Lines Matching refs:ret
52 int ret, cmp; in __ecdsa_rfc6979_nonce() local
64 MUST_HAVE((k != NULL), ret, err); in __ecdsa_rfc6979_nonce()
65 MUST_HAVE((hash != NULL), ret, err); in __ecdsa_rfc6979_nonce()
66 ret = nn_check_initialized(q); EG(ret, err); in __ecdsa_rfc6979_nonce()
67 ret = nn_check_initialized(x); EG(ret, err); in __ecdsa_rfc6979_nonce()
71 MUST_HAVE((q_len <= EC_PRIV_KEY_MAX_SIZE) && (hsize <= MAX_BLOCK_SIZE), ret, err); in __ecdsa_rfc6979_nonce()
74 ret = local_memset(V, 0x01, hsize); EG(ret, err); in __ecdsa_rfc6979_nonce()
75 ret = local_memset(K, 0x00, hsize); EG(ret, err); in __ecdsa_rfc6979_nonce()
77 ret = nn_export_to_buf(priv_key_buff, q_len, x); EG(ret, err); in __ecdsa_rfc6979_nonce()
81 ret = hmac_init(&hmac_ctx, K, hsize, hash_type); EG(ret, err); in __ecdsa_rfc6979_nonce()
82 ret = hmac_update(&hmac_ctx, V, hsize); EG(ret, err); in __ecdsa_rfc6979_nonce()
85 ret = hmac_update(&hmac_ctx, &tmp, 1); EG(ret, err); in __ecdsa_rfc6979_nonce()
86 ret = hmac_update(&hmac_ctx, priv_key_buff, q_len); EG(ret, err); in __ecdsa_rfc6979_nonce()
89 ret = nn_init_from_buf(k, hash, hsize); EG(ret, err); in __ecdsa_rfc6979_nonce()
91 ret = nn_rshift(k, k, (bitcnt_t)((8 * hsize) - q_bit_len)); EG(ret, err); in __ecdsa_rfc6979_nonce()
93 ret = nn_mod(k, k, q); EG(ret, err); in __ecdsa_rfc6979_nonce()
94 ret = nn_export_to_buf(T, q_len, k); EG(ret, err); in __ecdsa_rfc6979_nonce()
95 ret = hmac_update(&hmac_ctx, T, q_len); EG(ret, err); in __ecdsa_rfc6979_nonce()
97 ret = hmac_finalize(&hmac_ctx, K, &hmac_size); EG(ret, err); in __ecdsa_rfc6979_nonce()
101 ret = hmac(K, hsize, hash_type, V, hsize, V, &hmac_size); EG(ret, err); in __ecdsa_rfc6979_nonce()
103 ret = hmac_init(&hmac_ctx, K, hsize, hash_type); EG(ret, err); in __ecdsa_rfc6979_nonce()
104 ret = hmac_update(&hmac_ctx, V, hsize); EG(ret, err); in __ecdsa_rfc6979_nonce()
107 ret = hmac_update(&hmac_ctx, &tmp, 1); EG(ret, err); in __ecdsa_rfc6979_nonce()
108 ret = hmac_update(&hmac_ctx, priv_key_buff, q_len); EG(ret, err); in __ecdsa_rfc6979_nonce()
111 ret = hmac_update(&hmac_ctx, T, q_len); EG(ret, err); in __ecdsa_rfc6979_nonce()
113 ret = hmac_finalize(&hmac_ctx, K, &hmac_size); EG(ret, err); in __ecdsa_rfc6979_nonce()
116 ret = hmac(K, hsize, hash_type, V, hsize, V, &hmac_size); EG(ret, err); in __ecdsa_rfc6979_nonce()
141 ret = hmac(K, hsize, hash_type, V, hsize, V, &hmac_size); EG(ret, err); in __ecdsa_rfc6979_nonce()
142 ret = local_memcpy(&T[BYTECEIL(t_bit_len)], V, hmac_size); EG(ret, err); in __ecdsa_rfc6979_nonce()
145 ret = nn_init_from_buf(k, T, q_len); EG(ret, err); in __ecdsa_rfc6979_nonce()
147 ret = nn_rshift(k, k, (bitcnt_t)((8 * q_len) - q_bit_len)); EG(ret, err); in __ecdsa_rfc6979_nonce()
