...
 
Commits (4)
......@@ -43,13 +43,13 @@ core
/keymap.h
/parity.h
/rotors.h
/ecc-192.h
/ecc-224.h
/ecc-256.h
/ecc-384.h
/ecc-521.h
/ecc-25519.h
/ecc-448.h
/ecc-curve25519.h
/ecc-curve448.h
/ecc-secp192r1.h
/ecc-secp224r1.h
/ecc-secp256r1.h
/ecc-secp384r1.h
/ecc-secp521r1.h
/version.h
/nettle.aux
/nettle.cp
......
2020-01-10 Niels Möller <nisse@lysator.liu.se>
From Dmitry Eremin-Solenikov: Consistently rename ecc files and
internal functions to include curve name rather than just number
of bits. E.g.,
* ecc-256.c (nettle_ecc_256_redc): File and function renamed to...
* ecc-secp256r1.c (_nettle_ecc_256_redc): ... new names.
* eccdata.c (ecc_curve_init, main): Take curve name as input, not
bit size.
2020-01-03 Niels Möller <nisse@lysator.liu.se>
Add benchmarking of ed25519, ed448 and curve448.
......
......@@ -175,8 +175,9 @@ hogweed_SOURCES = sexp.c sexp-format.c \
gmp-glue.c cnd-copy.c \
ecc-mod.c ecc-mod-inv.c \
ecc-mod-arith.c ecc-pp1-redc.c ecc-pm1-redc.c \
ecc-192.c ecc-224.c ecc-256.c ecc-384.c ecc-521.c \
ecc-25519.c ecc-448.c \
ecc-curve25519.c ecc-curve448.c \
ecc-secp192r1.c ecc-secp224r1.c ecc-secp256r1.c \
ecc-secp384r1.c ecc-secp521r1.c \
ecc-size.c ecc-j-to-a.c ecc-a-to-j.c \
ecc-dup-jj.c ecc-add-jja.c ecc-add-jjj.c \
ecc-eh-to-a.c \
......@@ -350,24 +351,24 @@ des.$(OBJEXT): des.c des.h $(des_headers)
# k = 14, c = 7, S = 256, T = 42 ( 28 A + 14 D) 12 KB
# k = 11, c = 6, S = 192, T = 44 ( 33 A + 11 D) 9 KB
# k = 16, c = 6, S = 128, T = 48 ( 32 A + 16 D) 6 KB
ecc-192.h: eccdata.stamp
./eccdata$(EXEEXT_FOR_BUILD) 192 8 6 $(NUMB_BITS) > $@T && mv $@T $@
ecc-secp192r1.h: eccdata.stamp
./eccdata$(EXEEXT_FOR_BUILD) secp192r1 8 6 $(NUMB_BITS) > $@T && mv $@T $@
# Some reasonable choices for 224:
# k = 16, c = 7, S = 256, T = 48 ( 32 A + 16 D) ~16 KB
# k = 10, c = 6, S = 256, T = 50 ( 40 A + 10 D) ~16 KB
# k = 13, c = 6, S = 192, T = 52 ( 39 A + 13 D) ~12 KB
# k = 9, c = 5, S = 160, T = 54 ( 45 A + 9 D) ~10 KB
ecc-224.h: eccdata.stamp
./eccdata$(EXEEXT_FOR_BUILD) 224 16 7 $(NUMB_BITS) > $@T && mv $@T $@
ecc-secp224r1.h: eccdata.stamp
./eccdata$(EXEEXT_FOR_BUILD) secp224r1 16 7 $(NUMB_BITS) > $@T && mv $@T $@
# Some reasonable choices for 256:
# k = 9, c = 6, S = 320, T = 54 ( 45 A + 9 D) 20 KB
# k = 11, c = 6, S = 256, T = 55 ( 44 A + 11 D) 16 KB
# k = 19, c = 7, S = 256, T = 57 ( 38 A + 19 D) 16 KB
# k = 15, c = 6, S = 192, T = 60 ( 45 A + 15 D) 12 KB
ecc-256.h: eccdata.stamp
./eccdata$(EXEEXT_FOR_BUILD) 256 11 6 $(NUMB_BITS) > $@T && mv $@T $@
ecc-secp256r1.h: eccdata.stamp
./eccdata$(EXEEXT_FOR_BUILD) secp256r1 11 6 $(NUMB_BITS) > $@T && mv $@T $@
# Some reasonable choices for 384:
# k = 16, c = 6, S = 256, T = 80 ( 64 A + 16 D) 24 KB
......@@ -377,35 +378,35 @@ ecc-256.h: eccdata.stamp
# k = 13, c = 5, S = 192, T = 91 ( 78 A + 13 D) 18 KB
# k = 16, c = 5, S = 160, T = 96 ( 80 A + 16 D) 15 KB
# k = 32, c = 6, S = 128, T = 96 ( 64 A + 32 D) 12 KB
ecc-384.h: eccdata.stamp
./eccdata$(EXEEXT_FOR_BUILD) 384 32 6 $(NUMB_BITS) > $@T && mv $@T $@
ecc-secp384r1.h: eccdata.stamp
./eccdata$(EXEEXT_FOR_BUILD) secp384r1 32 6 $(NUMB_BITS) > $@T && mv $@T $@
# Some reasonable choices for 521:
# k = 29, c = 6, S = 192, T = 116 ( 87 A + 29 D) ~27 KB
# k = 21, c = 5, S = 160, T = 126 (105 A + 21 D) ~23 KB
# k = 44, c = 6, S = 128, T = 132 ( 88 A + 44 D) ~18 KB
# k = 35, c = 5, S = 96, T = 140 (105 A + 35 D) ~14 KB
ecc-521.h: eccdata.stamp
./eccdata$(EXEEXT_FOR_BUILD) 521 44 6 $(NUMB_BITS) > $@T && mv $@T $@
ecc-secp521r1.h: eccdata.stamp
./eccdata$(EXEEXT_FOR_BUILD) secp521r1 44 6 $(NUMB_BITS) > $@T && mv $@T $@
# Parameter choices mostly the same as for ecc-256.h.
ecc-25519.h: eccdata.stamp
./eccdata$(EXEEXT_FOR_BUILD) 255 11 6 $(NUMB_BITS) > $@T && mv $@T $@
# Parameter choices mostly the same as for ecc-secp256r1.h.
ecc-curve25519.h: eccdata.stamp
./eccdata$(EXEEXT_FOR_BUILD) curve25519 11 6 $(NUMB_BITS) > $@T && mv $@T $@
ecc-448.h: eccdata.stamp
./eccdata$(EXEEXT_FOR_BUILD) 448 38 6 $(NUMB_BITS) > $@T && mv $@T $@
ecc-curve448.h: eccdata.stamp
./eccdata$(EXEEXT_FOR_BUILD) curve448 38 6 $(NUMB_BITS) > $@T && mv $@T $@
eccdata.stamp: eccdata.c
$(MAKE) eccdata$(EXEEXT_FOR_BUILD)
echo stamp > eccdata.stamp
ecc-192.$(OBJEXT): ecc-192.h
ecc-224.$(OBJEXT): ecc-224.h
ecc-256.$(OBJEXT): ecc-256.h
ecc-384.$(OBJEXT): ecc-384.h
ecc-521.$(OBJEXT): ecc-521.h
ecc-25519.$(OBJEXT): ecc-25519.h
ecc-448.$(OBJEXT): ecc-448.h
ecc-curve25519.$(OBJEXT): ecc-curve25519.h
ecc-curve448.$(OBJEXT): ecc-curve448.h
ecc-secp192r1.$(OBJEXT): ecc-secp192r1.h
ecc-secp224r1.$(OBJEXT): ecc-secp224r1.h
ecc-secp256r1.$(OBJEXT): ecc-secp256r1.h
ecc-secp384r1.$(OBJEXT): ecc-secp384r1.h
ecc-secp521r1.$(OBJEXT): ecc-secp521r1.h
.asm.$(OBJEXT): $(srcdir)/asm.m4 machine.m4 config.m4
$(M4) $(srcdir)/asm.m4 machine.m4 config.m4 $< >$*.s
......@@ -658,8 +659,9 @@ distcheck: dist
clean-here:
-rm -f $(TARGETS) *.$(OBJEXT) *.s *.so *.dll *.a \
ecc-192.h ecc-224.h ecc-256.h ecc-384.h ecc-521.h ecc-25519.h \
ecc-448.h \
ecc-curve25519.h ecc-curve448.h \
ecc-secp192r1.h ecc-secp224r1.h ecc-secp256r1.h \
ecc-secp384r1.h ecc-secp521r1.h \
aesdata$(EXEEXT_FOR_BUILD) \
desdata$(EXEEXT_FOR_BUILD) \
twofishdata$(EXEEXT_FOR_BUILD) \
......
C arm/ecc-192-modp.asm
C arm/ecc-secp192r1-modp.asm
ifelse(<
Copyright (C) 2013 Niels Möller
......@@ -30,7 +30,7 @@ ifelse(<
not, see http://www.gnu.org/licenses/.
>)
.file "ecc-192-modp.asm"
.file "ecc-secp192r1-modp.asm"
.arm
define(<HP>, <r0>) C Overlaps unused modulo argument
......@@ -49,11 +49,11 @@ define(<H1>, <T1>)
define(<C2>, <HP>)
define(<C4>, <r12>)
C ecc_192_modp (const struct ecc_modulo *m, mp_limb_t *rp)
C ecc_secp192r1_modp (const struct ecc_modulo *m, mp_limb_t *rp)
.text
.align 2
PROLOGUE(nettle_ecc_192_modp)
PROLOGUE(_nettle_ecc_secp192r1_modp)
push {r4,r5,r6,r7,r8,r10}
C Reduce two words at a time
add HP, RP, #48
......@@ -103,4 +103,4 @@ PROLOGUE(nettle_ecc_192_modp)
pop {r4,r5,r6,r7,r8,r10}
bx lr
EPILOGUE(nettle_ecc_192_modp)
EPILOGUE(_nettle_ecc_secp192r1_modp)
C arm/ecc-224-modp.asm
C arm/ecc-secp224r1-modp.asm
ifelse(<
Copyright (C) 2013 Niels Möller
......@@ -30,7 +30,7 @@ ifelse(<
not, see http://www.gnu.org/licenses/.
>)
.file "ecc-224-modp.asm"
.file "ecc-secp224r1-modp.asm"
.arm
define(<RP>, <r1>)
......@@ -48,11 +48,11 @@ define(<L0>, <r11>)
define(<L1>, <r12>)
define(<L2>, <lr>)
C ecc_224_modp (const struct ecc_modulo *m, mp_limb_t *rp)
C ecc_secp224r1_modp (const struct ecc_modulo *m, mp_limb_t *rp)
.text
.align 2
PROLOGUE(nettle_ecc_224_modp)
PROLOGUE(_nettle_ecc_secp224r1_modp)
push {r4,r5,r6,r7,r8,r10,r11,lr}
add L2, RP, #28
......@@ -121,4 +121,4 @@ PROLOGUE(nettle_ecc_224_modp)
stmdb RP, {T0,T1,T2,T3,T4,T5,T6}
pop {r4,r5,r6,r7,r8,r10,r11,pc}
EPILOGUE(nettle_ecc_224_modp)
EPILOGUE(_nettle_ecc_secp224r1_modp)
C arm/ecc-256-redc.asm
C arm/ecc-secp256r1-redc.asm
ifelse(<
Copyright (C) 2013 Niels Möller
......@@ -30,7 +30,7 @@ ifelse(<
not, see http://www.gnu.org/licenses/.
>)
.file "ecc-256-redc.asm"
.file "ecc-secp256r1-redc.asm"
.arm
define(<RP>, <r1>)
......@@ -48,11 +48,11 @@ define(<F1>, <r11>)
define(<F2>, <r12>)
define(<F3>, <lr>)
C ecc_256_redc (const struct ecc_modulo *m, mp_limb_t *rp)
C ecc_secp256r1_redc (const struct ecc_modulo *m, mp_limb_t *rp)
.text
.align 2
PROLOGUE(nettle_ecc_256_redc)
PROLOGUE(_nettle_ecc_secp256r1_redc)
push {r4,r5,r6,r7,r8,r10,r11,lr}
ldm RP!, {T0,T1,T2,T3,T4,T5,T6,T7}
......@@ -170,4 +170,4 @@ PROLOGUE(nettle_ecc_256_redc)
stm RP, {T0,T1,T2,T3,T4,T5,T6,T7}
pop {r4,r5,r6,r7,r8,r10,r11,pc}
EPILOGUE(nettle_ecc_256_redc)
EPILOGUE(_nettle_ecc_secp256r1_redc)
C arm/ecc-384-modp.asm
C arm/ecc-secp384r1-modp.asm
ifelse(<
Copyright (C) 2013 Niels Möller
......@@ -30,7 +30,7 @@ ifelse(<
not, see http://www.gnu.org/licenses/.
