kmackay/micro-ecc
1
0
Fork 0
mirror of https://github.com/kmackay/micro-ecc.git synced 2026-06-05 21:14:51 +00:00
Code Issues Packages Projects Releases Wiki Activity

Added new define (uECC_SUPPORT_COMPRESSED_POINT) and new API functions.

Browse Source
This commit is contained in:
Evgeni Margolis
2015-07-08 20:14:05 -07:00
committed by Ken MacKay
parent 2cc5e9211a
commit ca9e456f42
3 changed files with 85 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files
curve-specific.inc
+18 -2
View File
@@ -97,6 +97,7 @@ static void double_jacobian_default(uECC_word_t * X1,
vli_set(Y1, t4, curve->num_words);
}
#if uECC_SUPPORT_COMPRESSED_POINT
/* Compute a = sqrt(a) (mod curve_p). */
static void mod_sqrt_default(uECC_word_t *a, uECC_Curve curve) {
bitcount_t i;
@@ -114,6 +115,7 @@ static void mod_sqrt_default(uECC_word_t *a, uECC_Curve curve) {
}
vli_set(a, l_result, curve->num_words);
}
#endif
/* Computes result = x^3 + ax + b. result must not overlap x. */
static void x_side_default(uECC_word_t *result, const uECC_word_t *x, uECC_Curve curve) {
@@ -152,7 +154,9 @@ static const struct uECC_Curve_t curve_secp160r1 = {
BYTES_TO_WORDS_8(9F, F8, AC, 65, 8B, 7A, BD, 54),
BYTES_TO_WORDS_4(FC, BE, 97, 1C) },
&double_jacobian_default,
#if uECC_SUPPORT_COMPRESSED_POINT
&mod_sqrt_default,
#endif
&x_side_default,
#if (uECC_OPTIMIZATION_LEVEL > 0)
&vli_mmod_fast_secp160r1
@@ -295,7 +299,9 @@ static const struct uECC_Curve_t curve_secp192r1 = {
BYTES_TO_WORDS_8(49, 30, 24, 72, AB, E9, A7, 0F),
BYTES_TO_WORDS_8(E7, 80, 9C, E5, 19, 05, 21, 64) },
&double_jacobian_default,
#if uECC_SUPPORT_COMPRESSED_POINT
&mod_sqrt_default,
#endif
&x_side_default,
#if (uECC_OPTIMIZATION_LEVEL > 0)
&vli_mmod_fast_secp192r1
@@ -395,7 +401,9 @@ static void vli_mmod_fast_secp192r1(uint64_t *result, uint64_t *product) {
#if uECC_SUPPORTS_secp224r1
#if uECC_SUPPORT_COMPRESSED_POINT
static void mod_sqrt_secp224r1(uECC_word_t *a, uECC_Curve curve);
#endif
#if (uECC_OPTIMIZATION_LEVEL > 0)
static void vli_mmod_fast_secp224r1(uECC_word_t *result, uECC_word_t *product);
#endif
@@ -426,7 +434,9 @@ static const struct uECC_Curve_t curve_secp224r1 = {
BYTES_TO_WORDS_8(56, 32, 41, F5, AB, B3, 04, 0C),
BYTES_TO_WORDS_4(85, 0A, 05, B4) },
&double_jacobian_default,
#if uECC_SUPPORT_COMPRESSED_POINT
&mod_sqrt_secp224r1,
#endif
&x_side_default,
#if (uECC_OPTIMIZATION_LEVEL > 0)
&vli_mmod_fast_secp224r1
@@ -436,6 +446,7 @@ static const struct uECC_Curve_t curve_secp224r1 = {
uECC_Curve uECC_secp224r1(void) { return &curve_secp224r1; }
#if uECC_SUPPORT_COMPRESSED_POINT
/* Routine 3.2.4 RS; from http://www.nsa.gov/ia/_files/nist-routines.pdf */
static void mod_sqrt_secp224r1_rs(uECC_word_t *d1,
uECC_word_t *e1,
@@ -536,7 +547,7 @@ static void mod_sqrt_secp224r1(uECC_word_t *a, uECC_Curve curve) {
uECC_word_t f0[num_words_secp224r1];
uECC_word_t d1[num_words_secp224r1];
// s = a; using constant instead of random value
/* s = a; using constant instead of random value */
mod_sqrt_secp224r1_rp(d0, e0, f0, a, a); /* RP (d0, e0, f0, c, s) */
mod_sqrt_secp224r1_rs(d1, e1, f1, d0, e0, f0); /* RS (d1, e1, f1, d0, e0, f0) */
for (i = 1; i <= 95; i++) {
@@ -545,12 +556,13 @@ static void mod_sqrt_secp224r1(uECC_word_t *a, uECC_Curve curve) {
vli_set(f0, f1, num_words_secp224r1); /* f0 <-- f1 */
mod_sqrt_secp224r1_rs(d1, e1, f1, d0, e0, f0); /* RS (d1, e1, f1, d0, e0, f0) */
if (vli_isZero(d1, num_words_secp224r1)) { /* if d1 == 0 */
break;
break;
}
}
vli_modInv(f1, e0, curve_secp224r1.p, num_words_secp224r1); /* f1 <-- 1 / e0 */
vli_modMult_fast(a, d0, f1, &curve_secp224r1); /* a <-- d0 / e0 */
}
#endif /* uECC_SUPPORT_COMPRESSED_POINT */
#if (uECC_OPTIMIZATION_LEVEL > 0)
/* Computes result = product % curve_p
@@ -744,7 +756,9 @@ static const struct uECC_Curve_t curve_secp256r1 = {
BYTES_TO_WORDS_8(BC, 86, 98, 76, 55, BD, EB, B3),
BYTES_TO_WORDS_8(E7, 93, 3A, AA, D8, 35, C6, 5A) },
&double_jacobian_default,
#if uECC_SUPPORT_COMPRESSED_POINT
&mod_sqrt_default,
#endif
&x_side_default,
#if (uECC_OPTIMIZATION_LEVEL > 0)
&vli_mmod_fast_secp256r1
@@ -1077,7 +1091,9 @@ static const struct uECC_Curve_t curve_secp256k1 = {
BYTES_TO_WORDS_8(00, 00, 00, 00, 00, 00, 00, 00),
BYTES_TO_WORDS_8(00, 00, 00, 00, 00, 00, 00, 00) },
&double_jacobian_secp256k1,
#if uECC_SUPPORT_COMPRESSED_POINT
&mod_sqrt_default,
#endif
&x_side_secp256k1,
#if (uECC_OPTIMIZATION_LEVEL > 0)
&vli_mmod_fast_secp256k1
uECC.c
+59 -18
View File
@@ -42,7 +42,9 @@ struct uECC_Curve_t {
uECC_word_t * Y1,
uECC_word_t * Z1,
uECC_Curve curve);
#if uECC_SUPPORT_COMPRESSED_POINT
void (*mod_sqrt)(uECC_word_t *a, uECC_Curve curve);
#endif
void (*x_side)(uECC_word_t *result, const uECC_word_t *x, uECC_Curve curve);
#if (uECC_OPTIMIZATION_LEVEL > 0)
void (*mmod_fast)(uECC_word_t *result, uECC_word_t *product);
@@ -71,6 +73,7 @@ static void vli_clear(uECC_word_t *vli, wordcount_t num_words) {
}
}
/* Constant-time comparison to zero - secure way to compare long integers */
/* Returns 1 if vli == 0, 0 otherwise. */
static uECC_word_t vli_isZero(const uECC_word_t *vli, wordcount_t num_words) {
uECC_word_t bits = 0;
@@ -138,6 +141,8 @@ static cmpresult_t vli_cmp(const uECC_word_t *left,
return 0;
}
/* Constant-time comparison function - secure way to compare long integers */
/* Returns one if left == right, zero otherwise */
static uECC_word_t vli_equal(const uECC_word_t *left,
const uECC_word_t *right,
wordcount_t num_words) {
@@ -200,7 +205,7 @@ static uECC_word_t vli_sub(uECC_word_t *result,
}
#endif /* !asm_sub */
#if !asm_mult || !asm_square || \
#if !asm_mult || (uECC_SQUARE_FUNC && !asm_square) || \
(uECC_SUPPORTS_secp256k1 && (uECC_OPTIMIZATION_LEVEL > 0) && \
((uECC_WORD_SIZE == 1) || (uECC_WORD_SIZE == 8)))
static void muladd(uECC_word_t a,
@@ -569,9 +574,7 @@ static void vli_modInv(uECC_word_t *result,
#include "curve-specific.inc"
/* Returns 1 if 'point' is the point at infinity, 0 otherwise. */
static cmpresult_t EccPoint_isZero(const uECC_word_t *point, uECC_Curve curve) {
return vli_isZero(point, curve->num_words * 2);
}
#define EccPoint_isZero(point, curve) vli_isZero((point), (curve)->num_words * 2)
/* Point multiplication algorithm using Montgomery's ladder with co-Z coordinates.
