Macros | Typedefs | Functions
curve25519.c File Reference
#include <openssl/curve25519.h>
#include <assert.h>
#include <string.h>
#include <openssl/cpu.h>
#include <openssl/mem.h>
#include <openssl/rand.h>
#include <openssl/sha.h>
#include <openssl/type_check.h>
#include "internal.h"
#include "../internal.h"
#include "./curve25519_tables.h"
#include "../../third_party/fiat/curve25519_32.h"
Include dependency graph for curve25519.c:

Go to the source code of this file.

Macros

#define assert_fe(f)
 
#define assert_fe_loose(f)
 
#define FE_NUM_LIMBS   10
 

Typedefs

typedef uint32_t fe_limb_t
 

Functions

static void cmov (ge_precomp *t, const ge_precomp *u, uint8_t b)
 
static void cmov_cached (ge_cached *t, ge_cached *u, uint8_t b)
 
void ED25519_keypair (uint8_t out_public_key[32], uint8_t out_private_key[64])
 
void ED25519_keypair_from_seed (uint8_t out_public_key[32], uint8_t out_private_key[64], const uint8_t seed[32])
 
int ED25519_sign (uint8_t out_sig[64], const uint8_t *message, size_t message_len, const uint8_t private_key[64])
 
int ED25519_verify (const uint8_t *message, size_t message_len, const uint8_t signature[64], const uint8_t public_key[32])
 
static uint8_t equal (signed char b, signed char c)
 
static void fe_0 (fe *h)
 
static void fe_1 (fe *h)
 
static void fe_add (fe_loose *h, const fe *f, const fe *g)
 
static void fe_carry (fe *h, const fe_loose *f)
 
static void fe_cmov (fe_loose *f, const fe_loose *g, fe_limb_t b)
 
static void fe_copy (fe *h, const fe *f)
 
static void fe_copy_ll (fe_loose *h, const fe_loose *f)
 
static void fe_copy_lt (fe_loose *h, const fe *f)
 
static void fe_cswap (fe *f, fe *g, fe_limb_t b)
 
static void fe_frombytes (fe *h, const uint8_t s[32])
 
static void fe_frombytes_strict (fe *h, const uint8_t s[32])
 
static void fe_invert (fe *out, const fe *z)
 
static int fe_isnegative (const fe *f)
 
static int fe_isnonzero (const fe_loose *f)
 
static void fe_loose_0 (fe_loose *h)
 
static void fe_loose_1 (fe_loose *h)
 
static void fe_loose_invert (fe *out, const fe_loose *z)
 
static void fe_mul121666 (fe *h, const fe_loose *f)
 
static void fe_mul_impl (fe_limb_t out[FE_NUM_LIMBS], const fe_limb_t in1[FE_NUM_LIMBS], const fe_limb_t in2[FE_NUM_LIMBS])
 
static void fe_mul_llt (fe_loose *h, const fe_loose *f, const fe *g)
 
static void fe_mul_ltt (fe_loose *h, const fe *f, const fe *g)
 
static void fe_mul_tll (fe *h, const fe_loose *f, const fe_loose *g)
 
static void fe_mul_tlt (fe *h, const fe_loose *f, const fe *g)
 
static void fe_mul_ttl (fe *h, const fe *f, const fe_loose *g)
 
static void fe_mul_ttt (fe *h, const fe *f, const fe *g)
 
static void fe_neg (fe_loose *h, const fe *f)
 
static void fe_pow22523 (fe *out, const fe *z)
 
static void fe_sq2_tt (fe *h, const fe *f)
 
static void fe_sq_tl (fe *h, const fe_loose *f)
 
static void fe_sq_tt (fe *h, const fe *f)
 
static void fe_sub (fe_loose *h, const fe *f, const fe *g)
 
static void fe_tobytes (uint8_t s[32], const fe *f)
 
static void ge_cached_0 (ge_cached *h)
 
static void ge_double_scalarmult_vartime (ge_p2 *r, const uint8_t *a, const ge_p3 *A, const uint8_t *b)
 
static void ge_madd (ge_p1p1 *r, const ge_p3 *p, const ge_precomp *q)
 
static void ge_msub (ge_p1p1 *r, const ge_p3 *p, const ge_precomp *q)
 
