wolf SSL / wolfSSL

Important changes to repositories hosted on mbed.com

Mbed hosted mercurial repositories are deprecated and are due to be permanently deleted in July 2026.

To keep a copy of this software download the repository Zip archive or clone locally using Mercurial.

It is also possible to export all your personal repositories from the account settings page.

Dependents:   CyaSSL-Twitter-OAuth4Tw Example-client-tls-cert TwitterReader TweetTest ... more

Embed: (wiki syntax)

« Back to documentation index

Show/hide line numbers fe_operations.h Source File

fe_operations.h

00001 /* fe_operations.h
00002  *
00003  * Copyright (C) 2006-2020 wolfSSL Inc.
00004  *
00005  * This file is part of wolfSSL.
00006  *
00007  * wolfSSL is free software; you can redistribute it and/or modify
00008  * it under the terms of the GNU General Public License as published by
00009  * the Free Software Foundation; either version 2 of the License, or
00010  * (at your option) any later version.
00011  *
00012  * wolfSSL is distributed in the hope that it will be useful,
00013  * but WITHOUT ANY WARRANTY; without even the implied warranty of
00014  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
00015  * GNU General Public License for more details.
00016  *
00017  * You should have received a copy of the GNU General Public License
00018  * along with this program; if not, write to the Free Software
00019  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
00020  */
00021 
00022 
00023 #ifndef WOLF_CRYPT_FE_OPERATIONS_H
00024 #define WOLF_CRYPT_FE_OPERATIONS_H
00025 
00026 #include <wolfssl/wolfcrypt/settings.h>
00027 
00028 #if defined(HAVE_CURVE25519) || defined(HAVE_ED25519)
00029 
00030 #if !defined(CURVE25519_SMALL) || !defined(ED25519_SMALL)
00031     #include <stdint.h>
00032 #endif
00033 
00034 #include <wolfssl/wolfcrypt/types.h >
00035 
00036 #if defined(USE_INTEL_SPEEDUP) && !defined(NO_CURVED25519_X64)
00037     #define CURVED25519_X64
00038 #elif defined(HAVE___UINT128_T) && !defined(NO_CURVED25519_128BIT)
00039     #define CURVED25519_128BIT
00040 #endif
00041 
00042 #if defined(CURVED25519_X64)
00043     #define CURVED25519_ASM_64BIT
00044     #define CURVED25519_ASM
00045 #endif
00046 #if defined(WOLFSSL_ARMASM)
00047     #ifdef __aarch64__
00048         #define CURVED25519_ASM_64BIT
00049     #else
00050         #define CURVED25519_ASM_32BIT
00051     #endif
00052     #define CURVED25519_ASM
00053 #endif
00054 
00055 /*
00056 fe means field element.
00057 Here the field is \Z/(2^255-19).
00058 An element t, entries t[0]...t[9], represents the integer
00059 t[0]+2^26 t[1]+2^51 t[2]+2^77 t[3]+2^102 t[4]+...+2^230 t[9].
00060 Bounds on each t[i] vary depending on context.
00061 */
00062 
00063 #ifdef __cplusplus
00064     extern "C" {
00065 #endif
00066 
00067 #if defined(CURVE25519_SMALL) || defined(ED25519_SMALL)
00068     #define F25519_SIZE 32
00069 
00070     WOLFSSL_LOCAL void lm_copy(byte*, const byte*);
00071     WOLFSSL_LOCAL void lm_add(byte*, const byte*, const byte*);
00072     WOLFSSL_LOCAL void lm_sub(byte*, const byte*, const byte*);
00073     WOLFSSL_LOCAL void lm_neg(byte*,const byte*);
00074     WOLFSSL_LOCAL void lm_invert(byte*, const byte*);
