1261287Sdes/* $OpenBSD: sc25519.h,v 1.3 2013/12/09 11:03:45 markus Exp $ */ 2261287Sdes 3261287Sdes/* 4261287Sdes * Public Domain, Authors: Daniel J. Bernstein, Niels Duif, Tanja Lange, 5261287Sdes * Peter Schwabe, Bo-Yin Yang. 6261287Sdes * Copied from supercop-20130419/crypto_sign/ed25519/ref/sc25519.h 7261287Sdes */ 8261287Sdes 9261287Sdes#ifndef SC25519_H 10261287Sdes#define SC25519_H 11261287Sdes 12261287Sdes#include "crypto_api.h" 13261287Sdes 14261287Sdes#define sc25519 crypto_sign_ed25519_ref_sc25519 15261287Sdes#define shortsc25519 crypto_sign_ed25519_ref_shortsc25519 16261287Sdes#define sc25519_from32bytes crypto_sign_ed25519_ref_sc25519_from32bytes 17261287Sdes#define shortsc25519_from16bytes crypto_sign_ed25519_ref_shortsc25519_from16bytes 18261287Sdes#define sc25519_from64bytes crypto_sign_ed25519_ref_sc25519_from64bytes 19261287Sdes#define sc25519_from_shortsc crypto_sign_ed25519_ref_sc25519_from_shortsc 20261287Sdes#define sc25519_to32bytes crypto_sign_ed25519_ref_sc25519_to32bytes 21261287Sdes#define sc25519_iszero_vartime crypto_sign_ed25519_ref_sc25519_iszero_vartime 22261287Sdes#define sc25519_isshort_vartime crypto_sign_ed25519_ref_sc25519_isshort_vartime 23261287Sdes#define sc25519_lt_vartime crypto_sign_ed25519_ref_sc25519_lt_vartime 24261287Sdes#define sc25519_add crypto_sign_ed25519_ref_sc25519_add 25261287Sdes#define sc25519_sub_nored crypto_sign_ed25519_ref_sc25519_sub_nored 26261287Sdes#define sc25519_mul crypto_sign_ed25519_ref_sc25519_mul 27261287Sdes#define sc25519_mul_shortsc crypto_sign_ed25519_ref_sc25519_mul_shortsc 28261287Sdes#define sc25519_window3 crypto_sign_ed25519_ref_sc25519_window3 29261287Sdes#define sc25519_window5 crypto_sign_ed25519_ref_sc25519_window5 30261287Sdes#define sc25519_2interleave2 crypto_sign_ed25519_ref_sc25519_2interleave2 31261287Sdes 32261287Sdestypedef struct 33261287Sdes{ 34261287Sdes crypto_uint32 v[32]; 35261287Sdes} 36261287Sdessc25519; 37261287Sdes 38261287Sdestypedef struct 39261287Sdes{ 40261287Sdes crypto_uint32 v[16]; 41261287Sdes} 42261287Sdesshortsc25519; 43261287Sdes 44261287Sdesvoid sc25519_from32bytes(sc25519 *r, const unsigned char x[32]); 45261287Sdes 46261287Sdesvoid shortsc25519_from16bytes(shortsc25519 *r, const unsigned char x[16]); 47261287Sdes 48261287Sdesvoid sc25519_from64bytes(sc25519 *r, const unsigned char x[64]); 49261287Sdes 50261287Sdesvoid sc25519_from_shortsc(sc25519 *r, const shortsc25519 *x); 51261287Sdes 52261287Sdesvoid sc25519_to32bytes(unsigned char r[32], const sc25519 *x); 53261287Sdes 54261287Sdesint sc25519_iszero_vartime(const sc25519 *x); 55261287Sdes 56261287Sdesint sc25519_isshort_vartime(const sc25519 *x); 57261287Sdes 58261287Sdesint sc25519_lt_vartime(const sc25519 *x, const sc25519 *y); 59261287Sdes 60261287Sdesvoid sc25519_add(sc25519 *r, const sc25519 *x, const sc25519 *y); 61261287Sdes 62261287Sdesvoid sc25519_sub_nored(sc25519 *r, const sc25519 *x, const sc25519 *y); 63261287Sdes 64261287Sdesvoid sc25519_mul(sc25519 *r, const sc25519 *x, const sc25519 *y); 65261287Sdes 66261287Sdesvoid sc25519_mul_shortsc(sc25519 *r, const sc25519 *x, const shortsc25519 *y); 67261287Sdes 68261287Sdes/* Convert s into a representation of the form \sum_{i=0}^{84}r[i]2^3 69261287Sdes * with r[i] in {-4,...,3} 70261287Sdes */ 71261287Sdesvoid sc25519_window3(signed char r[85], const sc25519 *s); 72261287Sdes 73261287Sdes/* Convert s into a representation of the form \sum_{i=0}^{50}r[i]2^5 74261287Sdes * with r[i] in {-16,...,15} 75261287Sdes */ 76261287Sdesvoid sc25519_window5(signed char r[51], const sc25519 *s); 77261287Sdes 78261287Sdesvoid sc25519_2interleave2(unsigned char r[127], const sc25519 *s1, const sc25519 *s2); 79261287Sdes 80261287Sdes#endif 81