2019-12-18 Niels Möller <nisse@lysator.liu.se>
+ Rename add and dup functions for Edwards curves.
+ * ecc-dup-th.c (ecc_dup_th): New file, move and rename ecc_dup_eh.
+ * ecc-add-th.c (ecc_add_th): New file, move and rename ecc_add_eh.
+ * ecc-add-thh.c (ecc_add_thh): New file, move and rename
+ ecc_add_ehh.
+ * ecc-dup-eh.c (ecc_dup_eh_untwisted): Rename to just ecc_dup_eh.
+ * ecc-add-eh.c (ecc_add_ehh_untwisted): Rename to just ecc_add_eh.
+ * ecc-add-ehh.c (ecc_add_ehh_untwisted): Rename to just ecc_add_ehh.
+ * ecc-internal.h (ecc_dup_th, ecc_add_th, ecc_add_thh): Declare
+ new functions, delete declarations of ecc_*_untwisted variants.
+ (ECC_DUP_TH_ITCH, ECC_ADD_TH_ITCH, ECC_ADD_THH_ITCH): New macros.
+ * ecc-25519.c (_nettle_curve25519): Update, use ecc_dup_th and
+ friends.
+ * ecc-448.c (_nettle_curve448): Update for rename, without
+ _untwisted suffix.
+ * Makefile.in (hogweed_SOURCES): Added ecc-dup-th.c, ecc-add-th.c,
+ and ecc-add-thh.c
+ * testsuite/ecc-dup-test.c (test_main): Update asserts.
+ * testsuite/ecc-add-test.c (test_main): Likewise.
+
* eddsa-verify.c (_eddsa_verify): Use function pointer rather than
calling ecc_add_eh directly. Preparation for eddsa over curve448.
ecc-dup-jj.c ecc-add-jja.c ecc-add-jjj.c \
ecc-eh-to-a.c \
ecc-dup-eh.c ecc-add-eh.c ecc-add-ehh.c \
+ ecc-dup-th.c ecc-add-th.c ecc-add-thh.c \
ecc-mul-g-eh.c ecc-mul-a-eh.c ecc-mul-m.c \
ecc-mul-g.c ecc-mul-a.c ecc-hash.c ecc-random.c \
ecc-point.c ecc-scalar.c ecc-point-mul.c ecc-point-mul-g.c \
ECC_PIPPENGER_K,
ECC_PIPPENGER_C,
- ECC_ADD_EH_ITCH (ECC_LIMB_SIZE),
- ECC_ADD_EHH_ITCH (ECC_LIMB_SIZE),
- ECC_DUP_EH_ITCH (ECC_LIMB_SIZE),
+ ECC_ADD_TH_ITCH (ECC_LIMB_SIZE),
+ ECC_ADD_THH_ITCH (ECC_LIMB_SIZE),
+ ECC_DUP_TH_ITCH (ECC_LIMB_SIZE),
ECC_MUL_A_EH_ITCH (ECC_LIMB_SIZE),
ECC_MUL_G_EH_ITCH (ECC_LIMB_SIZE),
ECC_EH_TO_A_ITCH (ECC_LIMB_SIZE, ECC_25519_INV_ITCH),
- ecc_add_eh,
- ecc_add_ehh,
- ecc_dup_eh,
+ ecc_add_th,
+ ecc_add_thh,
+ ecc_dup_th,
ecc_mul_a_eh,
ecc_mul_g_eh,
ecc_eh_to_a,
ECC_MUL_G_EH_ITCH (ECC_LIMB_SIZE),
ECC_EH_TO_A_ITCH (ECC_LIMB_SIZE, ECC_448_INV_ITCH),
- ecc_add_eh_untwisted,
- ecc_add_ehh_untwisted,
- ecc_dup_eh_untwisted,
+ ecc_add_eh,
+ ecc_add_ehh,
+ ecc_dup_eh,
ecc_mul_a_eh,
ecc_mul_g_eh,
ecc_eh_to_a,
#define x2 q
#define y2 (q + ecc->p.size)
-#define x3 r
-#define y3 (r + ecc->p.size)
-#define z3 (r + 2*ecc->p.size)
-
- /* Formulas (from djb,
- http://www.hyperelliptic.org/EFD/g1p/auto-twisted-projective.html#addition-madd-2008-bbjlp
-
- Computation Operation Live variables
-
- C = x1*x2 mul C
- D = y1*y2 mul C, D
- T = (x1+y1)*(x2+y2) mul C, D, T
- - C - D
- E = b*C*D 2 mul C, E, T (Replace C <-- D+C)
- B = z1^2 sqr B, C, E, T
- F = B - E B, C, E, F, T
- G = B + E C, F, G, T
- x3 = z1 * F * T 2 mul C, F, G, T
- y3 = z1*G*(D+C) 2 mul F, G
- z3 = F*G mul
-
- 10M + 1S
-
- We have different sign for E, hence swapping F and G, because our
- ecc->b corresponds to -b above.
