Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / boringssl / 9083ef933c7f44d6ee3cd1b7ca91135fdada8e31 / . / src / crypto / fipsmodule / ec / p256-x86_64.h
blob: 6a0bebb75eb2fc4373ab1e93b94681935a495392 [file] [log] [blame]
Steven Valdez909b19f2016-11-21 15:35:44 -0500[diff] [blame]1/* Copyright (c) 2014, Intel Corporation.
2 *
3 * Permission to use, copy, modify, and/or distribute this software for any
4 * purpose with or without fee is hereby granted, provided that the above
5 * copyright notice and this permission notice appear in all copies.
6 *
7 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
8 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
9 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
10 * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
11 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
12 * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
13 * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
14
15#ifndef OPENSSL_HEADER_EC_P256_X86_64_H
16#define OPENSSL_HEADER_EC_P256_X86_64_H
17
18#include <openssl/base.h>
19
20#include <openssl/bn.h>
21
22#if defined(__cplusplus)
23extern "C" {
24#endif
25
26
27#if !defined(OPENSSL_NO_ASM) && defined(OPENSSL_X86_64) && \
28 !defined(OPENSSL_SMALL)
29
Robert Sloan8f860b12017-08-28 07:37:06 -0700[diff] [blame]30// P-256 field operations.
31//
32// An element mod P in P-256 is represented as a little-endian array of
33// |P256_LIMBS| |BN_ULONG|s, spanning the full range of values.
34//
35// The following functions take fully-reduced inputs mod P and give
36// fully-reduced outputs. They may be used in-place.
Steven Valdez909b19f2016-11-21 15:35:44 -0500[diff] [blame]37
38#define P256_LIMBS (256 / BN_BITS2)
39
Robert Sloan8f860b12017-08-28 07:37:06 -0700[diff] [blame]40// ecp_nistz256_neg sets |res| to -|a| mod P.
Steven Valdez909b19f2016-11-21 15:35:44 -0500[diff] [blame]41void ecp_nistz256_neg(BN_ULONG res[P256_LIMBS], const BN_ULONG a[P256_LIMBS]);
42
Robert Sloan8f860b12017-08-28 07:37:06 -0700[diff] [blame]43// ecp_nistz256_mul_mont sets |res| to |a| * |b| * 2^-256 mod P.
Steven Valdez909b19f2016-11-21 15:35:44 -0500[diff] [blame]44void ecp_nistz256_mul_mont(BN_ULONG res[P256_LIMBS],
45 const BN_ULONG a[P256_LIMBS],
46 const BN_ULONG b[P256_LIMBS]);
47
Robert Sloan8f860b12017-08-28 07:37:06 -0700[diff] [blame]48// ecp_nistz256_sqr_mont sets |res| to |a| * |a| * 2^-256 mod P.
Steven Valdez909b19f2016-11-21 15:35:44 -0500[diff] [blame]49void ecp_nistz256_sqr_mont(BN_ULONG res[P256_LIMBS],
50 const BN_ULONG a[P256_LIMBS]);
51
Robert Sloan8f860b12017-08-28 07:37:06 -0700[diff] [blame]52// ecp_nistz256_from_mont sets |res| to |in|, converted from Montgomery domain
53// by multiplying with 1.
Steven Valdezb0b45c62017-01-17 16:23:54 -0500[diff] [blame]54static inline void ecp_nistz256_from_mont(BN_ULONG res[P256_LIMBS],
55 const BN_ULONG in[P256_LIMBS]) {
56 static const BN_ULONG ONE[P256_LIMBS] = { 1 };
57 ecp_nistz256_mul_mont(res, in, ONE);
58}
Steven Valdez909b19f2016-11-21 15:35:44 -0500[diff] [blame]59
60
Robert Sloan8f860b12017-08-28 07:37:06 -0700[diff] [blame]61// P-256 point operations.
62//
63// The following functions may be used in-place. All coordinates are in the
64// Montgomery domain.
