From: Dmitry Eremin-Solenikov dbaryshkov@gmail.com

In preparation to adding GOST curves support, rename source files and use curve name as eccdata parameter.

Signed-off-by: Dmitry Eremin-Solenikov dbaryshkov@gmail.com --- .gitignore | 14 ++--- Makefile.in | 54 ++++++++--------- ...cc-192-modp.asm => ecc-secp192r1-modp.asm} | 4 +- ...cc-224-modp.asm => ecc-secp224r1-modp.asm} | 4 +- ...cc-256-redc.asm => ecc-secp256r1-redc.asm} | 4 +- ...cc-384-modp.asm => ecc-secp384r1-modp.asm} | 4 +- ...cc-521-modp.asm => ecc-secp521r1-modp.asm} | 4 +- configure.ac | 6 +- ecc-25519.c => ecc-curve25519.c | 4 +- ecc-448.c => ecc-curve448.c | 4 +- ecc-192.c => ecc-secp192r1.c | 4 +- ecc-224.c => ecc-secp224r1.c | 4 +- ecc-256.c => ecc-secp256r1.c | 4 +- ecc-384.c => ecc-secp384r1.c | 4 +- ecc-521.c => ecc-secp521r1.c | 4 +- eccdata.c | 58 +++++++++++-------- ...25519-modp.asm => ecc-curve25519-modp.asm} | 0 ...cc-192-modp.asm => ecc-secp192r1-modp.asm} | 4 +- ...cc-224-modp.asm => ecc-secp224r1-modp.asm} | 4 +- ...cc-256-redc.asm => ecc-secp256r1-redc.asm} | 4 +- ...cc-384-modp.asm => ecc-secp384r1-modp.asm} | 4 +- ...cc-521-modp.asm => ecc-secp521r1-modp.asm} | 4 +- 22 files changed, 105 insertions(+), 95 deletions(-) rename arm/{ecc-192-modp.asm => ecc-secp192r1-modp.asm} (97%) rename arm/{ecc-224-modp.asm => ecc-secp224r1-modp.asm} (97%) rename arm/{ecc-256-redc.asm => ecc-secp256r1-redc.asm} (98%) rename arm/{ecc-384-modp.asm => ecc-secp384r1-modp.asm} (98%) rename arm/{ecc-521-modp.asm => ecc-secp521r1-modp.asm} (97%) rename ecc-25519.c => ecc-curve25519.c (99%) rename ecc-448.c => ecc-curve448.c (99%) rename ecc-192.c => ecc-secp192r1.c (98%) rename ecc-224.c => ecc-secp224r1.c (98%) rename ecc-256.c => ecc-secp256r1.c (99%) rename ecc-384.c => ecc-secp384r1.c (99%) rename ecc-521.c => ecc-secp521r1.c (98%) rename x86_64/{ecc-25519-modp.asm => ecc-curve25519-modp.asm} (100%) rename x86_64/{ecc-192-modp.asm => ecc-secp192r1-modp.asm} (96%) rename x86_64/{ecc-224-modp.asm => ecc-secp224r1-modp.asm} (97%) rename x86_64/{ecc-256-redc.asm => ecc-secp256r1-redc.asm} (97%) rename x86_64/{ecc-384-modp.asm => ecc-secp384r1-modp.asm} (98%) rename x86_64/{ecc-521-modp.asm => ecc-secp521r1-modp.asm} (97%)

diff --git a/.gitignore b/.gitignore index 0afe61de3826..ea264107fa40 100644 --- a/.gitignore +++ b/.gitignore @@ -43,13 +43,13 @@ core /keymap.h /parity.h /rotors.h -/ecc-192.h -/ecc-224.h -/ecc-256.h -/ecc-384.h -/ecc-521.h -/ecc-25519.h -/ecc-448.h +/ecc-curve25519.h +/ecc-curve448.h +/ecc-secp192r1.h +/ecc-secp224r1.h +/ecc-secp256r1.h +/ecc-secp384r1.h +/ecc-secp521r1.h /version.h /nettle.aux /nettle.cp diff --git a/Makefile.in b/Makefile.in index e0c9f5f7de66..38160bb40fe1 100644 --- a/Makefile.in +++ b/Makefile.in @@ -175,8 +175,9 @@ hogweed_SOURCES = sexp.c sexp-format.c \ gmp-glue.c cnd-copy.c \ ecc-mod.c ecc-mod-inv.c \ ecc-mod-arith.c ecc-pp1-redc.c ecc-pm1-redc.c \ - ecc-192.c ecc-224.c ecc-256.c ecc-384.c ecc-521.c \ - ecc-25519.c ecc-448.c \ + ecc-curve25519.c ecc-curve448.c \ + ecc-secp192r1.c ecc-secp224r1.c ecc-secp256r1.c \ + ecc-secp384r1.c ecc-secp521r1.c \ ecc-size.c ecc-j-to-a.c ecc-a-to-j.c \ ecc-dup-jj.c ecc-add-jja.c ecc-add-jjj.c \ ecc-eh-to-a.c \ @@ -350,24 +351,24 @@ des.$(OBJEXT): des.c des.h $(des_headers) # k = 14, c = 7, S = 256, T = 42 ( 28 A + 14 D) 12 KB # k = 11, c = 6, S = 192, T = 44 ( 33 A + 11 D) 9 KB # k = 16, c = 6, S = 128, T = 48 ( 32 A + 16 D) 6 KB -ecc-192.h: eccdata.stamp - ./eccdata$(EXEEXT_FOR_BUILD) 192 8 6 $(NUMB_BITS) > $@T && mv $@T $@ +ecc-secp192r1.h: eccdata.stamp + ./eccdata$(EXEEXT_FOR_BUILD) secp192r1 8 6 $(NUMB_BITS) > $@T && mv $@T $@

# Some reasonable choices for 224: # k = 16, c = 7, S = 256, T = 48 ( 32 A + 16 D) ~16 KB # k = 10, c = 6, S = 256, T = 50 ( 40 A + 10 D) ~16 KB # k = 13, c = 6, S = 192, T = 52 ( 39 A + 13 D) ~12 KB # k = 9, c = 5, S = 160, T = 54 ( 45 A + 9 D) ~10 KB -ecc-224.h: eccdata.stamp - ./eccdata$(EXEEXT_FOR_BUILD) 224 16 7 $(NUMB_BITS) > $@T && mv $@T $@ +ecc-secp224r1.h: eccdata.stamp + ./eccdata$(EXEEXT_FOR_BUILD) secp224r1 16 7 $(NUMB_BITS) > $@T && mv $@T $@

# Some reasonable choices for 256: # k = 9, c = 6, S = 320, T = 54 ( 45 A + 9 D) 20 KB # k = 11, c = 6, S = 256, T = 55 ( 44 A + 11 D) 16 KB # k = 19, c = 7, S = 256, T = 57 ( 38 A + 19 D) 16 KB # k = 15, c = 6, S = 192, T = 60 ( 45 A + 15 D) 12 KB -ecc-256.h: eccdata.stamp - ./eccdata$(EXEEXT_FOR_BUILD) 256 11 6 $(NUMB_BITS) > $@T && mv $@T $@ +ecc-secp256r1.h: eccdata.stamp + ./eccdata$(EXEEXT_FOR_BUILD) secp256r1 11 6 $(NUMB_BITS) > $@T && mv $@T $@

# Some reasonable choices for 384: # k = 16, c = 6, S = 256, T = 80 ( 64 A + 16 D) 24 KB @@ -377,35 +378,35 @@ ecc-256.h: eccdata.stamp # k = 13, c = 5, S = 192, T = 91 ( 78 A + 13 D) 18 KB # k = 16, c = 5, S = 160, T = 96 ( 80 A + 16 D) 15 KB # k = 32, c = 6, S = 128, T = 96 ( 64 A + 32 D) 12 KB -ecc-384.h: eccdata.stamp - ./eccdata$(EXEEXT_FOR_BUILD) 384 32 6 $(NUMB_BITS) > $@T && mv $@T $@ +ecc-secp384r1.h: eccdata.stamp + ./eccdata$(EXEEXT_FOR_BUILD) secp384r1 32 6 $(NUMB_BITS) > $@T && mv $@T $@

