const uint32_t *b;
const uint32_t *R2;
uint32_t p0i;
+ size_t point_len;
} curve_params;
static inline const curve_params *
id_to_curve(int curve)
{
static const curve_params pp[] = {
- { P256_P, P256_B, P256_R2, 0x00000001 },
- { P384_P, P384_B, P384_R2, 0x00000001 },
- { P521_P, P521_B, P521_R2, 0x00000001 }
+ { P256_P, P256_B, P256_R2, 0x00000001, 65 },
+ { P384_P, P384_B, P384_R2, 0x00000001, 97 },
+ { P521_P, P521_B, P521_R2, 0x00000001, 133 }
};
return &pp[curve - BR_EC_secp256r1];
return cd->order;
}
+static size_t
+api_xoff(int curve, size_t *len)
+{
+ api_generator(curve, len);
+ *len >>= 1;
+ return 1;
+}
+
static uint32_t
api_mul(unsigned char *G, size_t Glen,
const unsigned char *x, size_t xlen, int curve)
jacobian P;
cc = id_to_curve(curve);
+ if (Glen != cc->point_len) {
+ return 0;
+ }
r = point_decode(&P, G, Glen, cc);
point_mul(&P, x, xlen, cc);
point_encode(G, &P, cc);
return r;
}
+static size_t
+api_mulgen(unsigned char *R,
+ const unsigned char *x, size_t xlen, int curve)
+{
+ const unsigned char *G;
+ size_t Glen;
+
+ G = api_generator(curve, &Glen);
+ memcpy(R, G, Glen);
+ api_mul(R, Glen, x, xlen, curve);
+ return Glen;
+}
+
static uint32_t
api_muladd(unsigned char *A, const unsigned char *B, size_t len,
const unsigned char *x, size_t xlen,
/*
* TODO: see about merging the two ladders. Right now, we do
- * two independant point multiplications, which is a bit
+ * two independent point multiplications, which is a bit
* wasteful of CPU resources (but yields short code).
*/
cc = id_to_curve(curve);
+ if (len != cc->point_len) {
+ return 0;
+ }
r = point_decode(&P, A, len, cc);
+ if (B == NULL) {
+ size_t Glen;
+
+ B = api_generator(curve, &Glen);
+ }
r &= point_decode(&Q, B, len, cc);
point_mul(&P, x, xlen, cc);
point_mul(&Q, y, ylen, cc);
(uint32_t)0x03800000,
&api_generator,
&api_order,
+ &api_xoff,
&api_mul,
+ &api_mulgen,
&api_muladd
};