1 /* 2 * Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved. 3 * Copyright (c) 2014, Intel Corporation. All Rights Reserved. 4 * 5 * Licensed under the OpenSSL license (the "License"). You may not use 6 * this file except in compliance with the License. You can obtain a copy 7 * in the file LICENSE in the source distribution or at 8 * https://www.openssl.org/source/license.html 9 * 10 * Originally written by Shay Gueron (1, 2), and Vlad Krasnov (1) 11 * (1) Intel Corporation, Israel Development Center, Haifa, Israel 12 * (2) University of Haifa, Israel 13 * 14 * Reference: 15 * S.Gueron and V.Krasnov, "Fast Prime Field Elliptic Curve Cryptography with 16 * 256 Bit Primes" 17 */ 18 19 #ifndef OPENSSL_HEADER_EC_P256_X86_64_H 20 #define OPENSSL_HEADER_EC_P256_X86_64_H 21 22 #include <ring-core/base.h> 23 24 #include "p256_shared.h" 25 26 #include "../bn/internal.h" 27 28 #if defined(OPENSSL_USE_NISTZ256) 29 30 // ecp_nistz256_neg sets |res| to -|a| mod P. 31 void ecp_nistz256_neg(BN_ULONG res[P256_LIMBS], const BN_ULONG a[P256_LIMBS]); 32 33 // ecp_nistz256_mul_mont sets |res| to |a| * |b| * 2^-256 mod P. 34 void ecp_nistz256_mul_mont(BN_ULONG res[P256_LIMBS], 35 const BN_ULONG a[P256_LIMBS], 36 const BN_ULONG b[P256_LIMBS]); 37 38 // ecp_nistz256_sqr_mont sets |res| to |a| * |a| * 2^-256 mod P. 39 void ecp_nistz256_sqr_mont(BN_ULONG res[P256_LIMBS], 40 const BN_ULONG a[P256_LIMBS]); 41 42 43 // P-256 scalar operations. 44 // 45 // The following functions compute modulo N, where N is the order of P-256. They 46 // take fully-reduced inputs and give fully-reduced outputs. 47 48 // ecp_nistz256_ord_mul_mont sets |res| to |a| * |b| where inputs and outputs 49 // are in Montgomery form. That is, |res| is |a| * |b| * 2^-256 mod N. 50 void ecp_nistz256_ord_mul_mont(BN_ULONG res[P256_LIMBS], 51 const BN_ULONG a[P256_LIMBS], 52 const BN_ULONG b[P256_LIMBS]); 53 54 // ecp_nistz256_ord_sqr_mont sets |res| to |a|^(2*|rep|) where inputs and 55 // outputs are in Montgomery form. That is, |res| is 56 // (|a| * 2^-256)^(2*|rep|) * 2^256 mod N. 57 void ecp_nistz256_ord_sqr_mont(BN_ULONG res[P256_LIMBS], 58 const BN_ULONG a[P256_LIMBS], BN_ULONG rep); 59 60 61 62 // P-256 point operations. 63 // 64 // The following functions may be used in-place. All coordinates are in the 65 // Montgomery domain. 66 67 // A P256_POINT_AFFINE represents a P-256 point in affine coordinates. Infinity 68 // is encoded as (0, 0). 69 typedef struct { 70 BN_ULONG X[P256_LIMBS]; 71 BN_ULONG Y[P256_LIMBS]; 72 } P256_POINT_AFFINE; 73 74 // ecp_nistz256_select_w5 sets |*val| to |in_t[index-1]| if 1 <= |index| <= 16 75 // and all zeros (the point at infinity) if |index| is 0. This is done in 76 // constant time. 77 void ecp_nistz256_select_w5(P256_POINT *val, const P256_POINT in_t[16], 78 int index); 79 80 // ecp_nistz256_select_w7 sets |*val| to |in_t[index-1]| if 1 <= |index| <= 64 81 // and all zeros (the point at infinity) if |index| is 0. This is done in 82 // constant time. 83 void ecp_nistz256_select_w7(P256_POINT_AFFINE *val, 84 const P256_POINT_AFFINE in_t[64], 85 int index); 86 87 // ecp_nistz256_point_double sets |r| to |a| doubled. 88 void ecp_nistz256_point_double(P256_POINT *r, const P256_POINT *a); 89 90 // ecp_nistz256_point_add adds |a| to |b| and places the result in |r|. 91 void ecp_nistz256_point_add(P256_POINT *r, const P256_POINT *a, 92 const P256_POINT *b); 93 94 // ecp_nistz256_point_add_affine adds |a| to |b| and places the result in 95 // |r|. |a| and |b| must not represent the same point unless they are both 96 // infinity. 97 void ecp_nistz256_point_add_affine(P256_POINT *r, const P256_POINT *a, 98 const P256_POINT_AFFINE *b); 99 100 #endif /* defined(OPENSSL_USE_NISTZ256) */ 101 102 #endif // OPENSSL_HEADER_EC_P256_X86_64_H 103