Commit | Line | Data |
---|---|---|
b0ab12e6 | 1 | /* -*-c-*- |
b0ab12e6 | 2 | * |
3 | * Elliptic curve definitions | |
4 | * | |
5 | * (c) 2001 Straylight/Edgeware | |
6 | */ | |
7 | ||
45c0fd36 | 8 | /*----- Licensing notice --------------------------------------------------* |
b0ab12e6 | 9 | * |
10 | * This file is part of Catacomb. | |
11 | * | |
12 | * Catacomb is free software; you can redistribute it and/or modify | |
13 | * it under the terms of the GNU Library General Public License as | |
14 | * published by the Free Software Foundation; either version 2 of the | |
15 | * License, or (at your option) any later version. | |
45c0fd36 | 16 | * |
b0ab12e6 | 17 | * Catacomb is distributed in the hope that it will be useful, |
18 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | |
19 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
20 | * GNU Library General Public License for more details. | |
45c0fd36 | 21 | * |
b0ab12e6 | 22 | * You should have received a copy of the GNU Library General Public |
23 | * License along with Catacomb; if not, write to the Free | |
24 | * Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, | |
25 | * MA 02111-1307, USA. | |
26 | */ | |
27 | ||
b0ab12e6 | 28 | #ifndef CATACOMB_EC_H |
29 | #define CATACOMB_EC_H | |
30 | ||
31 | #ifdef __cplusplus | |
32 | extern "C" { | |
33 | #endif | |
34 | ||
35 | /*----- Header files ------------------------------------------------------*/ | |
36 | ||
432c4e18 | 37 | #ifndef CATACOMB_FIELD_H |
38 | # include "field.h" | |
39 | #endif | |
40 | ||
41 | #ifndef CATACOMB_MP_H | |
42 | # include "mp.h" | |
43 | #endif | |
44 | ||
45 | #ifndef CATACOMB_QDPARSE_H | |
46 | # include "qdparse.h" | |
47 | #endif | |
b0ab12e6 | 48 | |
49 | /*----- Data structures ---------------------------------------------------*/ | |
50 | ||
b085fd91 | 51 | /* --- An elliptic curve representation --- */ |
52 | ||
b0ab12e6 | 53 | typedef struct ec_curve { |
54 | const struct ec_ops *ops; /* Curve operations */ | |
55 | field *f; /* Underlying field structure */ | |
432c4e18 | 56 | mp *a, *b; /* Standard params (internal form) */ |
b0ab12e6 | 57 | } ec_curve; |
58 | ||
b085fd91 | 59 | /* --- An elliptic curve point --- */ |
60 | ||
b0ab12e6 | 61 | typedef struct ec { |
62 | mp *x, *y; /* Point coordinates */ | |
63 | mp *z; /* Common denominator (or null) */ | |
64 | } ec; | |
65 | ||
b085fd91 | 66 | /* --- A factor for simultaneous multiplication --- */ |
67 | ||
68 | typedef struct ec_mulfactor { | |
69 | ec base; /* The point */ | |
41cb1beb | 70 | mp *exp; /* The exponent */ |
b085fd91 | 71 | } ec_mulfactor; |
72 | ||
8823192f | 73 | /* --- Elliptic curve operations --- * |
74 | * | |
6775a491 MW |
75 | * All operations apart from @destroy@, @in@, and @compr@ are guaranteed to |
76 | * be performed on internal representations of points; @in@ and @compr@ will | |
77 | * always be performed on external representations; @destroy@ might be | |
