Re: Gitlab merge requests
On Wed, Jan 15, 2020 at 7:18 AM Niels Möller wrote: > > If they are you should be able to see them in Settings -> CI/CD -> Runners. > > I've now had a look. There's a section for "Group runners", which is > empty. No mention of "shared runners". There's a link to "Install a > GitLab runner" (with various kinds of binaries, no mention of sources), > and a big button "Install Runner on Kubernetes". So there aren't any :) ___ nettle-bugs mailing list nettle-bugs@lists.lysator.liu.se http://lists.lysator.liu.se/mailman/listinfo/nettle-bugs
Re: Gitlab merge requests
On 1/15/20 9:24 AM, Nikos Mavrogiannopoulos wrote: > On Wed, Jan 15, 2020 at 7:18 AM Niels Möller wrote: > >>> If they are you should be able to see them in Settings -> CI/CD -> Runners. >> >> I've now had a look. There's a section for "Group runners", which is >> empty. No mention of "shared runners". There's a link to "Install a >> GitLab runner" (with various kinds of binaries, no mention of sources), >> and a big button "Install Runner on Kubernetes". > > So there aren't any :) Niels, since you set up your own instance of Gitlab, you can't access the Gitlab.com runners (it's a free service for customers only). So you can set up your own "machines" (bare metal, vm or container) and install [1] on them. This gives you runners for your own CI - every merge request and every push will automatically be built and tested. Sorry that I am not into the details, thus can't give you detailed instructions. [1] https://docs.gitlab.com/runner/install/ Regards, Tim signature.asc Description: OpenPGP digital signature ___ nettle-bugs mailing list nettle-bugs@lists.lysator.liu.se http://lists.lysator.liu.se/mailman/listinfo/nettle-bugs
Re: [PATCH v2 1/3] Add support for GOST GC256B curve
Please excuse me for top-posting. I'll change the names t follow
gost_gc256b pattern, add documentation and submit v4.
--
With best wishes
Dmitry
ср, 15 янв. 2020 г., 19:17 Niels Möller :
> Dmitry Eremin-Solenikov writes:
>
> >> > +const struct ecc_curve *nettle_get_gc256b(void)
> >> > +{
> >> > + return &_nettle_gc256b;
> >> > +}
> >>
> >> Would it make sense to add "gost" to this name, in similar position as
> >> "secp" in other curves?
> >
> > I don't think so. Consider the names from "TLS Supported Groups"
> registry.
>
> I still think it would be appropriate with some more context for the
> Nettle name, just "gc256b" is a bit too terse and obscure. Try doing a
> web search for it. Some alternatives:
>
> nettle_get_gost_gc256b
> nettle_get_gost_curve_256b
> nettle_get_tls_gc256b
>
> I can merge the support as is, but it would be good to agree on name
> before release (and perhaps before adapting the gnutls code, to avoid
> another renaming hassle there).
>
> Regards,
> /Niels
>
> --
> Niels Möller. PGP-encrypted email is preferred. Keyid 368C6677.
> Internet email is subject to wholesale government surveillance.
>
___
nettle-bugs mailing list
nettle-bugs@lists.lysator.liu.se
http://lists.lysator.liu.se/mailman/listinfo/nettle-bugs
Re: [PATCH v2 1/3] Add support for GOST GC256B curve
Dmitry Eremin-Solenikov writes:
>> > +const struct ecc_curve *nettle_get_gc256b(void)
>> > +{
>> > + return &_nettle_gc256b;
>> > +}
>>
>> Would it make sense to add "gost" to this name, in similar position as
>> "secp" in other curves?
>
> I don't think so. Consider the names from "TLS Supported Groups" registry.
I still think it would be appropriate with some more context for the
Nettle name, just "gc256b" is a bit too terse and obscure. Try doing a
web search for it. Some alternatives:
nettle_get_gost_gc256b
nettle_get_gost_curve_256b
nettle_get_tls_gc256b
I can merge the support as is, but it would be good to agree on name
before release (and perhaps before adapting the gnutls code, to avoid
another renaming hassle there).
