http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto-c/blob/8d28d2c3/include/ecdh.h.in ---------------------------------------------------------------------- diff --git a/include/ecdh.h.in b/include/ecdh.h.in new file mode 100644 index 0000000..fa1ecd7 --- /dev/null +++ b/include/ecdh.h.in @@ -0,0 +1,128 @@ +/* +Licensed to the Apache Software Foundation (ASF) under one +or more contributor license agreements. See the NOTICE file +distributed with this work for additional information +regarding copyright ownership. The ASF licenses this file +to you under the Apache License, Version 2.0 (the +"License"); you may not use this file except in compliance +with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, +software distributed under the License is distributed on an +"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +KIND, either express or implied. See the License for the +specific language governing permissions and limitations +under the License. +*/ + +/** + * @file ecdh_ZZZ.h + * @author Mike Scott + * @brief ECDH Header file for implementation of standard EC protocols + * + * + */ + +#ifndef ECDH_ZZZ_H +#define ECDH_ZZZ_H + +#include "ecp_ZZZ.h" +#include "ecdh_support.h" + +#define EGS_ZZZ MODBYTES_XXX /**< ECC Group Size in bytes */ +#define EFS_ZZZ MODBYTES_XXX /**< ECC Field Size in bytes */ + +#define ECDH_OK 0 /**< Function completed without error */ +#define ECDH_INVALID_PUBLIC_KEY -2 /**< Public Key is Invalid */ +#define ECDH_ERROR -3 /**< ECDH Internal Error */ +#define ECDH_INVALID -4 /**< ECDH Internal Error */ + +/* ECDH primitives */ +/** @brief Generate an ECC public/private key pair + * + @param R is a pointer to a cryptographically secure random number generator + @param s the private key, an output internally randomly generated if R!=NULL, otherwise must be provided as an input + @param W the output public key, which is s.G, where G is a fixed generator + @return 0 or an error code + */ +extern int ECP_ZZZ_KEY_PAIR_GENERATE(csprng *R,octet *s,octet *W); +/** @brief Validate an ECC public key + * + @param W the input public key to be validated + @return 0 if public key is OK, or an error code + */ +extern int ECP_ZZZ_PUBLIC_KEY_VALIDATE(octet *W); + +/* ECDH primitives */ + +/** @brief Generate Diffie-Hellman shared key + * + IEEE-1363 Diffie-Hellman shared secret calculation + @param s is the input private key, + @param W the input public key of the other party + @param K the output shared key, in fact the x-coordinate of s.W + @return 0 or an error code + */ +extern int ECP_ZZZ_SVDP_DH(octet *s,octet *W,octet *K); + +/* ECIES functions */ +/** @brief ECIES Encryption + * + IEEE-1363 ECIES Encryption + @param h is the hash type + @param P1 input Key Derivation parameters + @param P2 input Encoding parameters + @param R is a pointer to a cryptographically secure random number generator + @param W the input public key of the recieving party + @param M is the plaintext message to be encrypted + @param len the length of the HMAC tag + @param V component of the output ciphertext + @param C the output ciphertext + @param T the output HMAC tag, part of the ciphertext + */ +extern void ECP_ZZZ_ECIES_ENCRYPT(int h,octet *P1,octet *P2,csprng *R,octet *W,octet *M,int len,octet *V,octet *C,octet *T); +/** @brief ECIES Decryption + * + IEEE-1363 ECIES Decryption + @param h is the hash type + @param P1 input Key Derivation parameters + @param P2 input Encoding parameters + @param V component of the input ciphertext + @param C the input ciphertext + @param T the input HMAC tag, part of the ciphertext + @param U the input private key for decryption + @param M the output plaintext message + @return 1 if successful, else 0 + */ +extern int ECP_ZZZ_ECIES_DECRYPT(int h,octet *P1,octet *P2,octet *V,octet *C,octet *T,octet *U,octet *M); + +/* ECDSA functions */ +/** @brief ECDSA Signature + * + IEEE-1363 ECDSA Signature + @param h is the hash type + @param R is a pointer to a cryptographically secure random number generator + @param k Ephemeral key. This value is used when R=NULL + @param s the input private signing key + @param M the input message to be signed + @param c component of the output signature + @param d component of the output signature + + */ +extern int ECP_ZZZ_SP_DSA(int h,csprng *R,octet *k,octet *s,octet *M,octet *c,octet *d); +/** @brief ECDSA Signature Verification + * + IEEE-1363 ECDSA Signature Verification + @param h is the hash type + @param W the input public key + @param M the input message + @param c component of the input signature + @param d component of the input signature + @return 0 or an error code + */ +extern int ECP_ZZZ_VP_DSA(int h,octet *W,octet *M,octet *c,octet *d); + +#endif +
http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto-c/blob/8d28d2c3/include/ecdh_support.h ---------------------------------------------------------------------- diff --git a/include/ecdh_support.h b/include/ecdh_support.h new file mode 100644 index 0000000..1a2b0f1 --- /dev/null +++ b/include/ecdh_support.h @@ -0,0 +1,111 @@ +/* + Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. +*/ + +/** + * @file ecdh_support.h + * @author Mike Scott + * @brief ECDH Support Header File + * + */ + +#ifndef ECC_SUPPORT_H +#define ECC_SUPPORT_H + +#include "amcl.h" + +/* Auxiliary Functions */ + +/** @brief general purpose hash function w=hash(p|n|x|y) + * + @param sha is the hash type + @param p first octect involved in the hash + @param n integer involved in the hash + @param x second octect involved in the h ash + @param w output + @param pad padding + */ +extern void ehashit(int sha,octet *p,int n,octet *x,octet *w,int pad); + +/** @brief hash an octet into another octet + * + @param h is the hash type + @param I input octet + @param O output octet - H(I) + */ +extern void HASH(int h,octet *I,octet *O); +/** @brief HMAC of message M using key K to create tag of length len in octet tag + * + IEEE-1363 MAC1 function. Uses SHA256 internally. + @param h is the hash type + @param M input message octet + @param K input encryption key + @param len is output desired length of HMAC tag + @param tag is the output HMAC + @return 0 for bad parameters, else 1 + */ +extern int HMAC(int h,octet *M,octet *K,int len,octet *tag); +/** @brief Key Derivation Function - generates key K from inputs Z and P + * + IEEE-1363 KDF2 Key Derivation Function. Uses SHA256 internally. + @param h is the hash type + @param Z input octet + @param P input key derivation parameters - can be NULL + @param len is output desired length of key + @param K is the derived key + */ +extern void KDF2(int h,octet *Z,octet *P,int len,octet *K); +/** @brief Password Based Key Derivation Function - generates key K from password, salt and repeat counter + * + PBKDF2 Password Based Key Derivation Function. Uses SHA256 internally. + @param h is the hash type + @param P input password + @param S input salt + @param rep Number of times to be iterated. + @param len is output desired length + @param K is the derived key + */ +extern void PBKDF2(int h,octet *P,octet *S,int rep,int len,octet *K); +/** @brief AES encrypts a plaintext to a ciphtertext + * + IEEE-1363 AES_CBC_IV0_ENCRYPT function. Encrypts in CBC mode with a zero IV, padding as necessary to create a full final block. + @param K AES key + @param P input plaintext octet + @param C output ciphertext octet + */ +extern void AES_CBC_IV0_ENCRYPT(octet *K,octet *P,octet *C); +/** @brief AES encrypts a plaintext to a ciphtertext + * + IEEE-1363 AES_CBC_IV0_DECRYPT function. Decrypts in CBC mode with a zero IV. + @param K AES key + @param C input ciphertext octet + @param P output plaintext octet + @return 0 if bad input, else 1 + */ +extern int AES_CBC_IV0_DECRYPT(octet *K,octet *C,octet *P); + +/* ECDH primitives - support functions */ +/** @brief Generate an ECC public/private key pair + * + @param R is a pointer to a cryptographically secure random number generator + @param s the private key, an output internally randomly generated if R!=NULL, otherwise must be provided as an input + @param W the output public key, which is s.G, where G is a fixed generator + @return 0 or an error code + */ + +#endif http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto-c/blob/8d28d2c3/include/ecp.h.in ---------------------------------------------------------------------- diff --git a/include/ecp.h.in b/include/ecp.h.in new file mode 100644 index 0000000..baf1522 --- /dev/null +++ b/include/ecp.h.in @@ -0,0 +1,308 @@ +/* + Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. +*/ + +/** + * @file ecp_ZZZ.h + * @author Mike Scott + * @brief ECP Header File + * + */ + +#ifndef ECP_ZZZ_H +#define ECP_ZZZ_H + +#include "fp_YYY.h" +#include "config_curve_ZZZ.h" + +/* Curve Params - see rom_zzz.c */ +extern const int CURVE_A_ZZZ; /**< Elliptic curve A parameter */ +extern const int CURVE_Cof_I_ZZZ; /**< Elliptic curve cofactor */ +extern const int CURVE_B_I_ZZZ; /**< Elliptic curve B_i parameter */ +extern const BIG_XXX CURVE_B_ZZZ; /**< Elliptic curve B parameter */ +extern const BIG_XXX CURVE_Order_ZZZ; /**< Elliptic curve group order */ +extern const BIG_XXX CURVE_Cof_ZZZ; /**< Elliptic curve cofactor */ + +/* Generator point on G1 */ +extern const BIG_XXX CURVE_Gx_ZZZ; /**< x-coordinate of generator point in group G1 */ +extern const BIG_XXX CURVE_Gy_ZZZ; /**< y-coordinate of generator point in group G1 */ + + +/* For Pairings only */ + +/* Generator point on G2 */ +extern const BIG_XXX CURVE_Pxa_ZZZ; /**< real part of x-coordinate of generator point in group G2 */ +extern const BIG_XXX CURVE_Pxb_ZZZ; /**< imaginary part of x-coordinate of generator point in group G2 */ +extern const BIG_XXX CURVE_Pya_ZZZ; /**< real part of y-coordinate of generator point in group G2 */ +extern const BIG_XXX CURVE_Pyb_ZZZ; /**< imaginary part of y-coordinate of generator point in group G2 */ + + +/*** needed for BLS24 curves ***/ + +extern const BIG_XXX CURVE_Pxaa_ZZZ; /**< real part of x-coordinate of generator point in group G2 */ +extern const BIG_XXX CURVE_Pxab_ZZZ; /**< imaginary part of x-coordinate of generator point in group G2 */ +extern const BIG_XXX