+2015-01-27 Niels Möller <nisse@lysator.liu.se>
+
+ * ecc.h: Deleted declarations of unused itch functions. Moved
+ declarations of internal functions to...
+ * ecc-internal.h: ...new location. Also added a leading under
+ score on the symbols.
+ (ecc_a_to_j, ecc_j_to_a, ecc_eh_to_a, ecc_dup_jj, ecc_add_jja)
+ (ecc_add_jjj, ecc_dup_eh, ecc_add_eh, ecc_add_ehh, ecc_mul_g)
+ (ecc_mul_a, ecc_mul_g_eh, ecc_mul_a_eh): Affected functions.
+
+2015-01-26 Niels Möller <nisse@lysator.liu.se>
+
+ * ecc-add-eh.c (ecc_add_eh_itch): Deleted.
+ * ecc-add-ehh.c (ecc_add_ehh_itch): Deleted.
+ * ecc-add-jja.c (ecc_add_jja_itch): Deleted.
+ * ecc-add-jjj.c (ecc_add_jjj_itch): Deleted.
+ * ecc-dup-eh.c (ecc_dup_eh_itch): Deleted.
+ * ecc-dup-jj.c (ecc_dup_jj_itch): Deleted.
+ * ecc-eh-to-a.c (ecc_eh_to_a_itch): Deleted.
+ * ecc-j-to-a.c (ecc_j_to_a_itch): Deleted.
+ * ecc-mul-a-eh.c (ecc_mul_a_eh_itch): Deleted.
+ * ecc-mul-a.c (ecc_mul_a_itch): Deleted.
+ * ecc-mul-g-eh.c (ecc_mul_g_eh_itch): Deleted.
+ * ecc-mul-g.c (ecc_mul_g_itch): Deleted.
+
2015-01-25 Niels Möller <nisse@lysator.liu.se>
* arm/fat/sha1-compress-2.asm: New file.
#include "ecc.h"
#include "ecc-internal.h"
-mp_size_t
-ecc_add_eh_itch (const struct ecc_curve *ecc)
-{
- return ECC_ADD_EH_ITCH (ecc->p.size);
-}
-
/* Add two points on an Edwards curve, with result and first point in
homogeneous coordinates. */
void
#include "ecc.h"
#include "ecc-internal.h"
-mp_size_t
-ecc_add_ehh_itch (const struct ecc_curve *ecc)
-{
- return ECC_ADD_EHH_ITCH (ecc->p.size);
-}
-
/* Add two points on an Edwards curve, in homogeneous coordinates */
void
ecc_add_ehh (const struct ecc_curve *ecc,
+ p = q ==> r = 0, invalid
*/
-mp_size_t
-ecc_add_jja_itch (const struct ecc_curve *ecc)
-{
- return ECC_ADD_JJA_ITCH (ecc->p.size);
-}
-
void
ecc_add_jja (const struct ecc_curve *ecc,
mp_limb_t *r, const mp_limb_t *p, const mp_limb_t *q,
#include "ecc.h"
#include "ecc-internal.h"
-mp_size_t
-ecc_add_jjj_itch (const struct ecc_curve *ecc)
-{
- /* Needs 8 * ecc->p.size */
- return ECC_ADD_JJJ_ITCH (ecc->p.size);
-}
-
void
ecc_add_jjj (const struct ecc_curve *ecc,
mp_limb_t *r, const mp_limb_t *p, const mp_limb_t *q,
#include "ecc.h"
#include "ecc-internal.h"
-mp_size_t
-ecc_dup_eh_itch (const struct ecc_curve *ecc)
-{
- return ECC_DUP_EH_ITCH (ecc->p.size);
-}
-
/* Double a point on an Edwards curve, in homogeneous coordinates */
void
ecc_dup_eh (const struct ecc_curve *ecc,
+ p = 0 ==> r = 0, correct!
