/* Copyright (c) 1998,2011,2014 Apple Inc. All Rights Reserved. * * NOTICE: USE OF THE MATERIALS ACCOMPANYING THIS NOTICE IS SUBJECT * TO THE TERMS OF THE SIGNED "FAST ELLIPTIC ENCRYPTION (FEE) REFERENCE * SOURCE CODE EVALUATION AGREEMENT" BETWEEN APPLE, INC. AND THE * ORIGINAL LICENSEE THAT OBTAINED THESE MATERIALS FROM APPLE, * INC. ANY USE OF THESE MATERIALS NOT PERMITTED BY SUCH AGREEMENT WILL * EXPOSE YOU TO LIABILITY. *************************************************************************** * * elliptic.h - Fast Elliptic Encryption functions. * * Revision History * ---------------- * 10/06/98 ap * Changed to compile with C++. * 19 Feb 97 at NeXT * Created. */ #ifndef _CK_NSFEE_H_ #define _CK_NSFEE_H_ #include "giantIntegers.h" #include "feeTypes.h" #include "curveParams.h" #ifdef __cplusplus extern "C" { #endif /* * Twist, or "which curve", parameter. */ #define CURVE_PLUS ((int)1) #define CURVE_MINUS ((int)(-1)) typedef struct { int twist; // CURVE_PLUS or CURVE_MINUS giant x; // x coord of public key /* * only valid for (twist == CURVE_PLUS) and curveType CT_WEIERSTRASS. * Otherwise it's a zero-value giant. */ giant y; // y coord of public key /* * Note: this module never allocs or frees a curveParams structs. * This field is always maintained by clients of this module. */ curveParams *cp; // common curve parameters } keystruct; typedef keystruct *key; /* * Select which curve is the default curve for calculating signatures and * doing key exchange. This *must* be CURVE_PLUS for key exchange to work * with ECDSA keys and curves. */ #define DEFAULT_CURVE CURVE_PLUS key new_public(curveParams *cp, int twist); /* * Specify private data for key created by new_public(). * Generates k->x. */ void set_priv_key_giant(key k, giant privGiant); /* * Generate new key with twist and k->x from old_key. */ key new_public_with_key(key old_key, curveParams *cp); /* * Returns 1 if all parameters of two keys are equal, else returns 0. */ int key_equal(key first, key second); /* * De-allocate an allocated key. */ void free_key(key pub); /* * x3 = x1 + x2 on the curve, with sign ambiguity s. * * Note that int s is not just the twist field, because both s = +-1 must * be tested in general. */ void elliptic_add(giant x1, giant x2, giant x3, curveParams *par, int s); /* * Values for the 's', or sign, argument to elliptic_add(). */ #define SIGN_PLUS 1 #define SIGN_MINUS (-1) /* * Elliptic multiply: x := n * {x, 1} */ void elliptic_simple(giant x, giant n, curveParams *par); /* * General elliptic multiply: {xx, zz} := k * {xx, zz} */ void elliptic(giant xx, giant zz, giant k, curveParams *par); /* * Returns CURVE_PLUS or CURVE_MINUS, indicating which curve a particular * x coordinate resides on. */ int which_curve(giant x, curveParams *par); /* * Generate (2**q)-k. */ void make_base_prim(curveParams *cp); /* * return a new giant that is the pad from private data and public key */ giant make_pad(giant privGiant, key publicKey); /* * Returns non-zero if x(p1) cannot be the x-coordinate of the * sum of two points whose respective x-coordinates are x(p2), x(p3). */ int signature_compare(giant p0x, giant p1x, giant p2x, curveParams *par); /* * Set g := g mod curveOrder; * force g to be between 2 and (curveOrder-2), inclusive. */ void curveOrderJustify(giant g, giant curveOrder); void lesserX1OrderJustify(giant g, curveParams *cp); void x1OrderPlusJustify(giant g, curveParams *cp); void x1OrderPlusMod(giant g, curveParams *cp); void calcX1OrderPlusRecip(curveParams *cp); /* * x := x mod basePrime. */ void feemod(curveParams *par, giant x); /* * For a given curveParams, calculate minBytes and maxDigits. */ void calcGiantSizes(curveParams *cp); unsigned giantMinBytes(unsigned q, int k); unsigned giantMaxDigits(unsigned minBytes); int binvg_cp(curveParams *cp, giant x); int binvg_x1OrderPlus(curveParams *cp, giant x); #ifdef __cplusplus } #endif #endif /*_CK_NSFEE_H_*/