mirror of
https://salsa.debian.org/gnuk-team/gnuk/gnuk.git
synced 2024-09-20 10:50:09 +00:00
fix
This commit is contained in:
parent
fa10e78344
commit
2bb12e55c2
@ -22,6 +22,13 @@
|
||||
*
|
||||
*/
|
||||
|
||||
#include <stdint.h>
|
||||
#include <string.h>
|
||||
|
||||
#include "bn.h"
|
||||
#include "mod.h"
|
||||
#include "mod25638.h"
|
||||
|
||||
/*
|
||||
* Identity element: (0,1)
|
||||
* Negation: -(x,y) = (-x,y)
|
||||
@ -35,8 +42,8 @@
|
||||
|
||||
/* d + 2^255 - 19 */
|
||||
static const bn256 coefficient_d[1] = {
|
||||
{ 0x135978a3, 0x75eb4dca, 0x4141d8ab, 0x00700a4d,
|
||||
0x7779e898, 0x8cc74079, 0x2b6ffe73, 0x52036cee } };
|
||||
{{ 0x135978a3, 0x75eb4dca, 0x4141d8ab, 0x00700a4d,
|
||||
0x7779e898, 0x8cc74079, 0x2b6ffe73, 0x52036cee }} };
|
||||
|
||||
|
||||
/**
|
||||
@ -61,11 +68,11 @@ static void
|
||||
ed_double_25638 (ptc *X, const ptc *A)
|
||||
{
|
||||
uint32_t borrow;
|
||||
bn256 d[1], e[1];
|
||||
bn256 b[1], d[1], e[1];
|
||||
|
||||
/* Compute: B = (X1 + Y1)^2 : X3_tmp */
|
||||
mod25638_add (X->x, A->x, A->y);
|
||||
mod25638_sqr (X->x, X->x);
|
||||
/* Compute: B = (X1 + Y1)^2 */
|
||||
mod25638_add (b, A->x, A->y);
|
||||
mod25638_sqr (b, b);
|
||||
|
||||
/* Compute: C = X1^2 : E */
|
||||
mod25638_sqr (e, A->x);
|
||||
@ -81,7 +88,7 @@ ed_double_25638 (ptc *X, const ptc *A)
|
||||
if (borrow)
|
||||
bn256_add (X->y, X->y, n25638); /* carry ignored */
|
||||
else
|
||||
bn256_add (X->z, X->y, n25638); /* dummy calculation */
|
||||
bn256_add (X->x, X->y, n25638); /* dummy calculation */
|
||||
|
||||
/* Compute: F = E + D = D - C; where a = -1 : E */
|
||||
mod25638_sub (e, d, e);
|
||||
@ -93,15 +100,15 @@ ed_double_25638 (ptc *X, const ptc *A)
|
||||
mod25638_add (d, d, d);
|
||||
mod25638_sub (d, e, d);
|
||||
|
||||
/* Compute: X3 = (B-C-D)*J = (X3_tmp+Y3_tmp)*J */
|
||||
mod25638_add (X->x, X->y);
|
||||
/* Compute: X3 = (B-C-D)*J = (B+Y3_tmp)*J */
|
||||
mod25638_add (X->x, b, X->y);
|
||||
mod25638_mul (X->x, X->x, d);
|
||||
|
||||
/* Compute: Y3 = F*(E-D) = F*Y3_tmp */
|
||||
mod25638_mul (X->y, X->y, e);
|
||||
|
||||
/* Z3 = F*J */
|
||||
mod25638_mul (X->z, d, e);
|
||||
mod25638_mul (X->z, e, d);
|
||||
}
|
||||
|
||||
|
||||
@ -185,8 +192,8 @@ ed_add_25638 (ptc *X, const ptc *A, const ac *B, int minus)
|
||||
|
||||
|
||||
static const bn256 p25519[1] = {
|
||||
{0xffffffed, 0xffffffff, 0xffffffff, 0xffffffff,
|
||||
0xffffffff, 0xffffffff, 0xffffffff, 0x7fffffff } };
