doxygen/ed25519__internal_8h_source.html

/*

* Ed25519

* (C) 2017 Ribose Inc

*

* Based on the public domain code from SUPERCOP ref10 by

* Peter Schwabe, Daniel J. Bernstein, Niels Duif, Tanja Lange, Bo-Yin Yang

*

* Botan is released under the Simplified BSD License (see license.txt)

*/


#ifndef BOTAN_ED25519_INT_H_

#define BOTAN_ED25519_INT_H_


#include <botan/internal/ed25519_fe.h>

#include <botan/internal/loadstor.h>


namespace Botan {


inline uint64_t load_3(const uint8_t in[3])

   {

   return static_cast<uint64_t>(in[0]) |

      (static_cast<uint64_t>(in[1]) << 8) |

      (static_cast<uint64_t>(in[2]) << 16);

   }


inline uint64_t load_4(const uint8_t* in)

   {

   return load_le<uint32_t>(in, 0);

   }


template<size_t S, int64_t MUL=1>

inline void carry(int64_t& h0, int64_t& h1)

   {

   static_assert(S > 0 && S < 64, "Shift in range");


   const int64_t X1 = (static_cast<int64_t>(1) << S);

   const int64_t X2 = (static_cast<int64_t>(1) << (S - 1));

   int64_t c = (h0 + X2)  >> S;

   h1 += c * MUL;

   h0 -= c * X1;

   }


template<size_t S>

inline void carry0(int64_t& h0, int64_t& h1)

   {

   static_assert(S > 0 && S < 64, "Shift in range");


   const int64_t X1 = (static_cast<int64_t>(1) << S);

   int64_t c = h0 >> S;

   h1 += c;

   h0 -= c * X1;

   }


template<size_t S>

inline void carry0(int32_t& h0, int32_t& h1)

   {

   static_assert(S > 0 && S < 32, "Shift in range");


   const int32_t X1 = (static_cast<int64_t>(1) << S);

   int32_t c = h0 >> S;

   h1 += c;

   h0 -= c * X1;

   }


inline void redc_mul(int64_t& s1,

                     int64_t& s2,

                     int64_t& s3,

                     int64_t& s4,

                     int64_t& s5,

                     int64_t& s6,

                     int64_t& X)

   {

   s1 += X * 666643;

   s2 += X * 470296;

   s3 += X * 654183;

   s4 -= X * 997805;

   s5 += X * 136657;

   s6 -= X * 683901;

   X = 0;

   }


/*

ge means group element.


Here the group is the set of pairs (x,y) of field elements (see fe.h)

satisfying -x^2 + y^2 = 1 + d x^2y^2

where d = -121665/121666.


Representations:

  ge_p3 (extended): (X:Y:Z:T) satisfying x=X/Z, y=Y/Z, XY=ZT

*/


struct ge_p3

   {

   fe X;

   fe Y;

   fe Z;

   fe T;

   };


int ge_frombytes_negate_vartime(ge_p3* v, const uint8_t*);

void ge_scalarmult_base(uint8_t out[32], const uint8_t in[32]);


void ge_double_scalarmult_vartime(uint8_t out[32],

                                  const uint8_t a[],

                                  const ge_p3* A,

                                  const uint8_t b[]);


/*

The set of scalars is \Z/l

where l = 2^252 + 27742317777372353535851937790883648493.

*/


void sc_reduce(uint8_t*);

void sc_muladd(uint8_t*, const uint8_t*, const uint8_t*, const uint8_t*);


}


#endif

Botan::FE_25519
Definition: ed25519_fe.h:23

X
fe X
Definition: ge.cpp:26

v
Polynomial v
Definition: kyber.cpp:822

b
PolynomialVector b
Definition: kyber.cpp:821

Botan
Definition: alg_id.cpp:13

Botan::load_le< uint32_t >
constexpr uint32_t load_le< uint32_t >(const uint8_t in[], size_t off)
Definition: loadstor.h:209

Botan::redc_mul
void redc_mul(int64_t &s1, int64_t &s2, int64_t &s3, int64_t &s4, int64_t &s5, int64_t &s6, int64_t &X)
Definition: ed25519_internal.h:65

Botan::load_4
uint64_t load_4(const uint8_t *in)
Definition: ed25519_internal.h:26

Botan::carry0
void carry0(int64_t &h0, int64_t &h1)
Definition: ed25519_internal.h:44

Botan::ge_frombytes_negate_vartime
int ge_frombytes_negate_vartime(ge_p3 *v, const uint8_t *)
Definition: ge.cpp:457

Botan::carry
void carry(int64_t &h0, int64_t &h1)
Definition: ed25519_internal.h:32

Botan::ge_scalarmult_base
void ge_scalarmult_base(uint8_t out[32], const uint8_t in[32])
Definition: ge.cpp:2117

Botan::sc_reduce
void sc_reduce(uint8_t *)
Definition: sc_reduce.cpp:25

Botan::load_3
uint64_t load_3(const uint8_t in[3])
Definition: ed25519_internal.h:19

Botan::ge_double_scalarmult_vartime
void ge_double_scalarmult_vartime(uint8_t out[32], const uint8_t a[], const ge_p3 *A, const uint8_t b[])

Botan::sc_muladd
void sc_muladd(uint8_t *, const uint8_t *, const uint8_t *, const uint8_t *)
Definition: sc_muladd.cpp:26

Botan::ge_p3
Definition: ed25519_internal.h:94

Botan::ge_p3::Z
fe Z
Definition: ed25519_internal.h:97

Botan::ge_p3::Y
fe Y
Definition: ed25519_internal.h:96

Botan::ge_p3::T
fe T
Definition: ed25519_internal.h:98

Botan::ge_p3::X
fe X
Definition: ed25519_internal.h:95