deon/gnuk
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

name change p256 -> p256r1

Browse Source
This commit is contained in:
NIIBE Yutaka
2014-02-17 13:49:35 +09:00
parent 2c8f1cb0ce
commit 60820f5a5f
12 changed files with 169 additions and 146 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
ChangeLog
View File

@@ -1,3 +1,25 @@
2014-02-17 Niibe Yutaka <gniibe@fsij.org>
* src/Makefile.in (CSRC): Follow the changes of filenames.
* src/modp256r1.c (modp256r1_add, modp256r1_sub, S3)
(modp256r1_mul, modp256r1_sqr, modp256r1_inv, modp256r1_shift):
Use new function names.
* src/jpc_p256r1.c (jpc_double_p256r1, jpc_add_ac_signed_p256r1)
(jpc_to_ac_p256r1): Likewise.
* src/ec_p256r1.c (point_is_on_the_curve)
(compute_kG_p256r1, compute_kP_p256r1): Likewise.
* src/call-ec_p256r1.c (ecdsa_sign): Likewise.
* src/modp256r1.h: Rename from modp256.h.
* src/jpc-ac_p256r1.h: Rename from jpc-ac.h.
* src/ec_p256r1.h: Rename from ec_p256.h.
* src/modp256r1.c: Rename from modp256.c.
* src/jpc_p256r1.c: Rename from jpc.c.
* src/ec_p256r1.c: Rename from ec_p256.c.
* src/call-ec_p256r1.c: Rename from call-ec_p256.c.
2014-02-05 NIIBE Yutaka <gniibe@fsij.org>
* src/sha512.h, src/sha512.c: New.

2
src/Makefile.in
View File

@@ -12,7 +12,7 @@ CSRC = main.c usb_stm32f103.c adc_stm32f103.c \
usb_desc.c usb_ctrl.c \
call-rsa.c \
usb-icc.c openpgp.c ac.c openpgp-do.c flash.c \
bn.c modp256.c jpc.c mod.c ec_p256.c call-ec_p256.c \
bn.c modp256r1.c jpc_p256r1.c mod.c ec_p256r1.c call-ec_p256r1.c \
random.c neug.c sha256.c sys.c
INCDIR =

9
src/call-ec_p256.c → src/call-ec_p256r1.c
View File

@@ -1,5 +1,6 @@
/*
* call-ec_p256.c - interface between Gnuk and Elliptic curve over GF(p256)
* call-ec_p256r1.c - interface between Gnuk and Elliptic curve over
* GF(p256r1)
*
* Copyright (C) 2013 Free Software Initiative of Japan
* Author: NIIBE Yutaka <gniibe@fsij.org>
@@ -25,8 +26,8 @@
#include <stdlib.h>
#include <string.h>
#include "bn.h"
#include "jpc-ac.h"
#include "ec_p256.h"
#include "jpc-ac_p256r1.h"
#include "ec_p256r1.h"
#include "config.h"
@@ -52,7 +53,7 @@ ecdsa_sign (const uint8_t *hash, uint8_t *output,
for (i = 0; i < ECDSA_BYTE_SIZE; i++)
p[ECDSA_BYTE_SIZE - i - 1] = hash[i];
ecdsa (r, s, z, d);
ecdsa_p256r1 (r, s, z, d);
p = (uint8_t *)r;
for (i = 0; i < ECDSA_BYTE_SIZE; i++)
*output++ = p[ECDSA_BYTE_SIZE - i - 1];

5
src/ec_p256.h
View File

@@ -1,5 +0,0 @@
int compute_kP (ac *X, const bn256 *K, const ac *P);
int compute_kG (ac *X, const bn256 *K);
void ecdsa (bn256 *r, bn256 *s, const bn256 *z, const bn256 *d);

