This is an automated email from the ASF dual-hosted git repository. sandreoli pushed a commit to branch issue51 in repository https://gitbox.apache.org/repos/asf/incubator-milagro-crypto-c.git
commit aee0051a6dd8ea278527f1be725290242da45ea7 Author: samuele-andreoli <[email protected]> AuthorDate: Thu Nov 28 15:49:08 2019 +0000 ff - allow specification of exponent size in skpow --- include/ff.h.in | 69 +++++++++++++++++++------------------------- include/paillier.h | 2 +- src/ff.c.in | 46 +++-------------------------- src/paillier.c | 26 +++++++---------- src/rsa.c.in | 4 +-- test/test_paillier_decrypt.c | 3 +- 6 files changed, 49 insertions(+), 101 deletions(-) diff --git a/include/ff.h.in b/include/ff.h.in index dd48cc3..7c50c00 100644 --- a/include/ff.h.in +++ b/include/ff.h.in @@ -181,11 +181,11 @@ extern void FF_WWW_mul(BIG_XXX *x,BIG_XXX *y,BIG_XXX *z,int n); /** @brief Reduce FF mod a modulus * This is slow - @param x FF instance to be reduced mod m - on exit = x mod m - @param m FF modulus + @param x FF instance to be reduced mod p - on exit = x mod p + @param p FF modulus @param n size of FF in BIGs */ -extern void FF_WWW_mod(BIG_XXX *x,BIG_XXX *m,int n); +extern void FF_WWW_mod(BIG_XXX *x,BIG_XXX *p,int n); /** @brief Square an FF * Uses Karatsuba method internally @@ -226,55 +226,57 @@ extern void FF_WWW_random(BIG_XXX *x,csprng *R,int n); @param n size of FF in BIGs */ extern void FF_WWW_randomnum(BIG_XXX *x,BIG_XXX *y,csprng *R,int n); -/** @brief Calculate r=x^e mod m, side channel resistant +/** @brief Calculate r=x^e mod p, side channel resistant * @param r FF instance, on exit = x^e mod p @param x FF instance @param e FF exponent - @param m FF modulus + @param p FF modulus @param n size of FF in BIGs + @param en size of the exponent in BIGs */ -extern void FF_WWW_skpow(BIG_XXX *r,BIG_XXX *x,BIG_XXX * e,BIG_XXX *m,int n); -/** @brief Calculate r=x^e mod m, side channel resistant +extern void FF_WWW_skpow(BIG_XXX *r,BIG_XXX *x,BIG_XXX * e,BIG_XXX *p,int n, int en); +/** @brief Calculate r=x^e mod p, side channel resistant * For short BIG exponent @param r FF instance, on exit = x^e mod p @param x FF instance @param e BIG exponent - @param m FF modulus + @param p FF modulus @param n size of FF in BIGs */ -extern void FF_WWW_skspow(BIG_XXX *r,BIG_XXX *x,BIG_XXX e,BIG_XXX *m,int n); -/** @brief Calculate r=x^e.y^f mod m for big e and f, side channel resistant +extern void FF_WWW_skspow(BIG_XXX *r,BIG_XXX *x,BIG_XXX e,BIG_XXX *p,int n); +/** @brief Calculate r=x^e.y^f mod p for big e and f, side channel resistant * - @param r FF instance, on exit = x^e.y^f mod m - @param x FF instance - @param e FF exponent - @param y FF instance - @param f FF exponent - @param m FF modulus - @param n size of FF in BIGs + @param r FF instance, on exit = x^e.y^f mod p + @param x FF instance + @param e FF exponent + @param y FF instance + @param f FF exponent + @param p FF modulus + @param n size of FF in BIGs + @param en size of the exponent in BIGs */ -extern void FF_WWW_skpow2(BIG_XXX r[],BIG_XXX