hare

[hare] The Hare programming language
git clone https://git.torresjrjr.com/hare.git
Log | Files | Refs | README | LICENSE

types.ha (2647B)

      1 // SPDX-License-Identifier: MPL-2.0
      2 // (c) Hare authors <https://harelang.org>
      3 
      4 use io;
      5 
      6 // Maxium coordinate size of the modules curves in bits.
      7 export def MAX_COORDBITSZ = 528z;
      8 
      9 // Maximum size of a point of the modules curves in bytes.
     10 export def MAX_POINTSZ = P521_POINTSZ;
     11 
     12 // Maximum size of a scalar of the modules curves in bytes.
     13 export def MAX_SCALARSZ = P521_SCALARSZ;
     14 
     15 // Interface for common operations over a specific curve.
     16 //
     17 // The encoding of points depends on the curve. For the NIST curves
     18 // ([[p256]], [[p384]] and [[p521]] the point is required to be
     19 // uncompressed with a leading byte of value 0x04. The coordinates must be of
     20 // length 'pointsz' / 2, left padded by 0x0.
     21 //
     22 // Scalar values must be provided in big-endian encoding. They MUST be non zero
     23 // and less than the order, otherwise result values will be indeterminate and
     24 // an error code is not guaranteed.
     25 export type curve = struct {
     26 	// Size in bytes of an encoded point.
     27 	pointsz: size,
     28 
     29 	// Returns the order of the subgroup generated by the conventional
     30 	// generator. Unsigned big-endian encoding is used.
     31 	order: *fn () const []u8, // XXX: change to const []u8, when possible
     32 
     33 	// Get the conventional generator as an encoded curve point.
     34 	generator: *fn () const []u8, // XXX: change to const []u8, when possible
     35 
     36 	// Multiply curve point 'p' by scalar 'x'. The result is stored in 'r'.
     37 	// Returns a value > 0 on success.
     38 	//
     39 	// Point 'p' must be a valid point on the curve subgroup. If this is
     40 	// not the case the function fails with 0 as result.
     41 	//
     42 	// On error the results in 'p' are indeterminate.
     43 	mul: *fn (p: []u8, x: []u8) u32,
     44 
     45 	// Multiply the generator by the scalar 'x' and write the result to 'r'.
     46 	//
     47 	// Returns the encoded point length in bytes.
     48 	mulgen: *fn (r: []u8, x: []u8) size,
     49 
     50 	// Multiply two curve points ('a' and 'b') by two integers ('x' and 'y')
     51 	// and stores the sum in 'a' ('a' = 'a' * 'x' + 'b' * 'y').
     52 	//
     53 	// If an empty slice is given as 'b', the curve generator is used
     54 	// instead of 'b'.
     55 	//
     56 	// Returns 0 in case of failure. Validates that the provided points are
     57 	// part of the relevant curve subgroup.
     58 	//
     59 	// Returns a value > 0 on success and 0 otherwise.
     60 	muladd: *fn (a: []u8, b: []u8, x: []u8, y: []u8) u32,
     61 
     62 	// Generate a private key from given random seed 'rand'. The function
     63 	// may read repeatedly from 'rand' until a suitable key is found.
     64 	//
     65 	// Returns the size of bytes read into 'priv' on success or
     66 	// [[io::error]], if reading from 'rand' failed.
     67 	keygen: *fn (c: *curve, priv: []u8, rand: io::handle) (size | io::error),
     68 };
     69 
     70 // Invalid curve parameter.
     71 export type invalid = !void;