Daiki Ueno <[email protected]> writes: > This makes it possible to share the same code for curve25519 and > curve448 primitives, which use different underlying formulas for > addition and doubling.
Makes sense. I've tried to verify using examples/ecc-benchmark that there's no performance degradation for curve25519, due to the extra indirection. > --- a/testsuite/ecc-add-test.c > +++ b/testsuite/ecc-add-test.c > @@ -1,4 +1,5 @@ > #include "testutils.h" > +#include <assert.h> > > void > test_main (void) > @@ -20,64 +21,70 @@ test_main (void) > /* Zero point has x = 0, y = 1, z = 1 */ > mpn_zero (z, 3*ecc->p.size); > z[ecc->p.size] = z[2*ecc->p.size] = 1; > - > + > + assert (ecc->add_hh == ecc_add_eh); > + assert (ecc->add_hhh == ecc_add_ehh); > + > ecc_a_to_j (ecc, g, ecc->g); > > - ecc_add_ehh (ecc, p, z, z, scratch); > + ecc->add_hhh (ecc, p, z, z, scratch); > test_ecc_mul_h (i, 0, p); I think it would be nice if the new function pointers could be used to reduce duplication in this test as well as ecc-dup-test.c. Edwards curves (curve25519, and then later curve448) should have a few additional tests (since they use "complete" formulas), involving the zero point, and add of one point to itself. But the rest of the tests could be the same for the other curves. Would you like to give it a try, or should I? Regards, /Niels -- Niels Möller. PGP-encrypted email is preferred. Keyid 368C6677. Internet email is subject to wholesale government surveillance. _______________________________________________ nettle-bugs mailing list [email protected] http://lists.lysator.liu.se/mailman/listinfo/nettle-bugs