CURVE_Pxba_ZZZ; /**< real part of x-coordinate of generator point in group G2 */ +extern const BIG_XXX CURVE_Pxbb_ZZZ; /**< imaginary part of x-coordinate of generator point in group G2 */ +extern const BIG_XXX CURVE_Pyaa_ZZZ; /**< real part of y-coordinate of generator point in group G2 */ +extern const BIG_XXX CURVE_Pyab_ZZZ; /**< imaginary part of y-coordinate of generator point in group G2 */ +extern const BIG_XXX CURVE_Pyba_ZZZ; /**< real part of y-coordinate of generator point in group G2 */ +extern const BIG_XXX CURVE_Pybb_ZZZ; /**< imaginary part of y-coordinate of generator point in group G2 */ + +/*** needed for BLS48 curves ***/ + +extern const BIG_XXX CURVE_Pxaaa_ZZZ; /**< real part of x-coordinate of generator point in group G2 */ +extern const BIG_XXX CURVE_Pxaab_ZZZ; /**< imaginary part of x-coordinate of generator point in group G2 */ +extern const BIG_XXX CURVE_Pxaba_ZZZ; /**< real part of x-coordinate of generator point in group G2 */ +extern const BIG_XXX CURVE_Pxabb_ZZZ; /**< imaginary part of x-coordinate of generator point in group G2 */ +extern const BIG_XXX CURVE_Pxbaa_ZZZ; /**< real part of x-coordinate of generator point in group G2 */ +extern const BIG_XXX CURVE_Pxbab_ZZZ; /**< imaginary part of x-coordinate of generator point in group G2 */ +extern const BIG_XXX CURVE_Pxbba_ZZZ; /**< real part of x-coordinate of generator point in group G2 */ +extern const BIG_XXX CURVE_Pxbbb_ZZZ; /**< imaginary part of x-coordinate of generator point in group G2 */ + +extern const BIG_XXX CURVE_Pyaaa_ZZZ; /**< real part of y-coordinate of generator point in group G2 */ +extern const BIG_XXX CURVE_Pyaab_ZZZ; /**< imaginary part of y-coordinate of generator point in group G2 */ +extern const BIG_XXX CURVE_Pyaba_ZZZ; /**< real part of y-coordinate of generator point in group G2 */ +extern const BIG_XXX CURVE_Pyabb_ZZZ; /**< imaginary part of y-coordinate of generator point in group G2 */ +extern const BIG_XXX CURVE_Pybaa_ZZZ; /**< real part of y-coordinate of generator point in group G2 */ +extern const BIG_XXX CURVE_Pybab_ZZZ; /**< imaginary part of y-coordinate of generator point in group G2 */ +extern const BIG_XXX CURVE_Pybba_ZZZ; /**< real part of y-coordinate of generator point in group G2 */ +extern const BIG_XXX CURVE_Pybbb_ZZZ; /**< imaginary part of y-coordinate of generator point in group G2 */ + + +extern const BIG_XXX CURVE_Bnx_ZZZ; /**< BN curve x parameter */ + +extern const BIG_XXX CURVE_Cru_ZZZ; /**< BN curve Cube Root of Unity */ + +extern const BIG_XXX Fra_YYY; /**< real part of BN curve Frobenius Constant */ +extern const BIG_XXX Frb_YYY; /**< imaginary part of BN curve Frobenius Constant */ + + +extern const BIG_XXX CURVE_W_ZZZ[2]; /**< BN curve constant for GLV decomposition */ +extern const BIG_XXX CURVE_SB_ZZZ[2][2]; /**< BN curve constant for GLV decomposition */ +extern const BIG_XXX CURVE_WB_ZZZ[4]; /**< BN curve constant for GS decomposition */ +extern const BIG_XXX CURVE_BB_ZZZ[4][4]; /**< BN curve constant for GS decomposition */ + + +/** + @brief ECP structure - Elliptic Curve Point over base field +*/ + +typedef struct +{ + FP_YYY x; /**< x-coordinate of point */ +#if CURVETYPE_ZZZ!=MONTGOMERY + FP_YYY y; /**< y-coordinate of point. Not needed for Montgomery representation */ +#endif + FP_YYY z;/**< z-coordinate of point */ +} ECP_ZZZ; + + +/* ECP E(Fp) prototypes */ +/** @brief Tests for ECP point equal to infinity + * + @param P ECP point to be tested + @return 1 if infinity, else returns 0 + */ +extern int ECP_ZZZ_isinf(ECP_ZZZ *P); +/** @brief Tests for equality of two ECPs + * + @param P ECP instance to be compared + @param Q ECP instance to be compared + @return 1 if P=Q, else returns 0 + */ +extern int ECP_ZZZ_equals(ECP_ZZZ *P,ECP_ZZZ *Q); +/** @brief Copy ECP point to another ECP point + * + @param P ECP instance, on exit = Q + @param Q ECP instance to be copied + */ +extern void ECP_ZZZ_copy(ECP_ZZZ *P,ECP_ZZZ *Q); +/** @brief Negation of an ECP point + * + @param P ECP instance, on exit = -P + */ +extern void ECP_ZZZ_neg(ECP_ZZZ *P); +/** @brief Set ECP to point-at-infinity + * + @param P ECP instance to be set to infinity + */ +extern void ECP_ZZZ_inf(ECP_ZZZ *P); +/** @brief Calculate Right Hand Side of curve equation y^2=f(x) + * + Function f(x) depends on form of elliptic curve, Weierstrass, Edwards or Montgomery. + Used internally. + @param r BIG n-residue value of f(x) + @param x BIG n-residue x + */ +extern void ECP_ZZZ_rhs(FP_YYY *r,FP_YYY *x); + +#if CURVETYPE_ZZZ==MONTGOMERY +/** @brief Set ECP to point(x,[y]) given x + * + Point P set to infinity if no such point on the curve. Note that y coordinate is not needed. + @param P ECP instance to be set (x,[y]) + @param x BIG x coordinate of point + @return 1 if point exists, else 0 + */ +extern int ECP_ZZZ_set(ECP_ZZZ *P,BIG_XXX x); +/** @brief Extract x coordinate of an ECP point P + * + @param x BIG on exit = x coordinate of point + @param P ECP instance (x,[y]) + @return -1 if P is point-at-infinity, else 0 + */ +extern int ECP_ZZZ_get(BIG_XXX x,ECP_ZZZ *P); +/** @brief Adds ECP instance Q to ECP instance P, given difference D=P-Q + * + Differential addition of points on a Montgomery curve + @param P ECP instance, on exit =P+Q + @param Q ECP instance to be added to P + @param D Difference between P and Q + */ +extern void ECP_ZZZ_add(ECP_ZZZ *P,ECP_ZZZ *Q,ECP_ZZZ *D); +#else +/** @brief Set ECP to point(x,y) given x and y + * + Point P set to infinity if no such point on the curve. + @param P ECP instance to be set (x,y) + @param x BIG x coordinate of point + @param y BIG y coordinate of point + @return 1 if point exists, else 0 + */ +extern int ECP_ZZZ_set(ECP_ZZZ *P,BIG_XXX x,BIG_XXX y); +/** @brief Extract x and y coordinates of an ECP point P + * + If x=y, returns only x + @param x BIG on exit = x coordinate of point + @param y BIG on exit = y coordinate of point (unless x=y) + @param P ECP instance (x,y) + @return sign of y, or -1 if P is point-at-infinity + */ +extern int ECP_ZZZ_get(BIG_XXX x,BIG_XXX y,ECP_ZZZ *P); +/** @brief Adds ECP instance Q to ECP instance P + * + @param P ECP instance, on exit =P+Q + @param Q ECP instance to be added to P + */ +extern void ECP_ZZZ_add(ECP_ZZZ *P,ECP_ZZZ *Q); +/** @brief Subtracts ECP instance Q from ECP instance P + * + @param P ECP instance, on exit =P-Q + @param Q ECP instance to be subtracted from P + */ +extern void ECP_ZZZ_sub(ECP_ZZZ *P,ECP_ZZZ *Q); +/** @brief Set ECP to point(x,y) given just x and sign of y + * + Point P set to infinity if no such point on the curve. If x is on the curve then y is calculated from the curve equation. + The correct y value (plus or minus) is selected given its sign s. + @param P ECP instance to be set (x,[y]) + @param x BIG x coordinate of point + @param s an integer representing the "sign" of y, in fact its least significant bit. + */ +extern int ECP_ZZZ_setx(ECP_ZZZ *P,BIG_XXX x,int s); + +#endif + +/** @brief Multiplies Point by curve co-factor + * + @param Q ECP instance + */ +extern void ECP_ZZZ_cfp(ECP_ZZZ *Q); + +/** @brief Maps random BIG to curve point of correct order + * + @param Q ECP instance of correct order + @param w OCTET byte array to be mapped + */ +extern void ECP_ZZZ_mapit(ECP_ZZZ *Q,octet *w); + +/** @brief Converts an ECP point from Projective (x,y,z) coordinates to affine (x,y) coordinates + * + @param P ECP instance to be converted to affine form + */ +extern void ECP_ZZZ_affine(ECP_ZZZ *P); +/** @brief Formats and outputs an ECP point to the console, in projective coordinates + * + @param P ECP instance to be printed + */ +extern void ECP_ZZZ_outputxyz(ECP_ZZZ *P); +/** @brief Formats and outputs an ECP point to the console, converted to affine coordinates + * + @param P ECP instance to be printed + */ +extern void ECP_ZZZ_output(ECP_ZZZ * P); + +/** @brief Formats and outputs an ECP point to the console + * + @param P ECP instance to be printed + */ +extern void ECP_ZZZ_rawoutput(ECP_ZZZ * P); + +/** @brief Formats and outputs an ECP point to an octet string + * + The octet string is created in the standard form 04|x|y, except for Montgomery curve in which case it is 06|x + Here x (and y) are the x and y coordinates in big-endian base 256 form. + @param S output octet string + @param P ECP instance to be converted to an octet string + */ +extern void ECP_ZZZ_toOctet(octet *S,ECP_ZZZ *P); +/** @brief Creates an ECP point from an octet string + * + The octet string is in the standard form 0x04|x|y, except for Montgomery curve in which case it is 0x06|x + Here x (and y) are the x and y coordinates in left justified big-endian base 256 form. + @param P ECP instance to be created from the octet string + @param S input octet string + return 1 if octet string corresponds to a point on the curve, else 0 + */ +extern int ECP_ZZZ_fromOctet(ECP_ZZZ *P,octet *S); +/** @brief Doubles an ECP instance P + * + @param P ECP instance, on exit =2*P + */ +extern void ECP_ZZZ_dbl(ECP_ZZZ *P); +/** @brief Multiplies an ECP instance P by a small integer, side-channel resistant + * + @param P ECP instance, on exit =i*P + @param i small integer multiplier + @param b maximum number of bits in multiplier + */ +extern void ECP_ZZZ_pinmul(ECP_ZZZ *P,int i,int b); +/** @brief Multiplies an ECP instance P by a BIG, side-channel resistant + * + Uses Montgomery ladder for Montgomery curves, otherwise fixed sized windows. + @param P ECP instance, on exit =b*P + @param b BIG number multiplier + + */ +extern void ECP_ZZZ_mul(ECP_ZZZ *P,BIG_XXX b); +/** @brief Calculates double multiplication P=e*P+f*Q, side-channel resistant + * + @param P ECP instance, on exit =e*P+f*Q + @param Q ECP instance + @param e BIG number multiplier + @param f BIG number multiplier + */ +extern void ECP_ZZZ_mul2(ECP_ZZZ *P,ECP_ZZZ *Q,BIG_XXX e,BIG_XXX f); +/** @brief Get Group Generator from ROM + * + @param G ECP instance + */ +extern void ECP_ZZZ_generator(ECP_ZZZ *G); + + +#endif http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto-c/blob/8d28d2c3/include/ecp2.h.in ---------------------------------------------------------------------- diff --git a/include/ecp2.h.in b/include/ecp2.h.in