@@ -157,6 +157,111 @@ void mpi_fdiv_q(MPI quot, MPI dividend, MPI divisor);
157157/*-- mpi-inv.c --*/
158158int mpi_invm (MPI x , MPI a , MPI n );
159159
160+ /*-- ec.c --*/
161+
162+ /* Object to represent a point in projective coordinates */
163+ struct gcry_mpi_point {
164+ MPI x ;
165+ MPI y ;
166+ MPI z ;
167+ };
168+
169+ typedef struct gcry_mpi_point * MPI_POINT ;
170+
171+ /* Models describing an elliptic curve */
172+ enum gcry_mpi_ec_models {
173+ /* The Short Weierstrass equation is
174+ * y^2 = x^3 + ax + b
175+ */
176+ MPI_EC_WEIERSTRASS = 0 ,
177+ /* The Montgomery equation is
178+ * by^2 = x^3 + ax^2 + x
179+ */
180+ MPI_EC_MONTGOMERY ,
181+ /* The Twisted Edwards equation is
182+ * ax^2 + y^2 = 1 + bx^2y^2
183+ * Note that we use 'b' instead of the commonly used 'd'.
184+ */
185+ MPI_EC_EDWARDS
186+ };
187+
188+ /* Dialects used with elliptic curves */
189+ enum ecc_dialects {
190+ ECC_DIALECT_STANDARD = 0 ,
191+ ECC_DIALECT_ED25519 ,
192+ ECC_DIALECT_SAFECURVE
193+ };
194+
195+ /* This context is used with all our EC functions. */
196+ struct mpi_ec_ctx {
197+ enum gcry_mpi_ec_models model ; /* The model describing this curve. */
198+ enum ecc_dialects dialect ; /* The ECC dialect used with the curve. */
199+ int flags ; /* Public key flags (not always used). */
200+ unsigned int nbits ; /* Number of bits. */
201+
202+ /* Domain parameters. Note that they may not all be set and if set
203+ * the MPIs may be flaged as constant.
204+ */
205+ MPI p ; /* Prime specifying the field GF(p). */
206+ MPI a ; /* First coefficient of the Weierstrass equation. */
207+ MPI b ; /* Second coefficient of the Weierstrass equation. */
208+ MPI_POINT G ; /* Base point (generator). */
209+ MPI n ; /* Order of G. */
210+ unsigned int h ; /* Cofactor. */
211+
212+ /* The actual key. May not be set. */
213+ MPI_POINT Q ; /* Public key. */
214+ MPI d ; /* Private key. */
215+
216+ const char * name ; /* Name of the curve. */
217+
218+ /* This structure is private to mpi/ec.c! */
219+ struct {
220+ struct {
221+ unsigned int a_is_pminus3 :1 ;
222+ unsigned int two_inv_p :1 ;
223+ } valid ; /* Flags to help setting the helper vars below. */
224+
225+ int a_is_pminus3 ; /* True if A = P - 3. */
226+
227+ MPI two_inv_p ;
228+
229+ mpi_barrett_t p_barrett ;
230+
231+ /* Scratch variables. */
232+ MPI scratch [11 ];
233+
234+ /* Helper for fast reduction. */
235+ /* int nist_nbits; /\* If this is a NIST curve, the # of bits. *\/ */
236+ /* MPI s[10]; */
237+ /* MPI c; */
238+ } t ;
239+
240+ /* Curve specific computation routines for the field. */
241+ void (* addm )(MPI w , MPI u , MPI v , struct mpi_ec_ctx * ctx );
242+ void (* subm )(MPI w , MPI u , MPI v , struct mpi_ec_ctx * ec );
243+ void (* mulm )(MPI w , MPI u , MPI v , struct mpi_ec_ctx * ctx );
244+ void (* pow2 )(MPI w , const MPI b , struct mpi_ec_ctx * ctx );
245+ void (* mul2 )(MPI w , MPI u , struct mpi_ec_ctx * ctx );
246+ };
247+
248+ void mpi_ec_init (struct mpi_ec_ctx * ctx , enum gcry_mpi_ec_models model ,
249+ enum ecc_dialects dialect ,
250+ int flags , MPI p , MPI a , MPI b );
251+ void mpi_ec_deinit (struct mpi_ec_ctx * ctx );
252+ MPI_POINT mpi_point_new (unsigned int nbits );
253+ void mpi_point_release (MPI_POINT p );
254+ void mpi_point_init (MPI_POINT p );
255+ void mpi_point_free_parts (MPI_POINT p );
256+ int mpi_ec_get_affine (MPI x , MPI y , MPI_POINT point , struct mpi_ec_ctx * ctx );
257+ void mpi_ec_add_points (MPI_POINT result ,
258+ MPI_POINT p1 , MPI_POINT p2 ,
259+ struct mpi_ec_ctx * ctx );
260+ void mpi_ec_mul_point (MPI_POINT result ,
261+ MPI scalar , MPI_POINT point ,
262+ struct mpi_ec_ctx * ctx );
263+ int mpi_ec_curve_point (MPI_POINT point , struct mpi_ec_ctx * ctx );
264+
160265/* inline functions */
161266
162267/**
0 commit comments