Two new Curve25519 implementations (generic "i31" code, and optimised code with MUL31).

[BearSSL] / src / ec / ec_c25519_m15.c

diff --git a/src/ec/ec_c25519_m15.c b/src/ec/ec_c25519_m15.c
index 5079d5e..3cb98d5 100644 (file)
--- a/src/ec/ec_c25519_m15.c
+++ b/src/ec/ec_c25519_m15.c
@@ -1231,10 +1231,10 @@ static const unsigned char GEN[] = {
 };
 
 static const unsigned char ORDER[] = {
-       0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-       0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-       0x14, 0xDE, 0xF9, 0xDE, 0xA2, 0xF7, 0x9C, 0xD6,
-       0x58, 0x12, 0x63, 0x1A, 0x5C, 0xF5, 0xD3, 0xED
+       0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+       0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+       0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+       0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
 };
 
 static const unsigned char *
@@ -1253,6 +1253,14 @@ api_order(int curve, size_t *len)
        return ORDER;
 }
 
+static size_t
+api_xoff(int curve, size_t *len)
+{
+       (void)curve;
+       *len = 32;
+       return 0;
+}
+
 static void
 cswap(uint32_t *a, uint32_t *b, uint32_t ctl)
 {
@@ -1445,6 +1453,7 @@ const br_ec_impl br_ec_c25519_m15 = {
        (uint32_t)0x20000000,
        &api_generator,
        &api_order,
+       &api_xoff,
        &api_mul,
        &api_mulgen,
        &api_muladd