jmg
/
ed448goldilocks
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
144 Commits
2 Branches
1.6 MiB
 
 
 
 
 
Tree: faeb1fb092
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'faeb1fb092'
${ noResults }
ed448goldilocks/include/decaf.hxx

287 lines
12 KiB
Raw Blame History 

  1. /**

  2.  * @file decaf.hxx

  3.  * @author Mike Hamburg

  4.  *

  5.  * @copyright

  6.  *   Copyright (c) 2015 Cryptography Research, Inc.  \n

  7.  *   Released under the MIT License.  See LICENSE.txt for license information.

  8.  *

  9.  * @brief A group of prime order p, C++ wrapper.

  10.  *

  11.  * The Decaf library implements cryptographic operations on a an elliptic curve

  12.  * group of prime order p.  It accomplishes this by using a twisted Edwards

  13.  * curve (isogenous to Ed448-Goldilocks) and wiping out the cofactor.

  14.  *

  15.  * The formulas are all complete and have no special cases, except that

  16.  * decaf_448_decode can fail because not every sequence of bytes is a valid group

  17.  * element.

  18.  *

  19.  * The formulas contain no data-dependent branches, timing or memory accesses,

  20.  * except for decaf_448_base_double_scalarmul_non_secret.

  21.  */

  22. #ifndef __DECAF_448_HXX__

  23. #define __DECAF_448_HXX__ 1

  24. 

  25. #define _XOPEN_SOURCE 600 /* for posix_memalign */

  26. #include <stdlib.h>

  27. #include <string.h> /* for memcpy */

  28. 

  29. #include "decaf.h"

  30. #include <string>

  31. #include <sys/types.h>

  32. #include <limits.h>

  33. 

  34. /* TODO: document */

  35. /* TODO: This is incomplete */

  36. /* TODO: attribute nonnull */

  37. 

  38. #if __cplusplus >= 201103L

  39. #define NOEXCEPT noexcept

  40. #define EXPLICIT_CON explicit

  41. #define GET_DATA(str) ((const unsigned char *)&(str)[0])

  42. #else

  43. #define NOEXCEPT throw()

  44. #define EXPLICIT_CON

  45. #define GET_DATA(str) ((const unsigned char *)((str).data()))

  46. #endif

  47. 

  48. namespace decaf {

  49. 

  50. void really_bzero(void *data, size_t size);

  51.     

  52. template<unsigned int bits = 448> struct decaf;

  53. template<> struct decaf<448> {

  54. 

  55. class CryptoException : public std::exception {

  56. public:

  57.     CryptoException() {}

  58.     virtual ~CryptoException() NOEXCEPT {}

  59.     virtual const char * what() const NOEXCEPT { return "CryptoException"; }

  60. };

  61. 

  62. class Point;

  63. class Precomputed;

  64. 

  65. class Scalar {

  66. public:

  67.     decaf_448_scalar_t s;

  68.     inline Scalar() NOEXCEPT {}

  69.     inline Scalar(const decaf_word_t w) NOEXCEPT {  decaf_448_scalar_set(s,w); } 

  70.     inline Scalar(const int w) NOEXCEPT {

  71.         Scalar t(-(decaf_word_t)INT_MIN);

  72.         decaf_448_scalar_set(s,(decaf_word_t)w - (decaf_word_t)INT_MIN);

  73.         *this -= t;

  74.     } 

  75.     inline Scalar(const decaf_448_scalar_t &t) NOEXCEPT {  decaf_448_scalar_copy(s,t); } 

  76.     inline Scalar(const Scalar &x) NOEXCEPT {  decaf_448_scalar_copy(s,x.s); }

  77.     inline Scalar& operator=(const Scalar &x) NOEXCEPT {  decaf_448_scalar_copy(s,x.s); return *this; } 

  78.     inline ~Scalar() NOEXCEPT {  decaf_448_scalar_destroy(s); }

  79.     

