Botan 3.9.0
Crypto and TLS for C&
ed25519_internal.h
Go to the documentation of this file.
1/*
2* Ed25519
3* (C) 2017 Ribose Inc
4*
5* Based on the public domain code from SUPERCOP ref10 by
6* Peter Schwabe, Daniel J. Bernstein, Niels Duif, Tanja Lange, Bo-Yin Yang
7*
8* Botan is released under the Simplified BSD License (see license.txt)
9*/
10
11#ifndef BOTAN_ED25519_INT_H_
12#define BOTAN_ED25519_INT_H_
13
14#include <botan/internal/loadstor.h>
15
16namespace Botan {
17
18inline uint32_t load_3(const uint8_t in[3]) {
19 return static_cast<uint32_t>(in[0]) | (static_cast<uint32_t>(in[1]) << 8) | (static_cast<uint32_t>(in[2]) << 16);
20}
21
22inline uint32_t load_4(const uint8_t* in) {
23 return load_le<uint32_t>(in, 0);
24}
25
26template <size_t S, int64_t MUL = 1>
27inline void carry(int64_t& h0, int64_t& h1)
28 requires(S > 0 && S < 64)
29{
30 const int64_t X1 = (static_cast<int64_t>(1) << S);
31 const int64_t X2 = (static_cast<int64_t>(1) << (S - 1));
32 int64_t c = (h0 + X2) >> S;
33 h1 += c * MUL;
34 h0 -= c * X1;
35}
36
37template <size_t S>
38inline void carry0(int64_t& h0, int64_t& h1)
39 requires(S > 0 && S < 64)
40{
41 const int64_t X1 = (static_cast<int64_t>(1) << S);
42 int64_t c = h0 >> S;
43 h1 += c;
44 h0 -= c * X1;
45}
46
47template <size_t S>
48inline void carry0(int32_t& h0, int32_t& h1)
49 requires(S > 0 && S < 32)
50{
51 const int32_t X1 = (static_cast<int64_t>(1) << S);
52 int32_t c = h0 >> S;
53 h1 += c;
54 h0 -= c * X1;
55}
56
57inline void redc_mul(int64_t& s1, int64_t& s2, int64_t& s3, int64_t& s4, int64_t& s5, int64_t& s6, int64_t& X) {
58 s1 += X * 666643;
59 s2 += X * 470296;
60 s3 += X * 654183;
61 s4 -= X * 997805;
62 s5 += X * 136657;
63 s6 -= X * 683901;
64 X = 0;
65}
66
67void ed25519_basepoint_mul(std::span<uint8_t, 32> out, const uint8_t in[32]);
68
69bool signature_check(std::span<const uint8_t, 32> pk, const uint8_t h[32], const uint8_t r[32], const uint8_t s[32]);
70
71/*
72The set of scalars is \Z/l
73where l = 2^252 + 27742317777372353535851937790883648493.
74*/
75
76void sc_reduce(uint8_t* s);
77void sc_muladd(uint8_t* s, const uint8_t* a, const uint8_t* b, const uint8_t* c);
78
79} // namespace Botan
80
81#endif
Botan::ed25519_basepoint_mul
void ed25519_basepoint_mul(std::span< uint8_t, 32 > out, const uint8_t in[32])
Definition ge.cpp:1863
Botan::redc_mul
void redc_mul(int64_t &s1, int64_t &s2, int64_t &s3, int64_t &s4, int64_t &s5, int64_t &s6, int64_t &X)
Definition ed25519_internal.h:57
Botan::sc_muladd
void sc_muladd(uint8_t *s, const uint8_t *a, const uint8_t *b, const uint8_t *c)
Definition sc_muladd.cpp:26
Botan::carry0
void carry0(int64_t &h0, int64_t &h1)
Definition ed25519_internal.h:38
Botan::load_3
uint32_t load_3(const uint8_t in[3])
Definition ed25519_internal.h:18
Botan::signature_check
bool signature_check(std::span< const uint8_t, 32 > pk, const uint8_t h[32], const uint8_t r[32], const uint8_t s[32])
Definition ge.cpp:1904
Botan::sc_reduce
void sc_reduce(uint8_t *s)
Definition sc_reduce.cpp:25
Botan::carry
void carry(int64_t &h0, int64_t &h1)
Definition ed25519_internal.h:27
Botan::load_le
constexpr auto load_le(ParamTs &&... params)
Definition loadstor.h:495
Botan::load_4
uint32_t load_4(const uint8_t *in)
Definition ed25519_internal.h:22
Generated by doxygen 1.14.0