static void ge_p1p1_to_cached (ge_cached *r, const ge_p1p1 *p)
 
static void ge_p2_0 (ge_p2 *h)
 
static void ge_p2_dbl (ge_p1p1 *r, const ge_p2 *p)
 
static void ge_p3_0 (ge_p3 *h)
 
static void ge_p3_dbl (ge_p1p1 *r, const ge_p3 *p)
 
static void ge_p3_to_p2 (ge_p2 *r, const ge_p3 *p)
 
static void ge_p3_tobytes (uint8_t s[32], const ge_p3 *h)
 
static void ge_precomp_0 (ge_precomp *h)
 
static int64_t int64_lshift21 (int64_t a)
 
static uint64_t load_3 (const uint8_t *in)
 
static uint64_t load_4 (const uint8_t *in)
 
static uint8_t negative (signed char b)
 
 OPENSSL_STATIC_ASSERT (sizeof(fe)==sizeof(fe_limb_t) *FE_NUM_LIMBS, "fe_limb_t[FE_NUM_LIMBS] is inconsistent with fe")
 
static void sc_muladd (uint8_t *s, const uint8_t *a, const uint8_t *b, const uint8_t *c)
 
static void slide (signed char *r, const uint8_t *a)
 
static void table_select (ge_precomp *t, int pos, signed char b)
 
int X25519 (uint8_t out_shared_key[32], const uint8_t private_key[32], const uint8_t peer_public_value[32])
 
void x25519_ge_add (ge_p1p1 *r, const ge_p3 *p, const ge_cached *q)
 
int x25519_ge_frombytes_vartime (ge_p3 *h, const uint8_t s[32])
 
void x25519_ge_p1p1_to_p2 (ge_p2 *r, const ge_p1p1 *p)
 
void x25519_ge_p1p1_to_p3 (ge_p3 *r, const ge_p1p1 *p)
 
void x25519_ge_p3_to_cached (ge_cached *r, const ge_p3 *p)
 
void x25519_ge_scalarmult (ge_p2 *r, const uint8_t *scalar, const ge_p3 *A)
 
void x25519_ge_scalarmult_base (ge_p3 *h, const uint8_t a[32])
 
void x25519_ge_scalarmult_small_precomp (ge_p3 *h, const uint8_t a[32], const uint8_t precomp_table[15 *2 *32])
 
void x25519_ge_sub (ge_p1p1 *r, const ge_p3 *p, const ge_cached *q)
 
void x25519_ge_tobytes (uint8_t s[32], const ge_p2 *h)
 
void X25519_keypair (uint8_t out_public_value[32], uint8_t out_private_key[32])
 
void X25519_public_from_private (uint8_t out_public_value[32], const uint8_t private_key[32])
 
void x25519_sc_reduce (uint8_t s[64])
 
static void x25519_scalar_mult (uint8_t out[32], const uint8_t scalar[32], const uint8_t point[32])
 
static void x25519_scalar_mult_generic (uint8_t out[32], const uint8_t scalar[32], const uint8_t point[32])
 

Macro Definition Documentation

◆ assert_fe

#define assert_fe (   f)
Value:
do { \
for (unsigned _assert_fe_i = 0; _assert_fe_i < 10; _assert_fe_i++) { \
assert(f[_assert_fe_i] <= \
((_assert_fe_i & 1) ? 0x2333333u : 0x4666666u)); \
} \
} while (0)

Definition at line 123 of file curve25519.c.

◆ assert_fe_loose

#define assert_fe_loose (   f)
Value:
do { \
for (unsigned _assert_fe_i = 0; _assert_fe_i < 10; _assert_fe_i++) { \
assert(f[_assert_fe_i] <= \
((_assert_fe_i & 1) ? 0x6999999u : 0xd333332u)); \
} \
} while (0)

Definition at line 141 of file curve25519.c.

◆ FE_NUM_LIMBS

#define FE_NUM_LIMBS   10

Definition at line 111 of file curve25519.c.

Typedef Documentation

◆ fe_limb_t

typedef uint32_t fe_limb_t

Definition at line 110 of file curve25519.c.

Function Documentation

◆ cmov()

static void cmov ( ge_precomp t,
const ge_precomp u,
uint8_t  b 
)
static

Definition at line 718 of file curve25519.c.

