haskell/cryptonite
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

make a faster and more secure related to memory blits of pointDh for P256

Browse Source
This commit is contained in:
Vincent Hanquez 2016-12-02 15:47:51 +00:00
parent 5e52a7ffa2
commit f627bf437a
2 changed files with 14 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
Crypto/ECC.hs
View File

@ -108,11 +108,7 @@ instance EllipticCurveArith Curve_P256R1 where
pointSmul _ s p = P256.pointMul s p pointSmul _ s p = P256.pointMul s p
instance EllipticCurveDH Curve_P256R1 where instance EllipticCurveDH Curve_P256R1 where
ecdh proxy s p = shared ecdh _ s p = SharedSecret $ P256.pointDh s p
where
(x, _) = P256.pointToIntegers $ pointSmul proxy s p
len = 32 -- (256 + 7) `div` 8
shared = SharedSecret $ i2ospOf_ len x
data Curve_P384R1 = Curve_P384R1 data Curve_P384R1 = Curve_P384R1

14
Crypto/PubKey/ECC/P256.hs
View File

@ -18,6 +18,7 @@ module Crypto.PubKey.ECC.P256
, pointBase , pointBase
, pointAdd , pointAdd
, pointMul , pointMul
, pointDh
, pointsMulVarTime , pointsMulVarTime
, pointIsValid , pointIsValid
, toPoint , toPoint
@ -48,7 +49,7 @@ import Crypto.Internal.Compat
import Crypto.Internal.Imports import Crypto.Internal.Imports
import Crypto.Internal.ByteArray import Crypto.Internal.ByteArray
import qualified Crypto.Internal.ByteArray as B import qualified Crypto.Internal.ByteArray as B
import Data.Memory.PtrMethods (memSet) import Data.Memory.PtrMethods (memSet, memCopy)
import Crypto.Error import Crypto.Error
import Crypto.Random import Crypto.Random
import Crypto.Number.Serialize.Internal (os2ip, i2ospOf) import Crypto.Number.Serialize.Internal (os2ip, i2ospOf)
@ -112,6 +113,14 @@ pointMul scalar p = withNewPoint $ \dx dy ->
withScalar scalar $ \n -> withPoint p $ \px py -> withScalarZero $ \nzero -> withScalar scalar $ \n -> withPoint p $ \px py -> withScalarZero $ \nzero ->
ccryptonite_p256_points_mul_vartime nzero n px py dx dy ccryptonite_p256_points_mul_vartime nzero n px py dx dy
-- | Similar to 'pointMul', serializing the x coordinate as binary
pointDh :: ByteArray binary => Scalar -> Point -> binary
pointDh scalar p =
B.unsafeCreate scalarSize $ \dst -> withTempPoint $ \dx dy -> do
withScalar scalar $ \n -> withPoint p $ \px py -> withScalarZero $ \nzero ->
ccryptonite_p256_points_mul_vartime nzero n px py dx dy
memCopy dst (castPtr dx) scalarSize
-- | multiply the point @p with @n2 and add a lifted to curve value @n1 -- | multiply the point @p with @n2 and add a lifted to curve value @n1
-- --
-- > n1 * G + n2 * p -- > n1 * G + n2 * p
@ -282,6 +291,9 @@ withNewScalarFreeze :: (Ptr P256Scalar -> IO ()) -> Scalar
withNewScalarFreeze f = Scalar $ B.allocAndFreeze scalarSize f withNewScalarFreeze f = Scalar $ B.allocAndFreeze scalarSize f
{-# NOINLINE withNewScalarFreeze #-} {-# NOINLINE withNewScalarFreeze #-}
withTempPoint :: (Ptr P256X -> Ptr P256Y -> IO a) -> IO a
withTempPoint f = allocTempScrubbed scalarSize (\p -> let px = castPtr p in f px (pxToPy px))
withTempScalar :: (Ptr P256Scalar -> IO a) -> IO a withTempScalar :: (Ptr P256Scalar -> IO a) -> IO a
withTempScalar f = allocTempScrubbed scalarSize (f . castPtr) withTempScalar f = allocTempScrubbed scalarSize (f . castPtr)