Skip to content
GitLab
Menu
Projects
Groups
Snippets
Loading...
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
Menu
Open sidebar
Brian Smith
nettle
Commits
e4a1fb1e
Commit
e4a1fb1e
authored
Mar 10, 2015
by
Niels Möller
Browse files
Updated curve25519_mul documentation.
parent
d5e787e3
Changes
2
Show whitespace changes
Inline
Side-by-side
ChangeLog
View file @
e4a1fb1e
2015-03-10 Niels Möller <nisse@diamant.hack.org>
2015-03-10 Niels Möller <nisse@diamant.hack.org>
* nettle.texinfo: Update documentation of curve25519_mul. Say that
the output is undefined for points belonging to the twist rather
than the proper curve.
* curve25519-mul.c (curve25519_mul): Changed return type to void.
* curve25519-mul.c (curve25519_mul): Changed return type to void.
* curve25519.h (curve25519_mul): Updated prototype.
* examples/hogweed-benchmark.c (bench_curve25519_mul): Drop check
* examples/hogweed-benchmark.c (bench_curve25519_mul): Drop check
of curve25519_mul return value.
of curve25519_mul return value.
* testsuite/curve25519-dh-test.c (test_a): Likewise.
* testsuite/curve25519-dh-test.c (test_a): Likewise.
...
...
nettle.texinfo
View file @
e4a1fb1e
...
@@ -4216,6 +4216,19 @@ for the curve25519 operations which work with the x-coordinate only).
...
@@ -4216,6 +4216,19 @@ for the curve25519 operations which work with the x-coordinate only).
The curve25519 functions are defined as operations on octet strings,
The curve25519 functions are defined as operations on octet strings,
which are interpreted as x-coordinates in little-endian byte order.
which are interpreted as x-coordinates in little-endian byte order.
Of all the possible input strings, only about half correspond to points
on curve25519, i.e., a value that can be produced by
@code
{
curve25519
_
mul
_
g
}
. The other half corresponds to points on a
related ``twist curve''. The current implementation of
@code
{
curve25519
_
mul
}
uses a Montgomery ladder for the scalar
multiplication, as suggested in the curve25519 literature, and produces
a well defined output for all possible inputs, no matter if points are
on the proper curve or on its twist. However, at the time of writing, it
is not yet ruled out that other implementations could be faster, and
therefore the behaviour for inputs corresponding to points on the twist
curve must be considered an implementation idiosyncrasy, and may change
in future versions.
@defvr Constant CURVE25519
_
SIZE
@defvr Constant CURVE25519
_
SIZE
The size of the strings representing curve25519 points and scalars, 32.
The size of the strings representing curve25519 points and scalars, 32.
@end defvr
@end defvr
...
@@ -4231,14 +4244,17 @@ This function is intended to be compatible with the function
...
@@ -4231,14 +4244,17 @@ This function is intended to be compatible with the function
@code
{
crypto
_
scalar
_
mult
_
base
}
in the NaCl library.
@code
{
crypto
_
scalar
_
mult
_
base
}
in the NaCl library.
@end deftypefun
@end deftypefun
@c FIXME: Change to void return type
@deftypefun void curve25519
_
mul (uint8
_
t *@var
{
q
}
, const uint8
_
t *@var
{
n
}
, const uint8
_
t *@var
{
p
}
)
@deftypefun int curve25519
_
mul (uint8
_
t *@var
{
q
}
, const uint8
_
t *@var
{
n
}
, const uint8
_
t *@var
{
p
}
)
Computes @math
{
Q = N P
}
, where @math
{
P
}
is an input point and @math
{
N
}
Computes @math
{
Q = N P
}
, where @math
{
P
}
is an input point and @math
{
N
}
is an integer. The input arguments @var
{
n
}
and @var
{
p
}
and the output
is an integer. The input arguments @var
{
n
}
and @var
{
p
}
and the output
argument @var
{
q
}
use a little-endian representation of the scalar and
argument @var
{
q
}
use a little-endian representation of the scalar and
the x-coordinates, respectively. They are all of size
the x-coordinates, respectively. They are all of size
@code
{
CURVE25519
_
SIZE
}
.
@code
{
CURVE25519
_
SIZE
}
.
The output value is defined only when the input @var
{
p
}
is a string
produced by @code
{
curve25519
_
mul
_
g
}
. (See discussion above, about the
twist curve).
This function is intended to be compatible with the function
This function is intended to be compatible with the function
@code
{
crypto
_
scalar
_
mult
}
in the NaCl library.
@code
{
crypto
_
scalar
_
mult
}
in the NaCl library.
@end deftypefun
@end deftypefun
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment