TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 7e0adfbcc5bf444457049620f75b8aea40d78adc / . / library / ecp.c
blob: 92599e5b7f174b798265e3e4ee2b12bb95df973c [file] [log] [blame]
Manuel Pégourié-Gonnard39d2adb2012-10-31 09:26:55 +0100[diff] [blame]1/*
2 * Elliptic curves over GF(p)
3 *
4 * Copyright (C) 2012, Brainspark B.V.
5 *
6 * This file is part of PolarSSL (http://www.polarssl.org)
7 * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
8 *
9 * All rights reserved.
10 *
11 * This program is free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License as published by
13 * the Free Software Foundation; either version 2 of the License, or
14 * (at your option) any later version.
15 *
16 * This program is distributed in the hope that it will be useful,
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 * GNU General Public License for more details.
20 *
21 * You should have received a copy of the GNU General Public License along
22 * with this program; if not, write to the Free Software Foundation, Inc.,
23 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
24 */
25
26/*
27 * References:
28 *
Manuel Pégourié-Gonnard883f3132012-11-02 09:40:25 +0100[diff] [blame]29 * SEC1 http://www.secg.org/index.php?action=secg,docs_secg
Manuel Pégourié-Gonnardd070f512012-11-08 17:40:51 +0100[diff] [blame]30 * GECC = Guide to Elliptic Curve Cryptography - Hankerson, Menezes, Vanstone
Manuel Pégourié-Gonnard39d2adb2012-10-31 09:26:55 +0100[diff] [blame]31 */
32
33#include "polarssl/config.h"
34
35#if defined(POLARSSL_ECP_C)
36
37#include "polarssl/ecp.h"
38
Manuel Pégourié-Gonnard1e8c8ec2012-10-31 19:24:21 +0100[diff] [blame]39/*
Manuel Pégourié-Gonnardb505c272012-11-05 17:27:54 +0100[diff] [blame]40 * Initialize (the components of) a point
Manuel Pégourié-Gonnardae180d02012-11-02 18:14:40 +0100[diff] [blame]41 */
42void ecp_point_init( ecp_point *pt )
43{
44 if( pt == NULL )
45 return;
46
47 pt->is_zero = 1;
Manuel Pégourié-Gonnardb505c272012-11-05 17:27:54 +0100[diff] [blame]48 mpi_init( &pt->X );
49 mpi_init( &pt->Y );
50}
51
52/*
53 * Initialize (the components of) a group
54 */
55void ecp_group_init( ecp_group *grp )
56{
57 if( grp == NULL )
58 return;
59
60 mpi_init( &grp->P );
61 mpi_init( &grp->B );
62 ecp_point_init( &grp->G );
63 mpi_init( &grp->N );
Manuel Pégourié-Gonnardae180d02012-11-02 18:14:40 +0100[diff] [blame]64}
65
66/*
Manuel Pégourié-Gonnard1e8c8ec2012-10-31 19:24:21 +0100[diff] [blame]67 * Unallocate (the components of) a point
68 */
69void ecp_point_free( ecp_point *pt )
70{
71 if( pt == NULL )
72 return;
73
Manuel Pégourié-Gonnard5179e462012-10-31 19:37:54 +0100[diff] [blame]74 pt->is_zero = 1;
Manuel Pégourié-Gonnard1e8c8ec2012-10-31 19:24:21 +0100[diff] [blame]75 mpi_free( &( pt->X ) );
76 mpi_free( &( pt->Y ) );