38
src/ec_p256.c → src/ec_p256r1.c
View File

@@ -1,5 +1,5 @@
/* -*- coding: utf-8 -*-
* ec_p256.c - Elliptic curve over GF(p256)
* ec_p256r1.c - Elliptic curve over GF(p256r1)
*
* Copyright (C) 2011, 2013, 2014 Free Software Initiative of Japan
* Author: NIIBE Yutaka <gniibe@fsij.org>
@@ -41,10 +41,10 @@
#include <stdint.h>
#include <string.h>
#include "bn.h"
#include "modp256.h"
#include "jpc-ac.h"
#include "modp256r1.h"
#include "jpc-ac_p256r1.h"
#include "mod.h"
#include "ec_p256.h"
#include "ec_p256r1.h"
/*
* a = -3 mod p256
@@ -263,7 +263,7 @@ get_vk (const bn256 *K, int i)
* Return 0 on success.
*/
int
compute_kG (ac *X, const bn256 *K)
compute_kG_p256r1 (ac *X, const bn256 *K)
{
uint8_t index[64]; /* Lower 4-bit for index absolute value, msb is
for sign (encoded as: 0 means 1, 1 means -1). */
@@ -292,18 +292,18 @@ compute_kG (ac *X, const bn256 *K)
memset (Q->z, 0, sizeof (bn256)); /* infinity */
for (i = 31; i >= 0; i--)
{
jpc_double (Q, Q);
jpc_double_p256r1 (Q, Q);
jpc_add_ac_signed (Q, Q, &precomputed_KG[index[i]&0x0f],
jpc_add_ac_signed_p256r1 (Q, Q, &precomputed_KG[index[i]&0x0f],
index[i] >> 7);
jpc_add_ac_signed (Q, Q, &precomputed_2E_KG[index[i+32]&0x0f],
jpc_add_ac_signed_p256r1 (Q, Q, &precomputed_2E_KG[index[i+32]&0x0f],
index[i+32] >> 7);
}
dst = k_is_even ? Q : tmp;
jpc_add_ac (dst, Q, &precomputed_KG[0]);
jpc_add_ac_p256r1 (dst, Q, &precomputed_KG[0]);
return jpc_to_ac (X, Q);
return jpc_to_ac_p256r1 (X, Q);
}
@@ -320,14 +320,14 @@ point_is_on_the_curve (const ac *P)
bn256 s[1], t[1];
/* Elliptic curve: y^2 = x^3 + a*x + b */
modp256_sqr (s, P->x);
modp256_mul (s, s, P->x);
modp256r1_sqr (s, P->x);
modp256r1_mul (s, s, P->x);
modp256_mul (t, coefficient_a, P->x);
modp256_add (s, s, t);
modp256_add (s, s, coefficient_b);
modp256r1_mul (t, coefficient_a, P->x);
modp256r1_add (s, s, t);
modp256r1_add (s, s, coefficient_b);
modp256_sqr (t, P->y);
modp256r1_sqr (t, P->y);
if (bn256_cmp (s, t) == 0)
return 0;
else
@@ -395,7 +395,7 @@ get_vk_kP (const bn256 *K, int i)
* represented by affine coordinate.
*/
int
compute_kP (ac *X, const bn256 *K, const ac *P)
compute_kP_p256r1 (ac *X, const bn256 *K, const ac *P)
{
uint8_t index[86]; /* Lower 2-bit for index absolute value, msb is
for sign (encoded as: 0 means 1, 1 means -1). */
@@ -489,7 +489,7 @@ static const bn256 MU_lower[1] = {
* @brief Compute signature (r,s) of hash string z with secret key d
*/
void
ecdsa (bn256 *r, bn256 *s, const bn256 *z, const bn256 *d)
ecdsa_p256r1 (bn256 *r, bn256 *s, const bn256 *z, const bn256 *d)
{
bn256 k[1];
ac KG[1];
@@ -509,7 +509,7 @@ ecdsa (bn256 *r, bn256 *s, const bn256 *z, const bn256 *d)
if (bn256_sub (tmp_k, k, N) == 0) /* >= N, it's too big. */
continue;
/* 1 <= k <= N - 1 */
compute_kG (KG, k);
compute_kG_p256r1 (KG, k);
borrow = bn256_sub (r, KG->x, N);
if (borrow)
memcpy (r, KG->x, sizeof (bn256));

