move various arch things to word.h or their arch files

8 years ago · ce75aee929
--- a/src/curve_ed25519/curve_data.inc.c
+++ b/src/curve_ed25519/curve_data.inc.c
@@ -1,14 +1,3 @@
 // FIXME move to arch or something
 #define WBITS DECAF_WORD_BITS
 #define LBITS DECAF_255_LIMB_BITS

 #if WBITS == 64
 #define LIMB(x) (x##ull)
 #define SC_LIMB(x) (x##ull)
 #else
 #error "Only supporting 64-bit platforms right now"
 #endif

 #define API_NAME "decaf_255"
 #define API_NS(_id) decaf_255_##_id
 #define API_NS2(_pref,_id) _pref##_decaf_255_##_id
--- a/src/curve_ed448goldilocks/curve_data.inc.c
+++ b/src/curve_ed448goldilocks/curve_data.inc.c
@@ -1,14 +1,3 @@
 #define WBITS DECAF_WORD_BITS
 // #define LBITS DECAF_448_LIMB_BITS // FIXME

 #if WBITS == 64
 #define SC_LIMB(x) (x##ull)
 #elif WBITS == 32
 #define SC_LIMB(x) (x##ull)&((1ull<<32)-1), (x##ull)>>32
 #else
 #error "Only supporting 32- and 64-bit platforms right now"
 #endif

 #define API_NAME "decaf_448"
 #define API_NS(_id) decaf_448_##_id
 #define API_NS2(_pref,_id) _pref##_decaf_448_##_id
--- a/src/decaf_fast.c
+++ b/src/decaf_fast.c
@@ -41,11 +41,9 @@ extern const gf SQRT_MINUS_ONE;
 extern const gf SQRT_ONE_MINUS_D; /* TODO: Intern this? */
 #endif

 #define sv static void
 #define snv static void __attribute__((noinline))
 #define siv static inline void __attribute__((always_inline))


 #define NOINLINE __attribute__((noinline))
 #define INLINE inline __attribute__((always_inline))
 #define WBITS DECAF_WORD_BITS

 const scalar_t API_NS(scalar_one) = {{{1}}}, API_NS(scalar_zero) = {{{0}}};
 extern const scalar_t API_NS(sc_r2);
@@ -90,22 +88,26 @@ const size_t API_NS2(alignof,precomputed_s) = 32;
 #define FOR_LIMB_U(i,op) { unsigned int i=0; UNROLL for (i=0; i<NLIMBS; i++)  { op; }}

 /** Copy x = y */
 siv gf_cpy(gf x, const gf y) { x[0] = y[0]; }
 static INLINE void
 gf_cpy(gf x, const gf y) { x[0] = y[0]; }

 /** Constant time, x = is_z ? z : y */
 siv cond_sel(gf x, const gf y, const gf z, decaf_bool_t is_z) {
 static INLINE void
 cond_sel(gf x, const gf y, const gf z, decaf_bool_t is_z) {
    constant_time_select(x,z,y,sizeof(gf),is_z);
 }

 /** Constant time, if (neg) x=-x; */
 sv cond_neg(gf x, decaf_bool_t neg) {
 static void
 cond_neg(gf x, decaf_bool_t neg) {
    gf y;
    gf_sub(y,ZERO,x);
    cond_sel(x,x,y,neg);
 }

 /** Constant time, if (swap) (x,y) = (y,x); */
 siv cond_swap(gf x, gf_s *__restrict__ y, decaf_bool_t swap) {
 static INLINE void
 cond_swap(gf x, gf_s *__restrict__ y, decaf_bool_t swap) {
    FOR_LIMB_U(i, {
        decaf_word_t s = (x->limb[i] ^ y->limb[i]) & swap;
        x->limb[i] ^= s;
@@ -114,7 +116,9 @@ siv cond_swap(gf x, gf_s *__restrict__ y, decaf_bool_t swap) {
 }

 /** Compare a==b */
 decaf_word_t __attribute__((noinline)) gf_eq(const gf a, const gf b) {
 /* Not static because it's used in inverse square root. */
 decaf_word_t
 gf_eq(const gf a, const gf b) {
    gf c;
    gf_sub(c,a,b);
    gf_strong_reduce(c);
@@ -125,7 +129,8 @@ decaf_word_t __attribute__((noinline)) gf_eq(const gf a, const gf b) {
 }

 /** Inverse square root using addition chain. */
 static decaf_bool_t gf_isqrt_chk(gf y, const gf x, decaf_bool_t allow_zero) {
 static decaf_bool_t
 gf_isqrt_chk(gf y, const gf x, decaf_bool_t allow_zero) {
    gf tmp0, tmp1;
    gf_isr((gf_s *)y, (const gf_s *)x);
    gf_sqr(tmp0,y);
@@ -134,7 +139,8 @@ static decaf_bool_t gf_isqrt_chk(gf y, const gf x, decaf_bool_t allow_zero) {
 }