# Some reasonable choices for 521: # k = 29, c = 6, S = 192, T = 116 ( 87 A + 29 D) ~27 KB # k = 21, c = 5, S = 160, T = 126 (105 A + 21 D) ~23 KB # k = 44, c = 6, S = 128, T = 132 ( 88 A + 44 D) ~18 KB # k = 35, c = 5, S = 96, T = 140 (105 A + 35 D) ~14 KB -ecc-521.h: eccdata.stamp - ./eccdata$(EXEEXT_FOR_BUILD) 521 44 6 $(NUMB_BITS) > $@T && mv $@T $@ +ecc-secp521r1.h: eccdata.stamp + ./eccdata$(EXEEXT_FOR_BUILD) secp521r1 44 6 $(NUMB_BITS) > $@T && mv $@T $@

-# Parameter choices mostly the same as for ecc-256.h. -ecc-25519.h: eccdata.stamp - ./eccdata$(EXEEXT_FOR_BUILD) 255 11 6 $(NUMB_BITS) > $@T && mv $@T $@ +# Parameter choices mostly the same as for ecc-secp256r1.h. +ecc-curve25519.h: eccdata.stamp + ./eccdata$(EXEEXT_FOR_BUILD) curve25519 11 6 $(NUMB_BITS) > $@T && mv $@T $@

-ecc-448.h: eccdata.stamp - ./eccdata$(EXEEXT_FOR_BUILD) 448 38 6 $(NUMB_BITS) > $@T && mv $@T $@ +ecc-curve448.h: eccdata.stamp + ./eccdata$(EXEEXT_FOR_BUILD) curve448 38 6 $(NUMB_BITS) > $@T && mv $@T $@

eccdata.stamp: eccdata.c $(MAKE) eccdata$(EXEEXT_FOR_BUILD) echo stamp > eccdata.stamp

-ecc-192.$(OBJEXT): ecc-192.h -ecc-224.$(OBJEXT): ecc-224.h -ecc-256.$(OBJEXT): ecc-256.h -ecc-384.$(OBJEXT): ecc-384.h -ecc-521.$(OBJEXT): ecc-521.h -ecc-25519.$(OBJEXT): ecc-25519.h -ecc-448.$(OBJEXT): ecc-448.h +ecc-curve25519.$(OBJEXT): ecc-curve25519.h +ecc-curve448.$(OBJEXT): ecc-curve448.h +ecc-secp192r1.$(OBJEXT): ecc-secp192r1.h +ecc-secp224r1.$(OBJEXT): ecc-secp224r1.h +ecc-secp256r1.$(OBJEXT): ecc-secp256r1.h +ecc-secp384r1.$(OBJEXT): ecc-secp384r1.h +ecc-secp521r1.$(OBJEXT): ecc-secp521r1.h

.asm.$(OBJEXT): $(srcdir)/asm.m4 machine.m4 config.m4 $(M4) $(srcdir)/asm.m4 machine.m4 config.m4 $< >$*.s @@ -658,8 +659,9 @@ distcheck: dist

clean-here: -rm -f $(TARGETS) *.$(OBJEXT) *.s *.so *.dll *.a \ - ecc-192.h ecc-224.h ecc-256.h ecc-384.h ecc-521.h ecc-25519.h \ - ecc-448.h \ + ecc-curve25519.h ecc-curve448.h \ + ecc-secp192r1.h ecc-secp224r1.h ecc-secp256r1.h \ + ecc-secp384r1.h ecc-secp521r1.h \ aesdata$(EXEEXT_FOR_BUILD) \ desdata$(EXEEXT_FOR_BUILD) \ twofishdata$(EXEEXT_FOR_BUILD) \ diff --git a/arm/ecc-192-modp.asm b/arm/ecc-secp192r1-modp.asm similarity index 97% rename from arm/ecc-192-modp.asm rename to arm/ecc-secp192r1-modp.asm index b6074a2e05e9..dbaae2e38922 100644 --- a/arm/ecc-192-modp.asm +++ b/arm/ecc-secp192r1-modp.asm @@ -1,4 +1,4 @@ -C arm/ecc-192-modp.asm +C arm/ecc-secp192r1-modp.asm

ifelse(< Copyright (C) 2013 Niels Möller @@ -30,7 +30,7 @@ ifelse(< not, see http://www.gnu.org/licenses/.

)

- .file "ecc-192-modp.asm" + .file "ecc-secp192r1-modp.asm" .arm

define(<HP>, <r0>) C Overlaps unused modulo argument diff --git a/arm/ecc-224-modp.asm b/arm/ecc-secp224r1-modp.asm similarity index 97% rename from arm/ecc-224-modp.asm rename to arm/ecc-secp224r1-modp.asm index 15cc0c1b0f26..2c86755a7c9a 100644 --- a/arm/ecc-224-modp.asm +++ b/arm/ecc-secp224r1-modp.asm @@ -1,4 +1,4 @@ -C arm/ecc-224-modp.asm +C arm/ecc-secp224r1-modp.asm

ifelse(< Copyright (C) 2013 Niels Möller @@ -30,7 +30,7 @@ ifelse(< not, see http://www.gnu.org/licenses/.

)

- .file "ecc-224-modp.asm" + .file "ecc-secp224r1-modp.asm" .arm

define(<RP>, <r1>) diff --git a/arm/ecc-256-redc.asm b/arm/ecc-secp256r1-redc.asm similarity index 98% rename from arm/ecc-256-redc.asm rename to arm/ecc-secp256r1-redc.asm index 0c5e846d5890..9c20062a44e4 100644 --- a/arm/ecc-256-redc.asm +++ b/arm/ecc-secp256r1-redc.asm @@ -1,4 +1,4 @@ -C arm/ecc-256-redc.asm +C arm/ecc-secp256r1-redc.asm

ifelse(< Copyright (C) 2013 Niels Möller @@ -30,7 +30,7 @@ ifelse(< not, see http://www.gnu.org/licenses/.

)

- .file "ecc-256-redc.asm" + .file "ecc-secp256r1-redc.asm" .arm

define(<RP>, <r1>) diff --git a/arm/ecc-384-modp.asm b/arm/ecc-secp384r1-modp.asm similarity index 98% rename from arm/ecc-384-modp.asm rename to arm/ecc-secp384r1-modp.asm index 1d36319d584d..dbedbdf8d32e 100644 --- a/arm/ecc-384-modp.asm +++ b/arm/ecc-secp384r1-modp.asm @@ -1,4 +1,4 @@ -C arm/ecc-384-modp.asm +C arm/ecc-secp384r1-modp.asm

ifelse(< Copyright (C) 2013 Niels Möller @@ -30,7 +30,7 @@ ifelse(< not, see http://www.gnu.org/licenses/.

)

- .file "ecc-384-modp.asm" + .file "ecc-secp384r1-modp.asm" .arm

define(<RP>, <r1>) diff --git a/arm/ecc-521-modp.asm b/arm/ecc-secp521r1-modp.asm similarity index 97% rename from arm/ecc-521-modp.asm rename to arm/ecc-secp521r1-modp.asm index 3fba23963d2c..2b4f79192a2e 100644 --- a/arm/ecc-521-modp.asm +++ b/arm/ecc-secp521r1-modp.asm @@ -1,4 +1,4 @@ -C arm/ecc-521-modp.asm +C arm/ecc-secp521r1-modp.asm

ifelse(< Copyright (C) 2013 Niels Möller @@ -30,7 +30,7 @@ ifelse(< not, see http://www.gnu.org/licenses/.

)

- .file "ecc-521-modp.asm" + .file "ecc-secp521r1-modp.asm" .arm

define(<HP>, <r0>) diff --git a/configure.ac b/configure.ac index ef0c819fb979..745cc2c5c20e 100644 --- a/configure.ac +++ b/configure.ac @@ -475,9 +475,9 @@ asm_nettle_optional_list="gcm-hash8.asm cpuid.asm \

asm_hogweed_optional_list="" if test "x$enable_public_key" = "xyes" ; then - asm_hogweed_optional_list="ecc-192-modp.asm ecc-224-modp.asm \ - ecc-256-redc.asm ecc-384-modp.asm ecc-521-modp.asm \ - ecc-25519-modp.asm ecc-curve448-modp.asm" + asm_hogweed_optional_list="ecc-secp192r1-modp.asm ecc-secp224r1-modp.asm \ + ecc-secp256r1-redc.asm ecc-secp384r1-modp.asm ecc-secp521r1-modp.asm \ + ecc-curve25519-modp.asm ecc-curve448-modp.asm" fi

OPT_NETTLE_OBJS="" diff --git a/ecc-25519.c b/ecc-curve25519.c similarity index 99% rename from ecc-25519.c rename to ecc-curve25519.c index 7eacc7802952..73d72765dce8 100644 --- a/ecc-25519.c +++ b/ecc-curve25519.c @@ -1,4 +1,4 @@ -/* ecc-25519.c +/* ecc-curve25519.c

