diff options
Diffstat (limited to 'crypto/ec/curve448/curve448.c')
| -rw-r--r-- | crypto/ec/curve448/curve448.c | 144 |
1 files changed, 72 insertions, 72 deletions
diff --git a/crypto/ec/curve448/curve448.c b/crypto/ec/curve448/curve448.c index bed2718ad7..914a15d77e 100644 --- a/crypto/ec/curve448/curve448.c +++ b/crypto/ec/curve448/curve448.c @@ -44,13 +44,13 @@ static void gf_invert(gf y, const gf x, int assert_nonzero) mask_t ret; gf t1, t2; - gf_sqr(t1, x); /* o^2 */ + ossl_gf_sqr(t1, x); /* o^2 */ ret = gf_isr(t2, t1); /* +-1/sqrt(o^2) = +-1/o */ (void)ret; if (assert_nonzero) assert(ret); - gf_sqr(t1, t2); - gf_mul(t2, t1, x); /* not direct to y in case of alias. */ + ossl_gf_sqr(t1, t2); + ossl_gf_mul(t2, t1, x); /* not direct to y in case of alias. */ gf_copy(y, t2); } @@ -63,23 +63,23 @@ static void point_double_internal(curve448_point_t p, const curve448_point_t q, { gf a, b, c, d; - gf_sqr(c, q->x); - gf_sqr(a, q->y); + ossl_gf_sqr(c, q->x); + ossl_gf_sqr(a, q->y); gf_add_nr(d, c, a); /* 2+e */ gf_add_nr(p->t, q->y, q->x); /* 2+e */ - gf_sqr(b, p->t); + ossl_gf_sqr(b, p->t); gf_subx_nr(b, b, d, 3); /* 4+e */ gf_sub_nr(p->t, a, c); /* 3+e */ - gf_sqr(p->x, q->z); + ossl_gf_sqr(p->x, q->z); gf_add_nr(p->z, p->x, p->x); /* 2+e */ gf_subx_nr(a, p->z, p->t, 4); /* 6+e */ if (GF_HEADROOM == 5) gf_weak_reduce(a); /* or 1+e */ - gf_mul(p->x, a, b); - gf_mul(p->z, p->t, a); - gf_mul(p->y, p->t, d); + ossl_gf_mul(p->x, a, b); + ossl_gf_mul(p->z, p->t, a); + ossl_gf_mul(p->y, p->t, d); if (!before_double) - gf_mul(p->t, b, d); + ossl_gf_mul(p->t, b, d); } void ossl_curve448_point_double(curve448_point_t p, const curve448_point_t q) @@ -108,17 +108,17 @@ static void pniels_to_pt(curve448_point_t e, const pniels_t d) gf_add(eu, d->n->b, d->n->a); gf_sub(e->y, d->n->b, d->n->a); - gf_mul(e->t, e->y, eu); - gf_mul(e->x, d->z, e->y); - gf_mul(e->y, d->z, eu); - gf_sqr(e->z, d->z); + ossl_gf_mul(e->t, e->y, eu); + ossl_gf_mul(e->x, d->z, e->y); + ossl_gf_mul(e->y, d->z, eu); + ossl_gf_sqr(e->z, d->z); } static void niels_to_pt(curve448_point_t e, const niels_t n) { gf_add(e->y, n->b, n->a); gf_sub(e->x, n->b, n->a); - gf_mul(e->t, e->y, e->x); + ossl_gf_mul(e->t, e->y, e->x); gf_copy(e->z, ONE); } @@ -128,19 +128,19 @@ static void add_niels_to_pt(curve448_point_t d, const niels_t e, gf a, b, c; gf_sub_nr(b, d->y, d->x); /* 3+e */ - gf_mul(a, e->a, b); + ossl_gf_mul(a, e->a, b); gf_add_nr(b, d->x, d->y); /* 2+e */ - gf_mul(d->y, e->b, b); - gf_mul(d->x, e->c, d->t); + ossl_gf_mul(d->y, e->b, b); + ossl_gf_mul(d->x, e->c, d->t); gf_add_nr(c, a, d->y); /* 2+e */ gf_sub_nr(b, d->y, a); /* 3+e */ gf_sub_nr(d->y, d->z, d->x); /* 3+e */ gf_add_nr(a, d->x, d->z); /* 2+e */ - gf_mul(d->z, a, d->y); - gf_mul(d->x, d->y, b); - gf_mul(d->y, a, c); + ossl_gf_mul(d->z, a, d->y); + ossl_gf_mul(d->x, d->y, b); + ossl_gf_mul(d->y, a, c); if (!before_double) - gf_mul(d->t, b, c); + ossl_gf_mul(d->t, b, c); } static void sub_niels_from_pt(curve448_point_t