◆ cmov_cached()

static void cmov_cached ( ge_cached t,
ge_cached u,
uint8_t  b 
)
static

Definition at line 873 of file curve25519.c.

◆ ED25519_keypair()

void ED25519_keypair ( uint8_t  out_public_key[32],
uint8_t  out_private_key[64] 
)

Definition at line 1879 of file curve25519.c.

◆ ED25519_keypair_from_seed()

void ED25519_keypair_from_seed ( uint8_t  out_public_key[32],
uint8_t  out_private_key[64],
const uint8_t  seed[32] 
)

Definition at line 1987 of file curve25519.c.

◆ ED25519_sign()

int ED25519_sign ( uint8_t  out_sig[64],
const uint8_t message,
size_t  message_len,
const uint8_t  private_key[64] 
)

Definition at line 1885 of file curve25519.c.

◆ ED25519_verify()

int ED25519_verify ( const uint8_t message,
size_t  message_len,
const uint8_t  signature[64],
const uint8_t  public_key[32] 
)

Definition at line 1924 of file curve25519.c.

◆ equal()

static uint8_t equal ( signed char  b,
signed char  c 
)
static

Definition at line 708 of file curve25519.c.

◆ fe_0()

static void fe_0 ( fe h)
static

Definition at line 174 of file curve25519.c.

◆ fe_1()

static void fe_1 ( fe h)
static

Definition at line 183 of file curve25519.c.

◆ fe_add()

static void fe_add ( fe_loose h,
const fe f,
const fe g 
)
static

Definition at line 195 of file curve25519.c.

◆ fe_carry()

static void fe_carry ( fe h,
const fe_loose f 
)
static

Definition at line 211 of file curve25519.c.

◆ fe_cmov()

static void fe_cmov ( fe_loose f,
const fe_loose g,
fe_limb_t  b 
)
static

Definition at line 293 of file curve25519.c.

◆ fe_copy()

static void fe_copy ( fe h,
const fe f 
)
static

Definition at line 310 of file curve25519.c.

◆ fe_copy_ll()

static void fe_copy_ll ( fe_loose h,
const fe_loose f 
)
static

Definition at line 320 of file curve25519.c.

◆ fe_copy_lt()

static void fe_copy_lt ( fe_loose h,
const fe f 
)
static

Definition at line 314 of file curve25519.c.

◆ fe_cswap()

static void fe_cswap ( fe f,
fe g,
fe_limb_t  b 
)
static

Definition at line 266 of file curve25519.c.

◆ fe_frombytes()

static void fe_frombytes ( fe h,
const uint8_t  s[32] 
)
static

Definition at line 161 of file curve25519.c.

◆ fe_frombytes_strict()

static void fe_frombytes_strict ( fe h,
const uint8_t  s[32] 
)
static

Definition at line 154 of file curve25519.c.

◆ fe_invert()

static void fe_invert ( fe out,
const fe z 
)
static

Definition at line 383 of file curve25519.c.

◆ fe_isnegative()

static int fe_isnegative ( const fe f)
static

Definition at line 403 of file curve25519.c.

◆ fe_isnonzero()

static int fe_isnonzero ( const fe_loose f)
static

Definition at line 391 of file curve25519.c.

◆ fe_loose_0()

static void fe_loose_0 ( fe_loose h)
static

Definition at line 178 of file curve25519.c.

◆ fe_loose_1()

static void fe_loose_1 ( fe_loose h)
static

Definition at line 188 of file curve25519.c.

◆ fe_loose_invert()

static void fe_loose_invert ( fe out,
const fe_loose z 
)
static

Definition at line 325 of file curve25519.c.

◆ fe_mul121666()

static void fe_mul121666 ( fe h,
const fe_loose f 
)
static

Definition at line 276 of file curve25519.c.

◆ fe_mul_impl()

static void fe_mul_impl ( fe_limb_t  out[FE_NUM_LIMBS],
const fe_limb_t  in1[FE_NUM_LIMBS],
const fe_limb_t  in2[FE_NUM_LIMBS] 
)
static

Definition at line 217 of file curve25519.c.

◆ fe_mul_llt()

static void fe_mul_llt ( fe_loose h,
const fe_loose f,
const fe g 
)
static

Definition at line 230 of file curve25519.c.