Regards,
/Niels
--
Niels Möller. PGP-encrypted email is preferred. Keyid 368C6677.
Internet email is subject to wholesale government surveillance.
___
nettle-bugs mailing list
nettle-bugs@lists.lysator.liu.se
http://lists.lysator.liu.se/mailman/listinfo/nettle-bugs
Re: [PATCH v2 1/3] Add support for GOST GC256B curve
Dmitry Eremin-Solenikov writes: > I'll change the names t follow > gost_gc256b pattern, add documentation and submit v4. Excellent. Regards, /Niels -- Niels Möller. PGP-encrypted email is preferred. Keyid 368C6677. Internet email is subject to wholesale government surveillance. ___ nettle-bugs mailing list nettle-bugs@lists.lysator.liu.se http://lists.lysator.liu.se/mailman/listinfo/nettle-bugs
Re: Gitlab merge requests
ср, 15 янв. 2020 г., 12:03 Tim Rühsen : > On 1/15/20 9:24 AM, Nikos Mavrogiannopoulos wrote: > > On Wed, Jan 15, 2020 at 7:18 AM Niels Möller > wrote: > > > >>> If they are you should be able to see them in Settings -> CI/CD -> > Runners. > >> > >> I've now had a look. There's a section for "Group runners", which is > >> empty. No mention of "shared runners". There's a link to "Install a > >> GitLab runner" (with various kinds of binaries, no mention of sources), > >> and a big button "Install Runner on Kubernetes". > > > > So there aren't any :) > > Niels, since you set up your own instance of Gitlab, you can't access > the Gitlab.com runners (it's a free service for customers only). > > So you can set up your own "machines" (bare metal, vm or container) and > install [1] on them. This gives you runners for your own CI - every > merge request and every push will automatically be built and tested. > Another option would be to switch to gitlab.com (and use free CI runners) and use git.lysator.liu.se as a backup/mirror. ___ nettle-bugs mailing list nettle-bugs@lists.lysator.liu.se http://lists.lysator.liu.se/mailman/listinfo/nettle-bugs
Re: Require GNU make?
ni...@lysator.liu.se (Niels Möller) writes: > Requiring GNU make makes a few things easier: We can use %-patterns > everywhere. We can use -include unconditionally for dep-files, dropping the > @DEP_INCLUDE@ variable and the dummy-dep-files configure step. We can > most likely also drop all logic for the testsuite/.test-rules.make file. I've pushed some changes to the branch require-gnu-make. So far, this branch simplifies the dep files logic, and replaces all suffix rules by pattern rules. I haven't yet looked at deleting testsuite/.testrules.make. I wonder if static pattern rules (see https://www.gnu.org/software/make/manual/html_node/Static-Pattern.html#Static-Pattern) are a good tool for that? The README file already says "Using GNU make is strongly recommended". Does it need to be clearer that using other make programs is untested and not likely to work? Regards, /Niels -- Niels Möller. PGP-encrypted email is preferred. Keyid 368C6677. Internet email is subject to wholesale government surveillance. ___ nettle-bugs mailing list nettle-bugs@lists.lysator.liu.se http://lists.lysator.liu.se/mailman/listinfo/nettle-bugs
[PATCH v4 1/4] Add support for GOST GC256B curve
From: Dmitry Eremin-Solenikov
Add support for GC256B curve ("TLS Supported Groups" registry,
draft-smyshlyaev-tls12-gost-suites) also known as
GostR3410-2001-CryptoPro-A and GostR3410-2001-CryptoPro-XchA (RFC 4357).
