diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/math/gfpmath/curve_gfp.cpp | 45 | ||||
-rw-r--r-- | src/math/gfpmath/curve_gfp.h | 50 | ||||
-rw-r--r-- | src/math/gfpmath/info.txt | 1 | ||||
-rw-r--r-- | src/math/gfpmath/point_gfp.cpp | 26 | ||||
-rw-r--r-- | src/math/gfpmath/point_gfp.h | 1 | ||||
-rw-r--r-- | src/pubkey/ec_dompar/ec_dompar.cpp | 79 |
6 files changed, 80 insertions, 122 deletions
diff --git a/src/math/gfpmath/curve_gfp.cpp b/src/math/gfpmath/curve_gfp.cpp deleted file mode 100644 index b3be7d228..000000000 --- a/src/math/gfpmath/curve_gfp.cpp +++ /dev/null @@ -1,45 +0,0 @@ -/* -* Elliptic curves over GF(p) -* -* (C) 2007 Martin Doering, Christoph Ludwig, Falko Strenzke -* 2008-2010 Jack Lloyd -* -* Distributed under the terms of the Botan license -*/ - -#include <botan/curve_gfp.h> -#include <botan/bigint.h> -#include <assert.h> -#include <ostream> - -namespace Botan { - -CurveGFp::CurveGFp(const GFpElement& a, const GFpElement& b, - const BigInt& p) : - modulus(p), mA(a), mB(b) - { - if(p != mA.get_p() || p != mB.get_p()) - throw Invalid_Argument("could not construct curve: moduli of arguments differ"); - } - -// swaps the states of *this and other, does not throw -void CurveGFp::swap(CurveGFp& other) - { - std::swap(mA, other.mA); - std::swap(mB, other.mB); - std::swap(modulus, other.modulus); - } - -bool operator==(const CurveGFp& lhs, const CurveGFp& rhs) - { - return (lhs.get_p() == rhs.get_p() && - lhs.get_a() == rhs.get_a() && - lhs.get_b() == rhs.get_b()); - } - -std::ostream& operator<<(std::ostream& output, const CurveGFp& elem) - { - return output << "y^2 = x^3 + (" << elem.get_a() << ")x + (" << elem.get_b() << ")"; - } - -} diff --git a/src/math/gfpmath/curve_gfp.h b/src/math/gfpmath/curve_gfp.h index e4ee7c8f5..cc1d42290 100644 --- a/src/math/gfpmath/curve_gfp.h +++ b/src/math/gfpmath/curve_gfp.h @@ -10,8 +10,7 @@ #ifndef BOTAN_GFP_CURVE_H__ #define BOTAN_GFP_CURVE_H__ -#include <botan/gfp_element.h> -#include <iosfwd> +#include <botan/bigint.h> namespace Botan { @@ -24,12 +23,12 @@ class BOTAN_DLL CurveGFp /** * Construct the elliptic curve E: y^2 = x^3 + ax + b over GF(p) + * @param p prime number of the field * @param a first coefficient * @param b second coefficient - * @param p prime number of the field */ - CurveGFp(const GFpElement& a, const GFpElement& b, - const BigInt& p); + CurveGFp(const BigInt& p, const BigInt& a, const BigInt& b) : + p(p), a(a), b(b) {} // CurveGFp(const CurveGFp& other) = default; // CurveGFp& operator=(const CurveGFp& other) = default; @@ -38,58 +37,49 @@ class BOTAN_DLL CurveGFp * Get coefficient a * @result coefficient a */ - const GFpElement& get_a() const { return mA; } + const BigInt& get_a() const { return a; } /** * Get coefficient b * @result coefficient b */ - const GFpElement& get_b() const { return mB; } + const BigInt& get_b() const { return b; } /** * Get prime modulus of the field of the curve * @result prime modulus of the field of the curve */ - const BigInt& get_p() const { return modulus; } + const BigInt& get_p() const { return p; } /** * swaps the states of *this and other, does not throw * @param other The curve to swap values with */ - void swap(CurveGFp& other); + void swap(CurveGFp& other) + { + std::swap(a, other.a); + std::swap(b, other.b); + std::swap(p, other.p); + } + + bool operator==(const CurveGFp& other) const + { + return (p == other.p && a == other.a && b == other.b); + } private: - BigInt modulus; - GFpElement mA; - GFpElement mB; + BigInt p, a, b; }; -// relational operators -BOTAN_DLL bool operator==(const CurveGFp& lhs, const CurveGFp& rhs); - inline bool operator!=(const CurveGFp& lhs, const CurveGFp& rhs) { return !