mirage-crypto-ec: remove NIST P224 support

mirage · Feb 28, 2024 · 3013543 · 3013543
1 parent 9cb2ebd
commit 3013543
Show file tree

Hide file tree

Showing 21 changed files with 7 additions and 51,039 deletions.
diff --git a/bench/speed.ml b/bench/speed.ml
@@ -179,14 +179,6 @@ let dh_secrets =
          "60057457975706301816395663645420233759377744187465730049174048360108513636349450241008234412972340882517684187851" ;
        ])
 
-let ecdsa_p224 =
-  Result.get_ok
-    (Mirage_crypto_ec.P224.Dsa.priv_of_cstruct
-       (Cstruct.of_hex "f254645834cfff245599be937a00535f6a2c8b00dc34bdf50df68903"))
-
-let ecdsa_p224_sig () =
-  Mirage_crypto_ec.P224.Dsa.sign ~key:ecdsa_p224 (Cstruct.sub msg 0 28)
-
 let ecdsa_p256 =
   Result.get_ok
     (Mirage_crypto_ec.P256.Dsa.priv_of_cstruct
@@ -219,7 +211,6 @@ let ed25519_sig () =
   Mirage_crypto_ec.Ed25519.sign ~key:ed25519 msg
 
 let ecdsas = [
-  ("P224", `P224 (ecdsa_p224, ecdsa_p224_sig ()));
   ("P256", `P256 (ecdsa_p256, ecdsa_p256_sig ()));
   ("P384", `P384 (ecdsa_p384, ecdsa_p384_sig ()));
   ("P521", `P521 (ecdsa_p521, ecdsa_p521_sig ()));
@@ -228,8 +219,6 @@ let ecdsas = [
 
 let ecdh_shares =
   [
-    ("P224", `P224 (Mirage_crypto_ec.P224.Dh.secret_of_cs (Cstruct.of_hex "60a814ec54d0c2d28c03ff01df32267d40432311df41aacb2fa5fdf7") |> Result.get_ok |> fst,
-                    Cstruct.of_hex "042d8d91c909fdab2f7f0c33466dd74697e5166d378982e9ecf5492cb32d69d7eb96dc57d775b70d56237f8ec49e5752c87542dc41dc5049d2"));
     ("P256", `P256 (Mirage_crypto_ec.P256.Dh.secret_of_cs (Cstruct.of_hex "470d57706c7706b68a3f423aeaf4ff7fdd02494a10d3e381c3c11f7276802cdc") |> Result.get_ok |> fst,
                     Cstruct.of_hex "0411b3fc82721c269a19909a3b2fc26d9895826d0cfcbc1f7626e488f01f4ca6b5c5ed76adee7af81bb20b17cf231cbf0c67db0295d68d1d92c2d2a5a80638d78d"));
     ("P384", `P384 (Mirage_crypto_ec.P384.Dh.secret_of_cs (Cstruct.of_hex "ee55e29b61752d5a3e525656db8bd8fe6f94fab8aacc9e92acff4c4812bf7a6187aba46cc60ab8f08efcf2d574584b74") |> Result.get_ok |> fst,
@@ -310,7 +299,6 @@ let benchmarks = [
       let open Mirage_crypto_ec in
       count name
         (fun (_, x) -> match x with
-           | `P224 _ -> P224.Dsa.generate () |> ignore
            | `P256 _ -> P256.Dsa.generate () |> ignore
            | `P384 _ -> P384.Dsa.generate () |> ignore
            | `P521 _ -> P521.Dsa.generate () |> ignore
@@ -321,7 +309,6 @@ let benchmarks = [
   bm "ecdsa-sign" (fun name ->
       let open Mirage_crypto_ec in
       count name (fun (_, x) -> match x with
-          | `P224 (key, _) -> P224.Dsa.sign ~key (Cstruct.sub msg 0 28)
           | `P256 (key, _) -> P256.Dsa.sign ~key (Cstruct.sub msg 0 32)
           | `P384 (key, _) -> P384.Dsa.sign ~key (Cstruct.sub msg 0 48)
           | `P521 (key, _) -> P521.Dsa.sign ~key (Cstruct.sub msg 0 65)
@@ -332,7 +319,6 @@ let benchmarks = [
   bm "ecdsa-verify" (fun name ->
       let open Mirage_crypto_ec in
       count name (fun (_, x) -> match x with
-          | `P224 (key, signature) -> P224.Dsa.(verify ~key:(pub_of_priv key) signature (Cstruct.sub msg 0 28))
           | `P256 (key, signature) -> P256.Dsa.(verify ~key:(pub_of_priv key) signature (Cstruct.sub msg 0 32))
           | `P384 (key, signature) -> P384.Dsa.(verify ~key:(pub_of_priv key) signature (Cstruct.sub msg 0 48))
           | `P521 (key, signature) -> P521.Dsa.(verify ~key:(pub_of_priv key) signature (Cstruct.sub msg 0 65))
@@ -351,7 +337,6 @@ let benchmarks = [
   bm "ecdh-secret" (fun name ->
       let open Mirage_crypto_ec in
       count name (fun (_, x) -> match x with
-          | `P224 _ -> P224.Dh.gen_key () |> ignore
           | `P256 _ -> P256.Dh.gen_key () |> ignore
           | `P384 _ -> P384.Dh.gen_key () |> ignore
           | `P521 _ -> P521.Dh.gen_key () |> ignore
@@ -361,7 +346,6 @@ let benchmarks = [
   bm "ecdh-share" (fun name ->
       let open Mirage_crypto_ec in
       count name (fun (_, x) -> match x with
-          | `P224 (sec, share) -> P224.Dh.key_exchange sec share |> Result.get_ok |> ignore
           | `P256 (sec, share) -> P256.Dh.key_exchange sec share |> Result.get_ok |> ignore
           | `P384 (sec, share) -> P384.Dh.key_exchange sec share |> Result.get_ok |> ignore
           | `P521 (sec, share) -> P521.Dh.key_exchange sec share |> Result.get_ok |> ignore