Signed-off-by: Dmitry Eremin-Solenikov
Signed-off-by: Dmitry Baryshkov
---
.gitignore | 1 +
Makefile.in | 11
ecc-curve.h | 1 +
ecc-gost-gc256b.c| 128 +++
ecc-internal.h | 3 +
eccdata.c| 34 ++-
examples/ecc-benchmark.c | 1 +
testsuite/testutils.c| 12 +++-
8 files changed, 188 insertions(+), 3 deletions(-)
create mode 100644 ecc-gost-gc256b.c
diff --git a/.gitignore b/.gitignore
index ea264107fa40..4454ade5a950 100644
--- a/.gitignore
+++ b/.gitignore
@@ -45,6 +45,7 @@ core
/rotors.h
/ecc-curve25519.h
/ecc-curve448.h
+/ecc-gc256b.h
/ecc-secp192r1.h
/ecc-secp224r1.h
/ecc-secp256r1.h
diff --git a/Makefile.in b/Makefile.in
index 38160bb40fe1..9c1a925462aa 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -176,6 +176,7 @@ hogweed_SOURCES = sexp.c sexp-format.c \
ecc-mod.c ecc-mod-inv.c \
ecc-mod-arith.c ecc-pp1-redc.c ecc-pm1-redc.c \
ecc-curve25519.c ecc-curve448.c \
+ ecc-gost-gc256b.c \
ecc-secp192r1.c ecc-secp224r1.c ecc-secp256r1.c \
ecc-secp384r1.c ecc-secp521r1.c \
ecc-size.c ecc-j-to-a.c ecc-a-to-j.c \
@@ -396,12 +397,21 @@ ecc-curve25519.h: eccdata.stamp
ecc-curve448.h: eccdata.stamp
./eccdata$(EXEEXT_FOR_BUILD) curve448 38 6 $(NUMB_BITS) > $@T && mv $@T
$@
+# Some reasonable choices for 256:
+# k = 9, c = 6, S = 320, T = 54 ( 45 A + 9 D) 20 KB
+# k = 11, c = 6, S = 256, T = 55 ( 44 A + 11 D) 16 KB
+# k = 19, c = 7, S = 256, T = 57 ( 38 A + 19 D) 16 KB
+# k = 15, c = 6, S = 192, T = 60 ( 45 A + 15 D) 12 KB
+ecc-gost-gc256b.h: eccdata.stamp
+ ./eccdata$(EXEEXT_FOR_BUILD) gost_gc256b 11 6 $(NUMB_BITS) > $@T && mv
$@T $@
+
eccdata.stamp: eccdata.c
$(MAKE) eccdata$(EXEEXT_FOR_BUILD)
echo stamp > eccdata.stamp
ecc-curve25519.$(OBJEXT): ecc-curve25519.h
ecc-curve448.$(OBJEXT): ecc-curve448.h
+ecc-gost-gc256b.$(OBJEXT): ecc-gost-gc256b.h
ecc-secp192r1.$(OBJEXT): ecc-secp192r1.h
ecc-secp224r1.$(OBJEXT): ecc-secp224r1.h
ecc-secp256r1.$(OBJEXT): ecc-secp256r1.h
@@ -660,6 +670,7 @@ distcheck: dist
clean-here:
-rm -f $(TARGETS) *.$(OBJEXT) *.s *.so *.dll *.a \
ecc-curve25519.h ecc-curve448.h \
+ ecc-gost-gc256b.h \
ecc-secp192r1.h ecc-secp224r1.h ecc-secp256r1.h \
ecc-secp384r1.h ecc-secp521r1.h \
aesdata$(EXEEXT_FOR_BUILD) \
diff --git a/ecc-curve.h b/ecc-curve.h
index 76024a19d24f..da07b0232d42 100644
--- a/ecc-curve.h
+++ b/ecc-curve.h
@@ -43,6 +43,7 @@ extern "C" {
/* The contents of this struct is internal. */
struct ecc_curve;
+const struct ecc_curve * _NETTLE_ATTRIBUTE_PURE nettle_get_gost_gc256b(void);
const struct ecc_curve * _NETTLE_ATTRIBUTE_PURE nettle_get_secp_192r1(void);
const struct ecc_curve * _NETTLE_ATTRIBUTE_PURE nettle_get_secp_224r1(void);
const struct ecc_curve * _NETTLE_ATTRIBUTE_PURE nettle_get_secp_256r1(void);
diff --git a/ecc-gost-gc256b.c b/ecc-gost-gc256b.c
new file mode 100644
index ..8adc8e1763b9
--- /dev/null
+++ b/ecc-gost-gc256b.c
@@ -0,0 +1,128 @@
+/* ecc-gost-gc256b.c
+
+ Copyright (C) 2016-2020 Dmitry Eremin-Solenikov
+
+ This file is part of GNU Nettle.
+
+ GNU Nettle is free software: you can redistribute it and/or
+ modify it under the terms of either:
+
+ * the GNU Lesser General Public License as published by the Free
+ Software Foundation; either version 3 of the License, or (at your
+ option) any later version.
+
+ or
+
+ * the GNU General Public License as published by the Free
+ Software Foundation; either version 2 of the License, or (at your
+ option) any later version.
+
+ or both in parallel, as here.
+
+ GNU Nettle is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ General Public License for more details.
+
+ You should have received copies of the GNU General Public License and
+ the GNU Lesser General Public License along with this program. If
+ not, see http://www.gnu.org/licenses/.
+*/
+
+#if HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include
+
+#include "ecc.h"
+#include "ecc-internal.h"
+
+#define USE_REDC 0
+
+#include "ecc-gost-gc256b.h"
+
+static void
+ecc_gost_gc256b_modp (const struct ecc_modulo *m, mp_limb_t *rp)
+{
+ mp_size_t mn = m->size;
+ mp_limb_t hi;
+
+ hi = mpn_addmul_1(rp, rp + mn, mn, 0x269);
+ hi = sec_add_1 (rp, rp, mn, hi * 0x269);
+ hi = sec_add_1 (rp, rp, mn, hi * 0x269);
+ assert(hi == 0);
[PATCH v4 4/4] Add documentation for GOSTDSA and GOST curves.
From: Dmitry Baryshkov
Signed-off-by: Dmitry Baryshkov
---
nettle.texinfo | 65 +-
1 file changed, 64 insertions(+), 1 deletion(-)
diff --git a/nettle.texinfo b/nettle.texinfo
index 65b36e315f81..38c84410c103 100644
--- a/nettle.texinfo
+++ b/nettle.texinfo
@@ -115,6 +115,7 @@ Public-key algorithms
* Side-channel silence::
* ECDSA::
+* GOSTDSA::
* Curve 25519 and Curve 448::
@end detailmenu
@@ -4916,6 +4917,7 @@ curve'' is used as a shorthand for the bitsize of the
curve's prime
@menu
* Side-channel silence::
* ECDSA::
+* GOSTDSA::
* Curve 25519 and Curve 448::
@end menu
@@ -4950,7 +4952,7 @@ accesses depend only on the size of the input data and
its location in
memory, not on the actual data bits. This implies a performance penalty
in several of the building blocks.
-@node ECDSA, Curve 25519 and Curve 448, Side-channel silence, Elliptic curves
+@node ECDSA, GOSTDSA, Side-channel silence, Elliptic curves
@comment node-name, next, previous, up
@subsubsection ECDSA
@@ -5054,6 +5056,67 @@ random octets and store them at @code{dst}. For advice,
see
@xref{Randomness}.
@end deftypefun
+@node GOSTDSA, Curve 25519 and Curve 448, ECDSA, Elliptic curves
+@comment node-name, next, previous, up
+@subsubsection GOSTDSA
+
+GOSTDSA (GOST R 34.10-2001, GOST R 34.10-2012) is a variant of the DSA
+(@pxref{DSA}) and ECDSA (@pxref{ECDSA}) digital signature schemes, which works
+over an elliptic curve group. Original documents are written in Russian.
