diff --git a/src/libsodium/crypto_scalarmult/curve25519/sandy2x/curve25519_sandy2x.c b/src/libsodium/crypto_scalarmult/curve25519/sandy2x/curve25519_sandy2x.c index 74207591..d653b21f 100644 --- a/src/libsodium/crypto_scalarmult/curve25519/sandy2x/curve25519_sandy2x.c +++ b/src/libsodium/crypto_scalarmult/curve25519/sandy2x/curve25519_sandy2x.c @@ -24,42 +24,42 @@ static int crypto_scalarmult_curve25519_sandy2x(unsigned char *q, const unsigned char *n, const unsigned char *p) { - unsigned char t[32]; - fe var[3]; - fe51 x_51; - fe51 z_51; - unsigned int i; + unsigned char t[32]; + fe var[3]; + fe51 x_51; + fe51 z_51; + unsigned int i; - for (i = 0; i < 32; i++) { - t[i] = n[i]; - } - t[0] &= 248; - t[31] &= 127; - t[31] |= 64; + for (i = 0; i < 32; i++) { + t[i] = n[i]; + } + t[0] &= 248; + t[31] &= 127; + t[31] |= 64; - fe_frombytes(x1, p); + fe_frombytes(x1, p); - ladder(var, t); + ladder(var, t); - z_51.v[0] = (z2[1] << 26) + z2[0]; - z_51.v[1] = (z2[3] << 26) + z2[2]; - z_51.v[2] = (z2[5] << 26) + z2[4]; - z_51.v[3] = (z2[7] << 26) + z2[6]; - z_51.v[4] = (z2[9] << 26) + z2[8]; + z_51.v[0] = (z2[1] << 26) + z2[0]; + z_51.v[1] = (z2[3] << 26) + z2[2]; + z_51.v[2] = (z2[5] << 26) + z2[4]; + z_51.v[3] = (z2[7] << 26) + z2[6]; + z_51.v[4] = (z2[9] << 26) + z2[8]; - x_51.v[0] = (x2[1] << 26) + x2[0]; - x_51.v[1] = (x2[3] << 26) + x2[2]; - x_51.v[2] = (x2[5] << 26) + x2[4]; - x_51.v[3] = (x2[7] << 26) + x2[6]; - x_51.v[4] = (x2[9] << 26) + x2[8]; + x_51.v[0] = (x2[1] << 26) + x2[0]; + x_51.v[1] = (x2[3] << 26) + x2[2]; + x_51.v[2] = (x2[5] << 26) + x2[4]; + x_51.v[3] = (x2[7] << 26) + x2[6]; + x_51.v[4] = (x2[9] << 26) + x2[8]; - fe51_invert(&z_51, &z_51); - fe51_mul(&x_51, &x_51, &z_51); - fe51_pack(q, &x_51); + fe51_invert(&z_51, &z_51); + fe51_mul(&x_51, &x_51, &z_51); + fe51_pack(q, &x_51); - sodium_memzero(t, sizeof t); + sodium_memzero(t, sizeof t); - return 0; + return 0; } struct crypto_scalarmult_curve25519_implementation diff --git a/src/libsodium/crypto_scalarmult/curve25519/sandy2x/fe_frombytes_sandy2x.c b/src/libsodium/crypto_scalarmult/curve25519/sandy2x/fe_frombytes_sandy2x.c index 2fe081ee..b6e687ea 100644 --- a/src/libsodium/crypto_scalarmult/curve25519/sandy2x/fe_frombytes_sandy2x.c +++ b/src/libsodium/crypto_scalarmult/curve25519/sandy2x/fe_frombytes_sandy2x.c @@ -9,70 +9,70 @@ static uint64_t load_3(const unsigned char *in) { - uint64_t result; - result = (uint64_t) in[0]; - result |= ((uint64_t) in[1]) << 8; - result |= ((uint64_t) in[2]) << 16; - return result; + uint64_t result; + result = (uint64_t) in[0]; + result |= ((uint64_t) in[1]) << 8; + result |= ((uint64_t) in[2]) << 16; + return result; } static uint64_t load_4(const unsigned char *in) { - uint64_t result; - result = (uint64_t) in[0]; - result |= ((uint64_t) in[1]) << 8; - result |= ((uint64_t) in[2]) << 16; - result |= ((uint64_t) in[3]) << 24; - return result; + uint64_t result; + result = (uint64_t) in[0]; + result |= ((uint64_t) in[1]) << 8; + result |= ((uint64_t) in[2]) << 16; + result |= ((uint64_t) in[3]) << 24; + return result; } void fe_frombytes(fe h, const unsigned char *s) { - uint64_t h0 = load_4(s); - uint64_t h1 = load_3(s + 4) << 6; - uint64_t h2 = load_3(s + 7) << 5; - uint64_t h3 = load_3(s + 10) << 3; - uint64_t h4 = load_3(s + 13) << 2; - uint64_t h5 = load_4(s + 16); - uint64_t h6 = load_3(s + 20) << 7; - uint64_t h7 = load_3(s + 23) << 5; - uint64_t h8 = load_3(s + 26) << 4; - uint64_t h9 = (load_3(s + 29) & 8388607) << 2; - uint64_t carry0; - uint64_t carry1; - uint64_t carry2; - uint64_t carry3; - uint64_t carry4; - uint64_t carry5; - uint64_t carry6; - uint64_t carry7; - uint64_t carry8; - uint64_t carry9; + uint64_t h0 = load_4(s); + uint64_t h1 = load_3(s + 4) << 6; + uint64_t h2 = load_3(s + 7) << 5; + uint64_t h3 = load_3(s + 10) << 3; + uint64_t h4 = load_3(s + 13) << 2; + uint64_t h5 = load_4(s + 16); + uint64_t h6 = load_3(s + 20) << 7; + uint64_t h7 = load_3(s + 23) << 5; + uint64_t h8 = load_3(s + 26) << 4; + uint64_t h9 = (load_3(s + 29) & 8388607) << 2; + uint64_t carry0; + uint64_t carry1; + uint64_t carry2; + uint64_t carry3; + uint64_t carry4; + uint64_t carry5; + uint64_t carry6; + uint64_t carry7; + uint64_t carry8; + uint64_t carry9; - carry9 = h9 >> 25; h0 += carry9 * 19; h9 &= 0x1FFFFFF; - carry1 = h1 >> 25; h2 += carry1; h1 &= 0x1FFFFFF; - carry3 = h3 >> 25; h4 += carry3; h3 &= 0x1FFFFFF; - carry5 = h5 >> 25; h6 += carry5; h5 &= 0x1FFFFFF; - carry7 = h7 >> 25; h8 += carry7; h7 &= 0x1FFFFFF; + carry9 = h9 >> 25; h0 += carry9 * 19; h9 &= 0x1FFFFFF; + carry1 = h1 >> 25; h2 += carry1; h1 &= 0x1FFFFFF; + carry3 = h3 >> 25; h4 += carry3; h3 &= 0x1FFFFFF; + carry5 = h5 >> 25; h6 += carry5; h5 &= 0x1FFFFFF; + carry7 = h7 >> 25; h8 += carry7; h7 &= 0x1FFFFFF; - carry0 = h0 >> 26; h1 += carry0; h0 &= 0x3FFFFFF; - carry2 = h2 >> 26; h3 += carry2; h2 &= 0x3FFFFFF; - carry4 = h4 >> 26; h5 += carry4; h4 &= 0x3FFFFFF; - carry6 = h6 >> 26; h7 += carry6; h6 &= 0x3FFFFFF; - carry8 = h8 >> 26; h9 += carry8; h8 &= 0x3FFFFFF; + carry0 = h0 >> 26; h1 += carry0; h0 &= 0x3FFFFFF; + carry2 = h2 >> 26; h3 += carry2; h2 &= 0x3FFFFFF; + carry4 = h4 >> 26; h5 += carry4; h4 &= 0x3FFFFFF; + carry6 = h6 >> 26; h7 += carry6; h6 &= 0x3FFFFFF; + carry8 = h8 >> 26; h9 += carry8; h8 &= 0x3FFFFFF; - h[0] = h0; - h[1] = h1; - h[2] = h2; - h[3] = h3; - h[4] = h4; - h[5] = h5; - h[6] = h6; - h[7] = h7; - h[8] = h8; - h[9] = h9; + h[0] = h0; + h[1] = h1; + h[2] = h2; + h[3] = h3; + h[4] = h4; + h[5] = h5; + h[6] = h6; + h[7] = h7; + h[8] = h8; + h[9] = h9; } #endif