X-Git-Url: https://pd.if.org/git/?a=blobdiff_plain;f=crypto%2Flibeddsa%2Flib%2Ffld.h;fp=crypto%2Flibeddsa%2Flib%2Ffld.h;h=598c6b2bb3af22ce2521393d479ae1d82baaa904;hb=7bfbc0423ba40ea5156e06c8fb62bacd5ea93390;hp=0000000000000000000000000000000000000000;hpb=2ae349f5ed63b026cff763b35984dd36b330870a;p=zpackage diff --git a/crypto/libeddsa/lib/fld.h b/crypto/libeddsa/lib/fld.h new file mode 100644 index 0000000..598c6b2 --- /dev/null +++ b/crypto/libeddsa/lib/fld.h @@ -0,0 +1,144 @@ +#ifndef FLD_H +#define FLD_H + +#include + +#include "bitness.h" +#include "compat.h" +#include "limb.h" + + +#ifdef USE_64BIT + +/* + * in 64bit mode we use 5 limbs each 51 bits long + */ + +#define FLD_LIMB_NUM 5 +#define FLD_LIMB_BITS 51 + +#define FLD_LIMB_MASK ((1L << FLD_LIMB_BITS)-1) + +#else + +/* + * in 32bit mode fld_t consists of 10 limbs alternating in size + * between 26 and 25 bits. + * this approach is inspired from djb's curve25519-paper, where it + * is explained in more detail. + */ + +#define FLD_LIMB_NUM 10 + +/* macros for alternating limb sizes: use with d=1,0,1,0,... */ +#define FLD_LIMB_BITS(d) (25+(d)) +#define FLD_LIMB_MASK(d) ((1 << FLD_LIMB_BITS(d))-1) + +#endif + + +/* + * fld_t is our datatype for all operations modulo 2^255-19. + * + * since we typedef an array here, all parameters of type fld_t get + * a call-by-reference semantic! + */ + +typedef limb_t fld_t[FLD_LIMB_NUM]; + + + +/* + * exported constants + */ +extern const fld_t con_d; +extern const fld_t con_2d; +extern const fld_t con_m2d; +extern const fld_t con_j; + + +/* + * prototypes for 32bit/64bit specific functions + */ +void fld_reduce(fld_t dst, const fld_t x); +void fld_import(fld_t dst, const uint8_t src[32]); +void fld_export(uint8_t dst[32], const fld_t src); +void fld_mul(fld_t res, const fld_t a, const fld_t b); +void fld_scale(fld_t dst, const fld_t src, limb_t x); +void fld_sq(fld_t res, const fld_t a); + + +/* + * prototypes for common code + */ +int fld_eq(const fld_t a, const fld_t b); +void fld_inv(fld_t res, const fld_t z); +void fld_pow2523(fld_t res, const fld_t z); + + + +/* + * simple inline functions + */ + +static INLINE void +fld_set0(fld_t res, limb_t x0) +{ + int i; + res[0] = x0; + for (i = 1; i < FLD_LIMB_NUM; i++) + res[i] = 0; +} + + +static INLINE void +fld_add(fld_t res, const fld_t a, const fld_t b) +{ + int i; + for (i = 0; i < FLD_LIMB_NUM; i++) + res[i] = a[i] + b[i]; +} + +static INLINE void +fld_sub(fld_t res, const fld_t a, const fld_t b) +{ + int i; + for (i = 0; i < FLD_LIMB_NUM; i++) + res[i] = a[i] - b[i]; +} + +/* + * fld_tinyscale scales an element a without reducing it. this could + * be used for conditionally change sign of an element. + */ +static INLINE void +fld_tinyscale(fld_t res, const fld_t a, limb_t x) +{ + int i; + for (i = 0; i < FLD_LIMB_NUM; i++) + res[i] = x * a[i]; +} + +/* + * fld_scale2 is a special case of fld_tinyscale with x = 2. + */ +static INLINE void +fld_scale2(fld_t res, const fld_t a) +{ + int i; + for (i = 0; i < FLD_LIMB_NUM; i++) + res[i] = a[i] << 1; +} + +/* + * fld_neg is a special case of fld_tinyscale with x = -1. + */ +static INLINE void +fld_neg(fld_t res, const fld_t a) +{ + int i; + for (i = 0; i < FLD_LIMB_NUM; i++) + res[i] = -a[i]; +} + +#endif