From: Shane Lontis Date: Tue, 9 Mar 2021 01:04:21 +0000 (+1000) Subject: Add ossl_ ecx symbols X-Git-Tag: openssl-3.0.0-alpha14~238 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=054d43ff972068a0f2ec07319808ca32ad0afb5f;p=thirdparty%2Fopenssl.git Add ossl_ ecx symbols Partial fix for #12964 Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/14473) --- diff --git a/crypto/ec/curve25519.c b/crypto/ec/curve25519.c index d9390030433..3f242150473 100644 --- a/crypto/ec/curve25519.c +++ b/crypto/ec/curve25519.c @@ -5437,9 +5437,10 @@ static void sc_muladd(uint8_t *s, const uint8_t *a, const uint8_t *b, s[31] = (uint8_t) (s11 >> 17); } -int ED25519_sign(uint8_t *out_sig, const uint8_t *message, size_t message_len, - const uint8_t public_key[32], const uint8_t private_key[32], - OSSL_LIB_CTX *libctx, const char *propq) +int +ossl_ed25519_sign(uint8_t *out_sig, const uint8_t *message, size_t message_len, + const uint8_t public_key[32], const uint8_t private_key[32], + OSSL_LIB_CTX *libctx, const char *propq) { uint8_t az[SHA512_DIGEST_LENGTH]; uint8_t nonce[SHA512_DIGEST_LENGTH]; @@ -5493,9 +5494,10 @@ err: static const char allzeroes[15]; -int ED25519_verify(const uint8_t *message, size_t message_len, - const uint8_t signature[64], const uint8_t public_key[32], - OSSL_LIB_CTX *libctx, const char *propq) +int +ossl_ed25519_verify(const uint8_t *message, size_t message_len, + const uint8_t signature[64], const uint8_t public_key[32], + OSSL_LIB_CTX *libctx, const char *propq) { int i; ge_p3 A; @@ -5577,8 +5579,10 @@ err: return res; } -int ED25519_public_from_private(OSSL_LIB_CTX *ctx, uint8_t out_public_key[32], - const uint8_t private_key[32], const char *propq) +int +ossl_ed25519_public_from_private(OSSL_LIB_CTX *ctx, uint8_t out_public_key[32], + const uint8_t private_key[32], + const char *propq) { uint8_t az[SHA512_DIGEST_LENGTH]; ge_p3 A; @@ -5606,8 +5610,9 @@ int ED25519_public_from_private(OSSL_LIB_CTX *ctx, uint8_t out_public_key[32], return 1; } -int X25519(uint8_t out_shared_key[32], const uint8_t private_key[32], - const uint8_t peer_public_value[32]) +int +ossl_x25519(uint8_t out_shared_key[32], const uint8_t private_key[32], + const uint8_t peer_public_value[32]) { static const uint8_t kZeros[32] = {0}; x25519_scalar_mult(out_shared_key, private_key, peer_public_value); @@ -5615,7 +5620,8 @@ int X25519(uint8_t out_shared_key[32], const uint8_t private_key[32], return CRYPTO_memcmp(kZeros, out_shared_key, 32) != 0; } -void X25519_public_from_private(uint8_t out_public_value[32], +void +ossl_x25519_public_from_private(uint8_t out_public_value[32], const uint8_t private_key[32]) { uint8_t e[32]; diff --git a/crypto/ec/curve448/curve448.c b/crypto/ec/curve448/curve448.c index b03218283ec..b6246927139 100644 --- a/crypto/ec/curve448/curve448.c +++ b/crypto/ec/curve448/curve448.c @@ -55,7 +55,7 @@ static void gf_invert(gf y, const gf x, int assert_nonzero) } /** identity = (0,1) */ -const curve448_point_t curve448_point_identity = +const curve448_point_t ossl_curve448_point_identity = { {{{{0}}}, {{{1}}}, {{{1}}}, {{{0}}}} }; static void point_double_internal(curve448_point_t p, const curve448_point_t q, @@ -82,7 +82,7 @@ static void point_double_internal(curve448_point_t p, const curve448_point_t q, gf_mul(p->t, b, d); } -void curve448_point_double(curve448_point_t p, const curve448_point_t q) +void ossl_curve448_point_double(curve448_point_t p, const curve448_point_t q) { point_double_internal(p, q, 0); } @@ -184,8 +184,9 @@ static void sub_pniels_from_pt(curve448_point_t p, const pniels_t pn, sub_niels_from_pt(p, pn->n, before_double); } -c448_bool_t curve448_point_eq(const curve448_point_t p, - const curve448_point_t q) +c448_bool_t +ossl_curve448_point_eq(const curve448_point_t p, + const curve448_point_t q) { mask_t succ; gf a, b; @@ -198,7 +199,8 @@ c448_bool_t curve448_point_eq(const curve448_point_t p, return mask_to_bool(succ); } -c448_bool_t curve448_point_valid(const curve448_point_t p) +c448_bool_t +ossl_curve448_point_valid(const curve448_point_t p) { mask_t out; gf a, b, c; @@ -225,7 +227,8 @@ static ossl_inline void constant_time_lookup_niels(niels_s * RESTRICT ni, constant_time_lookup(ni, table, sizeof(niels_s), nelts, idx); } -void curve448_precomputed_scalarmul(curve448_point_t out, +void +ossl_curve448_precomputed_scalarmul(curve448_point_t out, const curve448_precomputed_s * table, const curve448_scalar_t scalar) { @@ -234,8 +237,8 @@ void curve448_precomputed_scalarmul(curve448_point_t out, niels_t ni; curve448_scalar_t scalar1x; - curve448_scalar_add(scalar1x, scalar, precomputed_scalarmul_adjustment); - curve448_scalar_halve(scalar1x, scalar1x); + ossl_curve448_scalar_add(scalar1x, scalar, precomputed_scalarmul_adjustment); + ossl_curve448_scalar_halve(scalar1x, scalar1x); for (i = s; i > 0; i--) { if (i != s) @@ -272,7 +275,8 @@ void curve448_precomputed_scalarmul(curve448_point_t out, OPENSSL_cleanse(scalar1x, sizeof(scalar1x)); } -void curve448_point_mul_by_ratio_and_encode_like_eddsa( +void +ossl_curve448_point_mul_by_ratio_and_encode_like_eddsa( uint8_t enc[EDDSA_448_PUBLIC_BYTES], const curve448_point_t p) { @@ -316,10 +320,11 @@ void curve448_point_mul_by_ratio_and_encode_like_eddsa( OPENSSL_cleanse(y, sizeof(y)); OPENSSL_cleanse(z, sizeof(z)); OPENSSL_cleanse(t, sizeof(t)); - curve448_point_destroy(q); + ossl_curve448_point_destroy(q); } -c448_error_t curve448_point_decode_like_eddsa_and_mul_by_ratio( +c448_error_t +ossl_curve448_point_decode_like_eddsa_and_mul_by_ratio( curve448_point_t p, const uint8_t enc[EDDSA_448_PUBLIC_BYTES]) { @@ -372,14 +377,15 @@ c448_error_t curve448_point_decode_like_eddsa_and_mul_by_ratio( } OPENSSL_cleanse(enc2, sizeof(enc2)); - assert(curve448_point_valid(p) || ~succ); + assert(ossl_curve448_point_valid(p) || ~succ); return c448_succeed_if(mask_to_bool(succ)); } -c448_error_t x448_int(uint8_t out[X_PUBLIC_BYTES], - const uint8_t base[X_PUBLIC_BYTES], - const uint8_t scalar[X_PRIVATE_BYTES]) +c448_error_t +ossl_x448_int(uint8_t out[X_PUBLIC_BYTES], + const uint8_t base[X_PUBLIC_BYTES], + const uint8_t scalar[X_PRIVATE_BYTES]) { gf x1, x2, z2, x3, z3, t1, t2; int t; @@ -456,7 +462,8 @@ c448_error_t x448_int(uint8_t out[X_PUBLIC_BYTES], return c448_succeed_if(mask_to_bool(nz)); } -void curve448_point_mul_by_ratio_and_encode_like_x448(uint8_t +void +ossl_curve448_point_mul_by_ratio_and_encode_like_x448(uint8_t out[X_PUBLIC_BYTES], const curve448_point_t p) { @@ -467,11 +474,11 @@ void curve448_point_mul_by_ratio_and_encode_like_x448(uint8_t gf_mul(q->z, q->t, q->y); /* y/x */ gf_sqr(q->y, q->z); /* (y/x)^2 */ gf_serialize(out, q->y, 1); - curve448_point_destroy(q); + ossl_curve448_point_destroy(q); } -void x448_derive_public_key(uint8_t out[X_PUBLIC_BYTES], - const uint8_t scalar[X_PRIVATE_BYTES]) +void ossl_x448_derive_public_key(uint8_t out[X_PUBLIC_BYTES], + const uint8_t scalar[X_PRIVATE_BYTES]) { /* Scalar conditioning */ uint8_t scalar2[X_PRIVATE_BYTES]; @@ -485,15 +492,16 @@ void