zh/ecc__local_8h_source.html

/*

 * This file is part of the openHiTLS project.

 *

 * openHiTLS is licensed under the Mulan PSL v2.

 * You can use this software according to the terms and conditions of the Mulan PSL v2.

 * You may obtain a copy of Mulan PSL v2 at:

 *

 *     http://license.coscl.org.cn/MulanPSL2

 *

 * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND,

 * EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT,

 * MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.

 * See the Mulan PSL v2 for more details.

 */


#ifndef ECC_LOCAL_H

#define ECC_LOCAL_H


#include "hitls_build.h"

#ifdef HITLS_CRYPTO_ECC


#include "crypt_ecc.h"

#include "crypt_bn.h"


#ifdef __cplusplus

extern "C" {

#endif


#define ECC_MAX_BIT_LEN 521


#define PRE_COMPUTE_WINDOW 5 // Default Window Size

#define PRE_COMPUTE_MAX_TABLELEN (1 << 5) // Maximum specifications of the pre-calculation table

// The default ECP window length is 5 bits and only odd points are calculated.

#define WINDOW_TABLE_SIZE (PRE_COMPUTE_MAX_TABLELEN >> 1)


// Layout format of the pre-computation table.

// This macro is used to convert values into corresponding offsets.

// layout rules (1, 3, 5, 7... 15, -1, -3, ... -15)

#define NUMTOOFFSET(num) (((num) < 0) ? (WINDOW_TABLE_SIZE / 2 - 1 - (((num) - 1) / 2)) : (((num) - 1) / 2))


typedef struct {

    // Calculate  r = k1 * G + k2 * pt

    int32_t (*pointMulAdd)(ECC_Para *para, ECC_Point *r, const BN_BigNum *k1, const BN_BigNum *k2, const ECC_Point *pt);

    // Calculate r = k * pt. If pt is null, calculate r = k * G. This is the ConstTime processing function.

    int32_t (*pointMul)(ECC_Para *para, ECC_Point *r, const BN_BigNum *k, const ECC_Point *pt);

    // Calculate r = k * pt. If pt is null, calculate r = k * G

    int32_t (*pointMulFast)(ECC_Para *para, ECC_Point *r, const BN_BigNum *k, const ECC_Point *pt);

    // point addition r = a + b, a all can be the jacobi coordinate, b must be an affine point

    int32_t (*pointAddAffine)(const ECC_Para *para, ECC_Point *r, const ECC_Point *a, const ECC_Point *b);

    // point addition r = a + b, a, b all can be the jacobi coordinate.

    int32_t (*pointAdd)(const ECC_Para *para, ECC_Point *r, const ECC_Point *a, const ECC_Point *b);

    // point double r = a + a, a can be the jacobi coordinate.

    int32_t (*pointDouble)(const ECC_Para *para, ECC_Point *r, const ECC_Point *a);

    // point Multi-double Calculate r = (2^m)*a, a can be the jacobi coordinate.

    int32_t (*pointMultDouble)(const ECC_Para *para, ECC_Point *r, const ECC_Point *a, uint32_t m);

    // Module inverse

    int32_t (*modInv)(BN_BigNum *r, const BN_BigNum *a, const BN_BigNum *p, BN_Optimizer *opt);

    // Convert points to affine coordinates based on the given module inverse information.

    int32_t (*point2AffineWithInv)(const ECC_Para *para, ECC_Point *r, const ECC_Point *a, const BN_BigNum *inv);

    // Convert the point information to affine coordinates.

    int32_t (*point2Affine)(const ECC_Para *para, ECC_Point *r, const ECC_Point *a);

    // Calculate r = (a*b) % mod

    int32_t (*bnModNistEccMul)(BN_BigNum *r, const BN_BigNum *a, const BN_BigNum *b,

        void *mod, BN_Optimizer *opt);

    // Calculate r = (a^2) % mod

    int32_t (*bnModNistEccSqr)(BN_BigNum *r, const BN_BigNum *a, void *mod, BN_Optimizer *opt);

    // Inverse mode order.

    int32_t (*modOrdInv)(const ECC_Para *para, BN_BigNum *r, const BN_BigNum *a);

    // convert date to Montgomery form

    int32_t (*bnMontEnc)(BN_BigNum *r, BN_Mont *mont, BN_Optimizer *opt, bool consttime);

    // convert Montgomery form to common form

    void (*bnMontDec)(BN_BigNum *r, BN_Mont *mont);

} ECC_Method;


struct EccPointInfo {

    BN_BigNum x;

    BN_BigNum y;

    BN_BigNum z;

    CRYPT_PKEY_ParaId id;

};


struct EccPara {

    BN_BigNum *p;

    BN_BigNum *a;

    BN_BigNum *b;

    BN_BigNum *n;

    BN_BigNum *h;

    BN_BigNum *x;

    BN_BigNum *y;

    // Currently, the 5-bit window is used. Only odd multiple points are calculated.