diff --git a/ec/dune b/ec/dune
@@ -4,8 +4,8 @@
  (libraries cstruct eqaf mirage-crypto mirage-crypto-rng)
  (foreign_stubs
   (language c)
-  (names p224_stubs np224_stubs p256_stubs np256_stubs p384_stubs np384_stubs
-    p521_stubs np521_stubs curve25519_stubs)
+  (names p256_stubs np256_stubs p384_stubs np384_stubs p521_stubs np521_stubs
+    curve25519_stubs)
   (include_dirs ../src/native)
   (flags
    (:standard -DNDEBUG)

diff --git a/ec/gen_tables/gen_tables.ml b/ec/gen_tables/gen_tables.ml
@@ -86,8 +86,7 @@ let print_toplevel name wordsize (module P : Mirage_crypto_ec.Dh_dsa) =
 let curves =
   Mirage_crypto_ec.
     [
-      ("p224", (module P224 : Dh_dsa));
-      ("p256", (module P256));
+      ("p256", (module P256 : Dh_dsa));
       ("p384", (module P384));
       ("p521", (module P521));
     ]

diff --git a/ec/mirage_crypto_ec.ml b/ec/mirage_crypto_ec.ml
@@ -801,56 +801,6 @@ module Make_dsa (Param : Parameters) (F : Fn) (P : Point) (S : Scalar) (H : Mira
   end
 end
 
-module P224 : Dh_dsa = struct
-  module Params = struct
-    let a = "\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFE\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFE"
-    let b = "\xB4\x05\x0A\x85\x0C\x04\xB3\xAB\xF5\x41\x32\x56\x50\x44\xB0\xB7\xD7\xBF\xD8\xBA\x27\x0B\x39\x43\x23\x55\xFF\xB4"
-    let g_x = "\xB7\x0E\x0C\xBD\x6B\xB4\xBF\x7F\x32\x13\x90\xB9\x4A\x03\xC1\xD3\x56\xC2\x11\x22\x34\x32\x80\xD6\x11\x5C\x1D\x21"
-    let g_y = "\xBD\x37\x63\x88\xB5\xF7\x23\xFB\x4C\x22\xDF\xE6\xCD\x43\x75\xA0\x5A\x07\x47\x64\x44\xD5\x81\x99\x85\x00\x7E\x34"
-    let p = "\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01"
-    let n = "\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\x16\xA2\xE0\xB8\xF0\x3E\x13\xDD\x29\x45\x5C\x5C\x2A\x3D"
-    let pident = ""
-    let byte_length = 28
-    let fe_length = if Sys.word_size == 64 then 32 else 28 (* TODO: is this congruent with C code? *)
-    let first_byte_bits = None
-  end
-
-  module Foreign = struct
-    external mul : out_field_element -> field_element -> field_element -> unit = "mc_p224_mul" [@@noalloc]
-    external sub : out_field_element -> field_element -> field_element -> unit = "mc_p224_sub" [@@noalloc]
-    external add : out_field_element -> field_element -> field_element -> unit = "mc_p224_add" [@@noalloc]
-    external to_montgomery : out_field_element -> field_element -> unit = "mc_p224_to_montgomery" [@@noalloc]
-    external from_octets : out_field_element -> string -> unit = "mc_p224_from_bytes" [@@noalloc]
-    external set_one : out_field_element -> unit = "mc_p224_set_one" [@@noalloc]
-    external nz : field_element -> bool = "mc_p224_nz" [@@noalloc]
-    external sqr : out_field_element -> field_element -> unit = "mc_p224_sqr" [@@noalloc]
-    external from_montgomery : out_field_element -> field_element -> unit = "mc_p224_from_montgomery" [@@noalloc]
-    external to_octets : bytes -> field_element -> unit = "mc_p224_to_bytes" [@@noalloc]
-    external inv : out_field_element -> field_element -> unit = "mc_p224_inv" [@@noalloc]
-    external select_c : out_field_element -> bool -> field_element -> field_element -> unit = "mc_p224_select" [@@noalloc]
-    external double_c : out_point -> point -> unit = "mc_p224_point_double" [@@noalloc]
-    external add_c : out_point -> point -> point -> unit = "mc_p224_point_add" [@@noalloc]
-    external scalar_mult_base_c : out_point -> string -> unit = "mc_p224_scalar_mult_base" [@@noalloc]
-  end
-
-  module Foreign_n = struct
-    external mul : out_field_element -> field_element -> field_element -> unit = "mc_np224_mul" [@@noalloc]
-    external add : out_field_element -> field_element -> field_element -> unit = "mc_np224_add" [@@noalloc]
-    external inv : out_field_element -> field_element -> unit = "mc_np224_inv" [@@noalloc]
-    external one : out_field_element -> unit = "mc_np224_one" [@@noalloc]
-    external from_bytes : out_field_element -> string -> unit = "mc_np224_from_bytes" [@@noalloc]
-    external to_bytes : bytes -> field_element -> unit = "mc_np224_to_bytes" [@@noalloc]
-    external from_montgomery : out_field_element -> field_element -> unit = "mc_np224_from_montgomery" [@@noalloc]
-    external to_montgomery : out_field_element -> field_element -> unit = "mc_np224_to_montgomery" [@@noalloc]
-  end
-
-  module P = Make_point(Params)(Foreign)
-  module S = Make_scalar(Params)(P)
-  module Dh = Make_dh(Params)(P)(S)
-  module Fn = Make_Fn(Params)(Foreign_n)
-  module Dsa = Make_dsa(Params)(Fn)(P)(S)(Mirage_crypto.Hash.SHA256)
-end
-
 module P256 : Dh_dsa  = struct
   module Params = struct
     let a = "\xFF\xFF\xFF\xFF\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFC"

