lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-08-01 10:06:53 +03:00
Code Activity

Merged support for secp224k1, secp192k1 and secp25k1

Browse Source
This commit is contained in:
Paul Bakker
2014-01-22 13:08:44 +01:00
parent 3eb9673e19 9af7d3a35b
commit 0ac99ca7bc
10 changed files with 319 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
library/ecdh.c
View File

@ -246,7 +246,7 @@ int ecdh_calc_secret( ecdh_context *ctx, size_t *olen,
if( mpi_size( &ctx->z ) > blen )
return( POLARSSL_ERR_ECP_BAD_INPUT_DATA );
*olen = ctx->grp.nbits / 8 + ( ( ctx->grp.nbits % 8 ) != 0 );
*olen = ctx->grp.pbits / 8 + ( ( ctx->grp.pbits % 8 ) != 0 );
return mpi_write_binary( &ctx->z, buf, *olen );
}

10
library/ecdsa.c
View File

@ -43,8 +43,16 @@
static int derive_mpi( const ecp_group *grp, mpi *x,
const unsigned char *buf, size_t blen )
{
int ret;
size_t n_size = (grp->nbits + 7) / 8;
return( mpi_read_binary( x, buf, blen > n_size ? n_size : blen ) );
size_t use_size = blen > n_size ? n_size : blen;
MPI_CHK( mpi_read_binary( x, buf, use_size ) );
if( use_size * 8 > grp->nbits )
MPI_CHK( mpi_shift_r( x, use_size * 8 - grp->nbits ) );
cleanup:
return( ret );
}
/*

9
library/ecp.c
View File

@ -140,6 +140,15 @@ static const ecp_curve_info ecp_supported_curves[] =
#endif
#if defined(POLARSSL_ECP_DP_SECP192R1_ENABLED)
{ POLARSSL_ECP_DP_SECP192R1, 19, 192, "secp192r1" },
#endif
#if defined(POLARSSL_ECP_DP_SECP256K1_ENABLED)
{ POLARSSL_ECP_DP_SECP256K1, 22, 256, "secp256k1" },
#endif
#if defined(POLARSSL_ECP_DP_SECP224K1_ENABLED)
{ POLARSSL_ECP_DP_SECP224K1, 20, 224, "secp224k1" },
#endif
#if defined(POLARSSL_ECP_DP_SECP192K1_ENABLED)
{ POLARSSL_ECP_DP_SECP192K1, 18, 192, "secp192k1" },
#endif
{ POLARSSL_ECP_DP_NONE, 0, 0, NULL },
};