new file mode 100644 index 0000000..df279b1 --- /dev/null +++ b/include/ecp2.h.in @@ -0,0 +1,219 @@ +/* + Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. +*/ + +/** + * @file ecp2_ZZZ.h + * @author Mike Scott + * @brief ECP2 Header File + * + */ + +#ifndef ECP2_ZZZ_H +#define ECP2_ZZZ_H + +#include "fp2_YYY.h" +#include "config_curve_ZZZ.h" + +/** + @brief ECP2 Structure - Elliptic Curve Point over quadratic extension field +*/ + +typedef struct +{ + FP2_YYY x; /**< x-coordinate of point */ + FP2_YYY y; /**< y-coordinate of point */ + FP2_YYY z; /**< z-coordinate of point */ +} ECP2_ZZZ; + + +/* Curve Params - see rom_zzz.c */ +extern const int CURVE_A_ZZZ; /**< Elliptic curve A parameter */ +extern const int CURVE_B_I_ZZZ; /**< Elliptic curve B parameter */ +extern const BIG_XXX CURVE_B_ZZZ; /**< Elliptic curve B parameter */ +extern const BIG_XXX CURVE_Order_ZZZ; /**< Elliptic curve group order */ +extern const BIG_XXX CURVE_Cof_ZZZ; /**< Elliptic curve cofactor */ +extern const BIG_XXX CURVE_Bnx_ZZZ; /**< Elliptic curve parameter */ + +extern const BIG_XXX Fra_YYY; /**< real part of BN curve Frobenius Constant */ +extern const BIG_XXX Frb_YYY; /**< imaginary part of BN curve Frobenius Constant */ + + +/* Generator point on G1 */ +extern const BIG_XXX CURVE_Gx_ZZZ; /**< x-coordinate of generator point in group G1 */ +extern const BIG_XXX CURVE_Gy_ZZZ; /**< y-coordinate of generator point in group G1 */ + +/* For Pairings only */ + +/* Generator point on G2 */ +extern const BIG_XXX CURVE_Pxa_ZZZ; /**< real part of x-coordinate of generator point in group G2 */ +extern const BIG_XXX CURVE_Pxb_ZZZ; /**< imaginary part of x-coordinate of generator point in group G2 */ +extern const BIG_XXX CURVE_Pya_ZZZ; /**< real part of y-coordinate of generator point in group G2 */ +extern const BIG_XXX CURVE_Pyb_ZZZ; /**< imaginary part of y-coordinate of generator point in group G2 */ + +/* ECP2 E(Fp2) prototypes */ +/** @brief Tests for ECP2 point equal to infinity + * + @param P ECP2 point to be tested + @return 1 if infinity, else returns 0 + */ +extern int ECP2_ZZZ_isinf(ECP2_ZZZ *P); +/** @brief Copy ECP2 point to another ECP2 point + * + @param P ECP2 instance, on exit = Q + @param Q ECP2 instance to be copied + */ +extern void ECP2_ZZZ_copy(ECP2_ZZZ *P,ECP2_ZZZ *Q); +/** @brief Set ECP2 to point-at-infinity + * + @param P ECP2 instance to be set to infinity + */ +extern void ECP2_ZZZ_inf(ECP2_ZZZ *P); +/** @brief Tests for equality of two ECP2s + * + @param P ECP2 instance to be compared + @param Q ECP2 instance to be compared + @return 1 if P=Q, else returns 0 + */ +extern int ECP2_ZZZ_equals(ECP2_ZZZ *P,ECP2_ZZZ *Q); +/** @brief Converts an ECP2 point from Projective (x,y,z) coordinates to affine (x,y) coordinates + * + @param P ECP2 instance to be converted to affine form + */ +extern void ECP2_ZZZ_affine(ECP2_ZZZ *P); +/** @brief Extract x and y coordinates of an ECP2 point P + * + If x=y, returns only x + @param x FP2 on exit = x coordinate of point + @param y FP2 on exit = y coordinate of point (unless x=y) + @param P ECP2 instance (x,y) + @return -1 if P is point-at-infinity, else 0 + */ +extern int ECP2_ZZZ_get(FP2_YYY *x,FP2_YYY *y,ECP2_ZZZ *P); +/** @brief Formats and outputs an ECP2 point to the console, converted to affine coordinates + * + @param P ECP2 instance to be printed + */ +extern void ECP2_ZZZ_output(ECP2_ZZZ *P); +/** @brief Formats and outputs an ECP2 point to the console, in projective coordinates + * + @param P ECP2 instance to be printed + */ +extern void ECP2_ZZZ_outputxyz(ECP2_ZZZ *P); +/** @brief Formats and outputs an ECP2 point to an octet string + * + The octet string is created in the form x|y. + Convert the real and imaginary parts of the x and y coordinates to big-endian base 256 form. + @param S output octet string + @param P ECP2 instance to be converted to an octet string + */ +extern void ECP2_ZZZ_toOctet(octet *S,ECP2_ZZZ *P); +/** @brief Creates an ECP2 point from an octet string + * + The octet string is in the form x|y + The real and imaginary parts of the x and y coordinates are in big-endian base 256 form. + @param P ECP2 instance to be created from the octet string + @param S input octet string + return 1 if octet string corresponds to a point on the curve, else 0 + */ +extern int ECP2_ZZZ_fromOctet(ECP2_ZZZ *P,octet *S); +/** @brief Calculate Right Hand Side of curve equation y^2=f(x) + * + Function f(x)=x^3+Ax+B + Used internally. + @param r FP2 value of f(x) + @param x FP2 instance + */ +extern void ECP2_ZZZ_rhs(FP2_YYY *r,FP2_YYY *x); +/** @brief Set ECP2 to point(x,y) given x and y + * + Point P set to infinity if no such point on the curve. + @param P ECP2 instance to be set (x,y) + @param x FP2 x coordinate of point + @param y FP2 y coordinate of point + @return 1 if point exists, else 0 + */ +extern int ECP2_ZZZ_set(ECP2_ZZZ *P,FP2_YYY *x,FP2_YYY *y); +/** @brief Set ECP to point(x,[y]) given x + * + Point P set to infinity if no such point on the curve. Otherwise y coordinate is calculated from x. + @param P ECP instance to be set (x,[y]) + @param x BIG x coordinate of point + @return 1 if point exists, else 0 + */ +extern int ECP2_ZZZ_setx(ECP2_ZZZ *P,FP2_YYY *x); +/** @brief Negation of an ECP2 point + * + @param P ECP2 instance, on exit = -P + */ +extern void ECP2_ZZZ_neg(ECP2_ZZZ *P); +/** @brief Doubles an ECP2 instance P + * + @param P ECP2 instance, on exit =2*P + */ +extern int ECP2_ZZZ_dbl(ECP2_ZZZ *P); +/** @brief Adds ECP2 instance Q to ECP2 instance P + * + @param P ECP2 instance, on exit =P+Q + @param Q ECP2 instance to be added to P + */ +extern int ECP2_ZZZ_add(ECP2_ZZZ *P,ECP2_ZZZ *Q); +/** @brief Subtracts ECP instance Q from ECP2 instance P + * + @param P ECP2 instance, on exit =P-Q + @param Q ECP2 instance to be subtracted from P + */ +extern void ECP2_ZZZ_sub(ECP2_ZZZ *P,ECP2_ZZZ *Q); +/** @brief Multiplies an ECP2 instance P by a BIG, side-channel resistant + * + Uses fixed sized windows. + @param P ECP2 instance, on exit =b*P + @param b BIG number multiplier + + */ +extern void ECP2_ZZZ_mul(ECP2_ZZZ *P,BIG_XXX b); +/** @brief Multiplies an ECP2 instance P by the internal modulus p, using precalculated Frobenius constant f + * + Fast point multiplication using Frobenius + @param P ECP2 instance, on exit = p*P + @param f FP2 precalculated Frobenius constant + + */ +extern void ECP2_ZZZ_frob(ECP2_ZZZ *P,FP2_YYY *f); +/** @brief Calculates P=b[0]*Q[0]+b[1]*Q[1]+b[2]*Q[2]+b[3]*Q[3] + * + @param P ECP2 instance, on exit = b[0]*Q[0]+b[1]*Q[1]+b[2]*Q[2]+b[3]*Q[3] + @param Q ECP2 array of 4 points + @param b BIG array of 4 multipliers + */ +extern void ECP2_ZZZ_mul4(ECP2_ZZZ *P,ECP2_ZZZ *Q,BIG_XXX *b); + +/** @brief Maps random BIG to curve point of correct order + * + @param P ECP2 instance of correct order + @param w OCTET byte array to be mapped + */ +extern void ECP2_ZZZ_mapit(ECP2_ZZZ *P,octet *w); + +/** @brief Get Group Generator from ROM + * + @param G ECP2 instance + */ +extern void ECP2_ZZZ_generator(ECP2_ZZZ *G); + +#endif http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto-c/blob/8d28d2c3/include/ecp4.h.in ---------------------------------------------------------------------- diff --git a/include/ecp4.h.in b/include/ecp4.h.in new file mode 100644 index 0000000..e575a1c --- /dev/null +++ b/include/ecp4.h.in @@ -0,0 +1,253 @@ +/* + Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. +*/ + +/** + * @file ecp4_ZZZ.h + * @author Mike Scott + * @brief ECP4 Header File + * + */ + + +#ifndef ECP4_ZZZ_H +#define ECP4_ZZZ_H + +#include "fp4_YYY.h" +#include "config_curve_ZZZ.h" + + +/** + @brief ECP4 Structure - Elliptic Curve Point over quadratic extension field +*/ + +typedef struct +{ + FP4_YYY x; /**< x-coordinate of point */ + FP4_YYY y; /**< y-coordinate of point */ + FP4_YYY z; /**< z-coordinate of point */ +} ECP4_ZZZ; + + +/* Curve Params - see rom.c */ +extern const int CURVE_A_ZZZ; /**< Elliptic curve A parameter */ +extern const int CURVE_B_I_ZZZ; /**< Elliptic curve B parameter */ +extern const BIG_XXX CURVE_B_ZZZ; /**< Elliptic curve B parameter */ +extern const BIG_XXX CURVE_Order_ZZZ; /**< Elliptic curve group order */ +extern const BIG_XXX CURVE_Cof_ZZZ; /**< Elliptic curve cofactor */ +extern const BIG_XXX CURVE_Bnx_ZZZ; /**< Elliptic curve parameter */ + +extern const BIG_XXX Fra_YYY; /**< real part of curve Frobenius Constant */ +extern const BIG_XXX Frb_YYY; /**< imaginary part of curve Frobenius Constant */ + +/* Generator point on G1 */ +extern const BIG_XXX CURVE_Gx_ZZZ; /**< x-coordinate of generator point in group G1 */ +extern const BIG_XXX CURVE_Gy_ZZZ; /**< y-coordinate of generator point in group G1 */ + +/* For Pairings only */ + +/* Generator point on G2 */ +extern const BIG_XXX CURVE_Pxaa_ZZZ; /**< real part of x-coordinate of generator point in group G2 */ +extern const BIG_XXX CURVE_Pxab_ZZZ; /**< imaginary part of x-coordinate of generator point in group G2 */ +extern const BIG_XXX CURVE_Pxba_ZZZ; /**< real part of x-coordinate of generator point in group G2 */ +extern const BIG_XXX CURVE_Pxbb_ZZZ; /**< imaginary part of x-coordinate of generator point in group G2 */ +extern const BIG_XXX CURVE_Pyaa_ZZZ; /**< real part of y-coordinate of generator point in group G2 */ +extern const BIG_XXX CURVE_Pyab_ZZZ; /**< imaginary part of y-coordinate of generator point in group G2 */ +extern const BIG_XXX CURVE_Pyba_ZZZ; /**< real part of y-coordinate of generator point in group G2 */ +extern const BIG_XXX CURVE_Pybb_ZZZ; /**< imaginary part of y-coordinate of generator point in group G2 */ + +/* ECP4 E(FP4) prototypes */ +/** @brief Tests for ECP4 point equal to infinity + * + @param P ECP4 point to be tested + @return 1 if infinity, else returns 0 + */ +extern int ECP4_ZZZ_isinf(ECP4_ZZZ *P); + +/** @brief Copy ECP4 point to another ECP4 point + * + @param P ECP4 instance, on exit = Q + @param Q ECP4 instance to be copied + */ +extern void ECP4_ZZZ_copy(ECP4_ZZZ *P,ECP4_ZZZ *Q); + +/** @brief Set ECP4 to point-at-infinity + * + @param P ECP4 instance to be set to infinity + */ +extern void ECP4_ZZZ_inf(ECP4_ZZZ *P); + +/** @brief Tests for equality of two ECP4s + * + @param P ECP4 instance to be compared + @param Q ECP4 instance to be compared + @return 1 if P=Q, else returns 0 + */ +extern int ECP4_ZZZ_equals(ECP4_ZZZ *P,ECP4_ZZZ *Q); + +/** @brief Converts an ECP4 point from Projective (x,y,z) coordinates to affine (x,y) coordinates + * + @param P ECP4 instance to be converted to affine form + */ +extern void ECP4_ZZZ_affine(ECP4_ZZZ *P); + +/** @brief Extract x and y coordinates of an ECP4 point P + * + If x=y, returns only x + @param x FP4 on exit = x coordinate of point + @param y FP4 on exit = y coordinate of point (unless x=y) + @param P ECP4 instance (x,y) + @return -1 if P is point-at-infinity, else 0 + */ +extern int ECP4_ZZZ_get(FP4_YYY *x,FP4_YYY *y,ECP4_ZZZ *P); + +/** @brief Formats and outputs an ECP4 point to the console, converted to affine coordinates + * + @param P ECP4 instance to be printed + */ +extern void ECP4_ZZZ_output(ECP4_ZZZ *P); + +/** @brief Formats and outputs an ECP4 point to an octet string + * + The octet string is created in the form x|y. + Convert the real and imaginary parts of the x and y coordinates to big-endian base 256 form. + @param S output octet string + @param P ECP4 instance to be converted to an octet string + */ +extern void ECP4_ZZZ_toOctet(octet *S,ECP4_ZZZ *P); + +/** @brief Creates an ECP4 point from an octet string + * + The octet string is in the form x|y + The real and imaginary parts of the x and y coordinates are in big-endian base 256 form. + @param P ECP4 instance to be created from the octet string + @param S input octet string + return 1 if octet string corresponds to a point on the curve, else 0 + */ +extern int ECP4_ZZZ_fromOctet(ECP4_ZZZ *P,octet *S); + +/** @brief Calculate Right Hand Side of curve equation y^2=f(x) + * + Function f(x)=x^3+Ax+B + Used internally. + @param r FP4 value of f(x) + @param x FP4 instance + */ +extern void ECP4_ZZZ_rhs(FP4_YYY *r,FP4_YYY *x); + +/** @brief Set ECP4 to point(x,y) given x and y + * + Point P set to infinity if no such point on the curve. + @param P ECP4 instance to be set (x,y) + @param x FP4 x coordinate of point + @param y FP4 y coordinate of point + @return 1 if point exists, else 0 + */ +extern int ECP4_ZZZ_set(ECP4_ZZZ *P,FP4_YYY *x,FP4_YYY *y); + +/** @brief Set ECP to point(x,[y]) given x + * + Point P set to infinity if no such point on the curve. Otherwise y coordinate is calculated from x. + @param P ECP instance to be set (x,[y]) + @param x BIG x coordinate of point + @return 1 if point exists, else 0 + */ +extern int ECP4_ZZZ_setx(ECP4_ZZZ *P,FP4_YYY *x); + +/** @brief Negation of an ECP4 point + * + @param P ECP4 instance, on exit = -P + */ +extern void ECP4_ZZZ_neg(ECP4_ZZZ *P); + +/** @brief Reduction of an ECP4 point + * + @param P ECP4 instance, on exit (x,y) are reduced wrt the modulus + */ +extern void ECP4_ZZZ_reduce(ECP4_ZZZ *P); + +/** @brief Doubles an ECP4 instance P + * + @param P ECP4 instance, on exit =2*P + */ +extern int ECP4_ZZZ_dbl(ECP4_ZZZ *P); + +/** @brief Adds ECP4 instance Q to ECP4 instance P + * + @param P ECP4 instance, on exit =P+Q + @param Q ECP4 instance to be added to P + */ +extern int ECP4_ZZZ_add(ECP4_ZZZ *P,ECP4_ZZZ *Q); + +/** @brief Subtracts ECP instance Q from ECP4 instance P + * + @param P ECP4 instance, on exit =P-Q + @param Q ECP4 instance to be subtracted from P + */ +extern void ECP4_ZZZ_sub(ECP4_ZZZ *P,ECP4_ZZZ *Q); + +/** @brief Multiplies an ECP4 instance P by a BIG, side-channel resistant + * + Uses fixed sized windows. + @param P ECP4 instance, on exit =b*P + @param b BIG number multiplier + + */ +extern void ECP4_ZZZ_mul(ECP4_ZZZ *P,BIG_XXX b); + +/** @brief Calculates required Frobenius constants + * + Calculate Frobenius constants + @param F array of FP2 precalculated constants + + */ +extern void ECP4_ZZZ_frob_constants(FP2_YYY F[3]); + +/** @brief Multiplies an ECP4 instance P by the internal modulus p^n, using precalculated Frobenius constants + * + Fast point multiplication using Frobenius + @param P ECP4 instance, on exit = p^n*P + @param F array of FP2 precalculated Frobenius constant + @param n power of prime + + */ +extern void ECP4_ZZZ_frob(ECP4_ZZZ *P,FP2_YYY F[3],int n); + +/** @brief Calculates P=Sigma b[i]*Q[i] for i=0 to 7 + * + @param P ECP4 instance, on exit = Sigma b[i]*Q[i] for i=0 to 7 + @param Q ECP4 array of 8 points + @param b BIG array of 8 multipliers + */ +extern void ECP4_ZZZ_mul8(ECP4_ZZZ *P,ECP4_ZZZ *Q,BIG_XXX *b); + +/** @brief Maps random BIG to curve point of correct order + * + @param P ECP4 instance of correct order + @param w OCTET byte array to be mapped + */ +extern void ECP4_ZZZ_mapit(ECP4_ZZZ *P,octet *w); + +/** @brief Get Group Generator from ROM + * + @param G ECP4 instance + */ +extern void ECP4_ZZZ_generator(ECP4_ZZZ *G); + + +#endif \ No newline at end of file http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto-c/blob/8d28d2c3/include/ecp8.h.in ---------------------------------------------------------------------- diff --git a/include/ecp8.h.in b/include/ecp8.h.in new file mode 100644 index 0000000..d071a85 --- /dev/null +++ b/include/ecp8.h.in @@ -0,0 +1,267 @@ +/* + Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. +*/ + +/** + * @file ecp8_ZZZ.h + * @author Mike Scott + * @brief ECP8 Header File + * + */ + + +#ifndef ECP8_ZZZ_H +#define ECP8_ZZZ_H + +#include "fp8_YYY.h" +#include "config_curve_ZZZ.h" + + +extern const BIG_XXX Fra_YYY; /**< real part of BN curve Frobenius Constant */ +extern const BIG_XXX Frb_YYY; /**< imaginary part of BN curve Frobenius Constant */ + + +/** + @brief ECP8 Structure - Elliptic Curve Point over quadratic extension field +*/ + +typedef struct +{ + FP8_YYY x; /**< x-coordinate of point */ + FP8_YYY y; /**< y-coordinate of point */ + FP8_YYY z; /**< z-coordinate of point */ +} ECP8_ZZZ; + + +/* Curve Params - see rom.c */ +extern const int CURVE_A_ZZZ; /**< Elliptic curve A parameter */ +extern const int CURVE_B_I_ZZZ; /**< Elliptic curve B parameter */ +extern const BIG_XXX CURVE_B_ZZZ; /**< Elliptic curve B parameter */ +extern const BIG_XXX CURVE_Order_ZZZ; /**< Elliptic curve group order */ +extern const BIG_XXX CURVE_Cof_ZZZ; /**< Elliptic curve cofactor */ +extern const BIG_XXX CURVE_Bnx_ZZZ; /**< Elliptic curve parameter */ + + +/* Generator point on G1 */ +extern const BIG_XXX CURVE_Gx; /**< x-coordinate of generator point in group G1 */ +extern const BIG_XXX CURVE_Gy; /**< y-coordinate of generator point in group G1 */ + +/* For Pairings only */ + +/* Generator point on G2 */ +extern const BIG_XXX CURVE_Pxaaa_ZZZ; /**< real part of x-coordinate of generator point in group G2 */ +extern const BIG_XXX CURVE_Pxaab_ZZZ; /**< imaginary part of x-coordinate of generator point in group G2 */ +extern const BIG_XXX CURVE_Pxaba_ZZZ; /**< real part of x-coordinate of generator point in group G2 */ +extern const BIG_XXX CURVE_Pxabb_ZZZ; /**< imaginary part of x-coordinate of generator point in group G2 */ +extern const BIG_XXX CURVE_Pxbaa_ZZZ; /**< real part of x-coordinate of generator point in group G2 */ +extern const BIG_XXX CURVE_Pxbab_ZZZ; /**< imaginary part of x-coordinate of generator point in group G2 */ +extern const BIG_XXX CURVE_Pxbba_ZZZ; /**< real part of x-coordinate of generator point in group G2 */ +extern const BIG_XXX CURVE_Pxbbb_ZZZ; /**< imaginary part of x-coordinate of generator point in group G2 */ + +extern const BIG_XXX CURVE_Pyaaa_ZZZ; /**< real part of y-coordinate of generator point in group G2 */ +extern const BIG_XXX CURVE_Pyaab_ZZZ; /**< imaginary part of y-coordinate of generator point in group G2 */ +extern const BIG_XXX CURVE_Pyaba_ZZZ; /**< real part of y-coordinate of generator point in group G2 */ +extern const BIG_XXX CURVE_Pyabb_ZZZ; /**< imaginary part of y-coordinate of generator point in group G2 */ +extern const BIG_XXX CURVE_Pybaa_ZZZ; /**< real part of y-coordinate of generator point in group G2 */ +extern const BIG_XXX CURVE_Pybab_ZZZ; /**< imaginary part of y-coordinate of generator point in group G2 */ +extern const BIG_XXX CURVE_Pybba_ZZZ; /**< real part of y-coordinate of generator point in group G2 */ +extern const BIG_XXX CURVE_Pybbb_ZZZ; /**< imaginary part of y-coordinate of generator point in group G2 */ + + +/* ECP8 E(FP8) prototypes */ +/** @brief Tests for ECP8 point equal to infinity + * + @param P ECP8 point to be tested + @return 1 if infinity, else returns 0 + */ +extern int ECP8_ZZZ_isinf(ECP8_ZZZ *P); + +/** @brief Copy ECP8 point to another ECP8 point + * + @param P ECP8 instance, on exit = Q + @param Q ECP8 instance to be copied + */ +extern void ECP8_ZZZ_copy(ECP8_ZZZ *P,ECP8_ZZZ *Q); + +/** @brief Set ECP8 to point-at-infinity + * + @param P ECP8 instance to be set to infinity + */ +extern void ECP8_ZZZ_inf(ECP8_ZZZ *P); + +/** @brief Tests for equality of two ECP8s + * + @param P ECP8 instance to be compared + @param Q ECP8 instance to be compared + @return 1 if P=Q, else returns 0 + */ +extern int ECP8_ZZZ_equals(ECP8_ZZZ *P,ECP8_ZZZ *Q); + + +/** @brief Converts an ECP8 point from Projective (x,y,z) coordinates to affine (x,y) coordinates + * + @param P ECP8 instance to be converted to affine form + */ +extern void ECP8_ZZZ_affine(ECP8_ZZZ *P); + + +/** @brief Extract x and y coordinates of an ECP8 point P + * + If x=y, returns only x + @param x FP8 on exit = x coordinate of point + @param y FP8 on exit = y coordinate of point (unless x=y) + @param P ECP8 instance (x,y) + @return -1 if P is point-at-infinity, else 0 + */ +extern int ECP8_ZZZ_get(FP8_YYY *x,FP8_YYY *y,ECP8_ZZZ *P); + +/** @brief Formats and outputs an ECP8 point to the console, converted to affine coordinates + * + @param P ECP8 instance to be printed + */ +extern void ECP8_ZZZ_output(ECP8_ZZZ *P); + +/** @brief Formats and outputs an ECP8 point to an octet string + * + The octet string is created in the form x|y. + Convert the real and imaginary parts of the x and y coordinates to big-endian base 256 form. + @param S output octet string + @param P ECP8 instance to be converted to an octet string + */ +extern void ECP8_ZZZ_toOctet(octet *S,ECP8_ZZZ *P); + +/** @brief Creates an ECP8 point from an octet string + * + The octet string is in the form x|y + The real and imaginary parts of the x and y coordinates are in big-endian base 256 form. + @param P ECP8 instance to be created from the octet string + @param S input octet string + return 1 if octet string corresponds to a point on the curve, else 0 + */ +extern int ECP8_ZZZ_fromOctet(ECP8_ZZZ *P,octet *S); + +/** @brief Calculate Right Hand Side of curve equation y^2=f(x) + * + Function f(x)=x^3+Ax+B + Used internally. + @param r FP8 value of f(x) + @param x FP8 instance + */ +extern void ECP8_ZZZ_rhs(FP8_YYY *r,FP8_YYY *x); + +/** @brief Set ECP8 to point(x,y) given x and y + * + Point P set to infinity if no such point on the curve. + @param P ECP8 instance to be set (x,y) + @param x FP8 x coordinate of point + @param y FP8 y coordinate of point + @return 1 if point exists, else 0 + */ +extern int ECP8_ZZZ_set(ECP8_ZZZ *P,FP8_YYY *x,FP8_YYY *y); + +/** @brief Set ECP to point(x,[y]) given x + * + Point P set to infinity if no such point on the curve. Otherwise y coordinate is calculated from x. + @param P ECP instance to be set (x,[y]) + @param x BIG x coordinate of point + @return 1 if point exists, else 0 + */ +extern int ECP8_ZZZ_setx(ECP8_ZZZ *P,FP8_YYY *x); + +/** @brief Negation of an ECP8 point + * + @param P ECP8 instance, on exit = -P + */ +extern void ECP8_ZZZ_neg(ECP8_ZZZ *P); + +/** @brief Reduction of an ECP8 point + * + @param P ECP8 instance, on exit (x,y) are reduced wrt the modulus + */ +extern void ECP8_ZZZ_reduce(ECP8_ZZZ *P); + +/** @brief Doubles an ECP8 instance P + * + @param P ECP8 instance, on exit =2*P + */ +extern int ECP8_ZZZ_dbl(ECP8_ZZZ *P); + +/** @brief Adds ECP8 instance Q to ECP8 instance P + * + @param P ECP8 instance, on exit =P+Q + @param Q ECP8 instance to be added to P + */ +extern int ECP8_ZZZ_add(ECP8_ZZZ *P,ECP8_ZZZ *Q); + +/** @brief Subtracts ECP instance Q from ECP8 instance P + * + @param P ECP8 instance, on exit =P-Q + @param Q ECP8 instance to be subtracted from P + */ +extern void ECP8_ZZZ_sub(ECP8_ZZZ *P,ECP8_ZZZ *Q); + +/** @brief Multiplies an ECP8 instance P by a BIG, side-channel resistant + * + Uses fixed sized windows. + @param P ECP8 instance, on exit =b*P + @param b BIG number multiplier + + */ +extern void ECP8_ZZZ_mul(ECP8_ZZZ *P,BIG_XXX b); + +/** @brief Calculates required Frobenius constants + * + Calculate Frobenius constants + @param F array of FP2 precalculated constants + + */ +extern void ECP8_ZZZ_frob_constants(FP2_YYY F[3]); + +/** @brief Multiplies an ECP8 instance P by the internal modulus p^n, using precalculated Frobenius constants + * + Fast point multiplication using Frobenius + @param P ECP8 instance, on exit = p^n*P + @param F array of FP2 precalculated Frobenius constant + @param n power of prime + + */ +extern void ECP8_ZZZ_frob(ECP8_ZZZ *P,FP2_YYY F[3],int n); + +/** @brief Calculates P=Sigma b[i]*Q[i] for i=0 to 7 + * + @param P ECP8 instance, on exit = Sigma b[i]*Q[i] for i=0 to 7 + @param Q ECP8 array of 4 points + @param b BIG array of 4 multipliers + */ +extern void ECP8_ZZZ_mul16(ECP8_ZZZ *P,ECP8_ZZZ *Q,BIG_XXX *b); + +/** @brief Maps random BIG to curve point of correct order + * + @param P ECP8 instance of correct order + @param w OCTET byte array to be mapped + */ +extern void ECP8_ZZZ_mapit(ECP8_ZZZ *P,octet *w); + +/** @brief Get Group Generator from ROM + * + @param G ECP8 instance + */ +extern void ECP8_ZZZ_generator(ECP8_ZZZ *G); + + +#endif \ No newline at end of file http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto-c/blob/8d28d2c3/include/ff.h.in ---------------------------------------------------------------------- diff --git a/include/ff.h.in b/include/ff.h.in new file mode 100644 index 0000000..c3be699 --- /dev/null +++ b/include/ff.h.in @@ -0,0 +1,296 @@ +/* + Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. +*/ + +/** + * @file ff_WWW.h + * @author Mike Scott + * @brief FF Header File + * + */ + +#ifndef FF_WWW_H +#define FF_WWW_H + +#include "big_XXX.h" +#include "config_ff_WWW.h" + +#define HFLEN_WWW (FFLEN_WWW/2) /**< Useful for half-size RSA private key operations */ +#define P_MBITS_WWW (MODBYTES_XXX*8) /**< Number of bits in modulus */ +#define P_TBITS_WWW (P_MBITS_WWW%BASEBITS_XXX) /**< TODO */ +#define P_EXCESS_WWW(a) (((a[NLEN_XXX-1])>>(P_TBITS_WWW))+1) /**< TODO */ +#define P_FEXCESS_WWW ((chunk)1<<(BASEBITS_XXX*NLEN_XXX-P_MBITS_WWW-1)) /**< TODO */ + + +/* Finite Field Prototypes */ +/** @brief Copy one FF element of given length to another + * + @param x FF instance to be copied to, on exit = y + @param y FF instance to be copied from + @param n size of FF in BIGs + + */ +extern void FF_WWW_copy(BIG_XXX *x,BIG_XXX *y,int n); +/** @brief Initialize an FF element of given length from a 32-bit integer m + * + @param x FF instance to be copied to, on exit = m + @param m integer + @param n size of FF in BIGs + */ +extern void FF_WWW_init(BIG_XXX *x,sign32 m,int n); +/** @brief Set FF element of given size to zero + * + @param x FF instance to be set to zero + @param n size of FF in BIGs + */ +extern void FF_WWW_zero(BIG_XXX *x,int n); +/** @brief Tests for FF element equal to zero + * + @param x FF number to be tested + @param n size of FF in BIGs + @return 1 if zero, else returns 0 + */ +extern int FF_WWW_iszilch(BIG_XXX *x,int n); +/** @brief return parity of an FF, that is the least significant bit + * + @param x FF number + @return 0 or 1 + */ +extern int FF_WWW_parity(BIG_XXX *x); +/** @brief return least significant m bits of an FF + * + @param x FF number + @param m number of bits to return. Assumed to be less than BASEBITS. + @return least significant n bits as an integer + */ +extern int FF_WWW_lastbits(BIG_XXX *x,int m); +/** @brief Set FF element of given size to unity + * + @param x FF instance to be set to unity + @param n size of FF in BIGs + */ +extern void FF_WWW_one(BIG_XXX *x,int n); +/** @brief Compares two FF numbers. Inputs must be normalised externally + * + @param x first FF number to be compared + @param y second FF number to be compared + @param n size of FF in BIGs + @return -1 is x<y, 0 if x=y, 1 if x>y + */ +extern int FF_WWW_comp(BIG_XXX *x,BIG_XXX *y,int n); +/** @brief addition of two FFs + * + @param x FF instance, on exit = y+z + @param y FF instance + @param z FF instance + @param n size of FF in BIGs + */ +extern void FF_WWW_add(BIG_XXX *x,BIG_XXX *y,BIG_XXX *z,int n); +/** @brief subtraction of two FFs + * + @param x FF instance, on exit = y-z + @param y FF instance + @param z FF instance + @param n size of FF in BIGs + */ +extern void FF_WWW_sub(BIG_XXX *x,BIG_XXX *y,BIG_XXX *z,int n); +/** @brief increment an FF by an integer,and normalise + * + @param x FF instance, on exit = x+m + @param m an integer to be added to x + @param n size of FF in BIGs + */ +extern void FF_WWW_inc(BIG_XXX *x,int m,int n); +/** @brief Decrement an FF by an integer,and normalise + * + @param x FF instance, on exit = x-m + @param m an integer to be subtracted from x + @param n size of FF in BIGs + */ +extern void FF_WWW_dec(BIG_XXX *x,int m,int n); +/** @brief Normalises the components of an FF + * + @param x FF instance to be normalised + @param n size of FF in BIGs + */ +extern void FF_WWW_norm(BIG_XXX *x,int n); +/** @brief Shift left an FF by 1 bit + * + @param x FF instance to be shifted left + @param n size of FF in BIGs + */ +extern void FF_WWW_shl(BIG_XXX *x,int n); +/** @brief Shift right an FF by 1 bit + * + @param x FF instance to be shifted right + @param n size of FF in BIGs + */ +extern void FF_WWW_shr(BIG_XXX *x,int n); +/** @brief Formats and outputs an FF to the console + * + @param x FF instance to be printed + @param n size of FF in BIGs + */ +extern void FF_WWW_output(BIG_XXX *x,int n); +/** @brief Formats and outputs an FF to the console, in raw form + * + @param x FF instance to be printed + @param n size of FF in BIGs + */ +extern void FF_WWW_rawoutput(BIG_XXX *x,int n); +/** @brief Formats and outputs an FF instance to an octet string + * + Converts an FF to big-endian base 256 form. + @param S output octet string + @param x FF instance to be converted to an octet string + @param n size of FF in BIGs + */ +extern void FF_WWW_toOctet(octet *S,BIG_XXX *x,int n); +/** @brief Populates an FF instance from an octet string + * + Creates FF from big-endian base 256 form. + @param x FF instance to be created from an octet string + @param S input octet string + @param n size of FF in BIGs + */ +extern void FF_WWW_fromOctet(BIG_XXX *x,octet *S,int n); +/** @brief Multiplication of two FFs + * + Uses Karatsuba method internally + @param x FF instance, on exit = y*z + @param y FF instance + @param z FF instance + @param n size of FF in BIGs + */ +extern void FF_WWW_mul(BIG_XXX *x,BIG_XXX *y,BIG_XXX *z,int n); +/** @brief Reduce FF mod a modulus + * + This is slow + @param x FF instance to be reduced mod m - on exit = x mod m + @param m FF modulus + @param n size of FF in BIGs + */ +extern void FF_WWW_mod(BIG_XXX *x,BIG_XXX *m,int n); +/** @brief Square an FF + * + Uses Karatsuba method internally + @param x FF instance, on exit = y^2 + @param y FF instance to be squared + @param n size of FF in BIGs + */ +extern void FF_WWW_sqr(BIG_XXX *x,BIG_XXX *y,int n); +/** @brief Reduces a double-length FF with respect to a given modulus + * + This is slow + @param x FF instance, on exit = y mod z + @param y FF instance, of double length 2*n + @param z FF modulus + @param n size of FF in BIGs + */ +extern void FF_WWW_dmod(BIG_XXX *x,BIG_XXX *y,BIG_XXX *z,int n); +/** @brief Invert an FF mod a prime modulus + * + @param x FF instance, on exit = 1/y mod z + @param y FF instance + @param z FF prime modulus + @param n size of FF in BIGs + */ +extern void FF_WWW_invmodp(BIG_XXX *x,BIG_XXX *y,BIG_XXX *z,int n); +/** @brief Create an FF from a random number generator + * + @param x FF instance, on exit x is a random number of length n BIGs with most significant bit a 1 + @param R an instance of a Cryptographically Secure Random Number Generator + @param n size of FF in BIGs + */ +extern void FF_WWW_random(BIG_XXX *x,csprng *R,int n); +/** @brief Create a random FF less than a given modulus