1 /* 2 * Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved. 3 * Copyright (c) 2014, Intel Corporation. All Rights Reserved. 4 * 5 * Licensed under the OpenSSL license (the "License"). You may not use 6 * this file except in compliance with the License. You can obtain a copy 7 * in the file LICENSE in the source distribution or at 8 * https://www.openssl.org/source/license.html 9 * 10 * Originally written by Shay Gueron (1, 2), and Vlad Krasnov (1) 11 * (1) Intel Corporation, Israel Development Center, Haifa, Israel 12 * (2) University of Haifa, Israel 13 * 14 * Reference: 15 * S.Gueron and V.Krasnov, "Fast Prime Field Elliptic Curve Cryptography with 16 * 256 Bit Primes" 17 */ 18 19 #ifndef OPENSSL_HEADER_EC_P256_X86_64_H 20 #define OPENSSL_HEADER_EC_P256_X86_64_H 21 22 #include <ring-core/base.h> 23 24 #include "p256_shared.h" 25 26 #include "../bn/internal.h" 27 28 #if defined(OPENSSL_USE_NISTZ256) 29 30 #define ecp_nistz256_neg nistz256_neg 31 #define ecp_nistz256_select_w5 nistz256_select_w5 32 #define ecp_nistz256_select_w7 nistz256_select_w7 33 #define ecp_nistz256_point_double p256_point_double 34 #define ecp_nistz256_point_add p256_point_add 35 #define ecp_nistz256_point_add_affine p256_point_add_affine 36 37 // ecp_nistz256_neg sets |res| to -|a| mod P. 38 void ecp_nistz256_neg(BN_ULONG res[P256_LIMBS], const BN_ULONG a[P256_LIMBS]); 39 40 // ecp_nistz256_mul_mont sets |res| to |a| * |b| * 2^-256 mod P. 41 void ecp_nistz256_mul_mont(BN_ULONG res[P256_LIMBS], 42 const BN_ULONG a[P256_LIMBS], 43 const BN_ULONG b[P256_LIMBS]); 44 45 // ecp_nistz256_sqr_mont sets |res| to |a| * |a| * 2^-256 mod P. 46 void ecp_nistz256_sqr_mont(BN_ULONG res[P256_LIMBS], 47 const BN_ULONG a[P256_LIMBS]); 48 49 50 // P-256 scalar operations. 51 // 52 // The following functions compute modulo N, where N is the order of P-256. They 53 // take fully-reduced inputs and give fully-reduced outputs. 54 55 // ecp_nistz256_ord_mul_mont sets |res| to |a| * |b| where inputs and outputs 56 // are in Montgomery form. That is, |res| is |a| * |b| * 2^-256 mod N. 57 void ecp_nistz256_ord_mul_mont(BN_ULONG res[P256_LIMBS], 58 const BN_ULONG a[P256_LIMBS], 59 const BN_ULONG b[P256_LIMBS]); 60 61 // ecp_nistz256_ord_sqr_mont sets |res| to |a|^(2*|rep|) where inputs and 62 // outputs are in Montgomery form. That is, |res| is 63 // (|a| * 2^-256)^(2*|rep|) * 2^256 mod N. 64 void ecp_nistz256_ord_sqr_mont(BN_ULONG res[P256_LIMBS], 65 const BN_ULONG a[P256_LIMBS], BN_ULONG rep); 66 67 68 69 // P-256 point operations. 70 // 71 // The following functions may be used in-place. All coordinates are in the 72 // Montgomery domain. 73 74 // A P256_POINT_AFFINE represents a P-256 point in affine coordinates. Infinity 75 // is encoded as (0, 0). 76 typedef struct { 77 BN_ULONG X[P256_LIMBS]; 78 BN_ULONG Y[P256_LIMBS]; 79 } P256_POINT_AFFINE; 80 81 // ecp_nistz256_select_w5 sets |*val| to |in_t[index-1]| if 1 <= |index| <= 16 82 // and all zeros (the point at infinity) if |index| is 0. This is done in 83 // constant time. 84 void ecp_nistz256_select_w5(P256_POINT *val, const P256_POINT in_t[16], 85 crypto_word index); 86 87 // ecp_nistz256_select_w7 sets |*val| to |in_t[index-1]| if 1 <= |index| <= 64 88 // and all zeros (the point at infinity) if |index| is 0. This is done in 89 // constant time. 90 void ecp_nistz256_select_w7(P256_POINT_AFFINE *val, 91 const P256_POINT_AFFINE in_t[64], 92 crypto_word index); 93 94 // ecp_nistz256_point_double sets |r| to |a| doubled. 95 void ecp_nistz256_point_double(P256_POINT *r, const P256_POINT *a); 96 97 // ecp_nistz256_point_add adds |a| to |b| and places the result in |r|. 98 void ecp_nistz256_point_add(P256_POINT *r, const P256_POINT *a, 99 const P256_POINT *b); 100 101 // ecp_nistz256_point_add_affine adds |a| to |b| and places the result in 102 // |r|. |a| and |b| must not represent the same point unless they are both 103 // infinity. 104 void ecp_nistz256_point_add_affine(P256_POINT *r, const P256_POINT *a, 105 const P256_POINT_AFFINE *b); 106 107 #endif /* defined(OPENSSL_USE_NISTZ256) */ 108 109 #endif // OPENSSL_HEADER_EC_P256_X86_64_H 110