Re: [PATCH 2/3] Add several GOST R 34.10 curves defined by RFC 4357 and RFC 7836

2020-01-11 Thread Niels Möller 
dbarysh...@gmail.com writes:

> From: Dmitry Eremin-Solenikov 
>
> Add three 256-bit curves from RFC 4357 (Section 11.4) and two 512-bit
> curves from RFC 7836 (Section A.1).

To easy review, please do one patch or merge-request per curve. We can
do the easiest ones first, which I think are gc256b and gc512a.

Regards,
/Niels

-- 
Niels Möller. PGP-encrypted email is preferred. Keyid 368C6677.
Internet email is subject to wholesale government surveillance.
___
nettle-bugs mailing list
nettle-bugs@lists.lysator.liu.se
http://lists.lysator.liu.se/mailman/listinfo/nettle-bugs

[PATCH 2/3] Add several GOST R 34.10 curves defined by RFC 4357 and RFC 7836

2020-01-10 Thread dbaryshkov 
From: Dmitry Eremin-Solenikov 

Add three 256-bit curves from RFC 4357 (Section 11.4) and two 512-bit
curves from RFC 7836 (Section A.1).

Curves are named accrording to the "TLS Supported Groups" registry.

Signed-off-by: Dmitry Eremin-Solenikov 
---
 .gitignore   |   5 +
 Makefile.in  |  49 +
 ecc-curve.h  |   5 +
 ecc-gc256b.c | 148 +++
 ecc-gc256c.c | 210 +++
 ecc-gc256d.c | 184 ++
 ecc-gc512a.c | 148 +++
 ecc-gc512b.c | 204 +
 ecc-internal.h   |   7 ++
 eccdata.c| 174 +++-
 examples/ecc-benchmark.c |   5 +
 testsuite/testutils.c|  56 ++-
 12 files changed, 1192 insertions(+), 3 deletions(-)
 create mode 100644 ecc-gc256b.c
 create mode 100644 ecc-gc256c.c
 create mode 100644 ecc-gc256d.c
 create mode 100644 ecc-gc512a.c
 create mode 100644 ecc-gc512b.c

diff --git a/.gitignore b/.gitignore
index ea264107fa40..a0642b1b6c2f 100644
--- a/.gitignore
+++ b/.gitignore
@@ -45,6 +45,11 @@ core
 /rotors.h
 /ecc-curve25519.h
 /ecc-curve448.h
+/ecc-gc256b.h
+/ecc-gc256c.h
+/ecc-gc256d.h
+/ecc-gc512a.h
+/ecc-gc512b.h
 /ecc-secp192r1.h
 /ecc-secp224r1.h
 /ecc-secp256r1.h
diff --git a/Makefile.in b/Makefile.in
index 38160bb40fe1..d9b76d8d5354 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -176,6 +176,8 @@ hogweed_SOURCES = sexp.c sexp-format.c \
  ecc-mod.c ecc-mod-inv.c \
  ecc-mod-arith.c ecc-pp1-redc.c ecc-pm1-redc.c \
  ecc-curve25519.c ecc-curve448.c \
+ ecc-gc256b.c ecc-gc256c.c ecc-gc256d.c \
+ ecc-gc512a.c ecc-gc512b.c \
  ecc-secp192r1.c ecc-secp224r1.c ecc-secp256r1.c \
  ecc-secp384r1.c ecc-secp521r1.c \
  ecc-size.c ecc-j-to-a.c ecc-a-to-j.c \
@@ -396,12 +398,57 @@ ecc-curve25519.h: eccdata.stamp
 ecc-curve448.h: eccdata.stamp
./eccdata$(EXEEXT_FOR_BUILD) curve448 38 6 $(NUMB_BITS) > $@T && mv $@T 
$@
 