from a random number generator + * + @param x FF instance, on exit x is a random number < y + @param y FF instance, the modulus + @param R an instance of a Cryptographically Secure Random Number Generator + @param n size of FF in BIGs + */ +extern void FF_WWW_randomnum(BIG_XXX *x,BIG_XXX *y,csprng *R,int n); +/** @brief Calculate r=x^e mod m, side channel resistant + * + @param r FF instance, on exit = x^e mod p + @param x FF instance + @param e FF exponent + @param m FF modulus + @param n size of FF in BIGs + */ +extern void FF_WWW_skpow(BIG_XXX *r,BIG_XXX *x,BIG_XXX * e,BIG_XXX *m,int n); +/** @brief Calculate r=x^e mod m, side channel resistant + * + For short BIG exponent + @param r FF instance, on exit = x^e mod p + @param x FF instance + @param e BIG exponent + @param m FF modulus + @param n size of FF in BIGs + */ +extern void FF_WWW_skspow(BIG_XXX *r,BIG_XXX *x,BIG_XXX e,BIG_XXX *m,int n); +/** @brief Calculate r=x^e mod m + * + For very short integer exponent + @param r FF instance, on exit = x^e mod p + @param x FF instance + @param e integer exponent + @param m FF modulus + @param n size of FF in BIGs + */ +extern void FF_WWW_power(BIG_XXX *r,BIG_XXX *x,int e,BIG_XXX *m,int n); +/** @brief Calculate r=x^e mod m + * + @param r FF instance, on exit = x^e mod p + @param x FF instance + @param e FF exponent + @param m FF modulus + @param n size of FF in BIGs + */ +extern void FF_WWW_pow(BIG_XXX *r,BIG_XXX *x,BIG_XXX *e,BIG_XXX *m,int n); +/** @brief Test if an FF has factor in common with integer s + * + @param x FF instance to be tested + @param s the supplied integer + @param n size of FF in BIGs + @return 1 if gcd(x,s)!=1, else return 0 + */ +extern int FF_WWW_cfactor(BIG_XXX *x,sign32 s,int n); +/** @brief Test if an FF is prime + * + Uses Miller-Rabin Method + @param x FF instance to be tested + @param R an instance of a Cryptographically Secure Random Number Generator + @param n size of FF in BIGs + @return 1 if x is (almost certainly) prime, else return 0 + */ +extern int FF_WWW_prime(BIG_XXX *x,csprng *R,int n); +/** @brief Calculate r=x^e.y^f mod m + * + @param r FF instance, on exit = x^e.y^f mod p + @param x FF instance + @param e BIG exponent + @param y FF instance + @param f BIG exponent + @param m FF modulus + @param n size of FF in BIGs + */ +extern void FF_WWW_pow2(BIG_XXX *r,BIG_XXX *x,BIG_XXX e,BIG_XXX *y,BIG_XXX f,BIG_XXX *m,int n); + +#endif http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto-c/blob/8d28d2c3/include/fp.h.in ---------------------------------------------------------------------- diff --git a/include/fp.h.in b/include/fp.h.in new file mode 100644 index 0000000..3b70551 --- /dev/null +++ b/include/fp.h.in @@ -0,0 +1,245 @@ +/* + Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. +*/ + +/** + * @file fp_YYY.h + * @author Mike Scott + * @brief FP Header File + * + */ + +#ifndef FP_YYY_H +#define FP_YYY_H + +#include "big_XXX.h" +#include "config_field_YYY.h" + + +/** + @brief FP Structure - quadratic extension field +*/ + +typedef struct +{ + BIG_XXX g; /**< Big representation of field element */ + sign32 XES; /**< Excess */ +} FP_YYY; + + +/* Field Params - see rom.c */ +extern const BIG_XXX Modulus_YYY; /**< Actual Modulus set in romf_yyy.c */ +extern const BIG_XXX R2modp_YYY; /**< Montgomery constant */ +extern const chunk MConst_YYY; /**< Constant associated with Modulus - for Montgomery = 1/p mod 2^BASEBITS */ + + +#define MODBITS_YYY MBITS_YYY /**< Number of bits in Modulus for selected curve */ +#define TBITS_YYY (MBITS_YYY%BASEBITS_XXX) /**< Number of active bits in top word */ +#define TMASK_YYY (((chunk)1<<TBITS_YYY)-1) /**< Mask for active bits in top word */ +#define FEXCESS_YYY ((sign32)1<<MAXXES_YYY) /**< 2^(BASEBITS*NLEN-MODBITS) - normalised BIG can be multiplied by more than this before reduction */ +#define OMASK_YYY (-((chunk)(1)<<TBITS_YYY)) /**< for masking out overflow bits */ + +//#define FUSED_MODMUL +//#define DEBUG_REDUCE + +/* FP prototypes */ + +/** @brief Tests for FP equal to zero mod Modulus + * + @param x BIG number to be tested + @return 1 if zero, else returns 0 + */ +extern int FP_YYY_iszilch(FP_YYY *x); + + +/** @brief Set FP to zero + * + @param x FP number to be set to 0 + */ +extern void FP_YYY_zero(FP_YYY *x); + +/** @brief Copy an FP + * + @param y FP number to be copied to + @param x FP to be copied from + */ +extern void FP_YYY_copy(FP_YYY *y,FP_YYY *x); + +/** @brief Copy from ROM to an FP + * + @param y FP number to be copied to + @param x BIG to be copied from ROM + */ +extern void FP_YYY_rcopy(FP_YYY *y,const BIG_XXX x); + + +/** @brief Compares two FPs + * + @param x FP number + @param y FP number + @return 1 if equal, else returns 0 + */ +extern int FP_YYY_equals(FP_YYY *x,FP_YYY *y); + + +/** @brief Conditional constant time swap of two FP numbers + * + Conditionally swaps parameters in constant time (without branching) + @param x an FP number + @param y another FP number + @param s swap takes place if not equal to 0 + */ +extern void FP_YYY_cswap(FP_YYY *x,FP_YYY *y,int s); +/** @brief Conditional copy of FP number + * + Conditionally copies second parameter to the first (without branching) + @param x an FP number + @param y another FP number + @param s copy takes place if not equal to 0 + */ +extern void FP_YYY_cmove(FP_YYY *x,FP_YYY *y,int s); +/** @brief Converts from BIG integer to residue form mod Modulus + * + @param x BIG number to be converted + @param y FP result + */ +extern void FP_YYY_nres(FP_YYY *y,BIG_XXX x); +/** @brief Converts from residue form back to BIG integer form + * + @param y FP number to be converted to BIG + @param x BIG result + */ +extern void FP_YYY_redc(BIG_XXX x,FP_YYY *y); +/** @brief Sets FP to representation of unity in residue form + * + @param x FP number to be set equal to unity. + */ +extern void FP_YYY_one(FP_YYY *x); +/** @brief Reduces DBIG to BIG exploiting special form of the modulus + * + This function comes in different flavours depending on the form of Modulus that is currently in use. + @param r BIG number, on exit = d mod Modulus + @param d DBIG number to be reduced + */ +extern void FP_YYY_mod(BIG_XXX r,DBIG_XXX d); + +#ifdef FUSED_MODMUL +extern void FP_YYY_modmul(BIG_XXX,BIG_XXX,BIG_XXX); +#endif + +/** @brief Fast Modular multiplication of two FPs, mod Modulus + * + Uses appropriate fast modular reduction method + @param x FP number, on exit the modular product = y*z mod Modulus + @param y FP number, the multiplicand + @param z FP number, the multiplier + */ +extern void FP_YYY_mul(FP_YYY *x,FP_YYY *y,FP_YYY *z); +/** @brief Fast Modular multiplication of an FP, by a small integer, mod Modulus + * + @param x FP number, on exit the modular product = y*i mod Modulus + @param y FP number, the multiplicand + @param i a small number, the multiplier + */ +extern void FP_YYY_imul(FP_YYY *x,FP_YYY *y,int i); +/** @brief Fast Modular squaring of an FP, mod Modulus + * + Uses appropriate fast modular reduction method + @param x FP number, on exit the modular product = y^2 mod Modulus + @param y FP number, the number to be squared + + */ +extern void FP_YYY_sqr(FP_YYY *x,FP_YYY *y); +/** @brief Modular addition of two FPs, mod Modulus + * + @param x FP number, on exit the modular sum = y+z mod Modulus + @param y FP number + @param z FP number + */ +extern void FP_YYY_add(FP_YYY *x,FP_YYY *y,FP_YYY *z); +/** @brief Modular subtraction of two FPs, mod Modulus + * + @param x FP number, on exit the modular difference = y-z mod Modulus + @param y FP number + @param z FP number + */ +extern void FP_YYY_sub(FP_YYY *x,FP_YYY *y,FP_YYY *z); +/** @brief Modular division by 2 of an FP, mod Modulus + * + @param x FP number, on exit =y/2 mod Modulus + @param y FP number + */ +extern void FP_YYY_div2(FP_YYY *x,FP_YYY *y); +/** @brief Fast Modular exponentiation of an FP, to the power of a BIG, mod Modulus + * + @param x FP number, on exit = y^z mod Modulus + @param y FP number + @param z BIG number exponent + */ +extern void FP_YYY_pow(FP_YYY *x,FP_YYY *y,BIG_XXX z); +/** @brief Fast Modular square root of a an FP, mod Modulus + * + @param x FP number, on exit = sqrt(y) mod Modulus + @param y FP number, the number whose square root is calculated + + */ +extern void FP_YYY_sqrt(FP_YYY *x,FP_YYY *y); +/** @brief Modular negation of a an FP, mod Modulus + * + @param x FP number, on exit = -y mod Modulus + @param y FP number + */ +extern void FP_YYY_neg(FP_YYY *x,FP_YYY *y); +/** @brief Outputs an FP number to the console + * + Converts from residue form before output + @param x an FP number + */ +extern void FP_YYY_output(FP_YYY *x); +/** @brief Outputs an FP number to the console, in raw form + * + @param x a BIG number + */ +extern void FP_YYY_rawoutput(FP_YYY *x); +/** @brief Reduces possibly unreduced FP mod Modulus + * + @param x FP number, on exit reduced mod Modulus + */ +extern void FP_YYY_reduce(FP_YYY *x); +/** @brief normalizes FP + * + @param x FP number, on exit normalized + */ +extern void FP_YYY_norm(FP_YYY *x); +/** @brief Tests for FP a quadratic residue mod Modulus + * + @param x FP number to be tested + @return 1 if quadratic residue, else returns 0 if quadratic non-residue + */ +extern int FP_YYY_qr(FP_YYY *x); +/** @brief Modular inverse of a an FP, mod Modulus + * + @param x FP number, on exit = 1/y mod Modulus + @param y FP number + */ +extern void FP_YYY_inv(FP_YYY *x,FP_YYY *y); + + + + +#endif http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto-c/blob/8d28d2c3/include/fp12.h.in ---------------------------------------------------------------------- diff --git a/include/fp12.h.in b/include/fp12.h.in new file mode 100644 index 0000000..243c2a7 --- /dev/null +++ b/include/fp12.h.in @@ -0,0 +1,216 @@ +/* + Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. +*/ + +/** + * @file fp12_YYY.h + * @author Mike Scott + * @brief FP12 Header File + * + */ + +#ifndef FP12_YYY_H +#define FP12_YYY_H + +#include "fp4_YYY.h" + +/** + @brief FP12 Structure - towered over three FP4 +*/ + +typedef struct +{ + FP4_YYY a; /**< first part of FP12 */ + FP4_YYY b; /**< second part of FP12 */ + FP4_YYY c; /**< third part of FP12 */ +} FP12_YYY; + +extern const BIG_XXX Fra_YYY; /**< real part of BN curve Frobenius Constant */ +extern const BIG_XXX Frb_YYY; /**< imaginary part of BN curve Frobenius Constant */ + +/* FP12 prototypes */ +/** @brief Tests for FP12 equal to zero + * + @param x FP12 number to be tested + @return 1 if zero, else returns 0 + */ +extern int FP12_YYY_iszilch(FP12_YYY *x); +/** @brief Tests for FP12 equal to unity + * + @param x FP12 number to be tested + @return 1 if unity, else returns 0 + */ +extern int FP12_YYY_isunity(FP12_YYY *x); +/** @brief Copy FP12 to another FP12 + * + @param x FP12 instance, on exit = y + @param y FP12 instance to be copied + */ +extern void FP12_YYY_copy(FP12_YYY *x,FP12_YYY *y); +/** @brief Set FP12 to unity + * + @param x FP12 instance to be set to one + */ +extern void FP12_YYY_one(FP12_YYY *x); +/** @brief Tests for equality of two FP12s + * + @param x FP12 instance to be compared + @param y FP12 instance to be compared + @return 1 if x=y, else returns 0 + */ +extern int FP12_YYY_equals(FP12_YYY *x,FP12_YYY *y); +/** @brief Conjugation of FP12 + * + If y=(a,b,c) (where a,b,c are its three FP4 components) on exit x=(conj(a),-conj(b),conj(c)) + @param x FP12 instance, on exit = conj(y) + @param y FP12 instance + */ +extern void FP12_YYY_conj(FP12_YYY *x,FP12_YYY *y); +/** @brief Initialise FP12 from single FP4 + * + Sets first FP4 component of an FP12, other components set to zero + @param x FP12 instance to be initialised + @param a FP4 to form first part of FP4 + */ +extern void FP12_YYY_from_FP4(FP12_YYY *x,FP4_YYY *a); +/** @brief Initialise FP12 from three FP4s + * + @param x FP12 instance to be initialised + @param a FP4 to form first part of FP12 + @param b FP4 to form second part of FP12 + @param c FP4 to form third part of FP12 + */ +extern void FP12_YYY_from_FP4s(FP12_YYY *x,FP4_YYY *a,FP4_YYY* b,FP4_YYY *c); +/** @brief Fast Squaring of an FP12 in "unitary" form + * + @param x FP12 instance, on exit = y^2 + @param y FP4 instance, must be unitary + */ +extern void FP12_YYY_usqr(FP12_YYY *x,FP12_YYY *y); +/** @brief Squaring an FP12 + * + @param x FP12 instance, on exit = y^2 + @param y FP12 instance + */ +extern void FP12_YYY_sqr(FP12_YYY *x,FP12_YYY *y); +/** @brief Fast multiplication of an FP12 by an FP12 that arises from an ATE pairing line function + * + Here the multiplier has a special form that can be exploited + @param x FP12 instance, on exit = x*y + @param y FP12 instance, of special form + @param t D_TYPE or M_TYPE twist + */ +extern void FP12_YYY_smul(FP12_YYY *x,FP12_YYY *y,int t); +/** @brief Multiplication of two FP12s + * + @param x FP12 instance, on exit = x*y + @param y FP12 instance, the multiplier + */ +extern void FP12_YYY_mul(FP12_YYY *x,FP12_YYY *y); +/** @brief Inverting an FP12 + * + @param x FP12 instance, on exit = 1/y + @param y FP12 instance + */ +extern void FP12_YYY_inv(FP12_YYY *x,FP12_YYY *y); +/** @brief Raises an FP12 to the power of a BIG + * + @param r FP12 instance, on exit = y^b + @param x FP12 instance + @param b BIG number + */ +extern void FP12_YYY_pow(FP12_YYY *r,FP12_YYY *x,BIG_XXX b); +/** @brief Raises an FP12 instance x to a small integer power, side-channel resistant + * + @param x FP12 instance, on exit = x^i + @param i small integer exponent + @param b maximum number of bits in exponent + */ +extern void FP12_YYY_pinpow(FP12_YYY *x,int i,int b); + +/** @brief Raises an FP12 instance x to a BIG power, compressed to FP4 + * + @param c FP4 instance, on exit = x^(e mod r) as FP4 + @param x FP12 input + @param e BIG exponent + @param r BIG group order + */ +extern void FP12_YYY_compow(FP4_YYY *c,FP12_YYY *x,BIG_XXX e,BIG_XXX r); + +/** @brief Calculate x[0]^b[0].x[1]^b[1].x[2]^b[2].x[3]^b[3], side-channel resistant + * + @param r FP12 instance, on exit = x[0]^b[0].x[1]^b[1].x[2]^b[2].x[3]^b[3] + @param x FP12 array with 4 FP12s + @param b BIG array of 4 exponents + */ +extern void FP12_YYY_pow4(FP12_YYY *r,FP12_YYY *x,BIG_XXX *b); +/** @brief Raises an FP12 to the power of the internal modulus p, using the Frobenius + * + @param x FP12 instance, on exit = x^p + @param f FP2 precalculated Frobenius constant + */ +extern void FP12_YYY_frob(FP12_YYY *x,FP2_YYY *f); +/** @brief Reduces all components of possibly unreduced FP12 mod Modulus + * + @param x FP12 instance, on exit reduced mod Modulus + */ +extern void FP12_YYY_reduce(FP12_YYY *x); +/** @brief Normalises the components of an FP12 + * + @param x FP12 instance to be normalised + */ +extern void FP12_YYY_norm(FP12_YYY *x); +/** @brief Formats and outputs an FP12 to the console + * + @param x FP12 instance to be printed + */ +extern void FP12_YYY_output(FP12_YYY *x); +/** @brief Formats and outputs an FP12 instance to an octet string + * + Serializes the components of an FP12 to big-endian base 256 form. + @param S output octet string + @param x FP12 instance to be converted to an octet string + */ +extern void FP12_YYY_toOctet(octet *S,FP12_YYY *x); +/** @brief Creates an FP12 instance from an octet string + * + De-serializes the components of an FP12 to create an FP12 from big-endian base 256 components. + @param x FP12 instance to be created from an octet string + @param S input octet string + + */ +extern void FP12_YYY_fromOctet(FP12_YYY *x,octet *S); +/** @brief Calculate the trace of an FP12 + * + @param t FP4 trace of x, on exit = tr(x) + @param x FP12 instance + + */ +extern void FP12_YYY_trace(FP4_YYY *t,FP12_YYY *x); + +/** @brief Conditional copy of FP12 number + * + Conditionally copies second parameter to the first (without branching) + @param x FP12 instance, set to y if s!=0 + @param y another FP12 instance + @param s copy only takes place if not equal to 0 + */ +extern void FP12_YYY_cmove(FP12_YYY *x,FP12_YYY *y,int s); + + +#endif http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto-c/blob/8d28d2c3/include/fp16.h.in ---------------------------------------------------------------------- diff --git a/include/fp16.h.in b/include/fp16.h.in new file mode 100644 index 0000000..0b32d27 --- /dev/null +++ b/include/fp16.h.in @@ -0,0 +1,286 @@ +/* + Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. +*/ + +/** + * @file fp16_YYY.h + * @author Mike Scott + * @brief FP16 Header File + * + */ + +#ifndef FP16_YYY_H +#define FP16_YYY_H + +#include "fp8_YYY.h" +#include "config_curve_ZZZ.h" + + +/** + @brief FP16 Structure - towered over two FP8 +*/ + +typedef struct +{ + FP8_YYY a; /**< real part of FP16 */ + FP8_YYY b; /**< imaginary part of FP16 */ +} FP16_YYY; + + +/* FP16 prototypes */ +/** @brief Tests for FP16 equal to zero + * + @param x FP16 number to be tested + @return 1 if zero, else returns 0 + */ +extern int FP16_YYY_iszilch(FP16_YYY *x); +/** @brief Tests for FP16 equal to unity + * + @param x FP16 number to be tested + @return 1 if unity, else returns 0 + */ +extern int FP16_YYY_isunity(FP16_YYY *x); +/** @brief Tests for equality of two FP16s + * + @param x FP16 instance to be compared + @param y FP16 instance to be compared + @return 1 if x=y, else returns 0 + */ +extern int FP16_YYY_equals(FP16_YYY *x,FP16_YYY *y); +/** @brief Tests for FP16 having only a real part and no imaginary part + * + @param x FP16 number to be tested + @return 1 if real, else returns 0 + */ +extern int FP16_YYY_isreal(FP16_YYY *x); +/** @brief Initialise FP16 from two FP8s + * + @param x FP16 instance to be initialised + @param a FP8 to form real part of FP16 + @param b FP8 to form imaginary part of FP16 + */ +extern void FP16_YYY_from_FP8s(FP16_YYY *x,FP8_YYY *a,FP8_YYY *b); +/** @brief Initialise FP16 from single FP8 + * + Imaginary part is set to zero + @param x FP16 instance to be initialised + @param a FP8 to form real part of FP16 + */ +extern void FP16_YYY_from_FP8(FP16_YYY *x,FP8_YYY *a); + +/** @brief Initialise FP16 from single FP8 + * + real part is set to zero + @param x FP16 instance to be initialised + @param a FP8 to form imaginary part of FP16 + */ +extern void FP16_YYY_from_FP8H(FP16_YYY *x,FP8_YYY *a); + + +/** @brief Copy FP16 to another FP16 + * + @param x FP16 instance, on exit = y + @param y FP16 instance to be copied + */ +extern void FP16_YYY_copy(FP16_YYY *x,FP16_YYY *y); +/** @brief Set FP16 to zero + * + @param x FP16 instance to be set to zero + */ +extern void FP16_YYY_zero(FP16_YYY *x); +/** @brief Set FP16 to unity + * + @param x FP16 instance to be set to one + */ +extern void FP16_YYY_one(FP16_YYY *x); +/** @brief Negation of FP16 + * + @param x FP16 instance, on exit = -y + @param y FP16 instance + */ +extern void FP16_YYY_neg(FP16_YYY *x,FP16_YYY *y); +/** @brief Conjugation of FP16 + * + If y=(a,b) on exit x=(a,-b) + @param x FP16 instance, on exit = conj(y) + @param y FP16 instance + */ +extern void FP16_YYY_conj(FP16_YYY *x,FP16_YYY *y); +/** @brief Negative conjugation of FP16 + * + If y=(a,b) on exit x=(-a,b) + @param x FP16 instance, on exit = -conj(y) + @param y FP16 instance + */ +extern void FP16_YYY_nconj(FP16_YYY *x,FP16_YYY *y); +/** @brief addition of two FP16s + * + @param x FP16 instance, on exit = y+z + @param y FP16 instance + @param z FP16 instance + */ +extern void FP16_YYY_add(FP16_YYY *x,FP16_YYY *y,FP16_YYY *z); +/** @brief subtraction of two FP16s + * + @param x FP16 instance, on exit = y-z + @param y FP16 instance + @param z FP16 instance + */ +extern void FP16_YYY_sub(FP16_YYY *x,FP16_YYY *y,FP16_YYY *z); +/** @brief Multiplication of an FP16 by an FP8 + * + @param x FP16 instance, on exit = y*a + @param y FP16 instance + @param a FP8 multiplier + */ +extern void FP16_YYY_pmul(FP16_YYY *x,FP16_YYY *y,FP8_YYY *a); + +/** @brief Multiplication of an FP16 by an FP2 + * + @param x FP16 instance, on exit = y*a + @param y FP16 instance + @param a FP2 multiplier + */ +extern void FP16_YYY_qmul(FP16_YYY *x,FP16_YYY *y,FP2_YYY *a); + +/** @brief Multiplication of an FP16 by a small integer + * + @param x FP16 instance, on exit = y*i + @param y FP16 instance + @param i an integer + */ +extern void FP16_YYY_imul(FP16_YYY *x,FP16_YYY *y,int i); +/** @brief Squaring an FP16 + * + @param x FP16 instance, on exit = y^2 + @param y FP16 instance + */ +extern void FP16_YYY_sqr(FP16_YYY *x,FP16_YYY *y); +/** @brief Multiplication of two FP16s + * + @param x FP16 instance, on exit = y*z + @param y FP16 instance + @param z FP16 instance + */ +extern void FP16_YYY_mul(FP16_YYY *x,FP16_YYY *y,FP16_YYY *z); +/** @brief Inverting an FP16 + * + @param x FP16 instance, on exit = 1/y + @param y FP16 instance + */ +extern void FP16_YYY_inv(FP16_YYY *x,FP16_YYY *y); +/** @brief Formats and outputs an FP16 to the console + * + @param x FP16 instance to be printed + */ +extern void FP16_YYY_output(FP16_YYY *x); +/** @brief Formats and outputs an FP16 to the console in raw form (for debugging) + * + @param x FP16 instance to be printed + */ +extern void FP16_YYY_rawoutput(FP16_YYY *x); +/** @brief multiplies an FP16 instance by irreducible polynomial sqrt(1+sqrt(-1)) + * + @param x FP16 instance, on exit = sqrt(1+sqrt(-1)*x + */ +extern void FP16_YYY_times_i(FP16_YYY *x); +/** @brief multiplies an FP16 instance by irreducible polynomial (1+sqrt(-1)) + * + @param x FP16 instance, on exit = sqrt(1+sqrt(-1))^2*x + */ +extern void FP16_YYY_times_i2(FP16_YYY *x); + +/** @brief multiplies an FP16 instance by irreducible polynomial (1+sqrt(-1)) + * + @param x FP16 instance, on exit = sqrt(1+sqrt(-1))^4*x + */ +extern void FP16_YYY_times_i4(FP16_YYY *x); + + +/** @brief Normalises the components of an FP16 + * + @param x FP16 instance to be normalised + */ +extern void FP16_YYY_norm(FP16_YYY *x); +/** @brief Reduces all components of possibly unreduced FP16 mod Modulus + * + @param x FP16 instance, on exit reduced mod Modulus + */ +extern void FP16_YYY_reduce(FP16_YYY *x); +/** @brief Raises an FP16 to the power of a BIG + * + @param x FP16 instance, on exit = y^b + @param y FP16 instance + @param b BIG number + */ +extern void FP16_YYY_pow(FP16_YYY *x,FP16_YYY *y,BIG_XXX b); +/** @brief Raises an FP16 to the power of the internal modulus p, using the Frobenius + * + @param x FP16 instance, on exit = x^p + @param f FP2 precalculated Frobenius constant + */ +extern void FP16_YYY_frob(FP16_YYY *x,FP2_YYY *f); +/** @brief Calculates the XTR addition function r=w*x-conj(x)*y+z + * + @param r FP16 instance, on exit = w*x-conj(x)*y+z + @param w FP16 instance + @param x FP16 instance + @param y FP16 instance + @param z FP16 instance + */ +extern void FP16_YYY_xtr_A(FP16_YYY *r,FP16_YYY *w,FP16_YYY *x,FP16_YYY *y,FP16_YYY *z); +/** @brief Calculates the XTR doubling function r=x^2-2*conj(x) + * + @param r FP16 instance, on exit = x^2-2*conj(x) + @param x FP16 instance + */ +extern void FP16_YYY_xtr_D(FP16_YYY *r,FP16_YYY *x); +/** @brief Calculates FP16 trace of an FP12 raised to the power of a BIG number + * + XTR single exponentiation + @param r FP16 instance, on exit = trace(w^b) + @param x FP16 instance, trace of an FP12 w + @param b BIG number + */ +extern void FP16_YYY_xtr_pow(FP16_YYY *r,FP16_YYY *x,BIG_XXX b); +/** @brief Calculates FP16 trace of c^a.d^b, where c and d are derived from FP16 traces of FP12s + * + XTR double exponentiation + Assumes c=tr(x^m), d=tr(x^n), e=tr(x^(m-n)), f=tr(x^(m-2n)) + @param r FP16 instance, on exit = trace(c^a.d^b) + @param c FP16 instance, trace of an FP12 + @param d FP16 instance, trace of an FP12 + @param e FP16 instance, trace of an FP12 + @param f FP16 instance, trace of an FP12 + @param a BIG number + @param b BIG number + */ +extern void FP16_YYY_xtr_pow2(FP16_YYY *r,FP16_YYY *c,FP16_YYY *d,FP16_YYY *e,FP16_YYY *f,BIG_XXX a,BIG_XXX b); + +/** @brief Conditional copy of FP16 number + * + Conditionally copies second parameter to the first (without branching) + @param x FP16 instance, set to y if s!=0 + @param y another FP16 instance + @param s copy only takes place if not equal to 0 + */ +extern void FP16_YYY_cmove(FP16_YYY *x,FP16_YYY *y,int s); + + +#endif + http://git-wip-us.apache.org/repos/asf/incubator-milagro-crypto-c/blob/8d28d2c3/include/fp2.h.in ---------------------------------------------------------------------- diff --git a/include/fp2.h.in b/include/fp2.h.in new file mode 100644 index 0000000..8442141 --- /dev/null +++ b/include/fp2.h.in @@ -0,0 +1,240 @@ +/* + Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. +*/ + +/** + * @file fp2_YYY.h + * @author Mike Scott + * @brief FP2 Header File + * + */ + +#ifndef FP2_YYY_H +#define FP2_YYY_H + +#include "fp_YYY.h" + +/** + @brief FP2 Structure - quadratic extension field +*/ + +typedef struct +{ + FP_YYY a; /**< real part of FP2 */ + FP_YYY b; /**< imaginary part of FP2 */ +} FP2_YYY; + +/* FP2 prototypes */ + +/** @brief Tests for FP2 equal to zero + * + @param x FP2 number to be tested + @return 1 if zero, else returns 0 + */ +extern int FP2_YYY_iszilch(FP2_YYY *x); +/** @brief Conditional copy of FP2 number + * + Conditionally copies second parameter to the first (without branching) + @param x FP2 instance, set to y if s!=0 + @param y another FP2 instance + @param s copy only takes place if not equal to 0 + */ +extern void FP2_YYY_cmove(FP2_YYY *x,FP2_YYY *y,int s); +/** @brief Tests for FP2 equal to one + * + @param x FP2 instance to be tested + @return 1 if x=1, else returns 0 + */ +extern int FP2_YYY_isunity(FP2_YYY *x); +/** @brief Tests for equality of two FP2s + * + @param x FP2 instance to be compared + @param y FP2 instance to be compared + @return 1 if x=y, else returns 0 + */ +extern int FP2_YYY_equals(FP2_YYY *x,FP2_YYY *y); +/** @brief Initialise FP2 from two FP numbers + * + @param x FP2 instance to be initialised + @param a FP to form real part of FP2 + @param b FP to form imaginary part of FP2 + */ +extern void FP2_YYY_from_FPs(FP2_YYY *x,FP_YYY *a,FP_YYY *b); +/** @brief Initialise FP2 from two BIG integers + * + @param x FP2 instance to be initialised + @param a BIG to form real part of FP2 + @param b BIG to form imaginary part of FP2 + */ +extern void FP2_YYY_from_BIGs(FP2_YYY *x,BIG_XXX a,BIG_XXX b); +/** @brief Initialise FP2 from single FP + * + Imaginary part is set to zero + @param x FP2 instance to be initialised + @param a FP to form real part of FP2 + */ +extern void FP2_YYY_from_FP(FP2_YYY *x,FP_YYY *a); +/** @brief Initialise FP2 from single BIG + * + Imaginary part is set to zero + @param x FP2 instance to be initialised + @param a BIG to form real part of FP2 + */ +extern void FP2_YYY_from_BIG(FP2_YYY *x,BIG_XXX a); +/** @brief Copy FP2 to another FP2 + * + @param x FP2 instance, on exit = y + @param y FP2 instance to be copied + */ +extern void FP2_YYY_copy(FP2_YYY *x,FP2_YYY *y); +/** @brief Set FP2 to zero + * + @param x FP2 instance to be set to zero + */ +extern void FP2_YYY_zero(FP2_YYY *x); +/** @brief Set FP2 to unity + * + @param x FP2 instance to be set to one + */ +extern void FP2_YYY_one(FP2_YYY *x); +/** @brief Negation of FP2 + * + @param x FP2 instance, on exit = -y + @param y FP2 instance + */ +extern void FP2_YYY_neg(FP2_YYY *x,FP2_YYY *y); +/** @brief Conjugation of FP2 + * + If y=(a,b) on exit x=(a,-b) + @param x FP2 instance, on exit = conj(y) + @param y FP2 instance + */ +extern void FP2_YYY_conj(FP2_YYY *x,FP2_YYY *y); +/** @brief addition of two FP2s + * + @param x FP2 instance, on exit = y+z + @param y FP2 instance + @param z FP2 instance + */ +extern void FP2_YYY_add(FP2_YYY *x,FP2_YYY *y,FP2_YYY *z); +/** @brief subtraction of two FP2s + * + @param x FP2 instance, on exit = y-z + @param y FP2 instance + @param z FP2 instance + */ +extern void FP2_YYY_sub(FP2_YYY *x,FP2_YYY *y,FP2_YYY *z); +/** @brief Multiplication of an FP2 by an FP + * + @param x FP2 instance, on exit = y*b + @param y FP2 instance + @param b FP residue + */ +extern void FP2_YYY_pmul(FP2_YYY *x,FP2_YYY *y,FP_YYY *b); +/** @brief Multiplication of an FP2 by a small integer + * + @param x FP2 instance, on exit = y*i + @param y FP2 instance + @param i an integer + */ +extern void FP2_YYY_imul(FP2_YYY *x,FP2_YYY *y,int i); +/** @brief Squaring an FP2 + * + @param x FP2 instance, on exit = y^2 + @param y FP2 instance + */ +extern void FP2_YYY_sqr(FP2_YYY *x,FP2_YYY *y); +/** @brief Multiplication of two FP2s + * + @param x FP2 instance, on exit = y*z + @param y FP2 instance + @param z FP2 instance + */ +extern void FP2_YYY_mul(FP2_YYY *x,FP2_YYY *y,FP2_YYY *z); +/** @brief Formats and outputs an FP2 to the console + * + @param x FP2 instance + */ +extern void FP2_YYY_output(FP2_YYY *x); +/** @brief Formats and outputs an FP2 to the console in raw form (for debugging) + * + @param x FP2 instance + */ +extern void FP2_YYY_rawoutput(FP2_YYY *x); +/** @brief Inverting an FP2 + * + @param x FP2 instance, on exit = 1/y + @param y FP2 instance + */ +extern void FP2_YYY_inv(FP2_YYY *x,FP2_YYY *y); +/** @brief Divide an FP2 by 2 + * + @param x FP2 instance, on exit = y/2 + @param y FP2 instance + */ +extern void FP2_YYY_div2(FP2_YYY *x,FP2_YYY *y); +/** @brief Multiply an FP2 by (1+sqrt(-1)) + * + Note that (1+sqrt(-1)) is irreducible for FP4 + @param x FP2 instance, on exit = x*(1+sqrt(-1)) + */ +extern void FP2_YYY_mul_ip(FP2_YYY *x); +/** @brief Divide an FP2 by (1+sqrt(-1))/2 - + * + Note that (1+sqrt(-1)) is irreducible for FP4 + @param x FP2 instance, on exit = 2x/(1+sqrt(-1)) + */ +extern void FP2_YYY_div_ip2(FP2_YYY *x); +/** @brief Divide an FP2 by (1+sqrt(-1)) + * + Note that (1+sqrt(-1)) is irreducible for FP4 + @param x FP2 instance, on exit = x/(1+sqrt(-1)) + */ +extern void FP2_YYY_div_ip(FP2_YYY *x); +/** @brief Normalises the components of an FP2 + * + @param x FP2 instance to be normalised + */ +extern void FP2_YYY_norm(FP2_YYY *x); +/** @brief Reduces all components of possibly unreduced FP2 mod Modulus + * + @param x FP2 instance, on exit reduced mod Modulus + */ +extern void FP2_YYY_reduce(FP2_YYY *x); +/** @brief Raises an FP2 to the power of a BIG + * + @param x FP2 instance, on exit = y^b + @param y FP2 instance + @param b BIG number + */ +extern void FP2_YYY_pow(FP2_YYY *x,FP2_YYY *y,BIG_XXX b); +/** @brief Square root of an FP2 + * + @param x FP2 instance, on exit = sqrt(y) + @param y FP2 instance + */ +extern int FP2_YYY_sqrt(FP2_YYY *x,FP2_YYY *y); + +/** @brief Multiply an FP2 by sqrt(-1) + * + Note that -1 is QNR + @param x FP2 instance, on exit = x*sqrt(-1) + */ +extern void FP2_YYY_times_i(FP2_YYY *x); + +#endif