5
src/ec_p256r1.h Normal file
View File

@@ -0,0 +1,5 @@
int compute_kP_p256r1 (ac *X, const bn256 *K, const ac *P);
int compute_kG_p256r1 (ac *X, const bn256 *K);
void ecdsa_p256r1 (bn256 *r, bn256 *s, const bn256 *z, const bn256 *d);

23
src/jpc-ac.h
View File

@@ -1,23 +0,0 @@
/**
* @brief Jacobian projective coordinates
*/
typedef struct
{
bn256 x[1];
bn256 y[1];
bn256 z[1];
} jpc;
/**
* @brief Affin coordinates
*/
typedef struct
{
bn256 x[1];
bn256 y[1];
} ac;
void jpc_double (jpc *X, const jpc *A);
void jpc_add_ac (jpc *X, const jpc *A, const ac *B);
void jpc_add_ac_signed (jpc *X, const jpc *A, const ac *B, int minus);
int jpc_to_ac (ac *X, const jpc *A);

23
src/jpc-ac_p256r1.h Normal file
View File

@@ -0,0 +1,23 @@
/**
* @brief Jacobian projective coordinates
*/
typedef struct
{
bn256 x[1];
bn256 y[1];
bn256 z[1];
} jpc;
/**
* @brief Affin coordinates
*/
typedef struct
{
bn256 x[1];
bn256 y[1];
} ac;
void jpc_double_p256r1 (jpc *X, const jpc *A);
void jpc_add_ac_p256r1 (jpc *X, const jpc *A, const ac *B);
void jpc_add_ac_signed_p256r1 (jpc *X, const jpc *A, const ac *B, int minus);
int jpc_to_ac_p256r1 (ac *X, const jpc *A);

