diff options
| author | Adam Ierymenko <adam.ierymenko@zerotier.com> | 2018-04-25 06:39:02 -0700 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2018-04-25 06:39:02 -0700 |
| commit | 42ec780a6f6eedef4d8b1d8218bd72fc6ed75cc0 (patch) | |
| tree | 7bf86c4d92d6a0f77eced79bfc33313c62c7b6dd /ext/ed25519-amd64-asm/ge25519_scalarmult_base.c | |
| parent | 18c9dc8a0649c866eff9f299f20fa5b19c502e52 (diff) | |
| parent | 4608880fb06700822d01e9e5d6729fcdeb82b64b (diff) | |
| download | infinitytier-42ec780a6f6eedef4d8b1d8218bd72fc6ed75cc0.tar.gz infinitytier-42ec780a6f6eedef4d8b1d8218bd72fc6ed75cc0.zip | |
Merge branch 'dev' into netbsd-support
Diffstat (limited to 'ext/ed25519-amd64-asm/ge25519_scalarmult_base.c')
| -rw-r--r-- | ext/ed25519-amd64-asm/ge25519_scalarmult_base.c | 68 |
1 files changed, 68 insertions, 0 deletions
diff --git a/ext/ed25519-amd64-asm/ge25519_scalarmult_base.c b/ext/ed25519-amd64-asm/ge25519_scalarmult_base.c new file mode 100644 index 00000000..986abaf6 --- /dev/null +++ b/ext/ed25519-amd64-asm/ge25519_scalarmult_base.c @@ -0,0 +1,68 @@ +#include "fe25519.h" +#include "sc25519.h" +#include "ge25519.h" + +/* Multiples of the base point in Niels' representation */ +static const ge25519_niels ge25519_base_multiples_niels[] = { +#ifdef SMALLTABLES +#include "ge25519_base_niels_smalltables.data" +#else +#include "ge25519_base_niels.data" +#endif +}; + +/* d */ +static const fe25519 ecd = {{0x75EB4DCA135978A3, 0x00700A4D4141D8AB, 0x8CC740797779E898, 0x52036CEE2B6FFE73}}; + +void ge25519_scalarmult_base(ge25519_p3 *r, const sc25519 *s) +{ + signed char b[64]; + int i; + ge25519_niels t; + fe25519 d; + + sc25519_window4(b,s); + +#ifdef SMALLTABLES + ge25519_p1p1 tp1p1; + choose_t((ge25519_niels *)r, 0, (signed long long) b[1], ge25519_base_multiples_niels); + fe25519_sub(&d, &r->y, &r->x); + fe25519_add(&r->y, &r->y, &r->x); + r->x = d; + r->t = r->z; + fe25519_setint(&r->z,2); + for(i=3;i<64;i+=2) + { + choose_t(&t, (unsigned long long) i/2, (signed long long) b[i], ge25519_base_multiples_niels); + ge25519_nielsadd2(r, &t); + } + ge25519_dbl_p1p1(&tp1p1,(ge25519_p2 *)r); + ge25519_p1p1_to_p2((ge25519_p2 *)r, &tp1p1); + ge25519_dbl_p1p1(&tp1p1,(ge25519_p2 *)r); + ge25519_p1p1_to_p2((ge25519_p2 *)r, &tp1p1); + ge25519_dbl_p1p1(&tp1p1,(ge25519_p2 *)r); + ge25519_p1p1_to_p2((ge25519_p2 *)r, &tp1p1); + ge25519_dbl_p1p1(&tp1p1,(ge25519_p2 *)r); + ge25519_p1p1_to_p3(r, &tp1p1); + choose_t(&t, (unsigned long long) 0, (signed long long) b[0], ge25519_base_multiples_niels); + fe25519_mul(&t.t2d, &t.t2d, &ecd); + ge25519_nielsadd2(r, &t); + for(i=2;i<64;i+=2) + { + choose_t(&t, (unsigned long long) i/2, (signed long long) b[i], ge25519_base_multiples_niels); + ge25519_nielsadd2(r, &t); + } +#else + choose_t((ge25519_niels *)r, 0, (signed long long) b[0], ge25519_base_multiples_niels); + fe25519_sub(&d, &r->y, &r->x); + fe25519_add(&r->y, &r->y, &r->x); + r->x = d; + r->t = r->z; + fe25519_setint(&r->z,2); + for(i=1;i<64;i++) + { + choose_t(&t, (unsigned long long) i, (signed long long) b[i], ge25519_base_multiples_niels); + ge25519_nielsadd2(r, &t); + } +#endif +} |