From c5ec3860a0c95a74ee98210e0ac174924866dab1 Mon Sep 17 00:00:00 2001 From: Billy Brumley Date: Mon, 9 Aug 2021 22:57:47 +0300 Subject: [PATCH] push VKO cofactor clearing into ECCKiila --- ecp_id_tc26_gost_3410_2012_256_paramSetA.c | 6 ++++++ ecp_id_tc26_gost_3410_2012_512_paramSetC.c | 6 ++++++ gost_ec_keyx.c | 8 +++++++- 3 files changed, 19 insertions(+), 1 deletion(-) diff --git a/ecp_id_tc26_gost_3410_2012_256_paramSetA.c b/ecp_id_tc26_gost_3410_2012_256_paramSetA.c index 9282fb7..f6bb491 100644 --- a/ecp_id_tc26_gost_3410_2012_256_paramSetA.c +++ b/ecp_id_tc26_gost_3410_2012_256_paramSetA.c @@ -3674,6 +3674,9 @@ static void var_smul_rwnaf(pt_aff_t *out, const unsigned char scalar[32], fiat_id_tc26_gost_3410_2012_256_paramSetA_selectznz(Q.Z, scalar[0] & 1, lut.Z, Q.Z); + point_double(&Q, &Q); + point_double(&Q, &Q); + /* move from Edwards projective to legacy projective */ point_edwards2legacy(&Q, &Q); /* convert to affine -- NB depends on coordinate system */ @@ -8881,6 +8884,9 @@ static void var_smul_rwnaf(pt_aff_t *out, const unsigned char scalar[32], fiat_id_tc26_gost_3410_2012_256_paramSetA_selectznz(Q.Z, scalar[0] & 1, lut.Z, Q.Z); + point_double(&Q, &Q); + point_double(&Q, &Q); + /* move from Edwards projective to legacy projective */ point_edwards2legacy(&Q, &Q); /* convert to affine -- NB depends on coordinate system */ diff --git a/ecp_id_tc26_gost_3410_2012_512_paramSetC.c b/ecp_id_tc26_gost_3410_2012_512_paramSetC.c index c239f9f..602c619 100644 --- a/ecp_id_tc26_gost_3410_2012_512_paramSetC.c +++ b/ecp_id_tc26_gost_3410_2012_512_paramSetC.c @@ -4520,6 +4520,9 @@ static void var_smul_rwnaf(pt_aff_t *out, const unsigned char scalar[64], fiat_id_tc26_gost_3410_2012_512_paramSetC_selectznz(Q.Z, scalar[0] & 1, lut.Z, Q.Z); + point_double(&Q, &Q); + point_double(&Q, &Q); + /* move from Edwards projective to legacy projective */ point_edwards2legacy(&Q, &Q); /* convert to affine -- NB depends on coordinate system */ @@ -12447,6 +12450,9 @@ static void var_smul_rwnaf(pt_aff_t *out, const unsigned char scalar[64], fiat_id_tc26_gost_3410_2012_512_paramSetC_selectznz(Q.Z, scalar[0] & 1, lut.Z, Q.Z); + point_double(&Q, &Q); + point_double(&Q, &Q); + /* move from Edwards projective to legacy projective */ point_edwards2legacy(&Q, &Q); /* convert to affine -- NB depends on coordinate system */ diff --git a/gost_ec_keyx.c b/gost_ec_keyx.c index 40cad2b..06835d3 100644 --- a/gost_ec_keyx.c +++ b/gost_ec_keyx.c @@ -62,7 +62,12 @@ int VKO_compute_key(unsigned char *shared_key, EC_GROUP_get0_order(grp), ctx)) goto err; - /* these two curves have cofactor 4; the rest have cofactor 1 */ +#if 0 + /*- + * These two curves have cofactor 4; the rest have cofactor 1. + * But currently gost_ec_point_mul takes care of the cofactor clearing, + * hence this code is not needed. + */ switch (EC_GROUP_get_curve_name(grp)) { case NID_id_tc26_gost_3410_2012_256_paramSetA: case NID_id_tc26_gost_3410_2012_512_paramSetC: @@ -70,6 +75,7 @@ int VKO_compute_key(unsigned char *shared_key, goto err; break; } +#endif if (!gost_ec_point_mul(grp, pnt, NULL, pub_key, scalar, ctx)) { GOSTerr(GOST_F_VKO_COMPUTE_KEY, GOST_R_ERROR_POINT_MUL); -- 2.39.5