зеркало из https://github.com/mozilla/gecko-dev.git
Bug 327405. Correct EC keypair Generation. r=vipul.gupta,nelson.bolyard
Patch contributed by Douglas Stebila <douglas@stebila.ca>
This commit is contained in:
nelson%bolyard.com
Родитель
56fc6fa166
Коммит
340adcfbfa
|
|
@ -206,13 +206,6 @@ ECGroup_consGF2m(const mp_int *irr, const unsigned int irr_arr[5],
|
|||
return group;
|
||||
}
|
||||
|
||||
/* Helper macros for ecgroup_fromNameAndHex. */
|
||||
#define CHECK_GROUP \
|
||||
if (group == NULL) { res = MP_UNDEF; goto CLEANUP; }
|
||||
#define CONS_GF2M \
|
||||
group = ECGroup_consGF2m(&irr, NULL, &curvea, &curveb, &genx, &geny, &order, params->cofactor); \
|
||||
CHECK_GROUP
|
||||
|
||||
/* Construct ECGroup from hex parameters and name, if any. Called by
|
||||
* ECGroup_fromHex and ECGroup_fromName. */
|
||||
ECGroup *
|
||||
|
|
@ -253,81 +246,86 @@ ecgroup_fromNameAndHex(const ECCurveName name,
|
|||
|
||||
/* determine which optimizations (if any) to use */
|
||||
if (params->field == ECField_GFp) {
|
||||
if ((name == ECCurve_SECG_PRIME_160K1)
|
||||
|| (name == ECCurve_SECG_PRIME_160R2)) {
|
||||
group =
|
||||
ECGroup_consGFp_mont(&irr, &curvea, &curveb, &genx, &geny,
|
||||
&order, params->cofactor);
|
||||
} else if ((name == ECCurve_SECG_PRIME_160R1)) {
|
||||
if ((name == ECCurve_SECG_PRIME_160R1)) {
|
||||
#ifdef ECL_USE_FP
|
||||
group =
|
||||
ECGroup_consGFp(&irr, &curvea, &curveb, &genx, &geny,
|
||||
&order, params->cofactor);
|
||||
CHECK_GROUP MP_CHECKOK(ec_group_set_secp160r1_fp(group));
|
||||
if (group == NULL) { res = MP_UNDEF; goto CLEANUP; }
|
||||
MP_CHECKOK(ec_group_set_secp160r1_fp(group));
|
||||
#else
|
||||
group =
|
||||
ECGroup_consGFp_mont(&irr, &curvea, &curveb, &genx, &geny,
|
||||
&order, params->cofactor);
|
||||
if (group == NULL) { res = MP_UNDEF; goto CLEANUP; }
|
||||
/* no optimized version of secp160r1 arithmetic for non-floating
|
||||
* point systems
|
||||
*/
|
||||
#endif
|
||||
} else if ((name == ECCurve_SECG_PRIME_192K1)) {
|
||||
group =
|
||||
ECGroup_consGFp_mont(&irr, &curvea, &curveb, &genx, &geny,
|
||||
&order, params->cofactor);
|
||||
CHECK_GROUP MP_CHECKOK(ec_group_set_gfp192(group, name));
|
||||
if (group == NULL) { res = MP_UNDEF; goto CLEANUP; }
|
||||
MP_CHECKOK(ec_group_set_gfp192(group, name));
|
||||
} else if ((name == ECCurve_SECG_PRIME_192R1)) {
|
||||
#ifdef ECL_USE_FP
|
||||
