Lines Matching full:eg
44 ret = priv_key_check_initialized_and_type(in_priv, ECKCDSA); EG(ret, err); in eckcdsa_init_pub_key()
50 ret = local_memset(out_pub, 0, sizeof(ec_pub_key)); EG(ret, err); in eckcdsa_init_pub_key()
60 ret = nn_modinv_fermat(&xinv, &(in_priv->x), q); EG(ret, err); in eckcdsa_init_pub_key()
63 ret = prj_pt_mul_blind(&(out_pub->y), &xinv, G); EG(ret, err); in eckcdsa_init_pub_key()
213 ret = sig_sign_check_initialized(ctx); EG(ret, err); in _eckcdsa_sign_init()
216 ret = key_pair_check_initialized_and_type(ctx->key_pair, ECKCDSA); EG(ret, err); in _eckcdsa_sign_init()
241 ret = prj_pt_to_aff(&y_aff, &(pub_key->y)); EG(ret, err); in _eckcdsa_sign_init()
242 ret = local_memset(tmp_buf, 0, sizeof(tmp_buf)); EG(ret, err); in _eckcdsa_sign_init()
243 ret = fp_export_to_buf(tmp_buf, p_len, &(y_aff.x)); EG(ret, err); in _eckcdsa_sign_init()
244 ret = fp_export_to_buf(tmp_buf + p_len, p_len, &(y_aff.y)); EG(ret, err); in _eckcdsa_sign_init()
249 ret = hash_mapping_callbacks_sanity_check(ctx->h); EG(ret, err); in _eckcdsa_sign_init()
250 ret = ctx->h->hfunc_init(&(ctx->sign_data.eckcdsa.h_ctx)); EG(ret, err); in _eckcdsa_sign_init()
251 ret = ctx->h->hfunc_update(&(ctx->sign_data.eckcdsa.h_ctx), tmp_buf, z_len); EG(ret, err); in _eckcdsa_sign_init()
252 ret = local_memset(tmp_buf, 0, sizeof(tmp_buf)); EG(ret, err); in _eckcdsa_sign_init()
279 ret = sig_sign_check_initialized(ctx); EG(ret, err); in _eckcdsa_sign_update()
284 ret = hash_mapping_callbacks_sanity_check(ctx->h); EG(ret, err); in _eckcdsa_sign_update()
324 ret = sig_sign_check_initialized(ctx); EG(ret, err); in _eckcdsa_sign_finalize()
329 ret = local_memset(&kG, 0, sizeof(prj_pt)); EG(ret, err); in _eckcdsa_sign_finalize()
343 ret = nn_cmp(x, q, &cmp); EG(ret, err); in _eckcdsa_sign_finalize()
358 ret = hash_mapping_callbacks_sanity_check(ctx->h); EG(ret, err); in _eckcdsa_sign_finalize()
359 ret = ctx->h->hfunc_finalize(&(ctx->sign_data.eckcdsa.h_ctx), hzm); EG(ret, err); in _eckcdsa_sign_finalize()
370 ret = buf_lshift(hzm, hsize, shift); EG(ret, err); in _eckcdsa_sign_finalize()
384 ret = ctx->rand(&k, q); EG(ret, err); in _eckcdsa_sign_finalize()
390 ret = nn_get_random_mod(&b, q); EG(ret, err); in _eckcdsa_sign_finalize()
397 ret = prj_pt_mul_blind(&kG, &k, G); EG(ret, err); in _eckcdsa_sign_finalize()
399 ret = prj_pt_mul(&kG, &k, G); EG(ret, err); in _eckcdsa_sign_finalize()
401 ret = prj_pt_unique(&kG, &kG); EG(ret, err); in _eckcdsa_sign_finalize()
406 ret = local_memset(tmp_buf, 0, sizeof(tmp_buf)); EG(ret, err); in _eckcdsa_sign_finalize()
407 ret = fp_export_to_buf(tmp_buf, p_len, &(kG.X)); EG(ret, err); in _eckcdsa_sign_finalize()
409 ret = hash_mapping_callbacks_sanity_check(ctx->h); EG(ret, err); in _eckcdsa_sign_finalize()
410 ret = ctx->h->hfunc_init(&r_ctx); EG(ret, err); in _eckcdsa_sign_finalize()
