yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2025-03-24 22:25:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Clarifications in comments; code cosmetics & style

Browse source
This commit is contained in:
Manuel Pégourié-Gonnard 2012-11-10 14:44:24 +01:00 committed by Paul Bakker
parent dada4da33f
commit 4712325777
2 changed files with 67 additions and 65 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
include/polarssl/ecp.h
View file

@ -55,7 +55,15 @@ ecp_point;
* The curves we consider are defined by y^2 = x^3 - 3x + b mod p, * The curves we consider are defined by y^2 = x^3 - 3x + b mod p,
* and a generator for a large subgroup is fixed. * and a generator for a large subgroup is fixed.
* *
* modp may be NULL; pbits will not be used in this case. * If modp is NULL, pbits will not be used, and reduction modulo P is
* done using a generic algorithm.
*
* If modp is not NULL, pbits must be the size of P in bits and modp
* must be a function that takes an mpi in the range 0..2^(2*pbits) and
* transforms it in-place in an integer of little more than pbits, so
* that the integer may be efficiently brought in the 0..P range by a
* few additions or substractions. It must return 0 on success and a
* POLARSSL_ERR_ECP_XXX error on failure.
*/ */
typedef struct typedef struct
{ {
@ -77,7 +85,7 @@ ecp_group;
* *
* \warning This library does not support validation of arbitrary domain * \warning This library does not support validation of arbitrary domain
* parameters. Therefore, only well-known domain parameters from trusted * parameters. Therefore, only well-known domain parameters from trusted
* sources (such as the ones below) should be used. See ecp_use_known_dp(). * sources should be used. See ecp_use_known_dp().
*/ */
#define POLARSSL_ECP_DP_SECP192R1 0 #define POLARSSL_ECP_DP_SECP192R1 0
#define POLARSSL_ECP_DP_SECP224R1 1 #define POLARSSL_ECP_DP_SECP224R1 1
@ -161,7 +169,7 @@ int ecp_group_read_string( ecp_group *grp, int radix,
* \param grp Destination group * \param grp Destination group
* \param index Index in the list of well-known domain parameters * \param index Index in the list of well-known domain parameters
* *
* \return O if successul, * \return O if successful,
* POLARSSL_ERR_MPI_XXX if initialization failed * POLARSSL_ERR_MPI_XXX if initialization failed
* POLARSSL_ERR_ECP_GENERIC if index is out of range * POLARSSL_ERR_ECP_GENERIC if index is out of range
* *

118
library/ecp.c
View file

@ -109,11 +109,11 @@ void ecp_set_zero( ecp_point *pt )
*/ */
int ecp_copy( ecp_point *P, const ecp_point *Q ) int ecp_copy( ecp_point *P, const ecp_point *Q )
{ {
int ret = 0; int ret;
if( Q->is_zero ) { if( Q->is_zero ) {
ecp_set_zero( P ); ecp_set_zero( P );
return( ret ); return( 0 );
} }
P->is_zero = Q->is_zero; P->is_zero = Q->is_zero;
@ -130,7 +130,7 @@ cleanup:
int ecp_point_read_string( ecp_point *P, int radix, int ecp_point_read_string( ecp_point *P, int radix,
const char *x, const char *y ) const char *x, const char *y )
{ {
int ret = 0; int ret;
P->is_zero = 0; P->is_zero = 0;
MPI_CHK( mpi_read_string( &P->X, radix, x ) ); MPI_CHK( mpi_read_string( &P->X, radix, x ) );
@ -147,7 +147,7 @@ int ecp_group_read_string( ecp_group *grp, int radix,
const char *p, const char *b, const char *p, const char *b,
const char *gx, const char *gy, const char *n) const char *gx, const char *gy, const char *n)
{ {
int ret = 0; int ret;
MPI_CHK( mpi_read_string( &grp->P, radix, p ) ); MPI_CHK( mpi_read_string( &grp->P, radix, p ) );
MPI_CHK( mpi_read_string( &grp->B, radix, b ) ); MPI_CHK( mpi_read_string( &grp->B, radix, b ) );
@ -159,15 +159,11 @@ cleanup:
} }
/* /*
* Wrapper around fast quasi-modp functions, with fallback to mpi_mod_mpi * Wrapper around fast quasi-modp functions, with fall-back to mpi_mod_mpi
*
* The quasi-modp functions expect an mpi N such that 0 <= N < 2^(2*pbits)
* and change it in-place so that it can easily be brought in the 0..P-1
* range by a few additions or substractions.