- */
-#define C (scratch)
-#define D (scratch + 1*ecc->p.size)
-#define T (scratch + 2*ecc->p.size)
-#define E (scratch + 3*ecc->p.size)
-#define B (scratch + 4*ecc->p.size)
-#define F D
-#define G E
-
- ecc_modp_mul (ecc, C, x1, x2);
- ecc_modp_mul (ecc, D, y1, y2);
- ecc_modp_add (ecc, x3, x1, y1);
- ecc_modp_add (ecc, y3, x2, y2);
- ecc_modp_mul (ecc, T, x3, y3);
- ecc_modp_sub (ecc, T, T, C);
- ecc_modp_sub (ecc, T, T, D);
- ecc_modp_mul (ecc, x3, C, D);
- ecc_modp_mul (ecc, E, x3, ecc->b);
-
- ecc_modp_add (ecc, C, D, C);
- ecc_modp_sqr (ecc, B, z1);
- ecc_modp_sub (ecc, F, B, E);
- ecc_modp_add (ecc, G, B, E);
-
- /* x3 */
- ecc_modp_mul (ecc, B, G, T);
- ecc_modp_mul (ecc, x3, B, z1);
-
- /* y3 */
- ecc_modp_mul (ecc, B, F, z1);
- ecc_modp_mul (ecc, y3, B, C); /* Clobbers z1 in case r == p. */
-
- /* z3 */
- ecc_modp_mul (ecc, B, F, G);
- mpn_copyi (z3, B, ecc->p.size);
-}
-
-void
-ecc_add_eh_untwisted (const struct ecc_curve *ecc,
- mp_limb_t *r, const mp_limb_t *p, const mp_limb_t *q,
- mp_limb_t *scratch)
-{
-#define x1 p
-#define y1 (p + ecc->p.size)
-#define z1 (p + 2*ecc->p.size)
-
-#define x2 q
-#define y2 (q + ecc->p.size)
-
#define x3 r
#define y3 (r + ecc->p.size)
#define z3 (r + 2*ecc->p.size)
#define y2 (q + ecc->p.size)
#define z2 (q + 2*ecc->p.size)
-#define x3 r
-#define y3 (r + ecc->p.size)
-#define z3 (r + 2*ecc->p.size)
-
- /* Formulas (from djb,
- http://www.hyperelliptic.org/EFD/g1p/auto-twisted-projective.html#addition-add-2008-bbjlp):
-
- Computation Operation Live variables
-
- C = x1*x2 mul C
- D = y1*y2 mul C, D
- T = (x1+y1)(x2+y2) - C - D, mul C, D, T
- E = b*C*D 2 mul C, E, T (Replace C <-- D - C)
- A = z1*z2 mul A, C, E, T
- B = A^2 sqr A, B, C, E, T
- F = B - E A, B, C, E, F, T
- G = B + E A, C, F, G, T
- x3 = A*F*T 2 mul A, C, G
- y3 = A*G*(D+C) 2 mul F, G
- z3 = F*G mul
-
- 11M + S
-
- We have different sign for E, hence swapping F and G, because our
- ecc->b corresponds to -b above.
