diff options
| -rw-r--r-- | checks/ec_tests.cpp | 78 | ||||
| -rw-r--r-- | src/math/gfpmath/point_gfp.cpp | 28 | ||||
| -rw-r--r-- | src/math/gfpmath/point_gfp.h | 4 | ||||
| -rw-r--r-- | src/pubkey/ecdsa/ecdsa_op.cpp | 6 | ||||
| -rw-r--r-- | src/pubkey/eckaeg/eckaeg_op.cpp | 14 | ||||
| -rw-r--r-- | src/pubkey/gost_3410/gost_3410.cpp | 10 |
6 files changed, 52 insertions, 88 deletions
diff --git a/checks/ec_tests.cpp b/checks/ec_tests.cpp index ae8ee65e9..c05008435 100644 --- a/checks/ec_tests.cpp +++ b/checks/ec_tests.cpp @@ -64,29 +64,29 @@ void test_point_turn_on_sp_red_mul() BigInt d("459183204582304"); PointGFp r1 = d * p_G; - CHECK(r1.get_affine_x().get_value() != BigInt("0")); + CHECK(r1.get_affine_x() != BigInt("0")); PointGFp p_G2(p_G); PointGFp r2 = d * p_G2; CHECK_MESSAGE(r1 == r2, "error with point mul after extra turn on sp red mul"); - CHECK(r1.get_affine_x().get_value() != BigInt("0")); + CHECK(r1.get_affine_x() != BigInt("0")); PointGFp p_r1 = r1; PointGFp p_r2 = r2; - p_r1.mult2_in_place(); // wird für Fehler nicht gebraucht - p_r2.mult2_in_place(); // wird für Fehler nicht gebraucht + p_r1.mult2_in_place(); + p_r2.mult2_in_place(); CHECK_MESSAGE(p_r1.get_affine_x() == p_r2.get_affine_x(), "error with mult2 after extra turn on sp red mul"); - CHECK(p_r1.get_affine_x().get_value() != BigInt("0")); - CHECK(p_r2.get_affine_x().get_value() != BigInt("0")); + CHECK(p_r1.get_affine_x() != BigInt("0")); + CHECK(p_r2.get_affine_x() != BigInt("0")); r1.mult2_in_place(); r2.mult2_in_place(); CHECK_MESSAGE(r1 == r2, "error with mult2 after extra turn on sp red mul"); CHECK_MESSAGE(r1.get_affine_x() == r2.get_affine_x(), "error with mult2 after extra turn on sp red mul"); - CHECK(r1.get_affine_x().get_value() != BigInt("0")); + CHECK(r1.get_affine_x() != BigInt("0")); //std::cout << "r1 x = " << r1.get_affine_x() << endl; r1 += p_G; r2 += p_G2; @@ -146,8 +146,8 @@ void test_coordinates() CHECK( p1.get_jac_proj_x().get_value() == exp_x); CHECK( p1.get_jac_proj_y().get_value() == exp_y); CHECK( p1.get_jac_proj_z().get_value() == exp_z); - CHECK_MESSAGE( p1.get_affine_x().get_value() == exp_affine_x, " p1_x = " << p1.get_affine_x().get_value() << "\n" << "exp_x = " << exp_affine_x << "\n"); - CHECK_MESSAGE( p1.get_affine_y().get_value() == exp_affine_y, " p1_y = " << p1.get_affine_y().get_value() << "\n" << "exp_y = " << exp_affine_y << "\n"); + CHECK_MESSAGE( p1.get_affine_x() == exp_affine_x, " p1_x = " << p1.get_affine_x() << "\n" << "exp_x = " << exp_affine_x << "\n"); + CHECK_MESSAGE( p1.get_affine_y() == exp_affine_y, " p1_y = " << p1.get_affine_y() << "\n" << "exp_y = " << exp_affine_y << "\n"); } @@ -179,8 +179,8 @@ void test_point_transformation () CHECK_MESSAGE( p.get_jac_proj_x().get_value() == q.get_jac_proj_x().get_value(), "projective_x changed while turning on montg.!"); CHECK_MESSAGE( p.get_jac_proj_y().get_value() == q.get_jac_proj_y().get_value(), "projective_y changed while turning on montg.!"); CHECK_MESSAGE( p.get_jac_proj_z().get_value() == q.get_jac_proj_z().get_value(), "projective_z changed while turning on montg.!"); - CHECK_MESSAGE( p.get_affine_x().get_value() == q.get_affine_x().get_value(), "affine_x