deon/gnuk
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

fix

Browse Source
This commit is contained in:
NIIBE Yutaka
2014-03-19 23:47:59 +09:00
parent fa10e78344
commit 2bb12e55c2
3 changed files with 153 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

101
src/ecc-edwards.c
View File

@@ -22,6 +22,13 @@
* *
*/ */
#include <stdint.h>
#include <string.h>
#include "bn.h"
#include "mod.h"
#include "mod25638.h"
/* /*
* Identity element: (0,1) * Identity element: (0,1)
* Negation: -(x,y) = (-x,y) * Negation: -(x,y) = (-x,y)
@@ -35,8 +42,8 @@
/* d + 2^255 - 19 */ /* d + 2^255 - 19 */
static const bn256 coefficient_d[1] = { static const bn256 coefficient_d[1] = {
{ 0x135978a3, 0x75eb4dca, 0x4141d8ab, 0x00700a4d, {{ 0x135978a3, 0x75eb4dca, 0x4141d8ab, 0x00700a4d,
0x7779e898, 0x8cc74079, 0x2b6ffe73, 0x52036cee } }; 0x7779e898, 0x8cc74079, 0x2b6ffe73, 0x52036cee }} };
/** /**
@@ -61,11 +68,11 @@ static void
ed_double_25638 (ptc *X, const ptc *A) ed_double_25638 (ptc *X, const ptc *A)
{ {
uint32_t borrow; uint32_t borrow;
bn256 d[1], e[1]; bn256 b[1], d[1], e[1];
/* Compute: B = (X1 + Y1)^2 : X3_tmp */ /* Compute: B = (X1 + Y1)^2 */
mod25638_add (X->x, A->x, A->y); mod25638_add (b, A->x, A->y);
mod25638_sqr (X->x, X->x); mod25638_sqr (b, b);
/* Compute: C = X1^2 : E */ /* Compute: C = X1^2 : E */
mod25638_sqr (e, A->x); mod25638_sqr (e, A->x);
@@ -81,7 +88,7 @@ ed_double_25638 (ptc *X, const ptc *A)
if (borrow) if (borrow)
bn256_add (X->y, X->y, n25638); /* carry ignored */ bn256_add (X->y, X->y, n25638); /* carry ignored */
else else
bn256_add (X->z, X->y, n25638); /* dummy calculation */ bn256_add (X->x, X->y, n25638); /* dummy calculation */
/* Compute: F = E + D = D - C; where a = -1 : E */ /* Compute: F = E + D = D - C; where a = -1 : E */
mod25638_sub (e, d, e); mod25638_sub (e, d, e);
@@ -93,15 +100,15 @@ ed_double_25638 (ptc *X, const ptc *A)
mod25638_add (d, d, d); mod25638_add (d, d, d);
mod25638_sub (d, e, d); mod25638_sub (d, e, d);
/* Compute: X3 = (B-C-D)*J = (X3_tmp+Y3_tmp)*J */ /* Compute: X3 = (B-C-D)*J = (B+Y3_tmp)*J */
mod25638_add (X->x, X->y); mod25638_add (X->x, b, X->y);
mod25638_mul (X->x, X->x, d); mod25638_mul (X->x, X->x, d);
/* Compute: Y3 = F*(E-D) = F*Y3_tmp */ /* Compute: Y3 = F*(E-D) = F*Y3_tmp */
mod25638_mul (X->y, X->y, e); mod25638_mul (X->y, X->y, e);
/* Z3 = F*J */ /* Z3 = F*J */
mod25638_mul (X->z, d, e); mod25638_mul (X->z, e, d);
} }
@@ -185,8 +192,8 @@ ed_add_25638 (ptc *X, const ptc *A, const ac *B, int minus)
static const bn256 p25519[1] = { static const bn256 p25519[1] = {
{0xffffffed, 0xffffffff, 0xffffffff, 0xffffffff, {{ 0xffffffed, 0xffffffff, 0xffffffff, 0xffffffff,
0xffffffff, 0xffffffff, 0xffffffff, 0x7fffffff } }; 0xffffffff, 0xffffffff, 0xffffffff, 0x7fffffff }} };
/** /**
* @brief X = convert A * @brief X = convert A
@@ -273,3 +280,73 @@ point_is_on_the_curve (const ac *P)
int int
compute_kP_25519 (ac *X, const bn256 *K, const ac *P); compute_kP_25519 (ac *X, const bn256 *K, const ac *P);
#endif #endif
#ifdef PRINT_OUT_TABLE
static const ptc G[1] = {{
{{{ 0x8f25d51a, 0xc9562d60, 0x9525a7b2, 0x692cc760,
0xfdd6dc5c, 0xc0a4e231, 0xcd6e53fe, 0x216936d3 }}},
{{{ 0x66666658, 0x66666666, 0x66666666, 0x66666666,
0x66666666, 0x66666666, 0x66666666, 0x66666666 }}},
{{{ 1, 0, 0, 0, 0, 0, 0, 0 }}},
}};
#include <stdio.h>
static void
print_point (const ac *X)
{
int i;
for (i = 0; i < 8; i++)
printf ("%08x\n", X->x->word[i]);
puts ("");
for (i = 0; i < 8; i++)
printf ("%08x\n", X->y->word[i]);
}
static const uint8_t *str = "abcdefghijklmnopqrstuvwxyz0123456789";
const uint8_t *
random_bytes_get (void)
{
return (const uint8_t *)str;
}
/*
* Free pointer to random 32-byte
*/
void
random_bytes_free (const uint8_t *p)
{
(void)p;
}
int
main (int argc, char *argv[])
{
ac x[1];
ptc a[1];
int i;
ed_double_25638 (a, G);
ptc_to_ac_25519 (x, a);
print_point (x);
ed_add_25638 (a, G, G, 1);
ptc_to_ac_25519 (x, a);
print_point (x);
ed_add_25638 (a, G, G, 0);
ptc_to_ac_25519 (x, a);
print_point (x);
for (i = 0; i < 64 - 1; i++)
ed_double_25638 (a, a);
ptc_to_ac_25519 (x, a);
print_point (x);
return 0;
}
#endif

