Commit ece7af39 authored by Niels Möller's avatar Niels Möller

Merge branch 'curve25519'

parents 19ef5194 eec8e972
2014-08-27 Niels Möller <nisse@lysator.liu.se>
Merged camellia-reorg changes (starting at 2014-07-04).
* Makefile.in (clean-here): Added ecc-25519.h.
2014-08-26 Niels Möller <nisse@lysator.liu.se>
* examples/ecc-benchmark.c (bench_mul_g, bench_mul_a): Use struct
ecc_curve function pointers.
(bench_mul_g_eh, bench_mul_a_eh): Deleted.
(bench_curve): Make modq benchmark unconditional. Use bench_mul_g
and bench_mul_a also for curve25519.
* testsuite/ecc-mod-test.c (test_curve): Make modq test
unconditional, partially reverting 2014-07-04 change.
* ecc-25519.c (ecc_25519_modq): New function.
* eccdata.c (output_curve): Precomputation for curve25519 mod q.
* mini-gmp.c (mpz_abs_sub_bit): Do full normalization, needed in
case the most significant bit is cleared.
2014-08-25 Niels Möller <nisse@lysator.liu.se>
* testsuite/ecdh-test.c (set_point): Check return value of
ecc_point_set.
(test_main): Enable curve25519 test.
* ecc-point-mul-g.c (ecc_point_mul_g): Use ecc->mul_g and
ecc->h_to_a function pointers.
* ecc-point-mul.c (ecc_point_mul): Use the ecc->mul and
ecc->h_to_a function pointers.
* ecc-internal.h (ecc_mul_g_func, ecc_mul_func, ecc_h_to_a_func):
New typedefs.
(struct ecc_curve): New function pointers mul, mul_g, h_to_a, and
constans for their scratch requirements. Updated all instances.
* ecc-point.c (ecc_point_set): Handle curve25519 as a special
case, when checking if the point is on the curve.
2014-08-24 Niels Möller <nisse@lysator.liu.se>
* testsuite/ecdh-test.c: Test ecc_point_mul and ecc_point_mul_g,
using test data generated by ecc-ref.gp. Tests for all curves
except curve25519, which doesn't yet work with the general
ecc_point interface.
* testsuite/Makefile.in (TS_HOGWEED_SOURCES): Added ecdh-test.c.
* misc/ecc-ref.gp: Script to generate ECDH test data.
2014-08-23 Niels Möller <nisse@lysator.liu.se>
* ecc-a-to-j.c (ecc_a_to_j): Deleted INITIAL argument.
* ecc.h (ecc_a_to_j): Updated prototype.
* ecc-mul-a.c (ecc_mul_a, table_init): Updated calls to ecc_a_to_j.
* ecc-mul-a.c (ecc_mul_a): Deleted INITIAL argument, all callers,
except the tests, pass 1. Updated all callers.
(table_init): Likewise deleted INITIAL.
* ecc.h (ecc_mul_a): Updated prototype.
* testsuite/ecc-mul-a-test.c (test_main): Deleted tests for
ecc_mul_a with INITIAL == 0.
* ecc-internal.h (struct ecc_curve): Reordered struct, moved
function pointers before pointers to bignum constants.
* sec-modinv.c (sec_modinv): Document that for a == 0 (mod m), we
should produce the "inverse" 0.
* testsuite/ecc-modinv-test.c (test_main): Check that ecc_modp_inv
produces 0 if a == 0 or a == p.
2014-08-22 Niels Möller <nisse@lysator.liu.se>
* x86_64/ecc-25519-modp.asm: New file. Assembly implementation,
initial version yields 30% speedup of ecc_25519_modp. Early
folding eliminates one pass of carry propagation, and yields
almost 20% additional speedup.
* ecc-25519.c [HAVE_NATIVE_ecc_25519_modp]: Use assembly version
if available.
* configure.ac (asm_hogweed_optional_list): Added ecc-25519-modp.asm.
Also add HAVE_NATIVE_ecc_25519_modp to config.h.in.
2014-08-19 Niels Möller <nisse@lysator.liu.se>
* examples/ecc-benchmark.c (bench_curve): Support benchmarking of
curve25519, for now handled as a special case.
(curves): Added nettle_curve25519.
(bench_dup_eh, bench_add_eh, bench_add_ehh, bench_mul_g_eh): New
functions.
2014-08-18 Niels Möller <nisse@lysator.liu.se>
* testsuite/curve25519-dh-test.c (test_a): Use curve25519_mul.
(test_main): Use little-endian inputs for test_a.
(curve25519_sqrt, curve_25519): Deleted static helper functions,
no longer needed.
* curve25519-mul.c (curve25519_mul): New file and function.
* curve25519.h (curve25519_mul): Declare it.
* Makefile.in (hogweed_SOURCES): Added curve25519-mul.c.
* curve25519-mul-g.c (curve25519_mul_g): Renamed file and
function, updated callers.
* curve25519-base.c (curve25519_base): ... old names.
* Makefile.in (hogweed_SOURCES): Updated for rename.
* eccdata.c (output_curve): Compute constants needed for
Shanks-Tonelli.
* ecc-25519.c (ecc_modp_powm_2kp1, ecc_25519_sqrt): New functions.
* ecc-internal.h (ecc_25519_sqrt): Declare it.
2014-08-06 Niels Möller <nisse@lysator.liu.se>
* testsuite/curve25519-dh-test.c (test_g): Use curve25519_base.
(test_main): Use little-endian inputs for test_g.
* curve25519-base.c (curve25519_base): New file, new function.
Analogous to NaCl's crypto_scalarmult_base.
* curve25519.h: New file.
* Makefile.in (hogweed_SOURCES): Added curve25519-base.c.
(HEADERS): Added curve25519.h.
* gmp-glue.c (mpn_set_base256_le, mpn_get_base256_le): New functions.
* gmp-glue.h: Declare them.
2014-08-02 Niels Möller <nisse@lysator.liu.se>
* testsuite/curve25519-dh-test.c (curve25519_sqrt): Fixed memory
leak, a mpz_clear call was missing.
* ecc-internal.h (ECC_MUL_A_EH_WBITS): Set to 4, to enable
window-based scalar multiplication.
* ecc-mul-a-eh.c (table_init) [ECC_MUL_A_EH_WBITS > 0]: Fixed
initialization of TABLE(1).
2014-07-29 Niels Möller <nisse@lysator.liu.se>
* ecc-internal.h (ECC_MUL_A_EH_WBITS): New constant.
(ECC_A_TO_EH_ITCH, ECC_MUL_A_EH_ITCH): New macros.
* ecc-a-to-eh.c (ecc_a_to_eh, ecc_a_to_eh_itch): New file, new
functions.
* ecc-mul-a-eh.c: New file.
(ecc_mul_a_eh): New function. The case [ECC_MUL_A_EH_WBITS > 0]
not yet working).
(ecc_mul_a_eh_itch): New function.
* ecc.h: Declare new functions.
* Makefile.in (hogweed_SOURCES): Added ecc-a-to-eh.c and
ecc-mul-a-eh.c.
* testsuite/curve25519-dh-test.c (curve25519_sqrt): New function.
(curve_25519): Use ecc_mul_a_eh.
(test_a): New function.
(test_main): Test construction of shared secret, using scalar
multiplication with points other than the fix generator.
2014-07-26 Niels Möller <nisse@lysator.liu.se>
* ecc-add-ehh.c (ecc_add_ehh): Reduce scratch need.
* ecc-internal.h (ECC_ADD_EHH_ITCH): Reduced to 7*size.
2014-07-23 Niels Möller <nisse@lysator.liu.se>
* testsuite/curve25519-dh-test.c: New test case, based on
draft-josefsson-tls-curve25519-05 test vectors.
* testsuite/Makefile.in (TS_HOGWEED_SOURCES): Added curve25519-dh-test.c.
2014-07-18 Niels Möller <nisse@lysator.liu.se>
* ecc-mul-g-eh.c (ecc_mul_g_eh, ecc_mul_g_eh_itch): New file and
functions. Untested.
* ecc.h (ecc_mul_g_eh_itch): Declare new functions.
* ecc-internal.h (ECC_MUL_G_EH_ITCH): New macro.
* Makefile.in (hogweed_SOURCES): Added ecc-mul-g-eh.c.
2014-07-17 Niels Möller <nisse@lysator.liu.se>
* ecc-add-eh.c (ecc_add_eh): Reduce scratch need.
* ecc-internal.h (ECC_ADD_EH_ITCH): Reduced to 6*size.
