jmg
/
ed448goldilocks
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
189 Commits
2 Branches
1.6 MiB
 
 
 
 
 
Tree: 906d7fe1fc
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '906d7fe1fc'
${ noResults }
ed448goldilocks/test/test_decaf.sage

281 lines
8.3 KiB
Raw Blame History 

  1. from ctypes import *

  2. from base64 import *

  3. 

  4. DECAF = CDLL("libdecaf.so")

  5. 

  6. F = GF(2^448-2^224-1)

  7. d = -39081

  8. E = EllipticCurve(F,[0,2-4*d,0,1,0])

  9. p_tor4 = E.lift_x(-1)

  10. Tor = [p_tor4 * i for i in xrange(4)]

  11. q = 2^446-0x8335dc163bb124b65129c96fde933d8d723a70aadc873d6d54a7bb0d

  12. FQ = GF(q)

  13. 

  14. def from_le(buf):

  15.     return sum([256^i * ord(x) for i,x in enumerate(buf)])

  16. 

  17. def to_le(x,n):

  18.     x = int(x)

  19.     if x >= 256^n:

  20.         raise Exception("Integer too big in to_le(%d,%d)" % (x,n))

  21.     return "".join([chr(x>>(8*i) & 255) for i in xrange(n)])

  22. 

  23. class DecafScalar():

  24.     _UNDER = c_uint64 * int(7)

  25.     def __init__(self,cstruct=None,scalar=None):

  26.         if cstruct is None:

  27.             cstruct = DecafScalar._UNDER()

  28.             memmove(addressof(cstruct),

  29.                 DECAF.decaf_448_scalar_zero,

  30.                 8*7

  31.             )

  32.         if scalar is None:

  33.             scalar = E(0)

  34.         self.cstruct = cstruct

  35.         self.scalar = scalar

  36.         

  37.         self._check()

  38.     

  39.     @staticmethod

  40.     def _c_deser(str):

  41.         buffer = (c_uint8*int(56)).from_buffer_copy(str)

  42.         cstruct = DecafScalar._UNDER()

  43.         ret = DECAF.decaf_448_scalar_decode(cstruct,buffer,c_uint64(-1))

  44.         if ret != -1:

  45.             raise Exception("scalar didn't decode")

  46.         return cstruct

  47.     

  48.     @staticmethod

  49.     def _sage_deser(str):

  50.         s = from_le(str)

  51.         if s >= FQ.cardinality(): raise Exception("scalar didn't decode")

  52.         return FQ(s)

  53.     

  54.     def __eq__(self,other):

  55.         csays = bool(DECAF.decaf_448_scalar_eq(self.cstruct,other.cstruct))

  56.         sagesays = any([self.scalar == other.scalar + t for t in Tor])

  57.         if csays != sagesays:

  58.             raise Exception("C and SAGE don't agree: %d %d" % (csays, sagesays))

  59.         return csays

  60.     

  61.     def __add__(self,other):

  62.         cstruct = DecafScalar._UNDER()

  63.         DECAF.decaf_448_scalar_add(cstruct,self.cstruct,other.cstruct)

  64.         return DecafScalar(cstruct,self.scalar + other.scalar)

  65.     

  66.     def __sub__(self,other):

  67.         cstruct = DecafScalar._UNDER()

  68.         DECAF.decaf_448_scalar_sub(cstruct,self.cstruct,other.cstruct)

  69.         return DecafScalar(cstruct,self.scalar - other.scalar)

  70.     

  71.     def __mul__(self,other):

  72.         if isinstance(other,DecafScalar):

  73.             cstruct = DecafScalar._UNDER()

  74.             DECAF.decaf_448_scalar_mul(cstruct,self.cstruct,other.cstruct)

  75.             return DecafScalar(cstruct,self.scalar * other.scalar)

  76.         elif isinstance(other,DecafPoint):

  77.             cstruct = DecafPoint._UNDER()

  78.             DECAF.decaf_448_point_scalarmul(cstruct,other.cstruct,self.cstruct)

  79.             return DecafPoint(cstruct,int(self.scalar) * other.point)

  80.         else: raise Exception("Nope")

  81.     

