Moved internal declarations from ecc.h to ecc-internal.h.

ChangeLog

+2015-01-27  Niels Möller  <nisse@lysator.liu.se>
+
+	* ecc.h: Deleted declarations of unused itch functions. Moved
+	declarations of internal functions to...
+	* ecc-internal.h: ...new location. Also added a leading under
+	score on the symbols.
+	(ecc_a_to_j, ecc_j_to_a, ecc_eh_to_a, ecc_dup_jj, ecc_add_jja)
+	(ecc_add_jjj, ecc_dup_eh, ecc_add_eh, ecc_add_ehh, ecc_mul_g)
+	(ecc_mul_a, ecc_mul_g_eh, ecc_mul_a_eh): Affected functions.
+
+2015-01-26  Niels Möller  <nisse@lysator.liu.se>
+
+	* ecc-add-eh.c (ecc_add_eh_itch): Deleted.
+	* ecc-add-ehh.c (ecc_add_ehh_itch): Deleted.
+	* ecc-add-jja.c (ecc_add_jja_itch): Deleted.
+	* ecc-add-jjj.c (ecc_add_jjj_itch): Deleted.
+	* ecc-dup-eh.c (ecc_dup_eh_itch): Deleted.
+	* ecc-dup-jj.c (ecc_dup_jj_itch): Deleted.
+	* ecc-eh-to-a.c (ecc_eh_to_a_itch): Deleted.
+	* ecc-j-to-a.c (ecc_j_to_a_itch): Deleted.
+	* ecc-mul-a-eh.c (ecc_mul_a_eh_itch): Deleted.
+	* ecc-mul-a.c (ecc_mul_a_itch): Deleted.
+	* ecc-mul-g-eh.c (ecc_mul_g_eh_itch): Deleted.
+	* ecc-mul-g.c (ecc_mul_g_itch): Deleted.
+
 2015-01-25  Niels Möller  <nisse@lysator.liu.se>
 
 	* arm/fat/sha1-compress-2.asm: New file.

ecc-add-eh.c

@@ -36,12 +36,6 @@
 #include "ecc.h"
 #include "ecc-internal.h"
 
-mp_size_t
-ecc_add_eh_itch (const struct ecc_curve *ecc)
-{
-  return ECC_ADD_EH_ITCH (ecc->p.size);
-}
-
 /* Add two points on an Edwards curve, with result and first point in
    homogeneous coordinates. */
 void

ecc-add-ehh.c

@@ -36,12 +36,6 @@
 #include "ecc.h"
 #include "ecc-internal.h"
 
-mp_size_t
-ecc_add_ehh_itch (const struct ecc_curve *ecc)
-{
-  return ECC_ADD_EHH_ITCH (ecc->p.size);
-}
-
 /* Add two points on an Edwards curve, in homogeneous coordinates */
 void
 ecc_add_ehh (const struct ecc_curve *ecc,

ecc-add-jja.c

@@ -49,12 +49,6 @@
    + p = q   ==>  r = 0, invalid
 */
 
-mp_size_t
-ecc_add_jja_itch (const struct ecc_curve *ecc)
-{
-  return ECC_ADD_JJA_ITCH (ecc->p.size);
-}
-
 void
 ecc_add_jja (const struct ecc_curve *ecc,
 	     mp_limb_t *r, const mp_limb_t *p, const mp_limb_t *q,

ecc-add-jjj.c

@@ -38,13 +38,6 @@
 #include "ecc.h"
 #include "ecc-internal.h"
 
-mp_size_t
-ecc_add_jjj_itch (const struct ecc_curve *ecc)
-{
-  /* Needs 8 * ecc->p.size */
-  return ECC_ADD_JJJ_ITCH (ecc->p.size);
-}
-
 void
 ecc_add_jjj (const struct ecc_curve *ecc,
 	     mp_limb_t *r, const mp_limb_t *p, const mp_limb_t *q,

ecc-dup-eh.c

@@ -36,12 +36,6 @@
 #include "ecc.h"
 #include "ecc-internal.h"
 
-mp_size_t
-ecc_dup_eh_itch (const struct ecc_curve *ecc)
-{
-  return ECC_DUP_EH_ITCH (ecc->p.size);
-}
-
 /* Double a point on an Edwards curve, in homogeneous coordinates */
 void
 ecc_dup_eh (const struct ecc_curve *ecc,

ecc-dup-jj.c

@@ -42,12 +42,6 @@
 
    + p = 0  ==>  r = 0, correct!
 */
-mp_size_t
-ecc_dup_jj_itch (const struct ecc_curve *ecc)
-{
-  return ECC_DUP_JJ_ITCH (ecc->p.size);
-}
-
 void
 ecc_dup_jj (const struct ecc_curve *ecc,
 	    mp_limb_t *r, const mp_limb_t *p,

ecc-eh-to-a.c

@@ -38,14 +38,6 @@
 #include "ecc.h"
 #include "ecc-internal.h"
 
