diff options
| author | Yawning Angel <yawning@schwanenlied.me> | 2015-06-24 14:51:00 +0000 |
|---|---|---|
| committer | Yawning Angel <yawning@schwanenlied.me> | 2015-07-06 08:00:01 +0000 |
| commit | 7b10741be4280d84a7ac9f41c54380cbc1f09c1b (patch) | |
| tree | 07b0a153138949654750e046dd8b3ac18698cf1b /src/ext/ed25519/donna/curve25519-donna-helpers.h | |
| parent | 19440b9e58b3d824057abd3a0faf08fd7cb891ff (diff) | |
| download | tor-7b10741be4280d84a7ac9f41c54380cbc1f09c1b.tar.gz tor-7b10741be4280d84a7ac9f41c54380cbc1f09c1b.zip | |
Import Andrew Moon's ed25519-donna.
This is a clean copy of ed25519-donna as of commit:
8757bd4cd209cb032853ece0ce413f122eef212c
https://github.com/floodyberry/ed25519-donna
Diffstat (limited to 'src/ext/ed25519/donna/curve25519-donna-helpers.h')
| -rw-r--r-- | src/ext/ed25519/donna/curve25519-donna-helpers.h | 67 |
1 files changed, 67 insertions, 0 deletions
diff --git a/src/ext/ed25519/donna/curve25519-donna-helpers.h b/src/ext/ed25519/donna/curve25519-donna-helpers.h new file mode 100644 index 0000000000..e4058ff5ec --- /dev/null +++ b/src/ext/ed25519/donna/curve25519-donna-helpers.h @@ -0,0 +1,67 @@ +/* + Public domain by Andrew M. <liquidsun@gmail.com> + See: https://github.com/floodyberry/curve25519-donna + + Curve25519 implementation agnostic helpers +*/ + +/* + * In: b = 2^5 - 2^0 + * Out: b = 2^250 - 2^0 + */ +static void +curve25519_pow_two5mtwo0_two250mtwo0(bignum25519 b) { + bignum25519 ALIGN(16) t0,c; + + /* 2^5 - 2^0 */ /* b */ + /* 2^10 - 2^5 */ curve25519_square_times(t0, b, 5); + /* 2^10 - 2^0 */ curve25519_mul_noinline(b, t0, b); + /* 2^20 - 2^10 */ curve25519_square_times(t0, b, 10); + /* 2^20 - 2^0 */ curve25519_mul_noinline(c, t0, b); + /* 2^40 - 2^20 */ curve25519_square_times(t0, c, 20); + /* 2^40 - 2^0 */ curve25519_mul_noinline(t0, t0, c); + /* 2^50 - 2^10 */ curve25519_square_times(t0, t0, 10); + /* 2^50 - 2^0 */ curve25519_mul_noinline(b, t0, b); + /* 2^100 - 2^50 */ curve25519_square_times(t0, b, 50); + /* 2^100 - 2^0 */ curve25519_mul_noinline(c, t0, b); + /* 2^200 - 2^100 */ curve25519_square_times(t0, c, 100); + /* 2^200 - 2^0 */ curve25519_mul_noinline(t0, t0, c); + /* 2^250 - 2^50 */ curve25519_square_times(t0, t0, 50); + /* 2^250 - 2^0 */ curve25519_mul_noinline(b, t0, b); +} + +/* + * z^(p - 2) = z(2^255 - 21) + */ +static void +curve25519_recip(bignum25519 out, const bignum25519 z) { + bignum25519 ALIGN(16) a,t0,b; + + /* 2 */ curve25519_square_times(a, z, 1); /* a = 2 */ + /* 8 */ curve25519_square_times(t0, a, 2); + /* 9 */ curve25519_mul_noinline(b, t0, z); /* b = 9 */ + /* 11 */ curve25519_mul_noinline(a, b, a); /* a = 11 */ + /* 22 */ curve25519_square_times(t0, a, 1); + /* 2^5 - 2^0 = 31 */ curve25519_mul_noinline(b, t0, b); + /* 2^250 - 2^0 */ curve25519_pow_two5mtwo0_two250mtwo0(b); + /* 2^255 - 2^5 */ curve25519_square_times(b, b, 5); + /* 2^255 - 21 */ curve25519_mul_noinline(out, b, a); +} + +/* + * z^((p-5)/8) = z^(2^252 - 3) + */ +static void +curve25519_pow_two252m3(bignum25519 two252m3, const bignum25519 z) { + bignum25519 ALIGN(16) b,c,t0; + + /* 2 */ curve25519_square_times(c, z, 1); /* c = 2 */ + /* 8 */ curve25519_square_times(t0, c, 2); /* t0 = 8 */ + /* 9 */ curve25519_mul_noinline(b, t0, z); /* b = 9 */ + /* 11 */ curve25519_mul_noinline(c, b, c); /* c = 11 */ + /* 22 */ curve25519_square_times(t0, c, 1); + /* 2^5 - 2^0 = 31 */ curve25519_mul_noinline(b, t0, b); + /* 2^250 - 2^0 */ curve25519_pow_two5mtwo0_two250mtwo0(b); + /* 2^252 - 2^2 */ curve25519_square_times(b, b, 2); + /* 2^252 - 3 */ curve25519_mul_noinline(two252m3, b, z); +} |