+English translations are provided in @cite{RFC 5832} and @cite{RFC 7091}.
+While technically nothing stops one from using GOSTDSA over any curve, it
+is defined only over several 256 and 512-bit curves. Like DSA and ECDSA,
+creating a signature requires a unique random nonce (repeating the nonce
+with two different messages reveals the private key, and any leak or bias
+in the generation of the nonce also leaks information about the key).
+
+GOST R 34.10-2001 was defined to use GOST R 34.11-94 hash function
+(GOSTHASH94 and GOSTHASH94CP, @cite{RFC 5831}). GOST R 34.10-2012 is
+defined to use GOST R 34.11-2012 hash function (Streebog, @cite{RFC
+6986}) of corresponding size (256 or 512) depending on curve size.
+
+Nettle defines GOSTDSA in @file{}. GOSTDSA reuses ECDSA
+data types (@code{struct ecc_point}, @code{struct ecc_scalar}) to
+represent public and private keys. Also to generate a new GOSTDSA key
+pair one has to use @code{ecdsa_generate_keypair()} function.
+
+To create and verify GOSTDSA signatures, the following functions are used.
+
+@deftypefun void gostdsa_sign (const struct ecc_scalar *@var{key}, void
*@var{random_ctx}, nettle_random_func *@var{random}, size_t
@var{digest_length}, const uint8_t *@var{digest}, struct dsa_signature
*@var{signature})
+Uses the private key @var{key} to create a signature on @var{digest}.
+@var{random_ctx} and @var{random} is a randomness generator.
+@code{random(random_ctx, length, dst)} should generate @code{length}
+random octets and store them at @code{dst}. The signature is stored in
+@var{signature}, in the same was as for plain DSA.
+@end deftypefun
+
+@deftypefun int gostdsa_verify (const struct ecc_point *@var{pub}, size_t
@var{length}, const uint8_t *@var{digest}, const struct dsa_signature
*@var{signature})
+Uses the public key @var{pub} to verify that @var{signature} is a valid
+signature for the message digest @var{digest} (of @var{length} octets).
+Returns 1 if the signature is valid, otherwise 0.
+@end deftypefun
+
+For historical reason several curve IDs (OIDs) may correspond to a single
+curve/generator combination. Following list defines correspondence
+between nettle's view on curves and actual identifiers defined in @cite{RFC
+4357} and @cite{RFC 7836}.
+
+@deftypefun {const struct ecc_curve} nettle_get_gost_gc256b(void)
+Returns curve corresponding to following identifiers:
+@itemize
+@item id-GostR3410-2001-CryptoPro-A-ParamSet (@cite{RFC 4357})
+@item id-GostR3410-2001-CryptoPro-XchA-ParamSet (@cite{RFC 4357})
+@item id-tc26-gost-3410-12-256-paramSetB
+@end itemize
+@end deftypefun
+
+@deftypefun {const struct ecc_curve} nettle_get_gost_gc512a(void)
+Returns curve corresponding to following identifiers:
+@itemize
+@item id-tc26-gost-3410-12-512-paramSetA (@cite{RFC 7836})
+@end itemize
+@end deftypefun
+
@node Curve 25519 and Curve 448, , ECDSA, Elliptic curves
@comment node-name, next, previous, up
@subsubsection Curve25519 and Curve448
--
2.24.1
___
nettle-bugs mailing list
nettle-bugs@lists.lysator.liu.se
http://lists.lysator.liu.se/mailman/listinfo/nettle-bugs
[PATCH v4 3/4] Add GOST DSA according to GOST R 34.10-2001/-2012
From: Dmitry Eremin-Solenikov
Add GOST Digital Signature Algorithms support according to GOST R
34.10-2001/-2012. English translations of these standards are provided
as RFC 5832 and RFC 7091.