78 | * performed on either. | |
391faf42 | 79 | * |
80 | * (Historical note. We used to guarantee that the second to @add@ and @mul@ | |
81 | * was the output of @in@ or @fix@, but this canonification turned out to | |
82 | * make the precomputation in @ec_exp@ too slow. Projective implementations | |
83 | * must therefore cope with a pair of arbitrary points.) | |
8823192f | 84 | */ |
b085fd91 | 85 | |
b0ab12e6 | 86 | typedef struct ec_ops { |
f94b972d | 87 | const char *name; |
b0ab12e6 | 88 | void (*destroy)(ec_curve */*c*/); |
34e4f738 | 89 | int (*samep)(ec_curve */*c*/, ec_curve */*d*/); |
41a324a7 | 90 | ec *(*in)(ec_curve */*c*/, ec */*d*/, const ec */*p*/); |
91 | ec *(*out)(ec_curve */*c*/, ec */*d*/, const ec */*p*/); | |
8823192f | 92 | ec *(*fix)(ec_curve */*c*/, ec */*d*/, const ec */*p*/); |
41a324a7 | 93 | ec *(*find)(ec_curve */*c*/, ec */*d*/, mp */*x*/); |
b085fd91 | 94 | ec *(*neg)(ec_curve */*c*/, ec */*d*/, const ec */*p*/); |
41a324a7 | 95 | ec *(*add)(ec_curve */*c*/, ec */*d*/, const ec */*p*/, const ec */*q*/); |
b085fd91 | 96 | ec *(*sub)(ec_curve */*c*/, ec */*d*/, const ec */*p*/, const ec */*q*/); |
41a324a7 | 97 | ec *(*dbl)(ec_curve */*c*/, ec */*d*/, const ec */*p*/); |
8823192f | 98 | int (*check)(ec_curve */*c*/, const ec */*p*/); |
6775a491 | 99 | int (*compr)(ec_curve */*c*/, const ec */*p*/); |
b0ab12e6 | 100 | } ec_ops; |
101 | ||
f94b972d | 102 | #define EC_NAME(c) (c)->ops->name |
103 | ||
34e4f738 | 104 | #define EC_SAMEP(c, d) (c)->ops->samep((c), (d)) |
41a324a7 | 105 | #define EC_IN(c, d, p) (c)->ops->in((c), (d), (p)) |
dbfee00a | 106 | #define EC_OUT(c, d, p) (c)->ops->out((c), (d), (p)) |
8823192f | 107 | #define EC_FIX(c, d, p) (c)->ops->fix((c), (d), (p)) |
41a324a7 | 108 | |
b0ab12e6 | 109 | #define EC_FIND(c, d, x) (c)->ops->find((c), (d), (x)) |
6775a491 | 110 | #define EC_COMPR(c, d) (c)->ops->compr((c), (d)) |
b085fd91 | 111 | #define EC_NEG(c, d, x) (c)->ops->neg((c), (d), (x)) |
b0ab12e6 | 112 | #define EC_ADD(c, d, p, q) (c)->ops->add((c), (d), (p), (q)) |
b085fd91 | 113 | #define EC_SUB(c, d, p, q) (c)->ops->sub((c), (d), (p), (q)) |
b0ab12e6 | 114 | #define EC_DBL(c, d, p) (c)->ops->dbl((c), (d), (p)) |
8823192f | 115 | #define EC_CHECK(c, p) (c)->ops->check((c), (p)) |
b0ab12e6 | 116 | |
432c4e18 | 117 | /* --- Elliptic curve parameters --- */ |
118 | ||
119 | typedef struct ec_info { | |
120 | ec_curve *c; /* The actual curve */ | |
121 | ec g; /* The common point */ | |
122 | mp *r; /* Order of %$g$% */ | |
123 | mp *h; /* Cofactor %$h = \#E/r$% */ | |
124 | } ec_info; | |
125 | ||
b0ab12e6 | 126 | /*----- Simple memory management things -----------------------------------*/ |
127 | ||
128 | /* --- @ec_create@ --- * | |
129 | * | |
130 | * Arguments: @ec *p@ = pointer to an elliptic-curve point | |
131 | * | |
41a324a7 | 132 | * Returns: The argument @p@. |
b0ab12e6 | 133 | * |
134 | * Use: Initializes a new point. The initial value is the additive | |
