From 825dd2128ba45ff37e4d48aeb5aca8b5d6f396be Mon Sep 17 00:00:00 2001 From: Michael Hamburg Date: Thu, 22 Jan 2015 13:23:03 -0800 Subject: [PATCH] sync with master --- src/ec_point.c | 40 +++++++++----- src/include/ec_point.h | 6 ++ src/p448/field.h | 123 ----------------------------------------- 3 files changed, 32 insertions(+), 137 deletions(-) delete mode 100644 src/p448/field.h diff --git a/src/ec_point.c b/src/ec_point.c index 00bf2cb..50f43ea 100644 --- a/src/ec_point.c +++ b/src/ec_point.c @@ -318,28 +318,40 @@ convert_tw_niels_to_tw_extensible ( field_copy ( &e->u, &e->y ); } +void +deserialize_montgomery_decaf ( + struct montgomery_aux_t* a, + const struct field_t *s +) { + field_copy ( &a->s0, s ); + field_copy ( &a->xa, s ); + field_set_ui ( &a->za, 1 ); + field_set_ui ( &a->xd, 1 ); + field_set_ui ( &a->zd, 0 ); +} + void montgomery_aux_step ( struct montgomery_aux_t* a ) { - field_add ( &a->xs, &a->xa, &a->za ); - field_subx ( &a->zs, &a->xa, &a->za ); - field_add ( &a->xa, &a->xd, &a->zd ); - field_subx ( &a->za, &a->xd, &a->zd ); - field_mul ( &a->xd, &a->xa, &a->zs ); - field_mul ( &a->zd, &a->xs, &a->za ); - field_add ( &a->xs, &a->xd, &a->zd ); - field_subx ( &a->zd, &a->zd, &a->xd ); - field_mul ( &a->zs, &a->zd, &a->s0 ); - field_sqr ( &a->zd, &a->xa ); // zd = AA - field_sqr ( &a->xa, &a->za ); // xa = BB + field_add ( &a->xs, &a->xa, &a->za ); // xs = C + field_subx ( &a->zs, &a->xa, &a->za ); // zs = D + field_add ( &a->xa, &a->xd, &a->zd ); // xa = A + field_subx ( &a->za, &a->xd, &a->zd ); // za = B + field_mul ( &a->xd, &a->xa, &a->zs ); // xd = DA + field_mul ( &a->zd, &a->xs, &a->za ); // zd = CB + field_add ( &a->xs, &a->xd, &a->zd ); // xs = DA+CB + field_subx ( &a->zd, &a->xd, &a->zd ); // zd = DA-CB + field_mul ( &a->zs, &a->zd, &a->s0 ); // zs = (DA-CB)*s0 + field_sqr ( &a->zd, &a->xa ); // zd = AA + field_sqr ( &a->xa, &a->za ); // xa = BB field_subx ( &a->za, &a->zd, &a->xa ); // za = E field_mul ( &a->xd, &a->xa, &a->zd ); // xd final - field_mulw_scc_wr ( &a->zd, &a->xa, 1-EDWARDS_D ); + field_mulw_scc_wr ( &a->zd, &a->xa, 1-EDWARDS_D ); // zd = (1-d)*E field_add ( &a->xa, &a->za, &a->zd ); // BB + (1-d)*E field_mul ( &a->zd, &a->xa, &a->za ); // zd final - field_sqr ( &a->xa, &a->xs ); - field_sqr ( &a->za, &a->zs ); + field_sqr ( &a->xa, &a->xs ); // (DA+CB)^2 + field_sqr ( &a->za, &a->zs ); // (DA-CB)^2*s0^2 } void diff --git a/src/include/ec_point.h b/src/include/ec_point.h index 8d6d3e1..0391928 100644 --- a/src/include/ec_point.h +++ b/src/include/ec_point.h @@ -294,6 +294,12 @@ serialize_montgomery ( const struct montgomery_t* a, const struct field_t* sbz ); + +void +deserialize_montgomery_decaf ( + struct montgomery_aux_t* a, + const struct field_t *s +); /** * Serialize a point on an Edwards curve. diff --git a/src/p448/field.h b/src/p448/field.h deleted file mode 100644 index bf36e95..0000000 --- a/src/p448/field.h +++ /dev/null @@ -1,123 +0,0 @@ -/** - * @file field.h - * @brief Field switch code. - * @copyright - * Copyright (c) 2014 Cryptography Research, Inc. \n - * Released under the MIT License. See LICENSE.txt for license information. - * @author Mike Hamburg - */ -#ifndef __FIELD_H__ -#define __FIELD_H__ - -#include -#include "constant_time.h" - -#include "p448.h" -#define FIELD_BITS 448 -#define field_t p448_t -#define field_mul p448_mul -#define field_sqr p448_sqr -#define field_add p448_add -#define field_sub p448_sub -#define field_mulw p448_mulw -#define field_addw p448_addw -#define field_subw p448_subw -#define field_neg p448_neg -#define field_set_ui p448_set_ui -#define field_bias p448_bias -#define field_cond_neg p448_cond_neg -#define field_inverse p448_inverse -#define field_eq p448_eq -#define field_isr p448_isr -#define field_simultaneous_invert p448_simultaneous_invert -#define field_weak_reduce p448_weak_reduce -#define field_strong_reduce p448_strong_reduce -#define field_serialize p448_serialize -#define field_deserialize p448_deserialize -#define field_is_zero p448_is_zero - -/** @brief Bytes in a field element */ -#define FIELD_BYTES (1+(FIELD_BITS-1)/8) - -/** @brief Words in a field element */ -#define FIELD_WORDS (1+(FIELD_BITS-1)/sizeof(word_t)) - -/** - * @brief For GMP tests: little-endian representation of the field modulus. - */ -extern const uint8_t FIELD_MODULUS[FIELD_BYTES]; - -/** - * Copy one field element to another. - */ -static inline void -__attribute__((unused,always_inline)) -field_copy ( - struct field_t *__restrict__ a, - const struct field_t *__restrict__ b -) { - memcpy(a,b,sizeof(*a)); -} - -/** - * Negate a in place if doNegate. - */ -static inline void -__attribute__((unused,always_inline)) -field_cond_neg( - field_t *a, - mask_t doNegate -) { - struct field_t negated; - field_neg(&negated, a); - field_bias(&negated, 2); - constant_time_select(a, &negated, a, sizeof(negated), doNegate); -} - -/** - * Returns 1/sqrt(+- x). - * - * The Legendre symbol of the result is the same as that of the - * input. - * - * If x=0, returns 0. - */ -void -field_isr ( - struct field_t* a, - const struct field_t* x -); - -/** - * Batch inverts out[i] = 1/in[i] - * - * If any input is zero, all the outputs will be zero. - */ -void -field_simultaneous_invert ( - struct field_t *__restrict__ out, - const struct field_t *in, - unsigned int n -); - -/** - * Returns 1/x. - * - * If x=0, returns 0. - */ -void -field_inverse ( - struct field_t* a, - const struct field_t* x -); - -/** - * Returns -1 if a==b, 0 otherwise. - */ -mask_t -field_eq ( - const struct field_t *a, - const struct field_t *b -); - -#endif /* __FIELD_H__ */