Date: Monday, May 18, 2020 @ 10:54:00
Author: alucryd
Revision: 629444
archrelease: copy trunk to community-x86_64
Added:
crypto++/repos/community-x86_64/PKGBUILD
(from rev 629443, crypto++/trunk/PKGBUILD)
crypto++/repos/community-x86_64/cve-2019-14318.patch
(from rev 629443, crypto++/trunk/cve-2019-14318.patch)
Deleted:
crypto++/repos/community-x86_64/PKGBUILD
crypto++/repos/community-x86_64/crypto++.install
crypto++/repos/community-x86_64/cve-2019-14318.patch
crypto++/repos/community-x86_64/libcrypto++.pc
----------------------+
PKGBUILD | 123 ++--
crypto++.install | 4
cve-2019-14318.patch | 1280 ++++++++++++++++++++++++-------------------------
libcrypto++.pc | 11
4 files changed, 701 insertions(+), 717 deletions(-)
Deleted: PKGBUILD
===================================================================
--- PKGBUILD 2020-05-18 10:53:54 UTC (rev 629443)
+++ PKGBUILD 2020-05-18 10:54:00 UTC (rev 629444)
@@ -1,62 +0,0 @@
-# Maintainer: Baptiste Jonglez <archlinux at bitsofnetworks.org>
-# Contributor: Giovanni Scafora <[email protected]>
-# Contributor: Alexander Rødseth <[email protected]>
-# Contributor: Andrea Scarpino <[email protected]>
-# Contributor: Kritoke <[email protected]>
-# Contributor: jlvsimoes <[email protected]>
-
-pkgname=crypto++
-pkgver=8.2.0
-_srcver=${pkgver//./}
-pkgrel=2
-pkgdesc="A free C++ class library of cryptographic schemes"
-arch=('x86_64')
-url="https://www.cryptopp.com/";
-license=('custom')
-depends=('gcc-libs')
-makedepends=('unzip')
-# Fix https://bugs.archlinux.org/task/56689
-install="crypto++.install"
-source=("https://www.cryptopp.com/cryptopp${_srcver}.zip"{,.sig}
- 'libcrypto++.pc'
- 'cve-2019-14318.patch')
-# Checksums from https://www.cryptopp.com/release600.html
-sha1sums=('b042d2f0c93410abdec7c12bcd92787d019f8da1'
- 'SKIP'
- 'ef530175d27101dcb23a3f92d3c80a529f1d7b02'
- '4788135c92536cac42a98e59d219a9e859b759e3')
-sha256sums=('03f0e2242e11b9d19b28d0ec5a3fa8ed5cc7b27640e6bed365744f593e858058'
- 'SKIP'
- '8722862336f9fe0181734619c197bf4248f0e07b93bdcd693709f57b2f6aa9e6'
- 'd9cabc1eab0dfbab1d4bfff75fa99766995089e52b83a175918e738516efbb41')
-sha512sums=('753513a4ec8dd0fff2f551853ce6bd265d82219c28b033565b565b5e567fbee17adb419f4cde58a97e62b7d6533f4099aa4996cd0ba4775c6a2e7ae63a879da5'
- 'SKIP'
-
'3be1569e81af1f9b35e944faae3e9962ee2e492fb38e94fe7f847b85da033a79bbfeff193e0edb2d69f2d893f6e8279be144b9395653db67374300f7feb23276'
-
'c5075963acc0f8f5bac38306bac324e0ca5aa74abed417cf5f626267c4c409f84c31a89e351b07a1880cfd30c1451e0f1e3dd8721050df74c1d3d080097a84d9')
-validpgpkeys=('B8CC19802062211A508B2F5CCE0586AF1F8E37BD') # Jeffrey Walton
(Crypto++ Release) <[email protected]>
-
-prepare() {
- patch -p0 < "$srcdir"/cve-2019-14318.patch
-}
-
-build() {
- CXXFLAGS+=" -DNDEBUG -fPIC" make dynamic cryptest.exe
-}
-
-check() {
- make test
-}
-
-package() {
- make install DESTDIR="$pkgdir" PREFIX="/usr"
- # Install pkgconfig file
- install -d "${pkgdir}/usr/lib/pkgconfig"
- install -m644 "${srcdir}/libcrypto++.pc"
"${pkgdir}/usr/lib/pkgconfig/libcrypto++.pc"
- # Remove cryptest.exe and test files, only needed for check() and bloats the
package
- # because cryptest.exe is linked statically.
- rm "${pkgdir}/usr/bin/cryptest.exe"
- rmdir "${pkgdir}/usr/bin/"
- rm -r "${pkgdir}/usr/share/cryptopp/"
- # Install license
- install -D -m644 License.txt
"${pkgdir}/usr/share/licenses/${pkgname}/LICENSE"
-}
Copied: crypto++/repos/community-x86_64/PKGBUILD (from rev 629443,
crypto++/trunk/PKGBUILD)
===================================================================
--- PKGBUILD (rev 0)
+++ PKGBUILD 2020-05-18 10:54:00 UTC (rev 629444)
@@ -0,0 +1,61 @@
+# Maintainer: Maxime Gauduin <[email protected]>
+# Contributor: Baptiste Jonglez <archlinux at bitsofnetworks.org>
+# Contributor: Giovanni Scafora <[email protected]>
+# Contributor: Alexander Rødseth <[email protected]>
+# Contributor: Andrea Scarpino <[email protected]>
+# Contributor: Kritoke <[email protected]>
+# Contributor: jlvsimoes <[email protected]>
+
+pkgname=crypto++
+pkgver=8.2.0
+pkgrel=3
+pkgdesc='A free C++ class library of cryptographic schemes'
+arch=(x86_64)
+url=https://www.cryptopp.com/
+license=(custom)
+depends=(gcc-libs)
+makedepends=(
+ git
+ unzip
+)
+source=(
+
git+https://github.com/weidai11/cryptopp.git#tag=9dcc26c58213abb8351fbb1b2a7a1d2c667366e4
+
#git+https://github.com/weidai11/cryptopp.git?signed#tag=9dcc26c58213abb8351fbb1b2a7a1d2c667366e4
+ cve-2019-14318.patch
+)
+sha256sums=(
+ SKIP
+ d9cabc1eab0dfbab1d4bfff75fa99766995089e52b83a175918e738516efbb41
+)
+validpgpkeys=(B8CC19802062211A508B2F5CCE0586AF1F8E37BD) # Jeffrey Walton
<[email protected]>
+
+pkgver() {
+ cd cryptopp
+
+ git describe --tags | sed 's/^CRYPTOPP_//; s/_/./g'
+}
+
+prepare() {
+ cd cryptopp
+
+ patch -Np0 -i ../cve-2019-14318.patch
+}
+
+build() {
+ export CXXFLAGS="$CXXFLAGS -DNDEBUG -fPIC"
+ make -C cryptopp dynamic cryptest.exe libcryptopp.pc
+}
+
+check() {
+ make -C cryptopp test
+}
+
+package() {
+ make DESTDIR="${pkgdir}" PREFIX=/usr -C cryptopp install
+ install -Dm 644 cryptopp/License.txt -t
"${pkgdir}"/usr/share/licenses/crypto++/
+ # Remove cryptest.exe and test files, only needed for check() and bloats the
package
+ # because cryptest.exe is linked statically.
+ rm -rf "${pkgdir}"/usr/{bin,share/cryptopp}
+}
+
+# vim: ts=2 sw=2 et:
Deleted: crypto++.install
===================================================================
--- crypto++.install 2020-05-18 10:53:54 UTC (rev 629443)
+++ crypto++.install 2020-05-18 10:54:00 UTC (rev 629444)
@@ -1,4 +0,0 @@
-pre_upgrade() {
- # Up to crypto++ 5.6.5-3, libcryptopp.so.5.6 was not tracked by pacman
(symlinked at install time)
- [ -L /usr/lib/libcryptopp.so.5.6 ] && unlink
/usr/lib/libcryptopp.so.5.6 || true
-}
Deleted: cve-2019-14318.patch
===================================================================
--- cve-2019-14318.patch 2020-05-18 10:53:54 UTC (rev 629443)
+++ cve-2019-14318.patch 2020-05-18 10:54:00 UTC (rev 629444)
@@ -1,640 +0,0 @@
-# Patch for Crypto++ timing leaks in EC gear (GH #869)
-# diff of Crypto++ 8.2 and Master 04b2a20c5da5
---- pubkey.h
-+++ pubkey.h
-@@ -886,7 +886,7 @@
- /// \brief Retrieves the encoded element's size
- /// \param reversible flag indicating the encoding format
- /// \return encoded element's size, in bytes
-- /// \details The format of the encoded element varies by the
underlyinhg type of the element and the
-+ /// \details The format of the encoded element varies by the underlying
type of the element and the
- /// reversible flag. GetEncodedElementSize() must be implemented in a
derived class.