135 | * identity (which is universal for all curves). | |
136 | */ | |
137 | ||
138 | #define EC_INIT { MP_NEW, MP_NEW, MP_NEW } | |
139 | ||
140 | #define EC_CREATE(p) do { \ | |
141 | ec *_p = (p); \ | |
142 | _p->x = _p->y = _p->z = MP_NEW; \ | |
143 | } while (0) | |
144 | ||
41a324a7 | 145 | extern ec *ec_create(ec */*p*/); |
b0ab12e6 | 146 | |
147 | /* --- @ec_destroy@ --- * | |
148 | * | |
149 | * Arguments: @ec *p@ = pointer to an elliptic-curve point | |
150 | * | |
151 | * Returns: --- | |
152 | * | |
153 | * Use: Destroys a point, making it invalid. | |
154 | */ | |
155 | ||
156 | #define EC_DESTROY(p) do { \ | |
157 | ec *_p = (p); \ | |
158 | if (!EC_ATINF(_p)) { \ | |
159 | MP_DROP(_p->x); \ | |
160 | MP_DROP(_p->y); \ | |
161 | if (_p->z) MP_DROP(_p->z); \ | |
162 | } \ | |
163 | } while (0) | |
164 | ||
165 | extern void ec_destroy(ec */*p*/); | |
166 | ||
167 | /* --- @ec_atinf@ --- * | |
168 | * | |
169 | * Arguments: @const ec *p@ = pointer to a point | |
170 | * | |
171 | * Returns: Nonzero if %$p = O$% is the point at infinity, zero | |
172 | * otherwise. | |
173 | */ | |
174 | ||
175 | #define EC_ATINF(p) ((p)->x == MP_NEW || (p)->x == MP_NEWSEC) | |
176 | ||
177 | extern int ec_atinf(const ec */*p*/); | |
178 | ||
179 | /* --- @ec_setinf@ --- * | |
180 | * | |
181 | * Arguments: @ec *p@ = pointer to a point | |
182 | * | |
41a324a7 | 183 | * Returns: The argument @p@. |
b0ab12e6 | 184 | * |
185 | * Use: Sets the given point to be the point %$O$% at infinity. | |
186 | */ | |
187 | ||
188 | #define EC_SETINF(p) do { \ | |
189 | ec *_p = (p); \ | |
190 | if (!EC_ATINF(_p)) { \ | |
191 | MP_DROP(_p->x); \ | |
192 | MP_DROP(_p->y); \ | |
193 | if (_p->z) MP_DROP(_p->z); \ | |
194 | _p->x = _p->y = _p->z = MP_NEW; \ | |
195 | _p->y = MP_NEW; \ | |
196 | _p->z = MP_NEW; \ | |
197 | } \ | |
198 | } while (0) | |
199 | ||
41a324a7 | 200 | extern ec *ec_setinf(ec */*p*/); |
b0ab12e6 | 201 | |
202 | /* --- @ec_copy@ --- * | |
203 | * | |
204 | * Arguments: @ec *d@ = pointer to destination point | |
205 | * @const ec *p@ = pointer to source point | |
206 | * | |
41a324a7 | 207 | * Returns: The destination @d@. |
b0ab12e6 | 208 | * |
209 | * Use: Creates a copy of an elliptic curve point. | |
210 | */ | |
211 | ||
212 | #define EC_COPY(d, p) do { \ | |
213 | ec *_d = (d); \ | |
214 | const ec *_p = (p); \ | |
215 | if (d != p) { \ | |
216 | EC_DESTROY(d); \ | |
217 | if (EC_ATINF(p)) \ | |
218 | _d->x = _d->y = _d->z = MP_NEW; \ | |
219 | else { \ | |
b085fd91 | 220 | _d->x = MP_COPY(_p->x); \ |
221 | _d->y = MP_COPY(_p->y); \ | |
222 | _d->z = _p->z ? MP_COPY(_p->z) : MP_NEW; \ | |
b0ab12e6 | 223 | } \ |
224 | } \ | |
225 | } while (0) | |
226 | ||
41a324a7 | 227 | extern ec *ec_copy(ec */*d*/, const ec */*p*/); |
b0ab12e6 | 228 | |
bc985cef | 229 | /* --- @ec_eq@ --- * |
230 | * | |
231 | * Arguments: @const ec *p, *q@ = two points | |
232 | * | |
233 | * Returns: Nonzero if the points are equal. Compares external-format | |
