Lines Matching +full:compute +full:-
2 * Copyright (C) 2017 - This file is part of libecc project
7 * Jean-Pierre FLORI <jean-pierre.flori@ssi.gouv.fr>
32 * Generic *internal* helper for EC-{,O}SDSA public key initialization
33 * functions. The function returns 0 on success, -1 on error.
49 G = &(in_priv->params->ec_gen); in __ecsdsa_init_pub_key()
51 ret = prj_pt_mul_blind(&(out_pub->y), &(in_priv->x), G); EG(ret, err); in __ecsdsa_init_pub_key()
53 out_pub->key_type = key_type; in __ecsdsa_init_pub_key()
54 out_pub->params = in_priv->params; in __ecsdsa_init_pub_key()
55 out_pub->magic = PUB_KEY_MAGIC; in __ecsdsa_init_pub_key()
66 * -1 on error. On success, signature length is provided via 'siglen' out
67 * parameter. The function returns 0 on success, -1 on error. On success,
90 * Generic *internal* EC-{,O}SDSA signature functions. There purpose is to
102 *| IUF - ECSDSA/ECOSDSA signature
105 *| I 2. Compute W = kG = (Wx, Wy)
106 *| IUF 3. Compute r = H(Wx [|| Wy] || m)
107 *| - In the normal version (ECSDSA), r = H(Wx || Wy || m).
108 *| - In the optimized version (ECOSDSA), r = H(Wx || m).
109 *| F 4. Compute e = OS2I(r) mod q
111 *| F 6. Compute s = (k + ex) mod q.
120 * In ISO-14888-3, the option is provided to the developer to check
123 * verifier expects a non-zero value for r. In the specification, r
125 * - both on the signer and the verifier - after conversion to an
135 ((A)->magic == ECSDSA_SIGN_MAGIC), ret, err)
138 * Generic *internal* helper for EC-{,O}SDSA signature initialization functions.
139 * The function returns 0 on success, -1 on error.
163 ret = key_pair_check_initialized_and_type(ctx->key_pair, key_type); EG(ret, err); in __ecsdsa_sign_init()
164 MUST_HAVE((ctx->h != NULL) && (ctx->h->digest_size <= MAX_DIGEST_SIZE) && in __ecsdsa_sign_init()
165 (ctx->h->block_size <= MAX_BLOCK_SIZE), ret, err); in __ecsdsa_sign_init()
168 priv_key = &(ctx->key_pair->priv_key); in __ecsdsa_sign_init()
169 G = &(priv_key->params->ec_gen); in __ecsdsa_sign_init()
170 q = &(priv_key->params->ec_gen_order); in __ecsdsa_sign_init()
171 p_bit_len = priv_key->params->ec_fp.p_bitlen; in __ecsdsa_sign_init()
174 dbg_nn_print("p", &(priv_key->params->ec_fp.p)); in __ecsdsa_sign_init()
178 dbg_pub_key_print("Y", &(ctx->key_pair->pub_key)); in __ecsdsa_sign_init()
187 MUST_HAVE((ctx->rand == nn_get_random_mod), ret, err); in __ecsdsa_sign_init()
189 MUST_HAVE((ctx->rand != NULL), ret, err); in __ecsdsa_sign_init()
190 ret = ctx->rand(&k, q); EG(ret, err); in __ecsdsa_sign_init()
193 /* 2. Compute W = kG = (Wx, Wy). */ in __ecsdsa_sign_init()
204 * 3. Compute r = H(Wx [|| Wy] || m) in __ecsdsa_sign_init()
206 * - In the normal version (ECSDSA), r = h(Wx || Wy || m). in __ecsdsa_sign_init()
207 * - In the optimized version (ECOSDSA), r = h(Wx || m). in __ecsdsa_sign_init()
210 ret = hash_mapping_callbacks_sanity_check(ctx->h); EG(ret, err); in __ecsdsa_sign_init()
211 ret = ctx->h->hfunc_init(&(ctx->sign_data.ecsdsa.h_ctx)); EG(ret, err); in __ecsdsa_sign_init()
213 ret = ctx->h->hfunc_update(&(ctx->sign_data.ecsdsa.h_ctx), Wx, p_len); EG(ret, err); in __ecsdsa_sign_init()
216 ret = ctx->h->hfunc_update(&(ctx->sign_data.ecsdsa.h_ctx), Wy, in __ecsdsa_sign_init()
223 ret = nn_copy(&(ctx->sign_data.ecsdsa.k), &k); EG(ret, err); in __ecsdsa_sign_init()
224 ctx->sign_data.ecsdsa.magic = ECSDSA_SIGN_MAGIC; in __ecsdsa_sign_init()
240 * Generic *internal* helper for EC-{,O}SDSA signature update functions.
