Mike Hamburg
10 years ago
5 changed files with 43 additions and 31 deletions
Unified View
Diff Options
-
+3 -2Makefile
-
+15 -11include/decaf.h
-
+6 -2src/decaf.c
-
+1 -3src/scalarmul.c
-
+18 -13test/test_pointops.c
+ 3
- 2
Makefile
View File
| @@ -54,9 +54,10 @@ ifeq (,$(findstring 64,$(ARCH))$(findstring gcc,$(CC))) | |||||
| XCFLAGS += -DGOLDI_FORCE_32_BIT=1 | XCFLAGS += -DGOLDI_FORCE_32_BIT=1 | ||||
| endif | endif | ||||
| ARCHFLAGS += $(XARCHFLAGS) | |||||
| CFLAGS = $(LANGFLAGS) $(WARNFLAGS) $(INCFLAGS) $(OFLAGS) $(ARCHFLAGS) $(GENFLAGS) $(XCFLAGS) | CFLAGS = $(LANGFLAGS) $(WARNFLAGS) $(INCFLAGS) $(OFLAGS) $(ARCHFLAGS) $(GENFLAGS) $(XCFLAGS) | ||||
| LDFLAGS = $(ARCHFLAGS) $(XLDFLAGS) | LDFLAGS = $(ARCHFLAGS) $(XLDFLAGS) | ||||
| ASFLAGS = $(ARCHFLAGS) | |||||
| ASFLAGS = $(ARCHFLAGS) $(XASFLAGS) | |||||
| .PHONY: clean all test bench todo doc lib bat | .PHONY: clean all test bench todo doc lib bat | ||||
| .PRECIOUS: build/%.s | .PRECIOUS: build/%.s | ||||
| @@ -97,7 +98,7 @@ ifeq ($(UNAME),Darwin) | |||||
| libtool -macosx_version_min 10.6 -dynamic -dead_strip -lc -x -o $@ \ | libtool -macosx_version_min 10.6 -dynamic -dead_strip -lc -x -o $@ \ | ||||
| $(LIBCOMPONENTS) | $(LIBCOMPONENTS) | ||||
| else | else | ||||
| $(LD) -shared -Wl,-soname,goldilocks.so.1 -Wl,--gc-sections -o $@ $(LIBCOMPONENTS) | |||||
| $(LD) $(LDFLAGS) -shared -Wl,-soname,goldilocks.so.1 -Wl,--gc-sections -o $@ $(LIBCOMPONENTS) | |||||
| strip --discard-all $@ | strip --discard-all $@ | ||||
| ln -sf `basename $@` build/goldilocks.so.1 | ln -sf `basename $@` build/goldilocks.so.1 | ||||
| endif | endif | ||||
+ 15
- 11
include/decaf.h
View File
| @@ -33,24 +33,28 @@ | |||||
| #define NONNULL2 __attribute__((nonnull(1,2))) | #define NONNULL2 __attribute__((nonnull(1,2))) | ||||
| #define NONNULL3 __attribute__((nonnull(1,2,3))) | #define NONNULL3 __attribute__((nonnull(1,2,3))) | ||||
| #define NONNULL5 __attribute__((nonnull(1,2,3,4,5))) | #define NONNULL5 __attribute__((nonnull(1,2,3,4,5))) | ||||
| /** @endcond */ | |||||
| /** Types of internal words. TODO: ARCH: make 32-bit clean */ | |||||
| /* Internal word types */ | |||||
| #if (defined(__ILP64__) || defined(__amd64__) || defined(__x86_64__) || (((__UINT_FAST32_MAX__)>>30)>>30)) \ | |||||
| && !defined(DECAF_FORCE_32_BIT) | |||||
| #define DECAF_WORD_BITS 64 | |||||
| typedef uint64_t decaf_word_t, decaf_bool_t; | typedef uint64_t decaf_word_t, decaf_bool_t; | ||||
| #else | |||||
| #define DECAF_WORD_BITS 32 | |||||
| typedef uint32_t decaf_word_t, decaf_bool_t; | |||||
| #endif | |||||