- */
-#define C scratch
-#define D (scratch + ecc->p.size)
-#define T (scratch + 2*ecc->p.size)
-#define E (scratch + 3*ecc->p.size)
-#define A (scratch + 4*ecc->p.size)
-#define B (scratch + 5*ecc->p.size)
-#define F D
-#define G E
-
- ecc_modp_mul (ecc, C, x1, x2);
- ecc_modp_mul (ecc, D, y1, y2);
- ecc_modp_add (ecc, A, x1, y1);
- ecc_modp_add (ecc, B, x2, y2);
- ecc_modp_mul (ecc, T, A, B);
- ecc_modp_sub (ecc, T, T, C);
- ecc_modp_sub (ecc, T, T, D);
- ecc_modp_mul (ecc, x3, C, D);
- ecc_modp_mul (ecc, E, x3, ecc->b);
- ecc_modp_add (ecc, C, D, C);
-
- ecc_modp_mul (ecc, A, z1, z2);
- ecc_modp_sqr (ecc, B, A);
-
- ecc_modp_sub (ecc, F, B, E);
- ecc_modp_add (ecc, G, B, E);
-
- /* x3 */
- ecc_modp_mul (ecc, B, G, T);
- ecc_modp_mul (ecc, x3, B, A);
-
- /* y3 */
- ecc_modp_mul (ecc, B, F, C);
- ecc_modp_mul (ecc, y3, B, A);
-
- /* z3 */
- ecc_modp_mul (ecc, B, F, G);
- mpn_copyi (z3, B, ecc->p.size);
-}
-
-void
-ecc_add_ehh_untwisted (const struct ecc_curve *ecc,
- mp_limb_t *r, const mp_limb_t *p, const mp_limb_t *q,
- mp_limb_t *scratch)
-{
-#define x1 p
-#define y1 (p + ecc->p.size)
-#define z1 (p + 2*ecc->p.size)
-
-#define x2 q
-#define y2 (q + ecc->p.size)
-#define z2 (q + 2*ecc->p.size)
-
#define x3 r
#define y3 (r + ecc->p.size)
#define z3 (r + 2*ecc->p.size)
--- /dev/null
+/* ecc-add-th.c
+
+ Copyright (C) 2014, 2017 Niels Möller
+
+ This file is part of GNU Nettle.
+
+ GNU Nettle is free software: you can redistribute it and/or
+ modify it under the terms of either:
+
+ * the GNU Lesser General Public License as published by the Free
+ Software Foundation; either version 3 of the License, or (at your
+ option) any later version.
+
+ or
+
+ * the GNU General Public License as published by the Free
+ Software Foundation; either version 2 of the License, or (at your
+ option) any later version.
+
+ or both in parallel, as here.
+
+ GNU Nettle is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ General Public License for more details.
+
+ You should have received copies of the GNU General Public License and
+ the GNU Lesser General Public License along with this program. If
+ not, see http://www.gnu.org/licenses/.
+*/
+
+#if HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include "ecc.h"
+#include "ecc-internal.h"
+
+/* Add two points on a twisted Edwards curve, with result and first point in
+ homogeneous coordinates. */
+void
+ecc_add_th (const struct ecc_curve *ecc,
+ mp_limb_t *r, const mp_limb_t *p, const mp_limb_t *q,
+ mp_limb_t *scratch)
+{
+#define x1 p
+#define y1 (p + ecc->p.size)
+#define z1 (p + 2*ecc->p.size)
+
+#define x2 q
+#define y2 (q + ecc->p.size)
+
+#define x3 r
+#define y3 (r + ecc->p.size)
+#define z3 (r + 2*ecc->p.size)
+
+ /* Formulas (from djb,
+ http://www.hyperelliptic.org/EFD/g1p/auto-twisted-projective.html#addition-madd-2008-bbjlp
+
+ Computation Operation Live variables
+
+ C = x1*x2 mul C
+ D = y1*y2 mul C, D
+ T = (x1+y1)*(x2+y2) mul C, D, T
+ - C - D
+ E = b*C*D 2 mul C, E, T (Replace C <-- D+C)
+ B = z1^2 sqr B, C, E, T
+ F = B - E B, C, E, F, T
+ G = B + E C, F, G, T
+ x3 = z1 * F * T 2 mul C, F, G, T
+ y3 = z1*G*(D+C) 2 mul F, G
+ z3 = F*G mul
+
+ 10M + 1S
+
+ We have different sign for E, hence swapping F and G, because our
+ ecc->b corresponds to -b above.
