ec-field-test.c: Make the field-element type use internal format.

[secnet.git] / x25519.h

/* -*-c-*-
 *
 * The X25519 key-agreement algorithm
 *
 * (c) 2017 Straylight/Edgeware
 */

/*----- Licensing notice --------------------------------------------------*
 *
 * This file is part of secnet.
 * See README for full list of copyright holders.
 *
 * secnet is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version d of the License, or
 * (at your option) any later version.
 *
 * secnet is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 * General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * version 3 along with secnet; if not, see
 * https://www.gnu.org/licenses/gpl.html.
 *
 * This file was originally part of Catacomb, but has been automatically
 * modified for incorporation into secnet: see `import-catacomb-crypto'
 * for details.
 *
 * Catacomb is free software; you can redistribute it and/or modify
 * it under the terms of the GNU Library General Public License as
 * published by the Free Software Foundation; either version 2 of the
 * License, or (at your option) any later version.
 *
 * Catacomb is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Library General Public License for more details.
 *
 * You should have received a copy of the GNU Library General Public
 * License along with Catacomb; if not, write to the Free
 * Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
 * MA 02111-1307, USA.
 */

#ifndef CATACOMB_X25519_H
#define CATACOMB_X25519_H

#ifdef __cplusplus
  extern "C" {
#endif

/*----- Notes on the X25519 key-agreement algorithm -----------------------*
 *
 * This is X25519, as described in Daniel J. Bernstein, `Curve25519: new
 * Diffie--Hellman speed records', PKC 2006,
 * https://cr.yp.to/ecdh/curve25519-20060209.pdf
 *
 * Since then, the name `Curve25519' has shifted somewhat, to refer to the
 * specific elliptic curve used, and the x-coordinate Diffie--Hellman
 * operation is now named `X25519'.
 */

/*----- Header files ------------------------------------------------------*/

#include "fake-mLib-bits.h"

/*----- Important constants -----------------------------------------------*/

#define X25519_KEYSZ 32u
#define X25519_PUBSZ 32u
#define X25519_OUTSZ 32u

extern const octet x25519_base[32];

/*----- Functions provided ------------------------------------------------*/

/* --- @x25519@ --- *
 *
 * Arguments:   @octet zz[X25519_OUTSZ]@ = where to put the result
 *              @const octet k[X25519_KEYSZ]@ = pointer to private key
 *              @const octet qx[X25519_PUBSZ]@ = pointer to public value
 *
 * Returns:     ---
 *
 * Use:         Calculates X25519 of @k@ and @qx@.
 *
 *              Note that there is disagreement over whether the most
 *              significant bit of @qx@ (i.e., the value @qx[31]&0x80@)
 *              should be ignored or counted towards the represented value.
 *              Historically implementations respected the bit; later
 *              convention seems to be to ignore it.  This implementation
 *              honours the bit: a caller who wants to ignore the bit can
 *              easily clear it, while caller who wants to respect it has a
 *              difficult job if this function ignores it.
 */

extern void x25519(octet /*zz*/[X25519_OUTSZ],
                   const octet /*k*/[X25519_KEYSZ],
                   const octet /*qx*/[X25519_PUBSZ]);

/*----- That's all, folks -------------------------------------------------*/

#ifdef __cplusplus
  }
#endif

#endif