77}
78
79/*
80 * Unallocate (the components of) a group
81 */
82void ecp_group_free( ecp_group *grp )
83{
84 if( grp == NULL )
85 return;
86
Manuel Pégourié-Gonnard883f3132012-11-02 09:40:25 +0100[diff] [blame]87 mpi_free( &grp->P );
88 mpi_free( &grp->B );
89 ecp_point_free( &grp->G );
90 mpi_free( &grp->N );
Manuel Pégourié-Gonnard1e8c8ec2012-10-31 19:24:21 +0100[diff] [blame]91}
Manuel Pégourié-Gonnard39d2adb2012-10-31 09:26:55 +0100[diff] [blame]92
Manuel Pégourié-Gonnard883f3132012-11-02 09:40:25 +0100[diff] [blame]93/*
Manuel Pégourié-Gonnardae180d02012-11-02 18:14:40 +0100[diff] [blame]94 * Set point to zero
95 */
96void ecp_set_zero( ecp_point *pt )
97{
98 pt->is_zero = 1;
Manuel Pégourié-Gonnardb505c272012-11-05 17:27:54 +0100[diff] [blame]99 mpi_free( &pt->X );
100 mpi_free( &pt->Y );
Manuel Pégourié-Gonnardae180d02012-11-02 18:14:40 +0100[diff] [blame]101}
102
103/*
Manuel Pégourié-Gonnard883f3132012-11-02 09:40:25 +0100[diff] [blame]104 * Copy the contents of Q into P
105 */
106int ecp_copy( ecp_point *P, const ecp_point *Q )
107{
Manuel Pégourié-Gonnardae180d02012-11-02 18:14:40 +0100[diff] [blame]108 int ret = 0;
Manuel Pégourié-Gonnard883f3132012-11-02 09:40:25 +0100[diff] [blame]109
Manuel Pégourié-Gonnardb505c272012-11-05 17:27:54 +0100[diff] [blame]110 if( Q->is_zero ) {
111 ecp_set_zero( P );
112 return( ret );
113 }
114
Manuel Pégourié-Gonnard883f3132012-11-02 09:40:25 +0100[diff] [blame]115 P->is_zero = Q->is_zero;
116 MPI_CHK( mpi_copy( &P->X, &Q->X ) );
117 MPI_CHK( mpi_copy( &P->Y, &Q->Y ) );
118
119cleanup:
120 return( ret );
121}
Manuel Pégourié-Gonnard5179e462012-10-31 19:37:54 +0100[diff] [blame]122
Manuel Pégourié-Gonnardae180d02012-11-02 18:14:40 +0100[diff] [blame]123/*
Manuel Pégourié-Gonnard847395a2012-11-05 13:13:44 +0100[diff] [blame]124 * Import a non-zero point from ASCII strings
125 */
126int ecp_point_read_string( ecp_point *P, int radix,
127 const char *x, const char *y )
128{
129 int ret = 0;
130
131 P->is_zero = 0;
132 MPI_CHK( mpi_read_string( &P->X, radix, x ) );
133 MPI_CHK( mpi_read_string( &P->Y, radix, y ) );
134
135cleanup:
136 return( ret );
137}
138
139/*
140 * Import an ECP group from ASCII strings
141 */
142int ecp_group_read_string( ecp_group *grp, int radix,
143 const char *p, const char *b,
144 const char *gx, const char *gy, const char *n)
145{
146 int ret = 0;
147
148 MPI_CHK( mpi_read_string( &grp->P, radix, p ) );
149 MPI_CHK( mpi_read_string( &grp->B, radix, b ) );
150 MPI_CHK( ecp_point_read_string( &grp->G, radix, gx, gy ) );
151 MPI_CHK( mpi_read_string( &grp->N, radix, n ) );
152
153cleanup:
154 return( ret );
155}
156
Manuel Pégourié-Gonnarda5402fe2012-11-07 20:24:05 +0100[diff] [blame]157/*
158 * Set a group using well-known domain parameters
159 */