234 | * points. | |
235 | */ | |
236 | ||
237 | #define EC_EQ(p, q) \ | |
238 | ((EC_ATINF(p) && EC_ATINF(q)) || \ | |
239 | (!EC_ATINF(p) && !EC_ATINF(q) && \ | |
240 | MP_EQ((p)->x, (q)->x) && \ | |
241 | MP_EQ((p)->y, (q)->y))) | |
242 | ||
243 | extern int ec_eq(const ec *p, const ec *q); | |
244 | ||
b0ab12e6 | 245 | /*----- Interesting arithmetic --------------------------------------------*/ |
246 | ||
34e4f738 | 247 | /* --- @ec_samep@ --- * |
248 | * | |
249 | * Arguments: @ec_curve *c, *d@ = two elliptic curves | |
250 | * | |
251 | * Returns: Nonzero if the curves are identical (not just isomorphic). | |
252 | * | |
253 | * Use: Checks for sameness of curves. This function does the full | |
254 | * check, not just the curve-type-specific check done by the | |
255 | * @sampep@ field operation. | |
256 | */ | |
257 | ||
258 | extern int ec_samep(ec_curve */*c*/, ec_curve */*d*/); | |
259 | ||
b0ab12e6 | 260 | /* --- @ec_find@ --- * |
261 | * | |
262 | * Arguments: @ec_curve *c@ = pointer to an elliptic curve | |
263 | * @ec *d@ = pointer to the destination point | |
264 | * @mp *x@ = a possible x-coordinate | |
265 | * | |
b085fd91 | 266 | * Returns: The destination if OK, or null if no point was found. |
b0ab12e6 | 267 | * |
b085fd91 | 268 | * Use: Finds a point on an elliptic curve with a given |
269 | * x-coordinate. If there is no point with the given | |
270 | * %$x$%-coordinate, a null pointer is returned and the | |
271 | * destination is left invalid. | |
b0ab12e6 | 272 | */ |
273 | ||
b085fd91 | 274 | extern ec *ec_find(ec_curve */*c*/, ec */*d*/, mp */*x*/); |
275 | ||
bc985cef | 276 | /* --- @ec_rand@ --- * |
277 | * | |
278 | * Arguments: @ec_curve *c@ = pointer to an elliptic curve | |
279 | * @ec *d@ = pointer to the destination point | |
280 | * @grand *r@ = random number source | |
281 | * | |
282 | * Returns: The destination @d@. | |
283 | * | |
284 | * Use: Finds a random point on the given curve. | |
285 | */ | |
286 | ||
287 | extern ec *ec_rand(ec_curve */*c*/, ec */*d*/, grand */*r*/); | |
288 | ||
b085fd91 | 289 | /* --- @ec_neg@ --- * |
290 | * | |
291 | * Arguments: @ec_curve *c@ = pointer to an elliptic curve | |
292 | * @ec *d@ = pointer to the destination point | |
293 | * @const ec *p@ = pointer to the operand point | |
294 | * | |
295 | * Returns: The destination point. | |
296 | * | |
297 | * Use: Computes the negation of the given point. | |
298 | */ | |
299 | ||
300 | extern ec *ec_neg(ec_curve */*c*/, ec */*d*/, const ec */*p*/); | |
b0ab12e6 | 301 | |
302 | /* --- @ec_add@ --- * | |
303 | * | |
304 | * Arguments: @ec_curve *c@ = pointer to an elliptic curve | |
305 | * @ec *d@ = pointer to the destination point | |
306 | * @const ec *p, *q@ = pointers to the operand points | |
307 | * | |
41a324a7 | 308 | * Returns: The destination @d@. |
b0ab12e6 | 309 | * |
310 | * Use: Adds two points on an elliptic curve. | |
311 | */ | |
