Back to index

lightning-sunbird  0.9+nobinonly
ec_naf.c
Go to the documentation of this file.
00001 /* 
00002  * ***** BEGIN LICENSE BLOCK *****
00003  * Version: MPL 1.1/GPL 2.0/LGPL 2.1
00004  *
00005  * The contents of this file are subject to the Mozilla Public License Version
00006  * 1.1 (the "License"); you may not use this file except in compliance with
00007  * the License. You may obtain a copy of the License at
00008  * http://www.mozilla.org/MPL/
00009  *
00010  * Software distributed under the License is distributed on an "AS IS" basis,
00011  * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
00012  * for the specific language governing rights and limitations under the
00013  * License.
00014  *
00015  * The Original Code is the elliptic curve math library.
00016  *
00017  * The Initial Developer of the Original Code is
00018  * Sun Microsystems, Inc.
00019  * Portions created by the Initial Developer are Copyright (C) 2003
00020  * the Initial Developer. All Rights Reserved.
00021  *
00022  * Contributor(s):
00023  *   Stephen Fung <fungstep@hotmail.com>, Sun Microsystems Laboratories
00024  *
00025  * Alternatively, the contents of this file may be used under the terms of
00026  * either the GNU General Public License Version 2 or later (the "GPL"), or
00027  * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
00028  * in which case the provisions of the GPL or the LGPL are applicable instead
00029  * of those above. If you wish to allow use of your version of this file only
00030  * under the terms of either the GPL or the LGPL, and not to allow others to
00031  * use your version of this file under the terms of the MPL, indicate your
00032  * decision by deleting the provisions above and replace them with the notice
00033  * and other provisions required by the GPL or the LGPL. If you do not delete
00034  * the provisions above, a recipient may use your version of this file under
00035  * the terms of any one of the MPL, the GPL or the LGPL.
00036  *
00037  * ***** END LICENSE BLOCK ***** */
00038 
00039 #include "ecl-priv.h"
00040 
00041 /* Returns 2^e as an integer. This is meant to be used for small powers of 
00042  * two. */
00043 int
00044 ec_twoTo(int e)
00045 {
00046        int a = 1;
00047        int i;
00048 
00049        for (i = 0; i < e; i++) {
00050               a *= 2;
00051        }
00052        return a;
00053 }
00054 
00055 /* Computes the windowed non-adjacent-form (NAF) of a scalar. Out should
00056  * be an array of signed char's to output to, bitsize should be the number 
00057  * of bits of out, in is the original scalar, and w is the window size.
00058  * NAF is discussed in the paper: D. Hankerson, J. Hernandez and A.
00059  * Menezes, "Software implementation of elliptic curve cryptography over
00060  * binary fields", Proc. CHES 2000. */
00061 mp_err
00062 ec_compute_wNAF(signed char *out, int bitsize, const mp_int *in, int w)
00063 {
00064        mp_int k;
00065        mp_err res = MP_OKAY;
00066        int i, twowm1, mask;
00067 
00068        twowm1 = ec_twoTo(w - 1);
00069        mask = 2 * twowm1 - 1;
00070 
00071        MP_DIGITS(&k) = 0;
00072        MP_CHECKOK(mp_init_copy(&k, in));
00073 
00074        i = 0;
00075        /* Compute wNAF form */
00076        while (mp_cmp_z(&k) > 0) {
00077               if (mp_isodd(&k)) {
00078                      out[i] = MP_DIGIT(&k, 0) & mask;
00079                      if (out[i] >= twowm1)
00080                             out[i] -= 2 * twowm1;
00081 
00082                      /* Subtract off out[i].  Note mp_sub_d only works with
00083                       * unsigned digits */
00084                      if (out[i] >= 0) {
00085                             mp_sub_d(&k, out[i], &k);
00086                      } else {
00087                             mp_add_d(&k, -(out[i]), &k);
00088                      }
00089               } else {
00090                      out[i] = 0;
00091               }
00092               mp_div_2(&k, &k);
00093               i++;
00094        }
00095        /* Zero out the remaining elements of the out array. */
00096        for (; i < bitsize + 1; i++) {
00097               out[i] = 0;
00098        }
00099   CLEANUP:
00100        mp_clear(&k);
00101        return res;
00102 
00103 }