Home Explore Help
Sign In
SMusatov
/
mkp224o
mirror of https://github.com/cathugger/mkp224o.git
1
0
Fork 0
Files
Branch: master
Branches Tags
mkp224o
/
ed25519
/
ed25519-donna
/
curve25519-donna-helpers.h

curve25519-donna-helpers.h 3.6 KB
Permalink History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115 
  1. /*
    2. 

  2. 	Public domain by Andrew M. <liquidsun@gmail.com>
    3. 

  3. 	See: https://github.com/floodyberry/curve25519-donna
    4. 

  4. 

  5. 	Curve25519 implementation agnostic helpers
    6. 

  6. */
    7. 

  7. 

  8. /*
    9. 

  9.  * In:  b =   2^5 - 2^0
    10. 

  10.  * Out: b = 2^250 - 2^0
    11. 

  11.  */
    12. 

  12. static void
    13. 

  13. curve25519_pow_two5mtwo0_two250mtwo0(bignum25519 b) {
    14. 

  14. 	bignum25519 ALIGN(16) t0,c;
    15. 

  15. 

  16. 	/* 2^5  - 2^0 */ /* b */
    17. 

  17. 	/* 2^10 - 2^5 */ curve25519_square_times(t0, b, 5);
    18. 

  18. 	/* 2^10 - 2^0 */ curve25519_mul_noinline(b, t0, b);
    19. 

  19. 	/* 2^20 - 2^10 */ curve25519_square_times(t0, b, 10);
    20. 

  20. 	/* 2^20 - 2^0 */ curve25519_mul_noinline(c, t0, b);
    21. 

  21. 	/* 2^40 - 2^20 */ curve25519_square_times(t0, c, 20);
    22. 

  22. 	/* 2^40 - 2^0 */ curve25519_mul_noinline(t0, t0, c);
    23. 

  23. 	/* 2^50 - 2^10 */ curve25519_square_times(t0, t0, 10);
    24. 

  24. 	/* 2^50 - 2^0 */ curve25519_mul_noinline(b, t0, b);
    25. 

  25. 	/* 2^100 - 2^50 */ curve25519_square_times(t0, b, 50);
    26. 

  26. 	/* 2^100 - 2^0 */ curve25519_mul_noinline(c, t0, b);
    27. 

  27. 	/* 2^200 - 2^100 */ curve25519_square_times(t0, c, 100);
    28. 

  28. 	/* 2^200 - 2^0 */ curve25519_mul_noinline(t0, t0, c);
    29. 

  29. 	/* 2^250 - 2^50 */ curve25519_square_times(t0, t0, 50);
    30. 

  30. 	/* 2^250 - 2^0 */ curve25519_mul_noinline(b, t0, b);
    31. 

  31. }
    32. 

  32. 

  33. /*
    34. 

  34.  * z^(p - 2) = z(2^255 - 21)
    35. 

  35.  */
    36. 

  36. static void
    37. 

  37. curve25519_recip(bignum25519 out, const bignum25519 z) {
    38. 

  38. 	bignum25519 ALIGN(16) a,t0,b;
    39. 

  39. 

  40. 	/* 2 */ curve25519_square_times(a, z, 1); /* a = 2 */
    41. 

  41. 	/* 8 */ curve25519_square_times(t0, a, 2);
    42. 

  42. 	/* 9 */ curve25519_mul_noinline(b, t0, z); /* b = 9 */
    43. 

  43. 	/* 11 */ curve25519_mul_noinline(a, b, a); /* a = 11 */
    44. 

  44. 	/* 22 */ curve25519_square_times(t0, a, 1);
    45. 

  45. 	/* 2^5 - 2^0 = 31 */ curve25519_mul_noinline(b, t0, b);
    46. 

  46. 	/* 2^250 - 2^0 */ curve25519_pow_two5mtwo0_two250mtwo0(b);
    47. 

  47. 	/* 2^255 - 2^5 */ curve25519_square_times(b, b, 5);
    48. 

  48. 	/* 2^255 - 21 */ curve25519_mul_noinline(out, b, a);
    49. 

  49. }
    50. 