160int ecp_use_known_dp( ecp_group *grp, size_t index )
161{
162 switch( index )
163 {
164 case POLARSSL_ECP_DP_SECP192R1:
165 return( ecp_group_read_string( grp, 16,
166 POLARSSL_ECP_SECP192R1_P,
167 POLARSSL_ECP_SECP192R1_B,
168 POLARSSL_ECP_SECP192R1_GX,
169 POLARSSL_ECP_SECP192R1_GY,
170 POLARSSL_ECP_SECP192R1_N )
171 );
172 case POLARSSL_ECP_DP_SECP224R1:
173 return( ecp_group_read_string( grp, 16,
174 POLARSSL_ECP_SECP224R1_P,
175 POLARSSL_ECP_SECP224R1_B,
176 POLARSSL_ECP_SECP224R1_GX,
177 POLARSSL_ECP_SECP224R1_GY,
178 POLARSSL_ECP_SECP224R1_N )
179 );
180 case POLARSSL_ECP_DP_SECP256R1:
181 return( ecp_group_read_string( grp, 16,
182 POLARSSL_ECP_SECP256R1_P,
183 POLARSSL_ECP_SECP256R1_B,
184 POLARSSL_ECP_SECP256R1_GX,
185 POLARSSL_ECP_SECP256R1_GY,
186 POLARSSL_ECP_SECP256R1_N )
187 );
188 case POLARSSL_ECP_DP_SECP384R1:
189 return( ecp_group_read_string( grp, 16,
190 POLARSSL_ECP_SECP384R1_P,
191 POLARSSL_ECP_SECP384R1_B,
192 POLARSSL_ECP_SECP384R1_GX,
193 POLARSSL_ECP_SECP384R1_GY,
194 POLARSSL_ECP_SECP384R1_N )
195 );
196 case POLARSSL_ECP_DP_SECP521R1:
197 return( ecp_group_read_string( grp, 16,
198 POLARSSL_ECP_SECP521R1_P,
199 POLARSSL_ECP_SECP521R1_B,
200 POLARSSL_ECP_SECP521R1_GX,
201 POLARSSL_ECP_SECP521R1_GY,
202 POLARSSL_ECP_SECP521R1_N )
203 );
204 }
205
206 return( POLARSSL_ERR_ECP_GENERIC );
207}
Manuel Pégourié-Gonnardab38b702012-11-05 17:34:55 +0100[diff] [blame]208
Manuel Pégourié-Gonnard847395a2012-11-05 13:13:44 +0100[diff] [blame]209/*
Manuel Pégourié-Gonnardd070f512012-11-08 17:40:51 +0100[diff] [blame]210 * Internal point format used for fast addition/doubling/multiplication:
211 * Jacobian coordinates (GECC example 3.20)
212 */
213typedef struct
214{
215 mpi X, Y, Z;
216}
217ecp_ptjac;
218
219/*
Manuel Pégourié-Gonnard989c32b2012-11-08 22:02:42 +0100[diff] [blame]220 * Initialize a point in Jacobian coordinates
221 */
222static void ecp_ptjac_init( ecp_ptjac *P )
223{
224 mpi_init( &P->X ); mpi_init( &P->Y ); mpi_init( &P->Z );
225}
226
227/*
Manuel Pégourié-Gonnard7e0adfb2012-11-08 23:21:46 +0100[diff] [blame^]228 * Free a point in Jacobian coordinates
Manuel Pégourié-Gonnard989c32b2012-11-08 22:02:42 +0100[diff] [blame]229 */
230static void ecp_ptjac_free( ecp_ptjac *P )
231{
232 mpi_free( &P->X ); mpi_free( &P->Y ); mpi_free( &P->Z );
233}
234
235/*
Manuel Pégourié-Gonnard7e0adfb2012-11-08 23:21:46 +0100[diff] [blame^]236 * Copy P to R in Jacobian coordinates
237 */
238static int ecp_ptjac_copy( ecp_ptjac *R, const ecp_ptjac *P )
239{
240 int ret = 0;
241
242 MPI_CHK( mpi_copy( &R->X, &P->X ) );
243 MPI_CHK( mpi_copy( &R->Y, &P->Y ) );
244 MPI_CHK( mpi_copy( &R->Z, &P->Z ) );
245
246cleanup:
247 return( ret );
248}
249
250/*
251 * Set P to zero in Jacobian coordinates
252 */