149 ret = nn_cmp(k, q, &cmp); EG(ret, err); in __ecdsa_rfc6979_nonce()
152 ret = hmac_init(&hmac_ctx, K, hsize, hash_type); EG(ret, err); in __ecdsa_rfc6979_nonce()
153 ret = hmac_update(&hmac_ctx, V, hsize); EG(ret, err); in __ecdsa_rfc6979_nonce()
156 ret = hmac_update(&hmac_ctx, &tmp, 1); EG(ret, err); in __ecdsa_rfc6979_nonce()
159 ret = hmac_finalize(&hmac_ctx, K, &hmac_size); EG(ret, err); in __ecdsa_rfc6979_nonce()
162 ret = hmac(K, hsize, hash_type, V, hsize, V, &hmac_size); EG(ret, err); in __ecdsa_rfc6979_nonce()
168 return ret; in __ecdsa_rfc6979_nonce()
176 int ret, cmp; in __ecdsa_init_pub_key() local
179 MUST_HAVE((out_pub != NULL), ret, err); in __ecdsa_init_pub_key()
182 ret = local_memset(out_pub, 0, sizeof(ec_pub_key)); EG(ret, err); in __ecdsa_init_pub_key()
184 ret = priv_key_check_initialized_and_type(in_priv, key_type); EG(ret, err); in __ecdsa_init_pub_key()
188 MUST_HAVE((!nn_cmp(&(in_priv->x), q, &cmp)) && (cmp < 0), ret, err); in __ecdsa_init_pub_key()
193 ret = prj_pt_mul_blind(&(out_pub->y), &(in_priv->x), G); EG(ret, err); in __ecdsa_init_pub_key()
200 return ret; in __ecdsa_init_pub_key()
205 int ret; in __ecdsa_siglen() local
207 MUST_HAVE(siglen != NULL, ret, err); in __ecdsa_siglen()
210 (hsize <= MAX_DIGEST_SIZE) && (blocksize <= MAX_BLOCK_SIZE), ret, err); in __ecdsa_siglen()
212 ret = 0; in __ecdsa_siglen()
215 return ret; in __ecdsa_siglen()
262 #define ECDSA_SIGN_CHECK_INITIALIZED(A, ret, err) \ argument
263 MUST_HAVE((((void *)(A)) != NULL) && ((A)->magic == ECDSA_SIGN_MAGIC), ret, err)
267 int ret; in __ecdsa_sign_init() local
270 ret = sig_sign_check_initialized(ctx); EG(ret, err); in __ecdsa_sign_init()
273 ret = key_pair_check_initialized_and_type(ctx->key_pair, key_type); EG(ret, err); in __ecdsa_sign_init()
276 (ctx->h->block_size <= MAX_BLOCK_SIZE), ret, err); in __ecdsa_sign_init()
283 ret = hash_mapping_callbacks_sanity_check(ctx->h); EG(ret, err); in __ecdsa_sign_init()
284 ret = ctx->h->hfunc_init(&(ctx->sign_data.ecdsa.h_ctx)); EG(ret, err); in __ecdsa_sign_init()
289 return ret; in __ecdsa_sign_init()
295 int ret; in __ecdsa_sign_update() local
303 ret = sig_sign_check_initialized(ctx); EG(ret, err); in __ecdsa_sign_update()
304 ECDSA_SIGN_CHECK_INITIALIZED(&(ctx->sign_data.ecdsa), ret, err); in __ecdsa_sign_update()
307 ret = key_pair_check_initialized_and_type(ctx->key_pair, key_type); EG(ret, err); in __ecdsa_sign_update()
311 ret = hash_mapping_callbacks_sanity_check(ctx->h); EG(ret, err); in __ecdsa_sign_update()
312 ret = ctx->h->hfunc_update(&(ctx->sign_data.ecdsa.h_ctx), chunk, chunklen); in __ecdsa_sign_update()
315 return ret; in __ecdsa_sign_update()
321 int ret, iszero, cmp; in __ecdsa_sign_finalize() local
