//------------------------------------------------------------------------------
//
// ecdsa_fpga_curve.h
// ----------------------------------------------
// Elliptic curve arithmetic procedures for ECDSA
//
// Authors: Pavel Shatov
//
// Copyright 2015-2016, 2018 NORDUnet A/S
// Copyright 2021 The Commons Conservancy Cryptech Project
// SPDX-License-Identifier: BSD-3-Clause
//
// Redistribution and use in source and binary forms, with or without
// modification, are permitted provided that the following conditions are met:
//
// - Redistributions of source code must retain the above copyright notice,
// this list of conditions and the following disclaimer.
//
// - Redistributions in binary form must reproduce the above copyright notice,
// this list of conditions and the following disclaimer in the documentation
// and/or other materials provided with the distribution.
//
// - Neither the name of the copyright holder nor the names of its
// contributors may be used to endorse or promote products derived from
// this software without specific prior written permission.
//
// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
// ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
// LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
// CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
// SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
// CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
// POSSIBILITY OF SUCH DAMAGE.
//
//------------------------------------------------------------------------------
//------------------------------------------------------------------------------
// ECDSA Parameters (P-256)
//------------------------------------------------------------------------------
/* Base Point */
#define ECDSA_P256_GX_INIT \
{0x6b17d1f2, 0xe12c4247, 0xf8bce6e5, 0x63a440f2, \
0x77037d81, 0x2deb33a0, 0xf4a13945, 0xd898c296}
#define ECDSA_P256_GY_INIT \
{0x4fe342e2, 0xfe1a7f9b, 0x8ee7eb4a, 0x7c0f9e16, \
0x2bce3357, 0x6b315ece, 0xcbb64068, 0x37bf51f5}
/* Doubled Base Point */
#define ECDSA_P256_HX_INIT \
{0x7cf27b18, 0x8d034f7e, 0x8a523803, 0x04b51ac3, \
0xc08969e2, 0x77f21b35, 0xa60b48fc, 0x47669978}
#define ECDSA_P256_HY_INIT \
{0x07775510, 0xdb8ed040, 0x293d9ac6, 0x9f7430db, \
0xba7dade6, 0x3ce98229, 0x9e04b79d, 0x227873d1}
/* Order of the Base Point */
#define ECDSA_P256_N_INIT \
{0xffffffff, 0x00000000, 0xffffffff, 0xffffffff, \
0xbce6faad, 0xa7179e84, 0xf3b9cac2, 0xfc632551}
//------------------------------------------------------------------------------
// ECDSA Parameters (P-384)
//------------------------------------------------------------------------------
/* Base Point */
#define ECDSA_P384_GX_INIT \
{0xaa87ca22, 0xbe8b0537, 0x8eb1c71e, 0xf320ad74, \
0x6e1d3b62, 0x8ba79b98, 0x59f741e0, 0x82542a38, \
0x5502f25d, 0xbf55296c, 0x3a545e38, 0x72760ab7}
#define ECDSA_P384_GY_INIT \
{0x3617de4a, 0x96262c6f, 0x5d9e98bf, 0x9292dc29, \
0xf8f41dbd, 0x289a147c, 0xe9da3113, 0xb5f0b8c0, \
0x0a60b1ce, 0x1d7e819d, 0x7a431d7c, 0x90ea0e5f}
/* Doubled Base Point */
#define ECDSA_P384_HX_INIT \
{0x08d99905, 0x7ba3d2d9, 0x69260045, 0xc55b97f0, \
0x89025959, 0xa6f434d6, 0x51d207d1, 0x9fb96e9e, \
0x4fe0e86e, 0xbe0e64f8, 0x5b96a9c7, 0x5295df61}
#define ECDSA_P384_HY_INIT \
{0x8e80f1fa, 0x5b1b3ced, 0xb7bfe8df, 0xfd6dba74, \
0xb275d875, 0xbc6cc43e, 0x904e505f, 0x256ab425, \
0x5ffd43e9, 0x4d39e22d, 0x61501e70, 0x0a940e80}
/* Order of the Base Point */
#define ECDSA_P384_N_INIT \
{0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff, \
0xffffffff, 0xffffffff, 0xc7634d81, 0xf4372ddf, \
0x581a0db2, 0x48b0a77a, 0xecec196a, 0xccc52973}
//------------------------------------------------------------------------------
// ECDSA Parameters Switch
//------------------------------------------------------------------------------
#if USE_CURVE == 1
#define ECDSA_GX_INIT ECDSA_P256_GX_INIT
#define ECDSA_GY_INIT ECDSA_P256_GY_INIT
#define ECDSA_HX_INIT ECDSA_P256_HX_INIT
#define ECDSA_HY_INIT ECDSA_P256_HY_INIT
#define ECDSA_N_INIT ECDSA_P256_N_INIT
#elif USE_CURVE == 2
#define ECDSA_GX_INIT ECDSA_P384_GX_INIT
#define ECDSA_GY_INIT ECDSA_P384_GY_INIT
#define ECDSA_HX_INIT ECDSA_P384_HX_INIT
#define ECDSA_HY_INIT ECDSA_P384_HY_INIT
#define ECDSA_N_INIT ECDSA_P384_N_INIT
#else
BAD_CURVE
#endif
//------------------------------------------------------------------------------
// Globals
//------------------------------------------------------------------------------
extern FPGA_BUFFER ECDSA_GX, ECDSA_GY;
extern FPGA_BUFFER ECDSA_HX, ECDSA_HY;
extern FPGA_BUFFER ECDSA_N;
//------------------------------------------------------------------------------
// Switch
//------------------------------------------------------------------------------
#ifdef USE_MICROCODE
#define fpga_curve_base_scalar_multiply fpga_curve_base_scalar_multiply_microcode
#define fpga_curve_add_jacobian_2_shim fpga_curve_add_jacobian_microcode_2_wrapper
#define fpga_curve_double_jacobian_shim fpga_curve_double_jacobian_microcode_wrapper
void fpga_curve_double_jacobian_microcode_wrapper (const FPGA_BUFFER *px,
const FPGA_BUFFER *py,
const FPGA_BUFFER *pz,
FPGA_BUFFER *rx,
FPGA_BUFFER *ry,
FPGA_BUFFER *rz);
void fpga_curve_add_jacobian_microcode_2_wrapper(const FPGA_BUFFER *px,
const FPGA_BUFFER *py,
const FPGA_BUFFER *pz,
const FPGA_BUFFER *qx,
const FPGA_BUFFER *qy,
const FPGA_BUFFER *qz,
FPGA_BUFFER *rx,
FPGA_BUFFER *ry,
FPGA_BUFFER *rz);
#else
#define fpga_curve_base_scalar_multiply fpga_curve_base_scalar_multiply_abstract
#define fpga_curve_add_jacobian_2_shim fpga_curve_add_jacobian_abstract_2
#define fpga_curve_double_jacobian_shim fpga_curve_double_jacobian_abstract
#endif
//------------------------------------------------------------------------------
// Prototypes
//------------------------------------------------------------------------------
void fpga_curve_init ();
void fpga_curve_base_scalar_multiply_abstract (const FPGA_BUFFER *k,
FPGA_BUFFER *qx,
FPGA_BUFFER *qy);
void fpga_curve_base_scalar_multiply_microcode (const FPGA_BUFFER *k,
FPGA_BUFFER *qx,
FPGA_BUFFER *qy);
void fpga_curve_add_jacobian_abstract_2 (const FPGA_BUFFER *px,
const FPGA_BUFFER *py,
const FPGA_BUFFER *pz,
const FPGA_BUFFER *qx,
const FPGA_BUFFER *qy,
const FPGA_BUFFER *qz,
FPGA_BUFFER *rx,
FPGA_BUFFER *ry,
FPGA_BUFFER *rz);
void fpga_curve_double_jacobian_abstract (const FPGA_BUFFER *px,
const FPGA_BUFFER *py,
const FPGA_BUFFER *pz,
FPGA_BUFFER *rx,
FPGA_BUFFER *ry,
FPGA_BUFFER *rz);
void fpga_curve_add_jacobian_microcode_2 ();
void fpga_curve_double_jacobian_microcode_r0 ();
void fpga_curve_double_jacobian_microcode_r1 ();
//------------------------------------------------------------------------------
// End-of-File
//------------------------------------------------------------------------------