241 * The function returns 0 on success, -1 on error.
255 ECSDSA_SIGN_CHECK_INITIALIZED(&(ctx->sign_data.ecsdsa), ret, err); in __ecsdsa_sign_update()
257 /* 3. Compute r = H(Wx [|| Wy] || m) */ in __ecsdsa_sign_update()
259 ret = hash_mapping_callbacks_sanity_check(ctx->h); EG(ret, err); in __ecsdsa_sign_update()
260 ret = ctx->h->hfunc_update(&(ctx->sign_data.ecsdsa.h_ctx), chunk, chunklen); EG(ret, err); in __ecsdsa_sign_update()
267 * Generic *internal* helper for EC-{,O}SDSA signature finalization functions.
268 * The function returns 0 on success, -1 on error.
295 ECSDSA_SIGN_CHECK_INITIALIZED(&(ctx->sign_data.ecsdsa), ret, err); in __ecsdsa_sign_finalize()
299 priv_key = &(ctx->key_pair->priv_key); in __ecsdsa_sign_finalize()
300 q = &(priv_key->params->ec_gen_order); in __ecsdsa_sign_finalize()
301 x = &(priv_key->x); in __ecsdsa_sign_finalize()
302 q_bit_len = priv_key->params->ec_gen_order_bitlen; in __ecsdsa_sign_finalize()
303 hsize = ctx->h->digest_size; in __ecsdsa_sign_finalize()
314 /* 3. Compute r = H(Wx [|| Wy] || m) */ in __ecsdsa_sign_finalize()
317 ret = hash_mapping_callbacks_sanity_check(ctx->h); EG(ret, err); in __ecsdsa_sign_finalize()
318 ret = ctx->h->hfunc_finalize(&(ctx->sign_data.ecsdsa.h_ctx), r); EG(ret, err); in __ecsdsa_sign_finalize()
322 /* 4. Compute e = OS2I(r) mod q */ in __ecsdsa_sign_finalize()
340 /* 6. Compute s = (k + ex) mod q. */ in __ecsdsa_sign_finalize()
344 ret = nn_mod_mul(&s, &(ctx->sign_data.ecsdsa.k), &b, q); EG(ret, err); in __ecsdsa_sign_finalize()
347 ret = nn_mod_add(&s, &(ctx->sign_data.ecsdsa.k), &ex, q); EG(ret, err); in __ecsdsa_sign_finalize()
387 IGNORE_RET_VAL(local_memset(&(ctx->sign_data.ecsdsa), 0, sizeof(ecsdsa_sign_data))); in __ecsdsa_sign_finalize()
402 /* local helper for context sanity checks. Returns 0 on success, -1 on error. */
406 ((A)->magic == ECSDSA_VERIFY_MAGIC), ret, err)
409 *| IUF - ECSDSA/ECOSDSA verification
412 *| I 2. Compute e = -r mod q
414 *| I 4. Compute W' = sG + eY
415 *| IUF 5. Compute r' = H(W'x [|| W'y] || m)
416 *| - In the normal version (ECSDSA), r' = H(W'x || W'y || m).
417 *| - In the optimized version (ECOSDSA), r' = H(W'x || m).
422 * Generic *internal* helper for EC-{,O}SDSA verification initialization functions.
423 * The function returns 0 on success, -1 on error.