+# Some reasonable choices for 256:
+# k =  9, c =  6, S = 320, T =  54 ( 45 A +  9 D) 20 KB
+# k = 11, c =  6, S = 256, T =  55 ( 44 A + 11 D) 16 KB
+# k = 19, c =  7, S = 256, T =  57 ( 38 A + 19 D) 16 KB
+# k = 15, c =  6, S = 192, T =  60 ( 45 A + 15 D) 12 KB
+ecc-gc256b.h: eccdata.stamp
+   ./eccdata$(EXEEXT_FOR_BUILD) gc256b 11 6 $(NUMB_BITS) > $@T && mv $@T $@
+
+# Some reasonable choices for 256:
+# k =  9, c =  6, S = 320, T =  54 ( 45 A +  9 D) 20 KB
+# k = 11, c =  6, S = 256, T =  55 ( 44 A + 11 D) 16 KB
+# k = 19, c =  7, S = 256, T =  57 ( 38 A + 19 D) 16 KB
+# k = 15, c =  6, S = 192, T =  60 ( 45 A + 15 D) 12 KB
+ecc-gc256c.h: eccdata.stamp
+   ./eccdata$(EXEEXT_FOR_BUILD) gc256c 11 6 $(NUMB_BITS) > $@T && mv $@T $@
+
+# Some reasonable choices for 256:
+# k =  9, c =  6, S = 320, T =  54 ( 45 A +  9 D) 20 KB
+# k = 11, c =  6, S = 256, T =  55 ( 44 A + 11 D) 16 KB
+# k = 19, c =  7, S = 256, T =  57 ( 38 A + 19 D) 16 KB
+# k = 15, c =  6, S = 192, T =  60 ( 45 A + 15 D) 12 KB
+ecc-gc256d.h: eccdata.stamp
+   ./eccdata$(EXEEXT_FOR_BUILD) gc256d 11 6 $(NUMB_BITS) > $@T && mv $@T $@
+
+# Some reasonable choices for 512:
+# k = 29, c =  6, S = 192, T = 116 ( 87 A + 29 D)
+# k = 21, c =  5, S = 160, T = 126 (105 A + 21 D)
+# k = 43, c =  6, S = 128, T = 129 ( 86 A + 43 D)
+# k = 35, c =  5, S =  96, T = 140 (105 A + 35 D)
+ecc-gc512a.h: eccdata.stamp
+   ./eccdata$(EXEEXT_FOR_BUILD) gc512a 43 6 $(NUMB_BITS) > $@T && mv $@T $@
+
+# Some reasonable choices for 512:
+# k = 29, c =  6, S = 192, T = 116 ( 87 A + 29 D)
+# k = 21, c =  5, S = 160, T = 126 (105 A + 21 D)
+# k = 43, c =  6, S = 128, T = 129 ( 86 A + 43 D)
+# k = 35, c =  5, S =  96, T = 140 (105 A + 35 D)
+ecc-gc512b.h: eccdata.stamp
+   ./eccdata$(EXEEXT_FOR_BUILD) gc512b 43 6 $(NUMB_BITS) > $@T && mv $@T $@
+
 eccdata.stamp: eccdata.c
$(MAKE) eccdata$(EXEEXT_FOR_BUILD)
echo stamp > eccdata.stamp
 
 ecc-curve25519.$(OBJEXT): ecc-curve25519.h
 ecc-curve448.$(OBJEXT): ecc-curve448.h
+ecc-gc256b.$(OBJEXT): ecc-gc256b.h
+ecc-gc256c.$(OBJEXT): ecc-gc256c.h
+ecc-gc256d.$(OBJEXT): ecc-gc256d.h
+ecc-gc512a.$(OBJEXT): ecc-gc512a.h
+ecc-gc512b.$(OBJEXT): ecc-gc512b.h
 ecc-secp192r1.$(OBJEXT): ecc-secp192r1.h
 ecc-secp224r1.$(OBJEXT): ecc-secp224r1.h
 ecc-secp256r1.$(OBJEXT): ecc-secp256r1.h
@@ -660,6 +707,8 @@ distcheck: dist
 clean-here:
-rm -f $(TARGETS) *.$(OBJEXT) *.s *.so *.dll *.a \
ecc-curve25519.h ecc-curve448.h \
+   ecc-gc256b.h ecc-gc256c.h ecc-gc256d.h \
+   ecc-gc512a.h ecc-gc512b.h \
ecc-secp192r1.h ecc-secp224r1.h ecc-secp256r1.h \
ecc-secp384r1.h ecc-secp521r1.h \
aesdata$(EXEEXT_FOR_BUILD) \
diff --git a/ecc-curve.h b/ecc-curve.h
index