+++ /dev/null
-/*
- * f25519.h: arithmetic modulo 2^255 - 19
- */
-/*
- * This file is Free Software. It has been modified to as part of its
- * incorporation into secnet.
- *
- * Copyright 2017 Mark Wooding
- *
- * You may redistribute this file and/or modify it under the terms of
- * the permissive licence shown below.
- *
- * You may redistribute secnet as a whole and/or modify it under the
- * terms of the GNU General Public License as published by the Free
- * Software Foundation; either version 3, or (at your option) any
- * later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, see
- * https://www.gnu.org/licenses/gpl.html.
- */
-/*
- * Imported from Catacomb, and lightly modified for Secnet (2017-04-30):
- *
- * * Use `fake-mLib-bits.h' in place of the real <mLib/bits.h>.
- *
- * * Remove the 16/32-bit implementation, since C99 always has 64-bit
- * arithmetic.
- *
- * * Disable some of the operations which aren't needed for X25519.
- * (They're used for Ed25519, which we don't need.)
- *
- * The file's original comment headers are preserved below.
- */
-/* -*-c-*-
- *
- * Arithmetic modulo 2^255 - 19
- *
- * (c) 2017 Straylight/Edgeware
- */
-
-/*----- Licensing notice --------------------------------------------------*
- *
- * This file is part of Catacomb.
- *
- * Catacomb is free software; you can redistribute it and/or modify
- * it under the terms of the GNU Library General Public License as
- * published by the Free Software Foundation; either version 2 of the
- * License, or (at your option) any later version.
- *
- * Catacomb is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Library General Public License for more details.
- *
- * You should have received a copy of the GNU Library General Public
- * License along with Catacomb; if not, write to the Free
- * Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- * MA 02111-1307, USA.
- */
-
-#ifndef CATACOMB_F25519_H
-#define CATACOMB_F25519_H
-
-#ifdef __cplusplus
- extern "C" {
-#endif
-
-/*----- Header files ------------------------------------------------------*/
-
-#include "fake-mLib-bits.h"
-
-#ifndef CATACOMB_QFARITH_H
-# include "qfarith.h"
-#endif
-
-/*----- Data structures ---------------------------------------------------*/
-
-typedef union {
- int32 p26[10];
-} f25519;
-
-/*----- Functions provided ------------------------------------------------*/
-
-#define F25519_TRIM_X25519
-
-/* --- @f25519_set@ --- *
- *
- * Arguments: @f25519 *z@ = where to write the result
- * @int a@ = a small-ish constant
- *
- * Returns: ---
- *
- * Use: Sets @z@ to equal @a@.
- */
-
-extern void f25519_set(f25519 */*x*/, int /*a*/);
-
-/* --- @f25519_load@ --- *
- *
- * Arguments: @f25519 *z@ = where to store the result
- * @const octet xv[32]@ = source to read
- *
- * Returns: ---
- *
- * Use: Reads an element of %$\gf{2^{255} - 19}$% in external
- * representation from @xv@ and stores it in @z@.
- *
- * External representation is little-endian base-256. Elements
- * have multiple encodings, which are not produced by correct
- * software; use of noncanonical encodings is not an error, and
- * toleration of them is considered a performance feature.
- *
- * Some specifications, e.g., RFC7748, require the topmost bit
- * (i.e., bit 7 of @wv[31]@) to be ignored. Callers
- * implementing such specifications should clear the bit
- * explicitly. (It's much easier for a caller who wants the bit
- * to be ignored to clear it than for a caller who wants the bit
- * to be significant to apply the necessary change by hand.)
- */
-
-extern void f25519_load(f25519 */*z*/, const octet /*xv*/[32]);
-
-/* --- @f25519_store@ --- *
- *
- * Arguments: @octet zv[32]@ = where to write the result
- * @const f25519 *x@ = the field element to write
- *
- * Returns: ---
- *
- * Use: Stores a field element in the given octet vector in external
- * representation. A canonical encoding is always stored, so,
- * in particular, the top bit of @xv[31]@ is always left clear.
- */
-
-extern void f25519_store(octet /*zv*/[32], const f25519 */*x*/);
-
-#ifndef F25519_TRIM_X25519
-
-/* --- @f25519_pick2@ --- *
- *
- * Arguments: @f25519 *z@ = where to put the result (may alias @x@ or @y@)
- * @const f25519 *x, *y@ = two operands
- * @uint32 m@ = a mask
- *
- * Returns: ---
- *
- * Use: If @m@ is zero, set @z = y@; if @m@ is all-bits-set, then set
- * @z = x@. If @m@ has some other value, then scramble @z@ in
- * an unhelpful way.
- */
-
-extern void f25519_pick2(f25519 */*z*/, const f25519 */*x*/,
- const f25519 */*y*/, uint32 /*m*/);
-
-/* --- @f25519_pickn@ --- *
- *
- * Arguments: @f25519 *z@ = where to put the result
- * @const f25519 *v@ = a table of entries
- * @size_t n@ = the number of entries in @v@
- * @size_t i@ = an index
- *
- * Returns: ---
- *
- * Use: If @0 <= i < n < 32@ then set @z = v[i]@. If @n >= 32@ then
- * do something unhelpful; otherwise, if @i >= n@ then set @z@
- * to zero.
