feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Merge branch 'jacob-ed'

Browse Source
This commit is contained in:
toddouska
2015-03-19 12:52:15 -07:00
parent 5577555ce3 478a8bb059
commit b54c29487d
16 changed files with 4522 additions and 494 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
configure.ac
View File

@ -643,6 +643,7 @@ AC_ARG_ENABLE([ecc25519],
if test "$ENABLED_ECC25519" = "yes"
then
ENABLED_FEMATH=yes
AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC25519"
fi
@ -650,7 +651,31 @@ fi
AM_CONDITIONAL([BUILD_ECC25519], [test "x$ENABLED_ECC25519" = "xyes"])
# FP ECC, Fixed Point cache ECC
# ED25519
AC_ARG_ENABLE([ed25519],
[AS_HELP_STRING([--enable-ed25519],[Enable ED25519 (default: disabled)])],
[ ENABLED_ED25519=$enableval ],
[ ENABLED_ED25519=no ]
)
if test "$ENABLED_ED25519" = "yes"
then
if test "$ENABLED_SHA512" = "no"
then
AC_MSG_ERROR([cannot enable ed25519 without enabling sha512.])
fi
ENABLED_FEMATH=yes
ENABLED_GEMATH=yes
AM_CFLAGS="$AM_CFLAGS -DHAVE_ED25519"
fi
AM_CONDITIONAL([BUILD_ED25519], [test "x$ENABLED_ED25519" = "xyes"])
AM_CONDITIONAL([BUILD_FEMATH], [test "x$ENABLED_FEMATH" = "xyes"])
AM_CONDITIONAL([BUILD_GEMATH], [test "x$ENABLED_GEMATH" = "xyes"])
# FP ECC, Fixed Point cache ECC
AC_ARG_ENABLE([fpecc],
[ --enable-fpecc Enable Fixed Point cache ECC (default: disabled)],
[ ENABLED_FPECC=$enableval ],
@ -1934,6 +1959,8 @@ echo " * RSA: $ENABLED_RSA"
echo " * DSA: $ENABLED_DSA"
echo " * DH: $ENABLED_DH"
echo " * ECC: $ENABLED_ECC"
echo " * CURVE25519: $ENABLED_ECC25519"
echo " * ED25519: $ENABLED_ED25519"
echo " * FPECC: $ENABLED_FPECC"
echo " * ECC_ENCRYPT: $ENABLED_ECC_ENCRYPT"
echo " * ASN: $ENABLED_ASN"

13
src/include.am
View File

@ -169,7 +169,18 @@ endif
if BUILD_ECC25519
src_libwolfssl_la_SOURCES += wolfcrypt/src/ecc25519.c
src_libwolfssl_la_SOURCES += wolfcrypt/src/ecc25519_fe.c
endif
if BUILD_ED25519
src_libwolfssl_la_SOURCES += wolfcrypt/src/ed25519.c
endif
if BUILD_FEMATH
src_libwolfssl_la_SOURCES += wolfcrypt/src/fe_operations.c
endif
if BUILD_GEMATH
src_libwolfssl_la_SOURCES += wolfcrypt/src/ge_operations.c
endif
if BUILD_LIBZ

105
wolfcrypt/benchmark/benchmark.c
View File

@ -60,6 +60,9 @@
#ifdef HAVE_ECC25519
#include <wolfssl/wolfcrypt/ecc25519.h>
#endif
#ifdef HAVE_ED25519
#include <wolfssl/wolfcrypt/ed25519.h>
#endif
#include <wolfssl/wolfcrypt/dh.h>
#ifdef HAVE_CAVIUM
@ -143,6 +146,10 @@ void bench_eccKeyAgree(void);
void bench_ecc25519KeyGen(void);
void bench_ecc25519KeyAgree(void);
#endif
#ifdef HAVE_ED25519
void bench_ed25519KeyGen(void);
void bench_ed25519KeySign(void);
#endif
#ifdef HAVE_NTRU
void bench_ntru(void);
void bench_ntruKeyGen(void);
@ -354,6 +361,11 @@ int benchmark_test(void *args)
bench_ecc25519KeyAgree();
#endif
#ifdef HAVE_ED25519
bench_ed25519KeyGen();
bench_ed25519KeySign();
#endif
#if defined(HAVE_LOCAL_RNG) && (defined(HAVE_HASHDRBG) || defined(NO_RC4))
wc_FreeRng(&rng);
#endif
@ -1704,6 +1716,99 @@ void bench_ecc25519KeyAgree(void)
}
#endif /* HAVE_ECC25519 */
#ifdef HAVE_ED25519
void bench_ed25519KeyGen(void)
{
ed25519_key genKey;
double start, total, each, milliEach;
int i;
/* 256 bit */
start = current_time(1);
for(i = 0; i < genTimes; i++) {
wc_ed25519_init(&genKey);
wc_ed25519_make_key(&rng, 32, &genKey);
wc_ed25519_free(&genKey);
}
total = current_time(0) - start;
each = total / genTimes; /* per second */
milliEach = each * 1000; /* millisconds */
printf("\n");
printf("ED25519 key generation %6.3f milliseconds, avg over %d"
" iterations\n", milliEach, genTimes);
}
void bench_ed25519KeySign(void)
{
ed25519_key genKey, genKey2;
double start, total, each, milliEach;
int i, ret;
byte sig[ED25519_SIG_SIZE];
byte digest[32];
word32 x = 0;
wc_ed25519_init(&genKey);
wc_ed25519_init(&genKey2);
ret = wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &genKey);
if (ret != 0) {
printf("ed25519_make_key failed\n");
return;
}
ret = wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &genKey2);
if (ret != 0) {
printf("ed25519_make_key failed\n");
return;
}
/* make dummy digest */
for (i = 0; i < (int)sizeof(digest); i++)
digest[i] = (byte)i;
start = current_time(1);
for(i = 0; i < agreeTimes; i++) {
x = sizeof(sig);
ret = wc_ed25519_sign_msg(digest, sizeof(digest), sig, &x, &genKey);
if (ret != 0) {
printf("ed25519_sign_hash failed\n");
return;
}
}
total = current_time(0) - start;
each = total / agreeTimes; /* per second */
milliEach = each * 1000; /* millisconds */
printf("ED25519 sign time %6.3f milliseconds, avg over %d"
" iterations\n", milliEach, agreeTimes);
start = current_time(1);
for(i = 0; i < agreeTimes; i++) {
int verify = 0;
ret = wc_ed25519_verify_msg(sig, x, digest, sizeof(digest), &verify,
&genKey);
if (ret != 0 || verify != 1) {
printf("ed25519_verify_hash failed\n");
return;
}
}
total = current_time(0) - start;
each = total / agreeTimes; /* per second */
milliEach = each * 1000; /* millisconds */
printf("ED25519 verify time %6.3f milliseconds, avg over %d"
" iterations\n", milliEach, agreeTimes);
wc_ed25519_free(&genKey2);
wc_ed25519_free(&genKey);
}
#endif /* HAVE_ED25519 */
#ifdef _WIN32