Steven Valdez909b19f2016-11-21 15:35:44 -0500[diff] [blame]65
Robert Sloan8f860b12017-08-28 07:37:06 -0700[diff] [blame]66// A P256_POINT represents a P-256 point in Jacobian coordinates.
Steven Valdez909b19f2016-11-21 15:35:44 -0500[diff] [blame]67typedef struct {
68 BN_ULONG X[P256_LIMBS];
69 BN_ULONG Y[P256_LIMBS];
70 BN_ULONG Z[P256_LIMBS];
71} P256_POINT;
72
Robert Sloan8f860b12017-08-28 07:37:06 -0700[diff] [blame]73// A P256_POINT_AFFINE represents a P-256 point in affine coordinates. Infinity
74// is encoded as (0, 0).
Steven Valdez909b19f2016-11-21 15:35:44 -0500[diff] [blame]75typedef struct {
76 BN_ULONG X[P256_LIMBS];
77 BN_ULONG Y[P256_LIMBS];
78} P256_POINT_AFFINE;
79
Robert Sloan8f860b12017-08-28 07:37:06 -0700[diff] [blame]80// ecp_nistz256_select_w5 sets |*val| to |in_t[index-1]| if 1 <= |index| <= 16
81// and all zeros (the point at infinity) if |index| is 0. This is done in
82// constant time.
Steven Valdez909b19f2016-11-21 15:35:44 -0500[diff] [blame]83void ecp_nistz256_select_w5(P256_POINT *val, const P256_POINT in_t[16],
84 int index);
85
Robert Sloan8f860b12017-08-28 07:37:06 -0700[diff] [blame]86// ecp_nistz256_select_w7 sets |*val| to |in_t[index-1]| if 1 <= |index| <= 64
87// and all zeros (the point at infinity) if |index| is 0. This is done in
88// constant time.
Steven Valdez909b19f2016-11-21 15:35:44 -0500[diff] [blame]89void ecp_nistz256_select_w7(P256_POINT_AFFINE *val,
90 const P256_POINT_AFFINE in_t[64], int index);
91
Robert Sloan8f860b12017-08-28 07:37:06 -0700[diff] [blame]92// ecp_nistz256_point_double sets |r| to |a| doubled.
Steven Valdez909b19f2016-11-21 15:35:44 -0500[diff] [blame]93void ecp_nistz256_point_double(P256_POINT *r, const P256_POINT *a);
94
Robert Sloan8f860b12017-08-28 07:37:06 -0700[diff] [blame]95// ecp_nistz256_point_add adds |a| to |b| and places the result in |r|.
Steven Valdez909b19f2016-11-21 15:35:44 -0500[diff] [blame]96void ecp_nistz256_point_add(P256_POINT *r, const P256_POINT *a,
97 const P256_POINT *b);
98
Robert Sloan8f860b12017-08-28 07:37:06 -0700[diff] [blame]99// ecp_nistz256_point_add_affine adds |a| to |b| and places the result in
100// |r|. |a| and |b| must not represent the same point unless they are both
101// infinity.
Steven Valdez909b19f2016-11-21 15:35:44 -0500[diff] [blame]102void ecp_nistz256_point_add_affine(P256_POINT *r, const P256_POINT *a,
103 const P256_POINT_AFFINE *b);
104
105#endif /* !defined(OPENSSL_NO_ASM) && defined(OPENSSL_X86_64) && \
106 !defined(OPENSSL_SMALL) */
107
108
109#if defined(__cplusplus)
Robert Sloan8f860b12017-08-28 07:37:06 -0700[diff] [blame]110} // extern C++
Steven Valdez909b19f2016-11-21 15:35:44 -0500[diff] [blame]111#endif
112
Robert Sloan8f860b12017-08-28 07:37:06 -0700[diff] [blame]113#endif // OPENSSL_HEADER_EC_P256_X86_64_H