summaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/CMakeLists.txt2
-rw-r--r--src/ec25519.c60
-rw-r--r--src/ec25519_gf.c (renamed from src/ec25519_secret.c)48
3 files changed, 66 insertions, 44 deletions
diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt
index edcee42..318d4f8 100644
--- a/src/CMakeLists.txt
+++ b/src/CMakeLists.txt
@@ -1,6 +1,6 @@
include_directories(${LIBUECC_SOURCE_DIR}/include)
-add_library(uecc STATIC ec25519.c ec25519_secret.c)
+add_library(uecc STATIC ec25519.c ec25519_gf.c)
install(TARGETS uecc
ARCHIVE DESTINATION lib
diff --git a/src/ec25519.c b/src/ec25519.c
index bfb49a0..915bd2c 100644
--- a/src/ec25519.c
+++ b/src/ec25519.c
@@ -347,7 +347,40 @@ static void recip(unsigned int out[32], const unsigned int z[32]) {
/* 2^255 - 21 */ mult(out, t1, z11);
}
-void ecc_25519_load(ecc_25519_work *out, const ecc_public_key_256 *in) {
+void ecc_25519_load_xy(ecc_25519_work *out, const ecc_int_256 *x, const ecc_int_256 *y) {
+ int i;
+
+ for (i = 0; i < 32; i++) {
+ out->X[i] = x->p[i];
+ out->Y[i] = y->p[i];
+ out->Z[i] = (i == 0);
+ }
+
+ mult(out->T, out->X, out->Y);
+}
+
+void ecc_25519_store_xy(ecc_int_256 *x, ecc_int_256 *y, const ecc_25519_work *in) {
+ unsigned int X[32], Y[32], Z[32];
+ int i;
+
+ recip(Z, in->Z);
+
+ if (x) {
+ mult(X, Z, in->X);
+ freeze(X);
+ for (i = 0; i < 32; i++)
+ x->p[i] = X[i];
+ }
+
+ if (y) {
+ mult(Y, Z, in->Y);
+ freeze(Y);
+ for (i = 0; i < 32; i++)
+ y->p[i] = Y[i];
+ }
+}
+
+void ecc_25519_load_packed(ecc_25519_work *out, const ecc_int_256 *in) {
static const unsigned int zero[32] = {0};
static const unsigned int one[32] = {1};
@@ -377,22 +410,11 @@ void ecc_25519_load(ecc_25519_work *out, const ecc_public_key_256 *in) {
mult(out->T, out->X, out->Y);
}
-void ecc_25519_store(ecc_public_key_256 *out, const ecc_25519_work *in) {
- unsigned int x[32], y[32], z[32];
- int i;
-
- recip(z, in->Z);
-
- mult(x, z, in->X);
- mult(y, z, in->Y);
-
- freeze(x);
- freeze(y);
-
- for (i = 0; i < 32; i++)
- out->p[i] = x[i];
+void ecc_25519_store_packed(ecc_int_256 *out, const ecc_25519_work *in) {
+ ecc_int_256 y;
- out->p[31] |= (y[0] << 7);
+ ecc_25519_store_xy(out, &y, in);
+ out->p[31] |= (y.p[0] << 7);
}
static const ecc_25519_work id = {{0}, {1}, {1}, {0}};
@@ -450,13 +472,13 @@ void ecc_25519_add(ecc_25519_work *out, const ecc_25519_work *in1, const ecc_255
mult(out->Z, F, G);
}
-void ecc_25519_scalarmult(ecc_25519_work *out, const ecc_secret_key_256 *n, const ecc_25519_work *base) {
+void ecc_25519_scalarmult(ecc_25519_work *out, const ecc_int_256 *n, const ecc_25519_work *base) {
ecc_25519_work Q2, Q2p;
ecc_25519_work cur = id;
int b, pos;
for (pos = 255; pos >= 0; --pos) {
- b = n->s[pos / 8] >> (pos & 7);
+ b = n->p[pos / 8] >> (pos & 7);
b &= 1;
ecc_25519_double(&Q2, &cur);
@@ -483,6 +505,6 @@ static const ecc_25519_work default_base = {
0x47, 0x4b, 0x4c, 0x81, 0xa6, 0x02, 0xfd, 0x29}
};
-void ecc_25519_scalarmult_base(ecc_25519_work *out, const ecc_secret_key_256 *n) {
+void ecc_25519_scalarmult_base(ecc_25519_work *out, const ecc_int_256 *n) {
ecc_25519_scalarmult(out, n, &default_base);
}