312 | ||
41a324a7 | 313 | extern ec *ec_add(ec_curve */*c*/, ec */*d*/, |
314 | const ec */*p*/, const ec */*q*/); | |
b0ab12e6 | 315 | |
b085fd91 | 316 | /* --- @ec_sub@ --- * |
317 | * | |
318 | * Arguments: @ec_curve *c@ = pointer to an elliptic curve | |
319 | * @ec *d@ = pointer to the destination point | |
320 | * @const ec *p, *q@ = pointers to the operand points | |
321 | * | |
322 | * Returns: The destination @d@. | |
323 | * | |
324 | * Use: Subtracts one point from another on an elliptic curve. | |
325 | */ | |
326 | ||
327 | extern ec *ec_sub(ec_curve */*c*/, ec */*d*/, | |
328 | const ec */*p*/, const ec */*q*/); | |
329 | ||
b0ab12e6 | 330 | /* --- @ec_dbl@ --- * |
331 | * | |
332 | * Arguments: @ec_curve *c@ = pointer to an elliptic curve | |
333 | * @ec *d@ = pointer to the destination point | |
334 | * @const ec *p@ = pointer to the operand point | |
335 | * | |
41a324a7 | 336 | * Returns: The destination @d@. |
b0ab12e6 | 337 | * |
338 | * Use: Doubles a point on an elliptic curve. | |
339 | */ | |
340 | ||
41a324a7 | 341 | extern ec *ec_dbl(ec_curve */*c*/, ec */*d*/, const ec */*p*/); |
b0ab12e6 | 342 | |
8823192f | 343 | /* --- @ec_check@ --- * |
344 | * | |
345 | * Arguments: @ec_curve *c@ = pointer to an elliptic curve | |
346 | * @const ec *p@ = pointer to the point | |
347 | * | |
348 | * Returns: Zero if OK, nonzero if this is an invalid point. | |
349 | * | |
350 | * Use: Checks that a point is actually on an elliptic curve. | |
351 | */ | |
352 | ||
353 | extern int ec_check(ec_curve */*c*/, const ec */*p*/); | |
354 | ||
b085fd91 | 355 | /* --- @ec_mul@, @ec_imul@ --- * |
b0ab12e6 | 356 | * |
357 | * Arguments: @ec_curve *c@ = pointer to an elliptic curve | |
358 | * @ec *d@ = pointer to the destination point | |
359 | * @const ec *p@ = pointer to the generator point | |
360 | * @mp *n@ = integer multiplier | |
361 | * | |
41a324a7 | 362 | * Returns: The destination @d@. |
b0ab12e6 | 363 | * |
b085fd91 | 364 | * Use: Multiplies a point by a scalar, returning %$n p$%. The |
365 | * @imul@ variant uses internal representations for argument | |
366 | * and result. | |
b0ab12e6 | 367 | */ |
368 | ||
41a324a7 | 369 | extern ec *ec_mul(ec_curve */*c*/, ec */*d*/, const ec */*p*/, mp */*n*/); |
b085fd91 | 370 | extern ec *ec_imul(ec_curve */*c*/, ec */*d*/, const ec */*p*/, mp */*n*/); |
371 | ||
372 | /* --- @ec_mmul@, @ec_immul@ --- * | |
373 | * | |
374 | * Arguments: @ec_curve *c@ = pointer to an elliptic curve | |
375 | * @ec *d@ = pointer to the destination point | |
376 | * @const ec_mulfactor *f@ = pointer to vector of factors | |
377 | * @size_t n@ = number of factors | |
378 | * | |
379 | * Returns: The destination @d@. | |
380 | * | |
381 | * Use: Does simultaneous point multiplication. The @immul@ variant | |
382 | * uses internal representations for arguments and result. | |
383 | */ | |
384 | ||
385 | extern ec *ec_mmul(ec_curve */*c*/, ec */*d*/, | |