00075     WOLFSSL_LOCAL void lm_mul(byte*,const byte*,const byte*);
00076 #endif
00077 
00078 
00079 #if !defined(FREESCALE_LTC_ECC)
00080 WOLFSSL_LOCAL void fe_init(void);
00081 
00082 WOLFSSL_LOCAL int  curve25519(byte * q, byte * n, byte * p);
00083 #endif
00084 
00085 /* default to be faster but take more memory */
00086 #if !defined(CURVE25519_SMALL) || !defined(ED25519_SMALL)
00087 
00088 #ifdef CURVED25519_ASM_64BIT
00089     typedef int64_t  fe[4];
00090 #elif defined(CURVED25519_ASM_32BIT)
00091     typedef int32_t  fe[8];
00092 #elif defined(CURVED25519_128BIT)
00093     typedef int64_t  fe[5];
00094 #else
00095     typedef int32_t  fe[10];
00096 #endif
00097 
00098 WOLFSSL_LOCAL void fe_copy(fe, const fe);
00099 WOLFSSL_LOCAL void fe_add(fe, const fe, const fe);
00100 WOLFSSL_LOCAL void fe_neg(fe,const fe);
00101 WOLFSSL_LOCAL void fe_sub(fe, const fe, const fe);
00102 WOLFSSL_LOCAL void fe_invert(fe, const fe);
00103 WOLFSSL_LOCAL void fe_mul(fe,const fe,const fe);
00104 
00105 
00106 /* Based On Daniel J Bernstein's curve25519 and ed25519 Public Domain ref10
00107    work. */
00108 
00109 WOLFSSL_LOCAL void fe_0(fe);
00110 WOLFSSL_LOCAL void fe_1(fe);
00111 WOLFSSL_LOCAL int  fe_isnonzero(const fe);
00112 WOLFSSL_LOCAL int  fe_isnegative(const fe);
00113 WOLFSSL_LOCAL void fe_tobytes(unsigned char *, const fe);
00114 WOLFSSL_LOCAL void fe_sq(fe, const fe);
00115 WOLFSSL_LOCAL void fe_sq2(fe,const fe);
00116 WOLFSSL_LOCAL void fe_frombytes(fe,const unsigned char *);
00117 WOLFSSL_LOCAL void fe_cswap(fe, fe, int);
00118 WOLFSSL_LOCAL void fe_mul121666(fe,fe);
00119 WOLFSSL_LOCAL void fe_cmov(fe,const fe, int);
00120 WOLFSSL_LOCAL void fe_pow22523(fe,const fe);
00121 
00122 /* 64 type needed for SHA512 */
00123 WOLFSSL_LOCAL uint64_t load_3(const unsigned char *in);
00124 WOLFSSL_LOCAL uint64_t load_4(const unsigned char *in);
00125 
00126 #ifdef CURVED25519_ASM
00127 WOLFSSL_LOCAL void fe_ge_to_p2(fe rx, fe ry, fe rz, const fe px, const fe py,
00128                                const fe pz, const fe pt);
00129 WOLFSSL_LOCAL void fe_ge_to_p3(fe rx, fe ry, fe rz, fe rt, const fe px,
00130                                const fe py, const fe pz, const fe pt);
00131 WOLFSSL_LOCAL void fe_ge_dbl(fe rx, fe ry, fe rz, fe rt, const fe px,
00132                              const fe py, const fe pz);
00133 WOLFSSL_LOCAL void fe_ge_madd(fe rx, fe ry, fe rz, fe rt, const fe px,
00134                               const fe py, const fe pz, const fe pt,
00135                               const fe qxy2d, const fe qyplusx,
00136                               const fe qyminusx);
00137 WOLFSSL_LOCAL void fe_ge_msub(fe rx, fe ry, fe rz, fe rt, const fe px,
00138                               const fe py, const fe pz, const fe pt,
00139                               const fe qxy2d, const fe qyplusx,
00140                               const fe qyminusx);
00141 WOLFSSL_LOCAL void fe_ge_add(fe rx, fe ry, fe rz, fe rt, const fe px,
00142                              const fe py, const fe pz, const fe pt, const fe qz,
00143                              const fe qt2d, const fe qyplusx,
00144                              const fe qyminusx);
