Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
torvalds
GitHub Repository: torvalds/linux
 Path: blob/master/include/crypto/curve25519.h
26285 views
1
/* SPDX-License-Identifier: GPL-2.0 OR MIT */

2
/*

3
 * Copyright (C) 2015-2019 Jason A. Donenfeld <[email protected]>. All Rights Reserved.

4
 */

5


6
#ifndef CURVE25519_H

7
#define CURVE25519_H

8


9
#include <crypto/algapi.h> // For crypto_memneq.

10
#include <linux/types.h>

11
#include <linux/random.h>

12


13
enum curve25519_lengths {

14
	CURVE25519_KEY_SIZE = 32

15
};

16


17
extern const u8 curve25519_null_point[];

18
extern const u8 curve25519_base_point[];

19


20
void curve25519_generic(u8 out[CURVE25519_KEY_SIZE],

21
			const u8 scalar[CURVE25519_KEY_SIZE],

22
			const u8 point[CURVE25519_KEY_SIZE]);

23


24
void curve25519_arch(u8 out[CURVE25519_KEY_SIZE],

25
		     const u8 scalar[CURVE25519_KEY_SIZE],

26
		     const u8 point[CURVE25519_KEY_SIZE]);

27


28
void curve25519_base_arch(u8 pub[CURVE25519_KEY_SIZE],

29
			  const u8 secret[CURVE25519_KEY_SIZE]);

30


31
bool curve25519_selftest(void);

32


33
static inline

34
bool __must_check curve25519(u8 mypublic[CURVE25519_KEY_SIZE],

35
			     const u8 secret[CURVE25519_KEY_SIZE],

36
			     const u8 basepoint[CURVE25519_KEY_SIZE])

37
{

38
	if (IS_ENABLED(CONFIG_CRYPTO_ARCH_HAVE_LIB_CURVE25519))

39
		curve25519_arch(mypublic, secret, basepoint);

40
	else

41
		curve25519_generic(mypublic, secret, basepoint);

42
	return crypto_memneq(mypublic, curve25519_null_point,

43
			     CURVE25519_KEY_SIZE);

44
}

45


46
static inline bool

47
__must_check curve25519_generate_public(u8 pub[CURVE25519_KEY_SIZE],

48
					const u8 secret[CURVE25519_KEY_SIZE])

49
{

50
	if (unlikely(!crypto_memneq(secret, curve25519_null_point,

51
				    CURVE25519_KEY_SIZE)))

52
		return false;

53


54
	if (IS_ENABLED(CONFIG_CRYPTO_ARCH_HAVE_LIB_CURVE25519))

55
		curve25519_base_arch(pub, secret);

56
	else

57
		curve25519_generic(pub, secret, curve25519_base_point);

58
	return crypto_memneq(pub, curve25519_null_point, CURVE25519_KEY_SIZE);

59
}

60


61
static inline void curve25519_clamp_secret(u8 secret[CURVE25519_KEY_SIZE])

62
{

63
	secret[0] &= 248;

64
	secret[31] = (secret[31] & 127) | 64;

65
}

66


67
static inline void curve25519_generate_secret(u8 secret[CURVE25519_KEY_SIZE])

68
{

69
	get_random_bytes_wait(secret, CURVE25519_KEY_SIZE);

70
	curve25519_clamp_secret(secret);

71
}

72


73
#endif /* CURVE25519_H */

74


75