Arithmetic and tables for curve25519,

@@ -42,7 +42,7 @@

#define USE_REDC 0

-#include "ecc-25519.h" +#include "ecc-curve25519.h"

#define PHIGH_BITS (GMP_NUMB_BITS * ECC_LIMB_SIZE - 255)

diff --git a/ecc-448.c b/ecc-curve448.c similarity index 99% rename from ecc-448.c rename to ecc-curve448.c index b32ad463c68a..7020e3e8f6aa 100644 --- a/ecc-448.c +++ b/ecc-curve448.c @@ -1,4 +1,4 @@ -/* ecc-448.c +/* ecc-curve448.c

Arithmetic and tables for curve448,

@@ -43,7 +43,7 @@

#define USE_REDC 0

-#include "ecc-448.h" +#include "ecc-curve448.h"

#if HAVE_NATIVE_ecc_curve448_modp #define ecc_448_modp nettle_ecc_curve448_modp diff --git a/ecc-192.c b/ecc-secp192r1.c similarity index 98% rename from ecc-192.c rename to ecc-secp192r1.c index 4b756ffd7e8f..858a1b7554ce 100644 --- a/ecc-192.c +++ b/ecc-secp192r1.c @@ -1,4 +1,4 @@ -/* ecc-192.c +/* ecc-secp192r1.c

Compile time constant (but machine dependent) tables.

@@ -46,7 +46,7 @@

#define USE_REDC 0

-#include "ecc-192.h" +#include "ecc-secp192r1.h"

#if HAVE_NATIVE_ecc_192_modp

diff --git a/ecc-224.c b/ecc-secp224r1.c similarity index 98% rename from ecc-224.c rename to ecc-secp224r1.c index bf90f848c1b2..4d82f54b57fd 100644 --- a/ecc-224.c +++ b/ecc-secp224r1.c @@ -1,4 +1,4 @@ -/* ecc-224.c +/* ecc-secp224r1.c

Compile time constant (but machine dependent) tables.

@@ -52,7 +52,7 @@ ecc_224_modp (const struct ecc_modulo *m, mp_limb_t *rp); #define ecc_224_modp ecc_mod #endif

-#include "ecc-224.h" +#include "ecc-secp224r1.h"

#if ECC_REDC_SIZE < 0 # define ecc_224_redc ecc_pm1_redc diff --git a/ecc-256.c b/ecc-secp256r1.c similarity index 99% rename from ecc-256.c rename to ecc-secp256r1.c index 0990cb3bcc5c..835c91d30239 100644 --- a/ecc-256.c +++ b/ecc-secp256r1.c @@ -1,4 +1,4 @@ -/* ecc-256.c +/* ecc-secp256r1.c

Compile time constant (but machine dependent) tables.

@@ -48,7 +48,7 @@ # define USE_REDC (ECC_REDC_SIZE != 0) #endif

-#include "ecc-256.h" +#include "ecc-secp256r1.h"

#if HAVE_NATIVE_ecc_256_redc # define ecc_256_redc nettle_ecc_256_redc diff --git a/ecc-384.c b/ecc-secp384r1.c similarity index 99% rename from ecc-384.c rename to ecc-secp384r1.c index 5bb2a2476eec..248b1cf3ef2b 100644 --- a/ecc-384.c +++ b/ecc-secp384r1.c @@ -1,4 +1,4 @@ -/* ecc-384.c +/* ecc-secp384r1.c

Compile time constant (but machine dependent) tables.

@@ -44,7 +44,7 @@

#define USE_REDC 0

-#include "ecc-384.h" +#include "ecc-secp384r1.h"

#if HAVE_NATIVE_ecc_384_modp #define ecc_384_modp nettle_ecc_384_modp diff --git a/ecc-521.c b/ecc-secp521r1.c similarity index 98% rename from ecc-521.c rename to ecc-secp521r1.c index 8ca0e6d2dd64..cc7473035cff 100644 --- a/ecc-521.c +++ b/ecc-secp521r1.c @@ -1,4 +1,4 @@ -/* ecc-521.c +/* ecc-secp521r1.c

Compile time constant (but machine dependent) tables.

@@ -42,7 +42,7 @@

#define USE_REDC 0

-#include "ecc-521.h" +#include "ecc-secp521r1.h"

#if HAVE_NATIVE_ecc_521_modp #define ecc_521_modp nettle_ecc_521_modp diff --git a/eccdata.c b/eccdata.c index 74002c1f305e..d76a42bcde6f 100644 --- a/eccdata.c +++ b/eccdata.c @@ -432,11 +432,10 @@ ecc_curve_init_str (struct ecc_curve *ecc, enum ecc_type type, }

static void -ecc_curve_init (struct ecc_curve *ecc, unsigned bit_size) +ecc_curve_init (struct ecc_curve *ecc, const char *curve) { - switch (bit_size) + if (!strcmp (curve, "secp192r1")) { - case 192: ecc_curve_init_str (ecc, ECC_TYPE_WEIERSTRASS, /* p = 2^{192} - 2^{64} - 1 */ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE" @@ -466,8 +465,9 @@ ecc_curve_init (struct ecc_curve *ecc, unsigned bit_size) "35433907297cc378b0015703374729d7a4fe46647084e4ba", "a2649984f2135c301ea3acb0776cd4f125389b311db3be32");

- break; - case 224: + } + else if (!strcmp (curve, "secp224r1")) + { ecc_curve_init_str (ecc, ECC_TYPE_WEIERSTRASS, /* p = 2^{224} - 2^{96} + 1 */ "ffffffffffffffffffffffffffffffff" @@ -498,8 +498,9 @@ ecc_curve_init (struct ecc_curve *ecc, unsigned bit_size) "ae99feebb5d26945b54892092a8aee02912930fa41cd114e40447301", "482580a0ec5bc47e88bc8c378632cd196cb3fa058a7114eb03054c9");

- break; - case 256: + } + else if (!strcmp (curve, "secp256r1")) + { ecc_curve_init_str (ecc, ECC_TYPE_WEIERSTRASS, /* p = 2^{256} - 2^{224} + 2^{192} + 2^{96} - 1 */ "FFFFFFFF000000010000000000000000" @@ -530,8 +531,9 @@ ecc_curve_init (struct ecc_curve *ecc, unsigned bit_size) "e2534a3532d08fbba02dde659ee62bd0031fe2db785596ef509302446b030852", "e0f1575a4c633cc719dfee5fda862d764efc96c3f30ee0055c42c23f184ed8c6");

- break; - case 384: + } + else if (!strcmp (curve, "secp384r1")) + { ecc_curve_init_str (ecc, ECC_TYPE_WEIERSTRASS, /* p = 2^{384} - 2^{128} - 2^{96} + 2^{32} - 1 */ "ffffffffffffffffffffffffffffffff" @@ -567,8 +569,9 @@ ecc_curve_init (struct ecc_curve *ecc, unsigned bit_size) "138251cd52ac9298c1c8aad977321deb97e709bd0b4ca0aca55dc8ad51dcfc9d1589a1597e3a5120e1efd631c63e1835", "cacae29869a62e1631e8a28181ab56616dc45d918abc09f3ab0e63cf792aa4dced7387be37bba569549f1c02b270ed67");

- break; - case 521: + } + else if (!strcmp (curve, "secp521r1")) + { ecc_curve_init_str (ecc, ECC_TYPE_WEIERSTRASS, "1ff" /* p = 2^{521} - 1 */ "ffffffffffffffffffffffffffffffff" @@ -613,9 +616,15 @@ ecc_curve_init (struct ecc_curve *ecc, unsigned bit_size) "35b5df64ae2ac204c354b483487c9070cdc61c891c5ff39afc06c5d55541d3ceac8659e24afe3d0750e8b88e9f078af066a1d5025b08e5a5e2fbc87412871902f3", "82096f84261279d2b673e0178eb0b4abb65521aef6e6e32e1b5ae63fe2f19907f279f283e54ba385405224f750a95b85eebb7faef04699d1d9e21f47fc346e4d0d");

- break; - case 255: - /* Edwards curve used for eddsa25519 and curve25519, + } + else if (!strcmp (curve, "curve25519")) + { + /* curve25519, y^2 = x^3 + 486662 x^2 + x (mod p), with p = 2^{255} - 19. + + According to http://cr.yp.to/papers.html#newelliptic, this + is birationally equivalent to the Edwards curve + + x^2 + y^2 = 1 + (121665/121666) x^2 y^2 (mod p).

-x^2 + y^2 = 1 - (121665/121666) x^2 y^2, with p = 2^{255} - 19.