259
library/ecp_curves.c
View File

@ -318,6 +318,101 @@ static t_uint secp521r1_n[] = {
};
#endif /* POLARSSL_ECP_DP_SECP521R1_ENABLED */
#if defined(POLARSSL_ECP_DP_SECP192K1_ENABLED)
static t_uint secp192k1_p[] = {
BYTES_TO_T_UINT_8( 0x37, 0xEE, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF ),
BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
};
static t_uint secp192k1_a[] = {
BYTES_TO_T_UINT_2( 0x00, 0x00 ),
};
static t_uint secp192k1_b[] = {
BYTES_TO_T_UINT_2( 0x03, 0x00 ),
};
static t_uint secp192k1_gx[] = {
BYTES_TO_T_UINT_8( 0x7D, 0x6C, 0xE0, 0xEA, 0xB1, 0xD1, 0xA5, 0x1D ),
BYTES_TO_T_UINT_8( 0x34, 0xF4, 0xB7, 0x80, 0x02, 0x7D, 0xB0, 0x26 ),
BYTES_TO_T_UINT_8( 0xAE, 0xE9, 0x57, 0xC0, 0x0E, 0xF1, 0x4F, 0xDB ),
};
static t_uint secp192k1_gy[] = {
BYTES_TO_T_UINT_8( 0x9D, 0x2F, 0x5E, 0xD9, 0x88, 0xAA, 0x82, 0x40 ),
BYTES_TO_T_UINT_8( 0x34, 0x86, 0xBE, 0x15, 0xD0, 0x63, 0x41, 0x84 ),
BYTES_TO_T_UINT_8( 0xA7, 0x28, 0x56, 0x9C, 0x6D, 0x2F, 0x2F, 0x9B ),
};
static t_uint secp192k1_n[] = {
BYTES_TO_T_UINT_8( 0x8D, 0xFD, 0xDE, 0x74, 0x6A, 0x46, 0x69, 0x0F ),
BYTES_TO_T_UINT_8( 0x17, 0xFC, 0xF2, 0x26, 0xFE, 0xFF, 0xFF, 0xFF ),
BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
};
#endif /* POLARSSL_ECP_DP_SECP192K1_ENABLED */
#if defined(POLARSSL_ECP_DP_SECP224K1_ENABLED)
static t_uint secp224k1_p[] = {
BYTES_TO_T_UINT_8( 0x6D, 0xE5, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF ),
BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
BYTES_TO_T_UINT_4( 0xFF, 0xFF, 0xFF, 0xFF ),
};
static t_uint secp224k1_a[] = {
BYTES_TO_T_UINT_2( 0x00, 0x00 ),
};
static t_uint secp224k1_b[] = {
BYTES_TO_T_UINT_2( 0x05, 0x00 ),
};
static t_uint secp224k1_gx[] = {
BYTES_TO_T_UINT_8( 0x5C, 0xA4, 0xB7, 0xB6, 0x0E, 0x65, 0x7E, 0x0F ),
BYTES_TO_T_UINT_8( 0xA9, 0x75, 0x70, 0xE4, 0xE9, 0x67, 0xA4, 0x69 ),
BYTES_TO_T_UINT_8( 0xA1, 0x28, 0xFC, 0x30, 0xDF, 0x99, 0xF0, 0x4D ),
BYTES_TO_T_UINT_4( 0x33, 0x5B, 0x45, 0xA1 ),
};
static t_uint secp224k1_gy[] = {
BYTES_TO_T_UINT_8( 0xA5, 0x61, 0x6D, 0x55, 0xDB, 0x4B, 0xCA, 0xE2 ),
BYTES_TO_T_UINT_8( 0x59, 0xBD, 0xB0, 0xC0, 0xF7, 0x19, 0xE3, 0xF7 ),
BYTES_TO_T_UINT_8( 0xD6, 0xFB, 0xCA, 0x82, 0x42, 0x34, 0xBA, 0x7F ),
BYTES_TO_T_UINT_4( 0xED, 0x9F, 0x08, 0x7E ),
};
static t_uint secp224k1_n[] = {
BYTES_TO_T_UINT_8( 0xF7, 0xB1, 0x9F, 0x76, 0x71, 0xA9, 0xF0, 0xCA ),
BYTES_TO_T_UINT_8( 0x84, 0x61, 0xEC, 0xD2, 0xE8, 0xDC, 0x01, 0x00 ),
BYTES_TO_T_UINT_8( 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 ),
