From 773ed546a20465e6a908be94393b5db3b0b094c9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Sun, 18 Nov 2012 13:19:07 +0100 Subject: [PATCH] Added a nbits member to ecp_group --- include/polarssl/ecp.h | 24 +++++++++++++----------- library/ecp.c | 12 ++++++++---- 2 files changed, 21 insertions(+), 15 deletions(-) diff --git a/include/polarssl/ecp.h b/include/polarssl/ecp.h index 55aa28263c..cf79022c18 100644 --- a/include/polarssl/ecp.h +++ b/include/polarssl/ecp.h @@ -52,18 +52,17 @@ ecp_point; /** * \brief ECP group structure * - * The curves we consider are defined by y^2 = x^3 - 3x + b mod p, - * and a generator for a large subgroup is fixed. + * The curves we consider are defined by y^2 = x^3 - 3x + B mod P, + * and a generator for a large subgroup of order N is fixed. * - * If modp is NULL, pbits will not be used, and reduction modulo P is - * done using a generic algorithm. + * pbits and nbits must be the size of P and N in bits. * - * If modp is not NULL, pbits must be the size of P in bits and modp - * must be a function that takes an mpi in the range 0..2^(2*pbits) and - * transforms it in-place in an integer of little more than pbits, so - * that the integer may be efficiently brought in the 0..P range by a - * few additions or substractions. It must return 0 on success and a - * POLARSSL_ERR_ECP_XXX error on failure. + * If modp is NULL, reduction modulo P is done using a generic + * algorithm. Otherwise, it must point to a function that takes an mpi + * in the range 0..2^(2*pbits) and transforms it in-place in an integer + * of little more than pbits, so that the integer may be efficiently + * brought in the 0..P range by a few additions or substractions. It + * must return 0 on success and a POLARSSL_ERR_ECP_XXX error on failure. */ typedef struct { @@ -71,8 +70,9 @@ typedef struct mpi B; /*!< constant term in the equation */ ecp_point G; /*!< generator of the subgroup used */ mpi N; /*!< the order of G */ + size_t pbits; /*!< number of bits in P */ + size_t nbits; /*!< number of bits in N */ int (*modp)(mpi *); /*!< function for fast reduction mod P */ - unsigned pbits; /*!< number of bits in P */ } ecp_group; @@ -158,6 +158,8 @@ int ecp_point_read_string( ecp_point *P, int radix, * \param n The generator's order * * \return 0 if successful, or a POLARSSL_ERR_MPI_XXX error code + * + * \note Sets all fields except modp. */ int ecp_group_read_string( ecp_group *grp, int radix, const char *p, const char *b, diff --git a/library/ecp.c b/library/ecp.c index a773416a98..68d2f4eb88 100644 --- a/library/ecp.c +++ b/library/ecp.c @@ -64,8 +64,10 @@ void ecp_group_init( ecp_group *grp ) ecp_point_init( &grp->G ); mpi_init( &grp->N ); - grp->modp = NULL; grp->pbits = 0; + grp->nbits = 0; + + grp->modp = NULL; } /* @@ -155,12 +157,16 @@ int ecp_group_read_string( ecp_group *grp, int radix, MPI_CHK( ecp_point_read_string( &grp->G, radix, gx, gy ) ); MPI_CHK( mpi_read_string( &grp->N, radix, n ) ); + grp->pbits = mpi_msb( &grp->P ); + grp->nbits = mpi_msb( &grp->N ); + cleanup: return( ret ); } /* - * Wrapper around fast quasi-modp functions, with fall-back to mpi_mod_mpi + * Wrapper around fast quasi-modp functions, with fall-back to mpi_mod_mpi. + * See the documentation of struct ecp_group. */ static int ecp_modp( mpi *N, const ecp_group *grp ) { @@ -394,7 +400,6 @@ int ecp_use_known_dp( ecp_group *grp, size_t index ) { case POLARSSL_ECP_DP_SECP192R1: grp->modp = ecp_mod_p192; - grp->pbits = 192; return( ecp_group_read_string( grp, 16, SECP192R1_P, SECP192R1_B, SECP192R1_GX, SECP192R1_GY, SECP192R1_N ) ); @@ -416,7 +421,6 @@ int ecp_use_known_dp( ecp_group *grp, size_t index ) case POLARSSL_ECP_DP_SECP521R1: grp->modp = ecp_mod_p521; - grp->pbits = 521; return( ecp_group_read_string( grp, 16, SECP521R1_P, SECP521R1_B, SECP521R1_GX, SECP521R1_GY, SECP521R1_N ) );