46 #include "mphell/mphell.h"
47 #if MPHELL_USE_MULTITHREADING == 1
74 #define PRECOMP_WIN_SIZE 9
75 #define PRECOMP_SIZE 256
110 (*sig)->s = (number*)malloc(
sizeof(number));
149 uint16_t pr = 2*PRECOMP_SIZE;
152 for(i = 0; i < pr; i++)
165 for(i = 2; i < pr; i++)
168 ec_point_add(((*precomp)->prec_G)[i], E->
G, ((*precomp)->prec_G)[i-1], E, STACK_1);
169 ec_point_add(((*precomp)->prec_K)[i], *key, ((*precomp)->prec_K)[i-1], E, STACK_1);
182 uint16_t pr = 2*PRECOMP_SIZE;
183 for(i = 0; i < pr; i++)
204 #if MPHELL_USE_MULTITHREADING == 1
205 omp_set_num_threads(2);
245 number *ss = (*sig)->s;
247 uint8_t size = (*curve)->k->size;
250 unsigned char hashvalue[129];
251 unsigned char hashvaluebis[129];
252 unsigned char str[97];
253 uint8_t * message_bin;
259 number r,s, test, test2;
267 message_bin = (uint8_t *)calloc(strlen(strx)*4,
sizeof(uint8_t));
268 len_bin=
hex2bin(strx, message_bin);
272 sha512(hashbin, message_bin, len_bin*8);
280 bin2hex(hashbin, 64, hashvalue);
285 str[i]=hashvalue[32+i];
292 message_bin = (uint8_t *)calloc(strlen(str)*4,
sizeof(uint8_t));
293 len_bin=
hex2bin(str, message_bin);
296 sha512(hashbin, message_bin, len_bin*8);
298 bin2hex(hashbin, 64, hashvaluebis);
309 field_elt_str(&strx, ((*sig)->R)->x, 16,
false, (*curve)->k, STACK_1);
310 field_elt_str(&stry, ((*sig)->R)->y, 16,
false, (*curve)->k, STACK_1);
311 for(i=0;i<strlen(strx);i++)
315 for(i=strlen(strx);i<64;i++)
319 for(i=0;i<strlen(stry);i++)
323 for(i=strlen(stry);i<64;i++)
359 field_elt_str(&strx, (*pub_key)->x, 16,
false, (*curve)->k, STACK_1);
360 field_elt_str(&stry, (*pub_key)->y, 16,
false, (*curve)->k, STACK_1);
362 for(i=0;i<strlen(strx);i++)
366 for(i=strlen(strx);i<64;i++)
370 for(i=0;i<strlen(stry);i++)
374 for(i=strlen(stry);i<64;i++)
387 message_bin = (uint8_t *)calloc(strlen(strH)*4,
sizeof(uint8_t));
388 len_bin =
hex2bin(strH, message_bin);
391 sha512(hashbin,message_bin,len_bin*8);
393 bin2hex(hashbin, 64, hashvalue);
446 uint8_t size = (*curve)->k->size;
448 uint8_t * message_bin;
449 unsigned char hashvalue[129];
452 unsigned char resultat[193];
461 field_elt_str(&strx, ((*sig)->R)->x, 16,
false, (*curve)->k, STACK_1);
462 field_elt_str(&stry, ((*sig)->R)->y, 16,
false, (*curve)->k, STACK_1);
463 for(i=0;i<strlen(strx);i++)
467 for(i=strlen(strx);i<64;i++)
471 for(i=0;i<strlen(stry);i++)
475 for(i=strlen(stry);i<64;i++)
482 field_elt_str(&strx, (*pub_key)->x, 16,
false, (*curve)->k, STACK_1);
483 field_elt_str(&stry, (*pub_key)->y, 16,
false, (*curve)->k, STACK_1);
485 for(i=0;i<strlen(strx);i++)
489 for(i=strlen(strx);i<64;i++)
493 for(i=0;i<strlen(stry);i++)
497 for(i=strlen(stry);i<64;i++)
509 message_bin = (uint8_t *)calloc(strlen(strH)*4,
sizeof(uint8_t));
510 len_bin=
hex2bin(strH, message_bin);
513 sha512(hashbin,message_bin,len_bin*8);
519 bin2hex(hashbin, 64, hashvalue);
542 ec_point_mul(y, (*curve)->h, (*sig)->R, *curve, STACK_1);
580 ec_point_mul(x, (*curve)->n, *pub_key, *curve, STACK_1);
596 int nb_iteration = 100;
597 uint8_t message[200];
599 struct timespec start, end;
613 number_set_str(p,
"7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffed", 16);
614 #if MPHELL_USE_AMNS == 1
616 #if MPHELL_USE_AMNS_32 == 0
617 amns_alloc_init_str(&AMNS,
"[7, 5, [-2, 0, 0, 0, 0, 1], 54, 18452995865838783329900129877370266585014740033535441780974987498391596057242, [961252216531765, -808644316442835, 1045474214679914, 876400205157459, 80702276750246], [215521628593942615, 6036461283567564605, 7224436840646086003, 10819948880990321094, 2770174224844310327], [1261219955914665, 2245748633013857, 1942034862299073, 1713436964429893, 1484033610923007], [982299117090493, 2384806805124374, 473263249613373, 1302309306467128, 767899215173126]]", p);