d, const niels_t e, @@ -149,19 +149,19 @@ static void sub_niels_from_pt(curve448_point_t d, const niels_t e, gf a, b, c; gf_sub_nr(b, d->y, d->x); /* 3+e */ - gf_mul(a, e->b, b); + ossl_gf_mul(a, e->b, b); gf_add_nr(b, d->x, d->y); /* 2+e */ - gf_mul(d->y, e->a, b); - gf_mul(d->x, e->c, d->t); + ossl_gf_mul(d->y, e->a, b); + ossl_gf_mul(d->x, e->c, d->t); gf_add_nr(c, a, d->y); /* 2+e */ gf_sub_nr(b, d->y, a); /* 3+e */ gf_add_nr(d->y, d->z, d->x); /* 2+e */ gf_sub_nr(a, d->z, d->x); /* 3+e */ - gf_mul(d->z, a, d->y); - gf_mul(d->x, d->y, b); - gf_mul(d->y, a, c); + ossl_gf_mul(d->z, a, d->y); + ossl_gf_mul(d->x, d->y, b); + ossl_gf_mul(d->y, a, c); if (!before_double) - gf_mul(d->t, b, c); + ossl_gf_mul(d->t, b, c); } static void add_pniels_to_pt(curve448_point_t p, const pniels_t pn, @@ -169,7 +169,7 @@ static void add_pniels_to_pt(curve448_point_t p, const pniels_t pn, { gf L0; - gf_mul(L0, p->z, pn->z); + ossl_gf_mul(L0, p->z, pn->z); gf_copy(p->z, L0); add_niels_to_pt(p, pn->n, before_double); } @@ -179,7 +179,7 @@ static void sub_pniels_from_pt(curve448_point_t p, const pniels_t pn, { gf L0; - gf_mul(L0, p->z, pn->z); + ossl_gf_mul(L0, p->z, pn->z); gf_copy(p->z, L0); sub_niels_from_pt(p, pn->n, before_double); } @@ -192,8 +192,8 @@ ossl_curve448_point_eq(const curve448_point_t p, gf a, b; /* equality mod 2-torsion compares x/y */ - gf_mul(a, p->y, q->x); - gf_mul(b, q->y, p->x); + ossl_gf_mul(a, p->y, q->x); + ossl_gf_mul(b, q->y, p->x); succ = gf_eq(a, b); return mask_to_bool(succ); @@ -205,15 +205,15 @@ ossl_curve448_point_valid(const curve448_point_t p) mask_t out; gf a, b, c; - gf_mul(a, p->x, p->y); - gf_mul(b, p->z, p->t); + ossl_gf_mul(a, p->x, p->y); + ossl_gf_mul(b, p->z, p->t); out = gf_eq(a, b); - gf_sqr(a, p->x); - gf_sqr(b, p->y); + ossl_gf_sqr(a, p->x); + ossl_gf_sqr(b, p->y); gf_sub(a, b, a); - gf_sqr(b, p->t); + ossl_gf_sqr(b, p->t); gf_mulw(c, b, TWISTED_D); - gf_sqr(b, p->z); + ossl_gf_sqr(b, p->z); gf_add(b, b, c); out &= gf_eq(a, b); out &= ~gf_eq(p->z, ZERO); @@ -290,26 +290,26 @@ ossl_curve448_point_mul_by_ratio_and_encode_like_eddsa( /* 4-isogeny: 2xy/(y^+x^2), (y^2-x^2)/(2z^2-y^2+x^2) */ gf u; - gf_sqr(x, q->x); - gf_sqr(t, q->y); + ossl_gf_sqr(x, q->x); + ossl_gf_sqr(t, q->y); gf_add(u, x, t); gf_add(z, q->y, q->x); - gf_sqr(y, z); + ossl_gf_sqr(y, z); gf_sub(y, y, u); gf_sub(z, t, x); - gf_sqr(x, q->z); + ossl_gf_sqr(x, q->z); gf_add(t, x, x); gf_sub(t, t, z); - gf_mul(x, t, y); - gf_mul(y, z, u); - gf_mul(z, u, t); + ossl_gf_mul(x, t, y); + ossl_gf_mul(y, z, u); + ossl_gf_mul(z, u, t); OPENSSL_cleanse(u, sizeof(u)); } /* Affinize */ gf_invert(z, z, 1); - gf_mul(t, x, z); - gf_mul(x, y, z); + ossl_gf_mul(t, x, z); + ossl_gf_mul(x, y, z); /* Encode */ enc[EDDSA_448_PRIVATE_BYTES - 1] = 0; @@ -340,15 +340,15 @@ ossl_curve448_point_decode_like_eddsa_and_mul_by_ratio( succ = gf_deserialize(p->y, enc2, 1, 0); succ &= word_is_zero(enc2[EDDSA_448_PRIVATE_BYTES - 