-mp_size_t
-ecc_eh_to_a_itch (const struct ecc_curve *ecc)
-{
-  /* Needs 2*ecc->p.size + scratch for ecc_modq_inv */  
-  return ECC_EH_TO_A_ITCH (ecc->p.size, ecc->p.invert_itch);
-}
-
-
 /* Convert from homogeneous coordinates on the Edwards curve to affine
    coordinates. */
 void

ecc-internal.h

@@ -53,6 +53,19 @@
 #define ecc_mod _nettle_ecc_mod
 #define ecc_mod_inv _nettle_ecc_mod_inv
 #define ecc_hash _nettle_ecc_hash
+#define ecc_a_to_j _nettle_ecc_a_to_j
+#define ecc_j_to_a _nettle_ecc_j_to_a
+#define ecc_eh_to_a _nettle_ecc_eh_to_a
+#define ecc_dup_jj _nettle_ecc_dup_jj
+#define ecc_add_jja _nettle_ecc_add_jja
+#define ecc_add_jjj _nettle_ecc_add_jjj
+#define ecc_dup_eh _nettle_ecc_dup_eh
+#define ecc_add_eh _nettle_ecc_add_eh
+#define ecc_add_ehh _nettle_ecc_add_ehh
+#define ecc_mul_g _nettle_ecc_mul_g
+#define ecc_mul_a _nettle_ecc_mul_a
+#define ecc_mul_g_eh _nettle_ecc_mul_g_eh
+#define ecc_mul_a_eh _nettle_ecc_mul_a_eh
 #define cnd_copy _nettle_cnd_copy
 #define sec_add_1 _nettle_sec_add_1
 #define sec_sub_1 _nettle_sec_sub_1
@@ -248,6 +261,102 @@ ecc_hash (const struct ecc_modulo *m,
 	  mp_limb_t *hp,
 	  size_t length, const uint8_t *digest);
 
+/* Converts a point P in affine coordinates into a point R in jacobian
+   coordinates. */
+void
+ecc_a_to_j (const struct ecc_curve *ecc,
+	    mp_limb_t *r, const mp_limb_t *p);
+
+/* Converts a point P in jacobian coordinates into a point R in affine
+   coordinates. If op == 1, produce x coordinate only. If op == 2,
+   produce the x coordiante only, and in also it modulo q. FIXME: For
+   the public interface, have separate for the three cases, and use
+   this flag argument only for the internal ecc->h_to_a function. */
+void
+ecc_j_to_a (const struct ecc_curve *ecc,
+	    int op,
+	    mp_limb_t *r, const mp_limb_t *p,
+	    mp_limb_t *scratch);
+
+/* Converts a point P on an Edwards curve to affine coordinates on
+   the corresponding Montgomery curve. */
+void
+ecc_eh_to_a (const struct ecc_curve *ecc,
+	     int op,
+	     mp_limb_t *r, const mp_limb_t *p,
+	     mp_limb_t *scratch);
+
+/* Group operations */
+
+/* Point doubling, with jacobian input and output. Corner cases:
+   Correctly sets R = 0 (r_Z = 0) if p = 0 or 2p = 0. */
+void
+ecc_dup_jj (const struct ecc_curve *ecc,
+	    mp_limb_t *r, const mp_limb_t *p,
+	    mp_limb_t *scratch);
+
+/* Point addition, with jacobian output, one jacobian input and one
+   affine input. Corner cases: Fails for the cases
+
+     P = Q != 0                       Duplication of non-zero point
+     P = 0, Q != 0 or P != 0, Q = 0   One input zero
+   
+     Correctly gives R = 0 if P = Q = 0 or P = -Q. */
+void
+ecc_add_jja (const struct ecc_curve *ecc,
+	     mp_limb_t *r, const mp_limb_t *p, const mp_limb_t *q,
+	     mp_limb_t *scratch);
+
+/* Point addition with Jacobian input and output. */
+void
+ecc_add_jjj (const struct ecc_curve *ecc,
+	     mp_limb_t *r, const mp_limb_t *p, const mp_limb_t *q,
+	     mp_limb_t *scratch);
+
+/* Point doubling on an Edwards curve, with homogeneous
+   cooordinates. */
+void
+ecc_dup_eh (const struct ecc_curve *ecc,
+	    mp_limb_t *r, const mp_limb_t *p,
+	    mp_limb_t *scratch);
+
+void
+ecc_add_eh (const struct ecc_curve *ecc,
+	    mp_limb_t *r, const mp_limb_t *p, const mp_limb_t *q,
+	    mp_limb_t *scratch);
+
+void
+ecc_add_ehh (const struct ecc_curve *ecc,
+	     mp_limb_t *r, const mp_limb_t *p, const mp_limb_t *q,
+	     mp_limb_t *scratch);
+
+/* Computes N * the group generator. N is an array of ecc_size()
+   limbs. It must be in the range 0 < N < group order, then R != 0,
+   and the algorithm can work without any intermediate values getting
+   to zero. */ 
+void
+ecc_mul_g (const struct ecc_curve *ecc, mp_limb_t *r,
+	   const mp_limb_t *np, mp_limb_t *scratch);
+
+/* Computes N * P. The scalar N is the same as for ecc_mul_g. P is a
+   non-zero point on the curve, in affine coordinates. Output R is a
+   non-zero point, in Jacobian coordinates. */
+void
+ecc_mul_a (const struct ecc_curve *ecc,
+	   mp_limb_t *r,
+	   const mp_limb_t *np, const mp_limb_t *p,
+	   mp_limb_t *scratch);
+
+void
+ecc_mul_g_eh (const struct ecc_curve *ecc, mp_limb_t *r,
+	      const mp_limb_t *np, mp_limb_t *scratch);
+
+void
+ecc_mul_a_eh (const struct ecc_curve *ecc,
+	      mp_limb_t *r,
+	      const mp_limb_t *np, const mp_limb_t *p,
+	      mp_limb_t *scratch);
+
 void
 cnd_copy (int cnd, mp_limb_t *rp, const mp_limb_t *ap, mp_size_t n);
 

