Merge branch 'curve448' into master

diff --cc ChangeLog
index 05bac6a75eb3bc9a0bf62bc6ff3b5dbfdb1a4d3b,0c6725ab34135fb4426e150f3da29278024bca06..eb66f3aad2e353a7693948ef3fa6545951b8c5cb
--- 1/ChangeLog
--- 2/ChangeLog
+++ b/ChangeLog
@@@ -1,25 -1,84 +1,110 @@@
++2019-12-13  Niels Möller  <nisse@lysator.liu.se>
++
++      * Merge curve448 implementation.
++
+ 2019-12-09  Niels Möller  <nisse@lysator.liu.se>
+ 
+       * ecc-internal.h: Revert itch macro changes. We now have
+       h_to_a_itch <= mul_itch, mul_g_itch. Add asserts at a few places
+       relying on this.
+       (ECC_ECDSA_KEYGEN_ITCH, ECC_MAX): Delete macros.
+       (ECC_ECDSA_SIGN_ITCH): Revert previous change.
+ 
+       * ecc-448.c (ecc_mod_pow_446m224m1): Reduce scratch space from 9*n
+       to 6*n.
+       (ECC_448_INV_ITCH, ECC_448_SQRT_ITCH): Reduce accordingly.
+       * curve448-mul.c (curve448_mul): Reduce allocation from 14*n to 12*n.
+ 
+ 2019-12-08  Niels Möller  <nisse@lysator.liu.se>
+ 
+       * x86_64/ecc-curve448-modp.asm (nettle_ecc_curve448_modp): New
+       assembly function.
+       * ecc-448.c (ecc_448_modp) [HAVE_NATIVE_ecc_curve448_modp]: Use
+       native nettle_ecc_curve448_modp if available.
+       * configure.ac (asm_hogweed_optional_list): Add ecc-curve448-modp.asm.
+       (HAVE_NATIVE_ecc_curve448_modp): New config.h define.
+ 
+ 2019-12-03  Niels Möller  <nisse@lysator.liu.se>
+ 
+       * ecc-448.c (ecc_448_modp) [GMP_NUMB_BITS == 64]: New function.
+ 
+ 2019-12-01  Niels Möller  <nisse@lysator.liu.se>
+ 
+       Curve 448 support contributed by Daiki Ueno.
+       * eccdata.c (enum ecc_type): Add ECC_TYPE_EDWARDS.
+       (ecc_add): Support untwisted edwards curves.
+       (ecc_curve_init): Add curve448 parameters.
+       * ecc-internal.h (ECC_ECDSA_KEYGEN_ITCH): New macro.
+       (ECC_ECDSA_SIGN_ITCH): Increased from 12*size to 13*size.
+       (ECC_MAX): New macro.
+       * ecc-448.c: New file.
+       (ecc_mod_pow_2k, ecc_mod_pow_446m224m1, ecc_448_inv)
+       (ecc_448_zero_p, ecc_448_sqrt): New functions.
+       (_nettle_curve448): New curve definition.
+       * curve448.h (CURVE448_SIZE): New constant.
+       (curve448_mul_g, curve448_mul): Declare new public functions.
+       * ecc-eh-to-a.c (ecc_eh_to_a): Update assert to allow the curve448
+       Edwards curve.
+       * curve448-mul.c (curve448_mul): New file and function.
+       * curve448-mul-g.c (curve448_mul_g): New file and function.
+       * curve448-eh-to-x.c (curve448_eh_to_x): New file and function.
+       * ecc-dup-eh.c (ecc_dup_eh_untwisted): New function.
+       * ecc-add-ehh.c (ecc_add_ehh_untwisted): New function.
+       * ecc-add-eh.c (ecc_add_eh_untwisted): New function.
+       * ecc-point.c (ecc_point_set): Add point validation for curve448.
+       * ecc-point-mul.c (ecc_point_mul): Allow h_to_a_itch larger than
+       mul_itch.
+       * ecc-point-mul-g.c (ecc_point_mul_g): Allow h_to_a_itch
+       larger than mul_g_itch. Switch from TMP_DECL/_ALLOC/_FREE to
+       gmp_alloc_limbs/gmp_free_limbs.
+       * ecdsa-keygen.c (ecdsa_generate_keypair): Use
