Lines Matching full:curve
10 // (x, y) position on the curve, the Jacobian coordinates are (x1, y1, z1)
22 // A Curve represents a short-form Weierstrass curve with a=-3.
24 type Curve interface {
25 // Params returns the parameters for the curve.
27 // IsOnCurve reports whether the given (x,y) lies on the curve.
40 // CurveParams contains the parameters of an elliptic curve and also provides
41 // a generic, non-constant time implementation of Curve.
45 B *big.Int // the constant of the curve equation
48 Name string // the canonical name of the curve
51 func (curve *CurveParams) Params() *CurveParams {
52 return curve
55 func (curve *CurveParams) IsOnCurve(x, y *big.Int) bool {
58 y2.Mod(y2, curve.P)
67 x3.Add(x3, curve.B)
68 x3.Mod(x3, curve.P)
86 func (curve *CurveParams) affineFromJacobian(x, y, z *big.Int) (xOut, yOut *big.Int) {
91 zinv := new(big.Int).ModInverse(z, curve.P)
95 xOut.Mod(xOut, curve.P)
98 yOut.Mod(yOut, curve.P)
102 func (curve *CurveParams) Add(x1, y1, x2, y2 *big.Int) (*big.Int, *big.Int) {
105 return curve.affineFromJacobian(curve.addJacobian(x1, y1, z1, x2, y2, z2))
110 func (curve *CurveParams) addJacobian(x1, y1, z1, x2, y2, z2 *big.Int) (*big.Int, *big.Int, *big.Int) {
127 z1z1.Mod(z1z1, curve.P)
129 z2z2.Mod(z2z2, curve.P)
132 u1.Mod(u1, curve.P)
134 u2.Mod(u2, curve.P)
138 h.Add(h, curve.P)
146 s1.Mod(s1, curve.P)
149 s2.Mod(s2, curve.P)
152 r.Add(r, curve.P)
156 return curve.doubleJacobian(x1, y1, z1)
166 x3.Mod(x3, curve.P)
174 y3.Mod(y3, curve.P)
181 z3.Mod(z3, curve.P)
186 func (curve *CurveParams) Double(x1, y1 *big.Int) (*big.Int, *big.Int) {
188 return curve.affineFromJacobian(curve.doubleJacobian(x1, y1, z1))
193 func (curve *CurveParams) doubleJacobian(x, y, z *big.Int) (*big.Int, *big.Int, *big.Int) {
196 delta.Mod(delta, curve.P)
198 gamma.Mod(gamma, curve.P)
201 alpha.Add(alpha, curve.P)
215 x3.Add(x3, curve.P)
217 x3.Mod(x3, curve.P)
223 z3.Add(z3, curve.P)
227 z3.Add(z3, curve.P)
229 z3.Mod(z3, curve.P)
234 beta.Add(beta, curve.P)
240 gamma.Mod(gamma, curve.P)
244 y3.Add(y3, curve.P)
246 y3.Mod(y3, curve.P)
251 func (curve *CurveParams) ScalarMult(Bx, By *big.Int, k []byte) (*big.Int, *big.Int) {
257 x, y, z = curve.doubleJacobian(x, y, z)
259 x, y, z = curve.addJacobian(Bx, By, Bz, x, y, z)
265 return curve.affineFromJacobian(x, y, z)
268 func (curve *CurveParams) ScalarBaseMult(k []byte) (*big.Int, *big.Int) {
269 return curve.ScalarMult(curve.Gx, curve.Gy, k)
276 func GenerateKey(curve Curve, rand io.Reader) (priv []byte, x, y *big.Int, err error) {
277 N := curve.Params().N
299 x, y = curve.ScalarBaseMult(priv)
305 func Marshal(curve Curve, x, y *big.Int) []byte {
306 byteLen := (curve.Params().BitSize + 7) >> 3
319 // It is an error if the point is not in uncompressed form or is not on the curve.
321 func Unmarshal(curve Curve, data []byte) (x, y *big.Int) {
322 byteLen := (curve.Params().BitSize + 7) >> 3
329 p := curve.Params().P
335 if !curve.IsOnCurve(x, y) {
374 // P256 returns a Curve which implements P-256 (see FIPS 186-3, section D.2.3)
377 func P256() Curve {
382 // P384 returns a Curve which implements P-384 (see FIPS 186-3, section D.2.4)
385 func P384() Curve {
390 // P521 returns a Curve which implements P-521 (see FIPS 186-3, section D.2.5)
393 func P521() Curve {