21
wolfcrypt/src/ecc25519.c
View File

@ -81,7 +81,26 @@ static int curve25519(unsigned char* q, unsigned char* n, unsigned char* p)
fe_cswap(x2,x3,swap);
fe_cswap(z2,z3,swap);
swap = b;
#include <wolfssl/wolfcrypt/ecc25519_montgomery.h>
/* montgomery */
fe_sub(tmp0,x3,z3);
fe_sub(tmp1,x2,z2);
fe_add(x2,x2,z2);
fe_add(z2,x3,z3);
fe_mul(z3,tmp0,x2);
fe_mul(z2,z2,tmp1);
fe_sq(tmp0,tmp1);
fe_sq(tmp1,x2);
fe_add(x3,z3,z2);
fe_sub(z2,z3,z2);
fe_mul(x2,tmp1,tmp0);
fe_sub(tmp1,tmp1,tmp0);
fe_sq(z2,z2);
fe_mul121666(z3,tmp1);
fe_sq(x3,x3);
fe_add(tmp0,tmp0,z3);
fe_mul(z3,x1,z2);
fe_mul(z2,tmp1,tmp0);
}
fe_cswap(x2,x3,swap);
fe_cswap(z2,z3,swap);

1015
wolfcrypt/src/ed25519.c Normal file
View File

File diff suppressed because it is too large Load Diff

1037
wolfcrypt/src/ecc25519_fe.c → wolfcrypt/src/fe_operations.c
View File

File diff suppressed because it is too large Load Diff

1939
wolfcrypt/src/ge_operations.c Normal file
View File

File diff suppressed because it is too large Load Diff

433
wolfcrypt/test/test.c
View File

@ -66,6 +66,9 @@
#ifdef HAVE_ECC25519
#include <wolfssl/wolfcrypt/ecc25519.h>
#endif
#ifdef HAVE_ED25519
#include <wolfssl/wolfcrypt/ed25519.h>
#endif
#ifdef HAVE_BLAKE2
#include <wolfssl/wolfcrypt/blake2.h>
#endif
@ -191,6 +194,9 @@ int pbkdf2_test(void);
#ifdef HAVE_ECC25519
int ecc25519_test(void);
#endif
#ifdef HAVE_ED25519
int ed25519_test(void);
#endif
#ifdef HAVE_BLAKE2
int blake2b_test(void);
#endif
@ -524,6 +530,13 @@ int wolfcrypt_test(void* args)
printf( "ECC25519 test passed!\n");
#endif
#ifdef HAVE_ED25519
if ( (ret = ed25519_test()) != 0)
return err_sys("ED25519 test failed!\n", ret);
else
printf( "ED25519 test passed!\n");
#endif
#ifdef HAVE_LIBZ
if ( (ret = compress_test()) != 0)
return err_sys("COMPRESS test failed!\n", ret);
@ -5274,7 +5287,7 @@ int ecc25519_test(void)
if (y != x)
return -1006;
if (memcmp(sharedA, sharedB, x))
if (XMEMCMP(sharedA, sharedB, x))
return -1007;
/* export a public key and import it for another user */
@ -5289,7 +5302,7 @@ int ecc25519_test(void)
if (wc_ecc25519_shared_secret(&userB, &pubKey, sharedB, &y) != 0)
return -1010;
if (memcmp(sharedA, sharedB, y))
if (XMEMCMP(sharedA, sharedB, y))
return -1011;
/* import RFC test vectors and compare shared key */
@ -5306,7 +5319,7 @@ int ecc25519_test(void)
if (wc_ecc25519_shared_secret(&userA, &userB, sharedB, &y) != 0)
return -1014;
if (memcmp(ss, sharedB, y))
if (XMEMCMP(ss, sharedB, y))
return -1015;
/* test swaping roles of keys and generating same shared key */
@ -5314,7 +5327,7 @@ int ecc25519_test(void)
if (wc_ecc25519_shared_secret(&userB, &userA, sharedB, &y) != 0)
return -1016;
if (memcmp(ss, sharedB, y))
if (XMEMCMP(ss, sharedB, y))
return -1017;
/* clean up keys when done */
@ -5331,6 +5344,418 @@ int ecc25519_test(void)
#endif /* HAVE_ECC25519 */
#ifdef HAVE_ED25519
int ed25519_test(void)
{
RNG rng;
byte out[ED25519_SIG_SIZE];
byte exportPKey[ED25519_KEY_SIZE];
byte exportSKey[ED25519_KEY_SIZE];
word32 outlen;
word32 exportPSz;
word32 exportSSz;
word32 keySz, sigSz;
int i, verify;
ed25519_key key;
ed25519_key key2;
/* test vectors from
https://tools.ietf.org/html/draft-josefsson-eddsa-ed25519-02
*/
const byte sKey1[] = {
0x9d,0x61,0xb1,0x9d,0xef,0xfd,0x5a,0x60,
0xba,0x84,0x4a,0xf4,0x92,0xec,0x2c,0xc4,
0x44,0x49,0xc5,0x69,0x7b,0x32,0x69,0x19,
0x70,0x3b,0xac,0x03,0x1c,0xae,0x7f,0x60
};
const byte sKey2[] = {
0x4c,0xcd,0x08,0x9b,0x28,0xff,0x96,0xda,
0x9d,0xb6,0xc3,0x46,0xec,0x11,0x4e,0x0f,
0x5b,0x8a,0x31,0x9f,0x35,0xab,0xa6,0x24,
0xda,0x8c,0xf6,0xed,0x4f,0xb8,0xa6,0xfb
};
const byte sKey3[] = {
0xc5,0xaa,0x8d,0xf4,0x3f,0x9f,0x83,0x7b,
0xed,0xb7,0x44,0x2f,0x31,0xdc,0xb7,0xb1,
0x66,0xd3,0x85,0x35,0x07,0x6f,0x09,0x4b,
0x85,0xce,0x3a,0x2e,0x0b,0x44,0x58,0xf7
};
/* uncompressed test */
const byte sKey4[] = {
0x9d,0x61,0xb1,0x9d,0xef,0xfd,0x5a,0x60,
0xba,0x84,0x4a,0xf4,0x92,0xec,0x2c,0xc4,
0x44,0x49,0xc5,0x69,0x7b,0x32,0x69,0x19,
0x70,0x3b,0xac,0x03,0x1c,0xae,0x7f,0x60
