Rearrange the file tree.

[u/mdw/catacomb] / calc / ecp.cal

/* -*-apcalc-*-
 *
 * Testbed for elliptic curve arithmetic over prime fields
 *
 * (c) 2000 Straylight/Edgeware
 */

/*----- Licensing notice --------------------------------------------------*
 *
 * This file is part of Catacomb.
 *
 * Catacomb is free software; you can redistribute it and/or modify
 * it under the terms of the GNU Library General Public License as
 * published by the Free Software Foundation; either version 2 of the
 * License, or (at your option) any later version.
 *
 * Catacomb is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Library General Public License for more details.
 *
 * You should have received a copy of the GNU Library General Public
 * License along with Catacomb; if not, write to the Free
 * Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
 * MA 02111-1307, USA.
 */

/*----- Object types ------------------------------------------------------*/

obj ecp_curve { a, b, p };
obj ecp_pt { x, y, e };

/*----- Main code ---------------------------------------------------------*/

define ecp_curve(a, b, p)
{
  local obj ecp_curve e;
  e.a = a;
  e.b = b;
  e.p = p;
  return (e);
}

define ecp_pt(x, y, e)
{
  local obj ecp_pt p;
  p.x = x % e.p;
  p.y = y % e.p;
  p.e = e;
  return (p);
}

define ecp_pt_print(a)
{
  print "(" : a.x : ", " : a.y : ")" :;
}

define ecp_pt_add(a, b)
{
  local e, alpha;
  local obj ecp_pt d;

  if (a == 0)
    d = b;
  else if (b == 0)
    d = a;
  else if (!istype(a, b))
    quit "bad type arguments to ecp_pt_add";
  else if (a.e != b.e)
    quit "points from different curves in ecp_pt_add";
  else {
    e = a.e;
    if (a.x == b.x) {
      if (a.y != b.y) {
        return (0);
      }
      alpha = (3 * a.x^2 + e.a) * minv(2 * a.y, e.p) % e.p;
    } else
      alpha = (b.y - a.y) * minv(b.x - a.x, e.p) % e.p;

    d.x = (alpha^2 - a.x - b.x) % e.p;
    d.y = (-a.y + alpha * (a.x - d.x)) % e.p;
    d.e = e;
  }

  return (d);
}

define ecp_pt_dbl(a)
{
  local e, alpha;
  local obj ecp_pt d;
  if (istype(a, 1))
    return (0);
  e = a.e;
  alpha = (3 * a.x^2 + e.a) * minv(2 * a.y, e.p) % e.p;
  d.x = (alpha^2 - 2 * a.x) % e.p;
  d.y = (-a.y + alpha * (a.x - d.x)) % e.p;
  d.e = e;
  return (d);
}

define ecp_pt_neg(a)
{
  local obj ecp_pt d;
  d.x = a.x;
  d.y = a.e.p - a.y;
  d.e = a.e;
  return (d);
}

define ecp_pt_check(a)
{
  local e;

  e = a.e;
  if (a.y^2 % e.p != (a.x^3 + e.a * a.x + e.b) % e.p)
    quit "bad curve point";
}

define ecp_pt_mul(a, b)
{
  local p, n;
  local d;

  if (istype(a, 1)) {
    n = a;
    p = b;
  } else if (istype(b, 1)) {
    n = b;
    p = a;
  } else
    return (newerror("bad arguments to ecp_pt_mul"));

  d = 0;
  while (n) {
    if (n & 1)
      d += p;
    n >>= 1;
    p = ecp_pt_dbl(p);
  }
  return (d);
}

/*----- FIPS186-2 standard curves -----------------------------------------*/

p192 = ecp_curve(-3, 0x64210519e59c80e70fa7e9ab72243049feb8deecc146b9b1,
                 6277101735386680763835789423207666416083908700390324961279);
p192_r = 6277101735386680763835789423176059013767194773182842284081;
p192_g = ecp_pt(0x188da80eb03090f67cbf20eb43a18800f4ff0afd82ff1012,
                0x07192b95ffc8da78631011ed6b24cdd573f977a11e794811, p192);

/*----- That's all, folks -------------------------------------------------*/