if ((err = mp_sub(&t1, modulus, &t1)) != MP_OKAY) { goto error; } } /* X = X - T2 */ if ((err = mp_sub(&x, &t2, &x)) != MP_OKAY) { goto error; } if (mp_cmp_d(&x, 0) == MP_LT) { if ((err = mp_add(&x, modulus, &x)) != MP_OKAY) { goto error; } } /* T2 = 2T2 */ if ((err = mp_mul_2(&t2, &t2)) != MP_OKAY) { goto error; } if (mp_cmp(&t2, modulus) != MP_LT) { if ((err = mp_sub(&t2, modulus, &t2)) != MP_OKAY) { goto error; } } /* T2 = X + T2 */ if ((err = mp_add(&t2, &x, &t2)) != MP_OKAY) { goto error; } if (mp_cmp(&t2, modulus) != MP_LT) { if ((err = mp_sub(&t2, modulus, &t2)) != MP_OKAY) { goto error; } } /* if Z' != 1 */ if (mp_cmp_d(&Q->z, 1) != MP_EQ) { /* Z = Z * Z' */ if ((err = mp_mul(&z, &Q->z, &z)) != MP_OKAY) { goto error; } if ((err = mp_montgomery_reduce(&z, modulus, mp)) != MP_OKAY) { goto error; } } /* Z = Z * X */ if ((err = mp_mul(&z, &x, &z)) != MP_OKAY) { goto error; } if ((err = mp_montgomery_reduce(&z, modulus, mp)) != MP_OKAY) { goto error; } /* T1 = T1 * X */ if ((err = mp_mul(&t1, &x, &t1)) != MP_OKAY) { goto error; } if ((err = mp_montgomery_reduce(&t1, modulus, mp)) != MP_OKAY) { goto error; } /* X = X * X */ if ((err = mp_sqr(&x, &x)) != MP_OKAY) { goto error; } if ((err = mp_montgomery_reduce(&x, modulus, mp)) != MP_OKAY) { goto error; } /* T2 = T2 * x */ if ((err = mp_mul(&t2, &x, &t2)) != MP_OKAY) { goto error; } if ((err = mp_montgomery_reduce(&t2, modulus, mp)) != MP_OKAY) { goto error; } /* T1 = T1 * X */ if ((err = mp_mul(&t1, &x, &t1)) != MP_OKAY) { goto error; } if ((err = mp_montgomery_reduce(&t1, modulus, mp)) != MP_OKAY) { goto error; } /* X = Y*Y */ if ((err = mp_sqr(&y, &x)) != MP_OKAY) { goto error; } if ((err = mp_montgomery_reduce(&x, modulus, mp)) != MP_OKAY) { goto error; } /* X = X - T2 */ if ((err = mp_sub(&x, &t2, &x)) != MP_OKAY) { goto error; } if (mp_cmp_d(&x, 0) == MP_LT) { if ((err = mp_add(&x, modulus, &x)) != MP_OKAY) { goto error; } } /* T2 = T2 - X */ if ((err = mp_sub(&t2, &x, &t2)) != MP_OKAY) { goto error; } if (mp_cmp_d(&t2, 0) == MP_LT) { if ((err = mp_add(&t2, modulus, &t2)) != MP_OKAY) { goto error; } } /* T2 = T2 - X */ if ((err = mp_sub(&t2, &x, &t2)) != MP_OKAY) { goto error; } if (mp_cmp_d(&t2, 0) == MP_LT) { if ((err = mp_add(&t2, modulus, &t2)) != MP_OKAY) { goto error; } } /* T2 = T2 * Y */ if ((err = mp_mul(&t2, &y, &t2)) != MP_OKAY) { goto error; } if ((err = mp_montgomery_reduce(&t2, modulus, mp)) != MP_OKAY) { goto error; } /* Y = T2 - T1 */ if ((err = mp_sub(&t2, &t1, &y)) != MP_OKAY) { goto error; } if (mp_cmp_d(&y, 0) == MP_LT) { if ((err = mp_add(&y, modulus, &y)) != MP_OKAY) { goto error; } } /* Y = Y/2 */ if (mp_isodd(&y)) { if ((err = mp_add(&y, modulus, &y)) != MP_OKAY) { goto error; } } if ((err = mp_div_2(&y, &y)) != MP_OKAY) { goto error; } if ((err = mp_copy(&x, &R->x)) != MP_OKAY) { goto error; } if ((err = mp_copy(&y, &R->y)) != MP_OKAY) { goto error; } if ((err = mp_copy(&z, &R->z)) != MP_OKAY) { goto error; } err = CRYPT_OK; goto done;error: err = mpi_to_ltc_error(err);done: mp_clear_multi(&t1, &t2, &x, &y, &z, NULL); return err;}/* size of sliding window, don't change this! */#define WINSIZE 4/* perform R = kG where k == integer and G == ecc_point */int ecc_mulmod(mp_int *k, ecc_point *G, ecc_point *R, mp_int *modulus, int map){ ecc_point *tG, *M[8]; int i, j, err; mp_int mu; mp_digit buf, mp; int first, bitbuf, bitcpy, bitcnt, mode, digidx; /* init montgomery reduction */ if ((err = mp_montgomery_setup(modulus, &mp)) != MP_OKAY) { return CRYPT_INVALID_ARG; } if ((err = mp_init(&mu)) != MP_OKAY) { return CRYPT_MEM; } if ((err = mp_montgomery_calc_normalization(&mu, modulus)) != MP_OKAY) { mp_clear(&mu); return CRYPT_INVALID_ARG; } /* alloc ram for window temps */ for (i = 0; i < 8; i++) { M[i] = ecc_new_point(); if (M[i] == NULL) { for (j = 0; j < i; j++) { ecc_del(M[j]); } mp_clear(&mu); return CRYPT_MEM; } } /* make a copy of G incase R==G */ tG = ecc_new_point(); if (tG == NULL) { err = CRYPT_MEM; goto done; } /* tG = G and convert to montgomery */ if ((err = mp_mulmod(&G->x, &mu, modulus, &tG->x)) != MP_OKAY) { goto error; } if ((err = mp_mulmod(&G->y, &mu, modulus, &tG->y)) != MP_OKAY) { goto error; } if ((err = mp_mulmod(&G->z, &mu, modulus, &tG->z)) != MP_OKAY) { goto error; } mp_clear(&mu); /* calc the M tab, which holds kG for k==8..15 */ /* M[0] == 8G */ if ((err = ecc_dbl(tG, M[0], modulus, mp)) != CRYPT_OK) { goto done; } if ((err = ecc_dbl(M[0], M[0], modulus, mp)) != CRYPT_OK) { goto done; } if ((err = ecc_dbl(M[0], M[0], modulus, mp)) != CRYPT_OK) { goto done; } /* now find (8+k)G for k=1..7 */ for (j = 9; j < 16; j++) { if ((err = ecc_add(M[j-9], tG, M[j-8], modulus, mp)) != CRYPT_OK) { goto done; } } /* setup sliding window */ mode = 0; bitcnt = 1; buf = 0; digidx = k->used - 1; bitcpy = bitbuf = 0; first = 1; /* perform ops */ for (;;) { /* grab next digit as required */ if (--bitcnt == 0) { if (digidx == -1) { break; } buf = k->dp[digidx--]; bitcnt = (int) DIGIT_BIT; } /* grab the next msb from the ltiplicand */ i = (buf >> (DIGIT_BIT - 1)) & 1; buf <<= 1; /* skip leading zero bits */ if (mode == 0 && i == 0) { continue; } /* if the bit is zero and mode == 1 then we double */ if (mode == 1 && i == 0) { if ((err = ecc_dbl(R, R, modulus, mp)) != CRYPT_OK) { goto done; } continue; } /* else we add it to the window */ bitbuf |= (i << (WINSIZE - ++bitcpy)); mode = 2; if (bitcpy == WINSIZE) { /* if this is the first window we do a simple copy */ if (first == 1) { /* R = kG [k = first window] */ if ((err = mp_copy(&M[bitbuf-8]->x, &R->x)) != MP_OKAY) { goto error; } if ((err = mp_copy(&M[bitbuf-8]->y, &R->y)) != MP_OKAY) { goto error; } if ((err = mp_copy(&M[bitbuf-8]->z, &R->z)) != MP_OKAY) { goto error; } first = 0; } else { /* normal window */ /* ok window is filled so double as required and add */ /* double first */ for (j = 0; j < WINSIZE; j++) { if ((err = ecc_dbl(R, R, modulus, mp)) != CRYPT_OK) { goto done; } } /* then add, bitbuf will be 8..15 [8..2^WINSIZE] guaranteed */ if ((err = ecc_add(R, M[bitbuf-8], R, modulus, mp)) != CRYPT_OK) { goto done; } } /* empty window and reset */ bitcpy = bitbuf = 0; mode = 1; } } /* if bits remain then double/add */ if (mode == 2 && bitcpy > 0) { /* double then add */ for (j = 0; j < bitcpy; j++) { /* only double if we have had at least one add first */ if (first == 0) { if ((err = ecc_dbl(R, R, modulus, mp)) != CRYPT_OK) { goto done; } } bitbuf <<= 1; if ((bitbuf & (1 << WINSIZE)) != 0) { if (first == 1){ /* first add, so copy */ if ((err = mp_copy(&tG->x, &R->x)) != MP_OKAY) { goto error; } if ((err = mp_copy(&tG->y, &R->y)) != MP_OKAY) { goto error; } if ((err = mp_copy(&tG->z, &R->z)) != MP_OKAY) { goto error; } first = 0; } else { /* then add */ if ((err = ecc_add(R, tG, R, modulus, mp)) != CRYPT_OK) { goto done; } } } } } /* map R back from projective space */ if (map) { err = ecc_map(R, modulus, mp); } else { err = CRYPT_OK; } goto done;error: err = mpi_to_ltc_error(err);done: ecc_del(tG); for (i = 0; i < 8; i++) { ecc_del(M[i]); } return err;}#undef WINSIZE/** Perform on the ECC system @return CRYPT_OK if successful*/int ecc_test(void){ mp_int modulus, order; ecc_point *G, *GG; int i, err, primality; if ((err = mp_init_multi(&modulus, &order, NULL)) != MP_OKAY) { return mpi_to_ltc_error(err); } G = ecc_new_point(); GG = ecc_new_point(); if (G == NULL || GG == NULL) { mp_clear_multi(&modulus, &order, NULL); ecc_del(G); ecc_del(GG); return CRYPT_MEM; } for (i = 0; ecc_sets[i].size; i++) { #if 0 printf("Testing %d\n", ecc_sets[i].size); #endif if ((err = mp_read_radix(&modulus, (char *)ecc_sets[i].prime, 64)) != MP_OKAY) { goto error; } if ((err = mp_read_radix(&order, (char *)ecc_sets[i].order, 64)) != MP_OKAY) { goto error; } /* is prime actually prime? */ if ((err = is_prime(&modulus, &primality)) != CRYPT_OK) { goto done; } if (primality == 0) { err = CRYPT_FAIL_TESTVECTOR; goto done; } /* is order prime ? */ if ((err = is_prime(&order, &primality)) != CRYPT_OK) { goto done; } if (primality == 0) { err = CRYPT_FAIL_TESTVECTOR; goto done; } if ((err = mp_read_radix(&G->x, (char *)ecc_sets[i].Gx, 64)) != MP_OKAY) { goto error; } if ((err = mp_read_radix(&G->y, (char *)ecc_sets[i].Gy, 64)) != MP_OKAY) { goto error; } mp_set(&G->z, 1); /* then we should have G == (order + 1)G */ if ((err = mp_add_d(&order, 1, &order)) != MP_OKAY) { goto error; } if ((err = ecc_mulmod(&order, G, GG, &modulus, 1)) != CRYPT_OK) { goto done; } if (mp_cmp(&G->x, &GG->x) != 0 || mp_cmp(&G->y, &GG->y) != 0) { err = CRYPT_FAIL_TESTVECTOR; goto done; } } err = CRYPT_OK; goto done;error: err = mpi_to_ltc_error(err);done: ecc_del(GG); ecc_del(G); mp_clear_multi(&order, &modulus, NULL); return err;}void ecc_sizes(int *low, int *high){ int i; LTC_ARGCHK(low != NULL); LTC_ARGCHK(high != NULL); *low = INT_MAX; *high = 0; for (i = 0; ecc_sets[i].size != 0; i++) { if (ecc_sets[i].size < *low) { *low = ecc_sets[i].size; } if (ecc_sets[i].size > *high) { *high = ecc_sets[i].size; } }}/** Make a new ECC key @param prng An active PRNG state @param wprng The index of the PRNG you wish to use @param keysize The keysize for the new key (in octets from 20 to 65 bytes) @param key [out] Destination of the newly created key @return CRYPT_OK if successful, upon error all allocated memory will be freed*/int ecc_make_key(prng_state *prng, int wprng, int keysize, ecc_key *key){ int x, err; ecc_point *base; mp_int prime; unsigned char *buf; LTC_ARGCHK(key != NULL); /* good prng? */⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -