name change p256 -> p256r1
This commit is contained in:
NIIBE Yutaka
22
ChangeLog
22
ChangeLog
@@ -1,3 +1,25 @@
|
|||||||
|
2014-02-17 Niibe Yutaka <gniibe@fsij.org>
|
||||||
|
|
||||||
|
* src/Makefile.in (CSRC): Follow the changes of filenames.
|
||||||
|
|
||||||
|
* src/modp256r1.c (modp256r1_add, modp256r1_sub, S3)
|
||||||
|
(modp256r1_mul, modp256r1_sqr, modp256r1_inv, modp256r1_shift):
|
||||||
|
Use new function names.
|
||||||
|
* src/jpc_p256r1.c (jpc_double_p256r1, jpc_add_ac_signed_p256r1)
|
||||||
|
(jpc_to_ac_p256r1): Likewise.
|
||||||
|
* src/ec_p256r1.c (point_is_on_the_curve)
|
||||||
|
(compute_kG_p256r1, compute_kP_p256r1): Likewise.
|
||||||
|
* src/call-ec_p256r1.c (ecdsa_sign): Likewise.
|
||||||
|
|
||||||
|
* src/modp256r1.h: Rename from modp256.h.
|
||||||
|
* src/jpc-ac_p256r1.h: Rename from jpc-ac.h.
|
||||||
|
* src/ec_p256r1.h: Rename from ec_p256.h.
|
||||||
|
|
||||||
|
* src/modp256r1.c: Rename from modp256.c.
|
||||||
|
* src/jpc_p256r1.c: Rename from jpc.c.
|
||||||
|
* src/ec_p256r1.c: Rename from ec_p256.c.
|
||||||
|
* src/call-ec_p256r1.c: Rename from call-ec_p256.c.
|
||||||
|
|
||||||
2014-02-05 NIIBE Yutaka <gniibe@fsij.org>
|
2014-02-05 NIIBE Yutaka <gniibe@fsij.org>
|
||||||
|
|
||||||
* src/sha512.h, src/sha512.c: New.
|
* src/sha512.h, src/sha512.c: New.
|
||||||
|
|||||||
@@ -12,7 +12,7 @@ CSRC = main.c usb_stm32f103.c adc_stm32f103.c \
|
|||||||
usb_desc.c usb_ctrl.c \
|
usb_desc.c usb_ctrl.c \
|
||||||
call-rsa.c \
|
call-rsa.c \
|
||||||
usb-icc.c openpgp.c ac.c openpgp-do.c flash.c \
|
usb-icc.c openpgp.c ac.c openpgp-do.c flash.c \
|
||||||
bn.c modp256.c jpc.c mod.c ec_p256.c call-ec_p256.c \
|
bn.c modp256r1.c jpc_p256r1.c mod.c ec_p256r1.c call-ec_p256r1.c \
|
||||||
random.c neug.c sha256.c sys.c
|
random.c neug.c sha256.c sys.c
|
||||||
|
|
||||||
INCDIR =
|
INCDIR =
|
||||||
|
|||||||
@@ -1,5 +1,6 @@
|
|||||||
/*
|
/*
|
||||||
* call-ec_p256.c - interface between Gnuk and Elliptic curve over GF(p256)
|
* call-ec_p256r1.c - interface between Gnuk and Elliptic curve over
|
||||||
|
* GF(p256r1)
|
||||||
*
|
*
|
||||||
* Copyright (C) 2013 Free Software Initiative of Japan
|
* Copyright (C) 2013 Free Software Initiative of Japan
|
||||||
* Author: NIIBE Yutaka <gniibe@fsij.org>
|
* Author: NIIBE Yutaka <gniibe@fsij.org>
|
||||||
@@ -25,8 +26,8 @@
|
|||||||
#include <stdlib.h>
|
#include <stdlib.h>
|
||||||
#include <string.h>
|
#include <string.h>
|
||||||
#include "bn.h"
|
#include "bn.h"
|
||||||
#include "jpc-ac.h"
|
#include "jpc-ac_p256r1.h"
|
||||||
#include "ec_p256.h"
|
#include "ec_p256r1.h"
|
||||||
|
|
||||||
#include "config.h"
|
#include "config.h"
|
||||||
|
|
||||||
@@ -52,7 +53,7 @@ ecdsa_sign (const uint8_t *hash, uint8_t *output,
|
|||||||
for (i = 0; i < ECDSA_BYTE_SIZE; i++)
|
for (i = 0; i < ECDSA_BYTE_SIZE; i++)
|
||||||
p[ECDSA_BYTE_SIZE - i - 1] = hash[i];
|
p[ECDSA_BYTE_SIZE - i - 1] = hash[i];
|
||||||
|
|
||||||
ecdsa (r, s, z, d);
|
ecdsa_p256r1 (r, s, z, d);
|
||||||
p = (uint8_t *)r;
|
p = (uint8_t *)r;
|
||||||
for (i = 0; i < ECDSA_BYTE_SIZE; i++)
|
for (i = 0; i < ECDSA_BYTE_SIZE; i++)
|
||||||
*output++ = p[ECDSA_BYTE_SIZE - i - 1];
|
*output++ = p[ECDSA_BYTE_SIZE - i - 1];
|
||||||
@@ -1,5 +0,0 @@
|
|||||||
int compute_kP (ac *X, const bn256 *K, const ac *P);
|
|
||||||
|
|
||||||
int compute_kG (ac *X, const bn256 *K);
|
|
||||||
void ecdsa (bn256 *r, bn256 *s, const bn256 *z, const bn256 *d);
|
|
||||||
|
|
||||||
@@ -1,5 +1,5 @@
|
|||||||
/* -*- coding: utf-8 -*-
|
/* -*- coding: utf-8 -*-
|
||||||
* ec_p256.c - Elliptic curve over GF(p256)
|
* ec_p256r1.c - Elliptic curve over GF(p256r1)
|
||||||
*
|
*
|
||||||
* Copyright (C) 2011, 2013, 2014 Free Software Initiative of Japan
|
* Copyright (C) 2011, 2013, 2014 Free Software Initiative of Japan
|
||||||
* Author: NIIBE Yutaka <gniibe@fsij.org>
|
* Author: NIIBE Yutaka <gniibe@fsij.org>
|
||||||
@@ -41,10 +41,10 @@
|
|||||||
#include <stdint.h>
|
#include <stdint.h>
|
||||||
#include <string.h>
|
#include <string.h>
|
||||||
#include "bn.h"
|
#include "bn.h"
|
||||||
#include "modp256.h"
|
#include "modp256r1.h"
|
||||||
#include "jpc-ac.h"
|
#include "jpc-ac_p256r1.h"
|
||||||
#include "mod.h"
|
#include "mod.h"
|
||||||
#include "ec_p256.h"
|
#include "ec_p256r1.h"
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* a = -3 mod p256
|
* a = -3 mod p256
|
||||||
@@ -263,7 +263,7 @@ get_vk (const bn256 *K, int i)
|
|||||||
* Return 0 on success.
|
* Return 0 on success.
|
||||||
*/
|
*/
|
||||||
int
|
int
|
||||||
compute_kG (ac *X, const bn256 *K)
|
compute_kG_p256r1 (ac *X, const bn256 *K)
|
||||||
{
|
{
|
||||||
uint8_t index[64]; /* Lower 4-bit for index absolute value, msb is
|
uint8_t index[64]; /* Lower 4-bit for index absolute value, msb is
|
||||||
for sign (encoded as: 0 means 1, 1 means -1). */
|
for sign (encoded as: 0 means 1, 1 means -1). */
|
||||||
@@ -292,18 +292,18 @@ compute_kG (ac *X, const bn256 *K)
|
|||||||
memset (Q->z, 0, sizeof (bn256)); /* infinity */
|
memset (Q->z, 0, sizeof (bn256)); /* infinity */
|
||||||
for (i = 31; i >= 0; i--)
|
for (i = 31; i >= 0; i--)
|
||||||
{
|
{
|
||||||
jpc_double (Q, Q);
|
jpc_double_p256r1 (Q, Q);
|
||||||
|
|
||||||
jpc_add_ac_signed (Q, Q, &precomputed_KG[index[i]&0x0f],
|
jpc_add_ac_signed_p256r1 (Q, Q, &precomputed_KG[index[i]&0x0f],
|
||||||
index[i] >> 7);
|
index[i] >> 7);
|
||||||
jpc_add_ac_signed (Q, Q, &precomputed_2E_KG[index[i+32]&0x0f],
|
jpc_add_ac_signed_p256r1 (Q, Q, &precomputed_2E_KG[index[i+32]&0x0f],
|
||||||
index[i+32] >> 7);
|
index[i+32] >> 7);
|
||||||
}
|
}
|
||||||
|
|
||||||
dst = k_is_even ? Q : tmp;
|
dst = k_is_even ? Q : tmp;
|
||||||
jpc_add_ac (dst, Q, &precomputed_KG[0]);
|
jpc_add_ac_p256r1 (dst, Q, &precomputed_KG[0]);
|
||||||
|
|
||||||
return jpc_to_ac (X, Q);
|
return jpc_to_ac_p256r1 (X, Q);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@@ -320,14 +320,14 @@ point_is_on_the_curve (const ac *P)
|
|||||||
bn256 s[1], t[1];
|
bn256 s[1], t[1];
|
||||||
|
|
||||||
/* Elliptic curve: y^2 = x^3 + a*x + b */
|
/* Elliptic curve: y^2 = x^3 + a*x + b */
|
||||||
modp256_sqr (s, P->x);
|
modp256r1_sqr (s, P->x);
|
||||||
modp256_mul (s, s, P->x);
|
modp256r1_mul (s, s, P->x);
|
||||||
|
|
||||||
modp256_mul (t, coefficient_a, P->x);
|
modp256r1_mul (t, coefficient_a, P->x);
|
||||||
modp256_add (s, s, t);
|
modp256r1_add (s, s, t);
|
||||||
modp256_add (s, s, coefficient_b);
|
modp256r1_add (s, s, coefficient_b);
|
||||||
|
|
||||||
modp256_sqr (t, P->y);
|
modp256r1_sqr (t, P->y);
|
||||||
if (bn256_cmp (s, t) == 0)
|
if (bn256_cmp (s, t) == 0)
|
||||||
return 0;
|
return 0;
|
||||||
else
|
else
|
||||||
@@ -395,7 +395,7 @@ get_vk_kP (const bn256 *K, int i)
|
|||||||
* represented by affine coordinate.
|
* represented by affine coordinate.
|
||||||
*/
|
*/
|
||||||
int
|
int
|
||||||
compute_kP (ac *X, const bn256 *K, const ac *P)
|
compute_kP_p256r1 (ac *X, const bn256 *K, const ac *P)
|
||||||
{
|
{
|
||||||
uint8_t index[86]; /* Lower 2-bit for index absolute value, msb is
|
uint8_t index[86]; /* Lower 2-bit for index absolute value, msb is
|
||||||
for sign (encoded as: 0 means 1, 1 means -1). */
|
for sign (encoded as: 0 means 1, 1 means -1). */
|
||||||
@@ -489,7 +489,7 @@ static const bn256 MU_lower[1] = {
|
|||||||
* @brief Compute signature (r,s) of hash string z with secret key d
|
* @brief Compute signature (r,s) of hash string z with secret key d
|
||||||
*/
|
*/
|
||||||
void
|
void
|
||||||
ecdsa (bn256 *r, bn256 *s, const bn256 *z, const bn256 *d)
|
ecdsa_p256r1 (bn256 *r, bn256 *s, const bn256 *z, const bn256 *d)
|
||||||
{
|
{
|
||||||
bn256 k[1];
|
bn256 k[1];
|
||||||
ac KG[1];
|
ac KG[1];
|
||||||
@@ -509,7 +509,7 @@ ecdsa (bn256 *r, bn256 *s, const bn256 *z, const bn256 *d)
|
|||||||
if (bn256_sub (tmp_k, k, N) == 0) /* >= N, it's too big. */
|
if (bn256_sub (tmp_k, k, N) == 0) /* >= N, it's too big. */
|
||||||
continue;
|
continue;
|
||||||
/* 1 <= k <= N - 1 */
|
/* 1 <= k <= N - 1 */
|
||||||
compute_kG (KG, k);
|
compute_kG_p256r1 (KG, k);
|
||||||
borrow = bn256_sub (r, KG->x, N);
|
borrow = bn256_sub (r, KG->x, N);
|
||||||
if (borrow)
|
if (borrow)
|
||||||
memcpy (r, KG->x, sizeof (bn256));
|
memcpy (r, KG->x, sizeof (bn256));
|
||||||
5
src/ec_p256r1.h
Normal file
5
src/ec_p256r1.h
Normal file
@@ -0,0 +1,5 @@
|
|||||||
|
int compute_kP_p256r1 (ac *X, const bn256 *K, const ac *P);
|
||||||
|
|
||||||
|
int compute_kG_p256r1 (ac *X, const bn256 *K);
|
||||||
|
void ecdsa_p256r1 (bn256 *r, bn256 *s, const bn256 *z, const bn256 *d);
|
||||||
|
|
||||||
23
src/jpc-ac.h
23
src/jpc-ac.h
@@ -1,23 +0,0 @@
|
|||||||
/**
|
|
||||||
* @brief Jacobian projective coordinates
|
|
||||||
*/
|
|
||||||
typedef struct
|
|
||||||
{
|
|
||||||
bn256 x[1];
|
|
||||||
bn256 y[1];
|
|
||||||
bn256 z[1];
|
|
||||||
} jpc;
|
|
||||||
|
|
||||||
/**
|
|
||||||
* @brief Affin coordinates
|
|
||||||
*/
|
|
||||||
typedef struct
|
|
||||||
{
|
|
||||||
bn256 x[1];
|
|
||||||
bn256 y[1];
|
|
||||||
} ac;
|
|
||||||
|
|
||||||
void jpc_double (jpc *X, const jpc *A);
|
|
||||||
void jpc_add_ac (jpc *X, const jpc *A, const ac *B);
|
|
||||||
void jpc_add_ac_signed (jpc *X, const jpc *A, const ac *B, int minus);
|
|
||||||
int jpc_to_ac (ac *X, const jpc *A);
|
|
||||||
23
src/jpc-ac_p256r1.h
Normal file
23
src/jpc-ac_p256r1.h
Normal file
@@ -0,0 +1,23 @@
|
|||||||
|
/**
|
||||||
|
* @brief Jacobian projective coordinates
|
||||||
|
*/
|
||||||
|
typedef struct
|
||||||
|
{
|
||||||
|
bn256 x[1];
|
||||||
|
bn256 y[1];
|
||||||
|
bn256 z[1];
|
||||||
|
} jpc;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @brief Affin coordinates
|
||||||
|
*/
|
||||||
|
typedef struct
|
||||||
|
{
|
||||||
|
bn256 x[1];
|
||||||
|
bn256 y[1];
|
||||||
|
} ac;
|
||||||
|
|
||||||
|
void jpc_double_p256r1 (jpc *X, const jpc *A);
|
||||||
|
void jpc_add_ac_p256r1 (jpc *X, const jpc *A, const ac *B);
|
||||||
|
void jpc_add_ac_signed_p256r1 (jpc *X, const jpc *A, const ac *B, int minus);
|
||||||
|
int jpc_to_ac_p256r1 (ac *X, const jpc *A);
|
||||||
@@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* jpc.c -- arithmetic on Jacobian projective coordinates and Affin coordinates
|
* jpc_p256r1.c -- arithmetic on Jacobian projective coordinates for p256r1.
|
||||||
*
|
*
|
||||||
* Copyright (C) 2011, 2013 Free Software Initiative of Japan
|
* Copyright (C) 2011, 2013 Free Software Initiative of Japan
|
||||||
* Author: NIIBE Yutaka <gniibe@fsij.org>
|
* Author: NIIBE Yutaka <gniibe@fsij.org>
|
||||||
@@ -24,8 +24,8 @@
|
|||||||
#include <stdint.h>
|
#include <stdint.h>
|
||||||
#include <string.h>
|
#include <string.h>
|
||||||
#include "bn.h"
|
#include "bn.h"
|
||||||
#include "modp256.h"
|
#include "modp256r1.h"
|
||||||
#include "jpc-ac.h"
|
#include "jpc-ac_p256r1.h"
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @brief X = 2 * A
|
* @brief X = 2 * A
|
||||||
@@ -34,7 +34,7 @@
|
|||||||
* @param A JPC
|
* @param A JPC
|
||||||
*/
|
*/
|
||||||
void
|
void
|
||||||
jpc_double (jpc *X, const jpc *A)
|
jpc_double_p256r1 (jpc *X, const jpc *A)
|
||||||
{
|
{
|
||||||
bn256 a[1], b[1], c[1], tmp0[1];
|
bn256 a[1], b[1], c[1], tmp0[1];
|
||||||
bn256 *d;
|
bn256 *d;
|
||||||
@@ -43,31 +43,31 @@ jpc_double (jpc *X, const jpc *A)
|
|||||||
return;
|
return;
|
||||||
|
|
||||||
d = X->x;
|
d = X->x;
|
||||||
modp256_sqr (a, A->y);
|
modp256r1_sqr (a, A->y);
|
||||||
memcpy (b, a, sizeof (bn256));
|
memcpy (b, a, sizeof (bn256));
|
||||||
modp256_mul (a, a, A->x);
|
modp256r1_mul (a, a, A->x);
|
||||||
modp256_shift (a, a, 2);
|
modp256r1_shift (a, a, 2);
|
||||||
|
|
||||||
modp256_sqr (b, b);
|
modp256r1_sqr (b, b);
|
||||||
modp256_shift (b, b, 3);
|
modp256r1_shift (b, b, 3);
|
||||||
|
|
||||||
modp256_sqr (tmp0, A->z);
|
modp256r1_sqr (tmp0, A->z);
|
||||||
modp256_sub (c, A->x, tmp0);
|
modp256r1_sub (c, A->x, tmp0);
|
||||||
modp256_add (tmp0, tmp0, A->x);
|
modp256r1_add (tmp0, tmp0, A->x);
|
||||||
modp256_mul (tmp0, tmp0, c);
|
modp256r1_mul (tmp0, tmp0, c);
|
||||||
modp256_shift (c, tmp0, 1);
|
modp256r1_shift (c, tmp0, 1);
|
||||||
modp256_add (c, c, tmp0);
|
modp256r1_add (c, c, tmp0);
|
||||||
|
|
||||||
modp256_sqr (d, c);
|
modp256r1_sqr (d, c);
|
||||||
modp256_shift (tmp0, a, 1);
|
modp256r1_shift (tmp0, a, 1);
|
||||||
modp256_sub (d, d, tmp0);
|
modp256r1_sub (d, d, tmp0);
|
||||||
|
|
||||||
modp256_mul (X->z, A->y, A->z);
|
modp256r1_mul (X->z, A->y, A->z);
|
||||||
modp256_shift (X->z, X->z, 1);
|
modp256r1_shift (X->z, X->z, 1);
|
||||||
|
|
||||||
modp256_sub (tmp0, a, d);
|
modp256r1_sub (tmp0, a, d);
|
||||||
modp256_mul (tmp0, c, tmp0);
|
modp256r1_mul (tmp0, c, tmp0);
|
||||||
modp256_sub (X->y, tmp0, b);
|
modp256r1_sub (X->y, tmp0, b);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@@ -79,7 +79,7 @@ jpc_double (jpc *X, const jpc *A)
|
|||||||
* @param MINUS if 1 subtraction, addition otherwise.
|
* @param MINUS if 1 subtraction, addition otherwise.
|
||||||
*/
|
*/
|
||||||
void
|
void
|
||||||
jpc_add_ac_signed (jpc *X, const jpc *A, const ac *B, int minus)
|
jpc_add_ac_signed_p256r1 (jpc *X, const jpc *A, const ac *B, int minus)
|
||||||
{
|
{
|
||||||
bn256 a[1], b[1], c[1], d[1], tmp[1];
|
bn256 a[1], b[1], c[1], d[1], tmp[1];
|
||||||
#define minus_B_y c
|
#define minus_B_y c
|
||||||
@@ -110,20 +110,20 @@ jpc_add_ac_signed (jpc *X, const jpc *A, const ac *B, int minus)
|
|||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
modp256_sqr (a, A->z);
|
modp256r1_sqr (a, A->z);
|
||||||
memcpy (b, a, sizeof (bn256));
|
memcpy (b, a, sizeof (bn256));
|
||||||
modp256_mul (a, a, B->x);
|
modp256r1_mul (a, a, B->x);
|
||||||
|
|
||||||
modp256_mul (b, b, A->z);
|
modp256r1_mul (b, b, A->z);
|
||||||
if (minus)
|
if (minus)
|
||||||
{
|
{
|
||||||
bn256_sub (minus_B_y, P256, B->y);
|
bn256_sub (minus_B_y, P256, B->y);
|
||||||
modp256_mul (b, b, minus_B_y);
|
modp256r1_mul (b, b, minus_B_y);
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
bn256_sub (tmp, P256, B->y);
|
bn256_sub (tmp, P256, B->y);
|
||||||
modp256_mul (b, b, B->y);
|
modp256r1_mul (b, b, B->y);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (bn256_cmp (A->x, a) == 0 && bn256_cmp (A->y, b) == 0)
|
if (bn256_cmp (A->x, a) == 0 && bn256_cmp (A->y, b) == 0)
|
||||||
@@ -132,26 +132,26 @@ jpc_add_ac_signed (jpc *X, const jpc *A, const ac *B, int minus)
|
|||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
modp256_sub (c, a, A->x);
|
modp256r1_sub (c, a, A->x);
|
||||||
modp256_sub (d, b, A->y);
|
modp256r1_sub (d, b, A->y);
|
||||||
|
|
||||||
modp256_mul (X->z, A->z, c);
|
modp256r1_mul (X->z, A->z, c);
|
||||||
|
|
||||||
modp256_sqr (c_sqr, c);
|
modp256r1_sqr (c_sqr, c);
|
||||||
modp256_mul (c_cube, c_sqr, c);
|
modp256r1_mul (c_cube, c_sqr, c);
|
||||||
|
|
||||||
modp256_mul (x1_c_sqr, A->x, c_sqr);
|
modp256r1_mul (x1_c_sqr, A->x, c_sqr);
|
||||||
|
|
||||||
modp256_sqr (X->x, d);
|
modp256r1_sqr (X->x, d);
|
||||||
memcpy (x1_c_sqr_copy, x1_c_sqr, sizeof (bn256));
|
memcpy (x1_c_sqr_copy, x1_c_sqr, sizeof (bn256));
|
||||||
modp256_shift (x1_c_sqr_2, x1_c_sqr, 1);
|
modp256r1_shift (x1_c_sqr_2, x1_c_sqr, 1);
|
||||||
modp256_add (c_cube_plus_x1_c_sqr_2, x1_c_sqr_2, c_cube);
|
modp256r1_add (c_cube_plus_x1_c_sqr_2, x1_c_sqr_2, c_cube);
|
||||||
modp256_sub (X->x, X->x, c_cube_plus_x1_c_sqr_2);
|
modp256r1_sub (X->x, X->x, c_cube_plus_x1_c_sqr_2);
|
||||||
|
|
||||||
modp256_sub (y3_tmp, x1_c_sqr_copy, X->x);
|
modp256r1_sub (y3_tmp, x1_c_sqr_copy, X->x);
|
||||||
modp256_mul (y3_tmp, y3_tmp, d);
|
modp256r1_mul (y3_tmp, y3_tmp, d);
|
||||||
modp256_mul (y1_c_cube, A->y, c_cube);
|
modp256r1_mul (y1_c_cube, A->y, c_cube);
|
||||||
modp256_sub (X->y, y3_tmp, y1_c_cube);
|
modp256r1_sub (X->y, y3_tmp, y1_c_cube);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@@ -162,9 +162,9 @@ jpc_add_ac_signed (jpc *X, const jpc *A, const ac *B, int minus)
|
|||||||
* @param B AC
|
* @param B AC
|
||||||
*/
|
*/
|
||||||
void
|
void
|
||||||
jpc_add_ac (jpc *X, const jpc *A, const ac *B)
|
jpc_add_ac_p256r1 (jpc *X, const jpc *A, const ac *B)
|
||||||
{
|
{
|
||||||
jpc_add_ac_signed (X, A, B, 0);
|
jpc_add_ac_signed_p256r1 (X, A, B, 0);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@@ -177,17 +177,17 @@ jpc_add_ac (jpc *X, const jpc *A, const ac *B)
|
|||||||
* Return 0 on success.
|
* Return 0 on success.
|
||||||
*/
|
*/
|
||||||
int
|
int
|
||||||
jpc_to_ac (ac *X, const jpc *A)
|
jpc_to_ac_p256r1 (ac *X, const jpc *A)
|
||||||
{
|
{
|
||||||
bn256 z_inv[1], z_inv_sqr[1];
|
bn256 z_inv[1], z_inv_sqr[1];
|
||||||
|
|
||||||
if (modp256_inv (z_inv, A->z) < 0)
|
if (modp256r1_inv (z_inv, A->z) < 0)
|
||||||
return -1;
|
return -1;
|
||||||
|
|
||||||
modp256_sqr (z_inv_sqr, z_inv);
|
modp256r1_sqr (z_inv_sqr, z_inv);
|
||||||
modp256_mul (z_inv, z_inv, z_inv_sqr);
|
modp256r1_mul (z_inv, z_inv, z_inv_sqr);
|
||||||
|
|
||||||
modp256_mul (X->x, A->x, z_inv_sqr);
|
modp256r1_mul (X->x, A->x, z_inv_sqr);
|
||||||
modp256_mul (X->y, A->y, z_inv);
|
modp256r1_mul (X->y, A->y, z_inv);
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
@@ -1,10 +0,0 @@
|
|||||||
extern const bn256 p256;
|
|
||||||
#define P256 (&p256)
|
|
||||||
|
|
||||||
void modp256_add (bn256 *X, const bn256 *A, const bn256 *B);
|
|
||||||
void modp256_sub (bn256 *X, const bn256 *A, const bn256 *B);
|
|
||||||
void modp256_reduce (bn256 *X, const bn512 *A);
|
|
||||||
void modp256_mul (bn256 *X, const bn256 *A, const bn256 *B);
|
|
||||||
void modp256_sqr (bn256 *X, const bn256 *A);
|
|
||||||
void modp256_shift (bn256 *X, const bn256 *A, int shift);
|
|
||||||
int modp256_inv (bn256 *C, const bn256 *a);
|
|
||||||
@@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* modp256.c -- modulo P256 arithmetic
|
* modp256r1.c -- modulo arithmetic for p256r1
|
||||||
*
|
*
|
||||||
* Copyright (C) 2011, 2013, 2014 Free Software Initiative of Japan
|
* Copyright (C) 2011, 2013, 2014 Free Software Initiative of Japan
|
||||||
* Author: NIIBE Yutaka <gniibe@fsij.org>
|
* Author: NIIBE Yutaka <gniibe@fsij.org>
|
||||||
@@ -28,7 +28,7 @@
|
|||||||
#include <string.h>
|
#include <string.h>
|
||||||
|
|
||||||
#include "bn.h"
|
#include "bn.h"
|
||||||
#include "modp256.h"
|
#include "modp256r1.h"
|
||||||
|
|
||||||
/*
|
/*
|
||||||
256 224 192 160 128 96 64 32 0
|
256 224 192 160 128 96 64 32 0
|
||||||
@@ -50,7 +50,7 @@ const bn256 p256 = { {0xffffffff, 0xffffffff, 0xffffffff, 0x00000000,
|
|||||||
* @brief X = (A + B) mod p256
|
* @brief X = (A + B) mod p256
|
||||||
*/
|
*/
|
||||||
void
|
void
|
||||||
modp256_add (bn256 *X, const bn256 *A, const bn256 *B)
|
modp256r1_add (bn256 *X, const bn256 *A, const bn256 *B)
|
||||||
{
|
{
|
||||||
uint32_t carry;
|
uint32_t carry;
|
||||||
bn256 tmp[1];
|
bn256 tmp[1];
|
||||||
@@ -66,7 +66,7 @@ modp256_add (bn256 *X, const bn256 *A, const bn256 *B)
|
|||||||
* @brief X = (A - B) mod p256
|
* @brief X = (A - B) mod p256
|
||||||
*/
|
*/
|
||||||
void
|
void
|
||||||
modp256_sub (bn256 *X, const bn256 *A, const bn256 *B)
|
modp256r1_sub (bn256 *X, const bn256 *A, const bn256 *B)
|
||||||
{
|
{
|
||||||
uint32_t borrow;
|
uint32_t borrow;
|
||||||
bn256 tmp[1];
|
bn256 tmp[1];
|
||||||
@@ -82,7 +82,7 @@ modp256_sub (bn256 *X, const bn256 *A, const bn256 *B)
|
|||||||
* @brief X = A mod p256
|
* @brief X = A mod p256
|
||||||
*/
|
*/
|
||||||
void
|
void
|
||||||
modp256_reduce (bn256 *X, const bn512 *A)
|
modp256r1_reduce (bn256 *X, const bn512 *A)
|
||||||
{
|
{
|
||||||
bn256 tmp[1];
|
bn256 tmp[1];
|
||||||
uint32_t borrow;
|
uint32_t borrow;
|
||||||
@@ -114,8 +114,8 @@ modp256_reduce (bn256 *X, const bn512 *A)
|
|||||||
S2->word[3] = A->word[11];
|
S2->word[3] = A->word[11];
|
||||||
S2->word[2] = S2->word[1] = S2->word[0] = 0;
|
S2->word[2] = S2->word[1] = S2->word[0] = 0;
|
||||||
/* X += 2 * S2 */
|
/* X += 2 * S2 */
|
||||||
modp256_add (X, X, S2);
|
modp256r1_add (X, X, S2);
|
||||||
modp256_add (X, X, S2);
|
modp256r1_add (X, X, S2);
|
||||||
|
|
||||||
S3->word[7] = 0;
|
S3->word[7] = 0;
|
||||||
S3->word[6] = A->word[15];
|
S3->word[6] = A->word[15];
|
||||||
@@ -124,8 +124,8 @@ modp256_reduce (bn256 *X, const bn512 *A)
|
|||||||
S3->word[3] = A->word[12];
|
S3->word[3] = A->word[12];
|
||||||
S3->word[2] = S3->word[1] = S3->word[0] = 0;
|
S3->word[2] = S3->word[1] = S3->word[0] = 0;
|
||||||
/* X += 2 * S3 */
|
/* X += 2 * S3 */
|
||||||
modp256_add (X, X, S3);
|
modp256r1_add (X, X, S3);
|
||||||
modp256_add (X, X, S3);
|
modp256r1_add (X, X, S3);
|
||||||
|
|
||||||
S4->word[7] = A->word[15];
|
S4->word[7] = A->word[15];
|
||||||
S4->word[6] = A->word[14];
|
S4->word[6] = A->word[14];
|
||||||
@@ -134,7 +134,7 @@ modp256_reduce (bn256 *X, const bn512 *A)
|
|||||||
S4->word[1] = A->word[9];
|
S4->word[1] = A->word[9];
|
||||||
S4->word[0] = A->word[8];
|
S4->word[0] = A->word[8];
|
||||||
/* X += S4 */
|
/* X += S4 */
|
||||||
modp256_add (X, X, S4);
|
modp256r1_add (X, X, S4);
|
||||||
|
|
||||||
S5->word[7] = A->word[8];
|
S5->word[7] = A->word[8];
|
||||||
S5->word[6] = A->word[13];
|
S5->word[6] = A->word[13];
|
||||||
@@ -145,7 +145,7 @@ modp256_reduce (bn256 *X, const bn512 *A)
|
|||||||
S5->word[1] = A->word[10];
|
S5->word[1] = A->word[10];
|
||||||
S5->word[0] = A->word[9];
|
S5->word[0] = A->word[9];
|
||||||
/* X += S5 */
|
/* X += S5 */
|
||||||
modp256_add (X, X, S5);
|
modp256r1_add (X, X, S5);
|
||||||
|
|
||||||
S6->word[7] = A->word[10];
|
S6->word[7] = A->word[10];
|
||||||
S6->word[6] = A->word[8];
|
S6->word[6] = A->word[8];
|
||||||
@@ -154,7 +154,7 @@ modp256_reduce (bn256 *X, const bn512 *A)
|
|||||||
S6->word[1] = A->word[12];
|
S6->word[1] = A->word[12];
|
||||||
S6->word[0] = A->word[11];
|
S6->word[0] = A->word[11];
|
||||||
/* X -= S6 */
|
/* X -= S6 */
|
||||||
modp256_sub (X, X, S6);
|
modp256r1_sub (X, X, S6);
|
||||||
|
|
||||||
S7->word[7] = A->word[11];
|
S7->word[7] = A->word[11];
|
||||||
S7->word[6] = A->word[9];
|
S7->word[6] = A->word[9];
|
||||||
@@ -164,7 +164,7 @@ modp256_reduce (bn256 *X, const bn512 *A)
|
|||||||
S7->word[1] = A->word[13];
|
S7->word[1] = A->word[13];
|
||||||
S7->word[0] = A->word[12];
|
S7->word[0] = A->word[12];
|
||||||
/* X -= S7 */
|
/* X -= S7 */
|
||||||
modp256_sub (X, X, S7);
|
modp256r1_sub (X, X, S7);
|
||||||
|
|
||||||
S8->word[7] = A->word[12];
|
S8->word[7] = A->word[12];
|
||||||
S8->word[6] = 0;
|
S8->word[6] = 0;
|
||||||
@@ -175,7 +175,7 @@ modp256_reduce (bn256 *X, const bn512 *A)
|
|||||||
S8->word[1] = A->word[14];
|
S8->word[1] = A->word[14];
|
||||||
S8->word[0] = A->word[13];
|
S8->word[0] = A->word[13];
|
||||||
/* X -= S8 */
|
/* X -= S8 */
|
||||||
modp256_sub (X, X, S8);
|
modp256r1_sub (X, X, S8);
|
||||||
|
|
||||||
S9->word[7] = A->word[13];
|
S9->word[7] = A->word[13];
|
||||||
S9->word[6] = 0;
|
S9->word[6] = 0;
|
||||||
@@ -186,7 +186,7 @@ modp256_reduce (bn256 *X, const bn512 *A)
|
|||||||
S9->word[1] = A->word[15];
|
S9->word[1] = A->word[15];
|
||||||
S9->word[0] = A->word[14];
|
S9->word[0] = A->word[14];
|
||||||
/* X -= S9 */
|
/* X -= S9 */
|
||||||
modp256_sub (X, X, S9);
|
modp256r1_sub (X, X, S9);
|
||||||
|
|
||||||
borrow = bn256_sub (tmp, X, P256);
|
borrow = bn256_sub (tmp, X, P256);
|
||||||
if (borrow)
|
if (borrow)
|
||||||
@@ -199,24 +199,24 @@ modp256_reduce (bn256 *X, const bn512 *A)
|
|||||||
* @brief X = (A * B) mod p256
|
* @brief X = (A * B) mod p256
|
||||||
*/
|
*/
|
||||||
void
|
void
|
||||||
modp256_mul (bn256 *X, const bn256 *A, const bn256 *B)
|
modp256r1_mul (bn256 *X, const bn256 *A, const bn256 *B)
|
||||||
{
|
{
|
||||||
bn512 AB[1];
|
bn512 AB[1];
|
||||||
|
|
||||||
bn256_mul (AB, A, B);
|
bn256_mul (AB, A, B);
|
||||||
modp256_reduce (X, AB);
|
modp256r1_reduce (X, AB);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @brief X = A * A mod p256
|
* @brief X = A * A mod p256
|
||||||
*/
|
*/
|
||||||
void
|
void
|
||||||
modp256_sqr (bn256 *X, const bn256 *A)
|
modp256r1_sqr (bn256 *X, const bn256 *A)
|
||||||
{
|
{
|
||||||
bn512 AA[1];
|
bn512 AA[1];
|
||||||
|
|
||||||
bn256_sqr (AA, A);
|
bn256_sqr (AA, A);
|
||||||
modp256_reduce (X, AA);
|
modp256r1_reduce (X, AA);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@@ -228,7 +228,7 @@ modp256_sqr (bn256 *X, const bn256 *A)
|
|||||||
#define MAX_N_BITS 256
|
#define MAX_N_BITS 256
|
||||||
|
|
||||||
int
|
int
|
||||||
modp256_inv (bn256 *C, const bn256 *a)
|
modp256r1_inv (bn256 *C, const bn256 *a)
|
||||||
{
|
{
|
||||||
bn256 u[1], v[1], tmp[1];
|
bn256 u[1], v[1], tmp[1];
|
||||||
bn256 A[1] = { { { 1, 0, 0, 0, 0, 0, 0, 0 } } };
|
bn256 A[1] = { { { 1, 0, 0, 0, 0, 0, 0, 0 } } };
|
||||||
@@ -276,12 +276,12 @@ modp256_inv (bn256 *C, const bn256 *a)
|
|||||||
if (bn256_is_ge (tmp, tmp))
|
if (bn256_is_ge (tmp, tmp))
|
||||||
{
|
{
|
||||||
bn256_sub (tmp, tmp, tmp);
|
bn256_sub (tmp, tmp, tmp);
|
||||||
modp256_sub (tmp, tmp, tmp);
|
modp256r1_sub (tmp, tmp, tmp);
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
bn256_sub (tmp, tmp, tmp);
|
bn256_sub (tmp, tmp, tmp);
|
||||||
modp256_sub (tmp, tmp, A);
|
modp256r1_sub (tmp, tmp, A);
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
|
|
||||||
@@ -313,12 +313,12 @@ modp256_inv (bn256 *C, const bn256 *a)
|
|||||||
if (bn256_is_ge (tmp, tmp))
|
if (bn256_is_ge (tmp, tmp))
|
||||||
{
|
{
|
||||||
bn256_sub (tmp, tmp, tmp);
|
bn256_sub (tmp, tmp, tmp);
|
||||||
modp256_sub (tmp, tmp, tmp);
|
modp256r1_sub (tmp, tmp, tmp);
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
bn256_sub (tmp, tmp, tmp);
|
bn256_sub (tmp, tmp, tmp);
|
||||||
modp256_sub (tmp, tmp, A);
|
modp256r1_sub (tmp, tmp, A);
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
|
|
||||||
@@ -350,12 +350,12 @@ modp256_inv (bn256 *C, const bn256 *a)
|
|||||||
if (bn256_is_ge (tmp, tmp))
|
if (bn256_is_ge (tmp, tmp))
|
||||||
{
|
{
|
||||||
bn256_sub (tmp, tmp, tmp);
|
bn256_sub (tmp, tmp, tmp);
|
||||||
modp256_sub (tmp, tmp, tmp);
|
modp256r1_sub (tmp, tmp, tmp);
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
bn256_sub (tmp, tmp, tmp);
|
bn256_sub (tmp, tmp, tmp);
|
||||||
modp256_sub (tmp, tmp, A);
|
modp256r1_sub (tmp, tmp, A);
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
|
|
||||||
@@ -387,12 +387,12 @@ modp256_inv (bn256 *C, const bn256 *a)
|
|||||||
if (bn256_is_ge (u, v))
|
if (bn256_is_ge (u, v))
|
||||||
{
|
{
|
||||||
bn256_sub (u, u, v);
|
bn256_sub (u, u, v);
|
||||||
modp256_sub (A, A, C);
|
modp256r1_sub (A, A, C);
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
bn256_sub (v, v, u);
|
bn256_sub (v, v, u);
|
||||||
modp256_sub (C, C, A);
|
modp256r1_sub (C, C, A);
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
@@ -406,7 +406,7 @@ modp256_inv (bn256 *C, const bn256 *a)
|
|||||||
* @note shift <= 32
|
* @note shift <= 32
|
||||||
*/
|
*/
|
||||||
void
|
void
|
||||||
modp256_shift (bn256 *X, const bn256 *A, int shift)
|
modp256r1_shift (bn256 *X, const bn256 *A, int shift)
|
||||||
{
|
{
|
||||||
uint32_t carry;
|
uint32_t carry;
|
||||||
#define borrow carry
|
#define borrow carry
|
||||||
@@ -419,13 +419,13 @@ modp256_shift (bn256 *X, const bn256 *A, int shift)
|
|||||||
memset (tmp, 0, sizeof (bn256));
|
memset (tmp, 0, sizeof (bn256));
|
||||||
tmp->word[7] = carry;
|
tmp->word[7] = carry;
|
||||||
tmp->word[0] = carry;
|
tmp->word[0] = carry;
|
||||||
modp256_add (X, X, tmp);
|
modp256r1_add (X, X, tmp);
|
||||||
|
|
||||||
tmp->word[7] = 0;
|
tmp->word[7] = 0;
|
||||||
tmp->word[0] = 0;
|
tmp->word[0] = 0;
|
||||||
tmp->word[6] = carry;
|
tmp->word[6] = carry;
|
||||||
tmp->word[3] = carry;
|
tmp->word[3] = carry;
|
||||||
modp256_sub (X, X, tmp);
|
modp256r1_sub (X, X, tmp);
|
||||||
|
|
||||||
borrow = bn256_sub (tmp, X, P256);
|
borrow = bn256_sub (tmp, X, P256);
|
||||||
if (borrow)
|
if (borrow)
|
||||||
10
src/modp256r1.h
Normal file
10
src/modp256r1.h
Normal file
@@ -0,0 +1,10 @@
|
|||||||
|
extern const bn256 p256;
|
||||||
|
#define P256 (&p256)
|
||||||
|
|
||||||
|
void modp256r1_add (bn256 *X, const bn256 *A, const bn256 *B);
|
||||||
|
void modp256r1_sub (bn256 *X, const bn256 *A, const bn256 *B);
|
||||||
|
void modp256r1_reduce (bn256 *X, const bn512 *A);
|
||||||
|
void modp256r1_mul (bn256 *X, const bn256 *A, const bn256 *B);
|
||||||
|
void modp256r1_sqr (bn256 *X, const bn256 *A);
|
||||||
|
void modp256r1_shift (bn256 *X, const bn256 *A, int shift);
|
||||||
|
int modp256r1_inv (bn256 *C, const bn256 *a);
|
||||||
Reference in New Issue
Block a user