haskell/cryptonite
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Simplify decaf build with Cabal

Browse Source 
Keeping only one finite field, header 'f_field.h' can be included
from Cabal standard 'include-dirs'.
This commit is contained in:
Olivier Chéron 2017-04-02 17:13:16 +02:00
parent 961dd63eaf
commit 3c89f0d0b7
8 changed files with 19 additions and 393 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
cbits/decaf/cryptonite_p448_arch_32.c
View File

@ -1,15 +0,0 @@
/*
The Makefile in the original project uses variable include directories
for each field, but Cabal does not support this. The following trick
preloads the field-dependent headers "f_field.h" and "f_impl.h" so that
further includes of "field.h" have nothing to do later.
*/
#include "p448/arch_32/field.h"
#include "p448/arch_32/f_impl.c"
#include "ed448goldilocks/decaf.c"
#include "ed448goldilocks/decaf_tables.c"
#include "ed448goldilocks/eddsa.c"
#include "ed448goldilocks/scalar.c"
#include "p448/f_arithmetic.c"
#include "p448/f_generic.c"

15
cbits/decaf/cryptonite_p448_arch_ref64.c
View File

@ -1,15 +0,0 @@
/*
The Makefile in the original project uses variable include directories
for each field, but Cabal does not support this. The following trick
preloads the field-dependent headers "f_field.h" and "f_impl.h" so that
further includes of "field.h" have nothing to do later.
*/
#include "p448/arch_ref64/field.h"
#include "p448/arch_ref64/f_impl.c"
#include "ed448goldilocks/decaf.c"
#include "ed448goldilocks/decaf_tables.c"
#include "ed448goldilocks/eddsa.c"
#include "ed448goldilocks/scalar.c"
#include "p448/f_arithmetic.c"
#include "p448/f_generic.c"

107
cbits/decaf/p448/arch_32/field.h
View File

@ -1,107 +0,0 @@
/**
* @file field.h
* @brief Generic gf header.
* @copyright
* Copyright (c) 2014 Cryptography Research, Inc. \n
* Released under the MIT License. See LICENSE.txt for license information.
* @author Mike Hamburg
*/
#ifndef __GF_H__
#define __GF_H__
#include "constant_time.h"
#include "f_field.h"
#include <string.h>
/** Square x, n times. */
static CRYPTONITE_DECAF_INLINE void cryptonite_gf_sqrn (
cryptonite_gf_s *__restrict__ y,
const gf x,
int n
) {
gf tmp;
assert(n>0);
