From: Dmitry Baryshkov <dbarysh...@gmail.com>
Add support for GC256C curve ("TLS Supported Groups" registry,
draft-smyshlyaev-tls12-gost-suites) also known as
GostR3410-2001-CryptoPro-B (RFC 4357).
Signed-off-by: Dmitry Baryshkov <dbarysh...@gmail.com>
---
.gitignore | 1 +
Makefile.in | 10 +-
ecc-curve.h | 1 +
ecc-gost-gc256c.c | 174 ++++++++++++++++++++++++++++++++
ecc-internal.h | 1 +
eccdata.c | 32 ++++++
examples/ecc-benchmark.c | 1 +
nettle.texinfo | 8 ++
testsuite/gostdsa-sign-test.c | 11 ++
testsuite/gostdsa-verify-test.c | 11 ++
testsuite/testutils.c | 14 ++-
11 files changed, 260 insertions(+), 4 deletions(-)
create mode 100644 ecc-gost-gc256c.c
diff --git a/.gitignore b/.gitignore
index 48e2b7f464da..a94d279e5d18 100644
--- a/.gitignore
+++ b/.gitignore
@@ -46,6 +46,7 @@ core
/ecc-curve25519.h
/ecc-curve448.h
/ecc-gost-gc256b.h
+/ecc-gost-gc256c.h
/ecc-gost-gc512a.h
/ecc-secp192r1.h
/ecc-secp224r1.h
diff --git a/Makefile.in b/Makefile.in
index d4fcb81302a2..7330ab893131 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -180,7 +180,8 @@ hogweed_SOURCES = sexp.c sexp-format.c \
ecc-mod.c ecc-mod-inv.c \
ecc-mod-arith.c ecc-pp1-redc.c ecc-pm1-redc.c \
ecc-curve25519.c ecc-curve448.c \
- ecc-gost-gc256b.c ecc-gost-gc512a.c \
+ ecc-gost-gc256b.c ecc-gost-gc256c.c \
+ ecc-gost-gc512a.c \
ecc-secp192r1.c ecc-secp224r1.c ecc-secp256r1.c \
ecc-secp384r1.c ecc-secp521r1.c \
ecc-size.c ecc-j-to-a.c ecc-a-to-j.c \
@@ -391,6 +392,9 @@ ecc-curve448.h: eccdata.stamp
ecc-gost-gc256b.h: eccdata.stamp
./eccdata$(EXEEXT_FOR_BUILD) gost_gc256b 11 6 $(NUMB_BITS) > $@T && mv
$@T $@
+ecc-gost-gc256c.h: eccdata.stamp
+ ./eccdata$(EXEEXT_FOR_BUILD) gost_gc256c 11 6 $(NUMB_BITS) > $@T && mv
$@T $@
+
# Some reasonable choices for 512:
# k = 22, c = 6, S = 256, T = 110 ( 88 A + 22 D) 32 KB
# k = 29, c = 6, S = 192, T = 116 ( 87 A + 29 D) 24 KB
@@ -407,6 +411,7 @@ eccdata.stamp: eccdata.c
ecc-curve25519.$(OBJEXT): ecc-curve25519.h
ecc-curve448.$(OBJEXT): ecc-curve448.h
ecc-gost-gc256b.$(OBJEXT): ecc-gost-gc256b.h
+ecc-gost-gc256c.$(OBJEXT): ecc-gost-gc256c.h
ecc-gost-gc512a.$(OBJEXT): ecc-gost-gc512a.h
ecc-secp192r1.$(OBJEXT): ecc-secp192r1.h
ecc-secp224r1.$(OBJEXT): ecc-secp224r1.h
@@ -661,7 +666,8 @@ distcheck: dist
clean-here:
-rm -f $(TARGETS) *.$(OBJEXT) *.$(OBJEXT).d *.s *.so *.dll *.a \
ecc-curve25519.h ecc-curve448.h \
- ecc-gost-gc256b.h ecc-gost-gc512a.h \
+ ecc-gost-gc256b.h ecc-gost-gc256c.h \
+ ecc-gost-gc512a.h \
ecc-secp192r1.h ecc-secp224r1.h ecc-secp256r1.h \
ecc-secp384r1.h ecc-secp521r1.h \
aesdata$(EXEEXT_FOR_BUILD) \
diff --git a/ecc-curve.h b/ecc-curve.h
index 8f050404a944..30a33d43782b 100644
--- a/ecc-curve.h
+++ b/ecc-curve.h
@@ -44,6 +44,7 @@ extern "C" {
struct ecc_curve;
const struct ecc_curve * _NETTLE_ATTRIBUTE_PURE nettle_get_gost_gc256b(void);
+const struct ecc_curve * _NETTLE_ATTRIBUTE_PURE nettle_get_gost_gc256c(void);
const struct ecc_curve * _NETTLE_ATTRIBUTE_PURE nettle_get_gost_gc512a(void);
const struct ecc_curve * _NETTLE_ATTRIBUTE_PURE nettle_get_secp_192r1(void);
const struct ecc_curve * _NETTLE_ATTRIBUTE_PURE nettle_get_secp_224r1(void);
diff --git a/ecc-gost-gc256c.c b/ecc-gost-gc256c.c
new file mode 100644
index 000000000000..258cf75a26bc
--- /dev/null
+++ b/ecc-gost-gc256c.c
@@ -0,0 +1,174 @@
+/* ecc-gost-gc256c.c
+
+ Compile time constant (but machine dependent) tables.