Signed-off-by: Dmitry Eremin-Solenikov
Signed-off-by: Dmitry Baryshkov
---
Makefile.in | 4 +-
ecc-gostdsa-sign.c | 101 +
ecc-gostdsa-verify.c| 130 +++
ecc-hash.c | 11 +++
ecc-internal.h | 7 ++
gostdsa-sign.c | 74 +++
gostdsa-verify.c| 78
gostdsa.h | 102 +
testsuite/.gitignore| 3 +
testsuite/.test-rules.make | 9 ++
testsuite/Makefile.in | 4 +-
testsuite/gostdsa-keygen-test.c | 154
testsuite/gostdsa-sign-test.c | 87 ++
testsuite/gostdsa-verify-test.c | 110 +++
testsuite/testutils.h | 1 +
15 files changed, 873 insertions(+), 2 deletions(-)
create mode 100644 ecc-gostdsa-sign.c
create mode 100644 ecc-gostdsa-verify.c
create mode 100644 gostdsa-sign.c
create mode 100644 gostdsa-verify.c
create mode 100644 gostdsa.h
create mode 100644 testsuite/gostdsa-keygen-test.c
create mode 100644 testsuite/gostdsa-sign-test.c
create mode 100644 testsuite/gostdsa-verify-test.c
diff --git a/Makefile.in b/Makefile.in
index a08dfe4da481..1396e2fe2808 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -189,6 +189,8 @@ hogweed_SOURCES = sexp.c sexp-format.c \
ecc-point.c ecc-scalar.c ecc-point-mul.c ecc-point-mul-g.c \
ecc-ecdsa-sign.c ecdsa-sign.c \
ecc-ecdsa-verify.c ecdsa-verify.c ecdsa-keygen.c \
+ ecc-gostdsa-sign.c gostdsa-sign.c \
+ ecc-gostdsa-verify.c gostdsa-verify.c \
curve25519-mul-g.c curve25519-mul.c curve25519-eh-to-x.c \
curve448-mul-g.c curve448-mul.c curve448-eh-to-x.c \
eddsa-compress.c eddsa-decompress.c eddsa-expand.c \
@@ -205,7 +207,7 @@ HEADERS = aes.h arcfour.h arctwo.h asn1.h blowfish.h \
cbc.h ccm.h cfb.h chacha.h chacha-poly1305.h ctr.h \
curve25519.h curve448.h des.h dsa.h dsa-compat.h eax.h \
ecc-curve.h ecc.h ecdsa.h eddsa.h \
- gcm.h gost28147.h gosthash94.h hmac.h \
+ gcm.h gost28147.h gostdsa.h gosthash94.h hmac.h \
knuth-lfib.h hkdf.h \
macros.h \
cmac.h siv-cmac.h \
diff --git a/ecc-gostdsa-sign.c b/ecc-gostdsa-sign.c
new file mode 100644
index ..00eeef81f659
--- /dev/null
+++ b/ecc-gostdsa-sign.c
@@ -0,0 +1,101 @@
+/* ecc-gostdsa-sign.c
+
+ Copyright (C) 2015 Dmitry Eremin-Solenikov
+ Copyright (C) 2013, 2014 Niels Möller
+
+ This file is part of GNU Nettle.
+
+ GNU Nettle is free software: you can redistribute it and/or
+ modify it under the terms of either:
+
+ * the GNU Lesser General Public License as published by the Free
+ Software Foundation; either version 3 of the License, or (at your
+ option) any later version.
+
+ or
+
+ * the GNU General Public License as published by the Free
+ Software Foundation; either version 2 of the License, or (at your
+ option) any later version.
+
+ or both in parallel, as here.
+
+ GNU Nettle is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ General Public License for more details.
+
+ You should have received copies of the GNU General Public License and
+ the GNU Lesser General Public License along with this program. If
+ not, see http://www.gnu.org/licenses/.
