43 #include "mphell/mphell.h"
67 #define PRECOMP_WIN_SIZE 9
68 #define PRECOMP_SIZE 256
100 (*sig)->r = (number*)malloc(
sizeof(number));
101 (*sig)->s = (number*)malloc(
sizeof(number));
141 uint16_t pr = 2*PRECOMP_SIZE;
144 for(i = 0; i < pr; i++)
157 for(i = 2; i < pr; i++)
160 ec_point_add(((*precomp)->prec_G)[i], E->
G, ((*precomp)->prec_G)[i-1], E, STACK_1);
161 ec_point_add(((*precomp)->prec_K)[i], *key, ((*precomp)->prec_K)[i-1], E, STACK_1);
174 uint16_t pr = 2*PRECOMP_SIZE;
175 for(i = 0; i < pr; i++)
194 number *rr = (*sig)->r;
195 number *ss = (*sig)->s;
197 uint8_t size = (*curve)->k->size;
200 number h;
number_tmp_alloc(&h, (strlen((
char *)hash)/(BLOCK_SIZE/4)), STACK_1);
284 ec_point_mul(x, (*curve)->n, *pub_key, *curve, STACK_1);
314 uint8_t size = (*curve)->k->size;
326 number h;
number_tmp_alloc(&h, (strlen((
char *)hash)/(BLOCK_SIZE/4)), STACK_1);
351 bool result =
number_cmp(w, *((*sig)->r)) == 0;
384 number_set_str(p,
"ffffffff00000001000000000000000000000000ffffffffffffffffffffffff", 16);
385 #if MPHELL_USE_AMNS == 1
387 #if MPHELL_USE_AMNS_32 == 0
388 amns_alloc_init_str(&AMNS,
"[4, 5, [-3, 0, 0, 0, 0, 1], 55, 71533969486545864413516767253794911064875612240194438086363842467605348744666, [281003535425591, -579833024021834, -91487654138292, -1407285223270225, 1257806506188213], [10138092101046066474, 10662180220582548599, 13438525377408553810, 2956505949806397541, 1582018761247275305], [-1488511254885447, 1691948961301838, 368225590485535, 364881739107280, -1251317625290732], [1396607582108050, -3787438073044259, 594275210547971, 1341450284833267, -604094026418167]]", p);
390 amns_alloc_init_str(&AMNS,
"[1, 13, [-2, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1], 24, 12283929623108920300809241648376276210021878764342577833737044552429073849048, [339101, 37569, 167801, -196152, -417739, -294951, 49819, 364997, 286578, 400226, 258890, -193421, 198477], [2979672525, 235065897, 2631974852, 2919389277, 2172036204, 3746829531, 2056633047, 794426671, 2257704876, 1726773529, 1568503618, 66995355, 3378284366], [954133, 569228, 1096741, 836659, 630615, 1288006, 872327, 1504995, 1367932, 401997, 700080, 158946, 137905], [803354, 622540, 375011, -650534, 854552, 1546271, 1126099, 1770152, 1141472, 187022, 247179, 639661, 675036]]", p);
392 field_set_amns(k, AMNS);
420 field_elt_set_str(a,
"ffffffff00000001000000000000000000000000fffffffffffffffffffffffc", 16,
false, k, STACK_1);
421 field_elt_set_str(b,
"5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b", 16,
false, k, STACK_1);
422 ec_point_set_aff_str(G,
"6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296",
"4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5",
false, 16,
WEIERSTRASS, k, STACK_1);
424 number_set_str(n,
"ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551", 16);
426 ec_create(E,
"Weierstrass_nist_256", k, a, b, G, h, n,
WEIERSTRASS,
JACOBIAN, STACK_1);
441 ec_point_set_aff_str(pub_key,
"CBE2BCC92CDA44BB7851833F41684935DAD703C9AFB5D209F2922F8F739BA2D7",
"8B620F0C41F572563648CC9C1C782F71C952B87782B61431640505AA317FCC07",
false, 16,
WEIERSTRASS, k, STACK_1);
446 number_set_str(priv_key,
"5A23E08CF6E463BFEDFBA98F0CCE0B3B0A18EFED7DD31834577721A96D10BB8B", 16);
449 char * digest =
"982c20c2493fc9ae405b74b65a022662c014a38ef3d707217e56e57afac05994";
456 ecdsa_sign((
unsigned char *)digest, &sig, priv_key, &E);
458 printf(
"The signature is: (");
465 printf(
"\nThe validity of the public key is a:\n");
477 printf(
"-> Precomputation \n");
482 printf(
"-> Verify ECDSA signature \n");
483 ret =
ecdsa_verify((
unsigned char *)digest , &sig, &pub_key, &E, precomp);
500 #if MPHELL_USE_AMNS == 1
void amns_free(amns_ptr *AMNS)
Free the amns system.