@@ -664,9 +673,9 @@ ecc_curve_init (struct ecc_curve *ecc, unsigned bit_size) "1a739ec193ce1547493aa657c4c9f870", "47d0e827cb1595e1470eb88580d5716c" "4cf22832ea2f0ff0df38ab61ca32112f"); - break; - - case 448: + } + else if (!strcmp (curve, "curve448")) + { /* curve448, y^2 = x^3 + 156326 x^2 + x (mod p), with p = 2^{448} - 2^{224} - 1.

According to RFC 7748, this is 4-isogenious to the Edwards @@ -745,14 +754,13 @@ ecc_curve_init (struct ecc_curve *ecc, unsigned bit_size) "9cb7c02f0457d845c90dc3227b8a5bc1" "c0d8f97ea1ca9472b5d444285d0d4f5b" "32e236f86de51839"); - - break; - - default: - fprintf (stderr, "No known curve for size %d\n", bit_size); - exit(EXIT_FAILURE); } - ecc->bit_size = bit_size; + else + { + fprintf (stderr, "No known curve with name %s\n", curve); + exit(EXIT_FAILURE); + } + ecc->bit_size = mpz_sizeinbase (ecc->p, 2); }

static void @@ -1312,7 +1320,7 @@ main (int argc, char **argv) return EXIT_FAILURE; }

- ecc_curve_init (&ecc, atoi(argv[1])); + ecc_curve_init (&ecc, argv[1]);

ecc_pippenger_precompute (&ecc, atoi(argv[2]), atoi(argv[3]));

diff --git a/x86_64/ecc-25519-modp.asm b/x86_64/ecc-curve25519-modp.asm similarity index 100% rename from x86_64/ecc-25519-modp.asm rename to x86_64/ecc-curve25519-modp.asm diff --git a/x86_64/ecc-192-modp.asm b/x86_64/ecc-secp192r1-modp.asm similarity index 96% rename from x86_64/ecc-192-modp.asm rename to x86_64/ecc-secp192r1-modp.asm index f0660525e0e1..644ed60c6fab 100644 --- a/x86_64/ecc-192-modp.asm +++ b/x86_64/ecc-secp192r1-modp.asm @@ -1,4 +1,4 @@ -C x86_64/ecc-192-modp.asm +C x86_64/ecc-secp192r1-modp.asm

ifelse(< Copyright (C) 2013 Niels Möller @@ -30,7 +30,7 @@ ifelse(< not, see http://www.gnu.org/licenses/.

)

- .file "ecc-192-modp.asm" + .file "ecc-secp192r1-modp.asm"

define(<RP>, <%rsi>) define(<T0>, <%rdi>) C Overlaps unused modulo input diff --git a/x86_64/ecc-224-modp.asm b/x86_64/ecc-secp224r1-modp.asm similarity index 97% rename from x86_64/ecc-224-modp.asm rename to x86_64/ecc-secp224r1-modp.asm index 07bd40036705..ca164ac7d637 100644 --- a/x86_64/ecc-224-modp.asm +++ b/x86_64/ecc-secp224r1-modp.asm @@ -1,4 +1,4 @@ -C x86_64/ecc-224-modp.asm +C x86_64/ecc-secp224r1-modp.asm

ifelse(< Copyright (C) 2013 Niels Möller @@ -30,7 +30,7 @@ ifelse(< not, see http://www.gnu.org/licenses/.

)

- .file "ecc-224-modp.asm" + .file "ecc-secp224r1-modp.asm"

GMP_NUMB_BITS(64)

diff --git a/x86_64/ecc-256-redc.asm b/x86_64/ecc-secp256r1-redc.asm similarity index 97% rename from x86_64/ecc-256-redc.asm rename to x86_64/ecc-secp256r1-redc.asm index fb1633541218..ee689cd6d192 100644 --- a/x86_64/ecc-256-redc.asm +++ b/x86_64/ecc-secp256r1-redc.asm @@ -1,4 +1,4 @@ -C x86_64/ecc-256-redc.asm +C x86_64/ecc-secp256r1-redc.asm

ifelse(< Copyright (C) 2013 Niels Möller @@ -30,7 +30,7 @@ ifelse(< not, see http://www.gnu.org/licenses/.

)

- .file "ecc-256-redc.asm" + .file "ecc-secp256r1-redc.asm"

define(<RP>, <%rsi>) define(<U0>, <%rdi>) C Overlaps unused modulo input diff --git a/x86_64/ecc-384-modp.asm b/x86_64/ecc-secp384r1-modp.asm similarity index 98% rename from x86_64/ecc-384-modp.asm rename to x86_64/ecc-secp384r1-modp.asm index 8e55393f802f..3c8ec3f446c0 100644 --- a/x86_64/ecc-384-modp.asm +++ b/x86_64/ecc-secp384r1-modp.asm @@ -1,4 +1,4 @@ -C x86_64/ecc-384-modp.asm +C x86_64/ecc-secp384r1-modp.asm

ifelse(< Copyright (C) 2013, 2015 Niels Möller @@ -30,7 +30,7 @@ ifelse(< not, see http://www.gnu.org/licenses/.

)

- .file "ecc-384-modp.asm" + .file "ecc-secp384r1-modp.asm"

define(<RP>, <%rsi>) define(<D5>, <%rax>) diff --git a/x86_64/ecc-521-modp.asm b/x86_64/ecc-secp521r1-modp.asm similarity index 97% rename from x86_64/ecc-521-modp.asm rename to x86_64/ecc-secp521r1-modp.asm index 6e818ad81d41..43a8cb8c9cfe 100644 --- a/x86_64/ecc-521-modp.asm +++ b/x86_64/ecc-secp521r1-modp.asm @@ -1,4 +1,4 @@ -C x86_64/ecc-521-modp.asm +C x86_64/ecc-secp521r1-modp.asm

ifelse(< Copyright (C) 2013 Niels Möller @@ -30,7 +30,7 @@ ifelse(< not, see http://www.gnu.org/licenses/.

)

- .file "ecc-521-modp.asm" + .file "ecc-secp521r1-modp.asm"

GMP_NUMB_BITS(64)

From: Dmitry Eremin-Solenikov dbaryshkov@gmail.com

Rename curve functions to use curve names instead of just bits. Otherwise function names can easily become confusing after adding other curves.

Signed-off-by: Dmitry Eremin-Solenikov dbaryshkov@gmail.com --- arm/ecc-secp192r1-modp.asm | 6 +++--- arm/ecc-secp224r1-modp.asm | 6 +++--- arm/ecc-secp256r1-redc.asm | 6 +++--- arm/ecc-secp384r1-modp.asm | 6 +++--- arm/ecc-secp521r1-modp.asm | 6 +++--- configure.ac | 22 +++++++++++----------- ecc-curve25519.c | 34 +++++++++++++++++----------------- ecc-curve448.c | 34 +++++++++++++++++----------------- ecc-secp192r1.c | 16 ++++++++-------- ecc-secp224r1.c | 16 ++++++++-------- ecc-secp256r1.c | 32 ++++++++++++++++---------------- ecc-secp384r1.c | 16 ++++++++-------- ecc-secp521r1.c | 12 ++++++------ eddsa-sign.c | 2 +- x86_64/ecc-curve25519-modp.asm | 4 ++-- x86_64/ecc-secp192r1-modp.asm | 6 +++--- x86_64/ecc-secp224r1-modp.asm | 6 +++--- x86_64/ecc-secp256r1-redc.asm | 4 ++-- x86_64/ecc-secp384r1-modp.asm | 4 ++-- x86_64/ecc-secp521r1-modp.asm | 4 ++-- 20 files changed, 121 insertions(+), 121 deletions(-)

diff --git a/arm/ecc-secp192r1-modp.asm b/arm/ecc-secp192r1-modp.asm index 4680336f1bc7..4c596a168b3d 100644 --- a/arm/ecc-secp192r1-modp.asm +++ b/arm/ecc-secp192r1-modp.asm @@ -49,11 +49,11 @@ define(<H1>, <T1>) define(<C2>, <HP>) define(<C4>, <r12>)

- C ecc_192_modp (const struct ecc_modulo *m, mp_limb_t *rp) + C ecc_secp192r1_modp (const struct ecc_modulo *m, mp_limb_t *rp) .text .align 2