+*/
+
+#if HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include
+#include
+
+#include "gostdsa.h"
+#include "ecc-internal.h"
+
+/* Low-level GOST DSA signing */
+
+mp_size_t
+ecc_gostdsa_sign_itch (const struct ecc_curve *ecc)
+{
+ /* Needs 3*ecc->p.size + scratch for ecc->mul_g. Currently same for
+ ecc_mul_g and ecc_mul_g_eh. */
+ return ECC_GOSTDSA_SIGN_ITCH (ecc->p.size);
+}
+
+/* NOTE: Caller should check if r or s is zero. */
+void
+ecc_gostdsa_sign (const struct ecc_curve *ecc,
+ const mp_limb_t *zp,
+ const mp_limb_t *kp,
+ size_t length, const uint8_t *digest,
+ mp_limb_t *rp, mp_limb_t *sp,
+ mp_limb_t *scratch)
+{
+#define P scratch
+#define hp (scratch + 4*ecc->p.size)
+#define tp (scratch + 2*ecc->p.size)
+#define t2pscratch
+ /* Procedure, according to GOST 34.10. q denotes the group
+ order.
+
+ 1. k <-- uniformly random, 0 < k < q
+
+ 2. C <-- (c_x, c_y) = k g
+
+ 3. r <-- c_x mod q
+
+ 4. s <-- (r*z + k*h) mod q.
+ */
+
+ ecc->mul_g (ecc, P, kp, P + 3*ecc->p.size);
[PATCH v4 2/4] Add support for GOST GC512A curve
From: Dmitry Eremin-Solenikov
Add support for GC512A curve ("TLS Supported Groups" registry,
draft-smyshlyaev-tls12-gost-suites) also known as
tc26-gost-3410-12-512-paramSetA (RFC 7836).
Signed-off-by: Dmitry Eremin-Solenikov
---
.gitignore | 1 +
Makefile.in | 14 -
ecc-curve.h | 1 +
ecc-gost-gc512a.c| 128 +++
ecc-internal.h | 1 +
eccdata.c| 38
examples/ecc-benchmark.c | 1 +
testsuite/testutils.c| 18 +-
8 files changed, 198 insertions(+), 4 deletions(-)
create mode 100644 ecc-gost-gc512a.c
diff --git a/.gitignore b/.gitignore
index 4454ade5a950..2e64c187574f 100644
--- a/.gitignore
+++ b/.gitignore
@@ -46,6 +46,7 @@ core
/ecc-curve25519.h
/ecc-curve448.h
/ecc-gc256b.h
+/ecc-gc512a.h
/ecc-secp192r1.h
/ecc-secp224r1.h
/ecc-secp256r1.h
diff --git a/Makefile.in b/Makefile.in
index 9c1a925462aa..a08dfe4da481 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -176,7 +176,7 @@ hogweed_SOURCES = sexp.c sexp-format.c \
ecc-mod.c ecc-mod-inv.c \
ecc-mod-arith.c ecc-pp1-redc.c ecc-pm1-redc.c \
ecc-curve25519.c ecc-curve448.c \
- ecc-gost-gc256b.c \
+ ecc-gost-gc256b.c ecc-gost-gc512a.c \
ecc-secp192r1.c ecc-secp224r1.c ecc-secp256r1.c \
ecc-secp384r1.c ecc-secp521r1.c \
ecc-size.c ecc-j-to-a.c ecc-a-to-j.c \
@@ -405,6 +405,15 @@ ecc-curve448.h: eccdata.stamp
ecc-gost-gc256b.h: eccdata.stamp
./eccdata$(EXEEXT_FOR_BUILD) gost_gc256b 11 6 $(NUMB_BITS) > $@T && mv
$@T $@
+# Some reasonable choices for 512:
+# k = 22, c = 6, S = 256, T = 110 ( 88 A + 22 D) 32 KB
+# k = 29, c = 6, S = 192, T = 116 ( 87 A + 29 D) 24 KB
+# k = 21, c = 5, S = 160, T = 126 (105 A + 21 D) 20 KB
+# k = 43, c = 6, S = 128, T = 129 ( 86 A + 43 D) 16 KB
