diff --git a/src/gen_headers/curve_data.py b/src/gen_headers/curve_data.py index a66b1b0..444560c 100644 --- a/src/gen_headers/curve_data.py +++ b/src/gen_headers/curve_data.py @@ -74,8 +74,6 @@ def ceil_log2(x): for field,data in field_data.iteritems(): if "modulus" not in data: data["modulus"] = eval(data["gf_desc"].replace("^","**")) - - data["p_mod_8"] = data["modulus"] % 8 if "gf_bits" not in data: data["gf_bits"] = ceil_log2(data["modulus"]) @@ -88,10 +86,6 @@ for field,data in field_data.iteritems(): if "x_priv_bits" not in data: data["x_priv_bits"] = ceil_log2(data["modulus"]*0.99) # not per curve at least in 7748 - - data["ser_modulus"] = ser(data["modulus"], data["gf_lit_limb_bits"]) - if data["modulus"] % 4 == 1: data["sqrt_minus_one"] = ser(msqrt(-1,data["modulus"]), data["gf_lit_limb_bits"]) - else: data["sqrt_minus_one"] = "/* NONE */" for curve,data in curve_data.iteritems(): for key in field_data[data["field"]]: @@ -121,7 +115,6 @@ for curve,data in curve_data.iteritems(): data["q"] = (data["modulus"]+1-data["trace"]) // data["cofactor"] data["bits"] = ceil_log2(data["modulus"]) data["decaf_base"] = ser(msqrt(data["mont_base"],data["modulus"]),8) - data["scalar_p"] = ser(data["q"],64,"SC_LIMB") if data["cofactor"] > 4: data["sqrt_one_minus_d"] = ser(msqrt(1-data["d"],data["modulus"]),data["gf_lit_limb_bits"]) else: data["sqrt_one_minus_d"] = "/* NONE */" diff --git a/src/gen_headers/template.py b/src/gen_headers/template.py index 288a463..ba56cc8 100644 --- a/src/gen_headers/template.py +++ b/src/gen_headers/template.py @@ -1,4 +1,5 @@ from textwrap import dedent +from curve_data import field_data,curve_data,ser,msqrt import os import argparse @@ -12,8 +13,6 @@ parser.add_argument('--guard', required = False, default = None, help = "header parser.add_argument('files', metavar='file', type=str, nargs='+', help='a list of files to fill') args = parser.parse_args() -from curve_data import field_data,curve_data - per_map = {"field":field_data, "curve":curve_data, "global":{"global":{}} } def redoc(filename,doc,author): @@ -51,7 +50,7 @@ def fillin(template,data): if template[position] == '(': parens += 1 elif template[position] == ')': parens -= 1 position += 1 - ret += str(eval(template[dollars+2:position-1],data)) + ret += str(eval(template[dollars+2:position-1],{'ser':ser,'msqrt':msqrt},data)) author = "Mike Hamburg" # FUTURE for name in args.files: diff --git a/src/per_curve/decaf.tmpl.c b/src/per_curve/decaf.tmpl.c index bd81b2b..f2cdc39 100644 --- a/src/per_curve/decaf.tmpl.c +++ b/src/per_curve/decaf.tmpl.c @@ -10,6 +10,7 @@ #include +/* Template stuff */ #define API_NS(_id) $(c_ns)_##_id #define SCALAR_BITS $(C_NS)_SCALAR_BITS #define SCALAR_LIMBS $(C_NS)_SCALAR_LIMBS @@ -20,7 +21,11 @@ #define COFACTOR $(cofactor) static const int EDWARDS_D = $(d); -static const scalar_t sc_p = {{{ $(scalar_p) }}}; +static const scalar_t sc_p = {{{ $(ser(q,64,"SC_LIMB")) }}}; +static const scalar_t sc_r2 = {{{ $(ser(((2**128)**((scalar_bits+63)/64))%q,64,"SC_LIMB")) }}}; +extern const scalar_t API_NS(point_scalarmul_adjustment); /* TODO: auto template these too. */ +extern const scalar_t API_NS(precomputed_scalarmul_adjustment); +static const decaf_word_t MONTGOMERY_FACTOR = (decaf_word_t)0x$("%x" % pow(-q,2**64-1,2**64))ull; #if COFACTOR==8 static const gf SQRT_ONE_MINUS_D = {FIELD_LITERAL( @@ -49,8 +54,6 @@ extern const gf SQRT_MINUS_ONE; #define WBITS DECAF_WORD_BITS /* NB this may be different from ARCH_WORD_BITS */ const scalar_t API_NS(scalar_one) = {{{1}}}, API_NS(scalar_zero) = {{{0}}}; -extern const scalar_t API_NS(sc_r2); -extern const decaf_word_t API_NS(MONTGOMERY_FACTOR); extern const point_t API_NS(point_base); /* Projective Niels coordinates */ @@ -220,7 +223,7 @@ sc_montmul ( } accum[j] = chain; - mand = accum[0] * API_NS(MONTGOMERY_FACTOR); + mand = accum[0] * MONTGOMERY_FACTOR; chain = 0; mier = sc_p->limb; for (j=0; j 0) sc_montmul(precmp[LAST],precmp[0],precmp[0]); int i; @@ -734,7 +737,7 @@ void API_NS(scalar_decode_long)( while (i) { i -= SER_BYTES; - sc_montmul(t1,t1,API_NS(sc_r2)); + sc_montmul(t1,t1,sc_r2); ignore_result( API_NS(scalar_decode)(t2, ser+i) ); API_NS(scalar_add)(t1, t1, t2); } @@ -868,8 +871,6 @@ sub_pniels_from_pt ( sub_niels_from_pt( p, pn->n, before_double ); } -extern const scalar_t API_NS(point_scalarmul_adjustment); - static INLINE void constant_time_lookup_xx ( void *__restrict__ out_, @@ -1477,8 +1478,6 @@ void API_NS(precompute) ( decaf_bzero(doubles,sizeof(doubles)); } -extern const scalar_t API_NS(precomputed_scalarmul_adjustment); - static INLINE void constant_time_lookup_xx_niels ( niels_s *__restrict__ ni, diff --git a/src/per_curve/decaf_gen_tables.tmpl.c b/src/per_curve/decaf_gen_tables.tmpl.c index 949ae1d..e753dcc 100644 --- a/src/per_curve/decaf_gen_tables.tmpl.c +++ b/src/per_curve/decaf_gen_tables.tmpl.c @@ -19,8 +19,6 @@ static const unsigned char base_point_ser_for_pregen[SER_BYTES] = { const gf API_NS(precomputed_base_as_fe)[1]; const API_NS(scalar_t) API_NS(precomputed_scalarmul_adjustment); const API_NS(scalar_t) API_NS(point_scalarmul_adjustment); -const API_NS(scalar_t) API_NS(sc_r2) = {{{0}}}; -const decaf_word_t API_NS(MONTGOMERY_FACTOR) = 0; const API_NS(point_t) API_NS(point_base); const uint8_t API_NS(x_base_point)[X_PUBLIC_BYTES] = {0}; @@ -148,23 +146,8 @@ int main(int argc, char **argv) { API_NS(scalar_sub)(smadj, smadj, API_NS(scalar_one)); scalar_print("API_NS(point_scalarmul_adjustment)", smadj); - API_NS(scalar_copy)(smadj,API_NS(scalar_one)); - for (i=0; ilimb[0]+1; -#if DECAF_WORD_BITS == 32 - plo |= ((unsigned long long)smadj->limb[1]) << 32; -#endif - for (i=0; i<6; i++) { - w *= w*plo + 2; - } - printf("const decaf_word_t API_NS(MONTGOMERY_FACTOR) = (decaf_word_t)0x%016llxull;\n\n", w); /* Generate the Montgomery ladder version of the base point */ gf base1,base2; diff --git a/src/per_field/f_field.tmpl.h b/src/per_field/f_field.tmpl.h index 4322c9a..bd444c0 100644 --- a/src/per_field/f_field.tmpl.h +++ b/src/per_field/f_field.tmpl.h @@ -74,14 +74,10 @@ mask_t gf_deserialize (gf x, const uint8_t serial[SER_BYTES]); #include "f_impl.h" /* Bring in the inline implementations */ -static const gf MODULUS = {FIELD_LITERAL( - $(ser_modulus) -)}; - -#define P_MOD_8 $(p_mod_8) +#define P_MOD_8 $(modulus % 8) #if P_MOD_8 == 5 static const gf SQRT_MINUS_ONE = {FIELD_LITERAL( /* TODO make not static */ - $(sqrt_minus_one) + $(ser(msqrt(-1,modulus),gf_lit_limb_bits) if modulus % 4 == 1 else "/* NOPE */") )}; #endif diff --git a/src/per_field/f_generic.tmpl.c b/src/per_field/f_generic.tmpl.c index c60b17f..0a1f742 100644 --- a/src/per_field/f_generic.tmpl.c +++ b/src/per_field/f_generic.tmpl.c @@ -10,6 +10,10 @@ #include "field.h" +static const gf MODULUS = {FIELD_LITERAL( + $(ser(modulus,gf_lit_limb_bits)) +)}; + /** Serialize to wire format. */ void gf_serialize (uint8_t serial[SER_BYTES], const gf x) { gf red;