diff options
| author | bill_ofarrell <billo@ca.ibm.com> | 2019-05-16 12:45:52 -0400 |
|---|---|---|
| committer | Michael Munday <mike.munday@ibm.com> | 2019-05-24 08:16:32 +0000 |
| commit | 7e5bc4775f12a5612a2f0bea1322af4bb8b24892 (patch) | |
| tree | b2c4c11dd5057d3276d57c1051f1fa1e98b510b1 /src/crypto/ecdsa/ecdsa.go | |
| parent | b84e0bc61a1742309f57deace17e5b8748c33fd7 (diff) | |
| download | go-7e5bc4775f12a5612a2f0bea1322af4bb8b24892.tar.gz go-7e5bc4775f12a5612a2f0bea1322af4bb8b24892.zip | |
crypto/ecdsa: implement ecdsa on s390x for P256/P384/P521 using KDSA instruction
Utilize KDSA when available. This guarantees constant time operation on all three curves mentioned,
and is faster than conventional assembly. The IBM Z model(s) that support KDSA as used in this CL
are not yet publicly available, and so we are unable to release performance data at this time.
Change-Id: I85360dcf90fe42d2bf32afe3f638e282de10a518
Reviewed-on: https://go-review.googlesource.com/c/go/+/174437
Run-TryBot: Michael Munday <mike.munday@ibm.com>
Reviewed-by: Michael Munday <mike.munday@ibm.com>
Diffstat (limited to 'src/crypto/ecdsa/ecdsa.go')
| -rw-r--r-- | src/crypto/ecdsa/ecdsa.go | 19 |
1 files changed, 13 insertions, 6 deletions
diff --git a/src/crypto/ecdsa/ecdsa.go b/src/crypto/ecdsa/ecdsa.go index e059f181c7..ddc3b35ba3 100644 --- a/src/crypto/ecdsa/ecdsa.go +++ b/src/crypto/ecdsa/ecdsa.go @@ -21,13 +21,12 @@ import ( "crypto/aes" "crypto/cipher" "crypto/elliptic" + "crypto/internal/randutil" "crypto/sha512" "encoding/asn1" "errors" "io" "math/big" - - "crypto/internal/randutil" ) // A invertible implements fast inverse mod Curve.Params().N @@ -190,14 +189,21 @@ func Sign(rand io.Reader, priv *PrivateKey, hash []byte) (r, s *big.Int, err err // See [NSA] 3.4.1 c := priv.PublicKey.Curve + e := hashToInt(hash, c) + r, s, err = sign(priv, &csprng, c, e) + return +} + +func signGeneric(priv *PrivateKey, csprng *cipher.StreamReader, c elliptic.Curve, e *big.Int) (r, s *big.Int, err error) { N := c.Params().N if N.Sign() == 0 { return nil, nil, errZeroParam } + var k, kInv *big.Int for { for { - k, err = randFieldElement(c, csprng) + k, err = randFieldElement(c, *csprng) if err != nil { r = nil return @@ -215,8 +221,6 @@ func Sign(rand io.Reader, priv *PrivateKey, hash []byte) (r, s *big.Int, err err break } } - - e := hashToInt(hash, c) s = new(big.Int).Mul(priv.D, r) s.Add(s, e) s.Mul(s, kInv) @@ -225,7 +229,6 @@ func Sign(rand io.Reader, priv *PrivateKey, hash []byte) (r, s *big.Int, err err break } } - return } @@ -243,8 +246,12 @@ func Verify(pub *PublicKey, hash []byte, r, s *big.Int) bool { return false } e := hashToInt(hash, c) + return verify(pub, c, e, r, s) +} +func verifyGeneric(pub *PublicKey, c elliptic.Curve, e, r, s *big.Int) bool { var w *big.Int + N := c.Params().N if in, ok := c.(invertible); ok { w = in.Inverse(s) } else { |