iPXE
Data Structures | Macros | Enumerations | Functions
weierstrass.h File Reference

Weierstrass elliptic curves. More...

#include <ipxe/bigint.h>
#include <ipxe/crypto.h>

Go to the source code of this file.

Data Structures

struct  weierstrass_curve
 A Weierstrass elliptic curve. More...
 

Macros

#define WEIERSTRASS_AXES   2
 Number of axes in Weierstrass curve point representation. More...
 
#define WEIERSTRASS_MAX_MULTIPLE_LOG2   5 /* maximum reached is mod 20N */
 Maximum multiple of field prime encountered during calculations. More...
 
#define weierstrass_size(len)
 Determine number of elements in scalar values for a Weierstrass curve. More...
 
#define weierstrass_t(size)
 Define a Weierstrass projective co-ordinate type. More...
 
#define WEIERSTRASS_NUM_MONT   3
 Number of cached in Montgomery form for each Weierstrass curve. More...
 
#define WEIERSTRASS_NUM_CACHED
 Number of cached big integers for each Weierstrass curve. More...
 
#define WEIERSTRASS_CURVE(_name, _curve, _len, _prime, _a, _b, _base, _order)
 Define a Weierstrass curve. More...
 

Enumerations

enum  weierstrass_multiple { WEIERSTRASS_N = 0, WEIERSTRASS_2N, WEIERSTRASS_4N, WEIERSTRASS_NUM_MULTIPLES }
 Indexes for stored multiples of the field prime. More...
 

Functions

 FILE_LICENCE (GPL2_OR_LATER_OR_UBDL)
 
int weierstrass_is_infinity (struct weierstrass_curve *curve, const void *point)
 Check if this is the point at infinity. More...
 
int weierstrass_multiply (struct weierstrass_curve *curve, const void *base, const void *scalar, void *result)
 Multiply curve point by scalar. More...
 
int weierstrass_add_once (struct weierstrass_curve *curve, const void *addend, const void *augend, void *result)
 Add curve points (as a one-off operation) More...
 

Detailed Description

Weierstrass elliptic curves.

Definition in file weierstrass.h.

Macro Definition Documentation

◆ WEIERSTRASS_AXES

#define WEIERSTRASS_AXES   2

Number of axes in Weierstrass curve point representation.

Definition at line 16 of file weierstrass.h.

◆ WEIERSTRASS_MAX_MULTIPLE_LOG2

#define WEIERSTRASS_MAX_MULTIPLE_LOG2   5 /* maximum reached is mod 20N */

Maximum multiple of field prime encountered during calculations.

Calculations are performed using values modulo a small multiple of the field prime, rather than modulo the field prime itself. This allows explicit reductions after additions, subtractions, and relaxed Montgomery multiplications to be omitted entirely, provided that we keep careful track of the field prime multiple for each intermediate value.

Relaxed Montgomery multiplication will produce a result in the range t < (1+m/k)N, where m is this maximum multiple of the field prime, and k is the constant in R > kN representing the leading zero padding in the big integer representation of the field prime. We choose to set k=m so that multiplications will always produce a result in the range t < 2N.

This is expressed as the base-two logarithm of the multiple (rounded up), to simplify compile-time calculations.

Definition at line 38 of file weierstrass.h.

◆ weierstrass_size

#define weierstrass_size (   len)
Value:
bigint_required_size ( (len) + \
( ( WEIERSTRASS_MAX_MULTIPLE_LOG2 + 7 ) \
/ 8 ) )
len
ring len
Length.
Definition: dwmac.h:231
bigint_required_size
#define bigint_required_size(len)
Determine number of elements required for a big-integer type.
Definition: bigint.h:30
WEIERSTRASS_MAX_MULTIPLE_LOG2
#define WEIERSTRASS_MAX_MULTIPLE_LOG2
Maximum multiple of field prime encountered during calculations.
Definition: weierstrass.h:38

Determine number of elements in scalar values for a Weierstrass curve.

Parameters
lenLength of field prime, in bytes
Return values
sizeNumber of elements

Definition at line 46 of file weierstrass.h.

