std/crypto: add support for the NIST P-384 curve

lib/std/crypto.zig

@@ -62,6 +62,7 @@ pub const ecc = struct {
     pub const Curve25519 = @import("crypto/25519/curve25519.zig").Curve25519;
     pub const Edwards25519 = @import("crypto/25519/edwards25519.zig").Edwards25519;
     pub const P256 = @import("crypto/pcurves/p256.zig").P256;
+    pub const P384 = @import("crypto/pcurves/p384.zig").P384;
     pub const Ristretto255 = @import("crypto/25519/ristretto255.zig").Ristretto255;
 };
 
@@ -201,6 +202,7 @@ test {
     _ = ecc.Curve25519;
     _ = ecc.Edwards25519;
     _ = ecc.P256;
+    _ = ecc.P384;
     _ = ecc.Ristretto255;
 
     _ = hash.blake2;

lib/std/crypto/pcurves/common.zig

@@ -253,6 +253,18 @@ pub fn Field(comptime params: FieldParams) type {
                 const x47 = x15.mul(x53);
                 const ls = x47.mul(((x53.sqn(17).mul(x2)).sqn(143).mul(x47)).sqn(47)).sq().mul(x2);
                 return ls.equivalent(Fe.one);
+            } else if (field_order == 39402006196394479212279040100143613805079739270465446667948293404245721771496870329047266088258938001861606973112319) {
+                const t111 = x2.mul(x2.mul(x2.sq()).sq());
+                const t111111 = t111.mul(t111.sqn(3));
+                const t1111110 = t111111.sq();
+                const t1111111 = x2.mul(t1111110);
+                const x12 = t1111110.sqn(5).mul(t111111);
+                const x31 = x12.sqn(12).mul(x12).sqn(7).mul(t1111111);
+                const x32 = x31.sq().mul(x2);
+                const x63 = x32.sqn(31).mul(x31);
+                const x126 = x63.sqn(63).mul(x63);
+                const ls = x126.sqn(126).mul(x126).sqn(3).mul(t111).sqn(33).mul(x32).sqn(95).mul(x31);
+                return ls.equivalent(Fe.one);
             } else {
                 const ls = x2.pow(std.meta.Int(.unsigned, field_bits), (field_order - 1) / 2); // Legendre symbol
                 return ls.equivalent(Fe.one);
@@ -268,6 +280,17 @@ pub fn Field(comptime params: FieldParams) type {
                 const t11111111 = t1111.mul(t1111.sqn(4));
                 const x16 = t11111111.sqn(8).mul(t11111111);
                 return x16.sqn(16).mul(x16).sqn(32).mul(x2).sqn(96).mul(x2).sqn(94);
+            } else if (field_order == 39402006196394479212279040100143613805079739270465446667948293404245721771496870329047266088258938001861606973112319) {
+                const t111 = x2.mul(x2.mul(x2.sq()).sq());
+                const t111111 = t111.mul(t111.sqn(3));
+                const t1111110 = t111111.sq();
+                const t1111111 = x2.mul(t1111110);
+                const x12 = t1111110.sqn(5).mul(t111111);
+                const x31 = x12.sqn(12).mul(x12).sqn(7).mul(t1111111);
+                const x32 = x31.sq().mul(x2);
+                const x63 = x32.sqn(31).mul(x31);
+                const x126 = x63.sqn(63).mul(x63);
+                return x126.sqn(126).mul(x126).sqn(3).mul(t111).sqn(33).mul(x32).sqn(64).mul(x2).sqn(30);
             } else {
                 return x2.pow(std.meta.Int(.unsigned, field_bits), (field_order + 1) / 4);
             }

lib/std/crypto/pcurves/p256.zig

@@ -474,5 +474,5 @@ pub const AffineCoordinates = struct {
 };
 
 test "p256" {
-    _ = @import("tests.zig");
+    _ = @import("tests/p256.zig");
 }

lib/std/crypto/pcurves/p256/field.zig

@@ -7,6 +7,6 @@ pub const Fe = Field(.{
     .fiat = @import("p256_64.zig"),
     .field_order = 115792089210356248762697446949407573530086143415290314195533631308867097853951,
     .field_bits = 256,
-    .saturated_bits = 255,
+    .saturated_bits = 256,
     .encoded_length = 32,
 });

lib/std/crypto/pcurves/p256/scalar.zig

@@ -20,7 +20,7 @@ const Fe = Field(.{
     .fiat = @import("p256_scalar_64.zig"),
     .field_order = 115792089210356248762697446949407573529996955224135760342422259061068512044369,
     .field_bits = 256,
-    .saturated_bits = 255,
+    .saturated_bits = 256,
     .encoded_length = encoded_length,
 });