+       ECC_ECDSA_KEYGEN_ITCH.
+       * Makefile.in (hogweed_SOURCES): Add ecc-448.c, curve448-mul-g.c,
+       curve448-mul.c, and curve448-eh-to-x.c.
+       (HEADERS): Add curve448.h.
+       (ecc-448.h): New generated file.
+ 
+       * testsuite/testutils.c (ecc_curves): Add _nettle_curve448 to list
+       of tested curves.
+       (test_ecc_mul_a): Add curve448.
+       * testsuite/ecdsa-keygen-test.c (ecc_valid_p): Add curve448 support.
+       * testsuite/ecdh-test.c (test_main): Add tests for (non-standard)
+       curve448 diffie-hellman.
+       * testsuite/ecc-add-test.c (test_main): Update for testing of curve448.
+       * testsuite/ecc-dup-test.c (test_main): Likewise.
+       * testsuite/ecc-mul-a-test.c (test_main): Likewise. Also increase
+       scratch allocation for h_to_a_itch.
+       * testsuite/ecc-mul-g-test.c (test_main): Likewise.
+       * testsuite/curve448-dh-test.c: Test for curve448.
+       * testsuite/Makefile.in (TS_HOGWEED_SOURCES): Add curve448-dh-test.c.
+ 
+       * examples/ecc-benchmark.c: Add curve448 to list of benchmarked
+       curves.
+ 
+       * nettle.texinfo (Curve 25519 and Curve 448): Add docs.
+ 
 +2019-12-07  Niels Möller  <nisse@lysator.liu.se>
 +
 +      * ecc-eh-to-a.c (ecc_eh_to_a): Require op == 0, delete code only
 +      used for non-standard ecdsa over curve25519.
 +      * testsuite/ecdsa-sign-test.c (test_main): Delete test of ecdsa
 +      over curve25519.
 +      * testsuite/ecdsa-verify-test.c (test_main): Likewise.
 +      * testsuite/ecdsa-keygen-test.c (test_main): Exclude curve25519
 +      from test.
 +
 +2019-12-05  Niels Möller  <nisse@lysator.liu.se>
 +
 +      * configure.ac: Use AC_TRY_LINK rather than AC_TRY_COMPILE to
 +      check for __builtin_bswap64. Since calling an non-existing
 +      function typically results in a warning only at compile time, but
 +      fails at link time. Patch contributed by by George Koehler.
 +
 +2019-12-04  Niels Möller  <nisse@lysator.liu.se>
 +
 +      * testsuite/testutils.c (test_cipher_cfb8): Add cast of size_t to
 +      unsigned long for argument to fprintf.
 +
  2019-11-21  Niels Möller  <nisse@lysator.liu.se>
  
        * eccdata.c (ecc_curve_init_str): Delete unused t and d arguments.

diff --cc configure.ac
Simple merge

diff --cc testsuite/ecdsa-keygen-test.c
index 0deb7214f23db6ee6cf82a6dfbfcbb393c25c589,cd96782eb83485618fd29f19e47fbe3707d148ef..d2e73943f487a3b80ded37547e14141883a585fb
--- 1/testsuite/ecdsa-keygen-test.c
--- 2/testsuite/ecdsa-keygen-test.c
+++ b/testsuite/ecdsa-keygen-test.c
@@@ -78,10 -94,6 +94,10 @@@ test_main (void
        struct ecc_point pub;
        struct ecc_scalar key;
  
-       if (ecc->p.bit_size == 255)
-       /* Exclude curve25519, which isn't supported with ECDSA. */
++      if (ecc->p.bit_size == 255 || ecc->p.bit_size == 448)
++      /* Exclude curve25519 and curve448, not supported with ECDSA. */
 +      continue;
 +
        if (verbose)
        fprintf (stderr, "Curve %d\n", ecc->p.bit_size);
  

diff --cc testsuite/testutils.c
Simple merge