提交 35b7c85a 编写于 作者: M Matt Caswell

Remove some unneeded code

Reviewed-by: NBernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/5105)
上级 8d55f844
...@@ -23,7 +23,6 @@ ...@@ -23,7 +23,6 @@
#define COMBS_N 5 #define COMBS_N 5
#define COMBS_T 5 #define COMBS_T 5
#define COMBS_S 18 #define COMBS_S 18
#define DECAF_WINDOW_BITS 5
#define DECAF_WNAF_FIXED_TABLE_BITS 5 #define DECAF_WNAF_FIXED_TABLE_BITS 5
#define DECAF_WNAF_VAR_TABLE_BITS 3 #define DECAF_WNAF_VAR_TABLE_BITS 3
...@@ -37,15 +36,8 @@ static const curve448_scalar_t precomputed_scalarmul_adjustment = { ...@@ -37,15 +36,8 @@ static const curve448_scalar_t precomputed_scalarmul_adjustment = {
} }
}; };
const uint8_t decaf_x448_base_point[DECAF_X448_PUBLIC_BYTES] = { 0x05 };
#define TWISTED_D ((EDWARDS_D)-1) #define TWISTED_D ((EDWARDS_D)-1)
#define EFF_D (-(TWISTED_D))
#define NEG_D 1
/* End of template stuff */
#define WBITS DECAF_WORD_BITS /* NB this may be different from ARCH_WORD_BITS */ #define WBITS DECAF_WORD_BITS /* NB this may be different from ARCH_WORD_BITS */
/* Projective Niels coordinates */ /* Projective Niels coordinates */
...@@ -55,7 +47,7 @@ typedef struct { ...@@ -55,7 +47,7 @@ typedef struct {
typedef struct { typedef struct {
niels_t n; niels_t n;
gf z; gf z;
} VECTOR_ALIGNED pniels_s, pniels_t[1]; } VECTOR_ALIGNED pniels_t[1];
/* Precomputed base */ /* Precomputed base */
struct curve448_precomputed_s { struct curve448_precomputed_s {
...@@ -481,34 +473,6 @@ decaf_error_t decaf_x448(uint8_t out[X_PUBLIC_BYTES], ...@@ -481,34 +473,6 @@ decaf_error_t decaf_x448(uint8_t out[X_PUBLIC_BYTES],
return decaf_succeed_if(mask_to_bool(nz)); return decaf_succeed_if(mask_to_bool(nz));
} }
/* Thanks Johan Pascal */
void decaf_ed448_convert_public_key_to_x448(uint8_t x[DECAF_X448_PUBLIC_BYTES],
const uint8_t
ed[DECAF_EDDSA_448_PUBLIC_BYTES])
{
gf y;
const uint8_t mask = (uint8_t)(0xFE << (7));
ignore_result(gf_deserialize(y, ed, 1, mask));
{
gf n, d;
/* u = y^2 * (1-dy^2) / (1-y^2) */
gf_sqr(n, y); /* y^2 */
gf_sub(d, ONE, n); /* 1-y^2 */
gf_invert(d, d, 0); /* 1/(1-y^2) */
gf_mul(y, n, d); /* y^2 / (1-y^2) */
gf_mulw(d, n, EDWARDS_D); /* dy^2 */
gf_sub(d, ONE, d); /* 1-dy^2 */
gf_mul(n, y, d); /* y^2 * (1-dy^2) / (1-y^2) */
gf_serialize(x, n, 1);
OPENSSL_cleanse(y, sizeof(y));
OPENSSL_cleanse(n, sizeof(n));
OPENSSL_cleanse(d, sizeof(d));
}
}
void curve448_point_mul_by_ratio_and_encode_like_x448(uint8_t void curve448_point_mul_by_ratio_and_encode_like_x448(uint8_t
out[X_PUBLIC_BYTES], out[X_PUBLIC_BYTES],
const curve448_point_t p) const curve448_point_t p)
......
...@@ -79,13 +79,6 @@ static ossl_inline decaf_error_t decaf_succeed_if(decaf_bool_t x) ...@@ -79,13 +79,6 @@ static ossl_inline decaf_error_t decaf_succeed_if(decaf_bool_t x)
return (decaf_error_t) x; return (decaf_error_t) x;
} }
/* Return DECAF_TRUE iff x == DECAF_SUCCESS */
static ossl_inline decaf_bool_t decaf_successful(decaf_error_t e)
{
decaf_dword_t w = ((decaf_word_t) e) ^ ((decaf_word_t) DECAF_SUCCESS);
return (w - 1) >> DECAF_WORD_BITS;
}
#ifdef __cplusplus #ifdef __cplusplus
} /* extern "C" */ } /* extern "C" */
#endif #endif
......
