diff --git a/ChangeLog b/ChangeLog index b0ce2e2..f617a08 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,25 @@ +2014-02-17 Niibe Yutaka + + * src/Makefile.in (CSRC): Follow the changes of filenames. + + * src/modp256r1.c (modp256r1_add, modp256r1_sub, S3) + (modp256r1_mul, modp256r1_sqr, modp256r1_inv, modp256r1_shift): + Use new function names. + * src/jpc_p256r1.c (jpc_double_p256r1, jpc_add_ac_signed_p256r1) + (jpc_to_ac_p256r1): Likewise. + * src/ec_p256r1.c (point_is_on_the_curve) + (compute_kG_p256r1, compute_kP_p256r1): Likewise. + * src/call-ec_p256r1.c (ecdsa_sign): Likewise. + + * src/modp256r1.h: Rename from modp256.h. + * src/jpc-ac_p256r1.h: Rename from jpc-ac.h. + * src/ec_p256r1.h: Rename from ec_p256.h. + + * src/modp256r1.c: Rename from modp256.c. + * src/jpc_p256r1.c: Rename from jpc.c. + * src/ec_p256r1.c: Rename from ec_p256.c. + * src/call-ec_p256r1.c: Rename from call-ec_p256.c. + 2014-02-05 NIIBE Yutaka * src/sha512.h, src/sha512.c: New. diff --git a/src/Makefile.in b/src/Makefile.in index a884f99..dcea9c5 100644 --- a/src/Makefile.in +++ b/src/Makefile.in @@ -12,7 +12,7 @@ CSRC = main.c usb_stm32f103.c adc_stm32f103.c \ usb_desc.c usb_ctrl.c \ call-rsa.c \ usb-icc.c openpgp.c ac.c openpgp-do.c flash.c \ - bn.c modp256.c jpc.c mod.c ec_p256.c call-ec_p256.c \ + bn.c modp256r1.c jpc_p256r1.c mod.c ec_p256r1.c call-ec_p256r1.c \ random.c neug.c sha256.c sys.c INCDIR = diff --git a/src/call-ec_p256.c b/src/call-ec_p256r1.c similarity index 92% rename from src/call-ec_p256.c rename to src/call-ec_p256r1.c index e6fbfac..c91e936 100644 --- a/src/call-ec_p256.c +++ b/src/call-ec_p256r1.c @@ -1,5 +1,6 @@ /* - * call-ec_p256.c - interface between Gnuk and Elliptic curve over GF(p256) + * call-ec_p256r1.c - interface between Gnuk and Elliptic curve over + * GF(p256r1) * * Copyright (C) 2013 Free Software Initiative of Japan * Author: NIIBE Yutaka @@ -25,8 +26,8 @@ #include #include #include "bn.h" -#include "jpc-ac.h" -#include "ec_p256.h" +#include "jpc-ac_p256r1.h" +#include "ec_p256r1.h" #include "config.h" @@ -52,7 +53,7 @@ ecdsa_sign (const uint8_t *hash, uint8_t *output, for (i = 0; i < ECDSA_BYTE_SIZE; i++) p[ECDSA_BYTE_SIZE - i - 1] = hash[i]; - ecdsa (r, s, z, d); + ecdsa_p256r1 (r, s, z, d); p = (uint8_t *)r; for (i = 0; i < ECDSA_BYTE_SIZE; i++) *output++ = p[ECDSA_BYTE_SIZE - i - 1]; diff --git a/src/ec_p256.h b/src/ec_p256.h deleted file mode 100644 index 5f9b788..0000000 --- a/src/ec_p256.h +++ /dev/null @@ -1,5 +0,0 @@ -int compute_kP (ac *X, const bn256 *K, const ac *P); - -int compute_kG (ac *X, const bn256 *K); -void ecdsa (bn256 *r, bn256 *s, const bn256 *z, const bn256 *d); - diff --git a/src/ec_p256.c b/src/ec_p256r1.c similarity index 94% rename from