00145 WOLFSSL_LOCAL void fe_ge_sub(fe rx, fe ry, fe rz, fe rt, const fe px,
00146                              const fe py, const fe pz, const fe pt, const fe qz,
00147                              const fe qt2d, const fe qyplusx,
00148                              const fe qyminusx);
00149 WOLFSSL_LOCAL void fe_cmov_table(fe* r, fe* base, signed char b);
00150 #endif /* CURVED25519_ASM */
00151 #endif /* !CURVE25519_SMALL || !ED25519_SMALL */
00152 
00153 /* Use less memory and only 32bit types or less, but is slower
00154    Based on Daniel Beer's public domain work. */
00155 #if defined(CURVE25519_SMALL) || defined(ED25519_SMALL)
00156 static const byte c25519_base_x[F25519_SIZE] = {9};
00157 static const byte f25519_zero[F25519_SIZE]   = {0};
00158 static const byte f25519_one[F25519_SIZE]    = {1};
00159 static const byte fprime_zero[F25519_SIZE]   = {0};
00160 static const byte fprime_one[F25519_SIZE]    = {1};
00161 
00162 WOLFSSL_LOCAL void fe_load(byte *x, word32 c);
00163 WOLFSSL_LOCAL void fe_normalize(byte *x);
00164 WOLFSSL_LOCAL void fe_inv__distinct(byte *r, const byte *x);
00165 
00166 /* Conditional copy. If condition == 0, then zero is copied to dst. If
00167  * condition == 1, then one is copied to dst. Any other value results in
00168  * undefined behavior.
00169  */
00170 WOLFSSL_LOCAL void fe_select(byte *dst, const byte *zero, const byte *one,
00171            byte condition);
00172 
00173 /* Multiply a point by a small constant. The two pointers are not
00174  * required to be distinct.
00175  *
00176  * The constant must be less than 2^24.
00177  */
00178 WOLFSSL_LOCAL void fe_mul_c(byte *r, const byte *a, word32 b);
00179 WOLFSSL_LOCAL void fe_mul__distinct(byte *r, const byte *a, const byte *b);
00180 
00181 /* Compute one of the square roots of the field element, if the element
00182  * is square. The other square is -r.
00183  *
00184  * If the input is not square, the returned value is a valid field
00185  * element, but not the correct answer. If you don't already know that
00186  * your element is square, you should square the return value and test.
00187  */
00188 WOLFSSL_LOCAL void fe_sqrt(byte *r, const byte *x);
00189 
00190 /* Conditional copy. If condition == 0, then zero is copied to dst. If
00191  * condition == 1, then one is copied to dst. Any other value results in
00192  * undefined behavior.
00193  */
00194 WOLFSSL_LOCAL void fprime_select(byte *dst, const byte *zero, const byte *one,
00195                                  byte condition);
00196 WOLFSSL_LOCAL void fprime_add(byte *r, const byte *a, const byte *modulus);
00197 WOLFSSL_LOCAL void fprime_sub(byte *r, const byte *a, const byte *modulus);
00198 WOLFSSL_LOCAL void fprime_mul(byte *r, const byte *a, const byte *b,
00199                               const byte *modulus);
00200 WOLFSSL_LOCAL void fprime_copy(byte *x, const byte *a);
00201 
00202 #endif /* CURVE25519_SMALL || ED25519_SMALL */
00203 
00204 #ifdef __cplusplus
00205     } /* extern "C" */
00206 #endif
00207 
00208 #endif /* HAVE_CURVE25519 || HAVE_ED25519 */
00209 
00210 #endif /* WOLF_CRYPT_FE_OPERATIONS_H */
00211
Generated on Tue Jul 12 2022 20:58:35 by  doxygen 1.7.2