411 ret = ctx->h->hfunc_update(&r_ctx, tmp_buf, p_len); EG(ret, err); in _eckcdsa_sign_finalize()
412 ret = ctx->h->hfunc_finalize(&r_ctx, r); EG(ret, err); in _eckcdsa_sign_finalize()
413 ret = local_memset(tmp_buf, 0, p_len); EG(ret, err); in _eckcdsa_sign_finalize()
414 ret = local_memset(&r_ctx, 0, sizeof(hash_context)); EG(ret, err); in _eckcdsa_sign_finalize()
424 ret = buf_lshift(r, hsize, shift); EG(ret, err); in _eckcdsa_sign_finalize()
431 ret = nn_init_from_buf(&tmp, hzm, r_len); EG(ret, err); in _eckcdsa_sign_finalize()
432 ret = local_memset(hzm, 0, r_len); EG(ret, err); in _eckcdsa_sign_finalize()
433 ret = nn_mod(&e, &tmp, q); EG(ret, err); in _eckcdsa_sign_finalize()
438 ret = nn_mod_mul(&k, &k, &b, q); EG(ret, err); in _eckcdsa_sign_finalize()
439 ret = nn_mod_mul(&e, &e, &b, q); EG(ret, err); in _eckcdsa_sign_finalize()
443 ret = nn_modinv_fermat(&binv, &b, q); EG(ret, err); in _eckcdsa_sign_finalize()
452 ret = nn_mod_neg(&tmp, &e, q); EG(ret, err); in _eckcdsa_sign_finalize()
453 ret = nn_mod_add(&tmp, &k, &tmp, q); EG(ret, err); in _eckcdsa_sign_finalize()
454 ret = nn_mod_mul(&s, x, &tmp, q); EG(ret, err); in _eckcdsa_sign_finalize()
457 ret = nn_mod_mul(&s, &s, &binv, q); EG(ret, err); in _eckcdsa_sign_finalize()
461 ret = nn_iszero(&s, &iszero); EG(ret, err); in _eckcdsa_sign_finalize()
469 ret = local_memcpy(sig, r, r_len); EG(ret, err); in _eckcdsa_sign_finalize()
470 ret = local_memset(r, 0, r_len); EG(ret, err); in _eckcdsa_sign_finalize()
529 *| F 6. Compute W' = sY + eG, where Y is the public key
561 ret = sig_verify_check_initialized(ctx); EG(ret, err); in _eckcdsa_verify_init()
565 ret = pub_key_check_initialized_and_type(ctx->pub_key, ECKCDSA); EG(ret, err); in _eckcdsa_verify_init()
592 ret = nn_init_from_buf(&s, sig + r_len, s_len); EG(ret, err); in _eckcdsa_verify_init()
593 ret = nn_iszero(&s, &iszero); EG(ret, err); in _eckcdsa_verify_init()
594 ret = nn_cmp(&s, q, &cmp); EG(ret, err); in _eckcdsa_verify_init()
614 ret = prj_pt_to_aff(&y_aff, &(pub_key->y)); EG(ret, err); in _eckcdsa_verify_init()
615 ret = local_memset(tmp_buf, 0, sizeof(tmp_buf)); EG(ret, err); in _eckcdsa_verify_init()
616 ret = fp_export_to_buf(tmp_buf, p_len, &(y_aff.x)); EG(ret, err); in _eckcdsa_verify_init()
617 ret = fp_export_to_buf(tmp_buf + p_len, p_len, &(y_aff.y)); EG(ret, err); in _eckcdsa_verify_init()
622 ret = hash_mapping_callbacks_sanity_check(ctx->h); EG(ret, err); in _eckcdsa_verify_init()
623 ret = ctx->h->hfunc_init(&(ctx->verify_data.eckcdsa.h_ctx)); EG(ret, err); in _eckcdsa_verify_init()
625 z_len); EG(ret, err); in _eckcdsa_verify_init()
626 ret = local_memset(tmp_buf, 0, sizeof(tmp_buf)); EG(ret, err); in _eckcdsa_verify_init()
632 ret = local_memcpy(ctx->verify_data.eckcdsa.r, sig, r_len); EG(ret, err); in _eckcdsa_verify_init()