* testsuite/curve25519-dup-test.c (test_main): Free allocated
storage.
2014-07-15 Niels Möller <nisse@lysator.liu.se>
* ecc-add-eh.c (ecc_add_eh, ecc_add_eh_itch): New file, new
functions.
* ecc.h: Declare new functions.
* ecc-internal.h (ECC_ADD_EH_ITCH): New macro.
* Makefile.in (hogweed_SOURCES): Added ecc-add-eh.c.
* testsuite/curve25519-add-test.c (test_main): Test ecc_add_eh.
Additional test for g2+g2. Free allocated storage.
2014-07-14 Niels Möller <nisse@lysator.liu.se>
* testsuite/curve25519-add-test.c: New test case.
* testsuite/Makefile.in (TS_HOGWEED_SOURCES): Added
curve25519-add-test.c.
* ecc-add-ehh.c (ecc_add_ehh, ecc_add_ehh_itch): New file, new
functions.
* ecc.h (ecc_add_ehh, ecc_add_ehh_itch): Declare them.
* ecc-internal.h (ECC_ADD_EHH_ITCH): New macro.
* Makefile.in (hogweed_SOURCES): Added ecc-add-ehh.c.
* ecc-25519.c (nettle_curve25519): Use ecc_d instead of ecc_b.
* eccdata.c: For curve25519, output the Edwards curve constant,
ecc_d = (121665/121666) mod p.
* testsuite/curve25519-dup-test.c (test_main): Add test for 4g.
Delete some left-over debug output.
2014-07-11 Niels Möller <nisse@lysator.liu.se>
* misc/ecc-formulas.tex: Some ECC notes.
* testsuite/curve25519-dup-test.c: New testcase.
* testsuite/Makefile.in (TS_HOGWEED_SOURCES): Added
curve25519-dup-test.c.
* testsuite/testutils.c (test_ecc_point): Made non-static.
* testsuite/testutils.h (struct ecc_ref_point): Moved here, from
testutils.h.
(test_ecc_point): Declare it.
* ecc-dup-eh.c (ecc_dup_eh, ecc_dup_eh_itch): New file, new functions.
* ecc-eh-to-a.c (ecc_eh_to_a, ecc_eh_to_a_itch): New file, new
functions.
* ecc.h: Declare new functions.
* ecc-internal.h (ECC_EH_TO_A_ITCH, ECC_DUP_EH_ITCH): New macros.
* Makefile.in (hogweed_SOURCES): Added ecc-dup-eh.c and
ecc-eh-to-a.c.
* ecc-internal.h (struct ecc_curve): New constant edwards_root.
* ecc-192.c (nettle_secp_192r1): Updated accordingly, additional
NULL pointer.
* ecc-224.c (nettle_secp_224r1): Likewise.
* ecc-256.c (nettle_secp_256r1): Likewise.
* ecc-384.c (nettle_secp_384r1): Likewise.
* ecc-521.c (nettle_secp_521r1): Likewise.
* ecc-25519.c (nettle_curve25519): Initialize new constant.
* eccdata.c (ecc_curve_init): For curve 25519, use correct
constant for edwards coordinate transform, and output the constant
as ecc_edwards.
2014-07-06 Niels Möller <nisse@lysator.liu.se>
* eccdata.c: Use separate is_zero flag to represent the neutral
element.
(output_point, output_point_redc): Unified to a single function,
with a use_redc flag argument. Also support conversion to Edwards
form.
(ecc_curve_init_str): New argument for Edwards curve conversion
constant.
2014-07-04 Niels Möller <nisse@lysator.liu.se>
Started curve25519 branch.
* ecc-25519.c: New file.
(ecc_25519_modp): New function.
(nettle_curve25519): New curve.
* ecc-curve.h (nettle_curve25519): Declare it.
* Makefile.in (hogweed_SOURCES): Added ecc-25519.c.
(ecc-25519.h): New generated file. Add as explicit dependency for
ecc-25519.o.
* testsuite/ecc-mod-test.c (test_curve): New function, extracted
from test_main. Tolerate NULL modq function pointer.
(test_main): Use test_curve, iterate over supported curves, and
also test curve_25519 for the new modp function.
2014-08-23 Niels Möller <nisse@lysator.liu.se>
* ecc-modp.c (ecc_modp_sub_1): Deleted unused function.
