diff options
author | Werner Koch <wk@gnupg.org> | 2013-05-24 16:54:52 +0200 |
---|---|---|
committer | Werner Koch <wk@gnupg.org> | 2013-05-24 16:54:52 +0200 |
commit | 99b18aa536703ef90c9a1f5c8f40bc68b2064593 (patch) | |
tree | 6023b56d33d54a632232f7208a0c8861f23709ae /cipher/ecc.c | |
parent | 9711384f75564a71979e3fb971b5f4cadcf1afef (diff) | |
download | libgcrypt-99b18aa536703ef90c9a1f5c8f40bc68b2064593.tar.gz |
ecc: Simplify the compliant point generation.
* cipher/ecc.c (generate_key): Use point_snatch_set, replaces unneeded
variable copies, etc.
Signed-off-by: Werner Koch <wk@gnupg.org>
Diffstat (limited to 'cipher/ecc.c')
-rw-r--r-- | cipher/ecc.c | 45 |
1 files changed, 17 insertions, 28 deletions
diff --git a/cipher/ecc.c b/cipher/ecc.c index 63ee2d04..e5a925b1 100644 --- a/cipher/ecc.c +++ b/cipher/ecc.c @@ -504,7 +504,6 @@ generate_key (ECC_secret_key *sk, unsigned int nbits, const char *name, { gpg_err_code_t err; elliptic_curve_t E; - gcry_mpi_t d; mpi_point_struct Q; mpi_ec_t ctx; gcry_random_level_t random_level; @@ -529,12 +528,12 @@ generate_key (ECC_secret_key *sk, unsigned int nbits, const char *name, } random_level = transient_key ? GCRY_STRONG_RANDOM : GCRY_VERY_STRONG_RANDOM; - d = _gcry_dsa_gen_k (E.n, random_level); + sk->d = _gcry_dsa_gen_k (E.n, random_level); /* Compute Q. */ point_init (&Q); ctx = _gcry_mpi_ec_p_internal_new (E.p, E.a); - _gcry_mpi_ec_mul_point (&Q, d, &E.G, ctx); + _gcry_mpi_ec_mul_point (&Q, sk->d, &E.G, ctx); /* Copy the stuff to the key structures. */ sk->E.p = mpi_copy (E.p); @@ -553,47 +552,38 @@ generate_key (ECC_secret_key *sk, unsigned int nbits, const char *name, * dropped because we know that it's a minimum of the two * possibilities without any loss of security. */ { - gcry_mpi_t x, p_y, y; - const unsigned int nbits = mpi_get_nbits (E.p); + gcry_mpi_t x, y, p_y; + const unsigned int pbits = mpi_get_nbits (E.p); - x = mpi_new (nbits); - p_y = mpi_new (nbits); - y = mpi_new (nbits); + x = mpi_new (pbits); + y = mpi_new (pbits); + p_y = mpi_new (pbits); if (_gcry_mpi_ec_get_affine (x, y, &Q, ctx)) - log_fatal ("ecgen: Failed to get affine coordinates for Q\n"); + log_fatal ("ecgen: Failed to get affine coordinates for %s\n", "Q"); - mpi_sub( p_y, E.p, y ); /* p_y = p-y */ + mpi_sub (p_y, E.p, y); /* p_y = p - y */ - if (mpi_cmp( p_y /*p-y*/, y ) < 0) /* is p-y < p ? */ + if (mpi_cmp (p_y, y) < 0) /* p - y < p */ { - gcry_mpi_t z = mpi_copy (mpi_const (MPI_C_ONE)); - - /* log_mpidump ("ecgen p-y", p_y); */ - /* log_mpidump ("ecgen y ", y); */ - /* log_debug ("ecgen will replace y with p-y\n"); */ - /* log_mpidump ("ecgen d before", d); */ - /* We need to end up with -Q; this assures that new Q's y is the smallest one */ - sk->d = mpi_new (nbits); - mpi_sub (sk->d, E.n, d); /* d = order-d */ - /* log_mpidump ("ecgen d after ", sk->d); */ - gcry_mpi_point_set (&sk->Q, x, p_y/*p-y*/, z); /* Q = -Q */ + mpi_sub (sk->d, E.n, sk->d); /* d = order - d */ + gcry_mpi_point_snatch_set (&sk->Q, x, p_y, mpi_alloc_set_ui (1)); + if (DBG_CIPHER) log_debug ("ecgen converted Q to a compliant point\n"); - mpi_free (z); } - else + else /* p - y >= p */ { /* No change is needed exactly 50% of the time: just copy. */ - sk->d = mpi_copy (d); point_set (&sk->Q, &Q); if (DBG_CIPHER) log_debug ("ecgen didn't need to convert Q to a compliant point\n"); + + mpi_free (p_y); + mpi_free (x); } - mpi_free (x); - mpi_free (p_y); mpi_free (y); } @@ -612,7 +602,6 @@ generate_key (ECC_secret_key *sk, unsigned int nbits, const char *name, _gcry_mpi_ec_free (ctx); point_free (&Q); - mpi_free (d); *r_usedcurve = E.name; curve_free (&E); |