456 ret = pub_key_check_initialized_and_type(ctx->pub_key, key_type); EG(ret, err); in __ecsdsa_verify_init()
457 MUST_HAVE((ctx->h != NULL) && (ctx->h->digest_size <= MAX_DIGEST_SIZE) && in __ecsdsa_verify_init()
458 (ctx->h->block_size <= MAX_BLOCK_SIZE), ret, err); in __ecsdsa_verify_init()
462 pub_key = ctx->pub_key; in __ecsdsa_verify_init()
463 G = &(pub_key->params->ec_gen); in __ecsdsa_verify_init()
464 Y = &(pub_key->y); in __ecsdsa_verify_init()
465 q = &(pub_key->params->ec_gen_order); in __ecsdsa_verify_init()
466 p_len = (u8)BYTECEIL(pub_key->params->ec_fp.p_bitlen); in __ecsdsa_verify_init()
467 q_bit_len = pub_key->params->ec_gen_order_bitlen; in __ecsdsa_verify_init()
468 hsize = ctx->h->digest_size; in __ecsdsa_verify_init()
481 * 2. Compute e = -r mod q in __ecsdsa_verify_init()
483 * To avoid dealing w/ negative numbers, we simply compute in __ecsdsa_verify_init()
484 * e = -r mod q = q - (r mod q) (except when r is 0). in __ecsdsa_verify_init()
494 /* 4. Compute W' = sG + eY */ in __ecsdsa_verify_init()
501 * 5. Compute r' = H(W'x [|| W'y] || m) in __ecsdsa_verify_init()
503 * - In the normal version (ECSDSA), r = h(W'x || W'y || m). in __ecsdsa_verify_init()
504 * - In the optimized version (ECOSDSA), r = h(W'x || m). in __ecsdsa_verify_init()
507 ret = hash_mapping_callbacks_sanity_check(ctx->h); EG(ret, err); in __ecsdsa_verify_init()
508 ret = ctx->h->hfunc_init(&(ctx->verify_data.ecsdsa.h_ctx)); EG(ret, err); in __ecsdsa_verify_init()
509 ret = fp_export_to_buf(Wprimex, p_len, &(Wprime->X)); EG(ret, err); in __ecsdsa_verify_init()
511 ret = hash_mapping_callbacks_sanity_check(ctx->h); EG(ret, err); in __ecsdsa_verify_init()
512 ret = ctx->h->hfunc_update(&(ctx->verify_data.ecsdsa.h_ctx), Wprimex, p_len); EG(ret, err); in __ecsdsa_verify_init()
514 ret = fp_export_to_buf(Wprimey, p_len, &(Wprime->Y)); EG(ret, err); in __ecsdsa_verify_init()
516 ret = hash_mapping_callbacks_sanity_check(ctx->h); EG(ret, err); in __ecsdsa_verify_init()
517 ret = ctx->h->hfunc_update(&(ctx->verify_data.ecsdsa.h_ctx), in __ecsdsa_verify_init()
524 ret = local_memcpy(ctx->verify_data.ecsdsa.r, sig, r_len); EG(ret, err); in __ecsdsa_verify_init()
525 ret = nn_copy(&(ctx->verify_data.ecsdsa.s), &s); EG(ret, err); in __ecsdsa_verify_init()
527 ctx->verify_data.ecsdsa.magic = ECSDSA_VERIFY_MAGIC; in __ecsdsa_verify_init()
553 * Generic *internal* helper for EC-{,O}SDSA verification update functions.
554 * The function returns 0 on success, -1 on error.
568 ECSDSA_VERIFY_CHECK_INITIALIZED(&(ctx->verify_data.ecsdsa), ret, err); in __ecsdsa_verify_update()
570 /* 5. Compute r' = H(W'x [|| W'y] || m) */ in __ecsdsa_verify_update()
572 ret = hash_mapping_callbacks_sanity_check(ctx->h); EG(ret, err); in __ecsdsa_verify_update()
573 ret = ctx->h->hfunc_update(&(ctx->verify_data.ecsdsa.h_ctx), chunk, in __ecsdsa_verify_update()
581 * Generic *internal* helper for EC-{,O}SDSA verification finalization
582 * functions. The function returns 0 on success, -1 on error.
596 ECSDSA_VERIFY_CHECK_INITIALIZED(&(ctx->verify_data.ecsdsa), ret, err); in __ecsdsa_verify_finalize()
598 r_len = ECSDSA_R_LEN(ctx->h->digest_size); in __ecsdsa_verify_finalize()
600 /* 5. Compute r' = H(W'x [|| W'y] || m) */ in __ecsdsa_verify_finalize()
602 ret = hash_mapping_callbacks_sanity_check(ctx->h); EG(ret, err); in __ecsdsa_verify_finalize()
603 ret = ctx->h->hfunc_finalize(&(ctx->verify_data.ecsdsa.h_ctx), r_prime); EG(ret, err); in __ecsdsa_verify_finalize()
606 ret = are_equal(ctx->verify_data.ecsdsa.r, r_prime, r_len, &check); EG(ret, err); in __ecsdsa_verify_finalize()
607 ret = check ? 0 : -1; in __ecsdsa_verify_finalize()
616 IGNORE_RET_VAL(local_memset(&(ctx->verify_data.ecsdsa), 0, in __ecsdsa_verify_finalize()