-rw-r--r-- 1392 lib25519-20220726/crypto_dh/x25519/amd64-51/mont25519.c raw
#include "randombytes.h"
#include "crypto_dh.h"
#include "fe25519.h"
#define work_cswap CRYPTO_NAMESPACE(work_cswap)
#define ladderstep CRYPTO_NAMESPACE(ladderstep)
extern void work_cswap(fe25519 *, unsigned long long);
extern void ladderstep(fe25519 *work);
static void mladder(fe25519 *xr, fe25519 *zr, const unsigned char s[32])
{
fe25519 work[5];
unsigned char bit, prevbit=0;
unsigned long long swap;
int j;
int i;
work[0] = *xr;
fe25519_setint(work+1,1);
fe25519_setint(work+2,0);
work[3] = *xr;
fe25519_setint(work+4,1);
j = 6;
for(i=31;i>=0;i--)
{
while(j >= 0)
{
bit = 1&(s[i]>>j);
swap = bit ^ prevbit;
prevbit = bit;
work_cswap(work+1, swap);
ladderstep(work);
j -= 1;
}
j = 7;
}
*xr = work[1];
*zr = work[2];
}
void crypto_dh(unsigned char *r,
const unsigned char *p,
const unsigned char *s)
{
unsigned char e[32];
int i;
for(i=0;i<32;i++) e[i] = s[i];
e[0] &= 248;
e[31] &= 127;
e[31] |= 64;
fe25519 t;
fe25519 z;
fe25519_unpack(&t, p);
mladder(&t, &z, e);
fe25519_invert(&z, &z);
fe25519_mul(&t, &t, &z);
fe25519_pack(r, &t);
}
static const unsigned char basepoint[32] = {9};
void crypto_dh_keypair(unsigned char *pk,unsigned char *sk)
{
randombytes(sk,crypto_dh_SECRETKEYBYTES);
crypto_dh(pk,basepoint,sk);
}