diff options
Diffstat (limited to 'src/lib/pubkey/ed25519')
-rw-r--r-- | src/lib/pubkey/ed25519/ed25519.cpp | 2 | ||||
-rw-r--r-- | src/lib/pubkey/ed25519/ed25519_fe.cpp | 514 | ||||
-rw-r--r-- | src/lib/pubkey/ed25519/ed25519_internal.h | 18 |
3 files changed, 263 insertions, 271 deletions
diff --git a/src/lib/pubkey/ed25519/ed25519.cpp b/src/lib/pubkey/ed25519/ed25519.cpp index 13f75ac3b..5c9bd2b3d 100644 --- a/src/lib/pubkey/ed25519/ed25519.cpp +++ b/src/lib/pubkey/ed25519/ed25519.cpp @@ -90,7 +90,7 @@ bool ed25519_verify(const uint8_t* m, size_t mlen, ge_double_scalarmult_vartime(rcheck, h, &A, sig + 32); - return same_mem(rcheck, sig, 32); + return constant_time_compare(rcheck, sig, 32); } } diff --git a/src/lib/pubkey/ed25519/ed25519_fe.cpp b/src/lib/pubkey/ed25519/ed25519_fe.cpp index 8087aaff1..067c9dc18 100644 --- a/src/lib/pubkey/ed25519/ed25519_fe.cpp +++ b/src/lib/pubkey/ed25519/ed25519_fe.cpp @@ -150,106 +150,106 @@ FE_25519 FE_25519::mul(const FE_25519& f, const FE_25519& g) int32_t f5_2 = 2 * f5; int32_t f7_2 = 2 * f7; int32_t f9_2 = 2 * f9; - int64_t f0g0 = f0 * (int64_t) g0; - int64_t f0g1 = f0 * (int64_t) g1; - int64_t f0g2 = f0 * (int64_t) g2; - int64_t f0g3 = f0 * (int64_t) g3; - int64_t f0g4 = f0 * (int64_t) g4; - int64_t f0g5 = f0 * (int64_t) g5; - int64_t f0g6 = f0 * (int64_t) g6; - int64_t f0g7 = f0 * (int64_t) g7; - int64_t f0g8 = f0 * (int64_t) g8; - int64_t f0g9 = f0 * (int64_t) g9; - int64_t f1g0 = f1 * (int64_t) g0; - int64_t f1g1_2 = f1_2 * (int64_t) g1; - int64_t f1g2 = f1 * (int64_t) g2; - int64_t f1g3_2 = f1_2 * (int64_t) g3; - int64_t f1g4 = f1 * (int64_t) g4; - int64_t f1g5_2 = f1_2 * (int64_t) g5; - int64_t f1g6 = f1 * (int64_t) g6; - int64_t f1g7_2 = f1_2 * (int64_t) g7; - int64_t f1g8 = f1 * (int64_t) g8; - int64_t f1g9_38 = f1_2 * (int64_t) g9_19; - int64_t f2g0 = f2 * (int64_t) g0; - int64_t f2g1 = f2 * (int64_t) g1; - int64_t f2g2 = f2 * (int64_t) g2; - int64_t f2g3 = f2 * (int64_t) g3; - int64_t f2g4 = f2 * (int64_t) g4; - int64_t f2g5 = f2 * (int64_t) g5; - int64_t f2g6 = f2 * (int64_t) g6; - int64_t f2g7 = f2 * (int64_t) g7; - int64_t f2g8_19 = f2 * (int64_t) g8_19; - int64_t f2g9_19 = f2 * (int64_t) g9_19; - int64_t f3g0 = f3 * (int64_t) g0; - int64_t f3g1_2 = f3_2 * (int64_t) g1; - int64_t f3g2 = f3 * (int64_t) g2; - int64_t f3g3_2 = f3_2 * (int64_t) g3; - int64_t f3g4 = f3 * (int64_t) g4; - int64_t f3g5_2 = f3_2 * (int64_t) g5; - int64_t f3g6 = f3 * (int64_t) g6; - int64_t f3g7_38 = f3_2 * (int64_t) g7_19; - int64_t f3g8_19 = f3 * (int64_t) g8_19; - int64_t f3g9_38 = f3_2 * (int64_t) g9_19; - int64_t f4g0 = f4 * (int64_t) g0; - int64_t f4g1 = f4 * (int64_t) g1; - int64_t f4g2 = f4 * (int64_t) g2; - int64_t f4g3 = f4 * (int64_t) g3; - int64_t f4g4 = f4 * (int64_t) g4; - int64_t f4g5 = f4 * (int64_t) g5; - int64_t f4g6_19 = f4 * (int64_t) g6_19; - int64_t f4g7_19 = f4 * (int64_t) g7_19; - int64_t f4g8_19 = f4 * (int64_t) g8_19; - int64_t f4g9_19 = f4 * (int64_t) g9_19; - int64_t f5g0 = f5 * (int64_t) g0; - int64_t f5g1_2 = f5_2 * (int64_t) g1; - int64_t f5g2 = f5 * (int64_t) g2; - int64_t f5g3_2 = f5_2 * (int64_t) g3; - int64_t f5g4 = f5 * (int64_t) g4; - int64_t f5g5_38 = f5_2 * (int64_t) g5_19; - int64_t f5g6_19 = f5 * (int64_t) g6_19; - int64_t f5g7_38 = f5_2 * (int64_t) g7_19; - int64_t f5g8_19 = f5 * (int64_t) g8_19; - int64_t f5g9_38 = f5_2 * (int64_t) g9_19; - int64_t f6g0 = f6 * (int64_t) g0; - int64_t f6g1 = f6 * (int64_t) g1; - int64_t f6g2 = f6 * (int64_t) g2; - int64_t f6g3 = f6 * (int64_t) g3; - int64_t f6g4_19 = f6 * (int64_t) g4_19; - int64_t f6g5_19 = f6 * (int64_t) g5_19; - int64_t f6g6_19 = f6 * (int64_t) g6_19; - int64_t f6g7_19 = f6 * (int64_t) g7_19; - int64_t f6g8_19 = f6 * (int64_t) g8_19; - int64_t f6g9_19 = f6 * (int64_t) g9_19; - int64_t f7g0 = f7 * (int64_t) g0; - int64_t f7g1_2 = f7_2 * (int64_t) g1; - int64_t f7g2 = f7 * (int64_t) g2; - int64_t f7g3_38 = f7_2 * (int64_t) g3_19; - int64_t f7g4_19 = f7 * (int64_t) g4_19; - int64_t f7g5_38 = f7_2 * (int64_t) g5_19; - int64_t f7g6_19 = f7 * (int64_t) g6_19; - int64_t f7g7_38 = f7_2 * (int64_t) g7_19; - int64_t f7g8_19 = f7 * (int64_t) g8_19; - int64_t f7g9_38 = f7_2 * (int64_t) g9_19; - int64_t f8g0 = f8 * (int64_t) g0; - int64_t f8g1 = f8 * (int64_t) g1; - int64_t f8g2_19 = f8 * (int64_t) g2_19; - int64_t f8g3_19 = f8 * (int64_t) g3_19; - int64_t f8g4_19 = f8 * (int64_t) g4_19; - int64_t f8g5_19 = f8 * (int64_t) g5_19; - int64_t f8g6_19 = f8 * (int64_t) g6_19; - int64_t f8g7_19 = f8 * (int64_t) g7_19; - int64_t f8g8_19 = f8 * (int64_t) g8_19; - int64_t f8g9_19 = f8 * (int64_t) g9_19; - int64_t f9g0 = f9 * (int64_t) g0; - int64_t f9g1_38 = f9_2 * (int64_t) g1_19; - int64_t f9g2_19 = f9 * (int64_t) g2_19; - int64_t f9g3_38 = f9_2 * (int64_t) g3_19; - int64_t f9g4_19 = f9 * (int64_t) g4_19; - int64_t f9g5_38 = f9_2 * (int64_t) g5_19; - int64_t f9g6_19 = f9 * (int64_t) g6_19; - int64_t f9g7_38 = f9_2 * (int64_t) g7_19; - int64_t f9g8_19 = f9 * (int64_t) g8_19; - int64_t f9g9_38 = f9_2 * (int64_t) g9_19; + int64_t f0g0 = f0 * static_cast<int64_t>(g0); + int64_t f0g1 = f0 * static_cast<int64_t>(g1); + int64_t f0g2 = f0 * static_cast<int64_t>(g2); + int64_t f0g3 = f0 * static_cast<int64_t>(g3); + int64_t f0g4 = f0 * static_cast<int64_t>(g4); + int64_t f0g5 = f0 * static_cast<int64_t>(g5); + int64_t f0g6 = f0 * static_cast<int64_t>(g6); + int64_t f0g7 = f0 * static_cast<int64_t>(g7); + int64_t f0g8 = f0 * static_cast<int64_t>(g8); + int64_t f0g9 = f0 * static_cast<int64_t>(g9); + int64_t f1g0 = f1 * static_cast<int64_t>(g0); + int64_t f1g1_2 = f1_2 * static_cast<int64_t>(g1); + int64_t f1g2 = f1 * static_cast<int64_t>(g2); + int64_t f1g3_2 = f1_2 * static_cast<int64_t>(g3); + int64_t f1g4 = f1 * static_cast<int64_t>(g4); + int64_t f1g5_2 = f1_2 * static_cast<int64_t>(g5); + int64_t f1g6 = f1 * static_cast<int64_t>(g6); + int64_t f1g7_2 = f1_2 * static_cast<int64_t>(g7); + int64_t f1g8 = f1 * static_cast<int64_t>(g8); + int64_t f1g9_38 = f1_2 * static_cast<int64_t>(g9_19); + int64_t f2g0 = f2 * static_cast<int64_t>(g0); + int64_t f2g1 = f2 * static_cast<int64_t>(g1); + int64_t f2g2 = f2 * static_cast<int64_t>(g2); + int64_t f2g3 = f2 * static_cast<int64_t>(g3); + int64_t f2g4 = f2 * static_cast<int64_t>(g4); + int64_t f2g5 = f2 * static_cast<int64_t>(g5); + int64_t f2g6 = f2 * static_cast<int64_t>(g6); + int64_t f2g7 = f2 * static_cast<int64_t>(g7); + int64_t f2g8_19 = f2 * static_cast<int64_t>(g8_19); + int64_t f2g9_19 = f2 * static_cast<int64_t>(g9_19); + int64_t f3g0 = f3 * static_cast<int64_t>(g0); + int64_t f3g1_2 = f3_2 * static_cast<int64_t>(g1); + int64_t f3g2 = f3 * static_cast<int64_t>(g2); + int64_t f3g3_2 = f3_2 * static_cast<int64_t>(g3); + int64_t f3g4 = f3 * static_cast<int64_t>(g4); + int64_t f3g5_2 = f3_2 * static_cast<int64_t>(g5); + int64_t f3g6 = f3 * static_cast<int64_t>(g6); + int64_t f3g7_38 = f3_2 * static_cast<int64_t>(g7_19); + int64_t f3g8_19 = f3 * static_cast<int64_t>(g8_19); + int64_t f3g9_38 = f3_2 * static_cast<int64_t>(g9_19); + int64_t f4g0 = f4 * static_cast<int64_t>(g0); + int64_t f4g1 = f4 * static_cast<int64_t>(g1); + int64_t f4g2 = f4 * static_cast<int64_t>(g2); + int64_t f4g3 = f4 * static_cast<int64_t>(g3); + int64_t f4g4 = f4 * static_cast<int64_t>(g4); + int64_t f4g5 = f4 * static_cast<int64_t>(g5); + int64_t f4g6_19 = f4 * static_cast<int64_t>(g6_19); + int64_t f4g7_19 = f4 * static_cast<int64_t>(g7_19); + int64_t f4g8_19 = f4 * static_cast<int64_t>(g8_19); + int64_t f4g9_19 = f4 * static_cast<int64_t>(g9_19); + int64_t f5g0 = f5 * static_cast<int64_t>(g0); + int64_t f5g1_2 = f5_2 * static_cast<int64_t>(g1); + int64_t f5g2 = f5 * static_cast<int64_t>(g2); + int64_t f5g3_2 = f5_2 * static_cast<int64_t>(g3); + int64_t f5g4 = f5 * static_cast<int64_t>(g4); + int64_t f5g5_38 = f5_2 * static_cast<int64_t>(g5_19); + int64_t