mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-26 00:05:36 +01:00
Update comments
This commit is contained in:
parent
d962273594
commit
7a949d3f5b
@ -108,10 +108,16 @@ ecp_point;
|
|||||||
/**
|
/**
|
||||||
* \brief ECP group structure
|
* \brief ECP group structure
|
||||||
*
|
*
|
||||||
* The curves we consider are defined by y^2 = x^3 + A x + B mod P,
|
* We consider two types of curves equations:
|
||||||
* and a generator for a large subgroup of order N is fixed.
|
* 1. Short Weierstrass y^2 = x^3 + A x + B mod P (SEC1 + RFC 4492)
|
||||||
|
* 2. Montgomery, y^2 = x^3 + A x^2 + x mod P (M255 + draft)
|
||||||
|
* In both cases, a generator G for a prime-order subgroup is fixed. In the
|
||||||
|
* short weierstrass, this subgroup is actually the whole curve, and its
|
||||||
|
* cardinal is denoted by N.
|
||||||
*
|
*
|
||||||
* pbits and nbits must be the size of P and N in bits.
|
* In the case of Montgomery curves, we don't store A but (A + 2) / 4 which is
|
||||||
|
* the quantity actualy used in the formulas. Also, nbits is not the size of N
|
||||||
|
* but the required size for private keys.
|
||||||
*
|
*
|
||||||
* If modp is NULL, reduction modulo P is done using a generic algorithm.
|
* If modp is NULL, reduction modulo P is done using a generic algorithm.
|
||||||
* Otherwise, it must point to a function that takes an mpi in the range
|
* Otherwise, it must point to a function that takes an mpi in the range
|
||||||
@ -124,18 +130,18 @@ typedef struct
|
|||||||
{
|
{
|
||||||
ecp_group_id id; /*!< internal group identifier */
|
ecp_group_id id; /*!< internal group identifier */
|
||||||
mpi P; /*!< prime modulus of the base field */
|
mpi P; /*!< prime modulus of the base field */
|
||||||
mpi A; /*!< linear term in the equation */
|
mpi A; /*!< 1. A in the equation, or 2. (A + 2) / 4 */
|
||||||
mpi B; /*!< constant term in the equation */
|
mpi B; /*!< 1. B in the equation, or 2. unused */
|
||||||
ecp_point G; /*!< generator of the subgroup used */
|
ecp_point G; /*!< generator of the (sub)group used */
|
||||||
mpi N; /*!< the order of G */
|
mpi N; /*!< 1. the order of G, or 2. unused */
|
||||||
size_t pbits; /*!< number of bits in P */
|
size_t pbits; /*!< number of bits in P */
|
||||||
size_t nbits; /*!< number of bits in N */
|
size_t nbits; /*!< number of bits in 1. P, or 2. private keys */
|
||||||
unsigned int h; /*!< cofactor (unused now: assume 1) */
|
unsigned int h; /*!< unused */
|
||||||
int (*modp)(mpi *); /*!< function for fast reduction mod P */
|
int (*modp)(mpi *); /*!< function for fast reduction mod P */
|
||||||
int (*t_pre)(ecp_point *, void *); /*!< currently unused */
|
int (*t_pre)(ecp_point *, void *); /*!< unused */
|
||||||
int (*t_post)(ecp_point *, void *); /*!< currently unused */
|
int (*t_post)(ecp_point *, void *); /*!< unused */
|
||||||
void *t_data; /*!< currently unused */
|
void *t_data; /*!< unused */
|
||||||
ecp_point *T; /*!< pre-computed points for ecp_mul() */
|
ecp_point *T; /*!< pre-computed points for ecp_mul_comb() */
|
||||||
size_t T_size; /*!< number for pre-computed points */
|
size_t T_size; /*!< number for pre-computed points */
|
||||||
}
|
}
|
||||||
ecp_group;
|
ecp_group;
|
||||||
|
@ -731,7 +731,7 @@ cleanup:
|
|||||||
* Theory", Algorithm 10.3.4.)
|
* Theory", Algorithm 10.3.4.)
|
||||||
*
|
*
|
||||||
* Warning: fails (returning an error) if one of the points is zero!
|
* Warning: fails (returning an error) if one of the points is zero!
|
||||||
* This should never happen, see choice of w in ecp_mul().
|
* This should never happen, see choice of w in ecp_mul_comb().
|
||||||
*
|
*
|
||||||
* Cost: 1N(t) := 1I + (6t - 3)M + 1S
|
* Cost: 1N(t) := 1I + (6t - 3)M + 1S
|
||||||
*/
|
*/
|
||||||
@ -896,7 +896,7 @@ cleanup:
|
|||||||
* but those of P don't need to. R is not normalized.
|
* but those of P don't need to. R is not normalized.
|
||||||
*
|
*
|
||||||
* Special cases: (1) P or Q is zero, (2) R is zero, (3) P == Q.
|
* Special cases: (1) P or Q is zero, (2) R is zero, (3) P == Q.
|
||||||
* None of these cases can happen as intermediate step in ecp_mul():
|
* None of these cases can happen as intermediate step in ecp_mul_comb():
|
||||||
* - at each step, P, Q and R are multiples of the base point, the factor
|
* - at each step, P, Q and R are multiples of the base point, the factor
|
||||||
* being less than its order, so none of them is zero;
|
* being less than its order, so none of them is zero;
|
||||||
* - Q is an odd multiple of the base point, P an even multiple,
|
* - Q is an odd multiple of the base point, P an even multiple,
|
||||||
@ -982,7 +982,6 @@ cleanup:
|
|||||||
|
|
||||||
/*
|
/*
|
||||||
* Addition: R = P + Q, result's coordinates normalized
|
* Addition: R = P + Q, result's coordinates normalized
|
||||||
* Cost: 1A + 1N = 1I + 11M + 4S
|
|
||||||
*/
|
*/
|
||||||
int ecp_add( const ecp_group *grp, ecp_point *R,
|
int ecp_add( const ecp_group *grp, ecp_point *R,
|
||||||
const ecp_point *P, const ecp_point *Q )
|
const ecp_point *P, const ecp_point *Q )
|
||||||
@ -1001,7 +1000,6 @@ cleanup:
|
|||||||
|
|
||||||
/*
|
/*
|
||||||
* Subtraction: R = P - Q, result's coordinates normalized
|
* Subtraction: R = P - Q, result's coordinates normalized
|
||||||
* Cost: 1A + 1N = 1I + 11M + 4S
|
|
||||||
*/
|
*/
|
||||||
int ecp_sub( const ecp_group *grp, ecp_point *R,
|
int ecp_sub( const ecp_group *grp, ecp_point *R,
|
||||||
const ecp_point *P, const ecp_point *Q )
|
const ecp_point *P, const ecp_point *Q )
|
||||||
|
Loading…
Reference in New Issue
Block a user