-PROLOGUE(_nettle_ecc_192_modp) +PROLOGUE(_nettle_ecc_secp192r1_modp) push {r4,r5,r6,r7,r8,r10} C Reduce two words at a time add HP, RP, #48 @@ -103,4 +103,4 @@ PROLOGUE(_nettle_ecc_192_modp)

pop {r4,r5,r6,r7,r8,r10} bx lr -EPILOGUE(_nettle_ecc_192_modp) +EPILOGUE(_nettle_ecc_secp192r1_modp) diff --git a/arm/ecc-secp224r1-modp.asm b/arm/ecc-secp224r1-modp.asm index 400b7a815c2c..67089a0c2981 100644 --- a/arm/ecc-secp224r1-modp.asm +++ b/arm/ecc-secp224r1-modp.asm @@ -48,11 +48,11 @@ define(<L0>, <r11>) define(<L1>, <r12>) define(<L2>, <lr>)

- C ecc_224_modp (const struct ecc_modulo *m, mp_limb_t *rp) + C ecc_secp224r1_modp (const struct ecc_modulo *m, mp_limb_t *rp) .text .align 2

-PROLOGUE(_nettle_ecc_224_modp) +PROLOGUE(_nettle_ecc_secp224r1_modp) push {r4,r5,r6,r7,r8,r10,r11,lr}

add L2, RP, #28 @@ -121,4 +121,4 @@ PROLOGUE(_nettle_ecc_224_modp) stmdb RP, {T0,T1,T2,T3,T4,T5,T6}

pop {r4,r5,r6,r7,r8,r10,r11,pc} -EPILOGUE(_nettle_ecc_224_modp) +EPILOGUE(_nettle_ecc_secp224r1_modp) diff --git a/arm/ecc-secp256r1-redc.asm b/arm/ecc-secp256r1-redc.asm index 7b117de43fbc..f8386c39c9a6 100644 --- a/arm/ecc-secp256r1-redc.asm +++ b/arm/ecc-secp256r1-redc.asm @@ -48,11 +48,11 @@ define(<F1>, <r11>) define(<F2>, <r12>) define(<F3>, <lr>)

- C ecc_256_redc (const struct ecc_modulo *m, mp_limb_t *rp) + C ecc_secp256r1_redc (const struct ecc_modulo *m, mp_limb_t *rp) .text .align 2

-PROLOGUE(_nettle_ecc_256_redc) +PROLOGUE(_nettle_ecc_secp256r1_redc) push {r4,r5,r6,r7,r8,r10,r11,lr}

ldm RP!, {T0,T1,T2,T3,T4,T5,T6,T7} @@ -170,4 +170,4 @@ PROLOGUE(_nettle_ecc_256_redc) stm RP, {T0,T1,T2,T3,T4,T5,T6,T7}

pop {r4,r5,r6,r7,r8,r10,r11,pc} -EPILOGUE(_nettle_ecc_256_redc) +EPILOGUE(_nettle_ecc_secp256r1_redc) diff --git a/arm/ecc-secp384r1-modp.asm b/arm/ecc-secp384r1-modp.asm index dd9a325b09de..1983ee68cdd4 100644 --- a/arm/ecc-secp384r1-modp.asm +++ b/arm/ecc-secp384r1-modp.asm @@ -46,11 +46,11 @@ define(<F4>, <r10>) define(<N>, <r12>) define(<H>, <lr>) - C ecc_384_modp (const struct ecc_modulo *m, mp_limb_t *rp) + C ecc_secp384r1_modp (const struct ecc_modulo *m, mp_limb_t *rp) .text .align 2

-PROLOGUE(_nettle_ecc_384_modp) +PROLOGUE(_nettle_ecc_secp384r1_modp) push {r4,r5,r6,r7,r8,r10,lr}

add RP, RP, #80 @@ -267,4 +267,4 @@ PROLOGUE(_nettle_ecc_384_modp) adcs T3, T3, H stm RP!, {T0,T1,T2,T3} C 8-11 pop {r4,r5,r6,r7,r8,r10,pc} -EPILOGUE(_nettle_ecc_384_modp) +EPILOGUE(_nettle_ecc_secp384r1_modp) diff --git a/arm/ecc-secp521r1-modp.asm b/arm/ecc-secp521r1-modp.asm index f11967634689..6d1759ec8a2a 100644 --- a/arm/ecc-secp521r1-modp.asm +++ b/arm/ecc-secp521r1-modp.asm @@ -45,14 +45,14 @@ define(<F3>, <r8>) define(<H>, <r12>) define(<N>, <lr>)

- C ecc_521_modp (const struct ecc_modulo *m, mp_limb_t *rp) + C ecc_secp521r1_modp (const struct ecc_modulo *m, mp_limb_t *rp) .text .Lc511: .int 511

.align 2

-PROLOGUE(_nettle_ecc_521_modp) +PROLOGUE(_nettle_ecc_secp521r1_modp) push {r4,r5,r6,r7,r8,lr}

C Use that B^17 = 2^23 (mod p) @@ -124,4 +124,4 @@ PROLOGUE(_nettle_ecc_521_modp) stm RP, {T0,T1,T2,F0,F1,F2,F3,H} C 9-16

pop {r4,r5,r6,r7,r8,pc} -EPILOGUE(_nettle_ecc_521_modp) +EPILOGUE(_nettle_ecc_secp521r1_modp) diff --git a/configure.ac b/configure.ac index 745cc2c5c20e..5e340d7abbd4 100644 --- a/configure.ac +++ b/configure.ac @@ -572,18 +572,18 @@ AH_VERBATIM([HAVE_NATIVE], [/* Define to 1 each of the following for which a native (ie. CPU specific) implementation of the corresponding routine exists. */ #undef HAVE_NATIVE_chacha_core -#undef HAVE_NATIVE_ecc_192_modp -#undef HAVE_NATIVE_ecc_192_redc -#undef HAVE_NATIVE_ecc_224_modp -#undef HAVE_NATIVE_ecc_224_redc -#undef HAVE_NATIVE_ecc_25519_modp -#undef HAVE_NATIVE_ecc_256_modp -#undef HAVE_NATIVE_ecc_256_redc -#undef HAVE_NATIVE_ecc_384_modp -#undef HAVE_NATIVE_ecc_384_redc +#undef HAVE_NATIVE_ecc_curve25519_modp #undef HAVE_NATIVE_ecc_curve448_modp -#undef HAVE_NATIVE_ecc_521_modp -#undef HAVE_NATIVE_ecc_521_redc +#undef HAVE_NATIVE_ecc_secp192r1_modp +#undef HAVE_NATIVE_ecc_secp192r1_redc +#undef HAVE_NATIVE_ecc_secp224r1_modp +#undef HAVE_NATIVE_ecc_secp224r1_redc +#undef HAVE_NATIVE_ecc_secp256r1_modp +#undef HAVE_NATIVE_ecc_secp256r1_redc +#undef HAVE_NATIVE_ecc_secp384r1_modp +#undef HAVE_NATIVE_ecc_secp384r1_redc +#undef HAVE_NATIVE_ecc_secp521r1_modp +#undef HAVE_NATIVE_ecc_secp521r1_redc #undef HAVE_NATIVE_gcm_hash8 #undef HAVE_NATIVE_salsa20_core #undef HAVE_NATIVE_sha1_compress diff --git a/ecc-curve25519.c b/ecc-curve25519.c index 65843a57ee5a..0ad3017c9ebc 100644 --- a/ecc-curve25519.c +++ b/ecc-curve25519.c @@ -46,11 +46,11 @@

#define PHIGH_BITS (GMP_NUMB_BITS * ECC_LIMB_SIZE - 255)

-#if HAVE_NATIVE_ecc_25519_modp +#if HAVE_NATIVE_ecc_curve25519_modp

-#define ecc_25519_modp _nettle_ecc_25519_modp +#define ecc_curve25519_modp _nettle_ecc_curve25519_modp void -ecc_25519_modp (const struct ecc_modulo *m, mp_limb_t *rp); +ecc_curve25519_modp (const struct ecc_modulo *m, mp_limb_t *rp); #else

#if PHIGH_BITS == 0 @@ -58,7 +58,7 @@ ecc_25519_modp (const struct ecc_modulo *m, mp_limb_t *rp); #endif

static void -ecc_25519_modp(const struct ecc_modulo *m UNUSED, mp_limb_t *rp) +ecc_curve25519_modp(const struct ecc_modulo *m UNUSED, mp_limb_t *rp) { mp_limb_t hi, cy;

@@ -69,7 +69,7 @@ ecc_25519_modp(const struct ecc_modulo *m UNUSED, mp_limb_t *rp) rp[ECC_LIMB_SIZE-1] = (hi & (GMP_NUMB_MASK >> PHIGH_BITS)) + sec_add_1 (rp, rp, ECC_LIMB_SIZE - 1, 19 * cy); } -#endif /* HAVE_NATIVE_ecc_25519_modp */ +#endif /* HAVE_NATIVE_ecc_curve25519_modp */

