5 files changed, 44 insertions, 23 deletions

diff --git a/cipher/ecc-curves.c b/cipher/ecc-curves.c
index a4bce67e..9016ec69 100644
--- a/cipher/ecc-curves.c
+++ b/cipher/ecc-curves.c
@@ -107,7 +107,7 @@ static const ecc_domain_parms_t domain_parms[] =
     {
       /* (-x^2 + y^2 = 1 + dx^2y^2) */
       "Ed25519", 256, 0,
-      MPI_EC_TWISTEDEDWARDS, ECC_DIALECT_ED25519,
+      MPI_EC_EDWARDS, ECC_DIALECT_ED25519,
       "0x7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFED",
       "-0x01",
       "-0x2DFC9311D490018C7338BF8688861767FF8FF5B2BEBE27548A14B235ECA6874A",
@@ -115,6 +115,22 @@ static const ecc_domain_parms_t domain_parms[] =
       "0x216936D3CD6E53FEC0A4E231FDD6DC5C692CC7609525A7B2C9562D608F25D51A",
       "0x6666666666666666666666666666666666666666666666666666666666666658"
     },
+#if 0 /* No real specs yet found.  */
+    {
+      /* x^2 + y^2 = 1 + 3617x^2y^2 mod 2^414 - 17 */
+      "Curve3617",
+      "0x3FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
+      "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEF",
+      MPI_EC_EDWARDS, 0,
+      "0x01",
+      "0x0e21",
+      "0x07FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEB3CC92414CF"
+      "706022B36F1C0338AD63CF181B0E71A5E106AF79",
+      "0x1A334905141443300218C0631C326E5FCD46369F44C03EC7F57FF35498A4AB4D"
+      "6D6BA111301A73FAA8537C64C4FD3812F3CBC595",
+      "0x22"
+    },
+#endif /*0*/
     {
       "NIST P-192", 192, 1,
       MPI_EC_WEIERSTRASS, ECC_DIALECT_STANDARD,
@@ -417,7 +433,7 @@ _gcry_ecc_fill_in_curve (unsigned int nbits, const char *name,
   switch (domain_parms[idx].model)
     {
     case MPI_EC_WEIERSTRASS:
-    case MPI_EC_TWISTEDEDWARDS:
+    case MPI_EC_EDWARDS:
       break;
     case MPI_EC_MONTGOMERY:
       return GPG_ERR_NOT_SUPPORTED;
@@ -1038,7 +1054,7 @@ _gcry_ecc_get_mpi (const char *name, mpi_ec_t ec, int copy)
       if (name[1] != '@')
         return _gcry_mpi_ec_ec2os (ec->Q, ec);
 
-      if (!strcmp (name+2, "eddsa") && ec->model == MPI_EC_TWISTEDEDWARDS)
+      if (!strcmp (name+2, "eddsa") && ec->model == MPI_EC_EDWARDS)
         {
           unsigned char *encpk;
           unsigned int encpklen;
diff --git a/cipher/ecc-misc.c b/cipher/ecc-misc.c
index 7b750c01..3f284fe2 100644
--- a/cipher/ecc-misc.c
+++ b/cipher/ecc-misc.c
@@ -79,7 +79,7 @@ _gcry_ecc_model2str (enum gcry_mpi_ec_models model)
     {
     case MPI_EC_WEIERSTRASS:    str = "Weierstrass"; break;
     case MPI_EC_MONTGOMERY:     str = "Montgomery";  break;
-    case MPI_EC_TWISTEDEDWARDS: str = "Twisted Edwards"; break;
+    case MPI_EC_EDWARDS:        str = "Edwards"; break;
     }
   return str;
 }
@@ -252,7 +252,7 @@ _gcry_ecc_compute_public (mpi_point_t Q, mpi_ec_t ec,
 
   if (!d || !G || !ec->p || !ec->a)
     return NULL;
-  if (ec->model == MPI_EC_TWISTEDEDWARDS && !ec->b)
+  if (ec->model == MPI_EC_EDWARDS && !ec->b)
     return NULL;
 
   if (ec->dialect == ECC_DIALECT_ED25519
diff --git a/cipher/ecc.c b/cipher/ecc.c
index 06bfb476..0e5776cc 100644
--- a/cipher/ecc.c
+++ b/cipher/ecc.c
@@ -643,7 +643,7 @@ ecc_check_secret_key (gcry_sexp_t keyparms)
   if (!curvename)
     {
       sk.E.model = ((flags & PUBKEY_FLAG_EDDSA)
-               ? MPI_EC_TWISTEDEDWARDS
+               ? MPI_EC_EDWARDS
                : MPI_EC_WEIERSTRASS);
       sk.E.dialect = ((flags & PUBKEY_FLAG_EDDSA)
                       ? ECC_DIALECT_ED25519
@@ -775,7 +775,7 @@ ecc_sign (gcry_sexp_t *r_sig, gcry_sexp_t s_data, gcry_sexp_t keyparms)
   if (!curvename)
     {
       sk.E.model = ((ctx.flags & PUBKEY_FLAG_EDDSA)
-                    ? MPI_EC_TWISTEDEDWARDS
+                    ? MPI_EC_EDWARDS
                     : MPI_EC_WEIERSTRASS);
       sk.E.dialect = ((ctx.flags & PUBKEY_FLAG_EDDSA)
                       ? ECC_DIALECT_ED25519
@@ -939,7 +939,7 @@ ecc_verify (gcry_sexp_t s_sig, gcry_sexp_t s_data, gcry_sexp_t s_keyparms)
   if (!curvename)
     {
       pk.E.model = ((sigflags & PUBKEY_FLAG_EDDSA)
-                    ? MPI_EC_TWISTEDEDWARDS
+                    ? MPI_EC_EDWARDS
                     : MPI_EC_WEIERSTRASS);
       pk.E.dialect = ((sigflags & PUBKEY_FLAG_EDDSA)
                       ? ECC_DIALECT_ED25519
@@ -1529,7 +1529,7 @@ compute_keygrip (gcry_md_hd_t md, gcry_sexp_t keyparms)
   if (!curvename)
     {
       model = ((flags & PUBKEY_FLAG_EDDSA)
-               ? MPI_EC_TWISTEDEDWARDS
+               ? MPI_EC_EDWARDS
                : MPI_EC_WEIERSTRASS);
       dialect = ((flags & PUBKEY_FLAG_EDDSA)
                  ? ECC_DIALECT_ED25519
diff --git a/mpi/ec.c b/mpi/ec.c
index 168076f4..9e007cd9 100644
--- a/mpi/ec.c
+++ b/mpi/ec.c
@@ -605,7 +605,7 @@ _gcry_mpi_ec_get_affine (gcry_mpi_t x, gcry_mpi_t y, mpi_point_t point,
       }
       return -1;
 
