From 02d7884df1f33c9c7dc3a14c4b1a5f520ebe090a Mon Sep 17 00:00:00 2001 From: mdw Date: Sat, 3 Apr 2004 03:32:05 +0000 Subject: [PATCH] General robustification. --- ec-bin.c | 19 +++++++++++++------ ec-exp.h | 7 +++++-- ec-info.c | 19 ++++++++++++------- ec-prime.c | 7 +++++-- ec.h | 9 ++++++--- f-prime.c | 13 ++++++++++--- field-parse.c | 9 ++++++--- g-ec.c | 6 +++++- g-prime.c | 20 ++++++++++++++------ group-parse.c | 6 +++++- group.h | 11 +++++++---- mp.h | 9 +++++++-- mparena.c | 9 ++++++++- mpmont.c | 13 +++++-------- 14 files changed, 108 insertions(+), 49 deletions(-) diff --git a/ec-bin.c b/ec-bin.c index db1bebf..209e43a 100644 --- a/ec-bin.c +++ b/ec-bin.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: ec-bin.c,v 1.7 2004/04/01 21:28:41 mdw Exp $ + * $Id: ec-bin.c,v 1.8 2004/04/03 03:32:05 mdw Exp $ * * Arithmetic for elliptic curves over binary fields * @@ -30,6 +30,9 @@ /*----- Revision history --------------------------------------------------* * * $Log: ec-bin.c,v $ + * Revision 1.8 2004/04/03 03:32:05 mdw + * General robustification. + * * Revision 1.7 2004/04/01 21:28:41 mdw * Normal basis support (translates to poly basis internally). Rewrite * EC and prime group table generators in awk, so that they can reuse data @@ -191,9 +194,6 @@ static ec *ecprojdbl(ec_curve *c, ec *d, const ec *a) d->z = dz; MP_DROP(u); MP_DROP(v); - assert(!(d->x->f & MP_DESTROYED)); - assert(!(d->y->f & MP_DESTROYED)); - assert(!(d->z->f & MP_DESTROYED)); } return (d); } @@ -375,7 +375,7 @@ static void ecdestroy(ec_curve *c) * Arguments: @field *f@ = the underlying field for this elliptic curve * @mp *a, *b@ = the coefficients for this curve * - * Returns: A pointer to the curve. + * Returns: A pointer to the curve, or null. * * Use: Creates a curve structure for an elliptic curve defined over * a binary field. The @binproj@ variant uses projective @@ -401,7 +401,14 @@ ec_curve *ec_binproj(field *f, mp *a, mp *b) cc->c.a = F_IN(f, MP_NEW, a); cc->c.b = F_IN(f, MP_NEW, b); cc->bb = F_SQRT(f, MP_NEW, cc->c.b); - cc->bb = F_SQRT(f, cc->bb, cc->bb); + if (cc->bb) + cc->bb = F_SQRT(f, cc->bb, cc->bb); + if (!cc->bb) { + MP_DROP(cc->c.a); + MP_DROP(cc->c.b); + DESTROY(cc); + return (0); + } return (&cc->c); } diff --git a/ec-exp.h b/ec-exp.h index fb3ed6e..93a576f 100644 --- a/ec-exp.h +++ b/ec-exp.h @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: ec-exp.h,v 1.4 2004/03/22 02:19:10 mdw Exp $ + * $Id: ec-exp.h,v 1.5 2004/04/03 03:32:05 mdw Exp $ * * Exponentiation operations for elliptic curves * @@ -30,6 +30,9 @@ /*----- Revision history --------------------------------------------------* * * $Log: ec-exp.h,v $ + * Revision 1.5 2004/04/03 03:32:05 mdw + * General robustification. + * * Revision 1.4 2004/03/22 02:19:10 mdw * Rationalise the sliding-window threshold. Drop guarantee that right * arguments to EC @add@ are canonical, and fix up projective implementations @@ -68,7 +71,7 @@ #define EXP_DROP(x) EC_DESTROY(&(x)) #define EXP_MUL(a, x) EC_ADD(c, &(a), &(a), &(x)) -#define EXP_SQR(a) EC_DBL(c, &(a), &(a)); +#define EXP_SQR(a) EC_DBL(c, &(a), &(a)) #define EXP_FIX(x) #define EXP_SETMUL(d, x, y) do { \ diff --git a/ec-info.c b/ec-info.c index bcc0ab8..0805c26 100644 --- a/ec-info.c +++ b/ec-info.