(lhs == rhs); } -// io operators -BOTAN_DLL std::ostream& operator<<(std::ostream& output, const CurveGFp& elem); - -// swaps the states of curve1 and curve2, does not throw! -// cf. Meyers, Item 25 -inline -void swap(CurveGFp& curve1, CurveGFp& curve2) - { - curve1.swap(curve2); - } - -} // namespace Botan - +} namespace std { -// swaps the states of curve1 and curve2, does not throw! -// cf. Meyers, Item 25 template<> inline void swap<Botan::CurveGFp>(Botan::CurveGFp& curve1, Botan::CurveGFp& curve2) diff --git a/src/math/gfpmath/info.txt b/src/math/gfpmath/info.txt index 8c80e9e9d..68cff026d 100644 --- a/src/math/gfpmath/info.txt +++ b/src/math/gfpmath/info.txt @@ -7,7 +7,6 @@ point_gfp.h </header:public> <source> -curve_gfp.cpp gfp_element.cpp point_gfp.cpp </source> diff --git a/src/math/gfpmath/point_gfp.cpp b/src/math/gfpmath/point_gfp.cpp index f9aaf5c3c..b8fe3351b 100644 --- a/src/math/gfpmath/point_gfp.cpp +++ b/src/math/gfpmath/point_gfp.cpp @@ -20,9 +20,9 @@ BigInt decompress_point(bool yMod2, { BigInt xpow3 = x * x * x; - BigInt g = curve.get_a().get_value() * x; + BigInt g = curve.get_a() * x; g += xpow3; - g += curve.get_b().get_value(); + g += curve.get_b(); g = g % curve.get_p(); BigInt z = ressol(g, curve.get_p()); @@ -209,7 +209,7 @@ PointGFp& PointGFp::mult2_in_place() S = x + x; - GFpElement a_z4 = curve.get_a(); + GFpElement a_z4(curve.get_p(), curve.get_a()); GFpElement z2 = point_z() * point_z(); a_z4 *= z2; @@ -327,16 +327,20 @@ void PointGFp::check_invariants() const if(coord_z == BigInt(1)) { - GFpElement ax = curve.get_a() * point_x(); - if(y2 != (x3 + ax + curve.get_b())) + GFpElement ax(curve.get_p(), curve.get_a()); + ax *= point_x(); + + GFpElement b(curve.get_p(), curve.get_b()); + + if(y2 != (x3 + ax + b)) throw Illegal_Point(); } GFpElement Zpow2 = point_z() * point_z(); GFpElement Zpow3 = Zpow2 * point_z(); - GFpElement AZpow4 = Zpow3 * point_z() * curve.get_a(); + GFpElement AZpow4 = Zpow3 * point_z() * GFpElement(curve.get_p(), curve.get_a()); const GFpElement aXZ4 = AZpow4 * point_x(); - const GFpElement bZ6 = curve.get_b() * Zpow3 * Zpow3; + const GFpElement bZ6 = GFpElement(curve.get_p(), curve.get_b()) * Zpow3 * Zpow3; if(y2 != (x3 + aXZ4 + bZ6)) throw Illegal_Point(); @@ -501,7 +505,13 @@ PointGFp create_random_point(RandomNumberGenerator& rng, GFpElement x = GFpElement(p, r); GFpElement x3 = x * x * x; - GFpElement y = (curve.get_a() * x) + (x3 * curve.get_b()); + GFpElement ax(curve.get_p(), curve.get_a()); + ax *= x; + + GFpElement bx3(curve.get_p(), curve.get_b()); + bx3 *= x3; + + GFpElement y = ax + bx3; if(ressol(y.get_value(), p) > 0) return PointGFp(curve, x.get_value(), y.get_value()); diff --git a/src/math/gfpmath/point_gfp.h b/src/math/gfpmath/point_gfp.h index 2da4b0506..6613da2e2 100644 --- a/src/math/gfpmath/point_gfp.h +++ b/src/math/gfpmath/point_gfp.h @@ -11,6 +11,7 @@ #define BOTAN_POINT_GFP_H__ #include <botan/curve_gfp.h> +#include <botan/gfp_element.h> #include <vector> namespace Botan { diff --git a/src/pubkey/ec_dompar/ec_dompar.cpp b/src/pubkey/ec_dompar/ec_dompar.cpp index 3719153f0..30a121875 100644 --- a/src/pubkey/ec_dompar/ec_dompar.cpp +++ b/src/pubkey/ec_dompar/ec_dompar.cpp @@ -429,18 +429,19 @@ EC_Domain_Params get_ec_dompar(const std::string& oid) std::vector<std::string> dom_par = get_standard_domain_parameter(oid); BigInt p(dom_par[0]); // give as 0x... - GFpElement a(p, BigInt(dom_par[1])); - GFpElement b(p, BigInt(dom_par[2])); + BigInt a(dom_par[1]); + BigInt b(dom_par[2]); + BigInt order(dom_par[4]); + BigInt cofactor(dom_par[5]); Pipe pipe(new Hex_Decoder); pipe.process_msg(dom_par[3]); SecureVector<byte> sv_g = pipe.read_all(); - CurveGFp curve(a, b, p); - PointGFp G = OS2ECP ( sv_g, curve ); + CurveGFp curve(p, a, b); + + PointGFp G = OS2ECP(sv_g, curve); G.check_invariants(); - BigInt order(dom_par[4]); - BigInt cofactor(dom_par[5]); EC_Domain_Params result(curve, G, order, cofactor); return result; } @@ -465,32 +466,32 @@ EC_Domain_Params::EC_Domain_Params(const CurveGFp& curve, const