    // The total number of pre-calculated data is (2 ^ 5)/2, that is 16 points.

    ECC_Point *tableG[16];

    const ECC_Method *method;

    CRYPT_PKEY_ParaId id;

    BN_Mont *montP;

    void *libCtx;

};


int32_t ECP_PointAtInfinity(const ECC_Para *para, const ECC_Point *pt);


int32_t ECP_PointOnCurve(const ECC_Para *para, const ECC_Point *pt);


int32_t ECP_Point2Affine(const ECC_Para *para, ECC_Point *r, const ECC_Point *pt);


int32_t ECP_PointInvertAtAffine(const ECC_Para *para, ECC_Point *r, const ECC_Point *a);


int32_t ECP_Point2AffineWithInv(const ECC_Para *para, ECC_Point *r, const ECC_Point *pt, const BN_BigNum *inv);


int32_t ECP_PointMulAdd(ECC_Para *para, ECC_Point *r, const BN_BigNum *k1, const BN_BigNum *k2, const ECC_Point *pt);


int32_t ECP_PointCopy(const ECC_Para *para, ECC_Point *a, const ECC_Point *b);


int32_t ECP_PointMul(ECC_Para *para,  ECC_Point *r, const BN_BigNum *k, const ECC_Point *pt);


int32_t ECP_PointMulFast(ECC_Para *para, ECC_Point *r, const BN_BigNum *k, const ECC_Point *pt);


BN_BigNum *ECP_HalfPGet(const BN_BigNum *p);


const ECC_Method *ECC_FindMethod(CRYPT_PKEY_ParaId id);


int32_t ECP_NistPointDouble(const ECC_Para *para, ECC_Point *r, const ECC_Point *a);


int32_t ECP_NistPointMultDouble(const ECC_Para *para, ECC_Point *r, const ECC_Point *a, uint32_t m);


int32_t ECP_NistPointAddAffine(const ECC_Para *para, ECC_Point *r, const ECC_Point *a, const ECC_Point *b);


int32_t ECP_NistPointAdd(const ECC_Para *para, ECC_Point *r, const ECC_Point *a, const ECC_Point *b);


int32_t ECP_GetEncodeDataLen(const ECC_Para *para, ECC_Point *pt, CRYPT_PKEY_PointFormat format, uint32_t *dataLen);


int32_t ECP_ModOrderInv(const ECC_Para *para, BN_BigNum *r, const BN_BigNum *a);


#ifdef HITLS_CRYPTO_CURVE_MONT


int32_t ECP_NistPointDoubleMont(const ECC_Para *para, ECC_Point *r, const ECC_Point *a);


int32_t ECP_NistPointMultDoubleMont(const ECC_Para *para, ECC_Point *r, const ECC_Point *a, uint32_t m);


int32_t ECP_NistPointAddAffineMont(const ECC_Para *para, ECC_Point *r, const ECC_Point *a, const ECC_Point *b);


int32_t ECP_NistPointAddMont(const ECC_Para *para, ECC_Point *r, const ECC_Point *a, const ECC_Point *b);


int32_t ECP_Point2AffineMont(const ECC_Para *para, ECC_Point *r, const ECC_Point *pt);


int32_t ECP_PrimePointDoubleMont(const ECC_Para *para, ECC_Point *r, const ECC_Point *a);


int32_t ECP_PrimePointMultDoubleMont(const ECC_Para *para, ECC_Point *r, const ECC_Point *a, uint32_t m);


int32_t ECP_PrimePointAddAffineMont(const ECC_Para *para, ECC_Point *r, const ECC_Point *a, const ECC_Point *b);


int32_t ECP_PrimePointAddMont(const ECC_Para *para, ECC_Point *r, const ECC_Point *a, const ECC_Point *b);


int32_t ECP_PointMulMont(ECC_Para *para,  ECC_Point *r, const BN_BigNum *k, const ECC_Point *pt);


#endif // HITLS_CRYPTO_CURVE_MONT


#ifdef __cplusplus

}

#endif


#endif // HITLS_CRYPTO_ECC


#endif // ECC_LOCAL_H

CRYPT_PKEY_ParaId
CRYPT_PKEY_ParaId
定义 crypt_algid.h:208

CRYPT_PKEY_PointFormat
CRYPT_PKEY_PointFormat
定义 crypt_algid.h:370