lib/nettle/ecc_make_key.c

   1 /*
   2  * Copyright (C) 2011-2012 Free Software Foundation, Inc.
   3  *
   4  * This file is part of GNUTLS.
   5  *
   6  * The GNUTLS library is free software; you can redistribute it and/or
   7  * modify it under the terms of the GNU Lesser General Public License
   8  * as published by the Free Software Foundation; either version 3 of
   9  * the License, or (at your option) any later version.
  10  *
  11  * This library is distributed in the hope that it will be useful, but
  12  * WITHOUT ANY WARRANTY; without even the implied warranty of
  13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  14  * Lesser General Public License for more details.
  15  *
  16  * You should have received a copy of the GNU Lesser General Public License
  17  * along with this program.  If not, see <http://www.gnu.org/licenses/>
  18  *
  19  */
  20
  21 /* Based on public domain code of LibTomCrypt by Tom St Denis.
  22  * Adapted to gmp and nettle by Nikos Mavrogiannopoulos.
  23  */
  24
  25 #include "ecc.h"
  26
  27 /*
  28   @file ecc_make_key.c
  29   ECC Crypto, Tom St Denis
  30 */
  31
  32 /*
  33   Make a new ECC key
  34   @param prng         An active PRNG state
  35   @param wprng        The index of the PRNG you wish to use
  36   @param prime        The prime of curve's field
  37   @param order        The order of the G point
  38   @param A            The "a" parameter of the curve
  39   @param Gx           The x coordinate of the base point
  40   @param Gy           The y coordinate of the base point
  41   @param curve_id     The id of the curve we are working with
  42   @timing_res         If non zero the function will try to return in constant time.
  43   @return 0 if successful, upon error all allocated memory will be freed
  44 */
  45
  46 int
  47 ecc_make_key_ex (void *random_ctx, nettle_random_func random, ecc_key * key,
  48                  mpz_t prime, mpz_t order, mpz_t A, mpz_t B, mpz_t Gx, mpz_t Gy,
  49                  gnutls_ecc_curve_t curve_id, int timing_res)
  50 {
  51   int err;
  52   ecc_point *base;
  53   unsigned char *buf;
  54   int keysize;
  55
  56   if (key == NULL || random == NULL)
  57     return -1;
  58
  59   keysize = nettle_mpz_sizeinbase_256_u (order);
  60
  61   /* allocate ram */
  62   base = NULL;
  63   buf = malloc (keysize);
  64   if (buf == NULL)
  65     return -1;
  66
  67   /* make up random string */
  68   random (random_ctx, keysize, buf);
  69
  70   /* setup the key variables */
  71   if ((err =
  72        mp_init_multi (&key->pubkey.x, &key->pubkey.y, &key->pubkey.z, &key->k,
  73                       &key->prime, &key->order, &key->A, &key->B, &key->Gx, &key->Gy,
  74                       NULL)) != 0)
  75     {
  76       goto ERR_BUF;
  77     }
  78   base = ecc_new_point ();
  79   if (base == NULL)
  80     {
  81       err = -1;
  82       goto errkey;
  83     }
  84
  85   /* read in the specs for this key */
  86   mpz_set (key->prime, prime);
  87   mpz_set (key->order, order);
  88   mpz_set (key->Gx, Gx);
  89   mpz_set (key->Gy, Gy);
  90   mpz_set (key->A, A);
  91   mpz_set (key->B, B);
  92
  93   mpz_set (base->x, key->Gx);
  94   mpz_set (base->y, key->Gy);
  95   mpz_set_ui (base->z, 1);
  96
  97   nettle_mpz_set_str_256_u (key->k, keysize, buf);
  98
  99   /* the key should be smaller than the order of base point */
 100   if (mpz_cmp (key->k, key->order) >= 0)
 101     {
 102       mpz_mod (key->k, key->k, key->order);
 103     }
 104   /* make the public key */
 105   if (timing_res)
 106     err = ecc_mulmod_cached_timing (key->k, curve_id, &key->pubkey, key->A, key->prime, 1);
 107   else
 108     err = ecc_mulmod_cached (key->k, curve_id, &key->pubkey, key->A, key->prime, 1);
 109
 110   if (err != 0)
 111     goto errkey;
 112
 113   key->type = PK_PRIVATE;
 114
 115   /* free up ram */
 116   err = 0;
 117   goto cleanup;
 118 errkey:
 119   mp_clear_multi (&key->pubkey.x, &key->pubkey.y, &key->pubkey.z, &key->k,
 120                   &key->order, &key->prime, &key->Gx, &key->Gy, &key->A, &key->B,
 121                   NULL);
 122 cleanup:
 123   ecc_del_point (base);
 124 ERR_BUF:
 125   free (buf);
 126   return err;
 127 }
 128
 129 int
 130 ecc_make_key (void *random_ctx, nettle_random_func random, ecc_key * key,
 131               const ecc_set_type * dp, gnutls_ecc_curve_t curve_id)
 132 {
 133   mpz_t prime, order, Gx, Gy, A, B;
 134   int err;
 135
 136   /* setup the key variables */
 137   if ((err = mp_init_multi (&prime, &order, &A, &B, &Gx, &Gy, NULL)) != 0)
 138     {
 139       goto cleanup;
 140     }
 141
 142   /* read in the specs for this key */
 143   mpz_set_str (prime, (char *) dp->prime, 16);
 144   mpz_set_str (order, (char *) dp->order, 16);
 145   mpz_set_str (Gx, (char *) dp->Gx, 16);
 146   mpz_set_str (Gy, (char *) dp->Gy, 16);
 147   mpz_set_str (A, (char *) dp->A, 16);
 148   mpz_set_str (B, (char *) dp->B, 16);
 149
 150   err = ecc_make_key_ex (random_ctx, random, key, prime, order, A, B, Gx, Gy, curve_id, 0);
 151
 152   mp_clear_multi (&prime, &order, &A, &B, &Gx, &Gy, NULL);
 153 cleanup:
 154   return err;
 155 }
 156
 157 /* $Source: /cvs/libtom/libtomcrypt/src/pk/ecc/ecc_make_key.c,v $ */
 158 /* $Revision: 1.13 $ */
 159 /* $Date: 2007/05/12 14:32:35 $ */