- /// \sa GetEncodedElementSize(), EncodeElement(), DecodeElement()
- virtual unsigned int GetEncodedElementSize(bool reversible) const =0;
-@@ -1604,10 +1604,10 @@
- if (rng.CanIncorporateEntropy())
- rng.IncorporateEntropy(representative,
representative.size());
-
-- Integer k;
-+ Integer k, ks;
-+ const Integer& q = params.GetSubgroupOrder();
- if (alg.IsDeterministic())
- {
-- const Integer& q = params.GetSubgroupOrder();
- const Integer& x = key.GetPrivateExponent();
- const DeterministicSignatureAlgorithm& det =
dynamic_cast<const DeterministicSignatureAlgorithm&>(alg);
- k = det.GenerateRandom(x, q, e);
-@@ -1617,8 +1617,15 @@
- k.Randomize(rng, 1, params.GetSubgroupOrder()-1);
- }
-
-+ // Due to timing attack on nonce length by Jancar
-+ // https://github.com/weidai11/cryptopp/issues/869
-+ ks = k + q;
-+ if (ks.BitCount() == q.BitCount()) {
-+ ks += q;
-+ }
-+
- Integer r, s;
-- r = params.ConvertElementToInteger(params.ExponentiateBase(k));
-+ r = params.ConvertElementToInteger(params.ExponentiateBase(ks));
- alg.Sign(params, key.GetPrivateExponent(), k, e, r, s);
-
- /*
-@@ -1630,7 +1637,7 @@
- alg.Sign(params, key.GetPrivateExponent(), ma.m_k, e, r, s);
- */
-
-- size_t rLen = alg.RLen(params);
-+ const size_t rLen = alg.RLen(params);
- r.Encode(signature, rLen);
- s.Encode(signature+rLen, alg.SLen(params));
-
---- ecp.cpp
-+++ ecp.cpp
-@@ -15,10 +15,12 @@
- ANONYMOUS_NAMESPACE_BEGIN
-
- using CryptoPP::ECP;
-+using CryptoPP::Integer;
- using CryptoPP::ModularArithmetic;
-
- #if defined(HAVE_GCC_INIT_PRIORITY)
-- const ECP::Point g_identity __attribute__ ((init_priority
(CRYPTOPP_INIT_PRIORITY + 51))) = ECP::Point();
-+ #define INIT_ATTRIBUTE __attribute__ ((init_priority
(CRYPTOPP_INIT_PRIORITY + 50)))
-+ const ECP::Point g_identity INIT_ATTRIBUTE = ECP::Point();
- #elif defined(HAVE_MSC_INIT_PRIORITY)
- #pragma warning(disable: 4075)
- #pragma init_seg(".CRT$XCU")
-@@ -39,6 +41,502 @@
- return P.identity ? P : ECP::Point(mr.ConvertOut(P.x),
mr.ConvertOut(P.y));
- }
-
-+inline Integer IdentityToInteger(bool val)
-+{
-+ return val ? Integer::One() : Integer::Zero();
-+}
-+
-+struct ProjectivePoint
-+{
-+ ProjectivePoint() {}
-+ ProjectivePoint(const Integer &x, const Integer &y, const Integer &z)
-+ : x(x), y(y), z(z) {}
-+
-+ Integer x, y, z;
-+};
-+
-+/// \brief Addition and Double functions
-+/// \sa <A HREF="https://eprint.iacr.org/2015/1060.pdf";>Complete
-+/// addition formulas for prime order elliptic curves</A>
-+struct AdditionFunction
-+{
-+ explicit AdditionFunction(const ECP::Field& field,
-+ const ECP::FieldElement &a, const ECP::FieldElement &b,
ECP::Point &r);
-+
-+ // Double(P)
-+ ECP::Point operator()(const ECP::Point& P) const;
-+ // Add(P, Q)
-+ ECP::Point operator()(const ECP::Point& P, const ECP::Point& Q) const;
-+
-+protected:
-+ /// \brief Parameters and representation for Addition
-+ /// \details Addition and Doubling will use different algorithms,
-+ /// depending on the <tt>A</tt> coefficient and the representation
-+ /// (Affine or Montgomery with precomputation).
-+ enum Alpha {
-+ /// \brief Coefficient A is 0
-+ A_0 = 1,
-+ /// \brief Coefficient A is -3
-+ A_3 = 2,
-+ /// \brief Coefficient A is arbitrary
-+ A_Star = 4,
-+ /// \brief Representation is Montgomery
-+ A_Montgomery = 8
-+ };
-+
-+ const ECP::Field& field;
-+ const ECP::FieldElement &a, &b;
-+ ECP::Point &R;
-+
-+ Alpha m_alpha;
-+};
-+
-+#define X p.x
-+#define Y p.y
-+#define Z p.z
-+
-+#define X1 p.x
-+#define Y1 p.y
-+#define Z1 p.z
-+
-+#define X2 q.x
-+#define Y2 q.y
-+#define Z2 q.z
-+
-+#define X3 r.x
-+#define Y3 r.y
-+#define Z3 r.z
-+
-+AdditionFunction::AdditionFunction(const ECP::Field& field,
-+ const ECP::FieldElement &a, const ECP::FieldElement &b, ECP::Point &r)
-+ : field(field), a(a), b(b), R(r), m_alpha(static_cast<Alpha>(0))
-+{
-+ if (field.IsMontgomeryRepresentation())
-+ {
-+ m_alpha = A_Montgomery;
-+ }
-+ else
-+ {
-+ if (a == 0)
-+ {
-+ m_alpha = A_0;
-+ }
-+ else if (a == -3 || (a - field.GetModulus()) == -3)
-+ {
-+ m_alpha = A_3;
-+ }
-+ else
-+ {
-+ m_alpha = A_Star;
-+ }
-+ }
-+}
-+
-+ECP::Point AdditionFunction::operator()(const ECP::Point& P) const
-+{
-+ if (m_alpha == A_3)
-+ {
-+ // Gyrations attempt to maintain constant-timeness
-+ // We need either (P.x, P.y, 1) or (0, 1, 0).
-+ const Integer x = P.x * IdentityToInteger(!P.identity);
-+ const Integer y = P.y * IdentityToInteger(!P.identity) + 1 *
IdentityToInteger(P.identity);
-+ const Integer z = 1 * IdentityToInteger(!P.identity);
-+
-+ ProjectivePoint p(x, y, z), r;
-+
-+ ECP::FieldElement t0 = field.Square(X);
-+ ECP::FieldElement t1 = field.Square(Y);
-+ ECP::FieldElement t2 = field.Square(Z);
-+ ECP::FieldElement t3 = field.Multiply(X, Y);
-+ t3 = field.Add(t3, t3);
-+ Z3 = field.Multiply(X, Z);
-+ Z3 = field.Add(Z3, Z3);
-+ Y3 = field.Multiply(b, t2);
-+ Y3 = field.Subtract(Y3, Z3);
-+ X3 = field.Add(Y3, Y3);
-+ Y3 = field.Add(X3, Y3);
-+ X3 = field.Subtract(t1, Y3);
-+ Y3 = field.Add(t1, Y3);
-+ Y3 = field.Multiply(X3, Y3);
-+ X3 = field.Multiply(X3, t3);
-+ t3 = field.Add(t2, t2);
-+ t2 = field.Add(t2, t3);
-+ Z3 = field.Multiply(b, Z3);
-+ Z3 = field.Subtract(Z3, t2);
-+ Z3 = field.Subtract(Z3, t0);
-+ t3 = field.Add(Z3, Z3);
-+ Z3 = field.Add(Z3, t3);
-+ t3 = field.Add(t0, t0);
-+ t0 = field.Add(t3, t0);
-+ t0 = field.Subtract(t0, t2);
-+ t0 = field.Multiply(t0, Z3);
-+ Y3 = field.Add(Y3, t0);
-+ t0 = field.Multiply(Y, Z);
-+ t0 = field.Add(t0, t0);
-+ Z3 = field.Multiply(t0, Z3);
-+ X3 = field.Subtract(X3, Z3);
-+ Z3 = field.Multiply(t0, t1);
-+ Z3 = field.Add(Z3, Z3);
-+ Z3 = field.Add(Z3, Z3);
-+
-+ const ECP::FieldElement inv =
field.MultiplicativeInverse(Z3.IsZero() ? Integer::One() : Z3);
-+ X3 = field.Multiply(X3, inv); Y3 = field.Multiply(Y3, inv);
-+
-+ // More gyrations
-+ R.x = X3*Z3.NotZero();
-+ R.y = Y3*Z3.NotZero();
-+ R.identity = Z3.IsZero();
-+
-+ return R;
-+ }
-+ else if (m_alpha == A_0)
-+ {
-+ const ECP::FieldElement b3 = field.Multiply(b, 3);
-+
-+ // Gyrations attempt to maintain constant-timeness
-+ // We need either (P.x, P.y, 1) or (0, 1, 0).
