首頁 探索 說明
登入
sengler
/
tor-parallel-relay-conn
1
0
複刻 0
檔案 問題管理 0 合併請求 0 Wiki
目錄樹: 1c5d680b3d
分支列表 標籤列表
tor-parallel...
/
src
/
ext
/
ed25519
/
ref10
/
ge_double_scalarmult.c

ge_double_scalarmult.c 2.3 KB
文件歷史 原始文件

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596 
  1. #include "ge.h"
    2. 

  2. 

  3. static void slide(signed char *r,const unsigned char *a)
    4. 

  4. {
    5. 

  5.   int i;
    6. 

  6.   int b;
    7. 

  7.   int k;
    8. 

  8. 

  9.   for (i = 0;i < 256;++i)
    10. 

  10.     r[i] = 1 & (a[i >> 3] >> (i & 7));
    11. 

  11. 

  12.   for (i = 0;i < 256;++i)
    13. 

  13.     if (r[i]) {
    14. 

  14.       for (b = 1;b <= 6 && i + b < 256;++b) {
    15. 

  15.         if (r[i + b]) {
    16. 

  16.           if (r[i] + (r[i + b] << b) <= 15) {
    17. 

  17.             r[i] += r[i + b] << b; r[i + b] = 0;
    18. 

  18.           } else if (r[i] - (r[i + b] << b) >= -15) {
    19. 

  19.             r[i] -= r[i + b] << b;
    20. 

  20.             for (k = i + b;k < 256;++k) {
    21. 

  21.               if (!r[k]) {
    22. 

  22.                 r[k] = 1;
    23. 

  23.                 break;
    24. 

  24.               }
    25. 

  25.               r[k] = 0;
    26. 

  26.             }
    27. 

  27.           } else
    28. 

  28.             break;
    29. 

  29.         }
    30. 

  30.       }
    31. 

  31.     }
    32. 

  32. 

  33. }
    34. 

  34. 

  35. static ge_precomp Bi[8] = {
    36. 

  36. #include "base2.h"
    37. 

  37. } ;
    38. 

  38. 

  39. /*
    40. 

  40. r = a * A + b * B
    41. 

  41. where a = a[0]+256*a[1]+...+256^31 a[31].
    42. 

  42. and b = b[0]+256*b[1]+...+256^31 b[31].
    43. 

  43. B is the Ed25519 base point (x,4/5) with x positive.
    44. 

  44. */
    45. 

  45. 

  46. void ge_double_scalarmult_vartime(ge_p2 *r,const unsigned char *a,const ge_p3 *A,const unsigned char *b)
    47. 

  47. {
    48. 

  48.   signed char aslide[256];
    49. 

  49.   signed char bslide[256];
    50. 

  50.   ge_cached Ai[8]; /* A,3A,5A,7A,9A,11A,13A,15A */
    51. 

  51.   ge_p1p1 t;
    52. 

  52.   ge_p3 u;
    53. 

  53.   ge_p3 A2;
    54. 

  54.   int i;
    55. 

  55. 

  56.   slide(aslide,a);
    57. 

  57.   slide(bslide,b);
    58. 

  58. 

  59.   ge_p3_to_cached(&Ai[0],A);
    60. 

  60.   ge_p3_dbl(&t,A); ge_p1p1_to_p3(&A2,&t);
    61. 

  61.   ge_add(&t,&A2,&Ai[0]); ge_p1p1_to_p3(&u,&t); ge_p3_to_cached(&Ai[1],&u);
    62. 

  62.   ge_add(&t,&A2,&Ai[1]); ge_p1p1_to_p3(&u,&t); ge_p3_to_cached(&Ai[2],&u);
    63. 

  63.   ge_add(&t,&A2,&Ai[2]); ge_p1p1_to_p3(&u,&t); ge_p3_to_cached(&Ai[3],&u);
    64. 

  64.   ge_add(&t,&A2,&Ai[3]); ge_p1p1_to_p3(&u,&t); ge_p3_to_cached(&Ai[4],&u);
    65. 

  65.   ge_add(&t,&A2,&Ai[4]); ge_p1p1_to_p3(&u,&t); ge_p3_to_cached(&Ai[5],&u);
    66. 

  66.   ge_add(&t,&A2,&Ai[5]); ge_p1p1_to_p3(&u,&t); ge_p3_to_cached(&Ai[6],&u);
    67. 

  67.   ge_add(&t,&A2,&Ai[6]); ge_p1p1_to_p3(&u,&t); ge_p3_to_cached(&Ai[7],&u);
    68. 

  68. 

  69.   ge_p2_0(r);
    70. 

  70. 

  71.   for (i = 255;i >= 0;--i) {
    72. 

  72.     if (aslide[i] || bslide[i]) break;
    73. 

  73.   }
    74. 

  74. 

  75.   for (;i >= 0;--i) {
    76. 

  76.     ge_p2_dbl(&t,r);
    77. 

  77. 

  78.     if (aslide[i] > 0) {
    79. 

  79.       ge_p1p1_to_p3(&u,&t);
    80. 

  80.       ge_add(&t,&u,&Ai[aslide[i]/2]);
    81. 

  81.     } else if (aslide[i] < 0) {
    82. 

  82.       ge_p1p1_to_p3(&u,&t);
    83. 

  83.       ge_sub(&t,&u,&Ai[(-aslide[i])/2]);
    84. 

  84.     }
    85. 

  85. 

  86.     if (bslide[i] > 0) {
    87. 

  87.       ge_p1p1_to_p3(&u,&t);
    88. 

  88.       ge_madd(&t,&u,&Bi[bslide[i]/2]);
    89. 

  89.     } else if (bslide[i] < 0) {
    90. 

  90.       ge_p1p1_to_p3(&u,&t);
    91. 

  91.       ge_msub(&t,&u,&Bi[(-bslide[i])/2]);
    92. 

  92.     }
    93. 

  93. 

  94.     ge_p1p1_to_p2(r,&t);
    95. 

  95.   }
    96. 

  96. }
    97.