*/ */
static int ecp_modp( mpi *N, const ecp_group *grp ) static int ecp_modp( mpi *N, const ecp_group *grp )
{ {
int ret = 0; int ret;
if( grp->modp == NULL ) if( grp->modp == NULL )
return( mpi_mod_mpi( N, N, &grp->P ) ); return( mpi_mod_mpi( N, N, &grp->P ) );
@ -206,7 +202,7 @@ cleanup:
*/ */
static int ecp_mod_p521( mpi *N ) static int ecp_mod_p521( mpi *N )
{ {
int ret = 0; int ret;
t_uint Mp[P521_SIZE_INT]; t_uint Mp[P521_SIZE_INT];
mpi M; mpi M;
@ -353,13 +349,13 @@ int ecp_use_known_dp( ecp_group *grp, size_t index )
} }
/* /*
* Fast mod-p functions expect an argument in the 0 .. p^2 range. * Fast mod-p functions expect their argument to be in the 0..p^2 range.
* *
* In order to garantee that, we need to ensure that operands of * In order to guarantee that, we need to ensure that operands of
* mpi_mul_mpi are in the 0 .. p range. So, after each operation we will * mpi_mul_mpi are in the 0..p range. So, after each operation we will
* bring the result back to this range. * bring the result back to this range.
* *
* The following macros are helpers for that. * The following macros are shortcuts for doing that.
*/ */
/* /*
@ -412,7 +408,7 @@ static void ecp_ptjac_free( ecp_ptjac *P )
*/ */
static int ecp_ptjac_copy( ecp_ptjac *R, const ecp_ptjac *P ) static int ecp_ptjac_copy( ecp_ptjac *R, const ecp_ptjac *P )
{ {
int ret = 0; int ret;
MPI_CHK( mpi_copy( &R->X, &P->X ) ); MPI_CHK( mpi_copy( &R->X, &P->X ) );
MPI_CHK( mpi_copy( &R->Y, &P->Y ) ); MPI_CHK( mpi_copy( &R->Y, &P->Y ) );
@ -427,7 +423,7 @@ cleanup:
*/ */
static int ecp_ptjac_set_zero( ecp_ptjac *P ) static int ecp_ptjac_set_zero( ecp_ptjac *P )
{ {
int ret = 0; int ret;
MPI_CHK( mpi_lset( &P->X, 1 ) ); MPI_CHK( mpi_lset( &P->X, 1 ) );
MPI_CHK( mpi_lset( &P->Y, 1 ) ); MPI_CHK( mpi_lset( &P->Y, 1 ) );
@ -442,7 +438,7 @@ cleanup:
*/ */
static int ecp_aff_to_jac( ecp_ptjac *jac, const ecp_point *aff ) static int ecp_aff_to_jac( ecp_ptjac *jac, const ecp_point *aff )
{ {
int ret = 0; int ret;
if( aff->is_zero ) if( aff->is_zero )
return( ecp_ptjac_set_zero( jac ) ); return( ecp_ptjac_set_zero( jac ) );
@ -461,7 +457,7 @@ cleanup:
static int ecp_jac_to_aff( const ecp_group *grp, static int ecp_jac_to_aff( const ecp_group *grp,
ecp_point *aff, const ecp_ptjac *jac ) ecp_point *aff, const ecp_ptjac *jac )
{ {
int ret = 0; int ret;
mpi Zi, ZZi, T; mpi Zi, ZZi, T;
