diff --git a/src/GENERATED/c/curve25519/decaf.c b/src/GENERATED/c/curve25519/decaf.c index 192b95e..03d00d8 100644 --- a/src/GENERATED/c/curve25519/decaf.c +++ b/src/GENERATED/c/curve25519/decaf.c @@ -119,6 +119,15 @@ static mask_t gf_lobit(const gf x) { /** identity = (0,1) */ const point_t API_NS(point_identity) = {{{{{0}}},{{{1}}},{{{1}}},{{{0}}}}}; +void API_NS(deisogenize) ( + gf_s *__restrict__ s, + gf_s *__restrict__ minus_t_over_s, + const point_t p, + mask_t toggle_hibit_s, + mask_t toggle_hibit_t_over_s, + mask_t toggle_rotation +); + void API_NS(deisogenize) ( gf_s *__restrict__ s, gf_s *__restrict__ minus_t_over_s, @@ -1411,7 +1420,13 @@ void decaf_x25519_derive_public_key ( point_t p; API_NS(precomputed_scalarmul)(p,API_NS(precomputed_base),the_scalar); - /* Isogenize to Montgomery curve */ + /* Isogenize to Montgomery curve. + * + * Why isn't this just a separate function, eg decaf_encode_like_x25519? + * Basically because in general it does the wrong thing if there is a cofactor + * component in the input. In this function though, there isn't a cofactor + * component in the input. + */ gf_invert(p->t,p->x); /* 1/x */ gf_mul(p->z,p->t,p->y); /* y/x */ gf_sqr(p->y,p->z); /* (y/x)^2 */ diff --git a/src/GENERATED/c/ed448goldilocks/decaf.c b/src/GENERATED/c/ed448goldilocks/decaf.c index d90f758..866c63d 100644 --- a/src/GENERATED/c/ed448goldilocks/decaf.c +++ b/src/GENERATED/c/ed448goldilocks/decaf.c @@ -119,6 +119,15 @@ static mask_t gf_lobit(const gf x) { /** identity = (0,1) */ const point_t API_NS(point_identity) = {{{{{0}}},{{{1}}},{{{1}}},{{{0}}}}}; +void API_NS(deisogenize) ( + gf_s *__restrict__ s, + gf_s *__restrict__ minus_t_over_s, + const point_t p, + mask_t toggle_hibit_s, + mask_t toggle_hibit_t_over_s, + mask_t toggle_rotation +); + void API_NS(deisogenize) ( gf_s *__restrict__ s, gf_s *__restrict__ minus_t_over_s, @@ -1411,7 +1420,13 @@ void decaf_x448_derive_public_key ( point_t p; API_NS(precomputed_scalarmul)(p,API_NS(precomputed_base),the_scalar); - /* Isogenize to Montgomery curve */ + /* Isogenize to Montgomery curve. + * + * Why isn't this just a separate function, eg decaf_encode_like_x448? + * Basically because in general it does the wrong thing if there is a cofactor + * component in the input. In this function though, there isn't a cofactor + * component in the input. + */ gf_invert(p->t,p->x); /* 1/x */ gf_mul(p->z,p->t,p->y); /* y/x */ gf_sqr(p->y,p->z); /* (y/x)^2 */ diff --git a/src/per_curve/decaf.tmpl.c b/src/per_curve/decaf.tmpl.c index ab4773f..776488c 100644 --- a/src/per_curve/decaf.tmpl.c +++ b/src/per_curve/decaf.tmpl.c @@ -108,6 +108,15 @@ static mask_t gf_lobit(const gf x) { /** identity = (0,1) */ const point_t API_NS(point_identity) = {{{{{0}}},{{{1}}},{{{1}}},{{{0}}}}}; +void API_NS(deisogenize) ( + gf_s *__restrict__ s, + gf_s *__restrict__ minus_t_over_s, + const point_t p, + mask_t toggle_hibit_s, + mask_t toggle_hibit_t_over_s, + mask_t toggle_rotation +); + void API_NS(deisogenize) ( gf_s *__restrict__ s, gf_s *__restrict__ minus_t_over_s,