Back to index

lightning-sunbird  0.9+nobinonly
Classes | Defines | Typedefs | Functions
ecl-priv.h File Reference
#include "ecl.h"
#include "mpi.h"
#include "mplogic.h"
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Classes

struct  GFMethodStr
struct  ECGroupStr

Defines

#define ECL_THIRTY_TWO_BIT
#define ECL_CURVE_DIGITS(curve_size_in_bits)   (((curve_size_in_bits)+(sizeof(mp_digit)*8-1))/(sizeof(mp_digit)*8))
#define ECL_BITS   (sizeof(mp_digit)*8)
#define ECL_MAX_FIELD_SIZE_DIGITS   (80/sizeof(mp_digit))
#define MP_GET_BIT(a, i)   ((i) >= mpl_significant_bits((a))) ? 0 : mpl_get_bit((a), (i))
#define MP_ADD_CARRY(a1, a2, s, cin, cout)
#define MP_SUB_BORROW(a1, a2, s, bin, bout)

Typedefs

typedef struct GFMethodStr

Functions

GFMethod * GFMethod_consGFp (const mp_int *irr)
GFMethod * GFMethod_consGFp_mont (const mp_int *irr)
GFMethod * GFMethod_consGF2m (const mp_int *irr, const unsigned int irr_arr[5])
void GFMethod_free (GFMethod *meth)
mp_err ec_GFp_add (const mp_int *a, const mp_int *b, mp_int *r, const GFMethod *meth)
mp_err ec_GFp_neg (const mp_int *a, mp_int *r, const GFMethod *meth)
mp_err ec_GFp_sub (const mp_int *a, const mp_int *b, mp_int *r, const GFMethod *meth)
mp_err ec_GFp_add_3 (const mp_int *a, const mp_int *b, mp_int *r, const GFMethod *meth)
mp_err ec_GFp_add_4 (const mp_int *a, const mp_int *b, mp_int *r, const GFMethod *meth)
mp_err ec_GFp_add_5 (const mp_int *a, const mp_int *b, mp_int *r, const GFMethod *meth)
mp_err ec_GFp_add_6 (const mp_int *a, const mp_int *b, mp_int *r, const GFMethod *meth)
mp_err ec_GFp_sub_3 (const mp_int *a, const mp_int *b, mp_int *r, const GFMethod *meth)
mp_err ec_GFp_sub_4 (const mp_int *a, const mp_int *b, mp_int *r, const GFMethod *meth)
mp_err ec_GFp_sub_5 (const mp_int *a, const mp_int *b, mp_int *r, const GFMethod *meth)
mp_err ec_GFp_sub_6 (const mp_int *a, const mp_int *b, mp_int *r, const GFMethod *meth)
mp_err ec_GFp_mod (const mp_int *a, mp_int *r, const GFMethod *meth)
mp_err ec_GFp_mul (const mp_int *a, const mp_int *b, mp_int *r, const GFMethod *meth)
mp_err ec_GFp_sqr (const mp_int *a, mp_int *r, const GFMethod *meth)
mp_err ec_GFp_div (const mp_int *a, const mp_int *b, mp_int *r, const GFMethod *meth)
mp_err ec_GF2m_add (const mp_int *a, const mp_int *b, mp_int *r, const GFMethod *meth)
mp_err ec_GF2m_neg (const mp_int *a, mp_int *r, const GFMethod *meth)
mp_err ec_GF2m_mod (const mp_int *a, mp_int *r, const GFMethod *meth)
mp_err ec_GF2m_mul (const mp_int *a, const mp_int *b, mp_int *r, const GFMethod *meth)
mp_err ec_GF2m_sqr (const mp_int *a, mp_int *r, const GFMethod *meth)
mp_err ec_GF2m_div (const mp_int *a, const mp_int *b, mp_int *r, const GFMethod *meth)
mp_err ec_GFp_mul_mont (const mp_int *a, const mp_int *b, mp_int *r, const GFMethod *meth)
mp_err ec_GFp_sqr_mont (const mp_int *a, mp_int *r, const GFMethod *meth)
mp_err ec_GFp_div_mont (const mp_int *a, const mp_int *b, mp_int *r, const GFMethod *meth)
mp_err ec_GFp_enc_mont (const mp_int *a, mp_int *r, const GFMethod *meth)
mp_err ec_GFp_dec_mont (const mp_int *a, mp_int *r, const GFMethod *meth)
void ec_GFp_extra_free_mont (GFMethod *meth)
mp_err ec_pts_mul_basic (const mp_int *k1, const mp_int *k2, const mp_int *px, const mp_int *py, mp_int *rx, mp_int *ry, const ECGroup *group)
mp_err ec_pts_mul_simul_w2 (const mp_int *k1, const mp_int *k2, const mp_int *px, const mp_int *py, mp_int *rx, mp_int *ry, const ECGroup *group)
mp_err ec_compute_wNAF (signed char *out, int bitsize, const mp_int *in, int w)
mp_err ec_group_set_gfp192 (ECGroup *group, ECCurveName)
mp_err ec_group_set_gfp224 (ECGroup *group, ECCurveName)
mp_err ec_group_set_gfp256 (ECGroup *group, ECCurveName)
mp_err ec_group_set_gfp384 (ECGroup *group, ECCurveName)
mp_err ec_group_set_gfp521 (ECGroup *group, ECCurveName)
mp_err ec_group_set_gf2m163 (ECGroup *group, ECCurveName name)
mp_err ec_group_set_gf2m193 (ECGroup *group, ECCurveName name)
mp_err ec_group_set_gf2m233 (ECGroup *group, ECCurveName name)

Define Documentation

#define ECL_BITS   (sizeof(mp_digit)*8)

Definition at line 57 of file ecl-priv.h.

#define ECL_CURVE_DIGITS (   curve_size_in_bits)    (((curve_size_in_bits)+(sizeof(mp_digit)*8-1))/(sizeof(mp_digit)*8))

Definition at line 55 of file ecl-priv.h.

Definition at line 58 of file ecl-priv.h.

Definition at line 52 of file ecl-priv.h.

#define MP_ADD_CARRY (   a1,
  a2,
  s,
  cin,
  cout 
)
Value:
{ mp_word w; \
    w = ((mp_word)(cin)) + (a1) + (a2); \
    s = ACCUM(w); \
    cout = CARRYOUT(w); }

Definition at line 67 of file ecl-priv.h.

#define MP_GET_BIT (   a,
  i 
)    ((i) >= mpl_significant_bits((a))) ? 0 : mpl_get_bit((a), (i))

Definition at line 63 of file ecl-priv.h.

#define MP_SUB_BORROW (   a1,
  a2,
  s,
  bin,
  bout 
)
Value:
{ mp_word w; \
    w = ((mp_word)(a1)) - (a2) - (bin); \
    s = ACCUM(w); \
    bout = (w >> MP_DIGIT_BIT) & 1; }

Definition at line 73 of file ecl-priv.h.


Typedef Documentation

typedef struct GFMethodStr

Definition at line 105 of file ecl-priv.h.


Function Documentation

mp_err ec_compute_wNAF ( signed char *  out,
int  bitsize,
const mp_int in,
int  w 
)

Definition at line 62 of file ec_naf.c.

{
       mp_int k;
       mp_err res = MP_OKAY;
       int i, twowm1, mask;

       twowm1 = ec_twoTo(w - 1);
       mask = 2 * twowm1 - 1;

       MP_DIGITS(&k) = 0;
       MP_CHECKOK(mp_init_copy(&k, in));

       i = 0;
       /* Compute wNAF form */
       while (mp_cmp_z(&k) > 0) {
              if (mp_isodd(&k)) {
                     out[i] = MP_DIGIT(&k, 0) & mask;
                     if (out[i] >= twowm1)
                            out[i] -= 2 * twowm1;

                     /* Subtract off out[i].  Note mp_sub_d only works with
                      * unsigned digits */
                     if (out[i] >= 0) {
                            mp_sub_d(&k, out[i], &k);
                     } else {
                            mp_add_d(&k, -(out[i]), &k);
                     }
              } else {
                     out[i] = 0;
              }
              mp_div_2(&k, &k);
              i++;
       }
       /* Zero out the remaining elements of the out array. */
       for (; i < bitsize + 1; i++) {
              out[i] = 0;
       }
  CLEANUP:
       mp_clear(&k);
       return res;

}

Here is the call graph for this function:

Here is the caller graph for this function:

mp_err ec_GF2m_add ( const mp_int a,
const mp_int b,
mp_int r,
const GFMethod *  meth 
)

Definition at line 970 of file ecl_gf.c.