#define QHIGH_BITS (GMP_NUMB_BITS * ECC_LIMB_SIZE - 252)

@@ -78,7 +78,7 @@ ecc_25519_modp(const struct ecc_modulo *m UNUSED, mp_limb_t *rp) #endif

static void -ecc_25519_modq (const struct ecc_modulo *q, mp_limb_t *rp) +ecc_curve25519_modq (const struct ecc_modulo *q, mp_limb_t *rp) { mp_size_t n; mp_limb_t cy; @@ -180,7 +180,7 @@ ecc_mod_pow_252m3 (const struct ecc_modulo *m, /* Needs 5*ECC_LIMB_SIZE scratch space. */ #define ECC_25519_INV_ITCH (5*ECC_LIMB_SIZE)

-static void ecc_25519_inv (const struct ecc_modulo *p, +static void ecc_curve25519_inv (const struct ecc_modulo *p, mp_limb_t *rp, const mp_limb_t *ap, mp_limb_t *scratch) { @@ -203,7 +203,7 @@ static void ecc_25519_inv (const struct ecc_modulo *p,

/* First, do a canonical reduction, then check if zero */ static int -ecc_25519_zero_p (const struct ecc_modulo *p, mp_limb_t *xp) +ecc_curve25519_zero_p (const struct ecc_modulo *p, mp_limb_t *xp) { mp_limb_t cy; mp_limb_t w; @@ -239,7 +239,7 @@ ecc_25519_zero_p (const struct ecc_modulo *p, mp_limb_t *xp) #define ECC_25519_SQRT_ITCH (9*ECC_LIMB_SIZE)

static int -ecc_25519_sqrt(const struct ecc_modulo *p, mp_limb_t *rp, +ecc_curve25519_sqrt(const struct ecc_modulo *p, mp_limb_t *rp, const mp_limb_t *up, const mp_limb_t *vp, mp_limb_t *scratch) { @@ -271,9 +271,9 @@ ecc_25519_sqrt(const struct ecc_modulo *p, mp_limb_t *rp, ecc_mod_sqr (p, x2, rp); ecc_mod_mul (p, vx2, x2, vp); ecc_mod_add (p, t0, vx2, up); - neg = ecc_25519_zero_p (p, t0); + neg = ecc_curve25519_zero_p (p, t0); ecc_mod_sub (p, t0, up, vx2); - pos = ecc_25519_zero_p (p, t0); + pos = ecc_curve25519_zero_p (p, t0);

ecc_mod_mul (p, t0, rp, ecc_sqrt_z); cnd_copy (neg, rp, t0, ECC_LIMB_SIZE); @@ -306,10 +306,10 @@ const struct ecc_curve _nettle_curve25519 = NULL, ecc_pp1h,

- ecc_25519_modp, - ecc_25519_modp, - ecc_25519_inv, - ecc_25519_sqrt, + ecc_curve25519_modp, + ecc_curve25519_modp, + ecc_curve25519_inv, + ecc_curve25519_sqrt, }, { 253, @@ -325,8 +325,8 @@ const struct ecc_curve _nettle_curve25519 = NULL, ecc_qp1h,

- ecc_25519_modq, - ecc_25519_modq, + ecc_curve25519_modq, + ecc_curve25519_modq, ecc_mod_inv, NULL, }, diff --git a/ecc-curve448.c b/ecc-curve448.c index 981dc53f279e..c31a0eb26ba4 100644 --- a/ecc-curve448.c +++ b/ecc-curve448.c @@ -46,12 +46,12 @@ #include "ecc-curve448.h"

#if HAVE_NATIVE_ecc_curve448_modp -#define ecc_448_modp _nettle_ecc_curve448_modp +#define ecc_curve448_modp _nettle_ecc_curve448_modp void -ecc_448_modp (const struct ecc_modulo *m, mp_limb_t *rp); +ecc_curve448_modp (const struct ecc_modulo *m, mp_limb_t *rp); #elif GMP_NUMB_BITS == 64 static void -ecc_448_modp(const struct ecc_modulo *m, mp_limb_t *rp) +ecc_curve448_modp(const struct ecc_modulo *m, mp_limb_t *rp) { /* Let B = 2^64, b = 2^32 = sqrt(B). p = B^7 - b B^3 - 1 ==> B^7 = b B^3 + 1 @@ -95,7 +95,7 @@ ecc_448_modp(const struct ecc_modulo *m, mp_limb_t *rp) assert (c7 == 0); } #else -#define ecc_448_modp ecc_mod +#define ecc_curve448_modp ecc_mod #endif

/* Needs 2*ecc->size limbs at rp, and 2*ecc->size additional limbs of @@ -175,9 +175,9 @@ ecc_mod_pow_446m224m1 (const struct ecc_modulo *p, #undef t2 }

-#define ECC_448_INV_ITCH (5*ECC_LIMB_SIZE) +#define ECC_CURVE448_INV_ITCH (5*ECC_LIMB_SIZE)

-static void ecc_448_inv (const struct ecc_modulo *p, +static void ecc_curve448_inv (const struct ecc_modulo *p, mp_limb_t *rp, const mp_limb_t *ap, mp_limb_t *scratch) { @@ -194,7 +194,7 @@ static void ecc_448_inv (const struct ecc_modulo *p,

/* First, do a canonical reduction, then check if zero */ static int -ecc_448_zero_p (const struct ecc_modulo *p, mp_limb_t *xp) +ecc_curve448_zero_p (const struct ecc_modulo *p, mp_limb_t *xp) { mp_limb_t cy; mp_limb_t w; @@ -217,10 +217,10 @@ ecc_448_zero_p (const struct ecc_modulo *p, mp_limb_t *xp) */

/* Needs 4*n space + scratch for ecc_mod_pow_446m224m1. */ -#define ECC_448_SQRT_ITCH (9*ECC_LIMB_SIZE) +#define ECC_CURVE448_SQRT_ITCH (9*ECC_LIMB_SIZE)

static int -ecc_448_sqrt(const struct ecc_modulo *p, mp_limb_t *rp, +ecc_curve448_sqrt(const struct ecc_modulo *p, mp_limb_t *rp, const mp_limb_t *up, const mp_limb_t *vp, mp_limb_t *scratch) { @@ -253,7 +253,7 @@ ecc_448_sqrt(const struct ecc_modulo *p, mp_limb_t *rp, ecc_mod_mul (p, vx2, x2, vp); ecc_mod_sub (p, t0, vx2, up);

- return ecc_448_zero_p (p, t0); + return ecc_curve448_zero_p (p, t0);

#undef u3v #undef u5v3 @@ -275,8 +275,8 @@ const struct ecc_curve _nettle_curve448 = ECC_LIMB_SIZE, ECC_BMODP_SIZE, 0, - ECC_448_INV_ITCH, - ECC_448_SQRT_ITCH, + ECC_CURVE448_INV_ITCH, + ECC_CURVE448_SQRT_ITCH,

ecc_p, ecc_Bmodp, @@ -284,10 +284,10 @@ const struct ecc_curve _nettle_curve448 = NULL, ecc_pp1h,

- ecc_448_modp, - ecc_448_modp, - ecc_448_inv, - ecc_448_sqrt, + ecc_curve448_modp, + ecc_curve448_modp, + ecc_curve448_inv, + ecc_curve448_sqrt, }, { 446, @@ -318,7 +318,7 @@ const struct ecc_curve _nettle_curve448 = ECC_DUP_EH_ITCH (ECC_LIMB_SIZE), ECC_MUL_A_EH_ITCH (ECC_LIMB_SIZE), ECC_MUL_G_EH_ITCH (ECC_LIMB_SIZE), - ECC_EH_TO_A_ITCH (ECC_LIMB_SIZE, ECC_448_INV_ITCH), + ECC_EH_TO_A_ITCH (ECC_LIMB_SIZE, ECC_CURVE448_INV_ITCH),

ecc_add_eh, ecc_add_ehh, diff --git a/ecc-secp192r1.c b/ecc-secp192r1.c index 15f5f1fa4c04..094074d73ed7 100644 --- a/ecc-secp192r1.c +++ b/ecc-secp192r1.c @@ -48,18 +48,18 @@

#include "ecc-secp192r1.h"