};
/* compressed prefix test */
const byte sKey5[] = {
0x9d,0x61,0xb1,0x9d,0xef,0xfd,0x5a,0x60,
0xba,0x84,0x4a,0xf4,0x92,0xec,0x2c,0xc4,
0x44,0x49,0xc5,0x69,0x7b,0x32,0x69,0x19,
0x70,0x3b,0xac,0x03,0x1c,0xae,0x7f,0x60
};
const byte sKey6[] = {
0xf5,0xe5,0x76,0x7c,0xf1,0x53,0x31,0x95,
0x17,0x63,0x0f,0x22,0x68,0x76,0xb8,0x6c,
0x81,0x60,0xcc,0x58,0x3b,0xc0,0x13,0x74,
0x4c,0x6b,0xf2,0x55,0xf5,0xcc,0x0e,0xe5
};
const byte* sKeys[] = {sKey1, sKey2, sKey3, sKey4, sKey5, sKey6};
const byte pKey1[] = {
0xd7,0x5a,0x98,0x01,0x82,0xb1,0x0a,0xb7,
0xd5,0x4b,0xfe,0xd3,0xc9,0x64,0x07,0x3a,
0x0e,0xe1,0x72,0xf3,0xda,0xa6,0x23,0x25,
0xaf,0x02,0x1a,0x68,0xf7,0x07,0x51,0x1a
};
const byte pKey2[] = {
0x3d,0x40,0x17,0xc3,0xe8,0x43,0x89,0x5a,
0x92,0xb7,0x0a,0xa7,0x4d,0x1b,0x7e,0xbc,
0x9c,0x98,0x2c,0xcf,0x2e,0xc4,0x96,0x8c,
0xc0,0xcd,0x55,0xf1,0x2a,0xf4,0x66,0x0c
};
const byte pKey3[] = {
0xfc,0x51,0xcd,0x8e,0x62,0x18,0xa1,0xa3,
0x8d,0xa4,0x7e,0xd0,0x02,0x30,0xf0,0x58,
0x08,0x16,0xed,0x13,0xba,0x33,0x03,0xac,
0x5d,0xeb,0x91,0x15,0x48,0x90,0x80,0x25
};
/* uncompressed test */
const byte pKey4[] = {
0x04,0x55,0xd0,0xe0,0x9a,0x2b,0x9d,0x34,
0x29,0x22,0x97,0xe0,0x8d,0x60,0xd0,0xf6,
0x20,0xc5,0x13,0xd4,0x72,0x53,0x18,0x7c,
0x24,0xb1,0x27,0x86,0xbd,0x77,0x76,0x45,
0xce,0x1a,0x51,0x07,0xf7,0x68,0x1a,0x02,
0xaf,0x25,0x23,0xa6,0xda,0xf3,0x72,0xe1,
0x0e,0x3a,0x07,0x64,0xc9,0xd3,0xfe,0x4b,
0xd5,0xb7,0x0a,0xb1,0x82,0x01,0x98,0x5a,
0xd7
};
/* compressed prefix */
const byte pKey5[] = {
0x40,0xd7,0x5a,0x98,0x01,0x82,0xb1,0x0a,0xb7,
0xd5,0x4b,0xfe,0xd3,0xc9,0x64,0x07,0x3a,
0x0e,0xe1,0x72,0xf3,0xda,0xa6,0x23,0x25,
0xaf,0x02,0x1a,0x68,0xf7,0x07,0x51,0x1a
};
const byte pKey6[] = {
0x27,0x81,0x17,0xfc,0x14,0x4c,0x72,0x34,
0x0f,0x67,0xd0,0xf2,0x31,0x6e,0x83,0x86,
0xce,0xff,0xbf,0x2b,0x24,0x28,0xc9,0xc5,
0x1f,0xef,0x7c,0x59,0x7f,0x1d,0x42,0x6e
};
const byte* pKeys[] = {pKey1, pKey2, pKey3, pKey4, pKey5, pKey6};
const byte pKeySz[] = {sizeof(pKey1), sizeof(pKey2), sizeof(pKey3),
sizeof(pKey4), sizeof(pKey5), sizeof(pKey6)};
const byte sig1[] = {
0xe5,0x56,0x43,0x00,0xc3,0x60,0xac,0x72,
0x90,0x86,0xe2,0xcc,0x80,0x6e,0x82,0x8a,
0x84,0x87,0x7f,0x1e,0xb8,0xe5,0xd9,0x74,
0xd8,0x73,0xe0,0x65,0x22,0x49,0x01,0x55,
0x5f,0xb8,0x82,0x15,0x90,0xa3,0x3b,0xac,
0xc6,0x1e,0x39,0x70,0x1c,0xf9,0xb4,0x6b,
0xd2,0x5b,0xf5,0xf0,0x59,0x5b,0xbe,0x24,
0x65,0x51,0x41,0x43,0x8e,0x7a,0x10,0x0b
};
const byte sig2[] = {
0x92,0xa0,0x09,0xa9,0xf0,0xd4,0xca,0xb8,
0x72,0x0e,0x82,0x0b,0x5f,0x64,0x25,0x40,
0xa2,0xb2,0x7b,0x54,0x16,0x50,0x3f,0x8f,
0xb3,0x76,0x22,0x23,0xeb,0xdb,0x69,0xda,
0x08,0x5a,0xc1,0xe4,0x3e,0x15,0x99,0x6e,
0x45,0x8f,0x36,0x13,0xd0,0xf1,0x1d,0x8c,
0x38,0x7b,0x2e,0xae,0xb4,0x30,0x2a,0xee,
0xb0,0x0d,0x29,0x16,0x12,0xbb,0x0c,0x00
};
const byte sig3[] = {
0x62,0x91,0xd6,0x57,0xde,0xec,0x24,0x02,
0x48,0x27,0xe6,0x9c,0x3a,0xbe,0x01,0xa3,
0x0c,0xe5,0x48,0xa2,0x84,0x74,0x3a,0x44,
0x5e,0x36,0x80,0xd7,0xdb,0x5a,0xc3,0xac,
0x18,0xff,0x9b,0x53,0x8d,0x16,0xf2,0x90,
0xae,0x67,0xf7,0x60,0x98,0x4d,0xc6,0x59,
0x4a,0x7c,0x15,0xe9,0x71,0x6e,0xd2,0x8d,
0xc0,0x27,0xbe,0xce,0xea,0x1e,0xc4,0x0a
};
/* uncompressed test */
const byte sig4[] = {
0xe5,0x56,0x43,0x00,0xc3,0x60,0xac,0x72,
0x90,0x86,0xe2,0xcc,0x80,0x6e,0x82,0x8a,
0x84,0x87,0x7f,0x1e,0xb8,0xe5,0xd9,0x74,
0xd8,0x73,0xe0,0x65,0x22,0x49,0x01,0x55,
0x5f,0xb8,0x82,0x15,0x90,0xa3,0x3b,0xac,
0xc6,0x1e,0x39,0x70,0x1c,0xf9,0xb4,0x6b,
0xd2,0x5b,0xf5,0xf0,0x59,0x5b,0xbe,0x24,
0x65,0x51,0x41,0x43,0x8e,0x7a,0x10,0x0b
};
/* compressed prefix */
const byte sig5[] = {
0xe5,0x56,0x43,0x00,0xc3,0x60,0xac,0x72,
0x90,0x86,0xe2,0xcc,0x80,0x6e,0x82,0x8a,
0x84,0x87,0x7f,0x1e,0xb8,0xe5,0xd9,0x74,
0xd8,0x73,0xe0,0x65,0x22,0x49,0x01,0x55,
0x5f,0xb8,0x82,0x15,0x90,0xa3,0x3b,0xac,
0xc6,0x1e,0x39,0x70,0x1c,0xf9,0xb4,0x6b,
0xd2,0x5b,0xf5,0xf0,0x59,0x5b,0xbe,0x24,
0x65,0x51,0x41,0x43,0x8e,0x7a,0x10,0x0b
};
const byte sig6[] = {
0x0a,0xab,0x4c,0x90,0x05,0x01,0xb3,0xe2,
0x4d,0x7c,0xdf,0x46,0x63,0x32,0x6a,0x3a,
0x87,0xdf,0x5e,0x48,0x43,0xb2,0xcb,0xdb,