{
       return mp_badd(a, b, r);
}

Here is the call graph for this function:

mp_err ec_GF2m_div ( const mp_int a,
const mp_int b,
mp_int r,
const GFMethod *  meth 
)

Definition at line 1013 of file ecl_gf.c.

{
       mp_err res = MP_OKAY;
       mp_int t;

       /* If a is NULL, then return the inverse of b, otherwise return a/b. */
       if (a == NULL) {
              /* The GF(2^m) portion of MPI doesn't support invmod, so we
               * compute 1/b. */
              MP_CHECKOK(mp_init(&t));
              MP_CHECKOK(mp_set_int(&t, 1));
              MP_CHECKOK(mp_bdivmod(&t, b, &meth->irr, meth->irr_arr, r));
         CLEANUP:
              mp_clear(&t);
              return res;
       } else {
              return mp_bdivmod(a, b, &meth->irr, meth->irr_arr, r);
       }
}

Here is the call graph for this function:

mp_err ec_GF2m_mod ( const mp_int a,
mp_int r,
const GFMethod *  meth 
)

Definition at line 990 of file ecl_gf.c.

{
       return mp_bmod(a, meth->irr_arr, r);
}

Here is the call graph for this function:

mp_err ec_GF2m_mul ( const mp_int a,
const mp_int b,
mp_int r,
const GFMethod *  meth 
)

Definition at line 997 of file ecl_gf.c.

{
       return mp_bmulmod(a, b, meth->irr_arr, r);
}

Here is the call graph for this function:

mp_err ec_GF2m_neg ( const mp_int a,
mp_int r,
const GFMethod *  meth 
)

Definition at line 979 of file ecl_gf.c.

{
       if (a == r) {
              return MP_OKAY;
       } else {
              return mp_copy(a, r);
       }
}

Here is the call graph for this function:

mp_err ec_GF2m_sqr ( const mp_int a,
mp_int r,
const GFMethod *  meth 
)

Definition at line 1005 of file ecl_gf.c.

{
       return mp_bsqrmod(a, meth->irr_arr, r);
}

Here is the call graph for this function:

mp_err ec_GFp_add ( const mp_int a,
const mp_int b,
mp_int r,
const GFMethod *  meth 
)

Definition at line 199 of file ecl_gf.c.

{
       /* PRE: 0 <= a, b < p = meth->irr POST: 0 <= r < p, r = a + b (mod p) */
       mp_err res;

       if ((res = mp_add(a, b, r)) != MP_OKAY) {
              return res;
       }
       if (mp_cmp(r, &meth->irr) >= 0) {
              return mp_sub(r, &meth->irr, r);
       }
       return res;
}

Here is the call graph for this function:

mp_err ec_GFp_add_3 ( const mp_int a,
const mp_int b,
mp_int r,
const GFMethod *  meth 
)

Definition at line 254 of file ecl_gf.c.

{
       mp_err res = MP_OKAY;
       mp_digit a0 = 0, a1 = 0, a2 = 0;
       mp_digit r0 = 0, r1 = 0, r2 = 0;
       mp_digit carry;

       switch(MP_USED(a)) {
       case 3:
              a2 = MP_DIGIT(a,2);
       case 2:
              a1 = MP_DIGIT(a,1);
       case 1:
              a0 = MP_DIGIT(a,0);
       }
       switch(MP_USED(b)) {
       case 3:
              r2 = MP_DIGIT(b,2);
       case 2:
              r1 = MP_DIGIT(b,1);
       case 1:
              r0 = MP_DIGIT(b,0);
       }

#ifndef MPI_AMD64_ADD
       MP_ADD_CARRY(a0, r0, r0, 0,     carry);
       MP_ADD_CARRY(a1, r1, r1, carry, carry);
       MP_ADD_CARRY(a2, r2, r2, carry, carry);
#else
       __asm__ (
                "xorq   %3,%3           \n\t"
                "addq   %4,%0           \n\t"
                "adcq   %5,%1           \n\t"
                "adcq   %6,%2           \n\t"
                "adcq   $0,%3           \n\t"
                : "=r"(r0), "=r"(r1), "=r"(r2), "=r"(carry)
                : "r" (a0), "r" (a1), "r" (a2),
                "0" (r0), "1" (r1), "2" (r2)
                : "%cc" );
#endif

       MP_CHECKOK(s_mp_pad(r, 3));
       MP_DIGIT(r, 2) = r2;
       MP_DIGIT(r, 1) = r1;
       MP_DIGIT(r, 0) = r0;
       MP_SIGN(r) = MP_ZPOS;
       MP_USED(r) = 3;

       /* Do quick 'subract' if we've gone over 
        * (add the 2's complement of the curve field) */
        a2 = MP_DIGIT(&meth->irr,2);
       if (carry ||  r2 >  a2 ||
              ((r2 == a2) && mp_cmp(r,&meth->irr) != MP_LT)) {
              a1 = MP_DIGIT(&meth->irr,1);
              a0 = MP_DIGIT(&meth->irr,0);
#ifndef MPI_AMD64_ADD
              MP_SUB_BORROW(r0, a0, r0, 0,     carry);
              MP_SUB_BORROW(r1, a1, r1, carry, carry);
              MP_SUB_BORROW(r2, a2, r2, carry, carry);
#else
              __asm__ (
                     "subq   %3,%0           \n\t"
                     "sbbq   %4,%1           \n\t"
                     "sbbq   %5,%2           \n\t"
                     : "=r"(r0), "=r"(r1), "=r"(r2)
                     : "r" (a0), "r" (a1), "r" (a2),
                       "0" (r0), "1" (r1), "2" (r2)
                     : "%cc" );
#endif
              MP_DIGIT(r, 2) = r2;
              MP_DIGIT(r, 1) = r1;
              MP_DIGIT(r, 0) = r0;
       }
       
       s_mp_clamp(r);

  CLEANUP:
       return res;
}

Here is the call graph for this function:

mp_err ec_GFp_add_4 ( const mp_int a,
const mp_int b,
mp_int r,
const GFMethod *  meth 
)

Definition at line 337 of file ecl_gf.c.