group =
|
||||
ECGroup_consGFp(&irr, &curvea, &curveb, &genx, &geny,
|
||||
&order, params->cofactor);
|
||||
CHECK_GROUP MP_CHECKOK(ec_group_set_nistp192_fp(group));
|
||||
if (group == NULL) { res = MP_UNDEF; goto CLEANUP; }
|
||||
MP_CHECKOK(ec_group_set_nistp192_fp(group));
|
||||
#else
|
||||
group =
|
||||
ECGroup_consGFp(&irr, &curvea, &curveb, &genx, &geny,
|
||||
&order, params->cofactor);
|
||||
CHECK_GROUP MP_CHECKOK(ec_group_set_gfp192(group, name));
|
||||
if (group == NULL) { res = MP_UNDEF; goto CLEANUP; }
|
||||
MP_CHECKOK(ec_group_set_gfp192(group, name));
|
||||
#endif
|
||||
} else if ((name == ECCurve_SECG_PRIME_224K1)) {
|
||||
group =
|
||||
ECGroup_consGFp_mont(&irr, &curvea, &curveb, &genx, &geny,
|
||||
&order, params->cofactor);
|
||||
CHECK_GROUP MP_CHECKOK(ec_group_set_gfp224(group, name));
|
||||
if (group == NULL) { res = MP_UNDEF; goto CLEANUP; }
|
||||
MP_CHECKOK(ec_group_set_gfp224(group, name));
|
||||
} else if ((name == ECCurve_SECG_PRIME_224R1)) {
|
||||
#ifdef ECL_USE_FP
|
||||
group =
|
||||
ECGroup_consGFp(&irr, &curvea, &curveb, &genx, &geny,
|
||||
&order, params->cofactor);
|
||||
CHECK_GROUP MP_CHECKOK(ec_group_set_nistp224_fp(group));
|
||||
if (group == NULL) { res = MP_UNDEF; goto CLEANUP; }
|
||||
MP_CHECKOK(ec_group_set_nistp224_fp(group));
|
||||
#else
|
||||
group =
|
||||
ECGroup_consGFp(&irr, &curvea, &curveb, &genx, &geny,
|
||||
&order, params->cofactor);
|
||||
CHECK_GROUP MP_CHECKOK(ec_group_set_gfp224(group, name));
|
||||
if (group == NULL) { res = MP_UNDEF; goto CLEANUP; }
|
||||
MP_CHECKOK(ec_group_set_gfp224(group, name));
|
||||
#endif
|
||||
} else {
|
||||
/* use generic arithmetic */
|
||||
group =
|
||||
ECGroup_consGFp_mont(&irr, &curvea, &curveb, &genx, &geny,
|
||||
&order, params->cofactor);
|
||||
CHECK_GROUP}
|
||||
if (group == NULL) { res = MP_UNDEF; goto CLEANUP; }
|
||||
}
|
||||
/* XXX secp521r1 fails ecp_test with &ec_GFp_pts_mul_jac */
|
||||
if (name == ECCurve_SECG_PRIME_521R1) {
|
||||
group->points_mul = &ec_pts_mul_simul_w2;
|
||||
}
|
||||
} else if (params->field == ECField_GF2m) {
|
||||
switch (bits) {
|
||||
case 163:
|
||||
CONS_GF2M MP_CHECKOK(ec_group_set_gf2m163(group, name));
|
||||
break;
|
||||
case 193:
|
||||
CONS_GF2M MP_CHECKOK(ec_group_set_gf2m193(group, name));
|
||||
break;
|
||||
case 233:
|
||||
CONS_GF2M MP_CHECKOK(ec_group_set_gf2m233(group, name));
|
||||