-#if HAVE_NATIVE_ecc_192_modp +#if HAVE_NATIVE_ecc_secp192r1_modp

-#define ecc_192_modp _nettle_ecc_192_modp +#define ecc_secp192r1_modp _nettle_ecc_secp192r1_modp void -ecc_192_modp (const struct ecc_modulo *m, mp_limb_t *rp); +ecc_secp192r1_modp (const struct ecc_modulo *m, mp_limb_t *rp);

/* Use that p = 2^{192} - 2^64 - 1, to eliminate 128 bits at a time. */

#elif GMP_NUMB_BITS == 32 /* p is 6 limbs, p = B^6 - B^2 - 1 */ static void -ecc_192_modp (const struct ecc_modulo *m UNUSED, mp_limb_t *rp) +ecc_secp192r1_modp (const struct ecc_modulo *m UNUSED, mp_limb_t *rp) { mp_limb_t cy;

@@ -84,7 +84,7 @@ ecc_192_modp (const struct ecc_modulo *m UNUSED, mp_limb_t *rp) #elif GMP_NUMB_BITS == 64 /* p is 3 limbs, p = B^3 - B - 1 */ static void -ecc_192_modp (const struct ecc_modulo *m UNUSED, mp_limb_t *rp) +ecc_secp192r1_modp (const struct ecc_modulo *m UNUSED, mp_limb_t *rp) { mp_limb_t cy;

@@ -107,7 +107,7 @@ ecc_192_modp (const struct ecc_modulo *m UNUSED, mp_limb_t *rp) }

#else -#define ecc_192_modp ecc_mod +#define ecc_secp192r1_modp ecc_mod #endif

const struct ecc_curve _nettle_secp_192r1 = @@ -126,8 +126,8 @@ const struct ecc_curve _nettle_secp_192r1 = ecc_redc_ppm1, ecc_pp1h,

- ecc_192_modp, - ecc_192_modp, + ecc_secp192r1_modp, + ecc_secp192r1_modp, ecc_mod_inv, NULL, }, diff --git a/ecc-secp224r1.c b/ecc-secp224r1.c index 28b938fa3282..e6b43fa61f42 100644 --- a/ecc-secp224r1.c +++ b/ecc-secp224r1.c @@ -40,24 +40,24 @@ #include "ecc.h" #include "ecc-internal.h"

-#if HAVE_NATIVE_ecc_224_modp +#if HAVE_NATIVE_ecc_secp224r1_modp

#define USE_REDC 0 -#define ecc_224_modp _nettle_ecc_224_modp +#define ecc_secp224r1_modp _nettle_ecc_secp224r1_modp void -ecc_224_modp (const struct ecc_modulo *m, mp_limb_t *rp); +ecc_secp224r1_modp (const struct ecc_modulo *m, mp_limb_t *rp);

#else #define USE_REDC (ECC_REDC_SIZE != 0) -#define ecc_224_modp ecc_mod +#define ecc_secp224r1_modp ecc_mod #endif

#include "ecc-secp224r1.h"

#if ECC_REDC_SIZE < 0 -# define ecc_224_redc ecc_pm1_redc +# define ecc_secp224r1_redc ecc_pm1_redc #elif ECC_REDC_SIZE == 0 -# define ecc_224_redc NULL +# define ecc_secp224r1_redc NULL #else # error Configuration error #endif @@ -78,8 +78,8 @@ const struct ecc_curve _nettle_secp_224r1 = ecc_redc_ppm1, ecc_pp1h,

- ecc_224_modp, - USE_REDC ? ecc_224_redc : ecc_224_modp, + ecc_secp224r1_modp, + USE_REDC ? ecc_secp224r1_redc : ecc_secp224r1_modp, ecc_mod_inv, NULL, }, diff --git a/ecc-secp256r1.c b/ecc-secp256r1.c index 160a047957f8..6c776a729aea 100644 --- a/ecc-secp256r1.c +++ b/ecc-secp256r1.c @@ -42,7 +42,7 @@ #include "ecc.h" #include "ecc-internal.h"

-#if HAVE_NATIVE_ecc_256_redc +#if HAVE_NATIVE_ecc_secp256r1_redc # define USE_REDC 1 #else # define USE_REDC (ECC_REDC_SIZE != 0) @@ -50,27 +50,27 @@

#include "ecc-secp256r1.h"

-#if HAVE_NATIVE_ecc_256_redc -# define ecc_256_redc _nettle_ecc_256_redc +#if HAVE_NATIVE_ecc_secp256r1_redc +# define ecc_secp256r1_redc _nettle_ecc_secp256r1_redc void -ecc_256_redc (const struct ecc_modulo *p, mp_limb_t *rp); -#else /* !HAVE_NATIVE_ecc_256_redc */ +ecc_secp256r1_redc (const struct ecc_modulo *p, mp_limb_t *rp); +#else /* !HAVE_NATIVE_ecc_secp256r1_redc */ # if ECC_REDC_SIZE > 0 -# define ecc_256_redc ecc_pp1_redc +# define ecc_secp256r1_redc ecc_pp1_redc # elif ECC_REDC_SIZE == 0 -# define ecc_256_redc NULL +# define ecc_secp256r1_redc NULL # else # error Configuration error # endif -#endif /* !HAVE_NATIVE_ecc_256_redc */ +#endif /* !HAVE_NATIVE_ecc_secp256r1_redc */

#if ECC_BMODP_SIZE < ECC_LIMB_SIZE -#define ecc_256_modp ecc_mod -#define ecc_256_modq ecc_mod +#define ecc_secp256r1_modp ecc_mod +#define ecc_secp256r1_modq ecc_mod #elif GMP_NUMB_BITS == 64

static void -ecc_256_modp (const struct ecc_modulo *p, mp_limb_t *rp) +ecc_secp256r1_modp (const struct ecc_modulo *p, mp_limb_t *rp) { mp_limb_t u1, u0; mp_size_t n; @@ -146,7 +146,7 @@ ecc_256_modp (const struct ecc_modulo *p, mp_limb_t *rp) }

static void -ecc_256_modq (const struct ecc_modulo *q, mp_limb_t *rp) +ecc_secp256r1_modq (const struct ecc_modulo *q, mp_limb_t *rp) { mp_limb_t u2, u1, u0; mp_size_t n; @@ -255,8 +255,8 @@ const struct ecc_curve _nettle_secp_256r1 = ecc_redc_ppm1, ecc_pp1h,

- ecc_256_modp, - USE_REDC ? ecc_256_redc : ecc_256_modp, + ecc_secp256r1_modp, + USE_REDC ? ecc_secp256r1_redc : ecc_secp256r1_modp, ecc_mod_inv, NULL, }, @@ -274,8 +274,8 @@ const struct ecc_curve _nettle_secp_256r1 = NULL, ecc_qp1h,

- ecc_256_modq, - ecc_256_modq, + ecc_secp256r1_modq, + ecc_secp256r1_modq, ecc_mod_inv, NULL, }, diff --git a/ecc-secp384r1.c b/ecc-secp384r1.c index 32f75fb618ba..c4a75564bf58 100644 --- a/ecc-secp384r1.c +++ b/ecc-secp384r1.c @@ -46,10 +46,10 @@

#include "ecc-secp384r1.h"

-#if HAVE_NATIVE_ecc_384_modp -#define ecc_384_modp _nettle_ecc_384_modp +#if HAVE_NATIVE_ecc_secp384r1_modp +#define ecc_secp384r1_modp _nettle_ecc_secp384r1_modp void -ecc_384_modp (const struct ecc_modulo *m, mp_limb_t *rp); +ecc_secp384r1_modp (const struct ecc_modulo *m, mp_limb_t *rp); #elif GMP_NUMB_BITS == 32

/* Use that 2^{384} = 2^{128} + 2^{96} - 2^{32} + 1, and eliminate 256 @@ -62,7 +62,7 @@ ecc_384_modp (const struct ecc_modulo *m, mp_limb_t *rp); almost 8 at a time. Do only 7, to avoid additional carry propagation, followed by 5. */ static void -ecc_384_modp (const struct ecc_modulo *p, mp_limb_t *rp) +ecc_secp384r1_modp (const struct ecc_modulo *p, mp_limb_t *rp) { mp_limb_t cy, bw;

