Skip to content

Commit 03c8e50

Browse files
committed
Add new elliptic curves
Define new elliptic curves: brainpoolP256r1, brainpoolP320r1, brainpoolP384r1, brainpoolP512r1, secp384r1 & secp521r1
1 parent b2a9db7 commit 03c8e50

File tree

13 files changed

+46887
-34
lines changed

13 files changed

+46887
-34
lines changed

include/ack/bigint.hpp

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2603,6 +2603,9 @@ namespace ack {
26032603
template<std::size_t MaxBitSize>
26042604
using fixed_bigint = bigint<fixed_word_buffer<bitsize_to_wordsize(MaxBitSize)>>;
26052605

2606+
template<std::size_t MaxBitSize>
2607+
using bignum = bigint<word_buffer<bitsize_to_wordsize(MaxBitSize)>>;
2608+
26062609
template <typename>
26072610
struct is_bigint : std::false_type {};
26082611

include/ack/buffer.hpp

Lines changed: 126 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -3,6 +3,8 @@
33
#pragma once
44
#include <array>
55
#include <cstdint>
6+
#include <limits>
7+
#include <memory>
68
#include <type_traits>
79

810
#include <ack/types.hpp>
@@ -131,6 +133,130 @@ namespace ack {
131133
std::size_t size_ = 0;
132134
};
133135

136+
/**
137+
* Flexible buffer which can be constructed at compile time to the size of N.
138+
* @warning if buffer is resized over the size of stack allocated memory (N)
139+
* data is re-allocated on the heap, and this data is never released
140+
* due to constexpr constrains which prohibits defining custom destructor.
141+
* The flexbuffer should be used only in short lived environments like WASM.
142+
*/
143+
template<typename T, std::size_t N>
144+
class flexbuffer final: public buffer_base<flexbuffer<T, N>, T> {
145+
public:
146+
using value_type = T;
147+
148+
constexpr flexbuffer() = default;
149+
constexpr flexbuffer(const flexbuffer& rhs) = default;
150+
constexpr flexbuffer(flexbuffer&& rhs) = default;
151+
constexpr flexbuffer& operator=(const flexbuffer& rhs) = default;
152+
constexpr flexbuffer& operator=(flexbuffer&& rhs) = default;
153+
154+
// ~flex_buffer() // destructor deleted otherwise flex_buffer can't be constructed at compile time
155+
// {
156+
// if ( std::is_constant_evaluated() ) {
157+
// if ( ddata_ ) {
158+
// delete[] ddata_;
159+
// }
160+
// }
161+
// }
162+
163+
constexpr bool resize(size_t n)
164+
{
165+
if ( std::is_constant_evaluated() ) {
166+
if ( n > sdata_.size() ) {
167+
return false;
168+
}
169+
}
170+
else {
171+
if ( n > N && n > dsize ) {
172+
173+
bool scpy = ( ddata_ == nullptr );
174+
T* pold = ddata_;
175+
176+
dsize += std::max( N, n );
177+
ddata_ = new T[dsize];
178+
179+
if ( scpy ) {
180+
memcpy( ddata_, sdata_.data(), N * sizeof( T ));
181+
}
182+
else{
183+
memcpy( ddata_, pold, (dsize - std::max( N, n )) * sizeof( T ));
184+
delete[] pold;
185+
pold = nullptr;
186+
}
187+
}
188+
}
189+
190+
size_ = n;
191+
return true;
192+
}
193+
194+
constexpr void clear()
195+
{
196+
size_ = 0;
197+
}
198+
199+
constexpr T* data()
200+
{
201+
return ddata_ ? ddata_ : sdata_.data();
202+
}
203+
204+
constexpr const T* data() const
205+
{
206+
return ddata_? ddata_ : sdata_.data();
207+
}
208+
209+
constexpr std::size_t size() const
210+
{
211+
return size_;
212+
}
213+
214+
constexpr std::size_t max_size() const
215+
{
216+
return N + std::numeric_limits<std::ptrdiff_t>::max();//ddata_.max_size();
217+
}
218+
219+
constexpr void swap(flexbuffer& rhs)
220+
{
221+
std::swap( sdata_, rhs.sdata_ );
222+
if ( !std::is_constant_evaluated() ) {
223+
std::swap( dsize, rhs.dsize );
224+
std::swap( ddata_, rhs.ddata_ );
225+
}
226+
std::swap( size_, rhs.size_ );
227+
}
228+
229+
constexpr const T& operator[](size_t n) const
230+
{
231+
check( n < size_, "flexbuffer::operator[]: overflow" );
232+
if ( std::is_constant_evaluated() ) {
233+
return sdata_[n];
234+
}
235+
else {
236+
return ddata_ ? ddata_[n] : sdata_[n];
237+
}
238+
}
239+
240+
constexpr T& operator[](size_t n)
241+
{
242+
check( n < size_, "flexbuffer::operator[]: overflow" );
243+
if ( std::is_constant_evaluated() ) {
244+
return sdata_[n];
245+
}
246+
else {
247+
return ddata_ ? ddata_[n] : sdata_[n];
248+
}
249+
}
250+
251+
private:
252+
std::array<T, N> sdata_ = {};
253+
T* ddata_ = nullptr; // replace with std::vector<T> when C++20 constexpr ctor is supported
254+
std::size_t size_ = 0;
255+
std::size_t dsize = 0;
256+
};
134257
template<std::size_t N>
135258
using fixed_word_buffer = fixed_buffer<word_t, N>;
259+
260+
template<std::size_t N>
261+
using word_buffer = flexbuffer<word_t, N>;
136262
}