- */
-
-extern void f25519_pickn(f25519 */*z*/, const f25519 */*v*/, size_t /*n*/,
- size_t /*i*/);
-
-#endif
-
-/* --- @f25519_condswap@ --- *
- *
- * Arguments: @f25519 *x, *y@ = two operands
- * @uint32 m@ = a mask
- *
- * Returns: ---
- *
- * Use: If @m@ is zero, do nothing; if @m@ is all-bits-set, then
- * exchange @x@ and @y@. If @m@ has some other value, then
- * scramble @x@ and @y@ in an unhelpful way.
- */
-
-extern void f25519_condswap(f25519 */*x*/, f25519 */*y*/, uint32 /*m*/);
-
-/* --- @f25519_add@ --- *
- *
- * Arguments: @f25519 *z@ = where to put the result (may alias @x@ or @y@)
- * @const f25519 *x, *y@ = two operands
- *
- * Returns: ---
- *
- * Use: Set @z@ to the sum %$x + y$%.
- */
-
-extern void f25519_add(f25519 */*z*/,
- const f25519 */*x*/, const f25519 */*y*/);
-
-/* --- @f25519_sub@ --- *
- *
- * Arguments: @f25519 *z@ = where to put the result (may alias @x@ or @y@)
- * @const f25519 *x, *y@ = two operands
- *
- * Returns: ---
- *
- * Use: Set @z@ to the difference %$x - y$%.
- */
-
-extern void f25519_sub(f25519 */*z*/,
- const f25519 */*x*/, const f25519 */*y*/);
-
-#ifndef F25519_TRIM_X25519
-
-/* --- @f25519_neg@ --- *
- *
- * Arguments: @f25519 *z@ = where to put the result (may alias @x@)
- * @const f25519 *x@ = an operand
- *
- * Returns: ---
- *
- * Use: Set @z = -x@.
- */
-
-extern void f25519_neg(f25519 */*z*/, const f25519 */*x*/);
-
-/* --- @f25519_condneg@ --- *
- *
- * Arguments: @f25519 *z@ = where to put the result (may alias @x@)
- * @const f25519 *x@ = an operand
- * @uint32 m@ = a mask
- *
- * Returns: ---
- *
- * Use: If @m@ is zero, set @z = x@; if @m@ is all-bits-set, then set
- * @z = -x@. If @m@ has some other value then scramble @z@ in
- * an unhelpful way.
- */
-
-extern void f25519_condneg(f25519 */*z*/, const f25519 */*x*/, uint32 /*m*/);
-
-#endif
-
-/* --- @f25519_mulconst@ --- *
- *
- * Arguments: @f25519 *z@ = where to put the result (may alias @x@)
- * @const f25519 *x@ = an operand
- * @long a@ = a small-ish constant; %$|a| < 2^{20}$%.
- *
- * Returns: ---
- *
- * Use: Set @z@ to the product %$a x$%.
- */
-
-extern void f25519_mulconst(f25519 */*z*/, const f25519 */*x*/, long /*a*/);
-
-/* --- @f25519_mul@ --- *
- *
- * Arguments: @f25519 *z@ = where to put the result (may alias @x@ or @y@)
- * @const f25519 *x, *y@ = two operands
- *
- * Returns: ---
- *
- * Use: Set @z@ to the product %$x y$%.
- */
-
-extern void f25519_mul(f25519 */*z*/,
- const f25519 */*x*/, const f25519 */*y*/);
-
-/* --- @f25519_sqr@ --- *
- *
- * Arguments: @f25519 *z@ = where to put the result (may alias @x@ or @y@)
- * @const f25519 *x@ = an operand
- *
- * Returns: ---
- *
- * Use: Set @z@ to the square %$x^2$%.
- */
-
-extern void f25519_sqr(f25519 */*z*/, const f25519 */*x*/);
-
-/* --- @f25519_inv@ --- *
- *
- * Arguments: @f25519 *z@ = where to put the result (may alias @x@)
- * @const f25519 *x@ = an operand
- *
- * Returns: ---
- *
- * Use: Stores in @z@ the multiplicative inverse %$x^{-1}$%. If
- * %$x = 0$% then @z@ is set to zero. This is considered a
- * feature.
- */
-
-extern void f25519_inv(f25519 */*z*/, const f25519 */*x*/);
-
-#ifndef F25519_TRIM_X25519
-
-/* --- @f25519_quosqrt@ --- *
- *
- * Arguments: @f25519 *z@ = where to put the result (may alias @x@ or @y@)
- * @const f25519 *x, *y@ = two operands
- *
- * Returns: Zero if successful, @-1@ if %$x/y$% is not a square.
- *
- * Use: Stores in @z@ the one of the square roots %$\pm\sqrt{x/y}$%.
- * If %$x = y = 0% then the result is zero; if %$y = 0$% but %$x
- * \ne 0$% then the operation fails. If you wanted a specific
- * square root then you'll have to pick it yourself.
- */
-
-extern int f25519_quosqrt(f25519 */*z*/,
- const f25519 */*x*/, const f25519 */*y*/);
-
-#endif
-
-/*----- That's all, folks -------------------------------------------------*/
-
-#ifdef __cplusplus
- }
-#endif
-
-#endif
~mdw / secnet / blobdiff