67
src/mod25638.c
View File

@@ -37,8 +37,13 @@
#include "bn.h" #include "bn.h"
#include "mod25638.h" #include "mod25638.h"
#include "muladd_256.h"
#ifndef BN256_C_IMPLEMENTATION
#define ASM_IMPLEMENTATION 1
#endif
#if ASM_IMPLEMENTATION
#include "muladd_256.h"
#define ADDWORD_256(d_,w_,c_) \ #define ADDWORD_256(d_,w_,c_) \
asm ( "ldmia %[d], { r4, r5, r6, r7 } \n\t" \ asm ( "ldmia %[d], { r4, r5, r6, r7 } \n\t" \
"adds r4, r4, %[w] \n\t" \ "adds r4, r4, %[w] \n\t" \
@@ -57,6 +62,7 @@
: [d] "=&r" (d_), [c] "=&r" (c_) \ : [d] "=&r" (d_), [c] "=&r" (c_) \
: "[d]" (d_), [w] "r" (w_) \ : "[d]" (d_), [w] "r" (w_) \
: "r4", "r5", "r6", "r7", "memory", "cc" ) : "r4", "r5", "r6", "r7", "memory", "cc" )
#endif
/* /*
256 224 192 160 128 96 64 32 0 256 224 192 160 128 96 64 32 0
@@ -69,8 +75,9 @@
2^256 - 32 - 4 - 2 2^256 - 32 - 4 - 2
0 ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffda 0 ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffda
*/ */
const bn256 n25638[1] = { {0xffffffda, 0xffffffff, 0xffffffff, 0xffffffff, const bn256 n25638[1] = {
0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff } }; {{0xffffffda, 0xffffffff, 0xffffffff, 0xffffffff,
0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff }} };
/* /*
@@ -127,6 +134,7 @@ mod25638_mul (bn256 *X, const bn256 *A, const bn256 *B)
uint32_t w; uint32_t w;
uint32_t c, c0; uint32_t c, c0;
#if ASM_IMPLEMENTATION
memset (word, 0, sizeof (uint32_t)*BN256_WORDS); memset (word, 0, sizeof (uint32_t)*BN256_WORDS);
s = A->word; d = &word[0]; w = B->word[0]; MULADD_256 (s, d, w, c); s = A->word; d = &word[0]; w = B->word[0]; MULADD_256 (s, d, w, c);
@@ -142,7 +150,58 @@ mod25638_mul (bn256 *X, const bn256 *A, const bn256 *B)
s = word; s = word;
ADDWORD_256 (s, c0, c); ADDWORD_256 (s, c0, c);
word[0] += c * 38; word[0] += c * 38;
memcpy (X->word, word, sizeof X->word); memcpy (X, word, sizeof (bn256));
#else
(void)c; (void)c0;
bn256_mul ((bn512 *)word, A, B);
s = &word[8]; d = &word[0]; w = 38;
{
int i;
uint32_t r0, r1;
r0 = r1 = 0;
for (i = 0; i < BN256_WORDS; i++)
{
uint64_t uv;
uint32_t u, v;
uint32_t carry;
r0 += d[i];
r1 += (r0 < d[i]);
carry = (r1 < (r0 < d[i]));
uv = ((uint64_t)s[i])*w;
v = uv;
u = (uv >> 32);
r0 += v;
r1 += (r0 < v);
carry += (r1 < (r0 < v));
r1 += u;
carry += (r1 < u);
d[i] = r0;
r0 = r1;
r1 = carry;
}
d[i] = r0;
r0 = word[8] * 38;
d = word;
for (i = 0; i < BN256_WORDS; i++)
{
uint32_t carry;
r0 += d[i];
carry = (r0 < d[i]);
d[i] = r0;
r0 = carry;
}
word[0] += r0 * 38;
}
memcpy (X, word, sizeof (bn256));
#endif
} }
/** /**

2
src/mod25638.h
View File

@@ -1,4 +1,4 @@
extern const bn256 *n25638; extern const bn256 n25638[1];
void mod25638_add (bn256 *X, const bn256 *A, const bn256 *B); void mod25638_add (bn256 *X, const bn256 *A, const bn256 *B);
void mod25638_sub (bn256 *X, const bn256 *A, const bn256 *B); void mod25638_sub (bn256 *X, const bn256 *A, const bn256 *B);