src/ec_p256.c rename to src/ec_p256r1.c index cd22bb0..a027195 100644 --- a/src/ec_p256.c +++ b/src/ec_p256r1.c @@ -1,5 +1,5 @@ /* -*- coding: utf-8 -*- - * ec_p256.c - Elliptic curve over GF(p256) + * ec_p256r1.c - Elliptic curve over GF(p256r1) * * Copyright (C) 2011, 2013, 2014 Free Software Initiative of Japan * Author: NIIBE Yutaka @@ -41,10 +41,10 @@ #include #include #include "bn.h" -#include "modp256.h" -#include "jpc-ac.h" +#include "modp256r1.h" +#include "jpc-ac_p256r1.h" #include "mod.h" -#include "ec_p256.h" +#include "ec_p256r1.h" /* * a = -3 mod p256 @@ -263,7 +263,7 @@ get_vk (const bn256 *K, int i) * Return 0 on success. */ int -compute_kG (ac *X, const bn256 *K) +compute_kG_p256r1 (ac *X, const bn256 *K) { uint8_t index[64]; /* Lower 4-bit for index absolute value, msb is for sign (encoded as: 0 means 1, 1 means -1). */ @@ -292,18 +292,18 @@ compute_kG (ac *X, const bn256 *K) memset (Q->z, 0, sizeof (bn256)); /* infinity */ for (i = 31; i >= 0; i--) { - jpc_double (Q, Q); + jpc_double_p256r1 (Q, Q); - jpc_add_ac_signed (Q, Q, &precomputed_KG[index[i]&0x0f], - index[i] >> 7); - jpc_add_ac_signed (Q, Q, &precomputed_2E_KG[index[i+32]&0x0f], - index[i+32] >> 7); + jpc_add_ac_signed_p256r1 (Q, Q, &precomputed_KG[index[i]&0x0f], + index[i] >> 7); + jpc_add_ac_signed_p256r1 (Q, Q, &precomputed_2E_KG[index[i+32]&0x0f], + index[i+32] >> 7); } dst = k_is_even ? Q : tmp; - jpc_add_ac (dst, Q, &precomputed_KG[0]); + jpc_add_ac_p256r1 (dst, Q, &precomputed_KG[0]); - return jpc_to_ac (X, Q); + return jpc_to_ac_p256r1 (X, Q); } @@ -320,14 +320,14 @@ point_is_on_the_curve (const ac *P) bn256 s[1], t[1]; /* Elliptic curve: y^2 = x^3 + a*x + b */ - modp256_sqr (s, P->x); - modp256_mul (s, s, P->x); + modp256r1_sqr (s, P->x); + modp256r1_mul (s, s, P->x); - modp256_mul (t, coefficient_a, P->x); - modp256_add (s, s, t); - modp256_add (s, s, coefficient_b); + modp256r1_mul (t, coefficient_a, P->x); + modp256r1_add (s, s, t); + modp256r1_add (s, s, coefficient_b); - modp256_sqr (t, P->y); + modp256r1_sqr (t, P->y); if (bn256_cmp (s, t) == 0) return 0; else @@ -395,7 +395,7 @@ get_vk_kP (const bn256 *K, int i) * represented by affine coordinate. */ int -compute_kP (ac *X, const bn256 *K, const ac *P) +compute_kP_p256r1 (ac *X, const bn256 *K, const ac *P) { uint8_t index[86]; /* Lower 2-bit for index absolute value, msb is for sign (encoded as: 0 means 1, 1 means -1). */ @@ -489,7 +489,7 @@ static const bn256 MU_lower[1] = { * @brief Compute signature (r,s) of hash string z with secret key d */ void -ecdsa (bn256 *r, bn256 *s, const bn256 *z, const bn256 *d) +ecdsa_p256r1 (bn256 *r, bn256 *s, const bn256 *z, const bn256 *d) { bn256 k[1]; ac KG[1]; @@ -509,7 +509,7 @@ ecdsa (bn256 *r, bn256 *s, const bn256 *z, const bn256 *d) if (bn256_sub (tmp_k, k, N) == 0) /* >= N, it's too big. */ continue; /* 1 <= k <= N - 1 */ - compute_kG (KG, k); + compute_kG_p256r1 (KG, k); borrow = bn256_sub (r, KG->x, N); if (borrow) memcpy (r, KG->x, sizeof (bn256)); diff --git a/src/ec_p256r1.h b/src/ec_p256r1.h new file mode 100644 index 0000000..3ae4651 --- /dev/null +++ b/src/ec_p256r1.h @@ -0,0 +1,5 @@ +int compute_kP_p256r1 (ac *X, const bn256 *K, const ac *P); + +int compute_kG_p256r1 (ac *X, const bn256 *K); +void ecdsa_p256r1 (bn256 *r, bn256 *s, const bn256 *z, const bn256 *d); + diff --git a/src/jpc-ac.h b/src/jpc-ac.h deleted file mode 100644 index 6a309dc..0000000 --- a/src/jpc-ac.h +++ /dev/null @@ -1,23 +0,0 @@ -/** - * @brief Jacobian projective coordinates - */ -typedef struct -{ - bn256 x[1]; - bn256 y[1]; - bn256 z[1]; -} jpc; - -/** - * @brief Affin coordinates - */ -typedef struct -{ - bn256 x[1]; - bn256 y[1]; -} ac; - -void jpc_double (jpc *X, const jpc *A); -void jpc_add_ac (jpc *X, const jpc *A, const ac *B); -void jpc_add_ac_signed (jpc *X, const jpc *A, const ac *B, int minus); -int jpc_to_ac (ac *X, const jpc *A); diff --git a/src/jpc-ac_p256r1.h b/src/jpc-ac_p256r1.h new file mode 100644 index 0000000..5a4116f --- /dev/null +++ b/src/jpc-ac_p256r1.h @@ -0,0 +1,23 @@ +/** + * @brief Jacobian projective coordinates + */ +typedef struct +{ + bn256 x[1]; + bn256 y[1]; + bn256 z[1]; +} jpc; + +/** + * @brief Affin coordinates + */ +typedef struct +{ + bn256 x[1]; + bn256 y[1]; +} ac; + +void jpc_double_p256r1 (jpc *X, const jpc *A); +void jpc_add_ac_p256r1 (jpc *X, const jpc *A, const ac *B); +void jpc_add_ac_signed_p256r1 (jpc *X, const jpc *A, const ac *B, int minus); +int jpc_to_ac_p256r1 (ac *X, const jpc *A); diff --git a/src/jpc.c b/src/jpc_p256r1.c similarity index 57% rename from src/jpc.c rename to src/jpc_p256r1.c index 55568ee..bd3457f 100644 --- a/src/jpc.c +++ b/src/jpc_p256r1.c @@ -1,5 +1,5 @@ /* - * jpc.c -- arithmetic on Jacobian projective coordinates and Affin coordinates + * jpc_p256r1.c -- arithmetic on Jacobian projective coordinates for p256r1. * * Copyright (C) 2011, 2013 Free Software Initiative of Japan * Author: NIIBE Yutaka @@ -24,8 +24,8 @@ #include #include #include "bn.h" -#include "modp256.h" -#include "jpc-ac.h" +#include "modp256r1.h" +#include "jpc-ac_p256r1.h" /** * @brief X = 2 * A @@ -34,7 +34,7 @@ * @param A JPC */ void -jpc_double (jpc *X, const jpc *A) +jpc_double_p256r1 (jpc *X, const jpc *A) { bn256 a[1], b[1], c[1], tmp0[1]; bn256 *d; @@ -43,31 +43,31 @@ jpc_double (jpc *X, const jpc *A) return; d = X->x; - modp256_sqr (a, A->y); + modp256r1_sqr (a, A->y); memcpy (b, a, sizeof (bn256)); - modp256_mul (a, a, A->x); - modp256_shift (a, a, 2); + modp256r1_mul (a, a, A->x); + modp256r1_shift (a, a, 2); - modp256_sqr (b, b); - modp256_shift (b, b, 3); + modp256r1_sqr (b, b); + modp256r1_shift (b, b, 3); - modp256_sqr (tmp0, A->z); - modp256_sub (c, A->x, tmp0); - modp256_add (tmp0, tmp0, A->x); - modp256_mul (tmp0, tmp0, c); - modp256_shift (c, tmp0, 1); - modp256_add (c, c, tmp0); + modp256r1_sqr (tmp0, A->z); + modp256r1_sub (c, A->x, tmp0); + modp256r1_add (tmp0, tmp0, A->x); + modp256r1_mul (tmp0, tmp0, c); + modp256r1_shift (c, tmp0, 1); + modp256r1_add (c, c, tmp0); - modp256_sqr (d, c); - modp256_shift (tmp0, a, 1); - modp256_sub (d, d, tmp0); + modp256r1_sqr (d, c); + modp256r1_shift (tmp0, a, 1); + modp256r1_sub (d, d, tmp0); - modp256_mul (X->z, A->y, A->z); - modp256_shift (X->z, X->z, 1); + modp256r1_mul (X->z, A->y, A->z); + modp256r1_shift (X->z, X->z, 1); - modp256_sub (tmp0, a, d); - modp256_mul (tmp0, c, tmp0); - modp256_sub (X->y, tmp0, b); + modp256r1_sub (tmp0, a, d); + modp256r1_mul (tmp0, c, tmp0); + modp256r1_sub (X->y, tmp0, b); } /** @@ -79,7 +79,7 @@ jpc_double (jpc *X, const jpc *A) * @param MINUS if 1 subtraction, addition otherwise. */ void -jpc_add_ac_signed (jpc *X, const jpc *A, const ac *B, int minus) +jpc_add_ac_signed_p256r1 (jpc *X, const jpc *A, const ac *B, int minus) { bn256 a[1], b[1], c[1], d[1], tmp[1]; #define minus_B_y c @@ -110,20 +110,20 @@ jpc_add_ac_signed (jpc *X, const jpc *A, const ac *B, int minus) return; } - modp256_sqr (a, A->z); + modp256r1_sqr (a, A->z); memcpy (b, a, sizeof (bn256)); - modp256_mul (a, a, B->x); + modp256r1_mul (a, a, B->x); - modp256_mul (b, b, A->z); + modp256r1_mul (b, b, A->z); if (minus) { bn256_sub (minus_B_y, P256, B->y); - modp256_mul (b, b, minus_B_y); + modp256r1_mul (b, b, minus_B_y); } else { bn256_sub (tmp, P256, B->y); - modp256_mul (b, b, B->y); + modp256r1_mul (b, b, B->y); } if (bn256_cmp (A->x, a) == 0 && bn256_cmp (A->y, b) == 0) @@ -132,26 +132,26 @@ jpc_add_ac_signed (jpc *X, const jpc *A, const ac *B, int minus) return; } - modp256_sub (c, a, A->x); - modp256_sub (d, b, A->y); + modp256r1_sub (c, a, A->x); + modp256r1_sub (d, b, A->y); - modp256_mul (X->z, A->z, c); + modp256r1_mul (X->z, A->z, c); - modp256_sqr (c_sqr, c); - modp256_mul (c_cube, c_sqr, c); + modp256r1_sqr (c_sqr, c); + modp256r1_mul (c_cube, c_sqr, c); - modp256_mul (x1_c_sqr, A->x, c_sqr); + modp256r1_mul (x1_c_sqr, A->x, c_sqr); - modp256_sqr (X->x, d); + modp256r1_sqr (X->x, d); memcpy (x1_c_sqr_copy, x1_c_sqr, sizeof (bn256)); - modp256_shift (x1_c_sqr_2, x1_c_sqr, 1); - modp256_add (c_cube_plus_x1_c_sqr_2, x1_c_sqr_2, c_cube); - modp256_sub (X->x, X->x, c_cube_plus_x1_c_sqr_2); + modp256r1_shift (x1_c_sqr_2, x1_c_sqr, 1); + modp256r1_add (c_cube_plus_x1_c_sqr_2, x1_c_sqr_2, c_cube); + modp256r1_sub (X->x, X->x, c_cube_plus_x1_c_sqr_2); - modp256_sub (y3_tmp, x1_c_sqr_copy, X->x); - modp256_mul (y3_tmp, y3_tmp, d); - modp256_mul (y1_c_cube, A->y, c_cube); - modp256_sub (X->y, y3_tmp, y1_c_cube); + modp256r1_sub (y3_tmp, x1_c_sqr_copy, X->x); + modp256r1_mul (y3_tmp, y3_tmp, d); + modp256r1_mul (y1_c_cube, A->y, c_cube); + modp256r1_sub (X->y, y3_tmp, y1_c_cube); } /** @@ -162,9 +162,9 @@ jpc_add_ac_signed (jpc *X, const jpc *A, const ac *B, int minus) * @param B AC */ void -jpc_add_ac (jpc *X, const jpc *A, const ac *B) +jpc_add_ac_p256r1 (jpc *X, const jpc *A, const ac *B) { - jpc_add_ac_signed (X, A, B, 0); + jpc_add_ac_signed_p256r1 (X, A, B, 0); } /** @@ -177,17 +177,17 @@ jpc_add_ac (jpc *X, const jpc *A, const ac *B) * Return 0 on success. */ int -jpc_to_ac (ac *X, const jpc *A) +jpc_to_ac_p256r1 (ac *X, const jpc *A) { bn256 z_inv[1], z_inv_sqr[1]; - if (modp256_inv (z_inv, A->z) < 0) + if (modp256r1_inv (z_inv, A->z) < 0) return -1; - modp256_sqr (z_inv_sqr, z_inv); - modp256_mul (z_inv, z_inv, z_inv_sqr); + modp256r1_sqr (z_inv_sqr, z_inv); + modp256r1_mul (z_inv, z_inv, z_inv_sqr); - modp256_mul (X->x, A->x, z_inv_sqr); - modp256_mul (X->y, A->y, z_inv); + modp256r1_mul (X->x, A->x, z_inv_sqr); + modp256r1_mul (X->y, A->y, z_inv); return 0; } diff --git a/src/modp256.h b/src/modp256.h deleted file mode 100644 index 50e863c..0000000 --- a/src/modp256.h +++ /dev/null @@ -1,10 +0,0 @@ -extern const bn256 p256; -#define P256 (&p256) - -void modp256_add (bn256 *X, const bn256 *A, const bn256 *B); -void modp256_sub (bn256 *X, const bn256 *A, const bn256 *B); -void modp256_reduce (bn256 *X, const bn512 *A); -void modp256_mul (bn256 *X, const bn256 *A, const bn256 *B); -void modp256_sqr (bn256 *X, const bn256 *A); -void modp256_shift (bn256 *X, const bn256 *A, int shift); -int modp256_inv (bn256 *C, const bn256 *a); diff --git a/src/modp256.c b/src/modp256r1.c similarity index 88% rename from src/modp256.c rename to src/modp256r1.c index bf2cbde..8065357 100644 --- a/src/modp256.c +++ b/src/modp256r1.c @@ -1,5 +1,5 @@ /* - * modp256.c -- modulo P256 arithmetic + * modp256r1.c -- modulo arithmetic for p256r1 * * Copyright (C) 2011, 2013, 2014 Free Software Initiative of Japan * Author: NIIBE Yutaka @@ -28,7 +28,7 @@ #include #include "bn.h" -#include "modp256.h" +#include "modp256r1.h" /* 256 224 192 160 128 96 64 32 0 @@ -50,7 +50,7 @@ const bn256 p256 = { {0xffffffff, 0xffffffff, 0xffffffff, 0x00000000, * @brief X = (A + B) mod p256 */ void -modp256_add (bn256 *X, const bn256 *A, const bn256 *B) +modp256r1_add (bn256 *X, const bn256 *A, const bn256 *B) { uint32_t carry; bn256 tmp[1]; @@ -66,7 +66,7 @@ modp256_add (bn256 *X, const bn256 *A, const bn256 *B) * @brief X = (A - B) mod p256 */ void -modp256_sub (bn256 *X, const bn256 *A, const bn256 *B) +modp256r1_sub (bn256 *X, const bn256 *A, const bn256 *B) { uint32_t borrow; bn256 tmp[1]; @@ -82,7 +82,7 @@ modp256_sub (bn256 *X, const bn256 *A, const bn256 *B) * @brief X = A mod p256 */ void -modp256_reduce (bn256 *X, const bn512 *A) +modp256r1_reduce (bn256 *X, const bn512 *A) { bn256 tmp[1]; uint32_t borrow; @@ -114,8 +114,8 @@ modp256_reduce (bn256 *X, const bn512 *A) S2->word[3] = A->word[11]; S2->word[2] = S2->word[1] = S2->word[0] = 0; /* X += 2 * S2 */ - modp256_add (X, X, S2); - modp256_add (X, X, S2); + modp256r1_add (X, X, S2); + modp256r1_add (X, X, S2); S3->word[7] = 0; S3->word[6] = A->word[15]; @@ -124,8 +124,8 @@ modp256_reduce (bn256 *X, const bn512 *A) S3->word[3] = A->word[12]; S3->word[2] = S3->word[1] = S3->word[0] = 0; /* X += 2 * S3 */ - modp256_add (X, X, S3); - modp256_add (X, X, S3); + modp256r1_add (X, X, S3); + modp256r1_add (X, X, S3); S4->word[7] = A->word[15]; S4->word[6] = A->word[14]; @@ -134,7 +134,7 @@ modp256_reduce (bn256 *X, const bn512 *A) S4->word[1] = A->word[9]; S4->word[0] = A->word[8]; /* X += S4 */ - modp256_add (X, X, S4); + modp256r1_add (X, X, S4); S5->word[7] = A->word[8]; S5->word[6] = A->word[13]; @@ -145,7 +145,7 @@ modp256_reduce (bn256 *X, const bn512 *A) S5->word[1] = A->word[10]; S5->word[0] = A->word[9]; /* X += S5 */ - modp256_add (X, X, S5); + modp256r1_add (X, X, S5); S6->word[7] = A->word[10]; S6->word[6] = A->word[8]; @@ -154,7 +154,7 @@ modp256_reduce (bn256 *X, const bn512 *A) S6->word[1] = A->word[12]; S6->word[0] = A->word[11]; /* X -= S6 */ - modp256_sub (X, X, S6); + modp256r1_sub (X, X, S6); S7->word[7] = A->word[11]; S7->word[6] = A->word[9]; @@ -164,7 +164,7 @@ modp256_reduce (bn256 *X, const bn512 *A) S7->word[1] = A->word[13]; S7->word[0] = A->word[12]; /* X -= S7 */ - modp256_sub (X, X, S7); + modp256r1_sub (X, X, S7); S8->word[7] = A->word[12]; S8->word[6] = 0; @@ -175,7 +175,7 @@ modp256_reduce (bn256 *X, const bn512 *A) S8->word[1] = A->word[14]; S8->word[0] = A->word[13]; /* X -= S8 */ - modp256_sub (X, X, S8); + modp256r1_sub (X, X, S8); S9->word[7] = A->word[13]; S9->word[6] = 0; @@ -186,7 +186,7 @@ modp256_reduce (bn256 *X, const bn512 *A) S9->word[1] = A->word[15]; S9->word[0] = A->word[14]; /* X -= S9 */ - modp256_sub (X, X, S9); + modp256r1_sub (X, X, S9); borrow = bn256_sub (tmp, X, P256); if (borrow) @@ -199,24 +199,24 @@ modp256_reduce (bn256 *X, const bn512 *A) * @brief X = (A * B) mod p256 */ void -modp256_mul (bn256 *X, const bn256 *A, const bn256 *B) +modp256r1_mul (bn256 *X, const bn256 *A, const bn256 *B) { bn512 AB[1]; bn256_mul (AB, A, B); - modp256_reduce (X, AB); + modp256r1_reduce (X, AB); } /** * @brief X = A * A mod p256 */ void -modp256_sqr (bn256 *X, const bn256 *A) +modp256r1_sqr (bn256 *X, const bn256 *A) { bn512 AA[1]; bn256_sqr (AA, A); - modp256_reduce (X, AA); + modp256r1_reduce (X, AA); } /** @@ -228,7 +228,7 @@ modp256_sqr (bn256 *X, const bn256 *A) #define MAX_N_BITS 256 int -modp256_inv (bn256 *C, const bn256 *a) +modp256r1_inv (bn256 *C, const bn256 *a) { bn256 u[1], v[1], tmp[1]; bn256 A[1] = { { { 1, 0, 0, 0, 0, 0, 0, 0 } } }; @@ -276,12 +276,12 @@ modp256_inv (bn256 *C, const bn256 *a) if (bn256_is_ge (tmp, tmp)) { bn256_sub (tmp, tmp, tmp); - modp256_sub (tmp, tmp, tmp); + modp256r1_sub (tmp, tmp, tmp); } else { bn256_sub (tmp, tmp, tmp); - modp256_sub (tmp, tmp, A); + modp256r1_sub (tmp, tmp, A); } break; @@ -313,12 +313,12 @@ modp256_inv (bn256 *C, const bn256 *a) if (bn256_is_ge (tmp, tmp)) { bn256_sub (tmp, tmp, tmp); - modp256_sub (tmp, tmp, tmp); + modp256r1_sub (tmp, tmp, tmp); } else { bn256_sub (tmp, tmp, tmp); - modp256_sub (tmp, tmp, A); + modp256r1_sub (tmp, tmp, A); } break; @@ -350,12 +350,12 @@ modp256_inv (bn256 *C, const bn256 *a) if (bn256_is_ge (tmp, tmp)) { bn256_sub (tmp, tmp, tmp); - modp256_sub (tmp, tmp, tmp); + modp256r1_sub (tmp, tmp, tmp); } else { bn256_sub (tmp, tmp, tmp); - modp256_sub (tmp, tmp, A); + modp256r1_sub (tmp, tmp, A); } break; @@ -387,12 +387,12 @@ modp256_inv (bn256 *C, const bn256 *a) if (bn256_is_ge (u, v)) { bn256_sub (u, u, v); - modp256_sub (A, A, C); + modp256r1_sub (A, A, C); } else { bn256_sub (v, v, u); - modp256_sub (C, C, A); + modp256r1_sub (C, C, A); } break; } @@ -406,7 +406,7 @@ modp256_inv (bn256 *C, const bn256 *a) * @note shift <= 32 */ void -modp256_shift (bn256 *X, const bn256 *A, int shift) +modp256r1_shift (bn256 *X, const bn256 *A, int shift) { uint32_t carry; #define borrow carry @@ -419,13 +419,13 @@ modp256_shift (bn256 *X, const bn256 *A, int shift) memset (tmp, 0, sizeof (bn256)); tmp->word[7] = carry; tmp->word[0] = carry; - modp256_add (X, X, tmp); + modp256r1_add (X, X, tmp); tmp->word[7] = 0; tmp->word[0] = 0; tmp->word[6] = carry; tmp->word[3] = carry; - modp256_sub (X, X, tmp); + modp256r1_sub (X, X, tmp); borrow = bn256_sub (tmp, X, P256); if (borrow) diff --git a/src/modp256r1.h b/src/modp256r1.h new file mode 100644 index 0000000..9d67eb0 --- /dev/null +++ b/src/modp256r1.h @@ -0,0 +1,10 @@ +extern const bn256 p256; +#define P256 (&p256) + +void modp256r1_add (bn256 *X, const bn256 *A, const bn256 *B); +void modp256r1_sub (bn256 *X, const bn256 *A, const bn256 *B); +void modp256r1_reduce (bn256 *X, const bn512 *A); +void modp256r1_mul (bn256 *X, const bn256 *A, const bn256 *B); +void modp256r1_sqr (bn256 *X, const bn256 *A); +void modp256r1_shift (bn256 *X, const bn256 *A, int shift); +int modp256r1_inv (bn256 *C, const bn256 *a);