void ep2_curve_set(fp2_t a, fp2_t b, ep2_t g, bn_t r, bn_t h) { ctx_t *ctx = core_get(); ctx->ep2_is_twist = 0; fp2_copy(ctx->ep2_a, a); fp2_copy(ctx->ep2_b, b); ep2_norm(&(ctx->ep2_g), g); bn_copy(&(ctx->ep2_r), r); bn_copy(&(ctx->ep2_h), h); #if defined(EP_PRECO) ep2_mul_pre((ep2_t *)ep2_curve_get_tab(), &(ctx->ep2_g)); #endif }
void ep2_mul_gen(ep2_t r, bn_t k) { #ifdef EP_PRECO ep2_mul_fix(r, ep2_curve_get_tab(), k); #else ep2_t g; ep2_null(g); TRY { ep2_new(g); ep2_curve_get_gen(g); ep2_mul(r, g, k); } CATCH_ANY { THROW(ERR_CAUGHT); } FINALLY { ep2_free(g); } #endif }
void ep2_mul_sim_gen(ep2_t r, bn_t k, ep2_t q, bn_t l) { ep2_t gen; ep2_null(gen); TRY { ep2_new(gen); ep2_curve_get_gen(gen); #if EP_FIX == LWNAF && defined(EP_PRECO) ep2_mul_sim_plain(r, gen, k, q, l, ep2_curve_get_tab()); #else ep2_mul_sim(r, gen, k, q, l); #endif } CATCH_ANY { THROW(ERR_CAUGHT); } FINALLY { ep2_free(gen); } }
void ep2_curve_set_twist(int type) { char str[2 * FP_BYTES + 1]; ctx_t *ctx = core_get(); ep2_t g; fp2_t a; fp2_t b; bn_t r; ep2_null(g); fp2_null(a); fp2_null(b); bn_null(r); ctx->ep2_is_twist = 0; if (type == EP_MTYPE || type == EP_DTYPE) { ctx->ep2_is_twist = type; } else { return; } TRY { ep2_new(g); fp2_new(a); fp2_new(b); bn_new(r); switch (ep_param_get()) { #if FP_PRIME == 158 case BN_P158: ASSIGN(BN_P158); break; #elif FP_PRIME == 254 case BN_P254: ASSIGN(BN_P254); break; #elif FP_PRIME == 256 case BN_P256: ASSIGN(BN_P256); break; #elif FP_PRIME == 638 case BN_P638: ASSIGN(BN_P638); break; case B12_P638: ASSIGN(B12_P638); break; #endif default: (void)str; THROW(ERR_NO_VALID); break; } fp2_zero(g->z); fp_set_dig(g->z[0], 1); g->norm = 1; ep2_copy(&(ctx->ep2_g), g); fp_copy(ctx->ep2_a[0], a[0]); fp_copy(ctx->ep2_a[1], a[1]); fp_copy(ctx->ep2_b[0], b[0]); fp_copy(ctx->ep2_b[1], b[1]); bn_copy(&(ctx->ep2_r), r); /* I don't have a better place for this. */ fp_prime_calc(); #if defined(EP_PRECO) ep2_mul_pre((ep2_t *)ep2_curve_get_tab(), &(ctx->ep2_g)); #endif } CATCH_ANY { THROW(ERR_CAUGHT); } FINALLY { ep2_free(g); fp2_free(a); fp2_free(b); bn_free(r); } }
static void ep2_mul_sim_ordin(ep2_t r, ep2_t p, bn_t k, ep2_t q, bn_t l, int gen) { int len, l0, l1, i, n0, n1, w; signed char naf0[FP_BITS + 1], naf1[FP_BITS + 1], *t0, *t1; ep2_t table0[1 << (EP_WIDTH - 2)]; ep2_t table1[1 << (EP_WIDTH - 2)]; ep2_t *t = NULL; for (i = 0; i < (1 << (EP_WIDTH - 2)); i++) { ep2_null(table0[i]); ep2_null(table1[i]); } if (gen) { #if defined(EP_PRECO) t = ep2_curve_get_tab(); #endif } else { for (i = 0; i < (1 << (EP_WIDTH - 2)); i++) { ep2_new(table0[i]); } ep2_tab(table0, p, EP_WIDTH); t = table0; } /* Prepare the precomputation table. */ for (i = 0; i < (1 << (EP_WIDTH - 2)); i++) { ep2_new(table1[i]); } /* Compute the precomputation table. */ ep2_tab(table1, q, EP_WIDTH); /* Compute the w-TNAF representation of k. */ if (gen) { w = EP_DEPTH; } else { w = EP_WIDTH; } l0 = l1 = FP_BITS + 1; bn_rec_naf(naf0, &l0, k, w); bn_rec_naf(naf1, &l1, l, EP_WIDTH); len = MAX(l0, l1); t0 = naf0 + len - 1; t1 = naf1 + len - 1; for (i = l0; i < len; i++) naf0[i] = 0; for (i = l1; i < len; i++) naf1[i] = 0; ep2_set_infty(r); for (i = len - 1; i >= 0; i--, t0--, t1--) { ep2_dbl(r, r); n0 = *t0; n1 = *t1; if (n0 > 0) { ep2_add(r, r, t[n0 / 2]); } if (n0 < 0) { ep2_sub(r, r, t[-n0 / 2]); } if (n1 > 0) { ep2_add(r, r, table1[n1 / 2]); } if (n1 < 0) { ep2_sub(r, r, table1[-n1 / 2]); } } /* Convert r to affine coordinates. */ ep2_norm(r, r); /* Free the precomputation table. */ for (i = 0; i < 1 << (EP_WIDTH - 2); i++) { ep2_free(table0[i]); ep2_free(table1[i]); } }