-+ const Integer x = P.x * IdentityToInteger(!P.identity);
-+ const Integer y = P.y * IdentityToInteger(!P.identity) + 1 *
IdentityToInteger(P.identity);
-+ const Integer z = 1 * IdentityToInteger(!P.identity);
-+
-+ ProjectivePoint p(x, y, z), r;
-+
-+ ECP::FieldElement t0 = field.Square(Y);
-+ Z3 = field.Add(t0, t0);
-+ Z3 = field.Add(Z3, Z3);
-+ Z3 = field.Add(Z3, Z3);
-+ ECP::FieldElement t1 = field.Add(Y, Z);
-+ ECP::FieldElement t2 = field.Square(Z);
-+ t2 = field.Multiply(b3, t2);
-+ X3 = field.Multiply(t2, Z3);
-+ Y3 = field.Add(t0, t2);
-+ Z3 = field.Multiply(t1, Z3);
-+ t1 = field.Add(t2, t2);
-+ t2 = field.Add(t1, t2);
-+ t0 = field.Subtract(t0, t2);
-+ Y3 = field.Multiply(t0, Y3);
-+ Y3 = field.Add(X3, Y3);
-+ t1 = field.Multiply(X, Y);
-+ X3 = field.Multiply(t0, t1);
-+ X3 = field.Add(X3, X3);
-+
-+ const ECP::FieldElement inv =
field.MultiplicativeInverse(Z3.IsZero() ? Integer::One() : Z3);
-+ X3 = field.Multiply(X3, inv); Y3 = field.Multiply(Y3, inv);
-+
-+ // More gyrations
-+ R.x = X3*Z3.NotZero();
-+ R.y = Y3*Z3.NotZero();
-+ R.identity = Z3.IsZero();
-+
-+ return R;
-+ }
-+ else if (m_alpha == A_Star)
-+ {
-+ const ECP::FieldElement b3 = field.Multiply(b, 3);
-+
-+ // Gyrations attempt to maintain constant-timeness
-+ // We need either (P.x, P.y, 1) or (0, 1, 0).
-+ const Integer x = P.x * IdentityToInteger(!P.identity);
-+ const Integer y = P.y * IdentityToInteger(!P.identity) + 1 *
IdentityToInteger(P.identity);
-+ const Integer z = 1 * IdentityToInteger(!P.identity);
-+
-+ ProjectivePoint p(x, y, z), r;
-+
-+ ECP::FieldElement t0 = field.Square(Y);
-+ Z3 = field.Add(t0, t0);
-+ Z3 = field.Add(Z3, Z3);
-+ Z3 = field.Add(Z3, Z3);
-+ ECP::FieldElement t1 = field.Add(Y, Z);
-+ ECP::FieldElement t2 = field.Square(Z);
-+ t2 = field.Multiply(b3, t2);
-+ X3 = field.Multiply(t2, Z3);
-+ Y3 = field.Add(t0, t2);
-+ Z3 = field.Multiply(t1, Z3);
-+ t1 = field.Add(t2, t2);
-+ t2 = field.Add(t1, t2);
-+ t0 = field.Subtract(t0, t2);
-+ Y3 = field.Multiply(t0, Y3);
-+ Y3 = field.Add(X3, Y3);
-+ t1 = field.Multiply(X, Y);
-+ X3 = field.Multiply(t0, t1);
-+ X3 = field.Add(X3, X3);
-+
-+ const ECP::FieldElement inv =
field.MultiplicativeInverse(Z3.IsZero() ? Integer::One() : Z3);
-+ X3 = field.Multiply(X3, inv); Y3 = field.Multiply(Y3, inv);
-+
-+ // More gyrations
-+ R.x = X3*Z3.NotZero();
-+ R.y = Y3*Z3.NotZero();
-+ R.identity = Z3.IsZero();
-+
-+ return R;
-+ }
-+ else // A_Montgomery
-+ {
-+ // More gyrations
-+ bool identity = !!(P.identity + (P.y == field.Identity()));
-+
-+ ECP::FieldElement t = field.Square(P.x);
-+ t = field.Add(field.Add(field.Double(t), t), a);
-+ t = field.Divide(t, field.Double(P.y));
-+ ECP::FieldElement x =
field.Subtract(field.Subtract(field.Square(t), P.x), P.x);
-+ R.y = field.Subtract(field.Multiply(t, field.Subtract(P.x, x)),
P.y);
-+ R.x.swap(x);
-+
-+ // More gyrations
-+ R.x *= IdentityToInteger(!identity);
-+ R.y *= IdentityToInteger(!identity);
-+ R.identity = identity;
-+
-+ return R;
-+ }
-+}
-+
-+ECP::Point AdditionFunction::operator()(const ECP::Point& P, const
ECP::Point& Q) const
-+{
-+ if (m_alpha == A_3)
-+ {
-+ // Gyrations attempt to maintain constant-timeness
-+ // We need either (P.x, P.y, 1) or (0, 1, 0).
-+ const Integer x1 = P.x * IdentityToInteger(!P.identity);
-+ const Integer y1 = P.y * IdentityToInteger(!P.identity) + 1 *
IdentityToInteger(P.identity);
-+ const Integer z1 = 1 * IdentityToInteger(!P.identity);
-+
-+ const Integer x2 = Q.x * IdentityToInteger(!Q.identity);
-+ const Integer y2 = Q.y * IdentityToInteger(!Q.identity) + 1 *
IdentityToInteger(Q.identity);
-+ const Integer z2 = 1 * IdentityToInteger(!Q.identity);
-+
-+ ProjectivePoint p(x1, y1, z1), q(x2, y2, z2), r;
-+
-+ ECP::FieldElement t0 = field.Multiply(X1, X2);
-+ ECP::FieldElement t1 = field.Multiply(Y1, Y2);
-+ ECP::FieldElement t2 = field.Multiply(Z1, Z2);
-+ ECP::FieldElement t3 = field.Add(X1, Y1);
-+ ECP::FieldElement t4 = field.Add(X2, Y2);
-+ t3 = field.Multiply(t3, t4);
-+ t4 = field.Add(t0, t1);
-+ t3 = field.Subtract(t3, t4);
-+ t4 = field.Add(Y1, Z1);
-+ X3 = field.Add(Y2, Z2);
-+ t4 = field.Multiply(t4, X3);
-+ X3 = field.Add(t1, t2);
-+ t4 = field.Subtract(t4, X3);
-+ X3 = field.Add(X1, Z1);
-+ Y3 = field.Add(X2, Z2);
-+ X3 = field.Multiply(X3, Y3);
-+ Y3 = field.Add(t0, t2);
-+ Y3 = field.Subtract(X3, Y3);
-+ Z3 = field.Multiply(b, t2);
-+ X3 = field.Subtract(Y3, Z3);
-+ Z3 = field.Add(X3, X3);
-+ X3 = field.Add(X3, Z3);
-+ Z3 = field.Subtract(t1, X3);
-+ X3 = field.Add(t1, X3);
-+ Y3 = field.Multiply(b, Y3);
-+ t1 = field.Add(t2, t2);
-+ t2 = field.Add(t1, t2);
-+ Y3 = field.Subtract(Y3, t2);
-+ Y3 = field.Subtract(Y3, t0);
-+ t1 = field.Add(Y3, Y3);
-+ Y3 = field.Add(t1, Y3);
-+ t1 = field.Add(t0, t0);
-+ t0 = field.Add(t1, t0);
-+ t0 = field.Subtract(t0, t2);
-+ t1 = field.Multiply(t4, Y3);
-+ t2 = field.Multiply(t0, Y3);
-+ Y3 = field.Multiply(X3, Z3);
-+ Y3 = field.Add(Y3, t2);
-+ X3 = field.Multiply(t3, X3);
-+ X3 = field.Subtract(X3, t1);
-+ Z3 = field.Multiply(t4, Z3);
-+ t1 = field.Multiply(t3, t0);
-+ Z3 = field.Add(Z3, t1);
-+
-+ const ECP::FieldElement inv =
field.MultiplicativeInverse(Z3.IsZero() ? Integer::One() : Z3);
-+ X3 = field.Multiply(X3, inv); Y3 = field.Multiply(Y3, inv);
-+
-+ // More gyrations
-+ R.x = X3*Z3.NotZero();
-+ R.y = Y3*Z3.NotZero();
-+ R.identity = Z3.IsZero();
-+
-+ return R;
-+ }
-+ else if (m_alpha == A_0)
-+ {
-+ const ECP::FieldElement b3 = field.Multiply(b, 3);
-+
-+ // Gyrations attempt to maintain constant-timeness
-+ // We need either (P.x, P.y, 1) or (0, 1, 0).
