[crypto] Allow for an explicit representation of point at infinity

ECDSA requires the ability to add two arbitrary curve points, either
of which may legitimately be the point at infinity.

Update the API so that curves must choose an explicit affine
representation for the point at infinity, and provide a method to test
for this representation.  Multiplication and addition will now allow
this representation to be provided as an input, and will not fail if
the result is the point at infinity.  Callers must explicitly check
for the point at infinity where needed (e.g. after computing the ECDHE
shared secret curve point).

Signed-off-by: Michael Brown <mcb30@ipxe.org>

src/include/ipxe/crypto.h

@@ -185,6 +185,16 @@ struct elliptic_curve {
 	const void *base;
 	/** Order of the generator (if prime) */
 	const void *order;
+	/** Check if this is the point at infinity
+	 *
+	 * @v point		Curve point
+	 * @ret is_infinity	This is the point at infinity
+	 *
+	 * The point at infinity cannot be represented in affine
+	 * coordinates.  Each curve must choose a representation of
+	 * the point at infinity (e.g. all zeroes).
+	 */
+	int ( * is_infinity ) ( const void *point );
 	/** Multiply scalar by curve point
 	 *
 	 * @v base		Base point
@@ -307,6 +317,11 @@ pubkey_match ( struct pubkey_algorithm *pubkey,
 	return pubkey->match ( private_key, public_key );
 }
 
+static inline __attribute__ (( always_inline )) int
+elliptic_is_infinity ( struct elliptic_curve *curve, const void *point ) {
+	return curve->is_infinity ( point );
+}
+
 static inline __attribute__ (( always_inline )) int
 elliptic_multiply ( struct elliptic_curve *curve,
 		    const void *base, const void *scalar, void *result ) {

src/include/ipxe/errfile.h

@@ -443,6 +443,7 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
 #define ERRFILE_usb_settings	      ( ERRFILE_OTHER | 0x00650000 )
 #define ERRFILE_weierstrass	      ( ERRFILE_OTHER | 0x00660000 )
 #define ERRFILE_efi_cacert	      ( ERRFILE_OTHER | 0x00670000 )
+#define ERRFILE_ecdhe		      ( ERRFILE_OTHER | 0x00680000 )
 
 /** @} */
 

src/include/ipxe/weierstrass.h

@@ -62,6 +62,7 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
 			bigint_t ( size ) y;				\
 			bigint_t ( size ) z;				\
 		};							\
+		bigint_t ( size * 2 ) xy;				\
 		bigint_t ( size * 3 ) all;				\
 	}
 
@@ -123,6 +124,8 @@ struct weierstrass_curve {
 	};
 };
 
+extern int weierstrass_is_infinity ( struct weierstrass_curve *curve,
+				     const void *point );
 extern int weierstrass_multiply ( struct weierstrass_curve *curve,
 				  const void *base, const void *scalar,
 				  void *result );
@@ -154,6 +157,10 @@ extern int weierstrass_add_once ( struct weierstrass_curve *curve,
 		.a = (_name ## _cache)[6].element,			\
 		.b3 = (_name ## _cache)[7].element,			\
 	};								\
+	static int _name ## _is_infinity ( const void *point) {		\
+		return weierstrass_is_infinity ( &_name ## _weierstrass,\
+						 point );		\
+	}								\
 	static int _name ## _multiply ( const void *base,		\
 					const void *scalar,		\
 					void *result ) {		\
@@ -171,6 +178,7 @@ extern int weierstrass_add_once ( struct weierstrass_curve *curve,
 		.keysize = (_len),					\
 		.base = (_base),					\
 		.order = (_order),					\
+		.is_infinity = _name ## _is_infinity,			\
 		.multiply = _name ## _multiply,				\
 		.add = _name ## _add,					\
 	}

src/include/ipxe/x25519.h

@@ -85,9 +85,10 @@ extern void x25519_multiply ( const union x25519_oct258 *multiplicand,
 extern void x25519_invert ( const union x25519_oct258 *invertend,
 			    union x25519_quad257 *result );
 extern void x25519_reduce ( union x25519_quad257 *value );
-extern int x25519_key ( const struct x25519_value *base,
-			const struct x25519_value *scalar,
-			struct x25519_value *result );
+extern void x25519_key ( const struct x25519_value *base,
+			 const struct x25519_value *scalar,
+			 struct x25519_value *result );
+extern int x25519_is_zero ( const struct x25519_value *value );
 
 extern struct elliptic_curve x25519_curve;