>)
.file "ecc-384-modp.asm"
.file "ecc-secp384r1-modp.asm"
.arm
define(<RP>, <r1>)
......@@ -46,11 +46,11 @@ define(<F4>, <r10>)
define(<N>, <r12>)
define(<H>, <lr>)
C ecc_384_modp (const struct ecc_modulo *m, mp_limb_t *rp)
C ecc_secp384r1_modp (const struct ecc_modulo *m, mp_limb_t *rp)
.text
.align 2
PROLOGUE(nettle_ecc_384_modp)
PROLOGUE(_nettle_ecc_secp384r1_modp)
push {r4,r5,r6,r7,r8,r10,lr}
add RP, RP, #80
......@@ -267,4 +267,4 @@ PROLOGUE(nettle_ecc_384_modp)
adcs T3, T3, H
stm RP!, {T0,T1,T2,T3} C 8-11
pop {r4,r5,r6,r7,r8,r10,pc}
EPILOGUE(nettle_ecc_384_modp)
EPILOGUE(_nettle_ecc_secp384r1_modp)
C arm/ecc-521-modp.asm
C arm/ecc-secp521r1-modp.asm
ifelse(<
Copyright (C) 2013 Niels Möller
......@@ -30,7 +30,7 @@ ifelse(<
not, see http://www.gnu.org/licenses/.
>)
.file "ecc-521-modp.asm"
.file "ecc-secp521r1-modp.asm"
.arm
define(<HP>, <r0>)
......@@ -45,14 +45,14 @@ define(<F3>, <r8>)
define(<H>, <r12>)
define(<N>, <lr>)
C ecc_521_modp (const struct ecc_modulo *m, mp_limb_t *rp)
C ecc_secp521r1_modp (const struct ecc_modulo *m, mp_limb_t *rp)
.text
.Lc511:
.int 511
.align 2
PROLOGUE(nettle_ecc_521_modp)
PROLOGUE(_nettle_ecc_secp521r1_modp)
push {r4,r5,r6,r7,r8,lr}
C Use that B^17 = 2^23 (mod p)
......@@ -124,4 +124,4 @@ PROLOGUE(nettle_ecc_521_modp)
stm RP, {T0,T1,T2,F0,F1,F2,F3,H} C 9-16
pop {r4,r5,r6,r7,r8,pc}
EPILOGUE(nettle_ecc_521_modp)
EPILOGUE(_nettle_ecc_secp521r1_modp)
......@@ -475,9 +475,9 @@ asm_nettle_optional_list="gcm-hash8.asm cpuid.asm \
asm_hogweed_optional_list=""
if test "x$enable_public_key" = "xyes" ; then
asm_hogweed_optional_list="ecc-192-modp.asm ecc-224-modp.asm \
ecc-256-redc.asm ecc-384-modp.asm ecc-521-modp.asm \
ecc-25519-modp.asm ecc-curve448-modp.asm"
asm_hogweed_optional_list="ecc-secp192r1-modp.asm ecc-secp224r1-modp.asm \
ecc-secp256r1-redc.asm ecc-secp384r1-modp.asm ecc-secp521r1-modp.asm \
ecc-curve25519-modp.asm ecc-curve448-modp.asm"
fi
OPT_NETTLE_OBJS=""
......@@ -572,18 +572,18 @@ AH_VERBATIM([HAVE_NATIVE],
[/* Define to 1 each of the following for which a native (ie. CPU specific)
implementation of the corresponding routine exists. */
#undef HAVE_NATIVE_chacha_core
#undef HAVE_NATIVE_ecc_192_modp
#undef HAVE_NATIVE_ecc_192_redc
#undef HAVE_NATIVE_ecc_224_modp
#undef HAVE_NATIVE_ecc_224_redc
#undef HAVE_NATIVE_ecc_25519_modp
#undef HAVE_NATIVE_ecc_256_modp
#undef HAVE_NATIVE_ecc_256_redc
#undef HAVE_NATIVE_ecc_384_modp
#undef HAVE_NATIVE_ecc_384_redc
#undef HAVE_NATIVE_ecc_curve25519_modp
#undef HAVE_NATIVE_ecc_curve448_modp
#undef HAVE_NATIVE_ecc_521_modp
#undef HAVE_NATIVE_ecc_521_redc
#undef HAVE_NATIVE_ecc_secp192r1_modp
#undef HAVE_NATIVE_ecc_secp192r1_redc
#undef HAVE_NATIVE_ecc_secp224r1_modp
#undef HAVE_NATIVE_ecc_secp224r1_redc
#undef HAVE_NATIVE_ecc_secp256r1_modp
#undef HAVE_NATIVE_ecc_secp256r1_redc
#undef HAVE_NATIVE_ecc_secp384r1_modp
#undef HAVE_NATIVE_ecc_secp384r1_redc
#undef HAVE_NATIVE_ecc_secp521r1_modp
#undef HAVE_NATIVE_ecc_secp521r1_redc
#undef HAVE_NATIVE_gcm_hash8
#undef HAVE_NATIVE_salsa20_core
#undef HAVE_NATIVE_sha1_compress
......
