132 lines
5.3 KiB
Diff
132 lines
5.3 KiB
Diff
From 2cfa191a940b7b884f24d23d94227ff382c672b4 Mon Sep 17 00:00:00 2001
|
|
From: Jack Lloyd <jack@randombit.net>
|
|
Date: Tue, 17 Apr 2018 18:06:34 -0400
|
|
Subject: [PATCH] Add EC_Group::inverse_mod_order
|
|
|
|
Centralizing this logic allows curve specific implementations such
|
|
as using a precomputed ladder for exponentiating by p - 2
|
|
|
|
GH #1479
|
|
---
|
|
src/lib/pubkey/ec_group/ec_group.cpp | 10 ++++++++++
|
|
src/lib/pubkey/ec_group/ec_group.h | 5 +++++
|
|
src/lib/pubkey/ecdh/ecdh.cpp | 2 +-
|
|
src/lib/pubkey/ecdsa/ecdsa.cpp | 4 ++--
|
|
src/lib/pubkey/ecgdsa/ecgdsa.cpp | 2 +-
|
|
src/lib/pubkey/sm2/sm2.cpp | 4 ++--
|
|
6 files changed, 21 insertions(+), 6 deletions(-)
|
|
|
|
diff --git a/src/lib/pubkey/ec_group/ec_group.cpp b/src/lib/pubkey/ec_group/ec_group.cpp
|
|
index fc512b7332..ac23aa151e 100644
|
|
--- src/lib/pubkey/ec_group/ec_group.cpp
|
|
+++ src/lib/pubkey/ec_group/ec_group.cpp
|
|
@@ -87,6 +87,11 @@ class EC_Group_Data final
|
|
return m_mod_order.multiply(x, y);
|
|
}
|
|
|
|
+ BigInt inverse_mod_order(const BigInt& x) const
|
|
+ {
|
|
+ return inverse_mod(x, m_order);
|
|
+ }
|
|
+
|
|
PointGFp blinded_base_point_multiply(const BigInt& k,
|
|
RandomNumberGenerator& rng,
|
|
std::vector<BigInt>& ws) const
|
|
@@ -469,6 +476,11 @@ BigInt EC_Group::multiply_mod_order(const BigInt& x, const BigInt& y) const
|
|
return data().multiply_mod_order(x, y);
|
|
}
|
|
|
|
+BigInt EC_Group::inverse_mod_order(const BigInt& x) const
|
|
+ {
|
|
+ return data().inverse_mod_order(x);
|
|
+ }
|
|
+
|
|
const OID& EC_Group::get_curve_oid() const
|
|
{
|
|
return data().oid();
|
|
diff --git a/src/lib/pubkey/ec_group/ec_group.h b/src/lib/pubkey/ec_group/ec_group.h
|
|
index 8bb1a30448..f273108d2b 100644
|
|
--- src/lib/pubkey/ec_group/ec_group.h
|
|
+++ src/lib/pubkey/ec_group/ec_group.h
|
|
@@ -193,6 +193,11 @@ class BOTAN_PUBLIC_API(2,0) EC_Group final
|
|
*/
|
|
BigInt mod_order(const BigInt& x) const;
|
|
|
|
+ /*
|
|
+ * Return inverse of x modulo the order
|
|
+ */
|
|
+ BigInt inverse_mod_order(const BigInt& x) const;
|
|
+
|
|
/*
|
|
* Reduce (x*y) modulo the order
|
|
*/
|
|
diff --git a/src/lib/pubkey/ecdh/ecdh.cpp b/src/lib/pubkey/ecdh/ecdh.cpp
|
|
index adadb27036..59f245a00c 100644
|
|
--- src/lib/pubkey/ecdh/ecdh.cpp
|
|
+++ src/lib/pubkey/ecdh/ecdh.cpp
|
|
@@ -31,7 +31,7 @@ class ECDH_KA_Operation final : public PK_Ops::Key_Agreement_with_KDF
|
|
m_group(key.domain()),
|
|
m_rng(rng)
|
|
{
|
|
- m_l_times_priv = inverse_mod(m_group.get_cofactor(), m_group.get_order()) * key.private_value();
|
|
+ m_l_times_priv = m_group.inverse_mod_order(m_group.get_cofactor()) * key.private_value();
|