break;
|
||||
default:
|
||||
group =
|
||||
ECGroup_consGF2m(&irr, NULL, &curvea, &curveb, &genx,
|
||||
&geny, &order, params->cofactor);
|
||||
CHECK_GROUP break;
|
||||
group = ECGroup_consGF2m(&irr, NULL, &curvea, &curveb, &genx, &geny, &order, params->cofactor);
|
||||
if (group == NULL) { res = MP_UNDEF; goto CLEANUP; }
|
||||
if ((name == ECCurve_NIST_K163) ||
|
||||
(name == ECCurve_NIST_B163) ||
|
||||
(name == ECCurve_SECG_CHAR2_163R1)) {
|
||||
MP_CHECKOK(ec_group_set_gf2m163(group, name));
|
||||
} else if ((name == ECCurve_SECG_CHAR2_193R1) ||
|
||||
(name == ECCurve_SECG_CHAR2_193R2)) {
|
||||
MP_CHECKOK(ec_group_set_gf2m193(group, name));
|
||||
} else if ((name == ECCurve_NIST_K233) ||
|
||||
(name == ECCurve_NIST_B233)) {
|
||||
MP_CHECKOK(ec_group_set_gf2m233(group, name));
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -353,10 +351,6 @@ ecgroup_fromNameAndHex(const ECCurveName name,
|
|||
return group;
|
||||
}
|
||||
|
||||
#undef CHECK_GROUP
|
||||
#undef CONS_GFP
|
||||
#undef CONS_GF2M
|
||||
|
||||
/* Construct ECGroup from hexadecimal representations of parameters. */
|
||||
ECGroup *
|
||||
ECGroup_fromHex(const ECCurveParams * params)
|
||||
|
|
|
|||
|
|
@ -455,6 +455,36 @@ main(int argv, char **argc)
|
|||
ECTEST_GENERIC_GF2M("SECT-131R1", ECCurve_SECG_CHAR2_131R1);
|
||||
|
||||
/* specific arithmetic tests */
|
||||
ECTEST_NAMED_GF2M("NIST-K163", ECCurve_NIST_K163);
|
||||
ECTEST_NAMED_GF2M("NIST-B163", ECCurve_NIST_B163);
|
||||
ECTEST_NAMED_GF2M("NIST-K233", ECCurve_NIST_K233);
|
||||
ECTEST_NAMED_GF2M("NIST-B233", ECCurve_NIST_B233);
|
||||
ECTEST_NAMED_GF2M("NIST-K283", ECCurve_NIST_K283);
|
||||
ECTEST_NAMED_GF2M("NIST-B283", ECCurve_NIST_B283);
|
||||
ECTEST_NAMED_GF2M("NIST-K409", ECCurve_NIST_K409);
|
||||
ECTEST_NAMED_GF2M("NIST-B409", ECCurve_NIST_B409);
|
||||
ECTEST_NAMED_GF2M("NIST-K571", ECCurve_NIST_K571);
|
||||
ECTEST_NAMED_GF2M("NIST-B571", ECCurve_NIST_B571);
|
||||
ECTEST_NAMED_GF2M("ANSI X9.62 C2PNB163V1", ECCurve_X9_62_CHAR2_PNB163V1);
|
||||
ECTEST_NAMED_GF2M("ANSI X9.62 C2PNB163V2", ECCurve_X9_62_CHAR2_PNB163V2);
|
||||
ECTEST_NAMED_GF2M("ANSI X9.62 C2PNB163V3", ECCurve_X9_62_CHAR2_PNB163V3);
|
||||
ECTEST_NAMED_GF2M("ANSI X9.62 C2PNB176V1", ECCurve_X9_62_CHAR2_PNB176V1);
|
||||
ECTEST_NAMED_GF2M("ANSI X9.62 C2TNB191V1", ECCurve_X9_62_CHAR2_TNB191V1);
|
||||
ECTEST_NAMED_GF2M("ANSI X9.62 C2TNB191V2", ECCurve_X9_62_CHAR2_TNB191V2);