◆ fe_mul_ltt()

static void fe_mul_ltt ( fe_loose h,
const fe f,
const fe g 
)
static

Definition at line 226 of file curve25519.c.

◆ fe_mul_tll()

static void fe_mul_tll ( fe h,
const fe_loose f,
const fe_loose g 
)
static

Definition at line 246 of file curve25519.c.

◆ fe_mul_tlt()

static void fe_mul_tlt ( fe h,
const fe_loose f,
const fe g 
)
static

Definition at line 238 of file curve25519.c.

◆ fe_mul_ttl()

static void fe_mul_ttl ( fe h,
const fe f,
const fe_loose g 
)
static

Definition at line 242 of file curve25519.c.

◆ fe_mul_ttt()

static void fe_mul_ttt ( fe h,
const fe f,
const fe g 
)
static

Definition at line 234 of file curve25519.c.

◆ fe_neg()

static void fe_neg ( fe_loose h,
const fe f 
)
static

Definition at line 283 of file curve25519.c.

◆ fe_pow22523()

static void fe_pow22523 ( fe out,
const fe z 
)
static

Definition at line 419 of file curve25519.c.

◆ fe_sq2_tt()

static void fe_sq2_tt ( fe h,
const fe f 
)
static

Definition at line 409 of file curve25519.c.

◆ fe_sq_tl()

static void fe_sq_tl ( fe h,
const fe_loose f 
)
static

Definition at line 250 of file curve25519.c.

◆ fe_sq_tt()

static void fe_sq_tt ( fe h,
const fe f 
)
static

Definition at line 256 of file curve25519.c.

◆ fe_sub()

static void fe_sub ( fe_loose h,
const fe f,
const fe g 
)
static

Definition at line 204 of file curve25519.c.

◆ fe_tobytes()

static void fe_tobytes ( uint8_t  s[32],
const fe f 
)
static

Definition at line 168 of file curve25519.c.

◆ ge_cached_0()

static void ge_cached_0 ( ge_cached h)
static

Definition at line 562 of file curve25519.c.

◆ ge_double_scalarmult_vartime()

static void ge_double_scalarmult_vartime ( ge_p2 r,
const uint8_t a,
const ge_p3 A,
const uint8_t b 
)
static

Definition at line 972 of file curve25519.c.

◆ ge_madd()

static void ge_madd ( ge_p1p1 r,
const ge_p3 p,
const ge_precomp q 
)
static

Definition at line 639 of file curve25519.c.

◆ ge_msub()

static void ge_msub ( ge_p1p1 r,
const ge_p3 p,
const ge_precomp q 
)
static

Definition at line 656 of file curve25519.c.

◆ ge_p1p1_to_cached()

static void ge_p1p1_to_cached ( ge_cached r,
const ge_p1p1 p 
)
static

Definition at line 606 of file curve25519.c.

◆ ge_p2_0()

static void ge_p2_0 ( ge_p2 h)
static

Definition at line 549 of file curve25519.c.

◆ ge_p2_dbl()

static void ge_p2_dbl ( ge_p1p1 r,
const ge_p2 p 
)
static

Definition at line 613 of file curve25519.c.

◆ ge_p3_0()

static void ge_p3_0 ( ge_p3 h)
static

Definition at line 555 of file curve25519.c.

◆ ge_p3_dbl()

static void ge_p3_dbl ( ge_p1p1 r,
const ge_p3 p 
)
static

Definition at line 632 of file curve25519.c.

◆ ge_p3_to_p2()

static void ge_p3_to_p2 ( ge_p2 r,
const ge_p3 p 
)
static

Definition at line 576 of file curve25519.c.

◆ ge_p3_tobytes()

static void ge_p3_tobytes ( uint8_t  s[32],
const ge_p3 h 
)
static

Definition at line 491 of file curve25519.c.

◆ ge_precomp_0()

static void ge_precomp_0 ( ge_precomp h)
static

Definition at line 569 of file curve25519.c.

◆ int64_lshift21()

static int64_t int64_lshift21 ( int64_t  a)
inlinestatic

Definition at line 1043 of file curve25519.c.

◆ load_3()

static uint64_t load_3 ( const uint8_t in)
static

Definition at line 49 of file curve25519.c.

◆ load_4()

static uint64_t load_4 ( const uint8_t in)
static

Definition at line 57 of file curve25519.c.