  80.     /* Initialize from buffer */

  81.     inline Scalar &operator=(const std::string &str) NOEXCEPT {

  82.         decaf_448_scalar_decode_long(s,GET_DATA(str),str.length()); return *this;

  83.     }

  84.     inline explicit Scalar(const std::string &str) NOEXCEPT { *this = str; }

  85.     inline Scalar(const unsigned char *buffer, size_t n) NOEXCEPT { decaf_448_scalar_decode_long(s,buffer,n); }

  86.     inline Scalar(const char *buffer, size_t n) NOEXCEPT { decaf_448_scalar_decode_long(s,(const unsigned char *)buffer,n); }

  87.     inline Scalar(const void *buffer, size_t n) NOEXCEPT { decaf_448_scalar_decode_long(s,(const unsigned char *)buffer,n); }

  88.     static inline decaf_bool_t __attribute__((warn_unused_result)) decode (

  89.         Scalar &sc, const unsigned char buffer[DECAF_448_SCALAR_BYTES]

  90.     ) NOEXCEPT {

  91.         return decaf_448_scalar_decode(sc.s,buffer);

  92.     }

  93.     static inline decaf_bool_t __attribute__((warn_unused_result)) decode (

  94.         Scalar &sc, const std::string buffer

  95.     ) NOEXCEPT {

  96.         if (buffer.size() != DECAF_448_SCALAR_BYTES) return DECAF_FAILURE;

  97.         return decaf_448_scalar_decode(sc.s,GET_DATA(buffer));

  98.     }

  99.     inline EXPLICIT_CON operator std::string() const NOEXCEPT {

  100.         unsigned char buffer[DECAF_448_SCALAR_BYTES];

  101.         decaf_448_scalar_encode(buffer, s);

  102.         return std::string((char*)buffer,sizeof(buffer));

  103.     }

  104.     inline void encode(unsigned char buffer[DECAF_448_SCALAR_BYTES]) const NOEXCEPT{

  105.         decaf_448_scalar_encode(buffer, s);

  106.     }

  107.     

  108.     /* Arithmetic */

  109.     inline Scalar operator+ (const Scalar &q) const NOEXCEPT { Scalar r; decaf_448_scalar_add(r.s,s,q.s); return r; }

  110.     inline Scalar operator+=(const Scalar &q)       NOEXCEPT { decaf_448_scalar_add(s,s,q.s); return *this; }

  111.     inline Scalar operator- (const Scalar &q) const NOEXCEPT { Scalar r; decaf_448_scalar_sub(r.s,s,q.s); return r; }

  112.     inline Scalar operator-=(const Scalar &q)       NOEXCEPT { decaf_448_scalar_sub(s,s,q.s); return *this; }

  113.     inline Scalar operator* (const Scalar &q) const NOEXCEPT { Scalar r; decaf_448_scalar_mul(r.s,s,q.s); return r; }

  114.     inline Scalar operator*=(const Scalar &q)       NOEXCEPT { decaf_448_scalar_mul(s,s,q.s); return *this; }

  115.     inline Scalar inverse() const NOEXCEPT { Scalar r; decaf_448_scalar_invert(r.s,s); return r; }

  116.     inline Scalar operator/ (const Scalar &q) const NOEXCEPT { Scalar r; decaf_448_scalar_mul(r.s,s,q.inverse().s); return r; }

  117.     inline Scalar operator/=(const Scalar &q)       NOEXCEPT { decaf_448_scalar_mul(s,s,q.inverse().s); return *this; }

  118.     inline Scalar operator- ()                const NOEXCEPT { Scalar r; decaf_448_scalar_sub(r.s,decaf_448_scalar_zero,s); return r; }

  119.     inline bool   operator!=(const Scalar &q) const NOEXCEPT { return ! decaf_448_scalar_eq(s,q.s); }

  120.     inline bool   operator==(const Scalar &q) const NOEXCEPT { return !!decaf_448_scalar_eq(s,q.s); }

  121.     

  122.     inline Point operator* (const Point &q) const NOEXCEPT { return q * (*this); }

  123.     inline Point operator* (const Precomputed &q) const NOEXCEPT { return q * (*this); }

  124. };

  125. 

  126. class Point {

  127. public:

  128.     decaf_448_point_t p;

  129.     inline Point() {}

  130.     inline Point(const decaf_448_point_t &q) { decaf_448_point_copy(p,q); } /* TODO: not memcpy? */

  131.     inline Point(const Point &q) { decaf_448_point_copy(p,q.p); }

  132.     inline Point& operator=(const Point &q) { decaf_448_point_copy(p,q.p); return *this; }

  133.     inline ~Point() { decaf_448_point_destroy(p); }

  134.     