/* ecc-25519.c
/* ecc-curve25519.c
Arithmetic and tables for curve25519,
......@@ -42,15 +42,15 @@
#define USE_REDC 0
#include "ecc-25519.h"
#include "ecc-curve25519.h"
#define PHIGH_BITS (GMP_NUMB_BITS * ECC_LIMB_SIZE - 255)
#if HAVE_NATIVE_ecc_25519_modp
#if HAVE_NATIVE_ecc_curve25519_modp
#define ecc_25519_modp nettle_ecc_25519_modp
#define ecc_curve25519_modp _nettle_ecc_curve25519_modp
void
ecc_25519_modp (const struct ecc_modulo *m, mp_limb_t *rp);
ecc_curve25519_modp (const struct ecc_modulo *m, mp_limb_t *rp);
#else
#if PHIGH_BITS == 0
......@@ -58,7 +58,7 @@ ecc_25519_modp (const struct ecc_modulo *m, mp_limb_t *rp);
#endif
static void
ecc_25519_modp(const struct ecc_modulo *m UNUSED, mp_limb_t *rp)
ecc_curve25519_modp(const struct ecc_modulo *m UNUSED, mp_limb_t *rp)
{
mp_limb_t hi, cy;
......@@ -69,7 +69,7 @@ ecc_25519_modp(const struct ecc_modulo *m UNUSED, mp_limb_t *rp)
rp[ECC_LIMB_SIZE-1] = (hi & (GMP_NUMB_MASK >> PHIGH_BITS))
+ sec_add_1 (rp, rp, ECC_LIMB_SIZE - 1, 19 * cy);
}
#endif /* HAVE_NATIVE_ecc_25519_modp */
#endif /* HAVE_NATIVE_ecc_curve25519_modp */
#define QHIGH_BITS (GMP_NUMB_BITS * ECC_LIMB_SIZE - 252)
......@@ -78,7 +78,7 @@ ecc_25519_modp(const struct ecc_modulo *m UNUSED, mp_limb_t *rp)
#endif
static void
ecc_25519_modq (const struct ecc_modulo *q, mp_limb_t *rp)
ecc_curve25519_modq (const struct ecc_modulo *q, mp_limb_t *rp)
{
mp_size_t n;
mp_limb_t cy;
......@@ -180,7 +180,7 @@ ecc_mod_pow_252m3 (const struct ecc_modulo *m,
/* Needs 5*ECC_LIMB_SIZE scratch space. */
#define ECC_25519_INV_ITCH (5*ECC_LIMB_SIZE)
static void ecc_25519_inv (const struct ecc_modulo *p,
static void ecc_curve25519_inv (const struct ecc_modulo *p,
mp_limb_t *rp, const mp_limb_t *ap,
mp_limb_t *scratch)
{
......@@ -203,7 +203,7 @@ static void ecc_25519_inv (const struct ecc_modulo *p,
/* First, do a canonical reduction, then check if zero */
static int
ecc_25519_zero_p (const struct ecc_modulo *p, mp_limb_t *xp)
ecc_curve25519_zero_p (const struct ecc_modulo *p, mp_limb_t *xp)
{
mp_limb_t cy;
mp_limb_t w;
......@@ -239,7 +239,7 @@ ecc_25519_zero_p (const struct ecc_modulo *p, mp_limb_t *xp)
#define ECC_25519_SQRT_ITCH (9*ECC_LIMB_SIZE)
static int
ecc_25519_sqrt(const struct ecc_modulo *p, mp_limb_t *rp,
ecc_curve25519_sqrt(const struct ecc_modulo *p, mp_limb_t *rp,
const mp_limb_t *up, const mp_limb_t *vp,
mp_limb_t *scratch)
{
......@@ -271,9 +271,9 @@ ecc_25519_sqrt(const struct ecc_modulo *p, mp_limb_t *rp,
ecc_mod_sqr (p, x2, rp);
ecc_mod_mul (p, vx2, x2, vp);
ecc_mod_add (p, t0, vx2, up);
neg = ecc_25519_zero_p (p, t0);
neg = ecc_curve25519_zero_p (p, t0);
ecc_mod_sub (p, t0, up, vx2);
pos = ecc_25519_zero_p (p, t0);
pos = ecc_curve25519_zero_p (p, t0);
ecc_mod_mul (p, t0, rp, ecc_sqrt_z);
cnd_copy (neg, rp, t0, ECC_LIMB_SIZE);
......@@ -306,10 +306,10 @@ const struct ecc_curve _nettle_curve25519 =
NULL,
ecc_pp1h,
ecc_25519_modp,
ecc_25519_modp,
ecc_25519_inv,
ecc_25519_sqrt,
ecc_curve25519_modp,
ecc_curve25519_modp,
ecc_curve25519_inv,
ecc_curve25519_sqrt,
},
{
253,
......@@ -325,8 +325,8 @@ const struct ecc_curve _nettle_curve25519 =
NULL,
ecc_qp1h,
ecc_25519_modq,
ecc_25519_modq,
ecc_curve25519_modq,
ecc_curve25519_modq,
ecc_mod_inv,
NULL,
},
......
/* ecc-448.c
/* ecc-curve448.c
Arithmetic and tables for curve448,
......@@ -43,15 +43,15 @@
#define USE_REDC 0
#include "ecc-448.h"
#include "ecc-curve448.h"
#if HAVE_NATIVE_ecc_curve448_modp
#define ecc_448_modp nettle_ecc_curve448_modp
#define ecc_curve448_modp _nettle_ecc_curve448_modp
void
ecc_448_modp (const struct ecc_modulo *m, mp_limb_t *rp);
ecc_curve448_modp (const struct ecc_modulo *m, mp_limb_t *rp);
#elif GMP_NUMB_BITS == 64
static void
ecc_448_modp(const struct ecc_modulo *m, mp_limb_t *rp)
ecc_curve448_modp(const struct ecc_modulo *m, mp_limb_t *rp)
{
/* Let B = 2^64, b = 2^32 = sqrt(B).
p = B^7 - b B^3 - 1 ==> B^7 = b B^3 + 1
......@@ -95,7 +95,7 @@ ecc_448_modp(const struct ecc_modulo *m, mp_limb_t *rp)
assert (c7 == 0);
}
#else
#define ecc_448_modp ecc_mod
#define ecc_curve448_modp ecc_mod
#endif
/* Needs 2*ecc->size limbs at rp, and 2*ecc->size additional limbs of
......@@ -175,9 +175,9 @@ ecc_mod_pow_446m224m1 (const struct ecc_modulo *p,
#undef t2
}
#define ECC_448_INV_ITCH (5*ECC_LIMB_SIZE)
#define ECC_CURVE448_INV_ITCH (5*ECC_LIMB_SIZE)
static void ecc_448_inv (const struct ecc_modulo *p,
static void ecc_curve448_inv (const struct ecc_modulo *p,
mp_limb_t *rp, const mp_limb_t *ap,
mp_limb_t *scratch)
{
......@@ -194,7 +194,7 @@ static void ecc_448_inv (const struct ecc_modulo *p,
/* First, do a canonical reduction, then check if zero */
static int
ecc_448_zero_p (const struct ecc_modulo *p, mp_limb_t *xp)
ecc_curve448_zero_p (const struct ecc_modulo *p, mp_limb_t *xp)
{
mp_limb_t cy;
mp_limb_t w;
......@@ -217,10 +217,10 @@ ecc_448_zero_p (const struct ecc_modulo *p, mp_limb_t *xp)
*/
/* Needs 4*n space + scratch for ecc_mod_pow_446m224m1. */
#define ECC_448_SQRT_ITCH (9*ECC_LIMB_SIZE)
#define ECC_CURVE448_SQRT_ITCH (9*ECC_LIMB_SIZE)
static int
ecc_448_sqrt(const struct ecc_modulo *p, mp_limb_t *rp,
ecc_curve448_sqrt(const struct ecc_modulo *p, mp_limb_t *rp,
const mp_limb_t *up, const mp_limb_t *vp,
mp_limb_t *scratch)
{
......@@ -253,7 +253,7 @@ ecc_448_sqrt(const struct ecc_modulo *p, mp_limb_t *rp,
ecc_mod_mul (p, vx2, x2, vp);
ecc_mod_sub (p, t0, vx2, up);
return ecc_448_zero_p (p, t0);
return ecc_curve448_zero_p (p, t0);
#undef u3v
#undef u5v3
......@@ -275,8 +275,8 @@ const struct ecc_curve _nettle_curve448 =
ECC_LIMB_SIZE,
ECC_BMODP_SIZE,
0,
ECC_448_INV_ITCH,
ECC_448_SQRT_ITCH,
ECC_CURVE448_INV_ITCH,
ECC_CURVE448_SQRT_ITCH,
ecc_p,
ecc_Bmodp,
......@@ -284,10 +284,10 @@ const struct ecc_curve _nettle_curve448 =
NULL,
ecc_pp1h,
ecc_448_modp,
ecc_448_modp,
ecc_448_inv,
ecc_448_sqrt,
ecc_curve448_modp,
ecc_curve448_modp,
ecc_curve448_inv,
ecc_curve448_sqrt,
},
{
446,
......@@ -318,7 +318,7 @@ const struct ecc_curve _nettle_curve448 =
ECC_DUP_EH_ITCH (ECC_LIMB_SIZE),
ECC_MUL_A_EH_ITCH (ECC_LIMB_SIZE),
ECC_MUL_G_EH_ITCH (ECC_LIMB_SIZE),
ECC_EH_TO_A_ITCH (ECC_LIMB_SIZE, ECC_448_INV_ITCH),
ECC_EH_TO_A_ITCH (ECC_LIMB_SIZE, ECC_CURVE448_INV_ITCH),
ecc_add_eh,
ecc_add_ehh,
......