|
}
|
|
|
|
secure_vector<uint8_t> raw_agree(const uint8_t w[], size_t w_len) override
|
|
diff --git a/src/lib/pubkey/ecdsa/ecdsa.cpp b/src/lib/pubkey/ecdsa/ecdsa.cpp
|
|
index 03f5e57ab6..6e104f1641 100644
|
|
--- src/lib/pubkey/ecdsa/ecdsa.cpp
|
|
+++ src/lib/pubkey/ecdsa/ecdsa.cpp
|
|
@@ -89,7 +89,7 @@ ECDSA_Signature_Operation::raw_sign(const uint8_t msg[], size_t msg_len,
|
|
const BigInt k = m_group.random_scalar(rng);
|
|
#endif
|
|
|
|
- const BigInt k_inv = inverse_mod(k, m_group.get_order());
|
|
+ const BigInt k_inv = m_group.inverse_mod_order(k);
|
|
const BigInt r = m_group.mod_order(
|
|
m_group.blinded_base_point_multiply_x(k, rng, m_ws));
|
|
|
|
@@ -142,7 +142,7 @@ bool ECDSA_Verification_Operation::verify(const uint8_t msg[], size_t msg_len,
|
|
if(r <= 0 || r >= m_group.get_order() || s <= 0 || s >= m_group.get_order())
|
|
return false;
|
|
|
|
- const BigInt w = inverse_mod(s, m_group.get_order());
|
|
+ const BigInt w = m_group.inverse_mod_order(s);
|
|
|
|
const BigInt u1 = m_group.multiply_mod_order(e, w);
|
|
const BigInt u2 = m_group.multiply_mod_order(r, w);
|
|
diff --git a/src/lib/pubkey/ecgdsa/ecgdsa.cpp b/src/lib/pubkey/ecgdsa/ecgdsa.cpp
|
|
index 192d999a8e..61b7ae0558 100644
|
|
--- src/lib/pubkey/ecgdsa/ecgdsa.cpp
|
|
+++ src/lib/pubkey/ecgdsa/ecgdsa.cpp
|
|
@@ -115,7 +115,7 @@ bool ECGDSA_Verification_Operation::verify(const uint8_t msg[], size_t msg_len,
|
|
if(r <= 0 || r >= m_group.get_order() || s <= 0 || s >= m_group.get_order())
|
|
return false;
|
|
|
|
- const BigInt w = inverse_mod(r, m_group.get_order());
|
|
+ const BigInt w = m_group.inverse_mod_order(r);
|
|
|
|
const BigInt u1 = m_group.multiply_mod_order(e, w);
|
|
const BigInt u2 = m_group.multiply_mod_order(s, w);
|
|
diff --git a/src/lib/pubkey/sm2/sm2.cpp b/src/lib/pubkey/sm2/sm2.cpp
|
|
index 95fe28f147..1096ea99f5 100644
|
|
--- src/lib/pubkey/sm2/sm2.cpp
|
|
+++ src/lib/pubkey/sm2/sm2.cpp
|
|
@@ -30,7 +30,7 @@ SM2_Signature_PrivateKey::SM2_Signature_PrivateKey(const AlgorithmIdentifier& al
|
|
const secure_vector<uint8_t>& key_bits) :
|
|
EC_PrivateKey(alg_id, key_bits)
|
|
{
|
|
- m_da_inv = inverse_mod(m_private_key + 1, domain().get_order());
|
|
+ m_da_inv = domain().inverse_mod_order(m_private_key + 1);
|
|
}
|
|
|
|
SM2_Signature_PrivateKey::SM2_Signature_PrivateKey(RandomNumberGenerator& rng,
|
|
@@ -38,7 +38,7 @@ SM2_Signature_PrivateKey::SM2_Signature_PrivateKey(RandomNumberGenerator& rng,
|
|
const BigInt& x) :
|
|
EC_PrivateKey(rng, domain, x)
|
|
{
|
|
- m_da_inv = inverse_mod(m_private_key + 1, domain.get_order());
|
|
+ m_da_inv = domain.inverse_mod_order(m_private_key + 1);
|
|
}
|
|
|
|
std::vector<uint8_t> sm2_compute_za(HashFunction& hash,
|