iPXE
Data Structures | Macros | Enumerations | Functions
weierstrass.h File Reference

Weierstrass elliptic curves. More...

#include <ipxe/bigint.h>
#include <ipxe/crypto.h>

Go to the source code of this file.

Data Structures

struct  weierstrass_curve
 A Weierstrass elliptic curve. More...

Macros

#define WEIERSTRASS_AXES   2
 Number of axes in Weierstrass curve point representation.
#define WEIERSTRASS_MAX_MULTIPLE_LOG2   5 /* maximum reached is mod 20N */
 Maximum multiple of field prime encountered during calculations.
#define weierstrass_size(len)
 Determine number of elements in scalar values for a Weierstrass curve.
#define weierstrass_t(size)
 Define a Weierstrass projective co-ordinate type.
#define WEIERSTRASS_NUM_MONT   3
 Number of cached in Montgomery form for each Weierstrass curve.
#define WEIERSTRASS_NUM_CACHED
 Number of cached big integers for each Weierstrass curve.
#define WEIERSTRASS_CURVE(_name, _curve, _len, _prime, _a, _b, _base, _order)
 Define a Weierstrass curve.

Enumerations

enum  weierstrass_multiple { WEIERSTRASS_N = 0 , WEIERSTRASS_2N , WEIERSTRASS_4N , WEIERSTRASS_NUM_MULTIPLES }
 Indexes for stored multiples of the field prime. More...

Functions

 FILE_LICENCE (GPL2_OR_LATER_OR_UBDL)
 FILE_SECBOOT (PERMITTED)
int weierstrass_is_infinity (struct weierstrass_curve *curve, const void *point)
 Check if this is the point at infinity.
int weierstrass_multiply (struct weierstrass_curve *curve, const void *base, const void *scalar, void *result)
 Multiply curve point by scalar.
int weierstrass_add_once (struct weierstrass_curve *curve, const void *addend, const void *augend, void *result)
 Add curve points (as a one-off operation)

Detailed Description

Weierstrass elliptic curves.

Definition in file weierstrass.h.

Macro Definition Documentation

◆ WEIERSTRASS_AXES

#define WEIERSTRASS_AXES   2

Number of axes in Weierstrass curve point representation.

Definition at line 17 of file weierstrass.h.

Referenced by weierstrass_done_raw(), weierstrass_init_raw(), and weierstrass_is_infinity().

◆ WEIERSTRASS_MAX_MULTIPLE_LOG2

#define WEIERSTRASS_MAX_MULTIPLE_LOG2   5 /* maximum reached is mod 20N */

Maximum multiple of field prime encountered during calculations.

Calculations are performed using values modulo a small multiple of the field prime, rather than modulo the field prime itself. This allows explicit reductions after additions, subtractions, and relaxed Montgomery multiplications to be omitted entirely, provided that we keep careful track of the field prime multiple for each intermediate value.

Relaxed Montgomery multiplication will produce a result in the range t < (1+m/k)N, where m is this maximum multiple of the field prime, and k is the constant in R > kN representing the leading zero padding in the big integer representation of the field prime. We choose to set k=m so that multiplications will always produce a result in the range t < 2N.

This is expressed as the base-two logarithm of the multiple (rounded up), to simplify compile-time calculations.

Definition at line 39 of file weierstrass.h.

◆ weierstrass_size

#define weierstrass_size ( len)
Value:
bigint_required_size ( (len) + \
( ( WEIERSTRASS_MAX_MULTIPLE_LOG2 + 7 ) \
/ 8 ) )
len
ring len
Length.
Definition dwmac.h:226
bigint_required_size
#define bigint_required_size(len)
Determine number of elements required for a big-integer type.
Definition bigint.h:31
WEIERSTRASS_MAX_MULTIPLE_LOG2
#define WEIERSTRASS_MAX_MULTIPLE_LOG2
Maximum multiple of field prime encountered during calculations.
Definition weierstrass.h:39

Determine number of elements in scalar values for a Weierstrass curve.

