From 6f5444350447e0da2f109acf97e9770683fabc10 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Niels=20M=C3=B6ller?= Date: Thu, 28 Aug 2014 13:28:01 +0200 Subject: [PATCH] Deleted ECC_ECDSA_VERIFY_ITCH macro. Tweak the corresponding function, and use it. --- ChangeLog | 7 +++++++ ecc-ecdsa-verify.c | 9 ++++----- ecc-internal.h | 2 -- ecdsa-verify.c | 2 +- 4 files changed, 12 insertions(+), 8 deletions(-) diff --git a/ChangeLog b/ChangeLog index 6df6294d..6d7237f9 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,12 @@ 2014-08-28 Niels Möller + * ecc-internal.h (ECC_ECDSA_VERIFY_ITCH): Deleted macro. Needed + scratch depends on curve type, not just size. + * ecdsa-verify.c (ecdsa_verify): Use the ecc_ecdsa_verify_itch + function, not the corresponding macro. + * ecc-ecdsa-verify.c (ecc_ecdsa_verify_itch): Take ecc->mul_itch + into account. Also reduce to 5*ecc->size + ecc->mul_itch. + * testsuite/ecdsa-sign-test.c (test_main): Added test for the obscure case of ecdsa using curve25519. diff --git a/ecc-ecdsa-verify.c b/ecc-ecdsa-verify.c index 797e73cd..cc7e0aef 100644 --- a/ecc-ecdsa-verify.c +++ b/ecc-ecdsa-verify.c @@ -62,9 +62,8 @@ ecdsa_in_range (const struct ecc_curve *ecc, const mp_limb_t *xp) mp_size_t ecc_ecdsa_verify_itch (const struct ecc_curve *ecc) { - /* Largest storage need is for the ecc_mul_a call, 6 * ecc->size + - ECC_MUL_A_ITCH (size) */ - return ECC_ECDSA_VERIFY_ITCH (ecc->size); + /* Largest storage need is for the ecc->mul call. */ + return 5*ecc->size + ecc->mul_itch; } /* FIXME: Use faster primitives, not requiring side-channel silence. */ @@ -113,7 +112,7 @@ ecc_ecdsa_verify (const struct ecc_curve *ecc, /* u2 = r / s, P2 = u2 * Y */ ecc_modq_mul (ecc, u2, rp, sinv); - /* Total storage: 5*ecc->size + ECC_MUL_A_ITCH (ecc->size) */ + /* Total storage: 5*ecc->size + ecc->mul_itch */ ecc_mul_a (ecc, P2, u2, pp, u2 + ecc->size); /* u1 = h / s, P1 = u1 * G */ @@ -124,7 +123,7 @@ ecc_ecdsa_verify (const struct ecc_curve *ecc, unlikely. */ if (!zero_p (u1, ecc->size)) { - /* Total storage: 6*ecc->size + ECC_MUL_G_ITCH (ecc->size) */ + /* Total storage: 6*ecc->size + ecc->mul_g_itch (ecc->size) */ ecc_mul_g (ecc, P1, u1, u1 + ecc->size); /* NOTE: ecc_add_jjj and/or ecc_j_to_a will produce garbage in diff --git a/ecc-internal.h b/ecc-internal.h index 1fa334aa..1e0bb7ec 100644 --- a/ecc-internal.h +++ b/ecc-internal.h @@ -285,8 +285,6 @@ ecc_25519_sqrt(mp_limb_t *rp, const mp_limb_t *ap); (((3 << ECC_MUL_A_EH_WBITS) + 10) * (size)) #endif #define ECC_ECDSA_SIGN_ITCH(size) (12*(size)) -#define ECC_ECDSA_VERIFY_ITCH(size) \ - (6*(size) + ECC_MUL_A_ITCH ((size))) #define ECC_MODQ_RANDOM_ITCH(size) (size) #define ECC_HASH_ITCH(size) (1+(size)) diff --git a/ecdsa-verify.c b/ecdsa-verify.c index 62d5e59e..425be5c0 100644 --- a/ecdsa-verify.c +++ b/ecdsa-verify.c @@ -47,7 +47,7 @@ ecdsa_verify (const struct ecc_point *pub, const struct dsa_signature *signature) { mp_limb_t size = pub->ecc->size; - mp_size_t itch = 2*size + ECC_ECDSA_VERIFY_ITCH (size); + mp_size_t itch = 2*size + ecc_ecdsa_verify_itch (pub->ecc); /* For ECC_MUL_A_WBITS == 0, at most 1512 bytes. With ECC_MUL_A_WBITS == 4, currently needs 67 * ecc->size, at most 4824 bytes. Don't use stack allocation for this. */ -- 2.47.3