2017-11-30 16:23:50 +01:00
|
|
|
/* SPDX-License-Identifier: GPL-2.0
|
2015-06-05 15:58:00 +02:00
|
|
|
*
|
2018-01-18 11:46:01 +01:00
|
|
|
* Copyright (C) 2016-2017 INRIA and Microsoft Corporation.
|
|
|
|
* Copyright (C) 2015-2016 The fiat-crypto Authors.
|
|
|
|
* Copyright (C) 2018 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
|
2015-06-05 15:58:00 +02:00
|
|
|
*
|
2018-01-18 11:46:01 +01:00
|
|
|
* This is a machine-generated formally verified implementation of curve25519 DH from:
|
|
|
|
* https://github.com/mitls/hacl-star and https://github.com/mit-plv/fiat-crypto
|
2015-06-05 15:58:00 +02:00
|
|
|
*/
|
|
|
|
|
|
|
|
#include "curve25519.h"
|
|
|
|
|
|
|
|
#include <stdint.h>
|
|
|
|
#include <string.h>
|
2018-01-18 11:46:01 +01:00
|
|
|
#include <endian.h>
|
2015-06-05 15:58:00 +02:00
|
|
|
|
2018-01-22 17:58:44 +01:00
|
|
|
typedef uint64_t u64;
|
|
|
|
typedef uint32_t u32;
|
|
|
|
typedef uint8_t u8;
|
|
|
|
typedef int64_t s64;
|
|
|
|
typedef u64 __le64;
|
|
|
|
typedef u32 __le32;
|
|
|
|
#define le64_to_cpup(a) le64toh(*(a));
|
|
|
|
#define le32_to_cpup(a) le32toh(*(a));
|
|
|
|
#define cpu_to_le64(a) htole64(a);
|
2015-06-05 15:58:00 +02:00
|
|
|
#ifndef __always_inline
|
|
|
|
#define __always_inline __inline __attribute__((__always_inline__))
|
|
|
|
#endif
|
2018-01-22 17:58:44 +01:00
|
|
|
#ifndef noinline
|
|
|
|
#define noinline __attribute__((noinline))
|
|
|
|
#endif
|
2018-01-18 11:46:01 +01:00
|
|
|
#ifndef __aligned
|
|
|
|
#define __aligned(x) __attribute__((aligned(x)))
|
|
|
|
#endif
|
2018-01-22 17:58:44 +01:00
|
|
|
#ifndef __force
|
|
|
|
#define __force
|
|
|
|
#endif
|
2018-01-18 11:46:01 +01:00
|
|
|
|
2018-01-22 17:58:44 +01:00
|
|
|
static noinline void memzero_explicit(void *s, size_t count)
|
2018-01-18 11:46:01 +01:00
|
|
|
{
|
2018-01-22 17:58:44 +01:00
|
|
|
memset(s, 0, count);
|
|
|
|
__asm__ __volatile__("": :"r"(s) :"memory");
|
2015-06-05 15:58:00 +02:00
|
|
|
}
|
|
|
|
|
2018-01-22 17:58:44 +01:00
|
|
|
static __always_inline void normalize_secret(u8 secret[CURVE25519_POINT_SIZE])
|
2015-06-05 15:58:00 +02:00
|
|
|
{
|
2018-01-22 17:58:44 +01:00
|
|
|
secret[0] &= 248;
|
|
|
|
secret[31] &= 127;
|
|
|
|
secret[31] |= 64;
|
2018-01-18 11:46:01 +01:00
|
|
|
}
|
2017-10-25 17:56:08 +02:00
|
|
|
|
2018-01-22 17:58:44 +01:00
|
|
|
#ifdef __SIZEOF_INT128__
|
|
|
|
#include "../crypto/curve25519-hacl64.h"
|
2018-01-18 11:46:01 +01:00
|
|
|
#else
|
2018-01-22 17:58:44 +01:00
|
|
|
#include "../crypto/curve25519-fiat32.h"
|
2015-06-05 15:58:00 +02:00
|
|
|
#endif
|
|
|
|
|
2016-07-27 11:30:05 +02:00
|
|
|
void curve25519_generate_public(uint8_t pub[static CURVE25519_POINT_SIZE], const uint8_t secret[static CURVE25519_POINT_SIZE])
|
2015-06-05 15:58:00 +02:00
|
|
|
{
|
|
|
|
static const uint8_t basepoint[CURVE25519_POINT_SIZE] = { 9 };
|
2017-10-25 17:56:08 +02:00
|
|
|
|
2015-06-05 15:58:00 +02:00
|
|
|
curve25519(pub, secret, basepoint);
|
|
|
|
}
|
2018-01-22 17:58:44 +01:00
|
|
|
|
|
|
|
void curve25519(uint8_t mypublic[static CURVE25519_POINT_SIZE], const uint8_t secret[static CURVE25519_POINT_SIZE], const uint8_t basepoint[static CURVE25519_POINT_SIZE])
|
|
|
|
{
|
|
|
|
curve25519_generic(mypublic, secret, basepoint);
|
|
|
|
}
|