uint32_t test_ecc_proj_coords_add(bn_uint_t *ax, bn_uint_t *ay, bn_uint_t *bx,
bn_uint_t *by, bn_uint_t *expx,
bn_uint_t *expy, ecc_curve_t *curve) {
BN_CREATE_VARIABLE(px, ax->length);
BN_CREATE_VARIABLE(py, ay->length);
BN_CREATE_VARIABLE(pz, ay->length);
BN_CREATE_VARIABLE(qx, ax->length);
BN_CREATE_VARIABLE(qy, ay->length);
BN_CREATE_VARIABLE(qz, ay->length);
BN_CREATE_VARIABLE(ox, ax->length);
BN_CREATE_VARIABLE(oy, ay->length);
BN_CREATE_VARIABLE(oz, ay->length);
BN_CREATE_VARIABLE(counted_ay, ay->length);
BN_CREATE_VARIABLE(counted_ax, ax->length);
start_count_time();
eccutils_affine_to_projective(ax, ay, &px, &py, &pz, curve);
eccutils_affine_to_projective(bx, by, &qx, &qy, &qz, curve);
ecc_proj_ec_add(&px, &py, &pz, &qx, &qy, &qz, &ox, &oy, &oz, curve);
eccutils_projective_to_affine(&ox, &oy, &oz, &counted_ax, &counted_ay, curve);
stop_count_time();
info("ecc_proj_add_time_%dB: %u us %u ticks", curve->p->length, get_us(), get_ticks());
if ((bn_compare(&counted_ax, expx) == 0)
&& (bn_compare(&counted_ay, expy) == 0))
return 0;
return 1;
}
uint32_t test_ecc_proj_coords_mul(bn_uint_t *px, bn_uint_t *py, bn_uint_t *k,
bn_uint_t *expx, bn_uint_t *expy,
ecc_curve_t *curve) {
BN_CREATE_VARIABLE(fpx, px->length);
BN_CREATE_VARIABLE(fpy, py->length);
BN_CREATE_VARIABLE(fpz, py->length);
BN_CREATE_VARIABLE(ox, px->length);
BN_CREATE_VARIABLE(oy, py->length);
BN_CREATE_VARIABLE(oz, py->length);
BN_CREATE_VARIABLE(counted_ay, expy->length);
BN_CREATE_VARIABLE(counted_ax, expx->length);
start_count_time();
eccutils_affine_to_projective(px, py, &fpx, &fpy, &fpz, curve);
ecc_proj_ec_mult(&fpx, &fpy, &fpz, k, &ox, &oy, &oz, curve);
eccutils_projective_to_affine(&ox, &oy, &oz, &counted_ax, &counted_ay, curve);
stop_count_time();
// info("ecc_proj_mul_time_%dB: %u us %u ticks %u DWT ticks", curve->p->length, get_us(), get_ticks(), get_ticks_DWT());
if ((bn_compare(&counted_ax, expx) == 0)
&& (bn_compare(&counted_ay, expy) == 0))
return 0;
return 1;
}
uint32_t test_gen_proj_tinydtls_key(bn_uint_t *d, bn_uint_t *exp_pub_k_x, bn_uint_t *exp_pub_k_y, ecc_curve_t *curve)
{
(void)(curve);
BN_CREATE_VARIABLE(pubx, exp_pub_k_x->length);
BN_CREATE_VARIABLE(puby, exp_pub_k_y->length);
start_count_time();
tecc_gen_pub_key(d->number, pubx.number, puby.number);
stop_count_time();
info("ecc_tinydtls_keygen_time_%dB: %u us %u ticks", curve->p->length, get_us(), get_ticks());
if ((bn_compare(&pubx, exp_pub_k_x) == 0) && (bn_compare(&puby, exp_pub_k_y) == 0))
return 0;
return 1;
}
uint32_t test_ecdsa_proj_gen_sig(bn_uint_t *k, bn_uint_t *hash, bn_uint_t *d, bn_uint_t *expr, bn_uint_t *exps, ecc_curve_t *curve)
{
BN_CREATE_VARIABLE(r, expr->length);
BN_CREATE_VARIABLE(s, exps->length);
uint32_t res;
start_count_time();
res = ecc_proj_ECDSA_signature_gen(k, hash, d, &r, &s, curve);
stop_count_time();
info("ecc_proj_ECDSA_gen_time_%dB: %u us %u ticks", curve->p->length, get_us(), get_ticks());
if ((bn_compare(&r, expr) == 0) && (bn_compare(&s, exps) == 0) && (res == 0))
return 0;
return 1;
}
uint32_t test_ecdsa_tinydtls_gen_sig(bn_uint_t *k, bn_uint_t *hash, bn_uint_t *d, bn_uint_t *expr, bn_uint_t *exps, ecc_curve_t *curve)
{
(void)(curve);
BN_CREATE_VARIABLE(r, expr->length);
BN_CREATE_VARIABLE(s, exps->length);
uint32_t res;
start_count_time();
res = tecc_ecdsa_sign(d->number, hash->number, k->number, r.number, s.number);
stop_count_time();
info("ecc_tinydtls_ECDSA_gen_time_%dB: %u us %u ticks", curve->p->length, get_us(), get_ticks());
if ((bn_compare(&r, expr) == 0) && (bn_compare(&s, exps) == 0) && (res == 0))
