diff --git a/src/ecc-edwards.c b/src/ecc-edwards.c index 871a9fa..4423b46 100644 --- a/src/ecc-edwards.c +++ b/src/ecc-edwards.c @@ -22,6 +22,13 @@ * */ +#include +#include + +#include "bn.h" +#include "mod.h" +#include "mod25638.h" + /* * Identity element: (0,1) * Negation: -(x,y) = (-x,y) @@ -35,8 +42,8 @@ /* d + 2^255 - 19 */ static const bn256 coefficient_d[1] = { - { 0x135978a3, 0x75eb4dca, 0x4141d8ab, 0x00700a4d, - 0x7779e898, 0x8cc74079, 0x2b6ffe73, 0x52036cee } }; + {{ 0x135978a3, 0x75eb4dca, 0x4141d8ab, 0x00700a4d, + 0x7779e898, 0x8cc74079, 0x2b6ffe73, 0x52036cee }} }; /** @@ -61,11 +68,11 @@ static void ed_double_25638 (ptc *X, const ptc *A) { uint32_t borrow; - bn256 d[1], e[1]; + bn256 b[1], d[1], e[1]; - /* Compute: B = (X1 + Y1)^2 : X3_tmp */ - mod25638_add (X->x, A->x, A->y); - mod25638_sqr (X->x, X->x); + /* Compute: B = (X1 + Y1)^2 */ + mod25638_add (b, A->x, A->y); + mod25638_sqr (b, b); /* Compute: C = X1^2 : E */ mod25638_sqr (e, A->x); @@ -81,7 +88,7 @@ ed_double_25638 (ptc *X, const ptc *A) if (borrow) bn256_add (X->y, X->y, n25638); /* carry ignored */ else - bn256_add (X->z, X->y, n25638); /* dummy calculation */ + bn256_add (X->x, X->y, n25638); /* dummy calculation */ /* Compute: F = E + D = D - C; where a = -1 : E */ mod25638_sub (e, d, e); @@ -93,15 +100,15 @@ ed_double_25638 (ptc *X, const ptc *A) mod25638_add (d, d, d); mod25638_sub (d, e, d); - /* Compute: X3 = (B-C-D)*J = (X3_tmp+Y3_tmp)*J */ - mod25638_add (X->x, X->y); + /* Compute: X3 = (B-C-D)*J = (B+Y3_tmp)*J */ + mod25638_add (X->x, b, X->y); mod25638_mul (X->x, X->x, d); /* Compute: Y3 = F*(E-D) = F*Y3_tmp */ mod25638_mul (X->y, X->y, e); /* Z3 = F*J */ - mod25638_mul (X->z, d, e); + mod25638_mul (X->z, e, d); } @@ -185,8 +192,8 @@ ed_add_25638 (ptc *X, const ptc *A, const ac *B, int minus) static const bn256 p25519[1] = { - {0xffffffed, 0xffffffff, 0xffffffff, 0xffffffff, - 0xffffffff, 0xffffffff, 0xffffffff, 0x7fffffff } }; + {{ 0xffffffed, 0xffffffff, 0xffffffff, 0xffffffff, + 0xffffffff, 0xffffffff, 0xffffffff, 0x7fffffff }} }; /** * @brief X = convert A @@ -273,3 +280,73 @@ point_is_on_the_curve (const ac *P) int compute_kP_25519 (ac *X, const bn256 *K, const ac *P); #endif + +#ifdef PRINT_OUT_TABLE +static const ptc G[1] = {{ + {{{ 0x8f25d51a, 0xc9562d60, 0x9525a7b2, 0x692cc760, + 0xfdd6dc5c, 0xc0a4e231, 0xcd6e53fe, 0x216936d3 }}}, + {{{ 0x66666658, 0x66666666, 0x66666666, 0x66666666, + 0x66666666, 0x66666666, 0x66666666, 0x66666666 }}}, + {{{ 1, 0, 0, 0, 0, 0, 0, 0 }}}, +}}; + +#include + +static void +print_point (const ac *X) +{ + int i; + + for (i = 0; i < 8; i++) + printf ("%08x\n", X->x->word[i]); + puts (""); + for (i = 0; i < 8; i++) + printf ("%08x\n", X->y->word[i]); +} + + +static const uint8_t *str = "abcdefghijklmnopqrstuvwxyz0123456789"; + +const uint8_t * +random_bytes_get (void) +{ + return (const uint8_t *)str; +} + +/* + * Free pointer to random 32-byte + */ +void +random_bytes_free (const