633 ret = nn_copy(&(ctx->verify_data.eckcdsa.s), &s); EG(ret, err); in _eckcdsa_verify_init()
676 ret = sig_verify_check_initialized(ctx); EG(ret, err); in _eckcdsa_verify_update()
681 ret = hash_mapping_callbacks_sanity_check(ctx->h); EG(ret, err); in _eckcdsa_verify_update()
697 prj_pt sY, eG; in _eckcdsa_verify_finalize() local
712 sY.magic = eG.magic = WORD(0); in _eckcdsa_verify_finalize()
715 /* NOTE: we reuse eG for Wprime to optimize local variables */ in _eckcdsa_verify_finalize()
716 Wprime = &eG; in _eckcdsa_verify_finalize()
723 ret = sig_verify_check_initialized(ctx); EG(ret, err); in _eckcdsa_verify_finalize()
727 ret = local_memset(&sY, 0, sizeof(prj_pt)); EG(ret, err); in _eckcdsa_verify_finalize()
728 ret = local_memset(&eG, 0, sizeof(prj_pt)); EG(ret, err); in _eckcdsa_verify_finalize()
745 ret = hash_mapping_callbacks_sanity_check(ctx->h); EG(ret, err); in _eckcdsa_verify_finalize()
746 ret = ctx->h->hfunc_finalize(&(ctx->verify_data.eckcdsa.h_ctx), hzm); EG(ret, err); in _eckcdsa_verify_finalize()
756 ret = buf_lshift(hzm, hsize, shift); EG(ret, err); in _eckcdsa_verify_finalize()
763 ret = nn_init_from_buf(&tmp, hzm, r_len); EG(ret, err); in _eckcdsa_verify_finalize()
764 ret = local_memset(hzm, 0, hsize); EG(ret, err); in _eckcdsa_verify_finalize()
765 ret = nn_mod(&e, &tmp, q); EG(ret, err); in _eckcdsa_verify_finalize()
769 /* 6. Compute W' = sY + eG, where Y is the public key */ in _eckcdsa_verify_finalize()
770 ret = prj_pt_mul(&sY, s, Y); EG(ret, err); in _eckcdsa_verify_finalize()
771 ret = prj_pt_mul(&eG, &e, G); EG(ret, err); in _eckcdsa_verify_finalize()
772 ret = prj_pt_add(Wprime, &sY, &eG); EG(ret, err); in _eckcdsa_verify_finalize()
773 ret = prj_pt_unique(Wprime, Wprime); EG(ret, err); in _eckcdsa_verify_finalize()
778 ret = local_memset(tmp_buf, 0, sizeof(tmp_buf)); EG(ret, err); in _eckcdsa_verify_finalize()
779 ret = fp_export_to_buf(tmp_buf, p_len, &(Wprime->X)); EG(ret, err); in _eckcdsa_verify_finalize()
781 ret = hash_mapping_callbacks_sanity_check(ctx->h); EG(ret, err); in _eckcdsa_verify_finalize()
782 ret = ctx->h->hfunc_init(&r_prime_ctx); EG(ret, err); in _eckcdsa_verify_finalize()
783 ret = ctx->h->hfunc_update(&r_prime_ctx, tmp_buf, p_len); EG(ret, err); in _eckcdsa_verify_finalize()
784 ret = ctx->h->hfunc_finalize(&r_prime_ctx, r_prime); EG(ret, err); in _eckcdsa_verify_finalize()
785 ret = local_memset(tmp_buf, 0, p_len); EG(ret, err); in _eckcdsa_verify_finalize()
786 ret = local_memset(&r_prime_ctx, 0, sizeof(hash_context)); EG(ret, err); in _eckcdsa_verify_finalize()
794 ret = buf_lshift(r_prime, hsize, shift); EG(ret, err); in _eckcdsa_verify_finalize()
799 ret = are_equal(r, r_prime, r_len, &check); EG(ret, err); in _eckcdsa_verify_finalize()
804 prj_pt_uninit(&eG); in _eckcdsa_verify_finalize()