if( mpi_cmp_int( &jac->Z, 0 ) == 0 ) { if( mpi_cmp_int( &jac->Z, 0 ) == 0 ) {
@ -499,7 +495,7 @@ cleanup:
static int ecp_double_jac( const ecp_group *grp, ecp_ptjac *R, static int ecp_double_jac( const ecp_group *grp, ecp_ptjac *R,
const ecp_ptjac *P ) const ecp_ptjac *P )
{ {
int ret = 0; int ret;
mpi T1, T2, T3, X, Y, Z; mpi T1, T2, T3, X, Y, Z;
if( mpi_cmp_int( &P->Z, 0 ) == 0 ) if( mpi_cmp_int( &P->Z, 0 ) == 0 )
@ -508,17 +504,16 @@ static int ecp_double_jac( const ecp_group *grp, ecp_ptjac *R,
mpi_init( &T1 ); mpi_init( &T2 ); mpi_init( &T3 ); mpi_init( &T1 ); mpi_init( &T2 ); mpi_init( &T3 );
mpi_init( &X ); mpi_init( &Y ); mpi_init( &Z ); mpi_init( &X ); mpi_init( &Y ); mpi_init( &Z );
MPI_CHK( mpi_mul_mpi( &T1, &P->Z, &P->Z ) ); MOD_MUL( T1 ); MPI_CHK( mpi_mul_mpi( &T1, &P->Z, &P->Z ) ); MOD_MUL( T1 );
MPI_CHK( mpi_sub_mpi( &T2, &P->X, &T1 ) ); MOD_SUB( T2 ); MPI_CHK( mpi_sub_mpi( &T2, &P->X, &T1 ) ); MOD_SUB( T2 );
MPI_CHK( mpi_add_mpi( &T1, &P->X, &T1 ) ); MOD_ADD( T1 ); MPI_CHK( mpi_add_mpi( &T1, &P->X, &T1 ) ); MOD_ADD( T1 );
MPI_CHK( mpi_mul_mpi( &T2, &T2, &T1 ) ); MOD_MUL( T2 ); MPI_CHK( mpi_mul_mpi( &T2, &T2, &T1 ) ); MOD_MUL( T2 );
MPI_CHK( mpi_mul_int( &T2, &T2, 3 ) ); MOD_ADD( T2 ); MPI_CHK( mpi_mul_int( &T2, &T2, 3 ) ); MOD_ADD( T2 );
MPI_CHK( mpi_copy ( &Y, &P->Y ) ); MPI_CHK( mpi_mul_int( &Y, &P->Y, 2 ) ); MOD_ADD( Y );
MPI_CHK( mpi_shift_l( &Y, 1 ) ); MOD_ADD( Y ); MPI_CHK( mpi_mul_mpi( &Z, &Y, &P->Z ) ); MOD_MUL( Z );
MPI_CHK( mpi_mul_mpi( &Z, &Y, &P->Z ) ); MOD_MUL( Z ); MPI_CHK( mpi_mul_mpi( &Y, &Y, &Y ) ); MOD_MUL( Y );
MPI_CHK( mpi_mul_mpi( &Y, &Y, &Y ) ); MOD_MUL( Y ); MPI_CHK( mpi_mul_mpi( &T3, &Y, &P->X ) ); MOD_MUL( T3 );
MPI_CHK( mpi_mul_mpi( &T3, &Y, &P->X ) ); MOD_MUL( T3 ); MPI_CHK( mpi_mul_mpi( &Y, &Y, &Y ) ); MOD_MUL( Y );
MPI_CHK( mpi_mul_mpi( &Y, &Y, &Y ) ); MOD_MUL( Y );
/* /*
* For Y = Y / 2 mod p, we must make sure that Y is even before * For Y = Y / 2 mod p, we must make sure that Y is even before
@ -528,13 +523,12 @@ static int ecp_double_jac( const ecp_group *grp, ecp_ptjac *R,
MPI_CHK( mpi_add_mpi( &Y, &Y, &grp->P ) ); MPI_CHK( mpi_add_mpi( &Y, &Y, &grp->P ) );
MPI_CHK( mpi_shift_r( &Y, 1 ) ); MPI_CHK( mpi_shift_r( &Y, 1 ) );
MPI_CHK( mpi_mul_mpi( &X, &T2, &T2 ) ); MOD_MUL( X ); MPI_CHK( mpi_mul_mpi( &X, &T2, &T2 ) ); MOD_MUL( X );
