/* -*-c-*-
*
- * $Id: ec-bin.c,v 1.7 2004/04/01 21:28:41 mdw Exp $
+ * $Id: ec-bin.c,v 1.8 2004/04/03 03:32:05 mdw Exp $
*
* Arithmetic for elliptic curves over binary fields
*
/*----- Revision history --------------------------------------------------*
*
* $Log: ec-bin.c,v $
+ * Revision 1.8 2004/04/03 03:32:05 mdw
+ * General robustification.
+ *
* Revision 1.7 2004/04/01 21:28:41 mdw
* Normal basis support (translates to poly basis internally). Rewrite
* EC and prime group table generators in awk, so that they can reuse data
d->z = dz;
MP_DROP(u);
MP_DROP(v);
- assert(!(d->x->f & MP_DESTROYED));
- assert(!(d->y->f & MP_DESTROYED));
- assert(!(d->z->f & MP_DESTROYED));
}
return (d);
}
* Arguments: @field *f@ = the underlying field for this elliptic curve
* @mp *a, *b@ = the coefficients for this curve
*
- * Returns: A pointer to the curve.
+ * Returns: A pointer to the curve, or null.
*
* Use: Creates a curve structure for an elliptic curve defined over
* a binary field. The @binproj@ variant uses projective
cc->c.a = F_IN(f, MP_NEW, a);
cc->c.b = F_IN(f, MP_NEW, b);
cc->bb = F_SQRT(f, MP_NEW, cc->c.b);
- cc->bb = F_SQRT(f, cc->bb, cc->bb);
+ if (cc->bb)
+ cc->bb = F_SQRT(f, cc->bb, cc->bb);
+ if (!cc->bb) {
+ MP_DROP(cc->c.a);
+ MP_DROP(cc->c.b);
+ DESTROY(cc);
+ return (0);
+ }
return (&cc->c);
}
/* -*-c-*-
*
- * $Id: ec-exp.h,v 1.4 2004/03/22 02:19:10 mdw Exp $
+ * $Id: ec-exp.h,v 1.5 2004/04/03 03:32:05 mdw Exp $
*
* Exponentiation operations for elliptic curves
*
/*----- Revision history --------------------------------------------------*
*
* $Log: ec-exp.h,v $
+ * Revision 1.5 2004/04/03 03:32:05 mdw
+ * General robustification.
+ *
* Revision 1.4 2004/03/22 02:19:10 mdw
* Rationalise the sliding-window threshold. Drop guarantee that right
* arguments to EC @add@ are canonical, and fix up projective implementations
#define EXP_DROP(x) EC_DESTROY(&(x))
#define EXP_MUL(a, x) EC_ADD(c, &(a), &(a), &(x))
-#define EXP_SQR(a) EC_DBL(c, &(a), &(a));
+#define EXP_SQR(a) EC_DBL(c, &(a), &(a))
#define EXP_FIX(x)
#define EXP_SETMUL(d, x, y) do { \
/* -*-c-*-
*
- * $Id: ec-info.c,v 1.3 2004/04/01 21:28:41 mdw Exp $
+ * $Id: ec-info.c,v 1.4 2004/04/03 03:32:05 mdw Exp $
*
* Elliptic curve information management
*
/*----- Revision history --------------------------------------------------*
*
* $Log: ec-info.c,v $
+ * Revision 1.4 2004/04/03 03:32:05 mdw
+ * General robustification.
+ *
* Revision 1.3 2004/04/01 21:28:41 mdw
* Normal basis support (translates to poly basis internally). Rewrite
* EC and prime group table generators in awk, so that they can reuse data
default:
goto fail;
}
+ if (!c) {
+ qd->e = "bad curve parameters";
+ goto fail;
+ }
if (a) MP_DROP(a);
if (b) MP_DROP(b);
return (c);
abort();
}
+ assert(f); assert(ei->c);
EC_CREATE(&ei->g); ei->g.x = &ed->gx; ei->g.y = &ed->gy; ei->g.z = 0;
ei->r = &ed->r; ei->h = &ed->h;
}
const ecentry *ee;
mp *r = MP_NEW, *h = MP_NEW;
- for (ee = ectab; ee->name; ee++) {
- if (qd_enum(qd, ee->name) >= 0) {
- getinfo(ei, ee->data);
- goto found;
- }
- }
+ for (ee = ectab; ee->name; ee++)
+ if (qd_enum(qd, ee->name) >= 0) { getinfo(ei, ee->data); goto found; }
+
if ((c = ec_curveparse(qd)) == 0) goto fail;
qd_delim(qd, '/'); if (!ec_ptparse(qd, &g)) goto fail;
qd_delim(qd, ':'); if ((r = qd_getmp(qd)) == 0) goto fail;
/* -*-c-*-
*
- * $Id: ec-prime.c,v 1.9 2004/04/01 12:50:09 mdw Exp $
+ * $Id: ec-prime.c,v 1.10 2004/04/03 03:32:05 mdw Exp $
*
* Elliptic curves over prime fields
*
/*----- Revision history --------------------------------------------------*
*
* $Log: ec-prime.c,v $
+ * Revision 1.10 2004/04/03 03:32:05 mdw
+ * General robustification.
+ *
* Revision 1.9 2004/04/01 12:50:09 mdw
* Add cyclic group abstraction, with test code. Separate off exponentation
* functions for better static linking. Fix a buttload of bugs on the way.
* Arguments: @field *f@ = the underlying field for this elliptic curve
* @mp *a, *b@ = the coefficients for this curve
*
- * Returns: A pointer to the curve.
+ * Returns: A pointer to the curve, or null.
*
* Use: Creates a curve structure for an elliptic curve defined over
* a prime field. The @primeproj@ variant uses projective
/* -*-c-*-
*
- * $Id: ec.h,v 1.9 2004/04/01 12:50:09 mdw Exp $
+ * $Id: ec.h,v 1.10 2004/04/03 03:32:05 mdw Exp $
*
* Elliptic curve definitions
*
/*----- Revision history --------------------------------------------------*
*
* $Log: ec.h,v $
+ * Revision 1.10 2004/04/03 03:32:05 mdw
+ * General robustification.
+ *
* Revision 1.9 2004/04/01 12:50:09 mdw
* Add cyclic group abstraction, with test code. Separate off exponentation
* functions for better static linking. Fix a buttload of bugs on the way.
* Arguments: @field *f@ = the underlying field for this elliptic curve
* @mp *a, *b@ = the coefficients for this curve
*
- * Returns: A pointer to the curve.
+ * Returns: A pointer to the curve, or null.
*
* Use: Creates a curve structure for an elliptic curve defined over
* a prime field. The @primeproj@ variant uses projective
* Arguments: @field *f@ = the underlying field for this elliptic curve
* @mp *a, *b@ = the coefficients for this curve
*
- * Returns: A pointer to the curve.
+ * Returns: A pointer to the curve, or null.
*
* Use: Creates a curve structure for an elliptic curve defined over
* a binary field. The @binproj@ variant uses projective
/* -*-c-*-
*
- * $Id: f-prime.c,v 1.10 2004/04/02 01:03:49 mdw Exp $
+ * $Id: f-prime.c,v 1.11 2004/04/03 03:32:05 mdw Exp $
*
* Prime fields with Montgomery arithmetic
*
/*----- Revision history --------------------------------------------------*
*
* $Log: f-prime.c,v $
+ * Revision 1.11 2004/04/03 03:32:05 mdw
+ * General robustification.
+ *
* Revision 1.10 2004/04/02 01:03:49 mdw
* Miscellaneous constification.
*
*
* Arguments: @mp *p@ = the characteristic of the field
*
- * Returns: A pointer to the field.
+ * Returns: A pointer to the field or null.
*
* Use: Creates a field structure for a prime field of size %$p$%,
* using Montgomery reduction for arithmetic.
field *field_prime(mp *p)
{
- fctx *f = CREATE(fctx);
+ fctx *f;
+
+ if (!MP_ISPOS(p) || !MP_ISODD(p))
+ return (0);
+ f = CREATE(fctx);
f->f.ops = &fops;
mpmont_create(&f->mm, p);
f->f.zero = MP_ZERO;
/* -*-c-*-
*
- * $Id: field-parse.c,v 1.2 2004/04/01 21:28:41 mdw Exp $
+ * $Id: field-parse.c,v 1.3 2004/04/03 03:32:05 mdw Exp $
*
* Parse field descriptions
*
/*----- Revision history --------------------------------------------------*
*
* $Log: field-parse.c,v $
+ * Revision 1.3 2004/04/03 03:32:05 mdw
+ * General robustification.
+ *
* Revision 1.2 2004/04/01 21:28:41 mdw
* Normal basis support (translates to poly basis internally). Rewrite
* EC and prime group table generators in awk, so that they can reuse data
f = field_binnorm(m, b);
break;
default:
- f = 0;
- break;
+ goto done;
}
+ if (!f) qd->e = "bad field parameters";
done:
mp_drop(m);
mp_drop(b);
/* -*-c-*-
*
- * $Id: g-ec.c,v 1.1 2004/04/01 12:50:09 mdw Exp $
+ * $Id: g-ec.c,v 1.2 2004/04/03 03:32:05 mdw Exp $
*
* Abstraction for elliptic curve groups
*
/*----- Revision history --------------------------------------------------*
*
* $Log: g-ec.c,v $
+ * Revision 1.2 2004/04/03 03:32:05 mdw
+ * General robustification.
+ *
* Revision 1.1 2004/04/01 12:50:09 mdw
* Add cyclic group abstraction, with test code. Separate off exponentation
* functions for better static linking. Fix a buttload of bugs on the way.
EC_CREATE(&g->id);
g->g.i = &g->id;
EC_CREATE(&g->gen);
+ g->g.g = &g->gen;
EC_IN(g->ei.c, &g->gen, &ei->g);
g->g.r = ei->r;
g->g.h = ei->h;
/* -*-c-*-
*
- * $Id: g-prime.c,v 1.1 2004/04/01 12:50:09 mdw Exp $
+ * $Id: g-prime.c,v 1.2 2004/04/03 03:32:05 mdw Exp $
*
* Abstraction for prime groups
*
/*----- Revision history --------------------------------------------------*
*
* $Log: g-prime.c,v $
+ * Revision 1.2 2004/04/03 03:32:05 mdw
+ * General robustification.
+ *
* Revision 1.1 2004/04/01 12:50:09 mdw
* Add cyclic group abstraction, with test code. Separate off exponentation
* functions for better static linking. Fix a buttload of bugs on the way.
static void gdestroy(group *gg, mp **x) { MP_DROP(*x); DESTROY(x); }
-static int gsamep(group *gg, group *hh)
- { gctx *g = (gctx *)gg, *h = (gctx *)hh; return (g->mm.m == h->mm.m); }
+static int gsamep(group *gg, group *hh) {
+ gctx *g = (gctx *)gg, *h = (gctx *)hh;
+ return (MP_EQ(g->mm.m, h->mm.m));
+}
static int geq(group *gg, mp **x, mp **y) { return (MP_EQ(*x, *y)); }
static int gfrombuf(group *gg, buf *b, mp **d) {
gctx * g = (gctx *)gg; mp *x; if ((x = buf_getmp(b)) == 0) return (-1);
- mp_div(0, &x, x, g->mm.r2); mp_drop(*d);
+ mp_div(0, &x, x, g->mm.m); mp_drop(*d);
*d = mpmont_mul(&g->mm, x, x, g->mm.r2); return(0);
}
*
* Arguments: @const gprime_param *gp@ = group parameters
*
- * Returns: A pointer to the group.
+ * Returns: A pointer to the group, or null.
*
* Use: Constructs an abstract group interface for a subgroup of a
* prime field. Group elements are @mp *@ pointers.
group *group_prime(const gprime_param *gp)
{
- gctx *g = CREATE(gctx);
+ gctx *g;
+ if (!MP_ISPOS(gp->p) || !MP_ISODD(gp->p))
+ return (0);
+ g = CREATE(gctx);
g->g.ops = &gops;
g->g.nbits = mp_bits(gp->p);
g->g.noctets = (g->g.nbits + 7) >> 3;
/* -*-c-*-
*
- * $Id: group-parse.c,v 1.1 2004/04/01 12:50:09 mdw Exp $
+ * $Id: group-parse.c,v 1.2 2004/04/03 03:32:05 mdw Exp $
*
* Parse group description strings
*
/*----- Revision history --------------------------------------------------*
*
* $Log: group-parse.c,v $
+ * Revision 1.2 2004/04/03 03:32:05 mdw
+ * General robustification.
+ *
* Revision 1.1 2004/04/01 12:50:09 mdw
* Add cyclic group abstraction, with test code. Separate off exponentation
* functions for better static linking. Fix a buttload of bugs on the way.
g = group_ec(&ei);
} break;
}
+ if (!g) qd->e = "bad group parameters";
return (g);
}
/* -*-c-*-
*
- * $Id: group.h,v 1.1 2004/04/01 12:50:09 mdw Exp $
+ * $Id: group.h,v 1.2 2004/04/03 03:32:05 mdw Exp $
*
* General cyclic group abstraction
*
/*----- Revision history --------------------------------------------------*
*
* $Log: group.h,v $
+ * Revision 1.2 2004/04/03 03:32:05 mdw
+ * General robustification.
