curve25519 and ed25519 low memory

2015-06-05 15:39:37 -06:00
parent 96a298018d
commit e461bc72b8
11 changed files with 2060 additions and 790 deletions
--- a/wolfcrypt/src/fe_operations.c
+++ b/wolfcrypt/src/fe_operations.c
@@ -105,6 +105,72 @@ void fe_0(fe h)
 }


+int curve25519(byte* q, byte* n, byte* p)
+{
+  unsigned char e[32];
+  unsigned int i;
+  fe x1;
+  fe x2;
+  fe z2;
+  fe x3;
+  fe z3;
+  fe tmp0;
+  fe tmp1;
+  int pos;
+  unsigned int swap;
+  unsigned int b;
+
+  for (i = 0;i < 32;++i) e[i] = n[i];
+  e[0] &= 248;
+  e[31] &= 127;
+  e[31] |= 64;
+
+  fe_frombytes(x1,p);
+  fe_1(x2);
+  fe_0(z2);
+  fe_copy(x3,x1);
+  fe_1(z3);
+
+  swap = 0;
+  for (pos = 254;pos >= 0;--pos) {
+    b = e[pos / 8] >> (pos & 7);
+    b &= 1;
+    swap ^= b;
+    fe_cswap(x2,x3,swap);
+    fe_cswap(z2,z3,swap);
+    swap = b;
+
+    /* montgomery */
+	fe_sub(tmp0,x3,z3);
+	fe_sub(tmp1,x2,z2);
+	fe_add(x2,x2,z2);
+	fe_add(z2,x3,z3);
+	fe_mul(z3,tmp0,x2);
+	fe_mul(z2,z2,tmp1);
+	fe_sq(tmp0,tmp1);
+	fe_sq(tmp1,x2);
+	fe_add(x3,z3,z2);
+	fe_sub(z2,z3,z2);
+	fe_mul(x2,tmp1,tmp0);
+	fe_sub(tmp1,tmp1,tmp0);
+	fe_sq(z2,z2);
+	fe_mul121666(z3,tmp1);
+	fe_sq(x3,x3);
+	fe_add(tmp0,tmp0,z3);
+	fe_mul(z3,x1,z2);
+	fe_mul(z2,tmp1,tmp0);
+  }
+  fe_cswap(x2,x3,swap);
+  fe_cswap(z2,z3,swap);
+
+  fe_invert(z2,z2);
+  fe_mul(x2,x2,z2);
+  fe_tobytes(q,x2);
+
+  return 0;
+}
+
+
 /*
 h = f * f
 Can overlap h with f.
@@ -1236,9 +1302,6 @@ void fe_neg(fe h,const fe f)


 /*
-return 1 if f == 0
-return 0 if f != 0
-
 Preconditions:
   |f| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc.
 */