253static int ecp_ptjac_set_zero( ecp_ptjac *P )
254{
255 int ret = 0;
256
257 MPI_CHK( mpi_lset( &P->X, 1 ) );
258 MPI_CHK( mpi_lset( &P->Y, 1 ) );
259 MPI_CHK( mpi_lset( &P->Z, 0 ) );
260
261cleanup:
262 return( ret );
263}
264
265/*
Manuel Pégourié-Gonnardd070f512012-11-08 17:40:51 +0100[diff] [blame]266 * Convert from affine to Jacobian coordinates
267 */
Manuel Pégourié-Gonnard989c32b2012-11-08 22:02:42 +0100[diff] [blame]268static int ecp_aff_to_jac( ecp_ptjac *jac, const ecp_point *aff )
Manuel Pégourié-Gonnardd070f512012-11-08 17:40:51 +0100[diff] [blame]269{
270 int ret = 0;
271
272 if( aff->is_zero )
Manuel Pégourié-Gonnard7e0adfb2012-11-08 23:21:46 +0100[diff] [blame^]273 return( ecp_ptjac_set_zero( jac ) );
274
275 MPI_CHK( mpi_copy( &jac->X, &aff->X ) );
276 MPI_CHK( mpi_copy( &jac->Y, &aff->Y ) );
277 MPI_CHK( mpi_lset( &jac->Z, 1 ) );
Manuel Pégourié-Gonnardd070f512012-11-08 17:40:51 +0100[diff] [blame]278
279cleanup:
280 return( ret );
281}
282
283/*
284 * Convert from Jacobian to affine coordinates
285 */
286static int ecp_jac_to_aff( const ecp_group *grp,
Manuel Pégourié-Gonnard989c32b2012-11-08 22:02:42 +0100[diff] [blame]287 ecp_point *aff, const ecp_ptjac *jac )
Manuel Pégourié-Gonnardd070f512012-11-08 17:40:51 +0100[diff] [blame]288{
289 int ret = 0;
290 mpi Zi, ZZi, T;
291
292 if( mpi_cmp_int( &jac->Z, 0 ) == 0 ) {
293 ecp_set_zero( aff );
294 return( 0 );
295 }
296
297 mpi_init( &Zi ); mpi_init( &ZZi ); mpi_init( &T );
298
299 aff->is_zero = 0;
300
301 /*
302 * aff.X = jac.X / (jac.Z)^2 mod p
303 */
304 MPI_CHK( mpi_inv_mod( &Zi, &jac->Z, &grp->P ) );
305 MPI_CHK( mpi_mul_mpi( &ZZi, &Zi, &Zi ) );
306 MPI_CHK( mpi_mul_mpi( &T, &jac->X, &ZZi ) );
307 MPI_CHK( mpi_mod_mpi( &aff->X, &T, &grp->P ) );
308
309 /*
310 * aff.Y = jac.Y / (jac.Z)^3 mod p
311 */
312 MPI_CHK( mpi_mul_mpi( &T, &jac->Y, &ZZi ) );
313 MPI_CHK( mpi_mul_mpi( &T, &T, &Zi ) );
314 MPI_CHK( mpi_mod_mpi( &aff->Y, &T, &grp->P ) );
315
316cleanup:
317
318 mpi_free( &Zi ); mpi_free( &ZZi ); mpi_free( &T );
319
320 return( ret );
321}
322
323/*
Manuel Pégourié-Gonnard989c32b2012-11-08 22:02:42 +0100[diff] [blame]324 * Point doubling R = 2 P, Jacobian coordinates (GECC 3.21)
325 */
326static int ecp_double_jac( const ecp_group *grp, ecp_ptjac *R,
327 const ecp_ptjac *P )
328{
329 int ret = 0;
330 mpi T1, T2, T3, X, Y, Z;
331
Manuel Pégourié-Gonnard7e0adfb2012-11-08 23:21:46 +0100[diff] [blame^]332 if( mpi_cmp_int( &P->Z, 0 ) == 0 )
333 return( ecp_ptjac_set_zero( R ) );
334
Manuel Pégourié-Gonnard989c32b2012-11-08 22:02:42 +0100[diff] [blame]335 mpi_init( &T1 ); mpi_init( &T2 ); mpi_init( &T3 );
336 mpi_init( &X ); mpi_init( &Y ); mpi_init( &Z );
337
Manuel Pégourié-Gonnard989c32b2012-11-08 22:02:42 +0100[diff] [blame]338 MPI_CHK( mpi_mul_mpi( &T1, &P->Z, &P->Z ) );
