1 /* 2 * Copyright (c) 2015, Google Inc. 3 * 4 * Permission to use, copy, modify, and/or distribute this software for any 5 * purpose with or without fee is hereby granted, provided that the above 6 * copyright notice and this permission notice appear in all copies. 7 * 8 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 9 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 10 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY 11 * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 12 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION 13 * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN 14 * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15 */ 16 17 #ifndef HEADER_CURVE25519_INTERNAL_H 18 #define HEADER_CURVE25519_INTERNAL_H 19 20 #include <stdint.h> 21 22 __BEGIN_HIDDEN_DECLS 23 24 /* fe means field element. Here the field is \Z/(2^255-19). An element t, 25 * entries t[0]...t[9], represents the integer t[0]+2^26 t[1]+2^51 t[2]+2^77 26 * t[3]+2^102 t[4]+...+2^230 t[9]. Bounds on each t[i] vary depending on 27 * context. */ 28 typedef int32_t fe[10]; 29 30 /* ge means group element. 31 32 * Here the group is the set of pairs (x,y) of field elements (see fe.h) 33 * satisfying -x^2 + y^2 = 1 + d x^2y^2 34 * where d = -121665/121666. 35 * 36 * Representations: 37 * ge_p2 (projective): (X:Y:Z) satisfying x=X/Z, y=Y/Z 38 * ge_p3 (extended): (X:Y:Z:T) satisfying x=X/Z, y=Y/Z, XY=ZT 39 * ge_p1p1 (completed): ((X:Z),(Y:T)) satisfying x=X/Z, y=Y/T 40 * ge_precomp (Duif): (y+x,y-x,2dxy) */ 41 42 typedef struct { 43 fe X; 44 fe Y; 45 fe Z; 46 } ge_p2; 47 48 typedef struct { 49 fe X; 50 fe Y; 51 fe Z; 52 fe T; 53 } ge_p3; 54 55 typedef struct { 56 fe X; 57 fe Y; 58 fe Z; 59 fe T; 60 } ge_p1p1; 61 62 typedef struct { 63 fe yplusx; 64 fe yminusx; 65 fe xy2d; 66 } ge_precomp; 67 68 typedef struct { 69 fe YplusX; 70 fe YminusX; 71 fe Z; 72 fe T2d; 73 } ge_cached; 74 75 void x25519_ge_tobytes(uint8_t *s, const ge_p2 *h); 76 int x25519_ge_frombytes_vartime(ge_p3 *h, const uint8_t *s); 77 void x25519_ge_p3_to_cached(ge_cached *r, const ge_p3 *p); 78 void x25519_ge_p1p1_to_p2(ge_p2 *r, const ge_p1p1 *p); 79 void x25519_ge_p1p1_to_p3(ge_p3 *r, const ge_p1p1 *p); 80 void x25519_ge_add(ge_p1p1 *r, const ge_p3 *p, const ge_cached *q); 81 void x25519_ge_sub(ge_p1p1 *r, const ge_p3 *p, const ge_cached *q); 82 void x25519_ge_scalarmult_small_precomp(ge_p3 *h, const uint8_t a[32], 83 const uint8_t precomp_table[15 * 2 * 32]); 84 void x25519_ge_scalarmult_base(ge_p3 *h, const uint8_t a[32]); 85 void x25519_ge_scalarmult(ge_p2 *r, const uint8_t *scalar, const ge_p3 *A); 86 void x25519_sc_reduce(uint8_t *s); 87 88 void x25519_public_from_private(uint8_t out_public_value[32], 89 const uint8_t private_key[32]); 90 91 void x25519_scalar_mult(uint8_t out[32], const uint8_t scalar[32], 92 const uint8_t point[32]); 93 void x25519_scalar_mult_generic(uint8_t out[32], const uint8_t scalar[32], 94 const uint8_t point[32]); 95 96 __END_HIDDEN_DECLS 97 98 #endif /* HEADER_CURVE25519_INTERNAL_H */ 99