include/ack/ec_curve.hpp

Lines changed: 147 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -3,28 +3,118 @@
33
#pragma once
44
#include <ack/ec.hpp>
55
#include <ack/bigint.hpp>
6+
#include <type_traits>
7+
8+
namespace ack::detail {
9+
#if defined(__EMSCRIPTEN__) || defined(__wasm__) || defined(__wasm32__) || defined(__wasm64__)
10+
inline static constexpr bool __wasm_env = true;
11+
#else
12+
inline static constexpr bool __wasm_env = false;
13+
#endif
14+
}
615

716
/**
817
* Macro defines invariant object for elliptic curve over prime field of type ec_curve_fp.
918
* The invariant is constructed at compile time.
10-
* The name of the invariant is the same as the name of the curve.
11-
* Defined invariant uses ec_fixed_bigint as underlying big number type.
19+
* The name of the invariant elliptic curve is the same as the name of the curve.
20+
* Defined curve uses ec_fixed_bigint as underlying big number type.
1221
*
13-
* @param name - Name of the variable. Same name is used to create curve tag struct.
22+
* @param name - Name of the variable. Same name is used to create curve tag struct.
1423
* @param bitsize - Size of the prime field in bits
1524
*/
1625
#define ACK_EC_CURVE_FP( name, bitsize, p, a, b, gx, gy, n, h) \
17-
namespace detail { struct name##_tag {}; } \
18-
static constexpr auto name = ec_curve_fp<ack::ec_fixed_bigint<bitsize>, detail::name##_tag> ( \
19-
/*p =*/ p, \
20-
/*a =*/ a, \
21-
/*b =*/ b, \
22-
/*g =*/ { gx, gy }, \
23-
/*n =*/ n, \
24-
/*h =*/ h \
26+
namespace detail { struct name##_tag {}; } \
27+
static constexpr auto name = ack::ec_curve_fp<\
28+
std::conditional_t< ( ack::detail::__wasm_env && bitsize >= 512 ), ack::bignum<bitsize>, ack::ec_fixed_bigint<bitsize>> \
29+
, detail::name##_tag> ( \
30+
/*p =*/ p, \
31+
/*a =*/ a, \
32+
/*b =*/ b, \
33+
/*g =*/ { gx, gy }, \
34+
/*n =*/ n, \
35+
/*h =*/ h \
2536
);
2637

