2014-10-02 Niels Möller <nisse@lysator.liu.se>
+ * eddsa-decompress.c (_eddsa_decompress): New file, new function.
+ * eddsa-compress.c (_eddsa_compress): New file, new function.
+ * eddsa.h: New file.
+ * Makefile.in (HEADERS): Added eddsa.h.
+ (hogweed_SOURCES): Added eddsa-compress.c and eddsa-decompress.c.
+
* testsuite/ecc-sqrt-test.c: New test case.
* testsuite/Makefile.in (TS_HOGWEED_SOURCES): Added
ecc-sqrt-test.c.
ecc-ecdsa-sign.c ecdsa-sign.c \
ecc-ecdsa-verify.c ecdsa-verify.c ecdsa-keygen.c \
curve25519-mul-g.c curve25519-mul.c curve25519-eh-to-x.c \
+ eddsa-compress.c eddsa-decompress.c \
$(OPT_HOGWEED_SOURCES)
HEADERS = aes.h arcfour.h arctwo.h asn1.h blowfish.h \
base16.h base64.h buffer.h camellia.h cast128.h \
cbc.h ccm.h chacha.h chacha-poly1305.h ctr.h \
curve25519.h des.h des-compat.h dsa.h dsa-compat.h eax.h \
- ecc-curve.h ecc.h ecdsa.h \
+ ecc-curve.h ecc.h ecdsa.h eddsa.h \
gcm.h gosthash94.h hmac.h \
knuth-lfib.h \
macros.h \
--- /dev/null
+/* eddsa-compress.c
+
+ Copyright (C) 2014 Niels Möller
+
+ This file is part of GNU Nettle.
+
+ GNU Nettle is free software: you can redistribute it and/or
+ modify it under the terms of either:
+
+ * the GNU Lesser General Public License as published by the Free
+ Software Foundation; either version 3 of the License, or (at your
+ option) any later version.
+
+ or
+
+ * the GNU General Public License as published by the Free
+ Software Foundation; either version 2 of the License, or (at your
+ option) any later version.
+
+ or both in parallel, as here.
+
+ GNU Nettle is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ General Public License for more details.
+
+ You should have received copies of the GNU General Public License and
+ the GNU Lesser General Public License along with this program. If
+ not, see http://www.gnu.org/licenses/.
+*/
+
+#if HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include "eddsa.h"
+
+#include "ecc-internal.h"
+#include "gmp-glue.h"
+
+mp_size_t
+_eddsa_compress_itch (const struct ecc_curve *ecc)
+{
+ return 2*ecc->p.size + ecc->h_to_a_itch;
+}
+
+void
+_eddsa_compress (const struct ecc_curve *ecc, uint8_t *r, mp_limb_t *p,
+ mp_limb_t *scratch)
+{
+#define xp scratch
+#define yp (scratch + ecc->p.size)
+#define scratch_out (scratch + 2*ecc->p.size)
+
+ ecc->h_to_a (ecc, 0, xp, p, scratch_out);
+ /* Encoding is the y coordinate and an appended "sign" bit, which is
+ the low bit of x. Bit order is not specified explicitly, but for
+ little-endian encoding, it makes most sense to append the bit
+ after the most significant bit of y. */
+ mpn_get_base256_le (r, 1 + ecc->p.bit_size / 8, yp, ecc->p.size);
+ r[ecc->p.bit_size / 8] += (xp[0] & 1) << (ecc->p.bit_size & 7);
+}
--- /dev/null
+/* eddsa-decompress.c
+
+ Copyright (C) 2014 Niels Möller
+
+ This file is part of GNU Nettle.
+
+ GNU Nettle is free software: you can redistribute it and/or
+ modify it under the terms of either:
+
+ * the GNU Lesser General Public License as published by the Free
+ Software Foundation; either version 3 of the License, or (at your
+ option) any later version.
+
+ or
+
+ * the GNU General Public License as published by the Free
+ Software Foundation; either version 2 of the License, or (at your
+ option) any later version.
+
+ or both in parallel, as here.
+
+ GNU Nettle is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ General Public License for more details.