386 | const ec_mulfactor */*f*/, size_t /*n*/); | |
387 | extern ec *ec_immul(ec_curve */*c*/, ec */*d*/, | |
388 | const ec_mulfactor */*f*/, size_t /*n*/); | |
41a324a7 | 389 | |
390 | /*----- Standard curve operations -----------------------------------------*/ | |
391 | ||
34e4f738 | 392 | /* --- @ec_stdsamep@ --- * |
393 | * | |
394 | * Arguments: @ec_curve *c, *d@ = two elliptic curves | |
395 | * | |
396 | * Returns: Nonzero if the curves are identical (not just isomorphic). | |
397 | * | |
398 | * Use: Simple sameness check on @a@ and @b@ curve members. | |
399 | */ | |
400 | ||
401 | extern int ec_stdsamep(ec_curve */*c*/, ec_curve */*d*/); | |
402 | ||
8823192f | 403 | /* --- @ec_idin@, @ec_idout@, @ec_idfix@ --- * |
41a324a7 | 404 | * |
405 | * Arguments: @ec_curve *c@ = pointer to an elliptic curve | |
406 | * @ec *d@ = pointer to the destination | |
407 | * @const ec *p@ = pointer to a source point | |
408 | * | |
409 | * Returns: The destination @d@. | |
410 | * | |
411 | * Use: An identity operation if your curve has no internal | |
412 | * representation. (The field internal representation is still | |
413 | * used.) | |
414 | */ | |
415 | ||
416 | extern ec *ec_idin(ec_curve */*c*/, ec */*d*/, const ec */*p*/); | |
417 | extern ec *ec_idout(ec_curve */*c*/, ec */*d*/, const ec */*p*/); | |
8823192f | 418 | extern ec *ec_idfix(ec_curve */*c*/, ec */*d*/, const ec */*p*/); |
41a324a7 | 419 | |
8823192f | 420 | /* --- @ec_projin@, @ec_projout@, @ec_projfix@ --- * |
41a324a7 | 421 | * |
422 | * Arguments: @ec_curve *c@ = pointer to an elliptic curve | |
423 | * @ec *d@ = pointer to the destination | |
424 | * @const ec *p@ = pointer to a source point | |
425 | * | |
426 | * Returns: The destination @d@. | |
427 | * | |
428 | * Use: Conversion functions if your curve operations use a | |
429 | * projective representation. | |
430 | */ | |
431 | ||
432 | extern ec *ec_projin(ec_curve */*c*/, ec */*d*/, const ec */*p*/); | |
433 | extern ec *ec_projout(ec_curve */*c*/, ec */*d*/, const ec */*p*/); | |
8823192f | 434 | extern ec *ec_projfix(ec_curve */*c*/, ec */*d*/, const ec */*p*/); |
b0ab12e6 | 435 | |
b085fd91 | 436 | /* --- @ec_stdsub@ --- * |
437 | * | |
438 | * Arguments: @ec_curve *c@ = pointer to an elliptic curve | |
439 | * @ec *d@ = pointer to the destination | |
41cb1beb | 440 | * @const ec *p, *q@ = the operand points |
b085fd91 | 441 | * |
442 | * Returns: The destination @d@. | |
443 | * | |
444 | * Use: Standard point subtraction operation, in terms of negation | |
445 | * and addition. This isn't as efficient as a ready-made | |
446 | * subtraction operator. | |
447 | */ | |
448 | ||
41cb1beb | 449 | extern ec *ec_stdsub(ec_curve */*c*/, ec */*d*/, |
450 | const ec */*p*/, const ec */*q*/); | |
b085fd91 | 451 | |
b0ab12e6 | 452 | /*----- Creating curves ---------------------------------------------------*/ |
453 | ||
b085fd91 | 454 | /* --- @ec_destroycurve@ --- * |
455 | * | |