f5g6_19 = f5 * static_cast<int64_t>(g6_19); + int64_t f5g7_38 = f5_2 * static_cast<int64_t>(g7_19); + int64_t f5g8_19 = f5 * static_cast<int64_t>(g8_19); + int64_t f5g9_38 = f5_2 * static_cast<int64_t>(g9_19); + int64_t f6g0 = f6 * static_cast<int64_t>(g0); + int64_t f6g1 = f6 * static_cast<int64_t>(g1); + int64_t f6g2 = f6 * static_cast<int64_t>(g2); + int64_t f6g3 = f6 * static_cast<int64_t>(g3); + int64_t f6g4_19 = f6 * static_cast<int64_t>(g4_19); + int64_t f6g5_19 = f6 * static_cast<int64_t>(g5_19); + int64_t f6g6_19 = f6 * static_cast<int64_t>(g6_19); + int64_t f6g7_19 = f6 * static_cast<int64_t>(g7_19); + int64_t f6g8_19 = f6 * static_cast<int64_t>(g8_19); + int64_t f6g9_19 = f6 * static_cast<int64_t>(g9_19); + int64_t f7g0 = f7 * static_cast<int64_t>(g0); + int64_t f7g1_2 = f7_2 * static_cast<int64_t>(g1); + int64_t f7g2 = f7 * static_cast<int64_t>(g2); + int64_t f7g3_38 = f7_2 * static_cast<int64_t>(g3_19); + int64_t f7g4_19 = f7 * static_cast<int64_t>(g4_19); + int64_t f7g5_38 = f7_2 * static_cast<int64_t>(g5_19); + int64_t f7g6_19 = f7 * static_cast<int64_t>(g6_19); + int64_t f7g7_38 = f7_2 * static_cast<int64_t>(g7_19); + int64_t f7g8_19 = f7 * static_cast<int64_t>(g8_19); + int64_t f7g9_38 = f7_2 * static_cast<int64_t>(g9_19); + int64_t f8g0 = f8 * static_cast<int64_t>(g0); + int64_t f8g1 = f8 * static_cast<int64_t>(g1); + int64_t f8g2_19 = f8 * static_cast<int64_t>(g2_19); + int64_t f8g3_19 = f8 * static_cast<int64_t>(g3_19); + int64_t f8g4_19 = f8 * static_cast<int64_t>(g4_19); + int64_t f8g5_19 = f8 * static_cast<int64_t>(g5_19); + int64_t f8g6_19 = f8 * static_cast<int64_t>(g6_19); + int64_t f8g7_19 = f8 * static_cast<int64_t>(g7_19); + int64_t f8g8_19 = f8 * static_cast<int64_t>(g8_19); + int64_t f8g9_19 = f8 * static_cast<int64_t>(g9_19); + int64_t f9g0 = f9 * static_cast<int64_t>(g0); + int64_t f9g1_38 = f9_2 * static_cast<int64_t>(g1_19); + int64_t f9g2_19 = f9 * static_cast<int64_t>(g2_19); + int64_t f9g3_38 = f9_2 * static_cast<int64_t>(g3_19); + int64_t f9g4_19 = f9 * static_cast<int64_t>(g4_19); + int64_t f9g5_38 = f9_2 * static_cast<int64_t>(g5_19); + int64_t f9g6_19 = f9 * static_cast<int64_t>(g6_19); + int64_t f9g7_38 = f9_2 * static_cast<int64_t>(g7_19); + int64_t f9g8_19 = f9 * static_cast<int64_t>(g8_19); + int64_t f9g9_38 = f9_2 * static_cast<int64_t>(g9_19); int64_t h0 = f0g0+f1g9_38+f2g8_19+f3g7_38+f4g6_19+f5g5_38+f6g4_19+f7g3_38+f8g2_19+f9g1_38; int64_t h1 = f0g1+f1g0 +f2g9_19+f3g8_19+f4g7_19+f5g6_19+f6g5_19+f7g4_19+f8g3_19+f9g2_19; int64_t h2 = f0g2+f1g1_2 +f2g0 +f3g9_38+f4g8_19+f5g7_38+f6g6_19+f7g5_38+f8g4_19+f9g3_38; @@ -278,10 +278,10 @@ FE_25519 FE_25519::mul(const FE_25519& f, const FE_25519& g) i.e. |h1| <= 1.7*2^59; narrower ranges for h3, h5, h7, h9 */ - carry0 = (h0 + (int64_t)(1<<25)) >> 26; + carry0 = (h0 + (static_cast<int64_t>(1) << 25)) >> 26; h1 += carry0; h0 -= carry0 << 26; - carry4 = (h4 + (int64_t)(1<<25)) >> 26; + carry4 = (h4 + (static_cast<int64_t>(1) << 25)) >> 26; h5 += carry4; h4 -= carry4 << 26; /* |h0| <= 2^25 */ @@ -289,10 +289,10 @@ FE_25519 FE_25519::mul(const FE_25519& f, const FE_25519& g) /* |h1| <= 1.71*2^59 */ /* |h5| <= 1.71*2^59 */ - carry1 = (h1 + (int64_t)(1<<24)) >> 25; + carry1 = (h1 + (static_cast<int64_t>(1) << 24)) >> 25; h2 += carry1; h1 -= carry1 << 25; - carry5 = (h5 + (int64_t)(1<<24)) >> 25; + carry5 = (h5 + (static_cast<int64_t>(1) << 24)) >> 25; h6 += carry5; h5 -= carry5 << 25; /* |h1| <= 2^24; from now on fits into int32 */ @@ -300,10 +300,10 @@ FE_25519 FE_25519::mul(const FE_25519& f, const FE_25519& g) /* |h2| <= 1.41*2^60 */ /* |h6| <= 1.41*2^60 */ - carry2 = (h2 + (int64_t)(1<<25)) >> 26; + carry2 = (h2 + (static_cast<int64_t>(1) << 25)) >> 26; h3 += carry2; h2 -= carry2 << 26; - carry6 = (h6 + (int64_t)(1<<25)) >> 26; + carry6 = (h6 + (static_cast<int64_t>(1) << 25)) >> 26; h7 += carry6; h6 -= carry6 << 26; /* |h2| <= 2^25; from now on fits into int32 