|
||||
ECTEST_NAMED_GF2M("ANSI X9.62 C2TNB191V3", ECCurve_X9_62_CHAR2_TNB191V3);
|
||||
ECTEST_NAMED_GF2M("ANSI X9.62 C2PNB208W1", ECCurve_X9_62_CHAR2_PNB208W1);
|
||||
ECTEST_NAMED_GF2M("ANSI X9.62 C2TNB239V1", ECCurve_X9_62_CHAR2_TNB239V1);
|
||||
ECTEST_NAMED_GF2M("ANSI X9.62 C2TNB239V2", ECCurve_X9_62_CHAR2_TNB239V2);
|
||||
ECTEST_NAMED_GF2M("ANSI X9.62 C2TNB239V3", ECCurve_X9_62_CHAR2_TNB239V3);
|
||||
ECTEST_NAMED_GF2M("ANSI X9.62 C2PNB272W1", ECCurve_X9_62_CHAR2_PNB272W1);
|
||||
ECTEST_NAMED_GF2M("ANSI X9.62 C2PNB304W1", ECCurve_X9_62_CHAR2_PNB304W1);
|
||||
ECTEST_NAMED_GF2M("ANSI X9.62 C2TNB359V1", ECCurve_X9_62_CHAR2_TNB359V1);
|
||||
ECTEST_NAMED_GF2M("ANSI X9.62 C2PNB368W1", ECCurve_X9_62_CHAR2_PNB368W1);
|
||||
ECTEST_NAMED_GF2M("ANSI X9.62 C2TNB431R1", ECCurve_X9_62_CHAR2_TNB431R1);
|
||||
ECTEST_NAMED_GF2M("SECT-113R1", ECCurve_SECG_CHAR2_113R1);
|
||||
ECTEST_NAMED_GF2M("SECT-113R2", ECCurve_SECG_CHAR2_113R2);
|
||||
ECTEST_NAMED_GF2M("SECT-131R1", ECCurve_SECG_CHAR2_131R1);
|
||||
ECTEST_NAMED_GF2M("SECT-131R2", ECCurve_SECG_CHAR2_131R2);
|
||||
ECTEST_NAMED_GF2M("SECT-163K1", ECCurve_SECG_CHAR2_163K1);
|
||||
ECTEST_NAMED_GF2M("SECT-163R1", ECCurve_SECG_CHAR2_163R1);
|
||||
ECTEST_NAMED_GF2M("SECT-163R2", ECCurve_SECG_CHAR2_163R2);
|
||||
|
|
@ -462,6 +492,19 @@ main(int argv, char **argc)
|
|||
ECTEST_NAMED_GF2M("SECT-193R2", ECCurve_SECG_CHAR2_193R2);
|
||||
ECTEST_NAMED_GF2M("SECT-233K1", ECCurve_SECG_CHAR2_233K1);
|
||||
ECTEST_NAMED_GF2M("SECT-233R1", ECCurve_SECG_CHAR2_233R1);
|
||||
ECTEST_NAMED_GF2M("SECT-239K1", ECCurve_SECG_CHAR2_239K1);
|
||||
ECTEST_NAMED_GF2M("SECT-283K1", ECCurve_SECG_CHAR2_283K1);
|
||||
ECTEST_NAMED_GF2M("SECT-283R1", ECCurve_SECG_CHAR2_283R1);
|
||||
ECTEST_NAMED_GF2M("SECT-409K1", ECCurve_SECG_CHAR2_409K1);
|
||||
ECTEST_NAMED_GF2M("SECT-409R1", ECCurve_SECG_CHAR2_409R1);
|
||||
ECTEST_NAMED_GF2M("SECT-571K1", ECCurve_SECG_CHAR2_571K1);
|
||||
ECTEST_NAMED_GF2M("SECT-571R1", ECCurve_SECG_CHAR2_571R1);
|
||||
ECTEST_NAMED_GF2M("WTLS-1 (113)", ECCurve_WTLS_1);
|
||||
ECTEST_NAMED_GF2M("WTLS-3 (163)", ECCurve_WTLS_3);
|
||||
ECTEST_NAMED_GF2M("WTLS-4 (113)", ECCurve_WTLS_4);
|
||||
ECTEST_NAMED_GF2M("WTLS-5 (163)", ECCurve_WTLS_5);
|
||||
ECTEST_NAMED_GF2M("WTLS-10 (233)", ECCurve_WTLS_10);
|
||||
ECTEST_NAMED_GF2M("WTLS-11 (233)", ECCurve_WTLS_11);
|
||||
|
||||
CLEANUP:
|
||||
EC_FreeCurveParams(params);
|
||||
|
|
|
|||
|
|
@ -417,6 +417,22 @@ main(int argv, char **argc)
|
|||
ECTEST_GENERIC_GFP("SECP-160R1", ECCurve_SECG_PRIME_160R1);
|
||||
|
||||
/* specific arithmetic tests */
|
||||
ECTEST_NAMED_GFP("NIST-P192", ECCurve_NIST_P192);
|
||||
ECTEST_NAMED_GFP("NIST-P224", ECCurve_NIST_P224);
|
||||
ECTEST_NAMED_GFP("NIST-P256", ECCurve_NIST_P256);
|
||||
ECTEST_NAMED_GFP("NIST-P384", ECCurve_NIST_P384);
|
||||
ECTEST_NAMED_GFP("NIST-P521", ECCurve_NIST_P521);
|
||||
ECTEST_NAMED_GFP("ANSI X9.62 PRIME192v1", ECCurve_X9_62_PRIME_192V1);
|
||||
ECTEST_NAMED_GFP("ANSI X9.62 PRIME192v2", ECCurve_X9_62_PRIME_192V2);
|
||||
ECTEST_NAMED_GFP("ANSI X9.62 PRIME192v3", ECCurve_X9_62_PRIME_192V3);
|
||||
ECTEST_NAMED_GFP("ANSI X9.62 PRIME239v1", ECCurve_X9_62_PRIME_239V1);
|
||||
ECTEST_NAMED_GFP("ANSI X9.62 PRIME239v2", ECCurve_X9_62_PRIME_239V2);
|
||||
ECTEST_NAMED_GFP("ANSI X9.62 PRIME239v3", ECCurve_X9_62_PRIME_239V3);
|
||||
ECTEST_NAMED_GFP("ANSI X9.62 PRIME256v1", ECCurve_X9_62_PRIME_256V1);
|
||||
ECTEST_NAMED_GFP("SECP-112R1", ECCurve_SECG_PRIME_112R1);
|
||||
ECTEST_NAMED_GFP("SECP-112R2", ECCurve_SECG_PRIME_112R2);
|
||||
ECTEST_NAMED_GFP("SECP-128R1", ECCurve_SECG_PRIME_128R1);
|
||||
ECTEST_NAMED_GFP("SECP-128R2", ECCurve_SECG_PRIME_128R2);
|
||||
ECTEST_NAMED_GFP("SECP-160K1", ECCurve_SECG_PRIME_160K1);
|
||||
ECTEST_NAMED_GFP("SECP-160R1", ECCurve_SECG_PRIME_160R1);
|
||||
ECTEST_NAMED_GFP("SECP-160R2", ECCurve_SECG_PRIME_160R2);
|
||||
|
|
@ -424,6 +440,15 @@ main(int argv, char **argc)
|
|||
ECTEST_NAMED_GFP("SECP-192R1", ECCurve_SECG_PRIME_192R1);
|
||||
ECTEST_NAMED_GFP("SECP-224K1", ECCurve_SECG_PRIME_224K1);
|
||||
ECTEST_NAMED_GFP("SECP-224R1", ECCurve_SECG_PRIME_224R1);
|
||||
ECTEST_NAMED_GFP("SECP-256K1", ECCurve_SECG_PRIME_256K1);
|
||||
ECTEST_NAMED_GFP("SECP-256R1", ECCurve_SECG_PRIME_256R1);
|
||||
ECTEST_NAMED_GFP("SECP-384R1", ECCurve_SECG_PRIME_384R1);
|
||||
ECTEST_NAMED_GFP("SECP-521R1", ECCurve_SECG_PRIME_521R1);
|
||||
ECTEST_NAMED_GFP("WTLS-6 (112)", ECCurve_WTLS_6);
|
||||
ECTEST_NAMED_GFP("WTLS-7 (160)", ECCurve_WTLS_7);
|
||||
ECTEST_NAMED_GFP("WTLS-8 (112)", ECCurve_WTLS_8);
|
||||
ECTEST_NAMED_GFP("WTLS-9 (160)", ECCurve_WTLS_9);
|
||||
ECTEST_NAMED_GFP("WTLS-12 (224)", ECCurve_WTLS_12);
|
||||
|
||||
CLEANUP:
|
||||
EC_FreeCurveParams(params);
|
||||
|
|
|
|||
Загрузка…
Ссылка в новой задаче