Parameters
lenLength of field prime, in bytes
Return values
sizeNumber of elements

Definition at line 47 of file weierstrass.h.

47#define weierstrass_size( len ) \
48 bigint_required_size ( (len) + \
49 ( ( WEIERSTRASS_MAX_MULTIPLE_LOG2 + 7 ) \
50 / 8 ) )

◆ weierstrass_t

#define weierstrass_t ( size)
Value:
union { \
bigint_t ( size ) axis[3]; \
struct { \
bigint_t ( size ) x; \
bigint_t ( size ) y; \
bigint_t ( size ) z; \
}; \
bigint_t ( size * 2 ) xy; \
bigint_t ( size * 3 ) all; \
}
size
uint16_t size
Buffer size.
Definition dwmac.h:3
y
static unsigned int unsigned int y
Definition pixbuf.h:63
x
static unsigned int x
Definition pixbuf.h:63

Define a Weierstrass projective co-ordinate type.

Parameters
sizeNumber of elements in scalar values
Return values
weierstrass_tProjective co-ordinate type

Definition at line 58 of file weierstrass.h.

58#define weierstrass_t( size ) \
59 union { \
60 bigint_t ( size ) axis[3]; \
61 struct { \
62 bigint_t ( size ) x; \
63 bigint_t ( size ) y; \
64 bigint_t ( size ) z; \
65 }; \
66 bigint_t ( size * 2 ) xy; \
67 bigint_t ( size * 3 ) all; \
68 }

Referenced by weierstrass_add_ladder(), weierstrass_add_once(), weierstrass_add_raw(), weierstrass_done_raw(), weierstrass_init_raw(), weierstrass_multiply(), and weierstrass_verify_raw().

◆ WEIERSTRASS_NUM_MONT

#define WEIERSTRASS_NUM_MONT   3

Number of cached in Montgomery form for each Weierstrass curve.

Definition at line 79 of file weierstrass.h.

Referenced by weierstrass_init_curve().

◆ WEIERSTRASS_NUM_CACHED

#define WEIERSTRASS_NUM_CACHED
Value:
( WEIERSTRASS_NUM_MULTIPLES + \
1 /* fermat */ + 1 /* mont */ + \
WEIERSTRASS_NUM_MONT )
WEIERSTRASS_NUM_MONT
#define WEIERSTRASS_NUM_MONT
Number of cached in Montgomery form for each Weierstrass curve.
Definition weierstrass.h:79
WEIERSTRASS_NUM_MULTIPLES
@ WEIERSTRASS_NUM_MULTIPLES
Definition weierstrass.h:75

Number of cached big integers for each Weierstrass curve.

Definition at line 82 of file weierstrass.h.

82#define WEIERSTRASS_NUM_CACHED \
83 ( WEIERSTRASS_NUM_MULTIPLES + \
84 1 /* fermat */ + 1 /* mont */ + \
85 WEIERSTRASS_NUM_MONT )

◆ WEIERSTRASS_CURVE

#define WEIERSTRASS_CURVE ( _name,
_curve,
_len,
_prime,
_a,
_b,
_base,
_order )

Define a Weierstrass curve.

Definition at line 138 of file weierstrass.h.

Enumeration Type Documentation

◆ weierstrass_multiple

enum weierstrass_multiple

Indexes for stored multiples of the field prime.

Enumerator
WEIERSTRASS_N 
WEIERSTRASS_2N 
WEIERSTRASS_4N 
WEIERSTRASS_NUM_MULTIPLES 

Definition at line 71 of file weierstrass.h.

71 {
72 WEIERSTRASS_N = 0,
73 WEIERSTRASS_2N,
74 WEIERSTRASS_4N,
75 WEIERSTRASS_NUM_MULTIPLES
76};
WEIERSTRASS_N
@ WEIERSTRASS_N
Definition weierstrass.h:72
WEIERSTRASS_2N
@ WEIERSTRASS_2N
Definition weierstrass.h:73
WEIERSTRASS_4N
@ WEIERSTRASS_4N
Definition weierstrass.h:74

Function Documentation

◆ FILE_LICENCE()

FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL )

◆ FILE_SECBOOT()

FILE_SECBOOT ( PERMITTED )

◆ weierstrass_is_infinity()

int weierstrass_is_infinity ( struct weierstrass_curve * curve,
const void * point )
extern

Check if this is the point at infinity.