+
+ Copyright (C) 2016, 2019 Dmitry Eremin-Solenikov
+
+ This file is part of GNU Nettle.
+
+ GNU Nettle is free software: you can redistribute it and/or
+ modify it under the terms of either:
+
+ * the GNU Lesser General Public License as published by the Free
+ Software Foundation; either version 3 of the License, or (at your
+ option) any later version.
+
+ or
+
+ * the GNU General Public License as published by the Free
+ Software Foundation; either version 2 of the License, or (at your
+ option) any later version.
+
+ or both in parallel, as here.
+
+ GNU Nettle is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ General Public License for more details.
+
+ You should have received copies of the GNU General Public License and
+ the GNU Lesser General Public License along with this program. If
+ not, see http://www.gnu.org/licenses/.
+*/
+
+#if HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include <assert.h>
+
+#include "ecc.h"
+#include "ecc-internal.h"
+
+#define USE_REDC 0
+
+#include "ecc-gost-gc256c.h"
+
+static void
+ecc_gost_gc256c_modp (const struct ecc_modulo *m, mp_limb_t *rp)
+{
+ mp_size_t mn = m->size;
+ mp_limb_t hi;
+
+ hi = mpn_submul_1(rp, rp + mn, mn, 0xc99 * 2);
+ hi = sec_add_1 (rp, rp, mn, hi * 0xc99 * 2);
+ hi = sec_sub_1 (rp, rp, mn, hi * 0xc99 * 2);
+ assert(hi <= 1);
+ hi = cnd_sub_n (hi, rp, m->B, mn);
+ assert(hi == 0);
+}
+
+static void
+ecc_gost_gc256c_modq (const struct ecc_modulo *p, mp_limb_t *rp)
+{
+ mp_size_t mn = p->size;
+ mpz_t r, a, m;
+ mpz_init (r);
+ mpz_mod (r, mpz_roinit_n (a, rp, 2*mn), mpz_roinit_n (m, p->m, mn));
+ mpz_limbs_copy (rp, r, mn);
+
+ mpz_clear (r);
+}
+
+static void
+ecc_gost_gc256c_mod_mul_1 (const struct ecc_modulo *m, mp_limb_t *rp,
+ const mp_limb_t *ap, mp_limb_t b)
+{
+ mp_limb_t hi;
+
+ assert (b <= 0xffffffff);
+ hi = mpn_mul_1 (rp, ap, m->size, b);
+ hi = mpn_sub_1 (rp, rp, m->size, hi * 0xc99 * 2);
+ assert(hi <= 1);
+ hi = cnd_add_n (hi, rp, m->B, m->size);
+ assert(hi == 0);
+}
+
+static void
+ecc_gost_gc256c_mod_submul_1 (const struct ecc_modulo *m, mp_limb_t *rp,
+ const mp_limb_t *ap, mp_limb_t b)
+{
+ mp_limb_t hi;
+
+ assert (b <= 0xffffffff);
+ hi = mpn_submul_1 (rp, ap, m->size, b);
+ hi = mpn_add_1 (rp, rp, m->size, hi * 0xc99 * 2);
+ assert(hi <= 1);
+ hi = cnd_sub_n (hi, rp, m->B, m->size);
+ assert(hi == 0);
+}
+
+const struct ecc_curve _nettle_gost_gc256c =
+{
+ {
+ 256,
+ ECC_LIMB_SIZE,
+ ECC_BMODP_SIZE,
+ ECC_REDC_SIZE,
+ ECC_MOD_INV_ITCH (ECC_LIMB_SIZE),
+ 0,
+
+ ecc_p,
+ ecc_Bmodp,
+ ecc_Bmodp_shifted,
+ ecc_redc_ppm1,
+
+ ecc_pp1h,