+ */
+#define C (scratch)
+#define D (scratch + 1*ecc->p.size)
+#define T (scratch + 2*ecc->p.size)
+#define E (scratch + 3*ecc->p.size)
+#define B (scratch + 4*ecc->p.size)
+#define F D
+#define G E
+
+ ecc_modp_mul (ecc, C, x1, x2);
+ ecc_modp_mul (ecc, D, y1, y2);
+ ecc_modp_add (ecc, x3, x1, y1);
+ ecc_modp_add (ecc, y3, x2, y2);
+ ecc_modp_mul (ecc, T, x3, y3);
+ ecc_modp_sub (ecc, T, T, C);
+ ecc_modp_sub (ecc, T, T, D);
+ ecc_modp_mul (ecc, x3, C, D);
+ ecc_modp_mul (ecc, E, x3, ecc->b);
+
+ ecc_modp_add (ecc, C, D, C);
+ ecc_modp_sqr (ecc, B, z1);
+ ecc_modp_sub (ecc, F, B, E);
+ ecc_modp_add (ecc, G, B, E);
+
+ /* x3 */
+ ecc_modp_mul (ecc, B, G, T);
+ ecc_modp_mul (ecc, x3, B, z1);
+
+ /* y3 */
+ ecc_modp_mul (ecc, B, F, z1);
+ ecc_modp_mul (ecc, y3, B, C); /* Clobbers z1 in case r == p. */
+
+ /* z3 */
+ ecc_modp_mul (ecc, B, F, G);
+ mpn_copyi (z3, B, ecc->p.size);
+}
--- /dev/null
+/* ecc-add-thh.c
+
+ Copyright (C) 2014 Niels Möller
+
+ This file is part of GNU Nettle.
+
+ GNU Nettle is free software: you can redistribute it and/or
+ modify it under the terms of either:
+
+ * the GNU Lesser General Public License as published by the Free
+ Software Foundation; either version 3 of the License, or (at your
+ option) any later version.
+
+ or
+
+ * the GNU General Public License as published by the Free
+ Software Foundation; either version 2 of the License, or (at your
+ option) any later version.
+
+ or both in parallel, as here.
+
+ GNU Nettle is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ General Public License for more details.
+
+ You should have received copies of the GNU General Public License and
+ the GNU Lesser General Public License along with this program. If
+ not, see http://www.gnu.org/licenses/.
+*/
+
+#if HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include "ecc.h"
+#include "ecc-internal.h"
+
+/* Add two points on an Edwards curve, in homogeneous coordinates */
+void
+ecc_add_thh (const struct ecc_curve *ecc,
+ mp_limb_t *r, const mp_limb_t *p, const mp_limb_t *q,
+ mp_limb_t *scratch)
+{
+#define x1 p
+#define y1 (p + ecc->p.size)
+#define z1 (p + 2*ecc->p.size)
+
+#define x2 q
+#define y2 (q + ecc->p.size)
+#define z2 (q + 2*ecc->p.size)
+
+#define x3 r
+#define y3 (r + ecc->p.size)
+#define z3 (r + 2*ecc->p.size)
+
+ /* Formulas (from djb,
+ http://www.hyperelliptic.org/EFD/g1p/auto-twisted-projective.html#addition-add-2008-bbjlp):
+
+ Computation Operation Live variables
+
+ C = x1*x2 mul C
+ D = y1*y2 mul C, D
+ T = (x1+y1)(x2+y2) - C - D, mul C, D, T
+ E = b*C*D 2 mul C, E, T (Replace C <-- D - C)
+ A = z1*z2 mul A, C, E, T
+ B = A^2 sqr A, B, C, E, T
+ F = B - E A, B, C, E, F, T
+ G = B + E A, C, F, G, T
+ x3 = A*F*T 2 mul A, C, G
+ y3 = A*G*(D+C) 2 mul F, G
+ z3 = F*G mul
+
+ 11M + S
+
+ We have different sign for E, hence swapping F and G, because our
+ ecc->b corresponds to -b above.
