diff options
| author | Billy Brumley <bbrumley@gmail.com> | 2021-08-09 22:57:47 +0300 |
|---|---|---|
| committer | Dmitry Belyavskiy <beldmit@users.noreply.github.com> | 2021-08-11 16:51:34 +0300 |
| commit | c5ec3860a0c95a74ee98210e0ac174924866dab1 (patch) | |
| tree | ef3133f7c2ad1e29d1acd3d6c6b23a9c9ba59881 | |
| parent | 949e0de6bf5c9c75f18924f062cf505eea796361 (diff) | |
| download | gost-engine-c5ec3860a0c95a74ee98210e0ac174924866dab1.zip gost-engine-c5ec3860a0c95a74ee98210e0ac174924866dab1.tar.gz gost-engine-c5ec3860a0c95a74ee98210e0ac174924866dab1.tar.bz2 | |
push VKO cofactor clearing into ECCKiila
| -rw-r--r-- | ecp_id_tc26_gost_3410_2012_256_paramSetA.c | 6 | ||||
| -rw-r--r-- | ecp_id_tc26_gost_3410_2012_512_paramSetC.c | 6 | ||||
| -rw-r--r-- | gost_ec_keyx.c | 8 |
3 files changed, 19 insertions, 1 deletions
diff --git a/ecp_id_tc26_gost_3410_2012_256_paramSetA.c b/ecp_id_tc26_gost_3410_2012_256_paramSetA.c index 9282fb7..f6bb491 100644 --- a/ecp_id_tc26_gost_3410_2012_256_paramSetA.c +++ b/ecp_id_tc26_gost_3410_2012_256_paramSetA.c @@ -3674,6 +3674,9 @@ static void var_smul_rwnaf(pt_aff_t *out, const unsigned char scalar[32], fiat_id_tc26_gost_3410_2012_256_paramSetA_selectznz(Q.Z, scalar[0] & 1, lut.Z, Q.Z); + point_double(&Q, &Q); + point_double(&Q, &Q); + /* move from Edwards projective to legacy projective */ point_edwards2legacy(&Q, &Q); /* convert to affine -- NB depends on coordinate system */ @@ -8881,6 +8884,9 @@ static void var_smul_rwnaf(pt_aff_t *out, const unsigned char scalar[32], fiat_id_tc26_gost_3410_2012_256_paramSetA_selectznz(Q.Z, scalar[0] & 1, lut.Z, Q.Z); + point_double(&Q, &Q); + point_double(&Q, &Q); + /* move from Edwards projective to legacy projective */ point_edwards2legacy(&Q, &Q); /* convert to affine -- NB depends on coordinate system */ diff --git a/ecp_id_tc26_gost_3410_2012_512_paramSetC.c b/ecp_id_tc26_gost_3410_2012_512_paramSetC.c index c239f9f..602c619 100644 --- a/ecp_id_tc26_gost_3410_2012_512_paramSetC.c +++ b/ecp_id_tc26_gost_3410_2012_512_paramSetC.c @@ -4520,6 +4520,9 @@ static void var_smul_rwnaf(pt_aff_t *out, const unsigned char scalar[64], fiat_id_tc26_gost_3410_2012_512_paramSetC_selectznz(Q.Z, scalar[0] & 1, lut.Z, Q.Z); + point_double(&Q, &Q); + point_double(&Q, &Q); + /* move from Edwards projective to legacy projective */ point_edwards2legacy(&Q, &Q); /* convert to affine -- NB depends on coordinate system */ @@ -12447,6 +12450,9 @@ static void var_smul_rwnaf(pt_aff_t *out, const unsigned char scalar[64], fiat_id_tc26_gost_3410_2012_512_paramSetC_selectznz(Q.Z, scalar[0] & 1, lut.Z, Q.Z); + point_double(&Q, &Q); + point_double(&Q, &Q); + /* move from Edwards projective to legacy projective */ point_edwards2legacy(&Q, &Q); /* convert to affine -- NB depends on coordinate system */ diff --git a/gost_ec_keyx.c b/gost_ec_keyx.c index 40cad2b..06835d3 100644 --- a/gost_ec_keyx.c +++ b/gost_ec_keyx.c @@ -62,7 +62,12 @@ int VKO_compute_key(unsigned char *shared_key, EC_GROUP_get0_order(grp), ctx)) goto err; - /* these two curves have cofactor 4; the rest have cofactor 1 */ +#if 0 + /*- + * These two curves have cofactor 4; the rest have cofactor 1. + * But currently gost_ec_point_mul takes care of the cofactor clearing, + * hence this code is not needed. + */ switch (EC_GROUP_get_curve_name(grp)) { case NID_id_tc26_gost_3410_2012_256_paramSetA: case NID_id_tc26_gost_3410_2012_512_paramSetC: @@ -70,6 +75,7 @@ int VKO_compute_key(unsigned char *shared_key, goto err; break; } +#endif if (!gost_ec_point_mul(grp, pnt, NULL, pub_key, scalar, ctx)) { GOSTerr(GOST_F_VKO_COMPUTE_KEY, GOST_R_ERROR_POINT_MUL); |