......
......@@ -164,18 +164,23 @@ hogweed_SOURCES = sexp.c sexp-format.c \
ecc-mod.c ecc-generic-modp.c ecc-generic-modq.c \
ecc-modp.c ecc-modq.c ecc-generic-redc.c \
ecc-192.c ecc-224.c ecc-256.c ecc-384.c ecc-521.c \
ecc-25519.c \
ecc-size.c ecc-j-to-a.c ecc-a-to-j.c \
ecc-dup-jj.c ecc-add-jja.c ecc-add-jjj.c \
ecc-a-to-eh.c ecc-eh-to-a.c \
ecc-dup-eh.c ecc-add-eh.c ecc-add-ehh.c \
ecc-mul-g-eh.c ecc-mul-a-eh.c \
ecc-mul-g.c ecc-mul-a.c ecc-hash.c ecc-random.c \
ecc-point.c ecc-scalar.c ecc-point-mul.c ecc-point-mul-g.c \
ecc-ecdsa-sign.c ecdsa-sign.c \
ecc-ecdsa-verify.c ecdsa-verify.c ecdsa-keygen.c \
curve25519-mul-g.c curve25519-mul.c \
$(OPT_HOGWEED_SOURCES)
HEADERS = aes.h arcfour.h arctwo.h asn1.h blowfish.h \
base16.h base64.h buffer.h camellia.h cast128.h \
cbc.h ccm.h chacha.h chacha-poly1305.h ctr.h \
des.h des-compat.h dsa.h dsa-compat.h eax.h \
curve25519.h des.h des-compat.h dsa.h dsa-compat.h eax.h \
ecc-curve.h ecc.h ecdsa.h \
gcm.h gosthash94.h hmac.h \
knuth-lfib.h \
......@@ -347,6 +352,9 @@ ecc-384.h: eccdata.stamp
ecc-521.h: eccdata.stamp
./eccdata$(EXEEXT_FOR_BUILD) 521 56 6 $(GMP_NUMB_BITS) > $@T && mv $@T $@
ecc-25519.h: eccdata.stamp
./eccdata$(EXEEXT_FOR_BUILD) 255 14 6 $(GMP_NUMB_BITS) > $@T && mv $@T $@
eccdata.stamp: eccdata.c
$(MAKE) eccdata$(EXEEXT_FOR_BUILD)
echo stamp > eccdata.stamp
......@@ -356,12 +364,14 @@ ecc-224.$(OBJEXT): ecc-224.h
ecc-256.$(OBJEXT): ecc-256.h
ecc-384.$(OBJEXT): ecc-384.h
ecc-521.$(OBJEXT): ecc-521.h
ecc-25519.$(OBJEXT): ecc-25519.h
ecc-192.p$(OBJEXT): ecc-192.h
ecc-224.p$(OBJEXT): ecc-224.h
ecc-256.p$(OBJEXT): ecc-256.h
ecc-384.p$(OBJEXT): ecc-384.h
ecc-521.p$(OBJEXT): ecc-521.h
ecc-25519.p$(OBJEXT): ecc-25519.h
.asm.s: $(srcdir)/asm.m4 machine.m4 config.m4
$(M4) $(srcdir)/asm.m4 machine.m4 config.m4 $< >$@T \
......@@ -619,7 +629,7 @@ distcheck: dist
clean-here:
-rm -f $(TARGETS) $(IMPLICIT_TARGETS) *.$(OBJEXT) *.p$(OBJEXT) *.s \
ecc-192.h ecc-224.h ecc-256.h ecc-384.h ecc-521.h \
ecc-192.h ecc-224.h ecc-256.h ecc-384.h ecc-521.h ecc-25519.h \
eccdata$(EXEEXT_FOR_BUILD) eccdata.stamp
-rm -rf .lib libnettle.stamp libhogweed.stamp
......