  82.     def __div__(self,other):

  83.         return self / other.inverse()

  84.     

  85.     def inverse(self):

  86.         cstruct = DecafScalar._UNDER()

  87.         z = DECAF.decaf_448_scalar_invert(cstruct,self.cstruct)

  88.         if bool(z) != (self.scalar == 0):

  89.             raise Exception("C and SAGE don't agree")

  90.         return DecafScalar(cstruct,1/self.scalar)

  91.     

  92.     def __neg__(self):

  93.         cstruct = DecafScalar._UNDER()

  94.         DECAF.decaf_448_scalar_negate(cstruct,self.cstruct)

  95.         return DecafScalar(cstruct,-self.scalar)

  96.         

  97.     def __str__(self):

  98.         return " ".join(["%02x"%ord(b) for b in self.ser()])

  99.     

  100.     def __repr__(self):

  101.         return "DecafScalar.fromInt(%d)" % self.scalar

  102.     

  103.     @classmethod

  104.     def fromInt(cls,i):

  105.         return cls.deser(to_le(i,56))

  106.         

  107.     def to64(self):

  108.         return b64encode(self.ser())

  109.     

  110.     @classmethod

  111.     def from64(cls,str):

  112.         return cls.deser(b64decode(str))

  113.     

  114.     @classmethod

  115.     def deser(cls,str):

  116.         good = True

  117.         try: cstruct = cls._c_deser(str)

  118.         except Exception: good = False

  119.         

  120.         good2 = True

  121.         try: scalar = cls._sage_deser(str)

  122.         except Exception: good2 = False

  123.         

  124.         if good != good2:

  125.             raise Exception("C and SAGE don't agree")

  126.         elif not good:

  127.             raise Exception("scalar didn't decode")

  128.         

  129.         return cls(cstruct,scalar)

  130. 

  131.     @staticmethod

  132.     def _c_ser(cstruct):

  133.         buffer = (c_uint8*int(56))()

  134.         DECAF.decaf_448_scalar_encode(buffer,cstruct)

  135.         return str(bytearray(buffer))

  136.     

  137.     def ser(self):

  138.         return self._c_ser(self.cstruct)

  139. 

  140.     @staticmethod

  141.     def _sage_ser(P):

  142.         return to_le(P,56)

  143.         

  144.     def _check(self):

  145.         ss = self._sage_ser(self.scalar)

  146.         cs = self._c_ser(self.cstruct)

  147.         if ss != cs:

  148.             print ss

  149.             print cs

  150.             raise Exception("Check failed!")

  151.         return True

  152. 

  153. class DecafPoint():

  154.     _UNDER = c_uint64 * int(8*4)

  155.     def __init__(self,cstruct=None,point=None):

  156.         if cstruct is None:

  157.             cstruct = DecafPoint._UNDER()

  158.             memmove(addressof(cstruct),

  159.                 DECAF.decaf_448_point_identity,

  160.                 8*8*4

  161.             )

  162.         if point is None:

  163.             point = E(0)

  164.         self.cstruct = cstruct

  165.         self.point = point

  166.         

  167.         self._check()

  168.     

  169.     @staticmethod

  170.     def _c_deser(str):

  171.         buffer = (c_uint8*int(56)).from_buffer_copy(str)

  172.         cstruct = DecafPoint._UNDER()

  173.         ret = DECAF.decaf_448_point_decode(cstruct,buffer,c_uint64(-1))

  174.         if ret != -1:

  175.             raise Exception("Point didn't decode")

  176.         return cstruct

  177.     