619 amns_alloc_init_str(&AMNS,
"[1, 13, [-2, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1], 24, 27348853913383126840958695328985844583331474485808319900533972989426705703935, [295765, -240077, -384002, 86822, 427979, -178061, 355024, 35335, -47509, 293623, -162279, 239276, -54823], [304002351, 603274027, 987322065, 611192953, 899268748, 456421020, 1804479788, 151565031, 3376928416, 3404037305, 3106617823, 3555398377, 1245081753], [420571, 1005149, 1316639, 803101, 880079, 1425571, 78727, 673803, 292695, 429454, 603140, -81310, 484327], [-78425, 649592, 1210799, 537480, 931731, 330032, 587956, 604351, 932082, 256513, 633201, 50270, 916590]]", p);
621 field_set_amns(k, AMNS);
649 field_elt_set_str(a,
"0000000000000000000000000000000000000000000000000000000000000001", 16,
false, k, STACK_1);
650 field_elt_set_str(b,
"2dfc9311d490018c7338bf8688861767ff8ff5b2bebe27548a14b235eca6874a", 16,
false, k, STACK_1);
651 ec_point_set_aff_str(G,
"159a6849e44c3c7f061b3d570fc4ed5b5d14c8ba4253df49cc7edf80f533ad9b",
"6666666666666666666666666666666666666666666666666666666666666658",
false, 16,
EDWARDS, k, STACK_1);
653 number_set_str(n,
"1000000000000000000000000000000014def9dea2f79cd65812631a5cf5d3ed", 16);
655 ec_create (E,
"Ed25519", k, a, b, G, h, n,
EDWARDS,
EXTENDED_EDWARDS, STACK_1);
665 unsigned char hashvalue[129];
666 uint8_t * message_bin;
669 unsigned char hashval[nb_iteration][HASH_SIZE+1];
688 printf(
"\nThe private key has been created its value is:\n");
693 for(i = 0; i < nb_iteration; i++)
695 sprintf((
char *)message,
"This is the %d message to sign and verify on stm32F4", i);
696 len_bin=strlen((
char *)message);
697 message_bin = (uint8_t *)calloc(len_bin,
sizeof(uint8_t));
701 sha256(hashbin, message_bin, len_bin*8);
704 bin2hex(hashbin, HASH_SIZE/2, hashval[i]);
710 message_bin = (uint8_t *)calloc(strlen(str)*4,
sizeof(uint8_t));
711 len_bin =
hex2bin(str, message_bin);
713 sha512(hashbin, message_bin, len_bin*8);
721 bin2hex(hashbin, 64, hashvalue);
724 printf(
"\n1: test2 = ");
number_print(test2, 16); printf(
"\n");
725 printf(
"\n1: test2 = ");
number_print(test2, 2); printf(
"\n");
739 printf(
"2: test2 = ");
number_print(test2, 16); printf(
"\n");
740 printf(
"2: test2 = ");
number_print(test2, 2); printf(
"\n");
745 printf(
"3: test = ");
number_print(test, 16); printf(
"\n");
746 printf(
"3: test = ");
number_print(test, 2); printf(
"\n");
760 printf(
"\nThe pubkey has been computed:\n");
764 printf(
"\nThe validity of the public key is a:\n");
780 for (i = 0; i < nb_iteration; i++)
791 printf(
"Vector test size %d \n", nb_iteration);
792 printf(
"Curve \t Signature \t\t Verification \n");
793 printf(
"Ed25519 \t");
795 clock_gettime(CLOCK_MONOTONIC_RAW, &start);
796 for(i = 0; i < nb_iteration; i++)
798 eddsa_sign((
unsigned char *)hashval[i], &(lib_sig[i]), priv_key, &pub_key, &E);
800 clock_gettime(CLOCK_MONOTONIC_RAW, &end);
801 printf(
" %lu.%03u \t\t\t",
get_s(&start, &end),
get_ns(&start, &end));
806 clock_gettime(CLOCK_MONOTONIC_RAW, &start);
807 for(i = 0; i < nb_iteration; i++)
809 ret = eddsa_verify((
unsigned char *)hashval[i], &(lib_sig[i]), &pub_key, &E, precomp);
815 clock_gettime(CLOCK_MONOTONIC_RAW, &end);
816 printf(
" %lu.%03u \n",
get_s(&start, &end),
get_ns(&start, &end));
820 printf(
"ERROR :%d\n", err);
824 printf(
"SUCCESS \n");
834 #if MPHELL_USE_AMNS == 1
837 for (i = 0; i < nb_iteration; i++)
void amns_free(amns_ptr *AMNS)
Free the amns system.