102
src/jpc.c → src/jpc_p256r1.c
View File

@@ -1,5 +1,5 @@
/*
* jpc.c -- arithmetic on Jacobian projective coordinates and Affin coordinates
* jpc_p256r1.c -- arithmetic on Jacobian projective coordinates for p256r1.
*
* Copyright (C) 2011, 2013 Free Software Initiative of Japan
* Author: NIIBE Yutaka <gniibe@fsij.org>
@@ -24,8 +24,8 @@
#include <stdint.h>
#include <string.h>
#include "bn.h"
#include "modp256.h"
#include "jpc-ac.h"
#include "modp256r1.h"
#include "jpc-ac_p256r1.h"
/**
* @brief X = 2 * A
@@ -34,7 +34,7 @@
* @param A JPC
*/
void
jpc_double (jpc *X, const jpc *A)
jpc_double_p256r1 (jpc *X, const jpc *A)
{
bn256 a[1], b[1], c[1], tmp0[1];
bn256 *d;
@@ -43,31 +43,31 @@ jpc_double (jpc *X, const jpc *A)
return;
d = X->x;
modp256_sqr (a, A->y);
modp256r1_sqr (a, A->y);
memcpy (b, a, sizeof (bn256));
modp256_mul (a, a, A->x);
modp256_shift (a, a, 2);
modp256r1_mul (a, a, A->x);
modp256r1_shift (a, a, 2);
modp256_sqr (b, b);
modp256_shift (b, b, 3);
modp256r1_sqr (b, b);
modp256r1_shift (b, b, 3);
modp256_sqr (tmp0, A->z);
modp256_sub (c, A->x, tmp0);
modp256_add (tmp0, tmp0, A->x);
modp256_mul (tmp0, tmp0, c);
modp256_shift (c, tmp0, 1);
modp256_add (c, c, tmp0);
modp256r1_sqr (tmp0, A->z);
modp256r1_sub (c, A->x, tmp0);
modp256r1_add (tmp0, tmp0, A->x);
modp256r1_mul (tmp0, tmp0, c);
modp256r1_shift (c, tmp0, 1);
modp256r1_add (c, c, tmp0);
modp256_sqr (d, c);
modp256_shift (tmp0, a, 1);
modp256_sub (d, d, tmp0);
modp256r1_sqr (d, c);
modp256r1_shift (tmp0, a, 1);
modp256r1_sub (d, d, tmp0);
modp256_mul (X->z, A->y, A->z);
modp256_shift (X->z, X->z, 1);
modp256r1_mul (X->z, A->y, A->z);
modp256r1_shift (X->z, X->z, 1);
modp256_sub (tmp0, a, d);
modp256_mul (tmp0, c, tmp0);
modp256_sub (X->y, tmp0, b);
modp256r1_sub (tmp0, a, d);
modp256r1_mul (tmp0, c, tmp0);
modp256r1_sub (X->y, tmp0, b);
}
/**
@@ -79,7 +79,7 @@ jpc_double (jpc *X, const jpc *A)
* @param MINUS if 1 subtraction, addition otherwise.
*/
void
jpc_add_ac_signed (jpc *X, const jpc *A, const ac *B, int minus)
jpc_add_ac_signed_p256r1 (jpc *X, const jpc *A, const ac *B, int minus)
{
bn256 a[1], b[1], c[1], d[1], tmp[1];
#define minus_B_y c
@@ -110,20 +110,20 @@ jpc_add_ac_signed (jpc *X, const jpc *A, const ac *B, int minus)
return;
}
modp256_sqr (a, A->z);
modp256r1_sqr (a, A->z);
memcpy (b, a, sizeof (bn256));
modp256_mul (a, a, B->x);
modp256r1_mul (a, a, B->x);
