kevin/libsodium
1
Fork 0
mirror of https://github.com/jedisct1/libsodium.git synced 2024-12-20 02:25:14 -07:00
Code Releases Wiki Activity

Cleaner ladder

Browse Source
This commit is contained in:
Frank Denis 2020-08-15 13:50:49 +02:00
parent 679f448d38
commit b2d94a6da1
1 changed files with 24 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

53
src/libsodium/crypto_scalarmult/curve25519/ref10/x25519_ref10.c
View File

@ -76,16 +76,11 @@ crypto_scalarmult_curve25519_ref10(unsigned char *q,
{ {
unsigned char *t = q; unsigned char *t = q;
unsigned int i; unsigned int i;
fe25519 x1; fe25519 x1, x2, x3, z2, z3;
fe25519 x2; fe25519 a, b, aa, bb, e, da, cb;
fe25519 z2;
fe25519 x3;
fe25519 z3;
fe25519 tmp0;
fe25519 tmp1;
int pos; int pos;
unsigned int swap; unsigned int swap;
unsigned int b; unsigned int bit;
if (has_small_order(p)) { if (has_small_order(p)) {
return -1; return -1;
@ -104,30 +99,30 @@ crypto_scalarmult_curve25519_ref10(unsigned char *q,
swap = 0; swap = 0;
for (pos = 254; pos >= 0; --pos) { for (pos = 254; pos >= 0; --pos) {
b = t[pos / 8] >> (pos & 7); bit = t[pos / 8] >> (pos & 7);
b &= 1; bit &= 1;
swap ^= b; swap ^= bit;
fe25519_cswap(x2, x3, swap); fe25519_cswap(x2, x3, swap);
fe25519_cswap(z2, z3, swap); fe25519_cswap(z2, z3, swap);
swap = b; swap = bit;
fe25519_sub(tmp0, x3, z3); fe25519_add(a, x2, z2);
fe25519_sub(tmp1, x2, z2); fe25519_sub(b, x2, z2);
fe25519_add(x2, x2, z2); fe25519_sq(aa, a);
fe25519_add(z2, x3, z3); fe25519_sq(bb, b);
fe25519_mul(z3, tmp0, x2); fe25519_mul(x2, aa, bb);
fe25519_mul(z2, z2, tmp1); fe25519_sub(e, aa, bb);
fe25519_sq(tmp0, tmp1); fe25519_sub(da, x3, z3);
fe25519_sq(tmp1, x2); fe25519_mul(da, da, a);
fe25519_add(x3, z3, z2); fe25519_add(cb, x3, z3);
fe25519_sub(z2, z3, z2); fe25519_mul(cb, cb, b);
fe25519_mul(x2, tmp1, tmp0); fe25519_add(x3, da, cb);
fe25519_sub(tmp1, tmp1, tmp0);
fe25519_sq(z2, z2);
fe25519_mul32(z3, tmp1, 121666);
fe25519_sq(x3, x3); fe25519_sq(x3, x3);
fe25519_add(tmp0, tmp0, z3); fe25519_sub(z3, da, cb);
fe25519_mul(z3, x1, z2); fe25519_sq(z3, z3);
fe25519_mul(z2, tmp1, tmp0); fe25519_mul(z3, z3, x1);
fe25519_mul32(z2, e, 121666);
fe25519_add(z2, z2, bb);
fe25519_mul(z2, z2, e);
} }
fe25519_cswap(x2, x3, swap); fe25519_cswap(x2, x3, swap);
fe25519_cswap(z2, z3, swap); fe25519_cswap(z2, z3, swap);