+ */
+#define C scratch
+#define D (scratch + ecc->p.size)
+#define T (scratch + 2*ecc->p.size)
+#define E (scratch + 3*ecc->p.size)
+#define A (scratch + 4*ecc->p.size)
+#define B (scratch + 5*ecc->p.size)
+#define F D
+#define G E
+
+ ecc_modp_mul (ecc, C, x1, x2);
+ ecc_modp_mul (ecc, D, y1, y2);
+ ecc_modp_add (ecc, A, x1, y1);
+ ecc_modp_add (ecc, B, x2, y2);
+ ecc_modp_mul (ecc, T, A, B);
+ ecc_modp_sub (ecc, T, T, C);
+ ecc_modp_sub (ecc, T, T, D);
+ ecc_modp_mul (ecc, x3, C, D);
+ ecc_modp_mul (ecc, E, x3, ecc->b);
+ ecc_modp_add (ecc, C, D, C);
+
+ ecc_modp_mul (ecc, A, z1, z2);
+ ecc_modp_sqr (ecc, B, A);
+
+ ecc_modp_sub (ecc, F, B, E);
+ ecc_modp_add (ecc, G, B, E);
+
+ /* x3 */
+ ecc_modp_mul (ecc, B, G, T);
+ ecc_modp_mul (ecc, x3, B, A);
+
+ /* y3 */
+ ecc_modp_mul (ecc, B, F, C);
+ ecc_modp_mul (ecc, y3, B, A);
+
+ /* z3 */
+ ecc_modp_mul (ecc, B, F, G);
+ mpn_copyi (z3, B, ecc->p.size);
+}
#include "ecc.h"
#include "ecc-internal.h"
-/* Double a point on a twisted Edwards curve, in homogeneous coordinates */
+/* Double a point on an Edwards curve, in homogeneous coordinates */
void
ecc_dup_eh (const struct ecc_curve *ecc,
mp_limb_t *r, const mp_limb_t *p,
mp_limb_t *scratch)
-{
- /* Formulas (from djb,
- http://www.hyperelliptic.org/EFD/g1p/auto-twisted-projective.html#doubling-dbl-2008-bbjlp):
-
- B = (X1+Y1)^2
- C = X1^2
- D = Y1^2
- (E = a*C = -C)
- F = E+D
- H = Z1^2
- J = F-2*H
- X3 = (B-C-D)*J
- Y3 = F*(E-D)
- Z3 = F*J (-C+D)*(-C+D - 2Z1^2)
-
- In the formula for Y3, we have E - D = -(C+D). To avoid explicit
- negation, negate all of X3, Y3, Z3, and use
-
- Computation Operation Live variables
-
- B = (X1+Y1)^2 sqr B
- C = X1^2 sqr B, C
- D = Y1^2 sqr B, C, D
- F = -C+D B, C, D, F
- H = Z1^2 sqr B, C, D, F, H
- J = 2*H - F B, C, D, F, J
- X3 = (B-C-D)*J mul C, F, J (Replace C <-- C+D)
- Y3 = F*(C+D) mul F, J
- Z3 = F*J mul
-
- 3M+4S
- */
- /* FIXME: Could reduce scratch need by reusing D storage. */
-#define B scratch
-#define C (scratch + ecc->p.size)
-#define D (scratch + 2*ecc->p.size)
-#define F (scratch + 3*ecc->p.size)
-#define J (scratch + 4*ecc->p.size)
-
- /* B */
- ecc_modp_add (ecc, F, p, p + ecc->p.size);
- ecc_modp_sqr (ecc, B, F);
-
- /* C */
- ecc_modp_sqr (ecc, C, p);
- /* D */
- ecc_modp_sqr (ecc, D, p + ecc->p.size);
- /* Can use r as scratch, even for in-place operation. */
- ecc_modp_sqr (ecc, r, p + 2*ecc->p.size);
- /* F, */
- ecc_modp_sub (ecc, F, D, C);
- /* B - C - D */
- ecc_modp_add (ecc, C, C, D);
- ecc_modp_sub (ecc, B, B, C);
- /* J */
- ecc_modp_add (ecc, r, r, r);
- ecc_modp_sub (ecc, J, r, F);
-
- /* x' */
- ecc_modp_mul (ecc, r, B, J);
- /* y' */
- ecc_modp_mul (ecc, r + ecc->p.size, F, C);
- /* z' */
- ecc_modp_mul (ecc, B, F, J);
- mpn_copyi (r + 2*ecc->p.size, B, ecc->p.size);
-}
-
-void
-ecc_dup_eh_untwisted (const struct ecc_curve *ecc,
- mp_limb_t *r, const mp_limb_t *p,
- mp_limb_t *scratch)
{
/* Formulas (from djb,
http://www.hyperelliptic.org/EFD/g1p/auto-edwards-projective.html#doubling-dbl-2007-bl):
--- /dev/null
+/* ecc-dup-th.c
+
+ Copyright (C) 2014, 2019 Niels Möller
+
+ This file is part of GNU Nettle.
