1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
|
/*
- based on tweetnacl 20140427 (http://tweetnacl.cr.yp.to/software.html)
- reformated using clang-format
*/
#include "crypto_int64.h"
#include "crypto_uint32.h"
#include "crypto_uint64.h"
#include "cleanup.h"
#include "sc25519.h"
#define FOR(i, n) for (i = 0; i < n; ++i)
static const crypto_uint64 L[32] = {
0xed, 0xd3, 0xf5, 0x5c, 0x1a, 0x63, 0x12, 0x58, 0xd6, 0x9c, 0xf7,
0xa2, 0xde, 0xf9, 0xde, 0x14, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0x10};
static void modL(unsigned char *r, crypto_int64 x[64]) {
crypto_int64 carry, i, j;
for (i = 63; i >= 32; --i) {
carry = 0;
for (j = i - 32; j < i - 12; ++j) {
x[j] += carry - 16 * x[i] * L[j - (i - 32)];
carry = (x[j] + 128) >> 8;
x[j] -= carry << 8;
}
x[j] += carry;
x[i] = 0;
}
carry = 0;
FOR(j, 32) {
x[j] += carry - (x[31] >> 4) * L[j];
carry = x[j] >> 8;
x[j] &= 255;
}
FOR(j, 32) x[j] -= carry * L[j];
FOR(i, 32) {
x[i + 1] += x[i] >> 8;
r[i] = x[i] & 255;
}
}
void sc25519_reduce(unsigned char *s) {
crypto_int64 t[64], i;
for (i = 0; i < 64; ++i) t[i] = s[i];
for (i = 0; i < 64; ++i) s[i] = 0;
modL(s, t);
cleanup(t);
}
void sc25519_muladd(unsigned char *s, const unsigned char *a,
const unsigned char *b, const unsigned char *c) {
crypto_int64 t[64], i, j;
for (i = 0; i < 64; ++i) t[i] = 0;
for (i = 0; i < 32; ++i)
for (j = 0; j < 32; ++j) {
t[i + j] += (crypto_int64) a[i] * (crypto_int64) b[j];
}
for (i = 0; i < 32; ++i) t[i] += c[i];
modL(s, t);
cleanup(t);
}
|