x448_derive_public_key(uint8_t out[X_PUBLIC_BYTES], scalar2[X_PRIVATE_BYTES - 1] &= ~((0u - 1u) << ((X_PRIVATE_BITS + 7) % 8)); scalar2[X_PRIVATE_BYTES - 1] |= 1 << ((X_PRIVATE_BITS + 7) % 8); - curve448_scalar_decode_long(the_scalar, scalar2, sizeof(scalar2)); + ossl_curve448_scalar_decode_long(the_scalar, scalar2, sizeof(scalar2)); /* Compensate for the encoding ratio */ for (i = 1; i < X448_ENCODE_RATIO; i <<= 1) - curve448_scalar_halve(the_scalar, the_scalar); + ossl_curve448_scalar_halve(the_scalar, the_scalar); - curve448_precomputed_scalarmul(p, curve448_precomputed_base, the_scalar); - curve448_point_mul_by_ratio_and_encode_like_x448(out, p); - curve448_point_destroy(p); + ossl_curve448_precomputed_scalarmul(p, ossl_curve448_precomputed_base, + the_scalar); + ossl_curve448_point_mul_by_ratio_and_encode_like_x448(out, p); + ossl_curve448_point_destroy(p); } /* Control for variable-time scalar multiply algorithms. */ @@ -610,7 +618,7 @@ static void prepare_wnaf_table(pniels_t * output, if (tbits == 0) return; - curve448_point_double(tmp, working); + ossl_curve448_point_double(tmp, working); pt_to_pniels(twop, tmp); add_pniels_to_pt(tmp, output[0], 0); @@ -621,11 +629,12 @@ static void prepare_wnaf_table(pniels_t * output, pt_to_pniels(output[i], tmp); } - curve448_point_destroy(tmp); + ossl_curve448_point_destroy(tmp); OPENSSL_cleanse(twop, sizeof(twop)); } -void curve448_base_double_scalarmul_non_secret(curve448_point_t combo, +void +ossl_curve448_base_double_scalarmul_non_secret(curve448_point_t combo, const curve448_scalar_t scalar1, const curve448_point_t base2, const curve448_scalar_t scalar2) @@ -645,7 +654,7 @@ void curve448_base_double_scalarmul_non_secret(curve448_point_t combo, i = control_var[0].power; if (i < 0) { - curve448_point_copy(combo, curve448_point_identity); + curve448_point_copy(combo, ossl_curve448_point_identity); return; } if (i > control_pre[0].power) { @@ -653,13 +662,14 @@ void curve448_base_double_scalarmul_non_secret(curve448_point_t combo, contv++; } else if (i == control_pre[0].power && i >= 0) { pniels_to_pt(combo, precmp_var[control_var[0].addend >> 1]); - add_niels_to_pt(combo, curve448_wnaf_base[control_pre[0].addend >> 1], + add_niels_to_pt(combo, + ossl_curve448_wnaf_base[control_pre[0].addend >> 1], i); contv++; contp++; } else { i = control_pre[0].power; - niels_to_pt(combo, curve448_wnaf_base[control_pre[0].addend >> 1]); + niels_to_pt(combo, ossl_curve448_wnaf_base[control_pre[0].addend >> 1]); contp++; } @@ -688,11 +698,11 @@ void curve448_base_double_scalarmul_non_secret(curve448_point_t combo, if (control_pre[contp].addend > 0) add_niels_to_pt(combo, - curve448_wnaf_base[control_pre[contp].addend + ossl_curve448_wnaf_base[control_pre[contp].addend >> 1], i); else sub_niels_from_pt(combo, - curve448_wnaf_base[(-control_pre + ossl_curve448_wnaf_base[(-control_pre [contp].addend) >> 1], i); contp++; } @@ -709,20 +719,20 @@ void curve448_base_double_scalarmul_non_secret(curve448_point_t combo, (void)ncb_pre; } -void curve448_point_destroy(curve448_point_t point) +void ossl_curve448_point_destroy(curve448_point_t point) { OPENSSL_cleanse(point, sizeof(curve448_point_t)); } -int X448(uint8_t out_shared_key[56], const uint8_t private_key[56], - const uint8_t peer_public_value[56]) +int ossl_x448(uint8_t out_shared_key[56], const uint8_t private_key[56], + const uint8_t peer_public_value[56]) { - return x448_int(out_shared_key, peer_public_value, private_key) + return ossl_x448_int(out_shared_key, peer_public_value, private_key) == C448_SUCCESS; } -void X448_public_from_private(uint8_t out_public_value[56], - const uint8_t private_key[56]) +void ossl_x448_public_from_private(uint8_t out_public_value[56], + const uint8_t private_key[56]) { - x448_derive_public_key(out_public_value, private_key); + ossl_x448_derive_public_key(out_public_value, private_key); } diff --git a/crypto/ec/curve448/curve448_local.h b/crypto/ec/curve448/curve448_local.h index c5ffa75f6b8..39534a7237a 100644 --- a/crypto/ec/curve448/curve448_local.h +++ b/crypto/ec/curve448/curve448_local.h @@ -10,12 +10,15 @@ # define OSSL_CRYPTO_EC_CURVE448_LOCAL_H # include "curve448utils.h" -int ED448ph_sign(OSSL_LIB_CTX *ctx, uint8_t *out_sig, const uint8_t hash[64], - const uint8_t public_key[57], const uint8_t private_key[57], - const uint8_t *context, size_t context_len, const char *propq); +int +ossl_ed448ph_sign(OSSL_LIB_CTX *ctx, uint8_t *out_sig, const uint8_t hash[64], + const uint8_t public_key[57], const uint8_t private_key[57], + const uint8_t *context, size_t context_len, const char *propq); -int ED448ph_verify(OSSL_LIB_CTX *ctx, const uint8_t hash[64], - const uint8_t signature[114], const uint8_t public_key[57], - const uint8_t *context, size_t context_len, const char *propq); +int +ossl_ed448ph_verify(OSSL_LIB_CTX *ctx, const uint8_t hash[64], + const uint8_t signature[114], const uint8_t public_key[57], + const uint8_t *context, size_t context_len, + const char *propq); #endif /* OSSL_CRYPTO_EC_CURVE448_LOCAL_H */ diff --git a/crypto/ec/curve448/curve448_tables.c b/crypto/ec/curve448/curve448_tables.c index ec8ffcc36be..fe0d373f84d 100644 --- a/crypto/ec/curve448/curve448_tables.c +++ b/crypto/ec/curve448/curve448_tables.c @@ -1058,7 +1058,7 @@ static const curve448_precomputed_s curve448_precomputed_base_table = { }} } }; -const struct curve448_precomputed_s *curve448_precomputed_base +const struct curve448_precomputed_s *ossl_curve448_precomputed_base = &curve448_precomputed_base_table; static const niels_t curve448_wnaf_base_table[32] = { @@ -1480,4 +1480,4 @@ static const niels_t curve448_wnaf_base_table[32] = { 0x001979c0df237316ULL, 0x00501e953a919b87ULL)}, }} }; -const niels_t *curve448_wnaf_base = curve448_wnaf_base_table; +const niels_t *ossl_curve448_wnaf_base = curve448_wnaf_base_table; diff --git a/crypto/ec/curve448/ed448.h b/crypto/ec/curve448/ed448.h index 3a1a9b46d6e..fad21a02732 100644 --- a/crypto/ec/curve448/ed448.h +++ b/crypto/ec/curve448/ed448.h @@ -37,11 +37,12 @@ * pubkey (out): The public key. * privkey (in): The private key. */ -c448_error_t c448_ed448_derive_public_key( - OSSL_LIB_CTX *ctx, - uint8_t pubkey [EDDSA_448_PUBLIC_BYTES], - const uint8_t privkey [EDDSA_448_PRIVATE_BYTES], - const char *propq); +c448_error_t +ossl_c448_ed448_derive_public_key( + OSSL_LIB_CTX *ctx, + uint8_t pubkey [EDDSA_448_PUBLIC_BYTES], + const uint8_t privkey [EDDSA_448_PRIVATE_BYTES], + const char *propq); /* * EdDSA signing. @@ -60,15 +61,15 @@ c448_error_t c448_ed448_derive_public_key( * non-prehashed messages, at least without some very careful protocol-level * disambiguation. For Ed448 it is safe. */ -c448_error_t c448_ed448_sign( - OSSL_LIB_CTX *ctx, - uint8_t signature[EDDSA_448_SIGNATURE_BYTES], - const uint8_t privkey[EDDSA_448_PRIVATE_BYTES], - const uint8_t pubkey[EDDSA_448_PUBLIC_BYTES], - const uint8_t *message, size_t message_len, - uint8_t prehashed, const uint8_t *context, - size_t context_len, - const char *propq); +c448_error_t +ossl_c448_ed448_sign(OSSL_LIB_CTX *ctx, + uint8_t signature[EDDSA_448_SIGNATURE_BYTES], + const uint8_t privkey[EDDSA_448_PRIVATE_BYTES], + const uint8_t pubkey[EDDSA_448_PUBLIC_BYTES], + const uint8_t *message, size_t message_len, + uint8_t prehashed, const uint8_t *context, + size_t context_len, + const char *propq); /* * EdDSA signing with prehash. @@ -86,15 +87,15 @@ c448_error_t c448_ed448_sign( * non-prehashed messages, at least without some very careful protocol-level * disambiguation. For Ed448 it is safe. */ -c448_error_t c448_ed448_sign_prehash( - OSSL_LIB_CTX *ctx, - uint8_t signature[EDDSA_448_SIGNATURE_BYTES], - const uint8_t privkey[EDDSA_448_PRIVATE_BYTES], - const uint8_t pubkey[EDDSA_448_PUBLIC_BYTES], - const uint8_t hash[64], - const uint8_t *context, - size_t context_len, - const char *propq); +c448_error_t +ossl_c448_ed448_sign_prehash(OSSL_LIB_CTX *ctx, + uint8_t signature[EDDSA_448_SIGNATURE_BYTES], + const uint8_t privkey[EDDSA_448_PRIVATE_BYTES], + const uint8_t pubkey[EDDSA_448_PUBLIC_BYTES], + const uint8_t hash[64], + const uint8_t *context, + size_t context_len, + const char *propq); /* * EdDSA signature verification. @@ -114,15 +115,16 @@ c448_error_t c448_ed448_sign_prehash( * non-prehashed messages, at least without some very careful protocol-level * disambiguation. For Ed448 it is safe. */ -c448_error_t c448_ed448_verify(OSSL_LIB_CTX *ctx, - const uint8_t - signature[EDDSA_448_SIGNATURE_BYTES], - const uint8_t - pubkey[EDDSA_448_PUBLIC_BYTES], - const uint8_t *message, size_t message_len, - uint8_t prehashed, const uint8_t *context, - uint8_t context_len, - const char *propq); +c448_error_t +ossl_c448_ed448_verify(OSSL_LIB_CTX *ctx, + const uint8_t + signature[EDDSA_448_SIGNATURE_BYTES], + const uint8_t + pubkey[EDDSA_448_PUBLIC_BYTES], + const uint8_t *message, size_t message_len, + uint8_t prehashed, const uint8_t *context, + uint8_t context_len, + const char *propq); /* * EdDSA signature verification. @@ -141,14 +143,15 @@ c448_error_t c448_ed448_verify(OSSL_LIB_CTX *ctx, * non-prehashed messages, at least without some very careful protocol-level * disambiguation. For Ed448 it is safe. */ -c448_error_t c448_ed448_verify_prehash( - OSSL_LIB_CTX *ctx, - const uint8_t signature[EDDSA_448_SIGNATURE_BYTES], - const uint8_t pubkey[EDDSA_448_PUBLIC_BYTES], - const uint8_t hash[64], - const uint8_t *context, - uint8_t context_len, - const char *propq); +c448_error_t +ossl_c448_ed448_verify_prehash( + OSSL_LIB_CTX *ctx, + const uint8_t signature[EDDSA_448_SIGNATURE_BYTES], + const uint8_t pubkey[EDDSA_448_PUBLIC_BYTES], + const uint8_t hash[64], + const uint8_t *context, + uint8_t context_len, + const char *propq); /* * EdDSA point encoding. Used internally, exposed externally. @@ -173,7 +176,8 @@ c448_error_t c448_ed448_verify_prehash( * enc (out): The encoded point. * p (in): The point. */ -void curve448_point_mul_by_ratio_and_encode_like_eddsa( +void +ossl_curve448_point_mul_by_ratio_and_encode_like_eddsa( uint8_t enc [EDDSA_448_PUBLIC_BYTES], const curve448_point_t p); @@ -186,7 +190,8 @@ void curve448_point_mul_by_ratio_and_encode_like_eddsa( * enc (out): The encoded point. * p (in): The point. */ -c448_error_t curve448_point_decode_like_eddsa_and_mul_by_ratio( +c448_error_t +ossl_curve448_point_decode_like_eddsa_and_mul_by_ratio( curve448_point_t p, const uint8_t enc[EDDSA_448_PUBLIC_BYTES]); @@ -198,10 +203,11 @@ c448_error_t curve448_point_decode_like_eddsa_and_mul_by_ratio( * x (out): The ECDH private key as in RFC7748 * ed (in): The EdDSA private key */ -c448_error_t c448_ed448_convert_private_key_to_x448( - OSSL_LIB_CTX *ctx, - uint8_t x[X448_PRIVATE_BYTES], - const uint8_t ed[EDDSA_448_PRIVATE_BYTES], - const char *propq); +c448_error_t +ossl_c448_ed448_convert_private_key_to_x448( + OSSL_LIB_CTX *ctx, + uint8_t x[X448_PRIVATE_BYTES], + const uint8_t ed[EDDSA_448_PRIVATE_BYTES], + const char *propq); #endif /* OSSL_CRYPTO_EC_CURVE448_ED448_H */ diff --git a/crypto/ec/curve448/eddsa.c b/crypto/ec/curve448/eddsa.c index d4c7f1562a8..d04469989a9 100644 --- a/crypto/ec/curve448/eddsa.c +++ b/crypto/ec/curve448/eddsa.c @@ -94,7 +94,8 @@ static c448_error_t hash_init_with_dom(OSSL_LIB_CTX *ctx, EVP_MD_CTX *hashctx, } /* In this file because it uses the hash */ -c448_error_t c448_ed448_convert_private_key_to_x448( +c448_error_t +ossl_c448_ed448_convert_private_key_to_x448( OSSL_LIB_CTX *ctx, uint8_t x[X448_PRIVATE_BYTES], const uint8_t ed [EDDSA_448_PRIVATE_BYTES], @@ -106,7 +107,8 @@ c448_error_t c448_ed448_convert_private_key_to_x448( EDDSA_448_PRIVATE_BYTES, propq); } -c448_error_t c448_ed448_derive_public_key( +c448_error_t +ossl_c448_ed448_derive_public_key( OSSL_LIB_CTX *ctx, uint8_t pubkey[EDDSA_448_PUBLIC_BYTES], const uint8_t privkey[EDDSA_448_PRIVATE_BYTES], @@ -126,8 +128,8 @@ c448_error_t c448_ed448_derive_public_key( clamp(secret_scalar_ser); - curve448_scalar_decode_long(secret_scalar, secret_scalar_ser, - sizeof(secret_scalar_ser)); + ossl_curve448_scalar_decode_long(secret_scalar, secret_scalar_ser, + sizeof(secret_scalar_ser)); /* * Since we are going to mul_by_cofactor during encoding, divide by it @@ -138,28 +140,29 @@ c448_error_t c448_ed448_derive_public_key( * we might start at 2 instead of 1. */ for (c = 1; c < C448_EDDSA_ENCODE_RATIO; c <<= 1) - curve448_scalar_halve(secret_scalar, secret_scalar); + ossl_curve448_scalar_halve(secret_scalar, secret_scalar); - curve448_precomputed_scalarmul(p, curve448_precomputed_base, secret_scalar); + ossl_curve448_precomputed_scalarmul(p, ossl_curve448_precomputed_base, + secret_scalar); - curve448_point_mul_by_ratio_and_encode_like_eddsa(pubkey, p); + ossl_curve448_point_mul_by_ratio_and_encode_like_eddsa(pubkey, p); /* Cleanup */ - curve448_scalar_destroy(secret_scalar); - curve448_point_destroy(p); + ossl_curve448_scalar_destroy(secret_scalar); + ossl_curve448_point_destroy(p); OPENSSL_cleanse(secret_scalar_ser, sizeof(secret_scalar_ser)); return C448_SUCCESS; } -c448_error_t c448_ed448_sign( - OSSL_LIB_CTX *ctx, - uint8_t signature[EDDSA_448_SIGNATURE_BYTES], - const uint8_t privkey[EDDSA_448_PRIVATE_BYTES], - const uint8_t pubkey[EDDSA_448_PUBLIC_BYTES], - const uint8_t *message, size_t message_len, - uint8_t prehashed, const uint8_t *context, - size_t context_len, const char *propq) +c448_error_t +ossl_c448_ed448_sign(OSSL_LIB_CTX *ctx, + uint8_t signature[EDDSA_448_SIGNATURE_BYTES], + const uint8_t privkey[EDDSA_448_PRIVATE_BYTES], + const uint8_t pubkey[EDDSA_448_PUBLIC_BYTES], + const uint8_t *message, size_t message_len, + uint8_t prehashed, const uint8_t *context, + size_t context_len, const char *propq) { curve448_scalar_t secret_scalar; EVP_MD_CTX *hashctx = EVP_MD_CTX_new(); @@ -183,8 +186,8 @@ c448_error_t c448_ed448_sign( EDDSA_448_PRIVATE_BYTES, propq)) goto err; clamp(expanded); - curve448_scalar_decode_long(secret_scalar, expanded, - EDDSA_448_PRIVATE_BYTES); + ossl_curve448_scalar_decode_long(secret_scalar, expanded, + EDDSA_448_PRIVATE_BYTES); /* Hash to create