  135.     inline explicit Point(const std::string &s, decaf_bool_t allow_identity=DECAF_TRUE) throw(CryptoException) {

  136.         if (!decode(*this,s,allow_identity)) throw CryptoException();

  137.     }

  138.     inline explicit Point(const unsigned char buffer[DECAF_448_SER_BYTES], decaf_bool_t allow_identity=DECAF_TRUE)

  139.         throw(CryptoException) { if (!decode(*this,buffer,allow_identity)) throw CryptoException(); }

  140.     

  141.     /* serialize / deserialize */

  142.     static inline decaf_bool_t __attribute__((warn_unused_result)) decode (

  143.         Point &p, const unsigned char buffer[DECAF_448_SER_BYTES], decaf_bool_t allow_identity=DECAF_TRUE

  144.     ) NOEXCEPT {

  145.         return decaf_448_point_decode(p.p,buffer,allow_identity);

  146.     }

  147.     static inline decaf_bool_t __attribute__((warn_unused_result)) decode (

  148.         Point &p, const std::string &buffer, decaf_bool_t allow_identity=DECAF_TRUE

  149.     ) NOEXCEPT {

  150.         if (buffer.size() != DECAF_448_SER_BYTES) return DECAF_FAILURE;

  151.         return decaf_448_point_decode(p.p,GET_DATA(buffer),allow_identity);

  152.     }

  153.     

  154.     static inline Point from_hash_nonuniform ( const unsigned char buffer[DECAF_448_SER_BYTES] ) NOEXCEPT {

  155.         Point p; decaf_448_point_from_hash_nonuniform(p.p,buffer); return p;

  156.     }

  157.     static inline Point from_hash_nonuniform ( const std::string &s ) NOEXCEPT {

  158.         std::string t = s;

  159.         if (t.size() < DECAF_448_SER_BYTES) t.insert(t.size(),DECAF_448_SER_BYTES-t.size(),0);

  160.         Point p; decaf_448_point_from_hash_nonuniform(p.p,GET_DATA(t)); return p;

  161.     }

  162.     static inline Point from_hash ( const unsigned char buffer[2*DECAF_448_SER_BYTES] ) NOEXCEPT {

  163.         Point p; decaf_448_point_from_hash_uniform(p.p,buffer); return p;

  164.     }

  165.     static inline Point from_hash ( const std::string &s ) NOEXCEPT {

  166.         std::string t = s;

  167.         if (t.size() < DECAF_448_SER_BYTES) return from_hash_nonuniform(s);

  168.         if (t.size() < 2*DECAF_448_SER_BYTES) t.insert(t.size(),2*DECAF_448_SER_BYTES-t.size(),0);

  169.         Point p; decaf_448_point_from_hash_uniform(p.p,GET_DATA(t)); return p;

  170.     }

  171.     

  172.     inline EXPLICIT_CON operator std::string() const NOEXCEPT {

  173.         unsigned char buffer[DECAF_448_SER_BYTES];

  174.         decaf_448_point_encode(buffer, p);

  175.         return std::string((char*)buffer,sizeof(buffer));

  176.     }

  177.     inline void encode(unsigned char buffer[DECAF_448_SER_BYTES]) const NOEXCEPT{

  178.         decaf_448_point_encode(buffer, p);

  179.     }

  180.     

  181.     /* Point/point arithmetic */

  182.     inline Point operator+ (const Point &q)  const NOEXCEPT { Point r; decaf_448_point_add(r.p,p,q.p); return r; }

  183.     inline Point operator+=(const Point &q)        NOEXCEPT { decaf_448_point_add(p,p,q.p); return *this; }

  184.     inline Point operator- (const Point &q)  const NOEXCEPT { Point r; decaf_448_point_sub(r.p,p,q.p); return r; }

  185.     inline Point operator-=(const Point &q)        NOEXCEPT { decaf_448_point_sub(p,p,q.p); return *this; }

  186.     inline Point operator- ()                const NOEXCEPT { Point r; decaf_448_point_negate(r.p,p); return r; }

  187.     inline Point times_two ()                const NOEXCEPT { Point r; decaf_448_point_double(r.p,p); return r; }

  188.     inline Point &double_in_place()                NOEXCEPT { decaf_448_point_double(p,p); return *this; }

  189.     inline bool  operator!=(const Point &q)  const NOEXCEPT { return ! decaf_448_point_eq(p,q.p); }

  190.     inline bool  operator==(const Point &q)  const NOEXCEPT { return !!decaf_448_point_eq(p,q.p); }

  191.     

