summaryrefslogtreecommitdiffstats
path: root/crypto/ec/curve448
diff options
context:
space:
mode:
authorShane Lontis <shane.lontis@oracle.com>2021-03-09 11:04:21 +1000
committerShane Lontis <shane.lontis@oracle.com>2021-03-18 17:52:37 +1000
commit054d43ff972068a0f2ec07319808ca32ad0afb5f (patch)
tree084414afcd5637f6d2adfb7b28e61e8843157ab6 /crypto/ec/curve448
parent47864aeafd2ca0ea551f00df99c4c598b53c5912 (diff)
Add ossl_ ecx symbols
Partial fix for #12964 Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14473)
Diffstat (limited to 'crypto/ec/curve448')
-rw-r--r--crypto/ec/curve448/curve448.c88
-rw-r--r--crypto/ec/curve448/curve448_local.h15
-rw-r--r--crypto/ec/curve448/curve448_tables.c4
-rw-r--r--crypto/ec/curve448/ed448.h100
-rw-r--r--crypto/ec/curve448/eddsa.c181
-rw-r--r--crypto/ec/curve448/point_448.h67
-rw-r--r--crypto/ec/curve448/scalar.c47
7 files changed, 277 insertions, 225 deletions
diff --git a/crypto/ec/curve448/curve448.c b/crypto/ec/curve448/curve448.c
index b03218283e..b624692713 100644
--- a/crypto/ec/curve448/curve448.c
+++ b/crypto/ec/curve448/curve448.c
@@ -55,7 +55,7 @@ static void gf_invert(gf y, const gf x, int assert_nonzero)
}
/** identity = (0,1) */
-const curve448_point_t curve448_point_identity =
+const curve448_point_t ossl_curve448_point_identity =
{ {{{{0}}}, {{{1}}}, {{{1}}}, {{{0}}}} };
static void point_double_internal(curve448_point_t p, const curve448_point_t q,
@@ -82,7 +82,7 @@ static void point_double_internal(curve448_point_t p, const curve448_point_t q,
gf_mul(p->t, b, d);
}
-void curve448_point_double(curve448_point_t p, const curve448_point_t q)
+void ossl_curve448_point_double(curve448_point_t p, const curve448_point_t q)
{
point_double_internal(p, q, 0);
}
@@ -184,8 +184,9 @@ static void sub_pniels_from_pt(curve448_point_t p, const pniels_t pn,
sub_niels_from_pt(p, pn->n, before_double);
}
-c448_bool_t curve448_point_eq(const curve448_point_t p,
- const curve448_point_t q)
+c448_bool_t
+ossl_curve448_point_eq(const curve448_point_t p,
+ const curve448_point_t q)
{
mask_t succ;
gf a, b;
@@ -198,7 +199,8 @@ c448_bool_t curve448_point_eq(const curve448_point_t p,
return mask_to_bool(succ);
}
-c448_bool_t curve448_point_valid(const curve448_point_t p)
+c448_bool_t
+ossl_curve448_point_valid(const curve448_point_t p)
{
mask_t out;
gf a, b, c;
@@ -225,7 +227,8 @@ static ossl_inline void constant_time_lookup_niels(niels_s * RESTRICT ni,
constant_time_lookup(ni, table, sizeof(niels_s), nelts, idx);
}
-void curve448_precomputed_scalarmul(curve448_point_t out,
+void
+ossl_curve448_precomputed_scalarmul(curve448_point_t out,
const curve448_precomputed_s * table,
const curve448_scalar_t scalar)
{
@@ -234,8 +237,8 @@ void curve448_precomputed_scalarmul(curve448_point_t out,
niels_t ni;
curve448_scalar_t scalar1x;
- curve448_scalar_add(scalar1x, scalar, precomputed_scalarmul_adjustment);
- curve448_scalar_halve(scalar1x, scalar1x);
+ ossl_curve448_scalar_add(scalar1x, scalar, precomputed_scalarmul_adjustment);
+ ossl_curve448_scalar_halve(scalar1x, scalar1x);
for (i = s; i > 0; i--) {
if (i != s)
@@ -272,7 +275,8 @@ void curve448_precomputed_scalarmul(curve448_point_t out,
OPENSSL_cleanse(scalar1x, sizeof(scalar1x));
}
-void curve448_point_mul_by_ratio_and_encode_like_eddsa(
+void
+ossl_curve448_point_mul_by_ratio_and_encode_like_eddsa(
uint8_t enc[EDDSA_448_PUBLIC_BYTES],
const curve448_point_t p)
{
@@ -316,10 +320,11 @@ void curve448_point_mul_by_ratio_and_encode_like_eddsa(
OPENSSL_cleanse(y, sizeof(y));
OPENSSL_cleanse(z, sizeof(z));
OPENSSL_cleanse(t, sizeof(t));
- curve448_point_destroy(q);
+ ossl_curve448_point_destroy(q);
}
-c448_error_t curve448_point_decode_like_eddsa_and_mul_by_ratio(
+c448_error_t
+ossl_curve448_point_decode_like_eddsa_and_mul_by_ratio(
