[PATCH revised] Add gcry_mpi_ec_sub.
Markus Teich
teichm at in.tum.de
Wed Jul 30 18:39:35 CEST 2014
This function subtracts two points on the curve. Only Twisted Edwards curves are
supported with this change.
---
Heyho Ian,
of course you were correct, the x value have to be negated. Attached is the
fixed patch.
Since I could not build the current master of libgcrypt (configure fails with:
error: cannot find input file: `tests/Makefile.in') I tested it with this
snippet:
gcry_mpi_t vx = gcry_mpi_new(0);
gcry_mpi_t vy = gcry_mpi_new(0);
gcry_mpi_t vz = gcry_mpi_new(0);
gcry_mpi_point_t p;
gcry_mpi_point_t tmp;
p = gcry_mpi_ec_get_point("g", ctx, 0);
tmp = gcry_mpi_ec_get_point("g", ctx, 0);
gcry_log_debugpnt("g ", p, ctx);
gcry_mpi_ec_add(p, p, tmp, ctx);
gcry_log_debugpnt("g+g ", p, ctx);
gcry_mpi_point_get(vx, vy, vz, tmp);
gcry_mpi_neg(vx, vx);
gcry_mpi_point_set(tmp, vx, vy, vz);
gcry_mpi_ec_add(p, p, tmp, ctx);
gcry_log_debugpnt("g+g-g ", p, ctx);
gcry_mpi_ec_add(p, p, tmp, ctx);
gcry_log_debugpnt("g+g-g-g ", p, ctx);
leading to the output:
g .x:+216936d3cd6e53fec0a4e231fdd6dc5c692cc7609525a7b2c9562d608f25d51a
g .y:+6666666666666666666666666666666666666666666666666666666666666658
g+g .x:+36ab384c9f5a046c3d043b7d1833e7ac080d8e4515d7a45f83c5a14e2843ce0e
g+g .y:+2260cdf3092329c21da25ee8c9a21f5697390f51643851560e5f46ae6af8a3c9
g+g-g .x:+216936d3cd6e53fec0a4e231fdd6dc5c692cc7609525a7b2c9562d608f25d51a
g+g-g .y:+6666666666666666666666666666666666666666666666666666666666666658
g+g-g-g .x:-00
g+g-g-g .y:+01
Negating the y value leads to something where the first subtraction fails, but
after another one the result is correct again…
g .x:+216936d3cd6e53fec0a4e231fdd6dc5c692cc7609525a7b2c9562d608f25d51a
g .y:+6666666666666666666666666666666666666666666666666666666666666658
g+g .x:+36ab384c9f5a046c3d043b7d1833e7ac080d8e4515d7a45f83c5a14e2843ce0e
g+g .y:+2260cdf3092329c21da25ee8c9a21f5697390f51643851560e5f46ae6af8a3c9
g+g-g .x:+5e96c92c3291ac013f5b1dce022923a396d3389f6ada584d36a9d29f70da2ad3
g+g-g .y:+1999999999999999999999999999999999999999999999999999999999999995
g+g-g-g .x:-00
g+g-g-g .y:+01
--Markus
mpi/ec.c | 65 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++
src/gcrypt.h.in | 4 ++++
src/visibility.c | 8 +++++++
src/visibility.h | 1 +
4 files changed, 78 insertions(+)
diff --git a/mpi/ec.c b/mpi/ec.c
index 4f35de0..f535ac0 100644
--- a/mpi/ec.c
+++ b/mpi/ec.c
@@ -1094,6 +1094,71 @@ _gcry_mpi_ec_add_points (mpi_point_t result,
}
+/* RESULT = P1 - P2 (Weierstrass version).*/
+static void
+sub_points_weierstrass (mpi_point_t result,
+ mpi_point_t p1, mpi_point_t p2,
+ mpi_ec_t ctx)
+{
+ (void)result;
+ (void)p1;
+ (void)p2;
+ (void)ctx;
+ log_fatal ("%s: %s not yet supported\n",
+ "_gcry_mpi_ec_sub_points", "Weierstrass");
+}
+
+
+/* RESULT = P1 - P2 (Montgomery version).*/
+static void
+sub_points_montgomery (mpi_point_t result,
+ mpi_point_t p1, mpi_point_t p2,
+ mpi_ec_t ctx)
+{
+ (void)result;
+ (void)p1;
+ (void)p2;
+ (void)ctx;
+ log_fatal ("%s: %s not yet supported\n",
+ "_gcry_mpi_ec_sub_points", "Montgomery");
+}
+
+
+/* RESULT = P1 - P2 (Twisted Edwards version).*/
+static void
+sub_points_edwards (mpi_point_t result,
+ mpi_point_t p1, mpi_point_t p2,
+ mpi_ec_t ctx)
+{
+ mpi_point_t p2i = _gcry_mpi_point_new (0);
+ point_set (p2i, p2);
+ _gcry_mpi_neg (p2i->x, p2i->x);
+ add_points_edwards (result, p1, p2i, ctx);
+ _gcry_mpi_point_release (p2i);
+}
+
+
+/* RESULT = P1 - P2 */
+void
+_gcry_mpi_ec_sub_points (mpi_point_t result,
+ mpi_point_t p1, mpi_point_t p2,
+ mpi_ec_t ctx)
+{
+ switch (ctx->model)
+ {
+ case MPI_EC_WEIERSTRASS:
+ sub_points_weierstrass (result, p1, p2, ctx);
+ break;
+ case MPI_EC_MONTGOMERY:
+ sub_points_montgomery (result, p1, p2, ctx);
+ break;
+ case MPI_EC_EDWARDS:
+ sub_points_edwards (result, p1, p2, ctx);
+ break;
+ }
+}
+
+
/* Scalar point multiplication - the main function for ECC. If takes
an integer SCALAR and a POINT as well as the usual context CTX.
RESULT will be set to the resulting point. */
diff --git a/src/gcrypt.h.in b/src/gcrypt.h.in
index a5f8350..7dbad07 100644
--- a/src/gcrypt.h.in
+++ b/src/gcrypt.h.in
@@ -703,6 +703,10 @@ void gcry_mpi_ec_dup (gcry_mpi_point_t w, gcry_mpi_point_t u, gcry_ctx_t ctx);
void gcry_mpi_ec_add (gcry_mpi_point_t w,
gcry_mpi_point_t u, gcry_mpi_point_t v, gcry_ctx_t ctx);
+/* W = U - V. */
+void gcry_mpi_ec_sub (gcry_mpi_point_t w,
+ gcry_mpi_point_t u, gcry_mpi_point_t v, gcry_ctx_t ctx);
+
/* W = N * U. */
void gcry_mpi_ec_mul (gcry_mpi_point_t w, gcry_mpi_t n, gcry_mpi_point_t u,
gcry_ctx_t ctx);
diff --git a/src/visibility.c b/src/visibility.c
index 6ed57ca..fa23e53 100644
--- a/src/visibility.c
+++ b/src/visibility.c
@@ -567,6 +567,14 @@ gcry_mpi_ec_add (gcry_mpi_point_t w,
}
void
+gcry_mpi_ec_sub (gcry_mpi_point_t w,
+ gcry_mpi_point_t u, gcry_mpi_point_t v, gcry_ctx_t ctx)
+{
+ _gcry_mpi_ec_sub_points (w, u, v,
+ _gcry_ctx_get_pointer (ctx, CONTEXT_TYPE_EC));
+}
+
+void
gcry_mpi_ec_mul (gcry_mpi_point_t w, gcry_mpi_t n, gcry_mpi_point_t u,
gcry_ctx_t ctx)
{
diff --git a/src/visibility.h b/src/visibility.h
index 96b5235..f7b5ace 100644
--- a/src/visibility.h
+++ b/src/visibility.h
@@ -486,6 +486,7 @@ MARK_VISIBLEX (_gcry_mpi_get_const)
#define gcry_mpi_abs _gcry_USE_THE_UNDERSCORED_FUNCTION
#define gcry_mpi_ec_add _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_mpi_ec_sub _gcry_USE_THE_UNDERSCORED_FUNCTION
#define gcry_mpi_ec_curve_point _gcry_USE_THE_UNDERSCORED_FUNCTION
#define gcry_mpi_ec_dup _gcry_USE_THE_UNDERSCORED_FUNCTION
#define gcry_mpi_ec_get_affine _gcry_USE_THE_UNDERSCORED_FUNCTION
--
1.8.5.5
More information about the Gcrypt-devel
mailing list