+
+ GNU Nettle is free software: you can redistribute it and/or
+ modify it under the terms of either:
+
+ * the GNU Lesser General Public License as published by the Free
+ Software Foundation; either version 3 of the License, or (at your
+ option) any later version.
+
+ or
+
+ * the GNU General Public License as published by the Free
+ Software Foundation; either version 2 of the License, or (at your
+ option) any later version.
+
+ or both in parallel, as here.
+
+ GNU Nettle is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ General Public License for more details.
+
+ You should have received copies of the GNU General Public License and
+ the GNU Lesser General Public License along with this program. If
+ not, see http://www.gnu.org/licenses/.
+*/
+
+#if HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include "ecc.h"
+#include "ecc-internal.h"
+
+/* Double a point on a twisted Edwards curve, in homogeneous coordinates */
+void
+ecc_dup_th (const struct ecc_curve *ecc,
+ mp_limb_t *r, const mp_limb_t *p,
+ mp_limb_t *scratch)
+{
+ /* Formulas (from djb,
+ http://www.hyperelliptic.org/EFD/g1p/auto-twisted-projective.html#doubling-dbl-2008-bbjlp):
+
+ B = (X1+Y1)^2
+ C = X1^2
+ D = Y1^2
+ (E = a*C = -C)
+ F = E+D
+ H = Z1^2
+ J = F-2*H
+ X3 = (B-C-D)*J
+ Y3 = F*(E-D)
+ Z3 = F*J (-C+D)*(-C+D - 2Z1^2)
+
+ In the formula for Y3, we have E - D = -(C+D). To avoid explicit
+ negation, negate all of X3, Y3, Z3, and use
+
+ Computation Operation Live variables
+
+ B = (X1+Y1)^2 sqr B
+ C = X1^2 sqr B, C
+ D = Y1^2 sqr B, C, D
+ F = -C+D B, C, D, F
+ H = Z1^2 sqr B, C, D, F, H
+ J = 2*H - F B, C, D, F, J
+ X3 = (B-C-D)*J mul C, F, J (Replace C <-- C+D)
+ Y3 = F*(C+D) mul F, J
+ Z3 = F*J mul
+
+ 3M+4S
+ */
+ /* FIXME: Could reduce scratch need by reusing D storage. */
+#define B scratch
+#define C (scratch + ecc->p.size)
+#define D (scratch + 2*ecc->p.size)
+#define F (scratch + 3*ecc->p.size)
+#define J (scratch + 4*ecc->p.size)
+
+ /* B */
+ ecc_modp_add (ecc, F, p, p + ecc->p.size);
+ ecc_modp_sqr (ecc, B, F);
+
+ /* C */
+ ecc_modp_sqr (ecc, C, p);
+ /* D */
+ ecc_modp_sqr (ecc, D, p + ecc->p.size);
+ /* Can use r as scratch, even for in-place operation. */
+ ecc_modp_sqr (ecc, r, p + 2*ecc->p.size);
+ /* F, */
+ ecc_modp_sub (ecc, F, D, C);
+ /* B - C - D */
+ ecc_modp_add (ecc, C, C, D);
+ ecc_modp_sub (ecc, B, B, C);
+ /* J */
+ ecc_modp_add (ecc, r, r, r);
+ ecc_modp_sub (ecc, J, r, F);
+
+ /* x' */
+ ecc_modp_mul (ecc, r, B, J);
+ /* y' */
+ ecc_modp_mul (ecc, r + ecc->p.size, F, C);
+ /* z' */
+ ecc_modp_mul (ecc, B, F, J);
+ mpn_copyi (r + 2*ecc->p.size, B, ecc->p.size);
+}
#define ecc_dup_eh _nettle_ecc_dup_eh
#define ecc_add_eh _nettle_ecc_add_eh
#define ecc_add_ehh _nettle_ecc_add_ehh
-#define ecc_dup_eh_untwisted _nettle_ecc_dup_eh_untwisted
