iPXE
weierstrass.h
Go to the documentation of this file.
1 #ifndef _IPXE_WEIERSTRASS_H
2 #define _IPXE_WEIERSTRASS_H
3 
4 /** @file
5  *
6  * Weierstrass elliptic curves
7  *
8  */
9 
10 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
11 
12 #include <ipxe/bigint.h>
13 #include <ipxe/crypto.h>
14 
15 /** Number of axes in Weierstrass curve point representation */
16 #define WEIERSTRASS_AXES 2
17 
18 /**
19  * Maximum multiple of field prime encountered during calculations
20  *
21  * Calculations are performed using values modulo a small multiple of
22  * the field prime, rather than modulo the field prime itself. This
23  * allows explicit reductions after additions, subtractions, and
24  * relaxed Montgomery multiplications to be omitted entirely, provided
25  * that we keep careful track of the field prime multiple for each
26  * intermediate value.
27  *
28  * Relaxed Montgomery multiplication will produce a result in the
29  * range t < (1+m/k)N, where m is this maximum multiple of the field
30  * prime, and k is the constant in R > kN representing the leading
31  * zero padding in the big integer representation of the field prime.
32  * We choose to set k=m so that multiplications will always produce a
33  * result in the range t < 2N.
34  *
35  * This is expressed as the base-two logarithm of the multiple
36  * (rounded up), to simplify compile-time calculations.
37  */
38 #define WEIERSTRASS_MAX_MULTIPLE_LOG2 5 /* maximum reached is mod 20N */
39 
40 /**
41  * Determine number of elements in scalar values for a Weierstrass curve
42  *
43  * @v len Length of field prime, in bytes
44  * @ret size Number of elements
45  */
46 #define weierstrass_size( len ) \
47  bigint_required_size ( (len) + \
48  ( ( WEIERSTRASS_MAX_MULTIPLE_LOG2 + 7 ) \
49  / 8 ) )
50 
51 /**
52  * Define a Weierstrass projective co-ordinate type
53  *
54  * @v size Number of elements in scalar values
55  * @ret weierstrass_t Projective co-ordinate type
56  */
57 #define weierstrass_t( size ) \
58  union { \
59  bigint_t ( size ) axis[3]; \
60  struct { \
61  bigint_t ( size ) x; \
62  bigint_t ( size ) y; \
63  bigint_t ( size ) z; \
64  }; \
65  bigint_t ( size * 3 ) all; \
66  }
67 
68 /** Indexes for stored multiples of the field prime */
69 enum weierstrass_multiple {
70  WEIERSTRASS_N = 0,
71  WEIERSTRASS_2N,
72  WEIERSTRASS_4N,
73  WEIERSTRASS_NUM_MULTIPLES
74 };
75 
76 /** Number of cached in Montgomery form for each Weierstrass curve */
77 #define WEIERSTRASS_NUM_MONT 3
78 
79 /** Number of cached big integers for each Weierstrass curve */
80 #define WEIERSTRASS_NUM_CACHED \
81  ( WEIERSTRASS_NUM_MULTIPLES + \
82  1 /* fermat */ + 1 /* mont */ + \
83  WEIERSTRASS_NUM_MONT )
84 
85 /**
86  * A Weierstrass elliptic curve
87  *
88  * This is an elliptic curve y^2 = x^3 + ax + b
89  */
90 struct weierstrass_curve {
91  /** Number of elements in scalar values */
92  const unsigned int size;
93  /** Curve name */
94  const char *name;
95  /** Length of raw scalar values */
96  size_t len;
97  /** Field prime */
98  const uint8_t *prime_raw;
99  /** Constant "a" */
100  const uint8_t *a_raw;
101  /** Constant "b" */
102  const uint8_t *b_raw;
103  /** Base point */
104  const uint8_t *base;
105 
106  /** Cached field prime "N" (and multiples thereof) */
107  bigint_element_t *prime[WEIERSTRASS_NUM_CACHED];
108  /** Cached constant "N-2" (for Fermat's little theorem) */
109  bigint_element_t *fermat;
110  /** Cached Montgomery constant (R^2 mod N) */
111  bigint_element_t *square;
112  /** Cached constants in Montgomery form */
113  union {
114  struct {
115  /** Cached constant "1", in Montgomery form */
116  bigint_element_t *one;
117  /** Cached constant "a", in Montgomery form */
118  bigint_element_t *a;
119  /** Cached constant "3b", in Montgomery form */
120  bigint_element_t *b3;
121  };
122  bigint_element_t *mont[WEIERSTRASS_NUM_MONT];
123  };
124 };
125 
