diff options
| -rw-r--r-- | README.md | 2 | ||||
| -rw-r--r-- | common/src/main/java/cz/crcs/ectester/common/util/ECUtil.java | 19 | ||||
| -rw-r--r-- | standalone/src/main/resources/cz/crcs/ectester/standalone/libs/jni/mbedtls.c | 41 |
3 files changed, 34 insertions, 28 deletions
@@ -557,7 +557,7 @@ index;time[nano];pubW;privS;secret[NONE] ... ``` -It is recommended to disably [CPU frequency scaling](https://wiki.archlinux.org/index.php/CPU_frequency_scaling) of your processor before performing collection of timing data, as it adds significant noise to the data as it kicks in. Also, running the collection on very high priority and locked to a single core (`taskset -c 0`) helps as well. +It is recommended to disable [CPU frequency scaling](https://wiki.archlinux.org/index.php/CPU_frequency_scaling) of your processor before performing collection of timing data, as it adds significant noise to the data as it kicks in. Also, running the collection on very high priority and locked to a single core (`taskset -c 0`) helps as well. ## Analysis diff --git a/common/src/main/java/cz/crcs/ectester/common/util/ECUtil.java b/common/src/main/java/cz/crcs/ectester/common/util/ECUtil.java index 773644b..f9be536 100644 --- a/common/src/main/java/cz/crcs/ectester/common/util/ECUtil.java +++ b/common/src/main/java/cz/crcs/ectester/common/util/ECUtil.java @@ -61,7 +61,7 @@ public class ECUtil { } public static byte[] toX962Compressed(ECPoint point, ECParameterSpec spec) { - return toX962Compressed(point, spec.getOrder().bitLength()); + return toX962Compressed(point, spec.getCurve().getField().getFieldSize()); } public static byte[] toX962Uncompressed(ECPoint point, int bits) { @@ -74,7 +74,7 @@ public class ECUtil { } public static byte[] toX962Uncompressed(ECPoint point, ECParameterSpec spec) { - return toX962Uncompressed(point, spec.getOrder().bitLength()); + return toX962Uncompressed(point, spec.getCurve().getField().getFieldSize()); } public static byte[] toX962Hybrid(ECPoint point, int bits) { @@ -351,7 +351,8 @@ public class ECUtil { return null; } try { - int bitSize = params.getOrder().bitLength(); + BigInteger n = params.getOrder(); + int bitSize = n.bitLength(); // Hash the data. byte[] hash; if (hashAlgo == null || hashAlgo.equals("NONE")) { @@ -370,16 +371,16 @@ public class ECUtil { // Parse signature BigInteger[] sigPair; if (sigType.contains("CVC") || sigType.contains("PLAIN")) { - sigPair = PlainDSAEncoding.INSTANCE.decode(params.getOrder(), signature); + sigPair = PlainDSAEncoding.INSTANCE.decode(n, signature); } else { - sigPair = StandardDSAEncoding.INSTANCE.decode(params.getOrder(), signature); + sigPair = StandardDSAEncoding.INSTANCE.decode(n, signature); } BigInteger r = sigPair[0]; BigInteger s = sigPair[1]; - BigInteger rd = privkey.multiply(r).mod(params.getOrder()); - BigInteger hrd = hashInt.add(rd).mod(params.getOrder()); - return s.modInverse(params.getOrder()).multiply(hrd).mod(params.getOrder()); + BigInteger rd = privkey.multiply(r).mod(n); + BigInteger hrd = hashInt.add(rd).mod(n); + return s.modInverse(n).multiply(hrd).mod(n); } catch (NoSuchAlgorithmException | IOException | ArithmeticException ex) { ex.printStackTrace(); return null; @@ -456,7 +457,7 @@ public class ECUtil { } public static boolean equalKeyPairParameters(ECPrivateKey priv, ECPublicKey pub) { - if(priv == null || pub == null) { + if (priv == null || pub == null) { return false; } return priv.getParams().getCurve().equals(pub.getParams().getCurve()) && diff --git a/standalone/src/main/resources/cz/crcs/ectester/standalone/libs/jni/mbedtls.c b/standalone/src/main/resources/cz/crcs/ectester/standalone/libs/jni/mbedtls.c index 2cff6ff..d618de2 100644 --- a/standalone/src/main/resources/cz/crcs/ectester/standalone/libs/jni/mbedtls.c +++ b/standalone/src/main/resources/cz/crcs/ectester/standalone/libs/jni/mbedtls.c @@ -209,7 +209,7 @@ static jobject create_ec_param_spec(JNIEnv *env, const mbedtls_ecp_group *group) jobject field = (*env)->NewObject(env, fp_field_class, fp_field_init, p); jobject a; - if (group->A.p == NULL) { + if (mbedtls_ecp_group_a_is_minus_3(group)) { jmethodID biginteger_subtract = (*env)->GetMethodID(env, biginteger_class, "subtract", "(Ljava/math/BigInteger;)Ljava/math/BigInteger;"); jmethodID biginteger_valueof = (*env)->GetStaticMethodID(env, biginteger_class, "valueOf", "(J)Ljava/math/BigInteger;"); jobject three = (*env)->CallStaticObjectMethod(env, biginteger_class, biginteger_valueof, (jlong) 3); @@ -222,10 +222,15 @@ static jobject create_ec_param_spec(JNIEnv *env, const mbedtls_ecp_group *group) jmethodID elliptic_curve_init = (*env)->GetMethodID(env, elliptic_curve_class, "<init>", "(Ljava/security/spec/ECField;Ljava/math/BigInteger;Ljava/math/BigInteger;)V"); jobject elliptic_curve = (*env)->NewObject(env, elliptic_curve_class, elliptic_curve_init, field, a, b); - jobject gx = biginteger_from_mpi(env, &group->G.X); - jobject gy = biginteger_from_mpi(env, &group->G.Y); - jmethodID point_init = (*env)->GetMethodID(env, point_class, "<init>", "(Ljava/math/BigInteger;Ljava/math/BigInteger;)V"); - jobject g = (*env)->NewObject(env, point_class, point_init, gx, gy); + jclass ecutil_class = (*env)->FindClass(env, "cz/crcs/ectester/common/util/ECUtil"); + jmethodID from_X962 = (*env)->GetStaticMethodID(env, ecutil_class, "fromX962", "([BLjava/security/spec/EllipticCurve;)Ljava/security/spec/ECPoint;"); + size_t point_len; + mbedtls_ecp_point_write_binary(group, &group->G, MBEDTLS_ECP_PF_UNCOMPRESSED, &point_len, NULL, 0); + jbyteArray g_bytes = (*env)->NewByteArray(env, (jint) point_len); + jbyte *g_data = (*env)->GetByteArrayElements(env, g_bytes, NULL); + mbedtls_ecp_point_write_binary(group, &group->G, MBEDTLS_ECP_PF_UNCOMPRESSED, &point_len, g_data, point_len); + (*env)->ReleaseByteArrayElements(env, g_bytes, g_data, 0); + jobject g = (*env)->CallStaticObjectMethod(env, ecutil_class, from_X962, g_bytes, elliptic_curve); jobject n = biginteger_from_mpi(env, &group->N); jint h = 1; @@ -259,36 +264,36 @@ static void create_curve(JNIEnv *env, jobject params, mbedtls_ecp_group *group) jmethodID get_g = (*env)->GetMethodID(env, ec_parameter_spec_class, "getGenerator", "()Ljava/security/spec/ECPoint;"); jobject g = (*env)->CallObjectMethod(env, params, get_g); - jmethodID get_x = (*env)->GetMethodID(env, point_class, "getAffineX", "()Ljava/math/BigInteger;"); - jobject gx = (*env)->CallObjectMethod(env, g, get_x); - mpi_from_biginteger(env, gx, &group->G.X); - - jmethodID get_y = (*env)->GetMethodID(env, point_class, "getAffineY", "()Ljava/math/BigInteger;"); - jobject gy = (*env)->CallObjectMethod(env, g, get_y); - mpi_from_biginteger(env, gy, &group->G.Y); - - mbedtls_mpi_lset(&group->G.Z, 1); - + jclass ecutil_class = (*env)->FindClass(env, "cz/crcs/ectester/common/util/ECUtil"); + jmethodID to_uncompressed = (*env)->GetStaticMethodID(env, ecutil_class, "toX962Uncompressed", "(Ljava/security/spec/ECPoint;I)[B"); + jint bitsize = (jint) mbedtls_mpi_bitlen(&group->P); + jbyteArray point_array = (jbyteArray) (*env)->CallStaticObjectMethod(env, ecutil_class, to_uncompressed, g, bitsize); + jsize data_size = (*env)->GetArrayLength(env, point_array); + jbyte *point_data = (*env)->GetByteArrayElements(env, point_array, NULL); + mbedtls_ecp_point_read_binary(group, &group->G, point_data, data_size); + (*env)->ReleaseByteArrayElements(env, point_array, point_data, JNI_ABORT); + jmethodID get_n = (*env)->GetMethodID(env, ec_parameter_spec_class, "getOrder", "()Ljava/math/BigInteger;"); jobject n = (*env)->CallObjectMethod(env, params, get_n); mpi_from_biginteger(env, n, &group->N); group->pbits = group->nbits = mbedtls_mpi_bitlen(&group->P); - group->h = 0; } static jobject generate_from_curve(JNIEnv *env, mbedtls_ecp_group *group) { + static int gen_counter = 0; mbedtls_mpi d; mbedtls_mpi_init(&d); mbedtls_ecp_point Q; mbedtls_ecp_point_init(&Q); - if (ctr_drbg.reseed_counter >= ctr_drbg.reseed_interval) { + if (gen_counter >= MBEDTLS_CTR_DRBG_RESEED_INTERVAL/2) { // Reseed manually, outside of the timing window, to not disturb the timing data. // They are somewhat disturbed anyway, but we cannot really get rid of that easily. // We also help it by using a wrapper and pausing for random gen. mbedtls_ctr_drbg_reseed(&ctr_drbg, NULL, 0); } + gen_counter++; native_timing_start(); int error = mbedtls_ecp_gen_keypair(group, &d, &Q, ctr_drbg_wrapper, &ctr_drbg); @@ -541,4 +546,4 @@ JNIEXPORT jboolean JNICALL Java_cz_crcs_ectester_standalone_libs_jni_NativeSigna } return JNI_TRUE; -}
\ No newline at end of file +} |