jmg
/
ed448goldilocks
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Browse Source

gmp-style foo_t[1] for points too

master
Michael Hamburg 10 years ago
parent
0a4593edda
commit
1f1836de12
17 changed files with 428 additions and 427 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +4
    -4
      src/crandom.c
  2. +62
    -62
      src/ec_point.c
  3. +64
    -64
      src/goldilocks.c
  4. +5
    -4
      src/include/crandom.h
  5. +99
    -99
      src/include/ec_point.h
  6. +1
    -1
      src/include/magic.h
  7. +14
    -14
      src/include/scalarmul.h
  8. +5
    -5
      src/include/sha512.h
  9. +2
    -2
      src/p448/magic.c
  10. +2
    -2
      src/p480/magic.c
  11. +2
    -2
      src/p521/magic.c
  12. +149
    -149
      src/scalarmul.c
  13. +4
    -4
      src/sha512.c
  14. +5
    -5
      test/bench.c
  15. +2
    -2
      test/test_pointops.c
  16. +2
    -2
      test/test_scalarmul.c
  17. +6
    -6
      test/test_sha512.c

+ 4
- 4
src/crandom.c View File

@@ -301,7 +301,7 @@ crandom_chacha_expand(u_int64_t iv,

int
crandom_init_from_file(
struct crandom_state_t *state,
crandom_state_a_t state,
const char *filename,
int reseed_interval,
int reseeds_mandatory
@@ -338,7 +338,7 @@ crandom_init_from_file(

void
crandom_init_from_buffer(
struct crandom_state_t *state,
crandom_state_a_t state,
const char initial_seed[32]
) {
memcpy(state->seed, initial_seed, 32);
@@ -350,7 +350,7 @@ crandom_init_from_buffer(

int
crandom_generate(
struct crandom_state_t *state,
crandom_state_a_t state,
unsigned char *output,
unsigned long long length
) {
@@ -475,7 +475,7 @@ crandom_generate(

void
crandom_destroy(
struct crandom_state_t *state
crandom_state_a_t state
) {
if (state->magic == CRANDOM_MAGIC && state->randomfd) {
(void) close(state->randomfd);


+ 62
- 62
src/ec_point.c View File

@@ -14,8 +14,8 @@

void
add_tw_niels_to_tw_extensible (
struct tw_extensible_t* d,
const struct tw_niels_t* e
tw_extensible_a_t d,
const tw_niels_a_t e
) {
ANALYZE_THIS_ROUTINE_CAREFULLY;
field_a_t L0, L1;
@@ -36,8 +36,8 @@ add_tw_niels_to_tw_extensible (

void
sub_tw_niels_from_tw_extensible (
struct tw_extensible_t* d,
const struct tw_niels_t* e
tw_extensible_a_t d,
const tw_niels_a_t e
) {
ANALYZE_THIS_ROUTINE_CAREFULLY;
field_a_t L0, L1;
@@ -58,29 +58,29 @@ sub_tw_niels_from_tw_extensible (

void
add_tw_pniels_to_tw_extensible (
struct tw_extensible_t* e,
const struct tw_pniels_t* a
tw_extensible_a_t e,
const tw_pniels_a_t a
) {
field_a_t L0;
field_mul ( L0, e->z, a->z );
field_copy ( e->z, L0 );
add_tw_niels_to_tw_extensible( e, &a->n );
add_tw_niels_to_tw_extensible( e, a->n );
}

void
sub_tw_pniels_from_tw_extensible (
struct tw_extensible_t* e,
const struct tw_pniels_t* a
tw_extensible_a_t e,
const tw_pniels_a_t a
) {
field_a_t L0;
field_mul ( L0, e->z, a->z );
field_copy ( e->z, L0 );
sub_tw_niels_from_tw_extensible( e, &a->n );
sub_tw_niels_from_tw_extensible( e, a->n );
}

void
double_tw_extensible (
struct tw_extensible_t* a
tw_extensible_a_t a
) {
ANALYZE_THIS_ROUTINE_CAREFULLY;
field_a_t L0, L1, L2;
@@ -105,7 +105,7 @@ double_tw_extensible (

void
double_extensible (
struct extensible_t* a
extensible_a_t a
) {
ANALYZE_THIS_ROUTINE_CAREFULLY;
field_a_t L0, L1, L2;
@@ -130,8 +130,8 @@ double_extensible (

void
twist_and_double (
struct tw_extensible_t* b,
const struct extensible_t* a
tw_extensible_a_t b,
const extensible_a_t a
) {
field_a_t L0;
field_sqr ( b->x, a->x );
@@ -151,8 +151,8 @@ twist_and_double (

void
untwist_and_double (
struct extensible_t* b,
const struct tw_extensible_t* a
extensible_a_t b,
const tw_extensible_a_t a
) {
field_a_t L0;
field_sqr ( b->x, a->x );
@@ -172,20 +172,20 @@ untwist_and_double (

void
convert_tw_affine_to_tw_pniels (
struct tw_pniels_t* b,
const struct tw_affine_t* a
tw_pniels_a_t b,
const tw_affine_a_t a
) {
field_sub ( b->n.a, a->y, a->x );
field_add ( b->n.b, a->x, a->y );
field_sub ( b->n->a, a->y, a->x );
field_add ( b->n->b, a->x, a->y );
field_mul ( b->z, a->y, a->x );
field_mulw_scc_wr ( b->n.c, b->z, 2*EDWARDS_D-2 );
field_mulw_scc_wr ( b->n->c, b->z, 2*EDWARDS_D-2 );
field_set_ui( b->z, 2 );
}

void
convert_tw_affine_to_tw_extensible (
struct tw_extensible_t* b,
const struct tw_affine_t* a
tw_extensible_a_t b,
const tw_affine_a_t a
) {
field_copy ( b->x, a->x );
field_copy ( b->y, a->y );
@@ -196,8 +196,8 @@ convert_tw_affine_to_tw_extensible (

void
convert_affine_to_extensible (
struct extensible_t* b,
const struct affine_t* a
extensible_a_t b,
const affine_a_t a
) {
field_copy ( b->x, a->x );
field_copy ( b->y, a->y );
@@ -208,23 +208,23 @@ convert_affine_to_extensible (

void
convert_tw_extensible_to_tw_pniels (
struct tw_pniels_t* b,
const struct tw_extensible_t* a
tw_pniels_a_t b,
const tw_extensible_a_t a
) {
field_sub ( b->n.a, a->y, a->x );
field_add ( b->n.b, a->x, a->y );
field_sub ( b->n->a, a->y, a->x );
field_add ( b->n->b, a->x, a->y );
field_mul ( b->z, a->u, a->t );
field_mulw_scc_wr ( b->n.c, b->z, 2*EDWARDS_D-2 );
field_mulw_scc_wr ( b->n->c, b->z, 2*EDWARDS_D-2 );
field_add ( b->z, a->z, a->z );
}

void
convert_tw_pniels_to_tw_extensible (
struct tw_extensible_t* e,
const struct tw_pniels_t* d
tw_extensible_a_t e,
const tw_pniels_a_t d
) {
field_add ( e->u, d->n.b, d->n.a );
field_sub ( e->t, d->n.b, d->n.a );
field_add ( e->u, d->n->b, d->n->a );
field_sub ( e->t, d->n->b, d->n->a );
field_mul ( e->x, d->z, e->t );
field_mul ( e->y, d->z, e->u );
field_sqr ( e->z, d->z );
@@ -232,8 +232,8 @@ convert_tw_pniels_to_tw_extensible (

void
convert_tw_niels_to_tw_extensible (
struct tw_extensible_t* e,
const struct tw_niels_t* d
tw_extensible_a_t e,
const tw_niels_a_t d
) {
field_add ( e->y, d->b, d->a );
field_sub ( e->x, d->b, d->a );
@@ -244,7 +244,7 @@ convert_tw_niels_to_tw_extensible (

void
montgomery_step (
struct montgomery_t* a
montgomery_a_t a
) {
ANALYZE_THIS_ROUTINE_CAREFULLY;
field_a_t L0, L1;
@@ -272,7 +272,7 @@ montgomery_step (

void
deserialize_montgomery (
struct montgomery_t* a,
montgomery_a_t a,
const field_a_t sbz
) {
field_sqr ( a->z0, sbz );
@@ -285,7 +285,7 @@ deserialize_montgomery (
mask_t
serialize_montgomery (
field_a_t b,
const struct montgomery_t* a,
const montgomery_a_t a,
const field_a_t sbz
) {
mask_t L4, L5, L6;
@@ -332,7 +332,7 @@ serialize_montgomery (
void
serialize_extensible (
field_a_t b,
const struct extensible_t* a
const extensible_a_t a
) {
field_a_t L0, L1, L2;
field_sub ( L0, a->y, a->z );
@@ -351,7 +351,7 @@ serialize_extensible (
void
untwist_and_double_and_serialize (
field_a_t b,
const struct tw_extensible_t* a
const tw_extensible_a_t a
) {
field_a_t L0, L1, L2, L3;
field_mul ( L3, a->y, a->x );
@@ -375,8 +375,8 @@ untwist_and_double_and_serialize (

void
twist_even (
struct tw_extensible_t* b,
const struct extensible_t* a
tw_extensible_a_t b,
const extensible_a_t a
) {
field_sqr ( b->y, a->z );
field_sqr ( b->z, a->x );
@@ -401,8 +401,8 @@ twist_even (

void
test_only_twist (
struct tw_extensible_t* b,
const struct extensible_t* a
tw_extensible_a_t b,
const extensible_a_t a
) {
field_a_t L0, L1;
field_sqr ( b->u, a->z );
@@ -436,7 +436,7 @@ test_only_twist (

mask_t
is_even_pt (
const struct extensible_t* a
const extensible_a_t a
) {
field_a_t L0, L1, L2;
field_sqr ( L2, a->z );
@@ -447,7 +447,7 @@ is_even_pt (

mask_t
is_even_tw (
const struct tw_extensible_t* a
const tw_extensible_a_t a
) {
field_a_t L0, L1, L2;
field_sqr ( L2, a->z );
@@ -458,7 +458,7 @@ is_even_tw (