curve448_point_t p,
const uint8_t enc[EDDSA_448_PUBLIC_BYTES])
{
@@ -372,14 +377,15 @@ c448_error_t curve448_point_decode_like_eddsa_and_mul_by_ratio(
}
OPENSSL_cleanse(enc2, sizeof(enc2));
- assert(curve448_point_valid(p) || ~succ);
+ assert(ossl_curve448_point_valid(p) || ~succ);
return c448_succeed_if(mask_to_bool(succ));
}
-c448_error_t x448_int(uint8_t out[X_PUBLIC_BYTES],
- const uint8_t base[X_PUBLIC_BYTES],
- const uint8_t scalar[X_PRIVATE_BYTES])
+c448_error_t
+ossl_x448_int(uint8_t out[X_PUBLIC_BYTES],
+ const uint8_t base[X_PUBLIC_BYTES],
+ const uint8_t scalar[X_PRIVATE_BYTES])
{
gf x1, x2, z2, x3, z3, t1, t2;
int t;
@@ -456,7 +462,8 @@ c448_error_t x448_int(uint8_t out[X_PUBLIC_BYTES],
return c448_succeed_if(mask_to_bool(nz));
}
-void curve448_point_mul_by_ratio_and_encode_like_x448(uint8_t
+void
+ossl_curve448_point_mul_by_ratio_and_encode_like_x448(uint8_t
out[X_PUBLIC_BYTES],
const curve448_point_t p)
{
@@ -467,11 +474,11 @@ void curve448_point_mul_by_ratio_and_encode_like_x448(uint8_t
gf_mul(q->z, q->t, q->y); /* y/x */
gf_sqr(q->y, q->z); /* (y/x)^2 */
gf_serialize(out, q->y, 1);
- curve448_point_destroy(q);
+ ossl_curve448_point_destroy(q);
}
-void x448_derive_public_key(uint8_t out[X_PUBLIC_BYTES],
- const uint8_t scalar[X_PRIVATE_BYTES])
+void ossl_x448_derive_public_key(uint8_t out[X_PUBLIC_BYTES],
+ const uint8_t scalar[X_PRIVATE_BYTES])
{
/* Scalar conditioning */
uint8_t scalar2[X_PRIVATE_BYTES];
@@ -485,15 +492,16 @@ void x448_derive_public_key(uint8_t out[X_PUBLIC_BYTES],
scalar2[X_PRIVATE_BYTES - 1] &= ~((0u - 1u) << ((X_PRIVATE_BITS + 7) % 8));
scalar2[X_PRIVATE_BYTES - 1] |= 1 << ((X_PRIVATE_BITS + 7) % 8);
- curve448_scalar_decode_long(the_scalar, scalar2, sizeof(scalar2));
+ ossl_curve448_scalar_decode_long(the_scalar, scalar2, sizeof(scalar2));
/* Compensate for the encoding ratio */
for (i = 1; i < X448_ENCODE_RATIO; i <<= 1)
- curve448_scalar_halve(the_scalar, the_scalar);
+ ossl_curve448_scalar_halve(the_scalar, the_scalar);
- curve448_precomputed_scalarmul(p, curve448_precomputed_base, the_scalar);
- curve448_point_mul_by_ratio_and_encode_like_x448(out, p);
- curve448_point_destroy(p);
+ ossl_curve448_precomputed_scalarmul(p, ossl_curve448_precomputed_base,
+ the_scalar);
+ ossl_curve448_point_mul_by_ratio_and_encode_like_x448(out, p);
+ ossl_curve448_point_destroy(p);
}
/* Control for variable-time scalar multiply algorithms. */
@@ -610,7 +618,7 @@ static void prepare_wnaf_table(pniels_t * output,
if (tbits == 0)
return;
- curve448_point_double(tmp, working);
+ ossl_curve448_point_double(tmp, working);
pt_to_pniels(twop, tmp);
add_pniels_to_pt(tmp, output[0], 0);
@@ -621,11 +629,12 @@ static void prepare_wnaf_table(pniels_t * output,
pt_to_pniels(output[i], tmp);
}
- curve448_point_destroy(tmp);
+ ossl_curve448_point_destroy(tmp);
OPENSSL_cleanse(twop, sizeof(twop));
}
-void curve448_base_double_scalarmul_non_secret(curve448_point_t combo,
+void
+ossl_curve448_base_double_scalarmul_non_secret(curve448_point_t combo,
const curve448_scalar_t scalar1,
const curve448_point_t base2,
const curve448_scalar_t scalar2)
@@ -645,7 +654,7 @@ void curve448_base_double_scalarmul_non_secret(curve448_point_t combo,
i = control_var[0].power;
if (i < 0) {
- curve448_point_copy(combo, curve448_point_identity);
+ curve448_point_copy(combo, ossl_curve448_point_identity);
return;
}
if (i > control_pre[0].power) {
@@ -653,13 +662,14 @@ void curve448_base_double_scalarmul_non_secret(curve448_point_t combo,
contv++;
} else if (i == control_pre[0].power && i >= 0) {
pniels_to_pt(combo, precmp_var[control_var[0].addend >> 1]);
- add_niels_to_pt(combo, curve448_wnaf_base[control_pre[0].addend >> 1],
+ add_niels_to_pt(combo,
+ ossl_curve448_wnaf_base[control_pre[0].addend >> 1],