| /** @endcond */ | |||||
| /* TODO: prefix all these operations and factor to support multiple curves. */ | /* TODO: prefix all these operations and factor to support multiple curves. */ | ||||
| /* TODO: perfield, so when 25519 hits this will change */ | |||||
| #define DECAF_FIELD_BITS 448 | |||||
| #define DECAF_LIMBS 8 | |||||
| #define DECAF_LIMBS (512/DECAF_WORD_BITS) | |||||
| #define DECAF_SCALAR_BITS 446 | #define DECAF_SCALAR_BITS 446 | ||||
| #define DECAF_SCALAR_LIMBS (1 + (DECAF_SCALAR_BITS-1)/8/sizeof(decaf_word_t)) | |||||
| #define DECAF_SCALAR_LIMBS (448/DECAF_WORD_BITS) | |||||
| /** Number of bytes in a serialized point. One less bit than you'd think. */ | |||||
| #define DECAF_SER_BYTES ((DECAF_FIELD_BITS+6)/8) | |||||
| /** Number of bytes in a serialized point. */ | |||||
| #define DECAF_SER_BYTES 56 | |||||
| /** Number of bytes in a serialized scalar. Two less bits than you'd think. */ | |||||
| #define DECAF_SCALAR_BYTES ((DECAF_FIELD_BITS+5)/8) | |||||
| /** Number of bytes in a serialized scalar. */ | |||||
| #define DECAF_SCALAR_BYTES 56 | |||||
| /** Twisted Edwards (-1,d-1) extended homogeneous coordinates */ | /** Twisted Edwards (-1,d-1) extended homogeneous coordinates */ | ||||
| typedef struct decaf_point_s { | typedef struct decaf_point_s { | ||||
+ 6
- 2
src/decaf.c
View File
| @@ -10,8 +10,7 @@ | |||||
| #include "decaf.h" | #include "decaf.h" | ||||
| /* TODO arch */ | |||||
| #define WBITS 64 | |||||
| #define WBITS DECAF_WORD_BITS | |||||
| #if WBITS == 64 | #if WBITS == 64 | ||||
| #define LBITS 56 | #define LBITS 56 | ||||
| @@ -36,7 +35,12 @@ typedef decaf_word_t gf[DECAF_LIMBS]; | |||||
| static const gf ZERO = {0}, ONE = {1}, TWO = {2}; | static const gf ZERO = {0}, ONE = {1}, TWO = {2}; | ||||
| #define LMASK ((((decaf_word_t)1)<<LBITS)-1) | #define LMASK ((((decaf_word_t)1)<<LBITS)-1) | ||||
| #if WBITS == 64 | |||||
| static const gf P = { LMASK, LMASK, LMASK, LMASK, LMASK-1, LMASK, LMASK, LMASK }; | static const gf P = { LMASK, LMASK, LMASK, LMASK, LMASK-1, LMASK, LMASK, LMASK }; | ||||
| #else | |||||
| static const gf P = { LMASK, LMASK, LMASK, LMASK, LMASK, LMASK, LMASK, LMASK, | |||||
| LMASK-1, LMASK, LMASK, LMASK, LMASK, LMASK, LMASK, LMASK }; | |||||
| #endif | |||||
| static const int EDWARDS_D = -39081; | static const int EDWARDS_D = -39081; | ||||
| const decaf_scalar_t decaf_scalar_p = {{{ | const decaf_scalar_t decaf_scalar_p = {{{ | ||||
+ 1
- 3
src/scalarmul.c
View File
| @@ -231,9 +231,7 @@ scalarmul_ed ( | |||||
| } | } | ||||
| i = nbits - WINDOW; | i = nbits - WINDOW; | ||||