...@@ -29,9 +29,6 @@ extern "C" { ...@@ -29,9 +29,6 @@ extern "C" {
# define DECAF_EDDSA_448_SIGNATURE_BYTES (DECAF_EDDSA_448_PUBLIC_BYTES + \ # define DECAF_EDDSA_448_SIGNATURE_BYTES (DECAF_EDDSA_448_PUBLIC_BYTES + \
DECAF_EDDSA_448_PRIVATE_BYTES) DECAF_EDDSA_448_PRIVATE_BYTES)
/* Does EdDSA support non-contextual signatures? */
# define DECAF_EDDSA_448_SUPPORTS_CONTEXTLESS_SIGS 0
/* EdDSA encoding ratio. */ /* EdDSA encoding ratio. */
# define DECAF_448_EDDSA_ENCODE_RATIO 4 # define DECAF_448_EDDSA_ENCODE_RATIO 4
...@@ -196,21 +193,6 @@ decaf_error_t curve448_point_decode_like_eddsa_and_mul_by_ratio( ...@@ -196,21 +193,6 @@ decaf_error_t curve448_point_decode_like_eddsa_and_mul_by_ratio(
curve448_point_t p, curve448_point_t p,
const uint8_t enc[DECAF_EDDSA_448_PUBLIC_BYTES]); const uint8_t enc[DECAF_EDDSA_448_PUBLIC_BYTES]);
/*
* EdDSA to ECDH public key conversion
* Deserialize the point to get y on Edwards curve,
* Convert it to u coordinate on Montgomery curve.
*
* This function does not check that the public key being converted is a valid
* EdDSA public key (FUTURE?)
*
* x (out): The ECDH public key as in RFC7748(point on Montgomery curve)
* ed (in): The EdDSA public key(point on Edwards curve)
*/
void decaf_ed448_convert_public_key_to_x448(
uint8_t x[DECAF_X448_PUBLIC_BYTES],
const uint8_t ed[DECAF_EDDSA_448_PUBLIC_BYTES]);
/* /*
* EdDSA to ECDH private key conversion * EdDSA to ECDH private key conversion
* Using the appropriate hash function, hash the EdDSA private key * Using the appropriate hash function, hash the EdDSA private key
......
...@@ -18,23 +18,7 @@ ...@@ -18,23 +18,7 @@
#include <string.h> #include <string.h>
#include "internal/numbers.h" #include "internal/numbers.h"
#define API_NAME "decaf_448"
#define NO_CONTEXT DECAF_EDDSA_448_SUPPORTS_CONTEXTLESS_SIGS
#define EDDSA_USE_SIGMA_ISOGENY 0
#define COFACTOR 4 #define COFACTOR 4
#define EDDSA_PREHASH_BYTES 64
#if NO_CONTEXT
const uint8_t NO_CONTEXT_POINTS_HERE = 0;
const uint8_t *const DECAF_ED448_NO_CONTEXT = &NO_CONTEXT_POINTS_HERE;
#endif
/*
* EDDSA_BASE_POINT_RATIO = 1 or 2 Because EdDSA25519 is not on E_d but on the
* isogenous E_sigma_d, its base point is twice ours.
*/
#define EDDSA_BASE_POINT_RATIO (1+EDDSA_USE_SIGMA_ISOGENY) /* TODO: remove */
static decaf_error_t oneshot_hash(uint8_t *out, size_t outlen, static decaf_error_t oneshot_hash(uint8_t *out, size_t outlen,
const uint8_t *in, size_t inlen) const uint8_t *in, size_t inlen)
...@@ -85,16 +69,6 @@ static decaf_error_t hash_init_with_dom(EVP_MD_CTX *hashctx, ...@@ -85,16 +69,6 @@ static decaf_error_t hash_init_with_dom(EVP_MD_CTX *hashctx,
if (context_len > UINT8_MAX) if (context_len > UINT8_MAX)
return DECAF_FAILURE; return DECAF_FAILURE;
#if NO_CONTEXT
if (context_len == 0 && context == DECAF_ED448_NO_CONTEXT) {
(void)prehashed;
(void)for_prehash;
(void)context;
(void)context_len;
return DECAF_SUCCESS;
}
#endif
if (!EVP_DigestInit_ex(hashctx, EVP_shake256(), NULL) if (!EVP_DigestInit_ex(hashctx, EVP_shake256(), NULL)
|| !EVP_DigestUpdate(hashctx, dom_s, strlen(dom_s)) || !EVP_DigestUpdate(hashctx, dom_s, strlen(dom_s))
|| !EVP_DigestUpdate(hashctx, dom, sizeof(dom)) || !EVP_DigestUpdate(hashctx, dom, sizeof(dom))
......
