diff options
| author | Niels Möller <nisse@lysator.liu.se> | 2014-09-22 12:39:19 +0200 |
|---|---|---|
| committer | Niels Möller <nisse@lysator.liu.se> | 2014-09-22 12:39:19 +0200 |
| commit | a78c9459fda9204b870350a3e075cd78d448fca2 (patch) | |
| tree | 5570986a3a7ee931bc4a43b47b6fa62b6133e8cc /ecc-25519.c | |
| parent | 2b552abd4edc775de854014c7b0135902ca2ecd3 (diff) | |
| download | nettle-a78c9459fda9204b870350a3e075cd78d448fca2.tar.gz | |
Introduced struct ecc_modulo.
Diffstat (limited to 'ecc-25519.c')
| -rw-r--r-- | ecc-25519.c | 48 |
1 files changed, 28 insertions, 20 deletions
diff --git a/ecc-25519.c b/ecc-25519.c index 996e6bdd..c8ffba44 100644 --- a/ecc-25519.c +++ b/ecc-25519.c @@ -87,17 +87,17 @@ ecc_25519_modq (const struct ecc_curve *ecc, mp_limb_t *rp) for (n = ECC_LIMB_SIZE; n-- > 0;) { cy = mpn_submul_1 (rp + n, - ecc->Bmodq_shifted, ECC_LIMB_SIZE, + ecc->q.B_shifted, ECC_LIMB_SIZE, rp[n + ECC_LIMB_SIZE]); /* Top limb of mBmodq_shifted is zero, so we get cy == 0 or 1 */ assert (cy < 2); - cnd_add_n (cy, rp+n, ecc->q, ECC_LIMB_SIZE); + cnd_add_n (cy, rp+n, ecc->q.m, ECC_LIMB_SIZE); } - cy = mpn_submul_1 (rp, ecc->q, ECC_LIMB_SIZE, + cy = mpn_submul_1 (rp, ecc->q.m, ECC_LIMB_SIZE, rp[ECC_LIMB_SIZE-1] >> (GMP_NUMB_BITS - QHIGH_BITS)); assert (cy < 2); - cnd_add_n (cy, rp, ecc->q, ECC_LIMB_SIZE); + cnd_add_n (cy, rp, ecc->q.m, ECC_LIMB_SIZE); } /* Needs 2*ecc->size limbs at rp, and 2*ecc->size additional limbs of @@ -200,8 +200,8 @@ ecc_25519_sqrt(mp_limb_t *rp, const mp_limb_t *ap) ecc_modp_mul (ecc, xp, t0, ap); /* a^{(p+3)/8 */ ecc_modp_mul (ecc, bp, t0, xp); /* a^{(p-1)/4} */ /* Check if b == 1 (mod p) */ - if (mpn_cmp (bp, ecc->p, ECC_LIMB_SIZE) >= 0) - mpn_sub_n (bp, bp, ecc->p, ECC_LIMB_SIZE); + if (mpn_cmp (bp, ecc->p.m, ECC_LIMB_SIZE) >= 0) + mpn_sub_n (bp, bp, ecc->p.m, ECC_LIMB_SIZE); if (mpn_cmp (bp, ecc->unit, ECC_LIMB_SIZE) == 0) { mpn_copyi (rp, xp, ECC_LIMB_SIZE); @@ -210,7 +210,7 @@ ecc_25519_sqrt(mp_limb_t *rp, const mp_limb_t *ap) else { mpn_add_1 (bp, bp, ECC_LIMB_SIZE, 1); - if (mpn_cmp (bp, ecc->p, ECC_LIMB_SIZE) == 0) + if (mpn_cmp (bp, ecc->p.m, ECC_LIMB_SIZE) == 0) { ecc_modp_mul (&nettle_curve25519, bp, xp, ecc_sqrt_z); mpn_copyi (rp, bp, ECC_LIMB_SIZE); @@ -232,13 +232,28 @@ ecc_25519_sqrt(mp_limb_t *rp, const mp_limb_t *ap) const struct ecc_curve nettle_curve25519 = { - 255, - ECC_LIMB_SIZE, - ECC_BMODP_SIZE, - 253, - ECC_BMODQ_SIZE, + { + 255, + ECC_LIMB_SIZE, + ECC_BMODP_SIZE, + 0, + ecc_p, + ecc_Bmodp, + ecc_Bmodp_shifted, + NULL, + }, + { + 253, + ECC_LIMB_SIZE, + ECC_BMODQ_SIZE, + 0, + ecc_q, + ecc_Bmodq, + ecc_mBmodq_shifted, /* Use q - 2^{252} instead. */ + NULL, + }, + 0, /* No redc */ - 0, ECC_PIPPENGER_K, ECC_PIPPENGER_C, @@ -257,18 +272,11 @@ const struct ecc_curve nettle_curve25519 = ecc_mul_g_eh, ecc_eh_to_a, - ecc_p, ecc_d, /* Use the Edwards curve constant. */ - ecc_q, ecc_g, ecc_edwards, - ecc_Bmodp, - ecc_Bmodp_shifted, ecc_pp1h, - ecc_redc_ppm1, ecc_unit, - ecc_Bmodq, - ecc_mBmodq_shifted, /* Use q - 2^{252} instead. */ ecc_qp1h, ecc_table }; |