if (n&1) {
cryptonite_gf_sqr(y,x);
n--;
} else {
cryptonite_gf_sqr(tmp,x);
cryptonite_gf_sqr(y,tmp);
n-=2;
}
for (; n; n-=2) {
cryptonite_gf_sqr(tmp,y);
cryptonite_gf_sqr(y,tmp);
}
}
#define cryptonite_gf_add_nr cryptonite_gf_add_RAW
/** Subtract mod p. Bias by 2 and don't reduce */
static inline void cryptonite_gf_sub_nr ( gf c, const gf a, const gf b ) {
cryptonite_gf_sub_RAW(c,a,b);
cryptonite_gf_bias(c, 2);
if (GF_HEADROOM < 3) cryptonite_gf_weak_reduce(c);
}
/** Subtract mod p. Bias by amt but don't reduce. */
static inline void cryptonite_gf_subx_nr ( gf c, const gf a, const gf b, int amt ) {
cryptonite_gf_sub_RAW(c,a,b);
cryptonite_gf_bias(c, amt);
if (GF_HEADROOM < amt+1) cryptonite_gf_weak_reduce(c);
}
/** Mul by signed int. Not constant-time WRT the sign of that int. */
static inline void cryptonite_gf_mulw(gf c, const gf a, int32_t w) {
if (w>0) {
cryptonite_gf_mulw_unsigned(c, a, w);
} else {
cryptonite_gf_mulw_unsigned(c, a, -w);
cryptonite_gf_sub(c,ZERO,c);
}
}
/** Constant time, x = is_z ? z : y */
static inline void cryptonite_gf_cond_sel(gf x, const gf y, const gf z, mask_t is_z) {
constant_time_select(x,y,z,sizeof(gf),is_z,0);
}
/** Constant time, if (neg) x=-x; */
static inline void cryptonite_gf_cond_neg(gf x, mask_t neg) {
gf y;
cryptonite_gf_sub(y,ZERO,x);
cryptonite_gf_cond_sel(x,x,y,neg);
}
/** Constant time, if (swap) (x,y) = (y,x); */
static inline void
cryptonite_gf_cond_swap(gf x, cryptonite_gf_s *__restrict__ y, mask_t swap) {
constant_time_cond_swap(x,y,sizeof(cryptonite_gf_s),swap);
}
static CRYPTONITE_DECAF_INLINE void cryptonite_gf_mul_qnr(cryptonite_gf_s *__restrict__ out, const gf x) {
#if P_MOD_8 == 5
/* r = QNR * r0^2 */
cryptonite_gf_mul(out,x,SQRT_MINUS_ONE);
#elif P_MOD_8 == 3 || P_MOD_8 == 7
cryptonite_gf_sub(out,ZERO,x);
#else
#error "Only supporting p=3,5,7 mod 8"
#endif
}
static CRYPTONITE_DECAF_INLINE void cryptonite_gf_div_qnr(cryptonite_gf_s *__restrict__ out, const gf x) {
#if P_MOD_8 == 5
/* r = QNR * r0^2 */
cryptonite_gf_mul(out,x,SQRT_MINUS_ONE);
cryptonite_gf_sub(out,ZERO,out);
#elif P_MOD_8 == 3 || P_MOD_8 == 7
cryptonite_gf_sub(out,ZERO,x);
#else
#error "Only supporting p=3,5,7 mod 8"
#endif
}
#endif // __GF_H__

