1 /* Arithmetic mod p = 2^255-19 2 * Daniel Beer <dlbeer@gmail.com>, 8 Jan 2014 3 * 4 * This file is in the public domain. 5 */ 6 7 #ifndef F25519_H_ 8 #define F25519_H_ 9 10 #include <stdint.h> 11 #include <string.h> 12 13 /* Field elements are represented as little-endian byte strings. All 14 * operations have timings which are independent of input data, so they 15 * can be safely used for cryptography. 16 * 17 * Computation is performed on un-normalized elements. These are byte 18 * strings which fall into the range 0 <= x < 2p. Use f25519_normalize() 19 * to convert to a value 0 <= x < p. 20 * 21 * Elements received from the outside may greater even than 2p. 22 * f25519_normalize() will correctly deal with these numbers too. 23 */ 24 #define F25519_SIZE 32 25 26 /* Identity constants */ 27 extern const uint8_t f25519_one[F25519_SIZE]; 28 29 /* Load a small constant */ 30 void f25519_load(uint8_t *x, uint32_t c); 31 32 /* Copy two points */ 33 static inline void f25519_copy(uint8_t *x, const uint8_t *a) 34 { 35 memcpy(x, a, F25519_SIZE); 36 } 37 38 /* Normalize a field point x < 2*p by subtracting p if necessary */ 39 void f25519_normalize(uint8_t *x); 40 41 /* Compare two field points in constant time. Return one if equal, zero 42 * otherwise. This should be performed only on normalized values. 43 */ 44 uint8_t f25519_eq(const uint8_t *x, const uint8_t *y); 45 46 /* Conditional copy. If condition == 0, then zero is copied to dst. If 47 * condition == 1, then one is copied to dst. Any other value results in 48 * undefined behaviour. 49 */ 50 void f25519_select(uint8_t *dst, 51 const uint8_t *zero, const uint8_t *one, 52 uint8_t condition); 53 54 /* Add/subtract two field points. The three pointers are not required to 55 * be distinct. 56 */ 57 void f25519_add(uint8_t *r, const uint8_t *a, const uint8_t *b); 58 void f25519_sub(uint8_t *r, const uint8_t *a, const uint8_t *b); 59 60 /* Unary negation */ 61 void f25519_neg(uint8_t *r, const uint8_t *a); 62 63 /* Multiply two field points. The __distinct variant is used when r is 64 * known to be in a different location to a and b. 65 */ 66 void f25519_mul__distinct(uint8_t *r, const uint8_t *a, const uint8_t *b); 67 68 /* Take the reciprocal of a field point. The __distinct variant is used 69 * when r is known to be in a different location to x. 70 */ 71 void f25519_inv__distinct(uint8_t *r, const uint8_t *x); 72 73 /* Compute one of the square roots of the field element, if the element 74 * is square. The other square is -r. 75 * 76 * If the input is not square, the returned value is a valid field 77 * element, but not the correct answer. If you don't already know that 78 * your element is square, you should square the return value and test. 79 */ 80 void f25519_sqrt(uint8_t *r, const uint8_t *x); 81 82 #endif 83
This page was automatically generated by LXR 0.3.1. • OpenWrt