From 023ef46b1df6fccc16ac3c1467229849249e4e75 Mon Sep 17 00:00:00 2001 From: Mike Hamburg Date: Mon, 23 Mar 2015 17:38:02 -0700 Subject: [PATCH] make dsmul for verify always take base point to simplify api --- include/decaf.h | 11 +++++------ src/decaf.c | 5 ++--- src/decaf_crypto.c | 6 ++---- src/decaf_fast.c | 7 +++---- 4 files changed, 12 insertions(+), 17 deletions(-) diff --git a/include/decaf.h b/include/decaf.h index 9ed3a53..f9a62b2 100644 --- a/include/decaf.h +++ b/include/decaf.h @@ -38,6 +38,7 @@ #define NONNULL1 __attribute__((nonnull(1))) #define NONNULL2 __attribute__((nonnull(1,2))) #define NONNULL3 __attribute__((nonnull(1,2,3))) +#define NONNULL4 __attribute__((nonnull(1,2,3,4))) #define NONNULL5 __attribute__((nonnull(1,2,3,4,5))) /* Internal word types */ @@ -407,13 +408,12 @@ void decaf_448_point_double_scalarmul ( /** * @brief Multiply two base points by two scalars: - * scaled = scalar1*base1 + scalar2*base2. + * scaled = scalar1*decaf_448_point_base + scalar2*base2. * - * Otherwise quivalent to two calls to decaf_448_point_scalarmul, but may be + * Otherwise equivalent to decaf_448_point_double_scalarmul, but may be * faster. * * @param [out] scaled The scaled point base*scalar - * @param [in] base1 A precomputed first point to be scaled. * @param [in] scalar1 A first scalar to multiply by. * @param [in] base2 A second point to be scaled. * @param [in] scalar2 A second scalar to multiply by. @@ -421,13 +421,12 @@ void decaf_448_point_double_scalarmul ( * @warning: This function takes variable time, and may leak the scalars * used. It is designed for signature verification. */ -void decaf_448_precomputed_double_scalarmul_non_secret ( +void decaf_448_base_double_scalarmul_non_secret ( decaf_448_point_t combo, - const decaf_448_precomputed_s *base1, const decaf_448_scalar_t scalar1, const decaf_448_point_t base2, const decaf_448_scalar_t scalar2 -) API_VIS NONNULL5 NOINLINE; +) API_VIS NONNULL4 NOINLINE; /** * @brief Test that a point is valid, for debugging purposes. diff --git a/src/decaf.c b/src/decaf.c index 106fa00..3209801 100644 --- a/src/decaf.c +++ b/src/decaf.c @@ -805,12 +805,11 @@ void decaf_448_precomputed_scalarmul ( decaf_448_point_scalarmul(a,b->p[0],scalar); } -void decaf_448_precomputed_double_scalarmul_non_secret ( +void decaf_448_base_double_scalarmul_non_secret ( decaf_448_point_t combo, - const decaf_448_precomputed_s *base1, const decaf_448_scalar_t scalar1, const decaf_448_point_t base2, const decaf_448_scalar_t scalar2 ) { - decaf_448_point_double_scalarmul(combo, base1->p[0], scalar1, base2, scalar2); + decaf_448_point_double_scalarmul(combo, decaf_448_point_base, scalar1, base2, scalar2); } diff --git a/src/decaf_crypto.c b/src/decaf_crypto.c index 7b16f0c..f2eea17 100644 --- a/src/decaf_crypto.c +++ b/src/decaf_crypto.c @@ -186,10 +186,8 @@ decaf_448_verify_shake ( ret &= decaf_448_point_decode(pubpoint, pub, DECAF_FALSE); ret &= decaf_448_scalar_decode(response, &sig[DECAF_448_SER_BYTES]); - decaf_448_precomputed_double_scalarmul_non_secret ( - pubpoint, - decaf_448_precomputed_base, response, - pubpoint, challenge + decaf_448_base_double_scalarmul_non_secret ( + pubpoint, response, pubpoint, challenge ); ret &= decaf_448_point_eq(pubpoint, point); diff --git a/src/decaf_fast.c b/src/decaf_fast.c index 9beecd1..e084216 100644 --- a/src/decaf_fast.c +++ b/src/decaf_fast.c @@ -1417,9 +1417,8 @@ sv prepare_wnaf_table( } } -void decaf_448_precomputed_double_scalarmul_non_secret ( +void decaf_448_base_double_scalarmul_non_secret ( decaf_448_point_t combo, - const decaf_448_precomputed_s *base1, const decaf_448_scalar_t scalar1, const decaf_448_point_t base2, const decaf_448_scalar_t scalar2 @@ -1479,9 +1478,9 @@ void decaf_448_precomputed_double_scalarmul_non_secret ( tab &= (1<<(t-1)) - 1; if (invert) { - sub_niels_from_pt(combo, base1->table[(j<<(t-1)) + tab], j==n-1 && i); + sub_niels_from_pt(combo, decaf_448_precomputed_base->table[(j<<(t-1)) + tab], j==n-1 && i); } else { - add_niels_to_pt(combo, base1->table[(j<<(t-1)) + tab], j==n-1 && i); + add_niels_to_pt(combo, decaf_448_precomputed_base->table[(j<<(t-1)) + tab], j==n-1 && i); } } }