NN_UINT
omega_mul(NN_DIGIT *a, NN_DIGIT *b, NN_DIGIT *omega, NN_UINT digits)
{
#ifdef EIGHT_BIT_PROCESSOR
NN_Assign(a, b, digits);
NN_Add(a+8, a+8, b, digits+1);
return (digits+9);
/* EIGHT_BIT_PROCESSOR */
#elif defined(SIXTEEN_BIT_PROCESSOR)
NN_Assign(a, b, digits);
NN_Add(a+4, a+4, b, digits+1);
return (digits+5);
/* SIXTEEN_BIT_PROCESSOR */
#elif defined(THIRTYTWO_BIT_PROCESSOR)
NN_Assign(a, b, digits);
NN_Add(&a[2], &a[2], b, digits+1);
return (digits+3);
#endif /* THIRTYTWO_BIT_PROCESSOR */
}
/* Generates a probable prime a between b and c such that a-1 is divisible by d.
Lengths: a[digits], b[digits], c[digits], d[digits].
Assumes b < c, digits < MAX_NN_DIGITS.
Returns RE_NEED_RANDOM if randomStruct not seeded, RE_DATA if
unsuccessful.
*/
int GeneratePrime(NN_DIGIT *a, NN_DIGIT *b, NN_DIGIT *c, NN_DIGIT *d, unsigned int digits, R_RANDOM_STRUCT *randomStruct)
{
int status;
unsigned char block[MAX_NN_DIGITS * NN_DIGIT_LEN];
NN_DIGIT t[MAX_NN_DIGITS], u[MAX_NN_DIGITS];
/* Generate random number between b and c.
*/
if ((status = R_GenerateBytes (block, digits * NN_DIGIT_LEN, randomStruct))!=0) return (status);
NN_Decode (a, digits, block, digits * NN_DIGIT_LEN);
NN_Sub (t, c, b, digits);
NN_ASSIGN_DIGIT (u, 1, digits);
NN_Add (t, t, u, digits);
NN_Mod (a, a, digits, t, digits);
NN_Add (a, a, b, digits);
/* Adjust so that a-1 is divisible by d.
*/
NN_Mod (t, a, digits, d, digits);
NN_Sub (a, a, t, digits);
NN_Add (a, a, u, digits);
if (NN_Cmp (a, b, digits) < 0) NN_Add (a, a, d, digits);
if (NN_Cmp (a, c, digits) > 0) NN_Sub (a, a, d, digits);
/* Search to c in steps of d.
*/
NN_Assign (t, c, digits);
NN_Sub (t, t, d, digits);
while (! ProbablePrime (a, digits)) {
if (NN_Cmp (a, t, digits) > 0) return (RE_DATA);
NN_Add(a, a, d, digits);
};
return (0);
}
/*---------------------------------------------------------------------------*/
void
ecc_m_dbl_projective(point_t * P0, NN_DIGIT *Z0, uint8_t m)
{
uint8_t i;
NN_DIGIT W[NUMWORDS];
NN_DIGIT A[NUMWORDS];
NN_DIGIT B[NUMWORDS];
NN_DIGIT t1[NUMWORDS];
NN_DIGIT y2[NUMWORDS];
if(NN_Zero(Z0, NUMWORDS)){
return;
}
/* P0->y = 2*P0->y */
NN_LShift(P0->y, P0->y, 1, NUMWORDS);
NN_ModSmall(P0->y, param.p, NUMWORDS);
/* W = Z^4 */
NN_ModSqrOpt(W, Z0, param.p, param.omega, NUMWORDS);
NN_ModSqrOpt(W, W, param.p, param.omega, NUMWORDS);