void amns_alloc_init_str(amns_ptr *AMNS, char *str, number p)
Allocate and initialise the amns system from the string generated by the Sage AMNS generator from htt...
void ec_point_2mul_with_precomp(ec_point_ptr P3, number_srcptr n1, ec_point *tab_P1, number_srcptr n2, ec_point *tab_P2, int16_t win_size, ec_curve_srcptr E, uint8_t stack)
Set P3 to n1 * P1 + n2 * P2 using 2 precomputated array.
void ec_curve_print(ec_curve_srcptr E, const uint8_t base, uint8_t stack)
Print a description of E.
bool ec_point_are_equal(ec_point_srcptr P1, ec_point_srcptr P2, ec_curve_srcptr E, uint8_t stack)
Test if P1 and P2 are equal on E.
void ec_point_print(ec_point_srcptr P, const uint8_t base, const bool lift, field_srcptr k, uint8_t stack)
Print a description of P.
void ec_create(ec_curve_ptr E, const char *id_curve, field_srcptr k, fe_srcptr a, fe_srcptr b, ec_point_srcptr G, number_srcptr h, number_srcptr n, const ec_type type, const ec_formula f, uint8_t stack)
Create an elliptic curve E, the curve must be allocated and initialised (ec_alloc & ec_init)
bool ec_belongs(ec_point_srcptr P, ec_curve_srcptr E, uint8_t stack)
Test if P belongs to E.
void ec_point_mul(ec_point_ptr P3, number_srcptr n, ec_point_srcptr P1, ec_curve_srcptr E, uint8_t stack)
Set P3 to n * P1 using Montgomery for Weierstrass elliptic curve, and naive method for other elliptic...
void ec_point_set_neutral(ec_point_ptr dst, ec_curve_srcptr E, uint8_t stack)
Set dst to the neutral element.
void ec_point_add(ec_point_ptr P3, ec_point_srcptr P1, ec_point_srcptr P2, ec_curve_srcptr E, uint8_t stack)
Set P3 to P1 + P2, using dedicated formulae (not protected against SPA, but faster)
void ec_free(ec_curve_ptr E)
Free the elliptic curve E.
void ec_point_copy(ec_point_ptr P3, ec_point_srcptr P, field_srcptr k)
Copy P into P3.
void ec_init(ec_curve_ptr E, field_srcptr k)
Initialise a curve.
bool ec_point_is_neutral(ec_point_srcptr P, ec_curve_srcptr E, uint8_t stack)
Test if P is the neutral element.
void ec_point_mul_unified(ec_point_ptr P3, number_srcptr n, ec_point_srcptr P1, ec_curve_srcptr E, uint8_t stack)
Set P3 to n * P1 using Montgomery for Weierstrass elliptic curve, and naive method for other elliptic...
void ec_point_set_aff_str(ec_point_ptr P, const char *str_x, const char *str_y, const bool is_reduced, const uint8_t base, const ec_type type, field_srcptr k, uint8_t stack)
Set a point from its affine coordinates under string format.
void ec_point_init(ec_point_ptr P, field_srcptr k)
Initialise an elliptic curve point.
void ec_point_free(ec_point_ptr P, field_srcptr k)
Free the point P.
void ec_point_norm(ec_point_ptr P, ec_curve_srcptr E, uint8_t stack)
Convert a point in projective or jacobian coordinate to an affine point (x,y)
void ec_point_alloc(ec_point_ptr P, field_srcptr k)
Allocate an elliptic curve point.
void ec_alloc(ec_curve_ptr E, field_srcptr k)
Allocate a curve.
static void ec_point_get_pool_elt(ec_point_ptr P, field_ptr k, uint8_t stack)
Get an initialised point from the pool.
static void ec_point_relax_pool_elt(ec_point_ptr P, field_ptr k, uint8_t stack)
Relax an initialised point from the pool.
bool edwards_belongs(ec_point_srcptr P, ec_curve_srcptr E, uint8_t stack)
Test if P belongs to E.
void field_elt_free(fe_ptr *src, field_srcptr k)
Free space used by src.
void field_alloc(field_ptr k, const field_type type, const uint8_t size, field_ptr base)
Allocates space for the different fields of the structure pointed by k.
void field_elt_set_str(fe_ptr dst, const char *str, const uint8_t base, const bool isreduced, field_srcptr k, uint8_t stack)
Set dst to str, if Montgomery arithmetic is used, is_reduced == false -> transform dst into its Montg...
void field_elt_init(fe_ptr dst, field_srcptr k)
Initialise the field element.
void field_elt_alloc(fe_ptr *dst, field_srcptr k)
Allocate space for a field element.
void field_elt_str(char **str, fe_srcptr src, const uint8_t base, const bool lift, field_srcptr k, uint8_t stack)
Converts src to string format in base specified by base.
void field_free(field_ptr k)
Free the space of the field informations structure.
void field_create(field_ptr k, const char *id, uint8_t stack, const uint32_t n,...)