  178.     @staticmethod

  179.     def _sage_deser(str):

  180.         s = from_le(str)

  181.         if s > (F.cardinality()-1)/2: raise Exception("Point didn't decode")

  182.         if (s==0): return E(0)

  183.         if not E.is_x_coord(s^2): raise Exception("Point didn't decode")

  184.         P = E.lift_x(s^2)

  185.         t = P.xy()[1] / s

  186.         if is_odd(int(2*t/s)): P = -P

  187.         return P

  188.     

  189.     def __eq__(self,other):

  190.         csays = bool(DECAF.decaf_448_point_eq(self.cstruct,other.cstruct))

  191.         sagesays = any([self.point == other.point + t for t in Tor])

  192.         if csays != sagesays:

  193.             raise Exception("C and SAGE don't agree: %d %d" % (csays, sagesays))

  194.         return csays

  195.     

  196.     def __add__(self,other):

  197.         cstruct = DecafPoint._UNDER()

  198.         DECAF.decaf_448_point_add(cstruct,self.cstruct,other.cstruct)

  199.         return DecafPoint(cstruct,self.point + other.point)

  200.     

  201.     def __sub__(self,other):

  202.         cstruct = DecafPoint._UNDER()

  203.         DECAF.decaf_448_point_sub(cstruct,self.cstruct,other.cstruct)

  204.         return DecafPoint(cstruct,self.point - other.point)

  205.         

  206.     def __mul__(self,other):

  207.         if isinstance(other,DecafScalar):

  208.             return other*self

  209.         else:

  210.             raise Exception("nope")

  211.         

  212.     def __div__(self,other):

  213.         if isinstance(other,DecafScalar):

  214.             return other.inverse()*self

  215.         else:

  216.             raise Exception("nope")

  217.     

  218.     def __neg__(self):

  219.         cstruct = DecafPoint._UNDER()

  220.         DECAF.decaf_448_point_negate(cstruct,self.cstruct)

  221.         return DecafPoint(cstruct,-self.point)

  222.         

  223.     def __str__(self):

  224.         return " ".join(["%02x"%ord(b) for b in self.ser()])

  225.     

  226.     def __repr__(self):

  227.         return "DecafPoint.from64('%s')" % self.to64()

  228.         

  229.     def to64(self):

  230.         return b64encode(self.ser())

  231.     

  232.     @classmethod

  233.     def from64(cls,str):

  234.         return cls.deser(b64decode(str))

  235.     

  236.     @classmethod

  237.     def deser(cls,str):

  238.         good = True

  239.         try: cstruct = cls._c_deser(str)

  240.         except Exception: good = False

  241.         

  242.         good2 = True

  243.         try: point = cls._sage_deser(str)

  244.         except Exception: good2 = False

  245.         

  246.         if good != good2:

  247.             raise Exception("C and SAGE don't agree")

  248.         elif not good:

  249.             raise Exception("Point didn't decode")

  250.         

  251.         return cls(cstruct,point)

  252. 

  253.     @staticmethod

  254.     def _c_ser(cstruct):

  255.         buffer = (c_uint8*int(56))()

  256.         DECAF.decaf_448_point_encode(buffer,cstruct)

  257.         return str(bytearray(buffer))

  258.     

  259.     def ser(self):

  260.         return self._c_ser(self.cstruct)

  261. 

  262.     @staticmethod

  263.     def _sage_ser(P):

  264.         if P == E(0): return to_le(0,56)

  265.         x,y = P.xy()

  266.         s = sqrt(x)

  267.         if s==0: return to_le(0,56)

  268.         if is_odd(int(2*y/s^2)): s = 1/s

  269.         if int(s) > (F.cardinality()-1)/2: s = -s

  270.         return to_le(s,56)

  271.         

  272.     def _check(self):

  273.         ss = self._sage_ser(self.point)

  274.         cs = self._c_ser(self.cstruct)

  275.         if ss != cs:

  276.             print ss

  277.             print cs

  278.             raise Exception("Check failed!")

  279.         return True

  280.     

  281.