Inicio Explorar Axuda
Iniciar sesión
YanoPettanko
/
mkp224o
réplica de https://github.com/cathugger/mkp224o
1
0
Fork 0
Ficheiros Incidencias 0 Wiki
Rama: master
Ramas Etiquetas
mkp224o
/
ed25519
/
amd64-51-30k
/
ge25519_double_scalarmult.c

ge25519_double_scalarmult.c 2.5 KB
Permalink Histórico Raw

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697 
  1. #include "fe25519.h"
    2. 

  2. #include "sc25519.h"
    3. 

  3. #include "ge25519.h"
    4. 

  4. 

  5. #define S1_SWINDOWSIZE 5
    6. 

  6. #define PRE1_SIZE (1<<(S1_SWINDOWSIZE-2))
    7. 

  7. #define S2_SWINDOWSIZE 7
    8. 

  8. #define PRE2_SIZE (1<<(S2_SWINDOWSIZE-2))
    9. 

  9. 

  10. static const ge25519_niels pre2[PRE2_SIZE] = {
    11. 

  11. #include "ge25519_base_slide_multiples.data"
    12. 

  12. };
    13. 

  13. 

  14. static const fe25519 ec2d = {{1859910466990425, 932731440258426, 1072319116312658, 1815898335770999, 633789495995903}};
    15. 

  15. 

  16. static void setneutral(ge25519 *r)
    17. 

  17. {
    18. 

  18.   fe25519_setint(&r->x,0);
    19. 

  19.   fe25519_setint(&r->y,1);
    20. 

  20.   fe25519_setint(&r->z,1);
    21. 

  21.   fe25519_setint(&r->t,0);
    22. 

  22. }
    23. 

  23. 

  24. /* computes [s1]p1 + [s2]p2 */
    25. 

  25. void ge25519_double_scalarmult_vartime(ge25519_p3 *r, const ge25519_p3 *p1, const sc25519 *s1, const sc25519 *s2)
    26. 

  26. {
    27. 

  27.   signed char slide1[256], slide2[256];
    28. 

  28.   ge25519_pniels pre1[PRE1_SIZE], neg;
    29. 

  29.   ge25519_p3 d1;
    30. 

  30.   ge25519_p1p1 t;
    31. 

  31.   ge25519_niels nneg;
    32. 

  32.   fe25519 d;
    33. 

  33.   int i;
    34. 

  34.   
    35. 

  35.   sc25519_slide(slide1, s1, S1_SWINDOWSIZE);
    36. 

  36.   sc25519_slide(slide2, s2, S2_SWINDOWSIZE);
    37. 

  37. 

  38.   /* precomputation */
    39. 

  39.   pre1[0] = *(ge25519_pniels *)p1;                                                                         
    40. 

  40.   ge25519_dbl_p1p1(&t,(ge25519_p2 *)pre1);      ge25519_p1p1_to_p3(&d1, &t);
    41. 

  41.   /* Convert pre[0] to projective Niels representation */
    42. 

  42.   d = pre1[0].ysubx;
    43. 

  43.   fe25519_sub(&pre1[0].ysubx, &pre1[0].xaddy, &pre1[0].ysubx);
    44. 

  44.   fe25519_add(&pre1[0].xaddy, &pre1[0].xaddy, &d);
    45. 

  45.   fe25519_mul(&pre1[0].t2d, &pre1[0].t2d, &ec2d);
    46. 

  46. 

  47.   for(i=0;i<PRE1_SIZE-1;i++)
    48. 

  48.   {
    49. 

  49.     ge25519_pnielsadd_p1p1(&t, &d1, &pre1[i]);  ge25519_p1p1_to_pniels(&pre1[i+1], &t);
    50. 

  50.   }
    51. 

  51. 

  52.   setneutral(r);
    53. 

  53.   for (i = 255;i >= 0;--i) {
    54. 

  54.     if (slide1[i] || slide2[i]) goto firstbit;
    55. 

  55.   }
    56. 

  56. 

  57.   for(;i>=0;i--)
    58. 

  58.   {
    59. 

  59.     firstbit:
    60. 

  60. 

  61.     ge25519_dbl_p1p1(&t, (ge25519_p2 *)r);
    62. 

  62. 

  63.     if(slide1[i]>0)
    64. 

  64.     {
    65. 

  65.       ge25519_p1p1_to_p3(r, &t);
    66. 

  66.       ge25519_pnielsadd_p1p1(&t, r, &pre1[slide1[i]/2]);
    67. 

  67.     }
    68. 

  68.     else if(slide1[i]<0)
    69. 

  69.     {
    70. 

  70.       ge25519_p1p1_to_p3(r, &t);
    71. 

  71.       neg = pre1[-slide1[i]/2];
    72. 

  72.       d = neg.ysubx;
    73. 

  73.       neg.ysubx = neg.xaddy;
    74. 

  74.       neg.xaddy = d;
    75. 

  75.       fe25519_neg(&neg.t2d, &neg.t2d);
    76. 

  76.       ge25519_pnielsadd_p1p1(&t, r, &neg);
    77. 

  77.     }
    78. 

  78. 

  79.     if(slide2[i]>0)
    80. 

  80.     {
    81. 

  81.       ge25519_p1p1_to_p3(r, &t);
    82. 

  82.       ge25519_nielsadd_p1p1(&t, r, &pre2[slide2[i]/2]);
    83. 

  83.     }
    84. 

  84.     else if(slide2[i]<0)
    85. 

  85.     {
    86. 

  86.       ge25519_p1p1_to_p3(r, &t);
    87. 

  87.       nneg = pre2[-slide2[i]/2];
    88. 

  88.       d = nneg.ysubx;
    89. 

  89.       nneg.ysubx = nneg.xaddy;
    90. 

  90.       nneg.xaddy = d;
    91. 

  91.       fe25519_neg(&nneg.t2d, &nneg.t2d);
    92. 

  92.       ge25519_nielsadd_p1p1(&t, r, &nneg);
    93. 

  93.     }
    94. 

  94. 

  95.     ge25519_p1p1_to_p2((ge25519_p2 *)r, &t);
    96. 

  96.   }
    97. 

  97. }
    98.