0x67,0xcb,0xf6,0xe4,0x60,0xfe,0xc3,0x50,
0xaa,0x53,0x71,0xb1,0x50,0x8f,0x9f,0x45,
0x28,0xec,0xea,0x23,0xc4,0x36,0xd9,0x4b,
0x5e,0x8f,0xcd,0x4f,0x68,0x1e,0x30,0xa6,
0xac,0x00,0xa9,0x70,0x4a,0x18,0x8a,0x03
};
const byte* sigs[] = {sig1, sig2, sig3, sig4, sig5, sig6};
const byte msg1[] = {};
const byte msg2[] = {0x72};
const byte msg3[] = {0xAF,0x82};
/* test of a 1024 byte long message */
const byte msg4[] = {
0x08,0xb8,0xb2,0xb7,0x33,0x42,0x42,0x43,
0x76,0x0f,0xe4,0x26,0xa4,0xb5,0x49,0x08,
0x63,0x21,0x10,0xa6,0x6c,0x2f,0x65,0x91,
0xea,0xbd,0x33,0x45,0xe3,0xe4,0xeb,0x98,
0xfa,0x6e,0x26,0x4b,0xf0,0x9e,0xfe,0x12,
0xee,0x50,0xf8,0xf5,0x4e,0x9f,0x77,0xb1,
0xe3,0x55,0xf6,0xc5,0x05,0x44,0xe2,0x3f,
0xb1,0x43,0x3d,0xdf,0x73,0xbe,0x84,0xd8,
0x79,0xde,0x7c,0x00,0x46,0xdc,0x49,0x96,
0xd9,0xe7,0x73,0xf4,0xbc,0x9e,0xfe,0x57,
0x38,0x82,0x9a,0xdb,0x26,0xc8,0x1b,0x37,
0xc9,0x3a,0x1b,0x27,0x0b,0x20,0x32,0x9d,
0x65,0x86,0x75,0xfc,0x6e,0xa5,0x34,0xe0,
0x81,0x0a,0x44,0x32,0x82,0x6b,0xf5,0x8c,
0x94,0x1e,0xfb,0x65,0xd5,0x7a,0x33,0x8b,
0xbd,0x2e,0x26,0x64,0x0f,0x89,0xff,0xbc,
0x1a,0x85,0x8e,0xfc,0xb8,0x55,0x0e,0xe3,
0xa5,0xe1,0x99,0x8b,0xd1,0x77,0xe9,0x3a,
0x73,0x63,0xc3,0x44,0xfe,0x6b,0x19,0x9e,
0xe5,0xd0,0x2e,0x82,0xd5,0x22,0xc4,0xfe,
0xba,0x15,0x45,0x2f,0x80,0x28,0x8a,0x82,
0x1a,0x57,0x91,0x16,0xec,0x6d,0xad,0x2b,
0x3b,0x31,0x0d,0xa9,0x03,0x40,0x1a,0xa6,
0x21,0x00,0xab,0x5d,0x1a,0x36,0x55,0x3e,
0x06,0x20,0x3b,0x33,0x89,0x0c,0xc9,0xb8,
0x32,0xf7,0x9e,0xf8,0x05,0x60,0xcc,0xb9,
0xa3,0x9c,0xe7,0x67,0x96,0x7e,0xd6,0x28,
0xc6,0xad,0x57,0x3c,0xb1,0x16,0xdb,0xef,
0xef,0xd7,0x54,0x99,0xda,0x96,0xbd,0x68,
0xa8,0xa9,0x7b,0x92,0x8a,0x8b,0xbc,0x10,
0x3b,0x66,0x21,0xfc,0xde,0x2b,0xec,0xa1,
0x23,0x1d,0x20,0x6b,0xe6,0xcd,0x9e,0xc7,
0xaf,0xf6,0xf6,0xc9,0x4f,0xcd,0x72,0x04,
0xed,0x34,0x55,0xc6,0x8c,0x83,0xf4,0xa4,
0x1d,0xa4,0xaf,0x2b,0x74,0xef,0x5c,0x53,
0xf1,0xd8,0xac,0x70,0xbd,0xcb,0x7e,0xd1,
0x85,0xce,0x81,0xbd,0x84,0x35,0x9d,0x44,
0x25,0x4d,0x95,0x62,0x9e,0x98,0x55,0xa9,
0x4a,0x7c,0x19,0x58,0xd1,0xf8,0xad,0xa5,
0xd0,0x53,0x2e,0xd8,0xa5,0xaa,0x3f,0xb2,
0xd1,0x7b,0xa7,0x0e,0xb6,0x24,0x8e,0x59,
0x4e,0x1a,0x22,0x97,0xac,0xbb,0xb3,0x9d,
0x50,0x2f,0x1a,0x8c,0x6e,0xb6,0xf1,0xce,
0x22,0xb3,0xde,0x1a,0x1f,0x40,0xcc,0x24,
0x55,0x41,0x19,0xa8,0x31,0xa9,0xaa,0xd6,
0x07,0x9c,0xad,0x88,0x42,0x5d,0xe6,0xbd,
0xe1,0xa9,0x18,0x7e,0xbb,0x60,0x92,0xcf,
0x67,0xbf,0x2b,0x13,0xfd,0x65,0xf2,0x70,
0x88,0xd7,0x8b,0x7e,0x88,0x3c,0x87,0x59,
0xd2,0xc4,0xf5,0xc6,0x5a,0xdb,0x75,0x53,
0x87,0x8a,0xd5,0x75,0xf9,0xfa,0xd8,0x78,
0xe8,0x0a,0x0c,0x9b,0xa6,0x3b,0xcb,0xcc,
0x27,0x32,0xe6,0x94,0x85,0xbb,0xc9,0xc9,
0x0b,0xfb,0xd6,0x24,0x81,0xd9,0x08,0x9b,
0xec,0xcf,0x80,0xcf,0xe2,0xdf,0x16,0xa2,
0xcf,0x65,0xbd,0x92,0xdd,0x59,0x7b,0x07,
0x07,0xe0,0x91,0x7a,0xf4,0x8b,0xbb,0x75,
0xfe,0xd4,0x13,0xd2,0x38,0xf5,0x55,0x5a,
0x7a,0x56,0x9d,0x80,0xc3,0x41,0x4a,0x8d,
0x08,0x59,0xdc,0x65,0xa4,0x61,0x28,0xba,
0xb2,0x7a,0xf8,0x7a,0x71,0x31,0x4f,0x31,
0x8c,0x78,0x2b,0x23,0xeb,0xfe,0x80,0x8b,
0x82,0xb0,0xce,0x26,0x40,0x1d,0x2e,0x22,
0xf0,0x4d,0x83,0xd1,0x25,0x5d,0xc5,0x1a,
0xdd,0xd3,0xb7,0x5a,0x2b,0x1a,0xe0,0x78,
0x45,0x04,0xdf,0x54,0x3a,0xf8,0x96,0x9b,
0xe3,0xea,0x70,0x82,0xff,0x7f,0xc9,0x88,
0x8c,0x14,0x4d,0xa2,0xaf,0x58,0x42,0x9e,
0xc9,0x60,0x31,0xdb,0xca,0xd3,0xda,0xd9,
0xaf,0x0d,0xcb,0xaa,0xaf,0x26,0x8c,0xb8,
0xfc,0xff,0xea,0xd9,0x4f,0x3c,0x7c,0xa4,
0x95,0xe0,0x56,0xa9,0xb4,0x7a,0xcd,0xb7,
0x51,0xfb,0x73,0xe6,0x66,0xc6,0xc6,0x55,
0xad,0xe8,0x29,0x72,0x97,0xd0,0x7a,0xd1,
0xba,0x5e,0x43,0xf1,0xbc,0xa3,0x23,0x01,
0x65,0x13,0x39,0xe2,0x29,0x04,0xcc,0x8c,
0x42,0xf5,0x8c,0x30,0xc0,0x4a,0xaf,0xdb,
0x03,0x8d,0xda,0x08,0x47,0xdd,0x98,0x8d,
0xcd,0xa6,0xf3,0xbf,0xd1,0x5c,0x4b,0x4c,
0x45,0x25,0x00,0x4a,0xa0,0x6e,0xef,0xf8,
0xca,0x61,0x78,0x3a,0xac,0xec,0x57,0xfb,
0x3d,0x1f,0x92,0xb0,0xfe,0x2f,0xd1,0xa8,
0x5f,0x67,0x24,0x51,0x7b,0x65,0xe6,0x14,
0xad,0x68,0x08,0xd6,0xf6,0xee,0x34,0xdf,
0xf7,0x31,0x0f,0xdc,0x82,0xae,0xbf,0xd9,
0x04,0xb0,0x1e,0x1d,0xc5,0x4b,0x29,0x27,
0x09,0x4b,0x2d,0xb6,0x8d,0x6f,0x90,0x3b,
0x68,0x40,0x1a,0xde,0xbf,0x5a,0x7e,0x08,
0xd7,0x8f,0xf4,0xef,0x5d,0x63,0x65,0x3a,
0x65,0x04,0x0c,0xf9,0xbf,0xd4,0xac,0xa7,
0x98,0x4a,0x74,0xd3,0x71,0x45,0x98,0x67,
0x80,0xfc,0x0b,0x16,0xac,0x45,0x16,0x49,
0xde,0x61,0x88,0xa7,0xdb,0xdf,0x19,0x1f,
0x64,0xb5,0xfc,0x5e,0x2a,0xb4,0x7b,0x57,
0xf7,0xf7,0x27,0x6c,0xd4,0x19,0xc1,0x7a,
0x3c,0xa8,0xe1,0xb9,0x39,0xae,0x49,0xe4,
0x88,0xac,0xba,0x6b,0x96,0x56,0x10,0xb5,
0x48,0x01,0x09,0xc8,0xb1,0x7b,0x80,0xe1,
0xb7,0xb7,0x50,0xdf,0xc7,0x59,0x8d,0x5d,
0x50,0x11,0xfd,0x2d,0xcc,0x56,0x00,0xa3,
0x2e,0xf5,0xb5,0x2a,0x1e,0xcc,0x82,0x0e,
0x30,0x8a,0xa3,0x42,0x72,0x1a,0xac,0x09,
0x43,0xbf,0x66,0x86,0xb6,0x4b,0x25,0x79,
0x37,0x65,0x04,0xcc,0xc4,0x93,0xd9,0x7e,
0x6a,0xed,0x3f,0xb0,0xf9,0xcd,0x71,0xa4,
0x3d,0xd4,0x97,0xf0,0x1f,0x17,0xc0,0xe2,
0xcb,0x37,0x97,0xaa,0x2a,0x2f,0x25,0x66,
0x56,0x16,0x8e,0x6c,0x49,0x6a,0xfc,0x5f,
0xb9,0x32,0x46,0xf6,0xb1,0x11,0x63,0x98,
0xa3,0x46,0xf1,0xa6,0x41,0xf3,0xb0,0x41,
0xe9,0x89,0xf7,0x91,0x4f,0x90,0xcc,0x2c,
0x7f,0xff,0x35,0x78,0x76,0xe5,0x06,0xb5,
0x0d,0x33,0x4b,0xa7,0x7c,0x22,0x5b,0xc3,
0x07,0xba,0x53,0x71,0x52,0xf3,0xf1,0x61,
0x0e,0x4e,0xaf,0xe5,0x95,0xf6,0xd9,0xd9,
0x0d,0x11,0xfa,0xa9,0x33,0xa1,0x5e,0xf1,
0x36,0x95,0x46,0x86,0x8a,0x7f,0x3a,0x45,
0xa9,0x67,0x68,0xd4,0x0f,0xd9,0xd0,0x34,
0x12,0xc0,0x91,0xc6,0x31,0x5c,0xf4,0xfd,
0xe7,0xcb,0x68,0x60,0x69,0x37,0x38,0x0d,
0xb2,0xea,0xaa,0x70,0x7b,0x4c,0x41,0x85,
0xc3,0x2e,0xdd,0xcd,0xd3,0x06,0x70,0x5e,
0x4d,0xc1,0xff,0xc8,0x72,0xee,0xee,0x47,
0x5a,0x64,0xdf,0xac,0x86,0xab,0xa4,0x1c,
0x06,0x18,0x98,0x3f,0x87,0x41,0xc5,0xef,
0x68,0xd3,0xa1,0x01,0xe8,0xa3,0xb8,0xca,
0xc6,0x0c,0x90,0x5c,0x15,0xfc,0x91,0x08,
0x40,0xb9,0x4c,0x00,0xa0,0xb9,0xd0
};
const byte* msgs[] = {msg1, msg2, msg3, msg1, msg1, msg4};
const word16 msgSz[] = {sizeof(msg1), sizeof(msg2), sizeof(msg3),
sizeof(msg1), sizeof(msg1), sizeof(msg4)};
/* create ed25519 keys */
wc_InitRng(&rng);
wc_ed25519_init(&key);
wc_ed25519_init(&key2);
wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &key);
wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &key2);
/* helper functions for signature and key size */
keySz = wc_ed25519_size(&key);
sigSz = wc_ed25519_sig_size(&key);
for (i = 0; i < 6; i++) {
outlen = sizeof(out);
XMEMSET(out, 0, sizeof(out));
if (wc_ed25519_import_private_key(sKeys[i], ED25519_KEY_SIZE, pKeys[i],
pKeySz[i], &key) != 0)
return -1021;
if (wc_ed25519_sign_msg(msgs[i], msgSz[i], out, &outlen, &key)
!= 0)
return -1022;
if (XMEMCMP(out, sigs[i], 64))
return -1023;
/* test verify on good msg */
if (wc_ed25519_verify_msg(out, outlen, msgs[i], msgSz[i], &verify,
&key) != 0 || verify != 1)
return -1024;
/* test verify on bad msg */
out[outlen-1] = out[outlen-1] + 1;
if (wc_ed25519_verify_msg(out, outlen, msgs[i], msgSz[i], &verify,
&key) == 0 || verify == 1)
return -1025;
/* test api for import/exporting keys */
exportPSz = sizeof(exportPKey);
exportSSz = sizeof(exportSKey);
if (wc_ed25519_export_public(&key, exportPKey, &exportPSz) != 0)
return -1026;
if (wc_ed25519_import_public(exportPKey, exportPSz, &key2) != 0)
return -1027;
if (wc_ed25519_export_private_only(&key, exportSKey, &exportSSz) != 0)
return -1028;
if (wc_ed25519_import_private_key(exportSKey, exportSSz,
exportPKey, exportPSz, &key2) != 0)
return -1029;
/* clear "out" buffer and test sign with imported keys */
outlen = sizeof(out);
XMEMSET(out, 0, sizeof(out));
if (wc_ed25519_sign_msg(msgs[i], msgSz[i], out, &outlen, &key2) != 0)
return -1030;
if (wc_ed25519_verify_msg(out, outlen, msgs[i], msgSz[i], &verify,
&key2) != 0 || verify != 1)
return -1031;
if (XMEMCMP(out, sigs[i], 64))
return -1032;
}
/* clean up keys when done */
wc_ed25519_free(&key);
wc_ed25519_free(&key2);
#if defined(HAVE_HASHDRBG) || defined(NO_RC4)
wc_FreeRng(&rng);
#endif
/* hush warrnings of unused keySz and sigSz */
(void)keySz;
(void)sigSz;
return 0;
}
#endif /* HAVE_ED25519 */
#ifdef HAVE_LIBZ
const byte sample_text[] =

