1 /*
2 Public domain by Andrew M. <liquidsun@gmail.com>
3 Modified from the amd64-51-30k implementation by
4 Daniel J. Bernstein
5 Niels Duif
6 Tanja Lange
7 Peter Schwabe
8 Bo-Yin Yang
9 */
10
11
12 #include "ed25519-donna-portable.h"
13
14 #if defined(ED25519_SSE2)
15 #else
16 #if defined(HAVE_UINT128) && !defined(ED25519_FORCE_32BIT)
17 #define ED25519_64BIT
18 #else
19 #define ED25519_32BIT
20 #endif
21 #endif
22
23 #if !defined(ED25519_NO_INLINE_ASM)
24 /* detect extra features first so un-needed functions can be disabled throughout */
25 #if defined(ED25519_SSE2)
26 #if defined(COMPILER_GCC) && defined(CPU_X86)
27 #define ED25519_GCC_32BIT_SSE_CHOOSE
28 #elif defined(COMPILER_GCC) && defined(CPU_X86_64)
29 #define ED25519_GCC_64BIT_SSE_CHOOSE
30 #endif
31 #else
32 #if defined(CPU_X86_64)
33 #if defined(COMPILER_GCC)
34 #if defined(ED25519_64BIT)
35 #define ED25519_GCC_64BIT_X86_CHOOSE
36 #else
37 #define ED25519_GCC_64BIT_32BIT_CHOOSE
38 #endif
39 #endif
40 #endif
41 #endif
42 #endif
43
44 #if defined(ED25519_SSE2)
45 #include "curve25519-donna-sse2.h"
46 #elif defined(ED25519_64BIT)
47 #include "curve25519-donna-64bit.h"
48 #else
49 #include "curve25519-donna-32bit.h"
50 #endif
51
52 #include "curve25519-donna-helpers.h"
53
54 /* separate uint128 check for 64 bit sse2 */
55 #if defined(HAVE_UINT128) && !defined(ED25519_FORCE_32BIT)
56 #include "modm-donna-64bit.h"
57 #else
58 #include "modm-donna-32bit.h"
59 #endif
60
61 typedef unsigned char hash_512bits[64];
62
63 /*
64 Timing safe memory compare
65 */
66 static int
ed25519_verify(const unsigned char * x,const unsigned char * y,size_t len)67 ed25519_verify(const unsigned char *x, const unsigned char *y, size_t len) {
68 size_t differentbits = 0;
69 while (len--)
70 differentbits |= (*x++ ^ *y++);
71 return (int) (1 & ((differentbits - 1) >> 8));
72 }
73
74
75 /*
76 * Arithmetic on the twisted Edwards curve -x^2 + y^2 = 1 + dx^2y^2
77 * with d = -(121665/121666) = 37095705934669439343138083508754565189542113879843219016388785533085940283555
78 * Base point: (15112221349535400772501151409588531511454012693041857206046113283949847762202,46316835694926478169428394003475163141307993866256225615783033603165251855960);
79 */
80
81 typedef struct ge25519_t {
82 bignum25519 x, y, z, t;
83 } ge25519;
84
85 typedef struct ge25519_p1p1_t {
86 bignum25519 x, y, z, t;
87 } ge25519_p1p1;
88
89 typedef struct ge25519_niels_t {
90 bignum25519 ysubx, xaddy, t2d;
91 } ge25519_niels;
92
93 typedef struct ge25519_pniels_t {
94 bignum25519 ysubx, xaddy, z, t2d;
95 } ge25519_pniels;
96
97 #include "ed25519-donna-basepoint-table.h"
98
99 #if defined(ED25519_64BIT)
100 #include "ed25519-donna-64bit-tables.h"
101 #include "ed25519-donna-64bit-x86.h"
102 #else
103 #include "ed25519-donna-32bit-tables.h"
104 #include "ed25519-donna-64bit-x86-32bit.h"
105 #endif
106
107
108 #if defined(ED25519_SSE2)
109 #include "ed25519-donna-32bit-sse2.h"
110 #include "ed25519-donna-64bit-sse2.h"
111 #include "ed25519-donna-impl-sse2.h"
112 #else
113 #include "ed25519-donna-impl-base.h"
114 #endif
115
116