-#define ecc_add_eh_untwisted _nettle_ecc_add_eh_untwisted
-#define ecc_add_ehh_untwisted _nettle_ecc_add_ehh_untwisted
+#define ecc_dup_th _nettle_ecc_dup_th
+#define ecc_add_th _nettle_ecc_add_th
+#define ecc_add_thh _nettle_ecc_add_thh
#define ecc_mul_g _nettle_ecc_mul_g
#define ecc_mul_a _nettle_ecc_mul_a
#define ecc_mul_g_eh _nettle_ecc_mul_g_eh
mp_limb_t *scratch);
void
-ecc_dup_eh_untwisted (const struct ecc_curve *ecc,
- mp_limb_t *r, const mp_limb_t *p,
- mp_limb_t *scratch);
+ecc_dup_th (const struct ecc_curve *ecc,
+ mp_limb_t *r, const mp_limb_t *p,
+ mp_limb_t *scratch);
void
-ecc_add_eh_untwisted (const struct ecc_curve *ecc,
- mp_limb_t *r, const mp_limb_t *p, const mp_limb_t *q,
- mp_limb_t *scratch);
+ecc_add_th (const struct ecc_curve *ecc,
+ mp_limb_t *r, const mp_limb_t *p, const mp_limb_t *q,
+ mp_limb_t *scratch);
void
-ecc_add_ehh_untwisted (const struct ecc_curve *ecc,
- mp_limb_t *r, const mp_limb_t *p, const mp_limb_t *q,
- mp_limb_t *scratch);
+ecc_add_thh (const struct ecc_curve *ecc,
+ mp_limb_t *r, const mp_limb_t *p, const mp_limb_t *q,
+ mp_limb_t *scratch);
/* Computes N * the group generator. N is an array of ecc_size()
limbs. It must be in the range 0 < N < group order, then R != 0,
#define ECC_EH_TO_A_ITCH(size, inv) (2*(size)+(inv))
#define ECC_DUP_JJ_ITCH(size) (5*(size))
#define ECC_DUP_EH_ITCH(size) (5*(size))
+#define ECC_DUP_TH_ITCH(size) (5*(size))
#define ECC_ADD_JJA_ITCH(size) (6*(size))
#define ECC_ADD_JJJ_ITCH(size) (8*(size))
#define ECC_ADD_EH_ITCH(size) (6*(size))
#define ECC_ADD_EHH_ITCH(size) (7*(size))
+#define ECC_ADD_TH_ITCH(size) (6*(size))
+#define ECC_ADD_THH_ITCH(size) (7*(size))
#define ECC_MUL_G_ITCH(size) (9*(size))
#define ECC_MUL_G_EH_ITCH(size) (9*(size))
#if ECC_MUL_A_WBITS == 0
{
mp_limb_t *z = xalloc_limbs (ecc_size_j (ecc));
- ASSERT ((ecc->p.bit_size == 255 && ecc->add_hh == ecc_add_eh)
- || (ecc->p.bit_size == 448 && ecc->add_hh == ecc_add_eh_untwisted));
- ASSERT ((ecc->p.bit_size == 255 && ecc->add_hhh == ecc_add_ehh)
- || (ecc->p.bit_size == 448 && ecc->add_hhh == ecc_add_ehh_untwisted));
+ ASSERT ((ecc->p.bit_size == 255 && ecc->add_hh == ecc_add_th)
+ || (ecc->p.bit_size == 448 && ecc->add_hh == ecc_add_eh));
+ ASSERT ((ecc->p.bit_size == 255 && ecc->add_hhh == ecc_add_thh)
+ || (ecc->p.bit_size == 448 && ecc->add_hhh == ecc_add_ehh));
ASSERT (ecc->add_hh_itch <= ecc->add_hhh_itch);
/* Zero point has x = 0, y = 1, z = 1 */
{
mp_limb_t *z = xalloc_limbs (ecc_size_j (ecc));
- ASSERT ((ecc->p.bit_size == 255 && ecc->dup == ecc_dup_eh)
- || (ecc->p.bit_size == 448 && ecc->dup == ecc_dup_eh_untwisted));
+ ASSERT ((ecc->p.bit_size == 255 && ecc->dup == ecc_dup_th)
+ || (ecc->p.bit_size == 448 && ecc->dup == ecc_dup_eh));
/* Zero point has x = 0, y = 1, z = 1 */
mpn_zero (z, 3*ecc->p.size);
projects / thirdparty / nettle.git / commitdiff