-+ const Integer x1 = P.x * IdentityToInteger(!P.identity);
-+ const Integer y1 = P.y * IdentityToInteger(!P.identity) + 1 *
IdentityToInteger(P.identity);
-+ const Integer z1 = 1 * IdentityToInteger(!P.identity);
-+
-+ const Integer x2 = Q.x * IdentityToInteger(!Q.identity);
-+ const Integer y2 = Q.y * IdentityToInteger(!Q.identity) + 1 *
IdentityToInteger(Q.identity);
-+ const Integer z2 = 1 * IdentityToInteger(!Q.identity);
-+
-+ ProjectivePoint p(x1, y1, z1), q(x2, y2, z2), r;
-+
-+ ECP::FieldElement t0 = field.Square(Y);
-+ Z3 = field.Add(t0, t0);
-+ Z3 = field.Add(Z3, Z3);
-+ Z3 = field.Add(Z3, Z3);
-+ ECP::FieldElement t1 = field.Add(Y, Z);
-+ ECP::FieldElement t2 = field.Square(Z);
-+ t2 = field.Multiply(b3, t2);
-+ X3 = field.Multiply(t2, Z3);
-+ Y3 = field.Add(t0, t2);
-+ Z3 = field.Multiply(t1, Z3);
-+ t1 = field.Add(t2, t2);
-+ t2 = field.Add(t1, t2);
-+ t0 = field.Subtract(t0, t2);
-+ Y3 = field.Multiply(t0, Y3);
-+ Y3 = field.Add(X3, Y3);
-+ t1 = field.Multiply(X, Y);
-+ X3 = field.Multiply(t0, t1);
-+ X3 = field.Add(X3, X3);
-+
-+ const ECP::FieldElement inv =
field.MultiplicativeInverse(Z3.IsZero() ? Integer::One() : Z3);
-+ X3 = field.Multiply(X3, inv); Y3 = field.Multiply(Y3, inv);
-+
-+ // More gyrations
-+ R.x = X3*Z3.NotZero();
-+ R.y = Y3*Z3.NotZero();
-+ R.identity = Z3.IsZero();
-+
-+ return R;
-+ }
-+ else if (m_alpha == A_Star)
-+ {
-+ const ECP::FieldElement b3 = field.Multiply(b, 3);
-+
-+ // Gyrations attempt to maintain constant-timeness
-+ // We need either (P.x, P.y, 1) or (0, 1, 0).
-+ const Integer x1 = P.x * IdentityToInteger(!P.identity);
-+ const Integer y1 = P.y * IdentityToInteger(!P.identity) + 1 *
IdentityToInteger(P.identity);
-+ const Integer z1 = 1 * IdentityToInteger(!P.identity);
-+
-+ const Integer x2 = Q.x * IdentityToInteger(!Q.identity);
-+ const Integer y2 = Q.y * IdentityToInteger(!Q.identity) + 1 *
IdentityToInteger(Q.identity);
-+ const Integer z2 = 1 * IdentityToInteger(!Q.identity);
-+
-+ ProjectivePoint p(x1, y1, z1), q(x2, y2, z2), r;
-+
-+ ECP::FieldElement t0 = field.Multiply(X1, X2);
-+ ECP::FieldElement t1 = field.Multiply(Y1, Y2);
-+ ECP::FieldElement t2 = field.Multiply(Z1, Z2);
-+ ECP::FieldElement t3 = field.Add(X1, Y1);
-+ ECP::FieldElement t4 = field.Add(X2, Y2);
-+ t3 = field.Multiply(t3, t4);
-+ t4 = field.Add(t0, t1);
-+ t3 = field.Subtract(t3, t4);
-+ t4 = field.Add(X1, Z1);
-+ ECP::FieldElement t5 = field.Add(X2, Z2);
-+ t4 = field.Multiply(t4, t5);
-+ t5 = field.Add(t0, t2);
-+ t4 = field.Subtract(t4, t5);
-+ t5 = field.Add(Y1, Z1);
-+ X3 = field.Add(Y2, Z2);
-+ t5 = field.Multiply(t5, X3);
-+ X3 = field.Add(t1, t2);
-+ t5 = field.Subtract(t5, X3);
-+ Z3 = field.Multiply(a, t4);
-+ X3 = field.Multiply(b3, t2);
-+ Z3 = field.Add(X3, Z3);
-+ X3 = field.Subtract(t1, Z3);
-+ Z3 = field.Add(t1, Z3);
-+ Y3 = field.Multiply(X3, Z3);
-+ t1 = field.Add(t0, t0);
-+ t1 = field.Add(t1, t0);
-+ t2 = field.Multiply(a, t2);
-+ t4 = field.Multiply(b3, t4);
-+ t1 = field.Add(t1, t2);
-+ t2 = field.Subtract(t0, t2);
-+ t2 = field.Multiply(a, t2);
-+ t4 = field.Add(t4, t2);
-+ t0 = field.Multiply(t1, t4);
-+ Y3 = field.Add(Y3, t0);
-+ t0 = field.Multiply(t5, t4);
-+ X3 = field.Multiply(t3, X3);
-+ X3 = field.Subtract(X3, t0);
-+ t0 = field.Multiply(t3, t1);
-+ Z3 = field.Multiply(t5, Z3);
-+ Z3 = field.Add(Z3, t0);
-+
-+ const ECP::FieldElement inv =
field.MultiplicativeInverse(Z3.IsZero() ? Integer::One() : Z3);
-+ X3 = field.Multiply(X3, inv); Y3 = field.Multiply(Y3, inv);
-+
-+ // More gyrations
-+ R.x = X3*Z3.NotZero();
-+ R.y = Y3*Z3.NotZero();
-+ R.identity = Z3.IsZero();
-+
-+ return R;
-+ }
-+ else // A_Montgomery
-+ {
-+ ECP::Point S = R;
-+
-+ // More gyrations
-+ bool return_Q = P.identity;
-+ bool return_P = Q.identity;
-+ bool double_P = field.Equal(P.x, Q.x) && field.Equal(P.y, Q.y);
-+ bool identity = field.Equal(P.x, Q.x) && !field.Equal(P.y, Q.y);
-+
-+ // This code taken from Double(P) for below
-+ identity = !!((double_P * (P.identity + (P.y ==
field.Identity()))) + identity);
-+
-+ if (double_P)
-+ {
-+ // This code taken from Double(P)
-+ ECP::FieldElement t = field.Square(P.x);
-+ t = field.Add(field.Add(field.Double(t), t), a);
-+ t = field.Divide(t, field.Double(P.y));
-+ ECP::FieldElement x =
field.Subtract(field.Subtract(field.Square(t), P.x), P.x);
-+ R.y = field.Subtract(field.Multiply(t,
field.Subtract(P.x, x)), P.y);
-+ R.x.swap(x);
-+ }
-+ else
-+ {
-+ // Original Add(P,Q) code
-+ ECP::FieldElement t = field.Subtract(Q.y, P.y);
-+ t = field.Divide(t, field.Subtract(Q.x, P.x));
-+ ECP::FieldElement x =
field.Subtract(field.Subtract(field.Square(t), P.x), Q.x);
-+ R.y = field.Subtract(field.Multiply(t,
field.Subtract(P.x, x)), P.y);
-+ R.x.swap(x);
-+ }
-+
-+ // More gyrations
-+ R.x = R.x * IdentityToInteger(!identity);
-+ R.y = R.y * IdentityToInteger(!identity);
-+ R.identity = identity;
-+
-+ if (return_Q)
-+ return (R = S), Q;
-+ else if (return_P)
-+ return (R = S), P;
-+ else
-+ return (S = R), R;
-+ }
-+}
-+
-+#undef X
-+#undef Y
-+#undef Z
-+
-+#undef X1
-+#undef Y1
-+#undef Z1
-+
-+#undef X2
-+#undef Y2
-+#undef Z2
-+
-+#undef X3
-+#undef Y3
-+#undef Z3
-+
- ANONYMOUS_NAMESPACE_END
-
- NAMESPACE_BEGIN(CryptoPP)
-@@ -243,34 +741,14 @@
-
- const ECP::Point& ECP::Add(const Point &P, const Point &Q) const
- {
-- if (P.identity) return Q;
-- if (Q.identity) return P;
-- if (GetField().Equal(P.x, Q.x))
-- return GetField().Equal(P.y, Q.y) ? Double(P) : Identity();
--
-- FieldElement t = GetField().Subtract(Q.y, P.y);
-- t = GetField().Divide(t, GetField().Subtract(Q.x, P.x));
-- FieldElement x =