MPI_CHK( mpi_copy ( &T1, &T3 ) ); MPI_CHK( mpi_mul_int( &T1, &T3, 2 ) ); MOD_ADD( T1 );
MPI_CHK( mpi_shift_l( &T1, 1 ) ); MOD_ADD( T1 ); MPI_CHK( mpi_sub_mpi( &X, &X, &T1 ) ); MOD_SUB( X );
MPI_CHK( mpi_sub_mpi( &X, &X, &T1 ) ); MOD_SUB( X ); MPI_CHK( mpi_sub_mpi( &T1, &T3, &X ) ); MOD_SUB( T1 );
MPI_CHK( mpi_sub_mpi( &T1, &T3, &X ) ); MOD_SUB( T1 ); MPI_CHK( mpi_mul_mpi( &T1, &T1, &T2 ) ); MOD_MUL( T1 );
MPI_CHK( mpi_mul_mpi( &T1, &T1, &T2 ) ); MOD_MUL( T1 ); MPI_CHK( mpi_sub_mpi( &Y, &T1, &Y ) ); MOD_SUB( Y );
MPI_CHK( mpi_sub_mpi( &Y, &T1, &Y ) ); MOD_SUB( Y );
MPI_CHK( mpi_copy( &R->X, &X ) ); MPI_CHK( mpi_copy( &R->X, &X ) );
MPI_CHK( mpi_copy( &R->Y, &Y ) ); MPI_CHK( mpi_copy( &R->Y, &Y ) );
@ -554,7 +548,7 @@ cleanup:
static int ecp_add_mixed( const ecp_group *grp, ecp_ptjac *R, static int ecp_add_mixed( const ecp_group *grp, ecp_ptjac *R,
const ecp_ptjac *P, const ecp_point *Q ) const ecp_ptjac *P, const ecp_point *Q )
{ {
int ret = 0; int ret;
mpi T1, T2, T3, T4, X, Y, Z; mpi T1, T2, T3, T4, X, Y, Z;
/* /*
@ -569,12 +563,12 @@ static int ecp_add_mixed( const ecp_group *grp, ecp_ptjac *R,
mpi_init( &T1 ); mpi_init( &T2 ); mpi_init( &T3 ); mpi_init( &T4 ); mpi_init( &T1 ); mpi_init( &T2 ); mpi_init( &T3 ); mpi_init( &T4 );
mpi_init( &X ); mpi_init( &Y ); mpi_init( &Z ); mpi_init( &X ); mpi_init( &Y ); mpi_init( &Z );
MPI_CHK( mpi_mul_mpi( &T1, &P->Z, &P->Z ) ); MOD_MUL( T1 ); MPI_CHK( mpi_mul_mpi( &T1, &P->Z, &P->Z ) ); MOD_MUL( T1 );
MPI_CHK( mpi_mul_mpi( &T2, &T1, &P->Z ) ); MOD_MUL( T2 ); MPI_CHK( mpi_mul_mpi( &T2, &T1, &P->Z ) ); MOD_MUL( T2 );
MPI_CHK( mpi_mul_mpi( &T1, &T1, &Q->X ) ); MOD_MUL( T1 ); MPI_CHK( mpi_mul_mpi( &T1, &T1, &Q->X ) ); MOD_MUL( T1 );
MPI_CHK( mpi_mul_mpi( &T2, &T2, &Q->Y ) ); MOD_MUL( T2 ); MPI_CHK( mpi_mul_mpi( &T2, &T2, &Q->Y ) ); MOD_MUL( T2 );
MPI_CHK( mpi_sub_mpi( &T1, &T1, &P->X ) ); MOD_SUB( T1 ); MPI_CHK( mpi_sub_mpi( &T1, &T1, &P->X ) ); MOD_SUB( T1 );
MPI_CHK( mpi_sub_mpi( &T2, &T2, &P->Y ) ); MOD_SUB( T2 ); MPI_CHK( mpi_sub_mpi( &T2, &T2, &P->Y ) ); MOD_SUB( T2 );
if( mpi_cmp_int( &T1, 0 ) == 0 ) if( mpi_cmp_int( &T1, 0 ) == 0 )
{ {
@ -590,18 +584,18 @@ static int ecp_add_mixed( const ecp_group *grp, ecp_ptjac *R,
} }
} }
MPI_CHK( mpi_mul_mpi( &Z, &P->Z, &T1 ) ); MOD_MUL( Z ); MPI_CHK( mpi_mul_mpi( &Z, &P->Z, &T1 ) ); MOD_MUL( Z );