345 ret = sig_sign_check_initialized(ctx); EG(ret, err); in __ecdsa_sign_finalize()
346 ECDSA_SIGN_CHECK_INITIALIZED(&(ctx->sign_data.ecdsa), ret, err); in __ecdsa_sign_finalize()
347 MUST_HAVE((sig != NULL), ret, err); in __ecdsa_sign_finalize()
350 ret = key_pair_check_initialized_and_type(ctx->key_pair, key_type); EG(ret, err); in __ecdsa_sign_finalize()
353 ret = local_memset(&kG, 0, sizeof(prj_pt)); EG(ret, err); in __ecdsa_sign_finalize()
364 MUST_HAVE((priv_key->key_type == key_type), ret, err); in __ecdsa_sign_finalize()
367 ret = nn_cmp(x, q, &cmp); EG(ret, err); in __ecdsa_sign_finalize()
371 MUST_HAVE((cmp < 0), ret, err); in __ecdsa_sign_finalize()
380 MUST_HAVE((siglen == ECDSA_SIGLEN(q_bit_len)), ret, err); in __ecdsa_sign_finalize()
383 ret = local_memset(hash, 0, hsize); EG(ret, err); in __ecdsa_sign_finalize()
385 ret = hash_mapping_callbacks_sanity_check(ctx->h); EG(ret, err); in __ecdsa_sign_finalize()
386 ret = ctx->h->hfunc_finalize(&(ctx->sign_data.ecdsa.h_ctx), hash); EG(ret, err); in __ecdsa_sign_finalize()
407 ret = nn_init_from_buf(&e, hash, hsize); EG(ret, err); in __ecdsa_sign_finalize()
410 ret = nn_rshift_fixedlen(&e, &e, rshift); EG(ret, err); in __ecdsa_sign_finalize()
413 ret = nn_mod(&e, &e, q); EG(ret, err); in __ecdsa_sign_finalize()
430 ret = -1; in __ecdsa_sign_finalize()
439 ret = ctx->rand(&k, q); in __ecdsa_sign_finalize()
446 ret = -1; in __ecdsa_sign_finalize()
450 ret = __ecdsa_rfc6979_nonce(&k, q, q_bit_len, &(priv_key->x), in __ecdsa_sign_finalize()
456 ret = -1; in __ecdsa_sign_finalize()
460 if (ret) { in __ecdsa_sign_finalize()
461 ret = -1; in __ecdsa_sign_finalize()
469 ret = nn_get_random_mod(&b, q); EG(ret, err); in __ecdsa_sign_finalize()
477 ret = prj_pt_mul_blind(&kG, &k, G); EG(ret, err); in __ecdsa_sign_finalize()
479 ret = prj_pt_mul(&kG, &k, G); EG(ret, err); in __ecdsa_sign_finalize()
481 ret = prj_pt_unique(&kG, &kG); EG(ret, err); in __ecdsa_sign_finalize()
487 ret = nn_mod(&r, &(kG.X.fp_val), q); EG(ret, err); in __ecdsa_sign_finalize()
491 ret = nn_iszero(&r, &iszero); EG(ret, err); in __ecdsa_sign_finalize()
497 ret = local_memset(hash, 0, hsize); EG(ret, err); in __ecdsa_sign_finalize()
500 ret = nn_export_to_buf(sig, q_len, &r); EG(ret, err); in __ecdsa_sign_finalize()
504 ret = nn_mod_mul(&r, &r, &b, q); EG(ret, err); in __ecdsa_sign_finalize()
507 ret = nn_mod_mul(&e, &e, &b, q); EG(ret, err); in __ecdsa_sign_finalize()
511 ret = nn_mod_mul(&tmp, x, &r, q); EG(ret, err); in __ecdsa_sign_finalize()
515 ret = nn_cmp(&e, &tmp, &cmp); EG(ret, err); in __ecdsa_sign_finalize()
523 ret = nn_mod_add(&tmp, &tmp, &e, q); EG(ret, err); in __ecdsa_sign_finalize()
531 ret = nn_mod_mul(&k, &k, &b, q); EG(ret, err); in __ecdsa_sign_finalize()