{
       mp_err res = MP_OKAY;
       mp_digit a0 = 0, a1 = 0, a2 = 0, a3 = 0;
       mp_digit r0 = 0, r1 = 0, r2 = 0, r3 = 0;
       mp_digit carry;

       switch(MP_USED(a)) {
       case 4:
              a3 = MP_DIGIT(a,3);
       case 3:
              a2 = MP_DIGIT(a,2);
       case 2:
              a1 = MP_DIGIT(a,1);
       case 1:
              a0 = MP_DIGIT(a,0);
       }
       switch(MP_USED(b)) {
       case 4:
              r3 = MP_DIGIT(b,3);
       case 3:
              r2 = MP_DIGIT(b,2);
       case 2:
              r1 = MP_DIGIT(b,1);
       case 1:
              r0 = MP_DIGIT(b,0);
       }

#ifndef MPI_AMD64_ADD
       MP_ADD_CARRY(a0, r0, r0, 0,     carry);
       MP_ADD_CARRY(a1, r1, r1, carry, carry);
       MP_ADD_CARRY(a2, r2, r2, carry, carry);
       MP_ADD_CARRY(a3, r3, r3, carry, carry);
#else
       __asm__ (
                "xorq   %4,%4           \n\t"
                "addq   %5,%0           \n\t"
                "adcq   %6,%1           \n\t"
                "adcq   %7,%2           \n\t"
                "adcq   %8,%3           \n\t"
                "adcq   $0,%4           \n\t"
                : "=r"(r0), "=r"(r1), "=r"(r2), "=r"(r3), "=r"(carry)
                : "r" (a0), "r" (a1), "r" (a2), "r" (a3),
                "0" (r0), "1" (r1), "2" (r2), "3" (r3)
                : "%cc" );
#endif

       MP_CHECKOK(s_mp_pad(r, 4));
       MP_DIGIT(r, 3) = r3;
       MP_DIGIT(r, 2) = r2;
       MP_DIGIT(r, 1) = r1;
       MP_DIGIT(r, 0) = r0;
       MP_SIGN(r) = MP_ZPOS;
       MP_USED(r) = 4;

       /* Do quick 'subract' if we've gone over 
        * (add the 2's complement of the curve field) */
        a3 = MP_DIGIT(&meth->irr,3);
       if (carry ||  r3 >  a3 ||
              ((r3 == a3) && mp_cmp(r,&meth->irr) != MP_LT)) {
              a2 = MP_DIGIT(&meth->irr,2);
              a1 = MP_DIGIT(&meth->irr,1);
              a0 = MP_DIGIT(&meth->irr,0);
#ifndef MPI_AMD64_ADD
              MP_SUB_BORROW(r0, a0, r0, 0,     carry);
              MP_SUB_BORROW(r1, a1, r1, carry, carry);
              MP_SUB_BORROW(r2, a2, r2, carry, carry);
              MP_SUB_BORROW(r3, a3, r3, carry, carry);
#else
              __asm__ (
                     "subq   %4,%0           \n\t"
                     "sbbq   %5,%1           \n\t"
                     "sbbq   %6,%2           \n\t"
                     "sbbq   %7,%3           \n\t"
                     : "=r"(r0), "=r"(r1), "=r"(r2), "=r"(r3)
                     : "r" (a0), "r" (a1), "r" (a2), "r" (a3),
                       "0" (r0), "1" (r1), "2" (r2), "3" (r3)
                     : "%cc" );
#endif
              MP_DIGIT(r, 3) = r3;
              MP_DIGIT(r, 2) = r2;
              MP_DIGIT(r, 1) = r1;
              MP_DIGIT(r, 0) = r0;
       }
       
       s_mp_clamp(r);

  CLEANUP:
       return res;
}

Here is the call graph for this function:

mp_err ec_GFp_add_5 ( const mp_int a,
const mp_int b,
mp_int r,
const GFMethod *  meth 
)

Definition at line 431 of file ecl_gf.c.

{
       mp_err res = MP_OKAY;
       mp_digit a0 = 0, a1 = 0, a2 = 0, a3 = 0, a4 = 0;
       mp_digit r0 = 0, r1 = 0, r2 = 0, r3 = 0, r4 = 0;
       mp_digit carry;

       switch(MP_USED(a)) {
       case 5:
              a4 = MP_DIGIT(a,4);
       case 4:
              a3 = MP_DIGIT(a,3);
       case 3:
              a2 = MP_DIGIT(a,2);
       case 2:
              a1 = MP_DIGIT(a,1);
       case 1:
              a0 = MP_DIGIT(a,0);
       }
       switch(MP_USED(b)) {
       case 5:
              r4 = MP_DIGIT(b,4);
       case 4:
              r3 = MP_DIGIT(b,3);
       case 3:
              r2 = MP_DIGIT(b,2);
       case 2:
              r1 = MP_DIGIT(b,1);
       case 1:
              r0 = MP_DIGIT(b,0);
       }

       MP_ADD_CARRY(a0, r0, r0, 0,     carry);
       MP_ADD_CARRY(a1, r1, r1, carry, carry);
       MP_ADD_CARRY(a2, r2, r2, carry, carry);
       MP_ADD_CARRY(a3, r3, r3, carry, carry);
       MP_ADD_CARRY(a4, r4, r4, carry, carry);

       MP_CHECKOK(s_mp_pad(r, 5));
       MP_DIGIT(r, 4) = r4;
       MP_DIGIT(r, 3) = r3;
       MP_DIGIT(r, 2) = r2;
       MP_DIGIT(r, 1) = r1;
       MP_DIGIT(r, 0) = r0;
       MP_SIGN(r) = MP_ZPOS;
       MP_USED(r) = 5;

       /* Do quick 'subract' if we've gone over 
        * (add the 2's complement of the curve field) */
        a4 = MP_DIGIT(&meth->irr,4);
       if (carry ||  r4 >  a4 ||
              ((r4 == a4) && mp_cmp(r,&meth->irr) != MP_LT)) {
              a3 = MP_DIGIT(&meth->irr,3);
              a2 = MP_DIGIT(&meth->irr,2);
              a1 = MP_DIGIT(&meth->irr,1);
              a0 = MP_DIGIT(&meth->irr,0);
              MP_SUB_BORROW(r0, a0, r0, 0,     carry);
              MP_SUB_BORROW(r1, a1, r1, carry, carry);
              MP_SUB_BORROW(r2, a2, r2, carry, carry);
              MP_SUB_BORROW(r3, a3, r3, carry, carry);
              MP_SUB_BORROW(r4, a4, r4, carry, carry);
              MP_DIGIT(r, 4) = r4;
              MP_DIGIT(r, 3) = r3;
              MP_DIGIT(r, 2) = r2;
              MP_DIGIT(r, 1) = r1;
              MP_DIGIT(r, 0) = r0;
       }
       
       s_mp_clamp(r);

  CLEANUP:
       return res;
}

Here is the call graph for this function:

mp_err ec_GFp_add_6 ( const mp_int a,
const mp_int b,
mp_int r,
const GFMethod *  meth 
)

Definition at line 508 of file ecl_gf.c.

{
       mp_err res = MP_OKAY;
       mp_digit a0 = 0, a1 = 0, a2 = 0, a3 = 0, a4 = 0, a5 = 0;
       mp_digit r0 = 0, r1 = 0, r2 = 0, r3 = 0, r4 = 0, r5 = 0;
       mp_digit carry;

       switch(MP_USED(a)) {
       case 6:
              a5 = MP_DIGIT(a,5);
       case 5:
              a4 = MP_DIGIT(a,4);
       case 4:
              a3 = MP_DIGIT(a,3);
       case 3:
              a2 = MP_DIGIT(a,2);
       case 2:
              a1 = MP_DIGIT(a,1);
       case 1:
              a0 = MP_DIGIT(a,0);
       }
       switch(MP_USED(b)) {
       case 6:
              r5 = MP_DIGIT(b,5);
       case 5:
              r4 = MP_DIGIT(b,4);
       case 4:
              r3 = MP_DIGIT(b,3);
       case 3:
              r2 = MP_DIGIT(b,2);
       case 2:
              r1 = MP_DIGIT(b,1);
       case 1:
              r0 = MP_DIGIT(b,0);
       }

       MP_ADD_CARRY(a0, r0, r0, 0,     carry);
       MP_ADD_CARRY(a1, r1, r1, carry, carry);
       MP_ADD_CARRY(a2, r2, r2, carry, carry);
       MP_ADD_CARRY(a3, r3, r3, carry, carry);
       MP_ADD_CARRY(a4, r4, r4, carry, carry);
       MP_ADD_CARRY(a5, r5, r5, carry, carry);

       MP_CHECKOK(s_mp_pad(r, 6));
       MP_DIGIT(r, 5) = r5;
       MP_DIGIT(r, 4) = r4;
       MP_DIGIT(r, 3) = r3;
       MP_DIGIT(r, 2) = r2;
       MP_DIGIT(r, 1) = r1;
       MP_DIGIT(r, 0) = r0;
       MP_SIGN(r) = MP_ZPOS;
       MP_USED(r) = 6;

