OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 // This is an implementation of the P224 elliptic curve group. It's written to | 5 // This is an implementation of the P224 elliptic curve group. It's written to |
6 // be short and simple rather than fast, although it's still constant-time. | 6 // be short and simple rather than fast, although it's still constant-time. |
7 // | 7 // |
8 // See http://www.imperialviolet.org/2010/12/04/ecc.html ([1]) for background. | 8 // See http://www.imperialviolet.org/2010/12/04/ecc.html ([1]) for background. |
9 | 9 |
10 #include "crypto/p224.h" | 10 #include "crypto/p224.h" |
(...skipping 131 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
142 | 142 |
143 // As the values become small enough, we start to store them in |out| and use | 143 // As the values become small enough, we start to store them in |out| and use |
144 // 32-bit operations. | 144 // 32-bit operations. |
145 for (int i = 1; i < 8; i++) { | 145 for (int i = 1; i < 8; i++) { |
146 in[i+1] += in[i] >> 28; | 146 in[i+1] += in[i] >> 28; |
147 (*out)[i] = static_cast<uint32>(in[i] & kBottom28Bits); | 147 (*out)[i] = static_cast<uint32>(in[i] & kBottom28Bits); |
148 } | 148 } |
149 // Eliminate the term at 2*224 that we introduced while keeping the same | 149 // Eliminate the term at 2*224 that we introduced while keeping the same |
150 // value mod p. | 150 // value mod p. |
151 in[0] -= in[8]; // reflection off the "+1" term of p. | 151 in[0] -= in[8]; // reflection off the "+1" term of p. |
152 (*out)[3] += static_cast<uint32>(in[8] & 0xffff) << 12; // "-2**96" term | 152 (*out)[3] += static_cast<uint32>(in[8] & 0xffff) << 12; // "-2**96" term |
153 (*out)[4] += static_cast<uint32>(in[8] >> 16); // rest of "-2**96" term | 153 (*out)[4] += static_cast<uint32>(in[8] >> 16); // rest of "-2**96" term |
154 // in[0] < 2**64 | 154 // in[0] < 2**64 |
155 // out[3] < 2**29 | 155 // out[3] < 2**29 |
156 // out[4] < 2**29 | 156 // out[4] < 2**29 |
157 // out[1,2,5..7] < 2**28 | 157 // out[1,2,5..7] < 2**28 |
158 | 158 |
159 (*out)[0] = static_cast<uint32>(in[0] & kBottom28Bits); | 159 (*out)[0] = static_cast<uint32>(in[0] & kBottom28Bits); |
160 (*out)[1] += static_cast<uint32>((in[0] >> 28) & kBottom28Bits); | 160 (*out)[1] += static_cast<uint32>((in[0] >> 28) & kBottom28Bits); |
161 (*out)[2] += static_cast<uint32>(in[0] >> 56); | 161 (*out)[2] += static_cast<uint32>(in[0] >> 56); |
162 // out[0] < 2**28 | 162 // out[0] < 2**28 |
(...skipping 468 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
631 void Put224Bits(uint32* out, const uint32* in) { | 631 void Put224Bits(uint32* out, const uint32* in) { |
632 out[6] = HostToNet32((in[0] >> 0) | (in[1] << 28)); | 632 out[6] = HostToNet32((in[0] >> 0) | (in[1] << 28)); |
633 out[5] = HostToNet32((in[1] >> 4) | (in[2] << 24)); | 633 out[5] = HostToNet32((in[1] >> 4) | (in[2] << 24)); |
634 out[4] = HostToNet32((in[2] >> 8) | (in[3] << 20)); | 634 out[4] = HostToNet32((in[2] >> 8) | (in[3] << 20)); |
635 out[3] = HostToNet32((in[3] >> 12) | (in[4] << 16)); | 635 out[3] = HostToNet32((in[3] >> 12) | (in[4] << 16)); |
636 out[2] = HostToNet32((in[4] >> 16) | (in[5] << 12)); | 636 out[2] = HostToNet32((in[4] >> 16) | (in[5] << 12)); |
637 out[1] = HostToNet32((in[5] >> 20) | (in[6] << 8)); | 637 out[1] = HostToNet32((in[5] >> 20) | (in[6] << 8)); |
638 out[0] = HostToNet32((in[6] >> 24) | (in[7] << 4)); | 638 out[0] = HostToNet32((in[6] >> 24) | (in[7] << 4)); |
639 } | 639 } |
640 | 640 |
641 } // anonymous namespace | 641 } // anonymous namespace |
642 | 642 |
643 namespace crypto { | 643 namespace crypto { |
644 | 644 |
645 namespace p224 { | 645 namespace p224 { |
646 | 646 |
647 bool Point::SetFromString(const base::StringPiece& in) { | 647 bool Point::SetFromString(const base::StringPiece& in) { |
648 if (in.size() != 2*28) | 648 if (in.size() != 2*28) |
649 return false; | 649 return false; |
650 const uint32* inwords = reinterpret_cast<const uint32*>(in.data()); | 650 const uint32* inwords = reinterpret_cast<const uint32*>(in.data()); |
651 Get224Bits(x, inwords); | 651 Get224Bits(x, inwords); |
(...skipping 82 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
734 Subtract(&out->y, kP, y); | 734 Subtract(&out->y, kP, y); |
735 Reduce(&out->y); | 735 Reduce(&out->y); |
736 | 736 |
737 memset(&out->z, 0, sizeof(out->z)); | 737 memset(&out->z, 0, sizeof(out->z)); |
738 out->z[0] = 1; | 738 out->z[0] = 1; |
739 } | 739 } |
740 | 740 |
741 } // namespace p224 | 741 } // namespace p224 |
742 | 742 |
743 } // namespace crypto | 743 } // namespace crypto |
OLD | NEW |