BYTES_TO_T_UINT_8( 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00 ),
};
#endif /* POLARSSL_ECP_DP_SECP224K1_ENABLED */
#if defined(POLARSSL_ECP_DP_SECP256K1_ENABLED)
static t_uint secp256k1_p[] = {
BYTES_TO_T_UINT_8( 0x2F, 0xFC, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF ),
BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
};
static t_uint secp256k1_a[] = {
BYTES_TO_T_UINT_2( 0x00, 0x00 ),
};
static t_uint secp256k1_b[] = {
BYTES_TO_T_UINT_2( 0x07, 0x00 ),
};
static t_uint secp256k1_gx[] = {
BYTES_TO_T_UINT_8( 0x98, 0x17, 0xF8, 0x16, 0x5B, 0x81, 0xF2, 0x59 ),
BYTES_TO_T_UINT_8( 0xD9, 0x28, 0xCE, 0x2D, 0xDB, 0xFC, 0x9B, 0x02 ),
BYTES_TO_T_UINT_8( 0x07, 0x0B, 0x87, 0xCE, 0x95, 0x62, 0xA0, 0x55 ),
BYTES_TO_T_UINT_8( 0xAC, 0xBB, 0xDC, 0xF9, 0x7E, 0x66, 0xBE, 0x79 ),
};
static t_uint secp256k1_gy[] = {
BYTES_TO_T_UINT_8( 0xB8, 0xD4, 0x10, 0xFB, 0x8F, 0xD0, 0x47, 0x9C ),
BYTES_TO_T_UINT_8( 0x19, 0x54, 0x85, 0xA6, 0x48, 0xB4, 0x17, 0xFD ),
BYTES_TO_T_UINT_8( 0xA8, 0x08, 0x11, 0x0E, 0xFC, 0xFB, 0xA4, 0x5D ),
BYTES_TO_T_UINT_8( 0x65, 0xC4, 0xA3, 0x26, 0x77, 0xDA, 0x3A, 0x48 ),
};
static t_uint secp256k1_n[] = {
BYTES_TO_T_UINT_8( 0x41, 0x41, 0x36, 0xD0, 0x8C, 0x5E, 0xD2, 0xBF ),
BYTES_TO_T_UINT_8( 0x3B, 0xA0, 0x48, 0xAF, 0xE6, 0xDC, 0xAE, 0xBA ),
BYTES_TO_T_UINT_8( 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
BYTES_TO_T_UINT_8( 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF ),
};
#endif /* POLARSSL_ECP_DP_SECP256K1_ENABLED */
/*
* Domain parameters for brainpoolP256r1 (RFC 5639 3.4)
*/
@ -548,15 +643,26 @@ static int ecp_mod_p384( mpi * );
#if defined(POLARSSL_ECP_DP_SECP521R1_ENABLED)
static int ecp_mod_p521( mpi * );
#endif
#if defined(POLARSSL_ECP_DP_M255_ENABLED)
static int ecp_mod_p255( mpi * );
#endif
#define NIST_MODP( P ) grp->modp = ecp_mod_ ## P;
#else
#define NIST_MODP( P )
#endif /* POLARSSL_ECP_NIST_OPTIM */
/* Additional forward declarations */
#if defined(POLARSSL_ECP_DP_M255_ENABLED)
static int ecp_mod_p255( mpi * );
#endif
#if defined(POLARSSL_ECP_DP_SECP192K1_ENABLED)
static int ecp_mod_p192k1( mpi * );
#endif
#if defined(POLARSSL_ECP_DP_SECP224K1_ENABLED)
static int ecp_mod_p224k1( mpi * );
#endif
#if defined(POLARSSL_ECP_DP_SECP256K1_ENABLED)
static int ecp_mod_p256k1( mpi * );
#endif
#define LOAD_GROUP_A( G ) ecp_group_load( grp, \
G ## _p, sizeof( G ## _p ), \
G ## _a, sizeof( G ## _a ), \
@ -648,6 +754,24 @@ int ecp_use_known_dp( ecp_group *grp, ecp_group_id id )
return( LOAD_GROUP( secp521r1 ) );