*/
-mp_size_t
-ecc_dup_jj_itch (const struct ecc_curve *ecc)
-{
- return ECC_DUP_JJ_ITCH (ecc->p.size);
-}
-
void
ecc_dup_jj (const struct ecc_curve *ecc,
mp_limb_t *r, const mp_limb_t *p,
#include "ecc.h"
#include "ecc-internal.h"
-mp_size_t
-ecc_eh_to_a_itch (const struct ecc_curve *ecc)
-{
- /* Needs 2*ecc->p.size + scratch for ecc_modq_inv */
- return ECC_EH_TO_A_ITCH (ecc->p.size, ecc->p.invert_itch);
-}
-
-
/* Convert from homogeneous coordinates on the Edwards curve to affine
coordinates. */
void
#define ecc_mod _nettle_ecc_mod
#define ecc_mod_inv _nettle_ecc_mod_inv
#define ecc_hash _nettle_ecc_hash
+#define ecc_a_to_j _nettle_ecc_a_to_j
+#define ecc_j_to_a _nettle_ecc_j_to_a
+#define ecc_eh_to_a _nettle_ecc_eh_to_a
+#define ecc_dup_jj _nettle_ecc_dup_jj
+#define ecc_add_jja _nettle_ecc_add_jja
+#define ecc_add_jjj _nettle_ecc_add_jjj
+#define ecc_dup_eh _nettle_ecc_dup_eh
+#define ecc_add_eh _nettle_ecc_add_eh
+#define ecc_add_ehh _nettle_ecc_add_ehh
+#define ecc_mul_g _nettle_ecc_mul_g
+#define ecc_mul_a _nettle_ecc_mul_a
+#define ecc_mul_g_eh _nettle_ecc_mul_g_eh
+#define ecc_mul_a_eh _nettle_ecc_mul_a_eh
#define cnd_copy _nettle_cnd_copy
#define sec_add_1 _nettle_sec_add_1
#define sec_sub_1 _nettle_sec_sub_1
mp_limb_t *hp,
size_t length, const uint8_t *digest);
+/* Converts a point P in affine coordinates into a point R in jacobian
+ coordinates. */
+void
+ecc_a_to_j (const struct ecc_curve *ecc,
+ mp_limb_t *r, const mp_limb_t *p);
+
+/* Converts a point P in jacobian coordinates into a point R in affine
+ coordinates. If op == 1, produce x coordinate only. If op == 2,
+ produce the x coordiante only, and in also it modulo q. FIXME: For
+ the public interface, have separate for the three cases, and use
+ this flag argument only for the internal ecc->h_to_a function. */
+void
+ecc_j_to_a (const struct ecc_curve *ecc,
+ int op,
+ mp_limb_t *r, const mp_limb_t *p,
+ mp_limb_t *scratch);
+
+/* Converts a point P on an Edwards curve to affine coordinates on
+ the corresponding Montgomery curve. */
+void
+ecc_eh_to_a (const struct ecc_curve *ecc,
+ int op,
+ mp_limb_t *r, const mp_limb_t *p,
+ mp_limb_t *scratch);
+
+/* Group operations */
+
+/* Point doubling, with jacobian input and output. Corner cases:
+ Correctly sets R = 0 (r_Z = 0) if p = 0 or 2p = 0. */
+void
+ecc_dup_jj (const struct ecc_curve *ecc,
+ mp_limb_t *r, const mp_limb_t *p,
+ mp_limb_t *scratch);
+
+/* Point addition, with jacobian output, one jacobian input and one
+ affine input. Corner cases: Fails for the cases
+
+ P = Q != 0 Duplication of non-zero point
+ P = 0, Q != 0 or P != 0, Q = 0 One input zero
+
+ Correctly gives R = 0 if P = Q = 0 or P = -Q. */
+void
+ecc_add_jja (const struct ecc_curve *ecc,
+ mp_limb_t *r, const mp_limb_t *p, const mp_limb_t *q,
+ mp_limb_t *scratch);
+
