X-Git-Url: https://git.distorted.org.uk/u/mdw/catacomb/blobdiff_plain/e9926004f7caf25abbfb87ebd921a01e6bf865dc..c3caa2face1cda7002eb58245ad75865bf437455:/calc/ecp.cal

diff --git a/calc/ecp.cal b/calc/ecp.cal
index 04971aa..7c560c5 100644
--- a/calc/ecp.cal
+++ b/calc/ecp.cal
@@ -1,6 +1,6 @@
 /* -*-apcalc-*-
  *
- * $Id: ecp.cal,v 1.1 2000/10/08 16:01:37 mdw Exp $
+ * $Id: ecp.cal,v 1.2 2004/03/21 22:52:06 mdw Exp $
  *
  * Testbed for elliptic curve arithmetic over prime fields
  *
@@ -30,6 +30,15 @@
 /*----- Revision history --------------------------------------------------* 
  *
  * $Log: ecp.cal,v $
+ * Revision 1.2  2004/03/21 22:52:06  mdw
+ * Merge and close elliptic curve branch.
+ *
+ * Revision 1.1.4.2  2004/03/20 00:13:31  mdw
+ * Projective coordinates for prime curves
+ *
+ * Revision 1.1.4.1  2003/06/10 13:43:53  mdw
+ * Simple (non-projective) curves over prime fields now seem to work.
+ *
  * Revision 1.1  2000/10/08 16:01:37  mdw
  * Prototypes of various bits of code.
  *
@@ -39,6 +48,7 @@
 
 obj ecp_curve { a, b, p };
 obj ecp_pt { x, y, e };
+obj ecpp_pt { x, y, z, e };
 
 /*----- Main code ---------------------------------------------------------*/
 
@@ -60,6 +70,72 @@ define ecp_pt(x, y, e)
   return (p);
 }
 
+define ecpp_pt(p)
+{
+  local obj ecpp_pt pp;
+  if (istype(p, 1))
+    return (0);
+  pp.x = p.x;
+  pp.y = p.y;
+  pp.z = 1;
+  pp.e = p.e;
+  return (pp);
+}
+
+define ecpp_fix(pp)
+{
+  local obj ecp_pt p;
+  local e, zi, z2, z3;
+  if (istype(pp, 1) || pp.z == 0)
+    return (0);
+  e = pp.e;
+  zi = minv(pp.z, e.p);
+  z2 = zi * zi;
+  z3 = zi * z2;
+  p.x = pp.x * z2 % e.p;
+  p.y = pp.y * z3 % e.p;
+  p.e = e;
+  return (p);
+}
+
+define ecpp_dbl(a)
+{
+  local m, s, t, y2;
+  local e;
+  local obj ecpp_pt d;
+  if (istype(a, 1) || a.y == 0)
+    return (0);
+  e = a.e;
+  if (e.a % e.p == e.p - 3) {
+    m = a.z^3 % e.p;
+    m = 3 * (a.x + t4) * (a.x - t4) % e.p;
+  } else {
+    m = (3 * a.x^2 - e.a * a.z^4) % e.p;
+  }
+  d.z = 2 * a.y * a.z % e.p;
+  y2 = a.y^2 % e.p;
+  s = 4 * a.x * a.y % e.p;
+  d.x = (m^2 - 2 * s) % e.p;
+  d.y = (m * (s - d.x) - y * y2^2) % e.p;
+  d.e = e;
+  return (d);
+}
+
+define ecpp_add(a, b)
+{
+  if (a == 0)
+    d = b;
+  else if (b == 0)
+    d = a;
+  else if (!istype(a, b))
+    quit "bad type arguments to ecp_pt_add";
+  else if (a.e != b.e)
+    quit "points from different curves in ecp_pt_add";
+  else {
+    e = a.e;
+    
+}
+
 define ecp_pt_print(a)
 {
   print "(" : a.x : ", " : a.y : ")" :;
@@ -96,6 +172,20 @@ define ecp_pt_add(a, b)
   return (d);
 }
 
+define ecp_pt_dbl(a)
+{
+  local e, alpha;
+  local obj ecp_pt d;
+  if (istype(a, 1))
+    return (0);
+  e = a.e;
+  alpha = (3 * a.x^2 + e.a) * minv(2 * a.y, e.p) % e.p;
+  d.x = (alpha^2 - 2 * a.x) % e.p;
+  d.y = (-a.y + alpha * (a.x - d.x)) % e.p;
+  d.e = e;
+  return (d);
+}
+
 define ecp_pt_neg(a)
 {
   local obj ecp_pt d;
@@ -105,6 +195,15 @@ define ecp_pt_neg(a)
   return (d);
 }
 
+define ecp_pt_check(a)
+{
+  local e;
+
+  e = a.e;
+  if (a.y^2 % e.p != (a.x^3 + e.a * a.x + e.b) % e.p)
+    quit "bad curve point";
+}
+
 define ecp_pt_mul(a, b)
 {
   local p, n;
@@ -124,10 +223,18 @@ define ecp_pt_mul(a, b)
     if (n & 1)
       d += p;
     n >>= 1;
-    p += p;
+    p = ecp_pt_dbl(p);
   }
   return (d);
 }
 
+/*----- FIPS186-2 standard curves -----------------------------------------*/
+
+p192 = ecp_curve(-3, 0x64210519e59c80e70fa7e9ab72243049feb8deecc146b9b1,
+		 6277101735386680763835789423207666416083908700390324961279);
+p192_r = 6277101735386680763835789423176059013767194773182842284081;
+p192_g = ecp_pt(0x188da80eb03090f67cbf20eb43a18800f4ff0afd82ff1012,
+		0x07192b95ffc8da78631011ed6b24cdd573f977a11e794811, p192);
+
 /*----- That's all, folks -------------------------------------------------*/