X-Git-Url: https://git.saurik.com/apple/security.git/blobdiff_plain/80e2389990082500d76eb566d4946be3e786c3ef..d8f41ccd20de16f8ebe2ccc84d47bf1cb2b26bbb:/Security/libsecurity_cryptkit/lib/curveParams.h diff --git a/Security/libsecurity_cryptkit/lib/curveParams.h b/Security/libsecurity_cryptkit/lib/curveParams.h new file mode 100644 index 00000000..47a87756 --- /dev/null +++ b/Security/libsecurity_cryptkit/lib/curveParams.h @@ -0,0 +1,230 @@ +/* Copyright (c) 1998,2011-2012,2014 Apple Inc. All Rights Reserved. + * + * NOTICE: USE OF THE MATERIALS ACCOMPANYING THIS NOTICE IS SUBJECT + * TO THE TERMS OF THE SIGNED "FAST ELLIPTIC ENCRYPTION (FEE) REFERENCE + * SOURCE CODE EVALUATION AGREEMENT" BETWEEN APPLE, INC. AND THE + * ORIGINAL LICENSEE THAT OBTAINED THESE MATERIALS FROM APPLE, + * INC. ANY USE OF THESE MATERIALS NOT PERMITTED BY SUCH AGREEMENT WILL + * EXPOSE YOU TO LIABILITY. + *************************************************************************** + * + * curveParams.h - FEE curve parameter functions + * + * Revision History + * ---------------- + * 9 Sep 98 at NeXT + * Added y1Plus for IEEE P1363 compliance. + * 20 Jan 98 at Apple + * Added primeType, m, basePrimeRecip. + * 11 Jun 97 at Apple + * Added x1OrderPlusRecip and lesserX1OrderRecip + * Disabled CP_SET_GIANT_SIZE hack + * 9 Jan 1997 at NeXT + * Major mods for IEEE-style parameters. + * 7 Aug 1996 at NeXT + * Created. + */ + +#ifndef _CK_CURVEPARAMS_H_ +#define _CK_CURVEPARAMS_H_ + +#ifdef __cplusplus +extern "C" { +#endif + +#include "giantIntegers.h" +#include "feeTypes.h" + +/* + * Parameters defining a specific elliptic curve (and its initial points). + */ +typedef struct { + + /* + * Basic characteristic of prime field (PT_FEE, etc.) + */ + feePrimeType primeType; + + /* + * Basic curve type (CT_MONTGOMERY, etc.) + * Note that FCT_ANSI is stored here as FCT_Weierstrass. + */ + feeCurveType curveType; + + /* + * Parameters defining the base prime (2^q - k) for + * FPT_FEE and FPT_Mersenne. For FPT_General, q is the + * prime size in bits and k is 0. + */ + unsigned q; + int k; + + /* + * For all primeTypes, the field is defined as F(basePrime**m). + * This library can only deal with m == 1 for now. + */ + unsigned m; + + /* + * coefficients in the following equation: + * y^2 = x^3 + (c * x^2) + (a * x) + b + */ + giant a; + giant b; + giant c; + + /* + * Initial public point x-coordinates. + * x1Minus not used for ECDSA; X9.62 curves don't have this field. + */ + giant x1Plus; + giant x1Minus; + + /* + * Y coordinate of normalized projective initial public + * point for plus curve. I.e., Initial point = {x1Plus, p1Plus, 1}. + * Only valid for curveType == CT_WEIERSTRASS. This is calculated + * when a new curveParams is created. + */ + giant y1Plus; + + /* + * Curve orders. These are prime, or have large prime factors. + * cOrderMinus not used for ECDSA; X9.62 curves don't have this field. + */ + giant cOrderPlus; + giant cOrderMinus; + + /* + * Point orders (the large prime factors of the respective + * curve orders). + * x1OrderMinus not used for ECDSA; X9.62 curves don't have this field. + */ + giant x1OrderPlus; + giant x1OrderMinus; + + /* + * The base prime. For PT_GENERAL, this is a basic defining + * characteristic of a curve; otherwise, it is derived as 2**q - k. + */ + giant basePrime; + + /* + * The remaining fields are calculated and stored here as an + * optimization. + */ + + /* + * The minimum size of a giant, in bytes, to represent any point + * on this curve. This is generally used only when serializing + * giants of a known size. + */ + unsigned minBytes; + + /* + * The maximum size of a giant, in giantDigits, to be used with all + * FEE arithmetic for this curve. This is generally used to alloc + * giants. + */ + unsigned maxDigits; + + /* + * Reciprocals of lesserX1Order() and x1OrderPlus. Calculated + * lazily by clients in the case of creation of a curveParams + * struct from a byteRep representation. + */ + giant x1OrderPlusRecip; + giant lesserX1OrderRecip; + + /* + * Reciprocal of basePrime. Only used for PT_GENERAL. + */ + giant basePrimeRecip; +} curveParams; + +#if 0 +/* + * Values for primeType. + */ +#define PT_MERSENNE 0 /* basePrime = 2**q - 1 */ +#define PT_FEE 1 /* basePrime = 2**q - k, k is "small" */ +#define PT_GENERAL 2 /* other prime modulus */ + +/* + * Values for curveType. Note that Atkin3 (a=0) and Atkin4 (b=0) are + * subsets of CT_WEIERSTRASS. + */ +#define CT_MONTGOMERY 0 /* a=1, b=0 */ +#define CT_WEIERSTRASS 1 /* c=0 */ +#define CT_GENERAL 4 /* other */ +#endif /* 0 */ + +/* + * Obtain a malloc'd curveParams for a specified feeDepth. + */ +curveParams *curveParamsForDepth(feeDepth depth); + +/* + * Obtain a malloc'd and uninitialized curveParams, to be init'd by caller + * (when matching existing curve params). + */ +curveParams *newCurveParams(void); + +/* + * Alloc and zero reciprocal giants, when maxDigits is known. + */ +void allocRecipGiants(curveParams *cp); + +/* + * Alloc a new curveParams struct as a copy of specified instance. + */ +curveParams *curveParamsCopy(curveParams *cp); + +/* + * Free a curveParams struct. + */ +void freeCurveParams(curveParams *cp); + +/* + * Returns 1 if two sets of curve parameters are equivalent, else returns 0. + */ +int curveParamsEquivalent(curveParams *cp1, curveParams *cp2); + +/* + * Obtain the lesser of {x1OrderPlus, x1OrderMinus}. Returned value is not + * malloc'd; it's a pointer to one of the orders in *cp. + */ +giant lesserX1Order(curveParams *cp); + +/* + * Prime the curveParams and giants modules for quick allocs of giants. + */ +void curveParamsInitGiants(void); + +/* + * Infer run-time calculated fields from a partially constructed curveParams. + */ +void curveParamsInferFields(curveParams *cp); + +/* + * Given key size in bits, obtain the asssociated depth. + * Returns FR_IllegalDepth if specify key size not found + * in current curve tables. + */ +feeReturn feeKeyBitsToDepth(unsigned keyBits, + feePrimeType primeType, /* FPT_Fefault means "best one" */ + feeCurveType curveType, /* FCT_Default means "best one" */ + feeDepth *depth); + +/* + * Obtain depth for specified curveParams + */ +feeReturn curveParamsDepth( + curveParams *cp, + feeDepth *depth); + +#ifdef __cplusplus +} +#endif + +#endif /* _CK_CURVEPARAMS_H_ */