• source navigation  • diff markup  • identifier search  • freetext search  • 

Sources/usign/ed25519.h

  1 /* Edwards curve operations
  2  * Daniel Beer <dlbeer@gmail.com>, 9 Jan 2014
  3  *
  4  * This file is in the public domain.
  5  */
  6 
  7 #ifndef ED25519_H_
  8 #define ED25519_H_
  9 
 10 #include "f25519.h"
 11 
 12 /* This is not the Ed25519 signature system. Rather, we're implementing
 13  * basic operations on the twisted Edwards curve over (Z mod 2^255-19):
 14  *
 15  *     -x^2 + y^2 = 1 - (121665/121666)x^2y^2
 16  *
 17  * With the positive-x base point y = 4/5.
 18  *
 19  * These functions will not leak secret data through timing.
 20  *
 21  * For more information, see:
 22  *
 23  *     Bernstein, D.J. & Lange, T. (2007) "Faster addition and doubling on
 24  *     elliptic curves". Document ID: 95616567a6ba20f575c5f25e7cebaf83.
 25  *
 26  *     Hisil, H. & Wong, K K. & Carter, G. & Dawson, E. (2008) "Twisted
 27  *     Edwards curves revisited". Advances in Cryptology, ASIACRYPT 2008,
 28  *     Vol. 5350, pp. 326-343.
 29  */
 30 
 31 /* Projective coordinates */
 32 struct ed25519_pt {
 33         uint8_t         x[F25519_SIZE];
 34         uint8_t         y[F25519_SIZE];
 35         uint8_t         t[F25519_SIZE];
 36         uint8_t         z[F25519_SIZE];
 37 };
 38 
 39 extern const struct ed25519_pt ed25519_base;
 40 
 41 /* Convert between projective and affine coordinates (x/y in F25519) */
 42 void ed25519_project(struct ed25519_pt *p,
 43                      const uint8_t *x, const uint8_t *y);
 44 
 45 void ed25519_unproject(uint8_t *x, uint8_t *y,
 46                        const struct ed25519_pt *p);
 47 
 48 /* Compress/uncompress points. try_unpack() will check that the
 49  * compressed point is on the curve, returning 1 if the unpacked point
 50  * is valid, and 0 otherwise.
 51  */
 52 #define ED25519_PACK_SIZE       F25519_SIZE
 53 
 54 void ed25519_pack(uint8_t *c, const uint8_t *x, const uint8_t *y);
 55 uint8_t ed25519_try_unpack(uint8_t *x, uint8_t *y, const uint8_t *c);
 56 
 57 /* Add, double and scalar multiply */
 58 #define ED25519_EXPONENT_SIZE   32
 59 
 60 /* Prepare an exponent by clamping appropriate bits */
 61 static inline void ed25519_prepare(uint8_t *e)
 62 {
 63         e[0] &= 0xf8;
 64         e[31] &= 0x7f;
 65         e[31] |= 0x40;
 66 }
 67 
 68 /* Order of the group generated by the base point */
 69 static inline void ed25519_copy(struct ed25519_pt *dst,
 70                                 const struct ed25519_pt *src)
 71 {
 72         memcpy(dst, src, sizeof(*dst));
 73 }
 74 
 75 void ed25519_add(struct ed25519_pt *r,
 76                  const struct ed25519_pt *a, const struct ed25519_pt *b);
 77 void ed25519_smult(struct ed25519_pt *r, const struct ed25519_pt *a,
 78                    const uint8_t *e);
 79 
 80 #endif
 81

This page was automatically generated by LXR 0.3.1.  •  OpenWrt