From http://eprint.iacr.org/2011/338.pdf
@@ -854,7 +857,7 @@ int uECC_make_key(uint8_t *public_key,
if (!generate_random_int(private, curve->num_words, curve->num_bytes * 8)) {
return 0;
}
if (EccPoint_compute_public_key(public, private, curve)) {
vli_nativeToBytes(private_key, private, curve);
vli_nativeToBytes(public_key, public, curve);
@@ -911,6 +914,7 @@ int uECC_shared_secret(const uint8_t *public_key,
return !EccPoint_isZero(public, curve);
}
#if uECC_SUPPORT_COMPRESSED_POINT
void uECC_compress(const uint8_t *public_key, uint8_t *compressed, uECC_Curve curve) {
wordcount_t i;
for (i = 0; i < curve->num_bytes; ++i) {
@@ -933,33 +937,38 @@ void uECC_decompress(const uint8_t *compressed, uint8_t *public_key, uECC_Curve
vli_nativeToBytes(public_key, point, curve);
vli_nativeToBytes(public_key + curve->num_bytes, y, curve);
}
#endif /* uECC_SUPPORT_COMPRESSED_POINT */
int uECC_valid_public_key(const uint8_t *public_key, uECC_Curve curve) {
int uECC_valid_point(const uECC_word_t *point, uECC_Curve curve) {
uECC_word_t tmp1[uECC_MAX_WORDS];
uECC_word_t tmp2[uECC_MAX_WORDS];
uECC_word_t public[uECC_MAX_WORDS * 2];
vli_bytesToNative(public, public_key, curve);
vli_bytesToNative(public + curve->num_words, public_key + curve->num_bytes, curve);
/* The point at infinity is invalid. */
if (EccPoint_isZero(public, curve)) {
if (EccPoint_isZero(point, curve)) {
return 0;
}
/* x and y must be smaller than p. */
if (vli_cmp(curve->p, public, curve->num_words) != 1 ||
vli_cmp(curve->p, public + curve->num_words, curve->num_words) != 1) {
if (vli_cmp(curve->p, point, curve->num_words) != 1 ||
vli_cmp(curve->p, point + curve->num_words, curve->num_words) != 1) {
return 0;
}
vli_modSquare_fast(tmp1, public + curve->num_words, curve);
curve->x_side(tmp2, public, curve); /* tmp2 = x^3 + ax + b */
vli_modSquare_fast(tmp1, point + curve->num_words, curve);
curve->x_side(tmp2, point, curve); /* tmp2 = x^3 + ax + b */
/* Make sure that y^2 == x^3 + ax + b */
return (vli_equal(tmp1, tmp2, curve->num_words));
}
int uECC_valid_public_key(const uint8_t *public_key, uECC_Curve curve) {
uECC_word_t public[uECC_MAX_WORDS * 2];
vli_bytesToNative(public, public_key, curve);
vli_bytesToNative(public + curve->num_words, public_key + curve->num_bytes, curve);
return uECC_valid_point(public, curve);
}
int uECC_compute_public_key(const uint8_t *private_key, uint8_t *public_key, uECC_Curve curve) {
uECC_word_t private[uECC_MAX_WORDS];
uECC_word_t public[uECC_MAX_WORDS * 2];
@@ -1315,10 +1324,12 @@ const uECC_word_t *uECC_curve_b(uECC_Curve curve) {
return curve->b;
}
#if uECC_SUPPORT_COMPRESSED_POINT
/* Calculates a = sqrt(a) (mod curve->p) */
void uECC_mod_sqrt(uECC_word_t *a, uECC_Curve curve) {