x[], BIG_XXX e[], BIG_XXX y[], BIG_XXX f[], BIG_XXX m[], int n); -/** @brief Calculate r=x^e mod m +extern void FF_WWW_skpow2(BIG_XXX *r,BIG_XXX *x, BIG_XXX *e, BIG_XXX *y, BIG_XXX *f, BIG_XXX *p, int n, int en); +/** @brief Calculate r=x^e mod p * For very short integer exponent - @param r FF instance, on exit = x^e mod p - @param x FF instance - @param e integer exponent - @param m FF modulus - @param n size of FF in BIGs + @param r FF instance, on exit = x^e mod p + @param x FF instance + @param e integer exponent + @param p FF modulus + @param n size of FF in BIGs */ -extern void FF_WWW_power(BIG_XXX *r,BIG_XXX *x,int e,BIG_XXX *m,int n); -/** @brief Calculate r=x^e mod m +extern void FF_WWW_power(BIG_XXX *r,BIG_XXX *x,int e,BIG_XXX *p,int n); +/** @brief Calculate r=x^e mod p * @param r FF instance, on exit = x^e mod p @param x FF instance @param e FF exponent - @param m FF modulus + @param p FF modulus @param n size of FF in BIGs */ -extern void FF_WWW_pow(BIG_XXX *r,BIG_XXX *x,BIG_XXX *e,BIG_XXX *m,int n); +extern void FF_WWW_pow(BIG_XXX *r,BIG_XXX *x,BIG_XXX *e,BIG_XXX *p,int n); /** @brief Test if an FF has factor in common with integer s * @param x FF instance to be tested @@ -292,16 +294,5 @@ extern int FF_WWW_cfactor(BIG_XXX *x,sign32 s,int n); @return 1 if x is (almost certainly) prime, else return 0 */ extern int FF_WWW_prime(BIG_XXX *x,csprng *R,int n); -/** @brief Calculate r=x^e.y^f mod m - * - @param r FF instance, on exit = x^e.y^f mod p - @param x FF instance - @param e BIG exponent - @param y FF instance - @param f BIG exponent - @param m FF modulus - @param n size of FF in BIGs - */ -extern void FF_WWW_pow2(BIG_XXX *r,BIG_XXX *x,BIG_XXX e,BIG_XXX *y,BIG_XXX f,BIG_XXX *m,int n); #endif diff --git a/include/paillier.h b/include/paillier.h index 7ba9592..30cae34 100644 --- a/include/paillier.h +++ b/include/paillier.h @@ -54,7 +54,7 @@ typedef struct{ typedef struct{ BIG_512_60 n[FFLEN_4096]; /**< Paillier Modulus - n = pq*/ BIG_512_60 g[FFLEN_4096]; /**< Public Base - n+1 */ - BIG_512_60 l[FFLEN_4096]; /**< Private Key (Euler totient of n) */ + BIG_512_60 l[HFLEN_4096]; /**< Private Key (Euler totient of n) */ BIG_512_60 m[FFLEN_4096]; /**< Precomputed l^(-1) */ BIG_512_60 p[HFLEN_4096]; /**< Secret Prime */ diff --git a/src/ff.c.in b/src/ff.c.in index 31347c7..946388c 100644 --- a/src/ff.c.in +++ b/src/ff.c.in @@ -767,7 +767,7 @@ static void FF_WWW_modsqr(BIG_XXX z[],BIG_XXX x[],BIG_XXX p[],BIG_XXX ND[],int n } /* r=x^e mod p using side-channel resistant Montgomery Ladder, for large e */ -void FF_WWW_skpow(BIG_XXX r[],BIG_XXX x[],BIG_XXX e[],BIG_XXX p[],int n) +void FF_WWW_skpow(BIG_XXX r[],BIG_XXX x[],BIG_XXX e[],BIG_XXX p[],int n, int en) { int i,b; #ifndef C99 @@ -782,7 +782,7 @@ void FF_WWW_skpow(BIG_XXX r[],BIG_XXX x[],BIG_XXX e[],BIG_XXX p[],int n) FF_WWW_nres(R0,p,n); FF_WWW_nres(R1,p,n); - for (i=8*MODBYTES_XXX*n-1; i>=0; i--) + for (i=8*MODBYTES_XXX*en-1; i>=0; i--) { b=BIG_XXX_bit(e[i/BIGBITS_XXX],i%BIGBITS_XXX); FF_WWW_modmul(r,R0,R1,p,ND,n); @@ -825,7 +825,7 @@ void FF_WWW_skspow(BIG_XXX r[],BIG_XXX x[],BIG_XXX e,BIG_XXX p[],int n) } /* r=x^e*y^f mod p - side channel resistant */ -void FF_WWW_skpow2(BIG_XXX r[],BIG_XXX x[], BIG_XXX e[], BIG_XXX y[], BIG_XXX f[], BIG_XXX p[], int n) { +void FF_WWW_skpow2(BIG_XXX r[],BIG_XXX x[], BIG_XXX e[], BIG_XXX y[], BIG_XXX f[], BIG_XXX p[], int n, int en) { int i,eb,fb; #ifndef C99 BIG_XXX xn[FFLEN_WWW],yn[FFLEN_WWW],xy[FFLEN_WWW],w[FFLEN_WWW],ND[FFLEN_WWW]; @@ -845,7 +845,7 @@ void FF_WWW_skpow2(BIG_XXX r[],BIG_XXX x[], BIG_XXX e[], BIG_XXX y[], BIG_XXX f[ FF_WWW_one(r,n); FF_WWW_nres(r,p,n); - for (i=8*MODBYTES_XXX*n-1; i>=0; i--) + for (i=8*MODBYTES_XXX*en-1; i>=0; i--) { eb=BIG_XXX_bit(e[i/BIGBITS_XXX],i%BIGBITS_XXX); fb=BIG_XXX_bit(f[i/BIGBITS_XXX],i%BIGBITS_XXX); @@ -924,44 +924,6 @@ void FF_WWW_pow(BIG_XXX r[],BIG_XXX x[],BIG_XXX e[],BIG_XXX p[],int n) FF_WWW_redc(r,p,ND,n); } -/* double exponentiation r=x^e.y^f mod p */ -void FF_WWW_pow2(BIG_XXX r[],BIG_XXX x[],BIG_XXX e,BIG_XXX y[],BIG_XXX f,BIG_XXX p[],int n) -{ - int i,eb,fb; -#ifndef C99 - BIG_XXX xn[FFLEN_WWW],yn[FFLEN_WWW],xy[FFLEN_WWW],ND[FFLEN_WWW]; -#else - BIG_XXX xn[n],yn[n],xy[n],ND[n]; -#endif - - FF_WWW_invmod2m(ND,p,n); - - FF_WWW_copy(xn,x,n); - FF_WWW_copy(yn,y,n); - FF_WWW_nres(xn,p,n); - FF_WWW_nres(yn,p,n); - FF_WWW_modmul(xy,xn,yn,p,ND,n); - FF_WWW_one(r,n); - FF_WWW_nres(r,p,n); - - for (i=8*MODBYTES_XXX-1; i>=0; i--) - { - eb=BIG_XXX_bit(e,i); - fb=BIG_XXX_bit(f,i); - FF_WWW_modsqr(r,r,p,ND,n); - if (eb==1) - { - if (fb==1) FF_WWW_modmul(r,r,xy,p,ND,n); - else FF_WWW_modmul(r,r,xn,p,ND,n); - } - else - { - if (fb==1) FF_WWW_modmul(r,r,yn,p,ND,n); - } - } - FF_WWW_redc(r,p,ND,n); -} - static sign32 igcd(sign32 x,sign32 y) { /* integer GCD, returns GCD of x and y */ diff --git a/src/paillier.c b/src/paillier.c index aa3a5c5..cacf40d 100644 --- a/src/paillier.c +++ b/src/paillier.c @@ -155,7 +155,6 @@ void PAILLIER_KEY_PAIR(csprng *RNG, octet *P, octet* Q, PAILLIER_public_key *PUB OCT_empty(&OCT); FF_2048_toOctet(&OCT, l, FFLEN_2048); - FF_4096_zero(PRIV->l, FFLEN_4096); FF_4096_fromOctet(PRIV->l, &OCT, HFLEN_4096); OCT_empty(&OCT); @@ -206,10 +205,10 @@ void PAILLIER_KEY_PAIR(csprng *RNG, octet *P, octet* Q, PAILLIER_public_key *PUB /* Clean secrets from private key */ void PAILLIER_PRIVATE_KEY_KILL(PAILLIER_private_key *PRIV) { - FF_4096_zero(PRIV->l, FFLEN_4096); + FF_4096_zero(PRIV->l, HFLEN_4096); FF_4096_zero(PRIV->m, FFLEN_4096); - FF_4096_zero(PRIV->p, HFLEN_4096/2); - FF_4096_zero(PRIV->q, HFLEN_4096/2); + FF_4096_zero(PRIV->p, HFLEN_4096); + FF_4096_zero(PRIV->q, HFLEN_4096); } /* Paillier encrypt @@ -221,12 +220,11 @@ void PAILLIER_ENCRYPT(csprng *RNG, PAILLIER_public_key *PUB, octet* PT, octet* C BIG_512_60 r[FFLEN_4096]; // plaintext - BIG_512_60 pt[FFLEN_4096]; + BIG_512_60 pt[HFLEN_4096]; // ciphertext BIG_512_60 ct[FFLEN_4096]; - FF_4096_zero(pt, FFLEN_4096); FF_4096_fromOctet(pt,PT,HFLEN_4096); // In production generate R from RNG @@ -240,7 +238,7 @@ void PAILLIER_ENCRYPT(csprng *RNG, PAILLIER_public_key *PUB, octet* PT, octet* C } // ct = g^pt * r^n mod n2 - FF_4096_skpow2(ct, PUB->g, pt, r, PUB->n, PUB->n2, FFLEN_4096); + FF_4096_skpow2(ct, PUB->g, pt, r, PUB->n, PUB->n2, FFLEN_4096, HFLEN_4096); // Output FF_4096_toOctet(CT, ct, FFLEN_4096); @@ -265,7 +263,7 @@ void PAILLIER_ENCRYPT(csprng *RNG, PAILLIER_public_key *PUB, octet* PT, octet* C FF_4096_output(r,FFLEN_4096); printf("\n\n"); printf("pt "); - FF_4096_output(pt,FFLEN_4096); + FF_4096_output(pt,HFLEN_4096); printf("\n\n"); printf("ct "); FF_4096_output(ct,FFLEN_4096); @@ -297,7 +295,7 @@ void PAILLIER_DECRYPT(PAILLIER_private_key *PRIV, octet* CT, octet* PT) FF_4096_fromOctet(ct,CT,FFLEN_4096); // ct^l mod n^2 - 1 - FF_4096_skpow(ctl,ct,PRIV->l,PRIV->n2,FFLEN_4096); + FF_4096_skpow(ctl,ct,PRIV->l,PRIV->n2,FFLEN_4096,HFLEN_4096); FF_4096_dec(ctl,1,FFLEN_4096); #ifdef DEBUG @@ -330,7 +328,7 @@ void PAILLIER_DECRYPT(PAILLIER_private_key *PRIV, octet* CT, octet* PT) FF_4096_output(PRIV->n,FFLEN_4096); printf("\n\n"); printf("PAILLIER_DECRYPT l "); - FF_4096_output(PRIV->l,FFLEN_4096); + FF_4096_output(PRIV->l,HFLEN_4096); printf("\n\n"); printf("PAILLIER_DECRYPT m "); FF_4096_output(PRIV->m,FFLEN_4096); @@ -414,18 +412,16 @@ void PAILLIER_MULT(PAILLIER_public_key *PUB, octet* CT1, octet* PT, octet* CT) BIG_512_60 ct1[FFLEN_4096]; // Plaintext - BIG_512_60 pt[FFLEN_4096]; + BIG_512_60 pt[HFLEN_4096]; // Ciphertext output. ct = ct1 ^ pt mod n^2 BIG_512_60 ct[FFLEN_4096]; - FF_4096_zero(pt, FFLEN_4096); FF_4096_fromOctet(pt,PT,HFLEN_4096); - FF_4096_fromOctet(ct1,CT1,FFLEN_4096); // ct1^pt mod n^2 - FF_4096_skpow(ct,ct1,pt,PUB->n2,FFLEN_4096); + FF_4096_skpow(ct,ct1,pt,PUB->n2,FFLEN_4096, HFLEN_4096); // output FF_4096_toOctet(CT, ct, FFLEN_4096); @@ -441,7 +437,7 @@ void PAILLIER_MULT(PAILLIER_public_key *PUB, octet* CT1, octet* PT, octet* CT) FF_4096_output(ct1,FFLEN_4096); printf("\n\n"); printf("PAILLIER_MULT pt: "); - FF_4096_output(pt,FFLEN_4096); + FF_4096_output(pt,HFLEN_4096); printf("\n\n"); printf("PAILLIER_MULT ct: "); FF_4096_output(ct,FFLEN_4096); diff --git a/src/rsa.c.in b/src/rsa.c.in index bbe41b2..ba996bd 100644 --- a/src/rsa.c.in +++ b/src/rsa.c.in @@ -136,8 +136,8 @@ void RSA_WWW_DECRYPT(rsa_private_key_WWW *PRIV,octet *G,octet *F) FF_WWW_dmod(jp,g,PRIV->p,HFLEN_WWW); FF_WWW_dmod(jq,g,PRIV->q,HFLEN_WWW); - FF_WWW_skpow(jp,jp,PRIV->dp,PRIV->p,HFLEN_WWW); - FF_WWW_skpow(jq,jq,PRIV->dq,PRIV->q,HFLEN_WWW); + FF_WWW_skpow(jp,jp,PRIV->dp,PRIV->p,HFLEN_WWW,HFLEN_WWW); + FF_WWW_skpow(jq,jq,PRIV->dq,PRIV->q,HFLEN_WWW,HFLEN_WWW); FF_WWW_zero(g,FFLEN_WWW); diff --git a/test/test_paillier_decrypt.c b/test/test_paillier_decrypt.c index 855cb14..f60d034 100644 --- a/test/test_paillier_decrypt.c +++ b/test/test_paillier_decrypt.c @@ -123,11 +123,10 @@ int main(int argc, char** argv) { len = strlen(Lline); linePtr = line + len; - FF_4096_zero(PRIV.l, FFLEN_4096); read_FF_4096(PRIV.l, linePtr, HFLEN_4096); #ifdef DEBUG printf("L = "); - FF_4096_output(PRIV.l , FFLEN_4096); + FF_4096_output(PRIV.l , HFLEN_4096); printf("\n"); #endif }