the nonce */ if (!hash_init_with_dom(ctx, hashctx, prehashed, 0, context, @@ -205,7 +208,7 @@ c448_error_t c448_ed448_sign( if (!EVP_DigestFinalXOF(hashctx, nonce, sizeof(nonce))) goto err; - curve448_scalar_decode_long(nonce_scalar, nonce, sizeof(nonce)); + ossl_curve448_scalar_decode_long(nonce_scalar, nonce, sizeof(nonce)); OPENSSL_cleanse(nonce, sizeof(nonce)); } @@ -214,15 +217,15 @@ c448_error_t c448_ed448_sign( curve448_scalar_t nonce_scalar_2; curve448_point_t p; - curve448_scalar_halve(nonce_scalar_2, nonce_scalar); + ossl_curve448_scalar_halve(nonce_scalar_2, nonce_scalar); for (c = 2; c < C448_EDDSA_ENCODE_RATIO; c <<= 1) - curve448_scalar_halve(nonce_scalar_2, nonce_scalar_2); + ossl_curve448_scalar_halve(nonce_scalar_2, nonce_scalar_2); - curve448_precomputed_scalarmul(p, curve448_precomputed_base, - nonce_scalar_2); - curve448_point_mul_by_ratio_and_encode_like_eddsa(nonce_point, p); - curve448_point_destroy(p); - curve448_scalar_destroy(nonce_scalar_2); + ossl_curve448_precomputed_scalarmul(p, ossl_curve448_precomputed_base, + nonce_scalar_2); + ossl_curve448_point_mul_by_ratio_and_encode_like_eddsa(nonce_point, p); + ossl_curve448_point_destroy(p); + ossl_curve448_scalar_destroy(nonce_scalar_2); } { @@ -237,22 +240,22 @@ c448_error_t c448_ed448_sign( || !EVP_DigestFinalXOF(hashctx, challenge, sizeof(challenge))) goto err; - curve448_scalar_decode_long(challenge_scalar, challenge, - sizeof(challenge)); + ossl_curve448_scalar_decode_long(challenge_scalar, challenge, + sizeof(challenge)); OPENSSL_cleanse(challenge, sizeof(challenge)); } - curve448_scalar_mul(challenge_scalar, challenge_scalar, secret_scalar); - curve448_scalar_add(challenge_scalar, challenge_scalar, nonce_scalar); + ossl_curve448_scalar_mul(challenge_scalar, challenge_scalar, secret_scalar); + ossl_curve448_scalar_add(challenge_scalar, challenge_scalar, nonce_scalar); OPENSSL_cleanse(signature, EDDSA_448_SIGNATURE_BYTES); memcpy(signature, nonce_point, sizeof(nonce_point)); - curve448_scalar_encode(&signature[EDDSA_448_PUBLIC_BYTES], - challenge_scalar); + ossl_curve448_scalar_encode(&signature[EDDSA_448_PUBLIC_BYTES], + challenge_scalar); - curve448_scalar_destroy(secret_scalar); - curve448_scalar_destroy(nonce_scalar); - curve448_scalar_destroy(challenge_scalar); + ossl_curve448_scalar_destroy(secret_scalar); + ossl_curve448_scalar_destroy(nonce_scalar); + ossl_curve448_scalar_destroy(challenge_scalar); ret = C448_SUCCESS; err: @@ -260,7 +263,8 @@ c448_error_t c448_ed448_sign( return ret; } -c448_error_t c448_ed448_sign_prehash( +c448_error_t +ossl_c448_ed448_sign_prehash( OSSL_LIB_CTX *ctx, uint8_t signature[EDDSA_448_SIGNATURE_BYTES], const uint8_t privkey[EDDSA_448_PRIVATE_BYTES], @@ -268,11 +272,12 @@ c448_error_t c448_ed448_sign_prehash( const uint8_t hash[64], const uint8_t *context, size_t context_len, const char *propq) { - return c448_ed448_sign(ctx, signature, privkey, pubkey, hash, 64, 1, - context, context_len, propq); + return ossl_c448_ed448_sign(ctx, signature, privkey, pubkey, hash, 64, 1, + context, context_len, propq); } -c448_error_t c448_ed448_verify( +c448_error_t +ossl_c448_ed448_verify( OSSL_LIB_CTX *ctx, const uint8_t signature[EDDSA_448_SIGNATURE_BYTES], const uint8_t pubkey[EDDSA_448_PUBLIC_BYTES], @@ -310,13 +315,13 @@ c448_error_t c448_ed448_verify( return C448_FAILURE; error = - curve448_point_decode_like_eddsa_and_mul_by_ratio(pk_point, pubkey); + ossl_curve448_point_decode_like_eddsa_and_mul_by_ratio(pk_point, pubkey); if (C448_SUCCESS != error) return error; error = - curve448_point_decode_like_eddsa_and_mul_by_ratio(r_point, signature); + ossl_curve448_point_decode_like_eddsa_and_mul_by_ratio(r_point, signature); if (C448_SUCCESS != error) return error; @@ -337,74 +342,82 @@ c448_error_t c448_ed448_verify( } EVP_MD_CTX_free(hashctx); - curve448_scalar_decode_long(challenge_scalar, challenge, - sizeof(challenge)); + ossl_curve448_scalar_decode_long(challenge_scalar, challenge, + sizeof(challenge)); OPENSSL_cleanse(challenge, sizeof(challenge)); } - curve448_scalar_sub(challenge_scalar, curve448_scalar_zero, - challenge_scalar); + ossl_curve448_scalar_sub(challenge_scalar, ossl_curve448_scalar_zero, + challenge_scalar); - curve448_scalar_decode_long(response_scalar, - &signature[EDDSA_448_PUBLIC_BYTES], - EDDSA_448_PRIVATE_BYTES); + ossl_curve448_scalar_decode_long(response_scalar, + &signature[EDDSA_448_PUBLIC_BYTES], + EDDSA_448_PRIVATE_BYTES); /* pk_point = -c(x(P)) + (cx + k)G = kG */ - curve448_base_double_scalarmul_non_secret(pk_point, - response_scalar, - pk_point, challenge_scalar); - return c448_succeed_if(curve448_point_eq(pk_point, r_point)); + ossl_curve448_base_double_scalarmul_non_secret(pk_point, + response_scalar, + pk_point, challenge_scalar); + return c448_succeed_if(ossl_curve448_point_eq(pk_point, r_point)); } -c448_error_t c448_ed448_verify_prehash( +c448_error_t +ossl_c448_ed448_verify_prehash( OSSL_LIB_CTX *ctx, const uint8_t signature[EDDSA_448_SIGNATURE_BYTES], const uint8_t pubkey[EDDSA_448_PUBLIC_BYTES], const uint8_t hash[64], const uint8_t *context, uint8_t context_len, const char *propq) { - return c448_ed448_verify(ctx, signature, pubkey, hash, 64, 1, context, - context_len, propq); + return ossl_c448_ed448_verify(ctx, signature, pubkey, hash, 64, 1, context, + context_len, propq); } -int ED448_sign(OSSL_LIB_CTX *ctx, uint8_t *out_sig, const uint8_t *message, - size_t message_len, const uint8_t public_key[57], - const uint8_t private_key[57], const uint8_t *context, - size_t context_len, const char *propq) +int +ossl_ed448_sign(OSSL_LIB_CTX *ctx, uint8_t *out_sig, const uint8_t *message, + size_t message_len, const uint8_t public_key[57], + const uint8_t private_key[57], const uint8_t *context, + size_t context_len, const char *propq) { - return c448_ed448_sign(ctx, out_sig, private_key, public_key, message, - message_len, 0, context, context_len,propq) - == C448_SUCCESS; + return ossl_c448_ed448_sign(ctx, out_sig, private_key, public_key, message, + message_len, 0, context, context_len, + propq) == C448_SUCCESS; } -int ED448_verify(OSSL_LIB_CTX *ctx, const uint8_t *message, size_t message_len, - const uint8_t signature[114], const uint8_t public_key[57], - const uint8_t *context, size_t context_len, const char *propq) +int +ossl_ed448_verify(OSSL_LIB_CTX *ctx, const uint8_t *message, size_t message_len, + const uint8_t signature[114], const uint8_t public_key[57], + const uint8_t *context, size_t context_len, const char *propq) { - return c448_ed448_verify(ctx, signature, public_key, message, message_len, - 0, context, (uint8_t)context_len, - propq) == C448_SUCCESS; + return ossl_c448_ed448_verify(ctx, signature, public_key, message, + message_len, 0, context, (uint8_t)context_len, + propq) == C448_SUCCESS; } -int ED448ph_sign(OSSL_LIB_CTX *ctx, uint8_t *out_sig, const uint8_t hash[64], - const uint8_t public_key[57], const uint8_t private_key[57], - const uint8_t *context, size_t context_len, const char *propq) +int +ossl_ed448ph_sign(OSSL_LIB_CTX *ctx, uint8_t *out_sig, const uint8_t hash[64], + const uint8_t public_key[57], const uint8_t private_key[57], + const uint8_t *context, size_t context_len, const char *propq) { - return c448_ed448_sign_prehash(ctx, out_sig, private_key, public_key, hash, - context, context_len, propq) == C448_SUCCESS; - + return ossl_c448_ed448_sign_prehash(ctx, out_sig, private_key, public_key, + hash, context, context_len, + propq) == C448_SUCCESS; } -int ED448ph_verify(OSSL_LIB_CTX *ctx, const uint8_t hash[64], - const uint8_t signature[114], const uint8_t public_key[57], - const uint8_t *context, size_t context_len, const char *propq) +int +ossl_ed448ph_verify(OSSL_LIB_CTX *ctx, const uint8_t hash[64], + const uint8_t signature[114], const uint8_t public_key[57], + const uint8_t *context, size_t context_len, + const char *propq) { - return c448_ed448_verify_prehash(ctx, signature, public_key, hash, context, - (uint8_t)context_len, propq) == C448_SUCCESS; + return ossl_c448_ed448_verify_prehash(ctx, signature, public_key, hash, + context, (uint8_t)context_len, + propq) == C448_SUCCESS; } -int ED448_public_from_private(OSSL_LIB_CTX *ctx, uint8_t out_public_key[57], - const uint8_t private_key[57], const char *propq) +int +ossl_ed448_public_from_private(OSSL_LIB_CTX *ctx, uint8_t out_public_key[57], + const uint8_t private_key[57], const char *propq) { - return c448_ed448_derive_public_key(ctx, out_public_key, private_key, propq) - == C448_SUCCESS; + return ossl_c448_ed448_derive_public_key(ctx, out_public_key, private_key, + propq) == C448_SUCCESS; } diff --git a/crypto/ec/curve448/point_448.h b/crypto/ec/curve448/point_448.h index 9f09aea13f6..c48872c873a 100644 --- a/crypto/ec/curve448/point_448.h +++ b/crypto/ec/curve448/point_448.h @@ -69,17 +69,17 @@ typedef struct curve448_scalar_s { } curve448_scalar_t[1]; /* A scalar equal to 1. */ -extern const curve448_scalar_t curve448_scalar_one; +extern const curve448_scalar_t ossl_curve448_scalar_one; /* A scalar equal to 0. */ -extern const curve448_scalar_t curve448_scalar_zero; +extern const curve448_scalar_t ossl_curve448_scalar_zero; /* The identity point on the curve. */ -extern const curve448_point_t curve448_point_identity; +extern const curve448_point_t ossl_curve448_point_identity; /* Precomputed table for the base point on the curve. */ -extern const struct curve448_precomputed_s *curve448_precomputed_base; -extern const niels_t *curve448_wnaf_base; +extern const struct curve448_precomputed_s *ossl_curve448_precomputed_base; +extern const niels_t *ossl_curve448_wnaf_base; /* * Read a scalar from wire format or from bytes. @@ -92,8 +92,9 @@ extern const niels_t *curve448_wnaf_base; * C448_FAILURE: The scalar was greater than the modulus, and has been reduced * modulo that modulus. */ -c448_error_t curve448_scalar_decode(curve448_scalar_t out, - const unsigned char ser[C448_SCALAR_BYTES]); +c448_error_t +ossl_curve448_scalar_decode(curve448_scalar_t out, + const unsigned char ser[C448_SCALAR_BYTES]); /* * Read a scalar from wire format or from bytes. Reduces mod scalar prime. @@ -102,7 +103,8 @@ c448_error_t curve448_scalar_decode(curve448_scalar_t out, * ser_len (in): Length of serialized form. * out (out): Deserialized form. */ -void curve448_scalar_decode_long(curve448_scalar_t out, +void +ossl_curve448_scalar_decode_long(curve448_scalar_t out, const unsigned char *ser, size_t ser_len); /* @@ -111,7 +113,8 @@ void curve448_scalar_decode_long(curve448_scalar_t out, * ser (out): Serialized form of a scalar. * s (in): Deserialized scalar. */ -void curve448_scalar_encode(unsigned char ser[C448_SCALAR_BYTES], +void +ossl_curve448_scalar_encode(unsigned char ser[C448_SCALAR_BYTES], const curve448_scalar_t s); /* @@ -121,7 +124,8 @@ void curve448_scalar_encode(unsigned char ser[C448_SCALAR_BYTES], * b (in): Another scalar. * out (out): a+b. */ -void curve448_scalar_add(curve448_scalar_t out, +void +ossl_curve448_scalar_add(curve448_scalar_t out, const curve448_scalar_t a, const curve448_scalar_t b); /* @@ -130,7 +134,8 @@ void curve448_scalar_add(curve448_scalar_t out, * b (in): Another scalar. * out (out): a-b. */ -void curve448_scalar_sub(curve448_scalar_t out, +void +ossl_curve448_scalar_sub(curve448_scalar_t out, const curve448_scalar_t a, const curve448_scalar_t b); /* @@ -140,7 +145,8 @@ void curve448_scalar_sub(curve448_scalar_t out, * b (in): Another scalar. * out (out): a*b. */ -void curve448_scalar_mul(curve448_scalar_t out, +void +ossl_curve448_scalar_mul(curve448_scalar_t out, const curve448_scalar_t a, const curve448_scalar_t b); /* @@ -149,7 +155,8 @@ void curve448_scalar_mul(curve448_scalar_t out, * a (in): A scalar. * out (out): a/2. */ -void curve448_scalar_halve(curve448_scalar_t out, const curve448_scalar_t a); +void +ossl_curve448_scalar_halve(curve448_scalar_t out, const curve448_scalar_t a); /* * Copy a scalar. The scalars may alias each other, in which case this @@ -188,8 +195,9 @@ static ossl_inline void curve448_point_copy(curve448_point_t a, * C448_TRUE: The points are equal. * C448_FALSE: The points are not equal. */ -__owur c448_bool_t curve448_point_eq(const curve448_point_t a, - const curve448_point_t b); +__owur c448_bool_t +ossl_curve448_point_eq(const curve448_point_t a, + const curve448_point_t b); /* * Double a point. Equivalent to curve448_point_add(two_a,a,a), but potentially @@ -198,7 +206,8 @@ __owur c448_bool_t curve448_point_eq(const curve448_point_t a, * two_a (out): The sum a+a. * a (in): A point. */ -void curve448_point_double(curve448_point_t two_a, const curve448_point_t a); +void +ossl_curve448_point_double(curve448_point_t two_a, const curve448_point_t a); /* * RFC 7748 Diffie-Hellman scalarmul. This function uses a different @@ -213,9 +222,10 @@ void curve448_point_double(curve448_point_t two_a, const curve448_point_t a); * C448_FAILURE: The scalarmul didn't succeed, because the base point is in a * small subgroup. */ -__owur c448_error_t x448_int(uint8_t out[X448_PUBLIC_BYTES], - const uint8_t base[X448_PUBLIC_BYTES], - const uint8_t scalar[X448_PRIVATE_BYTES]); +__owur c448_error_t +ossl_x448_int(uint8_t out[X448_PUBLIC_BYTES], + const uint8_t base[X448_PUBLIC_BYTES], + const uint8_t scalar[X448_PRIVATE_BYTES]); /* * Multiply a point by X448_ENCODE_RATIO, then encode it like RFC 7748. @@ -236,7 +246,8 @@ __owur c448_error_t x448_int(uint8_t out[X448_PUBLIC_BYTES], * out (out): The scaled and encoded point. * p (in): The point to be scaled and encoded. */ -void curve448_point_mul_by_ratio_and_encode_like_x448( +void +ossl_curve448_point_mul_by_ratio_and_encode_like_x448( uint8_t out[X448_PUBLIC_BYTES], const curve448_point_t p); @@ -247,7 +258,8 @@ void curve448_point_mul_by_ratio_and_encode_like_x448( * out (out): The scaled point base*scalar * scalar (in): The scalar to multiply by. */ -void x448_derive_public_key(uint8_t out[X448_PUBLIC_BYTES], +void +ossl_x448_derive_public_key(uint8_t out[X448_PUBLIC_BYTES], const uint8_t scalar[X448_PRIVATE_BYTES]); /* @@ -257,7 +269,8 @@ void x448_derive_public_key(uint8_t out[X448_PUBLIC_BYTES], * base (in): The point to be scaled. * scalar (in): The scalar to multiply by. */ -void curve448_precomputed_scalarmul(curve448_point_t scaled, +void +ossl_curve448_precomputed_scalarmul(curve448_point_t scaled, const curve448_precomputed_s * base, const curve448_scalar_t scalar); @@ -276,7 +289,8 @@ void curve448_precomputed_scalarmul(curve448_point_t scaled, * Warning: This function takes variable time, and may leak the scalars used. * It is designed for signature verification. */ -void curve448_base_double_scalarmul_non_secret(curve448_point_t combo, +void +ossl_curve448_base_double_scalarmul_non_secret(curve448_point_t combo, const curve448_scalar_t scalar1, const curve448_point_t base2, const curve448_scalar_t scalar2); @@ -290,12 +304,13 @@ void curve448_base_double_scalarmul_non_secret(curve448_point_t combo, * C448_TRUE The point is valid. * C448_FALSE The point is invalid. */ -__owur c448_bool_t curve448_point_valid(const curve448_point_t to_test); +__owur c448_bool_t +ossl_curve448_point_valid(const curve448_point_t to_test); /* Overwrite scalar with zeros. */ -void curve448_scalar_destroy(curve448_scalar_t scalar); +void ossl_curve448_scalar_destroy(curve448_scalar_t scalar); /* Overwrite point with zeros. */ -void curve448_point_destroy(curve448_point_t point); +void ossl_curve448_point_destroy(curve448_point_t point); #endif /* OSSL_CRYPTO_EC_CURVE448_POINT_448_H */ diff --git a/crypto/ec/curve448/scalar.c b/crypto/ec/curve448/scalar.c index 2923859e5a3..fe2bb5b01b9 100644 --- a/crypto/ec/curve448/scalar.c +++ b/crypto/ec/curve448/scalar.c @@ -38,8 +38,8 @@ static const curve448_scalar_t sc_p = { #define WBITS C448_WORD_BITS /* NB this may be different from ARCH_WORD_BITS */ -const curve448_scalar_t curve448_scalar_one = {{{1}}}; -const curve448_scalar_t curve448_scalar_zero = {{{0}}}; +const curve448_scalar_t ossl_curve448_scalar_one = {{{1}}}; +const curve448_scalar_t ossl_curve448_scalar_zero = {{{0}}}; /* * {extra,accum} - sub +? p @@ -106,20 +106,22 @@ static void sc_montmul(curve448_scalar_t out, const curve448_scalar_t a, sc_subx(out, accum, sc_p, sc_p, hi_carry); } -void curve448_scalar_mul(curve448_scalar_t out, const curve448_scalar_t a, - const curve448_scalar_t b) +void ossl_curve448_scalar_mul(curve448_scalar_t out, const curve448_scalar_t a, + const curve448_scalar_t b) { sc_montmul(out, a, b); sc_montmul(out, out, sc_r2); } -void curve448_scalar_sub(curve448_scalar_t out, const curve448_scalar_t a, +void +ossl_curve448_scalar_sub(curve448_scalar_t out, const curve448_scalar_t a, const curve448_scalar_t b) { sc_subx(out, a->limb, b, sc_p, 0); } -void curve448_scalar_add(curve448_scalar_t out, const curve448_scalar_t a, +void +ossl_curve448_scalar_add(curve448_scalar_t out, const curve448_scalar_t a, const curve448_scalar_t b) { c448_dword_t chain = 0; @@ -148,9 +150,9 @@ static ossl_inline void scalar_decode_short(curve448_scalar_t s, } } -c448_error_t curve448_scalar_decode( - curve448_scalar_t s, - const unsigned char ser[C448_SCALAR_BYTES]) +c448_error_t +ossl_curve448_scalar_decode(curve448_scalar_t s, + const unsigned char ser[C448_SCALAR_BYTES]) { unsigned int i; c448_dsword_t accum = 0; @@ -160,24 +162,25 @@ c448_error_t curve448_scalar_decode( accum = (accum + s->limb[i] - sc_p->limb[i]) >> WBITS; /* Here accum == 0 or -1 */ - curve448_scalar_mul(s, s, curve448_scalar_one); /* ham-handed reduce */ + ossl_curve448_scalar_mul(s, s, ossl_curve448_scalar_one); /* ham-handed reduce */ return c448_succeed_if(~word_is_zero((uint32_t)accum)); } -void curve448_scalar_destroy(curve448_scalar_t scalar) +void ossl_curve448_scalar_destroy(curve448_scalar_t scalar) { OPENSSL_cleanse(scalar, sizeof(curve448_scalar_t)); } -void curve448_scalar_decode_long(curve448_scalar_t s, +void +ossl_curve448_scalar_decode_long(curve448_scalar_t s, const unsigned char *ser, size_t ser_len) { size_t i; curve448_scalar_t t1, t2; if (ser_len == 0) { - curve448_scalar_copy(s, curve448_scalar_zero); + curve448_scalar_copy(s, ossl_curve448_scalar_zero); return; } @@ -190,24 +193,25 @@ void curve448_scalar_decode_long(curve448_scalar_t s, if (ser_len == sizeof(curve448_scalar_t)) { assert(i == 0); /* ham-handed reduce */ - curve448_scalar_mul(s, t1, curve448_scalar_one); - curve448_scalar_destroy(t1); + ossl_curve448_scalar_mul(s, t1, ossl_curve448_scalar_one); + ossl_curve448_scalar_destroy(t1); return; } while (i) { i -= C448_SCALAR_BYTES; sc_montmul(t1, t1, sc_r2); - (void)curve448_scalar_decode(t2, ser + i); - curve448_scalar_add(t1, t1, t2); + (void)ossl_curve448_scalar_decode(t2, ser + i); + ossl_curve448_scalar_add(t1, t1, t2); } curve448_scalar_copy(s, t1); - curve448_scalar_destroy(t1); - curve448_scalar_destroy(t2); + ossl_curve448_scalar_destroy(t1); + ossl_curve448_scalar_destroy(t2); } -void curve448_scalar_encode(unsigned char ser[C448_SCALAR_BYTES], +void +ossl_curve448_scalar_encode(unsigned char ser[C448_SCALAR_BYTES], const curve448_scalar_t s) { unsigned int i, j, k = 0; @@ -218,7 +222,8 @@ void curve448_scalar_encode(unsigned char ser[C448_SCALAR_BYTES], } } -void curve448_scalar_halve(curve448_scalar_t out, const curve448_scalar_t a) +void +ossl_curve448_scalar_halve(curve448_scalar_t out, const curve448_scalar_t a) { c448_word_t mask = 0 - (a->limb[0] & 1); c448_dword_t chain = 0; diff --git a/crypto/ec/ecx_backend.c b/crypto/ec/ecx_backend.c index 3058cba913e..17dd507c35c 100644 --- a/crypto/ec/ecx_backend.c +++ b/crypto/ec/ecx_backend.c @@ -24,21 +24,21 @@ int ossl_ecx_public_from_private(ECX_KEY *key) { switch (key->type) { case ECX_KEY_TYPE_X25519: - X25519_public_from_private(key->pubkey, key->privkey); + ossl_x25519_public_from_private(key->pubkey, key->privkey); break; case ECX_KEY_TYPE_ED25519: - if (!ED25519_public_from_private(key->libctx, key->pubkey, key->privkey, - key->propq)) { + if (!ossl_ed25519_public_from_private(key->libctx, key->pubkey, + key->privkey, key->propq)) { ERR_raise(ERR_LIB_EC, EC_R_FAILED_MAKING_PUBLIC_KEY); return 0; } break; case ECX_KEY_TYPE_X448: - X448_public_from_private(key->pubkey, key->privkey); + ossl_x448_public_from_private(key->pubkey, key->privkey); break; case ECX_KEY_TYPE_ED448: - if (!ED448_public_from_private(key->libctx, key->pubkey, key->privkey, - key->propq)) { + if (!ossl_ed448_public_from_private(key->libctx, key->pubkey, + key->privkey, key->propq)) { ERR_raise(ERR_LIB_EC, EC_R_FAILED_MAKING_PUBLIC_KEY); return 0; } diff --git a/crypto/ec/ecx_meth.c b/crypto/ec/ecx_meth.c index 789610cac50..68f943fc821 100644 --- a/crypto/ec/ecx_meth.c +++ b/crypto/ec/ecx_meth.c @@ -788,7 +788,7 @@ static int pkey_ecx_derive25519(EVP_PKEY_CTX *ctx, unsigned char *key, if (!validate_ecx_derive(ctx, key, keylen, &privkey, &pubkey) || (key != NULL - && X25519(key, privkey, pubkey) == 0)) + && ossl_x25519(key, privkey, pubkey) == 0)) return 0; *keylen = X25519_KEYLEN; return 1; @@ -801,7 +801,7 @@ static int