339 MPI_CHK( mpi_sub_mpi( &T2, &P->X, &T1 ) );
340 MPI_CHK( mpi_add_mpi( &T1, &P->X, &T1 ) );
341 MPI_CHK( mpi_mul_mpi( &T2, &T2, &T1 ) );
342 MPI_CHK( mpi_mul_int( &T2, &T2, 3 ) );
343 MPI_CHK( mpi_copy ( &Y, &P->Y ) );
344 MPI_CHK( mpi_shift_l( &Y, 1 ) );
345 MPI_CHK( mpi_mul_mpi( &Z, &Y, &P->Z ) );
346 MPI_CHK( mpi_mul_mpi( &Y, &Y, &Y ) );
347 MPI_CHK( mpi_mul_mpi( &T3, &Y, &P->X ) );
348 MPI_CHK( mpi_mul_mpi( &Y, &Y, &Y ) );
349 MPI_CHK( mpi_shift_r( &Y, 1 ) );
350 MPI_CHK( mpi_mul_mpi( &X, &T2, &T2 ) );
351 MPI_CHK( mpi_copy ( &T1, &T3 ) );
352 MPI_CHK( mpi_shift_l( &T1, 1 ) );
353 MPI_CHK( mpi_sub_mpi( &X, &X, &T1 ) );
354 MPI_CHK( mpi_sub_mpi( &T1, &T3, &X ) );
355 MPI_CHK( mpi_mul_mpi( &T1, &T1, &T2 ) );
356 MPI_CHK( mpi_sub_mpi( &Y, &T1, &Y ) );
357
358 MPI_CHK( mpi_mod_mpi( &R->X, &X, &grp->P ) );
359 MPI_CHK( mpi_mod_mpi( &R->Y, &Y, &grp->P ) );
360 MPI_CHK( mpi_mod_mpi( &R->Z, &Z, &grp->P ) );
361
362cleanup:
363
364 mpi_free( &T1 ); mpi_free( &T2 ); mpi_free( &T3 );
365 mpi_free( &X ); mpi_free( &Y ); mpi_free( &Z );
366
367 return( ret );
368}
369
370/*
Manuel Pégourié-Gonnard7e0adfb2012-11-08 23:21:46 +0100[diff] [blame^]371 * Addition: R = P + Q, mixed affine-Jacobian coordinates (GECC 3.22)
Manuel Pégourié-Gonnardae180d02012-11-02 18:14:40 +0100[diff] [blame]372 */
Manuel Pégourié-Gonnard7e0adfb2012-11-08 23:21:46 +0100[diff] [blame^]373static int ecp_add_mixed( const ecp_group *grp, ecp_ptjac *R,
374 const ecp_ptjac *P, const ecp_point *Q )
Manuel Pégourié-Gonnardae180d02012-11-02 18:14:40 +0100[diff] [blame]375{
376 int ret = 0;
Manuel Pégourié-Gonnard7e0adfb2012-11-08 23:21:46 +0100[diff] [blame^]377 mpi T1, T2, T3, T4, X, Y, Z;
Manuel Pégourié-Gonnardae180d02012-11-02 18:14:40 +0100[diff] [blame]378
379 /*
Manuel Pégourié-Gonnard7e0adfb2012-11-08 23:21:46 +0100[diff] [blame^]380 * Trivial cases: P == 0 or Q == 0
Manuel Pégourié-Gonnardae180d02012-11-02 18:14:40 +0100[diff] [blame]381 */
Manuel Pégourié-Gonnard7e0adfb2012-11-08 23:21:46 +0100[diff] [blame^]382 if( mpi_cmp_int( &P->Z, 0 ) == 0 )
383 return( ecp_aff_to_jac( R, Q ) );
Manuel Pégourié-Gonnardae180d02012-11-02 18:14:40 +0100[diff] [blame]384
Manuel Pégourié-Gonnard7e0adfb2012-11-08 23:21:46 +0100[diff] [blame^]385 if( Q->is_zero )
386 return( ecp_ptjac_copy( R, P ) );
Manuel Pégourié-Gonnardae180d02012-11-02 18:14:40 +0100[diff] [blame]387
Manuel Pégourié-Gonnard7e0adfb2012-11-08 23:21:46 +0100[diff] [blame^]388 mpi_init( &T1 ); mpi_init( &T2 ); mpi_init( &T3 ); mpi_init( &T4 );
389 mpi_init( &X ); mpi_init( &Y ); mpi_init( &Z );
Manuel Pégourié-Gonnardab38b702012-11-05 17:34:55 +0100[diff] [blame]390
Manuel Pégourié-Gonnard7e0adfb2012-11-08 23:21:46 +0100[diff] [blame^]391 MPI_CHK( mpi_mul_mpi( &T1, &P->Z, &P->Z ) );
392 MPI_CHK( mpi_mul_mpi( &T2, &T1, &P->Z ) );
