push VKO cofactor clearing into ECCKiila

diff --git a/ecp_id_tc26_gost_3410_2012_256_paramSetA.c b/ecp_id_tc26_gost_3410_2012_256_paramSetA.c
index 9282fb7a862f793ee3c9d3e94b15739ee6587d92..f6bb491d7c06fe6704c2d6b100a1015ad2de9575 100644 (file)
--- a/ecp_id_tc26_gost_3410_2012_256_paramSetA.c
+++ b/ecp_id_tc26_gost_3410_2012_256_paramSetA.c
@@ -3674,6 +3674,9 @@ static void var_smul_rwnaf(pt_aff_t *out, const unsigned char scalar[32],
     fiat_id_tc26_gost_3410_2012_256_paramSetA_selectznz(Q.Z, scalar[0] & 1,
                                                         lut.Z, Q.Z);
 
+    point_double(&Q, &Q);
+    point_double(&Q, &Q);
+
     /* move from Edwards projective to legacy projective */
     point_edwards2legacy(&Q, &Q);
     /* convert to affine -- NB depends on coordinate system */
@@ -8881,6 +8884,9 @@ static void var_smul_rwnaf(pt_aff_t *out, const unsigned char scalar[32],
     fiat_id_tc26_gost_3410_2012_256_paramSetA_selectznz(Q.Z, scalar[0] & 1,
                                                         lut.Z, Q.Z);
 
+    point_double(&Q, &Q);
+    point_double(&Q, &Q);
+
     /* move from Edwards projective to legacy projective */
     point_edwards2legacy(&Q, &Q);
     /* convert to affine -- NB depends on coordinate system */

diff --git a/ecp_id_tc26_gost_3410_2012_512_paramSetC.c b/ecp_id_tc26_gost_3410_2012_512_paramSetC.c
index c239f9fdd88fd87c5c6a5c9cdcaf332ab87b5c55..602c619f7d328a8ef28e2696ba8d342e210c0d89 100644 (file)
--- a/ecp_id_tc26_gost_3410_2012_512_paramSetC.c
+++ b/ecp_id_tc26_gost_3410_2012_512_paramSetC.c
@@ -4520,6 +4520,9 @@ static void var_smul_rwnaf(pt_aff_t *out, const unsigned char scalar[64],
     fiat_id_tc26_gost_3410_2012_512_paramSetC_selectznz(Q.Z, scalar[0] & 1,
                                                         lut.Z, Q.Z);
 
+    point_double(&Q, &Q);
+    point_double(&Q, &Q);
+
     /* move from Edwards projective to legacy projective */
     point_edwards2legacy(&Q, &Q);
     /* convert to affine -- NB depends on coordinate system */
@@ -12447,6 +12450,9 @@ static void var_smul_rwnaf(pt_aff_t *out, const unsigned char scalar[64],
     fiat_id_tc26_gost_3410_2012_512_paramSetC_selectznz(Q.Z, scalar[0] & 1,
                                                         lut.Z, Q.Z);
 
+    point_double(&Q, &Q);
+    point_double(&Q, &Q);
+
     /* move from Edwards projective to legacy projective */
     point_edwards2legacy(&Q, &Q);
     /* convert to affine -- NB depends on coordinate system */

diff --git a/gost_ec_keyx.c b/gost_ec_keyx.c
index 40cad2bc34f2240bc146e9fab562734f47abef77..06835d37b250287228d1b127469790e8b8f11159 100644 (file)
--- a/gost_ec_keyx.c
+++ b/gost_ec_keyx.c
@@ -62,7 +62,12 @@ int VKO_compute_key(unsigned char *shared_key,
                        EC_GROUP_get0_order(grp), ctx))
         goto err;
 
-    /* these two curves have cofactor 4; the rest have cofactor 1 */
+#if 0
+    /*-
+     * These two curves have cofactor 4; the rest have cofactor 1.
+     * But currently gost_ec_point_mul takes care of the cofactor clearing,
+     * hence this code is not needed.
+     */
     switch (EC_GROUP_get_curve_name(grp)) {
         case NID_id_tc26_gost_3410_2012_256_paramSetA:
         case NID_id_tc26_gost_3410_2012_512_paramSetC:
@@ -70,6 +75,7 @@ int VKO_compute_key(unsigned char *shared_key,
                 goto err;
             break;
     }
+#endif
 
     if (!gost_ec_point_mul(grp, pnt, NULL, pub_key, scalar, ctx)) {
         GOSTerr(GOST_F_VKO_COMPUTE_KEY, GOST_R_ERROR_POINT_MUL);