Sfoglia il codice sorgente
Merge branch 'curve25519-work' of ssh://git.code.sf.net/p/ed448goldilocks/code into curve25519-work
master
Mike Hamburg
8 anni fa
3 ha cambiato i file con 50 aggiunte e 18 eliminazioni
-
+37 -0HISTORY.txt
-
+11 -16TODO.txt
-
+2 -2src/decaf.c
+ 37
- 0
HISTORY.txt
Vedi File
| @@ -1,3 +1,40 @@ | |||
| January 15, 2016: | |||
| Lots of changes since the last entry in HISTORY.TXT. | |||
| Pushing eventually toward a 1.0 release, at least for the curves | |||
| themselves (i.e. not for STROBE), still a fair amount of stuff to | |||
| do. | |||
| I have pretty much all the functions I want implemented, except | |||
| that maybe there should be a compatibility mode for whatever CFRG | |||
| decides the real life format should be. | |||
| The library now supports multiple curves at once. A decaffeinated | |||
| curve isogenous to Curve25519 is now supported, but not especially | |||
| fast. This is all still a little rough around the edges. To make | |||
| it work in a sane way, most of the headers are generated using | |||
| Python templates. Probably those should be turned back into .h | |||
| files for syntax hilighting purposes; the code generation system | |||
| in general needs quite a tuneup. | |||
| The plus side is that this reduces the source code size, especially | |||
| for supporting many curves over many fields. | |||
| Currently the code only kind of halfway works on ARM, and not as | |||
| fast as it used to (on NEON anyway), by maybe 15-20%. I'm | |||
| investigating why. It's about as fast as it used to be on x86, | |||
| maybe a hair slower. | |||
| Montgomery ladder is currently out. Putting it back in might help | |||
| pin down the ARM NEON performance regression. | |||
| The BAT is currently broken. | |||
| Tracking at 55 TODO items, about half of which are important-ish. | |||
| Source code size is currently 12.8k wc-lines, including tests and | |||
| old fields (p480 and p521). I'm still trying to get that down, but | |||
| with things like 600 lines of NEON f_impl.c, that's not an easy task. | |||
| April 23, 2015: | |||
| Removed the original Goldilocks code; Decaf now stands on its own. | |||
| This cuts the source code approximately in half, to a still-large | |||
+ 11
- 16
TODO.txt
Vedi File
| @@ -1,13 +1,10 @@ | |||
| Important work items for Ed448-Goldilocks / decaf: | |||
| * Factor out hash, crandom from core library? | |||
| [DONE, except for C++ headers] | |||
| * Signed 32-bit NEON implementation to avoid bias/reduce after subtract | |||
| * Documentation: write high-level API docs, and internal docs to help | |||
| other implementors. | |||
| * Partial progress on Doxygenating the code. | |||
| * Pretty good progress on Doxygenating the code. | |||
| * Documentation: write a spec or add to Watson's | |||
| @@ -15,44 +12,42 @@ Important work items for Ed448-Goldilocks / decaf: | |||
| * namespace_op or op_namespace? namespace_op_type? | |||
| * We don't have to be super-careful with the namespacing, because | |||
| symbols will be scrubbed by visibility | |||
| * Mostly done. | |||
| * Cleanup: unify intrinsics code | |||
| * Word_t, mask_t, bigregister_t, etc. | |||
| * [ MOSTLY DONE ] | |||
| * Generate asm intrinsics with a script? | |||
| * Testing: | |||
| * More testing. Testing, testing and testing. | |||
| * Test corner cases better. | |||
| * Safety: add static analysis attributes for compilers that support them | |||
| * Most functions now have warn on ignored return. | |||
| * [ MOSTLY DONE ] | |||
| * Safety: | |||
| * Decide what to do about RNG failures | |||
| * abort | |||
| * return error and zeroize | |||
| * return error and zeroize [ THIS ] | |||
| * return error but continue if RNG is kind of mostly OK | |||
| * High-level API: [DONE] | |||
| * Portability: test and make clean with other compilers | |||
| * Using a fair amount of __attribute__ code. | |||
| * [DONE] Should work for GCC now. | |||
| * [Should work for GCC now. But not really on ARM. | |||
| * Portability: try to make the vector code as portable as possible | |||
| * Currently using clang ext_vector_length. | |||
| * I can't get a simple for-loop to autovectorize :-/ | |||
| * SAGE tool? | |||
| * [DONE] Portability: make the outer layers of the code 32-bit clean. | |||
| * [DONE] Performance/flexibility: decide which parameters should be hard-coded. | |||
| * Perhaps useful for comb precomputation. | |||
| * Portability: make the outer layers of the code 32-bit clean. | |||
| * Was [DONE], but a regression on ARM GCC. | |||
| * Performance: Improve SHAKE. | |||
| * Improve speed. (Maybe) | |||
| * Clear other TODO/FIXME/HACK/PERF items in the code | |||
| * More curves? E-521 at least? Ed41417? | |||
| * CFRG compat modes. | |||
| * Submit Decaf to SUPERCOP | |||
+ 2
- 2
src/decaf.c
Vedi File
| @@ -755,7 +755,7 @@ cond_neg_niels ( | |||
| cond_neg(n->c, neg); | |||
| } | |||
| static void pt_to_pniels ( | |||
| static NOINLINE void pt_to_pniels ( | |||
| pniels_t b, | |||
| const point_t a | |||
| ) { | |||
| @@ -765,7 +765,7 @@ static void pt_to_pniels ( | |||
| gf_add ( b->z, a->z, a->z ); | |||
| } | |||
| static void pniels_to_pt ( | |||
| static NOINLINE void pniels_to_pt ( | |||
| point_t e, | |||
| const pniels_t d | |||
| ) { | |||