537 ret = nn_modinv_fermat(&kinv, &k, q); EG(ret, err); in __ecdsa_sign_finalize()
542 ret = nn_mod_mul(&s, &tmp, &kinv, q); EG(ret, err); in __ecdsa_sign_finalize()
547 ret = nn_iszero(&s, &iszero); EG(ret, err); in __ecdsa_sign_finalize()
553 ret = nn_export_to_buf(sig + q_len, q_len, &s); in __ecdsa_sign_finalize()
585 return ret; in __ecdsa_sign_finalize()
616 #define ECDSA_VERIFY_CHECK_INITIALIZED(A, ret, err) \ argument
617 MUST_HAVE((((void *)(A)) != NULL) && ((A)->magic == ECDSA_VERIFY_MAGIC), ret, err)
626 int ret, cmp1, cmp2, iszero1, iszero2; in __ecdsa_verify_init() local
629 ret = sig_verify_check_initialized(ctx); EG(ret, err); in __ecdsa_verify_init()
632 ret = pub_key_check_initialized_and_type(ctx->pub_key, key_type); EG(ret, err); in __ecdsa_verify_init()
634 (ctx->h->block_size <= MAX_BLOCK_SIZE), ret, err); in __ecdsa_verify_init()
635 MUST_HAVE((sig != NULL), ret, err); in __ecdsa_verify_init()
645 MUST_HAVE((siglen == ECDSA_SIGLEN(q_bit_len)), ret, err); in __ecdsa_verify_init()
648 ret = nn_init_from_buf(r, sig, q_len); EG(ret, err); in __ecdsa_verify_init()
649 ret = nn_init_from_buf(s, sig + q_len, q_len); EG(ret, err); in __ecdsa_verify_init()
654 ret = nn_iszero(r, &iszero1); EG(ret, err); in __ecdsa_verify_init()
655 ret = nn_iszero(s, &iszero2); EG(ret, err); in __ecdsa_verify_init()
656 ret = nn_cmp(r, q, &cmp1); EG(ret, err); in __ecdsa_verify_init()
657 ret = nn_cmp(s, q, &cmp2); EG(ret, err); in __ecdsa_verify_init()
658 MUST_HAVE(((!iszero1) && (cmp1 < 0) && !iszero2 && (cmp2 < 0)), ret, err); in __ecdsa_verify_init()
662 ret = hash_mapping_callbacks_sanity_check(ctx->h); EG(ret, err); in __ecdsa_verify_init()
663 ret = ctx->h->hfunc_init(&(ctx->verify_data.ecdsa.h_ctx)); EG(ret, err); in __ecdsa_verify_init()
674 return ret; in __ecdsa_verify_init()
680 int ret; in __ecdsa_verify_update() local
688 ret = sig_verify_check_initialized(ctx); EG(ret, err); in __ecdsa_verify_update()
689 ECDSA_VERIFY_CHECK_INITIALIZED(&(ctx->verify_data.ecdsa), ret, err); in __ecdsa_verify_update()
691 ret = pub_key_check_initialized_and_type(ctx->pub_key, key_type); EG(ret, err); in __ecdsa_verify_update()
695 ret = hash_mapping_callbacks_sanity_check(ctx->h); EG(ret, err); in __ecdsa_verify_update()
696 ret = ctx->h->hfunc_update(&(ctx->verify_data.ecdsa.h_ctx), chunk, chunklen); in __ecdsa_verify_update()
699 return ret; in __ecdsa_verify_update()
714 int ret, iszero, cmp; in __ecdsa_verify_finalize() local
727 ret = sig_verify_check_initialized(ctx); EG(ret, err); in __ecdsa_verify_finalize()
728 ECDSA_VERIFY_CHECK_INITIALIZED(&(ctx->verify_data.ecdsa), ret, err); in __ecdsa_verify_finalize()