+# k = 35, c = 5, S = 96, T = 140 (105 A + 35 D) 12 KB
+ecc-gost-gc512a.h: eccdata.stamp
+ ./eccdata$(EXEEXT_FOR_BUILD) gost_gc512a 43 6 $(NUMB_BITS) > $@T && mv
$@T $@
+
eccdata.stamp: eccdata.c
$(MAKE) eccdata$(EXEEXT_FOR_BUILD)
echo stamp > eccdata.stamp
@@ -412,6 +421,7 @@ eccdata.stamp: eccdata.c
ecc-curve25519.$(OBJEXT): ecc-curve25519.h
ecc-curve448.$(OBJEXT): ecc-curve448.h
ecc-gost-gc256b.$(OBJEXT): ecc-gost-gc256b.h
+ecc-gost-gc512a.$(OBJEXT): ecc-gost-gc512a.h
ecc-secp192r1.$(OBJEXT): ecc-secp192r1.h
ecc-secp224r1.$(OBJEXT): ecc-secp224r1.h
ecc-secp256r1.$(OBJEXT): ecc-secp256r1.h
@@ -670,7 +680,7 @@ distcheck: dist
clean-here:
-rm -f $(TARGETS) *.$(OBJEXT) *.s *.so *.dll *.a \
ecc-curve25519.h ecc-curve448.h \
- ecc-gost-gc256b.h \
+ ecc-gost-gc256b.h ecc-gost-gc512a.h \
ecc-secp192r1.h ecc-secp224r1.h ecc-secp256r1.h \
ecc-secp384r1.h ecc-secp521r1.h \
aesdata$(EXEEXT_FOR_BUILD) \
diff --git a/ecc-curve.h b/ecc-curve.h
index da07b0232d42..8f050404a944 100644
--- a/ecc-curve.h
+++ b/ecc-curve.h
@@ -44,6 +44,7 @@ extern "C" {
struct ecc_curve;
const struct ecc_curve * _NETTLE_ATTRIBUTE_PURE nettle_get_gost_gc256b(void);
+const struct ecc_curve * _NETTLE_ATTRIBUTE_PURE nettle_get_gost_gc512a(void);
const struct ecc_curve * _NETTLE_ATTRIBUTE_PURE nettle_get_secp_192r1(void);
const struct ecc_curve * _NETTLE_ATTRIBUTE_PURE nettle_get_secp_224r1(void);
const struct ecc_curve * _NETTLE_ATTRIBUTE_PURE nettle_get_secp_256r1(void);
diff --git a/ecc-gost-gc512a.c b/ecc-gost-gc512a.c
new file mode 100644
index ..4baec1f5945d
--- /dev/null
+++ b/ecc-gost-gc512a.c
@@ -0,0 +1,128 @@
+/* ecc-gost-gc512a.c
+
+ Copyright (C) 2016-2020 Dmitry Eremin-Solenikov
+
+ This file is part of GNU Nettle.
+
+ GNU Nettle is free software: you can redistribute it and/or
+ modify it under the terms of either:
+
+ * the GNU Lesser General Public License as published by the Free
+ Software Foundation; either version 3 of the License, or (at your
+ option) any later version.
+
+ or
+
+ * the GNU General Public License as published by the Free
+ Software Foundation; either version 2 of the License, or (at your
+ option) any later version.
+
+ or both in parallel, as here.
+
+ GNU Nettle is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ General Public License for more details.
+
+ You should have received copies of the GNU General Public License and
+ the GNU Lesser General Public License along with this program. If
+ not, see http://www.gnu.org/licenses/.
+*/
+
+#if HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include
+
+#include "ecc.h"
+#include "ecc-internal.h"
+
+#define USE_REDC 0
+
+#include "ecc-gost-gc512a.h"
+
+static void
+ecc_gc512a_modp (const struct