changed while turning on montg.!"); - CHECK_MESSAGE( p.get_affine_y().get_value() == q.get_affine_y().get_value(), "affine_y changed while turning on montg.!"); + CHECK_MESSAGE( p.get_affine_x() == q.get_affine_x(), "affine_x changed while turning on montg.!"); + CHECK_MESSAGE( p.get_affine_y() == q.get_affine_y(), "affine_y changed while turning on montg.!"); } void test_point_mult () @@ -220,23 +220,6 @@ void test_point_mult () } #if 0 -void test_montgm_calc_R () - { - // this tests isnt´t correct anymore. the determination of R has changed - // to be 0 mod word_range. - - // setting up (expected) values - BigInt prime_modulus(101); - u64bit n = prime_modulus.bits(); - BigInt exp_R(128); - // function under test - BigInt calc_R = montgm_calc_r_oddmod(prime_modulus); - CHECK_MESSAGE(exp_R == calc_R, "exp_R = " << exp_R << ", calc_R = " << calc_R << ", n = " << n << "\n"); - - } -#endif - -#if 0 void test_naive_montg_mult () { std::cout << "." << std::flush; @@ -260,32 +243,6 @@ void test_naive_montg_mult () } #endif -#if 0 - -void test_trf_mres () - { - // this tests isnt´t correct anymore. the determination of R has changed - // to be 0 mod word_range. - - // - BigInt modulus(11); - BigInt r = montgm_calc_r_oddmod(modulus); - //cout << "r = " << r << "\n"; - BigInt r_inv = inverse_mod(r, modulus); - //cout << "r_inv = " << r_inv << "\n"; - // see C43: - BigInt exp_m_dash(13); - BigInt calc_m_dash = montgm_calc_m_dash(r, modulus, r_inv); - CHECK_MESSAGE(exp_m_dash == calc_m_dash, "exp_m_dash = " << exp_m_dash << "\n" << "calc_m_dash = " << calc_m_dash << "\n"); - BigInt ord_res(7); - BigInt exp_m_res(2); // see C43 - BigInt calc_m_res = montg_trf_to_mres(ord_res, r, modulus); - CHECK_MESSAGE(calc_m_res == exp_m_res, "calc_m_res = " << calc_m_res << "\nexp_m_res = " << exp_m_res); - BigInt calc_ord_res_back = montg_trf_to_ordres(calc_m_res,modulus, r_inv); - CHECK_MESSAGE(ord_res == calc_ord_res_back, "ord_res = " << ord_res << "\ncalc_ord_res_back = " << calc_ord_res_back << "\n"); - } -#endif - void test_point_negative() { std::cout << "." << std::flush; @@ -835,8 +792,6 @@ void test_more_zeropoint() std::cout << "." << std::flush; // by Falko - - std::string G = "024a96b5688ef573284664698968c38bb913cbfc82"; SecureVector<byte> sv_G_secp_comp = decode_hex ( G ); BigInt bi_p("0xffffffffffffffffffffffffffffffff7fffffff"); @@ -859,13 +814,14 @@ void test_more_zeropoint() minus_p1.check_invariants(); PointGFp shouldBeZero = p1 + minus_p1; shouldBeZero.check_invariants(); - GFpElement x1 = p1.get_affine_x(); - GFpElement y1 = p1.get_affine_y(); - GFpElement shouldBeY2 = -y1; + BigInt y1 = p1.get_affine_y(); + y1 = curve.get_p() - y1; - CHECK_MESSAGE(minus_p1.get_affine_x() == x1, "problem with minus_p1 : x"); - CHECK_MESSAGE(minus_p1.get_affine_y() == shouldBeY2, "problem with minus_p1 : y"); + CHECK_MESSAGE(p1.get_affine_x() == minus_p1.get_affine_x(), + "problem with minus_p1 : x"); + CHECK_MESSAGE(minus_p1.get_affine_y() == y1, + "problem with minus_p1 : y"); PointGFp zero(curve); zero.check_invariants(); diff --git a/src/math/gfpmath/point_gfp.cpp b/src/math/gfpmath/point_gfp.cpp index e32cd14d8..f76853085 100644 --- a/src/math/gfpmath/point_gfp.cpp +++ b/src/math/gfpmath/point_gfp.cpp @@ -278,22 +278,28 @@ const PointGFp& PointGFp::set_z_to_one() return *this; } -GFpElement PointGFp::get_affine_x() const +BigInt PointGFp::get_affine_x() const { if(is_zero()) throw Illegal_Transformation("cannot convert to affine"); GFpElement z2 = mZ * mZ; - return mX * z2.inverse_in_place(); + z2.inverse_in_place(); + z2 *= mX; + + return z2.get_value(); } -GFpElement PointGFp::get_affine_y() const +BigInt PointGFp::get_affine_y() const { if(is_zero()) throw Illegal_Transformation("cannot convert to affine"); GFpElement z3 = mZ * mZ * mZ; - return mY * z3.inverse_in_place(); + z3.inverse_in_place(); + z3 *= mY; + + return z3.get_value(); } // Is this the point at infinity? @@ -385,7 +391,7 @@ PointGFp operator*(const PointGFp& point, const BigInt& scalar) SecureVector<byte> EC2OSP(const PointGFp& point, byte format) { if(format == PointGFp::UNCOMPRESSED) - return result = encode_uncompressed(point); + return encode_uncompressed(point); else if(format == PointGFp::COMPRESSED) return encode_compressed(point); else if(format == PointGFp::HYBRID) @@ -412,10 +418,10 @@ SecureVector<byte> encode_compressed(const PointGFp& point) l /= 8; SecureVector<byte> result (l+1); result[0] = 2; - BigInt x = point.get_affine_x().get_value(); + BigInt x = point.get_affine_x(); SecureVector<byte> bX = BigInt::encode_1363(x, l); result.copy(1, bX.begin(), bX.size()); - BigInt y = point.get_affine_y().get_value(); + BigInt y = point.get_affine_y(); if(y.get_bit(0)) { result[0] |= 1; @@ -440,8 +446,8 @@ SecureVector<byte> encode_uncompressed(const PointGFp& point) l /= 8; SecureVector<byte> result (2*l+1); result[0] = 4; - BigInt x = point.get_affine_x().get_value(); - BigInt y = point.get_affine_y().get_value(); + BigInt x = point.get_affine_x(); + BigInt y = point.get_affine_y(); SecureVector<byte> bX = BigInt::encode_1363(x, l); SecureVector<byte> bY = BigInt::encode_1363(y, l); result.copy(1, bX.begin(), l); @@ -467,8 +473,8 @@ SecureVector<byte> encode_hybrid(const PointGFp& point) l /= 8; SecureVector<byte> result (2*l+1); result[0] = 6; - BigInt x = point.get_affine_x().get_value(); - BigInt y = point.get_affine_y().get_value(); + BigInt x = point.get_affine_x(); + BigInt y = point.get_affine_y(); SecureVector<byte> bX = BigInt::encode_1363(x, l); SecureVector<byte> bY = BigInt::encode_1363(y, l); result.copy(1, bX.begin(), bX.size()); diff --git a/src/math/gfpmath/point_gfp.h b/src/math/gfpmath/point_gfp.h index 9c67ae53c..9f29896cb 100644 --- a/src/math/gfpmath/point_gfp.h +++ b/src/math/gfpmath/point_gfp.h @@ -121,13 +121,13 @@ class BOTAN_DLL PointGFp * get affine x coordinate * @result affine x coordinate */ - GFpElement get_affine_x() const; + BigInt get_affine_x() const; /** * get affine y coordinate * @result affine y coordinate */ - GFpElement get_affine_y() const; + BigInt get_affine_y() const; /** * get the jacobian projective x coordinate diff --git a/src/pubkey/ecdsa/ecdsa_op.cpp b/src/pubkey/ecdsa/ecdsa_op.cpp index d37809962..0fb9fc564 100644 --- a/src/pubkey/ecdsa/ecdsa_op.cpp +++ b/src/pubkey/ecdsa/ecdsa_op.cpp @@ -1,7 +1,7 @@ /* * ECDSA Operation * (C) 2007 FlexSecure GmbH -* 2008-2009 Jack Lloyd +* 2008-2010 Jack Lloyd * * Distributed under the terms of the Botan license */ @@ -44,7 +44,7 @@ bool Default_ECDSA_Op::verify(const byte msg[], u32bit msg_len, if(R.is_zero()) return false; - BigInt x = R.get_affine_x().get_value(); + BigInt x = R.get_affine_x(); return (x % n == r); } @@ -64,7 +64,7 @@ SecureVector<byte> Default_ECDSA_Op::sign(const byte msg[], u32bit msg_len, PointGFp k_times_P = dom_pars.get_base_point() * k; k_times_P.check_invariants(); - BigInt r = k_times_P.get_affine_x().get_value() % n; + BigInt r = k_times_P.get_affine_x() % n; if(r == 0) throw Internal_Error("Default_ECDSA_Op::sign: r was zero"); diff --git a/src/pubkey/eckaeg/eckaeg_op.cpp b/src/pubkey/eckaeg/eckaeg_op.cpp index 1af5cb165..4fb0a23eb 100644 --- a/src/pubkey/eckaeg/eckaeg_op.cpp +++ b/src/pubkey/eckaeg/eckaeg_op.cpp @@ -1,7 +1,7 @@ /* * ECKAEG Operation * (C) 2007 FlexSecure GmbH -* 2008 Jack Lloyd +* 2008-2010 Jack Lloyd * * Distributed under the terms of the Botan license */ @@ -22,16 +22,18 @@ Default_ECKAEG_Op::Default_ECKAEG_Op(const EC_Domain_Params& dom_pars, SecureVector<byte> Default_ECKAEG_Op::agree(const PointGFp& i) const { - BigInt cofactor(m_dom_pars.get_cofactor()); + BigInt cofactor = m_dom_pars.get_cofactor(); BigInt n = m_dom_pars.get_order(); - BigInt l(inverse_mod(cofactor,n)); // l=h^-1 mod n - PointGFp Q(cofactor*i); // q = h*Pb - PointGFp S(Q); + BigInt l = inverse_mod(cofactor, n); + + PointGFp S = cofactor * i; S *= (m_priv_key * l) % n; S.check_invariants(); - return FE2OSP(S.get_affine_x()); // fe2os(xs) + + return BigInt::encode_1363(S.get_affine_x(), + S.get_curve().get_p().bytes()); } } diff --git a/src/pubkey/gost_3410/gost_3410.cpp b/src/pubkey/gost_3410/gost_3410.cpp index bb68e2b8d..24e078dca 100644 --- a/src/pubkey/gost_3410/gost_3410.cpp +++ b/src/pubkey/gost_3410/gost_3410.cpp @@ -2,7 +2,7 @@ * GOST 34.10-2001 implemenation * (C) 2007 Falko Strenzke, FlexSecure GmbH * Manuel Hartl, FlexSecure GmbH -* (C) 2008-2009 Jack Lloyd +* (C) 2008-2010 Jack Lloyd * * Distributed under the terms of the Botan license */ @@ -72,8 +72,8 @@ X509_Encoder* GOST_3410_PublicKey::x509_encoder() const key->affirm_init(); // Trust CryptoPro to come up with something obnoxious - const BigInt x = key->mp_public_point->get_affine_x().get_value(); - const BigInt y = key->mp_public_point->get_affine_y().get_value(); + const BigInt x = key->mp_public_point->get_affine_x(); + const BigInt y = key->mp_public_point->get_affine_y(); SecureVector<byte> bits(2*std::max(x.bytes(), y.bytes())); @@ -234,7 +234,7 @@ bool GOST_3410_PublicKey::verify(const byte msg[], u32bit msg_len, PointGFp R = (z1 * mp_dom_pars->get_base_point() + z2 * *mp_public_point); - return (R.get_affine_x().get_value() == r); + return (R.get_affine_x() == r); } GOST_3410_PublicKey::GOST_3410_PublicKey(const EC_Domain_Params& dom_par, @@ -333,7 +333,7 @@ GOST_3410_PrivateKey::sign(const byte msg[], PointGFp k_times_P = mp_dom_pars->get_base_point() * k; k_times_P.check_invariants(); - BigInt r = k_times_P.get_affine_x().get_value() % n; + BigInt r = k_times_P.get_affine_x() % n; if(r == 0) throw Internal_Error("GOST_3410::sign: r was zero"); |