◆ weierstrass_t

#define weierstrass_t (   size)
Value:
union { \
bigint_t ( size ) axis[3]; \
struct { \
bigint_t ( size ) x; \
bigint_t ( size ) y; \
bigint_t ( size ) z; \
}; \
bigint_t ( size * 2 ) xy; \
bigint_t ( size * 3 ) all; \
}
size
uint16_t size
Buffer size.
Definition: dwmac.h:14
x
static unsigned int x
Definition: pixbuf.h:62
y
static unsigned int unsigned int y
Definition: pixbuf.h:62

Define a Weierstrass projective co-ordinate type.

Parameters
sizeNumber of elements in scalar values
Return values
weierstrass_tProjective co-ordinate type

Definition at line 57 of file weierstrass.h.

◆ WEIERSTRASS_NUM_MONT

#define WEIERSTRASS_NUM_MONT   3

Number of cached in Montgomery form for each Weierstrass curve.

Definition at line 78 of file weierstrass.h.

◆ WEIERSTRASS_NUM_CACHED

#define WEIERSTRASS_NUM_CACHED
Value:
( WEIERSTRASS_NUM_MULTIPLES + \
1 /* fermat */ + 1 /* mont */ + \
WEIERSTRASS_NUM_MONT )

Number of cached big integers for each Weierstrass curve.

Definition at line 81 of file weierstrass.h.

◆ WEIERSTRASS_CURVE

#define WEIERSTRASS_CURVE (   _name,
  _curve,
  _len,
  _prime,
  _a,
  _b,
  _base,
  _order 
)

Define a Weierstrass curve.

Definition at line 137 of file weierstrass.h.

Enumeration Type Documentation

◆ weierstrass_multiple

enum weierstrass_multiple

Indexes for stored multiples of the field prime.

Enumerator
WEIERSTRASS_N 
WEIERSTRASS_2N 
WEIERSTRASS_4N 
WEIERSTRASS_NUM_MULTIPLES 

Definition at line 70 of file weierstrass.h.

70  {
71  WEIERSTRASS_N = 0,
72  WEIERSTRASS_2N,
73  WEIERSTRASS_4N,
74  WEIERSTRASS_NUM_MULTIPLES
75 };

Function Documentation

◆ FILE_LICENCE()

FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL  )

◆ weierstrass_is_infinity()

int weierstrass_is_infinity ( struct weierstrass_curve curve,
const void *  point 
)

Check if this is the point at infinity.

Parameters
pointCurve point
Return values
is_infinityThis is the point at infinity

Definition at line 918 of file weierstrass.c.

919  {
920  unsigned int size = curve->size;
921  size_t len = curve->len;
922  struct {
923  bigint_t ( size ) axis;
924  } temp;
925  size_t offset;
926  int is_finite = 0;
927  unsigned int i;
928 
929  /* We use all zeroes to represent the point at infinity */
930  DBGC ( curve, "WEIERSTRASS %s point (", curve->name );
931  for ( i = 0, offset = 0 ; i < WEIERSTRASS_AXES ; i++, offset += len ) {
932  bigint_init ( &temp.axis, ( point + offset ), len );
933  DBGC ( curve, "%s%s", ( i ? "," : "" ),
934  bigint_ntoa ( &temp.axis ) );
935  is_finite |= ( ! bigint_is_zero ( &temp.axis ) );
936  }
937  DBGC ( curve, ") is%s infinity\n", ( is_finite ? " not" : "" ) );
938 
939  return ( ! is_finite );
940 }
size
uint16_t size
Buffer size.
Definition: dwmac.h:14
WEIERSTRASS_AXES
#define WEIERSTRASS_AXES
Number of axes in Weierstrass curve point representation.
Definition: weierstrass.h:16
DBGC
#define DBGC(...)
Definition: compiler.h:505
bigint_init
#define bigint_init(value, data, len)
Initialise big integer.
Definition: bigint.h:61
bigint_is_zero
#define bigint_is_zero(value)
Test if big integer is equal to zero.
Definition: bigint.h:133
len
ring len
Length.
Definition: dwmac.h:231
weierstrass_curve::name
const char * name
Curve name.
Definition: weierstrass.h:95
weierstrass_curve::len
size_t len
Length of raw scalar values.
Definition: weierstrass.h:97
weierstrass_curve::size
const unsigned int size
Number of elements in scalar values.
Definition: weierstrass.h:93
offset
uint16_t offset
Offset to command line.
Definition: bzimage.h:8
bigint_ntoa
#define bigint_ntoa(value)
Transcribe big integer (for debugging)
Definition: bigint.h:49
bigint_t
typedef bigint_t(X25519_SIZE) x25519_t
An X25519 unsigned big integer used in internal calculations.