  192.     /* Scalarmul */

  193.     inline Point operator* (const Scalar &s) const NOEXCEPT { Point r; decaf_448_point_scalarmul(r.p,p,s.s); return r; }

  194.     inline Point operator*=(const Scalar &s)       NOEXCEPT { decaf_448_point_scalarmul(p,p,s.s); return *this; }

  195.     inline Point operator/ (const Scalar &s) const NOEXCEPT { return (*this) * s.inverse(); }

  196.     

  197.     static inline Point double_scalar_mul (

  198.         const Point &q, const Scalar &qs, const Point &r, const Scalar &rs

  199.     ) NOEXCEPT {

  200.         Point p; decaf_448_point_double_scalarmul(p.p,q.p,qs.s,r.p,rs.s); return p;

  201.     }

  202.     

  203.     /* FIXME: are these defined to be correct? */

  204.     static inline const Point &base() NOEXCEPT { return *(const Point *)decaf_448_point_base; }

  205.     static inline const Point &identity() NOEXCEPT { return *(const Point *)decaf_448_point_identity; }

  206. };

  207. 

  208. class Precomputed {

  209. public:

  210.     union {

  211.         decaf_448_precomputed_s *mine;

  212.         const decaf_448_precomputed_s *yours;

  213.     } ours;

  214.     bool isMine;

  215.     

  216. private:

  217.     inline void clear() NOEXCEPT {

  218.         if (isMine) {

  219.             decaf_448_precomputed_destroy(ours.mine);

  220.             free(ours.mine);

  221.             ours.yours = decaf_448_precomputed_base;

  222.             isMine = false;

  223.         }

  224.     }

  225.     inline void alloc() {

  226.         if (isMine) return;

  227.         int ret = posix_memalign((void**)&ours.mine, alignof_decaf_448_precomputed_s,sizeof_decaf_448_precomputed_s);

  228.         if (ret || !ours.mine) {

  229.             isMine = false;

  230.             throw std::bad_alloc();

  231.         }

  232.         isMine = true;

  233.     }

  234.     inline const decaf_448_precomputed_s *get() const NOEXCEPT { return isMine ? ours.mine : ours.yours; }

  235.     

  236. public:

  237.     inline ~Precomputed() NOEXCEPT { clear(); }

  238.     inline Precomputed(const decaf_448_precomputed_s &yours = *decaf_448_precomputed_base) NOEXCEPT {

  239.         ours.yours = &yours;

  240.         isMine = false;

  241.     }

  242.     inline Precomputed &operator=(const Precomputed &it) {

  243.         if (this == &it) return *this;

  244.         if (it.isMine) {

  245.             alloc();

  246.             memcpy(ours.mine,it.ours.mine,sizeof_decaf_448_precomputed_s);

  247.         } else {

  248.             clear();

  249.             ours.yours = it.ours.yours;

  250.         }

  251.         isMine = it.isMine;

  252.         return *this;

  253.     }

  254.     inline Precomputed &operator=(const Point &it) {

  255.         alloc();

  256.         decaf_448_precompute(ours.mine,it.p);

  257.         return *this;

  258.     }

  259.     inline Precomputed(const Precomputed &it) NOEXCEPT : isMine(false) { *this = it; }

  260.     inline explicit Precomputed(const Point &it) NOEXCEPT : isMine(false) { *this = it; }

  261.     

  262. #if __cplusplus >= 201103L

  263.     inline Precomputed &operator=(Precomputed &&it) NOEXCEPT {

  264.         if (this == &it) return *this;

  265.         clear();

  266.         ours = it.ours;

  267.         isMine = it.isMine;

  268.         it.isMine = false;

  269.         it.ours.yours = decaf_448_precomputed_base;

  270.         return *this;

  271.     }

  272.     inline Precomputed(Precomputed &&it) NOEXCEPT : isMine(false) { *this = it; }

  273. #endif

  274.     

  275.     inline Point operator* (const Scalar &s) const NOEXCEPT { Point r; decaf_448_precomputed_scalarmul(r.p,get(),s.s); return r; }

  276.     inline Point operator/ (const Scalar &s) const NOEXCEPT { return (*this) * s.inverse(); }

  277.     

  278.     static inline const Precomputed base() NOEXCEPT { return Precomputed(*decaf_448_precomputed_base); }

  279. };

  280. 

  281. }; /* struct decaf<448> */

  282. 

  283. #undef NOEXCEPT

  284. } /* namespace decaf */

  285. 

  286. #endif /* __DECAF_448_HXX__ */