2
wolfssl/wolfcrypt/ecc25519.h
View File

@ -26,7 +26,7 @@
#ifdef HAVE_ECC25519
#include <wolfssl/wolfcrypt/ecc25519_fe.h>
#include <wolfssl/wolfcrypt/fe_operations.h>
#include <wolfssl/wolfcrypt/random.h>
#ifdef __cplusplus

61
wolfssl/wolfcrypt/ecc25519_fe.h
View File

@ -1,61 +0,0 @@
/* ecc25519_fe.h
*
* Copyright (C) 2006-2015 wolfSSL Inc.
*
* This file is part of wolfSSL. (formerly known as CyaSSL)
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
*/
/* Based On Daniel J Bernstein's curve25519 Public Domain ref10 work. */
#ifndef WOLF_CRYPT_ECC25519_FE_H
#define WOLF_CRYPT_ECC25519_FE_H
#include <wolfssl/wolfcrypt/settings.h>
#ifdef HAVE_ECC25519
#include <stdint.h>
typedef int32_t fe[10];
/*
fe means field element.
Here the field is \Z/(2^255-19).
An element t, entries t[0]...t[9], represents the integer
t[0]+2^26 t[1]+2^51 t[2]+2^77 t[3]+2^102 t[4]+...+2^230 t[9].
Bounds on each t[i] vary depending on context.
*/
void fe_frombytes(fe,const unsigned char *);
void fe_tobytes(unsigned char *,fe);
void fe_copy(fe,fe);
void fe_0(fe);
void fe_1(fe);
void fe_cswap(fe,fe,unsigned int);
void fe_add(fe,fe,fe);
void fe_sub(fe,fe,fe);
void fe_mul(fe,fe,fe);
void fe_sq(fe,fe);
void fe_mul121666(fe,fe);
void fe_invert(fe,fe);
#endif /* HAVE_ECC25519 */
#endif /* include guard */