  50. 

  51. static const unsigned char curve25519_packedone[32] = {
    52. 

  52. 	1, 0, 0, 0, 0, 0, 0, 0,
    53. 

  53. 	0, 0, 0, 0, 0, 0, 0, 0,
    54. 

  54. 	0, 0, 0, 0, 0, 0, 0, 0,
    55. 

  55. 	0, 0, 0, 0, 0, 0, 0, 0,
    56. 

  56. };
    57. 

  57. 

  58. static void
    59. 

  59. curve25519_setone(bignum25519 out) {
    60. 

  60. 	// (cathugger) this hopefuly will get inlined by compiler because im lazy
    61. 

  61. 	curve25519_expand(out, curve25519_packedone);
    62. 

  62. }
    63. 

  63. 

  64. /*
    65. 

  65.  * (cathugger)
    66. 

  66.  * idk if recip is same as invert but I hope it is
    67. 

  67.  * if that's the case then we're doing batch invert there
    68. 

  68.  */
    69. 

  69. static void
    70. 

  70. curve25519_batchrecip(bignum25519 *out, const bignum25519 *in, bignum25519 *tmp, size_t num, size_t offset) {
    71. 

  71. 	bignum25519 ALIGN(16) acc,tmpacc;
    72. 

  72. 	size_t i;
    73. 

  73. 	const bignum25519 *inp;
    74. 

  74. 	bignum25519 *outp;
    75. 

  75. 

  76. 	curve25519_setone(acc);
    77. 

  77. 

  78. 	inp = in;
    79. 

  79. 	for (i = 0; i < num; ++i) {
    80. 

  80. 		curve25519_copy(tmp[i], acc);
    81. 

  81. 		curve25519_mul(acc, acc, *inp);
    82. 

  82. 		inp = (const bignum25519 *)((const char *)inp + offset);
    83. 

  83. 	}
    84. 

  84. 

  85. 	curve25519_recip(acc, acc);
    86. 

  86. 

  87. 	i = num;
    88. 

  88. 	inp = (const bignum25519 *)((const char *)in + offset * num);
    89. 

  89. 	outp = (bignum25519 *)((char *)out + offset * num);
    90. 

  90. 	while (i--) {
    91. 

  91. 		inp = (const bignum25519 *)((const char *)inp - offset);
    92. 

  92. 		outp = (bignum25519 *)((char *)outp - offset);
    93. 

  93. 		curve25519_mul(tmpacc, acc, *inp);
    94. 

  94. 		curve25519_mul(*outp, acc, tmp[i]);
    95. 

  95. 		curve25519_copy(acc, tmpacc);
    96. 

  96. 	}
    97. 

  97. }
    98. 

  98. 

  99. /*
    100. 

  100.  * z^((p-5)/8) = z^(2^252 - 3)
    101. 

  101.  */
    102. 

  102. static void
    103. 

  103. curve25519_pow_two252m3(bignum25519 two252m3, const bignum25519 z) {
    104. 

  104. 	bignum25519 ALIGN(16) b,c,t0;
    105. 

  105. 

  106. 	/* 2 */ curve25519_square_times(c, z, 1); /* c = 2 */
    107. 

  107. 	/* 8 */ curve25519_square_times(t0, c, 2); /* t0 = 8 */
    108. 

  108. 	/* 9 */ curve25519_mul_noinline(b, t0, z); /* b = 9 */
    109. 

  109. 	/* 11 */ curve25519_mul_noinline(c, b, c); /* c = 11 */
    110. 

  110. 	/* 22 */ curve25519_square_times(t0, c, 1);
    111. 

  111. 	/* 2^5 - 2^0 = 31 */ curve25519_mul_noinline(b, t0, b);
    112. 

  112. 	/* 2^250 - 2^0 */ curve25519_pow_two5mtwo0_two250mtwo0(b);
    113. 

  113. 	/* 2^252 - 2^2 */ curve25519_square_times(b, b, 2);
    114. 

  114. 	/* 2^252 - 3 */ curve25519_mul_noinline(two252m3, b, z);
    115. 

  115. }
    116.