Line data    Source code

       1             : #include <stdint.h>
       2             : #include <s2n-bignum.h>
       3             : 
       4             : #ifndef __ADX__
       5       69148 : #define curve25519_x25519_byte      curve25519_x25519_byte_alt
       6       62336 : #define curve25519_x25519base_byte  curve25519_x25519base_byte_alt
       7             : #endif
       8             : 
       9             : /* s2n-bignum implementation of X25519.  curve25519_x25519_byte and
      10             :    curve25519_x25519base_byte are formally-verified hand-written
      11             :    x86-64/AArch64 assembly routines from
      12             :    https://github.com/awslabs/s2n-bignum (Apache-2.0 / ISC / MIT-0).
      13             :    They implement RFC 7748 §5 including scalar clamping and
      14             :    u-coordinate MSB masking internally. */
      15             : 
      16             : uchar * FD_FN_SENSITIVE
      17             : fd_x25519_public( uchar       self_public_key [ 32 ],
      18       93504 :                   uchar const self_private_key[ 32 ] ) {
      19       93504 :   curve25519_x25519base_byte( self_public_key, self_private_key );
      20       93504 :   return self_public_key;
      21       93504 : }
      22             : 
      23             : uchar * FD_FN_SENSITIVE
      24             : fd_x25519_exchange( uchar       shared_secret   [ 32 ],
      25             :                     uchar const self_private_key[ 32 ],
      26      103722 :                     uchar const peer_public_key [ 32 ] ) {
      27      103722 :   curve25519_x25519_byte( shared_secret, self_private_key, peer_public_key );
      28             : 
      29             :   /* Reject low order points */
      30      103722 :   if( FD_UNLIKELY( fd_x25519_is_zero_const_time( shared_secret ) ) ) {
      31          93 :     return NULL;
      32          93 :   }
      33             : 
      34      103629 :   return shared_secret;
      35      103722 : }