pkey_ecx_derive448(EVP_PKEY_CTX *ctx, unsigned char *key, if (!validate_ecx_derive(ctx, key, keylen, &privkey, &pubkey) || (key != NULL - && X448(key, privkey, pubkey) == 0)) + && ossl_x448(key, privkey, pubkey) == 0)) return 0; *keylen = X448_KEYLEN; return 1; @@ -850,8 +850,8 @@ static int pkey_ecd_digestsign25519(EVP_MD_CTX *ctx, unsigned char *sig, return 0; } - if (ED25519_sign(sig, tbs, tbslen, edkey->pubkey, edkey->privkey, NULL, - NULL) == 0) + if (ossl_ed25519_sign(sig, tbs, tbslen, edkey->pubkey, edkey->privkey, NULL, + NULL) == 0) return 0; *siglen = ED25519_SIGSIZE; return 1; @@ -872,8 +872,8 @@ static int pkey_ecd_digestsign448(EVP_MD_CTX *ctx, unsigned char *sig, return 0; } - if (ED448_sign(edkey->libctx, sig, tbs, tbslen, edkey->pubkey, edkey->privkey, - NULL, 0, edkey->propq) == 0) + if (ossl_ed448_sign(edkey->libctx, sig, tbs, tbslen, edkey->pubkey, + edkey->privkey, NULL, 0, edkey->propq) == 0) return 0; *siglen = ED448_SIGSIZE; return 1; @@ -888,8 +888,8 @@ static int pkey_ecd_digestverify25519(EVP_MD_CTX *ctx, const unsigned char *sig, if (siglen != ED25519_SIGSIZE) return 0; - return ED25519_verify(tbs, tbslen, sig, edkey->pubkey, - edkey->libctx, edkey->propq); + return ossl_ed25519_verify(tbs, tbslen, sig, edkey->pubkey, + edkey->libctx, edkey->propq); } static int pkey_ecd_digestverify448(EVP_MD_CTX *ctx, const unsigned char *sig, @@ -901,8 +901,8 @@ static int pkey_ecd_digestverify448(EVP_MD_CTX *ctx, const unsigned char *sig, if (siglen != ED448_SIGSIZE) return 0; - return ED448_verify(edkey->libctx, tbs, tbslen, sig, edkey->pubkey, NULL, 0, - edkey->propq); + return ossl_ed448_verify(edkey->libctx, tbs, tbslen, sig, edkey->pubkey, + NULL, 0, edkey->propq); } static int pkey_ecd_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) diff --git a/include/crypto/ecx.h b/include/crypto/ecx.h index af03d325872..101a5748e85 100644 --- a/include/crypto/ecx.h +++ b/include/crypto/ecx.h @@ -83,34 +83,43 @@ unsigned char *ossl_ecx_key_allocate_privkey(ECX_KEY *key); void ossl_ecx_key_free(ECX_KEY *key); int ossl_ecx_key_up_ref(ECX_KEY *key); -int X25519(uint8_t out_shared_key[32], const uint8_t private_key[32], - const uint8_t peer_public_value[32]); -void X25519_public_from_private(uint8_t out_public_value[32], - const uint8_t private_key[32]); - -int ED25519_public_from_private(OSSL_LIB_CTX *ctx, uint8_t out_public_key[32], - const uint8_t private_key[32], const char *propq); -int ED25519_sign(uint8_t *out_sig, const uint8_t *message, size_t message_len, - const uint8_t public_key[32], const uint8_t private_key[32], - OSSL_LIB_CTX *libctx, const char *propq); -int ED25519_verify(const uint8_t *message, size_t message_len, - const uint8_t signature[64], const uint8_t public_key[32], - OSSL_LIB_CTX *libctx, const char *propq); - -int ED448_public_from_private(OSSL_LIB_CTX *ctx, uint8_t out_public_key[57], - const uint8_t private_key[57], const char *propq); -int ED448_sign(OSSL_LIB_CTX *ctx, uint8_t *out_sig, const uint8_t *message, - size_t message_len, const uint8_t public_key[57], - const uint8_t private_key[57], const uint8_t *context, - size_t context_len, const char *propq); - -int ED448_verify(OSSL_LIB_CTX *ctx, const uint8_t *message, size_t message_len, - const uint8_t signature[114], const uint8_t public_key[57], - const uint8_t *context, size_t context_len, const char *propq); - -int X448(uint8_t out_shared_key[56], const uint8_t private_key[56], - const uint8_t peer_public_value[56]); -void X448_public_from_private(uint8_t out_public_value[56], +int ossl_x25519(uint8_t out_shared_key[32], const uint8_t private_key[32], + const uint8_t peer_public_value[32]); +void ossl_x25519_public_from_private(uint8_t out_public_value[32], + const uint8_t private_key[32]); + +int +ossl_ed25519_public_from_private(OSSL_LIB_CTX *ctx, uint8_t out_public_key[32], + const uint8_t private_key[32], + const char *propq); +int +ossl_ed25519_sign(uint8_t *out_sig, const uint8_t *message, size_t message_len, + const uint8_t public_key[32], const uint8_t private_key[32], + OSSL_LIB_CTX *libctx, const char *propq); +int +ossl_ed25519_verify(const uint8_t *message, size_t message_len, + const uint8_t signature[64], const uint8_t public_key[32], + OSSL_LIB_CTX *libctx, const char *propq); + +int +ossl_ed448_public_from_private(OSSL_LIB_CTX *ctx, uint8_t out_public_key[57], + const uint8_t private_key[57], const char *propq); +int +ossl_ed448_sign(OSSL_LIB_CTX *ctx, uint8_t *out_sig, const uint8_t *message, + size_t message_len, const uint8_t public_key[57], + const uint8_t private_key[57], const uint8_t *context, + size_t context_len, const char *propq); + +int +ossl_ed448_verify(OSSL_LIB_CTX *ctx, const uint8_t *message, size_t message_len, + const uint8_t signature[114], const uint8_t public_key[57], + const uint8_t *context, size_t context_len, const char *propq); + +int +ossl_x448(uint8_t out_shared_key[56], const uint8_t private_key[56], + const uint8_t peer_public_value[56]); +void +ossl_x448_public_from_private(uint8_t out_public_value[56], const uint8_t private_key[56]); diff --git a/providers/implementations/exchange/ecx_exch.c b/providers/implementations/exchange/ecx_exch.c index caa1eece892..2ba9090c8b5 100644 --- a/providers/implementations/exchange/ecx_exch.c +++ b/providers/implementations/exchange/ecx_exch.c @@ -154,7 +154,8 @@ static int ecx_derive(void *vecxctx, unsigned char *secret, size_t *secretlen, } } else #endif - if (X25519(secret, ecxctx->key->privkey, ecxctx->peerkey->pubkey) == 0) { + if (ossl_x25519(secret, ecxctx->key->privkey, + ecxctx->peerkey->pubkey) == 0) { ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_DURING_DERIVATION); return 0; } @@ -169,7 +170,8 @@ static int ecx_derive(void *vecxctx, unsigned char *secret, size_t *secretlen, } } else #endif - if (X448(secret, ecxctx->key->privkey, ecxctx->peerkey->pubkey) == 0) { + if (ossl_x448(secret, ecxctx->key->privkey, + ecxctx->peerkey->pubkey) == 0) { ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_DURING_DERIVATION); return 0; } diff --git a/providers/implementations/keymgmt/ecx_kmgmt.c b/providers/implementations/keymgmt/ecx_kmgmt.c index 6aa947827c4..6f58a1cb779 100644 --- a/providers/implementations/keymgmt/ecx_kmgmt.c +++ b/providers/implementations/keymgmt/ecx_kmgmt.c @@ -583,21 +583,21 @@ static void *ecx_gen(struct ecx_gen_ctx *gctx) privkey[0] &= 248; privkey[X25519_KEYLEN - 1] &= 127; privkey[X25519_KEYLEN - 1] |= 64; - X25519_public_from_private(key->pubkey, privkey); + ossl_x25519_public_from_private(key->pubkey, privkey); break; case ECX_KEY_TYPE_X448: privkey[0] &= 252; privkey[X448_KEYLEN - 1] |= 128; - X448_public_from_private(key->pubkey, privkey); + ossl_x448_public_from_private(key->pubkey, privkey); break; case ECX_KEY_TYPE_ED25519: - if (!ED25519_public_from_private(gctx->libctx, key->pubkey, privkey, - gctx->propq)) + if (!ossl_ed25519_public_from_private(gctx->libctx, key->pubkey, privkey, + gctx->propq)) goto err; break; case ECX_KEY_TYPE_ED448: - if (!ED448_public_from_private(gctx->libctx, key->pubkey, privkey, - gctx->propq)) + if (!ossl_ed448_public_from_private(gctx->libctx, key->pubkey, privkey, + gctx->propq)) goto err; break; } @@ -697,19 +697,19 @@ static int ecx_key_pairwise_check(const ECX_KEY *ecx, int type) switch (type) { case ECX_KEY_TYPE_X25519: - X25519_public_from_private(pub, ecx->privkey); + ossl_x25519_public_from_private(pub, ecx->privkey); break; case ECX_KEY_TYPE_X448: - X448_public_from_private(pub, ecx->privkey); + ossl_x448_public_from_private(pub, ecx->privkey); break; case ECX_KEY_TYPE_ED25519: - if (!ED25519_public_from_private(ecx->libctx, pub, ecx->privkey, - ecx->propq)) + if (!ossl_ed25519_public_from_private(ecx->libctx, pub, ecx->privkey, + ecx->propq)) return 0; break; case ECX_KEY_TYPE_ED448: - if (!ED448_public_from_private(ecx->libctx, pub, ecx->privkey, - ecx->propq)) + if (!ossl_ed448_public_from_private(ecx->libctx, pub, ecx->privkey, + ecx->propq)) return 0; break; default: diff --git a/providers/implementations/signature/eddsa.c b/providers/implementations/signature/eddsa.c index 221ccdd928d..148c143cc01 100644 --- a/providers/implementations/signature/eddsa.c +++ b/providers/implementations/signature/eddsa.c @@ -159,8 +159,8 @@ int ed25519_digest_sign(void *vpeddsactx, unsigned char *sigret, if (S390X_CAN_SIGN(ED25519)) return s390x_ed25519_digestsign(edkey, sigret, tbs, tbslen); #endif /* S390X_EC_ASM */ - if (ED25519_sign(sigret, tbs, tbslen, edkey->pubkey, edkey->privkey, - peddsactx->libctx, NULL) == 0) { + if (ossl_ed25519_sign(sigret, tbs, tbslen, edkey->pubkey, edkey->privkey, + peddsactx->libctx, NULL) == 0) { ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SIGN); return 0; } @@ -190,8 +190,8 @@ int ed448_digest_sign(void *vpeddsactx, unsigned char *sigret, if (S390X_CAN_SIGN(ED448)) return s390x_ed448_digestsign(edkey, sigret, tbs, tbslen); #endif /* S390X_EC_ASM */ - if (ED448_sign(peddsactx->libctx, sigret, tbs, tbslen, edkey->pubkey, - edkey->privkey, NULL, 0, edkey->propq) == 0) { + if (ossl_ed448_sign(peddsactx->libctx, sigret, tbs, tbslen, edkey->pubkey, + edkey->privkey, NULL, 0, edkey->propq) == 0) { ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SIGN); return 0; } @@ -214,8 +214,8 @@ int ed25519_digest_verify(void *vpeddsactx, const unsigned char *sig, return s390x_ed25519_digestverify(edkey, sig, tbs, tbslen); #endif /* S390X_EC_ASM */ - return ED25519_verify(tbs, tbslen, sig, edkey->pubkey, peddsactx->libctx, - edkey->propq); + return ossl_ed25519_verify(tbs, tbslen, sig, edkey->pubkey, + peddsactx->libctx, edkey->propq); } int ed448_digest_verify(void *vpeddsactx, const unsigned char *sig, @@ -233,8 +233,8 @@ int ed448_digest_verify(void *vpeddsactx, const unsigned char *sig, return s390x_ed448_digestverify(edkey, sig, tbs, tbslen); #endif /* S390X_EC_ASM */ - return ED448_verify(peddsactx->libctx, tbs, tbslen, sig, edkey->pubkey, - NULL, 0, edkey->propq); + return ossl_ed448_verify(peddsactx->libctx, tbs, tbslen, sig, edkey->pubkey, + NULL, 0, edkey->propq); } static void eddsa_freectx(void *vpeddsactx) diff --git a/test/curve448_internal_test.c b/test/curve448_internal_test.c index b1df82e837e..561ab71e8fc 100644 --- a/test/curve448_internal_test.c +++ b/test/curve448_internal_test.c @@ -601,40 +601,42 @@ static int test_ed448(void) EVP_MD_CTX *hashctx = EVP_MD_CTX_new(); if (!TEST_ptr(hashctx) - || !TEST_true(ED448_sign(NULL, outsig, NULL, 0, pubkey1, privkey1, - NULL, 0, NULL)) + || !TEST_true(ossl_ed448_sign(NULL, outsig, NULL, 0, pubkey1, + privkey1, NULL, 0, NULL)) || !TEST_int_eq(memcmp(sig1, outsig, sizeof(sig1)), 0) - || !TEST_true(ED448_sign(NULL, outsig, msg2, sizeof(msg2), pubkey2, - privkey2, NULL, 0, NULL)) + || !TEST_true(ossl_ed448_sign(NULL, outsig, msg2, sizeof(msg2), + pubkey2, privkey2, NULL, 0, NULL)) || !TEST_int_eq(memcmp(sig2, outsig, sizeof(sig2)), 0) - || !TEST_true(ED448_sign(NULL, outsig, msg3, sizeof(msg3), pubkey3, - privkey3, context3, sizeof(context3), NULL)) + || !TEST_true(ossl_ed448_sign(NULL, outsig, msg3, sizeof(msg3), + pubkey3, privkey3, context3, + sizeof(context3), NULL)) || !TEST_int_eq(memcmp(sig3, outsig, sizeof(sig3)), 0) - || !TEST_true(ED448_sign(NULL, outsig, msg4, sizeof(msg4), pubkey4, - privkey4, NULL, 0, NULL)) + || !TEST_true(ossl_ed448_sign(NULL, outsig, msg4, sizeof(msg4), + pubkey4, privkey4, NULL, 0, NULL)) || !TEST_int_eq(memcmp(sig4, outsig, sizeof(sig4)), 0) - || !TEST_true(ED448_sign(NULL, outsig, msg5, sizeof(msg5), pubkey5, - privkey5, NULL, 0, NULL)) + || !TEST_true(ossl_ed448_sign(NULL, outsig, msg5, sizeof(msg5), + pubkey5, privkey5, NULL, 0, NULL)) || !TEST_int_eq(memcmp(sig5, outsig, sizeof(sig5)), 0) - || !TEST_true(ED448_sign(NULL, outsig, msg6, sizeof(msg6), pubkey6, - privkey6, NULL, 0, NULL)) + || !TEST_true(ossl_ed448_sign(NULL, outsig, msg6, sizeof(msg6), + pubkey6, privkey6, NULL, 0, NULL)) || !TEST_int_eq(memcmp(sig6, outsig, sizeof(sig6)), 0) - || !TEST_true(ED448_sign(NULL, outsig, msg7, sizeof(msg7), pubkey7, - privkey7, NULL, 0, NULL)) + || !TEST_true(ossl_ed448_sign(NULL, outsig, msg7, sizeof(msg7), + pubkey7, privkey7, NULL, 0, NULL)) || !TEST_int_eq(memcmp(sig7, outsig, sizeof(sig7)), 0) - || !TEST_true(ED448_sign(NULL, outsig, msg8, sizeof(msg8), pubkey8, - privkey8, NULL, 0, NULL)) + || !TEST_true(ossl_ed448_sign(NULL, outsig, msg8, sizeof(msg8), + pubkey8, privkey8, NULL, 0, NULL)) || !TEST_int_eq(memcmp(sig8, outsig, sizeof(sig8)), 0) - || !TEST_true(ED448_sign(NULL, outsig, msg9, sizeof(msg9), pubkey9, - privkey9, NULL, 0, NULL)) + || !TEST_true(ossl_ed448_sign(NULL, outsig, msg9, sizeof(msg9), + pubkey9, privkey9, NULL, 0, NULL)) || !TEST_int_eq(memcmp(sig9, outsig, sizeof(sig9)), 0) - || !TEST_true(ED448ph_sign(NULL, outsig, dohash(hashctx, phmsg1, - sizeof(phmsg1)), phpubkey1, phprivkey1, - NULL, 0, NULL)) + || !TEST_true(ossl_ed448ph_sign(NULL, outsig, dohash(hashctx, phmsg1, + sizeof(phmsg1)), phpubkey1, + phprivkey1, NULL, 0, NULL)) || !TEST_int_eq(memcmp(phsig1, outsig, sizeof(phsig1)), 0) - || !TEST_true(ED448ph_sign(NULL, outsig, dohash(hashctx, phmsg2, - sizeof(phmsg2)), phpubkey2, phprivkey2, - phcontext2, sizeof(phcontext2), NULL)) + || !TEST_true(ossl_ed448ph_sign(NULL, outsig, dohash(hashctx, phmsg2, + sizeof(phmsg2)), phpubkey2, + phprivkey2, phcontext2, + sizeof(phcontext2), NULL)) || !TEST_int_eq(memcmp(phsig2, outsig, sizeof(phsig2)), 0)) { EVP_MD_CTX_free(hashctx); return 0; @@ -652,9 +654,9 @@ static int test_x448(void) /* Curve448 tests */ - if (!TEST_true(X448(out, in_scalar1, in_u1)) + if (!TEST_true(ossl_x448(out, in_scalar1, in_u1)) || !TEST_int_eq(memcmp(out, out_u1, sizeof(out)), 0) - || !TEST_true(X448(out, in_scalar2, in_u2)) + || !TEST_true(ossl_x448(out, in_scalar2, in_u2)) || !TEST_int_eq(memcmp(out, out_u2, sizeof(out)), 0)) return 0; @@ -666,7 +668,7 @@ static int test_x448(void) fflush(stdout); } - if (!TEST_true(X448(out, k, u))) + if (!TEST_true(ossl_x448(out, k, u))) return 0; if (i == 1 || i == 1000 || i == 1000000) {