42
wolfssl/wolfcrypt/ecc25519_montgomery.h
View File

@ -1,42 +0,0 @@
/* ecc25519_montgomery.h
*
* Copyright (C) 2006-2015 wolfSSL Inc.
*
* This file is part of wolfSSL. (formerly known as CyaSSL)
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
*/
/* Based On Daniel J Bernstein's curve25519 Public Domain ref10 work. */
fe_sub(tmp0,x3,z3);
fe_sub(tmp1,x2,z2);
fe_add(x2,x2,z2);
fe_add(z2,x3,z3);
fe_mul(z3,tmp0,x2);
fe_mul(z2,z2,tmp1);
fe_sq(tmp0,tmp1);
fe_sq(tmp1,x2);
fe_add(x3,z3,z2);
fe_sub(z2,z3,z2);
fe_mul(x2,tmp1,tmp0);
fe_sub(tmp1,tmp1,tmp0);
fe_sq(z2,z2);
fe_mul121666(z3,tmp1);
fe_sq(x3,x3);
fe_add(tmp0,tmp0,z3);
fe_mul(z3,x1,z2);
fe_mul(z2,tmp1,tmp0);

46
wolfssl/wolfcrypt/ecc25519_pow225521.h
View File

@ -1,46 +0,0 @@
/* ecc25519_pow225521.h
*
* Copyright (C) 2006-2015 wolfSSL Inc.
*
* This file is part of wolfSSL. (formerly known as CyaSSL)
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
*/
/* Based On Daniel J Bernstein's curve25519 Public Domain ref10 work. */
fe_sq(t0,z); for (i = 1;i < 1;++i) fe_sq(t0,t0);
fe_sq(t1,t0); for (i = 1;i < 2;++i) fe_sq(t1,t1);
fe_mul(t1,z,t1);
fe_mul(t0,t0,t1);
fe_sq(t2,t0); for (i = 1;i < 1;++i) fe_sq(t2,t2);
fe_mul(t1,t1,t2);
fe_sq(t2,t1); for (i = 1;i < 5;++i) fe_sq(t2,t2);
fe_mul(t1,t2,t1);
fe_sq(t2,t1); for (i = 1;i < 10;++i) fe_sq(t2,t2);
fe_mul(t2,t2,t1);
fe_sq(t3,t2); for (i = 1;i < 20;++i) fe_sq(t3,t3);
fe_mul(t2,t3,t2);
fe_sq(t2,t2); for (i = 1;i < 10;++i) fe_sq(t2,t2);
fe_mul(t1,t2,t1);
fe_sq(t2,t1); for (i = 1;i < 50;++i) fe_sq(t2,t2);
fe_mul(t2,t2,t1);
fe_sq(t3,t2); for (i = 1;i < 100;++i) fe_sq(t3,t3);
fe_mul(t2,t3,t2);
fe_sq(t2,t2); for (i = 1;i < 50;++i) fe_sq(t2,t2);
fe_mul(t1,t2,t1);
fe_sq(t1,t1); for (i = 1;i < 5;++i) fe_sq(t1,t1);
fe_mul(out,t1,t0);

94
wolfssl/wolfcrypt/ed25519.h Normal file
View File

@ -0,0 +1,94 @@
/* ed25519.h
*
* Copyright (C) 2006-2015 wolfSSL Inc.
*
* This file is part of wolfSSL. (formerly known as CyaSSL)
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
*/
#ifndef WOLF_CRYPT_ED25519_H
#define WOLF_CRYPT_ED25519_H
#include <wolfssl/wolfcrypt/types.h>
#ifdef HAVE_ED25519
#include <wolfssl/wolfcrypt/fe_operations.h>
#include <wolfssl/wolfcrypt/ge_operations.h>
#include <wolfssl/wolfcrypt/random.h>
#include <wolfssl/wolfcrypt/sha512.h>
#ifdef __cplusplus
extern "C" {
#endif
/* info about EdDSA curve specifically ed25519, defined as an elliptic curve
over GF(p) */
/*
32, key size
"ED25519", curve name
"2^255-19", prime number
"SHA512", hash function
"-121665/121666", value of d
*/
#define ED25519_KEY_SIZE 32
#define ED25519_SIG_SIZE 64
/* An ED25519 Key */
typedef struct {
byte p[32]; /* compressed public key */
byte k[64]; /* private key : 32 secret -- 32 public */
} ed25519_key;
WOLFSSL_API
int wc_ed25519_make_key(RNG* rng, int keysize, ed25519_key* key);
WOLFSSL_API
int wc_ed25519_sign_msg(const byte* in, word32 inlen, byte* out,
word32 *outlen, ed25519_key* key);
WOLFSSL_API
int wc_ed25519_verify_msg(byte* sig, word32 siglen, const byte* msg,
word32 msglen, int* stat, ed25519_key* key);
WOLFSSL_API
int wc_ed25519_init(ed25519_key* key);
WOLFSSL_API
void wc_ed25519_free(ed25519_key* key);
WOLFSSL_API
int wc_ed25519_import_public(const byte* in, word32 inLen, ed25519_key* key);
WOLFSSL_API
int wc_ed25519_import_private_key(const byte* priv, word32 privSz,
const byte* pub, word32 pubSz, ed25519_key* key);
WOLFSSL_API
int wc_ed25519_export_public(ed25519_key*, byte* out, word32* outLen);
WOLFSSL_API
int wc_ed25519_export_private_only(ed25519_key* key, byte* out, word32* outLen);
/* size helper */
WOLFSSL_API
int wc_ed25519_size(ed25519_key* key);
WOLFSSL_API
int wc_ed25519_sig_size(ed25519_key* key);
#ifdef __cplusplus
} /* extern "C" */
#endif
#endif /* HAVE_ED25519 */
#endif /* WOLF_CRYPT_ED25519_H */

