From: Niels Möller <nisse@lysator.liu.se>
Date: Fri, 13 Dec 2019 17:24:41 +0000 (+0100)
Subject: Merge branch 'curve448' into master
X-Git-Tag: nettle_3.6rc1~69
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=39af4a6ad4245aefe1e39e75972ec7d542fcde9f;p=thirdparty%2Fnettle.git

Merge branch 'curve448' into master
---

39af4a6ad4245aefe1e39e75972ec7d542fcde9f
diff --cc ChangeLog
index 05bac6a7,0c6725ab..eb66f3aa
--- a/ChangeLog
+++ b/ChangeLog
@@@ -1,25 -1,84 +1,110 @@@
++2019-12-13  Niels Möller  <nisse@lysator.liu.se>
++
++	* Merge curve448 implementation.
++
+ 2019-12-09  Niels Möller  <nisse@lysator.liu.se>
+ 
+ 	* ecc-internal.h: Revert itch macro changes. We now have
+ 	h_to_a_itch <= mul_itch, mul_g_itch. Add asserts at a few places
+ 	relying on this.
+ 	(ECC_ECDSA_KEYGEN_ITCH, ECC_MAX): Delete macros.
+ 	(ECC_ECDSA_SIGN_ITCH): Revert previous change.
+ 
+ 	* ecc-448.c (ecc_mod_pow_446m224m1): Reduce scratch space from 9*n
+ 	to 6*n.
+ 	(ECC_448_INV_ITCH, ECC_448_SQRT_ITCH): Reduce accordingly.
+ 	* curve448-mul.c (curve448_mul): Reduce allocation from 14*n to 12*n.
+ 
+ 2019-12-08  Niels Möller  <nisse@lysator.liu.se>
+ 
+ 	* x86_64/ecc-curve448-modp.asm (nettle_ecc_curve448_modp): New
+ 	assembly function.
+ 	* ecc-448.c (ecc_448_modp) [HAVE_NATIVE_ecc_curve448_modp]: Use
+ 	native nettle_ecc_curve448_modp if available.
+ 	* configure.ac (asm_hogweed_optional_list): Add ecc-curve448-modp.asm.
+ 	(HAVE_NATIVE_ecc_curve448_modp): New config.h define.
+ 
+ 2019-12-03  Niels Möller  <nisse@lysator.liu.se>
+ 
+ 	* ecc-448.c (ecc_448_modp) [GMP_NUMB_BITS == 64]: New function.
+ 
+ 2019-12-01  Niels Möller  <nisse@lysator.liu.se>
+ 
+ 	Curve 448 support contributed by Daiki Ueno.
+ 	* eccdata.c (enum ecc_type): Add ECC_TYPE_EDWARDS.
+ 	(ecc_add): Support untwisted edwards curves.
+ 	(ecc_curve_init): Add curve448 parameters.
+ 	* ecc-internal.h (ECC_ECDSA_KEYGEN_ITCH): New macro.
+ 	(ECC_ECDSA_SIGN_ITCH): Increased from 12*size to 13*size.
+ 	(ECC_MAX): New macro.
+ 	* ecc-448.c: New file.
+ 	(ecc_mod_pow_2k, ecc_mod_pow_446m224m1, ecc_448_inv)
+ 	(ecc_448_zero_p, ecc_448_sqrt): New functions.
+ 	(_nettle_curve448): New curve definition.
+ 	* curve448.h (CURVE448_SIZE): New constant.
+ 	(curve448_mul_g, curve448_mul): Declare new public functions.
+ 	* ecc-eh-to-a.c (ecc_eh_to_a): Update assert to allow the curve448
+ 	Edwards curve.
+ 	* curve448-mul.c (curve448_mul): New file and function.
+ 	* curve448-mul-g.c (curve448_mul_g): New file and function.
+ 	* curve448-eh-to-x.c (curve448_eh_to_x): New file and function.
+ 	* ecc-dup-eh.c (ecc_dup_eh_untwisted): New function.
+ 	* ecc-add-ehh.c (ecc_add_ehh_untwisted): New function.
+ 	* ecc-add-eh.c (ecc_add_eh_untwisted): New function.
+ 	* ecc-point.c (ecc_point_set): Add point validation for curve448.
+ 	* ecc-point-mul.c (ecc_point_mul): Allow h_to_a_itch larger than
+ 	mul_itch.
+ 	* ecc-point-mul-g.c (ecc_point_mul_g): Allow h_to_a_itch
+ 	larger than mul_g_itch. Switch from TMP_DECL/_ALLOC/_FREE to
+ 	gmp_alloc_limbs/gmp_free_limbs.
+ 	* ecdsa-keygen.c (ecdsa_generate_keypair): Use
+ 	ECC_ECDSA_KEYGEN_ITCH.
+ 	* Makefile.in (hogweed_SOURCES): Add ecc-448.c, curve448-mul-g.c,
+ 	curve448-mul.c, and curve448-eh-to-x.c.
+ 	(HEADERS): Add curve448.h.
+ 	(ecc-448.h): New generated file.
+ 
+ 	* testsuite/testutils.c (ecc_curves): Add _nettle_curve448 to list
+ 	of tested curves.
+ 	(test_ecc_mul_a): Add curve448.
+ 	* testsuite/ecdsa-keygen-test.c (ecc_valid_p): Add curve448 support.
+ 	* testsuite/ecdh-test.c (test_main): Add tests for (non-standard)
+ 	curve448 diffie-hellman.
+ 	* testsuite/ecc-add-test.c (test_main): Update for testing of curve448.
+ 	* testsuite/ecc-dup-test.c (test_main): Likewise.
+ 	* testsuite/ecc-mul-a-test.c (test_main): Likewise. Also increase
+ 	scratch allocation for h_to_a_itch.
+ 	* testsuite/ecc-mul-g-test.c (test_main): Likewise.
+ 	* testsuite/curve448-dh-test.c: Test for curve448.
+ 	* testsuite/Makefile.in (TS_HOGWEED_SOURCES): Add curve448-dh-test.c.
+ 
+ 	* examples/ecc-benchmark.c: Add curve448 to list of benchmarked
+ 	curves.
+ 
+ 	* nettle.texinfo (Curve 25519 and Curve 448): Add docs.
+ 
 +2019-12-07  Niels Möller  <nisse@lysator.liu.se>
 +
 +	* ecc-eh-to-a.c (ecc_eh_to_a): Require op == 0, delete code only
 +	used for non-standard ecdsa over curve25519.
 +	* testsuite/ecdsa-sign-test.c (test_main): Delete test of ecdsa
 +	over curve25519.
 +	* testsuite/ecdsa-verify-test.c (test_main): Likewise.
 +	* testsuite/ecdsa-keygen-test.c (test_main): Exclude curve25519
 +	from test.
 +
 +2019-12-05  Niels Möller  <nisse@lysator.liu.se>
 +
 +	* configure.ac: Use AC_TRY_LINK rather than AC_TRY_COMPILE to
 +	check for __builtin_bswap64. Since calling an non-existing
 +	function typically results in a warning only at compile time, but
 +	fails at link time. Patch contributed by by George Koehler.
 +
 +2019-12-04  Niels Möller  <nisse@lysator.liu.se>
 +
 +	* testsuite/testutils.c (test_cipher_cfb8): Add cast of size_t to
 +	unsigned long for argument to fprintf.
 +
  2019-11-21  Niels Möller  <nisse@lysator.liu.se>
  
  	* eccdata.c (ecc_curve_init_str): Delete unused t and d arguments.
diff --cc testsuite/ecdsa-keygen-test.c
index 0deb7214,cd96782e..d2e73943
--- a/testsuite/ecdsa-keygen-test.c
+++ b/testsuite/ecdsa-keygen-test.c
@@@ -78,10 -94,6 +94,10 @@@ test_main (void
        struct ecc_point pub;
        struct ecc_scalar key;
  
-       if (ecc->p.bit_size == 255)
- 	/* Exclude curve25519, which isn't supported with ECDSA. */
++      if (ecc->p.bit_size == 255 || ecc->p.bit_size == 448)
++	/* Exclude curve25519 and curve448, not supported with ECDSA. */
 +	continue;
 +
        if (verbose)
  	fprintf (stderr, "Curve %d\n", ecc->p.bit_size);