Home | History | Annotate | Download | only in ec
      1 /* Copyright (c) 2014, Intel Corporation.
      2  *
      3  * Permission to use, copy, modify, and/or distribute this software for any
      4  * purpose with or without fee is hereby granted, provided that the above
      5  * copyright notice and this permission notice appear in all copies.
      6  *
      7  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
      8  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
      9  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
     10  * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
     11  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
     12  * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
     13  * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
     14 
     15 #ifndef OPENSSL_HEADER_EC_P256_X86_64_H
     16 #define OPENSSL_HEADER_EC_P256_X86_64_H
     17 
     18 #include <openssl/base.h>
     19 
     20 #include <openssl/bn.h>
     21 
     22 #if defined(__cplusplus)
     23 extern "C" {
     24 #endif
     25 
     26 
     27 #if !defined(OPENSSL_NO_ASM) && defined(OPENSSL_X86_64) && \
     28     !defined(OPENSSL_SMALL)
     29 
     30 /* P-256 field operations.
     31  *
     32  * An element mod P in P-256 is represented as a little-endian array of
     33  * |P256_LIMBS| |BN_ULONG|s, spanning the full range of values.
     34  *
     35  * The following functions take fully-reduced inputs mod P and give
     36  * fully-reduced outputs. They may be used in-place. */
     37 
     38 #define P256_LIMBS (256 / BN_BITS2)
     39 
     40 /* ecp_nistz256_neg sets |res| to -|a| mod P. */
     41 void ecp_nistz256_neg(BN_ULONG res[P256_LIMBS], const BN_ULONG a[P256_LIMBS]);
     42 
     43 /* ecp_nistz256_mul_mont sets |res| to |a| * |b| * 2^-256 mod P. */
     44 void ecp_nistz256_mul_mont(BN_ULONG res[P256_LIMBS],
     45                            const BN_ULONG a[P256_LIMBS],
     46                            const BN_ULONG b[P256_LIMBS]);
     47 
     48 /* ecp_nistz256_sqr_mont sets |res| to |a| * |a| * 2^-256 mod P. */
     49 void ecp_nistz256_sqr_mont(BN_ULONG res[P256_LIMBS],
     50                            const BN_ULONG a[P256_LIMBS]);
     51 
     52 /* ecp_nistz256_from_mont sets |res| to |in|, converted from Montgomery domain
     53  * by multiplying with 1. */
     54 static inline void ecp_nistz256_from_mont(BN_ULONG res[P256_LIMBS],
     55                                           const BN_ULONG in[P256_LIMBS]) {
     56   static const BN_ULONG ONE[P256_LIMBS] = { 1 };
     57   ecp_nistz256_mul_mont(res, in, ONE);
     58 }
     59 
     60 
     61 /* P-256 point operations.
     62  *
     63  * The following functions may be used in-place. All coordinates are in the
     64  * Montgomery domain. */
     65 
     66 /* A P256_POINT represents a P-256 point in Jacobian coordinates. */
     67 typedef struct {
     68   BN_ULONG X[P256_LIMBS];
     69   BN_ULONG Y[P256_LIMBS];
     70   BN_ULONG Z[P256_LIMBS];
     71 } P256_POINT;
     72 
     73 /* A P256_POINT_AFFINE represents a P-256 point in affine coordinates. Infinity
     74  * is encoded as (0, 0). */
     75 typedef struct {
     76   BN_ULONG X[P256_LIMBS];
     77   BN_ULONG Y[P256_LIMBS];
     78 } P256_POINT_AFFINE;
     79 
     80 /* ecp_nistz256_select_w5 sets |*val| to |in_t[index-1]| if 1 <= |index| <= 16
     81  * and all zeros (the point at infinity) if |index| is 0. This is done in
     82  * constant time. */
     83 void ecp_nistz256_select_w5(P256_POINT *val, const P256_POINT in_t[16],
     84                             int index);
     85 
     86 /* ecp_nistz256_select_w7 sets |*val| to |in_t[index-1]| if 1 <= |index| <= 64
     87  * and all zeros (the point at infinity) if |index| is 0. This is done in
     88  * constant time. */
     89 void ecp_nistz256_select_w7(P256_POINT_AFFINE *val,
     90                             const P256_POINT_AFFINE in_t[64], int index);
     91 
     92 /* ecp_nistz256_point_double sets |r| to |a| doubled. */
     93 void ecp_nistz256_point_double(P256_POINT *r, const P256_POINT *a);
     94 
     95 /* ecp_nistz256_point_add adds |a| to |b| and places the result in |r|. */
     96 void ecp_nistz256_point_add(P256_POINT *r, const P256_POINT *a,
     97                             const P256_POINT *b);
     98 
     99 /* ecp_nistz256_point_add_affine adds |a| to |b| and places the result in
    100  * |r|. |a| and |b| must not represent the same point unless they are both
    101  * infinity. */
    102 void ecp_nistz256_point_add_affine(P256_POINT *r, const P256_POINT *a,
    103                                    const P256_POINT_AFFINE *b);
    104 
    105 #endif /* !defined(OPENSSL_NO_ASM) && defined(OPENSSL_X86_64) && \
    106            !defined(OPENSSL_SMALL) */
    107 
    108 
    109 #if defined(__cplusplus)
    110 }  /* extern C++ */
    111 #endif
    112 
    113 #endif  /* OPENSSL_HEADER_EC_P256_X86_64_H */
    114