@@ -157,6 +157,111 @@ void mpi_fdiv_q(MPI quot, MPI dividend, MPI divisor);
157
157
/*-- mpi-inv.c --*/
158
158
int mpi_invm (MPI x , MPI a , MPI n );
159
159
160
+ /*-- ec.c --*/
161
+
162
+ /* Object to represent a point in projective coordinates */
163
+ struct gcry_mpi_point {
164
+ MPI x ;
165
+ MPI y ;
166
+ MPI z ;
167
+ };
168
+
169
+ typedef struct gcry_mpi_point * MPI_POINT ;
170
+
171
+ /* Models describing an elliptic curve */
172
+ enum gcry_mpi_ec_models {
173
+ /* The Short Weierstrass equation is
174
+ * y^2 = x^3 + ax + b
175
+ */
176
+ MPI_EC_WEIERSTRASS = 0 ,
177
+ /* The Montgomery equation is
178
+ * by^2 = x^3 + ax^2 + x
179
+ */
180
+ MPI_EC_MONTGOMERY ,
181
+ /* The Twisted Edwards equation is
182
+ * ax^2 + y^2 = 1 + bx^2y^2
183
+ * Note that we use 'b' instead of the commonly used 'd'.
184
+ */
185
+ MPI_EC_EDWARDS
186
+ };
187
+
188
+ /* Dialects used with elliptic curves */
189
+ enum ecc_dialects {
190
+ ECC_DIALECT_STANDARD = 0 ,
191
+ ECC_DIALECT_ED25519 ,
192
+ ECC_DIALECT_SAFECURVE
193
+ };
194
+
195
+ /* This context is used with all our EC functions. */
196
+ struct mpi_ec_ctx {
197
+ enum gcry_mpi_ec_models model ; /* The model describing this curve. */
198
+ enum ecc_dialects dialect ; /* The ECC dialect used with the curve. */
199
+ int flags ; /* Public key flags (not always used). */
200
+ unsigned int nbits ; /* Number of bits. */
201
+
202
+ /* Domain parameters. Note that they may not all be set and if set
203
+ * the MPIs may be flaged as constant.
204
+ */
205
+ MPI p ; /* Prime specifying the field GF(p). */
206
+ MPI a ; /* First coefficient of the Weierstrass equation. */
207
+ MPI b ; /* Second coefficient of the Weierstrass equation. */
208
+ MPI_POINT G ; /* Base point (generator). */
209
+ MPI n ; /* Order of G. */
210
+ unsigned int h ; /* Cofactor. */
211
+
212
+ /* The actual key. May not be set. */
213
+ MPI_POINT Q ; /* Public key. */
214
+ MPI d ; /* Private key. */
215
+
216
+ const char * name ; /* Name of the curve. */
217
+
218
+ /* This structure is private to mpi/ec.c! */
219
+ struct {
220
+ struct {
221
+ unsigned int a_is_pminus3 :1 ;
222
+ unsigned int two_inv_p :1 ;
223
+ } valid ; /* Flags to help setting the helper vars below. */
224
+
225
+ int a_is_pminus3 ; /* True if A = P - 3. */
226
+
227
+ MPI two_inv_p ;
228
+
229
+ mpi_barrett_t p_barrett ;
230
+
231
+ /* Scratch variables. */
232
+ MPI scratch [11 ];
233
+
234
+ /* Helper for fast reduction. */
235
+ /* int nist_nbits; /\* If this is a NIST curve, the # of bits. *\/ */
236
+ /* MPI s[10]; */
237
+ /* MPI c; */
238
+ } t ;
239
+
240
+ /* Curve specific computation routines for the field. */
241
+ void (* addm )(MPI w , MPI u , MPI v , struct mpi_ec_ctx * ctx );
242
+ void (* subm )(MPI w , MPI u , MPI v , struct mpi_ec_ctx * ec );
243
+ void (* mulm )(MPI w , MPI u , MPI v , struct mpi_ec_ctx * ctx );
244
+ void (* pow2 )(MPI w , const MPI b , struct mpi_ec_ctx * ctx );
245
+ void (* mul2 )(MPI w , MPI u , struct mpi_ec_ctx * ctx );
246
+ };
247
+
248
+ void mpi_ec_init (struct mpi_ec_ctx * ctx , enum gcry_mpi_ec_models model ,
249
+ enum ecc_dialects dialect ,
250
+ int flags , MPI p , MPI a , MPI b );
251
+ void mpi_ec_deinit (struct mpi_ec_ctx * ctx );
252
+ MPI_POINT mpi_point_new (unsigned int nbits );
253
+ void mpi_point_release (MPI_POINT p );
254
+ void mpi_point_init (MPI_POINT p );
255
+ void mpi_point_free_parts (MPI_POINT p );
256
+ int mpi_ec_get_affine (MPI x , MPI y , MPI_POINT point , struct mpi_ec_ctx * ctx );
257
+ void mpi_ec_add_points (MPI_POINT result ,
258
+ MPI_POINT p1 , MPI_POINT p2 ,
259
+ struct mpi_ec_ctx * ctx );
260
+ void mpi_ec_mul_point (MPI_POINT result ,
261
+ MPI scalar , MPI_POINT point ,
262
+ struct mpi_ec_ctx * ctx );
263
+ int mpi_ec_curve_point (MPI_POINT point , struct mpi_ec_ctx * ctx );
264
+
160
265
/* inline functions */
161
266
162
267
/**
0 commit comments