|
||||
{{ 0xffffffed, 0xffffffff, 0xffffffff, 0xffffffff,
|
||||
0xffffffff, 0xffffffff, 0xffffffff, 0x7fffffff }} };
|
||||
|
||||
/**
|
||||
* @brief X = convert A
|
||||
@ -273,3 +280,73 @@ point_is_on_the_curve (const ac *P)
|
||||
int
|
||||
compute_kP_25519 (ac *X, const bn256 *K, const ac *P);
|
||||
#endif
|
||||
|
||||
#ifdef PRINT_OUT_TABLE
|
||||
static const ptc G[1] = {{
|
||||
{{{ 0x8f25d51a, 0xc9562d60, 0x9525a7b2, 0x692cc760,
|
||||
0xfdd6dc5c, 0xc0a4e231, 0xcd6e53fe, 0x216936d3 }}},
|
||||
{{{ 0x66666658, 0x66666666, 0x66666666, 0x66666666,
|
||||
0x66666666, 0x66666666, 0x66666666, 0x66666666 }}},
|
||||
{{{ 1, 0, 0, 0, 0, 0, 0, 0 }}},
|
||||
}};
|
||||
|
||||
#include <stdio.h>
|
||||
|
||||
static void
|
||||
print_point (const ac *X)
|
||||
{
|
||||
int i;
|
||||
|
||||
for (i = 0; i < 8; i++)
|
||||
printf ("%08x\n", X->x->word[i]);
|
||||
puts ("");
|
||||
for (i = 0; i < 8; i++)
|
||||
printf ("%08x\n", X->y->word[i]);
|
||||
}
|
||||
|
||||
|
||||
static const uint8_t *str = "abcdefghijklmnopqrstuvwxyz0123456789";
|
||||
|
||||
const uint8_t *
|
||||
random_bytes_get (void)
|
||||
{
|
||||
return (const uint8_t *)str;
|
||||
}
|
||||
|
||||
/*
|
||||
* Free pointer to random 32-byte
|
||||
*/
|
||||
void
|
||||
random_bytes_free (const uint8_t *p)
|
||||
{
|
||||
(void)p;
|
||||
}
|
||||
|
||||
|
||||
int
|
||||
main (int argc, char *argv[])
|
||||
{
|
||||
ac x[1];
|
||||
ptc a[1];
|
||||
int i;
|
||||
|
||||
ed_double_25638 (a, G);
|
||||
ptc_to_ac_25519 (x, a);
|
||||
print_point (x);
|
||||
|
||||
ed_add_25638 (a, G, G, 1);
|
||||
ptc_to_ac_25519 (x, a);
|
||||
print_point (x);
|
||||
|
||||
ed_add_25638 (a, G, G, 0);
|
||||
ptc_to_ac_25519 (x, a);
|
||||
print_point (x);
|
||||
|
||||
for (i = 0; i < 64 - 1; i++)
|
||||
ed_double_25638 (a, a);
|
||||
|
||||
ptc_to_ac_25519 (x, a);
|
||||
print_point (x);
|
||||
return 0;
|
||||
}
|
||||
#endif
|
||||
|
@ -37,8 +37,13 @@
|
||||
|
||||
#include "bn.h"
|
||||
#include "mod25638.h"
|
||||
#include "muladd_256.h"
|
||||
|
||||
#ifndef BN256_C_IMPLEMENTATION
|
||||
#define ASM_IMPLEMENTATION 1
|
||||
#endif
|
||||
|
||||
#if ASM_IMPLEMENTATION
|
||||
#include "muladd_256.h"
|
||||
#define ADDWORD_256(d_,w_,c_) \
|
||||
asm ( "ldmia %[d], { r4, r5, r6, r7 } \n\t" \
|
||||
"adds r4, r4, %[w] \n\t" \
|
||||
@ -57,6 +62,7 @@
|
||||
: [d] "=&r" (d_), [c] "=&r" (c_) \
|
||||
: "[d]" (d_), [w] "r" (w_) \
|
||||