modp256_mul (b, b, A->z);
modp256r1_mul (b, b, A->z);
if (minus)
{
bn256_sub (minus_B_y, P256, B->y);
modp256_mul (b, b, minus_B_y);
modp256r1_mul (b, b, minus_B_y);
}
else
{
bn256_sub (tmp, P256, B->y);
modp256_mul (b, b, B->y);
modp256r1_mul (b, b, B->y);
}
if (bn256_cmp (A->x, a) == 0 && bn256_cmp (A->y, b) == 0)
@@ -132,26 +132,26 @@ jpc_add_ac_signed (jpc *X, const jpc *A, const ac *B, int minus)
return;
}
modp256_sub (c, a, A->x);
modp256_sub (d, b, A->y);
modp256r1_sub (c, a, A->x);
modp256r1_sub (d, b, A->y);
modp256_mul (X->z, A->z, c);
modp256r1_mul (X->z, A->z, c);
modp256_sqr (c_sqr, c);
modp256_mul (c_cube, c_sqr, c);
modp256r1_sqr (c_sqr, c);
modp256r1_mul (c_cube, c_sqr, c);
modp256_mul (x1_c_sqr, A->x, c_sqr);
modp256r1_mul (x1_c_sqr, A->x, c_sqr);
modp256_sqr (X->x, d);
modp256r1_sqr (X->x, d);
memcpy (x1_c_sqr_copy, x1_c_sqr, sizeof (bn256));
modp256_shift (x1_c_sqr_2, x1_c_sqr, 1);
modp256_add (c_cube_plus_x1_c_sqr_2, x1_c_sqr_2, c_cube);
modp256_sub (X->x, X->x, c_cube_plus_x1_c_sqr_2);
modp256r1_shift (x1_c_sqr_2, x1_c_sqr, 1);
modp256r1_add (c_cube_plus_x1_c_sqr_2, x1_c_sqr_2, c_cube);
modp256r1_sub (X->x, X->x, c_cube_plus_x1_c_sqr_2);
modp256_sub (y3_tmp, x1_c_sqr_copy, X->x);
modp256_mul (y3_tmp, y3_tmp, d);
modp256_mul (y1_c_cube, A->y, c_cube);
modp256_sub (X->y, y3_tmp, y1_c_cube);
modp256r1_sub (y3_tmp, x1_c_sqr_copy, X->x);
modp256r1_mul (y3_tmp, y3_tmp, d);
modp256r1_mul (y1_c_cube, A->y, c_cube);
modp256r1_sub (X->y, y3_tmp, y1_c_cube);
}
/**
@@ -162,9 +162,9 @@ jpc_add_ac_signed (jpc *X, const jpc *A, const ac *B, int minus)
* @param B AC
*/
void
jpc_add_ac (jpc *X, const jpc *A, const ac *B)
jpc_add_ac_p256r1 (jpc *X, const jpc *A, const ac *B)
{
jpc_add_ac_signed (X, A, B, 0);
jpc_add_ac_signed_p256r1 (X, A, B, 0);
}
/**
@@ -177,17 +177,17 @@ jpc_add_ac (jpc *X, const jpc *A, const ac *B)
* Return 0 on success.
*/
int
jpc_to_ac (ac *X, const jpc *A)
jpc_to_ac_p256r1 (ac *X, const jpc *A)
{
bn256 z_inv[1], z_inv_sqr[1];
if (modp256_inv (z_inv, A->z) < 0)
if (modp256r1_inv (z_inv, A->z) < 0)
return -1;
modp256_sqr (z_inv_sqr, z_inv);
modp256_mul (z_inv, z_inv, z_inv_sqr);
modp256r1_sqr (z_inv_sqr, z_inv);
modp256r1_mul (z_inv, z_inv, z_inv_sqr);
modp256_mul (X->x, A->x, z_inv_sqr);
modp256_mul (X->y, A->y, z_inv);
modp256r1_mul (X->x, A->x, z_inv_sqr);
modp256r1_mul (X->y, A->y, z_inv);
return 0;
}

10
src/modp256.h
View File

@@ -1,10 +0,0 @@
extern const bn256 p256;
#define P256 (&p256)
void modp256_add (bn256 *X, const bn256 *A, const bn256 *B);
void modp256_sub (bn256 *X, const bn256 *A, const bn256 *B);
void modp256_reduce (bn256 *X, const bn512 *A);
void modp256_mul (bn256 *X, const bn256 *A, const bn256 *B);
void modp256_sqr (bn256 *X, const bn256 *A);
void modp256_shift (bn256 *X, const bn256 *A, int shift);
int modp256_inv (bn256 *C, const bn256 *a);

62
src/modp256.c → src/modp256r1.c
View File

@@ -1,5 +1,5 @@
/*
* modp256.c -- modulo P256 arithmetic
* modp256r1.c -- modulo arithmetic for p256r1
*
* Copyright (C) 2011, 2013, 2014 Free Software Initiative of Japan
* Author: NIIBE Yutaka <gniibe@fsij.org>
@@ -28,7 +28,7 @@
#include <string.h>
#include "bn.h"
#include "modp256.h"
#include "modp256r1.h"
/*
256 224 192 160 128 96 64 32 0
@@ -50,7 +50,7 @@ const bn256 p256 = { {0xffffffff, 0xffffffff, 0xffffffff, 0x00000000,
* @brief X = (A + B) mod p256
*/
void
modp256_add (bn256 *X, const bn256 *A, const bn256 *B)
modp256r1_add (bn256 *X, const bn256 *A, const bn256 *B)
{
uint32_t carry;
bn256 tmp[1];
@@ -66,7 +66,7 @@ modp256_add (bn256 *X, const bn256 *A, const bn256 *B)
* @brief X = (A - B) mod p256
*/
void
modp256_sub (bn256 *X, const bn256 *A, const bn256 *B)
modp256r1_sub (bn256 *X, const bn256 *A, const bn256 *B)
{
uint32_t borrow;
bn256 tmp[1];
@@ -82,7 +82,7 @@ modp256_sub (bn256 *X, const bn256 *A, const bn256 *B)
* @brief X = A mod p256
*/
void
modp256_reduce (bn256 *X, const bn512 *A)
modp256r1_reduce (bn256 *X, const bn512 *A)
{
bn256 tmp[1];
uint32_t borrow;
@@ -114,8 +114,8 @@ modp256_reduce (bn256 *X, const bn512 *A)
S2->word[3] = A->word[11];
S2->word[2] = S2->word[1] = S2->word[0] = 0;
/* X += 2 * S2 */
modp256_add (X, X, S2);
modp256_add (X, X, S2);
modp256r1_add (X, X, S2);
modp256r1_add (X, X, S2);
S3->word[7] = 0;
S3->word[6] = A->word[15];
@@ -124,8 +124,8 @@ modp256_reduce (bn256 *X, const bn512 *A)
S3->word[3] = A->word[12];
S3->word[2] = S3->word[1] = S3->word[0] = 0;
/* X += 2 * S3 */
modp256_add (X, X, S3);
modp256_add (X, X, S3);
modp256r1_add (X, X, S3);
modp256r1_add (X, X, S3);
S4->word[7] = A->word[15];
S4->word[6] = A->word[14];
@@ -134,7 +134,7 @@ modp256_reduce (bn256 *X, const bn512 *A)
S4->word[1] = A->word[9];
S4->word[0] = A->word[8];
/* X += S4 */
modp256_add (X, X, S4);
modp256r1_add (X, X, S4);
S5->word[7] = A->word[8];
S5->word[6] = A->word[13];
@@ -145,7 +145,7 @@ modp256_reduce (bn256 *X, const bn512 *A)
S5->word[1] = A->word[10];
S5->word[0] = A->word[9];
/* X += S5 */
modp256_add (X, X, S5);
modp256r1_add (X, X, S5);
S6->word[7] = A->word[10];
S6->word[6] = A->word[8];
@@ -154,7 +154,7 @@ modp256_reduce (bn256 *X, const bn512 *A)
S6->word[1] = A->word[12];
S6->word[0] = A->word[11];
/* X -= S6 */
modp256_sub (X, X, S6);
modp256r1_sub (X, X, S6);
S7->word[7] = A->word[11];
S7->word[6] = A->word[9];
@@ -164,7 +164,7 @@ modp256_reduce (bn256 *X, const bn512 *A)
S7->word[1] = A->word[13];
S7->word[0] = A->word[12];
/* X -= S7 */
modp256_sub (X, X, S7);
modp256r1_sub (X, X, S7);
S8->word[7] = A->word[12];
S8->word[6] = 0;
@@ -175,7 +175,7 @@ modp256_reduce (bn256 *X, const bn512 *A)
S8->word[1] = A->word[14];
S8->word[0] = A->word[13];
/* X -= S8 */
modp256_sub (X, X, S8);
modp256r1_sub (X, X, S8);
S9->word[7] = A->word[13];
S9->word[6] = 0;
@@ -186,7 +186,7 @@ modp256_reduce (bn256 *X, const bn512 *A)
S9->word[1] = A->word[15];
S9->word[0] = A->word[14];
/* X -= S9 */
modp256_sub (X, X, S9);
modp256r1_sub (X, X, S9);
borrow = bn256_sub (tmp, X, P256);
if (borrow)
@@ -199,24 +199,24 @@ modp256_reduce (bn256 *X, const bn512 *A)
* @brief X = (A * B) mod p256
*/
void
modp256_mul (bn256 *X, const bn256 *A, const bn256 *B)
modp256r1_mul (bn256 *X, const bn256 *A, const bn256 *B)
{
bn512 AB[1];
bn256_mul (AB, A, B);
modp256_reduce (X, AB);
modp256r1_reduce (X, AB);
}
/**
* @brief X = A * A mod p256
*/
void
modp256_sqr (bn256 *X, const bn256 *A)
modp256r1_sqr (bn256 *X, const bn256 *A)
{
bn512 AA[1];
bn256_sqr (AA, A);
modp256_reduce (X, AA);
modp256r1_reduce (X, AA);
}
/**
@@ -228,7 +228,7 @@ modp256_sqr (bn256 *X, const bn256 *A)
#define MAX_N_BITS 256
int
modp256_inv (bn256 *C, const bn256 *a)
modp256r1_inv (bn256 *C, const bn256 *a)
{
bn256 u[1], v[1], tmp[1];
bn256 A[1] = { { { 1, 0, 0, 0, 0, 0, 0, 0 } } };
@@ -276,12 +276,12 @@ modp256_inv (bn256 *C, const bn256 *a)
if (bn256_is_ge (tmp, tmp))
{
bn256_sub (tmp, tmp, tmp);
modp256_sub (tmp, tmp, tmp);
modp256r1_sub (tmp, tmp, tmp);
}
else
{
bn256_sub (tmp, tmp, tmp);
modp256_sub (tmp, tmp, A);
modp256r1_sub (tmp, tmp, A);
}
break;
@@ -313,12 +313,12 @@ modp256_inv (bn256 *C, const bn256 *a)
if (bn256_is_ge (tmp, tmp))
{
bn256_sub (tmp, tmp, tmp);
modp256_sub (tmp, tmp, tmp);
modp256r1_sub (tmp, tmp, tmp);
}
else
{
bn256_sub (tmp, tmp, tmp);
modp256_sub (tmp, tmp, A);
modp256r1_sub (tmp, tmp, A);
}
break;
@@ -350,12 +350,12 @@ modp256_inv (bn256 *C, const bn256 *a)
if (bn256_is_ge (tmp, tmp))
{
bn256_sub (tmp, tmp, tmp);
modp256_sub (tmp, tmp, tmp);
modp256r1_sub (tmp, tmp, tmp);
}
else
{
bn256_sub (tmp, tmp, tmp);
modp256_sub (tmp, tmp, A);
modp256r1_sub (tmp, tmp, A);
}
break;
@@ -387,12 +387,12 @@ modp256_inv (bn256 *C, const bn256 *a)
if (bn256_is_ge (u, v))
{
bn256_sub (u, u, v);
modp256_sub (A, A, C);
modp256r1_sub (A, A, C);
}
else
{
bn256_sub (v, v, u);
modp256_sub (C, C, A);
modp256r1_sub (C, C, A);
}
break;
}
@@ -406,7 +406,7 @@ modp256_inv (bn256 *C, const bn256 *a)
* @note shift <= 32
*/
void
modp256_shift (bn256 *X, const bn256 *A, int shift)
modp256r1_shift (bn256 *X, const bn256 *A, int shift)
{
uint32_t carry;
#define borrow carry
@@ -419,13 +419,13 @@ modp256_shift (bn256 *X, const bn256 *A, int shift)
memset (tmp, 0, sizeof (bn256));
tmp->word[7] = carry;
tmp->word[0] = carry;
modp256_add (X, X, tmp);
modp256r1_add (X, X, tmp);
tmp->word[7] = 0;
tmp->word[0] = 0;
tmp->word[6] = carry;
tmp->word[3] = carry;
modp256_sub (X, X, tmp);
modp256r1_sub (X, X, tmp);
borrow = bn256_sub (tmp, X, P256);
if (borrow)

10
src/modp256r1.h Normal file
View File

@@ -0,0 +1,10 @@
extern const bn256 p256;
#define P256 (&p256)
void modp256r1_add (bn256 *X, const bn256 *A, const bn256 *B);
void modp256r1_sub (bn256 *X, const bn256 *A, const bn256 *B);
void modp256r1_reduce (bn256 *X, const bn512 *A);
void modp256r1_mul (bn256 *X, const bn256 *A, const bn256 *B);
void modp256r1_sqr (bn256 *X, const bn256 *A);
void modp256r1_shift (bn256 *X, const bn256 *A, int shift);
int modp256r1_inv (bn256 *C, const bn256 *a);