#define COFACTOR 4
-/* Comb config: number of combs, n, t, s. */
-#define COMBS_N 5
-#define COMBS_T 5
-#define COMBS_S 18
#define C448_WNAF_FIXED_TABLE_BITS 5
#define C448_WNAF_VAR_TABLE_BITS 3
-static const int EDWARDS_D = -39081;
+#define EDWARDS_D (-39081)
+
static const curve448_scalar_t precomputed_scalarmul_adjustment = {
{
{
#define WBITS C448_WORD_BITS /* NB this may be different from ARCH_WORD_BITS */
-/* Projective Niels coordinates */
-typedef struct {
- gf a, b, c;
-} niels_s, niels_t[1];
-typedef struct {
- niels_t n;
- gf z;
-} VECTOR_ALIGNED pniels_t[1];
-
-/* Precomputed base */
-struct curve448_precomputed_s {
- niels_t table[COMBS_N << (COMBS_T - 1)];
-};
-
-extern const gf curve448_precomputed_base_as_fe[];
-const curve448_precomputed_s *curve448_precomputed_base =
- (const curve448_precomputed_s *)&curve448_precomputed_base_as_fe;
-
/* Inverse. */
static void gf_invert(gf y, const gf x, int assert_nonzero)
{
mask_t ret;
-
gf t1, t2;
+
gf_sqr(t1, x); /* o^2 */
ret = gf_isr(t2, t1); /* +-1/sqrt(o^2) = +-1/o */
(void)ret;
for (k = 0; k < t; k++) {
unsigned int bit = (i - 1) + s * (k + j * t);
- if (bit < C448_SCALAR_BITS) {
+ if (bit < C448_SCALAR_BITS)
tab |=
(scalar1x->limb[bit / WBITS] >> (bit % WBITS) & 1) << k;
- }
}
invert = (tab >> (t - 1)) - 1;
1 << (t - 1), tab);
cond_neg_niels(ni, invert);
- if ((i != s) || j != 0) {
+ if ((i != s) || j != 0)
add_niels_to_pt(out, ni, j == n - 1 && i != 1);
- } else {
+ else
niels_to_pt(out, ni);
- }
}
}
curve448_scalar_decode_long(the_scalar, scalar2, sizeof(scalar2));
/* Compensate for the encoding ratio */
- for (i = 1; i < X448_ENCODE_RATIO; i <<= 1) {
+ for (i = 1; i < X448_ENCODE_RATIO; i <<= 1)
curve448_scalar_halve(the_scalar, the_scalar);
- }
+
curve448_precomputed_scalarmul(p, curve448_precomputed_base, the_scalar);
curve448_point_mul_by_ratio_and_encode_like_x448(out, p);
curve448_point_destroy(p);
if (w < (C448_SCALAR_BITS - 1) / 16 + 1) {
/* Refill the 16 high bits of current */
current += (uint32_t)((scalar->limb[w / B_OVER_16]
- >> (16 * (w % B_OVER_16))) << 16);
+ >> (16 * (w % B_OVER_16))) << 16);
}
while (current & 0xFFFF) {
OPENSSL_cleanse(twop, sizeof(twop));
}
-extern const gf curve448_precomputed_wnaf_as_fe[];
-static const niels_t *curve448_wnaf_base =
- (const niels_t *)curve448_precomputed_wnaf_as_fe;
-
void curve448_base_double_scalarmul_non_secret(curve448_point_t combo,
const curve448_scalar_t scalar1,
const curve448_point_t base2,
if (i < 0) {
curve448_point_copy(combo, curve448_point_identity);
return;
- } else if (i > control_pre[0].power) {
+ }
+ if (i > control_pre[0].power) {
pniels_to_pt(combo, precmp_var[control_var[0].addend >> 1]);
contv++;
} else if (i == control_pre[0].power && i >= 0) {
projects / openssl.git / blobdiff