diff --git a/src/ec25519_secret.c b/src/ec25519_gf.c
index 7f3d987..6847cb1 100644
--- a/src/ec25519_secret.c
+++ b/src/ec25519_gf.c
@@ -57,43 +57,43 @@ static void select(unsigned char out[32], const unsigned char r[32], const unsig
}
}
-int ecc_25519_secret_is_zero(const ecc_secret_key_256 *in) {
+int ecc_25519_gf_is_zero(const ecc_int_256 *in) {
int i;
- ecc_secret_key_256 r;
+ ecc_int_256 r;
unsigned int bits;
- ecc_25519_secret_reduce(&r, in);
+ ecc_25519_gf_reduce(&r, in);
for (i = 0; i < 32; i++)
- bits |= r.s[i];
+ bits |= r.p[i];
return (((bits-1)>>8) & 1);
}
-void ecc_25519_secret_add(ecc_secret_key_256 *out, const ecc_secret_key_256 *in1, const ecc_secret_key_256 *in2) {
+void ecc_25519_gf_add(ecc_int_256 *out, const ecc_int_256 *in1, const ecc_int_256 *in2) {
unsigned int j;
unsigned int u;
- int nq = 1 - (in1->s[31]>>4) - (in2->s[31]>>4);
+ int nq = 1 - (in1->p[31]>>4) - (in2->p[31]>>4);
u = 0;
for (j = 0; j < 32; ++j) {
- u += in1->s[j] + in2->s[j] + nq*q[j];
+ u += in1->p[j] + in2->p[j] + nq*q[j];
- out->s[j] = u;
+ out->p[j] = u;
u = ASR(u, 8);
}
}
-void ecc_25519_secret_sub(ecc_secret_key_256 *out, const ecc_secret_key_256 *in1, const ecc_secret_key_256 *in2) {
+void ecc_25519_gf_sub(ecc_int_256 *out, const ecc_int_256 *in1, const ecc_int_256 *in2) {
unsigned int j;
unsigned int u;
- int nq = 8 - (in1->s[31]>>4) + (in2->s[31]>>4);
+ int nq = 8 - (in1->p[31]>>4) + (in2->p[31]>>4);
u = 0;
for (j = 0; j < 32; ++j) {
- u += in1->s[j] - in2->s[j] + nq*q[j];
+ u += in1->p[j] - in2->p[j] + nq*q[j];
- out->s[j] = u;
+ out->p[j] = u;
u = ASR(u, 8);
}
}
@@ -120,13 +120,13 @@ static void reduce(unsigned char a[32]) {
select(a, out1, out2, IS_NEGATIVE(u1));
}
-void ecc_25519_secret_reduce(ecc_secret_key_256 *out, const ecc_secret_key_256 *in) {
+void ecc_25519_gf_reduce(ecc_int_256 *out, const ecc_int_256 *in) {
int i;
for (i = 0; i < 32; i++)
- out->s[i] = in->s[i];
+ out->p[i] = in->p[i];
- reduce(out->s);
+ reduce(out->p);
}
/* Montgomery modular multiplication algorithm */
@@ -154,7 +154,7 @@ static void montgomery(unsigned char out[32], const unsigned char a[32], const u
}
-void ecc_25519_secret_mult(ecc_secret_key_256 *out, const ecc_secret_key_256 *in1, const ecc_secret_key_256 *in2) {
+void ecc_25519_gf_mult(ecc_int_256 *out, const ecc_int_256 *in1, const ecc_int_256 *in2) {
/* 2^512 mod q */
static const unsigned char C[32] = {
0x01, 0x0f, 0x9c, 0x44, 0xe3, 0x11, 0x06, 0xa4,
@@ -168,21 +168,21 @@ void ecc_25519_secret_mult(ecc_secret_key_256 *out, const ecc_secret_key_256 *in
unsigned int i;
for (i = 0; i < 32; i++)
- B[i] = in2->s[i];
+ B[i] = in2->p[i];
reduce(B);
- montgomery(R, in1->s, B);
- montgomery(out->s, R, C);
+ montgomery(R, in1->p, B);
+ montgomery(out->p, R, C);
}
-void ecc_25519_secret_sanitize(ecc_secret_key_256 *out, const ecc_secret_key_256 *in) {
+void ecc_25519_gf_sanitize_secret(ecc_int_256 *out, const ecc_int_256 *in) {
int i;
for (i = 0; i < 32; i++)
- out->s[i] = in->s[i];
+ out->p[i] = in->p[i];
- out->s[0] &= 0xf8;
- out->s[31] &= 0x7f;
- out->s[31] |= 0x40;
+ out->p[0] &= 0xf8;
+ out->p[31] &= 0x7f;
+ out->p[31] |= 0x40;
}