+/* Point addition with Jacobian input and output. */
+void
+ecc_add_jjj (const struct ecc_curve *ecc,
+ mp_limb_t *r, const mp_limb_t *p, const mp_limb_t *q,
+ mp_limb_t *scratch);
+
+/* Point doubling on an Edwards curve, with homogeneous
+ cooordinates. */
+void
+ecc_dup_eh (const struct ecc_curve *ecc,
+ mp_limb_t *r, const mp_limb_t *p,
+ mp_limb_t *scratch);
+
+void
+ecc_add_eh (const struct ecc_curve *ecc,
+ mp_limb_t *r, const mp_limb_t *p, const mp_limb_t *q,
+ mp_limb_t *scratch);
+
+void
+ecc_add_ehh (const struct ecc_curve *ecc,
+ mp_limb_t *r, const mp_limb_t *p, const mp_limb_t *q,
+ mp_limb_t *scratch);
+
+/* Computes N * the group generator. N is an array of ecc_size()
+ limbs. It must be in the range 0 < N < group order, then R != 0,
+ and the algorithm can work without any intermediate values getting
+ to zero. */
+void
+ecc_mul_g (const struct ecc_curve *ecc, mp_limb_t *r,
+ const mp_limb_t *np, mp_limb_t *scratch);
+
+/* Computes N * P. The scalar N is the same as for ecc_mul_g. P is a
+ non-zero point on the curve, in affine coordinates. Output R is a
+ non-zero point, in Jacobian coordinates. */
+void
+ecc_mul_a (const struct ecc_curve *ecc,
+ mp_limb_t *r,
+ const mp_limb_t *np, const mp_limb_t *p,
+ mp_limb_t *scratch);
+
+void
+ecc_mul_g_eh (const struct ecc_curve *ecc, mp_limb_t *r,
+ const mp_limb_t *np, mp_limb_t *scratch);
+
+void
+ecc_mul_a_eh (const struct ecc_curve *ecc,
+ mp_limb_t *r,
+ const mp_limb_t *np, const mp_limb_t *p,
+ mp_limb_t *scratch);
+
void
cnd_copy (int cnd, mp_limb_t *rp, const mp_limb_t *ap, mp_size_t n);
#include "ecc.h"
#include "ecc-internal.h"
-mp_size_t
-ecc_j_to_a_itch (const struct ecc_curve *ecc)
-{
- /* Needs 2*ecc->size + scratch for ecc_modq_inv */
- return ECC_J_TO_A_ITCH (ecc->p.size);
-}
-
void
ecc_j_to_a (const struct ecc_curve *ecc,
int op,
#include "ecc.h"
#include "ecc-internal.h"
-mp_size_t
-ecc_mul_a_eh_itch (const struct ecc_curve *ecc)
-{
- /* Binary algorithm needs 6*ecc->p.size + scratch for ecc_add_ehh,
- total 13 ecc->p.size
+/* Binary algorithm needs 6*ecc->p.size + scratch for ecc_add_ehh,
+ total 13 ecc->p.size
- Window algorithm needs (3<<w) * ecc->p.size for the table,
- 3*ecc->p.size for a temporary point, and scratch for
- ecc_add_ehh. */
- return ECC_MUL_A_EH_ITCH (ecc->p.size);
-}
+ Window algorithm needs (3<<w) * ecc->p.size for the table,
+ 3*ecc->p.size for a temporary point, and scratch for
+ ecc_add_ehh. */
#if ECC_MUL_A_EH_WBITS == 0
void
#include "ecc.h"
#include "ecc-internal.h"
-mp_size_t
-ecc_mul_a_itch (const struct ecc_curve *ecc)
-{
- /* Binary algorithm needs 6*ecc->p.size + scratch for ecc_add_jja.
- Current total is 12 ecc->p.size, at most 864 bytes.
+/* Binary algorithm needs 6*ecc->p.size + scratch for ecc_add_jja.
+ Current total is 12 ecc->p.size, at most 864 bytes.