#endif /* POLARSSL_ECP_DP_SECP521R1_ENABLED */
#if defined(POLARSSL_ECP_DP_SECP192K1_ENABLED)
case POLARSSL_ECP_DP_SECP192K1:
grp->modp = ecp_mod_p192k1;
return( LOAD_GROUP_A( secp192k1 ) );
#endif /* POLARSSL_ECP_DP_SECP192K1_ENABLED */
#if defined(POLARSSL_ECP_DP_SECP224K1_ENABLED)
case POLARSSL_ECP_DP_SECP224K1:
grp->modp = ecp_mod_p224k1;
return( LOAD_GROUP_A( secp224k1 ) );
#endif /* POLARSSL_ECP_DP_SECP224K1_ENABLED */
#if defined(POLARSSL_ECP_DP_SECP256K1_ENABLED)
case POLARSSL_ECP_DP_SECP256K1:
grp->modp = ecp_mod_p256k1;
return( LOAD_GROUP_A( secp256k1 ) );
#endif /* POLARSSL_ECP_DP_SECP256K1_ENABLED */
#if defined(POLARSSL_ECP_DP_BP256R1_ENABLED)
case POLARSSL_ECP_DP_BP256R1:
return( LOAD_GROUP_A( brainpoolP256r1 ) );
@ -1085,7 +1209,7 @@ cleanup:
/*
* Fast quasi-reduction modulo p255 = 2^255 - 19
* Write N as A1 + 2^255 A1, return A0 + 19 * A1
* Write N as A0 + 2^255 A1, return A0 + 19 * A1
*/
static int ecp_mod_p255( mpi *N )
{
@ -1122,4 +1246,131 @@ cleanup:
}
#endif /* POLARSSL_ECP_DP_M255_ENABLED */
#if defined(POLARSSL_ECP_DP_SECP192K1_ENABLED) || \
defined(POLARSSL_ECP_DP_SECP224K1_ENABLED) || \
defined(POLARSSL_ECP_DP_SECP256K1_ENABLED)
/*
* Fast quasi-reduction modulo P = 2^s - R,
* with R about 33 bits, used by the Koblitz curves.
*
* Write N as A0 + 2^224 A1, return A0 + R * A1.
* Actually do two passes, since R is big.
*/
#define P_KOBLITZ_MAX ( 256 / 8 / sizeof( t_uint ) ) // Max limbs in P
#define P_KOBLITZ_R ( 8 / sizeof( t_uint ) ) // Limbs in R
static inline int ecp_mod_koblitz( mpi *N, t_uint *Rp, size_t p_limbs,
size_t adjust, size_t shift, t_uint mask )
{
int ret;
size_t i;
mpi M, R;
t_uint Mp[P_KOBLITZ_MAX + P_KOBLITZ_R];
if( N->n < p_limbs )
return( 0 );
/* Init R */
R.s = 1;
R.p = Rp;
R.n = P_KOBLITZ_R;
/* Common setup for M */
M.s = 1;
M.p = Mp;
/* M = A1 */
M.n = N->n - ( p_limbs - adjust );
if( M.n > p_limbs + adjust )
M.n = p_limbs + adjust;
memset( Mp, 0, sizeof Mp );
memcpy( Mp, N->p + p_limbs - adjust, M.n * sizeof( t_uint ) );
if (shift != 0 )
MPI_CHK( mpi_shift_r( &M, shift ) );
M.n += R.n - adjust; /* Make room for multiplication by R */
/* N = A0 */
if (mask != 0 )
N->p[p_limbs - 1] &= mask;
for( i = p_limbs; i < N->n; i++ )
N->p[i] = 0;
/* N = A0 + R * A1 */
MPI_CHK( mpi_mul_mpi( &M, &M, &R ) );
MPI_CHK( mpi_add_abs( N, N, &M ) );
/* Second pass */
/* M = A1 */
M.n = N->n - ( p_limbs - adjust );
if( M.n > p_limbs + adjust )
M.n = p_limbs + adjust;
memset( Mp, 0, sizeof Mp );
memcpy( Mp, N->p + p_limbs - adjust, M.n * sizeof( t_uint ) );
