From 5a2124620cb2893b2d5c40be75579cd9c35c839c Mon Sep 17 00:00:00 2001 From: Nicola Tuveri Date: Thu, 21 Jun 2018 19:08:50 +0300 Subject: [PATCH] Add inter-module private header for EC functions Internal submodules of libcrypto may require non-public functions from the EC submodule. In preparation to use `ec_group_do_inverse_ord()` (from #6116) inside the SM2 submodule to apply a SCA mitigation on the modular inversion, this commit moves the `ec_group_do_inverse_ord()` prototype declaration from the EC-local `crypto/ec/ec_lcl.h` header to the `crypto/include/internal/ec_int.h` inter-module private header. Reviewed-by: Andy Polyakov Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/6521) --- crypto/ec/ec_lcl.h | 4 +-- crypto/include/internal/ec_int.h | 45 ++++++++++++++++++++++++++++++++ 2 files changed, 46 insertions(+), 3 deletions(-) create mode 100644 crypto/include/internal/ec_int.h diff --git a/crypto/ec/ec_lcl.h b/crypto/ec/ec_lcl.h index cf29c7c70e..ae380290a2 100644 --- a/crypto/ec/ec_lcl.h +++ b/crypto/ec/ec_lcl.h @@ -14,6 +14,7 @@ #include #include #include "internal/refcount.h" +#include "internal/ec_int.h" #include "curve448/curve448_lcl.h" #if defined(__SUNPRO_C) @@ -636,7 +637,4 @@ int X25519(uint8_t out_shared_key[32], const uint8_t private_key[32], void X25519_public_from_private(uint8_t out_public_value[32], const uint8_t private_key[32]); -int ec_group_do_inverse_ord(const EC_GROUP *group, BIGNUM *res, - const BIGNUM *x, BN_CTX *ctx); - int ec_point_blind_coordinates(const EC_GROUP *group, EC_POINT *p, BN_CTX *ctx); diff --git a/crypto/include/internal/ec_int.h b/crypto/include/internal/ec_int.h new file mode 100644 index 0000000000..bb4b5129d0 --- /dev/null +++ b/crypto/include/internal/ec_int.h @@ -0,0 +1,45 @@ +/* + * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* Internal EC functions for other submodules: not for application use */ + +#ifndef HEADER_OSSL_EC_INTERNAL_H +# define HEADER_OSSL_EC_INTERNAL_H +# include + +# ifndef OPENSSL_NO_EC + +# include + +/*- + * Computes the multiplicative inverse of x in the range + * [1,EC_GROUP::order), where EC_GROUP::order is the cardinality of the + * subgroup generated by the generator G: + * + * res := x^(-1) (mod EC_GROUP::order). + * + * This function expects the following two conditions to hold: + * - the EC_GROUP order is prime, and + * - x is included in the range [1, EC_GROUP::order). + * + * This function returns 1 on success, 0 on error. + * + * If the EC_GROUP order is even, this function explicitly returns 0 as + * an error. + * In case any of the two conditions stated above is not satisfied, + * the correctness of its output is not guaranteed, even if the return + * value could still be 1 (as primality testing and a conditional modular + * reduction round on the input can be omitted by the underlying + * implementations for better SCA properties on regular input values). + */ +__owur int ec_group_do_inverse_ord(const EC_GROUP *group, BIGNUM *res, + const BIGNUM *x, BN_CTX *ctx); + +# endif /* OPENSSL_NO_EC */ +#endif -- 2.25.1