mask_t
deserialize_affine (
struct affine_t* a,
affine_a_t a,
const field_a_t sz
) {
field_a_t L0, L1, L2, L3;
@@ -492,7 +492,7 @@ deserialize_affine (

mask_t
deserialize_and_twist_approx (
struct tw_extensible_t* a,
tw_extensible_a_t a,
const field_a_t sz
) {
field_a_t L0, L1;
@@ -537,7 +537,7 @@ deserialize_and_twist_approx (

void
set_identity_extensible (
struct extensible_t* a
extensible_a_t a
) {
field_set_ui( a->x, 0 );
field_set_ui( a->y, 1 );
@@ -548,7 +548,7 @@ set_identity_extensible (

void
set_identity_tw_extensible (
struct tw_extensible_t* a
tw_extensible_a_t a
) {
field_set_ui( a->x, 0 );
field_set_ui( a->y, 1 );
@@ -559,7 +559,7 @@ set_identity_tw_extensible (

void
set_identity_affine (
struct affine_t* a
affine_a_t a
) {
field_set_ui( a->x, 0 );
field_set_ui( a->y, 1 );
@@ -567,8 +567,8 @@ set_identity_affine (

mask_t
eq_affine (
const struct affine_t* a,
const struct affine_t* b
const affine_a_t a,
const affine_a_t b
) {
mask_t L1, L2;
field_a_t L0;
@@ -581,8 +581,8 @@ eq_affine (

mask_t
eq_extensible (
const struct extensible_t* a,
const struct extensible_t* b
const extensible_a_t a,
const extensible_a_t b
) {
mask_t L3, L4;
field_a_t L0, L1, L2;
@@ -599,8 +599,8 @@ eq_extensible (

mask_t
eq_tw_extensible (
const struct tw_extensible_t* a,
const struct tw_extensible_t* b
const tw_extensible_a_t a,
const tw_extensible_a_t b
) {
mask_t L3, L4;
field_a_t L0, L1, L2;
@@ -617,7 +617,7 @@ eq_tw_extensible (

void
elligator_2s_inject (
struct affine_t* a,
affine_a_t a,
const field_a_t r
) {
field_a_t L2, L3, L4, L5, L6, L7, L8;
@@ -676,7 +676,7 @@ elligator_2s_inject (

mask_t
validate_affine (
const struct affine_t* a
const affine_a_t a
) {
field_a_t L0, L1, L2, L3;
field_sqr ( L0, a->y );
@@ -691,7 +691,7 @@ validate_affine (

mask_t
validate_tw_extensible (
const struct tw_extensible_t* ext
const tw_extensible_a_t ext
) {
mask_t L4, L5;
field_a_t L0, L1, L2, L3;
@@ -728,7 +728,7 @@ validate_tw_extensible (

mask_t
validate_extensible (
const struct extensible_t* ext
const extensible_a_t ext
) {
mask_t L4, L5;
field_a_t L0, L1, L2, L3;


+ 64
- 64
src/goldilocks.c View File

@@ -41,7 +41,7 @@
#else
#define FIELD_HASH_BYTES (SHA512_OUTPUT_BYTES * ((FIELD_BYTES-1)/SHA512_OUTPUT_BYTES + 1))
static inline void field_hash_final (
struct sha512_ctx_t *ctx,
sha512_ctx_a_t *ctx,
unsigned char out[FIELD_HASH_BYTES]
) {
/* SHA PRNG I guess? I really should have used SHAKE */
@@ -67,19 +67,19 @@ struct goldilocks_precomputed_public_key_t {

/* FUTURE: auto. */
static struct {
const char * volatile state;
const char * volatile status;
#if GOLDILOCKS_USE_PTHREAD
pthread_mutex_t mutex;
#endif
struct tw_niels_t combs[COMB_N << (COMB_T-1)];
tw_niels_a_t combs[COMB_N << (COMB_T-1)];
struct fixed_base_table_t fixed_base;
struct tw_niels_t wnafs[1<<WNAF_PRECMP_BITS];
struct crandom_state_t rand;
tw_niels_a_t wnafs[1<<WNAF_PRECMP_BITS];
crandom_state_a_t rand;
} goldilocks_global;

static inline mask_t
goldilocks_check_init(void) {
if (likely(goldilocks_global.state == G_INITED)) {
if (likely(goldilocks_global.status == G_INITED)) {
return MASK_SUCCESS;
} else {
return MASK_FAILURE;
@@ -88,7 +88,7 @@ goldilocks_check_init(void) {

int
goldilocks_init (void) {
const char *res = compare_and_swap(&goldilocks_global.state, NULL, G_INITING);
const char *res = compare_and_swap(&goldilocks_global.status, NULL, G_INITING);
if (res == G_INITED) return GOLDI_EALREADYINIT;
else if (res) {
return GOLDI_ECORRUPT;
@@ -99,37 +99,37 @@ goldilocks_init (void) {
if (ret) goto fail;
#endif
struct extensible_t ext;
struct tw_extensible_t text;
extensible_a_t ext;
tw_extensible_a_t text;
/* Sanity check: the base point is on the curve. */
assert(validate_affine(&goldilocks_base_point));
assert(validate_affine(goldilocks_base_point));
/* Convert it to twisted Edwards. */
convert_affine_to_extensible(&ext, &goldilocks_base_point);
twist_even(&text, &ext);
convert_affine_to_extensible(ext, goldilocks_base_point);
twist_even(text, ext);
/* Precompute the tables. */
mask_t succ;

succ = precompute_fixed_base(&goldilocks_global.fixed_base, &text,
succ = precompute_fixed_base(&goldilocks_global.fixed_base, text,
COMB_N, COMB_T, COMB_S, goldilocks_global.combs);
succ &= precompute_fixed_base_wnaf(goldilocks_global.wnafs, &text, WNAF_PRECMP_BITS);
succ &= precompute_fixed_base_wnaf(goldilocks_global.wnafs, text, WNAF_PRECMP_BITS);
int criff_res = crandom_init_from_file(&goldilocks_global.rand,
int criff_res = crandom_init_from_file(goldilocks_global.rand,
GOLDILOCKS_RANDOM_INIT_FILE,
GOLDILOCKS_RANDOM_RESEED_INTERVAL,
GOLDILOCKS_RANDOM_RESEEDS_MANDATORY);
#ifdef SUPERCOP_WONT_LET_ME_OPEN_FILES
if (criff_res == EMFILE) {
crandom_init_from_buffer(&goldilocks_global.rand, "SUPERCOP won't let me open files");
crandom_init_from_buffer(goldilocks_global.rand, "SUPERCOP won't let me open files");
criff_res = 0;
}
#endif
if (succ & !criff_res) {
if (!bool_compare_and_swap(&goldilocks_global.state, G_INITING, G_INITED)) {
if (!bool_compare_and_swap(&goldilocks_global.status, G_INITING, G_INITED)) {
abort();
}
return 0;
@@ -138,7 +138,7 @@ goldilocks_init (void) {
/* it failed! fall though... */

fail:
if (!bool_compare_and_swap(&goldilocks_global.state, G_INITING, G_FAILED)) {
if (!bool_compare_and_swap(&goldilocks_global.status, G_INITING, G_FAILED)) {
/* ok something is seriously wrong */
abort();
}
@@ -160,20 +160,20 @@ goldilocks_derive_private_key (
word_t sk[GOLDI_FIELD_WORDS];
assert(sizeof(skb) >= sizeof(sk));
struct sha512_ctx_t ctx;
struct tw_extensible_t exta;
sha512_ctx_a_t ctx;
tw_extensible_a_t exta;
field_a_t pk;
sha512_init(&ctx);
sha512_update(&ctx, (const unsigned char *)"derivepk", GOLDI_DIVERSIFY_BYTES);
sha512_update(&ctx, proto, GOLDI_SYMKEY_BYTES);
field_hash_final(&ctx, (unsigned char *)skb);
sha512_init(ctx);
sha512_update(ctx, (const unsigned char *)"derivepk", GOLDI_DIVERSIFY_BYTES);
sha512_update(ctx, proto, GOLDI_SYMKEY_BYTES);
field_hash_final(ctx, (unsigned char *)skb);

barrett_deserialize_and_reduce(sk, skb, sizeof(skb), &curve_prime_order);
barrett_serialize(privkey->opaque, sk, GOLDI_FIELD_BYTES);

scalarmul_fixed_base(&exta, sk, GOLDI_SCALAR_BITS, &goldilocks_global.fixed_base);
untwist_and_double_and_serialize(pk, &exta);
scalarmul_fixed_base(exta, sk, GOLDI_SCALAR_BITS, &goldilocks_global.fixed_base);
untwist_and_double_and_serialize(pk, exta);
field_serialize(&privkey->opaque[GOLDI_FIELD_BYTES], pk);
@@ -204,7 +204,7 @@ goldilocks_keygen (
if (ml_ret) return ml_ret;
#endif

int ret = crandom_generate(&goldilocks_global.rand, proto, sizeof(proto));
int ret = crandom_generate(goldilocks_global.rand, proto, sizeof(proto));

#if GOLDILOCKS_USE_PTHREAD
ml_ret = pthread_mutex_unlock(&goldilocks_global.mutex);
@@ -267,9 +267,9 @@ goldilocks_shared_secret_core (
#if GOLDI_IMPLEMENT_PRECOMPUTED_KEYS
if (pre) {
struct tw_extensible_t tw;
succ &= scalarmul_fixed_base(&tw, sk, GOLDI_SCALAR_BITS, &pre->table);
untwist_and_double_and_serialize(pk, &tw);
tw_extensible_a_t tw;
succ &= scalarmul_fixed_base(tw, sk, GOLDI_SCALAR_BITS, &pre->table);
untwist_and_double_and_serialize(pk, tw);
} else {
succ &= montgomery_ladder(pk,pk,sk,GOLDI_SCALAR_BITS,1);
}
@@ -282,8 +282,8 @@ goldilocks_shared_secret_core (
field_serialize(gxy,pk);
/* obliterate records of our failure by adjusting with obliteration key */
struct sha512_ctx_t ctx;
sha512_init(&ctx);
sha512_ctx_a_t ctx;
sha512_init(ctx);

#ifdef EXPERIMENT_ECDH_OBLITERATE_CT
uint8_t oblit[GOLDI_DIVERSIFY_BYTES + GOLDI_SYMKEY_BYTES];
@@ -294,21 +294,21 @@ goldilocks_shared_secret_core (
for (i=0; i<GOLDI_SYMKEY_BYTES; i++) {
oblit[GOLDI_DIVERSIFY_BYTES+i] = my_privkey->opaque[2*GOLDI_FIELD_BYTES+i] & ~(succ&msucc);
}
sha512_update(&ctx, oblit, sizeof(oblit));
sha512_update(ctx, oblit, sizeof(oblit));
#endif
#ifdef EXPERIMENT_ECDH_STIR_IN_PUBKEYS
/* stir in the sum and product of the pubkeys. */
uint8_t a_pk[GOLDI_FIELD_BYTES];
field_serialize(a_pk, sum);
sha512_update(&ctx, a_pk, GOLDI_FIELD_BYTES);
sha512_update(ctx, a_pk, GOLDI_FIELD_BYTES);
field_serialize(a_pk, prod);
sha512_update(&ctx, a_pk, GOLDI_FIELD_BYTES);
sha512_update(ctx, a_pk, GOLDI_FIELD_BYTES);
#endif
/* stir in the shared key and finish */
sha512_update(&ctx, gxy, GOLDI_FIELD_BYTES);
sha512_final(&ctx, shared);
sha512_update(ctx, gxy, GOLDI_FIELD_BYTES);
sha512_final(ctx, shared);
return (GOLDI_ECORRUPT & ~msucc)
| (GOLDI_EINVAL & msucc &~ succ)
@@ -340,12 +340,12 @@ goldilocks_derive_challenge(
) {
/* challenge = H(pk, [nonceG], message). */
unsigned char sha_out[FIELD_HASH_BYTES];
struct sha512_ctx_t ctx;
sha512_init(&ctx);
sha512_update(&ctx, pubkey, GOLDI_FIELD_BYTES);
sha512_update(&ctx, gnonce, GOLDI_FIELD_BYTES);
sha512_update(&ctx, message, message_len);
field_hash_final(&ctx, sha_out);
sha512_ctx_a_t ctx;
sha512_init(ctx);
sha512_update(ctx, pubkey, GOLDI_FIELD_BYTES);
sha512_update(ctx, gnonce, GOLDI_FIELD_BYTES);
sha512_update(ctx, message, message_len);
field_hash_final(ctx, sha_out);
barrett_deserialize_and_reduce(challenge, sha_out, sizeof(sha_out), &curve_prime_order);
}

@@ -371,22 +371,22 @@ goldilocks_sign (
/* Derive a nonce. TODO: use HMAC. FUTURE: factor. */
unsigned char sha_out[FIELD_HASH_BYTES];
word_t tk[GOLDI_FIELD_WORDS];
struct sha512_ctx_t ctx;
sha512_init(&ctx);
sha512_update(&ctx, (const unsigned char *)"signonce", 8);
sha512_update(&ctx, &privkey->opaque[2*GOLDI_FIELD_BYTES], GOLDI_SYMKEY_BYTES);
sha512_update(&ctx, message, message_len);
sha512_update(&ctx, &privkey->opaque[2*GOLDI_FIELD_BYTES], GOLDI_SYMKEY_BYTES);
field_hash_final(&ctx, sha_out);
sha512_ctx_a_t ctx;
sha512_init(ctx);
sha512_update(ctx, (const unsigned char *)"signonce", 8);
sha512_update(ctx, &privkey->opaque[2*GOLDI_FIELD_BYTES], GOLDI_SYMKEY_BYTES);
sha512_update(ctx, message, message_len);
sha512_update(ctx, &privkey->opaque[2*GOLDI_FIELD_BYTES], GOLDI_SYMKEY_BYTES);
field_hash_final(ctx, sha_out);
barrett_deserialize_and_reduce(tk, sha_out, sizeof(sha_out), &curve_prime_order);
/* 4[nonce]G */
uint8_t signature_tmp[GOLDI_FIELD_BYTES];
struct tw_extensible_t exta;
tw_extensible_a_t exta;
field_a_t gsk;
scalarmul_fixed_base(&exta, tk, GOLDI_SCALAR_BITS, &goldilocks_global.fixed_base);
double_tw_extensible(&exta);
untwist_and_double_and_serialize(gsk, &exta);
scalarmul_fixed_base(exta, tk, GOLDI_SCALAR_BITS, &goldilocks_global.fixed_base);
double_tw_extensible(exta);
untwist_and_double_and_serialize(gsk, exta);
field_serialize(signature_tmp, gsk);
word_t challenge[GOLDI_FIELD_WORDS];
@@ -450,21 +450,21 @@ goldilocks_verify (
goldilocks_derive_challenge(challenge, pubkey->opaque, signature, message, message_len);
field_a_t eph;
struct tw_extensible_t pk_text;
tw_extensible_a_t pk_text;
/* deserialize [nonce]G */
succ = field_deserialize(eph, signature);
if (!succ) return GOLDI_EINVAL;
succ = deserialize_and_twist_approx(&pk_text, pk);
succ = deserialize_and_twist_approx(pk_text, pk);
if (!succ) return GOLDI_EINVAL;
linear_combo_var_fixed_vt( &pk_text,
linear_combo_var_fixed_vt( pk_text,
challenge, GOLDI_SCALAR_BITS,
s, GOLDI_SCALAR_BITS,
goldilocks_global.wnafs, WNAF_PRECMP_BITS );
untwist_and_double_and_serialize( pk, &pk_text );
untwist_and_double_and_serialize( pk, pk_text );

succ = field_eq(eph, pk);
return succ ? 0 : GOLDI_EINVAL;
@@ -483,7 +483,7 @@ goldilocks_precompute_public_key (
if (!precom) return NULL;
struct tw_extensible_t pk_text;
tw_extensible_a_t pk_text;
field_a_t pk;
mask_t succ = field_deserialize(pk, pub->opaque);
@@ -492,13 +492,13 @@ goldilocks_precompute_public_key (
return NULL;
}
succ = deserialize_and_twist_approx(&pk_text, pk);
succ = deserialize_and_twist_approx(pk_text, pk);
if (!succ) {
free(precom);
return NULL;
}

succ = precompute_fixed_base(&precom->table, &pk_text,
succ = precompute_fixed_base(&precom->table, pk_text,
COMB_N, COMB_T, COMB_S, NULL);
if (!succ) {
free(precom);
@@ -539,20 +539,20 @@ goldilocks_verify_precomputed (
goldilocks_derive_challenge(challenge, pubkey->pub.opaque, signature, message, message_len);
field_a_t eph, pk;
struct tw_extensible_t pk_text;
tw_extensible_a_t pk_text;
/* deserialize [nonce]G */
succ = field_deserialize(eph, signature);
if (!succ) return GOLDI_EINVAL;
succ = linear_combo_combs_vt (
&pk_text,
pk_text,
challenge, GOLDI_SCALAR_BITS, &pubkey->table,
s, GOLDI_SCALAR_BITS, &goldilocks_global.fixed_base
);
if (!succ) return GOLDI_EINVAL;
untwist_and_double_and_serialize( pk, &pk_text );
untwist_and_double_and_serialize( pk, pk_text );

succ = field_eq(eph, pk);
return succ ? 0 : GOLDI_EINVAL;


+ 5
- 4
src/include/crandom.h View File

@@ -39,6 +39,7 @@ struct crandom_state_t {
int reseeds_mandatory;
int randomfd;
} __attribute__((aligned(16))) ;
typedef struct crandom_state_t crandom_state_a_t[1];

#ifdef __cplusplus
extern "C" {
@@ -64,7 +65,7 @@ extern "C" {
*/
int
crandom_init_from_file (
struct crandom_state_t *state,
crandom_state_a_t state,
const char *filename,
int reseed_interval,
int reseeds_mandatory
@@ -87,7 +88,7 @@ crandom_init_from_file (
*/
void
crandom_init_from_buffer (
struct crandom_state_t *state,
crandom_state_a_t state,
const char initial_seed[32]
);

@@ -118,7 +119,7 @@ crandom_init_from_buffer (
*/
int
crandom_generate (
struct crandom_state_t *state,
crandom_state_a_t state,
unsigned char *output,
unsigned long long length
);
@@ -131,7 +132,7 @@ crandom_generate (
*/
void
crandom_destroy (
struct crandom_state_t *state
crandom_state_a_t state
);

#ifdef __cplusplus


+ 99
- 99
src/include/ec_point.h View File

@@ -20,23 +20,23 @@ extern "C" {
/**
* Affine point on an Edwards curve.
*/
struct affine_t {
typedef struct affine_t {
field_a_t x, y;
};
} affine_a_t[1];

/**
* Affine point on a twisted Edwards curve.
*/
struct tw_affine_t {
typedef struct tw_affine_t {
field_a_t x, y;
};
} tw_affine_a_t[1];

/**
* Montgomery buffer.
*/
struct montgomery_t {
typedef struct montgomery_t {
field_a_t z0, xd, zd, xa, za;
};
} montgomery_a_t[1];

/**
* Extensible coordinates for Edwards curves, suitable for
@@ -56,36 +56,36 @@ struct montgomery_t {
* lookahead trick. It might be worth considering that trick
* instead.
*/
struct extensible_t {
typedef struct extensible_t {
field_a_t x, y, z, t, u;
};
} extensible_a_t[1];

/**
* Extensible coordinates for twisted Edwards curves,
* suitable for accumulators.
*/
struct tw_extensible_t {
typedef struct tw_extensible_t {
field_a_t x, y, z, t, u;
};
} tw_extensible_a_t[1];

/**
* Niels coordinates for twisted Edwards curves.
*
* Good for mixed readdition; suitable for fixed tables.
*/
struct tw_niels_t {
typedef struct tw_niels_t {
field_a_t a, b, c;
};
} tw_niels_a_t[1];

/**
* Projective niels coordinates for twisted Edwards curves.
*
* Good for readdition; suitable for temporary tables.
*/
struct tw_pniels_t {
struct tw_niels_t n;
typedef struct tw_pniels_t {
tw_niels_a_t n;
field_a_t z;
};
} tw_pniels_a_t[1];


/**
@@ -93,8 +93,8 @@ struct tw_pniels_t {
*/
static __inline__ void
copy_affine (
struct affine_t* a,
const struct affine_t* ds
affine_a_t a,
const affine_a_t ds
) __attribute__((unused,always_inline));

/**
@@ -102,8 +102,8 @@ copy_affine (
*/
static __inline__ void
copy_tw_affine (
struct tw_affine_t* a,
const struct tw_affine_t* ds
tw_affine_a_t a,
const tw_affine_a_t ds
) __attribute__((unused,always_inline));

/**
@@ -111,8 +111,8 @@ copy_tw_affine (
*/
static __inline__ void
copy_montgomery (
struct montgomery_t* a,
const struct montgomery_t* ds
montgomery_a_t a,
const montgomery_a_t ds
) __attribute__((unused,always_inline));

/**
@@ -120,8 +120,8 @@ copy_montgomery (
*/
static __inline__ void
copy_extensible (
struct extensible_t* a,
const struct extensible_t* ds
extensible_a_t a,
const extensible_a_t ds
) __attribute__((unused,always_inline));

/**
@@ -129,8 +129,8 @@ copy_extensible (
*/
static __inline__ void
copy_tw_extensible (
struct tw_extensible_t* a,
const struct tw_extensible_t* ds
tw_extensible_a_t a,
const tw_extensible_a_t ds
) __attribute__((unused,always_inline));

/**
@@ -138,8 +138,8 @@ copy_tw_extensible (
*/
static __inline__ void
copy_tw_niels (
struct tw_niels_t* a,
const struct tw_niels_t* ds
tw_niels_a_t a,
const tw_niels_a_t ds
) __attribute__((unused,always_inline));

/**
@@ -147,8 +147,8 @@ copy_tw_niels (
*/
static __inline__ void
copy_tw_pniels (
struct tw_pniels_t* a,
const struct tw_pniels_t* ds
tw_pniels_a_t a,
const tw_pniels_a_t ds
) __attribute__((unused,always_inline));

/**
@@ -157,8 +157,8 @@ copy_tw_pniels (
*/
void
add_tw_niels_to_tw_extensible (
struct tw_extensible_t* d,
const struct tw_niels_t* e
tw_extensible_a_t d,
const tw_niels_a_t e
);

/**
@@ -167,8 +167,8 @@ add_tw_niels_to_tw_extensible (
*/
void
sub_tw_niels_from_tw_extensible (
struct tw_extensible_t* d,
const struct tw_niels_t* e
tw_extensible_a_t d,
const tw_niels_a_t e
);

/**
@@ -177,8 +177,8 @@ sub_tw_niels_from_tw_extensible (
*/
void
add_tw_pniels_to_tw_extensible (
struct tw_extensible_t* e,
const struct tw_pniels_t* a
tw_extensible_a_t e,
const tw_pniels_a_t a
);

/**
@@ -187,8 +187,8 @@ add_tw_pniels_to_tw_extensible (
*/
void
sub_tw_pniels_from_tw_extensible (
struct tw_extensible_t* e,
const struct tw_pniels_t* a
tw_extensible_a_t e,
const tw_pniels_a_t a
);

/**
@@ -196,7 +196,7 @@ sub_tw_pniels_from_tw_extensible (
*/
void
double_tw_extensible (
struct tw_extensible_t* a
tw_extensible_a_t a
);

/**
@@ -204,7 +204,7 @@ double_tw_extensible (
*/
void
double_extensible (
struct extensible_t* a
extensible_a_t a
);

/**
@@ -214,8 +214,8 @@ double_extensible (
*/
void
twist_and_double (
struct tw_extensible_t* b,
const struct extensible_t* a
tw_extensible_a_t b,
const extensible_a_t a
);

/**
@@ -225,61 +225,61 @@ twist_and_double (
*/
void
untwist_and_double (
struct extensible_t* b,
const struct tw_extensible_t* a
extensible_a_t b,
const tw_extensible_a_t a
);

void
convert_tw_affine_to_tw_pniels (
struct tw_pniels_t* b,
const struct tw_affine_t* a
tw_pniels_a_t b,
const tw_affine_a_t a
);

void
convert_tw_affine_to_tw_extensible (
struct tw_extensible_t* b,
const struct tw_affine_t* a
tw_extensible_a_t b,
const tw_affine_a_t a
);

void
convert_affine_to_extensible (
struct extensible_t* b,
const struct affine_t* a
extensible_a_t b,
const affine_a_t a
);

void
convert_tw_extensible_to_tw_pniels (
struct tw_pniels_t* b,
const struct tw_extensible_t* a
tw_pniels_a_t b,
const tw_extensible_a_t a
);

void
convert_tw_pniels_to_tw_extensible (
struct tw_extensible_t* e,
const struct tw_pniels_t* d
tw_extensible_a_t e,
const tw_pniels_a_t d
);

void
convert_tw_niels_to_tw_extensible (
struct tw_extensible_t* e,
const struct tw_niels_t* d
tw_extensible_a_t e,
const tw_niels_a_t d
);

void
montgomery_step (
struct montgomery_t* a
montgomery_a_t a
);

void
deserialize_montgomery (
struct montgomery_t* a,
montgomery_a_t a,
const field_a_t sbz
);

mask_t
serialize_montgomery (
field_a_t b,
const struct montgomery_t* a,
const montgomery_a_t a,
const field_a_t sbz
);

@@ -297,7 +297,7 @@ serialize_montgomery (
void
serialize_extensible (
field_a_t b,
const struct extensible_t* a
const extensible_a_t a
);

/**
@@ -306,7 +306,7 @@ serialize_extensible (
void
untwist_and_double_and_serialize (
field_a_t b,
const struct tw_extensible_t* a
const tw_extensible_a_t a
);

/**
@@ -320,8 +320,8 @@ untwist_and_double_and_serialize (
*/
void
twist_even (
struct tw_extensible_t* b,
const struct extensible_t* a
tw_extensible_a_t b,
const extensible_a_t a
);

/**
@@ -339,8 +339,8 @@ twist_even (
*/
void
test_only_twist (
struct tw_extensible_t* b,
const struct extensible_t* a
tw_extensible_a_t b,
const extensible_a_t a
);

mask_t
@@ -350,12 +350,12 @@ field_is_square (

mask_t
is_even_pt (
const struct extensible_t* a
const extensible_a_t a
);

mask_t
is_even_tw (
const struct tw_extensible_t* a
const tw_extensible_a_t a
);

/**
@@ -363,7 +363,7 @@ is_even_tw (
*/
mask_t
deserialize_affine (
struct affine_t* a,
affine_a_t a,
const field_a_t sz
);

@@ -376,52 +376,52 @@ deserialize_affine (
*/
mask_t
deserialize_and_twist_approx (
struct tw_extensible_t* a,
tw_extensible_a_t a,
const field_a_t sz
);

void
set_identity_extensible (
struct extensible_t* a
extensible_a_t a
);

void
set_identity_tw_extensible (
struct tw_extensible_t* a
tw_extensible_a_t a
);

void
set_identity_affine (
struct affine_t* a
affine_a_t a
);

mask_t
eq_affine (
const struct affine_t* a,
const struct affine_t* b
const affine_a_t a,
const affine_a_t b
);

mask_t
eq_extensible (
const struct extensible_t* a,
const struct extensible_t* b
const extensible_a_t a,
const extensible_a_t b
);

mask_t
eq_tw_extensible (
const struct tw_extensible_t* a,
const struct tw_extensible_t* b
const tw_extensible_a_t a,
const tw_extensible_a_t b
);

void
elligator_2s_inject (
struct affine_t* a,
affine_a_t a,
const field_a_t r
);

mask_t
validate_affine (
const struct affine_t* a
const affine_a_t a
);

/**
@@ -431,7 +431,7 @@ validate_affine (
*/
mask_t
validate_tw_extensible (
const struct tw_extensible_t* ext
const tw_extensible_a_t ext
);

/**
@@ -441,7 +441,7 @@ validate_tw_extensible (
*/
mask_t
validate_extensible (
const struct extensible_t* ext
const extensible_a_t ext
);

/**
@@ -450,7 +450,7 @@ validate_extensible (
static __inline__ void
__attribute__((unused))
cond_negate_tw_niels (
struct tw_niels_t *n,
tw_niels_a_t n,
mask_t doNegate
) {
constant_time_cond_swap(n->a, n->b, sizeof(n->a), doNegate);
@@ -463,16 +463,16 @@ cond_negate_tw_niels (
static __inline__ void
__attribute__((unused))
cond_negate_tw_pniels (
struct tw_pniels_t *n,
tw_pniels_a_t n,
mask_t doNegate
) {
cond_negate_tw_niels(&n->n, doNegate);
cond_negate_tw_niels(n->n, doNegate);
}

void
copy_affine (
struct affine_t* a,
const struct affine_t* ds
affine_a_t a,
const affine_a_t ds
) {
field_copy ( a->x, ds->x );
field_copy ( a->y, ds->y );
@@ -480,8 +480,8 @@ copy_affine (

void
copy_tw_affine (
struct tw_affine_t* a,
const struct tw_affine_t* ds
tw_affine_a_t a,
const tw_affine_a_t ds
) {
field_copy ( a->x, ds->x );
field_copy ( a->y, ds->y );
@@ -489,8 +489,8 @@ copy_tw_affine (

void
copy_montgomery (
struct montgomery_t* a,
const struct montgomery_t* ds
montgomery_a_t a,
const montgomery_a_t ds
) {
field_copy ( a->z0, ds->z0 );
field_copy ( a->xd, ds->xd );
@@ -501,8 +501,8 @@ copy_montgomery (

void
copy_extensible (
struct extensible_t* a,
const struct extensible_t* ds
extensible_a_t a,
const extensible_a_t ds
) {
field_copy ( a->x, ds->x );
field_copy ( a->y, ds->y );
@@ -513,8 +513,8 @@ copy_extensible (

void
copy_tw_extensible (
struct tw_extensible_t* a,
const struct tw_extensible_t* ds
tw_extensible_a_t a,
const tw_extensible_a_t ds
) {
field_copy ( a->x, ds->x );
field_copy ( a->y, ds->y );
@@ -525,8 +525,8 @@ copy_tw_extensible (

void
copy_tw_niels (
struct tw_niels_t* a,
const struct tw_niels_t* ds
tw_niels_a_t a,
const tw_niels_a_t ds
) {
field_copy ( a->a, ds->a );
field_copy ( a->b, ds->b );
@@ -535,10 +535,10 @@ copy_tw_niels (

void
copy_tw_pniels (
struct tw_pniels_t* a,
const struct tw_pniels_t* ds
tw_pniels_a_t a,
const tw_pniels_a_t ds
) {
copy_tw_niels( &a->n, &ds->n );
copy_tw_niels( a->n, ds->n );
field_copy ( a->z, ds->z );
}



+ 1
- 1
src/include/magic.h View File

@@ -50,7 +50,7 @@ extern const field_a_t sqrt_d_minus_1;
/**
* @brief The base point for Goldilocks.
*/
extern const struct affine_t goldilocks_base_point;
extern const affine_a_t goldilocks_base_point;

/**
* @brief The Goldilocks prime subgroup order.


+ 14
- 14
src/include/scalarmul.h View File

@@ -30,7 +30,7 @@ typedef word_t scalar_t[SCALAR_WORDS];
*/
struct fixed_base_table_t {
/** Comb tables containing multiples of the base point. */
struct tw_niels_t *table;
tw_niels_a_t *table;
/** Adjustments to the scalar in even and odd cases, respectively. */
word_t scalar_adjustments[2*SCALAR_WORDS];
@@ -109,7 +109,7 @@ montgomery_ladder (
*/
void
scalarmul (
struct tw_extensible_t *working,
tw_extensible_a_t working,
const word_t scalar[SCALAR_WORDS]
/* TODO? int nbits */
);
@@ -130,7 +130,7 @@ scalarmul (
*/
void
scalarmul_vlook (
struct tw_extensible_t *working,
tw_extensible_a_t working,
const word_t scalar[SCALAR_WORDS]
);

@@ -161,11 +161,11 @@ scalarmul_vlook (
mask_t
precompute_fixed_base (
struct fixed_base_table_t *out,
const struct tw_extensible_t *base,
const tw_extensible_a_t base,
unsigned int n,
unsigned int t,
unsigned int s,
struct tw_niels_t *prealloc
tw_niels_a_t *prealloc
) __attribute__((warn_unused_result));

/**
@@ -197,7 +197,7 @@ destroy_fixed_base (
*/
mask_t
scalarmul_fixed_base (
struct tw_extensible_t *out,
tw_extensible_a_t out,
const word_t *scalar,
unsigned int nbits,
const struct fixed_base_table_t *table
@@ -215,7 +215,7 @@ scalarmul_fixed_base (
*/
void
scalarmul_vt (
struct tw_extensible_t *working,
tw_extensible_a_t working,
const word_t *scalar,
unsigned int nbits
);
@@ -236,8 +236,8 @@ scalarmul_vt (
*/
mask_t
precompute_fixed_base_wnaf (
struct tw_niels_t *out,
const struct tw_extensible_t *base,
tw_niels_a_t *out,
const tw_extensible_a_t base,
unsigned int tbits
) __attribute__((warn_unused_result));

@@ -256,10 +256,10 @@ precompute_fixed_base_wnaf (
*/
void
scalarmul_fixed_base_wnaf_vt (
struct tw_extensible_t *out,
tw_extensible_a_t out,
const word_t *scalar,
unsigned int nbits,
const struct tw_niels_t *precmp,
const tw_niels_a_t *precmp,
unsigned int table_bits
);

@@ -281,12 +281,12 @@ scalarmul_fixed_base_wnaf_vt (
*/
void
linear_combo_var_fixed_vt (
struct tw_extensible_t *working,
tw_extensible_a_t working,
const word_t scalar_var[SCALAR_WORDS],
unsigned int nbits_var,
const word_t scalar_pre[SCALAR_WORDS],
unsigned int nbits_pre,
const struct tw_niels_t *precmp,
const tw_niels_a_t *precmp,
unsigned int table_bits_pre
);

@@ -309,7 +309,7 @@ linear_combo_var_fixed_vt (
*/
mask_t
linear_combo_combs_vt (
struct tw_extensible_t *out,
tw_extensible_a_t out,
const word_t scalar1[SCALAR_WORDS],
unsigned int nbits1,
const struct fixed_base_table_t *table1,


+ 5
- 5
src/include/sha512.h View File

@@ -17,28 +17,28 @@ extern "C" {
*
* This structure is opaque.
*/
struct sha512_ctx_t {
typedef struct {
/** @privatesection */
uint64_t chain[8];
uint8_t block[128];
uint64_t nbytes;
};
} sha512_ctx_a_t[1];

void
sha512_init (
struct sha512_ctx_t *ctx
sha512_ctx_a_t ctx
);

void
sha512_update (
struct sha512_ctx_t *ctx,
sha512_ctx_a_t ctx,
const unsigned char *data,
uint64_t bytes
);
void
sha512_final (
struct sha512_ctx_t *ctx,
sha512_ctx_a_t ctx,
uint8_t result[SHA512_OUTPUT_BYTES]
);


+ 2
- 2
src/p448/magic.c View File

@@ -33,7 +33,7 @@ const word_t SCALARMUL_FIXED_WINDOW_ADJUSTMENT[2*SCALAR_WORDS] = {
U64LE(0x0000000000000000)
};

const struct affine_t goldilocks_base_point = {
const affine_a_t goldilocks_base_point = {{
#ifdef USE_NEON_PERM
{{{ 0xaed939f,0xc59d070,0xf0de840,0x5f065c3, 0xf4ba0c7,0xdf73324,0xc170033,0x3a6a26a,
0x4c63d96,0x4609845,0xf3932d9,0x1b4faff, 0x6147eaa,0xa2692ff,0x9cecfa9,0x297ea0e
@@ -46,7 +46,7 @@ const struct affine_t goldilocks_base_point = {
}}},
#endif
{{{ 19 }}}
};
}};

static const word_t curve_prime_order_lo[(224+WORD_BITS-1)/WORD_BITS] = {
U64LE(0xdc873d6d54a7bb0d),


+ 2
- 2
src/p480/magic.c View File

@@ -35,7 +35,7 @@ const word_t SCALARMUL_FIXED_WINDOW_ADJUSTMENT[2*SCALAR_WORDS] = {
0x00000000
};

const struct affine_t goldilocks_base_point = {
const affine_a_t goldilocks_base_point = {{
{{{
U60LE(0x849ff7f845c30d3),
U60LE(0x7dda488553a4c5b),
@@ -47,7 +47,7 @@ const struct affine_t goldilocks_base_point = {
U60LE(0x7ca42af3d564280)
}}},
{{{ 5 }}}
};
}};

static const word_t curve_prime_order_lo[(240+WORD_BITS-1)/WORD_BITS] = {
U64LE(0x72e70941cf8da597),


+ 2
- 2
src/p521/magic.c View File

@@ -38,7 +38,7 @@ const word_t SCALARMUL_FIXED_WINDOW_ADJUSTMENT[2*SCALAR_WORDS] = {
0x0
};

const struct affine_t goldilocks_base_point = {
const affine_a_t goldilocks_base_point = {{
{{{
#ifdef USE_P521_3x3_TRANSPOSE
U58LE(0x02a940a2f19ba6c),
@@ -66,7 +66,7 @@ const struct affine_t goldilocks_base_point = {
#endif
}}},
{{{ 12 }}}
};
}};

static const word_t curve_prime_order_lo[(261+WORD_BITS-1)/WORD_BITS] = {
U64LE(0xbf15dbca0ae7f295),


+ 149
- 149
src/scalarmul.c View File

@@ -21,8 +21,8 @@ montgomery_ladder (
unsigned int nbits,
unsigned int n_extra_doubles
) {
struct montgomery_t mont;
deserialize_montgomery(&mont, in);
montgomery_a_t mont;
deserialize_montgomery(mont, in);
int i,j,n=(nbits-1)%WORD_BITS;
mask_t pflip = 0;
@@ -30,29 +30,29 @@ montgomery_ladder (
word_t w = scalar[j];
for (i=n; i>=0; i--) {
mask_t flip = -((w>>i)&1);
constant_time_cond_swap(mont.xa,mont.xd,sizeof(mont.xd),flip^pflip);
constant_time_cond_swap(mont.za,mont.zd,sizeof(mont.xd),flip^pflip);
montgomery_step(&mont);
constant_time_cond_swap(mont->xa,mont->xd,sizeof(mont->xd),flip^pflip);
constant_time_cond_swap(mont->za,mont->zd,sizeof(mont->xd),flip^pflip);
montgomery_step(mont);
pflip = flip;
}
n = WORD_BITS-1;
}
constant_time_cond_swap(mont.xa,mont.xd,sizeof(mont.xd),pflip);
constant_time_cond_swap(mont.za,mont.zd,sizeof(mont.xd),pflip);
constant_time_cond_swap(mont->xa,mont->xd,sizeof(mont->xd),pflip);
constant_time_cond_swap(mont->za,mont->zd,sizeof(mont->xd),pflip);
assert(n_extra_doubles < INT_MAX);
for (j=0; j<(int)n_extra_doubles; j++) {
montgomery_step(&mont);
montgomery_step(mont);
}
return serialize_montgomery(out, &mont, in);
return serialize_montgomery(out, mont, in);
}

static __inline__ void
__attribute__((unused,always_inline))
constant_time_lookup_tw_pniels (
struct tw_pniels_t *out,
const struct tw_pniels_t *in,
tw_pniels_a_t out,
const tw_pniels_a_t *in,
int nin,
int idx
) {
@@ -62,8 +62,8 @@ constant_time_lookup_tw_pniels (
static __inline__ void
__attribute__((unused,always_inline))
constant_time_lookup_tw_niels (
struct tw_niels_t *out,
const struct tw_niels_t *in,
tw_niels_a_t out,
const tw_niels_a_t *in,
int nin,
int idx
) {
@@ -73,8 +73,8 @@ constant_time_lookup_tw_niels (
/*
static __inline__ void
constant_time_lookup_tw_pniels (
struct tw_pniels_t *out,
const struct tw_pniels_t *in,
tw_pniels_a_t out,
const tw_pniels_a_t in,
int nin,
int idx
) {
@@ -95,8 +95,8 @@ constant_time_lookup_tw_pniels (

static __inline__ void
constant_time_lookup_tw_niels (
struct tw_niels_t *out,
const struct tw_niels_t *in,
tw_niels_a_t out,
const tw_niels_a_t in,
int nin,
int idx
) {
@@ -145,7 +145,7 @@ convert_to_signed_window_form (

void
scalarmul (
struct tw_extensible_t *working,
tw_extensible_a_t working,
const word_t scalar[SCALAR_WORDS]
) {
const int WINDOW = SCALARMUL_FIXED_WINDOW_SIZE,
@@ -159,20 +159,20 @@ scalarmul (
SCALARMUL_FIXED_WINDOW_ADJUSTMENT, SCALAR_WORDS
);

struct tw_extensible_t tabulator;
copy_tw_extensible(&tabulator, working);
double_tw_extensible(&tabulator);
tw_extensible_a_t tabulator;
copy_tw_extensible(tabulator, working);
double_tw_extensible(tabulator);

struct tw_pniels_t
pn VECTOR_ALIGNED,
multiples[NTABLE] VECTOR_ALIGNED;
convert_tw_extensible_to_tw_pniels(&pn, &tabulator);
convert_tw_extensible_to_tw_pniels(&multiples[0], working);
tw_pniels_a_t
pn VECTOR_ALIGNED,
multiples[NTABLE] VECTOR_ALIGNED;
convert_tw_extensible_to_tw_pniels(pn, tabulator);
convert_tw_extensible_to_tw_pniels(multiples[0], working);

int i,j;
for (i=1; i<NTABLE; i++) {
add_tw_pniels_to_tw_extensible(working, &pn);
convert_tw_extensible_to_tw_pniels(&multiples[i], working);
add_tw_pniels_to_tw_extensible(working, pn);
convert_tw_extensible_to_tw_pniels(multiples[i], working);
}

i = nbits - WINDOW;
@@ -180,9 +180,9 @@ scalarmul (
inv = (bits>>(WINDOW-1))-1;
bits ^= inv;
constant_time_lookup_tw_pniels(&pn, multiples, NTABLE, bits & WINDOW_T_MASK);
cond_negate_tw_pniels(&pn, inv);
convert_tw_pniels_to_tw_extensible(working, &pn);
constant_time_lookup_tw_pniels(pn, multiples, NTABLE, bits & WINDOW_T_MASK);
cond_negate_tw_pniels(pn, inv);
convert_tw_pniels_to_tw_extensible(working, pn);

for (i-=WINDOW; i>=0; i-=WINDOW) {
@@ -200,15 +200,15 @@ scalarmul (
inv = (bits>>(WINDOW-1))-1;
bits ^= inv;
constant_time_lookup_tw_pniels(&pn, multiples, NTABLE, bits & WINDOW_T_MASK);
cond_negate_tw_pniels(&pn, inv);
add_tw_pniels_to_tw_extensible(working, &pn);
constant_time_lookup_tw_pniels(pn, multiples, NTABLE, bits & WINDOW_T_MASK);
cond_negate_tw_pniels(pn, inv);
add_tw_pniels_to_tw_extensible(working, pn);
}
}

void
scalarmul_vlook (
struct tw_extensible_t *working,
tw_extensible_a_t working,
const word_t scalar[SCALAR_WORDS]
) {
const int WINDOW = SCALARMUL_FIXED_WINDOW_SIZE,
@@ -223,20 +223,20 @@ scalarmul_vlook (
);


struct tw_extensible_t tabulator;
copy_tw_extensible(&tabulator, working);
double_tw_extensible(&tabulator);
tw_extensible_a_t tabulator;
copy_tw_extensible(tabulator, working);
double_tw_extensible(tabulator);

struct tw_pniels_t
pn VECTOR_ALIGNED,
multiples[NTABLE] VECTOR_ALIGNED;
convert_tw_extensible_to_tw_pniels(&pn, &tabulator);
convert_tw_extensible_to_tw_pniels(&multiples[0], working);
tw_pniels_a_t
pn VECTOR_ALIGNED,
multiples[NTABLE] VECTOR_ALIGNED;
convert_tw_extensible_to_tw_pniels(pn, tabulator);
convert_tw_extensible_to_tw_pniels(multiples[0], working);

int i,j;
for (i=1; i<NTABLE; i++) {
add_tw_pniels_to_tw_extensible(working, &pn);
convert_tw_extensible_to_tw_pniels(&multiples[i], working);
add_tw_pniels_to_tw_extensible(working, pn);
convert_tw_extensible_to_tw_pniels(multiples[i], working);
}

i = nbits - WINDOW;
@@ -244,9 +244,9 @@ scalarmul_vlook (
inv = (bits>>(WINDOW-1))-1;
bits ^= inv;

copy_tw_pniels(&pn, &multiples[bits & WINDOW_T_MASK]);
cond_negate_tw_pniels(&pn, inv);
convert_tw_pniels_to_tw_extensible(working, &pn);
copy_tw_pniels(pn, multiples[bits & WINDOW_T_MASK]);
cond_negate_tw_pniels(pn, inv);
convert_tw_pniels_to_tw_extensible(working, pn);

for (i-=WINDOW; i>=0; i-=WINDOW) {
@@ -264,9 +264,9 @@ scalarmul_vlook (
inv = (bits>>(WINDOW-1))-1;
bits ^= inv;
copy_tw_pniels(&pn, &multiples[bits & WINDOW_T_MASK]);
cond_negate_tw_pniels(&pn, inv);
add_tw_pniels_to_tw_extensible(working, &pn);
copy_tw_pniels(pn, multiples[bits & WINDOW_T_MASK]);
cond_negate_tw_pniels(pn, inv);
add_tw_pniels_to_tw_extensible(working, pn);
}
}

@@ -275,7 +275,7 @@ schedule_scalar_for_combs (
word_t *scalar2,
const word_t *scalar,
unsigned int nbits,
const struct fixed_base_table_t *table
const struct fixed_base_table_t* table
) {
unsigned int i;
unsigned int n = table->n, t = table->t, s = table->s;
@@ -312,10 +312,10 @@ schedule_scalar_for_combs (

mask_t
scalarmul_fixed_base (
struct tw_extensible_t *out,
tw_extensible_a_t out,
const word_t scalar[SCALAR_WORDS],
unsigned int nbits,
const struct fixed_base_table_t *table
const struct fixed_base_table_t* table
) {
unsigned int i,j,k;
unsigned int n = table->n, t = table->t, s = table->s;
@@ -332,7 +332,7 @@ scalarmul_fixed_base (
assert(t >= 1);
#endif
struct tw_niels_t ni;
tw_niels_a_t ni;
for (i=0; i<s; i++) {
if (i) double_tw_extensible(out);
@@ -355,12 +355,12 @@ scalarmul_fixed_base (
tab ^= invert;
tab &= (1<<(t-1)) - 1;
constant_time_lookup_tw_niels(&ni, table->table + (j<<(t-1)), 1<<(t-1), tab);
cond_negate_tw_niels(&ni, invert);
constant_time_lookup_tw_niels(ni, table->table + (j<<(t-1)), 1<<(t-1), tab);
cond_negate_tw_niels(ni, invert);
if (i||j) {
add_tw_niels_to_tw_extensible(out, &ni);
add_tw_niels_to_tw_extensible(out, ni);
} else {
convert_tw_niels_to_tw_extensible(out, &ni);
convert_tw_niels_to_tw_extensible(out, ni);
}
}
}
@@ -370,13 +370,13 @@ scalarmul_fixed_base (

mask_t
linear_combo_combs_vt (
struct tw_extensible_t *out,
tw_extensible_a_t out,
const word_t scalar1[SCALAR_WORDS],
unsigned int nbits1,
const struct fixed_base_table_t *table1,
const struct fixed_base_table_t* table1,
const word_t scalar2[SCALAR_WORDS],
unsigned int nbits2,
const struct fixed_base_table_t *table2
const struct fixed_base_table_t* table2
) {
unsigned int i,j,k,sc;
unsigned int s1 = table1->s, s2 = table2->s, smax = (s1 > s2) ? s1 : s2;
@@ -402,7 +402,7 @@ linear_combo_combs_vt (
assert(table2->t >= 1);
#endif
struct tw_niels_t ni;
tw_niels_a_t ni;
unsigned int swords[2] = {scalar1b_words, scalar2b_words}, started = 0;
word_t *scalars[2] = {scalar1b,scalar2b};
@@ -411,7 +411,7 @@ linear_combo_combs_vt (
if (i) double_tw_extensible(out);
for (sc=0; sc<2; sc++) {
const struct fixed_base_table_t *table = sc ? table2 : table1;
const struct fixed_base_table_t* table = sc ? table2 : table1;
int ii = i-smax+table->s;
if (ii < 0) continue;
@@ -432,13 +432,13 @@ linear_combo_combs_vt (
tab ^= invert;
tab &= (1<<(table->t-1)) - 1;
copy_tw_niels(&ni, &table->table[tab + (j<<(table->t-1))]);
cond_negate_tw_niels(&ni,invert);
copy_tw_niels(ni, table->table[tab + (j<<(table->t-1))]);
cond_negate_tw_niels(ni,invert);
if (started) {
add_tw_niels_to_tw_extensible(out, &ni);
add_tw_niels_to_tw_extensible(out, ni);
} else {
convert_tw_niels_to_tw_extensible(out, &ni);
convert_tw_niels_to_tw_extensible(out, ni);
started = 1;
}
@@ -454,12 +454,12 @@ linear_combo_combs_vt (

mask_t
precompute_fixed_base (
struct fixed_base_table_t *out,
const struct tw_extensible_t *base,
struct fixed_base_table_t* out,
const tw_extensible_a_t base,
unsigned int n,
unsigned int t,
unsigned int s,
struct tw_niels_t *prealloc
tw_niels_a_t *prealloc
) {
if (s < 1 || t < 1 || n < 1 || n*t*s < SCALAR_BITS) {
really_memset(out, 0, sizeof(*out));
@@ -470,19 +470,19 @@ precompute_fixed_base (
out->t = t;
out->s = s;
struct tw_extensible_t working, start;
copy_tw_extensible(&working, base);
struct tw_pniels_t pn_tmp;
tw_extensible_a_t working, start;
copy_tw_extensible(working, base);
tw_pniels_a_t pn_tmp;
struct tw_pniels_t *doubles = (struct tw_pniels_t *) malloc_vector(sizeof(*doubles) * (t-1));
tw_pniels_a_t *doubles = (tw_pniels_a_t *) malloc_vector(sizeof(*doubles) * (t-1));
field_a_t *zs = (field_a_t *) malloc_vector(sizeof(*zs) * (n<<(t-1)));
field_a_t *zis = (field_a_t *) malloc_vector(sizeof(*zis) * (n<<(t-1)));
struct tw_niels_t *table = prealloc;
tw_niels_a_t *table = prealloc;
if (prealloc) {
out->own_table = 0;
} else {
table = (struct tw_niels_t *) malloc_vector(sizeof(*table) * (n<<(t-1)));
table = (tw_niels_a_t *) malloc_vector(sizeof(*table) * (n<<(t-1)));
out->own_table = 1;
}
out->table = table;
@@ -535,23 +535,23 @@ precompute_fixed_base (
/* doubling phase */
for (j=0; j<t; j++) {
if (j) {
convert_tw_extensible_to_tw_pniels(&pn_tmp, &working);
add_tw_pniels_to_tw_extensible(&start, &pn_tmp);
convert_tw_extensible_to_tw_pniels(pn_tmp, working);
add_tw_pniels_to_tw_extensible(start, pn_tmp);
} else {
copy_tw_extensible(&start, &working);
copy_tw_extensible(start, working);
}

if (j==t-1 && i==n-1) {
break;
}

double_tw_extensible(&working);
double_tw_extensible(working);
if (j<t-1) {
convert_tw_extensible_to_tw_pniels(&doubles[j], &working);
convert_tw_extensible_to_tw_pniels(doubles[j], working);
}

for (k=0; k<s-1; k++) {
double_tw_extensible(&working);
double_tw_extensible(working);
}
}

@@ -560,9 +560,9 @@ precompute_fixed_base (
int gray = j ^ (j>>1);
int idx = (((i+1)<<(t-1))-1) ^ gray;

convert_tw_extensible_to_tw_pniels(&pn_tmp, &start);
copy_tw_niels(&table[idx], &pn_tmp.n);
field_copy(zs[idx], pn_tmp.z);
convert_tw_extensible_to_tw_pniels(pn_tmp, start);
copy_tw_niels(table[idx], pn_tmp->n);
field_copy(zs[idx], pn_tmp->z);
if (j >= (1u<<(t-1)) - 1) break;
int delta = (j+1) ^ ((j+1)>>1) ^ gray;
@@ -572,10 +572,10 @@ precompute_fixed_base (
if (gray & (1<<k)) {
/* start += doubles[k] */
add_tw_pniels_to_tw_extensible(&start, &doubles[k]);
add_tw_pniels_to_tw_extensible(start, doubles[k]);
} else {
/* start -= doubles[k] */
sub_tw_pniels_from_tw_extensible(&start, &doubles[k]);
sub_tw_pniels_from_tw_extensible(start, doubles[k]);
}
@@ -586,17 +586,17 @@ precompute_fixed_base (

field_a_t product;
for (i=0; i<n<<(t-1); i++) {
field_mul(product, table[i].a, zis[i]);
field_mul(product, table[i]->a, zis[i]);
field_strong_reduce(product);
field_copy(table[i].a, product);
field_copy(table[i]->a, product);
field_mul(product, table[i].b, zis[i]);
field_mul(product, table[i]->b, zis[i]);
field_strong_reduce(product);
field_copy(table[i].b, product);
field_copy(table[i]->b, product);
field_mul(product, table[i].c, zis[i]);
field_mul(product, table[i]->c, zis[i]);
field_strong_reduce(product);
field_copy(table[i].c, product);
field_copy(table[i]->c, product);
}
mask_t ret = ~field_is_zero(zis[0]);
@@ -617,7 +617,7 @@ precompute_fixed_base (

void
destroy_fixed_base (
struct fixed_base_table_t *table
struct fixed_base_table_t* table
) {
if (table->table) {
really_memset(table->table,0,sizeof(*table->table)*(table->n<<(table->t-1)));
@@ -630,8 +630,8 @@ destroy_fixed_base (

mask_t
precompute_fixed_base_wnaf (
struct tw_niels_t *out,
const struct tw_extensible_t *const_base,
tw_niels_a_t *out,
const tw_extensible_a_t const_base,
unsigned int tbits
) {
int i;
@@ -644,29 +644,29 @@ precompute_fixed_base_wnaf (
return 0;
}

struct tw_extensible_t base;
copy_tw_extensible(&base,const_base);
tw_extensible_a_t base;
copy_tw_extensible(base,const_base);
struct tw_pniels_t twop, tmp;
tw_pniels_a_t twop, tmp;
convert_tw_extensible_to_tw_pniels(&tmp, &base);
field_copy(zs[0], tmp.z);
copy_tw_niels(&out[0], &tmp.n);
convert_tw_extensible_to_tw_pniels(tmp, base);
field_copy(zs[0], tmp->z);
copy_tw_niels(out[0], tmp->n);

if (tbits > 0) {
double_tw_extensible(&base);
convert_tw_extensible_to_tw_pniels(&twop, &base);
add_tw_pniels_to_tw_extensible(&base, &tmp);
double_tw_extensible(base);
convert_tw_extensible_to_tw_pniels(twop, base);
add_tw_pniels_to_tw_extensible(base, tmp);
convert_tw_extensible_to_tw_pniels(&tmp, &base);
field_copy(zs[1], tmp.z);
copy_tw_niels(&out[1], &tmp.n);
convert_tw_extensible_to_tw_pniels(tmp, base);
field_copy(zs[1], tmp->z);
copy_tw_niels(out[1], tmp->n);

for (i=2; i < 1<<tbits; i++) {
add_tw_pniels_to_tw_extensible(&base, &twop);
convert_tw_extensible_to_tw_pniels(&tmp, &base);
field_copy(zs[i], tmp.z);
copy_tw_niels(&out[i], &tmp.n);
add_tw_pniels_to_tw_extensible(base, twop);
convert_tw_extensible_to_tw_pniels(tmp, base);
field_copy(zs[i], tmp->z);
copy_tw_niels(out[i], tmp->n);
}
}
@@ -674,17 +674,17 @@ precompute_fixed_base_wnaf (

field_a_t product;
for (i=0; i<1<<tbits; i++) {
field_mul(product, out[i].a, zis[i]);
field_mul(product, out[i]->a, zis[i]);
field_strong_reduce(product);
field_copy(out[i].a, product);
field_copy(out[i]->a, product);
field_mul(product, out[i].b, zis[i]);
field_mul(product, out[i]->b, zis[i]);
field_strong_reduce(product);
field_copy(out[i].b, product);
field_copy(out[i]->b, product);
field_mul(product, out[i].c, zis[i]);
field_mul(product, out[i]->c, zis[i]);
field_strong_reduce(product);
field_copy(out[i].c, product);
field_copy(out[i]->c, product);
}

free(zs);
@@ -760,31 +760,31 @@ recode_wnaf(

static void
prepare_wnaf_table(
struct tw_pniels_t *output,
struct tw_extensible_t *working,
tw_pniels_a_t *output,
tw_extensible_a_t working,
unsigned int tbits
) {
int i;
convert_tw_extensible_to_tw_pniels(&output[0], working);
convert_tw_extensible_to_tw_pniels(output[0], working);

if (tbits == 0) return;

double_tw_extensible(working);
struct tw_pniels_t twop;
convert_tw_extensible_to_tw_pniels(&twop, working);
tw_pniels_a_t twop;
convert_tw_extensible_to_tw_pniels(twop, working);

add_tw_pniels_to_tw_extensible(working, &output[0]);
convert_tw_extensible_to_tw_pniels(&output[1], working);
add_tw_pniels_to_tw_extensible(working, output[0]);
convert_tw_extensible_to_tw_pniels(output[1], working);

for (i=2; i < 1<<tbits; i++) {
add_tw_pniels_to_tw_extensible(working, &twop);
convert_tw_extensible_to_tw_pniels(&output[i], working);
add_tw_pniels_to_tw_extensible(working, twop);
convert_tw_extensible_to_tw_pniels(output[i], working);
}
}

void
scalarmul_vt (
struct tw_extensible_t *working,
tw_extensible_a_t working,
const word_t scalar[SCALAR_WORDS],
unsigned int nbits
) {
@@ -793,13 +793,13 @@ scalarmul_vt (
int control_bits = recode_wnaf(control, scalar, nbits, table_bits);
struct tw_pniels_t precmp[1<<table_bits];
tw_pniels_a_t precmp[1<<table_bits];
prepare_wnaf_table(precmp, working, table_bits);
if (control_bits > 0) {
assert(control[0].addend > 0);
assert(control[0].power >= 0);
convert_tw_pniels_to_tw_extensible(working, &precmp[control[0].addend >> 1]);
convert_tw_pniels_to_tw_extensible(working, precmp[control[0].addend >> 1]);
} else {
set_identity_tw_extensible(working);
return;
@@ -813,9 +813,9 @@ scalarmul_vt (
assert(control[conti].addend);

if (control[conti].addend > 0) {
add_tw_pniels_to_tw_extensible(working, &precmp[control[conti].addend >> 1]);
add_tw_pniels_to_tw_extensible(working, precmp[control[conti].addend >> 1]);
} else {
sub_tw_pniels_from_tw_extensible(working, &precmp[(-control[conti].addend) >> 1]);
sub_tw_pniels_from_tw_extensible(working, precmp[(-control[conti].addend) >> 1]);
}
conti++;
assert(conti <= control_bits);
@@ -825,10 +825,10 @@ scalarmul_vt (

void
scalarmul_fixed_base_wnaf_vt (
struct tw_extensible_t *working,
tw_extensible_a_t working,
const word_t scalar[SCALAR_WORDS],
unsigned int nbits,
const struct tw_niels_t *precmp,
const tw_niels_a_t *precmp,
unsigned int table_bits
) {
struct smvt_control control[nbits/(table_bits+1)+3];
@@ -838,7 +838,7 @@ scalarmul_fixed_base_wnaf_vt (
if (control_bits > 0) {
assert(control[0].addend > 0);
assert(control[0].power >= 0);
convert_tw_niels_to_tw_extensible(working, &precmp[control[0].addend >> 1]);
convert_tw_niels_to_tw_extensible(working, precmp[control[0].addend >> 1]);
} else {
set_identity_tw_extensible(working);
return;
@@ -853,9 +853,9 @@ scalarmul_fixed_base_wnaf_vt (
assert(control[conti].addend);
if (control[conti].addend > 0) {
add_tw_niels_to_tw_extensible(working, &precmp[control[conti].addend >> 1]);
add_tw_niels_to_tw_extensible(working, precmp[control[conti].addend >> 1]);
} else {
sub_tw_niels_from_tw_extensible(working, &precmp[(-control[conti].addend) >> 1]);
sub_tw_niels_from_tw_extensible(working, precmp[(-control[conti].addend) >> 1]);
}
}

@@ -866,12 +866,12 @@ scalarmul_fixed_base_wnaf_vt (

void
linear_combo_var_fixed_vt(
struct tw_extensible_t *working,
tw_extensible_a_t working,
const word_t scalar_var[SCALAR_WORDS],
unsigned int nbits_var,
const word_t scalar_pre[SCALAR_WORDS],
unsigned int nbits_pre,
const struct tw_niels_t *precmp,
const tw_niels_a_t *precmp,
unsigned int table_bits_pre
) {
const int table_bits_var = SCALARMUL_WNAF_COMBO_TABLE_BITS;
@@ -883,22 +883,22 @@ linear_combo_var_fixed_vt(
(void)ncb_var;
(void)ncb_pre;
struct tw_pniels_t precmp_var[1<<table_bits_var];
tw_pniels_a_t precmp_var[1<<table_bits_var];
prepare_wnaf_table(precmp_var, working, table_bits_var);
int contp=0, contv=0, i;
i = control_var[0].power;
if (i > control_pre[0].power) {
convert_tw_pniels_to_tw_extensible(working, &precmp_var[control_var[0].addend >> 1]);
convert_tw_pniels_to_tw_extensible(working, precmp_var[control_var[0].addend >> 1]);
contv++;
} else if (i == control_pre[0].power && i >=0 ) {
convert_tw_pniels_to_tw_extensible(working, &precmp_var[control_var[0].addend >> 1]);
add_tw_niels_to_tw_extensible(working, &precmp[control_pre[0].addend >> 1]);
convert_tw_pniels_to_tw_extensible(working, precmp_var[control_var[0].addend >> 1]);
add_tw_niels_to_tw_extensible(working, precmp[control_pre[0].addend >> 1]);
contv++; contp++;
} else {
i = control_pre[0].power;
convert_tw_niels_to_tw_extensible(working, &precmp[control_pre[0].addend >> 1]);
convert_tw_niels_to_tw_extensible(working, precmp[control_pre[0].addend >> 1]);
contp++;
}
@@ -914,9 +914,9 @@ linear_combo_var_fixed_vt(
assert(control_var[contv].addend);

if (control_var[contv].addend > 0) {
add_tw_pniels_to_tw_extensible(working, &precmp_var[control_var[contv].addend >> 1]);
add_tw_pniels_to_tw_extensible(working, precmp_var[control_var[contv].addend >> 1]);
} else {
sub_tw_pniels_from_tw_extensible(working, &precmp_var[(-control_var[contv].addend) >> 1]);
sub_tw_pniels_from_tw_extensible(working, precmp_var[(-control_var[contv].addend) >> 1]);
}
contv++;
}
@@ -925,9 +925,9 @@ linear_combo_var_fixed_vt(
assert(control_pre[contp].addend);

if (control_pre[contp].addend > 0) {
add_tw_niels_to_tw_extensible(working, &precmp[control_pre[contp].addend >> 1]);
add_tw_niels_to_tw_extensible(working, precmp[control_pre[contp].addend >> 1]);
} else {
sub_tw_niels_from_tw_extensible(working, &precmp[(-control_pre[contp].addend) >> 1]);
sub_tw_niels_from_tw_extensible(working, precmp[(-control_pre[contp].addend) >> 1]);
}
contp++;
}


+ 4
- 4
src/sha512.c View File

@@ -72,7 +72,7 @@ static inline uint64_t maj(uint64_t h1, uint64_t h2, uint64_t h3) {

static void
sha512_process_block (
struct sha512_ctx_t *ctx
sha512_ctx_a_t ctx
) {
uint64_t i, tmp, a, b,
*w = (uint64_t *) ctx->block,
@@ -119,7 +119,7 @@ sha512_process_block (

void
sha512_init (
struct sha512_ctx_t *ctx
sha512_ctx_a_t ctx
) {
ctx->nbytes = 0;
memcpy(ctx->chain, sha512_init_state, sizeof(sha512_init_state));
@@ -128,7 +128,7 @@ sha512_init (

void
sha512_update (
struct sha512_ctx_t *ctx,
sha512_ctx_a_t ctx,
const unsigned char *data,
uint64_t bytes
) {
@@ -153,7 +153,7 @@ sha512_update (

void
sha512_final (
struct sha512_ctx_t *ctx,
sha512_ctx_a_t ctx,
uint8_t result[64]
) {
uint64_t fill = ctx->nbytes % 128, i;


+ 5
- 5
test/bench.c View File

@@ -146,19 +146,19 @@ int main(int argc, char **argv) {
when = now() - when;
printf("rand448: %5.1fns\n", when * 1e9 / i);
struct sha512_ctx_t sha;
sha512_ctx_a_t sha;
uint8_t hashout[128];
when = now();
for (i=0; i<nbase; i++) {
sha512_init(&sha);
sha512_final(&sha, hashout);
sha512_init(sha);
sha512_final(sha, hashout);
}
when = now() - when;
printf("sha512 1blk: %5.1fns\n", when * 1e9 / i);
when = now();
for (i=0; i<nbase; i++) {
sha512_update(&sha, hashout, 128);
sha512_update(sha, hashout, 128);
}
when = now() - when;
printf("sha512 blk: %5.1fns (%0.2f MB/s)\n", when * 1e9 / i, 128*i/when/1e6);
@@ -348,7 +348,7 @@ int main(int argc, char **argv) {
when = now() - when;
printf("edwards vtm: %5.1fµs\n", when * 1e6 / i);
struct tw_niels_t wnaft[1<<6];
tw_niels_a_t wnaft[1<<6];
when = now();
for (i=0; i<nbase/10; i++) {
ignore_result(precompute_fixed_base_wnaf(wnaft,&ext,6));


+ 2
- 2
test/test_pointops.c View File

@@ -258,12 +258,12 @@ int test_pointops (void) {
crandom_init_from_buffer(&crand, "test_pointops random initializer");
struct extensible_t ext_base;
if (!validate_affine(&goldilocks_base_point)) {
if (!validate_affine(goldilocks_base_point)) {
youfail();
printf(" Base point isn't on the curve.\n");
return -1;
}
convert_affine_to_extensible(&ext_base, &goldilocks_base_point);
convert_affine_to_extensible(&ext_base, goldilocks_base_point);
if (!validate_ext(&ext_base, 2, "base")) return -1;
int i, ret;


+ 2
- 2
test/test_scalarmul.c View File

@@ -80,7 +80,7 @@ single_scalarmul_compatibility_test (
/* compute using precomp wNAF */
for (i=0; i<nsizes; i++) {
struct tw_niels_t pre[1<<i];
tw_niels_a_t pre[1<<i];
succ = precompute_fixed_base_wnaf(pre, &text, i);
if (!succ) {
@@ -177,7 +177,7 @@ single_linear_combo_test (
if (!succ) return 1;
struct fixed_base_table_t t1, t2;
struct tw_niels_t wnaf[32];
tw_niels_a_t wnaf[32];
memset(&t1,0,sizeof(t1));
memset(&t2,0,sizeof(t2));


+ 6
- 6
test/test_sha512.c View File

@@ -11,8 +11,8 @@ static int sha512_monte_carlo_core (
const char *seed,
const char *checks[100]
) {
struct sha512_ctx_t sha;
sha512_init(&sha);
sha512_ctx_a_t sha;
sha512_init(sha);
unsigned char md0[64],md1[64],md2[64];
@@ -31,12 +31,12 @@ static int sha512_monte_carlo_core (
for (j=0; j<100; j++) {
for (i=3; i<1003; i++) {
sha512_update(&sha,md0,sizeof(md0));
sha512_update(&sha,md1,sizeof(md1));
sha512_update(&sha,md2,sizeof(md2));
sha512_update(sha,md0,sizeof(md0));
sha512_update(sha,md1,sizeof(md1));
sha512_update(sha,md2,sizeof(md2));
memcpy(md0,md1,sizeof(md1));
memcpy(md1,md2,sizeof(md1));
sha512_final(&sha,md2);
sha512_final(sha,md2);
}
ret = hexdecode(md0,checks[j],64);


Write Preview
Loading…
Cancel
Save