2738
namespace ack::ec_curve {
39+
/**
40+
* Invariant object representing the brainpoolP256r1 elliptic curve.
41+
* The invariant is constructed at compile time.
42+
* The name of the invariant is the same as the name of the curve.
43+
*
44+
* Domain parameters were taken from RFC 5639: Elliptic Curve Cryptography (ECC) Brainpool Standard Curves and Curve Generation.
45+
* https://datatracker.ietf.org/doc/html/rfc5639#section-3.4
46+
*/
47+
ACK_EC_CURVE_FP(
48+
brainpoolP256r1,
49+
/*size =*/ 256,
50+
/*p =*/ "a9fb57dba1eea9bc3e660a909d838d726e3bf623d52620282013481d1f6e5377",
51+
/*a =*/ "7d5a0975fc2c3057eef67530417affe7fb8055c126dc5c6ce94a4b44f330b5d9",
52+
/*b =*/ "26dc5c6ce94a4b44f330b5d9bbd77cbf958416295cf7e1ce6bccdc18ff8c07b6",
53+
/*G.x =*/ "8bd2aeb9cb7e57cb2c4b482ffc81b7afb9de27e1e3bd23c23a4453bd9ace3262",
54+
/*G.y =*/ "547ef835c3dac4fd97f8461a14611dc9c27745132ded8e545c1d54c72f046997",
55+
/*n =*/ "a9fb57dba1eea9bc3e660a909d838d718c397aa3b561a6f7901e0e82974856a7",
56+
/*h =*/ 1
57+
)
58+
59+
/**
60+
* Invariant object representing the brainpoolP320r1 elliptic curve.
61+
* The invariant is constructed at compile time.
62+
* The name of the invariant is the same as the name of the curve.
63+
*
64+
* Domain parameters were taken from RFC 5639: Elliptic Curve Cryptography (ECC) Brainpool Standard Curves and Curve Generation.
65+
* https://datatracker.ietf.org/doc/html/rfc5639#section-3.4
66+
*/
67+
ACK_EC_CURVE_FP(
68+
brainpoolP320r1,
69+
/*size =*/ 320,
70+
/*p =*/ "d35e472036bc4fb7e13c785ed201e065f98fcfa6f6f40def4f92b9ec7893ec28fcd412b1f1b32e27",
71+
/*a =*/ "3ee30b568fbab0f883ccebd46d3f3bb8a2a73513f5eb79da66190eb085ffa9f492f375a97d860eb4",
72+
/*b =*/ "520883949dfdbc42d3ad198640688a6fe13f41349554b49acc31dccd884539816f5eb4ac8fb1f1a6",
73+
/*G.x =*/ "43bd7e9afb53d8b85289bcc48ee5bfe6f20137d10a087eb6e7871e2a10a599c710af8d0d39e20611",
74+
/*G.y =*/ "14fdd05545ec1cc8ab4093247f77275e0743ffed117182eaa9c77877aaac6ac7d35245d1692e8ee1",
75+
/*n =*/ "d35e472036bc4fb7e13c785ed201e065f98fcfa5b68f12a32d482ec7ee8658e98691555b44c59311",
76+
/*h =*/ 1
77+
)
78+
79+
/**
80+
* Invariant object representing the brainpoolP384r1 elliptic curve.
81+
* The invariant is constructed at compile time.
82+
* The name of the invariant is the same as the name of the curve.
83+
*
84+
* Domain parameters were taken from RFC 5639: Elliptic Curve Cryptography (ECC) Brainpool Standard Curves and Curve Generation.
85+
* https://datatracker.ietf.org/doc/html/rfc5639#section-3.4
86+
*/
87+
ACK_EC_CURVE_FP(
88+
brainpoolP384r1,
89+
/*size =*/ 384,
90+
/*p =*/ "8cb91e82a3386d280f5d6f7e50e641df152f7109ed5456b412b1da197fb71123acd3a729901d1a71874700133107ec53",
91+
/*a =*/ "7bc382c63d8c150c3c72080ace05afa0c2bea28e4fb22787139165efba91f90f8aa5814a503ad4eb04a8c7dd22ce2826",
92+
/*b =*/ "04a8c7dd22ce28268b39b55416f0447c2fb77de107dcd2a62e880ea53eeb62d57cb4390295dbc9943ab78696fa504c11",
93+
/*G.x =*/ "1d1c64f068cf45ffa2a63a81b7c13f6b8847a3e77ef14fe3db7fcafe0cbd10e8e826e03436d646aaef87b2e247d4af1e",
94+
/*G.y =*/ "8abe1d7520f9c2a45cb1eb8e95cfd55262b70b29feec5864e19c054ff99129280e4646217791811142820341263c5315",
95+
/*n =*/ "8cb91e82a3386d280f5d6f7e50e641df152f7109ed5456b31f166e6cac0425a7cf3ab6af6b7fc3103b883202e9046565",
96+
/*h =*/ 1
97+
)
98+
99+
/**
100+
* Invariant object representing the brainpoolP521r1 elliptic curve.
101+
* The invariant is constructed at compile time.
102+
* The name of the invariant is the same as the name of the curve.
103+
*
104+
* Domain parameters were taken from RFC 5639: Elliptic Curve Cryptography (ECC) Brainpool Standard Curves and Curve Generation.
105+
* https://datatracker.ietf.org/doc/html/rfc5639#section-3.4
106+
*/
107+
ACK_EC_CURVE_FP(
108+
brainpoolP512r1,
109+
/*size =*/ 512,
110+
/*p =*/ "aadd9db8dbe9c48b3fd4e6ae33c9fc07cb308db3b3c9d20ed6639cca703308717d4d9b009bc66842aecda12ae6a380e62881ff2f2d82c68528aa6056583a48f3",
111+
/*a =*/ "7830a3318b603b89e2327145ac234cc594cbdd8d3df91610a83441caea9863bc2ded5d5aa8253aa10a2ef1c98b9ac8b57f1117a72bf2c7b9e7c1ac4d77fc94ca",
112+
/*b =*/ "3df91610a83441caea9863bc2ded5d5aa8253aa10a2ef1c98b9ac8b57f1117a72bf2c7b9e7c1ac4d77fc94cadc083e67984050b75ebae5dd2809bd638016f723",
113+
/*G.x =*/ "81aee4bdd82ed9645a21322e9c4c6a9385ed9f70b5d916c1b43b62eef4d0098eff3b1f78e2d0d48d50d1687b93b97d5f7c6d5047406a5e688b352209bcb9f822",
114+
/*G.y =*/ "7dde385d566332ecc0eabfa9cf7822fdf209f70024a57b1aa000c55b881f8111b2dcde494a5f485e5bca4bd88a2763aed1ca2b2fa8f0540678cd1e0f3ad80892",
115+
/*n =*/ "aadd9db8dbe9c48b3fd4e6ae33c9fc07cb308db3b3c9d20ed6639cca70330870553e5c414ca92619418661197fac10471db1d381085ddaddb58796829ca90069",
116+
/*h =*/ 1
117+
)
28118

29119
/**
30120
* Invariant object representing the secp256k1 elliptic curve.
@@ -68,4 +158,50 @@ namespace ack::ec_curve {
68158
/*n =*/ "ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551",
69159
/*h =*/ 1
70160
)
161+
162+
/**
163+
* Invariant object representing the secp384r1 elliptic curve, also known as NIST P-384.
164+
* The invariant is constructed at compile time.
165+
* The name of the invariant is the same as the name of the curve.
166+
*
167+
* Domain parameters were taken from SECG SEC 2: Recommended Elliptic Curve Domain Parameters.
168+
* https://www.secg.org/sec2-v2.pdf
169+
*
170+
* And cross-checked with NIST FIPS SP 800-186: Recommendations for Discrete Logarithm-based Cryptography: Elliptic Curve Domain Parameters
171+
* https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-186.pdf
172+
*/
173+
ACK_EC_CURVE_FP(
174+
secp384r1,
175+
/*size =*/ 384,
176+
/*p =*/ "fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffff0000000000000000ffffffff",
177+
/*a =*/ "fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffff0000000000000000fffffffc",
178+
/*b =*/ "b3312fa7e23ee7e4988e056be3f82d19181d9c6efe8141120314088f5013875ac656398d8a2ed19d2a85c8edd3ec2aef",
179+
/*G.x =*/ "aa87ca22be8b05378eb1c71ef320ad746e1d3b628ba79b9859f741e082542a385502f25dbf55296c3a545e3872760ab7",
180+
/*G.y =*/ "3617de4a96262c6f5d9e98bf9292dc29f8f41dbd289a147ce9da3113b5f0b8c00a60b1ce1d7e819d7a431d7c90ea0e5f",
181+
/*n =*/ "ffffffffffffffffffffffffffffffffffffffffffffffffc7634d81f4372ddf581a0db248b0a77aecec196accc52973",
182+
/*h =*/ 1
183+
)
184+
185+
/**
186+
* Invariant object representing the secp521r1 elliptic curve, also known as NIST P-521.
187+
* The invariant is constructed at compile time.
188+
* The name of the invariant is the same as the name of the curve.
189+
*
190+
* Domain parameters were taken from SECG SEC 2: Recommended Elliptic Curve Domain Parameters.
191+
* https://www.secg.org/sec2-v2.pdf
192+
*
193+
* And cross-checked with NIST FIPS SP 800-186: Recommendations for Discrete Logarithm-based Cryptography: Elliptic Curve Domain Parameters
194+
* https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-186.pdf
195+
*/
196+
ACK_EC_CURVE_FP(
197+
secp521r1,
198+
/*size =*/ 521,
199+
/*p =*/ "01ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff",
200+
/*a =*/ "01fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffc",
201+
/*b =*/ "0051953eb9618e1c9a1f929a21a0b68540eea2da725b99b315f3b8b489918ef109e156193951ec7e937b1652c0bd3bb1bf073573df883d2c34f1ef451fd46b503f00",
202+
/*G.x =*/ "00c6858e06b70404e9cd9e3ecb662395b4429c648139053fb521f828af606b4d3dbaa14b5e77efe75928fe1dc127a2ffa8de3348b3c1856a429bf97e7e31c2e5bd66",
203+
/*G.y =*/ "011839296a789a3bc0045c8a5fb42c7d1bd998f54449579b446817afbd17273e662c97ee72995ef42640c550b9013fad0761353c7086a272c24088be94769fd16650",
204+
/*n =*/ "01fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffa51868783bf2f966b7fcc0148f709a5d03bb5c9b8899c47aebb6fb71e91386409",
205+
/*h =*/ 1
206+
)
71207
}

0 commit comments

Comments
 (0)