unchanged */ @@ -311,10 +311,10 @@ FE_25519 FE_25519::mul(const FE_25519& f, const FE_25519& g) /* |h3| <= 1.71*2^59 */ /* |h7| <= 1.71*2^59 */ - carry3 = (h3 + (int64_t)(1<<24)) >> 25; + carry3 = (h3 + (static_cast<int64_t>(1) << 24)) >> 25; h4 += carry3; h3 -= carry3 << 25; - carry7 = (h7 + (int64_t)(1<<24)) >> 25; + carry7 = (h7 + (static_cast<int64_t>(1) << 24)) >> 25; h8 += carry7; h7 -= carry7 << 25; /* |h3| <= 2^24; from now on fits into int32 unchanged */ @@ -322,10 +322,10 @@ FE_25519 FE_25519::mul(const FE_25519& f, const FE_25519& g) /* |h4| <= 1.72*2^34 */ /* |h8| <= 1.41*2^60 */ - carry4 = (h4 + (int64_t)(1<<25)) >> 26; + carry4 = (h4 + (static_cast<int64_t>(1) << 25)) >> 26; h5 += carry4; h4 -= carry4 << 26; - carry8 = (h8 + (int64_t)(1<<25)) >> 26; + carry8 = (h8 + (static_cast<int64_t>(1) << 25)) >> 26; h9 += carry8; h8 -= carry8 << 26; /* |h4| <= 2^25; from now on fits into int32 unchanged */ @@ -333,13 +333,13 @@ FE_25519 FE_25519::mul(const FE_25519& f, const FE_25519& g) /* |h5| <= 1.01*2^24 */ /* |h9| <= 1.71*2^59 */ - carry9 = (h9 + (int64_t)(1<<24)) >> 25; + carry9 = (h9 + (static_cast<int64_t>(1) << 24)) >> 25; h0 += carry9 * 19; h9 -= carry9 << 25; /* |h9| <= 2^24; from now on fits into int32 unchanged */ /* |h0| <= 1.1*2^39 */ - carry0 = (h0 + (int64_t)(1<<25)) >> 26; + carry0 = (h0 + (static_cast<int64_t>(1) << 25)) >> 26; h1 += carry0; h0 -= carry0 << 26; /* |h0| <= 2^25; from now on fits into int32 unchanged */ @@ -393,61 +393,61 @@ FE_25519 FE_25519::sqr_iter(const FE_25519& f, size_t iter) const int32_t f8_19 = 19 * f8; /* 1.959375*2^30 */ const int32_t f9_38 = 38 * f9; /* 1.959375*2^30 */ - const int64_t f0f0 = f0 * (int64_t) f0; - const int64_t f0f1_2 = f0_2 * (int64_t) f1; - const int64_t f0f2_2 = f0_2 * (int64_t) f2; - const int64_t f0f3_2 = f0_2 * (int64_t) f3; - const int64_t f0f4_2 = f0_2 * (int64_t) f4; - const int64_t f0f5_2 = f0_2 * (int64_t) f5; - const int64_t f0f6_2 = f0_2 * (int64_t) f6; - const int64_t f0f7_2 = f0_2 * (int64_t) f7; - const int64_t f0f8_2 = f0_2 * (int64_t) f8; - const int64_t f0f9_2 = f0_2 * (int64_t) f9; - const int64_t f1f1_2 = f1_2 * (int64_t) f1; - const int64_t f1f2_2 = f1_2 * (int64_t) f2; - const int64_t f1f3_4 = f1_2 * (int64_t) f3_2; - const int64_t f1f4_2 = f1_2 * (int64_t) f4; - const int64_t f1f5_4 = f1_2 * (int64_t) f5_2; - const int64_t f1f6_2 = f1_2 * (int64_t) f6; - const int64_t f1f7_4 = f1_2 * (int64_t) f7_2; - const int64_t f1f8_2 = f1_2 * (int64_t) f8; - const int64_t f1f9_76 = f1_2 * (int64_t) f9_38; - const int64_t f2f2 = f2 * (int64_t) f2; - const int64_t f2f3_2 = f2_2 * (int64_t) f3; - const int64_t f2f4_2 = f2_2 * (int64_t) f4; - const int64_t f2f5_2 = f2_2 * (int64_t) f5; - const int64_t f2f6_2 = f2_2 * (int64_t) f6; - const int64_t f2f7_2 = f2_2 * (int64_t) f7; - const int64_t f2f8_38 = f2_2 * (int64_t) f8_19; - const int64_t f2f9_38 = f2 * (int64_t) f9_38; - const int64_t f3f3_2 = f3_2 * (int64_t) f3; - const int64_t f3f4_2 = f3_2 * (int64_t) f4; - const int64_t f3f5_4 = f3_2 * (int64_t) f5_2; - const int64_t f3f6_2 = f3_2 * (int64_t) f6; - const int64_t f3f7_76 = f3_2 * (int64_t) f7_38; - const int64_t f3f8_38 = f3_2 * (int64_t) f8_19; - const int64_t f3f9_76 = f3_2 * (int64_t) f9_38; - const int64_t f4f4 = f4 * (int64_t) f4; - const int64_t f4f5_2 = f4_2 * (int64_t) f5; - const int64_t f4f6_38 = f4_2 * (int64_t) f6_19; - const int64_t f4f7_38 = f4 * (int64_t) f7_38; - const int64_t f4f8_38 = f4_2 * (int64_t) f8_19; - const int64_t f4f9_38 = f4 * (int64_t) f9_38; - const int64_t f5f5_38 = f5 * (int64_t) f5_38; - const int64_t f5f6_38 = f5_2 * (int64_t) f6_19; - const int64_t f5f7_76 = f5_2 * (int64_t) f7_38; - const int64_t f5f8_38 = f5_2 * (int64_t) f8_19; - const int64_t f5f9_76 = f5_2 * (int64_t) f9_38; - const int64_t f6f6_19 = f6 * (int64_t) f6_19; - const int64_t f6f7_38 = f6 * (int64_t) f7_38; - const int64_t f6f8_38 = f6_2 * (int64_t) f8_19; - const