1 files changed, 42 insertions, 0 deletions

diff --git a/crypto/curve25519_nss.cc b/crypto/curve25519_nss.cc
new file mode 100644
index 0000000..746356f
--- /dev/null
+++ b/crypto/curve25519_nss.cc
@@ -0,0 +1,42 @@
+// Copyright (c) 2013 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "crypto/curve25519.h"
+
+#include "crypto/secure_util.h"
+
+// Curve25519 is specified in terms of byte strings, not numbers, so all
+// implementations take and return the same sequence of bits. So the byte
+// order is implicitly specified as in, say, SHA1.
+//
+// Prototype for |curve25519_donna| function in
+// third_party/curve25519-donna/curve25519-donna.c
+extern "C" int curve25519_donna(uint8_t*, const uint8_t*, const uint8_t*);
+
+namespace crypto {
+
+namespace curve25519 {
+
+bool ScalarMult(const uint8_t* private_key,
+                const uint8_t* peer_public_key,
+                uint8_t* shared_key) {
+  curve25519_donna(shared_key, private_key, peer_public_key);
+
+  // The all-zero output results when the input is a point of small order.
+  static const uint8_t kZeros[32] = {0};
+  return !SecureMemEqual(shared_key, kZeros, 32);
+}
+
+// kBasePoint is the base point (generator) of the elliptic curve group.
+// It is little-endian version of '9' followed by 31 zeros.
+// See "Computing public keys" section of http://cr.yp.to/ecdh.html.
+static const uint8_t kBasePoint[32] = {9};
+
+void ScalarBaseMult(const uint8_t* private_key, uint8_t* public_key) {
+  curve25519_donna(public_key, private_key, kBasePoint);
+}
+
+}  // namespace curve25519
+
+}  // namespace crypto