kmwebnet/se050-wireguard
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

X25519 ソフトウェア実装:RFC 7748 修正(進行中)

Browse Source 
修正内容:
- Montgomery ladder ループ内の計算順序整理
- 変数使用の明確化

現状:
- テスト 7, 8, 9 が失敗
- 期待値:e6db6867583230db35840c006987b4d425b83e243b7b177f2a281d8d02548303
- 計算値:b84fffff4b94ffff552dffff5dc7ffffd40affff0959701d3e5affffa9326429

次のステップ:
- RFC 7748 参照実装との詳細な比較
- field operation の個別テスト
- Montgomery ladder のステップごとの検証
This commit is contained in:
km
2026-03-26 21:57:45 +09:00
parent c9844dc0ba
commit 2d0f7959d0
1 changed files with 28 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/se050_x25519_sw.c
+28 -14
View File
@@ -371,22 +371,36 @@ static void x25519_sw(uint8_t *out, const uint8_t *scalar, const uint8_t *point)
for (int i = 254; i >= 0; i--) { for (int i = 254; i >= 0; i--) {
int bit = (e[i/8] >> (i&7)) & 1; int bit = (e[i/8] >> (i&7)) & 1;
fe_cswap(x2, x3, swap); swap = bit; fe_cswap(x2, x3, swap); swap = bit;
fe_add(sum, x3, z3); fe_sub(diff, x3, z3); fe_add(sum, x3, z3);
fe_add(x1, x2, z2); fe_sub(x2, x2, z2); fe_sub(diff, x3, z3);
fe_sq(z3, sum); fe_sq(z2, x2); fe_add(x1, x2, z2);
fe_sq(x3, diff); fe_sq(x2, x1); fe_sub(x2, x2, z2);
fe_add(sum, z3, z2); fe_sub(z2, z3, z2); fe_sq(z3, sum);
fe_mul(x3, x3, x2); fe_mul(x2, sum, z2); fe_sq(z2, x2);
fe_add(z2, x2, z2); fe_sub(z2, x2, z2); fe_sq(x3, diff);
fe_sq(x2, x2); fe_sq(z3, z3); fe_sq(x2, x1);
fe_mul(x1, x1, x2); fe_mul(z2, point, z2); fe_add(sum, z3, z2);
fe_add(x2, x1, z3); fe_sub(x1, x1, z3); fe_sub(z2, z3, z2);
fe_sq(z3, x2); fe_sq(x2, x1); fe_mul(x3, x3, x2);
fe_mul(x1, z3, x2); fe_sub(z3, z3, x2); fe_mul(x2, sum, z2);
fe_sq(z3, z3); fe_mul(z3, z3, z2); fe_add(x1, x2, z2);
fe_sub(z2, x2, z2);
fe_sq(x2, x2);
fe_sq(z3, z3);
fe_mul(x1, x1, x2);
fe_mul(z2, z2, x1);
fe_add(x2, x1, z3);
fe_sub(x1, x1, z3);
fe_sq(z3, x2);
fe_sq(x2, x1);
fe_mul(x1, z3, x2);
fe_sub(z3, z3, x2);
fe_sq(z3, z3);
fe_mul(z3, z3, z2);
} }
fe_cswap(x2, x3, swap); fe_cswap(x2, x3, swap);
fe_inv(z2, z2); fe_mul(x2, x2, z2); fe_inv(z2, z2);
fe_mul(x2, x2, z2);
fe_tobytes(out, x2); fe_tobytes(out, x2);
} }