730 ret = pub_key_check_initialized_and_type(ctx->pub_key, key_type); EG(ret, err); in __ecdsa_verify_finalize()
733 ret = local_memset(&uG, 0, sizeof(prj_pt)); EG(ret, err); in __ecdsa_verify_finalize()
734 ret = local_memset(&vY, 0, sizeof(prj_pt)); EG(ret, err); in __ecdsa_verify_finalize()
747 ret = hash_mapping_callbacks_sanity_check(ctx->h); EG(ret, err); in __ecdsa_verify_finalize()
748 ret = ctx->h->hfunc_finalize(&(ctx->verify_data.ecdsa.h_ctx), hash); EG(ret, err); in __ecdsa_verify_finalize()
769 ret = nn_init_from_buf(&e, hash, hsize); EG(ret, err); in __ecdsa_verify_finalize()
770 ret = local_memset(hash, 0, hsize); EG(ret, err); in __ecdsa_verify_finalize()
773 ret = nn_rshift_fixedlen(&e, &e, rshift); EG(ret, err); in __ecdsa_verify_finalize()
777 ret = nn_mod(&e, &e, q); EG(ret, err); in __ecdsa_verify_finalize()
781 ret = nn_modinv(&sinv, s, q); EG(ret, err); in __ecdsa_verify_finalize()
786 ret = nn_mod_mul(&uv, &e, &sinv, q); EG(ret, err); in __ecdsa_verify_finalize()
788 ret = prj_pt_mul(&uG, &uv, G); EG(ret, err); in __ecdsa_verify_finalize()
791 ret = nn_mod_mul(&uv, r, &sinv, q); EG(ret, err); in __ecdsa_verify_finalize()
793 ret = prj_pt_mul(&vY, &uv, Y); EG(ret, err); in __ecdsa_verify_finalize()
796 ret = prj_pt_add(W_prime, &uG, &vY); EG(ret, err); in __ecdsa_verify_finalize()
799 ret = prj_pt_iszero(W_prime, &iszero); EG(ret, err); in __ecdsa_verify_finalize()
800 MUST_HAVE(!iszero, ret, err); in __ecdsa_verify_finalize()
803 ret = prj_pt_unique(W_prime, W_prime); EG(ret, err); in __ecdsa_verify_finalize()
806 ret = nn_mod(&r_prime, &(W_prime->X.fp_val), q); EG(ret, err); in __ecdsa_verify_finalize()
809 ret = nn_cmp(&r_prime, r, &cmp); EG(ret, err); in __ecdsa_verify_finalize()
810 ret = (cmp != 0) ? -1 : 0; in __ecdsa_verify_finalize()
839 return ret; in __ecdsa_verify_finalize()
871 int ret, iszero1, iszero2, cmp1, cmp2; in __ecdsa_public_key_from_sig() local
885 ret = local_memset(&uG, 0, sizeof(prj_pt)); EG(ret, err); in __ecdsa_public_key_from_sig()
888 …!= NULL) && (sig != NULL) && (hash != NULL) && (out_pub1 != NULL) && (out_pub2 != NULL), ret, err); in __ecdsa_public_key_from_sig()
900 MUST_HAVE((siglen == ECDSA_SIGLEN(q_bit_len)), ret, err); in __ecdsa_public_key_from_sig()
904 ret = nn_init_from_buf(&r, sig, q_len); EG(ret, err); in __ecdsa_public_key_from_sig()
905 ret = nn_init_from_buf(&s, sig + q_len, q_len); EG(ret, err); in __ecdsa_public_key_from_sig()
908 ret = nn_iszero(&r, &iszero1); EG(ret, err); in __ecdsa_public_key_from_sig()
909 ret = nn_iszero(&s, &iszero2); EG(ret, err); in __ecdsa_public_key_from_sig()
910 ret = nn_cmp(&r, q, &cmp1); EG(ret, err); in __ecdsa_public_key_from_sig()
911 ret = nn_cmp(&s, q, &cmp2); EG(ret, err); in __ecdsa_public_key_from_sig()