+ ecc_gost_gc256c_modp,
+ ecc_gost_gc256c_modp,
+ ecc_mod_inv,
+ NULL,
+
+ ecc_gost_gc256c_mod_mul_1,
+ ecc_gost_gc256c_mod_submul_1,
+ },
+ {
+ 256,
+ ECC_LIMB_SIZE,
+ ECC_BMODQ_SIZE,
+ 0,
+ ECC_MOD_INV_ITCH (ECC_LIMB_SIZE),
+ 0,
+
+ ecc_q,
+ ecc_Bmodq,
+ ecc_Bmodq_shifted,
+ NULL,
+ ecc_qp1h,
+
+ ecc_gost_gc256c_modq,
+ ecc_gost_gc256c_modq,
+ ecc_mod_inv,
+ NULL,
+
+ NULL,
+ NULL,
+ },
+
+ USE_REDC,
+ ECC_PIPPENGER_K,
+ ECC_PIPPENGER_C,
+
+ ECC_ADD_JJA_ITCH (ECC_LIMB_SIZE),
+ ECC_ADD_JJJ_ITCH (ECC_LIMB_SIZE),
+ ECC_DUP_JJ_ITCH (ECC_LIMB_SIZE),
+ ECC_MUL_A_ITCH (ECC_LIMB_SIZE),
+ ECC_MUL_G_ITCH (ECC_LIMB_SIZE),
+ ECC_J_TO_A_ITCH (ECC_LIMB_SIZE),
+
+ ecc_add_jja,
+ ecc_add_jjj,
+ ecc_dup_jj,
+ ecc_mul_a,
+ ecc_mul_g,
+ ecc_j_to_a,
+
+ ecc_b,
+ ecc_unit,
+ ecc_table
+};
+
+const struct ecc_curve *nettle_get_gost_gc256c(void)
+{
+ return &_nettle_gost_gc256c;
+}
diff --git a/ecc-internal.h b/ecc-internal.h
index e1380bfb2b20..6b84ba6fb2f4 100644
--- a/ecc-internal.h
+++ b/ecc-internal.h
@@ -94,6 +94,7 @@ extern const struct ecc_curve _nettle_curve448;
/* GOST curves, visible with underscore prefix for now */
extern const struct ecc_curve _nettle_gost_gc256b;
+extern const struct ecc_curve _nettle_gost_gc256c;
extern const struct ecc_curve _nettle_gost_gc512a;
#define ECC_MAX_SIZE ((521 + GMP_NUMB_BITS - 1) / GMP_NUMB_BITS)
diff --git a/eccdata.c b/eccdata.c
index 1b4cb0b5083e..182d4982e849 100644
--- a/eccdata.c
+++ b/eccdata.c
@@ -705,6 +705,38 @@ ecc_curve_init (struct ecc_curve *ecc, const char *curve)
"f7063e7063e7063e7063e7063e7063e7063e7063e7063e7063e7063e7063e4b7",
"83ccf17ba6706d73625cc3534c7a2b9d6ec1ee6a9a7e07c10d84b388de59f741");
+ }
+ else if (!strcmp (curve, "gost_gc256c"))
+ {
+ ecc_curve_init_str (ecc, ECC_TYPE_WEIERSTRASS,
+ "80000000000000000000000000000000"
+ "00000000000000000000000000000c99",
+
+ "3e1af419a269a5f866a7d3c25c3df80a"
+ "e979259373ff2b182f49d4ce7e1bbc8b",
+
+ "80000000000000000000000000000001"
+ "5f700cfff1a624e5e497161bcc8a198f",
+
+ "00000000000000000000000000000000"
+ "00000000000000000000000000000001",
+
+ "3fa8124359f96680b83d1c3eb2c070e5"
+ "c545c9858d03ecfb744bf8d717717efc");
+
+ ecc->ref = ecc_alloc (3);
+ ecc_set_str (&ecc->ref[0], /* 2 g */
+
"8000000000000000000000000000000000000000000000000000000000000c97",
+
"4057edbca606997f47c2e3c14d3f8f1a3aba367a72fc13048bb40728e88e8d9d");
+
+ ecc_set_str (&ecc->ref[1], /* 3 g */
+
"1b9a33999d8449c3bbd8cfe49ac6355a2ee0827a6c71687c86cb7b0670efe205",
+
"1876d998a19da37a120e76cb42f4f5225197279b612f712171a4648fe4a3ff12");
+
+ ecc_set_str (&ecc->ref[2], /* 4 g */