+ *
* Revision 1.1 2004/04/01 12:50:09 mdw
* Add cyclic group abstraction, with test code. Separate off exponentation
* functions for better static linking. Fix a buttload of bugs on the way.
typedef struct ge ge; /* Group element (abstract type) */
#endif
-typedef struct group {
+typedef struct group_ {
const struct group_ops *ops; /* Operations table */
size_t nbits; /* Size of an element in bits */
size_t noctets; /* Size of an element in octets */
*
* Arguments: @const gprime_param *gp@ = group parameters
*
- * Returns: A pointer to the group.
+ * Returns: A pointer to the group, or null.
*
* Use: Constructs an abstract group interface for a subgroup of a
* prime field. Group elements are @mp *@ pointers.
*
* Arguments: @const ec_info *ei@ = elliptic curve parameters
*
- * Returns: A pointer to the group.
+ * Returns: A pointer to the group, or null.
*
* Use: Constructs an abstract group interface for an elliptic curve
* group. Group elements are @ec@ structures. The contents of
/* -*-c-*-
*
- * $Id: mp.h,v 1.17 2003/05/16 09:09:24 mdw Exp $
+ * $Id: mp.h,v 1.18 2004/04/03 03:32:05 mdw Exp $
*
* Simple multiprecision arithmetic
*
/*----- Revision history --------------------------------------------------*
*
* $Log: mp.h,v $
+ * Revision 1.18 2004/04/03 03:32:05 mdw
+ * General robustification.
+ *
* Revision 1.17 2003/05/16 09:09:24 mdw
* Fix @mp_lsl2c@. Turns out to be surprisingly tricky.
*
/* --- Other handy macros --- */
#define MP_ISNEG(x) ((x)->f & MP_NEG)
-#define MP_ISZERO(x) MP_EQ((x), MP_ZERO)
+#define MP_ISZERO(x) (!MP_LEN(x))
#define MP_ISPOS(x) (!MP_ISNEG(x) && !MP_ISZERO(x))
+#define MP_ISODD(x) (!MP_ISZERO(x) && ((x)->v[0] & 1u))
+#define MP_ISEVEN(x) (!MP_ISODD(x))
/*----- Arithmetic operations ---------------------------------------------*/
/* -*-c-*-
*
- * $Id: mparena.c,v 1.5 2000/06/17 11:35:48 mdw Exp $
+ * $Id: mparena.c,v 1.6 2004/04/03 03:32:05 mdw Exp $
*
* Allocation and freeing of MP buffers
*
/*----- Revision history --------------------------------------------------*
*
* $Log: mparena.c,v $
+ * Revision 1.6 2004/04/03 03:32:05 mdw
+ * General robustification.
+ *
* Revision 1.5 2000/06/17 11:35:48 mdw
* Overhaul to use mLib's arena system underneath.
*
mpw *mpalloc(mparena *a, size_t sz)
{
mpw *v;
+ if (!sz) return (0);
+ a->n++;
v = A_ALLOC(a->a, MPWS(sz));
if (!v)
THROW(EXC_NOMEM);
void mpfree(mparena *a, mpw *v)
{
+ if (!v) return;
+ a->n--;
A_FREE(a->a, v);
}
/* -*-c-*-
*
- * $Id: mpmont.c,v 1.17 2004/04/01 12:50:09 mdw Exp $
+ * $Id: mpmont.c,v 1.18 2004/04/03 03:32:05 mdw Exp $
*
* Montgomery reduction
*
/*----- Revision history --------------------------------------------------*
*
* $Log: mpmont.c,v $
+ * Revision 1.18 2004/04/03 03:32:05 mdw
+ * General robustification.
+ *
* Revision 1.17 2004/04/01 12:50:09 mdw
* Add cyclic group abstraction, with test code. Separate off exponentation
* functions for better static linking. Fix a buttload of bugs on the way.
mp *r2 = mp_new(2 * n + 1, 0);
mp r;
- /* --- Validate the arguments --- */
-
- assert(((void)"Montgomery modulus must be positive",
- (m->f & MP_NEG) == 0));
- assert(((void)"Montgomery modulus must be odd", m->v[0] & 1));
-
/* --- Take a copy of the modulus --- */
- mp_shrink(m);
+ assert(MP_ISPOS(m) && MP_ISODD(m));
mm->m = MP_COPY(m);
/* --- Determine %$R^2$% --- */