393 MPI_CHK( mpi_mul_mpi( &T1, &T1, &Q->X ) );
394 MPI_CHK( mpi_mul_mpi( &T2, &T2, &Q->Y ) );
395 MPI_CHK( mpi_sub_mpi( &T1, &T1, &P->X ) );
396 MPI_CHK( mpi_sub_mpi( &T2, &T2, &P->Y ) );
Manuel Pégourié-Gonnardae180d02012-11-02 18:14:40 +0100[diff] [blame]397
Manuel Pégourié-Gonnard7e0adfb2012-11-08 23:21:46 +0100[diff] [blame^]398 if( mpi_cmp_int( &T1, 0 ) == 0 )
399 {
400 if( mpi_cmp_int( &T2, 0 ) == 0 )
401 {
402 ret = ecp_double_jac( grp, R, P );
403 goto cleanup;
404 }
405 else
406 {
407 ret = ecp_ptjac_set_zero( R );
408 goto cleanup;
409 }
410 }
411
412 MPI_CHK( mpi_mul_mpi( &Z, &P->Z, &T1 ) );
413 MPI_CHK( mpi_mul_mpi( &T3, &T1, &T1 ) );
414 MPI_CHK( mpi_mul_mpi( &T4, &T3, &T1 ) );
415 MPI_CHK( mpi_mul_mpi( &T3, &T3, &P->X ) );
416 MPI_CHK( mpi_mul_int( &T1, &T3, 2 ) );
417 MPI_CHK( mpi_mul_mpi( &X, &T2, &T2 ) );
418 MPI_CHK( mpi_sub_mpi( &X, &X, &T1 ) );
419 MPI_CHK( mpi_sub_mpi( &X, &X, &T4 ) );
420 MPI_CHK( mpi_sub_mpi( &T3, &T3, &X ) );
421 MPI_CHK( mpi_mul_mpi( &T3, &T3, &T2 ) );
422 MPI_CHK( mpi_mul_mpi( &T4, &T4, &P->Y ) );
423 MPI_CHK( mpi_sub_mpi( &Y, &T3, &T4 ) );
424
Manuel Pégourié-Gonnardae180d02012-11-02 18:14:40 +0100[diff] [blame]425 MPI_CHK( mpi_mod_mpi( &R->X, &X, &grp->P ) );
426 MPI_CHK( mpi_mod_mpi( &R->Y, &Y, &grp->P ) );
Manuel Pégourié-Gonnard7e0adfb2012-11-08 23:21:46 +0100[diff] [blame^]427 MPI_CHK( mpi_mod_mpi( &R->Z, &Z, &grp->P ) );
Manuel Pégourié-Gonnardae180d02012-11-02 18:14:40 +0100[diff] [blame]428
429cleanup:
430
Manuel Pégourié-Gonnard7e0adfb2012-11-08 23:21:46 +0100[diff] [blame^]431 mpi_free( &T1 ); mpi_free( &T2 ); mpi_free( &T3 ); mpi_free( &T4 );
432 mpi_free( &X ); mpi_free( &Y ); mpi_free( &Z );
Manuel Pégourié-Gonnardae180d02012-11-02 18:14:40 +0100[diff] [blame]433
434 return( ret );
435}
436
437/*
Manuel Pégourié-Gonnard7e0adfb2012-11-08 23:21:46 +0100[diff] [blame^]438 * Addition: R = P + Q, affine wrapper
Manuel Pégourié-Gonnardae180d02012-11-02 18:14:40 +0100[diff] [blame]439 */
440int ecp_add( const ecp_group *grp, ecp_point *R,
441 const ecp_point *P, const ecp_point *Q )
442{
443 int ret = 0;
Manuel Pégourié-Gonnard989c32b2012-11-08 22:02:42 +0100[diff] [blame]444 ecp_ptjac J;
445
446 ecp_ptjac_init( &J );
Manuel Pégourié-Gonnardae180d02012-11-02 18:14:40 +0100[diff] [blame]447
Manuel Pégourié-Gonnard7e0adfb2012-11-08 23:21:46 +0100[diff] [blame^]448 MPI_CHK( ecp_aff_to_jac( &J, P ) );
449 MPI_CHK( ecp_add_mixed( grp, &J, &J, Q ) );
450 MPI_CHK( ecp_jac_to_aff( grp, R, &J ) );
Manuel Pégourié-Gonnardae180d02012-11-02 18:14:40 +0100[diff] [blame]451
Manuel Pégourié-Gonnard989c32b2012-11-08 22:02:42 +0100[diff] [blame]452cleanup:
453
454 ecp_ptjac_free( &J );
455
Manuel Pégourié-Gonnard7e0adfb2012-11-08 23:21:46 +0100[diff] [blame^]456 return( ret );