Parameters
pointCurve point
Return values
is_infinityThis is the point at infinity

Definition at line 919 of file weierstrass.c.

920 {
921 unsigned int size = curve->size;
922 size_t len = curve->len;
923 struct {
924 bigint_t ( size ) axis;
925 } temp;
926 size_t offset;
927 int is_finite = 0;
928 unsigned int i;
929
930 /* We use all zeroes to represent the point at infinity */
931 DBGC ( curve, "WEIERSTRASS %s point (", curve->name );
932 for ( i = 0, offset = 0 ; i < WEIERSTRASS_AXES ; i++, offset += len ) {
933 bigint_init ( &temp.axis, ( point + offset ), len );
934 DBGC ( curve, "%s%s", ( i ? "," : "" ),
935 bigint_ntoa ( &temp.axis ) );
936 is_finite |= ( ! bigint_is_zero ( &temp.axis ) );
937 }
938 DBGC ( curve, ") is%s infinity\n", ( is_finite ? " not" : "" ) );
939
940 return ( ! is_finite );
941}
offset
uint16_t offset
Offset to command line.
Definition bzimage.h:3
DBGC
#define DBGC(...)
Definition compiler.h:505
bigint_is_zero
#define bigint_is_zero(value)
Test if big integer is equal to zero.
Definition bigint.h:134
bigint_t
#define bigint_t(size)
Define a big-integer type.
Definition bigint.h:20
bigint_ntoa
#define bigint_ntoa(value)
Transcribe big integer (for debugging)
Definition bigint.h:50
bigint_init
#define bigint_init(value, data, len)
Initialise big integer.
Definition bigint.h:62
weierstrass_curve::len
size_t len
Length of raw scalar values.
Definition weierstrass.h:98
weierstrass_curve::size
const unsigned int size
Number of elements in scalar values.
Definition weierstrass.h:94
weierstrass_curve::name
const char * name
Curve name.
Definition weierstrass.h:96
WEIERSTRASS_AXES
#define WEIERSTRASS_AXES
Number of axes in Weierstrass curve point representation.
Definition weierstrass.h:17

References bigint_init, bigint_is_zero, bigint_ntoa, bigint_t, DBGC, len, weierstrass_curve::len, weierstrass_curve::name, offset, size, weierstrass_curve::size, and WEIERSTRASS_AXES.

◆ weierstrass_multiply()

int weierstrass_multiply ( struct weierstrass_curve * curve,
const void * base,
const void * scalar,
void * result )
extern

Multiply curve point by scalar.

Parameters
curveWeierstrass curve
baseBase point
scalarScalar multiple
resultResult point to fill in
Return values
rcReturn status code

Definition at line 952 of file weierstrass.c.