1]); - gf_sqr(p->x, p->y); + ossl_gf_sqr(p->x, p->y); gf_sub(p->z, ONE, p->x); /* num = 1-y^2 */ gf_mulw(p->t, p->x, EDWARDS_D); /* dy^2 */ gf_sub(p->t, ONE, p->t); /* denom = 1-dy^2 or 1-d + dy^2 */ - gf_mul(p->x, p->z, p->t); + ossl_gf_mul(p->x, p->z, p->t); succ &= gf_isr(p->t, p->x); /* 1/sqrt(num * denom) */ - gf_mul(p->x, p->t, p->z); /* sqrt(num / denom) */ + ossl_gf_mul(p->x, p->t, p->z); /* sqrt(num / denom) */ gf_cond_neg(p->x, gf_lobit(p->x) ^ low); gf_copy(p->z, ONE); @@ -356,20 +356,20 @@ ossl_curve448_point_decode_like_eddsa_and_mul_by_ratio( gf a, b, c, d; /* 4-isogeny 2xy/(y^2-ax^2), (y^2+ax^2)/(2-y^2-ax^2) */ - gf_sqr(c, p->x); - gf_sqr(a, p->y); + ossl_gf_sqr(c, p->x); + ossl_gf_sqr(a, p->y); gf_add(d, c, a); gf_add(p->t, p->y, p->x); - gf_sqr(b, p->t); + ossl_gf_sqr(b, p->t); gf_sub(b, b, d); gf_sub(p->t, a, c); - gf_sqr(p->x, p->z); + ossl_gf_sqr(p->x, p->z); gf_add(p->z, p->x, p->x); gf_sub(a, p->z, d); - gf_mul(p->x, a, b); - gf_mul(p->z, p->t, a); - gf_mul(p->y, p->t, d); - gf_mul(p->t, b, d); + ossl_gf_mul(p->x, a, b); + ossl_gf_mul(p->z, p->t, a); + ossl_gf_mul(p->y, p->t, d); + ossl_gf_mul(p->t, b, d); OPENSSL_cleanse(a, sizeof(a)); OPENSSL_cleanse(b, sizeof(b)); OPENSSL_cleanse(c, sizeof(c)); @@ -424,30 +424,30 @@ ossl_x448_int(uint8_t out[X_PUBLIC_BYTES], gf_add_nr(t1, x2, z2); /* A = x2 + z2 */ /* 2+e */ gf_sub_nr(t2, x2, z2); /* B = x2 - z2 */ /* 3+e */ gf_sub_nr(z2, x3, z3); /* D = x3 - z3 */ /* 3+e */ - gf_mul(x2, t1, z2); /* DA */ + ossl_gf_mul(x2, t1, z2); /* DA */ gf_add_nr(z2, z3, x3); /* C = x3 + z3 */ /* 2+e */ - gf_mul(x3, t2, z2); /* CB */ + ossl_gf_mul(x3, t2, z2); /* CB */ gf_sub_nr(z3, x2, x3); /* DA-CB */ /* 3+e */ - gf_sqr(z2, z3); /* (DA-CB)^2 */ - gf_mul(z3, x1, z2); /* z3 = x1(DA-CB)^2 */ + ossl_gf_sqr(z2, z3); /* (DA-CB)^2 */ + ossl_gf_mul(z3, x1, z2); /* z3 = x1(DA-CB)^2 */ gf_add_nr(z2, x2, x3); /* (DA+CB) */ /* 2+e */ - gf_sqr(x3, z2); /* x3 = (DA+CB)^2 */ + ossl_gf_sqr(x3, z2); /* x3 = (DA+CB)^2 */ - gf_sqr(z2, t1); /* AA = A^2 */ - gf_sqr(t1, t2); /* BB = B^2 */ - gf_mul(x2, z2, t1); /* x2 = AA*BB */ + ossl_gf_sqr(z2, t1); /* AA = A^2 */ + ossl_gf_sqr(t1, t2); /* BB = B^2 */ + ossl_gf_mul(x2, z2, t1); /* x2 = AA*BB */ gf_sub_nr(t2, z2, t1); /* E = AA-BB */ /* 3+e */ gf_mulw(t1, t2, -EDWARDS_D); /* E*-d = a24*E */ gf_add_nr(t1, t1, z2); /* AA + a24*E */ /* 2+e */ - gf_mul(z2, t2, t1); /* z2 = E(AA+a24*E) */ + ossl_gf_mul(z2, t2, t1); /* z2 = E(AA+a24*E) */ } /* Finish */ gf_cond_swap(x2, x3, swap); gf_cond_swap(z2, z3, swap); gf_invert(z2, z2, 0); - gf_mul(x1, x2, z2); + ossl_gf_mul(x1, x2, z2); gf_serialize(out, x1, 1); nz = ~gf_eq(x1, ZERO); @@ -471,8 +471,8 @@ ossl_curve448_point_mul_by_ratio_and_encode_like_x448(uint8_t curve448_point_copy(q, p); gf_invert(q->t, q->x, 0); /* 1/x */ - gf_mul(q->z, q->t, q->y); /* y/x */ - gf_sqr(q->y, q->z); /* (y/x)^2 */ + ossl_gf_mul(q->z, q->t, q->y); /* y/x */ + ossl_gf_sqr(q->y, q->z); /* (y/x)^2 */ gf_serialize(out, q->y, 1); ossl_curve448_point_destroy(q); } |