void amns_alloc_init_str(amns_ptr *AMNS, char *str, number p)
Allocate and initialise the amns system from the string generated by the Sage AMNS generator from htt...
void ec_point_2mul_with_precomp(ec_point_ptr P3, number_srcptr n1, ec_point *tab_P1, number_srcptr n2, ec_point *tab_P2, int16_t win_size, ec_curve_srcptr E, uint8_t stack)
Set P3 to n1 * P1 + n2 * P2 using 2 precomputated array.
void ec_point_get_x_affine(field_elt x, ec_point_ptr P, ec_curve_srcptr E, uint8_t stack)
Convert P->x to its affine representation.
void ec_curve_print(ec_curve_srcptr E, const uint8_t base, uint8_t stack)
Print a description of E.
void ec_set_fast_unified_coordinates(ec_curve_ptr E)
Set the fastest unified coordinates system.
void ec_create(ec_curve_ptr E, const char *id_curve, field_srcptr k, fe_srcptr a, fe_srcptr b, ec_point_srcptr G, number_srcptr h, number_srcptr n, const ec_type type, const ec_formula f, uint8_t stack)
Create an elliptic curve E, the curve must be allocated and initialised (ec_alloc & ec_init)
bool ec_belongs(ec_point_srcptr P, ec_curve_srcptr E, uint8_t stack)
Test if P belongs to E.
void ec_point_mul(ec_point_ptr P3, number_srcptr n, ec_point_srcptr P1, ec_curve_srcptr E, uint8_t stack)
Set P3 to n * P1 using Montgomery for Weierstrass elliptic curve, and naive method for other elliptic...
void ec_point_set_neutral(ec_point_ptr dst, ec_curve_srcptr E, uint8_t stack)
Set dst to the neutral element.
void ec_set_fast_dedicated_coordinates(ec_curve_ptr E)
Set the fastest dedicated coordinates system.
void ec_point_add(ec_point_ptr P3, ec_point_srcptr P1, ec_point_srcptr P2, ec_curve_srcptr E, uint8_t stack)
Set P3 to P1 + P2, using dedicated formulae (not protected against SPA, but faster)
void ec_free(ec_curve_ptr E)
Free the elliptic curve E.
void ec_point_copy(ec_point_ptr P3, ec_point_srcptr P, field_srcptr k)
Copy P into P3.
void ec_init(ec_curve_ptr E, field_srcptr k)
Initialise a curve.
bool ec_point_is_neutral(ec_point_srcptr P, ec_curve_srcptr E, uint8_t stack)
Test if P is the neutral element.
void ec_point_mul_unified(ec_point_ptr P3, number_srcptr n, ec_point_srcptr P1, ec_curve_srcptr E, uint8_t stack)
Set P3 to n * P1 using Montgomery for Weierstrass elliptic curve, and naive method for other elliptic...
void ec_point_set_aff_str(ec_point_ptr P, const char *str_x, const char *str_y, const bool is_reduced, const uint8_t base, const ec_type type, field_srcptr k, uint8_t stack)
Set a point from its affine coordinates under string format.
void ec_point_init(ec_point_ptr P, field_srcptr k)
Initialise an elliptic curve point.
void ec_point_free(ec_point_ptr P, field_srcptr k)
Free the point P.
void ec_point_alloc(ec_point_ptr P, field_srcptr k)
Allocate an elliptic curve point.
void ec_alloc(ec_curve_ptr E, field_srcptr k)
Allocate a curve.
static void ec_point_get_pool_elt(ec_point_ptr P, field_ptr k, uint8_t stack)
Get an initialised point from the pool.
static void ec_point_relax_pool_elt(ec_point_ptr P, field_ptr k, uint8_t stack)
Relax an initialised point from the pool.
void field_elt_free(fe_ptr *src, field_srcptr k)
Free space used by src.
void field_alloc(field_ptr k, const field_type type, const uint8_t size, field_ptr base)
Allocates space for the different fields of the structure pointed by k.
void field_elt_set_str(fe_ptr dst, const char *str, const uint8_t base, const bool isreduced, field_srcptr k, uint8_t stack)
Set dst to str, if Montgomery arithmetic is used, is_reduced == false -> transform dst into its Montg...
void field_elt_init(fe_ptr dst, field_srcptr k)
Initialise the field element.
void field_elt_get_number(number_ptr dst, fe_srcptr src, uint8_t pos, field_srcptr k, uint8_t stack)
If Montgomery arithmetic is used, lift src (which is into Montgomery form) to classical fp (or its co...
void field_elt_alloc(fe_ptr *dst, field_srcptr k)
Allocate space for a field element.
void field_free(field_ptr k)
Free the space of the field informations structure.
void field_create(field_ptr k, const char *id, uint8_t stack, const uint32_t n,...)