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: ec-info.c,v 1.3 2004/04/01 21:28:41 mdw Exp $ + * $Id: ec-info.c,v 1.4 2004/04/03 03:32:05 mdw Exp $ * * Elliptic curve information management * @@ -30,6 +30,9 @@ /*----- Revision history --------------------------------------------------* * * $Log: ec-info.c,v $ + * Revision 1.4 2004/04/03 03:32:05 mdw + * General robustification. + * * Revision 1.3 2004/04/01 21:28:41 mdw * Normal basis support (translates to poly basis internally). Rewrite * EC and prime group table generators in awk, so that they can reuse data @@ -131,6 +134,10 @@ ec_curve *ec_curveparse(qd_parse *qd) default: goto fail; } + if (!c) { + qd->e = "bad curve parameters"; + goto fail; + } if (a) MP_DROP(a); if (b) MP_DROP(b); return (c); @@ -215,6 +222,7 @@ static void getinfo(ec_info *ei, ecdata *ed) abort(); } + assert(f); assert(ei->c); EC_CREATE(&ei->g); ei->g.x = &ed->gx; ei->g.y = &ed->gy; ei->g.z = 0; ei->r = &ed->r; ei->h = &ed->h; } @@ -248,12 +256,9 @@ int ec_infoparse(qd_parse *qd, ec_info *ei) const ecentry *ee; mp *r = MP_NEW, *h = MP_NEW; - for (ee = ectab; ee->name; ee++) { - if (qd_enum(qd, ee->name) >= 0) { - getinfo(ei, ee->data); - goto found; - } - } + for (ee = ectab; ee->name; ee++) + if (qd_enum(qd, ee->name) >= 0) { getinfo(ei, ee->data); goto found; } + if ((c = ec_curveparse(qd)) == 0) goto fail; qd_delim(qd, '/'); if (!ec_ptparse(qd, &g)) goto fail; qd_delim(qd, ':'); if ((r = qd_getmp(qd)) == 0) goto fail; diff --git a/ec-prime.c b/ec-prime.c index b2652b2..41ba9c4 100644 --- a/ec-prime.c +++ b/ec-prime.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: ec-prime.c,v 1.9 2004/04/01 12:50:09 mdw Exp $ + * $Id: ec-prime.c,v 1.10 2004/04/03 03:32:05 mdw Exp $ * * Elliptic curves over prime fields * @@ -30,6 +30,9 @@ /*----- Revision history --------------------------------------------------* * * $Log: ec-prime.c,v $ + * Revision 1.10 2004/04/03 03:32:05 mdw + * General robustification. + * * Revision 1.9 2004/04/01 12:50:09 mdw * Add cyclic group abstraction, with test code. Separate off exponentation * functions for better static linking. Fix a buttload of bugs on the way. @@ -395,7 +398,7 @@ static void ecdestroy(ec_curve *c) * Arguments: @field *f@ = the underlying field for this elliptic curve * @mp *a, *b@ = the coefficients for this curve * - * Returns: A pointer to the curve. + * Returns: A pointer to the curve, or null. * * Use: Creates a curve structure for an elliptic curve defined over * a prime field. The @primeproj@ variant uses projective diff --git a/ec.h b/ec.h index f556193..24bd6b2 100644 --- a/ec.h +++ b/ec.h @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: ec.h,v 1.9 2004/04/01 12:50:09 mdw Exp $ + * $Id: ec.h,v 1.10 2004/04/03 03:32:05 mdw Exp $ * * Elliptic curve definitions * @@ -30,6 +30,9 @@ /*----- Revision history --------------------------------------------------* * * $Log: ec.h,v $ + * Revision 1.10 2004/04/03 03:32:05 mdw + * General robustification. + * * Revision 1.9 2004/04/01 12:50:09 mdw * Add cyclic group abstraction, with test code. Separate off exponentation * functions for better static linking. Fix a buttload of bugs on the way. @@ -510,7 +513,7 @@ extern void ec_destroycurve(ec_curve */*c*/); * Arguments: @field *f@ = the underlying field for this elliptic curve * @mp *a, *b@ = the coefficients for this curve * - * Returns: A pointer to the curve. + * Returns: A pointer to the curve, or null. * * Use: Creates a curve structure for an elliptic curve defined over * a prime field. The @primeproj@ variant uses projective @@ -525,7 +528,7 @@ extern ec_curve *ec_primeproj(field */*f*/, mp */*a*/, mp */*b*/); * Arguments: @field *f@ = the underlying field for this elliptic curve * @mp *a, *b@ = the coefficients for this curve * - * Returns: A pointer to the curve. + * Returns: A pointer to the curve, or null. * * Use: Creates a curve structure for an elliptic curve defined over * a binary field. The @binproj@ variant uses projective diff --git a/f-prime.c b/f-prime.c index 66db76a..43d6da3 100644 --- a/f-prime.c +++ b/f-prime.