+
+ You should have received copies of the GNU General Public License and
+ the GNU Lesser General Public License along with this program. If
+ not, see http://www.gnu.org/licenses/.
+*/
+
+#if HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include "eddsa.h"
+
+#include "ecc-internal.h"
+#include "gmp-glue.h"
+
+mp_size_t
+_eddsa_decompress_itch (const struct ecc_curve *ecc)
+{
+ return 4*ecc->p.size + ecc->p.sqrt_itch;
+}
+
+int
+_eddsa_decompress (const struct ecc_curve *ecc, mp_limb_t *p,
+ const uint8_t *cp,
+ mp_limb_t *scratch)
+{
+ mp_limb_t sign, cy;
+ int res;
+
+#define xp p
+#define yp (p + ecc->p.size)
+
+#define y2 scratch
+#define vp (scratch + ecc->p.size)
+#define up scratch
+#define tp (scratch + 2*ecc->p.size)
+#define scratch_out (scratch + 4*ecc->p.size)
+
+ sign = cp[ecc->p.bit_size / 8] >> (ecc->p.bit_size & 7);
+ if (sign > 1)
+ return 0;
+ mpn_set_base256_le (yp, ecc->p.size, cp, 1 + ecc->p.bit_size / 8);
+ /* Clear out the sign bit (if it fits) */
+ yp[ecc->p.size - 1] &= ~(mp_limb_t) 0
+ >> (ecc->p.size * GMP_NUMB_BITS - ecc->p.bit_size);
+ ecc_modp_sqr (ecc, y2, yp);
+ ecc_modp_mul (ecc, vp, y2, ecc->b);
+ ecc_modp_sub (ecc, vp, vp, ecc->unit);
+ ecc_modp_sub (ecc, up, ecc->unit, y2);
+ res = ecc->p.sqrt (&ecc->p, tp, up, vp, scratch_out);
+
+ cy = mpn_sub_n (xp, tp, ecc->p.m, ecc->p.size);
+ cnd_copy (cy, xp, tp, ecc->p.size);
+ sign ^= xp[0] & 1;
+ mpn_sub_n (tp, ecc->p.m, xp, ecc->p.size);
+ cnd_copy (sign, xp, tp, ecc->p.size);
+ return res;
+}
--- /dev/null
+/* eddsa.h
+
+ Copyright (C) 2014 Niels Möller
+
+ This file is part of GNU Nettle.
+
+ GNU Nettle is free software: you can redistribute it and/or
+ modify it under the terms of either:
+
+ * the GNU Lesser General Public License as published by the Free
+ Software Foundation; either version 3 of the License, or (at your
+ option) any later version.
+
+ or
+
+ * the GNU General Public License as published by the Free
+ Software Foundation; either version 2 of the License, or (at your
+ option) any later version.
+
+ or both in parallel, as here.
+
+ GNU Nettle is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ General Public License for more details.
+
+ You should have received copies of the GNU General Public License and
+ the GNU Lesser General Public License along with this program. If
+ not, see http://www.gnu.org/licenses/.
+*/
+
+#ifndef NETTLE_EDDSA_H
+#define NETTLE_EDDSA_H
+
+#include "nettle-types.h"
+
+#include "bignum.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* Name mangling */
+#define _eddsa_compress _nettle_eddsa_compress
+#define _eddsa_compress_itch _nettle_eddsa_compress_itch
+#define _eddsa_decompress _nettle_eddsa_decompress
+#define _eddsa_decompress_itch _nettle_eddsa_decompress_itch
+
+#define ED25519_KEY_SIZE 32
+
+struct ecc_curve;
+
+mp_size_t
+_eddsa_compress_itch (const struct ecc_curve *ecc);
+void
+_eddsa_compress (const struct ecc_curve *ecc, uint8_t *r, mp_limb_t *p,
+ mp_limb_t *scratch);
+
+mp_size_t
+_eddsa_decompress_itch (const struct ecc_curve *ecc);
+int
+_eddsa_decompress (const struct ecc_curve *ecc, mp_limb_t *p,
+ const uint8_t *cp,
+ mp_limb_t *scratch);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* NETTLE_EDDSA_H */
projects / thirdparty / nettle.git / commitdiff
