Commit 923cc6ae by Niels Möller

### Rename add and dup functions for Edwards curves.

parent 6d455c6d
 ... ... @@ -180,6 +180,7 @@ hogweed_SOURCES = sexp.c sexp-format.c \ ecc-dup-jj.c ecc-add-jja.c ecc-add-jjj.c \ ecc-eh-to-a.c \ ecc-dup-eh.c ecc-add-eh.c ecc-add-ehh.c \ ecc-dup-th.c ecc-add-th.c ecc-add-thh.c \ ecc-mul-g-eh.c ecc-mul-a-eh.c ecc-mul-m.c \ ecc-mul-g.c ecc-mul-a.c ecc-hash.c ecc-random.c \ ecc-point.c ecc-scalar.c ecc-point-mul.c ecc-point-mul-g.c \ ... ...
 ... ... @@ -310,9 +310,9 @@ const struct ecc_curve _nettle_curve448 = ECC_MUL_G_EH_ITCH (ECC_LIMB_SIZE), ECC_EH_TO_A_ITCH (ECC_LIMB_SIZE, ECC_448_INV_ITCH), ecc_add_eh_untwisted, ecc_add_ehh_untwisted, ecc_dup_eh_untwisted, ecc_add_eh, ecc_add_ehh, ecc_dup_eh, ecc_mul_a_eh, ecc_mul_g_eh, ecc_eh_to_a, ... ...
 ... ... @@ -50,80 +50,6 @@ ecc_add_eh (const struct ecc_curve *ecc, #define x2 q #define y2 (q + ecc->p.size) #define x3 r #define y3 (r + ecc->p.size) #define z3 (r + 2*ecc->p.size) /* Formulas (from djb, http://www.hyperelliptic.org/EFD/g1p/auto-twisted-projective.html#addition-madd-2008-bbjlp Computation Operation Live variables C = x1*x2 mul C D = y1*y2 mul C, D T = (x1+y1)*(x2+y2) mul C, D, T - C - D E = b*C*D 2 mul C, E, T (Replace C <-- D+C) B = z1^2 sqr B, C, E, T F = B - E B, C, E, F, T G = B + E C, F, G, T x3 = z1 * F * T 2 mul C, F, G, T y3 = z1*G*(D+C) 2 mul F, G z3 = F*G mul 10M + 1S We have different sign for E, hence swapping F and G, because our ecc->b corresponds to -b above. */ #define C (scratch) #define D (scratch + 1*ecc->p.size) #define T (scratch + 2*ecc->p.size) #define E (scratch + 3*ecc->p.size) #define B (scratch + 4*ecc->p.size) #define F D #define G E ecc_modp_mul (ecc, C, x1, x2); ecc_modp_mul (ecc, D, y1, y2); ecc_modp_add (ecc, x3, x1, y1); ecc_modp_add (ecc, y3, x2, y2); ecc_modp_mul (ecc, T, x3, y3); ecc_modp_sub (ecc, T, T, C); ecc_modp_sub (ecc, T, T, D); ecc_modp_mul (ecc, x3, C, D); ecc_modp_mul (ecc, E, x3, ecc->b); ecc_modp_add (ecc, C, D, C); ecc_modp_sqr (ecc, B, z1); ecc_modp_sub (ecc, F, B, E); ecc_modp_add (ecc, G, B, E); /* x3 */ ecc_modp_mul (ecc, B, G, T); ecc_modp_mul (ecc, x3, B, z1); /* y3 */ ecc_modp_mul (ecc, B, F, z1); ecc_modp_mul (ecc, y3, B, C); /* Clobbers z1 in case r == p. */ /* z3 */ ecc_modp_mul (ecc, B, F, G); mpn_copyi (z3, B, ecc->p.size); } void ecc_add_eh_untwisted (const struct ecc_curve *ecc, mp_limb_t *r, const mp_limb_t *p, const mp_limb_t *q, mp_limb_t *scratch) { #define x1 p #define y1 (p + ecc->p.size) #define z1 (p + 2*ecc->p.size) #define x2 q #define y2 (q + ecc->p.size) #define x3 r #define y3 (r + ecc->p.size) #define z3 (r + 2*ecc->p.size) ... ...
 ... ... @@ -50,84 +50,6 @@ ecc_add_ehh (const struct ecc_curve *ecc, #define y2 (q + ecc->p.size) #define z2 (q + 2*ecc->p.size) #define x3 r #define y3 (r + ecc->p.size) #define z3 (r + 2*ecc->p.size) /* Formulas (from djb, http://www.hyperelliptic.org/EFD/g1p/auto-twisted-projective.html#addition-add-2008-bbjlp): Computation Operation Live variables C = x1*x2 mul C D = y1*y2 mul C, D T = (x1+y1)(x2+y2) - C - D, mul C, D, T E = b*C*D 2 mul C, E, T (Replace C <-- D - C) A = z1*z2 mul A, C, E, T B = A^2 sqr A, B, C, E, T F = B - E A, B, C, E, F, T G = B + E A, C, F, G, T x3 = A*F*T 2 mul A, C, G y3 = A*G*(D+C) 2 mul F, G z3 = F*G mul 11M + S We have different sign for E, hence swapping F and G, because our ecc->b corresponds to -b above. */ #define C scratch #define D (scratch + ecc->p.size) #define T (scratch + 2*ecc->p.size) #define E (scratch + 3*ecc->p.size) #define A (scratch + 4*ecc->p.size) #define B (scratch + 5*ecc->p.size) #define F D #define G E ecc_modp_mul (ecc, C, x1, x2); ecc_modp_mul (ecc, D, y1, y2); ecc_modp_add (ecc, A, x1, y1); ecc_modp_add (ecc, B, x2, y2); ecc_modp_mul (ecc, T, A, B); ecc_modp_sub (ecc, T, T, C); ecc_modp_sub (ecc, T, T, D); ecc_modp_mul (ecc, x3, C, D); ecc_modp_mul (ecc, E, x3, ecc->b); ecc_modp_add (ecc, C, D, C); ecc_modp_mul (ecc, A, z1, z2); ecc_modp_sqr (ecc, B, A); ecc_modp_sub (ecc, F, B, E); ecc_modp_add (ecc, G, B, E); /* x3 */ ecc_modp_mul (ecc, B, G, T); ecc_modp_mul (ecc, x3, B, A); /* y3 */ ecc_modp_mul (ecc, B, F, C); ecc_modp_mul (ecc, y3, B, A); /* z3 */ ecc_modp_mul (ecc, B, F, G); mpn_copyi (z3, B, ecc->p.size); } void ecc_add_ehh_untwisted (const struct ecc_curve *ecc, mp_limb_t *r, const mp_limb_t *p, const mp_limb_t *q, mp_limb_t *scratch) { #define x1 p #define y1 (p + ecc->p.size) #define z1 (p + 2*ecc->p.size) #define x2 q #define y2 (q + ecc->p.size) #define z2 (q + 2*ecc->p.size) #define x3 r #define y3 (r + ecc->p.size) #define z3 (r + 2*ecc->p.size) ... ...