return 0;
return 1;
}
static void generate_ecdsa(u8 *R, u8 *S, u8 *k, u8 *hash)
{
u8 e[21];
u8 kk[21];
u8 m[21];
u8 minv[21];
struct point mG;
FILE *fp;
e[0] = 0;
memcpy(e + 1, hash, 20);
bn_reduce(e, ec_N, 21);
try_again:
fp = fopen("/dev/random", "rb");
if (fread(m, sizeof m, 1, fp) != 1)
fail("reading random");
fclose(fp);
m[0] = 0;
if (bn_compare(m, ec_N, 21) >= 0)
goto try_again;
// R = (mG).x
point_mul(&mG, m, &ec_G);
point_from_mon(&mG);
R[0] = 0;
elt_copy(R+1, mG.x);
// S = m**-1*(e + Rk) (mod N)
bn_copy(kk, k, 21);
bn_reduce(kk, ec_N, 21);
bn_to_mon(m, ec_N, 21);
bn_to_mon(e, ec_N, 21);
bn_to_mon(R, ec_N, 21);
bn_to_mon(kk, ec_N, 21);
bn_mon_mul(S, R, kk, ec_N, 21);
bn_add(kk, S, e, ec_N, 21);
bn_mon_inv(minv, m, ec_N, 21);
bn_mon_mul(S, minv, kk, ec_N, 21);
bn_from_mon(R, ec_N, 21);
bn_from_mon(S, ec_N, 21);
}
void bn_add(u8 *d, u8 *a, u8 *b, u8 *N, u32 n)
{
u32 i;
u32 dig;
u8 c;
c = 0;
for (i = n - 1; i < n; i--) {
dig = a[i] + b[i] + c;
c = (dig >= 0x100);
d[i] = dig;
}
if (c)
bn_sub_modulus(d, N, n);
if (bn_compare(d, N, n) >= 0)
bn_sub_modulus(d, N, n);
}
static void generate_ecdsa(u8 *R, u8 *S, u8 *k, u8 *hash)
{
u8 e[21];
u8 kk[21];
u8 m[21];
u8 minv[21];
struct point mG;
e[0] = 0;
memcpy(e + 1, hash, 20);
bn_reduce(e, ec_N, 21);
try_again:
get_rand(m, sizeof m);
m[0] = 0;
if (bn_compare(m, ec_N, 21) >= 0)
goto try_again;
// R = (mG).x
point_mul(&mG, m, &ec_G);
point_from_mon(&mG);
R[0] = 0;
elt_copy(R+1, mG.x);
// S = m**-1*(e + Rk) (mod N)
bn_copy(kk, k, 21);
bn_reduce(kk, ec_N, 21);
bn_to_mon(m, ec_N, 21);
bn_to_mon(e, ec_N, 21);
bn_to_mon(R, ec_N, 21);
bn_to_mon(kk, ec_N, 21);
bn_mon_mul(S, R, kk, ec_N, 21);
bn_add(kk, S, e, ec_N, 21);
bn_mon_inv(minv, m, ec_N, 21);
bn_mon_mul(S, minv, kk, ec_N, 21);
bn_from_mon(R, ec_N, 21);
bn_from_mon(S, ec_N, 21);
}
uint32_t eccutils_projective_to_affine(bn_uint_t *px, bn_uint_t *py,
bn_uint_t *pz, bn_uint_t *ax,
bn_uint_t *ay, ecc_curve_t *curve) {
BN_CREATE_VARIABLE(invz, pz->length);
BN_CREATE_VARIABLE(invztmp, pz->length);
BN_CREATE_VARIABLE(invztmp2, pz->length);
bn_zero(&invz);
invz.number[0] = 1;
if (bn_compare(&invz, pz) == 0) {
bn_copy(px, ax, px->length);
bn_copy(py, ay, py->length);
return 0;
}
bn_field_inverse(pz, curve->p, &invz);
bn_field_mul_barret(&invz, &invz, curve->barret_mi, curve->p, &invztmp); //now we've got z^2
bn_field_mul_barret(&invztmp, px, curve->barret_mi, curve->p, ax); //now we've got affine x
bn_field_mul_barret(&invztmp, &invz, curve->barret_mi, curve->p, &invztmp2); //now we've got z^3
bn_field_mul_barret(&invztmp2, py, curve->barret_mi, curve->p, ay); //now we've got affine y
return 0;
}
static int check_ecdsa(struct point *Q, u8 *R, u8 *S, u8 *hash)
{
u8 Sinv[21];
u8 e[21];
u8 w1[21], w2[21];
struct point r1, r2;
u8 rr[21];
e[0] = 0;
memcpy(e + 1, hash, 20);
bn_reduce(e, ec_N, 21);
bn_to_mon(R, ec_N, 21);
bn_to_mon(S, ec_N, 21);
bn_to_mon(e, ec_N, 21);
bn_mon_inv(Sinv, S, ec_N, 21);
bn_mon_mul(w1, e, Sinv, ec_N, 21);
bn_mon_mul(w2, R, Sinv, ec_N, 21);
bn_from_mon(w1, ec_N, 21);
bn_from_mon(w2, ec_N, 21);
point_mul(&r1, w1, &ec_G);
point_mul(&r2, w2, Q);
point_add(&r1, &r1, &r2);
point_from_mon(&r1);
rr[0] = 0;
memcpy(rr + 1, r1.x, 20);
bn_reduce(rr, ec_N, 21);
bn_from_mon(R, ec_N, 21);
bn_from_mon(S, ec_N, 21);
return (bn_compare(rr, R, 21) == 0);
}
void bn_reduce(u8 *d, u8 *N, u32 n)
{
if (bn_compare(d, N, n) >= 0)
bn_sub_1(d, d, N, n);
}
void bn_reduce(uint8_t *d, uint8_t *N, uint32_t n)
{
if (bn_compare(d, N, n) >= 0)
bn_sub_1(d, d, N, n);
}
