update

crypto/ec2/bn_gfp2.c

@@ -121,18 +121,6 @@ int BN_GFP2_copy(BN_GFP2 *r, const BN_GFP2 *a)
 	return 1;
 }
 
-int BN_GFP2_zero(BN_GFP2 *a)
-{
-	if (!a || !a->a0 || !a->a1) {
-		BNerr(BN_F_BN_GFP2_ZERO, ERR_R_PASSED_NULL_PARAMETER);
-		return 0;
-	}
-
-	BN_zero(a->a0);
-	BN_zero(a->a1);
-	return 1;
-}
-
 int BN_GFP2_one(BN_GFP2 *a)
 {
 	if (!a || !a->a0 || !a->a1) {
@@ -145,6 +133,18 @@ int BN_GFP2_one(BN_GFP2 *a)
 	return 1;
 }
 
+int BN_GFP2_zero(BN_GFP2 *a)
+{
+	if (!a || !a->a0 || !a->a1) {
+		BNerr(BN_F_BN_GFP2_ZERO, ERR_R_PASSED_NULL_PARAMETER);
+		return 0;
+	}
+
+	BN_zero(a->a0);
+	BN_zero(a->a1);
+	return 1;
+}
+
 /* return 1 on success, so dont use !BN_GFP2_is_zero() to check return value */
 int BN_GFP2_is_zero(const BN_GFP2 *a)
 {
@@ -156,26 +156,16 @@ int BN_GFP2_is_zero(const BN_GFP2 *a)
 	return (BN_is_zero(a->a0) && BN_is_zero(a->a1));
 }
 
-/*
- * can we compare values on F_p^2 ?
- */
-int BN_GFP2_cmp(const BN_GFP2 *a, const BN_GFP2 *b)
+int BN_GFP2_equ(const BN_GFP2 *a, const BN_GFP2 *b)
 {
 	if (!a || !b || !a->a0 || !a->a1 || !b->a0 || !b->a1) {
-		BNerr(BN_F_BN_GFP2_CMP, ERR_R_PASSED_NULL_PARAMETER);
-		return -1;
+		BNerr(BN_F_BN_GFP2_EQU, ERR_R_PASSED_NULL_PARAMETER);
+		return 0;
 	}
 
 	return ((BN_cmp(a->a0, b->a0) == 0) && (BN_cmp(a->a1, b->a1) == 0));
 }
 
-int BN_GFP2_equ(const BN_GFP2 *a, const BN_GFP2 *b)
-{
-	//FIXME
-									
-	return 0;
-}
-
 int BN_GFP2_add(BN_GFP2 *r, const BN_GFP2 *a, const BN_GFP2 *b,
 	const BIGNUM *p, BN_CTX *ctx)
 {
@@ -416,6 +406,45 @@ end:
 	return ret;
 }
 
+int BN_bn2gfp2(const BIGNUM *bn, BN_GFP2 *gfp2, const BIGNUM *p, BN_CTX *ctx)
+{
+	int ret = 0;
+	BIGNUM *a;
+
+	if (!(a = BN_CTX_get(ctx))) {
+		goto end;
+	}
+
+	BN_one(a);
+	if (!BN_lshift(a, a, BN_num_bytes(p)*8)) {
+		goto end;
+	}
+
+	if (!BN_rshift(gfp2->a1, bn, BN_num_bytes(p)*8)) {
+		goto end;
+	}
+	if (!BN_mod(gfp2->a0, bn, a, ctx)) {
+		goto end;
+	}
+
+	ret = 1;
+end:
+	BN_CTX_end(ctx);
+	return ret;
+}
+
+/* return (a0 + a1 << 2^n), n = log_2(p), n % 8 == 0 */
+int BN_gfp22bn(const BN_GFP2 *gfp2, BIGNUM *bn, const BIGNUM *p, BN_CTX *ctx)
+{
+	if (!BN_lshift(bn, gfp2->a1, BN_num_bytes(p) * 8)) {
+		return 0;
+	}
+	if (!BN_add(bn, bn, gfp2->a0)) {
+		return 0;
+	}
+	return 1;
+}
+
 int BN_GFP2_canonical(const BN_GFP2 *a, unsigned char *out, size_t *outlen,
 	int order, const BIGNUM *p, BN_CTX *ctx)
 {
@@ -462,42 +491,3 @@ int BN_GFP2_canonical(const BN_GFP2 *a, unsigned char *out, size_t *outlen,
 	*outlen = len;
 	return 1;
 }
-
-int BN_bn2gfp2(const BIGNUM *bn, BN_GFP2 *gfp2, const BIGNUM *p, BN_CTX *ctx)
-{
-	int ret = 0;
-	BIGNUM *a;
-
-	if (!(a = BN_CTX_get(ctx))) {
-		goto end;
-	}
-
-	BN_one(a);
-	if (!BN_lshift(a, a, BN_num_bytes(p)*8)) {
-		goto end;
-	}
-
-	if (!BN_rshift(gfp2->a1, bn, BN_num_bytes(p)*8)) {
-		goto end;
-	}
-	if (!BN_mod(gfp2->a0, bn, a, ctx)) {
-		goto end;
-	}
-
-	ret = 1;
-end:
-	BN_CTX_end(ctx);
-	return ret;
-}
-
-/* return (a0 + a1 << 2^n), n = log_2(p), n % 8 == 0 */
-int BN_gfp22bn(const BN_GFP2 *gfp2, BIGNUM *bn, const BIGNUM *p, BN_CTX *ctx)
-{
-	if (!BN_lshift(bn, gfp2->a1, BN_num_bytes(p) * 8)) {
-		return 0;
-	}
-	if (!BN_add(bn, bn, gfp2->a0)) {
-		return 0;
-	}
-	return 1;
-}

crypto/ec2/bn_hash.c

@@ -135,33 +135,3 @@ end:
 	OPENSSL_free(buf);
 	return ret;
 }
-
-#if 0
-int main(void)
-{
-	char *s = "This ASCII string without null-terminator";
-	BIGNUM *bn = NULL;
-	BIGNUM *ret = NULL;
-	BIGNUM *range = NULL;
-
-	BN_hex2bn(&range, "ffffffffffffffffffffefffffffffffffffffff");
-	BN_hex2bn(&bn, "79317c1610c1fc018e9c53d89d59c108cd518608");
-
-	if (!BN_hash2bn(&ret, s, strlen(s), EVP_sha1(), range)) {
-		printf("BN_hash2bn() function failed\n");
-		return 0;
-	}
-	if (!ret) {
-		printf("shit\n");
-	}
-	printf("%s\n", BN_bn2hex(ret));
-	if (BN_cmp(ret, bn) != 0) {
-		printf("BN_hash2bn() test failed\n");
-		return 0;
-	}
-
-	printf("BN_hash2bn() test passed\n");
-	return 1;
-}
-#endif
-

crypto/ec2/bn_solinas.c

@@ -60,6 +60,16 @@
  * use it for fast check of solinas
  */
 
+#define BN_SOLINAS_192V1	0
+#define BN_SOLINAS_192V2	1
+#define BN_SOLINAS_224V1	2
+#define BN_SOLINAS_256V1	3
+#define BN_SOLINAS_384V1	4
+#define BN_SOLINAS_512V1	5
+#define BN_SOLINAS_512V2	6
+#define BN_SOLINAS_1024V1	7
+#define BN_SOLINAS_1024V2	8
+
 static BN_SOLINAS BN_solinas_table[] = {
 	{ 192, 16, -1, -1 },
 	{ 192, 64, -1, -1 },
@@ -92,7 +102,6 @@ static BN_SOLINAS BN_solinas_table[] = {
  *   0xfffffffffbfffffffffffffffffffffffff
  */
 
-
 int BN_bn2solinas(const BIGNUM *bn, BN_SOLINAS *solinas)
 {
 	int ret = 0;
@@ -115,6 +124,7 @@ int BN_bn2solinas(const BIGNUM *bn, BN_SOLINAS *solinas)
 	}
 
 	solinas->c = BN_is_bit_set(bn, 1) ? 1 : -1;
+
 	if (BN_is_bit_set(bn, nbits - 1)) {
 		solinas->s = -1;
 		solinas->a = nbits;
@@ -133,10 +143,16 @@ end:
 int BN_solinas2bn(const BN_SOLINAS *solinas, BIGNUM *bn)
 {
 	int ret = 0;
-#if 0
 	BIGNUM *tmp = NULL;
-	if (b <= 0 || a <= b || (s != 1 && s != -1) ||
-		(c != 1 && c != -1)) {
+
+	if (!solinas || !bn) {
+		BNerr(BN_F_BN_SOLINAS2BN, ERR_R_MALLOC_FAILURE);
+		return 0;
+	}
+
+	if (solinas->b <= 0 || solinas->a <= solinas->b
+		|| (solinas->s != 1 && solinas->s != -1)
+		|| (solinas->c != 1 && solinas->c != -1)) {
 		BNerr(BN_F_BN_SOLINAS2BN, BN_R_INVALID_SOLINAS_PARAMETERS);
 		return 0;
 	}
@@ -148,36 +164,38 @@ int BN_solinas2bn(const BN_SOLINAS *solinas, BIGNUM *bn)
 
 	BN_one(tmp);
 
-	if (!BN_lshift(solinas, tmp, a)) {
+	if (!BN_lshift(bn, tmp, solinas->a)) {
 		BNerr(BN_F_BN_SOLINAS2BN, ERR_R_BN_LIB);
 		goto end;
 	}
-	if (!BN_lshift(tmp, tmp, b)) {
+
+	if (!BN_lshift(tmp, tmp, solinas->b)) {
 		BNerr(BN_F_BN_SOLINAS2BN, ERR_R_BN_LIB);
 		goto end;
 	}
-	if (!BN_add_word(tmp, c)) {
+
+	if (!BN_add_word(tmp, solinas->c)) {
 		BNerr(BN_F_BN_SOLINAS2BN, ERR_R_BN_LIB);
 		goto end;
 	}
-	if (s > 0) {
-		if (!BN_add(solinas, solinas, tmp)) {
+
+	if (solinas->s > 0) {
+		if (!BN_add(bn, bn, tmp)) {
 			BNerr(BN_F_BN_SOLINAS2BN, ERR_R_BN_LIB);
 			goto end;
 		}
 	} else {
-		if (!BN_sub(solinas, solinas, tmp)) {
+		if (!BN_sub(bn, bn, tmp)) {
 			BNerr(BN_F_BN_SOLINAS2BN, ERR_R_BN_LIB);
 			goto end;
 		}
 	}
 
-	/* check if solinas is a prime */
+	/* check if it is a prime */
 
 	ret = 1;
 end:
 	BN_free(tmp);
-#endif
 	return ret;
 }
 
@@ -191,3 +209,7 @@ int BN_is_solinas(const BIGNUM *a)
 	return 0;
 }
 
+BN_SOLINAS *BN_get_solinas(int index)
+{
+	return NULL;
+}

crypto/ec2/build.info

@@ -1,3 +1,3 @@
 LIBS=../../libcrypto
 SOURCE[../../libcrypto]=bn_gfp2.c bn_solinas.c bn_hash.c \
-    fppoint.c ec_expoint.c ec_hash.c ec_type1.c
+    fppoint.c ec_hash.c ec_type1.c

crypto/ec2/ec_expoint.c

@@ -1,90 +0,0 @@
-/* ====================================================================
- * Copyright (c) 2016 The GmSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the GmSSL Project.
- *    (http://gmssl.org/)"
- *
- * 4. The name "GmSSL Project" must not be used to endorse or promote
- *    products derived from this software without prior written
- *    permission. For written permission, please contact
- *    guanzhi1980@gmail.com.
- *
- * 5. Products derived from this software may not be called "GmSSL"
- *    nor may "GmSSL" appear in their names without prior written
- *    permission of the GmSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the GmSSL Project
- *    (http://gmssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE GmSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE GmSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- */
-/*
- * this file is to implement elliptic curve operations over extension
- * fields
- */
-
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include <openssl/bn.h>
-#include <openssl/err.h>
-#include <openssl/evp.h>
-#include <openssl/asn1.h>
-
-
-typedef struct {
-	int security_bits;
-	int n_bits;
-	int p_bits;
-	int q_bits;
-} PAIRING_SEC;
-
-static PAIRING_SEC sec_tbl[] = {
-	/* k    |n|   |p|  |q| */
-	{ 80,  1024,  512, 160},
-	{112,  2048, 1024, 224},
-	{128,  3072, 1536, 256},
-	{192,  7680, 3840, 384},
-	{256, 15360, 7680, 512}
-};
-
-const EVP_MD *PAIRING_nbits_to_md(int nbits)
-{
-	switch (nbits) {
-	case 1024: return EVP_sha1();
-	case 2048: return EVP_sha224();
-	case 3072: return EVP_sha256();
-	case 7680: return EVP_sha384();
-	case 15360: return EVP_sha512();
-	}
-	return NULL;
-}
-

crypto/ec2/ec_type1.c

@@ -51,8 +51,10 @@
 #include <openssl/bn.h>
 #include <openssl/ec.h>
 #include <openssl/err.h>
+#include <openssl/evp.h>
 #include <openssl/bn_gfp2.h>
 
+
 EC_GROUP *EC_GROUP_generate_type1curve(const BIGNUM *order, BN_CTX *bn_ctx)
 {
 	ECerr(EC_F_EC_GROUP_GENERATE_TYPE1CURVE, 0);
@@ -781,3 +783,31 @@ int EC_type1curve_tate_ratio(const EC_GROUP *group, BN_GFP2 *r,
 	return 0;
 }
 
+typedef struct {
+	int security_bits;
+	int n_bits;
+	int p_bits;
+	int q_bits;
+} TYPE1CURVE_SEC;
+
+static TYPE1CURVE_SEC sec_tbl[] = {
+	/* k    |n|   |p|  |q| */
+	{ 80,  1024,  512, 160},
+	{112,  2048, 1024, 224},
+	{128,  3072, 1536, 256},
+	{192,  7680, 3840, 384},
+	{256, 15360, 7680, 512}
+};
+
+const EVP_MD *TYPE1CURVE_nbits_to_md(int nbits)
+{
+	switch (nbits) {
+	case 1024: return EVP_sha1();
+	case 2048: return EVP_sha224();
+	case 3072: return EVP_sha256();
+	case 7680: return EVP_sha384();
+	case 15360: return EVP_sha512();
+	}
+	return NULL;
+}
+