GetField().Subtract(GetField().Subtract(GetField().Square(t), P.x), Q.x);
-- m_R.y = GetField().Subtract(GetField().Multiply(t,
GetField().Subtract(P.x, x)), P.y);
--
-- m_R.x.swap(x);
-- m_R.identity = false;
-- return m_R;
-+ AdditionFunction add(GetField(), m_a, m_b, m_R);
-+ return (m_R = add(P, Q));
- }
-
- const ECP::Point& ECP::Double(const Point &P) const
- {
-- if (P.identity || P.y==GetField().Identity()) return Identity();
--
-- FieldElement t = GetField().Square(P.x);
-- t = GetField().Add(GetField().Add(GetField().Double(t), t), m_a);
-- t = GetField().Divide(t, GetField().Double(P.y));
-- FieldElement x =
GetField().Subtract(GetField().Subtract(GetField().Square(t), P.x), P.x);
-- m_R.y = GetField().Subtract(GetField().Multiply(t,
GetField().Subtract(P.x, x)), P.y);
--
-- m_R.x.swap(x);
-- m_R.identity = false;
-- return m_R;
-+ AdditionFunction add(GetField(), m_a, m_b, m_R);
-+ return (m_R = add(P));
- }
-
- template <class T, class Iterator> void ParallelInvert(const AbstractRing<T>
&ring, Iterator begin, Iterator end)
-@@ -310,20 +788,11 @@
- }
- }
-
--struct ProjectivePoint
--{
-- ProjectivePoint() {}
-- ProjectivePoint(const Integer &x, const Integer &y, const Integer &z)
-- : x(x), y(y), z(z) {}
--
-- Integer x,y,z;
--};
--
- class ProjectiveDoubling
- {
- public:
- ProjectiveDoubling(const ModularArithmetic &m_mr, const Integer &m_a,
const Integer &m_b, const ECPPoint &Q)
-- : mr(m_mr), firstDoubling(true), negated(false)
-+ : mr(m_mr)
- {
- CRYPTOPP_UNUSED(m_b);
- if (Q.identity)
-@@ -360,7 +829,6 @@
-
- const ModularArithmetic &mr;
- ProjectivePoint P;
-- bool firstDoubling, negated;
- Integer sixteenY4, aZ4, twoY, fourY2, S, M;
- };
-
Copied: crypto++/repos/community-x86_64/cve-2019-14318.patch (from rev 629443,
crypto++/trunk/cve-2019-14318.patch)
===================================================================
--- cve-2019-14318.patch (rev 0)
+++ cve-2019-14318.patch 2020-05-18 10:54:00 UTC (rev 629444)
@@ -0,0 +1,640 @@
+# Patch for Crypto++ timing leaks in EC gear (GH #869)
+# diff of Crypto++ 8.2 and Master 04b2a20c5da5
+--- pubkey.h
++++ pubkey.h
+@@ -886,7 +886,7 @@
+ /// \brief Retrieves the encoded element's size
+ /// \param reversible flag indicating the encoding format
+ /// \return encoded element's size, in bytes
+- /// \details The format of the encoded element varies by the
underlyinhg type of the element and the
++ /// \details The format of the encoded element varies by the underlying
type of the element and the
+ /// reversible flag. GetEncodedElementSize() must be implemented in a
derived class.
+ /// \sa GetEncodedElementSize(), EncodeElement(), DecodeElement()
+ virtual unsigned int GetEncodedElementSize(bool reversible) const =0;
+@@ -1604,10 +1604,10 @@
+ if (rng.CanIncorporateEntropy())
+ rng.IncorporateEntropy(representative,
representative.size());
+
+- Integer k;
++ Integer k, ks;
++ const Integer& q = params.GetSubgroupOrder();
+ if (alg.IsDeterministic())
+ {
+- const Integer& q = params.GetSubgroupOrder();
+ const Integer& x = key.GetPrivateExponent();
+ const DeterministicSignatureAlgorithm& det =
dynamic_cast<const DeterministicSignatureAlgorithm&>(alg);
+ k = det.GenerateRandom(x, q, e);
+@@ -1617,8 +1617,15 @@
+ k.Randomize(rng, 1, params.GetSubgroupOrder()-1);
+ }
+
++ // Due to timing attack on nonce length by Jancar
++ // https://github.com/weidai11/cryptopp/issues/869
++ ks = k + q;
++ if (ks.BitCount() == q.BitCount()) {
++ ks += q;
++ }
++
+ Integer r, s;
+- r = params.ConvertElementToInteger(params.ExponentiateBase(k));
++ r = params.ConvertElementToInteger(params.ExponentiateBase(ks));
+ alg.Sign(params, key.GetPrivateExponent(), k, e, r, s);
+
+ /*
+@@ -1630,7 +1637,7 @@
+ alg.Sign(params, key.GetPrivateExponent(), ma.m_k, e, r, s);
+ */
+
+- size_t rLen = alg.RLen(params);
++ const size_t rLen = alg.RLen(params);
+ r.Encode(signature, rLen);
+ s.Encode(signature+rLen, alg.SLen(params));
+
+--- ecp.cpp
++++ ecp.cpp
+@@ -15,10 +15,12 @@
+ ANONYMOUS_NAMESPACE_BEGIN
+
+ using CryptoPP::ECP;
++using CryptoPP::Integer;
+ using CryptoPP::ModularArithmetic;
+
+ #if defined(HAVE_GCC_INIT_PRIORITY)
+- const ECP::Point g_identity __attribute__ ((init_priority
(CRYPTOPP_INIT_PRIORITY + 51))) = ECP::Point();
++ #define INIT_ATTRIBUTE __attribute__ ((init_priority
(CRYPTOPP_INIT_PRIORITY + 50)))
++ const ECP::Point g_identity INIT_ATTRIBUTE = ECP::Point();
+ #elif defined(HAVE_MSC_INIT_PRIORITY)
+ #pragma warning(disable: 4075)
+ #pragma init_seg(".CRT$XCU")
+@@ -39,6 +41,502 @@
+ return P.identity ? P : ECP::Point(mr.ConvertOut(P.x),
mr.ConvertOut(P.y));
+ }
+
++inline Integer IdentityToInteger(bool val)
++{
++ return val ? Integer::One() : Integer::Zero();
++}
++
++struct ProjectivePoint
++{
++ ProjectivePoint() {}
++ ProjectivePoint(const Integer &x, const Integer &y, const Integer &z)
++ : x(x), y(y), z(z) {}
++
++ Integer x, y, z;
++};
++
++/// \brief Addition and Double functions
++/// \sa <A HREF="https://eprint.iacr.org/2015/1060.pdf";>Complete
++/// addition formulas for prime order elliptic curves</A>
++struct AdditionFunction
++{
++ explicit AdditionFunction(const ECP::Field& field,
++ const ECP::FieldElement &a, const ECP::FieldElement &b,
ECP::Point &r);
++
++ // Double(P)
++ ECP::Point operator()(const ECP::Point& P) const;
++ // Add(P, Q)
++ ECP::Point operator()(const ECP::Point& P, const ECP::Point& Q) const;
++
++protected:
++ /// \brief Parameters and representation for Addition
++ /// \details Addition and Doubling will use different algorithms,
++ /// depending on the <tt>A</tt> coefficient and the representation
++ /// (Affine or Montgomery with precomputation).