if (shift != 0 )
MPI_CHK( mpi_shift_r( &M, shift ) );
M.n += R.n - adjust; /* Make room for multiplication by R */
/* N = A0 */
if (mask != 0 )
N->p[p_limbs - 1] &= mask;
for( i = p_limbs; i < N->n; i++ )
N->p[i] = 0;
/* N = A0 + R * A1 */
MPI_CHK( mpi_mul_mpi( &M, &M, &R ) );
MPI_CHK( mpi_add_abs( N, N, &M ) );
cleanup:
return( ret );
}
#endif /* POLARSSL_ECP_DP_SECP192K1_ENABLED) ||
POLARSSL_ECP_DP_SECP224K1_ENABLED) ||
POLARSSL_ECP_DP_SECP256K1_ENABLED) */
#if defined(POLARSSL_ECP_DP_SECP192K1_ENABLED)
/*
* Fast quasi-reduction modulo p192k1 = 2^192 - R,
* with R = 2^32 + 2^12 + 2^8 + 2^7 + 2^6 + 2^3 + 1 = 0x0100001119
*/
static int ecp_mod_p192k1( mpi *N )
{
static t_uint Rp[] = {
BYTES_TO_T_UINT_8( 0xC9, 0x11, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00 ) };
return( ecp_mod_koblitz( N, Rp, 192 / 8 / sizeof( t_uint ), 0, 0, 0 ) );
}
#endif /* POLARSSL_ECP_DP_SECP192K1_ENABLED */
#if defined(POLARSSL_ECP_DP_SECP224K1_ENABLED)
/*
* Fast quasi-reduction modulo p224k1 = 2^224 - R,
* with R = 2^32 + 2^12 + 2^11 + 2^9 + 2^7 + 2^4 + 2 + 1 = 0x0100001A93
*/
static int ecp_mod_p224k1( mpi *N )
{
static t_uint Rp[] = {
BYTES_TO_T_UINT_8( 0x93, 0x1A, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00 ) };
#if defined(POLARSSL_HAVE_INT64)
return( ecp_mod_koblitz( N, Rp, 4, 1, 32, 0xFFFFFFFF ) );
#else
return( ecp_mod_koblitz( N, Rp, 224 / 8 / sizeof( t_uint ), 0, 0, 0 ) );
#endif
}
#endif /* POLARSSL_ECP_DP_SECP224K1_ENABLED */
#if defined(POLARSSL_ECP_DP_SECP256K1_ENABLED)
/*
* Fast quasi-reduction modulo p256k1 = 2^256 - R,
* with R = 2^32 + 2^9 + 2^8 + 2^7 + 2^6 + 2^4 + 1 = 0x01000003D1
*/
static int ecp_mod_p256k1( mpi *N )
{
static t_uint Rp[] = {
BYTES_TO_T_UINT_8( 0xD1, 0x03, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00 ) };
return( ecp_mod_koblitz( N, Rp, 256 / 8 / sizeof( t_uint ), 0, 0, 0 ) );
}
#endif /* POLARSSL_ECP_DP_SECP256K1_ENABLED */
#endif

12
library/oid.c
View File

@ -402,6 +402,18 @@ static const oid_ecp_grp_t oid_ecp_grp[] =
{ ADD_LEN( OID_EC_GRP_SECP521R1 ), "secp521r1", "secp521r1" },
POLARSSL_ECP_DP_SECP521R1,
},
{
{ ADD_LEN( OID_EC_GRP_SECP192K1 ), "secp192k1", "secp192k1" },
POLARSSL_ECP_DP_SECP192K1,
},
{
{ ADD_LEN( OID_EC_GRP_SECP224K1 ), "secp224k1", "secp224k1" },
POLARSSL_ECP_DP_SECP224K1,
},
{
{ ADD_LEN( OID_EC_GRP_SECP256K1 ), "secp256k1", "secp256k1" },
POLARSSL_ECP_DP_SECP256K1,
},
{
{ ADD_LEN( OID_EC_GRP_BP256R1 ), "brainpoolP256r1","brainpool256r1" },
POLARSSL_ECP_DP_BP256R1,