108
cbits/decaf/p448/arch_ref64/f_field.h
View File

@ -1,108 +0,0 @@
/**
* @file p448/f_field.h
* @author Mike Hamburg
*
* @copyright
* Copyright (c) 2015-2016 Cryptography Research, Inc. \n
* Released under the MIT License. See LICENSE.txt for license information.
*
* @brief Field-specific code for 2^448 - 2^224 - 1.
*
* @warning This file was automatically generated in Python.
* Please do not edit it.
*/
#ifndef __P448_F_FIELD_H__
#define __P448_F_FIELD_H__ 1
#include "constant_time.h"
#include <string.h>
#include <assert.h>
#include "word.h"
#define __CRYPTONITE_DECAF_448_GF_DEFINED__ 1
#define NLIMBS (64/sizeof(word_t))
#define X_SER_BYTES 56
#define SER_BYTES 56
typedef struct cryptonite_gf_448_s {
word_t limb[NLIMBS];
} __attribute__((aligned(32))) cryptonite_gf_448_s, cryptonite_gf_448_t[1];
#define GF_LIT_LIMB_BITS 56
#define GF_BITS 448
#define ZERO cryptonite_gf_448_ZERO
#define ONE cryptonite_gf_448_ONE
#define MODULUS cryptonite_gf_448_MODULUS
#define gf cryptonite_gf_448_t
#define cryptonite_gf_s cryptonite_gf_448_s
#define cryptonite_gf_eq cryptonite_gf_448_eq
#define cryptonite_gf_hibit cryptonite_gf_448_hibit
#define cryptonite_gf_copy cryptonite_gf_448_copy
#define cryptonite_gf_add cryptonite_gf_448_add
#define cryptonite_gf_sub cryptonite_gf_448_sub
#define cryptonite_gf_add_RAW cryptonite_gf_448_add_RAW
#define cryptonite_gf_sub_RAW cryptonite_gf_448_sub_RAW
#define cryptonite_gf_bias cryptonite_gf_448_bias
#define cryptonite_gf_weak_reduce cryptonite_gf_448_weak_reduce
#define cryptonite_gf_strong_reduce cryptonite_gf_448_strong_reduce
#define cryptonite_gf_mul cryptonite_gf_448_mul
#define cryptonite_gf_sqr cryptonite_gf_448_sqr
#define cryptonite_gf_mulw_unsigned cryptonite_gf_448_mulw_unsigned
#define cryptonite_gf_isr cryptonite_gf_448_isr
#define cryptonite_gf_serialize cryptonite_gf_448_serialize
#define cryptonite_gf_deserialize cryptonite_gf_448_deserialize
/* RFC 7748 support */
#define X_PUBLIC_BYTES X_SER_BYTES
#define X_PRIVATE_BYTES X_PUBLIC_BYTES
#define X_PRIVATE_BITS 448
#define SQRT_MINUS_ONE P448_SQRT_MINUS_ONE /* might not be defined */
#define INLINE_UNUSED __inline__ __attribute__((unused,always_inline))
#ifdef __cplusplus
extern "C" {
#endif
/* Defined below in f_impl.h */
static INLINE_UNUSED void cryptonite_gf_copy (gf out, const gf a) { *out = *a; }
static INLINE_UNUSED void cryptonite_gf_add_RAW (gf out, const gf a, const gf b);
static INLINE_UNUSED void cryptonite_gf_sub_RAW (gf out, const gf a, const gf b);
static INLINE_UNUSED void cryptonite_gf_bias (gf inout, int amount);
static INLINE_UNUSED void cryptonite_gf_weak_reduce (gf inout);
void cryptonite_gf_strong_reduce (gf inout);
void cryptonite_gf_add (gf out, const gf a, const gf b);
void cryptonite_gf_sub (gf out, const gf a, const gf b);
void cryptonite_gf_mul (cryptonite_gf_s *__restrict__ out, const gf a, const gf b);
void cryptonite_gf_mulw_unsigned (cryptonite_gf_s *__restrict__ out, const gf a, uint32_t b);
void cryptonite_gf_sqr (cryptonite_gf_s *__restrict__ out, const gf a);
mask_t cryptonite_gf_isr(gf a, const gf x); /** a^2 x = 1, QNR, or 0 if x=0. Return true if successful */
mask_t cryptonite_gf_eq (const gf x, const gf y);
mask_t cryptonite_gf_hibit (const gf x);
void cryptonite_gf_serialize (uint8_t *serial, const gf x,int with_highbit);
mask_t cryptonite_gf_deserialize (gf x, const uint8_t serial[SER_BYTES],int with_highbit);
#ifdef __cplusplus
} /* extern "C" */
#endif
#include "f_impl.h" /* Bring in the inline implementations */
#define P_MOD_8 7
#if P_MOD_8 == 5
extern const gf SQRT_MINUS_ONE;
#endif
#ifndef LIMBPERM
#define LIMBPERM(i) (i)
#endif
#define LIMB_MASK(i) (((1ull)<<LIMB_PLACE_VALUE(i))-1)
static const gf ZERO = {{{0}}}, ONE = {{{ [LIMBPERM(0)] = 1 }}};
#endif /* __P448_F_FIELD_H__ */