......@@ -285,7 +285,7 @@ asm_nettle_optional_list="gcm-hash8.asm"
asm_hogweed_optional_list=""
if test "x$enable_public_key" = "xyes" ; then
asm_hogweed_optional_list="ecc-192-modp.asm ecc-224-modp.asm \
ecc-256-redc.asm ecc-384-modp.asm ecc-521-modp.asm"
ecc-25519-modp.asm ecc-256-redc.asm ecc-384-modp.asm ecc-521-modp.asm"
fi
OPT_ASM_NETTLE_SOURCES=""
......@@ -365,6 +365,7 @@ AH_VERBATIM([HAVE_NATIVE],
#undef HAVE_NATIVE_ecc_192_redc
#undef HAVE_NATIVE_ecc_224_modp
#undef HAVE_NATIVE_ecc_224_redc
#undef HAVE_NATIVE_ecc_25519_modp
#undef HAVE_NATIVE_ecc_256_modp
#undef HAVE_NATIVE_ecc_256_redc
#undef HAVE_NATIVE_ecc_384_modp
......
/* curve25519-mul-g.c
Copyright (C) 2014 Niels Möller
This file is part of GNU Nettle.
GNU Nettle is free software: you can redistribute it and/or
modify it under the terms of either:
* the GNU Lesser General Public License as published by the Free
Software Foundation; either version 3 of the License, or (at your
option) any later version.
or
* the GNU General Public License as published by the Free
Software Foundation; either version 2 of the License, or (at your
option) any later version.
or both in parallel, as here.
GNU Nettle is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received copies of the GNU General Public License and
the GNU Lesser General Public License along with this program. If
not, see http://www.gnu.org/licenses/.
*/
#if HAVE_CONFIG_H
# include "config.h"
#endif
#include <string.h>
#include "curve25519.h"
#include "ecc.h"
#include "ecc-internal.h"
/* Intended to be compatible with NaCl's crypto_scalarmult_base. */
void
curve25519_mul_g (uint8_t *r, const uint8_t *n)
{
uint8_t t[CURVE25519_SIZE];
mp_limb_t *scratch;
mp_size_t ecc_size;
mp_size_t itch;
#define p scratch
#define x (scratch + 3*ecc_size)
#define scratch_out (scratch + 4*ecc_size)
memcpy (t, n, sizeof(t));
t[0] &= ~7;
t[CURVE25519_SIZE-1] = (t[CURVE25519_SIZE-1] & 0x3f) | 0x40;
ecc_size = nettle_curve25519.size;
itch = 4*ecc_size + ECC_MUL_G_EH_ITCH(ecc_size);
scratch = gmp_alloc_limbs (itch);
mpn_set_base256_le (x, ecc_size, t, CURVE25519_SIZE);
ecc_mul_g_eh (&nettle_curve25519, p, x, scratch_out);
ecc_eh_to_a (&nettle_curve25519, 2, x, p, scratch_out);
mpn_get_base256_le (r, CURVE25519_SIZE, x, ecc_size);
gmp_free_limbs (scratch, itch);
}
/* curve25519-mul.c
Copyright (C) 2014 Niels Möller
This file is part of GNU Nettle.
GNU Nettle is free software: you can redistribute it and/or
modify it under the terms of either:
* the GNU Lesser General Public License as published by the Free
Software Foundation; either version 3 of the License, or (at your
option) any later version.
or
* the GNU General Public License as published by the Free
Software Foundation; either version 2 of the License, or (at your
option) any later version.
or both in parallel, as here.
GNU Nettle is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received copies of the GNU General Public License and
the GNU Lesser General Public License along with this program. If
not, see http://www.gnu.org/licenses/.