curve->mod_sqrt(a, curve);
}
#endif
/* Calculates result = product (mod curve->p), where product is up to
2 * curve->num_words long. */
@@ -1330,6 +1341,14 @@ void uECC_mmod_fast(uECC_word_t *result, uECC_word_t *product, uECC_Curve curve)
#endif
}
void uECC_vli_nativeToBytes(uint8_t * dest, const uECC_word_t * src, uECC_Curve curve) {
vli_nativeToBytes(dest, src, curve);
}
void uECC_vli_bytesToNative(uECC_word_t * dest, const uint8_t * src, uECC_Curve curve) {
vli_bytesToNative(dest, src, curve);
}
void uECC_vli_clear(uECC_word_t *vli, unsigned num_words) {
vli_clear(vli, num_words);
}
@@ -1432,8 +1451,8 @@ void uECC_vli_modInv(uECC_word_t *result,
the Y coordinate in the same array, both coordinates are curve->num_words long. Note
that scalar must be curve->num_n_words long (NOT curve->num_words). */
void uECC_point_mult(uECC_word_t *result,
uECC_word_t *point,
uECC_word_t *scalar,
const uECC_word_t *point,
const uECC_word_t *scalar,
uECC_Curve curve) {
uECC_word_t tmp1[uECC_MAX_WORDS];
uECC_word_t tmp2[uECC_MAX_WORDS];
@@ -1444,3 +1463,25 @@ void uECC_point_mult(uECC_word_t *result,
vli_numBits(curve->n, curve->num_n_words) + 1,
curve);
}
/* Calculates result = product (mod curve->n), where product is up to
2 * curve->num_n_words long. */
void uECC_vli_mmod_n(uECC_word_t *result, uECC_word_t *product, uECC_Curve curve) {
vli_mmod(result, product, curve->n, curve->num_n_words);
}
/* Computes result = (left * right) % (curve->n). */
void uECC_vli_modMult_n(uECC_word_t *result,
const uECC_word_t *left,
const uECC_word_t *right,
uECC_Curve curve) {
vli_modMult(result, left, right, curve->n, curve->num_n_words);
}
/* Computes result = (left * right) % (curve->p). */
void uECC_vli_modMult_fast(uECC_word_t *result,
const uECC_word_t *left,
const uECC_word_t *right,
uECC_Curve curve) {
vli_modMult_fast(result, left, right, curve);
}
uECC.h
+8
View File
@@ -49,6 +49,12 @@ platform. */
#define uECC_SUPPORTS_secp256k1 1
#endif
/* Specifies whether compressed point format is supported.
Set to 0 if compressed point is not supported. That saves code size. */
#ifndef uECC_SUPPORT_COMPRESSED_POINT
#define uECC_SUPPORT_COMPRESSED_POINT 0
#endif
struct uECC_Curve_t;
typedef const struct uECC_Curve_t * uECC_Curve;
@@ -133,6 +139,7 @@ int uECC_shared_secret(const uint8_t *public_key,
uint8_t *secret,
uECC_Curve curve);
#if uECC_SUPPORT_COMPRESSED_POINT
/* uECC_compress() function.
Compress a public key.
@@ -154,6 +161,7 @@ Outputs:
public_key - Will be filled in with the decompressed public key.
*/
void uECC_decompress(const uint8_t *compressed, uint8_t *public_key, uECC_Curve curve);
#endif /* uECC_SUPPORT_COMPRESSED_POINT */
/* uECC_valid_public_key() function.
Check to see if a public key is valid.