diff --git a/ec/mirage_crypto_ec.mli b/ec/mirage_crypto_ec.mli
@@ -158,10 +158,6 @@ module type Dh_dsa = sig
   module Dsa : Dsa
 end
 
-(** The NIST P-224 curve, also known as SECP224R1. Please note that
-    decompression is not supported for P-224 public keys. *)
-module P224 : Dh_dsa
-
 (** The NIST P-256 curve, also known as SECP256R1. *)
 module P256 : Dh_dsa
 

diff --git a/ec/native/GNUmakefile b/ec/native/GNUmakefile
@@ -12,42 +12,6 @@ N_FUNCS=mul add opp from_montgomery to_montgomery one msat divstep_precomp divst
 
 GEN_TABLE=../../_build/default/ec/gen_tables/gen_tables.exe
 
-# The NIST curve P-224 (AKA SECP224R1)
-P224="2^224 - 2^96 + 1"
-
-.PHONY: p224_64.h
-p224_64.h:
-	$(WBW_MONT) p224 64 $(P224) > $@
-
-.PHONY: p224_32.h
-p224_32.h:
-	$(WBW_MONT) p224 32 $(P224) > $@
-
-# The group order N of P-224
-P224N="0xFFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D"
-
-.PHONY: np224_64.h
-np224_64.h:
-	$(WBW_MONT) np224 64 $(P224N) $(N_FUNCS) > $@
-
-.PHONY: np224_32.h
-np224_32.h:
-	$(WBW_MONT) np224 32 $(P224N) $(N_FUNCS) > $@
-
-.PHONY: p224_tables_64.h
-p224_tables_64.h:
-	$(GEN_TABLE) p224 64 > $@
-
-.PHONY: p224_tables_32.h
-p224_tables_32.h:
-	$(GEN_TABLE) p224 32 > $@
-
-.PHONY: p224
-p224: p224_64.h p224_32.h np224_64.h np224_32.h
-
-p224_tables: p224_tables_64.h p224_tables_32.h
-
-
 # The NIST curve P-256 (AKA SECP256R1)
 P256="2^256 - 2^224 + 2^192 + 2^96 - 1"
 
@@ -169,22 +133,20 @@ curve25519_32.h:
 curve25519: curve25519_64.h curve25519_32.h
 
 .PHONY: tables
-tables: p224_tables p256_tables p384_tables p521_tables
+tables: p256_tables p384_tables p521_tables
 
 .PHONY: clean
 clean:
-	$(RM) p224_32.h p224_64.h np224_32.h np224_64.h
 	$(RM) p256_32.h p256_64.h np256_32.h np256_64.h
 	$(RM) p384_32.h p384_64.h np384_32.h np384_64.h
 	$(RM) p521_32.h p521_64.h np521_32.h np521_64.h
 	$(RM) curve25519_32.h curve25519_64.h
 
 .PHONY: clean_tables
 clean_tables:
-	$(RM) p224_tables_32.h p224_tables_64.h
 	$(RM) p256_tables_32.h p256_tables_64.h
 	$(RM) p384_tables_32.h p384_tables_64.h
 	$(RM) p521_tables_32.h p521_tables_64.h
 
 .PHONY: all
-all: p224 p256 p384 p521 curve25519
+all: p256 p384 p521 curve25519