mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2025-07-31 19:24:42 +02:00
tiddy up 25519
This commit is contained in:
toddouska
@@ -1,99 +0,0 @@
|
||||
#/* ecc25519_montgomery.q
|
||||
# *
|
||||
# * Copyright (C) 2006-2015 wolfSSL Inc.
|
||||
# *
|
||||
# * This file is part of wolfSSL. (formerly known as CyaSSL)
|
||||
# *
|
||||
# * wolfSSL is free software; you can redistribute it and/or modify
|
||||
# * it under the terms of the GNU General Public License as published by
|
||||
# * the Free Software Foundation; either version 2 of the License, or
|
||||
# * (at your option) any later version.
|
||||
# *
|
||||
# * wolfSSL is distributed in the hope that it will be useful,
|
||||
# * but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# * GNU General Public License for more details.
|
||||
# *
|
||||
# * You should have received a copy of the GNU General Public License
|
||||
# * along with this program; if not, write to the Free Software
|
||||
# * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
|
||||
# *
|
||||
# * From Daniel J Bernstein's curve25519 ref10 work.
|
||||
# */
|
||||
|
||||
:name:fe:x2:z2:x3:z3:tmp0:tmp1:
|
||||
fe r:var/r=fe:
|
||||
|
||||
enter f:enter/f:>X2=fe#1:>Z2=fe#2:>X3=fe#3:>Z3=fe#4:
|
||||
return:nofallthrough:<X4=fe#1:<Z4=fe#2:<X5=fe#3:<Z5=fe#4:leave:
|
||||
|
||||
h=f+g:<f=fe:<g=fe:>h=fe:asm/fe_add(>h,<f,<g);:
|
||||
h=f-g:<f=fe:<g=fe:>h=fe:asm/fe_sub(>h,<f,<g);:
|
||||
h=f*g:<f=fe:<g=fe:>h=fe:asm/fe_mul(>h,<f,<g);:
|
||||
h=f^2:<f=fe:>h=fe:asm/fe_sq(>h,<f);:
|
||||
|
||||
h=X1*g:<g=fe:>h=fe:asm/fe_mul(>h,x1,<g);:
|
||||
h=a24*g:<g=fe:>h=fe:asm/fe_mul121666(>h,<g);:
|
||||
|
||||
assign x2 to h:<h=fe#1:
|
||||
assign z2 to h:<h=fe#2:
|
||||
assign x3 to h:<h=fe#3:
|
||||
assign z3 to h:<h=fe#4:
|
||||
|
||||
:
|
||||
|
||||
fe X2
|
||||
fe Z2
|
||||
fe X3
|
||||
fe Z3
|
||||
fe X4
|
||||
fe Z4
|
||||
fe X5
|
||||
fe Z5
|
||||
fe A
|
||||
fe B
|
||||
fe C
|
||||
fe D
|
||||
fe E
|
||||
fe AA
|
||||
fe BB
|
||||
fe DA
|
||||
fe CB
|
||||
fe t0
|
||||
fe t1
|
||||
fe t2
|
||||
fe t3
|
||||
fe t4
|
||||
|
||||
enter ladder
|
||||
|
||||
# http://hyperelliptic.org/EFD/g1p/auto-code/montgom/xz/ladder/mladd-1987-m.op3
|
||||
# reordered to fit into 2 temporaries
|
||||
|
||||
D = X3-Z3
|
||||
B = X2-Z2
|
||||
A = X2+Z2
|
||||
C = X3+Z3
|
||||
DA = D*A
|
||||
CB = C*B
|
||||
BB = B^2
|
||||
AA = A^2
|
||||
t0 = DA+CB
|
||||
assign x3 to t0
|
||||
t1 = DA-CB
|
||||
X4 = AA*BB
|
||||
E = AA-BB
|
||||
t2 = t1^2
|
||||
t3 = a24*E
|
||||
X5 = t0^2
|
||||
t4 = BB+t3
|
||||
Z5 = X1*t2
|
||||
Z4 = E*t4
|
||||
|
||||
# double-check against Theorem B.1 in Curve25519 paper:
|
||||
# X4-(X2^2-Z2^2)^2
|
||||
# Z4-4*X2*Z2*(X2^2+(4*a24-2)*X2*Z2+Z2^2)
|
||||
# X5-4*(X2*X3-Z2*Z3)^2
|
||||
# Z5-4*(X2*Z3-Z2*X3)^2*X1
|
||||
|
||||
return
|
||||
@@ -1,84 +0,0 @@
|
||||
#/* ecc25519_pow225521.q
|
||||
# *
|
||||
# * Copyright (C) 2006-2015 wolfSSL Inc.
|
||||
# *
|
||||
# * This file is part of wolfSSL. (formerly known as CyaSSL)
|
||||
# *
|
||||
# * wolfSSL is free software; you can redistribute it and/or modify
|
||||
# * it under the terms of the GNU General Public License as published by
|
||||
# * the Free Software Foundation; either version 2 of the License, or
|
||||
# * (at your option) any later version.
|
||||
# *
|
||||
# * wolfSSL is distributed in the hope that it will be useful,
|
||||
# * but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# * GNU General Public License for more details.
|
||||
# *
|
||||
# * You should have received a copy of the GNU General Public License
|
||||
# * along with this program; if not, write to the Free Software
|
||||
# * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
|
||||
# *
|
||||
# * From Daniel J Bernstein's curve25519 ref10 work.
|
||||
# */
|
||||
|
||||
:name:fe:t0:t1:t2:t3:t4:t5:t6:t7:t8:t9:z:out:
|
||||
fe r:var/r=fe:
|
||||
|
||||
enter f:enter/f:>z1=fe#11:
|
||||
return:nofallthrough:<z_255_21=fe#12:leave:
|
||||
|
||||
h=f*g:<f=fe:<g=fe:>h=fe:asm/fe_mul(>h,<f,<g);:
|
||||
h=f^2^k:<f=fe:>h=fe:#k:asm/fe_sq(>h,<f); for (i = 1;i !lt; #k;++i) fe_sq(>h,>h);:
|
||||
|
||||
:
|
||||
|
||||
fe z1
|
||||
fe z2
|
||||
fe z8
|
||||
fe z9
|
||||
fe z11
|
||||
fe z22
|
||||
fe z_5_0
|
||||
fe z_10_5
|
||||
fe z_10_0
|
||||
fe z_20_10
|
||||
fe z_20_0
|
||||
fe z_40_20
|
||||
fe z_40_0
|
||||
fe z_50_10
|
||||
fe z_50_0
|
||||
fe z_100_50
|
||||
fe z_100_0
|
||||
fe z_200_100
|
||||
fe z_200_0
|
||||
fe z_250_50
|
||||
fe z_250_0
|
||||
fe z_255_5
|
||||
fe z_255_21
|
||||
|
||||
enter pow225521
|
||||
|
||||
z2 = z1^2^1
|
||||
z8 = z2^2^2
|
||||
z9 = z1*z8
|
||||
z11 = z2*z9
|
||||
z22 = z11^2^1
|
||||
z_5_0 = z9*z22
|
||||
z_10_5 = z_5_0^2^5
|
||||
z_10_0 = z_10_5*z_5_0
|
||||
z_20_10 = z_10_0^2^10
|
||||
z_20_0 = z_20_10*z_10_0
|
||||
z_40_20 = z_20_0^2^20
|
||||
z_40_0 = z_40_20*z_20_0
|
||||
z_50_10 = z_40_0^2^10
|
||||
z_50_0 = z_50_10*z_10_0
|
||||
z_100_50 = z_50_0^2^50
|
||||
z_100_0 = z_100_50*z_50_0
|
||||
z_200_100 = z_100_0^2^100
|
||||
z_200_0 = z_200_100*z_100_0
|
||||
z_250_50 = z_200_0^2^50
|
||||
z_250_0 = z_250_50*z_50_0
|
||||
z_255_5 = z_250_0^2^5
|
||||
z_255_21 = z_255_5*z11
|
||||
|
||||
return
|
||||
Reference in New Issue
Block a user