+
"5fa13ecfadd7ae00c2e65d0ac6cac1deda6d60e577afe90915671b08bbb9065e",
+
"1b3c2859166129ac6dafee570ab9d40d33fdc25c7253c72f4e3fa77223ab016a");
+
}
else if (!strcmp (curve, "gost_gc512a"))
{
diff --git a/examples/ecc-benchmark.c b/examples/ecc-benchmark.c
index a529cf16ab3a..b774d046ea20 100644
--- a/examples/ecc-benchmark.c
+++ b/examples/ecc-benchmark.c
@@ -315,6 +315,7 @@ const struct ecc_curve * const curves[] = {
&_nettle_curve448,
&_nettle_secp_521r1,
&_nettle_gost_gc256b,
+ &_nettle_gost_gc256c,
&_nettle_gost_gc512a,
};
diff --git a/nettle.texinfo b/nettle.texinfo
index 19eb6d3472a2..a576c0417c4a 100644
--- a/nettle.texinfo
+++ b/nettle.texinfo
@@ -5112,6 +5112,14 @@ Returns curve corresponding to following identifiers:
@end itemize
@end deftypefun
+@deftypefun {const struct ecc_curve} nettle_get_gost_gc256c(void)
+Returns curve corresponding to following identifiers:
+@itemize
+@item id-GostR3410-2001-CryptoPro-B-ParamSet (@cite{RFC 4357})
+@item id-tc26-gost-3410-12-256-paramSetC
+@end itemize
+@end deftypefun
+
@deftypefun {const struct ecc_curve} nettle_get_gost_gc512a(void)
Returns curve corresponding to following identifiers:
@itemize
diff --git a/testsuite/gostdsa-sign-test.c b/testsuite/gostdsa-sign-test.c
index 0e2e0420a313..4d25f9521d37 100644
--- a/testsuite/gostdsa-sign-test.c
+++ b/testsuite/gostdsa-sign-test.c
@@ -70,6 +70,17 @@ test_main (void)
"5E5B9B805B01147A8492C4A162643AC615DC777B9174108F3DC276A41F987AF3"); /* s */
+ test_gostdsa (nettle_get_gost_gc256c(),
+
"3FCF1D623E5CDD3032A7C6EABB4A923C46E43D640FFEAAF2C3ED39A8FA399924", /* z */
+
+
"5782C53F110C596F9155D35EBD25A06A89C50391850A8FEFE33B0E270318857C", /* k */
+
+
SHEX("1C067E20EA6CB183F22EFB0F3C6FD2A4E6A02821CB7A1B17FACD5E1F7AA76F70"), /* h
*/
+
+
"4E8F9973B31A134CE0942421573B0529B07EC96B835A07856C16CE8070C62547", /* r */
+
+
"10CE0EFA72741D5EB24837563AAB9369781D6F487ACF88BBEE3E49EC239F6A90"); /* s */
+
test_gostdsa (nettle_get_gost_gc512a(),
"3FC01CDCD4EC5F972EB482774C41E66DB7F380528DFE9E67992BA05AEE462435"
"757530E641077CE587B976C8EEB48C48FD33FD175F0C7DE6A44E014E6BCB074B", /* z */
diff --git a/testsuite/gostdsa-verify-test.c b/testsuite/gostdsa-verify-test.c
index 7279f5f46c5b..66660a2c0ad7 100644
--- a/testsuite/gostdsa-verify-test.c
+++ b/testsuite/gostdsa-verify-test.c
@@ -93,6 +93,17 @@ test_main (void)
"5E5B9B805B01147A8492C4A162643AC615DC777B9174108F3DC276A41F987AF3"); /* s */
+ test_gostdsa (nettle_get_gost_gc256c(),
+
"347E354F60B8DA8DE659B432600418C7D0E70F01622477579FAB36A066B9B8FD", /* x */
+
+
"1DD2E31CF7840A5109DFAB561E15D42BC3CE2E64995FB70F3B86679655A1BAA1", /* y */