for(i=0; i<m; i++) {
if(param.E.a_minus3) {
/* A = 3(X^2-W) */
NN_ModSqrOpt(A, P0->x, param.p, param.omega, NUMWORDS);
NN_ModSub(A, A, W, param.p, NUMWORDS);
NN_LShift(t1, A, 1, NUMWORDS);
NN_ModSmall(t1, param.p, NUMWORDS);
NN_ModAdd(A, A, t1, param.p, NUMWORDS);
} else if(param.E.a_zero) {
/* A = 3*X^2 */
NN_ModSqrOpt(t1, P0->x, param.p, param.omega, NUMWORDS);
NN_LShift(A, t1, 1, NUMWORDS);
NN_ModSmall(A, param.p, NUMWORDS);
NN_ModAdd(A, A, t1, param.p, NUMWORDS);
} else {
/* A = 3*X^2 + a*W */
NN_ModSqrOpt(t1, P0->x, param.p, param.omega, NUMWORDS);
NN_LShift(A, t1, 1, NUMWORDS);
NN_ModSmall(A, param.p, NUMWORDS);
NN_ModAdd(A, A, t1, param.p, NUMWORDS);
NN_ModMultOpt(t1, param.E.a, W, param.p, param.omega, NUMWORDS);
NN_ModAdd(A, A, t1, param.p, NUMWORDS);
}
/* B = X*Y^2 */
NN_ModSqrOpt(y2, P0->y, param.p, param.omega, NUMWORDS);
NN_ModMultOpt(B, P0->x, y2, param.p, param.omega, NUMWORDS);
/* X = A^2 - 2B */
NN_ModSqrOpt(P0->x, A, param.p, param.omega, NUMWORDS);
NN_LShift(t1, B, 1, NUMWORDS);
NN_ModSmall(t1, param.p, NUMWORDS);
NN_ModSub(P0->x, P0->x, t1, param.p, NUMWORDS);
/* Z = Z*Y */
NN_ModMultOpt(Z0, Z0, P0->y, param.p, param.omega, NUMWORDS);
NN_ModSqrOpt(y2, y2, param.p, param.omega, NUMWORDS);
if (i < m-1) {
/* W = W*Y^4 */
NN_ModMultOpt(W, W, y2, param.p, param.omega, NUMWORDS);
}
/* Y = 2A(B-X)-Y^4 */
NN_LShift(A, A, 1, NUMWORDS);
NN_ModSmall(A, param.p, NUMWORDS);
NN_ModSub(B, B, P0->x, param.p, NUMWORDS);
NN_ModMultOpt(A, A, B, param.p, param.omega, NUMWORDS);
NN_ModSub(P0->y, A, y2, param.p, NUMWORDS);
}
if((P0->y[0] % 2) == 1) {
NN_Add(P0->y, P0->y, param.p, NUMWORDS);
}
NN_RShift(P0->y, P0->y, 1, NUMWORDS);
}
/*---------------------------------------------------------------------------*/
void
ecc_add_proj(point_t * P0, NN_DIGIT *Z0, point_t * P1, NN_DIGIT * Z1, point_t * P2, NN_DIGIT * Z2)
{
NN_DIGIT n0[NUMWORDS];
NN_DIGIT n1[NUMWORDS];
NN_DIGIT n2[NUMWORDS];
NN_DIGIT n3[NUMWORDS];
NN_DIGIT n4[NUMWORDS];
NN_DIGIT n5[NUMWORDS];
NN_DIGIT n6[NUMWORDS];
if(NN_Zero(Z1, NUMWORDS)) {
p_copy(P0, P2);
NN_Assign(Z0, Z2, NUMWORDS);
return;
}
if(NN_Zero(Z2, NUMWORDS)) {
p_copy(P0, P1);
NN_Assign(Z0, Z1, NUMWORDS);
return;
}
/* double */
if(p_equal(P1, P2)) {
ecc_dbl_proj(P0, Z0, P1, Z1);
return;
}
/* add_proj
* n1, n2
*/
if(Z_is_one(Z2)) {
/* n1 = P1->x, n2 = P1->y */
NN_Assign(n1, P1->x, NUMWORDS);
NN_Assign(n2, P1->y, NUMWORDS);
} else {
/* n1 = P1->x * Z2^2 */
NN_ModSqrOpt(n0, Z2, param.p, param.omega, NUMWORDS);
NN_ModMultOpt(n1, P1->x, n0, param.p, param.omega, NUMWORDS);
/* n2 = P1->y * Z2^3 */
NN_ModMultOpt(n0, n0, Z2, param.p, param.omega, NUMWORDS);
NN_ModMultOpt(n2, P1->y, n0, param.p, param.omega, NUMWORDS);
}
/* n3, n4 */
if(Z_is_one(Z1)) {
/* n3 = P2->x, n4 = P2->y */
NN_Assign(n3, P2->x, NUMWORDS);
NN_Assign(n4, P2->y, NUMWORDS);
} else {
/* n3 = P2->x * Z1^2 */
NN_ModSqrOpt(n0, Z1, param.p, param.omega, NUMWORDS);
NN_ModMultOpt(n3, P2->x, n0, param.p, param.omega, NUMWORDS);
/* n4 = P2->y * Z1^3 */
NN_ModMultOpt(n0, n0, Z1, param.p, param.omega, NUMWORDS);
NN_ModMultOpt(n4, P2->y, n0, param.p, param.omega, NUMWORDS);
}
/* n5 = n1 - n3, n6 = n2 - n4 */
NN_ModSub(n5, n1, n3, param.p, NUMWORDS);
NN_ModSub(n6, n2, n4, param.p, NUMWORDS);
if(NN_Zero(n5, NUMWORDS)) {
if(NN_Zero(n6, NUMWORDS)) {
/* P1 and P2 are same point */
ecc_dbl_proj(P0, Z0, P1, Z1);
return;
}
} else {
/* P1 is the inverse of P2 */
NN_AssignZero(Z0, NUMWORDS);
return;
}
/* 'n7' = n1 + n3, 'n8' = n2 + n4 */
NN_ModAdd(n1, n1, n3, param.p, NUMWORDS);
NN_ModAdd(n2, n2, n4, param.p, NUMWORDS);
/* Z0 = Z1 * Z2 * n5 */
if(Z_is_one(Z1) && Z_is_one(Z2)) {
NN_Assign(Z0, n5, NUMWORDS);
} else {
if(Z_is_one(Z1)) {
NN_Assign(n0, Z2, NUMWORDS);
} else if(Z_is_one(Z2)) {
NN_Assign(n0, Z1, NUMWORDS);
} else {
NN_ModMultOpt(n0, Z1, Z2, param.p, param.omega, NUMWORDS);
}
NN_ModMultOpt(Z0, n0, n5, param.p, param.omega, NUMWORDS);
}
/* P0->x = n6^2 - n5^2 * 'n7' */
NN_ModSqrOpt(n0, n6, param.p, param.omega, NUMWORDS);
NN_ModSqrOpt(n4, n5, param.p, param.omega, NUMWORDS);
NN_ModMultOpt(n3, n1, n4, param.p, param.omega, NUMWORDS);
NN_ModSub(P0->x, n0, n3, param.p, NUMWORDS);
/* 'n9' = n5^2 * 'n7' - 2 * P0->x */
NN_LShift(n0, P0->x, 1, NUMWORDS);
NN_ModSmall(n0, param.p, NUMWORDS);
NN_ModSub(n0, n3, n0, param.p, NUMWORDS);
/* P0->y = (n6 * 'n9' - 'n8' * 'n5^3') / 2 */
NN_ModMultOpt(n0, n0, n6, param.p, param.omega, NUMWORDS);
NN_ModMultOpt(n5, n4, n5, param.p, param.omega, NUMWORDS);
NN_ModMultOpt(n1, n2, n5, param.p, param.omega, NUMWORDS);
NN_ModSub(n0, n0, n1, param.p, NUMWORDS);
if((n0[0] % 2) == 1) {
NN_Add(n0, n0, param.p, NUMWORDS);
}
NN_RShift(P0->y, n0, 1, NUMWORDS);
}
