diff --git a/src/cli/perf_ec.cpp b/src/cli/perf_ec.cpp index 0652f0551cc..cc72ab20905 100644 --- a/src/cli/perf_ec.cpp +++ b/src/cli/perf_ec.cpp @@ -43,8 +43,6 @@ class PerfTest_EllipticCurve final : public PerfTest { auto h2c_nu_timer = config.make_timer(group_name + " hash to curve (NU)"); auto h2c_ro_timer = config.make_timer(group_name + " hash to curve (RO)"); - std::vector ws; - auto g = Botan::EC_AffinePoint::generator(group); const bool h2c_supported = [&]() { @@ -58,8 +56,8 @@ class PerfTest_EllipticCurve final : public PerfTest { while(bp_timer->under(run) && vp_timer->under(run)) { const auto k = Botan::EC_Scalar::random(group, rng); - const auto r1 = bp_timer->run([&]() { return Botan::EC_AffinePoint::g_mul(k, rng, ws); }); - const auto r2 = vp_timer->run([&]() { return g.mul(k, rng, ws); }); + const auto r1 = bp_timer->run([&]() { return Botan::EC_AffinePoint::g_mul(k, rng); }); + const auto r2 = vp_timer->run([&]() { return g.mul(k, rng); }); const auto r1_bytes = r1.serialize_uncompressed(); const auto r2_bytes = r2.serialize_uncompressed(); diff --git a/src/cli/timing_tests.cpp b/src/cli/timing_tests.cpp index e735628dee5..9f8e2d3a96e 100644 --- a/src/cli/timing_tests.cpp +++ b/src/cli/timing_tests.cpp @@ -265,7 +265,6 @@ class ECDSA_Timing_Test final : public Timing_Test { const Botan::EC_Scalar m_x; Botan::EC_Scalar m_b; Botan::EC_Scalar m_b_inv; - std::vector m_ws; }; ECDSA_Timing_Test::ECDSA_Timing_Test(const std::string& ecgroup) : @@ -283,7 +282,7 @@ uint64_t ECDSA_Timing_Test::measure_critical_function(const std::vector TimingTestTimer timer; // the following ECDSA operations involve and should not leak any information about k - const auto r = Botan::EC_Scalar::gk_x_mod_order(k, timing_test_rng(), m_ws); + const auto r = Botan::EC_Scalar::gk_x_mod_order(k, timing_test_rng()); const auto k_inv = k.invert(); m_b.square_self(); m_b_inv.square_self(); @@ -306,14 +305,13 @@ class ECC_Mul_Timing_Test final : public Timing_Test { private: const Botan::EC_Group m_group; - std::vector m_ws; }; uint64_t ECC_Mul_Timing_Test::measure_critical_function(const std::vector& input) { const auto k = Botan::EC_Scalar::from_bytes_with_trunc(m_group, input); TimingTestTimer timer; - const auto kG = Botan::EC_AffinePoint::g_mul(k, timing_test_rng(), m_ws); + const auto kG = Botan::EC_AffinePoint::g_mul(k, timing_test_rng()); return timer.complete(); } diff --git a/src/lib/pubkey/ec_group/ec_apoint.cpp b/src/lib/pubkey/ec_group/ec_apoint.cpp index 41f2aa50ab6..f9387afd19d 100644 --- a/src/lib/pubkey/ec_group/ec_apoint.cpp +++ b/src/lib/pubkey/ec_group/ec_apoint.cpp @@ -133,19 +133,17 @@ std::optional EC_AffinePoint::deserialize(const EC_Group& group, } } -EC_AffinePoint EC_AffinePoint::g_mul(const EC_Scalar& scalar, RandomNumberGenerator& rng, std::vector& ws) { - auto pt = scalar._inner().group()->point_g_mul(scalar.inner(), rng, ws); +EC_AffinePoint EC_AffinePoint::g_mul(const EC_Scalar& scalar, RandomNumberGenerator& rng) { + auto pt = scalar._inner().group()->point_g_mul(scalar.inner(), rng); return EC_AffinePoint(std::move(pt)); } -EC_AffinePoint EC_AffinePoint::mul(const EC_Scalar& scalar, RandomNumberGenerator& rng, std::vector& ws) const { - return EC_AffinePoint(inner().mul(scalar._inner(), rng, ws)); +EC_AffinePoint EC_AffinePoint::mul(const EC_Scalar& scalar, RandomNumberGenerator& rng) const { + return EC_AffinePoint(inner().mul(scalar._inner(), rng)); } -secure_vector EC_AffinePoint::mul_x_only(const EC_Scalar& scalar, - RandomNumberGenerator& rng, - std::vector& ws) const { - return inner().mul_x_only(scalar._inner(), rng, ws); +secure_vector EC_AffinePoint::mul_x_only(const EC_Scalar& scalar, RandomNumberGenerator& rng) const { + return inner().mul_x_only(scalar._inner(), rng); } std::optional EC_AffinePoint::mul_px_qy(const EC_AffinePoint& p, diff --git a/src/lib/pubkey/ec_group/ec_apoint.h b/src/lib/pubkey/ec_group/ec_apoint.h index 5c28ce02b3e..14c3ecc31f9 100644 --- a/src/lib/pubkey/ec_group/ec_apoint.h +++ b/src/lib/pubkey/ec_group/ec_apoint.h @@ -51,9 +51,13 @@ class BOTAN_UNSTABLE_API EC_AffinePoint final { static std::optional from_bigint_xy(const EC_Group& group, const BigInt& x, const BigInt& y); /// Multiply by the group generator returning a complete point - /// - /// Workspace argument is transitional - static EC_AffinePoint g_mul(const EC_Scalar& scalar, RandomNumberGenerator& rng, std::vector& ws); + static EC_AffinePoint g_mul(const EC_Scalar& scalar, RandomNumberGenerator& rng); + + BOTAN_DEPRECATED("Use version without workspace arg") + static EC_AffinePoint g_mul(const EC_Scalar& scalar, RandomNumberGenerator& rng, std::vector& ws) { + BOTAN_UNUSED(ws); + return EC_AffinePoint::g_mul(scalar, rng); + } /// Return the identity element static EC_AffinePoint identity(const EC_Group& group); @@ -78,16 +82,16 @@ class BOTAN_UNSTABLE_API EC_AffinePoint final { std::span domain_sep); /// Multiply a point by a scalar returning a complete point - /// - /// Workspace argument is transitional - EC_AffinePoint mul(const EC_Scalar& scalar, RandomNumberGenerator& rng, std::vector& ws) const; + EC_AffinePoint mul(const EC_Scalar& scalar, RandomNumberGenerator& rng) const; + + BOTAN_DEPRECATED("Use version without workspace arg") + EC_AffinePoint mul(const EC_Scalar& scalar, RandomNumberGenerator& rng, std::vector& ws) const { + BOTAN_UNUSED(ws); + return this->mul(scalar, rng); + } /// Multiply a point by a scalar, returning the byte encoding of the x coordinate only - /// - /// Workspace argument is transitional - secure_vector mul_x_only(const EC_Scalar& scalar, - RandomNumberGenerator& rng, - std::vector& ws) const; + secure_vector mul_x_only(const EC_Scalar& scalar, RandomNumberGenerator& rng) const; /// Compute 2-ary multiscalar multiplication - p*x + q*y /// diff --git a/src/lib/pubkey/ec_group/ec_group.h b/src/lib/pubkey/ec_group/ec_group.h index dfc13cee21d..bd9b03b2343 100644 --- a/src/lib/pubkey/ec_group/ec_group.h +++ b/src/lib/pubkey/ec_group/ec_group.h @@ -438,14 +438,15 @@ class BOTAN_PUBLIC_API(2, 0) EC_Group final { * Blinded point multiplication, attempts resistance to side channels * @param k_bn the scalar * @param rng a random number generator - * @param ws a temp workspace + * @param ws a (no longer used) temp workspace * @return base_point*k */ BOTAN_DEPRECATED("Use EC_AffinePoint and EC_Scalar") EC_Point blinded_base_point_multiply(const BigInt& k_bn, RandomNumberGenerator& rng, std::vector& ws) const { + BOTAN_UNUSED(ws); auto k = EC_Scalar::from_bigint(*this, k_bn); - auto pt = EC_AffinePoint::g_mul(k, rng, ws); + auto pt = EC_AffinePoint::g_mul(k, rng); return pt.to_legacy_point(); } @@ -455,14 +456,15 @@ class BOTAN_PUBLIC_API(2, 0) EC_Group final { * * @param k_bn the scalar * @param rng a random number generator - * @param ws a temp workspace + * @param ws a (no longer used) temp workspace * @return x coordinate of base_point*k */ BOTAN_DEPRECATED("Use EC_AffinePoint and EC_Scalar") BigInt blinded_base_point_multiply_x(const BigInt& k_bn, RandomNumberGenerator& rng, std::vector& ws) const { + BOTAN_UNUSED(ws); auto k = EC_Scalar::from_bigint(*this, k_bn); - return BigInt(EC_AffinePoint::g_mul(k, rng, ws).x_bytes()); + return BigInt(EC_AffinePoint::g_mul(k, rng).x_bytes()); } /** @@ -470,7 +472,7 @@ class BOTAN_PUBLIC_API(2, 0) EC_Group final { * @param point input point * @param k_bn the scalar * @param rng a random number generator - * @param ws a temp workspace + * @param ws a (no longer used) temp workspace * @return point*k */ BOTAN_DEPRECATED("Use EC_AffinePoint and EC_Scalar") @@ -478,9 +480,10 @@ class BOTAN_PUBLIC_API(2, 0) EC_Group final { const BigInt& k_bn, RandomNumberGenerator& rng, std::vector& ws) const { + BOTAN_UNUSED(ws); auto k = EC_Scalar::from_bigint(*this, k_bn); auto pt = EC_AffinePoint(*this, point); - return pt.mul(k, rng, ws).to_legacy_point(); + return pt.mul(k, rng).to_legacy_point(); } /** diff --git a/src/lib/pubkey/ec_group/ec_inner_data.cpp b/src/lib/pubkey/ec_group/ec_inner_data.cpp index c48d2d47223..29820efbd17 100644 --- a/src/lib/pubkey/ec_group/ec_inner_data.cpp +++ b/src/lib/pubkey/ec_group/ec_inner_data.cpp @@ -222,8 +222,7 @@ std::unique_ptr EC_Group_Data::scalar_from_bigint(const BigInt& } std::unique_ptr EC_Group_Data::gk_x_mod_order(const EC_Scalar_Data& scalar, - RandomNumberGenerator& rng, - std::vector& ws) const { + RandomNumberGenerator& rng) const { if(m_pcurve) { const auto& k = EC_Scalar_Data_PC::checked_ref(scalar); auto gk_x_mod_order = m_pcurve->base_point_mul_x_mod_order(k.value(), rng); @@ -232,6 +231,7 @@ std::unique_ptr EC_Group_Data::gk_x_mod_order(const EC_Scalar_Da #if defined(BOTAN_HAS_LEGACY_EC_POINT) const auto& k = EC_Scalar_Data_BN::checked_ref(scalar); BOTAN_STATE_CHECK(m_base_mult != nullptr); + std::vector ws; const auto pt = m_base_mult->mul(k.value(), rng, m_order, ws); if(pt.is_zero()) { @@ -240,7 +240,6 @@ std::unique_ptr EC_Group_Data::gk_x_mod_order(const EC_Scalar_Da return std::make_unique(shared_from_this(), mod_order(pt.get_affine_x())); } #else - BOTAN_UNUSED(ws); throw Not_Implemented("Legacy EC interfaces disabled in this build configuration"); #endif } @@ -315,8 +314,7 @@ std::unique_ptr EC_Group_Data::point_hash_to_curve_nu(std:: } std::unique_ptr EC_Group_Data::point_g_mul(const EC_Scalar_Data& scalar, - RandomNumberGenerator& rng, - std::vector& ws) const { + RandomNumberGenerator& rng) const { if(m_pcurve) { const auto& k = EC_Scalar_Data_PC::checked_ref(scalar); auto pt = m_pcurve->mul_by_g(k.value(), rng).to_affine(); @@ -327,10 +325,10 @@ std::unique_ptr EC_Group_Data::point_g_mul(const EC_Scalar_ const auto& bn = EC_Scalar_Data_BN::checked_ref(scalar); BOTAN_STATE_CHECK(group->m_base_mult != nullptr); + std::vector ws; auto pt = group->m_base_mult->mul(bn.value(), rng, m_order, ws); return std::make_unique(shared_from_this(), std::move(pt)); #else - BOTAN_UNUSED(ws); throw Not_Implemented("Legacy EC interfaces disabled in this build configuration"); #endif } diff --git a/src/lib/pubkey/ec_group/ec_inner_data.h b/src/lib/pubkey/ec_group/ec_inner_data.h index d861ac5d116..35e8cca0ef0 100644 --- a/src/lib/pubkey/ec_group/ec_inner_data.h +++ b/src/lib/pubkey/ec_group/ec_inner_data.h @@ -92,12 +92,9 @@ class EC_AffinePoint_Data { virtual void serialize_uncompressed_to(std::span bytes) const = 0; virtual std::unique_ptr mul(const EC_Scalar_Data& scalar, - RandomNumberGenerator& rng, - std::vector& ws) const = 0; + RandomNumberGenerator& rng) const = 0; - virtual secure_vector mul_x_only(const EC_Scalar_Data& scalar, - RandomNumberGenerator& rng, - std::vector& ws) const = 0; + virtual secure_vector mul_x_only(const EC_Scalar_Data& scalar, RandomNumberGenerator& rng) const = 0; #if defined(BOTAN_HAS_LEGACY_EC_POINT) virtual EC_Point to_legacy_point() const = 0; @@ -244,9 +241,7 @@ class EC_Group_Data final : public std::enable_shared_from_this { std::unique_ptr scalar_one() const; - std::unique_ptr gk_x_mod_order(const EC_Scalar_Data& scalar, - RandomNumberGenerator& rng, - std::vector& ws) const; + std::unique_ptr gk_x_mod_order(const EC_Scalar_Data& scalar, RandomNumberGenerator& rng) const; /// Deserialize a point /// @@ -261,9 +256,7 @@ class EC_Group_Data final : public std::enable_shared_from_this { std::span input, std::span domain_sep) const; - std::unique_ptr point_g_mul(const EC_Scalar_Data& scalar, - RandomNumberGenerator& rng, - std::vector& ws) const; + std::unique_ptr point_g_mul(const EC_Scalar_Data& scalar, RandomNumberGenerator& rng) const; std::unique_ptr mul_px_qy(const EC_AffinePoint_Data& p, const EC_Scalar_Data& x, diff --git a/src/lib/pubkey/ec_group/ec_inner_pc.cpp b/src/lib/pubkey/ec_group/ec_inner_pc.cpp index 795eef34dc0..1a643cef5ca 100644 --- a/src/lib/pubkey/ec_group/ec_inner_pc.cpp +++ b/src/lib/pubkey/ec_group/ec_inner_pc.cpp @@ -118,10 +118,7 @@ const std::shared_ptr& EC_AffinePoint_Data_PC::group() cons } std::unique_ptr EC_AffinePoint_Data_PC::mul(const EC_Scalar_Data& scalar, - RandomNumberGenerator& rng, - std::vector& ws) const { - BOTAN_UNUSED(ws); - + RandomNumberGenerator& rng) const { BOTAN_ARG_CHECK(scalar.group() == m_group, "Curve mismatch"); const auto& k = EC_Scalar_Data_PC::checked_ref(scalar).value(); auto pt = m_group->pcurve().mul(m_pt, k, rng).to_affine(); @@ -129,10 +126,7 @@ std::unique_ptr EC_AffinePoint_Data_PC::mul(const EC_Scalar } secure_vector EC_AffinePoint_Data_PC::mul_x_only(const EC_Scalar_Data& scalar, - RandomNumberGenerator& rng, - std::vector& ws) const { - BOTAN_UNUSED(ws); - + RandomNumberGenerator& rng) const { BOTAN_ARG_CHECK(scalar.group() == m_group, "Curve mismatch"); const auto& k = EC_Scalar_Data_PC::checked_ref(scalar).value(); return m_group->pcurve().mul_x_only(m_pt, k, rng); diff --git a/src/lib/pubkey/ec_group/ec_inner_pc.h b/src/lib/pubkey/ec_group/ec_inner_pc.h index 55fb26df537..d9ee8978e8c 100644 --- a/src/lib/pubkey/ec_group/ec_inner_pc.h +++ b/src/lib/pubkey/ec_group/ec_inner_pc.h @@ -79,13 +79,9 @@ class EC_AffinePoint_Data_PC final : public EC_AffinePoint_Data { void serialize_uncompressed_to(std::span bytes) const override; - std::unique_ptr mul(const EC_Scalar_Data& scalar, - RandomNumberGenerator& rng, - std::vector& ws) const override; + std::unique_ptr mul(const EC_Scalar_Data& scalar, RandomNumberGenerator& rng) const override; - secure_vector mul_x_only(const EC_Scalar_Data& scalar, - RandomNumberGenerator& rng, - std::vector& ws) const override; + secure_vector mul_x_only(const EC_Scalar_Data& scalar, RandomNumberGenerator& rng) const override; const PCurve::PrimeOrderCurve::AffinePoint& value() const { return m_pt; } diff --git a/src/lib/pubkey/ec_group/ec_scalar.cpp b/src/lib/pubkey/ec_group/ec_scalar.cpp index c207f74ee21..66b623630d9 100644 --- a/src/lib/pubkey/ec_group/ec_scalar.cpp +++ b/src/lib/pubkey/ec_group/ec_scalar.cpp @@ -76,9 +76,9 @@ BigInt EC_Scalar::to_bigint() const { return BigInt::from_bytes(bytes); } -EC_Scalar EC_Scalar::gk_x_mod_order(const EC_Scalar& scalar, RandomNumberGenerator& rng, std::vector& ws) { +EC_Scalar EC_Scalar::gk_x_mod_order(const EC_Scalar& scalar, RandomNumberGenerator& rng) { const auto& group = scalar._inner().group(); - return EC_Scalar(group->gk_x_mod_order(scalar.inner(), rng, ws)); + return EC_Scalar(group->gk_x_mod_order(scalar.inner(), rng)); } void EC_Scalar::serialize_to(std::span bytes) const { diff --git a/src/lib/pubkey/ec_group/ec_scalar.h b/src/lib/pubkey/ec_group/ec_scalar.h index dfc92f521d0..b8460cac270 100644 --- a/src/lib/pubkey/ec_group/ec_scalar.h +++ b/src/lib/pubkey/ec_group/ec_scalar.h @@ -92,10 +92,14 @@ class BOTAN_UNSTABLE_API EC_Scalar final { * Compute the elliptic curve scalar multiplication (g*k) where g is the * standard base point on the curve. Then extract the x coordinate of * the resulting point, and reduce it modulo the group order. - * - * Workspace argument is transitional */ - static EC_Scalar gk_x_mod_order(const EC_Scalar& scalar, RandomNumberGenerator& rng, std::vector& ws); + static EC_Scalar gk_x_mod_order(const EC_Scalar& scalar, RandomNumberGenerator& rng); + + BOTAN_DEPRECATED("Use version without workspace arg") + static EC_Scalar gk_x_mod_order(const EC_Scalar& scalar, RandomNumberGenerator& rng, std::vector& ws) { + BOTAN_UNUSED(ws); + return EC_Scalar::gk_x_mod_order(scalar, rng); + } /** * Return the byte size of this scalar diff --git a/src/lib/pubkey/ec_group/legacy_ec_point/ec_inner_bn.cpp b/src/lib/pubkey/ec_group/legacy_ec_point/ec_inner_bn.cpp index 8d583d138b3..7da4d80b16e 100644 --- a/src/lib/pubkey/ec_group/legacy_ec_point/ec_inner_bn.cpp +++ b/src/lib/pubkey/ec_group/legacy_ec_point/ec_inner_bn.cpp @@ -96,11 +96,11 @@ const std::shared_ptr& EC_AffinePoint_Data_BN::group() cons } std::unique_ptr EC_AffinePoint_Data_BN::mul(const EC_Scalar_Data& scalar, - RandomNumberGenerator& rng, - std::vector& ws) const { + RandomNumberGenerator& rng) const { BOTAN_ARG_CHECK(scalar.group() == m_group, "Curve mismatch"); const auto& bn = EC_Scalar_Data_BN::checked_ref(scalar); + std::vector ws; EC_Point_Var_Point_Precompute mul(m_pt, rng, ws); // We pass order*cofactor here to "correctly" handle the case where the @@ -114,11 +114,11 @@ std::unique_ptr EC_AffinePoint_Data_BN::mul(const EC_Scalar } secure_vector EC_AffinePoint_Data_BN::mul_x_only(const EC_Scalar_Data& scalar, - RandomNumberGenerator& rng, - std::vector& ws) const { + RandomNumberGenerator& rng) const { BOTAN_ARG_CHECK(scalar.group() == m_group, "Curve mismatch"); const auto& bn = EC_Scalar_Data_BN::checked_ref(scalar); + std::vector ws; EC_Point_Var_Point_Precompute mul(m_pt, rng, ws); // We pass order*cofactor here to "correctly" handle the case where the diff --git a/src/lib/pubkey/ec_group/legacy_ec_point/ec_inner_bn.h b/src/lib/pubkey/ec_group/legacy_ec_point/ec_inner_bn.h index 4d48ad86822..f05f0c5751d 100644 --- a/src/lib/pubkey/ec_group/legacy_ec_point/ec_inner_bn.h +++ b/src/lib/pubkey/ec_group/legacy_ec_point/ec_inner_bn.h @@ -76,13 +76,9 @@ class EC_AffinePoint_Data_BN final : public EC_AffinePoint_Data { void serialize_uncompressed_to(std::span bytes) const override; - std::unique_ptr mul(const EC_Scalar_Data& scalar, - RandomNumberGenerator& rng, - std::vector& ws) const override; + std::unique_ptr mul(const EC_Scalar_Data& scalar, RandomNumberGenerator& rng) const override; - secure_vector mul_x_only(const EC_Scalar_Data& scalar, - RandomNumberGenerator& rng, - std::vector& ws) const override; + secure_vector mul_x_only(const EC_Scalar_Data& scalar, RandomNumberGenerator& rng) const override; EC_Point to_legacy_point() const override { return m_pt; } diff --git a/src/lib/pubkey/ecc_key/ec_key_data.cpp b/src/lib/pubkey/ecc_key/ec_key_data.cpp index 583de99f632..97884e40958 100644 --- a/src/lib/pubkey/ecc_key/ec_key_data.cpp +++ b/src/lib/pubkey/ecc_key/ec_key_data.cpp @@ -60,11 +60,10 @@ EC_PrivateKey_Data::EC_PrivateKey_Data(EC_Group group, std::span std::shared_ptr EC_PrivateKey_Data::public_key(RandomNumberGenerator& rng, bool with_modular_inverse) const { auto public_point = [&] { - std::vector ws; if(with_modular_inverse) { - return EC_AffinePoint::g_mul(m_scalar.invert(), rng, ws); + return EC_AffinePoint::g_mul(m_scalar.invert(), rng); } else { - return EC_AffinePoint::g_mul(m_scalar, rng, ws); + return EC_AffinePoint::g_mul(m_scalar, rng); } }; diff --git a/src/lib/pubkey/ecdh/ecdh.cpp b/src/lib/pubkey/ecdh/ecdh.cpp index bd0368b56bc..9907523d580 100644 --- a/src/lib/pubkey/ecdh/ecdh.cpp +++ b/src/lib/pubkey/ecdh/ecdh.cpp @@ -37,13 +37,13 @@ class ECDH_KA_Operation final : public PK_Ops::Key_Agreement_with_KDF { if(m_group.has_cofactor()) { #if defined(BOTAN_HAS_LEGACY_EC_POINT) EC_AffinePoint input_point(m_group, m_group.get_cofactor() * m_group.OS2ECP(w, w_len)); - return input_point.mul_x_only(m_l_times_priv, m_rng, m_ws); + return input_point.mul_x_only(m_l_times_priv, m_rng); #else throw Not_Implemented("Support for DH with cofactor adjustment not available in this build configuration"); #endif } else { if(auto input_point = EC_AffinePoint::deserialize(m_group, {w, w_len})) { - return input_point->mul_x_only(m_l_times_priv, m_rng, m_ws); + return input_point->mul_x_only(m_l_times_priv, m_rng); } else { throw Decoding_Error("ECDH - Invalid elliptic curve point"); } @@ -66,7 +66,6 @@ class ECDH_KA_Operation final : public PK_Ops::Key_Agreement_with_KDF { const EC_Group m_group; const EC_Scalar m_l_times_priv; RandomNumberGenerator& m_rng; - std::vector m_ws; }; } // namespace diff --git a/src/lib/pubkey/ecdsa/ecdsa.cpp b/src/lib/pubkey/ecdsa/ecdsa.cpp index 665f1f27c0e..438498e025b 100644 --- a/src/lib/pubkey/ecdsa/ecdsa.cpp +++ b/src/lib/pubkey/ecdsa/ecdsa.cpp @@ -147,8 +147,6 @@ class ECDSA_Signature_Operation final : public PK_Ops::Signature_with_Hash { std::unique_ptr m_rfc6979; #endif - std::vector m_ws; - EC_Scalar m_b; EC_Scalar m_b_inv; }; @@ -168,7 +166,7 @@ std::vector ECDSA_Signature_Operation::raw_sign(std::span m_ws; }; AlgorithmIdentifier ECGDSA_Signature_Operation::algorithm_identifier() const { @@ -62,7 +61,7 @@ std::vector ECGDSA_Signature_Operation::raw_sign(std::span raw_agree(const uint8_t w[], size_t w_len) override { const EC_Group& group = m_key.domain(); if(auto input_point = EC_AffinePoint::deserialize(group, {w, w_len})) { - return input_point->mul(m_key._private_key(), m_rng, m_ws).x_bytes(); + return input_point->mul(m_key._private_key(), m_rng).x_bytes(); } else { throw Decoding_Error("ECIES - Invalid elliptic curve point"); } @@ -79,7 +79,6 @@ class ECIES_ECDH_KA_Operation final : public PK_Ops::Key_Agreement_with_KDF { private: ECIES_PrivateKey m_key; RandomNumberGenerator& m_rng; - std::vector m_ws; }; std::unique_ptr ECIES_PrivateKey::create_key_agreement_op(RandomNumberGenerator& rng, @@ -179,10 +178,9 @@ SymmetricKey ECIES_KA_Operation::derive_secret(std::span eph_publ // ISO 18033: step b if(m_params.old_cofactor_mode() && m_params.domain().has_cofactor()) { - std::vector ws; Null_RNG null_rng; auto cofactor = EC_Scalar::from_bigint(m_params.domain(), m_params.domain().get_cofactor()); - other_point = other_point.mul(cofactor, null_rng, ws); + other_point = other_point.mul(cofactor, null_rng); } secure_vector derivation_input; diff --git a/src/lib/pubkey/eckcdsa/eckcdsa.cpp b/src/lib/pubkey/eckcdsa/eckcdsa.cpp index 6607fd37f86..7451f70c84f 100644 --- a/src/lib/pubkey/eckcdsa/eckcdsa.cpp +++ b/src/lib/pubkey/eckcdsa/eckcdsa.cpp @@ -150,7 +150,6 @@ class ECKCDSA_Signature_Operation final : public PK_Ops::Signature { const EC_Scalar m_x; std::unique_ptr m_hash; std::vector m_prefix; - std::vector m_ws; bool m_prefix_used; }; @@ -165,7 +164,7 @@ std::vector ECKCDSA_Signature_Operation::raw_sign(std::spanupdate(EC_AffinePoint::g_mul(k, rng, m_ws).x_bytes()); + m_hash->update(EC_AffinePoint::g_mul(k, rng).x_bytes()); auto c = m_hash->final_stdvec(); truncate_hash_if_needed(c, m_group.get_order_bytes()); diff --git a/src/lib/pubkey/gost_3410/gost_3410.cpp b/src/lib/pubkey/gost_3410/gost_3410.cpp index e66d8655aa4..8572deb7341 100644 --- a/src/lib/pubkey/gost_3410/gost_3410.cpp +++ b/src/lib/pubkey/gost_3410/gost_3410.cpp @@ -136,7 +136,6 @@ class GOST_3410_Signature_Operation final : public PK_Ops::Signature_with_Hash { private: const EC_Group m_group; const EC_Scalar m_x; - std::vector m_ws; }; AlgorithmIdentifier GOST_3410_Signature_Operation::algorithm_identifier() const { @@ -166,7 +165,7 @@ std::vector GOST_3410_Signature_Operation::raw_sign(std::span m_za; secure_vector m_digest; std::unique_ptr m_hash; - std::vector m_ws; }; std::vector SM2_Signature_Operation::sign(RandomNumberGenerator& rng) { @@ -151,7 +150,7 @@ std::vector SM2_Signature_Operation::sign(RandomNumberGenerator& rng) { const auto k = EC_Scalar::random(m_group, rng); - const auto r = EC_Scalar::gk_x_mod_order(k, rng, m_ws) + e; + const auto r = EC_Scalar::gk_x_mod_order(k, rng) + e; const auto s = (k - r * m_x) * m_da_inv; return EC_Scalar::serialize_pair(r, s); diff --git a/src/lib/pubkey/sm2/sm2_enc.cpp b/src/lib/pubkey/sm2/sm2_enc.cpp index 34cfd193cf6..2185a1ad558 100644 --- a/src/lib/pubkey/sm2/sm2_enc.cpp +++ b/src/lib/pubkey/sm2/sm2_enc.cpp @@ -42,9 +42,9 @@ class SM2_Encryption_Operation final : public PK_Ops::Encryption { std::vector encrypt(std::span msg, RandomNumberGenerator& rng) override { const auto k = EC_Scalar::random(m_group, rng); - const EC_AffinePoint C1 = EC_AffinePoint::g_mul(k, rng, m_ws); + const EC_AffinePoint C1 = EC_AffinePoint::g_mul(k, rng); - const EC_AffinePoint kPB = m_peer.mul(k, rng, m_ws); + const EC_AffinePoint kPB = m_peer.mul(k, rng); const auto x2_bytes = kPB.x_bytes(); const auto y2_bytes = kPB.y_bytes(); @@ -80,7 +80,6 @@ class SM2_Encryption_Operation final : public PK_Ops::Encryption { const EC_AffinePoint m_peer; std::unique_ptr m_hash; std::unique_ptr m_kdf; - std::vector m_ws; }; class SM2_Decryption_Operation final : public PK_Ops::Decryption { @@ -155,7 +154,7 @@ class SM2_Decryption_Operation final : public PK_Ops::Decryption { return secure_vector(); } - const auto dbC1 = C1->mul(m_x, m_rng, m_ws); + const auto dbC1 = C1->mul(m_x, m_rng); const auto x2_bytes = dbC1.x_bytes(); const auto y2_bytes = dbC1.y_bytes(); diff --git a/src/tests/test_ec_group.cpp b/src/tests/test_ec_group.cpp index 0654fcf8a24..9b2e1784b45 100644 --- a/src/tests/test_ec_group.cpp +++ b/src/tests/test_ec_group.cpp @@ -531,11 +531,9 @@ class EC_PointEnc_Tests final : public Test { result.start_timer(); - std::vector ws; - for(size_t trial = 0; trial != 100; ++trial) { const auto scalar = Botan::EC_Scalar::random(group, rng); - const auto pt = Botan::EC_AffinePoint::g_mul(scalar, rng, ws); + const auto pt = Botan::EC_AffinePoint::g_mul(scalar, rng); const auto pt_u = pt.serialize_uncompressed(); result.test_eq("Expected uncompressed header", static_cast(pt_u[0]), 0x04); @@ -596,8 +594,6 @@ class EC_Point_Arithmetic_Tests final : public Test { auto& rng = Test::rng(); - std::vector ws; - for(const auto& group_id : Botan::EC_Group::known_named_groups()) { const auto group = Botan::EC_Group::from_name(group_id); @@ -610,13 +606,13 @@ class EC_Point_Arithmetic_Tests final : public Test { const auto g = Botan::EC_AffinePoint::generator(group); const auto g_bytes = g.serialize_uncompressed(); - const auto id = Botan::EC_AffinePoint::g_mul(zero, rng, ws); + const auto id = Botan::EC_AffinePoint::g_mul(zero, rng); result.confirm("g*zero is point at identity", id.is_identity()); const auto id2 = id.add(id); result.confirm("identity plus itself is identity", id2.is_identity()); - const auto g_one = Botan::EC_AffinePoint::g_mul(one, rng, ws); + const auto g_one = Botan::EC_AffinePoint::g_mul(one, rng); result.test_eq("g*one == generator", g_one.serialize_uncompressed(), g_bytes); const auto g_plus_id = g_one.add(id); @@ -625,12 +621,12 @@ class EC_Point_Arithmetic_Tests final : public Test { const auto id_plus_g = id.add(g_one); result.test_eq("id + g == g", id_plus_g.serialize_uncompressed(), g_bytes); - const auto g_neg_one = Botan::EC_AffinePoint::g_mul(one.negate(), rng, ws); + const auto g_neg_one = Botan::EC_AffinePoint::g_mul(one.negate(), rng); const auto id_from_g = g_one.add(g_neg_one); result.confirm("g - g is identity", id_from_g.is_identity()); - const auto g_two = Botan::EC_AffinePoint::g_mul(one + one, rng, ws); + const auto g_two = Botan::EC_AffinePoint::g_mul(one + one, rng); const auto g_plus_g = g_one.add(g_one); result.test_eq("2*g == g+g", g_two.serialize_uncompressed(), g_plus_g.serialize_uncompressed()); @@ -652,15 +648,15 @@ class EC_Point_Arithmetic_Tests final : public Test { result.confirm("(one.negate()+one) is zero", (one.negate() + one).is_zero()); for(size_t i = 0; i != 16; ++i) { - const auto pt = Botan::EC_AffinePoint::g_mul(Botan::EC_Scalar::random(group, rng), rng, ws); + const auto pt = Botan::EC_AffinePoint::g_mul(Botan::EC_Scalar::random(group, rng), rng); const auto a = Botan::EC_Scalar::random(group, rng); const auto b = Botan::EC_Scalar::random(group, rng); const auto c = a + b; - const auto Pa = pt.mul(a, rng, ws); - const auto Pb = pt.mul(b, rng, ws); - const auto Pc = pt.mul(c, rng, ws); + const auto Pa = pt.mul(a, rng); + const auto Pb = pt.mul(b, rng); + const auto Pc = pt.mul(c, rng); const auto Pc_bytes = Pc.serialize_uncompressed(); @@ -691,7 +687,7 @@ class EC_Point_Arithmetic_Tests final : public Test { return Botan::EC_Scalar::random(group, rng); } }(); - auto x = Botan::EC_AffinePoint::g_mul(s, rng, ws); + auto x = Botan::EC_AffinePoint::g_mul(s, rng); return x; }(); @@ -700,7 +696,7 @@ class EC_Point_Arithmetic_Tests final : public Test { const Botan::EC_Group::Mul2Table mul2_table(h); - const auto ref = Botan::EC_AffinePoint::g_mul(s1, rng, ws).add(h.mul(s2, rng, ws)); + const auto ref = Botan::EC_AffinePoint::g_mul(s1, rng).add(h.mul(s2, rng)); if(auto mul2pt = mul2_table.mul2_vartime(s1, s2)) { result.test_eq("ref == mul2t", ref.serialize_uncompressed(), mul2pt->serialize_uncompressed()); diff --git a/src/tests/test_ecc_pointmul.cpp b/src/tests/test_ecc_pointmul.cpp index c3b23e6c092..3cb686fddab 100644 --- a/src/tests/test_ecc_pointmul.cpp +++ b/src/tests/test_ecc_pointmul.cpp @@ -31,7 +31,6 @@ class ECC_Basepoint_Mul_Tests final : public Text_Based_Test { const auto group = Botan::EC_Group::from_name(group_id); const Botan::BigInt k(k_bytes); - std::vector ws; #if defined(BOTAN_HAS_LEGACY_EC_POINT) const auto pt = group.OS2ECP(P_bytes); @@ -40,11 +39,11 @@ class ECC_Basepoint_Mul_Tests final : public Text_Based_Test { #endif const auto scalar = Botan::EC_Scalar::from_bigint(group, k); - const auto apg = Botan::EC_AffinePoint::g_mul(scalar, this->rng(), ws); + const auto apg = Botan::EC_AffinePoint::g_mul(scalar, this->rng()); result.test_eq("AffinePoint::g_mul", apg.serialize_uncompressed(), P_bytes); const auto ag = Botan::EC_AffinePoint::generator(group); - const auto ap = ag.mul(scalar, this->rng(), ws); + const auto ap = ag.mul(scalar, this->rng()); result.test_eq("AffinePoint::mul", ap.serialize_uncompressed(), P_bytes); return result; @@ -66,23 +65,22 @@ class ECC_Varpoint_Mul_Tests final : public Text_Based_Test { const auto group = Botan::EC_Group::from_name(group_id); + #if defined(BOTAN_HAS_LEGACY_EC_POINT) std::vector ws; - #if defined(BOTAN_HAS_LEGACY_EC_POINT) const Botan::EC_Point p1 = group.OS2ECP(p) * k; result.test_eq("EC_Point Montgomery ladder", p1.encode(Botan::EC_Point::Compressed), z); - result.confirm("Output point is on the curve", p1.on_the_curve()); #endif const auto s_k = Botan::EC_Scalar::from_bigint(group, k); const auto apt = Botan::EC_AffinePoint::deserialize(group, p).value(); - const auto apt_k = apt.mul(s_k, this->rng(), ws); + const auto apt_k = apt.mul(s_k, this->rng()); result.test_eq("p * k (AffinePoint)", apt_k.serialize_compressed(), z); - const auto apt_k_neg = apt.negate().mul(s_k.negate(), this->rng(), ws); + const auto apt_k_neg = apt.negate().mul(s_k.negate(), this->rng()); result.test_eq("-p * -k (AffinePoint)", apt_k_neg.serialize_compressed(), z); - const auto neg_apt_neg_k = apt.mul(s_k.negate(), this->rng(), ws).negate(); + const auto neg_apt_neg_k = apt.mul(s_k.negate(), this->rng()).negate(); result.test_eq("-(p * -k) (AffinePoint)", neg_apt_neg_k.serialize_compressed(), z); return result; @@ -117,8 +115,7 @@ class ECC_Mul2_Tests final : public Text_Based_Test { } // Now check the same using naive multiply and add: - std::vector ws; - auto z = p.mul(x, rng(), ws).add(q.mul(y, rng(), ws)); + auto z = p.mul(x, rng()).add(q.mul(y, rng())); if(with_final_negation) { z = z.negate(); } @@ -173,8 +170,7 @@ class ECC_Mul2_Inf_Tests final : public Test { const auto g = Botan::EC_AffinePoint::generator(group); // Choose some other random point z - std::vector ws; - const auto z = g.mul(Botan::EC_Scalar::random(group, rng()), rng(), ws); + const auto z = g.mul(Botan::EC_Scalar::random(group, rng()), rng()); const auto r = Botan::EC_Scalar::random(group, rng()); const auto neg_r = r.negate(); @@ -218,8 +214,7 @@ class ECC_Point_Addition_Tests final : public Test { result.test_eq("g is not the identity element", g.is_identity(), false); // Choose some other random point z - std::vector ws; - const auto z = g.mul(Botan::EC_Scalar::random(group, rng()), rng(), ws); + const auto z = g.mul(Botan::EC_Scalar::random(group, rng()), rng()); result.test_eq("z is not the identity element", z.is_identity(), false); const auto id = Botan::EC_AffinePoint::identity(group);