       /* Do quick 'subract' if we've gone over 
        * (add the 2's complement of the curve field) */
       a5 = MP_DIGIT(&meth->irr,5);
       if (carry ||  r5 >  a5 ||
              ((r5 == a5) && mp_cmp(r,&meth->irr) != MP_LT)) {
              a4 = MP_DIGIT(&meth->irr,4);
              a3 = MP_DIGIT(&meth->irr,3);
              a2 = MP_DIGIT(&meth->irr,2);
              a1 = MP_DIGIT(&meth->irr,1);
              a0 = MP_DIGIT(&meth->irr,0);
              MP_SUB_BORROW(r0, a0, r0, 0,     carry);
              MP_SUB_BORROW(r1, a1, r1, carry, carry);
              MP_SUB_BORROW(r2, a2, r2, carry, carry);
              MP_SUB_BORROW(r3, a3, r3, carry, carry);
              MP_SUB_BORROW(r4, a4, r4, carry, carry);
              MP_SUB_BORROW(r5, a5, r5, carry, carry);
              MP_DIGIT(r, 5) = r5;
              MP_DIGIT(r, 4) = r4;
              MP_DIGIT(r, 3) = r3;
              MP_DIGIT(r, 2) = r2;
              MP_DIGIT(r, 1) = r1;
              MP_DIGIT(r, 0) = r0;
       }
       
       s_mp_clamp(r);

  CLEANUP:
       return res;
}

Here is the call graph for this function:

mp_err ec_GFp_dec_mont ( const mp_int a,
mp_int r,
const GFMethod *  meth 
)

Definition at line 171 of file ecp_mont.c.

{
       mp_err res = MP_OKAY;

       if (a != r) {
              MP_CHECKOK(mp_copy(a, r));
       }
       MP_CHECKOK(s_mp_redc(r, (mp_mont_modulus *) meth->extra1));
  CLEANUP:
       return res;
}

Here is the call graph for this function:

mp_err ec_GFp_div ( const mp_int a,
const mp_int b,
mp_int r,
const GFMethod *  meth 
)

Definition at line 945 of file ecl_gf.c.

{
       mp_err res = MP_OKAY;
       mp_int t;

       /* If a is NULL, then return the inverse of b, otherwise return a/b. */
       if (a == NULL) {
              return mp_invmod(b, &meth->irr, r);
       } else {
              /* MPI doesn't support divmod, so we implement it using invmod and 
               * mulmod. */
              MP_CHECKOK(mp_init(&t));
              MP_CHECKOK(mp_invmod(b, &meth->irr, &t));
              MP_CHECKOK(mp_mulmod(a, &t, &meth->irr, r));
         CLEANUP:
              mp_clear(&t);
              return res;
       }
}

Here is the call graph for this function:

mp_err ec_GFp_div_mont ( const mp_int a,
const mp_int b,
mp_int r,
const GFMethod *  meth 
)

Definition at line 136 of file ecp_mont.c.

{
       mp_err res = MP_OKAY;

       /* if A=aZ represents a encoded in montgomery coordinates with Z and # 
        * and \ respectively represent multiplication and division in
        * montgomery coordinates, then A\B = (a/b)Z = (A/B)Z and Binv =
        * (1/b)Z = (1/B)(Z^2) where B # Binv = Z */
       MP_CHECKOK(ec_GFp_div(a, b, r, meth));
       MP_CHECKOK(ec_GFp_enc_mont(r, r, meth));
       if (a == NULL) {
              MP_CHECKOK(ec_GFp_enc_mont(r, r, meth));
       }
  CLEANUP:
       return res;
}

Here is the call graph for this function:

mp_err ec_GFp_enc_mont ( const mp_int a,
mp_int r,
const GFMethod *  meth 
)

Definition at line 157 of file ecp_mont.c.

{
       mp_mont_modulus *mmm;
       mp_err res = MP_OKAY;

       mmm = (mp_mont_modulus *) meth->extra1;
       MP_CHECKOK(mpl_lsh(a, r, mmm->b));
       MP_CHECKOK(mp_mod(r, &mmm->N, r));
  CLEANUP:
       return res;
}

Here is the call graph for this function:

void ec_GFp_extra_free_mont ( GFMethod *  meth)

Definition at line 186 of file ecp_mont.c.

{
       if (meth->extra1 != NULL) {
              free(meth->extra1);
              meth->extra1 = NULL;
       }
}
mp_err ec_GFp_mod ( const mp_int a,
mp_int r,
const GFMethod *  meth 
)

Definition at line 922 of file ecl_gf.c.

{
       return mp_mod(a, &meth->irr, r);
}

Here is the call graph for this function:

mp_err ec_GFp_mul ( const mp_int a,
const mp_int b,
mp_int r,
const GFMethod *  meth 
)

Definition at line 929 of file ecl_gf.c.

{
       return mp_mulmod(a, b, &meth->irr, r);
}

Here is the call graph for this function:

mp_err ec_GFp_mul_mont ( const mp_int a,
const mp_int b,
mp_int r,
const GFMethod *  meth 
)

Definition at line 97 of file ecp_mont.c.

{
       mp_err res = MP_OKAY;

#ifdef MP_MONT_USE_MP_MUL
       /* if MP_MONT_USE_MP_MUL is defined, then the function s_mp_mul_mont
        * is not implemented and we have to use mp_mul and s_mp_redc directly 
        */
       MP_CHECKOK(mp_mul(a, b, r));
       MP_CHECKOK(s_mp_redc(r, (mp_mont_modulus *) meth->extra1));
#else
       mp_int s;

       MP_DIGITS(&s) = 0;
       /* s_mp_mul_mont doesn't allow source and destination to be the same */
       if ((a == r) || (b == r)) {
              MP_CHECKOK(mp_init(&s));
              MP_CHECKOK(s_mp_mul_mont
                               (a, b, &s, (mp_mont_modulus *) meth->extra1));
              MP_CHECKOK(mp_copy(&s, r));
              mp_clear(&s);
       } else {
              return s_mp_mul_mont(a, b, r, (mp_mont_modulus *) meth->extra1);
       }
#endif
  CLEANUP:
       return res;
}

Here is the call graph for this function:

mp_err ec_GFp_neg ( const mp_int a,
mp_int r,
const GFMethod *  meth 
)

Definition at line 216 of file ecl_gf.c.

{
       /* PRE: 0 <= a < p = meth->irr POST: 0 <= r < p, r = -a (mod p) */

       if (mp_cmp_z(a) == 0) {
              mp_zero(r);
              return MP_OKAY;
       }
       return mp_sub(&meth->irr, a, r);
}

Here is the call graph for this function:

mp_err ec_GFp_sqr ( const mp_int a,
mp_int r,
const GFMethod *  meth 
)

Definition at line 937 of file ecl_gf.c.

{
       return mp_sqrmod(a, &meth->irr, r);
}

Here is the call graph for this function:

mp_err ec_GFp_sqr_mont ( const mp_int a,
mp_int r,
const GFMethod *  meth 
)

Definition at line 129 of file ecp_mont.c.

{
       return ec_GFp_mul_mont(a, a, r, meth);
}

Here is the call graph for this function:

mp_err ec_GFp_sub ( const mp_int a,
const mp_int b,
mp_int r,
const GFMethod *  meth 
)

Definition at line 229 of file ecl_gf.c.

{
       mp_err res = MP_OKAY;

       /* PRE: 0 <= a, b < p = meth->irr POST: 0 <= r < p, r = a - b (mod p) */
       res = mp_sub(a, b, r);
       if (res == MP_RANGE) {
              MP_CHECKOK(mp_sub(b, a, r));
              if (mp_cmp_z(r) < 0) {
                     MP_CHECKOK(mp_add(r, &meth->irr, r));
              }
              MP_CHECKOK(ec_GFp_neg(r, r, meth));
       }
       if (mp_cmp_z(r) < 0) {
              MP_CHECKOK(mp_add(r, &meth->irr, r));
       }
  CLEANUP:
       return res;
}

Here is the call graph for this function:

mp_err ec_GFp_sub_3 ( const mp_int a,
const mp_int b,
mp_int r,
const GFMethod *  meth 
)

Definition at line 599 of file ecl_gf.c.