++ enum Alpha {
++ /// \brief Coefficient A is 0
++ A_0 = 1,
++ /// \brief Coefficient A is -3
++ A_3 = 2,
++ /// \brief Coefficient A is arbitrary
++ A_Star = 4,
++ /// \brief Representation is Montgomery
++ A_Montgomery = 8
++ };
++
++ const ECP::Field& field;
++ const ECP::FieldElement &a, &b;
++ ECP::Point &R;
++
++ Alpha m_alpha;
++};
++
++#define X p.x
++#define Y p.y
++#define Z p.z
++
++#define X1 p.x
++#define Y1 p.y
++#define Z1 p.z
++
++#define X2 q.x
++#define Y2 q.y
++#define Z2 q.z
++
++#define X3 r.x
++#define Y3 r.y
++#define Z3 r.z
++
++AdditionFunction::AdditionFunction(const ECP::Field& field,
++ const ECP::FieldElement &a, const ECP::FieldElement &b, ECP::Point &r)
++ : field(field), a(a), b(b), R(r), m_alpha(static_cast<Alpha>(0))
++{
++ if (field.IsMontgomeryRepresentation())
++ {
++ m_alpha = A_Montgomery;
++ }
++ else
++ {
++ if (a == 0)
++ {
++ m_alpha = A_0;
++ }
++ else if (a == -3 || (a - field.GetModulus()) == -3)
++ {
++ m_alpha = A_3;
++ }
++ else
++ {
++ m_alpha = A_Star;
++ }
++ }
++}
++
++ECP::Point AdditionFunction::operator()(const ECP::Point& P) const
++{
++ if (m_alpha == A_3)
++ {
++ // Gyrations attempt to maintain constant-timeness
++ // We need either (P.x, P.y, 1) or (0, 1, 0).
++ const Integer x = P.x * IdentityToInteger(!P.identity);
++ const Integer y = P.y * IdentityToInteger(!P.identity) + 1 *
IdentityToInteger(P.identity);
++ const Integer z = 1 * IdentityToInteger(!P.identity);
++
++ ProjectivePoint p(x, y, z), r;
++
++ ECP::FieldElement t0 = field.Square(X);
++ ECP::FieldElement t1 = field.Square(Y);
++ ECP::FieldElement t2 = field.Square(Z);
++ ECP::FieldElement t3 = field.Multiply(X, Y);
++ t3 = field.Add(t3, t3);
++ Z3 = field.Multiply(X, Z);
++ Z3 = field.Add(Z3, Z3);
++ Y3 = field.Multiply(b, t2);
++ Y3 = field.Subtract(Y3, Z3);
++ X3 = field.Add(Y3, Y3);
++ Y3 = field.Add(X3, Y3);
++ X3 = field.Subtract(t1, Y3);
++ Y3 = field.Add(t1, Y3);
++ Y3 = field.Multiply(X3, Y3);
++ X3 = field.Multiply(X3, t3);
++ t3 = field.Add(t2, t2);
++ t2 = field.Add(t2, t3);
++ Z3 = field.Multiply(b, Z3);
++ Z3 = field.Subtract(Z3, t2);
++ Z3 = field.Subtract(Z3, t0);
++ t3 = field.Add(Z3, Z3);
++ Z3 = field.Add(Z3, t3);
++ t3 = field.Add(t0, t0);
++ t0 = field.Add(t3, t0);
++ t0 = field.Subtract(t0, t2);
++ t0 = field.Multiply(t0, Z3);
++ Y3 = field.Add(Y3, t0);
++ t0 = field.Multiply(Y, Z);
++ t0 = field.Add(t0, t0);
++ Z3 = field.Multiply(t0, Z3);
++ X3 = field.Subtract(X3, Z3);
++ Z3 = field.Multiply(t0, t1);
++ Z3 = field.Add(Z3, Z3);
++ Z3 = field.Add(Z3, Z3);
++
++ const ECP::FieldElement inv =
field.MultiplicativeInverse(Z3.IsZero() ? Integer::One() : Z3);
++ X3 = field.Multiply(X3, inv); Y3 = field.Multiply(Y3, inv);
++
++ // More gyrations
++ R.x = X3*Z3.NotZero();
++ R.y = Y3*Z3.NotZero();
++ R.identity = Z3.IsZero();
++
++ return R;
++ }
++ else if (m_alpha == A_0)
++ {
++ const ECP::FieldElement b3 = field.Multiply(b, 3);
++
++ // Gyrations attempt to maintain constant-timeness
++ // We need either (P.x, P.y, 1) or (0, 1, 0).
++ const Integer x = P.x * IdentityToInteger(!P.identity);
++ const Integer y = P.y * IdentityToInteger(!P.identity) + 1 *
IdentityToInteger(P.identity);
++ const Integer z = 1 * IdentityToInteger(!P.identity);
++
++ ProjectivePoint p(x, y, z), r;
++
++ ECP::FieldElement t0 = field.Square(Y);
++ Z3 = field.Add(t0, t0);
++ Z3 = field.Add(Z3, Z3);
++ Z3 = field.Add(Z3, Z3);
++ ECP::FieldElement t1 = field.Add(Y, Z);
++ ECP::FieldElement t2 = field.Square(Z);
++ t2 = field.Multiply(b3, t2);
++ X3 = field.Multiply(t2, Z3);
++ Y3 = field.Add(t0, t2);
++ Z3 = field.Multiply(t1, Z3);
++ t1 = field.Add(t2, t2);
++ t2 = field.Add(t1, t2);
++ t0 = field.Subtract(t0, t2);
++ Y3 = field.Multiply(t0, Y3);
++ Y3 = field.Add(X3, Y3);
++ t1 = field.Multiply(X, Y);
++ X3 = field.Multiply(t0, t1);
++ X3 = field.Add(X3, X3);
++
++ const ECP::FieldElement inv =
field.MultiplicativeInverse(Z3.IsZero() ? Integer::One() : Z3);
++ X3 = field.Multiply(X3, inv); Y3 = field.Multiply(Y3, inv);
++
++ // More gyrations
++ R.x = X3*Z3.NotZero();
++ R.y = Y3*Z3.NotZero();
++ R.identity = Z3.IsZero();
++
++ return R;
++ }
++ else if (m_alpha == A_Star)
++ {
++ const ECP::FieldElement b3 = field.Multiply(b, 3);
++
++ // Gyrations attempt to maintain constant-timeness
++ // We need either (P.x, P.y, 1) or (0, 1, 0).
++ const Integer x = P.x * IdentityToInteger(!P.identity);
++ const Integer y = P.y * IdentityToInteger(!P.identity) + 1 *
IdentityToInteger(P.identity);
++ const Integer z = 1 * IdentityToInteger(!P.identity);
++
++ ProjectivePoint p(x, y, z), r;
++
++ ECP::FieldElement t0 = field.Square(Y);
++ Z3 = field.Add(t0, t0);
++ Z3 = field.Add(Z3, Z3);
++ Z3 = field.Add(Z3, Z3);
++ ECP::FieldElement t1 = field.Add(Y, Z);
++ ECP::FieldElement t2 = field.Square(Z);
++ t2 = field.Multiply(b3, t2);
++ X3 = field.Multiply(t2, Z3);
++ Y3 = field.Add(t0, t2);
++ Z3 = field.Multiply(t1, Z3);
++ t1 = field.Add(t2, t2);
++ t2 = field.Add(t1, t2);
++ t0 = field.Subtract(t0, t2);
++ Y3 = field.Multiply(t0, Y3);
++ Y3 = field.Add(X3, Y3);
++ t1 = field.Multiply(X, Y);
++ X3 = field.Multiply(t0, t1);
++ X3 = field.Add(X3, X3);
++
++ const ECP::FieldElement inv =
field.MultiplicativeInverse(Z3.IsZero() ? Integer::One() : Z3);
++ X3 = field.Multiply(X3, inv); Y3 = field.Multiply(Y3, inv);
++
++ // More gyrations
++ R.x = X3*Z3.NotZero();
++ R.y = Y3*Z3.NotZero();
++ R.identity = Z3.IsZero();
++
++ return R;
++ }
++ else // A_Montgomery
++ {
++ // More gyrations
++ bool identity = !!(P.identity + (P.y == field.Identity()));
++
++ ECP::FieldElement t = field.Square(P.x);
++ t = field.Add(field.Add(field.Double(t), t), a);
++ t = field.Divide(t, field.Double(P.y));
++ ECP::FieldElement x =
field.Subtract(field.Subtract(field.Square(t), P.x), P.x);
++ R.y = field.Subtract(field.Multiply(t, field.Subtract(P.x, x)),
P.y);
++ R.x.swap(x);
++
++ // More gyrations
++ R.x *= IdentityToInteger(!identity);
++ R.y *= IdentityToInteger(!identity);
++ R.identity = identity;
++
++ return R;
++ }
++}
++
++ECP::Point AdditionFunction::operator()(const ECP::Point& P, const
ECP::Point& Q) const
++{
++ if (m_alpha == A_3)
++ {
++ // Gyrations attempt to maintain constant-timeness
++ // We need either (P.x, P.y, 1) or (0, 1, 0).
++ const Integer x1 = P.x * IdentityToInteger(!P.identity);
++ const Integer y1 = P.y * IdentityToInteger(!P.identity) + 1 *
IdentityToInteger(P.identity);
++ const Integer z1 = 1 * IdentityToInteger(!P.identity);
++
++ const Integer x2 = Q.x * IdentityToInteger(!Q.identity);
++ const Integer y2 = Q.y * IdentityToInteger(!Q.identity) + 1 *
IdentityToInteger(Q.identity);
++ const Integer z2 = 1 * IdentityToInteger(!Q.identity);
++
++ ProjectivePoint p(x1, y1, z1), q(x2, y2, z2), r;
++
++ ECP::FieldElement t0 = field.Multiply(X1, X2);
++ ECP::FieldElement t1 = field.Multiply(Y1, Y2);
++ ECP::FieldElement t2 = field.Multiply(Z1, Z2);
++ ECP::FieldElement t3 = field.Add(X1, Y1);
++ ECP::FieldElement t4 = field.Add(X2, Y2);
++ t3 = field.Multiply(t3, t4);
++ t4 = field.Add(t0, t1);
++ t3 = field.Subtract(t3, t4);
++ t4 = field.Add(Y1, Z1);
++ X3 = field.Add(Y2, Z2);
++ t4 = field.Multiply(t4, X3);
++ X3 = field.Add(t1, t2);
++ t4 = field.Subtract(t4, X3);
++ X3 = field.Add(X1, Z1);
++ Y3 = field.Add(X2, Z2);
++ X3 = field.Multiply(X3, Y3);
++ Y3 = field.Add(t0, t2);
++ Y3 = field.Subtract(X3, Y3);
++ Z3 = field.Multiply(b, t2);
++ X3 = field.Subtract(Y3, Z3);
++ Z3 = field.Add(X3, X3);
++ X3 = field.Add(X3, Z3);
++ Z3 = field.Subtract(t1, X3);
++ X3 = field.Add(t1, X3);
++ Y3 = field.Multiply(b, Y3);
++ t1 = field.Add(t2, t2);
++ t2 = field.Add(t1, t2);
++ Y3 = field.Subtract(Y3, t2);
++ Y3 = field.Subtract(Y3, t0);
++ t1 = field.Add(Y3, Y3);
++ Y3 = field.Add(t1, Y3);
++ t1 = field.Add(t0, t0);
++ t0 = field.Add(t1, t0);
++ t0 = field.Subtract(t0, t2);
++ t1 = field.Multiply(t4, Y3);
++ t2 = field.Multiply(t0, Y3);
++ Y3 = field.Multiply(X3, Z3);
++ Y3 = field.Add(Y3, t2);
++ X3 = field.Multiply(t3, X3);
++ X3 = field.Subtract(X3, t1);
++ Z3 = field.Multiply(t4, Z3);
++ t1 = field.Multiply(t3, t0);
++ Z3 = field.Add(Z3, t1);
++
++ const ECP::FieldElement inv =
field.MultiplicativeInverse(Z3.IsZero() ? Integer::One() : Z3);
++ X3 = field.Multiply(X3, inv); Y3 = field.Multiply(Y3, inv);
++
++ // More gyrations
++ R.x = X3*Z3.NotZero();
++ R.y = Y3*Z3.NotZero();
++ R.identity = Z3.IsZero();
++
++ return R;
++ }
++ else if (m_alpha == A_0)
++ {
++ const ECP::FieldElement b3 = field.Multiply(b, 3);
++
++ // Gyrations attempt to maintain constant-timeness
++ // We need either (P.x, P.y, 1) or (0, 1, 0).
++ const Integer x1 = P.x * IdentityToInteger(!P.identity);
++ const Integer y1 = P.y * IdentityToInteger(!P.identity) + 1 *
IdentityToInteger(P.identity);
++ const Integer z1 = 1 * IdentityToInteger(!P.identity);
++
++ const Integer x2 = Q.x * IdentityToInteger(!Q.identity);
++ const Integer y2 = Q.y * IdentityToInteger(!Q.identity) + 1 *
IdentityToInteger(Q.identity);
++ const Integer z2 = 1 * IdentityToInteger(!Q.identity);
++
++ ProjectivePoint p(x1, y1, z1), q(x2, y2, z2), r;
++
++ ECP::FieldElement t0 = field.Square(Y);
++ Z3 = field.Add(t0, t0);
++ Z3 = field.Add(Z3, Z3);
++ Z3 = field.Add(Z3, Z3);
++ ECP::FieldElement t1 = field.Add(Y, Z);
++ ECP::FieldElement t2 = field.Square(Z);
++ t2 = field.Multiply(b3, t2);
++ X3 = field.Multiply(t2, Z3);
++ Y3 = field.Add(t0, t2);
++ Z3 = field.Multiply(t1, Z3);
++ t1 = field.Add(t2, t2);
++ t2 = field.Add(t1, t2);
++ t0 = field.Subtract(t0, t2);
++ Y3 = field.Multiply(t0, Y3);
++ Y3 = field.Add(X3, Y3);
++ t1 = field.Multiply(X, Y);
++ X3 = field.Multiply(t0, t1);
++ X3 = field.Add(X3, X3);
++
++ const ECP::FieldElement inv =
field.MultiplicativeInverse(Z3.IsZero() ? Integer::One() : Z3);
++ X3 = field.Multiply(X3, inv); Y3 = field.Multiply(Y3, inv);
++
++ // More gyrations
++ R.x = X3*Z3.NotZero();
++ R.y = Y3*Z3.NotZero();
++ R.identity = Z3.IsZero();
++
++ return R;
++ }
++ else if (m_alpha == A_Star)
++ {
++ const ECP::FieldElement b3 = field.Multiply(b, 3);
++
++ // Gyrations attempt to maintain constant-timeness
++ // We need either (P.x, P.y, 1) or (0, 1, 0).