@@ -106,7 +106,7 @@ ecc_384_modp (const struct ecc_modulo *p, mp_limb_t *rp) /* p is 6 limbs, and B^6 - p = B^2 + 2^32 (B - 1) + 1. Eliminate 3 (almost 4) limbs at a time. */ static void -ecc_384_modp (const struct ecc_modulo *p, mp_limb_t *rp) +ecc_secp384r1_modp (const struct ecc_modulo *p, mp_limb_t *rp) { mp_limb_t tp[6]; mp_limb_t cy; @@ -144,7 +144,7 @@ ecc_384_modp (const struct ecc_modulo *p, mp_limb_t *rp) assert (cy == 0); } #else -#define ecc_384_modp ecc_mod +#define ecc_secp384r1_modp ecc_mod #endif

const struct ecc_curve _nettle_secp_384r1 = @@ -163,8 +163,8 @@ const struct ecc_curve _nettle_secp_384r1 = ecc_redc_ppm1, ecc_pp1h,

- ecc_384_modp, - ecc_384_modp, + ecc_secp384r1_modp, + ecc_secp384r1_modp, ecc_mod_inv, NULL, }, diff --git a/ecc-secp521r1.c b/ecc-secp521r1.c index d952d77e444e..74688008959b 100644 --- a/ecc-secp521r1.c +++ b/ecc-secp521r1.c @@ -44,10 +44,10 @@

#include "ecc-secp521r1.h"

-#if HAVE_NATIVE_ecc_521_modp -#define ecc_521_modp _nettle_ecc_521_modp +#if HAVE_NATIVE_ecc_secp521r1_modp +#define ecc_secp521r1_modp _nettle_ecc_secp521r1_modp void -ecc_521_modp (const struct ecc_modulo *m, mp_limb_t *rp); +ecc_secp521r1_modp (const struct ecc_modulo *m, mp_limb_t *rp);

#else

@@ -57,7 +57,7 @@ ecc_521_modp (const struct ecc_modulo *m, mp_limb_t *rp);

/* Result may be *slightly* larger than 2^521 */ static void -ecc_521_modp (const struct ecc_modulo *m UNUSED, mp_limb_t *rp) +ecc_secp521r1_modp (const struct ecc_modulo *m UNUSED, mp_limb_t *rp) { /* FIXME: Should use mpn_addlsh_n_ip1 */ mp_limb_t hi; @@ -91,8 +91,8 @@ const struct ecc_curve _nettle_secp_521r1 = ecc_redc_ppm1, ecc_pp1h,

- ecc_521_modp, - ecc_521_modp, + ecc_secp521r1_modp, + ecc_secp521r1_modp, ecc_mod_inv, NULL, }, diff --git a/eddsa-sign.c b/eddsa-sign.c index 052770645f29..1d5e4796b120 100644 --- a/eddsa-sign.c +++ b/eddsa-sign.c @@ -95,7 +95,7 @@ _eddsa_sign (const struct ecc_curve *ecc, ecc_modq_add (ecc, sp, sp, rp); /* FIXME: Can be plain add */ if (ecc->p.bit_size == 255) { - /* FIXME: Special code duplicated in ecc_25519_modq + /* FIXME: Special code duplicated in ecc_curve25519_modq Define a suitable method for canonical reduction? */

/* q is slightly larger than 2^252, underflow from below diff --git a/x86_64/ecc-curve25519-modp.asm b/x86_64/ecc-curve25519-modp.asm index 0374db12ab44..44dce6df8789 100644 --- a/x86_64/ecc-curve25519-modp.asm +++ b/x86_64/ecc-curve25519-modp.asm @@ -41,7 +41,7 @@ define(<T0>, <%r10>) define(<T1>, <%r11>) define(<M>, <%rbx>)

-PROLOGUE(_nettle_ecc_25519_modp) +PROLOGUE(_nettle_ecc_curve25519_modp) W64_ENTRY(2, 0) push %rbx

@@ -91,4 +91,4 @@ PROLOGUE(_nettle_ecc_25519_modp) pop %rbx W64_EXIT(2, 0) ret -EPILOGUE(_nettle_ecc_25519_modp) +EPILOGUE(_nettle_ecc_curve25519_modp) diff --git a/x86_64/ecc-secp192r1-modp.asm b/x86_64/ecc-secp192r1-modp.asm index ad8dca7186e4..3a008130c1bb 100644 --- a/x86_64/ecc-secp192r1-modp.asm +++ b/x86_64/ecc-secp192r1-modp.asm @@ -41,10 +41,10 @@ define(<H>, <%r9>) define(<C1>, <%r10>) define(<C2>, <%r11>)

- C ecc_192_modp (const struct ecc_modulo *m, mp_limb_t *rp) + C ecc_secp192r1_modp (const struct ecc_modulo *m, mp_limb_t *rp) .text ALIGN(16) -PROLOGUE(_nettle_ecc_192_modp) +PROLOGUE(_nettle_ecc_secp192r1_modp) W64_ENTRY(2, 0) mov 16(RP), T2 mov 24(RP), T3 @@ -85,4 +85,4 @@ PROLOGUE(_nettle_ecc_192_modp)

W64_EXIT(2, 0) ret -EPILOGUE(_nettle_ecc_192_modp) +EPILOGUE(_nettle_ecc_secp192r1_modp) diff --git a/x86_64/ecc-secp224r1-modp.asm b/x86_64/ecc-secp224r1-modp.asm index e44b5418e5dd..dfa85a8d6f3f 100644 --- a/x86_64/ecc-secp224r1-modp.asm +++ b/x86_64/ecc-secp224r1-modp.asm @@ -44,8 +44,8 @@ define(<F0>, <%r9>) define(<F1>, <%r10>) define(<F2>, <%r11>)

- C ecc_224_modp (const struct ecc_modulo *m, mp_limb_t *rp) -PROLOGUE(_nettle_ecc_224_modp) + C ecc_secp224r1_modp (const struct ecc_modulo *m, mp_limb_t *rp) +PROLOGUE(_nettle_ecc_secp224r1_modp) W64_ENTRY(2, 0) mov 48(RP), H0 mov 56(RP), H1 @@ -128,4 +128,4 @@ PROLOGUE(_nettle_ecc_224_modp)

W64_EXIT(2, 0) ret -EPILOGUE(_nettle_ecc_224_modp) +EPILOGUE(_nettle_ecc_secp224r1_modp) diff --git a/x86_64/ecc-secp256r1-redc.asm b/x86_64/ecc-secp256r1-redc.asm index 533a1766d4bc..67da065b27f4 100644 --- a/x86_64/ecc-secp256r1-redc.asm +++ b/x86_64/ecc-secp256r1-redc.asm @@ -58,7 +58,7 @@ define(<FOLD>, < sbb $1, F2 sbb <$>0, F3

)

-PROLOGUE(_nettle_ecc_256_redc) +PROLOGUE(_nettle_ecc_secp256r1_redc) W64_ENTRY(2, 0) C save all registers that need to be saved push %rbx @@ -126,4 +126,4 @@ PROLOGUE(_nettle_ecc_256_redc) pop %rbx W64_EXIT(2, 0) ret -EPILOGUE(_nettle_ecc_256_redc) +EPILOGUE(_nettle_ecc_secp256r1_redc) diff --git a/x86_64/ecc-secp384r1-modp.asm b/x86_64/ecc-secp384r1-modp.asm index 13f469b164e4..9bfa0618d33e 100644 --- a/x86_64/ecc-secp384r1-modp.asm +++ b/x86_64/ecc-secp384r1-modp.asm @@ -51,7 +51,7 @@ define(<C0>, H5) C Overlap define(<TMP>, RP) C Overlap

-PROLOGUE(_nettle_ecc_384_modp) +PROLOGUE(_nettle_ecc_secp384r1_modp) W64_ENTRY(2, 0)

push %rbx @@ -231,4 +231,4 @@ PROLOGUE(_nettle_ecc_384_modp)

W64_EXIT(2, 0) ret -EPILOGUE(_nettle_ecc_384_modp) +EPILOGUE(_nettle_ecc_secp384r1_modp) diff --git a/x86_64/ecc-secp521r1-modp.asm b/x86_64/ecc-secp521r1-modp.asm index 6f4f7d90714d..a6840a60faec 100644 --- a/x86_64/ecc-secp521r1-modp.asm +++ b/x86_64/ecc-secp521r1-modp.asm @@ -48,7 +48,7 @@ define(<U9>, <%r11>) define(<T0>, <%r12>) define(<T1>, <%r13>)

-PROLOGUE(_nettle_ecc_521_modp) +PROLOGUE(_nettle_ecc_secp521r1_modp) W64_ENTRY(2, 0) push %rbx push %rbp @@ -155,4 +155,4 @@ PROLOGUE(_nettle_ecc_521_modp) pop %rbx W64_EXIT(2, 0) ret -EPILOGUE(_nettle_ecc_521_modp) +EPILOGUE(_nettle_ecc_secp521r1_modp)