magic for p521. except not entirely, because there will probably be an impl with permuted limbs

src/include/magic.h

@@ -86,5 +86,10 @@ extern const word_t SCALARMUL_FIXED_WINDOW_ADJUSTMENT[2*SCALAR_WORDS];
  */
 #define WNAF_PRECMP_BITS 5
 
+/**
+ * @brief crandom magic structure guard constant = "return 4", cf xkcd #221
+ */
+#define CRANDOM_MAGIC 0x72657475726e2034ull
+
 
 #endif /* __GOLDI_MAGIC_H__ */

src/p448/f_magic.h

@@ -27,9 +27,4 @@ static const int64_t EDWARDS_D = -39081;
 /** @brief The spacing the of combs for signed comb algo */
 #define COMB_S (USE_BIG_COMBS ? 18 : 14)
 
-/**
- * @brief crandom magic structure guard constant = "return 4", cf xkcd #221
- */
-#define CRANDOM_MAGIC 0x72657475726e2034ull
-
 #endif /* __GOLDI_F_MAGIC_H__ */

src/p480/f_magic.h

@@ -27,9 +27,4 @@ static const int64_t EDWARDS_D = 53825;
 /** @brief The spacing the of combs for signed comb algo */
 #define COMB_S (USE_BIG_COMBS ? 16 : 24)
 
-/**
- * @brief crandom magic structure guard constant = "return 4", cf xkcd #221
- */
-#define CRANDOM_MAGIC 0x72657475726e2034ull
-
 #endif /* __GOLDI_F_MAGIC_H__ */

src/p521/f_magic.h

@@ -0,0 +1,30 @@
+/**
+ * @file f_magic.h
+ * @copyright
+ *   Copyright (c) 2014 Cryptography Research, Inc.  \n
+ *   Released under the MIT License.  See LICENSE.txt for license information.
+ * @author Mike Hamburg
+ * @brief Goldilocks magic numbers (group orders, coefficients, algo params etc).
+ */
+
+#ifndef __GOLDI_F_MAGIC_H__
+#define __GOLDI_F_MAGIC_H__ 1
+
+#include "field.h"
+#include "ec_point.h"
+
+/**
+ * @brief The Edwards "d" term for this curve.
+ */
+static const int64_t EDWARDS_D = -376014;
+
+/** @brief The number of combs to use for signed comb algo */
+#define COMB_N (USE_BIG_COMBS ? 4  : 5)
+
+/** @brief The number of teeth of the combs for signed comb algo */
+#define COMB_T (USE_BIG_COMBS ? 5  : 4)
+
+/** @brief The spacing the of combs for signed comb algo */
+#define COMB_S (USE_BIG_COMBS ? 26 : 26)
+
+#endif /* __GOLDI_F_MAGIC_H__ */

src/p521/magic.c

@@ -0,0 +1,81 @@
+/* Copyright (c) 2014 Cryptography Research, Inc.
+ * Released under the MIT License.  See LICENSE.txt for license information.
+ */
+
+#include "field.h"
+#include "magic.h"
+#include "barrett_field.h"
+
+/* FUTURE: automatically generate this file? */
+
+const uint8_t FIELD_MODULUS[FIELD_BYTES] = {
+      0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+      0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+      0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+      0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+      0xFF, 0x01
+};
+
+const word_t SCALARMUL_FIXED_WINDOW_ADJUSTMENT[2*SCALAR_WORDS] = {
+    U64LE(0xbf15dbca0ae7f294),
+    U60LE(0x04273ba96570e0ba),
+    U60LE(0xc94750a1813ac0fb),
+    U60LE(0xea4939b8b9037a08),
+    U60LE(0x0000000000000002),
+    U60LE(0x0000000000000000),
+    U60LE(0x0000000000000000),
+    U60LE(0x0000000000000000),
+    0x80,
+        
+    U64LE(0x7e2bb79415cfe529),
+    U64LE(0x084e7752cae1c175),
+    U64LE(0x928ea143027581f6),
+    U64LE(0xd49273717206f411),
+    U64LE(0x0000000000000005),
+    U64LE(0x0000000000000000),
+    U64LE(0x0000000000000000),
+    U64LE(0x0000000000000000),
+    0x0
+};
+
+const struct affine_t goldilocks_base_point = {
+    {{
+        U58LE(0x02a940a2f19ba6c),
+        U58LE(0x03ec4cd920e2a8c),
+        U58LE(0x1d568fc99c6059d),
+        U58LE(0x3331c90d2c6ba52),
+        U58LE(0x0c6203913f6ecc5),
+        U58LE(0x1b2063b22fcf270),
+        U58LE(0x2878a3bfd9f42fc),
+        U58LE(0x06277e432c8a5ac),
+        U58LE(0x0752cb45c48648b)
+    }},
+    {{ 12 }}
+};
+
+static const word_t curve_prime_order_lo[(261+WORD_BITS-1)/WORD_BITS] = {
+    U64LE(0xbf15dbca0ae7f295),
+    U64LE(0x4273ba96570e0ba),
+    U64LE(0xc94750a1813ac0fb),
+    U64LE(0xea4939b8b9037a08),
+    2
+};
+const struct barrett_prime_t curve_prime_order = {
+    GOLDI_FIELD_WORDS,
+    7 % WORD_BITS,
+    sizeof(curve_prime_order_lo)/sizeof(curve_prime_order_lo[0]),
+    curve_prime_order_lo
+};
+
+const struct field_t
+sqrt_d_minus_1 = {{
+    U58LE(0x1e2be72c1c81990),
+    U58LE(0x1135002ad596c69),
+    U58LE(0x2ab3a257a22666d),
+    U58LE(0x207dfc238a33e46),
+    U58LE(0x0e30107cd79d1f6),
+    U58LE(0x2d80cc2936a1824),
+    U58LE(0x2264cfb418c4c30),
+    U58LE(0x0524b9e715937f5),
+    U58LE(0x0a9ea3ac10d6aed)
+}};