jmg
/
ed448goldilocks
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
71 Commits
2 Branches
1.6 MiB
 
 
 
 
 
Tree: 04ecdb3d3e
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '04ecdb3d3e'
${ noResults }
ed448goldilocks/include/decaf.h

157 lines
4.1 KiB
Raw Blame History 

  1. /* Copyright (c) 2015 Cryptography Research, Inc.

  2.  * Released under the MIT License.  See LICENSE.txt for license information.

  3.  */

  4. 

  5. /**

  6.  * @file decaf.h

  7.  * @author Mike Hamburg

  8.  * @brief A group of prime order p.

  9.  *

  10.  * The Decaf library implements cryptographic operations on a an elliptic curve

  11.  * group of prime order p.  It accomplishes this by using a twisted Edwards

  12.  * curve (isogenous to Ed448-Goldilocks) and wiping out the cofactor.

  13.  *

  14.  * The formulas are all complete and have no special cases, except that

  15.  * decaf_decode can fail because not every sequence of bytes is a valid group

  16.  * element.

  17.  *

  18.  * The formulas contain no data-dependent branches, timing or memory accesses.

  19.  */

  20. #ifndef __DECAF_H__

  21. #define __DECAF_H__ 1

  22. 

  23. #include <stdint.h>

  24. 

  25. typedef uint64_t decaf_word_t, decaf_bool_t;

  26. #define DECAF_LIMBS (512/8/sizeof(decaf_word_t))

  27. #define DECAF_SER_BYTES 56

  28. typedef struct decaf_point_s {

  29.     decaf_word_t x[DECAF_LIMBS],y[DECAF_LIMBS],z[DECAF_LIMBS],t[DECAF_LIMBS];

  30. } decaf_point_t[1];

  31. 

  32. static const decaf_bool_t DECAF_TRUE = -(decaf_bool_t)1, DECAF_FALSE = 0;

  33. static const decaf_bool_t DECAF_SUCCESS = DECAF_TRUE, DECAF_FAILURE = DECAF_FALSE;

  34. 

  35. const decaf_point_t decaf_identity;

  36. 

  37. #ifdef __cplusplus

  38. extern "C" {

  39. #endif

  40.     

  41. #define API_VIS __attribute__((visibility("default")))

  42. #define WARN_UNUSED __attribute__((warn_unused_result))

  43. #define NONNULL2 __attribute__((nonnull(1,2)))

  44. #define NONNULL3 __attribute__((nonnull(1,2,3)))

  45. 

  46. /**

  47.  * @brief Encode a point as a sequence of bytes.

  48.  *

  49.  * @param [out] ser The byte representation of the point.

  50.  * @param [in] pt The point to encode.

  51.  */

  52. void decaf_encode (

  53.     uint8_t ser[DECAF_SER_BYTES],

  54.     const decaf_point_t pt

  55. ) API_VIS NONNULL2;

  56. 

  57. /**

  58.  * @brief Decode a point from a sequence of bytes.

  59.  *

  60.  * Every point has a unique encoding, so not every

  61.  * sequence of bytes is a valid encoding.  If an invalid

  62.  * encoding is given, the output is undefined.

  63.  *

  64.  * @param [out] pt The decoded point.

  65.  * @param [in] ser The serialized version of the point.

  66.  * @retval DECAF_SUCCESS The decoding succeeded.

  67.  * @retval DECAF_FAILURE The decoding didn't succeed, because

  68.  * ser does not represent a point.

  69.  */

  70. decaf_bool_t decaf_decode (

  71.     decaf_point_t pt,

  72.     const uint8_t ser[DECAF_SER_BYTES],

  73.     decaf_bool_t allow_identity

  74. ) API_VIS WARN_UNUSED NONNULL2;

  75. 

  76. /**

  77.  * @brief Copy a point.  The input and output may alias,

  78.  * in which case this function does nothing.

  79.  *

  80.  * @param [out] a A copy of the point.

  81.  * @param [in] b Any point.

  82.  */

  83. void decaf_copy (

  84.     decaf_point_t a,

  85.     const decaf_point_t b

  86. ) API_VIS NONNULL2;

  87. 

  88. /**

  89.  * @brief Test whether two points are equal.  If yes, return

  90.  * DECAF_TRUE, else return DECAF_FALSE.

  91.  *

  92.  * @param [in] a A point.

  93.  * @param [in] b Another point.

  94.  * @retval DECAF_TRUE The points are equal.

  95.  * @retval DECAF_FALSE The points are not equal.

  96.  */

  97. decaf_bool_t decaf_eq (

  98.     const decaf_point_t a,

  99.     const decaf_point_t b

  100. ) API_VIS WARN_UNUSED NONNULL2;

  101. 

  102. /**

  103.  * @brief Add two points to produce a third point.  The

  104.  * input points and output point can be pointers to the same

  105.  * memory.

  106.  *

  107.  * @param [out] sum The sum a+b.

  108.  * @param [in] a An addend.

  109.  * @param [in] b An addend.

  110.  */

  111. void decaf_add (

  112.     decaf_point_t sum,

  113.     const decaf_point_t a,

  114.     const decaf_point_t b

  115. ) API_VIS NONNULL3;

  116. 

  117. /**

  118.  * @brief Subtract two points to produce a third point.  The

  119.  * input points and output point can be pointers to the same

  120.  * memory.

  121.  *

  122.  * @param [out] sum The difference a-b.

  123.  * @param [in] a The minuend.

  124.  * @param [in] b The subtrahend.

  125.  */

  126. void decaf_sub (

  127.     decaf_point_t diff,

  128.     const decaf_point_t a,

  129.     const decaf_point_t b

  130. ) API_VIS NONNULL3;

  131. 

  132. /**

  133.  * @brief Multiply a base point by a scalar.

  134.  *

  135.  * @param [out] scaled The scaled point base*scalar

  136.  * @param [in] base The point to be scaled.

  137.  * @param [in] scalar The scalar to multilpy by.

  138.  * @param [in] scalar_words The number of words in the scalar [TODO]

  139.  */

  140. void decaf_scalarmul (

  141.     decaf_point_t scaled,

  142.     const decaf_point_t base,

  143.     const decaf_word_t *scalar,

  144.     unsigned int scalar_words

  145. ) API_VIS NONNULL3;

  146.     

  147. #undef API_VIS

  148. #undef WARN_UNUSED

  149. #undef NONNULL2

  150. #undef NONNULL3

  151. 

  152. #ifdef __cplusplus

  153. }; /* extern "C" */

  154. #endif

  155. 

  156. #endif /* __DECAF_H__ */