iPXE
Data Structures | Macros | Enumerations | Functions
weierstrass.h File Reference

Weierstrass elliptic curves. More...

#include <ipxe/bigint.h>
#include <ipxe/crypto.h>

Go to the source code of this file.

Data Structures

struct  weierstrass_curve
 A Weierstrass elliptic curve. More...
 

Macros

#define WEIERSTRASS_AXES   2
 Number of axes in Weierstrass curve point representation. More...
 
#define WEIERSTRASS_MAX_MULTIPLE_LOG2   5 /* maximum reached is mod 20N */
 Maximum multiple of field prime encountered during calculations. More...
 
#define weierstrass_size(len)
 Determine number of elements in scalar values for a Weierstrass curve. More...
 
#define weierstrass_t(size)
 Define a Weierstrass projective co-ordinate type. More...
 
#define WEIERSTRASS_NUM_MONT   3
 Number of cached in Montgomery form for each Weierstrass curve. More...
 
#define WEIERSTRASS_NUM_CACHED
 Number of cached big integers for each Weierstrass curve. More...
 
#define WEIERSTRASS_CURVE(_name, _curve, _len, _prime, _a, _b, _base)
 Define a Weierstrass curve. More...
 

Enumerations

enum  weierstrass_multiple { WEIERSTRASS_N = 0, WEIERSTRASS_2N, WEIERSTRASS_4N, WEIERSTRASS_NUM_MULTIPLES }
 Indexes for stored multiples of the field prime. More...
 

Functions

 FILE_LICENCE (GPL2_OR_LATER_OR_UBDL)
 
int weierstrass_multiply (struct weierstrass_curve *curve, const void *base, const void *scalar, void *result)
 Multiply curve point by scalar. More...
 

Detailed Description

Weierstrass elliptic curves.

Definition in file weierstrass.h.

Macro Definition Documentation

◆ WEIERSTRASS_AXES

#define WEIERSTRASS_AXES   2

Number of axes in Weierstrass curve point representation.

Definition at line 16 of file weierstrass.h.

◆ WEIERSTRASS_MAX_MULTIPLE_LOG2

#define WEIERSTRASS_MAX_MULTIPLE_LOG2   5 /* maximum reached is mod 20N */

Maximum multiple of field prime encountered during calculations.

Calculations are performed using values modulo a small multiple of the field prime, rather than modulo the field prime itself. This allows explicit reductions after additions, subtractions, and relaxed Montgomery multiplications to be omitted entirely, provided that we keep careful track of the field prime multiple for each intermediate value.

Relaxed Montgomery multiplication will produce a result in the range t < (1+m/k)N, where m is this maximum multiple of the field prime, and k is the constant in R > kN representing the leading zero padding in the big integer representation of the field prime. We choose to set k=m so that multiplications will always produce a result in the range t < 2N.

This is expressed as the base-two logarithm of the multiple (rounded up), to simplify compile-time calculations.

Definition at line 38 of file weierstrass.h.

◆ weierstrass_size

#define weierstrass_size (   len)
Value:
bigint_required_size ( (len) + \
( ( WEIERSTRASS_MAX_MULTIPLE_LOG2 + 7 ) \
/ 8 ) )
bigint_required_size
#define bigint_required_size(len)
Determine number of elements required for a big-integer type.
Definition: bigint.h:30
WEIERSTRASS_MAX_MULTIPLE_LOG2
#define WEIERSTRASS_MAX_MULTIPLE_LOG2
Maximum multiple of field prime encountered during calculations.
Definition: weierstrass.h:38
len
uint32_t len
Length.
Definition: ena.h:14

Determine number of elements in scalar values for a Weierstrass curve.

Parameters
lenLength of field prime, in bytes
Return values
sizeNumber of elements

Definition at line 46 of file weierstrass.h.