126 extern int weierstrass_multiply ( struct weierstrass_curve *curve,
127  const void *base, const void *scalar,
128  void *result );
129 
130 /** Define a Weierstrass curve */
131 #define WEIERSTRASS_CURVE( _name, _curve, _len, _prime, _a, _b, _base ) \
132  static bigint_t ( weierstrass_size(_len) ) \
133  _name ## _cache[WEIERSTRASS_NUM_CACHED]; \
134  static struct weierstrass_curve _name ## _weierstrass = { \
135  .size = weierstrass_size(_len), \
136  .name = #_name, \
137  .len = (_len), \
138  .prime_raw = (_prime), \
139  .a_raw = (_a), \
140  .b_raw = (_b), \
141  .base = (_base), \
142  .prime = { \
143  (_name ## _cache)[0].element, \
144  (_name ## _cache)[1].element, \
145  (_name ## _cache)[2].element, \
146  }, \
147  .fermat = (_name ## _cache)[3].element, \
148  .square = (_name ## _cache)[4].element, \
149  .one = (_name ## _cache)[5].element, \
150  .a = (_name ## _cache)[6].element, \
151  .b3 = (_name ## _cache)[7].element, \
152  }; \
153  static int _name ## _multiply ( const void *base, \
154  const void *scalar, \
155  void *result ) { \
156  return weierstrass_multiply ( &_name ## _weierstrass, \
157  base, scalar, result ); \
158  } \
159  struct elliptic_curve _curve = { \
160  .name = #_name, \
161  .pointsize = ( WEIERSTRASS_AXES * (_len) ), \
162  .keysize = (_len), \
163  .multiply = _name ## _multiply, \
164  }
165 
166 #endif /* _IPXE_WEIERSTRASS_H */
base
uint32_t base
Base.
Definition: librm.h:252
weierstrass_curve::base
const uint8_t * base
Base point.
Definition: weierstrass.h:104
weierstrass_curve::square
bigint_element_t * square
Cached Montgomery constant (R^2 mod N)
Definition: weierstrass.h:111
weierstrass_curve::prime
bigint_element_t * prime[WEIERSTRASS_NUM_CACHED]
Cached field prime "N" (and multiples thereof)
Definition: weierstrass.h:107
weierstrass_multiple
weierstrass_multiple
Indexes for stored multiples of the field prime.
Definition: weierstrass.h:69
weierstrass_curve::mont
bigint_element_t * mont[WEIERSTRASS_NUM_MONT]
Definition: weierstrass.h:122
crypto.h
Cryptographic API.
weierstrass_curve::b3
bigint_element_t * b3
Cached constant "3b", in Montgomery form.
Definition: weierstrass.h:120
bigint.h
Big integer support.
weierstrass_multiply
int weierstrass_multiply(struct weierstrass_curve *curve, const void *base, const void *scalar, void *result)
Multiply curve point by scalar.
Definition: weierstrass.c:770
WEIERSTRASS_NUM_CACHED
#define WEIERSTRASS_NUM_CACHED
Number of cached big integers for each Weierstrass curve.
Definition: weierstrass.h:80
bigint_element_t
uint32_t bigint_element_t
Element of a big integer.
Definition: bigint.h:15
weierstrass_curve::fermat
bigint_element_t * fermat
Cached constant "N-2" (for Fermat's little theorem)
Definition: weierstrass.h:109
weierstrass_curve::b_raw
const uint8_t * b_raw
Constant "b".
Definition: weierstrass.h:102
weierstrass_curve::a
bigint_element_t * a
Cached constant "a", in Montgomery form.
Definition: weierstrass.h:118
WEIERSTRASS_NUM_MONT
#define WEIERSTRASS_NUM_MONT
Number of cached in Montgomery form for each Weierstrass curve.
Definition: weierstrass.h:77
weierstrass_curve::name
const char * name
Curve name.
Definition: weierstrass.h:94
uint8_t
unsigned char uint8_t
Definition: stdint.h:10
weierstrass_curve::len
size_t len
Length of raw scalar values.
Definition: weierstrass.h:96
weierstrass_curve::one
bigint_element_t * one
Cached constant "1", in Montgomery form.
Definition: weierstrass.h:116
result
uint16_t result
Definition: hyperv.h:33
weierstrass_curve::size
const unsigned int size
Number of elements in scalar values.
Definition: weierstrass.h:92
FILE_LICENCE
FILE_LICENCE(GPL2_OR_LATER_OR_UBDL)
weierstrass_curve::prime_raw
const uint8_t * prime_raw
Field prime.
Definition: weierstrass.h:98
weierstrass_curve::a_raw
const uint8_t * a_raw
Constant "a".
Definition: weierstrass.h:100
weierstrass_curve
A Weierstrass elliptic curve.
Definition: weierstrass.h:90
Generated by   doxygen 1.8.15