github.com/shogo82148/std@v1.22.1-0.20240327122250-4e474527810c/crypto/internal/nistec/p256_asm.go

github.com/shogo82148/std@v1.22.1-0.20240327122250-4e474527810c/crypto/internal/nistec/p256_asm.go (about)

     1  // Copyright 2015 The Go Authors. All rights reserved.
     2  // Use of this source code is governed by a BSD-style
     3  // license that can be found in the LICENSE file.
     4  
     5  // This file contains the Go wrapper for the constant-time, 64-bit assembly
     6  // implementation of P256. The optimizations performed here are described in
     7  // detail in:
     8  // S.Gueron and V.Krasnov, "Fast prime field elliptic-curve cryptography with
     9  //                          256-bit primes"
    10  // https://link.springer.com/article/10.1007%2Fs13389-014-0090-x
    11  // https://eprint.iacr.org/2013/816.pdf
    12  
    13  //go:build (amd64 || arm64 || ppc64le || s390x) && !purego
    14  
    15  package nistec
    16  
    17  // P256Point is a P-256 point. The zero value should not be assumed to be valid
    18  // (although it is in this implementation).
    19  type P256Point struct {
    20  	// (X:Y:Z) are Jacobian coordinates where x = X/Z² and y = Y/Z³. The point
    21  	// at infinity can be represented by any set of coordinates with Z = 0.
    22  	x, y, z p256Element
    23  }
    24  
    25  // NewP256Point returns a new P256Point representing the point at infinity.
    26  func NewP256Point() *P256Point
    27  
    28  // SetGenerator sets p to the canonical generator and returns p.
    29  func (p *P256Point) SetGenerator() *P256Point
    30  
    31  // Set sets p = q and returns p.
    32  func (p *P256Point) Set(q *P256Point) *P256Point
    33  
    34  // SetBytes sets p to the compressed, uncompressed, or infinity value encoded in
    35  // b, as specified in SEC 1, Version 2.0, Section 2.3.4. If the point is not on
    36  // the curve, it returns nil and an error, and the receiver is unchanged.
    37  // Otherwise, it returns p.
    38  func (p *P256Point) SetBytes(b []byte) (*P256Point, error)
    39  
    40  // Add sets q = p1 + p2, and returns q. The points may overlap.
    41  func (q *P256Point) Add(r1, r2 *P256Point) *P256Point
    42  
    43  // Double sets q = p + p, and returns q. The points may overlap.
    44  func (q *P256Point) Double(p *P256Point) *P256Point
    45  
    46  // ScalarBaseMult sets r = scalar * generator, where scalar is a 32-byte big
    47  // endian value, and returns r. If scalar is not 32 bytes long, ScalarBaseMult
    48  // returns an error and the receiver is unchanged.
    49  func (r *P256Point) ScalarBaseMult(scalar []byte) (*P256Point, error)
    50  
    51  // ScalarMult sets r = scalar * q, where scalar is a 32-byte big endian value,
    52  // and returns r. If scalar is not 32 bytes long, ScalarBaseMult returns an
    53  // error and the receiver is unchanged.
    54  func (r *P256Point) ScalarMult(q *P256Point, scalar []byte) (*P256Point, error)
    55  
    56  // Bytes returns the uncompressed or infinity encoding of p, as specified in
    57  // SEC 1, Version 2.0, Section 2.3.3. Note that the encoding of the point at
    58  // infinity is shorter than all other encodings.
    59  func (p *P256Point) Bytes() []byte
    60  
    61  // BytesX returns the encoding of the x-coordinate of p, as specified in SEC 1,
    62  // Version 2.0, Section 2.3.5, or an error if p is the point at infinity.
    63  func (p *P256Point) BytesX() ([]byte, error)
    64  
    65  // BytesCompressed returns the compressed or infinity encoding of p, as
    66  // specified in SEC 1, Version 2.0, Section 2.3.3. Note that the encoding of the
    67  // point at infinity is shorter than all other encodings.
    68  func (p *P256Point) BytesCompressed() []byte
    69  
    70  // Select sets q to p1 if cond == 1, and to p2 if cond == 0.
    71  func (q *P256Point) Select(p1, p2 *P256Point, cond int) *P256Point