◆ weierstrass_t

#define weierstrass_t (   size)
Value:
union { \
bigint_t ( size ) axis[3]; \
struct { \
bigint_t ( size ) x; \
bigint_t ( size ) y; \
bigint_t ( size ) z; \
}; \
bigint_t ( size * 3 ) all; \
}
size
uint8_t size
Entry size (in 32-bit words)
Definition: ena.h:16

Define a Weierstrass projective co-ordinate type.

Parameters
sizeNumber of elements in scalar values
Return values
weierstrass_tProjective co-ordinate type

Definition at line 57 of file weierstrass.h.

◆ WEIERSTRASS_NUM_MONT

#define WEIERSTRASS_NUM_MONT   3

Number of cached in Montgomery form for each Weierstrass curve.

Definition at line 77 of file weierstrass.h.

◆ WEIERSTRASS_NUM_CACHED

#define WEIERSTRASS_NUM_CACHED
Value:
( WEIERSTRASS_NUM_MULTIPLES + \
1 /* fermat */ + 1 /* mont */ + \
WEIERSTRASS_NUM_MONT )

Number of cached big integers for each Weierstrass curve.

Definition at line 80 of file weierstrass.h.

◆ WEIERSTRASS_CURVE

#define WEIERSTRASS_CURVE (   _name,
  _curve,
  _len,
  _prime,
  _a,
  _b,
  _base 
)

Define a Weierstrass curve.

Definition at line 131 of file weierstrass.h.

Enumeration Type Documentation

◆ weierstrass_multiple

enum weierstrass_multiple

Indexes for stored multiples of the field prime.

Enumerator
WEIERSTRASS_N 
WEIERSTRASS_2N 
WEIERSTRASS_4N 
WEIERSTRASS_NUM_MULTIPLES 

Definition at line 69 of file weierstrass.h.

69  {
70  WEIERSTRASS_N = 0,
71  WEIERSTRASS_2N,
72  WEIERSTRASS_4N,
73  WEIERSTRASS_NUM_MULTIPLES
74 };

Function Documentation

◆ FILE_LICENCE()

FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL  )

◆ weierstrass_multiply()

int weierstrass_multiply ( struct weierstrass_curve curve,
const void *  base,
const void *  scalar,
void *  result 
)

Multiply curve point by scalar.

Parameters
curveWeierstrass curve
baseBase point (or NULL to use generator)
scalarScalar multiple
resultResult point to fill in
Return values
rcReturn status code

Definition at line 770 of file weierstrass.c.

