2018-09-20 01:49:47 +02:00
|
|
|
// SPDX-License-Identifier: GPL-2.0
|
|
|
|
|
/*
|
2020-01-02 19:52:25 +01:00
|
|
|
* Copyright (C) 2018-2020 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
|
2015-06-05 15:58:00 +02:00
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
#include "curve25519.h"
|
|
|
|
|
|
|
|
|
|
#include <stdint.h>
|
|
|
|
|
#include <string.h>
|
|
|
|
|
|
2018-10-09 15:21:27 +02:00
|
|
|
#ifndef __BYTE_ORDER__
|
|
|
|
|
#include <sys/param.h>
|
|
|
|
|
#if !defined(BYTE_ORDER) || !defined(BIG_ENDIAN) || !defined(LITTLE_ENDIAN)
|
|
|
|
|
#error "Unable to determine endianness."
|
|
|
|
|
#endif
|
|
|
|
|
#define __BYTE_ORDER__ BYTE_ORDER
|
|
|
|
|
#define __ORDER_BIG_ENDIAN__ BIG_ENDIAN
|
|
|
|
|
#define __ORDER_LITTLE_ENDIAN__ LITTLE_ENDIAN
|
|
|
|
|
#endif
|
|
|
|
|
|
2018-02-17 18:58:31 +01:00
|
|
|
#ifdef __linux__
|
|
|
|
|
#include <linux/types.h>
|
|
|
|
|
typedef __u64 u64;
|
|
|
|
|
typedef __u32 u32;
|
|
|
|
|
typedef __u8 u8;
|
|
|
|
|
typedef __s64 s64;
|
|
|
|
|
#else
|
|
|
|
|
typedef uint64_t u64, __le64;
|
|
|
|
|
typedef uint32_t u32, __le32;
|
2018-01-22 17:58:44 +01:00
|
|
|
typedef uint8_t u8;
|
|
|
|
|
typedef int64_t s64;
|
2018-02-17 18:58:31 +01:00
|
|
|
#endif
|
2018-02-05 12:23:10 +01:00
|
|
|
#if __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__
|
|
|
|
|
#define le64_to_cpup(a) __builtin_bswap64(*(a))
|
|
|
|
|
#define le32_to_cpup(a) __builtin_bswap32(*(a))
|
|
|
|
|
#define cpu_to_le64(a) __builtin_bswap64(a)
|
|
|
|
|
#else
|
|
|
|
|
#define le64_to_cpup(a) (*(a))
|
|
|
|
|
#define le32_to_cpup(a) (*(a))
|
|
|
|
|
#define cpu_to_le64(a) (a)
|
|
|
|
|
#endif
|
2020-02-07 15:46:59 +01:00
|
|
|
#ifndef __unused
|
|
|
|
|
#define __unused __attribute__((unused))
|
|
|
|
|
#endif
|
|
|
|
|
#ifndef __always_inline
|
|
|
|
|
#define __always_inline __inline __attribute__((__always_inline__))
|
|
|
|
|
#endif
|
|
|
|
|
#ifndef noinline
|
|
|
|
|
#define noinline __attribute__((noinline))
|
|
|
|
|
#endif
|
|
|
|
|
#ifndef __aligned
|
|
|
|
|
#define __aligned(x) __attribute__((aligned(x)))
|
|
|
|
|
#endif
|
|
|
|
|
#ifndef __force
|
|
|
|
|
#define __force
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
static __always_inline __unused __le32 get_unaligned_le32(const u8 *a)
|
2018-12-20 18:30:21 +01:00
|
|
|
{
|
|
|
|
|
__le32 l;
|
|
|
|
|
__builtin_memcpy(&l, a, sizeof(l));
|
|
|
|
|
return le32_to_cpup(&l);
|
|
|
|
|
}
|
2020-02-07 15:46:59 +01:00
|
|
|
static __always_inline __unused __le64 get_unaligned_le64(const u8 *a)
|
2018-12-20 18:30:21 +01:00
|
|
|
{
|
|
|
|
|
__le64 l;
|
|
|
|
|
__builtin_memcpy(&l, a, sizeof(l));
|
|
|
|
|
return le64_to_cpup(&l);
|
|
|
|
|
}
|
2020-02-07 15:46:59 +01:00
|
|
|
static __always_inline __unused void put_unaligned_le64(u64 s, u8 *d)
|
2018-12-20 18:30:21 +01:00
|
|
|
{
|
|
|
|
|
__le64 l = cpu_to_le64(s);
|
|
|
|
|
__builtin_memcpy(d, &l, sizeof(l));
|
|
|
|
|
}
|
2018-01-18 11:46:01 +01:00
|
|
|
|
2018-01-22 17:58:44 +01:00
|
|
|
static noinline void memzero_explicit(void *s, size_t count)
|
2018-01-18 11:46:01 +01:00
|
|
|
{
|
2018-01-22 17:58:44 +01:00
|
|
|
memset(s, 0, count);
|
2019-02-05 01:00:52 +01:00
|
|
|
asm volatile("": :"r"(s) : "memory");
|
2015-06-05 15:58:00 +02:00
|
|
|
}
|
|
|
|
|
|
2018-01-22 17:58:44 +01:00
|
|
|
#ifdef __SIZEOF_INT128__
|
2019-12-26 12:09:53 +01:00
|
|
|
#include "curve25519-hacl64.h"
|
2018-02-01 19:15:28 +01:00
|
|
|
#else
|
2019-12-26 12:09:53 +01:00
|
|
|
#include "curve25519-fiat32.h"
|
2015-06-05 15:58:00 +02:00
|
|
|
#endif
|
|
|
|
|
|
2018-09-24 22:02:13 +02:00
|
|
|
void curve25519_generate_public(uint8_t pub[static CURVE25519_KEY_SIZE], const uint8_t secret[static CURVE25519_KEY_SIZE])
|
2015-06-05 15:58:00 +02:00
|
|
|
{
|
2018-12-20 18:30:21 +01:00
|
|
|
static const uint8_t basepoint[CURVE25519_KEY_SIZE] __aligned(sizeof(uintptr_t)) = { 9 };
|
2017-10-25 17:56:08 +02:00
|
|
|
|
2015-06-05 15:58:00 +02:00
|
|
|
curve25519(pub, secret, basepoint);
|
|
|
|
|
}
|
2018-01-22 17:58:44 +01:00
|
|
|
|
2018-09-24 22:02:13 +02:00
|
|
|
void curve25519(uint8_t mypublic[static CURVE25519_KEY_SIZE], const uint8_t secret[static CURVE25519_KEY_SIZE], const uint8_t basepoint[static CURVE25519_KEY_SIZE])
|
2018-01-22 17:58:44 +01:00
|
|
|
{
|
|
|
|
|
curve25519_generic(mypublic, secret, basepoint);
|
|
|
|
|
}
|
