mirror of
https://github.com/emmansun/gmsm.git
synced 2025-04-25 19:56:18 +08:00
128 lines
2.6 KiB
Go
128 lines
2.6 KiB
Go
//go:build purego || !(amd64 || arm64)
|
|
|
|
package sm2ec
|
|
|
|
import (
|
|
"errors"
|
|
|
|
"github.com/emmansun/gmsm/internal/sm2ec/fiat"
|
|
)
|
|
|
|
// P256OrdInverse, sets out to in⁻¹ mod org(G). If in is zero, out will be zero.
|
|
// n-2 =
|
|
// 1111111111111111111111111111111011111111111111111111111111111111
|
|
// 1111111111111111111111111111111111111111111111111111111111111111
|
|
// 0111001000000011110111110110101100100001110001100000010100101011
|
|
// 0101001110111011111101000000100100111001110101010100000100100001
|
|
//
|
|
func P256OrdInverse(k []byte) ([]byte, error) {
|
|
if len(k) != 32 {
|
|
return nil, errors.New("invalid scalar length")
|
|
}
|
|
x := new(fiat.SM2P256OrderElement)
|
|
_1 := new(fiat.SM2P256OrderElement)
|
|
_, err := _1.SetBytes(k)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
_11 := new(fiat.SM2P256OrderElement)
|
|
_101 := new(fiat.SM2P256OrderElement)
|
|
_111 := new(fiat.SM2P256OrderElement)
|
|
_1111 := new(fiat.SM2P256OrderElement)
|
|
_10101 := new(fiat.SM2P256OrderElement)
|
|
_101111 := new(fiat.SM2P256OrderElement)
|
|
t := new(fiat.SM2P256OrderElement)
|
|
m := new(fiat.SM2P256OrderElement)
|
|
|
|
m.Square(_1)
|
|
_11.Mul(m, _1)
|
|
_101.Mul(m, _11)
|
|
_111.Mul(m, _101)
|
|
x.Square(_101)
|
|
_1111.Mul(_101, x)
|
|
|
|
t.Square(x)
|
|
_10101.Mul(t, _1)
|
|
x.Square(_10101)
|
|
_101111.Mul(x, _101)
|
|
x.Mul(_10101, x)
|
|
t.Square(x)
|
|
t.Square(t)
|
|
|
|
m.Mul(t, m)
|
|
t.Mul(t, _11)
|
|
x.Square(t)
|
|
for i := 1; i < 8; i++ {
|
|
x.Square(x)
|
|
}
|
|
m.Mul(x, m)
|
|
x.Mul(x, t)
|
|
|
|
t.Square(x)
|
|
for i := 1; i < 16; i++ {
|
|
t.Square(t)
|
|
}
|
|
m.Mul(t, m)
|
|
t.Mul(t, x)
|
|
|
|
x.Square(m)
|
|
for i := 1; i < 32; i++ {
|
|
x.Square(x)
|
|
}
|
|
x.Mul(x, t)
|
|
for i := 0; i < 32; i++ {
|
|
x.Square(x)
|
|
}
|
|
x.Mul(x, t)
|
|
for i := 0; i < 32; i++ {
|
|
x.Square(x)
|
|
}
|
|
x.Mul(x, t)
|
|
|
|
sqrs := []uint8{
|
|
4, 3, 11, 5, 3, 5, 1,
|
|
3, 7, 5, 9, 7, 5, 5,
|
|
4, 5, 2, 2, 7, 3, 5,
|
|
5, 6, 2, 6, 3, 5,
|
|
}
|
|
muls := []*fiat.SM2P256OrderElement{
|
|
_111, _1, _1111, _1111, _101, _10101, _1,
|
|
_1, _111, _11, _101, _10101, _10101, _111,
|
|
_111, _1111, _11, _1, _1, _1, _111,
|
|
_111, _10101, _1, _1, _1, _1}
|
|
|
|
for i, s := range sqrs {
|
|
for j := 0; j < int(s); j++ {
|
|
x.Square(x)
|
|
}
|
|
x.Mul(x, muls[i])
|
|
}
|
|
|
|
return x.Bytes(), nil
|
|
|
|
}
|
|
|
|
// P256OrdMul multiplication modulo org(G).
|
|
func P256OrdMul(in1, in2 []byte) ([]byte, error) {
|
|
if len(in1) != 32 || len(in2) != 32 {
|
|
return nil, errors.New("invalid scalar length")
|
|
}
|
|
ax := new(fiat.SM2P256OrderElement)
|
|
ay := new(fiat.SM2P256OrderElement)
|
|
res := new(fiat.SM2P256OrderElement)
|
|
|
|
_, err := ax.SetBytes(in1)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
_, err = ay.SetBytes(in2)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
res = res.Mul(ax, ay)
|
|
return res.Bytes(), nil
|
|
}
|