771  {
772  unsigned int size = curve->size;
773  size_t len = curve->len;
774  const bigint_t ( size ) __attribute__ (( may_alias )) *prime =
775  ( ( const void * ) curve->prime[0] );
776  const bigint_t ( size ) __attribute__ (( may_alias )) *prime2 =
777  ( ( const void * ) curve->prime[WEIERSTRASS_2N] );
778  const bigint_t ( size ) __attribute__ (( may_alias )) *fermat =
779  ( ( const void * ) curve->fermat );
780  const bigint_t ( size ) __attribute__ (( may_alias )) *square =
781  ( ( const void * ) curve->square );
782  const bigint_t ( size ) __attribute__ (( may_alias )) *one =
783  ( ( const void * ) curve->one );
784  struct {
785  union {
786  weierstrass_t ( size ) result;
787  bigint_t ( size * 2 ) product_in;
788  };
789  union {
790  weierstrass_t ( size ) multiple;
791  bigint_t ( size * 2 ) product_out;
792  };
793  bigint_t ( bigint_required_size ( len ) ) scalar;
794  } temp;
795  size_t offset;
796  unsigned int i;
797  int rc;
798 
799  /* Initialise curve, if not already done
800  *
801  * The least significant element of the field prime must be
802  * odd, and so the least significant element of the
803  * (initialised) first multiple of the field prime must be
804  * non-zero.
805  */
806  if ( ! prime2->element[0] )
807  weierstrass_init ( curve );
808 
809  /* Use generator if applicable */
810  if ( ! base )
811  base = curve->base;
812 
813  /* Convert input to projective coordinates in Montgomery form */
814  DBGC ( curve, "WEIERSTRASS %s base (", curve->name );
815  for ( i = 0, offset = 0 ; i < WEIERSTRASS_AXES ; i++, offset += len ) {
816  bigint_init ( &temp.multiple.axis[i], ( base + offset ), len );
817  DBGC ( curve, "%s%s", ( i ? "," : "" ),
818  bigint_ntoa ( &temp.multiple.axis[i] ) );
819  bigint_multiply ( &temp.multiple.axis[i], square,
820  &temp.product_in );
821  bigint_montgomery_relaxed ( prime, &temp.product_in,
822  &temp.multiple.axis[i] );
823  }
824  bigint_copy ( one, &temp.multiple.z );
825  DBGC ( curve, ")\n" );
826 
827  /* Verify point is on curve */
828  if ( ( rc = weierstrass_verify ( curve, &temp.multiple ) ) != 0 )
829  return rc;
830 
831  /* Construct identity element (the point at infinity) */
832  memset ( &temp.result, 0, sizeof ( temp.result ) );
833  bigint_copy ( one, &temp.result.y );
834 
835  /* Initialise scalar */
836  bigint_init ( &temp.scalar, scalar, len );
837  DBGC ( curve, "WEIERSTRASS %s scalar %s\n",
838  curve->name, bigint_ntoa ( &temp.scalar ) );
839 
840  /* Perform multiplication via Montgomery ladder */
841  bigint_ladder ( &temp.result.all, &temp.multiple.all, &temp.scalar,
842  weierstrass_add_ladder, curve, NULL );
843 
844  /* Invert result Z co-ordinate (via Fermat's little theorem) */
845  bigint_copy ( one, &temp.multiple.z );
846  bigint_ladder ( &temp.multiple.z, &temp.result.z, fermat,
847  bigint_mod_exp_ladder, prime, &temp.product_out );
848 
849  /* Convert result back to affine co-ordinates */
850  DBGC ( curve, "WEIERSTRASS %s result (", curve->name );
851  for ( i = 0, offset = 0 ; i < WEIERSTRASS_AXES ; i++, offset += len ) {
852  bigint_multiply ( &temp.result.axis[i], &temp.multiple.z,
853  &temp.product_out );
854  bigint_montgomery_relaxed ( prime, &temp.product_out,
855  &temp.result.axis[i] );
856  bigint_grow ( &temp.result.axis[i], &temp.product_out );
857  bigint_montgomery ( prime, &temp.product_out,
858  &temp.result.axis[i] );
859  DBGC ( curve, "%s%s", ( i ? "," : "" ),
860  bigint_ntoa ( &temp.result.axis[i] ) );
861  bigint_done ( &temp.result.axis[i], ( result + offset ), len );
862  }
863  DBGC ( curve, ")\n" );
864 
865  return 0;
866 }
__attribute__
#define __attribute__(x)
Definition: compiler.h:10
base
uint32_t base
Base.
Definition: librm.h:252
rc
struct arbelprm_rc_send_wqe rc
Definition: arbel.h:14
weierstrass_curve::base
const uint8_t * base
Base point.
Definition: weierstrass.h:104
weierstrass_curve::square
bigint_element_t * square
Cached Montgomery constant (R^2 mod N)
Definition: weierstrass.h:111
weierstrass_curve::prime
