Botan 3.6.1
Crypto and TLS for C&
ed25519_internal.h
Go to the documentation of this file.
1/*
2* Ed25519
3* (C) 2017 Ribose Inc
4*
5* Based on the public domain code from SUPERCOP ref10 by
6* Peter Schwabe, Daniel J. Bernstein, Niels Duif, Tanja Lange, Bo-Yin Yang
7*
8* Botan is released under the Simplified BSD License (see license.txt)
9*/
10
11#ifndef BOTAN_ED25519_INT_H_
12#define BOTAN_ED25519_INT_H_
13
14#include <botan/internal/ed25519_fe.h>
15#include <botan/internal/loadstor.h>
16
17namespace Botan {
18
19inline uint64_t load_3(const uint8_t in[3]) {
20 return static_cast<uint64_t>(in[0]) | (static_cast<uint64_t>(in[1]) << 8) | (static_cast<uint64_t>(in[2]) << 16);
21}
22
23inline uint64_t load_4(const uint8_t* in) {
24 return load_le<uint32_t>(in, 0);
25}
26
27template <size_t S, int64_t MUL = 1>
28inline void carry(int64_t& h0, int64_t& h1)
29 requires(S > 0 && S < 64)
30{
31 const int64_t X1 = (static_cast<int64_t>(1) << S);
32 const int64_t X2 = (static_cast<int64_t>(1) << (S - 1));
33 int64_t c = (h0 + X2) >> S;
34 h1 += c * MUL;
35 h0 -= c * X1;
36}
37
38template <size_t S>
39inline void carry0(int64_t& h0, int64_t& h1)
40 requires(S > 0 && S < 64)
41{
42 const int64_t X1 = (static_cast<int64_t>(1) << S);
43 int64_t c = h0 >> S;
44 h1 += c;
45 h0 -= c * X1;
46}
47
48template <size_t S>
49inline void carry0(int32_t& h0, int32_t& h1)
50 requires(S > 0 && S < 32)
51{
52 const int32_t X1 = (static_cast<int64_t>(1) << S);
53 int32_t c = h0 >> S;
54 h1 += c;
55 h0 -= c * X1;
56}
57
58inline void redc_mul(int64_t& s1, int64_t& s2, int64_t& s3, int64_t& s4, int64_t& s5, int64_t& s6, int64_t& X) {
59 s1 += X * 666643;
60 s2 += X * 470296;
61 s3 += X * 654183;
62 s4 -= X * 997805;
63 s5 += X * 136657;
64 s6 -= X * 683901;
65 X = 0;
66}
67
68/*
69ge means group element.
70
71Here the group is the set of pairs (x,y) of field elements (see fe.h)
72satisfying -x^2 + y^2 = 1 + d x^2y^2
73where d = -121665/121666.
74
75Representations:
76 ge_p3 (extended): (X:Y:Z:T) satisfying x=X/Z, y=Y/Z, XY=ZT
77*/
78
85
86int ge_frombytes_negate_vartime(ge_p3* v, const uint8_t*);
87void ge_scalarmult_base(uint8_t out[32], const uint8_t in[32]);
88
89void ge_double_scalarmult_vartime(uint8_t out[32], const uint8_t a[], const ge_p3* A, const uint8_t b[]);
90
91/*
92The set of scalars is \Z/l
93where l = 2^252 + 27742317777372353535851937790883648493.
94*/
95
96void sc_reduce(uint8_t*);
97void sc_muladd(uint8_t*, const uint8_t*, const uint8_t*, const uint8_t*);
98
99} // namespace Botan
100
101#endif
Botan::FE_25519
Definition ed25519_fe.h:22
X
FE_25519 X
Definition ge.cpp:25
Botan::redc_mul
void redc_mul(int64_t &s1, int64_t &s2, int64_t &s3, int64_t &s4, int64_t &s5, int64_t &s6, int64_t &X)
Definition ed25519_internal.h:58
Botan::load_4
uint64_t load_4(const uint8_t *in)
Definition ed25519_internal.h:23
Botan::carry0
void carry0(int64_t &h0, int64_t &h1)
Definition ed25519_internal.h:39
Botan::ge_frombytes_negate_vartime
int ge_frombytes_negate_vartime(ge_p3 *v, const uint8_t *)
Definition ge.cpp:425
Botan::ge_scalarmult_base
void ge_scalarmult_base(uint8_t out[32], const uint8_t in[32])
Definition ge.cpp:2043
Botan::carry
void carry(int64_t &h0, int64_t &h1)
Definition ed25519_internal.h:28
Botan::load_le
constexpr auto load_le(ParamTs &&... params)
Definition loadstor.h:521
Botan::b
const SIMD_8x32 & b
Definition simd_avx2_gfni.h:63
Botan::sc_reduce
void sc_reduce(uint8_t *)
Definition sc_reduce.cpp:25
Botan::load_3
uint64_t load_3(const uint8_t in[3])
Definition ed25519_internal.h:19
Botan::ge_double_scalarmult_vartime
void ge_double_scalarmult_vartime(uint8_t out[32], const uint8_t a[], const ge_p3 *A, const uint8_t b[])
Botan::sc_muladd
void sc_muladd(uint8_t *, const uint8_t *, const uint8_t *, const uint8_t *)
Definition sc_muladd.cpp:26
Botan::ge_p3
Definition ed25519_internal.h:79
Botan::ge_p3::Z
FE_25519 Z
Definition ed25519_internal.h:82
Botan::ge_p3::T
FE_25519 T
Definition ed25519_internal.h:83
Botan::ge_p3::X
FE_25519 X
Definition ed25519_internal.h:80
Botan::ge_p3::Y
FE_25519 Y
Definition ed25519_internal.h:81
Generated by doxygen 1.12.0