953 {
954 unsigned int size = curve->size;
955 size_t len = curve->len;
956 const bigint_t ( size ) __attribute__ (( may_alias )) *one =
957 ( ( const void * ) curve->one );
958 struct {
959 weierstrass_t ( size ) result;
960 weierstrass_t ( size ) multiple;
961 bigint_t ( bigint_required_size ( len ) ) scalar;
962 } temp;
963 int rc;
964
965 /* Convert input to projective coordinates in Montgomery form */
966 if ( ( rc = weierstrass_init ( curve, &temp.multiple, &temp.result,
967 base ) ) != 0 ) {
968 return rc;
969 }
970
971 /* Construct identity element (the point at infinity) */
972 memset ( &temp.result, 0, sizeof ( temp.result ) );
973 bigint_copy ( one, &temp.result.y );
974
975 /* Initialise scalar */
976 bigint_init ( &temp.scalar, scalar, len );
977 DBGC ( curve, "WEIERSTRASS %s scalar %s\n",
978 curve->name, bigint_ntoa ( &temp.scalar ) );
979
980 /* Perform multiplication via Montgomery ladder */
981 bigint_ladder ( &temp.result.all, &temp.multiple.all, &temp.scalar,
982 weierstrass_add_ladder, curve, NULL );
983
984 /* Convert result back to affine co-ordinates */
985 weierstrass_done ( curve, &temp.result, &temp.multiple, result );
986
987 return 0;
988}
NULL
#define NULL
NULL pointer (VOID *)
Definition Base.h:322
rc
struct arbelprm_rc_send_wqe rc
Definition arbel.h:3
result
uint16_t result
Definition hyperv.h:33
__attribute__
#define __attribute__(x)
Definition compiler.h:10
bigint_ladder
#define bigint_ladder(result, multiple, exponent, op, ctx, tmp)
Perform generalised exponentiation via a Montgomery ladder.
Definition bigint.h:330
bigint_copy
#define bigint_copy(source, dest)
Copy big integer.
Definition bigint.h:235
memset
void * memset(void *dest, int character, size_t len) __nonnull
base
uint32_t base
Base.
Definition librm.h:3
weierstrass_curve::one
bigint_element_t * one
Cached constant "1", in Montgomery form.
Definition weierstrass.h:118
weierstrass_done
#define weierstrass_done(curve, point, temp, out)
Finalise curve point.
Definition weierstrass.c:908
weierstrass_add_ladder
static void weierstrass_add_ladder(const bigint_element_t *operand0, bigint_element_t *result0, unsigned int size, const void *ctx, void *tmp __unused)
Add points on curve as part of a Montgomery ladder.
Definition weierstrass.c:645
weierstrass_init
#define weierstrass_init(curve, point, temp, data)
Initialise curve point.
Definition weierstrass.c:845
weierstrass_t
#define weierstrass_t(size)
Define a Weierstrass projective co-ordinate type.
Definition weierstrass.h:58

References __attribute__, base, bigint_copy, bigint_init, bigint_ladder, bigint_ntoa, bigint_required_size, bigint_t, DBGC, len, weierstrass_curve::len, memset(), weierstrass_curve::name, NULL, weierstrass_curve::one, rc, result, size, weierstrass_curve::size, weierstrass_add_ladder(), weierstrass_done, weierstrass_init, and weierstrass_t.

◆ weierstrass_add_once()

int weierstrass_add_once ( struct weierstrass_curve * curve,
const void * addend,
const void * augend,
void * result )
extern

Add curve points (as a one-off operation)

Parameters
curveWeierstrass curve
addendCurve point to add
augendCurve point to add
resultCurve point to hold result
Return values
rcReturn status code

Definition at line 999 of file weierstrass.c.

1001 {
1002 unsigned int size = curve->size;
1003 struct {
1004 weierstrass_t ( size ) addend;
1005 weierstrass_t ( size ) augend;
1006 weierstrass_t ( size ) result;
1007 } temp;
1008 int rc;
1009
1010 /* Convert inputs to projective coordinates in Montgomery form */
1011 if ( ( rc = weierstrass_init ( curve, &temp.addend, &temp.result,
1012 addend ) ) != 0 ) {
1013 return rc;
1014 }
1015 if ( ( rc = weierstrass_init ( curve, &temp.augend, &temp.result,
1016 augend ) ) != 0 ) {
1017 return rc;
1018 }
1019
1020 /* Add curve points */
1021 weierstrass_add ( curve, &temp.augend, &temp.addend, &temp.result );
1022
1023 /* Convert result back to affine co-ordinates */
1024 weierstrass_done ( curve, &temp.result, &temp.addend, result );
1025
1026 return 0;
1027}
weierstrass_add
#define weierstrass_add(curve, augend, addend, result)
Add points on curve.
Definition weierstrass.c:630

References rc, result, size, weierstrass_curve::size, weierstrass_add, weierstrass_done, weierstrass_init, and weierstrass_t.

Generated by doxygen 1.14.0