{
       mp_err res = MP_OKAY;
       mp_digit b0 = 0, b1 = 0, b2 = 0;
       mp_digit r0 = 0, r1 = 0, r2 = 0;
       mp_digit borrow;

       switch(MP_USED(a)) {
       case 3:
              r2 = MP_DIGIT(a,2);
       case 2:
              r1 = MP_DIGIT(a,1);
       case 1:
              r0 = MP_DIGIT(a,0);
       }
       switch(MP_USED(b)) {
       case 3:
              b2 = MP_DIGIT(b,2);
       case 2:
              b1 = MP_DIGIT(b,1);
       case 1:
              b0 = MP_DIGIT(b,0);
       }

#ifndef MPI_AMD64_ADD
       MP_SUB_BORROW(r0, b0, r0, 0,     borrow);
       MP_SUB_BORROW(r1, b1, r1, borrow, borrow);
       MP_SUB_BORROW(r2, b2, r2, borrow, borrow);
#else
       __asm__ (
                "xorq   %3,%3           \n\t"
                "subq   %4,%0           \n\t"
                "sbbq   %5,%1           \n\t"
                "sbbq   %6,%2           \n\t"
                "adcq   $0,%3           \n\t"
                : "=r"(r0), "=r"(r1), "=r"(r2), "=r" (borrow)
                : "r" (b0), "r" (b1), "r" (b2), 
                "0" (r0), "1" (r1), "2" (r2)
                : "%cc" );
#endif

       /* Do quick 'add' if we've gone under 0
        * (subtract the 2's complement of the curve field) */
       if (borrow) {
              b2 = MP_DIGIT(&meth->irr,2);
              b1 = MP_DIGIT(&meth->irr,1);
              b0 = MP_DIGIT(&meth->irr,0);
#ifndef MPI_AMD64_ADD
              MP_ADD_CARRY(b0, r0, r0, 0,      borrow);
              MP_ADD_CARRY(b1, r1, r1, borrow, borrow);
              MP_ADD_CARRY(b2, r2, r2, borrow, borrow);
#else
              __asm__ (
                     "addq   %3,%0           \n\t"
                     "adcq   %4,%1           \n\t"
                     "adcq   %5,%2           \n\t"
                     : "=r"(r0), "=r"(r1), "=r"(r2)
                     : "r" (b0), "r" (b1), "r" (b2),
                       "0" (r0), "1" (r1), "2" (r2)
                     : "%cc" );
#endif
       }

#ifdef MPI_AMD64_ADD
       /* compiler fakeout? */
       if ((r2 == b0) && (r1 == b0) && (r0 == b0)) { 
              MP_CHECKOK(s_mp_pad(r, 4));
       } 
#endif
       MP_CHECKOK(s_mp_pad(r, 3));
       MP_DIGIT(r, 2) = r2;
       MP_DIGIT(r, 1) = r1;
       MP_DIGIT(r, 0) = r0;
       MP_SIGN(r) = MP_ZPOS;
       MP_USED(r) = 3;
       s_mp_clamp(r);

  CLEANUP:
       return res;
}

Here is the call graph for this function:

mp_err ec_GFp_sub_4 ( const mp_int a,
const mp_int b,
mp_int r,
const GFMethod *  meth 
)

Definition at line 683 of file ecl_gf.c.

{
       mp_err res = MP_OKAY;
       mp_digit b0 = 0, b1 = 0, b2 = 0, b3 = 0;
       mp_digit r0 = 0, r1 = 0, r2 = 0, r3 = 0;
       mp_digit borrow;

       switch(MP_USED(a)) {
       case 4:
              r3 = MP_DIGIT(a,3);
       case 3:
              r2 = MP_DIGIT(a,2);
       case 2:
              r1 = MP_DIGIT(a,1);
       case 1:
              r0 = MP_DIGIT(a,0);
       }
       switch(MP_USED(b)) {
       case 4:
              b3 = MP_DIGIT(b,3);
       case 3:
              b2 = MP_DIGIT(b,2);
       case 2:
              b1 = MP_DIGIT(b,1);
       case 1:
              b0 = MP_DIGIT(b,0);
       }

#ifndef MPI_AMD64_ADD
       MP_SUB_BORROW(r0, b0, r0, 0,     borrow);
       MP_SUB_BORROW(r1, b1, r1, borrow, borrow);
       MP_SUB_BORROW(r2, b2, r2, borrow, borrow);
       MP_SUB_BORROW(r3, b3, r3, borrow, borrow);
#else
       __asm__ (
                "xorq   %4,%4           \n\t"
                "subq   %5,%0           \n\t"
                "sbbq   %6,%1           \n\t"
                "sbbq   %7,%2           \n\t"
                "sbbq   %8,%3           \n\t"
                "adcq   $0,%4           \n\t"
                : "=r"(r0), "=r"(r1), "=r"(r2), "=r"(r3), "=r" (borrow)
                : "r" (b0), "r" (b1), "r" (b2), "r" (b3),
                "0" (r0), "1" (r1), "2" (r2), "3" (r3)
                : "%cc" );
#endif

       /* Do quick 'add' if we've gone under 0
        * (subtract the 2's complement of the curve field) */
       if (borrow) {
              b3 = MP_DIGIT(&meth->irr,3);
              b2 = MP_DIGIT(&meth->irr,2);
              b1 = MP_DIGIT(&meth->irr,1);
              b0 = MP_DIGIT(&meth->irr,0);
#ifndef MPI_AMD64_ADD
              MP_ADD_CARRY(b0, r0, r0, 0,      borrow);
              MP_ADD_CARRY(b1, r1, r1, borrow, borrow);
              MP_ADD_CARRY(b2, r2, r2, borrow, borrow);
              MP_ADD_CARRY(b3, r3, r3, borrow, borrow);
#else
              __asm__ (
                     "addq   %4,%0           \n\t"
                     "adcq   %5,%1           \n\t"
                     "adcq   %6,%2           \n\t"
                     "adcq   %7,%3           \n\t"
                     : "=r"(r0), "=r"(r1), "=r"(r2), "=r"(r3)
                     : "r" (b0), "r" (b1), "r" (b2), "r" (b3),
                       "0" (r0), "1" (r1), "2" (r2), "3" (r3)
                     : "%cc" );
#endif
       }
#ifdef MPI_AMD64_ADD
       /* compiler fakeout? */
       if ((r3 == b0) && (r1 == b0) && (r0 == b0)) { 
              MP_CHECKOK(s_mp_pad(r, 4));
       } 
#endif
       MP_CHECKOK(s_mp_pad(r, 4));
       MP_DIGIT(r, 3) = r3;
       MP_DIGIT(r, 2) = r2;
       MP_DIGIT(r, 1) = r1;
       MP_DIGIT(r, 0) = r0;
       MP_SIGN(r) = MP_ZPOS;
       MP_USED(r) = 4;
       s_mp_clamp(r);

  CLEANUP:
       return res;
}

Here is the call graph for this function:

mp_err ec_GFp_sub_5 ( const mp_int a,
const mp_int b,
mp_int r,
const GFMethod *  meth 
)

Definition at line 776 of file ecl_gf.c.

