summaryrefslogtreecommitdiffstats
path: root/src/ec25519_secret.c
diff options
context:
space:
mode:
authorMatthias Schiffer <mschiffer@universe-factory.net>2012-12-07 19:07:37 +0100
committerMatthias Schiffer <mschiffer@universe-factory.net>2012-12-07 19:07:37 +0100
commitbccf64ec1b9b1b139259c03907f00d97430d43c5 (patch)
tree9f3cb6f5fb0d498c596f446968923c748034531c /src/ec25519_secret.c
parentf67c3f36b9c4a2ab90bf7cf1380ecdb58528a133 (diff)
downloadlibuecc-bccf64ec1b9b1b139259c03907f00d97430d43c5.tar
libuecc-bccf64ec1b9b1b139259c03907f00d97430d43c5.zip
Reworked the API
Diffstat (limited to 'src/ec25519_secret.c')
-rw-r--r--src/ec25519_secret.c188
1 files changed, 0 insertions, 188 deletions
diff --git a/src/ec25519_secret.c b/src/ec25519_secret.c
deleted file mode 100644
index 7f3d987..0000000
--- a/src/ec25519_secret.c
+++ /dev/null
@@ -1,188 +0,0 @@
-/*
- Copyright (c) 2012, Matthias Schiffer <mschiffer@universe-factory.net>
- Partly based on public domain code by Matthew Dempsky and D. J. Bernstein.
- All rights reserved.
-
- Redistribution and use in source and binary forms, with or without
- modification, are permitted provided that the following conditions are met:
-
- 1. Redistributions of source code must retain the above copyright notice,
- this list of conditions and the following disclaimer.
- 2. Redistributions in binary form must reproduce the above copyright notice,
- this list of conditions and the following disclaimer in the documentation
- and/or other materials provided with the distribution.
-
- THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
- AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
- FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
- SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
- CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
- OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-*/
-
-/*
- Simple finite field operations on the prime field F_q for
- q = 2^252 + 27742317777372353535851937790883648493, which
- is the order of the base point used for ec25519
-*/
-
-#include <libuecc/ecc.h>
-
-
-#define IS_NEGATIVE(n) ((int)((((unsigned)n) >> (8*sizeof(n)-1))&1))
-#define ASR(n,s) (((n) >> s)|(IS_NEGATIVE(n)*((unsigned)-1) << (8*sizeof(n)-s)))
-
-
-static const unsigned char q[32] = {
- 0xed, 0xd3, 0xf5, 0x5c, 0x1a, 0x63, 0x12, 0x58,
- 0xd6, 0x9c, 0xf7, 0xa2, 0xde, 0xf9, 0xde, 0x14,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10
-};
-
-
-static void select(unsigned char out[32], const unsigned char r[32], const unsigned char s[32], unsigned int b) {
- unsigned int j;
- unsigned int t;
- unsigned int bminus1;
-
- bminus1 = b - 1;
- for (j = 0;j < 32;++j) {
- t = bminus1 & (r[j] ^ s[j]);
- out[j] = s[j] ^ t;
- }
-}
-
-int ecc_25519_secret_is_zero(const ecc_secret_key_256 *in) {
- int i;
- ecc_secret_key_256 r;
- unsigned int bits;
-
- ecc_25519_secret_reduce(&r, in);
-
- for (i = 0; i < 32; i++)
- bits |= r.s[i];
-
- return (((bits-1)>>8) & 1);
-}
-
-void ecc_25519_secret_add(ecc_secret_key_256 *out, const ecc_secret_key_256 *in1, const ecc_secret_key_256 *in2) {
- unsigned int j;
- unsigned int u;
- int nq = 1 - (in1->s[31]>>4) - (in2->s[31]>>4);
-
- u = 0;
- for (j = 0; j < 32; ++j) {
- u += in1->s[j] + in2->s[j] + nq*q[j];
-
- out->s[j] = u;
- u = ASR(u, 8);
- }
-}
-
-void ecc_25519_secret_sub(ecc_secret_key_256 *out, const ecc_secret_key_256 *in1, const ecc_secret_key_256 *in2) {
- unsigned int j;
- unsigned int u;
- int nq = 8 - (in1->s[31]>>4) + (in2->s[31]>>4);
-
- u = 0;
- for (j = 0; j < 32; ++j) {
- u += in1->s[j] - in2->s[j] + nq*q[j];
-
- out->s[j] = u;
- u = ASR(u, 8);
- }
-}
-
-static void reduce(unsigned char a[32]) {
- unsigned int j;
- unsigned int nq = a[31] >> 4;
- unsigned int u1, u2;
- unsigned char out1[32], out2[32];
-
- u1 = u2 = 0;
- for (j = 0; j < 31; ++j) {
- u1 += a[j] - nq*q[j];
- u2 += a[j] - (nq-1)*q[j];
-
- out1[j] = u1; out2[j] = u2;
- u1 = ASR(u1, 8);
- u2 = ASR(u2, 8);
- }
- u1 += a[31] - nq*q[31];
- u2 += a[31] - (nq-1)*q[31];
- out1[31] = u1; out2[31] = u2;
-
- select(a, out1, out2, IS_NEGATIVE(u1));
-}
-
-void ecc_25519_secret_reduce(ecc_secret_key_256 *out, const ecc_secret_key_256 *in) {
- int i;
-
- for (i = 0; i < 32; i++)
- out->s[i] = in->s[i];
-
- reduce(out->s);
-}
-
-/* Montgomery modular multiplication algorithm */
-static void montgomery(unsigned char out[32], const unsigned char a[32], const unsigned char b[32]) {
- unsigned int i, j;
- unsigned int nq;
- unsigned int u;
-
- for (i = 0; i < 32; i++)
- out[i] = 0;
-
- for (i = 0; i < 32; i++) {
- u = out[0] + a[i]*b[0];
- nq = (u*27) & 255;
- u += nq*q[0];
-
- for (j = 1; j < 32; ++j) {
- u += (out[j] + a[i]*b[j] + nq*q[j]) << 8;
- u >>= 8;
- out[j-1] = u;
- }
-
- out[31] = u >> 8;
- }
-}
-
-
-void ecc_25519_secret_mult(ecc_secret_key_256 *out, const ecc_secret_key_256 *in1, const ecc_secret_key_256 *in2) {
- /* 2^512 mod q */
- static const unsigned char C[32] = {
- 0x01, 0x0f, 0x9c, 0x44, 0xe3, 0x11, 0x06, 0xa4,
- 0x47, 0x93, 0x85, 0x68, 0xa7, 0x1b, 0x0e, 0xd0,
- 0x65, 0xbe, 0xf5, 0x17, 0xd2, 0x73, 0xec, 0xce,
- 0x3d, 0x9a, 0x30, 0x7c, 0x1b, 0x41, 0x99, 0x03
- };
-
- unsigned char B[32];
- unsigned char R[32];
- unsigned int i;
-
- for (i = 0; i < 32; i++)
- B[i] = in2->s[i];
-
- reduce(B);
-
- montgomery(R, in1->s, B);
- montgomery(out->s, R, C);
-}
-
-void ecc_25519_secret_sanitize(ecc_secret_key_256 *out, const ecc_secret_key_256 *in) {
- int i;
-
- for (i = 0; i < 32; i++)
- out->s[i] = in->s[i];
-
- out->s[0] &= 0xf8;
- out->s[31] &= 0x7f;
- out->s[31] |= 0x40;
-}