i);
contv++;
contp++;
} else {
i = control_pre[0].power;
- niels_to_pt(combo, curve448_wnaf_base[control_pre[0].addend >> 1]);
+ niels_to_pt(combo, ossl_curve448_wnaf_base[control_pre[0].addend >> 1]);
contp++;
}
@@ -688,11 +698,11 @@ void curve448_base_double_scalarmul_non_secret(curve448_point_t combo,
if (control_pre[contp].addend > 0)
add_niels_to_pt(combo,
- curve448_wnaf_base[control_pre[contp].addend
+ ossl_curve448_wnaf_base[control_pre[contp].addend
>> 1], i);
else
sub_niels_from_pt(combo,
- curve448_wnaf_base[(-control_pre
+ ossl_curve448_wnaf_base[(-control_pre
[contp].addend) >> 1], i);
contp++;
}
@@ -709,20 +719,20 @@ void curve448_base_double_scalarmul_non_secret(curve448_point_t combo,
(void)ncb_pre;
}
-void curve448_point_destroy(curve448_point_t point)
+void ossl_curve448_point_destroy(curve448_point_t point)
{
OPENSSL_cleanse(point, sizeof(curve448_point_t));
}
-int X448(uint8_t out_shared_key[56], const uint8_t private_key[56],
- const uint8_t peer_public_value[56])
+int ossl_x448(uint8_t out_shared_key[56], const uint8_t private_key[56],
+ const uint8_t peer_public_value[56])
{
- return x448_int(out_shared_key, peer_public_value, private_key)
+ return ossl_x448_int(out_shared_key, peer_public_value, private_key)
== C448_SUCCESS;
}
-void X448_public_from_private(uint8_t out_public_value[56],
- const uint8_t private_key[56])
+void ossl_x448_public_from_private(uint8_t out_public_value[56],
+ const uint8_t private_key[56])
{
- x448_derive_public_key(out_public_value, private_key);
+ ossl_x448_derive_public_key(out_public_value, private_key);
}
diff --git a/crypto/ec/curve448/curve448_local.h b/crypto/ec/curve448/curve448_local.h
index c5ffa75f6b..39534a7237 100644
--- a/crypto/ec/curve448/curve448_local.h
+++ b/crypto/ec/curve448/curve448_local.h
@@ -10,12 +10,15 @@
# define OSSL_CRYPTO_EC_CURVE448_LOCAL_H
# include "curve448utils.h"
-int ED448ph_sign(OSSL_LIB_CTX *ctx, uint8_t *out_sig, const uint8_t hash[64],
- const uint8_t public_key[57], const uint8_t private_key[57],
- const uint8_t *context, size_t context_len, const char *propq);
+int
+ossl_ed448ph_sign(OSSL_LIB_CTX *ctx, uint8_t *out_sig, const uint8_t hash[64],
+ const uint8_t public_key[57], const uint8_t private_key[57],
+ const uint8_t *context, size_t context_len, const char *propq);
-int ED448ph_verify(OSSL_LIB_CTX *ctx, const uint8_t hash[64],
- const uint8_t signature[114], const uint8_t public_key[57],
- const uint8_t *context, size_t context_len, const char *propq);
+int
+ossl_ed448ph_verify(OSSL_LIB_CTX *ctx, const uint8_t hash[64],
+ const uint8_t signature[114], const uint8_t public_key[57],
+ const uint8_t *context, size_t context_len,
+ const char *propq);
#endif /* OSSL_CRYPTO_EC_CURVE448_LOCAL_H */
diff --git a/crypto/ec/curve448/curve448_tables.c b/crypto/ec/curve448/curve448_tables.c
index ec8ffcc36b..fe0d373f84 100644
--- a/crypto/ec/curve448/curve448_tables.c
+++ b/crypto/ec/curve448/curve448_tables.c
@@ -1058,7 +1058,7 @@ static const curve448_precomputed_s curve448_precomputed_base_table = {
}}
}
};
-const struct curve448_precomputed_s *curve448_precomputed_base
+const struct curve448_precomputed_s *ossl_curve448_precomputed_base
= &curve448_precomputed_base_table;
static const niels_t curve448_wnaf_base_table[32] = {
@@ -1480,4 +1480,4 @@ static const niels_t curve448_wnaf_base_table[32] = {
0x001979c0df237316ULL, 0x00501e953a919b87ULL)},
}}
};
-const niels_t *curve448_wnaf_base = curve448_wnaf_base_table;
+const niels_t *ossl_curve448_wnaf_base = curve448_wnaf_base_table;
diff --git a/crypto/ec/curve448/ed448.h b/crypto/ec/curve448/ed448.h
index 3a1a9b46d6..fad21a0273 100644
--- a/crypto/ec/curve448/ed448.h
+++ b/crypto/ec/curve448/ed448.h
@@ -37,11 +37,12 @@
* pubkey (out): The public key.