uint8_t *p) +{ + (void)p; +} + + +int +main (int argc, char *argv[]) +{ + ac x[1]; + ptc a[1]; + int i; + + ed_double_25638 (a, G); + ptc_to_ac_25519 (x, a); + print_point (x); + + ed_add_25638 (a, G, G, 1); + ptc_to_ac_25519 (x, a); + print_point (x); + + ed_add_25638 (a, G, G, 0); + ptc_to_ac_25519 (x, a); + print_point (x); + + for (i = 0; i < 64 - 1; i++) + ed_double_25638 (a, a); + + ptc_to_ac_25519 (x, a); + print_point (x); + return 0; +} +#endif diff --git a/src/mod25638.c b/src/mod25638.c index 9bdfe4a..3f51843 100644 --- a/src/mod25638.c +++ b/src/mod25638.c @@ -37,8 +37,13 @@ #include "bn.h" #include "mod25638.h" -#include "muladd_256.h" +#ifndef BN256_C_IMPLEMENTATION +#define ASM_IMPLEMENTATION 1 +#endif + +#if ASM_IMPLEMENTATION +#include "muladd_256.h" #define ADDWORD_256(d_,w_,c_) \ asm ( "ldmia %[d], { r4, r5, r6, r7 } \n\t" \ "adds r4, r4, %[w] \n\t" \ @@ -57,6 +62,7 @@ : [d] "=&r" (d_), [c] "=&r" (c_) \ : "[d]" (d_), [w] "r" (w_) \ : "r4", "r5", "r6", "r7", "memory", "cc" ) +#endif /* 256 224 192 160 128 96 64 32 0 @@ -69,8 +75,9 @@ 2^256 - 32 - 4 - 2 0 ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffda */ -const bn256 n25638[1] = { {0xffffffda, 0xffffffff, 0xffffffff, 0xffffffff, - 0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff } }; +const bn256 n25638[1] = { + {{0xffffffda, 0xffffffff, 0xffffffff, 0xffffffff, + 0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff }} }; /* @@ -127,6 +134,7 @@ mod25638_mul (bn256 *X, const bn256 *A, const bn256 *B) uint32_t w; uint32_t c, c0; +#if ASM_IMPLEMENTATION memset (word, 0, sizeof (uint32_t)*BN256_WORDS); s = A->word; d = &word[0]; w = B->word[0]; MULADD_256 (s, d, w, c); @@ -142,7 +150,58 @@ mod25638_mul (bn256 *X, const bn256 *A, const bn256 *B) s = word; ADDWORD_256 (s, c0, c); word[0] += c * 38; - memcpy (X->word, word, sizeof X->word); + memcpy (X, word, sizeof (bn256)); +#else + (void)c; (void)c0; + bn256_mul ((bn512 *)word, A, B); + + s = &word[8]; d = &word[0]; w = 38; + { + int i; + uint32_t r0, r1; + + r0 = r1 = 0; + for (i = 0; i < BN256_WORDS; i++) + { + uint64_t uv; + uint32_t u, v; + uint32_t carry; + + r0 += d[i]; + r1 += (r0 < d[i]); + carry = (r1 < (r0 < d[i])); + + uv = ((uint64_t)s[i])*w; + v = uv; + u = (uv >> 32); + r0 += v; + r1 += (r0 < v); + carry += (r1 < (r0 < v)); + r1 += u; + carry += (r1 < u); + + d[i] = r0; + r0 = r1; + r1 = carry; + } + d[i] = r0; + + r0 = word[8] * 38; + d = word; + for (i = 0; i < BN256_WORDS; i++) + { + uint32_t carry; + + r0 += d[i]; + carry = (r0 < d[i]); + d[i] = r0; + r0 = carry; + } + word[0] += r0 * 38; + } + + memcpy (X, word, sizeof (bn256)); +#endif } /** diff --git a/src/mod25638.h b/src/mod25638.h index dd19481..4dd95c0 100644 --- a/src/mod25638.h +++ b/src/mod25638.h @@ -1,4 +1,4 @@ -extern const bn256 *n25638; +extern const bn256 n25638[1]; void mod25638_add (bn256 *X, const bn256 *A, const bn256 *B); void mod25638_sub (bn256 *X, const bn256 *A, const bn256 *B);