{
       mp_err res = MP_OKAY;
       mp_digit b0 = 0, b1 = 0, b2 = 0, b3 = 0, b4 = 0;
       mp_digit r0 = 0, r1 = 0, r2 = 0, r3 = 0, r4 = 0;
       mp_digit borrow;

       switch(MP_USED(a)) {
       case 5:
              r4 = MP_DIGIT(a,4);
       case 4:
              r3 = MP_DIGIT(a,3);
       case 3:
              r2 = MP_DIGIT(a,2);
       case 2:
              r1 = MP_DIGIT(a,1);
       case 1:
              r0 = MP_DIGIT(a,0);
       }
       switch(MP_USED(b)) {
       case 5:
              b4 = MP_DIGIT(b,4);
       case 4:
              b3 = MP_DIGIT(b,3);
       case 3:
              b2 = MP_DIGIT(b,2);
       case 2:
              b1 = MP_DIGIT(b,1);
       case 1:
              b0 = MP_DIGIT(b,0);
       }

       MP_SUB_BORROW(r0, b0, r0, 0,     borrow);
       MP_SUB_BORROW(r1, b1, r1, borrow, borrow);
       MP_SUB_BORROW(r2, b2, r2, borrow, borrow);
       MP_SUB_BORROW(r3, b3, r3, borrow, borrow);
       MP_SUB_BORROW(r4, b4, r4, borrow, borrow);

       /* Do quick 'add' if we've gone under 0
        * (subtract the 2's complement of the curve field) */
       if (borrow) {
              b4 = MP_DIGIT(&meth->irr,4);
              b3 = MP_DIGIT(&meth->irr,3);
              b2 = MP_DIGIT(&meth->irr,2);
              b1 = MP_DIGIT(&meth->irr,1);
              b0 = MP_DIGIT(&meth->irr,0);
              MP_ADD_CARRY(b0, r0, r0, 0,      borrow);
              MP_ADD_CARRY(b1, r1, r1, borrow, borrow);
              MP_ADD_CARRY(b2, r2, r2, borrow, borrow);
              MP_ADD_CARRY(b3, r3, r3, borrow, borrow);
       }
       MP_CHECKOK(s_mp_pad(r, 5));
       MP_DIGIT(r, 4) = r4;
       MP_DIGIT(r, 3) = r3;
       MP_DIGIT(r, 2) = r2;
       MP_DIGIT(r, 1) = r1;
       MP_DIGIT(r, 0) = r0;
       MP_SIGN(r) = MP_ZPOS;
       MP_USED(r) = 5;
       s_mp_clamp(r);

  CLEANUP:
       return res;
}

Here is the call graph for this function:

mp_err ec_GFp_sub_6 ( const mp_int a,
const mp_int b,
mp_int r,
const GFMethod *  meth 
)

Definition at line 844 of file ecl_gf.c.

{
       mp_err res = MP_OKAY;
       mp_digit b0 = 0, b1 = 0, b2 = 0, b3 = 0, b4 = 0, b5 = 0;
       mp_digit r0 = 0, r1 = 0, r2 = 0, r3 = 0, r4 = 0, r5 = 0;
       mp_digit borrow;

       switch(MP_USED(a)) {
       case 6:
              r5 = MP_DIGIT(a,5);
       case 5:
              r4 = MP_DIGIT(a,4);
       case 4:
              r3 = MP_DIGIT(a,3);
       case 3:
              r2 = MP_DIGIT(a,2);
       case 2:
              r1 = MP_DIGIT(a,1);
       case 1:
              r0 = MP_DIGIT(a,0);
       }
       switch(MP_USED(b)) {
       case 6:
              b5 = MP_DIGIT(b,5);
       case 5:
              b4 = MP_DIGIT(b,4);
       case 4:
              b3 = MP_DIGIT(b,3);
       case 3:
              b2 = MP_DIGIT(b,2);
       case 2:
              b1 = MP_DIGIT(b,1);
       case 1:
              b0 = MP_DIGIT(b,0);
       }

       MP_SUB_BORROW(r0, b0, r0, 0,     borrow);
       MP_SUB_BORROW(r1, b1, r1, borrow, borrow);
       MP_SUB_BORROW(r2, b2, r2, borrow, borrow);
       MP_SUB_BORROW(r3, b3, r3, borrow, borrow);
       MP_SUB_BORROW(r4, b4, r4, borrow, borrow);
       MP_SUB_BORROW(r5, b5, r5, borrow, borrow);

       /* Do quick 'add' if we've gone under 0
        * (subtract the 2's complement of the curve field) */
       if (borrow) {
              b5 = MP_DIGIT(&meth->irr,5);
              b4 = MP_DIGIT(&meth->irr,4);
              b3 = MP_DIGIT(&meth->irr,3);
              b2 = MP_DIGIT(&meth->irr,2);
              b1 = MP_DIGIT(&meth->irr,1);
              b0 = MP_DIGIT(&meth->irr,0);
              MP_ADD_CARRY(b0, r0, r0, 0,      borrow);
              MP_ADD_CARRY(b1, r1, r1, borrow, borrow);
              MP_ADD_CARRY(b2, r2, r2, borrow, borrow);
              MP_ADD_CARRY(b3, r3, r3, borrow, borrow);
              MP_ADD_CARRY(b4, r4, r4, borrow, borrow);
       }

       MP_CHECKOK(s_mp_pad(r, 6));
       MP_DIGIT(r, 5) = r5;
       MP_DIGIT(r, 4) = r4;
       MP_DIGIT(r, 3) = r3;
       MP_DIGIT(r, 2) = r2;
       MP_DIGIT(r, 1) = r1;
       MP_DIGIT(r, 0) = r0;
       MP_SIGN(r) = MP_ZPOS;
       MP_USED(r) = 6;
       s_mp_clamp(r);

  CLEANUP:
       return res;
}

Here is the call graph for this function:

mp_err ec_group_set_gf2m163 ( ECGroup *  group,
ECCurveName  name 
)

Definition at line 253 of file ec2_163.c.

{
       group->meth->field_mod = &ec_GF2m_163_mod;
       group->meth->field_mul = &ec_GF2m_163_mul;
       group->meth->field_sqr = &ec_GF2m_163_sqr;
       return MP_OKAY;
}

Here is the call graph for this function:

Here is the caller graph for this function:

mp_err ec_group_set_gf2m193 ( ECGroup *  group,
ECCurveName  name 
)

Definition at line 270 of file ec2_193.c.

{
       group->meth->field_mod = &ec_GF2m_193_mod;
       group->meth->field_mul = &ec_GF2m_193_mul;
       group->meth->field_sqr = &ec_GF2m_193_sqr;
       return MP_OKAY;
}

Here is the call graph for this function:

Here is the caller graph for this function:

mp_err ec_group_set_gf2m233 ( ECGroup *  group,
ECCurveName  name 
)

Definition at line 293 of file ec2_233.c.

{
       group->meth->field_mod = &ec_GF2m_233_mod;
       group->meth->field_mul = &ec_GF2m_233_mul;
       group->meth->field_sqr = &ec_GF2m_233_sqr;
       return MP_OKAY;
}

Here is the call graph for this function:

Here is the caller graph for this function:

mp_err ec_group_set_gfp192 ( ECGroup *  group,
ECCurveName   
)

Definition at line 503 of file ecp_192.c.

{
       if (name == ECCurve_NIST_P192) {
              group->meth->field_mod = &ec_GFp_nistp192_mod;
              group->meth->field_mul = &ec_GFp_nistp192_mul;
              group->meth->field_sqr = &ec_GFp_nistp192_sqr;
              group->meth->field_div = &ec_GFp_nistp192_div;
#ifndef ECL_THIRTY_TWO_BIT
              group->meth->field_add = &ec_GFp_nistp192_add;
              group->meth->field_sub = &ec_GFp_nistp192_sub;
#endif
       }
       return MP_OKAY;
}

Here is the call graph for this function:

mp_err ec_group_set_gfp224 ( ECGroup *  group,
ECCurveName   
)

Definition at line 363 of file ecp_224.c.

{
       if (name == ECCurve_NIST_P224) {
              group->meth->field_mod = &ec_GFp_nistp224_mod;
              group->meth->field_mul = &ec_GFp_nistp224_mul;
              group->meth->field_sqr = &ec_GFp_nistp224_sqr;
              group->meth->field_div = &ec_GFp_nistp224_div;
       }
       return MP_OKAY;
}

Here is the call graph for this function:

mp_err ec_group_set_gfp256 ( ECGroup *  group,
ECCurveName   
)

Definition at line 421 of file ecp_256.c.