*/
#if HAVE_CONFIG_H
# include "config.h"
#endif
#include <string.h>
#include "curve25519.h"
#include "ecc.h"
#include "ecc-internal.h"
/* Intended to be compatible with NaCl's crypto_scalarmult. NOTE: Not
side-channel silent, due to the sqrt. */
int
curve25519_mul (uint8_t *q, const uint8_t *n, const uint8_t *p)
{
uint8_t t[CURVE25519_SIZE];
mp_size_t itch;
mp_limb_t *scratch;
const struct ecc_curve *ecc = &nettle_curve25519;
#define x scratch
#define y (scratch + ecc->size)
#define s (scratch + 3*ecc->size)
#define scratch_out (scratch + 4*ecc->size)
itch = 5*ecc->size + ECC_MUL_A_EH_ITCH (ecc->size);
scratch = gmp_alloc_limbs (itch);
mpn_set_base256_le (x, ecc->size, p, CURVE25519_SIZE);
/* First compute y coordinate, from
y^2 = x^3 + b x^2 + x = (x^2 + bx + 1) x
*/
ecc_modp_sqr (&nettle_curve25519, y, x);
ecc_modp_addmul_1 (&nettle_curve25519, y, x, 0x76d06ULL);
ecc_modp_add (ecc, s, y, ecc->unit);
ecc_modp_mul (ecc, y, s, x);
/* FIXME: Pass s as scratch space to ecc_25519_sqrt */
if (!ecc_25519_sqrt (y, y))
/* y-coordinate doesn't belong to base field F_p. FIXME: Implement
case of y in F_{p^2}? */
return 0;
memcpy (t, n, sizeof(t));
t[0] &= ~7;
t[CURVE25519_SIZE-1] = (t[CURVE25519_SIZE-1] & 0x3f) | 0x40;
mpn_set_base256_le (s, ecc->size, t, CURVE25519_SIZE);
ecc_mul_a_eh (ecc, x, s, x, scratch_out);
ecc_eh_to_a (ecc, 2, s, x, scratch_out);
mpn_get_base256_le (q, CURVE25519_SIZE, s, ecc->size);
gmp_free_limbs (scratch, itch);
return 1;
}
/* curve25519.h
Copyright (C) 2014 Niels Möller
This file is part of GNU Nettle.
GNU Nettle is free software: you can redistribute it and/or
modify it under the terms of either:
* the GNU Lesser General Public License as published by the Free
Software Foundation; either version 3 of the License, or (at your
option) any later version.
or
* the GNU General Public License as published by the Free
Software Foundation; either version 2 of the License, or (at your
option) any later version.
or both in parallel, as here.
GNU Nettle is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received copies of the GNU General Public License and
the GNU Lesser General Public License along with this program. If
not, see http://www.gnu.org/licenses/.
*/
#ifndef NETTLE_CURVE25519_H
#define NETTLE_CURVE25519_H
#include "nettle-types.h"
#ifdef __cplusplus
extern "C" {
#endif
/* Name mangling */
#define curve25519_mul_g nettle_curve25519_mul_g
#define curve25519_mul nettle_curve25519_mul
#define CURVE25519_SIZE 32
void
curve25519_mul_g (uint8_t *q, const uint8_t *n);
int
curve25519_mul (uint8_t *q, const uint8_t *n, const uint8_t *p);
#endif /* NETTLE_CURVE25519_H */
......@@ -39,6 +39,9 @@
#include <assert.h>
/* FIXME: Remove ecc.h include, once prototypes of more internal
functions are moved to ecc-internal.h */
#include "ecc.h"
#include "ecc-internal.h"
#define USE_REDC 0
......@@ -117,15 +120,26 @@ const struct ecc_curve nettle_secp_192r1 =
ECC_REDC_SIZE,
ECC_PIPPENGER_K,
ECC_PIPPENGER_C,
ECC_MUL_A_ITCH (ECC_LIMB_SIZE),
ECC_MUL_G_ITCH (ECC_LIMB_SIZE),
ECC_J_TO_A_ITCH (ECC_LIMB_SIZE),
ecc_192_modp,
ecc_generic_redc,
ecc_192_modp,
ecc_generic_modq,
ecc_mul_a,
ecc_mul_g,
ecc_j_to_a,
ecc_p,
ecc_b,
ecc_q,
ecc_g,
ecc_redc_g,
ecc_192_modp,
ecc_generic_redc,
ecc_192_modp,
ecc_generic_modq,
NULL,
ecc_Bmodp,
ecc_Bmodp_shifted,
ecc_pp1h,
......
......@@ -37,6 +37,7 @@
# include "config.h"
#endif
#include "ecc.h"
#include "ecc-internal.h"
#if HAVE_NATIVE_ecc_224_modp
......@@ -63,15 +64,26 @@ const struct ecc_curve nettle_secp_224r1 =
ECC_REDC_SIZE,
ECC_PIPPENGER_K,
ECC_PIPPENGER_C,
ECC_MUL_A_ITCH (ECC_LIMB_SIZE),
ECC_MUL_G_ITCH (ECC_LIMB_SIZE),
ECC_J_TO_A_ITCH (ECC_LIMB_SIZE),
ecc_224_modp,
ecc_generic_redc,
USE_REDC ? ecc_generic_redc : ecc_224_modp,
ecc_generic_modq,
ecc_mul_a,
ecc_mul_g,
ecc_j_to_a,
ecc_p,