1 #ifndef ed25519_ref10_H 2 #define ed25519_ref10_H 3 4 #include <stddef.h> 5 #include <stdint.h> 6 7 /* 8 fe means field element. 9 Here the field is \Z/(2^255-19). 10 */ 11 12 #ifdef HAVE_TI_MODE 13 typedef uint64_t fe25519[5]; 14 #else 15 typedef int32_t fe25519[10]; 16 #endif 17 18 void fe25519_invert(fe25519 out, const fe25519 z); 19 void fe25519_frombytes(fe25519 h, const unsigned char *s); 20 void fe25519_tobytes(unsigned char *s, const fe25519 h); 21 22 #ifdef HAVE_TI_MODE 23 # include "ed25519_ref10_fe_51.h" 24 #else 25 # include "ed25519_ref10_fe_25_5.h" 26 #endif 27 28 29 /* 30 ge means group element. 31 32 Here the group is the set of pairs (x,y) of field elements 33 satisfying -x^2 + y^2 = 1 + d x^2y^2 34 where d = -121665/121666. 35 36 Representations: 37 ge25519_p2 (projective): (X:Y:Z) satisfying x=X/Z, y=Y/Z 38 ge25519_p3 (extended): (X:Y:Z:T) satisfying x=X/Z, y=Y/Z, XY=ZT 39 ge25519_p1p1 (completed): ((X:Z),(Y:T)) satisfying x=X/Z, y=Y/T 40 ge25519_precomp (Duif): (y+x,y-x,2dxy) 41 */ 42 43 typedef struct { 44 fe25519 X; 45 fe25519 Y; 46 fe25519 Z; 47 } ge25519_p2; 48 49 typedef struct { 50 fe25519 X; 51 fe25519 Y; 52 fe25519 Z; 53 fe25519 T; 54 } ge25519_p3; 55 56 typedef struct { 57 fe25519 X; 58 fe25519 Y; 59 fe25519 Z; 60 fe25519 T; 61 } ge25519_p1p1; 62 63 typedef struct { 64 fe25519 yplusx; 65 fe25519 yminusx; 66 fe25519 xy2d; 67 } ge25519_precomp; 68 69 typedef struct { 70 fe25519 YplusX; 71 fe25519 YminusX; 72 fe25519 Z; 73 fe25519 T2d; 74 } ge25519_cached; 75 76 void ge25519_tobytes(unsigned char *s, const ge25519_p2 *h); 77 78 void ge25519_p3_tobytes(unsigned char *s, const ge25519_p3 *h); 79 80 int ge25519_frombytes(ge25519_p3 *h, const unsigned char *s); 81 82 int ge25519_frombytes_negate_vartime(ge25519_p3 *h, const unsigned char *s); 83 84 void ge25519_p3_to_cached(ge25519_cached *r, const ge25519_p3 *p); 85 86 void ge25519_p1p1_to_p2(ge25519_p2 *r, const ge25519_p1p1 *p); 87 88 void ge25519_p1p1_to_p3(ge25519_p3 *r, const ge25519_p1p1 *p); 89 90 void ge25519_add(ge25519_p1p1 *r, const ge25519_p3 *p, const ge25519_cached *q); 91 92 void ge25519_sub(ge25519_p1p1 *r, const ge25519_p3 *p, const ge25519_cached *q); 93 94 void ge25519_scalarmult_base(ge25519_p3 *h, const unsigned char *a); 95 96 void ge25519_double_scalarmult_vartime(ge25519_p2 *r, const unsigned char *a, 97 const ge25519_p3 *A, 98 const unsigned char *b); 99 100 void ge25519_scalarmult(ge25519_p3 *h, const unsigned char *a, 101 const ge25519_p3 *p); 102 103 int ge25519_is_canonical(const unsigned char *s); 104 105 int ge25519_is_on_curve(const ge25519_p3 *p); 106 107 int ge25519_is_on_main_subgroup(const ge25519_p3 *p); 108 109 int ge25519_has_small_order(const unsigned char s[32]); 110 111 void ge25519_from_uniform(unsigned char s[32], const unsigned char r[32]); 112 113 /* 114 The set of scalars is \Z/l 115 where l = 2^252 + 27742317777372353535851937790883648493. 116 */ 117 118 void sc25519_reduce(unsigned char *s); 119 120 void sc25519_muladd(unsigned char *s, const unsigned char *a, 121 const unsigned char *b, const unsigned char *c); 122 123 int sc25519_is_canonical(const unsigned char *s); 124 125 #endif 126
Indexes created Sat Sep 20 22:09:52 GMT 2025