int64_t f6f9_38 = f6 * (int64_t) f9_38; - const int64_t f7f7_38 = f7 * (int64_t) f7_38; - const int64_t f7f8_38 = f7_2 * (int64_t) f8_19; - const int64_t f7f9_76 = f7_2 * (int64_t) f9_38; - const int64_t f8f8_19 = f8 * (int64_t) f8_19; - const int64_t f8f9_38 = f8 * (int64_t) f9_38; - const int64_t f9f9_38 = f9 * (int64_t) f9_38; + const int64_t f0f0 = f0 * static_cast<int64_t>(f0); + const int64_t f0f1_2 = f0_2 * static_cast<int64_t>(f1); + const int64_t f0f2_2 = f0_2 * static_cast<int64_t>(f2); + const int64_t f0f3_2 = f0_2 * static_cast<int64_t>(f3); + const int64_t f0f4_2 = f0_2 * static_cast<int64_t>(f4); + const int64_t f0f5_2 = f0_2 * static_cast<int64_t>(f5); + const int64_t f0f6_2 = f0_2 * static_cast<int64_t>(f6); + const int64_t f0f7_2 = f0_2 * static_cast<int64_t>(f7); + const int64_t f0f8_2 = f0_2 * static_cast<int64_t>(f8); + const int64_t f0f9_2 = f0_2 * static_cast<int64_t>(f9); + const int64_t f1f1_2 = f1_2 * static_cast<int64_t>(f1); + const int64_t f1f2_2 = f1_2 * static_cast<int64_t>(f2); + const int64_t f1f3_4 = f1_2 * static_cast<int64_t>(f3_2); + const int64_t f1f4_2 = f1_2 * static_cast<int64_t>(f4); + const int64_t f1f5_4 = f1_2 * static_cast<int64_t>(f5_2); + const int64_t f1f6_2 = f1_2 * static_cast<int64_t>(f6); + const int64_t f1f7_4 = f1_2 * static_cast<int64_t>(f7_2); + const int64_t f1f8_2 = f1_2 * static_cast<int64_t>(f8); + const int64_t f1f9_76 = f1_2 * static_cast<int64_t>(f9_38); + const int64_t f2f2 = f2 * static_cast<int64_t>(f2); + const int64_t f2f3_2 = f2_2 * static_cast<int64_t>(f3); + const int64_t f2f4_2 = f2_2 * static_cast<int64_t>(f4); + const int64_t f2f5_2 = f2_2 * static_cast<int64_t>(f5); + const int64_t f2f6_2 = f2_2 * static_cast<int64_t>(f6); + const int64_t f2f7_2 = f2_2 * static_cast<int64_t>(f7); + const int64_t f2f8_38 = f2_2 * static_cast<int64_t>(f8_19); + const int64_t f2f9_38 = f2 * static_cast<int64_t>(f9_38); + const int64_t f3f3_2 = f3_2 * static_cast<int64_t>(f3); + const int64_t f3f4_2 = f3_2 * static_cast<int64_t>(f4); + const int64_t f3f5_4 = f3_2 * static_cast<int64_t>(f5_2); + const int64_t f3f6_2 = f3_2 * static_cast<int64_t>(f6); + const int64_t f3f7_76 = f3_2 * static_cast<int64_t>(f7_38); + const int64_t f3f8_38 = f3_2 * static_cast<int64_t>(f8_19); + const int64_t f3f9_76 = f3_2 * static_cast<int64_t>(f9_38); + const int64_t f4f4 = f4 * static_cast<int64_t>(f4); + const int64_t f4f5_2 = f4_2 * static_cast<int64_t>(f5); + const int64_t f4f6_38 = f4_2 * static_cast<int64_t>(f6_19); + const int64_t f4f7_38 = f4 * static_cast<int64_t>(f7_38); + const int64_t f4f8_38 = f4_2 * static_cast<int64_t>(f8_19); + const int64_t f4f9_38 = f4 * static_cast<int64_t>(f9_38); + const int64_t f5f5_38 = f5 * static_cast<int64_t>(f5_38); + const int64_t f5f6_38 = f5_2 * static_cast<int64_t>(f6_19); + const int64_t f5f7_76 = f5_2 * static_cast<int64_t>(f7_38); + const int64_t f5f8_38 = f5_2 * static_cast<int64_t>(f8_19); + const int64_t f5f9_76 = f5_2 * static_cast<int64_t>(f9_38); + const int64_t f6f6_19 = f6 * static_cast<int64_t>(f6_19); + const int64_t f6f7_38 = f6 * static_cast<int64_t>(f7_38); + const int64_t f6f8_38 = f6_2 * static_cast<int64_t>(f8_19); + const int64_t f6f9_38 = f6 * static_cast<int64_t>(f9_38); + const int64_t f7f7_38 = f7 * static_cast<int64_t>(f7_38); + const int64_t f7f8_38 = f7_2 * static_cast<int64_t>(f8_19); + const int64_t f7f9_76 = f7_2 * static_cast<int64_t>(f9_38); + const int64_t f8f8_19 = f8 * static_cast<int64_t>(f8_19); + const int64_t f8f9_38 = f8 * static_cast<int64_t>(f9_38); + const int64_t f9f9_38 = f9 * static_cast<int64_t>(f9_38); int64_t h0 = f0f0 +f1f9_76+f2f8_38+f3f7_76+f4f6_38+f5f5_38; int64_t h1 = f0f1_2+f2f9_38+f3f8_38+f4f7_38+f5f6_38; @@ -471,45 +471,45 @@ FE_25519 FE_25519::sqr_iter(const FE_25519& f, size_t iter) int64_t carry8; int64_t carry9; - carry0 = (h0 + (int64_t)(1<<25)) >> 26; + carry0 = (h0 + (static_cast<int64_t>(1) << 25)) >> 26; h1 += carry0; h0 -= carry0 << 26; - carry4 = (h4 + (int64_t)(1<<25)) >> 26; + carry4 = (h4 + (static_cast<int64_t>(1) << 25)) >> 26; h5 += carry4; h4 -= carry4 << 26; - carry1 = (h1 + (int64_t)(1<<24)) >> 25; + carry1 = (h1 + (static_cast<int64_t>(1) << 24)) >> 25; h2 += carry1; h1 -= carry1 << 25; - carry5 = (h5 + (int64_t)(1<<24)) >> 25; + carry5 = (h5 + (static_cast<int64_t>(1) << 24)) >> 25; h6 += carry5; h5 -= carry5 << 25; - carry2 = (h2 + (int64_t)(1<<25)) >> 26; + carry2 = (h2 + (static_cast<int64_t>(1) << 25)) >> 26; h3 += carry2; h2 -= carry2 << 26; - carry6 = (h6 + (int64_t)(1<<25)) >> 26; + carry6 = (h6 + (static_cast<int64_t>(1) << 25)) >> 26; h7 += carry6; h6 -= carry6 << 26; - carry3 = (h3 + (int64_t)(1<<24)) >> 25; + carry3 = (h3 + (static_cast<int64_t>(1) << 24)) >> 25; h4 += carry3; h3 -= carry3 << 25; - carry7 = (h7 + (int64_t)(1<<24)) >> 25; + carry7 = (h7 + (static_cast<int64_t>(1) << 24)) >> 25; h8 += carry7; h7 -= carry7 << 25; - carry4 = (h4 + (int64_t)(1<<25)) >> 26; + carry4 = (h4 + (static_cast<int64_t>(1) << 25)) >> 26; h5 += carry4; h4 -= carry4 << 26; - carry8 = (h8 + (int64_t)(1<<25)) >> 26; + carry8 = (h8 + (static_cast<int64_t>(1) << 25)) >> 26; h9 += carry8; h8 -= carry8 << 26; - carry9 = (h9 + (int64_t)(1<<24)) >> 25; + carry9 = (h9 + (static_cast<int64_t>(1) << 24)) >> 25; h0 += carry9 * 19; h9 -= carry9 << 25; - carry0 = (h0 + (int64_t)(1<<25)) >> 26; + carry0 = (h0 + (static_cast<int64_t>(1) << 25)) >> 26; h1 += carry0; h0 -= carry0 << 26; @@ -569,61 +569,61 @@ FE_25519 FE_25519::sqr2(const FE_25519& f) int32_t f7_38 = 38 * f7; /* 1.959375*2^30 */ int32_t f8_19 = 19 * f8; /* 1.959375*2^30 */ int32_t f9_38 = 38 * f9; /* 1.959375*2^30 */ - int64_t f0f0 = f0 * (int64_t) f0; - int64_t f0f1_2 = f0_2 * (int64_t) f1; - int64_t f0f2_2 = f0_2 * (int64_t) f2; - int64_t f0f3_2 = f0_2 * (int64_t) f3; - int64_t f0f4_2 = f0_2 * (int64_t) f4; - int64_t f0f5_2 = f0_2 * (int64_t) f5; - int64_t f0f6_2 = f0_2 * (int64_t) f6; - int64_t f0f7_2 = f0_2 * (int64_t) f7; - int64_t f0f8_2 = f0_2 * (int64_t) f8; - int64_t f0f9_2 = f0_2 * (int64_t) f9; - int64_t f1f1_2 = f1_2 * (int64_t) f1; - int64_t f1f2_2 = f1_2 * (int64_t) f2; - int64_t f1f3_4 = f1_2 * (int64_t) f3_2; - int64_t f1f4_2 = f1_2 * (int64_t) f4; - int64_t f1f5_4 = f1_2 * (int64_t) f5_2; - int64_t f1f6_2 = f1_2 * (int64_t) f6; - int64_t f1f7_4 = f1_2 * (int64_t) f7_2; - int64_t f1f8_2 = f1_2 * (int64_t) f8; - int64_t f1f9_76 = f1_2 * (int64_t) f9_38; - int64_t f2f2 = f2 * (int64_t) f2; - int64_t f2f3_2 = f2_2 * (int64_t) f3; - int64_t f2f4_2 = f2_2 * (int64_t) f4; - int64_t f2f5_2 = f2_2 * (int64_t) f5; - int64_t f2f6_2 = f2_2 * (int64_t) f6; - int64_t f2f7_2 = f2_2 * (int64_t) f7; - int64_t f2f8_38 = f2_2 * (int64_t) f8_19; - int64_t f2f9_38 = f2 * (int64_t) f9_38; - int64_t f3f3_2 = f3_2 * (int64_t) f3; - int64_t f3f4_2 = f3_2 * (int64_t) f4; - int64_t f3f5_4 = f3_2 * (int64_t) f5_2; - int64_t f3f6_2 = f3_2 * (int64_t) f6; - int64_t f3f7_76 = f3_2 * (int64_t) f7_38; - int64_t f3f8_38 = f3_2 * (int64_t) f8_19; - int64_t f3f9_76 = f3_2 * (int64_t) f9_38; - int64_t f4f4 = f4 * (int64_t) f4; - int64_t f4f5_2 = f4_2 * (int64_t) f5; - int64_t f4f6_38 = f4_2 * (int64_t) f6_19; - int64_t f4f7_38 = f4 * (int64_t) f7_38; - int64_t f4f8_38 = f4_2 * (int64_t) f8_19; - int64_t f4f9_38 = f4 * (int64_t) f9_38; - int64_t f5f5_38 = f5 * (int64_t) f5_38; - int64_t f5f6_38 = f5_2 * (int64_t) f6_19; - int64_t f5f7_76 = f5_2 * (int64_t) f7_38; - int64_t f5f8_38 = f5_2 * (int64_t) f8_19; - int64_t f5f9_76 = f5_2 * (int64_t) f9_38; - int64_t f6f6_19 = f6 * (int64_t) f6_19; - int64_t f6f7_38 = f6 * (int64_t) f7_38; - int64_t f6f8_38 = f6_2 * (int64_t) f8_19; - int64_t f6f9_38 = f6 * (int64_t) f9_38; - int64_t f7f7_38 = f7 * (int64_t) f7_38; - int64_t f7f8_38 = f7_2 * (int64_t) f8_19; - int64_t f7f9_76 = f7_2 * (int64_t) f9_38; - int64_t f8f8_19 = f8 * (int64_t) f8_19; - int64_t f8f9_38 = f8 * (int64_t) f9_38; - int64_t f9f9_38 = f9 * (int64_t) f9_38; + int64_t f0f0 = f0 * static_cast<int64_t>(f0); + int64_t f0f1_2 = f0_2 * static_cast<int64_t>(f1); + int64_t f0f2_2 = f0_2 * static_cast<int64_t>(f2); + int64_t f0f3_2 = f0_2 * static_cast<int64_t>(f3); + int64_t f0f4_2 = f0_2 * static_cast<int64_t>(f4); + int64_t f0f5_2 = f0_2 * static_cast<int64_t>(f5); + int64_t f0f6_2 = f0_2 * static_cast<int64_t>(f6); + int64_t f0f7_2 = f0_2 * static_cast<int64_t>(f7); + int64_t f0f8_2 = f0_2 * static_cast<int64_t>(f8); + int64_t f0f9_2 = f0_2 * static_cast<int64_t>(f9); + int64_t f1f1_2 = f1_2 * static_cast<int64_t>(f1); + int64_t f1f2_2 = f1_2 * static_cast<int64_t>(f2); + int64_t f1f3_4 = f1_2 * static_cast<int64_t>(f3_2); + int64_t f1f4_2 = f1_2 * static_cast<int64_t>(f4); + int64_t f1f5_4 = f1_2 * static_cast<int64_t>(f5_2); + int64_t f1f6_2 = f1_2 * static_cast<int64_t>(f6); + int64_t f1f7_4 = f1_2 * static_cast<int64_t>(f7_2); + int64_t f1f8_2 = f1_2 * static_cast<int64_t>(f8); + int64_t f1f9_76 = f1_2 * static_cast<int64_t>(f9_38); + int64_t f2f2 = f2 * static_cast<int64_t>(f2); + int64_t f2f3_2 = f2_2 * static_cast<int64_t>(f3); + int64_t f2f4_2 = f2_2 * static_cast<int64_t>(f4); + int64_t f2f5_2 = f2_2 * static_cast<int64_t>(f5); + int64_t f2f6_2 = f2_2 * static_cast<int64_t>(f6); + int64_t f2f7_2 = f2_2 * static_cast<int64_t>(f7); + int64_t f2f8_38 = f2_2 * static_cast<int64_t>(f8_19); + int64_t f2f9_38 = f2 * static_cast<int64_t>(f9_38); + int64_t f3f3_2 = f3_2 * static_cast<int64_t>(f3); + int64_t f3f4_2 = f3_2 * static_cast<int64_t>(f4); + int64_t f3f5_4 = f3_2 * static_cast<int64_t>(f5_2); + int64_t f3f6_2 = f3_2 * static_cast<int64_t>(f6); + int64_t f3f7_76 = f3_2 * static_cast<int64_t>(f7_38); + int64_t f3f8_38 = f3_2 * static_cast<int64_t>(f8_19); + int64_t f3f9_76 = f3_2 * static_cast<int64_t>(f9_38); + int64_t f4f4 = f4 * static_cast<int64_t>(f4); + int64_t f4f5_2 = f4_2 * static_cast<int64_t>(f5); + int64_t f4f6_38 = f4_2 * static_cast<int64_t>(f6_19); + int64_t f4f7_38 = f4 * static_cast<int64_t>(f7_38); + int64_t f4f8_38 = f4_2 * static_cast<int64_t>(f8_19); + int64_t f4f9_38 = f4 * static_cast<int64_t>(f9_38); + int64_t f5f5_38 = f5 * static_cast<int64_t>(f5_38); + int64_t f5f6_38 = f5_2 * static_cast<int64_t>(f6_19); + int64_t f5f7_76 = f5_2 * static_cast<int64_t>(f7_38); + int64_t f5f8_38 = f5_2 * static_cast<int64_t>(f8_19); + int64_t f5f9_76 = f5_2 * static_cast<int64_t>(f9_38); + int64_t f6f6_19 = f6 * static_cast<int64_t>(f6_19); + int64_t f6f7_38 = f6 * static_cast<int64_t>(f7_38); + int64_t f6f8_38 = f6_2 * static_cast<int64_t>(f8_19); + int64_t f6f9_38 = f6 * static_cast<int64_t>(f9_38); + int64_t f7f7_38 = f7 * static_cast<int64_t>(f7_38); + int64_t f7f8_38 = f7_2 * static_cast<int64_t>(f8_19); + int64_t f7f9_76 = f7_2 * static_cast<int64_t>(f9_38); + int64_t f8f8_19 = f8 * static_cast<int64_t>(f8_19); + int64_t f8f9_38 = f8 * static_cast<int64_t>(f9_38); + int64_t f9f9_38 = f9 * static_cast<int64_t>(f9_38); int64_t h0 = f0f0 +f1f9_76+f2f8_38+f3f7_76+f4f6_38+f5f5_38; int64_t h1 = f0f1_2+f2f9_38+f3f8_38+f4f7_38+f5f6_38; int64_t h2 = f0f2_2+f1f1_2 +f3f9_76+f4f8_38+f5f7_76+f6f6_19; @@ -656,46 +656,46 @@ FE_25519 FE_25519::sqr2(const FE_25519& f) h8 += h8; h9 += h9; - carry0 = (h0 + (int64_t)(1<<25)) >> 26; + carry0 = (h0 + (static_cast<int64_t>(1) << 25)) >> 26; h1 += carry0; h0 -= carry0 << 26; - carry4 = (h4 + (int64_t)(1<<25)) >> 26; + carry4 = (h4 + (static_cast<int64_t>(1) << 25)) >> 26; h5 += carry4; h4 -= carry4 << 26; - carry1 = (h1 + (int64_t)(1<<24)) >> 25; + carry1 = (h1 + (static_cast<int64_t>(1) << 24)) >> 25; h2 += carry1; h1 -= carry1 << 25; - carry5 = (h5 + (int64_t)(1<<24)) >> 25; + carry5 = (h5 + (static_cast<int64_t>(1) << 24)) >> 25; h6 += carry5; h5 -= carry5 << 25; - carry2 = (h2 + (int64_t)(1<<25)) >> 26; + carry2 = (h2 + (static_cast<int64_t>(1) << 25)) >> 26; h3 += carry2; h2 -= carry2 << 26; - carry6 = (h6 + (int64_t)(1<<25)) >> 26; + carry6 = (h6 + (static_cast<int64_t>(1) << 25)) >> 26; h7 += carry6; h6 -= carry6 << 26; - carry3 = (h3 + (int64_t)(1<<24)) >> 25; + carry3 = (h3 + (static_cast<int64_t>(1) << 24)) >> 25; h4 += carry3; h3 -= carry3 << 25; - carry7 = (h7 + (int64_t)(1<<24)) >> 25; + carry7 = (h7 + (static_cast<int64_t>(1) << 24)) >> 25; h8 += carry7; h7 -= carry7 << 25; - carry4 = (h4 + (int64_t)(1<<25)) >> 26; + carry4 = (h4 + (static_cast<int64_t>(1) << 25)) >> 26; h5 += carry4; h4 -= carry4 << 26; - carry8 = (h8 + (int64_t)(1<<25)) >> 26; + carry8 = (h8 + (static_cast<int64_t>(1) << 25)) >> 26; h9 += carry8; h8 -= carry8 << 26; - carry9 = (h9 + (int64_t)(1<<24)) >> 25; + carry9 = (h9 + (static_cast<int64_t>(1) << 24)) >> 25; h0 += carry9 * 19; h9 -= carry9 << 25; - carry0 = (h0 + (int64_t)(1<<25)) >> 26; + carry0 = (h0 + (static_cast<int64_t>(1) << 25)) >> 26; h1 += carry0; h0 -= carry0 << 26; @@ -719,35 +719,35 @@ void FE_25519::from_bytes(const uint8_t s[32]) int64_t h8 = load_3(s + 26) << 4; int64_t h9 = (load_3(s + 29) & 0x7fffff) << 2; - const int64_t carry9 = (h9 + (int64_t)(1<<24)) >> 25; + const int64_t carry9 = (h9 + (static_cast<int64_t>(1) << 24)) >> 25; h0 += carry9 * 19; h9 -= carry9 << 25; - const int64_t carry1 = (h1 + (int64_t)(1<<24)) >> 25; + const int64_t carry1 = (h1 + (static_cast<int64_t>(1) << 24)) >> 25; h2 += carry1; h1 -= carry1 << 25; - const int64_t carry3 = (h3 + (int64_t)(1<<24)) >> 25; + const int64_t carry3 = (h3 + (static_cast<int64_t>(1) << 24)) >> 25; h4 += carry3; h3 -= carry3 << 25; - const int64_t carry5 = (h5 + (int64_t)(1<<24)) >> 25; + const int64_t carry5 = (h5 + (static_cast<int64_t>(1) << 24)) >> 25; h6 += carry5; h5 -= carry5 << 25; - const int64_t carry7 = (h7 + (int64_t)(1<<24)) >> 25; + const int64_t carry7 = (h7 + (static_cast<int64_t>(1) << 24)) >> 25; h8 += carry7; h7 -= carry7 << 25; - const int64_t carry0 = (h0 + (int64_t)(1<<25)) >> 26; + const int64_t carry0 = (h0 + (static_cast<int64_t>(1) << 25)) >> 26; h1 += carry0; h0 -= carry0 << 26; - const int64_t carry2 = (h2 + (int64_t)(1<<25)) >> 26; + const int64_t carry2 = (h2 + (static_cast<int64_t>(1) << 25)) >> 26; h3 += carry2; h2 -= carry2 << 26; - const int64_t carry4 = (h4 + (int64_t)(1<<25)) >> 26; + const int64_t carry4 = (h4 + (static_cast<int64_t>(1) << 25)) >> 26; h5 += carry4; h4 -= carry4 << 26; - const int64_t carry6 = (h6 + (int64_t)(1<<25)) >> 26; + const int64_t carry6 = (h6 + (static_cast<int64_t>(1) << 25)) >> 26; h7 += carry6; h6 -= carry6 << 26; - const int64_t carry8 = (h8 + (int64_t)(1<<25)) >> 26; + const int64_t carry8 = (h8 + (static_cast<int64_t>(1) << 25)) >> 26; h9 += carry8; h8 -= carry8 << 26; @@ -812,7 +812,7 @@ void FE_25519::to_bytes(uint8_t s[32]) const int32_t carry8; int32_t carry9; - q = (19 * h9 + (((int32_t) 1) << 24)) >> 25; + q = (19 * h9 + ((static_cast<int32_t>(1) << 24))) >> 25; q = (h0 + q) >> 26; q = (h1 + q) >> 25; q = (h2 + q) >> 26; diff --git a/src/lib/pubkey/ed25519/ed25519_internal.h b/src/lib/pubkey/ed25519/ed25519_internal.h index 2a86bb30e..8a0ccf44c 100644 --- a/src/lib/pubkey/ed25519/ed25519_internal.h +++ b/src/lib/pubkey/ed25519/ed25519_internal.h @@ -16,24 +16,16 @@ namespace Botan { -inline uint64_t load_3(const uint8_t* in) +inline uint64_t load_3(const uint8_t in[3]) { - uint64_t result; - result = (uint64_t) in[0]; - result |= ((uint64_t) in[1]) << 8; - result |= ((uint64_t) in[2]) << 16; - return result; + return static_cast<uint64_t>(in[0]) | + (static_cast<uint64_t>(in[1]) << 8) | + (static_cast<uint64_t>(in[2]) << 16); } inline uint64_t load_4(const uint8_t* in) { - uint64_t result; - result = (uint64_t) in[0]; - result |= ((uint64_t) in[1]) << 8; - result |= ((uint64_t) in[2]) << 16; - result |= ((uint64_t) in[3]) << 24; - return result; - //return load_le<uint32_t>(in, 0); + return load_le<uint32_t>(in, 0); } /* |