...@@ -19,38 +19,12 @@ ...@@ -19,38 +19,12 @@
# include "word.h" # include "word.h"
# define __DECAF_448_GF_DEFINED__ 1
# define NLIMBS (64/sizeof(word_t)) # define NLIMBS (64/sizeof(word_t))
# define X_SER_BYTES 56 # define X_SER_BYTES 56
# define SER_BYTES 56 # define SER_BYTES 56
typedef struct gf_448_s { typedef struct gf_s {
word_t limb[NLIMBS]; word_t limb[NLIMBS];
} __attribute__ ((aligned(32))) gf_448_s, gf_448_t[1]; } __attribute__ ((aligned(32))) gf_s, gf[1];
# define GF_LIT_LIMB_BITS 56
# define GF_BITS 448
# define ZERO gf_448_ZERO
# define ONE gf_448_ONE
# define MODULUS gf_448_MODULUS
# define gf gf_448_t
# define gf_s gf_448_s
# define gf_eq gf_448_eq
# define gf_hibit gf_448_hibit
# define gf_lobit gf_448_lobit
# define gf_copy gf_448_copy
# define gf_add gf_448_add
# define gf_sub gf_448_sub
# define gf_add_RAW gf_448_add_RAW
# define gf_sub_RAW gf_448_sub_RAW
# define gf_bias gf_448_bias
# define gf_weak_reduce gf_448_weak_reduce
# define gf_strong_reduce gf_448_strong_reduce
# define gf_mul gf_448_mul
# define gf_sqr gf_448_sqr
# define gf_mulw_unsigned gf_448_mulw_unsigned
# define gf_isr gf_448_isr
# define gf_serialize gf_448_serialize
# define gf_deserialize gf_448_deserialize
/* RFC 7748 support */ /* RFC 7748 support */
# define X_PUBLIC_BYTES X_SER_BYTES # define X_PUBLIC_BYTES X_SER_BYTES
...@@ -101,7 +75,6 @@ mask_t gf_deserialize(gf x, const uint8_t serial[SER_BYTES], int with_hibit, ...@@ -101,7 +75,6 @@ mask_t gf_deserialize(gf x, const uint8_t serial[SER_BYTES], int with_hibit,
# endif # endif
# define LIMB_MASK(i) (((1)<<LIMB_PLACE_VALUE(i))-1) # define LIMB_MASK(i) (((1)<<LIMB_PLACE_VALUE(i))-1)
static const gf ZERO = { {{0}} }, ONE = { { { static const gf ZERO = {{{0}}}, ONE = {{{1}}};
1}}};
#endif /* __P448_F_FIELD_H__ */ #endif /* __P448_F_FIELD_H__ */
...@@ -17,7 +17,7 @@ static const gf MODULUS = { ...@@ -17,7 +17,7 @@ static const gf MODULUS = {
0xffffffffffffff, 0xffffffffffffff) 0xffffffffffffff, 0xffffffffffffff)
}; };
/** Serialize to wire format. */ /* Serialize to wire format. */
void gf_serialize(uint8_t serial[SER_BYTES], const gf x, int with_hibit) void gf_serialize(uint8_t serial[SER_BYTES], const gf x, int with_hibit)
{ {
unsigned int j = 0, fill = 0; unsigned int j = 0, fill = 0;
......
...@@ -87,14 +87,4 @@ static ossl_inline void gf_cond_swap(gf x, gf_s * __restrict__ y, mask_t swap) ...@@ -87,14 +87,4 @@ static ossl_inline void gf_cond_swap(gf x, gf_s * __restrict__ y, mask_t swap)
constant_time_cond_swap(x, y, sizeof(gf_s), swap); constant_time_cond_swap(x, y, sizeof(gf_s), swap);
} }
static ossl_inline void gf_mul_qnr(gf_s * __restrict__ out, const gf x)
{
gf_sub(out, ZERO, x);
}
static ossl_inline void gf_div_qnr(gf_s * __restrict__ out, const gf x)
{
gf_sub(out, ZERO, x);
}
#endif /* __GF_H__ */ #endif /* __GF_H__ */
...@@ -25,24 +25,9 @@ extern "C" { ...@@ -25,24 +25,9 @@ extern "C" {
/* The number of bits in a scalar */ /* The number of bits in a scalar */
# define DECAF_448_SCALAR_BITS 446 # define DECAF_448_SCALAR_BITS 446
/* Number of bytes in a serialized point. */
# define DECAF_448_SER_BYTES 56
/*
* Number of bytes in an elligated point. For now set the same as SER_BYTES
* but could be different for other curves.
*/
# define DECAF_448_HASH_BYTES 56
/* Number of bytes in a serialized scalar. */ /* Number of bytes in a serialized scalar. */
# define DECAF_448_SCALAR_BYTES 56 # define DECAF_448_SCALAR_BYTES 56
/* Number of bits in the "which" field of an elligator inverse */
# define DECAF_448_INVERT_ELLIGATOR_WHICH_BITS 3
/* The cofactor the curve would have, if we hadn't removed it */
# define DECAF_448_REMOVED_COFACTOR 4
/* X448 encoding ratio. */ /* X448 encoding ratio. */
# define DECAF_X448_ENCODE_RATIO 2 # define DECAF_X448_ENCODE_RATIO 2
...@@ -54,7 +39,7 @@ extern "C" { ...@@ -54,7 +39,7 @@ extern "C" {
/* Twisted Edwards extended homogeneous coordinates */ /* Twisted Edwards extended homogeneous coordinates */
typedef struct curve448_point_s { typedef struct curve448_point_s {
gf_448_t x, y, z, t; gf x, y, z, t;
} curve448_point_t[1]; } curve448_point_t[1];
/* Precomputed table based on a point. Can be trivial implementation. */ /* Precomputed table based on a point. Can be trivial implementation. */
...@@ -77,9 +62,6 @@ extern const curve448_scalar_t curve448_scalar_zero; ...@@ -77,9 +62,6 @@ extern const curve448_scalar_t curve448_scalar_zero;
/* The identity point on the curve. */ /* The identity point on the curve. */
extern const curve448_point_t curve448_point_identity; extern const curve448_point_t curve448_point_identity;
/* An arbitrarily chosen base point on the curve. */
extern const curve448_point_t curve448_point_base;
/* Precomputed table for the base point on the curve. */ /* Precomputed table for the base point on the curve. */
extern const struct curve448_precomputed_s *curve448_precomputed_base; extern const struct curve448_precomputed_s *curve448_precomputed_base;
...@@ -243,9 +225,6 @@ void curve448_point_mul_by_ratio_and_encode_like_x448( ...@@ -243,9 +225,6 @@ void curve448_point_mul_by_ratio_and_encode_like_x448(
uint8_t out[DECAF_X448_PUBLIC_BYTES], uint8_t out[DECAF_X448_PUBLIC_BYTES],
const curve448_point_t p); const curve448_point_t p);
/* The base point for X448 Diffie-Hellman */
extern const uint8_t decaf_x448_base_point[DECAF_X448_PUBLIC_BYTES];
/* /*
* RFC 7748 Diffie-Hellman base point scalarmul. This function uses a different * RFC 7748 Diffie-Hellman base point scalarmul. This function uses a different
* (non-Decaf) encoding. * (non-Decaf) encoding.
......
...@@ -37,8 +37,6 @@ static const curve448_scalar_t sc_p = { ...@@ -37,8 +37,6 @@ static const curve448_scalar_t sc_p = {
} }
}; };
/* End of template stuff */
#define WBITS DECAF_WORD_BITS /* NB this may be different from ARCH_WORD_BITS */ #define WBITS DECAF_WORD_BITS /* NB this may be different from ARCH_WORD_BITS */
const curve448_scalar_t curve448_scalar_one = {{{1}}}; const curve448_scalar_t curve448_scalar_one = {{{1}}};
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册