107
cbits/decaf/p448/arch_ref64/field.h
View File

@ -1,107 +0,0 @@
/**
* @file field.h
* @brief Generic gf header.
* @copyright
* Copyright (c) 2014 Cryptography Research, Inc. \n
* Released under the MIT License. See LICENSE.txt for license information.
* @author Mike Hamburg
*/
#ifndef __GF_H__
#define __GF_H__
#include "constant_time.h"
#include "f_field.h"
#include <string.h>
/** Square x, n times. */
static CRYPTONITE_DECAF_INLINE void cryptonite_gf_sqrn (
cryptonite_gf_s *__restrict__ y,
const gf x,
int n
) {
gf tmp;
assert(n>0);
if (n&1) {
cryptonite_gf_sqr(y,x);
n--;
} else {
cryptonite_gf_sqr(tmp,x);
cryptonite_gf_sqr(y,tmp);
n-=2;
}
for (; n; n-=2) {
cryptonite_gf_sqr(tmp,y);
cryptonite_gf_sqr(y,tmp);
}
}
#define cryptonite_gf_add_nr cryptonite_gf_add_RAW
/** Subtract mod p. Bias by 2 and don't reduce */
static inline void cryptonite_gf_sub_nr ( gf c, const gf a, const gf b ) {
cryptonite_gf_sub_RAW(c,a,b);
cryptonite_gf_bias(c, 2);
if (GF_HEADROOM < 3) cryptonite_gf_weak_reduce(c);
}
/** Subtract mod p. Bias by amt but don't reduce. */
static inline void cryptonite_gf_subx_nr ( gf c, const gf a, const gf b, int amt ) {
cryptonite_gf_sub_RAW(c,a,b);
cryptonite_gf_bias(c, amt);
if (GF_HEADROOM < amt+1) cryptonite_gf_weak_reduce(c);
}
/** Mul by signed int. Not constant-time WRT the sign of that int. */
static inline void cryptonite_gf_mulw(gf c, const gf a, int32_t w) {
if (w>0) {
cryptonite_gf_mulw_unsigned(c, a, w);
} else {
cryptonite_gf_mulw_unsigned(c, a, -w);
cryptonite_gf_sub(c,ZERO,c);
}
}
/** Constant time, x = is_z ? z : y */
static inline void cryptonite_gf_cond_sel(gf x, const gf y, const gf z, mask_t is_z) {
constant_time_select(x,y,z,sizeof(gf),is_z,0);
}
/** Constant time, if (neg) x=-x; */
static inline void cryptonite_gf_cond_neg(gf x, mask_t neg) {
gf y;
cryptonite_gf_sub(y,ZERO,x);
cryptonite_gf_cond_sel(x,x,y,neg);
}
/** Constant time, if (swap) (x,y) = (y,x); */
static inline void
cryptonite_gf_cond_swap(gf x, cryptonite_gf_s *__restrict__ y, mask_t swap) {
constant_time_cond_swap(x,y,sizeof(cryptonite_gf_s),swap);
}
static CRYPTONITE_DECAF_INLINE void cryptonite_gf_mul_qnr(cryptonite_gf_s *__restrict__ out, const gf x) {
#if P_MOD_8 == 5
/* r = QNR * r0^2 */
cryptonite_gf_mul(out,x,SQRT_MINUS_ONE);
#elif P_MOD_8 == 3 || P_MOD_8 == 7
cryptonite_gf_sub(out,ZERO,x);
#else
#error "Only supporting p=3,5,7 mod 8"
#endif
}
static CRYPTONITE_DECAF_INLINE void cryptonite_gf_div_qnr(cryptonite_gf_s *__restrict__ out, const gf x) {
#if P_MOD_8 == 5
/* r = QNR * r0^2 */
cryptonite_gf_mul(out,x,SQRT_MINUS_ONE);
cryptonite_gf_sub(out,ZERO,out);
#elif P_MOD_8 == 3 || P_MOD_8 == 7
cryptonite_gf_sub(out,ZERO,x);
#else
#error "Only supporting p=3,5,7 mod 8"
#endif
}
#endif // __GF_H__

0
cbits/decaf/p448/arch_32/f_field.h → cbits/decaf/p448/f_field.h
View File

29
cbits/decaf/tools/generate.sh
View File

@ -69,42 +69,15 @@ for CURVE in ed448goldilocks; do
done
for FIELD in p448; do
if [ $FIELD = p25519 ]; then
CURVE=curve25519
elif [ $FIELD = p448 ]; then
CURVE=ed448goldilocks
else
echo "Invalid field: $FIELD" && exit 1
fi
mkdir -p "$DEST_DIR"/$FIELD
convert "$SRC_DIR"/$FIELD/f_arithmetic.c "$DEST_DIR"/$FIELD
convert "$SRC_DIR"/GENERATED/c/$FIELD/f_generic.c "$DEST_DIR"/$FIELD
convert "$SRC_DIR"/GENERATED/c/$FIELD/f_field.h "$DEST_DIR"/$FIELD
for ARCH in $ARCHITECTURES; do
mkdir -p "$DEST_DIR"/$FIELD/$ARCH
convert "$SRC_DIR"/include/field.h "$DEST_DIR"/$FIELD/$ARCH
convert "$SRC_DIR"/GENERATED/c/$FIELD/f_field.h "$DEST_DIR"/$FIELD/$ARCH
convert "$SRC_DIR"/$FIELD/$ARCH/f_impl.h "$DEST_DIR"/$FIELD/$ARCH
convert "$SRC_DIR"/$FIELD/$ARCH/f_impl.c "$DEST_DIR"/$FIELD/$ARCH
cat > "$DEST_DIR"/cryptonite_$FIELD\_$ARCH.c <<EOF
/*
The Makefile in the original project uses variable include directories
for each field, but Cabal does not support this. The following trick
preloads the field-dependent headers "f_field.h" and "f_impl.h" so that
further includes of "field.h" have nothing to do later.
*/
#include "$FIELD/$ARCH/field.h"
#include "$FIELD/$ARCH/f_impl.c"
#include "$CURVE/decaf.c"
#include "$CURVE/decaf_tables.c"
#include "$CURVE/eddsa.c"
#include "$CURVE/scalar.c"
#include "$FIELD/f_arithmetic.c"
#include "$FIELD/f_generic.c"
EOF
done
done

31
cryptonite.cabal
View File

@ -46,10 +46,7 @@ extra-source-files: cbits/*.h
cbits/decaf/include/arch_ref64/*.h
cbits/decaf/p448/arch_32/*.h
cbits/decaf/p448/arch_ref64/*.h
cbits/decaf/ed448goldilocks/*.c
cbits/decaf/p448/*.c
cbits/decaf/p448/arch_32/*.c
cbits/decaf/p448/arch_ref64/*.c
cbits/decaf/p448/*.h
cbits/p256/*.h
cbits/blake2/ref/*.h
cbits/blake2/sse/*.h
@ -264,20 +261,28 @@ Library
, cbits/cryptonite_whirlpool.c
, cbits/cryptonite_scrypt.c
, cbits/cryptonite_pbkdf2.c
include-dirs: cbits cbits/ed25519
, cbits/decaf/utils.c
, cbits/decaf/ed448goldilocks/decaf.c
, cbits/decaf/ed448goldilocks/decaf_tables.c
, cbits/decaf/ed448goldilocks/eddsa.c
, cbits/decaf/ed448goldilocks/scalar.c
, cbits/decaf/p448/f_arithmetic.c
, cbits/decaf/p448/f_generic.c
include-dirs: cbits
, cbits/ed25519
, cbits/decaf/include
, cbits/decaf/p448
if arch(x86_64)
C-sources: cbits/decaf/utils.c
, cbits/decaf/cryptonite_p448_arch_ref64.c
C-sources: cbits/decaf/p448/arch_ref64/f_impl.c
include-dirs: cbits/decaf/include
, cbits/decaf/include/arch_ref64
include-dirs: cbits/decaf/include/arch_ref64
, cbits/decaf/p448/arch_ref64
else
C-sources: cbits/decaf/utils.c
, cbits/decaf/cryptonite_p448_arch_32.c
C-sources: cbits/decaf/p448/arch_32/f_impl.c
include-dirs: cbits/decaf/include
, cbits/decaf/include/arch_32
include-dirs: cbits/decaf/include/arch_32
, cbits/decaf/p448/arch_32
if arch(x86_64)
C-sources: cbits/curve25519/curve25519-donna-c64.c