|
|
@@ -842,15 +842,23 @@ static void xycz_add_c(u64 *x1, u64 *y1, u64 *x2, u64 *y2, u64 *curve_prime,
|
|
|
|
|
|
static void ecc_point_mult(struct ecc_point *result,
|
|
|
const struct ecc_point *point, const u64 *scalar,
|
|
|
- u64 *initial_z, u64 *curve_prime,
|
|
|
+ u64 *initial_z, const struct ecc_curve *curve,
|
|
|
unsigned int ndigits)
|
|
|
{
|
|
|
/* R0 and R1 */
|
|
|
u64 rx[2][ECC_MAX_DIGITS];
|
|
|
u64 ry[2][ECC_MAX_DIGITS];
|
|
|
u64 z[ECC_MAX_DIGITS];
|
|
|
+ u64 sk[2][ECC_MAX_DIGITS];
|
|
|
+ u64 *curve_prime = curve->p;
|
|
|
int i, nb;
|
|
|
- int num_bits = vli_num_bits(scalar, ndigits);
|
|
|
+ int num_bits;
|
|
|
+ int carry;
|
|
|
+
|
|
|
+ carry = vli_add(sk[0], scalar, curve->n, ndigits);
|
|
|
+ vli_add(sk[1], sk[0], curve->n, ndigits);
|
|
|
+ scalar = sk[!carry];
|
|
|
+ num_bits = sizeof(u64) * ndigits * 8 + 1;
|
|
|
|
|
|
vli_set(rx[1], point->x, ndigits);
|
|
|
vli_set(ry[1], point->y, ndigits);
|
|
|
@@ -1004,7 +1012,7 @@ int ecc_make_pub_key(unsigned int curve_id, unsigned int ndigits,
|
|
|
goto out;
|
|
|
}
|
|
|
|
|
|
- ecc_point_mult(pk, &curve->g, priv, NULL, curve->p, ndigits);
|
|
|
+ ecc_point_mult(pk, &curve->g, priv, NULL, curve, ndigits);
|
|
|
if (ecc_point_is_zero(pk)) {
|
|
|
ret = -EAGAIN;
|
|
|
goto err_free_point;
|
|
|
@@ -1090,7 +1098,7 @@ int crypto_ecdh_shared_secret(unsigned int curve_id, unsigned int ndigits,
|
|
|
goto err_alloc_product;
|
|
|
}
|
|
|
|
|
|
- ecc_point_mult(product, pk, priv, rand_z, curve->p, ndigits);
|
|
|
+ ecc_point_mult(product, pk, priv, rand_z, curve, ndigits);
|
|
|
|
|
|
ecc_swap_digits(product->x, secret, ndigits);
|
|
|
|
Vitaly Chikunov