References bigint_init, bigint_is_zero, bigint_ntoa, bigint_t(), DBGC, weierstrass_curve::len, len, weierstrass_curve::name, offset, size, weierstrass_curve::size, and WEIERSTRASS_AXES.

◆ weierstrass_multiply()

int weierstrass_multiply ( struct weierstrass_curve curve,
const void *  base,
const void *  scalar,
void *  result 
)

Multiply curve point by scalar.

Parameters
curveWeierstrass curve
baseBase point
scalarScalar multiple
resultResult point to fill in
Return values
rcReturn status code

Definition at line 951 of file weierstrass.c.

952  {
953  unsigned int size = curve->size;
954  size_t len = curve->len;
955  const bigint_t ( size ) __attribute__ (( may_alias )) *one =
956  ( ( const void * ) curve->one );
957  struct {
958  weierstrass_t ( size ) result;
959  weierstrass_t ( size ) multiple;
960  bigint_t ( bigint_required_size ( len ) ) scalar;
961  } temp;
962  int rc;
963 
964  /* Convert input to projective coordinates in Montgomery form */
965  if ( ( rc = weierstrass_init ( curve, &temp.multiple, &temp.result,
966  base ) ) != 0 ) {
967  return rc;
968  }
969 
970  /* Construct identity element (the point at infinity) */
971  memset ( &temp.result, 0, sizeof ( temp.result ) );
972  bigint_copy ( one, &temp.result.y );
973 
974  /* Initialise scalar */
975  bigint_init ( &temp.scalar, scalar, len );
976  DBGC ( curve, "WEIERSTRASS %s scalar %s\n",
977  curve->name, bigint_ntoa ( &temp.scalar ) );
978 
979  /* Perform multiplication via Montgomery ladder */
980  bigint_ladder ( &temp.result.all, &temp.multiple.all, &temp.scalar,
981  weierstrass_add_ladder, curve, NULL );
982 
983  /* Convert result back to affine co-ordinates */
984  weierstrass_done ( curve, &temp.result, &temp.multiple, result );
985 
986  return 0;
987 }
weierstrass_init
#define weierstrass_init(curve, point, temp, data)
Initialise curve point.
Definition: weierstrass.c:844
__attribute__
#define __attribute__(x)
Definition: compiler.h:10
base
uint32_t base
Base.
Definition: librm.h:138
rc
struct arbelprm_rc_send_wqe rc
Definition: arbel.h:14
size
uint16_t size
Buffer size.
Definition: dwmac.h:14
DBGC
#define DBGC(...)
Definition: compiler.h:505
bigint_init
#define bigint_init(value, data, len)
Initialise big integer.
Definition: bigint.h:61
weierstrass_add_ladder
static void weierstrass_add_ladder(const bigint_element_t *operand0, bigint_element_t *result0, unsigned int size, const void *ctx, void *tmp __unused)
Add points on curve as part of a Montgomery ladder.
Definition: weierstrass.c:644
weierstrass_t
#define weierstrass_t(size)
Define a Weierstrass projective co-ordinate type.
Definition: weierstrass.h:57
weierstrass_done
#define weierstrass_done(curve, point, temp, out)
Finalise curve point.
Definition: weierstrass.c:907
bigint_copy
#define bigint_copy(source, dest)
Copy big integer.
Definition: bigint.h:234
len
ring len
Length.
Definition: dwmac.h:231
bigint_required_size
#define bigint_required_size(len)
Determine number of elements required for a big-integer type.
Definition: bigint.h:30
weierstrass_curve::name
const char * name
Curve name.
Definition: weierstrass.h:95
weierstrass_curve::len
size_t len
Length of raw scalar values.
Definition: weierstrass.h:97
weierstrass_curve::one
bigint_element_t * one
Cached constant "1", in Montgomery form.
Definition: weierstrass.h:117
result
uint16_t result
Definition: hyperv.h:33
bigint_ladder
#define bigint_ladder(result, multiple, exponent, op, ctx, tmp)
Perform generalised exponentiation via a Montgomery ladder.
Definition: bigint.h:329
weierstrass_curve::size
const unsigned int size
Number of elements in scalar values.
Definition: weierstrass.h:93
bigint_ntoa
#define bigint_ntoa(value)
Transcribe big integer (for debugging)
Definition: bigint.h:49
NULL
#define NULL
NULL pointer (VOID *)
Definition: Base.h:321
bigint_t
typedef bigint_t(X25519_SIZE) x25519_t
An X25519 unsigned big integer used in internal calculations.
memset
void * memset(void *dest, int character, size_t len) __nonnull

