38b90111 |
1 | #include <stdio.h> |
2 | #include <string.h> |
3 | #include <stdlib.h> |
4 | |
5 | #include <mLib/alloc.h> |
6 | #include <mLib/hex.h> |
7 | #include <mLib/dstr.h> |
141c1284 |
8 | #include <mLib/macros.h> |
38b90111 |
9 | |
10 | #include "ec.h" |
11 | #include "mp.h" |
12 | #include "rand.h" |
389d8222 |
13 | #include "field-guts.h" |
38b90111 |
14 | |
15 | static void puthex(const char *name, mp *x, size_t n) |
16 | { |
17 | dstr d = DSTR_INIT; |
18 | hex_ctx hc; |
19 | char *p; |
20 | |
21 | if (!n) n = mp_octets(x); |
22 | p = xmalloc(n); |
23 | hex_init(&hc); |
24 | hc.indent = ""; |
25 | hc.maxline = 0; |
26 | mp_storeb(x, p, n); |
27 | hex_encode(&hc, p, n, &d); |
28 | hex_encode(&hc, 0, 0, &d); |
29 | printf(" %s 0x", name); |
30 | dstr_write(&d, stdout); |
31 | putchar('\n'); |
32 | dstr_destroy(&d); |
33 | xfree(p); |
34 | } |
35 | |
36 | int main(int argc, char *argv[]) |
37 | { |
38 | ec_curve *c; |
39 | ec_info ei; |
40 | ec pt = EC_INIT; |
41 | qd_parse qd; |
42 | hex_ctx hc; |
43 | dstr d = DSTR_INIT; |
44 | size_t n; |
45 | octet *p; |
46 | mp *x, *y = 0, *yy = 0; |
389d8222 |
47 | mp *t = MP_NEW; |
38b90111 |
48 | const char *err; |
49 | |
50 | qd.p = argv[1]; |
51 | qd.e = 0; |
52 | if ((c = ec_curveparse(&qd)) == 0 || !qd_eofp(&qd)) { |
53 | fprintf(stderr, "bad curve: %s\n", qd.e); |
54 | exit(1); |
55 | } |
56 | n = c->f->noctets; |
57 | |
58 | ei.c = c; |
59 | ei.r = mp_readstring(MP_NEW, argv[2], 0, 0); |
60 | ei.h = mp_readstring(MP_NEW, argv[3], 0, 0); |
61 | |
62 | EC_CREATE(&ei.g); |
63 | hex_init(&hc); |
64 | hex_decode(&hc, argv[4], strlen(argv[4]), &d); |
65 | hex_decode(&hc, 0, 0, &d); |
66 | p = (octet *)d.buf; |
67 | if (p[0] == 0) { |
68 | EC_SETINF(&ei.g); |
69 | } else { |
70 | if (d.len < n + 1) { |
71 | fprintf(stderr, "missing x\n"); |
72 | exit(1); |
73 | } |
74 | x = mp_loadb(MP_NEW, p + 1, n); |
75 | if (p[0] & 0x04) { |
76 | if (d.len < 2 * n + 1) { |
77 | fprintf(stderr, "missing y\n"); |
78 | exit(1); |
79 | } |
80 | y = mp_loadb(MP_NEW, p + n + 1, n); |
81 | } |
82 | if (p[0] & 0x02) { |
389d8222 |
83 | if (!ec_find(c, &pt, x)) { |
38b90111 |
84 | fprintf(stderr, "no matching y\n"); |
85 | exit(1); |
86 | } |
87 | yy = MP_COPY(pt.y); |
88 | ec_destroy(&pt); |
89 | switch (F_TYPE(c->f)) { |
90 | case FTY_PRIME: |
389d8222 |
91 | if (!MP_ODDP(yy) != !(p[0] & 1)) |
38b90111 |
92 | yy = mp_sub(yy, c->f->m, yy); |
93 | break; |
94 | case FTY_BINARY: |
389d8222 |
95 | if (MP_ZEROP(x)) |
38b90111 |
96 | yy = F_SQRT(c->f, MP_NEW, c->b); |
97 | else { |
389d8222 |
98 | mp *xin = F_IN(c->f, MP_NEW, x); |
99 | mp *xx = F_SQR(c->f, MP_NEW, xin); |
38b90111 |
100 | mp *b = F_MUL(c->f, MP_NEW, xx, c->a); |
389d8222 |
101 | mp *xxx = F_MUL(c->f, MP_NEW, xx, xin); |
38b90111 |
102 | b = F_ADD(c->f, b, b, xxx); |
103 | b = F_ADD(c->f, b, b, c->b); |
104 | xx = F_INV(c->f, xx, xx); |
105 | b = F_MUL(c->f, b, b, xx); |
106 | mp_drop(xxx); |
38b90111 |
107 | yy = F_QUADSOLVE(c->f, MP_NEW, b); |
389d8222 |
108 | xx = F_OUT(c->f, xx, yy); |
109 | if (!MP_ODDP(xx) != !(p[0] & 1)) |
110 | yy = gf_add(yy, yy, MP_ONE); |
111 | yy = F_MUL(c->f, yy, yy, xin); |
112 | yy = F_OUT(c->f, yy, yy); |
113 | mp_drop(xin); |
114 | mp_drop(xx); |
38b90111 |
115 | } |
116 | break; |
117 | default: |
118 | abort(); |
119 | } |
120 | } |
121 | if (y && yy && !MP_EQ(y, yy)) { |
122 | fprintf(stderr, "inconsistent answers\n"); |
123 | exit(1); |
124 | } |
125 | ei.g.x = x; |
126 | ei.g.y = mp_copy(y ? y : yy); |
127 | mp_drop(y); mp_drop(yy); |
128 | } |
129 | |
1d7857e7 |
130 | if ((err = ec_checkinfo(&ei, &rand_global)) != 0) |
38b90111 |
131 | fprintf(stderr, "bad curve: %s\n", err); |
38b90111 |
132 | puthex("p", ei.c->f->m, 0); |
141c1284 |
133 | if (STRCMP(F_NAME(ei.c->f), ==, "binnorm")) { |
389d8222 |
134 | fctx_binnorm *fc = (fctx_binnorm *)ei.c->f; |
135 | puthex("beta", fc->ntop.r[fc->ntop.n - 1], c->f->noctets); |
136 | } |
137 | t = F_OUT(ei.c->f, t, ei.c->a); puthex("a", t, c->f->noctets); |
138 | t = F_OUT(ei.c->f, t, ei.c->b); puthex("b", t, c->f->noctets); |
38b90111 |
139 | puthex("r", ei.r, c->f->noctets); |
140 | printf(" h "); mp_writefile(ei.h, stdout, 10); putchar('\n'); |
141 | puthex("gx", ei.g.x, c->f->noctets); |
142 | puthex("gy", ei.g.y, c->f->noctets); |
143 | ec_freeinfo(&ei); |
389d8222 |
144 | mp_drop(t); |
38b90111 |
145 | dstr_destroy(&d); |
146 | return (0); |
147 | } |