456 | * Arguments: @ec_curve *c@ = pointer to an ellptic curve | |
457 | * | |
458 | * Returns: --- | |
459 | * | |
460 | * Use: Destroys a description of an elliptic curve. | |
461 | */ | |
462 | ||
463 | extern void ec_destroycurve(ec_curve */*c*/); | |
464 | ||
465 | /* --- @ec_prime@, @ec_primeproj@ --- * | |
b0ab12e6 | 466 | * |
dbfee00a | 467 | * Arguments: @field *f@ = the underlying field for this elliptic curve |
b0ab12e6 | 468 | * @mp *a, *b@ = the coefficients for this curve |
469 | * | |
02d7884d | 470 | * Returns: A pointer to the curve, or null. |
b0ab12e6 | 471 | * |
472 | * Use: Creates a curve structure for an elliptic curve defined over | |
b085fd91 | 473 | * a prime field. The @primeproj@ variant uses projective |
474 | * coordinates, which can be a win. | |
b0ab12e6 | 475 | */ |
476 | ||
477 | extern ec_curve *ec_prime(field */*f*/, mp */*a*/, mp */*b*/); | |
b085fd91 | 478 | extern ec_curve *ec_primeproj(field */*f*/, mp */*a*/, mp */*b*/); |
b0ab12e6 | 479 | |
ceb3f0c0 | 480 | /* --- @ec_bin@, @ec_binproj@ --- * |
b0ab12e6 | 481 | * |
482 | * Arguments: @field *f@ = the underlying field for this elliptic curve | |
483 | * @mp *a, *b@ = the coefficients for this curve | |
484 | * | |
02d7884d | 485 | * Returns: A pointer to the curve, or null. |
b0ab12e6 | 486 | * |
ceb3f0c0 | 487 | * Use: Creates a curve structure for an elliptic curve defined over |
488 | * a binary field. The @binproj@ variant uses projective | |
489 | * coordinates, which can be a win. | |
b0ab12e6 | 490 | */ |
491 | ||
492 | extern ec_curve *ec_bin(field */*f*/, mp */*a*/, mp */*b*/); | |
ceb3f0c0 | 493 | extern ec_curve *ec_binproj(field */*f*/, mp */*a*/, mp */*b*/); |
b0ab12e6 | 494 | |
432c4e18 | 495 | /*----- Curve parameter sets ----------------------------------------------*/ |
496 | ||
497 | /* --- @ec_curveparse@ --- * | |
498 | * | |
499 | * Arguments: @qd_parse *qd@ = parser context | |
500 | * | |
501 | * Returns: Elliptic curve pointer if OK, or null. | |
502 | * | |
503 | * Use: Parses an elliptic curve description, which has the form | |
504 | * | |
505 | * * a field description | |
20095408 | 506 | * * an optional `;' |
432c4e18 | 507 | * * `prime', `primeproj', `bin', or `binproj' |
508 | * * an optional `:' | |
509 | * * the %$a$% parameter | |
510 | * * an optional `,' | |
511 | * * the %$b$% parameter | |
512 | */ | |
513 | ||
514 | extern ec_curve *ec_curveparse(qd_parse */*qd*/); | |
515 | ||
516 | /* --- @ec_ptparse@ --- * | |
517 | * | |
518 | * Arguments: @qd_parse *qd@ = parser context | |
519 | * @ec *p@ = where to put the point | |
520 | * | |
521 | * Returns: The point address, or null. | |
522 | * | |
523 | * Use: Parses an elliptic curve point. This has the form | |
524 | * | |
525 | * * %$x$%-coordinate | |
526 | * * optional `,' | |
527 | * * %$y$%-coordinate | |
528 | */ | |
529 | ||
530 | extern ec *ec_ptparse(qd_parse */*qd*/, ec */*p*/); | |
531 | ||
532 | /* --- @ec_infoparse@ --- * | |
533 | * | |