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: f-prime.c,v 1.10 2004/04/02 01:03:49 mdw Exp $ + * $Id: f-prime.c,v 1.11 2004/04/03 03:32:05 mdw Exp $ * * Prime fields with Montgomery arithmetic * @@ -30,6 +30,9 @@ /*----- Revision history --------------------------------------------------* * * $Log: f-prime.c,v $ + * Revision 1.11 2004/04/03 03:32:05 mdw + * General robustification. + * * Revision 1.10 2004/04/02 01:03:49 mdw * Miscellaneous constification. * @@ -191,7 +194,7 @@ static const field_ops fops = { * * Arguments: @mp *p@ = the characteristic of the field * - * Returns: A pointer to the field. + * Returns: A pointer to the field or null. * * Use: Creates a field structure for a prime field of size %$p$%, * using Montgomery reduction for arithmetic. @@ -199,7 +202,11 @@ static const field_ops fops = { field *field_prime(mp *p) { - fctx *f = CREATE(fctx); + fctx *f; + + if (!MP_ISPOS(p) || !MP_ISODD(p)) + return (0); + f = CREATE(fctx); f->f.ops = &fops; mpmont_create(&f->mm, p); f->f.zero = MP_ZERO; diff --git a/field-parse.c b/field-parse.c index e815a9f..7e83fc0 100644 --- a/field-parse.c +++ b/field-parse.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: field-parse.c,v 1.2 2004/04/01 21:28:41 mdw Exp $ + * $Id: field-parse.c,v 1.3 2004/04/03 03:32:05 mdw Exp $ * * Parse field descriptions * @@ -30,6 +30,9 @@ /*----- Revision history --------------------------------------------------* * * $Log: field-parse.c,v $ + * Revision 1.3 2004/04/03 03:32:05 mdw + * General robustification. + * * Revision 1.2 2004/04/01 21:28:41 mdw * Normal basis support (translates to poly basis internally). Rewrite * EC and prime group table generators in awk, so that they can reuse data @@ -88,9 +91,9 @@ field *field_parse(qd_parse *qd) f = field_binnorm(m, b); break; default: - f = 0; - break; + goto done; } + if (!f) qd->e = "bad field parameters"; done: mp_drop(m); mp_drop(b); diff --git a/g-ec.c b/g-ec.c index 1f214f7..91583bb 100644 --- a/g-ec.c +++ b/g-ec.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: g-ec.c,v 1.1 2004/04/01 12:50:09 mdw Exp $ + * $Id: g-ec.c,v 1.2 2004/04/03 03:32:05 mdw Exp $ * * Abstraction for elliptic curve groups * @@ -30,6 +30,9 @@ /*----- Revision history --------------------------------------------------* * * $Log: g-ec.c,v $ + * Revision 1.2 2004/04/03 03:32:05 mdw + * General robustification. + * * Revision 1.1 2004/04/01 12:50:09 mdw * Add cyclic group abstraction, with test code. Separate off exponentation * functions for better static linking. Fix a buttload of bugs on the way. @@ -213,6 +216,7 @@ group *group_ec(const ec_info *ei) EC_CREATE(&g->id); g->g.i = &g->id; EC_CREATE(&g->gen); + g->g.g = &g->gen; EC_IN(g->ei.c, &g->gen, &ei->g); g->g.r = ei->r; g->g.h = ei->h; diff --git a/g-prime.c b/g-prime.c index 03843be..03cce55 100644 --- a/g-prime.c +++ b/g-prime.