++ const Integer x1 = P.x * IdentityToInteger(!P.identity);
++ const Integer y1 = P.y * IdentityToInteger(!P.identity) + 1 *
IdentityToInteger(P.identity);
++ const Integer z1 = 1 * IdentityToInteger(!P.identity);
++
++ const Integer x2 = Q.x * IdentityToInteger(!Q.identity);
++ const Integer y2 = Q.y * IdentityToInteger(!Q.identity) + 1 *
IdentityToInteger(Q.identity);
++ const Integer z2 = 1 * IdentityToInteger(!Q.identity);
++
++ ProjectivePoint p(x1, y1, z1), q(x2, y2, z2), r;
++
++ ECP::FieldElement t0 = field.Multiply(X1, X2);
++ ECP::FieldElement t1 = field.Multiply(Y1, Y2);
++ ECP::FieldElement t2 = field.Multiply(Z1, Z2);
++ ECP::FieldElement t3 = field.Add(X1, Y1);
++ ECP::FieldElement t4 = field.Add(X2, Y2);
++ t3 = field.Multiply(t3, t4);
++ t4 = field.Add(t0, t1);
++ t3 = field.Subtract(t3, t4);
++ t4 = field.Add(X1, Z1);
++ ECP::FieldElement t5 = field.Add(X2, Z2);
++ t4 = field.Multiply(t4, t5);
++ t5 = field.Add(t0, t2);
++ t4 = field.Subtract(t4, t5);
++ t5 = field.Add(Y1, Z1);
++ X3 = field.Add(Y2, Z2);
++ t5 = field.Multiply(t5, X3);
++ X3 = field.Add(t1, t2);
++ t5 = field.Subtract(t5, X3);
++ Z3 = field.Multiply(a, t4);
++ X3 = field.Multiply(b3, t2);
++ Z3 = field.Add(X3, Z3);
++ X3 = field.Subtract(t1, Z3);
++ Z3 = field.Add(t1, Z3);
++ Y3 = field.Multiply(X3, Z3);
++ t1 = field.Add(t0, t0);
++ t1 = field.Add(t1, t0);
++ t2 = field.Multiply(a, t2);
++ t4 = field.Multiply(b3, t4);
++ t1 = field.Add(t1, t2);
++ t2 = field.Subtract(t0, t2);
++ t2 = field.Multiply(a, t2);
++ t4 = field.Add(t4, t2);
++ t0 = field.Multiply(t1, t4);
++ Y3 = field.Add(Y3, t0);
++ t0 = field.Multiply(t5, t4);
++ X3 = field.Multiply(t3, X3);
++ X3 = field.Subtract(X3, t0);
++ t0 = field.Multiply(t3, t1);
++ Z3 = field.Multiply(t5, Z3);
++ Z3 = field.Add(Z3, t0);
++
++ const ECP::FieldElement inv =
field.MultiplicativeInverse(Z3.IsZero() ? Integer::One() : Z3);
++ X3 = field.Multiply(X3, inv); Y3 = field.Multiply(Y3, inv);
++
++ // More gyrations
++ R.x = X3*Z3.NotZero();
++ R.y = Y3*Z3.NotZero();
++ R.identity = Z3.IsZero();
++
++ return R;
++ }
++ else // A_Montgomery
++ {
++ ECP::Point S = R;
++
++ // More gyrations
++ bool return_Q = P.identity;
++ bool return_P = Q.identity;
++ bool double_P = field.Equal(P.x, Q.x) && field.Equal(P.y, Q.y);
++ bool identity = field.Equal(P.x, Q.x) && !field.Equal(P.y, Q.y);
++
++ // This code taken from Double(P) for below
++ identity = !!((double_P * (P.identity + (P.y ==
field.Identity()))) + identity);
++
++ if (double_P)
++ {
++ // This code taken from Double(P)
++ ECP::FieldElement t = field.Square(P.x);
++ t = field.Add(field.Add(field.Double(t), t), a);
++ t = field.Divide(t, field.Double(P.y));
++ ECP::FieldElement x =
field.Subtract(field.Subtract(field.Square(t), P.x), P.x);
++ R.y = field.Subtract(field.Multiply(t,
field.Subtract(P.x, x)), P.y);
++ R.x.swap(x);
++ }
++ else
++ {
++ // Original Add(P,Q) code
++ ECP::FieldElement t = field.Subtract(Q.y, P.y);
++ t = field.Divide(t, field.Subtract(Q.x, P.x));
++ ECP::FieldElement x =
field.Subtract(field.Subtract(field.Square(t), P.x), Q.x);
++ R.y = field.Subtract(field.Multiply(t,
field.Subtract(P.x, x)), P.y);
++ R.x.swap(x);
++ }
++
++ // More gyrations
++ R.x = R.x * IdentityToInteger(!identity);
++ R.y = R.y * IdentityToInteger(!identity);
++ R.identity = identity;
++
++ if (return_Q)
++ return (R = S), Q;
++ else if (return_P)
++ return (R = S), P;
++ else
++ return (S = R), R;
++ }
++}
++
++#undef X
++#undef Y
++#undef Z
++
++#undef X1
++#undef Y1
++#undef Z1
++
++#undef X2
++#undef Y2
++#undef Z2
++
++#undef X3
++#undef Y3
++#undef Z3
++
+ ANONYMOUS_NAMESPACE_END
+
+ NAMESPACE_BEGIN(CryptoPP)
+@@ -243,34 +741,14 @@
+
+ const ECP::Point& ECP::Add(const Point &P, const Point &Q) const
+ {
+- if (P.identity) return Q;
+- if (Q.identity) return P;
+- if (GetField().Equal(P.x, Q.x))
+- return GetField().Equal(P.y, Q.y) ? Double(P) : Identity();
+-
+- FieldElement t = GetField().Subtract(Q.y, P.y);
+- t = GetField().Divide(t, GetField().Subtract(Q.x, P.x));
+- FieldElement x =
GetField().Subtract(GetField().Subtract(GetField().Square(t), P.x), Q.x);
+- m_R.y = GetField().Subtract(GetField().Multiply(t,
GetField().Subtract(P.x, x)), P.y);
+-
+- m_R.x.swap(x);
+- m_R.identity = false;
+- return m_R;
++ AdditionFunction add(GetField(), m_a, m_b, m_R);
++ return (m_R = add(P, Q));
+ }
+
+ const ECP::Point& ECP::Double(const Point &P) const
+ {
+- if (P.identity || P.y==GetField().Identity()) return Identity();
+-
+- FieldElement t = GetField().Square(P.x);
+- t = GetField().Add(GetField().Add(GetField().Double(t), t), m_a);
+- t = GetField().Divide(t, GetField().Double(P.y));
+- FieldElement x =
GetField().Subtract(GetField().Subtract(GetField().Square(t), P.x), P.x);
+- m_R.y = GetField().Subtract(GetField().Multiply(t,
GetField().Subtract(P.x, x)), P.y);
+-
+- m_R.x.swap(x);
+- m_R.identity = false;
+- return m_R;
++ AdditionFunction add(GetField(), m_a, m_b, m_R);
++ return (m_R = add(P));
+ }
+
+ template <class T, class Iterator> void ParallelInvert(const AbstractRing<T>
&ring, Iterator begin, Iterator end)
+@@ -310,20 +788,11 @@
+ }
+ }
+
+-struct ProjectivePoint
+-{
+- ProjectivePoint() {}
+- ProjectivePoint(const Integer &x, const Integer &y, const Integer &z)
+- : x(x), y(y), z(z) {}
+-
+- Integer x,y,z;
+-};
+-
+ class ProjectiveDoubling
+ {
+ public:
+ ProjectiveDoubling(const ModularArithmetic &m_mr, const Integer &m_a,
const Integer &m_b, const ECPPoint &Q)
+- : mr(m_mr), firstDoubling(true), negated(false)
++ : mr(m_mr)
+ {
+ CRYPTOPP_UNUSED(m_b);
+ if (Q.identity)
+@@ -360,7 +829,6 @@
+
+ const ModularArithmetic &mr;
+ ProjectivePoint P;
+- bool firstDoubling, negated;
+ Integer sixteenY4, aZ4, twoY, fourY2, S, M;
+ };
+
Deleted: libcrypto++.pc
===================================================================
--- libcrypto++.pc 2020-05-18 10:53:54 UTC (rev 629443)
+++ libcrypto++.pc 2020-05-18 10:54:00 UTC (rev 629444)
@@ -1,11 +0,0 @@
-# Written by Alexander Rødseth <[email protected]>
-
-prefix=/usr
-libdir=${prefix}/lib
-includedir=${prefix}/include
-
-Name: libcrypto++-7.0.0
-Description: Class library of cryptographic schemes
-Version: 7.0.0
-Libs: -L${libdir} -lcryptopp
-Cflags: -I${includedir}