Manuel Pégourié-Gonnardae180d02012-11-02 18:14:40 +0100[diff] [blame]457}
458
Manuel Pégourié-Gonnardefaa31e2012-11-06 21:34:35 +0100[diff] [blame]459/*
Manuel Pégourié-Gonnard989c32b2012-11-08 22:02:42 +0100[diff] [blame]460 * Integer multiplication: R = m * P (GECC 5.7, SPA-resistant variant)
Manuel Pégourié-Gonnardefaa31e2012-11-06 21:34:35 +0100[diff] [blame]461 */
462int ecp_mul( const ecp_group *grp, ecp_point *R,
463 const mpi *m, const ecp_point *P )
464{
465 int ret = 0;
466 size_t pos;
Manuel Pégourié-Gonnard27b1ba82012-11-08 18:24:10 +0100[diff] [blame]467 ecp_point Q[2];
Manuel Pégourié-Gonnardefaa31e2012-11-06 21:34:35 +0100[diff] [blame]468
Manuel Pégourié-Gonnard27b1ba82012-11-08 18:24:10 +0100[diff] [blame]469 ecp_point_init( &Q[0] ); ecp_point_init( &Q[1] );
Manuel Pégourié-Gonnardefaa31e2012-11-06 21:34:35 +0100[diff] [blame]470
471 /*
Manuel Pégourié-Gonnard27b1ba82012-11-08 18:24:10 +0100[diff] [blame]472 * The general method works only for m >= 1
Manuel Pégourié-Gonnardefaa31e2012-11-06 21:34:35 +0100[diff] [blame]473 */
474 if( mpi_cmp_int( m, 0 ) == 0 ) {
475 ecp_set_zero( R );
476 goto cleanup;
477 }
478
Manuel Pégourié-Gonnard27b1ba82012-11-08 18:24:10 +0100[diff] [blame]479 ecp_set_zero( &Q[0] );
Manuel Pégourié-Gonnardefaa31e2012-11-06 21:34:35 +0100[diff] [blame]480
Manuel Pégourié-Gonnard989c32b2012-11-08 22:02:42 +0100[diff] [blame]481 for( pos = mpi_msb( m ) - 1 ; ; pos-- )
Manuel Pégourié-Gonnardefaa31e2012-11-06 21:34:35 +0100[diff] [blame]482 {
Manuel Pégourié-Gonnard27b1ba82012-11-08 18:24:10 +0100[diff] [blame]483 MPI_CHK( ecp_add( grp, &Q[0], &Q[0], &Q[0] ) );
484 MPI_CHK( ecp_add( grp, &Q[1], &Q[0], P ) );
485 MPI_CHK( ecp_copy( &Q[0], &Q[ mpi_get_bit( m, pos ) ] ) );
Manuel Pégourié-Gonnardefaa31e2012-11-06 21:34:35 +0100[diff] [blame]486
487 if( pos == 0 )
488 break;
489 }
490
Manuel Pégourié-Gonnard27b1ba82012-11-08 18:24:10 +0100[diff] [blame]491 MPI_CHK( ecp_copy( R, &Q[0] ) );
Manuel Pégourié-Gonnardefaa31e2012-11-06 21:34:35 +0100[diff] [blame]492
493cleanup:
494
Manuel Pégourié-Gonnard27b1ba82012-11-08 18:24:10 +0100[diff] [blame]495 ecp_point_free( &Q[0] ); ecp_point_free( &Q[1] );
Manuel Pégourié-Gonnardefaa31e2012-11-06 21:34:35 +0100[diff] [blame]496
497 return( ret );
498}
499
500
Manuel Pégourié-Gonnard39d2adb2012-10-31 09:26:55 +0100[diff] [blame]501#if defined(POLARSSL_SELF_TEST)
502
Manuel Pégourié-Gonnardb505c272012-11-05 17:27:54 +0100[diff] [blame]503/*
Manuel Pégourié-Gonnard39d2adb2012-10-31 09:26:55 +0100[diff] [blame]504 * Checkup routine
505 */
506int ecp_self_test( int verbose )
507{
Manuel Pégourié-Gonnard4b8c3f22012-11-07 21:39:45 +0100[diff] [blame]508 return( verbose++ );
Manuel Pégourié-Gonnard39d2adb2012-10-31 09:26:55 +0100[diff] [blame]509}
510
511#endif
512
513#endif