{
       if (name == ECCurve_NIST_P256) {
              group->meth->field_mod = &ec_GFp_nistp256_mod;
              group->meth->field_mul = &ec_GFp_nistp256_mul;
              group->meth->field_sqr = &ec_GFp_nistp256_sqr;
       }
       return MP_OKAY;
}

Here is the call graph for this function:

mp_err ec_group_set_gfp384 ( ECGroup *  group,
ECCurveName   
)

Definition at line 285 of file ecp_384.c.

{
       if (name == ECCurve_NIST_P384) {
              group->meth->field_mod = &ec_GFp_nistp384_mod;
              group->meth->field_mul = &ec_GFp_nistp384_mul;
              group->meth->field_sqr = &ec_GFp_nistp384_sqr;
       }
       return MP_OKAY;
}

Here is the call graph for this function:

mp_err ec_group_set_gfp521 ( ECGroup *  group,
ECCurveName   
)

Definition at line 161 of file ecp_521.c.

{
       if (name == ECCurve_NIST_P521) {
              group->meth->field_mod = &ec_GFp_nistp521_mod;
              group->meth->field_mul = &ec_GFp_nistp521_mul;
              group->meth->field_sqr = &ec_GFp_nistp521_sqr;
              group->meth->field_div = &ec_GFp_nistp521_div;
       }
       return MP_OKAY;
}

Here is the call graph for this function:

mp_err ec_pts_mul_basic ( const mp_int k1,
const mp_int k2,
const mp_int px,
const mp_int py,
mp_int rx,
mp_int ry,
const ECGroup *  group 
)

Definition at line 104 of file ecl_mult.c.

{
       mp_err res = MP_OKAY;
       mp_int sx, sy;

       ARGCHK(group != NULL, MP_BADARG);
       ARGCHK(!((k1 == NULL)
                      && ((k2 == NULL) || (px == NULL)
                             || (py == NULL))), MP_BADARG);

       /* if some arguments are not defined used ECPoint_mul */
       if (k1 == NULL) {
              return ECPoint_mul(group, k2, px, py, rx, ry);
       } else if ((k2 == NULL) || (px == NULL) || (py == NULL)) {
              return ECPoint_mul(group, k1, NULL, NULL, rx, ry);
       }

       MP_DIGITS(&sx) = 0;
       MP_DIGITS(&sy) = 0;
       MP_CHECKOK(mp_init(&sx));
       MP_CHECKOK(mp_init(&sy));

       MP_CHECKOK(ECPoint_mul(group, k1, NULL, NULL, &sx, &sy));
       MP_CHECKOK(ECPoint_mul(group, k2, px, py, rx, ry));

       if (group->meth->field_enc) {
              MP_CHECKOK(group->meth->field_enc(&sx, &sx, group->meth));
              MP_CHECKOK(group->meth->field_enc(&sy, &sy, group->meth));
              MP_CHECKOK(group->meth->field_enc(rx, rx, group->meth));
              MP_CHECKOK(group->meth->field_enc(ry, ry, group->meth));
       }

       MP_CHECKOK(group->point_add(&sx, &sy, rx, ry, rx, ry, group));

       if (group->meth->field_dec) {
              MP_CHECKOK(group->meth->field_dec(rx, rx, group->meth));
              MP_CHECKOK(group->meth->field_dec(ry, ry, group->meth));
       }

  CLEANUP:
       mp_clear(&sx);
       mp_clear(&sy);
       return res;
}

Here is the call graph for this function:

mp_err ec_pts_mul_simul_w2 ( const mp_int k1,
const mp_int k2,
const mp_int px,
const mp_int py,
mp_int rx,
mp_int ry,
const ECGroup *  group 
)

Definition at line 159 of file ecl_mult.c.

{
       mp_err res = MP_OKAY;
       mp_int precomp[4][4][2];
       const mp_int *a, *b;
       int i, j;
       int ai, bi, d;

       ARGCHK(group != NULL, MP_BADARG);
       ARGCHK(!((k1 == NULL)
                      && ((k2 == NULL) || (px == NULL)
                             || (py == NULL))), MP_BADARG);

       /* if some arguments are not defined used ECPoint_mul */
       if (k1 == NULL) {
              return ECPoint_mul(group, k2, px, py, rx, ry);
       } else if ((k2 == NULL) || (px == NULL) || (py == NULL)) {
              return ECPoint_mul(group, k1, NULL, NULL, rx, ry);
       }

       /* initialize precomputation table */
       for (i = 0; i < 4; i++) {
              for (j = 0; j < 4; j++) {
                     MP_DIGITS(&precomp[i][j][0]) = 0;
                     MP_DIGITS(&precomp[i][j][1]) = 0;
              }
       }
       for (i = 0; i < 4; i++) {
              for (j = 0; j < 4; j++) {
                      MP_CHECKOK( mp_init_size(&precomp[i][j][0],
                                           ECL_MAX_FIELD_SIZE_DIGITS) );
                      MP_CHECKOK( mp_init_size(&precomp[i][j][1],
                                           ECL_MAX_FIELD_SIZE_DIGITS) );
              }
       }

       /* fill precomputation table */
       /* assign {k1, k2} = {a, b} such that len(a) >= len(b) */
       if (mpl_significant_bits(k1) < mpl_significant_bits(k2)) {
              a = k2;
              b = k1;
              if (group->meth->field_enc) {
                     MP_CHECKOK(group->meth->
                                      field_enc(px, &precomp[1][0][0], group->meth));
                     MP_CHECKOK(group->meth->
                                      field_enc(py, &precomp[1][0][1], group->meth));
              } else {
                     MP_CHECKOK(mp_copy(px, &precomp[1][0][0]));
                     MP_CHECKOK(mp_copy(py, &precomp[1][0][1]));
              }
              MP_CHECKOK(mp_copy(&group->genx, &precomp[0][1][0]));
              MP_CHECKOK(mp_copy(&group->geny, &precomp[0][1][1]));
       } else {
              a = k1;
              b = k2;
              MP_CHECKOK(mp_copy(&group->genx, &precomp[1][0][0]));
              MP_CHECKOK(mp_copy(&group->geny, &precomp[1][0][1]));
              if (group->meth->field_enc) {
                     MP_CHECKOK(group->meth->
                                      field_enc(px, &precomp[0][1][0], group->meth));
                     MP_CHECKOK(group->meth->
                                      field_enc(py, &precomp[0][1][1], group->meth));
              } else {
                     MP_CHECKOK(mp_copy(px, &precomp[0][1][0]));
                     MP_CHECKOK(mp_copy(py, &precomp[0][1][1]));
              }
       }
       /* precompute [*][0][*] */
       mp_zero(&precomp[0][0][0]);
       mp_zero(&precomp[0][0][1]);
       MP_CHECKOK(group->
                        point_dbl(&precomp[1][0][0], &precomp[1][0][1],
                                           &precomp[2][0][0], &precomp[2][0][1], group));
       MP_CHECKOK(group->
                        point_add(&precomp[1][0][0], &precomp[1][0][1],
                                           &precomp[2][0][0], &precomp[2][0][1],
                                           &precomp[3][0][0], &precomp[3][0][1], group));
       /* precompute [*][1][*] */
       for (i = 1; i < 4; i++) {
              MP_CHECKOK(group->
                               point_add(&precomp[0][1][0], &precomp[0][1][1],
                                                  &precomp[i][0][0], &precomp[i][0][1],
                                                  &precomp[i][1][0], &precomp[i][1][1], group));
       }
       /* precompute [*][2][*] */
       MP_CHECKOK(group->
                        point_dbl(&precomp[0][1][0], &precomp[0][1][1],
                                           &precomp[0][2][0], &precomp[0][2][1], group));
       for (i = 1; i < 4; i++) {
              MP_CHECKOK(group->
                               point_add(&precomp[0][2][0], &precomp[0][2][1],
                                                  &precomp[i][0][0], &precomp[i][0][1],
                                                  &precomp[i][2][0], &precomp[i][2][1], group));
       }
       /* precompute [*][3][*] */
       MP_CHECKOK(group->
                        point_add(&precomp[0][1][0], &precomp[0][1][1],
                                           &precomp[0][2][0], &precomp[0][2][1],
                                           &precomp[0][3][0], &precomp[0][3][1], group));
       for (i = 1; i < 4; i++) {
              MP_CHECKOK(group->
                               point_add(&precomp[0][3][0], &precomp[0][3][1],
                                                  &precomp[i][0][0], &precomp[i][0][1],
                                                  &precomp[i][3][0], &precomp[i][3][1], group));
       }

       d = (mpl_significant_bits(a) + 1) / 2;