912 MUST_HAVE(((!iszero1) && (cmp1 < 0) && !iszero2 && (cmp2 < 0)), ret, err); in __ecdsa_public_key_from_sig()
917 ret = nn_init(&u, 0); in __ecdsa_public_key_from_sig()
918 ret = nn_mul_word(&u, q, order_multiplier); EG(ret, err); in __ecdsa_public_key_from_sig()
919 ret = nn_add(&r, &r, &u); EG(ret, err); in __ecdsa_public_key_from_sig()
921 ret = nn_cmp(&r, p, &cmp); EG(ret, err); in __ecdsa_public_key_from_sig()
928 ret = -1; in __ecdsa_public_key_from_sig()
946 ret = nn_init_from_buf(&e, hash, hsize); EG(ret, err); in __ecdsa_public_key_from_sig()
948 ret = nn_rshift_fixedlen(&e, &e, rshift); EG(ret, err); in __ecdsa_public_key_from_sig()
950 ret = nn_mod(&e, &e, q); EG(ret, err); in __ecdsa_public_key_from_sig()
955 ret = fp_init(&(uG.X), &(params->ec_fp)); EG(ret, err); in __ecdsa_public_key_from_sig()
956 ret = fp_init(&(uG.Y), &(params->ec_fp)); EG(ret, err); in __ecdsa_public_key_from_sig()
957 ret = fp_init(&(uG.Z), &(params->ec_fp)); EG(ret, err); in __ecdsa_public_key_from_sig()
958 ret = fp_set_nn(&(uG.Z), &r); EG(ret, err); in __ecdsa_public_key_from_sig()
959 ret = aff_pt_y_from_x(&(uG.X), &(uG.Y), &(uG.Z), &(params->ec_curve)); in __ecdsa_public_key_from_sig()
960 if(ret){ in __ecdsa_public_key_from_sig()
967 ret = -1; in __ecdsa_public_key_from_sig()
974 ret = fp_init(&(Y2->Z), &(params->ec_fp)); EG(ret, err); in __ecdsa_public_key_from_sig()
975 ret = fp_one(&(Y2->Z)); EG(ret, err); in __ecdsa_public_key_from_sig()
977 ret = prj_pt_init_from_coords(Y1, &(params->ec_curve), &(uG.Z), &(uG.X), &(Y2->Z)); EG(ret, err); in __ecdsa_public_key_from_sig()
979 ret = prj_pt_init_from_coords(Y2, &(params->ec_curve), &(uG.Z), &(uG.Y), &(Y1->Z)); EG(ret, err); in __ecdsa_public_key_from_sig()
982 ret = nn_init(&u, 0); EG(ret, err); in __ecdsa_public_key_from_sig()
983 ret = nn_init(&v, 0); EG(ret, err); in __ecdsa_public_key_from_sig()
984 ret = nn_modinv(&r, &r, q); EG(ret, err); in __ecdsa_public_key_from_sig()
986 ret = nn_mod_mul(&u, &e, &r, q); EG(ret, err); in __ecdsa_public_key_from_sig()
988 ret = nn_mod_neg(&u, &u, q); EG(ret, err); in __ecdsa_public_key_from_sig()
990 ret = nn_mod_mul(&v, &s, &r, q); EG(ret, err); in __ecdsa_public_key_from_sig()
993 ret = prj_pt_mul(&uG, &u, G); EG(ret, err); in __ecdsa_public_key_from_sig()
995 ret = prj_pt_mul(Y1, &v, Y1); EG(ret, err); in __ecdsa_public_key_from_sig()
996 ret = prj_pt_add(Y1, Y1, &uG); EG(ret, err); in __ecdsa_public_key_from_sig()
998 ret = prj_pt_mul(Y2, &v, Y2); EG(ret, err); in __ecdsa_public_key_from_sig()
999 ret = prj_pt_add(Y2, Y2, &uG); EG(ret, err); in __ecdsa_public_key_from_sig()
1011 ret = 0; in __ecdsa_public_key_from_sig()
1030 return ret; in __ecdsa_public_key_from_sig()