| int bits = scalar2[i/WORD_BITS] >> (i%WORD_BITS) & WINDOW_MASK, | |||||
| inv = (bits>>(WINDOW-1))-1; | |||||
| bits ^= inv; | |||||
| int bits, inv; | |||||
| set_identity_tw_extended(working); | set_identity_tw_extended(working); | ||||
+ 18
- 13
test/test_pointops.c
View File
| @@ -282,24 +282,29 @@ single_twisting_test ( | |||||
| int test_decaf_evil (void) { | int test_decaf_evil (void) { | ||||
| #if FIELD_BITS != 448 || WORD_BITS != 64 | |||||
| #if FIELD_BITS != 448 | |||||
| printf(" [ UNIMP ] "); | printf(" [ UNIMP ] "); | ||||
| return 0; | return 0; | ||||
| #else | #else | ||||
| word_t evil_scalars[5][7] = { | |||||
| #if WORD_BITS==64 | |||||
| #define SC_WORD(x) x##ull | |||||
| #elif WORD_BITS==32 | |||||
| #define SC_WORD(x) (uint32_t)(x##ull), (x##ull)>>32 | |||||
| #endif | |||||
| word_t evil_scalars[5][448/WORD_BITS] = { | |||||
| {0}, | {0}, | ||||
| {0x2378c292ab5844f3,0x216cc2728dc58f55,0xc44edb49aed63690,0xffffffff7cca23e9, | |||||
| 0xffffffffffffffff,0xffffffffffffffff,0x3fffffffffffffff}, /* q */ | |||||
| {0xdc873d6d54a7bb0d,0xde933d8d723a70aa,0x3bb124b65129c96f, | |||||
| 0x335dc16,0x0,0x0,0x4000000000000000}, /* qtwist */ | |||||
| {0x46f1852556b089e6,0x42d984e51b8b1eaa,0x889db6935dac6d20,0xfffffffef99447d3, | |||||
| 0xffffffffffffffff,0xffffffffffffffff,0x7fffffffffffffff}, /* 2q */ | |||||
| {0xb90e7adaa94f761a,0xbd267b1ae474e155,0x7762496ca25392df,0x66bb82c, | |||||
| 0x0,0x0,0x8000000000000000} /* 2*qtwist */ | |||||
| {SC_WORD(0x2378c292ab5844f3),SC_WORD(0x216cc2728dc58f55),SC_WORD(0xc44edb49aed63690),SC_WORD(0xffffffff7cca23e9), | |||||
| SC_WORD(0xffffffffffffffff),SC_WORD(0xffffffffffffffff),SC_WORD(0x3fffffffffffffff)}, /* q */ | |||||
| {SC_WORD(0xdc873d6d54a7bb0d),SC_WORD(0xde933d8d723a70aa),SC_WORD(0x3bb124b65129c96f), | |||||
| SC_WORD(0x335dc16),SC_WORD(0x0),SC_WORD(0x0),SC_WORD(0x4000000000000000)}, /* qtwist */ | |||||
| {SC_WORD(0x46f1852556b089e6),SC_WORD(0x42d984e51b8b1eaa),SC_WORD(0x889db6935dac6d20),SC_WORD(0xfffffffef99447d3), | |||||
| SC_WORD(0xffffffffffffffff),SC_WORD(0xffffffffffffffff),SC_WORD(0x7fffffffffffffff)}, /* 2q */ | |||||
| {SC_WORD(0xb90e7adaa94f761a),SC_WORD(0xbd267b1ae474e155),SC_WORD(0x7762496ca25392df),SC_WORD(0x66bb82c), | |||||
| SC_WORD(0x0),SC_WORD(0x0),SC_WORD(0x8000000000000000)} /* 2*qtwist */ | |||||
| }; | }; | ||||
| word_t random_scalar[7]; | |||||
| word_t random_scalar[448/WORD_BITS]; | |||||
| unsigned char evil_inputs[3][56]; | unsigned char evil_inputs[3][56]; | ||||
| memset(evil_inputs[0],0,56); | memset(evil_inputs[0],0,56); | ||||