PointGFp& base_p namespace { -SecureVector<byte> encode_der_ec_dompar_explicit(EC_Domain_Params const& dom_pars) +SecureVector<byte> encode_der_ec_dompar_explicit(const EC_Domain_Params& dom_pars) { u32bit ecpVers1 = 1; OID curve_type_oid("1.2.840.10045.1.1"); - DER_Encoder der; + const u32bit p_bytes = dom_pars.get_curve().get_p().bytes(); - der.start_cons(SEQUENCE) + return DER_Encoder() + .start_cons(SEQUENCE) .encode(ecpVers1) .start_cons(SEQUENCE) .encode(curve_type_oid) .encode(dom_pars.get_curve().get_p()) .end_cons() .start_cons(SEQUENCE) - .encode(FE2OSP ( dom_pars.get_curve().get_a() ), OCTET_STRING) - .encode(FE2OSP ( dom_pars.get_curve().get_b() ), OCTET_STRING) + .encode(BigInt::encode_1363(dom_pars.get_curve().get_a(), p_bytes), OCTET_STRING) + .encode(BigInt::encode_1363(dom_pars.get_curve().get_b(), p_bytes), OCTET_STRING) .end_cons() .encode(EC2OSP ( dom_pars.get_base_point(), PointGFp::UNCOMPRESSED), OCTET_STRING) .encode(dom_pars.get_order()) .encode(dom_pars.get_cofactor()) - .end_cons(); - - return der.get_contents(); + .end_cons() + .get_contents(); } -EC_Domain_Params decode_ber_ec_dompar_explicit(SecureVector<byte> const& encoded) +EC_Domain_Params decode_ber_ec_dompar_explicit(const SecureVector<byte>& encoded) { BigInt ecpVers1(1); OID curve_type_oid; @@ -500,35 +501,37 @@ EC_Domain_Params decode_ber_ec_dompar_explicit(SecureVector<byte> const& encoded SecureVector<byte> sv_base_point; BigInt order; BigInt cofactor; - BER_Decoder dec(encoded); - dec - .start_cons(SEQUENCE) - .decode(ecpVers1) - .start_cons(SEQUENCE) - .decode(curve_type_oid) - .decode(p) - .end_cons() + + BER_Decoder(encoded) .start_cons(SEQUENCE) - .decode(sv_a, OCTET_STRING) - .decode(sv_b, OCTET_STRING) + .decode(ecpVers1) + .start_cons(SEQUENCE) + .decode(curve_type_oid) + .decode(p) + .end_cons() + .start_cons(SEQUENCE) + .decode(sv_a, OCTET_STRING) + .decode(sv_b, OCTET_STRING) + .end_cons() + .decode(sv_base_point, OCTET_STRING) + .decode(order) + .decode(cofactor) .end_cons() - .decode(sv_base_point, OCTET_STRING) - .decode(order) - .decode(cofactor) - .verify_end() - .end_cons(); + .verify_end(); + if(ecpVers1 != 1) - { throw Decoding_Error("wrong ecpVers"); - } + // Set the domain parameters if(curve_type_oid.as_string() != "1.2.840.10045.1.1") // NOTE: hardcoded: prime field type { throw Decoding_Error("wrong curve type oid where prime field was expected"); } - GFpElement a(p,BigInt::decode(sv_a, sv_a.size())); - GFpElement b(p,BigInt::decode(sv_b, sv_b.size())); - CurveGFp curve(a,b,p); + + CurveGFp curve(p, + BigInt::decode(sv_a, sv_a.size()), + BigInt::decode(sv_b, sv_b.size())); + PointGFp G = OS2ECP ( sv_base_point, curve ); G.check_invariants(); return EC_Domain_Params(curve, G, order, cofactor); @@ -536,7 +539,7 @@ EC_Domain_Params decode_ber_ec_dompar_explicit(SecureVector<byte> const& encoded } // end anonymous namespace -SecureVector<byte> encode_der_ec_dompar(EC_Domain_Params const& dom_pars, EC_dompar_enc enc_type) +SecureVector<byte> encode_der_ec_dompar(const EC_Domain_Params& dom_pars, EC_dompar_enc enc_type) { SecureVector<byte> result; @@ -560,7 +563,7 @@ SecureVector<byte> encode_der_ec_dompar(EC_Domain_Params const& dom_pars, EC_dom return result; } -EC_Domain_Params decode_ber_ec_dompar(SecureVector<byte> const& encoded) +EC_Domain_Params decode_ber_ec_dompar(const SecureVector<byte>& encoded) { BER_Decoder dec(encoded); BER_Object obj = dec.get_next_object(); @@ -579,7 +582,7 @@ EC_Domain_Params decode_ber_ec_dompar(SecureVector<byte> const& encoded) throw Decoding_Error("encountered unexpected when trying to decode domain parameters"); } -bool operator==(EC_Domain_Params const& lhs, EC_Domain_Params const& rhs) +bool operator==(const EC_Domain_Params& lhs, const EC_Domain_Params& rhs) { return ((lhs.get_curve() == rhs.get_curve()) && (lhs.get_base_point() == rhs.get_base_point()) && |