 /** Inverse. */
 sv gf_invert(gf y, const gf x) {
 static void
 gf_invert(gf y, const gf x) {
    gf t1, t2;
    gf_sqr(t1, x); // o^2
    decaf_bool_t ret = gf_isqrt_chk(t2, t1, 0); // +-1/sqrt(o^2) = +-1/o
@@ -148,7 +154,8 @@ sv gf_invert(gf y, const gf x) {
 * Mul by signed int.  Not constant-time WRT the sign of that int.
 * Just uses a full mul (PERF)
 */
 static inline void gf_mulw_sgn(gf c, const gf a, int w) {
 static INLINE void
 gf_mulw_sgn(gf c, const gf a, int w) {
    if (w>0) {
        gf_mulw(c, a, w);
    } else {
@@ -178,7 +185,8 @@ static decaf_word_t lobit(const gf x) {
 /** {extra,accum} - sub +? p
 * Must have extra <= 1
 */
 snv sc_subx(
 static NOINLINE void
 sc_subx(
    scalar_t out,
    const decaf_word_t accum[SCALAR_LIMBS],
    const scalar_t sub,
@@ -202,7 +210,8 @@ snv sc_subx(
    }
 }

 snv sc_montmul (
 static NOINLINE void
 sc_montmul (
    scalar_t out,
    const scalar_t a,
    const scalar_t b
@@ -250,7 +259,8 @@ void API_NS(scalar_mul) (
 }

 /* PERF: could implement this */
 siv sc_montsqr (
 static INLINE void
 sc_montsqr (
    scalar_t out,
    const scalar_t a
 ) {
@@ -357,7 +367,8 @@ void API_NS(scalar_add) (
    sc_subx(out, out->limb, sc_p, sc_p, chain);
 }

 snv sc_halve (
 static NOINLINE void
 sc_halve (
    scalar_t out,
    const scalar_t a,
    const scalar_t p
@@ -376,7 +387,8 @@ snv sc_halve (
    out->limb[i] = out->limb[i]>>1 | chain<<(WBITS-1);
 }

 void API_NS(scalar_set_unsigned) (
 void
 API_NS(scalar_set_unsigned) (
    scalar_t out,
    decaf_word_t w
 ) {
@@ -384,7 +396,8 @@ void API_NS(scalar_set_unsigned) (
    out->limb[0] = w;
 }

 decaf_bool_t API_NS(scalar_eq) (
 decaf_bool_t
 API_NS(scalar_eq) (
    const scalar_t a,
    const scalar_t b
 ) {
@@ -401,11 +414,13 @@ decaf_bool_t API_NS(scalar_eq) (
 /** identity = (0,1) */
 const point_t API_NS(point_identity) = {{{{{0}}},{{{1}}},{{{1}}},{{{0}}}}};

 static void gf_encode ( unsigned char ser[SER_BYTES], gf a ) {
 static void
 gf_encode ( unsigned char ser[SER_BYTES], gf a ) {
    gf_serialize(ser, (gf_s *)a);
 }

 static void deisogenize (
 static void
 deisogenize (
    gf_s *__restrict__ s,
    gf_s *__restrict__ minus_t_over_s,
    const point_t p,
@@ -655,7 +670,8 @@ void API_NS(point_add) (
    gf_mul ( p->t, b, c );
 }

 snv point_double_internal (
 static NOINLINE void
 point_double_internal (
    point_t p,
    const point_t q,
    decaf_bool_t before_double
@@ -691,7 +707,8 @@ void API_NS(point_negate) (
    gf_sub(nega->t, ZERO, a->t);
 }

 siv scalar_decode_short (
 static INLINE void
 scalar_decode_short (
    scalar_t s,
    const unsigned char ser[SER_BYTES],
    unsigned int nbytes
@@ -728,7 +745,7 @@ void API_NS(scalar_destroy) (
    decaf_bzero(scalar, sizeof(scalar_t));
 }

 static inline void ignore_result ( decaf_bool_t boo ) {
 static INLINE void ignore_result ( decaf_bool_t boo ) {
    (void)boo;
 }