ecc-j-to-a.c

@@ -38,13 +38,6 @@
 #include "ecc.h"
 #include "ecc-internal.h"
 
-mp_size_t
-ecc_j_to_a_itch (const struct ecc_curve *ecc)
-{
-  /* Needs 2*ecc->size + scratch for ecc_modq_inv */
-  return ECC_J_TO_A_ITCH (ecc->p.size);
-}
-
 void
 ecc_j_to_a (const struct ecc_curve *ecc,
 	    int op,

ecc-mul-a-eh.c

@@ -38,17 +38,12 @@
 #include "ecc.h"
 #include "ecc-internal.h"
 
-mp_size_t
-ecc_mul_a_eh_itch (const struct ecc_curve *ecc)
-{
-  /* Binary algorithm needs 6*ecc->p.size + scratch for ecc_add_ehh,
-     total 13 ecc->p.size
+/* Binary algorithm needs 6*ecc->p.size + scratch for ecc_add_ehh,
+   total 13 ecc->p.size
 
-     Window algorithm needs (3<<w) * ecc->p.size for the table,
-     3*ecc->p.size for a temporary point, and scratch for
-     ecc_add_ehh. */
-  return ECC_MUL_A_EH_ITCH (ecc->p.size);
-}
+   Window algorithm needs (3<<w) * ecc->p.size for the table,
+   3*ecc->p.size for a temporary point, and scratch for
+   ecc_add_ehh. */
 
 #if ECC_MUL_A_EH_WBITS == 0
 void

ecc-mul-a.c

@@ -40,17 +40,12 @@
 #include "ecc.h"
 #include "ecc-internal.h"
 
-mp_size_t
-ecc_mul_a_itch (const struct ecc_curve *ecc)
-{
-  /* Binary algorithm needs 6*ecc->p.size + scratch for ecc_add_jja.
-     Current total is 12 ecc->p.size, at most 864 bytes.
+/* Binary algorithm needs 6*ecc->p.size + scratch for ecc_add_jja.
+   Current total is 12 ecc->p.size, at most 864 bytes.
 
