xref: /freebsd/sys/contrib/libsodium/src/libsodium/include/sodium/private/ed25519_ref10.h (revision 3611ec604864a7d4dcc9a3ea898c80eb35eef8a0) 
1 #ifndef ed25519_ref10_H
2 #define ed25519_ref10_H
3 
4 #include <stddef.h>
5 #include <stdint.h>
6 
7 /*
8  fe means field element.
9  Here the field is \Z/(2^255-19).
10  */
11 
12 #ifdef HAVE_TI_MODE
13 typedef uint64_t fe25519[5];
14 #else
15 typedef int32_t fe25519[10];
16 #endif
17 
18 void fe25519_invert(fe25519 out, const fe25519 z);
19 void fe25519_frombytes(fe25519 h, const unsigned char *s);
20 void fe25519_tobytes(unsigned char *s, const fe25519 h);
21 
22 #ifdef HAVE_TI_MODE
23 # include "ed25519_ref10_fe_51.h"
24 #else
25 # include "ed25519_ref10_fe_25_5.h"
26 #endif
27 
28 
29 /*
30  ge means group element.
31 
32  Here the group is the set of pairs (x,y) of field elements
33  satisfying -x^2 + y^2 = 1 + d x^2y^2
34  where d = -121665/121666.
35 
36  Representations:
37  ge25519_p2 (projective): (X:Y:Z) satisfying x=X/Z, y=Y/Z
38  ge25519_p3 (extended): (X:Y:Z:T) satisfying x=X/Z, y=Y/Z, XY=ZT
39  ge25519_p1p1 (completed): ((X:Z),(Y:T)) satisfying x=X/Z, y=Y/T
40  ge25519_precomp (Duif): (y+x,y-x,2dxy)
41  */
42 
43 typedef struct {
44     fe25519 X;
45     fe25519 Y;
46     fe25519 Z;
47 } ge25519_p2;
48 
49 typedef struct {
50     fe25519 X;
51     fe25519 Y;
52     fe25519 Z;
53     fe25519 T;
54 } ge25519_p3;
55 
56 typedef struct {
57     fe25519 X;
58     fe25519 Y;
59     fe25519 Z;
60     fe25519 T;
61 } ge25519_p1p1;
62 
63 typedef struct {
64     fe25519 yplusx;
65     fe25519 yminusx;
66     fe25519 xy2d;
67 } ge25519_precomp;
68 
69 typedef struct {
70     fe25519 YplusX;
71     fe25519 YminusX;
72     fe25519 Z;
73     fe25519 T2d;
74 } ge25519_cached;
75 
76 void ge25519_tobytes(unsigned char *s, const ge25519_p2 *h);
77 
78 void ge25519_p3_tobytes(unsigned char *s, const ge25519_p3 *h);
79 
80 int ge25519_frombytes(ge25519_p3 *h, const unsigned char *s);
81 
82 int ge25519_frombytes_negate_vartime(ge25519_p3 *h, const unsigned char *s);
83 
84 void ge25519_p3_to_cached(ge25519_cached *r, const ge25519_p3 *p);
85 
86 void ge25519_p1p1_to_p2(ge25519_p2 *r, const ge25519_p1p1 *p);
87 
88 void ge25519_p1p1_to_p3(ge25519_p3 *r, const ge25519_p1p1 *p);
89 
90 void ge25519_add(ge25519_p1p1 *r, const ge25519_p3 *p, const ge25519_cached *q);
91 
92 void ge25519_sub(ge25519_p1p1 *r, const ge25519_p3 *p, const ge25519_cached *q);
93 
94 void ge25519_scalarmult_base(ge25519_p3 *h, const unsigned char *a);
95 
96 void ge25519_double_scalarmult_vartime(ge25519_p2 *r, const unsigned char *a,
97                                        const ge25519_p3 *A,
98                                        const unsigned char *b);
99 
100 void ge25519_scalarmult(ge25519_p3 *h, const unsigned char *a,
101                         const ge25519_p3 *p);
102 
103 int ge25519_is_canonical(const unsigned char *s);
104 
105 int ge25519_is_on_curve(const ge25519_p3 *p);
106 
107 int ge25519_is_on_main_subgroup(const ge25519_p3 *p);
108 
109 int ge25519_has_small_order(const unsigned char s[32]);
110 
111 void ge25519_from_uniform(unsigned char s[32], const unsigned char r[32]);
112 
113 /*
114  The set of scalars is \Z/l
115  where l = 2^252 + 27742317777372353535851937790883648493.
116  */
117 
118 void sc25519_reduce(unsigned char *s);
119 
120 void sc25519_muladd(unsigned char *s, const unsigned char *a,
121                     const unsigned char *b, const unsigned char *c);
122 
123 int sc25519_is_canonical(const unsigned char *s);
124 
125 #endif
126