Initialize the different fields of the structure pointed by k.
static void field_elt_relax_pool_elt(field_elt *dst, field_ptr k, uint8_t stack)
Relax an initialised field element from the pool.
field_t field[1]
Address of a field structure.
fp_elt * field_elt
Generic field element.
static void field_elt_get_pool_elt(field_elt *dst, field_ptr k, uint8_t stack)
Get an initialised field element from the pool.
void free_mphell()
Free MPHELL memory, especially the big amount of temporary memory.
void init_mphell(const uint16_t security_strength, const random_type type, const entropy_type entropy)
Initialise MPHELL with security_strength bits of security (for random number only).
void number_random1(number_ptr dst, number_srcptr bound, uint8_t stack)
Set dst to a random number_ptr between 0 and bound, the random process is chosen at the MPHELL initia...
void number_mod(number_ptr dst, number_srcptr src1, number_srcptr src2)
Compute dst such that src1 = q * src2 + dst ; dst < src2.
bool number_iszero(number_srcptr src)
Test if src is zero.
void number_invmod(number_ptr dst, number_srcptr src1, number_srcptr src2)
Compute dst such that dst = src1^(-1) mod src2.
void number_set_ui(number_ptr dst, const block src)
Set dst to src.
void number_free(number *dst)
Free a number_ptr allocated on the RAM memory (malloc)
void number_set_str(number_ptr dst, const char *str, const uint8_t base)
Set dst to str.
void number_tmp_free(number *t, const uint8_t size, uint8_t stack)
Free a temporary number.
void number_add(number_ptr dst, number_srcptr src1, number_srcptr src2)
Set dst to src1 + src2 if src1 + src2 fit in dst.
int8_t number_cmp(number_srcptr src1, number_srcptr src2)
Compare src1 and src2.
void number_tmp_alloc(number *t, const uint8_t size, uint8_t stack)
Allocate a temporary number.
void number_print(number_srcptr src, const uint8_t base)
Print src in base "base".
void number_mul(number_ptr dst, number_srcptr src1, number_srcptr src2)
Set dst to src1 * src2.
void number_init(number *dst, const uint8_t n)
Allocate a number_ptr on the RAM memory (malloc)
uint8_t bits_to_nblock(const uint16_t nbits)
Return the number of blocks required to store a nbits number.
int8_t ecdsa_verify(unsigned char *hash, ecdsa_sig *sig, ec_point *pub_key, ec_curve *curve, ecdsa_precomp precomp)
Verify the signature "sig" of hash "hash" using public key "pub_key" and the EC "curve".
void ecdsa_precal_free(ecdsa_precomp *precomp, ec_curve_ptr E)
Free memory of the ecdsa_precomp structure.
int8_t ecdsa_pub_key_validation(ec_point *pub_key, ec_curve *curve)
Verify that the public key is valid (id est check taht pub_key belongs to the curve,...
void ecdsa_sign(unsigned char *hash, ecdsa_sig *sig, number_ptr priv_key, ec_curve *curve)
Sign "hash" with ECDSA algorithm using the EC "curve" and the private key "key".
void ecdsa_sign_alloc(ecdsa_sig *sig, uint8_t size)
Allocate a signature structure.
void ecdsa_precal(ecdsa_precomp *precomp, ec_point *key, ec_curve_ptr E)
Compute 1*G, 2*G, 3*G, 4*G, 5*G, 6*G, 7*G and 1*Q, 2*Q, 3*Q, 4*Q, 5*Q, 6*Q, 7*Q where G is the base p...
void ecdsa_sign_free(ecdsa_sig *sig)
Free a used signature structure.
Define an elliptic curve.
Define an elliptic curve point.
Precomputation structure.
ec_point prec_K[2 *PRECOMP_SIZE]
ec_point prec_G[2 *PRECOMP_SIZE]
Define an ECDSA signature.