diff options
| author | Niels Möller <nisse@lysator.liu.se> | 2015-01-27 13:17:30 +0100 |
|---|---|---|
| committer | Niels Möller <nisse@lysator.liu.se> | 2015-01-27 13:17:30 +0100 |
| commit | f8870f786aa9fb5f69921e7243d660932ffec061 (patch) | |
| tree | c637a6cd774566996a4ca5f138b5c8dc680185e1 | |
| parent | cedb87cd47af78fceed5b1d2c91d2a8950cea4a1 (diff) | |
| download | nettle-f8870f786aa9fb5f69921e7243d660932ffec061.tar.gz | |
Moved internal declarations from ecc.h to ecc-internal.h.
| -rw-r--r-- | ChangeLog | 25 | ||||
| -rw-r--r-- | ecc-add-eh.c | 6 | ||||
| -rw-r--r-- | ecc-add-ehh.c | 6 | ||||
| -rw-r--r-- | ecc-add-jja.c | 6 | ||||
| -rw-r--r-- | ecc-add-jjj.c | 7 | ||||
| -rw-r--r-- | ecc-dup-eh.c | 6 | ||||
| -rw-r--r-- | ecc-dup-jj.c | 6 | ||||
| -rw-r--r-- | ecc-eh-to-a.c | 8 | ||||
| -rw-r--r-- | ecc-internal.h | 109 | ||||
| -rw-r--r-- | ecc-j-to-a.c | 7 | ||||
| -rw-r--r-- | ecc-mul-a-eh.c | 15 | ||||
| -rw-r--r-- | ecc-mul-a.c | 15 | ||||
| -rw-r--r-- | ecc-mul-g-eh.c | 7 | ||||
| -rw-r--r-- | ecc-mul-g.c | 7 | ||||
| -rw-r--r-- | ecc.h | 154 |
15 files changed, 146 insertions, 238 deletions
@@ -1,3 +1,28 @@ +2015-01-27 Niels Möller <nisse@lysator.liu.se> + + * ecc.h: Deleted declarations of unused itch functions. Moved + declarations of internal functions to... + * ecc-internal.h: ...new location. Also added a leading under + score on the symbols. + (ecc_a_to_j, ecc_j_to_a, ecc_eh_to_a, ecc_dup_jj, ecc_add_jja) + (ecc_add_jjj, ecc_dup_eh, ecc_add_eh, ecc_add_ehh, ecc_mul_g) + (ecc_mul_a, ecc_mul_g_eh, ecc_mul_a_eh): Affected functions. + +2015-01-26 Niels Möller <nisse@lysator.liu.se> + + * ecc-add-eh.c (ecc_add_eh_itch): Deleted. + * ecc-add-ehh.c (ecc_add_ehh_itch): Deleted. + * ecc-add-jja.c (ecc_add_jja_itch): Deleted. + * ecc-add-jjj.c (ecc_add_jjj_itch): Deleted. + * ecc-dup-eh.c (ecc_dup_eh_itch): Deleted. + * ecc-dup-jj.c (ecc_dup_jj_itch): Deleted. + * ecc-eh-to-a.c (ecc_eh_to_a_itch): Deleted. + * ecc-j-to-a.c (ecc_j_to_a_itch): Deleted. + * ecc-mul-a-eh.c (ecc_mul_a_eh_itch): Deleted. + * ecc-mul-a.c (ecc_mul_a_itch): Deleted. + * ecc-mul-g-eh.c (ecc_mul_g_eh_itch): Deleted. + * ecc-mul-g.c (ecc_mul_g_itch): Deleted. + 2015-01-25 Niels Möller <nisse@lysator.liu.se> * arm/fat/sha1-compress-2.asm: New file. diff --git a/ecc-add-eh.c b/ecc-add-eh.c index 34b39f03..a16be4cb 100644 --- a/ecc-add-eh.c +++ b/ecc-add-eh.c @@ -36,12 +36,6 @@ #include "ecc.h" #include "ecc-internal.h" -mp_size_t -ecc_add_eh_itch (const struct ecc_curve *ecc) -{ - return ECC_ADD_EH_ITCH (ecc->p.size); -} - /* Add two points on an Edwards curve, with result and first point in homogeneous coordinates. */ void diff --git a/ecc-add-ehh.c b/ecc-add-ehh.c index 46a91492..e8155bef 100644 --- a/ecc-add-ehh.c +++ b/ecc-add-ehh.c @@ -36,12 +36,6 @@ #include "ecc.h" #include "ecc-internal.h" -mp_size_t -ecc_add_ehh_itch (const struct ecc_curve *ecc) -{ - return ECC_ADD_EHH_ITCH (ecc->p.size); -} - /* Add two points on an Edwards curve, in homogeneous coordinates */ void ecc_add_ehh (const struct ecc_curve *ecc, diff --git a/ecc-add-jja.c b/ecc-add-jja.c index 40f5a0cf..9b5cab9d 100644 --- a/ecc-add-jja.c +++ b/ecc-add-jja.c @@ -49,12 +49,6 @@ + p = q ==> r = 0, invalid */ -mp_size_t -ecc_add_jja_itch (const struct ecc_curve *ecc) -{ - return ECC_ADD_JJA_ITCH (ecc->p.size); -} - void ecc_add_jja (const struct ecc_curve *ecc, mp_limb_t *r, const mp_limb_t *p, const mp_limb_t *q, diff --git a/ecc-add-jjj.c b/ecc-add-jjj.c index d298b517..1143e79a 100644 --- a/ecc-add-jjj.c +++ b/ecc-add-jjj.c @@ -38,13 +38,6 @@ #include "ecc.h" #include "ecc-internal.h" -mp_size_t -ecc_add_jjj_itch (const struct ecc_curve *ecc) -{ - /* Needs 8 * ecc->p.size */ - return ECC_ADD_JJJ_ITCH (ecc->p.size); -} - void ecc_add_jjj (const struct ecc_curve *ecc, mp_limb_t *r, const mp_limb_t *p, const mp_limb_t *q, diff --git a/ecc-dup-eh.c b/ecc-dup-eh.c index ab6b8418..2a5c5a07 100644 --- a/ecc-dup-eh.c +++ b/ecc-dup-eh.c @@ -36,12 +36,6 @@ #include "ecc.h" #include "ecc-internal.h" -mp_size_t -ecc_dup_eh_itch (const struct ecc_curve *ecc) -{ - return ECC_DUP_EH_ITCH (ecc->p.size); -} - /* Double a point on an Edwards curve, in homogeneous coordinates */ void ecc_dup_eh (const struct ecc_curve *ecc, diff --git a/ecc-dup-jj.c b/ecc-dup-jj.c index 7466976a..8e1cf36c 100644 --- a/ecc-dup-jj.c +++ b/ecc-dup-jj.c @@ -42,12 +42,6 @@ + p = 0 ==> r = 0, correct! */ -mp_size_t -ecc_dup_jj_itch (const struct ecc_curve *ecc) -{ - return ECC_DUP_JJ_ITCH (ecc->p.size); -} - void ecc_dup_jj (const struct ecc_curve *ecc, mp_limb_t *r, const mp_limb_t *p, diff --git a/ecc-eh-to-a.c b/ecc-eh-to-a.c index 95f30a7c..2acaacb1 100644 --- a/ecc-eh-to-a.c +++ b/ecc-eh-to-a.c @@ -38,14 +38,6 @@ #include "ecc.h" #include "ecc-internal.h" -mp_size_t -ecc_eh_to_a_itch (const struct ecc_curve *ecc) -{ - /* Needs 2*ecc->p.size + scratch for ecc_modq_inv */ - return ECC_EH_TO_A_ITCH (ecc->p.size, ecc->p.invert_itch); -} - - /* Convert from homogeneous coordinates on the Edwards curve to affine coordinates. */ void diff --git a/ecc-internal.h b/ecc-internal.h index f3a21bc8..5e0a94d9 100644 --- a/ecc-internal.h +++ b/ecc-internal.h @@ -53,6 +53,19 @@ #define ecc_mod _nettle_ecc_mod #define ecc_mod_inv _nettle_ecc_mod_inv #define ecc_hash _nettle_ecc_hash +#define ecc_a_to_j _nettle_ecc_a_to_j +#define ecc_j_to_a _nettle_ecc_j_to_a +#define ecc_eh_to_a _nettle_ecc_eh_to_a +#define ecc_dup_jj _nettle_ecc_dup_jj +#define ecc_add_jja _nettle_ecc_add_jja +#define ecc_add_jjj _nettle_ecc_add_jjj +#define ecc_dup_eh _nettle_ecc_dup_eh +#define ecc_add_eh _nettle_ecc_add_eh +#define ecc_add_ehh _nettle_ecc_add_ehh +#define ecc_mul_g _nettle_ecc_mul_g +#define ecc_mul_a _nettle_ecc_mul_a +#define ecc_mul_g_eh _nettle_ecc_mul_g_eh +#define ecc_mul_a_eh _nettle_ecc_mul_a_eh #define cnd_copy _nettle_cnd_copy #define sec_add_1 _nettle_sec_add_1 #define sec_sub_1 _nettle_sec_sub_1 @@ -248,6 +261,102 @@ ecc_hash (const struct ecc_modulo *m, mp_limb_t *hp, size_t length, const uint8_t *digest); +/* Converts a point P in affine coordinates into a point R in jacobian + coordinates. */ +void +ecc_a_to_j (const struct ecc_curve *ecc, + mp_limb_t *r, const mp_limb_t *p); + +/* Converts a point P in jacobian coordinates into a point R in affine + coordinates. If op == 1, produce x coordinate only. If op == 2, + produce the x coordiante only, and in also it modulo q. FIXME: For + the public interface, have separate for the three cases, and use + this flag argument only for the internal ecc->h_to_a function. */ +void +ecc_j_to_a (const struct ecc_curve *ecc, + int op, + mp_limb_t *r, const mp_limb_t *p, + mp_limb_t *scratch); + +/* Converts a point P on an Edwards curve to affine coordinates on + the corresponding Montgomery curve. */ +void +ecc_eh_to_a (const struct ecc_curve *ecc, + int op, + mp_limb_t *r, const mp_limb_t *p, + mp_limb_t *scratch); + +/* Group operations */ + +/* Point doubling, with jacobian input and output. Corner cases: + Correctly sets R = 0 (r_Z = 0) if p = 0 or 2p = 0. */ +void +ecc_dup_jj (const struct ecc_curve *ecc, + mp_limb_t *r, const mp_limb_t *p, + mp_limb_t *scratch); + +/* Point addition, with jacobian output, one jacobian input and one + affine input. Corner cases: Fails for the cases + + P = Q != 0 Duplication of non-zero point + P = 0, Q != 0 or P != 0, Q = 0 One input zero + + Correctly gives R = 0 if P = Q = 0 or P = -Q. */ +void +ecc_add_jja (const struct ecc_curve *ecc, + mp_limb_t *r, const mp_limb_t *p, const mp_limb_t *q, + mp_limb_t *scratch); + +/* Point addition with Jacobian input and output. */ +void +ecc_add_jjj (const struct ecc_curve *ecc, + mp_limb_t *r, const mp_limb_t *p, const mp_limb_t *q, + mp_limb_t *scratch); + +/* Point doubling on an Edwards curve, with homogeneous + cooordinates. */ +void +ecc_dup_eh (const struct ecc_curve *ecc, + mp_limb_t *r, const mp_limb_t *p, + mp_limb_t *scratch); + +void +ecc_add_eh (const struct ecc_curve *ecc, + mp_limb_t *r, const mp_limb_t *p, const mp_limb_t *q, + mp_limb_t *scratch); + +void +ecc_add_ehh (const struct ecc_curve *ecc, + mp_limb_t *r, const mp_limb_t *p, const mp_limb_t *q, + mp_limb_t *scratch); + +/* Computes N * the group generator. N is an array of ecc_size() + limbs. It must be in the range 0 < N < group order, then R != 0, + and the algorithm can work without any intermediate values getting + to zero. */ +void +ecc_mul_g (const struct ecc_curve *ecc, mp_limb_t *r, + const mp_limb_t *np, mp_limb_t *scratch); + +/* Computes N * P. The scalar N is the same as for ecc_mul_g. P is a + non-zero point on the curve, in affine coordinates. Output R is a + non-zero point, in Jacobian coordinates. */ +void +ecc_mul_a (const struct ecc_curve *ecc, + mp_limb_t *r, + const mp_limb_t *np, const mp_limb_t *p, + mp_limb_t *scratch); + +void +ecc_mul_g_eh (const struct ecc_curve *ecc, mp_limb_t *r, + const mp_limb_t *np, mp_limb_t *scratch); + +void +ecc_mul_a_eh (const struct ecc_curve *ecc, + mp_limb_t *r, + const mp_limb_t *np, const mp_limb_t *p, + mp_limb_t *scratch); + void cnd_copy (int cnd, mp_limb_t *rp, const mp_limb_t *ap, mp_size_t n); diff --git a/ecc-j-to-a.c b/ecc-j-to-a.c index 2e48b94d..eca10f0f 100644 --- a/ecc-j-to-a.c +++ b/ecc-j-to-a.c @@ -38,13 +38,6 @@ #include "ecc.h" #include "ecc-internal.h" -mp_size_t -ecc_j_to_a_itch (const struct ecc_curve *ecc) -{ - /* Needs 2*ecc->size + scratch for ecc_modq_inv */ - return ECC_J_TO_A_ITCH (ecc->p.size); -} - void ecc_j_to_a (const struct ecc_curve *ecc, int op, diff --git a/ecc-mul-a-eh.c b/ecc-mul-a-eh.c index 2e273349..cf743236 100644 --- a/ecc-mul-a-eh.c +++ b/ecc-mul-a-eh.c @@ -38,17 +38,12 @@ #include "ecc.h" #include "ecc-internal.h" -mp_size_t -ecc_mul_a_eh_itch (const struct ecc_curve *ecc) -{ - /* Binary algorithm needs 6*ecc->p.size + scratch for ecc_add_ehh, - total 13 ecc->p.size +/* Binary algorithm needs 6*ecc->p.size + scratch for ecc_add_ehh, + total 13 ecc->p.size - Window algorithm needs (3<<w) * ecc->p.size for the table, - 3*ecc->p.size for a temporary point, and scratch for - ecc_add_ehh. */ - return ECC_MUL_A_EH_ITCH (ecc->p.size); -} + Window algorithm needs (3<<w) * ecc->p.size for the table, + 3*ecc->p.size for a temporary point, and scratch for + ecc_add_ehh. */ #if ECC_MUL_A_EH_WBITS == 0 void diff --git a/ecc-mul-a.c b/ecc-mul-a.c index 9b2be3d8..cb9c7d41 100644 --- a/ecc-mul-a.c +++ b/ecc-mul-a.c @@ -40,17 +40,12 @@ #include "ecc.h" #include "ecc-internal.h" -mp_size_t -ecc_mul_a_itch (const struct ecc_curve *ecc) -{ - /* Binary algorithm needs 6*ecc->p.size + scratch for ecc_add_jja. - Current total is 12 ecc->p.size, at most 864 bytes. +/* Binary algorithm needs 6*ecc->p.size + scratch for ecc_add_jja. + Current total is 12 ecc->p.size, at most 864 bytes. - Window algorithm needs (3<<w) * ecc->p.size for the table, - 3*ecc->p.size for a temporary point, and scratch for - ecc_add_jjj. */ - return ECC_MUL_A_ITCH (ecc->p.size); -} + Window algorithm needs (3<<w) * ecc->p.size for the table, + 3*ecc->p.size for a temporary point, and scratch for + ecc_add_jjj. */ #if ECC_MUL_A_WBITS == 0 void diff --git a/ecc-mul-g-eh.c b/ecc-mul-g-eh.c index fc0f565c..a945494d 100644 --- a/ecc-mul-g-eh.c +++ b/ecc-mul-g-eh.c @@ -40,13 +40,6 @@ #include "ecc.h" #include "ecc-internal.h" -mp_size_t -ecc_mul_g_eh_itch (const struct ecc_curve *ecc) -{ - /* Needs 3*ecc->p.size + scratch for ecc_add_jja. */ - return ECC_MUL_G_EH_ITCH (ecc->p.size); -} - void ecc_mul_g_eh (const struct ecc_curve *ecc, mp_limb_t *r, const mp_limb_t *np, mp_limb_t *scratch) diff --git a/ecc-mul-g.c b/ecc-mul-g.c index b2dcb404..c4a1b5bb 100644 --- a/ecc-mul-g.c +++ b/ecc-mul-g.c @@ -40,13 +40,6 @@ #include "ecc.h" #include "ecc-internal.h" -mp_size_t -ecc_mul_g_itch (const struct ecc_curve *ecc) -{ - /* Needs 3*ecc->p.size + scratch for ecc_add_jja. */ - return ECC_MUL_G_ITCH (ecc->p.size); -} - void ecc_mul_g (const struct ecc_curve *ecc, mp_limb_t *r, const mp_limb_t *np, mp_limb_t *scratch) @@ -58,31 +58,6 @@ extern "C" { #define ecc_size nettle_ecc_size #define ecc_size_a nettle_ecc_size_a #define ecc_size_j nettle_ecc_size_j -#define ecc_a_to_j nettle_ecc_a_to_j -#define ecc_j_to_a_itch nettle_ecc_j_to_a_itch -#define ecc_j_to_a nettle_ecc_j_to_a -#define ecc_eh_to_a_itch nettle_ecc_eh_to_a_itch -#define ecc_eh_to_a nettle_ecc_eh_to_a -#define ecc_dup_jj_itch nettle_ecc_dup_jj_itch -#define ecc_dup_jj nettle_ecc_dup_jj -#define ecc_add_jja_itch nettle_ecc_add_jja_itch -#define ecc_add_jja nettle_ecc_add_jja -#define ecc_add_jjj_itch nettle_ecc_add_jjj_itch -#define ecc_add_jjj nettle_ecc_add_jjj -#define ecc_dup_eh_itch nettle_ecc_dup_eh_itch -#define ecc_dup_eh nettle_ecc_dup_eh -#define ecc_add_eh_itch nettle_ecc_add_eh_itch -#define ecc_add_eh nettle_ecc_add_eh -#define ecc_add_ehh_itch nettle_ecc_add_ehh_itch -#define ecc_add_ehh nettle_ecc_add_ehh -#define ecc_mul_g_itch nettle_ecc_mul_g_itch -#define ecc_mul_g nettle_ecc_mul_g -#define ecc_mul_a_itch nettle_ecc_mul_a_itch -#define ecc_mul_a nettle_ecc_mul_a -#define ecc_mul_g_eh_itch nettle_ecc_mul_g_eh_itch -#define ecc_mul_g_eh nettle_ecc_mul_g_eh -#define ecc_mul_a_eh_itch nettle_ecc_mul_a_eh_itch -#define ecc_mul_a_eh nettle_ecc_mul_a_eh struct ecc_curve; @@ -174,133 +149,8 @@ ecc_size_a (const struct ecc_curve *ecc); mp_size_t ecc_size_j (const struct ecc_curve *ecc); -/* FIXME: Rename the low-level (and side-channel silent) functions to - _ecc_*, and provide public ecc_* functions which handle the - infinity points properly? */ - -/* Converts a point P in affine coordinates into a point R in jacobian - coordinates. */ -void -ecc_a_to_j (const struct ecc_curve *ecc, - mp_limb_t *r, const mp_limb_t *p); - -/* Converts a point P in jacobian coordinates into a point R in affine - coordinates. If op == 1, produce x coordinate only. If op == 2, - produce the x coordiante only, and in also it modulo q. FIXME: For - the public interface, have separate for the three cases, and use - this flag argument only for the internal ecc->h_to_a function. */ -mp_size_t -ecc_j_to_a_itch (const struct ecc_curve *ecc); -void -ecc_j_to_a (const struct ecc_curve *ecc, - int op, - mp_limb_t *r, const mp_limb_t *p, - mp_limb_t *scratch); - -/* Converts a point P on an Edwards curve to affine coordinates on - the corresponding Montgomery curve. */ - -mp_size_t -ecc_eh_to_a_itch (const struct ecc_curve *ecc); -void -ecc_eh_to_a (const struct ecc_curve *ecc, - int op, - mp_limb_t *r, const mp_limb_t *p, - mp_limb_t *scratch); - -/* Group operations */ - -/* Point doubling, with