Home Explore Help
Register Sign In
OWEALs
/
usign
mirror of https://git.openwrt.org/project/usign.git
2
0
Fork 0
Files Issues 0 Wiki
Branch: master
Branches Tags
usign
/
ed25519.h

ed25519.h 2.2 KB
Permalink History Raw

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980 
  1. /* Edwards curve operations
    2. 

  2.  * Daniel Beer <dlbeer@gmail.com>, 9 Jan 2014
    3. 

  3.  *
    4. 

  4.  * This file is in the public domain.
    5. 

  5.  */
    6. 

  6. 

  7. #ifndef ED25519_H_
    8. 

  8. #define ED25519_H_
    9. 

  9. 

  10. #include "f25519.h"
    11. 

  11. 

  12. /* This is not the Ed25519 signature system. Rather, we're implementing
    13. 

  13.  * basic operations on the twisted Edwards curve over (Z mod 2^255-19):
    14. 

  14.  *
    15. 

  15.  *     -x^2 + y^2 = 1 - (121665/121666)x^2y^2
    16. 

  16.  *
    17. 

  17.  * With the positive-x base point y = 4/5.
    18. 

  18.  *
    19. 

  19.  * These functions will not leak secret data through timing.
    20. 

  20.  *
    21. 

  21.  * For more information, see:
    22. 

  22.  *
    23. 

  23.  *     Bernstein, D.J. & Lange, T. (2007) "Faster addition and doubling on
    24. 

  24.  *     elliptic curves". Document ID: 95616567a6ba20f575c5f25e7cebaf83.
    25. 

  25.  *
    26. 

  26.  *     Hisil, H. & Wong, K K. & Carter, G. & Dawson, E. (2008) "Twisted
    27. 

  27.  *     Edwards curves revisited". Advances in Cryptology, ASIACRYPT 2008,
    28. 

  28.  *     Vol. 5350, pp. 326-343.
    29. 

  29.  */
    30. 

  30. 

  31. /* Projective coordinates */
    32. 

  32. struct ed25519_pt {
    33. 

  33. 	uint8_t		x[F25519_SIZE];
    34. 

  34. 	uint8_t		y[F25519_SIZE];
    35. 

  35. 	uint8_t		t[F25519_SIZE];
    36. 

  36. 	uint8_t		z[F25519_SIZE];
    37. 

  37. };
    38. 

  38. 

  39. extern const struct ed25519_pt ed25519_base;
    40. 

  40. 

  41. /* Convert between projective and affine coordinates (x/y in F25519) */
    42. 

  42. void ed25519_project(struct ed25519_pt *p,
    43. 

  43. 		     const uint8_t *x, const uint8_t *y);
    44. 

  44. 

  45. void ed25519_unproject(uint8_t *x, uint8_t *y,
    46. 

  46. 		       const struct ed25519_pt *p);
    47. 

  47. 

  48. /* Compress/uncompress points. try_unpack() will check that the
    49. 

  49.  * compressed point is on the curve, returning 1 if the unpacked point
    50. 

  50.  * is valid, and 0 otherwise.
    51. 

  51.  */
    52. 

  52. #define ED25519_PACK_SIZE	F25519_SIZE
    53. 

  53. 

  54. void ed25519_pack(uint8_t *c, const uint8_t *x, const uint8_t *y);
    55. 

  55. uint8_t ed25519_try_unpack(uint8_t *x, uint8_t *y, const uint8_t *c);
    56. 

  56. 

  57. /* Add, double and scalar multiply */
    58. 

  58. #define ED25519_EXPONENT_SIZE	32
    59. 

  59. 

  60. /* Prepare an exponent by clamping appropriate bits */
    61. 

  61. static inline void ed25519_prepare(uint8_t *e)
    62. 

  62. {
    63. 

  63. 	e[0] &= 0xf8;
    64. 

  64. 	e[31] &= 0x7f;
    65. 

  65. 	e[31] |= 0x40;
    66. 

  66. }
    67. 

  67. 

  68. /* Order of the group generated by the base point */
    69. 

  69. static inline void ed25519_copy(struct ed25519_pt *dst,
    70. 

  70. 				const struct ed25519_pt *src)
    71. 

  71. {
    72. 

  72. 	memcpy(dst, src, sizeof(*dst));
    73. 

  73. }
    74. 

  74. 

  75. void ed25519_add(struct ed25519_pt *r,
    76. 

  76. 		 const struct ed25519_pt *a, const struct ed25519_pt *b);
    77. 

  77. void ed25519_smult(struct ed25519_pt *r, const struct ed25519_pt *a,
    78. 

  78. 		   const uint8_t *e);
    79. 

  79. 

  80. #endif
    81.