-     Window algorithm needs (3<<w) * ecc->p.size for the table,
-     3*ecc->p.size for a temporary point, and scratch for
-     ecc_add_jjj. */
-  return ECC_MUL_A_ITCH (ecc->p.size);
-}
+   Window algorithm needs (3<<w) * ecc->p.size for the table,
+   3*ecc->p.size for a temporary point, and scratch for
+   ecc_add_jjj. */
 
 #if ECC_MUL_A_WBITS == 0
 void

ecc-mul-g-eh.c

@@ -40,13 +40,6 @@
 #include "ecc.h"
 #include "ecc-internal.h"
 
-mp_size_t
-ecc_mul_g_eh_itch (const struct ecc_curve *ecc)
-{
-  /* Needs 3*ecc->p.size + scratch for ecc_add_jja. */
-  return ECC_MUL_G_EH_ITCH (ecc->p.size);
-}
-
 void
 ecc_mul_g_eh (const struct ecc_curve *ecc, mp_limb_t *r,
 	      const mp_limb_t *np, mp_limb_t *scratch)

ecc-mul-g.c

@@ -40,13 +40,6 @@
 #include "ecc.h"
 #include "ecc-internal.h"
 
-mp_size_t
-ecc_mul_g_itch (const struct ecc_curve *ecc)
-{
-  /* Needs 3*ecc->p.size + scratch for ecc_add_jja. */
-  return ECC_MUL_G_ITCH (ecc->p.size);
-}
-
 void
 ecc_mul_g (const struct ecc_curve *ecc, mp_limb_t *r,
 	   const mp_limb_t *np, mp_limb_t *scratch)

ecc.h

@@ -58,31 +58,6 @@ extern "C" {
 #define ecc_size nettle_ecc_size
 #define ecc_size_a nettle_ecc_size_a
 #define ecc_size_j nettle_ecc_size_j
-#define ecc_a_to_j nettle_ecc_a_to_j
-#define ecc_j_to_a_itch nettle_ecc_j_to_a_itch
-#define ecc_j_to_a nettle_ecc_j_to_a
-#define ecc_eh_to_a_itch nettle_ecc_eh_to_a_itch
-#define ecc_eh_to_a nettle_ecc_eh_to_a
-#define ecc_dup_jj_itch nettle_ecc_dup_jj_itch
-#define ecc_dup_jj nettle_ecc_dup_jj
-#define ecc_add_jja_itch nettle_ecc_add_jja_itch
-#define ecc_add_jja nettle_ecc_add_jja
-#define ecc_add_jjj_itch nettle_ecc_add_jjj_itch
-#define ecc_add_jjj nettle_ecc_add_jjj
-#define ecc_dup_eh_itch nettle_ecc_dup_eh_itch
-#define ecc_dup_eh nettle_ecc_dup_eh
-#define ecc_add_eh_itch nettle_ecc_add_eh_itch
-#define ecc_add_eh nettle_ecc_add_eh
-#define ecc_add_ehh_itch nettle_ecc_add_ehh_itch
-#define ecc_add_ehh nettle_ecc_add_ehh
-#define ecc_mul_g_itch nettle_ecc_mul_g_itch
-#define ecc_mul_g nettle_ecc_mul_g
-#define ecc_mul_a_itch nettle_ecc_mul_a_itch
-#define ecc_mul_a nettle_ecc_mul_a
-#define ecc_mul_g_eh_itch nettle_ecc_mul_g_eh_itch
-#define ecc_mul_g_eh nettle_ecc_mul_g_eh
-#define ecc_mul_a_eh_itch nettle_ecc_mul_a_eh_itch
-#define ecc_mul_a_eh nettle_ecc_mul_a_eh
 
 struct ecc_curve;
 
@@ -174,133 +149,8 @@ ecc_size_a (const struct ecc_curve *ecc);
 mp_size_t
 ecc_size_j (const struct ecc_curve *ecc);
 