: "r4", "r5", "r6", "r7", "memory", "cc" )
|
||||
#endif
|
||||
|
||||
/*
|
||||
256 224 192 160 128 96 64 32 0
|
||||
@ -69,8 +75,9 @@
|
||||
2^256 - 32 - 4 - 2
|
||||
0 ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffda
|
||||
*/
|
||||
const bn256 n25638[1] = { {0xffffffda, 0xffffffff, 0xffffffff, 0xffffffff,
|
||||
0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff } };
|
||||
const bn256 n25638[1] = {
|
||||
{{0xffffffda, 0xffffffff, 0xffffffff, 0xffffffff,
|
||||
0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff }} };
|
||||
|
||||
|
||||
/*
|
||||
@ -127,6 +134,7 @@ mod25638_mul (bn256 *X, const bn256 *A, const bn256 *B)
|
||||
uint32_t w;
|
||||
uint32_t c, c0;
|
||||
|
||||
#if ASM_IMPLEMENTATION
|
||||
memset (word, 0, sizeof (uint32_t)*BN256_WORDS);
|
||||
|
||||
s = A->word; d = &word[0]; w = B->word[0]; MULADD_256 (s, d, w, c);
|
||||
@ -142,7 +150,58 @@ mod25638_mul (bn256 *X, const bn256 *A, const bn256 *B)
|
||||
s = word;
|
||||
ADDWORD_256 (s, c0, c);
|
||||
word[0] += c * 38;
|
||||
memcpy (X->word, word, sizeof X->word);
|
||||
memcpy (X, word, sizeof (bn256));
|
||||
#else
|
||||
(void)c; (void)c0;
|
||||
bn256_mul ((bn512 *)word, A, B);
|
||||
|
||||
s = &word[8]; d = &word[0]; w = 38;
|
||||
{
|
||||
int i;
|
||||
uint32_t r0, r1;
|
||||
|
||||
r0 = r1 = 0;
|
||||
for (i = 0; i < BN256_WORDS; i++)
|
||||
{
|
||||
uint64_t uv;
|
||||
uint32_t u, v;
|
||||
uint32_t carry;
|
||||
|
||||
r0 += d[i];
|
||||
r1 += (r0 < d[i]);
|
||||
carry = (r1 < (r0 < d[i]));
|
||||
|
||||
uv = ((uint64_t)s[i])*w;
|
||||
v = uv;
|
||||
u = (uv >> 32);
|
||||
r0 += v;
|
||||
r1 += (r0 < v);
|
||||
carry += (r1 < (r0 < v));
|
||||
r1 += u;
|
||||
carry += (r1 < u);
|
||||
|
||||
d[i] = r0;
|
||||
r0 = r1;
|
||||
r1 = carry;
|
||||
}
|
||||
d[i] = r0;
|
||||
|
||||
r0 = word[8] * 38;
|
||||
d = word;
|
||||
for (i = 0; i < BN256_WORDS; i++)
|
||||
{
|
||||
uint32_t carry;
|
||||
|
||||
r0 += d[i];
|
||||
carry = (r0 < d[i]);
|
||||
d[i] = r0;
|
||||
r0 = carry;
|
||||
}
|
||||
word[0] += r0 * 38;
|
||||
}
|
||||
|
||||
memcpy (X, word, sizeof (bn256));
|
||||
#endif
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -1,4 +1,4 @@
|
||||
extern const bn256 *n25638;
|
||||
extern const bn256 n25638[1];
|
||||
|
||||
void mod25638_add (bn256 *X, const bn256 *A, const bn256 *B);
|
||||
void mod25638_sub (bn256 *X, const bn256 *A, const bn256 *B);
|
||||
|
Loading…
Reference in New Issue
Block a user