Lines Matching full:curve
46 /* Returns curv25519 curve param */
585 * Handbook of Elliptic and Hyperelliptic Curve Cryptography.
932 * Elliptic Curve Domain Parameters" section G.1.4
957 const struct ecc_curve *curve) in vli_mmod_fast() argument
960 const u64 *curve_prime = curve->p; in vli_mmod_fast()
961 const unsigned int ndigits = curve->g.ndigits; in vli_mmod_fast()
964 if (strncmp(curve->name, "nist_", 5) != 0) { in vli_mmod_fast()
1002 * Assumes that mod is big enough curve order.
1016 const struct ecc_curve *curve) in vli_mod_mult_fast() argument
1020 vli_mult(product, left, right, curve->g.ndigits); in vli_mod_mult_fast()
1021 vli_mmod_fast(result, product, curve); in vli_mod_mult_fast()
1026 const struct ecc_curve *curve) in vli_mod_square_fast() argument
1030 vli_square(product, left, curve->g.ndigits); in vli_mod_square_fast()
1031 vli_mmod_fast(result, product, curve); in vli_mod_square_fast()
1130 const struct ecc_curve *curve) in ecc_point_double_jacobian() argument
1135 const u64 *curve_prime = curve->p; in ecc_point_double_jacobian()
1136 const unsigned int ndigits = curve->g.ndigits; in ecc_point_double_jacobian()
1142 vli_mod_square_fast(t4, y1, curve); in ecc_point_double_jacobian()
1144 vli_mod_mult_fast(t5, x1, t4, curve); in ecc_point_double_jacobian()
1146 vli_mod_square_fast(t4, t4, curve); in ecc_point_double_jacobian()
1148 vli_mod_mult_fast(y1, y1, z1, curve); in ecc_point_double_jacobian()
1150 vli_mod_square_fast(z1, z1, curve); in ecc_point_double_jacobian()
1159 vli_mod_mult_fast(x1, x1, z1, curve); in ecc_point_double_jacobian()
1176 vli_mod_square_fast(z1, x1, curve); in ecc_point_double_jacobian()
1184 vli_mod_mult_fast(x1, x1, t5, curve); in ecc_point_double_jacobian()
1194 static void apply_z(u64 *x1, u64 *y1, u64 *z, const struct ecc_curve *curve) in apply_z() argument
1198 vli_mod_square_fast(t1, z, curve); /* z^2 */ in apply_z()
1199 vli_mod_mult_fast(x1, x1, t1, curve); /* x1 * z^2 */ in apply_z()
1200 vli_mod_mult_fast(t1, t1, z, curve); /* z^3 */ in apply_z()
1201 vli_mod_mult_fast(y1, y1, t1, curve); /* y1 * z^3 */ in apply_z()
1206 u64 *p_initial_z, const struct ecc_curve *curve) in xycz_initial_double() argument
1209 const unsigned int ndigits = curve->g.ndigits; in xycz_initial_double()
1220 apply_z(x1, y1, z, curve); in xycz_initial_double()
1222 ecc_point_double_jacobian(x1, y1, z, curve); in xycz_initial_double()
1224 apply_z(x2, y2, z, curve); in xycz_initial_double()
1232 const struct ecc_curve *curve) in xycz_add() argument
1236 const u64 *curve_prime = curve->p; in xycz_add()
1237 const unsigned int ndigits = curve->g.ndigits; in xycz_add()
1242 vli_mod_square_fast(t5, t5, curve); in xycz_add()
1244 vli_mod_mult_fast(x1, x1, t5, curve); in xycz_add()
1246 vli_mod_mult_fast(x2, x2, t5, curve); in xycz_add()
1250 vli_mod_square_fast(t5, y2, curve); in xycz_add()
1259 vli_mod_mult_fast(y1, y1, x2, curve); in xycz_add()
1263 vli_mod_mult_fast(y2, y2, x2, curve); in xycz_add()
1275 const struct ecc_curve *curve) in xycz_add_c() argument
1281 const u64 *curve_prime = curve->p; in xycz_add_c()
1282 const unsigned int ndigits = curve->g.ndigits; in xycz_add_c()
1287 vli_mod_square_fast(t5, t5, curve); in xycz_add_c()
1289 vli_mod_mult_fast(x1, x1, t5, curve); in xycz_add_c()
1291 vli_mod_mult_fast(x2, x2, t5, curve); in xycz_add_c()
1300 vli_mod_mult_fast(y1, y1, t6, curve); in xycz_add_c()
1304 vli_mod_square_fast(x2, y2, curve); in xycz_add_c()
1311 vli_mod_mult_fast(y2, y2, t7, curve); in xycz_add_c()
1316 vli_mod_square_fast(t7, t5, curve); in xycz_add_c()
1322 vli_mod_mult_fast(t6, t6, t5, curve); in xycz_add_c()
1331 u64 *initial_z, const struct ecc_curve *curve, in ecc_point_mult() argument
1339 u64 *curve_prime = curve->p; in ecc_point_mult()
1344 carry = vli_add(sk[0], scalar, curve->n, ndigits); in ecc_point_mult()
1345 vli_add(sk[1], sk[0], curve->n, ndigits); in ecc_point_mult()
1347 if (curve->nbits == 521) /* NIST P521 */ in ecc_point_mult()
1348 num_bits = curve->nbits + 2; in ecc_point_mult()
1355 xycz_initial_double(rx[1], ry[1], rx[0], ry[0], initial_z, curve); in ecc_point_mult()
1359 xycz_add_c(rx[1 - nb], ry[1 - nb], rx[nb], ry[nb], curve); in ecc_point_mult()
1360 xycz_add(rx[nb], ry[nb], rx[1 - nb], ry[1 - nb], curve); in ecc_point_mult()
1364 xycz_add_c(rx[1 - nb], ry[1 - nb], rx[nb], ry[nb], curve); in ecc_point_mult()
1370 vli_mod_mult_fast(z, z, ry[1 - nb], curve); in ecc_point_mult()
1372 vli_mod_mult_fast(z, z, point->x, curve); in ecc_point_mult()
1378 vli_mod_mult_fast(z, z, point->y, curve); in ecc_point_mult()
1380 vli_mod_mult_fast(z, z, rx[1 - nb], curve); in ecc_point_mult()
1383 xycz_add(rx[nb], ry[nb], rx[1 - nb], ry[1 - nb], curve); in ecc_point_mult()
1385 apply_z(rx[0], ry[0], z, curve); in ecc_point_mult()
1394 const struct ecc_curve *curve) in ecc_point_add() argument
1399 unsigned int ndigits = curve->g.ndigits; in ecc_point_add()
1403 vli_mod_sub(z, result->x, p->x, curve->p, ndigits); in ecc_point_add()
1406 xycz_add(px, py, result->x, result->y, curve); in ecc_point_add()
1407 vli_mod_inv(z, z, curve->p, ndigits); in ecc_point_add()
1408 apply_z(result->x, result->y, z, curve); in ecc_point_add()
1417 const struct ecc_curve *curve) in ecc_point_mult_shamir() argument
1423 unsigned int ndigits = curve->g.ndigits; in ecc_point_mult_shamir()
1431 ecc_point_add(&sum, p, q, curve); in ecc_point_mult_shamir()
1449 ecc_point_double_jacobian(rx, ry, z, curve); in ecc_point_mult_shamir()
1460 apply_z(tx, ty, z, curve); in ecc_point_mult_shamir()
1461 vli_mod_sub(tz, rx, tx, curve->p, ndigits); in ecc_point_mult_shamir()
1462 xycz_add(tx, ty, rx, ry, curve); in ecc_point_mult_shamir()
1463 vli_mod_mult_fast(z, z, tz, curve); in ecc_point_mult_shamir()
1466 vli_mod_inv(z, z, curve->p, ndigits); in ecc_point_mult_shamir()
1467 apply_z(rx, ry, z, curve); in ecc_point_mult_shamir()
1477 static int __ecc_is_key_valid(const struct ecc_curve *curve, in __ecc_is_key_valid() argument
1486 if (curve->g.ndigits != ndigits) in __ecc_is_key_valid()
1492 vli_sub(res, curve->n, one, ndigits); in __ecc_is_key_valid()
1504 const struct ecc_curve *curve = ecc_get_curve(curve_id); in ecc_is_key_valid() local
1511 return __ecc_is_key_valid(curve, private_key, ndigits); in ecc_is_key_valid()
1525 const struct ecc_curve *curve = ecc_get_curve(curve_id); in ecc_gen_privkey() local
1527 unsigned int nbits = vli_num_bits(curve->n, ndigits); in ecc_gen_privkey()
1559 if (__ecc_is_key_valid(curve, private_key, ndigits)) in ecc_gen_privkey()
1571 const struct ecc_curve *curve = ecc_get_curve(curve_id); in ecc_make_pub_key() local
1584 ecc_point_mult(pk, &curve->g, private_key, NULL, curve, ndigits); in ecc_make_pub_key()
1587 if (ecc_is_pubkey_valid_full(curve, pk)) { in ecc_make_pub_key()
1603 int ecc_is_pubkey_valid_partial(const struct ecc_curve *curve, in ecc_is_pubkey_valid_partial() argument
1608 if (WARN_ON(pk->ndigits != curve->g.ndigits)) in ecc_is_pubkey_valid_partial()
1616 if (vli_cmp(curve->p, pk->x, pk->ndigits) != 1) in ecc_is_pubkey_valid_partial()
1618 if (vli_cmp(curve->p, pk->y, pk->ndigits) != 1) in ecc_is_pubkey_valid_partial()
1622 vli_mod_square_fast(yy, pk->y, curve); /* y^2 */ in ecc_is_pubkey_valid_partial()
1623 vli_mod_square_fast(xxx, pk->x, curve); /* x^2 */ in ecc_is_pubkey_valid_partial()
1624 vli_mod_mult_fast(xxx, xxx, pk->x, curve); /* x^3 */ in ecc_is_pubkey_valid_partial()
1625 vli_mod_mult_fast(w, curve->a, pk->x, curve); /* a·x */ in ecc_is_pubkey_valid_partial()
1626 vli_mod_add(w, w, curve->b, curve->p, pk->ndigits); /* a·x + b */ in ecc_is_pubkey_valid_partial()
1627 vli_mod_add(w, w, xxx, curve->p, pk->ndigits); /* x^3 + a·x + b */ in ecc_is_pubkey_valid_partial()
1636 int ecc_is_pubkey_valid_full(const struct ecc_curve *curve, in ecc_is_pubkey_valid_full() argument
1642 int ret = ecc_is_pubkey_valid_partial(curve, pk); in ecc_is_pubkey_valid_full()
1652 ecc_point_mult(nQ, pk, curve->n, NULL, curve, pk->ndigits); in ecc_is_pubkey_valid_full()
1670 const struct ecc_curve *curve = ecc_get_curve(curve_id); in crypto_ecdh_shared_secret() local
1689 ret = ecc_is_pubkey_valid_partial(curve, pk); in crypto_ecdh_shared_secret()
1699 ecc_point_mult(product, pk, private_key, rand_z, curve, ndigits); in crypto_ecdh_shared_secret()
1718 MODULE_DESCRIPTION("core elliptic curve module");