References __attribute__, base, bigint_copy, bigint_init, bigint_ladder, bigint_ntoa, bigint_required_size, bigint_t(), DBGC, weierstrass_curve::len, len, memset(), weierstrass_curve::name, NULL, weierstrass_curve::one, rc, result, size, weierstrass_curve::size, weierstrass_add_ladder(), weierstrass_done, weierstrass_init, and weierstrass_t.

◆ weierstrass_add_once()

int weierstrass_add_once ( struct weierstrass_curve curve,
const void *  addend,
const void *  augend,
void *  result 
)

Add curve points (as a one-off operation)

Parameters
curveWeierstrass curve
addendCurve point to add
augendCurve point to add
resultCurve point to hold result
Return values
rcReturn status code

Definition at line 998 of file weierstrass.c.

1000  {
1001  unsigned int size = curve->size;
1002  struct {
1003  weierstrass_t ( size ) addend;
1004  weierstrass_t ( size ) augend;
1005  weierstrass_t ( size ) result;
1006  } temp;
1007  int rc;
1008 
1009  /* Convert inputs to projective coordinates in Montgomery form */
1010  if ( ( rc = weierstrass_init ( curve, &temp.addend, &temp.result,
1011  addend ) ) != 0 ) {
1012  return rc;
1013  }
1014  if ( ( rc = weierstrass_init ( curve, &temp.augend, &temp.result,
1015  augend ) ) != 0 ) {
1016  return rc;
1017  }
1018 
1019  /* Add curve points */
1020  weierstrass_add ( curve, &temp.augend, &temp.addend, &temp.result );
1021 
1022  /* Convert result back to affine co-ordinates */
1023  weierstrass_done ( curve, &temp.result, &temp.addend, result );
1024 
1025  return 0;
1026 }
weierstrass_init
#define weierstrass_init(curve, point, temp, data)
Initialise curve point.
Definition: weierstrass.c:844
rc
struct arbelprm_rc_send_wqe rc
Definition: arbel.h:14
size
uint16_t size
Buffer size.
Definition: dwmac.h:14
weierstrass_add
#define weierstrass_add(curve, augend, addend, result)
Add points on curve.
Definition: weierstrass.c:629
weierstrass_t
#define weierstrass_t(size)
Define a Weierstrass projective co-ordinate type.
Definition: weierstrass.h:57
weierstrass_done
#define weierstrass_done(curve, point, temp, out)
Finalise curve point.
Definition: weierstrass.c:907
result
uint16_t result
Definition: hyperv.h:33
weierstrass_curve::size
const unsigned int size
Number of elements in scalar values.
Definition: weierstrass.h:93

References rc, result, size, weierstrass_curve::size, weierstrass_add, weierstrass_done, weierstrass_init, and weierstrass_t.

Generated by   doxygen 1.8.15