* privkey (in): The private key.
*/
-c448_error_t c448_ed448_derive_public_key(
- OSSL_LIB_CTX *ctx,
- uint8_t pubkey [EDDSA_448_PUBLIC_BYTES],
- const uint8_t privkey [EDDSA_448_PRIVATE_BYTES],
- const char *propq);
+c448_error_t
+ossl_c448_ed448_derive_public_key(
+ OSSL_LIB_CTX *ctx,
+ uint8_t pubkey [EDDSA_448_PUBLIC_BYTES],
+ const uint8_t privkey [EDDSA_448_PRIVATE_BYTES],
+ const char *propq);
/*
* EdDSA signing.
@@ -60,15 +61,15 @@ c448_error_t c448_ed448_derive_public_key(
* non-prehashed messages, at least without some very careful protocol-level
* disambiguation. For Ed448 it is safe.
*/
-c448_error_t c448_ed448_sign(
- OSSL_LIB_CTX *ctx,
- uint8_t signature[EDDSA_448_SIGNATURE_BYTES],
- const uint8_t privkey[EDDSA_448_PRIVATE_BYTES],
- const uint8_t pubkey[EDDSA_448_PUBLIC_BYTES],
- const uint8_t *message, size_t message_len,
- uint8_t prehashed, const uint8_t *context,
- size_t context_len,
- const char *propq);
+c448_error_t
+ossl_c448_ed448_sign(OSSL_LIB_CTX *ctx,
+ uint8_t signature[EDDSA_448_SIGNATURE_BYTES],
+ const uint8_t privkey[EDDSA_448_PRIVATE_BYTES],
+ const uint8_t pubkey[EDDSA_448_PUBLIC_BYTES],
+ const uint8_t *message, size_t message_len,
+ uint8_t prehashed, const uint8_t *context,
+ size_t context_len,
+ const char *propq);
/*
* EdDSA signing with prehash.
@@ -86,15 +87,15 @@ c448_error_t c448_ed448_sign(
* non-prehashed messages, at least without some very careful protocol-level
* disambiguation. For Ed448 it is safe.
*/
-c448_error_t c448_ed448_sign_prehash(
- OSSL_LIB_CTX *ctx,
- uint8_t signature[EDDSA_448_SIGNATURE_BYTES],
- const uint8_t privkey[EDDSA_448_PRIVATE_BYTES],
- const uint8_t pubkey[EDDSA_448_PUBLIC_BYTES],
- const uint8_t hash[64],
- const uint8_t *context,
- size_t context_len,
- const char *propq);
+c448_error_t
+ossl_c448_ed448_sign_prehash(OSSL_LIB_CTX *ctx,
+ uint8_t signature[EDDSA_448_SIGNATURE_BYTES],
+ const uint8_t privkey[EDDSA_448_PRIVATE_BYTES],
+ const uint8_t pubkey[EDDSA_448_PUBLIC_BYTES],
+ const uint8_t hash[64],
+ const uint8_t *context,
+ size_t context_len,
+ const char *propq);
/*
* EdDSA signature verification.
@@ -114,15 +115,16 @@ c448_error_t c448_ed448_sign_prehash(
* non-prehashed messages, at least without some very careful protocol-level
* disambiguation. For Ed448 it is safe.
*/
-c448_error_t c448_ed448_verify(OSSL_LIB_CTX *ctx,
- const uint8_t
- signature[EDDSA_448_SIGNATURE_BYTES],
- const uint8_t
- pubkey[EDDSA_448_PUBLIC_BYTES],
- const uint8_t *message, size_t message_len,
- uint8_t prehashed, const uint8_t *context,
- uint8_t context_len,
- const char *propq);
+c448_error_t
+ossl_c448_ed448_verify(OSSL_LIB_CTX *ctx,
+ const uint8_t
+ signature[EDDSA_448_SIGNATURE_BYTES],
+ const uint8_t
+ pubkey[EDDSA_448_PUBLIC_BYTES],
+ const uint8_t *message, size_t message_len,
+ uint8_t prehashed, const uint8_t *context,
+ uint8_t context_len,
+ const char *propq);
/*
* EdDSA signature verification.
@@ -141,14 +143,15 @@ c448_error_t c448_ed448_verify(OSSL_LIB_CTX *ctx,
* non-prehashed messages, at least without some very careful protocol-level
* disambiguation. For Ed448 it is safe.
*/
-c448_error_t c448_ed448_verify_prehash(
- OSSL_LIB_CTX *ctx,
- const uint8_t signature[EDDSA_448_SIGNATURE_BYTES],
- const uint8_t pubkey[EDDSA_448_PUBLIC_BYTES],
- const uint8_t hash[64],
- const uint8_t *context,
- uint8_t context_len,
- const char *propq);
+c448_error_t
+ossl_c448_ed448_verify_prehash(
+ OSSL_LIB_CTX *ctx,
+ const uint8_t signature[EDDSA_448_SIGNATURE_BYTES],
+ const uint8_t pubkey[EDDSA_448_PUBLIC_BYTES],
+ const uint8_t hash[64],
+ const uint8_t *context,
+ uint8_t context_len,
+ const char *propq);
/*
* EdDSA point encoding. Used internally, exposed externally.
@@ -173,7 +176,8 @@ c448_error_t c448_ed448_verify_prehash(
* enc (out): The encoded point.
* p (in): The point.
*/
-void curve448_point_mul_by_ratio_and_encode_like_eddsa(
+void
+ossl_curve448_point_mul_by_ratio_and_encode_like_eddsa(
uint8_t enc [EDDSA_448_PUBLIC_BYTES],
const curve448_point_t p);
@@ -186,7 +190,8 @@ void curve448_point_mul_by_ratio_and_encode_like_eddsa(
* enc (out): The encoded point.
* p (in): The point.
*/
-c448_error_t curve448_point_decode_like_eddsa_and_mul_by_ratio(
+c448_error_t
+ossl_curve448_point_decode_like_eddsa_and_mul_by_ratio(
curve448_point_t p,
const uint8_t enc[EDDSA_448_PUBLIC_BYTES]);
@@ -198,10 +203,11 @@ c448_error_t curve448_point_decode_like_eddsa_and_mul_by_ratio(
* x (out): The ECDH private key as in RFC7748
* ed (in): The EdDSA private key
*/
-c448_error_t c448_ed448_convert_private_key_to_x448(
- OSSL_LIB_CTX *ctx,
- uint8_t x[X448_PRIVATE_BYTES],
- const uint8_t ed[EDDSA_448_PRIVATE_BYTES],
- const char *propq);
+c448_error_t
+ossl_c448_ed448_convert_private_key_to_x448(
+ OSSL_LIB_CTX *ctx,
+ uint8_t x[X448_PRIVATE_BYTES],
+ const uint8_t ed[EDDSA_448_PRIVATE_BYTES],
+ const char *propq);
#endif /* OSSL_CRYPTO_EC_CURVE448_ED448_H */
diff --git a/crypto/ec/curve448/eddsa.c b/crypto/ec/curve448/eddsa.c
index d4c7f1562a..d04469989a 100644
--- a/crypto/ec/curve448/eddsa.c
+++ b/crypto/ec/curve448/eddsa.c
@@ -94,7 +94,8 @@ static c448_error_t hash_init_with_dom(OSSL_LIB_CTX *ctx, EVP_MD_CTX *hashctx,
}
/* In this file because it uses the hash */
-c448_error_t c448_ed448_convert_private_key_to_x448(
+c448_error_t
+ossl_c448_ed448_convert_private_key_to_x448(
OSSL_LIB_CTX *ctx,
uint8_t x[X448_PRIVATE_BYTES],
const uint8_t ed [EDDSA_448_PRIVATE_BYTES],
@@ -106,7 +107,8 @@ c448_error_t c448_ed448_convert_private_key_to_x448(
EDDSA_448_PRIVATE_BYTES, propq);
}
-c448_error_t c448_ed448_derive_public_key(
+c448_error_t
+ossl_c448_ed448_derive_public_key(
OSSL_LIB_CTX *ctx,
uint8_t pubkey[EDDSA_448_PUBLIC_BYTES],
const uint8_t privkey[EDDSA_448_PRIVATE_BYTES],
@@ -126,8 +128,8 @@ c448_error_t c448_ed448_derive_public_key(
clamp(secret_scalar_ser);
- curve448_scalar_decode_long(secret_scalar, secret_scalar_ser,
- sizeof(secret_scalar_ser));
+ ossl_curve448_scalar_decode_long(secret_scalar, secret_scalar_ser,
+ sizeof(secret_scalar_ser));
/*
* Since we are going to mul_by_cofactor during encoding, divide by it
@@ -138,28 +140,29 @@ c448_error_t c448_ed448_derive_public_key(
* we might start at 2 instead of 1.
*/
for (c = 1; c < C448_EDDSA_ENCODE_RATIO; c <<= 1)
- curve448_scalar_halve(secret_scalar, secret_scalar);
+ ossl_curve448_scalar_halve(secret_scalar, secret_scalar);
- curve448_precomputed_scalarmul(p, curve448_precomputed_base, secret_scalar);
+ ossl_curve448_precomputed_scalarmul(p, ossl_curve448_precomputed_base,
+ secret_scalar);
- curve448_point_mul_by_ratio_and_encode_like_eddsa(pubkey, p);
+ ossl_curve448_point_mul_by_ratio_and_encode_like_eddsa(pubkey, p);
/* Cleanup */
- curve448_scalar_destroy(secret_scalar);
- curve448_point_destroy(p);
+ ossl_curve448_scalar_destroy(secret_scalar);
+ ossl_curve448_point_destroy(p);
OPENSSL_cleanse(secret_scalar_ser, sizeof(secret_scalar_ser));
return C448_SUCCESS;
}
-c448_error_t c448_ed448_sign(
- OSSL_LIB_CTX *ctx,
- uint8_t signature[EDDSA_448_SIGNATURE_BYTES],
- const uint8_t privkey[EDDSA_448_PRIVATE_BYTES],
- const uint8_t pubkey[EDDSA_448_PUBLIC_BYTES],
- const uint8_t *message, size_t message_len,
- uint8_t prehashed, const uint8_t *context,
- size_t context_len, const char *propq)
+c448_error_t
+ossl_c448_ed448_sign(OSSL_LIB_CTX *ctx,
+ uint8_t signature[EDDSA_448_SIGNATURE_BYTES],
+ const uint8_t privkey[EDDSA_448_PRIVATE_BYTES],
+ const uint8_t pubkey[EDDSA_448_PUBLIC_BYTES],
+ const uint8_t *message, size_t message_len,
+ uint8_t prehashed, const uint8_t *context,
+ size_t context_len, const char *propq)
{
curve448_scalar_t secret_scalar;
EVP_MD_CTX *hashctx = EVP_MD_CTX_new();
@@ -183,8 +186,8 @@ c448_error_t c448_ed448_sign(
EDDSA_448_PRIVATE_BYTES, propq))
goto err;
clamp(expanded);
- curve448_scalar_decode_long(secret_scalar, expanded,
- EDDSA_448_PRIVATE_BYTES);
+ ossl_curve448_scalar_decode_long(secret_scalar, expanded,
+ EDDSA_448_PRIVATE_BYTES);
/* Hash to create the nonce */
if (!hash_init_with_dom(ctx, hashctx, prehashed, 0, context,
@@ -205,7 +208,7 @@ c448_error_t c448_ed448_sign(
if (!EVP_DigestFinalXOF(hashctx, nonce, sizeof(nonce)))
goto err;
- curve448_scalar_decode_long(nonce_scalar, nonce, sizeof(nonce));
+ ossl_curve448_scalar_decode_long(nonce_scalar, nonce, sizeof(nonce));
OPENSSL_cleanse(nonce, sizeof(nonce));
}
@@ -214,15 +217,15 @@ c448_error_t c448_ed448_sign(
curve448_scalar_t nonce_scalar_2;
curve448_point_t p;
- curve448_scalar_halve(nonce_scalar_2, nonce_scalar);
+ ossl_curve448_scalar_halve(nonce_scalar_2, nonce_scalar);
for (c = 2; c < C448_EDDSA_ENCODE_RATIO; c <<= 1)
- curve448_scalar_halve(nonce_scalar_2, nonce_scalar_2);
+ ossl_curve448_scalar_halve(nonce_scalar_2, nonce_scalar_2);
- curve448_precomputed_scalarmul(p, curve448_precomputed_base,
- nonce_scalar_2);
- curve448_point_mul_by_ratio_and_encode_like_eddsa(nonce_point, p);
- curve448_point_destroy(p);
- curve448_scalar_destroy(nonce_scalar_2);
+ ossl_curve448_precomputed_scalarmul(p, ossl_curve448_precomputed_base,
+ nonce_scalar_2);
+ ossl_curve448_point_mul_by_ratio_and_encode_like_eddsa(nonce_point, p);
+ ossl_curve448_point_destroy(p);
+ ossl_curve448_scalar_destroy(nonce_scalar_2);
}
{
@@ -237,22 +240,22 @@ c448_error_t c448_ed448_sign(
|| !EVP_DigestFinalXOF(hashctx, challenge, sizeof(challenge)))
goto err;
- curve448_scalar_decode_long(challenge_scalar, challenge,
- sizeof(challenge));
+ ossl_curve448_scalar_decode_long(challenge_scalar, challenge,
+ sizeof(challenge));
OPENSSL_cleanse(challenge, sizeof(challenge));
}
- curve448_scalar_mul(challenge_scalar, challenge_scalar, secret_scalar);
- curve448_scalar_add(challenge_scalar, challenge_scalar, nonce_scalar);
+ ossl_curve448_scalar_mul(challenge_scalar, challenge_scalar, secret_scalar);
+ ossl_curve448_scalar_add(challenge_scalar, challenge_scalar, nonce_scalar);
OPENSSL_cleanse(signature, EDDSA_448_SIGNATURE_BYTES);
memcpy(signature, nonce_point, sizeof(nonce_point));
- curve448_scalar_encode(&signature[EDDSA_448_PUBLIC_BYTES],
- challenge_scalar);
+ ossl_curve448_scalar_encode(&signature[EDDSA_448_PUBLIC_BYTES],
+ challenge_scalar);
- curve448_scalar_destroy(secret_scalar);
- curve448_scalar_destroy(nonce_scalar);
- curve448_scalar_destroy(challenge_scalar);
+ ossl_curve448_scalar_destroy(secret_scalar);
+ ossl_curve448_scalar_destroy(nonce_scalar);
+ ossl_curve448_scalar_destroy(challenge_scalar);
ret = C448_SUCCESS;
err:
@@ -260,7 +263,8 @@ c448_error_t c448_ed448_sign(
return ret;
}
-c448_error_t c448_ed448_sign_prehash(
+c448_error_t
+ossl_c448_ed448_sign_prehash(
OSSL_LIB_CTX *ctx,
uint8_t signature[EDDSA_448_SIGNATURE_BYTES],
const uint8_t privkey[EDDSA_448_PRIVATE_BYTES],
@@ -268,11 +272,12 @@ c448_error_t c448_ed448_sign_prehash(
const uint8_t hash[64], const uint8_t *context,
size_t context_len, const char *propq)
{
- return c448_ed448_sign(ctx, signature, privkey, pubkey, hash, 64, 1,
- context, context_len, propq);
+ return ossl_c448_ed448_sign(ctx, signature, privkey, pubkey, hash, 64, 1,
+ context, context_len, propq);
}
-c448_error_t c448_ed448_verify(
+c448_error_t
+ossl_c448_ed448_verify(
OSSL_LIB_CTX *ctx,
const uint8_t signature[EDDSA_448_SIGNATURE_BYTES],
const uint8_t pubkey[EDDSA_448_PUBLIC_BYTES],
@@ -310,13 +315,13 @@ c448_error_t c448_ed448_verify(
return C448_FAILURE;
error =
- curve448_point_decode_like_eddsa_and_mul_by_ratio(pk_point, pubkey);
+ ossl_curve448_point_decode_like_eddsa_and_mul_by_ratio(pk_point, pubkey);
if (C448_SUCCESS != error)
return error;
error =
- curve448_point_decode_like_eddsa_and_mul_by_ratio(r_point, signature);
+ ossl_curve448_point_decode_like_eddsa_and_mul_by_ratio(r_point, signature);
if (C448_SUCCESS != error)
return error;
@@ -337,74 +342,82 @@ c448_error_t c448_ed448_verify(
}
EVP_MD_CTX_free(hashctx);
- curve448_scalar_decode_long(challenge_scalar, challenge,
- sizeof(challenge));
+ ossl_curve448_scalar_decode_long(challenge_scalar, challenge,
+ sizeof(challenge));
OPENSSL_cleanse(challenge, sizeof(challenge));
}
- curve448_scalar_sub(challenge_scalar, curve448_scalar_zero,
- challenge_scalar);
+ ossl_curve448_scalar_sub(challenge_scalar, ossl_curve448_scalar_zero,
+ challenge_scalar);
- curve448_scalar_decode_long(response_scalar,
- &signature[EDDSA_448_PUBLIC_BYTES],
- EDDSA_448_PRIVATE_BYTES);
+ ossl_curve448_scalar_decode_long(response_scalar,
+ &signature[EDDSA_448_PUBLIC_BYTES],
+ EDDSA_448_PRIVATE_BYTES);
/* pk_point = -c(x(P)) + (cx + k)G = kG */
- curve448_base_double_scalarmul_non_secret(pk_point,
- response_scalar,
- pk_point, challenge_scalar);
- return c448_succeed_if(curve448_point_eq(pk_point, r_point));
+ ossl_curve448_base_double_scalarmul_non_secret(pk_point,
+ response_scalar,
+ pk_point, challenge_scalar);
+ return c448_succeed_if(ossl_curve448_point_eq(pk_point, r_point));
}
-c448_error_t c448_ed448_verify_prehash(
+c448_error_t
+ossl_c448_ed448_verify_prehash(
OSSL_LIB_CTX *ctx,
const uint8_t signature[EDDSA_448_SIGNATURE_BYTES],
const uint8_t pubkey[EDDSA_448_PUBLIC_BYTES],
const uint8_t hash[64], const uint8_t *context,
uint8_t context_len, const char *propq)
{
- return c448_ed448_verify(ctx, signature, pubkey, hash, 64, 1, context,
- context_len, propq);
+ return ossl_c448_ed448_verify(ctx, signature, pubkey, hash, 64, 1, context,
+ context_len, propq);
}
-int ED448_sign(OSSL_LIB_CTX *ctx, uint8_t *out_sig, const uint8_t *message,
- size_t message_len, const uint8_t public_key[57],
- const uint8_t private_key[57], const uint8_t *context,
- size_t context_len, const char *propq)
+int
+ossl_ed448_sign(OSSL_LIB_CTX *ctx, uint8_t *out_sig, const uint8_t *message,
+ size_t message_len, const uint8_t public_key[57],
+ const uint8_t private_key[57], const uint8_t *context,
+ size_t context_len, const char *propq)
{
- return c448_ed448_sign(ctx, out_sig, private_key, public_key, message,
- message_len, 0, context, context_len,propq)
- == C448_SUCCESS;
+ return ossl_c448_ed448_sign(ctx, out_sig, private_key, public_key, message,
+ message_len, 0, context, context_len,
+ propq) == C448_SUCCESS;