534 | * Arguments: @qd_parse *qd@ = parser context | |
535 | * @ec_info *ei@ = curve information block, currently | |
536 | * uninitialized | |
537 | * | |
538 | * Returns: Zero on success, nonzero on failure. | |
539 | * | |
540 | * Use: Parses an elliptic curve information string, and stores the | |
541 | * information in @ei@. This has the form | |
542 | * | |
543 | * * elliptic curve description | |
20095408 | 544 | * * optional `;' |
432c4e18 | 545 | * * common point |
546 | * * optional `:' | |
547 | * * group order | |
548 | * * optional `*' | |
549 | * * cofactor | |
550 | */ | |
551 | ||
552 | extern int ec_infoparse(qd_parse */*qd*/, ec_info */*ei*/); | |
553 | ||
7b6d64f1 | 554 | /* --- @ec_infofromdata@ --- * |
555 | * | |
556 | * Arguments: @ec_info *ei@ = where to write the information | |
557 | * @ecdata *ed@ = raw data | |
558 | * | |
559 | * Returns: --- | |
560 | * | |
561 | * Use: Loads elliptic curve information about one of the standard | |
562 | * curves. | |
563 | */ | |
564 | ||
565 | struct ecdata; | |
566 | extern void ec_infofromdata(ec_info */*ei*/, struct ecdata */*ed*/); | |
567 | ||
432c4e18 | 568 | /* --- @ec_getinfo@ --- * |
569 | * | |
570 | * Arguments: @ec_info *ei@ = where to write the information | |
571 | * @const char *p@ = string describing a curve | |
572 | * | |
573 | * Returns: Null on success, or a pointer to an error message. | |
574 | * | |
575 | * Use: Parses out information about a curve. The string is either a | |
576 | * standard curve name, or a curve info string. | |
577 | */ | |
578 | ||
579 | extern const char *ec_getinfo(ec_info */*ei*/, const char */*p*/); | |
580 | ||
34e4f738 | 581 | /* --- @ec_sameinfop@ --- * |
582 | * | |
583 | * Arguments: @ec_info *ei, *ej@ = two elliptic curve parameter sets | |
584 | * | |
585 | * Returns: Nonzero if the curves are identical (not just isomorphic). | |
586 | * | |
587 | * Use: Checks for sameness of curve parameters. | |
588 | */ | |
589 | ||
590 | extern int ec_sameinfop(ec_info */*ei*/, ec_info */*ej*/); | |
591 | ||
432c4e18 | 592 | /* --- @ec_freeinfo@ --- * |
593 | * | |
594 | * Arguments: @ec_info *ei@ = elliptic curve information block to free | |
595 | * | |
596 | * Returns: --- | |
597 | * | |
598 | * Use: Frees the information block. | |
599 | */ | |
600 | ||
601 | extern void ec_freeinfo(ec_info */*ei*/); | |
602 | ||
603 | /* --- @ec_checkinfo@ --- * | |
604 | * | |
605 | * Arguments: @const ec_info *ei@ = elliptic curve information block | |
606 | * | |
607 | * Returns: Null if OK, or pointer to error message. | |
608 | * | |
609 | * Use: Checks an elliptic curve according to the rules in SEC1. | |
610 | */ | |
611 | ||
612 | extern const char *ec_checkinfo(const ec_info */*ei*/, grand */*gr*/); | |
613 | ||
b0ab12e6 | 614 | /*----- That's all, folks -------------------------------------------------*/ |
615 | ||
616 | #ifdef __cplusplus | |
617 | } | |
618 | #endif | |
619 | ||
620 | #endif |