- Window algorithm needs (3<<w) * ecc->p.size for the table,
- 3*ecc->p.size for a temporary point, and scratch for
- ecc_add_jjj. */
- return ECC_MUL_A_ITCH (ecc->p.size);
-}
+ Window algorithm needs (3<<w) * ecc->p.size for the table,
+ 3*ecc->p.size for a temporary point, and scratch for
+ ecc_add_jjj. */
#if ECC_MUL_A_WBITS == 0
void
#include "ecc.h"
#include "ecc-internal.h"
-mp_size_t
-ecc_mul_g_eh_itch (const struct ecc_curve *ecc)
-{
- /* Needs 3*ecc->p.size + scratch for ecc_add_jja. */
- return ECC_MUL_G_EH_ITCH (ecc->p.size);
-}
-
void
ecc_mul_g_eh (const struct ecc_curve *ecc, mp_limb_t *r,
const mp_limb_t *np, mp_limb_t *scratch)
#include "ecc.h"
#include "ecc-internal.h"
-mp_size_t
-ecc_mul_g_itch (const struct ecc_curve *ecc)
-{
- /* Needs 3*ecc->p.size + scratch for ecc_add_jja. */
- return ECC_MUL_G_ITCH (ecc->p.size);
-}
-
void
ecc_mul_g (const struct ecc_curve *ecc, mp_limb_t *r,
const mp_limb_t *np, mp_limb_t *scratch)
#define ecc_size nettle_ecc_size
#define ecc_size_a nettle_ecc_size_a
#define ecc_size_j nettle_ecc_size_j
-#define ecc_a_to_j nettle_ecc_a_to_j
-#define ecc_j_to_a_itch nettle_ecc_j_to_a_itch
-#define ecc_j_to_a nettle_ecc_j_to_a
-#define ecc_eh_to_a_itch nettle_ecc_eh_to_a_itch
-#define ecc_eh_to_a nettle_ecc_eh_to_a
-#define ecc_dup_jj_itch nettle_ecc_dup_jj_itch
-#define ecc_dup_jj nettle_ecc_dup_jj
-#define ecc_add_jja_itch nettle_ecc_add_jja_itch
-#define ecc_add_jja nettle_ecc_add_jja
-#define ecc_add_jjj_itch nettle_ecc_add_jjj_itch
-#define ecc_add_jjj nettle_ecc_add_jjj
-#define ecc_dup_eh_itch nettle_ecc_dup_eh_itch
-#define ecc_dup_eh nettle_ecc_dup_eh
-#define ecc_add_eh_itch nettle_ecc_add_eh_itch
-#define ecc_add_eh nettle_ecc_add_eh
-#define ecc_add_ehh_itch nettle_ecc_add_ehh_itch
-#define ecc_add_ehh nettle_ecc_add_ehh
-#define ecc_mul_g_itch nettle_ecc_mul_g_itch
-#define ecc_mul_g nettle_ecc_mul_g
-#define ecc_mul_a_itch nettle_ecc_mul_a_itch
-#define ecc_mul_a nettle_ecc_mul_a
-#define ecc_mul_g_eh_itch nettle_ecc_mul_g_eh_itch
-#define ecc_mul_g_eh nettle_ecc_mul_g_eh
-#define ecc_mul_a_eh_itch nettle_ecc_mul_a_eh_itch
-#define ecc_mul_a_eh nettle_ecc_mul_a_eh
struct ecc_curve;
mp_size_t
ecc_size_j (const struct ecc_curve *ecc);
-/* FIXME: Rename the low-level (and side-channel silent) functions to
- _ecc_*, and provide public ecc_* functions which handle the
- infinity points properly? */
-
-/* Converts a point P in affine coordinates into a point R in jacobian
- coordinates. */
-void
-ecc_a_to_j (const struct ecc_curve *ecc,
- mp_limb_t *r, const mp_limb_t *p);
-
-/* Converts a point P in jacobian coordinates into a point R in affine
- coordinates. If op == 1, produce x coordinate only. If op == 2,
- produce the x coordiante only, and in also it modulo q. FIXME: For
- the public interface, have separate for the three cases, and use
- this flag argument only for the internal ecc->h_to_a function. */
-mp_size_t
-ecc_j_to_a_itch (const struct ecc_curve *ecc);
-void
-ecc_j_to_a (const struct ecc_curve *ecc,
- int op,
- mp_limb_t *r, const mp_limb_t *p,
- mp_limb_t *scratch);
-
-/* Converts a point P on an Edwards curve to affine coordinates on
- the corresponding Montgomery curve. */