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: g-prime.c,v 1.1 2004/04/01 12:50:09 mdw Exp $ + * $Id: g-prime.c,v 1.2 2004/04/03 03:32:05 mdw Exp $ * * Abstraction for prime groups * @@ -30,6 +30,9 @@ /*----- Revision history --------------------------------------------------* * * $Log: g-prime.c,v $ + * Revision 1.2 2004/04/03 03:32:05 mdw + * General robustification. + * * Revision 1.1 2004/04/01 12:50:09 mdw * Add cyclic group abstraction, with test code. Separate off exponentation * functions for better static linking. Fix a buttload of bugs on the way. @@ -78,8 +81,10 @@ static void gburn(group *gg, mp **x) { (*x)->f |= MP_BURN; } static void gdestroy(group *gg, mp **x) { MP_DROP(*x); DESTROY(x); } -static int gsamep(group *gg, group *hh) - { gctx *g = (gctx *)gg, *h = (gctx *)hh; return (g->mm.m == h->mm.m); } +static int gsamep(group *gg, group *hh) { + gctx *g = (gctx *)gg, *h = (gctx *)hh; + return (MP_EQ(g->mm.m, h->mm.m)); +} static int geq(group *gg, mp **x, mp **y) { return (MP_EQ(*x, *y)); } @@ -140,7 +145,7 @@ static int gtobuf(group *gg, buf *b, mp **x) { static int gfrombuf(group *gg, buf *b, mp **d) { gctx * g = (gctx *)gg; mp *x; if ((x = buf_getmp(b)) == 0) return (-1); - mp_div(0, &x, x, g->mm.r2); mp_drop(*d); + mp_div(0, &x, x, g->mm.m); mp_drop(*d); *d = mpmont_mul(&g->mm, x, x, g->mm.r2); return(0); } @@ -148,7 +153,7 @@ static int gfrombuf(group *gg, buf *b, mp **d) { * * Arguments: @const gprime_param *gp@ = group parameters * - * Returns: A pointer to the group. + * Returns: A pointer to the group, or null. * * Use: Constructs an abstract group interface for a subgroup of a * prime field. Group elements are @mp *@ pointers. @@ -166,8 +171,11 @@ static const group_ops gops = { group *group_prime(const gprime_param *gp) { - gctx *g = CREATE(gctx); + gctx *g; + if (!MP_ISPOS(gp->p) || !MP_ISODD(gp->p)) + return (0); + g = CREATE(gctx); g->g.ops = &gops; g->g.nbits = mp_bits(gp->p); g->g.noctets = (g->g.nbits + 7) >> 3; diff --git a/group-parse.c b/group-parse.c index 47998c6..276e2d2 100644 --- a/group-parse.c +++ b/group-parse.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: group-parse.c,v 1.1 2004/04/01 12:50:09 mdw Exp $ + * $Id: group-parse.c,v 1.2 2004/04/03 03:32:05 mdw Exp $ * * Parse group description strings * @@ -29,6 +29,9 @@ /*----- Revision history --------------------------------------------------* * * $Log: group-parse.c,v $ + * Revision 1.2 2004/04/03 03:32:05 mdw + * General robustification. + * * Revision 1.1 2004/04/01 12:50:09 mdw * Add cyclic group abstraction, with test code. Separate off exponentation * functions for better static linking. Fix a buttload of bugs on the way. @@ -78,6 +81,7 @@ group *group_parse(qd_parse *qd) g = group_ec(&ei); } break; } + if (!g) qd->e = "bad group parameters"; return (g); } diff --git a/group.h b/group.h index 383bc82..d099a8f 100644 --- a/group.h +++ b/group.h @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: group.h,v 1.1 2004/04/01 12:50:09 mdw Exp $ + * $Id: group.h,v 1.2 2004/04/03 03:32:05 mdw Exp $ * * General cyclic group abstraction * @@ -30,6 +30,9 @@ /*----- Revision history --------------------------------------------------* * * $Log: group.h,v $ + * Revision 1.2 2004/04/03 03:32:05 mdw + * General robustification. + * * Revision 1.1 2004/04/01 12:50:09 mdw * Add cyclic group abstraction, with test code. Separate off exponentation * functions for better static linking. Fix a buttload of bugs on the way. @@ -76,7 +79,7 @@ typedef struct ge ge; /* Group element (abstract type) */ #endif -typedef struct group { +typedef struct group_ { const struct group_ops *ops; /* Operations table */ size_t nbits; /* Size of an element in bits */ size_t noctets; /* Size of an element in octets */ @@ -334,7 +337,7 @@ typedef struct gprime_param { * * Arguments: @const gprime_param *gp@ = group parameters * - * Returns: A pointer to the group. + * Returns: A pointer to the group, or null. * * Use: Constructs an abstract group interface for a subgroup of a * prime field. Group elements are @mp *@ pointers. @@ -348,7 +351,7 @@ group *group_prime(const gprime_param */*gp*/); * * Arguments: @const ec_info *ei@ = elliptic curve parameters * - * Returns: A pointer to the group. + * Returns: A pointer to the group, or null. * * Use: Constructs an abstract group interface for an elliptic curve * group. Group elements are @ec@ structures. The contents of diff --git a/mp.h b/mp.h index c38bb3c..bfed14a 100644 --- a/mp.h +++ b/mp.h @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: mp.h,v 1.17 2003/05/16 09:09:24 mdw Exp $ + * $Id: mp.h,v 1.18 2004/04/03 03:32:05 mdw Exp $ * * Simple multiprecision arithmetic * @@ -30,6 +30,9 @@ /*----- Revision history --------------------------------------------------* * * $Log: mp.h,v $ + * Revision 1.18 2004/04/03 03:32:05 mdw + * General robustification. + * * Revision 1.17 2003/05/16 09:09:24 mdw * Fix @mp_lsl2c@. Turns out to be surprisingly tricky. * @@ -854,8 +857,10 @@ extern int mp_cmp(const mp */*a*/, const mp */*b*/); /* --- Other handy macros --- */ #define MP_ISNEG(x) ((x)->f & MP_NEG) -#define MP_ISZERO(x) MP_EQ((x), MP_ZERO) +#define MP_ISZERO(x) (!MP_LEN(x)) #define MP_ISPOS(x) (!MP_ISNEG(x) && !MP_ISZERO(x)) +#define MP_ISODD(x) (!MP_ISZERO(x) && ((x)->v[0] & 1u)) +#define MP_ISEVEN(x) (!MP_ISODD(x)) /*----- Arithmetic operations ---------------------------------------------*/ diff --git a/mparena.c b/mparena.c index 95f88d5..b9b1f84 100644 --- a/mparena.c +++ b/mparena.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: mparena.c,v 1.5 2000/06/17 11:35:48 mdw Exp $ + * $Id: mparena.c,v 1.6 2004/04/03 03:32:05 mdw Exp $ * * Allocation and freeing of MP buffers * @@ -30,6 +30,9 @@ /*----- Revision history --------------------------------------------------* * * $Log: mparena.c,v $ + * Revision 1.6 2004/04/03 03:32:05 mdw + * General robustification. + * * Revision 1.5 2000/06/17 11:35:48 mdw * Overhaul to use mLib's arena system underneath. * @@ -214,6 +217,8 @@ unsigned mparena_count(mparena *a) mpw *mpalloc(mparena *a, size_t sz) { mpw *v; + if (!sz) return (0); + a->n++; v = A_ALLOC(a->a, MPWS(sz)); if (!v) THROW(EXC_NOMEM); @@ -314,6 +319,8 @@ again: void mpfree(mparena *a, mpw *v) { + if (!v) return; + a->n--; A_FREE(a->a, v); } diff --git a/mpmont.c b/mpmont.c index 926fde8..bfede63 100644 --- a/mpmont.c +++ b/mpmont.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: mpmont.c,v 1.17 2004/04/01 12:50:09 mdw Exp $ + * $Id: mpmont.c,v 1.18 2004/04/03 03:32:05 mdw Exp $ * * Montgomery reduction * @@ -30,6 +30,9 @@ /*----- Revision history --------------------------------------------------* * * $Log: mpmont.c,v $ + * Revision 1.18 2004/04/03 03:32:05 mdw + * General robustification. + * * Revision 1.17 2004/04/01 12:50:09 mdw * Add cyclic group abstraction, with test code. Separate off exponentation * functions for better static linking. Fix a buttload of bugs on the way. @@ -144,15 +147,9 @@ void mpmont_create(mpmont *mm, mp *m) mp *r2 = mp_new(2 * n + 1, 0); mp r; - /* --- Validate the arguments --- */ - - assert(((void)"Montgomery modulus must be positive", - (m->f & MP_NEG) == 0)); - assert(((void)"Montgomery modulus must be odd", m->v[0] & 1)); - /* --- Take a copy of the modulus --- */ - mp_shrink(m); + assert(MP_ISPOS(m) && MP_ISODD(m)); mm->m = MP_COPY(m); /* --- Determine %$R^2$% --- */ -- 2.11.0