-    case MPI_EC_TWISTEDEDWARDS:
+    case MPI_EC_EDWARDS:
       {
         gcry_mpi_t z;
 
@@ -725,7 +725,7 @@ dup_point_montgomery (mpi_point_t result, mpi_point_t point, mpi_ec_t ctx)
 
 /*  RESULT = 2 * POINT  (Twisted Edwards version). */
 static void
-dup_point_twistededwards (mpi_point_t result, mpi_point_t point, mpi_ec_t ctx)
+dup_point_edwards (mpi_point_t result, mpi_point_t point, mpi_ec_t ctx)
 {
 #define X1 (point->x)
 #define Y1 (point->y)
@@ -811,8 +811,8 @@ _gcry_mpi_ec_dup_point (mpi_point_t result, mpi_point_t point, mpi_ec_t ctx)
     case MPI_EC_MONTGOMERY:
       dup_point_montgomery (result, point, ctx);
       break;
-    case MPI_EC_TWISTEDEDWARDS:
-      dup_point_twistededwards (result, point, ctx);
+    case MPI_EC_EDWARDS:
+      dup_point_edwards (result, point, ctx);
       break;
     }
 }
@@ -977,9 +977,9 @@ add_points_montgomery (mpi_point_t result,
 
 /* RESULT = P1 + P2  (Twisted Edwards version).*/
 static void
-add_points_twistededwards (mpi_point_t result,
-                           mpi_point_t p1, mpi_point_t p2,
-                           mpi_ec_t ctx)
+add_points_edwards (mpi_point_t result,
+                    mpi_point_t p1, mpi_point_t p2,
+                    mpi_ec_t ctx)
 {
 #define X1 (p1->x)
 #define Y1 (p1->y)
@@ -1087,8 +1087,8 @@ _gcry_mpi_ec_add_points (mpi_point_t result,
     case MPI_EC_MONTGOMERY:
       add_points_montgomery (result, p1, p2, ctx);
       break;
-    case MPI_EC_TWISTEDEDWARDS:
-      add_points_twistededwards (result, p1, p2, ctx);
+    case MPI_EC_EDWARDS:
+      add_points_edwards (result, p1, p2, ctx);
       break;
     }
 }
@@ -1106,7 +1106,7 @@ _gcry_mpi_ec_mul_point (mpi_point_t result,
   unsigned int i, loops;
   mpi_point_struct p1, p2, p1inv;
 
-  if (ctx->model == MPI_EC_TWISTEDEDWARDS)
+  if (ctx->model == MPI_EC_EDWARDS)
     {
       /* Simple left to right binary method.  GECC Algorithm 3.27 */
       unsigned int nbits;
@@ -1269,7 +1269,7 @@ _gcry_mpi_ec_curve_point (gcry_mpi_point_t point, mpi_ec_t ctx)
       log_fatal ("%s: %s not yet supported\n",
                  "_gcry_mpi_ec_curve_point", "Montgomery");
       break;
-    case MPI_EC_TWISTEDEDWARDS:
+    case MPI_EC_EDWARDS:
       {
         /* a · x^2 + y^2 - 1 - b · x^2 · y^2 == 0 */
         ec_pow2 (x, x, ctx);
diff --git a/src/mpi.h b/src/mpi.h
index 7a57b9a6..eb0730ee 100644
--- a/src/mpi.h
+++ b/src/mpi.h
@@ -239,13 +239,18 @@ void _gcry_mpi_snatch_point (gcry_mpi_t x, gcry_mpi_t y, gcry_mpi_t z,
 /* Models describing an elliptic curve.  */
 enum gcry_mpi_ec_models
   {
-
+    /* The Short Weierstrass equation is
+          y^2 = x^3 + ax + b
+     */
     MPI_EC_WEIERSTRASS = 0,
+    /* The Montgomery equation is
+          by^2 = x^3 + ax^2 + x
+     */
     MPI_EC_MONTGOMERY,
-    MPI_EC_TWISTEDEDWARDS
-    /* The equation for Twisted Edwards curves is
+    /* The Twisted Edwards equation is
           ax^2 + y^2 = 1 + bx^2y^2
        Note that we use 'b' instead of the commonly used 'd'.  */
+    MPI_EC_EDWARDS
   };
 
 /* Dialects used with elliptic curves.  It is easier to keep the