/* ecc-192.c
/* ecc-secp192r1.c
Compile time constant (but machine dependent) tables.
......@@ -46,20 +46,20 @@
#define USE_REDC 0
#include "ecc-192.h"
#include "ecc-secp192r1.h"
#if HAVE_NATIVE_ecc_192_modp
#if HAVE_NATIVE_ecc_secp192r1_modp
#define ecc_192_modp nettle_ecc_192_modp
#define ecc_secp192r1_modp _nettle_ecc_secp192r1_modp
void
ecc_192_modp (const struct ecc_modulo *m, mp_limb_t *rp);
ecc_secp192r1_modp (const struct ecc_modulo *m, mp_limb_t *rp);
/* Use that p = 2^{192} - 2^64 - 1, to eliminate 128 bits at a time. */
#elif GMP_NUMB_BITS == 32
/* p is 6 limbs, p = B^6 - B^2 - 1 */
static void
ecc_192_modp (const struct ecc_modulo *m UNUSED, mp_limb_t *rp)
ecc_secp192r1_modp (const struct ecc_modulo *m UNUSED, mp_limb_t *rp)
{
mp_limb_t cy;
......@@ -84,7 +84,7 @@ ecc_192_modp (const struct ecc_modulo *m UNUSED, mp_limb_t *rp)
#elif GMP_NUMB_BITS == 64
/* p is 3 limbs, p = B^3 - B - 1 */
static void
ecc_192_modp (const struct ecc_modulo *m UNUSED, mp_limb_t *rp)
ecc_secp192r1_modp (const struct ecc_modulo *m UNUSED, mp_limb_t *rp)
{
mp_limb_t cy;
......@@ -107,7 +107,7 @@ ecc_192_modp (const struct ecc_modulo *m UNUSED, mp_limb_t *rp)
}
#else
#define ecc_192_modp ecc_mod
#define ecc_secp192r1_modp ecc_mod
#endif
const struct ecc_curve _nettle_secp_192r1 =
......@@ -126,8 +126,8 @@ const struct ecc_curve _nettle_secp_192r1 =
ecc_redc_ppm1,
ecc_pp1h,
ecc_192_modp,
ecc_192_modp,
ecc_secp192r1_modp,
ecc_secp192r1_modp,
ecc_mod_inv,
NULL,
},
......
/* ecc-224.c
/* ecc-secp224r1.c
Compile time constant (but machine dependent) tables.
......@@ -40,24 +40,24 @@
#include "ecc.h"
#include "ecc-internal.h"
#if HAVE_NATIVE_ecc_224_modp
#if HAVE_NATIVE_ecc_secp224r1_modp
#define USE_REDC 0
#define ecc_224_modp nettle_ecc_224_modp
#define ecc_secp224r1_modp _nettle_ecc_secp224r1_modp
void
ecc_224_modp (const struct ecc_modulo *m, mp_limb_t *rp);
ecc_secp224r1_modp (const struct ecc_modulo *m, mp_limb_t *rp);
#else
#define USE_REDC (ECC_REDC_SIZE != 0)
#define ecc_224_modp ecc_mod
#define ecc_secp224r1_modp ecc_mod
#endif
#include "ecc-224.h"
#include "ecc-secp224r1.h"
#if ECC_REDC_SIZE < 0
# define ecc_224_redc ecc_pm1_redc
# define ecc_secp224r1_redc ecc_pm1_redc
#elif ECC_REDC_SIZE == 0
# define ecc_224_redc NULL
# define ecc_secp224r1_redc NULL
#else
# error Configuration error
#endif
......@@ -78,8 +78,8 @@ const struct ecc_curve _nettle_secp_224r1 =
ecc_redc_ppm1,
ecc_pp1h,
ecc_224_modp,
USE_REDC ? ecc_224_redc : ecc_224_modp,
ecc_secp224r1_modp,
USE_REDC ? ecc_secp224r1_redc : ecc_secp224r1_modp,
ecc_mod_inv,
NULL,
},
......
/* ecc-256.c
/* ecc-secp256r1.c
Compile time constant (but machine dependent) tables.
......@@ -42,35 +42,35 @@
#include "ecc.h"
#include "ecc-internal.h"
#if HAVE_NATIVE_ecc_256_redc
#if HAVE_NATIVE_ecc_secp256r1_redc
# define USE_REDC 1
#else
# define USE_REDC (ECC_REDC_SIZE != 0)
#endif
#include "ecc-256.h"
#include "ecc-secp256r1.h"
#if HAVE_NATIVE_ecc_256_redc
# define ecc_256_redc nettle_ecc_256_redc
#if HAVE_NATIVE_ecc_secp256r1_redc
# define ecc_secp256r1_redc _nettle_ecc_secp256r1_redc
void
ecc_256_redc (const struct ecc_modulo *p, mp_limb_t *rp);
#else /* !HAVE_NATIVE_ecc_256_redc */
ecc_secp256r1_redc (const struct ecc_modulo *p, mp_limb_t *rp);
#else /* !HAVE_NATIVE_ecc_secp256r1_redc */
# if ECC_REDC_SIZE > 0
# define ecc_256_redc ecc_pp1_redc
# define ecc_secp256r1_redc ecc_pp1_redc
# elif ECC_REDC_SIZE == 0
# define ecc_256_redc NULL
# define ecc_secp256r1_redc NULL
# else
# error Configuration error
# endif
#endif /* !HAVE_NATIVE_ecc_256_redc */
#endif /* !HAVE_NATIVE_ecc_secp256r1_redc */
#if ECC_BMODP_SIZE < ECC_LIMB_SIZE
#define ecc_256_modp ecc_mod
#define ecc_256_modq ecc_mod
#define ecc_secp256r1_modp ecc_mod
#define ecc_secp256r1_modq ecc_mod
#elif GMP_NUMB_BITS == 64
static void
ecc_256_modp (const struct ecc_modulo *p, mp_limb_t *rp)
ecc_secp256r1_modp (const struct ecc_modulo *p, mp_limb_t *rp)
{
mp_limb_t u1, u0;
mp_size_t n;
......@@ -146,7 +146,7 @@ ecc_256_modp (const struct ecc_modulo *p, mp_limb_t *rp)
}
static void
ecc_256_modq (const struct ecc_modulo *q, mp_limb_t *rp)
ecc_secp256r1_modq (const struct ecc_modulo *q, mp_limb_t *rp)
{
mp_limb_t u2, u1, u0;
mp_size_t n;
......@@ -255,8 +255,8 @@ const struct ecc_curve _nettle_secp_256r1 =
ecc_redc_ppm1,
ecc_pp1h,
ecc_256_modp,
USE_REDC ? ecc_256_redc : ecc_256_modp,
ecc_secp256r1_modp,
USE_REDC ? ecc_secp256r1_redc : ecc_secp256r1_modp,
ecc_mod_inv,
NULL,
},
......@@ -274,8 +274,8 @@ const struct ecc_curve _nettle_secp_256r1 =
NULL,
ecc_qp1h,
ecc_256_modq,
ecc_256_modq,
ecc_secp256r1_modq,
ecc_secp256r1_modq,
ecc_mod_inv,
NULL,
},
......
/* ecc-384.c
/* ecc-secp384r1.c
Compile time constant (but machine dependent) tables.
......@@ -44,12 +44,12 @@
#define USE_REDC 0
#include "ecc-384.h"
#include "ecc-secp384r1.h"
#if HAVE_NATIVE_ecc_384_modp
#define ecc_384_modp nettle_ecc_384_modp
#if HAVE_NATIVE_ecc_secp384r1_modp
#define ecc_secp384r1_modp _nettle_ecc_secp384r1_modp
void
ecc_384_modp (const struct ecc_modulo *m, mp_limb_t *rp);
ecc_secp384r1_modp (const struct ecc_modulo *m, mp_limb_t *rp);
#elif GMP_NUMB_BITS == 32
/* Use that 2^{384} = 2^{128} + 2^{96} - 2^{32} + 1, and eliminate 256
......@@ -62,7 +62,7 @@ ecc_384_modp (const struct ecc_modulo *m, mp_limb_t *rp);
almost 8 at a time. Do only 7, to avoid additional carry
propagation, followed by 5. */
static void
ecc_384_modp (const struct ecc_modulo *p, mp_limb_t *rp)
ecc_secp384r1_modp (const struct ecc_modulo *p, mp_limb_t *rp)
{
mp_limb_t cy, bw;
......@@ -106,7 +106,7 @@ ecc_384_modp (const struct ecc_modulo *p, mp_limb_t *rp)
/* p is 6 limbs, and B^6 - p = B^2 + 2^32 (B - 1) + 1. Eliminate 3
(almost 4) limbs at a time. */
static void
ecc_384_modp (const struct ecc_modulo *p, mp_limb_t *rp)
ecc_secp384r1_modp (const struct ecc_modulo *p, mp_limb_t *rp)
{
mp_limb_t tp[6];
mp_limb_t cy;
......@@ -144,7 +144,7 @@ ecc_384_modp (const struct ecc_modulo *p, mp_limb_t *rp)
assert (cy == 0);
}
#else
#define ecc_384_modp ecc_mod
#define ecc_secp384r1_modp ecc_mod
#endif
const struct ecc_curve _nettle_secp_384r1 =
......@@ -163,8 +163,8 @@ const struct ecc_curve _nettle_secp_384r1 =
ecc_redc_ppm1,
ecc_pp1h,
ecc_384_modp,
ecc_384_modp,
ecc_secp384r1_modp,
ecc_secp384r1_modp,
ecc_mod_inv,
NULL,
},
......
/* ecc-521.c
/* ecc-secp521r1.c
Compile time constant (but machine dependent) tables.
......@@ -42,12 +42,12 @@
#define USE_REDC 0
#include "ecc-521.h"
#include "ecc-secp521r1.h"
#if HAVE_NATIVE_ecc_521_modp
#define ecc_521_modp nettle_ecc_521_modp
#if HAVE_NATIVE_ecc_secp521r1_modp
#define ecc_secp521r1_modp _nettle_ecc_secp521r1_modp
void
ecc_521_modp (const struct ecc_modulo *m, mp_limb_t *rp);
ecc_secp521r1_modp (const struct ecc_modulo *m, mp_limb_t *rp);
#else
......@@ -57,7 +57,7 @@ ecc_521_modp (const struct ecc_modulo *m, mp_limb_t *rp);
/* Result may be *slightly* larger than 2^521 */
static void
ecc_521_modp (const struct ecc_modulo *m UNUSED, mp_limb_t *rp)
ecc_secp521r1_modp (const struct ecc_modulo *m UNUSED, mp_limb_t *rp)
{
/* FIXME: Should use mpn_addlsh_n_ip1 */
mp_limb_t hi;
......@@ -91,8 +91,8 @@ const struct ecc_curve _nettle_secp_521r1 =
ecc_redc_ppm1,
ecc_pp1h,
ecc_521_modp,
ecc_521_modp,
ecc_secp521r1_modp,
ecc_secp521r1_modp,
ecc_mod_inv,
NULL,
},
......
......@@ -432,11 +432,10 @@ ecc_curve_init_str (struct ecc_curve *ecc, enum ecc_type type,
}
static void
ecc_curve_init (struct ecc_curve *ecc, unsigned bit_size)
ecc_curve_init (struct ecc_curve *ecc, const char *curve)
{
switch (bit_size)
if (!strcmp (curve, "secp192r1"))
{
case 192:
ecc_curve_init_str (ecc, ECC_TYPE_WEIERSTRASS,
/* p = 2^{192} - 2^{64} - 1 */
"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE"
......@@ -466,8 +465,9 @@ ecc_curve_init (struct ecc_curve *ecc, unsigned bit_size)
"35433907297cc378b0015703374729d7a4fe46647084e4ba",
"a2649984f2135c301ea3acb0776cd4f125389b311db3be32");
break;
case 224:
}
else if (!strcmp (curve, "secp224r1"))
{
ecc_curve_init_str (ecc, ECC_TYPE_WEIERSTRASS,
/* p = 2^{224} - 2^{96} + 1 */
"ffffffffffffffffffffffffffffffff"
......@@ -498,8 +498,9 @@ ecc_curve_init (struct ecc_curve *ecc, unsigned bit_size)
"ae99feebb5d26945b54892092a8aee02912930fa41cd114e40447301",
"482580a0ec5bc47e88bc8c378632cd196cb3fa058a7114eb03054c9");
break;
case 256:
}
else if (!strcmp (curve, "secp256r1"))
{
ecc_curve_init_str (ecc, ECC_TYPE_WEIERSTRASS,
/* p = 2^{256} - 2^{224} + 2^{192} + 2^{96} - 1 */
"FFFFFFFF000000010000000000000000"
......@@ -530,8 +531,9 @@ ecc_curve_init (struct ecc_curve *ecc, unsigned bit_size)
"e2534a3532d08fbba02dde659ee62bd0031fe2db785596ef509302446b030852",
"e0f1575a4c633cc719dfee5fda862d764efc96c3f30ee0055c42c23f184ed8c6");
break;
case 384:
}
else if (!strcmp (curve, "secp384r1"))
{
ecc_curve_init_str (ecc, ECC_TYPE_WEIERSTRASS,
/* p = 2^{384} - 2^{128} - 2^{96} + 2^{32} - 1 */
"ffffffffffffffffffffffffffffffff"
......@@ -567,8 +569,9 @@ ecc_curve_init (struct ecc_curve *ecc, unsigned bit_size)
"138251cd52ac9298c1c8aad977321deb97e709bd0b4ca0aca55dc8ad51dcfc9d1589a1597e3a5120e1efd631c63e1835",
"cacae29869a62e1631e8a28181ab56616dc45d918abc09f3ab0e63cf792aa4dced7387be37bba569549f1c02b270ed67");
break;
case 521:
}
else if (!strcmp (curve, "secp521r1"))
{
ecc_curve_init_str (ecc, ECC_TYPE_WEIERSTRASS,
"1ff" /* p = 2^{521} - 1 */
"ffffffffffffffffffffffffffffffff"
......@@ -613,9 +616,15 @@ ecc_curve_init (struct ecc_curve *ecc, unsigned bit_size)
"35b5df64ae2ac204c354b483487c9070cdc61c891c5ff39afc06c5d55541d3ceac8659e24afe3d0750e8b88e9f078af066a1d5025b08e5a5e2fbc87412871902f3",
"82096f84261279d2b673e0178eb0b4abb65521aef6e6e32e1b5ae63fe2f19907f279f283e54ba385405224f750a95b85eebb7faef04699d1d9e21f47fc346e4d0d");
break;
case 255:
/* Edwards curve used for eddsa25519 and curve25519,
}
else if (!strcmp (curve, "curve25519"))
{
/* curve25519, y^2 = x^3 + 486662 x^2 + x (mod p), with p = 2^{255} - 19.
According to http://cr.yp.to/papers.html#newelliptic, this
is birationally equivalent to the Edwards curve
x^2 + y^2 = 1 + (121665/121666) x^2 y^2 (mod p).
-x^2 + y^2 = 1 - (121665/121666) x^2 y^2, with p = 2^{255} - 19.
......@@ -664,9 +673,9 @@ ecc_curve_init (struct ecc_curve *ecc, unsigned bit_size)
"1a739ec193ce1547493aa657c4c9f870",
"47d0e827cb1595e1470eb88580d5716c"
"4cf22832ea2f0ff0df38ab61ca32112f");
break;
case 448:
}
else if (!strcmp (curve, "curve448"))
{
/* curve448, y^2 = x^3 + 156326 x^2 + x (mod p), with p = 2^{448} - 2^{224} - 1.
According to RFC 7748, this is 4-isogenious to the Edwards
......@@ -745,14 +754,13 @@ ecc_curve_init (struct ecc_curve *ecc, unsigned bit_size)
"9cb7c02f0457d845c90dc3227b8a5bc1"
"c0d8f97ea1ca9472b5d444285d0d4f5b"
"32e236f86de51839");
break;
default:
fprintf (stderr, "No known curve for size %d\n", bit_size);
exit(EXIT_FAILURE);
}
ecc->bit_size = bit_size;
else
{
fprintf (stderr, "No known curve with name %s\n", curve);
exit(EXIT_FAILURE);
}
ecc->bit_size = mpz_sizeinbase (ecc->p, 2);
}
static void
......@@ -1312,7 +1320,7 @@ main (int argc, char **argv)
return EXIT_FAILURE;
}
ecc_curve_init (&ecc, atoi(argv[1]));
ecc_curve_init (&ecc, argv[1]);
ecc_pippenger_precompute (&ecc, atoi(argv[2]), atoi(argv[3]));
......
......@@ -95,7 +95,7 @@ _eddsa_sign (const struct ecc_curve *ecc,
ecc_modq_add (ecc, sp, sp, rp); /* FIXME: Can be plain add */
if (ecc->p.bit_size == 255)
{
/* FIXME: Special code duplicated in ecc_25519_modq
/* FIXME: Special code duplicated in ecc_curve25519_modq
Define a suitable method for canonical reduction? */
/* q is slightly larger than 2^252, underflow from below
......