@@ -783,7 +800,8 @@ void API_NS(scalar_encode)(
 }

 /* Operations on [p]niels */
 siv cond_neg_niels (
 static INLINE void
 cond_neg_niels (
    niels_t n,
    decaf_bool_t neg
 ) {
@@ -814,7 +832,8 @@ static void pniels_to_pt (
    gf_sqr ( e->z, d->z );
 }

 snv niels_to_pt (
 static NOINLINE void
 niels_to_pt (
    point_t e,
    const niels_t n
 ) {
@@ -824,7 +843,8 @@ snv niels_to_pt (
    gf_cpy ( e->z, ONE );
 }

 snv add_niels_to_pt (
 static NOINLINE void
 add_niels_to_pt (
    point_t d,
    const niels_t e,
    decaf_bool_t before_double
@@ -845,7 +865,8 @@ snv add_niels_to_pt (
    if (!before_double) gf_mul ( d->t, b, c );
 }

 snv sub_niels_from_pt (
 static NOINLINE void
 sub_niels_from_pt (
    point_t d,
    const niels_t e,
    decaf_bool_t before_double
@@ -866,7 +887,8 @@ snv sub_niels_from_pt (
    if (!before_double) gf_mul ( d->t, b, c );
 }

 sv add_pniels_to_pt (
 static void
 add_pniels_to_pt (
    point_t p,
    const pniels_t pn,
    decaf_bool_t before_double
@@ -877,7 +899,8 @@ sv add_pniels_to_pt (
    add_niels_to_pt( p, pn->n, before_double );
 }

 sv sub_pniels_from_pt (
 static void
 sub_pniels_from_pt (
    point_t p,
    const pniels_t pn,
    decaf_bool_t before_double
@@ -890,7 +913,8 @@ sv sub_pniels_from_pt (

 extern const scalar_t API_NS(point_scalarmul_adjustment);

 siv constant_time_lookup_xx (
 static INLINE void
 constant_time_lookup_xx (
    void *__restrict__ out_,
    const void *table_,
    decaf_word_t elem_bytes,
@@ -900,7 +924,8 @@ siv constant_time_lookup_xx (
    constant_time_lookup(out_,table_,elem_bytes,n_table,idx);
 }

 snv prepare_fixed_window(
 static NOINLINE void
 prepare_fixed_window(
    pniels_t *multiples,
    const point_t b,
    int ntable
@@ -1416,7 +1441,8 @@ void API_NS(precompute) (

 extern const scalar_t API_NS(precomputed_scalarmul_adjustment);

 siv constant_time_lookup_xx_niels (
 static INLINE void
 constant_time_lookup_xx_niels (
    niels_s *__restrict__ ni,
    const niels_t *table,
    int nelts,
@@ -1573,7 +1599,8 @@ static int recode_wnaf (
    return position;
 }

 sv prepare_wnaf_table(
 static void
 prepare_wnaf_table(
    pniels_t *output,
    const point_t working,
    unsigned int tbits
@@ -1690,7 +1717,7 @@ void API_NS(base_double_scalarmul_non_secret) (
        }
    }
    
    // Non-secret, but whatever this is cheap.
    /* This function is non-secret, but whatever this is cheap. */
    decaf_bzero(control_var,sizeof(control_var));
    decaf_bzero(control_pre,sizeof(control_pre));
    decaf_bzero(precmp_var,sizeof(precmp_var));
@@ -1700,13 +1727,13 @@ void API_NS(base_double_scalarmul_non_secret) (
 }

 void API_NS(point_destroy) (
  point_t point
    point_t point
 ) {
    decaf_bzero(point, sizeof(point_t));
 }

 void API_NS(precomputed_destroy) (
  precomputed_s *pre
    precomputed_s *pre
 ) {
    decaf_bzero(pre, API_NS2(sizeof,precomputed_s));
 }
--- a/src/include/word.h
+++ b/src/include/word.h
@@ -46,7 +46,8 @@ typedef __int128_t dsword_t;
 #define U60LE(x) x##ull
 #define letohWORD letoh64
 #define GOLDI_BITS 64
 #else
 #define SC_LIMB(x) (x##ull)
 #elif (WORD_BITS == 32)
 typedef uint16_t hword_t;
 typedef uint32_t word_t;
 typedef uint64_t dword_t;
@@ -62,6 +63,9 @@ typedef int64_t dsword_t;
 #define U60LE(x) (x##ull)&((1ull<<30)-1), (x##ull)>>30
 #define letohWORD letoh32
 #define GOLDI_BITS 32
 #define SC_LIMB(x) (x##ull)
 #else
 #error "For now, libdecaf only supports 32- and 64-bit architectures."
 #endif

 #define DIV_CEIL(_x,_y) (((_x) + (_y) - 1)/(_y))
--- a/src/public_include/decaf/decaf_255.h
+++ b/src/public_include/decaf/decaf_255.h
@@ -18,7 +18,7 @@ extern "C" {
 #endif

 #define DECAF_255_LIMBS (320/DECAF_WORD_BITS)
 #define DECAF_255_SCALAR_BITS 254 // Curve25519: 253
 #define DECAF_255_SCALAR_BITS 253
 #define DECAF_255_SCALAR_LIMBS (256/DECAF_WORD_BITS)

 #ifndef __DECAF_255_GF_DEFINED__