+
+
SHEX("1C067E20EA6CB183F22EFB0F3C6FD2A4E6A02821CB7A1B17FACD5E1F7AA76F70"), /* h
*/
+
+
"4E8F9973B31A134CE0942421573B0529B07EC96B835A07856C16CE8070C62547", /* r */
+
+
"10CE0EFA72741D5EB24837563AAB9369781D6F487ACF88BBEE3E49EC239F6A90"); /* s */
+
test_gostdsa (nettle_get_gost_gc512a(),
"03A36340A95BB5F93D131961B5B1C1B3213DF7FF3B5A30376407E2A65C441BC6"
"D1B34662317083243F007B15A8512B526606D3B172B606DCE86DBD6F82DA3D40", /* x */
diff --git a/testsuite/testutils.c b/testsuite/testutils.c
index 187da0efda29..81952055c8d3 100644
--- a/testsuite/testutils.c
+++ b/testsuite/testutils.c
@@ -1677,6 +1677,7 @@ const struct ecc_curve * const ecc_curves[] = {
&_nettle_curve25519,
&_nettle_curve448,
&_nettle_gost_gc256b,
+ &_nettle_gost_gc256c,
&_nettle_gost_gc512a,
NULL
};
@@ -1726,7 +1727,7 @@ test_ecc_point (const struct ecc_curve *ecc,
}
/* For each curve, the points g, 2 g, 3 g and 4 g */
-static const struct ecc_ref_point ecc_ref[9][4] = {
+static const struct ecc_ref_point ecc_ref[10][4] = {
{ { "188da80eb03090f67cbf20eb43a18800f4ff0afd82ff1012",
"07192b95ffc8da78631011ed6b24cdd573f977a11e794811" },
{ "dafebf5828783f2ad35534631588a3f629a70fb16982a888",
@@ -1824,6 +1825,15 @@ static const struct ecc_ref_point ecc_ref[9][4] = {
{ "f7063e7063e7063e7063e7063e7063e7063e7063e7063e7063e7063e7063e4b7",
"83ccf17ba6706d73625cc3534c7a2b9d6ec1ee6a9a7e07c10d84b388de59f741" },
},
+ { { "0000000000000000000000000000000000000000000000000000000000000001",
+ "3fa8124359f96680b83d1c3eb2c070e5c545c9858d03ecfb744bf8d717717efc" },
+ { "8000000000000000000000000000000000000000000000000000000000000c97",
+ "4057edbca606997f47c2e3c14d3f8f1a3aba367a72fc13048bb40728e88e8d9d" },
+ { "1b9a33999d8449c3bbd8cfe49ac6355a2ee0827a6c71687c86cb7b0670efe205",
+ "1876d998a19da37a120e76cb42f4f5225197279b612f712171a4648fe4a3ff12" },
+ { "5fa13ecfadd7ae00c2e65d0ac6cac1deda6d60e577afe90915671b08bbb9065e",
+ "1b3c2859166129ac6dafee570ab9d40d33fdc25c7253c72f4e3fa77223ab016a" },
+ },
{ { "0000000000000000000000000000000000000000000000000000000000000000"
"0000000000000000000000000000000000000000000000000000000000000003",
"7503cfe87a836ae3a61b8816e25450e6ce5e1c93acf1abc1778064fdcbefa921"
@@ -1852,7 +1862,7 @@ test_ecc_ga (unsigned curve, const mp_limb_t *p)
void
test_ecc_mul_a (unsigned curve, unsigned n, const mp_limb_t *p)
{
- assert (curve < 9);
+ assert (curve < 10);
assert (n <= 4);
if (n == 0)
{
--
2.25.0
_______________________________________________
nettle-bugs mailing list
nettle-bugs@lists.lysator.liu.se
http://lists.lysator.liu.se/mailman/listinfo/nettle-bugs