67
wolfssl/wolfcrypt/fe_operations.h Normal file
View File

@ -0,0 +1,67 @@
/* fe_operations.h
*
* Copyright (C) 2006-2015 wolfSSL Inc.
*
* This file is part of wolfSSL. (formerly known as CyaSSL)
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
*/
/* Based On Daniel J Bernstein's curve25519 and ed25519 Public Domain ref10
work. */
#ifndef WOLF_CRYPT_FE_OPERATIONS_H
#define WOLF_CRYPT_FE_OPERATIONS_H
#include <wolfssl/wolfcrypt/settings.h>
#if defined(HAVE_ECC25519) || defined(HAVE_ED25519)
#include <stdint.h>
/*
fe means field element.
Here the field is \Z/(2^255-19).
An element t, entries t[0]...t[9], represents the integer
t[0]+2^26 t[1]+2^51 t[2]+2^77 t[3]+2^102 t[4]+...+2^230 t[9].
Bounds on each t[i] vary depending on context.
*/
typedef int32_t fe[10];
WOLFSSL_LOCAL void fe_0(fe);
WOLFSSL_LOCAL void fe_1(fe);
WOLFSSL_LOCAL void fe_add(fe, const fe, const fe);
WOLFSSL_LOCAL void fe_tobytes(unsigned char *, const fe);
WOLFSSL_LOCAL void fe_sub(fe, const fe, const fe);
WOLFSSL_LOCAL void fe_invert(fe, const fe);
WOLFSSL_LOCAL void fe_sq(fe, const fe);
WOLFSSL_LOCAL void fe_sq2(fe,const fe);
WOLFSSL_LOCAL void fe_frombytes(fe,const unsigned char *);
WOLFSSL_LOCAL void fe_mul(fe,const fe,const fe);
WOLFSSL_LOCAL void fe_copy(fe, const fe);
WOLFSSL_LOCAL void fe_cswap(fe,fe,unsigned int);
WOLFSSL_LOCAL void fe_mul121666(fe,fe);
WOLFSSL_LOCAL int fe_isnonzero(const fe);
WOLFSSL_LOCAL int fe_isnegative(const fe);
WOLFSSL_LOCAL void fe_cmov(fe,const fe,unsigned int);
WOLFSSL_LOCAL void fe_neg(fe,const fe);
WOLFSSL_LOCAL void fe_pow22523(fe,const fe);
WOLFSSL_LOCAL uint64_t load_3(const unsigned char *in);
WOLFSSL_LOCAL uint64_t load_4(const unsigned char *in);
#endif /* HAVE_ECC25519 or HAVE_ED25519 */
#endif /* WOLF_CRYPT_FE_OPERATIONS_H */

106
wolfssl/wolfcrypt/ge_operations.h Normal file
View File

@ -0,0 +1,106 @@
/* ge_operations.h
*
* Copyright (C) 2006-2015 wolfSSL Inc.
*
* This file is part of wolfSSL. (formerly known as CyaSSL)
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
*/
/* Based On Daniel J Bernstein's ed25519 Public Domain ref10 work. */
#ifndef WOLF_CRYPT_GE_OPERATIONS_H
#define WOLF_CRYPT_GE_OPERATIONS_H
#include <wolfssl/wolfcrypt/settings.h>
#ifdef HAVE_ED25519
#include <stdint.h>
#include <wolfssl/wolfcrypt/fe_operations.h>
/*
ge means group element.
Here the group is the set of pairs (x,y) of field elements (see fe.h)
satisfying -x^2 + y^2 = 1 + d x^2y^2
where d = -121665/121666.
Representations:
ge_p2 (projective): (X:Y:Z) satisfying x=X/Z, y=Y/Z
ge_p3 (extended): (X:Y:Z:T) satisfying x=X/Z, y=Y/Z, XY=ZT
ge_p1p1 (completed): ((X:Z),(Y:T)) satisfying x=X/Z, y=Y/T
ge_precomp (Duif): (y+x,y-x,2dxy)
*/
typedef struct {
fe X;
fe Y;
fe Z;
} ge_p2;
typedef struct {
fe X;
fe Y;
fe Z;
fe T;
} ge_p3;
typedef struct {
fe X;
fe Y;
fe Z;
fe T;
} ge_p1p1;
typedef struct {
fe yplusx;
fe yminusx;
fe xy2d;
} ge_precomp;
typedef struct {
fe YplusX;
fe YminusX;
fe Z;
fe T2d;
} ge_cached;
WOLFSSL_LOCAL void ge_tobytes(unsigned char *,const ge_p2 *);
WOLFSSL_LOCAL void ge_p3_tobytes(unsigned char *,const ge_p3 *);
WOLFSSL_LOCAL int ge_frombytes_negate_vartime(ge_p3 *,const unsigned char *);
WOLFSSL_LOCAL void ge_p2_0(ge_p2 *);
WOLFSSL_LOCAL void ge_p3_0(ge_p3 *);
WOLFSSL_LOCAL void ge_precomp_0(ge_precomp *);
WOLFSSL_LOCAL void ge_p3_to_p2(ge_p2 *,const ge_p3 *);
WOLFSSL_LOCAL void ge_p3_to_cached(ge_cached *,const ge_p3 *);
WOLFSSL_LOCAL void ge_p1p1_to_p2(ge_p2 *,const ge_p1p1 *);
WOLFSSL_LOCAL void ge_p1p1_to_p3(ge_p3 *,const ge_p1p1 *);
WOLFSSL_LOCAL void ge_p2_dbl(ge_p1p1 *,const ge_p2 *);
WOLFSSL_LOCAL void ge_p3_dbl(ge_p1p1 *,const ge_p3 *);
WOLFSSL_LOCAL void ge_madd(ge_p1p1 *,const ge_p3 *,const ge_precomp *);
WOLFSSL_LOCAL void ge_msub(ge_p1p1 *,const ge_p3 *,const ge_precomp *);
WOLFSSL_LOCAL void ge_add(ge_p1p1 *,const ge_p3 *,const ge_cached *);
WOLFSSL_LOCAL void ge_sub(ge_p1p1 *,const ge_p3 *,const ge_cached *);
WOLFSSL_LOCAL void ge_scalarmult_base(ge_p3 *,const unsigned char *);
WOLFSSL_LOCAL void ge_double_scalarmult_vartime(ge_p2 *,const unsigned char *,
const ge_p3 *,const unsigned char *);
#endif /* HAVE_ED25519 */
#endif /* WOLF_CRYPT_GE_OPERATIONS_H */

6
wolfssl/wolfcrypt/include.am
View File

@ -15,9 +15,9 @@ nobase_include_HEADERS+= \
wolfssl/wolfcrypt/dsa.h \
wolfssl/wolfcrypt/ecc.h \
wolfssl/wolfcrypt/ecc25519.h \
wolfssl/wolfcrypt/ecc25519_fe.h \
wolfssl/wolfcrypt/ecc25519_pow225521.h \
wolfssl/wolfcrypt/ecc25519_montgomery.h \
wolfssl/wolfcrypt/ed25519.h \
wolfssl/wolfcrypt/fe_operations.h \
wolfssl/wolfcrypt/ge_operations.h \
wolfssl/wolfcrypt/error-crypt.h \
wolfssl/wolfcrypt/fips_test.h \
wolfssl/wolfcrypt/hc128.h \