[thirdparty/nettle.git] / curve25519-mul-g.c

/* curve25519-mul-g.c

   Copyright (C) 2014 Niels Möller

   This file is part of GNU Nettle.

   GNU Nettle is free software: you can redistribute it and/or
   modify it under the terms of either:

     * the GNU Lesser General Public License as published by the Free
       Software Foundation; either version 3 of the License, or (at your
       option) any later version.

   or

     * the GNU General Public License as published by the Free
       Software Foundation; either version 2 of the License, or (at your
       option) any later version.

   or both in parallel, as here.

   GNU Nettle is distributed in the hope that it will be useful,
   but WITHOUT ANY WARRANTY; without even the implied warranty of
   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
   General Public License for more details.

   You should have received copies of the GNU General Public License and
   the GNU Lesser General Public License along with this program.  If
   not, see http://www.gnu.org/licenses/.
*/

#if HAVE_CONFIG_H
# include "config.h"
#endif

#include <string.h>

#include "curve25519.h"

#include "ecc.h"
#include "ecc-internal.h"

/* Intended to be compatible with NaCl's crypto_scalarmult_base. */
void
curve25519_mul_g (uint8_t *r, const uint8_t *n)
{
  const struct ecc_curve *ecc = &_nettle_curve25519;
  uint8_t t[CURVE25519_SIZE];
  mp_limb_t *scratch;
  mp_size_t itch;

#define ng scratch
#define x (scratch + 3*ecc->p.size)
#define scratch_out (scratch + 4*ecc->p.size)
  
  memcpy (t, n, sizeof(t));
  t[0] &= ~7;
  t[CURVE25519_SIZE-1] = (t[CURVE25519_SIZE-1] & 0x3f) | 0x40;

  itch = 4*ecc->p.size + ecc->mul_g_itch;
  scratch = gmp_alloc_limbs (itch);

  mpn_set_base256_le (x, ecc->p.size, t, CURVE25519_SIZE);

  ecc_mul_g_eh (ecc, ng, x, scratch_out);
  curve25519_eh_to_x (x, ng, scratch_out);

  mpn_get_base256_le (r, CURVE25519_SIZE, x, ecc->p.size);
  gmp_free_limbs (scratch, itch);
#undef p
#undef x
#undef scratch_out
}
Commit	Line	Data
6c8d40f7	1	/* curve25519-mul-g.c
28b7678e NM	2
	3	Copyright (C) 2014 Niels Möller
	4
	5	This file is part of GNU Nettle.
	6
	7	GNU Nettle is free software: you can redistribute it and/or
	8	modify it under the terms of either:
	9
	10	* the GNU Lesser General Public License as published by the Free
	11	Software Foundation; either version 3 of the License, or (at your
	12	option) any later version.
	13
	14	or
	15
	16	* the GNU General Public License as published by the Free
	17	Software Foundation; either version 2 of the License, or (at your
	18	option) any later version.
	19
	20	or both in parallel, as here.
	21
	22	GNU Nettle is distributed in the hope that it will be useful,
	23	but WITHOUT ANY WARRANTY; without even the implied warranty of
	24	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	25	General Public License for more details.
	26
	27	You should have received copies of the GNU General Public License and
	28	the GNU Lesser General Public License along with this program. If
	29	not, see http://www.gnu.org/licenses/.
	30	*/
	31
	32	#if HAVE_CONFIG_H
	33	# include "config.h"
	34	#endif
	35
	36	#include <string.h>
	37
	38	#include "curve25519.h"
	39
	40	#include "ecc.h"
	41	#include "ecc-internal.h"
	42
	43	/* Intended to be compatible with NaCl's crypto_scalarmult_base. */
	44	void
6c8d40f7	45	curve25519_mul_g (uint8_t r, const uint8_t n)
28b7678e	46	{
b1773940	47	const struct ecc_curve *ecc = &_nettle_curve25519;
28b7678e NM	48	uint8_t t[CURVE25519_SIZE];
28b7678e NM	49	mp_limb_t *scratch;
28b7678e NM	50	mp_size_t itch;
28b7678e NM	51
a78c9459 NM	52	#define ng scratch
	53	#define x (scratch + 3*ecc->p.size)
	54	#define scratch_out (scratch + 4*ecc->p.size)
28b7678e NM	55
	56	memcpy (t, n, sizeof(t));
	57	t[0] &= ~7;
	58	t[CURVE25519_SIZE-1] = (t[CURVE25519_SIZE-1] & 0x3f) \| 0x40;
	59
a78c9459	60	itch = 4*ecc->p.size + ecc->mul_g_itch;
28b7678e NM	61	scratch = gmp_alloc_limbs (itch);
28b7678e NM	62
a78c9459	63	mpn_set_base256_le (x, ecc->p.size, t, CURVE25519_SIZE);
28b7678e	64
a78c9459 NM	65	ecc_mul_g_eh (ecc, ng, x, scratch_out);
a78c9459 NM	66	curve25519_eh_to_x (x, ng, scratch_out);
28b7678e	67
a78c9459	68	mpn_get_base256_le (r, CURVE25519_SIZE, x, ecc->p.size);
28b7678e	69	gmp_free_limbs (scratch, itch);
51e45744 NM	70	#undef p
	71	#undef x
	72	#undef scratch_out
28b7678e	73	}