MPI_CHK( mpi_mul_mpi( &T3, &T1, &T1 ) ); MOD_MUL( T3 ); MPI_CHK( mpi_mul_mpi( &T3, &T1, &T1 ) ); MOD_MUL( T3 );
MPI_CHK( mpi_mul_mpi( &T4, &T3, &T1 ) ); MOD_MUL( T4 ); MPI_CHK( mpi_mul_mpi( &T4, &T3, &T1 ) ); MOD_MUL( T4 );
MPI_CHK( mpi_mul_mpi( &T3, &T3, &P->X ) ); MOD_MUL( T3 ); MPI_CHK( mpi_mul_mpi( &T3, &T3, &P->X ) ); MOD_MUL( T3 );
MPI_CHK( mpi_mul_int( &T1, &T3, 2 ) ); MOD_ADD( T1 ); MPI_CHK( mpi_mul_int( &T1, &T3, 2 ) ); MOD_ADD( T1 );
MPI_CHK( mpi_mul_mpi( &X, &T2, &T2 ) ); MOD_MUL( X ); MPI_CHK( mpi_mul_mpi( &X, &T2, &T2 ) ); MOD_MUL( X );
MPI_CHK( mpi_sub_mpi( &X, &X, &T1 ) ); MOD_SUB( X ); MPI_CHK( mpi_sub_mpi( &X, &X, &T1 ) ); MOD_SUB( X );
MPI_CHK( mpi_sub_mpi( &X, &X, &T4 ) ); MOD_SUB( X ); MPI_CHK( mpi_sub_mpi( &X, &X, &T4 ) ); MOD_SUB( X );
MPI_CHK( mpi_sub_mpi( &T3, &T3, &X ) ); MOD_SUB( T3 ); MPI_CHK( mpi_sub_mpi( &T3, &T3, &X ) ); MOD_SUB( T3 );
MPI_CHK( mpi_mul_mpi( &T3, &T3, &T2 ) ); MOD_MUL( T3 ); MPI_CHK( mpi_mul_mpi( &T3, &T3, &T2 ) ); MOD_MUL( T3 );
MPI_CHK( mpi_mul_mpi( &T4, &T4, &P->Y ) ); MOD_MUL( T4 ); MPI_CHK( mpi_mul_mpi( &T4, &T4, &P->Y ) ); MOD_MUL( T4 );
MPI_CHK( mpi_sub_mpi( &Y, &T3, &T4 ) ); MOD_SUB( Y ); MPI_CHK( mpi_sub_mpi( &Y, &T3, &T4 ) ); MOD_SUB( Y );
MPI_CHK( mpi_copy( &R->X, &X ) ); MPI_CHK( mpi_copy( &R->X, &X ) );
MPI_CHK( mpi_copy( &R->Y, &Y ) ); MPI_CHK( mpi_copy( &R->Y, &Y ) );
@ -621,7 +615,7 @@ cleanup:
int ecp_add( const ecp_group *grp, ecp_point *R, int ecp_add( const ecp_group *grp, ecp_point *R,
const ecp_point *P, const ecp_point *Q ) const ecp_point *P, const ecp_point *Q )
{ {
int ret = 0; int ret;
ecp_ptjac J; ecp_ptjac J;
ecp_ptjac_init( &J ); ecp_ptjac_init( &J );
@ -643,20 +637,20 @@ cleanup:
int ecp_mul( const ecp_group *grp, ecp_point *R, int ecp_mul( const ecp_group *grp, ecp_point *R,
const mpi *m, const ecp_point *P ) const mpi *m, const ecp_point *P )
{ {
int ret = 0; int ret;
size_t pos; size_t pos;
ecp_ptjac Q[2]; ecp_ptjac Q[2];
ecp_ptjac_init( &Q[0] ); ecp_ptjac_init( &Q[1] );
/* /*
* The general method works only for m >= 1 * The general method works only for m >= 1
*/ */
if( mpi_cmp_int( m, 0 ) == 0 ) { if( mpi_cmp_int( m, 0 ) == 0 ) {
ecp_set_zero( R ); ecp_set_zero( R );
goto cleanup; return( 0 );
} }
ecp_ptjac_init( &Q[0] ); ecp_ptjac_init( &Q[1] );
ecp_ptjac_set_zero( &Q[0] ); ecp_ptjac_set_zero( &Q[0] );
for( pos = mpi_msb( m ) - 1 ; ; pos-- ) for( pos = mpi_msb( m ) - 1 ; ; pos-- )