bigint_element_t * prime[WEIERSTRASS_NUM_CACHED]
Cached field prime "N" (and multiples thereof)
Definition: weierstrass.h:107
size
uint8_t size
Entry size (in 32-bit words)
Definition: ena.h:16
WEIERSTRASS_AXES
#define WEIERSTRASS_AXES
Number of axes in Weierstrass curve point representation.
Definition: weierstrass.h:16
DBGC
#define DBGC(...)
Definition: compiler.h:505
bigint_grow
#define bigint_grow(source, dest)
Grow big integer.
Definition: bigint.h:208
bigint_init
#define bigint_init(value, data, len)
Initialise big integer.
Definition: bigint.h:61
weierstrass_verify
#define weierstrass_verify(curve, point)
Verify point is on curve.
Definition: weierstrass.c:757
bigint_montgomery_relaxed
#define bigint_montgomery_relaxed(modulus, value, result)
Perform relaxed Montgomery reduction (REDC) of a big integer.
Definition: bigint.h:299
weierstrass_add_ladder
static void weierstrass_add_ladder(const bigint_element_t *operand0, bigint_element_t *result0, unsigned int size, const void *ctx, void *tmp __unused)
Add points on curve as part of a Montgomery ladder.
Definition: weierstrass.c:644
weierstrass_init
static void weierstrass_init(struct weierstrass_curve *curve)
Initialise curve.
Definition: weierstrass.c:173
weierstrass_t
#define weierstrass_t(size)
Define a Weierstrass projective co-ordinate type.
Definition: weierstrass.h:57
bigint_copy
#define bigint_copy(source, dest)
Copy big integer.
Definition: bigint.h:234
weierstrass_curve::fermat
bigint_element_t * fermat
Cached constant "N-2" (for Fermat's little theorem)
Definition: weierstrass.h:109
bigint_done
#define bigint_done(value, out, len)
Finalise big integer.
Definition: bigint.h:74
bigint_required_size
#define bigint_required_size(len)
Determine number of elements required for a big-integer type.
Definition: bigint.h:30
weierstrass_curve::name
const char * name
Curve name.
Definition: weierstrass.h:94
weierstrass_curve::len
size_t len
Length of raw scalar values.
Definition: weierstrass.h:96
weierstrass_curve::one
bigint_element_t * one
Cached constant "1", in Montgomery form.
Definition: weierstrass.h:116
result
uint16_t result
Definition: hyperv.h:33
bigint_montgomery
#define bigint_montgomery(modulus, value, result)
Perform classic Montgomery reduction (REDC) of a big integer.
Definition: bigint.h:313
bigint_multiply
#define bigint_multiply(multiplicand, multiplier, result)
Multiply big integers.
Definition: bigint.h:259
offset
uint16_t offset
Offset to command line.
Definition: bzimage.h:8
bigint_ladder
#define bigint_ladder(result, multiple, exponent, op, ctx, tmp)
Perform generalised exponentiation via a Montgomery ladder.
Definition: bigint.h:329
weierstrass_curve::size
const unsigned int size
Number of elements in scalar values.
Definition: weierstrass.h:92
bigint_ntoa
#define bigint_ntoa(value)
Transcribe big integer (for debugging)
Definition: bigint.h:49
len
uint32_t len
Length.
Definition: ena.h:14
NULL
#define NULL
NULL pointer (VOID *)
Definition: Base.h:321
bigint_t
typedef bigint_t(X25519_SIZE) x25519_t
An X25519 unsigned big integer used in internal calculations.
memset
void * memset(void *dest, int character, size_t len) __nonnull
bigint_mod_exp_ladder
void bigint_mod_exp_ladder(const bigint_element_t *multiplier0, bigint_element_t *result0, unsigned int size, const void *ctx, void *tmp)
Perform modular multiplication as part of a Montgomery ladder.
Definition: bigint.c:719

References __attribute__, weierstrass_curve::base, base, bigint_copy, bigint_done, bigint_grow, bigint_init, bigint_ladder, bigint_mod_exp_ladder(), bigint_montgomery, bigint_montgomery_relaxed, bigint_multiply, bigint_ntoa, bigint_required_size, bigint_t(), DBGC, weierstrass_curve::fermat, len, weierstrass_curve::len, memset(), weierstrass_curve::name, NULL, offset, weierstrass_curve::one, weierstrass_curve::prime, rc, result, size, weierstrass_curve::size, weierstrass_curve::square, WEIERSTRASS_2N, weierstrass_add_ladder(), WEIERSTRASS_AXES, weierstrass_init(), weierstrass_t, and weierstrass_verify.

Generated by   doxygen 1.8.15