From: Sergey Matveev Date: Tue, 16 Nov 2021 15:35:14 +0000 (+0300) Subject: More thread-safe gost3410 X-Git-Tag: v5.9.0^0 X-Git-Url: http://www.git.cypherpunks.ru/?p=gogost.git;a=commitdiff_plain;h=7bed9561c7c09958ad1268b397058431fd3362bc More thread-safe gost3410 --- diff --git a/gogost.go b/gogost.go index 7df53a2..dab79d3 100644 --- a/gogost.go +++ b/gogost.go @@ -1,4 +1,4 @@ // Pure Go GOST cryptographic functions library. package gogost -const Version = "5.8.0" +const Version = "5.9.0" diff --git a/gost3410/curve.go b/gost3410/curve.go index 1aa783c..a5f8d51 100644 --- a/gost3410/curve.go +++ b/gost3410/curve.go @@ -48,11 +48,6 @@ type Curve struct { X *big.Int Y *big.Int - // Temporary variable for the add method - t *big.Int - tx *big.Int - ty *big.Int - // Cached s/t parameters for Edwards curve points conversion edS *big.Int edT *big.Int @@ -67,9 +62,6 @@ func NewCurve(p, q, a, b, x, y, e, d, co *big.Int) (*Curve, error) { B: b, X: x, Y: y, - t: big.NewInt(0), - tx: big.NewInt(0), - ty: big.NewInt(0), } r1 := big.NewInt(0) r2 := big.NewInt(0) @@ -107,38 +99,39 @@ func (c *Curve) pos(v *big.Int) { } func (c *Curve) add(p1x, p1y, p2x, p2y *big.Int) { + var t, tx, ty big.Int if p1x.Cmp(p2x) == 0 && p1y.Cmp(p2y) == 0 { // double - c.t.Mul(p1x, p1x) - c.t.Mul(c.t, bigInt3) - c.t.Add(c.t, c.A) - c.tx.Mul(bigInt2, p1y) - c.tx.ModInverse(c.tx, c.P) - c.t.Mul(c.t, c.tx) - c.t.Mod(c.t, c.P) + t.Mul(p1x, p1x) + t.Mul(&t, bigInt3) + t.Add(&t, c.A) + tx.Mul(bigInt2, p1y) + tx.ModInverse(&tx, c.P) + t.Mul(&t, &tx) + t.Mod(&t, c.P) } else { - c.tx.Sub(p2x, p1x) - c.tx.Mod(c.tx, c.P) - c.pos(c.tx) - c.ty.Sub(p2y, p1y) - c.ty.Mod(c.ty, c.P) - c.pos(c.ty) - c.t.ModInverse(c.tx, c.P) - c.t.Mul(c.t, c.ty) - c.t.Mod(c.t, c.P) + tx.Sub(p2x, p1x) + tx.Mod(&tx, c.P) + c.pos(&tx) + ty.Sub(p2y, p1y) + ty.Mod(&ty, c.P) + c.pos(&ty) + t.ModInverse(&tx, c.P) + t.Mul(&t, &ty) + t.Mod(&t, c.P) } - c.tx.Mul(c.t, c.t) - c.tx.Sub(c.tx, p1x) - c.tx.Sub(c.tx, p2x) - c.tx.Mod(c.tx, c.P) - c.pos(c.tx) - c.ty.Sub(p1x, c.tx) - c.ty.Mul(c.ty, c.t) - c.ty.Sub(c.ty, p1y) - c.ty.Mod(c.ty, c.P) - c.pos(c.ty) - p1x.Set(c.tx) - p1y.Set(c.ty) + tx.Mul(&t, &t) + tx.Sub(&tx, p1x) + tx.Sub(&tx, p2x) + tx.Mod(&tx, c.P) + c.pos(&tx) + ty.Sub(p1x, &tx) + ty.Mul(&ty, &t) + ty.Sub(&ty, p1y) + ty.Mod(&ty, c.P) + c.pos(&ty) + p1x.Set(&tx) + p1y.Set(&ty) } func (c *Curve) Exp(degree, xS, yS *big.Int) (*big.Int, *big.Int, error) { diff --git a/gost3410/edwards.go b/gost3410/edwards.go index 43484e0..9cefec6 100644 --- a/gost3410/edwards.go +++ b/gost3410/edwards.go @@ -31,62 +31,65 @@ func (c *Curve) EdwardsST() (*big.Int, *big.Int) { c.edS.Set(c.E) c.edS.Sub(c.edS, c.D) c.pos(c.edS) - c.t.SetUint64(4) - c.t.ModInverse(c.t, c.P) - c.edS.Mul(c.edS, c.t) + var t big.Int + t.SetUint64(4) + t.ModInverse(&t, c.P) + c.edS.Mul(c.edS, &t) c.edS.Mod(c.edS, c.P) c.edT = big.NewInt(0) c.edT.Set(c.E) c.edT.Add(c.edT, c.D) - c.t.SetUint64(6) - c.t.ModInverse(c.t, c.P) - c.edT.Mul(c.edT, c.t) + t.SetUint64(6) + t.ModInverse(&t, c.P) + c.edT.Mul(c.edT, &t) c.edT.Mod(c.edT, c.P) return c.edS, c.edT } // Convert Weierstrass X,Y coordinates to twisted Edwards U,V -func XY2UV(curve *Curve, x, y *big.Int) (*big.Int, *big.Int) { - if !curve.IsEdwards() { +func XY2UV(c *Curve, x, y *big.Int) (*big.Int, *big.Int) { + if !c.IsEdwards() { panic("non twisted Edwards curve") } - edS, edT := curve.EdwardsST() - curve.t.Sub(x, edT) - curve.pos(curve.t) + edS, edT := c.EdwardsST() + var t big.Int + t.Sub(x, edT) + c.pos(&t) u := big.NewInt(0) - u.ModInverse(y, curve.P) - u.Mul(u, curve.t) - u.Mod(u, curve.P) - v := big.NewInt(0).Set(curve.t) + u.ModInverse(y, c.P) + u.Mul(u, &t) + u.Mod(u, c.P) + v := big.NewInt(0).Set(&t) v.Sub(v, edS) - curve.pos(v) - curve.t.Add(curve.t, edS) - curve.t.ModInverse(curve.t, curve.P) - v.Mul(v, curve.t) - v.Mod(v, curve.P) + c.pos(v) + t.Add(&t, edS) + t.ModInverse(&t, c.P) + v.Mul(v, &t) + v.Mod(v, c.P) return u, v } // Convert twisted Edwards U,V coordinates to Weierstrass X,Y -func UV2XY(curve *Curve, u, v *big.Int) (*big.Int, *big.Int) { - if !curve.IsEdwards() { +func UV2XY(c *Curve, u, v *big.Int) (*big.Int, *big.Int) { + if !c.IsEdwards() { panic("non twisted Edwards curve") } - edS, edT := curve.EdwardsST() - curve.tx.Add(bigInt1, v) - curve.tx.Mul(curve.tx, edS) - curve.tx.Mod(curve.tx, curve.P) - curve.ty.Sub(bigInt1, v) - curve.pos(curve.ty) + edS, edT := c.EdwardsST() + var tx, ty big.Int + tx.Add(bigInt1, v) + tx.Mul(&tx, edS) + tx.Mod(&tx, c.P) + ty.Sub(bigInt1, v) + c.pos(&ty) x := big.NewInt(0) - x.ModInverse(curve.ty, curve.P) - x.Mul(x, curve.tx) + x.ModInverse(&ty, c.P) + x.Mul(x, &tx) x.Add(x, edT) - x.Mod(x, curve.P) + x.Mod(x, c.P) y := big.NewInt(0) - y.Mul(u, curve.ty) - y.ModInverse(y, curve.P) - y.Mul(y, curve.tx) - y.Mod(y, curve.P) + y.Mul(u, &ty) + y.ModInverse(y, c.P) + y.Mul(y, &tx) + y.Mod(y, c.P) return x, y } diff --git a/news.texi b/news.texi index 049ee1f..3ffaae9 100644 --- a/news.texi +++ b/news.texi @@ -3,6 +3,10 @@ @table @strong +@anchor{Release 5.9.0} +@item 5.9.0 +@code{gost3410} is more thread-safe. + @anchor{Release 5.8.0} @item 5.8.0 Faster Kuznechik and ~3x faster Kuznechik-MGM.