-/* FIXME: Rename the low-level (and side-channel silent) functions to
-   _ecc_*, and provide public ecc_* functions which handle the
-   infinity points properly? */
-
-/* Converts a point P in affine coordinates into a point R in jacobian
-   coordinates. */
-void
-ecc_a_to_j (const struct ecc_curve *ecc,
-	    mp_limb_t *r, const mp_limb_t *p);
-
-/* Converts a point P in jacobian coordinates into a point R in affine
-   coordinates. If op == 1, produce x coordinate only. If op == 2,
-   produce the x coordiante only, and in also it modulo q. FIXME: For
-   the public interface, have separate for the three cases, and use
-   this flag argument only for the internal ecc->h_to_a function. */
-mp_size_t
-ecc_j_to_a_itch (const struct ecc_curve *ecc);
-void
-ecc_j_to_a (const struct ecc_curve *ecc,
-	    int op,
-	    mp_limb_t *r, const mp_limb_t *p,
-	    mp_limb_t *scratch);
-
-/* Converts a point P on an Edwards curve to affine coordinates on
-   the corresponding Montgomery curve. */
-
-mp_size_t
-ecc_eh_to_a_itch (const struct ecc_curve *ecc);
-void
-ecc_eh_to_a (const struct ecc_curve *ecc,
-	     int op,
-	     mp_limb_t *r, const mp_limb_t *p,
-	     mp_limb_t *scratch);
-
-/* Group operations */
-
-/* Point doubling, with jacobian input and output. Corner cases:
-   Correctly sets R = 0 (r_Z = 0) if p = 0 or 2p = 0. */
-mp_size_t
-ecc_dup_jj_itch (const struct ecc_curve *ecc);
-void
-ecc_dup_jj (const struct ecc_curve *ecc,
-	    mp_limb_t *r, const mp_limb_t *p,
-	    mp_limb_t *scratch);
-
-
-/* Point addition, with jacobian output, one jacobian input and one
-   affine input. Corner cases: Fails for the cases
-
-     P = Q != 0                       Duplication of non-zero point
-     P = 0, Q != 0 or P != 0, Q = 0   One input zero
-   
-     Correctly gives R = 0 if P = Q = 0 or P = -Q. */
-mp_size_t
-ecc_add_jja_itch (const struct ecc_curve *ecc);
-void
-ecc_add_jja (const struct ecc_curve *ecc,
-	     mp_limb_t *r, const mp_limb_t *p, const mp_limb_t *q,
-	     mp_limb_t *scratch);
-
-/* Point addition with Jacobian input and output. */
-mp_size_t
-ecc_add_jjj_itch (const struct ecc_curve *ecc);
-void
-ecc_add_jjj (const struct ecc_curve *ecc,
-	     mp_limb_t *r, const mp_limb_t *p, const mp_limb_t *q,
-	     mp_limb_t *scratch);
-
-/* FIXME: Use a generic ecc_dup, ecc_add, for any type of curve. */
-/* Point doubling on an Edwards curve, with homogeneous
-   cooordinates. */
-mp_size_t
-ecc_dup_eh_itch (const struct ecc_curve *ecc);
-void
-ecc_dup_eh (const struct ecc_curve *ecc,
-	    mp_limb_t *r, const mp_limb_t *p,
-	    mp_limb_t *scratch);
-
-mp_size_t
-ecc_add_eh_itch (const struct ecc_curve *ecc);
-void
-ecc_add_eh (const struct ecc_curve *ecc,
-	    mp_limb_t *r, const mp_limb_t *p, const mp_limb_t *q,
-	    mp_limb_t *scratch);
-
-mp_size_t
-ecc_add_ehh_itch (const struct ecc_curve *ecc);
-void
-ecc_add_ehh (const struct ecc_curve *ecc,
-	     mp_limb_t *r, const mp_limb_t *p, const mp_limb_t *q,
-	     mp_limb_t *scratch);
-
-/* Computes N * the group generator. N is an array of ecc_size()
-   limbs. It must be in the range 0 < N < group order, then R != 0,
-   and the algorithm can work without any intermediate values getting
-   to zero. */ 
-mp_size_t
-ecc_mul_g_itch (const struct ecc_curve *ecc);
-void
-ecc_mul_g (const struct ecc_curve *ecc, mp_limb_t *r,
-	   const mp_limb_t *np, mp_limb_t *scratch);
-
-/* Computes N * P. The scalar N is the same as for ecc_mul_g. P is a
-   non-zero point on the curve, in affine coordinates. Output R is a
-   non-zero point, in Jacobian coordinates. */
-mp_size_t
-ecc_mul_a_itch (const struct ecc_curve *ecc);
-void
-ecc_mul_a (const struct ecc_curve *ecc,
-	   mp_limb_t *r,
-	   const mp_limb_t *np, const mp_limb_t *p,
-	   mp_limb_t *scratch);
-
-mp_size_t
-ecc_mul_g_eh_itch (const struct ecc_curve *ecc);
-void
-ecc_mul_g_eh (const struct ecc_curve *ecc, mp_limb_t *r,
-	      const mp_limb_t *np, mp_limb_t *scratch);
-
-mp_size_t
-ecc_mul_a_eh_itch (const struct ecc_curve *ecc);
-void
-ecc_mul_a_eh (const struct ecc_curve *ecc,
-	      mp_limb_t *r,
-	      const mp_limb_t *np, const mp_limb_t *p,
-	      mp_limb_t *scratch);
-
+/* FIXME: Define a generic ecc_dup, ecc_add, for any type of curve. Do
+   they need to handle infinity points? */
 
 #ifdef __cplusplus
 }