......@@ -41,7 +41,7 @@ define(<T0>, <%r10>)
define(<T1>, <%r11>)
define(<M>, <%rbx>)
PROLOGUE(nettle_ecc_25519_modp)
PROLOGUE(_nettle_ecc_curve25519_modp)
W64_ENTRY(2, 0)
push %rbx
......@@ -91,4 +91,4 @@ PROLOGUE(nettle_ecc_25519_modp)
pop %rbx
W64_EXIT(2, 0)
ret
EPILOGUE(nettle_ecc_25519_modp)
EPILOGUE(_nettle_ecc_curve25519_modp)
......@@ -45,7 +45,7 @@ define(<T0>, <%r10>)
define(<T1>, <%r11>)
define(<T2>, <%r12>)
PROLOGUE(nettle_ecc_curve448_modp)
PROLOGUE(_nettle_ecc_curve448_modp)
W64_ENTRY(2, 0)
push %rbx
......@@ -141,4 +141,4 @@ PROLOGUE(nettle_ecc_curve448_modp)
W64_EXIT(2, 0)
ret
EPILOGUE(nettle_ecc_curve448_modp)
EPILOGUE(_nettle_ecc_curve448_modp)
C x86_64/ecc-192-modp.asm
C x86_64/ecc-secp192r1-modp.asm
ifelse(<
Copyright (C) 2013 Niels Möller
......@@ -30,7 +30,7 @@ ifelse(<
not, see http://www.gnu.org/licenses/.
>)
.file "ecc-192-modp.asm"
.file "ecc-secp192r1-modp.asm"
define(<RP>, <%rsi>)
define(<T0>, <%rdi>) C Overlaps unused modulo input
......@@ -41,10 +41,10 @@ define(<H>, <%r9>)
define(<C1>, <%r10>)
define(<C2>, <%r11>)
C ecc_192_modp (const struct ecc_modulo *m, mp_limb_t *rp)
C ecc_secp192r1_modp (const struct ecc_modulo *m, mp_limb_t *rp)
.text
ALIGN(16)
PROLOGUE(nettle_ecc_192_modp)
PROLOGUE(_nettle_ecc_secp192r1_modp)
W64_ENTRY(2, 0)
mov 16(RP), T2
mov 24(RP), T3
......@@ -85,4 +85,4 @@ PROLOGUE(nettle_ecc_192_modp)
W64_EXIT(2, 0)
ret
EPILOGUE(nettle_ecc_192_modp)
EPILOGUE(_nettle_ecc_secp192r1_modp)
C x86_64/ecc-224-modp.asm
C x86_64/ecc-secp224r1-modp.asm
ifelse(<
Copyright (C) 2013 Niels Möller
......@@ -30,7 +30,7 @@ ifelse(<
not, see http://www.gnu.org/licenses/.
>)
.file "ecc-224-modp.asm"
.file "ecc-secp224r1-modp.asm"
GMP_NUMB_BITS(64)
......@@ -44,8 +44,8 @@ define(<F0>, <%r9>)
define(<F1>, <%r10>)
define(<F2>, <%r11>)
C ecc_224_modp (const struct ecc_modulo *m, mp_limb_t *rp)
PROLOGUE(nettle_ecc_224_modp)
C ecc_secp224r1_modp (const struct ecc_modulo *m, mp_limb_t *rp)
PROLOGUE(_nettle_ecc_secp224r1_modp)
W64_ENTRY(2, 0)
mov 48(RP), H0
mov 56(RP), H1
......@@ -128,4 +128,4 @@ PROLOGUE(nettle_ecc_224_modp)
W64_EXIT(2, 0)
ret
EPILOGUE(nettle_ecc_224_modp)
EPILOGUE(_nettle_ecc_secp224r1_modp)
C x86_64/ecc-256-redc.asm
C x86_64/ecc-secp256r1-redc.asm
ifelse(<
Copyright (C) 2013 Niels Möller
......@@ -30,7 +30,7 @@ ifelse(<
not, see http://www.gnu.org/licenses/.
>)
.file "ecc-256-redc.asm"
.file "ecc-secp256r1-redc.asm"
define(<RP>, <%rsi>)
define(<U0>, <%rdi>) C Overlaps unused modulo input
......@@ -58,7 +58,7 @@ define(<FOLD>, <
sbb $1, F2
sbb <$>0, F3
>)
PROLOGUE(nettle_ecc_256_redc)
PROLOGUE(_nettle_ecc_secp256r1_redc)
W64_ENTRY(2, 0)
C save all registers that need to be saved
push %rbx
......@@ -126,4 +126,4 @@ PROLOGUE(nettle_ecc_256_redc)
pop %rbx
W64_EXIT(2, 0)
ret
EPILOGUE(nettle_ecc_256_redc)
EPILOGUE(_nettle_ecc_secp256r1_redc)
C x86_64/ecc-384-modp.asm
C x86_64/ecc-secp384r1-modp.asm
ifelse(<
Copyright (C) 2013, 2015 Niels Möller
......@@ -30,7 +30,7 @@ ifelse(<
not, see http://www.gnu.org/licenses/.
>)
.file "ecc-384-modp.asm"
.file "ecc-secp384r1-modp.asm"
define(<RP>, <%rsi>)
define(<D5>, <%rax>)
......@@ -51,7 +51,7 @@ define(<C0>, H5) C Overlap
define(<TMP>, RP) C Overlap
PROLOGUE(nettle_ecc_384_modp)
PROLOGUE(_nettle_ecc_secp384r1_modp)
W64_ENTRY(2, 0)
push %rbx
......@@ -231,4 +231,4 @@ PROLOGUE(nettle_ecc_384_modp)
W64_EXIT(2, 0)
ret
EPILOGUE(nettle_ecc_384_modp)
EPILOGUE(_nettle_ecc_secp384r1_modp)
C x86_64/ecc-521-modp.asm
C x86_64/ecc-secp521r1-modp.asm
ifelse(<
Copyright (C) 2013 Niels Möller
......@@ -30,7 +30,7 @@ ifelse(<
not, see http://www.gnu.org/licenses/.
>)
.file "ecc-521-modp.asm"
.file "ecc-secp521r1-modp.asm"
GMP_NUMB_BITS(64)
......@@ -48,7 +48,7 @@ define(<U9>, <%r11>)
define(<T0>, <%r12>)
define(<T1>, <%r13>)
PROLOGUE(nettle_ecc_521_modp)
PROLOGUE(_nettle_ecc_secp521r1_modp)
W64_ENTRY(2, 0)
push %rbx
push %rbp
......@@ -155,4 +155,4 @@ PROLOGUE(nettle_ecc_521_modp)
pop %rbx
W64_EXIT(2, 0)
ret
EPILOGUE(nettle_ecc_521_modp)
EPILOGUE(_nettle_ecc_secp521r1_modp)