}
-int ED448_verify(OSSL_LIB_CTX *ctx, const uint8_t *message, size_t message_len,
- const uint8_t signature[114], const uint8_t public_key[57],
- const uint8_t *context, size_t context_len, const char *propq)
+int
+ossl_ed448_verify(OSSL_LIB_CTX *ctx, const uint8_t *message, size_t message_len,
+ const uint8_t signature[114], const uint8_t public_key[57],
+ const uint8_t *context, size_t context_len, const char *propq)
{
- return c448_ed448_verify(ctx, signature, public_key, message, message_len,
- 0, context, (uint8_t)context_len,
- propq) == C448_SUCCESS;
+ return ossl_c448_ed448_verify(ctx, signature, public_key, message,
+ message_len, 0, context, (uint8_t)context_len,
+ propq) == C448_SUCCESS;
}
-int ED448ph_sign(OSSL_LIB_CTX *ctx, uint8_t *out_sig, const uint8_t hash[64],
- const uint8_t public_key[57], const uint8_t private_key[57],
- const uint8_t *context, size_t context_len, const char *propq)
+int
+ossl_ed448ph_sign(OSSL_LIB_CTX *ctx, uint8_t *out_sig, const uint8_t hash[64],
+ const uint8_t public_key[57], const uint8_t private_key[57],
+ const uint8_t *context, size_t context_len, const char *propq)
{
- return c448_ed448_sign_prehash(ctx, out_sig, private_key, public_key, hash,
- context, context_len, propq) == C448_SUCCESS;
-
+ return ossl_c448_ed448_sign_prehash(ctx, out_sig, private_key, public_key,
+ hash, context, context_len,
+ propq) == C448_SUCCESS;
}
-int ED448ph_verify(OSSL_LIB_CTX *ctx, const uint8_t hash[64],
- const uint8_t signature[114], const uint8_t public_key[57],
- const uint8_t *context, size_t context_len, const char *propq)
+int
+ossl_ed448ph_verify(OSSL_LIB_CTX *ctx, const uint8_t hash[64],
+ const uint8_t signature[114], const uint8_t public_key[57],
+ const uint8_t *context, size_t context_len,
+ const char *propq)
{
- return c448_ed448_verify_prehash(ctx, signature, public_key, hash, context,
- (uint8_t)context_len, propq) == C448_SUCCESS;
+ return ossl_c448_ed448_verify_prehash(ctx, signature, public_key, hash,
+ context, (uint8_t)context_len,
+ propq) == C448_SUCCESS;
}
-int ED448_public_from_private(OSSL_LIB_CTX *ctx, uint8_t out_public_key[57],
- const uint8_t private_key[57], const char *propq)
+int
+ossl_ed448_public_from_private(OSSL_LIB_CTX *ctx, uint8_t out_public_key[57],
+ const uint8_t private_key[57], const char *propq)
{
- return c448_ed448_derive_public_key(ctx, out_public_key, private_key, propq)
- == C448_SUCCESS;
+ return ossl_c448_ed448_derive_public_key(ctx, out_public_key, private_key,
+ propq) == C448_SUCCESS;
}
diff --git a/crypto/ec/curve448/point_448.h b/crypto/ec/curve448/point_448.h
index 9f09aea13f..c48872c873 100644
--- a/crypto/ec/curve448/point_448.h
+++ b/crypto/ec/curve448/point_448.h
@@ -69,17 +69,17 @@ typedef struct curve448_scalar_s {
} curve448_scalar_t[1];
/* A scalar equal to 1. */
-extern const curve448_scalar_t curve448_scalar_one;
+extern const curve448_scalar_t ossl_curve448_scalar_one;
/* A scalar equal to 0. */
-extern const curve448_scalar_t curve448_scalar_zero;
+extern const curve448_scalar_t ossl_curve448_scalar_zero;
/* The identity point on the curve. */
-extern const curve448_point_t curve448_point_identity;
+extern const curve448_point_t ossl_curve448_point_identity;
/* Precomputed table for the base point on the curve. */
-extern const struct curve448_precomputed_s *curve448_precomputed_base;
-extern const niels_t *curve448_wnaf_base;
+extern const struct curve448_precomputed_s *ossl_curve448_precomputed_base;
+extern const niels_t *ossl_curve448_wnaf_base;
/*
* Read a scalar from wire format or from bytes.
@@ -92,8 +92,9 @@ extern const niels_t *curve448_wnaf_base;
* C448_FAILURE: The scalar was greater than the modulus, and has been reduced
* modulo that modulus.
*/
-c448_error_t curve448_scalar_decode(curve448_scalar_t out,
- const unsigned char ser[C448_SCALAR_BYTES]);
+c448_error_t
+ossl_curve448_scalar_decode(curve448_scalar_t out,
+