-
-mp_size_t
-ecc_eh_to_a_itch (const struct ecc_curve *ecc);
-void
-ecc_eh_to_a (const struct ecc_curve *ecc,
- int op,
- mp_limb_t *r, const mp_limb_t *p,
- mp_limb_t *scratch);
-
-/* Group operations */
-
-/* Point doubling, with jacobian input and output. Corner cases:
- Correctly sets R = 0 (r_Z = 0) if p = 0 or 2p = 0. */
-mp_size_t
-ecc_dup_jj_itch (const struct ecc_curve *ecc);
-void
-ecc_dup_jj (const struct ecc_curve *ecc,
- mp_limb_t *r, const mp_limb_t *p,
- mp_limb_t *scratch);
-
-
-/* Point addition, with jacobian output, one jacobian input and one
- affine input. Corner cases: Fails for the cases
-
- P = Q != 0 Duplication of non-zero point
- P = 0, Q != 0 or P != 0, Q = 0 One input zero
-
- Correctly gives R = 0 if P = Q = 0 or P = -Q. */
-mp_size_t
-ecc_add_jja_itch (const struct ecc_curve *ecc);
-void
-ecc_add_jja (const struct ecc_curve *ecc,
- mp_limb_t *r, const mp_limb_t *p, const mp_limb_t *q,
- mp_limb_t *scratch);
-
-/* Point addition with Jacobian input and output. */
-mp_size_t
-ecc_add_jjj_itch (const struct ecc_curve *ecc);
-void
-ecc_add_jjj (const struct ecc_curve *ecc,
- mp_limb_t *r, const mp_limb_t *p, const mp_limb_t *q,
- mp_limb_t *scratch);
-
-/* FIXME: Use a generic ecc_dup, ecc_add, for any type of curve. */
-/* Point doubling on an Edwards curve, with homogeneous
- cooordinates. */
-mp_size_t
-ecc_dup_eh_itch (const struct ecc_curve *ecc);
-void
-ecc_dup_eh (const struct ecc_curve *ecc,
- mp_limb_t *r, const mp_limb_t *p,
- mp_limb_t *scratch);
-
-mp_size_t
-ecc_add_eh_itch (const struct ecc_curve *ecc);
-void
-ecc_add_eh (const struct ecc_curve *ecc,
- mp_limb_t *r, const mp_limb_t *p, const mp_limb_t *q,
- mp_limb_t *scratch);
-
-mp_size_t
-ecc_add_ehh_itch (const struct ecc_curve *ecc);
-void
-ecc_add_ehh (const struct ecc_curve *ecc,
- mp_limb_t *r, const mp_limb_t *p, const mp_limb_t *q,
- mp_limb_t *scratch);
-
-/* Computes N * the group generator. N is an array of ecc_size()
- limbs. It must be in the range 0 < N < group order, then R != 0,
- and the algorithm can work without any intermediate values getting
- to zero. */
-mp_size_t
-ecc_mul_g_itch (const struct ecc_curve *ecc);
-void
-ecc_mul_g (const struct ecc_curve *ecc, mp_limb_t *r,
- const mp_limb_t *np, mp_limb_t *scratch);
-
-/* Computes N * P. The scalar N is the same as for ecc_mul_g. P is a
- non-zero point on the curve, in affine coordinates. Output R is a
- non-zero point, in Jacobian coordinates. */
-mp_size_t
-ecc_mul_a_itch (const struct ecc_curve *ecc);
-void
-ecc_mul_a (const struct ecc_curve *ecc,
- mp_limb_t *r,
- const mp_limb_t *np, const mp_limb_t *p,
- mp_limb_t *scratch);
-
-mp_size_t
-ecc_mul_g_eh_itch (const struct ecc_curve *ecc);
-void
-ecc_mul_g_eh (const struct ecc_curve *ecc, mp_limb_t *r,
- const mp_limb_t *np, mp_limb_t *scratch);
-
-mp_size_t
-ecc_mul_a_eh_itch (const struct ecc_curve *ecc);
-void
-ecc_mul_a_eh (const struct ecc_curve *ecc,
- mp_limb_t *r,
- const mp_limb_t *np, const mp_limb_t *p,
- mp_limb_t *scratch);
-
+/* FIXME: Define a generic ecc_dup, ecc_add, for any type of curve. Do
+ they need to handle infinity points? */
#ifdef __cplusplus
}
projects / thirdparty / nettle.git / commitdiff
