[PATCH 1/2] ecc: add API's to support EAP-PWD

[PATCH 1/2] ecc: add API's to support EAP-PWD

[James Prestwood]

[-- Attachment #1: Type: text/plain, Size: 2694 bytes --]

EAP-PWD requires the following ECC functionality
 - Point multiplication
 - Point addition
 - Point inverse
 - Scalar addition
---
 ell/ecc.c | 52 ++++++++++++++++++++++++++++++++++++++++++++++++++++
 ell/ecc.h | 14 ++++++++++++++
 2 files changed, 66 insertions(+)

diff --git a/ell/ecc.c b/ell/ecc.c
index 6d9ab42..c7e7089 100644
--- a/ell/ecc.c
+++ b/ell/ecc.c
@@ -433,3 +433,55 @@ LIB_EXPORT void l_ecc_scalar_free(struct l_ecc_scalar *c)
 	memset(c->c, 0, c->curve->ndigits * 8);
 	l_free(c);
 }
+
+LIB_EXPORT struct l_ecc_scalar *l_ecc_curve_get_order(
+						const struct l_ecc_curve *curve)
+{
+	return _ecc_constant_new(curve, (void *) curve->n, curve->ndigits * 8);
+}
+
+LIB_EXPORT bool l_ecc_scalar_add(struct l_ecc_scalar *ret,
+					struct l_ecc_scalar *a,
+					struct l_ecc_scalar *b,
+					struct l_ecc_scalar *mod)
+{
+	if (unlikely(!ret) || unlikely(!a) || unlikely(!b) || unlikely(!mod))
+		return false;
+
+	_vli_mod_add(ret->c, a->c, b->c, mod->c, a->curve->ndigits);
+
+	return true;
+}
+
+LIB_EXPORT bool l_ecc_point_multiply(struct l_ecc_point *ret,
+					struct l_ecc_scalar *scalar,
+					struct l_ecc_point *point)
+{
+	if (unlikely(!ret) || unlikely(!scalar) || unlikely(!point))
+		return false;
+
+	_ecc_point_mult(ret, point, scalar->c, NULL, scalar->curve->p);
+
+	return true;
+}
+
+LIB_EXPORT bool l_ecc_point_add(struct l_ecc_point *ret, struct l_ecc_point *a,
+					struct l_ecc_point *b)
+{
+	if (unlikely(!ret) || unlikely(!a) || unlikely(!b))
+		return false;
+
+	_ecc_point_add(ret, a, b, a->curve->p);
+
+	return true;
+}
+
+LIB_EXPORT bool l_ecc_point_inverse(struct l_ecc_point *p)
+{
+	if (unlikely(!p))
+		return false;
+
+	_vli_mod_sub(p->y, p->curve->p, p->y, p->curve->p, p->curve->ndigits);
+
+	return true;
+}
diff --git a/ell/ecc.h b/ell/ecc.h
index 40c7d47..fd10f16 100644
--- a/ell/ecc.h
+++ b/ell/ecc.h
@@ -61,6 +61,20 @@ ssize_t l_ecc_scalar_get_data(const struct l_ecc_scalar *c, void *buf,
 					size_t len);
 void l_ecc_scalar_free(struct l_ecc_scalar *c);
 
+/* Constant operations */
+struct l_ecc_scalar *l_ecc_curve_get_order(const struct l_ecc_curve *curve);
+bool l_ecc_scalar_add(struct l_ecc_scalar *ret, struct l_ecc_scalar *a,
+				struct l_ecc_scalar *b,
+				struct l_ecc_scalar *mod);
+
+/* Point operations */
+bool l_ecc_point_multiply(struct l_ecc_point *ret,
+				struct l_ecc_scalar *scalar,
+				struct l_ecc_point *point);
+bool l_ecc_point_add(struct l_ecc_point *ret, struct l_ecc_point *a,
+				struct l_ecc_point *b);
+bool l_ecc_point_inverse(struct l_ecc_point *p);
+
 #ifdef __cplusplus
 }
 #endif
-- 
2.17.1

[PATCH 2/2] ecc: added API's to support SAE

[James Prestwood]

[-- Attachment #1: Type: text/plain, Size: 2895 bytes --]

The functionality require was:
 - Scalar multiplication
 - Find a scalars legendre symbol
 - Sum the curve equations X side
 - Get prime from curve (needed for input to SAE KDF)
 - Check if scalars/points are equal
---
 ell/ecc.c | 59 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
 ell/ecc.h | 12 +++++++++++
 2 files changed, 71 insertions(+)

diff --git a/ell/ecc.c b/ell/ecc.c
index c7e7089..b6b2cd6 100644
--- a/ell/ecc.c
+++ b/ell/ecc.c
@@ -485,3 +485,62 @@ LIB_EXPORT bool l_ecc_point_inverse(struct l_ecc_point *p)
 
 	return true;
 }
+
+LIB_EXPORT bool l_ecc_scalar_multiply(struct l_ecc_scalar *ret,
+					struct l_ecc_scalar *a,
+					struct l_ecc_scalar *b)
+{
+	if (unlikely(!ret) || unlikely(!a) || unlikely(!b))
+		return false;
+
+	_vli_mod_mult_fast(ret->c, a->c, b->c, a->curve->p, a->curve->ndigits);
+
+	return true;
+}
+
+LIB_EXPORT int l_ecc_scalar_legendre(struct l_ecc_scalar *value)
+{
+	if (unlikely(!value))
+		return -1;
+
+	return _vli_legendre(value->c, value->curve->p, value->curve->ndigits);
+}
+
+LIB_EXPORT bool l_ecc_scalar_sum_x(struct l_ecc_scalar *ret,
+					struct l_ecc_scalar *x)
+{
+	if (unlikely(!ret) || unlikely(!x))
+		return false;
+
+	ecc_compute_y_sqr(x->curve, ret->c, x->c);
+
+	return true;
+}
+
+LIB_EXPORT struct l_ecc_scalar *l_ecc_curve_get_prime(
+						const struct l_ecc_curve *curve)
+{
+	if (unlikely(!curve))
+		return NULL;
+
+	return _ecc_constant_new(curve, (void *) curve->p, curve->ndigits * 8);
+}
+
+LIB_EXPORT bool l_ecc_scalars_are_equal(struct l_ecc_scalar *a,
+						struct l_ecc_scalar *b)
+{
+	if (unlikely(!a) || unlikely(!b))
+		return false;
+
+	return (memcmp(a->c, b->c, a->curve->ndigits * 8) == 0);
+}
+
+LIB_EXPORT bool l_ecc_points_are_equal(struct l_ecc_point *a,
+						struct l_ecc_point *b)
+{
+	if (unlikely(!a) || unlikely(!b))
+		return false;
+
+	return ((memcmp(a->x, b->x, a->curve->ndigits * 8) == 0) &&
+			(memcmp(a->y, b->y, a->curve->ndigits * 8)));
+}
diff --git a/ell/ecc.h b/ell/ecc.h
index fd10f16..dc3d9c3 100644
--- a/ell/ecc.h
+++ b/ell/ecc.h
@@ -75,6 +75,18 @@ bool l_ecc_point_add(struct l_ecc_point *ret, struct l_ecc_point *a,
 				struct l_ecc_point *b);
 bool l_ecc_point_inverse(struct l_ecc_point *p);
 
+/* extra operations needed for SAE */
+bool l_ecc_scalar_multiply(struct l_ecc_scalar *ret, struct l_ecc_scalar *a,
+				struct l_ecc_scalar *b);
+int l_ecc_scalar_legendre(struct l_ecc_scalar *value);
+bool l_ecc_scalar_sum_x(struct l_ecc_scalar *ret, struct l_ecc_scalar *x);
+
+struct l_ecc_scalar *l_ecc_curve_get_prime(const struct l_ecc_curve *curve);
+
+bool l_ecc_scalars_are_equal(struct l_ecc_scalar *a, struct l_ecc_scalar *b);
+
+bool l_ecc_points_are_equal(struct l_ecc_point *a, struct l_ecc_point *b);
+
 #ifdef __cplusplus
 }
 #endif
-- 
2.17.1

Re: [PATCH 2/2] ecc: added API's to support SAE

[Andrew Zaborowski]

[-- Attachment #1: Type: text/plain, Size: 2923 bytes --]

Hi James,

On Wed, 9 Jan 2019 at 18:05, James Prestwood
<james.prestwood@linux.intel.com> wrote:
>
> The functionality require was:
>  - Scalar multiplication
>  - Find a scalars legendre symbol
>  - Sum the curve equations X side
>  - Get prime from curve (needed for input to SAE KDF)
>  - Check if scalars/points are equal
> ---
>  ell/ecc.c | 59 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
>  ell/ecc.h | 12 +++++++++++
>  2 files changed, 71 insertions(+)
>
> diff --git a/ell/ecc.c b/ell/ecc.c
> index c7e7089..b6b2cd6 100644
> --- a/ell/ecc.c
> +++ b/ell/ecc.c
> @@ -485,3 +485,62 @@ LIB_EXPORT bool l_ecc_point_inverse(struct l_ecc_point *p)
>
>         return true;
>  }
> +
> +LIB_EXPORT bool l_ecc_scalar_multiply(struct l_ecc_scalar *ret,
> +                                       struct l_ecc_scalar *a,
> +                                       struct l_ecc_scalar *b)
> +{
> +       if (unlikely(!ret) || unlikely(!a) || unlikely(!b))
> +               return false;
> +
> +       _vli_mod_mult_fast(ret->c, a->c, b->c, a->curve->p, a->curve->ndigits);
> +
> +       return true;
> +}
> +
> +LIB_EXPORT int l_ecc_scalar_legendre(struct l_ecc_scalar *value)
> +{
> +       if (unlikely(!value))
> +               return -1;
> +
> +       return _vli_legendre(value->c, value->curve->p, value->curve->ndigits);
> +}
> +
> +LIB_EXPORT bool l_ecc_scalar_sum_x(struct l_ecc_scalar *ret,
> +                                       struct l_ecc_scalar *x)
> +{
> +       if (unlikely(!ret) || unlikely(!x))
> +               return false;
> +
> +       ecc_compute_y_sqr(x->curve, ret->c, x->c);
> +
> +       return true;
> +}
> +
> +LIB_EXPORT struct l_ecc_scalar *l_ecc_curve_get_prime(
> +                                               const struct l_ecc_curve *curve)
> +{
> +       if (unlikely(!curve))
> +               return NULL;
> +
> +       return _ecc_constant_new(curve, (void *) curve->p, curve->ndigits * 8);
> +}
> +
> +LIB_EXPORT bool l_ecc_scalars_are_equal(struct l_ecc_scalar *a,
> +                                               struct l_ecc_scalar *b)
> +{
> +       if (unlikely(!a) || unlikely(!b))
> +               return false;
> +
> +       return (memcmp(a->c, b->c, a->curve->ndigits * 8) == 0);
> +}
> +
> +LIB_EXPORT bool l_ecc_points_are_equal(struct l_ecc_point *a,
> +                                               struct l_ecc_point *b)
> +{
> +       if (unlikely(!a) || unlikely(!b))
> +               return false;
> +
> +       return ((memcmp(a->x, b->x, a->curve->ndigits * 8) == 0) &&
> +                       (memcmp(a->y, b->y, a->curve->ndigits * 8)));

Seems the second memcmp is missing the == 0.  I don't have anything to
say about the rest of the changes although I think unlikely(a || b) in
theory should be as good as unlikely(a) || unlikely(b).

Best regards

Re: [PATCH 2/2] ecc: added API's to support SAE

[James Prestwood]

[-- Attachment #1: Type: text/plain, Size: 3292 bytes --]

On Thu, 2019-01-10 at 02:35 +0100, Andrew Zaborowski wrote:
> Hi James,
> 
> On Wed, 9 Jan 2019 at 18:05, James Prestwood
> <james.prestwood@linux.intel.com> wrote:
> > 
> > The functionality require was:
> >  - Scalar multiplication
> >  - Find a scalars legendre symbol
> >  - Sum the curve equations X side
> >  - Get prime from curve (needed for input to SAE KDF)
> >  - Check if scalars/points are equal
> > ---
> >  ell/ecc.c | 59
> > +++++++++++++++++++++++++++++++++++++++++++++++++++++++
> >  ell/ecc.h | 12 +++++++++++
> >  2 files changed, 71 insertions(+)
> > 
> > diff --git a/ell/ecc.c b/ell/ecc.c
> > index c7e7089..b6b2cd6 100644
> > --- a/ell/ecc.c
> > +++ b/ell/ecc.c
> > @@ -485,3 +485,62 @@ LIB_EXPORT bool l_ecc_point_inverse(struct
> > l_ecc_point *p)
> > 
> >         return true;
> >  }
> > +
> > +LIB_EXPORT bool l_ecc_scalar_multiply(struct l_ecc_scalar *ret,
> > +                                       struct l_ecc_scalar *a,
> > +                                       struct l_ecc_scalar *b)
> > +{
> > +       if (unlikely(!ret) || unlikely(!a) || unlikely(!b))
> > +               return false;
> > +
> > +       _vli_mod_mult_fast(ret->c, a->c, b->c, a->curve->p, a-
> > >curve->ndigits);
> > +
> > +       return true;
> > +}
> > +
> > +LIB_EXPORT int l_ecc_scalar_legendre(struct l_ecc_scalar *value)
> > +{
> > +       if (unlikely(!value))
> > +               return -1;
> > +
> > +       return _vli_legendre(value->c, value->curve->p, value-
> > >curve->ndigits);
> > +}
> > +
> > +LIB_EXPORT bool l_ecc_scalar_sum_x(struct l_ecc_scalar *ret,
> > +                                       struct l_ecc_scalar *x)
> > +{
> > +       if (unlikely(!ret) || unlikely(!x))
> > +               return false;
> > +
> > +       ecc_compute_y_sqr(x->curve, ret->c, x->c);
> > +
> > +       return true;
> > +}
> > +
> > +LIB_EXPORT struct l_ecc_scalar *l_ecc_curve_get_prime(
> > +                                               const struct
> > l_ecc_curve *curve)
> > +{
> > +       if (unlikely(!curve))
> > +               return NULL;
> > +
> > +       return _ecc_constant_new(curve, (void *) curve->p, curve-
> > >ndigits * 8);
> > +}
> > +
> > +LIB_EXPORT bool l_ecc_scalars_are_equal(struct l_ecc_scalar *a,
> > +                                               struct l_ecc_scalar
> > *b)
> > +{
> > +       if (unlikely(!a) || unlikely(!b))
> > +               return false;
> > +
> > +       return (memcmp(a->c, b->c, a->curve->ndigits * 8) == 0);
> > +}
> > +
> > +LIB_EXPORT bool l_ecc_points_are_equal(struct l_ecc_point *a,
> > +                                               struct l_ecc_point
> > *b)
> > +{
> > +       if (unlikely(!a) || unlikely(!b))
> > +               return false;
> > +
> > +       return ((memcmp(a->x, b->x, a->curve->ndigits * 8) == 0) &&
> > +                       (memcmp(a->y, b->y, a->curve->ndigits *
> > 8)));
> 
> Seems the second memcmp is missing the == 0.  I don't have anything
> to
> say about the rest of the changes although I think unlikely(a || b)
> in
> theory should be as good as unlikely(a) || unlikely(b).

Good catch. Ill move all the checks into one unlikely as well. Thanks
> 
> Best regards