Initialize the different fields of the structure pointed by k.
field_t field[1]
Address of a field structure.
fp_elt * field_elt
Generic field element.
void free_mphell()
Free MPHELL memory, especially the big amount of temporary memory.
void init_mphell(const uint16_t security_strength, const random_type type, const entropy_type entropy)
Initialise MPHELL with security_strength bits of security (for random number only).
void number_random1(number_ptr dst, number_srcptr bound, uint8_t stack)
Set dst to a random number_ptr between 0 and bound, the random process is chosen at the MPHELL initia...
void number_mod(number_ptr dst, number_srcptr src1, number_srcptr src2)
Compute dst such that src1 = q * src2 + dst ; dst < src2.
void number_set_ui(number_ptr dst, const block src)
Set dst to src.
void number_lshift(number_ptr dst, number_srcptr src, const uint16_t shift)
Set dst to src << shift.
void number_free(number *dst)
Free a number_ptr allocated on the RAM memory (malloc)
void number_set_str(number_ptr dst, const char *str, const uint8_t base)
Set dst to str.
bool number_isgreater(number_srcptr src1, number_srcptr src2)
Test if src1 > src2.
void number_sub(number_ptr dst, number_srcptr src1, number_srcptr src2)
Set dst to src1 - src2 if src1 - src2 fit in dst.
void number_str(char **str, number_srcptr src, const uint8_t base)
Converts src to string format in base specified by base.
void number_add(number_ptr dst, number_srcptr src1, number_srcptr src2)
Set dst to src1 + src2 if src1 + src2 fit in dst.
int8_t number_cmp(number_srcptr src1, number_srcptr src2)
Compare src1 and src2.
void number_print(number_srcptr src, const uint8_t base)
Print src in base "base".
void number_dec(number_ptr dst, number_srcptr src)
Set dst to src - 1 if src - 1 fit in dst.
void number_mul(number_ptr dst, number_srcptr src1, number_srcptr src2)
Set dst to src1 * src2.
void number_inc(number_ptr dst, number_srcptr src)
Set dst to src + 1 if src + 1 fit in dst.
void number_init(number *dst, const uint8_t n)
Allocate a number_ptr on the RAM memory (malloc)
void sha256(uint8_t *hashvalue, const uint8_t *data, const uint64_t data_len)
Compute the Sha256 hash of "data".
void sha512(uint8_t *hashvalue, const uint8_t *data, const uint64_t data_len)
Compute the Sha512 hash of "data".
uint32_t hex2bin(const char *in, unsigned char *out)
Convert an hexadecimal string into a binary string.
time_t get_s(struct timespec *start, struct timespec *end)
Return the elapsed time in second between "start" and "end".
void string2bin(char *s, uint8_t *output)
Convert a string into a byte array.
void bin2hex(const unsigned char *old, const uint32_t oldlen, unsigned char *result)
Converts a string of ASCII characters to hexadecimal values.
uint8_t bits_to_nblock(const uint16_t nbits)
Return the number of blocks required to store a nbits number.
unsigned int get_ns(struct timespec *start, struct timespec *end)
Return the elapsed time in nano second to add to the result of get_s().
void ecdsa_precal_free(ecdsa_precomp *precomp, ec_curve_ptr E)
Free memory of the ecdsa_precomp structure.
void ecdsa_precal(ecdsa_precomp *precomp, ec_point *key, ec_curve_ptr E)
Compute 1*G, 2*G, 3*G, 4*G, 5*G, 6*G, 7*G and 1*Q, 2*Q, 3*Q, 4*Q, 5*Q, 6*Q, 7*Q where G is the base p...
void ec_point_mul_ecdsa(ec_point dst, number_srcptr u1, ec_point_srcptr G, number_srcptr u2, ec_point_srcptr key, ec_curve_srcptr E)
Compute u1 * G + u2 * key.
void eddsa_sign_free(eddsa_sig *sig, ec_curve_srcptr E)
Free a used signature structure.
int8_t eddsa_pub_key_validation(ec_point *pub_key, ec_curve *curve)
Verify that the public key is valid (id est check taht pub_key belongs to the curve,...
Define an elliptic curve.
Define an elliptic curve point.
Precomputation structure.
ec_point prec_K[2 *PRECOMP_SIZE]
ec_point prec_G[2 *PRECOMP_SIZE]
Define an EdDSA signature.