jacobian input and output. Corner cases: - Correctly sets R = 0 (r_Z = 0) if p = 0 or 2p = 0. */ -mp_size_t -ecc_dup_jj_itch (const struct ecc_curve *ecc); -void -ecc_dup_jj (const struct ecc_curve *ecc, - mp_limb_t *r, const mp_limb_t *p, - mp_limb_t *scratch); - - -/* Point addition, with jacobian output, one jacobian input and one - affine input. Corner cases: Fails for the cases - - P = Q != 0 Duplication of non-zero point - P = 0, Q != 0 or P != 0, Q = 0 One input zero - - Correctly gives R = 0 if P = Q = 0 or P = -Q. */ -mp_size_t -ecc_add_jja_itch (const struct ecc_curve *ecc); -void -ecc_add_jja (const struct ecc_curve *ecc, - mp_limb_t *r, const mp_limb_t *p, const mp_limb_t *q, - mp_limb_t *scratch); - -/* Point addition with Jacobian input and output. */ -mp_size_t -ecc_add_jjj_itch (const struct ecc_curve *ecc); -void -ecc_add_jjj (const struct ecc_curve *ecc, - mp_limb_t *r, const mp_limb_t *p, const mp_limb_t *q, - mp_limb_t *scratch); - -/* FIXME: Use a generic ecc_dup, ecc_add, for any type of curve. */ -/* Point doubling on an Edwards curve, with homogeneous - cooordinates. */ -mp_size_t -ecc_dup_eh_itch (const struct ecc_curve *ecc); -void -ecc_dup_eh (const struct ecc_curve *ecc, - mp_limb_t *r, const mp_limb_t *p, - mp_limb_t *scratch); - -mp_size_t -ecc_add_eh_itch (const struct ecc_curve *ecc); -void -ecc_add_eh (const struct ecc_curve *ecc, - mp_limb_t *r, const mp_limb_t *p, const mp_limb_t *q, - mp_limb_t *scratch); - -mp_size_t -ecc_add_ehh_itch (const struct ecc_curve *ecc); -void -ecc_add_ehh (const struct ecc_curve *ecc, - mp_limb_t *r, const mp_limb_t *p, const mp_limb_t *q, - mp_limb_t *scratch); - -/* Computes N * the group generator. N is an array of ecc_size() - limbs. It must be in the range 0 < N < group order, then R != 0, - and the algorithm can work without any intermediate values getting - to zero. */ -mp_size_t -ecc_mul_g_itch (const struct ecc_curve *ecc); -void -ecc_mul_g (const struct ecc_curve *ecc, mp_limb_t *r, - const mp_limb_t *np, mp_limb_t *scratch); - -/* Computes N * P. The scalar N is the same as for ecc_mul_g. P is a - non-zero point on the curve, in affine coordinates. Output R is a - non-zero point, in Jacobian coordinates. */ -mp_size_t -ecc_mul_a_itch (const struct ecc_curve *ecc); -void -ecc_mul_a (const struct ecc_curve *ecc, - mp_limb_t *r, - const mp_limb_t *np, const mp_limb_t *p, - mp_limb_t *scratch); - -mp_size_t -ecc_mul_g_eh_itch (const struct ecc_curve *ecc); -void -ecc_mul_g_eh (const struct ecc_curve *ecc, mp_limb_t *r, - const mp_limb_t *np, mp_limb_t *scratch); - -mp_size_t -ecc_mul_a_eh_itch (const struct ecc_curve *ecc); -void -ecc_mul_a_eh (const struct ecc_curve *ecc, - mp_limb_t *r, - const mp_limb_t *np, const mp_limb_t *p, - mp_limb_t *scratch); - +/* FIXME: Define a generic ecc_dup, ecc_add, for any type of curve. Do + they need to handle infinity points? */ #ifdef __cplusplus } |