diff --git a/Makefile b/Makefile index 47bcc90..41fa902 100644 --- a/Makefile +++ b/Makefile @@ -64,7 +64,7 @@ ASFLAGS = $(ARCHFLAGS) $(XASFLAGS) .PHONY: clean all test bench todo doc lib bat .PRECIOUS: build/%.s -HEADERS= Makefile $(shell find . -name "*.h") $(shell find . -name "*.hxx") build/timestamp +HEADERS= Makefile $(shell find src include test -name "*.h") $(shell find . -name "*.hxx") build/timestamp DECAFCOMPONENTS= build/$(DECAF).o build/shake.o build/decaf_crypto.o \ diff --git a/src/bat/sign.c b/src/bat/sign.c index be73340..ea60d4d 100644 --- a/src/bat/sign.c +++ b/src/bat/sign.c @@ -11,6 +11,7 @@ #include #include "api.h" #include "crypto_sign.h" +#include "randombytes.h" int crypto_sign_keypair ( unsigned char pk[PUBLICKEY_BYTES], @@ -35,7 +36,7 @@ int crypto_sign ( unsigned char sig[SIGNATURE_BYTES]; decaf_448_sign( sig, - (const struct goldilocks_private_key_t *)sk, + (const decaf_448_private_key_s *)sk, m, mlen ); memmove(sm + SIGNATURE_BYTES, m, mlen); diff --git a/src/decaf_fast.c b/src/decaf_fast.c index fa18f96..41813b9 100644 --- a/src/decaf_fast.c +++ b/src/decaf_fast.c @@ -30,12 +30,9 @@ #if WBITS == 64 typedef __int128_t decaf_sdword_t; -#define LIMB(x) (x##ull) #define SC_LIMB(x) (x##ull) #elif WBITS == 32 typedef int64_t decaf_sdword_t; -#define LBITS 28 /* MAGIC */ -#define LIMB(x) (x##ull)&((1ull<>LBITS #define SC_LIMB(x) (x##ull)&((1ull<<32)-1), (x##ull)>>32 #else #error "Only supporting 32- and 64-bit platforms right now" @@ -85,28 +82,23 @@ static const decaf_word_t MONTGOMERY_FACTOR = (decaf_word_t)(0x3bd440fae918bc5ul /** base = twist of Goldilocks base point (~,19). */ -#ifndef FIELD_LITERAL -# define FIELD_LITERAL(a,b,c,d,e,f,g,h) \ - LIMB(a),LIMB(b),LIMB(c),LIMB(d),LIMB(e),LIMB(f),LIMB(g),LIMB(h) -#endif - const point_t API_NS(point_base) = {{ - {{{ FIELD_LITERAL( + { FIELD_LITERAL( 0xb39a2d57e08c7b,0xb38639c75ff281, 0x2ec981082b3288,0x99fe8607e5237c, 0x0e33fbb1fadd1f,0xe714f67055eb4a, - 0xc9ae06d64067dd,0xf7be45054760fa )}}}, - {{{ FIELD_LITERAL( + 0xc9ae06d64067dd,0xf7be45054760fa )}, + { FIELD_LITERAL( 0xbd8715f551617f,0x8c17fbeca8f5fc, 0xaae0eec209c06f,0xce41ad80cbe6b8, 0xdf360b5c828c00,0xaf25b6bbb40e3b, - 0x8ed37f0ce4ed31,0x72a1c3214557b9 )}}}, - {{{ 1 }}}, - {{{ FIELD_LITERAL( + 0x8ed37f0ce4ed31,0x72a1c3214557b9 )}, + {{{ 1 }}}, + { FIELD_LITERAL( 0x97ca9c8ed8bde9,0xf0b780da83304c, 0x0d79c0a7729a69,0xc18d3f24aebc1c, 0x1fbb5389b3fda5,0xbb24f674635948, - 0x723a55709a3983,0xe1c0107a823dd4 )}}} + 0x723a55709a3983,0xe1c0107a823dd4 )} }}; /* Projective Niels coordinates */ @@ -116,9 +108,9 @@ typedef struct { niels_t n; gf z; } pniels_s, pniels_t[1]; /* Precomputed base */ struct precomputed_s { niels_t table [DECAF_COMBS_N<<(DECAF_COMBS_T-1)]; }; -extern const decaf_word_t API_NS(precomputed_base_as_words)[]; +extern const field_t API_NS(precomputed_base_as_fe)[]; const precomputed_s *API_NS(precomputed_base) = - (const precomputed_s *) &API_NS(precomputed_base_as_words); + (const precomputed_s *) &API_NS(precomputed_base_as_fe); const size_t API_NS2(sizeof,precomputed_s) = sizeof(precomputed_s); const size_t API_NS2(alignof,precomputed_s) = 32; @@ -1497,8 +1489,8 @@ sv prepare_wnaf_table( } } -extern const decaf_word_t API_NS(precomputed_wnaf_as_words)[]; -static const niels_t *API_NS(wnaf_base) = (const niels_t *)API_NS(precomputed_wnaf_as_words); +extern const field_t API_NS(precomputed_wnaf_as_fe)[]; +static const niels_t *API_NS(wnaf_base) = (const niels_t *)API_NS(precomputed_wnaf_as_fe); const size_t API_NS2(sizeof,precomputed_wnafs) __attribute((visibility("hidden"))) = sizeof(niels_t)< #include "decaf.h" #include "decaf_448_config.h" /* MAGIC */ +#include "field.h" #define API_NS(_id) decaf_448_##_id #define API_NS2(_pref,_id) _pref##_decaf_448_##_id /* To satisfy linker. */ -const decaf_word_t API_NS(precomputed_base_as_words)[1]; +const field_t API_NS(precomputed_base_as_fe)[1]; const API_NS(scalar_t) API_NS(precomputed_scalarmul_adjustment); const API_NS(scalar_t) API_NS(point_scalarmul_adjustment); struct niels_s; -const decaf_word_t *API_NS(precomputed_wnaf_as_words); +const field_t *API_NS(precomputed_wnaf_as_fe); extern const size_t API_NS2(sizeof,precomputed_wnafs); void API_NS(precompute_wnafs) ( @@ -41,6 +42,29 @@ static void scalar_print(const char *name, const API_NS(scalar_t) sc) { printf("}}};\n\n"); } +static void field_print(const field_t *f) { + const int FIELD_SER_BYTES = (FIELD_BITS + 7) / 8; + unsigned char ser[FIELD_SER_BYTES]; + field_serialize(ser,f); + int b=0, i, comma=0; + unsigned long long limb = 0; + printf("FIELD_LITERAL("); + for (i=0; i= FIELD_LIT_LIMB_BITS) { + limb &= (1ull<>(8-b); + } + } + printf(")"); + assert(b<8); +} + int main(int argc, char **argv) { (void)argc; (void)argv; @@ -54,34 +78,31 @@ int main(int argc, char **argv) { if (ret || !preWnaf) return 1; API_NS(precompute_wnafs)(preWnaf, API_NS(point_base)); - const decaf_word_t *output = (const decaf_word_t *)pre; + const field_t *output = (const field_t *)pre; unsigned i; printf("/** @warning: this file was automatically generated. */\n"); + printf("#include \"field.h\"\n\n"); printf("#include \"decaf.h\"\n\n"); printf("#define API_NS(_id) decaf_448_##_id\n"); printf("#define API_NS2(_pref,_id) _pref##_decaf_448_##_id\n"); - printf("const decaf_word_t API_NS(precomputed_base_as_words)[%d]\n", - (int)(API_NS2(sizeof,precomputed_s) / sizeof(decaf_word_t))); + printf("const field_t API_NS(precomputed_base_as_fe)[%d]\n", + (int)(API_NS2(sizeof,precomputed_s) / sizeof(field_t))); printf("__attribute__((aligned(%d),visibility(\"hidden\"))) = {\n ", (int)API_NS2(alignof,precomputed_s)); - for (i=0; i < API_NS2(sizeof,precomputed_s); i+=sizeof(decaf_word_t)) { - if (i && (i%8==0)) printf(",\n "); - else if (i) printf(", "); - printf("0x%0*llxull", (int)sizeof(decaf_word_t)*2, (unsigned long long)*output ); - output++; + for (i=0; i < API_NS2(sizeof,precomputed_s); i+=sizeof(field_t)) { + if (i) printf(",\n "); + field_print(output++); } printf("\n};\n"); - output = (const decaf_word_t *)preWnaf; - printf("const decaf_word_t API_NS(precomputed_wnaf_as_words)[%d]\n", - (int)(API_NS2(sizeof,precomputed_wnafs) / sizeof(decaf_word_t))); + output = (const field_t *)preWnaf; + printf("const field_t API_NS(precomputed_wnaf_as_fe)[%d]\n", + (int)(API_NS2(sizeof,precomputed_wnafs) / sizeof(field_t))); printf("__attribute__((aligned(%d),visibility(\"hidden\"))) = {\n ", (int)API_NS2(alignof,precomputed_s)); - for (i=0; i < API_NS2(sizeof,precomputed_wnafs); i+=sizeof(decaf_word_t)) { - if (i && (i%8==0)) printf(",\n "); - else if (i) printf(", "); - printf("0x%0*llxull", (int)sizeof(decaf_word_t)*2, (unsigned long long)*output ); - output++; + for (i=0; i < API_NS2(sizeof,precomputed_wnafs); i+=sizeof(field_t)) { + if (i) printf(",\n "); + field_print(output++); } printf("\n};\n"); diff --git a/src/p448/arch_32/p448.h b/src/p448/arch_32/p448.h index d3529fb..89bf763 100644 --- a/src/p448/arch_32/p448.h +++ b/src/p448/arch_32/p448.h @@ -13,6 +13,11 @@ typedef struct p448_t { uint32_t limb[16]; } __attribute__((aligned(32))) p448_t; +#define LBITS 28 +#define LIMB(x) (x##ull)&((1ull<>LBITS +#define FIELD_LITERAL(a,b,c,d,e,f,g,h) \ + {{LIMB(a),LIMB(b),LIMB(c),LIMB(d),LIMB(e),LIMB(f),LIMB(g),LIMB(h)}} + #ifdef __cplusplus extern "C" { #endif diff --git a/src/p448/arch_arm_32/p448.h b/src/p448/arch_arm_32/p448.h index d3529fb..89bf763 100644 --- a/src/p448/arch_arm_32/p448.h +++ b/src/p448/arch_arm_32/p448.h @@ -13,6 +13,11 @@ typedef struct p448_t { uint32_t limb[16]; } __attribute__((aligned(32))) p448_t; +#define LBITS 28 +#define LIMB(x) (x##ull)&((1ull<>LBITS +#define FIELD_LITERAL(a,b,c,d,e,f,g,h) \ + {{LIMB(a),LIMB(b),LIMB(c),LIMB(d),LIMB(e),LIMB(f),LIMB(g),LIMB(h)}} + #ifdef __cplusplus extern "C" { #endif diff --git a/src/p448/arch_neon_experimental/p448.h b/src/p448/arch_neon_experimental/p448.h index 38af561..75bd92e 100644 --- a/src/p448/arch_neon_experimental/p448.h +++ b/src/p448/arch_neon_experimental/p448.h @@ -15,13 +15,14 @@ typedef struct p448_t { #define LIMBPERM(x) (((x)<<1 | (x)>>3) & 15) #define USE_NEON_PERM 1 +#define LBITS 28 #define LIMBHI(x) ((x##ull)>>LBITS) #define LIMBLO(x) ((x##ull)&((1ull< #include "p448.h" +#define FIELD_LIT_LIMB_BITS 56 #define FIELD_BITS 448 #define field_t p448_t #define field_mul p448_mul diff --git a/src/p480/f_field.h b/src/p480/f_field.h index 24c9471..ac178b0 100644 --- a/src/p480/f_field.h +++ b/src/p480/f_field.h @@ -13,6 +13,7 @@ #include #include "p480.h" +#define FIELD_LIT_LIMB_BITS 60 #define FIELD_BITS 480 #define field_t p480_t #define field_mul p480_mul diff --git a/src/p521/f_field.h b/src/p521/f_field.h index 54cf74c..df4777f 100644 --- a/src/p521/f_field.h +++ b/src/p521/f_field.h @@ -13,6 +13,7 @@ #include "constant_time.h" #include "p521.h" +#define FIELD_LIT_LIMB_BITS 58 #define FIELD_BITS 521 #define field_t p521_t #define field_mul p521_mul