◆ negative()

static uint8_t negative ( signed char  b)
static

Definition at line 786 of file curve25519.c.

◆ OPENSSL_STATIC_ASSERT()

OPENSSL_STATIC_ASSERT ( sizeof(fe = =sizeof(fe_limb_t) *FE_NUM_LIMBS,
"fe_limb_t is inconsistent with fe [FE_NUM_LIMBS] 
)

◆ sc_muladd()

static void sc_muladd ( uint8_t s,
const uint8_t a,
const uint8_t b,
const uint8_t c 
)
static

Definition at line 1398 of file curve25519.c.

◆ slide()

static void slide ( signed char *  r,
const uint8_t a 
)
static

Definition at line 934 of file curve25519.c.

◆ table_select()

static void table_select ( ge_precomp t,
int  pos,
signed char  b 
)
static

Definition at line 792 of file curve25519.c.

◆ X25519()

int X25519 ( uint8_t  out_shared_key[32],
const uint8_t  private_key[32],
const uint8_t  peer_public_value[32] 
)

Definition at line 2123 of file curve25519.c.

◆ x25519_ge_add()

void x25519_ge_add ( ge_p1p1 r,
const ge_p3 p,
const ge_cached q 
)

Definition at line 673 of file curve25519.c.

◆ x25519_ge_frombytes_vartime()

int x25519_ge_frombytes_vartime ( ge_p3 h,
const uint8_t  s[32] 
)

Definition at line 503 of file curve25519.c.

◆ x25519_ge_p1p1_to_p2()

void x25519_ge_p1p1_to_p2 ( ge_p2 r,
const ge_p1p1 p 
)

Definition at line 591 of file curve25519.c.

◆ x25519_ge_p1p1_to_p3()

void x25519_ge_p1p1_to_p3 ( ge_p3 r,
const ge_p1p1 p 
)

Definition at line 598 of file curve25519.c.

◆ x25519_ge_p3_to_cached()

void x25519_ge_p3_to_cached ( ge_cached r,
const ge_p3 p 
)

Definition at line 583 of file curve25519.c.

◆ x25519_ge_scalarmult()

void x25519_ge_scalarmult ( ge_p2 r,
const uint8_t scalar,
const ge_p3 A 
)

Definition at line 882 of file curve25519.c.

◆ x25519_ge_scalarmult_base()

void x25519_ge_scalarmult_base ( ge_p3 h,
const uint8_t  a[32] 
)

Definition at line 823 of file curve25519.c.

◆ x25519_ge_scalarmult_small_precomp()

void x25519_ge_scalarmult_small_precomp ( ge_p3 h,
const uint8_t  a[32],
const uint8_t  precomp_table[15 *2 *32] 
)

Definition at line 724 of file curve25519.c.

◆ x25519_ge_sub()

void x25519_ge_sub ( ge_p1p1 r,
const ge_p3 p,
const ge_cached q 
)

Definition at line 691 of file curve25519.c.

◆ x25519_ge_tobytes()

void x25519_ge_tobytes ( uint8_t  s[32],
const ge_p2 h 
)

Definition at line 479 of file curve25519.c.

◆ X25519_keypair()

void X25519_keypair ( uint8_t  out_public_value[32],
uint8_t  out_private_key[32] 
)

Definition at line 2100 of file curve25519.c.

◆ X25519_public_from_private()

void X25519_public_from_private ( uint8_t  out_public_value[32],
const uint8_t  private_key[32] 
)

Definition at line 2131 of file curve25519.c.

◆ x25519_sc_reduce()

void x25519_sc_reduce ( uint8_t  s[64])

Definition at line 1057 of file curve25519.c.

◆ x25519_scalar_mult()

static void x25519_scalar_mult ( uint8_t  out[32],
const uint8_t  scalar[32],
const uint8_t  point[32] 
)
static

Definition at line 2088 of file curve25519.c.

◆ x25519_scalar_mult_generic()

static void x25519_scalar_mult_generic ( uint8_t  out[32],
const uint8_t  scalar[32],
const uint8_t  point[32] 
)
static

Definition at line 2006 of file curve25519.c.

autogen_x86imm.f
f
Definition: autogen_x86imm.py:9

grpc
Author(s):
autogenerated on Fri May 16 2025 03:01:09