       /* R = inf */
       mp_zero(rx);
       mp_zero(ry);

       for (i = d - 1; i >= 0; i--) {
              ai = MP_GET_BIT(a, 2 * i + 1);
              ai <<= 1;
              ai |= MP_GET_BIT(a, 2 * i);
              bi = MP_GET_BIT(b, 2 * i + 1);
              bi <<= 1;
              bi |= MP_GET_BIT(b, 2 * i);
              /* R = 2^2 * R */
              MP_CHECKOK(group->point_dbl(rx, ry, rx, ry, group));
              MP_CHECKOK(group->point_dbl(rx, ry, rx, ry, group));
              /* R = R + (ai * A + bi * B) */
              MP_CHECKOK(group->
                               point_add(rx, ry, &precomp[ai][bi][0],
                                                  &precomp[ai][bi][1], rx, ry, group));
       }

       if (group->meth->field_dec) {
              MP_CHECKOK(group->meth->field_dec(rx, rx, group->meth));
              MP_CHECKOK(group->meth->field_dec(ry, ry, group->meth));
       }

  CLEANUP:
       for (i = 0; i < 4; i++) {
              for (j = 0; j < 4; j++) {
                     mp_clear(&precomp[i][j][0]);
                     mp_clear(&precomp[i][j][1]);
              }
       }
       return res;
}

Here is the call graph for this function:

GFMethod* GFMethod_consGF2m ( const mp_int irr,
const unsigned int  irr_arr[5] 
)

Definition at line 130 of file ecl_gf.c.

{
       mp_err res = MP_OKAY;
       int ret;
       GFMethod *meth = NULL;

       meth = GFMethod_new();
       if (meth == NULL)
              return NULL;

       MP_CHECKOK(mp_copy(irr, &meth->irr));
       if (irr_arr != NULL) {
              /* Irreducible polynomials are either trinomials or pentanomials. */
              meth->irr_arr[0] = irr_arr[0];
              meth->irr_arr[1] = irr_arr[1];
              meth->irr_arr[2] = irr_arr[2];
              if (irr_arr[2] > 0) {
                     meth->irr_arr[3] = irr_arr[3];
                     meth->irr_arr[4] = irr_arr[4];
              } else {
                     meth->irr_arr[3] = meth->irr_arr[4] = 0;
              }
       } else {
              ret = mp_bpoly2arr(irr, meth->irr_arr, 5);
              /* Irreducible polynomials are either trinomials or pentanomials. */
              if ((ret != 5) && (ret != 3)) {
                     res = MP_UNDEF;
                     goto CLEANUP;
              }
       }
       meth->field_add = &ec_GF2m_add;
       meth->field_neg = &ec_GF2m_neg;
       meth->field_sub = &ec_GF2m_add;
       meth->field_mod = &ec_GF2m_mod;
       meth->field_mul = &ec_GF2m_mul;
       meth->field_sqr = &ec_GF2m_sqr;
       meth->field_div = &ec_GF2m_div;
       meth->field_enc = NULL;
       meth->field_dec = NULL;
       meth->extra1 = NULL;
       meth->extra2 = NULL;
       meth->extra_free = NULL;

  CLEANUP:
       if (res != MP_OKAY) {
              GFMethod_free(meth);
              return NULL;
       }
       return meth;
}

Here is the call graph for this function:

GFMethod* GFMethod_consGFp ( const mp_int irr)

Definition at line 71 of file ecl_gf.c.

{
       mp_err res = MP_OKAY;
       GFMethod *meth = NULL;

       meth = GFMethod_new();
       if (meth == NULL)
              return NULL;

       MP_CHECKOK(mp_copy(irr, &meth->irr));
       meth->irr_arr[0] = mpl_significant_bits(irr);
       meth->irr_arr[1] = meth->irr_arr[2] = meth->irr_arr[3] =
              meth->irr_arr[4] = 0;
       switch(MP_USED(&meth->irr)) {
       /* maybe we need 1 and 2 words here as well?*/
       case 3:
              meth->field_add = &ec_GFp_add_3;
              meth->field_sub = &ec_GFp_sub_3;
              break;
       case 4:
              meth->field_add = &ec_GFp_add_4;
              meth->field_sub = &ec_GFp_sub_4;
              break;
       case 5:
              meth->field_add = &ec_GFp_add_5;
              meth->field_sub = &ec_GFp_sub_5;
              break;
       case 6:
              meth->field_add = &ec_GFp_add_6;
              meth->field_sub = &ec_GFp_sub_6;
              break;
       default:
              meth->field_add = &ec_GFp_add;
              meth->field_sub = &ec_GFp_sub;
       }
       meth->field_neg = &ec_GFp_neg;
       meth->field_mod = &ec_GFp_mod;
       meth->field_mul = &ec_GFp_mul;
       meth->field_sqr = &ec_GFp_sqr;
       meth->field_div = &ec_GFp_div;
       meth->field_enc = NULL;
       meth->field_dec = NULL;
       meth->extra1 = NULL;
       meth->extra2 = NULL;
       meth->extra_free = NULL;

  CLEANUP:
       if (res != MP_OKAY) {
              GFMethod_free(meth);
              return NULL;
       }
       return meth;
}

Here is the call graph for this function:

GFMethod* GFMethod_consGFp_mont ( const mp_int irr)

Definition at line 53 of file ecp_mont.c.

{
       mp_err res = MP_OKAY;
       int i;
       GFMethod *meth = NULL;
       mp_mont_modulus *mmm;

       meth = GFMethod_consGFp(irr);
       if (meth == NULL)
              return NULL;

       mmm = (mp_mont_modulus *) malloc(sizeof(mp_mont_modulus));
       if (mmm == NULL) {
              res = MP_MEM;
              goto CLEANUP;
       }

       meth->field_mul = &ec_GFp_mul_mont;
       meth->field_sqr = &ec_GFp_sqr_mont;
       meth->field_div = &ec_GFp_div_mont;
       meth->field_enc = &ec_GFp_enc_mont;
       meth->field_dec = &ec_GFp_dec_mont;
       meth->extra1 = mmm;
       meth->extra2 = NULL;
       meth->extra_free = &ec_GFp_extra_free_mont;

       mmm->N = meth->irr;
       i = mpl_significant_bits(&meth->irr);
       i += MP_DIGIT_BIT - 1;
       mmm->b = i - i % MP_DIGIT_BIT;
       mmm->n0prime = 0 - s_mp_invmod_radix(MP_DIGIT(&meth->irr, 0));

  CLEANUP:
       if (res != MP_OKAY) {
              GFMethod_free(meth);
              return NULL;
       }
       return meth;
}

Here is the call graph for this function:

void GFMethod_free ( GFMethod *  meth)

Definition at line 183 of file ecl_gf.c.

{
       if (meth == NULL)
              return;
       if (meth->constructed == MP_NO)
              return;
       mp_clear(&meth->irr);
       if (meth->extra_free != NULL)
              meth->extra_free(meth);
       free(meth);
}

Here is the call graph for this function: